One Schedule to Rule them All!


Welcome to the "One Schedule to Rule them All!". Thank you for your interest by using this. This is an attempt to make things easier for you, the DEF CON attendee, to figure out the when/what/where during the chaos of DEF CON 26.

It started out simple. I had a Kindle and wanted an ebook of the schedule so I didn't have to wear out the paper pamphlet by pulling it out after every talk to figure out where to go next. Back then there was only the main DEF CON tracks, not really any Villages, and production of the ebooks were easy. Over time the Village system developed with a resulting multiplication in complexity, both for attendees and for my production. The offerings have expanded from epub and mobi formats and now include html, csv, ical, public Google calendar, and mysql dump format files. Hopefully you'll find something of use.

The intent is still to be a resource to answer the question at the end of an hour of "What's next?"

As a general rule I do not include:

Be sure to check out the Links section at the bottom of this. Most all of the events listed here were derived from these links. There is much more going on at DEF CON than what is listed here. In particular check out the Villages, Parties & Meetups, Contest & Events, and defconparties pages.

Check out the Guides/Tips/FAQs links if you're new to Las Vegas.
Notable suggestions are:

And finally, this is only as good as the ideas and information used to generate it. I welcome your constructive suggestions and comments. Please send them to qumqats@outel.org

Have a good time at DEF CON 26!


Index of DEF CON 26 Activities


Venue Maps
Locations Legends and Info
Schedule   - Thursday  - Friday  - Saturday  - Sunday
Speaker List
Talk Title List
Talk Descriptions
DEF CON News
DEF CON 26 FAQ
DEF CON FAQ
Links to DEF CON 26 related pages

Venue Maps



Full Size PDF from defcon.org

Full Size PDF from defcon.org

Full Size PDF from defcon.org

Linq Workshops


Far end of hall from Casino escalators

View Full Caesars Page to see where this is.


Near end of hall from Casino escalators

View Full Caesars Page to see where this is.


Far end of hall from Casino escalators

View Full Caesars Page to see where this is.


Near end of hall from Casino escalators

View Full Caesars Page to see where this is.


View Full Caesars Page to see where this is.


View Full Caesars Page to see where this is.


View Full Caesars Page to see where this is.


Flamingo Village Wing

View Full Flamingo Page to see where this is.


Flamingo 101 Wing

View Full Flamingo Page to see where this is.


Locations Legends and Info


AIV = Artifical Intellegence Village
     Caesars Promenade Level - Florentine BR 3 - behind Registration

BCOS = Blockchain & Cryptocurrency Open Security Village
     Caesars Promenade Level - Pompeian BR 1 - by Info Booth and Elators

BHV = Bio Hacking Village
     Caesars Promenade Level - Pisa/Palermo/Siena Rms - Middle of long hallway

BTV = Blue Team Village
     Flamingo 3rd Flr - Savoy Rm

CAAD = CAAD Village
     Flamingo Lower Level - Lake Mead Rms

Chip Off Village
     Caesars Pool Level - Tribune Rm - next to Info Booth near escalators

CHV = Car Hacking Village
     Flamingo Lower Level - Red Rock Rm 1-5 - Right Side of hallway

Contest Area
     Caesars Emperor's Level - Agustus BR - far end of long hallway

CPV = Crypto Privacy Village
     Caesars Promenade Level - Milano BR 1,2 - far end of long hallway

DC = DEF CON Talks
     Track 101 - Flamingo 3rd Flr - Sunset BR
     Track    1 - Caesars Emperor's Level - Palace BR - top of escalator
     Track    2 - Caesars Promenade South - Octavius BR 12-24 - far end from escalator
     Track    3 - Caesars Pool Level - Forum BR 1-11,25 - near excalator

Deaf Con Village
     Caesars Pool Level - Patrician Rm - next to Info Booth near escalators

DDV = Data Duplication Village
     Caesars Promenade Level - Capri Rm - Across from Registration

DL = DEF CON DemoLabs
     Caesars Promenade Emperor's Level - Tables outside Track 1

Drone Warz Village
     Caesars Pool Level - Abruzzi Rm - far end from escalators around corner

EHV = Ethics Village
     Caesars Promenade Level - Modena Rm - Middle of long hallway

HHV = Hardware Hacking Village
     Caesars Pool Level - Forum 17-19 - far end from escalators around corner

ICS = Industrial Control Systems Village
     Flamingo Lower Level - Red Rock Rm 6-8 - Left side of hallway

IOT = Internet Of Things Village
     Caesars Promenade Level - Turin/Verona/Trevi Rms - Middle of long hallway

Laser Cutting Village
     Caesars Pool Level - Calibria Rm - far end from escalators around corner

Lockpicking Village
     Caesars Pool Level - Forum 24 - far end from escalators

Mobile Museum
     Caesars Promenade Level - Florentine BR 4 - behind Registration

RCV = Recon Village
     Caesars Promenade Level - Florentine BR 1,2 - behind Registration

Rootz Asylum
     Caesars Promenade Level - Milano BR 3,4 - far end of long hallway

SEV = Social Engineering Village
     Caesars Promenade South - Octavius BR 3-8 - near excalator

SKY = 303 SkyTalks
     Flamingo 3rd Flr - Virginia City Rm

Soldering Skills Village
     Caesars Pool Level - Forum 20,21 - far end from escalators around corner

Tamper Evident Village
     Caesars Pool Level - Forum 24 - far end from escalators

PHV, PHW = Packet Hacking Village / Wall of Sheep; Talks and Workshops
     Caesars Promenade Level - Neopolitan BR - far end of long hallway

PPV = Puff Puff Village
     Flamingo Lower Level - Valley Of Fire Rms

Vendors Area
     Caesars Promenade South - Octavius BR 25

WLV = Wireless Village
     Caesars Promenade Level - Milano BR 5,6 - far end of long hallway

WS = DEF CON Workshops - All Workshops are at the Linq Hotel
     Linq 4th Flr - Icon A-G Rms

VMHV = Voting Machine Hacking Village
     Caesars Pool Level - Forum 14-16 - far end from escalators

Talk/Event Schedule


Thursday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Thursday - 06:00


Return to Index  -  Locations Legend
Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Defcon 26 4X5K run -

 

Thursday - 10:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - ThinSIM-based Attacks on Mobile Money Systems - Rowan Phipps
WS - Linq 4th Flr - Icon A - Guided Tour to IEEE 802.15.4 and BLE Exploitation - Arun Mane, Rushikesh D. Nandedkar
WS - Linq 4th Flr - Icon B - Pentesting ICS 101 - Alexandrine Torrents, Arnaud SOULLIÉ
WS - Linq 4th Flr - Icon C - Where's My Browser? Learn Hacking iOS and Android WebViews - David Turco, Jon Overgaard Christiansen
WS - Linq 4th Flr - Icon D - Finding Needles in Haystacks - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - Building Autonomous AppSec Test Pipelines with the Robot Framework - Abhay Bhargav, Sharath Kumar Ramadas
WS - Linq 4th Flr - Icon F - Packet Mining for Privacy Leakage - Dave Porcello, Sean Gallagher

 

Thursday - 11:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program - Guang Gong, Wenlin Yang, Jianjun Dai
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Guided Tour to IEEE 802.15.4 and BLE Exploitation - Arun Mane, Rushikesh D. Nandedkar
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Pentesting ICS 101 - Alexandrine Torrents, Arnaud SOULLIÉ
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Where's My Browser? Learn Hacking iOS and Android WebViews - David Turco, Jon Overgaard Christiansen
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Finding Needles in Haystacks - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Building Autonomous AppSec Test Pipelines with the Robot Framework - Abhay Bhargav, Sharath Kumar Ramadas
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Packet Mining for Privacy Leakage - Dave Porcello, Sean Gallagher

 

Thursday - 12:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Ring 0/-2 Rootkits: bypassing defenses - Alexandre Borges
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - Promether, 1st Party of Defcon -
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Guided Tour to IEEE 802.15.4 and BLE Exploitation - Arun Mane, Rushikesh D. Nandedkar
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Pentesting ICS 101 - Alexandrine Torrents, Arnaud SOULLIÉ
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Where's My Browser? Learn Hacking iOS and Android WebViews - David Turco, Jon Overgaard Christiansen
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Finding Needles in Haystacks - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Building Autonomous AppSec Test Pipelines with the Robot Framework - Abhay Bhargav, Sharath Kumar Ramadas
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Packet Mining for Privacy Leakage - Dave Porcello, Sean Gallagher

 

Thursday - 13:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - A Journey Into Hexagon: Dissecting a Qualcomm Baseband - Seamus Burke
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(12:00-14:30) - Promether, 1st Party of Defcon -
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Guided Tour to IEEE 802.15.4 and BLE Exploitation - Arun Mane, Rushikesh D. Nandedkar
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Pentesting ICS 101 - Alexandrine Torrents, Arnaud SOULLIÉ
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Where's My Browser? Learn Hacking iOS and Android WebViews - David Turco, Jon Overgaard Christiansen
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Finding Needles in Haystacks - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Building Autonomous AppSec Test Pipelines with the Robot Framework - Abhay Bhargav, Sharath Kumar Ramadas
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Packet Mining for Privacy Leakage - Dave Porcello, Sean Gallagher

 

Thursday - 14:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - WAGGING THE TAIL—COVERT PASSIVE SURVEILLANCE AND HOW TO MAKE THEIR LIFE DIFFICULT - Si, Agent X
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(12:00-14:30) - Promether, 1st Party of Defcon -
WS - Linq 4th Flr - Icon A - (14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - (14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - (14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - (14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - (14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - (14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 15:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Building the Hacker Tracker - Whitney Champion, Seth Law
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - (15:30-17:15) - DEF CON 101 Panel - HighWiz, Nikita, Roamer, Chris "Suggy" Sumner, Jericho, Wiseacre, Shaggy
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 16:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - cont...(15:30-17:15) - DEF CON 101 Panel - HighWiz, Nikita, Roamer, Chris "Suggy" Sumner, Jericho, Wiseacre, Shaggy
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - Toxic BBQ -
Meetup - Caesars - Promenade Level - Livorno/Village Talks Rm - BruCamp -
Meetup - Caesars Palace, Queercon Lounge Suite, Rm TBA - Queercon Mixer -
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 17:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - cont...(15:30-17:15) - DEF CON 101 Panel - HighWiz, Nikita, Roamer, Chris "Suggy" Sumner, Jericho, Wiseacre, Shaggy
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -
Meetup - Caesars - Cafe Americano - [Networking/Social] Blackhat/DefCon Meet-up at Cafe Americano -
Meetup - Caesars - Promenade Level - Anzio Rm past Registration - Hacking for Special Needs -
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
Meetup - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(16:00-17:59) - Queercon Mixer -
Night Life - Flamingo - 3rd floor - Track 101 Sunset BR - n00b Party -
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 18:00


Return to Index  -  Locations Legend
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -
Meetup - Caesars - Cafe Americano - cont...(17:00-18:59) - [Networking/Social] Blackhat/DefCon Meet-up at Cafe Americano -
Night Life - Flamingo - 3rd floor - Track 101 Sunset BR - cont...(17:00-18:59) - n00b Party -
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 19:00


Return to Index  -  Locations Legend
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -

 

Thursday - 20:00


Return to Index  -  Locations Legend
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - Quiet Party -
Night Life - Rockhouse Bar 3370 S Las Vegas Blvd - DEF CON 26: Bugcrowd House Party -

 

Thursday - 21:00


Return to Index  -  Locations Legend
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:00-23:45) - Quiet Party -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - YurkMeister -
Night Life - Rockhouse Bar 3370 S Las Vegas Blvd - cont...(20:00-23:59) - DEF CON 26: Bugcrowd House Party -

 

Thursday - 22:00


Return to Index  -  Locations Legend
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:00-23:45) - Quiet Party -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - OS System -
Night Life - Rockhouse Bar 3370 S Las Vegas Blvd - cont...(20:00-23:59) - DEF CON 26: Bugcrowd House Party -

 

Thursday - 23:00


Return to Index  -  Locations Legend
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:00-23:45) - Quiet Party -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - Icetre Normal -
Night Life - Rockhouse Bar 3370 S Las Vegas Blvd - cont...(20:00-23:59) - DEF CON 26: Bugcrowd House Party -

 

Thursday - 24:00


Return to Index  -  Locations Legend
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - DJ v.27 -

 

Thursday - 25:00


Return to Index  -  Locations Legend
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - Acid-T -

 

Thursday - 26:00


Return to Index  -  Locations Legend
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - Tineh Nimjeh -

Friday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Friday - 06:00


Return to Index  -  Locations Legend
Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Defcon 26 4X5K run -
Meetup - Local Bikeshop - 8th Defcon Bike Ride -

 

Friday - 09:00


Return to Index  -  Locations Legend
SKY - Flamingo 3rd Flr - Virginia City Rm - Story Time - Biggest ITSec fuck-ups I've seen over the past 25 years. - Uncle G.

 

Friday - 10:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Opening Remarks - AI Village Organizers
AIV - Caesars Promenade Level - Florentine BR 3 - (10:20-10:40) - Adversarial Patches - Sven Cattell
AIV - Caesars Promenade Level - Florentine BR 3 - (10:40-11:20) - Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification - Mark Mager
BCOS - Caesars Promenade Level - Pompeian BR 1 - Welcome to the BCOS Monero Village - To be announced
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - WELCOME TO BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (10:15-11:30) - Keynote Presentation: Avoiding Trauma, Drama and FUD in Medical Device Disclosure - Jen Ellis
BTV - Flamingo 3rd Flr- Savoy Rm - Automating DFIR: The Counter Future - @rainbow_tables
BTV - Flamingo 3rd Flr- Savoy Rm - (10:40-11:30) - Cloud Security Myths - Xavier Ashe
Contest - Contest Stage - GeekPwn -
CPV - Caesars Promenade Level - Milano BR 1,2 - Welcome
CPV - Caesars Promenade Level - Milano BR 1,2 - (10:30-11:00) - "Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale - Irwin Reyes, Amit Elazari Bar On
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework - Joe Rozner
DC - Track 1 - Caesars Emperor's Level - Palace BR - Welcome To DEF CON & Badge Maker Talk - The Dark Tangent
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - De-anonymizing Programmers from Source Code and Binaries - Rachel Greenstadt, Dr. Aylin Caliskan
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Securing our Nation's Election Infrastructure - Jeanette Manfra
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (10:30-10:50) - Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems - m010ch_
HHV - Caesars Pool Level - Forum 17-21 - Applied Physical Attacks on Embedded Systems, Introductory Version - Joe FitzPatriclk, @arinerron, and @pixieofchaos
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (10:40-11:10) - How can industrial IioT be protected from the great unwashed masses of IoT devices - Ken Keiser, Ben Barenz
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (10:15-10:59) - Internet of Medicine : The ultimate key to Rooting the human being - Veronica Schmitt @Po1Zon_P1x13
PHV - Caesars Promenade Level - Neopolitan BR - Mallet: A Proxy for Arbitrary Traffic - Rogan Dawes
PPV - Flamingo Lower Level - Valley Of Fire Rms - (10:30-10:59) - How to Microdose Yourself - a nurse
Service - Caesars - Promenade Level - Anzio Rm past Registration - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Stalker In A Haystack - MasterChen
WS - Linq 4th Flr - Icon A - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 11:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(10:40-11:20) - Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification - Mark Mager
AIV - Caesars Promenade Level - Florentine BR 3 - (11:20-11:59) - JMPgate: Accelerating reverse engineering into hyperspace using AI - Rob Brandon
BCOS - Caesars Promenade Level - Pompeian BR 1 - Keynote Speech: Inside Monero - Howard (hyc) Chu
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(10:15-11:30) - Keynote Presentation: Avoiding Trauma, Drama and FUD in Medical Device Disclosure - Jen Ellis
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(10:40-11:30) - Cloud Security Myths - Xavier Ashe
BTV - Flamingo 3rd Flr- Savoy Rm - (11:50-12:10) - Effective Log & Events Management - Russell Mosley
Contest - Contest Stage - cont...(10:00-12:59) - GeekPwn -
CPV - Caesars Promenade Level - Milano BR 1,2 - Hamilton's Private Key: American Exceptionalism and the Right to Anonymity - Jeff Kosseff
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - An Attacker Looks at Docker: Approaching Multi-Container Applications - Wesley McGrew
DC - Track 1 - Caesars Emperor's Level - Palace BR - NSA Talks Cybersecurity - Rob Joyce
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - One-liners to Rule Them All - egypt, William Vu
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Lora Smart Water Meter Security Analysis - Yingtao Zeng, Lin Huang, Jun Li
HHV - Caesars Pool Level - Forum 17-21 - cont...(10:00-12:59) - Applied Physical Attacks on Embedded Systems, Introductory Version - Joe FitzPatriclk, @arinerron, and @pixieofchaos
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(10:40-11:10) - How can industrial IioT be protected from the great unwashed masses of IoT devices - Ken Keiser, Ben Barenz
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (11:30-11:59) - IoT Village Keynote - Tales of a SOHOpeful Journey: Where our Research Started and Where it's Going - Rick Ramgattie @RRamgattie and Jacob Holcomb @rootHak42
PHV - Caesars Promenade Level - Neopolitan BR - Rethinking Role-Based Security Education - Kat Sweet
PHW - Caesars Promenade Level - Neopolitan BR - Reverse Engineering Malware 101 - Malware Unicorn
PPV - Flamingo Lower Level - Valley Of Fire Rms - Weed Hacking: A Pragmatic Primer For Home Grows - Cristina Munoz
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe? - Soldier of FORTRAN
VMHV - Caesars Pool Level - Forum 14-16 - Lessons Learned: DEFCON Voting Village 2017 - Jake Braun, Hari Hursti, Matt Blaze
WLV - Caesars Promenade Level - Milano BR 5,6 - Goodwatch Update - Travis Goodspeed
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 12:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Contests, Challenges, and free giveaways - MSvB and midipoet
BCOS - Caesars Promenade Level - Pompeian BR 1 - (12:30-12:59) - Open Source Hardware and the Monero Project - Parasew
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Just what the Doctor Ordered: 2nd Opinions on Medical Device Security - Christian "quaddi" Dameff MD
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(11:50-12:10) - Effective Log & Events Management - Russell Mosley
BTV - Flamingo 3rd Flr- Savoy Rm - (12:30-13:20) - Evolving security operations to the year 2020 - @IrishMASMS
Contest - Contest Stage - cont...(10:00-12:59) - GeekPwn -
CPV - Caesars Promenade Level - Milano BR 1,2 - Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications - Tess Schrodinger
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit - Morgan ``indrora'' Gangwere
DC - Track 1 - Caesars Emperor's Level - Palace BR - Vulnerable Out of the Box: An Evaluation of Android Carrier Devices - Ryan Johnson, Angelos Stavrou
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out! - Orange Tsai
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Who Controls the Controllers—Hacking Crestron IoT Automation Systems - Ricky "HeadlessZeke" Lawshae
EHV - Caesars Promenade Level - Modena Rm - Asking for a Friend - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(10:00-12:59) - Applied Physical Attacks on Embedded Systems, Introductory Version - Joe FitzPatriclk, @arinerron, and @pixieofchaos
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (12:30-12:59) - NEST: Securing the Home - Matt Mahler and Kat Mansourimoaied
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - PacketWhisper: Stealthily Exfiltrating Data and Defeating Attribution Using DNS and Text-Based Steganography - TryCatchHCF
PHW - Caesars Promenade Level - Neopolitan BR - cont...(11:00-12:30) - Reverse Engineering Malware 101 - Malware Unicorn
RCV - Caesars Promenade Level - Florentine BR 1,2 - Opening Note - Shubham Mittal / Sudhanshu Chahuhan
RCV - Caesars Promenade Level - Florentine BR 1,2 - Keynote - From Breach to Bust: A short story of graphing and grey data - Andrew Macpherson
RCV - Caesars Promenade Level - Florentine BR 1,2 - (12:55-13:35) - Emergent Recon - fresh methodology and tools for hackers in 2018 - Jason Haddix
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - Book Signing - Craig Smith - The Car Hacker's Handbook - Craig Smith
SKY - Flamingo 3rd Flr - Virginia City Rm - When Incident Response Meets Reality - Magg
VMHV - Caesars Pool Level - Forum 14-16 - Lunch Keynote: State and Local Perspectives on Election Security - Jake Braun(moderator), Neal Kelley, Jeanette Manfra, Amber McReynolds, Alex Padilla, Noah Praetz
WLV - Caesars Promenade Level - Milano BR 5,6 - BSSI [Brain Signal Strength Indicator] - finding foxis with acoustic help (piClicker) - steve0
WLV - Caesars Promenade Level - Milano BR 5,6 - (12:30-12:55) - RFNoC: Accelerating the Spectrum with the FPGA - Neel Pandeya and Nate Temple
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 13:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - IntelliAV: Building an Effective On-Device Android Malware Detector - Mansour Ahmadi
AIV - Caesars Promenade Level - Florentine BR 3 - (13:20-13:59) - Identifying and correlating anomalies in Internet-wide scan traffic to newsworthy security events - Andrew Morris
BCOS - Caesars Promenade Level - Pompeian BR 1 - A Rundown of Security Issues in Crypto Software Wallets - Marko Bencun
BCOS - Caesars Promenade Level - Pompeian BR 1 - (13:30-13:59) - We Don't Need No Stinkin Badges - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (13:30-14:15) - Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism - Mr. Br!ml3y
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(12:30-13:20) - Evolving security operations to the year 2020 - @IrishMASMS
BTV - Flamingo 3rd Flr- Savoy Rm - (13:40-14:30) - Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet - @jtpereyda
CPV - Caesars Promenade Level - Milano BR 1,2 - cont...(12:00-13:30) - Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications - Tess Schrodinger
CPV - Caesars Promenade Level - Milano BR 1,2 - (13:30-14:00) - Opportunistic Onion: More Protection Some of the Time - Mahrud Sayrafi
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear - zenofex
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - (13:30-13:50) - You can run, but you can't hide. Reverse engineering using X-Ray. - George Tarnovsky
DC - Track 1 - Caesars Emperor's Level - Palace BR - Compromising online accounts by cracking voicemail systems - Martin Vigo
DC - Track 1 - Caesars Emperor's Level - Palace BR - (13:30-13:50) - Dragnet—Your Social Engineering Sidekick - Truman Kain
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Finding Xori: Malware Analysis Triage with Automated Disassembly - Amanda Rousseau, Rich Seymour
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (13:30-13:50) - Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller - Feng Xiao, Jianwei Huang, Peng Liu
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - One-Click to OWA - William Martin
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (13:30-13:50) - Fasten your seatbelts: We are escaping iOS 11 sandbox! - Min (Spark) Zheng, Xiaolong Bai
EHV - Caesars Promenade Level - Modena Rm - Ethics for Security Practitioners - Speaker TBA
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (13:50-14:20) - Behavior-Based Defense in ICS Environments: Leveraging Minor Incidents to Protect Against Major Attacks - Joe Slowik
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (13:15-13:59) - Exploiting the IoT hub : What happened to my home? - Hwiwon Lee and Changhyun Park
PHV - Caesars Promenade Level - Neopolitan BR - Target-Based Security Model - Garett Montgomery
PHW - Caesars Promenade Level - Neopolitan BR - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
PPV - Flamingo Lower Level - Valley Of Fire Rms - Cruising the Cannabis Highway: Major Breaches in Cannabis Software - Rex
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(12:55-13:35) - Emergent Recon - fresh methodology and tools for hackers in 2018 - Jason Haddix
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - Book Signing - Travis Goodspeed - PoC || GTFO - Travis Goodspeed
SKY - Flamingo 3rd Flr - Virginia City Rm - Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun? - William Knowles and James Coote
SKY - Flamingo 3rd Flr - Virginia City Rm - (13:30-13:59) - penetration testing sex toys: "I've seen things you people wouldn't believe" - Renderman
VMHV - Caesars Pool Level - Forum 14-16 - Assessments of Election Infrastructure and Our Understanding and sometimes whY - Robert Karas, Jason Hill
WLV - Caesars Promenade Level - Milano BR 5,6 - Can you hear me now, DEF CON? - Wasabi
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 14:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - It’s a Beautiful Day in the Malware Neighborhood - Matt
AIV - Caesars Promenade Level - Florentine BR 3 - (14:30-15:20) - Malware Panel - @drhyrum, @gradient_janitor, @malwareunicorn, @rharang, @bwall (Moderator)
BCOS - Caesars Promenade Level - Pompeian BR 1 - Hack On The BitBox Hardware Wallet - Stephanie Stroka and Marko Bencun
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(13:30-14:15) - Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism - Mr. Br!ml3y
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (14:15-16:15) - Panel Discussion: The Internet of Bodies - Prof Andrea M. Matwyshyn, Professor of Law, NUSL
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(13:40-14:30) - Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet - @jtpereyda
BTV - Flamingo 3rd Flr- Savoy Rm - (14:50-15:40) - How not to suck at Vulnerability Management [at Scale] - @Plug and mwguy
CPV - Caesars Promenade Level - Milano BR 1,2 - "Probably": an Irreverent Overview of the GDPR - Brendan OConnor
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - UEFI exploitation for the masses - Mickey Shkatov , Jesse Michael
DC - Track 1 - Caesars Emperor's Level - Palace BR - GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs - Christopher Domas
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - 4G—Who is paying your cellular phone bill? - Dr. Silke Holtmanns, Isha Singh
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Revolting Radios - Michael Ossmann, Dominic Spill
EHV - Caesars Promenade Level - Modena Rm - Accountability without accountability: A censorship measurement case study - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(13:50-14:20) - Behavior-Based Defense in ICS Environments: Leveraging Minor Incidents to Protect Against Major Attacks - Joe Slowik
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (14:30-14:59) - How We Cost Our Client £1.2M with 4 lines of code and less than 2 Hours ($2M) - Mike Godfrey
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (14:30-15:15) - Internet of Laws: Navigating to IoT Hacking Legal Landscape - Amit Elazari @amitelazari & Jamie Williams @jamieleewi
PHV - Caesars Promenade Level - Neopolitan BR - Protecting Crypto Exchanges From a New Wave of Man-in-the-Browser Attacks - Pedro Fortuna
PHW - Caesars Promenade Level - Neopolitan BR - cont...(13:00-14:59) - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
PPV - Flamingo Lower Level - Valley Of Fire Rms - The Real History of Marijuana Prohibition - Annie Rouse
RCV - Caesars Promenade Level - Florentine BR 1,2 - (14:40-15:10) - Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - William Suthers
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - cont...(13:00-14:30) - Book Signing - Travis Goodspeed - PoC || GTFO - Travis Goodspeed
Service - Vendors Area - No Starch Press Table - (14:30-15:59) - Book Signing - Tarah Wheeler, with Keren Elazari - Women in Tech - Tarah Wheeler, Keren Elazari
Service - Vendors Area - No Starch Press Table - (14:30-15:59) - Book Signing - Violet Blue - The Smart Girls's Guide to Privacy - Violet Blue
Service - Vendors Area - No Starch Press Table - (14:30-15:59) - Book Signing - Georgia Weidman - Penetration Testing - Georgia Weidman
Service - Vendors Area - No Starch Press Table - (14:30-15:59) - Book Signing - Elissa Shevinsky - Lean Out - Elissa Shevinsky
SKY - Flamingo 3rd Flr - Virginia City Rm - From MormonLeaks to FaithLeaks - Ethan Gregory Dodge
VMHV - Caesars Pool Level - Forum 14-16 - Current Policy Responses to Election Security Concerns - J. Alex Halderman
VMHV - Caesars Pool Level - Forum 14-16 - (14:30-14:59) - A Comprehensive Forensic Analysis of WINVote Voting Machines - Carsten Schurmann
WS - Linq 4th Flr - Icon A - (14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - (14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - (14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - (14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - (14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - (14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 15:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(14:30-15:20) - Malware Panel - @drhyrum, @gradient_janitor, @malwareunicorn, @rharang, @bwall (Moderator)
AIV - Caesars Promenade Level - Florentine BR 3 - (15:20-15:59) - Detecting Web Attacks with Recurrent Neural Networks - Fedor Sakharov
BCOS - Caesars Promenade Level - Pompeian BR 1 - cont...(14:00-15:59) - Hack On The BitBox Hardware Wallet - Stephanie Stroka and Marko Bencun
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - Panel Discussion: The Internet of Bodies - Prof Andrea M. Matwyshyn, Professor of Law, NUSL
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(14:50-15:40) - How not to suck at Vulnerability Management [at Scale] - @Plug and mwguy
CPV - Caesars Promenade Level - Milano BR 1,2 - Hiding in plain sight: Disguising HTTPS traffic with domain-fronting - Matt Urquhart
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Weaponizing Unicode: Homographs Beyond IDNs - The Tarquin
DC - Track 1 - Caesars Emperor's Level - Palace BR - Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010 - Gabriel Ryan
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Playback: a TLS 1.3 story - Alfonso García Alguacil, Alejo Murillo Moya
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Privacy infrastructure, challenges and opportunities - yawnbox
EHV - Caesars Promenade Level - Modena Rm - Responsible Disclosure Panel - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(14:00-17:59) - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - A CTF That Teaches: Challenging the Next Generation of ICS Ethical Hackers - Brandon Workentin
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(14:30-15:15) - Internet of Laws: Navigating to IoT Hacking Legal Landscape - Amit Elazari @amitelazari & Jamie Williams @jamieleewi
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (15:45-16:30) - The Sound of a Targeted Attack: Attacking IoT Speakers - Stephen Hilt @sjhilt
Meetup - Caesars - Palace Suites - Women, Wisdom, & Wine @ DEF CON 26 by IOActive -
PHV - Caesars Promenade Level - Neopolitan BR - Freedom of Information: Hacking the Human Black Box - Elliott Brink
PHW - Caesars Promenade Level - Neopolitan BR - (15:30-16:59) - Finding and Attacking Undocumented APIs with Python - Ryan Mitchell
PPV - Flamingo Lower Level - Valley Of Fire Rms - About the Open Cannabis Project - Beth Schechter
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(14:40-15:10) - Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - William Suthers
RCV - Caesars Promenade Level - Florentine BR 1,2 - (15:15-15:45) - Adventures in the dark web of government data - Marc DaCosta
RCV - Caesars Promenade Level - Florentine BR 1,2 - (15:50-16:10) - How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - Ethan Gregory Dodge
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - cont...(14:30-15:59) - Book Signing - Tarah Wheeler, with Keren Elazari - Women in Tech - Tarah Wheeler, Keren Elazari
Service - Vendors Area - No Starch Press Table - cont...(14:30-15:59) - Book Signing - Violet Blue - The Smart Girls's Guide to Privacy - Violet Blue
Service - Vendors Area - No Starch Press Table - cont...(14:30-15:59) - Book Signing - Georgia Weidman - Penetration Testing - Georgia Weidman
Service - Vendors Area - No Starch Press Table - cont...(14:30-15:59) - Book Signing - Elissa Shevinsky - Lean Out - Elissa Shevinsky
SEV - Caesars Promenade South - Octavius BR 3-8 - (15:30-15:59) - My Stripper Name is Bubbles - Hannah Silvers
SKY - Flamingo 3rd Flr - Virginia City Rm - OSINT IS FOR SOCCER MOMS - Laura H
VMHV - Caesars Pool Level - Forum 14-16 - Lightning Talks - A Crash Course on Election Security - Matthew Bernhard
VMHV - Caesars Pool Level - Forum 14-16 - (15:15-15:30) - Lightning Talks - Mechanics & Pitfalls of Auditing with Scanners - Margaret MacAlpine
VMHV - Caesars Pool Level - Forum 14-16 - (15:30-15:45) - Lightning Talks - The Return of Software Vulnerabilities in the Brazilian Voting Machine - Diego Aranha
WLV - Caesars Promenade Level - Milano BR 5,6 - WEP and WPA Cracking 101 - Zero_Chaos and Tay-Tay fanboi Wasabi
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 16:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Machine Learning for Network Security Hands-on Workshop: DIYML - Sebastian Garcia
AIV - Caesars Promenade Level - Florentine BR 3 - Using AI to Create Music - dj beep code
AIV - Caesars Promenade Level - Florentine BR 3 - Machine Learning as a Service in Your Pocket - Evan Yang
AIV - Caesars Promenade Level - Florentine BR 3 - Deep Exploit - Isao Takaesu
BCOS - Caesars Promenade Level - Pompeian BR 1 - Scaling and Economic Implications of the Adaptive Blocksize in Monero - Francisco "ArticMine" Cabañas
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - Panel Discussion: The Internet of Bodies - Prof Andrea M. Matwyshyn, Professor of Law, NUSL
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (16:15-16:59) - Hey Bro, I Got Your Fitness Right Here (and your PHI). - Nick - GraphX
BTV - Flamingo 3rd Flr- Savoy Rm - SAEDAY: Subversion and Espionage Directed Against You - Judy Towers
Contest - Contest Stage - EFF Tech Trivia -
CPV - Caesars Promenade Level - Milano BR 1,2 - Cicada: What the Puzzles Can Teach Us About Cryptography and Privacy. - Nox
DDV - Caesars Promenade Level - Capri Rm - The Beginner’s Guide to the Musical Scales of Cyberwar - Jessica “Zhanna” Malekos Smith
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Automated Discovery of Deserialization Gadget Chains - Ian Haken
DC - Track 1 - Caesars Emperor's Level - Palace BR - Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability - Yuwei Zheng, Shaokun Cao, Yunding Jian, Mingchuang Qun
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Practical & Improved Wifi MitM with Mana - singe
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Your Voice is My Passport - _delta_zero, Azeem Aqil
EHV - Caesars Promenade Level - Modena Rm - Ethical Disclosure and the Reduction of Harm - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(14:00-17:59) - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(15:45-16:30) - The Sound of a Targeted Attack: Attacking IoT Speakers - Stephen Hilt @sjhilt
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (16:45-17:30) - I'm the One Who Doesn't Knock: Unlocking Doors from the Network - David Tomaschik @Matir
Meetup - Caesars - Palace Suites - cont...(15:00-16:59) - Women, Wisdom, & Wine @ DEF CON 26 by IOActive -
PHV - Caesars Promenade Level - Neopolitan BR - Car Infotainment Hacking Methodology and Attack Surface Scenarios - Jay Turla
PHW - Caesars Promenade Level - Neopolitan BR - cont...(15:30-16:59) - Finding and Attacking Undocumented APIs with Python - Ryan Mitchell
PPV - Flamingo Lower Level - Valley Of Fire Rms - Diagnosing Sick Plants with Computer Vision - Harry Moreno
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(15:50-16:10) - How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - Ethan Gregory Dodge
RCV - Caesars Promenade Level - Florentine BR 1,2 - (16:15-16:45) - Hacking the international RFQ Process #killthebuzzwords - Dino Covotsos
RCV - Caesars Promenade Level - Florentine BR 1,2 - (16:50-17:20) - Introducing YOGA: Your OSINT Graphical Analyzer - Micah Hoffman
SEV - Caesars Promenade South - Octavius BR 3-8 - From Introvert to SE: The Journey - Ryan MacDougall
SEV - Caesars Promenade South - Octavius BR 3-8 - (16:55-17:45) - Mr. Sinatra Will Hack You Now - Neil Fallon
SKY - Flamingo 3rd Flr - Virginia City Rm - Robots and AI: What scares the experts? - Brittany "Straithe" Postnikoff, Sara-Jayne Terp
VMHV - Caesars Pool Level - Forum 14-16 - Trustworthy Elections - Joseph Kiniry
VMHV - Caesars Pool Level - Forum 14-16 - (16:30-16:59) - Keynote Address: Alejandro Mayorkas - Alejandro Mayorkas
WLV - Caesars Promenade Level - Milano BR 5,6 - SirenJack: Cracking a 'Secure' Emergency Waring Siren System - Balint Seeber
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 17:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Hacking a Crypto Payment Gateway - Devin "Bearded Warrior" Pearson and Felix "Crypto_Cat" Honigwachs
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Nature’s source code is vulnerable and cannot be patched - Jeffrey Ladish
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (17:45-18:30) - Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity - Debra Laefer
BTV - Flamingo 3rd Flr- Savoy Rm - Stop, Drop, and Assess your SOC - Andy Applebaum
Contest - Contest Stage - cont...(16:00-17:59) - EFF Tech Trivia -
CPV - Caesars Promenade Level - Milano BR 1,2 - Revolutionizing Authentication with Oblivious Cryptography - Dr Adam Everspaugh
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Your Bank's Digital Side Door - Steven Danneman
DC - Track 1 - Caesars Emperor's Level - Palace BR - I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine - Alex Levinson, Dan Borges
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask) - L0pht Heavy Industries, Elinor Mills, DilDog, Joe Grand, Kingpin, Space Rogue, Mudge, Silicosis , John Tan, Weld Pond
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Reverse Engineering, hacking documentary series - Michael Lee Nirenberg, Dave Buchwald
EHV - Caesars Promenade Level - Modena Rm - (17:30-18:29) - Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(14:00-17:59) - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(16:45-17:30) - I'm the One Who Doesn't Knock: Unlocking Doors from the Network - David Tomaschik @Matir
Meetup - Caesars - Circle Bar - DEFCON 909 Meet Up -
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - Swiss Cheese Holes in the Foundation of Modern Security - CERT VU#919801 - Chris Hanlon
PHW - Caesars Promenade Level - Neopolitan BR - (17:30-18:59) - Serious Intro to Python for Admins - Davin Potts
PPV - Flamingo Lower Level - Valley Of Fire Rms - THC Producing, Genetically Modified Yeast - Kevin Chen
PPV - Flamingo Lower Level - Valley Of Fire Rms - (17:30-18:15) - An Overview of Hydroponic Grow Techniques - Adrian, Alex
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(16:50-17:20) - Introducing YOGA: Your OSINT Graphical Analyzer - Micah Hoffman
RCV - Caesars Promenade Level - Florentine BR 1,2 - (17:25-17:55) - Using Deep Learning to uncover darkweb malicious actors and their close circle - Rod Soto / Joseph Zadeh
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(16:55-17:45) - Mr. Sinatra Will Hack You Now - Neil Fallon
SEV - Caesars Promenade South - Octavius BR 3-8 - (17:50-18:40) - In-N-Out - That’s What It’s All About - Billy Boatright
SKY - Flamingo 3rd Flr - Virginia City Rm - The Least Common Denominator Strategy (AKA Don't make DevOps too easy) - Daniel Williams (fbus)
VMHV - Caesars Pool Level - Forum 14-16 - Keynote Address: TBA -
WLV - Caesars Promenade Level - Milano BR 5,6 - Hunting Rogue APs: Hard Lessons - toddpar0dy
WLV - Caesars Promenade Level - Milano BR 5,6 - (17:30-17:55) - Exploring the 802.15.4 Attack Surface - Faz
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 18:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - INTRO TO DATA MASTERCLASS: Graphs & Anomalies - Leo Meyerovich & Eugene Teo
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(17:45-18:30) - Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity - Debra Laefer
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (18:30-18:59) - Custodial Responsibilities in the Connected Age: Digital Specimens and Social Contracts - Andy Coravos
BTV - Flamingo 3rd Flr- Savoy Rm - (18:20-18:59) - Open Source Endpoint Monitoring - Rik van Duijn and Leandro Velasco
Contest - Contest Stage - DEF CON Beard and Moustache Contest -
CPV - Caesars Promenade Level - Milano BR 1,2 - Announcing the Underhanded Crypto Contest Winners - Adam Caudill, Taylor Hornby
CPV - Caesars Promenade Level - Milano BR 1,2 - (18:30-19:00) - Closing Time
EHV - Caesars Promenade Level - Modena Rm - cont...(17:30-18:29) - Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research - Speaker TBA
EHV - Caesars Promenade Level - Modena Rm - (18:30-19:29) - Discussion - Speaker TBA
Meetup - Caesars - Circle Bar - cont...(17:00-18:59) - DEFCON 909 Meet Up -
Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - /R/defcon redit Meetup -
Meetup - The Park on Las Vegas Blvd. by TMobile Arena - (18:30-20:30) - DEF CON Dinner Con -
PHV - Caesars Promenade Level - Neopolitan BR - Mapping Wi-Fi Networks and Triggering on Interesting Traffic Patterns - Caleb Madrigal
PHW - Caesars Promenade Level - Neopolitan BR - cont...(17:30-18:59) - Serious Intro to Python for Admins - Davin Potts
PPV - Flamingo Lower Level - Valley Of Fire Rms - cont...(17:30-18:15) - An Overview of Hydroponic Grow Techniques - Adrian, Alex
PPV - Flamingo Lower Level - Valley Of Fire Rms - (18:15-18:59) - Vulnerabilities in Cannabis Software - Project Nexus
RCV - Caesars Promenade Level - Florentine BR 1,2 - I fought the law and law lost - Mauro Caseres
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(17:50-18:40) - In-N-Out - That’s What It’s All About - Billy Boatright
SEV - Caesars Promenade South - Octavius BR 3-8 - (18:40-19:30) - The Art of Business Warfare - Wayne Ronaldson
SKY - Flamingo 3rd Flr - Virginia City Rm - Real Simple Blue Team Shit - @wornbt
WLV - Caesars Promenade Level - Milano BR 5,6 - Blue_Sonar - Zero_Chaos and Rick "Captain Marko Ramius" Mellendick
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 19:00


Return to Index  -  Locations Legend
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (19:15-19:15) - Take two of these and syscall execve() in the morning: A retrospective and primer on medical device security research - Robert Portvliet
Contest - Contest Stage - cont...(18:00-19:59) - DEF CON Beard and Moustache Contest -
EHV - Caesars Promenade Level - Modena Rm - cont...(18:30-19:29) - Discussion - Speaker TBA
Meetup - Flamingo - 3rd Floor - Carson City Rm - Lawyer Meet -
Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - cont...(18:00-20:30) - /R/defcon redit Meetup -
Meetup - The Park on Las Vegas Blvd. by TMobile Arena - cont...(18:30-20:30) - DEF CON Dinner Con -
Night Life - Caesars - Location printed on badges - Cubcon 2018 -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(18:40-19:30) - The Art of Business Warfare - Wayne Ronaldson
SEV - Caesars Promenade South - Octavius BR 3-8 - (19:35-20:10) - Swarm Intelligence and Augmented Reality Gaming - Nancy Eckert

 

Friday - 20:00


Return to Index  -  Locations Legend
Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - Hacker Jeopardy -
Contest - Contest Stage - Whose Slide is it Anyway? -
DC - Octavius 13 - Disrupting the Digital Dystopia or What the hell is happening in computer law? - Nathan White, Nate Cardozo
DC - Octavius 9 - D0 N0 H4RM: A Healthcare Security Conversation - Christian"quaddi" Dameff MD, Jeff "r3plicant" Tully MD, Kirill Levchenko PhD, Beau Woods, Roberto Suarez, Jay Radcliffe, Joshua
DC - Roman Chillout - Oh Noes!—A Role Playing Incident Response Game - Bruce Potter, Robert Potter
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - (20:30-23:45) - Loud Party -
Meetup - Flamingo - 3rd Floor - Chillout Rm - (20:30-23:59) - /R/defcon redit Meetup -
Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - cont...(18:00-20:30) - /R/defcon redit Meetup -
Meetup - The Park on Las Vegas Blvd. by TMobile Arena - cont...(18:30-20:30) - DEF CON Dinner Con -
Night Life - Caesars - Emperors Level - Chillout Rm - Hacker Karaoke -
Night Life - Caesars - Location printed on badges - cont...(19:00-23:59) - Cubcon 2018 -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - Movie Night -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - (20:30-25:59) - Arcade Party -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - (20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - (20:30-23:59) - House of Kenzo -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - (20:30-25:59) - Vet Con -
Night Life - Forum Tower Duplex Hangover Suite - 503 Party 2018 -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(19:35-20:10) - Swarm Intelligence and Augmented Reality Gaming - Nancy Eckert

 

Friday - 21:00


Return to Index  -  Locations Legend
Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - cont...(20:00-21:59) - Hacker Jeopardy -
Contest - Contest Stage - cont...(20:00-21:59) - Whose Slide is it Anyway? -
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:30-23:45) - Loud Party -
Meetup - Flamingo - 3rd Floor - Chillout Rm - cont...(20:30-23:59) - /R/defcon redit Meetup -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Location printed on badges - cont...(19:00-23:59) - Cubcon 2018 -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - JG & The Robots -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - cont...(20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - cont...(20:30-23:59) - House of Kenzo -
Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - Live Band Karaoke -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
Night Life - Forum Tower Duplex Hangover Suite - cont...(20:00-23:59) - 503 Party 2018 -

 

Friday - 22:00


Return to Index  -  Locations Legend
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:30-23:45) - Loud Party -
Meetup - Flamingo - 3rd Floor - Chillout Rm - cont...(20:30-23:59) - /R/defcon redit Meetup -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Location printed on badges - cont...(19:00-23:59) - Cubcon 2018 -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - YT Cracker -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (22:45-23:30) - Party Music - Dualcore -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - cont...(20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - cont...(20:30-23:59) - House of Kenzo -
Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - cont...(21:00-23:59) - Live Band Karaoke -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
Night Life - Forum Tower Duplex Hangover Suite - cont...(20:00-23:59) - 503 Party 2018 -
SKY - Flamingo 3rd Flr - Virginia City Rm - skytalks (303) FRIDAY PARTY - Read the Details - @wornbt

 

Friday - 23:00


Return to Index  -  Locations Legend
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:30-23:45) - Loud Party -
Meetup - Flamingo - 3rd Floor - Chillout Rm - cont...(20:30-23:59) - /R/defcon redit Meetup -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Location printed on badges - cont...(19:00-23:59) - Cubcon 2018 -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(22:45-23:30) - Party Music - Dualcore -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (23:30-24:15) - Party Music - MC Frontalot -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - cont...(20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - cont...(20:30-23:59) - House of Kenzo -
Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - cont...(21:00-23:59) - Live Band Karaoke -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
Night Life - Forum Tower Duplex Hangover Suite - cont...(20:00-23:59) - 503 Party 2018 -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) FRIDAY PARTY - Read the Details - @wornbt

 

Friday - 24:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(23:30-24:15) - Party Music - MC Frontalot -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (24:15-25:15) - Party Music - TBD -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) FRIDAY PARTY - Read the Details - @wornbt

 

Friday - 25:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(24:15-25:15) - Party Music - TBD -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (25:15-26:15) - Party Music - Scotch & Bubbles -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) FRIDAY PARTY - Read the Details - @wornbt

 

Friday - 26:00


Return to Index  -  Locations Legend
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(25:15-26:15) - Party Music - Scotch & Bubbles -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (26:15-26:59) - Party Music - Circuit Static -

Saturday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Saturday - 06:00


Return to Index  -  Locations Legend
Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Defcon 26 4X5K run -

 

Saturday - 09:00


Return to Index  -  Locations Legend
PHW - Caesars Promenade Level - Neopolitan BR - (09:30-13:30) - Kali Dojo Workshop - Johnny Long
SKY - Flamingo 3rd Flr - Virginia City Rm - What happened behind the closed doors at MS - Dimitri
SKY - Flamingo 3rd Flr - Virginia City Rm - (09:30-09:59) - http2 and you - security panda

 

Saturday - 10:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - The current state of adversarial machine learning - infosecanon
AIV - Caesars Promenade Level - Florentine BR 3 - (10:20-10:40) - Chatting with your programs to find vulnerabilities - Chris Gardner
AIV - Caesars Promenade Level - Florentine BR 3 - (10:40-11:20) - The great power of AI: Algorithmic mirrors of society - Aylin Caliskan
BCOS - Caesars Promenade Level - Pompeian BR 1 - BCOS keynote speech - Philip Martin (VP Security, COINBASE)
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - WELCOME TO DAY 2 of BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (10:15-10:15) - WaterBot - Hackable Scientific Plant Bot - BiaSciLab
Contest - Contest Stage - D(Struction)20 CTF -
CPV - Caesars Promenade Level - Milano BR 1,2 - Welcome
CPV - Caesars Promenade Level - Milano BR 1,2 - (10:30-11:30) - Cloud Encryption: How to not suck at securing your encryption keys - Marie Fromm
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems - Jos Wetzels, Marina Krotofil
DC - Track 1 - Caesars Emperor's Level - Palace BR - It WISN't me, attacking industrial wireless mesh networks - Erwin Paternotte, Mattijs van Ommeren
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - You're just complaining because you're guilty: A DEF CON Guide to Adversarial Testing of Software Used In the Criminal Justice System - Dr. Jeanna N. Matthews:, Nathan Adams, Jerome Greco
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts - Zhenxuan Bai, Yuwei Zheng, Senhua Wang, Kunzhe Chai
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - #WiFiCactus - Mike Spicer
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Archery—Open Source Vulnerability Assessment and Management - Anand Tiwari
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - firstorder - Utku Sen, Gozde Sinturk
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Orthrus - Nick Sayer
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Local Sheriff - Konark Modi
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Halcyon IDE - Sanoop Thomas
HHV - Caesars Pool Level - Forum 17-21 - Hacking your HackRF - Mike Davis
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Securing Critical Infrastructure through Side-Channel Monitoring - James Harris, Carlos Aguayo
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (10:40-11:10) - Analyzing VPNFilter's Modbus Module - Patrick DeSantis, Carlos Pacho
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (10:15-10:59) - FPGA’s: a new attack surface for embedded adversaries. - John Dunlap @JohnDunlap2
PHV - Caesars Promenade Level - Neopolitan BR - Ducky-in-the-Middle: Injecting Keystrokes into Plaintext Protocols - Esteban Rodriguez
PHV - Caesars Promenade Level - Neopolitan BR - (10:30-10:59) - How to Tune Automation to Avoid False Positives - Gita Ziabari
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
RCV - Caesars Promenade Level - Florentine BR 1,2 - Building visualisation platforms for OSINT data using open source solutions - Bharath Kumar / Madhu
SKY - Flamingo 3rd Flr - Virginia City Rm - Don't Bring Me Down: Weaponizing botnets - @3ncr1pted
WS - Linq 4th Flr - Icon A - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - Decentralized Hacker Net - Eijah

 

Saturday - 11:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(10:40-11:20) - The great power of AI: Algorithmic mirrors of society - Aylin Caliskan
AIV - Caesars Promenade Level - Florentine BR 3 - (11:20-11:40) - DeepPhish: Simulating the Malicious Use of AI - Ivan Torroledo
BCOS - Caesars Promenade Level - Pompeian BR 1 - Prize winners, awards, and announcements - midipoet and MSvB
BCOS - Caesars Promenade Level - Pompeian BR 1 - (11:30-11:59) - Monero's Emerging Applications - Fluffy Pony
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(10:00-11:15) - WELCOME TO DAY 2 of BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (11:15-11:59) - Technology Enabled Prosthetic Environments - Gerry Scott
Contest - Contest Stage - cont...(10:00-11:59) - D(Struction)20 CTF -
CPV - Caesars Promenade Level - Milano BR 1,2 - cont...(10:30-11:30) - Cloud Encryption: How to not suck at securing your encryption keys - Marie Fromm
CPV - Caesars Promenade Level - Milano BR 1,2 - (11:30-12:00) - Green Locks for You and Me - Wendy Knox Everette
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Hacking PLCs and Causing Havoc on Critical Infrastructures - Thiago Alves
DC - Track 1 - Caesars Emperor's Level - Palace BR - Exploiting Active Directory Administrator Insecurities - Sean Metcalf
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Compression Oracle Attacks on VPN Networks - Nafeez
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Jailbreaking the 3DS through 7 years of hardening - smea
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - #WiFiCactus - Mike Spicer
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Archery—Open Source Vulnerability Assessment and Management - Anand Tiwari
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - firstorder - Utku Sen, Gozde Sinturk
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Orthrus - Nick Sayer
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Local Sheriff - Konark Modi
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Halcyon IDE - Sanoop Thomas
EHV - Caesars Promenade Level - Modena Rm - Ethics of Technology in Humanitarian and Disaster Response - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - Disabling Intel ME in Firmware - Brian Milliron
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(10:40-11:10) - Analyzing VPNFilter's Modbus Module - Patrick DeSantis, Carlos Pacho
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (11:15-11:59) - Your Smart Scale is Leaking More than Your Weight - Erez Yalon @ErezYalon
PHV - Caesars Promenade Level - Neopolitan BR - wpa-sec: The Largest Online WPA Handshake Database - Alex Stanev
PHV - Caesars Promenade Level - Neopolitan BR - (11:30-11:59) - Capturing in Hard to Reach Places - Silas Cutler
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
PPV - Flamingo Lower Level - Valley Of Fire Rms - The Cantankerous Cannabis Cryptocurrency Kerfuffle - Octet In Triplicate
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(10:00-11:59) - Building visualisation platforms for OSINT data using open source solutions - Bharath Kumar / Madhu
SKY - Flamingo 3rd Flr - Virginia City Rm - The Abyss is Waving Back - Sidragon
WLV - Caesars Promenade Level - Milano BR 5,6 - Learning to Listen: Machine Learning for Adaptive Wireless Adversary Detection - John Dunlap
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Decentralized Hacker Net - Eijah

 

Saturday - 12:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - We Program Our Stinkin Badges! - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - No Firewall Can Save You At The Intersection Of Genetics and Privacy - Almost Human
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (12:45-13:30) - Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders. - siDragon
CPV - Caesars Promenade Level - Milano BR 1,2 - No Way JOSE! Designing Cryptography Features for Mere Mortals - Scott Arciszewski
DC - 101 Track - Building Absurd Christmas Light Shows - Rob Joyce
DC - Track 1 - Caesars Emperor's Level - Palace BR - Tineola: Taking a Bite Out of Enterprise Blockchain - Stark Riedesel, Parsia Hakimian
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - You'd better secure your BLE devices or we'll kick your butts ! - Damien "virtualabs" Cauquil
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Ridealong Adventures—Critical Issues with Police Body Cameras - Josh Mitchell
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - trackerjacker - Caleb Madrigal
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit - Jayesh Singh Chauhan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - GreyNoise - Andrew Morris
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - WHID Injector: Hot To Bring HID Attacks to the Next Level - Luca Bongiorni
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - BLEMystique—Affordable custom BLE target - Nishant Sharma, Jeswin Mathai
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - ADRecon: Active Directory Recon - Prashant Mahajan
HHV - Caesars Pool Level - Forum 17-21 - NFC Payments: The Art of Relay & Replay Attacks - Salvador Mendoza
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (12:30-12:59) - Panel Q&A – IoT Manufacturers: Answers on Security Straight from the Source - Panel
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
Meetup - Chill Out Lounge - Deaf Con Meet Up -
PHV - Caesars Promenade Level - Neopolitan BR - An OSINT Approach to Third Party Cloud Service Provider Evaluation - Lokesh Pidawekar
PHV - Caesars Promenade Level - Neopolitan BR - (12:30-12:59) - Bitsquatting: Passive DNS Hijacking - Ed Miles
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
RCV - Caesars Promenade Level - Florentine BR 1,2 - Cartoons, Sketchnotes, Bullet Journals and Other Data Visualization Tricks - Raye Keslensky
RCV - Caesars Promenade Level - Florentine BR 1,2 - Bug Bounty Hunting on Steroids - Anshuman Bhartiya / Glen Grant
Service - Caesars - Promenade Level - Anzio Rm past Registration - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Cloud Security Myths - Xavier Ashe
WLV - Caesars Promenade Level - Milano BR 5,6 - Attacking Gotenna Networks - recompiler
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Decentralized Hacker Net - Eijah

 

Saturday - 13:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Machine Learning Model Hardening For Fun and Profit - Ariel Herbert-Voss
AIV - Caesars Promenade Level - Florentine BR 3 - (13:20-13:59) - Automated Planning for the Automated Red Team - Andy Applebaum
BCOS - Caesars Promenade Level - Pompeian BR 1 - cont...(12:00-13:59) - We Program Our Stinkin Badges! - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(12:45-13:30) - Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders. - siDragon
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (13:30-14:15) - DNA Encryption: Bioencryption to Store Your Secrets in living organisms - John Dunlap
CPV - Caesars Promenade Level - Milano BR 1,2 - Sluts, Bullies, and Best Selves: Rethinking Digital Privacy Education - Caroline D. Hardin, Jen Dalsen
CPV - Caesars Promenade Level - Milano BR 1,2 - (13:30-14:00) - Building a Cryptographic Backdoor in OpenSSL - Lei Shi, Allen Cai
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - One Step Ahead of Cheaters -- Instrumenting Android Emulators - Nevermoe (@n3v3rm03)
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - (13:30-13:50) - House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries - Sanat Sharma
DC - Track 1 - Caesars Emperor's Level - Palace BR - In Soviet Russia Smartcard Hacks You - Eric Sesterhenn
DC - Track 1 - Caesars Emperor's Level - Palace BR - (13:30-13:50) - The ring 0 façade: awakening the processor's inner demons - Christopher Domas
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Reaping and breaking keys at scale: when crypto meets big data - Yolan Romailler, Nils Amiet
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (13:30-13:50) - Detecting Blue Team Research Through Targeted Ads - 0x200b
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era - Andrea Marcelli
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (13:30-14:15) - Infecting The Embedded Supply Chain - Zach, Alex
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - trackerjacker - Caleb Madrigal
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit - Jayesh Singh Chauhan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - GreyNoise - Andrew Morris
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - WHID Injector: Hot To Bring HID Attacks to the Next Level - Luca Bongiorni
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - BLEMystique—Affordable custom BLE target - Nishant Sharma, Jeswin Mathai
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - ADRecon: Active Directory Recon - Prashant Mahajan
EHV - Caesars Promenade Level - Modena Rm - Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space - Speaker TBA
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (13:15-13:45) - Disassembly and Hacking of Firmware Where You Least Expect It: In Your Tools- with live hacking demonstration - Monta Elkins
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (13:55-14:25) - TOR for The IOT aka TORT Reform - Bryson Bort
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (13:15-13:59) - Worms that fight back: Nematodes as an antidote for IoT malware - Matt Wixey @darkartlab
PHV - Caesars Promenade Level - Neopolitan BR - Turning Deception Outside-In: Tricking Attackers with OSINT - Hadar Yudovich, Tom Kahana, Tom Sela
PHV - Caesars Promenade Level - Neopolitan BR - (13:30-13:59) - Defense in Depth: The Path to SGX at Akamai - Sam Erb
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
PPV - Flamingo Lower Level - Valley Of Fire Rms - How Compliance Affects the Surface Area of Cannabis POS - WeedAnon
RCV - Caesars Promenade Level - Florentine BR 1,2 - Targeted User Analytics and Human Honeypotss - Mbis0n Shadoru
RCV - Caesars Promenade Level - Florentine BR 1,2 - (13:25-13:55) - Skiptracer - ghetto OSINT for broke hackers - illwill
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - Book Signing - Nick Cano - Game Hacking - Nick Cano
SKY - Flamingo 3rd Flr - Virginia City Rm - Exploiting IoT Communications - A Cover within a Cover - Mike Raggo & Chet Hosmer
WLV - Caesars Promenade Level - Milano BR 5,6 - Wardrivers Anonymous - Aadvark and Darkmatter and elkentaro and Zero_Chaos and Rick "Ward River" Mellendick
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Decentralized Hacker Net - Eijah

 

