Talk/Event Schedule


Friday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Friday - 06:00


Return to Index  -  Locations Legend
Meetups - outside [TBD location] - 2019 8th Annual Defcon Bike Ride -
Meetups - Paris - Outside at base of Eiffel Tower - DEFCON 27 4X5K run -

 

Friday - 07:00


Return to Index  -  Locations Legend
Meetups - outside [TBD location] - cont...(06:00-07:59) - 2019 8th Annual Defcon Bike Ride -

 

Friday - 09:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - (09:50-09:59) - Welcome Note
BTVW - Flamingo - 3rd Floor- Savoy Room - Threat Hunting With The Elastic Stack - CyberPraesidium, politoinc
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - Threat Hunting With ATT&CK On Splunk
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - Deep Infrastructure Visibility With Osquery And Fleet - thezachw
PHVW - Bally's - Indigo Tower - 26th Floor - Reverse Engineering Malware 101 - Amanda Rousseau
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Kube-Red C2 Operations on Kubernetes - Larry Suto

 

Friday - 10:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - Keynote
BCV - Flamingo 3rd Floor - Laughlin III Room - (10:50-11:40) - A Smart Contract Killchain. How the first Blockchain APT was caught - Rod Soto&Victor Fang
BHV - Planet Hollywood - Melrose 1-3 Rooms - Opening Words
BHV - Planet Hollywood - Melrose 1-3 Rooms - (10:15-10:59) - Employ Cybersecurity Techniques Against the Threat of Medical Misinformation - Eric D Perakslis
BTVW - Flamingo - 3rd Floor- Savoy Room - cont...(09:00-12:59) - Threat Hunting With The Elastic Stack - CyberPraesidium, politoinc
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - cont...(09:00-10:59) - Threat Hunting With ATT&CK On Splunk
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - cont...(09:00-12:59) - Deep Infrastructure Visibility With Osquery And Fleet - thezachw
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Giving Cops the Finger: Compelled Device Decryption and the Fifth Amendment - Riana Pfefferkorn
DC - Paris - Track 1 - Behind the Scenes of the DEF CON 27 Badge - Joe Grand (Kingpin)
DC - Paris - Track 2 - Hacking Congress: The Enemy Of My Enemy Is My Friend - Former Rep. Jane Harman, Rep. James Langevin, Jen Ellis, Cris Thomas, Rep. Ted Lieu
DC - Paris - Track 3 - Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware - Olivier Bilodeau, Masarah Paquet-Clouston
DC - Paris - Track 4 - Duplicating Restricted Mechanical Keys - Bill Graydon, Robert Graydon
DL - Planet Hollywood - Sunset 1 - Antennas for Surveillance applications - Kent Britain, Alexander Zakharov
DL - Planet Hollywood - Sunset 2 - PhanTap (Phantom Tap) - Diana Dragusin, Etienne Champetier
DL - Planet Hollywood - Sunset 3 - BEEMKA – Electron Post-Exploitation Framework - Pavel Tsakalidis
DL - Planet Hollywood - Sunset 4 - Reverse Engineering Embedded ARM with Ghidra - Max Compston
DL - Planet Hollywood - Sunset 5 - Hachi: An Intelligent threat mapper - Parmanand Mishra
DL - Planet Hollywood - Sunset 6 - soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend - Hyunjun Park, Soyeon Kim
PHVT - Bally's - Indigo Tower - 26th Floor - 4 years and 10,000+ Hours Later: Lessons Learned from Running a National Penetration Testing Competition - Tom Kopchak and Dan Borges
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(09:00-11:59) - Reverse Engineering Malware 101 - Amanda Rousseau
RCV - Planet Hollywood - Celebrity 5 Ballroom - (10:20-10:59) - The OSINT Space is Growing! Are we Ready? - Adrian Korn
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (10:30-11:30) - Puny Charge your Phishing Campaigns - Michael Wylie
WS - Flamingo - Lower Level - Red Rock I - Evil Mainframe Jr: Mainframe hacking from recon to privesc - Soldier of Fortran, Big Endian Smalls
WS - Flamingo - Lower Level - Red Rock II - Malware Triage - Analyzing The Modern Malware Delivery Chain - Sergei Frankoff, Sean Wilson
WS - Flamingo - Lower Level - Red Rock III - Understanding and Analyzing Weaponized Carrier Files - Ryan Chapman
WS - Flamingo - Lower Level - Red Rock IV - Finding Vulnerabilities at Ecosystem-Scale - Isaac Evans
WS - Flamingo - Lower Level - Red Rock V - Hacking ICS: From Open Source Tools to Custom Scripts - Valerie Thomas, Harry Regan, Harry Thomas
WS - Flamingo - Lower Level - Red Rock VI - Hands on Adversarial Machine Learning - Yacin Nadji
WS - Flamingo - Lower Level - Red Rock VII - Exploit Development for Beginners - Sam Bowne, Elizabeth Biddlecome

 

Friday - 11:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(10:50-11:40) - A Smart Contract Killchain. How the first Blockchain APT was caught - Rod Soto&Victor Fang
BCV - Flamingo 3rd Floor - Laughlin III Room - (11:40-11:59) - Contest Announcement
BHV - Planet Hollywood - Melrose 1-3 Rooms - From buffer overflowing genomics tools to securing biomedical file formats - Corey M. Hudson
BHV - Planet Hollywood - Melrose 1-3 Rooms - (11:45-12:30) - How to Get Your Ass Kicked and Like It; Experiential Learning Through Gamification - Corey M. Hudson
BTVW - Flamingo - 3rd Floor- Savoy Room - cont...(09:00-12:59) - Threat Hunting With The Elastic Stack - CyberPraesidium, politoinc
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - (11:30-13:29) - The "Art" of BEC
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - cont...(09:00-12:59) - Deep Infrastructure Visibility With Osquery And Fleet - thezachw
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Implementing a Zero Knowledge Proof or, How to Write Bulletproofs in Rust - Cathie Yun
DC - Paris - Track 1 - Don't Red-Team AI Like a Chump - Ariel Herbert-Voss
DC - Paris - Track 2 - The Tor Censorship Arms Race: The Next Chapter - Roger Dingledine
DC - Paris - Track 3 - All the 4G modules Could be Hacked - XiaoHuiHui, Ye Zhang, ZhengHuang
DC - Paris - Track 4 - Evil eBPF In-Depth: Practical Abuses of an In-Kernel Bytecode Runtime - Jeff Dileo
DL - Planet Hollywood - Sunset 1 - cont...(10:00 - 11:50) - Antennas for Surveillance applications - Kent Britain, Alexander Zakharov
DL - Planet Hollywood - Sunset 2 - cont...(10:00 - 11:50) - PhanTap (Phantom Tap) - Diana Dragusin, Etienne Champetier
DL - Planet Hollywood - Sunset 3 - cont...(10:00 - 11:50) - BEEMKA – Electron Post-Exploitation Framework - Pavel Tsakalidis
DL - Planet Hollywood - Sunset 4 - cont...(10:00 - 11:50) - Reverse Engineering Embedded ARM with Ghidra - Max Compston
DL - Planet Hollywood - Sunset 5 - cont...(10:00 - 11:50) - Hachi: An Intelligent threat mapper - Parmanand Mishra
DL - Planet Hollywood - Sunset 6 - cont...(10:00 - 11:50) - soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend - Hyunjun Park, Soyeon Kim
ETV - Flamingo - 3rd Floor - Reno II Room - Keynote: A Rant on Ethical Discolsure -
PHVT - Bally's - Indigo Tower - 26th Floor - Hacking Kubernetes: Choose Your Own Adventure Style - Jay Beale
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(09:00-11:59) - Reverse Engineering Malware 101 - Amanda Rousseau
RCV - Planet Hollywood - Celebrity 5 Ballroom - A URL Shortened By Any Other Name - Master Chen
RCV - Planet Hollywood - Celebrity 5 Ballroom - (11:40-12:20) - Building an OSINT and Recon Program to address Healthcare Information Security issues - MITCHELL PARKER
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(10:30-11:30) - Puny Charge your Phishing Campaigns - Michael Wylie
WS - Flamingo - Lower Level - Red Rock I - cont...(10:00-13:59) - Evil Mainframe Jr: Mainframe hacking from recon to privesc - Soldier of Fortran, Big Endian Smalls
WS - Flamingo - Lower Level - Red Rock II - cont...(10:00-13:59) - Malware Triage - Analyzing The Modern Malware Delivery Chain - Sergei Frankoff, Sean Wilson
WS - Flamingo - Lower Level - Red Rock III - cont...(10:00-13:59) - Understanding and Analyzing Weaponized Carrier Files - Ryan Chapman
WS - Flamingo - Lower Level - Red Rock IV - cont...(10:00-13:59) - Finding Vulnerabilities at Ecosystem-Scale - Isaac Evans
WS - Flamingo - Lower Level - Red Rock V - cont...(10:00-13:59) - Hacking ICS: From Open Source Tools to Custom Scripts - Valerie Thomas, Harry Regan, Harry Thomas
WS - Flamingo - Lower Level - Red Rock VI - cont...(10:00-13:59) - Hands on Adversarial Machine Learning - Yacin Nadji
WS - Flamingo - Lower Level - Red Rock VII - cont...(10:00-13:59) - Exploit Development for Beginners - Sam Bowne, Elizabeth Biddlecome

 

Friday - 12:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - Hacking Cryptocurrencies - Mark Nesbitt
BCV - Flamingo 3rd Floor - Laughlin III Room - (12:30-13:20) - Panel Discussion
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(11:45-12:30) - How to Get Your Ass Kicked and Like It; Experiential Learning Through Gamification - Corey M. Hudson
BHV - Planet Hollywood - Melrose 1-3 Rooms - (12:30-14:30) - Medical Simulations Panel - Corey M. Hudson
BTVW - Flamingo - 3rd Floor- Savoy Room - cont...(09:00-12:59) - Threat Hunting With The Elastic Stack - CyberPraesidium, politoinc
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - cont...(11:30-13:29) - The "Art" of BEC
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - cont...(09:00-12:59) - Deep Infrastructure Visibility With Osquery And Fleet - thezachw
CLV - Flamingo 3rd Floor - Reno I Room - Opening Note
CLV - Flamingo 3rd Floor - Reno I Room - (12:20-12:59) - Cloudy Vision: How Cloud Integration Complicates Security - Sean Metcalf
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Fighting non consensual pornography the BADASS way - Katelyn Bowden
DC - Paris - Track 1 - Process Injection Techniques - Gotta Catch Them All - Itzik Kotler, Amit Klein
DC - Paris - Track 2 - Phreaking Elevators - WillC
DC - Paris - Track 3 - Infiltrating Corporate Intranet Like NSA ̶Pre-auth RCE on Leading SSL VPNs - Orange Tsai, Meh Chang
DC - Paris - Track 4 - API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web - Joshua Maddux
DL - Planet Hollywood - Sunset 1 - EAPHammer - Gabriel Ryan
DL - Planet Hollywood - Sunset 2 - PcapXray - Srinivas Piskala Ganesh Babu
DL - Planet Hollywood - Sunset 3 - Spartacus as a Service (SaaS) - Mike Kiser
DL - Planet Hollywood - Sunset 4 - Flatline - East
DL - Planet Hollywood - Sunset 5 - Phishing Simulation - Jyoti Raval
DL - Planet Hollywood - Sunset 6 - TaintedLove - Benoit Côté-Jodoin
Meetups - Planet Hollywood - Santa Monica 4 Room - Friends of Bill W. -
PHVT - Bally's - Indigo Tower - 26th Floor - StegoAugmented Malware - Mike Raggo and Chet Hosmer
PHVW - Bally's - Indigo Tower - 26th Floor - (12:15-14:15) - Wireshark for Incident Response & Threat Hunting - Michael Wylie
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(11:40-12:20) - Building an OSINT and Recon Program to address Healthcare Information Security issues - MITCHELL PARKER
RCV - Planet Hollywood - Celebrity 5 Ballroom - (12:20-12:45) - Social Media: The New Court of Public opinion (exploring the effects of social media and out unconscious bias) - Susan
WS - Flamingo - Lower Level - Red Rock I - cont...(10:00-13:59) - Evil Mainframe Jr: Mainframe hacking from recon to privesc - Soldier of Fortran, Big Endian Smalls
WS - Flamingo - Lower Level - Red Rock II - cont...(10:00-13:59) - Malware Triage - Analyzing The Modern Malware Delivery Chain - Sergei Frankoff, Sean Wilson
WS - Flamingo - Lower Level - Red Rock III - cont...(10:00-13:59) - Understanding and Analyzing Weaponized Carrier Files - Ryan Chapman
WS - Flamingo - Lower Level - Red Rock IV - cont...(10:00-13:59) - Finding Vulnerabilities at Ecosystem-Scale - Isaac Evans
WS - Flamingo - Lower Level - Red Rock V - cont...(10:00-13:59) - Hacking ICS: From Open Source Tools to Custom Scripts - Valerie Thomas, Harry Regan, Harry Thomas
WS - Flamingo - Lower Level - Red Rock VI - cont...(10:00-13:59) - Hands on Adversarial Machine Learning - Yacin Nadji
WS - Flamingo - Lower Level - Red Rock VII - cont...(10:00-13:59) - Exploit Development for Beginners - Sam Bowne, Elizabeth Biddlecome

 

Friday - 13:00


Return to Index  -  Locations Legend
AVV - Bally's Event Center - Introduction to the Aviation Village - Aviation Village Team
AVV - Bally's Event Center - (13:15-13:59) - Behind the scenes of hacking airplanes - Zoltan, Ben
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(12:30-13:20) - Panel Discussion
BCV - Flamingo 3rd Floor - Laughlin III Room - (13:30-14:20) - Forcing a trustworthy notion of sequential time - Brian Vohaska (bvo)&Justin Drake
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(12:30-14:30) - Medical Simulations Panel - Corey M. Hudson
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - cont...(11:30-13:29) - The "Art" of BEC
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - (13:30-15:29) - MEDIC! Malware Response 101 From The Trenches - krypt3ia
CLV - Flamingo 3rd Floor - Reno I Room - Exploiting IAM in the Google Cloud Platform - Colin Estep
CLV - Flamingo 3rd Floor - Reno I Room - (13:40-14:20) - Battle in the Clouds: Attacker vs Defender on AWS - Dani Goland & Mohsan Farid
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Migrating to quantum-safe cryptography to protect against the quantum hackers - Christian Paquin
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Enabling HTTPS for home network devices using Let’s Encrypt - Karl Koscher
DC - Paris - Track 1 - HackPac: Hacking Pointer Authentication in iOS User Space - Xiaolong Bai, Min (Spark) Zheng
DC - Paris - Track 2 - HVACking: Understand the Difference Between Security and Reality! - Douglas McKee, Mark Bereza
DC - Paris - Track 3 - No Mas – How One Side-Channel Flaw Opens Atm, Pharmacies and Government Secrets Up to Attack - phar
DC - Paris - Track 4 - More Keys Than A Piano: Finding Secrets In Publicly Exposed Ebs Volumes - xBen "benmap" Morris
DL - Planet Hollywood - Sunset 1 - cont...(12:00 - 13:50) - EAPHammer - Gabriel Ryan
DL - Planet Hollywood - Sunset 2 - cont...(12:00 - 13:50) - PcapXray - Srinivas Piskala Ganesh Babu
DL - Planet Hollywood - Sunset 3 - cont...(12:00 - 13:50) - Spartacus as a Service (SaaS) - Mike Kiser
DL - Planet Hollywood - Sunset 4 - cont...(12:00 - 13:50) - Flatline - East
DL - Planet Hollywood - Sunset 5 - cont...(12:00 - 13:50) - Phishing Simulation - Jyoti Raval
DL - Planet Hollywood - Sunset 6 - cont...(12:00 - 13:50) - TaintedLove - Benoit Côté-Jodoin
ETV - Flamingo - 3rd Floor - Reno II Room - Discussion Of State Election Security Policy -
LBV - Flamingo - Carson City II Room - So You Want to Rob a Bank: Overt Ops Timing & Practise -
Meetups - Planet Hollywood - Mezzanine Stage - Beverage Cooling Contest -
PHVT - Bally's - Indigo Tower - 26th Floor - The Art of Detection - Jay Dimartino
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(12:15-14:15) - Wireshark for Incident Response & Threat Hunting - Michael Wylie
RCV - Planet Hollywood - Celebrity 5 Ballroom - (13:20-13:50) - Let’s get technical and hunt harder! - BugCrowd
RCV - Planet Hollywood - Celebrity 5 Ballroom - (13:50-14:40) - Asset Discovery: Making Sense of the Ocean of OSINT - Richard Gold
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Bypassing MacOS Detections with Swift - Cedric Owens
WS - Flamingo - Lower Level - Red Rock I - cont...(10:00-13:59) - Evil Mainframe Jr: Mainframe hacking from recon to privesc - Soldier of Fortran, Big Endian Smalls
WS - Flamingo - Lower Level - Red Rock II - cont...(10:00-13:59) - Malware Triage - Analyzing The Modern Malware Delivery Chain - Sergei Frankoff, Sean Wilson
WS - Flamingo - Lower Level - Red Rock III - cont...(10:00-13:59) - Understanding and Analyzing Weaponized Carrier Files - Ryan Chapman
WS - Flamingo - Lower Level - Red Rock IV - cont...(10:00-13:59) - Finding Vulnerabilities at Ecosystem-Scale - Isaac Evans
WS - Flamingo - Lower Level - Red Rock V - cont...(10:00-13:59) - Hacking ICS: From Open Source Tools to Custom Scripts - Valerie Thomas, Harry Regan, Harry Thomas
WS - Flamingo - Lower Level - Red Rock VI - cont...(10:00-13:59) - Hands on Adversarial Machine Learning - Yacin Nadji
WS - Flamingo - Lower Level - Red Rock VII - cont...(10:00-13:59) - Exploit Development for Beginners - Sam Bowne, Elizabeth Biddlecome

 

Friday - 14:00


Return to Index  -  Locations Legend
AVV - Bally's Event Center - Hacking the Air Force and Beyond - Jack
AVV - Bally's Event Center - (14:30-14:59) - A Hacker Walks Into A Flight School And Says Ouch: Common Online Security Fails In Pilot Training - Tarah
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(13:30-14:20) - Forcing a trustworthy notion of sequential time - Brian Vohaska (bvo)&Justin Drake
BCV - Flamingo 3rd Floor - Laughlin III Room - (14:30-16:10) - Mathematical Background of Blockchain Cryptography - Saroj
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(12:30-14:30) - Medical Simulations Panel - Corey M. Hudson
BHV - Planet Hollywood - Melrose 1-3 Rooms - (14:30-16:15) - Amputees and Prosthetic Challenges - Wayne Penn
BTVT - Flamingo - 3rd Floor- Savoy Room - A Theme Of Fear: Hacking The Paradigm - investigatorchi
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - Malware Traffic Analysis Workshop - malware_traffic
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - cont...(13:30-15:29) - MEDIC! Malware Response 101 From The Trenches - krypt3ia
CLV - Flamingo 3rd Floor - Reno I Room - cont...(13:40-14:20) - Battle in the Clouds: Attacker vs Defender on AWS - Dani Goland & Mohsan Farid
CLV - Flamingo 3rd Floor - Reno I Room - (14:20-14:50) - ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Sentinel using Sysmon and MITRE ATT&CK - Edoardo Gerosa
CLV - Flamingo 3rd Floor - Reno I Room - (14:50-15:25) - Sponsored Talk - Anatomy of cloud hacking - Pratik Shah
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Who Belongs Where? How to Effectively Integrate Your Company’s Privacy, Legal, & Security Teams - Suchismita Pahi, Fred Jennings, Hannah Poteat, Mike Johnson, Marina Spyrou, Calli Schroeder
DC - Paris - Track 1 - Harnessing Weapons of Mac Destruction - Patrick Wardle
DC - Paris - Track 2 - Are Your Child's Records at Risk? The Current State of School Infosec - Bill Demirkapi
DC - Paris - Track 3 - How Deep Learning Is Revolutionizing Side-Channel Cryptanalysis - Elie Bursztein, Jean Michel Picod
DC - Paris - Track 4 - Practical Key Search Attacks Against Modern Symmetric Ciphers - Daniel "ufurnace" Crowley, Daniel Pagan
DL - Planet Hollywood - Sunset 1 - Browser extension to hunt low hanging fruits (Hacking by just browsing) - Rewanth Cool
DL - Planet Hollywood - Sunset 2 - Let's Map Your Network - Pramod Rana
DL - Planet Hollywood - Sunset 3 - EXPLIoT - IoT Security Testing and Exploitation Framework - Aseem Jakhar, Murtuja Bharmal
DL - Planet Hollywood - Sunset 4 - Chaos Drive, because USB is still too trustworthy - Mike Rich
DL - Planet Hollywood - Sunset 5 - Combo Password - Fabian Obermaier
DL - Planet Hollywood - Sunset 6 - OSfooler-NG: Next Generation of OS fingerprinting fooler - Jaime Sanchez
ETV - Flamingo - 3rd Floor - Reno II Room - Ethics And Federal Election Security Policy -
Meetups - Planet Hollywood - Mezzanine Stage - cont...(13:00-14:59) - Beverage Cooling Contest -
PHVT - Bally's - Indigo Tower - 26th Floor - Bestsellers in the Underground Economy: Measuring Malware Popularity by Forum - Winnona DeSombre
PHVT - Bally's - Indigo Tower - 26th Floor - (14:30-14:59) - Hunting Certificates and Servers - Sam Erb
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(12:15-14:15) - Wireshark for Incident Response & Threat Hunting - Michael Wylie
PHVW - Bally's - Indigo Tower - 26th Floor - (14:30-16:30) - Hacking Kubernetes - Choose Your Own Adventure Style - Jay Beale
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(13:50-14:40) - Asset Discovery: Making Sense of the Ocean of OSINT - Richard Gold
RCV - Planet Hollywood - Celebrity 5 Ballroom - (14:40-15:15) - Advanced Recon with OWASP Amass - Jeff Foley
RGV - Flamingo - 3rd Floor - Carson City II - Modern Rogue - Brian Brushwood
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (14:30-15:30) - (Ab)using GPOs for Active Directory Pwnage - Petros Koutroumpis&Dennis Panagiotopoulos
WS - Flamingo - Lower Level - Red Rock I - (14:30-18:30) - Attacking Layer 2 Network Protocols - Erik Dul, Troy Defty
WS - Flamingo - Lower Level - Red Rock III - (14:30-18:30) - Reverse Engineering Android Apps - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - (14:30-18:30) - Introduction to Sandbox Evasion and AMSI Bypasses - Anthony Rose, Jacob "Hubble" Krasnov, Vincent "Halycon" Rose
WS - Flamingo - Lower Level - Red Rock V - (14:30-18:30) - Introduction to Reverse Engineering With Ghidra - Wesley McGrew, Tyler Holland
WS - Flamingo - Lower Level - Red Rock VI - (14:30-18:30) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Carl Pearson
WS - Flamingo - Lower Level - Red Rock VII - (14:30-18:30) - Defending environments and hunting malware with osquery - Guillaume Ross

 

Friday - 15:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(14:30-16:10) - Mathematical Background of Blockchain Cryptography - Saroj
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(14:30-16:15) - Amputees and Prosthetic Challenges - Wayne Penn
BTVT - Flamingo - 3rd Floor- Savoy Room - Detection At Google: On Corp And Cloud - fryx0r , JSteeleIR
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - cont...(14:00-17:59) - Malware Traffic Analysis Workshop - malware_traffic
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - cont...(13:30-15:29) - MEDIC! Malware Response 101 From The Trenches - krypt3ia
CLV - Flamingo 3rd Floor - Reno I Room - cont...(14:50-15:25) - Sponsored Talk - Anatomy of cloud hacking - Pratik Shah
CLV - Flamingo 3rd Floor - Reno I Room - (15:25-15:50) - Security Battle Wounds from a Cloud SRE - Jane Miceli
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - MITM mixed mode butterfly key privacy attack - Ben Brecht
DC - Paris - Track 1 - MOSE: Using Configuration Management for Evil - Jayson Grace
DC - Paris - Track 2 - Change the World, cDc Style: Cow tips from the first 35 years - Joseph Menn, Peiter Mudge Zatko, Chris Dildog Rioux, Deth Vegetable, Omega
DC - Paris - Track 3 - 100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans - Jatin Kataria, Rick Housley, Ang Cui
DC - Paris - Track 4 - Relaying Credentials Has Never Been Easier: How to Easily Bypass the Latest NTLM Relay Mitigations - Marina Simakov, Yaron Zinar
DL - Planet Hollywood - Sunset 1 - cont...(14:00 - 15:50) - Browser extension to hunt low hanging fruits (Hacking by just browsing) - Rewanth Cool
DL - Planet Hollywood - Sunset 2 - cont...(14:00 - 15:50) - Let's Map Your Network - Pramod Rana
DL - Planet Hollywood - Sunset 3 - cont...(14:00 - 15:50) - EXPLIoT - IoT Security Testing and Exploitation Framework - Aseem Jakhar, Murtuja Bharmal
DL - Planet Hollywood - Sunset 4 - cont...(14:00 - 15:50) - Chaos Drive, because USB is still too trustworthy - Mike Rich
DL - Planet Hollywood - Sunset 5 - cont...(14:00 - 15:50) - Combo Password - Fabian Obermaier
DL - Planet Hollywood - Sunset 6 - cont...(14:00 - 15:50) - OSfooler-NG: Next Generation of OS fingerprinting fooler - Jaime Sanchez
ETV - Flamingo - 3rd Floor - Reno II Room - Ethics Discussion with Congressional Staffers -
ICS - Bally's Event Center - Pin the tail on the cyber owner - Ryan Leirvik
ICS - Bally's Event Center - (15:30-15:59) - IT/OT Convergence - Are We There Yet? - Oden Jack
LBV - Flamingo - Carson City II Room - Lock Bypass 101
Meetups - Planet Hollywood - Mezzanine Stage - SpellCheck: The Hacker Spelling Bee -
Meetups - Planet Hollywood - Sin City - BADASS/Cyber SeXurity -
PHVT - Bally's - Indigo Tower - 26th Floor - Old Tech vs New Adversaries. Round 1... Fight! - Joseph Muniz and Aamir Lakhani
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(14:30-16:30) - Hacking Kubernetes - Choose Your Own Adventure Style - Jay Beale
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(14:40-15:15) - Advanced Recon with OWASP Amass - Jeff Foley
RCV - Planet Hollywood - Celebrity 5 Ballroom - (15:15-15:40) - OSINT Approach in Big-Data - Seyfullah KILIÇ
RCV - Planet Hollywood - Celebrity 5 Ballroom - (15:40-16:30) - Hack the Planet! Hackers Influencing Positive Change - Robert Sell
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(14:30-15:30) - (Ab)using GPOs for Active Directory Pwnage - Petros Koutroumpis&Dennis Panagiotopoulos
SEV - Bally's Jubilee Tower - 3rd Floor - (15:30-16:20) - SEVillage - 10 Year Anniversary - a Look Back at what has changed - Chris Hadnagy
WS - Flamingo - Lower Level - Red Rock I - cont...(14:30-18:30) - Attacking Layer 2 Network Protocols - Erik Dul, Troy Defty
WS - Flamingo - Lower Level - Red Rock III - cont...(14:30-18:30) - Reverse Engineering Android Apps - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - cont...(14:30-18:30) - Introduction to Sandbox Evasion and AMSI Bypasses - Anthony Rose, Jacob "Hubble" Krasnov, Vincent "Halycon" Rose
WS - Flamingo - Lower Level - Red Rock V - cont...(14:30-18:30) - Introduction to Reverse Engineering With Ghidra - Wesley McGrew, Tyler Holland
WS - Flamingo - Lower Level - Red Rock VI - cont...(14:30-18:30) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Carl Pearson
WS - Flamingo - Lower Level - Red Rock VII - cont...(14:30-18:30) - Defending environments and hunting malware with osquery - Guillaume Ross

 

Friday - 16:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(14:30-16:10) - Mathematical Background of Blockchain Cryptography - Saroj
BCV - Flamingo 3rd Floor - Laughlin III Room - (16:20-17:10) - Alice and Bob's Big Secret - Mila Paul
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(14:30-16:15) - Amputees and Prosthetic Challenges - Wayne Penn
BHV - Planet Hollywood - Melrose 1-3 Rooms - (16:15-16:59) - Hacking Wetware with Open Source Software and Hardware - Jay Lagorio
BTVT - Flamingo - 3rd Floor- Savoy Room - (16:30-16:59) - Blue Team Guide For Fresh Eyes - sopooped
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - cont...(14:00-17:59) - Malware Traffic Analysis Workshop - malware_traffic
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - Blue Teaming For Fun And The Sake Of Your Organization - sirmudbl00d
CLV - Flamingo 3rd Floor - Reno I Room - (16:50-17:59) - Pragmatic Cloud Security Automation - Rich Mogull
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Black Mirror: You are your own privacy nightmare – the hidden threat of paying for subscription services - Cat Murdock
DC - Paris - Track 1 - Please Inject Me, a x64 Code Injection - Alon Weinberg
DC - Paris - Track 1 - (16:30-16:50) - Poking the S in SD cards - Nicolas Oberli
DC - Paris - Track 2 - I Know What You Did Last Summer: 3 Years of Wireless Monitoring at DEF CON - d4rkm4tter (Mike Spicer)
DC - Paris - Track 2 - (16:30-16:50) - Can You Track Me Now? Why The Phone Companies Are Such A Privacy Disaster - U.S. Senator Ron Wyden
DC - Paris - Track 3 - Surveillance Detection Scout - Your Lookout on Autopilot - Truman Kain
DC - Paris - Track 3 - (16:30-16:50) - Breaking The Back End! It Is Not Always A Bug. Sometimes, It Is Just Bad Design! - Gregory Pickett
DC - Paris - Track 4 - The JOP ROCKET: A Supremely Wicked Tool for JOP Gadget Discovery, or What to Do If ROP Is Too Easy - Dr. Bramwell Brizendine, Dr. Joshua Stroschien
DC - Paris - Track 4 - (16:30-16:50) - Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption - Jens Müller
ETV - Flamingo - 3rd Floor - Reno II Room - Medical Device Security -
ICS - Bally's Event Center - Nation State Supply Chain Attacks for Dummies -or- Chipping Cisco Firewalls - Monta Elkins
ICS - Bally's Event Center - (16:30-16:59) - ICS Village Community Engagement Shark Tank - Bryson Bort
Meetups - Planet Hollywood - Mezzanine Stage - cont...(15:05-16:30) - SpellCheck: The Hacker Spelling Bee -
Meetups - Planet Hollywood - Sin City - cont...(15:00-17:59) - BADASS/Cyber SeXurity -
PHVT - Bally's - Indigo Tower - 26th Floor - Patching: It's Complicated - Cheryl Biswas
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(14:30-16:30) - Hacking Kubernetes - Choose Your Own Adventure Style - Jay Beale
PHVW - Bally's - Indigo Tower - 26th Floor - (16:45-18:45) - Intel-driven Hunts for Nation-state Activity Using Elastic SIEM - Sean Donnelly, Peter Hay
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(15:40-16:30) - Hack the Planet! Hackers Influencing Positive Change - Robert Sell
RCV - Planet Hollywood - Celebrity 5 Ballroom - (16:30-16:59) - Generating Personalized Wordlists by Analyzing Target's Tweets - Utku Sen
RGV - Flamingo - 3rd Floor - Carson City II - Pickpocketing - James Harrison
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Injections Without Borders: An anatomy of Serverless Event Injections - Tal Melamed
SEV - Bally's Jubilee Tower - 3rd Floor - cont...(15:30-16:20) - SEVillage - 10 Year Anniversary - a Look Back at what has changed - Chris Hadnagy
SEV - Bally's Jubilee Tower - 3rd Floor - (16:30-16:59) - Why vigilantism doesn't work - Shane McCombs
WS - Flamingo - Lower Level - Red Rock I - cont...(14:30-18:30) - Attacking Layer 2 Network Protocols - Erik Dul, Troy Defty
WS - Flamingo - Lower Level - Red Rock III - cont...(14:30-18:30) - Reverse Engineering Android Apps - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - cont...(14:30-18:30) - Introduction to Sandbox Evasion and AMSI Bypasses - Anthony Rose, Jacob "Hubble" Krasnov, Vincent "Halycon" Rose
WS - Flamingo - Lower Level - Red Rock V - cont...(14:30-18:30) - Introduction to Reverse Engineering With Ghidra - Wesley McGrew, Tyler Holland
WS - Flamingo - Lower Level - Red Rock VI - cont...(14:30-18:30) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Carl Pearson
WS - Flamingo - Lower Level - Red Rock VII - cont...(14:30-18:30) - Defending environments and hunting malware with osquery - Guillaume Ross

