Talk/Event Schedule


Saturday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Saturday - 06:00


Return to Index  -  Locations Legend
Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Defcon 26 4X5K run -

 

Saturday - 09:00


Return to Index  -  Locations Legend
PHW - Caesars Promenade Level - Neopolitan BR - (09:30-13:30) - Kali Dojo Workshop - Johnny Long
SKY - Flamingo 3rd Flr - Virginia City Rm - What happened behind the closed doors at MS - Dimitri
SKY - Flamingo 3rd Flr - Virginia City Rm - (09:30-09:59) - http2 and you - security panda

 

Saturday - 10:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - The current state of adversarial machine learning - infosecanon
AIV - Caesars Promenade Level - Florentine BR 3 - (10:20-10:40) - Chatting with your programs to find vulnerabilities - Chris Gardner
AIV - Caesars Promenade Level - Florentine BR 3 - (10:40-11:20) - The great power of AI: Algorithmic mirrors of society - Aylin Caliskan
BCOS - Caesars Promenade Level - Pompeian BR 1 - BCOS keynote speech - Philip Martin (VP Security, COINBASE)
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - WELCOME TO DAY 2 of BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (10:15-10:15) - WaterBot - Hackable Scientific Plant Bot - BiaSciLab
Contest - Contest Stage - D(Struction)20 CTF -
CPV - Caesars Promenade Level - Milano BR 1,2 - (10:30-11:30) - Cloud Encryption: How to not suck at securing your encryption keys - Marie Fromm
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems - Jos Wetzels, Marina Krotofil
DC - Track 1 - Caesars Emperor's Level - Palace BR - It WISN't me, attacking industrial wireless mesh networks - Erwin Paternotte, Mattijs van Ommeren
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - You're just complaining because you're guilty: A DEF CON Guide to Adversarial Testing of Software Used In the Criminal Justice System - Dr. Jeanna N. Matthews:, Nathan Adams, Jerome Greco
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts - Zhenxuan Bai, Yuwei Zheng, Senhua Wang, Kunzhe Chai
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - #WiFiCactus - Mike Spicer
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Archery—Open Source Vulnerability Assessment and Management - Anand Tiwari
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - firstorder - Utku Sen, Gozde Sinturk
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Orthrus - Nick Sayer
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Local Sheriff - Konark Modi
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Halcyon IDE - Sanoop Thomas
HHV - Caesars Pool Level - Forum 17-21 - Hacking your HackRF - Mike Davis
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Securing Critical Infrastructure through Side-Channel Monitoring - James Harris, Carlos Aguayo
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (10:40-11:10) - Analyzing VPNFilter's Modbus Module - Patrick DeSantis, Carlos Pacho
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (10:15-10:59) - FPGA’s: a new attack surface for embedded adversaries. - John Dunlap @JohnDunlap2
PHV - Caesars Promenade Level - Neopolitan BR - Ducky-in-the-Middle: Injecting Keystrokes into Plaintext Protocols - Esteban Rodriguez
PHV - Caesars Promenade Level - Neopolitan BR - (10:30-10:59) - How to Tune Automation to Avoid False Positives - Gita Ziabari
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
RCV - Caesars Promenade Level - Florentine BR 1,2 - Building visualisation platforms for OSINT data using open source solutions - Bharath Kumar / Madhu
SKY - Flamingo 3rd Flr - Virginia City Rm - Don't Bring Me Down: Weaponizing botnets - @3ncr1pted
WS - Linq 4th Flr - Icon A - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - Decentralized Hacker Net - Eijah

 

Saturday - 11:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(10:40-11:20) - The great power of AI: Algorithmic mirrors of society - Aylin Caliskan
AIV - Caesars Promenade Level - Florentine BR 3 - (11:20-11:40) - DeepPhish: Simulating the Malicious Use of AI - Ivan Torroledo
BCOS - Caesars Promenade Level - Pompeian BR 1 - Prize winners, awards, and announcements - midipoet and MSvB
BCOS - Caesars Promenade Level - Pompeian BR 1 - (11:30-11:59) - Monero's Emerging Applications - Fluffy Pony
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(10:00-11:15) - WELCOME TO DAY 2 of BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (11:15-11:59) - Technology Enabled Prosthetic Environments - Gerry Scott
Contest - Contest Stage - cont...(10:00-11:59) - D(Struction)20 CTF -
CPV - Caesars Promenade Level - Milano BR 1,2 - cont...(10:30-11:30) - Cloud Encryption: How to not suck at securing your encryption keys - Marie Fromm
CPV - Caesars Promenade Level - Milano BR 1,2 - (11:30-12:00) - Green Locks for You and Me - Wendy Knox Everette
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Hacking PLCs and Causing Havoc on Critical Infrastructures - Thiago Alves
DC - Track 1 - Caesars Emperor's Level - Palace BR - Exploiting Active Directory Administrator Insecurities - Sean Metcalf
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Compression Oracle Attacks on VPN Networks - Nafeez
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Jailbreaking the 3DS through 7 years of hardening - smea
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - #WiFiCactus - Mike Spicer
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Archery—Open Source Vulnerability Assessment and Management - Anand Tiwari
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - firstorder - Utku Sen, Gozde Sinturk
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Orthrus - Nick Sayer
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Local Sheriff - Konark Modi
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Halcyon IDE - Sanoop Thomas
EHV - Caesars Promenade Level - Modena Rm - Ethics of Technology in Humanitarian and Disaster Response - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - Disabling Intel ME in Firmware - Brian Milliron
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(10:40-11:10) - Analyzing VPNFilter's Modbus Module - Patrick DeSantis, Carlos Pacho
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (11:15-11:59) - Your Smart Scale is Leaking More than Your Weight - Erez Yalon @ErezYalon
PHV - Caesars Promenade Level - Neopolitan BR - wpa-sec: The Largest Online WPA Handshake Database - Alex Stanev
PHV - Caesars Promenade Level - Neopolitan BR - (11:30-11:59) - Capturing in Hard to Reach Places - Silas Cutler
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
PPV - Flamingo Lower Level - Valley Of Fire Rms - The Cantankerous Cannabis Cryptocurrency Kerfuffle - Octet In Triplicate
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(10:00-11:59) - Building visualisation platforms for OSINT data using open source solutions - Bharath Kumar / Madhu
SKY - Flamingo 3rd Flr - Virginia City Rm - The Abyss is Waving Back - Sidragon
WLV - Caesars Promenade Level - Milano BR 5,6 - Learning to Listen: Machine Learning for Adaptive Wireless Adversary Detection - John Dunlap
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Decentralized Hacker Net - Eijah

 

Saturday - 12:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - We Program Our Stinkin Badges! - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - No Firewall Can Save You At The Intersection Of Genetics and Privacy - Almost Human
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (12:45-13:30) - Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders. - siDragon
CPV - Caesars Promenade Level - Milano BR 1,2 - No Way JOSE! Designing Cryptography Features for Mere Mortals - Scott Arciszewski
DC - 101 Track - Building Absurd Christmas Light Shows - Rob Joyce
DC - Track 1 - Caesars Emperor's Level - Palace BR - Tineola: Taking a Bite Out of Enterprise Blockchain - Stark Riedesel, Parsia Hakimian
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - You'd better secure your BLE devices or we'll kick your butts ! - Damien "virtualabs" Cauquil
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Ridealong Adventures—Critical Issues with Police Body Cameras - Josh Mitchell
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - trackerjacker - Caleb Madrigal
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit - Jayesh Singh Chauhan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - GreyNoise - Andrew Morris
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - WHID Injector: Hot To Bring HID Attacks to the Next Level - Luca Bongiorni
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - BLEMystique—Affordable custom BLE target - Nishant Sharma, Jeswin Mathai
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - ADRecon: Active Directory Recon - Prashant Mahajan
HHV - Caesars Pool Level - Forum 17-21 - NFC Payments: The Art of Relay & Replay Attacks - Salvador Mendoza
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (12:30-12:59) - Panel Q&A – IoT Manufacturers: Answers on Security Straight from the Source - Panel
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
Meetup - Chill Out Lounge - Deaf Con Meet Up -
PHV - Caesars Promenade Level - Neopolitan BR - An OSINT Approach to Third Party Cloud Service Provider Evaluation - Lokesh Pidawekar
PHV - Caesars Promenade Level - Neopolitan BR - (12:30-12:59) - Bitsquatting: Passive DNS Hijacking - Ed Miles
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
RCV - Caesars Promenade Level - Florentine BR 1,2 - Cartoons, Sketchnotes, Bullet Journals and Other Data Visualization Tricks - Raye Keslensky
RCV - Caesars Promenade Level - Florentine BR 1,2 - Bug Bounty Hunting on Steroids - Anshuman Bhartiya / Glen Grant
Service - Caesars - Promenade Level - Anzio Rm past Registration - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Cloud Security Myths - Xavier Ashe
WLV - Caesars Promenade Level - Milano BR 5,6 - Attacking Gotenna Networks - recompiler
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Decentralized Hacker Net - Eijah

 

Saturday - 13:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Machine Learning Model Hardening For Fun and Profit - Ariel Herbert-Voss
AIV - Caesars Promenade Level - Florentine BR 3 - (13:20-13:59) - Automated Planning for the Automated Red Team - Andy Applebaum
BCOS - Caesars Promenade Level - Pompeian BR 1 - cont...(12:00-13:59) - We Program Our Stinkin Badges! - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(12:45-13:30) - Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders. - siDragon
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (13:30-14:15) - DNA Encryption: Bioencryption to Store Your Secrets in living organisms - John Dunlap
CPV - Caesars Promenade Level - Milano BR 1,2 - Sluts, Bullies, and Best Selves: Rethinking Digital Privacy Education - Caroline D. Hardin, Jen Dalsen
CPV - Caesars Promenade Level - Milano BR 1,2 - (13:30-14:00) - Building a Cryptographic Backdoor in OpenSSL - Lei Shi, Allen Cai
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - One Step Ahead of Cheaters -- Instrumenting Android Emulators - Nevermoe (@n3v3rm03)
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - (13:30-13:50) - House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries - Sanat Sharma
DC - Track 1 - Caesars Emperor's Level - Palace BR - In Soviet Russia Smartcard Hacks You - Eric Sesterhenn
DC - Track 1 - Caesars Emperor's Level - Palace BR - (13:30-13:50) - The ring 0 façade: awakening the processor's inner demons - Christopher Domas
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Reaping and breaking keys at scale: when crypto meets big data - Yolan Romailler, Nils Amiet
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (13:30-13:50) - Detecting Blue Team Research Through Targeted Ads - 0x200b
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era - Andrea Marcelli
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (13:30-14:15) - Infecting The Embedded Supply Chain - Zach, Alex
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - trackerjacker - Caleb Madrigal
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit - Jayesh Singh Chauhan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - GreyNoise - Andrew Morris
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - WHID Injector: Hot To Bring HID Attacks to the Next Level - Luca Bongiorni
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - BLEMystique—Affordable custom BLE target - Nishant Sharma, Jeswin Mathai
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - ADRecon: Active Directory Recon - Prashant Mahajan
EHV - Caesars Promenade Level - Modena Rm - Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space - Speaker TBA
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (13:15-13:45) - Disassembly and Hacking of Firmware Where You Least Expect It: In Your Tools- with live hacking demonstration - Monta Elkins
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (13:55-14:25) - TOR for The IOT aka TORT Reform - Bryson Bort
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (13:15-13:59) - Worms that fight back: Nematodes as an antidote for IoT malware - Matt Wixey @darkartlab
PHV - Caesars Promenade Level - Neopolitan BR - Turning Deception Outside-In: Tricking Attackers with OSINT - Hadar Yudovich, Tom Kahana, Tom Sela
PHV - Caesars Promenade Level - Neopolitan BR - (13:30-13:59) - Defense in Depth: The Path to SGX at Akamai - Sam Erb
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
PPV - Flamingo Lower Level - Valley Of Fire Rms - How Compliance Affects the Surface Area of Cannabis POS - WeedAnon
RCV - Caesars Promenade Level - Florentine BR 1,2 - Targeted User Analytics and Human Honeypotss - Mbis0n Shadoru
RCV - Caesars Promenade Level - Florentine BR 1,2 - (13:25-13:55) - Skiptracer - ghetto OSINT for broke hackers - illwill
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - Book Signing - Nick Cano - Game Hacking - Nick Cano
SKY - Flamingo 3rd Flr - Virginia City Rm - Exploiting IoT Communications - A Cover within a Cover - Mike Raggo & Chet Hosmer
WLV - Caesars Promenade Level - Milano BR 5,6 - Wardrivers Anonymous - Aadvark and Darkmatter and elkentaro and Zero_Chaos and Rick "Ward River" Mellendick
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Decentralized Hacker Net - Eijah

 

Saturday - 14:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Beyond Adversarial Learning -- Security Risks in AI Implementations - Kang Li
AIV - Caesars Promenade Level - Florentine BR 3 - (14:30-15:20) - (Responsible?) Offensive Machine Learning - @bodaceacat, @filar, @Straithe, @_delta_zero (Moderating)
BCOS - Caesars Promenade Level - Pompeian BR 1 - Examining Monero's Ring Signatures - Justin Ehrenhofer
BCOS - Caesars Promenade Level - Pompeian BR 1 - (14:30-14:59) - Some Mining Related Attacks - Zhiniang Peng
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(13:30-14:15) - DNA Encryption: Bioencryption to Store Your Secrets in living organisms - John Dunlap
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (14:15-16:15) - DEF CON Biohacking Village Badge Talk - Joel Murphy
CPV - Caesars Promenade Level - Milano BR 1,2 - CATs - A Tale of Scalable Authentication - Yueting Lee
CPV - Caesars Promenade Level - Milano BR 1,2 - (14:30-15:00) - Jailed by a Google Search: the Surveillance State's War on Self-induced Abortion - Pigeon
DDV - Caesars Promenade Level - Capri Rm - The Memory Remains - Cold drive memory forensics 101 - Lior Kolnik
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices - Dennis Giese
DC - Track 1 - Caesars Emperor's Level - Palace BR - SMBetray—Backdooring and breaking signatures - William Martin
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones - Eduardo Izycki, Rodrigo Colli
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (14:30-14:50) - Sex Work After SESTA/FOSTA - Maggie Mayhem
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - cont...(13:30-14:15) - Infecting The Embedded Supply Chain - Zach, Alex
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Playing Malware Injection with Exploit thoughts - Sheng-Hao Ma
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (14:30-14:50) - Fire & Ice: Making and Breaking macOS Firewalls - Patrick Wardle
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - EAPHammer - Gabriel Ryan
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Sh00t—An open platform for manual security testers & bug hunters - Pavan Mohan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - ioc2rpz - Vadim Pavlov
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - HealthyPi—Connected Health - Ashwin K Whitchurch
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Walrus - Daniel Underhay, Matthew Daley
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - LHT (Lossy Hash Table) - Steve Thomas
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(13:55-14:25) - TOR for The IOT aka TORT Reform - Bryson Bort
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (14:30-15:15) - Attacking Commercial Smart Irrigation Systems - Ben Nassi @ben_nassi
PHV - Caesars Promenade Level - Neopolitan BR - Building a Teaching SOC - Andrew Johnson
PHV - Caesars Promenade Level - Neopolitan BR - (14:30-14:59) - Normalizing Empire's Traffic to Evade Anomaly-Based IDS - Utku Sen, Gozde Sinturk
PHW - Caesars Promenade Level - Neopolitan BR - Intense Introduction to Modern Web Application Hacking - Omar Santos and Ron Taylor
PPV - Flamingo Lower Level - Valley Of Fire Rms - Hacking Phenotypic Pathways In Cannabis - Mark Lewi
RCV - Caesars Promenade Level - Florentine BR 1,2 - Applied OSINT For Politics: Turning Open Data Into News - Lloyd Miller
RCV - Caesars Promenade Level - Florentine BR 1,2 - (14:45-15:05) - 1983: I’m born. 2018: I’m taking on the bad guys - Jennifer Roderick
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Hacking the Technical Interview - Marcelle & Kelley
WLV - Caesars Promenade Level - Milano BR 5,6 - (14:30-15:25) - SDR Basics Class - Balint Seeber
WS - Linq 4th Flr - Icon A - (14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - (14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - (14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - (14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - (14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - (14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 15:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(14:30-15:20) - (Responsible?) Offensive Machine Learning - @bodaceacat, @filar, @Straithe, @_delta_zero (Moderating)
AIV - Caesars Promenade Level - Florentine BR 3 - (15:20-15:59) - Towards a framework to quantitatively assess AI safety – challenges, open questions and opportunities. - Ram Shankar Siva Kumar
BCOS - Caesars Promenade Level - Pompeian BR 1 - An Introduction to Kovri - Anonimal
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - DEF CON Biohacking Village Badge Talk - Joel Murphy
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Torrent More Pharmaceutical Drugs. File Sharing Still Saves Lives. - Mixæl Laufer
Contest - Contest Stage - Spell Check: The Hacker Spelling Bee -
CPV - Caesars Promenade Level - Milano BR 1,2 - JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else - Guy Barnhart-Magen, Ezra Caltum
DDV - Caesars Promenade Level - Capri Rm - Owning Gluster FS with GEVAUDAN - Mauro Cáseres
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Project Interceptor: avoiding counter-drone systems with nanodrones - David Melendez Cano
DC - Track 1 - Caesars Emperor's Level - Palace BR - All your math are belong to us - sghctoma
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Reverse Engineering Windows Defender's Emulator - Alexei Bulazel
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Booby Trapping Boxes - Ladar Levison, hon1nbo
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - EAPHammer - Gabriel Ryan
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - Sh00t—An open platform for manual security testers & bug hunters - Pavan Mohan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - ioc2rpz - Vadim Pavlov
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - HealthyPi—Connected Health - Ashwin K Whitchurch
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - Walrus - Daniel Underhay, Matthew Daley
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - LHT (Lossy Hash Table) - Steve Thomas
EHV - Caesars Promenade Level - Modena Rm - Hack Back: Not An Option, But A Necessity? (A Mini-Workshop) - David Scott Lewis
HHV - Caesars Pool Level - Forum 17-21 - Breaking In: Building a home lab without having to rob a bank - Bryan Austin
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(14:30-15:15) - Attacking Commercial Smart Irrigation Systems - Ben Nassi @ben_nassi
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (15:45-16:30) - How-to modify ARM Cortex-M based firmware: A step-by-step approach for Xiaomi devices - Dennis Giese
PHV - Caesars Promenade Level - Neopolitan BR - Grand Theft Auto: Digital Key Hacking - Huajiang "Kevin2600" Chen, Jin Yang
PHW - Caesars Promenade Level - Neopolitan BR - cont...(14:00-15:59) - Intense Introduction to Modern Web Application Hacking - Omar Santos and Ron Taylor
PPV - Flamingo Lower Level - Valley Of Fire Rms - The Invisible Hands Tending the Secret Greens - Keith Conway (@algirhythm), Frank (@cosmovaltran
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(14:45-15:05) - 1983: I’m born. 2018: I’m taking on the bad guys - Jennifer Roderick
RCV - Caesars Promenade Level - Florentine BR 1,2 - Core OSINT: Keeping Track of and Reporting All the Things - Micah Hoffman
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - (15:30-15:59) - Social Engineering from a CISO's Perspective - Kathleen Mullen
SKY - Flamingo 3rd Flr - Virginia City Rm - Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project - Amit Elazari & Keren Elazari
WLV - Caesars Promenade Level - Milano BR 5,6 - cont...(14:30-15:25) - SDR Basics Class - Balint Seeber
WLV - Caesars Promenade Level - Milano BR 5,6 - (15:30-15:55) - BLE CTF - Ryan Holeman
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 16:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - StuxNNet: Practical Live Memory Attacks on Machine Learning Systems - Raphael Norwitz
AIV - Caesars Promenade Level - Florentine BR 3 - (16:20-16:59) - Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks - TonTon Huang
BCOS - Caesars Promenade Level - Pompeian BR 1 - cont...(15:00-16:59) - An Introduction to Kovri - Anonimal
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - DEF CON Biohacking Village Badge Talk - Joel Murphy
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (16:15-16:59) - Hacking Human Fetuses - Erin Hefley
Contest - Contest Stage - cont...(15:00-16:59) - Spell Check: The Hacker Spelling Bee -
CPV - Caesars Promenade Level - Milano BR 1,2 - Anonymous rate-limiting in services with Direct Anonymous Attestation - Alex Catarineu, Philipp Claen, Konark Modi, Josep M. Pujol
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Outsmarting the Smart City - Daniel "unicornFurnace" Crowley, Mauro Paredes, Jen "savagejen" Savage
DC - Track 1 - Caesars Emperor's Level - Palace BR - 80 to 0 in under 5 seconds: Falsifying a medical patient's vitals - Douglas McKee
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - All your family secrets belong to us—Worrisome security issues in tracker apps - Dr. Siegfried Rasthofer, Stephan Huber, Dr. Steven Arzt
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Inside the Fake Science Factory - Dr Cindy Poppins - Computer Scientist (AKA Svea Eckert), Dr Dade Murphy - Reformed Hacker (AKA Suggy), Professor Dr Edgar Munch
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response) - Besim Altinok, Mehmet Kutlay Kocer, M.Can KURNAZ
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Angad: A Malware Detection Framework using Multi-Dimensional Visualization - Ankur Tyagi
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Honeycomb—An extensible honeypot framework - Omer Cohen, Imri Goldberg
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Swissduino—Stealthy USB HID Networking & Attack - Mike Westmacott
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - boofuzz - Joshua Pereyda
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - PA Toolkit—Wireshark plugins for Pentesters - Nishant Sharma, Jeswin Mathai
HHV - Caesars Pool Level - Forum 17-21 - The Cactus: 6502 Blinkenlights 40 Years Late - Commodore Z
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (16:55-17:25) - Reverse Engineering Physical Processes in Industrial Control Systems - Marina Krotofi, Alexander Winnicki
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(15:45-16:30) - How-to modify ARM Cortex-M based firmware: A step-by-step approach for Xiaomi devices - Dennis Giese
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (16:45-17:30) - Hacking U-Boot - Srinivas Rao @srini0x00 and Abhijeth D @abhijeth
PHV - Caesars Promenade Level - Neopolitan BR - Ridealong Adventures: Critical Issues with Police Body Cameras - Josh Mitchell
PHW - Caesars Promenade Level - Neopolitan BR - (16:30-17:59) - Mallet, An Intercepting Proxy for Arbitrary Protocols - Rogan Dawes
PPV - Flamingo Lower Level - Valley Of Fire Rms - The Ongoing Federal Lawsuit Against Jeff Sessions - Michael Hiller
RCV - Caesars Promenade Level - Florentine BR 1,2 - WhiteRabbit: Combining Threat Intelligence Public Blockchain Data and Machine Learning to go Down the “Dirty Money” Rabbit Hole - Olivia Thet / Nicolas Kseib
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - The Abyss is Waving Back… - Chris Roberts
SEV - Caesars Promenade South - Octavius BR 3-8 - (16:55-17:45) - Hunting Predators: SE Style - Chris Hadnagy
SKY - Flamingo 3rd Flr - Virginia City Rm - Healthcare Exposure on Public Internet - Shawn Merdinger
WLV - Caesars Promenade Level - Milano BR 5,6 - Introduction to Railroad Telemetry - Eric Reuter
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 17:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Holy BATSense! Deploying TBATS Machine Learning Algorithm to Detect Security Events - Pranshu Bajpai
BCOS - Caesars Promenade Level - Pompeian BR 1 - Moderator Justin Ehrenhofer's Greatest Questions - Shamiq (App Sec Manager, COINBASE), Paul Shapiro, A., Fluffy Pony
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Biohacking the Disability - Gabriel Bergel
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (17:45-18:30) - Batman, Brain Hacking, and Bank Accounts - Katherine Pratt
CPV - Caesars Promenade Level - Milano BR 1,2 - Prototyping Cryptographic Protocols With Charm - Matt Cheung
DC - Track 1 - Caesars Emperor's Level - Palace BR - The Road to Resilience: How Real Hacking Redeems this Damnable Profession - Richard Thieme, a.k.a. neural cowboy
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers - Nick Cano
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response) - Besim Altinok, Mehmet Kutlay Kocer, M.Can KURNAZ
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - Angad: A Malware Detection Framework using Multi-Dimensional Visualization - Ankur Tyagi
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - Honeycomb—An extensible honeypot framework - Omer Cohen, Imri Goldberg
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - Swissduino—Stealthy USB HID Networking & Attack - Mike Westmacott
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - boofuzz - Joshua Pereyda
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - PA Toolkit—Wireshark plugins for Pentesters - Nishant Sharma, Jeswin Mathai
EHV - Caesars Promenade Level - Modena Rm - Diversity and Equality in Infosec - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - WiFi Beacons will give you up - John Aho
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(16:55-17:25) - Reverse Engineering Physical Processes in Industrial Control Systems - Marina Krotofi, Alexander Winnicki
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (17:35-17:59) - A SOC in the Village - Thomas VanNorman
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(16:45-17:30) - Hacking U-Boot - Srinivas Rao @srini0x00 and Abhijeth D @abhijeth
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - IoT Data Exfiltration - Mike Raggo, Chet Hosmer
PHW - Caesars Promenade Level - Neopolitan BR - cont...(16:30-17:59) - Mallet, An Intercepting Proxy for Arbitrary Protocols - Rogan Dawes
PPV - Flamingo Lower Level - Valley Of Fire Rms - Primer On Dealing w/ Local Gov. for Legal Cannabis - Mayor Chad Wanke
RCV - Caesars Promenade Level - Florentine BR 1,2 - Mapping wifi networks and triggering on interesting traffic patterns - Caleb Madrigal
RCV - Caesars Promenade Level - Florentine BR 1,2 - (17:40-17:59) - OpenPiMap - Hacking the hackers with OSINT, Raspberry Pis, and Data Analysis - Mark Klink
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(16:55-17:45) - Hunting Predators: SE Style - Chris Hadnagy
SEV - Caesars Promenade South - Octavius BR 3-8 - (17:50-18:40) - On the Hunt: Hacking the Hunt - Chris Silvers and Taylor Banks
SKY - Flamingo 3rd Flr - Virginia City Rm - The challenge of building an secure and safe digital environment in the healthcare - @_j3lena_
WLV - Caesars Promenade Level - Milano BR 5,6 - It's not wifi: Stories in Wireless Reverse Engineering - Dominic Spill and Russ Handorf
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 18:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - INTRO TO DATA MASTERCLASS: Tour-de-ML - Leo Meyerovich & Eugene Teo
BCOS - Caesars Promenade Level - Pompeian BR 1 - Instructions and invitations to party - Cinnamonflower and pwrcycle
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(17:45-18:30) - Batman, Brain Hacking, and Bank Accounts - Katherine Pratt
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (18:30-19:15) - Building a Better Bedside - The Blue Team Needs a Plan B - Nick Delewski and Saurabh Harit
Contest - Contest Stage - DEF CON Blitz Chess Tournament -
CPV - Caesars Promenade Level - Milano BR 1,2 - (Not Recorded) Ask Me Anything about Tor: AMA with Roger Dingledine - Roger Dingledine
EHV - Caesars Promenade Level - Modena Rm - Discussion - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - Building Drones the Hard Way - David Melendez Cano
PPV - Flamingo Lower Level - Valley Of Fire Rms - Panel on digital & Physical Security in Cannabis - OCP (by proxy), Michael Hiller, Project Nexus, Weed Anon, Mark Lewis, Chad Wanke
RCV - Caesars Promenade Level - Florentine BR 1,2 - Supercharge Your Web Recon With Commonspeak and Evolutionary Wordlists - Michael Gianarakis / Shubham Shah
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(17:50-18:40) - On the Hunt: Hacking the Hunt - Chris Silvers and Taylor Banks
SEV - Caesars Promenade South - Octavius BR 3-8 - (18:40-19:30) - Social Engineering Course Projects for Undergraduate Students - Aunsuhl Rege
SKY - Flamingo 3rd Flr - Virginia City Rm - Macabre stories of a hacker in the public health sector (Chile) - Philippe Delteil
WLV - Caesars Promenade Level - Milano BR 5,6 - Little Fluffy Pineapple Clouds - Commanding a Fleet of Wireless Fruit - Darren Kitchen and Seb Kinne
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 19:00


