Index of DEF CON 26 Activities


Venue Maps
Locations Legends and Info
Schedule   - Thursday  - Friday  - Saturday  - Sunday
Speaker List
Talk Title List
Talk Descriptions
DEF CON News
DEF CON 26 FAQ
DEF CON FAQ
Links to DEF CON 26 related pages

Venue Maps



Full Size PDF from defcon.org

Full Size PDF from defcon.org

Full Size PDF from defcon.org

Linq Workshops


Far end of hall from Casino escalators

View Full Caesars Page to see where this is.


Near end of hall from Casino escalators

View Full Caesars Page to see where this is.


Far end of hall from Casino escalators

View Full Caesars Page to see where this is.


Near end of hall from Casino escalators

View Full Caesars Page to see where this is.


View Full Caesars Page to see where this is.


View Full Caesars Page to see where this is.


View Full Caesars Page to see where this is.


Flamingo Village Wing

View Full Flamingo Page to see where this is.


Flamingo 101 Wing

View Full Flamingo Page to see where this is.


Locations Legends and Info


AIV = Artifical Intellegence Village
     Caesars Promenade Level - Florentine BR 3 - behind Registration

BCOS = Blockchain & Cryptocurrency Open Security Village
     Caesars Promenade Level - Pompeian BR 1 - by Info Booth and Elators

BHV = Bio Hacking Village
     Caesars Promenade Level - Pisa/Palermo/Siena Rms - middle of long hallway

BTV = Blue Team Village
     Flamingo 3rd Flr- Savoy Rm

CAAD = CAAD Village
     Flamingo Lower Level - Lake Mead Rms

Chip Off Village
     Caesars Pool Level - Tribune Rm - next to Info Booth near escalators

CHV = Car Hacking Village
     Flamingo Lower Level - Red Rock Rm 1-5 - Right Side of hallway

Contest Area
     Caesars Emperor's Level - BR - far end of long hallway

CPV = Crypto Privacy Village
     Caesars Promenade Level - Milano BR 1,2 - far end of long hallway

DC = DEF CON Talks
     Track 101 - Flamingo 3rd Flr - Sunset BR
     Track    1 - Caesars Emperor's Level - Palace BR - top of escalator
     Track    2 - Caesars Promenade South - Octavius BR 12-24 - far end from escalator
     Track    3 - Caesars Pool Level - Forum BR 1-11,25 - near excalator

Deaf Con Village
     Caesars Pool Level - Patrician Rm - next to Info Booth near escalators

DDV = Data Duplication Village
     Caesars Promenade Level - Capri Rm

DL = DEF CON DemoLabs
     Caesars Promenade Emperor's Level - Tables outside Track 1

Drone Warz Village
     Caesars Pool Level - Abruzzi Rm - far end from escalators around corner

EHV = Ethics Village
     Caesars Promenade Level - Modena Rm - Middle of long hallway

HHV = Hardware Hacking Village
     Caesars Pool Level - Forum 17-19 - far end from escalators around corner

ICS = ICS Village (Industrial Control Systems)
     Flamingo Lower Level - Red Rock Rm 6-8 - Left side of hallway

Laser Cutting Village
     Caesars Pool Level - Calibria Rm - far end from escalators around corner

Lockpicking Village
     Caesars Pool Level - Forum 24 - far end from escalators

Mobile Museum
     Caesars Promenade Level - Florentine BR 4 - behind Registration

RCV = Recon Village
     Caesars Promenade Level - Florentine BR 1,2 - behind Registration

Rootz Asylum
     Caesars Promenade Level - Milano BR 3,4 - far end of long hallway

SEV = Social Engineering Village
     Caesars Promenade South - Octavius BR 3-8 - near excalator

SKY = 303 SkyTalks
     Flamingo 3rd Flr - Virginia City Rm

Soldering Skills Village
     Caesars Pool Level - Forum 20,21 - far end from escalators around corner

Tamper Evident Village
     Caesars Pool Level - Forum 24 - far end from escalators

PHV, PHW = Packet Hacking Village / Wall of Sheep; Talks and Workshops
     Caesars Promenade Level - Neopolitan BR - far end of long hallway

PPV = Puff Puff Village
     Flamingo Lower Level - Valley Of Fire Rms

Vendors Area
     Caesars Promenade South - Octavius BR 25

WLV = Wireless Village
     Caesars Promenade Level - Milano BR 5,6 - far end of long hallway

WS = DEF CON Workshops - All Workshops are at the Linq Hotel
     Linq 4th Flr - Icon A-G Rms

VMHV = Voting Machine Hacking Village
     Caesars Pool Level - Forum 14-16 - far end from escalators

Talk/Event Schedule


Thursday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Thursday - 10:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - ThinSIM-based Attacks on Mobile Money Systems - Rowan Phipps
WS - Linq 4th Flr - Icon A - Guided Tour to IEEE 802.15.4 and BLE Exploitation - Arun Mane, Rushikesh D. Nandedkar
WS - Linq 4th Flr - Icon B - Pentesting ICS 101 - Alexandrine Torrents, Arnaud SOULLIÉ
WS - Linq 4th Flr - Icon C - Where's My Browser? Learn Hacking iOS and Android WebViews - David Turco, Jon Overgaard Christiansen
WS - Linq 4th Flr - Icon D - Finding Needles in Haystacks - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - Building Autonomous AppSec Test Pipelines with the Robot Framework - Abhay Bhargav, Sharath Kumar Ramadas
WS - Linq 4th Flr - Icon F - Packet Mining for Privacy Leakage - Dave Porcello, Sean Gallagher

 

Thursday - 11:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program - Guang Gong, Wenlin Yang, Jianjun Dai
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Guided Tour to IEEE 802.15.4 and BLE Exploitation - Arun Mane, Rushikesh D. Nandedkar
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Pentesting ICS 101 - Alexandrine Torrents, Arnaud SOULLIÉ
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Where's My Browser? Learn Hacking iOS and Android WebViews - David Turco, Jon Overgaard Christiansen
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Finding Needles in Haystacks - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Building Autonomous AppSec Test Pipelines with the Robot Framework - Abhay Bhargav, Sharath Kumar Ramadas
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Packet Mining for Privacy Leakage - Dave Porcello, Sean Gallagher

 

Thursday - 12:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Ring 0/-2 Rootkits: bypassing defenses - Alexandre Borges
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Guided Tour to IEEE 802.15.4 and BLE Exploitation - Arun Mane, Rushikesh D. Nandedkar
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Pentesting ICS 101 - Alexandrine Torrents, Arnaud SOULLIÉ
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Where's My Browser? Learn Hacking iOS and Android WebViews - David Turco, Jon Overgaard Christiansen
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Finding Needles in Haystacks - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Building Autonomous AppSec Test Pipelines with the Robot Framework - Abhay Bhargav, Sharath Kumar Ramadas
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Packet Mining for Privacy Leakage - Dave Porcello, Sean Gallagher

 

Thursday - 13:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - A Journey Into Hexagon: Dissecting a Qualcomm Baseband - Seamus Burke
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Guided Tour to IEEE 802.15.4 and BLE Exploitation - Arun Mane, Rushikesh D. Nandedkar
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Pentesting ICS 101 - Alexandrine Torrents, Arnaud SOULLIÉ
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Where's My Browser? Learn Hacking iOS and Android WebViews - David Turco, Jon Overgaard Christiansen
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Finding Needles in Haystacks - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Building Autonomous AppSec Test Pipelines with the Robot Framework - Abhay Bhargav, Sharath Kumar Ramadas
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Packet Mining for Privacy Leakage - Dave Porcello, Sean Gallagher

 

Thursday - 14:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - WAGGING THE TAIL—COVERT PASSIVE SURVEILLANCE AND HOW TO MAKE THEIR LIFE DIFFICULT - Si, Agent X
WS - Linq 4th Flr - Icon A - (14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - (14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - (14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - (14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - (14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - (14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 15:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Building the Hacker Tracker - Whitney Champion, Seth Law
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - (15:30-17:15) - DEF CON 101 Panel - HighWiz, Nikita, Roamer, Chris "Suggy" Sumner, Jericho, Wiseacre, Shaggy
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 16:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - cont...(15:30-17:15) - DEF CON 101 Panel - HighWiz, Nikita, Roamer, Chris "Suggy" Sumner, Jericho, Wiseacre, Shaggy
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - Toxic BBQ -
Meetup - Caesars - Livorno Rm - BruCamp -
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 17:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - cont...(15:30-17:15) - DEF CON 101 Panel - HighWiz, Nikita, Roamer, Chris "Suggy" Sumner, Jericho, Wiseacre, Shaggy
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -
Meetup - Caesars - Promenade Level - Anzio Rm past Registration - Hacking for Special Needs -
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 18:00


Return to Index  -  Locations Legend
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 19:00


Return to Index  -  Locations Legend
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -

 

Thursday - 20:00


Return to Index  -  Locations Legend
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -

 

Thursday - 21:00


Return to Index  -  Locations Legend
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -

Friday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Friday - 09:00


Return to Index  -  Locations Legend
SKY - Flamingo 3rd Flr - Virginia City Rm - Story Time - Biggest ITSec fuck-ups I've seen over the past 25 years. - Uncle G.

 

Friday - 10:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Opening Remarks - AI Village Organizers
AIV - Caesars Promenade Level - Florentine BR 3 - (10:20-10:40) - Adversarial Patches - Sven Cattell
AIV - Caesars Promenade Level - Florentine BR 3 - (10:40-11:20) - Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification - Mark Mager
BCOS - Caesars Promenade Level - Pompeian BR 1 - Welcome to the BCOS Monero Village - To be announced
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - WELCOME TO BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (10:15-11:30) - Keynote Presentation: Triaging FTW, Lessons Learned from Medical Device Disclosures - Jen Ellis
BTV - Flamingo 3rd Flr- Savoy Rm - Automating DFIR: The Counter Future - @rainbow_tables
BTV - Flamingo 3rd Flr- Savoy Rm - (10:40-11:30) - Cloud Security Myths - Xavier Ashe
Contest - Contest Stage - GeekPwn -
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework - Joe Rozner
DC - Track 1 - Caesars Emperor's Level - Palace BR - Welcome To DEF CON & Badge Maker Talk - The Dark Tangent
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - De-anonymizing Programmers from Source Code and Binaries - Rachel Greenstadt, Dr. Aylin Caliskan
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Securing our Nation's Election Infrastructure - Jeanette Manfra
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (10:30-10:50) - Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems - m010ch_
HHV - Caesars Pool Level - Forum 17-21 - Applied Physical Attacks on Embedded Systems, Introductory Version - Joe FitzPatriclk, @arinerron, and @pixieofchaos
PHV - Caesars Promenade Level - Neopolitan BR - Mallet: A Proxy for Arbitrary Traffic - Rogan Dawes
Service - Caesars - Promenade Level - Anzio Rm past Registration - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Stalker In A Haystack - MasterChen
WS - Linq 4th Flr - Icon A - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 11:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(10:40-11:20) - Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification - Mark Mager
AIV - Caesars Promenade Level - Florentine BR 3 - (11:20-11:59) - JMPgate: Accelerating reverse engineering into hyperspace using AI - Rob Brandon
BCOS - Caesars Promenade Level - Pompeian BR 1 - Keynote Speech: Inside Monero - Howard (hyc) Chu
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(10:15-11:30) - Keynote Presentation: Triaging FTW, Lessons Learned from Medical Device Disclosures - Jen Ellis
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (11:45-11:45) - Panel Discussion: Healthcare - Christian "quaddi" Dameff MD
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(10:40-11:30) - Cloud Security Myths - Xavier Ashe
BTV - Flamingo 3rd Flr- Savoy Rm - (11:50-12:10) - Effective Log & Events Management - Russell Mosley
Contest - Contest Stage - cont...(10:00-12:59) - GeekPwn -
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - An Attacker Looks at Docker: Approaching Multi-Container Applications - Wesley McGrew
DC - Track 1 - Caesars Emperor's Level - Palace BR - NSA Talks Cybersecurity - Rob Joyce
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - One-liners to Rule Them All - egypt, William Vu
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Lora Smart Water Meter Security Analysis - Yingtao Zeng, Lin Huang, Jun Li
HHV - Caesars Pool Level - Forum 17-21 - cont...(10:00-12:59) - Applied Physical Attacks on Embedded Systems, Introductory Version - Joe FitzPatriclk, @arinerron, and @pixieofchaos
PHV - Caesars Promenade Level - Neopolitan BR - Rethinking Role-Based Security Education - Kat Sweet
PHW - Caesars Promenade Level - Neopolitan BR - Reverse Engineering Malware 101 - Malware Unicorn
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe? - Soldier of FORTRAN
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 12:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Contests, Challenges, and free giveaways - MSvB and midipoet
BCOS - Caesars Promenade Level - Pompeian BR 1 - (12:30-12:59) - Open Source Hardware and the Monero Project - Parasew
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(11:50-12:10) - Effective Log & Events Management - Russell Mosley
BTV - Flamingo 3rd Flr- Savoy Rm - (12:30-13:20) - Evolving security operations to the year 2020 - @IrishMASMS
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - CAN Signal Extraction from OpenXC with Radare2 - Ben Gardiner
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - (12:30-13:15) - So, You Want To Hack A Car? - Jerry Gamblin
Contest - Contest Stage - cont...(10:00-12:59) - GeekPwn -
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit - Morgan ``indrora'' Gangwere
DC - Track 1 - Caesars Emperor's Level - Palace BR - Vulnerable Out of the Box: An Evaluation of Android Carrier Devices - Ryan Johnson, Angelos Stavrou
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Breaking Paser Logic: Take Your Path Normalization Off and Pop 0days Out! - Orange Tsai
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Who Controls the Controllers—Hacking Crestron IoT Automation Systems - Ricky "HeadlessZeke" Lawshae
EHV - Caesars Promenade Level - Modena Rm - Asking for a Friend - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(10:00-12:59) - Applied Physical Attacks on Embedded Systems, Introductory Version - Joe FitzPatriclk, @arinerron, and @pixieofchaos
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - PacketWhisper: Stealthily Exfiltrating Data and Defeating Attribution Using DNS and Text-Based Steganography - TryCatchHCF
PHW - Caesars Promenade Level - Neopolitan BR - cont...(11:00-12:30) - Reverse Engineering Malware 101 - Malware Unicorn
RCV - Caesars Promenade Level - Florentine BR 1,2 - Opening Note - Shubham Mittal / Sudhanshu Chahuhan
RCV - Caesars Promenade Level - Florentine BR 1,2 - Keynote - Andrew Macpherson
RCV - Caesars Promenade Level - Florentine BR 1,2 - (12:55-13:35) - Emergent Recon - fresh methodology and tools for hackers in 2018 - Jason Haddix
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - When Incident Response Meets Reality - Magg
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 13:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - IntelliAV: Building an Effective On-Device Android Malware Detector - Mansour Ahmadi
AIV - Caesars Promenade Level - Florentine BR 3 - (13:20-13:59) - Identifying and correlating anomalies in Internet-wide scan traffic to newsworthy security events - Andrew Morris
BCOS - Caesars Promenade Level - Pompeian BR 1 - A Rundown of Security Issues in Crypto Software Wallets - Marko Bencun
BCOS - Caesars Promenade Level - Pompeian BR 1 - (13:30-13:59) - We Don't Need No Stinkin Badges - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (13:30-14:15) - Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism - Mr. Br!ml3y
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(12:30-13:20) - Evolving security operations to the year 2020 - @IrishMASMS
BTV - Flamingo 3rd Flr- Savoy Rm - (13:40-14:30) - Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet - @jtpereyda
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - cont...(12:30-13:15) - So, You Want To Hack A Car? - Jerry Gamblin
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - (13:20-13:45) - Go Hack Cars - Eric Evenchick
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear - zenofex
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - (13:30-13:50) - You can run, but you can't hide. Reverse engineering using X-Ray. - George Tarnovsky
DC - Track 1 - Caesars Emperor's Level - Palace BR - Compromising online accounts by cracking voicemail systems - Martin Vigo
DC - Track 1 - Caesars Emperor's Level - Palace BR - (13:30-13:50) - Dragnet—Your Social Engineering Sidekick - Truman Kain
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Finding Xori: Malware Analysis Triage with Automated Disassembly - Amanda Rousseau, Rich Seymour
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (13:30-13:50) - Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller - Feng Xiao, Jianwei Huang, Peng Liu
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - One-Click to OWA - William Martin
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (13:30-13:50) - Fasten your seatbelts: We are escaping iOS 11 sandbox! - Min (Spark) Zheng, Xiaolong Bai
EHV - Caesars Promenade Level - Modena Rm - Ethics for Security Practitioners - Speaker TBA
PHV - Caesars Promenade Level - Neopolitan BR - Target-Based Security Model - Garett Montgomery
PHW - Caesars Promenade Level - Neopolitan BR - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(12:55-13:35) - Emergent Recon - fresh methodology and tools for hackers in 2018 - Jason Haddix
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun? - William Knowles and James Coote
SKY - Flamingo 3rd Flr - Virginia City Rm - (13:30-13:59) - IoD - Renderman
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 14:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - It’s a Beautiful Day in the Malware Neighborhood - Matt
AIV - Caesars Promenade Level - Florentine BR 3 - (14:30-15:20) - Malware Panel - @drhyrum, @gradient_janitor, @malwareunicorn, @rharang, @bwall (Moderator)
BCOS - Caesars Promenade Level - Pompeian BR 1 - Hack On The BitBox Hardware Wallet - Stephanie Stroka and Marko Bencun
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(13:30-14:15) - Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism - Mr. Br!ml3y
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (14:15-16:15) - Panel Discussion: The Internet of Bodies - Prof Andrea M. Matwyshyn, Professor of Law, NUSL
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(13:40-14:30) - Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet - @jtpereyda
BTV - Flamingo 3rd Flr- Savoy Rm - (14:50-15:40) - How not to suck at Vulnerability Management [at Scale] - @Plug and mwguy
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - UEFI exploitation for the masses - Mickey Shkatov , Jesse Michael
DC - Track 1 - Caesars Emperor's Level - Palace BR - GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs - Christopher Domas
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - 4G—Who is paying your cellular phone bill? - Dr. Silke Holtmanns, Isha Singh
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Revolting Radios - Michael Ossmann, Dominic Spill
EHV - Caesars Promenade Level - Modena Rm - Accountability without accountability: A censorship measurement case study - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
PHV - Caesars Promenade Level - Neopolitan BR - Protecting Crypto Exchanges From a New Wave of Man-in-the-Browser Attacks - Pedro Fortuna
PHW - Caesars Promenade Level - Neopolitan BR - cont...(13:00-14:59) - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
RCV - Caesars Promenade Level - Florentine BR 1,2 - (14:40-15:10) - Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - William Suthers
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - From MormonLeaks to FaithLeaks - Ethan Gregory Dodge
WS - Linq 4th Flr - Icon A - (14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - (14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - (14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - (14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - (14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - (14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 15:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(14:30-15:20) - Malware Panel - @drhyrum, @gradient_janitor, @malwareunicorn, @rharang, @bwall (Moderator)
AIV - Caesars Promenade Level - Florentine BR 3 - (15:20-15:59) - Detecting Web Attacks with Recurrent Neural Networks - Fedor Sakharov
BCOS - Caesars Promenade Level - Pompeian BR 1 - cont...(14:00-15:59) - Hack On The BitBox Hardware Wallet - Stephanie Stroka and Marko Bencun
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - Panel Discussion: The Internet of Bodies - Prof Andrea M. Matwyshyn, Professor of Law, NUSL
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(14:50-15:40) - How not to suck at Vulnerability Management [at Scale] - @Plug and mwguy
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - (15:50-16:35) - Meet Salinas, the first ever SMS-commanded Car Infotainment RAT - Dan Regalado
DDV - Caesars Promenade Level - Capri Rm - Facts, figures, and fun from managing 100,000 hard drives. - Andy Klein
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Weaponizing Unicode: Homographs Beyond IDNs - The Tarquin
DC - Track 1 - Caesars Emperor's Level - Palace BR - Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010 - Gabriel Ryan
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Playback: a TLS 1.3 story - Alfonso García Alguacil, Alejo Murillo Moya
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Privacy infrastructure, challenges and opportunities - yawnbox
EHV - Caesars Promenade Level - Modena Rm - Responsible Disclosure Panel - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(14:00-17:59) - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
PHV - Caesars Promenade Level - Neopolitan BR - Freedom of Information: Hacking the Human Black Box - Elliott Brink
PHW - Caesars Promenade Level - Neopolitan BR - (15:30-16:59) - Finding and Attacking Undocumented APIs with Python - Ryan Mitchell
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(14:40-15:10) - Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - William Suthers
RCV - Caesars Promenade Level - Florentine BR 1,2 - (15:15-15:45) - Adventures in the dark web of government data - Marc DaCosta
RCV - Caesars Promenade Level - Florentine BR 1,2 - (15:50-16:10) - How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - Ethan Gregory Dodge
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - (15:30-15:59) - My Stripper Name is Bubbles - Hannah Silvers
SKY - Flamingo 3rd Flr - Virginia City Rm - OSINT IS FOR SOCCER MOMS - Laura H
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 16:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Machine Learning for Network Security Hands-on Workshop: DIYML - Sebastian Garcia
AIV - Caesars Promenade Level - Florentine BR 3 - Using AI to Create Music - dj beep code
AIV - Caesars Promenade Level - Florentine BR 3 - Machine Learning as a Service in Your Pocket - Evan Yang
AIV - Caesars Promenade Level - Florentine BR 3 - Deep Exploit - Isao Takaesu
BCOS - Caesars Promenade Level - Pompeian BR 1 - Scaling and Economic Implications of the Adaptive Blocksize in Monero - Francisco "ArticMine" Cabañas
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - Panel Discussion: The Internet of Bodies - Prof Andrea M. Matwyshyn, Professor of Law, NUSL
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (16:15-16:59) - Hey Bro, I Got Your Fitness Right Here (and your PHI). - Nick - GraphX
BTV - Flamingo 3rd Flr- Savoy Rm - SAEDAY: Subversion and Espionage Directed Against You - Judy Towers
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - cont...(15:50-16:35) - Meet Salinas, the first ever SMS-commanded Car Infotainment RAT - Dan Regalado
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - (16:40-17:05) - Automotive Evidence Collection – Automotive Driving Aids and Liability - VLAD
Contest - Contest Stage - EFF Tech Trivia -
DDV - Caesars Promenade Level - Capri Rm - The Beginner’s Guide to the Musical Scales of Cyberwar - Jessica “Zhanna” Malekos Smith
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Automated Discovery of Deserialization Gadget Chains - Ian Haken
DC - Track 1 - Caesars Emperor's Level - Palace BR - Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability - Yuwei Zheng, Shaokun Cao, Yunding Jian, Mingchuang Qun
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Practical & Improved Wifi MitM with Mana - singe
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Your Voice is My Passport - _delta_zero, Azeem Aqil
EHV - Caesars Promenade Level - Modena Rm - Ethical Disclosure and the Reduction of Harm - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(14:00-17:59) - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
PHV - Caesars Promenade Level - Neopolitan BR - Car Infotainment Hacking Methodology and Attack Surface Scenarios - Jay Turla
PHW - Caesars Promenade Level - Neopolitan BR - cont...(15:30-16:59) - Finding and Attacking Undocumented APIs with Python - Ryan Mitchell
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(15:50-16:10) - How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - Ethan Gregory Dodge
RCV - Caesars Promenade Level - Florentine BR 1,2 - (16:15-16:45) - Hacking the international RFQ Process #killthebuzzwords - Dino Covotsos
RCV - Caesars Promenade Level - Florentine BR 1,2 - (16:50-17:20) - Introducing YOGA: Your OSINT Graphical Analyzer - Micah Hoffman
SEV - Caesars Promenade South - Octavius BR 3-8 - From Introvert to SE: The Journey - Ryan MacDougall
SEV - Caesars Promenade South - Octavius BR 3-8 - (16:55-17:45) - Mr. Sinatra Will Hack You Now - Neil Fallon
SKY - Flamingo 3rd Flr - Virginia City Rm - Robots and AI: What scares the experts? - Brittany "Straithe" Postnikoff, Sara-Jayne Terp
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 17:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Hacking a Crypto Payment Gateway - Devin "Bearded Warrior" Pearson and Felix "Crypto_Cat" Honigwachs
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Nature’s source code is vulnerable and cannot be patched - Jeffrey Ladish
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (17:45-18:30) - Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity - Debra Laefer
BTV - Flamingo 3rd Flr- Savoy Rm - Stop, Drop, and Assess your SOC - Andy Applebaum
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - cont...(16:40-17:05) - Automotive Evidence Collection – Automotive Driving Aids and Liability - VLAD
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - Automotive Flash Bootloaders: Exposing automotive ECU updates - Philip Lapczynski
Contest - Contest Stage - cont...(16:00-17:59) - EFF Tech Trivia -
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Your Bank's Digital Side Door - Steven Danneman
DC - Track 1 - Caesars Emperor's Level - Palace BR - I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine - Alex Levinson, Dan Borges
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask) - L0pht Heavy Industries, Elinor Mills, DilDog, Joe Grand, Kingpin, Space Rogue, Mudge, Silicosis , John Tan, Weld Pond
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Reverse Engineering, hacking documentary series - Michael Lee Nirenberg, Dave Buchwald
EHV - Caesars Promenade Level - Modena Rm - (17:30-18:29) - Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(14:00-17:59) - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - Swiss Cheese Holes in the Foundation of Modern Security - CERT VU#919801 - Chris Hanlon
PHW - Caesars Promenade Level - Neopolitan BR - (17:30-18:59) - Serious Intro to Python for Admins - Davin Potts
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(16:50-17:20) - Introducing YOGA: Your OSINT Graphical Analyzer - Micah Hoffman
RCV - Caesars Promenade Level - Florentine BR 1,2 - (17:25-17:55) - Using Deep Learning to uncover darkweb malicious actors and their close circle - Rod Soto / Joseph Zadeh
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(16:55-17:45) - Mr. Sinatra Will Hack You Now - Neil Fallon
SEV - Caesars Promenade South - Octavius BR 3-8 - (17:50-18:40) - In-N-Out - That’s What It’s All About - Billy Boatright
SKY - Flamingo 3rd Flr - Virginia City Rm - The Least Common Denominator Strategy (AKA Don't make DevOps too easy) - Daniel Williams (fbus)
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 18:00


Return to Index  -  Locations Legend
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(17:45-18:30) - Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity - Debra Laefer
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (18:30-18:59) - Custodial Responsibilities in the Connected Age: Digital Specimens and Social Contracts - Andy Coravos
BTV - Flamingo 3rd Flr- Savoy Rm - (18:20-18:59) - Open Source Endpoint Monitoring - Rik van Duijn and Leandro Velasco
Contest - Contest Stage - DEF CON Beard and Moustache Contest -
EHV - Caesars Promenade Level - Modena Rm - cont...(17:30-18:29) - Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research - Speaker TBA
EHV - Caesars Promenade Level - Modena Rm - (18:30-19:29) - Discussion - Speaker TBA
Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - /R/defcon redit Meetup -
PHV - Caesars Promenade Level - Neopolitan BR - Mapping Wi-Fi Networks and Triggering on Interesting Traffic Patterns - Caleb Madrigal
PHW - Caesars Promenade Level - Neopolitan BR - cont...(17:30-18:59) - Serious Intro to Python for Admins - Davin Potts
RCV - Caesars Promenade Level - Florentine BR 1,2 - I fought the law and law lost - Mauro Caseres
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(17:50-18:40) - In-N-Out - That’s What It’s All About - Billy Boatright
SEV - Caesars Promenade South - Octavius BR 3-8 - (18:40-19:30) - The Art of Business Warfare - Wayne Ronaldson
SKY - Flamingo 3rd Flr - Virginia City Rm - Real Simple Blue Team Shit - @wornbt
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 19:00


Return to Index  -  Locations Legend
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (19:15-19:15) - Take two of these and syscall execve() in the morning: A retrospective and primer on medical device security research - Robert Portvliet
Contest - Contest Stage - cont...(18:00-19:59) - DEF CON Beard and Moustache Contest -
EHV - Caesars Promenade Level - Modena Rm - cont...(18:30-19:29) - Discussion - Speaker TBA
Meetup - Flamingo - 3rd Floor - Carson City Rm - Lawyer Meet -
Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - cont...(18:00-20:29) - /R/defcon redit Meetup -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(18:40-19:30) - The Art of Business Warfare - Wayne Ronaldson
SEV - Caesars Promenade South - Octavius BR 3-8 - (19:35-20:10) - Swarm Intelligence and Augmented Reality Gaming - Nancy Eckert

 

Friday - 20:00


Return to Index  -  Locations Legend
Contest - Contest Stage - Whose Slide is it Anyway? -
DC - Octavius 13 - Disrupting the Digital Dystopia or What the hell is happening in computer law? - Nathan White, Nate Cardozo
DC - Octavius 9 - D0 N0 H4RM: A Healthcare Security Conversation - Christian"quaddi" Dameff MD, Jeff "r3plicant" Tully MD, Kirill Levchenko PhD, Beau Woods, Roberto Suarez, Jay Radcliffe, Joshua
DC - Roman Chillout - Oh Noes!—A Role Playing Incident Response Game - Bruce Potter, Robert Potter
Meetup - Flamingo - 3rd Floor - Chillout Rm - (20:30-21:59) - /R/defcon redit Meetup -
Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - cont...(18:00-20:29) - /R/defcon redit Meetup -
Night Life - Caesars - Emperors Level - Chillout Rm - Hacker Karaoke -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - (20:30-23:59) - Arcade Party -
Night Life - Flamingo - 3rd Floor - Savoy RM - (20:30-23:59) - Vet Con -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - (20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - (20:30-23:59) - House of Kenzo -
Night Life - Flamingo 3rd Flr - Virginia City Rm - (20:30-25:59) - 303 Party -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(19:35-20:10) - Swarm Intelligence and Augmented Reality Gaming - Nancy Eckert

 

Friday - 21:00


Return to Index  -  Locations Legend
Contest - Contest Stage - cont...(20:00-21:59) - Whose Slide is it Anyway? -
Meetup - Flamingo - 3rd Floor - Chillout Rm - cont...(20:30-21:59) - /R/defcon redit Meetup -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-23:59) - Arcade Party -
Night Life - Flamingo - 3rd Floor - Savoy RM - cont...(20:30-23:59) - Vet Con -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - cont...(20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - cont...(20:30-23:59) - House of Kenzo -
Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - Live Band Karaoke -
Night Life - Flamingo 3rd Flr - Virginia City Rm - cont...(20:30-25:59) - 303 Party -

 

Friday - 22:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-23:59) - Arcade Party -
Night Life - Flamingo - 3rd Floor - Savoy RM - cont...(20:30-23:59) - Vet Con -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - cont...(20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - cont...(20:30-23:59) - House of Kenzo -
Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - cont...(21:00-23:59) - Live Band Karaoke -
Night Life - Flamingo 3rd Flr - Virginia City Rm - cont...(20:30-25:59) - 303 Party -

 

Friday - 23:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-23:59) - Arcade Party -
Night Life - Flamingo - 3rd Floor - Savoy RM - cont...(20:30-23:59) - Vet Con -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - cont...(20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - cont...(20:30-23:59) - House of Kenzo -
Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - cont...(21:00-23:59) - Live Band Karaoke -
Night Life - Flamingo 3rd Flr - Virginia City Rm - cont...(20:30-25:59) - 303 Party -

 

Friday - 24:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Flamingo 3rd Flr - Virginia City Rm - cont...(20:30-25:59) - 303 Party -

 

Friday - 25:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Flamingo 3rd Flr - Virginia City Rm - cont...(20:30-25:59) - 303 Party -

 

Saturday - 06:00


Return to Index  -  Locations Legend
Meetup - Local Bikeshop - 8th Defcon Bike Ride -

Saturday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Saturday - 09:00


Return to Index  -  Locations Legend
PHW - Caesars Promenade Level - Neopolitan BR - (09:30-13:30) - Kali Dojo Workshop - Johnny Long
SKY - Flamingo 3rd Flr - Virginia City Rm - What happened behind the closed doors at MS - Dimitri
SKY - Flamingo 3rd Flr - Virginia City Rm - (09:30-09:59) - http2 and you - security panda

 

Saturday - 10:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - The current state of adversarial machine learning - infosecanon
AIV - Caesars Promenade Level - Florentine BR 3 - (10:20-10:40) - Chatting with your programs to find vulnerabilities - Chris Gardner
AIV - Caesars Promenade Level - Florentine BR 3 - (10:40-11:20) - The great power of AI: Algorithmic mirrors of society - Aylin Caliskan
BCOS - Caesars Promenade Level - Pompeian BR 1 - BCOS keynote speech - Philip Martin (VP Security, COINBASE)
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - WaterBot - Hackable Scientific Plant Bot - Bianca Lewis
Contest - Contest Stage - D(Struction)20 CTF -
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems - Marina Krotofil, Jos Wetzels
DC - Track 1 - Caesars Emperor's Level - Palace BR - It WISN't me, attacking industrial wireless mesh networks - Erwin Paternotte, Mattijs van Ommeren
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - You're just complaining because you're guilty: A DEF CON Guide to Adversarial Testing of Software Used In the Criminal Justice System - Dr. Jeanna N. Matthews:, Nathan Adams, Jerome Greco
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts - Zhenxuan Bai, Yuwei Zheng, Senhua Wang, Kunzhe Chai
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - #WiFiCactus - Mike Spicer
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Archery—Open Source Vulnerability Assessment and Management - Anand Tiwari
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - firstorder - Utku Sen, Gozde Sinturk
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Orthrus - Nick Sayer
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Local Sheriff - Konark Modi
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Halcyon IDE - Sanoop Thomas
HHV - Caesars Pool Level - Forum 17-21 - Hacking your HackRF - Mike Davis
PHV - Caesars Promenade Level - Neopolitan BR - Ducky-in-the-Middle: Injecting Keystrokes into Plaintext Protocols - Esteban Rodriguez
PHV - Caesars Promenade Level - Neopolitan BR - (10:30-10:59) - How to Tune Automation to Avoid False Positives - Gita Ziabari
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
RCV - Caesars Promenade Level - Florentine BR 1,2 - Building visualisation platforms for OSINT data using open source solutions - Bharath Kumar / Madhu
SKY - Flamingo 3rd Flr - Virginia City Rm - Don't Bring Me Down: Weaponizing botnets - @3ncr1pted
WS - Linq 4th Flr - Icon A - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - Decentralized Hacker Net - Eijah

 

Saturday - 11:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(10:40-11:20) - The great power of AI: Algorithmic mirrors of society - Aylin Caliskan
AIV - Caesars Promenade Level - Florentine BR 3 - (11:20-11:40) - DeepPhish: Simulating the Malicious Use of AI - Ivan Torroledo
BCOS - Caesars Promenade Level - Pompeian BR 1 - Prize winners, awards, and announcements - midipoet and MSvB
BCOS - Caesars Promenade Level - Pompeian BR 1 - (11:30-11:59) - Monero's Emerging Applications - Fluffy Pony
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(10:00-11:15) - WaterBot - Hackable Scientific Plant Bot - Bianca Lewis
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (11:15-11:59) - Technology Enabled Prosthetic Environments - Gerry Scott
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - (11:20-12:05) - Misbehavior Detection in V2X networks - Ben
Contest - Contest Stage - cont...(10:00-11:59) - D(Struction)20 CTF -
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Hacking PLCs and Causing Havoc on Critical Infrastructures - Thiago Alves
DC - Track 1 - Caesars Emperor's Level - Palace BR - Exploiting Active Directory Administrator Insecurities - Sean Metcalf
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Compression Oracle Attacks on VPN Networks - Nafeez
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Jailbreaking the 3DS through 7 years of hardening - smea
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - #WiFiCactus - Mike Spicer
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Archery—Open Source Vulnerability Assessment and Management - Anand Tiwari
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - firstorder - Utku Sen, Gozde Sinturk
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Orthrus - Nick Sayer
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Local Sheriff - Konark Modi
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Halcyon IDE - Sanoop Thomas
EHV - Caesars Promenade Level - Modena Rm - Ethics of Technology in Humanitarian and Disaster Response - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - Disabling Intel ME in Firmware - Brian Milliron
PHV - Caesars Promenade Level - Neopolitan BR - wpa-sec: The Largest Online WPA Handshake Database - Alex Stanev
PHV - Caesars Promenade Level - Neopolitan BR - (11:30-11:59) - Capturing in Hard to Reach Places - Silas Cutler
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(10:00-11:59) - Building visualisation platforms for OSINT data using open source solutions - Bharath Kumar / Madhu
SKY - Flamingo 3rd Flr - Virginia City Rm - The Abyss is Waving Back - Sidragon
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Decentralized Hacker Net - Eijah

 

Saturday - 12:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - We Program Our Stinkin Badges! - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - No Firewall Can Save You At The Intersection Of Genetics and Privacy - BJ
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (12:45-13:30) - Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders. - siDragon
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - cont...(11:20-12:05) - Misbehavior Detection in V2X networks - Ben
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - (12:15-12:40) - Automotive Exploitation Sandbox: A Hands-on Educational Introduction to Embedded Device Exploitation - Nathaniel Boggs
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - (12:45-13:05) - Performance Tuning Tools and their Capabilities - Russell Mosley
DC - 101 Track - Building Absurd Christmas Light Shows - Rob Joyce
DC - Track 1 - Caesars Emperor's Level - Palace BR - Tineola: Taking a Bite Out of Enterprise Blockchain - Stark Riedesel, Parsia Hakimian
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - You'd better secure your BLE devices or we'll kick your butts ! - Damien "virtualabs" Cauquil
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Ridealong Adventures—Critical Issues with Police Body Cameras - Josh Mitchell
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - trackerjacker - Caleb Madrigal
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit - Jayesh Singh Chauhan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - GreyNoise - Andrew Morris
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - WHID Injector: Hot To Bring HID Attacks to the Next Level - Luca Bongiorni
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - BLEMystique—Affordable custom BLE target - Nishant Sharma, Jeswin Mathai
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - ADRecon: Active Directory Recon - Prashant Mahajan
HHV - Caesars Pool Level - Forum 17-21 - NFC Payments: The Art of Relay & Replay Attacks - Salvador Mendoza
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
Meetup - Chill Out Lounge - Deaf Con Meet Up -
PHV - Caesars Promenade Level - Neopolitan BR - An OSINT Approach to Third Party Cloud Service Provider Evaluation - Lokesh Pidawekar
PHV - Caesars Promenade Level - Neopolitan BR - (12:30-12:59) - Bitsquatting: Passive DNS Hijacking - Ed Miles
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
RCV - Caesars Promenade Level - Florentine BR 1,2 - Cartoons, Sketchnotes, Bullet Journals and Other Data Visualization Tricks - Raye Keslensky
RCV - Caesars Promenade Level - Florentine BR 1,2 - Bug Bounty Hunting on Steroids - Anshuman Bhartiya / Glen Grant
Service - Caesars - Promenade Level - Anzio Rm past Registration - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Cloud Security Myths - Xavier Ashe
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Decentralized Hacker Net - Eijah

 

Saturday - 13:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Machine Learning Model Hardening For Fun and Profit - Ariel Herbert-Voss
AIV - Caesars Promenade Level - Florentine BR 3 - (13:20-13:59) - Automated Planning for the Automated Red Team - Andy Applebaum
BCOS - Caesars Promenade Level - Pompeian BR 1 - cont...(12:00-13:59) - We Program Our Stinkin Badges! - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(12:45-13:30) - Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders. - siDragon
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (13:30-14:15) - DNA Encryption: Bioencryption to Store Your Secrets in living organisms - John Dunlap
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - cont...(12:45-13:05) - Performance Tuning Tools and their Capabilities - Russell Mosley
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - One Step Ahead of Cheaters -- Instrumenting Android Emulators - Nevermoe (@n3v3rm03)
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - (13:30-13:50) - House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries - Sanat Sharma
DC - Track 1 - Caesars Emperor's Level - Palace BR - In Soviet Russia Smartcard Hacks You - Eric Sesterhenn
DC - Track 1 - Caesars Emperor's Level - Palace BR - (13:30-13:50) - The ring 0 façade: awakening the processor's inner demons - Christopher Domas
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Reaping and breaking keys at scale: when crypto meets big data - Yolan Romailler, Nils Amiet
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (13:30-13:50) - Detecting Blue Team Research Through Targeted Ads - 0x200b
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era - Andrea Marcelli
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (13:30-14:15) - Infecting The Embedded Supply Chain - Zach, Alex
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - trackerjacker - Caleb Madrigal
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit - Jayesh Singh Chauhan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - GreyNoise - Andrew Morris
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - WHID Injector: Hot To Bring HID Attacks to the Next Level - Luca Bongiorni
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - BLEMystique—Affordable custom BLE target - Nishant Sharma, Jeswin Mathai
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - ADRecon: Active Directory Recon - Prashant Mahajan
EHV - Caesars Promenade Level - Modena Rm - Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space - Speaker TBA
PHV - Caesars Promenade Level - Neopolitan BR - Turning Deception Outside-In: Tricking Attackers with OSINT - Hadar Yudovich, Tom Kahana, Tom Sela
PHV - Caesars Promenade Level - Neopolitan BR - (13:30-13:59) - Defense in Depth: The Path to SGX at Akamai - Sam Erb
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
RCV - Caesars Promenade Level - Florentine BR 1,2 - Targeted User Analytics and Human Honeypotss - Mbis0n Shadoru
RCV - Caesars Promenade Level - Florentine BR 1,2 - (13:25-13:55) - Skiptracer - ghetto OSINT for broke hackers - illwill
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Exploiting IoT Communications - A Cover within a Cover - Mike Raggo & Chet Hosmer
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Decentralized Hacker Net - Eijah

 

Saturday - 14:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Beyond Adversarial Learning -- Security Risks in AI Implementations - Kang Li
AIV - Caesars Promenade Level - Florentine BR 3 - (14:30-15:20) - (Responsible?) Offensive Machine Learning - @bodaceacat, @filar, @Straithe, @_delta_zero (Moderating)
BCOS - Caesars Promenade Level - Pompeian BR 1 - Examining Monero's Ring Signatures - Justin Ehrenhofer
BCOS - Caesars Promenade Level - Pompeian BR 1 - (14:30-14:59) - Some Mining Related Attacks - Zhiniang Peng
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(13:30-14:15) - DNA Encryption: Bioencryption to Store Your Secrets in living organisms - John Dunlap
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (14:15-16:15) - DEF CON Biohacking Village Badge Talk - Joel Murphy
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - (14:35-15:20) - Grand theft auto: Digital key hacking - kevin chen
DDV - Caesars Promenade Level - Capri Rm - The Memory Remains - Cold drive memory forensics 101 - Lior Kolnik
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices - Dennis Giese
DC - Track 1 - Caesars Emperor's Level - Palace BR - SMBetray—Backdooring and breaking signatures - William Martin
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones - Eduardo Izycki, Rodrigo Colli
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (14:30-14:50) - Sex Work After SESTA/FOSTA - Maggie Mayhem
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - cont...(13:30-14:15) - Infecting The Embedded Supply Chain - Zach, Alex
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Playing Malware Injection with Exploit thoughts - Sheng-Hao Ma
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (14:30-14:50) - Fire & Ice: Making and Breaking macOS Firewalls - Patrick Wardle
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - EAPHammer - Gabriel Ryan
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Sh00t—An open platform for manual security testers & bug hunters - Pavan Mohan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - ioc2rpz - Vadim Pavlov
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - HealthyPi—Connected Health - Ashwin K Whitchurch
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Walrus - Daniel Underhay, Matthew Daley
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - LHT (Lossy Hash Table) - Steve Thomas
PHV - Caesars Promenade Level - Neopolitan BR - Building a Teaching SOC - Andrew Johnson
PHV - Caesars Promenade Level - Neopolitan BR - (14:30-14:59) - Normalizing Empire's Traffic to Evade Anomaly-Based IDS - Utku Sen, Gozde Sinturk
PHW - Caesars Promenade Level - Neopolitan BR - Intense Introduction to Modern Web Application Hacking - Omar Santos and Ron Taylor
RCV - Caesars Promenade Level - Florentine BR 1,2 - Applied OSINT For Politics: Turning Open Data Into News - Lloyd Miller
RCV - Caesars Promenade Level - Florentine BR 1,2 - (14:45-15:05) - 1983: I’m born. 2018: I’m taking on the bad guys - Jennifer Roderick
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Hacking the Technical Interview - Marcelle & Kelley
WS - Linq 4th Flr - Icon A - (14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - (14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - (14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - (14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - (14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - (14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 15:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(14:30-15:20) - (Responsible?) Offensive Machine Learning - @bodaceacat, @filar, @Straithe, @_delta_zero (Moderating)
AIV - Caesars Promenade Level - Florentine BR 3 - (15:20-15:59) - Towards a framework to quantitatively assess AI safety – challenges, open questions and opportunities. - Ram Shankar Siva Kumar
BCOS - Caesars Promenade Level - Pompeian BR 1 - An Introduction to Kovri - Anonimal
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - DEF CON Biohacking Village Badge Talk - Joel Murphy
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Torrent More Pharmaceutical Drugs. File Sharing Still Saves Lives. - Mixæl Laufer
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - cont...(14:35-15:20) - Grand theft auto: Digital key hacking - kevin chen
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - (15:30-15:55) - Build your own RoboCar: CAN Bus at 1/10th Scale - Sean McKeever
Contest - Contest Stage - Spell Check: The Hacker Spelling Bee -
DDV - Caesars Promenade Level - Capri Rm - Owning Gluster FS with GEVAUDAN - Mauro Cáseres
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Project Interceptor: avoiding counter-drone systems with nanodrones - David Melendez Cano
DC - Track 1 - Caesars Emperor's Level - Palace BR - All your math are belong to us - sghctoma
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Reverse Engineering Windows Defender's Emulator - Alexei Bulazel
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Booby Trapping Boxes - Ladar Levison, hon1nbo
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - EAPHammer - Gabriel Ryan
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - Sh00t—An open platform for manual security testers & bug hunters - Pavan Mohan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - ioc2rpz - Vadim Pavlov
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - HealthyPi—Connected Health - Ashwin K Whitchurch
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - Walrus - Daniel Underhay, Matthew Daley
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - LHT (Lossy Hash Table) - Steve Thomas
EHV - Caesars Promenade Level - Modena Rm - Hack Back: Not An Option, But A Necessity? (A Mini-Workshop) - David Scott Lewis
HHV - Caesars Pool Level - Forum 17-21 - Breaking In: Building a home lab without having to rob a bank - Bryan Austin
PHV - Caesars Promenade Level - Neopolitan BR - Grand Theft Auto: Digital Key Hacking - Huajiang "Kevin2600" Chen, Jin Yang
PHW - Caesars Promenade Level - Neopolitan BR - cont...(14:00-15:59) - Intense Introduction to Modern Web Application Hacking - Omar Santos and Ron Taylor
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(14:45-15:05) - 1983: I’m born. 2018: I’m taking on the bad guys - Jennifer Roderick
RCV - Caesars Promenade Level - Florentine BR 1,2 - Core OSINT: Keeping Track of and Reporting All the Things - Micah Hoffman
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - (15:30-15:59) - Social Engineering from a CISO's Perspective - Kathleen Mullen
SKY - Flamingo 3rd Flr - Virginia City Rm - Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project - Amit Elazari & Keren Elazari
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 16:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - StuxNNet: Practical Live Memory Attacks on Machine Learning Systems - Raphael Norwitz
AIV - Caesars Promenade Level - Florentine BR 3 - (16:20-16:59) - Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks - TonTon Huang
BCOS - Caesars Promenade Level - Pompeian BR 1 - cont...(15:00-16:59) - An Introduction to Kovri - Anonimal
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - DEF CON Biohacking Village Badge Talk - Joel Murphy
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (16:15-16:59) - Hacking Human Fetuses - Erin Hefley
CHV - Flamingo Lower Level - Red Rock Rm 1-5 - CANT - Tim Brom
Contest - Contest Stage - cont...(15:00-16:59) - Spell Check: The Hacker Spelling Bee -
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Outsmarting the Smart City - Daniel "unicornFurnace" Crowley, Mauro Paredes, Jen "savagejen" Savage
DC - Track 1 - Caesars Emperor's Level - Palace BR - 80 to 0 in under 5 seconds: Falsifying a medical patient's vitals - Douglas McKee
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - All your family secrets belong to us—Worrisome security issues in tracker apps - Dr. Siegfried Rasthofer, Stephan Huber, Dr. Steven Arzt
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Inside the Fake Science Factory - Dr Cindy Poppins - Computer Scientist (AKA Svea Eckert), Dr Dade Murphy - Reformed Hacker (AKA Suggy), Professor Dr Edgar Munch
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response) - Besim Altinok, Mehmet Kutlay Kocer, M.Can KURNAZ
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Angad: A Malware Detection Framework using Multi-Dimensional Visualization - Ankur Tyagi
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Honeycomb—An extensible honeypot framework - Omer Cohen, Imri Goldberg
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Swissduino—Stealthy USB HID Networking & Attack - Mike Westmacott
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - boofuzz - Joshua Pereyda
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - PA Toolkit—Wireshark plugins for Pentesters - Nishant Sharma, Jeswin Mathai
HHV - Caesars Pool Level - Forum 17-21 - The Cactus: 6502 Blinkenlights 40 Years Late - Commodore Z
PHV - Caesars Promenade Level - Neopolitan BR - Ridealong Adventures: Critical Issues with Police Body Cameras - Josh Mitchell
PHW - Caesars Promenade Level - Neopolitan BR - (16:30-17:59) - Mallet, An Intercepting Proxy for Arbitrary Protocols - Rogan Dawes
RCV - Caesars Promenade Level - Florentine BR 1,2 - WhiteRabbit: Combining Threat Intelligence Public Blockchain Data and Machine Learning to go Down the “Dirty Money” Rabbit Hole - Olivia Thet / Nicolas Kseib
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - The Abyss is Waving Back… - Chris Roberts
SEV - Caesars Promenade South - Octavius BR 3-8 - (16:55-17:45) - Hunting Predators: SE Style - Chris Hadnagy
SKY - Flamingo 3rd Flr - Virginia City Rm - Healthcare Exposure on Public Internet - Shawn Merdinger
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 17:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Holy BATSense! Deploying TBATS Machine Learning Algorithm to Detect Security Events - Pranshu Bajpai
BCOS - Caesars Promenade Level - Pompeian BR 1 - Moderator Justin Ehrenhofer's Greatest Questions - Shamiq (App Sec Manager, COINBASE), Paul Shapiro, A., Fluffy Pony
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Biohacking the Disability - Gabriel Bergel
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (17:15-17:59) - Lightning Talks - Maybe you?
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (17:45-18:30) - Batman, Brain Hacking, and Bank Accounts - Katherine Pratt
DC - Track 1 - Caesars Emperor's Level - Palace BR - The Road to Resilience: How Real Hacking Redeems this Damnable Profession - Richard Thieme, a.k.a. neural cowboy
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers - Nick Cano
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response) - Besim Altinok, Mehmet Kutlay Kocer, M.Can KURNAZ
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - Angad: A Malware Detection Framework using Multi-Dimensional Visualization - Ankur Tyagi
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - Honeycomb—An extensible honeypot framework - Omer Cohen, Imri Goldberg
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - Swissduino—Stealthy USB HID Networking & Attack - Mike Westmacott
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - boofuzz - Joshua Pereyda
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - PA Toolkit—Wireshark plugins for Pentesters - Nishant Sharma, Jeswin Mathai
EHV - Caesars Promenade Level - Modena Rm - Diversity and Equality in Infosec - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - WiFi Beacons will give you up - John Aho
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - IoT Data Exfiltration - Mike Raggo, Chet Hosmer
PHW - Caesars Promenade Level - Neopolitan BR - cont...(16:30-17:59) - Mallet, An Intercepting Proxy for Arbitrary Protocols - Rogan Dawes
RCV - Caesars Promenade Level - Florentine BR 1,2 - Mapping wifi networks and triggering on interesting traffic patterns - Caleb Madrigal
RCV - Caesars Promenade Level - Florentine BR 1,2 - (17:40-17:59) - OpenPiMap - Hacking the hackers with OSINT, Raspberry Pis, and Data Analysis - Mark Klink
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(16:55-17:45) - Hunting Predators: SE Style - Chris Hadnagy
SEV - Caesars Promenade South - Octavius BR 3-8 - (17:50-18:40) - On the Hunt: Hacking the Hunt - Chris Silvers and Taylor Banks
SKY - Flamingo 3rd Flr - Virginia City Rm - The challenge of building an secure and safe digital environment in the healthcare - @_j3lena_
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 18:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Instructions and invitations to party - Cinnamonflower and pwrcycle
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(17:45-18:30) - Batman, Brain Hacking, and Bank Accounts - Katherine Pratt
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (18:30-19:15) - Building a Better Bedside - The Blue Team Needs a Plan B - Nick Deluski
Contest - Contest Stage - DEF CON Blitz Chess Tournament -
EHV - Caesars Promenade Level - Modena Rm - Discussion - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - Building Drones the Hard Way - David Melendez Cano
RCV - Caesars Promenade Level - Florentine BR 1,2 - Supercharge Your Web Recon With Commonspeak and Evolutionary Wordlists - Michael Gianarakis / Shubham Shah
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(17:50-18:40) - On the Hunt: Hacking the Hunt - Chris Silvers and Taylor Banks
SEV - Caesars Promenade South - Octavius BR 3-8 - (18:40-19:30) - Social Engineering Course Projects for Undergraduate Students - Aunsuhl Rege
SKY - Flamingo 3rd Flr - Virginia City Rm - Macabre stories of a hacker in the public health sector (Chile) - Philippe Delteil
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 19:00


Return to Index  -  Locations Legend
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(18:30-19:15) - Building a Better Bedside - The Blue Team Needs a Plan B - Nick Deluski
Contest - Contest Stage - cont...(18:00-19:59) - DEF CON Blitz Chess Tournament -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(18:40-19:30) - Social Engineering Course Projects for Undergraduate Students - Aunsuhl Rege

 

Saturday - 20:00


Return to Index  -  Locations Legend
Contest - Contest Stage - Drunk Hacker History -
Contest - Contest Stage - Whose Slide is it Anyway?
DC - Octavius 13 - Privacy Is Equality—And It's Far from Dead - Sarah St. Vincent
DC - Octavius 9 - Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape - Matt Goerzen, Dr. Jeanna Matthews, Joan Donovan
DC - Roman Chillout - EFF Fireside Hax (AKA Ask the EFF) - Kurt Opsahl, Nate Cardozo, Jamie Lee Williams, Andrés Arrieta, Katiza Rodriguez, Nathan 'nash' Sheard
Meetup - Flamingo - 3rd floor - Chillout Rm - (20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - Hacker Karaoke -
Night Life - Flamingo - 3rd Floor - Carson City Rm - (20:30-23:59) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - ElDorado BR - (20:30-23:59) - Lonely Hackers Club -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - (20:30-23:59) - SecKC the World -
Night Life - Flamingo Pool - (20:30-25:59) - 303 Party -

 

Saturday - 21:00


Return to Index  -  Locations Legend
Contest - Contest Stage - cont...(20:00-21:59) - Drunk Hacker History -
Contest - Contest Stage - cont...(20:00-21:59) - Whose Slide is it Anyway?
Meetup - Flamingo - 3rd floor - Chillout Rm - cont...(20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-23:59) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - ElDorado BR - cont...(20:30-23:59) - Lonely Hackers Club -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-23:59) - SecKC the World -
Night Life - Flamingo Pool - cont...(20:30-25:59) - 303 Party -

 

Saturday - 22:00


Return to Index  -  Locations Legend
Meetup - Flamingo - 3rd floor - Chillout Rm - cont...(20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-23:59) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - ElDorado BR - cont...(20:30-23:59) - Lonely Hackers Club -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-23:59) - SecKC the World -
Night Life - Flamingo Pool - cont...(20:30-25:59) - 303 Party -

 

Saturday - 23:00


Return to Index  -  Locations Legend
Meetup - Flamingo - 3rd floor - Chillout Rm - cont...(20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-23:59) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - ElDorado BR - cont...(20:30-23:59) - Lonely Hackers Club -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-23:59) - SecKC the World -
Night Life - Flamingo Pool - cont...(20:30-25:59) - 303 Party -

 

Saturday - 24:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Flamingo Pool - cont...(20:30-25:59) - 303 Party -

 

Saturday - 25:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Flamingo Pool - cont...(20:30-25:59) - 303 Party -

Sunday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Sunday - 09:00


Return to Index  -  Locations Legend
SKY - Flamingo 3rd Flr - Virginia City Rm - Master Baiting! Dont Click Bait, Click Yourself - BACE16

 

Sunday - 10:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Generating Labeled Data From Adversary Simulations With MITRE ATT&CK - Brian Genz
AIV - Caesars Promenade Level - Florentine BR 3 - (10:40-10:59) - AI DevOps: Behind the Scenes of a Global Anti-Virus Company's Machine Learning Infrastructure - Alex Long
BCOS - Caesars Promenade Level - Pompeian BR 1 - The Good, the Bad, and the Private: Building and Breaking Safe Cryptocurrencies - Sarang Noether
BCOS - Caesars Promenade Level - Pompeian BR 1 - (10:45-10:59) - Contest winners, prizes, showcase and awards - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - WELCOME TO THE LAST DAY OF BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (10:15-10:59) - Exploiting immune defences - can malware learn from biological viruses? - Guy Propper
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - The Mouse is Mightier than the Sword - Patrick Wardle
DC - Track 1 - Caesars Emperor's Level - Palace BR - Rock appround the clock: Tracking malware developers by Android "AAPT" timezone disclosure bug - Sheila A. Berta, Sergio De Los Santos
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Defending the 2018 Midterm Elections from Foreign Adversaries - Joshua M Franklin , Kevin Franklin
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems - Leigh-Anne Galloway, Tim Yunusov
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - nzyme - Lennart Koopmann
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - GyoiThon - Isao Takaesu, Masuya Masafumi, Toshitsugu Yoneyama,
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - CHIRON - Rod Soto, Joseph Zadeh
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - PCILeech - Ulf Frisk, Ian Vitek
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Passionfruit - Zhi Zhou, Yifeng Zhang
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Conformer - Mikhail Burshteyn
RCV - Caesars Promenade Level - Florentine BR 1,2 -   - HackaThon Product(s) Shocase by Participants
RCV - Caesars Promenade Level - Florentine BR 1,2 - (10:50-11:20) - Winning a SANS 504 CTF without winning a SANS CTF - Wbbigdave
SKY - Flamingo 3rd Flr - Virginia City Rm - Facial Recognition - Let me let you in on a secret - Stumbles The Drunk

 

Sunday - 11:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - GAN to the dark side: A case study of attacking machine-learning systems to empower defenses - Li Chen
BCOS - Caesars Promenade Level - Pompeian BR 1 - Monero's Differentiated Community - Justin Ehrenhofer
BCOS - Caesars Promenade Level - Pompeian BR 1 - (11:30-11:59) - Privacy and Blockchain: A Boundary Object Perspective - Robin "midipoet" Renwick
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Jumping the Epidermal Barrier - Vlad Gostomelsky
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Searching for the Light: Adventures with OpticSpy - Joe Grand
DC - Track 1 - Caesars Emperor's Level - Palace BR - Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more. - Josep Pi Rodriguez
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Politics and the Surveillance State. The story of a young politician's successful efforts to fight surveillance and pass the nation's strongest privacy bills. - Daniel Zolnikov
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits - zerosum0x0
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - nzyme - Lennart Koopmann
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - GyoiThon - Isao Takaesu, Masuya Masafumi, Toshitsugu Yoneyama,
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - CHIRON - Rod Soto, Joseph Zadeh
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - PCILeech - Ulf Frisk, Ian Vitek
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Passionfruit - Zhi Zhou, Yifeng Zhang
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Conformer - Mikhail Burshteyn
PHV - Caesars Promenade Level - Neopolitan BR - Microcontrollers and Single Board Computers for Hacking, Fun and Profit - gh057
PHW - Caesars Promenade Level - Neopolitan BR - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(10:50-11:20) - Winning a SANS 504 CTF without winning a SANS CTF - Wbbigdave
RCV - Caesars Promenade Level - Florentine BR 1,2 - (11:25-12:55) - Stalker In A Haystack - MasterChen
SKY - Flamingo 3rd Flr - Virginia City Rm - Sex Work After SESTA - Maggie Mayhem

 

Sunday - 12:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Stealing Crypto 2 Factor Isn't a Factor - Rod Soto and Jason Malley
BCOS - Caesars Promenade Level - Pompeian BR 1 - (12:30-12:59) - Monero Project's Vulnerability Response Process - Anonimal
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(11:00-12:15) - Jumping the Epidermal Barrier - Vlad Gostomelsky
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (12:15-12:59) - Selfie or Mugshot? - Anne Kim
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Breaking Smart Speakers: We are Listening to You. - Wu HuiYu, Qian Wenxiang
DC - Track 1 - Caesars Emperor's Level - Palace BR - Last mile authentication problem: Exploiting the missing link in end-to-end secure communication - Thanh Bui, Siddharth Rao
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Attacking the macOS Kernel Graphics Driver - Yu Wang
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities - Matt Knight, Ryan Speers
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Expl-iot—IoT Security Testing and Exploitation framework - Aseem Jakhar
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - DejaVU—An Open Source Deception Framework - Bhadreshkumar Patel, Harish Ramadoss
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - GUI Tool for OpenC2 Command Generation - Efrain Ortiz
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - Fishing for Phishers. The Enterprise Strikes Back! - Joseph Muniz, Aamir Lakhani
PHW - Caesars Promenade Level - Neopolitan BR - cont...(11:00-12:59) - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(11:25-12:55) - Stalker In A Haystack - MasterChen
RCV - Caesars Promenade Level - Florentine BR 1,2 - Mapping Social Media with Facial Recognition - Jacob Wilkin
RCV - Caesars Promenade Level - Florentine BR 1,2 - (12:25-12:40) - Hackathon and CTF Prizes, and a Group Photo - Recon Village Team
RCV - Caesars Promenade Level - Florentine BR 1,2 - (12:45-12:59) - Closing Note - Shubham Mittal / Sudhanshu Chauhan
SKY - Flamingo 3rd Flr - Virginia City Rm - Alphathreat Soup: Burning Threat Actors with Data - brain, 9bplus

 

Sunday - 13:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Village summary - Diego "rehrar" Salazar
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Meow Meow Meow - Meow-Meow Ludo Meow
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (13:45-13:45) - PWN to OWN my own Heart. Journey into hacking my own pacemake - Veronica Schmit
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Trouble in the tubes: How internet routing security breaks down and how you can do it at home - Lane Broadbent
DC - Track 1 - Caesars Emperor's Level - Palace BR - Man-In-The-Disk - Slava Makkaveev
DC - Track 1 - Caesars Emperor's Level - Palace BR - (13:30-13:50) - Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading - Ruo Ando
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Micro-Renovator: Bringing Processor Firmware up to Code - Matt King
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (13:30-13:50) - Lost and Found Certificates: dealing with residual certificates for pre-owned domains - Ian Foster, Dylan Ayrey
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - barcOwned—Popping shells with your cereal box - Michael West, magicspacekiwi (Colin Campbell)
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (13:30-13:50) - Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking - ldionmarcil
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - Expl-iot—IoT Security Testing and Exploitation framework - Aseem Jakhar
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - DejaVU—An Open Source Deception Framework - Bhadreshkumar Patel, Harish Ramadoss
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - GUI Tool for OpenC2 Command Generation - Efrain Ortiz
PHV - Caesars Promenade Level - Neopolitan BR - What Do You Want to be When You Grow Up? - Damon "ch3f" Small
SKY - Flamingo 3rd Flr - Virginia City Rm - Game Runner 2049: The Battles Fought by the King of the Replicants - Nick Cano

 

Sunday - 14:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Betrayed by the keyboard: How what you type can give you away - Matt Wixey
DC - Track 1 - Caesars Emperor's Level - Palace BR - Your Watch Can Watch You! Gear Up for the Broken Privilege Pitfalls in the Samsung Gear Smartwatch - Dongsung Kim, Hyoung-Kee Choi
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Hacking BLE Bicycle Locks for Fun and a Small Profit - Vincent Tan
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers - Xiaolong Bai, Min (Spark) Zheng