 

Friday - 17:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(16:20-17:10) - Alice and Bob's Big Secret - Mila Paul
BCV - Flamingo 3rd Floor - Laughlin III Room - The CryptoCurrency Security Standard (CCSS) - Ron Stoner&Michael Perklin
BHV - Planet Hollywood - Melrose 1-3 Rooms - Beyond the Firmware - Dr. Avi Rubin
BTVT - Flamingo - 3rd Floor- Savoy Room - The Cyber Threat Intelligence Mindset - ch33r10
BTVT - Flamingo - 3rd Floor- Savoy Room - (17:30-17:59) - Serverless Log Analysis On AWS - gkapoglis
BTVW - Flamingo - Lower Level - Valley Of Fire 1 - cont...(14:00-17:59) - Malware Traffic Analysis Workshop - malware_traffic
BTVW - Flamingo - Lower Level - Valley Of Fire 2 - cont...(16:00-17:59) - Blue Teaming For Fun And The Sake Of Your Organization - sirmudbl00d
CLV - Flamingo 3rd Floor - Reno I Room - cont...(16:50-17:59) - Pragmatic Cloud Security Automation - Rich Mogull
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - How PKI and SHAKEN/STIR Will Fix the Global Robocall Problem - Mark B Cooper
ICS - Bally's Event Center - Changium IPiosa: most magical change IP packets in the wild - Sharon Brizinov, Tal Keren
Meetups - Planet Hollywood - Mezzanine Stage - EFF Trivia -
Meetups - Planet Hollywood - Santa Monica 4 Room - Friends of Bill W. -
Meetups - Planet Hollywood - Sin City - cont...(15:00-17:59) - BADASS/Cyber SeXurity -
PHVT - Bally's - Indigo Tower - 26th Floor - Your Phone is Using Tor and Leaking Your PII - Milind Bhargava and Adam Podgorski
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(16:45-18:45) - Intel-driven Hunts for Nation-state Activity Using Elastic SIEM - Sean Donnelly, Peter Hay
RGV - Flamingo - 3rd Floor - Carson City II - Pickpocketing Workshop - James Harrison
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (17:30-18:30) - Introduction and Application of Covert Channels - Aaron Grattafiori
SEV - Bally's Jubilee Tower - 3rd Floor - OSINT in the Real World - Ryan MacDougall
SEV - Bally's Jubilee Tower - 3rd Floor - (17:40-18:09) - Swing Away: How to Conquer Impostor Syndrome - Billy Boatright
WS - Flamingo - Lower Level - Red Rock I - cont...(14:30-18:30) - Attacking Layer 2 Network Protocols - Erik Dul, Troy Defty
WS - Flamingo - Lower Level - Red Rock III - cont...(14:30-18:30) - Reverse Engineering Android Apps - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - cont...(14:30-18:30) - Introduction to Sandbox Evasion and AMSI Bypasses - Anthony Rose, Jacob "Hubble" Krasnov, Vincent "Halycon" Rose
WS - Flamingo - Lower Level - Red Rock V - cont...(14:30-18:30) - Introduction to Reverse Engineering With Ghidra - Wesley McGrew, Tyler Holland
WS - Flamingo - Lower Level - Red Rock VI - cont...(14:30-18:30) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Carl Pearson
WS - Flamingo - Lower Level - Red Rock VII - cont...(14:30-18:30) - Defending environments and hunting malware with osquery - Guillaume Ross

 

Friday - 18:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - Contest Roundup
BCV - Flamingo 3rd Floor - Laughlin III Room - (18:20-18:30) - Closing note
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(17:00-18:30) - Beyond the Firmware - Dr. Avi Rubin
BHV - Planet Hollywood - Melrose 1-3 Rooms - (18:30-19:15) - 0-Day Inside - Mandy Logan
Meetups - Paris - Le Bar Du Sport bar - /r/defcon DEF CON 27 Meetup
Meetups - Paris - Le Bar Du Sport Bar - (18:30-17:59) - Hackers Against Brexit -
Meetups - Paris - Napoleons Corner Bar - Lawyers Meet -
Meetups - Planet Hollywood - Mezzanine Stage - cont...(17:00-18:59) - EFF Trivia -
PHVT - Bally's - Indigo Tower - 26th Floor - Beyond Sandboxes. How to Execute IoT Malware and Analyze Its Evolution - María José Erquiaga, Sebastian Garcia
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(16:45-18:45) - Intel-driven Hunts for Nation-state Activity Using Elastic SIEM - Sean Donnelly, Peter Hay
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(17:30-18:30) - Introduction and Application of Covert Channels - Aaron Grattafiori
SEV - Bally's Jubilee Tower - 3rd Floor - (18:15-18:45) - A Girl Says Nothing: A Social Engineer’s Guide to Playing into Sexism, Racial Stereotypes, and Discrimination - Krittika Lalwaney
SEV - Bally's Jubilee Tower - 3rd Floor - (18:50-19:20) - Red Teaming Insights and Examples from Beyond the Infosec Community - Micah Zenko
WS - Flamingo - Lower Level - Red Rock I - cont...(14:30-18:30) - Attacking Layer 2 Network Protocols - Erik Dul, Troy Defty
WS - Flamingo - Lower Level - Red Rock III - cont...(14:30-18:30) - Reverse Engineering Android Apps - Sam Bowne, Elizabeth Biddlecome
WS - Flamingo - Lower Level - Red Rock IV - cont...(14:30-18:30) - Introduction to Sandbox Evasion and AMSI Bypasses - Anthony Rose, Jacob "Hubble" Krasnov, Vincent "Halycon" Rose
WS - Flamingo - Lower Level - Red Rock V - cont...(14:30-18:30) - Introduction to Reverse Engineering With Ghidra - Wesley McGrew, Tyler Holland
WS - Flamingo - Lower Level - Red Rock VI - cont...(14:30-18:30) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Carl Pearson
WS - Flamingo - Lower Level - Red Rock VII - cont...(14:30-18:30) - Defending environments and hunting malware with osquery - Guillaume Ross

 

Friday - 19:00


Return to Index  -  Locations Legend
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(18:30-19:15) - 0-Day Inside - Mandy Logan
BHV - Planet Hollywood - Melrose 1-3 Rooms - (19:15-19:59) - Medical Device Incident Response, Forensics, and ITs Challenges - Sam Buhrow
Meetups - Paris - Le Bar Du Sport bar - cont...(18:00-19:59) - /r/defcon DEF CON 27 Meetup
Meetups - Paris - Napoleons Corner Bar - cont...(18:00-19:59) - Lawyers Meet -
Night Life - Paris - Concorde B Ballroom - (19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde C Ballroom - (19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Rivoli A Ballroom - (19:30-25:59) - VETCON II -
SEV - Bally's Jubilee Tower - 3rd Floor - cont...(18:50-19:20) - Red Teaming Insights and Examples from Beyond the Infosec Community - Micah Zenko

 

Friday - 20:00


Return to Index  -  Locations Legend
DC - Planet Hollywood - Firesides Lounge - D0 N0 H4RM: A Healthcare Security Conversation - Christian “quaddi” Dameff, Jeff “r3plicant” Tully MD, Suzanne Schwartz MD, Marie Moe PhD, Billy Rios, Jay Radcliffe
Night Life - Paris - Concorde B Ballroom - cont...(19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde B Ballroom - Blanketfort Con Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Rivoli A Ballroom - cont...(19:30-25:59) - VETCON II -
Night Life - Planet Hollywood - Mezzanine Stage - Hacker Jeopardy -

 

Friday - 21:00


Return to Index  -  Locations Legend
DC - Planet Hollywood - Firesides Lounge - cont...(20:00-21:59) - D0 N0 H4RM: A Healthcare Security Conversation - Christian “quaddi” Dameff, Jeff “r3plicant” Tully MD, Suzanne Schwartz MD, Marie Moe PhD, Billy Rios, Jay Radcliffe
Night Life - Paris - Concorde A Ballroom - 303/Skytalks Pajama Dance Party -
Night Life - Paris - Concorde B Ballroom - cont...(19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde B Ballroom - cont...(20:00-26:15) - Blanketfort Con Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Napoleon's Piano Bar - Music - Steph Infection - Steph Infection
Night Life - Paris - Rivoli A Ballroom - cont...(19:30-25:59) - VETCON II -
Night Life - Planet Hollywood - Apex Suite - Florida Man Party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Terrestrial Access Network - Terrestrial Access Network
Night Life - Planet Hollywood - Mezzanine Stage - cont...(20:00-21:59) - Hacker Jeopardy -

 

Friday - 22:00


Return to Index  -  Locations Legend
DC - Planet Hollywood - Firesides Lounge - (22:15-22:59) - Panel: DEF CON Groups - Brent White / B1TK1LL3R, Jayson E. Street, Darington, April Wright, Tim Roberts (byt3boy), Casey Bourbonnais, s0ups
Night Life - Paris - Concorde A Ballroom - cont...(21:00-25:59) - 303/Skytalks Pajama Dance Party -
Night Life - Paris - Concorde B Ballroom - cont...(19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde B Ballroom - cont...(20:00-26:15) - Blanketfort Con Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Napoleon's Piano Bar - Music - S7a73farm - S7a73farm
Night Life - Paris - Rivoli A Ballroom - cont...(19:30-25:59) - VETCON II -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Florida Man Party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Icetre Normal - Icetre Normal
Night Life - Planet Hollywood - London Club - SecKC the work, Again party - SecKC
Night Life - Planet Hollywood - Mezzanine Stage - Who's Slide is it anyway? -

 

Friday - 23:00


Return to Index  -  Locations Legend
Night Life - Paris - Concorde A Ballroom - cont...(21:00-25:59) - 303/Skytalks Pajama Dance Party -
Night Life - Paris - Concorde B Ballroom - cont...(19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde B Ballroom - cont...(20:00-26:15) - Blanketfort Con Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Napoleon's Piano Bar - Music - DJ SmOke - DJ SmOke
Night Life - Paris - Rivoli A Ballroom - cont...(19:30-25:59) - VETCON II -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Florida Man Party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Miss Jackalope - Miss Jackalope
Night Life - Planet Hollywood - London Club - cont...(22:00-25:59) - SecKC the work, Again party - SecKC
Night Life - Planet Hollywood - Mezzanine Stage - cont...(22:00-23:59) - Who's Slide is it anyway? -

 

Friday - 24:00


Return to Index  -  Locations Legend
Night Life - Paris - Concorde A Ballroom - cont...(21:00-25:59) - 303/Skytalks Pajama Dance Party -
Night Life - Paris - Concorde B Ballroom - cont...(19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde B Ballroom - cont...(20:00-26:15) - Blanketfort Con Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Napoleon's Piano Bar - Music - DJ Wil Austin - Wil Austin
Night Life - Paris - Rivoli A Ballroom - cont...(19:30-25:59) - VETCON II -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Florida Man Party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - DJ St3rling - DJ St3rling
Night Life - Planet Hollywood - London Club - cont...(22:00-25:59) - SecKC the work, Again party - SecKC

 

Friday - 25:00


Return to Index  -  Locations Legend
Night Life - Paris - Concorde A Ballroom - cont...(21:00-25:59) - 303/Skytalks Pajama Dance Party -
Night Life - Paris - Concorde B Ballroom - cont...(19:30-25:59) - Diversity Party -
Night Life - Paris - Concorde B Ballroom - cont...(20:00-26:15) - Blanketfort Con Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Napoleon's Piano Bar - Music - ASHSLAY - ASHSLAY
Night Life - Paris - Rivoli A Ballroom - cont...(19:30-25:59) - VETCON II -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Florida Man Party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - DJ%27 - DJ%27
Night Life - Planet Hollywood - London Club - cont...(22:00-25:59) - SecKC the work, Again party - SecKC

 

Friday - 26:00


Return to Index  -  Locations Legend
Night Life - Paris - Concorde B Ballroom - cont...(20:00-26:15) - Blanketfort Con Party -

Talk/Event Descriptions


 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Friday - 14:30-15:30


(Ab)using GPOs for Active Directory Pwnage

Identifying privilege escalation paths within an Active Directory environment is crucial for a successful red team. Over the last few years, BloodHound has made it easier for red teamers to perform reconnaissance activities and identify these attacks paths. When evaluating BloodHound data, it is common to find ourselves having sufficient rights to modify a Group Policy Object (GPO). This level of access allows us to perform a number of attacks, targeting any computer or user object controlled by the vulnerable GPO.

In this talk we will present previous research related to GPO abuses and share a number of misconfigurations we have found in the wild. We will also present a tool that allows red teamers to target users and computers controlled by a vulnerable GPO in order to escalate privileges and move laterally within the environment.

About Petros Koutroumpis: Petros Koutroumpis is a penetration tester for MWR InfoSecurity, where he has performed a number of purple team and adversary simulation assessments. His research is mainly focused on Active Directory exploitation and offensive tooling development. Twitter: @pkb1s

About Dennis Panagiotopoulos: Dennis Panagiotopoulos is a penetration tester at MWR InfoSecurity. He has performed a wide variety of engagements ranging from whitebox, objective-based assessments to red teams. His research interests are Windows post-exploitation and active directory. He likes to spent his free time developing new tools and contributing to open source projects for the InfoSec community. Twitter: @den_n1s


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 18:30-19:15


6:30 PM: 0-Day Inside: Analog Analytics, Blood, Muscle, and Electricity
Speaker: Mandy Logan

Abstract: Brainstem & cerebellar strokes=0day for me. No inside voice. No ability to comprehend speech or form words. No movement, no memories. Filters removed. Senses heightened in ways that threatened life. I lived through being reset to abilities of a 6-mo and spent 1000s of hours formulating a new OS based on on/off response of my bodys electrical system and defining electrical signature of words, emotions, sensations, everything. Come listen. Grow stronger.

Speaker Bio: After 5 strokes & major injuries, Mandy is no longer in const/eng. She used life hacking skills from a non-traditional background to re-establish neuro control using her tongue against her teeth & perseverance. Now, as a happy dyslexic autie, she pursues biohacking/stand up/fun/improving lives.

T: @5urv1va7rix

Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 15:00-15:45


100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans

Friday at 15:00 in Track 3
45 minutes | Demo, Tool, Exploit

Jatin Kataria Principal Scientist, Red Balloon Security

Rick Housley Research Scientist, Red Balloon Security

Ang Cui Chief Scientist, Red Balloon Security

First commercially introduced in 2013, Cisco Trust Anchor module(TAm) is a proprietary hardware security module that is used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the foundational root of trust that underpins all other Cisco security and trustworthy computing mechanisms in such devices. We disclose two 0-day vulnerabilities and show a remotely exploitable attack chain that reliably bypasses Cisco Trust Anchor. We present an in-depth analysis of the TAm, from both theoretical and applied perspectives. We present a series of architectural and practical flaws of TAm, describe theoretical methods of attack against such flaws. Next, we enumerate limitations in current state-of-the-art offensive capabilities that made the design of TAm seem secure.

Using Cisco 1001-X series of Trust Anchor enabled routers as a demonstrative platform, we present a detailed analysis of a current implementation of TAm, including results obtained through hardware reverse engineering, Trust Anchor FPGA bitstream analysis, and the reverse engineering of numerous Cisco trustworthy computing mechanisms that depend on TAm. Finally, we present two 0-day vulnerabilities within Cisco IOS and TAm and demonstrate a remotely exploitable attack chain that results in persistent compromise of an up-to-date Cisco router. We discuss the implementation of our TAm bypass, which involves novel methods of reliably manipulating FPGA functionality through bitstream analysis and modification while circumventing the need to perform RTL reconstruction. The use of our methods of manipulation creates numerous possibilities in the exploitation of embedded systems that use FPGAs. While this presentation focuses on the use of our FPGA manipulation techniques in the context of Cisco Trust Anchor, we briefly discuss other uses of our bitstream modification techniques.

Jatin Kataria
Jatin Kataria is the Principal Research Scientist at Red Balloon Security where he architects defensive technologies for embedded systems. Playing both the role of cat and of mouse at Red Balloon has many suggesting that he may be the first real source of perpetual energy. He tires of n-days easily and is always looking for new and exciting ELF shenanigans, caching complications, and the Fedex guy who lost his engagement ring. Prior to his time at Red Balloon Security, Jatin worked at a number of firms as a systems software developer and earned his Master of Engineering at Columbia University.

Twitter: @jatinkataria

Rick Housley
Rick Housley is a Research Scientist at Red Balloon Security and leads their advanced hardware reverse engineering efforts. He often finds himself at the end of a soldering iron hoping he has not bricked another expensive COTs product. His focus at Red Balloon includes the discovery of previously unknown vulnerabilities, novel firmware extraction techniques, and advanced physical reverse engineering using custom tooling. When not designing secure-boot defeating EMPs and interposers, he is building axe handles and baby rattles in his woodshop.

Twitter: @rickyhousley

Ang Cui
Dr. Ang Cui is the Founder and Chief Scientist of Red Balloon Security. Dr. Cui received his PhD from Columbia University in 2015. His doctoral dissertation, titled ”Embedded System Security: A Software-based Approach”, focused exclusively on scientific inquiries concerning the exploitation and defense embedded systems. Ang has focused on developing new technologies to defend embedded systems against exploitation. During the course of his research, he has uncovered a number of serious vulnerabilities within ubiquitous embedded devices like Cisco routers, HP printers and Cisco IP phones. Dr. Cui is also the author of FRAK and the inventor of Software Symbiote technology. Ang has received various awards on his work on reverse engineering commercial devices and is also the recipient of the Symantec Graduate Fellowship and was selected as a DARPA Riser in 2015.


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - outside [TBD location] - Friday - 06:00-07:59


Title:
2019 8th Annual Defcon Bike Ride

2019 8th Annual Defcon Bike Ride

by

TLDR: Ride a bicycle with us at Defcon – signup here. Email info at cycleoverride dot org if you have questions. 

TLDR2:  Bike shop will meet us at 6:30am to hand out rentals. You do not need to go there ahead of time.

It’s time for the Defcon 27 version of the Cycleoverride Defcon bike ride!!!

The date of this years bike ride is Friday, AUGUST 9th, 2019 at 6am. This is Friday of Defcon. We will meet outside [TBD location] at 6:00am. There [may/will] also be a group meeting at the Tuscany at 6 am.

:)

Registration is here. This is just so we can get a count and arrange comms leading up to the event. It will also give us your email so we can blast out any details needed pre ride, or at 5:25am on August 9th.

Heres the deal we have partnered again with McGhies Bike Shop in Las Vegas for our ride. Yes they will throw your clipless pedals and seat posts on if you insist. They have 3 levels of road bikes:  a ~$40 Cannondale Synapse,  and a ~$100 Lance Armstrong starter kit road bike (think Madone.)  Theres also a $125 level also.

Bike rental is first come first serve there are about 18 $40  male road bikes and 5 female after that its a hybrid or a $100 bike.  You can always ship out your bike for about $100 each way on most airlines.


Click HERE for full information.

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Concorde A Ballroom - Friday - 21:00-25:59


Title:
303/Skytalks Pajama Dance Party

Friday night will be a place for con-goers to meet and greet the speakers from Skytalks. We'll also have DJs and potentially have live music too.

https://skytalks.info
https://twitter.com/dcskytalks/status/1146527983588401158

Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 10:00-10:59


4 years and 10,000+ Hours Later: Lessons Learned from Running a National Penetration Testing Competition

Tom Kopchak, Competition Director of National CPTC / Director of Technical Operations, Hurricane Labs
Dan Borges, World Team Captain of National CPTC

The National Collegiate Penetration Testing Competition (CPTC) provides students with realistic challenges that prepare for a career in the security assessment field. The architecture of the competition is designed to mimic a real-world organization, while requiring participants to excel in both technical and communication skills. The ultimate goal is to use a unique environment to prepare young professionals to navigate the technical and administrative challenges they are likely to face in their careers. Join National CPTC directors Dan Borges and Tom Kopchak in a deep-dive discussion on what goes into building the competition scenario created for each year's event.

Tom Kopchak (Twitter: @tomkopchak) is the Director of Technical Operations at Hurricane Labs, where he pretends to manage a team of Splunk engineers, but is still an engineer and technology geek at heart. Tom's speaking experience includes a previous talk at DC24 (Sentient Storage - Do SSDs Have a Mind of Their Own?) as well as many talks at other conferences around the country (and BSides LV in 2013). He holds a Master's degree in Computing Security from the Rochester Institute of Technology, and volunteers as the white team captain for the National Collegiate Penetration Testing Competition (CPTC). When he is not working with computers, Tom enjoys composing, music improvisation (Acts of Music), and playing both the piano and organ.

Dan Borges is an information security professional with over 15 years in computer science. Dan participates in a number of cyber security competitions each year, from being on the National CCDC Red Team and helping with the black team for the Collegiate Penetration Testing Competition (CPTC). He is an experienced red teamer who enjoys developing new tools in his free time. He has taught workshops on advanced red teaming at both DEF CON and WOPR Summit. He has been publishing a blog on infosec education for more than 10 years at lockboxx.blogspot.com.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Friday - 18:15-18:45


Friday August 09 2019 1815 30 mins
A Girl Says Nothing: A Social Engineer’s Guide to Playing into Sexism, Racial Stereotypes, and Discrimination
Throughout our history, humans have tried to divide one another to get a competitive edge. Divisions among human societies allowed people to create groups based on commonalities. Militaries thrive on framing the “other” – an unrelatable enemy – to motivate fighters against a foreign enemy. Therefore, it is not surprising that human biases persist. These biases come in the form of sexism, racial stereotypes, and discrimination. Try as we might to rid ourselves of bias, and despite undeniable progress, these biases remain part of our lives.

In the world of social engineering, biases that are exhausting to navigate in everyday life can become essential gadgets in a hacker’s tool belt. Social engineers have the power to live and hide among these biases in order to blend in and gain access. This talk will share stories from real social engineering hacks where playing into people’s biases (sexism, racial profiling, and discrimination) has been advantageous to successful Red Team operations.

Krittika Lalwaney: @ibetika
Krittika is actively emulating threat actors as a Red Team Engineer at Capital One. Prior to red teaming, she hunted for anomalous activity as an Incident Handler. Most recently, Krittika has been honing her social engineering skills by participating in Defcon’s SECTF and winning Derbycon’s SECTF in 2018. She has led several social engineering red team engagements and successfully passed her APSE and MLSE certifications.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Friday - 14:30-14:59


A Hacker Walks Into A Flight School And Says Ouch: Common Online Security Fails In Pilot Training

Speaker – Tarah (@tarah)

Synopsis

As an information security researcher beginning my private pilot’s license training, I was startled to see the common security fails in many resources available for pilots, including official training/FAA sites, and more. I’ll cover a couple of the most common plane/instructional booking sites’ major security issues, and what to expect from having your personal information exposed online as will be at least partially required if you too decide to learn to fly a plane. I’ll cover Bluetooth and radio interference in avionics, Garmin instrument panels requesting keyboard input, and some simple checks to keep yourself aware of potential security issues in flight. I am not disclosing any 0-day or anything that isn’t already available online; this talk is intended to summarize the worst offenders and low-hanging fruit. I’d like to keep my FAA license; thank you very much.

About the Speaker

Intrepid adventuress, mother of war kittens, pilot-in-training.


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Friday - 10:50-11:40


A Smart Contract Killchain. How the first Blockchain APT was caught

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Friday - 14:00-14:59


A Theme Of Fear: Hacking The Paradigm

Friday 14:00, Savoy Ballroom, Flamingo (Blue Team Village) (1H)

@investigatorchi is a security researcher, speaker, and Senior Information Security Analyst at University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a data forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness amongst faculty and staff via a comprehensive department-wide program which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous prestigious information security conferences including DEF CON and Hacker Halted. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.

The InfoSec industry was born out of fear. Initially it was fear from virus infections and later, external attacks. We capitalized on that fear to build more secure environments. But fear is hard to manage: too much fear breeds paralysis, and too little fear breeds complacency. This talk will take a look at the history of fear in InfoSec, explore how its impact has shaped the industry, and how it is now getting in the way. Fortunately, we can provide the next generation a new paradigm to affect change. This talk presents some ideas on what the new security paradigm could be, and most importantly - how to enable a security-minded culture without using fear.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 11:00-11:40


COMPREHENSIVE TALK

A URL Shortened By Any Other Name

1100 - 1140


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock VI - Friday - 14:30-18:30


Advanced Custom Network Protocol Fuzzing

Friday, 1430-1830 in Flamingo, Red Rock VI

Joshua Pereyda Software Engineer

Carl Pearson Security Analyst

Get hands on experience writing custom network protocol fuzzers. This class will cover the basics of network protocol "smart fuzzing." Exercises will utilize the open source network protocol fuzzing framework, boofuzz.

Attendees will gain practice reverse engineering a network protocol, implementing and iterating on a custom fuzzer, and identifying vulnerabilities.

After:

1. You will know the basics of fuzzing.
2. You will know how to write custom network protocol fuzzers using state of the art open source tools.
3. You will have hands on experience with this widely-discussed but still largely mysterious test method.

Before (Prerequisites): You should:

1. Be comfortable doing some basic programming in Python.
2. Understand basic network protocol concepts (e.g. what is a protocol and what is a network layer).
3. Be familiar with WireShark and how to use it.
4. Have a laptop with at least 8 GB of RAM (16 GB recommended).

What you won't learn:

1. Exploit development.
2. Python programming. Because you can already do that (see above). ;)

Fuzzing is a wide and deep field with a wide array of technologies. This class is a beginner-friendly deep dive into one niche of the fuzzing world.

Skill Level Intermediate

Prerequisites: 1. Some basic Python programming experience (some programming ability is REQUIRED). 2. Basic understanding of network protocols. 3. Basic familiarity with Wireshark. 4. Optional: Fuzzing experience.

Materials: 1. Laptop with at least 8 GB of RAM (16 GB recommended). 2. Have a recent version of VMWare Player installed. 3. Strongly recommended: configure for Defcon secure Wi-Fi access beforehand.

Max students: 70

Registration: https://www.eventbrite.com/e/advanced-custom-network-protocol-fuzzing-red-rock-vi-tickets-63609251985
(Opens 8-Jul-19)

Joshua Pereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. Among his passions are hacking, teaching kids to program, attending orchestral concerts with his wife, and figuring out how he can get paid to do it all... legally.

Joshua is the maintainer of the boofuzz network protocol fuzzing framework.

Carl Pearson
Carl is a security analyst with a passion for network and application security. He works as a blue team member in the higher education field by day and an independent red team researcher by night. His interests include poking around inside software and systems, figuring out what makes them tick. When he's not hunting bugs or writing code, you can find him exploring the great outdoors.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 14:40-15:15


LIVE TOOL DEMO

Advanced Recon with OWASP Amass

1440 - 1515


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Friday - 16:20-17:10


Alice and Bob's Big Secret

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 11:00-11:45


All the 4G modules Could be Hacked

Friday at 11:00 in Track 3
45 minutes | Exploit

XiaoHuiHui Senior Security Researcher, Baidu

Ye Zhang Security Researcher, Baidu

ZhengHuang Leader of Baidu Security Lab X-Team, Baidu

Nowadays more and more 4G modules are built into IoT devices around the world, such as vending machines, car entertainment systems, laptops, advertising screens, and urban cameras etc. But no one has conducted a comprehensive security research on the 4G modules. We carried out this initiative and tested all the major brand 4G modules in the market (more than 15 different types). The results show all of them have similar vulnerabilities, including remote access with weak passwords, command injection of AT Command/listening services, OTA upgrade spoofing, command injection by SMS, and web vulnerability. Through these vulnerabilities we were able to get to the shell of these devices. In addition to using wifi to exploit these vulnerabilities, we created a new way to attack through fake base station system, triggered by accessing the intranet of cellular network, and successfully run remote command execution without any requisites. In this talk, we will first give an overview on the hardware structure of these modules. Then we will present the specific methods we use in vulnerability probe. In the final section we will demonstrate how to use these vulnerabilities to attack car entertainment systems of various brands and get remote control of cars.

XiaoHuiHui
Shupeng (xiaohuihui) is a member of Baidu Security Lab. He is an expert on IoT security, AI security, penetration testing, etc. He was invited to talk on multiple security conferences, and successfully pwned IOT equipments on XPwn 2016/2017/2018, GeekPwn May/October 2017,the biggest pwn competitions in China.

Twitter: @xi4ohuihui

Ye Zhang
Ye Zhang is a security researcher of Baidu Security Lab X-Team. He's good at reverse engineering and malware analysis, now he focuses on finding IoT vulnerabilities.

