One Schedule to Rule them All!


Welcome to the "One Schedule to Rule them All!". Thank you for your interest by using this. This is an attempt to make things easier for you, the DEF CON attendee, to figure out the when/what/where during the chaos of DEF CON 27.

It started out simple. I had a Kindle and wanted an ebook of the schedule so I didn't have to wear out the paper pamphlet by pulling it out after every talk to figure out where to go next. Back then there was only the main DEF CON tracks, not really any Villages, and production of the ebooks were easy. Over time the Village system developed with a resulting multiplication in complexity, both for attendees and for my production. The offerings have expanded from epub and mobi formats and now include html, csv, ical, public Google calendar, and mysql dump format files. Hopefully you'll find something of use.

The intent is still to be a resource to answer the question at the end of an hour of "What's next?"

As a general rule I do not include:

Be sure to check out the Links section at the bottom of this. Most all of the events listed here were derived from these links. There is much more going on at DEF CON than what is listed here. In particular check out the Villages, Parties & Meetups, Contest & Events, and defconparties pages.

Check out the Guides/Tips/FAQs links if you're new to Las Vegas.
Notable suggestions are:

And finally, this is only as good as the ideas and information used to generate it. I welcome your constructive suggestions and comments. Please send them to qumqats@outel.org

Have a good time at DEF CON 27!


Index of DEF CON 27 Activities


Venue Maps
Locations Legends and Info
Schedule   - Thursday  - Friday  - Saturday  - Sunday
Speaker List
Talk Title List
Talk Descriptions
DEF CON News
DEF CON 27 FAQ
DEF CON FAQ
Links to DEF CON 27 related pages

Venue Maps



Full Size PDF

Full Size PDF

Full Size PDF

Flamingo Workshops

View Full Flamingo Page to see where this is.


Flamingo Villages

View Full Flamingo Page to see where this is.


Bally's Event Center

View Full Bally's & Paris Page to see where this is.


Paris Convention Space

View Full Bally's & Paris Page to see where this is.


Bally's Indigo and Jubilee Towers

View Full Bally's & Paris Page to see where this is.


Planet Hollywood Convention Area

View Full Planet Hollywood Page to see where this is.


Planet Hollywood Mezzanine

View Full Planet Hollywood Page to see where this is.



Locations Legends and Info

AIV = Artifical Intellegence Village
     Bally's Indigo Tower 26th Floor - Skyview Room 3 - end of hall

ASV = AppSec Village
     Flamingo 3rd Floor - Mesquite Room

AVV = Aviation Village
     Bally's Event Center

BCV = Blockchain Village
     Flamingo 3rd Floor - Laughlin III Room

BHV = Bio Hacking Village
     Planet Hollywood - Melrose 1-3 Rooms

BTVT  = Blue Team Village Talks
BTVW = Blue Team Village Workshops
     Flamingo 3rd Floor - Savoy Ballroom

CHV = Car Hacking Village
     Bally's Event Center

CLV = Cloud Village
     Flamingo 3rd Floor - Reno I Room

Contest Areas
     Planet Hollywood - Mezzanine, and Celebrity 4,6,7,8 Ballrooms

CPV = Crypto Privacy Village
     Planet Hollywood - Celebrity 1,2 Ballrooms

DC = DEF CON Talks
     Track 101 - Paris Theatre
     Track    1 - Paris Concorde Ballroom
     Track    2 - Paris Rivoli Ballroom
     Track    3 - Paris Vendome Ballroom
     Track    4 - Paris Theatre

DDV = Data Duplication Village
     Bally's Event Center

DL = DEF CON DemoLabs
     Planet Hollywood - Sunset 1-6 Rooms

Drone Warz Village
     Bally's Event Center

ETV = Ethics Village
     Flamingo 3rd Floor - Reno II Room

HHV = Hardware Hacking Village
     Bally's Event Center

HRV = Ham Radio Village
     Flamingo 3rd Floor - Virginia City Room

HTS = Hack The Sea
     Bally's Event Center

ICS = Industrial Control Systems Village
     Bally's Event Center

IOT = Internet Of Things Village
     Flamingo 3rd Floor - Eldorado Ballroom

Lock Bypass Village
     Flamingo 3rd Floor - Carson City I Room

Lockpicking Village
     Bally's - Platinum II Ballroom

MOV = Monero Village
     Bally's Indigo Tower 26th Floor - Skyview 4 - end of hall

PHVT = Packet Hacking Village Talks
PHVW = Packet Hacking Village Workshops
Wall of Sheep
     Bally's Indigo Tower 26th Floor - Skyview Rooms 1,2,5,6

RCV = Recon Village
     Planet Hollywood - Celebrity 5 Ballroom

RGV = Rogue's Village
     Flamingo 3rd Floor - Carson City II Room

RTV = Red Team Village
     Flamingo 3rd Floor - Laughlin I,II Rooms

Rootz Asylum
     Planet Hollywood - The Studio

SEV = Social Engineering Village
     Bally's Jubilee Tower - 3rd Floor

SKY = 303 SkyTalks
     Bally's Jubilee Tower - 2nd Floor

Soldering Skills Village
     Bally's Event Center

Tamper Evident Village
     Bally's - Plantinum I Ballroom

Vendors Area
     Bally's - Gold and Silver Ballrooms

VMV = Voting Machine Village
     Planet Hollywood - Wilshire Ballroom - Village
     Planet Hollywood - Melrose 4 Room - Speakers

VX Chip Off Village
     Bally's Event Center

WLV = Wireless Village
     Bally's Palace Meeting Rooms 1-7

WS = DEF CON Workshops - All Workshops are at the Flamingo Hotel
     Flamingo Lower Level - Valley of Fire, Lake Mead, and Red Rock Rooms

Talk/Event Schedule


Thursday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Thursday - 06:00


Return to Index  -  Locations Legend
Meetups - Paris - Outside at base of Eiffel Tower - DEFCON 27 4X5K run -

 

Thursday - 10:00


Return to Index  -  Locations Legend
DC - DC101, Paris Theatre - Exploiting Windows Exploit Mitigation for ROP Exploits - Omer Yair
WS - Flamingo - Lower Level - Red Rock I - From EK to DEK: Analyzing Document Exploit Kits - Josh Reynolds
WS - Flamingo - Lower Level - Red Rock II - Hacking Medical Devices - Jay Radcliffe, Fotios Chantzis
WS - Flamingo - Lower Level - Red Rock III - Hacking Wi-Fi for Beginners - Alex Hammer, Penelope 'Pip' Pinkerton
WS - Flamingo - Lower Level - Red Rock IV - Learning to Hack Bluetooth Low Energy with BLE CTF - Ryan Holeman
WS - Flamingo - Lower Level - Red Rock V - Pwning Serverless Applications - Abhay Bhargav, Nithin Jois, Tilak Thimmappa
WS - Flamingo - Lower Level - Red Rock VII - Constructing Kerberos Attacks with Delegation Primitives - Elad Shamir, Matt Bush
WS - Flamingo - Lower Level - Red Rock VIII - Introduction to Cryptographic Attacks - Matt Cheung

 

Thursday - 11:00


Return to Index  -  Locations Legend
DC - DC101, Paris Theatre - Breaking Google Home: Exploit It with SQLite(Magellan) - Wenxiang Qian, YuXiang Li, HuiYu Wu
WS - Flamingo - Lower Level - Red Rock I - cont...(10:00-13:59) - From EK to DEK: Analyzing Document Exploit Kits - Josh Reynolds
WS - Flamingo - Lower Level - Red Rock II - cont...(10:00-13:59) - Hacking Medical Devices - Jay Radcliffe, Fotios Chantzis
WS - Flamingo - Lower Level - Red Rock III - cont...(10:00-13:59) - Hacking Wi-Fi for Beginners - Alex Hammer, Penelope 'Pip' Pinkerton
WS - Flamingo - Lower Level - Red Rock IV - cont...(10:00-13:59) - Learning to Hack Bluetooth Low Energy with BLE CTF - Ryan Holeman
WS - Flamingo - Lower Level - Red Rock V - cont...(10:00-13:59) - Pwning Serverless Applications - Abhay Bhargav, Nithin Jois, Tilak Thimmappa
WS - Flamingo - Lower Level - Red Rock VII - cont...(10:00-13:59) - Constructing Kerberos Attacks with Delegation Primitives - Elad Shamir, Matt Bush
WS - Flamingo - Lower Level - Red Rock VIII - cont...(10:00-13:59) - Introduction to Cryptographic Attacks - Matt Cheung

 

Thursday - 12:00


Return to Index  -  Locations Legend
DC - DC101, Paris Theatre - Are Quantum Computers Really A Threat To Cryptography? A Practical Overview Of Current State-Of-The-Art Techniques With Some Interesting Surprises - Andreas Baumhof
Meetups - Planet Hollywood - Santa Monica 4 Room - Friends of Bill W. -
WS - Flamingo - Lower Level - Red Rock I - cont...(10:00-13:59) - From EK to DEK: Analyzing Document Exploit Kits - Josh Reynolds
WS - Flamingo - Lower Level - Red Rock II - cont...(10:00-13:59) - Hacking Medical Devices - Jay Radcliffe, Fotios Chantzis
WS - Flamingo - Lower Level - Red Rock III - cont...(10:00-13:59) - Hacking Wi-Fi for Beginners - Alex Hammer, Penelope 'Pip' Pinkerton
WS - Flamingo - Lower Level - Red Rock IV - cont...(10:00-13:59) - Learning to Hack Bluetooth Low Energy with BLE CTF - Ryan Holeman
WS - Flamingo - Lower Level - Red Rock V - cont...(10:00-13:59) - Pwning Serverless Applications - Abhay Bhargav, Nithin Jois, Tilak Thimmappa
WS - Flamingo - Lower Level - Red Rock VII - cont...(10:00-13:59) - Constructing Kerberos Attacks with Delegation Primitives - Elad Shamir, Matt Bush
WS - Flamingo - Lower Level - Red Rock VIII - cont...(10:00-13:59) - Introduction to Cryptographic Attacks - Matt Cheung

 

Thursday - 13:00


Return to Index  -  Locations Legend
DC - DC101, Paris Theatre - Intro to Embedded Hacking—How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study. - Philippe Laulheret
WS - Flamingo - Lower Level - Red Rock I - cont...(10:00-13:59) - From EK to DEK: Analyzing Document Exploit Kits - Josh Reynolds
WS - Flamingo - Lower Level - Red Rock II - cont...(10:00-13:59) - Hacking Medical Devices - Jay Radcliffe, Fotios Chantzis
WS - Flamingo - Lower Level - Red Rock III - cont...(10:00-13:59) - Hacking Wi-Fi for Beginners - Alex Hammer, Penelope 'Pip' Pinkerton
WS - Flamingo - Lower Level - Red Rock IV - cont...(10:00-13:59) - Learning to Hack Bluetooth Low Energy with BLE CTF - Ryan Holeman
WS - Flamingo - Lower Level - Red Rock V - cont...(10:00-13:59) - Pwning Serverless Applications - Abhay Bhargav, Nithin Jois, Tilak Thimmappa
WS - Flamingo - Lower Level - Red Rock VII - cont...(10:00-13:59) - Constructing Kerberos Attacks with Delegation Primitives - Elad Shamir, Matt Bush
WS - Flamingo - Lower Level - Red Rock VIII - cont...(10:00-13:59) - Introduction to Cryptographic Attacks - Matt Cheung

 

Thursday - 14:00


Return to Index  -  Locations Legend
DC - DC101, Paris Theatre - Web2Own: Attacking Desktop Apps From Web Security's Perspective - Junyu Zhou, Ce Qin, Jianing Wang
WS - Flamingo - Lower Level - Red Rock I - (14:30-18:30) - An Introduction to Deploying Red Team Infrastructure - Troy Defty, Erik Dul
WS - Flamingo - Lower Level - Red Rock II - (14:30-18:30) - Advanced Wireless Exploitation for Red Team and Blue Team - Besim Altinok, Bahtiyar Bircan
WS - Flamingo - Lower Level - Red Rock III - (14:30-18:30) - Purple Team CTF - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - (14:30-18:30) - Analysis 101 for Hackers and Incident Responders - Kristy Westphal
WS - Flamingo - Lower Level - Red Rock V - (14:30-18:30) - Hacking the Android APK - Ben Hughes, Liana Parakesyan, Mattia Campagnano
WS - Flamingo - Lower Level - Red Rock VII - (14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel "solstice" Ryan
WS - Flamingo - Lower Level - Red Rock VIII - (14:30-18:30) - Hacking Wifi - Philippe Delteil, Victor Faraggi, Ilana Mergudich Thal

 

Thursday - 15:00


Return to Index  -  Locations Legend
DC - DC101, Paris Theatre - DEF CON 101 Panel - Highwiz, Nikita, Will, n00bz, Shaggy, SecBarbie, Tottenkoph
SEV - Bally's Jubilee Tower - 3rd Floor - (15:30-16:20) - Sizing People Up - Robin Dreeke
WS - Flamingo - Lower Level - Red Rock I - cont...(14:30-18:30) - An Introduction to Deploying Red Team Infrastructure - Troy Defty, Erik Dul
WS - Flamingo - Lower Level - Red Rock II - cont...(14:30-18:30) - Advanced Wireless Exploitation for Red Team and Blue Team - Besim Altinok, Bahtiyar Bircan
WS - Flamingo - Lower Level - Red Rock III - cont...(14:30-18:30) - Purple Team CTF - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - cont...(14:30-18:30) - Analysis 101 for Hackers and Incident Responders - Kristy Westphal
WS - Flamingo - Lower Level - Red Rock V - cont...(14:30-18:30) - Hacking the Android APK - Ben Hughes, Liana Parakesyan, Mattia Campagnano
WS - Flamingo - Lower Level - Red Rock VII - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel "solstice" Ryan
WS - Flamingo - Lower Level - Red Rock VIII - cont...(14:30-18:30) - Hacking Wifi - Philippe Delteil, Victor Faraggi, Ilana Mergudich Thal

 

Thursday - 16:00


Return to Index  -  Locations Legend
DC - DC101, Paris Theatre - cont...(15:00-16:45) - DEF CON 101 Panel - Highwiz, Nikita, Will, n00bz, Shaggy, SecBarbie, Tottenkoph
Meetups - Offsite - Sunset Park, Pavilion F - Toxic BBQ -
SEV - Bally's Jubilee Tower - 3rd Floor - cont...(15:30-16:20) - Sizing People Up - Robin Dreeke
SEV - Bally's Jubilee Tower - 3rd Floor - (16:30-16:59) - Leveraging the Insider Threat, oh, and how to be Awesome - Marcus Liotta
WS - Flamingo - Lower Level - Red Rock I - cont...(14:30-18:30) - An Introduction to Deploying Red Team Infrastructure - Troy Defty, Erik Dul
WS - Flamingo - Lower Level - Red Rock II - cont...(14:30-18:30) - Advanced Wireless Exploitation for Red Team and Blue Team - Besim Altinok, Bahtiyar Bircan
WS - Flamingo - Lower Level - Red Rock III - cont...(14:30-18:30) - Purple Team CTF - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - cont...(14:30-18:30) - Analysis 101 for Hackers and Incident Responders - Kristy Westphal
WS - Flamingo - Lower Level - Red Rock V - cont...(14:30-18:30) - Hacking the Android APK - Ben Hughes, Liana Parakesyan, Mattia Campagnano
WS - Flamingo - Lower Level - Red Rock VII - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel "solstice" Ryan
WS - Flamingo - Lower Level - Red Rock VIII - cont...(14:30-18:30) - Hacking Wifi - Philippe Delteil, Victor Faraggi, Ilana Mergudich Thal

 

Thursday - 17:00


Return to Index  -  Locations Legend
Meetups - Offsite - Sunset Park, Pavilion F - cont...(16:00-21:59) - Toxic BBQ -
Meetups - Planet Hollywood - Santa Monica 4 Room - Friends of Bill W. -
Meetups - Planet Hollywood - Sin City Theater - DEF CON Ladies Meetup -
SEV - Bally's Jubilee Tower - 3rd Floor - Rideshare OSINT - Car Based SE For Fun & Profit - Edward Miro
SEV - Bally's Jubilee Tower - 3rd Floor - (17:40-18:09) - The Basics of Social Engineering aKa How I break into Casinos, Airports and CNI - Chris Pritchard
WS - Flamingo - Lower Level - Red Rock I - cont...(14:30-18:30) - An Introduction to Deploying Red Team Infrastructure - Troy Defty, Erik Dul
WS - Flamingo - Lower Level - Red Rock II - cont...(14:30-18:30) - Advanced Wireless Exploitation for Red Team and Blue Team - Besim Altinok, Bahtiyar Bircan
WS - Flamingo - Lower Level - Red Rock III - cont...(14:30-18:30) - Purple Team CTF - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - cont...(14:30-18:30) - Analysis 101 for Hackers and Incident Responders - Kristy Westphal
WS - Flamingo - Lower Level - Red Rock V - cont...(14:30-18:30) - Hacking the Android APK - Ben Hughes, Liana Parakesyan, Mattia Campagnano
WS - Flamingo - Lower Level - Red Rock VII - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel "solstice" Ryan
WS - Flamingo - Lower Level - Red Rock VIII - cont...(14:30-18:30) - Hacking Wifi - Philippe Delteil, Victor Faraggi, Ilana Mergudich Thal

 

Thursday - 18:00


Return to Index  -  Locations Legend
Meetups - Offsite - Sunset Park, Pavilion F - cont...(16:00-21:59) - Toxic BBQ -
Meetups - Planet Hollywood - Sin City Theater - cont...(17:00-18:59) - DEF CON Ladies Meetup -
SEV - Bally's Jubilee Tower - 3rd Floor - (18:15-18:45) - Phishing with Puny Bait - Michael Wylie
SEV - Bally's Jubilee Tower - 3rd Floor - (18:50-19:20) - Hacking Hollywood - Andrew Nicholson
WS - Flamingo - Lower Level - Red Rock I - cont...(14:30-18:30) - An Introduction to Deploying Red Team Infrastructure - Troy Defty, Erik Dul
WS - Flamingo - Lower Level - Red Rock II - cont...(14:30-18:30) - Advanced Wireless Exploitation for Red Team and Blue Team - Besim Altinok, Bahtiyar Bircan
WS - Flamingo - Lower Level - Red Rock III - cont...(14:30-18:30) - Purple Team CTF - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - cont...(14:30-18:30) - Analysis 101 for Hackers and Incident Responders - Kristy Westphal
WS - Flamingo - Lower Level - Red Rock V - cont...(14:30-18:30) - Hacking the Android APK - Ben Hughes, Liana Parakesyan, Mattia Campagnano
WS - Flamingo - Lower Level - Red Rock VII - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel "solstice" Ryan
WS - Flamingo - Lower Level - Red Rock VIII - cont...(14:30-18:30) - Hacking Wifi - Philippe Delteil, Victor Faraggi, Ilana Mergudich Thal

 

Thursday - 19:00


Return to Index  -  Locations Legend
Meetups - Offsite - Sunset Park, Pavilion F - cont...(16:00-21:59) - Toxic BBQ -
SEV - Bally's Jubilee Tower - 3rd Floor - cont...(18:50-19:20) - Hacking Hollywood - Andrew Nicholson

 

Thursday - 20:00


Return to Index  -  Locations Legend
Meetups - Offsite - Sunset Park, Pavilion F - cont...(16:00-21:59) - Toxic BBQ -

 

Thursday - 21:00


Return to Index  -  Locations Legend
Meetups - Offsite - Sunset Park, Pavilion F - cont...(16:00-21:59) - Toxic BBQ -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Tineh Nimjeh - Tineh Nimjeh

 

Thursday - 22:00


Return to Index  -  Locations Legend
Night Life - Planet Hollywood - Gallery Nightclub - Music - Archwisp - Archwisp

 

Thursday - 23:00


Return to Index  -  Locations Legend
Night Life - Planet Hollywood - Gallery Nightclub - Music - Ctrl - Ctrl

 

Thursday - 24:00


Return to Index  -  Locations Legend
Night Life - Planet Hollywood - Gallery Nightclub - Music - Rodman - Rodman

 

Thursday - 25:00


Return to Index  -  Locations Legend
Night Life - Planet Hollywood - Gallery Nightclub - Music - Seeker - Seeker

Friday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Friday - 06:00


Return to Index  -  Locations Legend
Meetups - outside [TBD location] - 2019 8th Annual Defcon Bike Ride -
Meetups - Paris - Outside at base of Eiffel Tower - DEFCON 27 4X5K run -

 

Friday - 07:00


Return to Index  -  Locations Legend
Meetups - outside [TBD location] - cont...(06:00-07:59) - 2019 8th Annual Defcon Bike Ride -

 

Friday - 09:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - (09:50-09:59) - Welcome Note
BTVW - Flamingo - 3rd Floor- Savoy Room - Threat Hunting With The Elastic Stack - CyberPraesidium, politoinc
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - Threat Hunting With ATT&CK On Splunk
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - Deep Infrastructure Visibility With Osquery And Fleet - thezachw
PHVW - Bally's - Indigo Tower - 26th Floor - Reverse Engineering Malware 101 - Amanda Rousseau
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Kube-Red C2 Operations on Kubernetes - Larry Suto

 

Friday - 10:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - Keynote
BCV - Flamingo 3rd Floor - Laughlin III Room - (10:50-11:40) - A Smart Contract Killchain. How the first Blockchain APT was caught - Rod Soto&Victor Fang
BHV - Planet Hollywood - Melrose 1-3 Rooms - Opening Words
BHV - Planet Hollywood - Melrose 1-3 Rooms - (10:15-10:59) - Employ Cybersecurity Techniques Against the Threat of Medical Misinformation - Eric D Perakslis
BTVW - Flamingo - 3rd Floor- Savoy Room - cont...(09:00-12:59) - Threat Hunting With The Elastic Stack - CyberPraesidium, politoinc
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - cont...(09:00-10:59) - Threat Hunting With ATT&CK On Splunk
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - cont...(09:00-12:59) - Deep Infrastructure Visibility With Osquery And Fleet - thezachw
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Giving Cops the Finger: Compelled Device Decryption and the Fifth Amendment - Riana Pfefferkorn
DC - Paris - Track 1 - Behind the Scenes of the DEF CON 27 Badge - Joe Grand (Kingpin)
DC - Paris - Track 2 - Hacking Congress: The Enemy Of My Enemy Is My Friend - Former Rep. Jane Harman, Rep. James Langevin, Jen Ellis, Cris Thomas, Rep. Ted Lieu
DC - Paris - Track 3 - Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware - Olivier Bilodeau, Masarah Paquet-Clouston
DC - Paris - Track 4 - Duplicating Restricted Mechanical Keys - Bill Graydon, Robert Graydon
DL - Planet Hollywood - Sunset 1 - Antennas for Surveillance applications - Kent Britain, Alexander Zakharov
DL - Planet Hollywood - Sunset 2 - PhanTap (Phantom Tap) - Diana Dragusin, Etienne Champetier
DL - Planet Hollywood - Sunset 3 - BEEMKA – Electron Post-Exploitation Framework - Pavel Tsakalidis
DL - Planet Hollywood - Sunset 4 - Reverse Engineering Embedded ARM with Ghidra - Max Compston
DL - Planet Hollywood - Sunset 5 - Hachi: An Intelligent threat mapper - Parmanand Mishra
DL - Planet Hollywood - Sunset 6 - soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend - Hyunjun Park, Soyeon Kim
PHVT - Bally's - Indigo Tower - 26th Floor - 4 years and 10,000+ Hours Later: Lessons Learned from Running a National Penetration Testing Competition - Tom Kopchak and Dan Borges
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(09:00-11:59) - Reverse Engineering Malware 101 - Amanda Rousseau
RCV - Planet Hollywood - Celebrity 5 Ballroom - (10:20-10:59) - The OSINT Space is Growing! Are we Ready? - Adrian Korn
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (10:30-11:30) - Puny Charge your Phishing Campaigns - Michael Wylie
WS - Flamingo - Lower Level - Red Rock I - Evil Mainframe Jr: Mainframe hacking from recon to privesc - Soldier of Fortran, Big Endian Smalls
WS - Flamingo - Lower Level - Red Rock II - Malware Triage - Analyzing The Modern Malware Delivery Chain - Sergei Frankoff, Sean Wilson
WS - Flamingo - Lower Level - Red Rock III - Understanding and Analyzing Weaponized Carrier Files - Ryan Chapman
WS - Flamingo - Lower Level - Red Rock IV - Finding Vulnerabilities at Ecosystem-Scale - Isaac Evans
WS - Flamingo - Lower Level - Red Rock V - Hacking ICS: From Open Source Tools to Custom Scripts - Valerie Thomas, Harry Regan, Harry Thomas
WS - Flamingo - Lower Level - Red Rock VI - Hands on Adversarial Machine Learning - Yacin Nadji
WS - Flamingo - Lower Level - Red Rock VII - Exploit Development for Beginners - Sam Bowne, Elizabeth Biddlecome

 

Friday - 11:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(10:50-11:40) - A Smart Contract Killchain. How the first Blockchain APT was caught - Rod Soto&Victor Fang
BCV - Flamingo 3rd Floor - Laughlin III Room - (11:40-11:59) - Contest Announcement
BHV - Planet Hollywood - Melrose 1-3 Rooms - From buffer overflowing genomics tools to securing biomedical file formats - Corey M. Hudson
BHV - Planet Hollywood - Melrose 1-3 Rooms - (11:45-12:30) - How to Get Your Ass Kicked and Like It; Experiential Learning Through Gamification - Corey M. Hudson
BTVW - Flamingo - 3rd Floor- Savoy Room - cont...(09:00-12:59) - Threat Hunting With The Elastic Stack - CyberPraesidium, politoinc
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - (11:30-13:29) - The "Art" of BEC
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - cont...(09:00-12:59) - Deep Infrastructure Visibility With Osquery And Fleet - thezachw
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Implementing a Zero Knowledge Proof or, How to Write Bulletproofs in Rust - Cathie Yun
DC - Paris - Track 1 - Don't Red-Team AI Like a Chump - Ariel Herbert-Voss
DC - Paris - Track 2 - The Tor Censorship Arms Race: The Next Chapter - Roger Dingledine
DC - Paris - Track 3 - All the 4G modules Could be Hacked - XiaoHuiHui, Ye Zhang, ZhengHuang
DC - Paris - Track 4 - Evil eBPF In-Depth: Practical Abuses of an In-Kernel Bytecode Runtime - Jeff Dileo
DL - Planet Hollywood - Sunset 1 - cont...(10:00 - 11:50) - Antennas for Surveillance applications - Kent Britain, Alexander Zakharov
DL - Planet Hollywood - Sunset 2 - cont...(10:00 - 11:50) - PhanTap (Phantom Tap) - Diana Dragusin, Etienne Champetier
DL - Planet Hollywood - Sunset 3 - cont...(10:00 - 11:50) - BEEMKA – Electron Post-Exploitation Framework - Pavel Tsakalidis
DL - Planet Hollywood - Sunset 4 - cont...(10:00 - 11:50) - Reverse Engineering Embedded ARM with Ghidra - Max Compston
DL - Planet Hollywood - Sunset 5 - cont...(10:00 - 11:50) - Hachi: An Intelligent threat mapper - Parmanand Mishra
DL - Planet Hollywood - Sunset 6 - cont...(10:00 - 11:50) - soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend - Hyunjun Park, Soyeon Kim
ETV - Flamingo - 3rd Floor - Reno II Room - Keynote: A Rant on Ethical Discolsure -
PHVT - Bally's - Indigo Tower - 26th Floor - Hacking Kubernetes: Choose Your Own Adventure Style - Jay Beale
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(09:00-11:59) - Reverse Engineering Malware 101 - Amanda Rousseau
RCV - Planet Hollywood - Celebrity 5 Ballroom - A URL Shortened By Any Other Name - Master Chen
RCV - Planet Hollywood - Celebrity 5 Ballroom - (11:40-12:20) - Building an OSINT and Recon Program to address Healthcare Information Security issues - MITCHELL PARKER
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(10:30-11:30) - Puny Charge your Phishing Campaigns - Michael Wylie
WS - Flamingo - Lower Level - Red Rock I - cont...(10:00-13:59) - Evil Mainframe Jr: Mainframe hacking from recon to privesc - Soldier of Fortran, Big Endian Smalls
WS - Flamingo - Lower Level - Red Rock II - cont...(10:00-13:59) - Malware Triage - Analyzing The Modern Malware Delivery Chain - Sergei Frankoff, Sean Wilson
WS - Flamingo - Lower Level - Red Rock III - cont...(10:00-13:59) - Understanding and Analyzing Weaponized Carrier Files - Ryan Chapman
WS - Flamingo - Lower Level - Red Rock IV - cont...(10:00-13:59) - Finding Vulnerabilities at Ecosystem-Scale - Isaac Evans
WS - Flamingo - Lower Level - Red Rock V - cont...(10:00-13:59) - Hacking ICS: From Open Source Tools to Custom Scripts - Valerie Thomas, Harry Regan, Harry Thomas
WS - Flamingo - Lower Level - Red Rock VI - cont...(10:00-13:59) - Hands on Adversarial Machine Learning - Yacin Nadji
WS - Flamingo - Lower Level - Red Rock VII - cont...(10:00-13:59) - Exploit Development for Beginners - Sam Bowne, Elizabeth Biddlecome

 

Friday - 12:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - Hacking Cryptocurrencies - Mark Nesbitt
BCV - Flamingo 3rd Floor - Laughlin III Room - (12:30-13:20) - Panel Discussion
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(11:45-12:30) - How to Get Your Ass Kicked and Like It; Experiential Learning Through Gamification - Corey M. Hudson
BHV - Planet Hollywood - Melrose 1-3 Rooms - (12:30-14:30) - Medical Simulations Panel - Corey M. Hudson
BTVW - Flamingo - 3rd Floor- Savoy Room - cont...(09:00-12:59) - Threat Hunting With The Elastic Stack - CyberPraesidium, politoinc
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - cont...(11:30-13:29) - The "Art" of BEC
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - cont...(09:00-12:59) - Deep Infrastructure Visibility With Osquery And Fleet - thezachw
CLV - Flamingo 3rd Floor - Reno I Room - Opening Note
CLV - Flamingo 3rd Floor - Reno I Room - (12:20-12:59) - Cloudy Vision: How Cloud Integration Complicates Security - Sean Metcalf
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Fighting non consensual pornography the BADASS way - Katelyn Bowden
DC - Paris - Track 1 - Process Injection Techniques - Gotta Catch Them All - Itzik Kotler, Amit Klein
DC - Paris - Track 2 - Phreaking Elevators - WillC
DC - Paris - Track 3 - Infiltrating Corporate Intranet Like NSA ̶Pre-auth RCE on Leading SSL VPNs - Orange Tsai, Meh Chang
DC - Paris - Track 4 - API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web - Joshua Maddux
DL - Planet Hollywood - Sunset 1 - EAPHammer - Gabriel Ryan
DL - Planet Hollywood - Sunset 2 - PcapXray - Srinivas Piskala Ganesh Babu
DL - Planet Hollywood - Sunset 3 - Spartacus as a Service (SaaS) - Mike Kiser
DL - Planet Hollywood - Sunset 4 - Flatline - East
DL - Planet Hollywood - Sunset 5 - Phishing Simulation - Jyoti Raval
DL - Planet Hollywood - Sunset 6 - TaintedLove - Benoit Côté-Jodoin
Meetups - Planet Hollywood - Santa Monica 4 Room - Friends of Bill W. -
PHVT - Bally's - Indigo Tower - 26th Floor - StegoAugmented Malware - Mike Raggo and Chet Hosmer
PHVW - Bally's - Indigo Tower - 26th Floor - (12:15-14:15) - Wireshark for Incident Response & Threat Hunting - Michael Wylie
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(11:40-12:20) - Building an OSINT and Recon Program to address Healthcare Information Security issues - MITCHELL PARKER
RCV - Planet Hollywood - Celebrity 5 Ballroom - (12:20-12:45) - Social Media: The New Court of Public opinion (exploring the effects of social media and out unconscious bias) - Susan
WS - Flamingo - Lower Level - Red Rock I - cont...(10:00-13:59) - Evil Mainframe Jr: Mainframe hacking from recon to privesc - Soldier of Fortran, Big Endian Smalls
WS - Flamingo - Lower Level - Red Rock II - cont...(10:00-13:59) - Malware Triage - Analyzing The Modern Malware Delivery Chain - Sergei Frankoff, Sean Wilson
WS - Flamingo - Lower Level - Red Rock III - cont...(10:00-13:59) - Understanding and Analyzing Weaponized Carrier Files - Ryan Chapman
WS - Flamingo - Lower Level - Red Rock IV - cont...(10:00-13:59) - Finding Vulnerabilities at Ecosystem-Scale - Isaac Evans
WS - Flamingo - Lower Level - Red Rock V - cont...(10:00-13:59) - Hacking ICS: From Open Source Tools to Custom Scripts - Valerie Thomas, Harry Regan, Harry Thomas
WS - Flamingo - Lower Level - Red Rock VI - cont...(10:00-13:59) - Hands on Adversarial Machine Learning - Yacin Nadji
WS - Flamingo - Lower Level - Red Rock VII - cont...(10:00-13:59) - Exploit Development for Beginners - Sam Bowne, Elizabeth Biddlecome

 

Friday - 13:00


Return to Index  -  Locations Legend
AVV - Bally's Event Center - Introduction to the Aviation Village - Aviation Village Team
AVV - Bally's Event Center - (13:15-13:59) - Behind the scenes of hacking airplanes - Zoltan, Ben
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(12:30-13:20) - Panel Discussion
BCV - Flamingo 3rd Floor - Laughlin III Room - (13:30-14:20) - Forcing a trustworthy notion of sequential time - Brian Vohaska (bvo)&Justin Drake
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(12:30-14:30) - Medical Simulations Panel - Corey M. Hudson
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - cont...(11:30-13:29) - The "Art" of BEC
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - (13:30-15:29) - MEDIC! Malware Response 101 From The Trenches - krypt3ia
CLV - Flamingo 3rd Floor - Reno I Room - Exploiting IAM in the Google Cloud Platform - Colin Estep
CLV - Flamingo 3rd Floor - Reno I Room - (13:40-14:20) - Battle in the Clouds: Attacker vs Defender on AWS - Dani Goland & Mohsan Farid
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Migrating to quantum-safe cryptography to protect against the quantum hackers - Christian Paquin
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Enabling HTTPS for home network devices using Let’s Encrypt - Karl Koscher
DC - Paris - Track 1 - HackPac: Hacking Pointer Authentication in iOS User Space - Xiaolong Bai, Min (Spark) Zheng
DC - Paris - Track 2 - HVACking: Understand the Difference Between Security and Reality! - Douglas McKee, Mark Bereza
DC - Paris - Track 3 - No Mas – How One Side-Channel Flaw Opens Atm, Pharmacies and Government Secrets Up to Attack - phar
DC - Paris - Track 4 - More Keys Than A Piano: Finding Secrets In Publicly Exposed Ebs Volumes - xBen "benmap" Morris
DL - Planet Hollywood - Sunset 1 - cont...(12:00 - 13:50) - EAPHammer - Gabriel Ryan
DL - Planet Hollywood - Sunset 2 - cont...(12:00 - 13:50) - PcapXray - Srinivas Piskala Ganesh Babu
DL - Planet Hollywood - Sunset 3 - cont...(12:00 - 13:50) - Spartacus as a Service (SaaS) - Mike Kiser
DL - Planet Hollywood - Sunset 4 - cont...(12:00 - 13:50) - Flatline - East
DL - Planet Hollywood - Sunset 5 - cont...(12:00 - 13:50) - Phishing Simulation - Jyoti Raval
DL - Planet Hollywood - Sunset 6 - cont...(12:00 - 13:50) - TaintedLove - Benoit Côté-Jodoin
ETV - Flamingo - 3rd Floor - Reno II Room - Discussion Of State Election Security Policy -
LBV - Flamingo - Carson City II Room - So You Want to Rob a Bank: Overt Ops Timing & Practise -
Meetups - Planet Hollywood - Mezzanine Stage - Beverage Cooling Contest -
PHVT - Bally's - Indigo Tower - 26th Floor - The Art of Detection - Jay Dimartino
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(12:15-14:15) - Wireshark for Incident Response & Threat Hunting - Michael Wylie
RCV - Planet Hollywood - Celebrity 5 Ballroom - (13:20-13:50) - Let’s get technical and hunt harder! - BugCrowd
RCV - Planet Hollywood - Celebrity 5 Ballroom - (13:50-14:40) - Asset Discovery: Making Sense of the Ocean of OSINT - Richard Gold
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Bypassing MacOS Detections with Swift - Cedric Owens
WS - Flamingo - Lower Level - Red Rock I - cont...(10:00-13:59) - Evil Mainframe Jr: Mainframe hacking from recon to privesc - Soldier of Fortran, Big Endian Smalls
WS - Flamingo - Lower Level - Red Rock II - cont...(10:00-13:59) - Malware Triage - Analyzing The Modern Malware Delivery Chain - Sergei Frankoff, Sean Wilson
WS - Flamingo - Lower Level - Red Rock III - cont...(10:00-13:59) - Understanding and Analyzing Weaponized Carrier Files - Ryan Chapman
WS - Flamingo - Lower Level - Red Rock IV - cont...(10:00-13:59) - Finding Vulnerabilities at Ecosystem-Scale - Isaac Evans
WS - Flamingo - Lower Level - Red Rock V - cont...(10:00-13:59) - Hacking ICS: From Open Source Tools to Custom Scripts - Valerie Thomas, Harry Regan, Harry Thomas
WS - Flamingo - Lower Level - Red Rock VI - cont...(10:00-13:59) - Hands on Adversarial Machine Learning - Yacin Nadji
WS - Flamingo - Lower Level - Red Rock VII - cont...(10:00-13:59) - Exploit Development for Beginners - Sam Bowne, Elizabeth Biddlecome

 

Friday - 14:00


Return to Index  -  Locations Legend
AVV - Bally's Event Center - Hacking the Air Force and Beyond - Jack
AVV - Bally's Event Center - (14:30-14:59) - A Hacker Walks Into A Flight School And Says Ouch: Common Online Security Fails In Pilot Training - Tarah
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(13:30-14:20) - Forcing a trustworthy notion of sequential time - Brian Vohaska (bvo)&Justin Drake
BCV - Flamingo 3rd Floor - Laughlin III Room - (14:30-16:10) - Mathematical Background of Blockchain Cryptography - Saroj
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(12:30-14:30) - Medical Simulations Panel - Corey M. Hudson
BHV - Planet Hollywood - Melrose 1-3 Rooms - (14:30-16:15) - Amputees and Prosthetic Challenges - Wayne Penn
BTVT - Flamingo - 3rd Floor- Savoy Room - A Theme Of Fear: Hacking The Paradigm - investigatorchi
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - Malware Traffic Analysis Workshop - malware_traffic
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - cont...(13:30-15:29) - MEDIC! Malware Response 101 From The Trenches - krypt3ia
CLV - Flamingo 3rd Floor - Reno I Room - cont...(13:40-14:20) - Battle in the Clouds: Attacker vs Defender on AWS - Dani Goland & Mohsan Farid
CLV - Flamingo 3rd Floor - Reno I Room - (14:20-14:50) - ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Sentinel using Sysmon and MITRE ATT&CK - Edoardo Gerosa
CLV - Flamingo 3rd Floor - Reno I Room - (14:50-15:25) - Sponsored Talk - Anatomy of cloud hacking - Pratik Shah
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Who Belongs Where? How to Effectively Integrate Your Company’s Privacy, Legal, & Security Teams - Suchismita Pahi, Fred Jennings, Hannah Poteat, Mike Johnson, Marina Spyrou, Calli Schroeder
DC - Paris - Track 1 - Harnessing Weapons of Mac Destruction - Patrick Wardle
DC - Paris - Track 2 - Are Your Child's Records at Risk? The Current State of School Infosec - Bill Demirkapi
DC - Paris - Track 3 - How Deep Learning Is Revolutionizing Side-Channel Cryptanalysis - Elie Bursztein, Jean Michel Picod
DC - Paris - Track 4 - Practical Key Search Attacks Against Modern Symmetric Ciphers - Daniel "ufurnace" Crowley, Daniel Pagan
DL - Planet Hollywood - Sunset 1 - Browser extension to hunt low hanging fruits (Hacking by just browsing) - Rewanth Cool
DL - Planet Hollywood - Sunset 2 - Let's Map Your Network - Pramod Rana
DL - Planet Hollywood - Sunset 3 - EXPLIoT - IoT Security Testing and Exploitation Framework - Aseem Jakhar, Murtuja Bharmal
DL - Planet Hollywood - Sunset 4 - Chaos Drive, because USB is still too trustworthy - Mike Rich
DL - Planet Hollywood - Sunset 5 - Combo Password - Fabian Obermaier
DL - Planet Hollywood - Sunset 6 - OSfooler-NG: Next Generation of OS fingerprinting fooler - Jaime Sanchez
ETV - Flamingo - 3rd Floor - Reno II Room - Ethics And Federal Election Security Policy -
Meetups - Planet Hollywood - Mezzanine Stage - cont...(13:00-14:59) - Beverage Cooling Contest -
PHVT - Bally's - Indigo Tower - 26th Floor - Bestsellers in the Underground Economy: Measuring Malware Popularity by Forum - Winnona DeSombre
PHVT - Bally's - Indigo Tower - 26th Floor - (14:30-14:59) - Hunting Certificates and Servers - Sam Erb
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(12:15-14:15) - Wireshark for Incident Response & Threat Hunting - Michael Wylie
PHVW - Bally's - Indigo Tower - 26th Floor - (14:30-16:30) - Hacking Kubernetes - Choose Your Own Adventure Style - Jay Beale
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(13:50-14:40) - Asset Discovery: Making Sense of the Ocean of OSINT - Richard Gold
RCV - Planet Hollywood - Celebrity 5 Ballroom - (14:40-15:15) - Advanced Recon with OWASP Amass - Jeff Foley
RGV - Flamingo - 3rd Floor - Carson City II - Modern Rogue - Brian Brushwood
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (14:30-15:30) - (Ab)using GPOs for Active Directory Pwnage - Petros Koutroumpis&Dennis Panagiotopoulos
WS - Flamingo - Lower Level - Red Rock I - (14:30-18:30) - Attacking Layer 2 Network Protocols - Erik Dul, Troy Defty
WS - Flamingo - Lower Level - Red Rock III - (14:30-18:30) - Reverse Engineering Android Apps - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - (14:30-18:30) - Introduction to Sandbox Evasion and AMSI Bypasses - Anthony Rose, Jacob "Hubble" Krasnov, Vincent "Halycon" Rose
WS - Flamingo - Lower Level - Red Rock V - (14:30-18:30) - Introduction to Reverse Engineering With Ghidra - Wesley McGrew, Tyler Holland
WS - Flamingo - Lower Level - Red Rock VI - (14:30-18:30) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Carl Pearson
WS - Flamingo - Lower Level - Red Rock VII - (14:30-18:30) - Defending environments and hunting malware with osquery - Guillaume Ross

 

Friday - 15:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(14:30-16:10) - Mathematical Background of Blockchain Cryptography - Saroj
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(14:30-16:15) - Amputees and Prosthetic Challenges - Wayne Penn
BTVT - Flamingo - 3rd Floor- Savoy Room - Detection At Google: On Corp And Cloud - fryx0r , JSteeleIR
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - cont...(14:00-17:59) - Malware Traffic Analysis Workshop - malware_traffic
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - cont...(13:30-15:29) - MEDIC! Malware Response 101 From The Trenches - krypt3ia
CLV - Flamingo 3rd Floor - Reno I Room - cont...(14:50-15:25) - Sponsored Talk - Anatomy of cloud hacking - Pratik Shah
CLV - Flamingo 3rd Floor - Reno I Room - (15:25-15:50) - Security Battle Wounds from a Cloud SRE - Jane Miceli
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - MITM mixed mode butterfly key privacy attack - Ben Brecht
DC - Paris - Track 1 - MOSE: Using Configuration Management for Evil - Jayson Grace
DC - Paris - Track 2 - Change the World, cDc Style: Cow tips from the first 35 years - Joseph Menn, Peiter Mudge Zatko, Chris Dildog Rioux, Deth Vegetable, Omega
DC - Paris - Track 3 - 100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans - Jatin Kataria, Rick Housley, Ang Cui
DC - Paris - Track 4 - Relaying Credentials Has Never Been Easier: How to Easily Bypass the Latest NTLM Relay Mitigations - Marina Simakov, Yaron Zinar
DL - Planet Hollywood - Sunset 1 - cont...(14:00 - 15:50) - Browser extension to hunt low hanging fruits (Hacking by just browsing) - Rewanth Cool
DL - Planet Hollywood - Sunset 2 - cont...(14:00 - 15:50) - Let's Map Your Network - Pramod Rana
DL - Planet Hollywood - Sunset 3 - cont...(14:00 - 15:50) - EXPLIoT - IoT Security Testing and Exploitation Framework - Aseem Jakhar, Murtuja Bharmal
DL - Planet Hollywood - Sunset 4 - cont...(14:00 - 15:50) - Chaos Drive, because USB is still too trustworthy - Mike Rich
DL - Planet Hollywood - Sunset 5 - cont...(14:00 - 15:50) - Combo Password - Fabian Obermaier
DL - Planet Hollywood - Sunset 6 - cont...(14:00 - 15:50) - OSfooler-NG: Next Generation of OS fingerprinting fooler - Jaime Sanchez
ETV - Flamingo - 3rd Floor - Reno II Room - Ethics Discussion with Congressional Staffers -
ICS - Bally's Event Center - Pin the tail on the cyber owner - Ryan Leirvik
ICS - Bally's Event Center - (15:30-15:59) - IT/OT Convergence - Are We There Yet? - Oden Jack
LBV - Flamingo - Carson City II Room - Lock Bypass 101
Meetups - Planet Hollywood - Mezzanine Stage - SpellCheck: The Hacker Spelling Bee -
Meetups - Planet Hollywood - Sin City - BADASS/Cyber SeXurity -
PHVT - Bally's - Indigo Tower - 26th Floor - Old Tech vs New Adversaries. Round 1... Fight! - Joseph Muniz and Aamir Lakhani
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(14:30-16:30) - Hacking Kubernetes - Choose Your Own Adventure Style - Jay Beale
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(14:40-15:15) - Advanced Recon with OWASP Amass - Jeff Foley
RCV - Planet Hollywood - Celebrity 5 Ballroom - (15:15-15:40) - OSINT Approach in Big-Data - Seyfullah KILIÇ
RCV - Planet Hollywood - Celebrity 5 Ballroom - (15:40-16:30) - Hack the Planet! Hackers Influencing Positive Change - Robert Sell
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(14:30-15:30) - (Ab)using GPOs for Active Directory Pwnage - Petros Koutroumpis&Dennis Panagiotopoulos
SEV - Bally's Jubilee Tower - 3rd Floor - (15:30-16:20) - SEVillage - 10 Year Anniversary - a Look Back at what has changed - Chris Hadnagy
WS - Flamingo - Lower Level - Red Rock I - cont...(14:30-18:30) - Attacking Layer 2 Network Protocols - Erik Dul, Troy Defty
WS - Flamingo - Lower Level - Red Rock III - cont...(14:30-18:30) - Reverse Engineering Android Apps - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - cont...(14:30-18:30) - Introduction to Sandbox Evasion and AMSI Bypasses - Anthony Rose, Jacob "Hubble" Krasnov, Vincent "Halycon" Rose
WS - Flamingo - Lower Level - Red Rock V - cont...(14:30-18:30) - Introduction to Reverse Engineering With Ghidra - Wesley McGrew, Tyler Holland
WS - Flamingo - Lower Level - Red Rock VI - cont...(14:30-18:30) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Carl Pearson
WS - Flamingo - Lower Level - Red Rock VII - cont...(14:30-18:30) - Defending environments and hunting malware with osquery - Guillaume Ross

 

Friday - 16:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(14:30-16:10) - Mathematical Background of Blockchain Cryptography - Saroj
BCV - Flamingo 3rd Floor - Laughlin III Room - (16:20-17:10) - Alice and Bob's Big Secret - Mila Paul
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(14:30-16:15) - Amputees and Prosthetic Challenges - Wayne Penn
BHV - Planet Hollywood - Melrose 1-3 Rooms - (16:15-16:59) - Hacking Wetware with Open Source Software and Hardware - Jay Lagorio
BTVT - Flamingo - 3rd Floor- Savoy Room - (16:30-16:59) - Blue Team Guide For Fresh Eyes - sopooped
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - cont...(14:00-17:59) - Malware Traffic Analysis Workshop - malware_traffic
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - Blue Teaming For Fun And The Sake Of Your Organization - sirmudbl00d
CLV - Flamingo 3rd Floor - Reno I Room - (16:50-17:59) - Pragmatic Cloud Security Automation - Rich Mogull
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Black Mirror: You are your own privacy nightmare – the hidden threat of paying for subscription services - Cat Murdock
DC - Paris - Track 1 - Please Inject Me, a x64 Code Injection - Alon Weinberg
DC - Paris - Track 1 - (16:30-16:50) - Poking the S in SD cards - Nicolas Oberli
DC - Paris - Track 2 - I Know What You Did Last Summer: 3 Years of Wireless Monitoring at DEF CON - d4rkm4tter (Mike Spicer)
DC - Paris - Track 2 - (16:30-16:50) - Can You Track Me Now? Why The Phone Companies Are Such A Privacy Disaster - U.S. Senator Ron Wyden
DC - Paris - Track 3 - Surveillance Detection Scout - Your Lookout on Autopilot - Truman Kain
DC - Paris - Track 3 - (16:30-16:50) - Breaking The Back End! It Is Not Always A Bug. Sometimes, It Is Just Bad Design! - Gregory Pickett
DC - Paris - Track 4 - The JOP ROCKET: A Supremely Wicked Tool for JOP Gadget Discovery, or What to Do If ROP Is Too Easy - Dr. Bramwell Brizendine, Dr. Joshua Stroschien
DC - Paris - Track 4 - (16:30-16:50) - Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption - Jens Müller
ETV - Flamingo - 3rd Floor - Reno II Room - Medical Device Security -
ICS - Bally's Event Center - Nation State Supply Chain Attacks for Dummies -or- Chipping Cisco Firewalls - Monta Elkins
ICS - Bally's Event Center - (16:30-16:59) - ICS Village Community Engagement Shark Tank - Bryson Bort
Meetups - Planet Hollywood - Mezzanine Stage - cont...(15:05-16:30) - SpellCheck: The Hacker Spelling Bee -
Meetups - Planet Hollywood - Sin City - cont...(15:00-17:59) - BADASS/Cyber SeXurity -
PHVT - Bally's - Indigo Tower - 26th Floor - Patching: It's Complicated - Cheryl Biswas
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(14:30-16:30) - Hacking Kubernetes - Choose Your Own Adventure Style - Jay Beale
PHVW - Bally's - Indigo Tower - 26th Floor - (16:45-18:45) - Intel-driven Hunts for Nation-state Activity Using Elastic SIEM - Sean Donnelly, Peter Hay
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(15:40-16:30) - Hack the Planet! Hackers Influencing Positive Change - Robert Sell
RCV - Planet Hollywood - Celebrity 5 Ballroom - (16:30-16:59) - Generating Personalized Wordlists by Analyzing Target's Tweets - Utku Sen
RGV - Flamingo - 3rd Floor - Carson City II - Pickpocketing - James Harrison
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Injections Without Borders: An anatomy of Serverless Event Injections - Tal Melamed
SEV - Bally's Jubilee Tower - 3rd Floor - cont...(15:30-16:20) - SEVillage - 10 Year Anniversary - a Look Back at what has changed - Chris Hadnagy
SEV - Bally's Jubilee Tower - 3rd Floor - (16:30-16:59) - Why vigilantism doesn't work - Shane McCombs
WS - Flamingo - Lower Level - Red Rock I - cont...(14:30-18:30) - Attacking Layer 2 Network Protocols - Erik Dul, Troy Defty
WS - Flamingo - Lower Level - Red Rock III - cont...(14:30-18:30) - Reverse Engineering Android Apps - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - cont...(14:30-18:30) - Introduction to Sandbox Evasion and AMSI Bypasses - Anthony Rose, Jacob "Hubble" Krasnov, Vincent "Halycon" Rose
WS - Flamingo - Lower Level - Red Rock V - cont...(14:30-18:30) - Introduction to Reverse Engineering With Ghidra - Wesley McGrew, Tyler Holland
WS - Flamingo - Lower Level - Red Rock VI - cont...(14:30-18:30) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Carl Pearson
WS - Flamingo - Lower Level - Red Rock VII - cont...(14:30-18:30) - Defending environments and hunting malware with osquery - Guillaume Ross

 

Friday - 17:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(16:20-17:10) - Alice and Bob's Big Secret - Mila Paul
BCV - Flamingo 3rd Floor - Laughlin III Room - The CryptoCurrency Security Standard (CCSS) - Ron Stoner&Michael Perklin
BHV - Planet Hollywood - Melrose 1-3 Rooms - Beyond the Firmware - Dr. Avi Rubin
BTVT - Flamingo - 3rd Floor- Savoy Room - The Cyber Threat Intelligence Mindset - ch33r10
BTVT - Flamingo - 3rd Floor- Savoy Room - (17:30-17:59) - Serverless Log Analysis On AWS - gkapoglis
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - cont...(14:00-17:59) - Malware Traffic Analysis Workshop - malware_traffic
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - cont...(16:00-17:59) - Blue Teaming For Fun And The Sake Of Your Organization - sirmudbl00d
CLV - Flamingo 3rd Floor - Reno I Room - cont...(16:50-17:59) - Pragmatic Cloud Security Automation - Rich Mogull
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - How PKI and SHAKEN/STIR Will Fix the Global Robocall Problem - Mark B Cooper
ICS - Bally's Event Center - Changium IPiosa: most magical change IP packets in the wild - Sharon Brizinov, Tal Keren
Meetups - Planet Hollywood - Mezzanine Stage - EFF Trivia -
Meetups - Planet Hollywood - Santa Monica 4 Room - Friends of Bill W. -
Meetups - Planet Hollywood - Sin City - cont...(15:00-17:59) - BADASS/Cyber SeXurity -
PHVT - Bally's - Indigo Tower - 26th Floor - Your Phone is Using Tor and Leaking Your PII - Milind Bhargava and Adam Podgorski
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(16:45-18:45) - Intel-driven Hunts for Nation-state Activity Using Elastic SIEM - Sean Donnelly, Peter Hay
RGV - Flamingo - 3rd Floor - Carson City II - Pickpocketing Workshop - James Harrison
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (17:30-18:30) - Introduction and Application of Covert Channels - Aaron Grattafiori
SEV - Bally's Jubilee Tower - 3rd Floor - OSINT in the Real World - Ryan MacDougall
SEV - Bally's Jubilee Tower - 3rd Floor - (17:40-18:09) - Swing Away: How to Conquer Impostor Syndrome - Billy Boatright
WS - Flamingo - Lower Level - Red Rock I - cont...(14:30-18:30) - Attacking Layer 2 Network Protocols - Erik Dul, Troy Defty
WS - Flamingo - Lower Level - Red Rock III - cont...(14:30-18:30) - Reverse Engineering Android Apps - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - cont...(14:30-18:30) - Introduction to Sandbox Evasion and AMSI Bypasses - Anthony Rose, Jacob "Hubble" Krasnov, Vincent "Halycon" Rose
WS - Flamingo - Lower Level - Red Rock V - cont...(14:30-18:30) - Introduction to Reverse Engineering With Ghidra - Wesley McGrew, Tyler Holland
WS - Flamingo - Lower Level - Red Rock VI - cont...(14:30-18:30) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Carl Pearson
WS - Flamingo - Lower Level - Red Rock VII - cont...(14:30-18:30) - Defending environments and hunting malware with osquery - Guillaume Ross

 

Friday - 18:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - Contest Roundup
BCV - Flamingo 3rd Floor - Laughlin III Room - (18:20-18:30) - Closing note
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(17:00-18:30) - Beyond the Firmware - Dr. Avi Rubin
BHV - Planet Hollywood - Melrose 1-3 Rooms - (18:30-19:15) - 0-Day Inside - Mandy Logan
Meetups - Paris - Le Bar Du Sport bar - /r/defcon DEF CON 27 Meetup
Meetups - Paris - Le Bar Du Sport Bar - (18:30-17:59) - Hackers Against Brexit -
Meetups - Paris - Napoleons Corner Bar - Lawyers Meet -
Meetups - Planet Hollywood - Mezzanine Stage - cont...(17:00-18:59) - EFF Trivia -
PHVT - Bally's - Indigo Tower - 26th Floor - Beyond Sandboxes. How to Execute IoT Malware and Analyze Its Evolution - María José Erquiaga, Sebastian Garcia
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(16:45-18:45) - Intel-driven Hunts for Nation-state Activity Using Elastic SIEM - Sean Donnelly, Peter Hay
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(17:30-18:30) - Introduction and Application of Covert Channels - Aaron Grattafiori
SEV - Bally's Jubilee Tower - 3rd Floor - (18:15-18:45) - A Girl Says Nothing: A Social Engineer’s Guide to Playing into Sexism, Racial Stereotypes, and Discrimination - Krittika Lalwaney
SEV - Bally's Jubilee Tower - 3rd Floor - (18:50-19:20) - Red Teaming Insights and Examples from Beyond the Infosec Community - Micah Zenko
WS - Flamingo - Lower Level - Red Rock I - cont...(14:30-18:30) - Attacking Layer 2 Network Protocols - Erik Dul, Troy Defty
WS - Flamingo - Lower Level - Red Rock III - cont...(14:30-18:30) - Reverse Engineering Android Apps - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - cont...(14:30-18:30) - Introduction to Sandbox Evasion and AMSI Bypasses - Anthony Rose, Jacob "Hubble" Krasnov, Vincent "Halycon" Rose
WS - Flamingo - Lower Level - Red Rock V - cont...(14:30-18:30) - Introduction to Reverse Engineering With Ghidra - Wesley McGrew, Tyler Holland
WS - Flamingo - Lower Level - Red Rock VI - cont...(14:30-18:30) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Carl Pearson
WS - Flamingo - Lower Level - Red Rock VII - cont...(14:30-18:30) - Defending environments and hunting malware with osquery - Guillaume Ross

 

Friday - 19:00


Return to Index  -  Locations Legend
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(18:30-19:15) - 0-Day Inside - Mandy Logan
BHV - Planet Hollywood - Melrose 1-3 Rooms - (19:15-19:59) - Medical Device Incident Response, Forensics, and ITs Challenges - Sam Buhrow
Meetups - Paris - Le Bar Du Sport bar - cont...(18:00-19:59) - /r/defcon DEF CON 27 Meetup
Meetups - Paris - Napoleons Corner Bar - cont...(18:00-19:59) - Lawyers Meet -
Night Life - Paris - Concorde B Ballroom - (19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde C Ballroom - (19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Rivoli A Ballroom - (19:30-25:59) - VETCON II -
SEV - Bally's Jubilee Tower - 3rd Floor - cont...(18:50-19:20) - Red Teaming Insights and Examples from Beyond the Infosec Community - Micah Zenko

 

Friday - 20:00


Return to Index  -  Locations Legend
DC - Planet Hollywood - Firesides Lounge - D0 N0 H4RM: A Healthcare Security Conversation - Christian “quaddi” Dameff, Jeff “r3plicant” Tully MD, Suzanne Schwartz MD, Marie Moe PhD, Billy Rios, Jay Radcliffe
Night Life - Paris - Concorde B Ballroom - cont...(19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde B Ballroom - Blanketfort Con Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Rivoli A Ballroom - cont...(19:30-25:59) - VETCON II -
Night Life - Planet Hollywood - Mezzanine Stage - Hacker Jeopardy -

 

Friday - 21:00


Return to Index  -  Locations Legend
DC - Planet Hollywood - Firesides Lounge - cont...(20:00-21:59) - D0 N0 H4RM: A Healthcare Security Conversation - Christian “quaddi” Dameff, Jeff “r3plicant” Tully MD, Suzanne Schwartz MD, Marie Moe PhD, Billy Rios, Jay Radcliffe
Night Life - Paris - Concorde A Ballroom - 303/Skytalks Pajama Dance Party -
Night Life - Paris - Concorde B Ballroom - cont...(19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde B Ballroom - cont...(20:00-26:15) - Blanketfort Con Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Napoleon's Piano Bar - Music - Steph Infection - Steph Infection
Night Life - Paris - Rivoli A Ballroom - cont...(19:30-25:59) - VETCON II -
Night Life - Planet Hollywood - Apex Suite - Florida Man Party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Terrestrial Access Network - Terrestrial Access Network
Night Life - Planet Hollywood - Mezzanine Stage - cont...(20:00-21:59) - Hacker Jeopardy -

 

Friday - 22:00


Return to Index  -  Locations Legend
DC - Planet Hollywood - Firesides Lounge - (22:15-22:59) - Panel: DEF CON Groups - Brent White / B1TK1LL3R, Jayson E. Street, Darington, April Wright, Tim Roberts (byt3boy), Casey Bourbonnais, s0ups
Night Life - Paris - Concorde A Ballroom - cont...(21:00-25:59) - 303/Skytalks Pajama Dance Party -
Night Life - Paris - Concorde B Ballroom - cont...(19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde B Ballroom - cont...(20:00-26:15) - Blanketfort Con Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Napoleon's Piano Bar - Music - S7a73farm - S7a73farm
Night Life - Paris - Rivoli A Ballroom - cont...(19:30-25:59) - VETCON II -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Florida Man Party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Icetre Normal - Icetre Normal
Night Life - Planet Hollywood - London Club - SecKC the work, Again party - SecKC
Night Life - Planet Hollywood - Mezzanine Stage - Who's Slide is it anyway? -

 

Friday - 23:00


Return to Index  -  Locations Legend
Night Life - Paris - Concorde A Ballroom - cont...(21:00-25:59) - 303/Skytalks Pajama Dance Party -
Night Life - Paris - Concorde B Ballroom - cont...(19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde B Ballroom - cont...(20:00-26:15) - Blanketfort Con Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Napoleon's Piano Bar - Music - DJ SmOke - DJ SmOke
Night Life - Paris - Rivoli A Ballroom - cont...(19:30-25:59) - VETCON II -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Florida Man Party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Miss Jackalope - Miss Jackalope
Night Life - Planet Hollywood - London Club - cont...(22:00-25:59) - SecKC the work, Again party - SecKC
Night Life - Planet Hollywood - Mezzanine Stage - cont...(22:00-23:59) - Who's Slide is it anyway? -

 

Friday - 24:00


Return to Index  -  Locations Legend
Night Life - Paris - Concorde A Ballroom - cont...(21:00-25:59) - 303/Skytalks Pajama Dance Party -
Night Life - Paris - Concorde B Ballroom - cont...(19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde B Ballroom - cont...(20:00-26:15) - Blanketfort Con Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Napoleon's Piano Bar - Music - DJ Wil Austin - Wil Austin
Night Life - Paris - Rivoli A Ballroom - cont...(19:30-25:59) - VETCON II -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Florida Man Party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - DJ St3rling - DJ St3rling
Night Life - Planet Hollywood - London Club - cont...(22:00-25:59) - SecKC the work, Again party - SecKC

 

Friday - 25:00


Return to Index  -  Locations Legend
Night Life - Paris - Concorde A Ballroom - cont...(21:00-25:59) - 303/Skytalks Pajama Dance Party -
Night Life - Paris - Concorde B Ballroom - cont...(19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde B Ballroom - cont...(20:00-26:15) - Blanketfort Con Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Napoleon's Piano Bar - Music - ASHSLAY - ASHSLAY
Night Life - Paris - Rivoli A Ballroom - cont...(19:30-25:59) - VETCON II -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Florida Man Party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - DJ%27 - DJ%27
Night Life - Planet Hollywood - London Club - cont...(22:00-25:59) - SecKC the work, Again party - SecKC

 

Friday - 26:00


Return to Index  -  Locations Legend
Night Life - Paris - Concorde B Ballroom - cont...(20:00-26:15) - Blanketfort Con Party -

Saturday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Saturday - 06:00


Return to Index  -  Locations Legend
Meetups - Paris - Outside at base of Eiffel Tower - DEFCON 27 4X5K run -

 