 

Sunday - 15:00


Return to Index  -  Locations Legend
DC - Track 1 - Caesars Emperor's Level - Palace BR - PANEL: DEF CON GROUPS - Brent White (B1TK1LL3R), Jeff Moss (The Dark Tangent), Jayson E. Street, S0ups, Tim Roberts (byt3boy), Casey Bourbonnais, April
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - What the Fax!? - Yaniv Balmas, Eyal Itkin
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Fuzzing Malware For Fun & Profit. Applying Coverage-guided Fuzzing to Find and Exploit Bugs in Modern Malware - Maksim Shudrak

 

Sunday - 16:00


Return to Index  -  Locations Legend
DC - Track 1 - Caesars Emperor's Level - Palace BR - DEF CON Closing Ceremonies - The Dark Tangent

 

Sunday - 17:00


Return to Index  -  Locations Legend
DC - Track 1 - Caesars Emperor's Level - Palace BR - cont...(16:00-17:45) - DEF CON Closing Ceremonies - The Dark Tangent

Speaker List


_delta_zero
@_delta_zero
@_j3lena_
@3ncr1pted
@arinerron
@bodaceacat
@bwall (Moderator)
@drhyrum
@filar
@gradient_janitor
@IrishMASMS
@jtpereyda
@malwareunicorn
@pixieofchaos
@Plug
@rainbow_tables
@rharang
@Straithe
@wornbt
0x200b
9bplus
A.
Aamir Lakhani
Abhay Bhargav
Adam Steed
Agent X
AI Village Organizers
Alejo Murillo
Alex Levinson
Alex Levinson
Alex Long
Alex Stanev
Alex
Alexandre Borges
Alexandrine Torrents
Alexei Bulazel
Alfonso García
Amanda Rousseau
Amit Elazari
Anand Tiwari
Andrés Arrieta
Andrea Marcelli
Andrew Johnson
Andrew Macpherson
Andrew Morris
Andrew Morris
Andy Applebaum
Andy Applebaum
Andy Coravos
Andy Klein
Angelos Stavrou
Ankur Tyagi
Anne Kim
Anonimal
Anonimal
Anshuman Bhartiya
Anto Joseph
April Wright
Ariel Herbert-Voss
Arnaud SOULLIÉ
Arun Magesh
Arun Mane
Aseem Jakhar
Ashwin K Whitchurch
Aunsuhl Rege
Aylin Caliskan
Azeem Aqil
BACE16
Beau Woods
Ben Gardiner
Ben Hughes
Ben
Besim Altinok
Bhadreshkumar Patel
Bharath Kumar
Bianca Lewis
Billy Boatright
BJ
brain
Brent White (B1TK1LL3R)
Brian Genz
Brian Milliron
Brittany "Straithe" Postnikoff
Bruce Potter
Bryan Austin
Bryan Passifiume
Bryce Kunz
Caleb Madrigal
Caleb Madrigal
Caleb Madrigal
Casey Bourbonnais
Chet Hosmer
Chet Hosmer
Chris Gammell
Chris Gardner
Chris Hadnagy
Chris Hanlon
Chris Roberts
Chris Silvers
Chris"Suggy" Sumner
Christian "quaddi" Dameff MD
Christian"quaddi" Dameff MD
Christopher Domas
Christopher Domas
Cinnamonflower
Clarence Chio
Commodore Z
Csaba Fitzl
Damien "virtualabs" Cauquil
Damon "ch3f" Small
Dan Borges
Dan Borges
Dan Regalado
Daniel "unicornFurnace" Crowley
Daniel Underhay
Daniel Williams (fbus)
Daniel Zolnikov
Dave Buchwald
Dave Porcello
David Melendez Cano
David Melendez Cano
David Nathans
David Pearson
David Scott Lewis
David Turco
Davin Potts
Debra Laefer
Dennis Giese
Devin "Bearded Warrior" Pearson
Diego "rehrar" Salazar
DilDog
Dimitri
Dino Covotsos
dj beep code
Dominic Spill
Dongsung Kim
Douglas McKee
Dr. Aylin Caliskan
Dr. Siegfried Rasthofer
Dr. Silke Holtmanns
Dr. Steven Arzt
Dylan Ayrey
Dylan James Smith
Ed Miles
Eduardo Izycki
Efrain Ortiz
egypt
Eijah
Elinor Mills
Elizabeth Biddlecome
Elliott Brink
Eric Evenchick
Eric Sesterhenn
Erin Hefley
Erwin Paternotte
Esteban Rodriguez
Ethan Gregory Dodge
Ethan Gregory Dodge
Evan Yang
Eyal Itkin
Fedor Sakharov
Felix "Crypto_Cat" Honigwachs
Feng Xiao
Fluffy Pony
Fluffy Pony
Francisco "ArticMine" Cabañas
Fred Mastrippolito
Gabriel Bergel
Gabriel Ryan
Gabriel Ryan
Gabriel Ryan
Garett Montgomery
Gary Bates
George Tarnovsky
Gerry Scott
gh057
Gita Ziabari
Glen Grant
Gozde Sinturk
Gozde Sinturk
Guang Gong
Guy Propper
HackaThon Product(s) Shocase by Participants
Hadar Yudovich
Hannah Silvers
Harish Ramadoss
HighWiz
hon1nbo
Howard (hyc) Chu
Huajiang "Kevin2600" Chen
Hyoung-Kee Choi
Ian Foster
Ian Haken
Ian Vitek
illwill
Imri Goldberg
infosecanon
Isao Takaesu
Isao Takaesu
Isha Singh
Ivan Torroledo
Jacob Wilkin
Jakub Botwicz
James Albany
James Coote
Jamie Lee Williams
Jason Haddix
Jason Malley
Jay Radcliffe
Jay Turla
Jayesh Singh Chauhan
Jayson E. Street
Jeanette Manfra
Jeanna Matthews
Jeanna Matthews
Jeff Magloire
Jeff"r3plicant" Tully MD
Jeffrey Ladish
Jen "savagejen" Savage
Jen Ellis
Jennifer Roderick
Jeremy Johnson
Jericho
Jerome Greco
Jerry Gamblin
Jesse Michael
Jessica “Zhanna” Malekos Smith
Jeswin Mathai
Jeswin Mathai
Jianjun Dai
Jianwei Huang
Jin Yang
Joan Donovan
Joe FitzPatriclk
Joe Grand (Kingpin)
Joe Grand (Kingpin)
Joe Grand
Joe Grand
Joe Rozner
Joel Murphy
John Aho
John Dunlap
John Stoner
John Stoner
John Tan
Johnny Long
Jon Medina
Jon Overgaard Christiansen
Jos Wetzels
Josep Pi Rodriguez
Joseph Muniz
Joseph Zadeh
Joseph Zadeh
Josh Mitchell
Josh Mitchell
Joshua Corman
Joshua M Franklin
Joshua Pereyda
Joshua Pereyda
Judy Towers
Jun Li
Justin Ehrenhofer
Justin Ehrenhofer
Justin Whitehead
Kang Li
Kat Sweet
Katherine Pratt
Kathleen Mullen
Katiza Rodriguez
Kelley
Kendall Blaylock
Keren Elazari
kevin chen
Kevin Franklin
Kevin Lustic
Kirill Levchenko PhD
Konark Modi
Kunzhe Chai
Kurt Opsahl
L0pht Heavy Industries
Ladar Levison
Lane Broadbent
Laura H
ldionmarcil
Leandro Velasco
Leigh-Anne Galloway
Lennart Koopmann
Li Chen
Lin Huang
Lior Kolnik
Lloyd Miller
Lokesh Pidawekar
Lorenzo Bernardi
Louis Nyffenegger
Louis Nyffenegger
Luca Bongiorni
Luke Jahnke
Luke Jahnke
M.Can KURNAZ
m010ch_
Madhu Akula
Madhu
Magg
Maggie Mayhem
Maggie Mayhem
magicspacekiwi (Colin Campbell)
Maksim Shudrak
Malware Unicorn
Mansour Ahmadi
Marc DaCosta
Marcelle
Marina Krotofil
Mark Klink
Mark Mager
Marko Bencun
Marko Bencun
Martin Vigo
MasterChen
MasterChen
Masuya Masafumi
Matt
Matt Cheung
Matt Goerzen
Matt King
Matt Knight
Matt Wixey
Matthew Daley
Mattijs van Ommeren
Mauricio Velazco
Mauro Cáseres
Mauro Caseres
Mauro Paredes
Mbis0n Shadoru
Mehmet Kutlay Kocer
Meow-Meow Ludo Meow
Micah Hoffman
Micah Hoffman
Michael Gianarakis
Michael Lee Nirenberg
Michael Leibowitz
Michael Ossmann
Michael Schloh
Michael Schloh
Michael Schloh
Michael West
Mickey Shkatov
midipoet
midipoet
Miguel Guirao
Mike Davis
Mike Raggo
Mike Raggo
Mike Spicer
Mike Westmacott
Mikhail Burshteyn
Min (Spark) Zheng
Min (Spark) Zheng
Mingchuang Qun
Mixæl Laufer
Morgan "indrora" Gangwere
Mr. Br!ml3y
MSvB
MSvB
Mudge
mwguy
Nafeez
Nancy Eckert
Nate Cardozo
Nate Cardozo
Nathan 'nash' Sheard
Nathan Adams
Nathan White
Nathaniel Boggs
Neil Fallon
Nevermoe (@n3v3rm03)
Nick - GraphX
Nick Cano
Nick Cano
Nick Deluski
Nick Sayer
Nick Tait
Nicolas Kseib
Nikita
Nils Amiet
Nishant Sharma
Nishant Sharma
Olivia Thet
Omar Santos
Omer Cohen
Orange Tsai
Parasew
Parsia Hakimian
Patrick Wardle
Patrick Wardle
Paul Shapiro
Pavan Mohan
Pedro Fortuna
Peng Liu
Philip Lapczynski
Philip Martin
Philippe Delteil
Pranshu Bajpai
Prashant Mahajan
Prof Andrea M. Matwyshyn, Professor of Law, NUSL
pwrcycle
Qian Wenxiang
Rachel Greenstadt
Ram Shankar Siva Kumar
Raphael Norwitz
Raye Keslensky
Recon Village Team
Renderman
Rich Seymour
Richard Henderson
Richard Thieme
Ricky "HeadlessZeke" Lawshae
Rik van Duijn
Roamer
Rob Brandon
Rob Joyce
Rob Joyce
Robert Portvliet
Robert Potter
Roberto Suarez
Robin "midipoet" Renwick
Rod Soto
Rod Soto
Rod Soto
Rodrigo Colli
Rogan Dawes
Rogan Dawes
Ron Taylor
Rowan Phipps
Ruo Ando
Rushikesh D. Nandedkar
Russell Mosley
Russell Mosley
Ryan Johnson
Ryan Kovar
Ryan Kovar
Ryan MacDougall
Ryan Mitchell
Ryan Speers
S0ups
Salvador Mendoza
Sam Bowne
Sam Erb
Sanat Sharma
Sandeep Singh
Sanoop Thomas
Sara-Jayne Terp
Sarah St. Vincent
Sarang Noether
Seamus Burke
Sean Gallagher
Sean McKeever
Sean Metcalf
Sean Wilson
Sebastian Garcia
security panda
Senhua Wang
Sergei Frankoff
Sergio De Los Santos
Seth Law
sghctoma
Shaggy
Shamiq
Shaokun Cao
Sharath Kumar Ramadas
Shawn Merdinger
Sheila A. Berta
Sheng-Hao Ma
Shubham Mittal
Shubham Mittal
Shubham Shah
Si
Siddharth Rao
Sidragon
siDragon
Silas Cutler
Silicosis
singe
Slava Makkaveev
smea
Sneha Rajguru
Soldier of FORTRAN
Space Rogue
Stark Riedesel
Stephan Huber
Stephanie Stroka
Steve Thomas
Steven Danneman
Stumbles The Drunk
Sudhanshu Chahuhan
Sudhanshu Chauhan
Svea Eckert
Sven Cattell
Taylor Banks
Thanh Bui
The Dark Tangent
The Dark Tangent
The Tarquin
Thiago Alves
Till Krause
Tim Brom
Tim Roberts (byt3boy)
Tim Yunusov
Timothy Clemans
To be announced
Tom Kahana
Tom Sela
TonTon Huang
Toshitsugu Yoneyama,
Truman Kain
TryCatchHCF
Ulf Frisk
Uncle G.
Utku Sen
Utku Sen
Vadim Pavlov
Vaibhav Gupta
Veronica Schmit
Vincent Tan
Vinnie Vanhoecke
Vlad Gostomelsky
VLAD
Walter Cuestas
Wayne Ronaldson
Wbbigdave
Weld Pond
Wenlin Yang
Wesley McGrew
Wesley McGrew
Whitney Champion
William Knowles
William Martin
William Martin
William Suthers
William Vu
Wiseacre
Wojciech Rauner
Wu HuiYu
Xavier Ashe
Xavier Ashe
Xiaolong Bai
Xiaolong Bai
Yaniv Balmas
yawnbox
Yifeng Zhang
Yingtao Zeng
Yolan Romailler
Yu Wang
Yunding Jian
Yuwei Zheng
Yuwei Zheng
Zach
zenofex
zerosum0x0
Zhenxuan Bai
Zhi Zhou
Zhiniang Peng

Talk List


Reverse Engineering with OpenSCAD and 3D Printing - WS - Linq 4th Flr - Icon B
(Responsible?) Offensive Machine Learning - AIV - Caesars Promenade Level - Florentine BR 3
/R/defcon redit Meetup - Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace)
/R/defcon redit Meetup - Meetup - Flamingo - 3rd Floor - Chillout Rm
#WiFiCactus - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
1983: I’m born. 2018: I’m taking on the bad guys - RCV - Caesars Promenade Level - Florentine BR 1,2
303 Party - Night Life - Flamingo 3rd Flr - Virginia City Rm
303 Party - Night Life - Flamingo Pool
4G—Who is paying your cellular phone bill? - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
80 to 0 in under 5 seconds: Falsifying a medical patient's vitals - DC - Track 1 - Caesars Emperor's Level - Palace BR
8th Defcon Bike Ride - Meetup - Local Bikeshop
  - RCV - Caesars Promenade Level - Florentine BR 1,2
A Journey Into Hexagon: Dissecting a Qualcomm Baseband - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
A Rundown of Security Issues in Crypto Software Wallets - BCOS - Caesars Promenade Level - Pompeian BR 1
Accountability without accountability: A censorship measurement case study - EHV - Caesars Promenade Level - Modena Rm
ADRecon: Active Directory Recon - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Advanced APT Hunting with Splunk - PHW - Caesars Promenade Level - Neopolitan BR
Advanced APT Hunting with Splunk - PHW - Caesars Promenade Level - Neopolitan BR
Advanced Custom Network Protocol Fuzzing - WS - Linq 4th Flr - Icon C
Advanced Wireless Attacks Against Enterprise Networks - WS - Linq 4th Flr - Icon C
Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - WS - Linq 4th Flr - Icon D
Adventures in the dark web of government data - RCV - Caesars Promenade Level - Florentine BR 1,2
Adversarial Patches - AIV - Caesars Promenade Level - Florentine BR 3
AI DevOps: Behind the Scenes of a Global Anti-Virus Company's Machine Learning Infrastructure - AIV - Caesars Promenade Level - Florentine BR 3
All your family secrets belong to us—Worrisome security issues in tracker apps - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
All your math are belong to us - DC - Track 1 - Caesars Emperor's Level - Palace BR
Alphathreat Soup: Burning Threat Actors with Data - SKY - Flamingo 3rd Flr - Virginia City Rm
An Attacker Looks at Docker: Approaching Multi-Container Applications - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
An Introduction to Kovri - BCOS - Caesars Promenade Level - Pompeian BR 1
An OSINT Approach to Third Party Cloud Service Provider Evaluation - PHV - Caesars Promenade Level - Neopolitan BR
Analyzing Malscripts: Return of the Exploits! - WS - Linq 4th Flr - Icon E
Angad: A Malware Detection Framework using Multi-Dimensional Visualization - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Applied OSINT For Politics: Turning Open Data Into News - RCV - Caesars Promenade Level - Florentine BR 1,2
Applied Physical Attacks on Embedded Systems, Introductory Version - HHV - Caesars Pool Level - Forum 17-21
Arcade Party - Night Life - Flamingo - 3rd Floor - Mesquite Rm
Archery—Open Source Vulnerability Assessment and Management - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
ARM eXploitation 101 - WS - Linq 4th Flr - Icon D
Asking for a Friend - EHV - Caesars Promenade Level - Modena Rm
Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading - DC - Track 1 - Caesars Emperor's Level - Palace BR
Attack & Defense in AWS Environments - WS - Linq 4th Flr - Icon E
Attacking & Auditing Docker Containers Using Open Source - WS - Linq 4th Flr - Icon E
Attacking Active Directory and Advanced Defense Methods in 2018 - WS - Linq 4th Flr - Icon C
Attacking the macOS Kernel Graphics Driver - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Automated Discovery of Deserialization Gadget Chains - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Automated Planning for the Automated Red Team - AIV - Caesars Promenade Level - Florentine BR 3
Automating DFIR: The Counter Future - BTV - Flamingo 3rd Flr- Savoy Rm
Automotive Evidence Collection – Automotive Driving Aids and Liability - CHV - Flamingo Lower Level - Red Rock Rm 1-5
Automotive Exploitation Sandbox: A Hands-on Educational Introduction to Embedded Device Exploitation - CHV - Flamingo Lower Level - Red Rock Rm 1-5
Automotive Flash Bootloaders: Exposing automotive ECU updates - CHV - Flamingo Lower Level - Red Rock Rm 1-5
barcOwned—Popping shells with your cereal box - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Batman, Brain Hacking, and Bank Accounts - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
BCOS keynote speech - BCOS - Caesars Promenade Level - Pompeian BR 1
Betrayed by the keyboard: How what you type can give you away - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Beyond Adversarial Learning -- Security Risks in AI Implementations - AIV - Caesars Promenade Level - Florentine BR 3
Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape - DC - Octavius 9
Biohacking the Disability - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Bitsquatting: Passive DNS Hijacking - PHV - Caesars Promenade Level - Neopolitan BR
BlanketFortCon - Night Life - Flamingo - 3rd Floor - Carson City Rm
BLEMystique—Affordable custom BLE target - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Booby Trapping Boxes - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
boofuzz - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more. - DC - Track 1 - Caesars Emperor's Level - Palace BR
Breaking In: Building a home lab without having to rob a bank - HHV - Caesars Pool Level - Forum 17-21
Breaking Paser Logic: Take Your Path Normalization Off and Pop 0days Out! - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Breaking Smart Speakers: We are Listening to You. - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
BruCamp - Meetup - Caesars - Livorno Rm
Bug Bounty Hunting on Steroids - RCV - Caesars Promenade Level - Florentine BR 1,2
Build Your Own OpticSpy Receiver Module - WS - Linq 4th Flr - Icon A
Build your own RoboCar: CAN Bus at 1/10th Scale - CHV - Flamingo Lower Level - Red Rock Rm 1-5
Building a Better Bedside - The Blue Team Needs a Plan B - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Building a Teaching SOC - PHV - Caesars Promenade Level - Neopolitan BR
Building Absurd Christmas Light Shows - DC - 101 Track
Building Autonomous AppSec Test Pipelines with the Robot Framework - WS - Linq 4th Flr - Icon E
Building Drones the Hard Way - HHV - Caesars Pool Level - Forum 17-21
Building Environmentally Responsive Implants with Gscript - WS - Linq 4th Flr - Icon C
Building the Hacker Tracker - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Building visualisation platforms for OSINT data using open source solutions - RCV - Caesars Promenade Level - Florentine BR 1,2
Buzzing Smart Devices: Smart Band Hacking - WS - Linq 4th Flr - Icon B
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010 - DC - Track 1 - Caesars Emperor's Level - Palace BR
Bypassing Windows Driver Signature Enforcement - WS - Linq 4th Flr - Icon A
CAN Signal Extraction from OpenXC with Radare2 - CHV - Flamingo Lower Level - Red Rock Rm 1-5
CANT - CHV - Flamingo Lower Level - Red Rock Rm 1-5
Capturing in Hard to Reach Places - PHV - Caesars Promenade Level - Neopolitan BR
Car Infotainment Hacking Methodology and Attack Surface Scenarios - PHV - Caesars Promenade Level - Neopolitan BR
Cartoons, Sketchnotes, Bullet Journals and Other Data Visualization Tricks - RCV - Caesars Promenade Level - Florentine BR 1,2
Chatting with your programs to find vulnerabilities - AIV - Caesars Promenade Level - Florentine BR 3
CHIRON - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
Closing Note - RCV - Caesars Promenade Level - Florentine BR 1,2
Cloud Security Myths - BTV - Flamingo 3rd Flr- Savoy Rm
Cloud Security Myths - SKY - Flamingo 3rd Flr - Virginia City Rm
Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Compression Oracle Attacks on VPN Networks - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Compromising online accounts by cracking voicemail systems - DC - Track 1 - Caesars Emperor's Level - Palace BR
Conformer - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Contest winners, prizes, showcase and awards - BCOS - Caesars Promenade Level - Pompeian BR 1
Contests, Challenges, and free giveaways - BCOS - Caesars Promenade Level - Pompeian BR 1
Core OSINT: Keeping Track of and Reporting All the Things - RCV - Caesars Promenade Level - Florentine BR 1,2
Crypto Hero - WS - Linq 4th Flr - Icon F
Custodial Responsibilities in the Connected Age: Digital Specimens and Social Contracts - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
D(Struction)20 CTF - Contest - Contest Stage
D0 N0 H4RM: A Healthcare Security Conversation - DC - Octavius 9
De-anonymizing Programmers from Source Code and Binaries - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Deaf Con Meet Up - Meetup - Chill Out Lounge
Decentralized Hacker Net - WS - Linq 4th Flr - Icon F
Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe? - SKY - Flamingo 3rd Flr - Virginia City Rm
Deep Exploit - AIV - Caesars Promenade Level - Florentine BR 3
DeepPhish: Simulating the Malicious Use of AI - AIV - Caesars Promenade Level - Florentine BR 3
DEF CON 101 Panel - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
DEF CON Beard and Moustache Contest - Contest - Contest Stage
DEF CON Biohacking Village Badge Talk - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
DEF CON Blitz Chess Tournament - Contest - Contest Stage
DEF CON Closing Ceremonies - DC - Track 1 - Caesars Emperor's Level - Palace BR
Defending the 2018 Midterm Elections from Foreign Adversaries - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Defense in Depth: The Path to SGX at Akamai - PHV - Caesars Promenade Level - Neopolitan BR
DejaVU—An Open Source Deception Framework - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Deploying, Attacking, and Securing Software Defined Networks - WS - Linq 4th Flr - Icon F
Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Detecting Blue Team Research Through Targeted Ads - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Detecting Web Attacks with Recurrent Neural Networks - AIV - Caesars Promenade Level - Florentine BR 3
Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Disabling Intel ME in Firmware - HHV - Caesars Pool Level - Forum 17-21
Discussion - EHV - Caesars Promenade Level - Modena Rm
Discussion - EHV - Caesars Promenade Level - Modena Rm
Disrupting the Digital Dystopia or What the hell is happening in computer law? - DC - Octavius 13
Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Diversity and Equality in Infosec - EHV - Caesars Promenade Level - Modena Rm
DNA Encryption: Bioencryption to Store Your Secrets in living organisms - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Don't Bring Me Down: Weaponizing botnets - SKY - Flamingo 3rd Flr - Virginia City Rm
Dragnet—Your Social Engineering Sidekick - DC - Track 1 - Caesars Emperor's Level - Palace BR
Drunk Hacker History - Contest - Contest Stage
Ducky-in-the-Middle: Injecting Keystrokes into Plaintext Protocols - PHV - Caesars Promenade Level - Neopolitan BR
EAPHammer - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
EFF Fireside Hax (AKA Ask the EFF) - DC - Roman Chillout
EFF Tech Trivia - Contest - Contest Stage
Effective Log & Events Management - BTV - Flamingo 3rd Flr- Savoy Rm
Emergent Recon - fresh methodology and tools for hackers in 2018 - RCV - Caesars Promenade Level - Florentine BR 1,2
Ethical Disclosure and the Reduction of Harm - EHV - Caesars Promenade Level - Modena Rm
Ethics for Security Practitioners - EHV - Caesars Promenade Level - Modena Rm
Ethics of Technology in Humanitarian and Disaster Response - EHV - Caesars Promenade Level - Modena Rm
Evolving security operations to the year 2020 - BTV - Flamingo 3rd Flr- Savoy Rm
Examining Monero's Ring Signatures - BCOS - Caesars Promenade Level - Pompeian BR 1
Expl-iot—IoT Security Testing and Exploitation framework - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Exploiting Active Directory Administrator Insecurities - DC - Track 1 - Caesars Emperor's Level - Palace BR
Exploiting immune defences - can malware learn from biological viruses? - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Exploiting IoT Communications - A Cover within a Cover - SKY - Flamingo 3rd Flr - Virginia City Rm
Facial Recognition - Let me let you in on a secret - SKY - Flamingo 3rd Flr - Virginia City Rm
Facts, figures, and fun from managing 100,000 hard drives. - DDV - Caesars Promenade Level - Capri Rm
Fasten your seatbelts: We are escaping iOS 11 sandbox! - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Finding and Attacking Undocumented APIs with Python - PHW - Caesars Promenade Level - Neopolitan BR
Finding Needles in Haystacks - WS - Linq 4th Flr - Icon D
Finding Xori: Malware Analysis Triage with Automated Disassembly - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Fire & Ice: Making and Breaking macOS Firewalls - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
firstorder - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
Fishing for Phishers. The Enterprise Strikes Back! - PHV - Caesars Promenade Level - Neopolitan BR
For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Forensic Investigation for the Non-Forensic Investigator - WS - Linq 4th Flr - Icon A
Freedom of Information: Hacking the Human Black Box - PHV - Caesars Promenade Level - Neopolitan BR
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
From Introvert to SE: The Journey - SEV - Caesars Promenade South - Octavius BR 3-8
From MormonLeaks to FaithLeaks - SKY - Flamingo 3rd Flr - Virginia City Rm
Fuzzing FTW - WS - Linq 4th Flr - Icon D
Fuzzing Malware For Fun & Profit. Applying Coverage-guided Fuzzing to Find and Exploit Bugs in Modern Malware - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Fuzzing with AFL (American Fuzzy Lop) - WS - Linq 4th Flr - Icon B
Game Runner 2049: The Battles Fought by the King of the Replicants - SKY - Flamingo 3rd Flr - Virginia City Rm
GAN to the dark side: A case study of attacking machine-learning systems to empower defenses - AIV - Caesars Promenade Level - Florentine BR 3
GeekPwn Party - Night Life - Flamingo - 3rd floor - Track 101 Scenic BR
GeekPwn - Contest - Contest Stage
Generating Labeled Data From Adversary Simulations With MITRE ATT&CK - AIV - Caesars Promenade Level - Florentine BR 3
Getting to Blinky: #badgelife begins with a single blink - HHV - Caesars Pool Level - Forum 17-21
Go Hack Cars - CHV - Flamingo Lower Level - Red Rock Rm 1-5
GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs - DC - Track 1 - Caesars Emperor's Level - Palace BR
Grand theft auto: Digital key hacking - CHV - Flamingo Lower Level - Red Rock Rm 1-5
Grand Theft Auto: Digital Key Hacking - PHV - Caesars Promenade Level - Neopolitan BR
GreyNoise - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
GUI Tool for OpenC2 Command Generation - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Guided Tour to IEEE 802.15.4 and BLE Exploitation - WS - Linq 4th Flr - Icon A
GyoiThon - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Hack Back: Not An Option, But A Necessity? (A Mini-Workshop) - EHV - Caesars Promenade Level - Modena Rm
Hack On The BitBox Hardware Wallet - BCOS - Caesars Promenade Level - Pompeian BR 1
Hackathon and CTF Prizes, and a Group Photo - RCV - Caesars Promenade Level - Florentine BR 1,2
Hacker Flairgrounds - Meetup - Flamingo - 3rd floor - Chillout Rm
Hacker Karaoke - Night Life - Caesars - Emperors Level - Chillout Rm
Hacker Karaoke - Night Life - Caesars - Emperors Level - Chillout Rm
Hacking a Crypto Payment Gateway - BCOS - Caesars Promenade Level - Pompeian BR 1
Hacking BLE Bicycle Locks for Fun and a Small Profit - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Hacking for Special Needs - Meetup - Caesars - Promenade Level - Anzio Rm past Registration
Hacking Human Fetuses - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Hacking PLCs and Causing Havoc on Critical Infrastructures - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Hacking the international RFQ Process #killthebuzzwords - RCV - Caesars Promenade Level - Florentine BR 1,2
Hacking the Technical Interview - SKY - Flamingo 3rd Flr - Virginia City Rm
Hacking Thingz Powered By Machine Learning - WS - Linq 4th Flr - Icon A
Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet - BTV - Flamingo 3rd Flr- Savoy Rm
Hacking your HackRF - HHV - Caesars Pool Level - Forum 17-21
Halcyon IDE - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Ham Radio Exams - Service - Caesars - Promenade Level - Anzio Rm past Registration
Ham Radio Exams - Service - Caesars - Promenade Level - Anzio Rm past Registration
Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Healthcare Exposure on Public Internet - SKY - Flamingo 3rd Flr - Virginia City Rm
HealthyPi—Connected Health - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
Hey Bro, I Got Your Fitness Right Here (and your PHI). - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Holy BATSense! Deploying TBATS Machine Learning Algorithm to Detect Security Events - AIV - Caesars Promenade Level - Florentine BR 3
Honeycomb—An extensible honeypot framework - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
House of Kenzo - Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR
House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
How not to suck at Vulnerability Management [at Scale] - BTV - Flamingo 3rd Flr- Savoy Rm
How to Tune Automation to Avoid False Positives - PHV - Caesars Promenade Level - Neopolitan BR
How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - RCV - Caesars Promenade Level - Florentine BR 1,2
http2 and you - SKY - Flamingo 3rd Flr - Virginia City Rm
Hunting Predators: SE Style - SEV - Caesars Promenade South - Octavius BR 3-8
Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks - AIV - Caesars Promenade Level - Florentine BR 3
I fought the law and law lost - RCV - Caesars Promenade Level - Florentine BR 1,2
I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine - DC - Track 1 - Caesars Emperor's Level - Palace BR
Identifying and correlating anomalies in Internet-wide scan traffic to newsworthy security events - AIV - Caesars Promenade Level - Florentine BR 3
In Soviet Russia Smartcard Hacks You - DC - Track 1 - Caesars Emperor's Level - Palace BR
In-N-Out - That’s What It’s All About - SEV - Caesars Promenade South - Octavius BR 3-8
Infecting The Embedded Supply Chain - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Inside the Fake Science Factory - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Instructions and invitations to party - BCOS - Caesars Promenade Level - Pompeian BR 1
IntelliAV: Building an Effective On-Device Android Malware Detector - AIV - Caesars Promenade Level - Florentine BR 3
Intense Introduction to Modern Web Application Hacking - PHW - Caesars Promenade Level - Neopolitan BR
Introducing YOGA: Your OSINT Graphical Analyzer - RCV - Caesars Promenade Level - Florentine BR 1,2
Introduction to Cryptographic Attacks - WS - Linq 4th Flr - Icon B
ioc2rpz - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
IoD - SKY - Flamingo 3rd Flr - Virginia City Rm
IoT Data Exfiltration - PHV - Caesars Promenade Level - Neopolitan BR
It WISN't me, attacking industrial wireless mesh networks - DC - Track 1 - Caesars Emperor's Level - Palace BR
It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
It’s a Beautiful Day in the Malware Neighborhood - AIV - Caesars Promenade Level - Florentine BR 3
Jailbreaking the 3DS through 7 years of hardening - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
JMPgate: Accelerating reverse engineering into hyperspace using AI - AIV - Caesars Promenade Level - Florentine BR 3
Joe Grand's Hardware Hacking Basics - WS - Linq 4th Flr - Icon A
Jumping the Epidermal Barrier - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
JWAT...Attacking JSON Web Tokens - WS - Linq 4th Flr - Icon D
Kali Dojo Workshop - PHW - Caesars Promenade Level - Neopolitan BR
Keynote Presentation: Triaging FTW, Lessons Learned from Medical Device Disclosures - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Keynote Speech: Inside Monero - BCOS - Caesars Promenade Level - Pompeian BR 1
Keynote - RCV - Caesars Promenade Level - Florentine BR 1,2
Last mile authentication problem: Exploiting the missing link in end-to-end secure communication - DC - Track 1 - Caesars Emperor's Level - Palace BR
Lateral Movement 101: 2018 Update - WS - Linq 4th Flr - Icon D
Lawyer Meet - Meetup - Flamingo - 3rd Floor - Carson City Rm
Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project - SKY - Flamingo 3rd Flr - Virginia City Rm
LHT (Lossy Hash Table) - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Lightning Talks - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Live Band Karaoke - Night Life - Flamingo - 3rd Floor - Track 101 Vista BR
Local Sheriff - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Lonely Hackers Club - Night Life - Flamingo - 3rd Floor - ElDorado BR
Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Lora Smart Water Meter Security Analysis - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Lost and Found Certificates: dealing with residual certificates for pre-owned domains - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Macabre stories of a hacker in the public health sector (Chile) - SKY - Flamingo 3rd Flr - Virginia City Rm
Machine Learning as a Service in Your Pocket - AIV - Caesars Promenade Level - Florentine BR 3
Machine Learning for Network Security Hands-on Workshop: DIYML - AIV - Caesars Promenade Level - Florentine BR 3
Machine Learning Model Hardening For Fun and Profit - AIV - Caesars Promenade Level - Florentine BR 3
Mallet, An Intercepting Proxy for Arbitrary Protocols - PHW - Caesars Promenade Level - Neopolitan BR
Mallet: A Proxy for Arbitrary Traffic - PHV - Caesars Promenade Level - Neopolitan BR
Malware Panel - AIV - Caesars Promenade Level - Florentine BR 3
Man-In-The-Disk - DC - Track 1 - Caesars Emperor's Level - Palace BR
Mapping Social Media with Facial Recognition - RCV - Caesars Promenade Level - Florentine BR 1,2
Mapping Wi-Fi Networks and Triggering on Interesting Traffic Patterns - PHV - Caesars Promenade Level - Neopolitan BR
Mapping wifi networks and triggering on interesting traffic patterns - RCV - Caesars Promenade Level - Florentine BR 1,2
Master Baiting! Dont Click Bait, Click Yourself - SKY - Flamingo 3rd Flr - Virginia City Rm
Meet Salinas, the first ever SMS-commanded Car Infotainment RAT - CHV - Flamingo Lower Level - Red Rock Rm 1-5
Meow Meow Meow - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Micro-Renovator: Bringing Processor Firmware up to Code - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Microcontrollers and Single Board Computers for Hacking, Fun and Profit - PHV - Caesars Promenade Level - Neopolitan BR
Misbehavior Detection in V2X networks - CHV - Flamingo Lower Level - Red Rock Rm 1-5
Moderator Justin Ehrenhofer's Greatest Questions - BCOS - Caesars Promenade Level - Pompeian BR 1
Monero Project's Vulnerability Response Process - BCOS - Caesars Promenade Level - Pompeian BR 1
Monero's Differentiated Community - BCOS - Caesars Promenade Level - Pompeian BR 1
Monero's Emerging Applications - BCOS - Caesars Promenade Level - Pompeian BR 1
Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders. - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Mr. Sinatra Will Hack You Now - SEV - Caesars Promenade South - Octavius BR 3-8
My Stripper Name is Bubbles - SEV - Caesars Promenade South - Octavius BR 3-8
Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space - EHV - Caesars Promenade Level - Modena Rm
Nature’s source code is vulnerable and cannot be patched - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
NFC Payments: The Art of Relay & Replay Attacks - HHV - Caesars Pool Level - Forum 17-21
No Firewall Can Save You At The Intersection Of Genetics and Privacy - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Normalizing Empire's Traffic to Evade Anomaly-Based IDS - PHV - Caesars Promenade Level - Neopolitan BR
NSA Talks Cybersecurity - DC - Track 1 - Caesars Emperor's Level - Palace BR
nzyme - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
Oh Noes!—A Role Playing Incident Response Game - DC - Roman Chillout
On the Hunt: Hacking the Hunt - SEV - Caesars Promenade South - Octavius BR 3-8
One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
One Step Ahead of Cheaters -- Instrumenting Android Emulators - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
One-Click to OWA - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
One-liners to Rule Them All - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Open Source Endpoint Monitoring - BTV - Flamingo 3rd Flr- Savoy Rm
Open Source Hardware and the Monero Project - BCOS - Caesars Promenade Level - Pompeian BR 1
Opening Note - RCV - Caesars Promenade Level - Florentine BR 1,2
Opening Remarks - AIV - Caesars Promenade Level - Florentine BR 3
OpenPiMap - Hacking the hackers with OSINT, Raspberry Pis, and Data Analysis - RCV - Caesars Promenade Level - Florentine BR 1,2
Orthrus - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
OSINT IS FOR SOCCER MOMS - SKY - Flamingo 3rd Flr - Virginia City Rm
Outsmarting the Smart City - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Owning Gluster FS with GEVAUDAN - DDV - Caesars Promenade Level - Capri Rm
PA Toolkit—Wireshark plugins for Pentesters - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Packet Mining for Privacy Leakage - WS - Linq 4th Flr - Icon F
PacketWhisper: Stealthily Exfiltrating Data and Defeating Attribution Using DNS and Text-Based Steganography - PHV - Caesars Promenade Level - Neopolitan BR
Panel Discussion: Healthcare - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Panel Discussion: The Internet of Bodies - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
PANEL: DEF CON GROUPS - DC - Track 1 - Caesars Emperor's Level - Palace BR
Passionfruit - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research - EHV - Caesars Promenade Level - Modena Rm
PCILeech - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
Penetration Testing Environments: Client & Test Security - WS - Linq 4th Flr - Icon E
Pentesting ICS 101 - WS - Linq 4th Flr - Icon B
Performance Tuning Tools and their Capabilities - CHV - Flamingo Lower Level - Red Rock Rm 1-5
Playback: a TLS 1.3 story - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Playing Malware Injection with Exploit thoughts - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Playing with RFID - WS - Linq 4th Flr - Icon E
Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Politics and the Surveillance State. The story of a young politician's successful efforts to fight surveillance and pass the nation's strongest privacy bills. - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Practical & Improved Wifi MitM with Mana - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun? - SKY - Flamingo 3rd Flr - Virginia City Rm
Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - RCV - Caesars Promenade Level - Florentine BR 1,2
Privacy and Blockchain: A Boundary Object Perspective - BCOS - Caesars Promenade Level - Pompeian BR 1
Privacy infrastructure, challenges and opportunities - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Privacy Is Equality—And It's Far from Dead - DC - Octavius 13
Prize winners, awards, and announcements - BCOS - Caesars Promenade Level - Pompeian BR 1
Project Interceptor: avoiding counter-drone systems with nanodrones - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Protecting Crypto Exchanges From a New Wave of Man-in-the-Browser Attacks - PHV - Caesars Promenade Level - Neopolitan BR
PWN to OWN my own Heart. Journey into hacking my own pacemake - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Real Simple Blue Team Shit - SKY - Flamingo 3rd Flr - Virginia City Rm
Reaping and breaking keys at scale: when crypto meets big data - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Responsible Disclosure Panel - EHV - Caesars Promenade Level - Modena Rm
Rethinking Role-Based Security Education - PHV - Caesars Promenade Level - Neopolitan BR
Reverse Engineering Malware 101 - PHW - Caesars Promenade Level - Neopolitan BR
Reverse Engineering Windows Defender's Emulator - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Reverse Engineering, hacking documentary series - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Revolting Radios - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Ridealong Adventures: Critical Issues with Police Body Cameras - PHV - Caesars Promenade Level - Neopolitan BR
Ridealong Adventures—Critical Issues with Police Body Cameras - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Ring 0/-2 Rootkits: bypassing defenses - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Robots and AI: What scares the experts? - SKY - Flamingo 3rd Flr - Virginia City Rm
Rock appround the clock: Tracking malware developers by Android "AAPT" timezone disclosure bug - DC - Track 1 - Caesars Emperor's Level - Palace BR
SAEDAY: Subversion and Espionage Directed Against You - BTV - Flamingo 3rd Flr- Savoy Rm
Scaling and Economic Implications of the Adaptive Blocksize in Monero - BCOS - Caesars Promenade Level - Pompeian BR 1
Searching for the Light: Adventures with OpticSpy - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
SecKC the World - Night Life - Flamingo - 3rd Floor - Mesquite Rm
Securing Big Data in Hadoop - WS - Linq 4th Flr - Icon F
Securing our Nation's Election Infrastructure - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Selfie or Mugshot? - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Serious Intro to Python for Admins - PHW - Caesars Promenade Level - Neopolitan BR
Sex Work After SESTA - SKY - Flamingo 3rd Flr - Virginia City Rm
Sex Work After SESTA/FOSTA - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Sh00t—An open platform for manual security testers & bug hunters - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Skiptracer - ghetto OSINT for broke hackers - RCV - Caesars Promenade Level - Florentine BR 1,2
SMBetray—Backdooring and breaking signatures - DC - Track 1 - Caesars Emperor's Level - Palace BR
So, You Want To Hack A Car? - CHV - Flamingo Lower Level - Red Rock Rm 1-5
Social Engineering Course Projects for Undergraduate Students - SEV - Caesars Promenade South - Octavius BR 3-8
Social Engineering from a CISO's Perspective - SEV - Caesars Promenade South - Octavius BR 3-8
Some Mining Related Attacks - BCOS - Caesars Promenade Level - Pompeian BR 1
Spell Check: The Hacker Spelling Bee - Contest - Contest Stage
Stalker In A Haystack - SKY - Flamingo 3rd Flr - Virginia City Rm
Stalker In A Haystack - RCV - Caesars Promenade Level - Florentine BR 1,2
Stealing Crypto 2 Factor Isn't a Factor - BCOS - Caesars Promenade Level - Pompeian BR 1
Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification - AIV - Caesars Promenade Level - Florentine BR 3
Stop, Drop, and Assess your SOC - BTV - Flamingo 3rd Flr- Savoy Rm
Story Time - Biggest ITSec fuck-ups I've seen over the past 25 years. - SKY - Flamingo 3rd Flr - Virginia City Rm
StuxNNet: Practical Live Memory Attacks on Machine Learning Systems - AIV - Caesars Promenade Level - Florentine BR 3
Supercharge Your Web Recon With Commonspeak and Evolutionary Wordlists - RCV - Caesars Promenade Level - Florentine BR 1,2
Swarm Intelligence and Augmented Reality Gaming - SEV - Caesars Promenade South - Octavius BR 3-8
Swiss Cheese Holes in the Foundation of Modern Security - CERT VU#919801 - PHV - Caesars Promenade Level - Neopolitan BR
Swissduino—Stealthy USB HID Networking & Attack - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Take two of these and syscall execve() in the morning: A retrospective and primer on medical device security research - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Target-Based Security Model - PHV - Caesars Promenade Level - Neopolitan BR
Targeted User Analytics and Human Honeypotss - RCV - Caesars Promenade Level - Florentine BR 1,2
Technology Enabled Prosthetic Environments - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
The Abyss is Waving Back - SKY - Flamingo 3rd Flr - Virginia City Rm
The Abyss is Waving Back… - SEV - Caesars Promenade South - Octavius BR 3-8
The Art of Business Warfare - SEV - Caesars Promenade South - Octavius BR 3-8
The Beginner’s Guide to the Musical Scales of Cyberwar - DDV - Caesars Promenade Level - Capri Rm
The Cactus: 6502 Blinkenlights 40 Years Late - HHV - Caesars Pool Level - Forum 17-21
The challenge of building an secure and safe digital environment in the healthcare - SKY - Flamingo 3rd Flr - Virginia City Rm
The current state of adversarial machine learning - AIV - Caesars Promenade Level - Florentine BR 3
The Good, the Bad, and the Private: Building and Breaking Safe Cryptocurrencies - BCOS - Caesars Promenade Level - Pompeian BR 1
The great power of AI: Algorithmic mirrors of society - AIV - Caesars Promenade Level - Florentine BR 3
The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask) - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
The Least Common Denominator Strategy (AKA Don't make DevOps too easy) - SKY - Flamingo 3rd Flr - Virginia City Rm
The Memory Remains - Cold drive memory forensics 101 - DDV - Caesars Promenade Level - Capri Rm
The Mouse is Mightier than the Sword - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
The ring 0 façade: awakening the processor's inner demons - DC - Track 1 - Caesars Emperor's Level - Palace BR
The Road to Resilience: How Real Hacking Redeems this Damnable Profession - DC - Track 1 - Caesars Emperor's Level - Palace BR
The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - WS - Linq 4th Flr - Icon F
ThinSIM-based Attacks on Mobile Money Systems - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Threat Hunting with ELK - WS - Linq 4th Flr - Icon C
Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Tineola: Taking a Bite Out of Enterprise Blockchain - DC - Track 1 - Caesars Emperor's Level - Palace BR
Torrent More Pharmaceutical Drugs. File Sharing Still Saves Lives. - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Towards a framework to quantitatively assess AI safety – challenges, open questions and opportunities. - AIV - Caesars Promenade Level - Florentine BR 3
Toxic BBQ - Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178)
trackerjacker - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
Trouble in the tubes: How internet routing security breaks down and how you can do it at home - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Turning Deception Outside-In: Tricking Attackers with OSINT - PHV - Caesars Promenade Level - Neopolitan BR
UEFI exploitation for the masses - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Using AI to Create Music - AIV - Caesars Promenade Level - Florentine BR 3
Using Deep Learning to uncover darkweb malicious actors and their close circle - RCV - Caesars Promenade Level - Florentine BR 1,2
Vet Con - Night Life - Flamingo - 3rd Floor - Savoy RM
Village summary - BCOS - Caesars Promenade Level - Pompeian BR 1
Vulnerable Out of the Box: An Evaluation of Android Carrier Devices - DC - Track 1 - Caesars Emperor's Level - Palace BR
WAGGING THE TAIL—COVERT PASSIVE SURVEILLANCE AND HOW TO MAKE THEIR LIFE DIFFICULT - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Walrus - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
WaterBot - Hackable Scientific Plant Bot - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
We Don't Need No Stinkin Badges - BCOS - Caesars Promenade Level - Pompeian BR 1
We Program Our Stinkin Badges! - BCOS - Caesars Promenade Level - Pompeian BR 1
Weaponizing Unicode: Homographs Beyond IDNs - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Weapons Training for the Empire - WS - Linq 4th Flr - Icon B
WELCOME TO BHV! - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Welcome To DEF CON & Badge Maker Talk - DC - Track 1 - Caesars Emperor's Level - Palace BR
Welcome to the BCOS Monero Village - BCOS - Caesars Promenade Level - Pompeian BR 1
WELCOME TO THE LAST DAY OF BHV! - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
What Do You Want to be When You Grow Up? - PHV - Caesars Promenade Level - Neopolitan BR
What happened behind the closed doors at MS - SKY - Flamingo 3rd Flr - Virginia City Rm
What the Fax!? - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
When Incident Response Meets Reality - SKY - Flamingo 3rd Flr - Virginia City Rm
Where's My Browser? Learn Hacking iOS and Android WebViews - WS - Linq 4th Flr - Icon C
WHID Injector: Hot To Bring HID Attacks to the Next Level - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
WhiteRabbit: Combining Threat Intelligence Public Blockchain Data and Machine Learning to go Down the “Dirty Money” Rabbit Hole - RCV - Caesars Promenade Level - Florentine BR 1,2
Who Controls the Controllers—Hacking Crestron IoT Automation Systems - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Whose Slide is it Anyway? - Contest - Contest Stage
WiFi Beacons will give you up - HHV - Caesars Pool Level - Forum 17-21
Winning a SANS 504 CTF without winning a SANS CTF - RCV - Caesars Promenade Level - Florentine BR 1,2
WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response) - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
wpa-sec: The Largest Online WPA Handshake Database - PHV - Caesars Promenade Level - Neopolitan BR
You can run, but you can't hide. Reverse engineering using X-Ray. - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
You'd better secure your BLE devices or we'll kick your butts ! - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
You're just complaining because you're guilty: A DEF CON Guide to Adversarial Testing of Software Used In the Criminal Justice System - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Your Bank's Digital Side Door - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability - DC - Track 1 - Caesars Emperor's Level - Palace BR
Your Voice is My Passport - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Your Watch Can Watch You! Gear Up for the Broken Privilege Pitfalls in the Samsung Gear Smartwatch - DC - Track 1 - Caesars Emperor's Level - Palace BR

Talk/Event Descriptions


 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Friday - 10:00-13:59


Reverse Engineering with OpenSCAD and 3D Printing

Friday, 1000-1400 in Icon B

Nick Tait

The main focus of this class is a software tool and programming language OpenSCAD. Through a specific example we will learn to reproduce physical objects. We'll cover the entire workflow from measurement, sketching, modeling, and manufacturing. Additional hints for optimizing your design for 3D printing will enable rapid product iteration. All modeling in OpenSCAD is through writing commands which brings many powerful properties of software such as parameterization, version control, and reusable components to CAD modeling. Ultimately with the combination of these skills you'll be equipped to repair and improve your stuff.

Prerequisites: No previous programming experience required, but it will help you get more out of this workshop.

Materials: A laptop with an up to date:
* Operating system (Linux/OS X/Win)
* OpenSCAD (free and open source) http://www.openscad.org/
* Cura (free and open source) https://ultimaker.com/en/products/ultimaker-cura-software

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/digital-manufacturing-using-reverse-engineering-open-source-3d-printers-and-software-icon-b-tickets-47194008550
(Opens July 8, 2018 at 15:00 PDT)

Nick Tait
nickthetait (government name Nicholas Tait) is a software engineer and fixer of things currently living in Fort Collins, Colorado. His most recent job focused on producing numbers to coax 3D printers to do the user's bidding. Before that he helped route packages for a multinational corporation that rhymes with annex.

Lately he's been in training for his next job - attending any cyber security event physically (and sometimes digitally) possible, contributing to a bunch of open source projects, learning to pick locks and talking about encryption to anyone that will listen. Rock climbing and mountain biking are long time passions that keep the blood pumping and ideas flowing.


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 14:30-15:20


(Responsible?) Offensive Machine Learning

No description available


Return to Index      -     

 

Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - Friday - 18:00-20:29


Title:
/R/defcon redit Meetup

Do you participate in the DEF CON subreddit? This Meetup is for you! A gathering of the denizens of /r/DEF CON while at DEF CON to mingle and meet face to face. Newcomers and veterans alike are welcome to meet and greet while sharing the DEF CON experience.
More Info: DEF CON 26 Meetup for /r/defcon

Return to Index      -     

 

Meetup - Flamingo - 3rd Floor - Chillout Rm - Friday - 20:30-21:59


Title:
/R/defcon redit Meetup

Do you participate in the DEF CON subreddit? This Meetup is for you! A gathering of the denizens of /r/DEF CON while at DEF CON to mingle and meet face to face. Newcomers and veterans alike are welcome to meet and greet while sharing the DEF CON experience.
More Info: DEF CON 26 Meetup for /r/defcon

Return to Index      -     

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


#WiFiCactus

Saturday 08/11/18 from 1000-1150 at Table One
Offense, defense, hardware

Mike Spicer

The newly upgraded #WiFiCactus for DEF CON 26 is a passive wireless monitoring backpack that listens to 60 channels of 2.4 and 5 gHz WiFi at the same time. New this year is the ability to capture 802.11AC traffic and upgrades to remove bandwidth bottlenecks. This tool uses Kismet to capture the data from the each radio and aggregates them into a single searchable web interface. This tool is also capable of identifying wireless threats, troubleshooting complex wireless environments and helping with correlation analysis between Bluetooth and WiFi.

http://palshack.org/the-hashtag-wifi-cactus-wificactus-def-con-25/

Mike Spicer
d4rkm4tter is a mad scientist who likes to hack hardware and software. He is particularly obsessed with wireless. He has a degree in computer science which he has put to use building and breaking a wide variety of systems.


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 14:45-15:05


1983: I’m born. 2018: I’m taking on the bad guys - Jennifer Roderick

“I’m not a programmer. I’m not a hacker‚Ķin the traditional sense. But yet I was born in 1983, so surely that makes me a perfect fit for the DEF CON theme this year. Not enough? Ok, well how about the fact that I’m currently using open source tools, techniques and methodologies to combat modern slavery, wildlife trafficking, terrorism and just about every serious organized crime the world is currently battling from a desk in the middle of the London financial district. Interested in hearing from a different viewpoint and perspective, then this is your talk. While you might not walk away with a new tool for your toolbox, you will gain an understanding into how the smallest contribution can end up the most profound and how combining open source resources can take on much bigger problems that you’ve maybe never considered.

During my talk, I will cover a few examples of recent Open Source investigations conducted by myself, including details regarding the methodologies and tools which were used. We actively follow the person not the digital fingerprint to begin to understand and put a face to some of the most prevalent and serious organized crimes facing the world today.

When I was in the forces I knew what I was facing and had to deal with, as Head of Research at a FinTech company I never expected that transferring my skills would end up uncovering individuals within the financial industry who I’ve had to report for terrorist activity, human trafficking, wildlife trafficking, drug smuggling, violent crime, fraud (international and domestic), revenge porn, and stalking.

And while I’m not here to save the world, I think we can all do a little bit to contribute to a counter-future in which the good guys are empowered by technology and the bad guys have nowhere to hide.


Return to Index      -     

 

Night Life - Flamingo 3rd Flr - Virginia City Rm - Friday - 20:30-25:59


Title:
303 Party

What can one say but "303 Party" to let you know where the mayhem will be? Join the members of the 303 organization as they redefine pool Party with their own music, entertainment, and mile high shenanigans! A repeat favorite of DEF CON attendees, with DJ's from across the community as well as creative works and technical expertise. What can we say, it's 303!

Return to Index      -     

 

Night Life - Flamingo Pool - Saturday - 20:30-25:59


Title:
303 Party

What can one say but "303 Party" to let you know where the mayhem will be? Join the members of the 303 organization as they redefine pool Party with their own music, entertainment, and mile high shenanigans! A repeat favorite of DEF CON attendees, with DJ's from across the community as well as creative works and technical expertise. What can we say, it's 303!

Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 14:00-14:45


4G—Who is paying your cellular phone bill?

Friday at 14:00 in Track 2
45 minutes | Demo, Exploit

Dr. Silke Holtmanns Distinguished Member of Technical Staff, Security Expert, Nokia Bell Labs

Isha Singh Master student, Aalto University in Helsinki (Finland

Cellular networks are connected with each other through a worldwide private, but not unaccessible network, called IPX network. Through this network user related information is exchanged for roaming purposes or for cross-network communication. This private network has been breached by criminals and nation states. Cellular networks are extremely complex and many attacks have been already been found e.g. DoS, location tracking, SMS interception, data interception. Many attacks have been seen in practice, but not all attack are understood and not all attack avenues using the IPX network have been explored. This presentation shows how a S9 interface in 4G networks, which is used for charging related user information exchange between operators can be exploited to perform fraud attacks. A demonstration with technical details will be given and guidance on practical countermeasures.

Dr. Silke Holtmanns
Silke is a security expert at Nokia Bell Labs (Research branch of Nokia). She holds a PhD in Mathematics and has 18 years of experience in mobile security research and standardization. In her current research she investigates new and existing mobile network security attacks using SS7, Diameter and GTP protocols via the interconnection network and how to counter those attacks in 4G/5G networks. She found many 4G related IPX attacks and countermeasures e.g. Location Tracking (NATO CyCon), DoS (Black Hat EU 2016), cellular data interception (34C3 Chaos Computer Congress). She drives in the operator association GSMA the security of cellular network and being responsible there for the Diameter Signaling Security Specification. She served as a special matter expert on cellular security to the US Federal Communication Commission and to the European Union Agency for Network and Information Security. She is rapporteur of ten 3GPP security specifications and has a long track record of security publications.

Currently, she is actively supporting the 5G Roaming security developments. For her the interesting part is fixing problems in world wide network without breaking it, not finding an issue.

@SHoltmanns

Isha Singh
Isha is a master student at Aalto University in Helsinki (Finland) and doing her Thesis research work at Nokia Bell Labs under supervision of Professor Raimo Kantola. She is completing her Master's in Wireless Communication as major subject and Machine Learning as minor. Her research covers smart city environmental perception from ambient cellular signals and 5G Ubiquitous sensing. She is passionate about IoT devices and their security in 5G scenario. She has experiences on embedded devices (Arduino, Raspberry Pi) for multiple projects like Analog to Digital converter used in optical communication. Presently she is exploring Cybersecurity, starting from the mobile communication core network security. Testing for vulnerabilities and loopholes and providing solutions using Machine Learning.


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 16:00-16:45


80 to 0 in under 5 seconds: Falsifying a medical patient's vitals

Saturday at 16:00 in Track 1
45 minutes | Demo

Douglas McKee Senior Security Researcher for the McAfee Advanced Threat Research team

It seems each day that passes brings new technology and an increasing dependence upon it. The medical field is no exception; medical professionals rely upon technology to provide them with accurate information and base life-changing decisions on this data.

In recent years there has been more attention paid to the security of medical devices; however, there has been little research done on the unique protocols used by these devices. In large, health care systems medical personnel take advantage of to make decisions on patient treatment and other critical care, use central monitoring stations. This information is gathered from many devices on the network using uncommon networking protocols. What if this information wasn't accurate when a doctor prescribed medication? What if a patient was thought to be peacefully resting, when in fact they are under cardiac arrest?

McAfee's Advanced Threat Research team has discovered a weakness in the RWHAT protocol, one of the networking protocols used by medical devices to monitor a patient's condition. This protocol is utilized in some of the most critical systems used in hospitals. This weakness allows the data to be modified by an attacker in real-time to provide false information to medical personnel. Lack of authentication also allows rogue devices to be placed onto the network and mimic patient monitors.

This presentation will include a technical dissection of the security issues inherent in this relatively unknown protocol. It will describe real-world attack scenarios and demonstrate the ability to modify the communications in-transit to directly influence the receiving devices. We will also explore the general lack of security mitigations in the medical devices field, the risks they pose, and techniques to address them. The talk will conclude with a demonstration using actual medical device hardware and a live modification of a patient's critical data.

Douglas McKee
Douglas McKee is a Senior Security Researcher for the McAfee Advanced Threat Research team, focused on finding new vulnerabilities in both software and hardware. Douglas has an extensive background in penetration testing, reverse engineering, malware analysis and forensics and throughout his career has provided software exploitation training to many audiences, including law enforcement.


Return to Index      -     

 

Meetup - Local Bikeshop - Saturday - 06:00-06:59


Title:
8th Defcon Bike Ride

At 6am on Friday, the @cycle_override crew will be hosting the 8th Defcon Bikeride. We'll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It's about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See at 6am Friday! @jp_bourget @gdead @heidishmoo. Go to cycleoverride.org for more info.

More Info: @Cycle_Override    http://cycleoverride.org/

Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 10:00-10:50


 

No description available


Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 13:00-13:45


A Journey Into Hexagon: Dissecting a Qualcomm Baseband

Thursday at 13:00 in 101 Track, Flamingo
45 minutes |

Seamus Burke Hacker

Mobile phones are quite complicated and feature multiple embedded processors handling wifi, cellular connectivity, bluetooth, and other signal processing in addition to the application processor. Have you ever been curious about how your phone actually makes calls and texts on a low level? Or maybe you want to learn more about the internals of the baseband but have no clue where to start. We will dive into the internals of a qualcomm baseband, tracing it's evolution over the years until its current state. We will discuss the custom, in-house DSP architecture they now run on, and the proprietary RTOS running on it. We will also cover the architecture of the cellular stack, likely places vulnerabilities lie, and exploit mitigations in place. Finally we will cover debugging possibilities, and how to get started analyzing the baseband firmware—how to differentiate between RTOS and cellular functions, how to find C std library functions, and more.

Seamus Burke
Seamus Burke is an undergraduate student at UMBC pursing a degree in CS, he has been working in the security field field since he was 16 and has held a variety of positions from SOC analyst to malware analyst, to vulnerability researcher. Currently his research focus is on cellular baseband and kernel rootkits. When he's not staring at IDA, he likes to spend his time wrenching on cars and racing.

@AlternateAdmin


Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 13:00-13:30


Title: A Rundown of Security Issues in Crypto Software Wallets

Speakers: Marko Bencun

Description:
No description available



Return to Index      -     

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 14:00-14:59


Title: Accountability without accountability: A censorship measurement case study

Speakers: Speaker TBA

Description:

Protecting volunteers from retribution, and why the fear of unknown unknowns is paralyzing to the academic measurement community.


Return to Index      -     

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


ADRecon: Active Directory Recon

Saturday 08/11/18 from 1200-1350 at Table Six
Security professionals (Blue Team, Red Team), system administrators, etc.

Prashant Mahajan

ADRecon is a tool which extracts various artifacts (as highlighted below) out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD environment. The tool is useful to various classes of security professionals like system administrators, security professionals, DFIR, etc. It can also be an invaluable post-exploitation tool for a penetration tester. It can be run from any workstation that is connected to the environment, even hosts that are not domain members. Furthermore, the tool can be executed in the context of a non-privileged (i.e. standard domain user) accounts. Fine Grained Password Policy, LAPS and BitLocker may require Privileged user accounts. The tool will use Microsoft Remote Server Administration Tools (RSAT) if available, otherwise it will communicate with the Domain Controller using LDAP.

The following information is gathered by the tool: Forest; Domain; Trusts; Sites; Subnets; Default Password Policy; Fine Grained Password Policy (if implemented); Domain Controllers, SMB versions, whether SMB Signing is supported and FSMO roles; Users and their attributes; Service Principal Names (SPNs); Groups and memberships; Organizational Units (OUs); ACLs for the Domain, OUs, Root Containers and GroupPolicy objects; Group Policy Object details; DNS Zones and Records; Printers; Computers and their attributes; LAPS passwords (if implemented); BitLocker Recovery Keys (if implemented); and GPOReport (requires RSAT).

https://github.com/sense-of-security/ADRecon

Prashant Mahajan
Prashant Mahajan is a Security Consultant at Sense of Security Pty Ltd. He has experience with various aspects of Information Security including penetration testing, vulnerability analysis, digital forensics and incident response. Prashant is a founding member of Null—The Open Security Community and frequent speaker at industry events.


Return to Index      -     

 

PHW - Caesars Promenade Level - Neopolitan BR - Friday - 13:00-14:59


Advanced APT Hunting with Splunk

You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the "fictional" APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre Att&ck framework and how these concepts can frame your hunting. Then we look deep in the data using Splunk and OSINT to find the APT activity riddling a small startup's network. We walk you through detecting lateral movement, the P of APT, and even PowerShell Empire. Then at the end, we give you a similar dataset and tools to take home and try newly learned techniques yourself.

Ryan Kovar fought in the cyberwars and has been doing cybery things for almost 20 years. Now he is a Principal Security Strategist at Splunk building cool stuff, talking about security thingies, and helping other people fight their battles. He hates printers.

John Stoner is a Principal Security Strategist at Splunk. During his career he has worked in operations, consulting and solutions engineering. In his current role, he leverages his many years of experience in log management, SIEM, security operations and threat intelligence to provide solutions that drive greater situational awareness for organizations.


Return to Index      -     

 

PHW - Caesars Promenade Level - Neopolitan BR - Sunday - 11:00-12:59


Advanced APT Hunting with Splunk

You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the "fictional" APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre Att&ck framework and how these concepts can frame your hunting. Then we look deep in the data using Splunk and OSINT to find the APT activity riddling a small startup's network. We walk you through detecting lateral movement, the P of APT, and even PowerShell Empire. Then at the end, we give you a similar dataset and tools to take home and try newly learned techniques yourself.