ZhengHuang
Zheng Huang is the head of Baidu Security Lab X-Team. He is a prolific finder of vulnerabilities in the browser security area, has contributed a lot of vulnerabilities in Microsoft browsers, Chrome, and Safari. Previously, he mainly focused on malicious URL detection and defense of APT attacks, he is now responsible for the research of autonomous driving security.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 14:30-16:15


2:30 PM: Amputees and Prosthetic Challenges: Creating Functionality, Dignity Restoring, Interaction, and Enabling Technology
Speaker: Wayne Penn

Abstract: The human body is the most elegant and complex machine ever created, but often we do not realize how well it works until a major system has been compromised such as with an amputation severing and removing an element of the neuromuscular and skeletal system. There are 1 million annual limb amputations globally, which equates to one every 30 seconds. With those kinds of numbers and what we see in science fiction TV and film, one would expect that prosthetic technology is ubiquitous and advancing at an exponential pace. However, prosthetic technology advancement can be correlated with periods immediately following military conflicts and still not able to fully replicate anatomical function, which is why we are seeking assistance of those at DEFCONs Biohacking Village to collaborate and help create prosthetic solutions. Wayne Penn, a biomedical engineer and entrepreneur, will be joined by bi-lateral amputee Chuck Hildreth Jr., and Occupational Therapist Laurel Koss to discuss the etiology and epidemiology of amputations, challenges amputees face, the secondary or associated conditions and complications, and their shared experiences while working on advanced robotic prosthetic limb research programs such as the DEKA/DARPA/Mobius Bionics Luke Prosthetic Arm System. Chuck will give a demonstration of the Luke Arm System, the only full powered shoulder down prosthetic arm system in existence. Introductions will be given to the two BHV Prosthetic Labs taking place following the talk and ran by this presentation team. The first Lab will be to create a family of Quick Change Magnetic Adapters for Activities of Daily Living to hold items for personal hygiene as well as items for eating and food preparation utilizing 3D Printing. The second Lab, Thermo Limbs, will be introduced by 7th graders, Piper Vail Lalla and Ava Conlon, who won the Best Idea in the Medical Field and a $20,000 grant for a patent application at the National Invention Convention. This lab will focus on creating microprocessor controlled cooling systems for amputees, as thermal regulation is a major issue that affects amputees with the loss of their major sweat and heat dissipation surfaces.

Speaker Bio: Wayne is a biomedical engineer and entrepreneur. He received his undergraduate degree in biomedical engineering from Columbia University, and his graduate degree in mechanical engineering with a focus on biomechanics from Boston University. He worked as the Clinical Research Coordinator at DEKA Research & Development on the DARPA/DEKA Luke Prosthetic Arm Project and the Product Marketing Manager for the MIT Media Lab startup iWalk for the BiOM Powered Prosthetic Ankle System, now the Ottobock Empower Ankle. He has continued his work in prosthetics focusing on advanced human interface, controls, and fitting systems for amputees while working in partnership with biodesigns. Wayne founded and leads his multidisciplinary engineering and design team at Charged Concepts, whose mission is to turn innovative concepts into impactful real world technology, programs, and initiatives.

T: @chargedconcepts

Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 1 - Friday - 10:00 - 11:50


Antennas for Surveillance applications

Friday from 10:00 – 11:50 in Sunset 1 at Planet Hollywood
Audience: All

Kent Britain & Alexander Zakharov

The antenna is one of the most important pieces of a good receiver. Yet it seems technical specifications are made up by the Marketing Departments, not by the Engineers. Wild claims about gain and misleading data seem to be the norm. In this Demonstration you will be able to see and hear the effects of gain and have a better understanding of beamwidths and patterns. Over a dozen different antennas will be available for demonstration, and our miniature antenna range can do some quick tests on your antenna.

http://WWW.WA5VJB.COM

Kent Britain
Kent Britain has been professionally designing antennas for over 25 years. He has developed over 1200 specialized antennas for consumer products, government agencies, military applications, and satellites. The antenna columnist for Monitoring Times, Popular Communications, CQ, CQVHF, and DUBUS magazines.

Alexander Zakharov
Alex has over 25 years of experience in the Telecommunications, Information Technology and IT Security fields. He was responsible for the creation and deployment of solutions protecting networks, systems and information assets for a large number of organizations in both the private and public sectors.

Alex is a brain and architect behind Airbud appliance - the ultimate wireless development and testing platform ready to use with a full spectrum of wireless applications like pentesting and monitoring or router and firewall projects. Number of custom models developed are using antennas created together with Kent's help and advice. Reference - www.alftel.com


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Friday - 12:00-12:45


API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web

Friday at 12:00 in Track 4
45 minutes | Demo, Exploit

Joshua Maddux Security Researcher / Software Engineer, PKC Security

The 2016 WWDC saw the dawn of Apple Pay Web, an API that lets websites embed an Apple Pay button within their web-facing stores. Supporting it required a complex request flow, complete with client certificates and a custom session server. This proved detrimental, since Apple failed to caution against important side effects of taking in untrusted URLs. As a result, many new SSRF vulnerabilities entered the world. Worse yet, while they were exploitable and discoverable in similar ways, they were spread across distinct codebases in several programming languages, so could not be patched in any generic way.

Apple is not alone - in the process of gluing the web together, Twilio, Salesforce, and others have all created similarly broad attack surfaces. When companies fail to take an honest, empathetic look at how clients will use a product, they shove along hidden security burdens. Those who integrate with an API have less context than those who create it, so are in a worse position to recognize these risks.

Engineers have been talking about defensive programming for decades, but top companies still have trouble practicing it. In this talk we explore these mistakes with demos of affected software, and introduce a powerful model for finding broad classes of bugs.

Joshua Maddux
Joshua Maddux started out as a software engineer. After a few years, having introduced his share of problems to the world, he turned his life around and started hunting for vulnerabilities. Now at PKC Security he does a mix of software development and white-box penetration testing, with a focus on helping startups move fast without breaking too many things.

Aside from pentesting for clients, Joshua is also active in the bug bounty world. His past research has led to security updates in Java, Gitlab, United Airlines, Zapier, and others.

Twitter: @joshmdx


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 14:00-14:45


Are Your Child's Records at Risk? The Current State of School Infosec

Friday at 14:00 in Track 2
45 minutes

Bill Demirkapi Independent Security Researcher

From credit reporting agencies to hotel enterprises, major data breaches happen daily. However, when was the last time we considered the data security of children and middle-level education students? The infosec community spends so much time thinking about enterprise security and user privacy, but who looks after those who can't defend themselves? Unknown to most, there are only just a handful of major educational software providers—and flaws in any of them can lead to massive holes which expose the confidential information of our rising generation, this speaker included. Additionally, while many dismiss educational data as “just containing grades”, the reality is that these systems store extremely sensitive information from religious beliefs, health and vaccine-related data, to even information about parental abuse and drug use in the family.

This talk will cover never-before-seen research into the handful of prominent educational software companies, the vulnerabilities that were found, the thousands of schools and millions of students affected, and the personal fallout of such research. Vulnerabilities discussed will range from blind SQL injection to leaked credentials for the entire kingdom. If a high school student can compromise the data of over 5 million students and teachers, what can APT do?

Bill Demirkapi
Bill is a 17-year-old high school student with an intense passion for the information security field. Bill's interests include game hacking, reverse engineering malware, and breaking things. Next year, Bill will be attending the Rochester Institute of Technology where he hopes to grow his career and knowledge in the enormous field of Cybersecurity. In his pursuit to make the world a better place, Bill constantly looks for the next big vulnerability following the motto "break anything and everything".

Twitter: https://twitter.com/BillDemirkapi
Blog: https://d4stiny.github.io


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 13:50-14:40


COMPREHENSIVE TALK


Asset Discovery: Making Sense of the Ocean of OSINT

1350 - 1440


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Friday - 14:20-14:50


Speaker: Edoardo Gerosa

Twitter: @netevert

Abstract: Azure Sentinel, Microsoft's new cloud SIEM solution, was recently released on the market. Notwithstanding its strengths Sentinel offers limited threat hunting capabilities out of the box and setting up an effective hunting solution is not straightforward. The Sentinel ATT&CK GitHub project is designed to provide guidance on setting up an ATT&CK-driven process monitoring solution within Sentinel; giving DFIR professionals a tool to effectively hunt in the Azure cloud.

The project, building on previous work from the open source DFIR community, provides instructions on how to properly configure Sysmon to monitor and detect specific processes in alignment with MITRE's ATT&CK framework. Secondly it provides clarity on how to onboard Sysmon logs from Windows virtual machines, shedding light on some poorly documented areas, while also offering an open source parser to correctly ingest Sysmon data in conformity with the Open Source Security Event Metadata information model. Thirdly it offers around 120 open source Kusto Query Language alerts ready for deployment; each mapped to a unique MITRE ATT&CK technique. Fourthly it provides a dedicated threat hunting dashboard to help DFIR professionals monitor their environment and execute precise hunts. Finally, Sentinel ATT&CK provides ready-made hunting queries to be leveraged when responding to alert notifications raised by the threat hunting dashboard.

This talk delivers an overview of how the Sentinel ATT&CK project can help organisations establish an effective threat hunting capability in Azure as well as an opportunity to share with the community the strengths and shortcomings of Sentinel when it comes to hunting adversaries within the Microsoft cloud.

The talk will be structured as follows:

  • Introductions (2 minutes): A brief introduction to provide our short biographies and a description of our current roles - both speakers
  • Project background (3 minutes): An overview of how the project came to be, covering previous Splunk work from the DFIR open source community that helped establish the foundations of Sentinel ATT&CK - both speakers
  • The problem (5 minutes): Although Azure Sentinel contains excellent features – for e.g. threat response automation with Logic Apps (1 minute), a powerful query language (1 minute) and incident grouping (1 minute); the platform offers limited threat hunting capabilities out of the box. Moreover, two major downsides make it difficult to quickly set up a robust, well-structured threat hunting capability; these are a) poor documentation around log onboarding (1 minute) and b) very limited data normalisation features at ingestion time (1 minute) - Edoardo Gerosa
  • The solution – Sentinel ATT&CK (10 minutes): An overview of the project and how it can help with quickly deploying an effective threat hunting solution for Sentinel – starting with a lighting overview of MITRE ATT&CK (1 minute) , then covering how to configure Sysmon to monitor specific ATT&CK techniques (2 minutes), how to onboard Sysmon logs into Azure (2 minutes), Sentinel parsing best practices (2 minutes), using Kusto to execute hunts (2 minutes) and concluding with an overview of the project's threat hunting dashboard (1 minute) - Edoardo Gerosa
  • Demo and Q&A session (10 minutes): we'll showcase a live instance of Sentinel ATT&CK deployed on our Azure lab to walk through the functionalities of the platform, execute a demo hunt and, if necessary, to provide practical deep-dives to participant questions - Olaf Hartong

In order to stimulate discussion during the demo and Q&A session we will have three questions in our back-pocket to ask participants; these will be as follows:

  • Who has used Sentinel and what is their opinion of the platform?
  • Who uses Sysmon as a process monitoring solution in their network and what is their opinion of the tool?
  • What are some of the response activities that could be performed with Sentinel on compromised virtual machines, especially considering the in-built SOAR capabilities of the platform?

About Edoardo: Edoardo Gerosa works for Deloitte AG’s Cyber Risk Services, where he leads a team specialised in providing technical consultancy services to client SOC’s across Switzerland. Previously he led Deloitte UK’s Cyber Engineering DevOps team, where he oversaw the development of automated reconnaissance tools to support red teaming and cyber threat intelligence engagements. He loves the shores of Zürisee much more than the streets of London, where he previously used to live.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock I - Friday - 14:30-18:30


Attacking Layer 2 Network Protocols

Friday, 1430-1830 in Flamingo, Red Rock I

Erik Dul Hacker

Troy Defty Hacker

Layer 2 can be a lesser-known attack surface; the techniques have been known for a while, have well-documented mitigations, and are often thought of as so old, they _can't possibly still be around, right?_

But this under-represented attack surface is also of great value to an attacker. Network segregation on a typical internal network is commonplace, and often heavily relied upon to segregate, isolate, and limit the spread of a compromise. A misconfigured switch or switch port can be the difference between an attacker compromising the desk phones, and core business server infrastructure. And when the misconfiguration can be a single two-word line in a ten-thousand line switch configuration file, it's easy to see how the basic hardening controls can be missed.

This workshop will run through analysing Layer 2 network traffic, identifying protocols and information of interest within network traffic, launching DTP attacks to pivot within a misconfigured network, and man-in-the-middling traffic via this pivot to compromise a target host (including using various tools in conjunction with virtual network interfaces). In terms of tooling, we will be looking to utilise the likes of Wireshark, Yersinia and Bettercap to launch the various network attacks, with standard Kali tooling/normal Linux functionality to exploit and escalate privileges on the target host.

Reading list (not required, but can be of interest):

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_arp/configuration/15-mt/arp-15-mt-book/arp-config-arp.html
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/configuration/guide/2960scg/swvlan.html
https://www.computernetworkingnotes.com/ccna-study-guide/vlan-tagging-explained-with-dtp-protocol.html
https://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pdf
https://digi.ninja/blog/abusing_dtp.php

Skill Level Beginner

Prerequisites: Basic knowledge of networking particularly with Linux, knowledge of basic Linux exploitation and privilege escalation.

Materials: Laptop, 8GB RAM, Kali as a base or a VM with all updates applied, a network card/interface which supports VLAN tagging (this is usually the case with most kit nowadays by default, but just in case!)

Max students: 24

Registration: https://www.eventbrite.com/e/attacking-layer-2-network-protocols-red-rock-i-tickets-63439506271
(Opens 8-Jul-19)

Erik Dul
Erik's first encounter with IT security was when he discovered the fascinating internals and configurability of ISDN NT boxes. Since then he has worked in various network security roles, spending the last few years as a penetration tester in the UK and Australia. He is currently heading up the offensive security team of PS+C Pure Hacking in Sydney. His main professional focus is scenario based and bespoke engagements, with particular interest in network and embedded device security. When not hard at work, you can find him somewhere close to the water, or playing tennis.

Troy Defty
Having worked in the UK InfoSec industry for around five and a half years at Deloitte and later Context Information Security, Troy abandoned a dreary sun-less London and has been working in the Australian industry out of Sydney for nearly a year with PS+C Pure Hacking. His interest and experience is largely in bespoke penetration testing engagements (red teaming, scenario-based assessments, etc.), with broad coverage across the penetration testing spectrum. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and being bad at golf.


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Sin City - Friday - 15:00-17:59


Title:
BADASS/Cyber SeXurity

An open discussion on agency, sexuality, and harassment/abuse in tech. What can we do, as a community, to make spaces safer for everyone? How can we encourage more sex positive discussions? Lets talk about it.

Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Friday - 13:40-14:20


Speaker: Dani Goland & Mohsan Farid

Twitter: @DaniGoland

Twitter: @Pwn__Star

Abstract: The interaction between attackers and defenders is like a ping pong game, and that is exactly how we did this research. On the offensive Mo will share his tools and tactics attacking AWS Infrastructures from Recon to Attacks to Post Exploitation on different services with a focus on Elastic Container Service(ECS). After each attack step, Dani will explain the defensive side and tools and tactics for hardening the AWS Infrastructure from Designing a secure Cloud Architecture to Detection to Hardening specific services like Docker containers on ECS. After the battle, we will both walk-through common misconfiguration problems, one-click solutions for monitoring and attack detection, and workflows for pentesters on AWS. One of the most important lessons from our research is the importance of the interaction between pentesters and developers/DevOps engineers, and how a few days of working side by side can help us secure our current systems and learn to develop future systems with security in mind.

Dani and Mohsan will demonstrate an entire kill chain on a hypothetical organization operating in an AWS environment and pivoting into their internal Active Directory network. The demonstration will cover reconnaissance methods for a cloud environment, an attack on a AWS hosted webserver that results in compromise of access keys. The access keys will be utilized to access a separate AWS service, followed by escalation of privileges to administrator. We will further demonstrate exfiltration methods, setting up persistence in AWS, and last but not least pivoting to the internal AD environment and obtaining Domain Admin privileges.

Many open source tools will be used as well as some custom python scripts on the offensive side, for example: TruffleHog for scanning for leaked keys on github, S3Scanner for enumerating S3 buckets, amass for DNS Mapping and Subdomain Enumeration, Cloud Mapper for reconnaissance and auditing, Prowler for assessing security, Pacu and Metasploit for exploitation, and more.

On the defensive side, we will introduce Open Source tools like HashiCorp Vault and AWS Parameter Store for secret management, NAXSI as an open source WAF, Vulnerability scanners for Docker, AWS KMS for creating and rotating keys for in-transit and at-rest data encryption, CloudTrail and CloudWatch for detection of suspicious activity and alarming, and more.

About Dani: At the age of 20 he founded his own boutique company for innovative software and hardware solutions. He is a certified AWS Cloud Solutions Architect. While gaining experience in business and finance, Dani did not neglect his hands-on capabilities in both making and breaking systems. Dani recently relocated from Israel to the United States to study Data Science at the prestigious UC Berkeley. During his studies, Dani found VirusBay, a collaborative malware research community which skyrocket amongst the global security community with over 2500 researchers. After serving in the Israeli Defense Forces as a commander of a Field Intelligence unit, Dani went on an 8-month journey across South America. He loves snowboarding, music concerts, and having crazy, breathtaking experiences such as spending 5 days in the Bolivian Jungle with no food or water.

About Mohsan: Mohsan has over 13 years of experience in cyber security. Mohsan has ran the gamut in the security space: from penetration testing for Rapid7 as a consultant, penetration testing for numerous federal agencies, pentesting mobile applications for HP, pentesting Fortune 500 companies, and contributing exploits to the Metasploit framework as well as contributing to open source projects. When Mohsan isn’t breaking things, he likes to travel the globe in search of incredible surf, scuba diving, rock climbing, hiking, and is an avid yogi.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 3 - Friday - 10:00 - 11:50


BEEMKA – Electron Post-Exploitation Framework

Friday from 10:00 – 11:50 in Sunset 3 at Planet Hollywood
Audience: Offense – Especially red teamers that want to establish persistence and egress data.

Pavel Tsakalidis

BEEMKA is a tool that allows Red-Teamers to establish persistence on a compromised host, or even egress data from the it. In addition, it allows them to execute code from within the context of the compromised application (Slack, Skype, WhatsApp, Bitwarden, VS Code) allowing them to access otherwise inaccessible data. Come find out how you can extract all passwords from Bitwarden, or how to egress all the source code files from VS Code!

https://github.com/ctxis/beemka/

Pavel Tsakalidis
Pavel is a security consultant for Context Information Security, based in London. Other than security related interests, hobbies include playing around with raspberry pi’s, making “books to read” lists that will never be read, and starting side-projects that never finish. Also, for 10 years he’s been a PHP developer therefore spends his extra time defending PHP.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Friday - 13:15-13:59


Behind the scenes of hacking airplanes

Speakers – Zoltan (@Csucsorr) and Ben (@0x62656E)

Synopsis

tl;dr We show how we hack planes for real without getting in any trouble
The session aims to provide insights on real-life experiences gathered from the security engineering tasks and assessments of modern aircraft systems.

Particular focus is placed on explaining how the interaction between safety and security is assessed and how responsible teams can interact and combine their diverse set of skills. Examples and technical overviews of the classes of systems, interfaces and audit methodologies are given to precisely demonstrate how work in this area is laid out and executed, and to emphasize their importance in the transportation industry.

Additionally, the talk will highlight the combined industry effort that currently goes into dealing with the changing security threats in modern aircraft from a technical audit and security engineering perspective.

About the Speakers

Zoltan is a Senior Aviation Security Consultant with F-Secure. He has been performing technical security assessments for various industries for the past 8 years. In recent years he has been a part of F-Secure’s transportation security team, specializing in aviation where he is performing penetration tests, security audits and technical product reviews on aircraft and ground components for both airlines and manufacturers.

Benjamin Nagel is an Aviation Security Consultant at the Cyber Security Services team of F-Secure. For ten years he focused on the convergence of information security and safety and specialized on engineering in the aviation domain. During the last years he did research on data loading solutions and the use of wireless communication in the aircraft domain. In his current role he is helping international aviation customers to tackle cyber security problems and he is involved in the EUROCAE WG-72 working group on the cyber security standards for the aviation industry.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 10:00-10:45


Behind the Scenes of the DEF CON 27 Badge

Friday at 10:00 in Track 1
45 minutes | Tool

Joe Grand (Kingpin)

Incorporating natural elements, complex fabrication techniques, and components rarely seen by the outside world, the DEF CON 27 Badge brings our community together through Technology's Promise. Join DEF CON's original electronic badge designer Joe Grand on a behind-the-scenes journey of this year's development process and the challenges, risks, and adventures he faced along the way.

Joe Grand (Kingpin)
Joe Grand, also known as Kingpin, is a computer engineer, hardware hacker, DEF CON badge designer (14, 15, 16, 17, 18, China 1, 27), teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com).

Twitter: @joegrand
Website: http://www.grandideastudio.com


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 10:00-10:45


Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware

Friday at 10:00 in Track 3
45 minutes

Olivier Bilodeau Cybersecurity Research Lead at GoSecure

Masarah Paquet-Clouston Cybersecurity Researcher at GoSecure

This talk is the grand finale of a four-year long investigation that started with analyzing an IoT botnet, to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media.

Adopting a bottom-up approach, the thorough methodology undertook to study the botnet will be presented: from building honeypots, infecting them with malware and conducting a man-in-the-middle-attack on the honeypots’ traffic to access the decrypted HTTPS content between the C&Cs and social networks. Then, the various investigative paths taken to analyze this large data set, leading to the discovery of industry actors involved in the supply chain of social media manipulation, will be presented. These investigative paths include traffic analysis, various OSINT approaches to reveal and understand actors, reverse-engineering the software that automates the use and creation of fake accounts, forum investigations, and qualitative profiling. All actors involved in the industry will be mapped, from malware authors, to reseller panels, and customers of fake popularity.

The potential profitability of the industry will then be discussed, as well as the revenue division in the chain, demonstrating that the ones making the highest revenue per fake follower sold are not the malware authors, but rather those at the end of the chain.

Olivier Bilodeau
Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, he enjoys attracting malware in honeypots, writing tools for malware research, reverse-engineering all-the-things and vulnerability research. Passionate communicator, Olivier has spoken at several conferences like BlackHat Europe, DefCcon, Botconf, SecTor, Derbycon, HackFest and many more. Invested in his community, he co-organizes MontréHack, a monthly workshop focused on applied information security, and NorthSec, Montreal's community conference and Capture-The-Flag.

Twitter: @obilodeau
Website: https://gosecure.net/blog/

Masarah Paquet-Clouston
Masarah Paquet-Clouston is a security researcher at GoSecure, a PhD student at Simon Fraser University in criminology and one of Canada’s decorated 150 scientific innovators. With her background in economics and criminology, she specializes in the study of markets behind illicit online activities. She published in several peer-reviewed journals, such as Social Networks, Global Crime and the International Journal for the Study of Drug Policy, and presented at various international conferences including Virus Bulletin, Black Hat Europe, Botconf and the American Society of Criminology.

Twitter: @masarahclouston
Website: https://gosecure.net/blog/


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 14:00-14:30


Bestsellers in the Underground Economy: Measuring Malware Popularity by Forum

Winnona DeSombre, Threat Intelligence Researcher at Recorded Future

While you can patch against malware infecting your tech stack or targeting your competitors, what about malware that hasn't been in the news? This presentation will cover what malware and tools are popular among underground forum members based on prevalence in forum ads, how malware presence differs between forums, and why understanding that difference matters.

Winnona DeSombre (Twitter: @__winn) is an Asia Pacific threat intelligence researcher at Recorded Future, focusing on Chinese underground hacking communities and East Asian cyber espionage campaigns. She was recently featured in Threatcare's "Tribe of Hackers" book, containing career advice from some of the world's best information security professionals.


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Mezzanine Stage - Friday - 13:00-14:59


Title:
Beverage Cooling Contest

No description available
Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 18:00-18:59


Beyond Sandboxes. How to Execute IoT Malware and Analyze Its Evolution

María José Erquiaga
Sebastian Garcia

Hacking is curiosity, discovering, and learning. This talk shares our experience executing and capturing the traffic for more than 4 years. We will show how we designed and deployed a Windows and IoT malware execution laboratory in our University to run malware for months and how we analyzed it to find novel attacks. Executing malware is sometimes clouded in mystery. We will show how to build, to setup a Windows execution environment and an IoT environment. The talk shows how to monitor in real time, store data, the legal implications, the network protections and how to find good malware samples.

María José Erquiaga (Twitter: @MaryJo_E) is a malware researcher from Argentina. She is researcher and teacher at the University of Cuyo, Mendoza Argentina. She is collaborator on the Stratosphere laboratory since 2015. She is a member of the Aposemat project, a joint project between the Stratosphere laboratory and Avast. This project aims to execute malware and capture it from honeypots. Maria's work has been focused on execute and analyze malware for IoT devices. Spoke at CACIC, ArgenCon, SIGCOMM, BotConf and Ekoparty.

Sebastian Garcia is a malware researcher and security teacher that has extensive experience in machine learning applied on network traffic. He created the Stratosphere IPS project, a machine learning-based, free software IPS to protect the civil society. He likes to analyze network patterns and attacks with machine learning. As a researcher in the AIC group of Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments. He was lucky enough to talk in Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, Security Sessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, Virus Bulletin, BSides Vienna, HITB Singapore, CACIC, etc. As a co-founder of the MatesLab hackspace he is a free software advocate that worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra) and biohacking.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 17:00-18:30


5:00 PM: Beyond the Firmware: A Complete View of the Attack Surface of a Networked Medical Device
Speaker: Dr. Avi Rubin

Abstract: Even a device with the most ironclad firmware can still be subject to a broad variety of attacks depending on its interaction with other external components. This presentation will examine commonly overlooked vulnerabilities in medical device deployments, with real-world examples discovered either during a certification process or through regulatory review. These vulnerabilities serve as cautionary examples of the extensive, but not always apparent, attack surface of medical devices.

Speaker Bio: Dr. Avi Rubin is a Professor at Johns Hopkins University, where he serves as the Technical Director of the JHU Information Security Institute. He is also the founder and director of the JHU Health and Medical Security Lab, where his work is advancing medical device security and healthcare networks.

T: @avirubin

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 16:00-15:59


Black Mirror: You are your own privacy nightmare – the hidden threat of paying for subscription services

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Concorde B Ballroom - Friday - 20:00-26:15


Title:
Blanketfort Con Party

Check your ego at the door, grab some building materials and join in the celebration of the creativity and originality that is the blanket fort. A host of DJs will be spinning from a pirate ship as you share and create your own unique environment.

Bring you dancing shoes, teddy bear, and, your woobie....

DJs:
@TinehAgent
@criznash
@SelectorMALiK
@icommitfelonies
and a special Guest DJ

All aboard!

Blanketfortcon.com
@blanketfortcon
Forum

Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Friday - 16:30-16:59


Blue Team Guide For Fresh Eyes

Friday 16:30, Savoy Ballroom, Flamingo (Blue Team Village) (30M)

@sopooped leveraged her development background, Christine builds tools to automate security for cloud environments as a Security & Tools Engineer. She's relatively new to the industry, so she provides a fresh pair of eyes. And with her colossal appetite to learn and execute, she's rapidly conquering the world!

The life of a blue-teamer is daunting. There are logs to sift through, tasks to automate, incidents to triage, vulnerabilities to manage, meetings to attend, coffee to drink, etc. Scenarios have moving parts, procedures might not be documented, and solutions can vary. At times, the responsibilities can be compared to an ever growing fire, and all there is a pail of water. How do you put out the flames if you're not a seasoned professional? This talk lays out existing challenges for those trying to break into the fast-moving world of defensive security and ways to tackle them. Included are anecdotes, highlights, and pro-tips.


Return to Index    -    Add to    -    ics Calendar file

 

BTVW - Flamingo - Lower Level - Valley Of Fire 2 - Friday - 16:00-17:59


Blue Teaming For Fun And The Sake Of Your Organization

Friday 16:00, Valley Of Fire 2, Flamingo (2H)

@sirmudbl00d is a cybersecurity enthusiast with a decade of information security experience. He is the founder of "Null Hat Security LLC", which focuses on incident response, SOC training and blue team engagements. O'Shea has worked and consulted for companies and clients in the space of federal government, Fortune 500, and international firms. He specializes in areas of incident response, network and systems security, security architecture and threat hunting. O'Shea founded Null Hat Security as he believes a greater focus should be placed on personal engagements with defenders to fine tune skill sets and knowledge of threats for best response efforts. O'Shea is also the co-founder of "Intrusion Diversity System", a bi-monthly hosted cyber security podcast.

This workshop will combine aspects of web application security, incident response, and threat hunting to combat attackers in an active campaign against your organization. We will incorporate the incident response life cycle to accurately respond to this fictitious attack along with providing tips and techniques that may be leveraged to aid in response efforts. There is also an aspect of web application security featured in presenting bad SDLC practices that may lead to an attacker gaining entry to an organization's systems.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 16:30-16:50


Breaking The Back End! It Is Not Always A Bug. Sometimes, It Is Just Bad Design!

Friday at 16:30 in Track 3
20 minutes | Demo, Exploit

Gregory Pickett Cybersecurity Operations, Hellfire Security

Reverse engineering is critical to exploitation. However, going through the process of reverse engineering can often lead to a great deal more than just uncovering a bug. So much so that you might find what you need for exploitation even if you don't find a bug.

That’s right. If you go through object data, object representation, object states, and state changes enough you can find out quite a lot. Yes. Poor application logic is a bitch. Just ask any application penetration tester. This time it is not the magstripe. It’s appsec and you will get to see how application attacks can be used against a hardware platform.

In this talk, I will go through the journey that I took in reverse engineering the public transportation system of an east asian mega-city, the questions that I asked as I wondered “How does this work?”, the experiments that I ran to answers those questions, what I learned that lead me to an exploit capable of generating millions of dollars in fake tickets for that very same system, and how other designers can avoid the same fate. Not without risk, this research was done under a junta so I will also be telling you how I kept myself out of jail while doing it. Please join me. You won’t want to miss it.

Gregory Pickett
Gregory Pickett CISSP, GCIA, GPEN has a background in intrusion analysis for Fortune 100 companies but now heads up Hellfire Security’s Managed Security Services efforts and participates in their assessment practice as a network security subject matter expert. As a security professional, his primary area of focus and occasional research is networks with an interest in using network traffic to better understand, to better defend, and sometimes to better exploit the hosts that live on them. He holds a B.S. in Psychology which is completely unrelated but interesting to know. While it does nothing to contribute to how he makes a living, it does demonstrate how screwed up he actually is.

Twitter: @shogun7273
Website: https://sourceforge.net/u/shogun7273/profile/


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 1 - Friday - 14:00 - 15:50


Browser extension to hunt low hanging fruits (Hacking by just browsing)

Friday from 14:00 – 15:50 in Sunset 1 at Planet Hollywood
Audience: Bug bounty hunters, Penetration testers, developers, open source contributors

Rewanth Cool

Automated scanners won’t yield you bugs these days. They take tens of hours to get completed and with too with a high false rate. You need a minimal smart scanner with easy installation, easy configuration, and relatively high accuracy while hunting for bugs. This talk is focused on creating such a browser extension to yield better results in less time. The browser extension requires less manual effort and produces more accurate results in just a few seconds.

https://github.com/rewanth1997/vuln-headers-extension

Rewanth Cool
Rewanth Cool is a security consultant at Payatu Software Labs, India. Speaker at HITB (twice), Positive Hack Days(PHDays), CRESTCon, Bsides, Null Pune and trainer at MIT Pune. He is a programmer and open source contributor. Currently, he is focused on vulnerability research, web application security and contribution to security tools apart from his ongoing research on Machine Learning. One of his finest works include his collaboration with Nmap maintainer, Daniel Miller a.k.a bonsaviking and added 17,000 lines of code to Nmap.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 11:40-12:20


COMPREHENSIVE TALK

Building an OSINT and Recon Program to address Healthcare Information Security issues

1140 - 1220


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Friday - 13:00-13:59


Bypassing MacOS Detections with Swift

This talk is centered around red teaming in MacOS environments. Traditionally, MacOS post exploitation has largely been done in python. However, as defender tradecraft continues to evolve with detecting suspicious python usage on MacOS, we (as red teamers) should consider migrating to different post exploitation methods. In this talk, I will share why the Swift language can be beneficial for red teaming macOS environments. I will also share some macOS post exploitation code I have written using the Swift programming language and contrast detection techniques between python and Swift based post exploitation.