Saturday - 09:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - (09:50-09:59) - Welcome Note
BTVW - Flamingo - 3rd Floor- Savoy Room - Introduction To Mac-centric Incident Response Tools And Techniques - crlowell
PHVW - Bally's - Indigo Tower - 26th Floor - Burp Suite Workshop - Sunny Wear, Nestor Torres
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - SiestaTime, A Red Team Automation Tool for Generation of Long-term Implants and Infrastructure Deployment  - Alvaro Folgado

 

Saturday - 10:00


Return to Index  -  Locations Legend
AVV - Bally's Event Center - Panel – The Long Haul: The State of Aviation Security Policy - Andrea, Stefan, Pete, Renderman
BCV - Flamingo 3rd Floor - Laughlin III Room - Keynote Blockchain-Security Symbiosis: Security Enabling Blockchains; Blockchains Enabling Security - Paul Makowski
BCV - Flamingo 3rd Floor - Laughlin III Room - (10:50-11:10) - Contest Announcement
BHV - Planet Hollywood - Melrose 1-3 Rooms - Opening Words - Sam Buhrow
BHV - Planet Hollywood - Melrose 1-3 Rooms - (10:15-10:59) - Spectra - Jean Rintoul
BTVW - Flamingo - 3rd Floor- Savoy Room - cont...(09:00-12:59) - Introduction To Mac-centric Incident Response Tools And Techniques - crlowell
CLV - Flamingo 3rd Floor - Reno I Room - Build to Hack, Hack to Build - Chris Le Roy
CLV - Flamingo 3rd Floor - Reno I Room - (10:40-11:20) - Applying Pareto's Principle for Securing AWS with SCPs - Ayman Elsawah
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Towards Usable Dining Cryptographer Networks with Howl - Tyler Kell
DC - Paris - Track 1 - Weaponizing Hypervisors to Fight and Beat Car and Medical Devices Attacks - Ali Islam, Dan Regalado (DanuX)
DC - Paris - Track 2 - Rise of the Hypebots: Scripting Streetwear - finalphoenix
DC - Paris - Track 3 - Information Security in the Public Interest - Bruce Schneier
DC - Paris - Track 4 - EDR Is Coming; Hide Yo Sh!t - Michael Leibowitz, Topher Timzen
DL - Planet Hollywood - Sunset 1 - WiFi Kraken – Scalable Wireless Monitoring - Mike Spicer
DL - Planet Hollywood - Sunset 2 - CIRCO: Cisco Implant Raspberry Controlled Operations - Emilio Couto
DL - Planet Hollywood - Sunset 3 - Cotopaxi: IoT Protocols Security Testing Toolkit - Jakub Botwicz
DL - Planet Hollywood - Sunset 4 - Srujan: Safer Networks for Smart Homes - Sanket Karpe, Parmanand Mishra
DL - Planet Hollywood - Sunset 5 - Go Reverse Engineering Tool Kit - Joakim Kennedy
DL - Planet Hollywood - Sunset 6 - Memhunter - Automated hunting of memory resident malware at scale - Marcos Oviedo
ETV - Flamingo - 3rd Floor - Reno II Room - Void If Removed: Securing Our Right TO Repair -
PHVT - Bally's - Indigo Tower - 26th Floor - Hacking Corporate Org Socialization: One Day You Are Out and the Next Day You Pwn the Org! - D9
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(09:00-10:59) - Burp Suite Workshop - Sunny Wear, Nestor Torres
RCV - Planet Hollywood - Celebrity 5 Ballroom - Hack to Basics – Adapting Exploit Frameworks to Evade Microsoft ATP - Anthony “C01И” Rose and Jake “Hubble” Krasnov
RCV - Planet Hollywood - Celebrity 5 Ballroom - (10:50-11:30) - DECEPTICON: OPSEC to Slow the OSINT - Joe Gray
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (10:30-11:30) - Breaking NBAD and UEBA Detection  - Charles Herring
WS - Flamingo - Lower Level - Lake Mead I - Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments - Richard Gold
WS - Flamingo - Lower Level - Lake Mead II - Writing custom backdoor payloads using C# - Mauricio Velazco, Olindo Verrillo
WS - Flamingo - Lower Level - Valley of Fire I - Red Teaming Techniques for Electronic Physical Security Systems - Valerie Thomas, Terry Gold
WS - Flamingo - Lower Level - Valley of Fire II - Functional Programming for the Blue Team - eigentourist

 

Saturday - 11:00


Return to Index  -  Locations Legend
AVV - Bally's Event Center - A hackers first solo: airplane avionics security 101 - Ken, Alex
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(10:50-11:10) - Contest Announcement
BCV - Flamingo 3rd Floor - Laughlin III Room - FumbleChain: A Purposefully Vulnerable Blockchai - Nils Amiet
BCV - Flamingo 3rd Floor - Laughlin III Room - (11:35-11:59) - Securing the Unknown: A Methodology for Auditing Smart Contracts - Ben
BHV - Planet Hollywood - Melrose 1-3 Rooms - DIY Medicine - Alex Pearlman
BHV - Planet Hollywood - Melrose 1-3 Rooms - (11:45-12:30) - Forensic Science and Information Security - Najla Lindsay
BTVW - Flamingo - 3rd Floor- Savoy Room - cont...(09:00-12:59) - Introduction To Mac-centric Incident Response Tools And Techniques - crlowell
CLV - Flamingo 3rd Floor - Reno I Room - cont...(10:40-11:20) - Applying Pareto's Principle for Securing AWS with SCPs - Ayman Elsawah
CLV - Flamingo 3rd Floor - Reno I Room - (11:20-11:45) - Lightening Talk (TBA)
CLV - Flamingo 3rd Floor - Reno I Room - (11:45-12:15) - PacBot - Policy as Code from T-Mobile OSS - Setu Parimi
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - TLS decryption attacks and back-doors to secure systems - Chris Hanlon
DC - Paris - Track 1 - Your Car is My Car - Jmaxxz
DC - Paris - Track 2 - HAKC THE POLICE - Bill Swearingen
DC - Paris - Track 3 - Hacking Your Thoughts - Batman Forever meets Black Mirror - Katherine Pratt/GattaKat
DC - Paris - Track 4 - Meticulously Modern Mobile Manipulations - Leon Jacobs
DL - Planet Hollywood - Sunset 1 - cont...(10:00 - 11:50) - WiFi Kraken – Scalable Wireless Monitoring - Mike Spicer
DL - Planet Hollywood - Sunset 2 - cont...(10:00 - 11:50) - CIRCO: Cisco Implant Raspberry Controlled Operations - Emilio Couto
DL - Planet Hollywood - Sunset 3 - cont...(10:00 - 11:50) - Cotopaxi: IoT Protocols Security Testing Toolkit - Jakub Botwicz
DL - Planet Hollywood - Sunset 4 - cont...(10:00 - 11:50) - Srujan: Safer Networks for Smart Homes - Sanket Karpe, Parmanand Mishra
DL - Planet Hollywood - Sunset 5 - cont...(10:00 - 11:50) - Go Reverse Engineering Tool Kit - Joakim Kennedy
DL - Planet Hollywood - Sunset 6 - cont...(10:00 - 11:50) - Memhunter - Automated hunting of memory resident malware at scale - Marcos Oviedo
LBV - Flamingo - Carson City II Room - Lock Bypass 101
Meetups - Planet Hollywood - Mezzanine Stage - dstruction -
PHVT - Bally's - Indigo Tower - 26th Floor - Solving Crimes with Wireless GeoFencing and Multi-Zone Correlation Analytics - Gleb Esman
PHVW - Bally's - Indigo Tower - 26th Floor - (11:20-13:20) - Tools? We Don’t Need No Stinkin’ Tools: Hands-on Hacking with Python - Jason Nickola, Wayne Marsh
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(10:50-11:30) - DECEPTICON: OPSEC to Slow the OSINT - Joe Gray
RCV - Planet Hollywood - Celebrity 5 Ballroom - (11:30-11:55) - Finding the needle in the twitter haystack. - Wicked Clown
RCV - Planet Hollywood - Celebrity 5 Ballroom - (11:55-12:30) - Use Responsibly: Recon Like an insider threat for Best User Training ROI - Kala Kinyon
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(10:30-11:30) - Breaking NBAD and UEBA Detection  - Charles Herring
WS - Flamingo - Lower Level - Lake Mead I - cont...(10:00-13:59) - Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments - Richard Gold
WS - Flamingo - Lower Level - Lake Mead II - cont...(10:00-13:59) - Writing custom backdoor payloads using C# - Mauricio Velazco, Olindo Verrillo
WS - Flamingo - Lower Level - Valley of Fire I - cont...(10:00-13:59) - Red Teaming Techniques for Electronic Physical Security Systems - Valerie Thomas, Terry Gold
WS - Flamingo - Lower Level - Valley of Fire II - cont...(10:00-13:59) - Functional Programming for the Blue Team - eigentourist

 

Saturday - 12:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - Secrets Worlds in Plain Web. The BlockChain DNS. - Fernando Amatte
BCV - Flamingo 3rd Floor - Laughlin III Room - (12:50-13:40) - Jump-Oriented Programming (JOP) in Smart Contract Honeypots - Xiaohang Yu
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(11:45-12:30) - Forensic Science and Information Security - Najla Lindsay
BHV - Planet Hollywood - Melrose 1-3 Rooms - (12:30-14:30) - Dr/Hacker Panel - Najla Lindsay
BTVW - Flamingo - 3rd Floor- Savoy Room - cont...(09:00-12:59) - Introduction To Mac-centric Incident Response Tools And Techniques - crlowell
CLV - Flamingo 3rd Floor - Reno I Room - cont...(11:45-12:15) - PacBot - Policy as Code from T-Mobile OSS - Setu Parimi
CLV - Flamingo 3rd Floor - Reno I Room - (12:15-12:59) - Hacking into automotive clouds - Rotem Bar
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Stop right now! Quantum-Safe Instantaneous Vehicle to Vehicle communication - Sarah McCarthy
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Scrubber: An open source compilation to protect journalistic sources - Ethan Gregory Dodge
DC - Paris - Track 1 - How You Can Buy AT&T, T-Mobile, and Sprint Real-Time Location Data on the Black Market - Joseph Cox
DC - Paris - Track 2 - Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming - Damien Cauquil (virtualabs)
DC - Paris - Track 3 - Why You Should Fear Your “mundane” Office Equipment - Daniel Romero, Mario Rivas
DC - Paris - Track 4 - Zombie Ant Farm: Practical Tips for Playing Hide and Seek with Linux EDRs - Dimitry Snezhkov
DL - Planet Hollywood - Sunset 1 - Burp Plugin: Cyber Security Transformation Chef (CSTC) - Ralf Almon, Sebastian Puttkammer
DL - Planet Hollywood - Sunset 2 - ioc2rpz - Vadim Pavlov
DL - Planet Hollywood - Sunset 3 - Local Sheriff - Konark Modi
DL - Planet Hollywood - Sunset 4 - PCILeech and MemProcFS - Ulf Frisk, Ian Vitek
DL - Planet Hollywood - Sunset 5 - Dr.ROBOT: Organized Chaos and the Shotgun Approach - Aleksandar Straumann, Jayson Grace
DL - Planet Hollywood - Sunset 6 - bedr - Mark Ignacio
ETV - Flamingo - 3rd Floor - Reno II Room - Is It Ethical To Work On Autonomous Weapon Systems? -
ICS - Bally's Event Center - Hack the World & Galaxy with OSINT - Chris Kubecka
ICS - Bally's Event Center - (12:30-12:59) - SCADA: What the next Stuxnet will look like and how to prevent it - Joseph Bingham
Meetups - Planet Hollywood - Mezzanine Stage - cont...(11:00-12:59) - dstruction -
Meetups - Planet Hollywood - Santa Monica 4 Room - Friends of Bill W. -
PHVT - Bally's - Indigo Tower - 26th Floor - "First-Try" DNS Cache Poisoning with IPv4 and IPv6 Fragmentation - Travis Palmer and Brian Somers
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(11:20-13:20) - Tools? We Don’t Need No Stinkin’ Tools: Hands-on Hacking with Python - Jason Nickola, Wayne Marsh
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(11:55-12:30) - Use Responsibly: Recon Like an insider threat for Best User Training ROI - Kala Kinyon
RCV - Planet Hollywood - Celebrity 5 Ballroom - (12:30-13:05) - “Can you add a conference line, please?” - Using Cloud Services for Dial-In Reconnaissance Automation - Alina Dorina
WS - Flamingo - Lower Level - Lake Mead I - cont...(10:00-13:59) - Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments - Richard Gold
WS - Flamingo - Lower Level - Lake Mead II - cont...(10:00-13:59) - Writing custom backdoor payloads using C# - Mauricio Velazco, Olindo Verrillo
WS - Flamingo - Lower Level - Valley of Fire I - cont...(10:00-13:59) - Red Teaming Techniques for Electronic Physical Security Systems - Valerie Thomas, Terry Gold
WS - Flamingo - Lower Level - Valley of Fire II - cont...(10:00-13:59) - Functional Programming for the Blue Team - eigentourist

 

Saturday - 13:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(12:50-13:40) - Jump-Oriented Programming (JOP) in Smart Contract Honeypots - Xiaohang Yu
BCV - Flamingo 3rd Floor - Laughlin III Room - (13:40-14:05) - Low-Hanging Fruits in Blockchain Security - Pavlo Radchuk&Serhii Okhrimenko
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(12:30-14:30) - Dr/Hacker Panel - Najla Lindsay
BTVT - Flamingo - 3rd Floor- Savoy Room - Security Strategy for Small-Medium Business
CLV - Flamingo 3rd Floor - Reno I Room - DYI Azure Security Assessment - Tanya Janca & Teri Radichel
CLV - Flamingo 3rd Floor - Reno I Room - (13:45-14:25) - Using Splunk for Auditing AWS/GCP/Azure Security posture - Rod Soto
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Tiplines Today - Harlo Holmes
DC - Paris - Track 1 - RACE - Minimal Rights and ACE for Active Directory Dominance - Nikhil Mittal
DC - Paris - Track 2 - GSM: We Can Hear Everyone Now! - Campbell Murray, Eoin Buckley, James Kulikowski
DC - Paris - Track 3 - Tag-side attacks against NFC - Christopher Wade
DC - Paris - Track 4 - SSO Wars: The Token Menace - Alvaro Muñoz, Oleksandr Mirosh
DL - Planet Hollywood - Sunset 1 - cont...(12:00 - 13:50) - Burp Plugin: Cyber Security Transformation Chef (CSTC) - Ralf Almon, Sebastian Puttkammer
DL - Planet Hollywood - Sunset 2 - cont...(12:00 - 13:50) - ioc2rpz - Vadim Pavlov
DL - Planet Hollywood - Sunset 3 - cont...(12:00 - 13:50) - Local Sheriff - Konark Modi
DL - Planet Hollywood - Sunset 4 - cont...(12:00 - 13:50) - PCILeech and MemProcFS - Ulf Frisk, Ian Vitek
DL - Planet Hollywood - Sunset 5 - cont...(12:00 - 13:50) - Dr.ROBOT: Organized Chaos and the Shotgun Approach - Aleksandar Straumann, Jayson Grace
DL - Planet Hollywood - Sunset 6 - cont...(12:00 - 13:50) - bedr - Mark Ignacio
ICS - Bally's Event Center - HVACking: Understand the difference Between Security and Reality! - Douglas McKee, Mark Bereza
ICS - Bally's Event Center - (13:30-13:59) - CRASHOVERRIDE: Re-Assessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack - Joe Slowik
Meetups - Bally's - Chillout room near Vendor Area - DEFCON Sticker Swap -
Meetups - Planet Hollywood - Mezzanine Stage - Beard and Mustache Contest
PHVT - Bally's - Indigo Tower - 26th Floor - Phishing Freakonomics - Russell Butturini
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(11:20-13:20) - Tools? We Don’t Need No Stinkin’ Tools: Hands-on Hacking with Python - Jason Nickola, Wayne Marsh
PHVW - Bally's - Indigo Tower - 26th Floor - (13:40-15:40) - Writing Wireshark Plugins for Security Analysis - Nishant Sharma, Jeswin Mathai
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(12:30-13:05) - “Can you add a conference line, please?” - Using Cloud Services for Dial-In Reconnaissance Automation - Alina Dorina
RCV - Planet Hollywood - Celebrity 5 Ballroom - Manhunting 101 - OSINT Crash Course vs Human Targets - Jason Edison
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - BadSalt (Adversarial DevOps)  - Casey Erdmann
WS - Flamingo - Lower Level - Lake Mead I - cont...(10:00-13:59) - Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments - Richard Gold
WS - Flamingo - Lower Level - Lake Mead II - cont...(10:00-13:59) - Writing custom backdoor payloads using C# - Mauricio Velazco, Olindo Verrillo
WS - Flamingo - Lower Level - Valley of Fire I - cont...(10:00-13:59) - Red Teaming Techniques for Electronic Physical Security Systems - Valerie Thomas, Terry Gold
WS - Flamingo - Lower Level - Valley of Fire II - cont...(10:00-13:59) - Functional Programming for the Blue Team - eigentourist

 

Saturday - 14:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(13:40-14:05) - Low-Hanging Fruits in Blockchain Security - Pavlo Radchuk&Serhii Okhrimenko
BCV - Flamingo 3rd Floor - Laughlin III Room - (14:15-15:59) - Take back control of user data with the decentralized cloud - Kevin Leffew
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(12:30-14:30) - Dr/Hacker Panel - Najla Lindsay
BHV - Planet Hollywood - Melrose 1-3 Rooms - (14:30-15:15) - The L33T Shall Inherit the Cosmos - J.J. Hastings
BTVT - Flamingo - 3rd Floor- Savoy Room - Anatomy Of A Megabreach: Equifax Report - uncl3dumby
CLV - Flamingo 3rd Floor - Reno I Room - cont...(13:45-14:25) - Using Splunk for Auditing AWS/GCP/Azure Security posture - Rod Soto
CLV - Flamingo 3rd Floor - Reno I Room - (14:25-15:05) - Scaling Security in the Cloud With Open Source - James Strassburg
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Adversarial Fashion – Sartorial Hacking to Combat Surveillance - Kate Rose
DC - Paris - Track 1 - SELECT code_execution FROM * USING SQLite;—Gaining code execution using a malicious SQLite database - Omer Gull
DC - Paris - Track 2 - I'm on your phone, listening - Attacking VoIP Configuration Interfaces - Stephan Huber, Philipp Roskosch
DC - Paris - Track 3 - Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets - Maksim Shudrak
DC - Paris - Track 4 - Next Generation Process Emulation with Binee - Kyle Gwinnup, John Holowczak
DL - Planet Hollywood - Sunset 1 - Burpsuite Team Server for Collaborative Web App Testing - Tanner Barnes
DL - Planet Hollywood - Sunset 2 - OWASP Amass - Jeff Foley, Anthony Rhodes
DL - Planet Hollywood - Sunset 3 - PivotSuite: Hack The Hidden Network - A Network Pivoting Toolkit - Manish Gupta
DL - Planet Hollywood - Sunset 4 - SILENTTRINITY - Marcello Salvati
DL - Planet Hollywood - Sunset 5 - Shellcode Compiler - Ionut Popescu
DL - Planet Hollywood - Sunset 6 - Shadow Workers: Backdooring with Service Workers - Emmanuel Law, Claudio Contin
ETV - Flamingo - 3rd Floor - Reno II Room - Ethical Issues In Cyber Attribution -
ICS - Bally's Event Center - Abusing the IoT in Smart Buildings - Daniel dos Santos
Meetups - Bally's - Chillout room near Vendor Area - cont...(13:00-14:59) - DEFCON Sticker Swap -
Meetups - Planet Hollywood - Mezzanine Stage - cont...(13:00-14:59) - Beard and Mustache Contest
PHVT - Bally's - Indigo Tower - 26th Floor - (14:30-14:59) - Security to Make the CFO Happy - Adam
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(13:40-15:40) - Writing Wireshark Plugins for Security Analysis - Nishant Sharma, Jeswin Mathai
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(13:05-15:10) - Manhunting 101 - OSINT Crash Course vs Human Targets - Jason Edison
RGV - Flamingo - 3rd Floor - Carson City II - A Life of Advantage Play - R.X. Gambler
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (14:30-15:30) - Red Team Framework (RTF)   - Joe Gray
WS - Flamingo - Lower Level - Lake Mead I - (14:30-18:30) - scapy_dojo_v_1 - Hugo Trovao, Rushikesh D. Nandedkar
WS - Flamingo - Lower Level - Lake Mead II - (14:30-18:30) - Modern Debugging^HWarfare with WinDbg Preview - Chris Alladoum, Axel Souchet
WS - Flamingo - Lower Level - Valley of Fire I - (14:30-18:30) - Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows. - Dino Covotsos
WS - Flamingo - Lower Level - Valley of Fire II - (14:30-18:30) - Pentesting ICS 102 - Alexandrine Torrents, Arnaud Soullié

 

Saturday - 15:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(14:15-15:59) - Take back control of user data with the decentralized cloud - Kevin Leffew
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(14:30-15:15) - The L33T Shall Inherit the Cosmos - J.J. Hastings
BHV - Planet Hollywood - Melrose 1-3 Rooms - (15:15-15:59) - The Story of SICGRL Vulnerability - Andrea Downing
BTVT - Flamingo - 3rd Floor- Savoy Room - Memhunter - Automated Hunting Of Memory Resident Malware At Scale - marcosd4h , chgaray
CLV - Flamingo 3rd Floor - Reno I Room - cont...(14:25-15:05) - Scaling Security in the Cloud With Open Source - James Strassburg
CLV - Flamingo 3rd Floor - Reno I Room - Your Blacklist is Dead: Why the Future of Command and Control is the Cloud - Erick Galinkin
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - I am Spartacus! (And You Can Be Too!) Ensuring Privacy through Obfuscation - Mike Kiser
DC - Paris - Track 1 - Get off the Kernel if you can’t Drive - Jesse Michael, Mickey Shkatov
DC - Paris - Track 2 - Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss - g richter
DC - Paris - Track 3 - State of DNS Rebinding - Attack & Prevention Techniques and the Singularity of Origin - Gerald Doussot, Roger Meyer
DC - Paris - Track 4 - .NET Malware Threats: Internals And Reversing - Alexandre Borges
DL - Planet Hollywood - Sunset 1 - cont...(14:00 - 15:50) - Burpsuite Team Server for Collaborative Web App Testing - Tanner Barnes
DL - Planet Hollywood - Sunset 2 - cont...(14:00 - 15:50) - OWASP Amass - Jeff Foley, Anthony Rhodes
DL - Planet Hollywood - Sunset 3 - cont...(14:00 - 15:50) - PivotSuite: Hack The Hidden Network - A Network Pivoting Toolkit - Manish Gupta
DL - Planet Hollywood - Sunset 4 - cont...(14:00 - 15:50) - SILENTTRINITY - Marcello Salvati
DL - Planet Hollywood - Sunset 5 - cont...(14:00 - 15:50) - Shellcode Compiler - Ionut Popescu
DL - Planet Hollywood - Sunset 6 - cont...(14:00 - 15:50) - Shadow Workers: Backdooring with Service Workers - Emmanuel Law, Claudio Contin
LBV - Flamingo - Carson City II Room - Lock Bypass 101
Meetups - Planet Hollywood - Mezzanine Stage - Homebrew Hardware Contest -
PHVT - Bally's - Indigo Tower - 26th Floor - Generating Personalized Wordlists With NLP by Analyzing Tweets - Utku Sen
PHVT - Bally's - Indigo Tower - 26th Floor - (15:30-15:59) - Sandbox Creative Usage For Fun and Pro...Blems - Cesare Pizzi
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(13:40-15:40) - Writing Wireshark Plugins for Security Analysis - Nishant Sharma, Jeswin Mathai
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(13:05-15:10) - Manhunting 101 - OSINT Crash Course vs Human Targets - Jason Edison
RCV - Planet Hollywood - Celebrity 5 Ballroom - Derevolutionizing OS Fingerprinting: the cat and mouse game - Jaime Sanchez
RCV - Planet Hollywood - Celebrity 5 Ballroom - (15:50-16:15) - From email address to phone number - Martin Vigo
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(14:30-15:30) - Red Team Framework (RTF)   - Joe Gray
SEV - Bally's Jubilee Tower - 3rd Floor - (15:30-16:20) - I PWN thee, I PWN thee not! - Jayson Street
WS - Flamingo - Lower Level - Lake Mead I - cont...(14:30-18:30) - scapy_dojo_v_1 - Hugo Trovao, Rushikesh D. Nandedkar
WS - Flamingo - Lower Level - Lake Mead II - cont...(14:30-18:30) - Modern Debugging^HWarfare with WinDbg Preview - Chris Alladoum, Axel Souchet
WS - Flamingo - Lower Level - Valley of Fire I - cont...(14:30-18:30) - Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows. - Dino Covotsos
WS - Flamingo - Lower Level - Valley of Fire II - cont...(14:30-18:30) - Pentesting ICS 102 - Alexandrine Torrents, Arnaud Soullié

 

Saturday - 16:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - --Workshop --
BHV - Planet Hollywood - Melrose 1-3 Rooms - Cyberbiosecurity & the "Full Stack Biotechnologist" - Steve Lewis
BHV - Planet Hollywood - Melrose 1-3 Rooms - (16:45-17:30) - Building a New Decentralized Internet, With the Nodes Implanted in Our Bodies - Nick Titus, Zac Shannon, Mixl S. Laufer
BTVT - Flamingo - 3rd Floor- Savoy Room - (16:30-16:59) - When A Plan Comes Together: Building A SOC A-Team - markaorlando
CLV - Flamingo 3rd Floor - Reno I Room - MozDef - Andrew Krug
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Stop Facebook From Buying Your Brain: Facial Recognition, DNA, and Biometric Privacy - Tiffany Li
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Easy PAKE Oven - Steve Thomas
DC - Paris - Track 1 - Reverse Engineering 17+ Cars in Less Than 10 Minutes - Brent Stone
DC - Paris - Track 1 - (16:30-16:50) - Unpacking Pkgs: A Look Inside Macos Installer Packages And Common Security Flaws - Andy Grant
DC - Paris - Track 2 - NOC NOC. Who's there? All. All who? All the things you wanted to know about the DEF CON NOC and we won't tell you about - The DEF CON NOC
DC - Paris - Track 3 - Confessions of an Nespresso Money Mule: Free Stuff & Triangulation Fraud - Nina Kollars, Kitty Hegemon
DC - Paris - Track 3 - (16:30-16:50) - Go NULL Yourself or: How I Learned to Start Worrying While Getting Fined for Other’s Auto Infractions - droogie
DC - Paris - Track 4 - Vacuum Cleaning Security—Pinky and the Brain Edition - jiska, clou (Fabian Ullrich)
DC - Paris - Track 4 - (16:30-16:50) - Apache Solr Injection - Michael Stepankin
ETV - Flamingo - 3rd Floor - Reno II Room - National Collegiate Penetration Testing Competition & Ethical Challenges -
Meetups - Planet Hollywood - Mezzanine Stage - cont...(15:00-16:59) - Homebrew Hardware Contest -
PHVT - Bally's - Indigo Tower - 26th Floor - (Re)Thinking Security Given the Spectre of a Meltdown (hold my beer) - Jeff Man
PHVW - Bally's - Indigo Tower - 26th Floor - Advanced APT Hunting with Splunk - John Stoner, Ryan Kovar
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(15:50-16:15) - From email address to phone number - Martin Vigo
RCV - Planet Hollywood - Celebrity 5 Ballroom - (16:15-16:59) - PIE - A hardware based Prebellico Intelligence Exfiltration Botnet - William Suthers
RGV - Flamingo - 3rd Floor - Carson City II - Verbal Steganography - Four Suites Co.
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Through the Looking Glass: Own the Data Center  - Chris McCoy
SEV - Bally's Jubilee Tower - 3rd Floor - cont...(15:30-16:20) - I PWN thee, I PWN thee not! - Jayson Street
SEV - Bally's Jubilee Tower - 3rd Floor - (16:30-16:59) - Getting Psychic: Cold Reading Techniques for Fortune Tellers and Social Engineers - Chris Kirsch
WS - Flamingo - Lower Level - Lake Mead I - cont...(14:30-18:30) - scapy_dojo_v_1 - Hugo Trovao, Rushikesh D. Nandedkar
WS - Flamingo - Lower Level - Lake Mead II - cont...(14:30-18:30) - Modern Debugging^HWarfare with WinDbg Preview - Chris Alladoum, Axel Souchet
WS - Flamingo - Lower Level - Valley of Fire I - cont...(14:30-18:30) - Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows. - Dino Covotsos
WS - Flamingo - Lower Level - Valley of Fire II - cont...(14:30-18:30) - Pentesting ICS 102 - Alexandrine Torrents, Arnaud Soullié

 

Saturday - 17:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(16:10-17:59) - --Workshop --
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(16:45-17:30) - Building a New Decentralized Internet, With the Nodes Implanted in Our Bodies - Nick Titus, Zac Shannon, Mixl S. Laufer
BHV - Planet Hollywood - Melrose 1-3 Rooms - (17:30-18:15) - Liven Up - Rachel Smith
BTVT - Flamingo - 3rd Floor- Savoy Room - Extending Zeek For ICS Defense - v4tl4, jamesdickenson
BTVT - Flamingo - 3rd Floor- Savoy Room - (17:30-17:59) - Killsuit - How The Equation Group Remained Out Of Sight For Years - connormorley, laciefan
CLV - Flamingo 3rd Floor - Reno I Room - cont...(16:00-17:59) - MozDef - Andrew Krug
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Snoop all Telegram messages - Vitor Ventura
DC - Paris - Track 2 - cont...(16:00-17:45) - NOC NOC. Who's there? All. All who? All the things you wanted to know about the DEF CON NOC and we won't tell you about - The DEF CON NOC
Meetups - Planet Hollywood - Mezzanine Stage - Tinfoil Hat Contest -
Meetups - Planet Hollywood - Santa Monica 4 Room - Friends of Bill W. -
PHVT - Bally's - Indigo Tower - 26th Floor - State Sponsored Hacking: How to Intercept/Decrypt TLS Traffic and How to Prevent TLS Interception Attacks - Chris Hanlon
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(16:00-17:59) - Advanced APT Hunting with Splunk - John Stoner, Ryan Kovar
RGV - Flamingo - 3rd Floor - Carson City II - Verbal Steganography Workshop - Four Suites Co.
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (17:30-18:30) - Casting with the Pros: Tips and Tricks for Effective Phishing - Nathan Sweaney
SEV - Bally's Jubilee Tower - 3rd Floor - Hacking Your Career Through Social Engineering - Rabecca Long
SEV - Bally's Jubilee Tower - 3rd Floor - (17:40-18:09) - Red Teaming - DON'T MISS THIS ONE - Wayne Ronaldson
WS - Flamingo - Lower Level - Lake Mead I - cont...(14:30-18:30) - scapy_dojo_v_1 - Hugo Trovao, Rushikesh D. Nandedkar
WS - Flamingo - Lower Level - Lake Mead II - cont...(14:30-18:30) - Modern Debugging^HWarfare with WinDbg Preview - Chris Alladoum, Axel Souchet
WS - Flamingo - Lower Level - Valley of Fire I - cont...(14:30-18:30) - Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows. - Dino Covotsos
WS - Flamingo - Lower Level - Valley of Fire II - cont...(14:30-18:30) - Pentesting ICS 102 - Alexandrine Torrents, Arnaud Soullié

 

Saturday - 18:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - Contest Roundup
BCV - Flamingo 3rd Floor - Laughlin III Room - (18:20-18:30) - Closing note
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(17:30-18:15) - Liven Up - Rachel Smith
BHV - Planet Hollywood - Melrose 1-3 Rooms - (18:15-18:59) - Getting access to your heart's data - Marie Moe
LBV - Flamingo - Carson City II Room - The Human Body's Promise: How Your Bare Hands can Defeat Physical Security -
Night Life - Planet Hollywood - Mezzanine Stage - H@ck3r Runw@y -
PHVT - Bally's - Indigo Tower - 26th Floor - Leveraging Passive Network Mapping with Raspberry Pi and Python - Chet Hosmer
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(17:30-18:30) - Casting with the Pros: Tips and Tricks for Effective Phishing - Nathan Sweaney
SEV - Bally's Jubilee Tower - 3rd Floor - (18:15-18:45) - The Voice Told Me To Do It - Daniel Isler
SEV - Bally's Jubilee Tower - 3rd Floor - (18:50-19:20) - The Aspie's Guide to Social Engineering Your Way Through Life - Perry Carpenter
WS - Flamingo - Lower Level - Lake Mead I - cont...(14:30-18:30) - scapy_dojo_v_1 - Hugo Trovao, Rushikesh D. Nandedkar
WS - Flamingo - Lower Level - Lake Mead II - cont...(14:30-18:30) - Modern Debugging^HWarfare with WinDbg Preview - Chris Alladoum, Axel Souchet
WS - Flamingo - Lower Level - Valley of Fire I - cont...(14:30-18:30) - Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows. - Dino Covotsos
WS - Flamingo - Lower Level - Valley of Fire II - cont...(14:30-18:30) - Pentesting ICS 102 - Alexandrine Torrents, Arnaud Soullié

 

Saturday - 19:00


Return to Index  -  Locations Legend
BHV - Planet Hollywood - Melrose 1-3 Rooms - Digital Medicine 101 - Jen Goldsack
Meetups - Planet Hollywood - London Club - (19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Concorde C Ballroom - (19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Lobby Bar, under the blue thing - Dallas Hackers Party -
PHVT - Bally's - Indigo Tower - 26th Floor - The Cyberlous Mrs. Maisel: A Comedic (and slightly terrifying) Introduction to Information Warfare - Jessica "Zhanna" Malekos Smith
SEV - Bally's Jubilee Tower - 3rd Floor - cont...(18:50-19:20) - The Aspie's Guide to Social Engineering Your Way Through Life - Perry Carpenter

 

Saturday - 20:00


Return to Index  -  Locations Legend
DC - Planet Hollywood - Firesides Lounge - Meet the EFF - Meetup Panel - Kurt Opsahl, Camille Fischer, Bennett Cyphers, Nathan 'nash' Sheard, Shahid Buttar
Meetups - Planet Hollywood - London Club - cont...(19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Lobby Bar, under the blue thing - cont...(19:00-21:59) - Dallas Hackers Party -
Night Life - Planet Hollywood - Mezzanine Stage - Hacker Jeopardy -
Night Life - Planet Hollywood - Suite TBA - DC801 Party -

 

Saturday - 21:00


Return to Index  -  Locations Legend
DC - Planet Hollywood - Firesides Lounge - cont...(20:00-21:59) - Meet the EFF - Meetup Panel - Kurt Opsahl, Camille Fischer, Bennett Cyphers, Nathan 'nash' Sheard, Shahid Buttar
Meetups - Planet Hollywood - London Club - cont...(19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Chateau Nightclub - DEFCON Monero Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Lobby Bar, under the blue thing - cont...(19:00-21:59) - Dallas Hackers Party -
Night Life - Paris - Rivoli A Ballroom - (21:30-25:59) - Arcade Party -
Night Life - Paris - Rivoli B Ballroom - 303/Skytalks Party -
Night Life - Planet Hollywood - Apex Suite - Car Hacking Village Party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Kampf - Kampf
Night Life - Planet Hollywood - Mezzanine Stage - cont...(20:00-21:59) - Hacker Jeopardy -
Night Life - Planet Hollywood - Suite TBA - cont...(20:00-24:59) - DC801 Party -
Night Life - TBA - IoT Village Party -

 

Saturday - 22:00


Return to Index  -  Locations Legend
DC - Planet Hollywood - Firesides Lounge - (22:15-22:59) - We Hacked Twitter… And the World Lost Their Sh*t Over It! - Mike Godfrey, Matthew Carr
Meetups - Planet Hollywood - London Club - cont...(19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Chateau Nightclub - cont...(21:00-26:59) - DEFCON Monero Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Rivoli A Ballroom - cont...(21:30-25:59) - Arcade Party -
Night Life - Paris - Rivoli B Ballroom - cont...(21:00-25:59) - 303/Skytalks Party -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Car Hacking Village Party -
Night Life - Planet Hollywood - Gallery Club - GothCON party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Icetre Normal - Icetre Normal
Night Life - Planet Hollywood - Mezzanine Stage - Drunk Hacker History -
Night Life - Planet Hollywood - Suite TBA - cont...(20:00-24:59) - DC801 Party -
Night Life - TBA - cont...(21:00-24:30) - IoT Village Party -

 

Saturday - 23:00


Return to Index  -  Locations Legend
Meetups - Planet Hollywood - London Club - cont...(19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Chateau Nightclub - cont...(21:00-26:59) - DEFCON Monero Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Rivoli A Ballroom - cont...(21:30-25:59) - Arcade Party -
Night Life - Paris - Rivoli B Ballroom - cont...(21:00-25:59) - 303/Skytalks Party -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Car Hacking Village Party -
Night Life - Planet Hollywood - Gallery Club - cont...(22:00-25:59) - GothCON party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Scotchandbubbles - Scotchandbubbles
Night Life - Planet Hollywood - Mezzanine Stage - cont...(22:00-23:59) - Drunk Hacker History -
Night Life - Planet Hollywood - Suite TBA - cont...(20:00-24:59) - DC801 Party -
Night Life - TBA - cont...(21:00-24:30) - IoT Village Party -

 

Saturday - 24:00


Return to Index  -  Locations Legend
Meetups - Planet Hollywood - London Club - cont...(19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Chateau Nightclub - cont...(21:00-26:59) - DEFCON Monero Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Rivoli A Ballroom - cont...(21:30-25:59) - Arcade Party -
Night Life - Paris - Rivoli B Ballroom - cont...(21:00-25:59) - 303/Skytalks Party -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Car Hacking Village Party -
Night Life - Planet Hollywood - Gallery Club - cont...(22:00-25:59) - GothCON party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Acid-T A.K.A. DJ SmOke - Acid-T A.K.A. DJ SmOke
Night Life - Planet Hollywood - Suite TBA - cont...(20:00-24:59) - DC801 Party -
Night Life - TBA - cont...(21:00-24:30) - IoT Village Party -

 

Saturday - 25:00


Return to Index  -  Locations Legend
Meetups - Planet Hollywood - London Club - cont...(19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Chateau Nightclub - cont...(21:00-26:59) - DEFCON Monero Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Rivoli A Ballroom - cont...(21:30-25:59) - Arcade Party -
Night Life - Paris - Rivoli B Ballroom - cont...(21:00-25:59) - 303/Skytalks Party -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Car Hacking Village Party -
Night Life - Planet Hollywood - Gallery Club - cont...(22:00-25:59) - GothCON party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Clockwork Echo - Clockwork Echo

 

Saturday - 26:00


Return to Index  -  Locations Legend
Night Life - Paris - Chateau Nightclub - cont...(21:00-26:59) - DEFCON Monero Party -

Sunday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Sunday - 06:00


Return to Index  -  Locations Legend
Meetups - Paris - Outside at base of Eiffel Tower - DEFCON 27 4X5K run -

 

Sunday - 09:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - (09:45-09:50) - Welcome Note
BCV - Flamingo 3rd Floor - Laughlin III Room - (09:50-10:40) - Hyperledger Fabric Security Essentials - Larry Suto
BTVT - Flamingo - 3rd Floor- Savoy Room - Evaded MicrosoftATA? **But** You Are Completely Exposed By Event Log - 9ian1i
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - State of Red Team Services Roundtable - Wesley McGrew

 

Sunday - 10:00


Return to Index  -  Locations Legend
AVV - Bally's Event Center - Ideas whose time has come: CVD, SBOM, and SOTA - Katie, Art
AVV - Bally's Event Center - (10:30-10:59) - Wireless Attacks on Aircraft Instrument Landing System - Harshad
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(09:50-10:40) - Hyperledger Fabric Security Essentials - Larry Suto
BCV - Flamingo 3rd Floor - Laughlin III Room - (10:40-11:05) - Distributed Decentralized Security for Bitcoin Wallets - Ali Meer
BHV - Planet Hollywood - Melrose 1-3 Rooms - Opening Words - Jen Goldsack
BHV - Planet Hollywood - Melrose 1-3 Rooms - (10:15-10:59) - A Minor Threat - Mike Kijewski
BTVT - Flamingo - 3rd Floor- Savoy Room - Who Dis? Who Dis? The Right Way To Authenticate - Lak5hmi5udheer, dhivus
CLV - Flamingo 3rd Floor - Reno I Room - Mining Malevolence: Cryptominers in the Cloud - Cheryl Biswas
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Don’t Forget to Wipe - Michael Portera
DC - Paris - Track 1 - Backdooring Hardware Devices By Injecting Malicious Payloads On Microcontrollers - Sheila Ayelen Berta
DC - Paris - Track 2 - Adventures In Smart Buttplug Penetration (testing) - smea
DC - Paris - Track 3 - Hacking WebAssembly Games with Binary Instrumentation - Jack Baker
DC - Paris - Track 4 - Your Secret Files Are Mine: Bug Finding And Exploit Techniques On File Transfer App Of All Top Android Vendors - Xiangqian Zhang, Huiming Liu
DL - Planet Hollywood - Sunset 2 - Zigbee Hacking: Smarter Home Invasion with ZigDiggity - Francis Brown, Matt Gleason
DL - Planet Hollywood - Sunset 3 - Vulmap: Online Local Vulnerability Scanners Project - Yavuz Atlas, Fatih Ozel
DL - Planet Hollywood - Sunset 4 - USB-Bootkit – New Bookit via USB Interface in Supply Chain Attacks - Haowen Bai
DL - Planet Hollywood - Sunset 5 - Rhodiola - Utku Sen
DL - Planet Hollywood - Sunset 6 - QiLing - KaiJern, Lau, Dr. Nguyen Anh Quynh
ETV - Flamingo - 3rd Floor - Reno II Room - Who's Tracking Your Body? Health Apps And Your Privacy
PHVT - Bally's - Indigo Tower - 26th Floor - Wi-Fi Threat Modeling and Monitoring - Besim Altinok and Can Kurnaz
RCV - Planet Hollywood - Celebrity 5 Ballroom - Using OSINT for Competitive Intelligence - Chris Kirsch
RCV - Planet Hollywood - Celebrity 5 Ballroom - (10:25-10:59) - Mining for Gold: A Framework for Accessing Pastebin’s Hidden Treasures - Mike Landeck
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (10:30-11:30) - WebSploit 2.0 Release and an Intense Introduction to Hacking Web Applications and APIs - Omar Santos

 

Sunday - 11:00


Return to Index  -  Locations Legend
AVV - Bally's Event Center - In The Air And On The Air: Aviation Radio Systems - Exploding Lemur
AVV - Bally's Event Center - (11:30-11:59) - An introduction to the ARINC standards - Karl
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(10:40-11:05) - Distributed Decentralized Security for Bitcoin Wallets - Ali Meer
BCV - Flamingo 3rd Floor - Laughlin III Room - Reflections on Blockchain Security - Jan Gorzny
BCV - Flamingo 3rd Floor - Laughlin III Room - (11:30-12:20) - Bitcoin Honeypot - Wallet on floor of the Internet - Gordon Draper
BHV - Planet Hollywood - Melrose 1-3 Rooms - Blue Team Bio II - Genetic and Epigenetics Backups - Mr_Br!ml3y
BHV - Planet Hollywood - Melrose 1-3 Rooms - (11:45-12:30) - Biopiracy on the High Seas - Marla Valentine
BTVT - Flamingo - 3rd Floor- Savoy Room - Atomic Threat Coverage: ATT&CK In Action! - yugoslavskiy
CLV - Flamingo 3rd Floor - Reno I Room - cont...(10:00-11:50) - Mining Malevolence: Cryptominers in the Cloud - Cheryl Biswas
CLV - Flamingo 3rd Floor - Reno I Room - (11:50-12:15) - Securing Multi-cloud Kubernetes - Josh Mize
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Empowering Gateways with Functional Encryption - Yolan Romailler
DC - Paris - Track 1 - The ABC of Next-Gen Shellcoding - Hadrien Barral, Rémi Géraud-Stewart, Georges-Axel Jaloyan
DC - Paris - Track 2 - SDR Against Smart TVs: URL and Channel Injection Attacks - Pedro Cabrera Camara
DC - Paris - Track 3 - Exploiting Qualcomm WLAN and Modem Over The Air - Xiling Gong, Peter Pi
DC - Paris - Track 4 - Say Cheese - How I Ransomwared Your DSLR Camera - Eyal Itkin
DL - Planet Hollywood - Sunset 2 - cont...(10:00 - 11:50) - Zigbee Hacking: Smarter Home Invasion with ZigDiggity - Francis Brown, Matt Gleason
DL - Planet Hollywood - Sunset 3 - cont...(10:00 - 11:50) - Vulmap: Online Local Vulnerability Scanners Project - Yavuz Atlas, Fatih Ozel
DL - Planet Hollywood - Sunset 4 - cont...(10:00 - 11:50) - USB-Bootkit – New Bookit via USB Interface in Supply Chain Attacks - Haowen Bai
DL - Planet Hollywood - Sunset 5 - cont...(10:00 - 11:50) - Rhodiola - Utku Sen
DL - Planet Hollywood - Sunset 6 - cont...(10:00 - 11:50) - QiLing - KaiJern, Lau, Dr. Nguyen Anh Quynh
LBV - Flamingo - Carson City II Room - Lock Bypass 101
PHVT - Bally's - Indigo Tower - 26th Floor - Head in the Clouds - Matt Nash
PHVW - Bally's - Indigo Tower - 26th Floor - Threat Hunting with Suricata - Josh Stroschein, Jason Williams, Jack Mott, Travis Green
RCV - Planet Hollywood - Celebrity 5 Ballroom - AttackSurfaceMapper: Automate and Simplify the OSINT Process - Andreas Georgiou and Jacob Wilkin
RCV - Planet Hollywood - Celebrity 5 Ballroom - (11:25-11:59) - Prize Distribution / Closing Note
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(10:30-11:30) - WebSploit 2.0 Release and an Intense Introduction to Hacking Web Applications and APIs - Omar Santos

 

Sunday - 12:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(11:30-12:20) - Bitcoin Honeypot - Wallet on floor of the Internet - Gordon Draper
BCV - Flamingo 3rd Floor - Laughlin III Room - (12:20-13:10) - A single global public-utility blockchain & cryptosystem - Derek Moore
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(11:45-12:30) - Biopiracy on the High Seas - Marla Valentine
BHV - Planet Hollywood - Melrose 1-3 Rooms - (12:30-13:15) - Getting Skin in the Game - cyberlass
BTVT - Flamingo - 3rd Floor- Savoy Room - An Introduction To Malware Analysis - Understudy77
CLV - Flamingo 3rd Floor - Reno I Room - cont...(11:50-12:15) - Securing Multi-cloud Kubernetes - Josh Mize
CLV - Flamingo 3rd Floor - Reno I Room - (12:15-12:59) - Phishing in the cloud era - Ashwin Vamshi
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Security and privacy of dating apps - Alex Lomas, Alan Monie
DC - Paris - Track 1 - I'm In Your Cloud... Pwning Your Azure Environement - Dirk-jan Mollema
DC - Paris - Track 2 - Malproxying: Leave Your Malware at Home - Hila Cohen, Amit Waisel
DC - Paris - Track 3 - HTTP Desync Attacks: Smashing into the Cell Next Door - albinowax
DC - Paris - Track 4 - Help Me, Vulnerabilities. You're My Only Hope - Jacob Baines
ETV - Flamingo - 3rd Floor - Reno II Room - Ethics Training Workshop -
Meetups - Planet Hollywood - Santa Monica 4 Room - Friends of Bill W. -
PHVT - Bally's - Indigo Tower - 26th Floor - CIRCO: [Cisco Implant Raspberry Controlled Operations] - Emilio Couto
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(11:00-13:59) - Threat Hunting with Suricata - Josh Stroschein, Jason Williams, Jack Mott, Travis Green
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Panel and Active Discussions: Red Team Career Advise - Multiple

 

Sunday - 13:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(12:20-13:10) - A single global public-utility blockchain & cryptosystem - Derek Moore
BCV - Flamingo 3rd Floor - Laughlin III Room - Crypto currency heist - the story so far ... - Ryan Rubin
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(12:30-13:15) - Getting Skin in the Game - cyberlass
BHV - Planet Hollywood - Melrose 1-3 Rooms - (13:15-13:59) - Chinese Military Combined Arms Effects - Bio-Weapons - Red Dragon 1949
BTVT - Flamingo - 3rd Floor- Savoy Room - Blue Team Village Closing Ceremony
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Ironically, iOS robocall-blocking apps are violating your privacy - Dan Hastings
DC - Paris - Track 1 - [ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1 - Elliott Thompson
DC - Paris - Track 2 - Sound Effects: Exploring Acoustic Cyber-weapons - Matt Wixey
DC - Paris - Track 3 - Owning The Clout Through Server-Side Request Forgery - Ben Sadeghipour, Cody Brocious (Daeken)
DC - Paris - Track 4 - Want Strong Isolation? Just Reset Your Processor - Anish Athalye
PHVT - Bally's - Indigo Tower - 26th Floor - Augmenting the (Security) Onion: Facilitating Enhanced Detection and Response with Open Source Tools - Wes Lambert
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(11:00-13:59) - Threat Hunting with Suricata - Josh Stroschein, Jason Williams, Jack Mott, Travis Green
RGV - Flamingo - 3rd Floor - Carson City II - Lockpicking "Extras" - Jared Dygert

 

Sunday - 14:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - Contest Results
BCV - Flamingo 3rd Floor - Laughlin III Room - Vote of Thanks
BHV - Planet Hollywood - Melrose 1-3 Rooms - Biohacking & Biosecurity - Anne A. Madden
DC - Paris - Track 1 - Firmware Slap: Automating Discovery of Exploitable Vulnerabilities in Firmware - Christopher Roberts
DC - Paris - Track 2 - Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks - Brad Dixon
DC - Paris - Track 3 - The Ether Wars: Exploits, counter-exploits and honeypots on Ethereum - Bernhard Mueller, Daniel Luca
DC - Paris - Track 4 - Contests Awards Ceremony - Contests & Events Goons

 

Sunday - 15:00


Return to Index  -  Locations Legend
DC - Paris - Track 4 - cont...(14:00-15:30) - Contests Awards Ceremony - Contests & Events Goons

 

Sunday - 16:00


Return to Index  -  Locations Legend
DC - Tracks 1,2,3 - Closing Ceremonies - The Dark Tangent & Goons

 

Sunday - 17:00


Return to Index  -  Locations Legend
DC - Tracks 1,2,3 - cont...(16:00-17:59) - Closing Ceremonies - The Dark Tangent & Goons

Speaker List


9ian1i
Aamir Lakhani
Aaron Grattafiori
Abhay Bhargav
Acid-T A.K.A. DJ SmOke
Adam Podgorski
Adam
Adrian Korn
Alan Monie
albinowax
Aleksandar Straumann
Alex Hammer
Alex Lomas
Alex Pearlman
Alex
Alexander Zakharov
Alexandre Borges
Alexandrine Torrents
Ali Islam
Ali Meer
Alina Dorina
Alon Weinberg
Alvaro Folgado
Alvaro Muñoz
Amanda Rousseau
Amit Klein
Amit Waisel
Andrea Downing
Andrea
Andreas Baumhof
Andreas Georgiou
Andrew Krug
Andrew Nicholson
Andy Grant
Ang Cui
Anish Athalye
Anne A. Madden
Anthony “C01И” Rose
Anthony Rhodes
Anthony Rose
Archwisp
Ariel Herbert-Voss
Arnaud Soullié
Art
Aseem Jakhar
ASHSLAY
Ashwin Vamshi
Aviation Village Team
Axel Souchet
Ayman Elsawah
Bahtiyar Bircan
Ben Brecht
Ben Hughes
Ben Sadeghipour
Ben
Ben
Benoit Côté-Jodoin
Bernhard Mueller
Besim Altinok
Besim Altinok
Big Endian Smalls
Bill Demirkapi
Bill Graydon
Bill Swearingen
Billy Boatright
Billy Rios
Brad Dixon
Brent Stone
Brian Brushwood
Brian Somers
Brian Vohaska (bvo)
Bruce Schneier
Bryson Bort
BugCrowd
Calli Schroeder
Campbell Murray
Can Kurnaz
Carl Pearson
Casey Erdmann
Cat Murdock
Cathie Yun
Ce Qin
Cedric Owens
Cesare Pizzi
ch33r10
Charles Herring
Cheryl Biswas
Cheryl Biswas
Chet Hosmer
Chet Hosmer
chgaray
Chris Alladoum
Chris Dildog Rioux
Chris Hadnagy
Chris Hanlon
Chris Hanlon
Chris Kirsch
Chris Kirsch
Chris Kubecka
Chris Le Roy
Chris McCoy
Chris Pritchard
Christian “quaddi” Dameff
Christian Paquin
Christopher Roberts
Christopher Wade
Claudio Contin
Clockwork Echo
Closing Ceremonies
clou (Fabian Ullrich)
Cody Brocious (Daeken)
Colin Estep
connormorley
Contests Closing Ceremonies
Corey M. Hudson
Corey M. Hudson
Corey M. Hudson
Cris Thomas
crlowell
Ctrl
cyberlass
CyberPraesidium
d4rkm4tter (Mike Spicer)
D9
Damien Cauquil (virtualabs)
Dan Borges
Dan Hastings
Dan Regalado (DanuX)
Dani Goland
Daniel "ufurnace" Crowley
Daniel dos Santos
Daniel Isler
Daniel Luca
Daniel Pagan
Daniel Romero
Dennis Panagiotopoulos
Derek Moore
Deth Vegetable
dhivus
Diana Dragusin
Dimitry Snezhkov
Dino Covotsos
Dirk-jan Mollema
DJ SmOke
DJ St3rling
DJ%27
Douglas McKee
Douglas McKee
Dr. Avi Rubin
Dr. Bramwell Brizendine
Dr. Joshua Stroschien
Dr. Nguyen Anh Quynh
droogie
East
Edoardo Gerosa
Edward Miro
EFF Panel
eigentourist
Elad Shamir
Elie Bursztein
Elizabeth Biddlecome
Elizabeth Biddlecome
Elizabeth Biddlecome
Elliott Thompson
Emilio Couto
Emilio Couto
Emmanuel Law
Eoin Buckley
Eric D Perakslis
Erick Galinkin
Erik Dul
Erik Dul
Ethan Gregory Dodge
Etienne Champetier
Exploding Lemur
Eyal Itkin
Fabian Obermaier
Fatih Ozel
Fernando Amatte
finalphoenix
Former Rep. Jane Harman
Fotios Chantzis
Four Suites Co.
Four Suites Co.
Francis Brown
Fred Jennings
fryx0r
g richter
Gabriel "solstice" Ryan
Gabriel Ryan
Georges-Axel Jaloyan
Gerald Doussot
gkapoglis
Gleb Esman
Gordon Draper
Gregory Pickett
Guillaume Ross
Hadrien Barral
HaikuoXie
Hannah Poteat
Haowen Bai
Harlo Holmes
Harry Regan
Harry Thomas
Harshad
Highwiz
Hila Cohen
Hugo Trovao
Huiming Liu
HuiYu Wu
Hyunjun Park
Ian Vitek
Icetre Normal
Icetre Normal
Ilana Mergudich Thal
investigatorchi
Ionut Popescu
Isaac Evans
Itzik Kotler
J.J. Hastings
Jack Baker
Jack Mott
Jack
Jacob "Hubble" Krasnov
Jacob Baines
Jacob Wilkin
Jaime Sanchez
Jaime Sanchez
Jake “Hubble” Krasnov
Jakub Botwicz
James Harrison
James Harrison
James Kulikowski
James Strassburg
jamesdickenson
Jan Gorzny
Jane Miceli
Jared Dygert
Jason Edison
Jason Nickola
Jason Williams
Jatin Kataria
Jay Beale
Jay Beale
Jay Dimartino
Jay Lagorio
Jay Radcliffe
Jay Radcliffe
Jayson Grace
Jayson Grace
Jayson Street
Jean Michel Picod
Jean Rintoul
Jeff “r3plicant” Tully MD
Jeff Dileo
Jeff Foley
Jeff Foley
Jeff Man
Jen Ellis
Jen Goldsack
Jen Goldsack
Jens Müller
Jesse Michael
Jessica "Zhanna" Malekos Smith
Jeswin Mathai
Jianing Wang
jiska
Jmaxxz
Joakim Kennedy
Joe Grand (Kingpin)
Joe Gray
Joe Gray
Joe Slowik
John Holowczak
John Stoner
Joseph Bingham
Joseph Cox
Joseph Menn
Joseph Muniz
Josh Mize
Josh Reynolds
Josh Stroschein
Joshua Maddux
Joshua Pereyda
JSteeleIR
Junyu Zhou
Justin Drake
Jyoti Raval
KaiJern, Lau
Kala Kinyon
Kampf
Karl Koscher
Karl
Kate Rose
Katelyn Bowden
Katherine Pratt/GattaKat
Katie
Ken
Kent Britain
Kevin Leffew
Kitty Hegemon
Konark Modi
Kristy Westphal
Krittika Lalwaney
krypt3ia
Kyle Gwinnup
laciefan
Lak5hmi5udheer
Larry Suto
Larry Suto
Leon Jacobs
Liana Parakesyan
Maksim Shudrak
malware_traffic
Mandy Logan
Manish Gupta
María José Erquiaga
Marcello Salvati
Marcos Oviedo
marcosd4h
Marcus Liotta
Marie Moe PhD
Marie Moe
Marina Simakov
Marina Spyrou
Mario Rivas
Mark B Cooper
Mark Bereza
Mark Bereza
Mark Ignacio
Mark Nesbitt
markaorlando
Marla Valentine
Martin Vigo
Masarah Paquet-Clouston
Master Chen
Matt Bush
Matt Cheung
Matt Gleason
Matt Nash
Matt Wixey
Matthew Carr
Mattia Campagnano
Mauricio Velazco
Max Compston
Meh Chang
Micah Zenko
Michael Leibowitz
Michael Perklin
Michael Portera
Michael Stepankin
Michael Wylie
Michael Wylie
Michael Wylie
Mickey Shkatov
Mike Godfrey
Mike Johnson
Mike Kijewski
Mike Kiser
Mike Kiser
Mike Landeck
Mike Raggo
Mike Rich
Mike Spicer
Mila Paul
Milind Bhargava
Min (Spark) Zheng
Miss Jackalope
MITCHELL PARKER
Mixl S. Laufer
Mohsan Farid
Monta Elkins
Mr_Br!ml3y
Multiple
Murtuja Bharmal
n00bz
Najla Lindsay
Najla Lindsay
Nathan Sweaney
Nestor Torres
Nick Titus
Nicolas Oberli
Nikhil Mittal
Nikita
Nils Amiet
Nina Kollars
Nishant Sharma
Nithin Jois
Oden Jack
Oleksandr Mirosh
Olindo Verrillo
Olivier Bilodeau
Omar Santos
Omega
Omer Gull
Omer Yair
Orange Tsai
Parmanand Mishra
Parmanand Mishra
Patrick Wardle
Paul Makowski
Pavel Tsakalidis
Pavlo Radchuk
Pedro Cabrera Camara
Peiter Mudge Zatko
Penelope 'Pip' Pinkerton
Perry Carpenter
Pete
Peter Hay
Peter Pi
Petros Koutroumpis
phar
Philipp Roskosch
Philippe Delteil
Philippe Laulheret
politoinc
Pramod Rana
Pratik Shah
R.X. Gambler
Rémi Géraud-Stewart
Rabecca Long
Rachel Smith
Ralf Almon
Red Dragon 1949
Renderman
Rep. James Langevin
Rep. Ted Lieu
Rewanth Cool
Riana Pfefferkorn
Rich Mogull
Richard Gold
Richard Gold
Rick Housley
Robert Graydon
Robert Sell
Robin Dreeke
Rod Soto
Rod Soto
Rodman
Roger Dingledine
Roger Meyer
Ron Stoner
Rotem Bar
Rushikesh D. Nandedkar
Russell Butturini
Ryan Chapman
Ryan Holeman
Ryan Kovar
Ryan Leirvik
Ryan MacDougall
Ryan Rubin
S7a73farm
Sam Bowne
Sam Bowne
Sam Bowne
Sam Buhrow
Sam Buhrow
Sam Erb
Sanket Karpe
Sarah McCarthy
Saroj
Scotchandbubbles
Sean Donnelly
Sean Metcalf
Sean Wilson
Sebastian Garcia
Sebastian Puttkammer
SecBarbie
SecKC
Seeker
Sergei Frankoff
Serhii Okhrimenko
Setu Parimi
Seyfullah KILIÇ
Shaggy
Shane McCombs
Sharon Brizinov
Sheila Ayelen Berta
sirmudbl00d
smea
Soldier of Fortran
sopooped
Soyeon Kim
Srinivas Piskala Ganesh Babu
Stefan
Steph Infection
Stephan Huber
Steve Lewis
Steve Thomas
Suchismita Pahi
Sunny Wear
Susan
Suzanne Schwartz MD
Tal Keren
Tal Melamed
Tanner Barnes
Tanya Janca
Tarah
Teri Radichel
Terrestrial Access Network
Terry Gold
The DEF CON NOC
thezachw
Tiffany Li
Tilak Thimmappa
Tineh Nimjeh
Tom Kopchak
Topher Timzen
Tottenkoph
Travis Palmer
Troy Defty
Troy Defty
Truman Kain
Tyler Holland
Tyler Kell
U.S. Senator Ron Wyden
Ulf Frisk
uncl3dumby
Understudy77
Utku Sen
Utku Sen
Utku Sen
v4tl4
Vadim Pavlov
Valerie Thomas
Valerie Thomas
Victor Fang
Victor Faraggi
Vincent "Halycon" Rose
Vitor Ventura
Wayne Marsh
Wayne Penn
Wayne Ronaldson
Wenxiang Qian
Wes Lambert
Wesley McGrew
Wesley McGrew
Wicked Clown
Wil Austin
Will
WillC
William Suthers
Winnona DeSombre
xBen "benmap" Morris
Xiangqian Zhang
Xiaohang Yu
XiaoHuiHui
Xiaolong Bai
Xiling Gong
Yacin Nadji
Yaron Zinar
Yavuz Atlas
Yolan Romailler
yugoslavskiy
YuXiang Li
Zac Shannon
ZhengHuang
Zoltan