Ryan Kovar fought in the cyberwars and has been doing cybery things for almost 20 years. Now he is a Principal Security Strategist at Splunk building cool stuff, talking about security thingies, and helping other people fight their battles. He hates printers.

John Stoner is a Principal Security Strategist at Splunk. During his career he has worked in operations, consulting and solutions engineering. In his current role, he leverages his many years of experience in log management, SIEM, security operations and threat intelligence to provide solutions that drive greater situational awareness for organizations.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Saturday - 10:00-13:59


Advanced Custom Network Protocol Fuzzing

Saturday, 1000-1400 in Icon C

Joshua Pereyda Software Engineer

Timothy Clemans Software Engineer

Get hands on experience writing custom network protocol fuzzers. This class will cover the basics of network protocol "smart fuzzing." Exercises will utilize the open source network protocol fuzzing framework, boofuzz. Attendees will gain practice reverse engineering a network protocol, implementing and iterating on a custom fuzzer, and identifying vulnerabilities.

After:
1. You will know the basics of fuzzing.
2. You will know how to write custom network protocol fuzzers using state of the art open source tools.
3. You will have hands on experience with this widely-discussed but still largely mysterious test method.

Before:
1.You should be comfortable doing some programming in Python.
2. You should understand basic network protocol concepts.
3. You should be familiar with WireShark and how to use it.

What you won't learn:
1. Exploit development.
2. Python programming. Because you can already do that (see above).

Prerequisites:
- Some basic Python programming experience (some programming ability is REQUIRED).
- Basic understanding of network protocols.
- Basic familiarity with Wireshark.
- Optional: Fuzzing experience.

Materials:
- Laptop with physical Ethernet port -- strongly recommended: configure for secure Wi-Fi access beforehand.
- Python 2.7 and pip installed and updated.
- Linux recommended but Windows OK.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/advanced-custom-network-protocol-fuzzing-icon-c-tickets-47194829004
(Opens July 8, 2018 at 15:00 PDT)

Joshua Pereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. Among his passions are hacking, teaching kids to program, listening to upper-crust orchestral performances with his wife, and figuring out how he can get paid to do it all... legally. Joshua is the maintainer of the boofuzz network protocol fuzzing framework. He has written fuzzers for fun, and profit (literally).

Timothy Clemans
Tim is a software engineer working in information security. He has worked for a startup and data analytics companies. He currently works in critical infrastructure with a focus on security and fuzzing. He cringes at the thought of insecure systems and so he seeks to improve the security of anyone who will listen. He enjoys a good hike, ice cream, and long walks on the beach.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Thursday - 14:30-18:30


Advanced Wireless Attacks Against Enterprise Networks

Thursday, 1430-1830 in Icon C

Gabriel Ryan Co-Founder & Principle Security Consultant, Digital Silence

Justin Whitehead CEO & Co-Founder, Digital Silence

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and additional required equipment will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.

Areas of focus include:

* Wireless reconnaissance and target identification within a red team environment
* Attacking and gaining entry to WPA2-EAP wireless networks
* LLMNR/NBT-NS Poisoning
* Firewall and NAC Evasion Using Indirect Wireless Pivots
* MITM and SMB Relay Attacks
* Downgrading modern SSL/TLS implementations using partial HSTS bypasses

Prerequisites: None

Materials: Students will need to bring a laptop with at least 8 gigs of RAM, a 64-bit operating system, at least 100 gigs of hard drive space (external drives are fine), and at least one free USB port. Students will also be required to download and install a virtual lab environment prior to participating in the workshop. Everything else will be provided by the instructor team.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/advanced-wireless-attacks-against-enterprise-networks-icon-c-tickets-47086648433
(Opens July 8, 2018 at 15:00 PDT)

Gabriel Ryan
Gabriel Ryan is a penetration tester and researcher with a passion for wireless and infrastructure testing. He currently serves a co-founder and principle security consultant for Digital Silence, a Denver based consulting firm that specializes in impact driven penetration testing and red team engagements.

Prior to joining Digital Silence, Gabriel worked as a penetration tester and researcher for Gotham Digital Silence, contributing heavily to their wireless security practice and regularly performing large scale infrastructure assessments and red teams for Fortune 500 companies. Some of Gabriel's most recent work includes the development of EAPHammer, an 802.11ac focused tool for breaching WPA2-EAP networks. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys producing music, exploring the outdoors, and riding motorcycles.

Justin Whitehead
Justin is an Army infantry veteran with over a decade of service. After retiring from the military, he went on to have a successful 7 year career in computer forensics and incident response. In 2015, he became a penetration tester at One World Labs, working under renowned security researcher Chris Roberts. He now serves as CEO and Co-Founder of Digital Silence, bringing a unique attention to detail and blend of blue and red team experience to the company. When he's not focused on his role as a security professional, Justin happily pursues his hobby of synchronized figure skating.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Saturday - 10:00-13:59


Adventures in Radio Scanning: Advanced Scanning Techniques with SDR

Saturday, 1000-1400 in Icon D

Richard Henderson

Bryan Passifiume

Many cities around the world have implemented multi-million dollar "trunked" radio systems for their transit, municipal, public safety, police, fire and EMS radio networks. Large commercial organizations (like Caesar's) also use frequency sharing trunked radio systems due to the hundreds (if not thousands) of staff... all requiring radio access. This workshop will walk you through the basics of trunked radio systems, how they work, and how you can set up a listening post to decode these systems and listen in. This workshop will cover setting up and using the Trunk88 scanning software, and how to scan other conventional (non-trunked) radio systems such as MOTOTRBO, Tetra, EDACS, and other systems. Live interception and decoding of a trunked system and a DMR/TRBO system will be done by students. We will also quickly walk through scanning popular archaic pager systems like POCSAG.

Prerequisites: A basic understanding of SDR scanning would be incredibly helpful, but is not essential. We can walk students through it.

Materials: In this case, we will require each student to bring a Windows laptop (not a Surface tablet please) and *at least* 2 USB DVB-T RTL2832U+R820T sticks in order to properly intercept and decode trunked radio systems. The more sticks students bring, the more voice channels they will be able to simultaneously monitor and record. A very limited number of additional sticks will be available to borrow. Please make sure you have them!

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/adventures-in-radio-scanning-advanced-scanning-techniques-with-sdr-icon-d-tickets-47194754782
(Opens July 8, 2018 at 15:00 PDT)

Richard Henderson
Richard Henderson is a writer, researcher, and ham radio/electronics nerd who has worked in infosec and technology for well over a decade. Richard is currently co-authoring a book on cybersecurity for ICS/Scada systems.

Bryan Passifiume
Bryan Passifiume is a journalist, writer and photographer who writes for one of Toronto's largest newspapers. A National Newspaper Awards nominee, and a co-founder of the alt-amateur radio group Hamsexy, he's been involved in the monitoring and radio hacking scene for nearly twenty years.


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 15:15-15:45


Adventures in the dark web of government data - Marc DaCosta

Government bureaucracy is your friend. The US federal government alone produces tens of thousands of different forms that collect information on everything from the owner and location of every oil well in the country, to the VIN number of every car that’s imported, the location and height of every cell phone tower, and much more. While most of this data is locked behind clunky 1990s-era search forms, or in exports of antiquated database formats, the enterprising researcher will find a treasure trove that exists outside the indexes of Google and LexisNexis.

I have written scrapers and parsers for 100s of these databases and will share with you what I’ve learned about coaxing OSINT out of some of the messiest and hard to find data out there.

The talk will specifically feature a deep dive into the data produced by the US Federal Communications Commission. The FCC has issued over 20 million licenses for transmitting on regulated parts of the electromagnetic spectrum. The data residue of this process can be used for everything from geo-locating electronic border surveillance infrastructure to discovering the location and transmission frequency of every McDonald’s drive-thru radio. In the second portion of the talk, I will discuss how various protocols for data transmission can be decoded and joined with other contextual public data. For instance, every cargo ship emits an ““Automated Identification System”” signal that can be joined with shipping records to understand what the ship is carrying.

By the end of the talk, I hope attendees will develop new intuitions and techniques for finding and working with government data, and specifically have the tools to run their own investigations using FCC data.


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 10:20-10:40


Adversarial Patches

Sven Cattell

Adversarial examples fooling machine learning field are a burgeoning field. We propose applications to fool self driving cars or facial recognition systems but most of the techniques are purely academic. They require minute manipulations to the bit values of the pixels entering a system. Adversarial patches are an attack that could actually work. This talk will cover how to make them and further applications

I got my Ph.D. in algebraic topology in 2016 and immediately moved into machine learning to work on something useful to people. I then completed a post-doc in mathematical machine learning where I worked on medical data. I now work at endgame.


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Sunday - 10:40-10:59


AI DevOps: Behind the Scenes of a Global Anti-Virus Company’s Machine Learning Infrastructure

Alex Long

“Thus far, the security community has treated machine learning as a research problem. The painful oversight here is in thinking that laboratory results would translate easily to the real world, and as such, not devoting sufficient focus to bridging that gap. Researchers enjoy the luxuries of neat bite-sized datasets to experiment upon, but the harsh reality of millions of potentially malicious files streaming in daily soon hits would-be ML-practitioners in the face like a tsunami-sized splash of ice water. And while in research there’s no such thing as ““too much”” data, dataset sizes challenge real-world cyber security professionals with tough questions: ““How will we store these files efficiently without hampering our ability to use them for day-to-day operations?”” or ““How do we satisfy competing use-cases such as the need to analyze specific files and the need to run analyses across the entire dataset?”” Or maybe most importantly: ““Will my boss have a heart-attack when he sees my AWS bill?””

In this talk, we will provide a live demonstration of the system we’ve built using a variety of AWS services including DynamoDB, Kinesis, Lambda, as well as some more cutting edge AWS services such as Redshift and ECS Fargate. We will go into depth about how the system works and how it answers the difficult questions of real world ML such as the ones listed above. This talk will provide a rare look into the guts of a large-scale machine learning production system. As a result, it will give audience members the tools and understanding to confidently tackle such problems themselves and ultimately give them a bedrock of immediately practical knowledge for deploying large-scale on-demand deep learning in the cloud.”

Alex Long is currently working as a programmer on the Sophos Datascience Team where he builds tools, scalable backends, and cool visualizations to support the team’s research. His latest work has been on creating an online platform for researchers to publish, evaluate, and distribute their latest AI models, thus streamlining the process of productizing AI breakthroughs.


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 16:00-16:45


All your family secrets belong to us—Worrisome security issues in tracker apps

Saturday at 16:00 in Track 2
45 minutes | Demo, Exploit

Dr. Siegfried Rasthofer Fraunhofer SIT

Stephan Huber Hacker

Dr. Steven Arzt Hacker

Google Play Store provides thousands of applications for monitoring your children/family members. Since these apps deal with highly sensitive information, they immediately raise questions on privacy and security. Who else can track the users? Is this data properly protected? To answer these questions, we analyzed a selection of the most popular tracking apps from the Google Play Store.

Many apps and services suffer from grave security issues. Some apps use self-made algorithms instead of proper cryptography for data storage and transmission. Others do not even attempt to protect their communication at all and make use of the unprotected http protocol, or even give an attacker full access to a vulnerable backend system. Hard coded database credentials in apps allowed access to all stored user locations. We would be able to extract hundreds of thousands of tracking profiles, even in real time. In others, this wasn't even necessary, because the user authentication could be bypassed altogether. Flaws in server API allowed us to extract all user credentials (1.7m plain text passwords), further we saw full communication histories containing messages, pictures and location data.

In total, the state of tracker apps is worrisome, effectively leading to users unknowingly installing espionage software on their devices.

Dr. Siegfried Rasthofer
Siegfried is the head of department Secure Software Engineering at Fraunhofer SIT (Germany) and his main research focus is on

applied software security. He has received a PhD, master's degree and bachelor's degree in computer science and IT-security. He is the founder of the CodeInspect reverse engineering tool and founded TeamSIK.

During his research, he develops tools that combine static and dynamic code analysis for security purposes. Most of his research is published at top tier academic conferences and industry conferences

like DEF CON, BlackHat, AVAR or VirusBulletin.

Stephan Huber
Stephan is a security researcher at the Testlab mobile security group at the Fraunhofer Institute for Secure Information Technology (SIT).

His main focus is Android application security testing and developing new static and dynamic analysis techniques for app security evaluation.

He found different vulnerabilities in well-known Android applications and the AOSP. He gave talks on conferences like DEF CON, HITB, AppSec or VirusBulletin. In his spare time he enjoys teaching students in Android hacking.

Dr. Steven Arzt
Steven is currently a researcher at the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt.

He has received a PhD, a master's degree in computer science, and a master's degree in IT Security from Technische Universität Darmstadt.

Steven is one of the core maintainers of the Soot open-source compiler framework that is now used for static analysis and program instrumentation by various research groups around the world. He is also actively maintaining the FLOWDROID open-source static data flow tracker.

His main research interests center on (mobile) security and static and dynamic program analysis applied to real-world security problems, an area in which he has published various research papers over the last years.


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 15:00-15:45


All your math are belong to us

Saturday at 15:00 in Track 1
45 minutes | Demo, Tool, Exploit, Audience Participation

sghctoma Lead security researcher @ PR-Audit Ltd., Hungary

First of all, it's math. Not meth. So everybody be cool, I'm not gonna touch your central nervous system stimulant substances. Now that this is established, I can start telling my story. And this story, like all good stories, begins where it ends.

Wait, no, not really.

It begins at a birthday party where the sister of a friend asked if I could help her with MATLAB. No matter how horrible memories I had about MATLAB, I just couldn't say no. So the next day, there was I, sitting in my room, installing the trial. And that's when the hacking started...

Believe me, there were a lot to hack in this case! Several gigabytes of installed materials, a few web servers, cloud integration, clustering capabilities, you name it. These software are bloated, they are basically their own little operating systems.

Yup, I used plural. Because I thought why discriminate MATLAB? I should really give a chance to Maple and Mathematica to fail too!. I did, and they did fail, and these failures gave the material for my talk. Basically this will be a dump of exploits (RCEs, file disclosures, etc.), and if you use any of those software and you are at least a bit security conscious, you should definitely listen to it.

sghctoma
Toma is the lead IT security researcher at PR-Audit Ltd., a company focusing mainly on penetration testing and SIEM software development. Previously he participated in a cooperation between ELTE Department of Meteorology and the Paks Nuclear Power Plant Ltd., the goal of which was to develop TREX, a toxic waste emission simulator using CUDA.

The scene from RoboCop where Nikko defeats the ED-209 with just a laptop and a serial cable made a huge impression on him, and after seeing the movie, his path was set: he was bound to be a hacker. His first experiences in this field involved poking around various copy protection schemes, and to this day his favorite areas of expertise are the ones that require some mangling of binary files. Besides computer security he also loves mountain biking, flight simulators, and builds and flies acro quadcopters.


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Sunday - 12:00-12:59


Title:
Alphathreat Soup: Burning Threat Actors with Data

brain, 9bplus

Alphathreat Soup: Burning Threat Actors with Data

"If the last year has shown us anything, it's that breaches and attacks being surfaced are the new normal. As the public becomes more informed about cyber operations, it's only natural that malicious actors will increase their operational security by using new approaches or subverting existing detection tools. In fact, it's already begun. In order to remain relevant, security teams need to increase the data sets and tools at their disposal.

In this talk, we will focus on walking through various data sets both commonly known and some newer approaches in order to identify threat actors and their operations. We will put a focus on ongoing campaigns which have gone unnoticed and highlight additional ways to investigate more recent reported activity. We will also provide insight into how attackers are subverting these data sets and some ideas on how as defenders, we could improve coverage. Our talk will conclude with a brief discussion about future predictions and where defenders should be spending their time."


Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 11:00-11:45


An Attacker Looks at Docker: Approaching Multi-Container Applications

Friday at 11:00 in 101 Track, Flamingo
45 minutes | Demo

Wesley McGrew Director of Cyber Operations, HORNE Cyber

Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale applications. The good news: this is likely to make your life easier as an attacker.

While exploitation and manipulation of traditional monolithic applications might require specialized experience and training in the target languages and execution environment, applications made up of services distributed among multiple containers can be effectively explored and exploited "from within" using many of the system- and network-level techniques that attackers, such as penetration testers, already know.

The goal of this talk is to provide a hacker experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. Docker is used as a concrete example for the case study. A hacker can expect to leave this presentation with a practical exposure to multi-container application post-exploitation.

Wesley McGrew
Wesley currently oversees and participates in offense-oriented operations as Director of Cyber Operations for HORNE Cyber. He has presented on topics of penetration testing and and malware analysis at DEF CON and Black Hat USA. He teaches a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systens.


Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 15:00-16:59


Title: An Introduction to Kovri

Speakers: Anonimal

Description:
No description available



Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 12:00-12:30


An OSINT Approach to Third Party Cloud Service Provider Evaluation

Lokesh Pidawekar, Senior Cloud and Application Security Engineer at Cisco

In the era of third party cloud service providers where enterprise critical data is hosted and shared with various vendors, third party security reviews have become essential part of Information Security. It has become a challenge for security teams to ensure parity is maintained between security controls that are available on premise, to those offered by the cloud provider. Typically, companies send a word document or excel sheet to get answers from cloud providers, however, this process is done only once and the review is point in time. In this talk, the attendees will learn about various methods of identifying security posture of the third-party cloud service using information available on Internet, how to use this information for performing cloud service review and improve their own cloud offerings. This can also supplement the tedious questionnaire process and provide an option to fast track the vendor reviews.

Lokesh Pidawekar (Twitter: @MaverickRocky02) work as Senior Cloud and Application Security Engineer in Cisco InfoSec team where he is responsible for designing secure architecture for applications, evaluating third party cloud service providers, and providing training to enterprise architects. He has Master's in Information Assurance & Cyber Security from Northeastern University, Boston. Previously, he has spoken at BSides Las Vegas, DEFCON Packet Hacking Village talks, OWASP Boston chapter and CarolinaCon. He likes to read about application vulnerabilities in free time and has reported security bugs to vendors as part of their bug bounty program.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Saturday - 14:30-18:30


Analyzing Malscripts: Return of the Exploits!

Saturday, 1430-1830 in Icon E

Sergei Frankoff Co-Founder, Open Analysis

Sean Wilson Co-Founder, Open Analysis

In recent years malscripts and file based exploits have become a main delivery method for malware. Malscripts are often heavily obfuscated and they can take many different forms including WScript, Javascript, macros, and PowerShell. There has also been been a rise in document based exploits used to deliver and execute these malscripts. As a result incident responders and malware analysts need to be comfortable analyzing different document formats, identifying potential exploits, and analyze malscripts.

In this workshop you will work through the triage of a live malware delivery chain that includes a malicious document, malicious scripts, and a final malware payload. During this process you will be exposed to different document based exploits, and you will practice the skills required to manually analyze malscripts. This workshop focuses on the fundamental analysis techniques used when identifying, deobfuscating, and analyzing maldocs and malscripts. However, we will also provide an introduction to automation tools and techniques that can be used to speed up the analysis process.

This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you have a good understanding of scripting languages like VBScript, and Javascript, and you are familiar with windows internals you should have no problem completing the workshop. You will be provided with a VirtualMachine to use during the workshop, please make sure to bring a laptop that meets the following requirements. Your laptop must have VirtualBox installed and working (VMWare is not supported). Your laptop must have at least 60GB of disk space free, preferably 100GB. Your laptop must be able to mount USB storage devices. Make sure you have the appropriate dongle if you need one.

Prerequisites: None

Materials: Students will be provided with a VirtualMachine to use during the workshop. They will need to bring a laptop that meets the following requirements:

- The laptop must have VirtualBox installed and working (VMWare is not supported).
- The laptop must have at least 60GB of disk space free, preferably 100GB.
- The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/analyzing-malscripts-return-of-the-exploits-icon-e-tickets-47194482969
(Opens July 8, 2018 at 15:00 PDT)

Sergei Frankoff
Sergei is a co-founder of Open Analysis, and volunteers as a malware researcher. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis. Sergei is a strong believer in taking an open, community approach to combating cyber crime. He actively contributes to open source tools and tries to publish as much analysis as possible. With over a decade of experience Sergei has held roles both as the manager of an incident response team, and as a malware researcher.

YouTube: https://www.youtube.com/oalabs

Sean Wilson
Sean is a co-founder of Open Analysis, and volunteers as a malware researcher. He splits his time between reverse engineering malware and building automation tools for incident response. He is an active contributor to open source security tools focused on incident response and analysis. Sean brings over a decade of experience working in a number of incident response and application security roles with a focus on security testing and threat modeling. In his free time Sean loves fly fishing.

YouTube: https://www.youtube.com/oalabs


Return to Index      -     

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


Angad: A Malware Detection Framework using Multi-Dimensional Visualization

Saturday 08/11/18 from 1600-1750 at Table Two
Defense, Forensics, Network, Malware

Ankur Tyagi

Angad is a framework to automate classification of an unlabelled malware dataset using multi-dimensional modelling. The input dataset is analyzed to collect various attributes which are then arranged in a number of feature vectors. These vectors are then individually visualized, indexed and then queried for each new input file. Matching vectors are labelled as per their AV detection categories for now but this could be changed to a heuristics approach if needed. If dynamic behavior or network traffic details are available, vectors are also converted into activity graphs that depict evolution of activity with a predefined time scale. This results into an animation of malware/malware category's behavior traits and is also useful in identifying activity overlaps across the input dataset.

Malware detection is a challenging task as the landscape is ever-evolving. Every other day, a new variant or a known malware family is reported and signature driven tools race against time to add detection. The process worsens when the rate of incoming samples is in thousands on a daily basis, making static/dynamic analysis alone of no use.

Angad tries to address this issue by leveraging well-known data classification techniques to the malware domain. It tries to provide a known interface to the multi-dimensional modelling approach within a standalone package.

https://github.com/7h3rAm/angad

Ankur Tyagi
Bio: Ankur Tyagi is a Sr. Malware Research Engineer at Qualys Inc., where he analyzes malicious code and applies statistical modelling to identify suspicious patterns and evolving trends. His research interests include structural visualization techniques for classifying large collections of uncategorized samples. He has completed MS in Software Systems with focus on Applied Security.


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 14:00-14:40


Applied OSINT For Politics: Turning Open Data Into News - Lloyd Miller

“How do you apply open source intelligence techniques to politicians, candidates, and others holding the public trust? It’s easier than you think. This talk will outline the general principles for investigating public figures, how to take information and data and turn it into a news story even when the story is (often) incomplete, and then review several case studies that demonstrate the effectiveness of combining these techniques.


Return to Index      -     

 

HHV - Caesars Pool Level - Forum 17-21 - Friday - 10:00-12:59


Applied Physical Attacks on Embedded Systems, Introductory Version

Joe FitzPatriclk, @arinerron, and @pixieofchaos

Abstract

This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi development board. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

What to Bring

No hardware or electrical background is required. Computer architecture knowledge, Linux internals, command-line familiarity, and low-level programming experience all very helpful but not actually required.

All equipment, including laptops, will be provided for use in the class. Students will be provided with a lab manual that includes an equipment list of all materials used for the class.

Max size: 24, first come first serve basis.

Bio

Joe (@securelyfitz) is an Instructor and Researcher at https://SecuringHardware.com (@securinghw). Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spent the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, hardware validators worldwide. When not teaching Applied Physical Attacks training, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.

@arinerron is a student, security enthusiast, CTF player, bug bounty hunter, software developer, and ham radio operator (K1ARE). He’s interested in many aspects of security, though most of his experience is in web and binary exploitation.

Chaos Pixie (@pixieofchaos) works for the man doing embedded systems security.


Return to Index      -     

 

Night Life - Flamingo - 3rd Floor - Mesquite Rm - Friday - 20:30-23:59


Title:
Arcade Party

No description available
Return to Index      -     

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Archery—Open Source Vulnerability Assessment and Management

Saturday 08/11/18 from 1000-1150 at Table Two
Offense

Anand Tiwari

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.

https://github.com/archerysec/archerysec/

Anand Tiwari
Anand Tiwari is an information security professional with nearly 5 years of experience in offensive security, with expertise in Mobile and Web Application Security. Currently working with Philips Healthcare on securing medical devices. He has authored Archery—open source tool and has presented at Black Hat Asia 2018. In his free time, he enjoys coding and experimenting with various open source security tools. Twitter handle: @anandtiwarics


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Friday - 10:00-13:59


ARM eXploitation 101

Friday, 1000-1400 in Icon D

Sneha Rajguru Security Consultant, Payatu Software Labs LLP

ARM architecture based systems are on the rise and seen in almost every hand-held or embedded device. The increasing popularity and growth of the Internet of Things (IoT) have allowed widespread use of ARM architecture. As with any other thing in this world, increasing popularity and usage brings new security challenges and attacks. This workshop aims to provide an introduction to ARM architecture, assembly and explore intermediate level exploitation techniques on ARM along with hands-on examples and challenges.

This session is aimed at security professionals and personnel who possess general security knowledge and wish to enter the field of ARM exploitation.

The attendees will walk away with basic knowledge and skills of ARM Architecture, Assembly, and Exploitation techniques.

The workshop will provide a base for the attendees to develop exploit research expertise on the ARM based platforms

Topics Covered:

Introduction to ARM CPU Architecture
Registers
Modes of Operations
ARM Assembly Language Instruction Set
Introduction to ARM functions and working
Debugging on ARM
Stack Overflow on ARM
How to write a shellcode
How to reverse a shellcode

Prerequisites: The participants are not expected to have any prior knowledge about ARM architectures whereas familiarity with C and Linux Command line will be useful.

Materials: Hardware Requirements: Minimum 4GB RAM and more than 20 GB Free Hard Disk Space
Software Requirements:Windows 7/8, *Nix, Mac OS X 10.5, Administrative privileges on your machines, Virtualbox or VMPlayer, SSH Client

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/arm-exploitation-101-icon-d-tickets-47194115871
(Opens July 8, 2018 at 15:00 PDT)

Sneha Rajguru
Sneha works as Senior Security Consultant with Payatu Software Labs LLP. Her interests lies in web, mobile application security and fuzzing. She has discovered various security flaws within various open source applications such as PDFLite, Jobberbase, Lucidchart and more. She has spoken and provided trainings at various conferences such as DEFCON, BSides LV, BSidesVienna, OWASP AppSec USA, DeepSec, DefCamp, FUDCon, and Nullcon. Sneha is passionate about promoting and encouraging Women in Security and has founded an initiative called WINJA-CTF through which she hosts women-only CTFs and Workshops at conferences and other events. Sneha is also active in the local security community and hosts local security meet-ups in Pune. She leads the Pune chapter of null community.


Return to Index      -     

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 12:00-12:59


Title: Asking for a Friend

Speakers: Speaker TBA

Description:
No description available



Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 13:30-13:50


Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading

Sunday at 13:30 in Track 1
20 minutes | Tool

Ruo Ando Center for Cybersecurity Research and Development, National Institute of Informatics, Japan

Recently, the inspection of huge traffic log is imposing a great burden on security analysts. Unfortunately, there have been few research efforts focusing on scalablility in analyzing very large PCAP file with reasonable computing resources. Asura is a portable and scalable PCAP file analyzer for detecting anomaly packets using massive multithreading. Asura's parallel packet dump inspection is based on task-based decomposition and therefore can handle massive threads for large PCAP file without considering tidy parameter selection in adopting data decomposition. Asura is designed to scale out in processing large PCAP file by taking as many threads as possible.

Asura takes two steps. First, Asura extracts feature vector represented by associative containers of <sourceIP, destIP> pair. By doing this, the feature vector can be drastically small compared with the size of original PCAP files. In other words, Asura can reduce packet dump data into the size of unique <sourceIP, destIP> pairs (for example, in experiment, Asura's output which is reduced in first step is about 2% compared with the size of original libpcap files). Second, a parallel clustering algorithm is applied for the feature vector which is represented as {<sourceIP, destIP>, V[i]} where V[i] is aggregated flow vector. In second step, Asura adopts an enhanced Kmeans algorithm. Concretely, two functions of Kmeans which are (1)calculating distance and (2)relabeling points are improved for parallel processing.

In experiment, in processing public PCAP datasets, Asura can identified 750 packets which are labeled as malicious from among 70 million (about 18GB) normal packets. In a nutshell, Asura successfully found 750 malicious packets in about 18GB packet dump. For Asura to inspect 70 million packets, it took reasonable computing time of around 350-450 minutes with 1000-5000 multithreading by running commodity workstation. Asura will be released under MIT license and available at author's GitHub site on the first day of DEF CON 26.

Ruo Ando
Ruo Ando is associate professor of NII (National Institute of Informatics) by special appointment in Japan. He has Ph.D of computer science. Before joining NII, he was engaged in research project supported by US AFOSR in 2003 (Grant Number AOARD 03-4049). He has presented his researches in PacSec2011 (BitTorrent crawler) and GreHack2013 (DNS security). He was co-presenter of SysCan2009 and FrHack2009 (Virtual machine instrospection). His current research interest is network security.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Saturday - 10:00-13:59


Attack & Defense in AWS Environments

Saturday, 1000-1400 in Icon E

Vaibhav Gupta Security Researcher, Adobe Systems

Sandeep Singh Security Managing Consultant, NotSoSecure

AWS is the most widely used cloud environments today and almost every security professional have to encounter this environment whether you are attacking an organization or defending it. In this fast-paced workshop we will teach participants with some neat tools, techniques and procedures to attack the most widely used AWS services as well as to defend them.

- Recon / Information Gathering on AWS Services
- Attacking S3 buckets
- Exploiting web application flaws to compromise AWS services (IAM/KMS)
- Attacking Serverless applications
- Disrupting AWS Logging
- Attacking Misconfigured Cloud SDN

Takeaways: Students will be able to understand and appreciate the delta in attack surface which gets added due to moving to cloud. And subsequently design architecture and develop applications to defend them.

What will participants be provided?
- PDF copy of slide deck
- Lab VM
- Workshop lab manual
- Bonus labs

Target Audience:
- Cloud Security Engineers
- DevOps engineers
- Security Analyst
- Penetration Testers
- Anyone else who is interested in Cloud Security
- If you are an Expert or Advanced user, you may join us as co-trainers! :-)

Prerequisites: - Need to have AWS account (Free-tier) - Basic understanding of AWS

Materials: - Machine with at least 8 GB RAM and 20 GB free HD space - VirtualBox [VMs will be provided]

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/attack-defense-in-aws-environments-icon-e-tickets-47194715665
(Opens July 8, 2018 at 15:00 PDT)

Vaibhav Gupta
Vaibhav is working as a Security Researcher with Adobe Systems. His expertise lies in infusing design and architecture level security in applications hosted in-house and on cloud environments. With ~9 years of diverse InfoSec exposure, he has strong experience in attacking and defending applications including the ones hosted on the cloud. He is co-leading the OWASP and Null community in Delhi region and has delivered multiple sessions at the local and global stage. Vaibhav is also co-organizer for BSides Delhi.

Sandeep Singh
Sandeep is a Security Managing Consultant with NotSoSecure. He has over 5 years of experience in delivering high end security consulting services to clients across the globe. Sandeep has also worked in Detection and Response teams in the past. He is the co-lead of OWASP Delhi chapter and Community Manager of null community and actively contributes to the local security community. He has conducted and delivered many talks and workshops for the local community in the past. Sandeep is also one of the organizers of BSides Delhi.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Friday - 10:00-13:59


Attacking & Auditing Docker Containers Using Open Source

Friday, 1000-1400 in Icon E

Madhu Akula Security & DevOps Researcher, Appsecco

Developers and Operations teams (DevOps) have moved towards containers and modern technologies. Attackers are catching up with these technologies and finding security flaws in them. In this workshop, we will look at how we can test for security issues and vulnerabilities in Dockerised environments . Throughout the workshop we will learn how we can find security misconfigurations, insecure defaults and container escape techniques to gain access to host operating system (or) clusters. In the workshop, we will look at real world scenarios where attackers compromised containers to gain the access to applications, data and other assets.

By the end of workshop participants will be able to:

- Understand Docker security architecture
- Audit containerised environments
- Perform container escapes to get access to host environments

The participants will get the following:

- A Gitbook(pdf, epub, mobi) with complete workshop content
- Virtual machines to learn & practice
- Other references to learn more about topics covered in the workshop

Prerequisites: Basic familiarity with Linux and Docker

Materials: A laptop with administrator privileges
10 GB of free Hard Disk Space
Ideally 8 GB of RAM but minimum 4 GB
Laptop should support hardware-based virtualization
If your laptop can run a 64-bit virtual machine in Oracle VirtualBox it should work
Other virtualisation software might work but we will not be able to provide support for that.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/attacking-auditing-docker-containers-using-open-source-icon-e-tickets-47194085781
(Opens July 8, 2018 at 15:00 PDT)

Madhu Akula
Madhu is a security ninja and published author, security and devops researcher with extensive experience in the industry ranging from client facing assignments building scalable and secure infrastructure, to publishing industry leading research to running training sessions for companies and governments alike.

Madhu's research papers are frequently selected for major security industry conferences including Defcon 24, Blackhat USA 2018, All Day DevOps (2016, 2017), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n, Serverless Summit, ToorCon, DefCamp, SkydogCon, NolaCon and null, etc. Madhu was a keynote speaker for the National Cyber Security conference at Dayananda Sagar College in Feb 2016.

When he's not working with Appsecco's clients or speaking at events he's actively involved in researching vulnerabilities in open source products/platforms such as WordPress, Ntop, Opendocman etc. and is also a contributing bug hunter with Code Vigilant (a project to Secure Open Source Software). His research has identified many vulnerabilities in over 200 organisations including US Department of Homeland Security, Google, Microsoft, Yahoo, Adobe, LinkedIn, Ebay, At&t, Blackberry, Cisco, Barracuda etc. He is also an active member with Bugcrowd, Hackerone, Synack etc.

Madhu has trained over 5000 people in information security for companies and organisations including the Indian Navy and the Ministry of e-services in a leading Gulf state. He is co-author of Security Automation with Ansible2 book published by Packt Publishing in December 2017, which is listed as a resource by the RedHat Ansible itself.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Friday - 10:00-13:59


Attacking Active Directory and Advanced Defense Methods in 2018

Friday, 1000-1400 in Icon C

Adam Steed Security Consultant, Protiviti

James Albany Senior Consultant, Protiviti

This hands-on workshop teaches you how to both attack and defend Active Directory. We will start by deploying an Active Directory environment using the typical security settings found in most medium to large organizations. Participants will then learn current common methods and tools used to exploit Active Directory against a lab environment. Participants will create a hardened Active Directory environment using advanced methods to secure domain controllers from attack and then try to compromise their hardened environments.

Prerequisites: Some basic background in Active Directory

Materials: Need a laptop running a hypervisor that would support the import and running of multiple prebuilt virtual images.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/attacking-active-directory-and-advanced-defense-methods-in-2018-icon-c-tickets-47194199120
(Opens July 8, 2018 at 15:00 PDT)

Adam Steed
Adam Steed prides himself in not just being an Information Security professional, but has been part of the culture that has defined Defcon for the last two decades. He has over 20 years of experience in working for Financial, Websites and Healthcare organizations. Currently Adam is a Associate Director at Protiviti as part of the Security and Privacy practice, leading Active Directory assessments and remediation work for Protiviti's clients. He has also spoken at Defcon, Bsides and other events across the United States.

James Albany
James is a Senior Consultant in the Security and Privacy practice at Protiviti. He received a B.S. in Security and Risk Analysis with a specialization in Cyber Security from Penn State University. He currently provides information security services for a wide range of clients in various industries to identify and communicate business risks.


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 12:00-12:45


Attacking the macOS Kernel Graphics Driver

Sunday at 12:00 in Track 2
45 minutes | Demo, Exploit

Yu Wang Senior Staff Engineer at Didi Research America

Just like the Windows platform, graphic drivers of macOS kernel are complicated and provide a large promising attack surface for EoPs and sandbox escapes from low-privileged processes. After auditing part of the binaries, I discovered a number of vulnerabilities last year. Including, NULL pointer dereference, stack-based buffer overflow, arbitrary kernel memory read and write, use-after-free, etc. Some of these vulnerabilities were reported to Apple Inc., such as the CVE-2017-7155, CVE-2017-7163, CVE-2017-13883.

In this presentation, I will share with you the detailed information about these vulnerabilities. Furthermore, from the attacker's perspective, I will also reveal some new exploit techniques and zero-days.

Yu Wang
Yu Wang is a senior staff engineer at Didi Research America. He has previously presented on Syscan360 2012/2013, Hitcon 2013, Black Hat USA 2014, Black Hat ASIA 2016, Black Hat USA Arsenal 2018 and other conferences.


Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 16:00-16:45


Automated Discovery of Deserialization Gadget Chains

Friday at 16:00 in 101 Track, Flamingo
45 minutes | Tool

Ian Haken Senior Security Software Engineer, Netflix

Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, unsafe deserialization continues to be a vulnerability class that isn't going away. Attention on Java deserialization vulnerabilities skyrocketed in 2015 when Frohoff and Lawrence published an RCE gadget chain in the Apache Commons library and as recently as last year's Black Hat, Muñoz and Miroshis presented a survey of dangerous JSON deserialization libraries. While much research and automated detection technology has so far focused on the discovery of vulnerable entry points (i.e. code that deserializes untrusted data), finding a "gadget chain" to actually make the vulnerability exploitable has thus far been a largely manual exercise. In this talk, I present a new technique for the automated discovery of deserialization gadget chains in Java, allowing defensive teams to quickly identify the significance of a deserialization vulnerability and allowing penetration testers to quickly develop working exploits. At the conclusion we will also be releasing a FOSS toolkit which utilizes this methodology and has been used to successfully develop many deserialization exploits in both internal applications and open source projects.

Ian Haken
Ian Haken is a senior security software engineer at Netflix where he works on the platform security team to develop tools and services that defend the Netflix platform. Before working at Netflix, he spent two years as security researcher at Coverity where he developed defensive application security tools and helped to develop automated discovery of security vulnerabilities through static software analysis. He received his Ph.D. in mathematics from the University of California, Berkeley in 2014 with a focus in computability theory and algorithmic information theory.


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 13:20-13:59


Automated Planning for the Automated Red Team

Andy Applebaum

“Offensive assessments – i.e., penetration testing, adversary emulation, red teaming – have become a key component of maintaining a secure network. Unfortunately, offensive assessments require significant resources, and can vary in quality and structure based on who specifically is conducting the assessment. In the past few years, we’ve seen people try to remedy this problem by creating automated offensive assessment tools, but the capabilities and goals of these tools are highly variable, and many either require personnel to manage them or lack the ability to conduct dynamic or end-to-end tests.

We believe that automated offensive assessments can be done better using automated planning. One of the older branches of AI, automated planning seeks to solve problems where an autonomous agent must determine how to compose a sequence of actions together to achieve an objective. Problems in this space can range from constructing offline deterministic plans, to planning under probabilistic conditions, or to planning in scenarios where the world and underlying model are un- or partially-known. Planning techniques have been applied to solve problems in a variety of domains, including controlling unmanned vehicles and designing intelligent agents in computer games.

In this talk, we’ll describe how we’ve leveraged concepts from the automated planning community to help us design CALDERA, a free, open source automated adversary emulation system. Using these concepts, CALDERA dynamically strings techniques – taken from MITRE ATT&CK™ – together to achieve objectives and conduct end-to-end tests. In addition to describing CALDERA itself, we’ll also discuss more generally some of the challenges and advantages of deploying automated planning to automated offensive assessments, discussing alternate approaches that we as well as others have considered in tackling this problem. Attendees should walk away with both an understanding of how they can use CALDERA as well as how planning can be used for automated offensive assessments.”

Andy Applebaum is a Lead Cyber Security Engineer at MITRE where he works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. Andy has contributed to MITRE’s ATT&CK framework and CALDERA adversary emulation platform, as well as other projects within MITRE’s internal research and development portfolio. Prior to working at MITRE, Andy received his PhD in computer science from the University of California Davis, where his dissertation topic was using argumentation logic for reasoning in cyber security. Andy’s work has been published in multiple conferences and workshops and has most recently spoken at Black Hat Europe. In addition to his PhD, Andy holds a BA in computer science from Grinnell College and the OSCP certification.


Return to Index      -     

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 10:00-10:20


Automating DFIR: The Counter Future

Friday at 10:00-10:20
20 minutes

@rainbow_tables

Automation has been the forefront of almost every tool or talk in the recent years. The DFIR industry has been moving rapidly towards automating everything! With some great work being done in the area of integrating workflows and various toolsets to make things easier for analysts, automation has really taken off. While that sounds like a worthwhile solution to help SOC analysts weed out the run of the mill adware/PUPs or phishing expeditions, can we really automate a response to the more sophisticated or targeted attack on our company’s crown jewels?

The current argument being made, is that -- rather than building in house Incident Response teams, we should utilize automation to substitute analysts and use third party retainers for skilled analysis. Large investments in automation technologies, rather than resource development reflect this strategy. What does this mean for career progression for budding DFIR analysts? With security engineering taking the forefront, is analysis as a career in DFIR a dying star? Is automation moving us towards click forensics rather than intelligent analysis? I’d like to challenge groupthink, and debate where automation will lead the industry trends. Additionally, I will share some of my experiences in the changing face of DFIR.

@rainbow_tables
Rainbow_Tables is an experienced incident responder and forensic investigator. She enjoys her forays in various industries - media, telecom and software. She finds that her most intriguing experiences stem from the application of DFIR to those industries. Her passion lies within automating analysis methodologies to streamline the incident response process. She believes in innovating simple and innovative solutions to the challenges poised to incident responders by proliferation of advancing technologies.


Return to Index      -     

 

CHV - Flamingo Lower Level - Red Rock Rm 1-5 - Friday - 16:40-17:05


Automotive Evidence Collection – Automotive Driving Aids and Liability

VLAD

FRIDAY 8/10 • 4:40-5:05 PM
45 min talk

The presentation will cover security implications of GPS and positioning attacks. We will discuss real world attacks and incidents. We will touch upon increased reliance on positioning data in accident reconstruction and assistive driving technologies.


Return to Index      -     

 

CHV - Flamingo Lower Level - Red Rock Rm 1-5 - Saturday - 12:15-12:40


Automotive Exploitation Sandbox: A Hands-on Educational Introduction to Embedded Device Exploitation

Nathaniel Boggs

saturday 8/11 • 12:15-12:40 PM
25 min talk

The Automotive Exploitation Sandbox is a hands-on educational tool designed to provide stakeholders with little to no previous exposure to automotive security a hands-on experience with real hardware following a basic attack chain against a typical automotive development board. The attack chain provides instructions for the user to remotely exploit, escalate privilege, exfiltrate data, and modify memory using synthetic vulnerabilities placed on a remote test platform running an OS and hardware typically found in automotive systems.


An illustrated summary can be found at (The full system will be made publicly available at ESCAR 2018 June 20th):
https://sandbox.redballoonsecurity.com/
Your Name/Handle: Nathaniel Boggs, Ang Cui, Jatin Kataria and Phillippe Laulheret (Red Balloon Security)


Return to Index      -     

 

CHV - Flamingo Lower Level - Red Rock Rm 1-5 - Friday - 17:10-17:55


Automotive Flash Bootloaders: Exposing automotive ECU updates

Philip Lapczynski

Friday 8/10 • 5:10-5:55 PM
45 min talk

Unified Diagnostic Services (UDS) provides a powerful interface into vehicle diagnostics. OEMs use these services to update firmware, manipulate calibration data, send and receive information from vehicle ECUs, and now more recently for over the air updates. This talk pulls back the curtain on automotive bootloaders and how poor security design or implementation choices can be used by attackers to exfiltrate firmware or even gain persistent code execution.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 13:00-13:30


barcOwned—Popping shells with your cereal box

Sunday at 13:00 in Track 3
20 minutes | Demo

Michael West Technical Advisor at CyberArk

magicspacekiwi (Colin Campbell) Web Developer

Barcodes and barcode scanners are ubiquitous in many industries and work with untrusted data on labels, boxes, and even phone screens. Most scanners also allow programming via barcodes to manipulate and inject keystrokes. See the problem? By scanning a few programming barcodes, you can infect a scanner and access the keyboard of the host device, letting you type commands just like a Rubber Ducky. This culminates in barcOwned—a small web app that allows you to program scanners and execute complex, device-agnostic payloads in seconds. Possible applications include keystroke injection (including special keys), infiltration and exfiltration of data on air-gapped systems, and good ol' denial of service attacks.

Michael West
Michael West, aka T3h Ub3r K1tten, is a National Technical Advisor at CyberArk who likes cats. His homelab has over 640 kilobytes of RAM. Michael presents regularly at Dallas Hackers Association and enjoys combining his software dev background with infosec to build tools for others. His interests include OSINT, amateur radio, and scanning long barcodes on the beach.

@t3hub3rk1tten, https://mwe.st, https://barcowned.com

magicspacekiwi (Colin Campbell)
magicspacekiwi, aka Colin Campbell, is a Web Developer with a focus on user experience and considers security an important (but often neglected) part of that experience. They've managed to log over 1500 hours in Overwatch while being stuck in plat. Ask them about their nginx configs.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 17:45-18:30


Title: Batman, Brain Hacking, and Bank Accounts

Speaker: Katherine Pratt
About Katherine:
Katherine Pratt received her B.S. in aerospace engineering from MIT in 2008, where she received the MIT Women’s League Laya Weisner Award for public service to the university, and the MIT Aero/Astro James Means Memorial Award for Space Systems Engineering. She completed several internships with the private space venture Blue Origin, working in systems and propulsion engineering. After graduation, she served four years in the United States Air Force, working primarily as an operational flight test engineer on the F-35 Joint Strike Fighter. She is now a PhD Candidate in the BioRobotics Lab in the Electrical Engineering department of the University of Washington, and currently spending six months in Congress as a Congressional Innovation Scholar. Her work focuses on the privacy, ethics, and policy of neural data. In addition to research, Katherine is passionate about getting younger students, especially girls and minorities, interested in science and technology. She also competes in triathlons as a member of the Husky Triathlon Club and iracelikeagirl teams.
Abstract:
The advancement of technology means more data are being collected from a wider range of sources. Of particular concern is data collected using a Brain Computer Interface (BCI): a device that records neural signals and allows them to control objects external to the body. Applications for this
technology range from therapeutic (e.g. controlling a prosthetic arm) to entertainment (e.g. playing a video game). These cases provide malicious entities the ability to intercept, manipulate, or hack neural signals and the devices they control: it is the plot of Batman Forever (1995) come to life.
This talk will outline research in the field of neural security and information elicitation, as well as the corresponding ethical and policy implications.

Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 10:00-10:59


Title: BCOS keynote speech

Speakers: Philip Martin (VP Security, COINBASE)

Description:
No description available



Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Sunday - 14:00-14:45


Betrayed by the keyboard: How what you type can give you away

Sunday at 14:00 in 101 Track, Flamingo
45 minutes |

Matt Wixey Vulnerability R&D Lead, PwC

Attribution is hard. Typically, the most useful identifiers—IP addresses, email address, domains, and so on—are also the easiest things to spoof, obfuscate, or anonymise. Whilst more advanced techniques, such as correlating malicious activity with timezones, or linking attacks through the use of similar techniques or malware, can be useful, they tend to take investigators further away from the individuals responsible; at best, some inference about the country or specific actor group/collective can be made.

In this talk, I present a method for linking incidents to individual attackers with a high degree of accuracy, based on extremely fine-grained behavioural characteristics. This involves an investigatory technique known as "case linkage analysis" (CLA), which uses granular aspects of crime scene behaviours to link common offenders together through statistical comparison. It's been applied to some crime types before, but never to cyber attacks.

I'll cover how CLA works, its advantages and disadvantages, and how it has previously been applied to a range of crimes, from burglary to homicide. I'll place it within the context of personality psychology, biometrics, forensic criminology, offender profiling, and forensic linguistics; and will walk through applying it practically.

I'll then show the results of a novel experiment I conducted applying CLA to network intrusion attacks, which involved logging the keystrokes of volunteer attackers across different simulated intrusions, breaking these down into specific behaviours and syntax, and using these to link individuals to their offences. The end result: the way you type commands, including your choice and order of syntax, switches, and options, can form distinctive behavioural signatures, which can be used to link attackers together. Linking accuracy rates as high as 99% were achieved.

Finally, I'll talk about the implications for both defenders and everyone else (particularly focusing on the privacy implications), explore ways in which these techniques could be defeated, and outline some ideas for future research in these areas.

Matt Wixey
Matt leads technical research for the PwC Cyber Security practice in the UK, works on its Ethical Hacking team, and is a PhD candidate at University College London. Prior to joining PwC, Matt led a technical R&D team for a law enforcement agency in the UK. His research interests include antivirus and sandboxing technologies, unconventional attack vectors, side-channels, and radio security.

@darkartlab


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 14:00-14:30


Beyond Adversarial Learning – Security Risks in AI Implementations

Kang Li

A year after we discovered and reported a bunch of CVEs related to deep learning frameworks, many security and AI researchers have started to pay more attention to the software security of AI systems. Unfortunately, many deep learning developers are still unaware of the risks buried in AI software implementations. For example, by inspecting a set of newly developed AI applications, such as image classification and voice recognition, we found that they make strong assumptions about the input format used by training and classifications. Attackers can easily manipulate the classification and recognition without putting any effort in adversarial learning. In fact the potential danger introduced by software bugs and lack of input validation is much more severe than a weakness in a deep learning model. This talks will show threat examples that produce various attack effects from evading classifications, to data leakage, and even to whole system compromises. We hope by demonstrate such threats and risks, we can draw developers’ attention to software implementations and call for community collaborative effort to improve software security of deep learning frameworks and AI applications.

Kang Li is a professor of computer science and the director of the Institute for Cybersecurity and Privacy at the University of Georgia.  His research results have been published at academic venues, such as IEEE S&P, ACM CCS and NDSS, as well as industrial conferences, such as BlackHat, SyScan, and ShmooCon.  Dr. Kang Li is the founder and mentor of multiple CTF security teams, including SecDawg and Blue-Lotus.  He was also a founder and player of the Team Disekt, a finalist team in the 2016 DARPA Cyber Grand Challenge.


Return to Index      -     

 

DEFCON - Octavius 9 - Saturday - 20:00-19:59


Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape

Saturday at 20:00 in Octavius 9
Fireside Hax |

Matt Goerzen Researcher, Data & Society

Dr. Jeanna Matthews Fellow at Data & Society, Associate Professor of Computer Science at Clarkson University

Joan Donovan Media Manipulation/Platform Accountability Research Lead, Data and Society in Manhattan

White hat or critical grey hat trolling? Trolling as art? Trolling as hybrid warfare? Trolling as propaganda? In this Fireside Hax, we will challenge your assumptions about trolling. Trolls are attention hackers, using social and technical means to bait journalists, set agendas, game media gatekeepers, and direct audiences. Sometimes they also have fun. We will discuss a range of trolling techniques like sockpuppeting, dogpiling, doxing, attention honeypots, and cognitive denial of service attacks that we have not seen concisely catalogued elsewhere. We will also discuss high-profile examples of trolling such as"training" the Microsoft Tay chatbot, fake Antifa accounts, Russian sockpuppet accounts, and Phineas Fisher's use of Hacking Team's twitter account--and ask attendees to consider each as black hat attacks or grey hat attempts to point out critical societal vulnerabilities that should be"patched." We will also talk about"troll the troll" accounts like ImposterBuster and YesYoureRacist and the role"white hat trolls" might play in auditing platforms or proposing platform-based controls. Time permitting, we will discuss art projects that trollishly critiqued the European Commission, Google AdSense, and the NSA. This will not be a lecture and it will not shy away from controversy. Join two members of the Media Manipulation Team at Data & Society to collectively consider the role trolling can play in pointing out the flaws in our attention/media landscape.

Matt Goerzen
Matt Goerzen studies trolling techniques and cultures as part of the Media Manipulation team at Data & Society. He's also applied many of the techniques in the art world, for example by once developing an absurdist AdSense campaign ostensibly designed to sell a hideous sculpture to art collector Shaquille O'Neal, but more accurately designed to piggyback off of free clickbait media attention to inform readers about psychometric ad tech practices. He has written an academic study of contemporary artists who function as what he calls"critical trolls," arguing that trolling can be seen as an extension of the politicized attentional strategies used by the 20th-century avant-garde. His current work at Data & Society focuses on mapping the way white supremacists and state actors have appropriated trolling techniques for use in influence operations as a form of"bottom-up agenda setting."

Dr. Jeanna Matthews
Jeanna Matthews is an associate professor of Computer Science at Clarkson University and a 2017-18 fellow at Data and Society where she has been collaborating with the Media Manipulation team. She was a speaker and DEF CON 23 and 24, both times on the topic of vulnerabilities in virtual networks. Her broader research interests include virtualization, cloud computing, computer security, computer networks, operating systems and algorithmic accountability and transparency. Jeanna received her Ph.D. in Computer Science from the University of California at Berkeley and is an ACM Distinguished Speaker.

@jeanna_matthews

Joan Donovan
Joan Donovan is the Media Manipulation/Platform Accountability Research Lead at Data and Society in Manhattan. After completing her PhD in Sociology and Science Studies at the University of California San Diego, she was a postdoctoral fellow at the UCLA Institute for Society and Genetics, where she researched white supremacists' use of DNA ancestry tests, social movements, and technology. For several years, Joan has conducted action research with different networked social movements in order to map and improve the communication infrastructures built by protesters. In her role as a participant, she identifies information bottlenecks, decodes algorithmic behavior, and connects organizations with other like-minded networks.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 17:00-17:45


Title: Biohacking the Disability

Speaker: Gabriel Bergel
About Gabriel:
Gabriel Bergel is a System Engineer, Master in Cybersecurity from the IMF Business School and the Camilo José Cela University (Spain) and has 15 years
of experience in different areas of information security. He regularly speakers in courses, workshops and forums on information security in different
institutions, universities and national and international events. Currently he is Chief Executive Officer (CEO) of Vulnscope, Chief Strategy Officer (CSO)
of Dreamlab Technologies, and Chief Security Ambassador (CSA) of Eleven Paths, Director of Public Policies in Whilolab and Founder and Organizer of 8.8 Computer
Security Conference.
Speaker: Rodrigo Quevedo:
About Rodrigo:
Specialist in technological architecture and management, entrepreneur, teacher, inventor and mentor of scientific talents, with a high social and service vocation, fully dedicated to the development of mechatronics and robotics technology in different fields, for 10 years he has trained more than 3000 young people in Chile, Peru, Bolivia and Colombia,
allowing more than 700 young people to travel to the USA to compete in robotic tournaments, forming 34 teams that have competed in national and international tournaments, obtaining various awards in Japan, USA and Chile. Speaker at various universities, colleges, innovation and entrepreneurship events, national and international. Interviewed by different
means of print and television, national and international. Guest writer of technological columns in various specialized magazines. Inventor of 14 products, including MIVOS, bidirectional automatic translator of signlanguage for deaf people.
Abstract:
"The talk is about the project “Over Mind”. That it is a neuro wheelchair control software developed to help people with different physical abilities who have reduced mobility and use wheelchairs, by capturing data provided by neuro sensors or other sources of information, the software converts them into an order of movement to one or several engines, allowing the movement of a wheelchair. “Over Mind” will allow you to control any adapted electric wheelchair. You can also control an exoskeleton or other mechanism that facilitates the mobility of people. We have managed to control a high-tech robot using our Over Mind software and using a sensor provided by Neurosky
The Problem:
The 1% of the world population cannot move by itself, for various reasons such as Amyotrophic lateral sclerosis (ALS), accidents and others, 50,000,000 people.
Over Mind is a a low-cost technology/system developed in Chile, designed to give mobility to 1% of the world population, increasing its available physical capacities allowing people with zero or reduced mobility to MOVE and carry out activities on their own, granting freedom and autonomy.
The year 2016 Over Mind participated in the contest ""An idea to change history"", organized by History Channel together with 5,800 projects and it was the only Chilean project that finished among the four finalists."

Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 12:30-12:59


Bitsquatting: Passive DNS Hijacking

Ed Miles, Security Researcher at DiDi Labs

The Domain Name System is one of the foundational technologies that allow the internet to function, but unfortunately, DNS is surprisingly brittle to certain issues, such as bitsquatting.

Lookups to names that are a "bitflip" away from well-known sites (like 'amczon.com' instead of 'amazon.com' since 'c' and 'a have a single bit difference) can be caused by memory failing due to defect or overheating situations, rogue cosmic rays, or even (allegedly) radiation caused by nuclear reactions.

I was curious how realistic the last case really was - can we 'detect' active nuclear tests based solely on bitsquatting data? To find out, I revisited bitsquatting. First I'll briefly introduce the key concepts required for understanding bitsquatting (including ASCII, DNS and HTTP, Internet infrastructure, and memory error scenarios). I'll show the tools and techniques used to identify and register over 30 newly identified bitsquat domains, monitor DNS and HTTP requests, and process, enrich, and investigate the data. Finally, I will discuss any observations gathered from the data, with a focus on regional trends, specific devices, and current events - and try and see if I could prove any correlation.

In the end, attendees should leave with knowledge of the prevalence of bitsquatting and how it has evolved since the phrase was coined 8 years ago, as well as a few techniques for analyzing bitsquatting data and drawing some interesting conclusions.

Ed Miles (Twitter: @criznash) is a researcher at DiDi Chuxing's California-based DiDi Labs. Working in technology professionally since 2001, and as a hobbyist since 1991, Ed has been focused on forensics, incident response, malware analysis, reverse engineering, and detection since 2010.


Return to Index      -     

 

Night Life - Flamingo - 3rd Floor - Carson City Rm - Saturday - 20:30-23:59


Title:
BlanketFortCon

Check your ego at the door, grab some building materials and join in the celebration of the creativity and originality that is the pillow fort! A host of DJs will be spinning from a pirate ship as you share and create your own unique environment. All aboard!
More Info: BlanketFortCon.com

Return to Index      -     

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


BLEMystique—Affordable custom BLE target

Saturday 08/11/18 from 1200-1350 at Table Five
Attack and Defence

Nishant Sharma

Jeswin Mathai

BLEMystique is an ESP32 based custom BLE target which can be configured by the user to behave like one of the multiple BLE devices. BLEMystique allows a pentester to play with the BLE side of different kind of smart devices with a single piece of affordable ESP32 chip. BLEMystique contains multiple device profiles, for example, Smart Lock, Smart health band, Smart bulb, Heart rate monitor, Smart Bottle and more.

The BLEMystique code and manuals will be released to general public. So, apart from using the pre-configured devices, the users can also add support for devices for their choice and use their ESP32 board for target practice. In this manner, this tool can improve the overall experience of learning BLE pentesting.

Nishant Sharma
Nishant Sharma is a Technical Manager at Pentester Academy and Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX, WiMini and course/training content. He has presented/published his work at Blackhat Arsenal, Wireless Village, IoT village and Demo labs (DEFCON). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the WIPS solution. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, forensics and cryptography.

Jeswin Mathai
Jeswin Mathai is a Researcher at Pentester Academy. He has a Bachelor degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. He was also the part of team Pied Piper who won Smart India Hackathon 2017, a national level competition organized by GoI. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security and Web Application Security.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 13:30-14:15


Title: Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism

Speaker: Mr. Br!ml3y
Abstract:
Editing genes is getting easier as knowledge of various genomes and technology advance. Malicious actors creating novel or custom infectious agents are a growing concern. This presentation explores use of Cyber Kill Chain methodology
to detect and disrupt potential bioterrorist activities. Each link in the chain is defined and examined to identify potential attack indicators and countermeasures, discussing notable bottlenecks in each step. The goal is to
apply existing information security knowledge and paradigms to counter the would-be bioterrorist. This talk will include brief discussions of current gene editing methods (CRISPR-CAS9, ZINCFINGER) for the lay person. Familiarity with the Cyber Kill Chain would be useful.

Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 15:00-15:45


Booby Trapping Boxes

Saturday at 15:00 in Track 3
45 minutes | Demo, Tool

Ladar Levison Founder, Lavabit LLC

hon1nbo Proprietor, Hacking & Coffee LLC

Ever worry about the hardware you leave behind? In a world where servers are co-located, and notebooks get left in hotel rooms, the ability to resist tampering, and if necessary actively respond to attack, has become increasingly important. And of course everybody knows the best booby traps are the ones you don't know are there. This talk will prepare you for life in 1984, where the maids are evil, and step brothers can't be trusted. Whether your running servers as a high value target, or simply want to protect your Monero private key, this talk will show you to achieve FIPS 140-2 level 4 security, without the FIPS 140-2 level 4 price tag. Specifically, we'll cover acquisition considerations, physical hardening, firmware mitigation, tamper detection and more.

Ladar Levison
Ladar Levison serves as the founder, president, and chief executive of Lavabit, where he has worked the past 14 years. Founded in 2004 (and originally called Nerdshack), Lavabit was created because Mr. Levison believes that privacy is a fundamental, necessary right for a functioning, free and fair democratic society. Presently, Mr. Levison is focused on Lavabit's Dark Mail Initiative, which aims to make end-to-end email encryption automatic and ubiquitous, while continuing to vigorously advocate for the privacy and free speech rights of all. Mr. Levison’s involvement in the internet can be traced to the early days of the world wide web, when he built his first website, in the early nineties for the fledgling Mosiac web browser (from the National Center for Supercomputing Applications).

Prior, Mr. Levison operated a dialup bulletin board service, and worked as a computer technician assembling custom computer systems. With more than 10 years of experience as an independent consultant, Mr. Levison has brought to bear his skills as a project manager, business analyst, systems engineer, software developer, database administrator, systems administrator, and information security specialist.

Mr. Levison’s career has involved working with several dozen multinational companies in the financial, consumer electronics, and retail sectors. The websites Mr. Levison built have drawn millions of visitors, and the software he's written has touched, albeit behind the scenes, the lives of millions more. Over the years, Mr. Levison has written and published numerous technical specifications and authored several editorial pieces. Mr. Levison frequently speaks at a variety of conferences, has appeared as an expert on numerous network television shows, and appeared in several documentaries; including the Oscar winning film, /Citizenfour/.

Mr. Levison has also been involved with several popular free open source software projects. Mr. Levison holds fifteen certifications, with the vast majority from Microsoft and International Business Machines. Mr. Levison received his Bachelor of Arts and Bachelor of Science degrees from Southern Methodist University, where he studied finance, English, political science and computer science. Additionally, Mr. Levison spent a year studying international relations at Georgetown University. A native of San Francisco, California, he currently resides in Dallas, Texas where he lives with his best friend, and principal cheerleader, Princess, the Italian Greyhound he rescued in 2010.

Twitter: @kingladar
Facebook: kingladar
Website: https://lavabit.com

hon1nbo
Hon1nbo is a hacker who tinkers for fun and to satisfy the basic human need to light things on fire. Hon1nbo allegedly has a job, where they get paid to take selfies in other people’s secure vaults in the middle of the night. We don’t know if this job is real, or merely a cover story. This possible delusion has taken them around the world entering into some of the largest organizations in both people size and technical expanse, using every possible entry method at their disposal. No domain left without an admin, no email left without a phish, and every office a wolf tail hiding in the air vents.

In addition to their night job, Hon1nbo runs Hacking & Coffee, a small hosting firm in Texas, where excess network capacity abounds, to perform security research and mirror F/OSS repositories. They also provide infrastructure support to a variety community projects, small businesses, and student groups.

A wild Hon1nbo can be spotted at DEF CON, its natural habitat, and identified via their purple tail, ears, and getting into shenanigans.

Twitter: @hon1nbo
Facebook: hon1nbo
Website: https://hackingand.coffee
Species: Wolf-Dog
Pronouns: them/their/schlee/generalisimo whatever be consistent


Return to Index      -     

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


boofuzz

Saturday 08/11/18 from 1600-1750 at Table Five
Vulnerability Analysis, AppSec, Offense.

Joshua Pereyda

boofuzz is an open source network protocol fuzzing framework, competing with closed source commercial products like Defensics and Peach.

Inheriting from the open source tools Spike and Sulley, boofuzz improves on a long line of block-based fuzzing frameworks.

The framework allows hackers to specify protocol formats, and boofuzz does the heavy lifting of generating mutations specific to the format. boofuzz makes developing protocol-specific "smart" fuzzers relatively easy. Make no mistake, designing a smart network protocol fuzzer is no trivial task, but boofuzz provides a solid foundation for producing quality fuzzers.