Saturday - 14:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Beyond Adversarial Learning -- Security Risks in AI Implementations - Kang Li
AIV - Caesars Promenade Level - Florentine BR 3 - (14:30-15:20) - (Responsible?) Offensive Machine Learning - @bodaceacat, @filar, @Straithe, @_delta_zero (Moderating)
BCOS - Caesars Promenade Level - Pompeian BR 1 - Examining Monero's Ring Signatures - Justin Ehrenhofer
BCOS - Caesars Promenade Level - Pompeian BR 1 - (14:30-14:59) - Some Mining Related Attacks - Zhiniang Peng
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(13:30-14:15) - DNA Encryption: Bioencryption to Store Your Secrets in living organisms - John Dunlap
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (14:15-16:15) - DEF CON Biohacking Village Badge Talk - Joel Murphy
CPV - Caesars Promenade Level - Milano BR 1,2 - CATs - A Tale of Scalable Authentication - Yueting Lee
CPV - Caesars Promenade Level - Milano BR 1,2 - (14:30-15:00) - Jailed by a Google Search: the Surveillance State's War on Self-induced Abortion - Pigeon
DDV - Caesars Promenade Level - Capri Rm - The Memory Remains - Cold drive memory forensics 101 - Lior Kolnik
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices - Dennis Giese
DC - Track 1 - Caesars Emperor's Level - Palace BR - SMBetray—Backdooring and breaking signatures - William Martin
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones - Eduardo Izycki, Rodrigo Colli
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (14:30-14:50) - Sex Work After SESTA/FOSTA - Maggie Mayhem
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - cont...(13:30-14:15) - Infecting The Embedded Supply Chain - Zach, Alex
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Playing Malware Injection with Exploit thoughts - Sheng-Hao Ma
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (14:30-14:50) - Fire & Ice: Making and Breaking macOS Firewalls - Patrick Wardle
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - EAPHammer - Gabriel Ryan
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Sh00t—An open platform for manual security testers & bug hunters - Pavan Mohan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - ioc2rpz - Vadim Pavlov
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - HealthyPi—Connected Health - Ashwin K Whitchurch
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Walrus - Daniel Underhay, Matthew Daley
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - LHT (Lossy Hash Table) - Steve Thomas
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(13:55-14:25) - TOR for The IOT aka TORT Reform - Bryson Bort
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (14:30-15:15) - Attacking Commercial Smart Irrigation Systems - Ben Nassi @ben_nassi
PHV - Caesars Promenade Level - Neopolitan BR - Building a Teaching SOC - Andrew Johnson
PHV - Caesars Promenade Level - Neopolitan BR - (14:30-14:59) - Normalizing Empire's Traffic to Evade Anomaly-Based IDS - Utku Sen, Gozde Sinturk
PHW - Caesars Promenade Level - Neopolitan BR - Intense Introduction to Modern Web Application Hacking - Omar Santos and Ron Taylor
PPV - Flamingo Lower Level - Valley Of Fire Rms - Hacking Phenotypic Pathways In Cannabis - Mark Lewi
RCV - Caesars Promenade Level - Florentine BR 1,2 - Applied OSINT For Politics: Turning Open Data Into News - Lloyd Miller
RCV - Caesars Promenade Level - Florentine BR 1,2 - (14:45-15:05) - 1983: I’m born. 2018: I’m taking on the bad guys - Jennifer Roderick
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Hacking the Technical Interview - Marcelle & Kelley
WLV - Caesars Promenade Level - Milano BR 5,6 - (14:30-15:25) - SDR Basics Class - Balint Seeber
WS - Linq 4th Flr - Icon A - (14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - (14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - (14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - (14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - (14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - (14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 15:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(14:30-15:20) - (Responsible?) Offensive Machine Learning - @bodaceacat, @filar, @Straithe, @_delta_zero (Moderating)
AIV - Caesars Promenade Level - Florentine BR 3 - (15:20-15:59) - Towards a framework to quantitatively assess AI safety – challenges, open questions and opportunities. - Ram Shankar Siva Kumar
BCOS - Caesars Promenade Level - Pompeian BR 1 - An Introduction to Kovri - Anonimal
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - DEF CON Biohacking Village Badge Talk - Joel Murphy
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Torrent More Pharmaceutical Drugs. File Sharing Still Saves Lives. - Mixæl Laufer
Contest - Contest Stage - Spell Check: The Hacker Spelling Bee -
CPV - Caesars Promenade Level - Milano BR 1,2 - JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else - Guy Barnhart-Magen, Ezra Caltum
DDV - Caesars Promenade Level - Capri Rm - Owning Gluster FS with GEVAUDAN - Mauro Cáseres
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Project Interceptor: avoiding counter-drone systems with nanodrones - David Melendez Cano
DC - Track 1 - Caesars Emperor's Level - Palace BR - All your math are belong to us - sghctoma
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Reverse Engineering Windows Defender's Emulator - Alexei Bulazel
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Booby Trapping Boxes - Ladar Levison, hon1nbo
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - EAPHammer - Gabriel Ryan
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - Sh00t—An open platform for manual security testers & bug hunters - Pavan Mohan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - ioc2rpz - Vadim Pavlov
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - HealthyPi—Connected Health - Ashwin K Whitchurch
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - Walrus - Daniel Underhay, Matthew Daley
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - LHT (Lossy Hash Table) - Steve Thomas
EHV - Caesars Promenade Level - Modena Rm - Hack Back: Not An Option, But A Necessity? (A Mini-Workshop) - David Scott Lewis
HHV - Caesars Pool Level - Forum 17-21 - Breaking In: Building a home lab without having to rob a bank - Bryan Austin
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(14:30-15:15) - Attacking Commercial Smart Irrigation Systems - Ben Nassi @ben_nassi
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (15:45-16:30) - How-to modify ARM Cortex-M based firmware: A step-by-step approach for Xiaomi devices - Dennis Giese
PHV - Caesars Promenade Level - Neopolitan BR - Grand Theft Auto: Digital Key Hacking - Huajiang "Kevin2600" Chen, Jin Yang
PHW - Caesars Promenade Level - Neopolitan BR - cont...(14:00-15:59) - Intense Introduction to Modern Web Application Hacking - Omar Santos and Ron Taylor
PPV - Flamingo Lower Level - Valley Of Fire Rms - The Invisible Hands Tending the Secret Greens - Keith Conway (@algirhythm), Frank (@cosmovaltran
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(14:45-15:05) - 1983: I’m born. 2018: I’m taking on the bad guys - Jennifer Roderick
RCV - Caesars Promenade Level - Florentine BR 1,2 - Core OSINT: Keeping Track of and Reporting All the Things - Micah Hoffman
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - (15:30-15:59) - Social Engineering from a CISO's Perspective - Kathleen Mullen
SKY - Flamingo 3rd Flr - Virginia City Rm - Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project - Amit Elazari & Keren Elazari
WLV - Caesars Promenade Level - Milano BR 5,6 - cont...(14:30-15:25) - SDR Basics Class - Balint Seeber
WLV - Caesars Promenade Level - Milano BR 5,6 - (15:30-15:55) - BLE CTF - Ryan Holeman
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 16:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - StuxNNet: Practical Live Memory Attacks on Machine Learning Systems - Raphael Norwitz
AIV - Caesars Promenade Level - Florentine BR 3 - (16:20-16:59) - Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks - TonTon Huang
BCOS - Caesars Promenade Level - Pompeian BR 1 - cont...(15:00-16:59) - An Introduction to Kovri - Anonimal
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - DEF CON Biohacking Village Badge Talk - Joel Murphy
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (16:15-16:59) - Hacking Human Fetuses - Erin Hefley
Contest - Contest Stage - cont...(15:00-16:59) - Spell Check: The Hacker Spelling Bee -
CPV - Caesars Promenade Level - Milano BR 1,2 - Anonymous rate-limiting in services with Direct Anonymous Attestation - Alex Catarineu, Philipp Claen, Konark Modi, Josep M. Pujol
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Outsmarting the Smart City - Daniel "unicornFurnace" Crowley, Mauro Paredes, Jen "savagejen" Savage
DC - Track 1 - Caesars Emperor's Level - Palace BR - 80 to 0 in under 5 seconds: Falsifying a medical patient's vitals - Douglas McKee
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - All your family secrets belong to us—Worrisome security issues in tracker apps - Dr. Siegfried Rasthofer, Stephan Huber, Dr. Steven Arzt
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Inside the Fake Science Factory - Dr Cindy Poppins - Computer Scientist (AKA Svea Eckert), Dr Dade Murphy - Reformed Hacker (AKA Suggy), Professor Dr Edgar Munch
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response) - Besim Altinok, Mehmet Kutlay Kocer, M.Can KURNAZ
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Angad: A Malware Detection Framework using Multi-Dimensional Visualization - Ankur Tyagi
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Honeycomb—An extensible honeypot framework - Omer Cohen, Imri Goldberg
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Swissduino—Stealthy USB HID Networking & Attack - Mike Westmacott
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - boofuzz - Joshua Pereyda
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - PA Toolkit—Wireshark plugins for Pentesters - Nishant Sharma, Jeswin Mathai
HHV - Caesars Pool Level - Forum 17-21 - The Cactus: 6502 Blinkenlights 40 Years Late - Commodore Z
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (16:55-17:25) - Reverse Engineering Physical Processes in Industrial Control Systems - Marina Krotofi, Alexander Winnicki
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(15:45-16:30) - How-to modify ARM Cortex-M based firmware: A step-by-step approach for Xiaomi devices - Dennis Giese
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (16:45-17:30) - Hacking U-Boot - Srinivas Rao @srini0x00 and Abhijeth D @abhijeth
PHV - Caesars Promenade Level - Neopolitan BR - Ridealong Adventures: Critical Issues with Police Body Cameras - Josh Mitchell
PHW - Caesars Promenade Level - Neopolitan BR - (16:30-17:59) - Mallet, An Intercepting Proxy for Arbitrary Protocols - Rogan Dawes
PPV - Flamingo Lower Level - Valley Of Fire Rms - The Ongoing Federal Lawsuit Against Jeff Sessions - Michael Hiller
RCV - Caesars Promenade Level - Florentine BR 1,2 - WhiteRabbit: Combining Threat Intelligence Public Blockchain Data and Machine Learning to go Down the “Dirty Money” Rabbit Hole - Olivia Thet / Nicolas Kseib
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - The Abyss is Waving Back… - Chris Roberts
SEV - Caesars Promenade South - Octavius BR 3-8 - (16:55-17:45) - Hunting Predators: SE Style - Chris Hadnagy
SKY - Flamingo 3rd Flr - Virginia City Rm - Healthcare Exposure on Public Internet - Shawn Merdinger
WLV - Caesars Promenade Level - Milano BR 5,6 - Introduction to Railroad Telemetry - Eric Reuter
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 17:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Holy BATSense! Deploying TBATS Machine Learning Algorithm to Detect Security Events - Pranshu Bajpai
BCOS - Caesars Promenade Level - Pompeian BR 1 - Moderator Justin Ehrenhofer's Greatest Questions - Shamiq (App Sec Manager, COINBASE), Paul Shapiro, A., Fluffy Pony
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Biohacking the Disability - Gabriel Bergel
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (17:45-18:30) - Batman, Brain Hacking, and Bank Accounts - Katherine Pratt
CPV - Caesars Promenade Level - Milano BR 1,2 - Prototyping Cryptographic Protocols With Charm - Matt Cheung
DC - Track 1 - Caesars Emperor's Level - Palace BR - The Road to Resilience: How Real Hacking Redeems this Damnable Profession - Richard Thieme, a.k.a. neural cowboy
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers - Nick Cano
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response) - Besim Altinok, Mehmet Kutlay Kocer, M.Can KURNAZ
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - Angad: A Malware Detection Framework using Multi-Dimensional Visualization - Ankur Tyagi
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - Honeycomb—An extensible honeypot framework - Omer Cohen, Imri Goldberg
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - Swissduino—Stealthy USB HID Networking & Attack - Mike Westmacott
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - boofuzz - Joshua Pereyda
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - PA Toolkit—Wireshark plugins for Pentesters - Nishant Sharma, Jeswin Mathai
EHV - Caesars Promenade Level - Modena Rm - Diversity and Equality in Infosec - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - WiFi Beacons will give you up - John Aho
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(16:55-17:25) - Reverse Engineering Physical Processes in Industrial Control Systems - Marina Krotofi, Alexander Winnicki
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (17:35-17:59) - A SOC in the Village - Thomas VanNorman
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(16:45-17:30) - Hacking U-Boot - Srinivas Rao @srini0x00 and Abhijeth D @abhijeth
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - IoT Data Exfiltration - Mike Raggo, Chet Hosmer
PHW - Caesars Promenade Level - Neopolitan BR - cont...(16:30-17:59) - Mallet, An Intercepting Proxy for Arbitrary Protocols - Rogan Dawes
PPV - Flamingo Lower Level - Valley Of Fire Rms - Primer On Dealing w/ Local Gov. for Legal Cannabis - Mayor Chad Wanke
RCV - Caesars Promenade Level - Florentine BR 1,2 - Mapping wifi networks and triggering on interesting traffic patterns - Caleb Madrigal
RCV - Caesars Promenade Level - Florentine BR 1,2 - (17:40-17:59) - OpenPiMap - Hacking the hackers with OSINT, Raspberry Pis, and Data Analysis - Mark Klink
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(16:55-17:45) - Hunting Predators: SE Style - Chris Hadnagy
SEV - Caesars Promenade South - Octavius BR 3-8 - (17:50-18:40) - On the Hunt: Hacking the Hunt - Chris Silvers and Taylor Banks
SKY - Flamingo 3rd Flr - Virginia City Rm - The challenge of building an secure and safe digital environment in the healthcare - @_j3lena_
WLV - Caesars Promenade Level - Milano BR 5,6 - It's not wifi: Stories in Wireless Reverse Engineering - Dominic Spill and Russ Handorf
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 18:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - INTRO TO DATA MASTERCLASS: Tour-de-ML - Leo Meyerovich & Eugene Teo
BCOS - Caesars Promenade Level - Pompeian BR 1 - Instructions and invitations to party - Cinnamonflower and pwrcycle
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(17:45-18:30) - Batman, Brain Hacking, and Bank Accounts - Katherine Pratt
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (18:30-19:15) - Building a Better Bedside - The Blue Team Needs a Plan B - Nick Delewski and Saurabh Harit
Contest - Contest Stage - DEF CON Blitz Chess Tournament -
CPV - Caesars Promenade Level - Milano BR 1,2 - (Not Recorded) Ask Me Anything about Tor: AMA with Roger Dingledine - Roger Dingledine
CPV - Caesars Promenade Level - Milano BR 1,2 - (18:30-19:00) - Closing
EHV - Caesars Promenade Level - Modena Rm - Discussion - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - Building Drones the Hard Way - David Melendez Cano
PPV - Flamingo Lower Level - Valley Of Fire Rms - Panel on digital & Physical Security in Cannabis - OCP (by proxy), Michael Hiller, Project Nexus, Weed Anon, Mark Lewis, Chad Wanke
RCV - Caesars Promenade Level - Florentine BR 1,2 - Supercharge Your Web Recon With Commonspeak and Evolutionary Wordlists - Michael Gianarakis / Shubham Shah
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(17:50-18:40) - On the Hunt: Hacking the Hunt - Chris Silvers and Taylor Banks
SEV - Caesars Promenade South - Octavius BR 3-8 - (18:40-19:30) - Social Engineering Course Projects for Undergraduate Students - Aunsuhl Rege
SKY - Flamingo 3rd Flr - Virginia City Rm - Macabre stories of a hacker in the public health sector (Chile) - Philippe Delteil
WLV - Caesars Promenade Level - Milano BR 5,6 - Little Fluffy Pineapple Clouds - Commanding a Fleet of Wireless Fruit - Darren Kitchen and Seb Kinne
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 19:00


Return to Index  -  Locations Legend
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(18:30-19:15) - Building a Better Bedside - The Blue Team Needs a Plan B - Nick Delewski and Saurabh Harit
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (19:15-19:15) - Lightning Talks - Maybe you?
Contest - Contest Stage - cont...(18:00-19:59) - DEF CON Blitz Chess Tournament -
PPV - Flamingo Lower Level - Valley Of Fire Rms - cont...(18:00-19:15) - Panel on digital & Physical Security in Cannabis - OCP (by proxy), Michael Hiller, Project Nexus, Weed Anon, Mark Lewis, Chad Wanke
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(18:40-19:30) - Social Engineering Course Projects for Undergraduate Students - Aunsuhl Rege

 

Saturday - 20:00


Return to Index  -  Locations Legend
Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - Hacker Jeopardy -
DC - Octavius 13 - Privacy Is Equality—And It's Far from Dead - Sarah St. Vincent
DC - Octavius 9 - Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape - Matt Goerzen, Dr. Jeanna Matthews, Joan Donovan
DC - Roman Chillout - EFF Fireside Hax (AKA Ask the EFF) - Kurt Opsahl, Nate Cardozo, Jamie Lee Williams, Andrés Arrieta, Katiza Rodriguez, Nathan 'nash' Sheard
Meetup - Flamingo - 3rd floor - Chillout Rm - (20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - Hacker Karaoke -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - Movie Night -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - (20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - El Dorado BR - (20:30-23:59) - Lonely Hackers Club Party -
Night Life - Flamingo, Rm # after registration - Cobalt DEF CON Party 2018 -

 

Saturday - 21:00


Return to Index  -  Locations Legend
Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - cont...(20:00-21:59) - Hacker Jeopardy -
Contest - Contest Stage - Drunk Hacker History -
Meetup - Flamingo - 3rd floor - Chillout Rm - cont...(20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (21:30-22:30) - Party Music - Skittish & Bus -
Night Life - Caesars Palace Forum Tower, Rm TBA - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - El Dorado BR - cont...(20:30-23:59) - Lonely Hackers Club Party -
Night Life - Flamingo, Rm # after registration - cont...(20:00-23:59) - Cobalt DEF CON Party 2018 -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - IoT Village Manson Party -

 

Saturday - 22:00


Return to Index  -  Locations Legend
Contest - Contest Stage - cont...(21:00-22:59) - Drunk Hacker History -
Meetup - Flamingo - 3rd floor - Chillout Rm - cont...(20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(21:30-22:30) - Party Music - Skittish & Bus -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (22:30-23:30) - Party Music - Zebbler Encanti -
Night Life - Caesars Palace Forum Tower, Rm TBA - cont...(21:00-25:59) - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - El Dorado BR - cont...(20:30-23:59) - Lonely Hackers Club Party -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - SecKC the World -
Night Life - Flamingo, Rm # after registration - cont...(20:00-23:59) - Cobalt DEF CON Party 2018 -
Night Life - Location TBA - DC801 Party -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - cont...(21:00-25:59) - IoT Village Manson Party -
SKY - Flamingo 3rd Flr - Virginia City Rm - skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - Flamingo

 

Saturday - 23:00


Return to Index  -  Locations Legend
Meetup - Flamingo - 3rd floor - Chillout Rm - cont...(20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Lobby bar - (23:55-24:59) - DC 26 GothCon -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(22:30-23:30) - Party Music - Zebbler Encanti -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (23:30-24:59) - Party Music - Juno Reactor -
Night Life - Caesars Palace Forum Tower, Rm TBA - cont...(21:00-25:59) - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - El Dorado BR - cont...(20:30-23:59) - Lonely Hackers Club Party -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(22:00-25:59) - SecKC the World -
Night Life - Flamingo, Rm # after registration - cont...(20:00-23:59) - Cobalt DEF CON Party 2018 -
Night Life - Location TBA - cont...(22:00-25:59) - DC801 Party -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - cont...(21:00-25:59) - IoT Village Manson Party -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - Flamingo

 

Saturday - 24:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Lobby bar - cont...(23:55-24:59) - DC 26 GothCon -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(23:30-24:59) - Party Music - Juno Reactor -
Night Life - Caesars Palace Forum Tower, Rm TBA - cont...(21:00-25:59) - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(22:00-25:59) - SecKC the World -
Night Life - Location TBA - cont...(22:00-25:59) - DC801 Party -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - cont...(21:00-25:59) - IoT Village Manson Party -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - Flamingo

 

Saturday - 25:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - Miss Jackalope -
Night Life - Caesars Palace Forum Tower, Rm TBA - cont...(21:00-25:59) - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(22:00-25:59) - SecKC the World -
Night Life - Location TBA - cont...(22:00-25:59) - DC801 Party -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - cont...(21:00-25:59) - IoT Village Manson Party -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - Flamingo

 

Saturday - 26:00


Return to Index  -  Locations Legend
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - s7a73farm -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -

Sunday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Sunday - 06:00


Return to Index  -  Locations Legend
Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Defcon 26 4X5K run -

 

Sunday - 09:00


Return to Index  -  Locations Legend
SKY - Flamingo 3rd Flr - Virginia City Rm - Master Baiting! Dont Click Bait, Click Yourself - BACE16

 

Sunday - 10:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Generating Labeled Data From Adversary Simulations With MITRE ATT&CK - Brian Genz
AIV - Caesars Promenade Level - Florentine BR 3 - (10:40-10:59) - AI DevOps: Behind the Scenes of a Global Anti-Virus Company's Machine Learning Infrastructure - Alex Long
BCOS - Caesars Promenade Level - Pompeian BR 1 - The Good, the Bad, and the Private: Building and Breaking Safe Cryptocurrencies - Sarang Noether
BCOS - Caesars Promenade Level - Pompeian BR 1 - (10:45-10:59) - Contest winners, prizes, showcase and awards - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - WELCOME TO THE LAST DAY OF BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (10:15-10:59) - Exploiting immune defences - can malware learn from biological viruses? - Guy Propper
CPV - Caesars Promenade Level - Milano BR 1,2 - Welcome
CPV - Caesars Promenade Level - Milano BR 1,2 - (10:30-11:00) - Geolocation and Homomorphic Encryption - Nicholas Doiron
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - The Mouse is Mightier than the Sword - Patrick Wardle
DC - Track 1 - Caesars Emperor's Level - Palace BR - Rock appround the clock: Tracking malware developers by Android "AAPT" timezone disclosure bug - Sheila A. Berta, Sergio De Los Santos
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Defending the 2018 Midterm Elections from Foreign Adversaries - Joshua M Franklin , Kevin Franklin
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems - Leigh-Anne Galloway, Tim Yunusov
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - nzyme - Lennart Koopmann
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - GyoiThon - Isao Takaesu, Masuya Masafumi, Toshitsugu Yoneyama,
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - CHIRON - Rod Soto, Joseph Zadeh
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - PCILeech - Ulf Frisk, Ian Vitek
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Passionfruit - Zhi Zhou, Yifeng Zhang
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Conformer - Mikhail Burshteyn
Meetup - HHV - Caesars Pool Level - Forum 17-19 - (10:30-10:59) - Breakfast at Defcon -
RCV - Caesars Promenade Level - Florentine BR 1,2 -   - HackaThon Product(s) Shocase by Participants
RCV - Caesars Promenade Level - Florentine BR 1,2 - (10:50-11:20) - Winning a SANS 504 CTF without winning a SANS CTF - Wbbigdave
SKY - Flamingo 3rd Flr - Virginia City Rm - Facial Recognition - Let me let you in on a secret - Stumbles The Drunk

 

Sunday - 11:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - GAN to the dark side: A case study of attacking machine-learning systems to empower defenses - Li Chen
BCOS - Caesars Promenade Level - Pompeian BR 1 - Monero's Differentiated Community - Justin Ehrenhofer
BCOS - Caesars Promenade Level - Pompeian BR 1 - (11:30-11:59) - Privacy and Blockchain: A Boundary Object Perspective - Robin "midipoet" Renwick
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Jumping the Epidermal Barrier - Vlad Gostomelsky and Dr. Stan Naydin
CPV - Caesars Promenade Level - Milano BR 1,2 - Two-Steps to Owning MFA - Sherrie Cowley, Dennis Taggart
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Searching for the Light: Adventures with OpticSpy - Joe Grand
DC - Track 1 - Caesars Emperor's Level - Palace BR - Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more. - Josep Pi Rodriguez
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Politics and the Surveillance State. The story of a young politician's successful efforts to fight surveillance and pass the nation's strongest privacy bills. - Daniel Zolnikov
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits - zerosum0x0
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - nzyme - Lennart Koopmann
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - GyoiThon - Isao Takaesu, Masuya Masafumi, Toshitsugu Yoneyama,
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - CHIRON - Rod Soto, Joseph Zadeh
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - PCILeech - Ulf Frisk, Ian Vitek
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Passionfruit - Zhi Zhou, Yifeng Zhang
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Conformer - Mikhail Burshteyn
PHV - Caesars Promenade Level - Neopolitan BR - Microcontrollers and Single Board Computers for Hacking, Fun and Profit - gh057
PHW - Caesars Promenade Level - Neopolitan BR - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(10:50-11:20) - Winning a SANS 504 CTF without winning a SANS CTF - Wbbigdave
RCV - Caesars Promenade Level - Florentine BR 1,2 - (11:25-12:55) - Stalker In A Haystack - MasterChen
SKY - Flamingo 3rd Flr - Virginia City Rm - Sex Work After SESTA - Maggie Mayhem

 

Sunday - 12:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Stealing Crypto 2 Factor Isn't a Factor - Rod Soto and Jason Malley
BCOS - Caesars Promenade Level - Pompeian BR 1 - (12:30-12:59) - Monero Project's Vulnerability Response Process - Anonimal
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(11:00-12:15) - Jumping the Epidermal Barrier - Vlad Gostomelsky and Dr. Stan Naydin
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (12:15-12:59) - Selfie or Mugshot? - Anne Kim
CPV - Caesars Promenade Level - Milano BR 1,2 - Implementing a Library for Pairing-based Transform Cryptography - Bob Wall, Colt Frederickson
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Breaking Smart Speakers: We are Listening to You. - Wu HuiYu, Qian Wenxiang
DC - Track 1 - Caesars Emperor's Level - Palace BR - Last mile authentication problem: Exploiting the missing link in end-to-end secure communication - Thanh Bui, Siddharth Rao
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Attacking the macOS Kernel Graphics Driver - Yu Wang
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities - Matt Knight, Ryan Speers
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Expl-iot—IoT Security Testing and Exploitation framework - Aseem Jakhar
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - DejaVU—An Open Source Deception Framework - Bhadreshkumar Patel, Harish Ramadoss
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - GUI Tool for OpenC2 Command Generation - Efrain Ortiz
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - Fishing for Phishers. The Enterprise Strikes Back! - Joseph Muniz, Aamir Lakhani
PHW - Caesars Promenade Level - Neopolitan BR - cont...(11:00-12:59) - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(11:25-12:55) - Stalker In A Haystack - MasterChen
RCV - Caesars Promenade Level - Florentine BR 1,2 - Mapping Social Media with Facial Recognition - Jacob Wilkin
RCV - Caesars Promenade Level - Florentine BR 1,2 - (12:25-12:40) - Hackathon and CTF Prizes, and a Group Photo - Recon Village Team
RCV - Caesars Promenade Level - Florentine BR 1,2 - (12:45-12:59) - Closing Note - Shubham Mittal / Sudhanshu Chauhan
SKY - Flamingo 3rd Flr - Virginia City Rm - JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else - Guy Barnhart-Magen and Ezra Caltum

 

Sunday - 13:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Village summary - Diego "rehrar" Salazar
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Getting Skin in the Game: Biohacking & Business - Cyberlass
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (13:45-13:45) - PWN to OWN my own Heart. Journey into hacking my own pacemake - Veronica Schmit
CPV - Caesars Promenade Level - Milano BR 1,2 - Integrating post-quantum crypto into real-life applications - Christian Paquin
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Trouble in the tubes: How internet routing security breaks down and how you can do it at home - Lane Broadbent
DC - Track 1 - Caesars Emperor's Level - Palace BR - Man-In-The-Disk - Slava Makkaveev
DC - Track 1 - Caesars Emperor's Level - Palace BR - (13:30-13:50) - Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading - Ruo Ando
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Micro-Renovator: Bringing Processor Firmware up to Code - Matt King
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (13:30-13:50) - Lost and Found Certificates: dealing with residual certificates for pre-owned domains - Ian Foster, Dylan Ayrey
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - barcOwned—Popping shells with your cereal box - Michael West, magicspacekiwi (Colin Campbell)
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (13:30-13:50) - Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking - ldionmarcil
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - Expl-iot—IoT Security Testing and Exploitation framework - Aseem Jakhar
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - DejaVU—An Open Source Deception Framework - Bhadreshkumar Patel, Harish Ramadoss
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - GUI Tool for OpenC2 Command Generation - Efrain Ortiz
PHV - Caesars Promenade Level - Neopolitan BR - What Do You Want to be When You Grow Up? - Damon "ch3f" Small
SKY - Flamingo 3rd Flr - Virginia City Rm - Game Runner 2049: The Battles Fought by the King of the Replicants - Nick Cano

 

Sunday - 14:00


Return to Index  -  Locations Legend
CPV - Caesars Promenade Level - Milano BR 1,2 - (Not Recorded) Closing Remarks
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Betrayed by the keyboard: How what you type can give you away - Matt Wixey
DC - Track 1 - Caesars Emperor's Level - Palace BR - Your Watch Can Watch You! Gear Up for the Broken Privilege Pitfalls in the Samsung Gear Smartwatch - Dongsung Kim, Hyoung-Kee Choi
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Hacking BLE Bicycle Locks for Fun and a Small Profit - Vincent Tan
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers - Xiaolong Bai, Min (Spark) Zheng

 

Sunday - 15:00


Return to Index  -  Locations Legend
DC - Track 1 - Caesars Emperor's Level - Palace BR - PANEL: DEF CON GROUPS - Brent White (B1TK1LL3R), Jeff Moss (The Dark Tangent), Jayson E. Street, S0ups, Tim Roberts (byt3boy), Casey Bourbonnais, April
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - What the Fax!? - Yaniv Balmas, Eyal Itkin
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Fuzzing Malware For Fun & Profit. Applying Coverage-guided Fuzzing to Find and Exploit Bugs in Modern Malware - Maksim Shudrak

 

Sunday - 16:00


Return to Index  -  Locations Legend
DC - Track 1 - Caesars Emperor's Level - Palace BR - DEF CON Closing Ceremonies - The Dark Tangent

 

Sunday - 17:00


Return to Index  -  Locations Legend
DC - Track 1 - Caesars Emperor's Level - Palace BR - cont...(16:00-17:45) - DEF CON Closing Ceremonies - The Dark Tangent

Speaker List


_delta_zero
@_delta_zero
@_j3lena_
@3ncr1pted
@arinerron
@bodaceacat
@bwall (Moderator)
@drhyrum
@filar
@gradient_janitor
@IrishMASMS
@jtpereyda
@malwareunicorn
@pixieofchaos
@Plug
@rainbow_tables
@rharang
@Straithe
@wornbt
0x200b
a nurse
A.
Aadvark
Aamir Lakhani
Abhay Bhargav
Abhijeth D
Adam Caudill
Adam Steed
Adrian, Alex
Agent X
AI Village Organizers
Alejandro Mayorkas
Alejo Murillo
Alex Catarineu
Alex Levinson
Alex Levinson
Alex Long
Alex Padilla
Alex Stanev
Alex
Alexander Winnicki
Alexandre Borges
Alexandrine Torrents
Alexei Bulazel
Alfonso García
Allen Cai
Almost Human
Amanda Rousseau
Amber McReynolds
Amit Elazari Bar On
Amit Elazari
Amit Elazari
Anand Tiwari
Andrés Arrieta
Andrea Marcelli
Andrew Johnson
Andrew Macpherson
Andrew Morris
Andrew Morris
Andy Applebaum
Andy Applebaum
Andy Coravos
Angelos Stavrou
Ankur Tyagi
Anne Kim
Annie Rouse
Anonimal
Anonimal
Anshuman Bhartiya
Anto Joseph
April Wright
Ariel Herbert-Voss
Arnaud SOULLIÉ
Arun Magesh
Arun Mane
Aseem Jakhar
Ashwin K Whitchurch
Aunsuhl Rege
Aylin Caliskan
Azeem Aqil
BACE16
Balint Seeber
Balint Seeber
Beau Woods
Ben Barenz
Ben Hughes
Ben Nassi
Besim Altinok
Beth Schechter
Bhadreshkumar Patel
Bharath Kumar
BiaSciLab
Billy Boatright
Bob Wall
Brandon Workentin
Brendan OConnor
Brent White (B1TK1LL3R)
Brian Genz
Brian Milliron
Brittany "Straithe" Postnikoff
Bruce Potter
Bryan Austin
Bryan Passifiume
Bryce Kunz
Bryson Bort
Caleb Madrigal
Caleb Madrigal
Caleb Madrigal
Carlos Aguayo
Carlos Pacho
Caroline D. Hardin
Carsten Schurmann
Casey Bourbonnais
Chad Wanke
Changhyun Park
Chet Hosmer
Chet Hosmer
Chris Gammell
Chris Gardner
Chris Hadnagy
Chris Hanlon
Chris Roberts
Chris Silvers
Chris"Suggy" Sumner
Christian "quaddi" Dameff MD
Christian Paquin
Christian"quaddi" Dameff MD
Christopher Domas
Christopher Domas
Cinnamonflower
Clarence Chio
Colt Frederickson
Commodore Z
Craig Smith
Cristina Munoz
Csaba Fitzl
Cyberlass
Damien "virtualabs" Cauquil
Damon "ch3f" Small
Dan Borges
Dan Borges
Daniel "unicornFurnace" Crowley
Daniel Underhay
Daniel Williams (fbus)
Daniel Zolnikov
Darkmatter
Darren Kitchen
Dave Buchwald
Dave Porcello
David Melendez Cano
David Melendez Cano
David Nathans
David Pearson
David Scott Lewis
David Tomaschik
David Turco
Davin Potts
Debra Laefer
Dennis Giese
Dennis Giese
Dennis Taggart
Devin "Bearded Warrior" Pearson
Diego "rehrar" Salazar
Diego Aranha
DilDog
Dimitri
Dino Covotsos
dj beep code
Dominic Spill
Dominic Spill
Dongsung Kim
Douglas McKee
Dr Adam Everspaugh
Dr. Aylin Caliskan
Dr. Siegfried Rasthofer
Dr. Silke Holtmanns
Dr. Stan Naydin
Dr. Stan Naydin
Dr. Stan Naydin
Dr. Stan Naydin
Dr. Steven Arzt
Dylan Ayrey
Dylan James Smith
Ed Miles
Eduardo Izycki
Efrain Ortiz
egypt
Eijah
Elinor Mills
Elissa Shevinsky
Elizabeth Biddlecome
elkentaro
Elliott Brink
Erez Yalon
Eric Reuter
Eric Sesterhenn
Erin Hefley
Erwin Paternotte
Esteban Rodriguez
Ethan Gregory Dodge
Ethan Gregory Dodge
Evan Yang
Eyal Itkin
Ezra Caltum
Ezra Caltum
Faz
Fedor Sakharov
Felix "Crypto_Cat" Honigwachs
Feng Xiao
Flamingo
Fluffy Pony
Fluffy Pony
Francisco "ArticMine" Cabañas
Frank (@cosmovaltran
Fred Mastrippolito
Gabriel Bergel
Gabriel Ryan
Gabriel Ryan
Gabriel Ryan
Garett Montgomery
Gary Bates
George Tarnovsky
Georgia Weidman
Gerry Scott
gh057
Gita Ziabari
Glen Grant
Gozde Sinturk
Gozde Sinturk
Guang Gong
Guy Barnhart-Magen
Guy Barnhart-Magen
Guy Propper
HackaThon Product(s) Shocase by Participants
Hadar Yudovich
Hannah Silvers
Hari Hursti
Harish Ramadoss
Harry Moreno
HighWiz
hon1nbo
Howard (hyc) Chu
Huajiang "Kevin2600" Chen
Hwiwon Lee
Hyoung-Kee Choi
Ian Foster
Ian Haken
Ian Vitek
illwill
Imri Goldberg
infosecanon
Irwin Reyes
Isao Takaesu
Isao Takaesu
Isha Singh
Ivan Torroledo
J. Alex Halderman
Jacob Holcomb
Jacob Wilkin
Jake Braun
Jake Braun(moderator)
Jakub Botwicz
James Albany
James Coote
James Harris
Jamie Lee Williams
Jamie Williams
Jason Haddix
Jason Hill
Jason Malley
Jay Radcliffe
Jay Turla
Jayesh Singh Chauhan
Jayson E. Street
Jeanette Manfra
Jeanette Manfra
Jeanna Matthews
Jeanna Matthews
Jeff Kosseff
Jeff Magloire
Jeff"r3plicant" Tully MD
Jeffrey Ladish
Jen "savagejen" Savage
Jen Dalsen
Jen Ellis
Jennifer Roderick
Jeremy Johnson
Jericho
Jerome Greco
Jesse Michael
Jessica “Zhanna” Malekos Smith
Jeswin Mathai
Jeswin Mathai
Jianjun Dai
Jianwei Huang
Jin Yang
Joan Donovan
Joe FitzPatriclk
Joe Grand (Kingpin)
Joe Grand (Kingpin)
Joe Grand
Joe Grand
Joe Rozner
Joe Slowik
Joel Murphy
John Aho
John Dunlap
John Dunlap
John Dunlap
John Stoner
John Stoner
John Stoner
John Stoner
John Tan
Johnny Long
Jon Medina
Jon Overgaard Christiansen
Jos Wetzels
Josep M. Pujol
Josep Pi Rodriguez
Joseph Kiniry
Joseph Muniz
Joseph Zadeh
Joseph Zadeh
Josh Mitchell
Josh Mitchell
Joshua Corman
Joshua M Franklin
Joshua Pereyda
Joshua Pereyda
Judy Towers
Jun Li
Justin Ehrenhofer
Justin Ehrenhofer
Justin Whitehead
Kang Li
Kat Mansourimoaied
Kat Sweet
Katherine Pratt
Kathleen Mullen
Katiza Rodriguez
Keith Conway (@algirhythm)
Kelley
Ken Keiser
Kendall Blaylock
Keren Elazari
Keren Elazari
Kevin Chen
Kevin Franklin
Kevin Lustic
Kirill Levchenko PhD
Konark Modi
Konark Modi
Kunzhe Chai
Kurt Opsahl
L0pht Heavy Industries
Ladar Levison
Lane Broadbent
Laura H
ldionmarcil
Leandro Velasco
Lei Shi
Leigh-Anne Galloway
Lennart Koopmann
Leo Meyerovich & Eugene Teo
Leo Meyerovich & Eugene Teo
Li Chen
Lin Huang
Lior Kolnik
Lloyd Miller
Lokesh Pidawekar
Lorenzo Bernardi
Louis Nyffenegger
Louis Nyffenegger
Luca Bongiorni
Luke Jahnke
Luke Jahnke
M.Can KURNAZ
m010ch_
Madhu Akula
Madhu
Magg
Maggie Mayhem
Maggie Mayhem
magicspacekiwi (Colin Campbell)
Mahrud Sayrafi
Maksim Shudrak
Malware Unicorn
Mansour Ahmadi
Marc DaCosta
Marcelle
Margaret MacAlpine
Marie Fromm
Marina Krotofi
Marina Krotofil
Mark Klink
Mark Lewi
Mark Lewis
Mark Mager
Marko Bencun
Marko Bencun
Martin Vigo
MasterChen
MasterChen
Masuya Masafumi
Matt
Matt Blaze
Matt Cheung
Matt Cheung
Matt Goerzen
Matt King
Matt Knight
Matt Mahler
Matt Urquhart
Matt Wixey
Matt Wixey
Matthew Bernhard
Matthew Daley
Mattijs van Ommeren
Mauricio Velazco
Mauro Cáseres
Mauro Caseres
Mauro Paredes
Mayor Chad Wanke
Mbis0n Shadoru
Mehmet Kutlay Kocer
Micah Hoffman
Micah Hoffman
Michael Gianarakis
Michael Hiller
Michael Hiller
Michael Lee Nirenberg
Michael Ossmann
Michael Schloh
Michael Schloh
Michael Schloh
Michael West
Mickey Shkatov
midipoet
midipoet
Miguel Guirao
Mike Davis
Mike Godfrey
Mike Raggo
Mike Raggo
Mike Spicer
Mike Westmacott
Mikhail Burshteyn
Min (Spark) Zheng
Min (Spark) Zheng
Mingchuang Qun
Mixæl Laufer
Monta Elkins
Morgan "indrora" Gangwere
Mr. Br!ml3y
MSvB
MSvB
Mudge
mwguy
Nafeez
Nancy Eckert
Nate Cardozo
Nate Cardozo
Nate Temple
Nathan 'nash' Sheard
Nathan Adams
Nathan White
Neal Kelley
Neel Pandeya
Neil Fallon
Nevermoe (@n3v3rm03)
Nicholas Doiron
Nick - GraphX
Nick Cano
Nick Cano
Nick Cano
Nick Delewski
Nick Sayer
Nick Tait
Nicolas Kseib
Nikita
Nils Amiet
Nishant Sharma
Nishant Sharma
Noah Praetz
Nox
OCP (by proxy)
Octet In Triplicate
Olivia Thet
Omar Santos
Omer Cohen
Orange Tsai
Panel
Parasew
Parsia Hakimian
Patrick DeSantis
Patrick Wardle
Patrick Wardle
Paul Shapiro
Pavan Mohan
Pedro Fortuna
Peng Liu
Philip Martin
Philipp Claen
Philippe Delteil
Pigeon
Pranshu Bajpai
Prashant Mahajan
Prof Andrea M. Matwyshyn, Professor of Law, NUSL
Project Nexus
Project Nexus
pwrcycle
Qian Wenxiang
Rachel Greenstadt
Ram Shankar Siva Kumar
Raphael Norwitz
Raye Keslensky
recompiler
Recon Village Team
Renderman
Rex
Rich Seymour
Richard Henderson
Richard Thieme
Rick "Captain Marko Ramius" Mellendick
Rick "Ward River" Mellendick
Rick "Ward River" Mellendick
Rick "Ward River" Mellendick
Rick "Ward River" Mellendick
Rick Ramgattie
Ricky "HeadlessZeke" Lawshae
Rik van Duijn
Roamer
Rob Brandon
Rob Joyce
Rob Joyce
Robert Karas
Robert Portvliet
Robert Potter
Roberto Suarez
Robin "midipoet" Renwick
Rod Soto
Rod Soto
Rod Soto
Rodrigo Colli
Rogan Dawes
Rogan Dawes
Roger Dingledine
Ron Taylor
Rowan Phipps
Ruo Ando
Rushikesh D. Nandedkar
Russ Handorf
Russell Mosley
Ryan Holeman
Ryan Johnson
Ryan Kovar
Ryan Kovar
Ryan Kovar
Ryan Kovar
Ryan MacDougall
Ryan Mitchell
Ryan Speers
S0ups
Salvador Mendoza
Sam Bowne
Sam Erb
Sanat Sharma
Sandeep Singh
Sanoop Thomas
Sara-Jayne Terp
Sarah St. Vincent
Sarang Noether
Saurabh Harit
Saurabh Harit
Saurabh Harit
Saurabh Harit
Scott Arciszewski
Seamus Burke
Sean Gallagher
Sean Metcalf
Sean Wilson
Seb Kinne
Sebastian Garcia
security panda
Senhua Wang
Sergei Frankoff
Sergio De Los Santos
Seth Law
sghctoma
Shaggy
Shamiq
Shaokun Cao
Sharath Kumar Ramadas
Shawn Merdinger
Sheila A. Berta
Sheng-Hao Ma
Sherrie Cowley
Shubham Mittal
Shubham Mittal
Shubham Shah
Si
Siddharth Rao
Sidragon
siDragon
Silas Cutler
Silicosis
singe
Slava Makkaveev
smea
Sneha Rajguru
Soldier of FORTRAN
Space Rogue
Srinivas Rao
Stark Riedesel
Stephan Huber
Stephanie Stroka
Stephen Hilt
Steve Thomas
steve0
Steven Danneman
Stumbles The Drunk
Sudhanshu Chahuhan
Sudhanshu Chauhan
Svea Eckert
Sven Cattell
Tarah Wheeler
Tay-Tay fanboi Wasabi
Taylor Banks
Taylor Hornby
Tess Schrodinger
Thanh Bui
The Dark Tangent
The Dark Tangent
The Tarquin
Thiago Alves
Thomas VanNorman
Till Krause
Tim Roberts (byt3boy)
Tim Yunusov
Timothy Clemans
To be announced
toddpar0dy
Tom Kahana
Tom Sela
TonTon Huang
Toshitsugu Yoneyama,
Travis Goodspeed
Travis Goodspeed
Truman Kain
TryCatchHCF
Ulf Frisk
Uncle G.
Utku Sen
Utku Sen
Vadim Pavlov
Vaibhav Gupta
Veronica Schmit
Veronica Schmitt
Vincent Tan
Vinnie Vanhoecke
Violet Blue
Vlad Gostomelsky
Walter Cuestas
Wasabi
Wayne Ronaldson
Wbbigdave
Weed Anon
WeedAnon
Weld Pond
Wendy Knox Everette
Wenlin Yang
Wesley McGrew
Wesley McGrew
Whitney Champion
William Knowles
William Martin
William Martin
William Suthers
William Vu
Wiseacre
Wojciech Rauner
Wu HuiYu
Xavier Ashe
Xavier Ashe
Xiaolong Bai
Xiaolong Bai
Yaniv Balmas
yawnbox
Yifeng Zhang
Yingtao Zeng
Yolan Romailler
Yu Wang
Yueting Lee
Yunding Jian
Yuwei Zheng
Yuwei Zheng
Zach
zenofex
Zero_Chaos
Zero_Chaos
Zero_Chaos
Zero_Chaos
Zero_Chaos
Zero_Chaos
zerosum0x0
Zhenxuan Bai
Zhi Zhou
Zhiniang Peng