Return to Index  -  Locations Legend
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(18:30-19:15) - Building a Better Bedside - The Blue Team Needs a Plan B - Nick Delewski and Saurabh Harit
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (19:15-19:15) - Lightning Talks - Maybe you?
Contest - Contest Stage - cont...(18:00-19:59) - DEF CON Blitz Chess Tournament -
PPV - Flamingo Lower Level - Valley Of Fire Rms - cont...(18:00-19:15) - Panel on digital & Physical Security in Cannabis - OCP (by proxy), Michael Hiller, Project Nexus, Weed Anon, Mark Lewis, Chad Wanke
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(18:40-19:30) - Social Engineering Course Projects for Undergraduate Students - Aunsuhl Rege

 

Saturday - 20:00


Return to Index  -  Locations Legend
Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - Hacker Jeopardy -
DC - Octavius 13 - Privacy Is Equality—And It's Far from Dead - Sarah St. Vincent
DC - Octavius 9 - Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape - Matt Goerzen, Dr. Jeanna Matthews, Joan Donovan
DC - Roman Chillout - EFF Fireside Hax (AKA Ask the EFF) - Kurt Opsahl, Nate Cardozo, Jamie Lee Williams, Andrés Arrieta, Katiza Rodriguez, Nathan 'nash' Sheard
Meetup - Flamingo - 3rd floor - Chillout Rm - (20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - Hacker Karaoke -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - Movie Night -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - (20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - El Dorado BR - (20:30-23:59) - Lonely Hackers Club Party -
Night Life - Flamingo, Rm # after registration - Cobalt DEF CON Party 2018 -

 

Saturday - 21:00


Return to Index  -  Locations Legend
Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - cont...(20:00-21:59) - Hacker Jeopardy -
Contest - Contest Stage - Drunk Hacker History -
Meetup - Flamingo - 3rd floor - Chillout Rm - cont...(20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (21:30-22:30) - Party Music - Skittish & Bus -
Night Life - Caesars Palace Forum Tower, Rm TBA - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - El Dorado BR - cont...(20:30-23:59) - Lonely Hackers Club Party -
Night Life - Flamingo, Rm # after registration - cont...(20:00-23:59) - Cobalt DEF CON Party 2018 -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - IoT Village Manson Party -

 

Saturday - 22:00


Return to Index  -  Locations Legend
Contest - Contest Stage - cont...(21:00-22:59) - Drunk Hacker History -
Meetup - Flamingo - 3rd floor - Chillout Rm - cont...(20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(21:30-22:30) - Party Music - Skittish & Bus -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (22:30-23:30) - Party Music - Zebbler Encanti -
Night Life - Caesars Palace Forum Tower, Rm TBA - cont...(21:00-25:59) - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - El Dorado BR - cont...(20:30-23:59) - Lonely Hackers Club Party -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - SecKC the World -
Night Life - Flamingo, Rm # after registration - cont...(20:00-23:59) - Cobalt DEF CON Party 2018 -
Night Life - Location TBA - DC801 Party -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - cont...(21:00-25:59) - IoT Village Manson Party -
SKY - Flamingo 3rd Flr - Virginia City Rm - skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - Flamingo

 

Saturday - 23:00


Return to Index  -  Locations Legend
Meetup - Flamingo - 3rd floor - Chillout Rm - cont...(20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Lobby bar - (23:55-24:59) - DC 26 GothCon -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(22:30-23:30) - Party Music - Zebbler Encanti -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (23:30-24:59) - Party Music - Juno Reactor -
Night Life - Caesars Palace Forum Tower, Rm TBA - cont...(21:00-25:59) - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - El Dorado BR - cont...(20:30-23:59) - Lonely Hackers Club Party -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(22:00-25:59) - SecKC the World -
Night Life - Flamingo, Rm # after registration - cont...(20:00-23:59) - Cobalt DEF CON Party 2018 -
Night Life - Location TBA - cont...(22:00-25:59) - DC801 Party -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - cont...(21:00-25:59) - IoT Village Manson Party -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - Flamingo

 

Saturday - 24:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Lobby bar - cont...(23:55-24:59) - DC 26 GothCon -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(23:30-24:59) - Party Music - Juno Reactor -
Night Life - Caesars Palace Forum Tower, Rm TBA - cont...(21:00-25:59) - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(22:00-25:59) - SecKC the World -
Night Life - Location TBA - cont...(22:00-25:59) - DC801 Party -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - cont...(21:00-25:59) - IoT Village Manson Party -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - Flamingo

 

Saturday - 25:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - Miss Jackalope -
Night Life - Caesars Palace Forum Tower, Rm TBA - cont...(21:00-25:59) - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(22:00-25:59) - SecKC the World -
Night Life - Location TBA - cont...(22:00-25:59) - DC801 Party -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - cont...(21:00-25:59) - IoT Village Manson Party -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - Flamingo

 

Saturday - 26:00


Return to Index  -  Locations Legend
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - s7a73farm -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -

Talk/Event Descriptions


 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 18:00-18:30


Title:
(Not Recorded) Ask Me Anything about Tor: AMA with Roger Dingledine

6:00pm

(Not Recorded) Ask Me Anything about Tor: AMA with Roger Dingledine
When
Sat, August 11, 6:00pm 6:30pm
Description
Speaker
------
Roger Dingledine

Abstract
--------
Roger Dingledine, president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online, will give an overview of several aspects of Tor, including new developments since he last spoke at DEF CON. The majority of the session will be devoted to questions from the audience, AMA style.

Bio
-----------------
Roger Dingledine is president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online. Wearing one hat, Roger works with journalists and activists on nearly every continent to help them understand and defend against the threats they face. Wearing another hat, he is a lead researcher in the online anonymity field, coordinating and mentoring academic researchers working on Tor-related topics, and, since 2002, has helped to organize the yearly international Privacy Enhancing Technologies Symposium (PETS). Among his achievements, Roger was chosen by the MIT Technology Review as one of its top 35 innovators under 35, he co-authored the Tor design paper that won the Usenix Security "Test of Time" award, and he has been recognized by Foreign Policy magazine as one of its top 100 global thinkers.

Twitter handle of presenter(s)
------------------------------
@RogerDingledine, @TorProject

Website of presenter(s) or content
----------------------------------
torproject.org

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 14:30-15:20


(Responsible?) Offensive Machine Learning

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


#WiFiCactus

Saturday 08/11/18 from 1000-1150 at Table One
Offense, defense, hardware

Mike Spicer

The newly upgraded #WiFiCactus for DEF CON 26 is a passive wireless monitoring backpack that listens to 60 channels of 2.4 and 5 gHz WiFi at the same time. New this year is the ability to capture 802.11AC traffic and upgrades to remove bandwidth bottlenecks. This tool uses Kismet to capture the data from the each radio and aggregates them into a single searchable web interface. This tool is also capable of identifying wireless threats, troubleshooting complex wireless environments and helping with correlation analysis between Bluetooth and WiFi.

http://palshack.org/the-hashtag-wifi-cactus-wificactus-def-con-25/

Mike Spicer
d4rkm4tter is a mad scientist who likes to hack hardware and software. He is particularly obsessed with wireless. He has a degree in computer science which he has put to use building and breaking a wide variety of systems.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 14:45-15:05


1983: I’m born. 2018: I’m taking on the bad guys - Jennifer Roderick

“I’m not a programmer. I’m not a hacker‚Ķin the traditional sense. But yet I was born in 1983, so surely that makes me a perfect fit for the DEF CON theme this year. Not enough? Ok, well how about the fact that I’m currently using open source tools, techniques and methodologies to combat modern slavery, wildlife trafficking, terrorism and just about every serious organized crime the world is currently battling from a desk in the middle of the London financial district. Interested in hearing from a different viewpoint and perspective, then this is your talk. While you might not walk away with a new tool for your toolbox, you will gain an understanding into how the smallest contribution can end up the most profound and how combining open source resources can take on much bigger problems that you’ve maybe never considered.

During my talk, I will cover a few examples of recent Open Source investigations conducted by myself, including details regarding the methodologies and tools which were used. We actively follow the person not the digital fingerprint to begin to understand and put a face to some of the most prevalent and serious organized crimes facing the world today.

When I was in the forces I knew what I was facing and had to deal with, as Head of Research at a FinTech company I never expected that transferring my skills would end up uncovering individuals within the financial industry who I’ve had to report for terrorist activity, human trafficking, wildlife trafficking, drug smuggling, violent crime, fraud (international and domestic), revenge porn, and stalking.

And while I’m not here to save the world, I think we can all do a little bit to contribute to a counter-future in which the good guys are empowered by technology and the bad guys have nowhere to hide.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 16:00-16:45


80 to 0 in under 5 seconds: Falsifying a medical patient's vitals

Saturday at 16:00 in Track 1
45 minutes | Demo

Douglas McKee Senior Security Researcher for the McAfee Advanced Threat Research team

It seems each day that passes brings new technology and an increasing dependence upon it. The medical field is no exception; medical professionals rely upon technology to provide them with accurate information and base life-changing decisions on this data.

In recent years there has been more attention paid to the security of medical devices; however, there has been little research done on the unique protocols used by these devices. In large, health care systems medical personnel take advantage of to make decisions on patient treatment and other critical care, use central monitoring stations. This information is gathered from many devices on the network using uncommon networking protocols. What if this information wasn't accurate when a doctor prescribed medication? What if a patient was thought to be peacefully resting, when in fact they are under cardiac arrest?

McAfee's Advanced Threat Research team has discovered a weakness in the RWHAT protocol, one of the networking protocols used by medical devices to monitor a patient's condition. This protocol is utilized in some of the most critical systems used in hospitals. This weakness allows the data to be modified by an attacker in real-time to provide false information to medical personnel. Lack of authentication also allows rogue devices to be placed onto the network and mimic patient monitors.

This presentation will include a technical dissection of the security issues inherent in this relatively unknown protocol. It will describe real-world attack scenarios and demonstrate the ability to modify the communications in-transit to directly influence the receiving devices. We will also explore the general lack of security mitigations in the medical devices field, the risks they pose, and techniques to address them. The talk will conclude with a demonstration using actual medical device hardware and a live modification of a patient's critical data.

Douglas McKee
Douglas McKee is a Senior Security Researcher for the McAfee Advanced Threat Research team, focused on finding new vulnerabilities in both software and hardware. Douglas has an extensive background in penetration testing, reverse engineering, malware analysis and forensics and throughout his career has provided software exploitation training to many audiences, including law enforcement.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 17:35-17:59


A SOC in the Village

August 11, 2018 5:35 PM

Security operation centers (SOC) have a been around on the enterprise networks for a while now, but what about OT SOCS? This talk will cover some technologies that are available for the plant floor that works with your SOC. After the talk, a live demonstration will take place in the ICS Village.

Speaker Information

Thomas VanNorman

Dragos

Thomas has been working in Operational Technology field for more than two decades. He is currently the Director of Engineering Services at Dragos, and a Founding Member of ICS Village. Thomas is also retired from the Air National Guard where he worked in Cyber Warfare Operations. For over the past 10 years Thomas focus area has been working on securing Industrial Control Systems and the networking of such systems leveraging his operational knowledge of such systems. Thomas currently holds a Certified Information Systems Security Professional (CISSP) through ISC(2), Global Industrial Cyber Security Professional (GICSP) and GIAC Certified Incident Handler (GCIH) both through GIAC.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


ADRecon: Active Directory Recon

Saturday 08/11/18 from 1200-1350 at Table Six
Security professionals (Blue Team, Red Team), system administrators, etc.

Prashant Mahajan

ADRecon is a tool which extracts various artifacts (as highlighted below) out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD environment. The tool is useful to various classes of security professionals like system administrators, security professionals, DFIR, etc. It can also be an invaluable post-exploitation tool for a penetration tester. It can be run from any workstation that is connected to the environment, even hosts that are not domain members. Furthermore, the tool can be executed in the context of a non-privileged (i.e. standard domain user) accounts. Fine Grained Password Policy, LAPS and BitLocker may require Privileged user accounts. The tool will use Microsoft Remote Server Administration Tools (RSAT) if available, otherwise it will communicate with the Domain Controller using LDAP.

The following information is gathered by the tool: Forest; Domain; Trusts; Sites; Subnets; Default Password Policy; Fine Grained Password Policy (if implemented); Domain Controllers, SMB versions, whether SMB Signing is supported and FSMO roles; Users and their attributes; Service Principal Names (SPNs); Groups and memberships; Organizational Units (OUs); ACLs for the Domain, OUs, Root Containers and GroupPolicy objects; Group Policy Object details; DNS Zones and Records; Printers; Computers and their attributes; LAPS passwords (if implemented); BitLocker Recovery Keys (if implemented); and GPOReport (requires RSAT).

https://github.com/sense-of-security/ADRecon

Prashant Mahajan
Prashant Mahajan is a Security Consultant at Sense of Security Pty Ltd. He has experience with various aspects of Information Security including penetration testing, vulnerability analysis, digital forensics and incident response. Prashant is a founding member of Null—The Open Security Community and frequent speaker at industry events.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Saturday - 10:00-13:59


Advanced Custom Network Protocol Fuzzing

Saturday, 1000-1400 in Icon C

Joshua Pereyda Software Engineer

Timothy Clemans Software Engineer

Get hands on experience writing custom network protocol fuzzers. This class will cover the basics of network protocol "smart fuzzing." Exercises will utilize the open source network protocol fuzzing framework, boofuzz. Attendees will gain practice reverse engineering a network protocol, implementing and iterating on a custom fuzzer, and identifying vulnerabilities.

After:
1. You will know the basics of fuzzing.
2. You will know how to write custom network protocol fuzzers using state of the art open source tools.
3. You will have hands on experience with this widely-discussed but still largely mysterious test method.

Before:
1.You should be comfortable doing some programming in Python.
2. You should understand basic network protocol concepts.
3. You should be familiar with WireShark and how to use it.

What you won't learn:
1. Exploit development.
2. Python programming. Because you can already do that (see above).

Prerequisites:
- Some basic Python programming experience (some programming ability is REQUIRED).
- Basic understanding of network protocols.
- Basic familiarity with Wireshark.
- Optional: Fuzzing experience.

Materials:
- Laptop with physical Ethernet port -- strongly recommended: configure for secure Wi-Fi access beforehand.
- Python 2.7 and pip installed and updated.
- Linux recommended but Windows OK.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/advanced-custom-network-protocol-fuzzing-icon-c-tickets-47194829004
(Opens July 8, 2018 at 15:00 PDT)

Joshua Pereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. Among his passions are hacking, teaching kids to program, listening to upper-crust orchestral performances with his wife, and figuring out how he can get paid to do it all... legally. Joshua is the maintainer of the boofuzz network protocol fuzzing framework. He has written fuzzers for fun, and profit (literally).

Timothy Clemans
Tim is a software engineer working in information security. He has worked for a startup and data analytics companies. He currently works in critical infrastructure with a focus on security and fuzzing. He cringes at the thought of insecure systems and so he seeks to improve the security of anyone who will listen. He enjoys a good hike, ice cream, and long walks on the beach.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Saturday - 10:00-13:59


Adventures in Radio Scanning: Advanced Scanning Techniques with SDR

Saturday, 1000-1400 in Icon D

Richard Henderson

Bryan Passifiume

Many cities around the world have implemented multi-million dollar "trunked" radio systems for their transit, municipal, public safety, police, fire and EMS radio networks. Large commercial organizations (like Caesar's) also use frequency sharing trunked radio systems due to the hundreds (if not thousands) of staff... all requiring radio access. This workshop will walk you through the basics of trunked radio systems, how they work, and how you can set up a listening post to decode these systems and listen in. This workshop will cover setting up and using the Trunk88 scanning software, and how to scan other conventional (non-trunked) radio systems such as MOTOTRBO, Tetra, EDACS, and other systems. Live interception and decoding of a trunked system and a DMR/TRBO system will be done by students. We will also quickly walk through scanning popular archaic pager systems like POCSAG.