Written in Python, boofuzz builds on its predecessor, Sulley, with key features including:

https://github.com/jtpereyda/boofuzz

Joshua Pereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. He currently hunts vulnerabilities full time. Among his passions are hacking, teaching kids to program, listening to upper-crust orchestral performances with his wife, and figuring out how he can get paid to do it all... legally.


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 11:00-11:45


Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more.

Sunday at 11:00 in Track 1
45 minutes | Demo, Exploit

Josep Pi Rodriguez Senior security consultant, IOActive

Extreme network's embedded WingOS (Originally created by Motorola) is an operating system used in several wireless devices such as access points and controllers. This OS is being used in Motorola devices, Zebra devices and Extreme network's devices. This research started focusing in an access point widely used in many Aircrafts by several worldwide airlines but ended up in something bigger in terms of devices affected as this embedded operating system is not only used in AP's for Aircrafts but also in Healthcare, Government, Transportation, Smart cities, small to big enterprises... and more.

Based on public information, we will see how vulnerable devices are actively used (outdoors) in big cities around the world. But also in Universities, Hotels,Casinos, Big companies, Mines, Hospitals and provides the Wi-Fi access for places such as the New york City Subway.

In this presentation we will show with technical details how several critical vulnerabilities were found in this embedded OS. First we will introduce some internals and details about the OS and then we will show the techniques used to reverse engineering the mipsN32 ABI code for the Cavium Octeon processor. It will be discussed how some code was emulated to detect how a dynamic password is generated with a cryptographic algorithm for a root shell backdoor. Besides, it will be shown how some protocols used by some services were reverse engineered to find unauthenticated heap and stack overflow vulnerabilities that could be exploitable trough Wireless or Ethernet connection.

This OS also uses a proprietary layer 2/3 protocol called MiNT. This protocol is used for communication between WingOS devices through VLAN or IP. This protocol was also reverse engineered and remote heap/stack overflow vulnerabilities were found on services using this protocol and will be shown. As a live demonstration, 2 devices will be used to exploit a remote stack overflow chaining several vulnerabilities as the attacker could do inside an aircraft (or other scenarios) through the Wi-Fi. As there are not public shellcodes for mipsN32 ABI, the particularities of creating a Shellcode for mipsN32 ABI will be also discussed.

Josep Pi Rodriguez
Josep Pi Rodriguez is experienced in network penetration and web application testing, reverse engineering, industrial control systems, transportation, RF, embedded systems, vulnerability research, exploit development, and malware analysis. As a senior consultant at IOActive, Mr. Rodriguez performs penetration testing, identifies system vulnerabilities and researches cutting-edge technologies. Mr. Rodriguez has performed security services and penetration tests for numerous global organizations and a wide range of financial, technical, and educational institutions. He has presented at international conferences including Immunity infiltrate, Hack in paris and Japan CCDS iot conference.


Return to Index      -     

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 15:00-15:30


Breaking In: Building a home lab without having to rob a bank

Bryan Austin

Abstract

Building a home lab is critical to making you as a hacker better, but between space, hardware costs and learning it can quickly become an expensive habit. This talk will aim to show you some of the low cost options to learning the skills of the trade, and a bit of the mindset you need to finish that project.

Bio

Bryan Austin is an information security researcher with a background in electronics, threat analysis, social engineering, working with at-risk children, mentorship and research. He is also the co-founder of Through the Hacking Glass, a free mentorship community partnered with Peerlyst. By day, he secures people and organizations against scammers and hackers but by night he works with children with behavioral issues and a variety of other challenges. When not crusading against internet evil doers, he enjoys hiking, Taekwondo, and hacking with his beautiful wife and 3 amazing children.


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 12:00-12:45


Breaking Paser Logic: Take Your Path Normalization Off and Pop 0days Out!

Friday at 12 in Track 2
45 minutes | Demo, Tool, Exploit

Orange Tsai Security Researcher from DEVCORE

We propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many implicit properties and edge cases. This complication, being under-estimated or ignored by developers for a long time, has made our proposed attack vector possible, lethal, and general. Therefore, many 0days have been discovered via this approach in popular web frameworks written in trending programming languages, including Python, Ruby, Java, and JavaScript.

Being a very fundamental problem that exists in path normalization logic, sophisticated web frameworks can also suffer. For example, we've found various 0days on Java Spring Framework, Ruby on Rails, Next.js, and Python aiohttp, just to name a few. This general technique can also adapt to multi-layered web architecture, such as using Nginx or Apache as a proxy for Tomcat. In that case, reverse proxy protections can be bypassed. To make things worse, we're able to chain path normalization bugs to bypass authentication and achieve RCE in real world Bug Bounty Programs. Several scenarios will be demonstrated to illustrate how path normalization can be exploited to achieve sensitive information disclosure, SMB-Relay and RCE.

Understanding the basics of this technique, the audience won't be surprised to know that more than 10 vulnerabilities have been found in sophisticated frameworks and multi-layered web architectures aforementioned via this technique.

Orange Tsai
Cheng-Da Tsai, also as known as Orange Tsai, is member of DEVCORE and CHROOT from Taiwan. He has spoken at conferences such as Black Hat USA, Black Hat ASIA, DEF CON, HITCON, HITB, CODEBLUE and WooYun. He participates in numerous Capture-the-Flags (CTF), and won 2nd place in DEF CON 22/25 as team member of HITCON.

Currently, he is focusing on vulnerability research and web application security. Orange enjoys finding vulnerabilities and participating in Bug Bounty Programs. He is enthusiastic about Remote Code Execution (RCE), and uncovered RCEs in several vendors, such as Facebook, Uber, Apple, GitHub, Amazon, Yahoo and Imgur.

@orange_8361, Blog: http://blog.orange.tw/


Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Sunday - 12:00-12:45


Breaking Smart Speakers: We are Listening to You.

Sunday at 12:00 in 101 Track, Flamingo
45 minutes | Demo, Exploit

Wu HuiYu Security Researcher At Tencent Blade Team

Qian Wenxiang Security Researcher At Tencent Blade Team

In the past two years, smart speakers have become the most popular IoT device, Amazon_ Google and Apple have introduced their own smart speaker products. Most of these smart speakers have natural language recognition, chat, music playback, IoT device control, shopping, and so on. Manufacturers use artificial intelligence technology to make smart speakers have similar human capabilities in the chat conversation. However, with the smart speakers coming into more and more homes, and the function is becoming more powerful, its security has been questioned by many people. People are worried that smart speakers will be hacked to leak their privacy, and our research proves that this concern is very necessary.

In this talk, we will present how to use multiple vulnerabilities to achieve remote attack some of the most popular smart speakers. Our final attack effects include silent listening, control speaker speaking content and other demonstrations. And we're also going to talk about how to extract firmware from BGA packages Flash chips such as EMMC, EMCP, NAND Flash, etc. In addition, it contains how to turn on debug interfaces and get root privileges by modifying firmware content and Re-soldering Flash chips, which can be of great help for subsequent vulnerability analysis and debugging. Finally, we will play several demo videos to demonstrate how we can remotely access some Smart Speaker Root permissions and use smart speakers for eavesdropping and playing voice.

Wu HuiYu
Wu HuiYu is a security researcher at Tencent Blade Team of Tencent Security Platform Department. Now his job is mainly focus on IoT security research and mobile security research. He is also a bug hunter, winner of GeekPwn 2015, and speaker of HITB 2018 AMS & POC2017.

Qian Wenxiang
Qian Wenxiang is a security researcher at the Tencent Blade Team of Tencent Security Platform Department. His is focusing on security research of IoT devices. He also performed security audits for web browsers. He was on the top 100 of annual MSRC list (2016 & 2017 ). He published a book called "Whitehat Talk About Web Browser Security ".


Return to Index      -     

 

Meetup - Caesars - Livorno Rm - Thursday - 16:00-16:59


Title:
BruCamp

A play within a play, this Meetup is for conference organizers to come together and share their best ideas, tips and methods of running their cons in a social environment. The goal is to help improve teh conference experiences for all and to help take away some of the headaches in running a con. A great gathering for con organization veterans as well as anyone looking to start their own con.

Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 12:10-12:55


Bug Bounty Hunting on Steroids - Anshuman Bhartiya and Glenn ‘devalias’ Grant

Bug bounty programs are a hot topic these days. More and more companies are realizing the benefits of running a program, and researchers are jumping at the opportunity to grab some swag and make some extra cash from the bugs they find. Reporting security issues has never been as easy, open, and risk-free as it is right now. Everybody wins!

Though that doesn’t mean we should stop there. As researchers, we spend a lot of time doing the same menial tasks for each program: monitoring for new targets, checking for common issues, remembering just which flags you needed to pass to that tool (or even which tool is best for that job). We build new tools, hack together shell scripts, and generally make small incremental changes to our process. But surely there’s a better approach?

Are you sick of repeating the same tedious tasks over and over? Wouldn’t it be nice to have your own bug hunting machine? One that -

We call this approach Bug Bounty Hunting on Steroids. We will discuss our research and approach to building such a machine, sharing some of the lessons we learned along the way. x


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Saturday - 14:30-18:30


Build Your Own OpticSpy Receiver Module

Saturday, 1430-1830 in Icon A

Joe Grand Grand Idea Studio

OpticSpy is an open source hardware module for experimenting with optical data transmissions. It captures, amplifies, and converts an optical signal from a visible or infrared light source into a digital form that can be analyzed or decoded with a computer. With OpticSpy, electronics hobbyists and hardware hackers can search for covert channels, which intentionally exfiltrate data in a way undetectable to the human eye, add data transfer functionality to a project, or explore signals from remote controls and other systems that send information through light waves.

In this workshop, creator Joe Grand will present a brief history of the project and then guide you through the process of building, calibrating, and testing your own kit version of OpticSpy.

Prerequisites: None. No prior soldering experience necessary.

Materials: None

Max students: 12

Registration: -CLASS FULL- https://www.eventbrite.com/e/build-your-own-opticspy-receiver-module-icon-a-tickets-47193834028
(Opens July 8, 2018 at 15:00 PDT)

Joe Grand
Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, former DEFCON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic systems since the 1980s.


Return to Index      -     

 

CHV - Flamingo Lower Level - Red Rock Rm 1-5 - Saturday - 15:30-15:55


Build your own RoboCar: CAN Bus at 1/10th Scale

Sean McKeever

saturday 8/11 • 3:30-3:55 PM
25 min talk

 

A review of the MK I RoboCar design from DEFCON 25s CHV, including details on how to build your own. PReview of the MKII cars including hints for this year's CTF.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 18:30-19:15


Title: Building a Better Bedside - The Blue Team Needs a Plan B

Speaker: Nick Deluski
Abstract:
While important changes may be afoot in the US regulatory environment for medical devices, which should hopefully allow more people to make informed decisions regarding patient safety, many CISOs, security engineers, and network admins have to live day to day in the world we have, not the world we wish for. There have been multiple presentations in the last few years about the details of medical device security that have rightly put the onus on manufacturers to provide long term fixes. However, we wonder if there are ways to create a more defensible and hardened hospital room until the notoriously slow regulatory process gains traction.We’ve done deep dives into specific medical devices and we’ve done pentests in several hospital systems. In our experience, we have noticed broad classes of common vulnerabilities across bedside equipment that transcend any one device or class of device. Input validation errors, buggy network stacks, and low-bandwidth links can be found in systems that monitor vitals, administer medications, or in components that glue disparate systems together. A long awaited patch may fix one vulnerability only for the hospital to bring in a different device for clinical or financial reasons, and wash-rinse-repeat. It’s not enough for one or two manufacturers to step up the security game if they are feeding data into other unreliable systems, and it will be a while before everyone is at the same level. We are dedicated red teamers, and we may feel the pain of those in the blue team trying to do the right thing, but we don’t know what it’s like to live in your shoes. In this talk, we will explain, in broad terms, vulnerabilities that we have seen and how we recommend remediating them. But we don’t want you to leave this session feeling that we are talking down to the defenders. We want you to have a seat at the table and share how you handle the unknown in your environment.

Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 14:00-14:30


Building A Teaching SOC

Andrew Johnson, Information Security Officer at Carnegie Mellon University

Effective security monitoring is an ongoing process. How do you get everyone participating? How do you on-board junior colleagues to continuous improvement? The purpose of this presentation is to show methods for encouraging participation from all members of the security monitoring team as well as tactics for communicating effective with the organization.

Andrew Johnson (Twitter: @pierogipowered) is implementing a dedicated security operations team at Carnegie Mellon University. The security operations group has a dual focus on both the traditional aspect of securing the university as well as a focus on training student colleagues on the practical application of their degree. Prior to Carnegie Mellon University, Andrew was with HM Health Solutions. He had been responsible for creating a security operations platform in the heavily regulated health insurance/provider space. Andrew is a co-organizer for the BSides Pittsburgh (@bsidespgh) conference and enjoys recreational cycling and cooking when not participating in information security related activities.


Return to Index      -     

 

DEFCON - 101 Track - Saturday - 12:00-12:45


Building Absurd Christmas Light Shows

Saturday at 12:00 in 101 Track
45 minutes

Rob Joyce

Learn about the elements that go into a computerized light display and how you outfit your own house with dazzling blinking lights set to music.  Components of the show are individually explained and live demonstrations of the technology are on display.  Come get inspired to computerize your  own holiday cheer!

Rob Joyce
Rob Joyce (@RGB_Lights) has been with the Nation Security Agency (NSA) for 29 years and has led organizations doing both foreign intelligence and cybersecurity work.  He is the Senior Advisor for Cybersecurity, having recently returned from the White House as the Cybersecurity Coordinator where he worked national policy, synchronizing activity across the government and partners.  His previous assignment was leading Tailored Access Operations (TAO), the organization developing tools, techniques and capabilities to exploit computers for NSA's foreign intelligence mission.  Prior to that, he was the Deputy Director for Information Assurance, overseeing the protection of national security systems, which includes the nation's cryptographic key material, classified networks and warfighting networks.  In his spare time, Rob builds a computerized Christmas light show.  His most recent display was likely visible from the International Space Station. In addition to an infatuation with Christmas light displays, he helped a Boy Scout troop built catapults for the annual Punkin Chunkin competition until lawyers ruined it for all of us.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Thursday - 10:00-13:59


Building Autonomous AppSec Test Pipelines with the Robot Framework

Thursday, 1000-1400 in Icon E

Abhay Bhargav CTO, we45

Sharath Kumar Ramadas Senior Solutions Engineer, we45

It is common knowledge that automating security testing, especially for rapid-release applications is an essential requirement from multiple perspectives. One perspective is that of security testing in a Continuous Delivery Pipeline (as part of CI/CD) and the other is the perspective of a Penetration Tester. In a CI/CD Pipeline, one would like security tests to be triggered in an automated manner. These tests should provide information related to application vulnerabilities to engineering teams, early in the SDL (Software Development Lifecycle), preferably before these apps are deployed to production. From the perspective of the Pentester, there is the obvious shortage of time and resources. Pentesters spend a lot of time repeating standard manual processes, thereby losing out on time to perform more deep, insightful analysis of the target application to uncover serious security flaws. Targeted Automation, can be very useful for a Pentester as well.

Prerequisites: Basic Knowledge of Application Security Testing Techniques

Materials: Laptop with Virtualbox loaded - VM will be provided

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/building-autonomous-appsec-test-pipelines-with-the-robot-framework-icon-e-tickets-47086284344
(Opens July 8, 2018 at 15:00 PDT)

Abhay Bhargav
Abhay Bhargav is the CTO of we45, a focused Application Security company. Abhay is the author of two international publications. "Secure Java for Web Application Development" and "PCI Compliance: A Definitive Guide". Abhay is a builder and breaker of applications, and has authored multiple applications in Django and NodeJS. He is the Chief Architect of "Orchestron", a leading Application Vulnerability Correlation and Orchestration Framework. He is a passionate Pythonista and loves the idea of automation in security. This passion prompted him to author the world's first hands-on Security in DevOps training that has been delivered in multiple locations, and recently as a highly successful training programs at the OWASP AppSecUSA 2016, OWASP AppSec EU and USA 2017. Abhay recently delivered a workshop on SecDevOps at DEFCON 25. In addition , Abhay speaks regularly at industry events including OWASP, ISACA, Oracle OpenWorld, JavaOne, and others.

Sharath Kumar Ramadas
Sharath is a Senior Solutions Engineer at we45. As part of his role, Sharath has architected and developed multiple solutions around security engineering, including an Application Vulnerability Correlation tool called Orchestron. As part of his experience with Application Security, Sharath has developed integrations for multiple security products including DAST, SAST, SCA and Cloud environments, In addition, Sharath has extensive experience with Cloud Deployments and Container Native Deployments. As part of his role in a security organization, Sharath has led teams that have created intentionally vulnerable apps for CTF competitions both inside and outside the organization.


Return to Index      -     

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 18:00-18:45


Building Drones the Hard Way

No description available


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Saturday - 14:30-18:30


Building Environmentally Responsive Implants with Gscript

Saturday, 1430-1830 in Icon C

Dan Borges

Alex Levinson Senior Security Engineer, Uber

Attendees to this workshop will experience a step by step walk through in setting up a Gscript build environment (which will include the Golang programing language as a requirement, along with the required libraries). Subsequently, attendees will obtain a basic overview of the Gscript capabilities in using conditional logic to navigate within, and deploy persistence mechanisms upon, target hosts.

Upon completion, each attendee will depart with a laptop (whichever one they brought _)containing a full Gscript build & testing environment, and at least 1 custom Gscript of their own design and purpose.

Prerequisites:
1. A general understanding of what an implant is, and how to use one.
2. Experience with Javascript
3. Experience with Metasploit and or meterpreter is a plus
4. Experience with the Golang programing language is also a plus

Materials: A laptop with an ethernet port

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/building-environmentally-responsive-implants-with-gscript-icon-c-tickets-47194616368
(Opens July 8, 2018 at 15:00 PDT)

Dan Borges
Dan Borges is an information security professional with over 15 years in computer science. Dan participates in a number of cyber security competitions each year, from being on the National CCDC Red Team, to leading a Blue Team in Pros Versus Joes, and helping run the Collegiate Penetration Testing Competition (CPTC). He has been publishing a blog on infosec education for more than 10 years.

Alex Levinson
Alex Levinson is a Senior Security Engineer at Uber with experience in red teaming, software engineering, and incident response. Outside of Uber, he is a core member of the red team for the National Collegiate Cyber Defense Competition (CCDC), as well as the Competition Director for the Collegiate Penetration Testing Competition (CPTC). Previously, Alex worked as a Senior Consultant and Development Manager at Lares Consulting.


Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 15:00-15:30


Building the Hacker Tracker

Thursday at 15:00 in 101 Track, Flamingo
20 minutes |

Whitney Champion Senior Systems Engineer

Seth Law Application Security Consultant, Redpoint Security

In 2012, back when DEF CON still fit in the Riviera (RIP), I recognized a gap to fill. I wanted to create a mobile version of the paper DEF CON booklet that everyone could use at the con.

I was unable to attend the conference that year. I was 8 months pregnant with my first child, and because I couldn't be there in person, I spent a lot of time wishing I was.

So I built it. I spent countless hours pouring my heart into what became the Hacker Tracker, shiny graphics and all, and was committing code up until the minute I went into labor.

Fast forward a few years: Seth was frustrated with the lack of a mobile app for iOS while attending DEF CON. Subsequently, he found the Android version of Hacker Tracker and reached out to me about creating an iOS version. I was thrilled that someone wanted to join me and help grow the project. Not long after that, I recruited Chris to work on the app as well.

Now, 6 years since its inception, a small team supports the app development across iOS and Android and the apps are being used by half a dozen different conferences, representing several thousand users.

From nothing to something, we've experienced quite a bit in 6 years. Join us as we share our moments of joy, fear, and panic,"things not to do", and more.

Whitney Champion
Whitney is a systems architect in South Carolina. She has held several roles throughout her career- security engineer, systems engineer, mobile developer, cloud architect, consulting architect, to name a few. In the last 15 years, she has worked on operations teams, support teams, development teams, and consulting teams, in both the private and public sector, supporting anywhere from a handful of users to hundreds of thousands. No matter the role, security has always been an area of passion and focus.

@shortxstack

Seth Law
Seth is an independent security consultant with Redpoint Security in Salt Lake City, where he performs security research and consulting for a various clients. He spends the majority of his time thinking up ways to exploit and secure applications, but has been known to pull out an IDE as the need arises. Over the course of his career, Seth has honed application security skills using offensive and defensive techniques, including tool development and research. He has an (un)healthy obsession with all things security related and regularly heads down the rabbit hole to research the latest vulnerability or possible exposures. Seth can regularly be found at developer meetups and security get-togethers, whether speaking or learning.

@sethlaw


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 10:00-11:59


Building visualisation platforms for OSINT data using open source solutions

No description available


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Friday - 14:30-18:30


Buzzing Smart Devices: Smart Band Hacking

Friday, 1430-1830 in Icon B

Arun Magesh IoT Security Researcher, Payatu Software Labs, LLP

With the recent advancement in connected/smart device and availability of ready-made framework for both hardware and software development. Companies want to rapidly get into smart device market. it is necessary to look at the security feature of these smart device as our digital lives are connected with these devices.

Bluetooth has been around for almost a decade and with the need of low power wireless network and interoperability. Bluetooth has been used in vast majority of the device because of its low power footprint and interoperability as most of our smartphones have Bluetooth

In this workshop, we will be learning on how to fuzz the Bluetooth LE functionality of smart devices and exploit it. In the process, we will learn about how the Bluetooth low energy protocol works and various tools involved in reversing a smart band. We will also introduce a Bluetooth fuzzing framework called as Buzz and use it to crash or find other information in the smart band.

By the end of the class, we will also touch base on the hardware level exploits like accessing the serial port, debugging port and bypass Flash Read protection to extract the firmware from the smart band and demos on the same.

Prerequisites: Knowledge of Linux OS, Basic knowledge of programming (C, python) would be a plus

Materials: Laptop with at least 50 GB free space , 8+ GB minimum RAM (4+GB for the VM), External USB access (min. 2 USB ports)
Administrative privileges on the system
Virtualization software & Latest VirtualBox (5.2.X) (including Virtualbox extension pack)
Linux host machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse).
Virtualization (Vx-t) option enabled in the BIOS settings for VirtualBox to work
Tools will be provided by the instructor and to be returned.
You can also buy the hardware yourself.
SmartBand: https://www.banggood.com/No_1-F4-Blood-Pressure-Heart-Rate-Monitor-Pedometer-IP68-Waterproof-Smart-Wristband-For-iOS-Android-p-1182728.html
Bluetooth Dongle: https://www.amazon.com/DayKit-Bluetooth-Adapter-Windows-Raspberry/dp/B01IM8YKPW/

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/buzzing-smart-devices-smart-band-hacking-icon-b-tickets-47193534131
(Opens July 8, 2018 at 15:00 PDT)

Arun Magesh
Arun Magesh works as IoT Security Researcher at Payatu Software labs and has worked on numerous smart devices pentest in the past couple of years. With an electrical engineering academic background, he serves as a core committee member for several IoT local chapters and hackerspaces in India, where he regularly delivers talks and hands-on workshops. He has 5+ years hands-on experience in both building and breaking IoT devices and has been previously awarded for India's Top 25 under 25 technologists and Intel Software Innovator. He has delivered training to numerous governmental and private organizations around the world. He is also a speaker and trainer at several conferences like nullcon18, zer0con18, RISC17, Intel Devfest and EFY17 and His main focus area in IoT is embedded device and SDR security. He has also built and contributed to a number of projects such as Brain-Computer interfacing and Augment Reality solutions.


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 15:00-15:45


Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010

Friday at 15:00 in Track 1
45 minutes | Demo, Tool

Gabriel Ryan Co-Founder / Principal Security Consultant @ Digital Silence

Existing techniques for bypassing wired port security are limited to attacking 802.1x-2004, which does not provide encryption or the ability to perform authentication on a packet-by-packet basis [1][2][3][4]. The development of 802.1x-2010 mitigates these issues by using MacSEC to provide Layer 2 encryption and packet integrity check to the protocol [5]. Since MacSEC encrypts data on a hop-by-hop basis, it successfully protects against the bridge-based attacks pioneered by the likes of Steve Riley, Abb, and Alva Duckwall [5][6].

In addition to the development of 802.1x-2010, improved 802.1x support by peripheral devices such as printers also poses a challenge to attackers. Gone are the days in which bypassing 802.1x was as simple as finding a printer and spoofing address, as hardware manufacturers have gotten smarter.

In this talk, we will introduce a novel technique for bypassing 802.1x-2010 by demonstrating how MacSEC fails when weak forms of EAP are used. Additionally, we will discuss how improved 802.1x support by peripheral devices does not necessarily translate to improved port-security due to the widespread use of weak EAP. Finally, we will consider how improvements to the Linux kernel have made bridge-based techniques easier to implement and demonstrate an alternative to using packet injection for network interaction. We have packaged each of these techniques and improvements into an open source tool called Silent Bridge, which we plan on releasing at the conference.

Gabriel Ryan
Gabriel Ryan is a penetration tester and researcher with a passion for wireless and infrastructure testing. He currently serves a co-founder and principal security consultant for Digital Silence, a Denver based consulting firm that specializes in impact driven penetration testing and red team engagements.

Prior to joining Digital Silence, Gabriel worked as a penetration tester and researcher for Gotham Digital Silence, contributing heavily to their wireless security practice and regularly performing large scale infrastructure assessments and red teams for Fortune 500 companies. Some of Gabriel's most recent work includes the development of EAPHammer, an 802.11ac focused tool for breaching WPA2-EAP networks. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys producing music, exploring the outdoors, and riding motorcycles.

@s0lst1c3, https://digitalsilence.com, solstice.sh


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Friday - 10:00-13:59


Bypassing Windows Driver Signature Enforcement

Friday, 1000-1400 in Icon A

Csaba Fitzl

Microsoft does a great effort to harden the Windows kernel and limit attackers to load their custom drivers (kernel rootkits) with the introduction of Driver Signature Enforcement in Win7x64. In this 4 hour workshop we will learn the limitation of this enforcement and practice how we can bypass it. We will explore 4 different methods (from very easy to difficult) on various versions of Windows, including Windows 10. We will see how and why they work, and which malware used them in the past. First we will see how we can use leaked certificates to overcome DSE as well as how we can turn it OFF by design, and what are its limitations. Then we will use WinDBG to look into the kernel and find the various flags used to control DSE and use the HackSysExtremeVulnerableDriver to do kernel exploitation for setting those to the value we require. We will use a simple dummy driver to demonstrate unsigned driver loading.

Prerequisites: Some experience with WinDBG, assembly or kernel exploitation can be helpful, but not required. Basic Python scripting knowledge will be needed.

Materials: For the full experience students will require 2 Windows virtual machines (Windows 7 and Windows 10) (optionally Windows 8) with WinDBG, Python installed on all of them, and one of them will require Visual Studio with Driver development tools. Guide for setting up VMs will be provided prior the workshop.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/bypassing-windows-driver-signature-enforcement-icon-a-tickets-47194788884
(Opens July 8, 2018 at 15:00 PDT)

Csaba Fitzl
Csaba graduated in 2006 as a computer engineer. He worked for 6 years as a network engineer, troubleshooting and designing big Cisco networks. After that he started to work as a blue teamer, focusing on network forensics, malware analysis and kernel exploitation. Recently he joined a red team, where he spends most of his time simulating adversary techniques. He gave talks / workshops on various international IT security conferences, including Hacktivity, hack.lu, hek.si, SecurityFest and BSidesBUD. He currently holds OSWP / OSCP / OSCE / OSEE certifications. He is the author of the 'kex' kernel exploitation Python toolkit.


Return to Index      -     

 

CHV - Flamingo Lower Level - Red Rock Rm 1-5 - Friday - 12:00-12:25


CAN Signal Extraction from OpenXC with Radare2

Ben Gardiner

FRIDAY 8/10 • 12:00-12:25 PM
25 mintalk

OpenXC builds its firmware -- for both the open and proprietary builds -- using JSON data structures which define the CAN signals. These definitions are akin to the CAN database files (.dbc) files. Reverse engineering of the open openXC builds (as an educational excersize) reveals that it is a straightforward matter to identify and extract the CAN signal definitions from the binary. Attendees will learn: What are dbc files? How strings lead reverse engineers to interesting code via backwards cross-references? What tools do attackers use to reverse engineer raw binary firmwares? How do they use them? What are some simple, useful deterrents? How do descriptive data structures -- JSON in particular -- aid attackers in their reverse engineering efforts? What mitigations are possible for this risk? The exposition of machine code in the talk will be via the free radare2 RE tool.


Return to Index      -     

 

CHV - Flamingo Lower Level - Red Rock Rm 1-5 - Saturday - 16:05-16:50


CANT

Tim Brom

SATURDAY 8/11 • 4:05-4:50 PM
45 min talk

The Controller Area Network (CAN) bus has been mandated in all cars sold in the United States since 2008. But CAN is terrible in many unique and disturbing ways. CAN has served as a convenient punching bag for automotive security researches for a plethora of reasons, but all of the available analysis tools share a shortcoming. They invariably use a microcontroller with a built-in CAN peripheral that automatically takes care of the low-level (ISO layer 1 and 2) communication details, and ensures that the CAN peripheral plays nicely and behaves at those low levels. However, a good hardware hacker understands that the sole purpose of the electron is to be bent to our will, and breaking assumptions by making “That CANT happen!” happen is a surefire way to find bugs. CANT is a (partial) CAN bus peripheral implemented in software that allows security researchers to exercise the electrical bus-level error handling capability of CAN devices. The ability to selectively attack specific ECUs in a manner that is not detectable by automotive IDS/IPS systems (see ICS-ALERT-17-209-01) is invaluable to automotive security researchers as more automakers integrate advanced security measures into their vehicles.


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 11:30-11:59


Capturing in Hard to Reach Places

Silas Cutler, Senior Security Researcher at CrowdStrike

It's easy for us to take for granted when tools allow us to start capturing network traffic without any real hardships. However, what happens when the data you want isn't so easy to capture. This talk will look at two cases in which environments needed to be bent in order to capture the data needed for analysis.

Silas Cutler (Twitter: @silascutler) is a Senior Security Researcher at CrowdStrike, Project Director for MalShare and DEFCON 21 Black Badge (from Capture the Packet). Endorsed on LinkedIn by [REDACTED] for "tcpdump". His prior managers have described him as "a guy" and "meeting necessary skills to perform job functions."


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 16:00-16:59


Car Infotainment Hacking Methodology and Attack Surface Scenarios

Jay Turla, Application Security Engineer at Bugcrowd

The battle for supremacy for the control of the dashboard display or infotainment systems has always been a race. Most of these systems run on Linux, Android, Windows (customized dashboards - perhaps Windows ME or CE) and Blackberry's QNX. In-Vehicle Infotainment (IVI) or In-car entertainment (ICE) Systems are indeed fun consoles where you can play media, movies, or work with your car's navigational system. But somehow it also comes with a risk of being hacked or attacked because they have also been plagued with vulnerabilities. In this talk, join Jay as he presents his own Car Hacker's Methodology in finding security bugs in order to pwn a car's infotainment system without having to do a drive by wire or CANbus hacking tools but will simply point out the common attack surfaces e.g WiFi, Bluetooth, USB Ports, etc. and some scenarios on how to exploit it just like how he popped a shell or issue an arbitrary command in his car which he tweeted in Twitter before.

Jay Turla (Twitter: @shipcod3) is an application security engineer at Bugcrowd Inc., and one of the goons of ROOTCON. He has been acknowledged and rewarded by Facebook, Adobe, Yahoo, Microsoft, Mozilla, etc. for his responsible disclosures. He has also contributed auxiliary and exploit modules to the Metasploit Framework and presented at ROOTCON, Nullcon, and TCON. He used to work for HP Fortify where he performs Vulnerability Assessment, Remediation and Advance Testing.


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 12:00-12:25


Cartoons, Sketchnotes, Bullet Journals and Other Data Visualization Tricks - Raye Keslensky

“When it comes to presenting data, it’s not WHAT you present, it’s HOW you present it! Combining words with pictures has been around for ages. Picking up an understanding of sequential art and how you can use it in your day-to-day life is critical!

This talk covers a crash course of data science and visualization. Learn what parts of the information you’re supposed to keep an eye on! Make better line breaks with your text! Bring clarity to your writing! Good for software design, scrapbooking, OSINT, or keeping your shit together! “


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 10:20-10:40


Chatting with your programs to find vulnerabilities

Chris Gardner

During the Cyber Grand Challenge, an automated vulnerability exploitation competition, all the teams used the same approach: use a fuzzer to find bugs, and symbolic execution to generate an exploit for any bugs found. Fuzzers are great at triggering bugs, but their effectiveness is often limited by the quality of the initial testcase corpus that is fed to them. Testcases are easy for humans to create, but hard to generate automatically. Teams used a wide variety of techniques to generate initial seeds: from using very slow symbolic execution techniques to find inputs that triggered execution paths, to just using the word “fuzz” as the seed and hoping for the best. However, many of the programs in the CGC are console programs designed to be used by humans: meaning they give a prompt in English and expect a response. For this research we trained a chatbot Recurrent Neural Network on a set of testcases generated by humans, and ran the RNN against the test set with the goal of finding testcases that had higher code coverage than random guessing and could be used with a fuzzer to find bugs.

Chris recently graduated from UMBC, where he found a passion for malware analysis and binary exploitation. In his spare time he plays CTFs and bikes his way around Washington DC.


Return to Index      -     

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


CHIRON

Sunday 08/12/18 from 1000-1150 at Table Three
Defense

Rod Soto

Joseph Zadeh

Home-based open source network analytics and machine learning threat detection

CHIRON is a home analytics based on ELK stack combined with Machine Learning threat detection framework AKTAION. CHIRON parses and displays data from P0f, Nmap, and BRO IDS. CHIRON is designed for home use and will give great visibility to home internet devices (IOT, Computers, Cellphones, Tablets, etc). CHIRON is integrated with AKTAION which detects exploit delivery ransomware/phishing.

https://github.com/jzadeh/chiron-elk

Rod Soto
Rod Soto. Director of Security Research at JASK.AI Founder Pacific Hackers Conference, Co-founder Hack The Valley

Joseph Zadeh
Joseph Zadeh. Director of Data science at JASK.AI Co-founder Hack the Valley


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 12:45-12:59


Closing Note

No description available


Return to Index      -     

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 10:40-11:30


Cloud Security Myths

Friday at 10:40-11:30
50 minutes

Xavier Ashe@XavierAshe

Cloud Security is a magical world of as-a-service miracles. Just spin up your intrusion-detection- as-a-service, SOC-as-a-service, incident-response-as-a-service, and start feeding it security- intelligence-as-a-service. Come hear from this CISO-as-a-service unwrap the onion of cloud access security brokers (CASB), cloud workload protection platforms (CWPP), microsegmentation, cloud security posture management (CSPM), software-defined perimeters (SDP), and bunch of other cloud related topics. What do they do? Do they really work? What do you with all those security appliances you’ve accumulated?

Xavier Ashe
Xavier Ashe is a Georgia Institute of Technology alumnus and has 25 years of hands-on experience in information security. Working for various security vendors and consulting firms for the last 15 years, including IBM, Gartner, and Carbon Black, Xavier has been focused on helping secure companies of all sizes. Xavier was the first hire at the startup Drawbridge Networks, where he was instrumental in bringing the first microsegmentation solution for servers and workstations to market. Xavier served on the IBM Security Architecture Board and published several papers. Mr. Ashe holds many industry certifications, including CISM, CISSP, ITIL, SOA, and others. Xavier is currently running Xavier Enterprises, an information security consulting firm.


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 12:00-12:59


Title:
Cloud Security Myths

Xavier Ashe
@xavierashe

Cloud Security Myths

Cloud Security is a magical world of as-a-service miracles. Just spin up your intrusion-detection-as-a-service, SOC-as-a-service, incident-response-as-a-service, and start feeding it security-intelligence-as-a-service. Come hear from this CISO-as-a-service unwrap the onion of cloud access security brokers (CASB), cloud workload protection platforms (CWPP), microsegmentation, cloud security posture management (CPSM), and software-defined perimeters (SDP). What do they do? Do they really work? What do you with all those security appliances youve accumulated?


Return to Index      -     

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit

Saturday 08/11/18 from 1200-1350 at Table Two
Defense, Cloud professionals

Jayesh Singh Chauhan

Nowadays, cloud infrastructure is pretty much the de-facto service used by large/small companies. Most of the organisations have partially or entirely moved to cloud. With more and more companies moving to cloud, the security of cloud becomes a major concern. While AWS, GCP & Azure provide you protection with traditional security methodologies and have a neat structure for authorisation/configuration, their security is as robust as the person in-charge of creating/assigning these configuration policies. We all know, human error is inevitable and any such human mistake could lead to catastrophic damage to the environment.

Knowing this, audit of cloud infrastructure becomes a hectic task! There are a few open source tools which help in cloud auditing but none of them have an exhaustive checklist. Also, collecting, setting up all the tools and looking at different result sets is a painful task. Moreover, while maintaining big infrastructures, system audit of server instances is a major task as well.

CS Suite is a one stop tool for auditing the security posture of the AWS/GCP/Azure infrastructures and does OS audits as well. CS Suite leverages current open source tools capabilities and has custom checks added into one tool to rule them all.

https://github.com/SecurityFTW/cs-suite

Jayesh Singh Chauhan
Jayesh Singh Chauhan is a security professional with 7 years of experience in the security space. In past, he has been part of security teams of PayPal, PwC and currently works as the senior security engineer for Sprinklr. He has authored CS-Suite, OWASP Skanda, RFID_Cloner and CSRF PoC generator and has presented in BlackHat Asia, BlackHat EU, hackmiami, c0c0n, GES and Ground Zero Summit. He is the project leader for OWASP Skanda and leads the NULL Bangalore chapter.


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 11:00-11:45


Compression Oracle Attacks on VPN Networks

Saturday at 11:00 in Track 2
45 minutes | Demo, Tool

Nafeez Security Researcher

Security researchers have done a good amount of practical attacks in the past using chosen plain-text attacks on compressed traffic to steal sensitive data. In spite of how popular CRIME and BREACH were, little was talked about how this class of attacks was relevant to VPN networks. Compression oracle attacks are not limited to just TLS protected data. In this talk, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. We also show a case study with a well-known VPN server and their plethora of clients. We then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward rather than claiming 'Thou shall not compress traffic at all.' One of the things that we would like to showcase is how impedance mismatches in these different layers of technologies affect security and how they don't play well together.

Nafeez
Ahamed Nafeez has a varied offensive security background with some emphasis on browsers, web services, and cryptography. He believes defending is much harder than attacking most of the time and appreciates the variables and challenges defenders have. These days he is interested in writing secure frameworks, automating attacks and more or less trying to learn to write good code.

He has spoken at a few security conferences in the past around web apps, browsers and security analysis of javascript. He tweets at @skeptic_fx and builds his side project assetwatch.io in free time, an automated asset discovery/monitoring service.


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 13:00-13:30


Compromising online accounts by cracking voicemail systems

Friday at 13:00 in Track 1
20 minutes | Demo, Audience Participation, Tool

Martin Vigo Hacker

Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these?

In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the broader impact of gaining unauthorized access to voicemail systems today and introduce a new tool that automates the process.

Martin Vigo
Martin Vigo is a Lead Product Security Engineer and Researcher responsible for Mobile security, Identity and Authentication. He helps design secure systems and applications, conducts security reviews, penetration testing and generally helps keep "the cloud" secure. Martin is also involved in educating developers on security essentials and best practices.

Martin has presented several topics including breaking password managers, exploiting Apple's Facetime to create a spy program and mobile app development best practices. These were given at conferences such as Blackhat EU, Ekoparty, Kaspersky Security Analyst Summit and Shakacon.

Outside the office, Martin enjoys research, bug bounties, gin tonics and scuba diving.

@martin_vigo


Return to Index      -     

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


Conformer

Sunday 08/12/18 from 1000-1150 at Table Six
Offense, AppSec

Mikhail Burshteyn

Conformer is a penetration testing tool, mostly used for external assessments to perform password based attacks against common webforms. Conformer was created from a need for password guessing against new web forms, without having to do prior burp work each time, and wanting to automate such attacks. Conformer is modular with many different parameters and options that can be customized to make for a powerful attack. Conformer has been used in countless assessments to obtain valid user credentials for accessing the internal environment through VPN, other internal resources or data to further the assessment.

https://github.com/mikhbur/conformer

Mikhail Burshteyn
Mikhail Burshteyn is a security consultant at CDW, performing Penetration Tests. Mikhail currently performs External, Internal, Wireless, and Social Engineering assessments, testing the capabilities for wide range of clients and industries. He is interested in research in various security topics, including Networking, Web Apps, and Active Directory.


Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Sunday - 10:45-10:59


Title: Contest winners, prizes, showcase and awards

Speakers: Michael Schloh

Description:
No description available



Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 12:00-12:30


Title: Contests, Challenges, and free giveaways

Speakers: MSvB and midipoet

Description:
No description available



Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 15:10-15:50


Core OSINT: Keeping Track of and Reporting All the Things - Micah Hoffman

“Your client gives you their requirement, ““find the social media accounts of the target person and any friends they may have””. Simple enough. You execute your Standard Operating Procedures (you DO have a SOP, right?) and begin running tools, using your sock puppets, scraping web sites, and finding a ton of data. You’ve got CSVs, text output, images, URLs….OH MY! How do you keep track of all this data and, more importantly, how do you ensure that you can report on it and have covered all the pivot points for the OSINT investigation?

As OSINTers, pentesters, defenders, PIs, and others, we can easily get swamped in data. Join me as we look at some bad, some good, and some amazing methods of keeping your investigation on track.”


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Friday - 10:00-13:59


Crypto Hero

Friday, 1000-1400 in Icon F

Sam Bowne Instructor, City College San Francisco

Dylan James Smith

Elizabeth Biddlecome Security Consultant

Protect data with strong cryptography (AES, RSA, SHA) and attack these systems (Existential Forgery, Padding Oracle, and more). Apply these techniques to blockchains including Bitcoin, Ethereum, and Multichain.

This is a hands-on workshop with a series of CTF-style challenges, beginning with simple data conversions and extending to advanced methods appropriate for experts. We will briefly explain and demonstrate the techniques, and trainers will help participants individually with the challenges.

Prerequisites: Prior experience with cryptography is helpful but not required.

Materials: A laptop capable of running VMware virtual machines

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/crypto-hero-icon-f-tickets-47194055691
(Opens July 8, 2018 at 15:00 PDT)

Sam Bowne
Sam Bowne is an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is like, really smart.

Dylan James Smith
Dylan James Smith has assisted Sam Bowne with classes as a tutor and TA and at hands-on workshops at DEF CON, RSA, B-Sides LV and other conferences. He has worked in and around the computer support and network administration industries since adolescence. Now he's old(er.) Currently tearing things apart and putting them back together and seeking opportunities to practice and teach "the cybers".

Elizabeth Biddlecome
Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 18:30-18:59


Title: Custodial Responsibilities in the Connected Age: Digital Specimens and Social Contracts

Speaker: Andy Coravos
@andreacoravos
Abstract:
"Healthcare is enamored with data. We have more data than we know what to do with (e.g., constant flows of data from wearables, new and cheaper ways to sequence genomes, digital phenotypes expressed through social media interactions) and there is a rush to deploy this data in clinical research and care. As we combine this “data”, we start to build a digital replica of each human. Our healthcare data carries new weight, new responsibilities. The rise in data means that we are gaining a greater body of knowledge as we assemble a digital representation of a person. We are getting closer to full understanding of someone’s biology, brain structure, how and why they think and do what they do. We are entering into a world where precision medicine and “N of 1” studies is (finally) becoming possible. On the flipside, we are also entering into a period of unprecedented monitoring and surveillance. As a society, we have standards for how we handle human blood, tissue and other human specimens. It’s now time for us to talk more about how we are to handle our digital specimens. In the talk, we’ll discuss the proliferation of our biometric and psychographic data, use cases, and the new ethical and custodial responsibilities that arise for individuals, regulators and companies."

Return to Index      -     

 

Contest - Contest Stage - Saturday - 10:00-11:59


Title:
D(Struction)20 CTF

Part CTF, part lemon race, part game show, part demolition derby, the D(struction)20 CTF is a contest best played with a low-cost, usable, rugged, and powerful hacking platform! Bring your "indestructible" phones, your single-board computers with welded cases, or just take that old clunker gathering dust in the closet and put it to good (and possibly hilarious) use! Periodically during the competition, a random contestant from the leaderboard will roll the d20 of Destruction to decide what will happen to their rig. If they're very lucky, they roll a natural 20 and no damage will be inflicted! Otherwise, the d20 of Destruction will decide what type of damage will be done to their rig, be it physical impact, intense vibration, or something else! If the rig survives their chosen fate, the contestant may continue playing, but either way, rolling the d20 of Destruction results in a big point bonus that may make the difference between winning and losing, even if the rig is destroyed in the process!

More Info: @d20ctf

Return to Index      -     

 

DEFCON - Octavius 9 - Friday - 20:00-19:59


D0 N0 H4RM: A Healthcare Security Conversation

Friday at 20:00 in Octavius 9
Fireside Hax

Christian"quaddi" Dameff MD Emergency physician, Clinical Informatics fellow at The University of California San Diego.

Jeff "r3plicant" Tully MD Pediatrician, Anesthesiologist, University of California Davis

Kirill Levchenko PhD Associate Professor of Computer Science, University of California San Diego

Beau Woods Hacker

Roberto Suarez Hacker

Jay Radcliffe Hacker

Joshua Corman Hacker

David Nathans Hacker

Healthcare cybersecurity is in critical condition. That's not FUD, that's the bottom line from the Congressionally mandated Health Care Industry Cybersecurity Task Force report released just last year, a year which also saw the twin specters of WannaCry and NotPetya take down entire hospital systems while over half a million implanted pacemakers were recalled in the fallout of one of the most (ir?)responsible disclosures in recent memory. It's enough to make any concerned white hat reach for a stiff drink. And that's where we come in. After an incredibly successful, near-fire-code-violating jam packed session at DC25 as an Evening Lounge, 'D0 N0 H4rm' is diving deeper and going longer as it transforms into a Fireside Hax, assembling an even larger and more distinguished panel of expert hackers, policymakers, wonks, and health care providers to continue discussing, dissecting, and most importantly, debating the ways to keep patients safe in an increasingly perilous space. Featuring continuous audience interaction and with the same loose and informal flow that characterized the initial, libation rich hotel room gatherings, moderators quaddi and r3plicant invite you to add your voice to this incredibly important conversation. Pin this one down quickly, pre-registration is going to go fast.

Christian "quaddi" Dameff MD
Christian (quaddi) Dameff MD is an emergency medicine doctor, former open capture the flag champion, prior DEF CON speaker, and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his fourteenth DEF CON.

@cdameffmd

Jeff "r3plicant" Tully MD
Jeff (r3plicant) Tully MD is an anesthesiologist, pediatrician, and researcher with an interest in understanding the ever-growing intersections between healthcare and technology. Prior to medical school he worked on"hacking" the genetic code of Salmonella bacteria to create anti-cancer tools, and throughout medical training has remained involved in the conversations and projects that will secure healthcare and protect our patients as we face a brave new world of remote care, implantable medical devices, and biohacking.

@jefftullymd

Kirill Levchenko PhD

Beau Woods
Beau Woods is a leader with the I Am The Cavalry grassroots initiative, an Entrepreneur in Residence at the US Food and Drug Administration, a Cyber Safety Innovation Fellow with the Atlantic Council, and Founder/CEO of Stratigos Security. Beau has consulted with Global 100 corporations, the White House, members of Congress, foreign governments, and NGOs on some of the most critical cybersecurity issues of our time. Beau's focus is on Internet of Things (IoT) technologies where cybersecurity intersects public safety and human life issues, including healthcare, automotive, energy, oil and gas, aviation, transportation, and other sectors. Beau is a published author, frequent public speaker, often quoted in media, and is often engaged for public or private speaking venues.

Roberto Suarez
Roberto Suarez is a product security and privacy professional in the medical device and healthcare IT industry. At BD, Roberto is responsible for developing a Product Security Center of Excellence that drives process, capability and maturity to build products that are secure by design with transparency and control in mind. Giving product teams exposure to cyber security training and events, building their in-house expertise and promoting a company-wide community for product security is what Roberto is passionate about.

Jay Radcliffe
Jay Radcliffe is a Senior Security Consultant and Researcher. He is an offensive penetration tester with a knack for hardware hacking and embedded device security. He has given dozens of presentations at conferences around the world including DEF CON and Blackhat including several on the security of insulin pumps.

Joshua Corman
Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world's increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon's Heinz College and on the 2016 HHS Cybersecurity Task Force.

David Nathans


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 10:00-10:45


De-anonymizing Programmers from Source Code and Binaries

Friday at 10:00 in Track 2
45 minutes |

Rachel Greenstadt Associate Professor, Drexel University

Dr. Aylin Caliskan Assistant professor of Computer Science, George Washington University

Many hackers like to contribute code, binaries, and exploits under pseudonyms, but how anonymous are these contributions really? In this talk, we will discuss our work on programmer de-anonymization from the standpoint of machine learning. We will show how abstract syntax trees contain stylistic fingerprints and how these can be used to potentially identify programmers from code and binaries. We perform programmer de-anonymization using both obfuscated binaries, and real-world code found in single-author GitHub repositories and the leaked Nulled.IO hacker forum.

Rachel Greenstadt
Dr. Rachel Greenstadt (PI) is an Associate Professor of Computer Science at Drexel University where she teaches graduate-level courses in computer security, privacy, and machine learning. She founded the Privacy, Security, and Automation Laboratory at Drexel University in 2008. Dr. Greenstadt was among the first to explore the effect of adversarial attacks on stylometric methods, and the first to demonstrate empirically how stylometric methods can fail in adversarial settings while succeeding in non-adversarial settings.

She has a history of speaking at hacker conferences including DEF CON 14, ShmooCon 2009, 31C3, and 32C3.

Dr. Greenstadt's scholarship has been recognized by the privacy research community. She is an alum of the DARPA Computer Science Study Group and a recipient of the NSF CAREER Award. Her work has received the PET Award for Outstanding Research in Privacy Enhancing Technologies and the Andreas Pfitzmann Best Student Paper Award. She currently serves as co-editor-in-chief of the journal Proceedings on Privacy Enhancing Technologies (PoPETs). Her research has been featured in the New York Times, the New Republic, Der Spiegel, and other local and international media outlets.

@ragreens

Dr. Aylin Caliskan
Aylin Caliskan is an assistant professor of computer science at George Washington University. Her research interests include the emerging science of bias in machine learning, fairness in artificial intelligence, data privacy, and security. Her work aims to characterize and quantify aspects of natural and artificial intelligence using a multitude of machine learning and language processing techniques. In her recent publication in Science, she demonstrated how semantics derived from language corpora contain human-like biases. In addition, she developed novel privacy attacks to de-anonymize programmers using code stylometry. Her presentations on both de-anonymization and bias in machine learning are the recipients of best talk awards. Her work on semi-automated anonymization of writing style furthermore received the Privacy Enhancing Technologies Symposium Best Paper Award. Her research has received extensive press coverage across the globe. Aylin holds a PhD in Computer Science from Drexel University and a Master of Science in Robotics from the University of Pennsylvania. She has previously spoken at 29C3, 31C3, 32C3, and 33C3.

@aylin_cim


Return to Index      -     

 

Meetup - Chill Out Lounge - Saturday - 12:00-12:59


Title:
Deaf Con Meet Up

DEAF CON is a California 501 (c)(3) Non-profit organization. We provide outreach to the Deaf and HH community and information security community. We encourage Deaf and HH information security professionals to attend conferences, like Defcon. We help to provide communication services and spaces for professionals to meet and network with others. Anyone can come and attend our meet up and hangout!

More Info: https://www.deafconinc.org/    @_DEAFCON_

Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Saturday - 10:00-13:59


Decentralized Hacker Net

Saturday, 1000-1400 in Icon F

Eijah Founder, Promether

As hackers, sometimes we need to send data without anybody knowing anything. We don't want anybody to know what we're sending, so we use encryption. That's the easy part. We also don't want anybody to know that we're sending any data. That's the hard part. The observation of our presence on the network could be enough to get us in trouble. And that's just not acceptable. We need to figure out a way to hide in plain sight.

Creating an environment where data can be sent securely and our presence on the network is hidden, is not an easy thing to do. We can't rely on centralized technologies, which means we need to build a decentralized network. The network should be adaptive and flexible enough to send any type of data to any number of users. But how do we inject anonymity into a network while still supporting the verification of identity between parties? Can we establish trust without having to trust?

This workshop takes you through the process of creating a decentralized network that allows you to circumvent detection by governments and corporations. You'll be able to securely communicate and share data while masking your online identity. You'll create an adaptive, node-based infrastructure where data is shared via Distributed Hash Tables (DHT) backed by real-time asymmetric Elliptic-curve cryptography (ECC). If you've ever wanted to punch a hole through a great (or not-so-great) firewall, this workshop is for you.

Please note that this is a medium-level, technical workshop and requires that attendees have prior experience in at least one programming language, preferably C or C++. Bring your laptop, a USB flash drive, and your favorite C/C++ 11 compiler (>= gcc/g++ 4.9.2 or msvc 2015).

Prerequisites: Previous experience in at least one programming language is required. Previous experience with C/C++ and cryptography is helpful, but not required.

Materials: Laptop with Windows, Linux, or OSX. USB flash drive for saving their progress.

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/decentralized-hacker-net-icon-f-tickets-47194682566
(Opens July 8, 2018 at 15:00 PDT)

Eijah
Eijah is the founder of Promether and has 20+ years of software development and security experience. He is also the creator of Demonsaw, an encrypted communications platform that allows you to chat, message, and transfer files without fear of data collection or surveillance. Before that Eijah was a Lead Programmer at Rockstar Games where he created games like Grand Theft Auto V. He has been a faculty member at multiple colleges, has spoken about security and development at DEFCON and other security conferences, and holds a master's degree in Computer Science. Eijah is an active member of the hacking community and is an avid proponent of Internet freedom.


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 11:00-11:59


Title:
Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe?

Soldier of FORTRAN
@mainframed767
Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe?

In 2012 hackers were running rampant in Swedens federal mainframes. During the course of the investigation it was thought it might be a good idea to release *ALL* the investigation documentation to the public. Included in these public files were snippets (or full programs) of the tools the hackers developed to work on an IBM z/OS mainframe (see: https://wikileaks.org/gottfrid-docs/). But not every tool developed were included in those papers. Shortly after the documents were released, your speaker was sent a DM out of the blue with a link to a pastebin (https://pastebin.com/Apk5zWDj) and two simple questions: "was this an exploit? how did it work?" Why did they contact the speaker? Because it was thought he originally was the one who did the breach. This talk will go over the breach in a high level before diving DEEP in to the unix part of a mainframe, looking at exactly what this C program was doing (or attempting to do) and how it accomplished it. This talks got it all when it comes to mainframe privilege escalation, APF authorized unix programs (a special attribute on z/OS), buffer overflows, hijacking return addresses, debugging C programs and changing ACEEs. All of these will be peppered with demos to show how it worked. After this talk you'll be able to know exactly what DeFeNeStRaTe.C was (trying?) to do and see it in action!


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 16:00-16:59


Deep Exploit

Isao Takaesu

DeepExploit is fully automated penetration tool linked with Metasploit. It identifies the status of all opened ports on the target server and executes the exploit at pinpoint using Machine Learning.

Isao Takaesu is CISSP. He is working in Mitsui Bussan Secure Directions, Inc. as security engineer and researcher. He found many vulnerabilities in client’s server and proposed countermeasures to client. He thinks that there’s more and wants to find vulnerabilities. Therefore, he is focused on artificial intelligence technology for cyber security. Now, he is developing the penetration test tool using machine learning.


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 11:20-11:40


DeepPhish: Simulating the Malicious Use of AI

Ivan Torroledo

Machine Learning and Artificial Intelligence have become essential to any effective cyber security and defense strategy against unknown attacks. In the battle against cybercriminals, AI-enhanced detection systems are markedly more accurate than traditional manual classification. Through intelligent algorithms, detection systems have been able to identify patterns and detect phishing URLs with 98.7% accuracy, giving the advantage to defensive teams. However, if AI is being used to prevent attacks, what is stopping cyber criminals from using the same technology to defeat both traditional and AI-based cyber-defense systems? This hypothesis is of urgent importance - there is a startling lack of research on the potential consequences of the weaponization of Machine Learning as a threat actor tool. In this talk, we are going to review how threat actors could exponentially improve their phishing attacks using AI to bypass machine-learning-based phishing detection systems. To test this hypothesis, we designed an experiment in which, by identifying how threat actors deploy their attacks, we took on the role of an attacker in order to test how they may use AI in their own way. In the end, we developed an AI algorithm, called DeepPhish, that learns effective patterns used by threat actors and uses them to generate new, unseen, and effective attacks based on attacker data. Our results show that, by using DeepPhish, two uncovered attackers were able to increase their phishing attacks effectiveness from 0.69% to 20.9%, and 4.91% to 36.28%, respectively.

Ivan Torroledo is the lead data scientist in the Cyxtera Research organization. In this role, he develops and implements Machine and Deep Learning algorithms to enhance phishing detection, network security, fraud detection, and malware mitigation. Ivan is also highly interested in research on the application of Machine and Deep Learning in high energy physics and astrophysics. Before joining Cyxtera, he worked at the Central Bank of Colombia, applying high performance computing tools to monetary policy analysis. He is passionate about applying the most advanced scientific knowledge to cyber security industry. Ivan holds degrees in Economics and Physics.


Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 15:30-17:15


DEF CON 101 Panel

Thursday at 15:30 in 101 Track, Flamingo
105 minutes | Audience Participation

HighWiz Founder, DC 101

Nikita Director of Content & Coordination, DEF CON

Roamer CFP Vocal Antagonizer

Chris "Suggy" Sumner Co-Founder, Online Privacy Foundation

Jericho "Squirrel"

Wiseacre Former Doer Of Things

Shaggy The Mountain

Ten years ago, DEF CON 101 was founded by HighWiz as a way to introduce n00bs to DEF CON. The idea was to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). The DEF CON 101 panel has been a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to learn about all things DEF CON so you, dear reader, can get the best experience possible. The panel will end with the time honored tradition of "Name the n00b" where lucky attendees will be brought up on stage to introduce themselves to you and earn the coveted 101 n00b handle. Don't worry if you don't make it on to the stage, there will be plenty of other prizes for you to enjoy!

HighWiz
HighWiz is born of glitter and moon beams and he has all the right moves. He is the things that sweet dreams are made of and nightmares long to be... Years ago, with the help of some very awesome people*, he set about to create an event that would give the n00bs of DEF CON a place to feel welcomed and further their own pursuit of knowledge. For years he has held onto the simple tenet that "You get out of DEF CON what you put into it". HighWiz is the fabled Man on the Mountain whom people seek to gain a taste of his forbidden knowledge. He is a rare sighting at DEF CON only to be glimpsed by those lucky few. HighWiz is a member of the DEF CON CFP Review Board and Security Tribe.

*Some (but not all) of the people HighWiz would like to thank for helping to make 101 into what it is today : Runnerup, Wiseacre, Nikita, Roamer, Shaggy, Lockheed, Pyr0, Zac, V3rtgio, 1o57, Neil, Sethalump, AlxRogan, Jenn, Zant, MalwareUnicorn, Clutch, TheDarkTangent, Siviak, Ripshy, Valkyrie, Xodia, Flipper and all the members of Security Tribe.

@highwiz

Nikita
For over 15 years, Nikita has worked to ensure DEF CON runs as smoothly as one can expect from a hacker conference. In addition to planning a vast array of details prior to DEF CON and thwarting issues while onsite, she also serves as the Director of Content for the CFP Review Board.

@niki7a

Roamer
Appearing in a cloud of (cigarette) smoke, Roamer is a man full of whiskey and ideas. He has appeared at DEF CON since before (almost) the beginning. He is a renown author, speaker, pontificator and is famous for giving the most entertaining Worldwide Wardrive talk. He is also the Grand Vizier of All Things Vendor—you are welcome. When Roamer speaks, people listen. And often fall in love.

Chris "Suggy" Sumner
Chris "Suggy" Sumner is the polite one. He is a co-founder of the not-for-profit Online Privacy Foundation, who contribute to the field of online behavioural research. Suggy is also the CFP review board's undisputed fence sitting champion.

@5uggy

Jericho
Since 1992, Jericho has been poking about the hacker/security scene. His experience has allowed him to develop (and deliver—often in the form of rants) a great perspective on many topics, mostly security related. He has been a speaker at security conferences worldwide, primarily for the free travel to exotic locales. A founding member of Attrition.org, he was also the content manager for the Open Source Vulnerability Database (OSVDB) and an officer in the Open Security Foundation (OSF). He is a champion of security industry integrity and small misunderstood creatures. He epitomizes the saying, "Why be a pessimist? It won't work, anyway."

@attritionorg

Wiseacre
Wiseacre was introduced to DEF CON by Roamer. Though he appeared at his first DEF CON because of the Capture the Flag contest, Roamer and HighWiz showed him how to make DEF CON so much more than simply attending the talks. From then on he made a point to participate in as much as he could. Of course, this was all within the limits of social anxiety so, if it allowed participation as a wallflower, he was in! Now, he wants to make sure everyone else gets to know as much as possible about this year's conference. In his private life, Mike hacks managers and is happy anyone listens to him at all.

wiseacre_mike

Shaggy
Shaggy has the Voice of Barry White, the brains of Albert Einstein and the soul of Bea Arthur. He has a few philosophies on life: He believes that while the righteous keep moving forward, those with clean hands become stronger and stronger . That the field of battle between God and Satan is the human soul. It is in the soul that the battle rages every moment of life. He also believes that one should Start by doing what's necessary; then do what's possible; and suddenly you are doing the impossible. Because You learn to speak by speaking, to study by studying, to run by running, to work by working, and just so, you learn to love by loving. All those who think to learn in any other way deceive themselves.


Return to Index      -     

 

Contest - Contest Stage - Friday - 18:00-19:59


Title:
DEF CON Beard and Moustache Contest

Held every year since DEF CON 19 in 2011 (R.I.P. Riviera), the DEF CON Beard and Moustache Contest highlights the intersection of facial hair and hacker culture.

More Info: http://www.dcbeard.com/    @DCBeardContest

Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 14:15-16:15


Title: DEF CON Biohacking Village Badge Talk

Speaker: Joel Murphy
Abstract:
Joel will talk about how the DEF CON Biohacking Village came together in all its wonderful glory

Return to Index      -     

 

Contest - Contest Stage - Saturday - 18:00-19:59


Title:
DEF CON Blitz Chess Tournament

The first-ever DEF CON Chess Tournament, in Blitzkrieg format, in which there will be just 5 minutes on each players clock. During the tournament, each player will play every other player one time. A victory is 1 point, a draw 1/2, and a loss 0. At the end of the tournament, the player with the highest score wins the grand prize (tbd) and a trophy. In the event of a tie, there will be a sudden death playoff between the highest scorers to determine the champion.
Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 16:00-17:45


DEF CON Closing Ceremonies

Sunday at 16:00 in Track 1
105 minutes | Audience Particption

The Dark Tangent

DEF CON Closing Ceremonies

The Dark Tangent


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 10:00-10:45


Defending the 2018 Midterm Elections from Foreign Adversaries

Sunday at 10:00 in Track 2
45 minutes | Demo, Tool

Joshua M Franklin Hacker

Kevin Franklin Hacker

Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee (DNC) IT services company, and foreign adversaries probed voter registration systems. The tool now cross-checks domain information against open source threat intelligence feeds, and uses a semi-autonomous scheme for identifying phundraising and false flag sites via ensembled data mining and deep learning techniques. We identified Russian nationals registering fake campaign sites, candidates deploying defensive—and offensive—measures against their opponents, and candidates unintentionally exposing sensitive PII to the public. This talk provides an analysis of our 2016 Presidential Election data, and all data recently collected during the 2018 midterm elections. The talk also details technological and procedural measures that government offices and campaigns can use to defend themselves.