Talk List


.NET Malware Threats: Internals And Reversing - DC - Paris - Track 4
"First-Try" DNS Cache Poisoning with IPv4 and IPv6 Fragmentation - PHVT - Bally's - Indigo Tower - 26th Floor
(Ab)using GPOs for Active Directory Pwnage - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
(Re)Thinking Security Given the Spectre of a Meltdown (hold my beer) - PHVT - Bally's - Indigo Tower - 26th Floor
[ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1 - DC - Paris - Track 1
0-Day Inside - BHV - Planet Hollywood - Melrose 1-3 Rooms
100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans - DC - Paris - Track 3
2019 8th Annual Defcon Bike Ride - Meetups - outside [TBD location]
303/Skytalks Pajama Dance Party - Night Life - Paris - Concorde A Ballroom
303/Skytalks Party - Night Life - Paris - Rivoli B Ballroom
4 years and 10,000+ Hours Later: Lessons Learned from Running a National Penetration Testing Competition - PHVT - Bally's - Indigo Tower - 26th Floor
A Girl Says Nothing: A Social Engineer’s Guide to Playing into Sexism, Racial Stereotypes, and Discrimination - SEV - Bally's Jubilee Tower - 3rd Floor
A Hacker Walks Into A Flight School And Says Ouch: Common Online Security Fails In Pilot Training - AVV - Bally's Event Center
A hackers first solo: airplane avionics security 101 - AVV - Bally's Event Center
A Life of Advantage Play - RGV - Flamingo - 3rd Floor - Carson City II
A Minor Threat - BHV - Planet Hollywood - Melrose 1-3 Rooms
A single global public-utility blockchain & cryptosystem - BCV - Flamingo 3rd Floor - Laughlin III Room
A Smart Contract Killchain. How the first Blockchain APT was caught - BCV - Flamingo 3rd Floor - Laughlin III Room
A Theme Of Fear: Hacking The Paradigm - BTVT - Flamingo - 3rd Floor- Savoy Room
A URL Shortened By Any Other Name - RCV - Planet Hollywood - Celebrity 5 Ballroom
“Can you add a conference line, please?” - Using Cloud Services for Dial-In Reconnaissance Automation - RCV - Planet Hollywood - Celebrity 5 Ballroom
Abusing the IoT in Smart Buildings - ICS - Bally's Event Center
Advanced APT Hunting with Splunk - PHVW - Bally's - Indigo Tower - 26th Floor
Advanced Custom Network Protocol Fuzzing - WS - Flamingo - Lower Level - Red Rock VI
Advanced Recon with OWASP Amass - RCV - Planet Hollywood - Celebrity 5 Ballroom
Advanced Wireless Attacks Against Enterprise Networks - WS - Flamingo - Lower Level - Red Rock VII
Advanced Wireless Exploitation for Red Team and Blue Team - WS - Flamingo - Lower Level - Red Rock II
Adventures In Smart Buttplug Penetration (testing) - DC - Paris - Track 2
Adversarial Fashion – Sartorial Hacking to Combat Surveillance - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Alice and Bob's Big Secret - BCV - Flamingo 3rd Floor - Laughlin III Room
All the 4G modules Could be Hacked - DC - Paris - Track 3
Amputees and Prosthetic Challenges - BHV - Planet Hollywood - Melrose 1-3 Rooms
An Introduction to Deploying Red Team Infrastructure - WS - Flamingo - Lower Level - Red Rock I
An Introduction To Malware Analysis - BTVT - Flamingo - 3rd Floor- Savoy Room
An introduction to the ARINC standards - AVV - Bally's Event Center
Analysis 101 for Hackers and Incident Responders - WS - Flamingo - Lower Level - Red Rock IV
Anatomy Of A Megabreach: Equifax Report - BTVT - Flamingo - 3rd Floor- Savoy Room
Antennas for Surveillance applications - DL - Planet Hollywood - Sunset 1
Apache Solr Injection - DC - Paris - Track 4
API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web - DC - Paris - Track 4
Applying Pareto's Principle for Securing AWS with SCPs - CLV - Flamingo 3rd Floor - Reno I Room
Arcade Party - Night Life - Paris - Rivoli A Ballroom
Are Quantum Computers Really A Threat To Cryptography? A Practical Overview Of Current State-Of-The-Art Techniques With Some Interesting Surprises - DC - DC101, Paris Theatre
Are Your Child's Records at Risk? The Current State of School Infosec - DC - Paris - Track 2
Asset Discovery: Making Sense of the Ocean of OSINT - RCV - Planet Hollywood - Celebrity 5 Ballroom
Atomic Threat Coverage: ATT&CK In Action! - BTVT - Flamingo - 3rd Floor- Savoy Room
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Sentinel using Sysmon and MITRE ATT&CK - CLV - Flamingo 3rd Floor - Reno I Room
Attacking Layer 2 Network Protocols - WS - Flamingo - Lower Level - Red Rock I
AttackSurfaceMapper: Automate and Simplify the OSINT Process - RCV - Planet Hollywood - Celebrity 5 Ballroom
Augmenting the (Security) Onion: Facilitating Enhanced Detection and Response with Open Source Tools - PHVT - Bally's - Indigo Tower - 26th Floor
Backdooring Hardware Devices By Injecting Malicious Payloads On Microcontrollers - DC - Paris - Track 1
BADASS/Cyber SeXurity - Meetups - Planet Hollywood - Sin City
BadSalt (Adversarial DevOps)  - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
Battle in the Clouds: Attacker vs Defender on AWS - CLV - Flamingo 3rd Floor - Reno I Room
bedr - DL - Planet Hollywood - Sunset 6
BEEMKA – Electron Post-Exploitation Framework - DL - Planet Hollywood - Sunset 3
Behind the scenes of hacking airplanes - AVV - Bally's Event Center
Behind the Scenes of the DEF CON 27 Badge - DC - Paris - Track 1
Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware - DC - Paris - Track 3
Bestsellers in the Underground Economy: Measuring Malware Popularity by Forum - PHVT - Bally's - Indigo Tower - 26th Floor
Beverage Cooling Contest - Meetups - Planet Hollywood - Mezzanine Stage
Beyond Sandboxes. How to Execute IoT Malware and Analyze Its Evolution - PHVT - Bally's - Indigo Tower - 26th Floor
Beyond the Firmware - BHV - Planet Hollywood - Melrose 1-3 Rooms
Biohacking & Biosecurity - BHV - Planet Hollywood - Melrose 1-3 Rooms
Biopiracy on the High Seas - BHV - Planet Hollywood - Melrose 1-3 Rooms
Bitcoin Honeypot - Wallet on floor of the Internet - BCV - Flamingo 3rd Floor - Laughlin III Room
Black Mirror: You are your own privacy nightmare – the hidden threat of paying for subscription services - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Blanketfort Con Party - Night Life - Paris - Concorde B Ballroom
Blue Team Bio II - Genetic and Epigenetics Backups - BHV - Planet Hollywood - Melrose 1-3 Rooms
Blue Team Guide For Fresh Eyes - BTVT - Flamingo - 3rd Floor- Savoy Room
Blue Teaming For Fun And The Sake Of Your Organization - BTVW - Flamingo - Lower Level - Valley Of Fire 2
Breaking Google Home: Exploit It with SQLite(Magellan) - DC - DC101, Paris Theatre
Breaking NBAD and UEBA Detection  - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
Breaking The Back End! It Is Not Always A Bug. Sometimes, It Is Just Bad Design! - DC - Paris - Track 3
Browser extension to hunt low hanging fruits (Hacking by just browsing) - DL - Planet Hollywood - Sunset 1
Build to Hack, Hack to Build - CLV - Flamingo 3rd Floor - Reno I Room
Building a New Decentralized Internet, With the Nodes Implanted in Our Bodies - BHV - Planet Hollywood - Melrose 1-3 Rooms
Building an OSINT and Recon Program to address Healthcare Information Security issues - RCV - Planet Hollywood - Celebrity 5 Ballroom
Burp Plugin: Cyber Security Transformation Chef (CSTC) - DL - Planet Hollywood - Sunset 1
Burp Suite Workshop - PHVW - Bally's - Indigo Tower - 26th Floor
Burpsuite Team Server for Collaborative Web App Testing - DL - Planet Hollywood - Sunset 1
Bypassing MacOS Detections with Swift - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
Can You Track Me Now? Why The Phone Companies Are Such A Privacy Disaster - DC - Paris - Track 2
Car Hacking Village Party - Night Life - Planet Hollywood - Apex Suite
Casting with the Pros: Tips and Tricks for Effective Phishing - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
Change the World, cDc Style: Cow tips from the first 35 years - DC - Paris - Track 2
Changium IPiosa: most magical change IP packets in the wild - ICS - Bally's Event Center
Chaos Drive, because USB is still too trustworthy - DL - Planet Hollywood - Sunset 4
Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks - DC - Paris - Track 2
Chinese Military Combined Arms Effects - Bio-Weapons - BHV - Planet Hollywood - Melrose 1-3 Rooms
CIRCO: [Cisco Implant Raspberry Controlled Operations] - PHVT - Bally's - Indigo Tower - 26th Floor
CIRCO: Cisco Implant Raspberry Controlled Operations - DL - Planet Hollywood - Sunset 2
Closing Ceremonies - DC - Tracks 1,2,3
Cloudy Vision: How Cloud Integration Complicates Security - CLV - Flamingo 3rd Floor - Reno I Room
Combo Password - DL - Planet Hollywood - Sunset 5
Confessions of an Nespresso Money Mule: Free Stuff & Triangulation Fraud - DC - Paris - Track 3
Constructing Kerberos Attacks with Delegation Primitives - WS - Flamingo - Lower Level - Red Rock VII
Contests Awards Ceremony - DC - Paris - Track 4
Cotopaxi: IoT Protocols Security Testing Toolkit - DL - Planet Hollywood - Sunset 3
CRASHOVERRIDE: Re-Assessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack - ICS - Bally's Event Center
Crypto currency heist - the story so far ... - BCV - Flamingo 3rd Floor - Laughlin III Room
Cyberbiosecurity & the "Full Stack Biotechnologist" - BHV - Planet Hollywood - Melrose 1-3 Rooms
D0 N0 H4RM: A Healthcare Security Conversation - DC - Planet Hollywood - Firesides Lounge
Dallas Hackers Party - Night Life - Paris - Lobby Bar, under the blue thing
DC801 Party - Night Life - Planet Hollywood - Suite TBA
DECEPTICON: OPSEC to Slow the OSINT - RCV - Planet Hollywood - Celebrity 5 Ballroom
Deep Infrastructure Visibility With Osquery And Fleet - BTVW - Flamingo - Lower Level - Valley Of Fire 2
DEF CON 101 Panel - DC - DC101, Paris Theatre
DEF CON Ladies Meetup - Meetups - Planet Hollywood - Sin City Theater
DEFCON 27 4X5K run - Meetups - Paris - Outside at base of Eiffel Tower
DEFCON 27 4X5K run - Meetups - Paris - Outside at base of Eiffel Tower
DEFCON 27 4X5K run - Meetups - Paris - Outside at base of Eiffel Tower
DEFCON 27 4X5K run - Meetups - Paris - Outside at base of Eiffel Tower
DEFCON Monero Party - Night Life - Paris - Chateau Nightclub
DEFCON Sticker Swap - Meetups - Bally's - Chillout room near Vendor Area
Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming - DC - Paris - Track 2
Defending environments and hunting malware with osquery - WS - Flamingo - Lower Level - Red Rock VII
Derevolutionizing OS Fingerprinting: the cat and mouse game - RCV - Planet Hollywood - Celebrity 5 Ballroom
Detection At Google: On Corp And Cloud - BTVT - Flamingo - 3rd Floor- Savoy Room
Digital Medicine 101 - BHV - Planet Hollywood - Melrose 1-3 Rooms
Discussion Of State Election Security Policy - ETV - Flamingo - 3rd Floor - Reno II Room
Distributed Decentralized Security for Bitcoin Wallets - BCV - Flamingo 3rd Floor - Laughlin III Room
Diversity Party - Night Life - Paris - Concorde B Ballroom
DIY Medicine - BHV - Planet Hollywood - Melrose 1-3 Rooms
Don't Red-Team AI Like a Chump - DC - Paris - Track 1
Don’t Forget to Wipe - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Dr.ROBOT: Organized Chaos and the Shotgun Approach - DL - Planet Hollywood - Sunset 5
Dr/Hacker Panel - BHV - Planet Hollywood - Melrose 1-3 Rooms
Drunk Hacker History - Night Life - Planet Hollywood - Mezzanine Stage
dstruction - Meetups - Planet Hollywood - Mezzanine Stage
Duplicating Restricted Mechanical Keys - DC - Paris - Track 4
DYI Azure Security Assessment - CLV - Flamingo 3rd Floor - Reno I Room
EAPHammer - DL - Planet Hollywood - Sunset 1
Easy PAKE Oven - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
EDR Is Coming; Hide Yo Sh!t - DC - Paris - Track 4
EFF Trivia - Meetups - Planet Hollywood - Mezzanine Stage
Employ Cybersecurity Techniques Against the Threat of Medical Misinformation - BHV - Planet Hollywood - Melrose 1-3 Rooms
Empowering Gateways with Functional Encryption - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Enabling HTTPS for home network devices using Let’s Encrypt - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Ethical Issues In Cyber Attribution - ETV - Flamingo - 3rd Floor - Reno II Room
Ethics And Federal Election Security Policy - ETV - Flamingo - 3rd Floor - Reno II Room
Ethics Discussion with Congressional Staffers - ETV - Flamingo - 3rd Floor - Reno II Room
Ethics Training Workshop - ETV - Flamingo - 3rd Floor - Reno II Room
Evaded MicrosoftATA? **But** You Are Completely Exposed By Event Log - BTVT - Flamingo - 3rd Floor- Savoy Room
Evil eBPF In-Depth: Practical Abuses of an In-Kernel Bytecode Runtime - DC - Paris - Track 4
Evil Mainframe Jr: Mainframe hacking from recon to privesc - WS - Flamingo - Lower Level - Red Rock I
EXPLIoT - IoT Security Testing and Exploitation Framework - DL - Planet Hollywood - Sunset 3
Exploit Development for Beginners - WS - Flamingo - Lower Level - Red Rock VII
Exploiting IAM in the Google Cloud Platform - CLV - Flamingo 3rd Floor - Reno I Room
Exploiting Qualcomm WLAN and Modem Over The Air - DC - Paris - Track 3
Exploiting Windows Exploit Mitigation for ROP Exploits - DC - DC101, Paris Theatre
Extending Zeek For ICS Defense - BTVT - Flamingo - 3rd Floor- Savoy Room
Fighting non consensual pornography the BADASS way - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Finding the needle in the twitter haystack. - RCV - Planet Hollywood - Celebrity 5 Ballroom
Finding Vulnerabilities at Ecosystem-Scale - WS - Flamingo - Lower Level - Red Rock IV
Firmware Slap: Automating Discovery of Exploitable Vulnerabilities in Firmware - DC - Paris - Track 1
Flatline - DL - Planet Hollywood - Sunset 4
Florida Man Party - Night Life - Planet Hollywood - Apex Suite
Forcing a trustworthy notion of sequential time - BCV - Flamingo 3rd Floor - Laughlin III Room
Forensic Science and Information Security - BHV - Planet Hollywood - Melrose 1-3 Rooms
Friends of Bill W. - Meetups - Planet Hollywood - Santa Monica 4 Room
Friends of Bill W. - Meetups - Planet Hollywood - Santa Monica 4 Room
Friends of Bill W. - Meetups - Planet Hollywood - Santa Monica 4 Room
Friends of Bill W. - Meetups - Planet Hollywood - Santa Monica 4 Room
Friends of Bill W. - Meetups - Planet Hollywood - Santa Monica 4 Room
Friends of Bill W. - Meetups - Planet Hollywood - Santa Monica 4 Room
Friends of Bill W. - Meetups - Planet Hollywood - Santa Monica 4 Room
From buffer overflowing genomics tools to securing biomedical file formats - BHV - Planet Hollywood - Melrose 1-3 Rooms
From EK to DEK: Analyzing Document Exploit Kits - WS - Flamingo - Lower Level - Red Rock I
From email address to phone number - RCV - Planet Hollywood - Celebrity 5 Ballroom
FumbleChain: A Purposefully Vulnerable Blockchai - BCV - Flamingo 3rd Floor - Laughlin III Room
Functional Programming for the Blue Team - WS - Flamingo - Lower Level - Valley of Fire II
Generating Personalized Wordlists by Analyzing Target's Tweets - RCV - Planet Hollywood - Celebrity 5 Ballroom
Generating Personalized Wordlists With NLP by Analyzing Tweets - PHVT - Bally's - Indigo Tower - 26th Floor
Get off the Kernel if you can’t Drive - DC - Paris - Track 1
Getting access to your heart's data - BHV - Planet Hollywood - Melrose 1-3 Rooms
Getting Psychic: Cold Reading Techniques for Fortune Tellers and Social Engineers - SEV - Bally's Jubilee Tower - 3rd Floor
Getting Skin in the Game - BHV - Planet Hollywood - Melrose 1-3 Rooms
Giving Cops the Finger: Compelled Device Decryption and the Fifth Amendment - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Go NULL Yourself or: How I Learned to Start Worrying While Getting Fined for Other’s Auto Infractions - DC - Paris - Track 3
Go Reverse Engineering Tool Kit - DL - Planet Hollywood - Sunset 5
GothCON party - Night Life - Planet Hollywood - Gallery Club
GSM: We Can Hear Everyone Now! - DC - Paris - Track 2
H@ck3r Runw@y - Night Life - Planet Hollywood - Mezzanine Stage
Hachi: An Intelligent threat mapper - DL - Planet Hollywood - Sunset 5
Hack the Planet! Hackers Influencing Positive Change - RCV - Planet Hollywood - Celebrity 5 Ballroom
Hack the World & Galaxy with OSINT - ICS - Bally's Event Center
Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows. - WS - Flamingo - Lower Level - Valley of Fire I
Hack to Basics – Adapting Exploit Frameworks to Evade Microsoft ATP - RCV - Planet Hollywood - Celebrity 5 Ballroom
Hacker Flairgrounds - Meetups - Planet Hollywood - London Club
Hacker Jeopardy - Night Life - Planet Hollywood - Mezzanine Stage
Hacker Jeopardy - Night Life - Planet Hollywood - Mezzanine Stage
Hacker Karaoke - Night Life - Paris - Concorde C Ballroom
Hacker Karaoke - Night Life - Paris - Concorde C Ballroom
Hackers Against Brexit - Meetups - Paris - Le Bar Du Sport Bar
Hacking Congress: The Enemy Of My Enemy Is My Friend - DC - Paris - Track 2
Hacking Corporate Org Socialization: One Day You Are Out and the Next Day You Pwn the Org! - PHVT - Bally's - Indigo Tower - 26th Floor
Hacking Cryptocurrencies - BCV - Flamingo 3rd Floor - Laughlin III Room
Hacking Hollywood - SEV - Bally's Jubilee Tower - 3rd Floor
Hacking ICS: From Open Source Tools to Custom Scripts - WS - Flamingo - Lower Level - Red Rock V
Hacking into automotive clouds - CLV - Flamingo 3rd Floor - Reno I Room
Hacking Kubernetes - Choose Your Own Adventure Style - PHVW - Bally's - Indigo Tower - 26th Floor
Hacking Kubernetes: Choose Your Own Adventure Style - PHVT - Bally's - Indigo Tower - 26th Floor
Hacking Medical Devices - WS - Flamingo - Lower Level - Red Rock II
Hacking the Air Force and Beyond - AVV - Bally's Event Center
Hacking the Android APK - WS - Flamingo - Lower Level - Red Rock V
Hacking WebAssembly Games with Binary Instrumentation - DC - Paris - Track 3
Hacking Wetware with Open Source Software and Hardware - BHV - Planet Hollywood - Melrose 1-3 Rooms
Hacking Wi-Fi for Beginners - WS - Flamingo - Lower Level - Red Rock III
Hacking Wifi - WS - Flamingo - Lower Level - Red Rock VIII
Hacking Your Career Through Social Engineering - SEV - Bally's Jubilee Tower - 3rd Floor
Hacking Your Thoughts - Batman Forever meets Black Mirror - DC - Paris - Track 3
HackPac: Hacking Pointer Authentication in iOS User Space - DC - Paris - Track 1
HAKC THE POLICE - DC - Paris - Track 2
Hands on Adversarial Machine Learning - WS - Flamingo - Lower Level - Red Rock VI
Harnessing Weapons of Mac Destruction - DC - Paris - Track 1
Head in the Clouds - PHVT - Bally's - Indigo Tower - 26th Floor
Help Me, Vulnerabilities. You're My Only Hope - DC - Paris - Track 4
Homebrew Hardware Contest - Meetups - Planet Hollywood - Mezzanine Stage
How Deep Learning Is Revolutionizing Side-Channel Cryptanalysis - DC - Paris - Track 3
How PKI and SHAKEN/STIR Will Fix the Global Robocall Problem - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
How to Get Your Ass Kicked and Like It; Experiential Learning Through Gamification - BHV - Planet Hollywood - Melrose 1-3 Rooms
How You Can Buy AT&T, T-Mobile, and Sprint Real-Time Location Data on the Black Market - DC - Paris - Track 1
HTTP Desync Attacks: Smashing into the Cell Next Door - DC - Paris - Track 3
Hunting Certificates and Servers - PHVT - Bally's - Indigo Tower - 26th Floor
HVACking: Understand the difference Between Security and Reality! - ICS - Bally's Event Center
HVACking: Understand the Difference Between Security and Reality! - DC - Paris - Track 2
Hyperledger Fabric Security Essentials - BCV - Flamingo 3rd Floor - Laughlin III Room
I am Spartacus! (And You Can Be Too!) Ensuring Privacy through Obfuscation - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
I Know What You Did Last Summer: 3 Years of Wireless Monitoring at DEF CON - DC - Paris - Track 2
I PWN thee, I PWN thee not! - SEV - Bally's Jubilee Tower - 3rd Floor
I'm In Your Cloud... Pwning Your Azure Environement - DC - Paris - Track 1
I'm on your phone, listening - Attacking VoIP Configuration Interfaces - DC - Paris - Track 2
ICS Village Community Engagement Shark Tank - ICS - Bally's Event Center
Ideas whose time has come: CVD, SBOM, and SOTA - AVV - Bally's Event Center
Implementing a Zero Knowledge Proof or, How to Write Bulletproofs in Rust - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
In The Air And On The Air: Aviation Radio Systems - AVV - Bally's Event Center
Infiltrating Corporate Intranet Like NSA ̶Pre-auth RCE on Leading SSL VPNs - DC - Paris - Track 3
Information Security in the Public Interest - DC - Paris - Track 3
Injections Without Borders: An anatomy of Serverless Event Injections - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
Intel-driven Hunts for Nation-state Activity Using Elastic SIEM - PHVW - Bally's - Indigo Tower - 26th Floor
Intro to Embedded Hacking—How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study. - DC - DC101, Paris Theatre
Introduction and Application of Covert Channels - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
Introduction to Cryptographic Attacks - WS - Flamingo - Lower Level - Red Rock VIII
Introduction To Mac-centric Incident Response Tools And Techniques - BTVW - Flamingo - 3rd Floor- Savoy Room
Introduction to Reverse Engineering With Ghidra - WS - Flamingo - Lower Level - Red Rock V
Introduction to Sandbox Evasion and AMSI Bypasses - WS - Flamingo - Lower Level - Red Rock IV
Introduction to the Aviation Village - AVV - Bally's Event Center
ioc2rpz - DL - Planet Hollywood - Sunset 2
IoT Village Party - Night Life - TBA
Ironically, iOS robocall-blocking apps are violating your privacy - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Is It Ethical To Work On Autonomous Weapon Systems? - ETV - Flamingo - 3rd Floor - Reno II Room
IT/OT Convergence - Are We There Yet? - ICS - Bally's Event Center
Jump-Oriented Programming (JOP) in Smart Contract Honeypots - BCV - Flamingo 3rd Floor - Laughlin III Room
Keynote: A Rant on Ethical Discolsure - ETV - Flamingo - 3rd Floor - Reno II Room
Keynote Blockchain-Security Symbiosis: Security Enabling Blockchains; Blockchains Enabling Security - BCV - Flamingo 3rd Floor - Laughlin III Room
Killsuit - How The Equation Group Remained Out Of Sight For Years - BTVT - Flamingo - 3rd Floor- Savoy Room
Kube-Red C2 Operations on Kubernetes - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
Lawyers Meet - Meetups - Paris - Napoleons Corner Bar
Learning to Hack Bluetooth Low Energy with BLE CTF - WS - Flamingo - Lower Level - Red Rock IV
Let's Map Your Network - DL - Planet Hollywood - Sunset 2
Let’s get technical and hunt harder! - RCV - Planet Hollywood - Celebrity 5 Ballroom
Leveraging Passive Network Mapping with Raspberry Pi and Python - PHVT - Bally's - Indigo Tower - 26th Floor
Leveraging the Insider Threat, oh, and how to be Awesome - SEV - Bally's Jubilee Tower - 3rd Floor
Liven Up - BHV - Planet Hollywood - Melrose 1-3 Rooms
Local Sheriff - DL - Planet Hollywood - Sunset 3
Lockpicking "Extras" - RGV - Flamingo - 3rd Floor - Carson City II
Low-Hanging Fruits in Blockchain Security - BCV - Flamingo 3rd Floor - Laughlin III Room
Malproxying: Leave Your Malware at Home - DC - Paris - Track 2
Malware Traffic Analysis Workshop - BTVW - Flamingo - Lower Level - Valley Of Fire 1
Malware Triage - Analyzing The Modern Malware Delivery Chain - WS - Flamingo - Lower Level - Red Rock II
Manhunting 101 - OSINT Crash Course vs Human Targets - RCV - Planet Hollywood - Celebrity 5 Ballroom
Mathematical Background of Blockchain Cryptography - BCV - Flamingo 3rd Floor - Laughlin III Room
MEDIC! Malware Response 101 From The Trenches - BTVW - Flamingo - Lower Level - Valley Of Fire 2
Medical Device Incident Response, Forensics, and ITs Challenges - BHV - Planet Hollywood - Melrose 1-3 Rooms
Medical Device Security - ETV - Flamingo - 3rd Floor - Reno II Room
Medical Simulations Panel - BHV - Planet Hollywood - Melrose 1-3 Rooms
Meet the EFF - Meetup Panel - DC - Planet Hollywood - Firesides Lounge
Memhunter - Automated Hunting Of Memory Resident Malware At Scale - BTVT - Flamingo - 3rd Floor- Savoy Room
Memhunter - Automated hunting of memory resident malware at scale - DL - Planet Hollywood - Sunset 6
Meticulously Modern Mobile Manipulations - DC - Paris - Track 4
Migrating to quantum-safe cryptography to protect against the quantum hackers - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments - WS - Flamingo - Lower Level - Lake Mead I
Mining for Gold: A Framework for Accessing Pastebin’s Hidden Treasures - RCV - Planet Hollywood - Celebrity 5 Ballroom
Mining Malevolence: Cryptominers in the Cloud - CLV - Flamingo 3rd Floor - Reno I Room
MITM mixed mode butterfly key privacy attack - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Modern Debugging^HWarfare with WinDbg Preview - WS - Flamingo - Lower Level - Lake Mead II
Modern Rogue - RGV - Flamingo - 3rd Floor - Carson City II
More Keys Than A Piano: Finding Secrets In Publicly Exposed Ebs Volumes - DC - Paris - Track 4
MOSE: Using Configuration Management for Evil - DC - Paris - Track 1
MozDef - CLV - Flamingo 3rd Floor - Reno I Room
Music - Acid-T A.K.A. DJ SmOke - Night Life - Planet Hollywood - Gallery Nightclub
Music - Archwisp - Night Life - Planet Hollywood - Gallery Nightclub
Music - ASHSLAY - Night Life - Paris - Napoleon's Piano Bar
Music - Clockwork Echo - Night Life - Planet Hollywood - Gallery Nightclub
Music - Ctrl - Night Life - Planet Hollywood - Gallery Nightclub
Music - DJ SmOke - Night Life - Paris - Napoleon's Piano Bar
Music - DJ St3rling - Night Life - Planet Hollywood - Gallery Nightclub
Music - DJ Wil Austin - Night Life - Paris - Napoleon's Piano Bar
Music - DJ%27 - Night Life - Planet Hollywood - Gallery Nightclub
Music - Icetre Normal - Night Life - Planet Hollywood - Gallery Nightclub
Music - Icetre Normal - Night Life - Planet Hollywood - Gallery Nightclub
Music - Kampf - Night Life - Planet Hollywood - Gallery Nightclub
Music - Miss Jackalope - Night Life - Planet Hollywood - Gallery Nightclub
Music - Rodman - Night Life - Planet Hollywood - Gallery Nightclub
Music - S7a73farm - Night Life - Paris - Napoleon's Piano Bar
Music - Scotchandbubbles - Night Life - Planet Hollywood - Gallery Nightclub
Music - Seeker - Night Life - Planet Hollywood - Gallery Nightclub
Music - Steph Infection - Night Life - Paris - Napoleon's Piano Bar
Music - Terrestrial Access Network - Night Life - Planet Hollywood - Gallery Nightclub
Music - Tineh Nimjeh - Night Life - Planet Hollywood - Gallery Nightclub
Nation State Supply Chain Attacks for Dummies -or- Chipping Cisco Firewalls - ICS - Bally's Event Center
National Collegiate Penetration Testing Competition & Ethical Challenges - ETV - Flamingo - 3rd Floor - Reno II Room
Next Generation Process Emulation with Binee - DC - Paris - Track 4
No Mas – How One Side-Channel Flaw Opens Atm, Pharmacies and Government Secrets Up to Attack - DC - Paris - Track 3
NOC NOC. Who's there? All. All who? All the things you wanted to know about the DEF CON NOC and we won't tell you about - DC - Paris - Track 2
Old Tech vs New Adversaries. Round 1... Fight! - PHVT - Bally's - Indigo Tower - 26th Floor
Opening Words - BHV - Planet Hollywood - Melrose 1-3 Rooms
Opening Words - BHV - Planet Hollywood - Melrose 1-3 Rooms
OSfooler-NG: Next Generation of OS fingerprinting fooler - DL - Planet Hollywood - Sunset 6
OSINT Approach in Big-Data - RCV - Planet Hollywood - Celebrity 5 Ballroom
OSINT in the Real World - SEV - Bally's Jubilee Tower - 3rd Floor
OWASP Amass - DL - Planet Hollywood - Sunset 2
Owning The Clout Through Server-Side Request Forgery - DC - Paris - Track 3
PacBot - Policy as Code from T-Mobile OSS - CLV - Flamingo 3rd Floor - Reno I Room
Panel – The Long Haul: The State of Aviation Security Policy - AVV - Bally's Event Center
Panel and Active Discussions: Red Team Career Advise - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
Panel: DEF CON Groups - DC - Planet Hollywood - Firesides Lounge
Patching: It's Complicated - PHVT - Bally's - Indigo Tower - 26th Floor
PcapXray - DL - Planet Hollywood - Sunset 2
PCILeech and MemProcFS - DL - Planet Hollywood - Sunset 4
Pentesting ICS 102 - WS - Flamingo - Lower Level - Valley of Fire II
PhanTap (Phantom Tap) - DL - Planet Hollywood - Sunset 2
Phishing Freakonomics - PHVT - Bally's - Indigo Tower - 26th Floor
Phishing in the cloud era - CLV - Flamingo 3rd Floor - Reno I Room
Phishing Simulation - DL - Planet Hollywood - Sunset 5
Phishing with Puny Bait - SEV - Bally's Jubilee Tower - 3rd Floor
Phreaking Elevators - DC - Paris - Track 2
Pickpocketing Workshop - RGV - Flamingo - 3rd Floor - Carson City II
Pickpocketing - RGV - Flamingo - 3rd Floor - Carson City II
PIE - A hardware based Prebellico Intelligence Exfiltration Botnet - RCV - Planet Hollywood - Celebrity 5 Ballroom
Pin the tail on the cyber owner - ICS - Bally's Event Center
PivotSuite: Hack The Hidden Network - A Network Pivoting Toolkit - DL - Planet Hollywood - Sunset 3
Please Inject Me, a x64 Code Injection - DC - Paris - Track 1
Poking the S in SD cards - DC - Paris - Track 1
Practical Key Search Attacks Against Modern Symmetric Ciphers - DC - Paris - Track 4
Pragmatic Cloud Security Automation - CLV - Flamingo 3rd Floor - Reno I Room
Process Injection Techniques - Gotta Catch Them All - DC - Paris - Track 1
Puny Charge your Phishing Campaigns - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
Purple Team CTF - WS - Flamingo - Lower Level - Red Rock III
Pwning Serverless Applications - WS - Flamingo - Lower Level - Red Rock V
QiLing - DL - Planet Hollywood - Sunset 6
RACE - Minimal Rights and ACE for Active Directory Dominance - DC - Paris - Track 1
Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption - DC - Paris - Track 4
Red Team Framework (RTF)   - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
Red Teaming - DON'T MISS THIS ONE - SEV - Bally's Jubilee Tower - 3rd Floor
Red Teaming Insights and Examples from Beyond the Infosec Community - SEV - Bally's Jubilee Tower - 3rd Floor
Red Teaming Techniques for Electronic Physical Security Systems - WS - Flamingo - Lower Level - Valley of Fire I
Reflections on Blockchain Security - BCV - Flamingo 3rd Floor - Laughlin III Room
Relaying Credentials Has Never Been Easier: How to Easily Bypass the Latest NTLM Relay Mitigations - DC - Paris - Track 4
Reverse Engineering 17+ Cars in Less Than 10 Minutes - DC - Paris - Track 1
Reverse Engineering Android Apps - WS - Flamingo - Lower Level - Red Rock III
Reverse Engineering Embedded ARM with Ghidra - DL - Planet Hollywood - Sunset 4
Reverse Engineering Malware 101 - PHVW - Bally's - Indigo Tower - 26th Floor
Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss - DC - Paris - Track 2
Rhodiola - DL - Planet Hollywood - Sunset 5
Rideshare OSINT - Car Based SE For Fun & Profit - SEV - Bally's Jubilee Tower - 3rd Floor
Rise of the Hypebots: Scripting Streetwear - DC - Paris - Track 2
Sandbox Creative Usage For Fun and Pro...Blems - PHVT - Bally's - Indigo Tower - 26th Floor
Say Cheese - How I Ransomwared Your DSLR Camera - DC - Paris - Track 4
SCADA: What the next Stuxnet will look like and how to prevent it - ICS - Bally's Event Center
Scaling Security in the Cloud With Open Source - CLV - Flamingo 3rd Floor - Reno I Room
scapy_dojo_v_1 - WS - Flamingo - Lower Level - Lake Mead I
Scrubber: An open source compilation to protect journalistic sources - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
SDR Against Smart TVs: URL and Channel Injection Attacks - DC - Paris - Track 2
SecKC the work, Again party - Night Life - Planet Hollywood - London Club
Secrets Worlds in Plain Web. The BlockChain DNS. - BCV - Flamingo 3rd Floor - Laughlin III Room
Securing Multi-cloud Kubernetes - CLV - Flamingo 3rd Floor - Reno I Room
Securing the Unknown: A Methodology for Auditing Smart Contracts - BCV - Flamingo 3rd Floor - Laughlin III Room
Security and privacy of dating apps - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Security Battle Wounds from a Cloud SRE - CLV - Flamingo 3rd Floor - Reno I Room
Security to Make the CFO Happy - PHVT - Bally's - Indigo Tower - 26th Floor
SELECT code_execution FROM * USING SQLite;—Gaining code execution using a malicious SQLite database - DC - Paris - Track 1
Serverless Log Analysis On AWS - BTVT - Flamingo - 3rd Floor- Savoy Room
SEVillage - 10 Year Anniversary - a Look Back at what has changed - SEV - Bally's Jubilee Tower - 3rd Floor
Shadow Workers: Backdooring with Service Workers - DL - Planet Hollywood - Sunset 6
Shellcode Compiler - DL - Planet Hollywood - Sunset 5
SiestaTime, A Red Team Automation Tool for Generation of Long-term Implants and Infrastructure Deployment  - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
SILENTTRINITY - DL - Planet Hollywood - Sunset 4
Sizing People Up - SEV - Bally's Jubilee Tower - 3rd Floor
Snoop all Telegram messages - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
So You Want to Rob a Bank: Overt Ops Timing & Practise - LBV - Flamingo - Carson City II Room
Social Media: The New Court of Public opinion (exploring the effects of social media and out unconscious bias) - RCV - Planet Hollywood - Celebrity 5 Ballroom
soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend - DL - Planet Hollywood - Sunset 6
Solving Crimes with Wireless GeoFencing and Multi-Zone Correlation Analytics - PHVT - Bally's - Indigo Tower - 26th Floor
Sound Effects: Exploring Acoustic Cyber-weapons - DC - Paris - Track 2
Spartacus as a Service (SaaS) - DL - Planet Hollywood - Sunset 3
Spectra - BHV - Planet Hollywood - Melrose 1-3 Rooms
SpellCheck: The Hacker Spelling Bee - Meetups - Planet Hollywood - Mezzanine Stage
Sponsored Talk - Anatomy of cloud hacking - CLV - Flamingo 3rd Floor - Reno I Room
Srujan: Safer Networks for Smart Homes - DL - Planet Hollywood - Sunset 4
SSO Wars: The Token Menace - DC - Paris - Track 4
State of DNS Rebinding - Attack & Prevention Techniques and the Singularity of Origin - DC - Paris - Track 3
State of Red Team Services Roundtable - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
State Sponsored Hacking: How to Intercept/Decrypt TLS Traffic and How to Prevent TLS Interception Attacks - PHVT - Bally's - Indigo Tower - 26th Floor
StegoAugmented Malware - PHVT - Bally's - Indigo Tower - 26th Floor
Stop Facebook From Buying Your Brain: Facial Recognition, DNA, and Biometric Privacy - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Stop right now! Quantum-Safe Instantaneous Vehicle to Vehicle communication - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Surveillance Detection Scout - Your Lookout on Autopilot - DC - Paris - Track 3
Swing Away: How to Conquer Impostor Syndrome - SEV - Bally's Jubilee Tower - 3rd Floor
Tag-side attacks against NFC - DC - Paris - Track 3
TaintedLove - DL - Planet Hollywood - Sunset 6
Take back control of user data with the decentralized cloud - BCV - Flamingo 3rd Floor - Laughlin III Room
The ABC of Next-Gen Shellcoding - DC - Paris - Track 1
The Art of Detection - PHVT - Bally's - Indigo Tower - 26th Floor
The Aspie's Guide to Social Engineering Your Way Through Life - SEV - Bally's Jubilee Tower - 3rd Floor
The Basics of Social Engineering aKa How I break into Casinos, Airports and CNI - SEV - Bally's Jubilee Tower - 3rd Floor
The CryptoCurrency Security Standard (CCSS) - BCV - Flamingo 3rd Floor - Laughlin III Room
The Cyber Threat Intelligence Mindset - BTVT - Flamingo - 3rd Floor- Savoy Room
The Cyberlous Mrs. Maisel: A Comedic (and slightly terrifying) Introduction to Information Warfare - PHVT - Bally's - Indigo Tower - 26th Floor
The Ether Wars: Exploits, counter-exploits and honeypots on Ethereum - DC - Paris - Track 3
The Human Body's Promise: How Your Bare Hands can Defeat Physical Security - LBV - Flamingo - Carson City II Room
The JOP ROCKET: A Supremely Wicked Tool for JOP Gadget Discovery, or What to Do If ROP Is Too Easy - DC - Paris - Track 4
The L33T Shall Inherit the Cosmos - BHV - Planet Hollywood - Melrose 1-3 Rooms
The OSINT Space is Growing! Are we Ready? - RCV - Planet Hollywood - Celebrity 5 Ballroom
The Story of SICGRL Vulnerability - BHV - Planet Hollywood - Melrose 1-3 Rooms
The Tor Censorship Arms Race: The Next Chapter - DC - Paris - Track 2
The Voice Told Me To Do It - SEV - Bally's Jubilee Tower - 3rd Floor
Threat Hunting with Suricata - PHVW - Bally's - Indigo Tower - 26th Floor
Threat Hunting With The Elastic Stack - BTVW - Flamingo - 3rd Floor- Savoy Room
Through the Looking Glass: Own the Data Center  - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
Tinfoil Hat Contest - Meetups - Planet Hollywood - Mezzanine Stage
Tiplines Today - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
TLS decryption attacks and back-doors to secure systems - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Tools? We Don’t Need No Stinkin’ Tools: Hands-on Hacking with Python - PHVW - Bally's - Indigo Tower - 26th Floor
Towards Usable Dining Cryptographer Networks with Howl - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Toxic BBQ - Meetups - Offsite - Sunset Park, Pavilion F
Understanding and Analyzing Weaponized Carrier Files - WS - Flamingo - Lower Level - Red Rock III
Unpacking Pkgs: A Look Inside Macos Installer Packages And Common Security Flaws - DC - Paris - Track 1
USB-Bootkit – New Bookit via USB Interface in Supply Chain Attacks - DL - Planet Hollywood - Sunset 4
Use Responsibly: Recon Like an insider threat for Best User Training ROI - RCV - Planet Hollywood - Celebrity 5 Ballroom
Using OSINT for Competitive Intelligence - RCV - Planet Hollywood - Celebrity 5 Ballroom
Using Splunk for Auditing AWS/GCP/Azure Security posture - CLV - Flamingo 3rd Floor - Reno I Room
Vacuum Cleaning Security—Pinky and the Brain Edition - DC - Paris - Track 4
Verbal Steganography Workshop - RGV - Flamingo - 3rd Floor - Carson City II
Verbal Steganography - RGV - Flamingo - 3rd Floor - Carson City II
VETCON II - Night Life - Paris - Rivoli A Ballroom
Void If Removed: Securing Our Right TO Repair - ETV - Flamingo - 3rd Floor - Reno II Room
Vulmap: Online Local Vulnerability Scanners Project - DL - Planet Hollywood - Sunset 3
Want Strong Isolation? Just Reset Your Processor - DC - Paris - Track 4
We Hacked Twitter… And the World Lost Their Sh*t Over It! - DC - Planet Hollywood - Firesides Lounge
Weaponizing Hypervisors to Fight and Beat Car and Medical Devices Attacks - DC - Paris - Track 1
Web2Own: Attacking Desktop Apps From Web Security's Perspective - DC - DC101, Paris Theatre
WebSploit 2.0 Release and an Intense Introduction to Hacking Web Applications and APIs - RTV - Flamingo 3rd Floor - Laughlin I,II Rooms
When A Plan Comes Together: Building A SOC A-Team - BTVT - Flamingo - 3rd Floor- Savoy Room
Who Belongs Where? How to Effectively Integrate Your Company’s Privacy, Legal, & Security Teams - CPV - Planet Hollywood - Celebrity 1,2 Ballrooms
Who Dis? Who Dis? The Right Way To Authenticate - BTVT - Flamingo - 3rd Floor- Savoy Room
Who's Slide is it anyway? - Night Life - Planet Hollywood - Mezzanine Stage
Why vigilantism doesn't work - SEV - Bally's Jubilee Tower - 3rd Floor
Why You Should Fear Your “mundane” Office Equipment - DC - Paris - Track 3
Wi-Fi Threat Modeling and Monitoring - PHVT - Bally's - Indigo Tower - 26th Floor
WiFi Kraken – Scalable Wireless Monitoring - DL - Planet Hollywood - Sunset 1
Wireless Attacks on Aircraft Instrument Landing System - AVV - Bally's Event Center
Wireshark for Incident Response & Threat Hunting - PHVW - Bally's - Indigo Tower - 26th Floor
Writing custom backdoor payloads using C# - WS - Flamingo - Lower Level - Lake Mead II
Writing Wireshark Plugins for Security Analysis - PHVW - Bally's - Indigo Tower - 26th Floor
Your Blacklist is Dead: Why the Future of Command and Control is the Cloud - CLV - Flamingo 3rd Floor - Reno I Room
Your Car is My Car - DC - Paris - Track 1
Your Phone is Using Tor and Leaking Your PII - PHVT - Bally's - Indigo Tower - 26th Floor
Your Secret Files Are Mine: Bug Finding And Exploit Techniques On File Transfer App Of All Top Android Vendors - DC - Paris - Track 4
Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets - DC - Paris - Track 3
Zigbee Hacking: Smarter Home Invasion with ZigDiggity - DL - Planet Hollywood - Sunset 2
Zombie Ant Farm: Practical Tips for Playing Hide and Seek with Linux EDRs - DC - Paris - Track 4

Talk/Event Descriptions


 

DC - Paris - Track 4 - Saturday - 15:00-15:45


.NET Malware Threats: Internals And Reversing

Saturday at 15:00 in Track 4
45 minutes

Alexandre Borges Security Researcher at Blackstorm Security

.NET malware is well-known by security analysts, but even existing many tools such as dnSpy,.NET Reflector, de4dot and so on to make the analysis easier, most professionals have used them as a black box tool, without concerning to .NET internals, structures, MSIL coding and details. In critical cases, it is necessary have enough knowledge about internal mechanisms and to debug these .NET threats using WinDbg.

Unfortunately, .NET malware samples have become very challenger because it is so complicated to deobfuscated associated resources, as unpacking and dumping them from memory. Furthermore, most GUI debugging tools does an inside view of mechanisms such as CRL Loader, Managed Heap, Synchronization issues and Garbage Collection.

In the other side, .NET malware threats are incredibly interesting when analyzed from the MSIL instruction code, which allows to see code injections using .MSIL and attempts to compromise .NET Runtime keep being a real concern.

The purpose of this presentation is to help professionals to understand .NET malware threats and techniques by explaining concepts about .NET internals, mechanisms and few reversing techniques.

Alexandre Borges
Alexandre Borges is a Security Researcher, who has been daily working on Reverse Engineering and Digital Forensic Analysis for many years. He has taught training courses about Malware and Memory Analysis, Digital Forensics Analysis and Mobile Forensics around the world. Furthermore, Alexandre is the creator and maintener of Malwoverview triage tool: https://github.com/alexandreborges/malwoverview.

Alexandre has spoken in several conferences such as DEF CON USA (2018), DEF CON CHINA (2019), CONFidence Conference 2019, HITB 2019 Amsterdam, H2HC Conference (2015/2016), BSIDES Sao Paulo (2019/2018/2017/2016) and BHACK Conference (2018).

Finally, it is a referee of Digital Investigation:The International Journal of Digital Forensics & Incident Response (https://www.journals.elsevier.com/digital-investigation/editorial-board)

Twitter: @ale_sp_brazil
LinkedIn: http://www.linkedin.com/in/aleborges
Website: http://www.blackstormsecurity.com/bs/en/en_articles.html, Tool: https://github.com/alexandreborges/malwoverview


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 12:00-12:59


"First-Try" DNS Cache Poisoning with IPv4 and IPv6 Fragmentation

Travis Palmer, Security Research Engineer at Cisco
Brian Somers, Site Reliability Engineer at Cisco

DNS fragmentation attacks are a more recent series of cache poisoning attacks on resolvers. Even if DNSSEC is fully implemented, an attacker can still poison various unsigned records in the response. These types of attacks are difficult but have been considered feasible over IPv4, but impossible over IPv6. Unfortunately, changes to the Linux kernel have made the entropy limiting this attack inferable off-path, poisoning on the first iteration is now possible. This talk will cover how this attack is carried out, and mitigations that can be put in place by operators of DNS servers to limit its effectiveness.

Travis (Travco) Palmer is a Security Research Engineer at Cisco. Travis is a certified OSCP and OSCE who has been getting paid to either fix or break something for over seven years. He is a fan (and sometimes-contributer) of a number of simulator/sandbox video games, and keeper of too many unfinished hardware projects.

Brian Somers is a Site Reliability Engineer for Cisco Umbrella (formerly OpenDNS). He specializes in large scale development on Unix-like platforms, software design & architecture, low level C development, and FreeBSD development.


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Friday - 14:30-15:30


(Ab)using GPOs for Active Directory Pwnage

Identifying privilege escalation paths within an Active Directory environment is crucial for a successful red team. Over the last few years, BloodHound has made it easier for red teamers to perform reconnaissance activities and identify these attacks paths. When evaluating BloodHound data, it is common to find ourselves having sufficient rights to modify a Group Policy Object (GPO). This level of access allows us to perform a number of attacks, targeting any computer or user object controlled by the vulnerable GPO.

In this talk we will present previous research related to GPO abuses and share a number of misconfigurations we have found in the wild. We will also present a tool that allows red teamers to target users and computers controlled by a vulnerable GPO in order to escalate privileges and move laterally within the environment.

About Petros Koutroumpis: Petros Koutroumpis is a penetration tester for MWR InfoSecurity, where he has performed a number of purple team and adversary simulation assessments. His research is mainly focused on Active Directory exploitation and offensive tooling development. Twitter: @pkb1s

About Dennis Panagiotopoulos: Dennis Panagiotopoulos is a penetration tester at MWR InfoSecurity. He has performed a wide variety of engagements ranging from whitebox, objective-based assessments to red teams. His research interests are Windows post-exploitation and active directory. He likes to spent his free time developing new tools and contributing to open source projects for the InfoSec community. Twitter: @den_n1s


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 16:00-16:59


(Re)Thinking Security Given the Spectre of a Meltdown (hold my beer)

Jeff Man, InfoSec Curmudgeon

Have you ever noticed that much of the mission of cyber- and information security professionals seems to be focused on vulnerabilities? Have you ever heard of the risk equation? Perhaps you are familiar with one or more versions that help you derive the risk to your organization (sometimes referred to as residual risk). I have been wondering for a while how to suggest to our industry that there is perhaps TOO much focus on vulnerabilities and not enough attention or focus on the other elements that derive the standard risk equation. The recent disclosure of Meltdown/Spectre introduced a "perfect storm" scenario where the vulnerability wasn't easy to patch or fix, and the solution seemed to be break things. This created a situation where the "security solution" wasn't simply to apply the patch - and that left many organizations scrambling to figure out how to deal with this example of a persistent vulnerability. This is a great example of what I've wanted to discuss for a while - what else should we focus on in terms of security if/when the vulnerabilities still remain. Interested? Intrigued? Come join the discussion!

Jeff Man (Twitter: @MrJeffMan) is an infosec curmudgeon.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Sunday - 13:00-13:45


[ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1

Sunday at 13:00 in Track 1
45 minutes | Demo, Tool

Elliott Thompson Senior Security Consultant, SureCloud Ltd

Your browser thinks my 192.168.1.1 is the same as your 192.168.1.1. Using a novel combination of redirects, Karma, JavaScript and caching we demonstrate that it’s viable to attack internal management interfaces without ever connecting to your network. Using the MICASA-SUCASA tool it’s possible to automate the exploitation of hundreds of interfaces at once. This presentation will introduce the attack vector and demonstration, but also the public release of the MICASA-SUCASA tool.

Elliott Thompson
The alphabet soup: OSCP, CTL/CCT-APP Senior pentester and researcher for the last 3 years, with hundreds of successful engagements behind me. Passionate about security and involved in various article pieces for infosec magazine, the BBC and the UK consumer watchdog Which?. Last year I discovered and disclosed an exploit on some Android tablets that allowed RCE through the tag. [ CVE-2018-16618 ]


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 18:30-19:15


6:30 PM: 0-Day Inside: Analog Analytics, Blood, Muscle, and Electricity
Speaker: Mandy Logan

Abstract: Brainstem & cerebellar strokes=0day for me. No inside voice. No ability to comprehend speech or form words. No movement, no memories. Filters removed. Senses heightened in ways that threatened life. I lived through being reset to abilities of a 6-mo and spent 1000s of hours formulating a new OS based on on/off response of my bodys electrical system and defining electrical signature of words, emotions, sensations, everything. Come listen. Grow stronger.

Speaker Bio: After 5 strokes & major injuries, Mandy is no longer in const/eng. She used life hacking skills from a non-traditional background to re-establish neuro control using her tongue against her teeth & perseverance. Now, as a happy dyslexic autie, she pursues biohacking/stand up/fun/improving lives.

T: @5urv1va7rix

Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 15:00-15:45


100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans

Friday at 15:00 in Track 3
45 minutes | Demo, Tool, Exploit

Jatin Kataria Principal Scientist, Red Balloon Security

Rick Housley Research Scientist, Red Balloon Security

Ang Cui Chief Scientist, Red Balloon Security

First commercially introduced in 2013, Cisco Trust Anchor module(TAm) is a proprietary hardware security module that is used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the foundational root of trust that underpins all other Cisco security and trustworthy computing mechanisms in such devices. We disclose two 0-day vulnerabilities and show a remotely exploitable attack chain that reliably bypasses Cisco Trust Anchor. We present an in-depth analysis of the TAm, from both theoretical and applied perspectives. We present a series of architectural and practical flaws of TAm, describe theoretical methods of attack against such flaws. Next, we enumerate limitations in current state-of-the-art offensive capabilities that made the design of TAm seem secure.

Using Cisco 1001-X series of Trust Anchor enabled routers as a demonstrative platform, we present a detailed analysis of a current implementation of TAm, including results obtained through hardware reverse engineering, Trust Anchor FPGA bitstream analysis, and the reverse engineering of numerous Cisco trustworthy computing mechanisms that depend on TAm. Finally, we present two 0-day vulnerabilities within Cisco IOS and TAm and demonstrate a remotely exploitable attack chain that results in persistent compromise of an up-to-date Cisco router. We discuss the implementation of our TAm bypass, which involves novel methods of reliably manipulating FPGA functionality through bitstream analysis and modification while circumventing the need to perform RTL reconstruction. The use of our methods of manipulation creates numerous possibilities in the exploitation of embedded systems that use FPGAs. While this presentation focuses on the use of our FPGA manipulation techniques in the context of Cisco Trust Anchor, we briefly discuss other uses of our bitstream modification techniques.

Jatin Kataria
Jatin Kataria is the Principal Research Scientist at Red Balloon Security where he architects defensive technologies for embedded systems. Playing both the role of cat and of mouse at Red Balloon has many suggesting that he may be the first real source of perpetual energy. He tires of n-days easily and is always looking for new and exciting ELF shenanigans, caching complications, and the Fedex guy who lost his engagement ring. Prior to his time at Red Balloon Security, Jatin worked at a number of firms as a systems software developer and earned his Master of Engineering at Columbia University.

Twitter: @jatinkataria

Rick Housley
Rick Housley is a Research Scientist at Red Balloon Security and leads their advanced hardware reverse engineering efforts. He often finds himself at the end of a soldering iron hoping he has not bricked another expensive COTs product. His focus at Red Balloon includes the discovery of previously unknown vulnerabilities, novel firmware extraction techniques, and advanced physical reverse engineering using custom tooling. When not designing secure-boot defeating EMPs and interposers, he is building axe handles and baby rattles in his woodshop.

Twitter: @rickyhousley

Ang Cui
Dr. Ang Cui is the Founder and Chief Scientist of Red Balloon Security. Dr. Cui received his PhD from Columbia University in 2015. His doctoral dissertation, titled ”Embedded System Security: A Software-based Approach”, focused exclusively on scientific inquiries concerning the exploitation and defense embedded systems. Ang has focused on developing new technologies to defend embedded systems against exploitation. During the course of his research, he has uncovered a number of serious vulnerabilities within ubiquitous embedded devices like Cisco routers, HP printers and Cisco IP phones. Dr. Cui is also the author of FRAK and the inventor of Software Symbiote technology. Ang has received various awards on his work on reverse engineering commercial devices and is also the recipient of the Symantec Graduate Fellowship and was selected as a DARPA Riser in 2015.


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - outside [TBD location] - Friday - 06:00-07:59


Title:
2019 8th Annual Defcon Bike Ride

2019 8th Annual Defcon Bike Ride

by

TLDR: Ride a bicycle with us at Defcon – signup here. Email info at cycleoverride dot org if you have questions. 

TLDR2:  Bike shop will meet us at 6:30am to hand out rentals. You do not need to go there ahead of time.

It’s time for the Defcon 27 version of the Cycleoverride Defcon bike ride!!!

The date of this years bike ride is Friday, AUGUST 9th, 2019 at 6am. This is Friday of Defcon. We will meet outside [TBD location] at 6:00am. There [may/will] also be a group meeting at the Tuscany at 6 am.

:)

Registration is here. This is just so we can get a count and arrange comms leading up to the event. It will also give us your email so we can blast out any details needed pre ride, or at 5:25am on August 9th.

Heres the deal we have partnered again with McGhies Bike Shop in Las Vegas for our ride. Yes they will throw your clipless pedals and seat posts on if you insist. They have 3 levels of road bikes:  a ~$40 Cannondale Synapse,  and a ~$100 Lance Armstrong starter kit road bike (think Madone.)  Theres also a $125 level also.

Bike rental is first come first serve there are about 18 $40  male road bikes and 5 female after that its a hybrid or a $100 bike.  You can always ship out your bike for about $100 each way on most airlines.


Click HERE for full information.

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Concorde A Ballroom - Friday - 21:00-25:59


Title:
303/Skytalks Pajama Dance Party

Friday night will be a place for con-goers to meet and greet the speakers from Skytalks. We'll also have DJs and potentially have live music too.

https://skytalks.info
https://twitter.com/dcskytalks/status/1146527983588401158

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Rivoli B Ballroom - Saturday - 21:00-25:59


Title:
303/Skytalks Party

A repeat favorite of DEF CON attendees, with DJ's from across the community as well as creative works and technical expertise. What can we say, it's 303!
https://twitter.com/dcskytalks/status/1146527983588401158

Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 10:00-10:59


4 years and 10,000+ Hours Later: Lessons Learned from Running a National Penetration Testing Competition

Tom Kopchak, Competition Director of National CPTC / Director of Technical Operations, Hurricane Labs
Dan Borges, World Team Captain of National CPTC

The National Collegiate Penetration Testing Competition (CPTC) provides students with realistic challenges that prepare for a career in the security assessment field. The architecture of the competition is designed to mimic a real-world organization, while requiring participants to excel in both technical and communication skills. The ultimate goal is to use a unique environment to prepare young professionals to navigate the technical and administrative challenges they are likely to face in their careers. Join National CPTC directors Dan Borges and Tom Kopchak in a deep-dive discussion on what goes into building the competition scenario created for each year's event.

Tom Kopchak (Twitter: @tomkopchak) is the Director of Technical Operations at Hurricane Labs, where he pretends to manage a team of Splunk engineers, but is still an engineer and technology geek at heart. Tom's speaking experience includes a previous talk at DC24 (Sentient Storage - Do SSDs Have a Mind of Their Own?) as well as many talks at other conferences around the country (and BSides LV in 2013). He holds a Master's degree in Computing Security from the Rochester Institute of Technology, and volunteers as the white team captain for the National Collegiate Penetration Testing Competition (CPTC). When he is not working with computers, Tom enjoys composing, music improvisation (Acts of Music), and playing both the piano and organ.

Dan Borges is an information security professional with over 15 years in computer science. Dan participates in a number of cyber security competitions each year, from being on the National CCDC Red Team and helping with the black team for the Collegiate Penetration Testing Competition (CPTC). He is an experienced red teamer who enjoys developing new tools in his free time. He has taught workshops on advanced red teaming at both DEF CON and WOPR Summit. He has been publishing a blog on infosec education for more than 10 years at lockboxx.blogspot.com.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Friday - 18:15-18:45


Friday August 09 2019 1815 30 mins
A Girl Says Nothing: A Social Engineer’s Guide to Playing into Sexism, Racial Stereotypes, and Discrimination
Throughout our history, humans have tried to divide one another to get a competitive edge. Divisions among human societies allowed people to create groups based on commonalities. Militaries thrive on framing the “other” – an unrelatable enemy – to motivate fighters against a foreign enemy. Therefore, it is not surprising that human biases persist. These biases come in the form of sexism, racial stereotypes, and discrimination. Try as we might to rid ourselves of bias, and despite undeniable progress, these biases remain part of our lives.

In the world of social engineering, biases that are exhausting to navigate in everyday life can become essential gadgets in a hacker’s tool belt. Social engineers have the power to live and hide among these biases in order to blend in and gain access. This talk will share stories from real social engineering hacks where playing into people’s biases (sexism, racial profiling, and discrimination) has been advantageous to successful Red Team operations.

Krittika Lalwaney: @ibetika
Krittika is actively emulating threat actors as a Red Team Engineer at Capital One. Prior to red teaming, she hunted for anomalous activity as an Incident Handler. Most recently, Krittika has been honing her social engineering skills by participating in Defcon’s SECTF and winning Derbycon’s SECTF in 2018. She has led several social engineering red team engagements and successfully passed her APSE and MLSE certifications.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Friday - 14:30-14:59


A Hacker Walks Into A Flight School And Says Ouch: Common Online Security Fails In Pilot Training

Speaker – Tarah (@tarah)

Synopsis

As an information security researcher beginning my private pilot’s license training, I was startled to see the common security fails in many resources available for pilots, including official training/FAA sites, and more. I’ll cover a couple of the most common plane/instructional booking sites’ major security issues, and what to expect from having your personal information exposed online as will be at least partially required if you too decide to learn to fly a plane. I’ll cover Bluetooth and radio interference in avionics, Garmin instrument panels requesting keyboard input, and some simple checks to keep yourself aware of potential security issues in flight. I am not disclosing any 0-day or anything that isn’t already available online; this talk is intended to summarize the worst offenders and low-hanging fruit. I’d like to keep my FAA license; thank you very much.

About the Speaker

Intrepid adventuress, mother of war kittens, pilot-in-training.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Saturday - 11:00-11:59


A hackers first solo: airplane avionics security 101

No description available


Return to Index    -    Add to    -    ics Calendar file

 

RGV - Flamingo - 3rd Floor - Carson City II - Saturday - 14:00-14:59


Title:
A Life of Advantage Play

J.R. from Four Suits will interview rx gamble, a professional gambler who has earned her living beating casinos. An advantage player, she is focused on finding the flaws and gaps in casino game procedures that allow the careful player to gain an edge. With thousands of hours spent on games like poker, blackjack, and more, she will discuss some of the physical techniques, psychological ploys, and oddities of casino history that make it possible to beat the odds.
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Sunday - 10:15-10:59


10:15 AM: A Minor Threat: What healthcare technology companies can learn about infosec from the Washington DC Punk Scene: 1979-1992
Speaker: Mike Kijewski

Abstract: The changes healthcare IT and medical device companies need to make to their product development processes to address infosec challenges are radical. Many of these same challenges were overcome by the Washington DC punk scene in the 80s and 90s. Bands from Minor Threat to Fugazi used information sharing and first-principles thinking to bring lasting change to the music industry. If you are responsible for the security of healthcare software, its time to think like a punk.

Speaker Bio: Mike is the cofounder of MedCrypt, a medical device cybersecurity startup based in San Diego, CA.

T: @mikekijewski

Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Sunday - 12:20-13:10


A single global public-utility blockchain & cryptosystem

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Friday - 10:50-11:40


A Smart Contract Killchain. How the first Blockchain APT was caught

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Friday - 14:00-14:59


A Theme Of Fear: Hacking The Paradigm

Friday 14:00, Savoy Ballroom, Flamingo (Blue Team Village) (1H)

@investigatorchi is a security researcher, speaker, and Senior Information Security Analyst at University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a data forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness amongst faculty and staff via a comprehensive department-wide program which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous prestigious information security conferences including DEF CON and Hacker Halted. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.

The InfoSec industry was born out of fear. Initially it was fear from virus infections and later, external attacks. We capitalized on that fear to build more secure environments. But fear is hard to manage: too much fear breeds paralysis, and too little fear breeds complacency. This talk will take a look at the history of fear in InfoSec, explore how its impact has shaped the industry, and how it is now getting in the way. Fortunately, we can provide the next generation a new paradigm to affect change. This talk presents some ideas on what the new security paradigm could be, and most importantly - how to enable a security-minded culture without using fear.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 11:00-11:40


COMPREHENSIVE TALK

A URL Shortened By Any Other Name

1100 - 1140


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 12:30-13:05


LIVE TOOL DEMO

“Can you add a conference line, please?” - Using Cloud Services for Dial-In Reconnaissance Automation

1230 - 1305

Alina Dorina


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Saturday - 14:00-14:30


Abusing the IoT in Smart Buildings

August 10, 2019 2:00 PM

Building Automation Systems control functions such as air conditioning, access control, and video surveillance in critical facilities such as data centers and airports. With the advent of the IoT, sensors, controllers and many other devices (e.g., surveillance cameras) are available in consumer shops and are being integrated into new and existing smart buildings. These devices are much cheaper than industrial controllers and far easier to install, but they often lack security features and vulnerabilities are discovered with increasing frequency. In addition, bad security practices such as simple or default credentials, unencrypted traffic and lack of network segmentation remain common. In this presentation, we discuss the results of research conducted at Forescout in the past 2 years, including: an analysis of the security landscape for smart buildings with industrial controllers and IoT devices; the development of a proof-of-concept malware using newly discovered and previously known vulnerabilities; and a description of how this can be used by malicious actors in emerging attack scenarios.

Speaker Information

Panelist Information

Daniel dos Santos

Forescout

Daniel dos Santos holds a PhD in computer science from the University of Trento and has experience in security consulting and research. He is a researcher at Forescout, focusing on vulnerability research and the development of innovative features for network security monitoring.


Return to Index    -    Add to    -    ics Calendar file

 

PHVW - Bally's - Indigo Tower - 26th Floor - Saturday - 16:00-17:59


Advanced APT Hunting with Splunk

John Stoner, Principal Security Strategist, Splunk
Ryan Kovar, Principal Security Strategist, Splunk

You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the “fictional” APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre ATT&CK framework and how these concepts can frame your hunting. Using the freely available version of Splunk and OSINT, we will hunt for APT activity riddling a small startup's network. During the event, you will be presented a hypothesis and conduct your own hunts, whether it is for persistence, exfiltration, c2 or other adversary tactics. Heck, there might be some PowerShell to be found, too. We will regroup and review the specific hunt and discuss findings and what opportunities we have to operationalize these findings as well. At the end, we give you a dataset and tools to take home and try newly learned techniques yourself.