Prerequisites: A basic understanding of SDR scanning would be incredibly helpful, but is not essential. We can walk students through it.

Materials: In this case, we will require each student to bring a Windows laptop (not a Surface tablet please) and *at least* 2 USB DVB-T RTL2832U+R820T sticks in order to properly intercept and decode trunked radio systems. The more sticks students bring, the more voice channels they will be able to simultaneously monitor and record. A very limited number of additional sticks will be available to borrow. Please make sure you have them!

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/adventures-in-radio-scanning-advanced-scanning-techniques-with-sdr-icon-d-tickets-47194754782
(Opens July 8, 2018 at 15:00 PDT)

Richard Henderson
Richard Henderson is a writer, researcher, and ham radio/electronics nerd who has worked in infosec and technology for well over a decade. Richard is currently co-authoring a book on cybersecurity for ICS/Scada systems.

Bryan Passifiume
Bryan Passifiume is a journalist, writer and photographer who writes for one of Toronto's largest newspapers. A National Newspaper Awards nominee, and a co-founder of the alt-amateur radio group Hamsexy, he's been involved in the monitoring and radio hacking scene for nearly twenty years.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 16:00-16:45


All your family secrets belong to us—Worrisome security issues in tracker apps

Saturday at 16:00 in Track 2
45 minutes | Demo, Exploit

Dr. Siegfried Rasthofer Fraunhofer SIT

Stephan Huber Hacker

Dr. Steven Arzt Hacker

Google Play Store provides thousands of applications for monitoring your children/family members. Since these apps deal with highly sensitive information, they immediately raise questions on privacy and security. Who else can track the users? Is this data properly protected? To answer these questions, we analyzed a selection of the most popular tracking apps from the Google Play Store.

Many apps and services suffer from grave security issues. Some apps use self-made algorithms instead of proper cryptography for data storage and transmission. Others do not even attempt to protect their communication at all and make use of the unprotected http protocol, or even give an attacker full access to a vulnerable backend system. Hard coded database credentials in apps allowed access to all stored user locations. We would be able to extract hundreds of thousands of tracking profiles, even in real time. In others, this wasn't even necessary, because the user authentication could be bypassed altogether. Flaws in server API allowed us to extract all user credentials (1.7m plain text passwords), further we saw full communication histories containing messages, pictures and location data.

In total, the state of tracker apps is worrisome, effectively leading to users unknowingly installing espionage software on their devices.

Dr. Siegfried Rasthofer
Siegfried is the head of department Secure Software Engineering at Fraunhofer SIT (Germany) and his main research focus is on

applied software security. He has received a PhD, master's degree and bachelor's degree in computer science and IT-security. He is the founder of the CodeInspect reverse engineering tool and founded TeamSIK.

During his research, he develops tools that combine static and dynamic code analysis for security purposes. Most of his research is published at top tier academic conferences and industry conferences

like DEF CON, BlackHat, AVAR or VirusBulletin.

Stephan Huber
Stephan is a security researcher at the Testlab mobile security group at the Fraunhofer Institute for Secure Information Technology (SIT).

His main focus is Android application security testing and developing new static and dynamic analysis techniques for app security evaluation.

He found different vulnerabilities in well-known Android applications and the AOSP. He gave talks on conferences like DEF CON, HITB, AppSec or VirusBulletin. In his spare time he enjoys teaching students in Android hacking.

Dr. Steven Arzt
Steven is currently a researcher at the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt.

He has received a PhD, a master's degree in computer science, and a master's degree in IT Security from Technische Universität Darmstadt.

Steven is one of the core maintainers of the Soot open-source compiler framework that is now used for static analysis and program instrumentation by various research groups around the world. He is also actively maintaining the FLOWDROID open-source static data flow tracker.

His main research interests center on (mobile) security and static and dynamic program analysis applied to real-world security problems, an area in which he has published various research papers over the last years.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 15:00-15:45


All your math are belong to us

Saturday at 15:00 in Track 1
45 minutes | Demo, Tool, Exploit, Audience Participation

sghctoma Lead security researcher @ PR-Audit Ltd., Hungary

First of all, it's math. Not meth. So everybody be cool, I'm not gonna touch your central nervous system stimulant substances. Now that this is established, I can start telling my story. And this story, like all good stories, begins where it ends.

Wait, no, not really.

It begins at a birthday party where the sister of a friend asked if I could help her with MATLAB. No matter how horrible memories I had about MATLAB, I just couldn't say no. So the next day, there was I, sitting in my room, installing the trial. And that's when the hacking started...

Believe me, there were a lot to hack in this case! Several gigabytes of installed materials, a few web servers, cloud integration, clustering capabilities, you name it. These software are bloated, they are basically their own little operating systems.

Yup, I used plural. Because I thought why discriminate MATLAB? I should really give a chance to Maple and Mathematica to fail too!. I did, and they did fail, and these failures gave the material for my talk. Basically this will be a dump of exploits (RCEs, file disclosures, etc.), and if you use any of those software and you are at least a bit security conscious, you should definitely listen to it.

sghctoma
Toma is the lead IT security researcher at PR-Audit Ltd., a company focusing mainly on penetration testing and SIEM software development. Previously he participated in a cooperation between ELTE Department of Meteorology and the Paks Nuclear Power Plant Ltd., the goal of which was to develop TREX, a toxic waste emission simulator using CUDA.

The scene from RoboCop where Nikko defeats the ED-209 with just a laptop and a serial cable made a huge impression on him, and after seeing the movie, his path was set: he was bound to be a hacker. His first experiences in this field involved poking around various copy protection schemes, and to this day his favorite areas of expertise are the ones that require some mangling of binary files. Besides computer security he also loves mountain biking, flight simulators, and builds and flies acro quadcopters.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 15:00-16:59


Title: An Introduction to Kovri

Speakers: Anonimal

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 12:00-12:30


An OSINT Approach to Third Party Cloud Service Provider Evaluation

Lokesh Pidawekar, Senior Cloud and Application Security Engineer at Cisco

In the era of third party cloud service providers where enterprise critical data is hosted and shared with various vendors, third party security reviews have become essential part of Information Security. It has become a challenge for security teams to ensure parity is maintained between security controls that are available on premise, to those offered by the cloud provider. Typically, companies send a word document or excel sheet to get answers from cloud providers, however, this process is done only once and the review is point in time. In this talk, the attendees will learn about various methods of identifying security posture of the third-party cloud service using information available on Internet, how to use this information for performing cloud service review and improve their own cloud offerings. This can also supplement the tedious questionnaire process and provide an option to fast track the vendor reviews.

Lokesh Pidawekar (Twitter: @MaverickRocky02) work as Senior Cloud and Application Security Engineer in Cisco InfoSec team where he is responsible for designing secure architecture for applications, evaluating third party cloud service providers, and providing training to enterprise architects. He has Master's in Information Assurance & Cyber Security from Northeastern University, Boston. Previously, he has spoken at BSides Las Vegas, DEFCON Packet Hacking Village talks, OWASP Boston chapter and CarolinaCon. He likes to read about application vulnerabilities in free time and has reported security bugs to vendors as part of their bug bounty program.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Saturday - 14:30-18:30


Analyzing Malscripts: Return of the Exploits!

Saturday, 1430-1830 in Icon E

Sergei Frankoff Co-Founder, Open Analysis

Sean Wilson Co-Founder, Open Analysis

In recent years malscripts and file based exploits have become a main delivery method for malware. Malscripts are often heavily obfuscated and they can take many different forms including WScript, Javascript, macros, and PowerShell. There has also been been a rise in document based exploits used to deliver and execute these malscripts. As a result incident responders and malware analysts need to be comfortable analyzing different document formats, identifying potential exploits, and analyze malscripts.

In this workshop you will work through the triage of a live malware delivery chain that includes a malicious document, malicious scripts, and a final malware payload. During this process you will be exposed to different document based exploits, and you will practice the skills required to manually analyze malscripts. This workshop focuses on the fundamental analysis techniques used when identifying, deobfuscating, and analyzing maldocs and malscripts. However, we will also provide an introduction to automation tools and techniques that can be used to speed up the analysis process.

This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you have a good understanding of scripting languages like VBScript, and Javascript, and you are familiar with windows internals you should have no problem completing the workshop. You will be provided with a VirtualMachine to use during the workshop, please make sure to bring a laptop that meets the following requirements. Your laptop must have VirtualBox installed and working (VMWare is not supported). Your laptop must have at least 60GB of disk space free, preferably 100GB. Your laptop must be able to mount USB storage devices. Make sure you have the appropriate dongle if you need one.

Prerequisites: None

Materials: Students will be provided with a VirtualMachine to use during the workshop. They will need to bring a laptop that meets the following requirements:

- The laptop must have VirtualBox installed and working (VMWare is not supported).
- The laptop must have at least 60GB of disk space free, preferably 100GB.
- The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/analyzing-malscripts-return-of-the-exploits-icon-e-tickets-47194482969
(Opens July 8, 2018 at 15:00 PDT)

Sergei Frankoff
Sergei is a co-founder of Open Analysis, and volunteers as a malware researcher. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis. Sergei is a strong believer in taking an open, community approach to combating cyber crime. He actively contributes to open source tools and tries to publish as much analysis as possible. With over a decade of experience Sergei has held roles both as the manager of an incident response team, and as a malware researcher.

YouTube: https://www.youtube.com/oalabs

Sean Wilson
Sean is a co-founder of Open Analysis, and volunteers as a malware researcher. He splits his time between reverse engineering malware and building automation tools for incident response. He is an active contributor to open source security tools focused on incident response and analysis. Sean brings over a decade of experience working in a number of incident response and application security roles with a focus on security testing and threat modeling. In his free time Sean loves fly fishing.

YouTube: https://www.youtube.com/oalabs


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 10:40-11:10


Analyzing VPNFilter's Modbus Module

August 11, 2018 10:40 AM

Since May of 2018 Cisco Talos has been releasing information to the public detailing the capabilities of a nation-state sponsored malware campaign known as VPNFilter. This global, multi-year campaign targets numerous network routing devices which range from low-end small office, home office (SOHO) WiFi routers to rack-mount enterprise-grade network appliances. Of special interest to the ICS community is the existence of a post-exploitation module focused specifically on identifying a subset of Modbus traffic while also capturing credentials transmitted via HTTP. For our talk, we will discuss some background on the VPNFilter campaign, malware analysis, capabilities, and cover some hypothetical scenarios in which the Modbus module would be useful.

Speaker Information

Patrick DeSantis

Cisco Talos

As security researchers with Cisco Talos, Carlos Pacho (@carlosmpacho) and Patrick DeSantis (@pat_r10t) focus on discovering new and exploitable vulnerabilities in Industrial Control Systems (ICS) and other computing devices that have an impact on the physical world. The Talos ICS team has been responsible for the coordinated disclosure of dozens of ICS-related security vulnerabilities in devices ranging from secure industrial routers to programmable logic controllers (PLCs). They also built an ICS-controlled kegerator.

Carlos Pacho

Cisco Talos


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


Angad: A Malware Detection Framework using Multi-Dimensional Visualization

Saturday 08/11/18 from 1600-1750 at Table Two
Defense, Forensics, Network, Malware

Ankur Tyagi

Angad is a framework to automate classification of an unlabelled malware dataset using multi-dimensional modelling. The input dataset is analyzed to collect various attributes which are then arranged in a number of feature vectors. These vectors are then individually visualized, indexed and then queried for each new input file. Matching vectors are labelled as per their AV detection categories for now but this could be changed to a heuristics approach if needed. If dynamic behavior or network traffic details are available, vectors are also converted into activity graphs that depict evolution of activity with a predefined time scale. This results into an animation of malware/malware category's behavior traits and is also useful in identifying activity overlaps across the input dataset.

Malware detection is a challenging task as the landscape is ever-evolving. Every other day, a new variant or a known malware family is reported and signature driven tools race against time to add detection. The process worsens when the rate of incoming samples is in thousands on a daily basis, making static/dynamic analysis alone of no use.

Angad tries to address this issue by leveraging well-known data classification techniques to the malware domain. It tries to provide a known interface to the multi-dimensional modelling approach within a standalone package.

https://github.com/7h3rAm/angad

Ankur Tyagi
Bio: Ankur Tyagi is a Sr. Malware Research Engineer at Qualys Inc., where he analyzes malicious code and applies statistical modelling to identify suspicious patterns and evolving trends. His research interests include structural visualization techniques for classifying large collections of uncategorized samples. He has completed MS in Software Systems with focus on Applied Security.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 16:00-17:00


Title:
Anonymous rate-limiting in services with Direct Anonymous Attestation

4:00pm

Anonymous rate-limiting in services with Direct Anonymous Attestation
When
Sat, August 11, 4pm 5pm
Description
Authors
-------
Alex Catarineu
Philipp Claen
Konark Modi
Josep M. Pujol

Abstract
--------
Anonymous data collection systems allows users to contribute the data necessary to build services and applications while preserving their privacy.

Anonymity, however, can be abused by malicious agents, injecting fabricated data, aiming to subvert or to sabotage the data collection.

At Cliqz we deal with the same challenge. Our data collection systems in Cliqz Browser and Extension which power our search engine[1], anti-tracking systems[2] are designed in a way that server cannot link that two messages are from the same user.
But if the user is fully anonymous, how can the system prevent an attacker
from polluting the data collection?

We will showcase an efficient mechanism to block an attacker without compromising the privacy and anonymity of the users.
This system builds on top of Direct Anonymous Attestation, a proven cryptographic primitive to implement service rate-limiting in a scenario where messages between users and the service are sent anonymously and message unlinkability is to be preserved.
Rate-limiting constraints for a service are defined as an arbitrary mapping from every possible valid message to a 'rate-limiting tag' string, in such a way that the constraints can be enforced if the service never accepts more than one message from the same user with same tag.
Under this definition, we employ DAA protocol to enforce these 'message quotas' without being able to link user messages. If authorized, users receive credentials issued by the service. These can be used to sign messages with respect to a 'basename' string, in such a way that two signatures performed with the same credentials are unlinkable if and only if their basenames are different. By forcing the mentioned rate-limiting tag to be in the signature basename the rate-limiting constraints can be enforced.
Service will verify the signature according to the DAA protocol and accept the message if and only if the tag that maps to the rate-limiting basename has still not been seen.

We present all components needed to build and deploy such protection on existing
data collection systems with little overhead.

This system which is running in production for Cliqz browser is however not limited to browsers or extensions, it has been implemented in a scenario where user code is running in a web browser, thanks to WebAssembly and asm.js.

References:
1. Human-web Overview: https://gist.github.com/solso/423a1104a9e3c1e3b8d7c9ca14e885e5
2. Anti-tracking: https://static.cliqz.com/wp-content/uploads/2016/07/Cliqz-Studie-Tracking-the-Trackers.pdf


Bio
-----------------
Speaker 1: Alex Catarineu
Alex works with Cliqz GmbH as a Software Engineer developing privacy-focused search engine and browser. He works on projects ranging across Privacy by design, Human-web, Human-web proxy network, Connect etc. Prior to Cliqz, he started working in a mobile analytics startup in Barcelona. After that, Alex and some colleagues won an entrepreneurship grant to build a web application for helping people better organize their trips.He is interested in many fields, such as algorithms and data structures, cryptography, machine learning, graphics and video games. He is also a decent chess player and enjoys playing and improving at it.

Speaker 2: Konark Modi
Konark works as a Tech lead with Cliqz GmbH developing privacy-focused search engine and browser. He works on projects ranging across Privacy by design, Anonymous Data collection like Human Web, Anti-Tracking etc.

Prior to Cliqz, Konark was working with one of the largest e-commerce website in India(Makemytrip.com) in data platform and security team, solving interesting challenges related to DWH, BI and data security.

His recent personal projects, in an endeavor to help organizations fix vulnerabilities have spanned across browsers, health trackers, Government services, travel mobile apps etc.

Twitter handle of presenter(s)
------------------------------
Speaker 2: @konarkmodi

Website of presenter(s) or content
----------------------------------
Speaker 1: http://github.com/acatarineu/ , Speaker 2: https://medium.com/@konarkmodi

Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 14:00-14:40


Applied OSINT For Politics: Turning Open Data Into News - Lloyd Miller

“How do you apply open source intelligence techniques to politicians, candidates, and others holding the public trust? It’s easier than you think. This talk will outline the general principles for investigating public figures, how to take information and data and turn it into a news story even when the story is (often) incomplete, and then review several case studies that demonstrate the effectiveness of combining these techniques.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Archery—Open Source Vulnerability Assessment and Management

Saturday 08/11/18 from 1000-1150 at Table Two
Offense

Anand Tiwari

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.

https://github.com/archerysec/archerysec/

Anand Tiwari
Anand Tiwari is an information security professional with nearly 5 years of experience in offensive security, with expertise in Mobile and Web Application Security. Currently working with Philips Healthcare on securing medical devices. He has authored Archery—open source tool and has presented at Black Hat Asia 2018. In his free time, he enjoys coding and experimenting with various open source security tools. Twitter handle: @anandtiwarics


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Saturday - 10:00-13:59


Attack & Defense in AWS Environments

Saturday, 1000-1400 in Icon E

Vaibhav Gupta Security Researcher, Adobe Systems

Sandeep Singh Security Managing Consultant, NotSoSecure

AWS is the most widely used cloud environments today and almost every security professional have to encounter this environment whether you are attacking an organization or defending it. In this fast-paced workshop we will teach participants with some neat tools, techniques and procedures to attack the most widely used AWS services as well as to defend them.

- Recon / Information Gathering on AWS Services
- Attacking S3 buckets
- Exploiting web application flaws to compromise AWS services (IAM/KMS)
- Attacking Serverless applications
- Disrupting AWS Logging
- Attacking Misconfigured Cloud SDN

Takeaways: Students will be able to understand and appreciate the delta in attack surface which gets added due to moving to cloud. And subsequently design architecture and develop applications to defend them.

What will participants be provided?
- PDF copy of slide deck
- Lab VM
- Workshop lab manual
- Bonus labs

Target Audience:
- Cloud Security Engineers
- DevOps engineers
- Security Analyst
- Penetration Testers
- Anyone else who is interested in Cloud Security
- If you are an Expert or Advanced user, you may join us as co-trainers! :-)

Prerequisites: - Need to have AWS account (Free-tier) - Basic understanding of AWS

Materials: - Machine with at least 8 GB RAM and 20 GB free HD space - VirtualBox [VMs will be provided]

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/attack-defense-in-aws-environments-icon-e-tickets-47194715665
(Opens July 8, 2018 at 15:00 PDT)

Vaibhav Gupta
Vaibhav is working as a Security Researcher with Adobe Systems. His expertise lies in infusing design and architecture level security in applications hosted in-house and on cloud environments. With ~9 years of diverse InfoSec exposure, he has strong experience in attacking and defending applications including the ones hosted on the cloud. He is co-leading the OWASP and Null community in Delhi region and has delivered multiple sessions at the local and global stage. Vaibhav is also co-organizer for BSides Delhi.

Sandeep Singh
Sandeep is a Security Managing Consultant with NotSoSecure. He has over 5 years of experience in delivering high end security consulting services to clients across the globe. Sandeep has also worked in Detection and Response teams in the past. He is the co-lead of OWASP Delhi chapter and Community Manager of null community and actively contributes to the local security community. He has conducted and delivered many talks and workshops for the local community in the past. Sandeep is also one of the organizers of BSides Delhi.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 14:30-15:15



Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 12:00-12:55


recompiler

Bio

Vlad is a driven security researcher with a passion for securing technology that makes civilized life possible. He is particularly focused on automotive security, satellite systems security, SCADA systems supporting the critical infrastructure and wireless networks. He specializes in the intersection of physical and network security. He has worked on DARPA projects, established and lead penetration testing teams for Fortune 50 organizations, performed incident response and forensics on sensitive production systems within controlled environments, reverse engineered security devices, and participated in countless red team engagements for banks, critical infrastructure, pharmaceutical companies, law firms and research organizations. Vlad has spoken at various security conferences including Bsides, DEFCON, Black Hat USA, HOPE, and ShmooCon. Vlad was a board member for NYC OWASP and remains committed to the security community working together to improve the security posture through developer education, end user training, peer- reviewed code and rigorous standardized testing methodologies.

@recompiler

Attacking Gotenna Networks

Abstract

"Talk will focus on privacy (or lack thereof) of gotenna networks. We will cover traditional attacks which have only been available to state sponsored prior to popularization and wide availability of software defined radios. We will cover signal analysis, triangulation, protocol analysis, deanonimization, cryptanalysis, spoofing and selective jamming. Since the gotenna ecosystem also includes an app we will cover the vulnerabilities in the underlying crypto libraries, weak token generation, broken API segregation as well as other vulnerabilities. You too can learn how to analyze, snoop on and exploit RF networks like a pro with a hackrf, laptop and some elbow grease, sweat and sleep deprivation. "


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 13:20-13:59


Automated Planning for the Automated Red Team

Andy Applebaum

“Offensive assessments – i.e., penetration testing, adversary emulation, red teaming – have become a key component of maintaining a secure network. Unfortunately, offensive assessments require significant resources, and can vary in quality and structure based on who specifically is conducting the assessment. In the past few years, we’ve seen people try to remedy this problem by creating automated offensive assessment tools, but the capabilities and goals of these tools are highly variable, and many either require personnel to manage them or lack the ability to conduct dynamic or end-to-end tests.

We believe that automated offensive assessments can be done better using automated planning. One of the older branches of AI, automated planning seeks to solve problems where an autonomous agent must determine how to compose a sequence of actions together to achieve an objective. Problems in this space can range from constructing offline deterministic plans, to planning under probabilistic conditions, or to planning in scenarios where the world and underlying model are un- or partially-known. Planning techniques have been applied to solve problems in a variety of domains, including controlling unmanned vehicles and designing intelligent agents in computer games.