Talk List


Reverse Engineering with OpenSCAD and 3D Printing - WS - Linq 4th Flr - Icon B
"Probably": an Irreverent Overview of the GDPR - CPV - Caesars Promenade Level - Milano BR 1,2
"Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale - CPV - Caesars Promenade Level - Milano BR 1,2
(Not Recorded) Ask Me Anything about Tor: AMA with Roger Dingledine - CPV - Caesars Promenade Level - Milano BR 1,2
(Responsible?) Offensive Machine Learning - AIV - Caesars Promenade Level - Florentine BR 3
[Networking/Social] Blackhat/DefCon Meet-up at Cafe Americano - Meetup - Caesars - Cafe Americano
/R/defcon redit Meetup - Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace)
/R/defcon redit Meetup - Meetup - Flamingo - 3rd Floor - Chillout Rm
#WiFiCactus - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
1983: I’m born. 2018: I’m taking on the bad guys - RCV - Caesars Promenade Level - Florentine BR 1,2
4G—Who is paying your cellular phone bill? - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
503 Party 2018 - Night Life - Forum Tower Duplex Hangover Suite
80 to 0 in under 5 seconds: Falsifying a medical patient's vitals - DC - Track 1 - Caesars Emperor's Level - Palace BR
8th Defcon Bike Ride - Meetup - Local Bikeshop
  - RCV - Caesars Promenade Level - Florentine BR 1,2
A Comprehensive Forensic Analysis of WINVote Voting Machines - VMHV - Caesars Pool Level - Forum 14-16
A CTF That Teaches: Challenging the Next Generation of ICS Ethical Hackers - ICS - Flamingo Lower Level - Red Rock Rm 6-8
A Journey Into Hexagon: Dissecting a Qualcomm Baseband - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
A Rundown of Security Issues in Crypto Software Wallets - BCOS - Caesars Promenade Level - Pompeian BR 1
A SOC in the Village - ICS - Flamingo Lower Level - Red Rock Rm 6-8
About the Open Cannabis Project - PPV - Flamingo Lower Level - Valley Of Fire Rms
Accountability without accountability: A censorship measurement case study - EHV - Caesars Promenade Level - Modena Rm
ADRecon: Active Directory Recon - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Advanced APT Hunting with Splunk - PHW - Caesars Promenade Level - Neopolitan BR
Advanced APT Hunting with Splunk - PHW - Caesars Promenade Level - Neopolitan BR
Advanced Custom Network Protocol Fuzzing - WS - Linq 4th Flr - Icon C
Advanced Wireless Attacks Against Enterprise Networks - WS - Linq 4th Flr - Icon C
Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - WS - Linq 4th Flr - Icon D
Adventures in the dark web of government data - RCV - Caesars Promenade Level - Florentine BR 1,2
Adversarial Patches - AIV - Caesars Promenade Level - Florentine BR 3
AI DevOps: Behind the Scenes of a Global Anti-Virus Company's Machine Learning Infrastructure - AIV - Caesars Promenade Level - Florentine BR 3
All your family secrets belong to us—Worrisome security issues in tracker apps - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
All your math are belong to us - DC - Track 1 - Caesars Emperor's Level - Palace BR
An Attacker Looks at Docker: Approaching Multi-Container Applications - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
An Introduction to Kovri - BCOS - Caesars Promenade Level - Pompeian BR 1
An OSINT Approach to Third Party Cloud Service Provider Evaluation - PHV - Caesars Promenade Level - Neopolitan BR
An Overview of Hydroponic Grow Techniques - PPV - Flamingo Lower Level - Valley Of Fire Rms
Analyzing Malscripts: Return of the Exploits! - WS - Linq 4th Flr - Icon E
Analyzing VPNFilter's Modbus Module - ICS - Flamingo Lower Level - Red Rock Rm 6-8
Angad: A Malware Detection Framework using Multi-Dimensional Visualization - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Announcing the Underhanded Crypto Contest Winners - CPV - Caesars Promenade Level - Milano BR 1,2
Anonymous rate-limiting in services with Direct Anonymous Attestation - CPV - Caesars Promenade Level - Milano BR 1,2
Applied OSINT For Politics: Turning Open Data Into News - RCV - Caesars Promenade Level - Florentine BR 1,2
Applied Physical Attacks on Embedded Systems, Introductory Version - HHV - Caesars Pool Level - Forum 17-21
Arcade Party - Night Life - Flamingo - 3rd Floor - Mesquite Rm
Archery—Open Source Vulnerability Assessment and Management - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
ARM eXploitation 101 - WS - Linq 4th Flr - Icon D
Asking for a Friend - EHV - Caesars Promenade Level - Modena Rm
Assessments of Election Infrastructure and Our Understanding and sometimes whY - VMHV - Caesars Pool Level - Forum 14-16
Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading - DC - Track 1 - Caesars Emperor's Level - Palace BR
Attack & Defense in AWS Environments - WS - Linq 4th Flr - Icon E
Attacking & Auditing Docker Containers Using Open Source - WS - Linq 4th Flr - Icon E
Attacking Active Directory and Advanced Defense Methods in 2018 - WS - Linq 4th Flr - Icon C
Attacking Commercial Smart Irrigation Systems - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Attacking Gotenna Networks - WLV - Caesars Promenade Level - Milano BR 5,6
Attacking the macOS Kernel Graphics Driver - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Automated Discovery of Deserialization Gadget Chains - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Automated Planning for the Automated Red Team - AIV - Caesars Promenade Level - Florentine BR 3
Automating DFIR: The Counter Future - BTV - Flamingo 3rd Flr- Savoy Rm
barcOwned—Popping shells with your cereal box - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Batman, Brain Hacking, and Bank Accounts - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
BCOS keynote speech - BCOS - Caesars Promenade Level - Pompeian BR 1
Behavior-Based Defense in ICS Environments: Leveraging Minor Incidents to Protect Against Major Attacks - ICS - Flamingo Lower Level - Red Rock Rm 6-8
Betrayed by the keyboard: How what you type can give you away - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Beyond Adversarial Learning -- Security Risks in AI Implementations - AIV - Caesars Promenade Level - Florentine BR 3
Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape - DC - Octavius 9
Biohacking the Disability - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Bitsquatting: Passive DNS Hijacking - PHV - Caesars Promenade Level - Neopolitan BR
BlanketFortCon - Night Life - Flamingo - 3rd Floor - Carson City Rm
BLE CTF - WLV - Caesars Promenade Level - Milano BR 5,6
BLEMystique—Affordable custom BLE target - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Blue_Sonar - WLV - Caesars Promenade Level - Milano BR 5,6
Booby Trapping Boxes - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
boofuzz - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Book Signing - Craig Smith - The Car Hacker's Handbook - Service - Vendors Area - No Starch Press Table
Book Signing - Elissa Shevinsky - Lean Out - Service - Vendors Area - No Starch Press Table
Book Signing - Georgia Weidman - Penetration Testing - Service - Vendors Area - No Starch Press Table
Book Signing - Nick Cano - Game Hacking - Service - Vendors Area - No Starch Press Table
Book Signing - Tarah Wheeler, with Keren Elazari - Women in Tech - Service - Vendors Area - No Starch Press Table
Book Signing - Travis Goodspeed - PoC || GTFO - Service - Vendors Area - No Starch Press Table
Book Signing - Violet Blue - The Smart Girls's Guide to Privacy - Service - Vendors Area - No Starch Press Table
Breakfast at Defcon - Meetup - HHV - Caesars Pool Level - Forum 17-19
Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more. - DC - Track 1 - Caesars Emperor's Level - Palace BR
Breaking In: Building a home lab without having to rob a bank - HHV - Caesars Pool Level - Forum 17-21
Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out! - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Breaking Smart Speakers: We are Listening to You. - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
BruCamp - Meetup - Caesars - Promenade Level - Livorno/Village Talks Rm
BSSI [Brain Signal Strength Indicator] - finding foxis with acoustic help (piClicker) - WLV - Caesars Promenade Level - Milano BR 5,6
Bug Bounty Hunting on Steroids - RCV - Caesars Promenade Level - Florentine BR 1,2
Build Your Own OpticSpy Receiver Module - WS - Linq 4th Flr - Icon A
Building a Better Bedside - The Blue Team Needs a Plan B - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Building a Cryptographic Backdoor in OpenSSL - CPV - Caesars Promenade Level - Milano BR 1,2
Building a Teaching SOC - PHV - Caesars Promenade Level - Neopolitan BR
Building Absurd Christmas Light Shows - DC - 101 Track
Building Autonomous AppSec Test Pipelines with the Robot Framework - WS - Linq 4th Flr - Icon E
Building Drones the Hard Way - HHV - Caesars Pool Level - Forum 17-21
Building Environmentally Responsive Implants with Gscript - WS - Linq 4th Flr - Icon C
Building the Hacker Tracker - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Building visualisation platforms for OSINT data using open source solutions - RCV - Caesars Promenade Level - Florentine BR 1,2
Buzzing Smart Devices: Smart Band Hacking - WS - Linq 4th Flr - Icon B
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010 - DC - Track 1 - Caesars Emperor's Level - Palace BR
Bypassing Windows Driver Signature Enforcement - WS - Linq 4th Flr - Icon A
Can you hear me now, DEF CON? - WLV - Caesars Promenade Level - Milano BR 5,6
Capturing in Hard to Reach Places - PHV - Caesars Promenade Level - Neopolitan BR
Car Infotainment Hacking Methodology and Attack Surface Scenarios - PHV - Caesars Promenade Level - Neopolitan BR
Cartoons, Sketchnotes, Bullet Journals and Other Data Visualization Tricks - RCV - Caesars Promenade Level - Florentine BR 1,2
CATs - A Tale of Scalable Authentication - CPV - Caesars Promenade Level - Milano BR 1,2
Chatting with your programs to find vulnerabilities - AIV - Caesars Promenade Level - Florentine BR 3
CHIRON - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
Cicada: What the Puzzles Can Teach Us About Cryptography and Privacy. - CPV - Caesars Promenade Level - Milano BR 1,2
Closing Note - RCV - Caesars Promenade Level - Florentine BR 1,2
Cloud Encryption: How to not suck at securing your encryption keys - CPV - Caesars Promenade Level - Milano BR 1,2
Cloud Security Myths - BTV - Flamingo 3rd Flr- Savoy Rm
Cloud Security Myths - SKY - Flamingo 3rd Flr - Virginia City Rm
Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Cobalt DEF CON Party 2018 - Night Life - Flamingo, Rm # after registration
Compression Oracle Attacks on VPN Networks - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Compromising online accounts by cracking voicemail systems - DC - Track 1 - Caesars Emperor's Level - Palace BR
Conformer - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Contest winners, prizes, showcase and awards - BCOS - Caesars Promenade Level - Pompeian BR 1
Contests, Challenges, and free giveaways - BCOS - Caesars Promenade Level - Pompeian BR 1
Core OSINT: Keeping Track of and Reporting All the Things - RCV - Caesars Promenade Level - Florentine BR 1,2
Cruising the Cannabis Highway: Major Breaches in Cannabis Software - PPV - Flamingo Lower Level - Valley Of Fire Rms
Crypto Hero - WS - Linq 4th Flr - Icon F
Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications - CPV - Caesars Promenade Level - Milano BR 1,2
Cubcon 2018 - Night Life - Caesars - Location printed on badges
Current Policy Responses to Election Security Concerns - VMHV - Caesars Pool Level - Forum 14-16
Custodial Responsibilities in the Connected Age: Digital Specimens and Social Contracts - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
D(Struction)20 CTF - Contest - Contest Stage
D0 N0 H4RM: A Healthcare Security Conversation - DC - Octavius 9
DC 26 GothCon - Night Life - Caesars - Lobby bar
DC801 Party - Night Life - Location TBA
De-anonymizing Programmers from Source Code and Binaries - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Deaf Con Meet Up - Meetup - Chill Out Lounge
Decentralized Hacker Net - WS - Linq 4th Flr - Icon F
Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe? - SKY - Flamingo 3rd Flr - Virginia City Rm
Deep Exploit - AIV - Caesars Promenade Level - Florentine BR 3
DeepPhish: Simulating the Malicious Use of AI - AIV - Caesars Promenade Level - Florentine BR 3
DEF CON 101 Panel - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
DEF CON 26: Bugcrowd House Party - Night Life - Rockhouse Bar 3370 S Las Vegas Blvd
DEF CON Beard and Moustache Contest - Contest - Contest Stage
DEF CON Biohacking Village Badge Talk - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
DEF CON Blitz Chess Tournament - Contest - Contest Stage
DEF CON Closing Ceremonies - DC - Track 1 - Caesars Emperor's Level - Palace BR
DEF CON Dinner Con - Meetup - The Park on Las Vegas Blvd. by TMobile Arena
Defcon 26 4X5K run - Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure
Defcon 26 4X5K run - Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure
Defcon 26 4X5K run - Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure
Defcon 26 4X5K run - Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure
DEFCON 909 Meet Up - Meetup - Caesars - Circle Bar
Defcon Monero Party 2018 - Night Life - Caesars Palace Forum Tower, Rm TBA
Defending the 2018 Midterm Elections from Foreign Adversaries - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Defense in Depth: The Path to SGX at Akamai - PHV - Caesars Promenade Level - Neopolitan BR
DejaVU—An Open Source Deception Framework - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Deploying, Attacking, and Securing Software Defined Networks - WS - Linq 4th Flr - Icon F
Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Detecting Blue Team Research Through Targeted Ads - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Detecting Web Attacks with Recurrent Neural Networks - AIV - Caesars Promenade Level - Florentine BR 3
Diagnosing Sick Plants with Computer Vision - PPV - Flamingo Lower Level - Valley Of Fire Rms
Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Disabling Intel ME in Firmware - HHV - Caesars Pool Level - Forum 17-21
Disassembly and Hacking of Firmware Where You Least Expect It: In Your Tools- with live hacking demonstration - ICS - Flamingo Lower Level - Red Rock Rm 6-8
Discussion - EHV - Caesars Promenade Level - Modena Rm
Discussion - EHV - Caesars Promenade Level - Modena Rm
Disrupting the Digital Dystopia or What the hell is happening in computer law? - DC - Octavius 13
Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Diversity and Equality in Infosec - EHV - Caesars Promenade Level - Modena Rm
DNA Encryption: Bioencryption to Store Your Secrets in living organisms - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Don't Bring Me Down: Weaponizing botnets - SKY - Flamingo 3rd Flr - Virginia City Rm
Dragnet—Your Social Engineering Sidekick - DC - Track 1 - Caesars Emperor's Level - Palace BR
Drunk Hacker History - Contest - Contest Stage
Ducky-in-the-Middle: Injecting Keystrokes into Plaintext Protocols - PHV - Caesars Promenade Level - Neopolitan BR
EAPHammer - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
EFF Fireside Hax (AKA Ask the EFF) - DC - Roman Chillout
EFF Tech Trivia - Contest - Contest Stage
Effective Log & Events Management - BTV - Flamingo 3rd Flr- Savoy Rm
Emergent Recon - fresh methodology and tools for hackers in 2018 - RCV - Caesars Promenade Level - Florentine BR 1,2
Ethical Disclosure and the Reduction of Harm - EHV - Caesars Promenade Level - Modena Rm
Ethics for Security Practitioners - EHV - Caesars Promenade Level - Modena Rm
Ethics of Technology in Humanitarian and Disaster Response - EHV - Caesars Promenade Level - Modena Rm
Evolving security operations to the year 2020 - BTV - Flamingo 3rd Flr- Savoy Rm
Examining Monero's Ring Signatures - BCOS - Caesars Promenade Level - Pompeian BR 1
Expl-iot—IoT Security Testing and Exploitation framework - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Exploiting Active Directory Administrator Insecurities - DC - Track 1 - Caesars Emperor's Level - Palace BR
Exploiting immune defences - can malware learn from biological viruses? - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Exploiting IoT Communications - A Cover within a Cover - SKY - Flamingo 3rd Flr - Virginia City Rm
Exploiting the IoT hub : What happened to my home? - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Exploring the 802.15.4 Attack Surface - WLV - Caesars Promenade Level - Milano BR 5,6
Facial Recognition - Let me let you in on a secret - SKY - Flamingo 3rd Flr - Virginia City Rm
Fasten your seatbelts: We are escaping iOS 11 sandbox! - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Finding and Attacking Undocumented APIs with Python - PHW - Caesars Promenade Level - Neopolitan BR
Finding Needles in Haystacks - WS - Linq 4th Flr - Icon D
Finding Xori: Malware Analysis Triage with Automated Disassembly - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Fire & Ice: Making and Breaking macOS Firewalls - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
firstorder - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
Fishing for Phishers. The Enterprise Strikes Back! - PHV - Caesars Promenade Level - Neopolitan BR
For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Forensic Investigation for the Non-Forensic Investigator - WS - Linq 4th Flr - Icon A
FPGA’s: a new attack surface for embedded adversaries. - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Freedom of Information: Hacking the Human Black Box - PHV - Caesars Promenade Level - Neopolitan BR
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
From Introvert to SE: The Journey - SEV - Caesars Promenade South - Octavius BR 3-8
From MormonLeaks to FaithLeaks - SKY - Flamingo 3rd Flr - Virginia City Rm
Fuzzing FTW - WS - Linq 4th Flr - Icon D
Fuzzing Malware For Fun & Profit. Applying Coverage-guided Fuzzing to Find and Exploit Bugs in Modern Malware - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Fuzzing with AFL (American Fuzzy Lop) - WS - Linq 4th Flr - Icon B
Game Runner 2049: The Battles Fought by the King of the Replicants - SKY - Flamingo 3rd Flr - Virginia City Rm
GAN to the dark side: A case study of attacking machine-learning systems to empower defenses - AIV - Caesars Promenade Level - Florentine BR 3
GeekPwn Party - Night Life - Flamingo - 3rd floor - Track 101 Scenic BR
GeekPwn - Contest - Contest Stage
Generating Labeled Data From Adversary Simulations With MITRE ATT&CK - AIV - Caesars Promenade Level - Florentine BR 3
Geolocation and Homomorphic Encryption - CPV - Caesars Promenade Level - Milano BR 1,2
Getting Skin in the Game: Biohacking & Business - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Getting to Blinky: #badgelife begins with a single blink - HHV - Caesars Pool Level - Forum 17-21
GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs - DC - Track 1 - Caesars Emperor's Level - Palace BR
Goodwatch Update - WLV - Caesars Promenade Level - Milano BR 5,6
Grand Theft Auto: Digital Key Hacking - PHV - Caesars Promenade Level - Neopolitan BR
Green Locks for You and Me - CPV - Caesars Promenade Level - Milano BR 1,2
GreyNoise - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
GUI Tool for OpenC2 Command Generation - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Guided Tour to IEEE 802.15.4 and BLE Exploitation - WS - Linq 4th Flr - Icon A
GyoiThon - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Hack Back: Not An Option, But A Necessity? (A Mini-Workshop) - EHV - Caesars Promenade Level - Modena Rm
Hack On The BitBox Hardware Wallet - BCOS - Caesars Promenade Level - Pompeian BR 1
Hackathon and CTF Prizes, and a Group Photo - RCV - Caesars Promenade Level - Florentine BR 1,2
Hacker Flairgrounds - Meetup - Flamingo - 3rd floor - Chillout Rm
Hacker Jeopardy - Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25
Hacker Jeopardy - Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25
Hacker Karaoke - Night Life - Caesars - Emperors Level - Chillout Rm
Hacker Karaoke - Night Life - Caesars - Emperors Level - Chillout Rm
Hacking a Crypto Payment Gateway - BCOS - Caesars Promenade Level - Pompeian BR 1
Hacking BLE Bicycle Locks for Fun and a Small Profit - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Hacking for Special Needs - Meetup - Caesars - Promenade Level - Anzio Rm past Registration
Hacking Human Fetuses - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Hacking Phenotypic Pathways In Cannabis - PPV - Flamingo Lower Level - Valley Of Fire Rms
Hacking PLCs and Causing Havoc on Critical Infrastructures - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Hacking the international RFQ Process #killthebuzzwords - RCV - Caesars Promenade Level - Florentine BR 1,2
Hacking the Technical Interview - SKY - Flamingo 3rd Flr - Virginia City Rm
Hacking Thingz Powered By Machine Learning - WS - Linq 4th Flr - Icon A
Hacking U-Boot - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet - BTV - Flamingo 3rd Flr- Savoy Rm
Hacking your HackRF - HHV - Caesars Pool Level - Forum 17-21
Halcyon IDE - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Ham Radio Exams - Service - Caesars - Promenade Level - Anzio Rm past Registration
Ham Radio Exams - Service - Caesars - Promenade Level - Anzio Rm past Registration
Hamilton's Private Key: American Exceptionalism and the Right to Anonymity - CPV - Caesars Promenade Level - Milano BR 1,2
Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Healthcare Exposure on Public Internet - SKY - Flamingo 3rd Flr - Virginia City Rm
HealthyPi—Connected Health - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
Hey Bro, I Got Your Fitness Right Here (and your PHI). - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Hiding in plain sight: Disguising HTTPS traffic with domain-fronting - CPV - Caesars Promenade Level - Milano BR 1,2
Holy BATSense! Deploying TBATS Machine Learning Algorithm to Detect Security Events - AIV - Caesars Promenade Level - Florentine BR 3
Honeycomb—An extensible honeypot framework - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
House of Kenzo - Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR
House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
How can industrial IioT be protected from the great unwashed masses of IoT devices - ICS - Flamingo Lower Level - Red Rock Rm 6-8
How Compliance Affects the Surface Area of Cannabis POS - PPV - Flamingo Lower Level - Valley Of Fire Rms
How not to suck at Vulnerability Management [at Scale] - BTV - Flamingo 3rd Flr- Savoy Rm
How to Microdose Yourself - PPV - Flamingo Lower Level - Valley Of Fire Rms
How to Tune Automation to Avoid False Positives - PHV - Caesars Promenade Level - Neopolitan BR
How We Cost Our Client £1.2M with 4 lines of code and less than 2 Hours ($2M) - ICS - Flamingo Lower Level - Red Rock Rm 6-8
How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - RCV - Caesars Promenade Level - Florentine BR 1,2
How-to modify ARM Cortex-M based firmware: A step-by-step approach for Xiaomi devices - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
http2 and you - SKY - Flamingo 3rd Flr - Virginia City Rm
Hunting Predators: SE Style - SEV - Caesars Promenade South - Octavius BR 3-8
Hunting Rogue APs: Hard Lessons - WLV - Caesars Promenade Level - Milano BR 5,6
Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks - AIV - Caesars Promenade Level - Florentine BR 3
I fought the law and law lost - RCV - Caesars Promenade Level - Florentine BR 1,2
I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine - DC - Track 1 - Caesars Emperor's Level - Palace BR
I'm the One Who Doesn't Knock: Unlocking Doors from the Network - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Identifying and correlating anomalies in Internet-wide scan traffic to newsworthy security events - AIV - Caesars Promenade Level - Florentine BR 3
Implementing a Library for Pairing-based Transform Cryptography - CPV - Caesars Promenade Level - Milano BR 1,2
In Soviet Russia Smartcard Hacks You - DC - Track 1 - Caesars Emperor's Level - Palace BR
In-N-Out - That’s What It’s All About - SEV - Caesars Promenade South - Octavius BR 3-8
Infecting The Embedded Supply Chain - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Inside the Fake Science Factory - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Instructions and invitations to party - BCOS - Caesars Promenade Level - Pompeian BR 1
Integrating post-quantum crypto into real-life applications - CPV - Caesars Promenade Level - Milano BR 1,2
IntelliAV: Building an Effective On-Device Android Malware Detector - AIV - Caesars Promenade Level - Florentine BR 3
Intense Introduction to Modern Web Application Hacking - PHW - Caesars Promenade Level - Neopolitan BR
Internet of Laws: Navigating to IoT Hacking Legal Landscape - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Internet of Medicine : The ultimate key to Rooting the human being - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
INTRO TO DATA MASTERCLASS: Graphs & Anomalies - AIV - Caesars Promenade Level - Florentine BR 3
INTRO TO DATA MASTERCLASS: Tour-de-ML - AIV - Caesars Promenade Level - Florentine BR 3
Introducing YOGA: Your OSINT Graphical Analyzer - RCV - Caesars Promenade Level - Florentine BR 1,2
Introduction to Cryptographic Attacks - WS - Linq 4th Flr - Icon B
Introduction to Railroad Telemetry - WLV - Caesars Promenade Level - Milano BR 5,6
ioc2rpz - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
IoT Data Exfiltration - PHV - Caesars Promenade Level - Neopolitan BR
IoT Village Keynote - Tales of a SOHOpeful Journey: Where our Research Started and Where it's Going - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
IoT Village Manson Party - Night Life - Off-site party, Register and receive adddress from IOT VIllage
It WISN't me, attacking industrial wireless mesh networks - DC - Track 1 - Caesars Emperor's Level - Palace BR
It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
It's not wifi: Stories in Wireless Reverse Engineering - WLV - Caesars Promenade Level - Milano BR 5,6
It’s a Beautiful Day in the Malware Neighborhood - AIV - Caesars Promenade Level - Florentine BR 3
Jailbreaking the 3DS through 7 years of hardening - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Jailed by a Google Search: the Surveillance State's War on Self-induced Abortion - CPV - Caesars Promenade Level - Milano BR 1,2
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else - SKY - Flamingo 3rd Flr - Virginia City Rm
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else - CPV - Caesars Promenade Level - Milano BR 1,2
JMPgate: Accelerating reverse engineering into hyperspace using AI - AIV - Caesars Promenade Level - Florentine BR 3
Joe Grand's Hardware Hacking Basics - WS - Linq 4th Flr - Icon A
Jumping the Epidermal Barrier - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Just what the Doctor Ordered: 2nd Opinions on Medical Device Security - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
JWAT...Attacking JSON Web Tokens - WS - Linq 4th Flr - Icon D
Kali Dojo Workshop - PHW - Caesars Promenade Level - Neopolitan BR
Keynote - From Breach to Bust: A short story of graphing and grey data - RCV - Caesars Promenade Level - Florentine BR 1,2
Keynote Address: Alejandro Mayorkas - VMHV - Caesars Pool Level - Forum 14-16
Keynote Address: TBA - VMHV - Caesars Pool Level - Forum 14-16
Keynote Presentation: Avoiding Trauma, Drama and FUD in Medical Device Disclosure - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Keynote Speech: Inside Monero - BCOS - Caesars Promenade Level - Pompeian BR 1
Last mile authentication problem: Exploiting the missing link in end-to-end secure communication - DC - Track 1 - Caesars Emperor's Level - Palace BR
Lateral Movement 101: 2018 Update - WS - Linq 4th Flr - Icon D
Lawyer Meet - Meetup - Flamingo - 3rd Floor - Carson City Rm
Learning to Listen: Machine Learning for Adaptive Wireless Adversary Detection - WLV - Caesars Promenade Level - Milano BR 5,6
Lessons Learned: DEFCON Voting Village 2017 - VMHV - Caesars Pool Level - Forum 14-16
Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project - SKY - Flamingo 3rd Flr - Virginia City Rm
LHT (Lossy Hash Table) - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Lightning Talks - A Crash Course on Election Security - VMHV - Caesars Pool Level - Forum 14-16
Lightning Talks - Mechanics & Pitfalls of Auditing with Scanners - VMHV - Caesars Pool Level - Forum 14-16
Lightning Talks - The Return of Software Vulnerabilities in the Brazilian Voting Machine - VMHV - Caesars Pool Level - Forum 14-16
Lightning Talks - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Little Fluffy Pineapple Clouds - Commanding a Fleet of Wireless Fruit - WLV - Caesars Promenade Level - Milano BR 5,6
Live Band Karaoke - Night Life - Flamingo - 3rd Floor - Track 101 Vista BR
Local Sheriff - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Lonely Hackers Club Party - Night Life - Flamingo - 3rd Floor - El Dorado BR
Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Lora Smart Water Meter Security Analysis - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Lost and Found Certificates: dealing with residual certificates for pre-owned domains - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Loud Party - Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA
Lunch Keynote: State and Local Perspectives on Election Security - VMHV - Caesars Pool Level - Forum 14-16
Macabre stories of a hacker in the public health sector (Chile) - SKY - Flamingo 3rd Flr - Virginia City Rm
Machine Learning as a Service in Your Pocket - AIV - Caesars Promenade Level - Florentine BR 3
Machine Learning for Network Security Hands-on Workshop: DIYML - AIV - Caesars Promenade Level - Florentine BR 3
Machine Learning Model Hardening For Fun and Profit - AIV - Caesars Promenade Level - Florentine BR 3
Mallet, An Intercepting Proxy for Arbitrary Protocols - PHW - Caesars Promenade Level - Neopolitan BR
Mallet: A Proxy for Arbitrary Traffic - PHV - Caesars Promenade Level - Neopolitan BR
Malware Panel - AIV - Caesars Promenade Level - Florentine BR 3
Man-In-The-Disk - DC - Track 1 - Caesars Emperor's Level - Palace BR
Mapping Social Media with Facial Recognition - RCV - Caesars Promenade Level - Florentine BR 1,2
Mapping Wi-Fi Networks and Triggering on Interesting Traffic Patterns - PHV - Caesars Promenade Level - Neopolitan BR
Mapping wifi networks and triggering on interesting traffic patterns - RCV - Caesars Promenade Level - Florentine BR 1,2
Master Baiting! Dont Click Bait, Click Yourself - SKY - Flamingo 3rd Flr - Virginia City Rm
Micro-Renovator: Bringing Processor Firmware up to Code - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Microcontrollers and Single Board Computers for Hacking, Fun and Profit - PHV - Caesars Promenade Level - Neopolitan BR
Moderator Justin Ehrenhofer's Greatest Questions - BCOS - Caesars Promenade Level - Pompeian BR 1
Monero Project's Vulnerability Response Process - BCOS - Caesars Promenade Level - Pompeian BR 1
Monero's Differentiated Community - BCOS - Caesars Promenade Level - Pompeian BR 1
Monero's Emerging Applications - BCOS - Caesars Promenade Level - Pompeian BR 1
Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders. - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Movie Night - Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24
Movie Night - Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24
Mr. Sinatra Will Hack You Now - SEV - Caesars Promenade South - Octavius BR 3-8
My Stripper Name is Bubbles - SEV - Caesars Promenade South - Octavius BR 3-8
n00b Party - Night Life - Flamingo - 3rd floor - Track 101 Sunset BR
Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space - EHV - Caesars Promenade Level - Modena Rm
Nature’s source code is vulnerable and cannot be patched - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
NEST: Securing the Home - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
NFC Payments: The Art of Relay & Replay Attacks - HHV - Caesars Pool Level - Forum 17-21
No Firewall Can Save You At The Intersection Of Genetics and Privacy - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
No Way JOSE! Designing Cryptography Features for Mere Mortals - CPV - Caesars Promenade Level - Milano BR 1,2
Normalizing Empire's Traffic to Evade Anomaly-Based IDS - PHV - Caesars Promenade Level - Neopolitan BR
NSA Talks Cybersecurity - DC - Track 1 - Caesars Emperor's Level - Palace BR
nzyme - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
Oh Noes!—A Role Playing Incident Response Game - DC - Roman Chillout
On the Hunt: Hacking the Hunt - SEV - Caesars Promenade South - Octavius BR 3-8
One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
One Step Ahead of Cheaters -- Instrumenting Android Emulators - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
One-Click to OWA - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
One-liners to Rule Them All - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Open Source Endpoint Monitoring - BTV - Flamingo 3rd Flr- Savoy Rm
Open Source Hardware and the Monero Project - BCOS - Caesars Promenade Level - Pompeian BR 1
Opening Note - RCV - Caesars Promenade Level - Florentine BR 1,2
Opening Remarks - AIV - Caesars Promenade Level - Florentine BR 3
OpenPiMap - Hacking the hackers with OSINT, Raspberry Pis, and Data Analysis - RCV - Caesars Promenade Level - Florentine BR 1,2
Opportunistic Onion: More Protection Some of the Time - CPV - Caesars Promenade Level - Milano BR 1,2
Orthrus - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
OSINT IS FOR SOCCER MOMS - SKY - Flamingo 3rd Flr - Virginia City Rm
Outsmarting the Smart City - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Owning Gluster FS with GEVAUDAN - DDV - Caesars Promenade Level - Capri Rm
PA Toolkit—Wireshark plugins for Pentesters - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Packet Mining for Privacy Leakage - WS - Linq 4th Flr - Icon F
PacketWhisper: Stealthily Exfiltrating Data and Defeating Attribution Using DNS and Text-Based Steganography - PHV - Caesars Promenade Level - Neopolitan BR
Panel Discussion: The Internet of Bodies - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Panel on digital & Physical Security in Cannabis - PPV - Flamingo Lower Level - Valley Of Fire Rms
Panel Q&A – IoT Manufacturers: Answers on Security Straight from the Source - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
PANEL: DEF CON GROUPS - DC - Track 1 - Caesars Emperor's Level - Palace BR
Party Music - Acid-T - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Circuit Static - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - DJ v.27 - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Dualcore - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Icetre Normal - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - JG & The Robots - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Juno Reactor - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - MC Frontalot - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Miss Jackalope - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - OS System - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - s7a73farm - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Scotch & Bubbles - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Skittish & Bus - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - TBD - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Tineh Nimjeh - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - YT Cracker - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - YurkMeister - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Zebbler Encanti - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Passionfruit - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research - EHV - Caesars Promenade Level - Modena Rm
PCILeech - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
Penetration Testing Environments: Client & Test Security - WS - Linq 4th Flr - Icon E
penetration testing sex toys: "I've seen things you people wouldn't believe" - SKY - Flamingo 3rd Flr - Virginia City Rm
Pentesting ICS 101 - WS - Linq 4th Flr - Icon B
Playback: a TLS 1.3 story - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Playing Malware Injection with Exploit thoughts - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Playing with RFID - WS - Linq 4th Flr - Icon E
Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Politics and the Surveillance State. The story of a young politician's successful efforts to fight surveillance and pass the nation's strongest privacy bills. - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Practical & Improved Wifi MitM with Mana - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun? - SKY - Flamingo 3rd Flr - Virginia City Rm
Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - RCV - Caesars Promenade Level - Florentine BR 1,2
Primer On Dealing w/ Local Gov. for Legal Cannabis - PPV - Flamingo Lower Level - Valley Of Fire Rms
Privacy and Blockchain: A Boundary Object Perspective - BCOS - Caesars Promenade Level - Pompeian BR 1
Privacy infrastructure, challenges and opportunities - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Privacy Is Equality—And It's Far from Dead - DC - Octavius 13
Prize winners, awards, and announcements - BCOS - Caesars Promenade Level - Pompeian BR 1
Project Interceptor: avoiding counter-drone systems with nanodrones - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Promether, 1st Party of Defcon - Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA
Protecting Crypto Exchanges From a New Wave of Man-in-the-Browser Attacks - PHV - Caesars Promenade Level - Neopolitan BR
Prototyping Cryptographic Protocols With Charm - CPV - Caesars Promenade Level - Milano BR 1,2
PWN to OWN my own Heart. Journey into hacking my own pacemake - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Queercon Mixer - Meetup - Caesars Palace, Queercon Lounge Suite, Rm TBA
Queercon Rainbow Ball - Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA
Quiet Party - Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA
Real Simple Blue Team Shit - SKY - Flamingo 3rd Flr - Virginia City Rm
Reaping and breaking keys at scale: when crypto meets big data - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Responsible Disclosure Panel - EHV - Caesars Promenade Level - Modena Rm
Rethinking Role-Based Security Education - PHV - Caesars Promenade Level - Neopolitan BR
Reverse Engineering Malware 101 - PHW - Caesars Promenade Level - Neopolitan BR
Reverse Engineering Physical Processes in Industrial Control Systems - ICS - Flamingo Lower Level - Red Rock Rm 6-8
Reverse Engineering Windows Defender's Emulator - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Reverse Engineering, hacking documentary series - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Revolting Radios - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Revolutionizing Authentication with Oblivious Cryptography - CPV - Caesars Promenade Level - Milano BR 1,2
RFNoC: Accelerating the Spectrum with the FPGA - WLV - Caesars Promenade Level - Milano BR 5,6
Ridealong Adventures: Critical Issues with Police Body Cameras - PHV - Caesars Promenade Level - Neopolitan BR
Ridealong Adventures—Critical Issues with Police Body Cameras - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Ring 0/-2 Rootkits: bypassing defenses - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Robots and AI: What scares the experts? - SKY - Flamingo 3rd Flr - Virginia City Rm
Rock appround the clock: Tracking malware developers by Android "AAPT" timezone disclosure bug - DC - Track 1 - Caesars Emperor's Level - Palace BR
SAEDAY: Subversion and Espionage Directed Against You - BTV - Flamingo 3rd Flr- Savoy Rm
Scaling and Economic Implications of the Adaptive Blocksize in Monero - BCOS - Caesars Promenade Level - Pompeian BR 1
SDR Basics Class - WLV - Caesars Promenade Level - Milano BR 5,6
Searching for the Light: Adventures with OpticSpy - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
SecKC the World - Night Life - Flamingo - 3rd Floor - Mesquite Rm
Securing Big Data in Hadoop - WS - Linq 4th Flr - Icon F
Securing Critical Infrastructure through Side-Channel Monitoring - ICS - Flamingo Lower Level - Red Rock Rm 6-8
Securing our Nation's Election Infrastructure - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Selfie or Mugshot? - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Serious Intro to Python for Admins - PHW - Caesars Promenade Level - Neopolitan BR
Sex Work After SESTA - SKY - Flamingo 3rd Flr - Virginia City Rm
Sex Work After SESTA/FOSTA - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Sh00t—An open platform for manual security testers & bug hunters - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
SirenJack: Cracking a 'Secure' Emergency Waring Siren System - WLV - Caesars Promenade Level - Milano BR 5,6
Skiptracer - ghetto OSINT for broke hackers - RCV - Caesars Promenade Level - Florentine BR 1,2
skytalks (303) FRIDAY PARTY - Read the Details - SKY - Flamingo 3rd Flr - Virginia City Rm
skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - SKY - Flamingo 3rd Flr - Virginia City Rm
Sluts, Bullies, and Best Selves: Rethinking Digital Privacy Education - CPV - Caesars Promenade Level - Milano BR 1,2
SMBetray—Backdooring and breaking signatures - DC - Track 1 - Caesars Emperor's Level - Palace BR
Social Engineering Course Projects for Undergraduate Students - SEV - Caesars Promenade South - Octavius BR 3-8
Social Engineering from a CISO's Perspective - SEV - Caesars Promenade South - Octavius BR 3-8
Some Mining Related Attacks - BCOS - Caesars Promenade Level - Pompeian BR 1
Spell Check: The Hacker Spelling Bee - Contest - Contest Stage
Stalker In A Haystack - RCV - Caesars Promenade Level - Florentine BR 1,2
Stalker In A Haystack - SKY - Flamingo 3rd Flr - Virginia City Rm
Stealing Crypto 2 Factor Isn't a Factor - BCOS - Caesars Promenade Level - Pompeian BR 1
Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification - AIV - Caesars Promenade Level - Florentine BR 3
Stop, Drop, and Assess your SOC - BTV - Flamingo 3rd Flr- Savoy Rm
Story Time - Biggest ITSec fuck-ups I've seen over the past 25 years. - SKY - Flamingo 3rd Flr - Virginia City Rm
StuxNNet: Practical Live Memory Attacks on Machine Learning Systems - AIV - Caesars Promenade Level - Florentine BR 3
Supercharge Your Web Recon With Commonspeak and Evolutionary Wordlists - RCV - Caesars Promenade Level - Florentine BR 1,2
Swarm Intelligence and Augmented Reality Gaming - SEV - Caesars Promenade South - Octavius BR 3-8
Swiss Cheese Holes in the Foundation of Modern Security - CERT VU#919801 - PHV - Caesars Promenade Level - Neopolitan BR
Swissduino—Stealthy USB HID Networking & Attack - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Take two of these and syscall execve() in the morning: A retrospective and primer on medical device security research - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Target-Based Security Model - PHV - Caesars Promenade Level - Neopolitan BR
Targeted User Analytics and Human Honeypotss - RCV - Caesars Promenade Level - Florentine BR 1,2
Technology Enabled Prosthetic Environments - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
THC Producing, Genetically Modified Yeast - PPV - Flamingo Lower Level - Valley Of Fire Rms
The Abyss is Waving Back - SKY - Flamingo 3rd Flr - Virginia City Rm
The Abyss is Waving Back… - SEV - Caesars Promenade South - Octavius BR 3-8
The Art of Business Warfare - SEV - Caesars Promenade South - Octavius BR 3-8
The Beginner’s Guide to the Musical Scales of Cyberwar - DDV - Caesars Promenade Level - Capri Rm
The Cactus: 6502 Blinkenlights 40 Years Late - HHV - Caesars Pool Level - Forum 17-21
The Cantankerous Cannabis Cryptocurrency Kerfuffle - PPV - Flamingo Lower Level - Valley Of Fire Rms
The challenge of building an secure and safe digital environment in the healthcare - SKY - Flamingo 3rd Flr - Virginia City Rm
The current state of adversarial machine learning - AIV - Caesars Promenade Level - Florentine BR 3
The Good, the Bad, and the Private: Building and Breaking Safe Cryptocurrencies - BCOS - Caesars Promenade Level - Pompeian BR 1
The great power of AI: Algorithmic mirrors of society - AIV - Caesars Promenade Level - Florentine BR 3
The Invisible Hands Tending the Secret Greens - PPV - Flamingo Lower Level - Valley Of Fire Rms
The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask) - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
The Least Common Denominator Strategy (AKA Don't make DevOps too easy) - SKY - Flamingo 3rd Flr - Virginia City Rm
The Memory Remains - Cold drive memory forensics 101 - DDV - Caesars Promenade Level - Capri Rm
The Mouse is Mightier than the Sword - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
The Ongoing Federal Lawsuit Against Jeff Sessions - PPV - Flamingo Lower Level - Valley Of Fire Rms
The Real History of Marijuana Prohibition - PPV - Flamingo Lower Level - Valley Of Fire Rms
The ring 0 façade: awakening the processor's inner demons - DC - Track 1 - Caesars Emperor's Level - Palace BR
The Road to Resilience: How Real Hacking Redeems this Damnable Profession - DC - Track 1 - Caesars Emperor's Level - Palace BR
The Sound of a Targeted Attack: Attacking IoT Speakers - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - WS - Linq 4th Flr - Icon F
ThinSIM-based Attacks on Mobile Money Systems - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Threat Hunting with ELK - WS - Linq 4th Flr - Icon C
Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Tineola: Taking a Bite Out of Enterprise Blockchain - DC - Track 1 - Caesars Emperor's Level - Palace BR
TOR for The IOT aka TORT Reform - ICS - Flamingo Lower Level - Red Rock Rm 6-8
Torrent More Pharmaceutical Drugs. File Sharing Still Saves Lives. - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Towards a framework to quantitatively assess AI safety – challenges, open questions and opportunities. - AIV - Caesars Promenade Level - Florentine BR 3
Toxic BBQ - Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178)
trackerjacker - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
Trouble in the tubes: How internet routing security breaks down and how you can do it at home - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Trustworthy Elections - VMHV - Caesars Pool Level - Forum 14-16
Turning Deception Outside-In: Tricking Attackers with OSINT - PHV - Caesars Promenade Level - Neopolitan BR
Two-Steps to Owning MFA - CPV - Caesars Promenade Level - Milano BR 1,2
UEFI exploitation for the masses - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Using AI to Create Music - AIV - Caesars Promenade Level - Florentine BR 3
Using Deep Learning to uncover darkweb malicious actors and their close circle - RCV - Caesars Promenade Level - Florentine BR 1,2
Vet Con - Night Life - Flamingo - Lower Level - Red Rock RM 6
Village summary - BCOS - Caesars Promenade Level - Pompeian BR 1
Vulnerabilities in Cannabis Software - PPV - Flamingo Lower Level - Valley Of Fire Rms
Vulnerable Out of the Box: An Evaluation of Android Carrier Devices - DC - Track 1 - Caesars Emperor's Level - Palace BR
WAGGING THE TAIL—COVERT PASSIVE SURVEILLANCE AND HOW TO MAKE THEIR LIFE DIFFICULT - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Walrus - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Wardrivers Anonymous - WLV - Caesars Promenade Level - Milano BR 5,6
WaterBot - Hackable Scientific Plant Bot - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
We Don't Need No Stinkin Badges - BCOS - Caesars Promenade Level - Pompeian BR 1
We Program Our Stinkin Badges! - BCOS - Caesars Promenade Level - Pompeian BR 1
Weaponizing Unicode: Homographs Beyond IDNs - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Weapons Training for the Empire - WS - Linq 4th Flr - Icon B
Weed Hacking: A Pragmatic Primer For Home Grows - PPV - Flamingo Lower Level - Valley Of Fire Rms
WELCOME TO BHV! - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
WELCOME TO DAY 2 of BHV! - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Welcome To DEF CON & Badge Maker Talk - DC - Track 1 - Caesars Emperor's Level - Palace BR
Welcome to the BCOS Monero Village - BCOS - Caesars Promenade Level - Pompeian BR 1
WELCOME TO THE LAST DAY OF BHV! - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
WEP and WPA Cracking 101 - WLV - Caesars Promenade Level - Milano BR 5,6
What Do You Want to be When You Grow Up? - PHV - Caesars Promenade Level - Neopolitan BR
What happened behind the closed doors at MS - SKY - Flamingo 3rd Flr - Virginia City Rm
What the Fax!? - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
When Incident Response Meets Reality - SKY - Flamingo 3rd Flr - Virginia City Rm
Where's My Browser? Learn Hacking iOS and Android WebViews - WS - Linq 4th Flr - Icon C
WHID Injector: Hot To Bring HID Attacks to the Next Level - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
WhiteRabbit: Combining Threat Intelligence Public Blockchain Data and Machine Learning to go Down the “Dirty Money” Rabbit Hole - RCV - Caesars Promenade Level - Florentine BR 1,2
Who Controls the Controllers—Hacking Crestron IoT Automation Systems - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Whose Slide is it Anyway? - Contest - Contest Stage
WiFi Beacons will give you up - HHV - Caesars Pool Level - Forum 17-21
Winning a SANS 504 CTF without winning a SANS CTF - RCV - Caesars Promenade Level - Florentine BR 1,2
WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response) - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
Women, Wisdom, & Wine @ DEF CON 26 by IOActive - Meetup - Caesars - Palace Suites
Worms that fight back: Nematodes as an antidote for IoT malware - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
wpa-sec: The Largest Online WPA Handshake Database - PHV - Caesars Promenade Level - Neopolitan BR
You can run, but you can't hide. Reverse engineering using X-Ray. - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
You'd better secure your BLE devices or we'll kick your butts ! - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
You're just complaining because you're guilty: A DEF CON Guide to Adversarial Testing of Software Used In the Criminal Justice System - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Your Bank's Digital Side Door - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability - DC - Track 1 - Caesars Emperor's Level - Palace BR
Your Smart Scale is Leaking More than Your Weight - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Your Voice is My Passport - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Your Watch Can Watch You! Gear Up for the Broken Privilege Pitfalls in the Samsung Gear Smartwatch - DC - Track 1 - Caesars Emperor's Level - Palace BR

Talk/Event Descriptions


 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Friday - 10:00-13:59


Reverse Engineering with OpenSCAD and 3D Printing

Friday, 1000-1400 in Icon B

Nick Tait

The main focus of this class is a software tool and programming language OpenSCAD. Through a specific example we will learn to reproduce physical objects. We'll cover the entire workflow from measurement, sketching, modeling, and manufacturing. Additional hints for optimizing your design for 3D printing will enable rapid product iteration. All modeling in OpenSCAD is through writing commands which brings many powerful properties of software such as parameterization, version control, and reusable components to CAD modeling. Ultimately with the combination of these skills you'll be equipped to repair and improve your stuff.

Prerequisites: No previous programming experience required, but it will help you get more out of this workshop.

Materials: A laptop with an up to date:
* Operating system (Linux/OS X/Win)
* OpenSCAD (free and open source) http://www.openscad.org/
* Cura (free and open source) https://ultimaker.com/en/products/ultimaker-cura-software

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/digital-manufacturing-using-reverse-engineering-open-source-3d-printers-and-software-icon-b-tickets-47194008550
(Opens July 8, 2018 at 15:00 PDT)

Nick Tait
nickthetait (government name Nicholas Tait) is a software engineer and fixer of things currently living in Fort Collins, Colorado. His most recent job focused on producing numbers to coax 3D printers to do the user's bidding. Before that he helped route packages for a multinational corporation that rhymes with annex.

Lately he's been in training for his next job - attending any cyber security event physically (and sometimes digitally) possible, contributing to a bunch of open source projects, learning to pick locks and talking about encryption to anyone that will listen. Rock climbing and mountain biking are long time passions that keep the blood pumping and ideas flowing.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 14:00-15:00


Title:
"Probably": an Irreverent Overview of the GDPR

2:00pm

"Probably": an Irreverent Overview of the GDPR
When
Fri, August 10, 2pm 3pm
Description
Speaker
------
Brendan OConnor

Abstract
--------
If you work in privacy, technology, marketing, or the law, or if you have an email account, you've heard of the GDPR. But what is it really? Why is your in-house lawyer grumpy all the time? Why is your marketing team walking around with stickers that say "legitimate business use of data" and trying to slap them on random objects to see if they stick? Why, legally, can't you remember anyone's names anymore? This presentation will attempt to take a look at the GDPR from the perspective of a confused outsider who can't quite believe what's going on (as opposed to a burned-out practitioner), without getting too worked up about it. We'll cover why the GDPR exists, what it does, why some people are freaked out about it, why to be concerned and/or unconcerned, and whether kittens or puppies make the better reference animal for GDPR compliance memes. Relax! It's all going to be fine! Probably.


Bio
-----------------
Described by coworkers as not the lawyer we need, but the lawyer we deserve (and he's pretty sure that wasn't meant as a compliment), Brendan OConnor is a security researcher, consultant, and attorney based in Seattle. His day job is building security programs, but at night, he transforms into a person who spends too much time arguing with people who are wrong on the Internet. If caught, his companies will deny all knowledge of this presentation.

Twitter handle of presenter(s)
------------------------------
USSJoin

Website of presenter(s) or content
----------------------------------
https://ussjoin.com

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 10:30-11:00


Title:
"Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale

10:30am

"Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale
When
Fri, August 10, 10:30am 11:00am
Description

Speakers
-------
Irwin Reyes
Amit Elazari Bar On

Abstract
--------
We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps' compliance with the Children's Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the U.S. Based on our automated analysis of 5,855 of the most popular free children's apps, we found that a majority are potentially in violation of COPPA, mainly due to their use of third-party SDKs. While many of these SDKs offer configuration options to respect COPPA by disabling tracking and behavioral advertising, our data suggest that a majority of apps either do not make use of these options or incorrectly propagate them across mediation SDKs. Worse, we observed that 19% of children's apps collect identifiers or other personally identifiable information (PII) via SDKs whose terms of service outright prohibit their use in child-directed apps. Finally, we show that efforts by Google to limit tracking through the use of a resettable advertising ID have had little success: of the 3,454 apps that share the resettable ID with advertisers, 66% transmit other, non-resettable, persistent identifiers as well, negating any intended privacy-preserving properties of the advertising ID.

Bio
-----------------
Irwin is a researcher in the Usable Security and Privacy Group at the International Computer Science Institute (ICSI) affiliated with the University of California at Berkeley. He earned Bachelor's and Master's degrees from the University of Virginia in 2009 and 2011, respectively. Irwin has held positions developing ballistic missile defense systems at the Johns Hopkins University Applied Physics Laboratory and applying usable security concepts to commercial products at Dell. His research interests include measuring the privacy risks of everyday consumer products, user perceptions of security issues, and the online advertising ecosystem.

Amit is a doctoral law candidate at UC Berkeley School of Law and a Berkeley Center for Long-Term Cybersecurity Grantee. Her work has been published in leading technology law journals, presented in conferences such as RSA, USENIX Enigma, BsidesLV, BsidesSF, DEF CON-Skytalks and Black Hat, and featured in leading news sites such as the Wall Street Journal, Washington Post, The Guardian and the Verge. Additionally, Amit teaches at UC Berkeleys School of Information Master of Information and Cybersecurity (MICS) program and serves as the submissions editor of BTLJ, the worlds leading Tech Law Journal. On 2018, Amit was granted a CLTC grant for her work on private ordering regulating information security

Twitter handle of presenter(s)
------------------------------
irwinreyescom

Website of presenter(s) or content
----------------------------------
https://appcensus.mobi

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 18:00-18:30


Title:
(Not Recorded) Ask Me Anything about Tor: AMA with Roger Dingledine

6:00pm

(Not Recorded) Ask Me Anything about Tor: AMA with Roger Dingledine
When
Sat, August 11, 6:00pm 6:30pm
Description
Speaker
------
Roger Dingledine

Abstract
--------
Roger Dingledine, president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online, will give an overview of several aspects of Tor, including new developments since he last spoke at DEF CON. The majority of the session will be devoted to questions from the audience, AMA style.

Bio
-----------------
Roger Dingledine is president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online. Wearing one hat, Roger works with journalists and activists on nearly every continent to help them understand and defend against the threats they face. Wearing another hat, he is a lead researcher in the online anonymity field, coordinating and mentoring academic researchers working on Tor-related topics, and, since 2002, has helped to organize the yearly international Privacy Enhancing Technologies Symposium (PETS). Among his achievements, Roger was chosen by the MIT Technology Review as one of its top 35 innovators under 35, he co-authored the Tor design paper that won the Usenix Security "Test of Time" award, and he has been recognized by Foreign Policy magazine as one of its top 100 global thinkers.

Twitter handle of presenter(s)
------------------------------
@RogerDingledine, @TorProject

Website of presenter(s) or content
----------------------------------
torproject.org

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 14:30-15:20


(Responsible?) Offensive Machine Learning

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Cafe Americano - Thursday - 17:00-18:59


Title:
[Networking/Social] Blackhat/DefCon Meet-up at Cafe Americano

BlackHat/DEFCON Annual Meet-up - August 9th

Join Women's Society of Cyberjutsu at Cafe Americano inside Caesars Palace for our Annual Blackhat/DefCon Meet-up.

Meet like minded security professionals from around the world for free appetizers and drinks

Thank you to our event sponsors and partners:

More Info: https://womenscyberjutsu.org/events/EventDetails.aspx?id=1121627&group=
Contact: events@womenscyberjutsu.org

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - Friday - 18:00-20:30


Title:
/R/defcon redit Meetup

Do you participate in the DEF CON subreddit? This Meetup is for you! A gathering of the denizens of /r/DEF CON while at DEF CON to mingle and meet face to face. Newcomers and veterans alike are welcome to meet and greet while sharing the DEF CON experience.
More Info: DEF CON 26 Meetup for /r/defcon

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Flamingo - 3rd Floor - Chillout Rm - Friday - 20:30-23:59


Title:
/R/defcon redit Meetup

Do you participate in the DEF CON subreddit? This Meetup is for you! A gathering of the denizens of /r/DEF CON while at DEF CON to mingle and meet face to face. Newcomers and veterans alike are welcome to meet and greet while sharing the DEF CON experience.
More Info: DEF CON 26 Meetup for /r/defcon

Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


#WiFiCactus

Saturday 08/11/18 from 1000-1150 at Table One
Offense, defense, hardware

Mike Spicer

The newly upgraded #WiFiCactus for DEF CON 26 is a passive wireless monitoring backpack that listens to 60 channels of 2.4 and 5 gHz WiFi at the same time. New this year is the ability to capture 802.11AC traffic and upgrades to remove bandwidth bottlenecks. This tool uses Kismet to capture the data from the each radio and aggregates them into a single searchable web interface. This tool is also capable of identifying wireless threats, troubleshooting complex wireless environments and helping with correlation analysis between Bluetooth and WiFi.

http://palshack.org/the-hashtag-wifi-cactus-wificactus-def-con-25/

Mike Spicer
d4rkm4tter is a mad scientist who likes to hack hardware and software. He is particularly obsessed with wireless. He has a degree in computer science which he has put to use building and breaking a wide variety of systems.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 14:45-15:05


1983: I’m born. 2018: I’m taking on the bad guys - Jennifer Roderick

“I’m not a programmer. I’m not a hacker‚Ķin the traditional sense. But yet I was born in 1983, so surely that makes me a perfect fit for the DEF CON theme this year. Not enough? Ok, well how about the fact that I’m currently using open source tools, techniques and methodologies to combat modern slavery, wildlife trafficking, terrorism and just about every serious organized crime the world is currently battling from a desk in the middle of the London financial district. Interested in hearing from a different viewpoint and perspective, then this is your talk. While you might not walk away with a new tool for your toolbox, you will gain an understanding into how the smallest contribution can end up the most profound and how combining open source resources can take on much bigger problems that you’ve maybe never considered.

During my talk, I will cover a few examples of recent Open Source investigations conducted by myself, including details regarding the methodologies and tools which were used. We actively follow the person not the digital fingerprint to begin to understand and put a face to some of the most prevalent and serious organized crimes facing the world today.

When I was in the forces I knew what I was facing and had to deal with, as Head of Research at a FinTech company I never expected that transferring my skills would end up uncovering individuals within the financial industry who I’ve had to report for terrorist activity, human trafficking, wildlife trafficking, drug smuggling, violent crime, fraud (international and domestic), revenge porn, and stalking.

And while I’m not here to save the world, I think we can all do a little bit to contribute to a counter-future in which the good guys are empowered by technology and the bad guys have nowhere to hide.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 14:00-14:45


4G—Who is paying your cellular phone bill?

Friday at 14:00 in Track 2
45 minutes | Demo, Exploit

Dr. Silke Holtmanns Distinguished Member of Technical Staff, Security Expert, Nokia Bell Labs

Isha Singh Master student, Aalto University in Helsinki (Finland

Cellular networks are connected with each other through a worldwide private, but not unaccessible network, called IPX network. Through this network user related information is exchanged for roaming purposes or for cross-network communication. This private network has been breached by criminals and nation states. Cellular networks are extremely complex and many attacks have been already been found e.g. DoS, location tracking, SMS interception, data interception. Many attacks have been seen in practice, but not all attack are understood and not all attack avenues using the IPX network have been explored. This presentation shows how a S9 interface in 4G networks, which is used for charging related user information exchange between operators can be exploited to perform fraud attacks. A demonstration with technical details will be given and guidance on practical countermeasures.

Dr. Silke Holtmanns
Silke is a security expert at Nokia Bell Labs (Research branch of Nokia). She holds a PhD in Mathematics and has 18 years of experience in mobile security research and standardization. In her current research she investigates new and existing mobile network security attacks using SS7, Diameter and GTP protocols via the interconnection network and how to counter those attacks in 4G/5G networks. She found many 4G related IPX attacks and countermeasures e.g. Location Tracking (NATO CyCon), DoS (Black Hat EU 2016), cellular data interception (34C3 Chaos Computer Congress). She drives in the operator association GSMA the security of cellular network and being responsible there for the Diameter Signaling Security Specification. She served as a special matter expert on cellular security to the US Federal Communication Commission and to the European Union Agency for Network and Information Security. She is rapporteur of ten 3GPP security specifications and has a long track record of security publications.

Currently, she is actively supporting the 5G Roaming security developments. For her the interesting part is fixing problems in world wide network without breaking it, not finding an issue.

@SHoltmanns

Isha Singh
Isha is a master student at Aalto University in Helsinki (Finland) and doing her Thesis research work at Nokia Bell Labs under supervision of Professor Raimo Kantola. She is completing her Master's in Wireless Communication as major subject and Machine Learning as minor. Her research covers smart city environmental perception from ambient cellular signals and 5G Ubiquitous sensing. She is passionate about IoT devices and their security in 5G scenario. She has experiences on embedded devices (Arduino, Raspberry Pi) for multiple projects like Analog to Digital converter used in optical communication. Presently she is exploring Cybersecurity, starting from the mobile communication core network security. Testing for vulnerabilities and loopholes and providing solutions using Machine Learning.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Forum Tower Duplex Hangover Suite - Friday - 20:00-23:59


Title:
503 Party 2018

It's 2018, and it's time again for another 503 Party!

This year we'll be re-introducing the music, but keeping the drink focus on local microbrews. We've got the Hangover suite in Caesars Palace for the entire weekend, Thursday through Sunday, so we're going to be running the 503 Suite again this year like we did in 2016, which means we may have some random events during the day throughout the weekend. This also means we need to raise a bit more money, so I've set the goal this year to 15k. The room is already paid for, so it's happening even if the goal isn't reached. Top donors (100ish dollars?) will get fun prizes and early admission to the Friday night party. All funds raised will of course be going to the party/suite. Further details will be posted on https://503.party .
More Info: 503.party
More Info: gofundme

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 16:00-16:45


80 to 0 in under 5 seconds: Falsifying a medical patient's vitals

Saturday at 16:00 in Track 1
45 minutes | Demo

Douglas McKee Senior Security Researcher for the McAfee Advanced Threat Research team

It seems each day that passes brings new technology and an increasing dependence upon it. The medical field is no exception; medical professionals rely upon technology to provide them with accurate information and base life-changing decisions on this data.

In recent years there has been more attention paid to the security of medical devices; however, there has been little research done on the unique protocols used by these devices. In large, health care systems medical personnel take advantage of to make decisions on patient treatment and other critical care, use central monitoring stations. This information is gathered from many devices on the network using uncommon networking protocols. What if this information wasn't accurate when a doctor prescribed medication? What if a patient was thought to be peacefully resting, when in fact they are under cardiac arrest?

McAfee's Advanced Threat Research team has discovered a weakness in the RWHAT protocol, one of the networking protocols used by medical devices to monitor a patient's condition. This protocol is utilized in some of the most critical systems used in hospitals. This weakness allows the data to be modified by an attacker in real-time to provide false information to medical personnel. Lack of authentication also allows rogue devices to be placed onto the network and mimic patient monitors.

This presentation will include a technical dissection of the security issues inherent in this relatively unknown protocol. It will describe real-world attack scenarios and demonstrate the ability to modify the communications in-transit to directly influence the receiving devices. We will also explore the general lack of security mitigations in the medical devices field, the risks they pose, and techniques to address them. The talk will conclude with a demonstration using actual medical device hardware and a live modification of a patient's critical data.

Douglas McKee
Douglas McKee is a Senior Security Researcher for the McAfee Advanced Threat Research team, focused on finding new vulnerabilities in both software and hardware. Douglas has an extensive background in penetration testing, reverse engineering, malware analysis and forensics and throughout his career has provided software exploitation training to many audiences, including law enforcement.


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Local Bikeshop - Friday - 06:00-06:59


Title:
8th Defcon Bike Ride

At 6am on Friday, the @cycle_override crew will be hosting the 8th Defcon Bikeride. We'll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It's about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See at 6am Friday! @jp_bourget @gdead @heidishmoo. Go to cycleoverride.org for more info.

More Info: @Cycle_Override    http://cycleoverride.org/

Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 10:00-10:50


 

No description available


Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 14:30-14:59


Title:
A Comprehensive Forensic Analysis of WINVote Voting Machines

No description available
Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Friday - 15:10-15:40


A CTF That Teaches: Challenging the Next Generation of ICS Ethical Hackers

August 10, 2018 3:10 PM

Today's evolving threat landscape makes training new talent to defend critical infrastructure networks more important than ever. One way to both help people build their technical skills and introduce new people to the world of ICS security is with Capture-the-Flag exercises (CTFs). This presentation will analyze the development of a real-life CTF, including some of the problems faced and how to solve them, to show how you can create challenging, yet educational, CTFs to train the next generation of ICS defenders.

Speaker Information

Brandon Workentin

SecurityMatters

Brandon Workentin joined SecurityMatters as an ICS Security Engineer in early 2017. Prior to that, Brandon worked for EnergySec, where he started as an intern in 2014 and finished as a Cybersecurity Analyst II. At EnergySec, Brandon focused on security regulations, including the NERC CIP cybersecurity standards, as well as threats, research, and news affecting the electric industry. He was also involved in the creation of the EnergySec Information Sharing and Analysis Organization (ISAO), as well as a member of multiple ISAO Standards Organization Working Groups. Prior to joining the cybersecurity field, Brandon spent several years teaching math and English in Idaho and Oregon. Brandon also enjoys public speaking, highlighted by having presented on ICS security at multiple BSides events. He has a BA in Mathematics and English Education from Northwest Nazarene University and an AS in Cybersecurity and Networking from Mt. Hood Community College.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 13:00-13:45


A Journey Into Hexagon: Dissecting a Qualcomm Baseband

Thursday at 13:00 in 101 Track, Flamingo
45 minutes |

Seamus Burke Hacker

Mobile phones are quite complicated and feature multiple embedded processors handling wifi, cellular connectivity, bluetooth, and other signal processing in addition to the application processor. Have you ever been curious about how your phone actually makes calls and texts on a low level? Or maybe you want to learn more about the internals of the baseband but have no clue where to start. We will dive into the internals of a qualcomm baseband, tracing it's evolution over the years until its current state. We will discuss the custom, in-house DSP architecture they now run on, and the proprietary RTOS running on it. We will also cover the architecture of the cellular stack, likely places vulnerabilities lie, and exploit mitigations in place. Finally we will cover debugging possibilities, and how to get started analyzing the baseband firmware—how to differentiate between RTOS and cellular functions, how to find C std library functions, and more.

Seamus Burke
Seamus Burke is an undergraduate student at UMBC pursing a degree in CS, he has been working in the security field field since he was 16 and has held a variety of positions from SOC analyst to malware analyst, to vulnerability researcher. Currently his research focus is on cellular baseband and kernel rootkits. When he's not staring at IDA, he likes to spend his time wrenching on cars and racing.

@AlternateAdmin


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 13:00-13:30


Title: A Rundown of Security Issues in Crypto Software Wallets

Speakers: Marko Bencun

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 17:35-17:59


A SOC in the Village

August 11, 2018 5:35 PM

Security operation centers (SOC) have a been around on the enterprise networks for a while now, but what about OT SOCS? This talk will cover some technologies that are available for the plant floor that works with your SOC. After the talk, a live demonstration will take place in the ICS Village.

Speaker Information

Thomas VanNorman

Dragos

Thomas has been working in Operational Technology field for more than two decades. He is currently the Director of Engineering Services at Dragos, and a Founding Member of ICS Village. Thomas is also retired from the Air National Guard where he worked in Cyber Warfare Operations. For over the past 10 years Thomas focus area has been working on securing Industrial Control Systems and the networking of such systems leveraging his operational knowledge of such systems. Thomas currently holds a Certified Information Systems Security Professional (CISSP) through ISC(2), Global Industrial Cyber Security Professional (GICSP) and GIAC Certified Incident Handler (GCIH) both through GIAC.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 15:00-15:45


Title:
About the Open Cannabis Project

Open sourcing the full sequence of genomes of many strains
Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 14:00-14:59


Title: Accountability without accountability: A censorship measurement case study

Speakers: Speaker TBA

Description:

Protecting volunteers from retribution, and why the fear of unknown unknowns is paralyzing to the academic measurement community.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


ADRecon: Active Directory Recon

Saturday 08/11/18 from 1200-1350 at Table Six
Security professionals (Blue Team, Red Team), system administrators, etc.

Prashant Mahajan

ADRecon is a tool which extracts various artifacts (as highlighted below) out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD environment. The tool is useful to various classes of security professionals like system administrators, security professionals, DFIR, etc. It can also be an invaluable post-exploitation tool for a penetration tester. It can be run from any workstation that is connected to the environment, even hosts that are not domain members. Furthermore, the tool can be executed in the context of a non-privileged (i.e. standard domain user) accounts. Fine Grained Password Policy, LAPS and BitLocker may require Privileged user accounts. The tool will use Microsoft Remote Server Administration Tools (RSAT) if available, otherwise it will communicate with the Domain Controller using LDAP.

The following information is gathered by the tool: Forest; Domain; Trusts; Sites; Subnets; Default Password Policy; Fine Grained Password Policy (if implemented); Domain Controllers, SMB versions, whether SMB Signing is supported and FSMO roles; Users and their attributes; Service Principal Names (SPNs); Groups and memberships; Organizational Units (OUs); ACLs for the Domain, OUs, Root Containers and GroupPolicy objects; Group Policy Object details; DNS Zones and Records; Printers; Computers and their attributes; LAPS passwords (if implemented); BitLocker Recovery Keys (if implemented); and GPOReport (requires RSAT).

https://github.com/sense-of-security/ADRecon

Prashant Mahajan
Prashant Mahajan is a Security Consultant at Sense of Security Pty Ltd. He has experience with various aspects of Information Security including penetration testing, vulnerability analysis, digital forensics and incident response. Prashant is a founding member of Null—The Open Security Community and frequent speaker at industry events.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Friday - 13:00-14:59


Advanced APT Hunting with Splunk

You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the "fictional" APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre Att&ck framework and how these concepts can frame your hunting. Then we look deep in the data using Splunk and OSINT to find the APT activity riddling a small startup's network. We walk you through detecting lateral movement, the P of APT, and even PowerShell Empire. Then at the end, we give you a similar dataset and tools to take home and try newly learned techniques yourself.

Ryan Kovar fought in the cyberwars and has been doing cybery things for almost 20 years. Now he is a Principal Security Strategist at Splunk building cool stuff, talking about security thingies, and helping other people fight their battles. He hates printers.

John Stoner is a Principal Security Strategist at Splunk. During his career he has worked in operations, consulting and solutions engineering. In his current role, he leverages his many years of experience in log management, SIEM, security operations and threat intelligence to provide solutions that drive greater situational awareness for organizations.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Sunday - 11:00-12:59


Advanced APT Hunting with Splunk

You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the "fictional" APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre Att&ck framework and how these concepts can frame your hunting. Then we look deep in the data using Splunk and OSINT to find the APT activity riddling a small startup's network. We walk you through detecting lateral movement, the P of APT, and even PowerShell Empire. Then at the end, we give you a similar dataset and tools to take home and try newly learned techniques yourself.

Ryan Kovar fought in the cyberwars and has been doing cybery things for almost 20 years. Now he is a Principal Security Strategist at Splunk building cool stuff, talking about security thingies, and helping other people fight their battles. He hates printers.

John Stoner is a Principal Security Strategist at Splunk. During his career he has worked in operations, consulting and solutions engineering. In his current role, he leverages his many years of experience in log management, SIEM, security operations and threat intelligence to provide solutions that drive greater situational awareness for organizations.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Saturday - 10:00-13:59


Advanced Custom Network Protocol Fuzzing

Saturday, 1000-1400 in Icon C

Joshua Pereyda Software Engineer

Timothy Clemans Software Engineer

Get hands on experience writing custom network protocol fuzzers. This class will cover the basics of network protocol "smart fuzzing." Exercises will utilize the open source network protocol fuzzing framework, boofuzz. Attendees will gain practice reverse engineering a network protocol, implementing and iterating on a custom fuzzer, and identifying vulnerabilities.

After:
1. You will know the basics of fuzzing.
2. You will know how to write custom network protocol fuzzers using state of the art open source tools.
3. You will have hands on experience with this widely-discussed but still largely mysterious test method.

Before:
1.You should be comfortable doing some programming in Python.
2. You should understand basic network protocol concepts.
3. You should be familiar with WireShark and how to use it.

What you won't learn:
1. Exploit development.
2. Python programming. Because you can already do that (see above).

Prerequisites:
- Some basic Python programming experience (some programming ability is REQUIRED).
- Basic understanding of network protocols.
- Basic familiarity with Wireshark.
- Optional: Fuzzing experience.

Materials:
- Laptop with physical Ethernet port -- strongly recommended: configure for secure Wi-Fi access beforehand.
- Python 2.7 and pip installed and updated.
- Linux recommended but Windows OK.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/advanced-custom-network-protocol-fuzzing-icon-c-tickets-47194829004
(Opens July 8, 2018 at 15:00 PDT)

Joshua Pereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. Among his passions are hacking, teaching kids to program, listening to upper-crust orchestral performances with his wife, and figuring out how he can get paid to do it all... legally. Joshua is the maintainer of the boofuzz network protocol fuzzing framework. He has written fuzzers for fun, and profit (literally).

Timothy Clemans
Tim is a software engineer working in information security. He has worked for a startup and data analytics companies. He currently works in critical infrastructure with a focus on security and fuzzing. He cringes at the thought of insecure systems and so he seeks to improve the security of anyone who will listen. He enjoys a good hike, ice cream, and long walks on the beach.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Thursday - 14:30-18:30


Advanced Wireless Attacks Against Enterprise Networks

Thursday, 1430-1830 in Icon C

Gabriel Ryan Co-Founder & Principle Security Consultant, Digital Silence

Justin Whitehead CEO & Co-Founder, Digital Silence

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and additional required equipment will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.

Areas of focus include:

* Wireless reconnaissance and target identification within a red team environment
* Attacking and gaining entry to WPA2-EAP wireless networks
* LLMNR/NBT-NS Poisoning
* Firewall and NAC Evasion Using Indirect Wireless Pivots
* MITM and SMB Relay Attacks
* Downgrading modern SSL/TLS implementations using partial HSTS bypasses

Prerequisites: None

Materials: Students will need to bring a laptop with at least 8 gigs of RAM, a 64-bit operating system, at least 100 gigs of hard drive space (external drives are fine), and at least one free USB port. Students will also be required to download and install a virtual lab environment prior to participating in the workshop. Everything else will be provided by the instructor team.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/advanced-wireless-attacks-against-enterprise-networks-icon-c-tickets-47086648433
(Opens July 8, 2018 at 15:00 PDT)

Gabriel Ryan
Gabriel Ryan is a penetration tester and researcher with a passion for wireless and infrastructure testing. He currently serves a co-founder and principle security consultant for Digital Silence, a Denver based consulting firm that specializes in impact driven penetration testing and red team engagements.

Prior to joining Digital Silence, Gabriel worked as a penetration tester and researcher for Gotham Digital Silence, contributing heavily to their wireless security practice and regularly performing large scale infrastructure assessments and red teams for Fortune 500 companies. Some of Gabriel's most recent work includes the development of EAPHammer, an 802.11ac focused tool for breaching WPA2-EAP networks. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys producing music, exploring the outdoors, and riding motorcycles.

Justin Whitehead
Justin is an Army infantry veteran with over a decade of service. After retiring from the military, he went on to have a successful 7 year career in computer forensics and incident response. In 2015, he became a penetration tester at One World Labs, working under renowned security researcher Chris Roberts. He now serves as CEO and Co-Founder of Digital Silence, bringing a unique attention to detail and blend of blue and red team experience to the company. When he's not focused on his role as a security professional, Justin happily pursues his hobby of synchronized figure skating.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Saturday - 10:00-13:59


Adventures in Radio Scanning: Advanced Scanning Techniques with SDR

Saturday, 1000-1400 in Icon D

Richard Henderson

Bryan Passifiume

Many cities around the world have implemented multi-million dollar "trunked" radio systems for their transit, municipal, public safety, police, fire and EMS radio networks. Large commercial organizations (like Caesar's) also use frequency sharing trunked radio systems due to the hundreds (if not thousands) of staff... all requiring radio access. This workshop will walk you through the basics of trunked radio systems, how they work, and how you can set up a listening post to decode these systems and listen in. This workshop will cover setting up and using the Trunk88 scanning software, and how to scan other conventional (non-trunked) radio systems such as MOTOTRBO, Tetra, EDACS, and other systems. Live interception and decoding of a trunked system and a DMR/TRBO system will be done by students. We will also quickly walk through scanning popular archaic pager systems like POCSAG.