High Level Outline:
- Intro
- Why Is This Talk Relevant to Red (and Blue) Teamers?
- Why Migrate Away from Python-Based MacOS Post Exploitation?
- Examples of Python-Based Post Exploitation
- Python-Based Post Exploitation Artifacts
- Brief Overview of Swift
- Why Use Swift For MacOS Post Exploitation?
- Examples of macOS post exploitation in Swift
- Share my Swift-based post exploitation code for red teamer use
-Q&A

About Cedric Owens: Cedric is an offensive security engineer with a blue team background. His passion revolves around red teams and blue teams working closely together to improve each other's tradecraft. Cedric enjoys writing useful red team utilities and periodically writing posts that are of interest to red and blue team team members on his blog at https://medium.com/red-teaming-with-a-blue-team-mentaility
Twitter: @cedowens


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 16:30-16:50


Can You Track Me Now? Why The Phone Companies Are Such A Privacy Disaster

Friday at 16:30 in Track 2
20 minutes

U.S. Senator Ron Wyden U.S. Senator from Oregon. Senate Finance Ranking Member

Amidst the current public outcry about privacy abuses by corporate america, one sector has received far less scrutiny than it deserves: phone companies. America’s phone companies have a hideous track record on privacy. During the past two decades, these descendants of “Ma Bell” have been caught, repeatedly, selling (or giving away) their customers’ sensitive data to the government, bounty hunters, private investigators, data brokers, and stalkers.

The DEFCON community is familiar with the phone companies’ role in the Bush-era “warrantless wiretapping” program and the NSA’s surveillance of telephone metadata, revealed by Edward Snowden. Far fewer people know that the carriers were also willing participants in a massive Drug Enforcement Administration (DEA) spying program, which the government quietly shut down after two decades in 2013.

Even less well-understood is how these corporations reap profits by selling our information to the private sector. As just one example, the carriers for years used shady middlemen to provide nearly unlimited access to Americans’ location data to anyone with a credit card.

Join Oregon Senator Ron Wyden to learn why the phone companies have gotten one free pass after another, and what he’s doing to hold them accountable.

U.S. Senator Ron Wyden
Sen. Ron Wyden is the foremost defender of Americans’ civil liberties in the U.S. Senate, and a tireless advocate for smart tech policies. Years before Edward Snowden blew the whistle on the dragnet surveillance of Americans, Wyden warned that the Patriot Act was being used in ways that would leave Americans shocked and angry, and his questioning of NSA Director James Clapper in 2013 served as a turning point in the secret surveillance of Americans’ communications.

Since then, Wyden has fought to protect Americans’ privacy and security against unwanted intrusion from the government, criminals and foreign hackers alike. He has opposed the government’s efforts to undermine strong encryption, proposed legislation to hold companies accountable for protecting their users’ data, and authored legislation with Rand Paul to protect Americans’ Fourth Amendment rights at the border.

Wyden is a senior member of the Senate Select Committee on Intelligence and the top Democrat on the Senate Finance Committee. He lives in Portland, Oregon.

Twitter: @RonWyden
Website: https://www.wyden.senate.gov/meet-ron


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 15:00-15:45


Change the World, cDc Style: Cow tips from the first 35 years

Friday at 15:00 in Track 2
45 minutes

Joseph Menn Author, Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World (PublicAffairs, June 2019)

Peiter Mudge Zatko

Chris Dildog Rioux

Deth Vegetable

Omega

The Cult of the Dead Cow changed the culture of the entire security industry, the attitude of companies who had ignored risks, and even how the feds dealt with hackers. In this session, four key figures from the group’s first 35 years will cover their greatest hits and screw-ups, highlighting the lessons for other hackers out to make a difference.

They will be questioned by Joseph Menn, whose new book on the group shows how it evolved from a network of bulletin board operators to the standard-bearers of hacker culture. cDc Minister of Propaganda Deth Vegetable and long serving text-file editor Omega will appear for the first time under their real names, covering the group’s formative years and how it handled such recent controversies as WikiLeaks, neo-Nazis, and the presidential candidacy of cDc alum Beto O’Rourke.

cDc tech luminaries Zatko and Rioux will discuss the release of Back Orifice at Def Con in 1998, which allowed non-hackers to hijack Windows machines, drawing worldwide attention to the insecurity of Microsoft’s operating system, and Rioux’s pathbreaking sequel, Back Orifice 2K, which prompted Microsoft to hire hackers as security consultants, including those from Zatko and Rioux’s @stake. Zatko will share insights from leading inside the government, where he ran cybersecurity grantmaking at DARPA, the people who brought you the internet. And Rioux will explain what’s possible in the private sector, where he co-founded unicorn Veracode, which dramatically improved code review by major software buyers.

Joseph Menn
Joseph Menn has just published Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. He is an investigative reporter on security, and has covered the issue since 1999 at the Los Angeles Times, Financial Times and most recently Reuters. His previous books include Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet and All the Rave: The Rise and Fall of Shawn Fanning’s Napster.

Twitter: @josephmenn Website: https://www.facebook.com/Joseph-Menn-author-of-Cult-of-the-Dead-Cow-and-Fatal-System-Error-178879563940/

Peiter Mudge Zatko
Mudge fronted the pioneer hacker space the L0pht and turned it into a venture-backed security business @Stake. He led sensitive government work at BBN and cybersecurity at DARPA before joining Google to work on special projects. He also led security at Stripe and founded Cyber-ITL, an independent testing lab for software security.

Twitter: @dotMudge

Chris Dildog Rioux
Rioux was the first employee of the L0pht, updated password cracker L0phtcrack, stayed with @stake through its acquisition by Symantec and founded Veracode.

Twitter: @dildog

Deth Vegetable
Veggie took a break to go to graduate school in archaeology. He’s back now.

Twitter: @dethveggie

Omega
Omega has been very quietly working in security for a long time.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Friday - 17:00-17:30


Changium IPiosa: most magical change IP packets in the wild

August 9, 2019 5:00 PM

In our talk we will present some of the most ecsotic 'Change IP' packets for PLCs from various ICS protocols and investigate into why each vendor chose to implement it in one way or another. Furthermore, we will show how one can easily detect, prevent, and be protected against these change IP requests with applying custom snort rules.

Speaker Information

Panelist Information

Sharon Brizinov

Claroty

Sharon Brizinov is a security researcher at Claroty and is responsible for finding new attack vectors in the ICS domain. Brizinov has 6+ years of unique experience with network security, malware research and infosec data analysis.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 4 - Friday - 14:00 - 15:50


Chaos Drive, because USB is still too trustworthy

Friday from 14:00 – 15:50 in Sunset 4 at Planet Hollywood
Audience: Offense, Social Engineers, Hardware, Privacy

Mike Rich

If you’ve never thought USB devices could become even less trustworthy, then this is the talk for you. We already know USB devices might try to automatically run code when connected, or act like a hyperactive keyboard and mouse, or attempt to physically destroy the host, or masquerade as an innocent charging/data cable. But it can, actually, get worse. Say hello to the Chaos Drive, a USB drive with just a little too much chaotic energy. I’ll demonstrate how a Linux-based USB mass storage device can be set up to change the storage it presents to the host based on a set of user-defined conditions. On the offensive side this can be used to circumvent USB scanning procedures and on the defensive side this can be used to store private files that will be undetectable without time-consuming analysis. Attendees will learn the steps I took to build the POC and see what it can do. For best results bring a USB OTG-capable device such as a Pi Zero or Pocketbeagle, an OTG cable, and some spare microSD cards to flash.

Mike Rich
I’m a blue-team lead professionally. I delight in thinking of ways to defeat my own processes and then admitting these flaws publicly. I spoke at DEF CON 24 about using copiers to load code on closed networks, at the Lockpick Village at DEF CON 26 about exploiting human laziness on multi-dial combination locks, and at BSidesLV 2018 on quantitative risk analysis. Lastly, I'm the only person I've ever met that's literally been bitten by an otter. You think they are cuddly and cute; I think they are underestimated aquatic apex predators.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Friday - 12:20-12:59


Speaker: Sean Metcalf

Twitter: @PyroTek3

Abstract: The cloud is compelling and in many cases necessary for organizations to effectively operate.

Cloud security on the other hand is not as clear. Many cloud services need a hook into the on-premises environment in order to synchronize users and groups. Additionally, the cloud security controls vary by provider in availability, capability, and cost. This results in a disjointed view of user authentication, security, and potential configuration issues.

This talk explores some common cloud configuration scenarios and the associated security issues.

About Sean: Sean Metcalf is founder and principal consultant at Trimarc (www.TrimarcSecurity.com), a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a Microsoft MVP, and has presented on Active Directory & Microsoft Cloud attack and defense at Black Hat, BSides, DEF CON, DerbyCon, Microsoft BlueHat, Shakacon and Walmart Sp4rkCon security conferences. He currently provides security consulting services to customers and posts interesting Active Directory security information on his blog, ADSecurity.org


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 5 - Friday - 14:00 - 15:50


Combo Password

Friday from 14:00 – 15:50 in Sunset 5 at Planet Hollywood
Audience: Defense

Fabian Obermaier

Combo Password is a PoC for using (as the name suggests) key combinations in passwords. There is one nice implication that might justify the increased complexity and other possible gripes: Compared to a normal password, a combo password of the same length has far more possible combinations. This effect is increasing with password length and the number of usable keys. With three available keys and a length of two there are 9 combinations for normal passwords and 15 for combo passwords. Increasing the length to three we get 27 vs 69 combinations. This could lead to less strict password requirements while increasing the security. The goal of this project is to develop a free standard, a browser plugin for using combo passwords in regular login forms and implementations for popular languages, frameworks and PAM. Visit Demo Labs and try to break a real hackers password, there will be a small reward for the fastest brute force tool!

http://combo-pw.tech/

https://gitlab.com/FalkF/combopassword

Fabian Obermaier
Fabian Obermaier is a software engineer specializing in web technology. He is currently working in the health sector and visits DEF CON to see if his claims hold up against a crowd of hackers. His passions include free and open source soft- and hardware, the web and it's security.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Planet Hollywood - Firesides Lounge - Friday - 20:00-21:59


D0 N0 H4RM: A Healthcare Security Conversation

Friday at 20:00 in Firesides Lounge
120 minutes

Christian “quaddi” Dameff Medical Director of Security at The University of California San Diego

Jeff “r3plicant” Tully MD Anesthesiologist at The University of California Davis

Suzanne Schwartz MD Associate Director for Science and Strategic Partnerships at the US Food and Drug Administration FDA

Marie Moe PhD Researcher and Hacker

Billy Rios Founder of Whitescope

Jay Radcliffe Security Researcher at Thermo Fisher Scientific

Technology’s promise flows within medicine like blood through veins. With every drip of life-saving medicine given to the smallest babies, with every paced beat of a broken heart, connected tech has changed the way we treat patients and offers near limitless potential to improve our health and wellness. But it’s taken an army of dedicated protectors to ensure that such promise isn’t outweighed by peril- and hackers are fighting on the front lines to safeguard medical devices and infrastructure so they remain worthy of our trust. Join docs quaddi and r3plicant as they once again curate a selection of medicine’s finest hackers and allies for D0 N0 H4RM- the uniquely DEF CON conversation between the unsung heroes in the healthcare space- security researchers and advocates working to protect patients one broken med device at a time. Spun from an off-con hotel room gathering between friends into progressively in demand talks at DC 25 and 26, we’ve returned to bring you insight and inspiration- divorced from the spin and formality of an increasingly industry-saturated landscape- from the people whose primary goal is to kick ass and save lives.

Christian “quaddi” Dameff
Christian (quaddi) Dameff MD is an emergency medicine doctor, former open capture the flag champion, prior DEF CON/RSA/Blackhat/HIMSS speaker, and security researcher. He is currently the Medical Director of Cybersecurity at The University of California San Diego. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Published security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his fifteenth DEF CON.

Twitter: @CdameffMD

Jeff “r3plicant” Tully MD
Jeff (r3plicant) Tully is an anesthesiologist, pediatrician and security researcher with an interest in understanding the ever-growing intersections between healthcare and technology.

Twitter: @JeffTullyMD

Suzanne Schwartz MD
Dr.Suzanne Schwartz’s programmatic efforts in medical device cybersecurity extend beyond incident response to include raising awareness, educating, outreach, partnering and coalition-building within the Healthcare and Public Health Sector (HPH) as well as fostering collaborations across other government agencies and the private sector. Suzanne has been recognized for Excellence in Innovation at FDA’s Women’s History Month on March 1st 2018 for her work in Medical Device Cybersecurity. Suzanne chairs CDRH’s Cybersecurity Working Group, tasked with formulating FDA’s medical device cybersecurity policy. She also co-chairs the Government Coordinating Council (GCC) for the HPH Critical Infrastructure Sector, focusing on the sector’s healthcare cybersecurity initiatives.

Marie Moe PhD
Dr. Marie Moe cares about public safety and securing systems that may impact human lives, this is why she joined the grassroots organisation “I Am The Cavalry". Marie is a Research Manager at SINTEF, the largest independent research organisation in Scandinavia, and has a PhD in information security. She is also an Associate Professor at the Norwegian University of Science and Technology. She has experience as a team leader at NorCERT, where she did incident handling of cyberattacks against Norway’s critical infrastructure. She is currently doing research on the security of her own personal critical infrastructure, an implanted pacemaker that is generating every single beat of her heart. Marie loves to break crypto protocols, but gets angry when the broken crypto is in her own body.

Twitter: @MarieGMoe

Billy Rios
Billy is the founder of Whitescope LLC, a startup focused on embedded device security. Billy is recognized as one of the world’s most respected experts on emerging threats related to Industrial Control Systems (ICS), Critical Infrastructure (CI), and, medical devices. He discovered thousands of security vulnerabilities in hardware and software supporting ICS and critical infrastructure. Billy provided the research that led to the FDA’s first cybersecurity safety advisory and research which helped spur the FDA’s pre-market cybersecurity guidance. Billy is a contributing author to Hacking: The Next Generation, The Virtual Battlefield, and Inside Cyber Warfare. He currently holds a Master of Science in Information Systems, an MBA, and a Masters of Military Operational Arts and Science.

Twitter: @XSSniper

Jay Radcliffe
Jay Radcliffe (CISSP) has been working in the computer security field for over 20 years. Coming from the managed security services industry as well as the security consultation field, Jay has helped organizations of every size and vertical secure their networks and data. Jay presented ground-breaking research on security vulnerabilities in multiple medical devices and was featured on national television as an expert on medical device cybersecurity. As a Type I diabetic, Jay brings a lifetime of being a patient to helping medical facilities secure their critical data without compromising patient care. Not only is Jay a prolific public speaker, but also works with legal firms on expert witness consultation related to IoT and cybersecurity issues. Jay holds a Master's degree in Information Security Engineering from SANS Technology Institute, as well as a Bachelor's degree in Criminal Justice/Pre-Law from Wayne State University. SC Magazine named him one of the Top Influential IT Security Thinkers in 2013.

Twitter: @JRadcliffe02


Return to Index    -    Add to    -    ics Calendar file

 

BTVW - Flamingo - Lower Level - Valley Of Fire 2 - Friday - 09:00-12:59


Deep Infrastructure Visibility With Osquery And Fleet

Friday 09:00, Valley Of Fire 2, Flamingo (4H)

@thezachw has been involved with osquery since the earliest design documents in 2015. He has brought his extensive experience to the delivery of core features such as AWS logging and syslog consumption in osquery, as well as the development Kolide Fleet, the most popular open-source osquery Fleet manager. These days he can be found cheerfully helping out users in the osquery community, or developing features for Fleet. As the founder of Dactiv LLC, he consults with technical organizations to reap the benefits of Fleet and osquery.

This workshop is an introduction to building first-class host instrumentation capabilities with open-source technologies supported by leading security practitioners. Learn the ins and outs of Facebook’s osquery agent, exposing information from hundreds of sources across the major operating systems (Mac, Windows, and Linux). See how to tie this together across the infrastructure with Kolide’s Fleet. Throughout the workshop we will interact with osquery in example scenarios in order to build hands-on experience with these tools. We will begin with a dive into the capabilities of osquery. A brief introduction to the structured query language (SQL) used in osquery will be provided. Using this query language, we will learn to extract basic data, and move on to more advanced ways to associate data across subsystems. We will discuss the scheduled query facilities of osquery and how these can be tied into a logging and alerting pipeline. When we have built some familiarity with osquery, we will look at how to utilize these capabilities across the managed infrastructure. We will cover how to manage configurations and live query individual and groups of hosts with Kolide Fleet. The discussion of Fleet will be rounded out with an introduction to the command line interface, with suggestions for how to integrate with automation and source-control workflows.


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Paris - Outside at base of Eiffel Tower - Friday - 06:00-06:59


Title:
DEFCON 27 4X5K run

DEF CON 27 Let's go for a run 4X5K Announcement
The 4X5K is returning to DefCon 27. Come running, because maybe you like your mornings sweaty! 0530 is the perfect time to either wind down your evening or start up your day! 0600 is of course the coolest time for a run in Vegas (It's only 80!) But who really cares, running is fun, let's go for a run!

Meet up at 0600 (6 AM) at the base of the Paris Hotel and Casino Eiffel tower outside on Thursday-Sunday (8/9-8/12/2019) for 5.1K fun run. Run departs at 0610. We've got two pace groups. The fast group is for people that run an average pace of around 9:00-minute miles or better. If you run slower than an average pace of 9:00-minute miles you're in the not fast group. This is basically so everyone ends up in the same place at the end. At either pace, do it all four days and it's a half marathon (21K).

Routes will vary but will mostly likely be strip-centric. Printed route maps will be displayed before the run.

Safety Brief: It's Vegas, weird stuff will happen, it always does. Be aware that wet concrete is super slippery, broken glass is not your friend, and randos abound! If people harass you, just keep running. You are fast, and they are lame. Some random people may want to join in. This is cool, until it's not. Watch for traffic along the route. It's going to be hot. Hydrate before, during, and after. There can be a surprising number of stairs to climb on these runs, especially when we run south along the strip. Help each other out. Don't die.

The organizers (of which there are very few) are interested in talking to sponsors and past attendees about how we can awesome up this event. We're looking at you, fitness tracker companies: maybe we'll stop dropping 0days if you buy us some water and bananas.

I will see you there.

Follow @Agent __ X __ & @whereiskurt on Twitter for updates, and follow the hashtag #DEFCON4X5K
DEF CON 27 Let's go for a run 4X5K Announcement

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock VII - Friday - 14:30-18:30


Defending environments and hunting malware with osquery

Friday, 1430-1830 in Flamingo, Red Rock VII

Guillaume Ross Hacker

In this workshop, you will learn how to defend Linux and Windows environments with osquery, using techniques that could easily be adapted to Mac and containerized environments. Then, we will look at how we can leverage osquery to hunt for malware and attackers, as well as how we could use osquery in a controlled environment to do some basic malware analysis.

We will cover osquery deployment scenarios and configurations as well as ways we can implement it to improve the security of servers and workstations.

Specifically, we will use osquery to monitor specific security configurations, detect lateral movement, detect malware, and even see how we can use it in lab environments to analyze malware.

If you have never used osquery before, this workshop will get you started. If you have used osquery before, this workshop will help you get the most out of it, by allowing you to develop queries and an understanding of the schema and how it can be applied to protect environments and detect attacks.

The topics covered will include:

* Setup, configuration and flags
* Logging results
* Building simple to complex queries
* Monitoring for lateral movement
* Tracking important security configurations on Windows and Linux
* Detecting malware
* Performing basic malware analysis on a VM with osquery

Skill Level Beginner

Prerequisites: Basic understanding of Linux and Windows. Mac and Docker optional. No knowledge of osquery itself is needed.

Materials: A computer with a SSH and RDP client. Linux and Windows systems in the cloud will be provided. Local Linux and Windows VMs are welcome as well, but not necessary.

Max students: 60

Registration: https://www.eventbrite.com/e/defending-environments-and-hunting-malware-with-osquery-red-rock-vii-tickets-63606251009
(Opens 8-Jul-19)

Guillaume Ross
Guillaume has worked as a security engineer and consultant, as a manager of blue teams, and way before that, as an enterprise IT person focused on endpoints. Guillaume is currently the Principal Security Researcher at Uptycs, finding new ways to defend systems using the power of osquery. He is also a trainer for Pluralsight, producing training content around topics such as network security monitoring.

Having worked for startups as well as Fortune50 companies, he knows how to build a security program, but having had to do the work, he also dislikes doing meaningless "best practices" work that has no practical value, and really enjoys leveraging the great open source software available to all of us.

Guillaume has spoken and given workshops at various conferences like BSidesLV, Thotcon and Northsec on many topics, including mobile security, endpoint security, logging and monitoring and much more.


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Friday - 15:00-15:59


Detection At Google: On Corp And Cloud

Friday 15:00, Savoy Ballroom, Flamingo (Blue Team Village) (1H)

@fryx0r is a Security Engineer on Google's detection and response team. He works out of the Sydney office, having previously worked for the Department of Defence, FireEye and Commonwealth Bank. He enjoys writing Golang and making memes, and in his spare time travels around the world running Magic the Gathering tournaments.

@JSteeleIR is a Security Engineer with 6+ years of experience in Detection, Response, Forensics, Reverse Engineering, and Automation. Some of that's been at Google. Some has been in the cloud. Some of it was good. When not sparring in the cyberspaces, he can be found camping, collecting odd input devices (possibly using those to reimplement the less PAGER in Golang) or attempting (and failing) to sleep on a normal schedule.

An overview of detection at Google: An introduction to Google's Blue team and its technologies, and how we use currently available tools to investigate on Google Cloud (GCP). We will cover the structure and setup of our team; give a detailed explanation of the main tools and services we use (with an emphasis on the ones that are open source, so you can use them yourself); and delve deeply into how to do detection on GCP - going beyond finding simple misconfigurations and instead detailing how to use available tools and logs to increase visibility and find badness.


Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Friday - 13:00-13:59


Title:
Discussion Of State Election Security Policy


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Concorde B Ballroom - Friday - 19:30-25:59


Title:
Diversity Party

hacker outreach event

Follow T:@DefConOwasp for updates

Swing by to connect with others.
Come and meet cool groups and crews, we encourage you to come and take a space at the event : )

Come hang and meet others, make new friends, see what others are working on : )

Learn about & meet organizations that are working to bring empowerment and inclusion to the hacker community.

We are next to Blanket Fort Con: )

Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 11:00-11:45


Don't Red-Team AI Like a Chump

Friday at 11:00 in Track 1
45 minutes | Demo, Tool

Ariel Herbert-Voss PhD student, Harvard University

AI needs no introduction as one of the most overhyped technical fields in the last decade. The subsequent hysteria around building AI-based systems has also made them a tasty target for folks looking to cause major mischief. However, most of the popular proposed attacks specifically targeting AI systems focus on the algorithm rather than the system in which the algorithm is deployed. We’ll begin by talking about why this threat model doesn’t hold up in realistic scenarios, using facial detection and self-driving cars as primary examples. We will also learn how to more effectively red-team AI systems by considering the data processing pipeline as the primary target.

Ariel Herbert-Voss
Ariel Herbert-Voss is a PhD student at Harvard University, where she specializes in adversarial machine learning, cybersecurity, mathematical optimization, and dumb internet memes. She is an affiliate researcher at the MIT Media Lab and at the Vector Institute for Artificial Intelligence. She is a co-founder and co-organizer of the DEF CON AI Village, and loves all things to do with malicious uses and abuses of AI.

Twitter: @adversariel


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Friday - 10:00-10:45


Duplicating Restricted Mechanical Keys

Friday at 10:00 in Track 4
45 minutes | Exploit

Bill Graydon President and Principal, Physical Security Analytics

Robert Graydon Principal, GGR Security

Secure facilities in North America use lock systems like Medeco, Abloy, Assa and Mul-T-Lock partly to resist lock picking, but also to prevent the duplication and creation of unauthorised keys. Places such as the White House and the Canadian Parliament buildings go so far as to use a key profile exclusive to that facility to ensure that no-one is able to obtain key blanks on which to make a copy. However, there are tens of thousands of unrestricted key blank profiles in existence - many match very closely to these restricted key blanks, and can be used instead of the real blanks to cut keys on. Moreover, keys are just pieces of metal - we will present numerous practical techniques to create restricted keys without authorisation - including new attacks on Medeco, Mul-T-Lock and Abloy key control systems. We will touch on all aspects of key control, including patents and interactive elements, and discuss how to defeat them and how facility managers can fight back against these attacks.

Bill Graydon
Bill Graydon is a principal at GGR Security Consultants, and is active in research in electronic surveillance and alarm systems, human psychology in a secure environment and locking systems analysis. He received a Masters in computer engineering and a certificate in forensic engineering from the University of Toronto, applying this at GGR to develop rigorous computational frameworks to model and improve security in the physical world.

Website: https://ggrsecurity.com/DEFCON

Robert Graydon
Robert is a principal at GGR security. With a strong interest driving him forward, he is researching lock manipulation, picking, bypass, and other vulnerabilities, to discover and evaluate possible flaws or methods of attack. He has well-honed skills such as lock picking, decoding, locksmithing, as well as a thorough understanding of the mechanics and function of many types of high security locks, and electronic security systems and components, allowing him to effectively search for and test methods of cracking high security systems.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 1 - Friday - 12:00 - 13:50


EAPHammer

Friday from 12:00 – 13:50 in Sunset 1 at Planet Hollywood
Audience: Offensive security professionals, security analysts and network administrators, executive leadership, end-users

Gabriel Ryan

EAPHammer is a toolkit for performing targeted rogue access point attacks against enterprise wireless infrastructure. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus has been placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration.

This summer will mark the third anniversary of EAPHammer since it was released at DEF CON Demo Labs and BlackHat Arsenal in 2017. It's also the most exciting and complete version of the tool yet, with the addition of a number of features that were requested directly by users at Demo Labs in 2018.

EAPHammer now supports most of the bleeding edge attacks that have been discovered by the wireless community over the past few years, including:

- WPA3 Transition Mode and Security Group Downgrade Attacks
- Reflection and Invalid Curve attacks against EAP-pwd
- GTC-Downgrade, Fixed Challenge, and EAP Relay attacks against WPA/2-EAP
- PMKID attacks against WPA/2-PSK networks
- Known Beacons Attack and Legacy SSL Support
- External Certificate Handling and Import

Perhaps most excitingly, we've also included some never-before-seen attacks against Opportunistic Wireless Encryption (OWE), which is better known as "Enhanced Open".

https://github.com/s0lst1ce/eaphammer

Gabriel Ryan
Gabriel Ryan is an offensive security R&D and consultant at SpecterOps. He is the author of EAPHammer, a toolkit for performing targeted rogue access point attacks against enterprise wireless networks. Gabriel has presented at DEF CON, DerbyCon, Hackfest, and several Security BSides conferences on topics ranging from infrastructure security to access control protocols and red team tradecraft. His professional interests include wireless security, systems internals, low-level programming, and infrastructure automation.


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Mezzanine Stage - Friday - 17:00-18:59


Title:
EFF Trivia

No description available
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 10:15-10:59


10:15 AM: Employ Cybersecurity Techniques Against the Threat of Medical Misinformation
Speaker: Eric D Perakslis

Abstract: Medical misinformation has been labeled as one of the greatest public health threats of our time. Previously eradicated diseases, such as measles are occurring in clusters and causing deaths. The problem is complex with a mixture of private individuals and nation state actors all working to undermine the credibility of doctors and the US health system. In this piece, I will discuss our JAMA piece that calls for the use of an ethical cyber response to the threat of medical misinformation.

Speaker Bio: Eric Perakslis, PhD, is a Rubenstein Fellow at Duke University, where he focuses on data science that spans medicine, policy, information technology, and security. Eric is also Lecturer in Biomedical Informatics at Harvard Medical School, and Strategic Innovation Advisor to Mdecins Sans Frontires.

T: @eperakslis

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 13:00-12:59


Enabling HTTPS for home network devices using Let’s Encrypt

No description available


Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Friday - 14:00-14:59


Title:
Ethics And Federal Election Security Policy


Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Friday - 15:00-15:59


Title:
Ethics Discussion with Congressional Staffers


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Friday - 11:00-11:45


Evil eBPF In-Depth: Practical Abuses of an In-Kernel Bytecode Runtime

Friday at 11:00 in Track 4
45 minutes | Demo, Exploit

Jeff Dileo Research Director, NCC Group

eBPF (or "extended" Berkeley Packet Filter) is a bytecode instruction set and virtual machine used as a safe computing environment within the Linux kernel to perform arbitrary programmatic actions. It is a redesign of Linux's original in-kernel BPF bytecode VM used to power features like tcpdump filters. eBPF has an entirely different set of capabilities and instructions, with its primary goal being to serve as a JIT-able virtual machine instruction set that can be targeted by compilers of a memory-safe "restricted C" language. In the Linux kernel, it is actively being applied to anything and everything to provide performant programmatic capabilities to userland that extend traditionally kernel-based functionality.

In this exploit development focused talk, we will first introduce eBPF and discuss several nefarious techniques enabled by the technology. As we do so, we will cover the respective sets of APIs, file descriptor types, and other eBPF machinery that enable such techniques, building up from various forms of hidden IPC channels to full-fledged rootkits. Within this talk, we will walk through the implementations of the techniques we discuss so that attendees will walk away with the knowledge of how to implement their own variants. Along the way we will discuss novel container breakout techniques and interesting "dual-purpose" eBPF features that enable the development of mutative syscall hooks that work for processes that work for processes already attached by a debugger. Finally, we will provide insight on how defenders should begin to attempt to detect and recover from such abuses, when possible at all.

This presentation significantly extends on work we first presented at 35C3, which focused more heavily on the underlying aspects of general eBPF-based kernel tracing. In contrast, this talk will demo new techniques and include substantially improved versions of techniques presented previously as proofs-of-concept.

Jeff Dileo
Jeff Dileo (chaosdata) is a security consultant by day, and sometimes by night. He hacks on embedded systems, mobile apps and devices, web apps, and complicated things that don't have names. He likes candy and arguing about text editors and window managers he doesn't actually use.