In this talk, we’ll describe how we’ve leveraged concepts from the automated planning community to help us design CALDERA, a free, open source automated adversary emulation system. Using these concepts, CALDERA dynamically strings techniques – taken from MITRE ATT&CK™ – together to achieve objectives and conduct end-to-end tests. In addition to describing CALDERA itself, we’ll also discuss more generally some of the challenges and advantages of deploying automated planning to automated offensive assessments, discussing alternate approaches that we as well as others have considered in tackling this problem. Attendees should walk away with both an understanding of how they can use CALDERA as well as how planning can be used for automated offensive assessments.”

Andy Applebaum is a Lead Cyber Security Engineer at MITRE where he works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. Andy has contributed to MITRE’s ATT&CK framework and CALDERA adversary emulation platform, as well as other projects within MITRE’s internal research and development portfolio. Prior to working at MITRE, Andy received his PhD in computer science from the University of California Davis, where his dissertation topic was using argumentation logic for reasoning in cyber security. Andy’s work has been published in multiple conferences and workshops and has most recently spoken at Black Hat Europe. In addition to his PhD, Andy holds a BA in computer science from Grinnell College and the OSCP certification.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 17:45-18:30


Title: Batman, Brain Hacking, and Bank Accounts

Speaker: Katherine Pratt
About Katherine:
Katherine Pratt received her B.S. in aerospace engineering from MIT in 2008, where she received the MIT Women’s League Laya Weisner Award for public service to the university, and the MIT Aero/Astro James Means Memorial Award for Space Systems Engineering. She completed several internships with the private space venture Blue Origin, working in systems and propulsion engineering. After graduation, she served four years in the United States Air Force, working primarily as an operational flight test engineer on the F-35 Joint Strike Fighter. She is now a PhD Candidate in the BioRobotics Lab in the Electrical Engineering department of the University of Washington, and currently spending six months in Congress as a Congressional Innovation Scholar. Her work focuses on the privacy, ethics, and policy of neural data. In addition to research, Katherine is passionate about getting younger students, especially girls and minorities, interested in science and technology. She also competes in triathlons as a member of the Husky Triathlon Club and iracelikeagirl teams.
Abstract:
The advancement of technology means more data are being collected from a wider range of sources. Of particular concern is data collected using a Brain Computer Interface (BCI): a device that records neural signals and allows them to control objects external to the body. Applications for this
technology range from therapeutic (e.g. controlling a prosthetic arm) to entertainment (e.g. playing a video game). These cases provide malicious entities the ability to intercept, manipulate, or hack neural signals and the devices they control: it is the plot of Batman Forever (1995) come to life.
This talk will outline research in the field of neural security and information elicitation, as well as the corresponding ethical and policy implications.

Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 10:00-10:59


Title: BCOS keynote speech

Speakers: Philip Martin (VP Security, COINBASE)

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 14:00-14:30


Beyond Adversarial Learning – Security Risks in AI Implementations

Kang Li

A year after we discovered and reported a bunch of CVEs related to deep learning frameworks, many security and AI researchers have started to pay more attention to the software security of AI systems. Unfortunately, many deep learning developers are still unaware of the risks buried in AI software implementations. For example, by inspecting a set of newly developed AI applications, such as image classification and voice recognition, we found that they make strong assumptions about the input format used by training and classifications. Attackers can easily manipulate the classification and recognition without putting any effort in adversarial learning. In fact the potential danger introduced by software bugs and lack of input validation is much more severe than a weakness in a deep learning model. This talks will show threat examples that produce various attack effects from evading classifications, to data leakage, and even to whole system compromises. We hope by demonstrate such threats and risks, we can draw developers’ attention to software implementations and call for community collaborative effort to improve software security of deep learning frameworks and AI applications.

Kang Li is a professor of computer science and the director of the Institute for Cybersecurity and Privacy at the University of Georgia.  His research results have been published at academic venues, such as IEEE S&P, ACM CCS and NDSS, as well as industrial conferences, such as BlackHat, SyScan, and ShmooCon.  Dr. Kang Li is the founder and mentor of multiple CTF security teams, including SecDawg and Blue-Lotus.  He was also a founder and player of the Team Disekt, a finalist team in the 2016 DARPA Cyber Grand Challenge.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Octavius 9 - Saturday - 20:00-19:59


Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape

Saturday at 20:00 in Octavius 9
Fireside Hax |

Matt Goerzen Researcher, Data & Society

Dr. Jeanna Matthews Fellow at Data & Society, Associate Professor of Computer Science at Clarkson University

Joan Donovan Media Manipulation/Platform Accountability Research Lead, Data and Society in Manhattan

White hat or critical grey hat trolling? Trolling as art? Trolling as hybrid warfare? Trolling as propaganda? In this Fireside Hax, we will challenge your assumptions about trolling. Trolls are attention hackers, using social and technical means to bait journalists, set agendas, game media gatekeepers, and direct audiences. Sometimes they also have fun. We will discuss a range of trolling techniques like sockpuppeting, dogpiling, doxing, attention honeypots, and cognitive denial of service attacks that we have not seen concisely catalogued elsewhere. We will also discuss high-profile examples of trolling such as"training" the Microsoft Tay chatbot, fake Antifa accounts, Russian sockpuppet accounts, and Phineas Fisher's use of Hacking Team's twitter account--and ask attendees to consider each as black hat attacks or grey hat attempts to point out critical societal vulnerabilities that should be"patched." We will also talk about"troll the troll" accounts like ImposterBuster and YesYoureRacist and the role"white hat trolls" might play in auditing platforms or proposing platform-based controls. Time permitting, we will discuss art projects that trollishly critiqued the European Commission, Google AdSense, and the NSA. This will not be a lecture and it will not shy away from controversy. Join two members of the Media Manipulation Team at Data & Society to collectively consider the role trolling can play in pointing out the flaws in our attention/media landscape.

Matt Goerzen
Matt Goerzen studies trolling techniques and cultures as part of the Media Manipulation team at Data & Society. He's also applied many of the techniques in the art world, for example by once developing an absurdist AdSense campaign ostensibly designed to sell a hideous sculpture to art collector Shaquille O'Neal, but more accurately designed to piggyback off of free clickbait media attention to inform readers about psychometric ad tech practices. He has written an academic study of contemporary artists who function as what he calls"critical trolls," arguing that trolling can be seen as an extension of the politicized attentional strategies used by the 20th-century avant-garde. His current work at Data & Society focuses on mapping the way white supremacists and state actors have appropriated trolling techniques for use in influence operations as a form of"bottom-up agenda setting."

Dr. Jeanna Matthews
Jeanna Matthews is an associate professor of Computer Science at Clarkson University and a 2017-18 fellow at Data and Society where she has been collaborating with the Media Manipulation team. She was a speaker and DEF CON 23 and 24, both times on the topic of vulnerabilities in virtual networks. Her broader research interests include virtualization, cloud computing, computer security, computer networks, operating systems and algorithmic accountability and transparency. Jeanna received her Ph.D. in Computer Science from the University of California at Berkeley and is an ACM Distinguished Speaker.

@jeanna_matthews

Joan Donovan
Joan Donovan is the Media Manipulation/Platform Accountability Research Lead at Data and Society in Manhattan. After completing her PhD in Sociology and Science Studies at the University of California San Diego, she was a postdoctoral fellow at the UCLA Institute for Society and Genetics, where she researched white supremacists' use of DNA ancestry tests, social movements, and technology. For several years, Joan has conducted action research with different networked social movements in order to map and improve the communication infrastructures built by protesters. In her role as a participant, she identifies information bottlenecks, decodes algorithmic behavior, and connects organizations with other like-minded networks.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 17:00-17:45


Title: Biohacking the Disability

Speaker: Gabriel Bergel
About Gabriel:
Gabriel Bergel is a System Engineer, Master in Cybersecurity from the IMF Business School and the Camilo José Cela University (Spain) and has 15 years
of experience in different areas of information security. He regularly speakers in courses, workshops and forums on information security in different
institutions, universities and national and international events. Currently he is Chief Executive Officer (CEO) of Vulnscope, Chief Strategy Officer (CSO)
of Dreamlab Technologies, and Chief Security Ambassador (CSA) of Eleven Paths, Director of Public Policies in Whilolab and Founder and Organizer of 8.8 Computer
Security Conference.
Speaker: Rodrigo Quevedo:
About Rodrigo:
Specialist in technological architecture and management, entrepreneur, teacher, inventor and mentor of scientific talents, with a high social and service vocation, fully dedicated to the development of mechatronics and robotics technology in different fields, for 10 years he has trained more than 3000 young people in Chile, Peru, Bolivia and Colombia,
allowing more than 700 young people to travel to the USA to compete in robotic tournaments, forming 34 teams that have competed in national and international tournaments, obtaining various awards in Japan, USA and Chile. Speaker at various universities, colleges, innovation and entrepreneurship events, national and international. Interviewed by different
means of print and television, national and international. Guest writer of technological columns in various specialized magazines. Inventor of 14 products, including MIVOS, bidirectional automatic translator of signlanguage for deaf people.
Abstract:
"The talk is about the project “Over Mind”. That it is a neuro wheelchair control software developed to help people with different physical abilities who have reduced mobility and use wheelchairs, by capturing data provided by neuro sensors or other sources of information, the software converts them into an order of movement to one or several engines, allowing the movement of a wheelchair. “Over Mind” will allow you to control any adapted electric wheelchair. You can also control an exoskeleton or other mechanism that facilitates the mobility of people. We have managed to control a high-tech robot using our Over Mind software and using a sensor provided by Neurosky
The Problem:
The 1% of the world population cannot move by itself, for various reasons such as Amyotrophic lateral sclerosis (ALS), accidents and others, 50,000,000 people.
Over Mind is a a low-cost technology/system developed in Chile, designed to give mobility to 1% of the world population, increasing its available physical capacities allowing people with zero or reduced mobility to MOVE and carry out activities on their own, granting freedom and autonomy.
The year 2016 Over Mind participated in the contest ""An idea to change history"", organized by History Channel together with 5,800 projects and it was the only Chilean project that finished among the four finalists."

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 12:30-12:59


Bitsquatting: Passive DNS Hijacking

Ed Miles, Security Researcher at DiDi Labs

The Domain Name System is one of the foundational technologies that allow the internet to function, but unfortunately, DNS is surprisingly brittle to certain issues, such as bitsquatting.

Lookups to names that are a "bitflip" away from well-known sites (like 'amczon.com' instead of 'amazon.com' since 'c' and 'a have a single bit difference) can be caused by memory failing due to defect or overheating situations, rogue cosmic rays, or even (allegedly) radiation caused by nuclear reactions.

I was curious how realistic the last case really was - can we 'detect' active nuclear tests based solely on bitsquatting data? To find out, I revisited bitsquatting. First I'll briefly introduce the key concepts required for understanding bitsquatting (including ASCII, DNS and HTTP, Internet infrastructure, and memory error scenarios). I'll show the tools and techniques used to identify and register over 30 newly identified bitsquat domains, monitor DNS and HTTP requests, and process, enrich, and investigate the data. Finally, I will discuss any observations gathered from the data, with a focus on regional trends, specific devices, and current events - and try and see if I could prove any correlation.

In the end, attendees should leave with knowledge of the prevalence of bitsquatting and how it has evolved since the phrase was coined 8 years ago, as well as a few techniques for analyzing bitsquatting data and drawing some interesting conclusions.

Ed Miles (Twitter: @criznash) is a researcher at DiDi Chuxing's California-based DiDi Labs. Working in technology professionally since 2001, and as a hobbyist since 1991, Ed has been focused on forensics, incident response, malware analysis, reverse engineering, and detection since 2010.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Carson City Rm - Saturday - 20:30-26:30


Title:
BlanketFortCon

Check your ego at the door, grab some building materials and join in the celebration of the creativity and originality that is the pillow fort! A host of DJs will be spinning from a pirate ship as you share and create your own unique environment. All aboard!
More Info: BlanketFortCon.com

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 15:30-15:55


Ryan Holeman

Bio

Ryan Holeman resides in Austin Texas where he works as the Global Head of Security Intelligence for Atlassian's Security team. He is also an advisor for the endpoint security software company Ziften Technologies. He received a Masters of Science in Software Engineering from Kent State University. His graduate research and masters thesis focused on C++ template metaprograming. He has spoken at many respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. He has also published papers though venues such as ICSM and ICPC . You can keep up with his current activity, open source contributions and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.

@hackgnar

BLE CTF

Abstract

The purpose of BLE CTF (https://github.com/hackgnar/ble_ctf) is to teach the core concepts of Bluetooth low energy client and server interactions. While it has also been built to be fun, it was built with the intent to teach and reinforce core concepts that are needed to plunge into the world of Bluetooth hacking. After completing this CTF, you should have everything you need to start fiddling with any BLE GATT device you can find.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


BLEMystique—Affordable custom BLE target

Saturday 08/11/18 from 1200-1350 at Table Five
Attack and Defence

Nishant Sharma

Jeswin Mathai

BLEMystique is an ESP32 based custom BLE target which can be configured by the user to behave like one of the multiple BLE devices. BLEMystique allows a pentester to play with the BLE side of different kind of smart devices with a single piece of affordable ESP32 chip. BLEMystique contains multiple device profiles, for example, Smart Lock, Smart health band, Smart bulb, Heart rate monitor, Smart Bottle and more.

The BLEMystique code and manuals will be released to general public. So, apart from using the pre-configured devices, the users can also add support for devices for their choice and use their ESP32 board for target practice. In this manner, this tool can improve the overall experience of learning BLE pentesting.

Nishant Sharma
Nishant Sharma is a Technical Manager at Pentester Academy and Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX, WiMini and course/training content. He has presented/published his work at Blackhat Arsenal, Wireless Village, IoT village and Demo labs (DEFCON). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the WIPS solution. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, forensics and cryptography.

Jeswin Mathai
Jeswin Mathai is a Researcher at Pentester Academy. He has a Bachelor degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. He was also the part of team Pied Piper who won Smart India Hackathon 2017, a national level competition organized by GoI. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security and Web Application Security.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 15:00-15:45


Booby Trapping Boxes

Saturday at 15:00 in Track 3
45 minutes | Demo, Tool

Ladar Levison Founder, Lavabit LLC

hon1nbo Proprietor, Hacking & Coffee LLC

Ever worry about the hardware you leave behind? In a world where servers are co-located, and notebooks get left in hotel rooms, the ability to resist tampering, and if necessary actively respond to attack, has become increasingly important. And of course everybody knows the best booby traps are the ones you don't know are there. This talk will prepare you for life in 1984, where the maids are evil, and step brothers can't be trusted. Whether your running servers as a high value target, or simply want to protect your Monero private key, this talk will show you to achieve FIPS 140-2 level 4 security, without the FIPS 140-2 level 4 price tag. Specifically, we'll cover acquisition considerations, physical hardening, firmware mitigation, tamper detection and more.

Ladar Levison
Ladar Levison serves as the founder, president, and chief executive of Lavabit, where he has worked the past 14 years. Founded in 2004 (and originally called Nerdshack), Lavabit was created because Mr. Levison believes that privacy is a fundamental, necessary right for a functioning, free and fair democratic society. Presently, Mr. Levison is focused on Lavabit's Dark Mail Initiative, which aims to make end-to-end email encryption automatic and ubiquitous, while continuing to vigorously advocate for the privacy and free speech rights of all. Mr. Levison’s involvement in the internet can be traced to the early days of the world wide web, when he built his first website, in the early nineties for the fledgling Mosiac web browser (from the National Center for Supercomputing Applications).

Prior, Mr. Levison operated a dialup bulletin board service, and worked as a computer technician assembling custom computer systems. With more than 10 years of experience as an independent consultant, Mr. Levison has brought to bear his skills as a project manager, business analyst, systems engineer, software developer, database administrator, systems administrator, and information security specialist.

Mr. Levison’s career has involved working with several dozen multinational companies in the financial, consumer electronics, and retail sectors. The websites Mr. Levison built have drawn millions of visitors, and the software he's written has touched, albeit behind the scenes, the lives of millions more. Over the years, Mr. Levison has written and published numerous technical specifications and authored several editorial pieces. Mr. Levison frequently speaks at a variety of conferences, has appeared as an expert on numerous network television shows, and appeared in several documentaries; including the Oscar winning film, /Citizenfour/.

Mr. Levison has also been involved with several popular free open source software projects. Mr. Levison holds fifteen certifications, with the vast majority from Microsoft and International Business Machines. Mr. Levison received his Bachelor of Arts and Bachelor of Science degrees from Southern Methodist University, where he studied finance, English, political science and computer science. Additionally, Mr. Levison spent a year studying international relations at Georgetown University. A native of San Francisco, California, he currently resides in Dallas, Texas where he lives with his best friend, and principal cheerleader, Princess, the Italian Greyhound he rescued in 2010.

Twitter: @kingladar
Facebook: kingladar
Website: https://lavabit.com

hon1nbo
Hon1nbo is a hacker who tinkers for fun and to satisfy the basic human need to light things on fire. Hon1nbo allegedly has a job, where they get paid to take selfies in other people’s secure vaults in the middle of the night. We don’t know if this job is real, or merely a cover story. This possible delusion has taken them around the world entering into some of the largest organizations in both people size and technical expanse, using every possible entry method at their disposal. No domain left without an admin, no email left without a phish, and every office a wolf tail hiding in the air vents.

In addition to their night job, Hon1nbo runs Hacking & Coffee, a small hosting firm in Texas, where excess network capacity abounds, to perform security research and mirror F/OSS repositories. They also provide infrastructure support to a variety community projects, small businesses, and student groups.

A wild Hon1nbo can be spotted at DEF CON, its natural habitat, and identified via their purple tail, ears, and getting into shenanigans.

Twitter: @hon1nbo
Facebook: hon1nbo
Website: https://hackingand.coffee
Species: Wolf-Dog
Pronouns: them/their/schlee/generalisimo whatever be consistent


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


boofuzz

Saturday 08/11/18 from 1600-1750 at Table Five
Vulnerability Analysis, AppSec, Offense.

Joshua Pereyda

boofuzz is an open source network protocol fuzzing framework, competing with closed source commercial products like Defensics and Peach.

Inheriting from the open source tools Spike and Sulley, boofuzz improves on a long line of block-based fuzzing frameworks.

The framework allows hackers to specify protocol formats, and boofuzz does the heavy lifting of generating mutations specific to the format. boofuzz makes developing protocol-specific "smart" fuzzers relatively easy. Make no mistake, designing a smart network protocol fuzzer is no trivial task, but boofuzz provides a solid foundation for producing quality fuzzers.

Written in Python, boofuzz builds on its predecessor, Sulley, with key features including:

https://github.com/jtpereyda/boofuzz

Joshua Pereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. He currently hunts vulnerabilities full time. Among his passions are hacking, teaching kids to program, listening to upper-crust orchestral performances with his wife, and figuring out how he can get paid to do it all... legally.


Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Saturday - 13:00-13:59


Title:
Book Signing - Nick Cano - Game Hacking

No description available
Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 15:00-15:30


Breaking In: Building a home lab without having to rob a bank

Bryan Austin

Abstract

Building a home lab is critical to making you as a hacker better, but between space, hardware costs and learning it can quickly become an expensive habit. This talk will aim to show you some of the low cost options to learning the skills of the trade, and a bit of the mindset you need to finish that project.

Bio

Bryan Austin is an information security researcher with a background in electronics, threat analysis, social engineering, working with at-risk children, mentorship and research. He is also the co-founder of Through the Hacking Glass, a free mentorship community partnered with Peerlyst. By day, he secures people and organizations against scammers and hackers but by night he works with children with behavioral issues and a variety of other challenges. When not crusading against internet evil doers, he enjoys hiking, Taekwondo, and hacking with his beautiful wife and 3 amazing children.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 12:10-12:55


Bug Bounty Hunting on Steroids - Anshuman Bhartiya and Glenn ‘devalias’ Grant

Bug bounty programs are a hot topic these days. More and more companies are realizing the benefits of running a program, and researchers are jumping at the opportunity to grab some swag and make some extra cash from the bugs they find. Reporting security issues has never been as easy, open, and risk-free as it is right now. Everybody wins!

Though that doesn’t mean we should stop there. As researchers, we spend a lot of time doing the same menial tasks for each program: monitoring for new targets, checking for common issues, remembering just which flags you needed to pass to that tool (or even which tool is best for that job). We build new tools, hack together shell scripts, and generally make small incremental changes to our process. But surely there’s a better approach?

Are you sick of repeating the same tedious tasks over and over? Wouldn’t it be nice to have your own bug hunting machine? One that -

We call this approach Bug Bounty Hunting on Steroids. We will discuss our research and approach to building such a machine, sharing some of the lessons we learned along the way. x


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Saturday - 14:30-18:30


Build Your Own OpticSpy Receiver Module

Saturday, 1430-1830 in Icon A

Joe Grand Grand Idea Studio

OpticSpy is an open source hardware module for experimenting with optical data transmissions. It captures, amplifies, and converts an optical signal from a visible or infrared light source into a digital form that can be analyzed or decoded with a computer. With OpticSpy, electronics hobbyists and hardware hackers can search for covert channels, which intentionally exfiltrate data in a way undetectable to the human eye, add data transfer functionality to a project, or explore signals from remote controls and other systems that send information through light waves.

In this workshop, creator Joe Grand will present a brief history of the project and then guide you through the process of building, calibrating, and testing your own kit version of OpticSpy.

Prerequisites: None. No prior soldering experience necessary.