Prerequisites: A basic understanding of SDR scanning would be incredibly helpful, but is not essential. We can walk students through it.

Materials: In this case, we will require each student to bring a Windows laptop (not a Surface tablet please) and *at least* 2 USB DVB-T RTL2832U+R820T sticks in order to properly intercept and decode trunked radio systems. The more sticks students bring, the more voice channels they will be able to simultaneously monitor and record. A very limited number of additional sticks will be available to borrow. Please make sure you have them!

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/adventures-in-radio-scanning-advanced-scanning-techniques-with-sdr-icon-d-tickets-47194754782
(Opens July 8, 2018 at 15:00 PDT)

Richard Henderson
Richard Henderson is a writer, researcher, and ham radio/electronics nerd who has worked in infosec and technology for well over a decade. Richard is currently co-authoring a book on cybersecurity for ICS/Scada systems.

Bryan Passifiume
Bryan Passifiume is a journalist, writer and photographer who writes for one of Toronto's largest newspapers. A National Newspaper Awards nominee, and a co-founder of the alt-amateur radio group Hamsexy, he's been involved in the monitoring and radio hacking scene for nearly twenty years.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 15:15-15:45


Adventures in the dark web of government data - Marc DaCosta

Government bureaucracy is your friend. The US federal government alone produces tens of thousands of different forms that collect information on everything from the owner and location of every oil well in the country, to the VIN number of every car that’s imported, the location and height of every cell phone tower, and much more. While most of this data is locked behind clunky 1990s-era search forms, or in exports of antiquated database formats, the enterprising researcher will find a treasure trove that exists outside the indexes of Google and LexisNexis.

I have written scrapers and parsers for 100s of these databases and will share with you what I’ve learned about coaxing OSINT out of some of the messiest and hard to find data out there.

The talk will specifically feature a deep dive into the data produced by the US Federal Communications Commission. The FCC has issued over 20 million licenses for transmitting on regulated parts of the electromagnetic spectrum. The data residue of this process can be used for everything from geo-locating electronic border surveillance infrastructure to discovering the location and transmission frequency of every McDonald’s drive-thru radio. In the second portion of the talk, I will discuss how various protocols for data transmission can be decoded and joined with other contextual public data. For instance, every cargo ship emits an ““Automated Identification System”” signal that can be joined with shipping records to understand what the ship is carrying.

By the end of the talk, I hope attendees will develop new intuitions and techniques for finding and working with government data, and specifically have the tools to run their own investigations using FCC data.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 10:20-10:40


Adversarial Patches

Sven Cattell

Adversarial examples fooling machine learning field are a burgeoning field. We propose applications to fool self driving cars or facial recognition systems but most of the techniques are purely academic. They require minute manipulations to the bit values of the pixels entering a system. Adversarial patches are an attack that could actually work. This talk will cover how to make them and further applications

I got my Ph.D. in algebraic topology in 2016 and immediately moved into machine learning to work on something useful to people. I then completed a post-doc in mathematical machine learning where I worked on medical data. I now work at endgame.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Sunday - 10:40-10:59


AI DevOps: Behind the Scenes of a Global Anti-Virus Company’s Machine Learning Infrastructure

Alex Long

“Thus far, the security community has treated machine learning as a research problem. The painful oversight here is in thinking that laboratory results would translate easily to the real world, and as such, not devoting sufficient focus to bridging that gap. Researchers enjoy the luxuries of neat bite-sized datasets to experiment upon, but the harsh reality of millions of potentially malicious files streaming in daily soon hits would-be ML-practitioners in the face like a tsunami-sized splash of ice water. And while in research there’s no such thing as ““too much”” data, dataset sizes challenge real-world cyber security professionals with tough questions: ““How will we store these files efficiently without hampering our ability to use them for day-to-day operations?”” or ““How do we satisfy competing use-cases such as the need to analyze specific files and the need to run analyses across the entire dataset?”” Or maybe most importantly: ““Will my boss have a heart-attack when he sees my AWS bill?””

In this talk, we will provide a live demonstration of the system we’ve built using a variety of AWS services including DynamoDB, Kinesis, Lambda, as well as some more cutting edge AWS services such as Redshift and ECS Fargate. We will go into depth about how the system works and how it answers the difficult questions of real world ML such as the ones listed above. This talk will provide a rare look into the guts of a large-scale machine learning production system. As a result, it will give audience members the tools and understanding to confidently tackle such problems themselves and ultimately give them a bedrock of immediately practical knowledge for deploying large-scale on-demand deep learning in the cloud.”

Alex Long is currently working as a programmer on the Sophos Datascience Team where he builds tools, scalable backends, and cool visualizations to support the team’s research. His latest work has been on creating an online platform for researchers to publish, evaluate, and distribute their latest AI models, thus streamlining the process of productizing AI breakthroughs.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 16:00-16:45


All your family secrets belong to us—Worrisome security issues in tracker apps

Saturday at 16:00 in Track 2
45 minutes | Demo, Exploit

Dr. Siegfried Rasthofer Fraunhofer SIT

Stephan Huber Hacker

Dr. Steven Arzt Hacker

Google Play Store provides thousands of applications for monitoring your children/family members. Since these apps deal with highly sensitive information, they immediately raise questions on privacy and security. Who else can track the users? Is this data properly protected? To answer these questions, we analyzed a selection of the most popular tracking apps from the Google Play Store.

Many apps and services suffer from grave security issues. Some apps use self-made algorithms instead of proper cryptography for data storage and transmission. Others do not even attempt to protect their communication at all and make use of the unprotected http protocol, or even give an attacker full access to a vulnerable backend system. Hard coded database credentials in apps allowed access to all stored user locations. We would be able to extract hundreds of thousands of tracking profiles, even in real time. In others, this wasn't even necessary, because the user authentication could be bypassed altogether. Flaws in server API allowed us to extract all user credentials (1.7m plain text passwords), further we saw full communication histories containing messages, pictures and location data.

In total, the state of tracker apps is worrisome, effectively leading to users unknowingly installing espionage software on their devices.

Dr. Siegfried Rasthofer
Siegfried is the head of department Secure Software Engineering at Fraunhofer SIT (Germany) and his main research focus is on

applied software security. He has received a PhD, master's degree and bachelor's degree in computer science and IT-security. He is the founder of the CodeInspect reverse engineering tool and founded TeamSIK.

During his research, he develops tools that combine static and dynamic code analysis for security purposes. Most of his research is published at top tier academic conferences and industry conferences

like DEF CON, BlackHat, AVAR or VirusBulletin.

Stephan Huber
Stephan is a security researcher at the Testlab mobile security group at the Fraunhofer Institute for Secure Information Technology (SIT).

His main focus is Android application security testing and developing new static and dynamic analysis techniques for app security evaluation.

He found different vulnerabilities in well-known Android applications and the AOSP. He gave talks on conferences like DEF CON, HITB, AppSec or VirusBulletin. In his spare time he enjoys teaching students in Android hacking.

Dr. Steven Arzt
Steven is currently a researcher at the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt.

He has received a PhD, a master's degree in computer science, and a master's degree in IT Security from Technische Universität Darmstadt.

Steven is one of the core maintainers of the Soot open-source compiler framework that is now used for static analysis and program instrumentation by various research groups around the world. He is also actively maintaining the FLOWDROID open-source static data flow tracker.

His main research interests center on (mobile) security and static and dynamic program analysis applied to real-world security problems, an area in which he has published various research papers over the last years.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 15:00-15:45


All your math are belong to us

Saturday at 15:00 in Track 1
45 minutes | Demo, Tool, Exploit, Audience Participation

sghctoma Lead security researcher @ PR-Audit Ltd., Hungary

First of all, it's math. Not meth. So everybody be cool, I'm not gonna touch your central nervous system stimulant substances. Now that this is established, I can start telling my story. And this story, like all good stories, begins where it ends.

Wait, no, not really.

It begins at a birthday party where the sister of a friend asked if I could help her with MATLAB. No matter how horrible memories I had about MATLAB, I just couldn't say no. So the next day, there was I, sitting in my room, installing the trial. And that's when the hacking started...

Believe me, there were a lot to hack in this case! Several gigabytes of installed materials, a few web servers, cloud integration, clustering capabilities, you name it. These software are bloated, they are basically their own little operating systems.

Yup, I used plural. Because I thought why discriminate MATLAB? I should really give a chance to Maple and Mathematica to fail too!. I did, and they did fail, and these failures gave the material for my talk. Basically this will be a dump of exploits (RCEs, file disclosures, etc.), and if you use any of those software and you are at least a bit security conscious, you should definitely listen to it.

sghctoma
Toma is the lead IT security researcher at PR-Audit Ltd., a company focusing mainly on penetration testing and SIEM software development. Previously he participated in a cooperation between ELTE Department of Meteorology and the Paks Nuclear Power Plant Ltd., the goal of which was to develop TREX, a toxic waste emission simulator using CUDA.

The scene from RoboCop where Nikko defeats the ED-209 with just a laptop and a serial cable made a huge impression on him, and after seeing the movie, his path was set: he was bound to be a hacker. His first experiences in this field involved poking around various copy protection schemes, and to this day his favorite areas of expertise are the ones that require some mangling of binary files. Besides computer security he also loves mountain biking, flight simulators, and builds and flies acro quadcopters.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 11:00-11:45


An Attacker Looks at Docker: Approaching Multi-Container Applications

Friday at 11:00 in 101 Track, Flamingo
45 minutes | Demo

Wesley McGrew Director of Cyber Operations, HORNE Cyber

Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale applications. The good news: this is likely to make your life easier as an attacker.

While exploitation and manipulation of traditional monolithic applications might require specialized experience and training in the target languages and execution environment, applications made up of services distributed among multiple containers can be effectively explored and exploited "from within" using many of the system- and network-level techniques that attackers, such as penetration testers, already know.

The goal of this talk is to provide a hacker experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. Docker is used as a concrete example for the case study. A hacker can expect to leave this presentation with a practical exposure to multi-container application post-exploitation.

Wesley McGrew
Wesley currently oversees and participates in offense-oriented operations as Director of Cyber Operations for HORNE Cyber. He has presented on topics of penetration testing and and malware analysis at DEF CON and Black Hat USA. He teaches a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systens.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 15:00-16:59


Title: An Introduction to Kovri

Speakers: Anonimal

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 12:00-12:30


An OSINT Approach to Third Party Cloud Service Provider Evaluation

Lokesh Pidawekar, Senior Cloud and Application Security Engineer at Cisco

In the era of third party cloud service providers where enterprise critical data is hosted and shared with various vendors, third party security reviews have become essential part of Information Security. It has become a challenge for security teams to ensure parity is maintained between security controls that are available on premise, to those offered by the cloud provider. Typically, companies send a word document or excel sheet to get answers from cloud providers, however, this process is done only once and the review is point in time. In this talk, the attendees will learn about various methods of identifying security posture of the third-party cloud service using information available on Internet, how to use this information for performing cloud service review and improve their own cloud offerings. This can also supplement the tedious questionnaire process and provide an option to fast track the vendor reviews.

Lokesh Pidawekar (Twitter: @MaverickRocky02) work as Senior Cloud and Application Security Engineer in Cisco InfoSec team where he is responsible for designing secure architecture for applications, evaluating third party cloud service providers, and providing training to enterprise architects. He has Master's in Information Assurance & Cyber Security from Northeastern University, Boston. Previously, he has spoken at BSides Las Vegas, DEFCON Packet Hacking Village talks, OWASP Boston chapter and CarolinaCon. He likes to read about application vulnerabilities in free time and has reported security bugs to vendors as part of their bug bounty program.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 17:30-18:15


Title:
An Overview of Hydroponic Grow Techniques

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Saturday - 14:30-18:30


Analyzing Malscripts: Return of the Exploits!

Saturday, 1430-1830 in Icon E

Sergei Frankoff Co-Founder, Open Analysis

Sean Wilson Co-Founder, Open Analysis

In recent years malscripts and file based exploits have become a main delivery method for malware. Malscripts are often heavily obfuscated and they can take many different forms including WScript, Javascript, macros, and PowerShell. There has also been been a rise in document based exploits used to deliver and execute these malscripts. As a result incident responders and malware analysts need to be comfortable analyzing different document formats, identifying potential exploits, and analyze malscripts.

In this workshop you will work through the triage of a live malware delivery chain that includes a malicious document, malicious scripts, and a final malware payload. During this process you will be exposed to different document based exploits, and you will practice the skills required to manually analyze malscripts. This workshop focuses on the fundamental analysis techniques used when identifying, deobfuscating, and analyzing maldocs and malscripts. However, we will also provide an introduction to automation tools and techniques that can be used to speed up the analysis process.

This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you have a good understanding of scripting languages like VBScript, and Javascript, and you are familiar with windows internals you should have no problem completing the workshop. You will be provided with a VirtualMachine to use during the workshop, please make sure to bring a laptop that meets the following requirements. Your laptop must have VirtualBox installed and working (VMWare is not supported). Your laptop must have at least 60GB of disk space free, preferably 100GB. Your laptop must be able to mount USB storage devices. Make sure you have the appropriate dongle if you need one.

Prerequisites: None

Materials: Students will be provided with a VirtualMachine to use during the workshop. They will need to bring a laptop that meets the following requirements:

- The laptop must have VirtualBox installed and working (VMWare is not supported).
- The laptop must have at least 60GB of disk space free, preferably 100GB.
- The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/analyzing-malscripts-return-of-the-exploits-icon-e-tickets-47194482969
(Opens July 8, 2018 at 15:00 PDT)

Sergei Frankoff
Sergei is a co-founder of Open Analysis, and volunteers as a malware researcher. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis. Sergei is a strong believer in taking an open, community approach to combating cyber crime. He actively contributes to open source tools and tries to publish as much analysis as possible. With over a decade of experience Sergei has held roles both as the manager of an incident response team, and as a malware researcher.

YouTube: https://www.youtube.com/oalabs

Sean Wilson
Sean is a co-founder of Open Analysis, and volunteers as a malware researcher. He splits his time between reverse engineering malware and building automation tools for incident response. He is an active contributor to open source security tools focused on incident response and analysis. Sean brings over a decade of experience working in a number of incident response and application security roles with a focus on security testing and threat modeling. In his free time Sean loves fly fishing.

YouTube: https://www.youtube.com/oalabs


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 10:40-11:10


Analyzing VPNFilter's Modbus Module

August 11, 2018 10:40 AM

Since May of 2018 Cisco Talos has been releasing information to the public detailing the capabilities of a nation-state sponsored malware campaign known as VPNFilter. This global, multi-year campaign targets numerous network routing devices which range from low-end small office, home office (SOHO) WiFi routers to rack-mount enterprise-grade network appliances. Of special interest to the ICS community is the existence of a post-exploitation module focused specifically on identifying a subset of Modbus traffic while also capturing credentials transmitted via HTTP. For our talk, we will discuss some background on the VPNFilter campaign, malware analysis, capabilities, and cover some hypothetical scenarios in which the Modbus module would be useful.

Speaker Information

Patrick DeSantis

Cisco Talos

As security researchers with Cisco Talos, Carlos Pacho (@carlosmpacho) and Patrick DeSantis (@pat_r10t) focus on discovering new and exploitable vulnerabilities in Industrial Control Systems (ICS) and other computing devices that have an impact on the physical world. The Talos ICS team has been responsible for the coordinated disclosure of dozens of ICS-related security vulnerabilities in devices ranging from secure industrial routers to programmable logic controllers (PLCs). They also built an ICS-controlled kegerator.

Carlos Pacho

Cisco Talos


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


Angad: A Malware Detection Framework using Multi-Dimensional Visualization

Saturday 08/11/18 from 1600-1750 at Table Two
Defense, Forensics, Network, Malware

Ankur Tyagi

Angad is a framework to automate classification of an unlabelled malware dataset using multi-dimensional modelling. The input dataset is analyzed to collect various attributes which are then arranged in a number of feature vectors. These vectors are then individually visualized, indexed and then queried for each new input file. Matching vectors are labelled as per their AV detection categories for now but this could be changed to a heuristics approach if needed. If dynamic behavior or network traffic details are available, vectors are also converted into activity graphs that depict evolution of activity with a predefined time scale. This results into an animation of malware/malware category's behavior traits and is also useful in identifying activity overlaps across the input dataset.

Malware detection is a challenging task as the landscape is ever-evolving. Every other day, a new variant or a known malware family is reported and signature driven tools race against time to add detection. The process worsens when the rate of incoming samples is in thousands on a daily basis, making static/dynamic analysis alone of no use.

Angad tries to address this issue by leveraging well-known data classification techniques to the malware domain. It tries to provide a known interface to the multi-dimensional modelling approach within a standalone package.

https://github.com/7h3rAm/angad

Ankur Tyagi
Bio: Ankur Tyagi is a Sr. Malware Research Engineer at Qualys Inc., where he analyzes malicious code and applies statistical modelling to identify suspicious patterns and evolving trends. His research interests include structural visualization techniques for classifying large collections of uncategorized samples. He has completed MS in Software Systems with focus on Applied Security.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 18:00-18:30


Title:
Announcing the Underhanded Crypto Contest Winners

6:00pm

Announcing the Underhanded Crypto Contest Winners
When
Fri, August 10, 6:00pm 6:30pm
Description
Speakers
-------
Adam Caudill
Taylor Hornby

Abstract
--------
This session announces the winners of the 5th annual Underhanded Crypto Contest.

Bio
-----------------
Adam Caudill and Taylor Hornby are the founders and organizers of Underhanded Crypto Contest; a contest dedicated to research in how to undermine cryptography in unusual and hard to detect ways.

Twitter handle of presenter(s)
------------------------------
@adamcaudill @DefuseSec

Website of presenter(s) or content
----------------------------------
https://underhandedcrypto.com

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 16:00-17:00


Title:
Anonymous rate-limiting in services with Direct Anonymous Attestation

4:00pm

Anonymous rate-limiting in services with Direct Anonymous Attestation
When
Sat, August 11, 4pm 5pm
Description
Authors
-------
Alex Catarineu
Philipp Claen
Konark Modi
Josep M. Pujol

Abstract
--------
Anonymous data collection systems allows users to contribute the data necessary to build services and applications while preserving their privacy.

Anonymity, however, can be abused by malicious agents, injecting fabricated data, aiming to subvert or to sabotage the data collection.

At Cliqz we deal with the same challenge. Our data collection systems in Cliqz Browser and Extension which power our search engine[1], anti-tracking systems[2] are designed in a way that server cannot link that two messages are from the same user.
But if the user is fully anonymous, how can the system prevent an attacker
from polluting the data collection?

We will showcase an efficient mechanism to block an attacker without compromising the privacy and anonymity of the users.
This system builds on top of Direct Anonymous Attestation, a proven cryptographic primitive to implement service rate-limiting in a scenario where messages between users and the service are sent anonymously and message unlinkability is to be preserved.
Rate-limiting constraints for a service are defined as an arbitrary mapping from every possible valid message to a 'rate-limiting tag' string, in such a way that the constraints can be enforced if the service never accepts more than one message from the same user with same tag.
Under this definition, we employ DAA protocol to enforce these 'message quotas' without being able to link user messages. If authorized, users receive credentials issued by the service. These can be used to sign messages with respect to a 'basename' string, in such a way that two signatures performed with the same credentials are unlinkable if and only if their basenames are different. By forcing the mentioned rate-limiting tag to be in the signature basename the rate-limiting constraints can be enforced.
Service will verify the signature according to the DAA protocol and accept the message if and only if the tag that maps to the rate-limiting basename has still not been seen.

We present all components needed to build and deploy such protection on existing
data collection systems with little overhead.

This system which is running in production for Cliqz browser is however not limited to browsers or extensions, it has been implemented in a scenario where user code is running in a web browser, thanks to WebAssembly and asm.js.

References:
1. Human-web Overview: https://gist.github.com/solso/423a1104a9e3c1e3b8d7c9ca14e885e5
2. Anti-tracking: https://static.cliqz.com/wp-content/uploads/2016/07/Cliqz-Studie-Tracking-the-Trackers.pdf


Bio
-----------------
Speaker 1: Alex Catarineu
Alex works with Cliqz GmbH as a Software Engineer developing privacy-focused search engine and browser. He works on projects ranging across Privacy by design, Human-web, Human-web proxy network, Connect etc. Prior to Cliqz, he started working in a mobile analytics startup in Barcelona. After that, Alex and some colleagues won an entrepreneurship grant to build a web application for helping people better organize their trips.He is interested in many fields, such as algorithms and data structures, cryptography, machine learning, graphics and video games. He is also a decent chess player and enjoys playing and improving at it.

Speaker 2: Konark Modi
Konark works as a Tech lead with Cliqz GmbH developing privacy-focused search engine and browser. He works on projects ranging across Privacy by design, Anonymous Data collection like Human Web, Anti-Tracking etc.

Prior to Cliqz, Konark was working with one of the largest e-commerce website in India(Makemytrip.com) in data platform and security team, solving interesting challenges related to DWH, BI and data security.

His recent personal projects, in an endeavor to help organizations fix vulnerabilities have spanned across browsers, health trackers, Government services, travel mobile apps etc.

Twitter handle of presenter(s)
------------------------------
Speaker 2: @konarkmodi

Website of presenter(s) or content
----------------------------------
Speaker 1: http://github.com/acatarineu/ , Speaker 2: https://medium.com/@konarkmodi

Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 14:00-14:40


Applied OSINT For Politics: Turning Open Data Into News - Lloyd Miller

“How do you apply open source intelligence techniques to politicians, candidates, and others holding the public trust? It’s easier than you think. This talk will outline the general principles for investigating public figures, how to take information and data and turn it into a news story even when the story is (often) incomplete, and then review several case studies that demonstrate the effectiveness of combining these techniques.


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Friday - 10:00-12:59


Applied Physical Attacks on Embedded Systems, Introductory Version

Joe FitzPatriclk, @arinerron, and @pixieofchaos

Abstract

This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi development board. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

What to Bring

No hardware or electrical background is required. Computer architecture knowledge, Linux internals, command-line familiarity, and low-level programming experience all very helpful but not actually required.

All equipment, including laptops, will be provided for use in the class. Students will be provided with a lab manual that includes an equipment list of all materials used for the class.

Max size: 24, first come first serve basis.

Bio

Joe (@securelyfitz) is an Instructor and Researcher at https://SecuringHardware.com (@securinghw). Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spent the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, hardware validators worldwide. When not teaching Applied Physical Attacks training, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.

@arinerron is a student, security enthusiast, CTF player, bug bounty hunter, software developer, and ham radio operator (K1ARE). He’s interested in many aspects of security, though most of his experience is in web and binary exploitation.

Chaos Pixie (@pixieofchaos) works for the man doing embedded systems security.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Mesquite Rm - Friday - 20:30-25:59


Title:
Arcade Party

Ever had the awesome experience of seeing the renowned @dualcoremusic or maybe you've heard the mad mixing skills of @KeithMyers - Well imagine BOTH of them, at one party! The EPIC #defcon26 @CarHackVillage and @ICS_Village Party will be Sat Night 10:30-2 Hope to see you there!

Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Archery—Open Source Vulnerability Assessment and Management

Saturday 08/11/18 from 1000-1150 at Table Two
Offense

Anand Tiwari

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.

https://github.com/archerysec/archerysec/

Anand Tiwari
Anand Tiwari is an information security professional with nearly 5 years of experience in offensive security, with expertise in Mobile and Web Application Security. Currently working with Philips Healthcare on securing medical devices. He has authored Archery—open source tool and has presented at Black Hat Asia 2018. In his free time, he enjoys coding and experimenting with various open source security tools. Twitter handle: @anandtiwarics


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Friday - 10:00-13:59


ARM eXploitation 101

Friday, 1000-1400 in Icon D

Sneha Rajguru Security Consultant, Payatu Software Labs LLP

ARM architecture based systems are on the rise and seen in almost every hand-held or embedded device. The increasing popularity and growth of the Internet of Things (IoT) have allowed widespread use of ARM architecture. As with any other thing in this world, increasing popularity and usage brings new security challenges and attacks. This workshop aims to provide an introduction to ARM architecture, assembly and explore intermediate level exploitation techniques on ARM along with hands-on examples and challenges.

This session is aimed at security professionals and personnel who possess general security knowledge and wish to enter the field of ARM exploitation.

The attendees will walk away with basic knowledge and skills of ARM Architecture, Assembly, and Exploitation techniques.

The workshop will provide a base for the attendees to develop exploit research expertise on the ARM based platforms

Topics Covered:

Introduction to ARM CPU Architecture
Registers
Modes of Operations
ARM Assembly Language Instruction Set
Introduction to ARM functions and working
Debugging on ARM
Stack Overflow on ARM
How to write a shellcode
How to reverse a shellcode

Prerequisites: The participants are not expected to have any prior knowledge about ARM architectures whereas familiarity with C and Linux Command line will be useful.

Materials: Hardware Requirements: Minimum 4GB RAM and more than 20 GB Free Hard Disk Space
Software Requirements:Windows 7/8, *Nix, Mac OS X 10.5, Administrative privileges on your machines, Virtualbox or VMPlayer, SSH Client

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/arm-exploitation-101-icon-d-tickets-47194115871
(Opens July 8, 2018 at 15:00 PDT)

Sneha Rajguru
Sneha works as Senior Security Consultant with Payatu Software Labs LLP. Her interests lies in web, mobile application security and fuzzing. She has discovered various security flaws within various open source applications such as PDFLite, Jobberbase, Lucidchart and more. She has spoken and provided trainings at various conferences such as DEFCON, BSides LV, BSidesVienna, OWASP AppSec USA, DeepSec, DefCamp, FUDCon, and Nullcon. Sneha is passionate about promoting and encouraging Women in Security and has founded an initiative called WINJA-CTF through which she hosts women-only CTFs and Workshops at conferences and other events. Sneha is also active in the local security community and hosts local security meet-ups in Pune. She leads the Pune chapter of null community.


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 12:00-12:59


Title: Asking for a Friend

Speakers: Speaker TBA

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 13:00-13:59


Title:
Assessments of Election Infrastructure and Our Understanding and sometimes whY

No description available
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 13:30-13:50


Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading

Sunday at 13:30 in Track 1
20 minutes | Tool

Ruo Ando Center for Cybersecurity Research and Development, National Institute of Informatics, Japan

Recently, the inspection of huge traffic log is imposing a great burden on security analysts. Unfortunately, there have been few research efforts focusing on scalablility in analyzing very large PCAP file with reasonable computing resources. Asura is a portable and scalable PCAP file analyzer for detecting anomaly packets using massive multithreading. Asura's parallel packet dump inspection is based on task-based decomposition and therefore can handle massive threads for large PCAP file without considering tidy parameter selection in adopting data decomposition. Asura is designed to scale out in processing large PCAP file by taking as many threads as possible.

Asura takes two steps. First, Asura extracts feature vector represented by associative containers of <sourceIP, destIP> pair. By doing this, the feature vector can be drastically small compared with the size of original PCAP files. In other words, Asura can reduce packet dump data into the size of unique <sourceIP, destIP> pairs (for example, in experiment, Asura's output which is reduced in first step is about 2% compared with the size of original libpcap files). Second, a parallel clustering algorithm is applied for the feature vector which is represented as {<sourceIP, destIP>, V[i]} where V[i] is aggregated flow vector. In second step, Asura adopts an enhanced Kmeans algorithm. Concretely, two functions of Kmeans which are (1)calculating distance and (2)relabeling points are improved for parallel processing.

In experiment, in processing public PCAP datasets, Asura can identified 750 packets which are labeled as malicious from among 70 million (about 18GB) normal packets. In a nutshell, Asura successfully found 750 malicious packets in about 18GB packet dump. For Asura to inspect 70 million packets, it took reasonable computing time of around 350-450 minutes with 1000-5000 multithreading by running commodity workstation. Asura will be released under MIT license and available at author's GitHub site on the first day of DEF CON 26.

Ruo Ando
Ruo Ando is associate professor of NII (National Institute of Informatics) by special appointment in Japan. He has Ph.D of computer science. Before joining NII, he was engaged in research project supported by US AFOSR in 2003 (Grant Number AOARD 03-4049). He has presented his researches in PacSec2011 (BitTorrent crawler) and GreHack2013 (DNS security). He was co-presenter of SysCan2009 and FrHack2009 (Virtual machine instrospection). His current research interest is network security.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Saturday - 10:00-13:59


Attack & Defense in AWS Environments

Saturday, 1000-1400 in Icon E

Vaibhav Gupta Security Researcher, Adobe Systems

Sandeep Singh Security Managing Consultant, NotSoSecure

AWS is the most widely used cloud environments today and almost every security professional have to encounter this environment whether you are attacking an organization or defending it. In this fast-paced workshop we will teach participants with some neat tools, techniques and procedures to attack the most widely used AWS services as well as to defend them.

- Recon / Information Gathering on AWS Services
- Attacking S3 buckets
- Exploiting web application flaws to compromise AWS services (IAM/KMS)
- Attacking Serverless applications
- Disrupting AWS Logging
- Attacking Misconfigured Cloud SDN

Takeaways: Students will be able to understand and appreciate the delta in attack surface which gets added due to moving to cloud. And subsequently design architecture and develop applications to defend them.

What will participants be provided?
- PDF copy of slide deck
- Lab VM
- Workshop lab manual
- Bonus labs

Target Audience:
- Cloud Security Engineers
- DevOps engineers
- Security Analyst
- Penetration Testers
- Anyone else who is interested in Cloud Security
- If you are an Expert or Advanced user, you may join us as co-trainers! :-)

Prerequisites: - Need to have AWS account (Free-tier) - Basic understanding of AWS

Materials: - Machine with at least 8 GB RAM and 20 GB free HD space - VirtualBox [VMs will be provided]

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/attack-defense-in-aws-environments-icon-e-tickets-47194715665
(Opens July 8, 2018 at 15:00 PDT)

Vaibhav Gupta
Vaibhav is working as a Security Researcher with Adobe Systems. His expertise lies in infusing design and architecture level security in applications hosted in-house and on cloud environments. With ~9 years of diverse InfoSec exposure, he has strong experience in attacking and defending applications including the ones hosted on the cloud. He is co-leading the OWASP and Null community in Delhi region and has delivered multiple sessions at the local and global stage. Vaibhav is also co-organizer for BSides Delhi.

Sandeep Singh
Sandeep is a Security Managing Consultant with NotSoSecure. He has over 5 years of experience in delivering high end security consulting services to clients across the globe. Sandeep has also worked in Detection and Response teams in the past. He is the co-lead of OWASP Delhi chapter and Community Manager of null community and actively contributes to the local security community. He has conducted and delivered many talks and workshops for the local community in the past. Sandeep is also one of the organizers of BSides Delhi.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Friday - 10:00-13:59


Attacking & Auditing Docker Containers Using Open Source

Friday, 1000-1400 in Icon E

Madhu Akula Security & DevOps Researcher, Appsecco

Developers and Operations teams (DevOps) have moved towards containers and modern technologies. Attackers are catching up with these technologies and finding security flaws in them. In this workshop, we will look at how we can test for security issues and vulnerabilities in Dockerised environments . Throughout the workshop we will learn how we can find security misconfigurations, insecure defaults and container escape techniques to gain access to host operating system (or) clusters. In the workshop, we will look at real world scenarios where attackers compromised containers to gain the access to applications, data and other assets.

By the end of workshop participants will be able to:

- Understand Docker security architecture
- Audit containerised environments
- Perform container escapes to get access to host environments

The participants will get the following:

- A Gitbook(pdf, epub, mobi) with complete workshop content
- Virtual machines to learn & practice
- Other references to learn more about topics covered in the workshop

Prerequisites: Basic familiarity with Linux and Docker

Materials: A laptop with administrator privileges
10 GB of free Hard Disk Space
Ideally 8 GB of RAM but minimum 4 GB
Laptop should support hardware-based virtualization
If your laptop can run a 64-bit virtual machine in Oracle VirtualBox it should work
Other virtualisation software might work but we will not be able to provide support for that.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/attacking-auditing-docker-containers-using-open-source-icon-e-tickets-47194085781
(Opens July 8, 2018 at 15:00 PDT)

Madhu Akula
Madhu is a security ninja and published author, security and devops researcher with extensive experience in the industry ranging from client facing assignments building scalable and secure infrastructure, to publishing industry leading research to running training sessions for companies and governments alike.

Madhu's research papers are frequently selected for major security industry conferences including Defcon 24, Blackhat USA 2018, All Day DevOps (2016, 2017), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n, Serverless Summit, ToorCon, DefCamp, SkydogCon, NolaCon and null, etc. Madhu was a keynote speaker for the National Cyber Security conference at Dayananda Sagar College in Feb 2016.

When he's not working with Appsecco's clients or speaking at events he's actively involved in researching vulnerabilities in open source products/platforms such as WordPress, Ntop, Opendocman etc. and is also a contributing bug hunter with Code Vigilant (a project to Secure Open Source Software). His research has identified many vulnerabilities in over 200 organisations including US Department of Homeland Security, Google, Microsoft, Yahoo, Adobe, LinkedIn, Ebay, At&t, Blackberry, Cisco, Barracuda etc. He is also an active member with Bugcrowd, Hackerone, Synack etc.

Madhu has trained over 5000 people in information security for companies and organisations including the Indian Navy and the Ministry of e-services in a leading Gulf state. He is co-author of Security Automation with Ansible2 book published by Packt Publishing in December 2017, which is listed as a resource by the RedHat Ansible itself.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Friday - 10:00-13:59


Attacking Active Directory and Advanced Defense Methods in 2018

Friday, 1000-1400 in Icon C

Adam Steed Security Consultant, Protiviti

James Albany Senior Consultant, Protiviti

This hands-on workshop teaches you how to both attack and defend Active Directory. We will start by deploying an Active Directory environment using the typical security settings found in most medium to large organizations. Participants will then learn current common methods and tools used to exploit Active Directory against a lab environment. Participants will create a hardened Active Directory environment using advanced methods to secure domain controllers from attack and then try to compromise their hardened environments.

Prerequisites: Some basic background in Active Directory

Materials: Need a laptop running a hypervisor that would support the import and running of multiple prebuilt virtual images.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/attacking-active-directory-and-advanced-defense-methods-in-2018-icon-c-tickets-47194199120
(Opens July 8, 2018 at 15:00 PDT)

Adam Steed
Adam Steed prides himself in not just being an Information Security professional, but has been part of the culture that has defined Defcon for the last two decades. He has over 20 years of experience in working for Financial, Websites and Healthcare organizations. Currently Adam is a Associate Director at Protiviti as part of the Security and Privacy practice, leading Active Directory assessments and remediation work for Protiviti's clients. He has also spoken at Defcon, Bsides and other events across the United States.

James Albany
James is a Senior Consultant in the Security and Privacy practice at Protiviti. He received a B.S. in Security and Risk Analysis with a specialization in Cyber Security from Penn State University. He currently provides information security services for a wide range of clients in various industries to identify and communicate business risks.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 14:30-15:15



Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 12:00-12:55


recompiler

Bio

Vlad is a driven security researcher with a passion for securing technology that makes civilized life possible. He is particularly focused on automotive security, satellite systems security, SCADA systems supporting the critical infrastructure and wireless networks. He specializes in the intersection of physical and network security. He has worked on DARPA projects, established and lead penetration testing teams for Fortune 50 organizations, performed incident response and forensics on sensitive production systems within controlled environments, reverse engineered security devices, and participated in countless red team engagements for banks, critical infrastructure, pharmaceutical companies, law firms and research organizations. Vlad has spoken at various security conferences including Bsides, DEFCON, Black Hat USA, HOPE, and ShmooCon. Vlad was a board member for NYC OWASP and remains committed to the security community working together to improve the security posture through developer education, end user training, peer- reviewed code and rigorous standardized testing methodologies.

@recompiler

Attacking Gotenna Networks

Abstract

"Talk will focus on privacy (or lack thereof) of gotenna networks. We will cover traditional attacks which have only been available to state sponsored prior to popularization and wide availability of software defined radios. We will cover signal analysis, triangulation, protocol analysis, deanonimization, cryptanalysis, spoofing and selective jamming. Since the gotenna ecosystem also includes an app we will cover the vulnerabilities in the underlying crypto libraries, weak token generation, broken API segregation as well as other vulnerabilities. You too can learn how to analyze, snoop on and exploit RF networks like a pro with a hackrf, laptop and some elbow grease, sweat and sleep deprivation. "


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 12:00-12:45


Attacking the macOS Kernel Graphics Driver

Sunday at 12:00 in Track 2
45 minutes | Demo, Exploit

Yu Wang Senior Staff Engineer at Didi Research America

Just like the Windows platform, graphic drivers of macOS kernel are complicated and provide a large promising attack surface for EoPs and sandbox escapes from low-privileged processes. After auditing part of the binaries, I discovered a number of vulnerabilities last year. Including, NULL pointer dereference, stack-based buffer overflow, arbitrary kernel memory read and write, use-after-free, etc. Some of these vulnerabilities were reported to Apple Inc., such as the CVE-2017-7155, CVE-2017-7163, CVE-2017-13883.

In this presentation, I will share with you the detailed information about these vulnerabilities. Furthermore, from the attacker's perspective, I will also reveal some new exploit techniques and zero-days.

Yu Wang
Yu Wang is a senior staff engineer at Didi Research America. He has previously presented on Syscan360 2012/2013, Hitcon 2013, Black Hat USA 2014, Black Hat ASIA 2016, Black Hat USA Arsenal 2018 and other conferences.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 16:00-16:45


Automated Discovery of Deserialization Gadget Chains

Friday at 16:00 in 101 Track, Flamingo
45 minutes | Tool

Ian Haken Senior Security Software Engineer, Netflix

Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, unsafe deserialization continues to be a vulnerability class that isn't going away. Attention on Java deserialization vulnerabilities skyrocketed in 2015 when Frohoff and Lawrence published an RCE gadget chain in the Apache Commons library and as recently as last year's Black Hat, Muñoz and Miroshis presented a survey of dangerous JSON deserialization libraries. While much research and automated detection technology has so far focused on the discovery of vulnerable entry points (i.e. code that deserializes untrusted data), finding a "gadget chain" to actually make the vulnerability exploitable has thus far been a largely manual exercise. In this talk, I present a new technique for the automated discovery of deserialization gadget chains in Java, allowing defensive teams to quickly identify the significance of a deserialization vulnerability and allowing penetration testers to quickly develop working exploits. At the conclusion we will also be releasing a FOSS toolkit which utilizes this methodology and has been used to successfully develop many deserialization exploits in both internal applications and open source projects.

Ian Haken
Ian Haken is a senior security software engineer at Netflix where he works on the platform security team to develop tools and services that defend the Netflix platform. Before working at Netflix, he spent two years as security researcher at Coverity where he developed defensive application security tools and helped to develop automated discovery of security vulnerabilities through static software analysis. He received his Ph.D. in mathematics from the University of California, Berkeley in 2014 with a focus in computability theory and algorithmic information theory.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 13:20-13:59


Automated Planning for the Automated Red Team

Andy Applebaum

“Offensive assessments – i.e., penetration testing, adversary emulation, red teaming – have become a key component of maintaining a secure network. Unfortunately, offensive assessments require significant resources, and can vary in quality and structure based on who specifically is conducting the assessment. In the past few years, we’ve seen people try to remedy this problem by creating automated offensive assessment tools, but the capabilities and goals of these tools are highly variable, and many either require personnel to manage them or lack the ability to conduct dynamic or end-to-end tests.

We believe that automated offensive assessments can be done better using automated planning. One of the older branches of AI, automated planning seeks to solve problems where an autonomous agent must determine how to compose a sequence of actions together to achieve an objective. Problems in this space can range from constructing offline deterministic plans, to planning under probabilistic conditions, or to planning in scenarios where the world and underlying model are un- or partially-known. Planning techniques have been applied to solve problems in a variety of domains, including controlling unmanned vehicles and designing intelligent agents in computer games.

In this talk, we’ll describe how we’ve leveraged concepts from the automated planning community to help us design CALDERA, a free, open source automated adversary emulation system. Using these concepts, CALDERA dynamically strings techniques – taken from MITRE ATT&CK™ – together to achieve objectives and conduct end-to-end tests. In addition to describing CALDERA itself, we’ll also discuss more generally some of the challenges and advantages of deploying automated planning to automated offensive assessments, discussing alternate approaches that we as well as others have considered in tackling this problem. Attendees should walk away with both an understanding of how they can use CALDERA as well as how planning can be used for automated offensive assessments.”

Andy Applebaum is a Lead Cyber Security Engineer at MITRE where he works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. Andy has contributed to MITRE’s ATT&CK framework and CALDERA adversary emulation platform, as well as other projects within MITRE’s internal research and development portfolio. Prior to working at MITRE, Andy received his PhD in computer science from the University of California Davis, where his dissertation topic was using argumentation logic for reasoning in cyber security. Andy’s work has been published in multiple conferences and workshops and has most recently spoken at Black Hat Europe. In addition to his PhD, Andy holds a BA in computer science from Grinnell College and the OSCP certification.


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 10:00-10:20


Automating DFIR: The Counter Future

Friday at 10:00-10:20
20 minutes

@rainbow_tables

Automation has been the forefront of almost every tool or talk in the recent years. The DFIR industry has been moving rapidly towards automating everything! With some great work being done in the area of integrating workflows and various toolsets to make things easier for analysts, automation has really taken off. While that sounds like a worthwhile solution to help SOC analysts weed out the run of the mill adware/PUPs or phishing expeditions, can we really automate a response to the more sophisticated or targeted attack on our company’s crown jewels?

The current argument being made, is that -- rather than building in house Incident Response teams, we should utilize automation to substitute analysts and use third party retainers for skilled analysis. Large investments in automation technologies, rather than resource development reflect this strategy. What does this mean for career progression for budding DFIR analysts? With security engineering taking the forefront, is analysis as a career in DFIR a dying star? Is automation moving us towards click forensics rather than intelligent analysis? I’d like to challenge groupthink, and debate where automation will lead the industry trends. Additionally, I will share some of my experiences in the changing face of DFIR.

@rainbow_tables
Rainbow_Tables is an experienced incident responder and forensic investigator. She enjoys her forays in various industries - media, telecom and software. She finds that her most intriguing experiences stem from the application of DFIR to those industries. Her passion lies within automating analysis methodologies to streamline the incident response process. She believes in innovating simple and innovative solutions to the challenges poised to incident responders by proliferation of advancing technologies.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 13:00-13:30


barcOwned—Popping shells with your cereal box

Sunday at 13:00 in Track 3
20 minutes | Demo

Michael West Technical Advisor at CyberArk

magicspacekiwi (Colin Campbell) Web Developer

Barcodes and barcode scanners are ubiquitous in many industries and work with untrusted data on labels, boxes, and even phone screens. Most scanners also allow programming via barcodes to manipulate and inject keystrokes. See the problem? By scanning a few programming barcodes, you can infect a scanner and access the keyboard of the host device, letting you type commands just like a Rubber Ducky. This culminates in barcOwned—a small web app that allows you to program scanners and execute complex, device-agnostic payloads in seconds. Possible applications include keystroke injection (including special keys), infiltration and exfiltration of data on air-gapped systems, and good ol' denial of service attacks.

Michael West
Michael West, aka T3h Ub3r K1tten, is a National Technical Advisor at CyberArk who likes cats. His homelab has over 640 kilobytes of RAM. Michael presents regularly at Dallas Hackers Association and enjoys combining his software dev background with infosec to build tools for others. His interests include OSINT, amateur radio, and scanning long barcodes on the beach.

@t3hub3rk1tten, https://mwe.st, https://barcowned.com

magicspacekiwi (Colin Campbell)
magicspacekiwi, aka Colin Campbell, is a Web Developer with a focus on user experience and considers security an important (but often neglected) part of that experience. They've managed to log over 1500 hours in Overwatch while being stuck in plat. Ask them about their nginx configs.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 17:45-18:30


Title: Batman, Brain Hacking, and Bank Accounts

Speaker: Katherine Pratt
About Katherine:
Katherine Pratt received her B.S. in aerospace engineering from MIT in 2008, where she received the MIT Women’s League Laya Weisner Award for public service to the university, and the MIT Aero/Astro James Means Memorial Award for Space Systems Engineering. She completed several internships with the private space venture Blue Origin, working in systems and propulsion engineering. After graduation, she served four years in the United States Air Force, working primarily as an operational flight test engineer on the F-35 Joint Strike Fighter. She is now a PhD Candidate in the BioRobotics Lab in the Electrical Engineering department of the University of Washington, and currently spending six months in Congress as a Congressional Innovation Scholar. Her work focuses on the privacy, ethics, and policy of neural data. In addition to research, Katherine is passionate about getting younger students, especially girls and minorities, interested in science and technology. She also competes in triathlons as a member of the Husky Triathlon Club and iracelikeagirl teams.
Abstract:
The advancement of technology means more data are being collected from a wider range of sources. Of particular concern is data collected using a Brain Computer Interface (BCI): a device that records neural signals and allows them to control objects external to the body. Applications for this
technology range from therapeutic (e.g. controlling a prosthetic arm) to entertainment (e.g. playing a video game). These cases provide malicious entities the ability to intercept, manipulate, or hack neural signals and the devices they control: it is the plot of Batman Forever (1995) come to life.
This talk will outline research in the field of neural security and information elicitation, as well as the corresponding ethical and policy implications.

Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 10:00-10:59


Title: BCOS keynote speech

Speakers: Philip Martin (VP Security, COINBASE)

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Friday - 13:50-14:20


Behavior-Based Defense in ICS Environments: Leveraging Minor Incidents to Protect Against Major Attacks

August 10, 2018 1:50 PM

Successful cyber-attacks against cyber-physical systems require expert knowledge about the dynamic behavior of the underlying physical process (yes, it is actually required). This information is a crucial part during the attack preparation. Previous work has shown manual acquisition of knowledge about process dynamics to be prohibitively laborious (we will show why). This talk will present first insights into automated process-aware system discovery that goes beyond IT-related trivia and focuses on the physical core of an industrial plant. We will share the results of 12 months’ worth of work, which approaches worked and which did not (and why). Notably, our work already had a follow up work at S4x2017, we will share the insights into that work too. Reverse engineering of the physical processes es is a novel topic for which we yet to find workable/standardized approaches. We encourage you to be a part of the process.

Speaker Information

Joe Slowik

Dragos

Joe Slowik currently hunts ICS adversaries for Dragos, pursuing threat activity groups through their malware, their communications, and any other data available. Prior to his time at Dragos, Joe ran the Incident Response team at Los Alamos National Laboratory, and served as an Information Warfare Officer in the US Navy. Throughout his career in network defense, Joe has consistently worked to 'take the fight to the adversary' by applying forward-looking, active defense measures to constantly keep threat actors off balance. An important part of this strategy is understanding adversary techniques and actions: good defense requires knowing (and at times practicing) offense.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Sunday - 14:00-14:45


Betrayed by the keyboard: How what you type can give you away

Sunday at 14:00 in 101 Track, Flamingo
45 minutes |

Matt Wixey Vulnerability R&D Lead, PwC

Attribution is hard. Typically, the most useful identifiers—IP addresses, email address, domains, and so on—are also the easiest things to spoof, obfuscate, or anonymise. Whilst more advanced techniques, such as correlating malicious activity with timezones, or linking attacks through the use of similar techniques or malware, can be useful, they tend to take investigators further away from the individuals responsible; at best, some inference about the country or specific actor group/collective can be made.

In this talk, I present a method for linking incidents to individual attackers with a high degree of accuracy, based on extremely fine-grained behavioural characteristics. This involves an investigatory technique known as "case linkage analysis" (CLA), which uses granular aspects of crime scene behaviours to link common offenders together through statistical comparison. It's been applied to some crime types before, but never to cyber attacks.

I'll cover how CLA works, its advantages and disadvantages, and how it has previously been applied to a range of crimes, from burglary to homicide. I'll place it within the context of personality psychology, biometrics, forensic criminology, offender profiling, and forensic linguistics; and will walk through applying it practically.

I'll then show the results of a novel experiment I conducted applying CLA to network intrusion attacks, which involved logging the keystrokes of volunteer attackers across different simulated intrusions, breaking these down into specific behaviours and syntax, and using these to link individuals to their offences. The end result: the way you type commands, including your choice and order of syntax, switches, and options, can form distinctive behavioural signatures, which can be used to link attackers together. Linking accuracy rates as high as 99% were achieved.

Finally, I'll talk about the implications for both defenders and everyone else (particularly focusing on the privacy implications), explore ways in which these techniques could be defeated, and outline some ideas for future research in these areas.

Matt Wixey
Matt leads technical research for the PwC Cyber Security practice in the UK, works on its Ethical Hacking team, and is a PhD candidate at University College London. Prior to joining PwC, Matt led a technical R&D team for a law enforcement agency in the UK. His research interests include antivirus and sandboxing technologies, unconventional attack vectors, side-channels, and radio security.

@darkartlab


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 14:00-14:30


Beyond Adversarial Learning – Security Risks in AI Implementations

Kang Li

A year after we discovered and reported a bunch of CVEs related to deep learning frameworks, many security and AI researchers have started to pay more attention to the software security of AI systems. Unfortunately, many deep learning developers are still unaware of the risks buried in AI software implementations. For example, by inspecting a set of newly developed AI applications, such as image classification and voice recognition, we found that they make strong assumptions about the input format used by training and classifications. Attackers can easily manipulate the classification and recognition without putting any effort in adversarial learning. In fact the potential danger introduced by software bugs and lack of input validation is much more severe than a weakness in a deep learning model. This talks will show threat examples that produce various attack effects from evading classifications, to data leakage, and even to whole system compromises. We hope by demonstrate such threats and risks, we can draw developers’ attention to software implementations and call for community collaborative effort to improve software security of deep learning frameworks and AI applications.

Kang Li is a professor of computer science and the director of the Institute for Cybersecurity and Privacy at the University of Georgia.  His research results have been published at academic venues, such as IEEE S&P, ACM CCS and NDSS, as well as industrial conferences, such as BlackHat, SyScan, and ShmooCon.  Dr. Kang Li is the founder and mentor of multiple CTF security teams, including SecDawg and Blue-Lotus.  He was also a founder and player of the Team Disekt, a finalist team in the 2016 DARPA Cyber Grand Challenge.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Octavius 9 - Saturday - 20:00-19:59


Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape

Saturday at 20:00 in Octavius 9
Fireside Hax |

Matt Goerzen Researcher, Data & Society

Dr. Jeanna Matthews Fellow at Data & Society, Associate Professor of Computer Science at Clarkson University

Joan Donovan Media Manipulation/Platform Accountability Research Lead, Data and Society in Manhattan

White hat or critical grey hat trolling? Trolling as art? Trolling as hybrid warfare? Trolling as propaganda? In this Fireside Hax, we will challenge your assumptions about trolling. Trolls are attention hackers, using social and technical means to bait journalists, set agendas, game media gatekeepers, and direct audiences. Sometimes they also have fun. We will discuss a range of trolling techniques like sockpuppeting, dogpiling, doxing, attention honeypots, and cognitive denial of service attacks that we have not seen concisely catalogued elsewhere. We will also discuss high-profile examples of trolling such as"training" the Microsoft Tay chatbot, fake Antifa accounts, Russian sockpuppet accounts, and Phineas Fisher's use of Hacking Team's twitter account--and ask attendees to consider each as black hat attacks or grey hat attempts to point out critical societal vulnerabilities that should be"patched." We will also talk about"troll the troll" accounts like ImposterBuster and YesYoureRacist and the role"white hat trolls" might play in auditing platforms or proposing platform-based controls. Time permitting, we will discuss art projects that trollishly critiqued the European Commission, Google AdSense, and the NSA. This will not be a lecture and it will not shy away from controversy. Join two members of the Media Manipulation Team at Data & Society to collectively consider the role trolling can play in pointing out the flaws in our attention/media landscape.

Matt Goerzen
Matt Goerzen studies trolling techniques and cultures as part of the Media Manipulation team at Data & Society. He's also applied many of the techniques in the art world, for example by once developing an absurdist AdSense campaign ostensibly designed to sell a hideous sculpture to art collector Shaquille O'Neal, but more accurately designed to piggyback off of free clickbait media attention to inform readers about psychometric ad tech practices. He has written an academic study of contemporary artists who function as what he calls"critical trolls," arguing that trolling can be seen as an extension of the politicized attentional strategies used by the 20th-century avant-garde. His current work at Data & Society focuses on mapping the way white supremacists and state actors have appropriated trolling techniques for use in influence operations as a form of"bottom-up agenda setting."

Dr. Jeanna Matthews
Jeanna Matthews is an associate professor of Computer Science at Clarkson University and a 2017-18 fellow at Data and Society where she has been collaborating with the Media Manipulation team. She was a speaker and DEF CON 23 and 24, both times on the topic of vulnerabilities in virtual networks. Her broader research interests include virtualization, cloud computing, computer security, computer networks, operating systems and algorithmic accountability and transparency. Jeanna received her Ph.D. in Computer Science from the University of California at Berkeley and is an ACM Distinguished Speaker.

@jeanna_matthews

Joan Donovan
Joan Donovan is the Media Manipulation/Platform Accountability Research Lead at Data and Society in Manhattan. After completing her PhD in Sociology and Science Studies at the University of California San Diego, she was a postdoctoral fellow at the UCLA Institute for Society and Genetics, where she researched white supremacists' use of DNA ancestry tests, social movements, and technology. For several years, Joan has conducted action research with different networked social movements in order to map and improve the communication infrastructures built by protesters. In her role as a participant, she identifies information bottlenecks, decodes algorithmic behavior, and connects organizations with other like-minded networks.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 17:00-17:45


Title: Biohacking the Disability

Speaker: Gabriel Bergel
About Gabriel:
Gabriel Bergel is a System Engineer, Master in Cybersecurity from the IMF Business School and the Camilo José Cela University (Spain) and has 15 years
of experience in different areas of information security. He regularly speakers in courses, workshops and forums on information security in different
institutions, universities and national and international events. Currently he is Chief Executive Officer (CEO) of Vulnscope, Chief Strategy Officer (CSO)
of Dreamlab Technologies, and Chief Security Ambassador (CSA) of Eleven Paths, Director of Public Policies in Whilolab and Founder and Organizer of 8.8 Computer
Security Conference.
Speaker: Rodrigo Quevedo:
About Rodrigo:
Specialist in technological architecture and management, entrepreneur, teacher, inventor and mentor of scientific talents, with a high social and service vocation, fully dedicated to the development of mechatronics and robotics technology in different fields, for 10 years he has trained more than 3000 young people in Chile, Peru, Bolivia and Colombia,
allowing more than 700 young people to travel to the USA to compete in robotic tournaments, forming 34 teams that have competed in national and international tournaments, obtaining various awards in Japan, USA and Chile. Speaker at various universities, colleges, innovation and entrepreneurship events, national and international. Interviewed by different
means of print and television, national and international. Guest writer of technological columns in various specialized magazines. Inventor of 14 products, including MIVOS, bidirectional automatic translator of signlanguage for deaf people.
Abstract:
"The talk is about the project “Over Mind”. That it is a neuro wheelchair control software developed to help people with different physical abilities who have reduced mobility and use wheelchairs, by capturing data provided by neuro sensors or other sources of information, the software converts them into an order of movement to one or several engines, allowing the movement of a wheelchair. “Over Mind” will allow you to control any adapted electric wheelchair. You can also control an exoskeleton or other mechanism that facilitates the mobility of people. We have managed to control a high-tech robot using our Over Mind software and using a sensor provided by Neurosky
The Problem:
The 1% of the world population cannot move by itself, for various reasons such as Amyotrophic lateral sclerosis (ALS), accidents and others, 50,000,000 people.
Over Mind is a a low-cost technology/system developed in Chile, designed to give mobility to 1% of the world population, increasing its available physical capacities allowing people with zero or reduced mobility to MOVE and carry out activities on their own, granting freedom and autonomy.
The year 2016 Over Mind participated in the contest ""An idea to change history"", organized by History Channel together with 5,800 projects and it was the only Chilean project that finished among the four finalists."

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 12:30-12:59


Bitsquatting: Passive DNS Hijacking

Ed Miles, Security Researcher at DiDi Labs

The Domain Name System is one of the foundational technologies that allow the internet to function, but unfortunately, DNS is surprisingly brittle to certain issues, such as bitsquatting.

Lookups to names that are a "bitflip" away from well-known sites (like 'amczon.com' instead of 'amazon.com' since 'c' and 'a have a single bit difference) can be caused by memory failing due to defect or overheating situations, rogue cosmic rays, or even (allegedly) radiation caused by nuclear reactions.

I was curious how realistic the last case really was - can we 'detect' active nuclear tests based solely on bitsquatting data? To find out, I revisited bitsquatting. First I'll briefly introduce the key concepts required for understanding bitsquatting (including ASCII, DNS and HTTP, Internet infrastructure, and memory error scenarios). I'll show the tools and techniques used to identify and register over 30 newly identified bitsquat domains, monitor DNS and HTTP requests, and process, enrich, and investigate the data. Finally, I will discuss any observations gathered from the data, with a focus on regional trends, specific devices, and current events - and try and see if I could prove any correlation.

In the end, attendees should leave with knowledge of the prevalence of bitsquatting and how it has evolved since the phrase was coined 8 years ago, as well as a few techniques for analyzing bitsquatting data and drawing some interesting conclusions.

Ed Miles (Twitter: @criznash) is a researcher at DiDi Chuxing's California-based DiDi Labs. Working in technology professionally since 2001, and as a hobbyist since 1991, Ed has been focused on forensics, incident response, malware analysis, reverse engineering, and detection since 2010.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Carson City Rm - Saturday - 20:30-26:30


Title:
BlanketFortCon

Check your ego at the door, grab some building materials and join in the celebration of the creativity and originality that is the pillow fort! A host of DJs will be spinning from a pirate ship as you share and create your own unique environment. All aboard!
More Info: BlanketFortCon.com

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 15:30-15:55


Ryan Holeman

Bio

Ryan Holeman resides in Austin Texas where he works as the Global Head of Security Intelligence for Atlassian's Security team. He is also an advisor for the endpoint security software company Ziften Technologies. He received a Masters of Science in Software Engineering from Kent State University. His graduate research and masters thesis focused on C++ template metaprograming. He has spoken at many respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. He has also published papers though venues such as ICSM and ICPC . You can keep up with his current activity, open source contributions and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.

@hackgnar

BLE CTF

Abstract

The purpose of BLE CTF (https://github.com/hackgnar/ble_ctf) is to teach the core concepts of Bluetooth low energy client and server interactions. While it has also been built to be fun, it was built with the intent to teach and reinforce core concepts that are needed to plunge into the world of Bluetooth hacking. After completing this CTF, you should have everything you need to start fiddling with any BLE GATT device you can find.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


BLEMystique—Affordable custom BLE target

Saturday 08/11/18 from 1200-1350 at Table Five
Attack and Defence

Nishant Sharma

Jeswin Mathai

BLEMystique is an ESP32 based custom BLE target which can be configured by the user to behave like one of the multiple BLE devices. BLEMystique allows a pentester to play with the BLE side of different kind of smart devices with a single piece of affordable ESP32 chip. BLEMystique contains multiple device profiles, for example, Smart Lock, Smart health band, Smart bulb, Heart rate monitor, Smart Bottle and more.

The BLEMystique code and manuals will be released to general public. So, apart from using the pre-configured devices, the users can also add support for devices for their choice and use their ESP32 board for target practice. In this manner, this tool can improve the overall experience of learning BLE pentesting.