Twitter: @chaosdatumz


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock I - Friday - 10:00-13:59


Evil Mainframe Jr: Mainframe hacking from recon to privesc

Friday, 1000-1400 in Flamingo, Red Rock I

Soldier of Fortran Hacker

Big Endian Smalls Director of North American Operations for RSM Partners

Mainframes power every industry you care about. Yet hackers have no idea how to even begin approaching this these big iron beasts. Where do you even start? VTAM? CICS? TSO? This workshop aims to give you the tools and language you can use to hack a mainframe. Starting with reconnaissance and ending with privilege escalation this workshop will walk you through all the tools and techniques you can use to hack a mainframe in 2019. Students will be introduced to the platform by being allowed to explore the operating system and allowing students to understand the weaknesses within. Students will also get introduced to open source tools and libraries available for all the steps of a penetration test including Nmap, metasploit, python scripts, REXX scripts and even HLASM. The majority of the workshop will be spent performing instructor led hands on mainframe testing with the tools available. Goals for each segment will be laid out with appropriate time afforded to students to allow them the ability to gain a deep understanding of how a test could and should be performed. Exercises will be based on real world attack scenarios developed by the trainers. This training specifically focuses on z/OS.

Skill Level Intermediate

Prerequisites: Background in penetration testing/red team and knowledge of tools like nmap, metasploit and scripting languages like Python/Ruby

Materials: Laptop capable of running a VM, power for their laptop.

Max students: 24

Registration: https://www.eventbrite.com/e/evil-mainframe-jr-mainframe-hacking-from-recon-to-privesc-red-rock-i-tickets-63439560433
(Opens 8-Jul-19)

Soldier of Fortran
Philip Young, aka Soldier of FORTRAN, is a leading expert in all things mainframe hacking. Having spoken and taught at conferences around the world, including DEFCON, RSA, BlackHat and keynoting at both SHARE and GSE Europe, he has established himself as the thought leader in mainframe penetration testing. Since 2013 Philip has released tools to aid in the testing of mainframe security and contributed to multiple opensource projects including Nmap, allowing those with little mainframe capabilities the chance to test their mainframes. His hope is that through raising awareness about mainframe security more organizations will take their risk profile seriously.

Big Endian Smalls
Chad Rikansrud, aka Big Endian Smalls, is the Director of North American Operations for RSM Partners - a world leader in IBM mainframe security consulting services. Chad is a nationally recognized security industry speaker, with appearances at: DEF CON, RSA2017, SHARE, and other regional conferences. Most of Chad's 20-year career has been in technology leadership for the financial services industry where he has held various senior leadership positions, including worldwide datacenter operations, infrastructure and recovery responsibility, as well as enterprise-wide system z storage


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 3 - Friday - 14:00 - 15:50


EXPLIoT - IoT Security Testing and Exploitation Framework

Friday from 14:00 – 15:50 in Sunset 3 at Planet Hollywood
Audience: Offense, Hardware, IoT, Pentesters

Aseem Jakhar & Murtuja Bharmal

EXPLIoT is a framework for security testing and exploiting IoT products and IoT infrastructure. Source code and documentation - https://gitlab.com/expliot_framework/expliot It provides a set of plugins (test cases) which are used to perform the assessment and can be extended easily with new ones. The name EXPLIoT (pronounced expl-aa-yo-tee) is a pun on the word exploit and explains the purpose of the framework i.e. IoT exploitation. It can be used as a standalone tool for IoT security testing and more interestingly, it provides building blocks for writing new plugins/exploits and other IoT security assessment test cases with ease. EXPLIoT supports most IoT communication protocols, hardware interfacing functionality and test cases that can be used from within the framework to quickly map and exploit an IoT product or IoT Infrastructure. It will help the security community in writing quick IoT test cases and exploits. Currently, the framework has support for analyzing and exploiting various IoT, radio and hardware protocols including BLE, CAN, DICOM, MQTT, Modbus, I2C, SPI, UART We have released a comprehensive documentation including User and Developer guide to help the security community kick start quickly and easily with the framework.

https://gitlab.com/expliot_framework/expliot

Aseem Jakhar
Aseem Jakhar is the Director, research at Payatu Software Labs https://payatu.com a security testing company specialized in IoT, Embedded, cloud, mobile security. He is the founder of null-The open security community, a registered not-for-profit organization https://null.co.in and also organizes https://nullcon.net and https://hardwear.io security conferences. He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, bayesian engine to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon, Hack.lu, Hack in Paris, Hack In The Box, PHDays and many more. He has authored various open source security software including:

- EXPLIoT - IoT Exploitation Framework
- DIVA (Damn Insecure and Vulnerable App) for Android
- Jugaad/Indroid - Linux Thread injection kit for x86 and ARM
- Dexfuzzer - Dex file format fuzzer

Murtuja Bharmal
Murtuja Bharmal is an application and network security enthusiast, having 15+ years of industry experience on the offensive as well as the defensive side of security. He is the Co-Founder and Director at Payatu Software Labs, a security testing company specialized in IoT, Embedded, cloud, mobile security. He is also the Founder of null (The Open Security Community) - http://null.co.in, nullcon (International security conference) - http://nullcon.net and hardwear.io security conference - http://hardwear.io. He has worked extensively on network and web application security assessment and served various financial organizations in India, Middle East, South East Asia, and Europe in a personal and professional capacity. He is X-IBMer and has worked on IBM-ISS (Internet Security System) product as Senior System Engineer. He started his career as a security product developer and developed a UTM (Unified Threat Management) product with features such as Firewall, IPS, VPN, and Application Proxies.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock VII - Friday - 10:00-13:59


Exploit Development for Beginners

Friday, 1000-1400 in Flamingo, Red Rock VII

Sam Bowne Proprietor, Bowne Consulting

Elizabeth Biddlecome Senior Researcher, Bowne Consulting

Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits incuding buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.

After this workshop, you will understand how memory is used by software, and why computers are so easily tricked into executing bytes as code that entered the system as data.

We will exploit 32-bit and 64-bit Intel systems, and also ARM-based systems. We will examine modern Windows defenses in detail and learn how to defeat them, including ASLR, DEP, stack cookies, and SEHOP.

Previous experience with C and assembly language is helpful but not required. Participants will need a laptop that can run VMware or VirtualBox virtual machines.

All materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.

Skill Level Intermediate

Prerequisites: Familiarity with C programming and assembly language is helpful, but not essential.

Materials: A laptop capable of running a virtual machine in VMware or VirtualBox.

Max students: 70

Registration: https://www.eventbrite.com/e/exploit-development-for-beginners-red-rock-vii-tickets-63608704347
(Opens 8-Jul-19)

Sam Bowne
Sam Bowne is the proprietor of Bowne Consulting and an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is a DEF CON Black Badge co-winner.

Elizabeth Biddlecome
Elizabeth Biddlecome is a senior researcher at Bowne Consulting, an independent consultant, and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Friday - 13:00-13:40


Speaker: Colin Estep

Twitter: @colinestep

Abstract: Identity and Access Management (IAM) in any public cloud provider can be tricky to configure appropriately. We've all seen the headlines about storage buckets being open to the public and exposing sensitive information, but what about the permissions we are giving our users and apps that run in our cloud environment? It's becoming more difficult to understand who has permissions over resources and what the implications of those permissions are as more controls proliferate across the public cloud providers.

In this talk, we will take a closer look at the Google Cloud Platform (GCP) IAM model. You'll be introduced to the relevant concepts to understand the different types of identities, IAM permissions, and scopes. We'll examine the permissions and scopes assigned to the compute engine service account created for you by default. Did you know that the default IAM policy for the compute engine service account includes the ability to impersonate other service accounts, among other things?

Most importantly, we'll learn how to leverage certain configurations of the service account to escalate privileges from a virtual machine. I will show a demo where I use a shell on a virtual machine to tear down another security control to allow data exfiltration out of the environment. By the end of the talk, you'll understand how to impersonate service accounts, conduct recon, and escalate your privileges from a virtual machine. You'll also get some ideas on how to mitigate against these attacks.

About Colin: Currently a threat researcher at Netskope focused on AWS and GCP. Colin was previously the CSO at Sift Security (acquired by Netskope), where he helped move the product towards breach detection for IaaS. He was a senior engineer on the security teams at Netflix and Apple before joining Sift. He was also a FBI Agent specializing in Cyber crime, where he spent a fair amount of time coordinating with other countries to locate and arrest malware authors and botnet operators.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 12:00-11:59


Fighting non consensual pornography the BADASS way

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock IV - Friday - 10:00-13:59


Finding Vulnerabilities at Ecosystem-Scale

Friday, 1000-1400 in Flamingo, Red Rock IV

Isaac Evans Hacker

r2c is writing and helping others write tools to exploit and eradicate entire vulnerability classes at scale. In this workshop, we'll show how to develop program analysis tools that can be depended on in analysis pipelines and quickly run at massive scale. If you've ever wondered "but surely, no programmer would upload something that does that do NPM" this is the place to be! Our command line tool for local analyzer development is freely available and publicly documented—we'll show you how to get started and invite you to collaborate with us on to build pipelines that use pre-computed intermediary representations that we already have. We'll also show how to use our collaborative triage tools with impact prioritization that can quickly allow turning these analysis results into bug-bounty submissions. No program (static/dynamic) analysis background required (though it is helpful!) Motivated developers should be able to make at least one bug bounty submission by the end of the workshop.

Skill Level Intermediate

Prerequisites: Basic programming knowledge (what is a function call?), able to run docker hello-world as user, able to write and run small programs, very comfortable with command line interfaces

Materials: Laptop with network access, OSX or Linux available (Windows ok with WSL installed)

Max students: 80

Registration: https://www.eventbrite.com/e/finding-vulnerabilities-at-ecosystem-scale-red-rock-iv-tickets-63608247982
(Opens 8-Jul-19)

Isaac Evans
Isaac Evans is the leader of a small startup working on giving security tools directly to developers. Previously, he conducted research into binary exploitation bypasses for techniques like control-flow integrity and novel hardware defenses on new architectures like RISC-V as a researcher at the US Defense Department under a SFS program and at MIT Lincoln Laboratory. Isaac received his BS/MS degrees in EECS from MIT. Other interests include next-generation programming languages, secure-by-design frameworks, software-defined radio, and the intersection of cryptography and public policy.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 4 - Friday - 12:00 - 13:50


Flatline

Friday from 12:00 – 13:50 in Sunset 4 at Planet Hollywood
Audience: Hardware and OpSec.

East

Flatline is a deterministic hardware credential manager. It can generate passwords, burner accounts, shortlinks, and BIP39 seeds. Based on a single mnemonic seed, with Flatline it is possible to store millions of dollars in cryptocurrency, and shortlinks that map to sensitive or stolen data. Store a criminal empire in your head, maintain a map of leaked documents that are hosted on the internet while storing nothing on your local disk, or maintain access to your assets when your house burns down and you have to flee to eastern Europe.

https://gitlab.com/e4st/flatline

East
East is a professional megalomaniac and dedicated troll. He lives in an underground bunker on an island in the south Pacific, where he spends his days eating Doritos, playing Counter Strike, and plotting world domination. When he is not busy destabilizing foreign governments, his hobbies include trolling phone scammers, hang gliding, and golf.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Apex Suite - Friday - 21:00-25:59


Title:
Florida Man Party

Florida Man Party

Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Friday - 13:30-14:20


Forcing a trustworthy notion of sequential time

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Santa Monica 4 Room - Friday - 12:00-12:59


Title:
Friends of Bill W.

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is SANTA MONICA 4 in Planet Hollywood.
Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Santa Monica 4 Room - Friday - 17:00-17:59


Title:
Friends of Bill W.

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is SANTA MONICA 4 in Planet Hollywood.
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 11:00-11:45


11:00 AM: From buffer overflowing genomics tools to securing biomedical file formats
Speaker: Corey M. Hudson

Abstract: In this presentation we describe a previously unreported buffer overflow vulnerability in popular genomics alignment software package BWA. We will show how this exploit, combined with well-known attacks allows an attacker to access and modify patient data and manipulate genomic tests. We then show how this class of attacks constitutes a wider threat to global biomedical infrastructure and what a newly-formed team from Sandia National Labs, BioBright (private sector) & DARPA are doing about it.

Speaker Bio: Corey Hudson is a computational biologist at Sandia National Laboratories. Corey leads teams in cybersecurity, machine learning, synthbio and genomics. His main work is modeling and simulating cybersecurity risks in realistic and large-scale genomic systems and highly automated synthbio facilities.

T: @coreymhudson

Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 16:30-16:59


LIVE TOOL DEMO

Generating Personalized Wordlists by Analyzing Target's Tweets

1630 - 1700


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 10:00-09:59


Giving Cops the Finger: Compelled Device Decryption and the Fifth Amendment

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 5 - Friday - 10:00 - 11:50


Hachi: An Intelligent threat mapper

Friday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood
Audience: Defense, Malware, Threat Intelligence

Parmanand Mishra

ATT&CK framework has become a benchmark in the security domain. ATT&CK provides data about each technique used across different attack stages. Hachi was created to contribute to the ATT&CK community. Hachi is based on the radare2 framework and uses data provided by ATT&CK to map the symptoms of malware on ATT&CK matrix.

Following modules of Hachi make this tool a great addition to an analyst’s or company’s armaments:

• Threat Intel: Hachi provides threat intelligence data like a possible parent campaign or author of a malware file.
• Malware behavior: It uncovers core malware behaviors using automated static analysis coupled with symbolic execution to explore multiple execution paths and maps it on ATT&CK matrix.
• RESTful API: Hachi provides RESTful API which enables this tool to seamlessly integration with malware processing frameworks.
• Visualization: It allows for the creation of detailed visual reports.
• Integration with Threat Intel feeds: It can be integrated with different threat intelligence feeds for enhanced security or expanded insights.

The primary aim of this tool is to act as a force multiplier for the InfoSec community and aid the analysis of malware.

https://github.com/Kart1keya/Hachi

Parmanand Mishra
Parmanand Mishra is a security enthusiast who is currently working as Senior Malware Researcher at Qualys Inc. He works on malware analysis and adversary simulation based on ATT&CK and loves creating tools on the same. He has spoken at security conferences like c0c0n and goes by Kart1keya on GitHub.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 15:40-16:30


COMPREHENSIVE TALK

Hack the Planet! Hackers Influencing Positive Change

1540 - 1630


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Mezzanine Stage - Friday - 20:00-21:59


Title:
Hacker Jeopardy

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Concorde C Ballroom - Friday - 19:30-25:59


Title:
Hacker Karaoke

Two great things that go great together! Join the fun as your fellow hackers make their way through songs from every era and style. Everyone has a voice and this is your opportunity to show it off! Quickly becoming a DEF CON tradition and a favorite of people from all skill levels.

Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Paris - Le Bar Du Sport Bar - Friday - 18:30-17:59


Title:
Hackers Against Brexit

Hi everyone.
We will once again be meeting for drinks at DEFCON. Everyone is welcome (yes, even if you voted for Brexit :D ). Details as follows:
Time: 6:30PM Date: Fri. 9th Aug Location: Le Bar Du Sport @ Paris Casino.

Mon Ami Gabi is right next door as well if you fancy grabbing a bite to eat before/after/during the meetup.

Safe travels to everyone joining us.
Oh and p.s. we will have badges this year, they will be going on a first come first served basis at 15/$20 each :-).
Forum

Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 10:00-10:45


Hacking Congress: The Enemy Of My Enemy Is My Friend

Friday at 10:00 in Track 2
45 minutes

Former Rep. Jane Harman President, The Wilson Center, Former Rep. (D-CA), aka Surfer Jane

Rep. James Langevin (D-RI)

Jen Ellis Director of Public Affairs, Rapid 7

Cris Thomas Director, X-Force Red Team, IBM, aka Space Rogue

Rep. Ted Lieu (D-CA)

A SIMULATED crisis is unfolding on a national scale, based loosely on the NotPetya attack of 2017. Triggered by a yet-unknown adversary, what started as a an isolated technical issue has quickly escalated into a society-wide event affecting millions of citizens, several industries, and spanning government jurisdictions. Who is in charge, how do they cooperate with others, and how do they make decisions? The Wilson Center, Hewlett Foundation and I Am The Calvary are teaming up to bring public policymakers together with security researchers and others to discover how our nation might respond to a wide-scale “cyber crisis”. Work in tandem with sitting Members of Congress to understand what levers of power Congress yields and how Members can address policy gaps in the future.

Former Rep. Jane Harman
The Hon. Jane Harman is President of the Wilson Center, a think tank in Washington, DC. She is a former nine-term Member of Congress who served on all the major security committees and represented an aerospace and technology hub in Southern California.

Twitter: @thewilsoncenter
Website: https://www.wilsoncenter.org/person/jane-harman

Rep. James Langevin
The Hon. Jim Langevin represents Rhode Island’s 2nd Congressional district. He is Ranking Member of the Emerging Threats and Capabilities Subcommittee and a senior member of the Cybersecurity and Infrastructure Protection Subcommittee. Rep. Langevin is a member of the House Minority Whip Steny Hoyer’s Senior Whip Team, and is responsible for educating other Democratic Members on key issues.

Twitter: @jimlangevin
Website: https://langevin.house.gov/about-me/full-biography

Jen Ellis
Jen Ellis is the Vice Preident of Community and Public Affairs at Rapid7. She works directly with security researchers, technology providers and operators, and government entities to help them understand and address cybersecurity challenges together.

Twitter: @infosecjen
Website: https://blog.rapid7.com/author/jen-ellis/

Cris Thomas
Cris Thomas works for IBM X-Force Red, and before that worked at Guardent, Trustwave, Tenable and others. Cris created the first security research think tank L0pht Heavy Industries and the video news show The Hacker News Network.

Twitter: @spacerog
Website: https://securityintelligence.com/author/cris-thomas/


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Friday - 12:00-12:25


Hacking Cryptocurrencies

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock V - Friday - 10:00-13:59


Hacking ICS: From Open Source Tools to Custom Scripts

Friday, 1000-1400 in Flamingo, Red Rock V

Valerie Thomas Technical Lead, Securicon

Harry Regan Technical Lead, Securicon

Harry Thomas Technical Lead, Securicon

Recently, Industrial Control System (ICS) attacks have gained popularity in the media. However there are many misconceptions on what exactly ICS systems are and how they function. Although there are similarities to IT systems, there are a multitude of differences that an attacker needs to understand in order to properly assess this type of equipment. In this course, students will be introduced to what ICS is and isn't in terms of technology and functionality. Protocols such as Ethernet/IP, Modbus, and DNP3 will be discussed and illustrated in order for students to have a foundation to build their arsenal. Students will then explore openly available open source tools and examine the functionality of the protocols. After dissection of protocol commands and activities, the students will be led to create their own custom scripts that interact with ICS devices in the classroom.

Skill Level Beginner

Prerequisites: An understanding of basic networking concepts.

Materials: For those who want to participate in the hands-on portion of the workshop, a laptop with Kali Linux installed on the host or as a virtual machine.

Max students: 50

Registration: https://www.eventbrite.com/e/hacking-ics-from-open-source-tools-to-custom-scripts-red-rock-v-tickets-63608296126
(Opens 8-Jul-19)

Valerie Thomas
Valerie Thomas is the Technical Director and utilizes her Electrical Engineering education and security consulting background to incorporate a variety of evaluation techniques specific to ICS.

Harry Regan
Harry Regan serves as the Vice President of Consulting Services and has over 40 years of experience in IT and ICS security environments.

Harry Thomas
Harry Thomas is the Lead ICS Security Consultant and performs risk, vulnerability, and penetration tests and assessments for a multitude of ICS organizations. He's developed countless IT and ICS indicators of compromise to help protect the ICS industries against threats. He utilized both offensive and defensive skills to create, design, and implement safe ICS security practices.


Return to Index    -    Add to    -    ics Calendar file

 

PHVW - Bally's - Indigo Tower - 26th Floor - Friday - 14:30-16:30


Hacking Kubernetes - Choose Your Own Adventure Style

Jay Beale, CTO of InGuardians

Kubernetes continues to gain steam, as developers build microservice-based applications and everyone moves to the software-defined data center. A small minority of our Infosec industry has experience attacking container orchestration systems like Kubernetes.  We aim to address that shortage, culminating in an audience-directed Choose Your Own Adventure, "Hackers" movie-themed demo. In this demo-heavy talk, we will show you how to attack Kubernetes clusters and discuss what hardening techniques and freely available tools can break those attacks.  We'll review the components of a Kubernetes cluster, then show how a threat actor can chain configuration vulnerabilities to pivot and escalate privilege, pilfer data and take over clusters and the cloud environments on which they run. To be clear, you'll see multiple attacks against real clusters from start to finish.  You will also gain exposure to a new open source tool attack tool for Kubernetes called Peirates, available on Github. You will leave this talk with exposure to attacks against clusters that organizations have built themselves, as well as clusters provided by the major cloud providers, like AWS, Azure and GCP. You will be able to repeat specific attacks and know what defenses can break those attacks.

Jay Beale (Twitter: @jaybeale) works on Kubernetes and cloud native security, as a professional threat actor, a Kubernetes Contributor and as a member of the Kubernetes Security Audit working group. He's the architect and a developer on the Peirates attack tool for Kubernetes. In the past, Jay created two tools used by hundreds of thousands of individuals, companies and governments, Bastille Linux and the Center for Internet Security's first Linux/UNIX scoring tool. He has led training classes on Linux security and Kuberntes at the Black Hat, CanSecWest, RSA, and IDG conferences, as well as in private corporate training, since 2000. As an author, series editor and speaker, Jay has contributed to nine books and two columns and given over one hundred public talks. He is CTO of the information security consulting company InGuardians.


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 11:00-11:59


Hacking Kubernetes: Choose Your Own Adventure Style

Jay Beale, CTO of InGuardians

Many companies have deployed Kubernetes, but few infosec folks have experience attacking it. We aim to address that shortage, culminating in an audience-directed Choose Your Own Adventure, movie-themed demo against an intentionally-vulnerable cluster named Bust-a-Kube. You'll see how to attack Kubernetes clusters and learn what hardening techniques and freely available tools can break those attacks. We'll review the components of a Kubernetes cluster, then show how a threat actor can chain configuration vulnerabilities to pivot and escalate privilege, pilfer data and take over clusters. You will also gain exposure to a new open source Kubernetes attack tool called Peirates.

Jay Beale (Twitter: @jaybeale) works on Kubernetes and cloud native security, as a professional threat actor, a Kubernetes Contributor and as a member of the Kubernetes Security Audit working group. He's the architect and a developer on the Peirates attack tool for Kubernetes. In the past, Jay created two tools used by hundreds of thousands of individuals, companies and governments, Bastille Linux and the Center for Internet Security's first Linux/UNIX scoring tool. He has led training classes on Linux security and Kuberntes at the Black Hat, CanSecWest, RSA, and IDG conferences, as well as in private corporate training, since 2000. As an author, series editor and speaker, Jay has contributed to nine books and two columns and given over one hundred public talks. He is CTO of the information security consulting company InGuardians.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Friday - 14:00-14:30


Hacking the Air Force and Beyond: Engaging Hackers to Secure the U.S Department of Defense

Speaker – Jack

Synopsis

Two years ago, the U.S Air Force opened its doors to hackers with the launch of the Hack the Air Force challenge. Since then, the Air Force has run numerous other bug bounty challenges, ranging from logistics sites to custom hardware and engaging thousands of hackers along the way. Clearly, organizations have much to gain from working with hackers. In this talk, I will share my experiences both helping secure some of the world’s largest organizations as a hacker, and expanding vulnerability disclosure policies at diverse organizations including DoD and Stanford. Learn industry standards for structuring these policies to minimize risk to the organization while protecting hackers by providing a safe avenue to report vulnerabilities.

About the Speaker

Jack Cable is a coder turned white hat hacker and a rising sophomore at Stanford University. Jack is a top ranked hacker on the HackerOne bug bounty platform, having identified over 350 vulnerabilities in companies including Google, Facebook, Uber, Yahoo, and the U.S. Department of Defense. After placing first in the Hack the Air Force challenge, Jack began working this past summer at the Pentagon’s Defense Digital Service. There, Jack helped organize the Hack the Marine Corps competition held live in Las Vegas and advises policymakers on vulnerability disclosure. Jack was named one of Time Magazine’s 25 most influential teens for 2018. At Stanford, Jack studies computer science and launched Stanford’s bug bounty program, one of the first in higher education.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 16:15-16:59


4:15 PM: Hacking Wetware with Open Source Software and Hardware: The DIY Artificial Pancreas
Speaker: Jay Lagorio

Abstract: Managing diabetes revolves around stagnated tech from the 80s and 90s. Hackers took their lives into their hands by augmenting inadequate products after market. Building iterations of a DIY artificial pancreas and real-life examples of will be discussed and at least one will be working on the presenter. Replacing human intervention with technology betters quality of life. See what happens when hackers decide theyre not waiting around for government and the MedTech industry to do better.

Speaker Bio: Jay Lagorio, a software engineer and independent security researcher, has been building computers and networks and writing code nearly his entire life. He received a B.S. in Computer Science from UMBC in 2008 and an M. Eng. from the Naval Postgraduate School in 2015.

T: @jaylagorio

Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 13:00-13:45


HackPac: Hacking Pointer Authentication in iOS User Space

Friday at 13:00 in Track 1
45 minutes | Demo, Tool, Exploit

Xiaolong Bai

Min (Spark) Zheng

Pointer Authentication (in short, PAuth) is the latest security mechanism in iOS. It is proposed to protect the integrity of pointers with hardware-assisted encryption, thus eliminating the threats of code-reuse attacks. In PAuth, a cryptographic signature called PAC is calculated from a pointer value and inserted into the pointer. When the pointer is about to be used, the PAC is extracted and verified whether it is consistent with the original pointer value. In this way, PAuth is able to ensure that the pointers are not tampered. iOS deployed PAuth in user-space system services, protecting pointers that may affect the control flow and preventing code-reuse attacks like ROP and JOP.

However, in our study, we found that a fatal flaw in the implementation of iOS PAuth makes user-space system services till vulnerable to code-reuse attacks. The flaw is: iOS uses the same signing key in different user-space processes. This flaw allows a signed pointer from a malicious process can be correctly verified in a system service, thus making it possible to launch JOP. In this talk, we will explain how we found the flaw and why it is inevitable. In advance, we will demonstrate how to leverage this flaw and launch JOP attacks in a PAuth-protected system service. Also, we will propose a new tool, PAC-gadget, to automatically find JOP gadgets in PAuth-protected binaries.

Xiaolong Bai
Xiaolong Bai (twitter@bxl1989, github@bxl1989) is a security engineer in Alibaba Orion Security Lab. Before joining Alibaba, he received his Ph.D. degree in Tsinghua University. He has published several research papers on top conferences including IEEE S&P, Usenix Security, CCS, NDSS, and presented his research in Black Hat, DEF CON, HITB, CanSecWest, etc. He has been acknowledged by famous vendors, including Apple, Google, Facebook, Evernote, and Tencent for his contribution in discovering the vulnerabilities in their systems and improving the security of their products. He is a member of the OverSky team for private jailbreaking development.

Twitter: @bxl1989
Website: https://xiaolongbai.weebly.com/
Github: https://github.com/bxl1989/

Min (Spark) Zheng
Min (Spark) Zheng (twitter@SparkZheng, github@zhengmin1989) is a security expert in Alibaba Orion Security Lab. He received his Ph.D. degree in the CSE department of the CUHK. His research focuses on malware analysis, smartphone (Android & iOS) security, system design and implementation. Before receiving Alibaba A-Star offer award in 2015, he worked in FireEye, Baidu and Tencent. He was the champion of GeekPwn 2014 and AliCTF 2015. He won the “best security researcher” award in FIT 2016 for detecting the iOS/macOS vulnerabilities, XcodeGhost virus and WormHole RCE vulnerability. He is a member of the OverSky team for private jailbreaking development. He presented his research in DEF CON, HITB, BlackHat, RUXCON, etc.

Twitter: @SparkZheng


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock VI - Friday - 10:00-13:59


Hands on Adversarial Machine Learning

Friday, 1000-1400 in Flamingo, Red Rock VI

Yacin Nadji Engineer, Security Scorecard

Machine learning has become commonplace in software engineering and will continue to grow in importance. Currently, most work focuses on improving classifier accuracy. However, as more and more models interact with the real world, practitioners must consider how resilient their models are against adversarial manipulation. Successful attacks can have serious implications, like crashing a car, misclassifying malicious code, or enabling fraud.

In this workshop, you will learn how to think like an adversary so that you can build more resilient machine learning systems. You'll discover how to use free and open source tools to construct attacks against and defenses for machine learning models, as well as how to holistically identify potential points of attack an adversary could exploit. You'll leave able to critically examine a machine learning system for weaknesses, mount attacks to surface problems, and implement and evaluate practical defenses.

Skill Level Intermediate

Prerequisites: Familiarity with Python (or similar programming language) and basic Machine Learning. For the latter, students that have preprocessed data and trained & evaluated a model will be in good shape to tackle the material.

Materials: Laptop capable of running Docker or Jupyter notebooks.

Max students: 70

Registration: https://www.eventbrite.com/e/hands-on-adversarial-machine-learning-red-rock-vi-tickets-63608585993
(Opens 8-Jul-19)

Yacin Nadji
Yacin Nadji is an engineer at Security Scorecard where he applies machine learning to identify companies' infrastructure and understand their security risk. He received his Ph.D. from the School of Computer Science at Georgia Institute of Technology with a focus in Computer Security. He has published 20 academic papers with hundreds of citations, many focused on applying ML to solve security problems.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 14:00-14:45


Harnessing Weapons of Mac Destruction

Friday at 14:00 in Track 1
45 minutes | Demo, Exploit

Patrick Wardle Chief Research Officer, Digita Security

Whenever a new Mac malware specimen is uncovered, it provides a unique insight into the offensive Mac capabilities of hackers or nation-state adversaries. Better yet, such discoveries provide fully-functional capabilities that may be weaponized for our own surreptitious purposes! I mean, life is short, why write your own?

We'll begin this talk by discussing the methodology of subverting existing malware for "personal use", highlighting both the challenges and benefits of such an approach.

Next, we'll walk-thru the weaponization of various Mac malware specimens, including an interactive backdoor, a file-exfiltration implant, ransomware, and yes, even adware. Customizations include various runtime binary modifications that will coerce such malware to accept tasking from our own C&C servers, and/or automatically perform actions on our behalf.

Of course, in their pristine state, such samples are currently detected by AV products. As such we'll also walk-thru subtle modifications that will ensure our modified tools remains undetected by traditional detection approaches.

In conclusion, we'll highlight novel heuristic methods that can generically detect such threats to ensure Mac users remain protected even from such weaponized threats.

Patrick Wardle
Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

http://twitch.com/patrickwardle


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 14:00-14:45


How Deep Learning Is Revolutionizing Side-Channel Cryptanalysis

Friday at 14:00 in Track 3
45 minutes | Demo, Tool

Elie Bursztein Google

Jean Michel Picod Google

This talk explores how AI is revolutionizing hardware side-channel attacks and what this new wave of attacks mean for the future of hardware cryptography. Based on the lessons learned while successfully attacking many hardware AES implementations using deep-learning this talk discuss why those attacks are fundamentally more efficient and details how to conduct then in practice.

Elie Bursztein
Elie Bursztein leads Google' security & anti-abuse research team. He has authored over fifty research papers in the field for which he was awarded 6 best papers awards and multiple industry distinctions including the Black Hat pwnie award. Born in Paris, he received a Ph.D from ENS-cachan in 2008 before working at Stanford University and ultimately joining Google in 2011.