John Stoner (Twitter: @stonerpsu) is a Principal Security Strategist at Splunk where he enjoys writing, problem solving and building stuff. When not doing cyber things, you can find him reading or binge watching TV series that everyone else has already seen.

Ryan Kovar fought in the cyberwars and has been doing cybery things for almost 20 years. Now he is a Principal Security Strategist at Splunk building cool stuff, talking about security thingies, and helping other people fight their battles. He hates printers.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock VI - Friday - 14:30-18:30


Advanced Custom Network Protocol Fuzzing

Friday, 1430-1830 in Flamingo, Red Rock VI

Joshua Pereyda Software Engineer

Carl Pearson Security Analyst

Get hands on experience writing custom network protocol fuzzers. This class will cover the basics of network protocol "smart fuzzing." Exercises will utilize the open source network protocol fuzzing framework, boofuzz.

Attendees will gain practice reverse engineering a network protocol, implementing and iterating on a custom fuzzer, and identifying vulnerabilities.

After:

1. You will know the basics of fuzzing.
2. You will know how to write custom network protocol fuzzers using state of the art open source tools.
3. You will have hands on experience with this widely-discussed but still largely mysterious test method.

Before (Prerequisites): You should:

1. Be comfortable doing some basic programming in Python.
2. Understand basic network protocol concepts (e.g. what is a protocol and what is a network layer).
3. Be familiar with WireShark and how to use it.
4. Have a laptop with at least 8 GB of RAM (16 GB recommended).

What you won't learn:

1. Exploit development.
2. Python programming. Because you can already do that (see above). ;)

Fuzzing is a wide and deep field with a wide array of technologies. This class is a beginner-friendly deep dive into one niche of the fuzzing world.

Skill Level Intermediate

Prerequisites: 1. Some basic Python programming experience (some programming ability is REQUIRED). 2. Basic understanding of network protocols. 3. Basic familiarity with Wireshark. 4. Optional: Fuzzing experience.

Materials: 1. Laptop with at least 8 GB of RAM (16 GB recommended). 2. Have a recent version of VMWare Player installed. 3. Strongly recommended: configure for Defcon secure Wi-Fi access beforehand.

Max students: 70

Registration: https://www.eventbrite.com/e/advanced-custom-network-protocol-fuzzing-red-rock-vi-tickets-63609251985
(Opens 8-Jul-19)

Joshua Pereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. Among his passions are hacking, teaching kids to program, attending orchestral concerts with his wife, and figuring out how he can get paid to do it all... legally.

Joshua is the maintainer of the boofuzz network protocol fuzzing framework.

Carl Pearson
Carl is a security analyst with a passion for network and application security. He works as a blue team member in the higher education field by day and an independent red team researcher by night. His interests include poking around inside software and systems, figuring out what makes them tick. When he's not hunting bugs or writing code, you can find him exploring the great outdoors.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 14:40-15:15


LIVE TOOL DEMO

Advanced Recon with OWASP Amass

1440 - 1515


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock VII - Thursday - 14:30-18:30


Advanced Wireless Attacks Against Enterprise Networks

Thursday, 1430-1830 in Flamingo, Red Rock VII

Gabriel "solstice" Ryan

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and preconfigured live USBs will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.

Skill Level Intermediate

Prerequisites: A previous wireless security background is helpful but certainly not required.

Materials: Students will be required to provide their own laptops. Student laptops must be capable of running virtualization software such as VMWare or VirtualBox, and must have at least one free USB port. The instructor will provide each student with a single external wireless interface for use within the lab environment. Students will be responsible for downloading and installing the lab environment before the start of the workshop.

Max students: 70

Registration: https://www.eventbrite.com/e/advanced-wireless-attacks-against-enterprise-networks-red-rock-vii-tickets-63607316195
(Opens 8-Jul-19)

Gabriel "solstice" Ryan
Gabriel Ryan is an offensive security R&D and consultant at SpecterOps. He is the author of EAPHammer, a toolkit for performing targeted rogue access point attacks against enterprise wireless networks. Gabriel has presented at DEF CON, DerbyCon, Hackfest, and several Security BSides conferences on topics ranging from infrastructure security to access control protocols and red team tradecraft. His professional interests include wireless security, systems internals, low-level programming, and infrastructure automation.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock II - Thursday - 14:30-18:30


Advanced Wireless Exploitation for Red Team and Blue Team

Thursday, 1430-1830 in Flamingo, Red Rock II

Besim Altinok Founder & CEO,Pentester Training

Bahtiyar Bircan Senior Consultant, Eurocontrol / EATM-CERT

In this workshop, participants will be informed about attacks and defense of the wireless networks. Attendees will learn how to attack and gain access to WPA2-PSK and WPA2-Enterprise wifi networks, bypass network access controls, and gain administrative control over an Active Directory environment.

In addition, Attendees will learn to fight against WiFi Pineapple, KARMA attack and fake access point opening techniques and will develop tools with Scapy. At the end of all this will be an award-winning CTF :)

Areas of focus include:
Basically communication for wifi networks
Understanding how monitor mode works
Collect WiFi data
Gain access to WPA2-PSK and WPA2-Enterprise networks
How can we fight against wifi hackers?
How can I improve the WiFi hacking tool?
CTF

Skill Level Intermediate/Advanced

Prerequisites: .-python scripting - be comfortable in Kali Linux

Materials: Students will need to bring a laptop with at least 8 gigs of RAM, a 64-bit operating system, at least 100 gigs of hard drive space (external drives are fine), and at least one free USB port. In addition, they will need to provide a network card that supports monitor mode and injection. - external - (example: TP-LINK WN722N, Alfa Card .. ) Students will also be required to download and install a virtual lab environment prior to participating in the workshop. Everything else will be provided by the instructor team.

Max students: 40

Registration: https://www.eventbrite.com/e/advanced-wireless-exploitation-for-red-team-and-blue-team-red-rock-ii-tickets-63606797644
(Opens 8-Jul-19)

Besim Altinok
Besim Altinok (@AltnokBesim) has been researching Wi-Fi security for over a decade. He created WiPi-Hunter project against Wi-Fi hackers. He is the author of a book on Wi-Fi security. Besim's work on wireless security has been published in ArkaKapi Magazine and others. He has also spoken at top conferences including BlackHat Europe, Blackhat ASIA, Defcon, and others.

Besim ALTINOK works currently at Barikat Internet Security in Turkey. Besim also founded Pentester Training project.

Bahtiyar Bircan
Bahtiyar Bircan is security enthusiastic with 17 years of experience attacking and securing enterprise IT systems. During his career, he worked on many governments, military and private sector IT security projects.

His experience includes penetration testing, security audit, secure system design, and implementation, virtualization and cloud security, incident response, exploit development, security research, system and network administration.

He is a regular speaker of national and international security conferences like BlackHat, IDC, NATO, OWASP-TR, NOPCon, Tübitak Bilgi Güvenliği Konferans, IstSec, AnkaSec.

Currently, he is a senior security consultant, trainer and managing partner for Barikat Akademi. Previously, he worked in several defense contractors and government agencies, like Tubitak Cyber Security Institute and Havelsan in Turkey. He was a part of numerous security projects for government, military, and public institutions. Also, he is an adjunct instructor teaching cybersecurity at TOBB University. He has authored and contributed to various public/internal tools, training courses, and methodologies.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Sunday - 10:00-10:45


Adventures In Smart Buttplug Penetration (testing)

Sunday at 10:00 in Track 2
45 minutes | Demo, Tool

smea

Analysts believe there are currently on the order of 10 billions Internet of Things (IoT) devices out in the wild. Sometimes, these devices find their way up people's butts: as it turns out, cheap and low-power radio-connected chips aren't just great for home automation - they're also changing the way we interact with sex toys. In this talk, we'll dive into the world of teledildonics and see how connected buttplugs' security holds up against a vaguely motivated attacker, finding and exploiting vulnerabilities at every level of the stack, ultimately allowing us to compromise these toys and the devices they connect to.

smea
smea got his start making video games for closed consoles like the Nintendo DS using whatever hacks were available at the time. At some point consoles started getting actual security features and he transitioned from just making homebrew software to actually making the jailbreaks that let people run it. He's best known for his work on the Nintendo 3DS and Wii U but has also done exploitation work against high profile web browsers and virtualization stacks. Now he hacks buttplugs, apparently.

Twitter: @smealum
Github: https://github.com/smealum


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 14:00-13:59


Adversarial Fashion – Sartorial Hacking to Combat Surveillance

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Friday - 16:20-17:10


Alice and Bob's Big Secret

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 11:00-11:45


All the 4G modules Could be Hacked

Friday at 11:00 in Track 3
45 minutes | Exploit

XiaoHuiHui Senior Security Researcher, Baidu

Ye Zhang Security Researcher, Baidu

ZhengHuang Leader of Baidu Security Lab X-Team, Baidu

Nowadays more and more 4G modules are built into IoT devices around the world, such as vending machines, car entertainment systems, laptops, advertising screens, and urban cameras etc. But no one has conducted a comprehensive security research on the 4G modules. We carried out this initiative and tested all the major brand 4G modules in the market (more than 15 different types). The results show all of them have similar vulnerabilities, including remote access with weak passwords, command injection of AT Command/listening services, OTA upgrade spoofing, command injection by SMS, and web vulnerability. Through these vulnerabilities we were able to get to the shell of these devices. In addition to using wifi to exploit these vulnerabilities, we created a new way to attack through fake base station system, triggered by accessing the intranet of cellular network, and successfully run remote command execution without any requisites. In this talk, we will first give an overview on the hardware structure of these modules. Then we will present the specific methods we use in vulnerability probe. In the final section we will demonstrate how to use these vulnerabilities to attack car entertainment systems of various brands and get remote control of cars.

XiaoHuiHui
Shupeng (xiaohuihui) is a member of Baidu Security Lab. He is an expert on IoT security, AI security, penetration testing, etc. He was invited to talk on multiple security conferences, and successfully pwned IOT equipments on XPwn 2016/2017/2018, GeekPwn May/October 2017,the biggest pwn competitions in China.

Twitter: @xi4ohuihui

Ye Zhang
Ye Zhang is a security researcher of Baidu Security Lab X-Team. He's good at reverse engineering and malware analysis, now he focuses on finding IoT vulnerabilities.

ZhengHuang
Zheng Huang is the head of Baidu Security Lab X-Team. He is a prolific finder of vulnerabilities in the browser security area, has contributed a lot of vulnerabilities in Microsoft browsers, Chrome, and Safari. Previously, he mainly focused on malicious URL detection and defense of APT attacks, he is now responsible for the research of autonomous driving security.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 14:30-16:15


2:30 PM: Amputees and Prosthetic Challenges: Creating Functionality, Dignity Restoring, Interaction, and Enabling Technology
Speaker: Wayne Penn

Abstract: The human body is the most elegant and complex machine ever created, but often we do not realize how well it works until a major system has been compromised such as with an amputation severing and removing an element of the neuromuscular and skeletal system. There are 1 million annual limb amputations globally, which equates to one every 30 seconds. With those kinds of numbers and what we see in science fiction TV and film, one would expect that prosthetic technology is ubiquitous and advancing at an exponential pace. However, prosthetic technology advancement can be correlated with periods immediately following military conflicts and still not able to fully replicate anatomical function, which is why we are seeking assistance of those at DEFCONs Biohacking Village to collaborate and help create prosthetic solutions. Wayne Penn, a biomedical engineer and entrepreneur, will be joined by bi-lateral amputee Chuck Hildreth Jr., and Occupational Therapist Laurel Koss to discuss the etiology and epidemiology of amputations, challenges amputees face, the secondary or associated conditions and complications, and their shared experiences while working on advanced robotic prosthetic limb research programs such as the DEKA/DARPA/Mobius Bionics Luke Prosthetic Arm System. Chuck will give a demonstration of the Luke Arm System, the only full powered shoulder down prosthetic arm system in existence. Introductions will be given to the two BHV Prosthetic Labs taking place following the talk and ran by this presentation team. The first Lab will be to create a family of Quick Change Magnetic Adapters for Activities of Daily Living to hold items for personal hygiene as well as items for eating and food preparation utilizing 3D Printing. The second Lab, Thermo Limbs, will be introduced by 7th graders, Piper Vail Lalla and Ava Conlon, who won the Best Idea in the Medical Field and a $20,000 grant for a patent application at the National Invention Convention. This lab will focus on creating microprocessor controlled cooling systems for amputees, as thermal regulation is a major issue that affects amputees with the loss of their major sweat and heat dissipation surfaces.

Speaker Bio: Wayne is a biomedical engineer and entrepreneur. He received his undergraduate degree in biomedical engineering from Columbia University, and his graduate degree in mechanical engineering with a focus on biomechanics from Boston University. He worked as the Clinical Research Coordinator at DEKA Research & Development on the DARPA/DEKA Luke Prosthetic Arm Project and the Product Marketing Manager for the MIT Media Lab startup iWalk for the BiOM Powered Prosthetic Ankle System, now the Ottobock Empower Ankle. He has continued his work in prosthetics focusing on advanced human interface, controls, and fitting systems for amputees while working in partnership with biodesigns. Wayne founded and leads his multidisciplinary engineering and design team at Charged Concepts, whose mission is to turn innovative concepts into impactful real world technology, programs, and initiatives.

T: @chargedconcepts

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock I - Thursday - 14:30-18:30


An Introduction to Deploying Red Team Infrastructure

Thursday, 1430-1830 in Flamingo, Red Rock I

Troy Defty Hacker

Erik Dul Hacker

The use of remote-access malware has never been more prevalent, and in order to replicate or mitigate this threat, an understanding as to how the infrastructure supporting such an attack operates is crucial. From accounting for outbound network filtering controls, to building resilience with redundant inbound proxies, deploying an implant blindly into a target is more complex than 'msf > exploit'.

This workshop aims to build an understanding around how malware Command and Control (C2) infrastructure is designed, built, and configured, and to provide attendees with experience in deploying malware within a realistic network environment. This will include:

- A run-through of a basic red team campaign
- The properties of a solid malware implant
- Spinning-up Command and Control (C2) infrastructure, including burner inbound proxies, etc.
- Configuring an implant to find and utilise outbound routes from a realistic corporate network, and to call back to our new infrastructure
- Basic delivery of malware via common delivery routes
- Gaining a persistent presence, and identifying routes to the campaign objectives

We will be using Meterpreter and the Metasploit framework as the implant supported by Kali Linux, alongside Apache as a reverse proxy; all of which will be cloud-hosted. We will be using a variety of post-exploitation techniques to help attendees get to grips with some of the potential nuances of remote malware interaction (long RTTs, blind command execution, etc.).

Reading list:

https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf
https://ionize.com.au/reverse-https-meterpreter-and-empire-behind-nginx/
https://medium.com/@truekonrads/reverse-https-meterpreter-behind-apache-or-any-other-reverse-ssl-proxy-e898f9dfff54

Skill Level Intermediate

Prerequisites: Basic knowledge of networking, Meterpreter/Metasploit Framework, basic Linux administration, knowledge of basic Windows privilege escalation

Materials: Laptop, 8GB RAM, Kali as a base or a VM, with all updates applied Ethernet cable

Max students: 24

Registration: https://www.eventbrite.com/e/an-introduction-to-deploying-red-team-infrastructure-red-rock-i-tickets-63439433052
(Opens 8-Jul-19)

Troy Defty
Having worked in the UK InfoSec industry for around five and a half years at Deloitte and later Context Information Security, Troy abandoned a dreary sun-less London and has been working in the Australian industry out of Sydney for nearly a year with PS+C Pure Hacking. His interest and experience is largely in bespoke penetration testing engagements (red teaming, scenario-based assessments, etc.), with broad coverage across the penetration testing spectrum. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and being bad at golf.

Erik Dul
Erik's first encounter with IT security was when he discovered the fascinating internals and configurability of ISDN NT boxes. Since then he has worked in various network security roles, spending the last few years as a penetration tester in the UK and Australia. He is currently heading up the offensive security team of PS+C Pure Hacking in Sydney. His main professional focus is scenario based and bespoke engagements, with particular interest in network and embedded device security. When not hard at work, you can find him somewhere close to the water, or playing tennis.


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Sunday - 12:00-12:59


An Introduction To Malware Analysis

Sunday 12:00, Savoy Ballroom, Flamingo (Blue Team Village) (1H)

@Understudy77 is an obsessive clicker of links, Shawn is a current Paranoid and Head of Security Operations at Verizon Media with a past history of Incident Response, threat hunting, and malware analysis.

A mostly live demo of base concepts of malware analysis using a multitude of tools on a Dridex sample pulled from a phishing campaign from PDF attachment to executable installation. The main point is to show people some base tools to dive headfirst into analysis of suspicious files.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Sunday - 11:30-11:59


An introduction to the ARINC standards

Speaker – Karl

Synopsis

ARINC is a 90-year-old company originally created to coordinate and support radio communications for airlines. Since then, ARINC has developed several standards to promote interoperability between manufacturers of line-replaceable units (LRUs.) This talk will cover major ARINC standards, such as ACARS (an air-to-ground messaging system), 429 (the CAN bus of aviation), and AFDX, and explain why it’s completely impossible to control a 737 through a compromised in-flight entertainment system.

About the Speaker

Karl Koscher is a research scientist at the University of Washington where he specializes in wireless and embedded systems security. In 2011, he led the first team to demonstrate a complete remote compromise of a car over cellular, Bluetooth, and other channels.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock IV - Thursday - 14:30-18:30


Analysis 101 for Hackers and Incident Responders

Thursday, 1430-1830 in Flamingo, Red Rock IV

Kristy Westphal Hacker

You have a theory about something you have found while roaming the network or conducting your own hackfest, but how do you go about proving it? This workshop will be a hands-on journey deep into the world of analysis. While analysis is a bit of an art form, there are methods that can be applied to make it less of a gut feeling and more of a scientific approach to support your hypothesis. From network forensics to log analysis to endpoint forensics and malware analysis, we will review numerous quick methods to gain context over the data you have gathered and apply critical thinking in an attempt to find the answers. Sometimes, the answers weren't meant to be found, but we'll also discuss how to make the best of any conclusion that you reach.

Skill Level Beginner/Intermediate

Prerequisites: Security Operations Center background helpful, but not required. Operating Systems and Network basics helpful. A curiosity to figure out stuff is mandatory!

Materials:Bring a laptop with OS of your choice. You will need the Kali Linux (suggest VM or Virtual Box) and free Splunk (Splunk Light) installed ahead of time. You will also need to download sample files from this link: https://drive.google.com/drive/folders/1wimiz_aEHQxqQIxhBeTrePICnvR5r6b6?usp=sharing

Max students: 80

Registration: https://www.eventbrite.com/e/analysis-101-for-hackers-and-incident-responders-red-rock-iv-tickets-63606992226
(Opens 8-Jul-19)

Kristy Westphal
Kristy Westphal is a versatile information technology professional with specific experience in providing advisory and management services in the area of information security and risk. She currently runs an incident response team at a large organization in Tempe, AZ. Specializing in leadership and program development, specific expertise in security areas includes: process analysis, risk assessments, security awareness programs, operating system security, network security, incident handling, vulnerability analysis and policy development.


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Saturday - 14:00-14:59


Anatomy Of A Megabreach: Equifax Report

Saturday 14:00, Savoy Ballroom, Flamingo (Blue Team Village) (1H)

@uncl3dumby is enamored with defense and protective thinking. My career has focused on security operations, but I love understanding the way systems operate. I'm passionate about investigating root cause of incidents, or how things came to be the way they are. Security is a full-stack, cross discipline field and I love learning about and digging into it all!

Following testimony in Congress and a lengthy investigation of the Equifax breach in 2016, U.S. House of Representatives drafted a report. The report is AMAZING! It includes details of Equifax corporate structure, IT infrastructure, and covers timelines and minutiae of the breach itself. It has information that is extremely interesting and useful for security practitioners, but we might not all have the time or interest to wade through 97 pages of deep information. I did that for you! My talk is a comprehensive review of the report that covers everything I considered interesting or important.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 1 - Friday - 10:00 - 11:50


Antennas for Surveillance applications

Friday from 10:00 – 11:50 in Sunset 1 at Planet Hollywood
Audience: All

Kent Britain & Alexander Zakharov

The antenna is one of the most important pieces of a good receiver. Yet it seems technical specifications are made up by the Marketing Departments, not by the Engineers. Wild claims about gain and misleading data seem to be the norm. In this Demonstration you will be able to see and hear the effects of gain and have a better understanding of beamwidths and patterns. Over a dozen different antennas will be available for demonstration, and our miniature antenna range can do some quick tests on your antenna.

http://WWW.WA5VJB.COM

Kent Britain
Kent Britain has been professionally designing antennas for over 25 years. He has developed over 1200 specialized antennas for consumer products, government agencies, military applications, and satellites. The antenna columnist for Monitoring Times, Popular Communications, CQ, CQVHF, and DUBUS magazines.

Alexander Zakharov
Alex has over 25 years of experience in the Telecommunications, Information Technology and IT Security fields. He was responsible for the creation and deployment of solutions protecting networks, systems and information assets for a large number of organizations in both the private and public sectors.

Alex is a brain and architect behind Airbud appliance - the ultimate wireless development and testing platform ready to use with a full spectrum of wireless applications like pentesting and monitoring or router and firewall projects. Number of custom models developed are using antennas created together with Kent's help and advice. Reference - www.alftel.com


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Saturday - 16:30-16:50


Apache Solr Injection

Saturday at 16:30 in Track 4
20 minutes | Demo, Exploit

Michael Stepankin Security Researcher at Veracode

Apache Solr is a search platform used by many enterprise companies to add a full text search functionality to their websites. Often hidden behind firewalls, it provides a rich API to search across large datasets. If this API is used by web applications in a wrong way, it may open a possibility for injection attacks to completely modify the query logic.

In this talk we’ll shed some light on the new type of vulnerabilities for web applications - Solr parameter injection, and provide some useful ways how to achieve remote code execution through it. We also provide exploits for almost all known vulnerabilities for Apache Solr, including the two new RCEs we reported this year.

Michael Stepankin
Michael Stepankin is a Security Researcher at Veracode. He works on bringing new detection features to Veracode’s dynamic and static scanner engines. As a passionate hacker, he loves to hack enterprise java applications by day and write beautiful JavaScript code by night. Listed in Halls of Fame of various bug bounty programs, Michael has also worked as a penetration tester for many years.

Twitter: @artsploit


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Friday - 12:00-12:45


API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web

Friday at 12:00 in Track 4
45 minutes | Demo, Exploit

Joshua Maddux Security Researcher / Software Engineer, PKC Security

The 2016 WWDC saw the dawn of Apple Pay Web, an API that lets websites embed an Apple Pay button within their web-facing stores. Supporting it required a complex request flow, complete with client certificates and a custom session server. This proved detrimental, since Apple failed to caution against important side effects of taking in untrusted URLs. As a result, many new SSRF vulnerabilities entered the world. Worse yet, while they were exploitable and discoverable in similar ways, they were spread across distinct codebases in several programming languages, so could not be patched in any generic way.

Apple is not alone - in the process of gluing the web together, Twilio, Salesforce, and others have all created similarly broad attack surfaces. When companies fail to take an honest, empathetic look at how clients will use a product, they shove along hidden security burdens. Those who integrate with an API have less context than those who create it, so are in a worse position to recognize these risks.

Engineers have been talking about defensive programming for decades, but top companies still have trouble practicing it. In this talk we explore these mistakes with demos of affected software, and introduce a powerful model for finding broad classes of bugs.

Joshua Maddux
Joshua Maddux started out as a software engineer. After a few years, having introduced his share of problems to the world, he turned his life around and started hunting for vulnerabilities. Now at PKC Security he does a mix of software development and white-box penetration testing, with a focus on helping startups move fast without breaking too many things.

Aside from pentesting for clients, Joshua is also active in the bug bounty world. His past research has led to security updates in Java, Gitlab, United Airlines, Zapier, and others.

Twitter: @joshmdx


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 10:40-11:20


Speaker: Ayman Elsawah

Twitter: @coffeewithayman

Abstract: In this talk I am going to walk through how we can use pareto's principle to secure all our AWS accounts. What this means is with just 20% of effort, we can accomplish 80% security of our AWS accounts. We will be leveraging the power of AWS Organizations and IAM to accomplish our goals. This will be a technical talk and guide on how to secure your account.

This talk assumes you have secured your individual AWS accounts at the basic level by locking down your root accounts with 2FA, and etc.

About Ayman: Ayman Elsawah is a veteran Information Security Professional and Educator having worked in a variety of industries including Financial, Social Media, Global E-Commerce, Silicon Valley Startups, and the Movie/Entertainment Industry. An early user of AWS, Ayman specializes in AWS Security and helps companies operationalize their presence in the cloud and take their security maturity to the next level. He has built custom tools internally for organizations with hundreds of AWS accounts helping streamline their operations. His specializations are in Centralized Log Management and Identity and Access Management (IAM). He is also the host of the Getting Into Infosec Podcast and author of a book Breaking IN: A Practical Guide to Starting a Career In Information Security. He loves teaches others about Information Security and Cloud.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Rivoli A Ballroom - Saturday - 21:30-25:59


Title:
Arcade Party

Relive once again the experience of the arcade at DEF CON. From classics to a custom built 16 player foosball table! Jam out to DJ Keith Myers while taking another swipe at that high score on your favorite classic video games. No quarters required! This party is open to all DEF CON 27 Attendees. Registration is not required. This EPIC party is sponsered by: SCYTHE, GRIMM, ICS Vilage, DRAGOS, and Bugcrowd
Arcade Party

Return to Index    -    Add to    -    ics Calendar file

 

DC - DC101, Paris Theatre - Thursday - 12:00-12:45


Are Quantum Computers Really A Threat To Cryptography? A Practical Overview Of Current State-Of-The-Art Techniques With Some Interesting Surprises

Thursday at 12:00 in DC101, Paris Theatre
45 minutes | Demo

Andreas Baumhof Vice President Quantum Technologies, QuintessenceLabs Inc.

Shor's Algorithm for factoring integer numbers is the big threat to cryptography (RSA/ECC) as it reduces the complexity from exponential to polynomial, which means a Quantum Computer can reduce the time to crack RSA-2048 to a mere 10 seconds. However current noisy NISQ type quantum computers are very limited to something like 16 bit RSA keys. And the quality of the current qubits is so bad that error-correction comes at a massive cost of at least 100 times the amount of qubits.

While the world is pre-occupied whether we have universal quantum computers big enough for Shor's algorithm, Quantum Annealing is stealing the show with having factored a 20-bit number just in January this year using 97 qubits. And these qubits are actually good enough to factor bigger numbers. If we assume a linear scalability, we'd "only" need around 10,000 qubits to factor a 2048bit RSA key. D-Wave announced a quantum computer with 5,640 qubits, so that puts it within reach soon.

So, could Quantum Annealing be more of a threat to cryptography than Shor's algorithm on universal quantum computers? How do these algorithms work? How do they achieve a polynomial complexity to what traditional computers need exponential time? What impact will this have on the competition from NIST for the design of post-quantum-cryptography algorithms?

Andreas Baumhof
Andreas Baumhof is Vice President Quantum Technologies at Quintessence Labs. He is responsible for all developments relating to Quantum Technologies such as Quantum Random Number Generator, Quantum Key Distribution or Quantum Computing in general. Before this role, Andreas was CTO for ThreatMetrix Inc, the global leader in digital identities, where he was responsible for software engineering. He helped lead the company to a very successful exit and a 830m USD acquisition by Lexis Nexis/RELX. Andreas holds a mathematics degree from the University of Munich. In his spare time he enjoys mountain biking, snowboarding and spending time with his family.

Twitter: @abaumhof
LinkedIn: https://www.linkedin.com/in/abaumhof/


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 14:00-14:45


Are Your Child's Records at Risk? The Current State of School Infosec

Friday at 14:00 in Track 2
45 minutes

Bill Demirkapi Independent Security Researcher

From credit reporting agencies to hotel enterprises, major data breaches happen daily. However, when was the last time we considered the data security of children and middle-level education students? The infosec community spends so much time thinking about enterprise security and user privacy, but who looks after those who can't defend themselves? Unknown to most, there are only just a handful of major educational software providers—and flaws in any of them can lead to massive holes which expose the confidential information of our rising generation, this speaker included. Additionally, while many dismiss educational data as “just containing grades”, the reality is that these systems store extremely sensitive information from religious beliefs, health and vaccine-related data, to even information about parental abuse and drug use in the family.

This talk will cover never-before-seen research into the handful of prominent educational software companies, the vulnerabilities that were found, the thousands of schools and millions of students affected, and the personal fallout of such research. Vulnerabilities discussed will range from blind SQL injection to leaked credentials for the entire kingdom. If a high school student can compromise the data of over 5 million students and teachers, what can APT do?

Bill Demirkapi
Bill is a 17-year-old high school student with an intense passion for the information security field. Bill's interests include game hacking, reverse engineering malware, and breaking things. Next year, Bill will be attending the Rochester Institute of Technology where he hopes to grow his career and knowledge in the enormous field of Cybersecurity. In his pursuit to make the world a better place, Bill constantly looks for the next big vulnerability following the motto "break anything and everything".

Twitter: https://twitter.com/BillDemirkapi
Blog: https://d4stiny.github.io


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 13:50-14:40


COMPREHENSIVE TALK


Asset Discovery: Making Sense of the Ocean of OSINT

1350 - 1440


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Sunday - 11:00-11:59


Atomic Threat Coverage: ATT&CK In Action!

Sunday 11:00, Savoy Ballroom, Flamingo (Blue Team Village) (1H)

@yugoslavskiy is leading Threat Detection team at Tieto Security Operations Center (SOC) in Czech Republic, Ostrava. Before that, he was responsible for processes and systems architecture development of Informzaschita SOC in Moscow, Russia. Daniil spent more than six years in Practical Computer Security and Network Monitoring domains. He holds OSCP, CCNP Security, GCFA and GNFA certifications. He had talks at Code Europe, CONFidence, Amsterdam FIRST Technical Colloquium, x33fcon, EU MITRE ATT&CK community workshops, presenting Intelligence-Driven Defence approach implementation and MITRE ATT&CK operationalization. Daniil is also member of GIAC Advisory Board, Krakow 2600 Meetings coordinator and creator of Atomic Threat Coverage project.

We will present our project which allows to automatically generate actionable analytics, designed to combat threats (based on the MITRE ATT&CK adversary model) from Detection, Response, Mitigation and Simulation perspectives. This way Atomic Threat Coverage represents a Core of Security Operations Center, creating analytics database with all entities, mapped to all meaningful, actionable metrics, ready to use, ready to share and show to leadership, customers and colleagues.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Friday - 14:20-14:50


Speaker: Edoardo Gerosa

Twitter: @netevert

Abstract: Azure Sentinel, Microsoft's new cloud SIEM solution, was recently released on the market. Notwithstanding its strengths Sentinel offers limited threat hunting capabilities out of the box and setting up an effective hunting solution is not straightforward. The Sentinel ATT&CK GitHub project is designed to provide guidance on setting up an ATT&CK-driven process monitoring solution within Sentinel; giving DFIR professionals a tool to effectively hunt in the Azure cloud.

The project, building on previous work from the open source DFIR community, provides instructions on how to properly configure Sysmon to monitor and detect specific processes in alignment with MITRE's ATT&CK framework. Secondly it provides clarity on how to onboard Sysmon logs from Windows virtual machines, shedding light on some poorly documented areas, while also offering an open source parser to correctly ingest Sysmon data in conformity with the Open Source Security Event Metadata information model. Thirdly it offers around 120 open source Kusto Query Language alerts ready for deployment; each mapped to a unique MITRE ATT&CK technique. Fourthly it provides a dedicated threat hunting dashboard to help DFIR professionals monitor their environment and execute precise hunts. Finally, Sentinel ATT&CK provides ready-made hunting queries to be leveraged when responding to alert notifications raised by the threat hunting dashboard.

This talk delivers an overview of how the Sentinel ATT&CK project can help organisations establish an effective threat hunting capability in Azure as well as an opportunity to share with the community the strengths and shortcomings of Sentinel when it comes to hunting adversaries within the Microsoft cloud.

The talk will be structured as follows:

  • Introductions (2 minutes): A brief introduction to provide our short biographies and a description of our current roles - both speakers
  • Project background (3 minutes): An overview of how the project came to be, covering previous Splunk work from the DFIR open source community that helped establish the foundations of Sentinel ATT&CK - both speakers
  • The problem (5 minutes): Although Azure Sentinel contains excellent features – for e.g. threat response automation with Logic Apps (1 minute), a powerful query language (1 minute) and incident grouping (1 minute); the platform offers limited threat hunting capabilities out of the box. Moreover, two major downsides make it difficult to quickly set up a robust, well-structured threat hunting capability; these are a) poor documentation around log onboarding (1 minute) and b) very limited data normalisation features at ingestion time (1 minute) - Edoardo Gerosa
  • The solution – Sentinel ATT&CK (10 minutes): An overview of the project and how it can help with quickly deploying an effective threat hunting solution for Sentinel – starting with a lighting overview of MITRE ATT&CK (1 minute) , then covering how to configure Sysmon to monitor specific ATT&CK techniques (2 minutes), how to onboard Sysmon logs into Azure (2 minutes), Sentinel parsing best practices (2 minutes), using Kusto to execute hunts (2 minutes) and concluding with an overview of the project's threat hunting dashboard (1 minute) - Edoardo Gerosa
  • Demo and Q&A session (10 minutes): we'll showcase a live instance of Sentinel ATT&CK deployed on our Azure lab to walk through the functionalities of the platform, execute a demo hunt and, if necessary, to provide practical deep-dives to participant questions - Olaf Hartong

In order to stimulate discussion during the demo and Q&A session we will have three questions in our back-pocket to ask participants; these will be as follows:

  • Who has used Sentinel and what is their opinion of the platform?
  • Who uses Sysmon as a process monitoring solution in their network and what is their opinion of the tool?
  • What are some of the response activities that could be performed with Sentinel on compromised virtual machines, especially considering the in-built SOAR capabilities of the platform?

About Edoardo: Edoardo Gerosa works for Deloitte AG’s Cyber Risk Services, where he leads a team specialised in providing technical consultancy services to client SOC’s across Switzerland. Previously he led Deloitte UK’s Cyber Engineering DevOps team, where he oversaw the development of automated reconnaissance tools to support red teaming and cyber threat intelligence engagements. He loves the shores of Zürisee much more than the streets of London, where he previously used to live.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock I - Friday - 14:30-18:30


Attacking Layer 2 Network Protocols

Friday, 1430-1830 in Flamingo, Red Rock I

Erik Dul Hacker

Troy Defty Hacker

Layer 2 can be a lesser-known attack surface; the techniques have been known for a while, have well-documented mitigations, and are often thought of as so old, they _can't possibly still be around, right?_

But this under-represented attack surface is also of great value to an attacker. Network segregation on a typical internal network is commonplace, and often heavily relied upon to segregate, isolate, and limit the spread of a compromise. A misconfigured switch or switch port can be the difference between an attacker compromising the desk phones, and core business server infrastructure. And when the misconfiguration can be a single two-word line in a ten-thousand line switch configuration file, it's easy to see how the basic hardening controls can be missed.

This workshop will run through analysing Layer 2 network traffic, identifying protocols and information of interest within network traffic, launching DTP attacks to pivot within a misconfigured network, and man-in-the-middling traffic via this pivot to compromise a target host (including using various tools in conjunction with virtual network interfaces). In terms of tooling, we will be looking to utilise the likes of Wireshark, Yersinia and Bettercap to launch the various network attacks, with standard Kali tooling/normal Linux functionality to exploit and escalate privileges on the target host.

Reading list (not required, but can be of interest):

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_arp/configuration/15-mt/arp-15-mt-book/arp-config-arp.html
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/configuration/guide/2960scg/swvlan.html
https://www.computernetworkingnotes.com/ccna-study-guide/vlan-tagging-explained-with-dtp-protocol.html
https://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pdf
https://digi.ninja/blog/abusing_dtp.php

Skill Level Beginner

Prerequisites: Basic knowledge of networking particularly with Linux, knowledge of basic Linux exploitation and privilege escalation.

Materials: Laptop, 8GB RAM, Kali as a base or a VM with all updates applied, a network card/interface which supports VLAN tagging (this is usually the case with most kit nowadays by default, but just in case!)

Max students: 24

Registration: https://www.eventbrite.com/e/attacking-layer-2-network-protocols-red-rock-i-tickets-63439506271
(Opens 8-Jul-19)

Erik Dul
Erik's first encounter with IT security was when he discovered the fascinating internals and configurability of ISDN NT boxes. Since then he has worked in various network security roles, spending the last few years as a penetration tester in the UK and Australia. He is currently heading up the offensive security team of PS+C Pure Hacking in Sydney. His main professional focus is scenario based and bespoke engagements, with particular interest in network and embedded device security. When not hard at work, you can find him somewhere close to the water, or playing tennis.

Troy Defty
Having worked in the UK InfoSec industry for around five and a half years at Deloitte and later Context Information Security, Troy abandoned a dreary sun-less London and has been working in the Australian industry out of Sydney for nearly a year with PS+C Pure Hacking. His interest and experience is largely in bespoke penetration testing engagements (red teaming, scenario-based assessments, etc.), with broad coverage across the penetration testing spectrum. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and being bad at golf.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Sunday - 11:00-11:25


LIGHTENING TALK

AttackSurfaceMapper: Automate and Simplify the OSINT Process

1100 - 1125


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Sunday - 13:00-13:59


Augmenting the (Security) Onion: Facilitating Enhanced Detection and Response with Open Source Tools

Wes Lambert, Senior Engineer at Security Onion Solutions

As network defenders, we face evolving threats every day. We need to truly understand our computer networks, and gain greater context around events occurring within them. To do this, we can use completely free and open source tools, augmenting a platform like Security Onion, to assist in threat hunting, responding to alerts, tracking events, automating analysis of files extracted from network data streams, and even performing remote host-based forensics. This presentation discusses how freely available tools can be integrated to empower teams to effectively monitor, track, and investigate events to help lower risk and increase security posture within their organizations.

Wes Lambert (Twitter: @therealwlambert) is a Senior Engineer at Security Onion Solutions, where he helps companies to implement enterprise security monitoring solutions and better understand their computer networks. He is a huge fan of open source software projects, and loves to solve problems and enhance organizational security using completely free and easily deployable tools.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Sunday - 10:00-10:45


Backdooring Hardware Devices By Injecting Malicious Payloads On Microcontrollers

Sunday at 10:00 in Track 1
45 minutes | Demo, Tool

Sheila Ayelen Berta Security Researcher

Is targeting microcontrollers worth the effort? Nowadays, they are responsible for controlling a wide range of interesting systems, e.g., physical security systems, car’s ECUs, semaphores, elevators, sensors, critical components of industrial systems, some home appliances and even robots.

In this talk, it will be explained how microcontrollers can be backdoored too. After a quick review of basic knowledge about uC, we will dive into three different approaches to achieve payload injection, from basic to advanced techniques. The first method consists on locating the entry point of the firmware and inject our payload there, this is an easy way to execute it at least once. As a second -and more complex- technique, we will backdoor the EUSART communication injecting a malicious payload at the code routine of that hardware peripheral; we will be able to get the right memory address by inspecting the GIE, PEIE and polling process at the uC interrupt vector. Finally, the third technique allow us to take control of the microcontroller’s program flow by manipulating the stack writing memory addresses at the TOS; with this we can execute a payload made with instructions already written in the original program, performing it just like a ROP-chain technique.

Sheila Ayelen Berta
Sheila Ayelen Berta is an Information Security Specialist and Developer, who started at 12 years-old by herself. At the age of 15, she wrote her first book about Web Hacking, published by RedUSERS Editorial in several countries. Over the years, Sheila has discovered lots of vulnerabilities in popular web applications and softwares. She also has given courses of Hacking Techniques in universities and private institutes in Argentina. Sheila currently works as Security Researcher who specializes in offensive techniques, reverse engineering and exploit writing. She is also a developer in ASM (microcontrollers and microprocessors x86/x64), C/C++, Golang and Python. Sheila is an international speaker who has spoken at important security conferences such as Black Hat Briefings, DEF CON 26, DEF CON 25 CHV, HITB, HackInParis, Ekoparty, IEEE ArgenCon, Hack.Lu, OWASP Latam Tour and others.

Twitter: @UnaPibaGeek


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Sin City - Friday - 15:00-17:59


Title:
BADASS/Cyber SeXurity

An open discussion on agency, sexuality, and harassment/abuse in tech. What can we do, as a community, to make spaces safer for everyone? How can we encourage more sex positive discussions? Lets talk about it.

Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Saturday - 13:00-13:59


BadSalt (Adversarial DevOps)

SaltStack is robust configuration management utility used by many to achieve DevOps related initiatives in their organizations. Thanks to its open source model, SaltStack can be used by both hobbyist, hackers, and corporations alike. Like any open source tool suite out there, that also means individuals with adversarial intent, be it professional, or malicious, can also take advantage of this tool. In its most simple case, SaltStack can be used by an adversary as a simple Command and Control server (C2 server). However, if SaltStack is used as intended, an educated adversary can easily turn salt “bad” in more ways than simple command and control.
By re-configuring and automating basic settings within the Salt Master and Salt Minion configurations, it is easy to deploy SaltStack across many systems for any scenario. Coupling this ease of deployment with a basic understanding of configuration management, and scripted stagers, the result is a powerful post-exploitation framework with a built in C2 server, that is simply just SaltStack, but in use by an adversary. There are many benefits for using such a tool suite from an adversarial perspective such as, easily bypassing AV with trusted Salt Minions, and taking advantage of the desired state configurations to build out robust, scalable, post exploitation persistence modules.
Part of the research conducted was not just on how an adversary might use SaltStack, but also on how they might target a SaltStack environment. Man in the middle attacks are a concerning attack vector against Salt Minions at the time of this research. SaltStack has strong protections against this, but they are not enabled by default due to the need of manually distributing a unique public key. It is up to the individual(s) deploying SaltStack to be sure they enabled the proper security features to be safe from these attacks. Fortunately, SaltStack does have a few compensating controls that make this less likely after a successful deployment, but it is important that all SaltStack users are made aware of the importance and impact that just one particular setting can have on their infrastructure. Fortunately methods of detecting this activity are clear and well documented, but unfortunately a successful attack usually means root access on the target which could result in an adversary clearing their tracks. This could make it difficult to perform root cause analysis unless network traffic was analyzed at the time of the event.
The overall goal of this research is to show how advances in tools for perfectly legitimate Information Technology initiatives, like DevOps, can be turned into sophisticated tool suites for attackers. In true hacker spirit, this technology can be used for completely unintended purposes. This presentation will provide the insight to how SaltStack could be attacked or used in an adversarial context, and also how those attacks or uses could be detected and prevented.

About Casey Erdmann: Casey Erdmann, also known as 3ndG4me by his CTF team mates and online social communities, is an avid offensive security nerd. Casey is 23 years old, and has a love for CTFs and application security. He is the co-founder of DC706, and is active in his local computer security community. Casey has been responsible for implementing infrastructure for local high-school CTF competitions, and coaching his local university’s SECCDC team. Casey is also responsible for developing the OpenVPN Connect module for the WiFi Pineapple, as well as Propane King of the Hill, a NetKotH rewrite inspired by members of DC 404. When he isn’t writing neat tools, or reaching out to his local community, Casey spends about 90% of his free time researching the latest offensive security news/techniques and playing CTFs trying to “get good”, with the other 10% being writing music, playing video games, or optional sleep. Twitter: @3ndG4me_


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Friday - 13:40-14:20


Speaker: Dani Goland & Mohsan Farid

Twitter: @DaniGoland

Twitter: @Pwn__Star

Abstract: The interaction between attackers and defenders is like a ping pong game, and that is exactly how we did this research. On the offensive Mo will share his tools and tactics attacking AWS Infrastructures from Recon to Attacks to Post Exploitation on different services with a focus on Elastic Container Service(ECS). After each attack step, Dani will explain the defensive side and tools and tactics for hardening the AWS Infrastructure from Designing a secure Cloud Architecture to Detection to Hardening specific services like Docker containers on ECS. After the battle, we will both walk-through common misconfiguration problems, one-click solutions for monitoring and attack detection, and workflows for pentesters on AWS. One of the most important lessons from our research is the importance of the interaction between pentesters and developers/DevOps engineers, and how a few days of working side by side can help us secure our current systems and learn to develop future systems with security in mind.

Dani and Mohsan will demonstrate an entire kill chain on a hypothetical organization operating in an AWS environment and pivoting into their internal Active Directory network. The demonstration will cover reconnaissance methods for a cloud environment, an attack on a AWS hosted webserver that results in compromise of access keys. The access keys will be utilized to access a separate AWS service, followed by escalation of privileges to administrator. We will further demonstrate exfiltration methods, setting up persistence in AWS, and last but not least pivoting to the internal AD environment and obtaining Domain Admin privileges.

Many open source tools will be used as well as some custom python scripts on the offensive side, for example: TruffleHog for scanning for leaked keys on github, S3Scanner for enumerating S3 buckets, amass for DNS Mapping and Subdomain Enumeration, Cloud Mapper for reconnaissance and auditing, Prowler for assessing security, Pacu and Metasploit for exploitation, and more.

On the defensive side, we will introduce Open Source tools like HashiCorp Vault and AWS Parameter Store for secret management, NAXSI as an open source WAF, Vulnerability scanners for Docker, AWS KMS for creating and rotating keys for in-transit and at-rest data encryption, CloudTrail and CloudWatch for detection of suspicious activity and alarming, and more.

About Dani: At the age of 20 he founded his own boutique company for innovative software and hardware solutions. He is a certified AWS Cloud Solutions Architect. While gaining experience in business and finance, Dani did not neglect his hands-on capabilities in both making and breaking systems. Dani recently relocated from Israel to the United States to study Data Science at the prestigious UC Berkeley. During his studies, Dani found VirusBay, a collaborative malware research community which skyrocket amongst the global security community with over 2500 researchers. After serving in the Israeli Defense Forces as a commander of a Field Intelligence unit, Dani went on an 8-month journey across South America. He loves snowboarding, music concerts, and having crazy, breathtaking experiences such as spending 5 days in the Bolivian Jungle with no food or water.

About Mohsan: Mohsan has over 13 years of experience in cyber security. Mohsan has ran the gamut in the security space: from penetration testing for Rapid7 as a consultant, penetration testing for numerous federal agencies, pentesting mobile applications for HP, pentesting Fortune 500 companies, and contributing exploits to the Metasploit framework as well as contributing to open source projects. When Mohsan isn’t breaking things, he likes to travel the globe in search of incredible surf, scuba diving, rock climbing, hiking, and is an avid yogi.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 6 - Saturday - 12:00 - 13:50


bedr

Saturday from 12:00 – 13:50 in Sunset 6 at Planet Hollywood
Audience: Defense, Linux

Mark Ignacio

bedr is a Linux syscall monitor that uses Berkeley Packet Filters that hook via kernel tracepoints. It collects the holy trinity of EDR data - proc events, filemods, and netconns – and ships them off to somewhere else for off-machine detection and response. Basically, it’s half of what you need to make an EDR!

https://github.com/mark-ignacio/bedr

Mark Ignacio
Mark is a security engineer that does operating system security things on Windows and Linux. He likes coding in Go a lot and is a consistent believer that this year will be the Year of Linux on the Desktop.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 3 - Friday - 10:00 - 11:50


BEEMKA – Electron Post-Exploitation Framework

Friday from 10:00 – 11:50 in Sunset 3 at Planet Hollywood
Audience: Offense – Especially red teamers that want to establish persistence and egress data.

Pavel Tsakalidis

BEEMKA is a tool that allows Red-Teamers to establish persistence on a compromised host, or even egress data from the it. In addition, it allows them to execute code from within the context of the compromised application (Slack, Skype, WhatsApp, Bitwarden, VS Code) allowing them to access otherwise inaccessible data. Come find out how you can extract all passwords from Bitwarden, or how to egress all the source code files from VS Code!

https://github.com/ctxis/beemka/

Pavel Tsakalidis
Pavel is a security consultant for Context Information Security, based in London. Other than security related interests, hobbies include playing around with raspberry pi’s, making “books to read” lists that will never be read, and starting side-projects that never finish. Also, for 10 years he’s been a PHP developer therefore spends his extra time defending PHP.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Friday - 13:15-13:59


Behind the scenes of hacking airplanes

Speakers – Zoltan (@Csucsorr) and Ben (@0x62656E)

Synopsis

tl;dr We show how we hack planes for real without getting in any trouble
The session aims to provide insights on real-life experiences gathered from the security engineering tasks and assessments of modern aircraft systems.

Particular focus is placed on explaining how the interaction between safety and security is assessed and how responsible teams can interact and combine their diverse set of skills. Examples and technical overviews of the classes of systems, interfaces and audit methodologies are given to precisely demonstrate how work in this area is laid out and executed, and to emphasize their importance in the transportation industry.

Additionally, the talk will highlight the combined industry effort that currently goes into dealing with the changing security threats in modern aircraft from a technical audit and security engineering perspective.

About the Speakers

Zoltan is a Senior Aviation Security Consultant with F-Secure. He has been performing technical security assessments for various industries for the past 8 years. In recent years he has been a part of F-Secure’s transportation security team, specializing in aviation where he is performing penetration tests, security audits and technical product reviews on aircraft and ground components for both airlines and manufacturers.

Benjamin Nagel is an Aviation Security Consultant at the Cyber Security Services team of F-Secure. For ten years he focused on the convergence of information security and safety and specialized on engineering in the aviation domain. During the last years he did research on data loading solutions and the use of wireless communication in the aircraft domain. In his current role he is helping international aviation customers to tackle cyber security problems and he is involved in the EUROCAE WG-72 working group on the cyber security standards for the aviation industry.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 10:00-10:45


Behind the Scenes of the DEF CON 27 Badge

Friday at 10:00 in Track 1
45 minutes | Tool

Joe Grand (Kingpin)

Incorporating natural elements, complex fabrication techniques, and components rarely seen by the outside world, the DEF CON 27 Badge brings our community together through Technology's Promise. Join DEF CON's original electronic badge designer Joe Grand on a behind-the-scenes journey of this year's development process and the challenges, risks, and adventures he faced along the way.

Joe Grand (Kingpin)
Joe Grand, also known as Kingpin, is a computer engineer, hardware hacker, DEF CON badge designer (14, 15, 16, 17, 18, China 1, 27), teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com).

Twitter: @joegrand
Website: http://www.grandideastudio.com


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 10:00-10:45


Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware

Friday at 10:00 in Track 3
45 minutes

Olivier Bilodeau Cybersecurity Research Lead at GoSecure

Masarah Paquet-Clouston Cybersecurity Researcher at GoSecure

This talk is the grand finale of a four-year long investigation that started with analyzing an IoT botnet, to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media.

Adopting a bottom-up approach, the thorough methodology undertook to study the botnet will be presented: from building honeypots, infecting them with malware and conducting a man-in-the-middle-attack on the honeypots’ traffic to access the decrypted HTTPS content between the C&Cs and social networks. Then, the various investigative paths taken to analyze this large data set, leading to the discovery of industry actors involved in the supply chain of social media manipulation, will be presented. These investigative paths include traffic analysis, various OSINT approaches to reveal and understand actors, reverse-engineering the software that automates the use and creation of fake accounts, forum investigations, and qualitative profiling. All actors involved in the industry will be mapped, from malware authors, to reseller panels, and customers of fake popularity.

The potential profitability of the industry will then be discussed, as well as the revenue division in the chain, demonstrating that the ones making the highest revenue per fake follower sold are not the malware authors, but rather those at the end of the chain.

Olivier Bilodeau
Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, he enjoys attracting malware in honeypots, writing tools for malware research, reverse-engineering all-the-things and vulnerability research. Passionate communicator, Olivier has spoken at several conferences like BlackHat Europe, DefCcon, Botconf, SecTor, Derbycon, HackFest and many more. Invested in his community, he co-organizes MontréHack, a monthly workshop focused on applied information security, and NorthSec, Montreal's community conference and Capture-The-Flag.

Twitter: @obilodeau
Website: https://gosecure.net/blog/

Masarah Paquet-Clouston
Masarah Paquet-Clouston is a security researcher at GoSecure, a PhD student at Simon Fraser University in criminology and one of Canada’s decorated 150 scientific innovators. With her background in economics and criminology, she specializes in the study of markets behind illicit online activities. She published in several peer-reviewed journals, such as Social Networks, Global Crime and the International Journal for the Study of Drug Policy, and presented at various international conferences including Virus Bulletin, Black Hat Europe, Botconf and the American Society of Criminology.

Twitter: @masarahclouston
Website: https://gosecure.net/blog/


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 14:00-14:30


Bestsellers in the Underground Economy: Measuring Malware Popularity by Forum

Winnona DeSombre, Threat Intelligence Researcher at Recorded Future

While you can patch against malware infecting your tech stack or targeting your competitors, what about malware that hasn't been in the news? This presentation will cover what malware and tools are popular among underground forum members based on prevalence in forum ads, how malware presence differs between forums, and why understanding that difference matters.

Winnona DeSombre (Twitter: @__winn) is an Asia Pacific threat intelligence researcher at Recorded Future, focusing on Chinese underground hacking communities and East Asian cyber espionage campaigns. She was recently featured in Threatcare's "Tribe of Hackers" book, containing career advice from some of the world's best information security professionals.


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Mezzanine Stage - Friday - 13:00-14:59


Title:
Beverage Cooling Contest

No description available
Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 18:00-18:59


Beyond Sandboxes. How to Execute IoT Malware and Analyze Its Evolution

María José Erquiaga
Sebastian Garcia

Hacking is curiosity, discovering, and learning. This talk shares our experience executing and capturing the traffic for more than 4 years. We will show how we designed and deployed a Windows and IoT malware execution laboratory in our University to run malware for months and how we analyzed it to find novel attacks. Executing malware is sometimes clouded in mystery. We will show how to build, to setup a Windows execution environment and an IoT environment. The talk shows how to monitor in real time, store data, the legal implications, the network protections and how to find good malware samples.

María José Erquiaga (Twitter: @MaryJo_E) is a malware researcher from Argentina. She is researcher and teacher at the University of Cuyo, Mendoza Argentina. She is collaborator on the Stratosphere laboratory since 2015. She is a member of the Aposemat project, a joint project between the Stratosphere laboratory and Avast. This project aims to execute malware and capture it from honeypots. Maria's work has been focused on execute and analyze malware for IoT devices. Spoke at CACIC, ArgenCon, SIGCOMM, BotConf and Ekoparty.

Sebastian Garcia is a malware researcher and security teacher that has extensive experience in machine learning applied on network traffic. He created the Stratosphere IPS project, a machine learning-based, free software IPS to protect the civil society. He likes to analyze network patterns and attacks with machine learning. As a researcher in the AIC group of Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments. He was lucky enough to talk in Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, Security Sessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, Virus Bulletin, BSides Vienna, HITB Singapore, CACIC, etc. As a co-founder of the MatesLab hackspace he is a free software advocate that worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra) and biohacking.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 17:00-18:30


5:00 PM: Beyond the Firmware: A Complete View of the Attack Surface of a Networked Medical Device
Speaker: Dr. Avi Rubin

Abstract: Even a device with the most ironclad firmware can still be subject to a broad variety of attacks depending on its interaction with other external components. This presentation will examine commonly overlooked vulnerabilities in medical device deployments, with real-world examples discovered either during a certification process or through regulatory review. These vulnerabilities serve as cautionary examples of the extensive, but not always apparent, attack surface of medical devices.

Speaker Bio: Dr. Avi Rubin is a Professor at Johns Hopkins University, where he serves as the Technical Director of the JHU Information Security Institute. He is also the founder and director of the JHU Health and Medical Security Lab, where his work is advancing medical device security and healthcare networks.

T: @avirubin

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Sunday - 14:00-14:59


2:00 PM: Biohacking & Biosecurity: How to innovate with biohacking and synthetic biology while avoiding an apocalypse
Speaker: Anne A. Madden

Abstract: The democratization of synthetic bio tools fuels innovation, but also poses risks, such as the creation of new organisms with unknown capabilities. For decades scientists have safely hacked natures pipeline to grow unknown natural microbesfinding those that make antibiotics and better beers, while avoiding those that make the worlds deadliest chemicals. We can leverage key learnings from this parallel field of bioprospecting to foster innovation while keeping humanity alive in the process.

Speaker Bio: Dr. Madden is a microbe wrangler, an innovation consultant, and TED speaker. Her mission is to reveal the utility of the microscopic world around us. Shes discovered a novel microbial species, characterized new antibiotics, and identifying new yeasts for better beer technology from inside wasps.

T: @AnneAMadden

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Sunday - 11:45-12:30


11:45 AM: Biopiracy on the High Seas: lessons learned from purloined tarantulas and viral pandemics
Speaker: Marla Valentine

Abstract: You wouldnt steal a car! You wouldnt steal a movie! But would you steal genetic code!? Venture into the high seas where no international laws regulate the patenting of genetic discoveries. From scientists threatened with extradition for identifying new species to calculable deaths based on sub par vaccinations; this lecture will cover the panoply of laws concerning developing genomic technologies in the high seas (or lack thereof) derived from preexisting statutes ratified by sovereign states.

Speaker Bio: Dr. Valentine has explored the gamut of ocean sciences from wrestling sharks and alligators to exploring the darkest depths of the sea floor. Using a decade research experience Dr. Valentine now works at the forefront of scientific policy.

Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Sunday - 11:30-12:20


Bitcoin Honeypot - Wallet on floor of the Internet

No description available


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 16:00-15:59


Black Mirror: You are your own privacy nightmare – the hidden threat of paying for subscription services

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Concorde B Ballroom - Friday - 20:00-26:15


Title:
Blanketfort Con Party

Check your ego at the door, grab some building materials and join in the celebration of the creativity and originality that is the blanket fort. A host of DJs will be spinning from a pirate ship as you share and create your own unique environment.

Bring you dancing shoes, teddy bear, and, your woobie....

DJs:
@TinehAgent
@criznash
@SelectorMALiK
@icommitfelonies
and a special Guest DJ

All aboard!

Blanketfortcon.com
@blanketfortcon
Forum

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Sunday - 11:00-11:45


11:00 AM: Blue Team Bio II - Genetic and Epigenetics Backups
Speaker: Mr_Br!ml3y

Abstract: Editing genes is getting easier as knowledge of various genomes and technology advance. This will enable repair of genetic damage caused by external carcinogens provided that a known prior DNA sequence is available. This presentation discusses leveraging backup methodologies in IT to DNA applications to remediate genetic and epigenetic damage. Coding DNA into digital form at the base pair and transposon (amino acid specifyng) levels will be discussed.

Speaker Bio: Mr_Br!ml3y has nine years of public sector info sec experience, and is currently working on a doctorate in environmental engineering, focused on contaminant transport/isolation. He has presented at DefCon BioHacking Village for four years, focusing on computational aspects of biohacking.

Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Friday - 16:30-16:59


Blue Team Guide For Fresh Eyes

Friday 16:30, Savoy Ballroom, Flamingo (Blue Team Village) (30M)

@sopooped leveraged her development background, Christine builds tools to automate security for cloud environments as a Security & Tools Engineer. She's relatively new to the industry, so she provides a fresh pair of eyes. And with her colossal appetite to learn and execute, she's rapidly conquering the world!

The life of a blue-teamer is daunting. There are logs to sift through, tasks to automate, incidents to triage, vulnerabilities to manage, meetings to attend, coffee to drink, etc. Scenarios have moving parts, procedures might not be documented, and solutions can vary. At times, the responsibilities can be compared to an ever growing fire, and all there is a pail of water. How do you put out the flames if you're not a seasoned professional? This talk lays out existing challenges for those trying to break into the fast-moving world of defensive security and ways to tackle them. Included are anecdotes, highlights, and pro-tips.


Return to Index    -    Add to    -    ics Calendar file

 

BTVW - Flamingo - Lower Level - Valley Of Fire 2 - Friday - 16:00-17:59


Blue Teaming For Fun And The Sake Of Your Organization

Friday 16:00, Valley Of Fire 2, Flamingo (2H)

@sirmudbl00d is a cybersecurity enthusiast with a decade of information security experience. He is the founder of "Null Hat Security LLC", which focuses on incident response, SOC training and blue team engagements. O'Shea has worked and consulted for companies and clients in the space of federal government, Fortune 500, and international firms. He specializes in areas of incident response, network and systems security, security architecture and threat hunting. O'Shea founded Null Hat Security as he believes a greater focus should be placed on personal engagements with defenders to fine tune skill sets and knowledge of threats for best response efforts. O'Shea is also the co-founder of "Intrusion Diversity System", a bi-monthly hosted cyber security podcast.

This workshop will combine aspects of web application security, incident response, and threat hunting to combat attackers in an active campaign against your organization. We will incorporate the incident response life cycle to accurately respond to this fictitious attack along with providing tips and techniques that may be leveraged to aid in response efforts. There is also an aspect of web application security featured in presenting bad SDLC practices that may lead to an attacker gaining entry to an organization's systems.


Return to Index    -    Add to    -    ics Calendar file

 

DC - DC101, Paris Theatre - Thursday - 11:00-11:45


Breaking Google Home: Exploit It with SQLite(Magellan)

Thursday at 11:00 in DC101, Paris Theatre
45 minutes | Demo, Exploit

Wenxiang Qian Senior security researcher at Tencent Blade Team

YuXiang Li Senior security researcher at Tencent Blade Team

HuiYu Wu Senior security researcher at Tencent Blade Team

Over the past years, our team has used several new approaches to identify multiple critical vulnerabilities in SQLite and Curl, two of the most widely used basic software libraries. These two sets of vulnerabilities, which we named "Magellan" and "Dias" respectively, affect many devices and software. We exploited these vulnerabilities to break into some of the most popular Internet of things devices, such as Google Home with Chrome. We also exploited them on one of the most widely used Web server (Apache+PHP) and one of the most commonly used developer tool (Git).

In this presentation, we will share how we try to crack the Google Home from both hardware and software aspects, get and analyze the newest firmware, solve the problem, and introduce new methods to discover vulnerabilities in SQLite and Curl through Fuzz and manual auditing. Through these methods, we found "Magellan", a set of three heap buffer overflow and heap data disclosure vulnerabilities in SQLite ( CVE-2018-20346, CVE-2018-20505 CVE-2018-20506 ) We also found "Dias", two remote memory leak and stack buffer overflow vulnerabilities in Curl ( CVE-2018-16890 and CVE-2019-3822 ). Considering the fact that these vulnerabilities affect many systems and software, we have issued a vulnerability alert to notify the vulnerable vendor to fix it.

We will disclose the details of "Magellan" and "Dias" for the first time and highlight some of our new vulnerability exploitation techniques. In the first part, we will introduce the results of our analysis on hardware, how to get the newest firmware from simulating an update request, and attack surface of Google Home. We will show how to use Magellan to complete the remote exploit of Google Home, we will also give a brefing talk about how to use Dias to complete the remote attack on Apache+PHP and Git. Finally, we will summarize our research and provide some security development advice to the basic software library developers.

Wenxiang Qian
Wenxiang Qian is a senior security researcher at the Tencent Blade Team. He is focusing on security research of IoT devices. He also do security audits for web browsers. He was on the top 100 of annual MSRC list (2016 & 2017 ). He published a book called "Whitehat Talk About Web Browser Security ".

Twitter: @leonwxqian

YuXiang Li
YuXiang Li is a senior security researcher at Tencent Blade Team, specialized in the study of Mobile Security and IoT Security. He has reported multiple vulnerabilities of Android and received acknowledgments from vendors(Google/Huawei). He was a speaker of HITB AMS 2018 and XCON 2018.

Twitter: @Xbalien29

HuiYu Wu
HuiYu Wu is a senior security researcher at Tencent Blade Team. Now his job is mainly focus on IoT security research and mobile security research. He was also a bug hunter, winner of GeekPwn 2015, and speaker of DEF CON 26 , HITB 2018 AMS and POC 2017.

Twitter: @DroidSec_cn


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Saturday - 10:30-11:30


Breaking NBAD and UEBA Detection

Network Behavior Anomaly Detection (NBAD) and User and Entity Behavior Analytics (UEBA) are heralded as machine learning fueled messiahs for finding advanced attacks. The data collection and processing methodologies of these approaches create a series of new exploitable vectors that can allow attackers to navigate network and systems undetected. In this session, methods for poisoning data, transforming calculations and preventing alerts will be examined. Proof of concept Python code will be demonstrated and made available. Approaches to harden against these attacks will also be discussed as well as outlining needed changes in detection standards.