Nishant Sharma
Nishant Sharma is a Technical Manager at Pentester Academy and Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX, WiMini and course/training content. He has presented/published his work at Blackhat Arsenal, Wireless Village, IoT village and Demo labs (DEFCON). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the WIPS solution. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, forensics and cryptography.

Jeswin Mathai
Jeswin Mathai is a Researcher at Pentester Academy. He has a Bachelor degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. He was also the part of team Pied Piper who won Smart India Hackathon 2017, a national level competition organized by GoI. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security and Web Application Security.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 13:30-14:15


Title: Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism

Speaker: Mr. Br!ml3y
Abstract:
Editing genes is getting easier as knowledge of various genomes and technology advance. Malicious actors creating novel or custom infectious agents are a growing concern. This presentation explores use of Cyber Kill Chain methodology
to detect and disrupt potential bioterrorist activities. Each link in the chain is defined and examined to identify potential attack indicators and countermeasures, discussing notable bottlenecks in each step. The goal is to
apply existing information security knowledge and paradigms to counter the would-be bioterrorist. This talk will include brief discussions of current gene editing methods (CRISPR-CAS9, ZINCFINGER) for the lay person. Familiarity with the Cyber Kill Chain would be useful.

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 18:00-18:55


Blue_Sonar

Abstract

BlueTooth is everywhere, it is in all of our pockets and the only protection most use is not being in discoverable mode. This will be a talk on enumeration, tracking non-discoverable Bluetooth devices, as well as an operators perspective on some awesome use cases for Blue_Sonar. Of course it is already in Pentoo. This talk is imperative for those in the WCTF, because you will need this tool to find many of the BlueTooth foxes.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 15:00-15:45


Booby Trapping Boxes

Saturday at 15:00 in Track 3
45 minutes | Demo, Tool

Ladar Levison Founder, Lavabit LLC

hon1nbo Proprietor, Hacking & Coffee LLC

Ever worry about the hardware you leave behind? In a world where servers are co-located, and notebooks get left in hotel rooms, the ability to resist tampering, and if necessary actively respond to attack, has become increasingly important. And of course everybody knows the best booby traps are the ones you don't know are there. This talk will prepare you for life in 1984, where the maids are evil, and step brothers can't be trusted. Whether your running servers as a high value target, or simply want to protect your Monero private key, this talk will show you to achieve FIPS 140-2 level 4 security, without the FIPS 140-2 level 4 price tag. Specifically, we'll cover acquisition considerations, physical hardening, firmware mitigation, tamper detection and more.

Ladar Levison
Ladar Levison serves as the founder, president, and chief executive of Lavabit, where he has worked the past 14 years. Founded in 2004 (and originally called Nerdshack), Lavabit was created because Mr. Levison believes that privacy is a fundamental, necessary right for a functioning, free and fair democratic society. Presently, Mr. Levison is focused on Lavabit's Dark Mail Initiative, which aims to make end-to-end email encryption automatic and ubiquitous, while continuing to vigorously advocate for the privacy and free speech rights of all. Mr. Levison’s involvement in the internet can be traced to the early days of the world wide web, when he built his first website, in the early nineties for the fledgling Mosiac web browser (from the National Center for Supercomputing Applications).

Prior, Mr. Levison operated a dialup bulletin board service, and worked as a computer technician assembling custom computer systems. With more than 10 years of experience as an independent consultant, Mr. Levison has brought to bear his skills as a project manager, business analyst, systems engineer, software developer, database administrator, systems administrator, and information security specialist.

Mr. Levison’s career has involved working with several dozen multinational companies in the financial, consumer electronics, and retail sectors. The websites Mr. Levison built have drawn millions of visitors, and the software he's written has touched, albeit behind the scenes, the lives of millions more. Over the years, Mr. Levison has written and published numerous technical specifications and authored several editorial pieces. Mr. Levison frequently speaks at a variety of conferences, has appeared as an expert on numerous network television shows, and appeared in several documentaries; including the Oscar winning film, /Citizenfour/.

Mr. Levison has also been involved with several popular free open source software projects. Mr. Levison holds fifteen certifications, with the vast majority from Microsoft and International Business Machines. Mr. Levison received his Bachelor of Arts and Bachelor of Science degrees from Southern Methodist University, where he studied finance, English, political science and computer science. Additionally, Mr. Levison spent a year studying international relations at Georgetown University. A native of San Francisco, California, he currently resides in Dallas, Texas where he lives with his best friend, and principal cheerleader, Princess, the Italian Greyhound he rescued in 2010.

Twitter: @kingladar
Facebook: kingladar
Website: https://lavabit.com

hon1nbo
Hon1nbo is a hacker who tinkers for fun and to satisfy the basic human need to light things on fire. Hon1nbo allegedly has a job, where they get paid to take selfies in other people’s secure vaults in the middle of the night. We don’t know if this job is real, or merely a cover story. This possible delusion has taken them around the world entering into some of the largest organizations in both people size and technical expanse, using every possible entry method at their disposal. No domain left without an admin, no email left without a phish, and every office a wolf tail hiding in the air vents.

In addition to their night job, Hon1nbo runs Hacking & Coffee, a small hosting firm in Texas, where excess network capacity abounds, to perform security research and mirror F/OSS repositories. They also provide infrastructure support to a variety community projects, small businesses, and student groups.

A wild Hon1nbo can be spotted at DEF CON, its natural habitat, and identified via their purple tail, ears, and getting into shenanigans.

Twitter: @hon1nbo
Facebook: hon1nbo
Website: https://hackingand.coffee
Species: Wolf-Dog
Pronouns: them/their/schlee/generalisimo whatever be consistent


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


boofuzz

Saturday 08/11/18 from 1600-1750 at Table Five
Vulnerability Analysis, AppSec, Offense.

Joshua Pereyda

boofuzz is an open source network protocol fuzzing framework, competing with closed source commercial products like Defensics and Peach.

Inheriting from the open source tools Spike and Sulley, boofuzz improves on a long line of block-based fuzzing frameworks.

The framework allows hackers to specify protocol formats, and boofuzz does the heavy lifting of generating mutations specific to the format. boofuzz makes developing protocol-specific "smart" fuzzers relatively easy. Make no mistake, designing a smart network protocol fuzzer is no trivial task, but boofuzz provides a solid foundation for producing quality fuzzers.

Written in Python, boofuzz builds on its predecessor, Sulley, with key features including:

https://github.com/jtpereyda/boofuzz

Joshua Pereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. He currently hunts vulnerabilities full time. Among his passions are hacking, teaching kids to program, listening to upper-crust orchestral performances with his wife, and figuring out how he can get paid to do it all... legally.


Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 12:00-12:59


Title:
Book Signing - Craig Smith - The Car Hacker's Handbook

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 14:30-15:59


Title:
Book Signing - Elissa Shevinsky - Lean Out

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 14:30-15:59


Title:
Book Signing - Georgia Weidman - Penetration Testing

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Saturday - 13:00-13:59


Title:
Book Signing - Nick Cano - Game Hacking

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 14:30-15:59


Title:
Book Signing - Tarah Wheeler, with Keren Elazari - Women in Tech

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 13:00-14:30


Title:
Book Signing - Travis Goodspeed - PoC || GTFO

Travis Goodspeed
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 14:30-15:59


Title:
Book Signing - Violet Blue - The Smart Girls's Guide to Privacy

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Meetup - HHV - Caesars Pool Level - Forum 17-19 - Sunday - 10:30-10:59


Title:
Breakfast at Defcon

Sunday's cure for the @defcon hangover is our annual #BreakfastAtDefcon. Join @Hackaday and @Tindie in the Hardware Hacking Village on Sunday at 10:30!
More Info: https://hackaday.com/2018/08/08/sunday-breakfast-at-def-con-2/

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 11:00-11:45


Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more.

Sunday at 11:00 in Track 1
45 minutes | Demo, Exploit

Josep Pi Rodriguez Senior security consultant, IOActive

Extreme network's embedded WingOS (Originally created by Motorola) is an operating system used in several wireless devices such as access points and controllers. This OS is being used in Motorola devices, Zebra devices and Extreme network's devices. This research started focusing in an access point widely used in many Aircrafts by several worldwide airlines but ended up in something bigger in terms of devices affected as this embedded operating system is not only used in AP's for Aircrafts but also in Healthcare, Government, Transportation, Smart cities, small to big enterprises... and more.

Based on public information, we will see how vulnerable devices are actively used (outdoors) in big cities around the world. But also in Universities, Hotels,Casinos, Big companies, Mines, Hospitals and provides the Wi-Fi access for places such as the New york City Subway.

In this presentation we will show with technical details how several critical vulnerabilities were found in this embedded OS. First we will introduce some internals and details about the OS and then we will show the techniques used to reverse engineering the mipsN32 ABI code for the Cavium Octeon processor. It will be discussed how some code was emulated to detect how a dynamic password is generated with a cryptographic algorithm for a root shell backdoor. Besides, it will be shown how some protocols used by some services were reverse engineered to find unauthenticated heap and stack overflow vulnerabilities that could be exploitable trough Wireless or Ethernet connection.

This OS also uses a proprietary layer 2/3 protocol called MiNT. This protocol is used for communication between WingOS devices through VLAN or IP. This protocol was also reverse engineered and remote heap/stack overflow vulnerabilities were found on services using this protocol and will be shown. As a live demonstration, 2 devices will be used to exploit a remote stack overflow chaining several vulnerabilities as the attacker could do inside an aircraft (or other scenarios) through the Wi-Fi. As there are not public shellcodes for mipsN32 ABI, the particularities of creating a Shellcode for mipsN32 ABI will be also discussed.

Josep Pi Rodriguez
Josep Pi Rodriguez is experienced in network penetration and web application testing, reverse engineering, industrial control systems, transportation, RF, embedded systems, vulnerability research, exploit development, and malware analysis. As a senior consultant at IOActive, Mr. Rodriguez performs penetration testing, identifies system vulnerabilities and researches cutting-edge technologies. Mr. Rodriguez has performed security services and penetration tests for numerous global organizations and a wide range of financial, technical, and educational institutions. He has presented at international conferences including Immunity infiltrate, Hack in paris and Japan CCDS iot conference.


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 15:00-15:30


Breaking In: Building a home lab without having to rob a bank

Bryan Austin

Abstract

Building a home lab is critical to making you as a hacker better, but between space, hardware costs and learning it can quickly become an expensive habit. This talk will aim to show you some of the low cost options to learning the skills of the trade, and a bit of the mindset you need to finish that project.

Bio

Bryan Austin is an information security researcher with a background in electronics, threat analysis, social engineering, working with at-risk children, mentorship and research. He is also the co-founder of Through the Hacking Glass, a free mentorship community partnered with Peerlyst. By day, he secures people and organizations against scammers and hackers but by night he works with children with behavioral issues and a variety of other challenges. When not crusading against internet evil doers, he enjoys hiking, Taekwondo, and hacking with his beautiful wife and 3 amazing children.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 12:00-12:45


Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!

Friday at 12 in Track 2
45 minutes | Demo, Tool, Exploit

Orange Tsai Security Researcher from DEVCORE

We propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many implicit properties and edge cases. This complication, being under-estimated or ignored by developers for a long time, has made our proposed attack vector possible, lethal, and general. Therefore, many 0days have been discovered via this approach in popular web frameworks written in trending programming languages, including Python, Ruby, Java, and JavaScript.

Being a very fundamental problem that exists in path normalization logic, sophisticated web frameworks can also suffer. For example, we've found various 0days on Java Spring Framework, Ruby on Rails, Next.js, and Python aiohttp, just to name a few. This general technique can also adapt to multi-layered web architecture, such as using Nginx or Apache as a proxy for Tomcat. In that case, reverse proxy protections can be bypassed. To make things worse, we're able to chain path normalization bugs to bypass authentication and achieve RCE in real world Bug Bounty Programs. Several scenarios will be demonstrated to illustrate how path normalization can be exploited to achieve sensitive information disclosure, SMB-Relay and RCE.

Understanding the basics of this technique, the audience won't be surprised to know that more than 10 vulnerabilities have been found in sophisticated frameworks and multi-layered web architectures aforementioned via this technique.

Orange Tsai
Cheng-Da Tsai, also as known as Orange Tsai, is member of DEVCORE and CHROOT from Taiwan. He has spoken at conferences such as Black Hat USA, Black Hat ASIA, DEF CON, HITCON, HITB, CODEBLUE and WooYun. He participates in numerous Capture-the-Flags (CTF), and won 2nd place in DEF CON 22/25 as team member of HITCON.

Currently, he is focusing on vulnerability research and web application security. Orange enjoys finding vulnerabilities and participating in Bug Bounty Programs. He is enthusiastic about Remote Code Execution (RCE), and uncovered RCEs in several vendors, such as Facebook, Uber, Apple, GitHub, Amazon, Yahoo and Imgur.

@orange_8361, Blog: http://blog.orange.tw/


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Sunday - 12:00-12:45


Breaking Smart Speakers: We are Listening to You.

Sunday at 12:00 in 101 Track, Flamingo
45 minutes | Demo, Exploit

Wu HuiYu Security Researcher At Tencent Blade Team

Qian Wenxiang Security Researcher At Tencent Blade Team

In the past two years, smart speakers have become the most popular IoT device, Amazon_ Google and Apple have introduced their own smart speaker products. Most of these smart speakers have natural language recognition, chat, music playback, IoT device control, shopping, and so on. Manufacturers use artificial intelligence technology to make smart speakers have similar human capabilities in the chat conversation. However, with the smart speakers coming into more and more homes, and the function is becoming more powerful, its security has been questioned by many people. People are worried that smart speakers will be hacked to leak their privacy, and our research proves that this concern is very necessary.

In this talk, we will present how to use multiple vulnerabilities to achieve remote attack some of the most popular smart speakers. Our final attack effects include silent listening, control speaker speaking content and other demonstrations. And we're also going to talk about how to extract firmware from BGA packages Flash chips such as EMMC, EMCP, NAND Flash, etc. In addition, it contains how to turn on debug interfaces and get root privileges by modifying firmware content and Re-soldering Flash chips, which can be of great help for subsequent vulnerability analysis and debugging. Finally, we will play several demo videos to demonstrate how we can remotely access some Smart Speaker Root permissions and use smart speakers for eavesdropping and playing voice.

Wu HuiYu
Wu HuiYu is a security researcher at Tencent Blade Team of Tencent Security Platform Department. Now his job is mainly focus on IoT security research and mobile security research. He is also a bug hunter, winner of GeekPwn 2015, and speaker of HITB 2018 AMS & POC2017.

Qian Wenxiang
Qian Wenxiang is a security researcher at the Tencent Blade Team of Tencent Security Platform Department. His is focusing on security research of IoT devices. He also performed security audits for web browsers. He was on the top 100 of annual MSRC list (2016 & 2017 ). He published a book called "Whitehat Talk About Web Browser Security ".


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Livorno/Village Talks Rm - Thursday - 16:00-16:59


Title:
BruCamp

A play within a play, this Meetup is for conference organizers to come together and share their best ideas, tips and methods of running their cons in a social environment. The goal is to help improve teh conference experiences for all and to help take away some of the headaches in running a con. A great gathering for con organization veterans as well as anyone looking to start their own con.

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 12:00-12:25


stev0

Bio

Ops guy and security hobbyist

@_stevo
piClicker Github

BSSI [Brain Signal Strength Indicator] - finding foxes with acoustic help (piClicker)

Abstract

Present, and (hopefully) Demo using a raspberry pi to detect wifi signal strength via audio click frequency.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 12:10-12:55


Bug Bounty Hunting on Steroids - Anshuman Bhartiya and Glenn ‘devalias’ Grant

Bug bounty programs are a hot topic these days. More and more companies are realizing the benefits of running a program, and researchers are jumping at the opportunity to grab some swag and make some extra cash from the bugs they find. Reporting security issues has never been as easy, open, and risk-free as it is right now. Everybody wins!

Though that doesn’t mean we should stop there. As researchers, we spend a lot of time doing the same menial tasks for each program: monitoring for new targets, checking for common issues, remembering just which flags you needed to pass to that tool (or even which tool is best for that job). We build new tools, hack together shell scripts, and generally make small incremental changes to our process. But surely there’s a better approach?

Are you sick of repeating the same tedious tasks over and over? Wouldn’t it be nice to have your own bug hunting machine? One that -

We call this approach Bug Bounty Hunting on Steroids. We will discuss our research and approach to building such a machine, sharing some of the lessons we learned along the way. x


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Saturday - 14:30-18:30


Build Your Own OpticSpy Receiver Module

Saturday, 1430-1830 in Icon A

Joe Grand Grand Idea Studio

OpticSpy is an open source hardware module for experimenting with optical data transmissions. It captures, amplifies, and converts an optical signal from a visible or infrared light source into a digital form that can be analyzed or decoded with a computer. With OpticSpy, electronics hobbyists and hardware hackers can search for covert channels, which intentionally exfiltrate data in a way undetectable to the human eye, add data transfer functionality to a project, or explore signals from remote controls and other systems that send information through light waves.

In this workshop, creator Joe Grand will present a brief history of the project and then guide you through the process of building, calibrating, and testing your own kit version of OpticSpy.

Prerequisites: None. No prior soldering experience necessary.

Materials: None

Max students: 12

Registration: -CLASS FULL- https://www.eventbrite.com/e/build-your-own-opticspy-receiver-module-icon-a-tickets-47193834028
(Opens July 8, 2018 at 15:00 PDT)

Joe Grand
Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, former DEFCON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic systems since the 1980s.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 18:30-19:15


Title: Building a Better Bedside - The Blue Team Needs a Plan B

Speaker: Nick Delewski and Saurabh Harit
Abstract:
While important changes may be afoot in the US regulatory environment for medical devices, which should hopefully allow more people to make informed decisions regarding patient safety, many CISOs, security engineers, and network admins have to live day to day in the world we have, not the world we wish for. There have been multiple presentations in the last few years about the details of medical device security that have rightly put the onus on manufacturers to provide long term fixes. However, we wonder if there are ways to create a more defensible and hardened hospital room until the notoriously slow regulatory process gains traction.We’ve done deep dives into specific medical devices and we’ve done pentests in several hospital systems. In our experience, we have noticed broad classes of common vulnerabilities across bedside equipment that transcend any one device or class of device. Input validation errors, buggy network stacks, and low-bandwidth links can be found in systems that monitor vitals, administer medications, or in components that glue disparate systems together. A long awaited patch may fix one vulnerability only for the hospital to bring in a different device for clinical or financial reasons, and wash-rinse-repeat. It’s not enough for one or two manufacturers to step up the security game if they are feeding data into other unreliable systems, and it will be a while before everyone is at the same level. We are dedicated red teamers, and we may feel the pain of those in the blue team trying to do the right thing, but we don’t know what it’s like to live in your shoes. In this talk, we will explain, in broad terms, vulnerabilities that we have seen and how we recommend remediating them. But we don’t want you to leave this session feeling that we are talking down to the defenders. We want you to have a seat at the table and share how you handle the unknown in your environment.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 13:30-14:00


Title:
Building a Cryptographic Backdoor in OpenSSL

1:30pm

Building a Cryptographic Backdoor in OpenSSL
When
Sat, August 11, 1:30pm 2:00pm
Description
Speakers
-------
Lei Shi
Allen Cai

Abstract
--------
Unlike common examples of a backdoor, cryptographic backdoors are the field of surreptitiosly weakening cryptographic systems such as deliberately inserting vulnerabilities to a pseudorandom number gen-erator to make cryptanalysis easier. OpenSSL as become since many years ago, the defacto library/tool for implementing cryptographic protocols into our applications and secure them. In this talk, we will try to modify the code of OpenSSL to bulid a new method of cryptographic backdoor, and then the attacker can easy decrypt the encryption data by RSA or ECC.

Bio
-----------------
Lei Shi is a security researcher of 360-CERT, mainly focus on cryptography security and vulnerability discovery. He has discovered 100+ bugs and gained 20+ CVEs(E.g: SSL Death Alert) from OpenSSL, OpenSSH, VMware. He obsesses with math and computer security, and currently is working on Windows Search protocol security, Linux kernel security and development of vulnerability discovery tools. He has made talks at BlueHat2017, SysCAN.

Twitter handle of presenter(s)
------------------------------
cyg0x7

Website of presenter(s) or content
----------------------------------
https://cert.360.cn

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 14:00-14:30


Building A Teaching SOC

Andrew Johnson, Information Security Officer at Carnegie Mellon University

Effective security monitoring is an ongoing process. How do you get everyone participating? How do you on-board junior colleagues to continuous improvement? The purpose of this presentation is to show methods for encouraging participation from all members of the security monitoring team as well as tactics for communicating effective with the organization.

Andrew Johnson (Twitter: @pierogipowered) is implementing a dedicated security operations team at Carnegie Mellon University. The security operations group has a dual focus on both the traditional aspect of securing the university as well as a focus on training student colleagues on the practical application of their degree. Prior to Carnegie Mellon University, Andrew was with HM Health Solutions. He had been responsible for creating a security operations platform in the heavily regulated health insurance/provider space. Andrew is a co-organizer for the BSides Pittsburgh (@bsidespgh) conference and enjoys recreational cycling and cooking when not participating in information security related activities.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - 101 Track - Saturday - 12:00-12:45


Building Absurd Christmas Light Shows

Saturday at 12:00 in 101 Track
45 minutes

Rob Joyce

Learn about the elements that go into a computerized light display and how you outfit your own house with dazzling blinking lights set to music.  Components of the show are individually explained and live demonstrations of the technology are on display.  Come get inspired to computerize your  own holiday cheer!

Rob Joyce
Rob Joyce (@RGB_Lights) has been with the Nation Security Agency (NSA) for 29 years and has led organizations doing both foreign intelligence and cybersecurity work.  He is the Senior Advisor for Cybersecurity, having recently returned from the White House as the Cybersecurity Coordinator where he worked national policy, synchronizing activity across the government and partners.  His previous assignment was leading Tailored Access Operations (TAO), the organization developing tools, techniques and capabilities to exploit computers for NSA's foreign intelligence mission.  Prior to that, he was the Deputy Director for Information Assurance, overseeing the protection of national security systems, which includes the nation's cryptographic key material, classified networks and warfighting networks.  In his spare time, Rob builds a computerized Christmas light show.  His most recent display was likely visible from the International Space Station. In addition to an infatuation with Christmas light displays, he helped a Boy Scout troop built catapults for the annual Punkin Chunkin competition until lawyers ruined it for all of us.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Thursday - 10:00-13:59


Building Autonomous AppSec Test Pipelines with the Robot Framework

Thursday, 1000-1400 in Icon E

Abhay Bhargav CTO, we45

Sharath Kumar Ramadas Senior Solutions Engineer, we45

It is common knowledge that automating security testing, especially for rapid-release applications is an essential requirement from multiple perspectives. One perspective is that of security testing in a Continuous Delivery Pipeline (as part of CI/CD) and the other is the perspective of a Penetration Tester. In a CI/CD Pipeline, one would like security tests to be triggered in an automated manner. These tests should provide information related to application vulnerabilities to engineering teams, early in the SDL (Software Development Lifecycle), preferably before these apps are deployed to production. From the perspective of the Pentester, there is the obvious shortage of time and resources. Pentesters spend a lot of time repeating standard manual processes, thereby losing out on time to perform more deep, insightful analysis of the target application to uncover serious security flaws. Targeted Automation, can be very useful for a Pentester as well.

Prerequisites: Basic Knowledge of Application Security Testing Techniques

Materials: Laptop with Virtualbox loaded - VM will be provided

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/building-autonomous-appsec-test-pipelines-with-the-robot-framework-icon-e-tickets-47086284344
(Opens July 8, 2018 at 15:00 PDT)

Abhay Bhargav
Abhay Bhargav is the CTO of we45, a focused Application Security company. Abhay is the author of two international publications. "Secure Java for Web Application Development" and "PCI Compliance: A Definitive Guide". Abhay is a builder and breaker of applications, and has authored multiple applications in Django and NodeJS. He is the Chief Architect of "Orchestron", a leading Application Vulnerability Correlation and Orchestration Framework. He is a passionate Pythonista and loves the idea of automation in security. This passion prompted him to author the world's first hands-on Security in DevOps training that has been delivered in multiple locations, and recently as a highly successful training programs at the OWASP AppSecUSA 2016, OWASP AppSec EU and USA 2017. Abhay recently delivered a workshop on SecDevOps at DEFCON 25. In addition , Abhay speaks regularly at industry events including OWASP, ISACA, Oracle OpenWorld, JavaOne, and others.

Sharath Kumar Ramadas
Sharath is a Senior Solutions Engineer at we45. As part of his role, Sharath has architected and developed multiple solutions around security engineering, including an Application Vulnerability Correlation tool called Orchestron. As part of his experience with Application Security, Sharath has developed integrations for multiple security products including DAST, SAST, SCA and Cloud environments, In addition, Sharath has extensive experience with Cloud Deployments and Container Native Deployments. As part of his role in a security organization, Sharath has led teams that have created intentionally vulnerable apps for CTF competitions both inside and outside the organization.


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 18:00-18:45


Building Drones the Hard Way

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Saturday - 14:30-18:30


Building Environmentally Responsive Implants with Gscript

Saturday, 1430-1830 in Icon C

Dan Borges

Alex Levinson Senior Security Engineer, Uber

Attendees to this workshop will experience a step by step walk through in setting up a Gscript build environment (which will include the Golang programing language as a requirement, along with the required libraries). Subsequently, attendees will obtain a basic overview of the Gscript capabilities in using conditional logic to navigate within, and deploy persistence mechanisms upon, target hosts.

Upon completion, each attendee will depart with a laptop (whichever one they brought _)containing a full Gscript build & testing environment, and at least 1 custom Gscript of their own design and purpose.

Prerequisites:
1. A general understanding of what an implant is, and how to use one.
2. Experience with Javascript
3. Experience with Metasploit and or meterpreter is a plus
4. Experience with the Golang programing language is also a plus

Materials: A laptop with an ethernet port

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/building-environmentally-responsive-implants-with-gscript-icon-c-tickets-47194616368
(Opens July 8, 2018 at 15:00 PDT)

Dan Borges
Dan Borges is an information security professional with over 15 years in computer science. Dan participates in a number of cyber security competitions each year, from being on the National CCDC Red Team, to leading a Blue Team in Pros Versus Joes, and helping run the Collegiate Penetration Testing Competition (CPTC). He has been publishing a blog on infosec education for more than 10 years.

Alex Levinson
Alex Levinson is a Senior Security Engineer at Uber with experience in red teaming, software engineering, and incident response. Outside of Uber, he is a core member of the red team for the National Collegiate Cyber Defense Competition (CCDC), as well as the Competition Director for the Collegiate Penetration Testing Competition (CPTC). Previously, Alex worked as a Senior Consultant and Development Manager at Lares Consulting.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 15:00-15:30


Building the Hacker Tracker

Thursday at 15:00 in 101 Track, Flamingo
20 minutes |

Whitney Champion Senior Systems Engineer

Seth Law Application Security Consultant, Redpoint Security

In 2012, back when DEF CON still fit in the Riviera (RIP), I recognized a gap to fill. I wanted to create a mobile version of the paper DEF CON booklet that everyone could use at the con.

I was unable to attend the conference that year. I was 8 months pregnant with my first child, and because I couldn't be there in person, I spent a lot of time wishing I was.

So I built it. I spent countless hours pouring my heart into what became the Hacker Tracker, shiny graphics and all, and was committing code up until the minute I went into labor.

Fast forward a few years: Seth was frustrated with the lack of a mobile app for iOS while attending DEF CON. Subsequently, he found the Android version of Hacker Tracker and reached out to me about creating an iOS version. I was thrilled that someone wanted to join me and help grow the project. Not long after that, I recruited Chris to work on the app as well.

Now, 6 years since its inception, a small team supports the app development across iOS and Android and the apps are being used by half a dozen different conferences, representing several thousand users.

From nothing to something, we've experienced quite a bit in 6 years. Join us as we share our moments of joy, fear, and panic,"things not to do", and more.

Whitney Champion
Whitney is a systems architect in South Carolina. She has held several roles throughout her career- security engineer, systems engineer, mobile developer, cloud architect, consulting architect, to name a few. In the last 15 years, she has worked on operations teams, support teams, development teams, and consulting teams, in both the private and public sector, supporting anywhere from a handful of users to hundreds of thousands. No matter the role, security has always been an area of passion and focus.

@shortxstack

Seth Law
Seth is an independent security consultant with Redpoint Security in Salt Lake City, where he performs security research and consulting for a various clients. He spends the majority of his time thinking up ways to exploit and secure applications, but has been known to pull out an IDE as the need arises. Over the course of his career, Seth has honed application security skills using offensive and defensive techniques, including tool development and research. He has an (un)healthy obsession with all things security related and regularly heads down the rabbit hole to research the latest vulnerability or possible exposures. Seth can regularly be found at developer meetups and security get-togethers, whether speaking or learning.

@sethlaw


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 10:00-11:59


Building visualisation platforms for OSINT data using open source solutions

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Friday - 14:30-18:30


Buzzing Smart Devices: Smart Band Hacking

Friday, 1430-1830 in Icon B

Arun Magesh IoT Security Researcher, Payatu Software Labs, LLP

With the recent advancement in connected/smart device and availability of ready-made framework for both hardware and software development. Companies want to rapidly get into smart device market. it is necessary to look at the security feature of these smart device as our digital lives are connected with these devices.

Bluetooth has been around for almost a decade and with the need of low power wireless network and interoperability. Bluetooth has been used in vast majority of the device because of its low power footprint and interoperability as most of our smartphones have Bluetooth

In this workshop, we will be learning on how to fuzz the Bluetooth LE functionality of smart devices and exploit it. In the process, we will learn about how the Bluetooth low energy protocol works and various tools involved in reversing a smart band. We will also introduce a Bluetooth fuzzing framework called as Buzz and use it to crash or find other information in the smart band.

By the end of the class, we will also touch base on the hardware level exploits like accessing the serial port, debugging port and bypass Flash Read protection to extract the firmware from the smart band and demos on the same.

Prerequisites: Knowledge of Linux OS, Basic knowledge of programming (C, python) would be a plus

Materials: Laptop with at least 50 GB free space , 8+ GB minimum RAM (4+GB for the VM), External USB access (min. 2 USB ports)
Administrative privileges on the system
Virtualization software & Latest VirtualBox (5.2.X) (including Virtualbox extension pack)
Linux host machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse).
Virtualization (Vx-t) option enabled in the BIOS settings for VirtualBox to work
Tools will be provided by the instructor and to be returned.
You can also buy the hardware yourself.
SmartBand: https://www.banggood.com/No_1-F4-Blood-Pressure-Heart-Rate-Monitor-Pedometer-IP68-Waterproof-Smart-Wristband-For-iOS-Android-p-1182728.html
Bluetooth Dongle: https://www.amazon.com/DayKit-Bluetooth-Adapter-Windows-Raspberry/dp/B01IM8YKPW/

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/buzzing-smart-devices-smart-band-hacking-icon-b-tickets-47193534131
(Opens July 8, 2018 at 15:00 PDT)

Arun Magesh
Arun Magesh works as IoT Security Researcher at Payatu Software labs and has worked on numerous smart devices pentest in the past couple of years. With an electrical engineering academic background, he serves as a core committee member for several IoT local chapters and hackerspaces in India, where he regularly delivers talks and hands-on workshops. He has 5+ years hands-on experience in both building and breaking IoT devices and has been previously awarded for India's Top 25 under 25 technologists and Intel Software Innovator. He has delivered training to numerous governmental and private organizations around the world. He is also a speaker and trainer at several conferences like nullcon18, zer0con18, RISC17, Intel Devfest and EFY17 and His main focus area in IoT is embedded device and SDR security. He has also built and contributed to a number of projects such as Brain-Computer interfacing and Augment Reality solutions.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 15:00-15:45


Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010

Friday at 15:00 in Track 1
45 minutes | Demo, Tool

Gabriel Ryan Co-Founder / Principal Security Consultant @ Digital Silence

Existing techniques for bypassing wired port security are limited to attacking 802.1x-2004, which does not provide encryption or the ability to perform authentication on a packet-by-packet basis [1][2][3][4]. The development of 802.1x-2010 mitigates these issues by using MacSEC to provide Layer 2 encryption and packet integrity check to the protocol [5]. Since MacSEC encrypts data on a hop-by-hop basis, it successfully protects against the bridge-based attacks pioneered by the likes of Steve Riley, Abb, and Alva Duckwall [5][6].

In addition to the development of 802.1x-2010, improved 802.1x support by peripheral devices such as printers also poses a challenge to attackers. Gone are the days in which bypassing 802.1x was as simple as finding a printer and spoofing address, as hardware manufacturers have gotten smarter.

In this talk, we will introduce a novel technique for bypassing 802.1x-2010 by demonstrating how MacSEC fails when weak forms of EAP are used. Additionally, we will discuss how improved 802.1x support by peripheral devices does not necessarily translate to improved port-security due to the widespread use of weak EAP. Finally, we will consider how improvements to the Linux kernel have made bridge-based techniques easier to implement and demonstrate an alternative to using packet injection for network interaction. We have packaged each of these techniques and improvements into an open source tool called Silent Bridge, which we plan on releasing at the conference.

Gabriel Ryan
Gabriel Ryan is a penetration tester and researcher with a passion for wireless and infrastructure testing. He currently serves a co-founder and principal security consultant for Digital Silence, a Denver based consulting firm that specializes in impact driven penetration testing and red team engagements.

Prior to joining Digital Silence, Gabriel worked as a penetration tester and researcher for Gotham Digital Silence, contributing heavily to their wireless security practice and regularly performing large scale infrastructure assessments and red teams for Fortune 500 companies. Some of Gabriel's most recent work includes the development of EAPHammer, an 802.11ac focused tool for breaching WPA2-EAP networks. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys producing music, exploring the outdoors, and riding motorcycles.

@s0lst1c3, https://digitalsilence.com, solstice.sh


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Friday - 10:00-13:59


Bypassing Windows Driver Signature Enforcement

Friday, 1000-1400 in Icon A

Csaba Fitzl

Microsoft does a great effort to harden the Windows kernel and limit attackers to load their custom drivers (kernel rootkits) with the introduction of Driver Signature Enforcement in Win7x64. In this 4 hour workshop we will learn the limitation of this enforcement and practice how we can bypass it. We will explore 4 different methods (from very easy to difficult) on various versions of Windows, including Windows 10. We will see how and why they work, and which malware used them in the past. First we will see how we can use leaked certificates to overcome DSE as well as how we can turn it OFF by design, and what are its limitations. Then we will use WinDBG to look into the kernel and find the various flags used to control DSE and use the HackSysExtremeVulnerableDriver to do kernel exploitation for setting those to the value we require. We will use a simple dummy driver to demonstrate unsigned driver loading.

Prerequisites: Some experience with WinDBG, assembly or kernel exploitation can be helpful, but not required. Basic Python scripting knowledge will be needed.

Materials: For the full experience students will require 2 Windows virtual machines (Windows 7 and Windows 10) (optionally Windows 8) with WinDBG, Python installed on all of them, and one of them will require Visual Studio with Driver development tools. Guide for setting up VMs will be provided prior the workshop.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/bypassing-windows-driver-signature-enforcement-icon-a-tickets-47194788884
(Opens July 8, 2018 at 15:00 PDT)

Csaba Fitzl
Csaba graduated in 2006 as a computer engineer. He worked for 6 years as a network engineer, troubleshooting and designing big Cisco networks. After that he started to work as a blue teamer, focusing on network forensics, malware analysis and kernel exploitation. Recently he joined a red team, where he spends most of his time simulating adversary techniques. He gave talks / workshops on various international IT security conferences, including Hacktivity, hack.lu, hek.si, SecurityFest and BSidesBUD. He currently holds OSWP / OSCP / OSCE / OSEE certifications. He is the author of the 'kex' kernel exploitation Python toolkit.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 13:00-13:55


wasabi

Bio

wasabi is a security researcher who loves to experiment with embedded devices, signals, and really anything electrical.

@spieceywasabi

Can you hear me now, DEF CON?

Abstract

Using cheap commodity RF hardware to act as secure or backchannel communications for security research and pen tests. Wireless communication is getting cheaper and hobby projects are integrating long range low powered communication to link devices in all sorts of unique ways. But what about in the world of information security? This talk will cover the acronym soup of current communication systems including LoRA, RFM, Satellite, ASK, and many others to identify what protocols make sense when you are trying to communicate either stealthily or in remote areas. In addition, this talk will cover how to improve reliability of wireless communication and the costs associated with making your super pen test box. Or perhaps even what evil things can be done with these and how to protect yourself. The aim for this talk is to be interactive, and allow people to share experiences.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 11:30-11:59


Capturing in Hard to Reach Places

Silas Cutler, Senior Security Researcher at CrowdStrike

It's easy for us to take for granted when tools allow us to start capturing network traffic without any real hardships. However, what happens when the data you want isn't so easy to capture. This talk will look at two cases in which environments needed to be bent in order to capture the data needed for analysis.

Silas Cutler (Twitter: @silascutler) is a Senior Security Researcher at CrowdStrike, Project Director for MalShare and DEFCON 21 Black Badge (from Capture the Packet). Endorsed on LinkedIn by [REDACTED] for "tcpdump". His prior managers have described him as "a guy" and "meeting necessary skills to perform job functions."


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 16:00-16:59


Car Infotainment Hacking Methodology and Attack Surface Scenarios

Jay Turla, Application Security Engineer at Bugcrowd

The battle for supremacy for the control of the dashboard display or infotainment systems has always been a race. Most of these systems run on Linux, Android, Windows (customized dashboards - perhaps Windows ME or CE) and Blackberry's QNX. In-Vehicle Infotainment (IVI) or In-car entertainment (ICE) Systems are indeed fun consoles where you can play media, movies, or work with your car's navigational system. But somehow it also comes with a risk of being hacked or attacked because they have also been plagued with vulnerabilities. In this talk, join Jay as he presents his own Car Hacker's Methodology in finding security bugs in order to pwn a car's infotainment system without having to do a drive by wire or CANbus hacking tools but will simply point out the common attack surfaces e.g WiFi, Bluetooth, USB Ports, etc. and some scenarios on how to exploit it just like how he popped a shell or issue an arbitrary command in his car which he tweeted in Twitter before.

Jay Turla (Twitter: @shipcod3) is an application security engineer at Bugcrowd Inc., and one of the goons of ROOTCON. He has been acknowledged and rewarded by Facebook, Adobe, Yahoo, Microsoft, Mozilla, etc. for his responsible disclosures. He has also contributed auxiliary and exploit modules to the Metasploit Framework and presented at ROOTCON, Nullcon, and TCON. He used to work for HP Fortify where he performs Vulnerability Assessment, Remediation and Advance Testing.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 12:00-12:25


Cartoons, Sketchnotes, Bullet Journals and Other Data Visualization Tricks - Raye Keslensky

“When it comes to presenting data, it’s not WHAT you present, it’s HOW you present it! Combining words with pictures has been around for ages. Picking up an understanding of sequential art and how you can use it in your day-to-day life is critical!

This talk covers a crash course of data science and visualization. Learn what parts of the information you’re supposed to keep an eye on! Make better line breaks with your text! Bring clarity to your writing! Good for software design, scrapbooking, OSINT, or keeping your shit together! “


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 14:00-14:30


Title:
CATs - A Tale of Scalable Authentication

2:00pm

CATs - A Tale of Scalable Authentication
When
Sat, August 11, 2:00pm 2:30pm
Description
Speaker
------
Yueting Lee

Abstract
--------
Crypto Auth Tokens (CATs) are used in Facebooks scalable, token-based authentication backend infrastructure. They were created to deal with an ever growing, large-scale, multi-system organization. CATs are flexible, performant, and reliable. They support authentication at scope and scale for Facebooks backend infrastructure.

Bio
-----------------
Yueting Lee is a software engineer at Facebook, building security infrastructure within Facebooks infrastructure. Yueting is originally from Hong Kong but went on to study at the Georgia Institute of Technology, where she graduated with a degree in Computer Science.

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 10:20-10:40


Chatting with your programs to find vulnerabilities

Chris Gardner

During the Cyber Grand Challenge, an automated vulnerability exploitation competition, all the teams used the same approach: use a fuzzer to find bugs, and symbolic execution to generate an exploit for any bugs found. Fuzzers are great at triggering bugs, but their effectiveness is often limited by the quality of the initial testcase corpus that is fed to them. Testcases are easy for humans to create, but hard to generate automatically. Teams used a wide variety of techniques to generate initial seeds: from using very slow symbolic execution techniques to find inputs that triggered execution paths, to just using the word “fuzz” as the seed and hoping for the best. However, many of the programs in the CGC are console programs designed to be used by humans: meaning they give a prompt in English and expect a response. For this research we trained a chatbot Recurrent Neural Network on a set of testcases generated by humans, and ran the RNN against the test set with the goal of finding testcases that had higher code coverage than random guessing and could be used with a fuzzer to find bugs.

Chris recently graduated from UMBC, where he found a passion for malware analysis and binary exploitation. In his spare time he plays CTFs and bikes his way around Washington DC.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


CHIRON

Sunday 08/12/18 from 1000-1150 at Table Three
Defense

Rod Soto

Joseph Zadeh

Home-based open source network analytics and machine learning threat detection

CHIRON is a home analytics based on ELK stack combined with Machine Learning threat detection framework AKTAION. CHIRON parses and displays data from P0f, Nmap, and BRO IDS. CHIRON is designed for home use and will give great visibility to home internet devices (IOT, Computers, Cellphones, Tablets, etc). CHIRON is integrated with AKTAION which detects exploit delivery ransomware/phishing.

https://github.com/jzadeh/chiron-elk

Rod Soto
Rod Soto. Director of Security Research at JASK.AI Founder Pacific Hackers Conference, Co-founder Hack The Valley

Joseph Zadeh
Joseph Zadeh. Director of Data science at JASK.AI Co-founder Hack the Valley


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 16:00-17:00


Title:
Cicada: What the Puzzles Can Teach Us About Cryptography and Privacy.

4:00pm

Cicada: What the Puzzles Can Teach Us About Cryptography and Privacy.
When
Fri, August 10, 4pm 5pm
Description
Speaker
------
Nox

Abstract
--------
The online cryptography challenge that's been sometimes called by the mainstream "the hardest puzzle on the internet" and "one of the greatest online mysteries" certainly earned those titles. Though mostly completed now for some years, there's a number of valuable things to be learned from how they handled and presented cryptography for both the well-versed as well as the uninitiated. A staggering number of individuals found themselves trying to study cryptography for the first time because of the pull the puzzles had on anyone who came across them, and somehow despite a massive online undertaking to find the creators, the question of their identity remains unanswered now 6 years later. The strategies and the attitudes used in the creation of these challenges could teach us all something about how we approach cryptography teaching and study, as well as how modern approaches to privacy actually fare against interested threats.

Bio
-----------------
I've long had a love for online cryptography challenges and puzzles, even before being one of a small number to finish the 2013 Cicada puzzle. I run a series on YouTube explaining puzzle steps and solutions, as well as tutorials on the skills required to approach these problems for people that want to learn. I'm also a Canadian, a Computing Science student, and an obsessive fan of online privacy and the tools that allow for it.

Twitter handle of presenter(s)
------------------------------
@NoxPopuli3301

Website of presenter(s) or content
----------------------------------
youtube.com/c/noxpopuli

Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 12:45-12:59


Closing Note

No description available


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 10:30-11:30


Title:
Cloud Encryption: How to not suck at securing your encryption keys

10:30am

Cloud Encryption: How to not suck at securing your encryption keys
When
Sat, August 11, 10:30am 11:30am
Description
Speaker
------
Marie Fromm

Abstract
--------
Common Cloud Data Encryption patterns are not preventing data breaches because many are doing encryption key management wrong. There is a tendency to apply "compliance checkbox" encryption, which does nothing to protect data against common threats. In many cases, it's like buying a strong FIPS140-2 certified deadbolt but leaving the key in the door.

We'll roll up our sleeves and take a deep dive at the problem and explore practical, actionable ways a security practitioner can get better control of encryption keys used in cloud solutions. Finally, we'll discuss new ways of detecting when Bad Things are happening, and ways of using cloud automation to stop the bleeding.


Bio
-----------------
Marie leads a Cryptography team in a large global company, helping to design encryption solutions for I.T. as well as specialized cryptographic designs used in products and systems. Marie is passionate about both coffee and computer security and has 20 years experience in a variety of Infosec roles. Marie is a happy #RealLiveTransAdult

Twitter handle of presenter(s)
------------------------------
@msfromm

Website of presenter(s) or content
----------------------------------
http://www.mariefromm.com

Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 10:40-11:30


Cloud Security Myths

Friday at 10:40-11:30
50 minutes

Xavier Ashe@XavierAshe

Cloud Security is a magical world of as-a-service miracles. Just spin up your intrusion-detection- as-a-service, SOC-as-a-service, incident-response-as-a-service, and start feeding it security- intelligence-as-a-service. Come hear from this CISO-as-a-service unwrap the onion of cloud access security brokers (CASB), cloud workload protection platforms (CWPP), microsegmentation, cloud security posture management (CSPM), software-defined perimeters (SDP), and bunch of other cloud related topics. What do they do? Do they really work? What do you with all those security appliances you’ve accumulated?

Xavier Ashe
Xavier Ashe is a Georgia Institute of Technology alumnus and has 25 years of hands-on experience in information security. Working for various security vendors and consulting firms for the last 15 years, including IBM, Gartner, and Carbon Black, Xavier has been focused on helping secure companies of all sizes. Xavier was the first hire at the startup Drawbridge Networks, where he was instrumental in bringing the first microsegmentation solution for servers and workstations to market. Xavier served on the IBM Security Architecture Board and published several papers. Mr. Ashe holds many industry certifications, including CISM, CISSP, ITIL, SOA, and others. Xavier is currently running Xavier Enterprises, an information security consulting firm.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 12:00-12:59


Title:
Cloud Security Myths

Xavier Ashe
@xavierashe

Cloud Security Myths

Cloud Security is a magical world of as-a-service miracles. Just spin up your intrusion-detection-as-a-service, SOC-as-a-service, incident-response-as-a-service, and start feeding it security-intelligence-as-a-service. Come hear from this CISO-as-a-service unwrap the onion of cloud access security brokers (CASB), cloud workload protection platforms (CWPP), microsegmentation, cloud security posture management (CPSM), and software-defined perimeters (SDP). What do they do? Do they really work? What do you with all those security appliances youve accumulated?


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit

Saturday 08/11/18 from 1200-1350 at Table Two
Defense, Cloud professionals

Jayesh Singh Chauhan

Nowadays, cloud infrastructure is pretty much the de-facto service used by large/small companies. Most of the organisations have partially or entirely moved to cloud. With more and more companies moving to cloud, the security of cloud becomes a major concern. While AWS, GCP & Azure provide you protection with traditional security methodologies and have a neat structure for authorisation/configuration, their security is as robust as the person in-charge of creating/assigning these configuration policies. We all know, human error is inevitable and any such human mistake could lead to catastrophic damage to the environment.

Knowing this, audit of cloud infrastructure becomes a hectic task! There are a few open source tools which help in cloud auditing but none of them have an exhaustive checklist. Also, collecting, setting up all the tools and looking at different result sets is a painful task. Moreover, while maintaining big infrastructures, system audit of server instances is a major task as well.

CS Suite is a one stop tool for auditing the security posture of the AWS/GCP/Azure infrastructures and does OS audits as well. CS Suite leverages current open source tools capabilities and has custom checks added into one tool to rule them all.

https://github.com/SecurityFTW/cs-suite

Jayesh Singh Chauhan
Jayesh Singh Chauhan is a security professional with 7 years of experience in the security space. In past, he has been part of security teams of PayPal, PwC and currently works as the senior security engineer for Sprinklr. He has authored CS-Suite, OWASP Skanda, RFID_Cloner and CSRF PoC generator and has presented in BlackHat Asia, BlackHat EU, hackmiami, c0c0n, GES and Ground Zero Summit. He is the project leader for OWASP Skanda and leads the NULL Bangalore chapter.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo, Rm # after registration - Saturday - 20:00-23:59


Title:
Cobalt DEF CON Party 2018

Another year, another DEF CON Party. Start your night at the Flamingo Hotel with the Cobalt team. Join us for a night of drinks, music, and good company.

Drinks + Music + Snacks provided
Meet the Cobalt Team and the Cobalt Core
Network with others in the security space
Bring your InfoSec peers

Register: https://event.cobalt.io/def-con-party-2018

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 11:00-11:45


Compression Oracle Attacks on VPN Networks

Saturday at 11:00 in Track 2
45 minutes | Demo, Tool

Nafeez Security Researcher

Security researchers have done a good amount of practical attacks in the past using chosen plain-text attacks on compressed traffic to steal sensitive data. In spite of how popular CRIME and BREACH were, little was talked about how this class of attacks was relevant to VPN networks. Compression oracle attacks are not limited to just TLS protected data. In this talk, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. We also show a case study with a well-known VPN server and their plethora of clients. We then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward rather than claiming 'Thou shall not compress traffic at all.' One of the things that we would like to showcase is how impedance mismatches in these different layers of technologies affect security and how they don't play well together.

Nafeez
Ahamed Nafeez has a varied offensive security background with some emphasis on browsers, web services, and cryptography. He believes defending is much harder than attacking most of the time and appreciates the variables and challenges defenders have. These days he is interested in writing secure frameworks, automating attacks and more or less trying to learn to write good code.

He has spoken at a few security conferences in the past around web apps, browsers and security analysis of javascript. He tweets at @skeptic_fx and builds his side project assetwatch.io in free time, an automated asset discovery/monitoring service.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 13:00-13:30


Compromising online accounts by cracking voicemail systems

Friday at 13:00 in Track 1
20 minutes | Demo, Audience Participation, Tool

Martin Vigo Hacker

Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these?

In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the broader impact of gaining unauthorized access to voicemail systems today and introduce a new tool that automates the process.

Martin Vigo
Martin Vigo is a Lead Product Security Engineer and Researcher responsible for Mobile security, Identity and Authentication. He helps design secure systems and applications, conducts security reviews, penetration testing and generally helps keep "the cloud" secure. Martin is also involved in educating developers on security essentials and best practices.

Martin has presented several topics including breaking password managers, exploiting Apple's Facetime to create a spy program and mobile app development best practices. These were given at conferences such as Blackhat EU, Ekoparty, Kaspersky Security Analyst Summit and Shakacon.

Outside the office, Martin enjoys research, bug bounties, gin tonics and scuba diving.

@martin_vigo


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


Conformer

Sunday 08/12/18 from 1000-1150 at Table Six
Offense, AppSec

Mikhail Burshteyn

Conformer is a penetration testing tool, mostly used for external assessments to perform password based attacks against common webforms. Conformer was created from a need for password guessing against new web forms, without having to do prior burp work each time, and wanting to automate such attacks. Conformer is modular with many different parameters and options that can be customized to make for a powerful attack. Conformer has been used in countless assessments to obtain valid user credentials for accessing the internal environment through VPN, other internal resources or data to further the assessment.

https://github.com/mikhbur/conformer

Mikhail Burshteyn
Mikhail Burshteyn is a security consultant at CDW, performing Penetration Tests. Mikhail currently performs External, Internal, Wireless, and Social Engineering assessments, testing the capabilities for wide range of clients and industries. He is interested in research in various security topics, including Networking, Web Apps, and Active Directory.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Sunday - 10:45-10:59


Title: Contest winners, prizes, showcase and awards

Speakers: Michael Schloh

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 12:00-12:30


Title: Contests, Challenges, and free giveaways

Speakers: MSvB and midipoet

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 15:10-15:50


Core OSINT: Keeping Track of and Reporting All the Things - Micah Hoffman

“Your client gives you their requirement, ““find the social media accounts of the target person and any friends they may have””. Simple enough. You execute your Standard Operating Procedures (you DO have a SOP, right?) and begin running tools, using your sock puppets, scraping web sites, and finding a ton of data. You’ve got CSVs, text output, images, URLs….OH MY! How do you keep track of all this data and, more importantly, how do you ensure that you can report on it and have covered all the pivot points for the OSINT investigation?

As OSINTers, pentesters, defenders, PIs, and others, we can easily get swamped in data. Join me as we look at some bad, some good, and some amazing methods of keeping your investigation on track.”


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 13:00-13:45


Title:
Cruising the Cannabis Highway: Major Breaches in Cannabis Software

The context & implications of several breaches in 2017
Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Friday - 10:00-13:59


Crypto Hero

Friday, 1000-1400 in Icon F

Sam Bowne Instructor, City College San Francisco

Dylan James Smith

Elizabeth Biddlecome Security Consultant

Protect data with strong cryptography (AES, RSA, SHA) and attack these systems (Existential Forgery, Padding Oracle, and more). Apply these techniques to blockchains including Bitcoin, Ethereum, and Multichain.

This is a hands-on workshop with a series of CTF-style challenges, beginning with simple data conversions and extending to advanced methods appropriate for experts. We will briefly explain and demonstrate the techniques, and trainers will help participants individually with the challenges.

Prerequisites: Prior experience with cryptography is helpful but not required.

Materials: A laptop capable of running VMware virtual machines

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/crypto-hero-icon-f-tickets-47194055691
(Opens July 8, 2018 at 15:00 PDT)

Sam Bowne
Sam Bowne is an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is like, really smart.

Dylan James Smith
Dylan James Smith has assisted Sam Bowne with classes as a tutor and TA and at hands-on workshops at DEF CON, RSA, B-Sides LV and other conferences. He has worked in and around the computer support and network administration industries since adolescence. Now he's old(er.) Currently tearing things apart and putting them back together and seeking opportunities to practice and teach "the cybers".

Elizabeth Biddlecome
Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 12:00-13:30


Title:
Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications

12:00pm

Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications
When
Fri, August 10, 12:00pm 1:30pm
Description
Speaker
------
Tess Schrodinger

Abstract
--------
What's the difference between a code and a cipher? What is the earliest known use of cryptography? Are there any codes that have never been solved? Whether you are new to the subject or a seasoned pro, this talk will have something for you. We will journey from the beginnings of secret writing to the future of secure communications in a post quantum world.

Bio
-----------------
Zero Point Field Operative and Cyber Shaman

Twitter handle of presenter(s)
------------------------------
@TessSchrodinger

Website of presenter(s) or content
----------------------------------
https://www.patreon.com/TessSchrodinger

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Location printed on badges - Friday - 19:00-23:59


Title:
Cubcon 2018

Welcome to Cubcon 2018

A one night event celebrating newcomers to DEFCON and the industry.
Creating a space where veterans and newcomers alike can meet, talk, and form personal and professional support networks.

Caesar's Palace
Friday August 10, 2018 at 7 pm

Exact location will be printed on our badges, which we will be handing out in person at DEFCON.
For more information, please reach out to us at @_cubcon.

More Info: https://cubcon.party/

Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 14:00-14:30


Title:
Current Policy Responses to Election Security Concerns

No description available
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 18:30-18:59


Title: Custodial Responsibilities in the Connected Age: Digital Specimens and Social Contracts

Speaker: Andy Coravos
@andreacoravos
Abstract:
"Healthcare is enamored with data. We have more data than we know what to do with (e.g., constant flows of data from wearables, new and cheaper ways to sequence genomes, digital phenotypes expressed through social media interactions) and there is a rush to deploy this data in clinical research and care. As we combine this “data”, we start to build a digital replica of each human. Our healthcare data carries new weight, new responsibilities. The rise in data means that we are gaining a greater body of knowledge as we assemble a digital representation of a person. We are getting closer to full understanding of someone’s biology, brain structure, how and why they think and do what they do. We are entering into a world where precision medicine and “N of 1” studies is (finally) becoming possible. On the flipside, we are also entering into a period of unprecedented monitoring and surveillance. As a society, we have standards for how we handle human blood, tissue and other human specimens. It’s now time for us to talk more about how we are to handle our digital specimens. In the talk, we’ll discuss the proliferation of our biometric and psychographic data, use cases, and the new ethical and custodial responsibilities that arise for individuals, regulators and companies."

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Saturday - 10:00-11:59


Title:
D(Struction)20 CTF

Part CTF, part lemon race, part game show, part demolition derby, the D(struction)20 CTF is a contest best played with a low-cost, usable, rugged, and powerful hacking platform! Bring your "indestructible" phones, your single-board computers with welded cases, or just take that old clunker gathering dust in the closet and put it to good (and possibly hilarious) use! Periodically during the competition, a random contestant from the leaderboard will roll the d20 of Destruction to decide what will happen to their rig. If they're very lucky, they roll a natural 20 and no damage will be inflicted! Otherwise, the d20 of Destruction will decide what type of damage will be done to their rig, be it physical impact, intense vibration, or something else! If the rig survives their chosen fate, the contestant may continue playing, but either way, rolling the d20 of Destruction results in a big point bonus that may make the difference between winning and losing, even if the rig is destroyed in the process!

More Info: @d20ctf

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Octavius 9 - Friday - 20:00-19:59


D0 N0 H4RM: A Healthcare Security Conversation

Friday at 20:00 in Octavius 9
Fireside Hax

Christian"quaddi" Dameff MD Emergency physician, Clinical Informatics fellow at The University of California San Diego.

Jeff "r3plicant" Tully MD Pediatrician, Anesthesiologist, University of California Davis

Kirill Levchenko PhD Associate Professor of Computer Science, University of California San Diego

Beau Woods Hacker

Roberto Suarez Hacker

Jay Radcliffe Hacker

Joshua Corman Hacker

David Nathans Hacker

Healthcare cybersecurity is in critical condition. That's not FUD, that's the bottom line from the Congressionally mandated Health Care Industry Cybersecurity Task Force report released just last year, a year which also saw the twin specters of WannaCry and NotPetya take down entire hospital systems while over half a million implanted pacemakers were recalled in the fallout of one of the most (ir?)responsible disclosures in recent memory. It's enough to make any concerned white hat reach for a stiff drink. And that's where we come in. After an incredibly successful, near-fire-code-violating jam packed session at DC25 as an Evening Lounge, 'D0 N0 H4rm' is diving deeper and going longer as it transforms into a Fireside Hax, assembling an even larger and more distinguished panel of expert hackers, policymakers, wonks, and health care providers to continue discussing, dissecting, and most importantly, debating the ways to keep patients safe in an increasingly perilous space. Featuring continuous audience interaction and with the same loose and informal flow that characterized the initial, libation rich hotel room gatherings, moderators quaddi and r3plicant invite you to add your voice to this incredibly important conversation. Pin this one down quickly, pre-registration is going to go fast.

Christian "quaddi" Dameff MD
Christian (quaddi) Dameff MD is an emergency medicine doctor, former open capture the flag champion, prior DEF CON speaker, and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his fourteenth DEF CON.

@cdameffmd

Jeff "r3plicant" Tully MD
Jeff (r3plicant) Tully MD is an anesthesiologist, pediatrician, and researcher with an interest in understanding the ever-growing intersections between healthcare and technology. Prior to medical school he worked on"hacking" the genetic code of Salmonella bacteria to create anti-cancer tools, and throughout medical training has remained involved in the conversations and projects that will secure healthcare and protect our patients as we face a brave new world of remote care, implantable medical devices, and biohacking.

@jefftullymd

Kirill Levchenko PhD

Beau Woods
Beau Woods is a leader with the I Am The Cavalry grassroots initiative, an Entrepreneur in Residence at the US Food and Drug Administration, a Cyber Safety Innovation Fellow with the Atlantic Council, and Founder/CEO of Stratigos Security. Beau has consulted with Global 100 corporations, the White House, members of Congress, foreign governments, and NGOs on some of the most critical cybersecurity issues of our time. Beau's focus is on Internet of Things (IoT) technologies where cybersecurity intersects public safety and human life issues, including healthcare, automotive, energy, oil and gas, aviation, transportation, and other sectors. Beau is a published author, frequent public speaker, often quoted in media, and is often engaged for public or private speaking venues.