Materials: None

Max students: 12

Registration: -CLASS FULL- https://www.eventbrite.com/e/build-your-own-opticspy-receiver-module-icon-a-tickets-47193834028
(Opens July 8, 2018 at 15:00 PDT)

Joe Grand
Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, former DEFCON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic systems since the 1980s.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 18:30-19:15


Title: Building a Better Bedside - The Blue Team Needs a Plan B

Speaker: Nick Delewski and Saurabh Harit
Abstract:
While important changes may be afoot in the US regulatory environment for medical devices, which should hopefully allow more people to make informed decisions regarding patient safety, many CISOs, security engineers, and network admins have to live day to day in the world we have, not the world we wish for. There have been multiple presentations in the last few years about the details of medical device security that have rightly put the onus on manufacturers to provide long term fixes. However, we wonder if there are ways to create a more defensible and hardened hospital room until the notoriously slow regulatory process gains traction.We’ve done deep dives into specific medical devices and we’ve done pentests in several hospital systems. In our experience, we have noticed broad classes of common vulnerabilities across bedside equipment that transcend any one device or class of device. Input validation errors, buggy network stacks, and low-bandwidth links can be found in systems that monitor vitals, administer medications, or in components that glue disparate systems together. A long awaited patch may fix one vulnerability only for the hospital to bring in a different device for clinical or financial reasons, and wash-rinse-repeat. It’s not enough for one or two manufacturers to step up the security game if they are feeding data into other unreliable systems, and it will be a while before everyone is at the same level. We are dedicated red teamers, and we may feel the pain of those in the blue team trying to do the right thing, but we don’t know what it’s like to live in your shoes. In this talk, we will explain, in broad terms, vulnerabilities that we have seen and how we recommend remediating them. But we don’t want you to leave this session feeling that we are talking down to the defenders. We want you to have a seat at the table and share how you handle the unknown in your environment.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 13:30-14:00


Title:
Building a Cryptographic Backdoor in OpenSSL

1:30pm

Building a Cryptographic Backdoor in OpenSSL
When
Sat, August 11, 1:30pm 2:00pm
Description
Speakers
-------
Lei Shi
Allen Cai

Abstract
--------
Unlike common examples of a backdoor, cryptographic backdoors are the field of surreptitiosly weakening cryptographic systems such as deliberately inserting vulnerabilities to a pseudorandom number gen-erator to make cryptanalysis easier. OpenSSL as become since many years ago, the defacto library/tool for implementing cryptographic protocols into our applications and secure them. In this talk, we will try to modify the code of OpenSSL to bulid a new method of cryptographic backdoor, and then the attacker can easy decrypt the encryption data by RSA or ECC.

Bio
-----------------
Lei Shi is a security researcher of 360-CERT, mainly focus on cryptography security and vulnerability discovery. He has discovered 100+ bugs and gained 20+ CVEs(E.g: SSL Death Alert) from OpenSSL, OpenSSH, VMware. He obsesses with math and computer security, and currently is working on Windows Search protocol security, Linux kernel security and development of vulnerability discovery tools. He has made talks at BlueHat2017, SysCAN.

Twitter handle of presenter(s)
------------------------------
cyg0x7

Website of presenter(s) or content
----------------------------------
https://cert.360.cn

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 14:00-14:30


Building A Teaching SOC

Andrew Johnson, Information Security Officer at Carnegie Mellon University

Effective security monitoring is an ongoing process. How do you get everyone participating? How do you on-board junior colleagues to continuous improvement? The purpose of this presentation is to show methods for encouraging participation from all members of the security monitoring team as well as tactics for communicating effective with the organization.

Andrew Johnson (Twitter: @pierogipowered) is implementing a dedicated security operations team at Carnegie Mellon University. The security operations group has a dual focus on both the traditional aspect of securing the university as well as a focus on training student colleagues on the practical application of their degree. Prior to Carnegie Mellon University, Andrew was with HM Health Solutions. He had been responsible for creating a security operations platform in the heavily regulated health insurance/provider space. Andrew is a co-organizer for the BSides Pittsburgh (@bsidespgh) conference and enjoys recreational cycling and cooking when not participating in information security related activities.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - 101 Track - Saturday - 12:00-12:45


Building Absurd Christmas Light Shows

Saturday at 12:00 in 101 Track
45 minutes

Rob Joyce

Learn about the elements that go into a computerized light display and how you outfit your own house with dazzling blinking lights set to music.  Components of the show are individually explained and live demonstrations of the technology are on display.  Come get inspired to computerize your  own holiday cheer!

Rob Joyce
Rob Joyce (@RGB_Lights) has been with the Nation Security Agency (NSA) for 29 years and has led organizations doing both foreign intelligence and cybersecurity work.  He is the Senior Advisor for Cybersecurity, having recently returned from the White House as the Cybersecurity Coordinator where he worked national policy, synchronizing activity across the government and partners.  His previous assignment was leading Tailored Access Operations (TAO), the organization developing tools, techniques and capabilities to exploit computers for NSA's foreign intelligence mission.  Prior to that, he was the Deputy Director for Information Assurance, overseeing the protection of national security systems, which includes the nation's cryptographic key material, classified networks and warfighting networks.  In his spare time, Rob builds a computerized Christmas light show.  His most recent display was likely visible from the International Space Station. In addition to an infatuation with Christmas light displays, he helped a Boy Scout troop built catapults for the annual Punkin Chunkin competition until lawyers ruined it for all of us.


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 18:00-18:45


Building Drones the Hard Way

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Saturday - 14:30-18:30


Building Environmentally Responsive Implants with Gscript

Saturday, 1430-1830 in Icon C

Dan Borges

Alex Levinson Senior Security Engineer, Uber

Attendees to this workshop will experience a step by step walk through in setting up a Gscript build environment (which will include the Golang programing language as a requirement, along with the required libraries). Subsequently, attendees will obtain a basic overview of the Gscript capabilities in using conditional logic to navigate within, and deploy persistence mechanisms upon, target hosts.

Upon completion, each attendee will depart with a laptop (whichever one they brought _)containing a full Gscript build & testing environment, and at least 1 custom Gscript of their own design and purpose.

Prerequisites:
1. A general understanding of what an implant is, and how to use one.
2. Experience with Javascript
3. Experience with Metasploit and or meterpreter is a plus
4. Experience with the Golang programing language is also a plus

Materials: A laptop with an ethernet port

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/building-environmentally-responsive-implants-with-gscript-icon-c-tickets-47194616368
(Opens July 8, 2018 at 15:00 PDT)

Dan Borges
Dan Borges is an information security professional with over 15 years in computer science. Dan participates in a number of cyber security competitions each year, from being on the National CCDC Red Team, to leading a Blue Team in Pros Versus Joes, and helping run the Collegiate Penetration Testing Competition (CPTC). He has been publishing a blog on infosec education for more than 10 years.

Alex Levinson
Alex Levinson is a Senior Security Engineer at Uber with experience in red teaming, software engineering, and incident response. Outside of Uber, he is a core member of the red team for the National Collegiate Cyber Defense Competition (CCDC), as well as the Competition Director for the Collegiate Penetration Testing Competition (CPTC). Previously, Alex worked as a Senior Consultant and Development Manager at Lares Consulting.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 10:00-11:59


Building visualisation platforms for OSINT data using open source solutions

No description available


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 11:30-11:59


Capturing in Hard to Reach Places

Silas Cutler, Senior Security Researcher at CrowdStrike

It's easy for us to take for granted when tools allow us to start capturing network traffic without any real hardships. However, what happens when the data you want isn't so easy to capture. This talk will look at two cases in which environments needed to be bent in order to capture the data needed for analysis.

Silas Cutler (Twitter: @silascutler) is a Senior Security Researcher at CrowdStrike, Project Director for MalShare and DEFCON 21 Black Badge (from Capture the Packet). Endorsed on LinkedIn by [REDACTED] for "tcpdump". His prior managers have described him as "a guy" and "meeting necessary skills to perform job functions."


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 12:00-12:25


Cartoons, Sketchnotes, Bullet Journals and Other Data Visualization Tricks - Raye Keslensky

“When it comes to presenting data, it’s not WHAT you present, it’s HOW you present it! Combining words with pictures has been around for ages. Picking up an understanding of sequential art and how you can use it in your day-to-day life is critical!

This talk covers a crash course of data science and visualization. Learn what parts of the information you’re supposed to keep an eye on! Make better line breaks with your text! Bring clarity to your writing! Good for software design, scrapbooking, OSINT, or keeping your shit together! “


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 14:00-14:30


Title:
CATs - A Tale of Scalable Authentication

2:00pm

CATs - A Tale of Scalable Authentication
When
Sat, August 11, 2:00pm 2:30pm
Description
Speaker
------
Yueting Lee

Abstract
--------
Crypto Auth Tokens (CATs) are used in Facebooks scalable, token-based authentication backend infrastructure. They were created to deal with an ever growing, large-scale, multi-system organization. CATs are flexible, performant, and reliable. They support authentication at scope and scale for Facebooks backend infrastructure.

Bio
-----------------
Yueting Lee is a software engineer at Facebook, building security infrastructure within Facebooks infrastructure. Yueting is originally from Hong Kong but went on to study at the Georgia Institute of Technology, where she graduated with a degree in Computer Science.

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 10:20-10:40


Chatting with your programs to find vulnerabilities

Chris Gardner

During the Cyber Grand Challenge, an automated vulnerability exploitation competition, all the teams used the same approach: use a fuzzer to find bugs, and symbolic execution to generate an exploit for any bugs found. Fuzzers are great at triggering bugs, but their effectiveness is often limited by the quality of the initial testcase corpus that is fed to them. Testcases are easy for humans to create, but hard to generate automatically. Teams used a wide variety of techniques to generate initial seeds: from using very slow symbolic execution techniques to find inputs that triggered execution paths, to just using the word “fuzz” as the seed and hoping for the best. However, many of the programs in the CGC are console programs designed to be used by humans: meaning they give a prompt in English and expect a response. For this research we trained a chatbot Recurrent Neural Network on a set of testcases generated by humans, and ran the RNN against the test set with the goal of finding testcases that had higher code coverage than random guessing and could be used with a fuzzer to find bugs.

Chris recently graduated from UMBC, where he found a passion for malware analysis and binary exploitation. In his spare time he plays CTFs and bikes his way around Washington DC.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 10:30-11:30


Title:
Cloud Encryption: How to not suck at securing your encryption keys

10:30am

Cloud Encryption: How to not suck at securing your encryption keys
When
Sat, August 11, 10:30am 11:30am
Description
Speaker
------
Marie Fromm

Abstract
--------
Common Cloud Data Encryption patterns are not preventing data breaches because many are doing encryption key management wrong. There is a tendency to apply "compliance checkbox" encryption, which does nothing to protect data against common threats. In many cases, it's like buying a strong FIPS140-2 certified deadbolt but leaving the key in the door.

We'll roll up our sleeves and take a deep dive at the problem and explore practical, actionable ways a security practitioner can get better control of encryption keys used in cloud solutions. Finally, we'll discuss new ways of detecting when Bad Things are happening, and ways of using cloud automation to stop the bleeding.


Bio
-----------------
Marie leads a Cryptography team in a large global company, helping to design encryption solutions for I.T. as well as specialized cryptographic designs used in products and systems. Marie is passionate about both coffee and computer security and has 20 years experience in a variety of Infosec roles. Marie is a happy #RealLiveTransAdult

Twitter handle of presenter(s)
------------------------------
@msfromm

Website of presenter(s) or content
----------------------------------
http://www.mariefromm.com

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 12:00-12:59


Title:
Cloud Security Myths

Xavier Ashe
@xavierashe

Cloud Security Myths

Cloud Security is a magical world of as-a-service miracles. Just spin up your intrusion-detection-as-a-service, SOC-as-a-service, incident-response-as-a-service, and start feeding it security-intelligence-as-a-service. Come hear from this CISO-as-a-service unwrap the onion of cloud access security brokers (CASB), cloud workload protection platforms (CWPP), microsegmentation, cloud security posture management (CPSM), and software-defined perimeters (SDP). What do they do? Do they really work? What do you with all those security appliances youve accumulated?


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit

Saturday 08/11/18 from 1200-1350 at Table Two
Defense, Cloud professionals

Jayesh Singh Chauhan

Nowadays, cloud infrastructure is pretty much the de-facto service used by large/small companies. Most of the organisations have partially or entirely moved to cloud. With more and more companies moving to cloud, the security of cloud becomes a major concern. While AWS, GCP & Azure provide you protection with traditional security methodologies and have a neat structure for authorisation/configuration, their security is as robust as the person in-charge of creating/assigning these configuration policies. We all know, human error is inevitable and any such human mistake could lead to catastrophic damage to the environment.

Knowing this, audit of cloud infrastructure becomes a hectic task! There are a few open source tools which help in cloud auditing but none of them have an exhaustive checklist. Also, collecting, setting up all the tools and looking at different result sets is a painful task. Moreover, while maintaining big infrastructures, system audit of server instances is a major task as well.

CS Suite is a one stop tool for auditing the security posture of the AWS/GCP/Azure infrastructures and does OS audits as well. CS Suite leverages current open source tools capabilities and has custom checks added into one tool to rule them all.

https://github.com/SecurityFTW/cs-suite

Jayesh Singh Chauhan
Jayesh Singh Chauhan is a security professional with 7 years of experience in the security space. In past, he has been part of security teams of PayPal, PwC and currently works as the senior security engineer for Sprinklr. He has authored CS-Suite, OWASP Skanda, RFID_Cloner and CSRF PoC generator and has presented in BlackHat Asia, BlackHat EU, hackmiami, c0c0n, GES and Ground Zero Summit. He is the project leader for OWASP Skanda and leads the NULL Bangalore chapter.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo, Rm # after registration - Saturday - 20:00-23:59


Title:
Cobalt DEF CON Party 2018

Another year, another DEF CON Party. Start your night at the Flamingo Hotel with the Cobalt team. Join us for a night of drinks, music, and good company.

Drinks + Music + Snacks provided
Meet the Cobalt Team and the Cobalt Core
Network with others in the security space
Bring your InfoSec peers

Register: https://event.cobalt.io/def-con-party-2018

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 11:00-11:45


Compression Oracle Attacks on VPN Networks

Saturday at 11:00 in Track 2
45 minutes | Demo, Tool

Nafeez Security Researcher

Security researchers have done a good amount of practical attacks in the past using chosen plain-text attacks on compressed traffic to steal sensitive data. In spite of how popular CRIME and BREACH were, little was talked about how this class of attacks was relevant to VPN networks. Compression oracle attacks are not limited to just TLS protected data. In this talk, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. We also show a case study with a well-known VPN server and their plethora of clients. We then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward rather than claiming 'Thou shall not compress traffic at all.' One of the things that we would like to showcase is how impedance mismatches in these different layers of technologies affect security and how they don't play well together.

Nafeez
Ahamed Nafeez has a varied offensive security background with some emphasis on browsers, web services, and cryptography. He believes defending is much harder than attacking most of the time and appreciates the variables and challenges defenders have. These days he is interested in writing secure frameworks, automating attacks and more or less trying to learn to write good code.

He has spoken at a few security conferences in the past around web apps, browsers and security analysis of javascript. He tweets at @skeptic_fx and builds his side project assetwatch.io in free time, an automated asset discovery/monitoring service.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 15:10-15:50


Core OSINT: Keeping Track of and Reporting All the Things - Micah Hoffman

“Your client gives you their requirement, ““find the social media accounts of the target person and any friends they may have””. Simple enough. You execute your Standard Operating Procedures (you DO have a SOP, right?) and begin running tools, using your sock puppets, scraping web sites, and finding a ton of data. You’ve got CSVs, text output, images, URLs….OH MY! How do you keep track of all this data and, more importantly, how do you ensure that you can report on it and have covered all the pivot points for the OSINT investigation?

As OSINTers, pentesters, defenders, PIs, and others, we can easily get swamped in data. Join me as we look at some bad, some good, and some amazing methods of keeping your investigation on track.”


Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Saturday - 10:00-11:59


Title:
D(Struction)20 CTF

Part CTF, part lemon race, part game show, part demolition derby, the D(struction)20 CTF is a contest best played with a low-cost, usable, rugged, and powerful hacking platform! Bring your "indestructible" phones, your single-board computers with welded cases, or just take that old clunker gathering dust in the closet and put it to good (and possibly hilarious) use! Periodically during the competition, a random contestant from the leaderboard will roll the d20 of Destruction to decide what will happen to their rig. If they're very lucky, they roll a natural 20 and no damage will be inflicted! Otherwise, the d20 of Destruction will decide what type of damage will be done to their rig, be it physical impact, intense vibration, or something else! If the rig survives their chosen fate, the contestant may continue playing, but either way, rolling the d20 of Destruction results in a big point bonus that may make the difference between winning and losing, even if the rig is destroyed in the process!

More Info: @d20ctf

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Lobby bar - Saturday - 23:55-24:59


Title:
DC 26 GothCon

Yes! Join us! Follow #DCGothCon for updates. Saturday night at 11:55pm we're flashmobbing the lobbycon bar for the witching hour. Wear your favorite things. (All goths, goth-adjacent, and friends allowed.) If you want in on the ad-hoc planning, dm me your email for the slack.
More Info: https://twitter.com/clevrcat/status/1022851252349284353
More Info: @ClevrCat

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Location TBA - Saturday - 22:00-25:59


Title:
DC801 Party

DC801 group Party
More Info: https://www.dc801.org/party2018/

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Chill Out Lounge - Saturday - 12:00-12:59


Title:
Deaf Con Meet Up

DEAF CON is a California 501 (c)(3) Non-profit organization. We provide outreach to the Deaf and HH community and information security community. We encourage Deaf and HH information security professionals to attend conferences, like Defcon. We help to provide communication services and spaces for professionals to meet and network with others. Anyone can come and attend our meet up and hangout!

More Info: https://www.deafconinc.org/    @_DEAFCON_

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Saturday - 10:00-13:59


Decentralized Hacker Net

Saturday, 1000-1400 in Icon F

Eijah Founder, Promether

As hackers, sometimes we need to send data without anybody knowing anything. We don't want anybody to know what we're sending, so we use encryption. That's the easy part. We also don't want anybody to know that we're sending any data. That's the hard part. The observation of our presence on the network could be enough to get us in trouble. And that's just not acceptable. We need to figure out a way to hide in plain sight.

Creating an environment where data can be sent securely and our presence on the network is hidden, is not an easy thing to do. We can't rely on centralized technologies, which means we need to build a decentralized network. The network should be adaptive and flexible enough to send any type of data to any number of users. But how do we inject anonymity into a network while still supporting the verification of identity between parties? Can we establish trust without having to trust?

This workshop takes you through the process of creating a decentralized network that allows you to circumvent detection by governments and corporations. You'll be able to securely communicate and share data while masking your online identity. You'll create an adaptive, node-based infrastructure where data is shared via Distributed Hash Tables (DHT) backed by real-time asymmetric Elliptic-curve cryptography (ECC). If you've ever wanted to punch a hole through a great (or not-so-great) firewall, this workshop is for you.

Please note that this is a medium-level, technical workshop and requires that attendees have prior experience in at least one programming language, preferably C or C++. Bring your laptop, a USB flash drive, and your favorite C/C++ 11 compiler (>= gcc/g++ 4.9.2 or msvc 2015).

Prerequisites: Previous experience in at least one programming language is required. Previous experience with C/C++ and cryptography is helpful, but not required.

Materials: Laptop with Windows, Linux, or OSX. USB flash drive for saving their progress.

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/decentralized-hacker-net-icon-f-tickets-47194682566
(Opens July 8, 2018 at 15:00 PDT)

Eijah
Eijah is the founder of Promether and has 20+ years of software development and security experience. He is also the creator of Demonsaw, an encrypted communications platform that allows you to chat, message, and transfer files without fear of data collection or surveillance. Before that Eijah was a Lead Programmer at Rockstar Games where he created games like Grand Theft Auto V. He has been a faculty member at multiple colleges, has spoken about security and development at DEFCON and other security conferences, and holds a master's degree in Computer Science. Eijah is an active member of the hacking community and is an avid proponent of Internet freedom.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 11:20-11:40


DeepPhish: Simulating the Malicious Use of AI

Ivan Torroledo

Machine Learning and Artificial Intelligence have become essential to any effective cyber security and defense strategy against unknown attacks. In the battle against cybercriminals, AI-enhanced detection systems are markedly more accurate than traditional manual classification. Through intelligent algorithms, detection systems have been able to identify patterns and detect phishing URLs with 98.7% accuracy, giving the advantage to defensive teams. However, if AI is being used to prevent attacks, what is stopping cyber criminals from using the same technology to defeat both traditional and AI-based cyber-defense systems? This hypothesis is of urgent importance - there is a startling lack of research on the potential consequences of the weaponization of Machine Learning as a threat actor tool. In this talk, we are going to review how threat actors could exponentially improve their phishing attacks using AI to bypass machine-learning-based phishing detection systems. To test this hypothesis, we designed an experiment in which, by identifying how threat actors deploy their attacks, we took on the role of an attacker in order to test how they may use AI in their own way. In the end, we developed an AI algorithm, called DeepPhish, that learns effective patterns used by threat actors and uses them to generate new, unseen, and effective attacks based on attacker data. Our results show that, by using DeepPhish, two uncovered attackers were able to increase their phishing attacks effectiveness from 0.69% to 20.9%, and 4.91% to 36.28%, respectively.