About Charles: WitFoo Chief Technology Officer - Charles’ dedication to maturing the craft of InfoSec is built on a diverse career path across the industry. He started his career in InfoSec in the US Navy in 2002 serving as the Network Security Officer at the US Naval Postgraduate School. After leaving active duty, he was a contributing product reviewer for InfoWorld magazine focusing on network security products. Charles spent 7 years running Herring Consulting, a company dedicated to process orchestration, data sharing, and marketing. In 2012, Charles joined the Lancope team as a pre-sales engineer, promoted to Consulting Security Architect and later as Strategic Account Manager following the acquisition of Lancope by Cisco. In 2014, Charles partnered with veterans of the military, law enforcement and cybersecurity to research new approaches to improve the craft of cybersecurity operations. In 2016, that research resulted in the forming of WitFoo. When not working with cybersecurity heroes, Charles enjoys SCUBA divining with his wife, Mai. Twitter: @charlesherring


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 16:30-16:50


Breaking The Back End! It Is Not Always A Bug. Sometimes, It Is Just Bad Design!

Friday at 16:30 in Track 3
20 minutes | Demo, Exploit

Gregory Pickett Cybersecurity Operations, Hellfire Security

Reverse engineering is critical to exploitation. However, going through the process of reverse engineering can often lead to a great deal more than just uncovering a bug. So much so that you might find what you need for exploitation even if you don't find a bug.

That’s right. If you go through object data, object representation, object states, and state changes enough you can find out quite a lot. Yes. Poor application logic is a bitch. Just ask any application penetration tester. This time it is not the magstripe. It’s appsec and you will get to see how application attacks can be used against a hardware platform.

In this talk, I will go through the journey that I took in reverse engineering the public transportation system of an east asian mega-city, the questions that I asked as I wondered “How does this work?”, the experiments that I ran to answers those questions, what I learned that lead me to an exploit capable of generating millions of dollars in fake tickets for that very same system, and how other designers can avoid the same fate. Not without risk, this research was done under a junta so I will also be telling you how I kept myself out of jail while doing it. Please join me. You won’t want to miss it.

Gregory Pickett
Gregory Pickett CISSP, GCIA, GPEN has a background in intrusion analysis for Fortune 100 companies but now heads up Hellfire Security’s Managed Security Services efforts and participates in their assessment practice as a network security subject matter expert. As a security professional, his primary area of focus and occasional research is networks with an interest in using network traffic to better understand, to better defend, and sometimes to better exploit the hosts that live on them. He holds a B.S. in Psychology which is completely unrelated but interesting to know. While it does nothing to contribute to how he makes a living, it does demonstrate how screwed up he actually is.

Twitter: @shogun7273
Website: https://sourceforge.net/u/shogun7273/profile/


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 1 - Friday - 14:00 - 15:50


Browser extension to hunt low hanging fruits (Hacking by just browsing)

Friday from 14:00 – 15:50 in Sunset 1 at Planet Hollywood
Audience: Bug bounty hunters, Penetration testers, developers, open source contributors

Rewanth Cool

Automated scanners won’t yield you bugs these days. They take tens of hours to get completed and with too with a high false rate. You need a minimal smart scanner with easy installation, easy configuration, and relatively high accuracy while hunting for bugs. This talk is focused on creating such a browser extension to yield better results in less time. The browser extension requires less manual effort and produces more accurate results in just a few seconds.

https://github.com/rewanth1997/vuln-headers-extension

Rewanth Cool
Rewanth Cool is a security consultant at Payatu Software Labs, India. Speaker at HITB (twice), Positive Hack Days(PHDays), CRESTCon, Bsides, Null Pune and trainer at MIT Pune. He is a programmer and open source contributor. Currently, he is focused on vulnerability research, web application security and contribution to security tools apart from his ongoing research on Machine Learning. One of his finest works include his collaboration with Nmap maintainer, Daniel Miller a.k.a bonsaviking and added 17,000 lines of code to Nmap.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 10:00-10:40


Speaker: Chris Le Roy

Twitter: @brompwnie

Abstract: Containers,Cloud,DevOps and SDLC are all terms that are increasing in terms of usage in the InfoSec world. In this talk, we discuss how a container exploitation tool (BOtB) was developed to identify and autopwn common vulnerabilities in container technologies such as Docker and LXC and how this tool was used in a modern SDLC environment using common CI/CD technologies to identify, exploit and remediate container vulnerabilities before releases were made to production.

In this talk we elaborate on how and why BOtB was built to be used by pentesters to exploit container vulnerabilities and how BOtB can be used by engineers to secure their container environments. The talk will also explain the technical details around the vulnerabilities that can be exploited by BOtB.

About Chris: Chris is a security researcher based in London. He has not had an unusual entrance to infosec coming from a Computer Science background which led him to dabble in software development for sometime. This resulted in Chris realising he is a terrible dev and prefers breaking things which led him to breaking things full-time. The breaking of things full-time has allowed Chris to share his ramblings at multiple conferences in the USA and Europe.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 16:45-17:30


4:45 PM: Building a New Decentralized Internet, With the Nodes Implanted in Our Bodies
Speaker: Nick Titus + Zac Shannon + Mixl S. Laufer

Abstract: The internet is broken. It's vulnerable to manipulation, censorship, shutdowns, surveillance, and on top of all that, it costs to access it. What if we could bypass all that? The PirateBox platform with its meshing capability creates this possibility, but somehow has gained little traction. If every WiFi enabled device just became a node on a mesh network, we would have a replacement for the hardware layer of the internet. To show how powerful this platform can be, and take it to the next level, we have created the PegLeg, an implanted cybernetic enhancement that turns the user into an anonymized local area network on which people can chat and share files anonymously, as well as mesh with other nearby networks. The PegLeg differs from a wearable, as it cannot be confiscated, and has no battery. Come learn how you can turn your phone, laptop, raspberry pi, or router into a meshing piratebox, and build a new internet. And if you are really committed, you can build the implant yourself, and be a walking pirate server with a PegLeg.
Speaker Bio:

Nick Titus invented his first assistive device in high school. This open source wearable electrically simulated a patient's muscles to move in accordance with mental commands transmitted by an EEG headset. After winning most innovative hardware at Tech Crunch NYC 2017 and sharing his story at TedxCU, Nick leaned into the biohacking movement as a whole. He has since focused his efforts on leveraging emerging technology to address overlooked challenges in all aspects of biology. He now lives in Boulder, CO where he collaborates on multiple humanitarian-driven biotech projects.

Zac Shannon is too cool to brag about all the awesome things he's done, but he did take care of porting the operating system, and the meshing of the PirateBox platform for the PegLeg, as well as segregating the file system from the OS, so that the machine will not brick even in the case of a corrupted file system created from a hard shut down.

Mixl S. Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of world health and other social issues. Perpetually disruptive, his flagship project makes it possible for people to manufacture their own medications at home. Open-source, and made from off-the-shelf parts, the Apothecary MicroLab puts many medications within the reach of those who would otherwise not have them. The project which garnered his group the most press was the EpiPencil, an open-source version of the EpiPen which costs only $30 to produce, and $3 to refill.

Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 11:40-12:20


COMPREHENSIVE TALK

Building an OSINT and Recon Program to address Healthcare Information Security issues

1140 - 1220


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 1 - Saturday - 12:00 - 13:50


Burp Plugin: Cyber Security Transformation Chef (CSTC)

Saturday from 12:00 – 13:50 in Sunset 1 at Planet Hollywood
Audience: Offense, Defense, AppSec, Mobile.

Ralf Almon & Sebastian Puttkammer

CSTC is a Burp Suite extension for various input transformations. It implements a generic solution that can replace numerous specialized extensions. The CSTC solves the problem of having too specific burp plugins by being a more generic problem solving tool. It contains a wide range of very simple operations that can be chained into complex transformations. This allows a penetration tester to create the exact transformation they need to test a specific product without having to write any code. As we all know, writing code and setting everything up is time consuming. You can configure complex input transformations for both requests and responses simply by using drag and drop. You can calculate HMACs for parts of the request, refresh timestamps, update sequence numbers or encrypt parts of the request. You can chain together different operations to create more complex transformations. You could extract parts of the request, decompress them, insert your payload using the repeater or utilizing the scanner and put it back in and compress it again before sending it. Since there are already many basic operations implemented, you can easily focus on testing the application instead of searching for extensions performing such transformations.

https://github.com/usdag/cstc

Ralf Almon
Ralf Almon is a Security Analyst with years of experience in penetration testing. He works at usd AG in Germany and holds a master’s degree in Information Security from TU Darmstadt. He gained a lot of industry knowledge working as a consultant in various industries ranging from aerospace and aviation to the finance sector.

Sebastian Puttkammer
Sebastian Puttkammer is a Security Analyst working for usd AG in Germany. His main interests are network/web app security and reverse engineering. He holds a master’s degree in computer science from TU Darmstadt. He is currently in charge of the Code Review Team at usd AG and performs black-box and white-box pentests.


Return to Index    -    Add to    -    ics Calendar file

 

PHVW - Bally's - Indigo Tower - 26th Floor - Saturday - 09:00-10:59


Burp Suite Workshop

Sunny Wear, Nestor Torres

Gain hands-on experience with Burp Suite in this four-hour workshop with the author of the Burp Suite Cookbook, Sunny Wear. You will learn how to use Burp Suite to hone your web application penetration testing skills. Each student receives a virtualized environment complete with a copy of Burp Suite and a vulnerable web application to hack. Lessons covered in the workshop include Burp configuration settings, Injections attacks such as Cross-site Scripting and SQL Injection attacks, automated attacks using Intruder, recommended BApp extensions and their uses, and finally, how to build and use Burp Macros.

Sunny Wear (Twitter: @SunnyWear) is an Application Security Architect and Web Application Penetration Tester. Her breadth of experience includes network, data, application and security architecture as well as programming across multiple languages and platforms. She is the author of several security-related books including her most recent, Burp Suite Cookbook, assists pentesters and programmers in more easily finding vulnerabilities within applications while using Burp Suite. She conducts security talks and classes locally and at conferences like BSides Tampa, BSides Orlando, AtlSecCon, Hackfest CA, and BSides Springfield.

Nestor Torres (Twitter: @N3S____) is a security analyst working closely with developers to pentest and fix their Web Applications. He is passionate about helping others and teaching others who are hungry for learning cybersecurity. Some of his hobbies involve building labs for vulnerability testing and setting up small to medium enterprise network.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 1 - Saturday - 14:00 - 15:50


Burpsuite Team Server for Collaborative Web App Testing

Saturday from 14:00 – 15:50 in Sunset 1 at Planet Hollywood
Audience: Offense, AppSec

Tanner Barnes

During large scale engagements against multiple applications teams often split the workload across many testers. Currently, sharing Burpsuite states requires exporting large files that are point in time requiring multiple exports and shares if new developments in engagement occur which restricts the ability for teams to collaborate on an application. With my new Bursuite plugin, coupled with a lightweight server, multiple testers can share traffic in real time across multiple applications allowing for quick collaboration! Have a repeater payload your team needs to see? Simply right click the request and select share to populate their repeater tabs! Need help with a intruder payload? Have another tester create it and send it to you! Come listen and see how this plugin can help your teams hack collaboratively!

https://github.com/Static-Flow/BurpSuite-Team-Extension

Tanner Barnes
Tanner Barnes is a cyber security consultant for AON Cyber Solutions providing full scope security assessment services for clients. When he isn't assessing clients security he's building new tools to help improve the lives of others hackers.


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Friday - 13:00-13:59


Bypassing MacOS Detections with Swift

This talk is centered around red teaming in MacOS environments. Traditionally, MacOS post exploitation has largely been done in python. However, as defender tradecraft continues to evolve with detecting suspicious python usage on MacOS, we (as red teamers) should consider migrating to different post exploitation methods. In this talk, I will share why the Swift language can be beneficial for red teaming macOS environments. I will also share some macOS post exploitation code I have written using the Swift programming language and contrast detection techniques between python and Swift based post exploitation.

High Level Outline:
- Intro
- Why Is This Talk Relevant to Red (and Blue) Teamers?
- Why Migrate Away from Python-Based MacOS Post Exploitation?
- Examples of Python-Based Post Exploitation
- Python-Based Post Exploitation Artifacts
- Brief Overview of Swift
- Why Use Swift For MacOS Post Exploitation?
- Examples of macOS post exploitation in Swift
- Share my Swift-based post exploitation code for red teamer use
-Q&A

About Cedric Owens: Cedric is an offensive security engineer with a blue team background. His passion revolves around red teams and blue teams working closely together to improve each other's tradecraft. Cedric enjoys writing useful red team utilities and periodically writing posts that are of interest to red and blue team team members on his blog at https://medium.com/red-teaming-with-a-blue-team-mentaility
Twitter: @cedowens


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 16:30-16:50


Can You Track Me Now? Why The Phone Companies Are Such A Privacy Disaster

Friday at 16:30 in Track 2
20 minutes

U.S. Senator Ron Wyden U.S. Senator from Oregon. Senate Finance Ranking Member

Amidst the current public outcry about privacy abuses by corporate america, one sector has received far less scrutiny than it deserves: phone companies. America’s phone companies have a hideous track record on privacy. During the past two decades, these descendants of “Ma Bell” have been caught, repeatedly, selling (or giving away) their customers’ sensitive data to the government, bounty hunters, private investigators, data brokers, and stalkers.

The DEFCON community is familiar with the phone companies’ role in the Bush-era “warrantless wiretapping” program and the NSA’s surveillance of telephone metadata, revealed by Edward Snowden. Far fewer people know that the carriers were also willing participants in a massive Drug Enforcement Administration (DEA) spying program, which the government quietly shut down after two decades in 2013.

Even less well-understood is how these corporations reap profits by selling our information to the private sector. As just one example, the carriers for years used shady middlemen to provide nearly unlimited access to Americans’ location data to anyone with a credit card.

Join Oregon Senator Ron Wyden to learn why the phone companies have gotten one free pass after another, and what he’s doing to hold them accountable.

U.S. Senator Ron Wyden
Sen. Ron Wyden is the foremost defender of Americans’ civil liberties in the U.S. Senate, and a tireless advocate for smart tech policies. Years before Edward Snowden blew the whistle on the dragnet surveillance of Americans, Wyden warned that the Patriot Act was being used in ways that would leave Americans shocked and angry, and his questioning of NSA Director James Clapper in 2013 served as a turning point in the secret surveillance of Americans’ communications.

Since then, Wyden has fought to protect Americans’ privacy and security against unwanted intrusion from the government, criminals and foreign hackers alike. He has opposed the government’s efforts to undermine strong encryption, proposed legislation to hold companies accountable for protecting their users’ data, and authored legislation with Rand Paul to protect Americans’ Fourth Amendment rights at the border.

Wyden is a senior member of the Senate Select Committee on Intelligence and the top Democrat on the Senate Finance Committee. He lives in Portland, Oregon.

Twitter: @RonWyden
Website: https://www.wyden.senate.gov/meet-ron


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Apex Suite - Saturday - 21:00-25:59


Title:
Car Hacking Village Party

Register To Attend

Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Saturday - 17:30-18:30


Casting with the Pros: Tips and Tricks for Effective Phishing

 Phishing seems easy enough, but getting successful results can be difficult. In this talk we'll walk through practical tips for getting better responses. We'll talk about target selection, ruse development, technology deployment, and suggestions for working with clients to maximize the value of the assessment.

About Nathan Sweaney: Nathan works for Secure Ideas testing pens and consulting clients. He's been in the infosec industry for a decade or so working with a wide range of clients and technologies. He's regularly told that he takes all of the fun out of things and is eager to argue about politics and religion. Hailing from the great state of Oklahoma, he hopes you'll all keep flying over it & leave us alone. Twitter: @sweaney


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 15:00-15:45


Change the World, cDc Style: Cow tips from the first 35 years

Friday at 15:00 in Track 2
45 minutes

Joseph Menn Author, Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World (PublicAffairs, June 2019)

Peiter Mudge Zatko

Chris Dildog Rioux

Deth Vegetable

Omega

The Cult of the Dead Cow changed the culture of the entire security industry, the attitude of companies who had ignored risks, and even how the feds dealt with hackers. In this session, four key figures from the group’s first 35 years will cover their greatest hits and screw-ups, highlighting the lessons for other hackers out to make a difference.

They will be questioned by Joseph Menn, whose new book on the group shows how it evolved from a network of bulletin board operators to the standard-bearers of hacker culture. cDc Minister of Propaganda Deth Vegetable and long serving text-file editor Omega will appear for the first time under their real names, covering the group’s formative years and how it handled such recent controversies as WikiLeaks, neo-Nazis, and the presidential candidacy of cDc alum Beto O’Rourke.

cDc tech luminaries Zatko and Rioux will discuss the release of Back Orifice at Def Con in 1998, which allowed non-hackers to hijack Windows machines, drawing worldwide attention to the insecurity of Microsoft’s operating system, and Rioux’s pathbreaking sequel, Back Orifice 2K, which prompted Microsoft to hire hackers as security consultants, including those from Zatko and Rioux’s @stake. Zatko will share insights from leading inside the government, where he ran cybersecurity grantmaking at DARPA, the people who brought you the internet. And Rioux will explain what’s possible in the private sector, where he co-founded unicorn Veracode, which dramatically improved code review by major software buyers.

Joseph Menn
Joseph Menn has just published Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. He is an investigative reporter on security, and has covered the issue since 1999 at the Los Angeles Times, Financial Times and most recently Reuters. His previous books include Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet and All the Rave: The Rise and Fall of Shawn Fanning’s Napster.

Twitter: @josephmenn Website: https://www.facebook.com/Joseph-Menn-author-of-Cult-of-the-Dead-Cow-and-Fatal-System-Error-178879563940/

Peiter Mudge Zatko
Mudge fronted the pioneer hacker space the L0pht and turned it into a venture-backed security business @Stake. He led sensitive government work at BBN and cybersecurity at DARPA before joining Google to work on special projects. He also led security at Stripe and founded Cyber-ITL, an independent testing lab for software security.

Twitter: @dotMudge

Chris Dildog Rioux
Rioux was the first employee of the L0pht, updated password cracker L0phtcrack, stayed with @stake through its acquisition by Symantec and founded Veracode.

Twitter: @dildog

Deth Vegetable
Veggie took a break to go to graduate school in archaeology. He’s back now.

Twitter: @dethveggie

Omega
Omega has been very quietly working in security for a long time.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Friday - 17:00-17:30


Changium IPiosa: most magical change IP packets in the wild

August 9, 2019 5:00 PM

In our talk we will present some of the most ecsotic 'Change IP' packets for PLCs from various ICS protocols and investigate into why each vendor chose to implement it in one way or another. Furthermore, we will show how one can easily detect, prevent, and be protected against these change IP requests with applying custom snort rules.

Speaker Information

Panelist Information

Sharon Brizinov

Claroty

Sharon Brizinov is a security researcher at Claroty and is responsible for finding new attack vectors in the ICS domain. Brizinov has 6+ years of unique experience with network security, malware research and infosec data analysis.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 4 - Friday - 14:00 - 15:50


Chaos Drive, because USB is still too trustworthy

Friday from 14:00 – 15:50 in Sunset 4 at Planet Hollywood
Audience: Offense, Social Engineers, Hardware, Privacy

Mike Rich

If you’ve never thought USB devices could become even less trustworthy, then this is the talk for you. We already know USB devices might try to automatically run code when connected, or act like a hyperactive keyboard and mouse, or attempt to physically destroy the host, or masquerade as an innocent charging/data cable. But it can, actually, get worse. Say hello to the Chaos Drive, a USB drive with just a little too much chaotic energy. I’ll demonstrate how a Linux-based USB mass storage device can be set up to change the storage it presents to the host based on a set of user-defined conditions. On the offensive side this can be used to circumvent USB scanning procedures and on the defensive side this can be used to store private files that will be undetectable without time-consuming analysis. Attendees will learn the steps I took to build the POC and see what it can do. For best results bring a USB OTG-capable device such as a Pi Zero or Pocketbeagle, an OTG cable, and some spare microSD cards to flash.

Mike Rich
I’m a blue-team lead professionally. I delight in thinking of ways to defeat my own processes and then admitting these flaws publicly. I spoke at DEF CON 24 about using copiers to load code on closed networks, at the Lockpick Village at DEF CON 26 about exploiting human laziness on multi-dial combination locks, and at BSidesLV 2018 on quantitative risk analysis. Lastly, I'm the only person I've ever met that's literally been bitten by an otter. You think they are cuddly and cute; I think they are underestimated aquatic apex predators.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Sunday - 14:00-14:45


Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks

Sunday at 14:00 in Track 2
45 minutes | Demo, Tool

Brad Dixon Security Consultant, Carve Systems

Athletes are competing in virtual cycling by riding real bikes on stationary trainers which power the in-game athletic performance. Riders train and compete online against each other. New racing teams are even competing in Union Cycliste Internationale (UCI) sanctioned events. Better at hacking than riding? Me, too. I’ll expand on the dubious achievements of prior cycling cheaters by showing how to use the open source USBQ toolkit to inspect and modify USB communications between the Zwift application and the wireless sensors that monitor and control the stationary trainer. USBQ is a Python module and application that uses standard hardware, such as the Beaglebone Black, to inspect and modify communications between USB devices and the host. You’ll ride away with a lesson on building your own customized USB man-in-the-middle hacking tool, too.

Brad Dixon
Brad once told his parents that if they gave him a Commodore 64 it would be the last computer he’d ever want. He never got that Commodore 64. Nevertheless Brad managed to become a computer nerd at a young age. Brad studied Computer Engineering at Georgia Tech and jumped into embedded software engineering. He worked for many years helping developers to design embedded Linux into telecom, network, and mobile products. Brad also took a turn as a product manager for embedded development tools and a mobile location analytics product. At Carve he hacks IoT, embedded, and Linux systems.

Github: https://github.com/rbdixon


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Sunday - 13:15-13:59


1:15 PM: Chinese Military Combined Arms Effects - Bio-Weapons
Speaker: Red Dragon 1949

Abstract: During "Chinese Military Combined Arms Effects - Bio-Weapons" attendees will receive a field experience based discussion from within the People's Republic of China regarding the People'sLiberation Army's use of bio-weapons.

Speaker Bio: Independent security researcher who has met authors of China's Unrestricted Warfare & a US Marine

T: @RedDragon1949

Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Sunday - 12:00-12:59


CIRCO: [Cisco Implant Raspberry Controlled Operations]

Emilio Couto, eKio Security

Designed under Raspberry Pi and aimed for Red Team Ops, we take advantage of "Sec/Net/Dev/Ops" enterprise tools to capture network credentials in a stealth mode. Using a low profile hardware & electronics camouflaged as simple network outlet box to be sitting under/over a desk. CIRCO include different techniques for network data exfiltration to avoid detection. This tool gather information and use a combination of honeypots to trick Automation Systems to give us their network credentials!

Emilio Couto (Twitter: @ekio_jp) is a Security Consultant with more than 20 years of experience in the network and security field. Born and raised in Argentina, he is currently located in Japan where multitasking between language, culture and technologies is a must. Over the last decade focusing mainly on Finance IT. In his spare time he enjoys playing with RFID, computers and home made IoT devices. Over the last 5 years presenting tools in conferences (Black Hat Asia, HITB, AV Tokyo and SECCON)


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 2 - Saturday - 10:00 - 11:50


CIRCO: Cisco Implant Raspberry Controlled Operations

Saturday from 10:00 – 11:50 in Sunset 2 at Planet Hollywood
Audience: Offense, Hardware

Emilio Couto

Designed under Raspberry Pi and aimed for Red Team Ops, we take advantage of “Sec/Net/Dev/Ops” enterprise tools to capture network credentials in a stealth mode. Using a low-profile hardware & electronics camouflaged as simple network outlet box to be sitting under/over a desk. CIRCO include different techniques for network data exfiltration to avoid detection from IDS/IPS or monitoring systems. This tool gathers information and use a combination of honeypots to trick Automation Systems to give us their network credentials! We will build a physical network & infrastructure lab to show how CIRCO works (live demo) Major features for release v1.5 (Aug):

- Allow existing IP-Phone to co-exist with CIRCO
- Eliminate template files (craft all packets)
- Support NTP exfiltration
- Software encrypted via Bluetooth (prevent forensic)
- Self destroy and alarm switch
- Bypass active & passive fingerprinting (NAC)
- Credentials integration into Faraday

https://github.com/ekiojp/circo

Emilio Couto
Emilio Couto (@ekio_jp) is a Security Consultant with more than 20 years of experience in the network and security field. Born and raised in Argentina, he is currently located in Japan where multitasking between language, culture and technologies is a must. Over the last decade focusing mainly on Finance IT and presenting tools in conferences (BlackHat Asia, HITB, AV Tokyo, SECCON and HamaSec) In his spare time he enjoys 3D printing, tinkering electronics and home-made IoT devices.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Tracks 1,2,3 - Sunday - 16:00-17:59


Closing Ceremonies

Sunday at 16:00 in Paris Ballroom
120 minutes

The Dark Tangent & Goons

DEF CON 27 draws to a close. Prizes awarded, Black Badge winners announced, thanks given, future plans revealed.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Friday - 12:20-12:59


Speaker: Sean Metcalf

Twitter: @PyroTek3

Abstract: The cloud is compelling and in many cases necessary for organizations to effectively operate.

Cloud security on the other hand is not as clear. Many cloud services need a hook into the on-premises environment in order to synchronize users and groups. Additionally, the cloud security controls vary by provider in availability, capability, and cost. This results in a disjointed view of user authentication, security, and potential configuration issues.

This talk explores some common cloud configuration scenarios and the associated security issues.

About Sean: Sean Metcalf is founder and principal consultant at Trimarc (www.TrimarcSecurity.com), a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a Microsoft MVP, and has presented on Active Directory & Microsoft Cloud attack and defense at Black Hat, BSides, DEF CON, DerbyCon, Microsoft BlueHat, Shakacon and Walmart Sp4rkCon security conferences. He currently provides security consulting services to customers and posts interesting Active Directory security information on his blog, ADSecurity.org


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 5 - Friday - 14:00 - 15:50


Combo Password

Friday from 14:00 – 15:50 in Sunset 5 at Planet Hollywood
Audience: Defense

Fabian Obermaier

Combo Password is a PoC for using (as the name suggests) key combinations in passwords. There is one nice implication that might justify the increased complexity and other possible gripes: Compared to a normal password, a combo password of the same length has far more possible combinations. This effect is increasing with password length and the number of usable keys. With three available keys and a length of two there are 9 combinations for normal passwords and 15 for combo passwords. Increasing the length to three we get 27 vs 69 combinations. This could lead to less strict password requirements while increasing the security. The goal of this project is to develop a free standard, a browser plugin for using combo passwords in regular login forms and implementations for popular languages, frameworks and PAM. Visit Demo Labs and try to break a real hackers password, there will be a small reward for the fastest brute force tool!

http://combo-pw.tech/

https://gitlab.com/FalkF/combopassword

Fabian Obermaier
Fabian Obermaier is a software engineer specializing in web technology. He is currently working in the health sector and visits DEF CON to see if his claims hold up against a crowd of hackers. His passions include free and open source soft- and hardware, the web and it's security.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Saturday - 16:00-16:30


Confessions of an Nespresso Money Mule: Free Stuff & Triangulation Fraud

Saturday at 16:00 in Track 3
20 minutes

Nina Kollars Associate Professor Naval War College Strategic and Operational Research Department

Kitty Hegemon

In 2018 I somewhat innocently bought very expensive coffee (Nespresso capsules) online from Ebay. What followed was a series of unexpected additional packages from the manufacturer Nespresso and a lurking suspicion that something had gone terribly--if not criminally--wrong as a result of my purchase. This talk chronicles the obnoxious amounts of obsessive research and tracking that became my new hobby--stalking Nespresso fraudsters and my decidedly non-technical attempts at developing a generic search profile and reporting the fraudsters to anyone who would listen, to include : the persons whose identities had been stolen, Nespresso, Ebay, and the FBI. Ultimately I just ended up with a LOT of coffee; a lingering sense that I had committed several crimes; and no faith left in humanity.

Nina Kollars
Nina Kollars is writing a book about the ways in which hackers contribute to national security. She is a political scientist whose main research is in technological adaptation by users. Kollars is Associate Professor for the Naval War College in the Strategic and Operational Research Department. She conducts research on military weapons and the humans who use them. Largely unsatisfied with sitting still, Kollars has also worked for the Library of Congress' Federal Research Division, the Department of Afro-American Studies at Harvard University, the World Bank, an anti-glare coating factory on the third shift, and volunteers for BSides. She is the former viceroy of the DC strategy group Cigars, Scotch, and Strategy. She is also a certified bourbon steward.

Twitter: @nianasavage


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock VII - Thursday - 10:00-13:59


Constructing Kerberos Attacks with Delegation Primitives

Thursday, 1000-1400 in Flamingo, Red Rock VII

Elad Shamir Managing Security Consultant, The Missing Link Security.

Matt Bush Security Consultant, The Missing Link Security

Kerberos delegation is a dangerously powerful feature that allows services to impersonate users. Due to the complexity of Kerberos delegation attacks, they are often overlooked or left unexplored. However, the introduction of Resource-based Constrained Delegation substantially widens the Kerberos attack surface, making it more important than ever for security professionals to engage with this challenge. This workshop will offer security professionals a deep dive into Kerberos delegation and demonstrate how it can be abused for privilege escalation and lateral movement.

We will open with a crash-course in Microsoft's Kerberos implementation and its delegation features, from the fundamentals of Kerberos authentication, through legacy unconstrained delegation, to classic constrained delegation. We will offer demos and hands-on labs to experiment with abusing these features.

In the second half of the workshop, we will cover resource-based constrained delegation, explain the differences between classic constrained delegation and resource-based constrained delegation, and explore novel attack primitives including:

- Compromising hosts by modifying Active Directory computer objects
- Bypassing restrictions on protocol transition to impersonate arbitrary users
- Compromising a host by abusing the ticket-granting-ticket of a computer account
- Performing local privilege escalation on Windows 10 and Windows Server 2016/2019 hosts by abusing account profile pictures
- Performing remote code execution on SQL Servers through directory listing abuse
- Achieving hostless domain persistence

Participants will get an opportunity to try the above attacks in a lab environment.

We will also explore mitigating controls, as well as detection opportunities.

Skill Level Intermediate

Prerequisites: Basic familiarity of Windows and Active Directory environments

Materials: A laptop with the ability to connect to a VPN and establish an RDP connection with a remote host.

Max students: 70

Registration: https://www.eventbrite.com/e/constructing-kerberos-attacks-with-delegation-primitives-red-rock-vii-tickets-63606378390
(Opens 8-Jul-19)

Elad Shamir
Elad Shamir leads a team of talented security consultants and operators as the Managing Security Consultant at The Missing Link Security. Elad has a passion for red teaming, and extensive experience in identifying security design flaws in complex systems. He enjoys abusing intended functionality in novel attack techniques and chaining seemingly innocuous security issues in elaborate scenarios.

Matt Bush
Matt Bush is a security consultant and operator at The Missing Link Security. Matt's current research focuses on developing and weaponizing novel tradecraft for advanced threat simulation.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Sunday - 14:00-15:30


Contests Awards Ceremony

Sunday at 14:00 in Track 4
90 minutes

Contests & Events Goons

You've seen the Contests, you've played in a Contest, you've won a Contest and may have lost a Contest! Whatever the outcome was, come join as as we celebrate the winners and contestants of our DEF CON 27 Contests! DEF CON 27 Contests and Events Closing Ceremonies will be August 11th at 14:00 in Track 4. Black Badge winning Contests will still be honored at the main DEF CON 27 Closing Ceremonies on August 11th at 16:00 in the Paris Ballroom!


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 3 - Saturday - 10:00 - 11:50


Cotopaxi: IoT Protocols Security Testing Toolkit

Saturday from 10:00 – 11:50 in Sunset 3 at Planet Hollywood
Audience: IoT, AppSec

Jakub Botwicz

Cotopaxi is a set of tools for security testing of Internet of Things devices using specific network IoT/IIoT/M2M protocols (e.g. CoAP, MQTT, DTLS, mDNS, HTCPCP). These tools will be used by penetration testers or security researchers to identify IoT services and verify security vulnerabilities or misconfigurations. Currently available tools used for security testing, like nmap or OpenVAS, do not support all new IoT protocols. So possibilities to test IoT products and discover such devices in tested networks are limited. We are working to fill this gap with Cotopaxi toolkit. Main features of our toolkit are:

- Checking availability of network services for supported IoT protocols at given IPs and port ranges ("service ping")
- Recognizing the software used by remote network server ("IoT software fingerprinting") based on responses for given messages using machine learning classifier
- Discovering resources identified by given URLs ("dirbusting")
- Performing black-box fuzzing of IoT protocols based on corpus of packets prepared using coverage-based fuzzer
- Identifying known vulnerabilities in IoT servers
- Detecting network traffic amplification.

New features in release for Defcon27 are:

- client-side versions of protocol fuzzer and vulnerability tester
- support for new protocols: SSDP and HTCPCP.

https://github.com/Samsung/cotopaxi

Jakub Botwicz
Jakub Botwicz works as a Principal Security Engineer at the Samsung Poland R&D Center leading a team of security researchers. He has more than 15 years of experience in information security and previously worked in one of the worlds leading payment card service providers, Big4 consulting company and vendor of network encryption devices. Jakub holds a PhD degree from the Warsaw University of Technology and multiple security community certificates including: GWAPT, CISSP, ECSA. Currently, he works providing security assessments (static and dynamic analyses) of different mobile and IoT components. His hobbies are rock climbing and mountaineering (especially on volcanoes!).


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Saturday - 13:30-13:59


CRASHOVERRIDE: Re-Assessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack

August 10, 2019 1:30 PM

In this presentation I will walk you through the EtherNet/IP frame and show some of the hidden gems within. Particularly, I will focus on the Allen-Bradley Micrologix controllers and how they communicate over EtherNet/IP. There will be live attacks showing vulnerabilities I discovered recently, including password retrieval, password bypass, remote crash, memory erase, and others. Welcome to 1998!

Speaker Information

Panelist Information

Joe Slowik

Dragos

Joe Slowik current hunts ICS-targeting adversaries at Dragos. Prior to this, Joe ran the incident response team at Los Alamos National Laboratory and served as an Information Warfare Officer in the US Navy.


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Sunday - 13:10-13:59


Crypto currency heist - the story so far ...

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 16:00-16:45


4:00 PM: Cyberbiosecurity & the "Full Stack Biotechnologist"
Speaker: Steve Lewis

Abstract: At the intersection of Biotechnology and Technology there are emerging information and biosecurity (Cyberbiosecurity) considerations worth exploring in the context of design, manufacturing, automation, and AI. Never before in history has an individual had the opportunity to learn such a diverse range of skills. This presentation explores the intersections of the worlds most advanced (bio)technologies in the context of Cyberbiosecurity and the myriad tools of the full stack biotechnologist

Speaker Bio: Steve works for Merrick & Company supporting Department of Homeland Security with biosecurity and laboratory operational planning for the National Bio and Agro-defense Facility. He holds an M.S. in Biotechnology from Johns Hopkins and is a member of the Inworks community bio lab, in Denver, CO

T: @dontmindsteve

Return to Index    -    Add to    -    ics Calendar file

 

DC - Planet Hollywood - Firesides Lounge - Friday - 20:00-21:59


D0 N0 H4RM: A Healthcare Security Conversation

Friday at 20:00 in Firesides Lounge
120 minutes

Christian “quaddi” Dameff Medical Director of Security at The University of California San Diego

Jeff “r3plicant” Tully MD Anesthesiologist at The University of California Davis

Suzanne Schwartz MD Associate Director for Science and Strategic Partnerships at the US Food and Drug Administration FDA

Marie Moe PhD Researcher and Hacker

Billy Rios Founder of Whitescope

Jay Radcliffe Security Researcher at Thermo Fisher Scientific

Technology’s promise flows within medicine like blood through veins. With every drip of life-saving medicine given to the smallest babies, with every paced beat of a broken heart, connected tech has changed the way we treat patients and offers near limitless potential to improve our health and wellness. But it’s taken an army of dedicated protectors to ensure that such promise isn’t outweighed by peril- and hackers are fighting on the front lines to safeguard medical devices and infrastructure so they remain worthy of our trust. Join docs quaddi and r3plicant as they once again curate a selection of medicine’s finest hackers and allies for D0 N0 H4RM- the uniquely DEF CON conversation between the unsung heroes in the healthcare space- security researchers and advocates working to protect patients one broken med device at a time. Spun from an off-con hotel room gathering between friends into progressively in demand talks at DC 25 and 26, we’ve returned to bring you insight and inspiration- divorced from the spin and formality of an increasingly industry-saturated landscape- from the people whose primary goal is to kick ass and save lives.

Christian “quaddi” Dameff
Christian (quaddi) Dameff MD is an emergency medicine doctor, former open capture the flag champion, prior DEF CON/RSA/Blackhat/HIMSS speaker, and security researcher. He is currently the Medical Director of Cybersecurity at The University of California San Diego. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Published security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his fifteenth DEF CON.

Twitter: @CdameffMD

Jeff “r3plicant” Tully MD
Jeff (r3plicant) Tully is an anesthesiologist, pediatrician and security researcher with an interest in understanding the ever-growing intersections between healthcare and technology.

Twitter: @JeffTullyMD

Suzanne Schwartz MD
Dr.Suzanne Schwartz’s programmatic efforts in medical device cybersecurity extend beyond incident response to include raising awareness, educating, outreach, partnering and coalition-building within the Healthcare and Public Health Sector (HPH) as well as fostering collaborations across other government agencies and the private sector. Suzanne has been recognized for Excellence in Innovation at FDA’s Women’s History Month on March 1st 2018 for her work in Medical Device Cybersecurity. Suzanne chairs CDRH’s Cybersecurity Working Group, tasked with formulating FDA’s medical device cybersecurity policy. She also co-chairs the Government Coordinating Council (GCC) for the HPH Critical Infrastructure Sector, focusing on the sector’s healthcare cybersecurity initiatives.

Marie Moe PhD
Dr. Marie Moe cares about public safety and securing systems that may impact human lives, this is why she joined the grassroots organisation “I Am The Cavalry". Marie is a Research Manager at SINTEF, the largest independent research organisation in Scandinavia, and has a PhD in information security. She is also an Associate Professor at the Norwegian University of Science and Technology. She has experience as a team leader at NorCERT, where she did incident handling of cyberattacks against Norway’s critical infrastructure. She is currently doing research on the security of her own personal critical infrastructure, an implanted pacemaker that is generating every single beat of her heart. Marie loves to break crypto protocols, but gets angry when the broken crypto is in her own body.

Twitter: @MarieGMoe

Billy Rios
Billy is the founder of Whitescope LLC, a startup focused on embedded device security. Billy is recognized as one of the world’s most respected experts on emerging threats related to Industrial Control Systems (ICS), Critical Infrastructure (CI), and, medical devices. He discovered thousands of security vulnerabilities in hardware and software supporting ICS and critical infrastructure. Billy provided the research that led to the FDA’s first cybersecurity safety advisory and research which helped spur the FDA’s pre-market cybersecurity guidance. Billy is a contributing author to Hacking: The Next Generation, The Virtual Battlefield, and Inside Cyber Warfare. He currently holds a Master of Science in Information Systems, an MBA, and a Masters of Military Operational Arts and Science.

Twitter: @XSSniper

Jay Radcliffe
Jay Radcliffe (CISSP) has been working in the computer security field for over 20 years. Coming from the managed security services industry as well as the security consultation field, Jay has helped organizations of every size and vertical secure their networks and data. Jay presented ground-breaking research on security vulnerabilities in multiple medical devices and was featured on national television as an expert on medical device cybersecurity. As a Type I diabetic, Jay brings a lifetime of being a patient to helping medical facilities secure their critical data without compromising patient care. Not only is Jay a prolific public speaker, but also works with legal firms on expert witness consultation related to IoT and cybersecurity issues. Jay holds a Master's degree in Information Security Engineering from SANS Technology Institute, as well as a Bachelor's degree in Criminal Justice/Pre-Law from Wayne State University. SC Magazine named him one of the Top Influential IT Security Thinkers in 2013.

Twitter: @JRadcliffe02


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Lobby Bar, under the blue thing - Saturday - 19:00-21:59


Title:
Dallas Hackers Party


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Suite TBA - Saturday - 20:00-24:59


Title:
DC801 Party

@DC801

Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 10:50-11:30


COMPREHENSIVE TALK

DECEPTICON: OPSEC to Slow the OSINT

1050 - 1130


Return to Index    -    Add to    -    ics Calendar file

 

BTVW - Flamingo - Lower Level - Valley Of Fire 2 - Friday - 09:00-12:59


Deep Infrastructure Visibility With Osquery And Fleet

Friday 09:00, Valley Of Fire 2, Flamingo (4H)

@thezachw has been involved with osquery since the earliest design documents in 2015. He has brought his extensive experience to the delivery of core features such as AWS logging and syslog consumption in osquery, as well as the development Kolide Fleet, the most popular open-source osquery Fleet manager. These days he can be found cheerfully helping out users in the osquery community, or developing features for Fleet. As the founder of Dactiv LLC, he consults with technical organizations to reap the benefits of Fleet and osquery.

This workshop is an introduction to building first-class host instrumentation capabilities with open-source technologies supported by leading security practitioners. Learn the ins and outs of Facebook’s osquery agent, exposing information from hundreds of sources across the major operating systems (Mac, Windows, and Linux). See how to tie this together across the infrastructure with Kolide’s Fleet. Throughout the workshop we will interact with osquery in example scenarios in order to build hands-on experience with these tools. We will begin with a dive into the capabilities of osquery. A brief introduction to the structured query language (SQL) used in osquery will be provided. Using this query language, we will learn to extract basic data, and move on to more advanced ways to associate data across subsystems. We will discuss the scheduled query facilities of osquery and how these can be tied into a logging and alerting pipeline. When we have built some familiarity with osquery, we will look at how to utilize these capabilities across the managed infrastructure. We will cover how to manage configurations and live query individual and groups of hosts with Kolide Fleet. The discussion of Fleet will be rounded out with an introduction to the command line interface, with suggestions for how to integrate with automation and source-control workflows.


Return to Index    -    Add to    -    ics Calendar file

 

DC - DC101, Paris Theatre - Thursday - 15:00-16:45


DEF CON 101 Panel

Thursday at 15:00 in DC101, Paris Theatre
105 minutes

Highwiz

Nikita

Will

n00bz

Shaggy

SecBarbie

Tottenkoph

The DEF CON 101 Panel is the place to go to learn about the many facets of DEF CON and to begin your DEF CONian Adventure. The idea is to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). It is a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to learn about all things DEF CON so you, dear reader, can get the best experience possible. The panel will end with the time honored tradition of "Name the n00b" where lucky attendees will be brought up on stage to introduce themselves to you and earn the coveted 101 n00b handle. Don't worry if you don't make it on to the stage, you can stick around for the n00b party after the panel and get your handle then!

Highwiz
HighWiz is born of glitter and moon beams and he has all the right moves. He is the things that sweet dreams are made of and nightmares long to be... Years ago, with the help of some very awesome people*, he set about to create an event that would give the n00bs of DEF CON a place to feel welcomed and further their own pursuit of knowledge. For years he has held onto the simple tenet that "You get out of DEF CON what you put into it". HighWiz is the fabled Man on the Mountain whom people seek to gain a taste of his forbidden knowledge. He is a rare sighting at DEF CON only to be glimpsed by those lucky few. HighWiz is a member of the DEF CON CFP Review Board and Security Tribe.

*Some (but not all) of the people HighWiz would like to thank for helping to make 101 into what it is today : Runnerup, Wiseacre, Nikita, Roamer, Shaggy, Lockheed, Pyr0, Zac, V3rtgio, 1o57, Neil, Sethalump, AlxRogan, Jenn, Zant, MalwareUnicorn, Clutch, TheDarkTangent, Siviak, Tuna, Ripshy, Valkyrie, Suggy, Flipper and all the members of Security Tribe. Shout outs to Security Tribe, GH, QC and The LonelyHackersClub

Twitter: @HighWiz

Nikita
DEF CON, Director of Content & Coordination. Wife & Mom. Chicken Soup repairwoman. SecurityTribe. ☠🦄🌈🤓 Into: hacks 💡 snacks 🌮 shellacs 💅🏻

Twitter: @Niki7a

Will
Will was summoned to life through the trials of fire, fueled by the alcohol and excitement of DEF CON 25. He arose from those ashes of his former life into a malware making, maple syrup drinking n00b with a new attitude on life and lots of fury to share. On a path of creation and destruction, Will is on a relentless quest to conquer anyone that doubts him and maybe one day leave a mark that is just nearly as bright as the Phoenix itself.

n00bz
(or his n00bzness or el n00berino if you’re not into the whole brevity thing) pays the bills by working for a Silicon Valley company protecting the F500 doing Compliance and IT Security Globally by way of Wall Street and D&T. He grew up tying up phone lines across South Florida with his Bosun whistle. His love for all things wireless are due to his love of software defined radio and hatred of getting up to change the TV channel when the remote was lost. He has spoken at DEF CON, HackMiami (%27), DerbyCon and when advised of his right to remain silent, plead the fif!

Shaggy
Shaggy is a penetration tester by day and a renaissance man at night. He enjoys mastering new things and breaking anything put in front of him. When he is not messing around with technology he is making things with wood, performing card tricks, and seducing the masses with his warm gently voice.

SecBarbie
Known on the dark web as “l'initiateur du parti” and “не стоит недооценивать ее”, Erin Jacobs (best known as @SecBarbie) has been attending DEF CON for over 15 years. Erin is a member of the DEF CON CFP Review Board, has DJed both DEF CON and DEF CON China, is an organizer of DC 312, and a past DEF CON speaker. Outside of DEF CON, she’s a Founding Partner at Urbane Security, an avid traveler, and a fan of great Champagne, wine, and dining. You can find more about her under @SecBarbie, or, if you’re up for the challenge, dunes hinder sniff huddle auburn meeting arsenic wizard dizzy lipstick spying enmity highway muppet woven woken puffin atlas python iris sprig mouth yellow hexagon hexagon ;)

Tottenkoph
Tottenkoph has been going to DEF CON for over 10 years and has spent the past several cons volunteering as the Workshop department lead as well as serving on the Workshop Review Board. Tottie has spoken on things from security flaws in digital billboards to drunken insights on what random episodes of Babylon 5 *really* meant. She thinks the perfect date is April 25th, overuses exclamation points in text-based comms, and is excited to have a chance to meet/speak with more new attendees!


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Sin City Theater - Thursday - 17:00-18:59


Title:
DEF CON Ladies Meetup

Women & nonbinary people come to meet, get to know each other & do fun girl/hacking/geeky stuff together! RSVP (not required) https://www.meetup.com/HackerFoodies/events/262691815/

PS: We have a discord for the Women attending DEF CON or HackerSummerCamp in general. If you want an invite send a DM to @sylv3on_ @nemessisc or @CircuitSwan

Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Paris - Outside at base of Eiffel Tower - Thursday - 06:00-06:59


Title:
DEFCON 27 4X5K run

DEF CON 27 Let's go for a run 4X5K Announcement
The 4X5K is returning to DefCon 27. Come running, because maybe you like your mornings sweaty! 0530 is the perfect time to either wind down your evening or start up your day! 0600 is of course the coolest time for a run in Vegas (It's only 80!) But who really cares, running is fun, let's go for a run!

Meet up at 0600 (6 AM) at the base of the Paris Hotel and Casino Eiffel tower outside on Thursday-Sunday (8/9-8/12/2019) for 5.1K fun run. Run departs at 0610. We've got two pace groups. The fast group is for people that run an average pace of around 9:00-minute miles or better. If you run slower than an average pace of 9:00-minute miles you're in the not fast group. This is basically so everyone ends up in the same place at the end. At either pace, do it all four days and it's a half marathon (21K).

Routes will vary but will mostly likely be strip-centric. Printed route maps will be displayed before the run.

Safety Brief: It's Vegas, weird stuff will happen, it always does. Be aware that wet concrete is super slippery, broken glass is not your friend, and randos abound! If people harass you, just keep running. You are fast, and they are lame. Some random people may want to join in. This is cool, until it's not. Watch for traffic along the route. It's going to be hot. Hydrate before, during, and after. There can be a surprising number of stairs to climb on these runs, especially when we run south along the strip. Help each other out. Don't die.

The organizers (of which there are very few) are interested in talking to sponsors and past attendees about how we can awesome up this event. We're looking at you, fitness tracker companies: maybe we'll stop dropping 0days if you buy us some water and bananas.

I will see you there.

Follow @Agent __ X __ & @whereiskurt on Twitter for updates, and follow the hashtag #DEFCON4X5K
DEF CON 27 Let's go for a run 4X5K Announcement

Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Paris - Outside at base of Eiffel Tower - Friday - 06:00-06:59


Title:
DEFCON 27 4X5K run

DEF CON 27 Let's go for a run 4X5K Announcement
The 4X5K is returning to DefCon 27. Come running, because maybe you like your mornings sweaty! 0530 is the perfect time to either wind down your evening or start up your day! 0600 is of course the coolest time for a run in Vegas (It's only 80!) But who really cares, running is fun, let's go for a run!

Meet up at 0600 (6 AM) at the base of the Paris Hotel and Casino Eiffel tower outside on Thursday-Sunday (8/9-8/12/2019) for 5.1K fun run. Run departs at 0610. We've got two pace groups. The fast group is for people that run an average pace of around 9:00-minute miles or better. If you run slower than an average pace of 9:00-minute miles you're in the not fast group. This is basically so everyone ends up in the same place at the end. At either pace, do it all four days and it's a half marathon (21K).

Routes will vary but will mostly likely be strip-centric. Printed route maps will be displayed before the run.

Safety Brief: It's Vegas, weird stuff will happen, it always does. Be aware that wet concrete is super slippery, broken glass is not your friend, and randos abound! If people harass you, just keep running. You are fast, and they are lame. Some random people may want to join in. This is cool, until it's not. Watch for traffic along the route. It's going to be hot. Hydrate before, during, and after. There can be a surprising number of stairs to climb on these runs, especially when we run south along the strip. Help each other out. Don't die.

The organizers (of which there are very few) are interested in talking to sponsors and past attendees about how we can awesome up this event. We're looking at you, fitness tracker companies: maybe we'll stop dropping 0days if you buy us some water and bananas.

I will see you there.

Follow @Agent __ X __ & @whereiskurt on Twitter for updates, and follow the hashtag #DEFCON4X5K
DEF CON 27 Let's go for a run 4X5K Announcement

Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Paris - Outside at base of Eiffel Tower - Saturday - 06:00-06:59


Title:
DEFCON 27 4X5K run

DEF CON 27 Let's go for a run 4X5K Announcement
The 4X5K is returning to DefCon 27. Come running, because maybe you like your mornings sweaty! 0530 is the perfect time to either wind down your evening or start up your day! 0600 is of course the coolest time for a run in Vegas (It's only 80!) But who really cares, running is fun, let's go for a run!

Meet up at 0600 (6 AM) at the base of the Paris Hotel and Casino Eiffel tower outside on Thursday-Sunday (8/9-8/12/2019) for 5.1K fun run. Run departs at 0610. We've got two pace groups. The fast group is for people that run an average pace of around 9:00-minute miles or better. If you run slower than an average pace of 9:00-minute miles you're in the not fast group. This is basically so everyone ends up in the same place at the end. At either pace, do it all four days and it's a half marathon (21K).

Routes will vary but will mostly likely be strip-centric. Printed route maps will be displayed before the run.

Safety Brief: It's Vegas, weird stuff will happen, it always does. Be aware that wet concrete is super slippery, broken glass is not your friend, and randos abound! If people harass you, just keep running. You are fast, and they are lame. Some random people may want to join in. This is cool, until it's not. Watch for traffic along the route. It's going to be hot. Hydrate before, during, and after. There can be a surprising number of stairs to climb on these runs, especially when we run south along the strip. Help each other out. Don't die.

The organizers (of which there are very few) are interested in talking to sponsors and past attendees about how we can awesome up this event. We're looking at you, fitness tracker companies: maybe we'll stop dropping 0days if you buy us some water and bananas.

I will see you there.

Follow @Agent __ X __ & @whereiskurt on Twitter for updates, and follow the hashtag #DEFCON4X5K
DEF CON 27 Let's go for a run 4X5K Announcement

Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Paris - Outside at base of Eiffel Tower - Sunday - 06:00-06:59


Title:
DEFCON 27 4X5K run

DEF CON 27 Let's go for a run 4X5K Announcement
The 4X5K is returning to DefCon 27. Come running, because maybe you like your mornings sweaty! 0530 is the perfect time to either wind down your evening or start up your day! 0600 is of course the coolest time for a run in Vegas (It's only 80!) But who really cares, running is fun, let's go for a run!

Meet up at 0600 (6 AM) at the base of the Paris Hotel and Casino Eiffel tower outside on Thursday-Sunday (8/9-8/12/2019) for 5.1K fun run. Run departs at 0610. We've got two pace groups. The fast group is for people that run an average pace of around 9:00-minute miles or better. If you run slower than an average pace of 9:00-minute miles you're in the not fast group. This is basically so everyone ends up in the same place at the end. At either pace, do it all four days and it's a half marathon (21K).

Routes will vary but will mostly likely be strip-centric. Printed route maps will be displayed before the run.

Safety Brief: It's Vegas, weird stuff will happen, it always does. Be aware that wet concrete is super slippery, broken glass is not your friend, and randos abound! If people harass you, just keep running. You are fast, and they are lame. Some random people may want to join in. This is cool, until it's not. Watch for traffic along the route. It's going to be hot. Hydrate before, during, and after. There can be a surprising number of stairs to climb on these runs, especially when we run south along the strip. Help each other out. Don't die.

The organizers (of which there are very few) are interested in talking to sponsors and past attendees about how we can awesome up this event. We're looking at you, fitness tracker companies: maybe we'll stop dropping 0days if you buy us some water and bananas.

I will see you there.

Follow @Agent __ X __ & @whereiskurt on Twitter for updates, and follow the hashtag #DEFCON4X5K
DEF CON 27 Let's go for a run 4X5K Announcement

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Chateau Nightclub - Saturday - 21:00-26:59


Title:
DEFCON Monero Party

In 2017 and 2018, the Monero Enterprise Alliance reached out to the privacy lovers of Defcon and hosted an open house for a few hundred friends and supporters. That party sparked the 2018 Defcon BCOS/Monero Village, which lead to 2019 MoneroKon. Now, the 2019 Monero Village and @BCOSvillage are their own separate villages at Defcon 27. Originally, I just wanted to get people together for a drink. :) But people keep wanting to celebrate, so here we go again!
. . .
Full Anouncement and DJ scheduleHERE
Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Bally's - Chillout room near Vendor Area - Saturday - 13:00-14:59


Title:
DEFCON Sticker Swap

DEF CON Sticker Swap
The Very Unofficial @defcon Sticker Swap will be held at Ballys in the chillout room adjacent to the vendor area Saturday, 1-3pm.

We have some stickers to hand out, but were counting on you to show up with your own! #DIY #stickerlife @dcstickerswap

Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Saturday - 12:00-12:45


Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming

Saturday at 12:00 in Track 2
45 minutes | Demo, Tool

Damien Cauquil (virtualabs) Senior Security Researcher @ Econocom Digital.Security

Bluetooth Low energy version 5 has been published in late 2016, but we still have no sniffer supporting this specific version (and not that much compatible devices as well). The problem is this new version introduces a new channel hopping algorithm that renders previous sniffing tools useless as devices can no longer be attacked and connections analyzed. This new algorithm is based on a brand new pseudo-random number generator (PRNG) to provide better collision avoidance while kicking out all of our good old sniffing tools.

Unless some random hacker manages to break this not-that-strong PRNG and upgrades his BLE sniffing tool to support this algorithm ;). In this talk, we will explain why this PRNG is vulnerable and how it can be easily defeated to sniff and jam communications between two BLE 5 devices. A new version of BtleJack will be released during this talk, providing an efficient way to sniff BLE 5 connections to our fellow IoT hacker family.

Damien Cauquil (virtualabs)
Damien is a senior security researcher who joined Digital Security in 2015 as the head of research and development. He discovered how wireless protocols can be fun to hack and quickly developed BtleJuice, one of the first Bluetooth Low Energy MitM framework, and BtleJack, a BLE swiss-army knife released in 2018.

Damien presented at various security conferences including DEF CON, Hack In Paris, Chaos Communication Camp, Chaos Communication Congress, BruCon, Hack.lu, anda dozen times at Nuit du Hack, one of the oldest French hacking conference.

Twitter: @virtualabs


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock VII - Friday - 14:30-18:30


Defending environments and hunting malware with osquery

Friday, 1430-1830 in Flamingo, Red Rock VII

Guillaume Ross Hacker

In this workshop, you will learn how to defend Linux and Windows environments with osquery, using techniques that could easily be adapted to Mac and containerized environments. Then, we will look at how we can leverage osquery to hunt for malware and attackers, as well as how we could use osquery in a controlled environment to do some basic malware analysis.

We will cover osquery deployment scenarios and configurations as well as ways we can implement it to improve the security of servers and workstations.

Specifically, we will use osquery to monitor specific security configurations, detect lateral movement, detect malware, and even see how we can use it in lab environments to analyze malware.

If you have never used osquery before, this workshop will get you started. If you have used osquery before, this workshop will help you get the most out of it, by allowing you to develop queries and an understanding of the schema and how it can be applied to protect environments and detect attacks.

The topics covered will include:

* Setup, configuration and flags
* Logging results
* Building simple to complex queries
* Monitoring for lateral movement
* Tracking important security configurations on Windows and Linux
* Detecting malware
* Performing basic malware analysis on a VM with osquery

Skill Level Beginner

Prerequisites: Basic understanding of Linux and Windows. Mac and Docker optional. No knowledge of osquery itself is needed.

Materials: A computer with a SSH and RDP client. Linux and Windows systems in the cloud will be provided. Local Linux and Windows VMs are welcome as well, but not necessary.

Max students: 60

Registration: https://www.eventbrite.com/e/defending-environments-and-hunting-malware-with-osquery-red-rock-vii-tickets-63606251009
(Opens 8-Jul-19)

Guillaume Ross
Guillaume has worked as a security engineer and consultant, as a manager of blue teams, and way before that, as an enterprise IT person focused on endpoints. Guillaume is currently the Principal Security Researcher at Uptycs, finding new ways to defend systems using the power of osquery. He is also a trainer for Pluralsight, producing training content around topics such as network security monitoring.

Having worked for startups as well as Fortune50 companies, he knows how to build a security program, but having had to do the work, he also dislikes doing meaningless "best practices" work that has no practical value, and really enjoys leveraging the great open source software available to all of us.

Guillaume has spoken and given workshops at various conferences like BSidesLV, Thotcon and Northsec on many topics, including mobile security, endpoint security, logging and monitoring and much more.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 15:10-15:50


COMPREHENSIVE TALK

Derevolutionizing OS Fingerprinting: the cat and mouse game

1510 - 1550


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Friday - 15:00-15:59


Detection At Google: On Corp And Cloud

Friday 15:00, Savoy Ballroom, Flamingo (Blue Team Village) (1H)

@fryx0r is a Security Engineer on Google's detection and response team. He works out of the Sydney office, having previously worked for the Department of Defence, FireEye and Commonwealth Bank. He enjoys writing Golang and making memes, and in his spare time travels around the world running Magic the Gathering tournaments.

@JSteeleIR is a Security Engineer with 6+ years of experience in Detection, Response, Forensics, Reverse Engineering, and Automation. Some of that's been at Google. Some has been in the cloud. Some of it was good. When not sparring in the cyberspaces, he can be found camping, collecting odd input devices (possibly using those to reimplement the less PAGER in Golang) or attempting (and failing) to sleep on a normal schedule.

An overview of detection at Google: An introduction to Google's Blue team and its technologies, and how we use currently available tools to investigate on Google Cloud (GCP). We will cover the structure and setup of our team; give a detailed explanation of the main tools and services we use (with an emphasis on the ones that are open source, so you can use them yourself); and delve deeply into how to do detection on GCP - going beyond finding simple misconfigurations and instead detailing how to use available tools and logs to increase visibility and find badness.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 19:00-19:59


7:00 PM: Digital Medicine 101
Speaker: Jen Goldsack

Abstract: Technology is changing how we practice medicine. Sensors and wearables are getting smaller and cheaper, and algorithms are becoming powerful enough to predict medical outcomes. Yet despite rapid advances, healthcare lags behind other industries in truly putting these technologies to use. A major barrier to entry is the cross-disciplinary approach required to create such tools, requiring knowledge from many people across many fields. The talk aims to drive the field forward by unpacking that barrier, providing a "myth busting" session of the core concepts and terms that define digital medicine. The talk will use cartoons (woot!) to outline concepts the security, ethical, regulatory, and legal issues developers must consider as digital medicine products go to market.

Speaker Bio: Jen Goldsack is the Executive Director of the Digital Medicine Society (DiMe). Jen spent several years at the Clinical Trials Transformation Initiative (CTTI) -- a public private partnership cofounded by Duke and the FDA -- where she led development and implementation several projects within CTTIs Mobile Program and was the operational co-lead on the first randomized clinical trial using FDAs Sentinel System. Jen spent five years working in research at the Hospital of the University of Pennsylvania, first in Outcomes Research in the Department of Surgery and later in the Department of Medicine. More recently, she helped launch the Value Institute, a pragmatic research and innovation center embedded in a large academic medical center in Delaware. Jen earned her masters degree in chemistry from the University of Oxford, England, her masters in the history and sociology of medicine from the University of Pennsylvania, and her MBA from the George Washington University. Additionally, she is a certified Lean Six Sigma Green Belt and a Certified Professional in Healthcare Quality. Ms Goldsack is a retired athlete, formerly a Pan American Games Champion, Olympian and World Championship silver medalist.

T: @_DiMeSociety

Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Friday - 13:00-13:59


Title:
Discussion Of State Election Security Policy


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Sunday - 10:40-11:05


Distributed Decentralized Security for Bitcoin Wallets

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Concorde B Ballroom - Friday - 19:30-25:59


Title:
Diversity Party

hacker outreach event

Follow T:@DefConOwasp for updates

Swing by to connect with others.
Come and meet cool groups and crews, we encourage you to come and take a space at the event : )

Come hang and meet others, make new friends, see what others are working on : )

Learn about & meet organizations that are working to bring empowerment and inclusion to the hacker community.

We are next to Blanket Fort Con: )

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 11:00-11:45


11:00 AM: DIY Medicine: The Ethics of Hacking Pharma
Speaker: Alex Pearlman

Abstract: I will present two case studies of groups using biohacking methods to create generic versions of two of the most widely prescribed and most expensive pharmaceuticals in America. I will explain their methods and motivations in the context of the crisis of distributive justice in the US healthcare system. I question the ethics of the the delivery of pharmaceuticals to patients in the US and argue that biohackers are actually acting in a way that is morally acceptable, given the circumstances.

Speaker Bio: Alex Pearlman is a bioethicist and writer and is the Managing Director of the Institute for Ethics of Emerging Technologies. Her research focuses on biohacking, self-experimentation, and access to health technologies. She also writes about emerging policy issues in science for the mainstream press.

T: @lexikon1

Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 11:00-11:45


Don't Red-Team AI Like a Chump

Friday at 11:00 in Track 1
45 minutes | Demo, Tool

Ariel Herbert-Voss PhD student, Harvard University

AI needs no introduction as one of the most overhyped technical fields in the last decade. The subsequent hysteria around building AI-based systems has also made them a tasty target for folks looking to cause major mischief. However, most of the popular proposed attacks specifically targeting AI systems focus on the algorithm rather than the system in which the algorithm is deployed. We’ll begin by talking about why this threat model doesn’t hold up in realistic scenarios, using facial detection and self-driving cars as primary examples. We will also learn how to more effectively red-team AI systems by considering the data processing pipeline as the primary target.