Twitter @elie
Website: https://elie.net

Jean Michel Picod
Jean-Michel Picod is currently working at Google Switzerland. He holds an engineering degree in computer systems, networks and security. He has contributed on several open source projects (GoodFET, pynids, etc.) and published several open source tools such as DPAPIck, OWADE, scapy-radio, forensic scripts,

Twitter: @jmichel_p
Website: https://www.j-michel.org/


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 17:00-16:59


How PKI and SHAKEN/STIR Will Fix the Global Robocall Problem

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 11:45-12:30


11:45 AM: How to Get Your Ass Kicked and Like It; Experiential Learning Through Gamification
Speaker: Corey M. Hudson

Abstract: The paradigm shift for cybersecurity crisis response training is here. If you want to prepare for a security breach, tabletop exercises and unpracticed runbooks arent enough. Organizations can now prepare for a worst day with an intense, immersive experience that builds your teams critical cybersecurity and leadership skills in a realistic and gamified environment. An organizations response and actions, or the lack thereof, can have a decisive impact on the end state or the aftermath.

Speaker Bio: JC is a proven executive, visionary, and story teller with 30+ years of security leadership experience. He served in multiple leadership and advisory roles and possesses extensive experience in building strategic cyber programs at the National level ISO missions in the most hostile environments.

T: @teamvega

Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 14:30-14:59


Hunting Certificates and Servers

Sam Erb

From Shodan to Certificate Transparency, it is easier than ever to use TLS certificates for DNS hostname reconnaissance. However, these sources of data are either not free, infrequently updated or are not linked to a server IP address. This talk will survey existing resources & release a new, free service for finding TLS certificates in the IPv4 space!

Sam Erb (Twitter: @erbbysam) is a 2x black badge winner with Co9 in the Badge Challenge and is working to make the Internet a safer place.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 13:00-13:45


HVACking: Understand the Difference Between Security and Reality!

Friday at 13:00 in Track 2
45 minutes | Demo

Douglas McKee Senior Security Researcher, McAfee Advanced Threat Research

Mark Bereza Security Researcher, McAfee Advanced Threat Research

Like most modern devices, building controllers have increasingly become network connected, exposing them to a wider range of threats. If malicious actors could manipulate access control systems, boiler rooms, or temperature control for critical industrial systems, the potential for catastrophic damage is extreme.

McAfee's ATR team has discovered a 0-day vulnerability in a major building controller. This controller is a fully programmable native BACnet™ device designed to manage a wide range of building systems. By modifying BACnet broadcast traffic, a buffer overflow can be leveraged into a write-what-where (WWW) condition. This WWW leads to execution control, providing the attacker with a root shell and complete control over the device remotely. Because this attack vector is through BACnet broadcast traffic, there is no authentication mechanism for the target device, allowing anyone on the same network to communicate with it directly and exploit the vulnerability without authentication. Currently, there are over 500 of these devices connected to the internet running in BACnet/IP Broadcast Management Device (BBMD) mode. Utilizing this mode, broadcast traffic can travel over the internet, increasing the potentially devastating impact of this vulnerability.

This presentation will include a deep technical analysis of the vulnerability discovery process and demos illustrating an attack in a critical scenario. Finally, we will discuss the steps taken by the vendor to patch this vulnerability and demonstrate its effectiveness.

Douglas McKee
Douglas McKee is a senior security researcher for the McAfee Advanced Threat Research team, focused on finding new vulnerabilities in both software and hardware. Douglas has an extensive background in penetration testing, reverse engineering, malware analysis and forensics and throughout his career has provided software exploitation training to many audiences, including law enforcement. Douglas recently presented his research focused on hacking medical devices at DEF CON 26.

Twitter: @fulmetalpackets

Mark Bereza
Mark Bereza is a security researcher and new addition to McAfee's Advanced Threat Research team. A recent alumnus of Oregon State's CS systems program, Mark's work has focused primarily on vulnerability discovery and exploit development for embedded systems.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 16:00-16:30


I Know What You Did Last Summer: 3 Years of Wireless Monitoring at DEF CON

Friday at 16:00 in Track 2
20 minutes | Demo, Tool

d4rkm4tter (Mike Spicer) Hacker

For the past 3 years d4rkm4tter has been obsessed with monitoring the wireless networks at DEF CON. This talk will take you on a journey through the successes and failures that lead to the creation of the WiFiCactus and the over 1 TB of data captured. A history of each capture project including a summary of the most interesting pieces of data will be shown.

Many people spread a lot of fear, uncertainty and doubt about the wireless environments during DEF CON. This presentation aims to bring some clarity to what is really happening in the airwaves during one of the largest hacker conferences in the world. This will include presenting data on the attacks and sensitive information that exists in the airwaves. This presentation will demonstrate the risks of using wireless networks and information leaks that can be captured by anyone who is passively listening. Countermeasures and protection strategies will be provided to help you avoid having your data captured by those who might be listening.

With the number of connected devices around us, there has never been a better time to start wardriving or warwalking. Everyone is capable of profiling wireless data around them thanks to cheap hardware and open source tools. As hackers it is important for us to discover issues and vulnerabilities while validating claims of security by software and hardware vendors. Monitoring wireless communication is a great way to start validating those claims. All of the hardware and methods used will be provided so that anyone can do this type of monitoring on their own. Hack the Planet!

d4rkm4tter (Mike Spicer)
d4rkm4tter is a mad scientist hacker who likes to meddle with hardware and software. He is particularly obsessed with wireless. He has a degree in computer science from Southern Utah University which he has put to use building and breaking a wide array of systems. These include web application pentesting, wireless monitoring and tracking as well as good old fashioned reverse engineering. He is the creator of the #WiFiCactus and has been seen presenting Demolabs at DEF CON and DEF CON China Beta. He is a Kismet cultist and active in the wireless and wardriving communities.

Twitter: @d4rkm4tter
Website: palshack.org


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Friday - 16:30-16:59


ICS Village Community Engagement Shark Tank

August 9, 2019 4:30 PM

Coming soon!

Speaker Information

Panelist Information

Bryson Bort

SCYTHE

Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute Fellow and an Advisor to the Army Cyber Institute. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. ‍ Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 11:00-10:59


Implementing a Zero Knowledge Proof or, How to Write Bulletproofs in Rust

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 12:00-12:45


Infiltrating Corporate Intranet Like NSA ̶Pre-auth RCE on Leading SSL VPNs

Friday at 12:00 in Track 3
45 minutes | Demo, Exploit

Orange Tsai
Principal Security Researcher from DEVCORE
Member of HITCON(Hacks in Taiwan Conference)
Member of CHROOT Security Group
Captain of HITCON CTF team

Meh Chang Security Researcher from DEVCORE Member of HITCON CTF team

Computer security is now a public policy issue. Election security, blockchain, "going dark," the vulnerabilities equities debate, IoT safety , data privacy, algorithmic security and fairness, critical infrastructure: these are all important public policy issues with a strong Internet security component. But while an understanding of the technology involved is fundamental to crafting good policy, there is little involvement of technologists in policy discussions. This is not sustainable. We need public-interest technologists: people from our fields helping craft policy, and working to provide security to agencies and groups working in the broader public interest. We need these people in government, at NGOs, teaching at universities, as part of the press, and inside private companies. This is increasingly critical to both public safety and overall social welfare. This talk both describes the current state of public-interest technology, and offers a way forward for us individually and collectively for our field. The defining policy question of the Internet age is this: How much of our lives should be governed by technology, and under what terms? We need to be involved in that debate.SSL VPNs protect corporate assets from Internet exposure, but what if SSL VPNs themselves are vulnerable? They’re exposed to the Internet, trusted to reliably guard the only way to intranet. However, we found pre-auth RCEs on multiple leading SSL VPNs, used by nearly half of the Fortune 500 companies and many government organizations. To make things worse, a “magic” backdoor was found to allow changing any user’s password with no credentials required! To show how bad things can go, we will demonstrate gaining root shell from the only exposed HTTPS port, covertly weaponizing the server against their owner, and abusing a hidden feature to take over all VPN clients!

In such complicated closed-source systems, gaining root shell from outside the box certainly ain’t easy. It takes advanced web and binary exploitation techniques to struggle for a way to root shell, which involves abusing defects in web architectures, hard-core Apache jemalloc exploitation and more. We will cover every detail of all the dirty tricks, crazy bug chains, and the built-in backdoor. After gaining root shell into the box, we then elaborate on post exploitation and how we hack back the clients. In addition, we will share the attack vectors against SSL VPNs to kick start researches on similar targets. On the other hand, from our previous experience, we derive general hardening actions that mitigate not only all the above attacks, but any other potential 0days.

In summary, we disclose practical attacks capable of compromising millions of targets, including tech giants and many industry leaders. These techniques and methodologies are published in the hope that it can inspire more security researchers to think out-of-the-box; enterprises can apply immediate mitigation, and realize that SSL VPN is not merely Virtual Private Network, but also a “Vulnerable Point of your Network”.

Orange Tsai
Cheng-Da Tsai, also as known as Orange Tsai, is the principal security research of DEVCORE and the member of CHROOT security group from Taiwan. He has spoken at conferences such as Black Hat USA/ASIA, DEF CON, HITCON, HITB, Hack.lu and CODEBLUE. He participates in numerous Capture-the-Flags (CTF), and also the team captain of HITCON, which won 2nd place in DEF CON 22/25. Currently, he is focusing on application security and 0day research. Orange enjoys finding vulnerabilities and participating in Bug Bounty Programs. He is enthusiastic about Remote Code Execution (RCE), and uncovered RCEs in several vendors, such as Facebook, Uber, Apple, GitHub, Amazon, Yahoo, Netflix and Imgur.

Twitter: @orange_8361
Website: http://blog.orange.tw/

Meh Chang
Tingyi Chang, also known as Meh Chang, is a security researcher at DEVCORE. She focuses on binary program analysis and exploitation. She is a member of HITCON and 217 CTF team and has won the second place of DEF CON 25.

Twitter: @mehqq_


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Friday - 16:00-16:59


Injections Without Borders: An anatomy of Serverless Event Injections

No description available


Return to Index    -    Add to    -    ics Calendar file

 

PHVW - Bally's - Indigo Tower - 26th Floor - Friday - 16:45-18:45


Intel-driven Hunts for Nation-state Activity Using Elastic SIEM

Sean Donnelly, CEO, Resolvn, Inc.
Peter Hay, Director of Strategy and Innovation, Resolvn, Inc.

Hunting for advanced threats can be a daunting task for network defenders. In this workshop we’ll demystify threat hunting by guiding attendees through the development and execution of network traffic and host analysis workflows. Using a six-stage model, attendees will leverage threat intelligence to plan and conduct 20 small hunts, configuring and tuning their defensive tool-suite along the way. The use of IOC-based, tool-based, and TTP-based detection methods will ultimately lead to the discovery of nation-state activity on a complex, near-to-spec enterprise network.

Sean Donnelly (Twitter: @resolvn) is the CEO of Resolvn, Sean is a passionate cybersecurity researcher with extensive experience in the industry. As an active-duty U.S. Navy Cryptologic Warfare Officer, Sean worked for the National Security Agency (NSA) before becoming the Technical Director of the Navy Blue Team (NBT). Sean has developed internal tools for threat detection, such as the NBT’s Blue P.E.A.R and Expanse’s ETHIR, trained countless service members on detection techniques, and led critical security operations around the world. He holds CISSP, GPEN, and OSCP certifications along with a B.S. and M.S. from the United States Naval Academy and Boston University, respectively.

Peter Hay (Twitter: @ResolvnPete) is Resolvn’s director of strategy and innovation, Pete has an extensive and diverse background in technology driven fields including Computer Network Operations (CNO), Network Forensics, and Nuclear Chemistry. From his Navy service in leading a quick-response team of NSA cryptologists and developers who designed solutions to some of the agency’s most vital problems, to delivering multi-domain cyber security training to thousands of students world-wide, or applying for cyber security patents in the U.S. and Europe, Pete continues to stretch the edges of technology, its use, and application.


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Friday - 17:30-18:30


Introduction and Application of Covert Channels

Red Teams must operate under the radar, and one way to achieve that, or delay discovery of a communication method, is by using covert channels. In this talk, Aaron will quickly touch on the history and science behind covert channels, before diving into how they can be used to conceal active C2 channels. This talk will also cover a walkthrough of a stealthy ICMP covert channel, and general methodology of developing new covert channels for other protocols or communication mediums.
About Aaron "dyn" Grattafiori: Aaron "dyn" Grattafiori leads the Red Team at Facebook, where he focuses on offensive security, vulnerability research, adversary simulation, and performing bold full scope operations. Aaron has spoken at national security conferences such as Black Hat and DEFCON as well as regional conferences such as Toorcon and SOURCE. This will be Aaron's 16th DEFCON. Twitter: @dyn___


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock V - Friday - 14:30-18:30


Introduction to Reverse Engineering With Ghidra

Friday, 1430-1830 in Flamingo, Red Rock V

Wesley McGrew Hacker

Tyler Holland Operator-Analyst, HORNE Cyber

The open-source release of the NSA's Ghidra disassembler gives software reverse engineers a free option for high-capability interactive analysis of binary code. Many software reverse engineering (SRE) practitioners have been spending time since the release learning about Ghidra and bringing it into their workflow. It also gives those new to SRE a toolset to learn with that is not restricted by commercial license costs or "demo" limitations.

The purpose of this workshop is to teach beginners, with no prior experience in software reverse engineering, about the analysis of software in the Ghidra disassembler. We'll cover the following major topics, with high degree of interaction between the instructors and students:

- Defining software reverse engineering terms
- Setting up an environment for Ghidra
- Ghidra configuration and usage
- Linking and Loading
- Data types
- C data types and constructs in assembly
- Simple anti-RE tricks and how to analyze them
- Methodology for approaching unknown programs (prioritization, analysis)
- Analysis exercise with a malware sample

Skill Level Beginner

Prerequisites: Students should have experience with at least one high-level programming language. C is preferred, but experience with any other language should provide you with the experience necessary to at least read C code. You will not be required to *write* code. No prior software reverse engineering experience is required.

Materials: Students that wish to "follow along" in Ghidra and participate in hands-on exercises should bring a laptop. Laptops should be running a 64-bit operating system (macOS, Windows, or Linux), and have at least 4GB RAM (more preferred, especially if you're using virtual machines). Before the workshop, please download and install OpenJDK and Ghidra as described in the instructions at https://ghidra-sre.org/ . We can troubleshoot installation problems in-class, but don't count on reliable/fast network access, so try to get it set up ahead of time.

We will be analyzing *live malware* provided to you on USB. You will need to have administrative capability on your laptop in order to disable or set exclusions on your AV software. While we will not be intentionally executing code (this course is limited to static analysis), you are expected to take whatever measures necessary to protect yourself, to include: bringing a "burner" laptop, having backups, virtualization, and/or common sense.

If you do not bring a laptop, you can still get some good exposure to reverse engineering with Ghidra! I'll be working in Ghidra most of the time on the projector, and you may coordinate with another student to collaboratively discuss what you're looking at on a shared laptop.

Max students: 50

Registration: https://www.eventbrite.com/e/introduction-to-reverse-engineering-with-ghidra-red-rock-v-tickets-63609250982
(Opens 8-Jul-19)

Wesley McGrew
As Director of Cyber Operations at HORNE Cyber, Wesley McGrew oversees and participates in offense-oriented services for clients in many areas, including finance, healthcare, manufacturing, and national critical infrastructure. He has presented on topics of penetration testing and and malware analysis at DEF CON and Black Hat USA. He teaches a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.

Tyler Holland
Tyler Holland is an Operative-Analyst at HORNE Cyber, where he conducts penetration testing, red teaming, and application security engagements. Tyler is an expert in reverse engineering malicious software in support of incident handling engagements.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock IV - Friday - 14:30-18:30


Introduction to Sandbox Evasion and AMSI Bypasses

Friday, 1430-1830 in Flamingo, Red Rock IV

Anthony Rose Co-founder, Blockchain Security

Jacob "Hubble" Krasnov Co-founder, Blockchain Security

Vincent "Halycon" Rose Software Engineer

Microsoft is constantly adapting their security to counter new threats. Specifically, the introduction of the Microsoft Antimalware Scripting Interface (AMSI) and its integration with Windows Defender has significantly raised the bar. In this hands-on class, we will learn the methodology behind obfuscating malware and avoiding detection. Students will explore the inner workings of Windows Defender and learn to employ AMSI bypass techniques and obfuscate malware using Visual Basic (VB) and Powershell. Then identify and evade sandbox environments to ensure the payloads are masked when arriving at the intended target. The final capstone will be tying all the concepts together.

In this workshop we will:

1. Introduce AMSI and explain its importance
2. Learn to analyze malware scripts before and after execution
3. Understand how obfuscate code to avoid AMSI and Windows Defender
4. Detect and avoid sandbox environments

Skill Level Beginner

Prerequisites: None

Materials: Students will need a laptop with VMWare or Virtualbox (installed and working).

Max students: 80

Registration: https://www.eventbrite.com/e/introduction-to-sandbox-evasion-and-amsi-bypasses-red-rock-iv-tickets-63609241955
(Opens 8-Jul-19)

Anthony Rose
Anthony 'C01_' Rose, CISSP, is the Co-founder of BC Security and Lead Pentester at Merculite Security. He has more than a decade's worth of experience as an Electrical Engineer, managing Red and Blue teams, and hacking buffoonery. His work focuses on wireless network penetration and non-IP based system security with an emphasis on embedded systems security. He has presented at DEF CON 24 and RSA 2017.

Jacob "Hubble" Krasnov
Jake "Hubble" Krasnov is the Co-founder of BC Security. He has spent most of his career as an Astronautical Engineer but has transitioned to cybersecurity. He has spent the last three years developing embedded system cyber testing tools and as a member and Red Team Lead.

Vincent "Halycon" Rose
Vincent "Halcyon" Rose is a software engineer with experience in cloud services. He has a decade of experience in software development and networking. Recently, his focus has been on building ad-serving technologies, web and ad-tracking applications.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Friday - 13:00-13:15


Introduction to the Aviation Village

Speakers – The Team aka Pete, Jim, Matt, Beau, Jen + more

Synopsis

Welcome to the Aviation Village. This will be a short intro to the Aviation Village, the team behind it, how we got here and what to expect during DEF CON 27!


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Friday - 15:30-15:59


IT/OT Convergence - Are We There Yet?

August 9, 2019 3:30 PM

Call it convergence, alignment, cooperation, or what you will, not only are IT networks being used to carry OT information and control instructions, traditional OT manufacturers are adding traditional IT features into their products and traditional IT manufacturers are looking at the opportunity to step into the OT world. Jack will discuss this and other aspects of the convergence of IT and OT. There is still resistance and in cases, a lack of understanding about IT/OT convergence, the objectives, and what needs to be done. In order to have convergence of IT/OT, we must first define, or at least set a goal for convergence.

Speaker Information

Panelist Information

Oden Jack

Parsons Government Services

Jack D. Oden is self-motivated, energetic, and accomplished, has 20 years’ experience in negotiating system improvements between users and engineers; developing, acquiring, operating, analyzing, designing, and programming quality, user-oriented systems. He provides services to customers on industrial control systems security for critical infrastructure, advises on compliance with legal, regulations and policy, leads information technology subject matter experts in operating systems and networking, managed five projects over 25 years, managed two full-scale computer operations and a cybersecurity operation center, and built a 67,000 sqft office complex, including four sensitive compartmented information facilities. He has over 46 years’ experience in leadership, Jack is a retired U.S. Army Lieutenant Colonel, holds a Masters in Business Administration, Management from University of Texas at San Antonio and Bachelors in Business Administration, Accounting from Texas A&M University, is a Certified Information Systems Security Professional, Global Industrial Cyber Security Professional, Project Management Professional, and SCADA Security Architect.


Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Friday - 11:00-11:59


Title:
Keynote: A Rant on Ethical Discolsure


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Friday - 09:00-09:59


Kube-Red C2 Operations on Kubernetes

This talk explores deploying and dynamically generating C2 services on Kubernetes! Everything will be extremely practical with walkthroughs of detailed deployment configurations. Building containers for popular C2 platforms, such as Cobalt Strike, and many others, will be covered. Rapidly deploying complex C2 infrastructure using tools such as Kops and Drone and managing DNS and TLS using Kubernetes will be discussed. Attendees will learn how to build complex redirecting logic to sandbag defenders, using the rewriting and filtering capabilities found in the Nginx Ingress Controller, and the Istio Service Mesh. In addition, monitoring the health of implants using Prometheus will be reviewed.

About Larry Suto: Larry is an independent security consultant based out of Oakland, CA. He spends a lot of time researching using cloud infrastructure for all types of security testing. He spends some time on Windows security as well. Twitter: @larrysuto


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Paris - Napoleons Corner Bar - Friday - 18:00-19:59


Title:
Lawyers Meet

If you're a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join Jeff McNamara at 18:00 on Friday, August 9th, for a friendly get-together, drinks, and conversation. Location: Inside the Napoleons Bar just outside of the Paris Speaking Tracks.

Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 2 - Friday - 14:00 - 15:50


Let's Map Your Network

Friday from 14:00 – 15:50 in Sunset 2 at Planet Hollywood
Audience: Defense, Monitoring

Pramod Rana

Let’s Map Your Network (LMYN) aims to provide an easy to use interface to security engineer and network administrator to have their network in graphical form with zero manual error. It is utmost important for any security engineer to understand their network first before securing it. In a mid to large level organisation’s network having a network architecture diagram doesn’t provide the complete understanding and manual verification is a nightmare. Hence in order to secure entire network it is important to have a complete picture of all the systems which are connected to your network, irrespective of their type, function, technology etc. BOTTOM LINE - YOU CAN'T SECURE WHAT YOU ARE NOT AWARE OF. LMYN does it in two phases:

1. Learning: In this phase LMYN 'learns' the network by performing the network commands and querying the APIs and then builds graph database leveraging the responses. User can perform any of the learning activities at any point of time and LMYN will incorporate the results in existing database.

2. Monitoring: This is a continuous process, where LMYN monitors the 'in-scope' network for any changes, compare it with existing information and update the graph database accordingly.

https://github.com/varchashva/LetsMapYourNetwork

Pramod Rana
Pramod Rana works as a Senior Security Engineer with Coupa Software (The All-In-One Business Spend Management Platform). Pramod is responsible for implementing DevSecOps functions in Coupa like penetration testing, threat modelling, secure source code review. He has presented at Black Hat Europe 2018 before. He loves to do offensive security research, coding and running in his personal time.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 13:20-13:50


SPONSERED TALK

Let’s get technical and hunt harder!

1320 - 1350


Return to Index    -    Add to    -    ics Calendar file

 

BTVW - Flamingo - Lower Level - Valley Of Fire 1 - Friday - 14:00-17:59


Malware Traffic Analysis Workshop

Friday 14:00, Valley Of Fire 1, Flamingo (4H)

@malware_traffic based in Texas, specializes in traffic analysis of malware and suspicious network activity. After more than 21 years in the US Air Force, Brad transitioned to cyber security in 2010. He is currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. Brad is also a volunteer handler for the Internet Storm Center (ISC) and has posted more than 140 diaries at isc.sans.edu. He routinely blogs technical details and analysis of infection traffic at www.malware-traffic-analysis.net, where he's provided over 1,600 malware and pcap samples to a growing community of information security professionals.

This workshop that focuses on infection traffic for hosts running Microsoft Windows. It begins with setting up Wireshark and identifying hosts in network traffic. Participants review malware infections and learn tips to identify indicators of malicious activity. The training ends with an evaluation where participants review pcaps and compose incident reports.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock II - Friday - 10:00-13:59


Malware Triage - Analyzing The Modern Malware Delivery Chain

Friday, 1000-1400 in Flamingo, Red Rock II

Sergei Frankoff Co-Founder, Open Analysis

Sean Wilson Co-Founder, Open Analysis

Malspam with an attached malicious document has now become the standard delivery vector for most criminal malware. In order to evade detection it is not uncommon for these malicious documents to execute a long chain of scripts involving macros, Javascript, and PowerShell before downloading the final payload. As a result incident responders and malware analysts need to be comfortable analyzing different document formats, and script languages to make sense of these delivery chains.

In this workshop you will work through the triage of a live malware delivery chain that includes a malicious document, malicious scripts, and a final malware payload. During this process you will be exposed to different document formats, and malscripts while you practice the skills required to manually analyze these delivery chains. This workshop focuses on the fundamental analysis techniques used when identifying, deobfuscating, and analyzing maldocs and malscripts. However, we will also provide an introduction to some free and open source tools that can be used to speed up the analysis process.

This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you have a good understanding of scripting languages like VBScript, and Javascript, and you are familiar with windows internals you should have no problem completing the workshop.

You will be provided with a VirtualMachine to use during the workshop, please make sure to bring a laptop that meets the following requirements. Your laptop must have VirtualBox or VMWare installed and working prior to the start of the course. Your laptop must have at least 60GB of disk space free, preferably 100GB. Your laptop must also be able to mount USB storage devices. Make sure you have the appropriate dongle if you need one.

Skill Level Beginner

Prerequisites: None

Materials: Students will be provided with a VirtualMachine to use during the workshop. They will need to bring a laptop that meets the following requirements: - The laptop must have VirtualBox or VMWare installed and working prior to class. - The laptop must have at least 60GB of disk space free, preferably 100GB. - The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).

Max students: 35

Registration: https://www.eventbrite.com/e/malware-triage-analyzing-the-modern-malware-delivery-chain-red-rock-ii-tickets-63609242958
(Opens 8-Jul-19)

Sergei Frankoff
Sergei is a co-founder of Open Analysis, and volunteers as a malware researcher. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis. Sergei is a strong believer in taking an open, community approach to combating cyber crime. He actively contributes to open source tools and tries to publish as much analysis as possible. With over a decade of experience Sergei has held roles both as the manager of an incident response team, and as a malware researcher.

Sean Wilson
Sean is a co-founder of Open Analysis, and volunteers as a malware researcher. He splits his time between reverse engineering malware and building automation tools for incident response. He is an active contributor to open source security tools focused on incident response and analysis. Sean brings over a decade of experience working in a number of incident response and application security roles with a focus on security testing and threat modelling. In his free time Sean loves fly fishing.


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Friday - 14:30-16:10


Mathematical Background of Blockchain Cryptography

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BTVW - Flamingo - Lower Level - Valley Of Fire 2 - Friday - 13:30-15:29


MEDIC! Malware Response 101 From The Trenches

Friday 13:30, Valley Of Fire 2, Flamingo (2H)

@krypt3ia is a security professional with over 13 years experience specializing in areas such as DFIR Ethical Hacking/Pen Testing, Social Engineering Information, Security Auditing, ISO27001, Threat Intelligence Analysis, Steganography Application and Detection.

Many of you out there may be in the information security field but how many of you know how to respond to a phishing and malware outbreak? It seems to be a common theme in companies that the ideal is that tools will be the end all be all in mitigating threats but the reality is that many times one will find themselves staring at a screen of alerts about malware and phishing waves coming in and no one really knows how to approach reversing the malware quickly and responding appropriately on a shoe string, which, many companies sadly find themselves doing. This workshop will show you how to triage a malware situation using tools and techniques easily found online. With a little know how and understanding of how malware works outside of the exotic APT you hear about, you too can learn how to respond without the benefit of a huge budget for security tools and even perhaps enough responders.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 19:15-19:59


7:15 PM: Medical Device Incident Response, Forensics, and ITs Challenges
Speaker: Sam Buhrow

Abstract: Performing incident response (IR) and forensics on Medical devices is met with unique challenges due to manufacturers focus on longevity, but not security. This creates an environment with OSs that are outdated, making live acquisitions almost impossible and conducting Dead Box forensics a standard practice. In this talk, we will cover some of the experiences we have had with medical device forensics, artifacts found (and not found), and the unique security concerns encountered.

Speaker Bio: Sam is a cybersecurity practitioner that has had the opportunity to do, manage, or lead nearly every role in cyber, and has been in every vertical except Energy. Sam was told he wouldnt go to college by his high school counselor. He graduated Summa Cum Laude.

Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Friday - 16:00-16:59


Title:
Medical Device Security


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Friday - 12:30-14:30


12:30 PM: Medical Simulations Panel
Speaker:
Abstract:
Speaker Bio:
T:

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 13:00-12:59


Migrating to quantum-safe cryptography to protect against the quantum hackers

No description available


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 15:00-14:59


MITM mixed mode butterfly key privacy attack

No description available


Return to Index    -    Add to    -    ics Calendar file

 

RGV - Flamingo - 3rd Floor - Carson City II - Friday - 14:00-14:59


Title:
Modern Rogue

Brian Brushwood of the Modern Rogue discuss some of their unique applications of and approaches to being a Rogue in the present day.
Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Friday - 13:00-13:45


More Keys Than A Piano: Finding Secrets In Publicly Exposed Ebs Volumes

Friday at 13:00 in Track 4
45 minutes | Demo, Tool

xBen "benmap" Morris Security Associate, Bishop Fox

Did you know that Elastic Block Storage (Amazon EBS) has a "public" mode that makes your virtual hard disk available to anyone on the internet? Apparently hundreds of thousands of others didn't either, because they're out there exposing secrets for everyone to see.

I tore apart the petabytes of data for you and have some dirty laundry to air: encryption keys, passwords, authentication tokens, PII, you name it and it's here. Whole (virtual) hard drives to live sites and apps, just sitting there for anyone to read. So much data in fact that I had to invent a custom system to process it all.

There's a massive Wall of Sheep out there on the internet, and you might not have even noticed that you're on it. Actually, you should stop reading and go check that out right now.

xBen "benmap" Morris
Ben Morris is a Security Associate at Bishop Fox, a consulting firm providing cybersecurity services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he focuses on application penetration testing, network penetration testing, and red-teaming.

Ben also enjoys performing drive-by pull requests on security tools and bumbling his way into vulnerabilities in widely used PHP and .NET frameworks and plugins. Ben has also contributed to Root the Box, a capture the flag security competition.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 15:00-15:45


MOSE: Using Configuration Management for Evil

Friday at 15:00 in Track 1
45 minutes | Demo, Tool

Jayson Grace Penetration Tester, Splunk

Configuration Management (CM) tools are used to provision systems in a uniform manner. CM servers are prime targets for exploitation because they are connected with key machines. The tools themselves are powerful from a security standpoint: they allow an attacker to run commands on any and every connected system. Unfortunately, many security professionals do not have CM experience, which prevents them from using these tools effectively. MOSE empowers the user to weaponize an organization’s CM tools without having to worry about implementation-specific details.

MOSE first creates a binary based on user input. Once transferred to the CM server and run, this binary dynamically generates code that carries out the desired malicious behavior on specified systems. This behavior can include running arbitrary system commands, creating or deleting files, and introducing backdoors. MOSE puts the generated code in the proper place so that all targeted systems will run it on their next check-in with the server, removing the need for the user to integrate it manually.

CM tools are a powerful resource, but they have a barrier to entry. MOSE aims to remove this barrier and make post exploitation more approachable by providing a tool to translate the attacker's desired task into commands executable by the CM infrastructure.