Ivan Torroledo is the lead data scientist in the Cyxtera Research organization. In this role, he develops and implements Machine and Deep Learning algorithms to enhance phishing detection, network security, fraud detection, and malware mitigation. Ivan is also highly interested in research on the application of Machine and Deep Learning in high energy physics and astrophysics. Before joining Cyxtera, he worked at the Central Bank of Colombia, applying high performance computing tools to monetary policy analysis. He is passionate about applying the most advanced scientific knowledge to cyber security industry. Ivan holds degrees in Economics and Physics.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 14:15-16:15


Title: DEF CON Biohacking Village Badge Talk

Speaker: Joel Murphy
Abstract:
Joel will talk about how the DEF CON Biohacking Village came together in all its wonderful glory

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Saturday - 18:00-19:59


Title:
DEF CON Blitz Chess Tournament

The first-ever DEF CON Chess Tournament, in Blitzkrieg format, in which there will be just 5 minutes on each players clock. During the tournament, each player will play every other player one time. A victory is 1 point, a draw 1/2, and a loss 0. At the end of the tournament, the player with the highest score wins the grand prize (tbd) and a trophy. In the event of a tie, there will be a sudden death playoff between the highest scorers to determine the champion.
More Info: @DefconChess

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Saturday - 06:00-06:59


Title:
Defcon 26 4X5K run

"Good Livin" is returning to DefCon 26, because maybe you want a little more! Maybe you feel like getting up at 5:30 in Vegas. Maybe you didn't stop the night before. Maybe because 6 AM is the coolest time for a run in Vegas (It's only 80!) Who cares let's go for a run!
We hit all the hot spots on the 4x5K @defcon with @whereiskurt ! Details here. https://www.reddit.com/r/Defcon/comments/8rcc5m/defcon_26_4_x_5k_is_on_again/ . . .
Also don't forget a World Run by Hackers https://www.eventbrite.com/e/world-run-by-hackers-5th-edition-registration-47811111321 . . . for even more running.
More info: @Agent__X__ tweet

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Palace Forum Tower, Rm TBA - Saturday - 21:00-25:59


Title:
Defcon Monero Party 2018

For immediate release

From: The Monero Enterprise Alliance

Last year, the Monero Enterprise Alliance reached out to the privacy loving hackers of Defcon and hosted an open house gathering of a few hundred friends and supporters at the first Defcon Monero Party. It brought people together, and everyone had a blast.

The event was such a success, that we're doing it again, and we're going bigger. Once again at Caesar's Palace; once again, YTcracker is kicking off the event on Saturday night at 9pm. DJ KSODIP spins at 10pm and FuzzyNop slices 11pm. The room is bigger, the music is bolder.
. . .
More info: Defcon Monero Party 2018 reddit announcment
More info: @cinnamonflower

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 13:30-13:59


Defense in Depth: The Path to SGX at Akamai

Sam Erb, Software Engineer at Akamai Technologies

In this presentation you will learn how Akamai has spent the past 4 years working toward preventing the next TLS heartbleed incident. Nothing hypothetical --only deployed defense-in-depth systems will be discussed. This talk will include how we deployed Intel SGX at scale in our network.

Sam Erb (Twitter: @erbbysam) is a 2x black badge winner with Co9 in the Badge Challenge and is working to make the Internet a safer place.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 13:30-13:50


Detecting Blue Team Research Through Targeted Ads

Saturday at 13:30 in Track 2
20 minutes |

0x200b Hacker

When my implant gets discovered how will I know? Did the implant stop responding for some benign reason or is the IR team responding? With any luck they'll upload the sample somewhere public so I can find it, but what if I can find out if they start looking for specific bread crumbles in public data sources? At some point without any internal data all blue teams turn to OSINT which puts their searches within view of the advertising industry. In this talk I will detail how I was able to use online advertising to detect when a blue team is hot on my trail.

0x200b
I'm just a Security researcher who's always using tools in unintended ways. I'm a defender by trade, I work on understating the adversary then designing the mitigations based on what I've learned. Currently I work at the intersection of healthcare and the cloud, designing systems that make it harder for the adversary to operate.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 14:00-14:30


Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones

Saturday at 14:00 in Track 2
20 minutes |

Eduardo Izycki Hacker

Rodrigo Colli Hacker

In his notorious book Leviathan, the XVII century English philosopher Thomas Hobbes stated that: we should give our obedience to an unaccountable sovereign otherwise what awaits us is a state of nature that closely resembles civil war—a situation of universal insecurity. It looks like a lot of current political leaders have red and found the teachings of Hobbes applicable to modern day online life.

We witness the rise of the Digital Leviathan. The same apps and applications that people use to connect, express opinions and dissatisfaction are used by governments (even democratic ones) to perform surveillance and censorship.

This talk will focus on evidence of Nation-State spying, performing surveillance, and censorship. The aim is to present a systematical approach of data regarding cyber attacks against political targets (NGO/political groups/media outlets/opposition), acquisition and/or use of spywares from private vendors, requested content/metadata from social media/content providers, and blocking of websites/censorship reported by multiple sources.

The findings of the research imply that:
- 25 nations that have already used cyber offensive capabilities against political targets.
- 60 nations acquired/developed spyware.
- 117 nations requested content/metadata from social media/content providers.
- 21 countries perform some level of censorship to online content.

Eduardo Izycki
Eduardo Izycki and Rodrigo Colli are both independent researchers with experience on information security and incident response. They worked in private-public task force for threat and risk assessment to major events in Brazil during the Confederations Cup 2013, World Cup 2014 and Olympic Games 2016.

Rodrigo Colli


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 11:00-11:30


Disabling Intel ME in Firmware

Brian Milliron

Abstract

Modern OSes have consistently raised the bar in regards to security with each revision, largely due to the efforts of the security community to find and report bugs. Because of this the OS layer is reasonably secure at this point. However the security of the hardware layer has fallen far behind and now represents the biggest threat. In particular, the Intel Management Engine is a huge security hole which Intel has put great effort into forcing users to accept blindly. No more. This talk will present a how to on permanently disabling Intel ME by reflashing the BIOS using a Raspberry Pi. Take back control of your own hardware and give Big Brother’s Backdoor the boot.

Bio

Brian Milliron works as a freelance penetration tester for ECR Security. He has been monkeying around with security since his teens and has worked as a pentester for the last 8 years, working primarily with the Energy/Utility sector. Besides popping shells and defeating Big Brother technology, he also enjoys exploring the RF spectrum, finding new uses for Raspberry Pis, studying malware, nature and off-grid living.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 13:15-13:45


Disassembly and Hacking of Firmware Where You Least Expect It: In Your Tools- with live hacking demonstration

August 11, 2018 1:15 PM

In this session we'll cover: Why EVERYTHING is a computer running software and can be attacked Vulnerability and capability assessment of firmware attacks Physical ramifications of tool attacks Finding and verifying firmware Some instances where "less security" is better Safety / Security tips for firmware Screen reader support enabled.

Speaker Information

Monta Elkins

FoxGuard Solutions

Monta Elkins is currently Hacker-in-Chief for FoxGuard Solutions, an ICS patch provider. Considered by many of his friends to be the Chuck Norris of ICS Cybersecurity, Rackspace enjoyed his tenure as Security Architect. Monta has been a speaker at more security conferences than even his enormous ego can remember including: DEFCON, EnergySec, ICSJWG, GridSecCon, CIP Emerging Technology Roundtable, ICS CyberSecurity, SANS ICS Summit, and Nuke CIP Pyongyang. In his spare time, Monta is the totally-safe-for-work "Coke and Strippers" YouTube channel creator, solving all the world's problems using Cold War era electronic technologies. https://tinyurl.com/y6vpmbw4 Known for having once discovered ALL the devices on an ICS network, Monta has served as a guest lecturer for colleges, universities and elsewhere teaching Arduino programming/circuit design, SDR, and rapid prototyping techniques. As a small child, he entertained himself by memorizing Pi -- backwards.


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 18:00-18:59


Title: Discussion

Speakers: Speaker TBA

Description:




Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 17:00-17:59


Title: Diversity and Equality in Infosec

Speakers: Speaker TBA

Description:

As the field of Infosec continues to grow in numbers, it is also growing in terms of diversity. Arguably the field needs bring in as many diverse perspectives as possible in order to face ever escalating technological and non-technological challenges. We seek to discuss the ethics of promoting diversity and equality, the ethics of the current methods in promoting diversity and equality, and what can be done to ethically promote diversity and equality in infosec.




Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 13:30-14:15


Title: DNA Encryption: Bioencryption to Store Your Secrets in living organisms

Speaker: John Dunlap
Abstract:
Recent advances in genetic sequencing and modification technology have made the goal of storing data in living cells an attainable goal. In this talk John Dunlap will cover the history of attempting to encrypt secrets into living cells, and discuss his own experiments encrypting secrets in living cells with affordable lab equipment. John will discuss lab methods, suitable encryption algorithms, and methods for detecting data tucked away in innocuous model organisms, as well as potential issues with the concept of DNA as data storage. John will also present his own software tool for converting data into a suitable form for storage in Living organisms.

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 10:00-10:59


Title:
Don't Bring Me Down: Weaponizing botnets


@3ncr1pted

Don't Bring Me Down: Weaponizing botnets

"We're seeing an evolution in botnets. The impact of Mirai bringing down a huge swath of the internet two years ago raised awareness but the release of the Mirai code has raised a new army of botnets that are capable of more than just DDOS on basic systems. But Mirai isnt the only botnet in town. There are some serious contenders with unexpected enhancements looking for new recruits to work in the bitcoin mines.


Routers and cameras and toasters oh my! The ongoing deluge of devices that connect to the Internet is an IoT nightmare, and an attackers dream. Default credentials and weak passwords are only the beginning. Especially with a bevy of unpatched, vulnerable systems on which to unleash some substantial exploits. Persistence and lateral movement ftw!
DDoS isnt just childs play when attacks are in the realm of terabytes. What happens when we move past outages, and into destructive payloads? And what happens when weaponization meets automation? In this talk, well explore what may come next when nation states move into the turf once held by script kiddies, and build-a-bot gets leveled up in a very bad way."


Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Saturday - 21:00-22:59


Title:
Drunk Hacker History

One night only at DEF CON 26, Drunk Hacker History is back by popular demand for a 4th historic year! The past three years proved to the entire galaxy that in the game of intoxicated nostalgic recall, there are no losers and those who won, lost. The DEF CON community has a history of sorts. It is a history is filled with mephitic adventures, quarter-truths, poor life choices, incontinence, and various forms of C2H6O. This year, we will connect our stacks to extract some of the most celebrated, exaggerated and entertaining moments in Hacker History through the interpretation of a group of well-trained participants. In the end, we will, again, crown the Drunkest Hacker in History and you, the audience, will rejoice! Hosted by c7five & jaku, if you like eating from an 80s candy cannon, Cats the musical, and feats of strength, you wont want to miss the return of Drunk Hacker History! Presented in DEF CON 4D and made possible by a grant from monkeyhelpers.org.

More Info: @DrunkHackerHist

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 10:00-10:30


Ducky-in-the-Middle: Injecting Keystrokes into Plaintext Protocols

Esteban Rodriguez, Security Consultant at Coalfire Labs

This talk will cover the basics of protocol analysis using Wireshark and lead into analyzing two custom application protocols used for extending the mouse and keyboard of a remote system. The two applications covered are HippoRemote, and iOS app to use a iPhone as a trackpad and keyboard, and Synergy, an application to allow for control of multiple operating systems with one mouse and keyboard. By performing a MITM attack, an attacker can abuse this protocols to send keystokes to a remote machine to gain remote code execution similar to a USB rubber ducky attack. The talk will also discuss mitigations and open source code will be provided for exploitation. The target audience should have a basic understanding of Wireshark, ARP spoofing, and reverse shells.

Esteban Rodriguez (Twitter: @n00py1) a Security Consultant at Coalfire Labs. He primarily perform network and web application penetration testing. Esteban worked previously at Apple Inc performing intrusion analysis and incident response. Outside of work, Esteban blog at n00py.io and perform independent security research. He have authored multiple penetration testing tools and have presented at BSides Puerto Rico covering penetration testing techniques.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


EAPHammer

Saturday 08/11/18 from 1400-1550 at Table One
Offensive security professionals, red teamers, penetration testers, researchers.

Gabriel Ryan

EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate how fast this tool is, here's an example of how to setup and execute a credential stealing evil twin attack against a WPA2-EAP network in just two commands:

# generate certificates
./eaphammer --cert-wizard

# launch attack
./eaphammer -i wlan0 --channel 4 --auth wpa --essid CorpWifi --creds

EAPHammer’s userbase has doubled since its debut in early 2017, and the project has matured substantially to meet this demand. It is now the first rogue AP attack tool to offer out-of-the-box support for attacks against 802.11n/ac. Most of the added complexity associated with these protocols is managed automatically by EAPHammer.

We’ve also added some cool feature like Hashcat support, Karma, and SSID cloaking, as well as an extended UI and config management system for advanced users who require granular control over their rogue access points.

To check out the codebase, head to https://github.com/s0lst1c3/eaphammer

Gabriel Ryan
Gabriel Ryan is a penetration tester and researcher with a passion for wireless and infrastructure testing. He currently serves a co-founder and managing security consultant for Digital Silence, a Denver-based consulting firm that specializes in impact driven testing and red team engagements. Prior to joining Digital Silence, Gabriel worked in penetration tester for security services firm Gotham Digital Science as well as OGSystems, a Virginia-based geospatial intelligence contractor. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys writing music and riding motorcycles.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Roman Chillout - Saturday - 20:00-19:59


EFF Fireside Hax (AKA Ask the EFF)

Saturday at 20:00 in Roman Chillout
Fireside Hax | Audience Participation

Kurt Opsahl Deputy Executive Director & General Counsel, Electronic Frontier Foundation

Nate Cardozo EFF Senior Staff Attorney

Jamie Lee Williams EFF Staff Attorney

Andrés Arrieta Technology Products Manager

Katiza Rodriguez International Rights Director

Nathan 'nash' Sheard Grassroots Advocacy Organizer

Relax and enjoy a Fireside Hax chat while you get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for freedom and privacy in the computer age. This Fireside Hax discussion will include updates on current EFF issues such as the government's effort to undermine encryption (and add backdoors), the fight for network neutrality, discussion of our technology projects to spread encryption across the Web and emails, updates on cases and legislation affecting security research, and much more. Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law and technology issues that are important to you.

Kurt Opsahl
Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders' Rights Project. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation, and other online liability matters, including working on Kelly v. Arribasoft, MGM v. Grokster and CoStar v. LoopNet. For his work responding to government subpoenas, Opsahl is proud to have been called a "rabid dog" by the Department of Justice. Prior to Perkins, Opsahl was a research fellow to Professor Pamela Samuelson at the U.C. Berkeley School of Information Management & Systems. Opsahl received his law degree from Boalt Hall, and undergraduate degree from U.C. Santa Cruz. Opsahl co-authored "Electronic Media and Privacy Law Handbook." In 2007, Opsahl was named as one of the "Attorneys of the Year" by California Lawyer magazine for his work on the O'Grady v. Superior Court appeal. In 2014, Opsahl was elected to the USENIX Board of Directors.

@kurtopsahl

Nate Cardozo
Nate Cardozo is a Senior Staff Attorney on the Electronic Frontier Foundation's digital civil liberties team. In addition to his focus on free speech and privacy litigation, Nate works on EFF's Who Has Your Back? report and Coders' Rights Project. Nate has projects involving cryptography and the law, automotive privacy, government transparency, hardware hacking rights, anonymous speech, electronic privacy law reform, Freedom of Information Act litigation, and resisting the expansion of the surveillance state. A 2009-2010 EFF Open Government Legal Fellow, Nate spent two years in private practice before returning to his senses and to EFF in 2012. Nate has a B.A. in Anthropology and Politics from U.C. Santa Cruz and a J.D. from U.C. Hastings where he has taught first-year legal writing and moot court. He brews his own beer, has been to India four times, and watches too much Bollywood.

Jamie Lee Williams
Jamie Williams is a staff attorney at the Electronic Frontier Foundation, where she is part of EFF's civil liberties team. Jamie focuses on the First and Fourth Amendment implications of new technologies, and is part of EFF's Coder's Rights Project, which protects programmers and developers engaged in cutting-edge exploration of technology. Jamie joined EFF in 2014. Prior to joining EFF, Jamie clerked for Judge Saundra Brown Armstrong in the Northern District of California, and practiced at Paul Hastings LLP, as an associate in the firms' litigation department. Jamie was also a law clerk at the Alameda County Public Defender. Jamie has a J.D. from the University of California, Berkeley School of Law (Boalt Hall) and a B.A. in journalism from the University of Wisconsin, Madison.

Andrés Arrieta
Andrés Arrieta is the Technology Projects Manager for the Electronic Frontier Foundation. A Telecom and Electronics Engineer, he previously worked for Mobile Operators managing and developing projects from the Radio and Core networks to IT systems like Spotify Premium for Movistar. Seeing the state of privacy in the digital world from previous experiences, he joins the EFF to help develop tools that address these issues.

Katiza Rodriguez
Katitza Rodriguez is EFF's international rights director. She concentrates on comparative policy of international privacy issues, with special emphasis on law enforcement, government surveillance, and cross border data flows. Her work in EFF's International Program also focuses on cybersecurity at the intersection of human rights. Katitza also manages EFF's growing Latin American programs. She was an advisor to the UN Internet Governance Forum (2009-2010). Before joining EFF, Katitza was director of the international privacy program at the Electronic Privacy Information Center in Washington D.C., where amongst other things, she worked on The Privacy and Human Rights Report,an international survey of privacy law and developments. Katitza is well known to many in global civil society and in international policy venues for her work at the U.N. Internet Governance Forum and her pivotal role in the creation and ongoing success of the Civil Society Information Society Advisory Council at the Organisation for Economic Co-operation and Development, for which she served as the civil society liaison while at EPIC from 2008 to March 2010. Katitza holds a Bachelor of Law degree from the University of Lima, Peru. Katitza's twitter handle is @txitua.

Nathan 'nash' Sheard
Nathan 'nash' Sheard is EFF's Grassroots Advocacy Organizer. nash works directly with community members and organizations to take advantage of the full range of tools provided by access to tech, while engaging in empowering action toward the maintenance of digital privacy and information security.


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 11:00-11:59


Title: Ethics of Technology in Humanitarian and Disaster Response

Speakers: Speaker TBA

Description:

How do we combat the moral dilemmas technology brings to humanitarian and disaster response? Ethically based decision making can improve the influence of technology during a crisis.




Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 14:00-14:30


Title: Examining Monero's Ring Signatures

Speakers: Justin Ehrenhofer

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 11:00-11:45


Exploiting Active Directory Administrator Insecurities

Saturday at 11:00 in Track 1
45 minutes | Demo

Sean Metcalf CTO, Trimarc

Defenders have been slowly adapting to the new reality: Any organization is a target. They bought boxes that blink and software that floods the SOC with alerts. None of this matters as much as how administration is performed: Pop an admin, own the system. Admins are being dragged into a new paradigm where they have to more securely administer the environment. What does this mean for the pentester or Red Teamer?

Admins are gradually using better methods like two-factor and more secure administrative channels. Security is improving at many organizations, often quite rapidly. If we can quickly identify the way that administration is being performed, we can better highlight the flaws in the admin process.

This talk explores some common methods Active Directory administrators (and others) use to protect their admin credentials and the flaws with these approaches. New recon methods will be provided on how to identify if the org uses an AD Red Forest (aka Admin Forest) and what that means for one hired to test the organization's defenses, as well as how to successfully avoid the Red Forest and still be successful on an engagement.

Some of the areas explored in this talk:

If you are wondering how to pentest/red team against organizations that are improving their defenses, this talk is for you. If you are a blue team looking for inspiration on effective defenses, this talk is also for you to gain better insight into how you can be attacked.

Sean Metcalf
Sean Metcalf is founder and principal consultant at Trimarc (www.TrimarcSecurity.com) a consulting company which focuses on improving enterprise Active Directory security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a former Microsoft MVP, and has presented on Active Directory attack and defense at Black Hat, BSides, DEF CON, DerbyCon, BlueHat, & Shakacon security conferences. He currently provides security consulting services to customers and regularly posts interesting Active Directory security information on his blog, ADSecurity.org.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 13:00-13:59


Title:
Exploiting IoT Communications - A Cover within a Cover

Mike Raggo & Chet Hosmer
@MikeRaggo & @ChetHosmer

Exploiting IoT Communications - A Cover within a Cover

As IoT continues to introduce new operating systems, protocols, and frequencies the attack surface available for hidden communications increases substantially. In this presentation we explore the fundamental flaws in many of these IoT designs to identify methods of exploiting these communications by hiding data and riding these channels to deliver data and messages between devices and networks. Well cover M2M carrier packets, IoT Hub out-of-band communications, and IoT dead-drops in the cloud. Then with proof of concept code well demonstrate these exploits for the audience, and provide the basis for enhancing ones forensic strategy by looking deeper into these mysterious IoT communications.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 14:30-14:50


Fire & Ice: Making and Breaking macOS Firewalls

Saturday at 14:30 in Track 3
20 minutes | Demo, Tool, Exploit

Patrick Wardle Chief Research Officer, Digita Security

In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential role. Many a malware has been generically thwarted thanks to the watchful eye of these products.

However on macOS, firewalls are rather poorly understood. Apple's documentation surrounding it's network filter interfaces is rather lacking and all commercial macOS firewalls are closed source.

This talk aims to take a peek behind the proverbial curtain revealing how to both create and 'destroy' macOS firewalls.

In this talk, we'll first dive into what it takes to create an effective firewall for macOS. Yes we'll discuss core concepts such as kernel-level socket filtering—but also how to communicate with user-mode components, install privileged code in a secure manner, and simple ways to implement self-defense mechanisms (including protecting the UI from synthetic events).

Of course any security tool, including firewalls, can be broken. After looking at various macOS malware specimens that proactively attempt to detect such firewalls, we'll don our 'gray' (black?) hats to discuss various attacks against these products. And while some attacks are well known, others are currently undisclosed and can generically bypass even today's most vigilant Mac firewalls.

But all is not lost. By proactively discussing such attacks, combined with our newly-found understandings of firewall internals, we can improve the existing status quo, advancing firewall development. With a little luck, such advancements may foil, or at least complicate the lives of tomorrow's sophisticated Mac malware!

Patrick Wardle
Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

@patrickwardle


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


firstorder

Saturday 08/11/18 from 1000-1150 at Table Three
Offense

Utku Sen

Gozde Sinturk

Perimeter defenses are holding an important role in computer security. However, when we check the method of APT groups, a single spear-phishing usually enough to gain a foothold on the network. Therefore, red teams are mostly focused on "assume breach" type of scenarios. In these scenarios, testers need to use a post-exploitation framework. Besides that, testers also need to hide the server-agent communication from NIDS (Network Intrusion Detection Systems). firstorder is designed to evade Empire's C2-Agent communication from anomaly-based intrusion detection systems. It takes a traffic capture file (pcap) of the network and tries to identify normal traffic profile. According to results, it creates an Empire HTTP listener with appropriate options.