Ariel Herbert-Voss
Ariel Herbert-Voss is a PhD student at Harvard University, where she specializes in adversarial machine learning, cybersecurity, mathematical optimization, and dumb internet memes. She is an affiliate researcher at the MIT Media Lab and at the Vector Institute for Artificial Intelligence. She is a co-founder and co-organizer of the DEF CON AI Village, and loves all things to do with malicious uses and abuses of AI.

Twitter: @adversariel


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Sunday - 10:00-09:59


Don’t Forget to Wipe

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 5 - Saturday - 12:00 - 13:50


Dr.ROBOT: Organized Chaos and the Shotgun Approach

Saturday from 12:00 – 13:50 in Sunset 5 at Planet Hollywood
Audience: Defense/Offense

Aleksandar Straumann & Jayson Grace

Companies are large, and the number of subdomains they expose is even larger. There are a number of tools to uncover subdomains an organization is exposing, but individually they do not give you the complete picture. In the event that you use multiple tools, you are given an overwhelming amount of data to piece together into an aggregate view. In this talk we introduce Dr.ROBOT, a domain reconnaissance tool that was developed to run a large variety of subdomain enumeration tools. It was designed to trivially incorporate new tools as they are released by leveraging Docker and Ansible. Dr.ROBOT has three stages: gathering, inspection, and publishing. In the gathering stage, it gathers as much information as it can and aggregates the results. In the inspection phase, it captures screenshots and other information regarding the target. Finally, in the publishing phase it sends the data gathered during the previous two phases to an endpoint for manual review. Dr.ROBOT was created to serve as a comprehensive source on subdomain exposure by gathering information from as many resources as possible. It is a versatile utility for bug bounty hunters, blue teams, red teams, and many others.

https://github.com/sandialabs/dr_robot

Aleksandar Straumann
Aleksandar recently received his Masters in Computer Science from the University of Minnesota Duluth. In addition to his studies, he works part time at Sandia National Labs as a graduate intern. He works on various projects involving penetration testing, reverse engineering, and tool development. A security enthusiast, he has also pursued certifications in web penetration testing and offensive security. Aleksandar enjoys practicing his skills with CTFs, developing tools, and working on projects to make the security community better.

Jayson Grace
Jayson Grace is a Security Engineer at Splunk. He holds a BS in Computer Science from the University of New Mexico (2016). He has previously worked as a tool developer, penetration tester, systems administrator, and DevOps Engineer. Passionate about empowering engineers to create secure applications, Jayson also enjoys hunting for 0-days, automating offensive security processes, and strongly believes that in-house offensive security researchers are essential to maintaining a secure environment.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 12:30-14:30


12:30 PM: Dr/Hacker Panel
Speakers:
Dr. Harish Manyam
Hussein Syed
Dr. Dale Yoo

Abstract: Evaluating the clinical impact of a vulnerability has significant implication on how the vulnerabilities is handled both pre and post disclosure including how it is communicated to physicians and patients. Open and transparent communication between the clinical and security researcher communities is essential to ensure that researchers understand the impact that medical device vulnerabilities will have on patient health and safety and clinicians have a better understanding of security implications to be able to recommend an appropriate response for their patients. This panel which includes medical security researchers and practicing physicians and healthcare technologists will discuss the challenges of evaluating the clinical impact of medical device technologies and the opportunities for researchers and healthcare processionals to work more closely together.

Speaker Bio:
Dr. Manyam received his training at Case Western Reserve University Hospitals (2012-2014) and stayed there as faculty and Assistant Professor of Medicine from 2013-2016. He served as the Head of the Lead Extraction Program at University Hospitals Case Western Reserve prior to jointing the UT Cardiology group. He serves as the Director of Cardiovascular Research and the Head of the Atrial Fibrillation Center at Erlanger. He is actively involved with multiple research trials including monitoring the recurrence of atrial fibrillation, optimizing programing options in patients with biventricular defibrillators, and the assessment of lead extraction risk. He has extensive experience in complex ablation (atrial fibrillation and ventricular tachycardia), laser lead extraction, and device implantation.

Hussein Syed is the VP/CISO at RWJBarnabas Health System, an integrated healthcare delivery network in New Jersey. He is responsible for the organization's information security program. Hussein and his team are responsible for security management planning and execution to align with the strategic goals of the health system. Hussein has more than 25 years of experience in IT, of which 17 years are in information security. He has spoken and participated at various security events, RSA, Evanta, HIMSS, and Gartner.

Dr,. Dale Yoo attended the University of Pennsylvania in Philadelphia for his undergraduate degree program with honors. He attended medical school at the University of Texas Health Science Center, San Antonio, TX. He completed h9is residency in Internal Medicine and his fellowships in Cardiovascular Disease, Cardiac Electrophysiology Research and Clinical Cardiac Electrophysiology all from Emory University in Atlanta, GA. Dr. Yoo is proficient in all aspects of Electrophysiology including atrial fibrillation ablation, atrial flutter and PSVT ablation, ventricular tachycardia ablation, as well as complex congenital heart disease management and ablation. In addition, he implants pacemakers, defibrillators and cardiac resynchronization therapy devices. He is also one of only a handful of physicians trained to perform laser lead extraction in the Dallas area. Dr. Yoo not only practices electrophysiology, but he is also board certified in Nuclear Cardiology and proficient in advanced heart failure management. He is also quite involved with clinical research and has developed and patented a post-operative atrial fibrillation drug.

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Mezzanine Stage - Saturday - 22:00-23:59


Title:
Drunk Hacker History

Its official. Drunk Hacker History will back at @defcon for a 5th fabulous year!!!
Truthfully, we didnt think our livers would last this long.
Time to start preparing and developing a tolerance to those feats of strength!

Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Mezzanine Stage - Saturday - 11:00-12:59


Title:
dstruction

No description available
Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Friday - 10:00-10:45


Duplicating Restricted Mechanical Keys

Friday at 10:00 in Track 4
45 minutes | Exploit

Bill Graydon President and Principal, Physical Security Analytics

Robert Graydon Principal, GGR Security

Secure facilities in North America use lock systems like Medeco, Abloy, Assa and Mul-T-Lock partly to resist lock picking, but also to prevent the duplication and creation of unauthorised keys. Places such as the White House and the Canadian Parliament buildings go so far as to use a key profile exclusive to that facility to ensure that no-one is able to obtain key blanks on which to make a copy. However, there are tens of thousands of unrestricted key blank profiles in existence - many match very closely to these restricted key blanks, and can be used instead of the real blanks to cut keys on. Moreover, keys are just pieces of metal - we will present numerous practical techniques to create restricted keys without authorisation - including new attacks on Medeco, Mul-T-Lock and Abloy key control systems. We will touch on all aspects of key control, including patents and interactive elements, and discuss how to defeat them and how facility managers can fight back against these attacks.

Bill Graydon
Bill Graydon is a principal at GGR Security Consultants, and is active in research in electronic surveillance and alarm systems, human psychology in a secure environment and locking systems analysis. He received a Masters in computer engineering and a certificate in forensic engineering from the University of Toronto, applying this at GGR to develop rigorous computational frameworks to model and improve security in the physical world.

Website: https://ggrsecurity.com/DEFCON

Robert Graydon
Robert is a principal at GGR security. With a strong interest driving him forward, he is researching lock manipulation, picking, bypass, and other vulnerabilities, to discover and evaluate possible flaws or methods of attack. He has well-honed skills such as lock picking, decoding, locksmithing, as well as a thorough understanding of the mechanics and function of many types of high security locks, and electronic security systems and components, allowing him to effectively search for and test methods of cracking high security systems.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 13:00-13:45


Speaker: Tanya Janca & Teri Radichel

Twitter: @SheHacksPurple

Twitter: @TeriRadichel

Abstract: PenTesters, Blue & Red teamers, network admins and cloud enthusiasts, this talk will layout from start to finish how to verify the security of your Azure implementation. This talk will be 80%+ demos of where to look, what to do, and how to prioritize what you find. Topics include: Azure Security Center, setting scope, setting policy, threat protection, more.

Detailed Outline: There are two articles as well as a video we will share at the end to give the audience more information and a checklist of how they can assess their own Azure instances after the talk is over.

Here is the outline of what we plan to cover in this session:
Do not test the Azure Infrastructure. That is violation of the user agreement for Azure and will get you into hot water with Microsoft. No one wants that.
Be extremely careful to only test things that are IN SCOPE for your client.
Is Azure Security Center turned on? If not, turn it on. I ❤ ASC.
Do all subscriptions/sub-subscriptions have it on? Do you have complete coverage? If not, definitely report it.
Is there a policy set (settings that the org has chosen as “secure”, such as all storage must be encrypted at rest)? If so, what are the settings? Do they look good? Also, what level of compliance do they have? Everything that is not compliant should be reported.
Is threat protection (storage and databases only), monitoring and auditing set up on every possible resource? If not, report it.
Look at the network, in the same way you would look at a traditional network, is anything out of place? Also, are they doing Zoning or Zero-trust or something else? Which network security model are they using? Make sure they are compliant with their own plan. Ask them what their plan is for their network to start. If they don't have an answer, that's another issue altogether.
Do they have “just in time” (JIT) set up on all ports on all servers/VMs? Or are they using a JumpBox to access VMs from outside Azure? Or is that not allowed at all? They should use JIT and Network Security Groups (NSGs)for *everything*.Do they have app whitelisting enabled on VMs? It's called Adaptive Application Controls, and it's right underneath JIT in the security center (ASC) menu, under “Advanced Cloud Defense”. They should have that turned on for *all* servers.Are they using a SIEM (Security incident and event management system)? Are they using it well? Are they monitoring it? What kind of coverage is it getting? Does ASC feed into it? It should.
Are they using a WAF (Web Application Firewall)? If so, test it. If they aren't, mark it as advice for improvement.Any other 3rd party security tools (IPS/IDS/HIPS/Other)? If so, are those getting complete coverage of all assets that are covered by this test? And are they configured well?
Look in “Recommendations” tab of Azure Security Center and it will tell you all the problems (network issues, config errors, missing patches, more) that you haven't spotted yet. 😊 Really, you could likely start here. This is a list of everything that is not compliant with your policy, in order of importance.
If you are assessing web apps within Azure, APIs and functions (serverless), that's a whole other topic, but all of the regular security testing rules would apply, Azure or not.
If your org is using Azure DevOps I suggest adding several security tests to your pipeline including Azure Secure DevOps Kit. It's strict; you likely won't pass the first few times around, so prepare your developers for a bit of disappointment. There are a TON of great security tools in the Azure Marketplace, add a few, one is not enough.Turn on VA for SQL DataBases as part of the Azure Threat Protection, and kick off a scan right away to see if anything is happening. It will likely had a lot of advice for you.
Look in the Threat Detection part of Security Centre, verify that there are no active attacks happening or recent ones, investigate accordingly.

About Tanya: Tanya Janca, also known as SheHacksPurple, is a senior cloud advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs, public speaking and community events. As an ethical hacker, OWASP Project Leader, Women of Security (WoSEC) chapter leader, software developer and professional computer geek of 20+ years, she is a person who is truly fascinated by the 'science' of computer science.

About Teri: Teri has helped 1000's of companies with cloud security through consulting, writing, research, and training. She moved a web hosting business to the cloud and then started the Seattle AWS Architects and Engineers Meetup in 2013 which now has over 2500 members. She was on the original team that helped Capital One move production workloads to AWS. Another company recruited her to help them move to the cloud. She led a team of 30 people in two countries, architected a SAAS IOT solution on AWS and delivered a secure CI/CD pipeline based on her whitepaper, Balancing Security and Innovation with Event Driven Automation. She then moved into security research, writing articles for publications such as Dark Reading and Infosecurity Magazine and reverse engineering malware. When someone told her packet capture was not possible in the cloud, she wrote a white paper Packet Capture on AWS proving that it was.
Teri has presented on cloud security at major security conferences including RSA, AWS re:Invent, Countermeasure, SANS Networking, SANS Cloud Summit, and BSides. She is an IANS Faculty member and received the SANS Differences Makers Award for security innovation. Teri has 25 years of professional technical experience including software architecture and engineering, cyber security, and business operations. She was on the initial SANS cloud security advisory board and provided information and updates for SANS cloud curriculum. She taught the cloud security class for SANS Institute in 2018. She holds a business degree from the University of Washington, a Master of Software Engineering from Seattle University, and is currently finishing a Master of Information Security Engineering from SANS Institute. She got started with computers when she taught herself to program on a TI99/4A when she was 12 years old.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 1 - Friday - 12:00 - 13:50


EAPHammer

Friday from 12:00 – 13:50 in Sunset 1 at Planet Hollywood
Audience: Offensive security professionals, security analysts and network administrators, executive leadership, end-users

Gabriel Ryan

EAPHammer is a toolkit for performing targeted rogue access point attacks against enterprise wireless infrastructure. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus has been placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration.

This summer will mark the third anniversary of EAPHammer since it was released at DEF CON Demo Labs and BlackHat Arsenal in 2017. It's also the most exciting and complete version of the tool yet, with the addition of a number of features that were requested directly by users at Demo Labs in 2018.

EAPHammer now supports most of the bleeding edge attacks that have been discovered by the wireless community over the past few years, including:

- WPA3 Transition Mode and Security Group Downgrade Attacks
- Reflection and Invalid Curve attacks against EAP-pwd
- GTC-Downgrade, Fixed Challenge, and EAP Relay attacks against WPA/2-EAP
- PMKID attacks against WPA/2-PSK networks
- Known Beacons Attack and Legacy SSL Support
- External Certificate Handling and Import

Perhaps most excitingly, we've also included some never-before-seen attacks against Opportunistic Wireless Encryption (OWE), which is better known as "Enhanced Open".

https://github.com/s0lst1ce/eaphammer

Gabriel Ryan
Gabriel Ryan is an offensive security R&D and consultant at SpecterOps. He is the author of EAPHammer, a toolkit for performing targeted rogue access point attacks against enterprise wireless networks. Gabriel has presented at DEF CON, DerbyCon, Hackfest, and several Security BSides conferences on topics ranging from infrastructure security to access control protocols and red team tradecraft. His professional interests include wireless security, systems internals, low-level programming, and infrastructure automation.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 16:00-16:59


Easy PAKE Oven

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Saturday - 10:00-10:45


EDR Is Coming; Hide Yo Sh!t

Saturday at 10:00 in Track 4
45 minutes | Demo, Tool

Michael Leibowitz Principal Troublemaker

Topher Timzen (@TTimzen), Principal Vulnerability Enthusiast

There’s a new, largely unaddressed threat in the security industry today, Endpoint Detection and Response (EDR), which aims to stop threat actors in their tracks. The scenario plays out like this... At first your campaign is going well and your attacker objectives are being met. Then, your lovingly crafted payloads become analyst samples, you’re evicted from the environment and you lose your persistence. You and the analyst are now having a bad time. You may feel this is just fear mongering, but we assure you, the risk is real.Fortunately, we have a few new tricks up our sleeves to keep this nightmare scenario at bay. While many would have you believe that we live in a measured and signed boot Utopia on modern systems, we will show you the seedy underbelly of this Brave New World. By abusing early boot mechanisms and UEFI platform firmware, we are able to evade common detection. By showing up early to the fight, we sucker punch EDR, leaving it in a daze unable to see our malicious activities. We put a new twist on old code injection techniques and maintain persistence in UEFI firmware, making an effective invisibility cloak. By leveraging these two techniques, you and the analyst can have a happy and relaxing evening. From that point on - the good ol’ days are back again! Plunder away!

Michael Leibowitz
Michael (@r00tkillah) has done hard-time in real-time. An old-school computer engineer by education, he spends his days hacking the mothership for a fortune 100 company. Previously, he developed and tested embedded hardware and software, fooled around with strap-on boot roms, mobile apps, office suites, and written some secure software. On nights and weekends he hacks on electronics, writes CFPs, and contributes to the NSA Playset.

Twitter: @r00tkillah

Topher Timzen
Topher Timzen (@TTimzen) is currently a Principal Vulnerability Enthusiast and enjoys causing constructive mischief. Topher has spoken at conferences such as DEF CON, SecTor and BSidesPDX on offensive security research. Enjoying teaching, particularly about exploitation, he has been running the CTF at BSidesPDX for the past few years. Topher is located in the woods hiking or mountain biking when not computing. Collectively they have pretended to be bears, slayed a dragon or two, and have managed to not bring down a production server (for long). In reality, they just want to write malware.

Twitter: @Ttimzen


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Mezzanine Stage - Friday - 17:00-18:59


Title:
EFF Trivia

No description available
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 10:15-10:59


10:15 AM: Employ Cybersecurity Techniques Against the Threat of Medical Misinformation
Speaker: Eric D Perakslis

Abstract: Medical misinformation has been labeled as one of the greatest public health threats of our time. Previously eradicated diseases, such as measles are occurring in clusters and causing deaths. The problem is complex with a mixture of private individuals and nation state actors all working to undermine the credibility of doctors and the US health system. In this piece, I will discuss our JAMA piece that calls for the use of an ethical cyber response to the threat of medical misinformation.

Speaker Bio: Eric Perakslis, PhD, is a Rubenstein Fellow at Duke University, where he focuses on data science that spans medicine, policy, information technology, and security. Eric is also Lecturer in Biomedical Informatics at Harvard Medical School, and Strategic Innovation Advisor to Mdecins Sans Frontires.

T: @eperakslis

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Sunday - 11:00-10:59


Empowering Gateways with Functional Encryption

No description available


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 13:00-12:59


Enabling HTTPS for home network devices using Let’s Encrypt

No description available


Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Saturday - 14:00-14:59


Title:
Ethical Issues In Cyber Attribution


Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Friday - 14:00-14:59


Title:
Ethics And Federal Election Security Policy


Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Friday - 15:00-15:59


Title:
Ethics Discussion with Congressional Staffers


Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Sunday - 12:00-12:59


Title:
Ethics Training Workshop


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Sunday - 09:00-09:59


Evaded MicrosoftATA? **But** You Are Completely Exposed By Event Log

Sunday 09:00, Savoy Ballroom, Flamingo (Blue Team Village) (1H)

@9ian1i is a security researcher, core member of 0keeTeam, Information Security Department of Qihoo 360 Technology Company. He specializes in the construction of Blue Team and security architecture, especially the auto-detection of security vulnerabilities.

Due to internal environment of Windows domains is always too tolerant, and enterprises are more concerned about border defenses than internal security, the penetration behavior based on Windows Active Directory has become more and more popular and aggressive. The emergence of MicrosoftATA allows BlueTeam to perceive and discover most domain penetration activities, however, there are many bypassing techniques for MicrosoftATA recently, and the detection dimension of MicrosoftATA is not comprehensive enough, especially the persistence part. It's a compelling problem whether the Red Team can ensure their behaviors not to be detected after bypassing the detection of MicrosoftATA. In my recent research, the security event log of domain controller details the activity of entities in the domain. Most AD Attacks leave traces in the logs. These logs can be collected and analyzed in real time, helping you quickly detect attacks before an attacker compromises the domain controller. I will detail how to find exceptional behavior from a large number of domain controller security event logs and use a variety of analysis approaches to determine attacks, while taking into account false alarm rate. It's worth mentioning that we don't collect security event log of all computers, only domain controllers. As a result, these ideas are applicable in a large-scale intranet environment, helping Blue Team build its own Advanced Threat Analytics.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Friday - 11:00-11:45


Evil eBPF In-Depth: Practical Abuses of an In-Kernel Bytecode Runtime

Friday at 11:00 in Track 4
45 minutes | Demo, Exploit

Jeff Dileo Research Director, NCC Group

eBPF (or "extended" Berkeley Packet Filter) is a bytecode instruction set and virtual machine used as a safe computing environment within the Linux kernel to perform arbitrary programmatic actions. It is a redesign of Linux's original in-kernel BPF bytecode VM used to power features like tcpdump filters. eBPF has an entirely different set of capabilities and instructions, with its primary goal being to serve as a JIT-able virtual machine instruction set that can be targeted by compilers of a memory-safe "restricted C" language. In the Linux kernel, it is actively being applied to anything and everything to provide performant programmatic capabilities to userland that extend traditionally kernel-based functionality.

In this exploit development focused talk, we will first introduce eBPF and discuss several nefarious techniques enabled by the technology. As we do so, we will cover the respective sets of APIs, file descriptor types, and other eBPF machinery that enable such techniques, building up from various forms of hidden IPC channels to full-fledged rootkits. Within this talk, we will walk through the implementations of the techniques we discuss so that attendees will walk away with the knowledge of how to implement their own variants. Along the way we will discuss novel container breakout techniques and interesting "dual-purpose" eBPF features that enable the development of mutative syscall hooks that work for processes that work for processes already attached by a debugger. Finally, we will provide insight on how defenders should begin to attempt to detect and recover from such abuses, when possible at all.

This presentation significantly extends on work we first presented at 35C3, which focused more heavily on the underlying aspects of general eBPF-based kernel tracing. In contrast, this talk will demo new techniques and include substantially improved versions of techniques presented previously as proofs-of-concept.

Jeff Dileo
Jeff Dileo (chaosdata) is a security consultant by day, and sometimes by night. He hacks on embedded systems, mobile apps and devices, web apps, and complicated things that don't have names. He likes candy and arguing about text editors and window managers he doesn't actually use.

Twitter: @chaosdatumz


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock I - Friday - 10:00-13:59


Evil Mainframe Jr: Mainframe hacking from recon to privesc

Friday, 1000-1400 in Flamingo, Red Rock I

Soldier of Fortran Hacker

Big Endian Smalls Director of North American Operations for RSM Partners

Mainframes power every industry you care about. Yet hackers have no idea how to even begin approaching this these big iron beasts. Where do you even start? VTAM? CICS? TSO? This workshop aims to give you the tools and language you can use to hack a mainframe. Starting with reconnaissance and ending with privilege escalation this workshop will walk you through all the tools and techniques you can use to hack a mainframe in 2019. Students will be introduced to the platform by being allowed to explore the operating system and allowing students to understand the weaknesses within. Students will also get introduced to open source tools and libraries available for all the steps of a penetration test including Nmap, metasploit, python scripts, REXX scripts and even HLASM. The majority of the workshop will be spent performing instructor led hands on mainframe testing with the tools available. Goals for each segment will be laid out with appropriate time afforded to students to allow them the ability to gain a deep understanding of how a test could and should be performed. Exercises will be based on real world attack scenarios developed by the trainers. This training specifically focuses on z/OS.

Skill Level Intermediate

Prerequisites: Background in penetration testing/red team and knowledge of tools like nmap, metasploit and scripting languages like Python/Ruby

Materials: Laptop capable of running a VM, power for their laptop.

Max students: 24

Registration: https://www.eventbrite.com/e/evil-mainframe-jr-mainframe-hacking-from-recon-to-privesc-red-rock-i-tickets-63439560433
(Opens 8-Jul-19)

Soldier of Fortran
Philip Young, aka Soldier of FORTRAN, is a leading expert in all things mainframe hacking. Having spoken and taught at conferences around the world, including DEFCON, RSA, BlackHat and keynoting at both SHARE and GSE Europe, he has established himself as the thought leader in mainframe penetration testing. Since 2013 Philip has released tools to aid in the testing of mainframe security and contributed to multiple opensource projects including Nmap, allowing those with little mainframe capabilities the chance to test their mainframes. His hope is that through raising awareness about mainframe security more organizations will take their risk profile seriously.

Big Endian Smalls
Chad Rikansrud, aka Big Endian Smalls, is the Director of North American Operations for RSM Partners - a world leader in IBM mainframe security consulting services. Chad is a nationally recognized security industry speaker, with appearances at: DEF CON, RSA2017, SHARE, and other regional conferences. Most of Chad's 20-year career has been in technology leadership for the financial services industry where he has held various senior leadership positions, including worldwide datacenter operations, infrastructure and recovery responsibility, as well as enterprise-wide system z storage


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 3 - Friday - 14:00 - 15:50


EXPLIoT - IoT Security Testing and Exploitation Framework

Friday from 14:00 – 15:50 in Sunset 3 at Planet Hollywood
Audience: Offense, Hardware, IoT, Pentesters

Aseem Jakhar & Murtuja Bharmal

EXPLIoT is a framework for security testing and exploiting IoT products and IoT infrastructure. Source code and documentation - https://gitlab.com/expliot_framework/expliot It provides a set of plugins (test cases) which are used to perform the assessment and can be extended easily with new ones. The name EXPLIoT (pronounced expl-aa-yo-tee) is a pun on the word exploit and explains the purpose of the framework i.e. IoT exploitation. It can be used as a standalone tool for IoT security testing and more interestingly, it provides building blocks for writing new plugins/exploits and other IoT security assessment test cases with ease. EXPLIoT supports most IoT communication protocols, hardware interfacing functionality and test cases that can be used from within the framework to quickly map and exploit an IoT product or IoT Infrastructure. It will help the security community in writing quick IoT test cases and exploits. Currently, the framework has support for analyzing and exploiting various IoT, radio and hardware protocols including BLE, CAN, DICOM, MQTT, Modbus, I2C, SPI, UART We have released a comprehensive documentation including User and Developer guide to help the security community kick start quickly and easily with the framework.

https://gitlab.com/expliot_framework/expliot

Aseem Jakhar
Aseem Jakhar is the Director, research at Payatu Software Labs https://payatu.com a security testing company specialized in IoT, Embedded, cloud, mobile security. He is the founder of null-The open security community, a registered not-for-profit organization https://null.co.in and also organizes https://nullcon.net and https://hardwear.io security conferences. He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, bayesian engine to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon, Hack.lu, Hack in Paris, Hack In The Box, PHDays and many more. He has authored various open source security software including:

- EXPLIoT - IoT Exploitation Framework
- DIVA (Damn Insecure and Vulnerable App) for Android
- Jugaad/Indroid - Linux Thread injection kit for x86 and ARM
- Dexfuzzer - Dex file format fuzzer

Murtuja Bharmal
Murtuja Bharmal is an application and network security enthusiast, having 15+ years of industry experience on the offensive as well as the defensive side of security. He is the Co-Founder and Director at Payatu Software Labs, a security testing company specialized in IoT, Embedded, cloud, mobile security. He is also the Founder of null (The Open Security Community) - http://null.co.in, nullcon (International security conference) - http://nullcon.net and hardwear.io security conference - http://hardwear.io. He has worked extensively on network and web application security assessment and served various financial organizations in India, Middle East, South East Asia, and Europe in a personal and professional capacity. He is X-IBMer and has worked on IBM-ISS (Internet Security System) product as Senior System Engineer. He started his career as a security product developer and developed a UTM (Unified Threat Management) product with features such as Firewall, IPS, VPN, and Application Proxies.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock VII - Friday - 10:00-13:59


Exploit Development for Beginners

Friday, 1000-1400 in Flamingo, Red Rock VII

Sam Bowne Proprietor, Bowne Consulting

Elizabeth Biddlecome Senior Researcher, Bowne Consulting

Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits incuding buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.

After this workshop, you will understand how memory is used by software, and why computers are so easily tricked into executing bytes as code that entered the system as data.

We will exploit 32-bit and 64-bit Intel systems, and also ARM-based systems. We will examine modern Windows defenses in detail and learn how to defeat them, including ASLR, DEP, stack cookies, and SEHOP.

Previous experience with C and assembly language is helpful but not required. Participants will need a laptop that can run VMware or VirtualBox virtual machines.

All materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.

Skill Level Intermediate

Prerequisites: Familiarity with C programming and assembly language is helpful, but not essential.

Materials: A laptop capable of running a virtual machine in VMware or VirtualBox.

Max students: 70

Registration: https://www.eventbrite.com/e/exploit-development-for-beginners-red-rock-vii-tickets-63608704347
(Opens 8-Jul-19)

Sam Bowne
Sam Bowne is the proprietor of Bowne Consulting and an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is a DEF CON Black Badge co-winner.

Elizabeth Biddlecome
Elizabeth Biddlecome is a senior researcher at Bowne Consulting, an independent consultant, and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Friday - 13:00-13:40


Speaker: Colin Estep

Twitter: @colinestep

Abstract: Identity and Access Management (IAM) in any public cloud provider can be tricky to configure appropriately. We've all seen the headlines about storage buckets being open to the public and exposing sensitive information, but what about the permissions we are giving our users and apps that run in our cloud environment? It's becoming more difficult to understand who has permissions over resources and what the implications of those permissions are as more controls proliferate across the public cloud providers.

In this talk, we will take a closer look at the Google Cloud Platform (GCP) IAM model. You'll be introduced to the relevant concepts to understand the different types of identities, IAM permissions, and scopes. We'll examine the permissions and scopes assigned to the compute engine service account created for you by default. Did you know that the default IAM policy for the compute engine service account includes the ability to impersonate other service accounts, among other things?

Most importantly, we'll learn how to leverage certain configurations of the service account to escalate privileges from a virtual machine. I will show a demo where I use a shell on a virtual machine to tear down another security control to allow data exfiltration out of the environment. By the end of the talk, you'll understand how to impersonate service accounts, conduct recon, and escalate your privileges from a virtual machine. You'll also get some ideas on how to mitigate against these attacks.

About Colin: Currently a threat researcher at Netskope focused on AWS and GCP. Colin was previously the CSO at Sift Security (acquired by Netskope), where he helped move the product towards breach detection for IaaS. He was a senior engineer on the security teams at Netflix and Apple before joining Sift. He was also a FBI Agent specializing in Cyber crime, where he spent a fair amount of time coordinating with other countries to locate and arrest malware authors and botnet operators.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Sunday - 11:00-11:45


Exploiting Qualcomm WLAN and Modem Over The Air

Sunday at 11:00 in Track 3
45 minutes | Demo, Exploit

Xiling Gong Consultant, NCC Group

Peter Pi Senior Security Researcher of Tencent Blade Team

In this talk, we will share our research in which we successfully exploit Qualcomm WLAN in FIRMWARE layer, break down the isolation between WLAN and Modem and then fully control the Modem over the air.

Setup the real-time debugger is the key. Without the debugger, it's difficult to inspect the program flow and runtime status. On Qualcomm platform, subsystems are protected by the Secure Boot and unable to be touched externally. We'll introduce the vulnerability we found in Modem to defeat the Secure Boot and elevate privilege into Modem locally so that we can setup the live debugger for baseband.

The Modem and WLAN firmware is quite complex and reverse engineering is a tough work. Thanks to the debugger, we finally figure out the system architecture, the components, the program flow, the data flow, and the attack surfaces of WLAN firmware. We'll share these techniques in detail, along with the zero-days we found on the attack surfaces.

There are multiple mitigations on Qualcomm baseband, including DEP, stack protection, heap cookie, system call constraint, etc. All the details of the exploitation and mitigation bypassing techniques will be given during the presentation.

Starting from Snapdragon 835, WLAN firmware is integrated into the Modem subsystem as an isolated userspace process. We'll discuss these constraints, and then leverage the weakness we found to fully exploit into Modem.

Xiling Gong
Xiling Gong is a Senior Security Researcher of Tencent Blade Team. He has discovered many vulnerabilities of vendors like Google and Qualcomm. He is the speaker of CanSecWest 2018.

Twitter: @Gxiling

Peter Pi
Peter Pi is a Senior Security Researcher of Tencent Blade Team. He has discovered many vulnerabilities of vendors like Google, Microsoft, Apple, Qualcomm, Adobe and Tesla. He was the #1 researcher of Google Android VRP in year 2016. He has spoken at many famous security conferences such as BlackHat, CanSecWest, HITB GSEC and Hitcon.

Twitter: @tencent_blade


Return to Index    -    Add to    -    ics Calendar file

 

DC - DC101, Paris Theatre - Thursday - 10:00-10:45


Exploiting Windows Exploit Mitigation for ROP Exploits

Thursday at 10:00 in DC101, Paris Theatre
45 minutes | Demo

Omer Yair Endpoint Team Lead at Symantec

“A concept is a brick. It can be used to build a courthouse of reason. Or it can be thrown through the window.” ― Gilles Deleuze

Ever since Smashing the Stack For Fun And Profit was published by Aleph One almost a quarter century ago the security world has completely changed the way it defends exploitation. Canary stack, DEP, ASLR, CFI and various other mitigation techniques were developed to address various exploit techniques. Yet, ROP remains a prominent practice employed by many exploits even today.

ROP is the most common exploitation method for attackers to mutate memory bugs on target process into malicious executable code. “Next Gen” endpoint security products try to address ROP and other exploitation methods. Windows embraces many mitigation techniques as well. However, these mitigation features such as CFG can in fact be leveraged and increase ROP’s attack surface and allow it to even bypass exploit protections!

If you are intrigued by ROP, want to learn about methods in Windows that protect against ROP and how to bypass them - this talk is for you! On top of that a novel method of bypassing ROP mitigation of most products will also be revealed.

Omer Yair
Omer is End-Point team lead at Symantec (formerly Javelin Networks). His team focuses on methods to covertly manipulate OS internals. Before Symantec he was a malware researcher at IBM Trusteer for two years focusing on financial malware families. In the past he has worked at Algotec for six years developing medical imaging software and at IDF's technology unit for three years as dev team lead. Omer lectured on DerbyCon 8, Virus Bulletin and Zero Nights conferences. In his free time he revives historical photographic processes.

Twitter: @yair_omer


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Saturday - 17:00-17:30


Extending Zeek For ICS Defense

Saturday 17:00, Savoy Ballroom, Flamingo (Blue Team Village) (30M)

@v4tl4 currently works as a security engineer. He has spent the last three years developing signatures for detecting threats on the network. Prior to that he was a SOC analyst.

@jamesdickenson has worked as a security engineer for five years focusing on detection engineering, threat intel and network security monitoring.

Industrial Control System(ICS) protocols are often neglected in the realm of network security monitoring. Detecting, parsing, and finding malicious activity can be frustrating and time consuming. In this session we will share our learning experiences building detections and protocol parsers in Zeek. We will discuss how ICS protocols can be parsed by using Zeek network security monitor to hunt for malicious patterns and generate detections for your Security Information and Event Management(SIEM) tools. This talk is for those that have ICS protocols in their environments and want greater insight into ICS network traffic.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 12:00-11:59


Fighting non consensual pornography the BADASS way

No description available


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 11:30-11:55


LIGHTENING TALK

Finding the needle in the twitter haystack.

1130 - 1155


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock IV - Friday - 10:00-13:59


Finding Vulnerabilities at Ecosystem-Scale

Friday, 1000-1400 in Flamingo, Red Rock IV

Isaac Evans Hacker

r2c is writing and helping others write tools to exploit and eradicate entire vulnerability classes at scale. In this workshop, we'll show how to develop program analysis tools that can be depended on in analysis pipelines and quickly run at massive scale. If you've ever wondered "but surely, no programmer would upload something that does that do NPM" this is the place to be! Our command line tool for local analyzer development is freely available and publicly documented—we'll show you how to get started and invite you to collaborate with us on to build pipelines that use pre-computed intermediary representations that we already have. We'll also show how to use our collaborative triage tools with impact prioritization that can quickly allow turning these analysis results into bug-bounty submissions. No program (static/dynamic) analysis background required (though it is helpful!) Motivated developers should be able to make at least one bug bounty submission by the end of the workshop.

Skill Level Intermediate

Prerequisites: Basic programming knowledge (what is a function call?), able to run docker hello-world as user, able to write and run small programs, very comfortable with command line interfaces

Materials: Laptop with network access, OSX or Linux available (Windows ok with WSL installed)

Max students: 80

Registration: https://www.eventbrite.com/e/finding-vulnerabilities-at-ecosystem-scale-red-rock-iv-tickets-63608247982
(Opens 8-Jul-19)

Isaac Evans
Isaac Evans is the leader of a small startup working on giving security tools directly to developers. Previously, he conducted research into binary exploitation bypasses for techniques like control-flow integrity and novel hardware defenses on new architectures like RISC-V as a researcher at the US Defense Department under a SFS program and at MIT Lincoln Laboratory. Isaac received his BS/MS degrees in EECS from MIT. Other interests include next-generation programming languages, secure-by-design frameworks, software-defined radio, and the intersection of cryptography and public policy.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Sunday - 14:00-14:45


Firmware Slap: Automating Discovery of Exploitable Vulnerabilities in Firmware

Sunday at 14:00 in Track 1
45 minutes | Demo, Tool

Christopher Roberts

DARPA’s Grand Cyber Challenge foretold an ominous future stricken with machines exploiting our code and automatically compromising our systems. Today, we have the chance to steel ourselves by creating new hope through stronger tools and techniques to find our bugs before our big-brother nation-states can take advantage. The firmware holding our phones, our routers, and our cars is our weakest link and it demands new methods of finding exploitable vulnerabilities. This talk will present Firmware Slap, the culmination of concolic analysis and semi-supervised firmware function learning. Each binary or library in a given firmware provides slices of information to accelerate and enable fault-resistant concolic analysis. These techniques provide a method of knowing where our vulnerabilities are and how we can trigger them.

Christopher Roberts
Christopher Roberts is a security researcher at REDLattice Inc. He has extensive vulnerability research experience in embedded systems and program analysis frameworks. He competes and speaks in George Mason’s competitive cyber club. He’s known for building several tools which automatically solve and produce flags from pwnable and reversing CTF problems. (Zeratool) (PinCTF)

Github: https://github.com/ChrisTheCoolHut


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 4 - Friday - 12:00 - 13:50


Flatline

Friday from 12:00 – 13:50 in Sunset 4 at Planet Hollywood
Audience: Hardware and OpSec.

East

Flatline is a deterministic hardware credential manager. It can generate passwords, burner accounts, shortlinks, and BIP39 seeds. Based on a single mnemonic seed, with Flatline it is possible to store millions of dollars in cryptocurrency, and shortlinks that map to sensitive or stolen data. Store a criminal empire in your head, maintain a map of leaked documents that are hosted on the internet while storing nothing on your local disk, or maintain access to your assets when your house burns down and you have to flee to eastern Europe.

https://gitlab.com/e4st/flatline

East
East is a professional megalomaniac and dedicated troll. He lives in an underground bunker on an island in the south Pacific, where he spends his days eating Doritos, playing Counter Strike, and plotting world domination. When he is not busy destabilizing foreign governments, his hobbies include trolling phone scammers, hang gliding, and golf.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Apex Suite - Friday - 21:00-25:59


Title:
Florida Man Party

Florida Man Party

Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Friday - 13:30-14:20


Forcing a trustworthy notion of sequential time

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 11:45-12:30


11:45 AM: Forensic Science and Information Security: Lifetime Lovers, Part-time Friends
Speaker: Najla Lindsay

Abstract: Forensic Science and Information Security are very parallel fields. They are both methodical in nature and often one area builds succinctly on top of the other. With the ability to have a specialty in various areas, it is interesting that the two do not often merge together and share policies and procedures. You see Forensic Scientists often are called in at the endpoint. Usually, it is at the scene of a crime, only giving the final product and must work backwards to build a story for what initially happened. In Information Security, with the rapid growth of exposure to data, specifically PHI, it is evident that it would be beneficial for both communities to work together. With my area of extended knowledge and expertise in Forensic and Clinical Toxicology, I am often met with various attempts to social engineer me out of patient results to having sent incorrect reports to clients (not on purpose of course). In a Toxicology lab, whether government (local, state or federal) or private, PHI is the utmost important issue. Scientists adhere to the policies and procedures of the SCIENTIFIC aspect of the organization, but not always to the INFORMATION SECURITY aspect of the organization. Lets chat a little about how to make both industries more aware how they are really Lifetime Lovers and Part-time Friends


Speaker Bio: Najla is a Penn State Grad with a technical background in Forensic Science. She works in the area of Forensic & Clinical Toxicology, more specifically drug testing for various specimen types (urine, blood and oral fluid). She is a criminal show junkie, avid thrill seeker and traveler and wine explorer. She is currently transitioning into the hacking specialty of security and labels herself as Pentester Neophyte. You can follow her journey on twitter using these hashtags: #ToxicologyToOSCP and #ScientistToHacker. Her website/blog, forensicsandinfosec.tech is focused on forensics and information security.
T: @teamvega

Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Santa Monica 4 Room - Thursday - 12:00-12:59


Title:
Friends of Bill W.

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is SANTA MONICA 4 in Planet Hollywood.
Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Santa Monica 4 Room - Thursday - 17:00-17:59


Title:
Friends of Bill W.

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is SANTA MONICA 4 in Planet Hollywood.
Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Santa Monica 4 Room - Friday - 12:00-12:59


Title:
Friends of Bill W.

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is SANTA MONICA 4 in Planet Hollywood.
Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Santa Monica 4 Room - Friday - 17:00-17:59


Title:
Friends of Bill W.

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is SANTA MONICA 4 in Planet Hollywood.
Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Santa Monica 4 Room - Saturday - 12:00-12:59


Title:
Friends of Bill W.

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is SANTA MONICA 4 in Planet Hollywood.
Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Santa Monica 4 Room - Saturday - 17:00-17:59


Title:
Friends of Bill W.

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is SANTA MONICA 4 in Planet Hollywood.
Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Santa Monica 4 Room - Sunday - 12:00-12:59


Title:
Friends of Bill W.

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is SANTA MONICA 4 in Planet Hollywood.
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 11:00-11:45


11:00 AM: From buffer overflowing genomics tools to securing biomedical file formats
Speaker: Corey M. Hudson

Abstract: In this presentation we describe a previously unreported buffer overflow vulnerability in popular genomics alignment software package BWA. We will show how this exploit, combined with well-known attacks allows an attacker to access and modify patient data and manipulate genomic tests. We then show how this class of attacks constitutes a wider threat to global biomedical infrastructure and what a newly-formed team from Sandia National Labs, BioBright (private sector) & DARPA are doing about it.

Speaker Bio: Corey Hudson is a computational biologist at Sandia National Laboratories. Corey leads teams in cybersecurity, machine learning, synthbio and genomics. His main work is modeling and simulating cybersecurity risks in realistic and large-scale genomic systems and highly automated synthbio facilities.

T: @coreymhudson

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock I - Thursday - 10:00-13:59


From EK to DEK: Analyzing Document Exploit Kits

Thursday, 1000-1400 in Flamingo, Red Rock I

Josh Reynolds Senior Security Researcher, Crowdstrike

Exploit Kits haven't disappeared, they've simply moved to Microsoft Office. Traditional Exploit Kits (EKs) have the ability to fingerprint and compromise web browser environments, but with the advent of sandboxing and advanced security measures, there has been a shift toward using the Microsoft Office environment as a primary attack surface. Document Exploit Kits (DEKs) leverage DCOM, ActiveX controls, and logic bugs to compromise machines by packing multiple exploits into a single file.

In this workshop you will learn how to analyze exploits, shellcode, and infection chains produced by modern Document Exploit Kits such as ThreadKit and VenomKit.

This workshop is aimed at security professionals who are interested in gaining experience with reverse engineering, malware analysis and exploit development. Previous experience in any of these areas will assist the attendee in completing the workshop successfully in a timely fashion. The skills learned in this workshop are most applicable to those who work or are interested in blue team areas, such as those in security operations centers (SOCs), incident responders, intel analysts, and reverse engineers. Those who work or are interested in red team areas will find the content applicable for re-implementation for use in offensive exercises.

The following tools will be used in this workshop:

- rtfobj for OLE object extraction
- x64dbg for dynamic analysis of exploits, shellcode, and infection chains
- procmon and procexp for dynamic analysis of infection chains
- IDA Pro for static analysis of vulnerable applications and shellcode
- ffdec for static analysis of Adobe Flash exploits
- FakeNet-NG and Wireshark for network traffic analysis

Skill Level Intermediate

Prerequisites: .- A basic understanding of Microsoft Windows operating system internals
- A basic understanding of exploit development
- A programming background with C/C++ and/or x86 assembly
- Experience with debugging binary applications
- Optional: Experience with reverse engineering and/or malware analysis on Microsoft Windows

Materials: Students will be provided with a virtual machine to use during the workshop. They will need to bring a laptop that meets the following requirements:
- The laptop must have VirtualBox installed and working (VMWare is not supported).
- The laptop must be able to allocate 2GB of RAM to a guest OS, and provide a stable amount of RAM to the host OS.
- The laptop must have at least 60GB of disk space free but 100GB of free space is preferred.
- The laptop must be able to mount USB storage devices (please ensure that you have the appropriate adapter if needed).

Max students: 24

Registration: https://www.eventbrite.com/e/from-ek-to-dek-analyzing-document-exploit-kits-red-rock-i-tickets-63438831252
(Opens 8-Jul-19)

Josh Reynolds
Joshua Reynolds is a Senior Security Researcher with CrowdStrike, where he performs malware reverse engineering and intelligence analysis. Joshua has presented at BSides Calgary, BSides Edmonton and RSAC focusing on Ransomware, malicious document analysis and cryptojacking malware. He is also the co-author of the SAIT Polytechnic Information Systems Security diploma malware analysis course.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 15:50-16:15


LIGHTENING TALK

From email address to phone number

1550 - 1615


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Saturday - 11:10-11:35


FumbleChain: A Purposefully Vulnerable Blockchai

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Valley of Fire II - Saturday - 10:00-13:59


Functional Programming for the Blue Team

Saturday, 1000-1400 in Flamingo, Valley of Fire II

eigentourist Software Engineer, Data Scientist

This is an introduction to functional programming concepts. It's not an intro to a language or a tool, but to a set of ideas. It's a powerful one for any hacker to learn, but especially for blue teamers who find themselves writing or maintaining increasingly complex code. Practicing it can help defenders write safer code that scales well.

Why speak particularly toward blue team?

Defenders are often unsung heros today. Blue teamers, like system admins, may find themselves writing code to glue things together, fill in the gaps between existing tools, or make up for lack of tools altogether. If your codebase evolves into a critical system, the work of managing its rising complexity can become a serious challenge. Defense is hard, and studying the esoterics of software architecture can be a rare luxury (or an exercise in frustration, depending on your situation.) This workshop aims to hand you the distilled, demystified truth, sans the cryptic terminology. We will collectively build some code that illustrates the philosophy of the functional paradigm, and has a good chance of being useful in your work.

Why functional programming?

This is a paradigm from the days of Lisp and the original generation of MIT hackers. After decades of obscurity, it is moving into the mainstream because it answers two serious problems particularly well: rising code complexity, and the need to support parallelism. Any parts of it that you take away from this workshop are likely to improve your quality of life as a software engineer.

For this workshop, we will choose two programming languages to work with: one for comfort, and one for stretching. Python will be the comfort language, because of its widespread use in many fields. Haskell will be the stretch language, and no one is expected to try it if they're not comfortable. What we want is for you to get a sense of how the functional approach looks, not just in a mainstream language like Python, but also in a language built especially with the functional style in mind.

Skill Level Intermediate

Prerequisites: Some CS fundamentals are helpful, but anyone who has written code as part of their job should be able to walk away with something of value. We won't be using the arcane vocabulary associated with this field, except in the tiniest of amounts, until we begin to talk theory at the end. We don't do theory until everyone has had experience of success writing code based on the concepts.

Materials: .- A laptop that can last A good three hours on battery under light/medium workload (or else the good fortune to sit near A power outlet.) - Your operating system of choice with Your preferred text editor ready to go

Max students: 35

Registration: https://www.eventbrite.com/e/functional-programming-for-the-blue-team-valley-of-fire-ii-tickets-63998222406
(Opens 8-Jul-19)

eigentourist
eigentourist is a programmer turned data scientist, with 20 years in application development, and three years in the world of big data and machine learning. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes, it's hard to tell which was which. Today, he works on predictive models and computing clusters in the health care industry.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 16:30-16:59


LIVE TOOL DEMO

Generating Personalized Wordlists by Analyzing Target's Tweets

1630 - 1700


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 15:00-15:30


Generating Personalized Wordlists With NLP by Analyzing Tweets

Utku Sen, R&D Lead at Tear Security

Adversaries need to have a wordlist or combination-generation tool while conducting password guessing attacks. To narrow the combination pool, researchers developed a method named "mask attack" where the attacker needs to assume a password's structure. Even if it narrows the combination pool significantly, it can be still too large to use for online attacks or offline attacks with low hardware resources. Rhodiola tool is developed to narrow the combination pool by creating a personalized wordlist for target people. It finds interest areas of a given user by analyzing his/her tweets, and builds a personalized wordlist.

Utku Sen (Twitter: @utkusen) is a security researcher who is mostly focused on application security, network security and tool development. He presented his different tools and researches in Black Hat USA Arsenal, DEF CON Demo Labs and Packet Hacking Village in recent years. He's also nominated for Pwnie Awards on "Best Backdoor" category in 2016. He is currently working for Tear Security.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Saturday - 15:00-15:45


Get off the Kernel if you can’t Drive

Saturday at 15:00 in Track 1
45 minutes | Demo. Tool, Exploit

Jesse Michael

Mickey Shkatov

For software to communicate with hardware, it needs to talk to a kernel-mode driver that serves as a middle-man between the two, helping to make sure everything operates as it should. In Windows that is done using the Kernel-Mode Driver Framework (KMDF).

These drivers are used to control everything in your computer, from small things like CPU fan speed, color of your motherboard LED lights, up to flashing a new BIOS.

However, as the code in these drivers runs with the same privileges as the rest of the kernel, malicious drivers can be used to compromise the security of the platform. To that end, Microsoft relies on WHQL, code signing, and EV Signing to prevent drivers which have not been approved by Microsoft from being loaded into the kernel.

Unfortunately, security vulnerabilities in signed drivers can be used to as a proxy to read and write hardware resources such as kernel memory, internal CPU configuration registers, PCI devices, and more. These helpful driver capabilities can even be misused to bypass and disable Windows protection mechanisms.

Let us teach you how these drivers work, show you the unbelievable risk they pose, and enjoy our walk of shame as we parade all the silly and irresponsible things we discovered in our research.

Jesse Michael
Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.

Twitter: @JesseMichael

Mickey Shkatov
Mickey Shkatov, a principal researcher at Eclypsium, has been performing security research and product security validation since 2010, He has also presented multiple times at DEF CON, Black Hat, PacSec, CanSecWest, BruCon, Hackito Ergo Sum, and BSides Portland.

Twitter: @HackingThings


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 18:15-18:59


6:15 PM: Getting access to your heart's data
Speaker: Marie Moe

Abstract: Maries pacemaker was hit by cosmic radiation while she was flying, which caused bitflips in the memory of the device. The incident led her to getting hold of an encrypted file with a crash log and a memory dump from her device. In order to get access to her own hearts data she handed this file over to the two master students that she was supervising at the time, and gave them the task of breaking the crypto. They succeeded in finding the hard-coded key, which will be demonstrated in this talk.

Speaker Bio: Dr. Marie Moe has a PhD in information security and works as a Research Manager at SINTEF and an Associate Prof. at NTNU. She is currently doing research on the security of her own implanted pacemaker. Marie loves to break crypto protocols, but gets angry when the broken crypto is in her own body.

T: @MarieGMoe

Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Saturday - 16:30-16:59


Getting Psychic: Cold Reading Techniques for Fortune Tellers and Social Engineers

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Sunday - 12:30-13:15


12:30 PM: Getting Skin in the Game: Biohacking & Business
Speaker: cyberlass
Abstract: Lets talk biohacking, technology and business. We are a community that is innovating and creating mostly in non-commercial and academic spaces. As we have grown so have the opportunities, sometimes in unexpected places. My company, Livestock Labs, is bringing its biometric implant to market in cows first. Started by body augmenters, the company is proving what we all know that when we get funding and dedicated time our projects take off. This session tries to shed some light on learning to business as a biohacker and what other funding models we might explore. I want to encourage other biohackers to take the leap and see what amazing things they can accomplish.

Speaker Bio: Biohacker, IT nerd and COO of Livestock Labs, Amanda Plimpton has lessons learned from biohackers entering commercial spaces. She wants the biohacking community to have more opportunities for its talented, passionate members to contribute in commercial, academic and non-profit sectors.

T: @cyberlass

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 10:00-09:59


Giving Cops the Finger: Compelled Device Decryption and the Fifth Amendment

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Saturday - 16:30-16:50


Go NULL Yourself or: How I Learned to Start Worrying While Getting Fined for Other’s Auto Infractions

Saturday at 16:30 in Track 3
20 minutes

droogie Security Consultant at IOActive

Input sanitization issues will always exist, although it’s surprising at how we’re still seeing amateur mistakes being made on everyday applications and systems used by millions. After making some observations against automatic license plate recognition (ALPR) data requested via the freedom of information act (FOIA) while having reminiscent conversations about old hacker tales, it turned on the evil bit, leading to some interesting ideas. We’ll go over this adventure of poking at systems using totally valid user-controlled data that causes unexpected behavior in the real world. It’s always a strange thing when you can “exploit” unexpected attack surface, due to poor specification, especially in government systems.

droogie
droogie is a security researcher, interested in offensive security and hacking of retro and modern video games alike. He makes a living as a security consultant at IOActive, which helps fund his degenerate passion for hardware hacking on old video game console hardware. He’s spoken at conferences like CCC and Ruxcon and helped bring Metal Gear Online back to life, he enjoys international travel to security conferences to kick it with awesome hackers.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 5 - Saturday - 10:00 - 11:50


Go Reverse Engineering Tool Kit

Saturday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood
Audience: Defense

Joakim Kennedy

The Go Reverse Engineering Tool Kit (go-re.tk) is a new open-source toolset for analyzing Go binaries. The tool is designed to extract as much metadata as possible from stripped binaries to assist in both reverse engineering and malware analysis. For example, GoRE can detect the compiler version used, extract type information, and recover function information, including source code line numbers for functions and source tree structure. The core library is written in Go, but the tool kit includes C-bindings and a library implementation in Python. When using the C-bindings or the Python library, it is possible to write plugins for other analysis tools such as IDA Pro and Ghidra. The toolset also includes “redress”, which is a command line tool to “dress” stripped Go binaries. It can both be used standalone to print out extracted information from the binary or as a radare2 plugin to reconstruct stripped symbols and type information. The tool kit consists of:

* Core library written in Go
* C-bindings
* Python library using the C-bindings
* A command line tool for easy analysis

https://github.com/goretk

Joakim Kennedy
Joakim Kennedy is the Threat Intel Manager for Anomali Research. His job involves playing with malware, tracking threat actors and everything else around threat intelligence.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Club - Saturday - 22:00-25:59


Title:
GothCON party

Back for our second year, and this time powered with the blessings of the Def Con 'call for parties' space - we're hosting an official gothcon party open to all defcon attendees in the gorgeous Gallery Bar in Planet Hollywood on Saturday August 10th.
. . .
Forums post on party
reddit post
Twitter Follow at @dcgothcon
Donate to the fun
Volunteer Here
search Twitter: #gothcon

Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Saturday - 13:00-13:45


GSM: We Can Hear Everyone Now!

Saturday at 13:00 in Track 2
45 minutes | Demo, Exploit

Campbell Murray Global Head Cybersecurity Delivery, BlackBerry

Eoin Buckley Senior Cybersecurity Consultant

James Kulikowski Senior Cybersecurity Consultant

The presentation demonstrates that the security of the A5/1 and A5/3 ciphers used to protect cellular calls are vulnerable to compromise leading to full decryption of GSM communications, using freely available open source solutions along with our tools we developed for this task.

The flaw being exploited lies in the heart of the design of GSM. In all implementations the standard requires GSM messages to first be error control encoded using a convolutional code and then encrypted. In the vast majority of implementations used today, encryption is performed using the A5/1 or A5/3 cipher. The convolutional code adds redundancy to the transmitted message, which can act like a fingerprint to identify the key used to encrypt the GSM message.

To exploit the vulnerability an attacker simply needs to capture a transmission and identify the GSM channel used. The standard defines the convolutional code and therefore how the redundancy may be interpreted to recover the encryption key.

This presentation considers passively capturing GSM traffic using A5/3 encryption and demonstrates a novel solution to cracking the key used without interacting with the mobile or network.

Campbell Murray
Campbell Murray is the global head of BlackBerry Cybersecurity Delivery and joined the organization through the acquisition of Encription Ltd, of which he was a founder and director. He has over 20 years’ cybersecurity experience with an emphasis on offensive security techniques and security engineering in the IoT, industrial and transport arenas. Campbell is a founding director of both the TigerScheme and the CyberScheme.

Twitter: @zyx2k

Eoin Buckley
Michael Eoin Buckley is a senior cybersecurity consultant at BlackBerry with over 20 years’ experience spanning cybersecurity consultancy, product security and both security and physical layer aspects of 3GPP cellular, Zigbee and IETF standards. In his role he leads the cybersecurity engineering effort and specializes in product security assessments of several areas such as automotive, healthcare and aerospace. Eoin holds a Ph.D. from Cornell University with a thesis focus on error control coding.

James Kulikowski
James Kulikowski is a senior cybersecurity consultant at Blackberry and an active member at Unallocated Space in Baltimore Maryland. In his 15 years, James has worked with clients from the DoD and Intel community to companies in finance, healthcare and transportation. James previously specialized in risk management and policy development before transitioning to hardware and software security assessments.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Mezzanine Stage - Saturday - 18:00-18:59


Title:
H@ck3r Runw@y

No description available
Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 5 - Friday - 10:00 - 11:50


Hachi: An Intelligent threat mapper

Friday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood
Audience: Defense, Malware, Threat Intelligence

Parmanand Mishra

ATT&CK framework has become a benchmark in the security domain. ATT&CK provides data about each technique used across different attack stages. Hachi was created to contribute to the ATT&CK community. Hachi is based on the radare2 framework and uses data provided by ATT&CK to map the symptoms of malware on ATT&CK matrix.

Following modules of Hachi make this tool a great addition to an analyst’s or company’s armaments:

• Threat Intel: Hachi provides threat intelligence data like a possible parent campaign or author of a malware file.
• Malware behavior: It uncovers core malware behaviors using automated static analysis coupled with symbolic execution to explore multiple execution paths and maps it on ATT&CK matrix.
• RESTful API: Hachi provides RESTful API which enables this tool to seamlessly integration with malware processing frameworks.
• Visualization: It allows for the creation of detailed visual reports.
• Integration with Threat Intel feeds: It can be integrated with different threat intelligence feeds for enhanced security or expanded insights.

The primary aim of this tool is to act as a force multiplier for the InfoSec community and aid the analysis of malware.

https://github.com/Kart1keya/Hachi

Parmanand Mishra
Parmanand Mishra is a security enthusiast who is currently working as Senior Malware Researcher at Qualys Inc. He works on malware analysis and adversary simulation based on ATT&CK and loves creating tools on the same. He has spoken at security conferences like c0c0n and goes by Kart1keya on GitHub.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 15:40-16:30


COMPREHENSIVE TALK

Hack the Planet! Hackers Influencing Positive Change

1540 - 1630


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Saturday - 12:00-12:30


Hack the World & Galaxy with OSINT

August 10, 2019 12:00 PM

Come of a journey of discovering vulnerable & exploitable IT, IOT/ IIOT and ICS SCADA systems and assets connected to the internet from smart home appliances, databases, burglar alarms, hydroelectric dams, fire alarms, airports & aviation, public transport, maritime, satellites, North American OpenADR electric grid, renewable energy and more. Nothing is safe, not even in space.

Speaker Information

Panelist Information

Chris Kubecka

HypaSec

HypaSec CEO, previously heading Information Protection Group, network/security ops/joint-international intelligence team for Aramco, establishing security teams, security contracts, EU/UK Privacy, USAF Space Command, recovering after cyberwar Shamoon attacks, Hack the World with OSINT author


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Valley of Fire I - Saturday - 14:30-18:30


Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows.

Saturday, 1430-1830 in Flamingo, Valley of Fire I

Dino Covotsos Founder & CEO, Telspace Systems

Want to learn about exploit development but feeling overwhelmed at all the latest technologies and buzzwords?

Hack to basics is a course which will provide you with foundational level exploit development skills with real world exploitation techniques. This will range from "Vanilla" EIP overwrites through to Structured Exception Handler(SEH) exploitation and how egg hunters work with practical examples.

By the end of the course, Students can expect to know the basics of x86 assembly, including some real world examples of exploiting vanilla EIP overwrites, SEH exploitation and using egg hunters. This will provide an entry to the world of exploit development and a strong foundation to work off in order to make it easier to transition to the newer, more advanced technologies which are in place today.

To get the most out of this training, the following should be studied beforehand:

FuzzySecurity:

http://www.fuzzysecurity.com/tutorials/expDev/1.html
http://www.fuzzysecurity.com/tutorials/expDev/2.html
http://www.fuzzysecurity.com/tutorials/expDev/3.html
http://www.fuzzysecurity.com/tutorials/expDev/4.html

Corelan:

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/

We will be using Python to construct our exploits, combined with a debugger such as Immunity or OllyDBG, it it is recommended to be familiar with both.

Skill Level Intermediate/Advanced

Prerequisites: Basic experience in assembly and a debugger, preferably Immunity or Olly.
2-3 years of penetration testing experience would be beneficial.
Experience in Kali linux, as this will be used as the primary operating system.

Materials: Laptops with the following specs or greater:

Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz (or AMD equivalent)
8GB RAM
Kali Linux installed (x86 is fine)
Wireless Network Adapter + Ethernet Adapter
Virtualbox or equivalent installed

Max students: 35

Registration: https://www.eventbrite.com/e/hack-to-basics-x86-windows-based-buffer-overflows-an-introduction-to-buffer-overflows-valley-of-tickets-63998523306
(Opens 8-Jul-19)

Dino Covotsos
Dino Covotsos is the founder and CEO of Telspace Systems. With over 20 years of experience, he leads the research and technical team at Telspace. Covotsos has many years of experience in the information security sector and has been involved in hundreds of information security projects worldwide. He is also a well-known presenter at international conferences, including Hack In the Box, Sector, H2HC, DEF CON and many more. Covotsos is also passionate about the information security community and is involved various community based projects. Covotsos has several industry certifications, such as the OSCE, OSCP, OSWP and CREST CRT.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 10:00-10:50


COMPREHENSIVE TALK

Hack to Basics – Adapting Exploit Frameworks to Evade Microsoft ATP

1000 - 1050

Anthony “C01И” Rose and Jake “Hubble” Krasnov


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - London Club - Saturday - 19:30-25:59


Title:
Hacker Flairgrounds

Flaming badge builder or just badge curious Hacker Flairgrounds is the ultimate gathering of hackers and blinking LEDs in Vegas.

This is the Meetup destination for badge collectors, designers, and prototypers that you have been waiting for! A social environment to show off you custom badges, discuss projects to make you own badges and to talk to collectors who cherish your work. Flashing LEDs, crafting time, trading, and the celebration of badge craft all in one.

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Mezzanine Stage - Friday - 20:00-21:59


Title:
Hacker Jeopardy

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Mezzanine Stage - Saturday - 20:00-21:59


Title:
Hacker Jeopardy

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Concorde C Ballroom - Friday - 19:30-25:59


Title:
Hacker Karaoke

Two great things that go great together! Join the fun as your fellow hackers make their way through songs from every era and style. Everyone has a voice and this is your opportunity to show it off! Quickly becoming a DEF CON tradition and a favorite of people from all skill levels.

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Concorde C Ballroom - Saturday - 19:30-25:59


Title:
Hacker Karaoke

Two great things that go great together! Join the fun as your fellow hackers make their way through songs from every era and style. Everyone has a voice and this is your opportunity to show it off! Quickly becoming a DEF CON tradition and a favorite of people from all skill levels.

Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Paris - Le Bar Du Sport Bar - Friday - 18:30-17:59


Title:
Hackers Against Brexit

Hi everyone.
We will once again be meeting for drinks at DEFCON. Everyone is welcome (yes, even if you voted for Brexit :D ). Details as follows:
Time: 6:30PM Date: Fri. 9th Aug Location: Le Bar Du Sport @ Paris Casino.

Mon Ami Gabi is right next door as well if you fancy grabbing a bite to eat before/after/during the meetup.

Safe travels to everyone joining us.
Oh and p.s. we will have badges this year, they will be going on a first come first served basis at 15/$20 each :-).
Forum

Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 10:00-10:45


Hacking Congress: The Enemy Of My Enemy Is My Friend

Friday at 10:00 in Track 2
45 minutes

Former Rep. Jane Harman President, The Wilson Center, Former Rep. (D-CA), aka Surfer Jane

Rep. James Langevin (D-RI)

Jen Ellis Director of Public Affairs, Rapid 7

Cris Thomas Director, X-Force Red Team, IBM, aka Space Rogue

Rep. Ted Lieu (D-CA)

A SIMULATED crisis is unfolding on a national scale, based loosely on the NotPetya attack of 2017. Triggered by a yet-unknown adversary, what started as a an isolated technical issue has quickly escalated into a society-wide event affecting millions of citizens, several industries, and spanning government jurisdictions. Who is in charge, how do they cooperate with others, and how do they make decisions? The Wilson Center, Hewlett Foundation and I Am The Calvary are teaming up to bring public policymakers together with security researchers and others to discover how our nation might respond to a wide-scale “cyber crisis”. Work in tandem with sitting Members of Congress to understand what levers of power Congress yields and how Members can address policy gaps in the future.