Roberto Suarez
Roberto Suarez is a product security and privacy professional in the medical device and healthcare IT industry. At BD, Roberto is responsible for developing a Product Security Center of Excellence that drives process, capability and maturity to build products that are secure by design with transparency and control in mind. Giving product teams exposure to cyber security training and events, building their in-house expertise and promoting a company-wide community for product security is what Roberto is passionate about.

Jay Radcliffe
Jay Radcliffe is a Senior Security Consultant and Researcher. He is an offensive penetration tester with a knack for hardware hacking and embedded device security. He has given dozens of presentations at conferences around the world including DEF CON and Blackhat including several on the security of insulin pumps.

Joshua Corman
Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world's increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon's Heinz College and on the 2016 HHS Cybersecurity Task Force.

David Nathans
David Nathans currently serves as a Product Security Manager for Siemens Healthcare, where he specializes in building cybersecurity programs and Security Operation Centers. Having previously held prominent positions in the defense, retail, managed security and healthcare industries, Nathans has a wealth of cybersecurity knowledge which he shares to help protect companies from this growing threat. His experiences and lessons learned also stem from his time building security programs at one of the largest breached retail companies in history as well as working all over the world as a cyber-operations officer for the U.S. Air Force


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Lobby bar - Saturday - 23:55-24:59


Title:
DC 26 GothCon

Yes! Join us! Follow #DCGothCon for updates. Saturday night at 11:55pm we're flashmobbing the lobbycon bar for the witching hour. Wear your favorite things. (All goths, goth-adjacent, and friends allowed.) If you want in on the ad-hoc planning, dm me your email for the slack.
More Info: https://twitter.com/clevrcat/status/1022851252349284353
More Info: @ClevrCat

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Location TBA - Saturday - 22:00-25:59


Title:
DC801 Party

DC801 group Party
More Info: https://www.dc801.org/party2018/

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 10:00-10:45


De-anonymizing Programmers from Source Code and Binaries

Friday at 10:00 in Track 2
45 minutes |

Rachel Greenstadt Associate Professor, Drexel University

Dr. Aylin Caliskan Assistant professor of Computer Science, George Washington University

Many hackers like to contribute code, binaries, and exploits under pseudonyms, but how anonymous are these contributions really? In this talk, we will discuss our work on programmer de-anonymization from the standpoint of machine learning. We will show how abstract syntax trees contain stylistic fingerprints and how these can be used to potentially identify programmers from code and binaries. We perform programmer de-anonymization using both obfuscated binaries, and real-world code found in single-author GitHub repositories and the leaked Nulled.IO hacker forum.

Rachel Greenstadt
Dr. Rachel Greenstadt (PI) is an Associate Professor of Computer Science at Drexel University where she teaches graduate-level courses in computer security, privacy, and machine learning. She founded the Privacy, Security, and Automation Laboratory at Drexel University in 2008. Dr. Greenstadt was among the first to explore the effect of adversarial attacks on stylometric methods, and the first to demonstrate empirically how stylometric methods can fail in adversarial settings while succeeding in non-adversarial settings.

She has a history of speaking at hacker conferences including DEF CON 14, ShmooCon 2009, 31C3, and 32C3.

Dr. Greenstadt's scholarship has been recognized by the privacy research community. She is an alum of the DARPA Computer Science Study Group and a recipient of the NSF CAREER Award. Her work has received the PET Award for Outstanding Research in Privacy Enhancing Technologies and the Andreas Pfitzmann Best Student Paper Award. She currently serves as co-editor-in-chief of the journal Proceedings on Privacy Enhancing Technologies (PoPETs). Her research has been featured in the New York Times, the New Republic, Der Spiegel, and other local and international media outlets.

@ragreens

Dr. Aylin Caliskan
Aylin Caliskan is an assistant professor of computer science at George Washington University. Her research interests include the emerging science of bias in machine learning, fairness in artificial intelligence, data privacy, and security. Her work aims to characterize and quantify aspects of natural and artificial intelligence using a multitude of machine learning and language processing techniques. In her recent publication in Science, she demonstrated how semantics derived from language corpora contain human-like biases. In addition, she developed novel privacy attacks to de-anonymize programmers using code stylometry. Her presentations on both de-anonymization and bias in machine learning are the recipients of best talk awards. Her work on semi-automated anonymization of writing style furthermore received the Privacy Enhancing Technologies Symposium Best Paper Award. Her research has received extensive press coverage across the globe. Aylin holds a PhD in Computer Science from Drexel University and a Master of Science in Robotics from the University of Pennsylvania. She has previously spoken at 29C3, 31C3, 32C3, and 33C3.

@aylin_cim


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Chill Out Lounge - Saturday - 12:00-12:59


Title:
Deaf Con Meet Up

DEAF CON is a California 501 (c)(3) Non-profit organization. We provide outreach to the Deaf and HH community and information security community. We encourage Deaf and HH information security professionals to attend conferences, like Defcon. We help to provide communication services and spaces for professionals to meet and network with others. Anyone can come and attend our meet up and hangout!

More Info: https://www.deafconinc.org/    @_DEAFCON_

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Saturday - 10:00-13:59


Decentralized Hacker Net

Saturday, 1000-1400 in Icon F

Eijah Founder, Promether

As hackers, sometimes we need to send data without anybody knowing anything. We don't want anybody to know what we're sending, so we use encryption. That's the easy part. We also don't want anybody to know that we're sending any data. That's the hard part. The observation of our presence on the network could be enough to get us in trouble. And that's just not acceptable. We need to figure out a way to hide in plain sight.

Creating an environment where data can be sent securely and our presence on the network is hidden, is not an easy thing to do. We can't rely on centralized technologies, which means we need to build a decentralized network. The network should be adaptive and flexible enough to send any type of data to any number of users. But how do we inject anonymity into a network while still supporting the verification of identity between parties? Can we establish trust without having to trust?

This workshop takes you through the process of creating a decentralized network that allows you to circumvent detection by governments and corporations. You'll be able to securely communicate and share data while masking your online identity. You'll create an adaptive, node-based infrastructure where data is shared via Distributed Hash Tables (DHT) backed by real-time asymmetric Elliptic-curve cryptography (ECC). If you've ever wanted to punch a hole through a great (or not-so-great) firewall, this workshop is for you.

Please note that this is a medium-level, technical workshop and requires that attendees have prior experience in at least one programming language, preferably C or C++. Bring your laptop, a USB flash drive, and your favorite C/C++ 11 compiler (>= gcc/g++ 4.9.2 or msvc 2015).

Prerequisites: Previous experience in at least one programming language is required. Previous experience with C/C++ and cryptography is helpful, but not required.

Materials: Laptop with Windows, Linux, or OSX. USB flash drive for saving their progress.

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/decentralized-hacker-net-icon-f-tickets-47194682566
(Opens July 8, 2018 at 15:00 PDT)

Eijah
Eijah is the founder of Promether and has 20+ years of software development and security experience. He is also the creator of Demonsaw, an encrypted communications platform that allows you to chat, message, and transfer files without fear of data collection or surveillance. Before that Eijah was a Lead Programmer at Rockstar Games where he created games like Grand Theft Auto V. He has been a faculty member at multiple colleges, has spoken about security and development at DEFCON and other security conferences, and holds a master's degree in Computer Science. Eijah is an active member of the hacking community and is an avid proponent of Internet freedom.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 11:00-11:59


Title:
Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe?

Soldier of FORTRAN
@mainframed767
Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe?

In 2012 hackers were running rampant in Swedens federal mainframes. During the course of the investigation it was thought it might be a good idea to release *ALL* the investigation documentation to the public. Included in these public files were snippets (or full programs) of the tools the hackers developed to work on an IBM z/OS mainframe (see: https://wikileaks.org/gottfrid-docs/). But not every tool developed were included in those papers. Shortly after the documents were released, your speaker was sent a DM out of the blue with a link to a pastebin (https://pastebin.com/Apk5zWDj) and two simple questions: "was this an exploit? how did it work?" Why did they contact the speaker? Because it was thought he originally was the one who did the breach. This talk will go over the breach in a high level before diving DEEP in to the unix part of a mainframe, looking at exactly what this C program was doing (or attempting to do) and how it accomplished it. This talks got it all when it comes to mainframe privilege escalation, APF authorized unix programs (a special attribute on z/OS), buffer overflows, hijacking return addresses, debugging C programs and changing ACEEs. All of these will be peppered with demos to show how it worked. After this talk you'll be able to know exactly what DeFeNeStRaTe.C was (trying?) to do and see it in action!


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 16:00-16:59


Deep Exploit

Isao Takaesu

DeepExploit is fully automated penetration tool linked with Metasploit. It identifies the status of all opened ports on the target server and executes the exploit at pinpoint using Machine Learning.

Isao Takaesu is CISSP. He is working in Mitsui Bussan Secure Directions, Inc. as security engineer and researcher. He found many vulnerabilities in client’s server and proposed countermeasures to client. He thinks that there’s more and wants to find vulnerabilities. Therefore, he is focused on artificial intelligence technology for cyber security. Now, he is developing the penetration test tool using machine learning.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 11:20-11:40


DeepPhish: Simulating the Malicious Use of AI

Ivan Torroledo

Machine Learning and Artificial Intelligence have become essential to any effective cyber security and defense strategy against unknown attacks. In the battle against cybercriminals, AI-enhanced detection systems are markedly more accurate than traditional manual classification. Through intelligent algorithms, detection systems have been able to identify patterns and detect phishing URLs with 98.7% accuracy, giving the advantage to defensive teams. However, if AI is being used to prevent attacks, what is stopping cyber criminals from using the same technology to defeat both traditional and AI-based cyber-defense systems? This hypothesis is of urgent importance - there is a startling lack of research on the potential consequences of the weaponization of Machine Learning as a threat actor tool. In this talk, we are going to review how threat actors could exponentially improve their phishing attacks using AI to bypass machine-learning-based phishing detection systems. To test this hypothesis, we designed an experiment in which, by identifying how threat actors deploy their attacks, we took on the role of an attacker in order to test how they may use AI in their own way. In the end, we developed an AI algorithm, called DeepPhish, that learns effective patterns used by threat actors and uses them to generate new, unseen, and effective attacks based on attacker data. Our results show that, by using DeepPhish, two uncovered attackers were able to increase their phishing attacks effectiveness from 0.69% to 20.9%, and 4.91% to 36.28%, respectively.

Ivan Torroledo is the lead data scientist in the Cyxtera Research organization. In this role, he develops and implements Machine and Deep Learning algorithms to enhance phishing detection, network security, fraud detection, and malware mitigation. Ivan is also highly interested in research on the application of Machine and Deep Learning in high energy physics and astrophysics. Before joining Cyxtera, he worked at the Central Bank of Colombia, applying high performance computing tools to monetary policy analysis. He is passionate about applying the most advanced scientific knowledge to cyber security industry. Ivan holds degrees in Economics and Physics.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 15:30-17:15


DEF CON 101 Panel

Thursday at 15:30 in 101 Track, Flamingo
105 minutes | Audience Participation

HighWiz Founder, DC 101

Nikita Director of Content & Coordination, DEF CON

Roamer CFP Vocal Antagonizer

Chris "Suggy" Sumner Co-Founder, Online Privacy Foundation

Jericho "Squirrel"

Wiseacre Former Doer Of Things

Shaggy The Mountain

Ten years ago, DEF CON 101 was founded by HighWiz as a way to introduce n00bs to DEF CON. The idea was to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). The DEF CON 101 panel has been a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to learn about all things DEF CON so you, dear reader, can get the best experience possible. The panel will end with the time honored tradition of "Name the n00b" where lucky attendees will be brought up on stage to introduce themselves to you and earn the coveted 101 n00b handle. Don't worry if you don't make it on to the stage, there will be plenty of other prizes for you to enjoy!

HighWiz
HighWiz is born of glitter and moon beams and he has all the right moves. He is the things that sweet dreams are made of and nightmares long to be... Years ago, with the help of some very awesome people*, he set about to create an event that would give the n00bs of DEF CON a place to feel welcomed and further their own pursuit of knowledge. For years he has held onto the simple tenet that "You get out of DEF CON what you put into it". HighWiz is the fabled Man on the Mountain whom people seek to gain a taste of his forbidden knowledge. He is a rare sighting at DEF CON only to be glimpsed by those lucky few. HighWiz is a member of the DEF CON CFP Review Board and Security Tribe.

*Some (but not all) of the people HighWiz would like to thank for helping to make 101 into what it is today : Runnerup, Wiseacre, Nikita, Roamer, Shaggy, Lockheed, Pyr0, Zac, V3rtgio, 1o57, Neil, Sethalump, AlxRogan, Jenn, Zant, MalwareUnicorn, Clutch, TheDarkTangent, Siviak, Ripshy, Valkyrie, Xodia, Flipper and all the members of Security Tribe.

@highwiz

Nikita
For over 15 years, Nikita has worked to ensure DEF CON runs as smoothly as one can expect from a hacker conference. In addition to planning a vast array of details prior to DEF CON and thwarting issues while onsite, she also serves as the Director of Content for the CFP Review Board.

@niki7a

Roamer
Appearing in a cloud of (cigarette) smoke, Roamer is a man full of whiskey and ideas. He has appeared at DEF CON since before (almost) the beginning. He is a renown author, speaker, pontificator and is famous for giving the most entertaining Worldwide Wardrive talk. He is also the Grand Vizier of All Things Vendor—you are welcome. When Roamer speaks, people listen. And often fall in love.

Chris "Suggy" Sumner
Chris "Suggy" Sumner is the polite one. He is a co-founder of the not-for-profit Online Privacy Foundation, who contribute to the field of online behavioural research. Suggy is also the CFP review board's undisputed fence sitting champion.

@5uggy

Jericho
Since 1992, Jericho has been poking about the hacker/security scene. His experience has allowed him to develop (and deliver—often in the form of rants) a great perspective on many topics, mostly security related. He has been a speaker at security conferences worldwide, primarily for the free travel to exotic locales. A founding member of Attrition.org, he was also the content manager for the Open Source Vulnerability Database (OSVDB) and an officer in the Open Security Foundation (OSF). He is a champion of security industry integrity and small misunderstood creatures. He epitomizes the saying, "Why be a pessimist? It won't work, anyway."

@attritionorg

Wiseacre
Wiseacre was introduced to DEF CON by Roamer. Though he appeared at his first DEF CON because of the Capture the Flag contest, Roamer and HighWiz showed him how to make DEF CON so much more than simply attending the talks. From then on he made a point to participate in as much as he could. Of course, this was all within the limits of social anxiety so, if it allowed participation as a wallflower, he was in! Now, he wants to make sure everyone else gets to know as much as possible about this year's conference. In his private life, Mike hacks managers and is happy anyone listens to him at all.

wiseacre_mike

Shaggy
Shaggy has the Voice of Barry White, the brains of Albert Einstein and the soul of Bea Arthur. He has a few philosophies on life: He believes that while the righteous keep moving forward, those with clean hands become stronger and stronger . That the field of battle between God and Satan is the human soul. It is in the soul that the battle rages every moment of life. He also believes that one should Start by doing what's necessary; then do what's possible; and suddenly you are doing the impossible. Because You learn to speak by speaking, to study by studying, to run by running, to work by working, and just so, you learn to love by loving. All those who think to learn in any other way deceive themselves.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Rockhouse Bar 3370 S Las Vegas Blvd - Thursday - 20:00-23:59


Title:
DEF CON 26: Bugcrowd House Party

Dont miss out on Bugcrowds 2nd annual House Party at the Rockhouse Bar! Join us for an epic night of live-action chefs, flair bartenders, games and a live performance by DualCore.

There are only a few spots left so register now!

When: Thursday, August 9, 2018: 8:00PM Midnight

Where: Rockhouse Bar | 3377 S Las Vegas Blvd, Las Vegas, NV

More Info: https://ww2.bugcrowd.com/2018-defcon-house-party.html

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Friday - 18:00-19:59


Title:
DEF CON Beard and Moustache Contest

Held every year since DEF CON 19 in 2011 (R.I.P. Riviera), the DEF CON Beard and Moustache Contest highlights the intersection of facial hair and hacker culture.

More Info: http://www.dcbeard.com/    @DCBeardContest

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 14:15-16:15


Title: DEF CON Biohacking Village Badge Talk

Speaker: Joel Murphy
Abstract:
Joel will talk about how the DEF CON Biohacking Village came together in all its wonderful glory

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Saturday - 18:00-19:59


Title:
DEF CON Blitz Chess Tournament

The first-ever DEF CON Chess Tournament, in Blitzkrieg format, in which there will be just 5 minutes on each players clock. During the tournament, each player will play every other player one time. A victory is 1 point, a draw 1/2, and a loss 0. At the end of the tournament, the player with the highest score wins the grand prize (tbd) and a trophy. In the event of a tie, there will be a sudden death playoff between the highest scorers to determine the champion.
More Info: @DefconChess

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 16:00-17:45


DEF CON Closing Ceremonies

Sunday at 16:00 in Track 1
105 minutes | Audience Particption

The Dark Tangent

DEF CON Closing Ceremonies

The Dark Tangent


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - The Park on Las Vegas Blvd. by TMobile Arena - Friday - 18:30-20:30


Title:
DEF CON Dinner Con

Who's ready for @defcon ? Rumors going around that it's been cancelled once again. Even if it is, you gotta eat so come to @DEFCONDinner on Friday, August 10th 2018 at The Park 3782 S Las Vegas Blvd. by @TMobile Arena. 6:30 pm until about 8:00 pm. Then off to your parties!
Return to Index    -    Add to    -    ics Calendar file

 

Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Thursday - 06:00-06:59


Title:
Defcon 26 4X5K run

"Good Livin" is returning to DefCon 26, because maybe you want a little more! Maybe you feel like getting up at 5:30 in Vegas. Maybe you didn't stop the night before. Maybe because 6 AM is the coolest time for a run in Vegas (It's only 80!) Who cares let's go for a run!
We hit all the hot spots on the 4x5K @defcon with @whereiskurt ! Details here. https://www.reddit.com/r/Defcon/comments/8rcc5m/defcon_26_4_x_5k_is_on_again/ . . .
Also don't forget a World Run by Hackers https://www.eventbrite.com/e/world-run-by-hackers-5th-edition-registration-47811111321 . . . for even more running.
More info: @Agent__X__ tweet

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Friday - 06:00-06:59


Title:
Defcon 26 4X5K run

"Good Livin" is returning to DefCon 26, because maybe you want a little more! Maybe you feel like getting up at 5:30 in Vegas. Maybe you didn't stop the night before. Maybe because 6 AM is the coolest time for a run in Vegas (It's only 80!) Who cares let's go for a run!
We hit all the hot spots on the 4x5K @defcon with @whereiskurt ! Details here. https://www.reddit.com/r/Defcon/comments/8rcc5m/defcon_26_4_x_5k_is_on_again/ . . .
Also don't forget a World Run by Hackers https://www.eventbrite.com/e/world-run-by-hackers-5th-edition-registration-47811111321 . . . for even more running.
More info: @Agent__X__ tweet

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Saturday - 06:00-06:59


Title:
Defcon 26 4X5K run

"Good Livin" is returning to DefCon 26, because maybe you want a little more! Maybe you feel like getting up at 5:30 in Vegas. Maybe you didn't stop the night before. Maybe because 6 AM is the coolest time for a run in Vegas (It's only 80!) Who cares let's go for a run!
We hit all the hot spots on the 4x5K @defcon with @whereiskurt ! Details here. https://www.reddit.com/r/Defcon/comments/8rcc5m/defcon_26_4_x_5k_is_on_again/ . . .
Also don't forget a World Run by Hackers https://www.eventbrite.com/e/world-run-by-hackers-5th-edition-registration-47811111321 . . . for even more running.
More info: @Agent__X__ tweet

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Sunday - 06:00-06:59


Title:
Defcon 26 4X5K run

"Good Livin" is returning to DefCon 26, because maybe you want a little more! Maybe you feel like getting up at 5:30 in Vegas. Maybe you didn't stop the night before. Maybe because 6 AM is the coolest time for a run in Vegas (It's only 80!) Who cares let's go for a run!
We hit all the hot spots on the 4x5K @defcon with @whereiskurt ! Details here. https://www.reddit.com/r/Defcon/comments/8rcc5m/defcon_26_4_x_5k_is_on_again/ . . .
Also don't forget a World Run by Hackers https://www.eventbrite.com/e/world-run-by-hackers-5th-edition-registration-47811111321 . . . for even more running.
More info: @Agent__X__ tweet

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Circle Bar - Friday - 17:00-18:59


Title:
DEFCON 909 Meet Up

More Info: https://twitter.com/defcon909/status/1026524118164750336?s=03

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Palace Forum Tower, Rm TBA - Saturday - 21:00-25:59


Title:
Defcon Monero Party 2018

For immediate release

From: The Monero Enterprise Alliance

Last year, the Monero Enterprise Alliance reached out to the privacy loving hackers of Defcon and hosted an open house gathering of a few hundred friends and supporters at the first Defcon Monero Party. It brought people together, and everyone had a blast.

The event was such a success, that we're doing it again, and we're going bigger. Once again at Caesar's Palace; once again, YTcracker is kicking off the event on Saturday night at 9pm. DJ KSODIP spins at 10pm and FuzzyNop slices 11pm. The room is bigger, the music is bolder.
. . .
More info: Defcon Monero Party 2018 reddit announcment
More info: @cinnamonflower

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 10:00-10:45


Defending the 2018 Midterm Elections from Foreign Adversaries

Sunday at 10:00 in Track 2
45 minutes | Demo, Tool

Joshua M Franklin Hacker

Kevin Franklin Hacker

Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee (DNC) IT services company, and foreign adversaries probed voter registration systems. The tool now cross-checks domain information against open source threat intelligence feeds, and uses a semi-autonomous scheme for identifying phundraising and false flag sites via ensembled data mining and deep learning techniques. We identified Russian nationals registering fake campaign sites, candidates deploying defensive—and offensive—measures against their opponents, and candidates unintentionally exposing sensitive PII to the public. This talk provides an analysis of our 2016 Presidential Election data, and all data recently collected during the 2018 midterm elections. The talk also details technological and procedural measures that government offices and campaigns can use to defend themselves.

Joshua M Franklin
Joshua Franklin has over a decade of experience working with election technology, and is a security engineer at the National Institute of Standards and Technology (NIST) focusing on cellular and electronic voting security. Prior to NIST, Joshua worked at the U.S. Election Assistance Commission gathering hands-on experience with a variety of voting technologies. Joshua managed federal certification efforts and alongside election officials, labs, and manufacturers across the United States. Joshua recently co-chaired the Election Cybersecurity Working Group, and was the principal author for the security portions of the next generation of federal voting system standards.

Kevin Franklin
Kevin Franklin has several decades of technology experience in big data. He possesses an undergraduate degree in Engineering from Mississippi State University and a masters degree in Computer Science from Southern Polytechnic University.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 13:30-13:59


Defense in Depth: The Path to SGX at Akamai

Sam Erb, Software Engineer at Akamai Technologies

In this presentation you will learn how Akamai has spent the past 4 years working toward preventing the next TLS heartbleed incident. Nothing hypothetical --only deployed defense-in-depth systems will be discussed. This talk will include how we deployed Intel SGX at scale in our network.

Sam Erb (Twitter: @erbbysam) is a 2x black badge winner with Co9 in the Badge Challenge and is working to make the Internet a safer place.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 12:00-13:50


DejaVU—An Open Source Deception Framework

Sunday 08/12/18 from 1200-1350 at Table Three
Offense/Defense

Bhadreshkumar Patel

Harish Ramadoss

Deception techniques—if deployed well—can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to detect attacks at very early stage of cyber kill chain. But the challenge we have seen is deploying, managing and administering decoys across large networks. Although there are lot of commercial tools in this space, we haven't come across open source tools which can achieve this.

With this in mind, we have developed DejaVu which is an open source deception framework which can be used to deploy, configure and administer decoys centrally across the infrastructure. A web-based management console can be used by the defender to deploy multiple interactive decoys (HTTP Servers,SQL,SMB,FTP,SSH,client side–NBNS) strategically across their network on different VLANs. Logging and alerting dashboard displays detailed information about the alerts generated and can be further configured to generate high accuracy alert; and how these alerts should be handled.

Decoys can also be placed on the client VLANs to detect client side attacks such as responder/LLMNR attacks using client side decoys. Additionally, common attacks which the adversary uses to compromise such as abusing Tomcat/SQL server for initial foothold can be deployed as decoys, luring the attacker and enabling detection.

https://github.com/bhdresh/Dejavu

Bhadreshkumar Patel
Bhadreshkumar Patel is a Reverse Engineer by nature and Security Specialist/Pentester by profession with 10 years of experience in offensive and defensive side of security. Likes to code, break stuff, play with controllers. Got lucky in finding zero days in Facebook, NGFW, wireless routers, HMS etc. Dejavu is Bhadresh's first conference submission, but not his first contribution to the security community.

Harish Ramadoss
Harish Ramadoss has over seven years of experience in offensive security space focusing on application and infrastructure security assessments. Led large scale penetration testing engagements for various clients across Finance, Government and Defense.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 11:00-11:45


Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits

Sunday at 11:00 in Track 3
45 minutes | Demo, Tool, Exploit, Audience Participation

zerosum0x0 Hacker

MS17-010 is the most important patch in the history of operating systems, fixing remote code execution vulnerabilities in the world of modern Windows. The ETERNAL exploits, written by the Equation Group and dumped by the Shadow Brokers, have been used in the most damaging cyber attacks in computing history: WannaCry, NotPetya, Olympic Destroyer, and many others.

Yet, how these complicated exploits work has not been made clear to most. This is due to the ETERNAL exploits taking advantage of undocumented features of the Windows kernel and the esoteric SMBv1 protocol.

This talk will condense years of research into Windows internals and the SMBv1 protocol driver. Descriptions of full reverse engineering of internal structures and all historical background info needed to understand how the exploit chains for ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY work will be provided.

This talk will also describe how the MS17-010 patch fixed the vulnerabilities, and identify additional vulnerabilities that were patched around the same time.

zerosum0x0
zerosum0x0 is the author of all MS17-010 ETERNAL Metasploit exploit modules and was the first to reverse engineer the DOUBLEPULSAR backdoor. He has taught workshops on Windows internals at DEF CON and to government agencies.

@zerosum0x0


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Friday - 14:30-18:30


Deploying, Attacking, and Securing Software Defined Networks

Friday, 1430-1830 in Icon F

Jon Medina Security Architect, Protiviti
Megha Kalsi Security Manager, Protiviti

Let's get our hands dirty in Software Defined Networking! Whether you're a network engineer or just a netsec enthusiast, this workshop will provide you with tools and guidance to set up, attack, and secure a software defined network from scratch using open-source tools and cloud-based switching software. Each attendee will be given access to a lab environment where they can deploy, test, configure, break, and secure a software defined network. All scripts and deployment instructions will be provided at the end, so you can continue your testing and research back home, or use it to make friends and win bets at the pub.

Prerequisites: Basic networking, knowledge of the OSI model, and basic *nix shell familiarity.

Materials: Laptop with internet access, web browser with HTML5 capability

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/deploying-attacking-and-securing-software-defined-networks-icon-f-tickets-47193792905
(Opens July 8, 2018 at 15:00 PDT)

Jon Medina
Jon is a security nerd who has worked in networking and security capacities for everything from the Department of Defense, to the Fortune 500, to state and local government. He currently works for Protiviti providing security consulting for a wide variety of clients and industries. His interests outside of security include traveling, hockey, strange beers, and his bulldog. He's spoken at Shmoocon, BSides, and many other security events and conferences.

Megha Kelsi
Megha is an Orlando-based security geek who’s worked in consulting across a wide variety of industries and solutions. She works extensively in security architecture, network security, vulnerability assessments, social engineering (Ferris Bueller style), incident response, and security operations. She enjoys spending time with her family, dancing, boxing / kickboxing (beating the crap out of punching bags is a hobby right?), and keeping up with the latest security news.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 12:00-12:45


Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities

Sunday at 12:00 in Track 3
45 minutes | Demo, Tool, Exploit

Matt Knight Senior Security Engineer, Cruise Automation

Ryan Speers Director of Research, Ionic Security

In this session, we introduce an open source hardware and software framework for fuzzing arbitrary RF protocols, all the way down to the PHY. While fuzzing has long been relied on by security researchers to identify software bugs, applying fuzzing methodologies to RF and hardware systems has historically been challenging due to siloed tools and the limited capabilities of commodity RF chipsets.

We created the TumbleRF fuzzing orchestration framework to address these shortfalls by defining core fuzzing logic while abstracting a hardware interface API that can be mapped for compatibility with any RF driver. Thus, supporting a new radio involves merely extending an API, rather than writing a protocol-specific fuzzer from scratch.

Additionally, we introduce Orthrus, a low-cost 2.4 GHz offensive radio tool that provides PHY-layer mutability to offer Software Defined Radio-like features in a flexible and low-latency embedded form factor. By combining the two, researchers will be able to fuzz and test RF protocols with greater depth and precision than ever before.

Attendees can expect to leave this talk with an understanding of how RF and hardware physical layers actually work, and how to identify security issues that lie latent in these designs.

Matt Knight
Matt Knight (@embeddedsec) is a Senior Security Engineer with Cruise Automation, where he works on securing autonomous cars and the infrastructure that supports them. Matt also leads the RF practice at River Loop Security, an embedded systems security and design consultancy. With specific interests in RF networks and physical layers, he notably reverse engineered the LoRa PHY based on blind signal analysis, and has run several trainings on RF reverse engineering fundamentals. Matt holds a BE in Electrical Engineering from Dartmouth College.

@embeddedsec

Ryan Speers
Ryan Speers (@rmspeers) is a security researcher and developer who enjoys embedded systems, low-power radio protocols, and reversing proprietary systems. He has worked in offensive and defensive roles on networks, Windows, micro controllers, and many things in-between. As co-founder at River Loop Security, he tests embedded systems for security issues, and helps clients build more secure systems. He is also Director of Research for Ionic Security where he leads system and cryptographic research. He has previously spoken at a number of security conferences and written some articles for journals ranging from peer-reviewed academic publications to PoC||GTFO.

@rmspeers


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 13:30-13:50


Detecting Blue Team Research Through Targeted Ads

Saturday at 13:30 in Track 2
20 minutes |

0x200b Hacker

When my implant gets discovered how will I know? Did the implant stop responding for some benign reason or is the IR team responding? With any luck they'll upload the sample somewhere public so I can find it, but what if I can find out if they start looking for specific bread crumbles in public data sources? At some point without any internal data all blue teams turn to OSINT which puts their searches within view of the advertising industry. In this talk I will detail how I was able to use online advertising to detect when a blue team is hot on my trail.

0x200b
I'm just a Security researcher who's always using tools in unintended ways. I'm a defender by trade, I work on understating the adversary then designing the mitigations based on what I've learned. Currently I work at the intersection of healthcare and the cloud, designing systems that make it harder for the adversary to operate.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 15:20-15:59


Detecting Web Attacks with Recurrent Neural Networks

Fedor Sakharov

“Classic Web Application Firewalls (WAFs) mostly use rule-based approach for attack detection. This approach is known to have its pros and cons. Despite offering decent protection from automated attacks and predictable detection results rule-based approach has and always will have certain disadvantages. We all know that it’s useless against 0-day attacks or that even the most sophisticated rules are easily evaded by skilled professionals. That is why a more effective approach should involve some kind of heuristics. Let’s give a chance to artificial intelligence to find something non-obvious for human perception in raw data and try to explain its results.

To this day AI has been more often used for cat classification rather than for detecting application-level attacks on HTTP applications. Our team decided to test the hypothesis that Deep Learning is able to detect web-based attacks effectively. We started with very simple neural network architectures and tried to use them for classification. After some experiments it became clear that we needed more complex networks so we abandoned our attempts to use classification shifting to anomaly detection. Eventually, we ended up using seq2seq model with attention mechanisms which is able to detect zero-day web attacks with minimal number of false positives.”

Irina Stepanyuk is a data scientist from Moscow, Russia. For some time Irina is a researcher in Positive Technologies. She develops data analysis algorithms in relation to information security. Moreover, Irina is a Master’s student in the Faculty of Computer Science at the Higher School of Economics, where she also participates in data science projects and research.

Arseny Reutov is a web application security researcher from Moscow, Russia. Arseny is the Head of Application Security Research at Positive Technologies Ltd where he specializes in penetration testing, the analysis of web applications, and application security research. He is the author of research papers and blog posts on web security published in such magazines as Hacker (Xakep) and HITB Magazine as well as in his blog raz0r.name. He was a speaker at ZeroNights, CONFidence, PHDays and OWASP conferences. Arseny loves making web security challenges (#wafbypass on Twitter) as well as solving them. His passion are modern web technologies and finding vulnerabilities in them.

Fedor is a software developer from Moscow, Russia. He takes interest in various aspects of low-level programming and information security. For some time he has contributed to opensource reverse-engineering framework radare2, his diploma thesis is about transparent application CFG control in runtime and he has a solid experience with Linux kernel programming, drivers as well as kernel subsystems. That’s not all, since recently he leads the security-focused machine learning research at Positive Technologies.”


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 16:00-16:30


Title:
Diagnosing Sick Plants with Computer Vision

Machine Learning + webcam = auto-diagnosing of Cannabis
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 14:00-14:30


Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones

Saturday at 14:00 in Track 2
20 minutes |

Eduardo Izycki Hacker

Rodrigo Colli Hacker

In his notorious book Leviathan, the XVII century English philosopher Thomas Hobbes stated that: we should give our obedience to an unaccountable sovereign otherwise what awaits us is a state of nature that closely resembles civil war—a situation of universal insecurity. It looks like a lot of current political leaders have red and found the teachings of Hobbes applicable to modern day online life.

We witness the rise of the Digital Leviathan. The same apps and applications that people use to connect, express opinions and dissatisfaction are used by governments (even democratic ones) to perform surveillance and censorship.

This talk will focus on evidence of Nation-State spying, performing surveillance, and censorship. The aim is to present a systematical approach of data regarding cyber attacks against political targets (NGO/political groups/media outlets/opposition), acquisition and/or use of spywares from private vendors, requested content/metadata from social media/content providers, and blocking of websites/censorship reported by multiple sources.

The findings of the research imply that:
- 25 nations that have already used cyber offensive capabilities against political targets.
- 60 nations acquired/developed spyware.
- 117 nations requested content/metadata from social media/content providers.
- 21 countries perform some level of censorship to online content.

Eduardo Izycki
Eduardo Izycki and Rodrigo Colli are both independent researchers with experience on information security and incident response. They worked in private-public task force for threat and risk assessment to major events in Brazil during the Confederations Cup 2013, World Cup 2014 and Olympic Games 2016.

Rodrigo Colli


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 11:00-11:30


Disabling Intel ME in Firmware

Brian Milliron

Abstract

Modern OSes have consistently raised the bar in regards to security with each revision, largely due to the efforts of the security community to find and report bugs. Because of this the OS layer is reasonably secure at this point. However the security of the hardware layer has fallen far behind and now represents the biggest threat. In particular, the Intel Management Engine is a huge security hole which Intel has put great effort into forcing users to accept blindly. No more. This talk will present a how to on permanently disabling Intel ME by reflashing the BIOS using a Raspberry Pi. Take back control of your own hardware and give Big Brother’s Backdoor the boot.

Bio

Brian Milliron works as a freelance penetration tester for ECR Security. He has been monkeying around with security since his teens and has worked as a pentester for the last 8 years, working primarily with the Energy/Utility sector. Besides popping shells and defeating Big Brother technology, he also enjoys exploring the RF spectrum, finding new uses for Raspberry Pis, studying malware, nature and off-grid living.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 13:15-13:45


Disassembly and Hacking of Firmware Where You Least Expect It: In Your Tools- with live hacking demonstration

August 11, 2018 1:15 PM

In this session we'll cover: Why EVERYTHING is a computer running software and can be attacked Vulnerability and capability assessment of firmware attacks Physical ramifications of tool attacks Finding and verifying firmware Some instances where "less security" is better Safety / Security tips for firmware Screen reader support enabled.

Speaker Information

Monta Elkins

FoxGuard Solutions

Monta Elkins is currently Hacker-in-Chief for FoxGuard Solutions, an ICS patch provider. Considered by many of his friends to be the Chuck Norris of ICS Cybersecurity, Rackspace enjoyed his tenure as Security Architect. Monta has been a speaker at more security conferences than even his enormous ego can remember including: DEFCON, EnergySec, ICSJWG, GridSecCon, CIP Emerging Technology Roundtable, ICS CyberSecurity, SANS ICS Summit, and Nuke CIP Pyongyang. In his spare time, Monta is the totally-safe-for-work "Coke and Strippers" YouTube channel creator, solving all the world's problems using Cold War era electronic technologies. https://tinyurl.com/y6vpmbw4 Known for having once discovered ALL the devices on an ICS network, Monta has served as a guest lecturer for colleges, universities and elsewhere teaching Arduino programming/circuit design, SDR, and rapid prototyping techniques. As a small child, he entertained himself by memorizing Pi -- backwards.


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 18:30-19:29


Title: Discussion

Speakers: Speaker TBA

Description:




Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 18:00-18:59


Title: Discussion

Speakers: Speaker TBA

Description:




Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Octavius 13 - Friday - 20:00-19:59


Disrupting the Digital Dystopia or What the hell is happening in computer law?

Friday at 20:00 in Octavius 13
Fireside Hax | Audience Participation

Nathan White Senior Legislative Manager, Access Now

Nate Cardozo Senior Staff Attorney, EFF

1984 didn't just happen because of a calendar. The world of 1984 was built by politicians who used the rule of law to change society into an oppressive surveillance state. In Washington D.C., politicians today are making decisions about what technologies we're permitted to use and how they'll be used in society. In this talk we'll break down 4-5 bills currently under discussion in Congress and explain who they'll impact the DEF CON community.

Nathan White
Nathan White spent five years working for the U.S. congress before starting a political consulting firm as a registered lobbyist. He now serves as the Senior Legislative Manager for Access Now, where he works to defend our digital rights. He has run political and issue campaigns from Maui to Maryland to Melbourne. He helped advocacy campaigns including the fight to save Net Neutrality at the FCC (2015) and the USA FREEDOM Act in Congress. At Access Now he co-organized the Crypto Summit and Crypto Summit 2.0. He worked to build the SaveCrypto.org campaign and helped create the international coalition to Secure The Internet (securetheinternet.org). He works everyday to educate Washington D.C. beltway types about our community.

@NathanielDWhite

Nate Cardozo
Nate Cardozo is a Senior Staff Attorney on EFF's civil liberties team where he focuses on cybersecurity policy and defending coders' rights. Nate has litigated cases involving electronic surveillance, freedom of information, digital anonymity, online free expression, and government hacking. His other projects include defending encryption, fighting software export controls, preserving automotive privacy, and assisting surveillance law reform efforts. As an expert in technology law and civil liberties, Nate works on EFF's Who Has Your Back report and regularly assists companies in crafting rights-preserving policies and advising on compliance with legal process. When he's not brewing beer with his EFF colleagues, Nate serves on the boards of directors of the First Amendment Coalition and the South Asian Film Preservation Society. Nate has a B.A. in Anthropology and Politics from U.C. Santa Cruz and a J.D. from U.C. Hastings where he has taught first-year legal writing and moot court.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 13:00-13:30


Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear

Friday at 13:00 in 101 Track, Flamingo
20 minutes | Demo, Audience Participation, Tool

zenofex Hacker

The Teddy Ruxpin is an iconic toy from the 1980's featuring an animatronic teddy bear that reads stories from cassette tapes to children. In late 2017, a new model of the toy was released with improvements including Bluetooth connectivity, LCD eyes, and a companion mobile application. While the new bear features a number of improvements, the Teddy Ruxpin's original ability to add new stories by replacing the included cassettes is no longer applicable, and it requires users to supply files to the bear in a proprietary format.

This presentation aims to show how the new Teddy Ruxpin was reverse engineered down to a very low level in order to create new content. I will reveal the inner workings of the hardware and software within the bear and document the process used to reverse engineer it. I will then examine the communication between the mobile application and Teddy Ruxpin as well as the custom structure of the digital books read by the bear. I will end the presentation by releasing a toolset that allows users to create their own stories followed by a demo showcasing the Teddy Ruxpin greeting the DEF CON audience.

zenofex
Zenofex (@zenofex) is a senior research scientist at Cylance. Zenofex founded the Exploitee.rs which is a public research group that has released exploits for over 65 devices including the Amazon FireTV, Roku Media Player and the Google Chromecast. Zenofex is also a member of Austin Hackers (AHA) and has spoken at a number of security conferences including BlackHat and DEF CON.

@zenofex


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 17:00-17:59


Title: Diversity and Equality in Infosec

Speakers: Speaker TBA

Description:

As the field of Infosec continues to grow in numbers, it is also growing in terms of diversity. Arguably the field needs bring in as many diverse perspectives as possible in order to face ever escalating technological and non-technological challenges. We seek to discuss the ethics of promoting diversity and equality, the ethics of the current methods in promoting diversity and equality, and what can be done to ethically promote diversity and equality in infosec.




Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 13:30-14:15


Title: DNA Encryption: Bioencryption to Store Your Secrets in living organisms

Speaker: John Dunlap
Abstract:
Recent advances in genetic sequencing and modification technology have made the goal of storing data in living cells an attainable goal. In this talk John Dunlap will cover the history of attempting to encrypt secrets into living cells, and discuss his own experiments encrypting secrets in living cells with affordable lab equipment. John will discuss lab methods, suitable encryption algorithms, and methods for detecting data tucked away in innocuous model organisms, as well as potential issues with the concept of DNA as data storage. John will also present his own software tool for converting data into a suitable form for storage in Living organisms.

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 10:00-10:59


Title:
Don't Bring Me Down: Weaponizing botnets


@3ncr1pted

Don't Bring Me Down: Weaponizing botnets

"We're seeing an evolution in botnets. The impact of Mirai bringing down a huge swath of the internet two years ago raised awareness but the release of the Mirai code has raised a new army of botnets that are capable of more than just DDOS on basic systems. But Mirai isnt the only botnet in town. There are some serious contenders with unexpected enhancements looking for new recruits to work in the bitcoin mines.


Routers and cameras and toasters oh my! The ongoing deluge of devices that connect to the Internet is an IoT nightmare, and an attackers dream. Default credentials and weak passwords are only the beginning. Especially with a bevy of unpatched, vulnerable systems on which to unleash some substantial exploits. Persistence and lateral movement ftw!
DDoS isnt just childs play when attacks are in the realm of terabytes. What happens when we move past outages, and into destructive payloads? And what happens when weaponization meets automation? In this talk, well explore what may come next when nation states move into the turf once held by script kiddies, and build-a-bot gets leveled up in a very bad way."


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 13:30-13:50


Dragnet—Your Social Engineering Sidekick

Friday at 13:30 in Track 1
20 minutes | Demo, Tool

Truman Kain Security Associate, Tevora

First, Dragnet collects dozens of OSINT data points on past and present social engineering targets. Then, using conversion data from previous engagements, Dragnet provides recommendations for use on your current targets: phishing templates, vishing scripts and physical pretexts- all to increase conversions with minimal effort. Finally, features like landing page cloning and domain registration (alongside your standard infrastructure deployment, call scheduling and email delivery) make Dragnet one hell of a catch.

Truman Kain
Truman Kain has taken everything he has learned as a web designer, internet marketer and mobile developer, and applied these insights directly into the development and experience of Dragnet. Why shouldn't your go-to social-engineering tool be as smooth and intuitive as your favorite mobile app?


Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Saturday - 21:00-22:59


Title:
Drunk Hacker History

One night only at DEF CON 26, Drunk Hacker History is back by popular demand for a 4th historic year! The past three years proved to the entire galaxy that in the game of intoxicated nostalgic recall, there are no losers and those who won, lost. The DEF CON community has a history of sorts. It is a history is filled with mephitic adventures, quarter-truths, poor life choices, incontinence, and various forms of C2H6O. This year, we will connect our stacks to extract some of the most celebrated, exaggerated and entertaining moments in Hacker History through the interpretation of a group of well-trained participants. In the end, we will, again, crown the Drunkest Hacker in History and you, the audience, will rejoice! Hosted by c7five & jaku, if you like eating from an 80s candy cannon, Cats the musical, and feats of strength, you wont want to miss the return of Drunk Hacker History! Presented in DEF CON 4D and made possible by a grant from monkeyhelpers.org.

More Info: @DrunkHackerHist

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 10:00-10:30


Ducky-in-the-Middle: Injecting Keystrokes into Plaintext Protocols

Esteban Rodriguez, Security Consultant at Coalfire Labs

This talk will cover the basics of protocol analysis using Wireshark and lead into analyzing two custom application protocols used for extending the mouse and keyboard of a remote system. The two applications covered are HippoRemote, and iOS app to use a iPhone as a trackpad and keyboard, and Synergy, an application to allow for control of multiple operating systems with one mouse and keyboard. By performing a MITM attack, an attacker can abuse this protocols to send keystokes to a remote machine to gain remote code execution similar to a USB rubber ducky attack. The talk will also discuss mitigations and open source code will be provided for exploitation. The target audience should have a basic understanding of Wireshark, ARP spoofing, and reverse shells.

Esteban Rodriguez (Twitter: @n00py1) a Security Consultant at Coalfire Labs. He primarily perform network and web application penetration testing. Esteban worked previously at Apple Inc performing intrusion analysis and incident response. Outside of work, Esteban blog at n00py.io and perform independent security research. He have authored multiple penetration testing tools and have presented at BSides Puerto Rico covering penetration testing techniques.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


EAPHammer

Saturday 08/11/18 from 1400-1550 at Table One
Offensive security professionals, red teamers, penetration testers, researchers.

Gabriel Ryan

EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate how fast this tool is, here's an example of how to setup and execute a credential stealing evil twin attack against a WPA2-EAP network in just two commands:

# generate certificates
./eaphammer --cert-wizard

# launch attack
./eaphammer -i wlan0 --channel 4 --auth wpa --essid CorpWifi --creds

EAPHammer’s userbase has doubled since its debut in early 2017, and the project has matured substantially to meet this demand. It is now the first rogue AP attack tool to offer out-of-the-box support for attacks against 802.11n/ac. Most of the added complexity associated with these protocols is managed automatically by EAPHammer.

We’ve also added some cool feature like Hashcat support, Karma, and SSID cloaking, as well as an extended UI and config management system for advanced users who require granular control over their rogue access points.

To check out the codebase, head to https://github.com/s0lst1c3/eaphammer

Gabriel Ryan
Gabriel Ryan is a penetration tester and researcher with a passion for wireless and infrastructure testing. He currently serves a co-founder and managing security consultant for Digital Silence, a Denver-based consulting firm that specializes in impact driven testing and red team engagements. Prior to joining Digital Silence, Gabriel worked in penetration tester for security services firm Gotham Digital Science as well as OGSystems, a Virginia-based geospatial intelligence contractor. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys writing music and riding motorcycles.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 13:30-13:50


Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking

Sunday at 13:30 in Track 3
20 minutes | Demo

ldionmarcil Pentester at GoSecure

When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors introduced "Edge Side Includes" (ESI), a technology allowing malleability in caching systems. This legacy technology, still implemented in nearly all popular HTTP surrogates (caching/load balancing services), is dangerous by design and brings a yet unexplored vector for web-based attacks.

The ESI language consists of a small set of instructions represented by XML tags, served by the backend application server, which are processed on the Edge servers (load balancers, reverse proxies). Due to the upstream-trusting nature of Edge servers, ESI engines are not able to distinguish between ESI instructions legitimately provided by the application server and malicious instructions injected by a malicious party. We identified that ESI can be used to perform SSRF, bypass reflected XSS filters (Chrome), and perform Javascript-less cookie theft, including HTTPOnly cookies.

Identified affected vendors include Akamai, Varnish, Squid, Fastly, WebSphere, WebLogic, F5, and countless language-specific solutions (NodeJS, Ruby, etc.). This presentation will start by introducing ESI and visiting typical infrastructures leveraging it. We will then delve into identification, exploitation of popular ESI engines, and mitigation.

ldionmarcil
Louis is a Security Analyst working at GoSecure in Montreal where he specializes in offensive appsec and pentest on medium to large scale organizations. Seasoned CTF participant and sometimes finalist with the DCIETS team, he has also written challenges for various competitions. Having recently obtained his Software Engineering degree, he dabbles in various research engagements between pentests.

@ldionmarcil


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Roman Chillout - Saturday - 20:00-19:59


EFF Fireside Hax (AKA Ask the EFF)

Saturday at 20:00 in Roman Chillout
Fireside Hax | Audience Participation

Kurt Opsahl Deputy Executive Director & General Counsel, Electronic Frontier Foundation

Nate Cardozo EFF Senior Staff Attorney

Jamie Lee Williams EFF Staff Attorney

Andrés Arrieta Technology Products Manager

Katiza Rodriguez International Rights Director

Nathan 'nash' Sheard Grassroots Advocacy Organizer

Relax and enjoy a Fireside Hax chat while you get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for freedom and privacy in the computer age. This Fireside Hax discussion will include updates on current EFF issues such as the government's effort to undermine encryption (and add backdoors), the fight for network neutrality, discussion of our technology projects to spread encryption across the Web and emails, updates on cases and legislation affecting security research, and much more. Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law and technology issues that are important to you.

Kurt Opsahl
Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders' Rights Project. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation, and other online liability matters, including working on Kelly v. Arribasoft, MGM v. Grokster and CoStar v. LoopNet. For his work responding to government subpoenas, Opsahl is proud to have been called a "rabid dog" by the Department of Justice. Prior to Perkins, Opsahl was a research fellow to Professor Pamela Samuelson at the U.C. Berkeley School of Information Management & Systems. Opsahl received his law degree from Boalt Hall, and undergraduate degree from U.C. Santa Cruz. Opsahl co-authored "Electronic Media and Privacy Law Handbook." In 2007, Opsahl was named as one of the "Attorneys of the Year" by California Lawyer magazine for his work on the O'Grady v. Superior Court appeal. In 2014, Opsahl was elected to the USENIX Board of Directors.

@kurtopsahl

Nate Cardozo
Nate Cardozo is a Senior Staff Attorney on the Electronic Frontier Foundation's digital civil liberties team. In addition to his focus on free speech and privacy litigation, Nate works on EFF's Who Has Your Back? report and Coders' Rights Project. Nate has projects involving cryptography and the law, automotive privacy, government transparency, hardware hacking rights, anonymous speech, electronic privacy law reform, Freedom of Information Act litigation, and resisting the expansion of the surveillance state. A 2009-2010 EFF Open Government Legal Fellow, Nate spent two years in private practice before returning to his senses and to EFF in 2012. Nate has a B.A. in Anthropology and Politics from U.C. Santa Cruz and a J.D. from U.C. Hastings where he has taught first-year legal writing and moot court. He brews his own beer, has been to India four times, and watches too much Bollywood.

Jamie Lee Williams
Jamie Williams is a staff attorney at the Electronic Frontier Foundation, where she is part of EFF's civil liberties team. Jamie focuses on the First and Fourth Amendment implications of new technologies, and is part of EFF's Coder's Rights Project, which protects programmers and developers engaged in cutting-edge exploration of technology. Jamie joined EFF in 2014. Prior to joining EFF, Jamie clerked for Judge Saundra Brown Armstrong in the Northern District of California, and practiced at Paul Hastings LLP, as an associate in the firms' litigation department. Jamie was also a law clerk at the Alameda County Public Defender. Jamie has a J.D. from the University of California, Berkeley School of Law (Boalt Hall) and a B.A. in journalism from the University of Wisconsin, Madison.

Andrés Arrieta
Andrés Arrieta is the Technology Projects Manager for the Electronic Frontier Foundation. A Telecom and Electronics Engineer, he previously worked for Mobile Operators managing and developing projects from the Radio and Core networks to IT systems like Spotify Premium for Movistar. Seeing the state of privacy in the digital world from previous experiences, he joins the EFF to help develop tools that address these issues.

Katiza Rodriguez
Katitza Rodriguez is EFF's international rights director. She concentrates on comparative policy of international privacy issues, with special emphasis on law enforcement, government surveillance, and cross border data flows. Her work in EFF's International Program also focuses on cybersecurity at the intersection of human rights. Katitza also manages EFF's growing Latin American programs. She was an advisor to the UN Internet Governance Forum (2009-2010). Before joining EFF, Katitza was director of the international privacy program at the Electronic Privacy Information Center in Washington D.C., where amongst other things, she worked on The Privacy and Human Rights Report,an international survey of privacy law and developments. Katitza is well known to many in global civil society and in international policy venues for her work at the U.N. Internet Governance Forum and her pivotal role in the creation and ongoing success of the Civil Society Information Society Advisory Council at the Organisation for Economic Co-operation and Development, for which she served as the civil society liaison while at EPIC from 2008 to March 2010. Katitza holds a Bachelor of Law degree from the University of Lima, Peru. Katitza's twitter handle is @txitua.

Nathan 'nash' Sheard
Nathan 'nash' Sheard is EFF's Grassroots Advocacy Organizer. nash works directly with community members and organizations to take advantage of the full range of tools provided by access to tech, while engaging in empowering action toward the maintenance of digital privacy and information security.


Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Friday - 16:00-17:59


Title:
EFF Tech Trivia

EFF's team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Cup and EFF swag pack. The second and third place teams will also win great EFF gear.
Judged by Jack Adniel, Alex Stamos, Noise, and Gritty Grease

More Info: @EFF   https://eff.org/

Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 11:50-12:10


Effective Log & Events Management

Friday at 11:50-12:10
20 minutes

Russell Mosley@sm0kem

Logs, right? Do you run an expensive SIEM? If not, this talk is for you. An effective process for managing logs and security events with built-in and open-source tools will be detailed. I'll share reports and tickets from our organization and describe how we analyze them to improve IT operations, situational awareness, security posture, and pass audits.

Russell Mosley
Russell is an IT Infrastructure & Security Director for a DC-area software services company and an organizer with BSides Charm. Russell has seventeen years' experience in IT operations and Enterprise Defense and is responsible for the organization's compliance with SOC and FISMA requirements. He holds degrees from UMBC, UMUC, and Towson University as well as CISSP and several vendor certifications.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 12:55-13:35


Emergent Recon - fresh methodology and tools for hackers in 2018 - Jason Haddix

Recon is an art AND an science. The landscape for methods of finding hosts to attack is constantly changing. Whether you call it “Asset Discovery” or something else, it remains a core part of bounty hunter and red teaming life. Join Jason as he expands on his ever changing recon methodology.

This talk will focus on what tools to incorporate (and which tools not to). It will outline new methods coined in 2018, plus frameworks to automate and document your workflow. Topics include: brand/TLD discovery, host enumeration, application threat modeling, and more!


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 16:00-16:59


Title: Ethical Disclosure and the Reduction of Harm

Speakers: Speaker TBA

Description:

How does a researcher become empowered to influence business and marketing leaders to balance coordinated disclosure, opsec protection, and tradecraft protection, with corporate interests? This talk examines use cases gone wrong, and opportunities for all groups to work together to make it right.




Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 13:00-13:59


Title: Ethics for Security Practitioners

Speakers: Speaker TBA

Description:

While at the first glance infosec might seem to be a mainly technical domain you might encounter ethical dilemmas very soon once you start working in the field (namely when you do offensive stuff). In this talk I'll provide an introduction how to tackle such situations in a structured way and on the basis of common approaches and values.




Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 11:00-11:59


Title: Ethics of Technology in Humanitarian and Disaster Response

Speakers: Speaker TBA

Description:

How do we combat the moral dilemmas technology brings to humanitarian and disaster response? Ethically based decision making can improve the influence of technology during a crisis.




Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 12:30-13:20


Evolving security operations to the year 2020

Friday at 12:30-13:20
50 minutes

@IrishMASMS

The security operations aspect of your Information Security risk management program is where the “rubber meets the road” — the tools and people you have to implement the process and procedures you put together to find the badness and put out the fires. How has the concept of security operations evolved, and where are we headed? There is plenty of buzzword bingo: UBA, UEBA, machine learning and artificial intelligence, network abnormality detection, the marketing conversations of evolving to that SOC of 2020 — what do all these really mean to you and your operations and which can be useful in your efforts to find the badness?

@IrishMASMS
IrishMASMS is an old school hacker, fighting the good fight in Computer Network Defense (CND)/blue team efforts for more than 18 years. He has been lurking about since DEFCON 10, a panel member at HOPE 5, a presenter at a couple of Notacons, and a few other conferences where it may be hard to remember what really occurred. Having progressed through the ranks from a Security Operations Center (SOC) analyst to manager and director of Information Security risk management programs, he has experienced the wide opportunities for pain in our industry — and desires to help improve rather than perpetuate, nurture rather than exclude.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 14:00-14:30


Title: Examining Monero's Ring Signatures

Speakers: Justin Ehrenhofer

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 12:00-13:50


Expl-iot—IoT Security Testing and Exploitation framework

Sunday 08/12/18 from 1200-1350 at Table Two
IoT Testers- Pentesters- IoT developers- Offense- Hardware

Aseem Jakhar

Expl-iot is an open source flexible and extendable framework for IoT Security Testing and exploitation. It will provide the building block for writing exploits and other IoT security assessment test cases with ease. Expliot will support most IoT communication protocols, firmware analysis, hardware interfacing functionality and test cases that can be used from within the framework to quickly map and exploit an IoT product or IoT Infrastructure.It will help the security community in writing quick IoT test cases and exploits. The objectives of the framework are: 1. Easy of use 2. Extendable 3. Support for hardware, radio and IoT protocol analysisWe released Expl-iot ruby version in 2017. Once we started implementing hardware and radio functionality, we realized that ruby does not have much support for hardware and radio analysis which led us to deprecate it and re-write it in python to support more functionality. We are currently working on the python3 version and will release it in a month. The new beta release is envisioned to have support for UART(serial), ZigBee, BLE, MQTT, CoAP (next version will have support for JTAG, I2C and SPI) and few miscellaneous test cases.

https://bitbucket.org/aseemjakhar/expliot_framework

Aseem Jakhar
Aseem Jakhar is the Director, research at Payatu Software Labs http://payatu.com a boutique security testing company specializing in IoT, Embedded, cloud, mobile security testing. He is the founder of null-The open security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon security conference http://nullcon.net and hardwear.io security conference. He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, bayesian engine to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon, Hack.lu, Hack in Paris, Hack In The Box, PHDays and many more. He has authored various open source security software including


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 11:00-11:45


Exploiting Active Directory Administrator Insecurities

Saturday at 11:00 in Track 1
45 minutes | Demo

Sean Metcalf CTO, Trimarc

Defenders have been slowly adapting to the new reality: Any organization is a target. They bought boxes that blink and software that floods the SOC with alerts. None of this matters as much as how administration is performed: Pop an admin, own the system. Admins are being dragged into a new paradigm where they have to more securely administer the environment. What does this mean for the pentester or Red Teamer?

Admins are gradually using better methods like two-factor and more secure administrative channels. Security is improving at many organizations, often quite rapidly. If we can quickly identify the way that administration is being performed, we can better highlight the flaws in the admin process.

This talk explores some common methods Active Directory administrators (and others) use to protect their admin credentials and the flaws with these approaches. New recon methods will be provided on how to identify if the org uses an AD Red Forest (aka Admin Forest) and what that means for one hired to test the organization's defenses, as well as how to successfully avoid the Red Forest and still be successful on an engagement.

Some of the areas explored in this talk:

If you are wondering how to pentest/red team against organizations that are improving their defenses, this talk is for you. If you are a blue team looking for inspiration on effective defenses, this talk is also for you to gain better insight into how you can be attacked.

Sean Metcalf
Sean Metcalf is founder and principal consultant at Trimarc (www.TrimarcSecurity.com) a consulting company which focuses on improving enterprise Active Directory security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a former Microsoft MVP, and has presented on Active Directory attack and defense at Black Hat, BSides, DEF CON, DerbyCon, BlueHat, & Shakacon security conferences. He currently provides security consulting services to customers and regularly posts interesting Active Directory security information on his blog, ADSecurity.org.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Sunday - 10:15-10:59


Title: Exploiting immune defences - can malware learn from biological viruses?