Jayson Grace
Jayson Grace is a Penetration Tester on the Product Security Team at Splunk. Previously he founded and led the Corporate Red Team at Sandia National Laboratories. He holds a BS in Computer Science from the University of New Mexico, which gave him some great knowledge and also made him fatter and added a bunch of grey hairs. He has also previously worked as a tool developer, system administrator, and DevOps engineer. Jayson is passionate about empowering engineers to create secure applications, as well as coming up with novel automation methods to break things.

Twitter: @Jayson_Grace
Website: https://techvomit.net


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Napoleon's Piano Bar - Friday - 25:00-25:59


Title:
Music - ASHSLAY

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Napoleon's Piano Bar - Friday - 23:00-23:59


Title:
Music - DJ SmOke

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Friday - 24:00-24:59


Title:
Music - DJ St3rling

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Napoleon's Piano Bar - Friday - 24:00-24:59


Title:
Music - DJ Wil Austin

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Friday - 25:00-25:59


Title:
Music - DJ%27

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Friday - 22:00-22:59


Title:
Music - Icetre Normal

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Friday - 23:00-23:59


Title:
Music - Miss Jackalope

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Napoleon's Piano Bar - Friday - 22:00-22:59


Title:
Music - S7a73farm

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Napoleon's Piano Bar - Friday - 21:00-21:59


Title:
Music - Steph Infection

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Friday - 21:00-21:59


Title:
Music - Terrestrial Access Network

No description available
Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Friday - 16:00-16:30


Nation State Supply Chain Attacks for Dummies -or- Chipping Cisco Firewalls

August 9, 2019 4:00 PM

Back in October 2018, Bloomberg recounted a Chinese supply-chain attack on Supermicro motherboards used in servers for Amazon, Apple and more. Here is how I replicated it, on a Cisco firewall, with a shoestring budget, and how you can too.

Speaker Information

Panelist Information

Monta Elkins

Coke & Strippers YouTube Channel

The award winning Monta Elkins is known as the infamous creator of the diet Coke and wire Strippers electronics youtube channel, aka Coke & Strippers for short: https://tinyurl.com/y6vpmbw4 As a small child, Monta entertained himself by memorizing Pi -- backwards


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 13:00-13:45


No Mas – How One Side-Channel Flaw Opens Atm, Pharmacies and Government Secrets Up to Attack

Friday at 13:00 in Track 3
45 minutes | Demo, Exploit

phar ioactive

Hacking ‘high security’ electronic locks has become a bit of a hobby, but what if you identify an unpatchable design pattern that unlocks buckets of cash and government secrets? How long do wait before telling ‘people’? let’s talk about how these locks are designed, where they fail and we can rip this band-aid off together.

phar
Mike Davis is a hardware security researcher and consultant with IOActive, and for some reason still responds to ‘phar’.


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 15:00-15:59


Old Tech vs New Adversaries. Round 1... Fight!

Joseph Muniz, Security Architect at Cisco
Aamir Lakhani, Lead Researcher at Fortinet

Security venders are struggling to keep up with the tactics used by adversaries. What happens when you use really old technology as a security strategy rather than bleeding edge tech? Can ransomware infect a Commodore 64 or Windows 3.0? What happens when malware attempts to compromise a Sega Genesis? Could an adversary successfully pivot and exfiltrate data from a network running CatOS? This talk will answer these and other questions regarding how modern threats react to really old technology. Research includes running various forms of modern malware on old technologies as well as permitting cybercriminals access to really old networks to see how they handle the situation. Speakers are authors of a handful of books including a recent title on digital forensics.

Joseph Muniz (Twitter: @SecureBlogger) and Aamir Lakhani (Twitter: @aamirlakhani) together have spoken at various conferences including the infamous Social Media Deception RSA talk quoted by many sources found by searching "Emily Williams Social Engineering". Both speakers have written books together including a recent title "Digital Forensics for Network Engineers" released on Cisco Press late February 2018. They have been friends for years and continue to collaborate on research and other projects.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 6 - Friday - 14:00 - 15:50


OSfooler-NG: Next Generation of OS fingerprinting fooler

Friday from 14:00 – 15:50 in Sunset 6 at Planet Hollywood
Audience: Defense

Jaime Sanchez

An outsider has the capability to discover general information, such as which operating system a host is running, by searching for default stack parameters, ambiguities in IETF RFCs or non-compliant TCP/IP implementations in responses to malformed requests. By pinpointing the exact OS of a host, an attacker can launch an educated and precise attack against a target machine. There are lot of reasons to hide your OS to the entire world: Revealing your OS makes things easier to find and successfully run an exploit against any of your devices. Having and unpatched or antique OS version is not very convenient for your company prestige. Imagine that your company is a bank and some users notice that you are running an unpatched box. They won't trust you any longer! In addition, these kind of 'bad' news are always sent to the public opinion. Knowing your OS can also become more dangerous, because people can guess which applications are you running in that OS (data inference). For example if your system is a MS Windows, and you are running a database, it's highly likely that you are running MS-SQL. It could be convenient for other software companies, to offer you a new OS environment (because they know which you are running). And finally, privacy; nobody needs to know the systems you've got running. OSfooler was presented at Blackhat Arsenal 2013. It was built on NFQUEUE, an iptables/ip6tables target which delegate the decision on packets to a userspace. It transparently intercepted all traffic that your box was sending in order to camouflage and modify in real time the flags in TCP/IP packets that discover your system. OSfooler-NG has been complete rewriten from the ground up, being highly portable, more efficient and combining all known techniques to detect and defeat at the same time: Active remote OS fingerprinting: like Nmap Passive remote OS fingeprinting: like p0f v2 Commercial engines like Sourcefire’s FireSiGHT OS fingerprinting Some additional features are: No need for kernel modification or patches Simple user interface and several logging features Transparent for users, internal process and services Detecting and defeating mode: active, passive & combined Will emulate any OS Capable of handling updated nmap and p0f v2 fingerprint database Undetectable for the attacker

https://github.com/segofensiva/OSfooler-ng

Jaime Sanchez
Jaime Sánchez (aka @segofensiva) has worked for over 20 years as a specialist advisor for large national and international companies, focusing on different aspects of security such as consulting, auditing, training, and ethical hacking techniques. He holds a Computer Engineering degree and an Executive MBA. In addition, he holds several certifications, like CISA , CISM , CISSP , just to name a few, and a NATO SECRET security clearance, as a result of his role as advisory of many law enforcement organizations, banks and large companies in Europe and Spain. He has spoken in renowned security conferences nationally and internationally, as in RootedCON , Nuit du Hack , Black Hat , Defcon , DerbyCON , NocOnName , Deepsec , Shmoocon or Cyber Defence Symposium , among others. As a result of his researches, he has notified security findings and vulnerabilities to top companies and vendors, like Banco Popular, WhatsApp, Snapchat, Microsoft, Apple etc. He is a frequent contributor on TV (TVE, Cuatro, LaSexta, Telecinco), press (El Pais, El Mundo, LA Times, NBC News) and radio programs, and writes a blog called 'SeguridadOfensiva'


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 15:15-15:40


LIGHTENING TALK

OSINT Approach in Big-Data

1515 - 1540


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Friday - 17:05-17:35


Friday August 09 2019 1705 30 mins
OSINT in the Real World
Practical OSINT techniques are not just applicable in a day-to-day infosec job but can also benefit every aspect of your life. Expressed through personal stories and walk-throughs of real investigations I will show you how OSINT makes you more effective at any job and safer in the real world.

Ryan MacDougall: @joemontmania
Ryan MacDougall is a Senior Social Engineer Pentester for Social-Engineer LLC, who has over 20 years’ experience in the information technology world and 6 years in the security space specifically. Currently a trainer for SECOM’s OSINT classes which have been seen at Blackhat, DerbyCon, and numerous public and private sessions.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Planet Hollywood - Firesides Lounge - Friday - 22:15-22:59


Panel: DEF CON Groups

Friday at 22:15 in Firesides Lounge
45 minutes

Brent White / B1TK1LL3R Global Coordinator

Jayson E. Street Ambassador

Darington Web Master

April Wright Welcoming Committee & Liaison

Tim Roberts (byt3boy) Volunteer

Casey Bourbonnais Volunteer

s0ups Social media

Do you love DEF CON? Do you hate having to wait for it all year? Well, thanks to DEF CON groups, you're able to carry the spirit of DEF CON with you year round, and with local people, transcending borders, languages, and anything else that may separate us!In this fireside chat, your DEF CON groups team who works behind the scenes to make DCG possible will invite group leaders to share how they started their groups, how they found meeting space, how they decide what content to present each meeting, and other topics. Potential new group leaders can find out how to start and run a local group, and existing group leaders and members can share and get operational ideas for running the best group possible. During the Fireside chat, we'll have the ability to keep it an open forum for questions and ideas, as well as a great opportunity to meet other groups.

Brent White / B1TK1LL3R


Twitter: @brentwdesign

Jayson E. Street


Twitter: @jaysonstreet

Darington


Twitter: @darington

April Wright


Twitter: @aprilwright

Tim Roberts (byt3boy)


Twitter: @ZanshinH4x

Casey Bourbonnais


Twitter: @Bourbonnais_c

s0ups


Twitter: @ynots0ups


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 16:00-16:59


Patching: It's Complicated

Cheryl Biswas

Patching – it's complicated. Organizations at every level struggle with security updates in a fundamental process that seems more like a necessary evil than a best practice. The fact is, one size does not fit all when security patches get issued and things can go very wrong. What actually determines enterprise patching cycles? How should we prepare for the pernicious spread of unpatched BYOD that gets connected? We need to go beyond just finding the sweet spot between mitigating business risk with vulnerability exposure. Because the cure isn't supposed to be worse than the disease.

Cheryl Biswas (Twitter: @3ncr1pt3d) is a Strategic Threat Intel Analyst with a major bank in Toronto, Canada. Previously, she was a Cyber Security Consultant with KPMG and worked on security audits and assessment, privacy, breaches, and DRP. Her experience includes project management, vendor management and change management. Cheryl holds an ITIL certification and a degree in Political Science. Her areas of interest include APTs, mainframes, ransomware, ICS SCADA, and building threat intel. She actively shares her passion for security online, as a speaker and a volunteer at conferences, and by encouraging women and diversity in Infosec as a founder and member of the "The Diana Initiative".


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 2 - Friday - 12:00 - 13:50


PcapXray

Friday from 12:00 – 13:50 in Sunset 2 at Planet Hollywood
Audience: Defense, Forensics, Networks

Srinivas Piskala Ganesh Babu

PcapXray is a Network Forensics tool that performs pcap visualization to help/speed up traffic investigation offline. [ in n00b terms, Draws a Network Map and Highlights what needs to be looked for in a packet capture. ]

* Creates visual drawing (map) of a pcap file and highlights/extracts details for faster/robust traffic forensics/analysis
* Reverse Engineer a Pcap [Packet Capture] File ( Wireshark always is the best goto ), PcapXray plays as a sidecar to speed things up with the investigation ( where/what to look at/for? )
* Promote navigation of a packet capture
* Accomplish Simple goal In the best way ( I could not easily find an offline tool to draw/map/highlight a pcap file ) --> [ Just for Security Fun! ]

Capabilities include

* Converting a packet capture into a diagram/graph/visual representation
* Segregating and filtering with respect to traffic type, the current list includes HTTP, HTTPS, Tor, Possible Malicious, ICMP, DNS
* Extracting payload and present traffic on a session/flow basis
* Enriching the traffic data with host scans to generate Reports
* Identifying covert communication and possibility to extract files included in the traffic

https://github.com/Srinivas11789/PcapXray

Srinivas Piskala Ganesh Babu
Sri is a Security Software Engineer at Oblong Industries spending time on collaborative-conferencing platform security. During other times, he has fun with security, capturing flags & building tools at https://srinivas11789.github.io and github.com/srinivas11789.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 2 - Friday - 10:00 - 11:50


PhanTap (Phantom Tap)

Friday from 10:00 – 11:50 in Sunset 2 at Planet Hollywood
Audience: Red Teams, it could also be used by Blue Teams.

Diana Dragusin & Etienne Champetier

PhanTap (phantom tap) is an ‘invisible’ network tap aimed at red teams. With limited physical access to a target building, this tap can be installed inline between a network device and the corporate network. PhanTap is silent in the network and does not affect the victim’s traffic, even in networks having NAC (Network Access Control 802.1X - 2004). PhanTap will analyze traffic on the network and mask its traffic as the victim device. It will mount a tunnel back to a remote server, giving the attacker a foothold in the network for further exploitation and pivoting. The physical device for PhanTap is currently a small, inexpensive and disposable router running OpenWrt, we've been testing the GL.iNet GL-AR150. Moreover, PhanTap is fully based on Linux packages and can be ported to any Linux distribution.

Diana Dragusin
Diana Dragusin is currently a Senior Security Consultant at NCC Group, where she performs a variety of types of penetration tests, with a focus on networks, hardware, and embedded systems. Diana previously worked as a Network Security Architect, with the goal of building more secure internal and external infrastructures. In addition to hardware hacking, Diana also enjoys applying her creativity and curiosity to world travel and the culinary arts.

Etienne Champetier
Etienne Champetier is an Operations Engineer at Anevia (a video software company). Day to day he troubleshoots complex ecosystems with lots of vendors and moving parts (i.e. uses tcpdump and strace), automates everything he can with Ansible, helps migrate Anevia softwares to Kubernetes, and does all kinds of small developments. He loves to understand how everything works and he contributes to open source software, like OpenWrt, when he can (@champtar on Github).


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 5 - Friday - 12:00 - 13:50


Phishing Simulation

Friday from 12:00 – 13:50 in Sunset 5 at Planet Hollywood
Audience: Defense

Jyoti Raval

Phishing Simulation tool mainly aims to increase phishing awareness & understanding by providing an intuitive tutorial and customized assessment to assess people's action on any given situation without performing actual phishing activity; and further gives analysis of what is the current awareness posture of targeted users.

The tool has below modules:

- Tutorial -> To increase the awareness by providing an interactive and intuitive tutorial
- Assessment -> To evaluate the current understanding and actions of user on any given situation
- Setup Test -> This module let's any user to create the customized campaign and target multiple users at same time
- Analysis -> Graphical representation to understand the current awareness posture

https://github.com/jenyraval/Phishing-Simulation

Jyoti Raval
Jyoti Raval works as a Senior Web Application Security Analyst with Qualys. Jyoti is responsible for researching on improving Dynamic Application Security Testing(DAST)Tool, perform web application pen-testing; and understanding new security trends. She is also OWASP Pune chapter leader. She loves to assess things and hence presenting an assessment tool ;)


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 12:00-12:45


Phreaking Elevators

Friday at 12:00 in Track 2
45 minutes | Demo

WillC

This is a comprehensive dive into the current emergency phones with an in-depth look at the phones used in elevators. This talk will provide unique insight into a topic that hasn't been covered before: Elevator Phones. During this talk, I will discuss the commonality between elevator phone brands. I will cover a new, never before released, set of default passwords these system use. I will show a tool kit and how to use it to access elevator phones locally, as well as remotely. In addition, I will show how to reprogram a phone , how to make the elevator state its location, and how to alert the passenger that help is on the way. Finally, I will demonstrate some attacks, including how you can use elevator phones as listening devices to silently listen to conversations of people inside an elevator. I’m WillC, your elevator operator, let's go for a ride!

WillC
Will has grown up with a passion for making things. He has done a number of high voltage projects and recently been taking in interest in information security competing in a number of different CTFs across the country. Will also helps run the Car Hacking Village. He works bringing in the infosec and maker community to Macchina.

Twitter: @Willcaruana


Return to Index    -    Add to    -    ics Calendar file

 

RGV - Flamingo - 3rd Floor - Carson City II - Friday - 17:00-17:59


Title:
Pickpocketing Workshop

Pickpocketing Workshop with James Harrison. Space will be limited. Sign-up is available here.
Return to Index    -    Add to    -    ics Calendar file

 

RGV - Flamingo - 3rd Floor - Carson City II - Friday - 16:00-16:59


Title:
Pickpocketing

James Harrison, a magician and pickpocket, demonstrates his skills on stage, and shows us how we may apply some of these principles to larger approaches in Social Engineering.
Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Friday - 15:00-15:30


Pin the tail on the cyber owner

August 9, 2019 3:00 PM

Determining who owns cyber risk when securing ICS in plants and facilities can be a bit of a challenge; there are owners of assets, technologies, operations, management, and even investors/governments. Security issues, gaps, and outright holes can quickly become “incidents" if proper ownership is not understood. Here, we will play a game to determine who has ownership of the things that can break -- that is, when a plant experiences a loss of operational view, denial of control, or manipulation of sensors or instruments.

Speaker Information

Panelist Information

Ryan Leirvik

GRIMM

Ryan is a Principal at GRIMM, a boutique cybersecurity consultancy. He brings a unique perspective to how things break and why organizations should care. Enjoy the talk.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 16:00-16:30


Please Inject Me, a x64 Code Injection

Friday at 16:00 in Track 1
20 minutes | Demo

Alon Weinberg Security Researcher, Deep Instinct

Malware authors are always looking for new ways to achieve code injection, thereby allowing them to run their code in remote processes. Code Injection allows hackers to better hide their presence, gain persistence and leverage other processes’ data and privileges.

Finding and implementing new, stable methods for code injection is becoming more and more challenging as traditional techniques are now widely detected by various security solutions or limited by native OS protections.

Inject-Me is a new method to inject code to a remote process in x64. Inject-Me is in fact “injection-less” – the remote (target) process is manipulated to read data from the injecting process, copy and execute it. The manipulation is mainly based on abusing ReadProcessMemory and calling conventions in X64. In addition to presenting Inject-Me, the talk will mention a generalized approach to copying data in remote processes to recreate shellcode from the injecting process.

Alon Weinberg
Alon Weinberg is a security researcher at Deep Instinct. Prior to joining Deep Instinct two years ago, Alon served in the IDF for 4.5 years in an elite cyber unit as a security researcher.

As part of his role in Deep Instinct, Alon is in charge of finding new ways to enhance and develop protection and defense mechanisms. Alon leverages his experience in offensive operations, OS internals and programming to explore attack surfaces in Windows and macOS, analyze malware and research attack vectors and evasion techniques. Alon is a cross-fit junky and enjoys riding his motorcycle whenever his training routine allows it.

LinkedIn: https://www.linkedin.com/in/alon-weinberg-2a7742142/


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 16:30-16:50


Poking the S in SD cards

Friday at 16:30 in Track 1
20 minutes | Demo, Tool, Exploit

Nicolas Oberli Cybersecurity Expert, Kudelski security

Ever wonder why the S in SD cards stands for Secure? Well, it turns out that it is possible to read and/or write protect these cards by software using specific commands. As you might expect, this process isn’t as "secure" as the name implies leading to multiple issues. This talk will present some of these features and the vulnerabilities discovered while poking at cards from various manufacturers. The equipment used in this talk is quite easily attainable allowing for easy replication and learning about these attacks.

Nicolas Oberli
Nicolas works as a security researcher for Kudelski Security in Switzerland. His research focuses on embedded devices and communication protocols. In his spare time, he now spends more time designing CTF challenges than solving them. He is also one of the main developers of the Hydrabus hardware hacking tool and part of the BlackAlps security conference committee.

Twitter: @Baldanos


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Friday - 14:00-14:45


Practical Key Search Attacks Against Modern Symmetric Ciphers

Friday at 14:00 in Track 4
45 minutes | Demo

Daniel "ufurnace" Crowley Research Baron, X-Force Red

Daniel Pagan Student, Georgia Tech

In theory, brute force key recovery attacks against modern ciphers like AES should be impractical with the current state of computer hardware. It's often said that recovering an AES key should take longer than the remainder of the life of the sun. However, this assumes that keys are chosen properly, and that there is no way to determine whether a key is the correct one after a candidate key is used to decrypt a captured ciphertext.

In practice, these conditions do not always hold. In much the same way that hash functions are impossible to reverse but hash cracking is still a practical attack, in the real world it is often possible to perform practical key search attacks. In this talk, we will discuss the common mistakes and common conditions that allow for practical brute force recovery of keys for modern block ciphers such as AES. We will also discuss optimizations to speed up key search efforts, and present our FOSS tool, which implements our approach.

Daniel "ufurnace" Crowley
Daniel Crowley is the head of research and a penetration tester for X-Force Red. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. Daniel enjoys climbing large rocks and is TIME magazine's 2006 person of the year. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie and brews his own beer. Daniel's work has been included in books and college courses. Daniel also holds the noble title of Baron in the micronation of Sealand.

Daniel Pagan
Daniel Pagan is a student at Georgia Tech, a DEF CON TV goon, and a Lord in the micronation of Sealand.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Friday - 16:50-17:59


Speaker: Rich Mogull

Twitter: @rmogull

Abstract: Automating cloud security operations takes a little more than slapping together a quick lambda to fix an open S3 bucket (but that isn't a bad start). In this workshop we will cover the major categories of security automations and present practical implementation techniques. Come prepared to build your own (or use our starter scripts) as we:

  • Review the three major categories of automations- guardrails, workflows, and orchestrations.
  • Build demo versions of each (in AWS, bring your own account), incorporating techniques including assessments, event-driven guardrails, and an incident response workflow.
  • See demonstrations of cross-product orchestrations that integrate commercial tools.
  • Learn the tricks of the trade, based on 10 years of hands-on research and implementation (for realz, check the intertubes if you don't believe us).
  • See what it takes to implement automations at global scale.

About Rich: Rich Mogull, Analyst & CEO.Rich has twenty years experience in information security, physical security, and risk management. These days he specializes in cloud security and DevSecOps, having starting working hands-on in cloud nearly 10 years ago. He is also the principle course designer of the Cloud Security Alliance training class, primary author of the latest version of the CSA Security Guidance, and actively works on developing hands-on cloud security techniques. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator.
Rich is the Security Editor of TidBITS and a frequent contributor to industry publications. He is a frequent industry speaker at events including the RSA Security Conference, Black Hat, and DefCon, and has spoken on every continent except Antarctica (where he's happy to speak for free -- assuming travel is covered).


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Friday - 12:00-12:45


Process Injection Techniques - Gotta Catch Them All

Friday at 12:00 in Track 1
45 minutes | Tool

Itzik Kotler Co-Founder & CTO at SafeBreach

Amit Klein VP Security Research at SafeBreach

When it comes to process injection in Windows, there are only 6-7 fundamental techniques, right? Wrong. In this talk, we provide the most comprehensive to-date “Windows process injection” collection of techniques. We focus on Windows 10 x64, and on injections from running 64-bit medium integrity process to another running 64-bit medium integrity process, without privilege elevation. We pay special attention to the new Windows protection technologies, e.g. CFG and CIG. We differentiate between memory write primitives and execution techniques, and discuss memory allocation strategies. Our collection is curated, analyzed, tabulated, with straight-forward, research-grade PoCs. We tested each technique against Windows 10 x64 with and without protections, and we report on the requirements, limitations, and quirks of each technique. And of course – no decent DEF CON presentation is complete without new attacks. We describe a new memory writing primitive which is CFG-agnostic. We describe a new “stack bombing” execution method (based on the memory write primitive above) that is inherently safe (even though overwriting the stack is a-priori a dangerous and destabilizing action). Finally, we release a library of all write primitives and execution methods, so users can generate “tailor-made” process injections.

Itzik Kotler
Itzik Kotler is CTO and Co-Founder of SafeBreach. Itzik has more than a decade of experience researching and working in the computer security space. He is a recognized industry speaker, having spoken at DEF CON, Black Hat USA, Hack In The Box, RSA, CCC and H2HC. Prior to founding SafeBreach, Itzik served as CTO at Security-Art, an information security consulting firm, and before that he was SOC Team Leader at Radware. (NASDQ: RDWR).

Website: http://www.ikotler.org
Twitter: @itzikkotler

Amit Klein
Amit Klein is a world renowned information security expert, with 28 years in information security and over 30 published technical and academic papers on this topic. Amit is the VP Security Research at SafeBreach, responsible for researching various infiltration, exfiltration and lateral movement attacks. Before SafeBreach, Amit was the CTO for Trusteer (acquired by IBM) for 8.5 years. Prior to Trusteer, Amit was chief scientist for Cyota (acquired by RSA) for 2 years, and prior to that, director of Security and Research for Sanctum (acquired by Watchfire, now part of IBM security division) for 7 years. Amit has a B.Sc. from the Hebrew University in Mathematics and Physics (magna cum laude, Talpiot program), recognized by InfoWorld as a CTO of the year 2010 , and has presented at BlackHat USA, DEF CON, NDSS, OWASP Global (keynote), InfoCom, DSN, HITB, RSA, OWASP EU, CertConf, BlueHat, CyberTech, APWG and AusCERT (keynote).

Website: http://www.securitygalore.com/


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Friday - 10:30-11:30


Puny Charge your Phishing Campaigns

Verizon's 2019 Data Breach Investigation Report (DBIR) indicates that malware is delivered via email in 94% of investigated breaches. Business Email Compromise (BEC) is on the rise. Phishing is still a problem for most organizations. A good phishing campaign is still an easy win for a Red Teamer, though it’s a constant cat-and-mouse game as email gateways deploy new techniques for anti-spoofing and malware detection. This talk will discuss research and browser/app testing around using Puny Code to create solid doppelganger domains for phishing campaigns, watering hole attacks and other creative shenanigans. Using techniques discussed in this talk, you all be able to clone your target's domain name(s) appearing identical to the naked eye. Passing SSL/TLS verification, bypassing security awareness training, and any in-house phishing campaigns your Blue Team might have implemented, this is a $12 technique you must see.

About Michael Wylie: Michael Wylie, MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, Moorpark College, California State Universities, and for clients around the world. Michael is the winner of the SANS Continuous Monitoring and Security Operations challenge coin and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more. Twitter: @TheMikeWylie


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Friday - 16:30-16:50


Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption

Friday at 16:30 in Track 4
20 minutes | Demo, Exploit

Jens Müller Ruhr University Bochum

We show practical attacks against OpenPGP and S/MIME encryption and digital signatures in the context of email. Instead of targeting the underlying cryptographic primitives, our attacks abuse legitimate features of the MIME standard and HTML, as supported by email clients, to deceive the user regarding the actual message content. We demonstrate how the attacker can unknowingly abuse the user as a decryption oracle by replying to an unsuspicious looking email. Using this technique, the plaintext of hundreds of encrypted emails can be leaked at once. Furthermore, we show how users could be tricked into signing arbitrary text by replying to emails containing CSS conditional rules. An evaluation shows that 17 out of 19 OpenPGP-capable email clients, as well as 21 out of 22 clients supporting S/MIME, are vulnerable to at least one attack. We provide different countermeasures and discuss their advantages and disadvantages

Jens Müller
Jens Müller is a PhD student at the Chair for Network and Data Security, Ruhr University Bochum, Germany. His research interests are legacy protocols and data formats, for which he loves to investigate what could possibly go wrong in a modern world. He has experience as a speaker on international security conferences (BlackHat, IEEE S&P, OWASP) and as a freelancer in network penetration testing and security auditing. Besides breaking thinks, he develops free open source software, for example, tools related to network printer exploit^H^H^H^H^H^H^H, um, "debugging".

Twitter: @jensvoid
Websites: https://www.nds.ruhr-uni-bochum.de/chair/people/jmueller/
https://hacking-printers.net/


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Friday - 18:50-19:20


Friday August 09 2019 1850 30 mins
Red Teaming Insights and Examples from Beyond the Infosec Community
Red Teaming isn’t just pen testing. Red team approaches and techniques are widely used in the military, intelligence community, and throughout the private sector. Every institution, from the Marines Corps to pharmaceutical giants, experiences the same organizational pathologies that make the unable to identify blind spots, challenge assumptions, or consider adversarial perspective. This talk will describe why red team approaches are needed, and offer concrete examples of where and how they have been used effectively. These practical tips and best practices of what makes red teams succeed will be intuitively useful to members of the information security community.

Micah Zenko: @micahzenko
Micah Zenko is the Director of Research and Learning at McChrystal Group, and columnist at Foreign Policy magazine. Previously, he worked at the Council on Foreign Relations, Harvard’s Kennedy School of Government, and the State Department’s Office of Policy Planning. Zenko consults with military commands, law enforcement agencies, the private sector, and nonprofit research organizations. He is the author of three books, including Red Team: How to Succeed by Thinking Like the Enemy. He has a PhD in political science from Brandeis University, and a Wisconsin bartender license.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Friday - 15:00-15:45


Relaying Credentials Has Never Been Easier: How to Easily Bypass the Latest NTLM Relay Mitigations

Friday at 15:00 in Track 4
45 minutes | Demo, Tool, Exploit

Marina Simakov Senior Security Researcher @Preempt

Yaron Zinar Senior Security Researcher Lead @Preempt

Active Directory has always been a popular target for attackers, with a constant rise in attack tools attempting to compromise and abuse the main secrets storage of the organization. One of the weakest spots in Active Directory environments lies in the design of one of the oldest authentication protocols – NTLM, which is a constant source of newly discovered vulnerabilities. From CVE-2015-0005, to the recent LDAPS Relay vulnerability, it is clear why this protocol is one of the attackers’ favorites.

Although there are offered mitigations such as server signing, protecting the entire domain from NTLM relay is virtually impossible. If it weren’t bad enough already, we will present several new ways to abuse this infamous authentication protocol, including a new critical zero-day vulnerability we have discovered which enables to perform NTLM Relay and take over any machine in the domain, even with the strictest security configuration, while bypassing all of today's offered mitigations. Furthermore, we will present why the risks of this protocol are not limited to the boundaries of the on-premises environment and show another vulnerability which allows to bypass various AD-FS restrictions in order to take over cloud resources as well.

Marina Simakov
Marina Simakov is a security researcher at Preempt, with a special interest in network security and authentication protocols. Prior to Preempt, Marina served as a Security Researcher at Microsoft for several years. She holds an M.Sc. in computer science, with several published articles, with a main area of expertise in graph theory. Marina previously spoke at various security conferences such as Black Hat, BlueHat IL and DEF CON.

Yaron Zinar
Yaron Zinar is a Lead Security Researcher at Preempt, delivering the industry’s first Identity and Access Threat Prevention. Previously, Yaron spent over 12 years at leading companies such as Google and Microsoft where he held various positions researching and leading big data, machine learning and cyber security projects. Yaron is an expert on Windows Authentication protocols, among his team latest finding are CVE-2017-8563 and CVE-2018-0886, which he presented in Black Hat last year. Yaron holds an M.Sc. in Computer Science with focus on statistical analysis.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock III - Friday - 14:30-18:30


Reverse Engineering Android Apps

Friday, 1430-1830 in Flamingo, Red Rock III

Sam Bowne Proprietor, Bowne Consulting

Elizabeth Biddlecome Senior Researcher, Bowne Consulting

Practice finding flaws in real Android apps in this fun, CTF-style hands-on workshop, and you will be ready to avoid making security errors in your own apps.