Former Rep. Jane Harman
The Hon. Jane Harman is President of the Wilson Center, a think tank in Washington, DC. She is a former nine-term Member of Congress who served on all the major security committees and represented an aerospace and technology hub in Southern California.

Twitter: @thewilsoncenter
Website: https://www.wilsoncenter.org/person/jane-harman

Rep. James Langevin
The Hon. Jim Langevin represents Rhode Island’s 2nd Congressional district. He is Ranking Member of the Emerging Threats and Capabilities Subcommittee and a senior member of the Cybersecurity and Infrastructure Protection Subcommittee. Rep. Langevin is a member of the House Minority Whip Steny Hoyer’s Senior Whip Team, and is responsible for educating other Democratic Members on key issues.

Twitter: @jimlangevin
Website: https://langevin.house.gov/about-me/full-biography

Jen Ellis
Jen Ellis is the Vice Preident of Community and Public Affairs at Rapid7. She works directly with security researchers, technology providers and operators, and government entities to help them understand and address cybersecurity challenges together.

Twitter: @infosecjen
Website: https://blog.rapid7.com/author/jen-ellis/

Cris Thomas
Cris Thomas works for IBM X-Force Red, and before that worked at Guardent, Trustwave, Tenable and others. Cris created the first security research think tank L0pht Heavy Industries and the video news show The Hacker News Network.

Twitter: @spacerog
Website: https://securityintelligence.com/author/cris-thomas/


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 10:00-10:59


Hacking Corporate Org Socialization: One Day You Are Out and the Next Day You Pwn the Org!

D9, Independent Researcher

There is growing community of hackers who refer to themselves as "Chameleon Hackers" and practice an organizational socialization technique they call "code switching." Code switching is a "tradecraft" practice used by chameleon hackers to consciously change their mannerisms, outward appearance, dress, thinking, physical characteristics, and their language in order to achieve socialization in either a virtual or live setting. The briefer will draw on his December 2018 doctoral dissertation to describe a framework for how these chameleons hackers go about their code switching tradecraft and then discuss examples of how they "hacked" the hacker community and the Corporate C-suite

D9 (Twitter: @D9_Pilot) is a member of the Senior Executive Service and currently serving as the Deputy Director for Expeditionary Warfare for the U.S. Navy. Twenty-six years as an U.S. Air Force officer serving as a B-52H navigator and then F-15A and A-37B pilot. Held Command, Director, and staff positions across the Air Force in training operations, policy, and advanced training technologies. Three operational deployments with the last in Pakistan in support of Operation Enduring Freedom (Afghanistan). Served in the Office of the Secretary of Defense for eleven years as the DoD Senior Executive responsible for the programming and execution of the nearly $900M/year the Department of Defense invests in worldwide joint training and training technologies. Cyber experience includes: Co-Lead with the DoD CIO to develop the strategy and implement the Secretary of Defense's DoD Cyber Strategy to "Build and Maintain Ready Forces to Conduct Cyberspace Operations." Built from scratch a six-month Cyber Operations training course that yielded a 78% cohort pass rate (average is 16%) on the Offensive Security Certified Professional certification. Worked with DEF CON officials to repurpose DEF CON's CTF and CTP technical architecture to support DoD's cyber operations training. 2018 Doctorates in Education from The University of Pennsylvania's Graduate School of Education. Dissertation advanced organizational socialization theory by improving our understanding of the plasticity of human socialization. Study population consisted of "chameleon" hackers who practiced a socialization tradecraft technique they called "Code Switching."


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Friday - 12:00-12:25


Hacking Cryptocurrencies

No description available


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Thursday - 18:50-19:20


Thursday August 08 2019 1920 30 mins

Hacking Hollywood
The Sony hack proved that content producers are unprepared for attacks and unaware of the damage that can be caused to their IPs. Hacking Hollywood is a glimpse into the filmmaking process from a security minded and social engineering perspective. Learn the details that go into making a film and how the (dis)structure of the industry leaves them vulnerable to attack and what they can do about it.

Andrew Nicholson: @Awkwardai
As a film location scout, Andrew has made a living out of getting into peoples homes and places of business to take pictures. He has worked on Hollywood film and television productions for over 6 years. His most recent credits include the Black Lightning Pilot and the 2018 Dynasty Reboot.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock V - Friday - 10:00-13:59


Hacking ICS: From Open Source Tools to Custom Scripts

Friday, 1000-1400 in Flamingo, Red Rock V

Valerie Thomas Technical Lead, Securicon

Harry Regan Technical Lead, Securicon

Harry Thomas Technical Lead, Securicon

Recently, Industrial Control System (ICS) attacks have gained popularity in the media. However there are many misconceptions on what exactly ICS systems are and how they function. Although there are similarities to IT systems, there are a multitude of differences that an attacker needs to understand in order to properly assess this type of equipment. In this course, students will be introduced to what ICS is and isn't in terms of technology and functionality. Protocols such as Ethernet/IP, Modbus, and DNP3 will be discussed and illustrated in order for students to have a foundation to build their arsenal. Students will then explore openly available open source tools and examine the functionality of the protocols. After dissection of protocol commands and activities, the students will be led to create their own custom scripts that interact with ICS devices in the classroom.

Skill Level Beginner

Prerequisites: An understanding of basic networking concepts.

Materials: For those who want to participate in the hands-on portion of the workshop, a laptop with Kali Linux installed on the host or as a virtual machine.

Max students: 50

Registration: https://www.eventbrite.com/e/hacking-ics-from-open-source-tools-to-custom-scripts-red-rock-v-tickets-63608296126
(Opens 8-Jul-19)

Valerie Thomas
Valerie Thomas is the Technical Director and utilizes her Electrical Engineering education and security consulting background to incorporate a variety of evaluation techniques specific to ICS.

Harry Regan
Harry Regan serves as the Vice President of Consulting Services and has over 40 years of experience in IT and ICS security environments.

Harry Thomas
Harry Thomas is the Lead ICS Security Consultant and performs risk, vulnerability, and penetration tests and assessments for a multitude of ICS organizations. He's developed countless IT and ICS indicators of compromise to help protect the ICS industries against threats. He utilized both offensive and defensive skills to create, design, and implement safe ICS security practices.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 12:15-12:59


Speaker: Rotem Bar

Twitter: @rotembar

Abstract: In this talk I will share my experience about how I hacked different automotive clouds, techniques I used and goals I pursue after connecting.

In this talk I will give real life examples of:

  • From zero to hero – Full backend control with examples
  • Common fails which allow me to jump between networks
  • Dangers of connected cars - Taking over a car from the cloud
  • How to break a production line
  • Cloud credentials leakage

I will talk about the main connectivity areas I look for, supplier integrations and differences between normal clouds and automotive clouds. Once I got a good foothold, Possible targets and places which can harm the most. Where can I jump next inside and how deep the rabbit hole goes.

This will be a technical talk going into places I've experienced personally in the last few years and will try to give a glimpse of the fun life of hacking into the vehicle ecosystem

About Rotem: I work in the automotive field for about 4 years now, Started my way with red-teaming production plants and different cloud providers with the goal of getting as deep as possible and showing full impact.I love breaking stuff, especially when its in mass scale. taking control over entire systems and seeing my clients in awe and shock as I give them live annotations of what I'm doing to them.


Return to Index    -    Add to    -    ics Calendar file

 

PHVW - Bally's - Indigo Tower - 26th Floor - Friday - 14:30-16:30


Hacking Kubernetes - Choose Your Own Adventure Style

Jay Beale, CTO of InGuardians

Kubernetes continues to gain steam, as developers build microservice-based applications and everyone moves to the software-defined data center. A small minority of our Infosec industry has experience attacking container orchestration systems like Kubernetes.  We aim to address that shortage, culminating in an audience-directed Choose Your Own Adventure, "Hackers" movie-themed demo. In this demo-heavy talk, we will show you how to attack Kubernetes clusters and discuss what hardening techniques and freely available tools can break those attacks.  We'll review the components of a Kubernetes cluster, then show how a threat actor can chain configuration vulnerabilities to pivot and escalate privilege, pilfer data and take over clusters and the cloud environments on which they run. To be clear, you'll see multiple attacks against real clusters from start to finish.  You will also gain exposure to a new open source tool attack tool for Kubernetes called Peirates, available on Github. You will leave this talk with exposure to attacks against clusters that organizations have built themselves, as well as clusters provided by the major cloud providers, like AWS, Azure and GCP. You will be able to repeat specific attacks and know what defenses can break those attacks.

Jay Beale (Twitter: @jaybeale) works on Kubernetes and cloud native security, as a professional threat actor, a Kubernetes Contributor and as a member of the Kubernetes Security Audit working group. He's the architect and a developer on the Peirates attack tool for Kubernetes. In the past, Jay created two tools used by hundreds of thousands of individuals, companies and governments, Bastille Linux and the Center for Internet Security's first Linux/UNIX scoring tool. He has led training classes on Linux security and Kuberntes at the Black Hat, CanSecWest, RSA, and IDG conferences, as well as in private corporate training, since 2000. As an author, series editor and speaker, Jay has contributed to nine books and two columns and given over one hundred public talks. He is CTO of the information security consulting company InGuardians.


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 11:00-11:59


Hacking Kubernetes: Choose Your Own Adventure Style

Jay Beale, CTO of InGuardians

Many companies have deployed Kubernetes, but few infosec folks have experience attacking it. We aim to address that shortage, culminating in an audience-directed Choose Your Own Adventure, movie-themed demo against an intentionally-vulnerable cluster named Bust-a-Kube. You'll see how to attack Kubernetes clusters and learn what hardening techniques and freely available tools can break those attacks. We'll review the components of a Kubernetes cluster, then show how a threat actor can chain configuration vulnerabilities to pivot and escalate privilege, pilfer data and take over clusters. You will also gain exposure to a new open source Kubernetes attack tool called Peirates.

Jay Beale (Twitter: @jaybeale) works on Kubernetes and cloud native security, as a professional threat actor, a Kubernetes Contributor and as a member of the Kubernetes Security Audit working group. He's the architect and a developer on the Peirates attack tool for Kubernetes. In the past, Jay created two tools used by hundreds of thousands of individuals, companies and governments, Bastille Linux and the Center for Internet Security's first Linux/UNIX scoring tool. He has led training classes on Linux security and Kuberntes at the Black Hat, CanSecWest, RSA, and IDG conferences, as well as in private corporate training, since 2000. As an author, series editor and speaker, Jay has contributed to nine books and two columns and given over one hundred public talks. He is CTO of the information security consulting company InGuardians.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock II - Thursday - 10:00-13:59


Hacking Medical Devices

Thursday, 1000-1400 in Flamingo, Red Rock II

Jay Radcliffe Hacker

Fotios Chantzis Principal Information Security Engineer, Mayo Clinic

In the world of connected devices some are more dangerous than others. Devices that connect our bodies to a network are especially intriguing. These devices are often fraught with vulnerabilities and security concerns. In this workshop participants will have an opportunity to learn about different medical devices and explore their attack surfaces. There will be a collection of connected medical devices on-premise that we will scan, take-apart, and explore. Some of the topics in the course will include: network scanning for medical devices, firmware analysis, vulnerability hunting, Wireless/RF analysis, and hardware analysis and assessment.

We will cover vulnerabilities on the insecure DICOM protocol. We are going to showcase how to leverage pynetdicom to write python scripts for attacking DICOM and exploit insecurely configured PACS servers leading to the extraction of sensitive PHI (Protected Health Information). DICOM, being a highly complex protocol, can also allow for other attack vectors such as embedding PE malware. Another aspect of the training will cover vulnerabilities found in IoT infrastructure with a focus on IP cameras and video management servers. These often run insecure protocols like zeroconf and have web portals that are easily authentication brute-forceable and poorly configured. We are specifically going to examine the WS-Discovery protocol which provides some interesting attack vectors by putting too much trust on the local network.

Hands-on exercises will be conducted by the students throughout the training for each section under the guidance of the instructors.

Skill Level Intermediate

Prerequisites: None

Materials: Laptop with Wired Ethernet connection (NOT Wireless)

Max students: 40

Registration: https://www.eventbrite.com/e/hacking-medical-devices-red-rock-ii-tickets-63605552921
(Opens 8-Jul-19)

Jay Radcliffe
Jay Radcliffe (CISSP) has been working in the computer security field for over 20 years. Coming from the managed security services industry as well as the security consultation field, Jay has helped organizations of every size and vertical secure their networks and data. Jay presented ground-breaking research on security vulnerabilities in multiple medical devices and was featured on national television as an expert on medical device cyber-security. As a Type I diabetic, Jay brings a lifetime of being a patient to helping medical facilities secure their critical data without compromising patient care. Not only is Jay a prolific public speaker, but also works with legal firms on expert witness consultation related to IoT and cyber security issues. Jay holds a Master's degree in Information Security Engineering from SANS Technology Institute, as well as a Bachelor's degree in Criminal Justice/Pre-Law from Wayne State University. SC Magazine named him one of the Top Influential IT Security Thinkers in 2013.

Fotios Chantzis
Fotios (Fotis) Chantzis is a principal information security engineer at Mayo Clinic, where he manages and conducts technical security assessments on medical devices and clinical support systems as well as engaging in penetration tests and red team exercises. Fotis has over 10 years of experience in the information security industry, which includes time spent researching network protocol vulnerabilities and developing security tools. He has been a contributor to the Nmap project since 2009, when he wrote the Ncrack network authentication cracking tool and has published a video course on "Mastering Nmap". His research on network security includes exploiting the TCP Persist Timer (Phrack #66) and inventing a stealthy port scanning technique by abusing XMPP. He is a regular speaker in conferences of the information security industry and has been lately leading the technical segment of the Defcon Biohacking Village. His most recent research focus has been on medical device & IoT security.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Friday - 14:00-14:30


Hacking the Air Force and Beyond: Engaging Hackers to Secure the U.S Department of Defense

Speaker – Jack

Synopsis

Two years ago, the U.S Air Force opened its doors to hackers with the launch of the Hack the Air Force challenge. Since then, the Air Force has run numerous other bug bounty challenges, ranging from logistics sites to custom hardware and engaging thousands of hackers along the way. Clearly, organizations have much to gain from working with hackers. In this talk, I will share my experiences both helping secure some of the world’s largest organizations as a hacker, and expanding vulnerability disclosure policies at diverse organizations including DoD and Stanford. Learn industry standards for structuring these policies to minimize risk to the organization while protecting hackers by providing a safe avenue to report vulnerabilities.

About the Speaker

Jack Cable is a coder turned white hat hacker and a rising sophomore at Stanford University. Jack is a top ranked hacker on the HackerOne bug bounty platform, having identified over 350 vulnerabilities in companies including Google, Facebook, Uber, Yahoo, and the U.S. Department of Defense. After placing first in the Hack the Air Force challenge, Jack began working this past summer at the Pentagon’s Defense Digital Service. There, Jack helped organize the Hack the Marine Corps competition held live in Las Vegas and advises policymakers on vulnerability disclosure. Jack was named one of Time Magazine’s 25 most influential teens for 2018. At Stanford, Jack studies computer science and launched Stanford’s bug bounty program, one of the first in higher education.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock V - Thursday - 14:30-18:30


Hacking the Android APK

Thursday, 1430-1830 in Flamingo, Red Rock V

Ben Hughes Hacker

Liana Parakesyan Hacker

Mattia Campagnano Hacker

This cross-discipline, hands-on training will walk participants through Android application testing and APK reversing basics. The tools and techniques imparted in this training will help guide APK analysis, mobile threat research, and mobile application penetration testing. Free and open source tools will be emphasized, while recognizing the potential role of commercial tools in static and dynamic analysis of APKs. The training will conclude with a CTF-style competition requiring participants to use their new skills to dissect actual Android applications including malicious APKs, vulnerable APKs, and custom APKs. A VM with the necessary tools and APKs will be provided.

Skill Level Beginner/Intermediate

Prerequisites: Previous mobile development or general pen testing experience is helpful, but not required.

Materials: Students will need to bring to participate: Students will need to bring their own Windows/Linux/macOS laptop with 8+ GB RAM, WiFi, USB, and VirtualBox or VMware installed. A VM will be made available to students for download beforehand, as well as available on USB flash drives at the start of the workshop. A LIMITED number of physical, rooted Android devices will be available for students to share during the workshop; students are also welcome to bring their own physical, rooted Android devices for use during the workshop.

Max students: 40

Registration: https://www.eventbrite.com/e/hacking-the-android-apk-red-rock-v-tickets-63607020310
(Opens 8-Jul-19)

Ben Hughes
Ben (@CyberPraesidium) brings over 12 years of diverse experience in cyber security, IT, and law. He leads Polito's commercial services including vulnerability assessments, penetration testing, incident response, forensics, and threat hunting. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients. He holds CISSP, GCFA, GWAPT, and Splunk Power User certifications.

Liana Parakesyan
Liana has a wide range of experience in cybersecurity. She has created tailored cybersecurity frameworks for companies and federal agencies. She has a background in building cybersecurity labs for clients, consulting on Defense-in-Depth strategies based on threat modeling, and performing penetration testing. She holds a Master's degree in Cybersecurity and has earned the Security+, CEH, and CISSP certifications.

Mattia Campagnano
Mattia brings a wide range of experience in IT and cybersecurity, including as Desktop Support with the Italian agency for foreign trade and as a SOC analyst with a major US cybersecurity company. He has worked with SIEMs and conducted penetration testing. He has two Associate's of Applied Science degrees from Stark State College (Cyber Security & Forensics and Network Security, Linux Database Admin). He also has an MBA from Università di Napoli Federico II (Italy) and Security+ certification.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Sunday - 10:00-10:45


Hacking WebAssembly Games with Binary Instrumentation

Sunday at 10:00 in Track 3
45 minutes | Demo, Tool

Jack Baker

WebAssembly is the newest way to play video games in your web browser. Both Unity3d and Unreal Engine now support WebAssembly, meaning the amount of WebAssembly games available is growing rapidly. Unfortunately the WebAssembly specification is missing some features game hackers might otherwise rely on. In this talk I will demonstrate adapting a number of game hacking techniques to WebAssembly while dealing with the limitations of the specification.

For reverse engineers, I will show how to build and inject your own "watchpoints" for debugging WebAssembly binaries and how to insert symbols into a stripped binary.

For game hackers, I will show how to use binary instrumentation to implement some old-school game hacking tricks and show off some new ones.

I will be releasing two tools: a binary instrumentation library built for modifying WebAssembly binaries in the browser, and a browser extension that implements common game hacking methods a la Cheat Engine.

Jack Baker
Jack Baker is a professional vulnerability researcher and amateur video game hacker. His primary areas of expertise include web application security, embedded reverse engineering, and Tony Hawk's Pro Skater 3.

Github: https://github.com/Qwokka


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 16:15-16:59


4:15 PM: Hacking Wetware with Open Source Software and Hardware: The DIY Artificial Pancreas
Speaker: Jay Lagorio

Abstract: Managing diabetes revolves around stagnated tech from the 80s and 90s. Hackers took their lives into their hands by augmenting inadequate products after market. Building iterations of a DIY artificial pancreas and real-life examples of will be discussed and at least one will be working on the presenter. Replacing human intervention with technology betters quality of life. See what happens when hackers decide theyre not waiting around for government and the MedTech industry to do better.

Speaker Bio: Jay Lagorio, a software engineer and independent security researcher, has been building computers and networks and writing code nearly his entire life. He received a B.S. in Computer Science from UMBC in 2008 and an M. Eng. from the Naval Postgraduate School in 2015.

T: @jaylagorio

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock III - Thursday - 10:00-13:59


Hacking Wi-Fi for Beginners

Thursday, 1000-1400 in Flamingo, Red Rock III

Alex Hammer Hacker

Penelope 'Pip' Pinkerton

Wi-Fi attack capability is an important part of any hacker's toolbox. Wi-Fi extends the perimeter of a supposedly-secure network to sidewalks, parking lots, and trendy coffee shops. But many hackers don't know how Wi-Fi is simultaneously both easy and difficult to attack. To understand this duality, hackers must get hands-on time attacking all kinds of networks. You really need to see both success and failure, both self-inflicted and environmental, to fully understand how to compromise Wi-Fi networks.

This workshop isn't targeted at Faraday-level attendees. We assume that you know what a laptop and Wi-Fi is and continue from there. What you'll be doing in this workshop is:

0. Determining your desired result of the attack
1. Reconnoitering Wi-Fi networks and RF spectrum
2. Identifying and prioritizing network and station targets
3. Determining the best attack type for identified targets
4. Hacking the bejeezus out of the target while avoiding detection
You'll do all of these amazing things with your laptop and Kali Linux. Kali has an exceptional set of Wi-Fi hacking tools built right in that you'll become much more familiar with during this session. You'll use a variety of tools to identify networks and connected stations, conduct broadcast denial of service attacks, capture authentication handshakes, and crack session keys.

Pip and Alex will demonstrate some techniques using different hardware like spectrum analyzers and noise generators so you can decide whether those are tools you want to add to your toolbox as well. However, none of those tools are necessary for the workshop, and many hackers never need anything beyond a laptop, Kali, a good wordlist, and practice.

We'll tweet any last minute workshop updates or preparation steps from @alexhammeratt.

Skill Level Beginner

Prerequisites: Basic familiarity with Kali Linux and a basic understanding of Wi-Fi

Materials: A laptop running Kali Linux (NO virtual machines) and a Wi-Fi adapter that supports monitor mode (either a built-in or external USB WNIC is fine). Attendees should arrive with their laptop fully charged and their Kali fully updated.

Max students: 90

Registration: https://www.eventbrite.com/e/hacking-wi-fi-for-beginners-red-rock-iii-tickets-63605681305
(Opens 8-Jul-19)

Alex Hammer
Alex Hammer started hacking as a phreak using a Blue Box and running his own BBS. He's been hacking networks and computers for his entire career. Alex has worked as a computer forensic investigator, a penetration tester, and a security software architect. He has also written books and taught numerous classes on penetration testing, ethical hacking, and network defense. His specialties are PKI, Wi-Fi cracking, and teasing Pip when an 802.11 standard totally ignores standard security practices.

Penelope 'Pip' Pinkerton is a veritable Goddess of Wi-Fi and all things RF. She is an expert in radio design, RF behavior, and IEEE standards, and holds an Extra level ham radio license. Pip has taught countless corporate IT staff Wi-Fi topics including security, site survey, RF coverage, and Wi-Fi configuration and management. She has worked at or with many of the large Wi-Fi chipset and device manufacturers and has provided input on standards. Her specialties are knowing pretty much every field defined in every 802.11 standard and making fun of Alex when he doesn't know one.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock VIII - Thursday - 14:30-18:30


Hacking Wifi

Thursday, 1430-1830 in Flamingo, Red Rock VIII

Philippe Delteil Computer Science Engineer

Victor Faraggi Student, University of Chile

Ilana Mergudich Thal Student, University of Chile

Wireless Networks (Wifi) are the most used type of network nowadays and most people don't know really how vulnerable they are, even WPA/WPA2 Enterprise.

In this workshop we will cover most wifi encryptions being used today, how they work behind the scenes and the theory of the cracking process. Also, you will be able to apply this knowledge on the spot with some real-life-scenario wifi networks.

Some encryptions are mathematically difficult to crack, where the cracking process could take lifetimes. But not to worry, there still are ways to get around this with an attack called Man-in-the-middle (MITM). Be wary! You never know to whom's Internet Access Point you're connecting and who's eavesdropping on you.

Ever wondered how to get somebody's passwords of a website? After this workshop you will be able to supplant a website without the victim ever knowing it with Wifiphishing or DNS Spoofing the client's router.

What to know before
Linux commands (sed, awk, grep and the basic ones)
Basic shell scripting
Basic knowledge about WEP/WPA/WPA2/WPS

What you will learn
How wifi security works
How to audit a wireless network
How to perform and automate Wifi attacks (WEP/WPA/WPA2 (personal & enterprise)/WPS)
How to use the cloud to crack passwords (GpuHash.me, AWS EC2)
How to use your own GPU to crack passwords. (in case you have one)

How technical is the class
40% theory and concepts
60% writing and testing commands/scripts and attacking wifis.

What tools are we going to use
aircrack-ng (ifconfig, iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng, airbase-ng, airdecap-ng)
Reaver (reaver, wash)
Radius Servers (radiusd)
Pyrit
tshark/Wireshark/tcpdump
Ettercap

What to read in advance Vivek Ramachandran & Cameron Buchanan, 2015, Kali Linux Wireless Penetration Testing Beginner's Guide, Birmingham B3 2PB, United Kingdom.

Skill Level Beginner

Prerequisites: Shell scripting basic skills Basic Linux Commands Basic networks knowledge

Materials: Laptop with Kali Linux (native or virtual machine). Wireless network card adapter (ALFA models, AWUS036NHA or similar) that allows packet injection. (NOTE: STUDENTS WILL NEED TO BRING THEIR OWN ADAPTER)

Max students: 60

Registration: https://www.eventbrite.com/e/hacking-wifi-red-rock-viii-tickets-63607346285
(Opens 8-Jul-19)

Philippe Delteil
Philippe Delteil is Computer Science Engineer from the University of Chile, he gave his first talk at Defcon 26 Skytalks, called "Macabre stories of a hacker in the public health sector", his country's government sent 3 officials to record the talk, over 3 Ministries shut down all their information systems afraid that Philippe would reveal some serious bugs and that Defcon attendees would hack the government, but the systems only were down from friday to monday, the only days hackers work. While living in Brazil he hacked over 3,000 wifi routers of the biggest ISP. Most of the time, he gives classes for free in various topics: CTF, pentesting, programming, Basic computer knowledge. He's been working with Wifi hacking during the last 3 months. He has a company with a very clever name: Info-sec.

Victor Faraggi
Victor Faraggi is a student of Computer Science Engineering at the University of Chile. He has developed an interest for Mobile Development, Privacy and, of course, Computer Security. This year, he has been working as a mobile developer in his University Campus. His free time is spent between analog photography, family, friends and HTB. He's also a former student of Philippe's workshop 'Introduction to Pentesting and CTF's'. That's how they met. Now, together with Ilana Mergudich, they bring Wifi Hacking workshop that has already been done in this year's first Defcon China. He remembers dearly the little boy of 15 years old that played OverTheWire wargame's, coming to Defcon 27 is another step in his life.

Ilana Mergudich Thal
Ilana Mergudich Thal is a Computer Science student at Universidad de Chile. She spent a semester in Sweden studying computer security and is currently specializing in cryptography. Trainee at Info-Sec doing Wifi hacking research. Works as a teaching assistant for mathematical and theoretical computer science courses and teaches computational thinking/programming to young children in schools. She became the first woman to represent her university internationally in competitive programming.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Saturday - 17:05-17:35


Saturday August 10 2019 1705 30 mins
Hacking Your Career Through Social Engineering
Social engineering is a special form of hacking that bridges our technical skills with a deep understanding of human behavior. Many of us use this special blend of techniques to assist in our various colors of hacking but even those of us not in a professional social engineering, hacking, or penetration testing role can use these skills to aid in our career success. Social engineering has a wonderful set of techniques that can be used to help you enter into a new job, a new career, get a promotion, self promote, overcome imposter syndrome, plus many other situations. This talk will walk through the ways we can apply our knowledge of social engineering to any job and any career to help us be successful.

Rebecca Long: @amaya30
Rebecca Long is a software engineer with 15 years experience focusing on quality assurance and DevOps. She is currently working at RiskLens, a cyber-risk quantification software company in Spokane as their Lead DevOps Engineer, Washington. She holds undergraduate and master’s degrees in computer science with her thesis on social engineering and phishing within a financial institution. As a leader in the Spokane tech community for most of the last decade, in 2018 she finally launched her dream of a non-profit called Future Ada which supports and advocates for women and non-binaries in STEAM (science, technology, engineering, art, and mathematics).


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Saturday - 11:00-11:45


Hacking Your Thoughts - Batman Forever meets Black Mirror

Saturday at 11:00 in Track 3
45 minutes

Katherine Pratt/GattaKat NSF Graduate Research Fellow, University of Washington - Seattle

Companies are coming for your brains. The electricity in your brains, to be more precise. Valve, Facebook, Elon Musk and more are funding research into technologies that will translate neural signals into controls for devices like computers, smartphones, and VR/AR environments. While this would be super exciting, it represents some serious data privacy issues. First: what kind of private information can be elicited from your neural signals? It’s possible to use a specific kind of neural response to visual and audio stimuli to deduce information about the user… like where you bank, who you know, your real identity, etc (Edward Nygma in Batman Forever, anyone?)

More broadly, there is also the issue of what happens when you provide your neural signals to a company. If you’re worried about what Facebook is doing with your information now, imagine what they can do when they have hours of information straight from your brain. If neural data is treated the same as your DNA, commercial companies become the owners of your thoughts (as electrical signals). Will they readily share it with the FBI without probable cause? These kinds of questions, and many more, are starting to surface with neurally-controlled devices and other emerging technologies. This talk will cover all of this and more.

Katherine Pratt/GattaKat
Dr Katherine Pratt received her B.S. in aerospace engineering from MIT in 2008, and her PhD in Electrical and Computer Engineering (ECE) from the University of Washington (UW) in 2019. During undergrad she completed several internships with the private space venture Blue Origin, working in systems and propulsion engineering. She has served four years in the United States Air Force, working primarily as an operational flight test engineer on the F-35 Joint Strike Fighter. Her doctoral dissertation focused on the privacy, ethics, and policy of information derived from elicited neural signals. She was the recipient of a National Science Foundation Graduate Research Fellowship and the 2018-19 UW ECE Irene Peden Endowed Fellowship. During graduate school she interned with the ACLU of Washington through the Speech, Privacy, and Technology Project. She also completed a six month fellowship as the first Congressional Innovation Scholar through Tech Congress where she crafted technology policy and legislation in the office of a member of the House of Representatives.

Twitter: @GattaKat
Website: https://kaipratt.site/web


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 13:00-13:45


HackPac: Hacking Pointer Authentication in iOS User Space

Friday at 13:00 in Track 1
45 minutes | Demo, Tool, Exploit

Xiaolong Bai

Min (Spark) Zheng

Pointer Authentication (in short, PAuth) is the latest security mechanism in iOS. It is proposed to protect the integrity of pointers with hardware-assisted encryption, thus eliminating the threats of code-reuse attacks. In PAuth, a cryptographic signature called PAC is calculated from a pointer value and inserted into the pointer. When the pointer is about to be used, the PAC is extracted and verified whether it is consistent with the original pointer value. In this way, PAuth is able to ensure that the pointers are not tampered. iOS deployed PAuth in user-space system services, protecting pointers that may affect the control flow and preventing code-reuse attacks like ROP and JOP.

However, in our study, we found that a fatal flaw in the implementation of iOS PAuth makes user-space system services till vulnerable to code-reuse attacks. The flaw is: iOS uses the same signing key in different user-space processes. This flaw allows a signed pointer from a malicious process can be correctly verified in a system service, thus making it possible to launch JOP. In this talk, we will explain how we found the flaw and why it is inevitable. In advance, we will demonstrate how to leverage this flaw and launch JOP attacks in a PAuth-protected system service. Also, we will propose a new tool, PAC-gadget, to automatically find JOP gadgets in PAuth-protected binaries.

Xiaolong Bai
Xiaolong Bai (twitter@bxl1989, github@bxl1989) is a security engineer in Alibaba Orion Security Lab. Before joining Alibaba, he received his Ph.D. degree in Tsinghua University. He has published several research papers on top conferences including IEEE S&P, Usenix Security, CCS, NDSS, and presented his research in Black Hat, DEF CON, HITB, CanSecWest, etc. He has been acknowledged by famous vendors, including Apple, Google, Facebook, Evernote, and Tencent for his contribution in discovering the vulnerabilities in their systems and improving the security of their products. He is a member of the OverSky team for private jailbreaking development.

Twitter: @bxl1989
Website: https://xiaolongbai.weebly.com/
Github: https://github.com/bxl1989/

Min (Spark) Zheng
Min (Spark) Zheng (twitter@SparkZheng, github@zhengmin1989) is a security expert in Alibaba Orion Security Lab. He received his Ph.D. degree in the CSE department of the CUHK. His research focuses on malware analysis, smartphone (Android & iOS) security, system design and implementation. Before receiving Alibaba A-Star offer award in 2015, he worked in FireEye, Baidu and Tencent. He was the champion of GeekPwn 2014 and AliCTF 2015. He won the “best security researcher” award in FIT 2016 for detecting the iOS/macOS vulnerabilities, XcodeGhost virus and WormHole RCE vulnerability. He is a member of the OverSky team for private jailbreaking development. He presented his research in DEF CON, HITB, BlackHat, RUXCON, etc.

Twitter: @SparkZheng


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Saturday - 11:00-11:45


HAKC THE POLICE

Saturday at 11:00 in Track 2
45 minutes | Demo, Tool

Bill Swearingen World’s #23 Best Hacker

PULL OVER!
No, it is a cardigan, but thanks for noticing! After getting a nasty speeding ticket, OG SecKC HA/KC/ER hevnsnt decided enough was enough, and set out to fully understand police speed measurement devices, and develop homebrew countermeasures that are legal in some states (and some that are not). Come learn how police RF (X, K, KA) and Laser speed detection systems work and how to implement your own homebrew jamming countermeasures on the cheap, essentially making your vehicle invisible to law enforcement. HOP IN and BUCKLE UP, this talk is going to FUEL your hardware hacking desires! You better be able to think fast to keep up with this talk and prepare to get home in record time.

Bill Swearingen
Bill Swearingen (hevnsnt) has been in the hacking scene for decades, which is odd because his twitter profile says he is only 23 years old. Having spent his life dedicated to understanding how how things work, he is has focused this curiosity and knowledge to take advantage of our world in any way possible. His interests have always been focused on hardware hacking and loves releasing easy to replicate projects using cheap computing platforms such as Arduino and RaspberryPi.

Twitter: @hevnsnt


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock VI - Friday - 10:00-13:59


Hands on Adversarial Machine Learning

Friday, 1000-1400 in Flamingo, Red Rock VI

Yacin Nadji Engineer, Security Scorecard

Machine learning has become commonplace in software engineering and will continue to grow in importance. Currently, most work focuses on improving classifier accuracy. However, as more and more models interact with the real world, practitioners must consider how resilient their models are against adversarial manipulation. Successful attacks can have serious implications, like crashing a car, misclassifying malicious code, or enabling fraud.

In this workshop, you will learn how to think like an adversary so that you can build more resilient machine learning systems. You'll discover how to use free and open source tools to construct attacks against and defenses for machine learning models, as well as how to holistically identify potential points of attack an adversary could exploit. You'll leave able to critically examine a machine learning system for weaknesses, mount attacks to surface problems, and implement and evaluate practical defenses.

Skill Level Intermediate

Prerequisites: Familiarity with Python (or similar programming language) and basic Machine Learning. For the latter, students that have preprocessed data and trained & evaluated a model will be in good shape to tackle the material.

Materials: Laptop capable of running Docker or Jupyter notebooks.

Max students: 70

Registration: https://www.eventbrite.com/e/hands-on-adversarial-machine-learning-red-rock-vi-tickets-63608585993
(Opens 8-Jul-19)

Yacin Nadji
Yacin Nadji is an engineer at Security Scorecard where he applies machine learning to identify companies' infrastructure and understand their security risk. He received his Ph.D. from the School of Computer Science at Georgia Institute of Technology with a focus in Computer Security. He has published 20 academic papers with hundreds of citations, many focused on applying ML to solve security problems.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 14:00-14:45


Harnessing Weapons of Mac Destruction

Friday at 14:00 in Track 1
45 minutes | Demo, Exploit

Patrick Wardle Chief Research Officer, Digita Security

Whenever a new Mac malware specimen is uncovered, it provides a unique insight into the offensive Mac capabilities of hackers or nation-state adversaries. Better yet, such discoveries provide fully-functional capabilities that may be weaponized for our own surreptitious purposes! I mean, life is short, why write your own?

We'll begin this talk by discussing the methodology of subverting existing malware for "personal use", highlighting both the challenges and benefits of such an approach.

Next, we'll walk-thru the weaponization of various Mac malware specimens, including an interactive backdoor, a file-exfiltration implant, ransomware, and yes, even adware. Customizations include various runtime binary modifications that will coerce such malware to accept tasking from our own C&C servers, and/or automatically perform actions on our behalf.

Of course, in their pristine state, such samples are currently detected by AV products. As such we'll also walk-thru subtle modifications that will ensure our modified tools remains undetected by traditional detection approaches.

In conclusion, we'll highlight novel heuristic methods that can generically detect such threats to ensure Mac users remain protected even from such weaponized threats.

Patrick Wardle
Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

http://twitch.com/patrickwardle


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Sunday - 11:00-11:59


Head in the Clouds

Matt Nash, Security Consultant at NCC Group

Availability, scalability, agility, and automation - "The Cloud" brings all of these to your fingertips. Improperly configured, it can also be a security incident waiting to happen. In this talk, we'll cover open source tools to help paint a current, accurate picture of your cloud security posture, share some insight from first-hand experience, and show examples of how you can use this approach within your organization.

Matt Nash works in a variety of realms, including internal/external network infrastructure, cloud architecture, web applications, automated teller machines (ATMs), physical security, social engineering, digital forensics and incident response, and wireless. As well, these assessments span a number of industries: oil and gas energy, utility, manufacturing, software development, financial, and retail. With more infrastructure and resources moving into "the cloud", at a staggering pace, building a skillset in large-scale cloud review was an obvious choice. Matt holds a B.S. in Food and Resource Economics, and is totally qualified to speak on this topic.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Sunday - 12:00-12:45


Help Me, Vulnerabilities. You're My Only Hope

Sunday at 12:00 in Track 4
45 minutes | Tool, Exploit

Jacob Baines Research Engineer, Tenable

MikroTik routers keep getting owned. They’ve been exploited by advanced threats like VPNFilter, Slingshot APT, and Trickbot. They’ve been compromised by coin miners, botnets, and who knows what else. With each new campaign the security industry publishes new indicators of compromise and everyone moves on.

However, MikroTik administrators operate in a sandbox. They have very limited access to the router’s underlying file system and almost no ability to directly interact with the Linux operating system. Due to these limitations, file hashes cannot answer the fundamental question that is asked again and again on the MikroTik forums, “Have I been compromised?”

It’s time the users had their question answered. In this talk, I’ll present three vulnerabilities that can help MikroTik administrators break out of the sandbox. I’ll show how to use these vulnerabilities to help determine if the router has been compromised.

Jacob Baines
Jacob is the founding member of Tenable's Zero Day Research group. He focuses much of his research efforts on routers and other IoT devices. Sometimes he even finds vulnerabilities.

Twitter: @junior_baines


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Mezzanine Stage - Saturday - 15:00-16:59


Title:
Homebrew Hardware Contest

No description available
Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 14:00-14:45


How Deep Learning Is Revolutionizing Side-Channel Cryptanalysis

Friday at 14:00 in Track 3
45 minutes | Demo, Tool

Elie Bursztein Google

Jean Michel Picod Google

This talk explores how AI is revolutionizing hardware side-channel attacks and what this new wave of attacks mean for the future of hardware cryptography. Based on the lessons learned while successfully attacking many hardware AES implementations using deep-learning this talk discuss why those attacks are fundamentally more efficient and details how to conduct then in practice.

Elie Bursztein
Elie Bursztein leads Google' security & anti-abuse research team. He has authored over fifty research papers in the field for which he was awarded 6 best papers awards and multiple industry distinctions including the Black Hat pwnie award. Born in Paris, he received a Ph.D from ENS-cachan in 2008 before working at Stanford University and ultimately joining Google in 2011.

Twitter @elie
Website: https://elie.net

Jean Michel Picod
Jean-Michel Picod is currently working at Google Switzerland. He holds an engineering degree in computer systems, networks and security. He has contributed on several open source projects (GoodFET, pynids, etc.) and published several open source tools such as DPAPIck, OWADE, scapy-radio, forensic scripts,

Twitter: @jmichel_p
Website: https://www.j-michel.org/


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 17:00-16:59


How PKI and SHAKEN/STIR Will Fix the Global Robocall Problem

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 11:45-12:30


11:45 AM: How to Get Your Ass Kicked and Like It; Experiential Learning Through Gamification
Speaker: Corey M. Hudson

Abstract: The paradigm shift for cybersecurity crisis response training is here. If you want to prepare for a security breach, tabletop exercises and unpracticed runbooks arent enough. Organizations can now prepare for a worst day with an intense, immersive experience that builds your teams critical cybersecurity and leadership skills in a realistic and gamified environment. An organizations response and actions, or the lack thereof, can have a decisive impact on the end state or the aftermath.

Speaker Bio: JC is a proven executive, visionary, and story teller with 30+ years of security leadership experience. He served in multiple leadership and advisory roles and possesses extensive experience in building strategic cyber programs at the National level ISO missions in the most hostile environments.

T: @teamvega

Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Saturday - 12:00-12:45


How You Can Buy AT&T, T-Mobile, and Sprint Real-Time Location Data on the Black Market

Saturday at 12:00 in Track 1
45 minutes

Joseph Cox Senior Staff Writer, Motherboard

Major US telecommunications companies AT&T, T-Mobile, and Sprint have been quietly selling access to their customers’ real-time location data, including cell tower information as well as highly precise GPS data. Through a complex network of dodgy data aggregators and middlemen companies, this data access eventually trickled down to a slew of different industries, used car salesman, landlords, and hundreds of bounty hunters, likely without your knowledge or informed consent. In this talk, based on leaked documents, sources, and first hand experience, Joseph will explain how this data industry works, the players involved, and also how the data access is available on the black market, where it can be used in any way an attacker fancies: Joseph paid a source $300 to successfully locate a phone in New York.

Joseph Cox
Joseph is an investigative reporter for Motherboard, the science and technology section of VICE. He covers cybersecurity, the digital underground, and social media platforms.

Twitter: @josephfcox


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Sunday - 12:00-12:45


HTTP Desync Attacks: Smashing into the Cell Next Door

Sunday at 12:00 in Track 3
45 minutes | Demo, Tool

albinowax Head of Research, PortSwigger

HTTP requests are traditionally viewed as isolated, standalone entities. In this session, I'll introduce techniques for remote, unauthenticated attackers to smash through this isolation and splice their requests into others, through which I was able to play puppeteer with the web infrastructure of numerous commercial and military systems, rain exploits on their visitors, and harvest over $50k in bug bounties.

Using these targets as case studies, I’ll show you how to delicately amend victim's requests to route them into malicious territory, invoke harmful responses, and lure credentials into your open arms. I’ll also demonstrate using backend reassembly on your own requests to exploit every modicum of trust placed on the frontend, gain maximum privilege access to internal APIs, poison web caches, and compromise my favourite login page.

Although documented over a decade ago, a fearsome reputation for difficulty and collateral damage has left this attack optimistically ignored for years while the web's susceptibility grew. By applying fresh ideas and new techniques, I’ll unveil a vast expanse of vulnerable systems ranging from huge content delivery networks to bespoke backends, and ensure you leave equipped to devise your own desync techniques and tailor attacks to your target of choice.

albinowax
James Kettle is Head of Research at PortSwigger Web Security, where he designs and refines vulnerability detection techniques for Burp Suite's scanner. Recent work has focused on using web cache poisoning to turn caches into exploit delivery systems. James has extensive experience cultivating novel attack techniques, including server-side RCE via Template Injection, client-side RCE via malicious formulas in CSV exports, and abusing the HTTP Host header to poison password reset emails and server-side caches. He has spoken at numerous prestigious venues including both BlackHat USA and EU, and OWASP AppSec USA and EU.

Twitter: @albinowax
Website: https://skeletonscribe.net/


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 14:30-14:59


Hunting Certificates and Servers

Sam Erb

From Shodan to Certificate Transparency, it is easier than ever to use TLS certificates for DNS hostname reconnaissance. However, these sources of data are either not free, infrequently updated or are not linked to a server IP address. This talk will survey existing resources & release a new, free service for finding TLS certificates in the IPv4 space!

Sam Erb (Twitter: @erbbysam) is a 2x black badge winner with Co9 in the Badge Challenge and is working to make the Internet a safer place.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Saturday - 13:00-13:30


HVACking: Understand the difference Between Security and Reality!

August 10, 2019 1:00 PM

This session and demo explores an ICS 0-day vulnerability found by McAfee. The target is a PLC manufactured by a major SCADA vendor. The device is popular in critical industries such as education, healthcare, hospitality, and manufacturing/industrial. Not only is this vulnerability remotely exploitable and requires no authentication, but many of the devices can be compromised over the Internet.

Speaker Information

Panelist Information

Douglas McKee

McAfee

Douglas McKee is a Sr. Security Researcher for the McAfee ATR team, focused on finding new vulnerabilities in both software and hardware. Douglas has an extensive background in vulnerability research, penetration testing, reverse engineering, and forensics.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 13:00-13:45


HVACking: Understand the Difference Between Security and Reality!

Friday at 13:00 in Track 2
45 minutes | Demo

Douglas McKee Senior Security Researcher, McAfee Advanced Threat Research

Mark Bereza Security Researcher, McAfee Advanced Threat Research

Like most modern devices, building controllers have increasingly become network connected, exposing them to a wider range of threats. If malicious actors could manipulate access control systems, boiler rooms, or temperature control for critical industrial systems, the potential for catastrophic damage is extreme.

McAfee's ATR team has discovered a 0-day vulnerability in a major building controller. This controller is a fully programmable native BACnet™ device designed to manage a wide range of building systems. By modifying BACnet broadcast traffic, a buffer overflow can be leveraged into a write-what-where (WWW) condition. This WWW leads to execution control, providing the attacker with a root shell and complete control over the device remotely. Because this attack vector is through BACnet broadcast traffic, there is no authentication mechanism for the target device, allowing anyone on the same network to communicate with it directly and exploit the vulnerability without authentication. Currently, there are over 500 of these devices connected to the internet running in BACnet/IP Broadcast Management Device (BBMD) mode. Utilizing this mode, broadcast traffic can travel over the internet, increasing the potentially devastating impact of this vulnerability.

This presentation will include a deep technical analysis of the vulnerability discovery process and demos illustrating an attack in a critical scenario. Finally, we will discuss the steps taken by the vendor to patch this vulnerability and demonstrate its effectiveness.

Douglas McKee
Douglas McKee is a senior security researcher for the McAfee Advanced Threat Research team, focused on finding new vulnerabilities in both software and hardware. Douglas has an extensive background in penetration testing, reverse engineering, malware analysis and forensics and throughout his career has provided software exploitation training to many audiences, including law enforcement. Douglas recently presented his research focused on hacking medical devices at DEF CON 26.

Twitter: @fulmetalpackets

Mark Bereza
Mark Bereza is a security researcher and new addition to McAfee's Advanced Threat Research team. A recent alumnus of Oregon State's CS systems program, Mark's work has focused primarily on vulnerability discovery and exploit development for embedded systems.


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Sunday - 09:50-10:40


Hyperledger Fabric Security Essentials

No description available


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 15:00-14:59


I am Spartacus! (And You Can Be Too!) Ensuring Privacy through Obfuscation

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 16:00-16:30


I Know What You Did Last Summer: 3 Years of Wireless Monitoring at DEF CON

Friday at 16:00 in Track 2
20 minutes | Demo, Tool

d4rkm4tter (Mike Spicer) Hacker

For the past 3 years d4rkm4tter has been obsessed with monitoring the wireless networks at DEF CON. This talk will take you on a journey through the successes and failures that lead to the creation of the WiFiCactus and the over 1 TB of data captured. A history of each capture project including a summary of the most interesting pieces of data will be shown.

Many people spread a lot of fear, uncertainty and doubt about the wireless environments during DEF CON. This presentation aims to bring some clarity to what is really happening in the airwaves during one of the largest hacker conferences in the world. This will include presenting data on the attacks and sensitive information that exists in the airwaves. This presentation will demonstrate the risks of using wireless networks and information leaks that can be captured by anyone who is passively listening. Countermeasures and protection strategies will be provided to help you avoid having your data captured by those who might be listening.

With the number of connected devices around us, there has never been a better time to start wardriving or warwalking. Everyone is capable of profiling wireless data around them thanks to cheap hardware and open source tools. As hackers it is important for us to discover issues and vulnerabilities while validating claims of security by software and hardware vendors. Monitoring wireless communication is a great way to start validating those claims. All of the hardware and methods used will be provided so that anyone can do this type of monitoring on their own. Hack the Planet!

d4rkm4tter (Mike Spicer)
d4rkm4tter is a mad scientist hacker who likes to meddle with hardware and software. He is particularly obsessed with wireless. He has a degree in computer science from Southern Utah University which he has put to use building and breaking a wide array of systems. These include web application pentesting, wireless monitoring and tracking as well as good old fashioned reverse engineering. He is the creator of the #WiFiCactus and has been seen presenting Demolabs at DEF CON and DEF CON China Beta. He is a Kismet cultist and active in the wireless and wardriving communities.

Twitter: @d4rkm4tter
Website: palshack.org


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Saturday - 15:30-16:20


Saturday August 10 2019 1630 30 mins
Getting Psychic: Cold Reading Techniques for Fortune Tellers and Social Engineers
Cold reading is a technique to make others believe that you have psychic powers. After reading everything I could find on cold reading, I ran a two-day experiment during the Veracode Hackathon, where I gave psychic readings to colleagues whom I didn’t know personally. Each participant filled in a survey at the end of the reading, and gave me a short video statement about the experience.

In this talk, introduce the concept of cold reading, my experiments, and recommendations for using cold reading techniques in social engineering. I’ll walk through the set up of the experiment, which included setting the scene through props, gauging the “sitter’s” level of experience and openness to psychic readings, and then various techniques I applied. These included using statements rather than questions, rainbow ruses based on reading social cues, and playing with probabilities. The talk includes video testimonials and survey results to show the effectiveness of the techniques in the experiment.

We’ll then switch to applying cold reading to social engineering. We’ll cover how props help build your authority if you introduce them in the right way. Using statements rather than questions demonstrates that you are an insider and know the company or situation well, which builds rapport fast. Gauging whether a target is tech savvy helps you tailor your attack. Researching frequently used hardware and software (probability game) and using these in statements can further build your authority. We’ll learn how fortune tellers are never wrong, and how to build justifications so you are always right. Doing OSINT research on your target will help your hit rate, which is what psychics call a warm reading. Before going into questions we’ll cover the following week’s winning numbers for MegaMillions.

Chris Kirsch: @chris_kirsch
Chris Kirsch (@chris_kirsch) has always had a passion for security, but bad life choices led him to a career in marketing – for many DEF CON attendees just one step above a rose seller. He has enjoyed worked product marketing jobs at PGP Corporation, nCipher, Rapid7 and now Veracode. Born in Germany, he has lived in Switzerland, the United Kingdom, and now the United States. In 2017, Chris received a DEF CON black badge for the Social Engineering CTF by shamelessly taking advantage of nice, trusting people at a Fortune 500 gaming company. Chris is currently looking for an internship with a fortune teller to advance his career.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Sunday - 12:00-12:45


I'm In Your Cloud... Pwning Your Azure Environement

Sunday at 12:00 in Track 1
45 minutes | Demo, Tool, Exploit

Dirk-jan Mollema Security Expert - Fox-IT

After having compromised on-premise for many years, there is now also the cloud! Now your configuration mistakes can be accessed by anyone on the internet, without that fancy next-gen firewall saving you. With this talk I’ll share my current research on Azure privileges, vulnerabilities and what attackers can do once they gain access to your cloud, or how they can abuse your on-premise cloud components. We start with becoming Domain Admin by compromising Azure AD Sync, sync vulnerabilities that allow for Azure admin account takeover and insecure Single Sign On configurations. Up next is cloud roles and privileges, backdooring Azure AD with service accounts, escalating privileges as limited admin and getting past MFA without touching someone's phone. Then we finish with cloud integrations, also known as "how a developer can destroy your whole infrastructure with a single commit": Exploring Azure DevOps, backdooring build pipelines, dumping credentials and compromising Azure Resource Manager through connected services. Besides all the fun we'll also look into how this translates into the questions you should ask yourself before moving things to the cloud and how this differs from on-premise.

Dirk-jan Mollema
Dirk-jan is one of the core researchers of Active Directory and Azure AD at Fox-IT. Amongst the open source tools published to advance the state of AD research are aclpwn, krbrelayx, mitm6, ldapdomaindump and a Python port of BloodHound. He blogs at dirkjanm.io, where he publishes about new Active Directory attack chains, which included the discovery of the PrivExchange vulnerability. He is also co-author of ntlmrelayx and contributor to several other open source tools and libraries. After discovering that breaking stuff is a lot of fun he never looked back at his freelance web developer days, but is still thankful for the knowledge and experience that those days provided him.

Twitter: @_dirkjan
Website: dirkjanm.io


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Saturday - 14:00-14:45


I'm on your phone, listening - Attacking VoIP Configuration Interfaces

Saturday at 14:00 in Track 2
45 minutes | Demo, Tool, Exploit

Stephan Huber Fraunhofer SIT

Philipp Roskosch

If toasters talking to fridges is no joke to you, then you are aware of the big Internet of Things hype these days. While all kind of devices get connected and hacked, one of the oldest class of IoT devices seems to be forgotten even though it is literally everywhere - VoIP phones.

For configuration and management purposes, VoIP phones run a web application locally on the device. We found several critical bugs (reported CVEs) in the web application as well as in the webserver which enabled us to hijack the phones. Starting with simple XSS and CSRF issues, via command injections and memory corruptions right through to remote code executions, all popular vulnerability classes can be found on those devices.

We will present our findings together with the tools and strategies we used, and will enable you to do the same with your own phones and other IoT devices.

Further, we will provide helpful ARM shell code patterns, scripts and tricks which hackers can use to find bugs. We will conclude our talk by showing that automatic tools fail to discover such vulnerabilities. Therefore, manual IoT pentesting is still required.

If you think these management interfaces are not exposed to the internet, you are wrong. In a scan, we found thousands of reachable phones vulnerable to our exploits.

Stephan Huber
Bio Coming Soon

Twitter: @teamsik
Website: www.team-sik.org

Philipp Roskosch
Bio Coming Soon


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Friday - 16:30-16:59


ICS Village Community Engagement Shark Tank

August 9, 2019 4:30 PM

Coming soon!

Speaker Information

Panelist Information

Bryson Bort

SCYTHE

Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute Fellow and an Advisor to the Army Cyber Institute. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. ‍ Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Sunday - 10:00-10:30


Ideas whose time has come: CVD, SBOM, and SOTA

Speakers – Katie and Art

Synopsis

From origins in general purpose computing, Coordinated Vulnerability Disclosure (CVD), Software Bill Of Materials (SBOM), and Secure Over-The-Air (SOTA) updates have been implemented or considered in safety sectors including industrial control systems, medical devices, and ground transportation. These common software security practices are becoming widespread global norms, turning up in public policy, international standards, and national law (often in sector-specific safety regulation).

About the Speakers

Art Manion is the Vulnerability Analysis Technical Manager at the CERT Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University. He coordinates vulnerability disclosures and says things like “Don’t Use IE,” “Replace CPU hardware,” and “CVSS is inadequate.”


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 11:00-10:59


Implementing a Zero Knowledge Proof or, How to Write Bulletproofs in Rust

No description available


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Sunday - 11:00-11:30


In The Air And On The Air: Aviation Radio Systems

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 12:00-12:45


Infiltrating Corporate Intranet Like NSA ̶Pre-auth RCE on Leading SSL VPNs

Friday at 12:00 in Track 3
45 minutes | Demo, Exploit

Orange Tsai
Principal Security Researcher from DEVCORE
Member of HITCON(Hacks in Taiwan Conference)
Member of CHROOT Security Group
Captain of HITCON CTF team

Meh Chang Security Researcher from DEVCORE Member of HITCON CTF team

Computer security is now a public policy issue. Election security, blockchain, "going dark," the vulnerabilities equities debate, IoT safety , data privacy, algorithmic security and fairness, critical infrastructure: these are all important public policy issues with a strong Internet security component. But while an understanding of the technology involved is fundamental to crafting good policy, there is little involvement of technologists in policy discussions. This is not sustainable. We need public-interest technologists: people from our fields helping craft policy, and working to provide security to agencies and groups working in the broader public interest. We need these people in government, at NGOs, teaching at universities, as part of the press, and inside private companies. This is increasingly critical to both public safety and overall social welfare. This talk both describes the current state of public-interest technology, and offers a way forward for us individually and collectively for our field. The defining policy question of the Internet age is this: How much of our lives should be governed by technology, and under what terms? We need to be involved in that debate.SSL VPNs protect corporate assets from Internet exposure, but what if SSL VPNs themselves are vulnerable? They’re exposed to the Internet, trusted to reliably guard the only way to intranet. However, we found pre-auth RCEs on multiple leading SSL VPNs, used by nearly half of the Fortune 500 companies and many government organizations. To make things worse, a “magic” backdoor was found to allow changing any user’s password with no credentials required! To show how bad things can go, we will demonstrate gaining root shell from the only exposed HTTPS port, covertly weaponizing the server against their owner, and abusing a hidden feature to take over all VPN clients!

In such complicated closed-source systems, gaining root shell from outside the box certainly ain’t easy. It takes advanced web and binary exploitation techniques to struggle for a way to root shell, which involves abusing defects in web architectures, hard-core Apache jemalloc exploitation and more. We will cover every detail of all the dirty tricks, crazy bug chains, and the built-in backdoor. After gaining root shell into the box, we then elaborate on post exploitation and how we hack back the clients. In addition, we will share the attack vectors against SSL VPNs to kick start researches on similar targets. On the other hand, from our previous experience, we derive general hardening actions that mitigate not only all the above attacks, but any other potential 0days.

In summary, we disclose practical attacks capable of compromising millions of targets, including tech giants and many industry leaders. These techniques and methodologies are published in the hope that it can inspire more security researchers to think out-of-the-box; enterprises can apply immediate mitigation, and realize that SSL VPN is not merely Virtual Private Network, but also a “Vulnerable Point of your Network”.

Orange Tsai
Cheng-Da Tsai, also as known as Orange Tsai, is the principal security research of DEVCORE and the member of CHROOT security group from Taiwan. He has spoken at conferences such as Black Hat USA/ASIA, DEF CON, HITCON, HITB, Hack.lu and CODEBLUE. He participates in numerous Capture-the-Flags (CTF), and also the team captain of HITCON, which won 2nd place in DEF CON 22/25. Currently, he is focusing on application security and 0day research. Orange enjoys finding vulnerabilities and participating in Bug Bounty Programs. He is enthusiastic about Remote Code Execution (RCE), and uncovered RCEs in several vendors, such as Facebook, Uber, Apple, GitHub, Amazon, Yahoo, Netflix and Imgur.

Twitter: @orange_8361
Website: http://blog.orange.tw/

Meh Chang
Tingyi Chang, also known as Meh Chang, is a security researcher at DEVCORE. She focuses on binary program analysis and exploitation. She is a member of HITCON and 217 CTF team and has won the second place of DEF CON 25.

Twitter: @mehqq_


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Saturday - 10:00-10:45


Information Security in the Public Interest

Saturday at 10:00 in Track 3
45 minutes

Bruce Schneier

Computer security is now a public policy issue. Election security, blockchain, "going dark," the vulnerabilities equities debate, IoT safety , data privacy, algorithmic security and fairness, critical infrastructure: these are all important public policy issues with a strong Internet security component. But while an understanding of the technology involved is fundamental to crafting good policy, there is little involvement of technologists in policy discussions. This is not sustainable. We need public-interest technologists: people from our fields helping craft policy, and working to provide security to agencies and groups working in the broader public interest. We need these people in government, at NGOs, teaching at universities, as part of the press, and inside private companies. This is increasingly critical to both public safety and overall social welfare. This talk both describes the current state of public-interest technology, and offers a way forward for us individually and collectively for our field. The defining policy question of the Internet age is this: How much of our lives should be governed by technology, and under what terms? We need to be involved in that debate.

Bruce Schneier
Bruce Schneier is an internationally renowned security technologist, called a "security guru" by the Economist. He is the author of 14 books—including the New York Times best-seller "Click Here to Kill Everybody"—as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and blog "Schneier on Security" are read by over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet and Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of EPIC and VerifiedVoting.org. He is also a special advisor to IBM Security.

Twitter: @schneierblog
Website: https://www.schneier.com


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Friday - 16:00-16:59


Injections Without Borders: An anatomy of Serverless Event Injections

No description available


Return to Index    -    Add to    -    ics Calendar file

 

PHVW - Bally's - Indigo Tower - 26th Floor - Friday - 16:45-18:45


Intel-driven Hunts for Nation-state Activity Using Elastic SIEM

Sean Donnelly, CEO, Resolvn, Inc.
Peter Hay, Director of Strategy and Innovation, Resolvn, Inc.

Hunting for advanced threats can be a daunting task for network defenders. In this workshop we’ll demystify threat hunting by guiding attendees through the development and execution of network traffic and host analysis workflows. Using a six-stage model, attendees will leverage threat intelligence to plan and conduct 20 small hunts, configuring and tuning their defensive tool-suite along the way. The use of IOC-based, tool-based, and TTP-based detection methods will ultimately lead to the discovery of nation-state activity on a complex, near-to-spec enterprise network.

Sean Donnelly (Twitter: @resolvn) is the CEO of Resolvn, Sean is a passionate cybersecurity researcher with extensive experience in the industry. As an active-duty U.S. Navy Cryptologic Warfare Officer, Sean worked for the National Security Agency (NSA) before becoming the Technical Director of the Navy Blue Team (NBT). Sean has developed internal tools for threat detection, such as the NBT’s Blue P.E.A.R and Expanse’s ETHIR, trained countless service members on detection techniques, and led critical security operations around the world. He holds CISSP, GPEN, and OSCP certifications along with a B.S. and M.S. from the United States Naval Academy and Boston University, respectively.

Peter Hay (Twitter: @ResolvnPete) is Resolvn’s director of strategy and innovation, Pete has an extensive and diverse background in technology driven fields including Computer Network Operations (CNO), Network Forensics, and Nuclear Chemistry. From his Navy service in leading a quick-response team of NSA cryptologists and developers who designed solutions to some of the agency’s most vital problems, to delivering multi-domain cyber security training to thousands of students world-wide, or applying for cyber security patents in the U.S. and Europe, Pete continues to stretch the edges of technology, its use, and application.


Return to Index    -    Add to    -    ics Calendar file

 

DC - DC101, Paris Theatre - Thursday - 13:00-13:45


Intro to Embedded Hacking—How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study.

Thursday at 13:00 in DC101, Paris Theatre
45 minutes | Demo, Exploit

Philippe Laulheret Senior Security Researcher @ McAfee Advanced Threat Research

From small business to large enterprise, VOIP phones can be found on nearly every desk. But how secure are they? What if your phone was spying on every conversation you have?

This talk is an introduction to hardware hacking and as a case study I’ll use the [REDACTED] Deskphone, a device frequently deployed in corporate environments. I’ll use it to introduce the tools and methodology needed to answer these questions.

During this talk, attendees will get a close up look at the operations of a hardware hacker, including ARM disassembly, firmware extraction using binwalk, micro-soldering to patch an EEPROM and get a root shell over UART, and ultimately uncover an already known decade-old bug that somehow remained unnoticed in the device’s firmware.

Beyond the case study I will also address alternative tactics; some did not work, others may have but were not the lowest-hanging fruit. When it comes to hardware hacking, the process is as important as the result; knowing that there are multiple ways to reach the end goal helps researchers remain confident when hurdles arise. After the talk, attendees will have an increased distrust towards always-on devices; however, they will have the background knowledge to investigate the products and systems they encounter daily.

Philippe Laulheret
Philippe Laulheret is a Senior Security Researcher on the McAfee Advanced Threat Research team. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex system and get them to behave in interesting ways. He previously talked about Reverse Engineering PSX game at Bsides PDX, created & contributed to some Hardware Hacking CTF when working at Red Balloon Security and shared the love of tearing apart VOIP phones during ad-hoc workshops at multiple conferences (Summer Con, Hardware Hacking Village, etc.)