Speaker: Guy Propper
Abstract:
Biological viruses have existed and evolved for millions of years, maliciously exploiting host cells for survival. How have they done this, and what can we learn from it?
Extremely advanced mechanisms for privilege escalation, persistence, and defence evasion have been used by biological viruses long before malware was first written.
This talk will provide an understanding of what mechanisms are used by biological viruses to exploit immune defences, persist, and survive in the arms race with the immune system.
Surprising differences between malware and virus actions will be shown, and some mechanisms which are used by viruses, but have not been adopted, or even attempted by malware, will be revealed.
No biological background is needed, only an open mind.

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 13:00-13:59


Title:
Exploiting IoT Communications - A Cover within a Cover

Mike Raggo & Chet Hosmer
@MikeRaggo & @ChetHosmer

Exploiting IoT Communications - A Cover within a Cover

As IoT continues to introduce new operating systems, protocols, and frequencies the attack surface available for hidden communications increases substantially. In this presentation we explore the fundamental flaws in many of these IoT designs to identify methods of exploiting these communications by hiding data and riding these channels to deliver data and messages between devices and networks. Well cover M2M carrier packets, IoT Hub out-of-band communications, and IoT dead-drops in the cloud. Then with proof of concept code well demonstrate these exploits for the audience, and provide the basis for enhancing ones forensic strategy by looking deeper into these mysterious IoT communications.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 13:15-13:59



Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 17:30-17:55


Faz

Bio

Edward Farrell (AKA Faz) runs his own cybersecurity practice in Sydney (Australia) & lectures at UNSW Canberra in wireless security.

Exploring the 802.15.4 attack surface

Abstract

Whilst 802.15.4 technologies such as Zigbee have been around for some time, our understanding of threats and risks associated with it have been lacking. As new use cases evolve, so have the opportunities for attack and exploitation. The purpose of this talk is to provide a real world exploration of where I've been finding zigbee devices with a purpose built war driving kit, some of the live collection I've done as well as an exploration of risks and what can be done. By the end of this talk, audience members will have an appreciation for cool technologies floating around their environments, an appreciation the issues associated with the 802.15.4 protocol, and how to plan and prepare from a security standpoint.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Sunday - 10:00-10:59


Title:
Facial Recognition - Let me let you in on a secret

Stumbles The Drunk

@stumblesthedrunk

Facial Recognition - Let me let you in on a secret

Facial Recognition is being inserted in to the authentication and verification process of our Driver Licences, Passports, and other unimportant government documents. Let's talk about how it short falls and how to #$@! with it.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 13:30-13:50


Fasten your seatbelts: We are escaping iOS 11 sandbox!

Friday at 13:30 in Track 3
20 minutes | Demo, Exploit

Min (Spark) Zheng Security Expert, Alibaba Inc.

Xiaolong Bai Security Engineer, Alibaba Inc.

Apple's sandbox was introduced as "SeatBelt" in macOS 10.5 which provided the first full-fledged implementation of the MACF policy. After a successful trial on macOS, Apple applied sandbox mechanism to iOS 6. In its implementation, the policy hooked dozens of operations. The number of hooks has been growing steadily when new system calls or newly discovered threats appeared. In the beginning, Apple's sandbox used a black list approach which means Apple originally concentrated on the known dangerous APIs and blocked them, allowing all others by default. However, with the evolution of Apple's sandbox, it applies a white list approach that denies all APIs and only allows secure ones that Apple trusts.

In this talk, we will first introduce Apple's sandbox mechanism and profiles in the latest iOS. Then, we discuss iOS IPC mechanism and review several old classic sandbox escape bugs. Most importantly, we show two new zero-day sandbox escape vulnerabilities we recently discovered in the latest iOS 11.4. Besides, we share our experience of exploiting vulnerabilities in system services through OOL msg heap spray and ROP (Return-oriented programming). In addition, we discuss a task port exploit technique which can be used to control the whole remote process through Mach messages. By using these techniques, security researchers could find and exploit sandbox escape bugs to control iOS user mode system services and further attack the kernel.

Min (Spark) Zheng
Min (Spark) Zheng (twitter@SparkZheng, github@zhengmin1989) is a security expert in Alibaba Orion Security Lab. He received his Ph.D. degree in the CSE department of the CUHK. His research focuses on malware analysis, smartphone (Android & iOS) security, system design and implementation. Before receiving Alibaba A-Star offer award in 2015, he worked in FireEye, Baidu and Tencent. He was the champion of GeekPwn 2014 and AliCTF 2015. He won the"best security researcher" award in FIT 2016 for detecting the iOS/macOS vulnerabilities, XcodeGhost virus and WormHole RCE vulnerability. He is a member of the OverSky team for private jailbreaking development. He presented his research in DEF CON, HITB, BlackHat, RUXCON, etc.

@SparkZheng

Xiaolong Bai
Xiaolong Bai (twitter@bxl1989, github@bxl1989) is a security engineer in Alibaba Orion Security Lab. Before joining Alibaba, he received his Ph.D. degree in Tsinghua University. He has published several research papers on top conferences including IEEE S&P, Usenix Security, CCS, NDSS, and presented his research in Black Hat USA and Hack In The Box. He has been acknowledged by famous vendors, including Apple, Google, Facebook, Evernote, and Tencent for his contribution in discovering the vulnerabilities in their systems and improving the security of their products. He is a member of the OverSky team for private jailbreaking development.

@bxl1989


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Friday - 15:30-16:59


Finding and Attacking Undocumented APIs with Python

Write Python web bots using Selenium and BrowserMob Proxy to crawl the Internet looking for non-public APIs. We will look at several ways to identify vulnerabilities in discovered APIs as a means for penetration testing and large scale data gathering. Participants should have some Python experience, as well as a familiarity with HTTP requests.

Ryan Mitchell is a senior software engineer at HedgeServ in Boston, where she develops APIs and data analytics tools for hedge fund managers. She is a graduate of Olin College of Engineering and Harvard University Extension School with a master's in software engineering and certificate in data science. Since 2012 she has regularly consulted, lectured, and run workshops around the country on the topics of web scraping, Python automation tools, and data science.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Thursday - 10:00-13:59


Finding Needles in Haystacks

Thursday, 1000-1400 in Icon D

Louis Nyffenegger Security Engineer, Pentester Lab

Luke Jahnke Security Researcher, Elttam

With more and more teams moving to Agile, security engineers need to be ready to find bugs by just looking at a diff in Stash or Github. This workshop will give you the basics to get started and know what to look for. Based on 3 exercises in 3 different languages (PHP, Golang and Ruby), we will cover simple to more advanced issues and show you where to look and what you can find. After this workshop, you will be ready to start doing code review for fun or as a way to get further as part of a post-exploitation.

Prerequisites: The students should be able to use a text editor and navigate source code. Basic knowledge of Git, PHP, Ruby and Go will definitely help but is not mandatory.

Materials: A laptop with 4Gb of RAM. Internet access during the class.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/finding-needles-in-haystacks-icon-d-tickets-47086263281
(Opens July 8, 2018 at 15:00 PDT)

Louis Nyffenegger
Louis Nyffenegger is a security engineer and entrepreneur based in Melbourne, Australia. He performs pentest, architecture and code review on a daily basis. Louis is the founder of PentesterLab, a learning platform for web penetration testing.

Luke Jahnke
Luke Jahnke is a Security Researcher at Elttam. He has extensive experience performing security assessments and running training. He enjoys working on interest vulnerabilities and runs the biennial BitcoinCTF competition.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 13:00-13:30


Finding Xori: Malware Analysis Triage with Automated Disassembly

Friday at 13:00 in Track 2
20 minutes | Demo, Tool

Amanda Rousseau Senior Malware Researcher at Endgame Inc.

Rich Seymour Senior Data Scientist at Endgame Inc

In a world of high volume malware and limited researchers we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the corporate sponsored research community is dominated by solutions aimed at profit as opposed to augmenting capabilities available to the broader community. With that in mind, we are introducing our library for malware disassembly called Xori as an open source project. Xori is focused on helping reverse engineers analyze binaries, optimizing for time and effort spent per sample.

Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. This Rust library emulates the stack, register states, and reference tables to identify suspicious functionality for manual analysis. Xori extracts structured data from binaries to use in machine learning and data science pipelines.

We will go over the pain-points of conventional open source disassemblers that Xori solves, examples of identifying suspicious functionality, and some of the interesting things we've done with the library. We invite everyone in the community to use it, help contribute and make it an increasingly valuable tool for researchers alike.

Amanda Rousseau
Amanda Rousseau absolutely loves malware. She works as a Senior Malware Researcher at Endgame who focuses on dynamic behavior detection both on Windows and OSX platforms. She worked as a malware researcher at FireEye before joining Endgame. She previously worked a reverse engineer and computer forensic examiner working for DoD forensic investigations and commercial incident response engagements. She received her MS in Information Systems Engineering from Johns Hopkins University. Research interests include malware evasion techniques, dynamic behavior classification, and developing runtime detections.

@malwareunicorn

Rich Seymour
Rich Seymour is a senior data scientist at Endgame, where he works on integrating R&D successes into the company's platform and experimenting with new techniques to make security sensible. He's currently working on improving natural language understanding in the Artemis chatbot in the Endgame platform and understanding how to catch adversary tradecraft. He holds a PhD in materials science and an MS in computer science, both from the University of Southern California, where he worked on high-performance computing simulations of nanoscale materials under stress. He has spoken at USENIX SOUPS, Shmoocon and O'Reilly Security.

@rseymour


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 14:30-14:50


Fire & Ice: Making and Breaking macOS Firewalls

Saturday at 14:30 in Track 3
20 minutes | Demo, Tool, Exploit

Patrick Wardle Chief Research Officer, Digita Security

In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential role. Many a malware has been generically thwarted thanks to the watchful eye of these products.

However on macOS, firewalls are rather poorly understood. Apple's documentation surrounding it's network filter interfaces is rather lacking and all commercial macOS firewalls are closed source.

This talk aims to take a peek behind the proverbial curtain revealing how to both create and 'destroy' macOS firewalls.

In this talk, we'll first dive into what it takes to create an effective firewall for macOS. Yes we'll discuss core concepts such as kernel-level socket filtering—but also how to communicate with user-mode components, install privileged code in a secure manner, and simple ways to implement self-defense mechanisms (including protecting the UI from synthetic events).

Of course any security tool, including firewalls, can be broken. After looking at various macOS malware specimens that proactively attempt to detect such firewalls, we'll don our 'gray' (black?) hats to discuss various attacks against these products. And while some attacks are well known, others are currently undisclosed and can generically bypass even today's most vigilant Mac firewalls.

But all is not lost. By proactively discussing such attacks, combined with our newly-found understandings of firewall internals, we can improve the existing status quo, advancing firewall development. With a little luck, such advancements may foil, or at least complicate the lives of tomorrow's sophisticated Mac malware!

Patrick Wardle
Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

@patrickwardle


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


firstorder

Saturday 08/11/18 from 1000-1150 at Table Three
Offense

Utku Sen

Gozde Sinturk

Perimeter defenses are holding an important role in computer security. However, when we check the method of APT groups, a single spear-phishing usually enough to gain a foothold on the network. Therefore, red teams are mostly focused on "assume breach" type of scenarios. In these scenarios, testers need to use a post-exploitation framework. Besides that, testers also need to hide the server-agent communication from NIDS (Network Intrusion Detection Systems). firstorder is designed to evade Empire's C2-Agent communication from anomaly-based intrusion detection systems. It takes a traffic capture file (pcap) of the network and tries to identify normal traffic profile. According to results, it creates an Empire HTTP listener with appropriate options.

Utku Sen
Utku Sen is a security researcher who is mostly focused on following areas: application security, network security, tool development. He presented his tool, Leviathan Framework in Black Hat USA Arsenal and DEF CON Demo Labs in 2017. He also nominated for Pwnie Awards on "Best Backdoor" category in 2016.". He currently works in Tear Security.

Gozde Sinturk
Gozde Sinturk is Security Researcher and Python Developer who involved in projects related to machine learning, natural language processing, and big data. She is developing security tools in her current position. She currently works in Tear Security.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Sunday - 12:00-12:59


Fishing for Phishers. The Enterprise Strikes Back!

Joseph Muniz, Cisco
Aamir Lakhani, Fortinet

Phishing and social engineering has been around since Han Solo has flown the Millennium Flacon. The typically response is deleting the messages and giving the middle finger however, what more could be done to strike back? This talk will cover how to build an artificial environment and develop anti phishing tools used to respond to phishing attempts. Results could include owning the attacker's box "hypothetically" since some legal boundaries could be crossed.

Joseph Muniz is an architect at Cisco Systems. Aamir Lakhani (Twitter: @SecureBlogger) is a lead researcher at Fortinet. Together, they have spoken at various conferences including the infamous Social Media Deception RSA talk quoted by many sources found by searching "Emily Williams Social Engineering." They are also making their fourth appearance for the DEF CON Wall of Sheep. Both speakers have written books together including a recent title Digital Forensics for Network Engineers released on Cisco Press late February 2018. They have been friends for years and continue to collaborate on research and other projects.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 10:00-10:45


For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems

Sunday at 10:00 in Track 3
45 minutes | Demo, Tool

Leigh-Anne Galloway Cyber Security Resilience Lead, Positive Technologies

Tim Yunusov Hacker

These days it's hard to find a business that doesn't accept faster payments. Mobile Point of Sales (mPOS) terminals have propelled this growth lowering the barriers for small and micro-sized businesses to accept non-cash payments. Older payment technologies like mag-stripe still account for the largest majority of all in-person transactions. This is complicated further by the introduction of new payment standards such as NFC. As with each new iteration in payment technology, inevitably weaknesses are introduced into this increasingly complex payment eco-system.

In this talk, we ask, what are the security and fraud implications of removing the economic barriers to accepting card payments; and what are the risks associated with continued reliance on old card standards like mag-stripe? In the past, testing for payment attack vectors has been limited to the scope of individual projects and to those that have permanent access to POS and payment infrastructure. Not anymore!

In what we believe to be the most comprehensive research conducted in this area, we consider four of the major mPOS providers spread across the US and Europe; Square, SumUp, iZettle and Paypal. We provide live demonstrations of new vulnerabilities that allow you to MitM transactions, send arbitrary code via Bluetooth and mobile application, modify payment values for mag-stripe transactions, and a vulnerability in firmware; DoS to RCE. Using this sampled geographic approach, we are able to show the current attack surface of mPOS and, to predict how this will evolve over the coming years.

For audience members that are interested in integrating testing practices into their organization or research practices, we will show you how to use mPOS to identify weaknesses in payment technologies, and how to remain undetected in spite of anti-fraud and security mechanisms.

Leigh-Anne Galloway
Leigh-Anne Galloway is a Security Researcher who specializes in the areas of application and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. This is where she discovered her passion for security advisory and payment technologies. She has presented and authored research on ATM security, application security and payment technology vulnerabilities, and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, and Troopers.

@L_AGalloway

Tim Yunusov
Tim Yunusov is a Senior Expert in the area of banking security and application security. He has authored multiple research in these areas including "Apple Pay replay attacks" (Black Hat USA 2017), "7 sins of ATM protection against logical attacks" (PacSec, POC), "Bruteforce of PHPSESSID", "XML Out-Of-Band" (Black Hat EU), and is rated in the Top Ten Web Hacking Techniques by WhiteHat Security. He regularly speaks at conferences and has previously spoken at CanSecWest, Black Hat USA, Black Hat EU, HackInTheBox, Nullcon, NoSuchCon, Hack In Paris, ZeroNights and Positive Hack Days.

@a66at


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Thursday - 14:30-18:30


Forensic Investigation for the Non-Forensic Investigator

Thursday, 1430-1830 in Icon A

Gary Bates Technology Director

This workshop will provide a foundation to attendees on the basics of performing a forensic investigation on a corporate or SOHO network. The course will primarily discuss forensics on a Windows system and network, but, Linux and Mac systems will be briefly discusses during the workshop where applicable. Attendees will learn techniques on how to properly collect possible evidentiary data, how to store the collected data, how to analyze the information and evaluate the data. Topics that will be covered include: - Pre-incident.. Setting up your forensic analysis toolkit. - First contact with an incident. What should you do and not do. - Collecting volatile data. Tools and techniques - Collecting and storing non-volatile data. - Utilizing open source software to analyze the data - Making a determination and writing the report based on the analyzed data. - What to do with the collected and analyzed information. This workshop is intended to provide a basic overview of how to properly collect and handle data in a corporate or enterprise network. The course will cover several tools and provide labs for the students to complete to familiarize themselves with how the tools work and the proper procedures to use. However, this class will not make a deep dive into any of the tools. Nor is this class intended for the professional forensic investigator.

Prerequisites: Students need to have a knowledgeable background in IT Administration, basic knowledge of file structures and how the Windows OS works. Students should be knowledgeable in utilizing VirtualBox and how to setup VMs and attach virtual hard drives.

Materials: Students will need to bring a laptop capable of running no more than 3 VMs. The latest version of VirtualBox should be installed.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/forensic-investigation-for-the-non-forensic-investigator-icon-a-tickets-47086683538
(Opens July 8, 2018 at 15:00 PDT)

Gary Bates
Gary works as the Technology Director for a medium size city in Texas. This job requires him to wear many hats to include performing forensic analysis on enterprise systems. In addition, he has helped the City's police department with several criminal cases that involved the collection of network and stored data from systems under investigation. Additionally, he teaches information security classes at the local junior college to include a forensic investigation course for IT security students. Besides 15 years of experience in the IT field, he has a BS in Network Administration and a Masters in Information Security Assurance. He, also, holds several industry certifications to include a Certified Ethical Forensic Investigator Certification. Since he is easily distracted and always curious, he has a wide-range of interest and off-hour projects that run the gambit from in-depth study about cyber security to data analysis programming to electronic projects that use the Raspberry Pi and Arduino chips.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 10:15-10:59



Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 15:00-15:59


Freedom of Information - Hacking the Human Black Box

Elliott Brink, Senior Penetration Tester at RSM US LLP

FOIA (otherwise known as the Freedom of Information Act or FOI/Freedom of Information in Australia) are government-based initiatives to permit the public to request information on various government records. In practice, these acts enable transparency of the operations of government to the masses with relative ease. In reality, submitting FOI requests can be a cumbersome and frustrating process for citizens.

For two years now I have been hacking this human black box - finding out what you can/cannot ask for and more importantly how to ask for information and get it! Have you ever asked the government for a log file, Cisco IOS running config or Active Directory group policies? Do you ever wonder if a government employee would provide you with such information if you asked really really nicely? Let's find out together! For the past couple of years I have been performing various technology-focused FOI requests in an attempt to answer one simple argument: Can you utilize freedom of information to enumerate technical information from government agencies? I present my research, findings and results of multiple years of submitting FOIA requests to various USA and Australian government institutions including multiple intelligence agencies. We will discover the fun times and challenges when performing such requests.

Attendees will gain practical knowledge about: what FOIA is, the caveats of FOIA, how you can utilize FOIA on red team engagements and other open source intelligence gathering activities and finally the results of my research in multiple requests to intelligence agencies.

Elliott Brink (Twitter: @ebrinkster) is an information security consultant based out of NYC. He specializes in internal/external pentesting, security architecture and social engineering. He loves computer history, tracking bad guys, honeypots, an expertly crafted bloody mary, and traveling the globe.


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Thursday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Thursday - 17:00-17:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friday - 17:00-17:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Saturday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Saturday - 17:00-17:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Sunday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 16:00-16:50


Friday August 10 1600 50 Mins

From Introvert to SE: The Journey

In 20 years I learned how to step outside my introverted personality to explore the world in a more successful way, but not without bumps and bruises which taught me valuable lessons.

This is my story of that journey which I hope to convey to those listening that being a deep introvert should not prevent them from trying and achieving goals in life up to and including being a professional social engineer and beyond. I wrap up with the specific lessons I learned over the course of that time, so others can reap the benefits of those lessons in a much shorter time frame.

Ryan MacDougall: @joemontmania

Ryan MacDougall is a Senior Social Engineer Pentester for Social-Engineer LLC, who has over 20 years’ experience in the information technology world and 5 years in the security space specifically. Naturally a deep introvert, he has achieved goals and experienced life that early on did not seem possible or even imaginable. With the help of professionals and experts in the field of psychology, he amassed techniques to navigate the social world to achieve goals he wanted and some he never knew he wanted.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 14:00-14:59


Title:
From MormonLeaks to FaithLeaks

Ethan Gregory Dodge
@Mormon_Leaks @FaithLeaks @egd_io
From MormonLeaks to FaithLeaks

Last year Ethan spoke as Privacy P. Pratt, the anonymous technical mind behind the whistle-blowing organization MormonLeaks and chronicled its history and impact up to that point. Since then, he has abandoned the pseudonym, FaithLeaks has been born, and MormonLeaks has uncovered a great deal more. Join Ethan in this sequel to last year and hear about Skytalks-2017-inspired FaithLeaks, exposed sexual and ecclesiastical abuse, financial information the Mormon Church went through great lengths to hide, mistakes made along the way, and how this model is promoting increased transparency in a part of society that desperately needs it.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Thursday - 14:30-18:30


Fuzzing FTW

Thursday, 1430-1830 in Icon D

Bryce Kunz President, Stage 2 Security

Kevin Lustic Information Security Researcher

Join us in this hands-on introduction to fuzzing workshop, where we will explore how common fuzzing tools (e.g. AFL, libFuzzer, BooFuzz, etc..) are used to discover previously unknown bugs within applications.

We will first cover a general process to follow when fuzzing a targeted application and then provide hands-on labs where students will be able to apply this fuzzing process to quickly discover bugs within applications.

Several different fuzzing techniques will be covered including fuzzing file inputs via blind mutations (e.g. radamsa), fuzzing specific functions within an application via in-process evolutionary fuzzing (e.g. libFuzzer), compile-time instrumentation based fuzzing (e.g. AFL), and fuzzing of network services via generation based fuzzing (e.g. BooFuzz aka Sulley).

Prerequisites: Students need to be comfortable in Kali Linux which includes navigating the OS via the terminal. An understanding of basic networking concepts (i.e TCP/IP) and the HTTP protocol is highly recommended. Some knowledge of the Python scripting language is highly recommended.R26

Materials:

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/fuzzing-ftw-icon-d-tickets-47086572205
(Opens July 8, 2018 at 15:00 PDT)

Bryce Kunz
Bryce Kunz (@TweekFawkes) craves righteous red team hacks. Currently, the President of Stage 2 Security. Previously he supported the NSA (network exploitation & vulnerability research), Adobe (built red teaming program for cloud services), and DHS (incident response). Bryce holds numerous certifications (e.g. OSCP, etc...), and has spoken at various security conferences (i.e. BlackHat, DerbyCon, etc...).

Kevin Lustic
Kevin Lustic is an InfoSec researcher located just outside Salt Lake City, Utah. He is currently a red-teamer for Adobe in Lehi, performing offensive security testing against the various Adobe Digital Experience solutions. Prior to joining Adobe, Kevin spent five years in the Intelligence Community as a global network vulnerability analyst, cryptanalyst, and developer in various positions. He earned his Bachelor's degree in Mathematics from Ohio University, then his Master's degree in Cyberspace Operations from the Air Force Institute of Technology under a full NSF-funded CyberCorps scholarship.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 15:00-15:45


Fuzzing Malware For Fun & Profit. Applying Coverage-guided Fuzzing to Find and Exploit Bugs in Modern Malware

Sunday at 15:00 in Track 3
45 minutes | Demo, Tool, Exploit

Maksim Shudrak Senior Offensive Security Researcher, Salesforce

Practice shows that even the most secure software written by the best engineers contain bugs. Malware is not an exception. In most cases their authors do not follow the best secure software development practices thereby introducing an interesting attack scenario which can be used to stop or slow-down malware spreading, defend against DDoS attacks and take control over C&Cs and botnets. Several previous researches have demonstrated that such bugs exist and can be exploited. To find those bugs it would be reasonable to use coverage-guided fuzzing.

This talk aims to answer the following two questions: ___ we defend against malware by exploiting bugs in them ? How can we use fuzzing to find those bugs automatically ?

The author will show how we can apply coverage-guided fuzzing to automatically find bugs in sophisticated malicious samples such as botnet Mirai which was used to conduct one of the most destructive DDoS in history and various banking trojans. A new cross-platform tool implemented on top of WinAFL will be released and a set of 0day vulnerabilities will be presented.

Do you want to see how a small addition to HTTP-response can stop a large-scale DDoS attack or how a smart bitflipping can cause RCE in a sophisticated banking trojan? If the answer is yes, this is definitely your talk.

Maksim Shudrak
Maksim is a security researcher, hacker who loves vulnerabilities hunting, fuzzing acrobatics and complex malicious samples reversing. Maksim had a change to work on binary instrumentation, Windows operating system emulators and malware analysis at large cyber security companies around the world.

https://github.com/mxmssh, https://www.linkedin.com/in/mshudrak


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Saturday - 10:00-13:59


Fuzzing with AFL (American Fuzzy Lop)

Saturday, 1000-1400 in Icon B

Jakub Botwicz Primary Security Engineer, Samsun Poland R&D Center

Wojciech Rauner Security Engineer, Samsung Research

This workshop will give participants information how to use afl (American fuzzy lop) to identify vulnerabilities in different applications and modules. afl is a security-oriented fuzzer, that allows to efficiently and automatically test software components allowing to find interesting security issues. It is one of leading tools and essential component in the toolbox of security researcher and hacker (penetration tester). List of afl trophies (issues found using afl) can be read at: http://lcamtuf.coredump.cx/afl/ Participants will have possibility to learn how afl works and how to use it successfully based on real life cases - vulnerabilities found by trainers in different open source components. During the training multiple cases and tips will be presented (see detailed outline for more complete list).

Prerequisites: None

Materials: To participate in the hands-on sections, attendees need to bring a laptop with minimum 2 GB RAM which can run a virtual machine or a Docker container. Virtual machine and Docker container with all necessary tools will be provided before the workshop.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/fuzzing-with-afl-american-fuzzy-lop-icon-b-tickets-47194653479
(Opens July 8, 2018 at 15:00 PDT)

Jakub Botwicz
Jakub works as Primary Security Engineer in Samsung Poland R&D Center leading a team of security researchers. He has more than 15 years of experience in information security and previously worked e.g. in: one of world leading payment card service providers, Big4 consulting company and vendor of network encryption devices. Jakub holds PhD degree of Warsaw University of Technology and security community certificates including: GWAPT, CISSP, ECSA. Currently he works providing security assessments (static and dynamic analysis) of different mobile and IoT components. afl helped him find numerous vulnerabilities, also in open source components.

Wojciech Rauner
Wojciech has background as a full-stack developer, currently works as a Security Engineer for Samsung Research Poland. His current area of research is IoT and mobile devices. Likes to talk about cryptography and higher level languages. Loves to take things apart, build new things (because old ones got irreversibly broken in the process) and make stuff work (again). Plays in CTF Samsung R&D PL team (crypto/net/programming).


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Sunday - 13:00-13:59


Title:
Game Runner 2049: The Battles Fought by the King of the Replicants

Nick Cano
@nickcano93

Game Runner 2049: The Battles Fought by the King of the Replicants

"XenoBot is an engineered player, provided to cheaters for use in-game. It's enhanced reaction speed and inability to tire made it ideal for power leveling.

After a series of technological breakthroughs, it's use became ubiquitous and Tibia became a botter haven.

The collapse of fair play in the early 2000's led to the rise of DarkstaR, as his bot masked it's synthetic properties and averted detection.

Through XenoBot, DarkstaR acquired the keys to a line of botted characters that would silently obey and benefit him.

Many usurpers in-game guilds, software crackers, and DDoSers came forth. They hunted him to prove themselves.

Those he defeated still know him by the name... Game Runner

This is a talk for gamers and hackers about the battles I fought during a decade selling an MMORPG bot. I'll talk about what it was like to wield a surveillance system comprised of thousands of botted characters providing me with military-grade in-game intelligence. I'll outline the lessons I learned fighting off massive DDoS attacks on my own, including how I turned the laser on a mirror. I'll share a funny story about how serendipity convinced a forum that I had hacked them, as well as the the time I actually mass-hacked hundreds of users on a forum where child-porn was talked about with normalcy. I'll go into how CloudFlare doxxed me to that forum and how I hacked my way to the top of the situation without anyone being the wiser. After these and other tales, I hope you'll walk away from this talk laughing at my shenanigans while also having learned a few things about game development, hacking, and how to outmaneuver your opposition."


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Sunday - 11:00-11:40


GAN to the dark side: A case study of attacking machine-learning systems to empower defenses

Li Chen

“There has been a surge of interest in using machine learning (ML) to automatically detect malware through their dynamic behaviors. These approaches indeed have achieved much higher accurate detection rate and lower false positive rate. ML in threat detection has demonstrated to be a good cop to guard platform security. However should we fully trust ML-powered security? Here, we juxtapose the resiliency and trustworthiness of ML algorithms for security, in the case study of ransomware detection. We propose RD-Fool, an AI-based system to bypass ML-based ransomware detection.

In this talk, we examine the perspectives of ML assuming the role of both a good cop and a bad cop. We first train a variety of deep learning and classical machine learning classifiers for ransomware detection using data collected from file I/O and registry events. We show the classifiers can achieve great performance in terms of classification accuracy and false positive rate for ransomware detection. Then we examine the resiliency of these classifiers using our proposed system RD-Fool. RD-Fool uses random forest and generative adversarial networks (GAN) to generate samples which can bypass the ransomware detectors. We demonstrate both exploratory and causative attacks using RD-Fool, where exploratory attack aims at bypassing the ransomware detector during inference phase, and causative attack aims at poisoning the training data to perturb the ML decision boundary.

The key advantages of RD-Fool include quick identification of the blind spots of the victim ML model and efficient generation of realistic and evasive samples. We examine the quality of the crafted sample using the perturbation distance and the Silhouette score. Our results and discoveries pose interesting and alarming issues such as how much should we trust or utilize ML for better security. “

Li Chen is a data scientist and research scientist in the Security and Privacy Lab at Intel Labs, where she focuses on developing state-of-the-art robust machine learning and deep learning algorithms for security analytics including applications in malware detection and image classification in the adversarial setting. She is also the co-primary investigator (PI) and research lead at the Intel Science & Technology Center for Adversary-Resilient Security Analytics. She designs the roadmaps with Intel and Georgia Tech PIs to jointly meet both industrial and academic research objectives. She provides research direction and in-depth technical guidance to advance the ARSA research agenda. Prior to joining Intel Labs, Li was a Data Scientist in Software and Services Group at Intel, where she focused on developing advanced and principled machine learning methods for cloud workload characterization and cloud computing performance. Li Chen received her Ph.D. degree in Applied Mathematics and Statistics from Johns Hopkins University. Her research interests primarily include machine learning, statistical pattern recognition, random graph inference, data mining, and inference for high-dimensional data. Her research has been featured in a number of pioneering scientific and engineering journals and conferences including IEEE Transactions on Pattern Analysis and Machine Intelligence, Annals of Applied Statistics, Parallel Computing, AAAI Conference on Artificial Intelligence and SPIE. She has given more than 30 technical presentations, including at the Joint Statistical Meeting (the largest statistics conference in North America), AAAI conference, International Joint Conference on Artificial Intelligence, and Spring Research Conference on Statistics and Industry Technology.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - Friday - 20:30-23:59


Title:
GeekPwn Party

Part contest, part open discussion of security, part talent show and 100% fun! Join the folks from GEEKPWN for a evening of entertainment with a focus on information security from China. Expect contests, serious discussion, music, and an enviroment open to your ideas.

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Friday - 10:00-12:59


Title:
GeekPwn

Started by KEEN - and the first in 2014, GeekPwn enables security geeks around the world to exchange their thoughts and research findings. As the international intelligence security community, GeekPwn tries to create secure life with secure techniques. In GeekPwn, YOU are encouraged to exploit unknown vulnerabilities of the cyber world. And together, WE aim to help manufacturers develop their security systems and create a better world.

The most unique and extraordinary character of a GeekPwn attendee is his/her open-minding and rich variety of PWN.

Security researchers are welcomed to GeekPwn if they are able to take control or obtain data without authorization under reasonable, realistic conditions (without tampering, pre-implanted Trojans or certain pre-granted privileges), and target software and protocols of mobile phones, smart devices, Internet of Things, new I/O modules (gesture capture, VR, AR, etc.), AI-featured modules and services (robots, visual recognition and voice recognition), etc.

More Info: http://www.geekpwn.org/

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Sunday - 10:00-10:40


Generating Labeled Data From Adversary Simulations With MITRE ATT&CK 

Brian Genz

“Attackers have a seemingly endless arsenal of tools and techniques at their disposal, while defenders must continuously strive to improve detection capabilities across the full spectrum of possible vectors. The MITRE ATT&CK Framework provides a useful collection of attacker tactics and techniques that enables a threat-focused approach to detection. 

This technical talk will highlight key lessons learned from an internal adversary simulation at a Fortune 100 company that evolved into a series of data science experiments designed to improve threat detection. ”

Brian Genz is a Security Engineer focused on threat hunting, security data science, threat intelligence, and security orchestration, automation & response. He brings experience in the defense intelligence, manufacturing, and financial sectors in the areas of incident response, digital forensics, vulnerability management, and security architecture consulting. He has presented at Derby Con, Circle City Con, CypherCon, the ISSA International Conference, ISACA, InfraGard, and other venues. Brian also serves as adjunct faculty in the information security program at Milwaukee Area Technical College.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Sunday - 10:30-11:00


Title:
Geolocation and Homomorphic Encryption

10:30am

Geolocation and Homomorphic Encryption
When
Sun, August 12, 10:30am 11:00am
Description
Speaker
------
Nicholas Doiron

Abstract
--------
How often are apps asking for your location? Lat/lng coordinates reveal a lot about you, but we share them every day with web services to look up our location and find nearby businesses.

What if it were possible to encrypt the coordinates which we were searching, and a web service could find results for us anyway? This talk shows sample code of homomorphic encryption being used in geo/location searches (Paillier cryptosystem, JavaScript and Python), and potential futures for private geodata.

Bio
-----------------
Nick is a web developer and mapmaker currently at McKinsey & Company's New York City office. Previously he worked at One Laptop per Child, Code for America, and the Museum of Modern Art.

Twitter handle of presenter(s)
------------------------------
@mapmeld

Website of presenter(s) or content
----------------------------------
https://github.com/georeactor/crypto-geofence

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Sunday - 13:00-12:59


Title: Getting Skin in the Game: Biohacking & Business

Speaker: Cyberlass
About Cyberlass:
As an IT professional and biohacker Amanda Plimpton is delighted by the surge of citizen scientists who are driven to investigate, experiment and seek answers. She is interested in how the biohacking/body augmenting community can help its growing pool of talented, passionate individuals contribute to their fields from the commercial, academic or non-profit sectors. As Chief Operating Officer at Livestock Labs she is helping build a company that showcases one way biohackers can enter commercial spaces. Hoping to bring back lessons learned, she wants to keep helping grow a community that supports each other and promotes successes.
Abstract:
Let’s talk biohacking, technology and business. We are a community that is innovating and creating — mostly in non-profit and academic spaces. As we have grown so have the business opportunities, sometimes in unexpected places. My company, Livestock Labs, is bringing its biometric implant to market — in cows first. Started by grinders, the company is proving what we all know — that when we get funding and dedicated time our projects take off. This session tries to shed some light on learning to business as a biohacker and encourages other body augmenters and diyBio folks to take the leap and see what amazing things they can accomplish.

Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Friday - 14:00-17:59


Chris Gammell

Abstract

This is an in-person, hands-on version of “Getting To Blinky”, an online course series that has taught thousands to use the free and open source electronics CAD program, KiCad. This would be a “DEFCON badge” version of that course which showcases how to add a blinking circuit, get acquainted with the tool and also add customizable artwork to a Printed Circuit Board (PCB). By the end, attendees will be able to actually order a low cost PCB from online sources.

What to Bring

Please come to this session with a computer with KiCad set up and running. Course is aimed at KiCad 4.0.7, slightly earlier is fine but 5.0.0 is not advised. Install assistance can be given during the beginning of the presentation if needed.

Max size: 24, first come first serve basis.

Bio

Chris Gammell is the host of The Amp Hour Electronics podcast and the owner of Contextual Electronics, an online apprenticeship program. He has been teaching people to design and build electronics online for 8 years, including 5 as an online instructor. His interests are in hands on education and making the electronics learning process easier. He also focuses on low cost and no cost tools, like the open source CAD program KiCad. Prior to teaching online, Chris was an electronics designer for 15 years in various industrial settings.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 14:00-14:45


GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs

Friday at 14:00 in Track 1
45 minutes | Demo, Tool, Exploit

Christopher Domas

Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the feasibility of more widespread hardware backdoors.

Christopher Domas
Christopher Domas is a security researcher and embedded systems engineer, currently investigating scalable IoT security. He is best known for releasing impractical solutions to non-existent problems, including the world's first single instruction C compiler (M/o/Vfuscator), toolchains for generating images in program control flow graphs (REpsych), showing that all programs can be reduced to the same instruction stream (reductio), and the branchless DOOM meltdown mitigations. His more relevant work includes the sandsifter processor fuzzer, the binary visualization tool ..cantor.dust.., and the memory sinkhole x86 privilege escalation exploit.

@xoreaxeaxeax


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 11:00-11:55


Travis Goodspeed

Bio

The REAL Travis Goodspeed

@travisgoodspeed

Goodwatch Update

Abstract

Goodwatch


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 15:00-15:59


Grand Theft Auto: Digital Key Hacking

Huajiang "Kevin2600" Chen, Security Research at Ingeek
Jin Yang, Independent Security Researcher

The security of automobiles accesses control system is a topic often discussed. Today's vehicles rely on key-fob control modules, to ensure the vehicle is accessible to authorized users only. While most traditional automobile key-fob systems have been shown to be insecure in the past, here comes a game changer. Instead of the regular key-fob system, some car owners will be able to access their vehicle by having their smartphone authenticates as a digital car key.In this talk, we will reveal the research and attacks for one of digital car keys system in the current market. By investigating how these features work, and how to exploit it through different possibles of attack vectors, we will demonstrate the security limitations of such system. By the end of this talk, the attendees will not only understand how to exploit these systems also which tools can be used to achieve our goals.

Huajiang "Kevin2600" Chen (Twitter: @kevin2600) is a security researcher at Ingeek. And a member of Team-Trinity. The Team-Trinity is a Non-profit group of security researchers, mainly focus on wireless and embedded systems vulnerability research. Team members have worked extensively with binary reverse engineering, mobile security, and hardware security. Kevin2600 has spoken at various conferences including XCON, KCON, OZSecCon, BSides, and Alibaba-Cloud-Zcon.

Jin Yang is a member of Team-Trinity. The Team-Trinity is a Non-profit group of security researchers, mainly focus on wireless and embedded systems vulnerability research. He work in network security industry for over 10 years and focus on the Automated Virus Analysis, IoT Security, Threat Intelligence and Rootkits. Jin has spoken at XCon; AVAR and KCon.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 11:30-12:00


Title:
Green Locks for You and Me

11:30am

Green Locks for You and Me
When
Sat, August 11, 11:30am 12:00pm
Description



Speaker
------
Wendy Knox Everette

Abstract
--------
How do you give your personal domain a green "Secure" lock? Can you prevent your domain from being used for spam and phishing emails?

This talk is a little different from most "crypto" talks - it's not about how some neat new encryption algorithm works, or writing code. Instead, it's about how to use the awesome crypto tools already available to make your online presence more secure. This talk came out of my frustration with tutorials online for setting up my personal website domain with TLS and my email domain with DMARC/DKIM/SPF. We'll walk through how to use free services to serve a website over TLS and how to configure a personal email domain to block it from being used to send spam and phishing emails.

Bio
-----------------
Wendy Knox Everette (@wendyck) is a hacker lawyer who began her career as a software developer, before going to law school, where she focused on national security law and computer security issues. Currently she lives in Washington State where she advises companies on risk and security regulations. She created and hosted the first student webserver to host personal homepages at her undergrad in 1995, and registered her personal domain in 2000, but only recently got it moved to TLS.

Twitter handle of presenter(s)
------------------------------
@wendyck

Website of presenter(s) or content
----------------------------------
https://www.wendyk.org

Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


GreyNoise

Saturday 08/11/18 from 1200-1350 at Table Three
Defenders, blue teamers, SOC and network analysts

Andrew Morris

GreyNoise is a system that collects all of the background noise of the Internet. Using a large network of geographically and logically dispersed passive collector nodes, GreyNoise collects, labels, and analyzes all of the omnidirectional, indiscriminate Internet-wide scan and attack traffic. GreyNoise data can be used to filter pointless alerts in the SOC, identify compromised devices, pinpoint targeted reconnaissance, track emerging threats, and quantify vulnerability weaponization timelines.

https://greynoise.io/

Andrew Morris
Andrew Morris is the founder of GreyNoise Intelligence, a DC-based cyber security company, and likely holds the world record for amount of time spent staring at Internet-wide scan traffic. Prior to founding GreyNoise, Andrew worked as a researcher, red team operator, and consultant for several large cyber security firms including Endgame, NCC group, and KCG. Outside of work, Andrew enjoys playing fingerstyle acoustic guitar and tries to figure out what his dreams mean.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 12:00-13:50


GUI Tool for OpenC2 Command Generation

Sunday 08/12/18 from 1200-1350 at Table Six
Defense

Efrain Ortiz

The tool is a stand alone web self service application that graphically represents all the evolving OpenC2 commands to allow OpenC2 application developers to click and generate OpenC2 commands. The tool makes it extremely easy for even beginners to work on the creation of OpenC2 commands. The tool provides the OpenC2 command output in JSON and in curl, nodejs and python code to be easily integrate into Incident Response or Orchestration platforms.

https://github.com/netcoredor/openc2-cmdgen

Efrain Ortiz
Efrain is a Director in the Office of the CTO at Symantec Corporation. Prior to his Director role, he worked 15 years as a field pre-sales systems engineer. Efrain started his digital life on a TRS-80 Color Computer II in the 1980s. Previous to his 15 years at Symantec, he worked in various roles, from pen testing to network and systems administration. His current favorite project is working on the OpenC2 language specification.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Thursday - 10:00-13:59


Guided Tour to IEEE 802.15.4 and BLE Exploitation

Thursday, 1000-1400 in Icon A

Arun Mane Principle Researcher, SecureLayer7

Rushikesh D. Nandedkar Security Analyst

The workshop aims at delivering hands on experience to pentest 802.15.4 and BLE commercial devices. By design and purpose, IoT was meant to serve the whims of human, taking human laziness to next level. Hence in this due effort, there was least || no attention paid towards the state of security of IoT. However, this doesn't mean, the motives of users are deterred to use insecure IoT devices/setups.

Due to high demand for automation in M2M communication, the IoT concept took a position in the industrial sector for better and fast work ignoring security aspect. Absence of this aspect in the production is making all IoT communications and wireless communications vulnerable largely.

On the other hand, BLE devices have been used everywhere. They are being used in home automation, healthcare, SensorTags and Bluetooth Password Manager etc. As a matter of fact, these BLE devices are equally vulnerable as that of IEEE 802.15.4 based devices. The impact is huge as these technologies are used in industrial applications like water dams and other ICS systems.

Prebuilt VM with lab manuals will be provided to attendees. The workshop is structured for beginner to intermediate level attendees who do not have any experience in IoT wireless communication.

Prerequisites:
1. Basic knowledge of web and mobile security
2. Basic knowledge of Linux OS
3. Basic knowledge of programming (C, python) would be a plus

Materials:
1. Laptop with at least 50 GB free space
2. 8+ GB minimum RAM (4+GB for the VM)
3. External USB access
4. Administrative privileges on the system
5. Virtualization software - VirtualBox 5.X (including Virtualbox extension pack)/VMware player/VMware workstation/VMware Fusion
6. Linux machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse).
7. Virtualization (Vx-t) option enabled in the BIOS settings for virtualbox to work
8. Latest OS on the host machines (For ex. Windows 7 is known to cause issues)

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/guided-tour-to-ieee-802154-and-ble-exploitation-icon-a-tickets-47085983444
(Opens July 8, 2018 at 15:00 PDT)

Arun Mane
Arun: is a Hardware, IOT and ICS Security Researcher. His areas of interest are Hardware Security, SCADA, Fault Injection, RF protocols and Firmware Reverse Engineering. He also has experience in performing Security Audits for both Government and private clients. He has presented a talk at the nullcon 2016,2017,2018 Goa, GNUnify 2017, Defcamp 2017,BsidesDelhi 2017, c0c0n x 2017,EFY 2018,X33fcon2018 Also Trainer for Practical Industrial Control Systems (ICS) hacking training, delivered in X33fcon2018 and was co-Trainer for Practical IoT hacking which was delivered in HITB 2017, HIP 2017, BlackHat Asia 2018 and private clients in London, Australia, Sweden, Netherlands etc. He is an active member of null - The open Security community and G4H community.

Rushikesh D. Nandedkar
Rushikesh: is a security analyst. Having more than six years of experience under his belt, his assignments have always been pointed towards reducing the state of insecurity for information. His research papers were accepted at NCACNS 2013, nullcon 2014, HITCON 2014, Defcamp 2014, BruCON 2015, DEFCON 24, BruCON 2016, x33fcon 2017, c0c0n-x 2017, BruCON 2017, BSides Delhi 2017, nullcon 2018, HITB Amsterdam 2018 and x33fcon 2018, as well he is a co-author of an intelligent evil twin tool "DECEPTICON". Being an avid CTF player, for him solace is messing up with packets, frames and shell codes.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


GyoiThon

Sunday 08/12/18 from 1000-1150 at Table Two
Offense

Isao Takaesu

Masuya Masafumi

Toshitsugu Yoneyama,

GyoiThon is a fully automated penetration testing tool against web server. GyoiThon nondestructively identifies the software installed on web server (OS, Middleware, Framework, CMS, etc...) using multiple methods such as machine learning, Google Hacking, pattern matching. After that, GyoiThon executes valid exploits for the identified software. Finally, GyoiThon generates report of scan results. GyoiThon executes the above processing fully automatically.

GyoiThon consists of three engines:

Traditional penetration testing tools are very inefficient because they execute all signatures. On the other hand, GyoiThon is very efficient because it executes only valid exploits for the identified software. As a result, the user's burden will be greatly reduce, and GyoiThon will greatly contribute to the security improvement of many web servers.

https://github.com/gyoisamurai/GyoiThon

Isao Takaesu
Isao Takaesu is working in Mitsui Bussan Secure Directions, Inc. as security engineer and researcher. In the past, he found out numerous vulnerabilities in server of client and he proposed countermeasures to client. He thinks that there's more and want to efficiently find out vulnerabilities. Therefore, He's focusing on artificial intelligence technology and developing fully automated penetration testing tool using machine learning.

Masuya Masafumi
Masafumi Masuya is a security engineer on the Mitsui Bussan Secure Directions, Inc. He loves network security assessment, so he found many vulnerabilities in various servers of enterprises. He is always thinking about a method to efficiently perform network security assessment, even while sleeping. He especially loves cURL and Japanese word 'Gyoi'. "Gyoi" means that there is nothing you cannot do!

Toshitsugu Yoneyama
Toshitsugu Yoneyama is a Security Researcher and Manager on the Mitsui Bussan Secure Directions, Inc. He has reported several vulnerabilities in Juniper, Nessus, Amazon, Apache and various routers. He participated alone in Hack2win which is a hacking competition in CodeBlue 2017, and he pwned several devices by remote attack and get the 3rd prize.


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 15:00-15:59


Title: Hack Back: Not An Option, But A Necessity? (A Mini-Workshop)

Speakers: David Scott Lewis

Description:

David Scott Lewis
“They don’t fear us.” This was General Nakasone’s response to Senator Sullivan’s remark that “we’re the world’s cyber punching bag” during Mr. Nakasone's confirmation hearings as NSA Director and USCYBERCOM Commander. This talk will present hack back as a form of offensive cyber going beyond active defense, persistent engagement, and the cyber kill chain, yet consistent with proposed legislation, and will put forth the claim that nextgen hack back will evolve into a hyperwar battlespace deterrent.
Concerns such as attribution and escalation will be addressed, as will the potential role of AI, cybernetics, and quantum computing. A working framework for hack back will be presented – HBaaS/ADaaS (Hack Back-as-a-Service/Active Defense-as-a-Service), as will reasons why culture must play a key role in developing policy options.
For illustrative purposes, China and Chinese culture will be examined in depth. This examination will begin with a look at China’s Mearsheimerian foreign relations practices, and will then review how Chinese culture and cultural norms should guide U.S. hack back policies specific to China.




Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 14:00-15:59


Title: Hack On The BitBox Hardware Wallet

Speakers: Stephanie Stroka and Marko Bencun

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 12:25-12:40


Hackathon and CTF Prizes, and a Group Photo

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Flamingo - 3rd floor - Chillout Rm - Saturday - 20:30-23:59


Title:
Hacker Flairgrounds

This is the Meetup destination for badge collectors, designers, and prototypers that you have been waiting for! A social environment to show off you custom badges, discuss projects to make you own badges and to talk to collectors who cherish your work. Flashing LEDs, crafting time, trading, and the celebration of badge craft all in one.

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - Friday - 20:00-21:59


Title:
Hacker Jeopardy

Hacker Jeopardy is back for its 24th unbelievable year! Three teams of three battle each round to face last year's champion in the final. 100 points for every beer consumed makes the answers, well, less predictable as the game goes on. Antics, swag, and audience participation -- how can you go wrong? WARNING: 18+ only due to adult language and innuendo. We're offended if you're not offended.

More Info: http://www.hackerjeopardy.org

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - Saturday - 20:00-21:59


Title:
Hacker Jeopardy

Hacker Jeopardy is back for its 24th unbelievable year! Three teams of three battle each round to face last year's champion in the final. 100 points for every beer consumed makes the answers, well, less predictable as the game goes on. Antics, swag, and audience participation -- how can you go wrong? WARNING: 18+ only due to adult language and innuendo. We're offended if you're not offended.

More Info: http://www.hackerjeopardy.org

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Emperors Level - Chillout Rm - Friday - 20:00-25:59


Title:
Hacker Karaoke

Do you like to sing? Do you want to perform? Ever wanted to sing in front of others? Come on down to the 10th Annual Hacker Karaoke, DEFCON's on-site karaoke experience. You can be a star, or if you don't want to be a star, you can also take pride in making an utter fool of yourself.

More Info: https://hackerkaraoke.org/   @HackerKaraoke

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Emperors Level - Chillout Rm - Saturday - 20:00-25:59


Title:
Hacker Karaoke

Do you like to sing? Do you want to perform? Ever wanted to sing in front of others? Come on down to the 10th Annual Hacker Karaoke, DEFCON's on-site karaoke experience. You can be a star, or if you don't want to be a star, you can also take pride in making an utter fool of yourself.

More Info: https://hackerkaraoke.org/   @HackerKaraoke

Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 17:00-17:59


Title: Hacking a Crypto Payment Gateway

Speakers: Devin "Bearded Warrior" Pearson and Felix "Crypto_Cat" Honigwachs

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 14:00-14:45


Hacking BLE Bicycle Locks for Fun and a Small Profit

Sunday at 14:00 in Track 2
45 minutes | Demo, Tool

Vincent Tan Senior Security Consultant, MWR InfoSecurity

Hack a lock and get free rides! (No free beer yet though...). This talk will explore the ever growing ride sharing economy and look at how the BLE "Smart" locks on shared bicycles work. The entire solution will be deconstructed and examined, from the mobile application to its supporting web services and finally communications with the lock. We will look at how to go about analysing communications between a mobile device and the lock, what works, what doesn't.

Previous talks on attacking BLE targeted the protocol itself using various hardware and software such as Ubertooth and Wireshark, which could be potentially difficult for someone new wanting to explore BLE and the ever connected IoT world. I'll simplify and stupidify the entire process such that anyone with a mobile phone and basic experience with Frida can go about breaking locks and hacking BLE the world over.

Vincent Tan
Vincent is a Senior Security Consultant at MWR Labs (the forefront of innovation and research in cyber security). He has a passion for all things"mobile" and anything"wireless". Vincent spends most of his free time focused on reverse engineering esoteric protocols, mobile devices and all things IOT to make the real(cyber)world a better and (where possible) a safer place to be for all. (All this while trying to survive by getting free rides.) Singaporean by birth, Vincent defies the local stereotype of accepting "cannot" for an answer and lives in a world of only pure possibility.


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Anzio Rm past Registration - Thursday - 17:00-17:59


Title:
Hacking for Special Needs

A Meetup for parents of children and individuals with special needs within the DEF CON community. The meeting is not only social but also a exchange of information and helpful tips to help improve the lives of families and individuals and to celebrate their place in the DEF CON community.

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 16:15-16:59


Title: Hacking Human Fetuses

Speaker: Erin Hefley
@erintoxicating
About Erin:
Erin Hefley is a resident physician in her final year of training with the Phoenix Integrated Residency in Obstetrics & Gynecology. She has a background in public health and women's health, and obtained a Master of Public Health degree from the University of Northern Colorado prior to attending medical school at the University of Arizona - Phoenix. This is her 6th Defcon attendance over the past decade, and she is thrilled to have witnessed the development and expansion of the Biohacking Village. Her current interests include reproductive health technology, women's health policy, running, and vampire erotica
Abstract:
"As prenatal testing and ultrasound technology have greatly improved, so has our ability to diagnose birth defects and genetic diseases earlier and earlier in pregnancy. Until recently, our only available options were to offer pregnancy termination or wait to see if the baby survived long enough to be treated after birth. But what if we had the capability to intervene before those genetic mutations had a chance to cause their harmful effects, sparing parents from the agony of uncertain pregnancy outcomes and saving children from debilitating diseases? In last year’s “Designer Babies: Hacking Human Embryos” we discussed pre-implantation genetic testing and embryo modification as a means to identify and treat heritable diseases, by correcting harmful gene mutations before a pregnancy even begins. Since then, exciting new research has shown that even after a pregnancy is under way, opportunities still exist for hacking the biological machinery of the fetus to alter its developmental course.This talk will review new and rapidly evolving strategies to treat genetic disease in utero – while the baby is still in the womb - by hijacking the embryologic mechanisms responsible for fetal growth and development.
Examples include:
- injection of a critical protein into the amniotic fluid surrounding babies with X-linked hypohydrotic ectodermal dysplasia, a genetic condition causing a lack of sweat glands and the life-threatening inability to regulate temperature
- transfusion of mesenchymal stem cells into the fetal umbilical cord to treat osteogenesis imperfecta or “brittle bone disease”
- in utero blood and bone marrow transplant to treat the fatal hemoglobin disorder alpha-thalessemia major
- correcting deformities such as cleft lip and palate by triggering cell signaling pathways ""knocked out"" by genetic mutation "

Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 14:00-14:59


Title:
Hacking Phenotypic Pathways In Cannabis

Notes from a Cannabis breeder
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 11:00-11:45


Hacking PLCs and Causing Havoc on Critical Infrastructures

Saturday at 11:00 in 101 Track, Flamingo
45 minutes | Demo, Exploit

Thiago Alves Ph.D. Student and Graduate Research Assistant at the University of Alabama in Huntsville

Programmable Logic Controllers (PLCs) are devices used on a variety of industrial plants, from small factories to critical infrastructures like nuclear power plants, dams and wastewater systems. Although PLCs were made robust to sustain tough environments, little care was taken to raise defenses against potential cyber threats. As a consequence, threats started pouring in and causing havoc. During this presentation I will talk about the architecture of a PLC and how it can be p0wned. There will be some live demonstration attacks against 3 different brands of PLCs (if the demo demons allow it, if not I will just show a video). Additionally, I will demonstrate two vulnerabilities I recently discovered, affecting the Rockwell MicroLogix 1400 series and the Schneider Modicon M221 controllers.

Thiago Alves
Thiago Alves received his B.S. degree in electrical engineering from the"Pontifícia Universidade Católica" (PUC) in 2013. In 2014 he created OpenPLC, the world's first open source industrial controller. OpenPLC is being used as a valuable tool for control system research and education. The OpenPLC project has contributions from several universities and private companies, such as Johns Hopkins and FreeWave Technologies. In 2017 Thiago won first place in CSAW, the world's largest student-run cybersecurity competition, with his innovative embedded security solution for OpenPLC. Currently Thiago is a Ph.D. student at the University of Alabama in Huntsville. His research interests include cybersecurity for SCADA systems, industrial controllers and embedded systems.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 13:30-13:50


Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller

Friday at 13:30 in Track 2
20 minutes | Demo, Exploit

Feng Xiao Hacker

Jianwei Huang Hacker

Peng LiuRaymond G. Tronzo, M.D. Professor of Cybersecurity

Software-Defined Networking (SDN) is now widely deployed in production environments with an ever-growing community. Though SDN's software-based architecture enables network programmability, it also introduces dangerous code vulnerabilities into SDN controllers. However, the decoupled SDN control plane and data plane only communicate with each other with pre-defined protocol interactions, which largely increases the difficulty of exploiting such security weaknesses from the data plane.

In this talk, we extend the attack surface and introduce Custom Attack, a novel attack against SDN controllers that leverages legitimate SDN protocol messages (i.e., the custom protocol field) to facilitate Java code vulnerability exploitation. Our research shows that it was possible for a weak adversary to execute arbitrary command or manipulate data in the SDN controller without accessing the SDN controller or any applications, but only controlling a host or a switch.

To the best of our knowledge, Custom Attack is the first attack that can remotely compromise SDN software stack to simultaneously cause multiple kinds of attack effects in SDN controllers. Till now we have tested 5 most popular SDN controllers and their applications and found all of them are vulnerable to Custom Attack in some degree. 14 serious vulnerabilities are discovered, all of which can be exploited remotely to launch advanced attacks against controllers (e.g., executing arbitrary commands, exfiltrating confidential files, crashing SDN service, etc.).

This presentation will include:

Feng Xiao
Feng Xiao will be a Ph.D. student at The Pennsylvania State University soon. He enjoys hacking all kinds of systems as well as finding vulnerabilities. He received his B.S. in Computer Science from Wuhan University in 2018.

He has published three papers (including posters) in well-known security conferences like CCS, MobiCom, ICICS etc. He was also the recipient of First Prize in 2016 China Undergraduate Security Contest, First Prize of 2015 BCTF, and Third Prize of 2015 0CTF.

http://fxiao.me

Jianwei Huang
Jianwei Huang is a researcher at Wuhan University. He is interested in finding and solving security related problems.

Peng Liu
Dr. Liu is a professor at The Pennsylvania State University. His research interests are in computer security. He has published a monograph and over 270 refereed technical papers.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 16:15-16:45


Hacking the international RFQ Process #killthebuzzwords - Dino Covotsos

Thanks to the “boom” in the information security industry combined with the latest buzzwords, more and more large corporate companies are looking for the latest “next gen” anti-haxor services and technologies. In doing so they often go out publicly on tender and / or issue an RFP/RFQ in order to obtain the best possible solution to meet their requirements and budget (usually cost wins).

Due to this and a lack of maturity in the field, companies issue public RFQs / RFPs that contain classified and confidential / secret information such as network diagrams, architectural designs, software versions etc. This type of information would usually require that an attacker spend an extensive amount of time performing enumeration and / or gaining access to the internal network first and taking a significant amount of time to learn about that environment. Targeting the procurement process of an organisation exposes a largely unexplored attack surface.

This new research and presentation aims to demystify the above and give practical examples of large international organisations, which unfortunately fail at the RFP/RFQ process badly. This opens a “free and easy” attack vector for attackers to exploit without even conducting extensive enumeration and fingerprinting, or anything close to intrusive attacks. As a result, an attacker often has access to an extensive amount confidential information about the organisation, which could be utilised to launch more targeted attacks. Depending on the type of information gathered, such attacks, could be likened to an attacker that has insider knowledge.