Joshua M Franklin
Joshua Franklin has over a decade of experience working with election technology, and is a security engineer at the National Institute of Standards and Technology (NIST) focusing on cellular and electronic voting security. Prior to NIST, Joshua worked at the U.S. Election Assistance Commission gathering hands-on experience with a variety of voting technologies. Joshua managed federal certification efforts and alongside election officials, labs, and manufacturers across the United States. Joshua recently co-chaired the Election Cybersecurity Working Group, and was the principal author for the security portions of the next generation of federal voting system standards.

Kevin Franklin
Kevin Franklin has several decades of technology experience in big data. He possesses an undergraduate degree in Engineering from Mississippi State University and a masters degree in Computer Science from Southern Polytechnic University.


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 13:30-13:59


Defense in Depth: The Path to SGX at Akamai

Sam Erb, Software Engineer at Akamai Technologies

In this presentation you will learn how Akamai has spent the past 4 years working toward preventing the next TLS heartbleed incident. Nothing hypothetical --only deployed defense-in-depth systems will be discussed. This talk will include how we deployed Intel SGX at scale in our network.

Sam Erb (Twitter: @erbbysam) is a 2x black badge winner with Co9 in the Badge Challenge and is working to make the Internet a safer place.


Return to Index      -     

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 12:00-13:50


DejaVU—An Open Source Deception Framework

Sunday 08/12/18 from 1200-1350 at Table Three
Offense/Defense

Bhadreshkumar Patel

Harish Ramadoss

Deception techniques—if deployed well—can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to detect attacks at very early stage of cyber kill chain. But the challenge we have seen is deploying, managing and administering decoys across large networks. Although there are lot of commercial tools in this space, we haven't come across open source tools which can achieve this.

With this in mind, we have developed DejaVu which is an open source deception framework which can be used to deploy, configure and administer decoys centrally across the infrastructure. A web-based management console can be used by the defender to deploy multiple interactive decoys (HTTP Servers,SQL,SMB,FTP,SSH,client side–NBNS) strategically across their network on different VLANs. Logging and alerting dashboard displays detailed information about the alerts generated and can be further configured to generate high accuracy alert; and how these alerts should be handled.

Decoys can also be placed on the client VLANs to detect client side attacks such as responder/LLMNR attacks using client side decoys. Additionally, common attacks which the adversary uses to compromise such as abusing Tomcat/SQL server for initial foothold can be deployed as decoys, luring the attacker and enabling detection.

https://github.com/bhdresh/Dejavu

Bhadreshkumar Patel
Bhadreshkumar Patel is a Reverse Engineer by nature and Security Specialist/Pentester by profession with 10 years of experience in offensive and defensive side of security. Likes to code, break stuff, play with controllers. Got lucky in finding zero days in Facebook, NGFW, wireless routers, HMS etc. Dejavu is Bhadresh's first conference submission, but not his first contribution to the security community.

Harish Ramadoss
Harish Ramadoss has over seven years of experience in offensive security space focusing on application and infrastructure security assessments. Led large scale penetration testing engagements for various clients across Finance, Government and Defense.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 11:00-11:45


Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits

Sunday at 11:00 in Track 3
45 minutes | Demo, Tool, Exploit, Audience Participation

zerosum0x0 Hacker

MS17-010 is the most important patch in the history of operating systems, fixing remote code execution vulnerabilities in the world of modern Windows. The ETERNAL exploits, written by the Equation Group and dumped by the Shadow Brokers, have been used in the most damaging cyber attacks in computing history: WannaCry, NotPetya, Olympic Destroyer, and many others.

Yet, how these complicated exploits work has not been made clear to most. This is due to the ETERNAL exploits taking advantage of undocumented features of the Windows kernel and the esoteric SMBv1 protocol.

This talk will condense years of research into Windows internals and the SMBv1 protocol driver. Descriptions of full reverse engineering of internal structures and all historical background info needed to understand how the exploit chains for ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY work will be provided.

This talk will also describe how the MS17-010 patch fixed the vulnerabilities, and identify additional vulnerabilities that were patched around the same time.

zerosum0x0
zerosum0x0 is the author of all MS17-010 ETERNAL Metasploit exploit modules and was the first to reverse engineer the DOUBLEPULSAR backdoor. He has taught workshops on Windows internals at DEF CON and to government agencies.

@zerosum0x0


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Friday - 14:30-18:30


Deploying, Attacking, and Securing Software Defined Networks

Friday, 1430-1830 in Icon F

Jon Medina Security Consultant, Protiviti
Megha Kelsi Security Consultant, Protiviti

Let's get our hands dirty in Software Defined Networking! Whether you're a network engineer or just a netsec enthusiast, this workshop will provide you with tools and guidance to set up, attack, and secure a software defined network from scratch using open-source tools and cloud-based switching software. Each attendee will be given access to a lab environment where they can deploy, test, configure, break, and secure a software defined network. All scripts and deployment instructions will be provided at the end, so you can continue your testing and research back home, or use it to make friends and win bets at the pub.

Prerequisites: Basic networking, knowledge of the OSI model, and basic *nix shell familiarity.

Materials: Laptop with internet access, web browser with HTML5 capability

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/deploying-attacking-and-securing-software-defined-networks-icon-f-tickets-47193792905
(Opens July 8, 2018 at 15:00 PDT)

Jon Medina
Jon is a security nerd who has worked in networking and security capacities for everything from the Department of Defense, to the Fortune 500, to state and local government. He currently works for Protiviti providing security consulting for a wide variety of clients and industries. His interests outside of security include traveling, hockey, strange beers, and his bulldog. He's spoken at Shmoocon, BSides, and many other security events and conferences.

Megha Kelsi
Megha is an Orlando-based security geek who’s worked in consulting across a wide variety of industries and solutions. She works extensively in security architecture, network security, vulnerability assessments, social engineering (Ferris Bueller style), incident response, and security operations. She enjoys spending time with her family, dancing, boxing / kickboxing (beating the crap out of punching bags is a hobby right?), and keeping up with the latest security news.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 12:00-12:45


Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities

Sunday at 12:00 in Track 3
45 minutes | Demo, Tool, Exploit

Matt Knight Senior Security Engineer, Cruise Automation

Ryan Speers Director of Research, Ionic Security

In this session, we introduce an open source hardware and software framework for fuzzing arbitrary RF protocols, all the way down to the PHY. While fuzzing has long been relied on by security researchers to identify software bugs, applying fuzzing methodologies to RF and hardware systems has historically been challenging due to siloed tools and the limited capabilities of commodity RF chipsets.

We created the TumbleRF fuzzing orchestration framework to address these shortfalls by defining core fuzzing logic while abstracting a hardware interface API that can be mapped for compatibility with any RF driver. Thus, supporting a new radio involves merely extending an API, rather than writing a protocol-specific fuzzer from scratch.

Additionally, we introduce Orthrus, a low-cost 2.4 GHz offensive radio tool that provides PHY-layer mutability to offer Software Defined Radio-like features in a flexible and low-latency embedded form factor. By combining the two, researchers will be able to fuzz and test RF protocols with greater depth and precision than ever before.

Attendees can expect to leave this talk with an understanding of how RF and hardware physical layers actually work, and how to identify security issues that lie latent in these designs.

Matt Knight
Matt Knight (@embeddedsec) is a Senior Security Engineer with Cruise Automation, where he works on securing autonomous cars and the infrastructure that supports them. Matt also leads the RF practice at River Loop Security, an embedded systems security and design consultancy. With specific interests in RF networks and physical layers, he notably reverse engineered the LoRa PHY based on blind signal analysis, and has run several trainings on RF reverse engineering fundamentals. Matt holds a BE in Electrical Engineering from Dartmouth College.

@embeddedsec

Ryan Speers
Ryan Speers (@rmspeers) is a security researcher and developer who enjoys embedded systems, low-power radio protocols, and reversing proprietary systems. He has worked in offensive and defensive roles on networks, Windows, micro controllers, and many things in-between. As co-founder at River Loop Security, he tests embedded systems for security issues, and helps clients build more secure systems. He is also Director of Research for Ionic Security where he leads system and cryptographic research. He has previously spoken at a number of security conferences and written some articles for journals ranging from peer-reviewed academic publications to PoC||GTFO.

@rmspeers


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 13:30-13:50


Detecting Blue Team Research Through Targeted Ads

Saturday at 13:30 in Track 2
20 minutes |

0x200b Hacker

When my implant gets discovered how will I know? Did the implant stop responding for some benign reason or is the IR team responding? With any luck they'll upload the sample somewhere public so I can find it, but what if I can find out if they start looking for specific bread crumbles in public data sources? At some point without any internal data all blue teams turn to OSINT which puts their searches within view of the advertising industry. In this talk I will detail how I was able to use online advertising to detect when a blue team is hot on my trail.

0x200b
I'm just a Security researcher who's always using tools in unintended ways. I'm a defender by trade, I work on understating the adversary then designing the mitigations based on what I've learned. Currently I work at the intersection of healthcare and the cloud, designing systems that make it harder for the adversary to operate.


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 15:20-15:59


Detecting Web Attacks with Recurrent Neural Networks

Fedor Sakharov

“Classic Web Application Firewalls (WAFs) mostly use rule-based approach for attack detection. This approach is known to have its pros and cons. Despite offering decent protection from automated attacks and predictable detection results rule-based approach has and always will have certain disadvantages. We all know that it’s useless against 0-day attacks or that even the most sophisticated rules are easily evaded by skilled professionals. That is why a more effective approach should involve some kind of heuristics. Let’s give a chance to artificial intelligence to find something non-obvious for human perception in raw data and try to explain its results.

To this day AI has been more often used for cat classification rather than for detecting application-level attacks on HTTP applications. Our team decided to test the hypothesis that Deep Learning is able to detect web-based attacks effectively. We started with very simple neural network architectures and tried to use them for classification. After some experiments it became clear that we needed more complex networks so we abandoned our attempts to use classification shifting to anomaly detection. Eventually, we ended up using seq2seq model with attention mechanisms which is able to detect zero-day web attacks with minimal number of false positives.”

Irina Stepanyuk is a data scientist from Moscow, Russia. For some time Irina is a researcher in Positive Technologies. She develops data analysis algorithms in relation to information security. Moreover, Irina is a Master’s student in the Faculty of Computer Science at the Higher School of Economics, where she also participates in data science projects and research.

Arseny Reutov is a web application security researcher from Moscow, Russia. Arseny is the Head of Application Security Research at Positive Technologies Ltd where he specializes in penetration testing, the analysis of web applications, and application security research. He is the author of research papers and blog posts on web security published in such magazines as Hacker (Xakep) and HITB Magazine as well as in his blog raz0r.name. He was a speaker at ZeroNights, CONFidence, PHDays and OWASP conferences. Arseny loves making web security challenges (#wafbypass on Twitter) as well as solving them. His passion are modern web technologies and finding vulnerabilities in them.

Fedor is a software developer from Moscow, Russia. He takes interest in various aspects of low-level programming and information security. For some time he has contributed to opensource reverse-engineering framework radare2, his diploma thesis is about transparent application CFG control in runtime and he has a solid experience with Linux kernel programming, drivers as well as kernel subsystems. That’s not all, since recently he leads the security-focused machine learning research at Positive Technologies.”


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 14:00-14:30


Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones

Saturday at 14:00 in Track 2
20 minutes |

Eduardo Izycki Hacker

Rodrigo Colli Hacker

In his notorious book Leviathan, the XVII century English philosopher Thomas Hobbes stated that: we should give our obedience to an unaccountable sovereign otherwise what awaits us is a state of nature that closely resembles civil war—a situation of universal insecurity. It looks like a lot of current political leaders have red and found the teachings of Hobbes applicable to modern day online life.

We witness the rise of the Digital Leviathan. The same apps and applications that people use to connect, express opinions and dissatisfaction are used by governments (even democratic ones) to perform surveillance and censorship.

This talk will focus on evidence of Nation-State spying, performing surveillance, and censorship. The aim is to present a systematical approach of data regarding cyber attacks against political targets (NGO/political groups/media outlets/opposition), acquisition and/or use of spywares from private vendors, requested content/metadata from social media/content providers, and blocking of websites/censorship reported by multiple sources.

The findings of the research imply that:
- 25 nations that have already used cyber offensive capabilities against political targets.
- 60 nations acquired/developed spyware.
- 117 nations requested content/metadata from social media/content providers.
- 21 countries perform some level of censorship to online content.

Eduardo Izycki
Eduardo Izycki and Rodrigo Colli are both independent researchers with experience on information security and incident response. They worked in private-public task force for threat and risk assessment to major events in Brazil during the Confederations Cup 2013, World Cup 2014 and Olympic Games 2016.

Rodrigo Colli


Return to Index      -     

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 11:00-11:30


Disabling Intel ME in Firmware

Brian Milliron

Abstract

Modern OSes have consistently raised the bar in regards to security with each revision, largely due to the efforts of the security community to find and report bugs. Because of this the OS layer is reasonably secure at this point. However the security of the hardware layer has fallen far behind and now represents the biggest threat. In particular, the Intel Management Engine is a huge security hole which Intel has put great effort into forcing users to accept blindly. No more. This talk will present a how to on permanently disabling Intel ME by reflashing the BIOS using a Raspberry Pi. Take back control of your own hardware and give Big Brother’s Backdoor the boot.

Bio

Brian Milliron works as a freelance penetration tester for ECR Security. He has been monkeying around with security since his teens and has worked as a pentester for the last 8 years, working primarily with the Energy/Utility sector. Besides popping shells and defeating Big Brother technology, he also enjoys exploring the RF spectrum, finding new uses for Raspberry Pis, studying malware, nature and off-grid living.


Return to Index      -     

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 18:30-19:29


Title: Discussion

Speakers: Speaker TBA

Description:




Return to Index      -     

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 18:00-18:59


Title: Discussion

Speakers: Speaker TBA

Description:




Return to Index      -     

 

DEFCON - Octavius 13 - Friday - 20:00-19:59


Disrupting the Digital Dystopia or What the hell is happening in computer law?

Friday at 20:00 in Octavius 13
Fireside Hax | Audience Participation

Nathan White Senior Legislative Manager, Access Now

Nate Cardozo Senior Staff Attorney, EFF

1984 didn't just happen because of a calendar. The world of 1984 was built by politicians who used the rule of law to change society into an oppressive surveillance state. In Washington D.C., politicians today are making decisions about what technologies we're permitted to use and how they'll be used in society. In this talk we'll break down 4-5 bills currently under discussion in Congress and explain who they'll impact the DEF CON community.

Nathan White
Nathan White spent five years working for the U.S. congress before starting a political consulting firm as a registered lobbyist. He now serves as the Senior Legislative Manager for Access Now, where he works to defend our digital rights. He has run political and issue campaigns from Maui to Maryland to Melbourne. He helped advocacy campaigns including the fight to save Net Neutrality at the FCC (2015) and the USA FREEDOM Act in Congress. At Access Now he co-organized the Crypto Summit and Crypto Summit 2.0. He worked to build the SaveCrypto.org campaign and helped create the international coalition to Secure The Internet (securetheinternet.org). He works everyday to educate Washington D.C. beltway types about our community.

@NathanielDWhite

Nate Cardozo
Nate Cardozo is a Senior Staff Attorney on EFF's civil liberties team where he focuses on cybersecurity policy and defending coders' rights. Nate has litigated cases involving electronic surveillance, freedom of information, digital anonymity, online free expression, and government hacking. His other projects include defending encryption, fighting software export controls, preserving automotive privacy, and assisting surveillance law reform efforts. As an expert in technology law and civil liberties, Nate works on EFF's Who Has Your Back report and regularly assists companies in crafting rights-preserving policies and advising on compliance with legal process. When he's not brewing beer with his EFF colleagues, Nate serves on the boards of directors of the First Amendment Coalition and the South Asian Film Preservation Society. Nate has a B.A. in Anthropology and Politics from U.C. Santa Cruz and a J.D. from U.C. Hastings where he has taught first-year legal writing and moot court.


Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 13:00-13:30


Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear

Friday at 13:00 in 101 Track, Flamingo
20 minutes | Demo, Audience Participation, Tool

zenofex Hacker

The Teddy Ruxpin is an iconic toy from the 1980's featuring an animatronic teddy bear that reads stories from cassette tapes to children. In late 2017, a new model of the toy was released with improvements including Bluetooth connectivity, LCD eyes, and a companion mobile application. While the new bear features a number of improvements, the Teddy Ruxpin's original ability to add new stories by replacing the included cassettes is no longer applicable, and it requires users to supply files to the bear in a proprietary format.

This presentation aims to show how the new Teddy Ruxpin was reverse engineered down to a very low level in order to create new content. I will reveal the inner workings of the hardware and software within the bear and document the process used to reverse engineer it. I will then examine the communication between the mobile application and Teddy Ruxpin as well as the custom structure of the digital books read by the bear. I will end the presentation by releasing a toolset that allows users to create their own stories followed by a demo showcasing the Teddy Ruxpin greeting the DEF CON audience.

zenofex
Zenofex (@zenofex) is a senior research scientist at Cylance. Zenofex founded the Exploitee.rs which is a public research group that has released exploits for over 65 devices including the Amazon FireTV, Roku Media Player and the Google Chromecast. Zenofex is also a member of Austin Hackers (AHA) and has spoken at a number of security conferences including BlackHat and DEF CON.

@zenofex


Return to Index      -     

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 17:00-17:59


Title: Diversity and Equality in Infosec

Speakers: Speaker TBA

Description:

As the field of Infosec continues to grow in numbers, it is also growing in terms of diversity. Arguably the field needs bring in as many diverse perspectives as possible in order to face ever escalating technological and non-technological challenges. We seek to discuss the ethics of promoting diversity and equality, the ethics of the current methods in promoting diversity and equality, and what can be done to ethically promote diversity and equality in infosec.




Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 13:30-14:15


Title: DNA Encryption: Bioencryption to Store Your Secrets in living organisms

Speaker: John Dunlap
Abstract:
Recent advances in genetic sequencing and modification technology have made the goal of storing data in living cells an attainable goal. In this talk John Dunlap will cover the history of attempting to encrypt secrets into living cells, and discuss his own experiments encrypting secrets in living cells with affordable lab equipment. John will discuss lab methods, suitable encryption algorithms, and methods for detecting data tucked away in innocuous model organisms, as well as potential issues with the concept of DNA as data storage. John will also present his own software tool for converting data into a suitable form for storage in Living organisms.

Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 10:00-10:59


Title:
Don't Bring Me Down: Weaponizing botnets


@3ncr1pted

Don't Bring Me Down: Weaponizing botnets

"We're seeing an evolution in botnets. The impact of Mirai bringing down a huge swath of the internet two years ago raised awareness but the release of the Mirai code has raised a new army of botnets that are capable of more than just DDOS on basic systems. But Mirai isnt the only botnet in town. There are some serious contenders with unexpected enhancements looking for new recruits to work in the bitcoin mines.


Routers and cameras and toasters oh my! The ongoing deluge of devices that connect to the Internet is an IoT nightmare, and an attackers dream. Default credentials and weak passwords are only the beginning. Especially with a bevy of unpatched, vulnerable systems on which to unleash some substantial exploits. Persistence and lateral movement ftw!
DDoS isnt just childs play when attacks are in the realm of terabytes. What happens when we move past outages, and into destructive payloads? And what happens when weaponization meets automation? In this talk, well explore what may come next when nation states move into the turf once held by script kiddies, and build-a-bot gets leveled up in a very bad way."


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 13:30-13:50


Dragnet—Your Social Engineering Sidekick

Friday at 13:30 in Track 1
20 minutes | Demo, Tool

Truman Kain Security Associate, Tevora

First, Dragnet collects dozens of OSINT data points on past and present social engineering targets. Then, using conversion data from previous engagements, Dragnet provides recommendations for use on your current targets: phishing templates, vishing scripts and physical pretexts- all to increase conversions with minimal effort. Finally, features like landing page cloning and domain registration (alongside your standard infrastructure deployment, call scheduling and email delivery) make Dragnet one hell of a catch.

Truman Kain
Truman Kain has taken everything he has learned as a web designer, internet marketer and mobile developer, and applied these insights directly into the development and experience of Dragnet. Why shouldn't your go-to social-engineering tool be as smooth and intuitive as your favorite mobile app?


Return to Index      -     

 

Contest - Contest Stage - Saturday - 20:00-21:59


Title:
Drunk Hacker History

One night only at DEF CON 26, Drunk Hacker History is back by popular demand for a 4th historic year! The past three years proved to the entire galaxy that in the game of intoxicated nostalgic recall, there are no losers and those who won, lost. The DEF CON community has a history of sorts. It is a history is filled with mephitic adventures, quarter-truths, poor life choices, incontinence, and various forms of C2H6O. This year, we will connect our stacks to extract some of the most celebrated, exaggerated and entertaining moments in Hacker History through the interpretation of a group of well-trained participants. In the end, we will, again, crown the Drunkest Hacker in History and you, the audience, will rejoice! Hosted by c7five & jaku, if you like eating from an 80s candy cannon, Cats the musical, and feats of strength, you wont want to miss the return of Drunk Hacker History! Presented in DEF CON 4D and made possible by a grant from monkeyhelpers.org.

More Info: @DrunkHackerHist

Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 10:00-10:30


Ducky-in-the-Middle: Injecting Keystrokes into Plaintext Protocols

Esteban Rodriguez, Security Consultant at Coalfire Labs

This talk will cover the basics of protocol analysis using Wireshark and lead into analyzing two custom application protocols used for extending the mouse and keyboard of a remote system. The two applications covered are HippoRemote, and iOS app to use a iPhone as a trackpad and keyboard, and Synergy, an application to allow for control of multiple operating systems with one mouse and keyboard. By performing a MITM attack, an attacker can abuse this protocols to send keystokes to a remote machine to gain remote code execution similar to a USB rubber ducky attack. The talk will also discuss mitigations and open source code will be provided for exploitation. The target audience should have a basic understanding of Wireshark, ARP spoofing, and reverse shells.

Esteban Rodriguez (Twitter: @n00py1) a Security Consultant at Coalfire Labs. He primarily perform network and web application penetration testing. Esteban worked previously at Apple Inc performing intrusion analysis and incident response. Outside of work, Esteban blog at n00py.io and perform independent security research. He have authored multiple penetration testing tools and have presented at BSides Puerto Rico covering penetration testing techniques.


Return to Index      -     

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


EAPHammer

Saturday 08/11/18 from 1400-1550 at Table One
Offensive security professionals, red teamers, penetration testers, researchers.

Gabriel Ryan

EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate how fast this tool is, here's an example of how to setup and execute a credential stealing evil twin attack against a WPA2-EAP network in just two commands:

# generate certificates
./eaphammer --cert-wizard

# launch attack
./eaphammer -i wlan0 --channel 4 --auth wpa --essid CorpWifi --creds

EAPHammer’s userbase has doubled since its debut in early 2017, and the project has matured substantially to meet this demand. It is now the first rogue AP attack tool to offer out-of-the-box support for attacks against 802.11n/ac. Most of the added complexity associated with these protocols is managed automatically by EAPHammer.

We’ve also added some cool feature like Hashcat support, Karma, and SSID cloaking, as well as an extended UI and config management system for advanced users who require granular control over their rogue access points.

To check out the codebase, head to https://github.com/s0lst1c3/eaphammer

Gabriel Ryan
Gabriel Ryan is a penetration tester and researcher with a passion for wireless and infrastructure testing. He currently serves a co-founder and managing security consultant for Digital Silence, a Denver-based consulting firm that specializes in impact driven testing and red team engagements. Prior to joining Digital Silence, Gabriel worked in penetration tester for security services firm Gotham Digital Science as well as OGSystems, a Virginia-based geospatial intelligence contractor. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys writing music and riding motorcycles.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 13:30-13:50


Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking

Sunday at 13:30 in Track 3
20 minutes | Demo

ldionmarcil Pentester at GoSecure

When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors introduced "Edge Side Includes" (ESI), a technology allowing malleability in caching systems. This legacy technology, still implemented in nearly all popular HTTP surrogates (caching/load balancing services), is dangerous by design and brings a yet unexplored vector for web-based attacks.

The ESI language consists of a small set of instructions represented by XML tags, served by the backend application server, which are processed on the Edge servers (load balancers, reverse proxies). Due to the upstream-trusting nature of Edge servers, ESI engines are not able to distinguish between ESI instructions legitimately provided by the application server and malicious instructions injected by a malicious party. We identified that ESI can be used to perform SSRF, bypass reflected XSS filters (Chrome), and perform Javascript-less cookie theft, including HTTPOnly cookies.

Identified affected vendors include Akamai, Varnish, Squid, Fastly, WebSphere, WebLogic, F5, and countless language-specific solutions (NodeJS, Ruby, etc.). This presentation will start by introducing ESI and visiting typical infrastructures leveraging it. We will then delve into identification, exploitation of popular ESI engines, and mitigation.

ldionmarcil
Louis is a Security Analyst working at GoSecure in Montreal where he specializes in offensive appsec and pentest on medium to large scale organizations. Seasoned CTF participant and sometimes finalist with the DCIETS team, he has also written challenges for various competitions. Having recently obtained his Software Engineering degree, he dabbles in various research engagements between pentests.

@ldionmarcil


Return to Index      -     

 

DEFCON - Roman Chillout - Saturday - 20:00-19:59


EFF Fireside Hax (AKA Ask the EFF)

Saturday at 20:00 in Roman Chillout
Fireside Hax | Audience Participation

Kurt Opsahl Deputy Executive Director & General Counsel, Electronic Frontier Foundation

Nate Cardozo EFF Senior Staff Attorney

Jamie Lee Williams EFF Staff Attorney

Andrés Arrieta Technology Products Manager

Katiza Rodriguez International Rights Director

Nathan 'nash' Sheard Grassroots Advocacy Organizer

Relax and enjoy a Fireside Hax chat while you get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for freedom and privacy in the computer age. This Fireside Hax discussion will include updates on current EFF issues such as the government's effort to undermine encryption (and add backdoors), the fight for network neutrality, discussion of our technology projects to spread encryption across the Web and emails, updates on cases and legislation affecting security research, and much more. Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law and technology issues that are important to you.

Kurt Opsahl
Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders' Rights Project. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation, and other online liability matters, including working on Kelly v. Arribasoft, MGM v. Grokster and CoStar v. LoopNet. For his work responding to government subpoenas, Opsahl is proud to have been called a "rabid dog" by the Department of Justice. Prior to Perkins, Opsahl was a research fellow to Professor Pamela Samuelson at the U.C. Berkeley School of Information Management & Systems. Opsahl received his law degree from Boalt Hall, and undergraduate degree from U.C. Santa Cruz. Opsahl co-authored "Electronic Media and Privacy Law Handbook." In 2007, Opsahl was named as one of the "Attorneys of the Year" by California Lawyer magazine for his work on the O'Grady v. Superior Court appeal. In 2014, Opsahl was elected to the USENIX Board of Directors.

@kurtopsahl

Nate Cardozo
Nate Cardozo is a Senior Staff Attorney on the Electronic Frontier Foundation's digital civil liberties team. In addition to his focus on free speech and privacy litigation, Nate works on EFF's Who Has Your Back? report and Coders' Rights Project. Nate has projects involving cryptography and the law, automotive privacy, government transparency, hardware hacking rights, anonymous speech, electronic privacy law reform, Freedom of Information Act litigation, and resisting the expansion of the surveillance state. A 2009-2010 EFF Open Government Legal Fellow, Nate spent two years in private practice before returning to his senses and to EFF in 2012. Nate has a B.A. in Anthropology and Politics from U.C. Santa Cruz and a J.D. from U.C. Hastings where he has taught first-year legal writing and moot court. He brews his own beer, has been to India four times, and watches too much Bollywood.

Jamie Lee Williams
Jamie Williams is a staff attorney at the Electronic Frontier Foundation, where she is part of EFF's civil liberties team. Jamie focuses on the First and Fourth Amendment implications of new technologies, and is part of EFF's Coder's Rights Project, which protects programmers and developers engaged in cutting-edge exploration of technology. Jamie joined EFF in 2014. Prior to joining EFF, Jamie clerked for Judge Saundra Brown Armstrong in the Northern District of California, and practiced at Paul Hastings LLP, as an associate in the firms' litigation department. Jamie was also a law clerk at the Alameda County Public Defender. Jamie has a J.D. from the University of California, Berkeley School of Law (Boalt Hall) and a B.A. in journalism from the University of Wisconsin, Madison.

Andrés Arrieta
Andrés Arrieta is the Technology Projects Manager for the Electronic Frontier Foundation. A Telecom and Electronics Engineer, he previously worked for Mobile Operators managing and developing projects from the Radio and Core networks to IT systems like Spotify Premium for Movistar. Seeing the state of privacy in the digital world from previous experiences, he joins the EFF to help develop tools that address these issues.

Katiza Rodriguez
Katitza Rodriguez is EFF's international rights director. She concentrates on comparative policy of international privacy issues, with special emphasis on law enforcement, government surveillance, and cross border data flows. Her work in EFF's International Program also focuses on cybersecurity at the intersection of human rights. Katitza also manages EFF's growing Latin American programs. She was an advisor to the UN Internet Governance Forum (2009-2010). Before joining EFF, Katitza was director of the international privacy program at the Electronic Privacy Information Center in Washington D.C., where amongst other things, she worked on The Privacy and Human Rights Report,an international survey of privacy law and developments. Katitza is well known to many in global civil society and in international policy venues for her work at the U.N. Internet Governance Forum and her pivotal role in the creation and ongoing success of the Civil Society Information Society Advisory Council at the Organisation for Economic Co-operation and Development, for which she served as the civil society liaison while at EPIC from 2008 to March 2010. Katitza holds a Bachelor of Law degree from the University of Lima, Peru. Katitza's twitter handle is @txitua.

Nathan 'nash' Sheard
Nathan 'nash' Sheard is EFF's Grassroots Advocacy Organizer. nash works directly with community members and organizations to take advantage of the full range of tools provided by access to tech, while engaging in empowering action toward the maintenance of digital privacy and information security.


Return to Index      -     

 

Contest - Contest Stage - Friday - 16:00-17:59


Title:
EFF Tech Trivia

EFF's team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Cup and EFF swag pack. The second and third place teams will also win great EFF gear.

More Info: @EFF   https://eff.org/

Return to Index      -     

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 11:50-12:10


Effective Log & Events Management

Friday at 11:50-12:10
20 minutes

Russell Mosley@sm0kem

Logs, right? Do you run an expensive SIEM? If not, this talk is for you. An effective process for managing logs and security events with built-in and open-source tools will be detailed. I'll share reports and tickets from our organization and describe how we analyze them to improve IT operations, situational awareness, security posture, and pass audits.

Russell Mosley
Russell is an IT Infrastructure & Security Director for a DC-area software services company and an organizer with BSides Charm. Russell has seventeen years' experience in IT operations and Enterprise Defense and is responsible for the organization's compliance with SOC and FISMA requirements. He holds degrees from UMBC, UMUC, and Towson University as well as CISSP and several vendor certifications.


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 12:55-13:35


Emergent Recon - fresh methodology and tools for hackers in 2018 - Jason Haddix

Recon is an art AND an science. The landscape for methods of finding hosts to attack is constantly changing. Whether you call it “Asset Discovery” or something else, it remains a core part of bounty hunter and red teaming life. Join Jason as he expands on his ever changing recon methodology.

This talk will focus on what tools to incorporate (and which tools not to). It will outline new methods coined in 2018, plus frameworks to automate and document your workflow. Topics include: brand/TLD discovery, host enumeration, application threat modeling, and more!


Return to Index      -     

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 16:00-16:59


Title: Ethical Disclosure and the Reduction of Harm

Speakers: Speaker TBA

Description:

How does a researcher become empowered to influence business and marketing leaders to balance coordinated disclosure, opsec protection, and tradecraft protection, with corporate interests? This talk examines use cases gone wrong, and opportunities for all groups to work together to make it right.




Return to Index      -     

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 13:00-13:59


Title: Ethics for Security Practitioners

Speakers: Speaker TBA

Description:

While at the first glance infosec might seem to be a mainly technical domain you might encounter ethical dilemmas very soon once you start working in the field (namely when you do offensive stuff). In this talk I'll provide an introduction how to tackle such situations in a structured way and on the basis of common approaches and values.




Return to Index      -     

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 11:00-11:59


Title: Ethics of Technology in Humanitarian and Disaster Response

Speakers: Speaker TBA

Description:

How do we combat the moral dilemmas technology brings to humanitarian and disaster response? Ethically based decision making can improve the influence of technology during a crisis.




Return to Index      -     

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 12:30-13:20


Evolving security operations to the year 2020

Friday at 12:30-13:20
50 minutes

@IrishMASMS

The security operations aspect of your Information Security risk management program is where the “rubber meets the road” — the tools and people you have to implement the process and procedures you put together to find the badness and put out the fires. How has the concept of security operations evolved, and where are we headed? There is plenty of buzzword bingo: UBA, UEBA, machine learning and artificial intelligence, network abnormality detection, the marketing conversations of evolving to that SOC of 2020 — what do all these really mean to you and your operations and which can be useful in your efforts to find the badness?

@IrishMASMS
IrishMASMS is an old school hacker, fighting the good fight in Computer Network Defense (CND)/blue team efforts for more than 18 years. He has been lurking about since DEFCON 10, a panel member at HOPE 5, a presenter at a couple of Notacons, and a few other conferences where it may be hard to remember what really occurred. Having progressed through the ranks from a Security Operations Center (SOC) analyst to manager and director of Information Security risk management programs, he has experienced the wide opportunities for pain in our industry — and desires to help improve rather than perpetuate, nurture rather than exclude.


Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 14:00-14:30


Title: Examining Monero's Ring Signatures

Speakers: Justin Ehrenhofer

Description:
No description available



Return to Index      -     

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 12:00-13:50


Expl-iot—IoT Security Testing and Exploitation framework

Sunday 08/12/18 from 1200-1350 at Table Two
IoT Testers- Pentesters- IoT developers- Offense- Hardware

Aseem Jakhar

Expl-iot is an open source flexible and extendable framework for IoT Security Testing and exploitation. It will provide the building block for writing exploits and other IoT security assessment test cases with ease. Expliot will support most IoT communication protocols, firmware analysis, hardware interfacing functionality and test cases that can be used from within the framework to quickly map and exploit an IoT product or IoT Infrastructure.It will help the security community in writing quick IoT test cases and exploits. The objectives of the framework are: 1. Easy of use 2. Extendable 3. Support for hardware, radio and IoT protocol analysisWe released Expl-iot ruby version in 2017. Once we started implementing hardware and radio functionality, we realized that ruby does not have much support for hardware and radio analysis which led us to deprecate it and re-write it in python to support more functionality. We are currently working on the python3 version and will release it in a month. The new beta release is envisioned to have support for UART(serial), ZigBee, BLE, MQTT, CoAP (next version will have support for JTAG, I2C and SPI) and few miscellaneous test cases.

https://bitbucket.org/aseemjakhar/expliot_framework

Aseem Jakhar
Aseem Jakhar is the Director, research at Payatu Software Labs http://payatu.com a boutique security testing company specializing in IoT, Embedded, cloud, mobile security testing. He is the founder of null-The open security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon security conference http://nullcon.net and hardwear.io security conference. He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, bayesian engine to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon, Hack.lu, Hack in Paris, Hack In The Box, PHDays and many more. He has authored various open source security software including


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 11:00-11:45


Exploiting Active Directory Administrator Insecurities

Saturday at 11:00 in Track 1
45 minutes | Demo

Sean Metcalf CTO, Trimarc

Defenders have been slowly adapting to the new reality: Any organization is a target. They bought boxes that blink and software that floods the SOC with alerts. None of this matters as much as how administration is performed: Pop an admin, own the system. Admins are being dragged into a new paradigm where they have to more securely administer the environment. What does this mean for the pentester or Red Teamer?

Admins are gradually using better methods like two-factor and more secure administrative channels. Security is improving at many organizations, often quite rapidly. If we can quickly identify the way that administration is being performed, we can better highlight the flaws in the admin process.

This talk explores some common methods Active Directory administrators (and others) use to protect their admin credentials and the flaws with these approaches. New recon methods will be provided on how to identify if the org uses an AD Red Forest (aka Admin Forest) and what that means for one hired to test the organization's defenses, as well as how to successfully avoid the Red Forest and still be successful on an engagement.

Some of the areas explored in this talk:

If you are wondering how to pentest/red team against organizations that are improving their defenses, this talk is for you. If you are a blue team looking for inspiration on effective defenses, this talk is also for you to gain better insight into how you can be attacked.

Sean Metcalf
Sean Metcalf is founder and principal consultant at Trimarc (www.TrimarcSecurity.com) a consulting company which focuses on improving enterprise Active Directory security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a former Microsoft MVP, and has presented on Active Directory attack and defense at Black Hat, BSides, DEF CON, DerbyCon, BlueHat, & Shakacon security conferences. He currently provides security consulting services to customers and regularly posts interesting Active Directory security information on his blog, ADSecurity.org.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Sunday - 10:15-10:59


Title: Exploiting immune defences - can malware learn from biological viruses?

Speaker: Guy Propper
Abstract:
Biological viruses have existed and evolved for millions of years, maliciously exploiting host cells for survival. How have they done this, and what can we learn from it?
Extremely advanced mechanisms for privilege escalation, persistence, and defence evasion have been used by biological viruses long before malware was first written.
This talk will provide an understanding of what mechanisms are used by biological viruses to exploit immune defences, persist, and survive in the arms race with the immune system.
Surprising differences between malware and virus actions will be shown, and some mechanisms which are used by viruses, but have not been adopted, or even attempted by malware, will be revealed.
No biological background is needed, only an open mind.

Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 13:00-13:59


Title:
Exploiting IoT Communications - A Cover within a Cover

Mike Raggo & Chet Hosmer
@MikeRaggo & @ChetHosmer

Exploiting IoT Communications - A Cover within a Cover

As IoT continues to introduce new operating systems, protocols, and frequencies the attack surface available for hidden communications increases substantially. In this presentation we explore the fundamental flaws in many of these IoT designs to identify methods of exploiting these communications by hiding data and riding these channels to deliver data and messages between devices and networks. Well cover M2M carrier packets, IoT Hub out-of-band communications, and IoT dead-drops in the cloud. Then with proof of concept code well demonstrate these exploits for the audience, and provide the basis for enhancing ones forensic strategy by looking deeper into these mysterious IoT communications.


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Sunday - 10:00-10:59


Title:
Facial Recognition - Let me let you in on a secret

Stumbles The Drunk

@stumblesthedrunk

Facial Recognition - Let me let you in on a secret

Facial Recognition is being inserted in to the authentication and verification process of our Driver Licences, Passports, and other unimportant government documents. Let's talk about how it short falls and how to #$@! with it.


Return to Index      -     

 

DDV - Caesars Promenade Level - Capri Rm - Friday - 15:00-15:55


Speaker: Andy Klein

For the last five years Backblaze has collected daily operational data from the hard drives in our data centers. This includes daily SMART statistics from over 100,000 hard drives totaling over 500 Petabytes of storage. We’ll start by looking at the lifetime statistics for all the hard drives we have ever used, split out by size and manufacturer. Then we’ll compare the failure rates of consumer versus enterprise drives and we’ll also compare helium-filled versus air-filled drives. We’ll finish up with looking at a handful of SMART attributes to see how temperature relates to hard drive failure and whether or not you can use SMART stats to predict hard drive failure. As a bonus, we’ll show you where to get the data so you can do your own analysis – enjoy.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 13:30-13:50


Fasten your seatbelts: We are escaping iOS 11 sandbox!

Friday at 13:30 in Track 3
20 minutes | Demo, Exploit

Min (Spark) Zheng Security Expert, Alibaba Inc.

Xiaolong Bai Security Engineer, Alibaba Inc.

Apple's sandbox was introduced as "SeatBelt" in macOS 10.5 which provided the first full-fledged implementation of the MACF policy. After a successful trial on macOS, Apple applied sandbox mechanism to iOS 6. In its implementation, the policy hooked dozens of operations. The number of hooks has been growing steadily when new system calls or newly discovered threats appeared. In the beginning, Apple's sandbox used a black list approach which means Apple originally concentrated on the known dangerous APIs and blocked them, allowing all others by default. However, with the evolution of Apple's sandbox, it applies a white list approach that denies all APIs and only allows secure ones that Apple trusts.

In this talk, we will first introduce Apple's sandbox mechanism and profiles in the latest iOS. Then, we discuss iOS IPC mechanism and review several old classic sandbox escape bugs. Most importantly, we show two new zero-day sandbox escape vulnerabilities we recently discovered in the latest iOS 11.4. Besides, we share our experience of exploiting vulnerabilities in system services through OOL msg heap spray and ROP (Return-oriented programming). In addition, we discuss a task port exploit technique which can be used to control the whole remote process through Mach messages. By using these techniques, security researchers could find and exploit sandbox escape bugs to control iOS user mode system services and further attack the kernel.

Min (Spark) Zheng
Min (Spark) Zheng (twitter@SparkZheng, github@zhengmin1989) is a security expert in Alibaba Orion Security Lab. He received his Ph.D. degree in the CSE department of the CUHK. His research focuses on malware analysis, smartphone (Android & iOS) security, system design and implementation. Before receiving Alibaba A-Star offer award in 2015, he worked in FireEye, Baidu and Tencent. He was the champion of GeekPwn 2014 and AliCTF 2015. He won the"best security researcher" award in FIT 2016 for detecting the iOS/macOS vulnerabilities, XcodeGhost virus and WormHole RCE vulnerability. He is a member of the OverSky team for private jailbreaking development. He presented his research in DEF CON, HITB, BlackHat, RUXCON, etc.

@SparkZheng

Xiaolong Bai
Xiaolong Bai (twitter@bxl1989, github@bxl1989) is a security engineer in Alibaba Orion Security Lab. Before joining Alibaba, he received his Ph.D. degree in Tsinghua University. He has published several research papers on top conferences including IEEE S&P, Usenix Security, CCS, NDSS, and presented his research in Black Hat USA and Hack In The Box. He has been acknowledged by famous vendors, including Apple, Google, Facebook, Evernote, and Tencent for his contribution in discovering the vulnerabilities in their systems and improving the security of their products. He is a member of the OverSky team for private jailbreaking development.

@bxl1989


Return to Index      -     

 

PHW - Caesars Promenade Level - Neopolitan BR - Friday - 15:30-16:59


Finding and Attacking Undocumented APIs with Python

Write Python web bots using Selenium and BrowserMob Proxy to crawl the Internet looking for non-public APIs. We will look at several ways to identify vulnerabilities in discovered APIs as a means for penetration testing and large scale data gathering. Participants should have some Python experience, as well as a familiarity with HTTP requests.

Ryan Mitchell is a senior software engineer at HedgeServ in Boston, where she develops APIs and data analytics tools for hedge fund managers. She is a graduate of Olin College of Engineering and Harvard University Extension School with a master's in software engineering and certificate in data science. Since 2012 she has regularly consulted, lectured, and run workshops around the country on the topics of web scraping, Python automation tools, and data science.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Thursday - 10:00-13:59


Finding Needles in Haystacks

Thursday, 1000-1400 in Icon D

Louis Nyffenegger Security Engineer, Pentester Lab

Luke Jahnke Security Researcher, Elttam

With more and more teams moving to Agile, security engineers need to be ready to find bugs by just looking at a diff in Stash or Github. This workshop will give you the basics to get started and know what to look for. Based on 3 exercises in 3 different languages (PHP, Golang and Ruby), we will cover simple to more advanced issues and show you where to look and what you can find. After this workshop, you will be ready to start doing code review for fun or as a way to get further as part of a post-exploitation.

Prerequisites: The students should be able to use a text editor and navigate source code. Basic knowledge of Git, PHP, Ruby and Go will definitely help but is not mandatory.

Materials: A laptop with 4Gb of RAM. Internet access during the class.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/finding-needles-in-haystacks-icon-d-tickets-47086263281
(Opens July 8, 2018 at 15:00 PDT)

Louis Nyffenegger
Louis Nyffenegger is a security engineer and entrepreneur based in Melbourne, Australia. He performs pentest, architecture and code review on a daily basis. Louis is the founder of PentesterLab, a learning platform for web penetration testing.

Luke Jahnke
Luke Jahnke is a Security Researcher at Elttam. He has extensive experience performing security assessments and running training. He enjoys working on interest vulnerabilities and runs the biennial BitcoinCTF competition.


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 13:00-13:30


Finding Xori: Malware Analysis Triage with Automated Disassembly

Friday at 13:00 in Track 2
20 minutes | Demo, Tool

Amanda Rousseau Senior Malware Researcher at Endgame Inc.

Rich Seymour Senior Data Scientist at Endgame Inc

In a world of high volume malware and limited researchers we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the corporate sponsored research community is dominated by solutions aimed at profit as opposed to augmenting capabilities available to the broader community. With that in mind, we are introducing our library for malware disassembly called Xori as an open source project. Xori is focused on helping reverse engineers analyze binaries, optimizing for time and effort spent per sample.

Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. This Rust library emulates the stack, register states, and reference tables to identify suspicious functionality for manual analysis. Xori extracts structured data from binaries to use in machine learning and data science pipelines.

We will go over the pain-points of conventional open source disassemblers that Xori solves, examples of identifying suspicious functionality, and some of the interesting things we've done with the library. We invite everyone in the community to use it, help contribute and make it an increasingly valuable tool for researchers alike.

Amanda Rousseau
Amanda Rousseau absolutely loves malware. She works as a Senior Malware Researcher at Endgame who focuses on dynamic behavior detection both on Windows and OSX platforms. She worked as a malware researcher at FireEye before joining Endgame. She previously worked a reverse engineer and computer forensic examiner working for DoD forensic investigations and commercial incident response engagements. She received her MS in Information Systems Engineering from Johns Hopkins University. Research interests include malware evasion techniques, dynamic behavior classification, and developing runtime detections.

@malwareunicorn

Rich Seymour
Rich Seymour is a senior data scientist at Endgame, where he works on integrating R&D successes into the company's platform and experimenting with new techniques to make security sensible. He's currently working on improving natural language understanding in the Artemis chatbot in the Endgame platform and understanding how to catch adversary tradecraft. He holds a PhD in materials science and an MS in computer science, both from the University of Southern California, where he worked on high-performance computing simulations of nanoscale materials under stress. He has spoken at USENIX SOUPS, Shmoocon and O'Reilly Security.

@rseymour


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 14:30-14:50


Fire & Ice: Making and Breaking macOS Firewalls

Saturday at 14:30 in Track 3
20 minutes | Demo, Tool, Exploit

Patrick Wardle Chief Research Officer, Digita Security

In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential role. Many a malware has been generically thwarted thanks to the watchful eye of these products.

However on macOS, firewalls are rather poorly understood. Apple's documentation surrounding it's network filter interfaces is rather lacking and all commercial macOS firewalls are closed source.

This talk aims to take a peek behind the proverbial curtain revealing how to both create and 'destroy' macOS firewalls.

In this talk, we'll first dive into what it takes to create an effective firewall for macOS. Yes we'll discuss core concepts such as kernel-level socket filtering—but also how to communicate with user-mode components, install privileged code in a secure manner, and simple ways to implement self-defense mechanisms (including protecting the UI from synthetic events).

Of course any security tool, including firewalls, can be broken. After looking at various macOS malware specimens that proactively attempt to detect such firewalls, we'll don our 'gray' (black?) hats to discuss various attacks against these products. And while some attacks are well known, others are currently undisclosed and can generically bypass even today's most vigilant Mac firewalls.

But all is not lost. By proactively discussing such attacks, combined with our newly-found understandings of firewall internals, we can improve the existing status quo, advancing firewall development. With a little luck, such advancements may foil, or at least complicate the lives of tomorrow's sophisticated Mac malware!

Patrick Wardle
Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

@patrickwardle


Return to Index      -     

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


firstorder

Saturday 08/11/18 from 1000-1150 at Table Three
Offense

Utku Sen

Gozde Sinturk

Perimeter defenses are holding an important role in computer security. However, when we check the method of APT groups, a single spear-phishing usually enough to gain a foothold on the network. Therefore, red teams are mostly focused on "assume breach" type of scenarios. In these scenarios, testers need to use a post-exploitation framework. Besides that, testers also need to hide the server-agent communication from NIDS (Network Intrusion Detection Systems). firstorder is designed to evade Empire's C2-Agent communication from anomaly-based intrusion detection systems. It takes a traffic capture file (pcap) of the network and tries to identify normal traffic profile. According to results, it creates an Empire HTTP listener with appropriate options.

Utku Sen
Utku Sen is a security researcher who is mostly focused on following areas: application security, network security, tool development. He presented his tool, Leviathan Framework in Black Hat USA Arsenal and DEF CON Demo Labs in 2017. He also nominated for Pwnie Awards on "Best Backdoor" category in 2016.". He currently works in Tear Security.

Gozde Sinturk
Gozde Sinturk is Security Researcher and Python Developer who involved in projects related to machine learning, natural language processing, and big data. She is developing security tools in her current position. She currently works in Tear Security.


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Sunday - 12:00-12:59


Fishing for Phishers. The Enterprise Strikes Back!

Joseph Muniz, Cisco
Aamir Lakhani, Fortinet

Phishing and social engineering has been around since Han Solo has flown the Millennium Flacon. The typically response is deleting the messages and giving the middle finger however, what more could be done to strike back? This talk will cover how to build an artificial environment and develop anti phishing tools used to respond to phishing attempts. Results could include owning the attacker's box "hypothetically" since some legal boundaries could be crossed.

Joseph Muniz is an architect at Cisco Systems. Aamir Lakhani (Twitter: @SecureBlogger) is a lead researcher at Fortinet. Together, they have spoken at various conferences including the infamous Social Media Deception RSA talk quoted by many sources found by searching "Emily Williams Social Engineering." They are also making their fourth appearance for the DEF CON Wall of Sheep. Both speakers have written books together including a recent title Digital Forensics for Network Engineers released on Cisco Press late February 2018. They have been friends for years and continue to collaborate on research and other projects.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 10:00-10:45


For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems

Sunday at 10:00 in Track 3
45 minutes | Demo, Tool

Leigh-Anne Galloway Cyber Security Resilience Lead, Positive Technologies

Tim Yunusov Hacker

These days it's hard to find a business that doesn't accept faster payments. Mobile Point of Sales (mPOS) terminals have propelled this growth lowering the barriers for small and micro-sized businesses to accept non-cash payments. Older payment technologies like mag-stripe still account for the largest majority of all in-person transactions. This is complicated further by the introduction of new payment standards such as NFC. As with each new iteration in payment technology, inevitably weaknesses are introduced into this increasingly complex payment eco-system.

In this talk, we ask, what are the security and fraud implications of removing the economic barriers to accepting card payments; and what are the risks associated with continued reliance on old card standards like mag-stripe? In the past, testing for payment attack vectors has been limited to the scope of individual projects and to those that have permanent access to POS and payment infrastructure. Not anymore!

In what we believe to be the most comprehensive research conducted in this area, we consider four of the major mPOS providers spread across the US and Europe; Square, SumUp, iZettle and Paypal. We provide live demonstrations of new vulnerabilities that allow you to MitM transactions, send arbitrary code via Bluetooth and mobile application, modify payment values for mag-stripe transactions, and a vulnerability in firmware; DoS to RCE. Using this sampled geographic approach, we are able to show the current attack surface of mPOS and, to predict how this will evolve over the coming years.

For audience members that are interested in integrating testing practices into their organization or research practices, we will show you how to use mPOS to identify weaknesses in payment technologies, and how to remain undetected in spite of anti-fraud and security mechanisms.

Leigh-Anne Galloway
Leigh-Anne Galloway is a Security Researcher who specializes in the areas of application and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. This is where she discovered her passion for security advisory and payment technologies. She has presented and authored research on ATM security, application security and payment technology vulnerabilities, and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, and Troopers.

@L_AGalloway

Tim Yunusov
Tim Yunusov is a Senior Expert in the area of banking security and application security. He has authored multiple research in these areas including "Apple Pay replay attacks" (Black Hat USA 2017), "7 sins of ATM protection against logical attacks" (PacSec, POC), "Bruteforce of PHPSESSID", "XML Out-Of-Band" (Black Hat EU), and is rated in the Top Ten Web Hacking Techniques by WhiteHat Security. He regularly speaks at conferences and has previously spoken at CanSecWest, Black Hat USA, Black Hat EU, HackInTheBox, Nullcon, NoSuchCon, Hack In Paris, ZeroNights and Positive Hack Days.

@a66at


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Thursday - 14:30-18:30


Forensic Investigation for the Non-Forensic Investigator

Thursday, 1430-1830 in Icon A

Gary Bates Technology Director

This workshop will provide a foundation to attendees on the basics of performing a forensic investigation on a corporate or SOHO network. The course will primarily discuss forensics on a Windows system and network, but, Linux and Mac systems will be briefly discusses during the workshop where applicable. Attendees will learn techniques on how to properly collect possible evidentiary data, how to store the collected data, how to analyze the information and evaluate the data. Topics that will be covered include: - Pre-incident.. Setting up your forensic analysis toolkit. - First contact with an incident. What should you do and not do. - Collecting volatile data. Tools and techniques - Collecting and storing non-volatile data. - Utilizing open source software to analyze the data - Making a determination and writing the report based on the analyzed data. - What to do with the collected and analyzed information. This workshop is intended to provide a basic overview of how to properly collect and handle data in a corporate or enterprise network. The course will cover several tools and provide labs for the students to complete to familiarize themselves with how the tools work and the proper procedures to use. However, this class will not make a deep dive into any of the tools. Nor is this class intended for the professional forensic investigator.

Prerequisites: Students need to have a knowledgeable background in IT Administration, basic knowledge of file structures and how the Windows OS works. Students should be knowledgeable in utilizing VirtualBox and how to setup VMs and attach virtual hard drives.

Materials: Students will need to bring a laptop capable of running no more than 3 VMs. The latest version of VirtualBox should be installed.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/forensic-investigation-for-the-non-forensic-investigator-icon-a-tickets-47086683538
(Opens July 8, 2018 at 15:00 PDT)

Gary Bates
Gary works as the Technology Director for a medium size city in Texas. This job requires him to wear many hats to include performing forensic analysis on enterprise systems. In addition, he has helped the City's police department with several criminal cases that involved the collection of network and stored data from systems under investigation. Additionally, he teaches information security classes at the local junior college to include a forensic investigation course for IT security students. Besides 15 years of experience in the IT field, he has a BS in Network Administration and a Masters in Information Security Assurance. He, also, holds several industry certifications to include a Certified Ethical Forensic Investigator Certification. Since he is easily distracted and always curious, he has a wide-range of interest and off-hour projects that run the gambit from in-depth study about cyber security to data analysis programming to electronic projects that use the Raspberry Pi and Arduino chips.


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 15:00-15:59


Freedom of Information - Hacking the Human Black Box

Elliott Brink, Senior Penetration Tester at RSM US LLP

FOIA (otherwise known as the Freedom of Information Act or FOI/Freedom of Information in Australia) are government-based initiatives to permit the public to request information on various government records. In practice, these acts enable transparency of the operations of government to the masses with relative ease. In reality, submitting FOI requests can be a cumbersome and frustrating process for citizens.

For two years now I have been hacking this human black box - finding out what you can/cannot ask for and more importantly how to ask for information and get it! Have you ever asked the government for a log file, Cisco IOS running config or Active Directory group policies? Do you ever wonder if a government employee would provide you with such information if you asked really really nicely? Let's find out together! For the past couple of years I have been performing various technology-focused FOI requests in an attempt to answer one simple argument: Can you utilize freedom of information to enumerate technical information from government agencies? I present my research, findings and results of multiple years of submitting FOIA requests to various USA and Australian government institutions including multiple intelligence agencies. We will discover the fun times and challenges when performing such requests.

Attendees will gain practical knowledge about: what FOIA is, the caveats of FOIA, how you can utilize FOIA on red team engagements and other open source intelligence gathering activities and finally the results of my research in multiple requests to intelligence agencies.

Elliott Brink (Twitter: @ebrinkster) is an information security consultant based out of NYC. He specializes in internal/external pentesting, security architecture and social engineering. He loves computer history, tracking bad guys, honeypots, an expertly crafted bloody mary, and traveling the globe.


Return to Index      -     

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Thursday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index      -     

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Thursday - 17:00-17:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index      -     

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index      -     

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friday - 17:00-17:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index      -     

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Saturday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index      -     

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Saturday - 17:00-17:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index      -     

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Sunday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index      -     

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 16:00-16:50


Friday August 10 1600 50 Mins

From Introvert to SE: The Journey

In 20 years I learned how to step outside my introverted personality to explore the world in a more successful way, but not without bumps and bruises which taught me valuable lessons.

This is my story of that journey which I hope to convey to those listening that being a deep introvert should not prevent them from trying and achieving goals in life up to and including being a professional social engineer and beyond. I wrap up with the specific lessons I learned over the course of that time, so others can reap the benefits of those lessons in a much shorter time frame.

Ryan MacDougall: @joemontmania

Ryan MacDougall is a Senior Social Engineer Pentester for Social-Engineer LLC, who has over 20 years’ experience in the information technology world and 5 years in the security space specifically. Naturally a deep introvert, he has achieved goals and experienced life that early on did not seem possible or even imaginable. With the help of professionals and experts in the field of psychology, he amassed techniques to navigate the social world to achieve goals he wanted and some he never knew he wanted.


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 14:00-14:59


Title:
From MormonLeaks to FaithLeaks

Ethan Gregory Dodge
@Mormon_Leaks @FaithLeaks @egd_io
From MormonLeaks to FaithLeaks

Last year Ethan spoke as Privacy P. Pratt, the anonymous technical mind behind the whistle-blowing organization MormonLeaks and chronicled its history and impact up to that point. Since then, he has abandoned the pseudonym, FaithLeaks has been born, and MormonLeaks has uncovered a great deal more. Join Ethan in this sequel to last year and hear about Skytalks-2017-inspired FaithLeaks, exposed sexual and ecclesiastical abuse, financial information the Mormon Church went through great lengths to hide, mistakes made along the way, and how this model is promoting increased transparency in a part of society that desperately needs it.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Thursday - 14:30-18:30


Fuzzing FTW

Thursday, 1430-1830 in Icon D

Bryce Kunz President, Stage 2 Security

Kevin Lustic Information Security Researcher

Join us in this hands-on introduction to fuzzing workshop, where we will explore how common fuzzing tools (e.g. AFL, libFuzzer, BooFuzz, etc..) are used to discover previously unknown bugs within applications.

We will first cover a general process to follow when fuzzing a targeted application and then provide hands-on labs where students will be able to apply this fuzzing process to quickly discover bugs within applications.

Several different fuzzing techniques will be covered including fuzzing file inputs via blind mutations (e.g. radamsa), fuzzing specific functions within an application via in-process evolutionary fuzzing (e.g. libFuzzer), compile-time instrumentation based fuzzing (e.g. AFL), and fuzzing of network services via generation based fuzzing (e.g. BooFuzz aka Sulley).

Prerequisites: Students need to be comfortable in Kali Linux which includes navigating the OS via the terminal. An understanding of basic networking concepts (i.e TCP/IP) and the HTTP protocol is highly recommended. Some knowledge of the Python scripting language is highly recommended.R26

Materials:

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/fuzzing-ftw-icon-d-tickets-47086572205
(Opens July 8, 2018 at 15:00 PDT)

Bryce Kunz
Bryce Kunz (@TweekFawkes) craves righteous red team hacks. Currently, the President of Stage 2 Security. Previously he supported the NSA (network exploitation & vulnerability research), Adobe (built red teaming program for cloud services), and DHS (incident response). Bryce holds numerous certifications (e.g. OSCP, etc...), and has spoken at various security conferences (i.e. BlackHat, DerbyCon, etc...).

Kevin Lustic
Kevin Lustic is an InfoSec researcher located just outside Salt Lake City, Utah. He is currently a red-teamer for Adobe in Lehi, performing offensive security testing against the various Adobe Digital Experience solutions. Prior to joining Adobe, Kevin spent five years in the Intelligence Community as a global network vulnerability analyst, cryptanalyst, and developer in various positions. He earned his Bachelor's degree in Mathematics from Ohio University, then his Master's degree in Cyberspace Operations from the Air Force Institute of Technology under a full NSF-funded CyberCorps scholarship.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 15:00-15:45


Fuzzing Malware For Fun & Profit. Applying Coverage-guided Fuzzing to Find and Exploit Bugs in Modern Malware

Sunday at 15:00 in Track 3
45 minutes | Demo, Tool, Exploit

Maksim Shudrak Senior Offensive Security Researcher, Salesforce

Practice shows that even the most secure software written by the best engineers contain bugs. Malware is not an exception. In most cases their authors do not follow the best secure software development practices thereby introducing an interesting attack scenario which can be used to stop or slow-down malware spreading, defend against DDoS attacks and take control over C&Cs and botnets. Several previous researches have demonstrated that such bugs exist and can be exploited. To find those bugs it would be reasonable to use coverage-guided fuzzing.

This talk aims to answer the following two questions: ___ we defend against malware by exploiting bugs in them ? How can we use fuzzing to find those bugs automatically ?

The author will show how we can apply coverage-guided fuzzing to automatically find bugs in sophisticated malicious samples such as botnet Mirai which was used to conduct one of the most destructive DDoS in history and various banking trojans. A new cross-platform tool implemented on top of WinAFL will be released and a set of 0day vulnerabilities will be presented.

Do you want to see how a small addition to HTTP-response can stop a large-scale DDoS attack or how a smart bitflipping can cause RCE in a sophisticated banking trojan? If the answer is yes, this is definitely your talk.

Maksim Shudrak
Maksim is a security researcher, hacker who loves vulnerabilities hunting, fuzzing acrobatics and complex malicious samples reversing. Maksim had a change to work on binary instrumentation, Windows operating system emulators and malware analysis at large cyber security companies around the world.

https://github.com/mxmssh, https://www.linkedin.com/in/mshudrak


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Saturday - 10:00-13:59


Fuzzing with AFL (American Fuzzy Lop)

Saturday, 1000-1400 in Icon B

Jakub Botwicz Primary Security Engineer, Samsun Poland R&D Center

Wojciech Rauner Security Engineer, Samsung Research

This workshop will give participants information how to use afl (American fuzzy lop) to identify vulnerabilities in different applications and modules. afl is a security-oriented fuzzer, that allows to efficiently and automatically test software components allowing to find interesting security issues. It is one of leading tools and essential component in the toolbox of security researcher and hacker (penetration tester). List of afl trophies (issues found using afl) can be read at: http://lcamtuf.coredump.cx/afl/ Participants will have possibility to learn how afl works and how to use it successfully based on real life cases - vulnerabilities found by trainers in different open source components. During the training multiple cases and tips will be presented (see detailed outline for more complete list).

Prerequisites: None

Materials: To participate in the hands-on sections, attendees need to bring a laptop with minimum 2 GB RAM which can run a virtual machine or a Docker container. Virtual machine and Docker container with all necessary tools will be provided before the workshop.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/fuzzing-with-afl-american-fuzzy-lop-icon-b-tickets-47194653479
(Opens July 8, 2018 at 15:00 PDT)

Jakub Botwicz
Jakub works as Primary Security Engineer in Samsung Poland R&D Center leading a team of security researchers. He has more than 15 years of experience in information security and previously worked e.g. in: one of world leading payment card service providers, Big4 consulting company and vendor of network encryption devices. Jakub holds PhD degree of Warsaw University of Technology and security community certificates including: GWAPT, CISSP, ECSA. Currently he works providing security assessments (static and dynamic analysis) of different mobile and IoT components. afl helped him find numerous vulnerabilities, also in open source components.

Wojciech Rauner
Wojciech has background as a full-stack developer, currently works as a Security Engineer for Samsung Research Poland. His current area of research is IoT and mobile devices. Likes to talk about cryptography and higher level languages. Loves to take things apart, build new things (because old ones got irreversibly broken in the process) and make stuff work (again). Plays in CTF Samsung R&D PL team (crypto/net/programming).