Utku Sen
Utku Sen is a security researcher who is mostly focused on following areas: application security, network security, tool development. He presented his tool, Leviathan Framework in Black Hat USA Arsenal and DEF CON Demo Labs in 2017. He also nominated for Pwnie Awards on "Best Backdoor" category in 2016.". He currently works in Tear Security.

Gozde Sinturk
Gozde Sinturk is Security Researcher and Python Developer who involved in projects related to machine learning, natural language processing, and big data. She is developing security tools in her current position. She currently works in Tear Security.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 10:15-10:59



Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Saturday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Saturday - 17:00-17:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Saturday - 10:00-13:59


Fuzzing with AFL (American Fuzzy Lop)

Saturday, 1000-1400 in Icon B

Jakub Botwicz Primary Security Engineer, Samsun Poland R&D Center

Wojciech Rauner Security Engineer, Samsung Research

This workshop will give participants information how to use afl (American fuzzy lop) to identify vulnerabilities in different applications and modules. afl is a security-oriented fuzzer, that allows to efficiently and automatically test software components allowing to find interesting security issues. It is one of leading tools and essential component in the toolbox of security researcher and hacker (penetration tester). List of afl trophies (issues found using afl) can be read at: http://lcamtuf.coredump.cx/afl/ Participants will have possibility to learn how afl works and how to use it successfully based on real life cases - vulnerabilities found by trainers in different open source components. During the training multiple cases and tips will be presented (see detailed outline for more complete list).

Prerequisites: None

Materials: To participate in the hands-on sections, attendees need to bring a laptop with minimum 2 GB RAM which can run a virtual machine or a Docker container. Virtual machine and Docker container with all necessary tools will be provided before the workshop.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/fuzzing-with-afl-american-fuzzy-lop-icon-b-tickets-47194653479
(Opens July 8, 2018 at 15:00 PDT)

Jakub Botwicz
Jakub works as Primary Security Engineer in Samsung Poland R&D Center leading a team of security researchers. He has more than 15 years of experience in information security and previously worked e.g. in: one of world leading payment card service providers, Big4 consulting company and vendor of network encryption devices. Jakub holds PhD degree of Warsaw University of Technology and security community certificates including: GWAPT, CISSP, ECSA. Currently he works providing security assessments (static and dynamic analysis) of different mobile and IoT components. afl helped him find numerous vulnerabilities, also in open source components.

Wojciech Rauner
Wojciech has background as a full-stack developer, currently works as a Security Engineer for Samsung Research Poland. His current area of research is IoT and mobile devices. Likes to talk about cryptography and higher level languages. Loves to take things apart, build new things (because old ones got irreversibly broken in the process) and make stuff work (again). Plays in CTF Samsung R&D PL team (crypto/net/programming).


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 15:00-15:59


Grand Theft Auto: Digital Key Hacking

Huajiang "Kevin2600" Chen, Security Research at Ingeek
Jin Yang, Independent Security Researcher

The security of automobiles accesses control system is a topic often discussed. Today's vehicles rely on key-fob control modules, to ensure the vehicle is accessible to authorized users only. While most traditional automobile key-fob systems have been shown to be insecure in the past, here comes a game changer. Instead of the regular key-fob system, some car owners will be able to access their vehicle by having their smartphone authenticates as a digital car key.In this talk, we will reveal the research and attacks for one of digital car keys system in the current market. By investigating how these features work, and how to exploit it through different possibles of attack vectors, we will demonstrate the security limitations of such system. By the end of this talk, the attendees will not only understand how to exploit these systems also which tools can be used to achieve our goals.

Huajiang "Kevin2600" Chen (Twitter: @kevin2600) is a security researcher at Ingeek. And a member of Team-Trinity. The Team-Trinity is a Non-profit group of security researchers, mainly focus on wireless and embedded systems vulnerability research. Team members have worked extensively with binary reverse engineering, mobile security, and hardware security. Kevin2600 has spoken at various conferences including XCON, KCON, OZSecCon, BSides, and Alibaba-Cloud-Zcon.

Jin Yang is a member of Team-Trinity. The Team-Trinity is a Non-profit group of security researchers, mainly focus on wireless and embedded systems vulnerability research. He work in network security industry for over 10 years and focus on the Automated Virus Analysis, IoT Security, Threat Intelligence and Rootkits. Jin has spoken at XCon; AVAR and KCon.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 11:30-12:00


Title:
Green Locks for You and Me

11:30am

Green Locks for You and Me
When
Sat, August 11, 11:30am 12:00pm
Description



Speaker
------
Wendy Knox Everette

Abstract
--------
How do you give your personal domain a green "Secure" lock? Can you prevent your domain from being used for spam and phishing emails?

This talk is a little different from most "crypto" talks - it's not about how some neat new encryption algorithm works, or writing code. Instead, it's about how to use the awesome crypto tools already available to make your online presence more secure. This talk came out of my frustration with tutorials online for setting up my personal website domain with TLS and my email domain with DMARC/DKIM/SPF. We'll walk through how to use free services to serve a website over TLS and how to configure a personal email domain to block it from being used to send spam and phishing emails.

Bio
-----------------
Wendy Knox Everette (@wendyck) is a hacker lawyer who began her career as a software developer, before going to law school, where she focused on national security law and computer security issues. Currently she lives in Washington State where she advises companies on risk and security regulations. She created and hosted the first student webserver to host personal homepages at her undergrad in 1995, and registered her personal domain in 2000, but only recently got it moved to TLS.

Twitter handle of presenter(s)
------------------------------
@wendyck

Website of presenter(s) or content
----------------------------------
https://www.wendyk.org

Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


GreyNoise

Saturday 08/11/18 from 1200-1350 at Table Three
Defenders, blue teamers, SOC and network analysts

Andrew Morris

GreyNoise is a system that collects all of the background noise of the Internet. Using a large network of geographically and logically dispersed passive collector nodes, GreyNoise collects, labels, and analyzes all of the omnidirectional, indiscriminate Internet-wide scan and attack traffic. GreyNoise data can be used to filter pointless alerts in the SOC, identify compromised devices, pinpoint targeted reconnaissance, track emerging threats, and quantify vulnerability weaponization timelines.

https://greynoise.io/

Andrew Morris
Andrew Morris is the founder of GreyNoise Intelligence, a DC-based cyber security company, and likely holds the world record for amount of time spent staring at Internet-wide scan traffic. Prior to founding GreyNoise, Andrew worked as a researcher, red team operator, and consultant for several large cyber security firms including Endgame, NCC group, and KCG. Outside of work, Andrew enjoys playing fingerstyle acoustic guitar and tries to figure out what his dreams mean.


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 15:00-15:59


Title: Hack Back: Not An Option, But A Necessity? (A Mini-Workshop)

Speakers: David Scott Lewis

Description:

David Scott Lewis
“They don’t fear us.” This was General Nakasone’s response to Senator Sullivan’s remark that “we’re the world’s cyber punching bag” during Mr. Nakasone's confirmation hearings as NSA Director and USCYBERCOM Commander. This talk will present hack back as a form of offensive cyber going beyond active defense, persistent engagement, and the cyber kill chain, yet consistent with proposed legislation, and will put forth the claim that nextgen hack back will evolve into a hyperwar battlespace deterrent.
Concerns such as attribution and escalation will be addressed, as will the potential role of AI, cybernetics, and quantum computing. A working framework for hack back will be presented – HBaaS/ADaaS (Hack Back-as-a-Service/Active Defense-as-a-Service), as will reasons why culture must play a key role in developing policy options.
For illustrative purposes, China and Chinese culture will be examined in depth. This examination will begin with a look at China’s Mearsheimerian foreign relations practices, and will then review how Chinese culture and cultural norms should guide U.S. hack back policies specific to China.




Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Flamingo - 3rd floor - Chillout Rm - Saturday - 20:30-23:59


Title:
Hacker Flairgrounds

This is the Meetup destination for badge collectors, designers, and prototypers that you have been waiting for! A social environment to show off you custom badges, discuss projects to make you own badges and to talk to collectors who cherish your work. Flashing LEDs, crafting time, trading, and the celebration of badge craft all in one.

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - Saturday - 20:00-21:59


Title:
Hacker Jeopardy

Hacker Jeopardy is back for its 24th unbelievable year! Three teams of three battle each round to face last year's champion in the final. 100 points for every beer consumed makes the answers, well, less predictable as the game goes on. Antics, swag, and audience participation -- how can you go wrong? WARNING: 18+ only due to adult language and innuendo. We're offended if you're not offended.

More Info: http://www.hackerjeopardy.org

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Emperors Level - Chillout Rm - Saturday - 20:00-25:59


Title:
Hacker Karaoke

Do you like to sing? Do you want to perform? Ever wanted to sing in front of others? Come on down to the 10th Annual Hacker Karaoke, DEFCON's on-site karaoke experience. You can be a star, or if you don't want to be a star, you can also take pride in making an utter fool of yourself.

More Info: https://hackerkaraoke.org/   @HackerKaraoke

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 16:15-16:59


Title: Hacking Human Fetuses

Speaker: Erin Hefley
@erintoxicating
About Erin:
Erin Hefley is a resident physician in her final year of training with the Phoenix Integrated Residency in Obstetrics & Gynecology. She has a background in public health and women's health, and obtained a Master of Public Health degree from the University of Northern Colorado prior to attending medical school at the University of Arizona - Phoenix. This is her 6th Defcon attendance over the past decade, and she is thrilled to have witnessed the development and expansion of the Biohacking Village. Her current interests include reproductive health technology, women's health policy, running, and vampire erotica
Abstract:
"As prenatal testing and ultrasound technology have greatly improved, so has our ability to diagnose birth defects and genetic diseases earlier and earlier in pregnancy. Until recently, our only available options were to offer pregnancy termination or wait to see if the baby survived long enough to be treated after birth. But what if we had the capability to intervene before those genetic mutations had a chance to cause their harmful effects, sparing parents from the agony of uncertain pregnancy outcomes and saving children from debilitating diseases? In last year’s “Designer Babies: Hacking Human Embryos” we discussed pre-implantation genetic testing and embryo modification as a means to identify and treat heritable diseases, by correcting harmful gene mutations before a pregnancy even begins. Since then, exciting new research has shown that even after a pregnancy is under way, opportunities still exist for hacking the biological machinery of the fetus to alter its developmental course.This talk will review new and rapidly evolving strategies to treat genetic disease in utero – while the baby is still in the womb - by hijacking the embryologic mechanisms responsible for fetal growth and development.
Examples include:
- injection of a critical protein into the amniotic fluid surrounding babies with X-linked hypohydrotic ectodermal dysplasia, a genetic condition causing a lack of sweat glands and the life-threatening inability to regulate temperature
- transfusion of mesenchymal stem cells into the fetal umbilical cord to treat osteogenesis imperfecta or “brittle bone disease”
- in utero blood and bone marrow transplant to treat the fatal hemoglobin disorder alpha-thalessemia major
- correcting deformities such as cleft lip and palate by triggering cell signaling pathways ""knocked out"" by genetic mutation "

Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 14:00-14:59


Title:
Hacking Phenotypic Pathways In Cannabis

Notes from a Cannabis breeder
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 11:00-11:45


Hacking PLCs and Causing Havoc on Critical Infrastructures

Saturday at 11:00 in 101 Track, Flamingo
45 minutes | Demo, Exploit

Thiago Alves Ph.D. Student and Graduate Research Assistant at the University of Alabama in Huntsville

Programmable Logic Controllers (PLCs) are devices used on a variety of industrial plants, from small factories to critical infrastructures like nuclear power plants, dams and wastewater systems. Although PLCs were made robust to sustain tough environments, little care was taken to raise defenses against potential cyber threats. As a consequence, threats started pouring in and causing havoc. During this presentation I will talk about the architecture of a PLC and how it can be p0wned. There will be some live demonstration attacks against 3 different brands of PLCs (if the demo demons allow it, if not I will just show a video). Additionally, I will demonstrate two vulnerabilities I recently discovered, affecting the Rockwell MicroLogix 1400 series and the Schneider Modicon M221 controllers.

Thiago Alves
Thiago Alves received his B.S. degree in electrical engineering from the"Pontifícia Universidade Católica" (PUC) in 2013. In 2014 he created OpenPLC, the world's first open source industrial controller. OpenPLC is being used as a valuable tool for control system research and education. The OpenPLC project has contributions from several universities and private companies, such as Johns Hopkins and FreeWave Technologies. In 2017 Thiago won first place in CSAW, the world's largest student-run cybersecurity competition, with his innovative embedded security solution for OpenPLC. Currently Thiago is a Ph.D. student at the University of Alabama in Huntsville. His research interests include cybersecurity for SCADA systems, industrial controllers and embedded systems.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 14:00-14:59


Title:
Hacking the Technical Interview

Marcelle & Kelley
@marcelle_fsg & @ccsleuth

Hacking the Technical Interview

"Marcelle and Kelley will provide tips to the audience on how to survive a technical interview and possibly even shine in one! We are not recruiters or HR professionals. We have, however, a LOT of experience as interviewees and have developed some strategies that wed like to share. Our industry experience lies in various technical arenas, including public sector, private sector, and law enforcement. Topics will include the not-so-subtle art of salary negotiation, how to best prepare for questions (TCP 3-way handshake, anyone?), recognizing the roles of different interviewers, and how to keep your cool. We are also not attorneys, but will touch on illegal interview questions and how to handle them, as well as new laws about salary history. Also featured will be tales from the trenches, hopefully amusing and/or illuminating. Time permitting, we will cover some resume best practices."


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 16:45-17:30



Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 10:00-10:40


Hacking your HackRF

Mike Davis

Abstract

The HackRF isn’t just an SDR - it’s an open-source, open-hardware device that’s designed to be modified. In this talk I walk through the basics of how to open and modify the hardware and software. I also show all the mods and hacks I’ve done to/with my HackRFs, including physical synchronisation between HackRFs, quadcopter transmitter adaptation, audio encoding/decoding, quadcopter vtx and a future project to add USB3

Bio

Software/hardware developer, currently studying an MSc Computer Science (infosec), not yet a cyborg


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Halcyon IDE

Saturday 08/11/18 from 1000-1150 at Table Six
Offense, Defense, AppSec, Network Security, Nmap Scanners & Developers

Sanoop Thomas

Halcyon IDE lets you quickly and easily develop Nmap scripts for performing advanced scans on applications and infrastructures with a wide range capabilities from recon to exploitation. It is the first IDE released exclusively for Nmap script development. Halcyon IDE is free and open source project (always will be) released under MIT license to provide an easier development interface for rapidly growing information security community around the world. The project was initially started as an evening free time "coffee shop" project and has taken a serious step for its developer/contributors to spend dedicated time for its improvements very actively. More information and source code: https://halcyon-ide.org

https://halcyon-ide.org

Sanoop Thomas
Sanoop Thomas (@s4n7h0) is a seasoned security professional with diverse background in consulting, teaching, research and product-based industries with a passion to solve complex security problems. Today, Sanoop works as information security specialist focusing on application security and secure coding. His field of interest includes reverse engineering, malware analysis, application security and automating security pentest/analysis methodologies. He is moderating null open community chapter in Singapore and organised over 60 events & workshops to spread security awareness across country. Sanoop is also the author of Halcyon IDE (https://halcyon-ide.org) an IDE that is focused to develop Nmap scripts. He has spoken at security conferences like Nullcon, OWASP India, HITBGSEC, Rootcon, and Blackhat Arsenal.


Return to Index    -    Add to    -    ics Calendar file

 

Service - Caesars - Promenade Level - Anzio Rm past Registration - Saturday - 12:00-17:59


Title:
Ham Radio Exams

Take HAM Radio Exams at DEF CON 26!
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 14:00-14:45


Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices

Saturday at 14:00 in 101 Track, Flamingo
45 minutes | Demo, Tool, Exploit

Dennis Giese Hacker

While most IoT accessory manufacturers have a narrow area of focus, Xiaomi, an Asian based vendor, controls a vast IoT ecosystem, including smart lightbulbs, sensors, cameras, vacuum cleaners, network speakers, electric scooters and even washing machines. In addition, Xiaomi also manufactures smartphones. Their products are sold not only in Asia, but also in Europe and North America. The company claims to have the biggest IoT platform worldwide.

In my talk, I will give a brief overview of the most common, Wi-Fi based, Xiaomi IoT devices. Their devices may have a deep integration in the daily life (like vacuum cleaners, smart toilet seats, cameras, sensors, lights).

I will focus on the features, computational power, sensors, security and ability to root the devices. Let’s explore how you can have fun with the devices or use them for something useful, like mapping Wi-Fi signal strength while vacuuming your house. I will also cover some interesting things I discovered while reverse engineering Xiaomi's devices and discuss which protections were deployed by the developers (and which not).

Be prepared to see the guts of many of these devices. We will exploit them and use them to exploit other devices.

Dennis Giese
Dennis is a grad student at TU Darmstadt and a researcher at Northeastern University. He was a member of one european ISP's CERT for several years.

While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kind of devices.

His latest victim is the Xiaomi IoT cloud. Hehas presented at the Chaos Communication Congress and the REcon BRX.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 16:00-16:59


Title:
Healthcare Exposure on Public Internet

Shawn Merdinger
Healthcare Exposure on Public Internet

Real-world healthcare exposure of hospitals, patient records, medical devices


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


HealthyPi—Connected Health

Saturday 08/11/18 from 1400-1550 at Table Four
Hardware and biohacking

Ashwin K Whitchurch

We (at ProtoCentral) developed the HealthyPi HAT for the Raspberry Pi as a way of opening up the healthcare and open source medical to anyone. The HealthyPi is made of the same "medical-grade" components found in regular vital sign monitors, for a fraction of the cost of such system. This is our way of democratizing medical hardware to develop new areas of research.

Our objective when we began developing the HealthyPi was to make a simple vital sign monitoring system which is simple, affordable, open-source (important !) and accessible. HealthyPI is completely open-source and is our way of "hacking" patient monitoring systems by getting data that you need, in the way that you need and extending on that without getting involved in sticky proprietary NDAs and such.

*Demo will allow people to come, check out and play with (and possibly hack) the HealthyPi device while getting their vital signs monitored.*

https://github.com/Protocentral/protocentral-healthypi-v3

Ashwin K Whitchurch
Ashwin K Whitchurch is the CEO of ProtoCentral (Circuitects Electronics Solutions Pvt Ltd) based out of Bangalore in India. The company makes, sells and supprts open source hardware products, most of them for healthcare and medical applications. Ashwin has published research papers, book chapters and reviews in well-known international journals and conferences. ProtoCentral (and Ashwin) has been present in many hardware gatherings including Maker Faire ( New York & Rome), Hackaday Superconference, OSHWA Summit and has given talks on his projects with open source hardware.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 17:00-17:59


Holy BATSense! Deploying TBATS Machine Learning Algorithm to Detect Security Events

Pranshu Bajpai

Our “BATSense” security event detection methodology has been running at Michigan State University’s campus for a year and is successfully detecting security anomalies across 300k devices. In this presentation, we will describe the use machine learning, specifically the TBATS forecasting algorithm, to predict future trends for the number of events per second for a variety of device types. The forecasted values are compared against actual observations to alert security personnel of significant deviations. Anomalies are detected based on logs relevant to security events; they may be system modifications, system failures or a football game. Forecasts are never perfect, but when measured over extended use, we have shown that false positives are manageable (1 per week) for true positives of 1 per day. The result a methodology that has been developed and tweaked over time to effectively detect security events, and lessons learned over a year. All arguments presented in this talk will be backed by real world (anonymized) data collected at our university shared with the audience.

Pranshu Bajpai is a security researcher working towards his PhD in Computer Science and Engineering at Michigan State University. His research interests lie in computer and network security, malware analysis, machine learning, privacy, digital forensics, and cyber crimes. In the past, he worked as an independent penetration tester for clients. He has authored several research papers in security magazines and journals and has served as a technical reviewer for books within the security domain. He enjoys working in the security industry and the challenge of testing new technologies for potential weaknesses. In his spare time, he likes solving CTF challenges while listening to classic rock. Connect with him on Twitter: @amirootyet


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


Honeycomb—An extensible honeypot framework

Saturday 08/11/18 from 1600-1750 at Table Three
Incident Responders, Security Researchers, Developers

Omer Cohen

Imri Goldberg

We present Honeycomb—A repository of honeypot services and integrations for the information security community. Our vision: Honeycomb will be the pip or apt-get for honeypots.

While working hard to create various honeypots for several high profile vulnerabilities, we realized we were repeating some of the underlying work that’s involved in creating a honeypot—a useful honeypot is easy to deploy, configure and collects reports. We have these capabilities in Cymmetria’s commercial deception product but we wanted to open source this functionality to the community so everyone could benefit from it.

Eventually came the idea for honeycomb—an extensible platform for writing honeypots which comes with a repository of useful honeypots which makes it super easy to create new honeypots. Honeycomb and the honeypot repository together form a powerful tool for security professionals looking to gain threat intelligence on the latest threats.

We are currently in the process of finalizing the release of the project and working on releasing additional plugins. Join us to learn how to utilize existing honeycomb capabilities as well as writing honeypot services and integrations on your own!

https://github.com/Cymmetria/honeycomb

Omer Cohen
As an experienced Incident Response investigator and team leader, Omer has a wealth of knowledge and experience in the areas of cyber security, security research, software development and system administration, as well as network architecture and design. Omer has delivered and implemented numerous projects involving cutting edge technologies for multiple security related applications in addition to providing accurate and appropriate information security consulting and incident response services to Fortune 500 companies and other leading organization. Omer currently manages Customer Success in EMEA and APAC at Demisto, the leading Security Orchestration, Automation and Response (SOAR) solution provider.