I will also be demonstrating, via real world examples, the dangers of going out blindly and looking for specific services and products in the information security industry, with real life networks being shown on stage.

A short breakdown of what will be presented is as follows:


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 14:00-14:59


Title:
Hacking the Technical Interview

Marcelle & Kelley
@marcelle_fsg & @ccsleuth

Hacking the Technical Interview

"Marcelle and Kelley will provide tips to the audience on how to survive a technical interview and possibly even shine in one! We are not recruiters or HR professionals. We have, however, a LOT of experience as interviewees and have developed some strategies that wed like to share. Our industry experience lies in various technical arenas, including public sector, private sector, and law enforcement. Topics will include the not-so-subtle art of salary negotiation, how to best prepare for questions (TCP 3-way handshake, anyone?), recognizing the roles of different interviewers, and how to keep your cool. We are also not attorneys, but will touch on illegal interview questions and how to handle them, as well as new laws about salary history. Also featured will be tales from the trenches, hopefully amusing and/or illuminating. Time permitting, we will cover some resume best practices."


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Friday - 14:30-18:30


Hacking Thingz Powered By Machine Learning

Friday, 1430-1830 in Icon A

Clarence Chio Security Researcher

Anto Joseph Security Engineer, Tindr

"HACKING THINGZ POWERED BY MACHINE LEARNING" is a hands-on workshop that gives attendees a crash course in performing practical adversarial attacks on modern technology powered by machine learning. This will NOT be an intro to ML class - do that on your own time online before or after the class - deep ML knowledge is definitely *not* required. We will perform mischief on ML systems that most tech-savvy people interact with on a daily basis: face recognition, (smartphone authentication) speech recognition, (home assistants) and web application firewalls (need we say more?) ;) We won't just be explaining the theory and tomfoolery behind these attacks - we'll walk you through each step of each attack and show you how *absolutely anyone* can hack systems like these with just a little bit* of background in ML hacking.

* This is an intermediate technical class suitable for attendees with some ability to read and write basic Python code. To get the most out of this workshop, surface-level understanding of machine learning is good. (i.e. be able to give a one-line answer to the question "What is machine learning?")

Prerequisites: Basic familiarity with Linux Python scripting knowledge is a plus, but not essential

Materials:
No fee required
Latest version of virtualbox Installed
Administrative access on your laptop with external USB allowed
At least 20 GB free hard disk space
At least 4 GB RAM (the more the merrier)

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/hacking-thingz-powered-by-machine-learning-icon-a-tickets-47194541143
(Opens July 8, 2018 at 15:00 PDT)

Clarence Chio
Clarence Chio has shared his research on ML and security at hacking events around the world. He has taught dozens of training classes and workshops to conference attendees and security teams at large tech companies. He wrote the new O'Reilly Book "Machine Learning & Security: Protecting Systems with Data and Algorithms", and organizes the AI Village at DEF CON. Clarence has a B.S. and M.S. in Computer Science from Stanford, specializing in data mining and artificial intelligence.

Anto Joseph
Anto Joseph is a Security Engineer for Tinder. He is involved in developing and advocating security in Machine Learning Systems & Application Security Research. Previously, he has worked at Intel, Citrix, and E&Y in multiple information security roles. He is very passionate about exploring new ideas in these areas and has been a presenter and trainer at various security conferences including BH USA, Defcon, BruCon, HackInParis, HITB Amsterdam, HackLu, Hacktivity, PHdays, X33fCon, NullCon, c0c0n and more. He is an active contributor to many open-source projects and some of his work is available at https://github.com/antojoseph.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 16:45-17:30



Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 13:40-14:30


Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet

Friday at 13:40-14:30
50 minutes

@jtpereyda

Have you wondered whether developers can play any significant role in the security world? Come hear from a diehard programmer and hacker who loves to break and loves to build, and learn how a regular programmer can make major contributions to security from the trenches. This presentation will dive into the intersection between development and security. You will learn about the SDL -- Secure Development Lifecycle, and why in the world a hacker would care about processes and procedures. You will learn how "processes" and "lifecycles" can be useful -- and how they can be a complete waste of time. Included are real world success stories of organizational hacking -- getting other engineers to change their practices -- and real world fail stories. Attendees will come away with knowledge of how development and security intersect, and how they can use their programming day job to save the world. If you are a developer who cares deeply about security, enjoys exploits, and wants to make the world a better place, this is for you.

@jtpereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. While he currently hunts vulnerabilities full time, his roles have evolved from programmer to hacker to organizational hacker to regular hacker again. Not only has Joshua found vulnerabilities in safety critical software, he has started long term security programs, changing the way an entire business works. Joshua has written software, hacked software, and hacked companies. In his free time, Joshua enjoys improving open source software, teaching kids to program, attending orchestral concerts with his wife, and figuring out how he can get paid to do it all... legally.


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 10:00-10:40


Hacking your HackRF

Mike Davis

Abstract

The HackRF isn’t just an SDR - it’s an open-source, open-hardware device that’s designed to be modified. In this talk I walk through the basics of how to open and modify the hardware and software. I also show all the mods and hacks I’ve done to/with my HackRFs, including physical synchronisation between HackRFs, quadcopter transmitter adaptation, audio encoding/decoding, quadcopter vtx and a future project to add USB3

Bio

Software/hardware developer, currently studying an MSc Computer Science (infosec), not yet a cyborg


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Halcyon IDE

Saturday 08/11/18 from 1000-1150 at Table Six
Offense, Defense, AppSec, Network Security, Nmap Scanners & Developers

Sanoop Thomas

Halcyon IDE lets you quickly and easily develop Nmap scripts for performing advanced scans on applications and infrastructures with a wide range capabilities from recon to exploitation. It is the first IDE released exclusively for Nmap script development. Halcyon IDE is free and open source project (always will be) released under MIT license to provide an easier development interface for rapidly growing information security community around the world. The project was initially started as an evening free time "coffee shop" project and has taken a serious step for its developer/contributors to spend dedicated time for its improvements very actively. More information and source code: https://halcyon-ide.org

https://halcyon-ide.org

Sanoop Thomas
Sanoop Thomas (@s4n7h0) is a seasoned security professional with diverse background in consulting, teaching, research and product-based industries with a passion to solve complex security problems. Today, Sanoop works as information security specialist focusing on application security and secure coding. His field of interest includes reverse engineering, malware analysis, application security and automating security pentest/analysis methodologies. He is moderating null open community chapter in Singapore and organised over 60 events & workshops to spread security awareness across country. Sanoop is also the author of Halcyon IDE (https://halcyon-ide.org) an IDE that is focused to develop Nmap scripts. He has spoken at security conferences like Nullcon, OWASP India, HITBGSEC, Rootcon, and Blackhat Arsenal.


Return to Index    -    Add to    -    ics Calendar file

 

Service - Caesars - Promenade Level - Anzio Rm past Registration - Friday - 10:00-15:59


Title:
Ham Radio Exams

Take HAM Radio Exams at DEF CON 26!
Return to Index    -    Add to    -    ics Calendar file

 

Service - Caesars - Promenade Level - Anzio Rm past Registration - Saturday - 12:00-17:59


Title:
Ham Radio Exams

Take HAM Radio Exams at DEF CON 26!
Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 11:00-12:00


Title:
Hamilton's Private Key: American Exceptionalism and the Right to Anonymity

11:00am

Hamilton's Private Key: American Exceptionalism and the Right to Anonymity
When
Fri, August 10, 11am 12pm
Description
Speaker
------
Jeff Kosseff

Abstract
--------
In the Sixteenth Century, English Puritan preacher John Udal published a series of pamphlets criticizing the Anglican Church. He signed the pamphlets under a pseudonym, Martin Marprelate. The Bishops soon determined his identity, and Udal was sent to prison, where he died. Such prosecutions for political views were common throughout in England throughout the Sixteenth, Seventeenth, and Eighteenth centuries.

So it was not surprising that once the British colonies in America had achieved independence and were determining the future of their government, much of the debate occurred without real names. When Alexander Hamilton, James Madison, and John Jay published the Federalist Papers, they did so under a single pseudonym, Publius.

Although the First Amendment does not explicitly require anonymity, U.S. courts repeatedly have held that that its free speech protections guarantee a strong (but not absolute) right to speak anonymously. In 1960, the Supreme Court struck down a Los Angeles ordinance that prohibited the distribution of anonymous handbills, and it invalidated a similar Ohio law in 1995. Since the mid 90s, state and federal courts have relied on this right to anonymity in rejecting defamation plaintiffs attempts to use the court discovery process to unmask the identities of anonymous Internet posters. Although the United States is not the only nation to protect anonymity, its anonymity protections are among the strongest in the world, and have helped establish the robust online debate that we know today.

Legal and policy debates surrounding encryption often focus on privacy rights and the Fourth Amendment. While these discussions are vital, that they too often overlook the free speech-based anonymity rights that have been fundamental to the United States since its founding. In this presentation, I present the research conducted to date for my book-in-progress, United States of Anonymity, tracing the history of this First Amendment-based right to speak anonymously. I explain how this strong history of ensuring the right to speak anonymously applies to the current encryption debates, as well as the distinct but related issue of anonymity tools such as Tor. I argue that encryption and anonymity are essential for Twenty-First Century free speech, and explain how the legal protection of pamphleteers extends to encryption and anonymity.

To be sure, some efforts to weaken encryption may not necessarily threaten an individuals anonymity. And encryption is not the only protection for anonymity. However, there is significant overlap between the values underlying the First Amendment anonymity opinions and some justifications for encryption. Moreover, encryption has been an essential component of many of the most innovative anonymity tools (such as the techniques that newsrooms have adopted to receive anonymous tips).


Bio
-----------------
Jeff Kosseff is an assistant professor of cybersecurity law at the U.S. Naval Academy. He is the author of Cybersecurity Law, a textbook, and his latest book, The Twenty-Six Words That Created the Internet, a history of Section 230 of the Communications Decency Act, will be published early next year by Cornell University Press. He previously practiced cybersecurity law at Covington & Burling, and clerked for Judges Milan Smith on the Ninth Circuit and Leonie Brinkema in the Eastern District of Virginia. Before becoming a lawyer, he was a technology journalist for The Oregonian and finalist for the Pulitzer Prize.

Twitter handle of presenter(s)
------------------------------
@jkosseff

Website of presenter(s) or content
----------------------------------
www.jeffkosseff.com

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 14:00-14:45


Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices

Saturday at 14:00 in 101 Track, Flamingo
45 minutes | Demo, Tool, Exploit

Dennis Giese Hacker

While most IoT accessory manufacturers have a narrow area of focus, Xiaomi, an Asian based vendor, controls a vast IoT ecosystem, including smart lightbulbs, sensors, cameras, vacuum cleaners, network speakers, electric scooters and even washing machines. In addition, Xiaomi also manufactures smartphones. Their products are sold not only in Asia, but also in Europe and North America. The company claims to have the biggest IoT platform worldwide.

In my talk, I will give a brief overview of the most common, Wi-Fi based, Xiaomi IoT devices. Their devices may have a deep integration in the daily life (like vacuum cleaners, smart toilet seats, cameras, sensors, lights).

I will focus on the features, computational power, sensors, security and ability to root the devices. Let’s explore how you can have fun with the devices or use them for something useful, like mapping Wi-Fi signal strength while vacuuming your house. I will also cover some interesting things I discovered while reverse engineering Xiaomi's devices and discuss which protections were deployed by the developers (and which not).

Be prepared to see the guts of many of these devices. We will exploit them and use them to exploit other devices.

Dennis Giese
Dennis is a grad student at TU Darmstadt and a researcher at Northeastern University. He was a member of one european ISP's CERT for several years.

While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kind of devices.

His latest victim is the Xiaomi IoT cloud. Hehas presented at the Chaos Communication Congress and the REcon BRX.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 16:00-16:59


Title:
Healthcare Exposure on Public Internet

Shawn Merdinger
Healthcare Exposure on Public Internet

Real-world healthcare exposure of hospitals, patient records, medical devices


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


HealthyPi—Connected Health

Saturday 08/11/18 from 1400-1550 at Table Four
Hardware and biohacking

Ashwin K Whitchurch

We (at ProtoCentral) developed the HealthyPi HAT for the Raspberry Pi as a way of opening up the healthcare and open source medical to anyone. The HealthyPi is made of the same "medical-grade" components found in regular vital sign monitors, for a fraction of the cost of such system. This is our way of democratizing medical hardware to develop new areas of research.

Our objective when we began developing the HealthyPi was to make a simple vital sign monitoring system which is simple, affordable, open-source (important !) and accessible. HealthyPI is completely open-source and is our way of "hacking" patient monitoring systems by getting data that you need, in the way that you need and extending on that without getting involved in sticky proprietary NDAs and such.

*Demo will allow people to come, check out and play with (and possibly hack) the HealthyPi device while getting their vital signs monitored.*

https://github.com/Protocentral/protocentral-healthypi-v3

Ashwin K Whitchurch
Ashwin K Whitchurch is the CEO of ProtoCentral (Circuitects Electronics Solutions Pvt Ltd) based out of Bangalore in India. The company makes, sells and supprts open source hardware products, most of them for healthcare and medical applications. Ashwin has published research papers, book chapters and reviews in well-known international journals and conferences. ProtoCentral (and Ashwin) has been present in many hardware gatherings including Maker Faire ( New York & Rome), Hackaday Superconference, OSHWA Summit and has given talks on his projects with open source hardware.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 16:15-16:59


Title: Hey Bro, I Got Your Fitness Right Here (and your PHI).

Speakers: Nick - GraphX
Abstract:
This is a journey into fitness. My fitness and more importantly your fitness. Or rather the information that I've been collecting every day at the gym while getting ready for bikini season. This a look at my journey to become the sexy stud muffin you see before you (google image search "sexy stud muffin" for reference) and my quest to do bad things through various means, up to and including compromising cardio equipment, fitness apps, and changing delivery addresses for fitness equipment to my house instead of your gym. No zero days and nothing overly technical provided here, but the intended takeaway is awareness of who is collecting your PHI and from where. Just like on Maury, the results will shock and amaze. Or maybe you'll just get a good laugh at my journey to lose 100 pounds.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 15:00-16:00


Title:
Hiding in plain sight: Disguising HTTPS traffic with domain-fronting

3:00pm

Hiding in plain sight: Disguising HTTPS traffic with domain-fronting
When
Fri, August 10, 3pm 4pm
Description
Speaker
------
Matt Urquhart

Abstract
--------
Domain-fronting is a technique used to disguise HTTPS traffic as being destined for one service, but actually communicating with a different service. It relies on an implementation detail of HTTPS stacks which share infrastructure between customers. Recently, there has been a large amount of media attention surrounding a popular instant-messaging app using this technique to evade censorship. What is domain fronting and how does it work? This talk aims to give you everything you need to fully understand domain fronting, try it yourself, and understand how domain-fronting can also open a path to DoS and IP spoofing attacks.

Bio
-----------------
Matt is a software developer from Australia who first became interested in Infosec after hearing of hilarious pranks played during the early days of the Internet. In his spare time he enjoys playing the drums.

Twitter handle of presenter(s)
------------------------------
@arrtchiu

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 17:00-17:59


Holy BATSense! Deploying TBATS Machine Learning Algorithm to Detect Security Events

Pranshu Bajpai

Our “BATSense” security event detection methodology has been running at Michigan State University’s campus for a year and is successfully detecting security anomalies across 300k devices. In this presentation, we will describe the use machine learning, specifically the TBATS forecasting algorithm, to predict future trends for the number of events per second for a variety of device types. The forecasted values are compared against actual observations to alert security personnel of significant deviations. Anomalies are detected based on logs relevant to security events; they may be system modifications, system failures or a football game. Forecasts are never perfect, but when measured over extended use, we have shown that false positives are manageable (1 per week) for true positives of 1 per day. The result a methodology that has been developed and tweaked over time to effectively detect security events, and lessons learned over a year. All arguments presented in this talk will be backed by real world (anonymized) data collected at our university shared with the audience.

Pranshu Bajpai is a security researcher working towards his PhD in Computer Science and Engineering at Michigan State University. His research interests lie in computer and network security, malware analysis, machine learning, privacy, digital forensics, and cyber crimes. In the past, he worked as an independent penetration tester for clients. He has authored several research papers in security magazines and journals and has served as a technical reviewer for books within the security domain. He enjoys working in the security industry and the challenge of testing new technologies for potential weaknesses. In his spare time, he likes solving CTF challenges while listening to classic rock. Connect with him on Twitter: @amirootyet


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


Honeycomb—An extensible honeypot framework

Saturday 08/11/18 from 1600-1750 at Table Three
Incident Responders, Security Researchers, Developers

Omer Cohen

Imri Goldberg

We present Honeycomb—A repository of honeypot services and integrations for the information security community. Our vision: Honeycomb will be the pip or apt-get for honeypots.

While working hard to create various honeypots for several high profile vulnerabilities, we realized we were repeating some of the underlying work that’s involved in creating a honeypot—a useful honeypot is easy to deploy, configure and collects reports. We have these capabilities in Cymmetria’s commercial deception product but we wanted to open source this functionality to the community so everyone could benefit from it.

Eventually came the idea for honeycomb—an extensible platform for writing honeypots which comes with a repository of useful honeypots which makes it super easy to create new honeypots. Honeycomb and the honeypot repository together form a powerful tool for security professionals looking to gain threat intelligence on the latest threats.

We are currently in the process of finalizing the release of the project and working on releasing additional plugins. Join us to learn how to utilize existing honeycomb capabilities as well as writing honeypot services and integrations on your own!

https://github.com/Cymmetria/honeycomb

Omer Cohen
As an experienced Incident Response investigator and team leader, Omer has a wealth of knowledge and experience in the areas of cyber security, security research, software development and system administration, as well as network architecture and design. Omer has delivered and implemented numerous projects involving cutting edge technologies for multiple security related applications in addition to providing accurate and appropriate information security consulting and incident response services to Fortune 500 companies and other leading organization. Omer currently manages Customer Success in EMEA and APAC at Demisto, the leading Security Orchestration, Automation and Response (SOAR) solution provider.

Imri Goldberg
An experienced technical entrepreneur, Imri has significant experience in development, architecture and security. Before joining Cymmetria as VP R&D, Imri was the founder & CTO of Desti, a travel startup that was acquired by Nokia-HERE in 2014. Today Imri serves as the CTO of Cymmetria, heading innovation and research and working on product and architecture. Cymmetria is the leading Cyber Deception vendor with its main product MazeRunner® used by Fortune 500 companies in multiple verticals including finance, insurance, health, government, retail, etc.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - Friday - 20:30-23:59


Title:
House of Kenzo

Come celebrate teh culture of DIY or die! The future has not been written yet so come and mingle with the authors of the time to come and celebrate creating a culture of global communication and culture. Live music and open minds will meet your ideas and help you trailblazer the next century.

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 13:30-13:50


House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries

Saturday at 13:30 in 101 Track, Flamingo
20 minutes | Demo, Exploit

Sanat Sharma Hacker

Regarding ptmalloc2, many heap exploitation techniques have been invented in the recent years, well documented on the famous how2heap repository, or as writeups of famous CTF challenges (like House of Orange). However, most of them require atleast a libc/heap leak , or fail in non-PIE binaries. My new technique titled House of Roman leverages a single bug to gain shell leaklessly on a PIE enabled Binary. I shall showcase the ease of aligning the heap to perform this attack, thus demonstrating its versatility.

Since this a 20 mins talk, attendees should be aware of basic heap exploitation techniques, like fastbin attacks and unsorted bin attacks, and have a general idea of how the ptmalloc2 algorithm works. As a bonus, I also discuss how to land a fastbin chunk in memory regions with no size alignment (like __free_hook ).

Sanat Sharma
Sanat (@romanking98) is a 19 y o Junior Security Engineer at GoRoot GmbH in Berlin, Germany. He regularly plays CTFs with "dcua" , globally ranked in the world top 10 teams on ctftime.org , qualified for multiple prestigious onsite finals, including an invitation for DEF CON China offline CTF.

@romanking98


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Friday - 10:40-11:10


How can industrial IioT be protected from the great unwashed masses of IoT devices

August 10, 2018 10:40 AM

IoT and IIot devices are more prevalent in homes and industry. When these two areas share the same space, malware could move from one domain to another. For example, smart meters used by an electric utility could be compromised by other smart devices in the home. How can an electric utility protect their industrial equipment and ensure that home based IoT devices stay in their place? Join us in a demonstration of techniques that could be used to cloak an electric meter from the wild west of commercial-off-the-shelf IoT devices

Speaker Information

Ken Keiser

Parsons

Ken Keiser is the Director of Operational Technology Cybersecurity at Parsons Corporation, focusing on critical infrastructure protection risk analysis, and mitigation in the transportation, oil &amp; Gas, water, steel, automotive, and chemical industries. He has over 30 years of industrial control system experience in distributed control systems with Bailey Controls, ABB, and Siemens. Most recently, Ken was the interim Chief Information Security Officer for Amtrak as part of a Parsons project. He holds a Certified Information Systems Security Professional certification as well as a Payment Card Industry Qualified Security Assessor certification. Ken holds a Bachelor of Science in Electrical Engineering from Drexel University, and a Bachelor of Business Administration from Temple University.

Ben Barenz

Parsons

Ben Barenz is a Systems Engineer at Parsons Corporation, focusing on critical asset protection and critical infrastructure protection. He has over 8 years of industry experience in critical asset protection under DoD contracts and has recently moved under critical infrastructure protection. Ben holds a Bachelors of Science in Electrical Engineering from the University of Nebraska and numerous industry related certifications. ​


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 13:00-13:59


Title:
How Compliance Affects the Surface Area of Cannabis POS

No description available
Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 14:50-15:40


How not to suck at Vulnerability Management [at Scale]

Friday at 14:50-15:40
50 minutes

@Plug and mwguy

In the current cyber landscape several vulnerabilities are discovered every day. The volume of information and multiple sources to consume this information create interesting challenges for any security team. In the recent months several organizations have been prey of bad actors, exposing private data of millions of users, many times from month old vulnerabilities.

Vulnerability management is often disregarded, improperly staffed and rarely discuss in the infosec community, yet is one of the single point of failures allowing for breaches to take place. Under this circumstance, are you prepared to deal with vulnerabilities accordingly?

In this talk, we’ll share our experiences dealing vulnerabilities at scale. What works, what does not and why. More importantly, what actions you should consider improving or build your Vulnerability program. In the process, we’ll introduce some of the custom tools created internally to automate and enhance the program.

Unlike most Vulnerability Management talks, this talk is about the hands-on portion and day-to- day activities that must take place. Whether you are a seasoned infosec professional or new to the field, there is something for you to take away, especially at scale.

@Plug
Plug is currently a Senior Security Analyst at Verizon Digital Media Services. He started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually that lead him to his first LA2600 meeting in 1998. From that point forward, he has been involved in computer security. With over 16 years of IT experience, he has worked as Systems Administrator, Security Analyst and Security Engineer in the Finance and Telecom sector. In his free time, he enjoys building Legos, playing with synthesizers and modular systems, when possible he volunteers his time to computer security events.

mwguy
Chris is currently a Senior Security Engineer at Verizon Digital Media Services (formerly EdgeCast). Started working with computers in High School, and having older slower computers quickly made the move to Linux and BSD's to improve performance. From then on, he's worked with *nix systems almost exclusively, and a couple of years ago made the switch from being a Systems Administrator to working exclusively in Security. When not working, Chris enjoys crypto-currencies, his dogs, and putting wacky stuff on various Raspberry Pis.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 10:30-10:59


Title:
How to Microdose Yourself

primer on microdosing yourself for fun and performance, from a nurse (though not medical advice)
Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 10:30-10:59


How to Tune Automation to Avoid False Positives

Gita Ziabari, Senior Consultant Engineer at Verizon

Every SOC is deluged by massive amounts of logs, suspect files, alerts and data that make it impossible to respond to everything. It is essential to deploy automation to accelerate response time, consistency, scalability and efficiency. This talk will cover techniques to design a reliable automated tool in security. We will discuss about techniques of tunning the automation to avoid false positives and the many struggles we have had in creating appropriate whitelists. We will walk through steps of creating an automated tool and the essential factors to be considered to avoid any false positive.

Gita Ziabari (Twitter: @gitaziabri) is working at as a Senior Consultant Engineer at Verizon. She has more than 14 years of experience in threat research, networking, testing and building automated tools. Her main focus is creating automated tools in cybersecurity for mining data.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Friday - 14:30-14:59


How We Cost Our Client £1.2M with 4 lines of code and less than 2 Hours ($2M)

August 10, 2018 2:30 PM

Hacking SCADA, or more commonly ICS is serious business - unlike other areas of offensive security one mistake can cost lives. Mike and Matt will present their ICS research which was carried out at one of the UKs top Industrial training facilities, walk through caveats, protocols and show some demos. They will also show how one can start researching industrial systems safely and cover what one needs to know to not get someone killed. They will also share the story and method behind how they cost a company £1.2M+ ($2M+) in lost earnings in under 5 seconds with only 4 lines of code. We will not be showing exploit code as we believe given what's at stake, it's highly irresponsible, but what we will do is give responsible researchers the knowledge they need to get involved and start helping to secure critical infrastructure. We’ll also show process, insight and what exploiting this kit actually means.

Speaker Information

Mike Godfrey

INSINIA

Mike Godfrey is a Network Specialist and Ethical Hacker with over 20 years experience in building and breaking computers. He has enjoyed a successful career in Information Technology, having qualified in Cisco CCNA (Network Associate) over 10 years ago and going on to work on some of the countries largest technological infrastructure. Mike is qualified and experienced in IT but is also a qualified Electro-technical / Electro-mechanical Engineer, specialising in hardware exploitation. Mike’s qualifications and experience have led to INSINIA becoming the only Gas Safe Registered Cyber Security Company in the UK, allowing it to test industrial process and building infrastructure in a unique way. Mike’s skills have also led to the design and production of a range of new products and services, including securing the hardware and fabric of buildings and identifying key vulnerabilities within the buildings “PowerLine” (230V circuit), which can allow an attacker to exfiltrate information undetected, as well as discovering vulnerabilities in key industrial gas systems and controls. Mike was the first ethical hacker to successfully hack Trend’s 963 BMS system back in 2006, the Sentry Safe with a magnet and a sock in 2014, the Philips Hue smart home system in 2017 and many more.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 15:50-16:10


How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - Ethan Dodge

It’s always been suspected that the Mormon Church is worth billions of dollars and has a sizable amount of investments in the United States stock market. However their finances are almost entirely opaque. In May 2018, MormonLeaks released a compilation of information connecting the dots between the Mormon Church and $32 billion.

It all started with WHOIS data and was further verified with almost entirely publicly available and open sources. Come hear the entire story in lightning style fashion.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 15:45-16:30



Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 09:30-09:59


Title:
http2 and you

security panda
@security_panda

http2 and you

"Although not commonly known, HTTP2 was first published in May 2015 as an update to HTTP 1.1. By the end of that year, the majority of major browsers added HTTP2 support; it is now being utilized all across the Internet. Sites such as Google, Twitter, Facebook, and perhaps even your companys site have HTTP2 enabled. If so, you probably do not realize you are using it. In fact, many Web Application Firewalls (WAFs) are not keeping pace with HTTP2 security needs and common AppSec testing tools such Burp, Zap, and other DAST products dont support HTTP2.

This talk will discuss the details of the presenters discovery process in identifying how many site hosts are utilizing HTTP2, and a sample of common vulnerabilities which were found on these sites. Attendees will come away with having a better understanding of the security implications of HTTP2 and how you can detect these potential pitfalls on your network using freely available tools."


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 16:55-17:45



Saturday August 11 2018 1655 50 mins
Hunting Predators: SE Style
It was just about 1 year ago that Chris announced the launching of The Innocent Lives Foundation. What has happened in the last year? What have we accomplished? What are our challenges? What is next in the future? This talk will help the community see what your support, money and love has done to save children and catch predators.

Chris Hadnagy: @humanhacker
Chris is a professional social engineer with over 16 years of experience. His passion is understanding the why not just the what. Chris has had the opportunity to work with some of the world’s greatest minds in learning how to use skills that might not be too common in the infused industry. You can find out more by looking at www.social-engineer.com


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 17:00-17:25


t0ddpar0dy

Bio

WiFi hobbyist, member of last year's 4th place team, former fed, curious engineer

@t0ddpar0dy

Hunting Rogue APs: Hard Lessons

Abstract

Given the challenge of locating a static Access Point this presentation highlights our strategy, pitfalls, and success.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 16:20-16:59


Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks

TonTon Huang

Blockchain and Cryptocurrencies are gaining unprecedented popularity and understanding. Meanwhile, Ethereum is gaining a significant popularity in the blockchain community, mainly due to the fact that it is designed in a way that enables developers to write decentralized applications (Dapps) and smart contract. This new paradigm of applications opens the door to many possibilities and opportunities. However, the security of Ethereum smart contracts has not received much attention; several Ethereum smart contracts malfunctioning have recently been reported. Unlike many previous works that have applied static and dynamic analyses to find bugs in smart contracts, we do not attempt to define and extract any features; instead we focus on reducing the expert’s labor costs. We first present a new in-depth analysis of potential attacks methodology and then translate the bytecode of solidity into RGB color code. After that, we transform them to a fixed-sized encoded imag​​e. Finally, the encoded image is fed to convolutional neural network (CNN) for automatic feature extraction and learning, detecting security flaw of Ethereum smart contract.

Hsien-De Huang (a.k.a. TonTon) is working for Leopard Mobile Inc. (Cheetah Mobile Taiwan Agency), and currently a Ph.D. candidate (IKM Lab.) in the Dept. Computer Science and Information Engineering at National Cheng Kung University, Tainan Taiwan. His research interests include Deep Learning, Blockchain, Malware Analysis, Type-2 Fuzzy Logic, and Ontology Applications, and gave talks at RuxCon 2017, OWASP AppSec USA 2017, Hadoop.TW annual conference 2016, TW CSA Summit 2016 and Hackers in Taiwan Conference (HITCON) 2015 & 2014.

Chia-Mu Yu received his Ph.D degree from National Taiwan University in 2012. He is currently an assistant professor at National Chung Hsing University, Taiwan. He was a research assistant in the Institute of Information Science, Academia Sinica. He was a visiting scholar at Harvard University, Imperial College London, Waseda University, and University of Padova. He was a postdoc researcher at IBM Thomas J. Watson Research Center. He serves as an associate editor of IEEE Access and Security and Communication Networks. His research interests include cloud storage security, IoT security, and differential privacy.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 18:00-18:35


I fought the law and law lost - Mauro Caseres

“I fought the law and the law lost” is a series of talks that aims to collect vulnerabilities in the field of Argentine Security forces. This chapter focuses on both Federal and Buenos Aires City Police, which according to the Head of Government Horacio Rodr√≠guez Larreta, has the ““most modern technology in the world””.

We will analyze four particular cases (two on the lightning talk version), all of them ending in national scandals:

But we’ll do it having in mind a special requirement: passive action. We’ll use Recon & OSINT at it’s best in order to reconstruct how the leaks were carried from start to end. A police chief using his daughter’s name as a password? A Police CIO using his own National ID Number as recovery question? Public databases exposing too much information? Reused passwords across every site on the internet? Sure, but it’s not the worst. We’ll use hand crafted DIY tools and without compromising a single system, reveal a lot of bugs and vulns. This talk is heavily focused on obtaining OSINT from public sources (specially in countries with weak or ambiguous laws, like Argentina)

This talk aims to demonstrate various flaws with a critical, technical and impartial approach to bring to the public a prevailing reality: First, argentine law allows a lot of compromising data to be used as ““public”” (thus leaving the place for OSINT based attacks to occur), and second… we are not safe against computer threats, and those who take care of us, neither are.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 17:00-17:45


I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine

Friday at 17:00 in Track 1
45 minutes | Demo, Audience Participation, Tool

Alex Levinson Senior Security Engineer

Dan Borges Hacker

Typically, the activities of a malware attack occur on an execution timeline that generally consists of 3 segments—the vector, the stage, and the persistence. First, a vector, or method of exploitation is identified. This could be anything from logging in over a credentialed method like RDP or SSH and running a malicious payload directly, to exploiting a memory corruption vulnerability remotely. Second, that access is leveraged into running malicious code that prepares the victim for the deployment of persistence (commonly "implant"). While segments one and three have been extensively automated, a effective automated utility for deploying persistence in a dynamic and unified context has yet to present itself.

Enter the Genesis Scripting Engine.

The Genesis Scripting Engine, or Gscript for short, is a framework for building multi-tenant executors for several implants in a stager. The engine works by embedding runtime logic (powered by the V8 Javascript Virtual Machine) for each persistence technique. This logic gets run at deploy time on the victim machine, in parallel for every implant contained with the stager. The Gscript engine leverages the multi-platform support of Golang to produce final stage one binaries for Windows, Mac, and Linux.

This talk will consist of an overview of the origins of the project, a technical deep dive into the inner workings including the modified Javascript VM, a walk through of the CLI utility, and examples of how we've leveraged Gscript in the real world.

Multiple demos involving practical application scenarios will be presented, as well as an opportunity for audience members to submit their own implants and have them built into a hydra on stage in a matter of minutes.

Alex Levinson
Alex Levinson is a Senior Security Engineer at Uber with experience in red teaming, software engineering, and incident response. Outside of Uber, he is a core member of the red team for the National Collegiate Cyber Defense Competition (CCDC), as well as the Competition Director for the Collegiate Penetration Testing Competition (CPTC). Previously, Alex worked as a Senior Consultant and Development Manager at Lares Consulting.

@alexlevinson, github.com/gen0cide, alexlevinson.wordpress.com

Dan Borges
Dan Borges is an information security professional with over 15 years in computer science. Dan participates in a number of cyber security competitions each year, from being on the National CCDC Red Team, to leading a Blue Team in Pros Versus Joes, and helping run the Collegiate Penetration Testing Competition (CPTC). He has been publishing a blog on infosec education for more than 10 years.

@1jection


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 16:45-17:30



Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 13:20-13:59


Identifying and correlating anomalies in Internet-wide scan traffic to newsworthy security events

Andrew Morris

In this presentation, we will discuss using GreyNoise, a geographically and logically distributed system of passive Internet scan traffic collector nodes, to identify statistical anomalies in global opportunistic Internet scan traffic and correlate these anomalies with publicly disclosed vulnerabilities, large-scale DDoS attacks, and other newsworthy events. We will discuss establishing (and identifying any deviations away from) a “standard” baseline of Internet scan traffic. We will discuss successes and failures of different methods employed over the past six months. We will explore open questions and future work on automated anomaly detection of Internet scan traffic. Finally, we will provide raw data and a challenge as an exercise to the attendees.

Andrew Morris is the founder and CEO of GreyNoise Intelligence, a DC-based cyber security company, and likely holds the world record for amount of time staring at Internet-wide scan traffic. Prior to founding GreyNoise, Andrew worked as a researcher, red team operator, and consultant for several large cyber security firms including Endgame, NCC group, and KCG. Outside of work, Andrew enjoys playing fingerstyle acoustic guitar and tries to figure out what his dreams mean.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Sunday - 12:00-13:00


Title:
Implementing a Library for Pairing-based Transform Cryptography

12:00pm

Implementing a Library for Pairing-based Transform Cryptography
When
Sun, August 12, 12pm 1pm
Description
Speakers
-------
Bob Wall
Colt Frederickson

Abstract
--------
We will present background on transform cryptography, also known as proxy re-encryption, We start with an overview of elliptic curves over finite fields and pairings using bilinear maps and discuss how they can be used to implement cryptographic primitives. We next describe the idea of transform cryptography and enumerate desirable properties of transform cryptography schemes, then examine in more detail a specific multi-hop transform encryption scheme.

We will then describe how we implemented a library to provide the primitives required for that multi-hop transform encryption scheme. Finally, we discuss the security implications of recent advances in evaluating discrete logarithms using the special number field sieve, and why that led us to increase the key length of the scheme from 256 bits to 480 bits.

Bio
-----------------
Bob: Co-founder & CTO of IronCore Labs, a startup focused on building products to help app developers build strong security into their offerings.

Colt: Senior software engineer at IronCore Labs. Functional programming guru with a strong background in big data.

Twitter handle of presenter(s)
------------------------------
@bithead_bob, @coltfred

Website of presenter(s) or content
----------------------------------
https://github.com/IronCoreLabs/recrypt, http://ironcorelabs.com

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 13:00-13:30


In Soviet Russia Smartcard Hacks You

Saturday at 13:00 in Track 1
20 minutes | Demo, Tool, Exploit

Eric Sesterhenn Principal Security Consultant at X41, D-Sec GmbH

The classic spy movie hacking sequence: The spy inserts a magic smartcard provided by the agency technicians into the enemy's computer, ...the screen unlocks... What we all laughed about is possible!

Smartcards are secure and trustworthy. This is the idea smartcard driver developers have in mind when developing drivers and smartcard software. The work presented in this talk not only challenges, but crushes this assumption by attacking smartcard drivers using malicious smartcards.

A fuzzing framework for *nix and Windows is presented along with some interesting bugs found by auditing and fuzzing smartcard drivers and middleware. Among them classic stack and heap buffer overflows, double frees, but also a replay attack against smartcard authentication.

Since smartcards are used in the authentication process, a lot of vulnerabilities can be triggered by an unauthenticated user, in code running with high privileges. During the authors research, bugs were discovered in OpenSC (EPass, PIV, OpenPGP, CAC, Cryptoflex,...), YubiKey drivers, pam_p11, pam_pkc11, Apple smartcardservices...

Eric Sesterhenn
Eric Sesterhenn is working as an IT Security consultant for more than 15 years, working mostly in the areas of source code auditing and penetration testing. His experience in the field includes:


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 17:50-18:40



Friday August 10 2018 1750 50 mins

In-N-Out – That’s What It’s All About
Without the right tools the engagement can be over before it begins, as upfront resistance can prevent you from entering with your tools. Billy Boatright demonstrates and discusses how to use social engineering tactics to get in without any difficulty. While most think outside of the box, Billy shows us how to think inside the box and embrace your own handicaps to arm yourself with advanced tactics and unfair advantages. Billy shows us how handicaps and familiar objects can be used to covertly carry your toolbox into an engagement, increasing your success. Rather than dealing with a perceived disadvantage, use it to exploit the world around you.

Billy Boatright: @fuzzy_l0gic
Billy began his social engineering career without even knowing it. He was a bartender on the Las Vegas Strip for the better part of a decade. He won numerous awards from all over the world as a Top-ranked Flair Bartender. He has taken the skills he learned behind the bar to the Information Security world. Billy has been a Judge for the Social Engineering Capture the Flag event at Def Con. He is also the namesake for the BSides Las Vegas Social Engineering Capture the Flag Championship Belt. Billy also volunteers time and expertise to the Las Vegas ISSA Chapter as a Board Member. He is also a member of the BSides Las Vegas Senior Staff.

Billy has multiple degrees and numerous certifications. However, when asked about them he will gladly quote George Moriarty, “The shining trophies on our shelves can never win tomorrow’s game.”


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 13:30-14:15


Infecting The Embedded Supply Chain

Saturday at 13:30 in Track 3
45 minutes | Demo, Exploit

Zach Security Researcher at Somerset Recon

Alex Security Researcher at Somerset Recon

With a surge in the production of internet of things (IoT) devices, embedded development tools are becoming commonplace and the software they run on is often trusted to run in escalated modes. However, some of the embedded development tools on the market contain serious vulnerabilities that put users at risk. In this talk we discuss the various attack vectors that these embedded development tools expose users to, and why users should not blindly trust their tools. This talk will detail a variety reverse engineering, fuzzing, exploit development and protocol analysis techniques that we used to analyze and exploit the security of a common embedded debugger.

Zach
Zach is a security researcher with Somerset Recon, a security consulting firm in San Diego. In this role he focuses on reverse engineering and web application penetration testing. In his free time Zach loves reading and long walks through the PE file format. Prior to working at Somerset Recon, Zach was a goat farmer in Maryland.

Alex
Alex is a security researcher with Somerset Recon, a security consulting firm in San Diego. In this role he focuses on hardware security and reverse engineering.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 16:00-16:45


Inside the Fake Science Factory

Saturday at 16:00 in Track 3
45 minutes |

Dr Cindy Poppins - Computer Scientist (AKA Svea Eckert)

Dr Dade Murphy - Reformed Hacker (AKA Suggy)

Professor Dr Edgar Munchhausen – Struwwelpeter Fellow (AKA Till Krause)

Fake News has got a sidekick and it's called Fake Science. This talk presents the findings and methodology from a team of investigative journalists, hackers and data scientists who delved into the parallel universe of fraudulent pseudo-academic conferences and journals; Fake science factories, twilight companies whose sole purpose is to give studies an air of scientific credibility while cashing in on millions of dollars in the process. Until recently, these fake science factories have remained relatively under the radar, with few outside of academia aware of their presence; but the highly profitable industry is growing significantly and with it, so are the implications. To the public, fake science is indistinguishable from legitimate science, which is facing similar accusations itself. Our findings highlight the prevalence of the pseudo-academic conferences, journals and publications and the damage they can and are doing to society.

Svea Eckert
Svea is a freelance journalist for Germany’s main public service broadcaster “Das Erste” (ARD). She is researching and reporting investigative issues with main focus on new technology, computer and network security, digital economics and data protection. Svea’s academic alter ego is Dr Cindy Poppins, a well-known computer scientist from the University of Applied Sciences of Lower Saxony at Wiepenkathen, Germany. Dr Poppin’s main focus lies on novel solutions for the analysis of agents. She recently discovered COP, an algorithm which improves compact technology and suffix trees, winning her the best presentation award at an international conference.

@sveckert

Chris "Suggy" Sumner
Suggy is the lead researcher and co-founder of the not-for-profit Online Privacy Foundation, who contribute to the field of psychological research in online contexts. He has authored papers and spoken on this topic at DEF CON, other noteworthy conferences and a fake conference. For the past five years, Suggy has served as a member of the DEF CON CFP review board. Suggy’s academic alter ego is Dr Dade Murphy, a reformed hacker whose eagerly anticipated work on polymorphic machine learning defences for Gibson mainframe computers was recently accepted at an international cyber security conference.

@5uggy

Till Krause
Till is an editor and investigative reporter at Süddeutsche Zeitung Magazine, the supplement of Germany’s major broadsheet newspaper. Ever since he studied Electronic Communication Arts as a Fulbright Scholar in the Bay Area in 2005, he is interested in all things tech, writing about surveillance, data protection and cybercrime. Till’s academic alter ego is Professor Dr. Edgar Munchhausen, a Struwwelpeter Fellow for Applied Sciences at various universities in Europe and Asia and a renowned researcher who has published his research in countless peer-reviewed journals. He holds a PhD from the University of Wiepenkathen and is a laureate of the Horst Schimanski Award and CEO of IOIR, the Institute of International Research.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 18:00-18:30


Title: Instructions and invitations to party

Speakers: Cinnamonflower and pwrcycle

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Sunday - 13:00-14:00


Title:
Integrating post-quantum crypto into real-life applications

1:00pm

Integrating post-quantum crypto into real-life applications
When
Sun, August 12, 1pm 2pm
Description
Speaker
------
Christian Paquin

Abstract
--------
Quantum computers pose a grave threat to the public-key cryptography we use today. Many quantum-safe alternatives have been proposed to alleviate this problem. None of these, however, provide a perfect replacement for our conventional algorithms. Indeed, they either result in increased bandwidth, bigger keys, and/or slower runtime, thus greatly impacting their integration into crypto applications.

In this talk, Ill give an overview of the emerging post-quantum cryptography (PQC) schemes. Ill then present the lessons we have learned from our prototype integrations into real-life protocols and applications (such as TLS, SSH, and VPN), and our experiments on a variety of devices, ranging from IoT devices, to cloud servers, to HSMs. Ill discuss the Open Quantum Safe project for PQC development, and related open-source forks of OpenSSL, OpenSSH, and OpenVPN that can be used to experiment with PQC today. Ill present a demo of a full (key exchange + authentication) PQC TLS 1.3 connection.

This work sheds lights on the practicality of PQC, encouraging early adoption and experimentation by the security community.

Bio
-----------------
I am a crypto specialist in MSRs Security and Cryptography team [1]. Im currently involved in projects related to post-quantum cryptography, such as the Open Quantum Safe project [2], and leading the development of the U-Prove technology [3]. Im also interested in privacy-enhancing technologies, smart cloud encryption (e.g., searchable and homomorphic encryption), and the intersection of AI and security.

Prior to joining Microsoft in 2008, I was the Chief Security Engineer at Credentica, a crypto developer at Silanis Technology working on digital signature systems, and a security engineer at Zero-Knowledge Systems working on TOR-like systems.

[1] https://www.microsoft.com/en-us/research/group/security-and-cryptography/
[2] https://github.com/open-quantum-safe
[3] https://microsoft.com/uprove

Twitter handle of presenter(s)
------------------------------
chpaquin

Website of presenter(s) or content
----------------------------------
https://www.microsoft.com/en-us/research/people/cpaquin/

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 13:00-13:20


IntelliAV: Building an Effective On-Device Android Malware Detector

Mansour Ahmadi

“ The importance of employing machine learning for malware detection has become explicit to the security community. Several anti-malware vendors have claimed and advertised the application of machine learning in their products in which the inference phase is performed on servers and high-performance machines, but the feasibility of such approaches on mobile devices with limited computational resources has not yet been assessed by the research community, vendors still being skeptical. In this presentation, we aim to show the practicality of devising a learning-based anti-malware on Android mobile devices, first. Furthermore, we aim to demonstrate the significance of such a tool to cease new and evasive malware that can not easily be caught by signature-based or offline learning-based security tools. To this end, we first propose the extraction of a set of lightweight yet powerful features from Android applications. Then, we embed these features in a vector space to build an effective as well as efficient model. Hence, the model can perform the inference on the device for detecting potentially harmful applications. We show that without resorting to any signatures and relying only on a training phase involving a reasonable set of samples, the proposed system, named IntelliAV, provides more satisfying performances than the popular major anti-malware products. Moreover, we evaluate the robustness of IntelliAV against common obfuscation techniques where most of the anti-malware solutions get affected.”

I am a postdoctoral Research Associate at the Northeastern University. I achieved my Ph.D. from the University of Cagliari. I am co-author of more than 10 research papers mostly about the application of machine learning for malware classification. Two of my works received awards from Kaspersky, and the Anti-Virus I developed received media coverage.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Saturday - 14:00-15:59


Intense Introduction to Modern Web Application Hacking

This course starts with an introduction to modern web applications and immediately starts diving directly into the mapping and discovery phase of testing. In this course, you will learn new methodologies used and adopted by many penetration testers and ethical hackers. This is a hands-on training where will use various open source tools and learn how to exploit SQL injection, command injection, cross-site scripting (XSS), XML External Entity (XXE), and cross-site request forgery (CSRF). We will wrap up our two hour fast-paced course by unleashing students on a vulnerable web application with their newly found skills.

Omar Santos (Twitter: @santosomar) is a Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco's Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products, including cloud services. Omar has been working with information technology and cyber security since the mid-1990s. Omar has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the U.S. government. Prior to his current role, he was a Technical Leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.

Ron Taylor (Twitter: @Gu5G0rman) has been in the Information Security field for almost 20 years. Ten of those years were spent in consulting. In 2008, he joined the Cisco Global Certification Team as an SME in Information Assurance. In 2012, he moved into a position with the Security Research & Operations group, where his focus was mostly on penetration testing of Cisco products and services. He was also involved in developing and presenting security training to internal development and test teams globally. Additionally, he provided consulting support to many product teams as an SME on product security testing. He then spent some time as a Consulting Systems Engineer specializing in Cisco's security product line. His current role is working within the Cisco Product Security Incident Response Team (PSIRT). He has held a number of industry certifications including GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP, and MCSE. Ron is also a Cisco Security Blackbelt, SANS mentor, Cofounder and President of the Raleigh BSides Security Conference, and an active member of the Packet Hacking Village team at DEF CON.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 14:30-15:15



Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 10:15-10:59



Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 18:00-18:59


INTRO TO DATA MASTERCLASS: Graphs & Anomalies

No description available


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 18:00-18:59


INTRO TO DATA MASTERCLASS: Tour-de-ML

No description available


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 16:50-17:20


Introducing YOGA: Your OSINT Graphical Analyzer - Micah Hoffman

“If you have ever performed reconnaissance on a target or conducted an OSINT investigation you know that there are a huge number of places to gather OSINT data. One of the biggest challenges is in taking the next steps with that data once you have it. How do you take what you have and transform use it to get more? For instance, if you found email addresses, where do you search to find other data about those accounts? We have excellent resources such as [http://osintframework.com)[http://osintframework.com] and https://bit.ly/technisette that are huge lists of well-organized bookmarks which can be overwhelming. That is why I created YOGA.

Your OSINT Graphical Analyzer (YOGA) seeks to answer that most-common of data-gathering questions, “What do I do now?” It is designed to help when you have one type of data and need to know different actions you can take to get more data. Come to this session and learn how you and your team can use and extend this online tool in your work.”


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Thursday - 14:30-18:30


Introduction to Cryptographic Attacks

Thursday, 1430-1830 in Icon B

Matt Cheung

Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap.

Prerequisites: Students should have experience with Python development and comfortable with mathematics such as modular arithmetic.

Materials: A laptop with VMWare or VirtualBox installed and capable of running a VM.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/introduction-to-cryptographic-attacks-icon-b-tickets-47086369599
(Opens July 8, 2018 at 15:00 PDT)

Matt Cheung
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given talks and workshops at the Boston Application Security Conference and the DEF CON Crypto and Privacy Village.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 16:00-16:55


Eric Reuter

Bio

"Eric enjoys photographing trains and hardware/RF hacking. The natural overlap of these interests is the exploration of ways to use RF to find trains in the wild. By day, he is an Associate Professor at a Berklee College of Music, where he teaches acoustics and electronics, and runs an acoustical consulting firm in Portsmouth, NH. Eric holds an Amateur Extra license.

@EricReuter

Introduction to Railroad Telemetry

Abstract

North American railroads use several wireless systems for remote control, monitoring, and tracking of locomotives, railcars, signals, and other equipment. This talk will provide an overview of the systems in use, an in-depth look of two of them: The end-of-train (EOT) device contributed to the demise of the caboose 35 years ago, taking over one of its primary functions: monitoring brake pipe pressure. The EOT transmits pressure, its unique ID, and other data, encoded into AFSK packets, to a corresponding head-of-train (HOT) device in the locomotive. A secondary function is venting the line in an emergency braking event, under command of the HOT. BCH error correction is employed for reliability, but there are inherent security flaws. A SDR/GNU Radio/Python workflow for decoding and verifying packets will be demonstrated. Attempts at automatically identifying passing railcars were largely unsuccessful until the introduction of the Automatic Equipment Identification (AEI) system in the early 90s. This 900 MHz RFID system consists of passive tags on each locomotive and car and wayside readers at rail yard entrances and other locations of interest. The author's day job in environmental noise consulting led to a study of the feasibility of using AEI for rail noise studies. It had to be reverse-engineered first, of course. Using a repurposed commercial reader, Raspberry Pi, and cellular modem, a remote monitoring system gathered tag date for 5 weeks. Details of the protocol and monitoring system will be presented, along with video demonstrations.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


ioc2rpz

Saturday 08/11/18 from 1400-1550 at Table Three
Defence/Network security

Vadim Pavlov

DNS is the control plane of the Internet. Usually DNS is used for good but:

ioc2rpz is a custom DNS server which automatically converts indicators (e.g. malicious FQDNs, IPs) from various sources into RPZ feeds and automatically maintains/updates them. The feeds can be distributed to any open source and/or commercial DNS servers which support RPZ, e.g. ISC Bind, PowerDNS. You can run your own DNS server with RPZ filtering on a router, desktop, server and even Arduino. System memory is the only limitation.

With ioc2rpz you can define your own feeds, actions and prevent undesired communications.

https://github.com/Homas/ioc2rpz

Vadim Pavlov
Vadim Pavlov is passionate about traveling, learning foreign and programming languages, writing scripts/software, integrating solutions, interacting with colleagues and customers to solve complex problems. As a truly lazy person Vadim wants to automate all routine.

Vadim has 15+ years of IT experience and last 5 years Vadim spent at Infoblox and became an expert in DNS and DNS Security: did researches, wrote articles, created custom DNS servers, Infoblox's DNS Data Exfiltration(Infiltration) Demo and Security Assessments portals, created integrations with security solutions. He achieved a masters degree with honors in Computer Science (Software Development) from Russia.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 17:00-17:59


IoT Data Exfiltration

Mike Raggo, CSO of 802 Secure, Inc.
Chet Hosmer, Owner of Python Forensics

IoT offers new protocols and frequencies over which communication travels. Due to lack of familiarity amongst most enterprises, most organizations are ill-equipped to monitor or detect these mysterious channels. This introduces a plethora of covert channels by which data could be exfiltrated, or malware to be infiltrated into the network. In this session we explore this new frontier by focusing on new methods of IoT protocol exploitation by revealing research conducted over the last 2 years. Detailed examples will be provided, as well as demo of a python tool for exploiting unused portions of protocol fields. From our research, we'll also reveal new methods of detecting aberrant behavior emanating to/from these devices gathered from our lab and real world testing.

Mike Raggo (Twitter: @DataHiding) is Chief Security Officer at 802 Secure and has over 20 years of security research experience. His current focus is wireless IoT threats impacting the enterprise. Michael is the author of "Mobile Data Loss: Threats & Countermeasures" and "Data Hiding" for Syngress Books, and contributing author for "Information Security the Complete Reference 2nd Edition". A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, DoD Cyber Crime, OWASP, HackCon, and SANS.

Chet Hosmer is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 11:30-11:59



Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Off-site party, Register and receive adddress from IOT VIllage - Saturday - 21:00-25:59


Title:
IoT Village Manson Party

Come party with the Defcon IoT Village organizers! If you enjoy mansions, pools, water slides, waterfall caves, food, and practically unlimited drinks, this is the place to be. Additional excitement to come as well.

To receive the address, please register a waitlist ticket and visit the Defcon IoT Village:

Promenade Level, rooms Verona, Turin, and Trevi
Come between 10am-6pm Friday and Saturday to reserve a spot
Spots are limited so hurry!

More Info: https://www.eventbrite.com/e/iot-village-mansion-party-tickets-48041961801

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 10:00-10:45


It WISN't me, attacking industrial wireless mesh networks

Saturday at 10:00 in Track 1
45 minutes | Demo

Erwin Paternotte Lead security consultant at Nixu

Mattijs van Ommeren principal security consultant at Nixu

Wireless sensor networks are commonly thought of as IoT devices communicating using familiar short-range wireless protocols like Zigbee, MiWi, Thread and OpenWSN. A lesser known fact is that about a decade ago, two industrial wireless protocols (WirelessHART and ISA100.11a) have been designed for industrial applications, which are based on the common IEEE 802.15.4 RF standard. These Wireless Industrial Sensor Networks (WISN) are used in process field device networks to monitor temperature, pressure, levels, flow or vibrations. The petrochemical industry uses WISN in oil and gas fields and plants around the world.

Both IEC ratified standards have been commonly praised by the ICS industry for their security features, including strong encryption on multiple layers within the protocol stack, resistance to RF interference, and replay protection. While the standards in general look safe on paper, there are potential interesting attack vectors that require verification. However, security research so far has not yielded any significant results beyond basic attack vectors. Often these attacks have only been theorized, and not (publically) demonstrated. In addition, vendor implementations have not been thoroughly tested for security by independent third parties, due to protocol complexity and the lack of proper (hardware/software) tools. We strongly believe in Wright's principle,"Security does not improve until practical tools for exploration of the attack surface are made available."

Erwin Paternotte
Erwin works as a lead security consultant at Nixu Benelux. He has 15 years experience conducting penetration tests and security assessments on a wide variety of systems and technology. In the recent years his focus is shifting towards more advanced tests like red teaming, embedded systems, ICS/SCADA, and telco systems. Within Nixu he is also the practice lead for penetration and security testing.

Mattijs van Ommeren
Mattijs leads the Red Teaming and Hardware Testing team at Nixu Benelux. He has spent most of his career as an information security consultant, both on the offensive as well as the defensive side. Mattijs has a special interest in process automation and industrial systems. Over the years he has discovered numerous vulnerabilities in RTUs, process controllers, industrial firewalls and other equipment. Industrial sensor networks currently have most of his focus, as this is still mainly unexplored terrain.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 12:00-12:45


It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit

Friday at 12:00 in 101 Track, Flamingo
45 minutes | Demo

Morgan ``indrora'' Gangwere Hacker

With the proliferation of Linux-based SoCs -- you've likely got one or two in your house, on your person or in your pocket -- it is often useful to look "under the hood" at what is running; Additionally, in-situ debugging may be unavailable due to read-only filesystems, memory is often limited, and other factors keep us from attacking a live device. This talk looks at attacking binaries outside their native environment using QEMU, the Quick Emulator, as well as techniques for extracting relevant content from devices and exploring them.

Morgan ``indrora'' Gangwere
Morgan is a student at the University of New Mexico where he studies an unrelated topic entirely, but does network security because it's interesting. Previously, he's spoken on subjects such as web proxies, community engagement, and typesetting. He started working with computers when he was a young child and hasn't given them up since, even if his wrists seem to disagree.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 17:00-17:55


It's not wifi: Stories in Wireless Reverse Engineering

No description available


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 14:00-14:30


It’s a Beautiful Day in the Malware Neighborhood

Matt

“Malware similarity analysis compares and identifies samples with shared static or behavioral characteristics. Identification of similar malware samples provides analysts with more context during triage and malware analysis. Most domain approaches to malware similarity have focused on fuzzy hashing, locality sensitivity hashing, and other approximate matching methods that index a malware corpus on structural features and raw bytes. Ssdeep or sdhash are often utilized for similarity comparison despite known weaknesses and limitations. Signatures and IOCs are generated from static and dynamic analysis to capture features and matched against unknown samples. Incident management systems (RTIR, FIR) store contextual features, e.g. environment, device, and user metadata, which are used to catalog specific sample groups observed.

In the data mining and machine learning communities, the nearest neighbor search (NN) task takes an input query represented as a feature vector and returns the k nearest neighbors in an index according to some distance metric. Feature engineering is used to extract, represent, and select the most distinguishing features of malware samples as a feature vector. Similarity between samples is defined as the inverse of a distance metric and used to find the neighborhood of a query vector. Historically, tree-based approaches have worked for splitting dense vectors into partitions but are limited to problems with low dimensionality. Locality sensitivity hashing attempts to map similar vectors into the same hash bucket. More recent advances make the use of k-nearest neighbor graphs that iteratively navigate between neighboring vertexes representing the samples.

The NN methods reviewed in this talk are evaluated using standard performance metrics and several malware datasets. Optimized ssdeep and selected NN methods are implemented in Rogers, an open source malware similarity tool, that allows analysts to process local samples and run queries for comparison of NN methods. “

Matt Maisel is a data scientist passionate about the intersection of machine learning, software engineering, and computer security domains. He’s currently the manager of Security Data Science at Cylance. Matt recently architected a scalable malware analysis and modeling service used to process customer malware detections. He’s worked in several organization within Cylance including research engineering as a software architect and consulting as the technical director of the incident response practice. Matt holds a M.S. in Computer Science with a focus in machine learning and distributed systems from Johns Hopkins University.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 11:00-11:45


Jailbreaking the 3DS through 7 years of hardening

Saturday at 11:00 in Track 3
45 minutes | Demo, Exploit

smea Hacker

The 3DS was one of Nintendo's first serious attempts at security, featuring a cool microkernel based OS and actual exploit mitigations. That didn't stop it from getting hacked pretty hard, making it possible for people to write their own homebrew software for the console. But Nintendo isn't one to back off from a fight and, as a result, has put significant effort into not only fixing vulnerabilities but also introducing new security features targeted specifically at killing exploit techniques used by hackers. This talk will describe hacking the console through all these defensive features by walking through a 0-day exploit chain that takes us all the way from zero access to a full