Twitter: @phLaul


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Friday - 17:30-18:30


Introduction and Application of Covert Channels

Red Teams must operate under the radar, and one way to achieve that, or delay discovery of a communication method, is by using covert channels. In this talk, Aaron will quickly touch on the history and science behind covert channels, before diving into how they can be used to conceal active C2 channels. This talk will also cover a walkthrough of a stealthy ICMP covert channel, and general methodology of developing new covert channels for other protocols or communication mediums.
About Aaron "dyn" Grattafiori: Aaron "dyn" Grattafiori leads the Red Team at Facebook, where he focuses on offensive security, vulnerability research, adversary simulation, and performing bold full scope operations. Aaron has spoken at national security conferences such as Black Hat and DEFCON as well as regional conferences such as Toorcon and SOURCE. This will be Aaron's 16th DEFCON. Twitter: @dyn___


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock VIII - Thursday - 10:00-13:59


Introduction to Cryptographic Attacks

Thursday, 1000-1400 in Flamingo, Red Rock VIII

Matt Cheung Hacker

Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap.

Skill Level Intermediate

Prerequisites: Students should be comfortable with modular arithmetic and the properties of XOR. Experience in Python or other similar language will be a plus.

Materials: A laptop with VMWare or VirtualBox installed and capable of running a VM.

Max students: 30

Registration: https://www.eventbrite.com/e/introduction-to-cryptographic-attacks-red-rock-viii-tickets-63607132646
(Opens 8-Jul-19)

Matt Cheung
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given talks and workshops at the Boston Application Security Conference and the DEF CON Crypto and Privacy Village.


Return to Index    -    Add to    -    ics Calendar file

 

BTVW - Flamingo - 3rd Floor- Savoy Room - Saturday - 09:00-12:59


Introduction To Mac-centric Incident Response Tools And Techniques

Saturday 09:00, Savoy Ballroom, Flamingo (Blue Team Village) (4H)

@crlowell is a member of the security team at a SF based tech company where he performs incident response, detonates malware, and helps protect employee devices.

Learn how to identify malicious files, determine where malware was downloaded from, configure your own VM Lab, and safely detonate malware to gather IOCs by responding to simulated Mac based incidents.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock V - Friday - 14:30-18:30


Introduction to Reverse Engineering With Ghidra

Friday, 1430-1830 in Flamingo, Red Rock V

Wesley McGrew Hacker

Tyler Holland Operator-Analyst, HORNE Cyber

The open-source release of the NSA's Ghidra disassembler gives software reverse engineers a free option for high-capability interactive analysis of binary code. Many software reverse engineering (SRE) practitioners have been spending time since the release learning about Ghidra and bringing it into their workflow. It also gives those new to SRE a toolset to learn with that is not restricted by commercial license costs or "demo" limitations.

The purpose of this workshop is to teach beginners, with no prior experience in software reverse engineering, about the analysis of software in the Ghidra disassembler. We'll cover the following major topics, with high degree of interaction between the instructors and students:

- Defining software reverse engineering terms
- Setting up an environment for Ghidra
- Ghidra configuration and usage
- Linking and Loading
- Data types
- C data types and constructs in assembly
- Simple anti-RE tricks and how to analyze them
- Methodology for approaching unknown programs (prioritization, analysis)
- Analysis exercise with a malware sample

Skill Level Beginner

Prerequisites: Students should have experience with at least one high-level programming language. C is preferred, but experience with any other language should provide you with the experience necessary to at least read C code. You will not be required to *write* code. No prior software reverse engineering experience is required.

Materials: Students that wish to "follow along" in Ghidra and participate in hands-on exercises should bring a laptop. Laptops should be running a 64-bit operating system (macOS, Windows, or Linux), and have at least 4GB RAM (more preferred, especially if you're using virtual machines). Before the workshop, please download and install OpenJDK and Ghidra as described in the instructions at https://ghidra-sre.org/ . We can troubleshoot installation problems in-class, but don't count on reliable/fast network access, so try to get it set up ahead of time.

We will be analyzing *live malware* provided to you on USB. You will need to have administrative capability on your laptop in order to disable or set exclusions on your AV software. While we will not be intentionally executing code (this course is limited to static analysis), you are expected to take whatever measures necessary to protect yourself, to include: bringing a "burner" laptop, having backups, virtualization, and/or common sense.

If you do not bring a laptop, you can still get some good exposure to reverse engineering with Ghidra! I'll be working in Ghidra most of the time on the projector, and you may coordinate with another student to collaboratively discuss what you're looking at on a shared laptop.

Max students: 50

Registration: https://www.eventbrite.com/e/introduction-to-reverse-engineering-with-ghidra-red-rock-v-tickets-63609250982
(Opens 8-Jul-19)

Wesley McGrew
As Director of Cyber Operations at HORNE Cyber, Wesley McGrew oversees and participates in offense-oriented services for clients in many areas, including finance, healthcare, manufacturing, and national critical infrastructure. He has presented on topics of penetration testing and and malware analysis at DEF CON and Black Hat USA. He teaches a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.

Tyler Holland
Tyler Holland is an Operative-Analyst at HORNE Cyber, where he conducts penetration testing, red teaming, and application security engagements. Tyler is an expert in reverse engineering malicious software in support of incident handling engagements.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock IV - Friday - 14:30-18:30


Introduction to Sandbox Evasion and AMSI Bypasses

Friday, 1430-1830 in Flamingo, Red Rock IV

Anthony Rose Co-founder, Blockchain Security

Jacob "Hubble" Krasnov Co-founder, Blockchain Security

Vincent "Halycon" Rose Software Engineer

Microsoft is constantly adapting their security to counter new threats. Specifically, the introduction of the Microsoft Antimalware Scripting Interface (AMSI) and its integration with Windows Defender has significantly raised the bar. In this hands-on class, we will learn the methodology behind obfuscating malware and avoiding detection. Students will explore the inner workings of Windows Defender and learn to employ AMSI bypass techniques and obfuscate malware using Visual Basic (VB) and Powershell. Then identify and evade sandbox environments to ensure the payloads are masked when arriving at the intended target. The final capstone will be tying all the concepts together.

In this workshop we will:

1. Introduce AMSI and explain its importance
2. Learn to analyze malware scripts before and after execution
3. Understand how obfuscate code to avoid AMSI and Windows Defender
4. Detect and avoid sandbox environments

Skill Level Beginner

Prerequisites: None

Materials: Students will need a laptop with VMWare or Virtualbox (installed and working).

Max students: 80

Registration: https://www.eventbrite.com/e/introduction-to-sandbox-evasion-and-amsi-bypasses-red-rock-iv-tickets-63609241955
(Opens 8-Jul-19)

Anthony Rose
Anthony 'C01_' Rose, CISSP, is the Co-founder of BC Security and Lead Pentester at Merculite Security. He has more than a decade's worth of experience as an Electrical Engineer, managing Red and Blue teams, and hacking buffoonery. His work focuses on wireless network penetration and non-IP based system security with an emphasis on embedded systems security. He has presented at DEF CON 24 and RSA 2017.

Jacob "Hubble" Krasnov
Jake "Hubble" Krasnov is the Co-founder of BC Security. He has spent most of his career as an Astronautical Engineer but has transitioned to cybersecurity. He has spent the last three years developing embedded system cyber testing tools and as a member and Red Team Lead.

Vincent "Halycon" Rose
Vincent "Halcyon" Rose is a software engineer with experience in cloud services. He has a decade of experience in software development and networking. Recently, his focus has been on building ad-serving technologies, web and ad-tracking applications.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Friday - 13:00-13:15


Introduction to the Aviation Village

Speakers – The Team aka Pete, Jim, Matt, Beau, Jen + more

Synopsis

Welcome to the Aviation Village. This will be a short intro to the Aviation Village, the team behind it, how we got here and what to expect during DEF CON 27!


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 2 - Saturday - 12:00 - 13:50


ioc2rpz

Saturday from 12:00 – 13:50 in Sunset 2 at Planet Hollywood
Audience: Defense

Vadim Pavlov

DNS is the control plane of the Internet with unprecedented detailed views on applications, devices and even transferred data going in and out of a network. 80% of malware uses DNS to communicate with Command & Control for DNS data exfiltration/infiltration and phishing attacks using lookalike domains. Response Policy Zones or DNS Firewall is a feature which allows us to apply security policies on DNS. Commercial DNS Firewall feeds providers usually do not allow user to generate their own feeds. Cloud only DNS service provides do not provide feeds for on-prem DNS. ioc2rpz is a DNS server which automatically creates, maintains and distributes DNS Firewall feeds from various local (files, DB) and remote (http, ftp, rpz) sources. This enables easy integrations with Threat Intel providers and Threat Intelligence Platforms. The feeds can be distributed to any open source and commercial DNS servers which support RPZ, e.g. ISC BIND, PowerDNS, Infoblox, BlueCat, Efficient IP etc. With ioc2rpz you can create your own feeds, actions and prevent undesired communications before they happen.

http://ioc2rpz.com

Vadim Pavlov
Vadim is a senior product manager at Infoblox where he manages Security Ecosystem integrations, Security API, BloxOne Threat Defense. He has more than 15 years of experience in the network and security industry in various roles. He is an author of open source tools such as ioc2rpz (DNS RPZ feeds distribution server) and others. Vadim earned a Master of Science degree in Computer Science (Software Engineering) from a state university in Russia.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - TBA - Saturday - 21:00-24:30


Title:
IoT Village Party

The IoT Village Mansion Party at DEF CON is back! As your go-to off-strip mansion party we have made a few changes that will make this party even better than last year. . . .
IoT Village Hacker House Party 2019 Tickets

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Sunday - 13:00-12:59


Ironically, iOS robocall-blocking apps are violating your privacy

No description available


Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Saturday - 12:00-12:59


Title:
Is It Ethical To Work On Autonomous Weapon Systems?


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Friday - 15:30-15:59


IT/OT Convergence - Are We There Yet?

August 9, 2019 3:30 PM

Call it convergence, alignment, cooperation, or what you will, not only are IT networks being used to carry OT information and control instructions, traditional OT manufacturers are adding traditional IT features into their products and traditional IT manufacturers are looking at the opportunity to step into the OT world. Jack will discuss this and other aspects of the convergence of IT and OT. There is still resistance and in cases, a lack of understanding about IT/OT convergence, the objectives, and what needs to be done. In order to have convergence of IT/OT, we must first define, or at least set a goal for convergence.

Speaker Information

Panelist Information

Oden Jack

Parsons Government Services

Jack D. Oden is self-motivated, energetic, and accomplished, has 20 years’ experience in negotiating system improvements between users and engineers; developing, acquiring, operating, analyzing, designing, and programming quality, user-oriented systems. He provides services to customers on industrial control systems security for critical infrastructure, advises on compliance with legal, regulations and policy, leads information technology subject matter experts in operating systems and networking, managed five projects over 25 years, managed two full-scale computer operations and a cybersecurity operation center, and built a 67,000 sqft office complex, including four sensitive compartmented information facilities. He has over 46 years’ experience in leadership, Jack is a retired U.S. Army Lieutenant Colonel, holds a Masters in Business Administration, Management from University of Texas at San Antonio and Bachelors in Business Administration, Accounting from Texas A&M University, is a Certified Information Systems Security Professional, Global Industrial Cyber Security Professional, Project Management Professional, and SCADA Security Architect.


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Saturday - 12:50-13:40


Jump-Oriented Programming (JOP) in Smart Contract Honeypots

No description available


Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Friday - 11:00-11:59


Title:
Keynote: A Rant on Ethical Discolsure


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Saturday - 10:00-10:50


Keynote Blockchain-Security Symbiosis: Security Enabling Blockchains; Blockchains Enabling Security

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Saturday - 17:30-17:59


Killsuit - How The Equation Group Remained Out Of Sight For Years

Saturday 17:30, Savoy Ballroom, Flamingo (Blue Team Village) (30M)

@connormorley is a Threat Hunter at Countercept, a 24/7 manager Threat hunting service by MWR Infosecurity. A keen investigator of malicious TTP’s, he enjoys experimenting and dissecting malicious tools to determine functionality and developing detection methodology. As a threat hunter as well as holding OSCP accreditation he is experienced with traditional and “in the wild” malicious actors behaviour.

@laciefan is a Threat Hunter at Countercept, a 24/7 managed Threat hunting service by MWR Infosecurity. Previously an Incident Response investigator, she carries a deep interest in forensics investigations and attack detection. Having knowledge in both offensive and defensive security, she currently holds both CPIA and OSCP accreditation.

When the shadow brokers released a large number of Equation Group tools in 2017, many researchers jumped on the analysis of EternalBlue, FuzzBunch etc. The exploits of the leak have now been thoroughly analysed and mostly patched, but the works of its persistence tool (Danderspritz) is still widely unknown. In our talk, we are going to break down the Killsuit modules of Danderspritz. Killsuit (KiSu) is a modular post-exploitation persistence and capability mechanism employed in various hacker frameworks including Danderspritz (DdSz).


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Friday - 09:00-09:59


Kube-Red C2 Operations on Kubernetes

This talk explores deploying and dynamically generating C2 services on Kubernetes! Everything will be extremely practical with walkthroughs of detailed deployment configurations. Building containers for popular C2 platforms, such as Cobalt Strike, and many others, will be covered. Rapidly deploying complex C2 infrastructure using tools such as Kops and Drone and managing DNS and TLS using Kubernetes will be discussed. Attendees will learn how to build complex redirecting logic to sandbag defenders, using the rewriting and filtering capabilities found in the Nginx Ingress Controller, and the Istio Service Mesh. In addition, monitoring the health of implants using Prometheus will be reviewed.

About Larry Suto: Larry is an independent security consultant based out of Oakland, CA. He spends a lot of time researching using cloud infrastructure for all types of security testing. He spends some time on Windows security as well. Twitter: @larrysuto


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Paris - Napoleons Corner Bar - Friday - 18:00-19:59


Title:
Lawyers Meet

If you're a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join Jeff McNamara at 18:00 on Friday, August 9th, for a friendly get-together, drinks, and conversation. Location: Inside the Napoleons Bar just outside of the Paris Speaking Tracks.

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock IV - Thursday - 10:00-13:59


Learning to Hack Bluetooth Low Energy with BLE CTF

Thursday, 1000-1400 in Flamingo, Red Rock IV

Ryan Holeman Global Security Overlord, Atlassian

BLE CTF is a series of Bluetooth low energy challenges in a capture the flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively teach a new concept to the user. For this workshop, we will step through a series of exercises to teach beginner students new concepts and allow more seasoned users to try new tools and techniques. After completing this workshop, you should have a good solid understanding of how to interact with and hack on BLE devices in the wild.

If you have done BLE CTF in the past, this class is still valuable. This class will be based off of a complete rewrite of BLE CTF which is being released as version 2.0. It will still have many of the challenges from 1.0, but restructured, where every flag is hosted in a completely separate GATT service. Along with the v1.0 flags, new new version allows for more advanced challenges which were not possible in the past.

To prepare for the workshop, please follow the the setup documentation located at https://github.com/hackgnar/ble_ctf/blob/master/docs/workshop_setup.md

Skill Level All

Prerequisites: None

Materials: Preferably a Linux box with a bluetooth controller or a bluetooth usb dongle. An OSX or Windows machine with a Linux VM and usb passthough works as well but should be setup and tested before the workshop. The workshop exercises run on a relatively cheap piece of hardware (ESP32). If attendees want to bring their own to get flashed, we can assist. If they want to buy one, I sell them pre-flashed for $20.

Max students: 80

Registration: https://www.eventbrite.com/e/learning-to-hack-bluetooth-low-energy-with-ble-ctf-red-rock-iv-tickets-63605954121
(Opens 8-Jul-19)

Ryan Holeman
Ryan Holeman resides in Austin Texas where he works as the Global Security Overlord on Atlassian's Security team. He is also an advisor for the endpoint security software company Ziften Technologies. He received a Masters of Science in Software Engineering from Kent State University. His graduate research and masters thesis focused on C++ template metaprograming. He has spoken at many respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. He has also published papers though venues such as ICSM and ICPC . You can keep up with his current activity, open source contributions and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 2 - Friday - 14:00 - 15:50


Let's Map Your Network

Friday from 14:00 – 15:50 in Sunset 2 at Planet Hollywood
Audience: Defense, Monitoring

Pramod Rana

Let’s Map Your Network (LMYN) aims to provide an easy to use interface to security engineer and network administrator to have their network in graphical form with zero manual error. It is utmost important for any security engineer to understand their network first before securing it. In a mid to large level organisation’s network having a network architecture diagram doesn’t provide the complete understanding and manual verification is a nightmare. Hence in order to secure entire network it is important to have a complete picture of all the systems which are connected to your network, irrespective of their type, function, technology etc. BOTTOM LINE - YOU CAN'T SECURE WHAT YOU ARE NOT AWARE OF. LMYN does it in two phases:

1. Learning: In this phase LMYN 'learns' the network by performing the network commands and querying the APIs and then builds graph database leveraging the responses. User can perform any of the learning activities at any point of time and LMYN will incorporate the results in existing database.

2. Monitoring: This is a continuous process, where LMYN monitors the 'in-scope' network for any changes, compare it with existing information and update the graph database accordingly.

https://github.com/varchashva/LetsMapYourNetwork

Pramod Rana
Pramod Rana works as a Senior Security Engineer with Coupa Software (The All-In-One Business Spend Management Platform). Pramod is responsible for implementing DevSecOps functions in Coupa like penetration testing, threat modelling, secure source code review. He has presented at Black Hat Europe 2018 before. He loves to do offensive security research, coding and running in his personal time.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 13:20-13:50


SPONSERED TALK

Let’s get technical and hunt harder!

1320 - 1350


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 18:00-18:59


Leveraging Passive Network Mapping with Raspberry Pi and Python

Chet Hosmer, Owner of Python Forensics

Mapping of network assets and their behaviors is a vital step needed for the prevention and response to cyber-attacks. Today active tools like NMAP are used to discover network assets, however, these methods take a momentary snapshot of network devices. By passively monitoring network activity the discovery of rogue devices, aberrant behavior, and emerging threats is possible. This talk and demonstration will utilize a Raspberry Pi and a custom Python solution to map network assets and their behaviors and demonstration the identification of rogue devices and unauthorized behaviors.

Chet Hosmer (Twitter: @chethosmer) is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Thursday - 16:30-16:59


Thursday August 08 2019 1630 30 mins

Leveraging the Insider Threat, oh, and how to be Awesome

Countless tactics exist in exploiting corporate infrastructure; stealing equipment, data, or committing rampant sabotage. In the aftermath these can decimate an enterprise in numerous ways.You cannot allow such disaster on your watch.“Leveraging the Insider Threat” goes into the psychology behind attacks, reasoning and psychological manipulation techniques; while also being an overview of common Social Engineering tactics, both remote and physical. These are meant to trick, coerce, and ensnare users without alerting anyone to suspicion.Learn how some terrifying tactics work, and in turn flip the table on attackers.Also Transform yourself, learn to be Awesome!

Marcus Liotta: @marcusliotta

Marcus Liotta has led a 13-year Systems Administration, and Technology Sales career.
Between learning how to sell products to anyone, performing Advanced Malware Removal, and processing Automation techniques for better control and defense of company infrastructure – Marcus has ensured he is plenty capable of not only identifying threats, but also evaluating the psychology behind them.

In his spare time Marcus works on countless projects such as DIY Tech inventions, or writing and designing artistic representations of his work in a creative manner. He also studies and practices practical (legal and fun) psychological manipulation in daily life.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 17:30-18:15


5:30 PM: Liven Up: Augmenting Materials for Bio-Hybrid Functionality
Speaker: Rachel Smith

Abstract: What tools are currently available to us to create living or bio-hybrid materialsthose that can be animated with biological functionalities for growth, response, distributed information processing, and cuing to the physical and chemical environment (a.k.a. the IOT before the digital IOT)? We seek fascinating ways augment the existing devices (i.e. pregnancy tests), 3D printed objects, and fabrics to interface with engineered living systems. The illustrated applications of these bio-hybrids range from disease-detection, programmable patterning of chemicals or pharmaceutics, and embedded reactivity to environmental DNA or particles.

Speaker Bio: PhD.c in the Mediated Matter Group at the MIT Media Lab, Rachel hunts for ways to augment existing synthetic materials and devices with biological or living functions. Rachel holds a B.S. in Biomedical Eng (UVA) and has a colorful past starting up high-accessibility diagnostic tools and running medical hackathons to encourage creative designs for hospital needs.

Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 3 - Saturday - 12:00 - 13:50


Local Sheriff

Saturday from 12:00 – 13:50 in Sunset 3 at Planet Hollywood
Audience: AppSec, Code Assesments, and privacy researchers

Konark Modi

URL is the most commonly tracked piece of information, the innocent choice to structure a URL based on page content can make it easier to learn a users’ browsing history, address, health information or more sensitive details. While you as a user normally browse the internet Local Sheriff works in the background and helps you identify what sensitive information(PII—Name, Date Of Birth, Email, Passwords, Passport number, Auth tokens.) is being shared/leaked to which all third-parties and by which all websites. The issues that Local Sheriff helps identify:

- What sensitive information is being shared with whom?
- Which companies are own these third parties?
- What can they doing with this information? EG: de-anonymize users on the internet, create shadow profiles.
- Data points that can be used for tracking a user across the web.
- Insights into which companies know what about you on the internet.

Local Sheriff can also be used by organizations to audit:

- Which all the third-parties that are being used on their websites.
- The third-parties on the websites are implemented in a way that respect user’s privacy and sensitive data is not being leaked to them.

Local Sheriff is a browser extension that can used with Chrome, Opera, Firefox, Brave, Cliqz.

https://github.com/cliqz-oss/local-sheriff/tree/master/scripts

Konark Modi
Konark works as a Tech lead with Cliqz GmbH developing privacy-focused search engine and browser. He works on projects ranging across Privacy by design, Anonymous Data collection like Human Web, Anti-Tracking etc. Prior to Cliqz, Konark was working with one of the largest e-commerce website in India(Makemytrip.com) in data platform and security team, solving interesting challenges related to DWH, BI and data security. His recent personal projects, in an endeavor to help organizations fix vulnerabilities have spanned across browsers, health trackers, Government services, travel mobile apps etc.


Return to Index    -    Add to    -    ics Calendar file

 

RGV - Flamingo - 3rd Floor - Carson City II - Sunday - 13:00-13:59


Title:
Lockpicking "Extras"

Not a how-to, Jared Dygert will cover things like pick concealment, creating your own picks, alternatives to traditional lockpicks (found or improvised picks), what different picks are best for, and more. Jared is an avid lock enthusiast, rock climber, and gamer. He's been picking locks ever since he was a kid and has no intention of stopping.
Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Saturday - 13:40-14:05


Low-Hanging Fruits in Blockchain Security

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Sunday - 12:00-12:45


Malproxying: Leave Your Malware at Home

Sunday at 12:00 in Track 2
45 minutes | Demo, Tool

Hila Cohen Security Researcher, XM Cyber

Amit Waisel Senior Technical Leader, XM Cyber

During a classic cyber attack, one of the major offensive goals is to execute code remotely on valuable machines. The purpose of that code varies on the spectrum from information extraction to physical damage. As defenders, our goal is to detect and eliminate any malicious code activity, while hackers continuously find ways to bypass the most advanced detection mechanisms. It’s an endless cat-and-mouse game where new mitigations and features are continuously added to the endpoint protection solutions and even the OS itself in order to protect the users against newly discovered attack techniques. In this talk, we present a new approach for malicious code to bypass most of endpoint protection measures. Our approach covertly proxies the malicious code operations over the network, never deploying the actual malicious code on the victim side. We are going to execute code on an endpoint, without really storing the code on disk or loading it to memory. This technique potentially allows attackers to run malicious code on remote victims, in such a way that the code is undetected by the victim’s security solutions. We denote this technique as “malproxying”.

Hila Cohen
Hila Cohen is a passionate Security Researcher at XM Cyber, where she investigates new attack techniques and develops detection and mitigation capabilities. Hila has a vast knowledge in the fields of malware analysis, reverse engineering and incident response.

Amit Waisel
Amit Waisel is a Senior Technical Leader at XM Cyber. He is a seasoned data security expert with vast experience in cyber offensive projects. Prior to XM Cyber, Amit filled multiple data security positions in the Israeli intelligence community. Amit is well experienced with malware detection and analysis techniques, operating system internals and security-oriented software development. He graduated with honors from Tel Aviv University with a MSc. in Computer Science.


Return to Index    -    Add to    -    ics Calendar file

 

BTVW - Flamingo - Lower Level - Valley Of Fire 1 - Friday - 14:00-17:59


Malware Traffic Analysis Workshop

Friday 14:00, Valley Of Fire 1, Flamingo (4H)

@malware_traffic based in Texas, specializes in traffic analysis of malware and suspicious network activity. After more than 21 years in the US Air Force, Brad transitioned to cyber security in 2010. He is currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. Brad is also a volunteer handler for the Internet Storm Center (ISC) and has posted more than 140 diaries at isc.sans.edu. He routinely blogs technical details and analysis of infection traffic at www.malware-traffic-analysis.net, where he's provided over 1,600 malware and pcap samples to a growing community of information security professionals.

This workshop that focuses on infection traffic for hosts running Microsoft Windows. It begins with setting up Wireshark and identifying hosts in network traffic. Participants review malware infections and learn tips to identify indicators of malicious activity. The training ends with an evaluation where participants review pcaps and compose incident reports.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock II - Friday - 10:00-13:59


Malware Triage - Analyzing The Modern Malware Delivery Chain

Friday, 1000-1400 in Flamingo, Red Rock II

Sergei Frankoff Co-Founder, Open Analysis

Sean Wilson Co-Founder, Open Analysis

Malspam with an attached malicious document has now become the standard delivery vector for most criminal malware. In order to evade detection it is not uncommon for these malicious documents to execute a long chain of scripts involving macros, Javascript, and PowerShell before downloading the final payload. As a result incident responders and malware analysts need to be comfortable analyzing different document formats, and script languages to make sense of these delivery chains.

In this workshop you will work through the triage of a live malware delivery chain that includes a malicious document, malicious scripts, and a final malware payload. During this process you will be exposed to different document formats, and malscripts while you practice the skills required to manually analyze these delivery chains. This workshop focuses on the fundamental analysis techniques used when identifying, deobfuscating, and analyzing maldocs and malscripts. However, we will also provide an introduction to some free and open source tools that can be used to speed up the analysis process.

This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you have a good understanding of scripting languages like VBScript, and Javascript, and you are familiar with windows internals you should have no problem completing the workshop.

You will be provided with a VirtualMachine to use during the workshop, please make sure to bring a laptop that meets the following requirements. Your laptop must have VirtualBox or VMWare installed and working prior to the start of the course. Your laptop must have at least 60GB of disk space free, preferably 100GB. Your laptop must also be able to mount USB storage devices. Make sure you have the appropriate dongle if you need one.

Skill Level Beginner

Prerequisites: None

Materials: Students will be provided with a VirtualMachine to use during the workshop. They will need to bring a laptop that meets the following requirements: - The laptop must have VirtualBox or VMWare installed and working prior to class. - The laptop must have at least 60GB of disk space free, preferably 100GB. - The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).

Max students: 35

Registration: https://www.eventbrite.com/e/malware-triage-analyzing-the-modern-malware-delivery-chain-red-rock-ii-tickets-63609242958
(Opens 8-Jul-19)

Sergei Frankoff
Sergei is a co-founder of Open Analysis, and volunteers as a malware researcher. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis. Sergei is a strong believer in taking an open, community approach to combating cyber crime. He actively contributes to open source tools and tries to publish as much analysis as possible. With over a decade of experience Sergei has held roles both as the manager of an incident response team, and as a malware researcher.

Sean Wilson
Sean is a co-founder of Open Analysis, and volunteers as a malware researcher. He splits his time between reverse engineering malware and building automation tools for incident response. He is an active contributor to open source security tools focused on incident response and analysis. Sean brings over a decade of experience working in a number of incident response and application security roles with a focus on security testing and threat modelling. In his free time Sean loves fly fishing.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 13:05-15:10


WORKSHOP

Manhunting 101 - OSINT Crash Course vs Human Targets

1305 - 1510


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Friday - 14:30-16:10


Mathematical Background of Blockchain Cryptography

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BTVW - Flamingo - Lower Level - Valley Of Fire 2 - Friday - 13:30-15:29


MEDIC! Malware Response 101 From The Trenches

Friday 13:30, Valley Of Fire 2, Flamingo (2H)

@krypt3ia is a security professional with over 13 years experience specializing in areas such as DFIR Ethical Hacking/Pen Testing, Social Engineering Information, Security Auditing, ISO27001, Threat Intelligence Analysis, Steganography Application and Detection.

Many of you out there may be in the information security field but how many of you know how to respond to a phishing and malware outbreak? It seems to be a common theme in companies that the ideal is that tools will be the end all be all in mitigating threats but the reality is that many times one will find themselves staring at a screen of alerts about malware and phishing waves coming in and no one really knows how to approach reversing the malware quickly and responding appropriately on a shoe string, which, many companies sadly find themselves doing. This workshop will show you how to triage a malware situation using tools and techniques easily found online. With a little know how and understanding of how malware works outside of the exotic APT you hear about, you too can learn how to respond without the benefit of a huge budget for security tools and even perhaps enough responders.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 19:15-19:59


7:15 PM: Medical Device Incident Response, Forensics, and ITs Challenges
Speaker: Sam Buhrow

Abstract: Performing incident response (IR) and forensics on Medical devices is met with unique challenges due to manufacturers focus on longevity, but not security. This creates an environment with OSs that are outdated, making live acquisitions almost impossible and conducting Dead Box forensics a standard practice. In this talk, we will cover some of the experiences we have had with medical device forensics, artifacts found (and not found), and the unique security concerns encountered.

Speaker Bio: Sam is a cybersecurity practitioner that has had the opportunity to do, manage, or lead nearly every role in cyber, and has been in every vertical except Energy. Sam was told he wouldnt go to college by his high school counselor. He graduated Summa Cum Laude.

Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Friday - 16:00-16:59


Title:
Medical Device Security


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 12:30-14:30


12:30 PM: Medical Simulations Panel
Speaker:
Abstract:
Speaker Bio:
T:

Return to Index    -    Add to    -    ics Calendar file

 

DC - Planet Hollywood - Firesides Lounge - Saturday - 20:00-21:59


Meet the EFF - Meetup Panel

Saturday at 20:00 in Firesides Lounge
120 minutes

Kurt Opsahl Deputy Executive Director And General Counsel, EFF

Camille Fischer Frank Stanton Fellow, EFF

Bennett Cyphers Staff Technologist, EFF

Nathan 'nash' Sheard Grassroots Advocacy Organizer, EFF

Shahid Buttar Panel Host and Director of Grassroots Advocacy, EFF

Join staffers at the Electronic Frontier Foundation—the nation's premier digital civil liberties group fighting for freedom and privacy in the computer age—for a candid chat about how the law is racing to catch up with technological change.

Then meet representatives from Electronic Frontier Alliance allied community and campus organizations from across the country. These technologists and advocates are working within their communities to educate and empower their neighbors in the fight for data privacy and digital rights.

This discussion will include updates on current EFF issues such as the government's effort to undermine encryption (and add backdoors), the fight for network neutrality, discussion of our technology projects to spread encryption across the Web and emails, updates on cases and legislation affecting security research, and much more.

Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law, surveillance and technology issues that are important to you.

Kurt Opsahl
Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders' Rights Project, and is representing several companies who are challenging National Security Letters. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation, and other online liability matters, including working on Kelly v. Arribasoft, MGM v. Groksterand CoStar v. LoopNet. For his work responding to government subpoenas, Opsahl is proud to have been called a "rabid dog" by the Department of Justice. Prior to Perkins, Opsahl was a research fellow to Professor Pamela Samuelson at the U.C. Berkeley School of Information Management & Systems. Opsahl received his law degree from Boalt Hall, and undergraduate degree from U.C. Santa Cruz. Opsahl co-authored "Electronic Media and Privacy Law Handbook." In 2007, Opsahl was named as one of the "Attorneys of the Year" by California Lawyer magazine for his work on the O'Grady v. Superior Courtappeal. In 2014, Opsahl was elected to the USENIX Board of Directors.

Camille Fischer
Camille Fischer is a Frank Stanton Fellow working on EFF’s free speech and government transparency projects. Camille came to EFF from D.C. where she worked in the Obama White House and in the Department of Commerce advocating for civil, human rights, and due process protections in national security and law enforcement policies. She also ran projects to increase consumer security and privacy, like the move to chip cards (sorry not sorry), and has war stories about ECPA Reform, MLATs, and encryption. Camille graduated from Georgetown University Law Center and the University of Georgia (Go Dawgs). She takes pics and bakes pies.

Bennett Cyphers
Bennett is an engineer on the Tech Projects team, where he works on Privacy Badger and HTTPS Everywhere.

Before EFF, Bennett was at Access Now and MIT, and he has a Master's of Engineering for work on privacy-preserving machine learning. He cares about privacy, transparency, data ownership, and digital equity. He wishes ad companies would kindly stop tracking everyone. Outside of work he has hobbies and likes fun.

Nathan 'nash' Sheard
As EFF's Grassroots Advocacy Organizer, nash works directly with community members and organizations to take advantage of the full range of tools provided by access to tech, while engaging in empowering action toward the maintenance of digital privacy and information security.

Shahid Buttar
Shahid leads EFF's grassroots, student, and community outreach efforts. He's a constitutional lawyer focused on the intersection of community organizing and policy reform as a lever to shift legal norms, with roots in communities across the country resisting mass surveillance. From 2009 to 2015, he led the Bill of Rights Defense Committee as Executive Director.

Outside of his work at EFF, Shahid also DJs and produces electronic music, writes poetry & prose, kicks rhymes, organizes guerilla poetry insurgencies, plays capoeira, speaks truth to power on Truthout, occasionally elucidates legal scholarship, and documents counter-cultural activism for the Burning Man Journal. He also serves on the Boards of Directors of Defending Rights and Dissent, the Center for Media Justice, and the Fund for Constitutional Government.


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Saturday - 15:00-15:30


Memhunter - Automated Hunting Of Memory Resident Malware At Scale

Saturday 15:00, Savoy Ballroom, Flamingo (Blue Team Village) (30M)

@marcosd4h is an experienced, self-motivated, and results-driven software architect who loves to program not only to create code but to create value. He has had extensive experience with heterogeneous technologies and computer architectures. Over his years of professional work experience, computer security has long been his passion - whether it has been around designing exploit prevention capabilities of an endpoint security solution, or doing vulnerability research on carrier-grade telco charging software, or analyzing an exploit/malware to create a detection signature, or just participating on CTFs for fun. Marcos is currently working at McAfee as a Software Architect, leading the development of the exploit-prevention technology components which are part of the company's next-generation flagship product called Endpoint Security (ENS). This product is currently deployed over millions of endpoints worldwide. Marcos also led the organization of the first-ever BSides conference in Cordoba, Argentina.

@chgaray is an experienced infosec analyst who drives strategic initiatives and provides thought leadership and insights regarding the ever-changing global threat landscape at Claro America Movil offices in South America. He organized the 1hackparaloschicos local security conferences in the past, and now he is working on the organization of the first-ever BSides conference in Cordoba, Argentina.

Memhunter is an endpoint sensor tool specialized in detecting memory-resident malware. The detection process is performed through a combination of endpoint data collection and memory inspection scanners. Memhunter automates the detection of memory resident malware at scale. The tool is a standalone binary that, upon execution, deploys itself as a windows service. Once running as a service, memhunter starts the collection of ETW events that might indicate code injection attacks. The live stream of collected data events is feed into memory inspection scanners that use detection heuristics to down select the potential attacks to the one that represents actual fileless threats. The entire detection process does not require human intervention, neither memory dumps, and it can be performed by the tool itself, at scale, improving the threat hunting analysis process and remediation times.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 6 - Saturday - 10:00 - 11:50


Memhunter - Automated hunting of memory resident malware at scale

Saturday from 10:00 – 11:50 in Sunset 6 at Planet Hollywood
Audience: Defense

Marcos Oviedo

Memhunter is an endpoint sensor tool specialized in detecting memory-resident malware. The detection process is performed through a combination of endpoint data collection and memory inspection scanners. The tool is a standalone binary that, upon execution, deploys itself as a windows service. Once running as a service, memhunter starts the collection of ETW events that might indicate code injection attacks. The live stream of collected data events is feed into memory inspection scanners that use detection heuristics to down select the potential attacks. The entire detection process does not require human intervention, neither memory dumps, and it can be performed by the tool itself, at scale, improving the threat hunting analysis process and remediation times. The tool was designed as a replacement of memory forensic mechanisms such as volatility malfind and hollowfind plugins, which requires human analysis and memory dumps to find suspicious artifacts on memory. Besides the data collection and hunting heuristics, the project has also led to the creation of a companion tool called minjector that contains +20 code injection techniques. The minjector tool can be used to exercise memhunter detections, and as a one-stop learning solution on well-known code injection techniques out there.

https://github.com/marcosd4h/memhunter

Marcos Oviedo
Marcos Oviedo is an experienced, self-motivated, and results-driven software architect who loves to develop software not only to create code but to create value. He has had extensive experience with heterogeneous technologies and computer architectures. Over his years of professional work experience, computer security has long been his passion—whether it has been around designing exploit prevention capabilities of an endpoint security solution, or doing vulnerability research on carrier-grade telco charging software, or just participating on CTFs for fun. Marcos is currently working as an Endpoint Software Architect at McAfee. Marcos also organized the first-ever BSides conference in Cordoba, Argentina.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Saturday - 11:00-11:45


Meticulously Modern Mobile Manipulations

Saturday at 11:00 in Track 4
45 minutes | Demo

Leon Jacobs Researcher - SensePost

Mobile app hacking peaked in 2015 with tools like keychain-dumper & ssl-kill-switch released but requiring jailbroken/rooted devices. Back then, wresting the power to understand & modify apps on our devices from dystopian looking mega corps was our cause. As jailbreaks became infrequent, the hackers’ arsenal was left behind. While this is progress against dark uses of hacking, done to protect our freedom fighters, how can hackers still hold power to account? Can we still find flaws in apps/devices & live up to the protections the technology promises?

Enter runtime binary instrumentation with Frida. It’s possible to analyze apps in their final state when executed on real hardware running the latest iOS/Android with no jailbreaks. This fills a gap between source analysis & debuggers. But, simply enumerating app classes requires studying multiple blogs & a deep read of the docs. We created Objection to simplify this & hide the boilerplate so hackers could focus on unravelling apps. But, many people still rely on simple hacks & automation & rarely use new advanced techniques such as reflectively inspecting live heap objects, canary execution tracing, runtime memory edits and filesystem exploration.

We’ll show hackers, malware researchers & security engineers how to use these advanced mobile hacking techniques.

Leon Jacobs
Leon has been hacking for over a decade. He’s plied his trade at SensePost for the last three having previously worked for a bank and ISP in South Africa. Leon spends most of his daytime hours hacking large networks or web and mobile applications. Leon spends most of his nighttime hours building hacking tools and techniques to contribute back to the community.

Twitter: @leonjza


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 13:00-12:59


Migrating to quantum-safe cryptography to protect against the quantum hackers

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Lake Mead I - Saturday - 10:00-13:59


Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments

Saturday, 1000-1400 in Flamingo, Lake Mead I

Richard Gold Hacker

MacOS has a strong reputation for security and comes with many restrictions such as the usage of an App Store to prevent malicious code being installed. However, we have found that since MacOS is the minority platform for many software packages and security platforms, it rarely gets the same attention from security vendors as Windows. This workshop will teach you to exploit that lack of attention from software like Microsoft Office and security platforms like a leading EDR solution to break in and out of a MacOS estate. The principles also apply to other *nix environments like Linux.

We will walk you through how to use open source tools, both unmodified and customized, can be used to take advantage of the difference in capability, e.g., script detection, between Windows and non-Windows platforms. We will show you how to map out an environment, how to gain code execution in multiple ways, grab credentials, find files, collect screenshots and webcam shots and exfiltrate the loot while remaining undetected.

The key takeaway is that despite the myriad of operating system security features present in MacOS and Linux, and the addition of EDR, protected MacOS or Linux environments can still be compromised by a diligent attacker using open source tooling. This workshop will show you how!

[Unfortunately we cannot provide an EDR system for you to play with, so please bring your own or practice the techniques without that particular opponent.]

Skill Level Intermediate

Prerequisites: Intermediate command line skills with *nix-style environments like MacOS or Linux

Materials: Their own MacOS laptop. Preferably with an EDR solution in place, but the principals will still be valid without one. Microsoft Office is strongly recommended for the client-side attacks.

Max students: 40

Registration: https://www.eventbrite.com/e/mind-the-gap-between-attacking-windows-and-mac-breaking-in-and-out-of-protected-macos-environments-tickets-63608046379
(Opens 8-Jul-19)

Richard Gold
Richard Gold is a hands-on information security professional, who has over a decade's worth of experience in understanding and securing computer networks. With his background as a Certified SCADA Security Architect and a Ph.D. in Computer Networking, Richard uses knowledge he's gained from breaking into systems to better detect and protect networks, as well as build custom tooling. He regularly speaks on these topics at industry events, universities, and in the media.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Sunday - 10:25-10:59


LIVE TOOL DEMO

Mining for Gold: A Framework for Accessing Pastebin’s Hidden Treasures

1025 - 1100


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Sunday - 10:00-11:50


Speaker: Cheryl Biswas

Twitter: @3ncr1pt3d

Abstract: Cloud. It's the land of opportunity. Enterprises are doing mass migrations from older and legacy systems to harness greater power and efficiency from innovative new tech. Following that money trail are opportunistic attackers, seeking the computing strength and near-invisibility afforded by enterprise cloud environments to mine bitcoin. Cryptominers are everywhere. And yes, Virginia, they are in the Cloud.
These nebulous power-rich realms let attackers set up mining rigs to feast on enterprise resources, while flying below the detection of cloud or conventional security resources. The concern here is that once attackers gain access to our networks, they can pivot and move laterally, to find even greater reward in the vast amounts of data available. Let's talk about what we do and don't know when it comes to securing our cloud environments against malicious miners. Because it isn't just a question of what they can take – it's about the payloads they can leave behind.
Introduction: (5 min)
• Enterprise and Cloud: If you work for a major organization, you're probably undergoing or have just gone through a major migration to the Cloud. This is the big push according to a recent Gartner report, with 37% of enterprises reporting it as their top priority, and ranking at 39% for CIOs, ahead of cybersecurity (why are we not surprised).
• An Evolution of Evil: the rise of miners. Easy to get into. Low bar for entry. Starter toolkits cost $30 online. Cryptojacking increased by 4000% in 2018.
• Major miners like XMRig
• Main attack vectors: brute force credentials for access; leverage multiple vulnerabilities for access and movement internally.
• Motivation: almost 100% return on investment. No overhead
Miners in the Sky: (5 min)
• Why it's expected to continue
o The return on investment is lucrative in terms of computing power
o Lack of detection
• Most organizations don't have mature cloud security programs. By design, yes, in reality – not so much. Cloud has huge amounts of processing power with built-in auto-scaling
• attackers can operate with almost no detection
• The bigger the account, the longer attackers can go
• Enterprises are migrating to the Cloud. We love our containers: Docker, AWS, Azure.
Charting the rise of malicious miners in cloud environments by attacks: (10 min)
Overview of what we're seeing:
• attacks on containers and container management
• control panel exploitation
• theft of APIs
• spreading malicious Docker images
• leveraging current and older enterprise vulnerabilities
• EternalBlue
Let's Start Here: The attack on Tesla's AWS S3 public cloud in February 2018. Researchers at RedLock found mining malware from a wide-spread, well-concealed cryptomining campaign in Tesla's AWS cloud. RedLock found it when they scanned public internet for misconfigured and unsecured cloud servers – there's been a few of those. They saw an open server. Further investigation revealed it was running Kubernetes, the open source admin console for cloud application mgmt., which was doing cryptomining. The Kubernetes console was not password protected. The attackers found login credentials for Tesla's AWS in one of the pods. They went from there to deploy malware scripts for Stratum bitcoin mining.
Abusing exposed Docker APIs: Hundreds of vulnerable and exposed Docker hosts were abused in cryptojacking campaigns in March this year. Attackers exploited CVE-2019-5736, a runc vulnerability identified in February, that could trigger a container escape. Now, that kind of defeats the whole purpose of having a container when it means the attacker can access the host filesystem and overwrite the runc binary to run arbitrary commands on the host. Attackers scan for exposed Docker APIs on port 2375. They deployed malicious self-propagating Docker images infected with malware to load Monero miners and find other vulnerable targets via Shodan. External access to API ports will enable attackers to gain ownership of the host. They can tamper with instances running inside, drop malware, access user's servers and resources. Discussion point: Misconfiguration is prevalent – why? How can we help users do this better?
Uninstalling Cloud Security: A new cryptomining malware family that targets Linux servers gained admin rights on systems by uninstalling cloud security products. We'll talk about the Chinese-language threat actor behind this and other attacks, Rocke group. Consider how nation-state adversaries and advanced persistent threats (APTs) could seek to leverage this kind of attack in sophisticated campaigns.
Discussion point: We've seen conventional malware evade and disable existing AV. If we can't detect it, how do we protect against it? How are we extending this to malware targeting Cloud?
Targeting Elasticsearch servers: in the “Cryptosink” campaign, attackers exploit a five year old vulnerability that could lead to executing arbitrary Java code, CVE-2014-3120, that affects Elasticsearch running on both Windows and Linux platforms. They download malware that has not been detected by AV on Linux. The attackers backdoor the servers for future access, eliminate competitors on the infected system by redirecting their mining pool traffic to a sinkhole, and achieve persistence by replacing the Linux remove command.
What else could be at risk: Abusing instant metadata API. This functionality is offered by all cloud providers. If it isn't secured or monitored well, and attacker can exploit it via vulnerable reverse proxies or malicious Docker images.
What could this lead to: Once attackers are in your network, they aren't limited to just mining Monero. They have access to all your data-rich environments. If the attacker is looking for satisfaction that money can't buy, yes they can deliver a very damaging payload with ransomware or worse. Think NotPetya.
Review of Vulnerabilities & Exploits: (5 min)
• Misconfiguration: security researcher and attackers are actively seeking and finding many exposed and unsecured instances online. Human error is at the brunt of things, but Cloud isn't traditional infrastructure. It's a complex, dynamic network that requires specialized knowledge and training to do configuration right.
• EternalBlue: believe it. There are still plenty of unpatched instances out there and attackers continue to leverage this exploit to gain access, spread and move laterally within networks
• Oracle WebLogic vulnerability CVE-2019-2725: There have been a series of critical vulnerabilities in this popular enterprise software
• Remote code execution: Miners have been using a group of vulnerabilities for RCE as initial access and more
o CVE-2012-0874: JBoss Enterprise Application Platform Multiple Security Bypass Vulnerabilities.
o CVE-2010-1871: JBoss Seam Framework
o JBoss AS 3/4/5/6: CVE-2017-10271: Oracle WebLogic wls-wsat Component Deserialization RCE
o CVE-2018-2894: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware.
o Hadoop YARN ResourceManager - Command Execution
o CVE-2016-3088: Apache ActiveMQ Fileserver File Upload
• PSMiner targets known vulnerabilities in Elasticsearch, Hadoop, PHP, Oracle WebLogic
• Fake certificates: attackers increasingly use this to evade detection and infiltrate conventional systems. How can we apply what we're learning to protect in the Cloud?
What we can do: (5 min)
• Countermeasures:
o rotate access keys
o restrict outbound traffic
o cryptojacking blockers for Web browsers
• Monitoring user behavior
• Follow the principle of least privilege when issuing credentials
• EternalBlue is still actively leveraged against vulnerable systems. Think third party compromise
• Visibility. Be able to see down to the process level.
• Micro-segmentation to control lateral movement and spread
• Apply, monitor and enforce best practices
• Resources like Yara rules to detect miners (will make available)
• Unusual deletions or spinning up containers
• IoCs
Conclusion and Q&A

About Cheryl: Cheryl Biswas, aka 3ncr1pt3d, is a Strategic Threat Intel Analyst with a major bank in Toronto, Canada. Cheryl has experience with security audits and assessments, privacy, DRP, project management, vendor management and change management. She has an ITIL certification and a degree in Political Science. She is actively involved in the security community as a speaker and a volunteer at conferences and encourages women and diversity in Infosec as a founding member of the "The Diana Initiative".


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 15:00-14:59


MITM mixed mode butterfly key privacy attack

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Lake Mead II - Saturday - 14:30-18:30


Modern Debugging^HWarfare with WinDbg Preview

Saturday, 1430-1830 in Flamingo, Lake Mead II

Chris Alladoum Security Researcher, Sophos Labs

Axel Souchet Hacker

It's 2019 and yet too many Windows developers and hackers alike rely on (useful but rather) old school tools for debugging Windows binaries (OllyDbg, Immunity Debugger). What they don't realize is that they are missing out on invaluable tools and functionalities that come with Microsoft newest WinDbg Preview edition. This hands-on workshop will attempt to level the field, by practically showing how WinDbg has changed to a point where it should be the first tool to be installed on any Windows (10) for binary analysis machine: after a brief intro to the most basic (legacy) commands, this workshop will focus around debugging modern software (vulnerability exploitation, malware reversing, DKOM-based rootkit, JS engine) using modern techniques provided by WinDbg Preview (spoiler alert to name a few, JavaScript, LINQ, TTD). By the end of this workshop, trainees will have their WinDbg-fu skilled up.

Skill Level Intermediate

Prerequisites: familiarity with Windows platform and kernel debugging
basic knowledge of debuggers (pref. WinDbg)
basic knowledge of JavaScript

Materials: Any modern laptop with at least one Windows 10 VM guest (pref. 2 for kdnet remote debugging, but can work out with lkd). Also need Internet access.

Max students: 20

Registration: https://www.eventbrite.com/e/modern-debugginghwarfare-with-windbg-preview-lake-mead-ii-tickets-63998510267
(Opens 8-Jul-19)

Chris Alladoum
Chris is a security researcher and part of the Offensive Security team at Sophos Labs in Vancouver, Canada. His focus are around reverse-engineering and exploitation, Windows and Linux OS internals, writing code and CTFs.

Axel Souchet
Axel is a computer and security enthusiast _.


Return to Index    -    Add to    -    ics Calendar file

 

RGV - Flamingo - 3rd Floor - Carson City II - Friday - 14:00-14:59


Title:
Modern Rogue

Brian Brushwood of the Modern Rogue discuss some of their unique applications of and approaches to being a Rogue in the present day.
Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Friday - 13:00-13:45


More Keys Than A Piano: Finding Secrets In Publicly Exposed Ebs Volumes

Friday at 13:00 in Track 4
45 minutes | Demo, Tool

xBen "benmap" Morris Security Associate, Bishop Fox

Did you know that Elastic Block Storage (Amazon EBS) has a "public" mode that makes your virtual hard disk available to anyone on the internet? Apparently hundreds of thousands of others didn't either, because they're out there exposing secrets for everyone to see.

I tore apart the petabytes of data for you and have some dirty laundry to air: encryption keys, passwords, authentication tokens, PII, you name it and it's here. Whole (virtual) hard drives to live sites and apps, just sitting there for anyone to read. So much data in fact that I had to invent a custom system to process it all.

There's a massive Wall of Sheep out there on the internet, and you might not have even noticed that you're on it. Actually, you should stop reading and go check that out right now.

xBen "benmap" Morris
Ben Morris is a Security Associate at Bishop Fox, a consulting firm providing cybersecurity services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he focuses on application penetration testing, network penetration testing, and red-teaming.

Ben also enjoys performing drive-by pull requests on security tools and bumbling his way into vulnerabilities in widely used PHP and .NET frameworks and plugins. Ben has also contributed to Root the Box, a capture the flag security competition.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 15:00-15:45


MOSE: Using Configuration Management for Evil

Friday at 15:00 in Track 1
45 minutes | Demo, Tool

Jayson Grace Penetration Tester, Splunk

Configuration Management (CM) tools are used to provision systems in a uniform manner. CM servers are prime targets for exploitation because they are connected with key machines. The tools themselves are powerful from a security standpoint: they allow an attacker to run commands on any and every connected system. Unfortunately, many security professionals do not have CM experience, which prevents them from using these tools effectively. MOSE empowers the user to weaponize an organization’s CM tools without having to worry about implementation-specific details.

MOSE first creates a binary based on user input. Once transferred to the CM server and run, this binary dynamically generates code that carries out the desired malicious behavior on specified systems. This behavior can include running arbitrary system commands, creating or deleting files, and introducing backdoors. MOSE puts the generated code in the proper place so that all targeted systems will run it on their next check-in with the server, removing the need for the user to integrate it manually.

CM tools are a powerful resource, but they have a barrier to entry. MOSE aims to remove this barrier and make post exploitation more approachable by providing a tool to translate the attacker's desired task into commands executable by the CM infrastructure.

Jayson Grace
Jayson Grace is a Penetration Tester on the Product Security Team at Splunk. Previously he founded and led the Corporate Red Team at Sandia National Laboratories. He holds a BS in Computer Science from the University of New Mexico, which gave him some great knowledge and also made him fatter and added a bunch of grey hairs. He has also previously worked as a tool developer, system administrator, and DevOps engineer. Jayson is passionate about empowering engineers to create secure applications, as well as coming up with novel automation methods to break things.

Twitter: @Jayson_Grace
Website: https://techvomit.net


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 16:00-17:59


Speaker: Andrew Krug

Twitter: @andrewkrug

In this workshop, you learn about open-source projects and how they can support your security detection and response in the cloud. Learn how open-source technologies can help you assess and deal with incidents in your environment. Look at automated response, and learn how to respond to and remediate issues in your cloud environment using open-source systems, specifically Mozilla MozDef : Enterprise Defense Platform.

About Andrew: Andrew Krug is the founder of open source project ThreatResponse which includes popular tools like AWS_IR and MargaritaShotgun. Krug works as a Staff Security Engineer at Mozilla focused on Identity and Access Management and Cloud Security. Previously Krug has been a re: Invent, re: Inforce, BlackHat, BSides PDX speaker, and more.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Saturday - 24:00-24:59


Title:
Music - Acid-T A.K.A. DJ SmOke

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Thursday - 22:00-22:59


Title:
Music - Archwisp


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Napoleon's Piano Bar - Friday - 25:00-25:59


Title:
Music - ASHSLAY

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Saturday - 25:00-25:59


Title:
Music - Clockwork Echo

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Thursday - 23:00-23:59


Title:
Music - Ctrl


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Napoleon's Piano Bar - Friday - 23:00-23:59


Title:
Music - DJ SmOke

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Friday - 24:00-24:59


Title:
Music - DJ St3rling

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Napoleon's Piano Bar - Friday - 24:00-24:59


Title:
Music - DJ Wil Austin

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Friday - 25:00-25:59


Title:
Music - DJ%27

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Saturday - 22:00-22:59


Title:
Music - Icetre Normal

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Friday - 22:00-22:59


Title:
Music - Icetre Normal

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Saturday - 21:00-21:59


Title:
Music - Kampf

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Friday - 23:00-23:59


Title:
Music - Miss Jackalope

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Thursday - 24:00-24:59


Title:
Music - Rodman


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Napoleon's Piano Bar - Friday - 22:00-22:59


Title:
Music - S7a73farm

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Saturday - 23:00-23:59


Title:
Music - Scotchandbubbles

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Thursday - 25:00-25:59


Title:
Music - Seeker


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Napoleon's Piano Bar - Friday - 21:00-21:59


Title:
Music - Steph Infection

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Friday - 21:00-21:59


Title:
Music - Terrestrial Access Network

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Thursday - 21:00-21:59


Title:
Music - Tineh Nimjeh


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Friday - 16:00-16:30


Nation State Supply Chain Attacks for Dummies -or- Chipping Cisco Firewalls

August 9, 2019 4:00 PM

Back in October 2018, Bloomberg recounted a Chinese supply-chain attack on Supermicro motherboards used in servers for Amazon, Apple and more. Here is how I replicated it, on a Cisco firewall, with a shoestring budget, and how you can too.

Speaker Information

Panelist Information

Monta Elkins

Coke & Strippers YouTube Channel

The award winning Monta Elkins is known as the infamous creator of the diet Coke and wire Strippers electronics youtube channel, aka Coke & Strippers for short: https://tinyurl.com/y6vpmbw4 As a small child, Monta entertained himself by memorizing Pi -- backwards


Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Saturday - 16:00-16:59


Title:
National Collegiate Penetration Testing Competition & Ethical Challenges


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Saturday - 14:00-14:45


Next Generation Process Emulation with Binee

Saturday at 14:00 in Track 4
45 minutes | Demo, Tool

Kyle Gwinnup Senior Threat Researcher, Carbon Black

John Holowczak Threat Researcher

The capability to emulate x86 and other architectures has been around for some time. Malware analysts have several tools readily available in the public domain. However, most of the tools stop short of full emulation, halting or doing strange things when emulating library functions or system calls not implemented in the emulator. In this talk we introduce a new tool into the public domain, Binee, a Windows Process emulator. Binee creates a nearly identical Windows process memory model inside the emulator, including all dynamically loaded libraries and other Windows process structures. Binee mimics much of the OS kernel and outputs a detailed description of all function calls with human readable parameters through the duration of the process. We've designed Binee with two primary use cases in mind; data extraction at scale with a cost and speed similar to common static analysis tools, and second, for malware analysts that need a custom operating system and framework without the overhead of spinning up various configurations of virtual machines. Currently Binee can run on Windows, OS X, and Linux.

Kyle Gwinnup
Kyle is a Senior Threat Researcher in Carbon Black's TAU team. He has over 10 years of experience in many areas of computer science and IT. Prior to Carbon Black, Kyle worked in finance and with the DoD in various roles ranging from network/systems administrator, software engineer, reverse engineer, penetration tester and offensive tool developer. At Carbon Black, Kyle's focus is on large scale program analysis, primarily static but moving asymptotically toward dynamic analysis.

Twitter: @switchp0rt

John Holowczak
John is a Threat Researcher on Carbon Black's Threat Analysis Unit, focusing on automation of threat detection and building out infrastructure for large scale malware analysis. Within the field of threat detection and analysis, John specializes his research in binary classification, dynamic analysis and reverse engineering.

Twitter: @skipwich


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 13:00-13:45


No Mas – How One Side-Channel Flaw Opens Atm, Pharmacies and Government Secrets Up to Attack

Friday at 13:00 in Track 3
45 minutes | Demo, Exploit

phar ioactive

Hacking ‘high security’ electronic locks has become a bit of a hobby, but what if you identify an unpatchable design pattern that unlocks buckets of cash and government secrets? How long do wait before telling ‘people’? let’s talk about how these locks are designed, where they fail and we can rip this band-aid off together.

phar
Mike Davis is a hardware security researcher and consultant with IOActive, and for some reason still responds to ‘phar’.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Saturday - 16:00-17:45


NOC NOC. Who's there? All. All who? All the things you wanted to know about the DEF CON NOC and we won't tell you about

Saturday at 16:00 in Track 2
105 minutes

The DEF CON NOC

It's been a while, something like DEF CON 19, since we had the chance to have more than a few minutes at closing ceremonies to talk to everyone about the DEF CON NOC. It is not uncommon for people during the show or throughout the year to come to us asking things here and there about the DEF CON network. Come see all the DEF CON NOC team on stage, yes, those you usually don't see anywhere during the show, because, well, we're making sure packets are flowing and people are interneting. Come learn what we do, how we do it and possibly answer any questions that you might have about the "most hostile network in the planet".

The DEF CON NOC
@DEFCON_NOC, @effffn, @macmceniry, @Mike_Moore, @mansimusa, @c7five, @_CRV, @jaredbird, all the other NOC members who refuse to share their twitter handles and our very special guest Lord Raytheon


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 15:00-15:59


Old Tech vs New Adversaries. Round 1... Fight!

Joseph Muniz, Security Architect at Cisco
Aamir Lakhani, Lead Researcher at Fortinet

Security venders are struggling to keep up with the tactics used by adversaries. What happens when you use really old technology as a security strategy rather than bleeding edge tech? Can ransomware infect a Commodore 64 or Windows 3.0? What happens when malware attempts to compromise a Sega Genesis? Could an adversary successfully pivot and exfiltrate data from a network running CatOS? This talk will answer these and other questions regarding how modern threats react to really old technology. Research includes running various forms of modern malware on old technologies as well as permitting cybercriminals access to really old networks to see how they handle the situation. Speakers are authors of a handful of books including a recent title on digital forensics.

Joseph Muniz (Twitter: @SecureBlogger) and Aamir Lakhani (Twitter: @aamirlakhani) together have spoken at various conferences including the infamous Social Media Deception RSA talk quoted by many sources found by searching "Emily Williams Social Engineering". Both speakers have written books together including a recent title "Digital Forensics for Network Engineers" released on Cisco Press late February 2018. They have been friends for years and continue to collaborate on research and other projects.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 10:00-10:15


10:00 AM: Opening Words
Welcome to the Biohacking Village!

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Sunday - 10:00-10:15


10:00 AM: Opening Words
Welcome to the Biohacking Village!

Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 6 - Friday - 14:00 - 15:50


OSfooler-NG: Next Generation of OS fingerprinting fooler

Friday from 14:00 – 15:50 in Sunset 6 at Planet Hollywood
Audience: Defense

Jaime Sanchez

An outsider has the capability to discover general information, such as which operating system a host is running, by searching for default stack parameters, ambiguities in IETF RFCs or non-compliant TCP/IP implementations in responses to malformed requests. By pinpointing the exact OS of a host, an attacker can launch an educated and precise attack against a target machine. There are lot of reasons to hide your OS to the entire world: Revealing your OS makes things easier to find and successfully run an exploit against any of your devices. Having and unpatched or antique OS version is not very convenient for your company prestige. Imagine that your company is a bank and some users notice that you are running an unpatched box. They won't trust you any longer! In addition, these kind of 'bad' news are always sent to the public opinion. Knowing your OS can also become more dangerous, because people can guess which applications are you running in that OS (data inference). For example if your system is a MS Windows, and you are running a database, it's highly likely that you are running MS-SQL. It could be convenient for other software companies, to offer you a new OS environment (because they know which you are running). And finally, privacy; nobody needs to know the systems you've got running. OSfooler was presented at Blackhat Arsenal 2013. It was built on NFQUEUE, an iptables/ip6tables target which delegate the decision on packets to a userspace. It transparently intercepted all traffic that your box was sending in order to camouflage and modify in real time the flags in TCP/IP packets that discover your system. OSfooler-NG has been complete rewriten from the ground up, being highly portable, more efficient and combining all known techniques to detect and defeat at the same time: Active remote OS fingerprinting: like Nmap Passive remote OS fingeprinting: like p0f v2 Commercial engines like Sourcefire’s FireSiGHT OS fingerprinting Some additional features are: No need for kernel modification or patches Simple user interface and several logging features Transparent for users, internal process and services Detecting and defeating mode: active, passive & combined Will emulate any OS Capable of handling updated nmap and p0f v2 fingerprint database Undetectable for the attacker

https://github.com/segofensiva/OSfooler-ng

Jaime Sanchez
Jaime Sánchez (aka @segofensiva) has worked for over 20 years as a specialist advisor for large national and international companies, focusing on different aspects of security such as consulting, auditing, training, and ethical hacking techniques. He holds a Computer Engineering degree and an Executive MBA. In addition, he holds several certifications, like CISA , CISM , CISSP , just to name a few, and a NATO SECRET security clearance, as a result of his role as advisory of many law enforcement organizations, banks and large companies in Europe and Spain. He has spoken in renowned security conferences nationally and internationally, as in RootedCON , Nuit du Hack , Black Hat , Defcon , DerbyCON , NocOnName , Deepsec , Shmoocon or Cyber Defence Symposium , among others. As a result of his researches, he has notified security findings and vulnerabilities to top companies and vendors, like Banco Popular, WhatsApp, Snapchat, Microsoft, Apple etc. He is a frequent contributor on TV (TVE, Cuatro, LaSexta, Telecinco), press (El Pais, El Mundo, LA Times, NBC News) and radio programs, and writes a blog called 'SeguridadOfensiva'


Return to Index    -    Add to    -    ics Calendar file