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Sunday - 13:00-13:59


Title:
Game Runner 2049: The Battles Fought by the King of the Replicants

Nick Cano
@nickcano93

Game Runner 2049: The Battles Fought by the King of the Replicants

"XenoBot is an engineered player, provided to cheaters for use in-game. It's enhanced reaction speed and inability to tire made it ideal for power leveling.

After a series of technological breakthroughs, it's use became ubiquitous and Tibia became a botter haven.

The collapse of fair play in the early 2000's led to the rise of DarkstaR, as his bot masked it's synthetic properties and averted detection.

Through XenoBot, DarkstaR acquired the keys to a line of botted characters that would silently obey and benefit him.

Many usurpers in-game guilds, software crackers, and DDoSers came forth. They hunted him to prove themselves.

Those he defeated still know him by the name... Game Runner

This is a talk for gamers and hackers about the battles I fought during a decade selling an MMORPG bot. I'll talk about what it was like to wield a surveillance system comprised of thousands of botted characters providing me with military-grade in-game intelligence. I'll outline the lessons I learned fighting off massive DDoS attacks on my own, including how I turned the laser on a mirror. I'll share a funny story about how serendipity convinced a forum that I had hacked them, as well as the the time I actually mass-hacked hundreds of users on a forum where child-porn was talked about with normalcy. I'll go into how CloudFlare doxxed me to that forum and how I hacked my way to the top of the situation without anyone being the wiser. After these and other tales, I hope you'll walk away from this talk laughing at my shenanigans while also having learned a few things about game development, hacking, and how to outmaneuver your opposition."


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Sunday - 11:00-11:40


GAN to the dark side: A case study of attacking machine-learning systems to empower defenses

Li Chen

“There has been a surge of interest in using machine learning (ML) to automatically detect malware through their dynamic behaviors. These approaches indeed have achieved much higher accurate detection rate and lower false positive rate. ML in threat detection has demonstrated to be a good cop to guard platform security. However should we fully trust ML-powered security? Here, we juxtapose the resiliency and trustworthiness of ML algorithms for security, in the case study of ransomware detection. We propose RD-Fool, an AI-based system to bypass ML-based ransomware detection.

In this talk, we examine the perspectives of ML assuming the role of both a good cop and a bad cop. We first train a variety of deep learning and classical machine learning classifiers for ransomware detection using data collected from file I/O and registry events. We show the classifiers can achieve great performance in terms of classification accuracy and false positive rate for ransomware detection. Then we examine the resiliency of these classifiers using our proposed system RD-Fool. RD-Fool uses random forest and generative adversarial networks (GAN) to generate samples which can bypass the ransomware detectors. We demonstrate both exploratory and causative attacks using RD-Fool, where exploratory attack aims at bypassing the ransomware detector during inference phase, and causative attack aims at poisoning the training data to perturb the ML decision boundary.

The key advantages of RD-Fool include quick identification of the blind spots of the victim ML model and efficient generation of realistic and evasive samples. We examine the quality of the crafted sample using the perturbation distance and the Silhouette score. Our results and discoveries pose interesting and alarming issues such as how much should we trust or utilize ML for better security. “

Li Chen is a data scientist and research scientist in the Security and Privacy Lab at Intel Labs, where she focuses on developing state-of-the-art robust machine learning and deep learning algorithms for security analytics including applications in malware detection and image classification in the adversarial setting. She is also the co-primary investigator (PI) and research lead at the Intel Science & Technology Center for Adversary-Resilient Security Analytics. She designs the roadmaps with Intel and Georgia Tech PIs to jointly meet both industrial and academic research objectives. She provides research direction and in-depth technical guidance to advance the ARSA research agenda. Prior to joining Intel Labs, Li was a Data Scientist in Software and Services Group at Intel, where she focused on developing advanced and principled machine learning methods for cloud workload characterization and cloud computing performance. Li Chen received her Ph.D. degree in Applied Mathematics and Statistics from Johns Hopkins University. Her research interests primarily include machine learning, statistical pattern recognition, random graph inference, data mining, and inference for high-dimensional data. Her research has been featured in a number of pioneering scientific and engineering journals and conferences including IEEE Transactions on Pattern Analysis and Machine Intelligence, Annals of Applied Statistics, Parallel Computing, AAAI Conference on Artificial Intelligence and SPIE. She has given more than 30 technical presentations, including at the Joint Statistical Meeting (the largest statistics conference in North America), AAAI conference, International Joint Conference on Artificial Intelligence, and Spring Research Conference on Statistics and Industry Technology.


Return to Index      -     

 

Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - Friday - 20:30-23:59


Title:
GeekPwn Party

Part contest, part open discussion of security, part talent show and 100% fun! Join the folks from GEEKPWN for a evening of entertainment with a focus on information security from China. Expect contests, serious discussion, music, and an enviroment open to your ideas.

Return to Index      -     

 

Contest - Contest Stage - Friday - 10:00-12:59


Title:
GeekPwn

Started by KEEN - and the first in 2014, GeekPwn enables security geeks around the world to exchange their thoughts and research findings. As the international intelligence security community, GeekPwn tries to create secure life with secure techniques. In GeekPwn, YOU are encouraged to exploit unknown vulnerabilities of the cyber world. And together, WE aim to help manufacturers develop their security systems and create a better world.

The most unique and extraordinary character of a GeekPwn attendee is his/her open-minding and rich variety of PWN.

Security researchers are welcomed to GeekPwn if they are able to take control or obtain data without authorization under reasonable, realistic conditions (without tampering, pre-implanted Trojans or certain pre-granted privileges), and target software and protocols of mobile phones, smart devices, Internet of Things, new I/O modules (gesture capture, VR, AR, etc.), AI-featured modules and services (robots, visual recognition and voice recognition), etc.

More Info: http://www.geekpwn.org/

Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Sunday - 10:00-10:40


Generating Labeled Data From Adversary Simulations With MITRE ATT&CK 

Brian Genz

“Attackers have a seemingly endless arsenal of tools and techniques at their disposal, while defenders must continuously strive to improve detection capabilities across the full spectrum of possible vectors. The MITRE ATT&CK Framework provides a useful collection of attacker tactics and techniques that enables a threat-focused approach to detection. 

This technical talk will highlight key lessons learned from an internal adversary simulation at a Fortune 100 company that evolved into a series of data science experiments designed to improve threat detection. ”

Brian Genz is a Security Engineer focused on threat hunting, security data science, threat intelligence, and security orchestration, automation & response. He brings experience in the defense intelligence, manufacturing, and financial sectors in the areas of incident response, digital forensics, vulnerability management, and security architecture consulting. He has presented at Derby Con, Circle City Con, CypherCon, the ISSA International Conference, ISACA, InfraGard, and other venues. Brian also serves as adjunct faculty in the information security program at Milwaukee Area Technical College.


Return to Index      -     

 

HHV - Caesars Pool Level - Forum 17-21 - Friday - 14:00-17:59


Chris Gammell

Abstract

This is an in-person, hands-on version of “Getting To Blinky”, an online course series that has taught thousands to use the free and open source electronics CAD program, KiCad. This would be a “DEFCON badge” version of that course which showcases how to add a blinking circuit, get acquainted with the tool and also add customizable artwork to a Printed Circuit Board (PCB). By the end, attendees will be able to actually order a low cost PCB from online sources.

What to Bring

Please come to this session with a computer with KiCad set up and running. Course is aimed at KiCad 4.0.7, slightly earlier is fine but 5.0.0 is not advised. Install assistance can be given during the beginning of the presentation if needed.

Max size: 24, first come first serve basis.

Bio

Chris Gammell is the host of The Amp Hour Electronics podcast and the owner of Contextual Electronics, an online apprenticeship program. He has been teaching people to design and build electronics online for 8 years, including 5 as an online instructor. His interests are in hands on education and making the electronics learning process easier. He also focuses on low cost and no cost tools, like the open source CAD program KiCad. Prior to teaching online, Chris was an electronics designer for 15 years in various industrial settings.


Return to Index      -     

 

CHV - Flamingo Lower Level - Red Rock Rm 1-5 - Friday - 13:20-13:45


Go Hack Cars

Eric Evenchick

FRIDAY 8/10 • 1:20-1:45 PM
25 min talk

 

 

Golang is a pretty nifty language, and it's remarkably well suited for car hacking. SocketCAN provides a great framework for interacting with CAN devices, so why not use it from Go? We'll present an open source Go library for making SocketCAN easy, and show how to work with raw CAN and ISOTP data. Attendees will get all the info they need to start hacking CAN buses with Go.


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 14:00-14:45


GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs

Friday at 14:00 in Track 1
45 minutes | Demo, Tool, Exploit

Christopher Domas Director of Research, Finite State

Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the feasibility of more widespread hardware backdoors.

Christopher Domas
Christopher Domas is a security researcher and embedded systems engineer, currently investigating scalable IoT security. He is best known for releasing impractical solutions to non-existent problems, including the world's first single instruction C compiler (M/o/Vfuscator), toolchains for generating images in program control flow graphs (REpsych), showing that all programs can be reduced to the same instruction stream (reductio), and the branchless DOOM meltdown mitigations. His more relevant work includes the sandsifter processor fuzzer, the binary visualization tool ..cantor.dust.., and the memory sinkhole x86 privilege escalation exploit.

@xoreaxeaxeax


Return to Index      -     

 

CHV - Flamingo Lower Level - Red Rock Rm 1-5 - Saturday - 14:35-15:20


Grand theft auto: Digital key hacking

kevin chen

saturday 8/11 • 2:35-3:20 PM
45 min talk

The security of automobiles access control system is a topic often discussed. While most traditional automobile keyfob systems have been shown to be insecure in the past, here comes a digital Key system, which owner able to having their smart phone authenticates as a digital car key.

In this talk we will reveal the research and attacks for one of digital car keys system in the current market. By investigating how these features work, and how to exploit it through different possibles of attack vectors, we will demonstrate the security limitations of such system. By the end of this talk the attendees will understand not only how such car key system can be exploited, but also which tools can be use during the car relate security system investigation


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 15:00-15:59


Grand Theft Auto: Digital Key Hacking

Huajiang "Kevin2600" Chen, Security Research at Ingeek
Jin Yang, Independent Security Researcher

The security of automobiles accesses control system is a topic often discussed. Today's vehicles rely on key-fob control modules, to ensure the vehicle is accessible to authorized users only. While most traditional automobile key-fob systems have been shown to be insecure in the past, here comes a game changer. Instead of the regular key-fob system, some car owners will be able to access their vehicle by having their smartphone authenticates as a digital car key.In this talk, we will reveal the research and attacks for one of digital car keys system in the current market. By investigating how these features work, and how to exploit it through different possibles of attack vectors, we will demonstrate the security limitations of such system. By the end of this talk, the attendees will not only understand how to exploit these systems also which tools can be used to achieve our goals.

Huajiang "Kevin2600" Chen (Twitter: @kevin2600) is a security researcher at Ingeek. And a member of Team-Trinity. The Team-Trinity is a Non-profit group of security researchers, mainly focus on wireless and embedded systems vulnerability research. Team members have worked extensively with binary reverse engineering, mobile security, and hardware security. Kevin2600 has spoken at various conferences including XCON, KCON, OZSecCon, BSides, and Alibaba-Cloud-Zcon.

Jin Yang is a member of Team-Trinity. The Team-Trinity is a Non-profit group of security researchers, mainly focus on wireless and embedded systems vulnerability research. He work in network security industry for over 10 years and focus on the Automated Virus Analysis, IoT Security, Threat Intelligence and Rootkits. Jin has spoken at XCon; AVAR and KCon.


Return to Index      -     

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


GreyNoise

Saturday 08/11/18 from 1200-1350 at Table Three
Defenders, blue teamers, SOC and network analysts

Andrew Morris

GreyNoise is a system that collects all of the background noise of the Internet. Using a large network of geographically and logically dispersed passive collector nodes, GreyNoise collects, labels, and analyzes all of the omnidirectional, indiscriminate Internet-wide scan and attack traffic. GreyNoise data can be used to filter pointless alerts in the SOC, identify compromised devices, pinpoint targeted reconnaissance, track emerging threats, and quantify vulnerability weaponization timelines.

https://greynoise.io/

Andrew Morris
Andrew Morris is the founder of GreyNoise Intelligence, a DC-based cyber security company, and likely holds the world record for amount of time spent staring at Internet-wide scan traffic. Prior to founding GreyNoise, Andrew worked as a researcher, red team operator, and consultant for several large cyber security firms including Endgame, NCC group, and KCG. Outside of work, Andrew enjoys playing fingerstyle acoustic guitar and tries to figure out what his dreams mean.


Return to Index      -     

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 12:00-13:50


GUI Tool for OpenC2 Command Generation

Sunday 08/12/18 from 1200-1350 at Table Six
Defense

Efrain Ortiz

The tool is a stand alone web self service application that graphically represents all the evolving OpenC2 commands to allow OpenC2 application developers to click and generate OpenC2 commands. The tool makes it extremely easy for even beginners to work on the creation of OpenC2 commands. The tool provides the OpenC2 command output in JSON and in curl, nodejs and python code to be easily integrate into Incident Response or Orchestration platforms.

https://github.com/netcoredor/openc2-cmdgen

Efrain Ortiz
Efrain is a Director in the Office of the CTO at Symantec Corporation. Prior to his Director role, he worked 15 years as a field pre-sales systems engineer. Efrain started his digital life on a TRS-80 Color Computer II in the 1980s. Previous to his 15 years at Symantec, he worked in various roles, from pen testing to network and systems administration. His current favorite project is working on the OpenC2 language specification.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Thursday - 10:00-13:59


Guided Tour to IEEE 802.15.4 and BLE Exploitation

Thursday, 1000-1400 in Icon A

Arun Mane Principle Researcher, SecureLayer7

Rushikesh D. Nandedkar Security Analyst

The workshop aims at delivering hands on experience to pentest 802.15.4 and BLE commercial devices. By design and purpose, IoT was meant to serve the whims of human, taking human laziness to next level. Hence in this due effort, there was least || no attention paid towards the state of security of IoT. However, this doesn't mean, the motives of users are deterred to use insecure IoT devices/setups.

Due to high demand for automation in M2M communication, the IoT concept took a position in the industrial sector for better and fast work ignoring security aspect. Absence of this aspect in the production is making all IoT communications and wireless communications vulnerable largely.

On the other hand, BLE devices have been used everywhere. They are being used in home automation, healthcare, SensorTags and Bluetooth Password Manager etc. As a matter of fact, these BLE devices are equally vulnerable as that of IEEE 802.15.4 based devices. The impact is huge as these technologies are used in industrial applications like water dams and other ICS systems.

Prebuilt VM with lab manuals will be provided to attendees. The workshop is structured for beginner to intermediate level attendees who do not have any experience in IoT wireless communication.

Prerequisites:
1. Basic knowledge of web and mobile security
2. Basic knowledge of Linux OS
3. Basic knowledge of programming (C, python) would be a plus

Materials:
1. Laptop with at least 50 GB free space
2. 8+ GB minimum RAM (4+GB for the VM)
3. External USB access
4. Administrative privileges on the system
5. Virtualization software - VirtualBox 5.X (including Virtualbox extension pack)/VMware player/VMware workstation/VMware Fusion
6. Linux machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse).
7. Virtualization (Vx-t) option enabled in the BIOS settings for virtualbox to work
8. Latest OS on the host machines (For ex. Windows 7 is known to cause issues)

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/guided-tour-to-ieee-802154-and-ble-exploitation-icon-a-tickets-47085983444
(Opens July 8, 2018 at 15:00 PDT)

Arun Mane
Arun: is a Hardware, IOT and ICS Security Researcher. His areas of interest are Hardware Security, SCADA, Fault Injection, RF protocols and Firmware Reverse Engineering. He also has experience in performing Security Audits for both Government and private clients. He has presented a talk at the nullcon 2016,2017,2018 Goa, GNUnify 2017, Defcamp 2017,BsidesDelhi 2017, c0c0n x 2017,EFY 2018,X33fcon2018 Also Trainer for Practical Industrial Control Systems (ICS) hacking training, delivered in X33fcon2018 and was co-Trainer for Practical IoT hacking which was delivered in HITB 2017, HIP 2017, BlackHat Asia 2018 and private clients in London, Australia, Sweden, Netherlands etc. He is an active member of null - The open Security community and G4H community.

Rushikesh D. Nandedkar
Rushikesh: is a security analyst. Having more than six years of experience under his belt, his assignments have always been pointed towards reducing the state of insecurity for information. His research papers were accepted at NCACNS 2013, nullcon 2014, HITCON 2014, Defcamp 2014, BruCON 2015, DEFCON 24, BruCON 2016, x33fcon 2017, c0c0n-x 2017, BruCON 2017, BSides Delhi 2017, nullcon 2018, HITB Amsterdam 2018 and x33fcon 2018, as well he is a co-author of an intelligent evil twin tool "DECEPTICON". Being an avid CTF player, for him solace is messing up with packets, frames and shell codes.


Return to Index      -     

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


GyoiThon

Sunday 08/12/18 from 1000-1150 at Table Two
Offense

Isao Takaesu

Masuya Masafumi

Toshitsugu Yoneyama,

GyoiThon is a fully automated penetration testing tool against web server. GyoiThon nondestructively identifies the software installed on web server (OS, Middleware, Framework, CMS, etc...) using multiple methods such as machine learning, Google Hacking, pattern matching. After that, GyoiThon executes valid exploits for the identified software. Finally, GyoiThon generates report of scan results. GyoiThon executes the above processing fully automatically.

GyoiThon consists of three engines:

Traditional penetration testing tools are very inefficient because they execute all signatures. On the other hand, GyoiThon is very efficient because it executes only valid exploits for the identified software. As a result, the user's burden will be greatly reduce, and GyoiThon will greatly contribute to the security improvement of many web servers.

https://github.com/gyoisamurai/GyoiThon

Isao Takaesu
Isao Takaesu is working in Mitsui Bussan Secure Directions, Inc. as security engineer and researcher. In the past, he found out numerous vulnerabilities in server of client and he proposed countermeasures to client. He thinks that there's more and want to efficiently find out vulnerabilities. Therefore, He's focusing on artificial intelligence technology and developing fully automated penetration testing tool using machine learning.

Masuya Masafumi
Masafumi Masuya is a security engineer on the Mitsui Bussan Secure Directions, Inc. He loves network security assessment, so he found many vulnerabilities in various servers of enterprises. He is always thinking about a method to efficiently perform network security assessment, even while sleeping. He especially loves cURL and Japanese word 'Gyoi'. "Gyoi" means that there is nothing you cannot do!

Toshitsugu Yoneyama
Toshitsugu Yoneyama is a Security Researcher and Manager on the Mitsui Bussan Secure Directions, Inc. He has reported several vulnerabilities in Juniper, Nessus, Amazon, Apache and various routers. He participated alone in Hack2win which is a hacking competition in CodeBlue 2017, and he pwned several devices by remote attack and get the 3rd prize.


Return to Index      -     

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 15:00-15:59


Title: Hack Back: Not An Option, But A Necessity? (A Mini-Workshop)

Speakers: David Scott Lewis

Description:

David Scott Lewis
The NSC's Susan Rice told Michael Daniel, Obama's cyber advisor, to 'Stand down," which let the Russians interfere in the election w/out fear of retaliation. This talk will demonstrate the folly of such policies.




Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 14:00-15:59


Title: Hack On The BitBox Hardware Wallet

Speakers: Stephanie Stroka and Marko Bencun

Description:
No description available



Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 12:25-12:40


Hackathon and CTF Prizes, and a Group Photo

No description available


Return to Index      -     

 

Meetup - Flamingo - 3rd floor - Chillout Rm - Saturday - 20:30-23:59


Title:
Hacker Flairgrounds

This is the Meetup destination for badge collectors, designers, and prototypers that you have been waiting for! A social environment to show off you custom badges, discuss projects to make you own badges and to talk to collectors who cherish your work. Flashing LEDs, crafting time, trading, and the celebration of badge craft all in one.

Return to Index      -     

 

Night Life - Caesars - Emperors Level - Chillout Rm - Friday - 20:00-25:59


Title:
Hacker Karaoke

Do you like to sing? Do you want to perform? Ever wanted to sing in front of others? Come on down to the 10th Annual Hacker Karaoke, DEFCON's on-site karaoke experience. You can be a star, or if you don't want to be a star, you can also take pride in making an utter fool of yourself.

More Info: https://hackerkaraoke.org/   @HackerKaraoke

Return to Index      -     

 

Night Life - Caesars - Emperors Level - Chillout Rm - Saturday - 20:00-25:59


Title:
Hacker Karaoke

Do you like to sing? Do you want to perform? Ever wanted to sing in front of others? Come on down to the 10th Annual Hacker Karaoke, DEFCON's on-site karaoke experience. You can be a star, or if you don't want to be a star, you can also take pride in making an utter fool of yourself.

More Info: https://hackerkaraoke.org/   @HackerKaraoke

Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 17:00-17:59


Title: Hacking a Crypto Payment Gateway

Speakers: Devin "Bearded Warrior" Pearson and Felix "Crypto_Cat" Honigwachs

Description:
No description available



Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 14:00-14:45


Hacking BLE Bicycle Locks for Fun and a Small Profit

Sunday at 14:00 in Track 2
45 minutes | Demo, Tool

Vincent Tan Senior Security Consultant, MWR InfoSecurity

Hack a lock and get free rides! (No free beer yet though...). This talk will explore the ever growing ride sharing economy and look at how the BLE "Smart" locks on shared bicycles work. The entire solution will be deconstructed and examined, from the mobile application to its supporting web services and finally communications with the lock. We will look at how to go about analysing communications between a mobile device and the lock, what works, what doesn't.

Previous talks on attacking BLE targeted the protocol itself using various hardware and software such as Ubertooth and Wireshark, which could be potentially difficult for someone new wanting to explore BLE and the ever connected IoT world. I'll simplify and stupidify the entire process such that anyone with a mobile phone and basic experience with Frida can go about breaking locks and hacking BLE the world over.

Vincent Tan
Vincent is a Senior Security Consultant at MWR Labs (the forefront of innovation and research in cyber security). He has a passion for all things"mobile" and anything"wireless". Vincent spends most of his free time focused on reverse engineering esoteric protocols, mobile devices and all things IOT to make the real(cyber)world a better and (where possible) a safer place to be for all. (All this while trying to survive by getting free rides.) Singaporean by birth, Vincent defies the local stereotype of accepting "cannot" for an answer and lives in a world of only pure possibility.


Return to Index      -     

 

Meetup - Caesars - Promenade Level - Anzio Rm past Registration - Thursday - 17:00-17:59


Title:
Hacking for Special Needs

A Meetup for parents of children and individuals with special needs within the DEF CON community. The meeting is not only social but also a exchange of information and helpful tips to help improve the lives of families and individuals and to celebrate their place in the DEF CON community.

Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 16:15-16:59


Title: Hacking Human Fetuses

Speaker: Erin Hefley
@erintoxicating
About Erin:
Erin Hefley is a resident physician in her final year of training with the Phoenix Integrated Residency in Obstetrics & Gynecology. She has a background in public health and women's health, and obtained a Master of Public Health degree from the University of Northern Colorado prior to attending medical school at the University of Arizona - Phoenix. This is her 6th Defcon attendance over the past decade, and she is thrilled to have witnessed the development and expansion of the Biohacking Village. Her current interests include reproductive health technology, women's health policy, running, and vampire erotica
Abstract:
"As prenatal testing and ultrasound technology have greatly improved, so has our ability to diagnose birth defects and genetic diseases earlier and earlier in pregnancy. Until recently, our only available options were to offer pregnancy termination or wait to see if the baby survived long enough to be treated after birth. But what if we had the capability to intervene before those genetic mutations had a chance to cause their harmful effects, sparing parents from the agony of uncertain pregnancy outcomes and saving children from debilitating diseases? In last year’s “Designer Babies: Hacking Human Embryos” we discussed pre-implantation genetic testing and embryo modification as a means to identify and treat heritable diseases, by correcting harmful gene mutations before a pregnancy even begins. Since then, exciting new research has shown that even after a pregnancy is under way, opportunities still exist for hacking the biological machinery of the fetus to alter its developmental course.This talk will review new and rapidly evolving strategies to treat genetic disease in utero – while the baby is still in the womb - by hijacking the embryologic mechanisms responsible for fetal growth and development.
Examples include:
- injection of a critical protein into the amniotic fluid surrounding babies with X-linked hypohydrotic ectodermal dysplasia, a genetic condition causing a lack of sweat glands and the life-threatening inability to regulate temperature
- transfusion of mesenchymal stem cells into the fetal umbilical cord to treat osteogenesis imperfecta or “brittle bone disease”
- in utero blood and bone marrow transplant to treat the fatal hemoglobin disorder alpha-thalessemia major
- correcting deformities such as cleft lip and palate by triggering cell signaling pathways ""knocked out"" by genetic mutation "

Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 11:00-11:45


Hacking PLCs and Causing Havoc on Critical Infrastructures

Saturday at 11:00 in 101 Track, Flamingo
45 minutes | Demo, Exploit

Thiago Alves Ph.D. Student and Graduate Research Assistant at the University of Alabama in Huntsville

Programmable Logic Controllers (PLCs) are devices used on a variety of industrial plants, from small factories to critical infrastructures like nuclear power plants, dams and wastewater systems. Although PLCs were made robust to sustain tough environments, little care was taken to raise defenses against potential cyber threats. As a consequence, threats started pouring in and causing havoc. During this presentation I will talk about the architecture of a PLC and how it can be p0wned. There will be some live demonstration attacks against 3 different brands of PLCs (if the demo demons allow it, if not I will just show a video). Additionally, I will demonstrate two vulnerabilities I recently discovered, affecting the Rockwell MicroLogix 1400 series and the Schneider Modicon M221 controllers.

Thiago Alves
Thiago Alves received his B.S. degree in electrical engineering from the"Pontifícia Universidade Católica" (PUC) in 2013. In 2014 he created OpenPLC, the world's first open source industrial controller. OpenPLC is being used as a valuable tool for control system research and education. The OpenPLC project has contributions from several universities and private companies, such as Johns Hopkins and FreeWave Technologies. In 2017 Thiago won first place in CSAW, the world's largest student-run cybersecurity competition, with his innovative embedded security solution for OpenPLC. Currently Thiago is a Ph.D. student at the University of Alabama in Huntsville. His research interests include cybersecurity for SCADA systems, industrial controllers and embedded systems.


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 13:30-13:50


Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller

Friday at 13:30 in Track 2
20 minutes | Demo, Exploit

Feng Xiao Hacker

Jianwei Huang Hacker

Peng LiuRaymond G. Tronzo, M.D. Professor of Cybersecurity

Software-Defined Networking (SDN) is now widely deployed in production environments with an ever-growing community. Due to its popularity, many attacks are proposed against this novel network model. In this talk, we further extend SDN attack surface and propose the Custom Attack, a novel attack against SDN networks that can cause serious security risks by exploiting legitimate SDN protocol messages. Unlike many attacks leverage misbehaved protocol interactions to incur unexpected controller events, we craft malicious protocol messages to exploit complex software vulnerabilities in SDN components. Our research shows that it was possible for a weak adversary to execute arbitrary command or manipulate data in the SDN controller without accessing the SDN controller or any applications, but only controlling a host or network switch.

To the best of our knowledge, Custom Attack is the first attack that can compromise multiple components of the SDN framework (e.g., User Interface, Database, Third-party libraries etc.). Till now we have tested 5 most popular SDN controllers and their applications and found all of them are vulnerable to Custom Attack in some degree.

This presentation will include:

Feng Xiao
Feng Xiao will be a Ph.D. student at The Pennsylvania State University soon. He enjoys hacking all kinds of systems as well as finding vulnerabilities. He received his B.S. in Computer Science from Wuhan University in 2018. He was the recipient of the first prize in the National Undergraduate Information Security Contest, China in 2016, and Third Prize of 2015 0CTF.

https://xiaofen9.github.io

Jianwei Huang
Jianwei Huang is a researcher at Wuhan University. He is interested in finding and solving security related problems.

Peng Liu
Dr. Liu is a professor at The Pennsylvania State University. His research interests are in computer security. He has published a monograph and over 270 refereed technical papers.


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 16:15-16:45


Hacking the international RFQ Process #killthebuzzwords - Dino Covotsos

Thanks to the “boom” in the information security industry combined with the latest buzzwords, more and more large corporate companies are looking for the latest “next gen” anti-haxor services and technologies. In doing so they often go out publicly on tender and / or issue an RFP/RFQ in order to obtain the best possible solution to meet their requirements and budget (usually cost wins).

Due to this and a lack of maturity in the field, companies issue public RFQs / RFPs that contain classified and confidential / secret information such as network diagrams, architectural designs, software versions etc. This type of information would usually require that an attacker spend an extensive amount of time performing enumeration and / or gaining access to the internal network first and taking a significant amount of time to learn about that environment. Targeting the procurement process of an organisation exposes a largely unexplored attack surface.

This new research and presentation aims to demystify the above and give practical examples of large international organisations, which unfortunately fail at the RFP/RFQ process badly. This opens a “free and easy” attack vector for attackers to exploit without even conducting extensive enumeration and fingerprinting, or anything close to intrusive attacks. As a result, an attacker often has access to an extensive amount confidential information about the organisation, which could be utilised to launch more targeted attacks. Depending on the type of information gathered, such attacks, could be likened to an attacker that has insider knowledge.

I will also be demonstrating, via real world examples, the dangers of going out blindly and looking for specific services and products in the information security industry, with real life networks being shown on stage.

A short breakdown of what will be presented is as follows:


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 14:00-14:59


Title:
Hacking the Technical Interview

Marcelle & Kelley
@marcelle_fsg & @ccsleuth

Hacking the Technical Interview

"Marcelle and Kelley will provide tips to the audience on how to survive a technical interview and possibly even shine in one! We are not recruiters or HR professionals. We have, however, a LOT of experience as interviewees and have developed some strategies that wed like to share. Our industry experience lies in various technical arenas, including public sector, private sector, and law enforcement. Topics will include the not-so-subtle art of salary negotiation, how to best prepare for questions (TCP 3-way handshake, anyone?), recognizing the roles of different interviewers, and how to keep your cool. We are also not attorneys, but will touch on illegal interview questions and how to handle them, as well as new laws about salary history. Also featured will be tales from the trenches, hopefully amusing and/or illuminating. Time permitting, we will cover some resume best practices."


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Friday - 14:30-18:30


Hacking Thingz Powered By Machine Learning

Friday, 1430-1830 in Icon A

Clarence Chio Security Researcher

Anto Joseph Security Engineer, Tindr

"HACKING THINGZ POWERED BY MACHINE LEARNING" is a hands-on workshop that gives attendees a crash course in performing practical adversarial attacks on modern technology powered by machine learning. This will NOT be an intro to ML class - do that on your own time online before or after the class - deep ML knowledge is definitely *not* required. We will perform mischief on ML systems that most tech-savvy people interact with on a daily basis: face recognition, (smartphone authentication) speech recognition, (home assistants) and web application firewalls (need we say more?) ;) We won't just be explaining the theory and tomfoolery behind these attacks - we'll walk you through each step of each attack and show you how *absolutely anyone* can hack systems like these with just a little bit* of background in ML hacking.

* This is an intermediate technical class suitable for attendees with some ability to read and write basic Python code. To get the most out of this workshop, surface-level understanding of machine learning is good. (i.e. be able to give a one-line answer to the question "What is machine learning?")

Prerequisites: Basic familiarity with Linux Python scripting knowledge is a plus, but not essential

Materials:
No fee required
Latest version of virtualbox Installed
Administrative access on your laptop with external USB allowed
At least 20 GB free hard disk space
At least 4 GB RAM (the more the merrier)

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/hacking-thingz-powered-by-machine-learning-icon-a-tickets-47194541143
(Opens July 8, 2018 at 15:00 PDT)

Clarence Chio
Clarence Chio has shared his research on ML and security at hacking events around the world. He has taught dozens of training classes and workshops to conference attendees and security teams at large tech companies. He wrote the new O'Reilly Book "Machine Learning & Security: Protecting Systems with Data and Algorithms", and organizes the AI Village at DEF CON. Clarence has a B.S. and M.S. in Computer Science from Stanford, specializing in data mining and artificial intelligence.

Anto Joseph
Anto Joseph is a Security Engineer for Tinder. He is involved in developing and advocating security in Machine Learning Systems & Application Security Research. Previously, he has worked at Intel, Citrix, and E&Y in multiple information security roles. He is very passionate about exploring new ideas in these areas and has been a presenter and trainer at various security conferences including BH USA, Defcon, BruCon, HackInParis, HITB Amsterdam, HackLu, Hacktivity, PHdays, X33fCon, NullCon, c0c0n and more. He is an active contributor to many open-source projects and some of his work is available at https://github.com/antojoseph.


Return to Index      -     

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 13:40-14:30


Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet

Friday at 13:40-14:30
50 minutes

@jtpereyda

Have you wondered whether developers can play any significant role in the security world? Come hear from a diehard programmer and hacker who loves to break and loves to build, and learn how a regular programmer can make major contributions to security from the trenches. This presentation will dive into the intersection between development and security. You will learn about the SDL -- Secure Development Lifecycle, and why in the world a hacker would care about processes and procedures. You will learn how "processes" and "lifecycles" can be useful -- and how they can be a complete waste of time. Included are real world success stories of organizational hacking -- getting other engineers to change their practices -- and real world fail stories. Attendees will come away with knowledge of how development and security intersect, and how they can use their programming day job to save the world. If you are a developer who cares deeply about security, enjoys exploits, and wants to make the world a better place, this is for you.

@jtpereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. While he currently hunts vulnerabilities full time, his roles have evolved from programmer to hacker to organizational hacker to regular hacker again. Not only has Joshua found vulnerabilities in safety critical software, he has started long term security programs, changing the way an entire business works. Joshua has written software, hacked software, and hacked companies. In his free time, Joshua enjoys improving open source software, teaching kids to program, attending orchestral concerts with his wife, and figuring out how he can get paid to do it all... legally.


Return to Index      -     

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 10:00-10:40


Hacking your HackRF

Mike Davis

Abstract

The HackRF isn’t just an SDR - it’s an open-source, open-hardware device that’s designed to be modified. In this talk I walk through the basics of how to open and modify the hardware and software. I also show all the mods and hacks I’ve done to/with my HackRFs, including physical synchronisation between HackRFs, quadcopter transmitter adaptation, audio encoding/decoding, quadcopter vtx and a future project to add USB3

Bio

Software/hardware developer, currently studying an MSc Computer Science (infosec), not yet a cyborg


Return to Index      -     

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Halcyon IDE

Saturday 08/11/18 from 1000-1150 at Table Six
Offense, Defense, AppSec, Network Security, Nmap Scanners & Developers

Sanoop Thomas

Halcyon IDE lets you quickly and easily develop Nmap scripts for performing advanced scans on applications and infrastructures with a wide range capabilities from recon to exploitation. It is the first IDE released exclusively for Nmap script development. Halcyon IDE is free and open source project (always will be) released under MIT license to provide an easier development interface for rapidly growing information security community around the world. The project was initially started as an evening free time "coffee shop" project and has taken a serious step for its developer/contributors to spend dedicated time for its improvements very actively. More information and source code: https://halcyon-ide.org

https://halcyon-ide.org

Sanoop Thomas
Sanoop Thomas (@s4n7h0) is a seasoned security professional with diverse background in consulting, teaching, research and product-based industries with a passion to solve complex security problems. Today, Sanoop works as information security specialist focusing on application security and secure coding. His field of interest includes reverse engineering, malware analysis, application security and automating security pentest/analysis methodologies. He is moderating null open community chapter in Singapore and organised over 60 events & workshops to spread security awareness across country. Sanoop is also the author of Halcyon IDE (https://halcyon-ide.org) an IDE that is focused to develop Nmap scripts. He has spoken at security conferences like Nullcon, OWASP India, HITBGSEC, Rootcon, and Blackhat Arsenal.


Return to Index      -     

 

Service - Caesars - Promenade Level - Anzio Rm past Registration - Friday - 10:00-15:59


Title:
Ham Radio Exams

Take HAM Radio Exams at DEF CON 26!
Return to Index      -     

 

Service - Caesars - Promenade Level - Anzio Rm past Registration - Saturday - 12:00-17:59


Title:
Ham Radio Exams

Take HAM Radio Exams at DEF CON 26!
Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 14:00-14:45


Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices

Saturday at 14:00 in 101 Track, Flamingo
45 minutes | Demo, Tool, Exploit

Dennis Giese Hacker

While most IoT accessory manufacturers have a narrow area of focus, Xiaomi, an Asian based vendor, controls a vast IoT ecosystem, including smart lightbulbs, sensors, cameras, vacuum cleaners, network speakers, electric scooters and even washing machines. In addition, Xiaomi also manufactures smartphones. Their products are sold not only in Asia, but also in Europe and North America. The company claims to have the biggest IoT platform worldwide.

In my talk, I will give a brief overview of the most common, Wi-Fi based, Xiaomi IoT devices. Their devices may have a deep integration in the daily life (like vacuum cleaners, smart toilet seats, cameras, sensors, lights).

I will focus on the features, computational power, sensors, security and ability to root the devices. Let’s explore how you can have fun with the devices or use them for something useful, like mapping Wi-Fi signal strength while vacuuming your house. I will also cover some interesting things I discovered while reverse engineering Xiaomi's devices and discuss which protections were deployed by the developers (and which not).

Be prepared to see the guts of many of these devices. We will exploit them and use them to exploit other devices.

Dennis Giese
Dennis is a grad student at TU Darmstadt and a researcher at Northeastern University. He was a member of one european ISP's CERT for several years.

While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kind of devices.

His latest victim is the Xiaomi IoT cloud. Hehas presented at the Chaos Communication Congress and the REcon BRX.


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 16:00-16:59


Title:
Healthcare Exposure on Public Internet

Shawn Merdinger
Healthcare Exposure on Public Internet

Real-world healthcare exposure of hospitals, patient records, medical devices


Return to Index      -     

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


HealthyPi—Connected Health

Saturday 08/11/18 from 1400-1550 at Table Four
Hardware and biohacking

Ashwin K Whitchurch

We (at ProtoCentral) developed the HealthyPi HAT for the Raspberry Pi as a way of opening up the healthcare and open source medical to anyone. The HealthyPi is made of the same "medical-grade" components found in regular vital sign monitors, for a fraction of the cost of such system. This is our way of democratizing medical hardware to develop new areas of research.

Our objective when we began developing the HealthyPi was to make a simple vital sign monitoring system which is simple, affordable, open-source (important !) and accessible. HealthyPI is completely open-source and is our way of "hacking" patient monitoring systems by getting data that you need, in the way that you need and extending on that without getting involved in sticky proprietary NDAs and such.

*Demo will allow people to come, check out and play with (and possibly hack) the HealthyPi device while getting their vital signs monitored.*

https://github.com/Protocentral/protocentral-healthypi-v3

Ashwin K Whitchurch
Ashwin K Whitchurch is the CEO of ProtoCentral (Circuitects Electronics Solutions Pvt Ltd) based out of Bangalore in India. The company makes, sells and supprts open source hardware products, most of them for healthcare and medical applications. Ashwin has published research papers, book chapters and reviews in well-known international journals and conferences. ProtoCentral (and Ashwin) has been present in many hardware gatherings including Maker Faire ( New York & Rome), Hackaday Superconference, OSHWA Summit and has given talks on his projects with open source hardware.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 16:15-16:59


Title: Hey Bro, I Got Your Fitness Right Here (and your PHI).

Speakers: Nick - GraphX
Abstract:
This is a journey into fitness. My fitness and more importantly your fitness. Or rather the information that I've been collecting every day at the gym while getting ready for bikini season. This a look at my journey to become the sexy stud muffin you see before you (google image search "sexy stud muffin" for reference) and my quest to do bad things through various means, up to and including compromising cardio equipment, fitness apps, and changing delivery addresses for fitness equipment to my house instead of your gym. No zero days and nothing overly technical provided here, but the intended takeaway is awareness of who is collecting your PHI and from where. Just like on Maury, the results will shock and amaze. Or maybe you'll just get a good laugh at my journey to lose 100 pounds.

Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 17:00-17:59


Holy BATSense! Deploying TBATS Machine Learning Algorithm to Detect Security Events

Pranshu Bajpai

Our “BATSense” security event detection methodology has been running at Michigan State University’s campus for a year and is successfully detecting security anomalies across 300k devices. In this presentation, we will describe the use machine learning, specifically the TBATS forecasting algorithm, to predict future trends for the number of events per second for a variety of device types. The forecasted values are compared against actual observations to alert security personnel of significant deviations. Anomalies are detected based on logs relevant to security events; they may be system modifications, system failures or a football game. Forecasts are never perfect, but when measured over extended use, we have shown that false positives are manageable (1 per week) for true positives of 1 per day. The result a methodology that has been developed and tweaked over time to effectively detect security events, and lessons learned over a year. All arguments presented in this talk will be backed by real world (anonymized) data collected at our university shared with the audience.

Pranshu Bajpai is a security researcher working towards his PhD in Computer Science and Engineering at Michigan State University. His research interests lie in computer and network security, malware analysis, machine learning, privacy, digital forensics, and cyber crimes. In the past, he worked as an independent penetration tester for clients. He has authored several research papers in security magazines and journals and has served as a technical reviewer for books within the security domain. He enjoys working in the security industry and the challenge of testing new technologies for potential weaknesses. In his spare time, he likes solving CTF challenges while listening to classic rock. Connect with him on Twitter: @amirootyet


Return to Index      -     

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


Honeycomb—An extensible honeypot framework

Saturday 08/11/18 from 1600-1750 at Table Three
Incident Responders, Security Researchers, Developers

Omer Cohen

Imri Goldberg

We present Honeycomb—A repository of honeypot services and integrations for the information security community. Our vision: Honeycomb will be the pip or apt-get for honeypots.

While working hard to create various honeypots for several high profile vulnerabilities, we realized we were repeating some of the underlying work that’s involved in creating a honeypot—a useful honeypot is easy to deploy, configure and collects reports. We have these capabilities in Cymmetria’s commercial deception product but we wanted to open source this functionality to the community so everyone could benefit from it.

Eventually came the idea for honeycomb—an extensible platform for writing honeypots which comes with a repository of useful honeypots which makes it super easy to create new honeypots. Honeycomb and the honeypot repository together form a powerful tool for security professionals looking to gain threat intelligence on the latest threats.

We are currently in the process of finalizing the release of the project and working on releasing additional plugins. Join us to learn how to utilize existing honeycomb capabilities as well as writing honeypot services and integrations on your own!

https://github.com/Cymmetria/honeycomb

Omer Cohen
As an experienced Incident Response investigator and team leader, Omer has a wealth of knowledge and experience in the areas of cyber security, security research, software development and system administration, as well as network architecture and design. Omer has delivered and implemented numerous projects involving cutting edge technologies for multiple security related applications in addition to providing accurate and appropriate information security consulting and incident response services to Fortune 500 companies and other leading organization. Omer currently manages Customer Success in EMEA and APAC at Demisto, the leading Security Orchestration, Automation and Response (SOAR) solution provider.

Imri Goldberg
An experienced technical entrepreneur, Imri has significant experience in development, architecture and security. Before joining Cymmetria as VP R&D, Imri was the founder & CTO of Desti, a travel startup that was acquired by Nokia-HERE in 2014. Today Imri serves as the CTO of Cymmetria, heading innovation and research and working on product and architecture. Cymmetria is the leading Cyber Deception vendor with its main product MazeRunner® used by Fortune 500 companies in multiple verticals including finance, insurance, health, government, retail, etc.


Return to Index      -     

 

Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - Friday - 20:30-23:59


Title:
House of Kenzo

Come celebrate teh culture of DIY or die! The future has not been written yet so come and mingle with the authors of the time to come and celebrate creating a culture of global communication and culture. Live music and open minds will meet your ideas and help you trailblazer the next century.

Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 13:30-13:50


House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries

Saturday at 13:30 in 101 Track, Flamingo
20 minutes | Demo, Exploit

Sanat Sharma Hacker

Regarding ptmalloc2, many heap exploitation techniques have been invented in the recent years, well documented on the famous how2heap repository, or as writeups of famous CTF challenges (like House of Orange). However, most of them require atleast a libc/heap leak , or fail in non-PIE binaries. My new technique titled House of Roman leverages a single bug to gain shell leaklessly on a PIE enabled Binary. I shall showcase the ease of aligning the heap to perform this attack, thus demonstrating its versatility.

Since this a 20 mins talk, attendees should be aware of basic heap exploitation techniques, like fastbin attacks and unsorted bin attacks, and have a general idea of how the ptmalloc2 algorithm works. As a bonus, I also discuss how to land a fastbin chunk in memory regions with no size alignment (like __free_hook ).

Sanat Sharma
Sanat (@romanking98) is a 19 y o Junior Security Engineer at GoRoot GmbH in Berlin, Germany. He regularly plays CTFs with "dcua" , globally ranked in the world top 10 teams on ctftime.org , qualified for multiple prestigious onsite finals, including an invitation for DEF CON China offline CTF.

@romanking98


Return to Index      -     

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 14:50-15:40


How not to suck at Vulnerability Management [at Scale]

Friday at 14:50-15:40
50 minutes

@Plug and mwguy

In the current cyber landscape several vulnerabilities are discovered every day. The volume of information and multiple sources to consume this information create interesting challenges for any security team. In the recent months several organizations have been prey of bad actors, exposing private data of millions of users, many times from month old vulnerabilities.

Vulnerability management is often disregarded, improperly staffed and rarely discuss in the infosec community, yet is one of the single point of failures allowing for breaches to take place. Under this circumstance, are you prepared to deal with vulnerabilities accordingly?

In this talk, we’ll share our experiences dealing vulnerabilities at scale. What works, what does not and why. More importantly, what actions you should consider improving or build your Vulnerability program. In the process, we’ll introduce some of the custom tools created internally to automate and enhance the program.

Unlike most Vulnerability Management talks, this talk is about the hands-on portion and day-to- day activities that must take place. Whether you are a seasoned infosec professional or new to the field, there is something for you to take away, especially at scale.

@Plug
Plug is currently a Senior Security Analyst at Verizon Digital Media Services. He started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually that lead him to his first LA2600 meeting in 1998. From that point forward, he has been involved in computer security. With over 16 years of IT experience, he has worked as Systems Administrator, Security Analyst and Security Engineer in the Finance and Telecom sector. In his free time, he enjoys building Legos, playing with synthesizers and modular systems, when possible he volunteers his time to computer security events.

mwguy
Chris is currently a Senior Security Engineer at Verizon Digital Media Services (formerly EdgeCast). Started working with computers in High School, and having older slower computers quickly made the move to Linux and BSD's to improve performance. From then on, he's worked with *nix systems almost exclusively, and a couple of years ago made the switch from being a Systems Administrator to working exclusively in Security. When not working, Chris enjoys crypto-currencies, his dogs, and putting wacky stuff on various Raspberry Pis.


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 10:30-10:59


How to Tune Automation to Avoid False Positives

Gita Ziabari, Senior Consultant Engineer at Verizon

Every SOC is deluged by massive amounts of logs, suspect files, alerts and data that make it impossible to respond to everything. It is essential to deploy automation to accelerate response time, consistency, scalability and efficiency. This talk will cover techniques to design a reliable automated tool in security. We will discuss about techniques of tunning the automation to avoid false positives and the many struggles we have had in creating appropriate whitelists. We will walk through steps of creating an automated tool and the essential factors to be considered to avoid any false positive.

Gita Ziabari (Twitter: @gitaziabri) is working at as a Senior Consultant Engineer at Verizon. She has more than 14 years of experience in threat research, networking, testing and building automated tools. Her main focus is creating automated tools in cybersecurity for mining data.


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 15:50-16:10


How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - Ethan Dodge

It’s always been suspected that the Mormon Church is worth billions of dollars and has a sizable amount of investments in the United States stock market. However their finances are almost entirely opaque. In May 2018, MormonLeaks released a compilation of information connecting the dots between the Mormon Church and $32 billion.

It all started with WHOIS data and was further verified with almost entirely publicly available and open sources. Come hear the entire story in lightning style fashion.


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 09:30-09:59


Title:
http2 and you

security panda
@security_panda

http2 and you

"Although not commonly known, HTTP2 was first published in May 2015 as an update to HTTP 1.1. By the end of that year, the majority of major browsers added HTTP2 support; it is now being utilized all across the Internet. Sites such as Google, Twitter, Facebook, and perhaps even your companys site have HTTP2 enabled. If so, you probably do not realize you are using it. In fact, many Web Application Firewalls (WAFs) are not keeping pace with HTTP2 security needs and common AppSec testing tools such Burp, Zap, and other DAST products dont support HTTP2.

This talk will discuss the details of the presenters discovery process in identifying how many site hosts are utilizing HTTP2, and a sample of common vulnerabilities which were found on these sites. Attendees will come away with having a better understanding of the security implications of HTTP2 and how you can detect these potential pitfalls on your network using freely available tools."


Return to Index      -     

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 16:55-17:45



Saturday August 11 2018 1655 50 mins
Hunting Predators: SE Style
It was just about 1 year ago that Chris announced the launching of The Innocent Lives Foundation. What has happened in the last year? What have we accomplished? What are our challenges? What is next in the future? This talk will help the community see what your support, money and love has done to save children and catch predators.

Chris Hadnagy: @humanhacker
Chris is a professional social engineer with over 16 years of experience. His passion is understanding the why not just the what. Chris has had the opportunity to work with some of the world’s greatest minds in learning how to use skills that might not be too common in the infused industry. You can find out more by looking at www.social-engineer.com


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 16:20-16:59


Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks

TonTon Huang

Blockchain and Cryptocurrencies are gaining unprecedented popularity and understanding. Meanwhile, Ethereum is gaining a significant popularity in the blockchain community, mainly due to the fact that it is designed in a way that enables developers to write decentralized applications (Dapps) and smart contract. This new paradigm of applications opens the door to many possibilities and opportunities. However, the security of Ethereum smart contracts has not received much attention; several Ethereum smart contracts malfunctioning have recently been reported. Unlike many previous works that have applied static and dynamic analyses to find bugs in smart contracts, we do not attempt to define and extract any features; instead we focus on reducing the expert’s labor costs. We first present a new in-depth analysis of potential attacks methodology and then translate the bytecode of solidity into RGB color code. After that, we transform them to a fixed-sized encoded imag​​e. Finally, the encoded image is fed to convolutional neural network (CNN) for automatic feature extraction and learning, detecting security flaw of Ethereum smart contract.

Hsien-De Huang (a.k.a. TonTon) is working for Leopard Mobile Inc. (Cheetah Mobile Taiwan Agency), and currently a Ph.D. candidate (IKM Lab.) in the Dept. Computer Science and Information Engineering at National Cheng Kung University, Tainan Taiwan. His research interests include Deep Learning, Blockchain, Malware Analysis, Type-2 Fuzzy Logic, and Ontology Applications, and gave talks at RuxCon 2017, OWASP AppSec USA 2017, Hadoop.TW annual conference 2016, TW CSA Summit 2016 and Hackers in Taiwan Conference (HITCON) 2015 & 2014.

Chia-Mu Yu received his Ph.D degree from National Taiwan University in 2012. He is currently an assistant professor at National Chung Hsing University, Taiwan. He was a research assistant in the Institute of Information Science, Academia Sinica. He was a visiting scholar at Harvard University, Imperial College London, Waseda University, and University of Padova. He was a postdoc researcher at IBM Thomas J. Watson Research Center. He serves as an associate editor of IEEE Access and Security and Communication Networks. His research interests include cloud storage security, IoT security, and differential privacy.


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 18:00-18:35


I fought the law and law lost - Mauro Caseres

“I fought the law and the law lost” is a series of talks that aims to collect vulnerabilities in the field of Argentine Security forces. This chapter focuses on both Federal and Buenos Aires City Police, which according to the Head of Government Horacio Rodr√≠guez Larreta, has the ““most modern technology in the world””.

We will analyze four particular cases (two on the lightning talk version), all of them ending in national scandals:

But we’ll do it having in mind a special requirement: passive action. We’ll use Recon & OSINT at it’s best in order to reconstruct how the leaks were carried from start to end. A police chief using his daughter’s name as a password? A Police CIO using his own National ID Number as recovery question? Public databases exposing too much information? Reused passwords across every site on the internet? Sure, but it’s not the worst. We’ll use hand crafted DIY tools and without compromising a single system, reveal a lot of bugs and vulns. This talk is heavily focused on obtaining OSINT from public sources (specially in countries with weak or ambiguous laws, like Argentina)

This talk aims to demonstrate various flaws with a critical, technical and impartial approach to bring to the public a prevailing reality: First, argentine law allows a lot of compromising data to be used as ““public”” (thus leaving the place for OSINT based attacks to occur), and second… we are not safe against computer threats, and those who take care of us, neither are.


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 17:00-17:45


I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine

Friday at 17:00 in Track 1
45 minutes | Demo, Audience Participation, Tool

Alex Levinson Senior Security Engineer

Dan Borges Hacker

Typically, the activities of a malware attack occur on an execution timeline that generally consists of 3 segments—the vector, the stage, and the persistence. First, a vector, or method of exploitation is identified. This could be anything from logging in over a credentialed method like RDP or SSH and running a malicious payload directly, to exploiting a memory corruption vulnerability remotely. Second, that access is leveraged into running malicious code that prepares the victim for the deployment of persistence (commonly "implant"). While segments one and three have been extensively automated, a effective automated utility for deploying persistence in a dynamic and unified context has yet to present itself.

Enter the Genesis Scripting Engine.

The Genesis Scripting Engine, or Gscript for short, is a framework for building multi-tenant executors for several implants in a stager. The engine works by embedding runtime logic (powered by the V8 Javascript Virtual Machine) for each persistence technique. This logic gets run at deploy time on the victim machine, in parallel for every implant contained with the stager. The Gscript engine leverages the multi-platform support of Golang to produce final stage one binaries for Windows, Mac, and Linux.

This talk will consist of an overview of the origins of the project, a technical deep dive into the inner workings including the modified Javascript VM, a walk through of the CLI utility, and examples of how we've leveraged Gscript in the real world.

Multiple demos involving practical application scenarios will be presented, as well as an opportunity for audience members to submit their own implants and have them built into a hydra on stage in a matter of minutes.

Alex Levinson
Alex Levinson is a Senior Security Engineer at Uber with experience in red teaming, software engineering, and incident response. Outside of Uber, he is a core member of the red team for the National Collegiate Cyber Defense Competition (CCDC), as well as the Competition Director for the Collegiate Penetration Testing Competition (CPTC). Previously, Alex worked as a Senior Consultant and Development Manager at Lares Consulting.

@alexlevinson, github.com/gen0cide, alexlevinson.wordpress.com

Dan Borges
Dan Borges is an information security professional with over 15 years in computer science. Dan participates in a number of cyber security competitions each year, from being on the National CCDC Red Team, to leading a Blue Team in Pros Versus Joes, and helping run the Collegiate Penetration Testing Competition (CPTC). He has been publishing a blog on infosec education for more than 10 years.

@1jection


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 13:20-13:59


Identifying and correlating anomalies in Internet-wide scan traffic to newsworthy security events

Andrew Morris

In this presentation, we will discuss using GreyNoise, a geographically and logically distributed system of passive Internet scan traffic collector nodes, to identify statistical anomalies in global opportunistic Internet scan traffic and correlate these anomalies with publicly disclosed vulnerabilities, large-scale DDoS attacks, and other newsworthy events. We will discuss establishing (and identifying any deviations away from) a “standard” baseline of Internet scan traffic. We will discuss successes and failures of different methods employed over the past six months. We will explore open questions and future work on automated anomaly detection of Internet scan traffic. Finally, we will provide raw data and a challenge as an exercise to the attendees.

Andrew Morris is the founder and CEO of GreyNoise Intelligence, a DC-based cyber security company, and likely holds the world record for amount of time staring at Internet-wide scan traffic. Prior to founding GreyNoise, Andrew worked as a researcher, red team operator, and consultant for several large cyber security firms including Endgame, NCC group, and KCG. Outside of work, Andrew enjoys playing fingerstyle acoustic guitar and tries to figure out what his dreams mean.


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 13:00-13:30


In Soviet Russia Smartcard Hacks You

Saturday at 13:00 in Track 1
20 minutes | Demo, Tool, Exploit

Eric Sesterhenn Principal Security Consultant at X41, D-Sec GmbH

The classic spy movie hacking sequence: The spy inserts a magic smartcard provided by the agency technicians into the enemy's computer, ...the screen unlocks... What we all laughed about is possible!

Smartcards are secure and trustworthy. This is the idea smartcard driver developers have in mind when developing drivers and smartcard software. The work presented in this talk not only challenges, but crushes this assumption by attacking smartcard drivers using malicious smartcards.

A fuzzing framework for *nix and Windows is presented along with some interesting bugs found by auditing and fuzzing smartcard drivers and middleware. Among them classic stack and heap buffer overflows, double frees, but also a replay attack against smartcard authentication.

Since smartcards are used in the authentication process, a lot of vulnerabilities can be triggered by an unauthenticated user, in code running with high privileges. During the authors research, bugs were discovered in OpenSC (EPass, PIV, OpenPGP, CAC, Cryptoflex,...), YubiKey drivers, pam_p11, pam_pkc11, Apple smartcardservices...

Eric Sesterhenn
Eric Sesterhenn is working as an IT Security consultant for more than 15 years, working mostly in the areas of source code auditing and penetration testing. His experience in the field includes:


Return to Index      -     

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 17:50-18:40



Friday August 10 2018 1750 50 mins

In-N-Out – That’s What It’s All About
Without the right tools the engagement can be over before it begins, as upfront resistance can prevent you from entering with your tools. Billy Boatright demonstrates and discusses how to use social engineering tactics to get in without any difficulty. While most think outside of the box, Billy shows us how to think inside the box and embrace your own handicaps to arm yourself with advanced tactics and unfair advantages. Billy shows us how handicaps and familiar objects can be used to covertly carry your toolbox into an engagement, increasing your success. Rather than dealing with a perceived disadvantage, use it to exploit the world around you.

Billy Boatright: @fuzzy_l0gic
Billy began his social engineering career without even knowing it. He was a bartender on the Las Vegas Strip for the better part of a decade. He won numerous awards from all over the world as a Top-ranked Flair Bartender. He has taken the skills he learned behind the bar to the Information Security world. Billy has been a Judge for the Social Engineering Capture the Flag event at Def Con. He is also the namesake for the BSides Las Vegas Social Engineering Capture the Flag Championship Belt. Billy also volunteers time and expertise to the Las Vegas ISSA Chapter as a Board Member. He is also a member of the BSides Las Vegas Senior Staff.

Billy has multiple degrees and numerous certifications. However, when asked about them he will gladly quote George Moriarty, “The shining trophies on our shelves can never win tomorrow’s game.”


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 13:30-14:15


Infecting The Embedded Supply Chain

Saturday at 13:30 in Track 3
45 minutes | Demo, Exploit

Zach Security Researcher at Somerset Recon

Alex Security Researcher at Somerset Recon

With a surge in the production of internet of things (IoT) devices, embedded development tools are becoming commonplace and the software they run on is often trusted to run in escalated modes. However, some of the embedded development tools on the market contain serious vulnerabilities that put users at risk. In this talk we discuss the various attack vectors that these embedded development tools expose users to, and why users should not blindly trust their tools. This talk will detail a variety reverse engineering, fuzzing, exploit development and protocol analysis techniques that we used to analyze and exploit the security of a common embedded debugger.

Zach
Zach is a security researcher with Somerset Recon, a security consulting firm in San Diego. In this role he focuses on reverse engineering and web application penetration testing. In his free time Zach loves reading and long walks through the PE file format. Prior to working at Somerset Recon, Zach was a goat farmer in Maryland.

Alex
Alex is a security researcher with Somerset Recon, a security consulting firm in San Diego. In this role he focuses on hardware security and reverse engineering.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 16:00-16:45


Inside the Fake Science Factory

Saturday at 16:00 in Track 3
45 minutes |

Dr Cindy Poppins - Computer Scientist (AKA Svea Eckert)

Dr Dade Murphy - Reformed Hacker (AKA Suggy)

Professor Dr Edgar Munchhausen – Struwwelpeter Fellow (AKA Till Krause)

Fake News has got a sidekick and it's called Fake Science. This talk presents the findings and methodology from a team of investigative journalists, hackers and data scientists who delved into the parallel universe of fraudulent pseudo-academic conferences and journals; Fake science factories, twilight companies whose sole purpose is to give studies an air of scientific credibility while cashing in on millions of dollars in the process. Until recently, these fake science factories have remained relatively under the radar, with few outside of academia aware of their presence; but the highly profitable industry is growing significantly and with it, so are the implications. To the public, fake science is indistinguishable from legitimate science, which is facing similar accusations itself. Our findings highlight the prevalence of the pseudo-academic conferences, journals and publications and the damage they can and are doing to society.

Svea Eckert
Svea is a freelance journalist for Germany’s main public service broadcaster “Das Erste” (ARD). She is researching and reporting investigative issues with main focus on new technology, computer and network security, digital economics and data protection. Svea’s academic alter ego is Dr Cindy Poppins, a well-known computer scientist from the University of Applied Sciences of Lower Saxony at Wiepenkathen, Germany. Dr Poppin’s main focus lies on novel solutions for the analysis of agents. She recently discovered COP, an algorithm which improves compact technology and suffix trees, winning her the best presentation award at an international conference.

@sveckert

Chris "Suggy" Sumner
Suggy is the lead researcher and co-founder of the not-for-profit Online Privacy Foundation, who contribute to the field of psychological research in online contexts. He has authored papers and spoken on this topic at DEF CON, other noteworthy conferences and a fake conference. For the past five years, Suggy has served as a member of the DEF CON CFP review board. Suggy’s academic alter ego is Dr Dade Murphy, a reformed hacker whose eagerly anticipated work on polymorphic machine learning defences for Gibson mainframe computers was recently accepted at an international cyber security conference.

@5uggy

Till Krause
Till is an editor and investigative reporter at Süddeutsche Zeitung Magazine, the supplement of Germany’s major broadsheet newspaper. Ever since he studied Electronic Communication Arts as a Fulbright Scholar in the Bay Area in 2005, he is interested in all things tech, writing about surveillance, data protection and cybercrime. Till’s academic alter ego is Professor Dr. Edgar Munchhausen, a Struwwelpeter Fellow for Applied Sciences at various universities in Europe and Asia and a renowned researcher who has published his research in countless peer-reviewed journals. He holds a PhD from the University of Wiepenkathen and is a laureate of the Horst Schimanski Award and CEO of IOIR, the Institute of International Research.


Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 18:00-18:30


Title: Instructions and invitations to party

Speakers: Cinnamonflower and pwrcycle

Description:
No description available



Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 13:00-13:20


IntelliAV: Building an Effective On-Device Android Malware Detector

Mansour Ahmadi

“ The importance of employing machine learning for malware detection has become explicit to the security community. Several anti-malware vendors have claimed and advertised the application of machine learning in their products in which the inference phase is performed on servers and high-performance machines, but the feasibility of such approaches on mobile devices with limited computational resources has not yet been assessed by the research community, vendors still being skeptical. In this presentation, we aim to show the practicality of devising a learning-based anti-malware on Android mobile devices, first. Furthermore, we aim to demonstrate the significance of such a tool to cease new and evasive malware that can not easily be caught by signature-based or offline learning-based security tools. To this end, we first propose the extraction of a set of lightweight yet powerful features from Android applications. Then, we embed these features in a vector space to build an effective as well as efficient model. Hence, the model can perform the inference on the device for detecting potentially harmful applications. We show that without resorting to any signatures and relying only on a training phase involving a reasonable set of samples, the proposed system, named IntelliAV, provides more satisfying performances than the popular major anti-malware products. Moreover, we evaluate the robustness of IntelliAV against common obfuscation techniques where most of the anti-malware solutions get affected.”

I am a postdoctoral Research Associate at the Northeastern University. I achieved my Ph.D. from the University of Cagliari. I am co-author of more than 10 research papers mostly about the application of machine learning for malware classification. Two of my works received awards from Kaspersky, and the Anti-Virus I developed received media coverage.