Android apps are very easy to unpack, analyze, modify, and repack; partly because of the open nature of the system, and partly because most companies neglect basic security measures. In this workshop, participants will hack apps from Wells Fargo, Microsoft, Lyft, WhatsApp, Whole Foods, IBM, Harvard, Progressive, the Indian government, and other large organizations. We will find insecure network transmissions, broken cryptography, improper logging, and pervasive lack of binary protections. We will also analyze the way iOS apps use network transmissions, and observe serious vulnerabilities in iOS apps from major companies.

We will analyze Android internals in details, using the Drozer attack framework to inspect and manipulate intents to exploit insecure activities and content providers. We will perform a protection level downgrade attack on an Android 4.3 device, removing security protections from the Twitter app.

All class materials are freely available on the Web, and will remain available after the workshop. All vulnerabilities were reported to the affected companies long ago, where appropriate.

Equipment: participants must bring a laptop that can run VirtualBox machines. The host system can use Mac OS (best), Linux (OK) or Windows (usable but limited). We will use free Android emulators and a Kali virtual machine. They will be available as free downloads, and also locally on USB sticks.

Skill Level Intermediate

Prerequisites: Familiarity with basic networking and security concepts.

Materials: A laptop capable of running VirtualBox.

Max students: 90

Registration: https://www.eventbrite.com/e/reverse-engineering-android-apps-red-rock-iii-tickets-63609248976
(Opens 8-Jul-19)

Sam Bowne
Sam Bowne is the proprietor of Bowne Consulting and an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is a DEF CON Black Badge co-winner.

Elizabeth Biddlecome
Elizabeth Biddlecome is a senior researcher at Bowne Consulting, an independent consultant, and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 4 - Friday - 10:00 - 11:50


Reverse Engineering Embedded ARM with Ghidra

Friday from 10:00 – 11:50 in Sunset 4 at Planet Hollywood
Audience: Offense, Defense, AppSec, Mobile, Hardware

Max Compston

The ARM processor is the most prevalent processor in the world. ARM devices encompass mobile phones, network devices and appliances, and devices comprising what is now called the Internet of Things. Before April 2019, the only professional tool available for Reverse Engineering ARM processors was IDA Pro. With the release of Ghidra by the National Security Agency (NSA) to the Open Source Community this April, a professional grade Reverse Engineering tool is now available for ARM. This Demo Lab setup will include a Linux Host Laptop running Ubuntu Linux. The target system is an embedded Raspberry Pi ARM v8a running Ubuntu Linux Core. This demonstration will consist of static Reverse Engineering a demonstration Banking Application daemon using Ghidra. Static analysis of the fictitious application with this tool should reveal areas prone to PLT/GOT infection. This analysis will focus on shared libraries prone to infection. Next, an Injection / Hook program will perform Linux PTRACE Injection / Function Hooking on the Banking Application. The function hooking is based upon the results from the Ghidra analysis performed earlier. The hook function will send the user data back to our host using a method unknown to the developer of the Banking Application.

Max Compston
Max Compston is the Principal Software Engineer with Embedded Software Solutions. He has 30+ years of embedded software development experience. He has worked for 20+ years as a government defense contractor developing embedded systems. He has worked 10+ years in the commercial sector on mobile devices, network devices, network access points and IPTV set-tops. Max has a love of the outdoors. He plays tennis, hikes, bikes and is always training for his next triathlon. He has an undergraduate education in Computer Science with graduate work in Computer Security and Info Assurance.


Return to Index    -    Add to    -    ics Calendar file

 

PHVW - Bally's - Indigo Tower - 26th Floor - Friday - 09:00-11:59


Reverse Engineering Malware 101

Amanda Rousseau, Facebook

This workshop provides the fundamentals of reversing engineering (RE) Windows malware using a hands-on experience with RE tools and techniques. Attendees will be introduced to RE terms and processes, followed by basic x86 assembly, and reviewing RE tools and malware techniques. It will conclude by attendees performing a hands-on malware analysis that consists of Triage, Static, and Dynamic analysis.

Prerequisites: Basic understanding of programming C/C++, Python, or Java

Amanda Rousseau (Twitter: @malwareunicorn) absolutely loves malware. She was as a Senior Malware Researcher at Endgame who focused on dynamic behavior detection both on Windows and OSX platforms. She worked as a malware researcher at FireEye before joining Endgame. She previously worked a reverse engineer and computer forensic examiner working for DoD forensic investigations and commercial incident response engagements. She received her MS in Information Systems Engineering from Johns Hopkins University. Research interests include malware evasion techniques, dynamic behavior classification, and developing runtime detections.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - London Club - Friday - 22:00-25:59


Title:
SecKC the work, Again party

SecKC is back. But this time, they're shooting for the stars! Roll up on your favorite thoroughbred and make sure to bring your intergalactic western gear. Outlaws and sheriffs alike are welcome!

This party is happening in a beautiful old cabaret club that will be getting the SecKC mojo treatment ;) And music will be provided by none other than Keith Myers, Archwisp, and Professor S! Come join us for dancing, games, and other various shenanigans. The party starts at 10:00 and goes until the last hacker leaves!

SECKC THE WORLD, AGAIN

Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Friday - 15:25-15:50


Speaker: Jane Miceli

Twitter: @janemiceli

Abstract: Learn about a breach, what happens in the aftermath and why I can't tell my peers what happen. Learn the fallout and more importantly what application developers aren't thinking about.

About Jane: Enterprise Cloud Architect, 9 years exp in cloud, former lead cloud SRE


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Friday - 17:30-17:59


Serverless Log Analysis On AWS

Friday 17:30, Savoy Ballroom, Flamingo (Blue Team Village) (30M)

@gkapoglis an Incident Responder at Verizon Media where I have the chance to work on complex problems at scale! I am originally from Greece and have been living in the US for the past 4 years. Got my Master’s in Cybersecurity from Stevens Institute of Technology in Hoboken NJ and hold GCIH and GNFA from GIAC.

In this talk we will go over traditional log analysis methods for AWS Cloudtrail logs and why we needed to find a better way of performing such investigations. We will then dive into AWS Athena which is essentially a serverless hive on the cloud “too many buzzwords alert” and how we use it to perform log analysis on the cloud under a centralized, efficient and transparent framework. We will go over use cases and examples of investigations, showcase investigations and showcase how Athena helped us perform more efficiently than the traditional methods mentioned before. Additionally, we will mention use cases for other type of log analysis like apache access logs, ELB and ALB logs, etc. Lastly, we will demo AWS Athena and analyze over 50GB of logs in under 1 minute, all done on the cloud serverless without the need to spin up any instances or servers. In the end, we will describe the countless possibilities for future work which include, automation, threat hunting and continuous monitoring of your AWS environment.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Friday - 15:30-16:20


Friday August 09 2019 1530 50 mins
SEVillage – 10 Year Anniversary – a Look Back at what has changed
It was 10 years ago it all started in a tiny little squalid room. Hundreds of people packed in to see a new type of event – one that made headlines and scared the world. 10 years later – what has changed, where are we? what can we learn from the last decade?

Chris Hadnagy: @humanhacker
Chris is a professional social engineer with over 17 years of experience. His passion is understanding the why not just the what. Chris has had the opportunity to work with some of the world’s greatest minds in learning how to use skills that might not be too common to be infused in this industry. You can find out more by looking at www.social-engineer.com


Return to Index    -    Add to    -    ics Calendar file

 

LBV - Flamingo - Carson City II Room - Friday - 13:00-13:59


Title:
So You Want to Rob a Bank: Overt Ops Timing & Practise


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 12:20-12:45


LIGHTENING TALK

Social Media: The New Court of Public opinion (exploring the effects of social media and out unconscious bias)

1220 - 1245


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 6 - Friday - 10:00 - 11:50


soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend

Friday from 10:00 – 11:50 in Sunset 6 at Planet Hollywood
Audience: Offense: Mobile Application Pentesters, Hackers Defense: Cloud Backend Operators Mobile Application Developers who use cloud SDK

Hyunjun Park & Soyeon Kim

Mobile app developers are increasingly using cloud services to implement features such as storage, push notifications, and user data analysis. Popular cloud service including AWS provides SDK and credential keys that allow mobile apps to authenticate and authorize cloud resources so that developers can implement features by calling APIs. However, we identify a vulnerability that those credential keys can be obtained by attackers. Within this demo, we will present how to steal cloud credential keys with soFrida: a dynamic analysis tool, powered by Frida. With soFrida, security researchers or engineers can quickly collect Android APKs and analyze cloud vulnerabilities in Android apps, helping to prevent serious security incidents such as data leaks. We have discovered 2,700 potentially vulnerable mobile apps by using soFrida and currently collaborate with the cloud service provider to eliminate security vulnerabilities. Detailed statistics can be found on our website:https://sofrida.github.io

https://sofrida.github.io

Hyunjun Park
Hyunjun Park is a senior engineer of Samsung SDS in South Korea and a graduate student of SANE Lab at Korea University (Supervisor: Seungjoo Gabriel Kim). His daily job is pentesting a broad range of Samsung products including smartphone, smart TV, wearable devices, etc. He also serves as the main staff of Kimchicon Security Conference in South Korea.

Soyeon Kim
Soyeon Kim is a security researcher of Samsung SDS in South Korea. She is mainly doing a security assessment of Samsung IoT products. She is interested in analyzing Android apps and IOS apps using Frida.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 3 - Friday - 12:00 - 13:50


Spartacus as a Service (SaaS)

Friday from 12:00 – 13:50 in Sunset 3 at Planet Hollywood
Audience: Offense for the end user

Mike Kiser

The Third Servile War was over. The slave army has been defeated, and the survivors are offered a pardon by their Roman captors. The only requirement was that they identify Spartacus, their leader (Kirk Douglas). Rather than give away his identity, however, they all begin to yell out "I'm Spartacus!"—thus preserving his anonymity by overwhelming the Romans with possibilities. (Spoiler alert: they all die as a result.) "Spartacus as a Service (SaaS)" is an open-source proof-of-concept is introduced that facilitates these obfuscation techniques. This will allow for automatic obfuscation of a chosen identity on a small scale, and lessons learned from its usage will be discussed. Current version at: https://github.com/derrumbe/Spartacus-as-a-Service Open-source tool written largely in Node.js under an MIT license OAuth is used for authentication and authorization Content is generated via a Markov chain using sources such as Jane Austen, political platforms, and Aaron Franklin’s book on BBQ Amazon Mechanical Turk may be used to circumvent captchas Note that this is not a tool that *prevents* targeted advertising — instead it seeks to dilute the value of information that companies know about a user. It obfuscates the real content so that outsiders cannot tell what the real content (or in some cases, who the person) actually is.

https://github.com/derrumbe/Spartacus-as-a-Service

Mike Kiser
Mike Kiser is insecure. He has been this way since birth, despite holding a panoply of security roles over the past 20 years—that might imply otherwise. In spite of this, he has designed, directed, and advised on large-scale security deployments for a global clientele. He is currently in a long-term relationship with fine haberdashery, is a chronic chronoptimist (look it up), and delights in needlessly convoluted verbiage. He is obsessed with identity’s role in security and is the co-host of a podcast illuminating all things identity. He warmly embraces the notion that security is more of a state of mind than a destination.


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Mezzanine Stage - Friday - 15:05-16:30


Title:
SpellCheck: The Hacker Spelling Bee

Forum

Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Friday - 14:50-15:25


Speaker: Pratik Shah

Twitter: @7echSec

Abstract: This talk familiarize the attendees with different techniques and approach of cloud hacking. We will start from the very basic and gradually build-up to the level where we will look into different cloud architecture and common issues/misconfigurations identified in them. The complete focus of this talk would be to explain cloud hacking methodology and cover well-known attacks around the cloud infrastructure.

In this talk, we will discuss some interesting case studies and we'll understand the root cause. We will also talk about different techniques which can lead to gaining an initial foothold and then we will look into multiple post-exploitation techniques.

About Pratik: Pratik is an information security enthusiast with a strong interest in infrastructure penetration testing, web application security assessments and cloud penetration testing, which has led to extensive penetration testing experience for Fortune 500 companies involving web applications, networks, Infra, and Red Team. Pratik took part in multiple Bug Bounty programs and in over the years he has reported multiple vulnerabilities through HackerOne, Synack Red Team, and Cobalt Core. He has also contributed to Metasploit exploit development (written exploit for Windows local privilege escalation).


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 12:00-12:59


StegoAugmented Malware

Mike Raggo, CSO at 802 Secure
Chet Hosmer, Owner of Python Forensics

As adversaries look for new methods of creating malware, steganography has seen a resurgence. In this session, we'll review this black art and uncover recent steganographic malware weaponizing techniques. We'll cover techniques that include file and image embedding techniques invisible to malware and intrusion detection systems, methods of exploiting weak networking protocols for covert communications, mischievous IoT devices, and cloud data hiding methods. But we don't stop there, our organic research has uncovered numerous other ways in which malware could be embedded in an effort to prepare threat researchers with the knowledge to improve their tools and fortify their networks.

Mike Raggo (Twitter: @DataHiding) is Chief Security Officer at 802 Secure and has over 20 years of security research experience. His current focus is wireless IoT threats impacting the enterprise. Michael is the author of "Mobile Data Loss: Threats & Countermeasures" and "Data Hiding" for Syngress Books, and contributing author for "Information Security the Complete Reference 2nd Edition". A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, DoD Cyber Crime, OWASP, HackCon, and SANS.

Chet Hosmer (Twitter: @chethosmer) is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Friday - 16:00-16:30


Surveillance Detection Scout - Your Lookout on Autopilot

Friday at 16:00 in Track 3
20 minutes | Demo, Tool

Truman Kain Sr. Information Security Analyst at Tevora

Surveillance detection routes are a daily occurrence for clandestine operatives and agents all over the world. These mentally taxing counter-surveillance measures often mean the difference between life and death. Surveillance Detection Scout hopes to ease that burden. Scout currently supports Tesla Models S, 3 and X, running license plate recognition on 3 camera feeds to alert you in real time if you're being followed. When you park, Scout remains vigilant, implementing familiar face detection as well. By combining timestamped vehicle location data & video, computer vision and an intuitive web interface, it becomes apparent that Scout has just as many offensive as defensive applications. Over time, SDS captures and reports on observed patterns of life, allowing you to quickly gain an overview of your surroundings (or your target) with minimal effort. Whether you're conducting or evading surveillance, Scout has got your 6.

Truman Kain
Truman Kain has a background in design and marketing, which he utilized to develop Dragnet, an intuitive, AI-powered social engineering framework released at DEF CON 26. This year, he has combined his machine learning and design experience to make Surveillance Detection Scout look and feel as OEM as possible.

Twitter: @trumankain


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Friday - 17:40-18:09


Friday August 09 2019 1740 30 mins
Swing Away: How to Conquer Impostor Syndrome
“It is estimated that nearly 70% of people will experience signs or symptoms of Impostor Syndrome.” Too many people get stuck in a self-doubt loop. This is when feelings of being an impostor creep in. Billy Boatright is part of the nearly 30% that have not. Billy will share with you how an early failure and a “pep talk” from an all-time great has allowed him to avoid persistent feelings of self-doubt. Whether it’s your next social engineering engagement or giving a talk at a conference, Billy will also share ways that can help us all avoid the self-sabotage of Impostor Syndrome. Billy will also dive into the “Hero Worship” culture that social media created.

Billy Boatright: @fuzzy_l0gic
Billy began his social engineering career without even knowing it. He was a bartender on the Las Vegas Strip for the better part of a decade. He won numerous awards from all over the world as a Top-ranked Flair Bartender. He has taken the skills he learned behind the bar to the Information Security world. Billy has been a Judge for the Social Engineering Capture the Flag event at Defcon. He is also the namesake for the BSides Las Vegas Social Engineering Capture the Flag Championship Belt. Billy also volunteers time and expertise to the Las Vegas ISSA Chapter as a Board Member. He is also a member of the BSides Las Vegas Senior Staff.

Billy has multiple degrees and numerous certifications. However, when asked about them he will gladly quote George Moriarty, “The shining trophies on our shelves can never win tomorrow’s game.”


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 6 - Friday - 12:00 - 13:50


TaintedLove

Friday from 12:00 – 13:50 in Sunset 6 at Planet Hollywood
Audience: AppSec

Benoit Côté-Jodoin

TaintedLove is a dynamic security analysis tool for Ruby. It leverages Ruby's object tainting and monkey patching features to identify potentially vulnerable code paths at runtime. TaintedLove is library agnostic and provides a simple framework to extend the detection of unsafe method usage and user input tracking.

https://github.com/shopify/tainted_love

Benoit Côté-Jodoin
Benoit is an Application Security Engineer at Shopify having a strong interest in web application security and vulnerability research. Sometimes an active CTF player, he has taken part in multiple competitions with the team DCIETS/NorthernCoalition.


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 13:00-13:59


The Art of Detection

Jay Dimartino, Head of Detections and Countermeasures at Fidelis Cybersecurity

Ever inherited a security rule you were afraid to modify? Ever import a Yara rule only to have the alerts blow up in your face? Does your SEIM or security appliance keep you up at night with email alerts? The Art of Detection focuses on the methodology of writing and sharing accurate detections to make you a better detection author. Gain confidence in managing false positives, learn rule sharing best practices, tackle large monolithic detections, and write detections that feed other detections. Learn the importance of your intelligence test data, and if your intelligence streams could be causing bias.

Jay Dimartino is a Threat Researcher for Fidelis Cybersecurity and Head of Detections & Countermeasures. He has been doing Malware Reverse Engineering for over nine years and also has several industry certifications including the GREM and GCFA.


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Friday - 17:10-17:59


The CryptoCurrency Security Standard (CCSS)

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Friday - 17:00-17:30


The Cyber Threat Intelligence Mindset

Friday 17:00, Savoy Ballroom, Flamingo (Blue Team Village) (30M)

@ch33r10 works for a Financial Services Fortune 500 Company. She is a graduate of the SANS 2017 Women’s Academy, has an MBA in IT Management, and currently holds the CFR, GSEC, GCIH, GCFE, GMON, GDAT, and GPEN certifications. She is a member of the Financial Services Information Sharing and Analysis Center (FS-ISAC), Yara Exchange, and FuzzySnugglyDuck. @ch33r10 serves as an Advisor for a Cybersecurity Apprenticeship Program in Chicago and she is on the Advisory Board of SANS EMEA CyberThreat 2019 with the National Cyber Security Centre in London and SANS Purple Team Summit.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Friday - 16:00-16:30


The JOP ROCKET: A Supremely Wicked Tool for JOP Gadget Discovery, or What to Do If ROP Is Too Easy

Friday at 16:00 in Track 4
20 minutes | Demo, Tool

Dr. Bramwell Brizendine Assistant Professor of Computer and Cyber Sciences, Dakota State University

Dr. Joshua Stroschien Assistant Professor of Cyber Security/Network & Security Administration, Dakota State University

Return-oriented Programming (ROP) has been the predominate code-reuse attack for over a decade, but there are other options. Many mitigations can detect ROP due to heuristics, but these fail to detect Jump-oriented Programming (JOP). The JOP ROCKET is a reverse engineering framework dedicated to facilitating JOP exploits. It allows hackers to discover JOP gadgets. This includes dispatcher gadget's, which helps to subvert and direct the control flow, and functional gadgets, our primitives. This tool provides numerous options to give hackers flexibility on how to find gadgets, to narrow and expand possibilities. Additionally, the tool uses opcode-splitting to discover many unintended gadgets. All gadgets are classified based on operation as well as registers used and affected. Thus, hackers could easily obtain the desired functional gadgets, such as MOV EBX, [VALUE], using simple language commands. Because of JOP's much more complex set up, the tool provides this classification, so time isn’t wasted hunting through results.

JOP is rarely done in the wild. Part of that complexity is in set up, but another part is the lack of dedicated tools. Having to find JOP gadgets manually could be time-consuming and require expertise. JOP ROCKET simplifies that, allowing the JOP gadgets to be found quickly and easily.

This talk will give brief content on ROP, and then it introduces JOP and its history. Then we will dive into JOP ROCKET, discussing its features, how to use it to find JOP gadgets, and how to set up your own JOP exploit. We will then demo the tool.

Dr. Bramwell Brizendine
Dr. Bramwell Brizendine graduated with a Ph.D. in Cyber Operations in May, 2019. He holds master's degrees in Computer Science and Information Assurance. Bramwell is a professor at Dakota State University where he teaches topics such as reverse engineering, software exploitation, and malware analysis. Bramwell is the creator of the the JOP ROCKET, or the Jump-oriented Programming Reversing Open Cyber Knowledge Expert Tool. Bramwell has been interested in code-reuse attacks for several years. Bramwell was overcome by the urge to present a tool that made JOP more practical and useful for hackers who may wish to attempt using this more arcane class of code-reuse attacks. The JOP ROCKET is a by product of his doctoral dissertation.

Dr. Joshua Stroschien
Dr. Josh Stroschien is a professor at Dakota State University. Dr. Josh Stroschein teaches undergraduate and graduate courses in cyber security with a focus on malware analysis, reverse engineering and software exploitation. His research interests include malware analysis and software exploitation. Outside of DSU, you can find Josh providing training at such venues as DerbyCon, Hack-In-The-Box and ToorCon.

Website: https://0xevilc0de.com


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 10:20-10:59


KEYNOTE

The OSINT Space is Growing! Are we Ready?

1020 - 1100


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Friday - 11:00-11:45


The Tor Censorship Arms Race: The Next Chapter

Friday at 11:00 in Track 2
45 minutes | Tool

Roger Dingledine The Tor Project

Tor is a free-software anonymizing network that helps people around the world use the Internet in safety. But who cares how good Tor's privacy is, if your government prevents you from reaching the Tor network?

In the beginning, some countries filtered torproject.org by DNS (so we made website mirrors and an email autoresponder for downloading Tor), and then some countries blocked Tor relays by IP address (so we developed bridges, which are essentially unlisted relays), and then some countries blocked Tor traffic by Deep Packet Inspection (so we developed pluggable transports to transform Tor flows into benign-looking traffic).

Then things got weird, with China's nationwide active probing infrastructure to enumerate bridges, with Amazon rolling over to Russia's threats when Telegram used "domain fronting" to get around blocking, with Turkey blocking Tor traffic by DPI in more subtle ways, with Venezuela and Ethiopia and Iran trying new tricks, and more.

In this talk I'll get you up to speed on all the ways governments have tried to block Tor, walk through our upcoming steps to stay ahead of the arms race, and give you some new—easier—ways that let you help censored users reach the internet safely.

Roger Dingledine
Roger Dingledine is president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online.

Wearing one hat, Roger works with journalists and activists on many continents to help them understand and defend against the threats they face. Wearing another, he is a lead researcher in the online anonymity field, coordinating and mentoring academic researchers working on Tor-related topics. Since 2002 he has helped organize the yearly international Privacy Enhancing Technologies Symposium (PETS).

Among his achievements, Roger was chosen by the MIT Technology Review as one of its top 35 innovators under 35, he co-authored the Tor design paper that won the Usenix Security "Test of Time" award, and he has been recognized by Foreign Policy magazine as one of its top 100 global thinkers.

Twitter: @RogerDingledine


Return to Index    -    Add to    -    ics Calendar file

 

BTVW - Flamingo - 3rd Floor- Savoy Room - Friday - 09:00-12:59


Threat Hunting With The Elastic Stack

Friday 09:00, Savoy Ballroom, Flamingo (Blue Team Village) (4H)

@CyberPraesidium brings over 12 years of diverse experience in cyber security, IT, and law. He leads Polito's commercial services including vulnerability assessments, penetration testing, incident response, forensics, and threat hunting. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients. He holds CISSP, GCFA, GWAPT, and Splunk Power User certifications.

@politoinc has over 10 years of federal and commercial expertise in the field of Endpoint and Mobile based Intrusion Detection and Protection, Network Security, e-Discovery, Mobile Application Security, and Penetration Testing. Jeffrey holds a Masters of Science in Digital Forensics from George Mason Univ. along with a Bachelors in Business IT from St Johns Univ. Jeffrey also has earned certifications such as GIAC Certified Forensic Analyst, Encase Examiner and Encase E-Discovery, Xways, and Cellebrite Certifications.

With all new logs and revamped material from our 2018 workshop, this year's hands-on training will walk attendees through leveraging the open source ELK (Elastic) stack to proactively identify malicious activity hiding within diverse data sets. The basic tools and techniques taught during this class can be used to investigate isolated security incidents or implemented at scale for continuous monitoring and threat hunting. Attendees will be provided with access to a preconfigured ELK cluster and extensive sample logs containing malicious events waiting to be discovered on a simulated enterprise network. New for this year, attacker artifacts will be mapped to the MITRE ATT&CK Framework and tagged accordingly in the provided logs to help demonstrate the value of log enrichment, showcase both common and novel real-world attacker TTPs, and leverage a methodological approach to adversary and anomaly detection. Emphasis will be placed on live demos and practical training exercises throughout. The training will conclude with a friendly CTF tournament to give attendees the opportunity to collaborate and compete on teams in order to put their learning into practice and win some prizes.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Red Rock III - Friday - 10:00-13:59


Understanding and Analyzing Weaponized Carrier Files

Friday, 1000-1400 in Flamingo, Red Rock III

Ryan Chapman Incident Response Analyst

Weaponized carrier files, such as PDF and Office docs, are used in various attack campaigns in order to compromise victims. In this workshop, we'll cover the file formats, associated weaponization methods, and analysis techniques of the attack code used with these types of files. We'll pull apart PDF object streams, deobfuscate JavaScript code, and analyze PDf-based attacks. For Office docs, we'll review the OLE file format; take a gander at VBA-based macros; extract, deobufscate, and debug the VBA code; and identify indicators of compromise. We'll be using a Windows-based malware VM along with tools such as oledump, PDFStreamDumper, the MS VBA Editor, and more!

Skill Level Intermediate

Prerequisites: This workshop will cover the file formats for both PDF and Office (e.g. docx) files. If you've never analyzed such a file for maliciousness, fear not! We'll be covering the basics. If you have programming/scripting experience, great. If not, don't worry. If you have worked to deobfuscate code, fantastic. If not, meh.

Materials: You will want to bring a laptop equipped with the following: - The laptop will probably need at least 4GB of RAM, as you'll need to be able to run your host OS (doesn't matter which, I and my room proctors can help with any of them) along with a Windows 10 VM.
- Please try to have a USB port available. I will have USB 3.0 drives with me the day of the workshop. These drives will be FAT-formatted (nothing fancy) and contain the files required for the workshop. I will also pop the files on to a cloud-based file sharing service well ahead of the workshop for folks whom like to setup early. - VM software! You'll need software to run a VM, such as VMware or VirtualBox. Doesn't matter if you're on a Mac with VMware Fusion, Windows, Linux, whatever. As long as you can run a VM (and take at least one snapshot), we're solid!
- If you do not have a Windows 10 malware analysis machine, please check out https://www.microsoft.com/en-us/evalcenter/evaluate-windows, as you can grab a trial of Windows that will work just fine for this workshop
- Speaking of MS products, you're going to want (in order to follow along with VBA file debugging), a copy (evaluation version works fine) of MS Office. Version doesn't really matter, but the more recent the better. Again, check out the MS Evaluation center for a copy of Office that you can use: https://www.microsoft.com/en-us/evalcenter/evaluate-office-365-proplus
- Python! You'll want to have Python installed (2.7.x preferred). I'll have an offline installer available should you need it (make sure you have that USB port available!)
-- I'll be providing some Python-based scripts for analysis, along with some tools such as PDFStreamDumper ahead of the workshop. I will provide direct links to the files as provided by the developers. I will also be providing carrier file samples ahead of time and on the workshop USB.

Max students: 90

Registration: https://www.eventbrite.com/e/understanding-and-analyzing-weaponized-carrier-files-red-rock-iii-tickets-63608133640
(Opens 8-Jul-19)

Ryan Chapman
Ryan Chapman is an incident response (IR) analyst with a background in host and network forensic analysis; malware analysis; threat intelligence; and all the other fun facets of the blue team realm. Prior to working in IR, Ryan worked as a technical trainer for many years. Outside of work, Ryan spends time with his family, gets tapped on the jiu jitsu mats, and plays plenty of Street Fighter. Hadouken!


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Rivoli A Ballroom - Friday - 19:30-25:59


Title:
VETCON II

Back again! VETCON is a Party thrown by Veterans for everyone! Come join in as veterans from all branches come together to celebrate and take on challenges that you only hear about in movies. Space force recruiting? Airmen in a chair race? Military drill displays? All this and more. It's time to raise hell the way our people in uniform are famous for.

Twitter: @VetConActual

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 14:00-13:59


Who Belongs Where? How to Effectively Integrate Your Company’s Privacy, Legal, & Security Teams

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Mezzanine Stage - Friday - 22:00-23:59


Title:
Who's Slide is it anyway?

No description available
Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Friday - 16:30-16:59


Friday August 09 2019 1630 30 mins
Why vigilantism doesn’t work
Fighting child abuse is dirty work. Does getting dirty justify the ends? Join our new COO as he discusses the very important topic.

Shane McCombs: @InnocentOrg
McCombs comes to ILF uniquely primed with more than 20 years of experience in the tech industry, combined with more than a decade of experience in C-level roles. In those critical capacities, McCombs led enterprise-wide initiatives within project management, customer relationship management and acquisition, policies and procedures, process improvement, and infrastructure. McCombs is also an accomplished public speaker and trainer, focused on change management, professionalism, social engineering, and corporate security. In the past, McCombs volunteered for the Autism Hope Alliance and currently donates his time to local business as a trusted advisor.


Return to Index    -    Add to    -    ics Calendar file

 

PHVW - Bally's - Indigo Tower - 26th Floor - Friday - 12:15-14:15


Wireshark for Incident Response & Threat Hunting

Michael Wylie, Director of Cybersecurity Services, Richey May Technology Solution

This workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the workshop, we’ll examine what different attacks and malware look like in Wireshark. Students will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network. There will be plenty of take home labs for additional practice.

Michael Wylie (Twitter: @TheMikeWylie) is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, Moorpark College, California State Universities, and for clients around the world. Michael is the winner of the SANS Continuous Monitoring and Security Operations challenge coin and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more.


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Friday - 17:00-17:59


Your Phone is Using Tor and Leaking Your PII

Milind Bhargava, Manager at Deloitte Canada
Adam Podgorski, Manager at Deloitte Canada

Do you have a cellphone? Do you run apps on it? Your personal information is most probably traversing over TOR without your knowledge or consent. As part of our research, we identified a surprising amount of unencrypted, sensitive and confidential user data originating from mobile devices traversing the TOR network, which included: GPS coordinates, WiFi BSSID, and general keys typed by the user. In some cases, we were able to build a complete user profile from physical movements to purchasing habits. At the end of the day, how comfortable are you that anyone can track you?

Milind Bhargava is a Manager with Deloitte's Risk Advisory team where he performs security audits and assessments, leads the incident response team. He also leads his own security consulting company that is known for Darknet Threat Intelligence Research.

Adam Podgorski is a Manager at Deloitte Canada. He has managed and lead the delivery of a broad range of IT strategies and multiple technical advisory engagements. He presented at Black Hat in 2017.


Return to Index    -    Add to    -    ics Calendar file