Return to Index      -     

 

PHW - Caesars Promenade Level - Neopolitan BR - Saturday - 14:00-15:59


Intense Introduction to Modern Web Application Hacking

This course starts with an introduction to modern web applications and immediately starts diving directly into the mapping and discovery phase of testing. In this course, you will learn new methodologies used and adopted by many penetration testers and ethical hackers. This is a hands-on training where will use various open source tools and learn how to exploit SQL injection, command injection, cross-site scripting (XSS), XML External Entity (XXE), and cross-site request forgery (CSRF). We will wrap up our two hour fast-paced course by unleashing students on a vulnerable web application with their newly found skills.

Omar Santos (Twitter: @santosomar) is a Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco's Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products, including cloud services. Omar has been working with information technology and cyber security since the mid-1990s. Omar has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the U.S. government. Prior to his current role, he was a Technical Leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.

Ron Taylor (Twitter: @Gu5G0rman) has been in the Information Security field for almost 20 years. Ten of those years were spent in consulting. In 2008, he joined the Cisco Global Certification Team as an SME in Information Assurance. In 2012, he moved into a position with the Security Research & Operations group, where his focus was mostly on penetration testing of Cisco products and services. He was also involved in developing and presenting security training to internal development and test teams globally. Additionally, he provided consulting support to many product teams as an SME on product security testing. He then spent some time as a Consulting Systems Engineer specializing in Cisco's security product line. His current role is working within the Cisco Product Security Incident Response Team (PSIRT). He has held a number of industry certifications including GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP, and MCSE. Ron is also a Cisco Security Blackbelt, SANS mentor, Cofounder and President of the Raleigh BSides Security Conference, and an active member of the Packet Hacking Village team at DEF CON.


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 16:50-17:20


Introducing YOGA: Your OSINT Graphical Analyzer - Micah Hoffman

“If you have ever performed reconnaissance on a target or conducted an OSINT investigation you know that there are a huge number of places to gather OSINT data. One of the biggest challenges is in taking the next steps with that data once you have it. How do you take what you have and transform use it to get more? For instance, if you found email addresses, where do you search to find other data about those accounts? We have excellent resources such as [http://osintframework.com)[http://osintframework.com] and https://bit.ly/technisette that are huge lists of well-organized bookmarks which can be overwhelming. That is why I created YOGA.

Your OSINT Graphical Analyzer (YOGA) seeks to answer that most-common of data-gathering questions, “What do I do now?” It is designed to help when you have one type of data and need to know different actions you can take to get more data. Come to this session and learn how you and your team can use and extend this online tool in your work.”


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Thursday - 14:30-18:30


Introduction to Cryptographic Attacks

Thursday, 1430-1830 in Icon B

Matt Cheung

Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap.

Prerequisites: Students should have experience with Python development and comfortable with mathematics such as modular arithmetic.

Materials: A laptop with VMWare or VirtualBox installed and capable of running a VM.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/introduction-to-cryptographic-attacks-icon-b-tickets-47086369599
(Opens July 8, 2018 at 15:00 PDT)

Matt Cheung
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given talks and workshops at the Boston Application Security Conference and the DEF CON Crypto and Privacy Village.


Return to Index      -     

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


ioc2rpz

Saturday 08/11/18 from 1400-1550 at Table Three
Defence/Network security

Vadim Pavlov

DNS is the control plane of the Internet. Usually DNS is used for good but:

ioc2rpz is a custom DNS server which automatically converts indicators (e.g. malicious FQDNs, IPs) from various sources into RPZ feeds and automatically maintains/updates them. The feeds can be distributed to any open source and/or commercial DNS servers which support RPZ, e.g. ISC Bind, PowerDNS. You can run your own DNS server with RPZ filtering on a router, desktop, server and even Arduino. System memory is the only limitation.

With ioc2rpz you can define your own feeds, actions and prevent undesired communications.

https://github.com/Homas/ioc2rpz

Vadim Pavlov
Vadim Pavlov is passionate about traveling, learning foreign and programming languages, writing scripts/software, integrating solutions, interacting with colleagues and customers to solve complex problems. As a truly lazy person Vadim wants to automate all routine.

Vadim has 15+ years of IT experience and last 5 years Vadim spent at Infoblox and became an expert in DNS and DNS Security: did researches, wrote articles, created custom DNS servers, Infoblox's DNS Data Exfiltration(Infiltration) Demo and Security Assessments portals, created integrations with security solutions. He achieved a masters degree with honors in Computer Science (Software Development) from Russia.


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 13:30-13:59


Title:
IoD

Renderman
@internetofdongs @ihackedwhat

Internet of Dongs


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 17:00-17:59


IoT Data Exfiltration

Mike Raggo, CSO of 802 Secure, Inc.
Chet Hosmer, Owner of Python Forensics

IoT offers new protocols and frequencies over which communication travels. Due to lack of familiarity amongst most enterprises, most organizations are ill-equipped to monitor or detect these mysterious channels. This introduces a plethora of covert channels by which data could be exfiltrated, or malware to be infiltrated into the network. In this session we explore this new frontier by focusing on new methods of IoT protocol exploitation by revealing research conducted over the last 2 years. Detailed examples will be provided, as well as demo of a python tool for exploiting unused portions of protocol fields. From our research, we'll also reveal new methods of detecting aberrant behavior emanating to/from these devices gathered from our lab and real world testing.

Mike Raggo (Twitter: @DataHiding) is Chief Security Officer at 802 Secure and has over 20 years of security research experience. His current focus is wireless IoT threats impacting the enterprise. Michael is the author of "Mobile Data Loss: Threats & Countermeasures" and "Data Hiding" for Syngress Books, and contributing author for "Information Security the Complete Reference 2nd Edition". A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, DoD Cyber Crime, OWASP, HackCon, and SANS.

Chet Hosmer is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 10:00-10:45


It WISN't me, attacking industrial wireless mesh networks

Saturday at 10:00 in Track 1
45 minutes | Demo

Erwin Paternotte Lead security consultant at Nixu

Mattijs van Ommeren principal security consultant at Nixu

Wireless sensor networks are commonly thought of as IoT devices communicating using familiar short-range wireless protocols like Zigbee, MiWi, Thread and OpenWSN. A lesser known fact is that about a decade ago, two industrial wireless protocols (WirelessHART and ISA100.11a) have been designed for industrial applications, which are based on the common IEEE 802.15.4 RF standard. These Wireless Industrial Sensor Networks (WISN) are used in process field device networks to monitor temperature, pressure, levels, flow or vibrations. The petrochemical industry uses WISN in oil and gas fields and plants around the world.

Both IEC ratified standards have been commonly praised by the ICS industry for their security features, including strong encryption on multiple layers within the protocol stack, resistance to RF interference, and replay protection. While the standards in general look safe on paper, there are potential interesting attack vectors that require verification. However, security research so far has not yielded any significant results beyond basic attack vectors. Often these attacks have only been theorized, and not (publically) demonstrated. In addition, vendor implementations have not been thoroughly tested for security by independent third parties, due to protocol complexity and the lack of proper (hardware/software) tools. We strongly believe in Wright's principle,"Security does not improve until practical tools for exploration of the attack surface are made available."

Erwin Paternotte
Erwin works as a lead security consultant at Nixu Benelux. He has 15 years experience conducting penetration tests and security assessments on a wide variety of systems and technology. In the recent years his focus is shifting towards more advanced tests like red teaming, embedded systems, ICS/SCADA, and telco systems. Within Nixu he is also the practice lead for penetration and security testing.

Mattijs van Ommeren
Mattijs leads the Red Teaming and Hardware Testing team at Nixu Benelux. He has spent most of his career as an information security consultant, both on the offensive as well as the defensive side. Mattijs has a special interest in process automation and industrial systems. Over the years he has discovered numerous vulnerabilities in RTUs, process controllers, industrial firewalls and other equipment. Industrial sensor networks currently have most of his focus, as this is still mainly unexplored terrain.


Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 12:00-12:45


It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit

Friday at 12:00 in 101 Track, Flamingo
45 minutes | Demo

Morgan ``indrora'' Gangwere Hacker

With the proliferation of Linux-based SoCs -- you've likely got one or two in your house, on your person or in your pocket -- it is often useful to look "under the hood" at what is running; Additionally, in-situ debugging may be unavailable due to read-only filesystems, memory is often limited, and other factors keep us from attacking a live device. This talk looks at attacking binaries outside their native environment using QEMU, the Quick Emulator, as well as techniques for extracting relevant content from devices and exploring them.

Morgan ``indrora'' Gangwere
Morgan is a student at the University of New Mexico where he studies an unrelated topic entirely, but does network security because it's interesting. Previously, he's spoken on subjects such as web proxies, community engagement, and typesetting. He started working with computers when he was a young child and hasn't given them up since, even if his wrists seem to disagree.


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 14:00-14:30


It’s a Beautiful Day in the Malware Neighborhood

Matt

“Malware similarity analysis compares and identifies samples with shared static or behavioral characteristics. Identification of similar malware samples provides analysts with more context during triage and malware analysis. Most domain approaches to malware similarity have focused on fuzzy hashing, locality sensitivity hashing, and other approximate matching methods that index a malware corpus on structural features and raw bytes. Ssdeep or sdhash are often utilized for similarity comparison despite known weaknesses and limitations. Signatures and IOCs are generated from static and dynamic analysis to capture features and matched against unknown samples. Incident management systems (RTIR, FIR) store contextual features, e.g. environment, device, and user metadata, which are used to catalog specific sample groups observed.

In the data mining and machine learning communities, the nearest neighbor search (NN) task takes an input query represented as a feature vector and returns the k nearest neighbors in an index according to some distance metric. Feature engineering is used to extract, represent, and select the most distinguishing features of malware samples as a feature vector. Similarity between samples is defined as the inverse of a distance metric and used to find the neighborhood of a query vector. Historically, tree-based approaches have worked for splitting dense vectors into partitions but are limited to problems with low dimensionality. Locality sensitivity hashing attempts to map similar vectors into the same hash bucket. More recent advances make the use of k-nearest neighbor graphs that iteratively navigate between neighboring vertexes representing the samples.

The NN methods reviewed in this talk are evaluated using standard performance metrics and several malware datasets. Optimized ssdeep and selected NN methods are implemented in Rogers, an open source malware similarity tool, that allows analysts to process local samples and run queries for comparison of NN methods. “

Matt Maisel is a data scientist passionate about the intersection of machine learning, software engineering, and computer security domains. He’s currently the manager of Security Data Science at Cylance. Matt recently architected a scalable malware analysis and modeling service used to process customer malware detections. He’s worked in several organization within Cylance including research engineering as a software architect and consulting as the technical director of the incident response practice. Matt holds a M.S. in Computer Science with a focus in machine learning and distributed systems from Johns Hopkins University.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 11:00-11:45


Jailbreaking the 3DS through 7 years of hardening

Saturday at 11:00 in Track 3
45 minutes | Demo, Exploit

smea Hacker

The 3DS was one of Nintendo's first serious attempts at security, featuring a cool microkernel based OS and actual exploit mitigations. That didn't stop it from getting hacked pretty hard, making it possible for people to write their own homebrew software for the console. But Nintendo isn't one to back off from a fight and, as a result, has put significant effort into not only fixing vulnerabilities but also introducing new security features targeted specifically at killing exploit techniques used by hackers. This talk will describe hacking the console through all these defensive features by walking through a 0-day exploit chain that takes us all the way from zero access to a full system jailbreak.

smea
smea got his start making video games for closed consoles like the Nintendo DS using whatever hacks were available at the time. At some point consoles started getting actual security features and he transitioned from simply making homebrew software to making the jailbreaks that let people run it. He's best known for his work on the Nintendo 3DS and Wii U but has also done exploitation work against high profile web browsers and virtualization stacks.

@smealum, https://github.com/smealum


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 11:20-11:59


JMPgate: Accelerating reverse engineering into hyperspace using AI

Rob Brandon

“One of the most exciting potential applications for artificial intelligence and machine learning is cognitive augmentation of humans. At its best, AI allows humans to handle more information, react faster to complex events, and potentially even sense features of the world that we are currently incapable of perceiving. This has many applications in the security field, such as aiding humans in the task of binary reverse engineering. Reverse engineering binary code is one of the most challenging skill sets in the security field to learn. The ability to look at a block of raw machine code and understand what it does, as well as recognize similarities to code previously seen, often requires years spent doing tedious analysis of large amounts of code.
In this talk I show how we can use machine learning to handle the tedious parts of this process for us. If we show a generative neural network a wide variety of machine code, the network will learn the most relevant features needed to reproduce and describe that code. Once the network is trained, we can show it a new segment of code and capture the state of the neurons at the end of the segment. This neural state is effectively a summary of the entire sequence summarized into a vector.
Comparing these vectors allows easy measurement of the similarity of several code sequences by simply measuring the Euclidean distance between them. These vectors can also be used as inputs to other machine learning models that can perform a variety of tasks, such as identifying compiler settings used to generate the code. As part of the presentation, I will also be releasing a tool, the JMPgate framework, which can be used to accomplish tasks like identifying library code within an executable binary. “

Rob is a threat hunter and data scientist with Booz Allen Hamilton’s Dark Labs group. He has over 20 years of experience in the tech industry and holds a PhD in computer science from the University of Maryland, Baltimore County. His hobbies include studying the ways that complex systems fall apart and building machines that do his thinking for him so that he can spend more time brewing beer and playing bass.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Saturday - 10:00-13:59


Joe Grand's Hardware Hacking Basics

Saturday, 1000-1400 in Icon A

Joe Grand Grand Idea Studio

Interested in hardware hacking, but don't know where to start? This workshop covers the basic skills you'll need for hacking modern embedded systems, including soldering/desoldering, circuit board modification, signal monitoring/analysis, and memory extraction. It is a subset of Joe Grand's Hands-on Hardware Hacking training class that he has been teaching since 2005.

Prerequisites: None. No prior electronics experience necessary.

Materials: Attendees must bring their own laptop (Windows, macOS, or Linux) with the following software pre-installed:

- Saleae Logic, https://www.saleae.com/downloads
- FTDI Virtual COM Port (VCP) drivers, http://www.ftdichip.com/Drivers/VCP.htm
- PuTTY (or other suitable terminal program), https://www.chiark.greenend.org.uk/~sgtatham/putty/
- libmpsse, https://github.com/l29ah/libmpsse

All other hardware and tools will be provided.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/joe-grands-hardware-hacking-basics-icon-a-tickets-47194166021
(Opens July 8, 2018 at 15:00 PDT)

Joe Grand
Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, former DEFCON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic systems since the 1980s.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Sunday - 11:00-12:15


Title: Jumping the Epidermal Barrier

Speaker: Vlad Gostomelsky
Abstract:
This talk will focus on consumer grade glucose monitors - primarily continuous glucose monitors that are implantable or attach to the skin
for extended length of time and provide readings via bluetooth low energy or have RF/BLE bridges. Research was focused on security/privacy implications.

Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Friday - 14:30-18:30


JWAT...Attacking JSON Web Tokens

Friday, 1430-1830 in Icon D

Louis Nyffenegger Security Engineer, Pentester Lab

Luke Jahnke Security Researcher, Elttam

Nowadays, JSON Web Tokens are everywhere. They are used as session tokens, Oauth tokens or just to pass information between applications or microservices. By design, JWT contains a high number of security and cryptography pitfalls that creates interesting vulnerabilities. In this workshop, we are going to learn how to exploit some of those issues: the none algorithm, guessing the hmac secret, using a public key as a hmac secret... and finally CVE-2018-0114: a bug in the Cisco's Node JOSE.

Prerequisites: The students should be able to use Burp and write some basic scripts in the language of their choice. They will also need to be familiar with VMWare or the virtualization software of their choice.

Materials: A laptop with 4Gb of RAM and the virtualization software of their choice. Internet access during the class.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/jwatattacking-json-web-tokens-icon-d-tickets-47193664521
(Opens July 8, 2018 at 15:00 PDT)

Louis Nyffenegger
Louis Nyffenegger is a security engineer and entrepreneur based in Melbourne, Australia. He performs pentest, architecture and code review on a daily basis. Louis is the founder of PentesterLab, a learning platform for web penetration testing.

Luke Jahnke
Luke Jahnke is a Security Researcher at Elttam. He has extensive experience performing security assessments and running training. He enjoys working on interest vulnerabilities and runs the biennial BitcoinCTF competition.


Return to Index      -     

 

PHW - Caesars Promenade Level - Neopolitan BR - Saturday - 09:30-13:30


Kali Dojo Workshop

Kali Linux can be deeply and uniquely customized to specific needs and tasks. In this workshop, we will customize Kali Linux into a very specific offensive tool, and walk you through the process of customization step by step. We will create a custom Kali ISO that will: load very specific toolsets; define a custom desktop environment and wallpaper; leverage customized features and functions; launch custom tools and scripts; install Kali automatically, without user intervention as a custom "OS backdoor". This workshop will guide you through all the aspects of Kali customization and give you the skills to create your own highly-customized Kali ISO, like the much feared Kali "ISO of Doom".

Kali Live USB With Persistence And LUKS (2.5hrs)

In this section we will show you how to deploy your customized Kali ISO to a secure, encrypted, USB device. ➤ We will show you how to add standard and encrypted USB persistence so you can save your data and we will walk you through a custom LUKS "nuke" deployment that will obliterate your encrypted data when presented with a specific kill phrase. We will also will discuss strategies to help you safely and legally cross international borders with your encrypted data without compromising it. When you complete this course, you will have the skills to create a completely customized, powerful, portable Kali ISO or USB with full encryption, persistence and the peace of mind of LUKS nuke. And, to sweeten the deal, we will provide super-cool custom Kali-branded USB drives.

Johnny Long spent his career as a professional hacker. He is the author of numerous security books including No-Tech Hacking and Google Hacking for Penetration Testers and is a contributor to Kali Linux Revealed. He is the founder of Hackers for Charity and currently works with the Offensive Security team.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 10:15-11:30


Title: Keynote Presentation: Triaging FTW, Lessons Learned from Medical Device Disclosures

Speaker: Jen Ellis
About Jen:
Jen Ellis is the vice president of community and public policy at Rapid7, a leading provider of analytics and automation for security and IT operations. Jen’s primary focus is on building productive collaboration between those in the security community and those operating outside it. She works extensively with security researchers, technology providers and operators, and various government entities to help them understand and address cybersecurity challenges. She believes effective collaboration is our only path forward to reducing cybercrime and protecting consumers and businesses. She has testified before Congress and spoken at a number of security industry events including SXSW, RSA, Derbycon, Shmoocon, SOURCE, UNITED, and various BSides.
Abstract:
As medical devices increasingly embrace connected technologies, there's a growing opportunity for malicious actors to interfere with devices for profit or to cause harm. The good news is that many security researchers are working to investigate the security of medical devices. However, for this effort to have a positive impact, researchers and vendors must work together to understand the true risk, address the issues, and educate physicians and patients.
In many cases, the risk may be low and should not outweigh the benefits of the device; however, mismanaged disclosures can cause panic and confusion. In other cases, researchers may struggle to engage vendors on the issue and patients may never hear of it, or they do, but no mitigation is offered. With the stakes so much higher in the healthcare arena, it's essential that we learn lessons from medical device disclosures that have gone well, and those that have not. This talk will investigate a number of public disclosures, and provide actionable guidance on how to disclose security concerns for the best possible outcomes.

Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 11:00-11:59


Title: Keynote Speech: Inside Monero

Speakers: Howard (hyc) Chu

Description:
No description available



Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 12:10-12:50


Keynote

No description available


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 12:00-12:45


Last mile authentication problem: Exploiting the missing link in end-to-end secure communication

Sunday at 12:00 in Track 1
45 minutes | Demo, Exploit

Thanh Bui Security Researcher, Aalto University, Finland

Siddharth Rao Security Researcher, Aalto University, Finland

With "Trust none over the Internet" mindset, securing all communication between a client and a server with protocols such as TLS has become a common practice. However, while the communication over Internet is routinely secured, there is still an area where such security awareness is not seen: inside individual computers, where adversaries are often not expected.

This talk discusses the security of various inter-process communication (IPC) mechanisms that local processes and applications use to interact with each other. In particular, we show IPC-related vulnerabilities that allow a non-privileged process to steal passwords stored in popular password managers and even second factors from hardware tokens. With passwords being the primary way of authentication, the insecurity of this "last mile" causes the security of the rest of the communication strands to be obsolete. The vulnerabilities that we demonstrate can be exploited on multi-user computers that may have processes of multiple users running at the same time. The attacker is a non-privileged user trying to steal sensitive information from other users. Such computers can be found in enterprises with centralized access control that gives multiple users access to the same host. Computers with guest accounts and shared computers at home are similarly vulnerable.

Thanh Bui
Thanh Bui is a doctoral candidate in the"Secure systems" group of Aalto University, Finland. His research focuses on analyzing and designing secure network protocols and distributed systems. He is a past Erasmus Mundus fellow and holds double master's degrees from Aalto University, Finland and KTH Royal Institute of Technology, Sweden.

Siddharth Rao
Siddharth (Sid) Rao is a doctoral candidate in the"Secure systems" group of Aalto University, Finland. He specializes in the security analysis of communication protocols, and his current interest lies in pedagogical study of the 'lack of authentication' in different systems. He is a past Erasmus Mundus fellow and holds double master's degrees from Aalto University, Finland and University of Tartu, Estonia. He has been Ford-Mozilla Open Web Fellow at European Digital Rights (EDRi), where helped to define policies related to data protection, surveillance, copyright, and network neutrality. He has previous spoken at security conferences such as Blackhat and Troopers.


Markku Antikainen received the M.Sc. degrees in security and mobile computing from Aalto University, Espoo, Finland, and the Royal Institute of Technology, Stockholm, Sweden, in 2011. In 2017, he received a Ph.D. degree from Aalto University, Espoo, Finland. His doctoral thesis was on the security of Internet-of-things and software-defined networking. He currently works as a post-doctoral researcher at Helsinki Institute for Information Technology, Finland


Tuomas Aura received the M.Sc. and Ph.D. degrees from Helsinki University of Technology, Espoo, Finland, in 1996 and 2000, respectively. His doctoral thesis was on authorization and availability in distributed systems. He is a Professor of computer science and engineering with Aalto University, Espoo, Finland. Before joining Aalto University, he worked with Microsoft Research, Cambridge, U.K. He is interested in network and computer security and the security analysis of new technologies.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Saturday - 14:30-18:30


Lateral Movement 101: 2018 Update

Saturday, 1430-1830 in Icon D

Walter Cuestas Team Lead, Open-Sec

Mauricio Velazco Threat Management Team Lead

During a targeted penetration test or red team engagement, consultants will have clear engagement goals and targets such as a particular database or access to specific blueprints within the environment. During the engagement, obtaining shells on servers & workstations as standalone devices will not provide access to the target data. The pentesters will need to move from one host to another in order perform reconnaissance and eventually, get to the target. This workshop aims to provide the necessary background knowledge to understand and execute lateral movement techniques on both MS Windows and Linux. More than just showing which tools and parameters to use like Youtube video would, this workshop will dive deep and describe with detail, the specific services of each OS and how they can be abused to achieve lateral movement. This knowledge will allow the students to learn the actual techniques and not just a bunch of tools.

Prerequisites: Knowledge and experience with Microsoft Windows and Linux at network and admin level.

Materials: To participate in the hands-on sections, attendees need to bring a laptop with 2 GB RAM that must be dedicated to a virtual machine running lastest version of Kali Linux (installed and updated before the workshop). Both VirtualBox and VMware player will be okay.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/lateral-movement-101-2018-update-icon-d-tickets-47194431816
(Opens July 8, 2018 at 15:00 PDT)

Walter Cuestas
Walter (@wcu35745) leads the team of pentesters at Open-Sec (Peruvian company dedicated solely to provide pentesting services) since 2006. His work is based on developing attack vectors and his main interest is in the development of scripts for pentesting. He has participated as speaker in events such as LimaHack, Campus Party Quito, CSI Pereira, events of OWASP Latam and as trainer at Ekoparty. He has also published articles in trade magazines such as Hakin9, PenTest Magazine and Hack-in-Sight. During 2016, he was part of the team of instructors approved by the US Northern Command (US Army) for training in cybersecurity (hacking techniques and breach of security controls). Currently holds OSCP certification.

Mauricio Velazco
Mauricio (@mvelazco) is a security geek and python scripter with more than 9 years of experience in computer security developing offensive evaluations and implementing solutions in Latin America and North America. He currently leads the Threat Management team at a financial services organization in New York performing tasks such as Penetration Testing, Incident Response, Vulnerability Management, Application Security, Threat Intelligence, etc. He holds certifications like OSCP and OSCE. Mauricio has presented at conferences like Derbycon and BSides.


Return to Index      -     

 

Meetup - Flamingo - 3rd Floor - Carson City Rm - Friday - 19:00-19:59


Title:
Lawyer Meet

If you're a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join your host Jeff McNamara at 18:00 on Friday, August 10th, for a friendly get-together, followed by dinner/drinks and conversation.

Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 15:00-15:59


Title:
Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project

Amit Elazari & Keren Elazari

@amitelazari, @k3r3n3

Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project

Bug Bounties are one of the fastest growing, most popular and cost-effective ways for companies to engage with the security community and find unknown security vulnerabilities. Now its time to make them fair to the most important element in the Internets immune system: the friendly hackers and algorithmic auditors. This talk will showcase how bug bounty programs put hackers at risk, and how to fix a problem that affects all of us, hunters, security practitioners and technology users. #LEGALBUGBOUNTY because Bug Bounties are already popular, its time we make them great again.


Return to Index      -     

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


LHT (Lossy Hash Table)

Saturday 08/11/18 from 1400-1550 at Table Six
Offense

Steve Thomas

Cracks passwords or keys from a small key space near instantly. A small key space being a few trillion (40+ bits). It costs about 3 bytes/key and usually <100ms. The largest known deployment (made by a different less efficient program) is 160 TB. It is assumed that people are running similar ones to attack brain wallets.

https://tobtu.com/lhtcalc.php

Steve Thomas
Steve specializes in crypto and password research. Steve was one of the panelists for the Password Hash Completion. "I do stuff... sometimes." Like PAKE to HSM or finding bugs in Signal Protocol, CryptoCat, Adobe ColdFusion 9's password encryption key generator, and password hashing functions (MySQL323 meet in the middle attack, XSHA1 [Blizzard's old hash function], etc).


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 17:15-17:59


Title: Lightning Talks

Speaker: Maybe you?
Abstract:
Come present your own crazy and wacky biohacking talks and projects. You got 10 minutes to strut your stuff!

Return to Index      -     

 

Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - Friday - 21:00-23:59


Title:
Live Band Karaoke

Think you have karaoke chops? Kick it up to the next level by performing your favorite songs with a live band! The band with the best name ever , DON'T PANIC provides the music and you provide the vocal talent. You won't need an electronic thumb or the help of the Dentrasi to get into this Party, just bring yourself and your towel.

Return to Index      -     

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Local Sheriff

Saturday 08/11/18 from 1000-1150 at Table Five
Target audience would be AppSec, Code Assesments, and privacy researchers.

Konark Modi

Think of Local sheriff as a reconnaissance tool in your browser for gathering information about what companies know about you. While you as a user normally browse the internet it works in the background and helps you identify what sensitive information(PII—Name, Date Of Birth, Email, Passwords, Passport number, Auth tokens.) are being shared/leaked to which all third-parties and by which all websites.

The issues that Local Sheriff helps identify:

Local Sheriff can also be used by organizations to audit:

Local Sheriff is a web-extension that can used with Chrome, Opera, Firefox.

https://github.com/cliqz-oss/local-sheriff

Konark Modi
Konark works as a Tech lead with Cliqz GmbH developing privacy-focused search engine and browser. He works on projects ranging across Privacy by design, Anonymous Data collection like Human Web, Anti-Tracking etc.

Prior to Cliqz, Konark was working with one of the largest e-commerce website in India(Makemytrip.com) in data platform and security team, solving interesting challenges related to DWH, BI and data security.

His recent personal projects, in an endeavor to help organizations fix vulnerabilities have spanned across browsers, health trackers, Government services, travel mobile apps etc.

Konark has been a speaker and presenter at numerous international conferences.

Blog: https://medium.com/@konarkmodi


Return to Index      -     

 

Night Life - Flamingo - 3rd Floor - ElDorado BR - Saturday - 20:30-23:59


Title:
Lonely Hackers Club

If only Sergeant Pepper had owned a Commodore 64! Come meet the people you communicate with on a daily basis in person as you dance and chat the night away. Just keep in mind that this IS Las Vegas and when you wake up in the morning those marriage certificates are still binding! Come meet the people you communicate with on a daily basis via telegram in person as you dance and chat the night away. All are welcome!

Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 13:00-13:30


Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era

Saturday at 13:00 in Track 3
20 minutes | Demo, Tool

Andrea Marcelli PhD Student and Security Researcher. Politecnico di Torino

Given the high pace at which new malware variants are generated, antivirus programs struggle to keep their signatures up-to-date, and AV scanners suffer from a considerable quantity of false negatives. The generation of effective signatures against new malware variants, while avoiding false positive detections, is a highly desirable but challenging task, typically requiring a substantial portion of human expert’s time. Artificial intelligence techniques can be applied to solve the malware signature generation problem.

The ultimate goal is to develop an algorithm able to automatically create a generalized family signature, eventually reducing threat exposure and increasing the quality of the detection. The proposed technique automatically generates an optimal signature to identify a malware family with very high precision and good recall using heuristics, evolutionary and linear programming algorithms.

In this talk I will present YaYaGen (Yet Another YARA Rule Generator), a tool to automatically generate Android malware signatures. Performances have been evaluated on a massive dataset of millions of applications available in the Koodous project, showing that in a few minutes the algorithm can generate precise ruleset able to catch 0-day malware, better than human generated ones.

Andrea Marcelli
Andrea Marcelli is a PhD Student and Security Researcher at Hispasec Sistemas. He received his M.Sc. degree in Computer Engineering from Politecnico of Torino, Italy, in 2015 and he is currently a third year doctoral student in Computer and Control Engineering at the same institute. His research interests include malware analysis, semi-supervised modeling, machine learning and optimization problems, with main applications in computer security. Since the end of 2016 he has been part of the security research team at Hispasec Sistemas, working on the Koodous project, where he develops new AI-based tools to automate large scale Android malware analysis, including malware clustering, network graph analytics and automatic YARA signatures generation.

@_S0nn1_, https://jimmy-sonny.github.io/


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 11:00-11:45


Lora Smart Water Meter Security Analysis

Friday at 11:00 in Track 3
45 minutes | Tool

Yingtao Zeng Security Researcher at UnicornTeam, Radio Security Research Department of 360 Security Technology

Lin Huang Senior Wireless Security Researcher and SDR technology expert, 360 Security Technology

Jun Li Senior Security Researcher, Radio Security Department of 360 Security Technology

To avoid the tedious task of collecting water usage data by go user's home _ water meters that are equipped with wireless communication modules are now being put into use, in this talk we will take a water meter _which is using Lora wireless protocol_ as an example to analyze the security and privacy risks of this kind of meters_we will explain how to reverse engineer and analyze both the firmware and the hardware of a water meter system, we will be talking about its security risks from multiple perspectives , physical, data link, and sensors. Do notice that LORA is not only used in water meter ,it is being used in a lot of IoT scenarios_so the methods we employed to analyze LORA in this talk are also useful when you do tests of other LORA based systems .

Yingtao Zeng
Yingtao Zeng is a security researcher at UnicornTeam in the Radio Security Research Department of 360 Technology. He mainly focus on the security of Internet of things, car remote control systems and automotive radar safety research. He has found vulnerabilities in a variety of automobile manufacturers including Tesla, Buick, Volvo, Chevrolet, Toyota, Nissan, BYD and more. He has presented his researches at conferences like HITB, DEF CON Car Hacking Village, Black Hat Arsenal etc.

Lin Huang
Lin HUANG is a senior wireless security researcher and the manager of UnicornTeam in 360 Technology. She is also the 360 Technology's 3GPP standard SA3 delegate and a research supervisor for master students in BUPT. Her interests include security issues in wireless communication, especially cellular network security. She was a speaker at BlackHat, DEF CON, and HITB security conferences.

Jun Li
Jun Li is a senior security researcher at the UnicornTeam, Qihoo 360. He is the POC of DEF CON Group 010, and member of the DEF CON Group Global Advisory Board. His researches have been presented at conferences such as Blackhat, DEF CON, HITB, KCon, SyScan360, ISC, etc. His is interested in IoT security and connected car security. Along with his colleagues, has previously found several automobile vulnerabilities in Tesla, GM cars, Volvo, BMW, Audi, Mercedes Benz and BYD. He is the author of <<_________>> ("Connected Car Security Demystified"). He is also the co-author of "Inside Radio: An Attack & Defense Guide".


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 13:30-13:50


Lost and Found Certificates: dealing with residual certificates for pre-owned domains

Sunday at 13:30 in Track 2
20 minutes | Demo, Tool

Ian Foster Hacker

Dylan Ayrey Hacker

When purchasing a new domain name you would expect that you are the only one who can obtain a valid SSL certificate for it, however that is not always the case. When the domain had a prior owner(s), even several years prior, they may still possess a valid SSL certificate for it and there is very little you can do about it.

Using Certificate Transparency, we examined millions of domains and certificates and found thousands of examples where the previous owner for a domain still possessed a valid SSL certificate for the domain long after it changed ownership. We will review the results from our ongoing large scale quantitative analysis over past and current domains and certificates. We'll explore the massive scale of the problem, what we can do about it, how you can protect yourself, and a proposed process change to make this less of a problem going forwards.

We end by introducing BygoneSSL, a new tool and dashboard that shows an up to date view of affected domains and certificates using publicly available DNS data and Certificate Transparency logs. BygoneSSL will demonstrate how widespread the issue is, let domain owners determine if they could be affected, and can be used to track the number of affected domains over time.

Ian Foster
Ian enjoys researching systems and networking problems and solutions in an effort to make the world more secure. He has published research papers analyzing the new gTLD land rush and crawling and parsing most WHOIS records. From demonstrating how insecure aftermarket OBD "dongles" can be used to compromise and take over automobiles; to measuring the paths an email traverses online with encryption in an effort to increase integrity, authenticity, and confidentiality; and more. During the day Ian is a Security Engineer fighting for the users.

Dylan Ayrey
Dylan is a security engineer, who in his free time authors lots of open source projects, such as truffleHog. He graduated college in 2015 and has been working in security ever since.


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 18:00-18:59


Title:
Macabre stories of a hacker in the public health sector (Chile)

Philippe Delteil

@philippedelteil

Macabre stories of a hacker in the public health sector (Chile)

Want to know what happens when a national wide network in the public health sector has no experts on cybersecurity? I will explain how I managed to get over 3 millions files including patients records, people with HIV, abortions and a long etc. And how I managed to get it fixed (spoiler: press was involved).


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 16:00-16:59


Machine Learning as a Service in Your Pocket

Evan Yang

“If you struggle with building a machine learning (ML) classifier for the data, this Machine Learning as a Service (MLaaS) is a quick and handy solution for you. Originally designed for security researcher, now this feature packed service was open sourced to public. This service can take time-series data, such as API log etc., to generate ML models with few mouse clicks. The graphic user interface could guide you through the ML pipeline steps, visualize the performance and help to optimize the ML model. The unique feature analysis tool allow to drill down individual samples and to tune the ML model in a security perspective way.”

Evan Yang is a security researcher in Intel Privacy & Security Lab. He had worked on Windows and Android security related topics for past few years. His latest focus is around the deep learning application on Windows ransomware. He also had been a database architect and software developer to provide solutions and build applications in production.


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 16:00-16:59


Machine Learning for Network Security Hands-on Workshop: DIYML

Sebastian Garcia

Creating new Machine Learning algorithms with the new frameworks its easier than ever. However, our models still need designing, evaluation, tuning and specially good datasets. In this workshop we will share high-quality and real datasets of normal users working in their computers while being attacked and infected with malware. The goal is to learn to understand the problem, label data, identify features, create your own ML model and finally test it against all the other models in the room! A fast-paced workshop going from traffic understanding to working python ML models in 2hs. Learn why ML is so difficult and so useful. Work in teams to obtain the highest detection performance and improve your knowledge. Python/NetFlows/Bro/SciKit/pandas/TensorFlow, use what you need!

Sebastian is a malware researcher and security teacher that has extensive experience in machine learning applied on network traffic. He created the Stratosphere IPS project, the first machine learning-based, free-software IPS. Its goal its to protect the civil society. As a researcher in the Artificial Intelligence group of the Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from the abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments. He was lucky enough to talk and give workshops in CCC, BSides Budapest, Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, VirusBulletin, BSides Vienna, HITB Singapore, CACIC, etc. As a co-founder of the MatesLab hackspace he worked on honeypots, malware detection, distributed scanning (creator of dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra) and biohacking. He is also a proud co-founder of the Independent Fund for Women in Tech.


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 13:00-12:59


Machine Learning Model Hardening For Fun and Profit

Ariel Herbert-Voss

Machine learning has been widely and enthusiastically applied to a variety of problems to great success and is increasingly used to develop systems that handle sensitive data - despite having seen that for out-of-the-box applications, determined adversaries can extract the training data set and other sensitive information. Suggested techniques for improving the privacy and security of these systems include differential privacy, homomorphic encryption, and secure multi-party computation. In this talk, we’ll take a look at the modern machine learning pipeline and identify the threat models that are solved using these techniques. We’ll evaluate the possible costs to accuracy and time complexity and present practical application tips for model hardening. I will also present some red team tools I developed to easily check black box machine learning APIs for vulnerabilities to a variety of mathematical exploits.

Ariel Herbert-Voss is a PhD student at Harvard University, where she specializes in deep learning, cybersecurity, and mathematical optimization. Like many machine learning researchers, she spent plenty of time thinking about deep learning from a computational neuroscience point of view without realizing that skulls make biological neural networks a lot less hackable than artificial ones. Now she thinks about securing deep learning algorithms and offensive applications.


Return to Index      -     

 

PHW - Caesars Promenade Level - Neopolitan BR - Saturday - 16:30-17:59


Mallet, an intercepting proxy for arbitrary protocols

Mallet is an intercepting proxy for arbitrary protocols. More accurately, it is a framework for building proxies for arbitrary protocols. Mallet provides the basics required of all proxies: A way to receive the data, a way to send the data, and a user interface to intercept and edit the data. It builds on the Netty project, and as such has access to a large, well-tested suite of protocol implementations that can be used to transform a stream of bytes into useful, high-level protocol objects.

This workshop will introduce attendees to Mallet, and show how to construct pipelines of arbitrary complexity, to successfully decode and intercept messages in various protocols, as well as automating modifications of the various messages.

A basic familiarity with Java will enhance the delegate's understanding of what they are taught, but is not a requirement.

Rogan Dawes is a senior researcher at SensePost and has been hacking since 1998, which, coincidentally, is also the time he settled on a final wardrobe. He used the time he saved on choosing outfits to live up to his colleague's frequent joke that he has an offline copy of the Internet in his head. Rogan spent many years building web application assessment tools, and is credited as having built one of the first and most widely used intercepting proxies, WebScarab.


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 10:00-10:59


Mallet: A Proxy for Arbitrary Traffic

Rogan Dawes, Senior Researcher at SensePost

Mallet is an intercepting proxy for arbitrary protocols. More accurately, it is a framework for building proxies for arbitrary protocols. Mallet provides the basics required of all proxies: A way to receive the data, a way to send the data, and a user interface to intercept and edit the data. It builds on the Netty project, and as such has access to a large, well-tested suite of protocol implementations that can be used to transform a stream of bytes into useful, high-level protocol objects. This workshop will introduce attendees to Mallet, and show how to construct pipelines of arbitrary complexity, to successfully decode and intercept messages in various protocols, as well as automating modifications of the various messages. A basic familiarity with Java will enhance the delegate's understanding of what they are taught, but is not a requirement.

Rogan Dawes (Twitter: @RoganDawes) is a Senior Researcher at SensePost and has been hacking since 1998, which, coincidentally, is also the time he settled on a final wardrobe. He used the time he saved on choosing outfits to live up to his colleague's frequent joke that he has an offline copy of the Internet in his head. Rogan spent many years building web application assessment tools, and is credited as having built one of the first and most widely used intercepting proxies, WebScarab.


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 14:30-15:20


Malware Panel

No description available


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 13:00-13:30


Man-In-The-Disk

Sunday at 13:00 in Track 1
20 minutes | Demo, Tool, Exploit

Slava Makkaveev Security Researcher, Check Point

Most of modern OS are using sandboxing in order to prevent malicious apps from affecting other apps or even harming the OS itself. Google is constantly reinforcing Android’s sandbox protection, introducing new features to prevent any kind of sandbox bypass.

In this talk we want to shed new light on a less known attack surface which affects all Android devices and allows an attacker to hijack the communication between privileged apps and the disk, bypassing Android’s latest sandbox protection.

The problem begins when privileged apps interact with files stored in exposed areas, and even worse, some of them will unintentionally break the sandbox by insecurely appending such data to its confinements.

Can you imagine if someone could execute code in the context of your keyboard, or install an unwanted app without your consent? Well… It’s hardly within the realm of imagination.

The external storage and network based vulnerabilities we discovered, can be leveraged by the attacker to corrupt data, steal sensitive information or even take control of your device.

Slava Makkaveev
Slava Makkaveev is a Security Researcher at Check Point. Holds a PhD in Computer Science. Slava has found himself in the security field more than seven years ago and since then gained a vast experience in reverse engineering and malware analysis. Recently Slava has taken a particularly strong interest in mobile platforms and firmware security.


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 12:00-12:25


Mapping Social Media with Facial Recognition - Jacob Wilkin

“Performing intelligence gathering on targets is a time consuming process, it typically starts by attempting to find a persons online presence on a variety of social media sites. What if it could be automated and done on a mass scale with hundreds or thousands of targets?

Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s presence, outputting the results into report that a human operator can quickly review.

Social Mapper has a variety of uses in the security industry, for example the automated gathering of large amounts of social media profiles for use on targeted phishing campaigns. Facial recognition aids this process by removing false positives in the search results, so that reviewing this data is quicker for a human operator.

Social Mapper supports the following social media platforms: - LinkedIn - Facebook - Twitter - GooglePlus - Instagram - VKontakte - Weibo - Douban

Social Mapper takes a variety of input types such as: - An organisations name, searching via LinkedIn - A folder full of named images - A CSV file with names and url’s to images online”


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 18:00-18:30


Mapping Wi-Fi Networks and Triggering on Interesting Traffic Patterns

Caleb Madrigal, Applied Researcher at Mandiant/FireEye

Sure, WiFi hacking has been around for a while, and everyone knows about tools like airmon-ng, kismet, et al. But what if you just want to view a list of all networks in your area along with all devices connected to them? Or maybe you want to know who's hogging all the bandwidth? Or, what if you want to know when a certain someone's cell phone is nearby. Or perhaps you'd like to know if your Airbnb host's IP Camera is uploading video to the cloud?

For all these use-cases, I've developed a new tool called "trackerjacker". In this talk, we'll use this tool to explore some of the surprisingly-informative data floating around in the radio space, and you'll come away with a new skill point or two in your radio hacking skill tree, as well as a new magical weapon... I mean tool.

Caleb Madrigal (Twitter: @caleb_madrigal) is an Applied Researcher at Mandiant/FireEye.


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 17:05-17:35


Mapping wifi networks and triggering on interesting traffic patterns - Caleb Madrigal

Sure, WiFi hacking has been around for a while, and everyone knows about tools like airmon-ng, kismet, et al. But what if you just want to view a list of all networks in your area AND see all devices connected to each network? Or maybe you want to know who’s hogging all the bandwidth (and maybe deauth them if they use too much)? Or, what if you want to know when a certain someone’s cell phone is nearby. Or perhaps you’d like to know if your Airbnb host’s IP Camera is uploading video to the cloud?

For all these use-cases, I’ve developed a new tool called ““trackerjacker””. In this talk, we’ll use this tool to explore some of the surprisingly-informative data floating around in the radio space, and you’ll come away with a new skill point or two in your radio hacking skill tree, as well as a new magical weapon… I mean tool.


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Sunday - 09:00-09:59


Title:
Master Baiting! Dont Click Bait, Click Yourself

BACE16
@bace16_

Master Baiting! Dont Click Bait, Click Yourself

The talk that lives up to its name! Completely self-centered on how to work with your bait and tackle to jerk off the line of stories in your head and get back to reality. Avoid phishing by not falling for the hookers! Even yourself! Social engineering! Deep penetrating psychology mixed with blatant innuendo and enough buzzwords to make a CISO throw BitCoin at it...then make engineers figure out a POC for what this Purple Team Darknet vaporware actually does!


Return to Index      -     

 

CHV - Flamingo Lower Level - Red Rock Rm 1-5 - Friday - 15:50-16:35


Meet Salinas, the first ever SMS-commanded Car Infotainment RAT

Dan Regalado

FRIDAY 8/10 • 3:50-4:35 PM
45 min talk

Nowadays any recent car up to 5 years old comes with something called “Infotainment”, this is that IPad-looking screen that allows you to use the GPS Navigation, select your favorite music from your IPod, make or receive calls while speaking through the Car’s speakers, or even ask the Car to read a SMS message for you, that along with the latest self-driving technologies popping up everywhere cannot longer be handled by a microcontroller, it requires an embedded OS to support all those features and therefore the world started worrying about the possibility to get Ransomware on the Car or an Infostealer reading all your SMS messages while you are driving, or triggering a DoS on the CAN Bus so that the Car cannot work properly, etc. All those scenarios used to be hypothetical until now, we grabbed an infotainment, broke into it and reversed engineer all its main components with one goal in mind: to infect the Infotainment with malware that can be commanded remotely through SMS messages.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Sunday - 13:00-12:59


Title: Meow Meow Meow

Speaker: Meow-Meow Ludo Meow
About Meow-Meow:
Meow-Ludo is the founder of biohacking in Australia, and works full time running BioFoundry. He is a full-time hacker, part-time federal political candidate, and is interested in interdisciplinary projects.He is interested in the ability of biohackers to create bioweapons and the regulations that aim to control them.
Abstract:
Meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow

Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 13:00-13:30


Micro-Renovator: Bringing Processor Firmware up to Code

Sunday at 13:00 in Track 2
20 minutes | Demo, Tool

Matt King Hacker

The mitigations for Spectre highlighted a weak link in the patching process for many users: firmware (un)availability. While updated microcode was made publicly available for many processors, end-users are unable to directly consume it. Instead, platform and operating system vendors need to distribute firmware and kernel patches which include the new microcode. Inconsistent support from those vendors has left millions of users without a way to consume these critical security updates, until now. Micro-Renovator provides the ability to apply microcode updates without modifying either platform firmware or the operating system, through simple (and reversible) modifications to the EFI boot partition.

Matt King
Matt is a security geek responsible for ensuring platform and firmware trust at a cloud service provider, and dedicates an inordinate amount of time to updating firmware as a result. He has pen tested a broad range of systems as a product security validation lead at a prominent processor vendor, and has a history of rendering all manner of computing devices inoperable.


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Sunday - 11:00-11:59


Microcontrollers and Single Board Computers for Hacking, Fun and Profit

gh057

As security researchers, we are always looking for the next device that will make our jobs easier and our research more effective. In many cases, physical gear can be expensive and limited in capability which can be prohibitive, especially in engagements where dead drops are required. However, with the skyrocketing popularity of microcontrollers and single board computers, that barrier has been reduced significantly and has created a host of new possibilities for everything from dead drops to wired and wireless network intrusion and analysis. gh057 will introduce some of the more popular options in this genre and some live demonstrations of their more fun uses. gh057 will demonstrate three devices he built to solve specific problems and that are based on these platforms: ATtiny85, ESP8266 / ES32, Raspberry Pi Finally, and as a bonus, gh057 will demonstrate a simple technique that uses Applescript and Bash that can be used to create a simple USB trojan and can be useful for end-user training.

gh057 has worked on almost every aspect of the software development lifecycle. For the majority of his career, he worked as a front-end, full stack engineer specializing in UI/UX. During this time, he was involved in development and also testing efforts, which included quality and security best practices. In the last few years, gh057 completed a career transition to application security, most notably through security evangelism roles, where he worked closely with development teams. As an application security engineer, gh057 is responsible for security best practices, which encompasses both digital and physical threat vectors. Most recently, gh057 has been the concept creator and team lead for the Day of Shecurity conference which took place on June 16th in San Francisco, CA. In his free time, he is passionate about promoting equality in the cybersecurity industry and offering mentorship to young technologists. His goal is to leave behind a better industry than the one he found when he first began his career.


Return to Index      -     

 

CHV - Flamingo Lower Level - Red Rock Rm 1-5 - Saturday - 11:20-12:05


Misbehavior Detection in V2X networks

Ben

saturday 8/11 • 11:20 AM-12:05 PM
45 min talk

There exist several approaches to misbehavior detection in V2X networks in research literature, many of them not necessarily taking automotive restrictions into account. Only few approaches do and there is only one approach that has been tested in actual vehicles as far as I know. And that approach has it challenges - although it is an important first step towards implementation. I will present how this (and one or two other) approach works and how it can be tricked. Although misbehavior detection is an integral part of the V2X security system nobody seems to care that V2X gets deployed, but there is no feasible approach for misbehavior detection. I will present a hypothesis why this is and will discuss it with the audience.


Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 17:00-17:59


Title: Moderator Justin Ehrenhofer's Greatest Questions

Speakers: Shamiq (App Sec Manager, COINBASE), Paul Shapiro, A., Fluffy Pony

Description:
No description available



Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Sunday - 12:30-12:59


Title: Monero Project's Vulnerability Response Process

Speakers: Anonimal

Description:
No description available



Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Sunday - 11:00-11:30


Title: Monero's Differentiated Community

Speakers: Justin Ehrenhofer

Description:
No description available



Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 11:30-11:59


Title: Monero's Emerging Applications

Speakers: Fluffy Pony

Description:
No description available



Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 12:45-13:30


Title: Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders.

Speaker: siDragon

Return to Index      -     

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 16:55-17:45



Friday August 10 2018 1655 50 mins

Mr. Sinatra Will Hack You Now
Across the globe for millennia upon millennia, a cabal of social engineers have been working to manipulate realities, collective and singular.  They influence decision making processes in a matter of minutes and leave no evidence of their presence.  They’ve made camp in your computers, your cars, your places of worship, and your schools.  They may be doing it right now as you read this. They are everywhere.  They are musicians.

Neil Fallon @npfallon
Neil Fallon is the lyricist, singer, and rhythm guitar player of the rock band Clutch. Since forming in 1991, Clutch has released 11 full length records and has performed numerous times in North America, Europe, South America, Australia, and Japan.

In 2009, Neil, along with his bandmates and manager, created Weathermaker Music, a completely independent record label. To date, Weathermaker Music has had 58 world wide releases. The most recent release, “Psychic Warfare,” reached #11 on the Billboard Top 100 and #1 on Hard Rock & Rock Billboard chart.


Return to Index      -     

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 15:30-15:59


Friday August 10 2018 1530 30 Mins

My Stripper Name is Bubbles Sunset: What SEO Meme Marketing Means for Social Engineering
You’re mindlessly scrolling through Facebook when you see your friend share a post and comment, “Mine is Bubbles Sunset!”

You click. It’s a meme that reads: “What’s your stripper name? It’s the name of your first pet and the first street you lived on! Comment with your answers, and share with your friends!”

Are alarm bells going off in your head yet?

Security-savvy internet browsers know to be on the lookout for the digital version of a mustached man in a trench coat, like emails selling discounted Viagra. But as you’ve gotten smarter about avoiding these obvious bids for information, attackers and online marketers have gotten subtler to persuade you to divulge personal information. Every second, users willingly divulge sensitive information in comments on social media memes like the stripper name post because they don’t see them as a threat.

In this talk, Hannah Silvers — social engineer and SEO marketing content strategist —brings the two worlds together. Using (hilarious) real-life examples, she will illustrate how social media memes are hotbeds of valuable PII for marketers and attackers alike, how these memes encourage users to engage with and share them, and the ways attackers can make use of them as an attack vector.

Of course, the talk won’t stop at the doom and gloom. The presenter will discuss implications to the work of security educators and what users can do to mitigate the risk these memes present once they understand how they work.

Hannah Silvers: @hannah_silvers
Hannah Silvers is a writer, editor, and content strategist based in Atlanta, GA. During the day, she writes and presents SEO content marketing strategy for nonprofit service providers. But after the ride home, she moonlights as the director of outreach for CG Silvers Consulting and a lexicographic content contributor for Dictionary.com, charting the course of the English language through definitions of slang, politics, pop culture, and emoji. Hannah is also a veteran of Social-Engineer, LLC, holding corporate technical writing and vishing experience as well as the current record of youngest contestant to enter the SECTF booth at DEF CON.


Return to Index      -     

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 13:00-13:59


Title: Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space

Speakers: Speaker TBA

Description:

When talent comes from intelligence agencies, what masters do we server, who takes priority, and how can companies ensure providers are supporting their interests above past masters? And how have companies muddied the waters so that these questions are relevant in the first place? Some exploration of conflicting duties and possible responses.




Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 17:00-17:45


Title: Nature’s source code is vulnerable and cannot be patched

Speaker: Jeffrey Ladish
Abstract:
"Natural selection can produce marvelous functional systems, but constraints in the evolutionary process can be exploited. By leveraging humanity’s relative advantage in design foresight, we may be able to create synthetic organisms that can out-compete their natural counterparts.
In this talk, I will explore the design limitations of evolved organisms that leave ecosystems permanently vulnerable to attack. In order to protect the natural world and human health, I will advocate we adopt the “biosecurity mindset” and improve our ecological security posture."

Return to Index      -     

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 12:00-12:50


NFC Payments: The Art of Relay & Replay Attacks

Salvador Mendoza

Abstract

Relay and replay attacks are becoming more common in the payment industry. Getting more complex and sophisticated day by day. We are not just seeing simple skimming techniques but complex attack vectors that are a combination of technologies and implementations involving SDR(Software-Defined Radio), NFC, APDU(Application Protocol Data Unit), hardware emulation design, specialized software, tokenization protocols and social engineering. In this talk, we will discuss what these attacks are, or what kind of hardware or software could be implemented.

Bio

Salvador Mendoza is a security researcher focusing in tokenization processes, magnetic stripe information and embedded prototypes. He has presented on tokenization flaws and payment methods at Black Hat USA, DEF CON 24/25, DerbyCon, Ekoparty, BugCON, 8.8, and Troopers 17/18. Salvador designed different tools to pentest magnetic stripe information and tokenization processes. In his designed toolset includes MagSpoofPI, JamSpay, TokenGet, SamyKam and lately BlueSpoof.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 12:00-12:45


Title: No Firewall Can Save You At The Intersection Of Genetics and Privacy

Speaker: BJ
About BJ:
Chris currently works at Lares, prior to that he founded or worked with a number of companies specializing in DarkNet research, intelligence gathering, cryptography, deception
technologies, and providers of security services and threat intelligence. Since the late 90’s Chris has been deeply involved with security
R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against cyber attack. Prior to that he jumped out of planes for a living, visiting all
sorts of interesting countries and cultures while doing his best to avoid getting shot at too often. Roberts is considered one of the world’s foremost experts on counter threat intelligence and vulnerability
research within the Information Security industry.
Abstract:
This talk originally started as a look at the intersection of personal anonymity and personal genetic sequencing. The short version: “Genetic Privacy” is a very tough thing to accomplish; lack of such privacy has potentially “bad” consequences. But there was some hope IF you did everything right. Then we all discovered that the prospects for genetic privacy are even lower than we imagined. You may have heard that the suspected Golden State Killer was found and arrested after decades of terror. The suspect didn’t slip up, other than having relatives who wanted to know more about their own genes. No one is accusing you of murder (I hope), but almost everyone has some aspect of their genetics that they don’t want others to know. So now, not only do you have to get everything right the first time to guard your genetic privacy – you have to hope all your relatives get the genetic privacy stuff right the first time…and every time they get tested. And for those of you who say, “But wait! The laws against genetic discrimination will save us!” consider that various laws also ban other forms of discrimination. How’s that working out these days?

Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 14:30-14:59


Normalizing Empire's Traffic to Evade Anomaly-based IDS

Utku Sen, Senior R&D Engineer at Tear Security
Gozde Sinturk, R&D Engineer at Tear Security

Perimeter defenses are holding an important role in computer security. However, when we check the method of APT groups, a single spear-phishing usually enough to gain a foothold on the network. Therefore, red teams are mostly focused on "assume breach" type of scenarios. In these scenarios, testers need to use a post-exploitation framework. Besides that, testers also need to hide the server-agent communication from NIDS (Network Intrusion Detection Systems). In this session, we will discuss one of the most famous post-exploitation tool, Empire's situation against payload-based anomaly detection systems. We will explain how to normalize Empire's traffic with polymorphic blending attack (PBA) method. We will also cover our tool, "firstorder" which is designed to evade anomaly-based detection systems. firstorder tool takes a traffic capture file of the network, tries to identify normal profile and configures Empire's listener in such way.

Utku Sen (Twitter: @utkusen) is a security researcher who is mostly focused on following areas: application security, network security, tool development. He presented his tool, Leviathan Framework in Black Hat USA Arsenal and DEF CON Demo Labs in 2017. He also nominated for Pwnie Awards on "Best Backdoor" category in 2016.

Gozde Sinturk is Security Researcher and Python Developer who involved in projects related to machine learning, natural language processing, and big data. She is developing security tools in her current position.


Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 11:00-11:45


NSA Talks Cybersecurity

Friday at 11:00 in Track 1
45 minutes |

Rob Joyce

The National Security Agency (NSA) has authorities for both foreign intelligence and cyber security.  This unique position gives NSA insights into the ways networks are exploited and the methods that are effective in defending against threats.  Over time, NSA has adapted the focus of its security efforts and continues to evolve with technologies and the adversaries we face.  The talk will look back at some of the inflection points that have influenced NSA and US Government cybersecurity efforts and look at what is necessary to stay safe in the new environment.

Rob Joyce
Rob Joyce (@RGB_Lights) has been with the Nation Security Agency (NSA) for 29 years and has led organizations doing both foreign intelligence and cybersecurity work.  He is the Senior Advisor for Cybersecurity, having recently returned from the White House as the Cybersecurity Coordinator where he worked national policy, synchronizing activity across the government and partners.  His previous assignment was leading Tailored Access Operations (TAO), the organization developing tools, techniques and capabilities to exploit computers for NSA's foreign intelligence mission.  Prior to that, he was the Deputy Director for Information Assurance, overseeing the protection of national security systems, which includes the nation's cryptographic key material, classified networks and warfighting networks.  In his spare time, Rob builds a computerized Christmas light show.  His most recent display was likely visible from the International Space Station. In addition to an infatuation with Christmas light displays, he helped a Boy Scout troop built catapults for the annual Punkin Chunkin competition until lawyers ruined it for all of us.


Return to Index      -     

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


nzyme

Sunday 08/12/18 from 1000-1150 at Table One
Defense, RF, WiFi/802.11

Lennart Koopmann

Detecting attackers who use WiFi as a vector is hard because of security issues inherent in the 802.11 protocol, as well as commoditized ways of near-perfect spoofing of WiFi enabled devices.

Security professionals work around this by treating WiFi traffic as insecure and encrypting data on higher layers of the protocol stack. Sophisticated attackers do not limit their efforts to jamming or tapping of wireless communication, but try to use deception techniques to trick human operators of WiFi devices into revealing secrets. The list of attacks that are possible after a user has been convinced to connect to a rogue access point that is under the attacker's control ranges from DNS spoofing to crafted captive portals that can be used for classic phishing attempts.

This is why the new nzyme release introduces its own set of WiFi deception techniques. It is turning the tables and attempts to trick attackers into attacking our own simulated, wireless infrastructure that resembles realistic clients and access points. Together with the general collection of all 802.11 management frames already offered in the existing release, nzyme now replays all relevant communication to and from our decoy transceivers to a log management system like Graylog for analysis and alerting. This combination allows tricking attackers into revealing themselves by leaving easy to identify traces during all exploitation phases.

Applying WiFi deception to defensive perimeters gives the blue team a chance to reveal, delay, and condition attackers.

https://wtf.horse/2017/10/02/introducing-nzyme-wifi-802-11-frame-recording-and-forensics/

Lennart Koopmann
Born and raised in Germany, Lennart founded the Open Source log management project Graylog in 2009 and has since then worked with many organizations on log management and security-related projects. He has an extensive background in software development and architecture. There is a high chance that you will meet Lennart at a LobbyCon somewhere in the country. Once he ran a marathon but was not very Fast.


Return to Index      -     

 

DEFCON - Roman Chillout - Friday - 20:00-19:59


Oh Noes!—A Role Playing Incident Response Game

Friday at 20:00 in Roman Chillout
Fireside Hax | Demo, Audience Participation, Tool

Bruce Potter Founder, The Shmoo Group

Robert Potter Hacker

The term"incident response exercise" can strike fear in the hearts of even the mostly steely-eyed professional. The idea of sitting around a table, talking through a catastrophic security event can be both simultaneously exhausting and incredibly boring. However, what instead of an participating in an"incident response exercise," you instead got to plan an"incident response role playing game?"

Enter our IR roleplaying game,"Oh Noes! An Adventure Through the Cybers and Shit." As part of our day job, we do quarterly IR exercises. In order to make these exercises more engaging, more fun, and more useful, we turned these exercises into a role playing game. We found it so useful and fun, we're releasing it at DEF CON along with numerous scenarios for your dungeon master to take you through.

At this talk, we will talk about gamifying IR exercises and the rules of Oh Noes! We will equip you with dice and your own character sheet and we will walk you through the character creating process. That's right, in Oh Noes! you create your own character with specific skills and abilities that you level up as you play. A group of us will play through a short scenario so you can see how the game works. We will provide several sample scenarios, some ripped from the headlines (and some cribbed from @badthingsdaily) as well as provide guidance on what makes successful scenarios as you transition to be your own dungeon master.

Bruce Potter
Bruce Potter is the founder of The Shmoo Group, CISO at Expel, and helps run ShmooCon each year in Washington DC. Bruce has over 20 years (yikes!) of experience in hacking and cyber security including working with DoD an Intelligence Community clients as well as numerous finance, healthcare, and transportation companies. Bruce used to do a lot of wireless and network attack and defense work but lately focuses on risk management, threat categorization, and building more secure systems. Bruce has never played D&D but has a son who plays extensively.

@gdead

Robert Potter
Robert Potter is a 16 year old 10th grader who wears Invisalign. He is the son of Mr.Bow-To-My-Firewall and Mrs.Heidi"clever name" Potter. He likes things that begin with M, including but not limited to Math, Music, and his Mother (my mom told me to put that there).

@TauManiac


Return to Index      -     

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 17:50-18:40



Saturday August 11 2018 1750 50 mins
On the Hunt: Hacking the Hunt Group
Dynamic duo DEF CON SECTF black badge winner Chris Silvers and ACE Hackware founder Taylor Banks return to the stage to take audiences on a hunt — of the hunt group, that is.

In this talk, Chris and Taylor will walk through the evolution of the “”you called me!”” vishing attack from 1980s phone pranking and 3-way calling to 2010s perceived phone system glitch exploits. You’ll learn how to engineer a successful “”simultaneous answer”” vishing call through reconnaissance, rapport-building, and attack. Most importantly, you’ll walk away with actionable strategies to prepare yourself and your organization against such attacks.

Oh, and the best part? Chris and Taylor will play real recordings of phone system glitch vishing calls on stage. Listen (and laugh) to what worked and what didn’t, then learn a little something through an interactive analysis of each call with the presenters.

Chris Silvers: @cgsilvers
Taylor Banks: @taylorbanks
Taylor Banks, Founder of ACE Hackware, has spent 15 years in information security. Experienced in applied hacking and countermeasures, Taylor has performed pen-tests and provided training for organizations including the FBI, NSA, US Navy and Marine Corps.

Chris Silvers is founder and CEO of CG Silvers Consulting as well as DEF CON black badge winner. Chris’ passion for education and 20 years of experience in information security have landed him on the presenter’s stage at conferences such as Derby Con and GrrCon.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 14:00-14:45


One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers

Sunday at 14:00 in Track 3
45 minutes | Demo, Tool, Exploit

Xiaolong Bai Security Engineer, Alibaba Inc.

Min (Spark) Zheng Security Expert, Alibaba Inc.

Though many security mechanisms are deployed in Apple's macOS and iOS systems, some old-fashioned or poor-quality kernel code still leaves the door widely open to attackers. Especially, as kernel's critical components, device drivers are frequently exploited to attack Apple systems. In fact, bug hunting in Apple kernel drivers is not easy since they are mostly closed-source and heavily relying on object-oriented programming. In this talk, we will share our experience of analyzing and attacking Apple kernel drivers. In specific, we will introduce a new tool called Ryuk. Ryuk employs static analysis techniques to discover bugs by itself or assist manual review.

In addition, we further combine static analysis with dynamic fuzzing for bug hunting in Apple drivers. In specific, we will introduce how we integrate Ryuk to the state-of-art Apple driver fuzzer, PassiveFuzzFrameworkOSX, for finding exploitable bugs.

Most importantly, we will illustrate Ryuk's power with several new vulnerabilities that are recently discovered by Ryuk. In specific, we will show how we exploit these vulnerabilities for privilege escalation on macOS 10.13.3 and 10.13.2. We will not only explain why these bugs occur and how we find them, but also demonstrate how we exploit them with innovative kernel exploitation techniques.

Xiaolong Bai
Xiaolong Bai (twitter@bxl1989, github@bxl1989) is a security engineer in Alibaba Orion Security Lab. Before joining Alibaba, he received his Ph.D. degree in Tsinghua University. He has published several research papers on top conferences including IEEE S&P, Usenix Security, CCS, NDSS, and presented his research in Black Hat USA and Hack In The Box. He has been acknowledged by famous vendors, including Apple, Google, Facebook, Evernote, and Tencent for his contribution in discovering the vulnerabilities in their systems and improving the security of their products. He is a member of the OverSky team for private jailbreaking development.

@bxl1989

Min (Spark) Zheng
Min (Spark) Zheng (twitter@SparkZheng, github@zhengmin1989) is a security expert in Alibaba Orion Security Lab. He received his Ph.D. degree in the CSE department of the CUHK. His research focuses on malware analysis, smartphone (Android & iOS) security, system design and implementation. Before receiving Alibaba A-Star offer award in 2015, he worked in FireEye, Baidu and Tencent. He was the champion of GeekPwn 2014 and AliCTF 2015. He won the"best security researcher" award in FIT 2016 for detecting the iOS/macOS vulnerabilities, XcodeGhost virus and WormHole RCE vulnerability. He is a member of the OverSky team for private jailbreaking development. He presented his research in DEF CON, HITB, BlackHat, RUXCON, etc.

@SparkZheng


Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 13:00-13:30


One Step Ahead of Cheaters -- Instrumenting Android Emulators

Saturday at 13:00 in 101 Track, Flamingo
20 minutes | Demo, Tool

Nevermoe (@n3v3rm03) Security Engineer, DeNA Co., Ltd.

Commercial Android emulators such as NOX, BlueStacks and Leidian are very popular at the moment and most games can run on these emulators fast and soundly. The bad news for game vendors is that these emulators are usually shipped with root permission in the first place. On the other hand, cheating tools developers are happy because they can easily distribute their tools to abusers without requiring the abusers to have a physical rooted device, nor do they need to perform laborious tuning for different Android OS / firmware version. However, luckily for game vendors, commercial Android emulators usually use an x86/ARM mixed-mode emulation for speed-up. As a result, a standard native hooking/DBI framework won't work on this kind of platform. This drawback could discourage the cheating developers.

In this talk, I will introduce a native hooking framework on such a kind of mixed-mode emulators. The talk will include the process start routine of both command-line applications and Android JNI applications as well as how these routines differ on an emulator. The different emulation strategies adopted by different emulators and runtime environments (Dalvik/ART) will also be discussed. Based on these knowledge, I will explain why the existing hooking/DBI frameworks do not work on these emulators and how to make one that works.

Lastly, I will present a demo of using this hooking framework to cheat a game on emulator. With this demo, I will discuss how the dark market of mobile game cheating may develop in the foreseeable future.

Nevermoe (@n3v3rm03)
Nevermoe (@n3v3rm03) is a security engineer in DeNA Co., Ltd. His main focuses are web security, game hacking and reverse engineering. He loves writing tools for game hacking / analyzing and publishing them on https://github.com/nevermoe.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 13:00-13:30


One-Click to OWA

Friday at 13:00 in Track 3
20 minutes | Demo, Tool

William Martin Security & Privacy Senior Associate

With the presense of 2FA/MFA solutions growing, the attack surface for external attackers that have successfully phished/captured/cracked credentials is shrinking. However, many 2FA/MFA solutions leave gaps in their coverage which can allow attackers to leverage those credentials. For example, while OWA may be protected with 2FA, the Exchange Web Services Management API (EWS) offers many of the same features and functionalities without the same protections.

In this talk, I will introduce ExchangeRelayX, an NTLM relay tool that provides attackers with access to an interface that resembles a victim's OWA UI and has many of its functionalities - without ever cracking the relayed credentials.  ExchangeRelayX takes advantage of the gap in some 2FA/MFA solutions protecting Exchange, potentially resulting in a single-click phishing scheme enabling an attacker to exfiltrate sensitive data, perform limited active-directory enumeration, and execute further internal phishing attacks.

William Martin
William Martin is a penetration tester & information security researcher with more than five years of experience in the Information Security Industry. William became an Offensive Security Certified Professional(OSCP) in November of 2015 and is currently a senior associate at RSM US LLP in the Security and Privacy practice with a focus on penetration testing and social engineering. www.linkedin.com/in/william-martin-OSCP

@quickbreach
www.linkedin.com/in/william-martin-OSCP


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 11:00-11:45


One-liners to Rule Them All

Friday at 11:00 in Track 2
45 minutes | Demo

egypt Security Analyst, Black Hills Information Security

William Vu Security Researcher, Rapid7

It began with the forging of the command line. And some things that should not have been forgotten, were lost. History became legend, legend became myth.

Sometimes you just need to pull out the third column of a CSV file. Sometimes you just need to sort IP addresses. Sometimes you have to pull out IP addresses from the third column and sort them, but only if the first column is a particular string and for some reason the case is random.

In this DEF CON 101 talk, we'll cover a ton of bash one-liners that we use to speed up our hacking. Along the way, we'll talk about the concepts behind each of them and how we apply various strategies to accomplish whatever weird data processing task comes up while testing exploits and attacking a network.

egypt
egypt is a penetration tester for Black Hills Information Security and a contributor to the Metasploit Project. He is not a country.

@egyp7

William Vu
William Vu is a security researcher at Rapid7 who works on the Metasploit Project.


Return to Index      -     

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 18:20-18:59


Open Source Endpoint Monitoring

Friday at 18:20-19:00
40 minutes

Rik van Duijn and Leandro Velasco

There is a rising trend within Threat actors to find newer, more effective and stealthy ways to attack and gain persistence in a network. One way to achieve this is by abusing legitimate software such as Windows Management Instrumentation and PowerShell. This is the case for Living Off the Land and Fileless threats. By using these techniques, attackers can distribute their malicious code bypassing software whitelisting and avoid antivirus detection. A method to detect these threats is by monitoring endpoints activity. However, this option comes with many challenges that range from getting enough system’s activity information to handle hundreds of events per second.

In our research, we analyze this monitoring method and the design challenges involved in it. Furthermore, we propose a solution that aims to detect and alert when advance threats are identified in a system. In order to provide an endpoint monitoring system free of any vendor lock-in, this solution combines the capabilities of different open source projects as well as free tools. These include, Sysmon for monitoring system activity, Elastic Stack (ELK) to store and search the collected data, ElastAlert to trigger alarms and the Sigma Project to define the rules for the alarms. This highly customizable solution would enable organizations to hunt for threats inside their network or create rules that would automatically detect specific threats upfront.

Rik van Duijn
Rik van Duijn, has over 5 years of experience as a penetration tester. His first job was auditing web application source code for a Dutch bank. Rik holds the OSCP, OSCE certifications, and is currently practicing for the OSEE certification. Rik has spoken at SHA2017, Tweakers Security/DEV Meetups and #whiskyleaks.

Leandro Velasco Leandro Velasco has over 4 years of experience in IT security. After his initial introduction managing SIEM systems Leandro completed the OS3 master. In his current role Leandro is a member of the security research team, analyzing threats and designing detection or mitigating solutions.


Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 12:30-12:59


Title: Open Source Hardware and the Monero Project

Speakers: Parasew

Description:
No description available



Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 12:00-12:10


Opening Note

No description available


Return to Index      -     

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 10:00-10:20


Opening Remarks

No description available


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 17:40-17:59


OpenPiMap is the ultimate home/prosumer network utility in order to detect, analyze, and respond to malicious network traffic on a small home or office network. Get an interactive and dynamic interface to detect and respond to botnets, hackers, and script kiddies on a platform that is powered by just 5v and costs less than $10. Everyday any point of presence on the internet can be faced with thousands of scans, exploit attempts, or malicious probes with almost no signature or notification to the end user. OpenPiMap offers the ability to detect and respond to malicious network traffic that would normally be ignored by traditional anti-virus or consumer firewalls.

OpenPiMap is an open source Netflow protocol analyzer written entirely in Python3, Flask, Javascript, and SQLite that combines open source intelligence with home/SOHO networking and intrusion detection. Running on any version of a Raspberry Pi, Linux OS, or Windows, OpenPiMap consists of two parts: (1) Netflow collection service and (2) Database processing service. The NetFlow service does exactly what it sounds like, it listens on a specified port for Netflow v5 data and logs the data into a local SQL database. The second part is where the magic happens.

All of the traffic, both in and out of the network, is compared to dozens of the top IP blacklists for malicious patterns. Once identified, the malicious suspects are mapped, interrogated via Shodan’s Python API for vulnerable services and ownership information, and then staged for exploitation if a readily available exploit exists. This processing is where the bridge between traditional netflow traffic analyzers and OpenPiMap split. There are plenty of free tools on the market to monitor incoming and outgoing connections, bandwidth utilization, and common port usage. However, none of the existing products leverage open source intelligence to the extent of OpenPiMap by providing you with the open ports and services, ownership information, ISP, geographic location, and publically available exploits for the incoming or outgoing IP addresses.


Return to Index      -     

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Orthrus

Saturday 08/11/18 from 1000-1150 at Table Four
InfoSec

Nick Sayer

Orthrus is a small appliance that allows the user to create a cryptographically secured USB volume from two microSD cards. The data on the two cards is encrypted with AES-256 XEX mode, and all of the key material used to derive the volume key is spread between the two cards. There are no passwords to manage. If you have both cards, you have everything. If you have only one, you have half the data encrypted with a key you cannot reconstruct. This allows for “two-man control” over a dataset. Orthrus itself has no keys of its own and a volume created or written with one Orthrus can be used with any other (or on any other thing that implements the Orthrus open specification). Orthrus is open source hardware and firmware.

https://hackaday.io/project/20772-orthrus

Nick Sayer
Nick Sayer has been a software developer for most of his life and has spent the last ten years specializing in his day job on security and cryptography. He recently rediscovered the hardware hobby he abandoned in his teens and has a store on Tindie full of his creations, all of which are open.


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 15:00-15:59


Title:
OSINT IS FOR SOCCER MOMS

Laura H
@h0tdish

OSINT IS FOR SOCCER MOMS

A brief but riveting mini-history of why and how most soccer mom's can out OSINT your collective information security asses any day of the week using actual case studies of two unbelievable unsolved, in real time, homicide investigations, turned SOLVED. This introductory and fast paced talk will take a look at the history of OSINT from "web-sleuthing" to "crowdsourcing" and illustrate how, from the experience of the presenter, OSINT is utilized within modern homicide investigations from & via the internet. We will discover along the way the very real consequences and benefits that can occur when policing entities ignore or include OSINT gathered by well meaning public tipsters. Afterall, the large majority of criminal events are solved by the public sending in information. Finally, we will touch on the truth that OSINT is not actually a career path or even a subset skill specific to information security but rather is a set of ever evolving tools, that was born from curiosity and caring about communities and continues to evolve to this day.


Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 16:00-16:45


Outsmarting the Smart City

Saturday at 16:00 in 101 Track, Flamingo
45 minutes | Demo, Exploit

Daniel "unicornFurnace" Crowley Research Baron, IBM X-Force Red

Mauro Paredes Hacker

Jen "savagejen" Savage Hacker

The term"smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much more mundane. Many of these technologies have already quietly been deployed in cities across the world. In this talk, we examine the security of a cross-section of smart city devices currently in use today to reveal how deeply flawed they are and how the implications of these vulnerabilities could have serious consequences.

In addition to discussing newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology, this presentation will discuss methods for how to figure out what smart city tech a given city is using, the privacy implications of smart cities, the implications of successful attacks on smart city tech, and what the future of smart city tech may hold.

Daniel "unicornFurnace" Crowley
Daniel has been working in infosec since 2004, is TIME's 2006 Person of the Year, and brews his own beer. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool.

@dan_crowley

Mauro Paredes
Mauro has many years of experience performing penetration testing and security assessments for clients in Canada, USA, Germany, Mexico and Venezuela. Mauro has experience across several industries, including finance, telecommunication, e-commerce, technology providers, retail, energy, healthcare, logistics and transportation, government; and education.

Jen "savagejen" Savage
Jennifer Savage has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100.

@savagejen


Return to Index      -     

 

DDV - Caesars Promenade Level - Capri Rm - Saturday - 15:00-15:55


Speaker: Mauro Cáseres

 

Gluster is a free scalable network filesystem. Using common off-the-shelf hardware, it allows the user to create large, distributed storage solution for media streaming, data analysis, and other data and bandwidth intensive tasks, thus providing a nice alternative to create a data replication pool easily. It was acquired by Red Hat in 2011, and merged into Red Hat Storage server in 2012, while still available in the open source world. Gluster itself doesn't have a large vulnerabilities history, having only 6 vulnerabilities reported in the last 6 years (2 of them after being bought by Red Hat). In this talk, we'll focus on the latter two, releasing GEVAUDAN, an exploit for newcomers to the gluster world to learn about it's architecture and security, and the implicancies of proper access managament on replicated data systems. This is a talk for begginers from both fields: data replication schemas and exploits writing, so both fields will have a proper introductory section. A live demo will take place during the talk, and the public can actively participate.


Return to Index      -     

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


PA Toolkit—Wireshark plugins for Pentesters

Saturday 08/11/18 from 1600-1750 at Table Six
Defence

Nishant Sharma

Jeswin Mathai

PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including:

The key advantage of using PA toolkit is that any user can check security related summary and detect common attacks just by running Wireshark. And, he can do this on the platform of his choice. Also, as the project is open source and written in newbie-friendly Lua language, one can easily extend existing plugins or reuse the code to write plugins of his own.

Nishant Sharma
Nishant Sharma is a Technical Manager at Pentester Academy and Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX, WiMini and course/training content. He has presented/published his work at Blackhat Arsenal, Wireless Village, IoT village and Demo labs (DEFCON). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the WIPS solution. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, forensics and cryptography.

Jeswin Mathai
Jeswin Mathai is a Researcher at Pentester Academy. He has a Bachelor degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. He was also the part of team Pied Piper who won Smart India Hackathon 2017, a national level competition organized by GoI. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security and Web Application Security.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Thursday - 10:00-13:59


Packet Mining for Privacy Leakage

Thursday, 1000-1400 in Icon F

Dave Porcello Founder, Pwnie Express

Sean Gallagher IT & National Security Editor, Ars Technica

Join the packet hunters behind NPR's Project Eavesdrop for an interactive, hands-on workshop where we'll hunt for juicy bits of personal & corporate data on the wire. Using Wireshark, ngrep, tcpflow, xplico and other Linux packet digging tools, you'll learn how to extract PII from a packet capture or live stream, including passwords, emails, photos/images, cookies, session IDs, credit card numbers, SSNs, GPS coordinates, mobile device details, cell carrier info, vulnerable client software, weak SSL sessions, and much more. Useful for detecting privacy/data leakage, passive pentesting, & network forensics, these techniques expose what an intermediary can discern about an individual or organization through passive monitoring of network traffic.

Prerequisites: Students must be comfortable with Linux command line & Wireshark.

Materials: Students wishing to participate in the exercises should bring a laptop running Kali Linux (or a Kali virtual machine).

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/packet-mining-for-privacy-leakage-icon-f-tickets-47086301395
(Opens July 8, 2018 at 15:00 PDT)

Dave Porcello
Dave Porcello is the Founder of Pwnie Express and creator of the original Pwn Plug, Power Pwn, and other covert pentesting gadgets featured on NPR, Wired, Ars Technica, Slashdot, and "Mr. Robot". Dave is currently a freelance pentester, packet hunter, researcher, & adjunct professor at Norwich University.

Sean Gallagher
Sean Gallagher is Ars Technica's IT and National Security Editor. He evaluates security tools and conducts privacy and security testing for Ars' Technology Lab.


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 12:00-12:59


PacketWhisper: Stealthily Exfiltrating Data and Defeating Attribution Using DNS and Text-Based Steganography

TryCatchHCF

Data exfiltration through DNS typically relies on the use of DNS query fields to exfiltrate data via the attacker's DNS server. This approach has several shortcomings. The first is attribution, since attackers end up creating a trail back to their own infrastructure. The second is awareness, as DFIR analysts have made careful study of DNS fields as exfiltration vectors. The third is access, since companies are increasingly using DNS server whitelisting to prevent or alert on outgoing DNS queries to servers controlled by attackers. But what if data could be transferred using the target's own whitelisted DNS servers, without the communicating systems ever directly connecting to each other or a common endpoint? Even if the network boundary employed data whitelisting to block data exfiltration?

Through a combination of DNS queries and text-based steganography, we'll cover the methods used to transfer data across a network, hidden in plain sight, without direct connectivity between systems, while employing multiple levels of deception to avoid generating alerts as well as to mislead analysis attempts. The presentation will include a demonstration of PacketWhisper, a new tool written in Python, that automates all of these steps for you. PacketWhisper will be made available on GitHub to coincide with this session (https://github.com/TryCatchHCF).

TryCatchHCF (Twitter: @TryCatchHCF) is Red Team Lead at a Fortune 500 company, and creator of the Cloakify Exfiltration and DumpsterFire Incident Automation Toolsets (https://github.com/TryCatchHCF). Previous roles have included Lead Pentester and AppSec Team Lead. He hacked into his first systems in 1981 and wrote his first malware the following year, all while nearly being eaten by a grue. He has 25+ years of security and software engineering experience, and served as an Intelligence Analyst and Counterintelligence Specialist in the United States Marine Corps. Education includes a bachelors degree in Cognitive Science, a masters degree in Information Assurance, and the collective HiveMind of the global hacking community.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 11:45-11:45


Title: Panel Discussion: Healthcare

Moderator: Christian "quaddi" Dameff MD
About Christian:
Christian (quaddi) Dameff MD is an emergency medicine doctor, former open capture the flag champion, prior DEF CON speaker, and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his fourteenth DEF CON.
Panelist:Beau Woods
About Beau:
Beau Woods is a leader with the I Am The Cavalry grassroots initiative, a Cyber Safety Innovation Fellow with the Atlantic Council, Entrepreneur in Residence at the US Food and Drug Administration, and Founder/CEO of Stratigos Security. Beau has consulted with Global 100 corporations, the White House, members of Congress, foreign governments, and NGOs on some of the most critical cybersecurity issues of our time. Beau's focus is on Internet of Things (IoT) technologies where cybersecurity intersects public safety and human life issues, including healthcare, automotive, energy, oil and gas, aviation, transportation, and other sectors. Beau is a published author, frequent public speaker, often quoted in media, and is often engaged for public or private speaking venues.
Panelist:Dr. Leslie Saxon
About Leslie:
Dr. Leslie Saxon is a Professor of Medicine, Clinical Scholar, at the Keck School of Medicine of USC. Dr. Saxon specializes in the diagnosis and treatment of cardiac arrhythmias and preventing sudden cardiac death. Dr. Saxon received her medical degree from the Ross University School of Medicine. She completed her internship and residency at St. Luke’s Hospital Washington University, and fellowships in cardiology at Rush-Presbyterian-St. Luke’s Medical Center in Chicago and UCLA. Dr. Saxon has completed over 100 publications in various medical journals and is an active member of a multitude of organizations, including the American Heart Association, and the Heart Failure Society of America. She is also a fellow of the American College of Cardiology and the Heart Rhythm Society.
Abstract:
As medical and recreational devices shift from outside to inside the body, challenges arise not only for builders and breakers of these devices, but also for regulators. This panel will introduce the progress of the Internet of Things into the "Internet of Bodies" and explain how existing legal and policy frameworks of
consumer protection and security fit with this next generation of body-attached and body-embedded devices (and how they don't).

Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 14:15-16:15


Title: Panel Discussion: The Internet of Bodies

Moderator: Prof Andrea M. Matwyshyn, Professor of Law, NUSL
About Andrea M. Matwyshyn:
Andrea Matwyshyn is an academic and author whose work focuses on technology and innovation policy, particularly information security and consumer privacy. She is a (tenured full) professor of law / professor of computer science (by courtesy) at Northeastern University, where she is the co-director of
the Center for Law, Innovation, and Creativity (CLIC). Andrea is also a faculty affiliate of the Center for Internet and Society at Stanford Law School. She is a Senior Fellow of the Cyber Statecraft Initiative at the Atlantic Council's Brent Scowcroft Center on International Security and a US-UK Fulbright
Commission Cyber Security Scholar award recipient in 2016-2017. In 2014, she served as the Senior Policy Advisor/ Academic in Residence at the U.S. Federal Trade Commission. Prior to entering academia, she was a corporate attorney in private practice. She is the legal specialty reviewer for the DEFCON CFP board.
Panelist:Mary Anne Buerkle, Acting Chairman, Consumer Product Safety Commission
About Mary Anne Buerkle:
Ann Marie Buerkle has served as a Commissioner at the U.S. Consumer Product Safety Commission (CPSC) since July of 2013. She was named Acting Chairman of the agency on February 9, 2017. On July 24, 2017, President Donald J. Trump announced his intent to nominate Ms. Buerkle to be permanent
Chairman and to an additional seven year term to the Commission. Prior to joining the Consumer Product Safety Commission, Ms. Buerkle served the people of Upstate New York’s 25th Congressional District in the U.S. House of Representatives. During her time in Congress, Ms. Buerkle served on
the Oversight & Government Reform, Foreign Affairs, and Veterans’ Affairs Committees. She served as Chair of the Veterans’ Affairs Subcommittee on Health. While in Congress, Ms. Buerkle was also appointed by President Obama to serve as a United States Representative to the 66th Session of the
General Assembly of the United Nations.
Panelist:Prof Stephanie Pell, West Point
About Stephanie Pell:
Stephanie Pell is an Assistant Professor and Cyber Ethics Fellow at West Point’s Army Cyber Institute (ACI). She writes about privacy, surveillance and security law and policy, and is particularly interested in the tensions inherent in enabling traditional law enforcement efforts and making our
communications networks more secure. Prior to joining the ACI faculty, Stephanie served as Counsel to the House Judiciary Committee, where she was lead counsel on Electronic Communications Privacy Act (ECPA) reform and PATRIOT Act reauthorization during the 111th Congress. Stephanie was also a
federal prosecutor for over fourteen years, working as a Senior Counsel to the Deputy Attorney General, as a Counsel to the Assistant Attorney General of the National Security Division, and as an Assistant U.S. Attorney in the U.S. Attorney’s Office for the Southern District of Florida. She was a
lead prosecutor in U.S. v. Jose Padilla (American Citizen detained as an enemy combatant prior to criminal indictment and trial), for which she received the Attorney General’s Exceptional Service Award, and in U.S. v. Conor Claxton (IRA operatives who purchased weapons in South Florida and smuggled
them into Belfast, Northern Ireland during peace process negotiations). Stephanie received her undergraduate, master’s and law degrees from the University of North Carolina at Chapel Hill.
Panelist:Dr. Suzanne Schwartz, U.S. Federal Drug Administration
About Dr. Suzanne Schwartz:
Dr. Suzanne Schwartz is the Associate Director for Science & Strategic Partnerships at FDA’s Center for Devices & Radiological Health (CDRH). In this role, she assists the CDRH Director and Deputy Director for Science in the development, execution and evaluation of the Center’s biomedical science and
engineering programs. Suzanne is passionate about cultivating critical dialogue across sectors and across entities towards advancing innovation in the biomedical space and within healthcare, where complex multifaceted problems exist. Suzanne joined FDA in October 2010. Initially recruited as a Commissioner’s
Fellow, she became a Medical Officer in the Office of Device Evaluation, transitioning in September 2012 to become the Director of CDRH’s Emergency Preparedness/Operations and Medical Countermeasures (EMCM) Program in the Office of the Center Director for the past 4 years. Among other public health concerns,
her portfolio has most notably included medical device cybersecurity, for which she chairs CDRH’s Cybersecurity Working Group. She also co-chairs the Government Coordinating Council for Healthcare & Public Health critical infrastructure sector. Before FDA, Suzanne was a full time surgical faculty member at Weill
Cornell Medical College, New York. Suzanne’s career has spanned the private sector as well, having served as Medical Director & Tissue Bank Director of Ortec International, a development stage medical device company focused on tissue engineering therapeutic approaches to burns and chronic wounds. Suzanne earned
an MD from Albert Einstein College of Medicine, trained in General Surgery & Burn Trauma at the New York Presbyterian Hospital - Weill Cornell Medical Center; an executive MBA from NYU Stern School of Business, and completed the National Preparedness Leadership Initiative – Harvard School of Public Health & Kennedy School of Government.
Panelist:Rebecca Slaughter, U.S. Federal Trade Commission
About Rebecca Slaughter:
Prior to joining the Commission, she served as Chief Counsel to Senator Charles Schumer of New York, the Democratic Leader. A native New Yorker, she advised Leader Schumer on legal, competition, telecom, privacy, consumer protection, and intellectual property matters, among other issues. Prior to joining Senator Schumer's office, Ms.
Slaughter was an associate in the D.C. office of Sidley Austin LLP. Ms. Slaughter received her B.A. in Anthropology magna cum laude from Yale University. She received her J.D. from Yale Law School, where she served as an editor on the Yale Law Journal.
Abstract:
As medical and recreational devices shift from outside to inside the body, challenges arise not only for builders and breakers of these devices, but also for regulators. This panel will introduce the progress of the Internet of Things into the "Internet of Bodies" and explain how existing legal and policy frameworks of
consumer protection and security fit with this next generation of body-attached and body-embedded devices (and how they don't).

Return to Index      -     

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 15:00-15:45


PANEL: DEF CON GROUPS

Sunday at 15:00 in Track 1
45 minutes | Audience Participation

Brent White (B1TK1LL3R) DEF CON Groups Global Coordinator

Jeff Moss (The Dark Tangent) Founder, DEF CON

Jayson E. Street DEF CON Groups Global Ambassador

S0ups

Tim Roberts (byt3boy)

Casey Bourbonnais

April Wright

Do you love DEF CON? Do you hate having to wait for it all year? Well, thanks to DEF CON groups, you're able to carry the spirit of DEF CON with you year round, and with local people, transcending borders, languages, and anything else that may separate us!

In this special event, your DEF CON groups team who works behind the scenes to make DCG possible will introduce themselves and provide status updates. After we're done talking, the remainder of time will be an informal open floor right there in the room to mingle and talk all things DCG.

There will be a:

Designated area in the room for those wanting to start/join a group
Designated area in the room for those wanting to share project ideas

Brent White (B1TK1LL3R)
Bio Coming Soon

Jeff Moss (The Dark Tangent)
Bio Coming Soon

Jayson E. Street
Bio Coming Soon

S0ups
Bio Coming Soon

Tim Roberts (byt3boy)
Bio Coming Soon

Casey Bourbonnais
Bio Coming Soon

April Wright
Bio Coming Soon


Return to Index      -     

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


Passionfruit

Sunday 08/12/18 from 1000-1150 at Table Five
iOS reverse engineer, Mobile security research

Zhi Zhou

Yifeng Zhang

Passionfruit is a cross-platform app analyze tool for iOS. It aims to provide a powerful and user friendly gui for app pentesting and reverse engineering. In this demo we’ll cover the most common tasks in iOS RE, like dumping decrypted apps from AppStore, exploring filesystem and other runtime introspections.

https://github.com/chaitin/passionfruit

Zhi Zhou
AntFinancial Zhi Zhou is a security engineer at AntFinancial LightYear Lab, who mainly focus on applied software security, including both mobile and desktop platforms. He’s been working on blackbox assessment, vulnerability exploit and new attack surface discovery. He was a speaker at BlackHat USA 2017.

Yifeng Zhang
Chaitin Tech Yifeng Zhang is a penetration tester at Chaitin Tech, working in mobile security and financial malware. He has been dedicated to developing security tools to make pen-testing more efficient and effective.


Return to Index      -     

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 17:30-18:29


Title: Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research

Speakers: Speaker TBA

Description:

Care about fixing the CFAA? Hear about a new proposal to better protect security research: the Computer Intrusion and Abuse Act. Because the proposal relies on norms/ethics in the security research community, we will debate the hard cases - situations where researcher norms vary.




Return to Index      -     

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


PCILeech

Sunday 08/12/18 from 1000-1150 at Table Four
Offense, Hardware, DFIR

Ulf Frisk

Ian Vitek

The PCILeech direct memory access attack toolkit was presented at DEF CON 24 and quickly became popular amongst red teamers and governments alike. Hardware sold out, FPGA support was introduced and devices are once again available! We will demonstrate how to take total control of still vulnerable systems via PCIe DMA code injection. Kernels will be subverted, full disk encryption defeated and shells spawned! Processes will be enumerated and their virtual memory abused—all by using affordable hardware and the open source PCILeech toolkit.

http://github.com/ufrisk/pcileech

Ulf Frisk
Ulf Frisk is a hacker/penetration tester working in the Swedish financial sector. Ulf focuses on penetration testing and it-security audits during daytime and low-level security research during nighttime. Ulf takes a special interest in DMA—direct memory access, and has a dark past as a developer.

Ian Vitek
Ian Vitek has a background as a pentester but now works with information security in the Swedish financial sector. Ian has held presentations at Defcon 8, 10, 12, BSidesLV and over the last years attended as a Defcon DJ (VJ Q.Alba). Interested in web, layer 2, DMA and pin bypass attacks.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Friday - 14:30-18:30


Penetration Testing Environments: Client & Test Security

Friday, 1430-1830 in Icon E

Wesley McGrew Director of Cyber Operations, HORNE Cyber Solutions

Kendall Blaylock Director of Cyber Intelligence, HORNE Cyber

Penetration testers can have the tables turned on them by attackers, to the detriment of client and tester security. Vulnerabilities exist in widely-used penetration testing tools and procedures. Testing often takes place in hostile environments: across the public Internet, over wireless, and on client networks where attackers may already have a foothold.

In these environments, common penetration testing practices can be targeted by third-party attackers. This can compromise testing teams in the style of "ihuntpineapples", or worse: quietly and over a long period of time. The confidentiality, integrity, and availability of client networks is also put at risk by "sloppy" testing techniques.

In this workshop, we present a comprehensive set of recommendations that can be used to build secure penetration testing operations. This includes technical recommendations, policies, procedures, and guidance on how to communicate and work with client organizations about the risks and mitigations. The goal is to develop testing practices that:

- ...are more professionally sound
- ...protect client organizations
- ...protect penetration testers' infrastructure, and
- ...avoid a negative impact on speed, agility, and creativity of testers

The recommendations are illustrated with entertaining and informative hands-on exercises. For the DEF CON 26 version of this class, the exercises have been updated to take place within Docker containers, and a portion of the class will involve introducing penetration testers to the use (and abuse) of containers.

Exercises include:
- Vulnerability analysis of a penetration testing device's firmware
- Quick and dirty code audits of high-risk testing tools
- Monitoring and hijacking post-exploitation command and control
- Layering security around otherwise insecure tools.

After this workshop, you will walk away with actionable recommendations for improving the maturity and security of your penetration testing operations, as well as an exposure to the technical aspects of protecting the confidentiality of sensitive client data. You will participate in hands-on exercises that illustrate the importance of analyzing your own tools for vulnerabilities, and learn how to think like an attacker that hunts attackers. You'll hear about the challenges that are inherent in performing penetration tests on sensitive client networks, and learn how to layer security around your practices to reduce the risks.

Prerequisites: To get the most out of this class, students should have the ability to read/follow code in many programming languages (C/C++, Python, PHP, etc.). Students should also be familiar with navigation and use of the Linux command line. Experience with penetration testing will be useful, but those new to penetration testing should not be discouraged. The entire point is to pick up good operational security habits.

Materials: Students who wish to participate in the hands-on exercises should bring a laptop with at least 8GB of RAM, and a working installation of Docker (to the point of being able to run "docker run hello-world"). The instructor will be teaching and demonstrating with Linux, and it is recommended as your host operating system, but a Docker installation on Windows should also be able to complete the exercises (16GB RAM recommended for Windows host operating systems). Materials will be provided on USB drives at the workshop.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/penetration-testing-environments-client-test-security-icon-e-tickets-47193713668
(Opens July 8, 2018 at 15:00 PDT)

Wesley McGrew
Wesley McGrew oversees and participates in penetration testing in his role as Director of Cyber Operations for HORNE Cyber Solutions. He has presented on topics of penetration testing, vulnerabilities, and malware analysis at DEF CON and Black Hat USA. He teaches a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley graduated from Mississippi State University's Department of Computer Science and Engineering and previously worked at the Distributed Analytics and Security Institute. He holds a Ph.D. in computer science for his research in vulnerability analysis of SCADA HMI systems.

Kendall Blaylock
Kendall serves as Director of Cyber Intelligence for HORNE Cyber, where his specialty is digital forensics and incident response. Prior to his role at HORNE Cyber, Kendall co-founded the National Forensics Training Center where he served as lead instructor providing training to law enforcement and U.S. military veterans in a wide range of digital forensic skills.


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Thursday - 10:00-13:59


Pentesting ICS 101

Thursday, 1000-1400 in Icon B

Alexandrine Torrents Security Consultant, Wavestone

Arnaud SOULLIÉ Manager, Wavestone

Many people talk about ICS & SCADA security nowadays, but only a few people actually have the opportunity to get their hands dirty and understand how these systems work. Have you ever wanted to know how to make a train derail, or stop a production line? Well, this workshop is made for you! The goal of this workshop is to give you the knowledge required to start attacking SCADA networks and PLCs, and give you hands-on experience on real devices by hacking our model train! In this workshop, we will cover the main components and the commonly associated security flaws of industrial control systems, aka SCADA systems. We will then focus on their key assets, Programmable Logic Controllers (PLCs), and discover how they work, how they communicate, how they can be programmed to learn the methods and tools you can use to p*wn them. Then we will move on to real-world by attacking real PLCs from two major manufacturers on a dedicated setup featuring robot arms and a model train! Let's capture the flag!

Prerequisites: A knowledge of penetration testing is a plus, but we try to make it work for newbies as well.

Materials: A computer with 4gb of RAM, 30GB disk space and Virtualbox. We will provide 2 Virtual Machines for attendees.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/pentesting-ics-101-icon-b-tickets-47086318446
(Opens July 8, 2018 at 15:00 PDT)

Alexandrine Torrents
Alexandrine Torrents is a cybersecurity consultant at Wavestone, a French consulting company. She is specialized in penetration testing, and performed several security assessment on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and she developed a particular tool to request Siemens PLCs. Moreover, she is also working at securing ICS, in the scope of the French military law, enforcing companies offering a vital service to the nation to comply to security rules.

Arnaud SOULLIÉ
Arnaud Soullié is a manager at Wavestone, performing security audits and leading R&D projects. He has a specific interest in Active Directory security as well as ICS, two subjects that tend to collide nowadays. He teaches ICS security and pentests workshops at security conferences (BlackHat Europe 2014, BSides Las Vegas 2015/2016, Brucon 2015/2017, DEFCON 24) as well as full trainings (Hack In Paris 2015).


Return to Index      -     

 

CHV - Flamingo Lower Level - Red Rock Rm 1-5 - Saturday - 12:45-13:05


Performance Tuning Tools and their Capabilities

Russell Mosley

Saturday 8/11 • 12:45-1:05 PM
25 mintalk

An overview of commercial performance tuning tools for vehicles and their uses: engine and transmission performance tuning tools have been around before infosec 'car hacking' was a thing and you should be aware of their capabilities. The presenter will discuss HPtuners, EFI Live, MSD Gold Box, Megasquirt, various handhelds and others, and how they are commonly used.


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 15:00-15:45


Playback: a TLS 1.3 story

Friday at 15:00 in Track 2
45 minutes | Demo

Alfonso García Alguacil Senior Penetration Tester, Cisco

Alejo Murillo Moya Red Team Lead EMEAR, Cisco

TLS 1.3 is the new secure communication protocol that should be already with us. One of its new features is 0-RTT (Zero Round Trip Time Resumption) that could potentially allow replay attacks. This is a known issue acknowledged by the TLS 1.3 specification, as the protocol does not provide replay protections for 0-RTT data, but proposed countermeasures that would need to be implemented on other layers, not at the protocol level. Therefore, the applications deployed with TLS 1.3 support could end up exposed to replay attacks depending on the implementation of those protections.

This talk will describe the technical details regarding the TLS 1.3 0-RTT feature and its associated risks. It will include Proof of Concepts (PoC) showing real-world replay attacks against TLS 1.3 libraries and browsers. Finally, potential solutions or mitigation controls would be discussed that will help to prevent those attacks when deploying software using a library with TLS 1.3 support.

Alfonso García Alguacil
Alfonso Garcia Alguacil is a penetration tester and security consultant with 7 years of experience. Words like exploit, code or binary would quickly catch his attention. He currently works at Cisco as a senior security consultant.

Alejo Murillo Moya
Alejo Murillo Moya has been always passionate about security with 10+ years of experience as a penetration tester and security consultant, achieving during that journey important technical certifications like CREST and GIAC GSE. He is currently working at Cisco as a red teaming lead and managing security consultant.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 14:00-14:30


Playing Malware Injection with Exploit thoughts

Saturday at 14:00 in Track 3
20 minutes | Demo, Tool, Exploit

Sheng-Hao Ma CSIE, NTUST

In the past, when hackers did malicious program code injection, they used to adopt RunPE, AtomBombing, cross-process creation threads, and other approaches. They could forge their own execution program as any critical system service. However with increasing process of anti-virus techniques, these sensitive approaches have been gradually proactively killed. Therefore, hackers began to aim at another place, namely memory-level weakness, due to the breakages of critical system service itself.

This agenda will simply introduce a new memory injection technique that emerged after 2013, PowerLoadEx. Based on this concept, three new injection methods will be disclosed as well. These makes good use of the memory vulnerability in Windows to inject malicious behavior into system critical services. The content will cover Windows reverse analysis, memory weakness analysis, how to use and utilize, and so on. The relevant PoC will be released at the end of the agenda.

Sheng-Hao Ma
Sheng-Hao Ma (aaaddress1) is a core member of CHROOT Security Group and TDOHacker security community in Taiwan, he has over ten years of experience in reverse engineering and machine language, and mastered the intel 8086. He expert in Windows vulnerability, reverse engineering.

Moreover, Sheng-Hao Ma has many papers presented in security conferences such as BlackHat Asia Arsenal, BSidesLV, ICNC, MC2015 and CISC, he was also a speaker at HITCON (Hackers In Taiwan Conference), SITCON (Students In Taiwan Conference), iThome#Chatbot.

@aaaddress1


Return to Index      -     

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Thursday - 14:30-18:30


Playing with RFID

Thursday, 1430-1830 in Icon E

Vinnie Vanhoecke Penetration Tester, Ernst & Young Belgium

Lorenzo Bernardi Cyber Security Consultant, Ernst & Young Belgium

This is a workshop about Radio-frequency Identification (RFID), including a basic introduction and a set of practical hands-on challenges. We will start with explaining the theory behind RFID, including the different types and protocols (e.g. HID, Mifare, �) and how to perform an RFID assessment. Afterwards, the participants can take on several challenges (of increasing difficulty) with RFID readers that we will provide. Our objective is to make this workshop fun and accessible to a wide audience.

Prerequisites: Basic Linux knowledge

Materials: Laptop (preferably Linux based OS)

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/playing-with-rfid-icon-e-tickets-47086519046
(Opens July 8, 2018 at 15:00 PDT)

Vinnie Vanhoecke
Vinnie is a penetration tester of web application & mobile application working for EY. During college he wrote a thesis about RFID and now he using his experience to provide a RFID workshop and make people aware of the vulnerabilities within RFID. In his spare time he strengthen his IT security skills by playing CTF's, reading blogs, going to conferences and develop a variety of side projects.

Lorenzo Bernardi
Lorenzo is a cyber security consultant at EY. He mainly focusses on penetration testing and red team exercises. Because of the different physical intrusion he had to perform in the scope of the red teaming activities, he extended his wireless knowledge to the RFID field, where he gained experience over the years. In his spare time Lorenzo likes to learn new topics related to cyber security. He has basic knowledge of wireless signal hacking, in addition of RFID.


Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 10:30-10:50


Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems

Friday at 10:30 in Track 3
20 minutes | Demo, Tool

m010ch_ Hacker

Knox Boxes, along with other rapid entry systems are increasing in popularity, as they allow first responders such as police, fire, and paramedics to quickly gain access to a building in the event of an emergency without having to force entry. These devices rely on the security and key control provided by various locks to prevent unauthorized access to buildings. In this talk, I will focus on vulnerabilities of the widely used Knox Box and Medeco cam lock to key duplication attacks. I will demonstrate how a sufficiently skilled attacker could obtain a key that would grant them access to thousands of residential and commercial buildings throughout America, as well as show off new tools designed to streamline the process of duplicating physical keys using CAD and 3D printing. What could possibly go wrong when someone tries to backdoor an entire city?

m010ch_
m010ch_ is a physical security enthusiast and computer science student who spends most of his free time doing terrible things to locks. He enjoys participating in locksport competitions, and can often be found hunched over his desk, poking at small pieces of metal until he gets frustrated.


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 11:00-11:45


Politics and the Surveillance State. The story of a young politician's successful efforts to fight surveillance and pass the nation's strongest privacy bills.

Sunday at 11:00 in Track 2
45 minutes | Audience Participation

Daniel Zolnikov Montana State Representative

Orwell's concept of 1984 has more to do with government misuse of technology than technology itself. New technology allows for more opportunity, but unchecked, it allows for complete government control.

Representative Daniel Zolnikov is the nation's leading politician regarding privacy and surveillance and has enacted numerous laws safeguarding fourth amendment rights regarding digital communications and technology. Daniel will walk you down the road of how political misuse of technology can and will turn the Federal Government into an unprecedented nanny state that will lead to a suppressed free flow of information and fear of stepping out of line. His story includes insights on how unique left and right coalitions were formed to pass these laws in his home state of Montana, and how he prevailed against law enforcement groups who opposed implementing warrant requirements.

This discussion is aimed at sharing insights no matter your political affiliation. All of Daniel's legislation has passed with overwhelming bi-partisan support through both bodies in Montana's legislature and was signed by the governor of the opposite party. Although most speeches involving politicians tend to lead towards rhetoric, Daniel's goal is to share enough information to be able to understand why change has not taken place yet, and leave you understanding how to remedy that.

His story will give you insights into the politics that states and the nation face when reforming these issues, and his down to earth approach will bring the topic down to a level of humor and easy understanding. There is no need for any technical or political insight to be able to appreciate this topic and the work Daniel has done on behalf of the more technologically savvy enthusiasts.

The theme of DEF CON 26 would be inconsistent without taking into consideration policy and how it ties in closely with technology. Technology relies on policy, and policy has the implications of dictating the use of technology. The two can go hand in hand, or end up squaring up against each other. You are an important, and lesser heard voice in the world of aged politicians with limited vision. The Orwellian state existed due to a mixture of bad policies and technology. Although the theme focuses on technology used to disrupt the surveillance state, the other half of the battle is ensuring this state does not reach the disastrous conclusions of 1984.

Daniel believes we can move forward with technology without living in fear of our government. If you want to have some hope and direction towards the future of policy regarding surveillance and technology, Daniel will leave you with the optimism that there is still a chance that our nation can have a balanced approach that ensures 1984 does not become the norm in the future and will help you understand how to take part in this action.

Daniel Zolnikov
Daniel Zolnikov is a third term liberty-minded State Representative serving in the Montana Legislature. He is a been a strong advocate for civil rights concerning our freedoms and liberties, and limited government, and is working to make Montana the Last Best Place for future generations. As a 31-year-old representative who first served in his mid-20's, Daniel has specialized in 21st Century policy areas addressing the opportunities and risks associated with new technologies. Zolnikov has also lead on energy policy as the Chairman of the House Energy, Technology and Federal Relations Committee.

Daniel is the nation's leading legislator regarding laws protecting digital information and devices. In 2017, he passed leading legislation requiring a warrant for digital communication devices, warrant requirements for digital communications, limits on license plate readers that prevent the DEA from using Montana's information in their national vehicle tracking program and reformed and created strict limits on vehicle spot checks.

He has also successfully passed laws requiring government to get a warrant to access cellphone location information, passing the strongest Freedom of the Press legislation in the nation, protecting reporters' electronic communications from government intrusion, and give immunity from MIP laws to minors who seek emergency medical attention. He also helped lead the effort to revise Montana's outdated transportation laws to allow ride-sharing services like Uber to operate in Montana, which is expected to reduce the drunk driving epidemic in many communities.

Forbes ranked Daniel among the top"30 Under 30" policymakers in the nation, and Red Alert Politics recognized him as one of the country's Top 30 Conservatives under the age of 30. He has also received the Montana Library Association's"Intellectual Freedom Award", along with Responsibility.org's"Advancing Alcohol Responsibility" leadership award.

Daniel is a strong advocate of transparency in government, and has posted his votes on his public Facebook page. He regularly interacts with constituents on his Twitter profile, @DanielZolnikov.

Daniel received his undergraduate degree from the University of Montana where he earned three business majors in Information Systems, Marketing, and Management, along with a minor in Political Science. Outside of the Legislature, Daniel has worked as a small business consultant and is currently obtaining his MBA. Daniel enjoys fishing, swimming, and the freedom that only Big Sky Country can offer.

@DanielZolnikov, www.facebook.com/danielzolnikov, www.linkedin.com/ind/zolnikov, www.danielzolnikov.com


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 16:00-16:45


Practical & Improved Wifi MitM with Mana

Friday at 16:00 in Track 2
45 minutes | Demo, Audience Participation, Tool

singe CTO @ SensePost

In 2014, we released the mana rogue AP toolkit at DEF CON 22. This fixed KARMA attacks which no longer worked against modern devices, added new capabilities such as KARMA against some EAP networks and provided an easy to use toolkit for conducting MitM attacks once associated.

Since then, several changes in wifi client devices, including MAC randomisation, significant use of the 5GHz spectrum and an increased variety of configurations has made these attacks harder to conduct. Just firing up a vanilla script gets fewer credentials than it used to.

To address this mana will be re-released in this talk with several significant improvements to make it easier to conduct rogue AP MitM attacks against modern devices and networks.

After years of using mana in many security assessments, we've realised rogue AP'ing and MitM'ing is no simple affair. This extended talk will provide an overview of mana, the new capabilities and features, and walk attendees through three scenarios and their nuances:

As a bonus, you'll be able to download a training environment to practise all of this without requiring any wifi hardware (or breaking any laws).

singe
singe has been hacking for 14 years, the last 8 of them at SensePost. He is the primary author of mana-toolkit and has developed wifi hacking training for places like BlackHat.

@singe


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 13:00-13:30


Title:
Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun?

William Knowles and James Coote
@william_knows
Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun?

"There are two commonly held perceptions when it comes to CNI security: that they are under constant threat, and that any form of practical security testing is a bad idea. So how can we provide demonstrable assurance that these environments are secure?

This talk intends to challenge the perception that practical security testing should be avoided, and will discuss MWR's successes, failures, and lessons learned when conducting goal-oriented CNI attack simulations.

The key topics of discussion will focus on:

- Ignoring theory, what are the technologies being used in real-world CNI environments? Where does IT end and Operational Technology (OT) begin when it comes to assets that a targeted attacker would realistically look to compromise? In particular for affecting the availability and integrity of data sources, or gaining the capability to control physical processes (hint: it is more IT than you would think).

- How can we apply red team methodologies in environments with high stability requirements, while minimising operational risk and testing time?

- Want to know how to turn off the water, stop the gas, or simply control the control room? Commonly found ways of elevating privileges will be discussed, along with paths for moving towards key asset compromise. "


Return to Index      -     

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 14:40-15:10


Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - William Suthers

When attacking modern internal networks, intelligence is everything. Understanding the environment you are operating in can be the difference between successfully penetrating your target environment or missing targets of opportunity due to lack of understand about the target environment.

While true, obtaining information about the environment in a stealthy manner, when required, can be difficult within a mature environment. Even during overt engagements, obtaining the information you need within a limited time window can be difficult, especially during engagement delays.

Further complicating things, often testing scope is based off of poor assumptions about the target environment, often leading unrealistic scope reductions a real-world attacker would not operate out of.

Over the years internal testing engagements have been operating on various assumptions within switched networks, often driving engagement execution methods, but what if these assumptions were wrong? What if we could utilize the wasted time, even weeks in advance, between deployment and engagement execution, to take the time to understand the network? What if we could leverage the realities of modern networks and the things customers do to ‚Äòprepare’ for an engagement (backups, security scans, etc.) through 100% passive methods, challenging your assumptions about the network?

Prebellico is pre-engagement and post compromise intelligence gathering mechanism designed to gather as much information about the target environment through 100% passive methods. Utilizing very few resources, Prebellico permits an attacker the ability to understand the target environment by providing information such as the intent of internal systems, internal network address space, hostnames, egress filtering, TCP trust relationships, as well as map open TCP/UDP ports through reverse port scanning using 100% passive techniques.”


Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Sunday - 11:30-11:59


Title: Privacy and Blockchain: A Boundary Object Perspective

Speakers: Robin "midipoet" Renwick

Description:
No description available



Return to Index      -     

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 15:00-15:45


Privacy infrastructure, challenges and opportunities

Friday at 15:00 in Track 3
45 minutes |

yawnbox Executive Director, Emerald Onion

We started our own transit Internet Service Provider (ISP) to safely route anonymized packets across the globe, and you can too. Emerald Onion is a Seattle-based 501(c)3 not-for-profit and we want to help other hacker collectives start their own. Getting your own Autonomous System Number (ASN), managing Internet Protocol (IP) scopes, using Border Gateway Protocol (BGP) in Internet Exchange Points (IXPs), dealing with abuse complaints or government requests for user data -- this is all stuff that you can do. Not every technologist is comfortable with launching and managing a nonprofit organization let alone has all of the technical knowhow to run an ISP. We didn't either when we started. We had a goal, and that was to route unfiltered Tor exit traffic in the Seattle Internet Exchange despite National Security Agency (NSA) wiretaps in the Westin Exchange Building. This talk will cover high level challenges and opportunities surrounding privacy infrastructure in the United States.

yawnbox
yawnbox is the co-founder and executive director for Emerald Onion and has a background in network administration, datacenter operations, and security engineering. He has been running Tor guard and middle relays since 2010 and exit relays since 2012. Being a victim of domestic violence at a young age, yawnbox has been acutely aware of physical location metadata since the age of 8 and has been researching, publishing, and training at-risk communities about threat modeling and operational security since becoming a part of the Tor community. In 2013, yawnbox got involved with political activism through the Seattle Privacy Coalition, and in 2015 performed an internship with the ACLU of Washington where he helped roll out the first instance of SecureDrop in a non-journalist organization. In 2016, yawnbox was brought on as Tor Project's first full time Grant Writer but left shortly after.


Return to Index      -     

 

DEFCON - Octavius 13 - Saturday - 20:00-19:59


Privacy Is Equality—And It's Far from Dead

Saturday at 20:00 in Octavius 13
Fireside Hax

Sarah St. Vincent Researcher/Advocate on National Security, Surveillance, and Domestic Law Enforcement, Human Rights Watch

A talk at DEF CON 25 claimed that privacy is "gone and never coming back." This talk offers a different view, inviting the audience to see privacy as fundamentally about equality-something we have never fully had but also should never regard as gone.

The speaker is a human rights lawyer and investigator, and will draw on decades of human rights thinking about state surveillance as well as her 2017 revelations about Defense Department monitoring of "homegrown violent extremists." Adopting a feminist and race-conscious perspective and inviting audience participation, the talk will challenge received wisdom about basic concepts such as privacy, national security, the warrant requirement, and online radicalization. With a view to the future, it will also offer a thought-provoking history of the connections between privacy and equality in the United States-and the ways unchecked surveillance operates to categorize us and reinforce divisions between us.

It is easy to forget that _1984_ was partly a story about poverty and economic inequality. This talk embraces Orwell's insight into the connection between the erosion of privacy and a dangerous loss of equality, and carries it forward.

Sarah St. Vincent
Sarah St. Vincent is a researcher and advocate on national security, surveillance, and domestic law enforcement for the US Program at Human Rights Watch. She has investigated and documented the deliberate concealment of surveillance-based and other evidence from US criminal defendants, the Defense Department's monitoring of "homegrown violent extremists," and the potential use of US intelligence surveillance for anti-drug purposes. Before joining Human Rights Watch, she was a legal fellow on international human rights and surveillance at the Center for Democracy & Technology. She writes regularly about surveillance, privacy, and related issues under US and European Union law and is a member of the New York bar.

@SarahStV_HRW


Return to Index      -     

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 11:00-11:30


Title: Prize winners, awards, and announcements

Speakers: midipoet and MSvB

Description:
No description available



Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 15:00-15:45


Project Interceptor: avoiding counter-drone systems with nanodrones

Saturday at 15:00 in 101 Track, Flamingo
45 minutes | Demo, Tool, Audience Participation

David Melendez Cano R&D Embedded Systems Engineer. Albalá Ingenieros S.A.

Antidrone system industries have arised. Due to several, and even classic, vulnerabilities in communication systems now used by drones , anti-drone systems are able to take down those drone by means of well documented attacks.

Drone/antidrone competition has already been set into the scene. This talk provides a new vision about drone protection against anti-drone systems, presenting "The Interceptor Project", a hand-sized nano drone based on single-core tiniest Linux Board: Vocore2.

This Linux board manages a WiFi (side/hidden) bidirectional channel communication that cannot be deauthenticated and it is replay-resistant, keeping all 802.11 hacking capabilities and standard utilities as any other WiFi hacker drone, with only the built-in adapter of the tiny Vocore2. Also, a "just in case", fallback control by SDR is implemented taking advantage of all the goods that SDR radio gives. All embedded into a hand-sized aircraft to make detection and mitigation a real and new pain, with a very low budget: About $70.

David Melendez Cano
David Melendez Cano, Spain, works as R&D software engineer for TV Studio manufacturer company, Albalá Ingenieros S.A. in Madrid. He has won several prices in robotic contests and he has been a speaker at Nuit Du Hack, RootedCON, NoConName, Codemotion, HKOSCON, etc. Author of the book "Hacking con Drones" and robot builder.

@taiksontexas


Return to Index      -     

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 14:00-14:59


Protecting Crypto Exchanges from a New Wave of Man-in-the-Browser Attacks

Pedro Fortuna, CTO and Co-Founder of Jscrambler

In the last year or so, we have seen a massive increase in the value of cryptocurrencies and the emergence of hundreds of new coins and ICOs, getting millions of people into an investment frenzy. A lot of them being non-technical regular consumers that rushed to create new accounts in the most popular crypto exchanges like Coinbase or Bitstamp. Crypto exchanges are naturally appealing for attackers and have been targeted since as long as we can remember. However, since last year, they are also being targeted by Man-in-the-Browser (MITB) attacks. Malware families such as Zeus Panda, Ramnit and Trickbot are already aiming at websites such as Coinbase.com or Blockchain.info. In this talk, we will detail how these attacks work, from account takeover to moving out the coins to attacker-controlled wallets. We'll discuss current defenses e.g. multi-factor authentication or strong SSL encryption and why they are failing to mitigate this type of attacks.

Pedro Fortuna (Twitter: @pedrofortuna) is CTO and Co-Founder of Jscrambler where he leads the technical vision for the product suite and contributes with his cybersecurity knowledge for R&D. Pedro holds a degree in Computing Engineering and a MSc in Computer Networks and Services, having more than a decade of experience researching and working in the application security area. He is a regular speaker at OWASP AppSec events and other cybersecurity conferences but also contributes to web development events. His research interests lie in the fields of Application Security, Reverse Engineering and Malware and Software Engineering. Author of several patents in application security.


Return to Index      -     

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Sunday - 13:45-13:45


Title: PWN to OWN my own Heart. Journey into hacking my own pacemake

Speaker: Veronica Schmit
About Veronica:
Veronica or Vee is a Partner at DFIRLABS. She is a forensicator, avid researcher and quite literally the superglue that holds DFIRLABS together. She was previously in charge of the Free State Cyber Forensic Laboratory of the Special Investigating Unit. After deciding that this title on its own wasn’t already too much of a mouthful, she departed the SIU in order to add Malware (Reverse) Engineer, Photographer, Seamstress, Super Mom and Sleep-deprived MSc Chaser to her list. She PWN’s to own her own medical device which aids her broken heart beats, into a different rhythm, sometimes this beat is much like that of drums beating. She is passionate about medical device security and does not believe in security through obscurity. In between attending Metallica concerts and being converted into a cyborg (no really, ask her about her metal bits sometime), she completed a Diploma in Criminal Justice and Forensic Investigation from the University of Johannesburg. Deciding to brave foreign climes and curiosities, she went on to receive training in Europe on digital forensics and cyber crime investigation from the United States Department of Homeland Security. She is an Associate Member of a number of professional bodies, including the Institute of Information Technology of Professionals of South Africa, the Association of Certified Fraud Examiners, and the International Association of Computer Investigative Specialists. Veronica has contributed to several publications, including the ISC2 CCFP : Certified Computer Forensic Practitioner. She is currently juggling a Master’s thesis on ransomware, several digital forensics cases, getting a quality forensics training company off the ground, and reverse engineering ransomware whilst also keeping her two year old from walking into things. You can contact her by lighting up the night sky with the P10z0n_P1x13 beacon mounted on the top of the Twitter police department, or alternatively by email.
Abstract:
The increase of pace in the technology field has left the race for manufacturers to increase the security in medical devices. There is the theoretically possibility that your heart can be pwned. Pacemakers have become part of the internet of things. We are putting our hearts on display. This is my journey from regular hacker to gen-one cyborg to pwning my own heart that I can own the vulnerabilities to fix it. We forget that these are devices connected to flesh and blood, a person who depends on this device to have just one more heart beat. This is a journey into the inner sanctum of living with a vulnerable device in a time where technology progression has left behind security. We can no longer have security by obscurity when it comes to devices which cyborg’s like me depend on.We should not be in the business of sacrificing security for convenience or power. As a patient, I would rather sleep knowing my device has been hardened and have the inconvenience of replacing it more regularly than the converse. I feel that we, as the security community, should be addressing and assisting medical manufacturers with the security vulnerabilities in the devices that literally keep people alive. There should be more effort placed on addressing the security vulnerabilities. The simple fact is we are not dealing with just ones and zeroes. This is, for some, a life or death situation.

Return to Index      -     

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 11:00-11:45


Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program

Thursday at 11:00 in 101 Track, Flamingo
45 minutes |

Guang Gong Alpha Team at Qihoo 360

Wenlin Yang Alpha Team at Qihoo 360

Jianjun Dai Security researcher of Qihoo360 Alpha Team

In recent years, Google has made many great efforts in exploit mitigation and attack surface reduction to strengthen the security of android system. It is becoming more and more difficult to remotely compromise Android phones especially Google’s Pixel phone.

The Pixel phone is protected by many layers of security. It was the only device that was not pwned in the 2017 Mobile Pwn2Own competition. But our team discovered a remote exploit chain—the first of its kind since the Android Security Rewards (ASR) program expansion, which could compromise The Pixel phone remotely. The exploit chain was reported to Android security team directly. They took it seriously and patched it quickly. Because of the severity and our detailed report, we were awarded the highest reward ($112,500) in the history of the ASR program.

In this talk we will detail how we used the exploit chain to inject arbitrary code into system_server process and get system user permissions. The exploit chain includes two bugs, CVE-2017-5116 and CVE-2017-14904. CVE-2017-5116 is a V8 engine bug related with Webassembly and SharedArrayBuffer. It is used to get remote code execution in sandboxed Chrome render process. CVE-2017-14904 is a bug in Android's libgralloc module that is used to escape from the sandbox. The way we used for sandbox escaping is very interesting, rarely talked about before. All details of vulnerabilities and mitigation bypassing techniques will be given in this talk.

Guang Gong
Guang Gong (@oldfresher) is a senior security researcher of Qihoo360 and the team leader of 360 Alpha Team. His research interests included Windows rootkits, virtualization and cloud computing. He currently focuses on mobile security, especially on hunting and exploiting Android's vulnerabilities. He has spoken at several security conferences such as Black Hat, CanSecWest, PHDays, SyScan360, MOSEC, PacSec and so on. He is the winner of Mobile Pwn2Own 2015(the target: Nexus 6), Pwn0Rama 2016 (the category of mobile devices), Pwn2Own 2016 (the target: Chrome), PwnFest 2016(the target: Pixel XL), Mobile Pwn2Own 2017(the target: Galaxy S8).

@oldfresher

Wenlin Yang
Wenlin Yang is a junior researcher of Qihoo 360 and the team member of 360 Alpha Team. He currently focuses on Android's vulnerabilities. He has submitted multiple bugs to Google and several other vendors in China and received some acknowledgments.

Jianjun Dai
Jianjun Dai (@Jioun_dai) is a security researcher of Qihoo360 Alpha Team, he focus on Android system security research, vulnerability hunting and exploiting development. Previously, he is a security developer, major work include network protocol analysis, vulnerability detection, botnet and backdoor detection, sandbox technology research and development, etc. He have been in Android vulnerability research for more than two years, he found lots of vulnerabilities in AOSP, and won the Bug Bounty. He is a speaker at the CanSecWest conference.


Return to Index      -     

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 18:00-18:59


Title:
Real Simple Blue Team Shit

@wornbt
Real Simple Blue Team Shit

"N00b friendly! While the vuln of the week club keeps finding new and fascinating technical exploits all the time, malicious actors keep using old and surprisingly uncomplicated methods; old and simple stuff still works. This talk, well explore real shit aimed at a financial institution and whats been effective at mitigating these old and simple attacks. If youre starting out in blue team defense, youll come away real simple shit you can do to raise the cost to attackers doing the same old credential stuffing, phishing, and script-kiddie RCE attempts.

While new technical vulnerabilities are found continuously, malicious actors often rely on tried and true methods to exploit. These exploits are surprisingly uncomplicated. In this talk, well share attempts weve seen from malicious actors. Well break down actual attacks and share whats been most effective in mitigating credential stuffing, phishing, and common RCE attempts. At the end of this talk, youll walk away with simple takeaways to raise the cost to attackers for these simple attacks."


Return to Index      -     

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 13:00-13:30


Reaping and breaking keys at scale: when crypto meets big data

Saturday at 13:00 in Track 2
20 minutes | Demo, Audience Participation, Tool

Yolan Romailler Security Researcher at Kudelski Security

Nils Amiet Security Engineer at Kudelski Security

Public keys are everywhere, after all, they are public. These keys are waiting to be reaped by those who know their real value. Hidden behind this public face lurks some potentially dangerous issues which could lead to a compromise of data and privacy.

Leveraging hundreds of minion devices, we built a public key reaping machine (which we are open sourcing) and operated it on a global scale. Collected keys are tested for vulnerabilities such as the recent ROCA vulnerability or factorization using batch-GCD. We've collected over 300 million keys so far and built a database 4 to 10 times bigger than previous public works.

Performing the initial computation on over 300 million keys took about 10 days on a 280 vCPU cluster. Many optimizations allow our tool to incrementally test new RSA keys for common prime factors against the whole dataset in just a few minutes.

As a result of our research, we could