Imri Goldberg
An experienced technical entrepreneur, Imri has significant experience in development, architecture and security. Before joining Cymmetria as VP R&D, Imri was the founder & CTO of Desti, a travel startup that was acquired by Nokia-HERE in 2014. Today Imri serves as the CTO of Cymmetria, heading innovation and research and working on product and architecture. Cymmetria is the leading Cyber Deception vendor with its main product MazeRunner® used by Fortune 500 companies in multiple verticals including finance, insurance, health, government, retail, etc.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 13:30-13:50


House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries

Saturday at 13:30 in 101 Track, Flamingo
20 minutes | Demo, Exploit

Sanat Sharma Hacker

Regarding ptmalloc2, many heap exploitation techniques have been invented in the recent years, well documented on the famous how2heap repository, or as writeups of famous CTF challenges (like House of Orange). However, most of them require atleast a libc/heap leak , or fail in non-PIE binaries. My new technique titled House of Roman leverages a single bug to gain shell leaklessly on a PIE enabled Binary. I shall showcase the ease of aligning the heap to perform this attack, thus demonstrating its versatility.

Since this a 20 mins talk, attendees should be aware of basic heap exploitation techniques, like fastbin attacks and unsorted bin attacks, and have a general idea of how the ptmalloc2 algorithm works. As a bonus, I also discuss how to land a fastbin chunk in memory regions with no size alignment (like __free_hook ).

Sanat Sharma
Sanat (@romanking98) is a 19 y o Junior Security Engineer at GoRoot GmbH in Berlin, Germany. He regularly plays CTFs with "dcua" , globally ranked in the world top 10 teams on ctftime.org , qualified for multiple prestigious onsite finals, including an invitation for DEF CON China offline CTF.

@romanking98


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 13:00-13:59


Title:
How Compliance Affects the Surface Area of Cannabis POS

No description available
Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 10:30-10:59


How to Tune Automation to Avoid False Positives

Gita Ziabari, Senior Consultant Engineer at Verizon

Every SOC is deluged by massive amounts of logs, suspect files, alerts and data that make it impossible to respond to everything. It is essential to deploy automation to accelerate response time, consistency, scalability and efficiency. This talk will cover techniques to design a reliable automated tool in security. We will discuss about techniques of tunning the automation to avoid false positives and the many struggles we have had in creating appropriate whitelists. We will walk through steps of creating an automated tool and the essential factors to be considered to avoid any false positive.

Gita Ziabari (Twitter: @gitaziabri) is working at as a Senior Consultant Engineer at Verizon. She has more than 14 years of experience in threat research, networking, testing and building automated tools. Her main focus is creating automated tools in cybersecurity for mining data.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 15:45-16:30



Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 09:30-09:59


Title:
http2 and you

security panda
@security_panda

http2 and you

"Although not commonly known, HTTP2 was first published in May 2015 as an update to HTTP 1.1. By the end of that year, the majority of major browsers added HTTP2 support; it is now being utilized all across the Internet. Sites such as Google, Twitter, Facebook, and perhaps even your companys site have HTTP2 enabled. If so, you probably do not realize you are using it. In fact, many Web Application Firewalls (WAFs) are not keeping pace with HTTP2 security needs and common AppSec testing tools such Burp, Zap, and other DAST products dont support HTTP2.

This talk will discuss the details of the presenters discovery process in identifying how many site hosts are utilizing HTTP2, and a sample of common vulnerabilities which were found on these sites. Attendees will come away with having a better understanding of the security implications of HTTP2 and how you can detect these potential pitfalls on your network using freely available tools."


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 16:55-17:45



Saturday August 11 2018 1655 50 mins
Hunting Predators: SE Style
It was just about 1 year ago that Chris announced the launching of The Innocent Lives Foundation. What has happened in the last year? What have we accomplished? What are our challenges? What is next in the future? This talk will help the community see what your support, money and love has done to save children and catch predators.

Chris Hadnagy: @humanhacker
Chris is a professional social engineer with over 16 years of experience. His passion is understanding the why not just the what. Chris has had the opportunity to work with some of the world’s greatest minds in learning how to use skills that might not be too common in the infused industry. You can find out more by looking at www.social-engineer.com


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 16:20-16:59


Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks

TonTon Huang

Blockchain and Cryptocurrencies are gaining unprecedented popularity and understanding. Meanwhile, Ethereum is gaining a significant popularity in the blockchain community, mainly due to the fact that it is designed in a way that enables developers to write decentralized applications (Dapps) and smart contract. This new paradigm of applications opens the door to many possibilities and opportunities. However, the security of Ethereum smart contracts has not received much attention; several Ethereum smart contracts malfunctioning have recently been reported. Unlike many previous works that have applied static and dynamic analyses to find bugs in smart contracts, we do not attempt to define and extract any features; instead we focus on reducing the expert’s labor costs. We first present a new in-depth analysis of potential attacks methodology and then translate the bytecode of solidity into RGB color code. After that, we transform them to a fixed-sized encoded imag​​e. Finally, the encoded image is fed to convolutional neural network (CNN) for automatic feature extraction and learning, detecting security flaw of Ethereum smart contract.

Hsien-De Huang (a.k.a. TonTon) is working for Leopard Mobile Inc. (Cheetah Mobile Taiwan Agency), and currently a Ph.D. candidate (IKM Lab.) in the Dept. Computer Science and Information Engineering at National Cheng Kung University, Tainan Taiwan. His research interests include Deep Learning, Blockchain, Malware Analysis, Type-2 Fuzzy Logic, and Ontology Applications, and gave talks at RuxCon 2017, OWASP AppSec USA 2017, Hadoop.TW annual conference 2016, TW CSA Summit 2016 and Hackers in Taiwan Conference (HITCON) 2015 & 2014.

Chia-Mu Yu received his Ph.D degree from National Taiwan University in 2012. He is currently an assistant professor at National Chung Hsing University, Taiwan. He was a research assistant in the Institute of Information Science, Academia Sinica. He was a visiting scholar at Harvard University, Imperial College London, Waseda University, and University of Padova. He was a postdoc researcher at IBM Thomas J. Watson Research Center. He serves as an associate editor of IEEE Access and Security and Communication Networks. His research interests include cloud storage security, IoT security, and differential privacy.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 13:00-13:30


In Soviet Russia Smartcard Hacks You

Saturday at 13:00 in Track 1
20 minutes | Demo, Tool, Exploit

Eric Sesterhenn Principal Security Consultant at X41, D-Sec GmbH

The classic spy movie hacking sequence: The spy inserts a magic smartcard provided by the agency technicians into the enemy's computer, ...the screen unlocks... What we all laughed about is possible!

Smartcards are secure and trustworthy. This is the idea smartcard driver developers have in mind when developing drivers and smartcard software. The work presented in this talk not only challenges, but crushes this assumption by attacking smartcard drivers using malicious smartcards.

A fuzzing framework for *nix and Windows is presented along with some interesting bugs found by auditing and fuzzing smartcard drivers and middleware. Among them classic stack and heap buffer overflows, double frees, but also a replay attack against smartcard authentication.

Since smartcards are used in the authentication process, a lot of vulnerabilities can be triggered by an unauthenticated user, in code running with high privileges. During the authors research, bugs were discovered in OpenSC (EPass, PIV, OpenPGP, CAC, Cryptoflex,...), YubiKey drivers, pam_p11, pam_pkc11, Apple smartcardservices...

Eric Sesterhenn
Eric Sesterhenn is working as an IT Security consultant for more than 15 years, working mostly in the areas of source code auditing and penetration testing. His experience in the field includes:


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 13:30-14:15


Infecting The Embedded Supply Chain

Saturday at 13:30 in Track 3
45 minutes | Demo, Exploit

Zach Security Researcher at Somerset Recon

Alex Security Researcher at Somerset Recon

With a surge in the production of internet of things (IoT) devices, embedded development tools are becoming commonplace and the software they run on is often trusted to run in escalated modes. However, some of the embedded development tools on the market contain serious vulnerabilities that put users at risk. In this talk we discuss the various attack vectors that these embedded development tools expose users to, and why users should not blindly trust their tools. This talk will detail a variety reverse engineering, fuzzing, exploit development and protocol analysis techniques that we used to analyze and exploit the security of a common embedded debugger.

Zach
Zach is a security researcher with Somerset Recon, a security consulting firm in San Diego. In this role he focuses on reverse engineering and web application penetration testing. In his free time Zach loves reading and long walks through the PE file format. Prior to working at Somerset Recon, Zach was a goat farmer in Maryland.

Alex
Alex is a security researcher with Somerset Recon, a security consulting firm in San Diego. In this role he focuses on hardware security and reverse engineering.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 16:00-16:45


Inside the Fake Science Factory

Saturday at 16:00 in Track 3
45 minutes |

Dr Cindy Poppins - Computer Scientist (AKA Svea Eckert)

Dr Dade Murphy - Reformed Hacker (AKA Suggy)

Professor Dr Edgar Munchhausen – Struwwelpeter Fellow (AKA Till Krause)

Fake News has got a sidekick and it's called Fake Science. This talk presents the findings and methodology from a team of investigative journalists, hackers and data scientists who delved into the parallel universe of fraudulent pseudo-academic conferences and journals; Fake science factories, twilight companies whose sole purpose is to give studies an air of scientific credibility while cashing in on millions of dollars in the process. Until recently, these fake science factories have remained relatively under the radar, with few outside of academia aware of their presence; but the highly profitable industry is growing significantly and with it, so are the implications. To the public, fake science is indistinguishable from legitimate science, which is facing similar accusations itself. Our findings highlight the prevalence of the pseudo-academic conferences, journals and publications and the damage they can and are doing to society.

Svea Eckert
Svea is a freelance journalist for Germany’s main public service broadcaster “Das Erste” (ARD). She is researching and reporting investigative issues with main focus on new technology, computer and network security, digital economics and data protection. Svea’s academic alter ego is Dr Cindy Poppins, a well-known computer scientist from the University of Applied Sciences of Lower Saxony at Wiepenkathen, Germany. Dr Poppin’s main focus lies on novel solutions for the analysis of agents. She recently discovered COP, an algorithm which improves compact technology and suffix trees, winning her the best presentation award at an international conference.

@sveckert

Chris "Suggy" Sumner
Suggy is the lead researcher and co-founder of the not-for-profit Online Privacy Foundation, who contribute to the field of psychological research in online contexts. He has authored papers and spoken on this topic at DEF CON, other noteworthy conferences and a fake conference. For the past five years, Suggy has served as a member of the DEF CON CFP review board. Suggy’s academic alter ego is Dr Dade Murphy, a reformed hacker whose eagerly anticipated work on polymorphic machine learning defences for Gibson mainframe computers was recently accepted at an international cyber security conference.

@5uggy

Till Krause
Till is an editor and investigative reporter at Süddeutsche Zeitung Magazine, the supplement of Germany’s major broadsheet newspaper. Ever since he studied Electronic Communication Arts as a Fulbright Scholar in the Bay Area in 2005, he is interested in all things tech, writing about surveillance, data protection and cybercrime. Till’s academic alter ego is Professor Dr. Edgar Munchhausen, a Struwwelpeter Fellow for Applied Sciences at various universities in Europe and Asia and a renowned researcher who has published his research in countless peer-reviewed journals. He holds a PhD from the University of Wiepenkathen and is a laureate of the Horst Schimanski Award and CEO of IOIR, the Institute of International Research.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 18:00-18:30


Title: Instructions and invitations to party

Speakers: Cinnamonflower and pwrcycle

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Saturday - 14:00-15:59


Intense Introduction to Modern Web Application Hacking

This course starts with an introduction to modern web applications and immediately starts diving directly into the mapping and discovery phase of testing. In this course, you will learn new methodologies used and adopted by many penetration testers and ethical hackers. This is a hands-on training where will use various open source tools and learn how to exploit SQL injection, command injection, cross-site scripting (XSS), XML External Entity (XXE), and cross-site request forgery (CSRF). We will wrap up our two hour fast-paced course by unleashing students on a vulnerable web application with their newly found skills.

Omar Santos (Twitter: @santosomar) is a Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco's Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products, including cloud services. Omar has been working with information technology and cyber security since the mid-1990s. Omar has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the U.S. government. Prior to his current role, he was a Technical Leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.

Ron Taylor (Twitter: @Gu5G0rman) has been in the Information Security field for almost 20 years. Ten of those years were spent in consulting. In 2008, he joined the Cisco Global Certification Team as an SME in Information Assurance. In 2012, he moved into a position with the Security Research & Operations group, where his focus was mostly on penetration testing of Cisco products and services. He was also involved in developing and presenting security training to internal development and test teams globally. Additionally, he provided consulting support to many product teams as an SME on product security testing. He then spent some time as a Consulting Systems Engineer specializing in Cisco's security product line. His current role is working within the Cisco Product Security Incident Response Team (PSIRT). He has held a number of industry certifications including GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP, and MCSE. Ron is also a Cisco Security Blackbelt, SANS mentor, Cofounder and President of the Raleigh BSides Security Conference, and an active member of the Packet Hacking Village team at DEF CON.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 18:00-18:59


INTRO TO DATA MASTERCLASS: Tour-de-ML

No description available


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 16:00-16:55


Eric Reuter

Bio

"Eric enjoys photographing trains and hardware/RF hacking. The natural overlap of these interests is the exploration of ways to use RF to find trains in the wild. By day, he is an Associate Professor at a Berklee College of Music, where he teaches acoustics and electronics, and runs an acoustical consulting firm in Portsmouth, NH. Eric holds an Amateur Extra license.

@EricReuter

Introduction to Railroad Telemetry

Abstract

North American railroads use several wireless systems for remote control, monitoring, and tracking of locomotives, railcars, signals, and other equipment. This talk will provide an overview of the systems in use, an in-depth look of two of them: The end-of-train (EOT) device contributed to the demise of the caboose 35 years ago, taking over one of its primary functions: monitoring brake pipe pressure. The EOT transmits pressure, its unique ID, and other data, encoded into AFSK packets, to a corresponding head-of-train (HOT) device in the locomotive. A secondary function is venting the line in an emergency braking event, under command of the HOT. BCH error correction is employed for reliability, but there are inherent security flaws. A SDR/GNU Radio/Python workflow for decoding and verifying packets will be demonstrated. Attempts at automatically identifying passing railcars were largely unsuccessful until the introduction of the Automatic Equipment Identification (AEI) system in the early 90s. This 900 MHz RFID system consists of passive tags on each locomotive and car and wayside readers at rail yard entrances and other locations of interest. The author's day job in environmental noise consulting led to a study of the feasibility of using AEI for rail noise studies. It had to be reverse-engineered first, of course. Using a repurposed commercial reader, Raspberry Pi, and cellular modem, a remote monitoring system gathered tag date for 5 weeks. Details of the protocol and monitoring system will be presented, along with video demonstrations.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


ioc2rpz

Saturday 08/11/18 from 1400-1550 at Table Three
Defence/Network security

Vadim Pavlov

DNS is the control plane of the Internet. Usually DNS is used for good but:

ioc2rpz is a custom DNS server which automatically converts indicators (e.g. malicious FQDNs, IPs) from various sources into RPZ feeds and automatically maintains/updates them. The feeds can be distributed to any open source and/or commercial DNS servers which support RPZ, e.g. ISC Bind, PowerDNS. You can run your own DNS server with RPZ filtering on a router, desktop, server and even Arduino. System memory is the only limitation.

With ioc2rpz you can define your own feeds, actions and prevent undesired communications.

https://github.com/Homas/ioc2rpz

Vadim Pavlov
Vadim Pavlov is passionate about traveling, learning foreign and programming languages, writing scripts/software, integrating solutions, interacting with colleagues and customers to solve complex problems. As a truly lazy person Vadim wants to automate all routine.

Vadim has 15+ years of IT experience and last 5 years Vadim spent at Infoblox and became an expert in DNS and DNS Security: did researches, wrote articles, created custom DNS servers, Infoblox's DNS Data Exfiltration(Infiltration) Demo and Security Assessments portals, created integrations with security solutions. He achieved a masters degree with honors in Computer Science (Software Development) from Russia.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 17:00-17:59


IoT Data Exfiltration

Mike Raggo, CSO of 802 Secure, Inc.
Chet Hosmer, Owner of Python Forensics

IoT offers new protocols and frequencies over which communication travels. Due to lack of familiarity amongst most enterprises, most organizations are ill-equipped to monitor or detect these mysterious channels. This introduces a plethora of covert channels by which data could be exfiltrated, or malware to be infiltrated into the network. In this session we explore this new frontier by focusing on new methods of IoT protocol exploitation by revealing research conducted over the last 2 years. Detailed examples will be provided, as well as demo of a python tool for exploiting unused portions of protocol fields. From our research, we'll also reveal new methods of detecting aberrant behavior emanating to/from these devices gathered from our lab and real world testing.

Mike Raggo (Twitter: @DataHiding) is Chief Security Officer at 802 Secure and has over 20 years of security research experience. His current focus is wireless IoT threats impacting the enterprise. Michael is the author of "Mobile Data Loss: Threats & Countermeasures" and "Data Hiding" for Syngress Books, and contributing author for "Information Security the Complete Reference 2nd Edition". A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, DoD Cyber Crime, OWASP, HackCon, and SANS.

Chet Hosmer is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Off-site party, Register and receive adddress from IOT VIllage - Saturday - 21:00-25:59


Title:
IoT Village Manson Party

Come party with the Defcon IoT Village organizers! If you enjoy mansions, pools, water slides, waterfall caves, food, and practically unlimited drinks, this is the place to be. Additional excitement to come as well.

To receive the address, please register a waitlist ticket and visit the Defcon IoT Village:

Promenade Level, rooms Verona, Turin, and Trevi
Come between 10am-6pm Friday and Saturday to reserve a spot
Spots are limited so hurry!

More Info: https://www.eventbrite.com/e/iot-village-mansion-party-tickets-48041961801

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 10:00-10:45


It WISN't me, attacking industrial wireless mesh networks

Saturday at 10:00 in Track 1
45 minutes | Demo

Erwin Paternotte Lead security consultant at Nixu

Mattijs van Ommeren principal security consultant at Nixu

Wireless sensor networks are commonly thought of as IoT devices communicating using familiar short-range wireless protocols like Zigbee, MiWi, Thread and OpenWSN. A lesser known fact is that about a decade ago, two industrial wireless protocols (WirelessHART and ISA100.11a) have been designed for industrial applications, which are based on the common IEEE 802.15.4 RF standard. These Wireless Industrial Sensor Networks (WISN) are used in process field device networks to monitor temperature, pressure, levels, flow or vibrations. The petrochemical industry uses WISN in oil and gas fields and plants around the world.

Both IEC ratified standards have been commonly praised by the ICS industry for their security features, including strong encryption on multiple layers within the protocol stack, resistance to RF interference, and replay protection. While the standards in general look safe on paper, there are potential interesting attack vectors that require verification. However, security research so far has not yielded any significant results beyond basic attack vectors. Often these attacks have only been theorized, and not (publically) demonstrated. In addition, vendor implementations have not been thoroughly tested for security by independent third parties, due to protocol complexity and the lack of proper (hardware/software) tools. We strongly believe in Wright's principle,"Security does not improve until practical tools for exploration of the attack surface are made available."

Erwin Paternotte
Erwin works as a lead security consultant at Nixu Benelux. He has 15 years experience conducting penetration tests and security assessments on a wide variety of systems and technology. In the recent years his focus is shifting towards more advanced tests like red teaming, embedded systems, ICS/SCADA, and telco systems. Within Nixu he is also the practice lead for penetration and security testing.

Mattijs van Ommeren
Mattijs leads the Red Teaming and Hardware Testing team at Nixu Benelux. He has spent most of his career as an information security consultant, both on the offensive as well as the defensive side. Mattijs has a special interest in process automation and industrial systems. Over the years he has discovered numerous vulnerabilities in RTUs, process controllers, industrial firewalls and other equipment. Industrial sensor networks currently have most of his focus, as this is still mainly unexplored terrain.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 17:00-17:55


It's not wifi: Stories in Wireless Reverse Engineering

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 11:00-11:45


Jailbreaking the 3DS through 7 years of hardening

Saturday at 11:00 in Track 3
45 minutes | Demo, Exploit

smea Hacker

The 3DS was one of Nintendo's first serious attempts at security, featuring a cool microkernel based OS and actual exploit mitigations. That didn't stop it from getting hacked pretty hard, making it possible for people to write their own homebrew software for the console. But Nintendo isn't one to back off from a fight and, as a result, has put significant effort into not only fixing vulnerabilities but also introducing new security features targeted specifically at killing exploit techniques used by hackers. This talk will describe hacking the console through all these defensive features by walking through a 0-day exploit chain that takes us all the way from zero access to a full system jailbreak.

smea
smea got his start making video games for closed consoles like the Nintendo DS using whatever hacks were available at the time. At some point consoles started getting actual security features and he transitioned from simply making homebrew software to making the jailbreaks that let people run it. He's best known for his work on the Nintendo 3DS and Wii U but has also done exploitation work against high profile web browsers and virtualization stacks.

@smealum, https://github.com/smealum


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 14:30-15:00


Title:
Jailed by a Google Search: the Surveillance State's War on Self-induced Abortion

2:30pm

Jailed by a Google Search: the Surveillance State's War on Self-induced Abortion
When
Sat, August 11, 2:30pm 3:00pm
Description
Speaker
------
Pigeon

Abstract
--------
Far from a chapter in A Handmaids Tale, today those who try, succeed, or even consider ending their own pregnancies are arrested and imprisoned, often incriminated by their own devices. We have the opportunity to lend our security skills to those disproportionately likely to experience surveillance: those seeking to self-induce abortions by ordering medication online. We'll cover what the portal to online care (and resulting digital paper trail) looks like, and why "single-use privacy needs are the next major challenge in protecting our digital reproductive rights.

Bio
-----------------
Pigeon is Director of a security nonprofit and organizer of civic hackathons. A self-professed tech regulatory nerd, she leads a team building technologies for safer abortion access, security research and open data projects to reinforce government and tech company accountability to reproductive rights. In her free time she recreationally files FOIA requests, fundraises for abortions, and builds and plays games.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 15:00-16:00


Title:
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else

3:00pm

JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else
When
Sat, August 11, 3pm 4pm
Description
Speakers
-------
Guy Barnhart-Magen
Ezra Caltum

Abstract
--------
Exploits, Backdoors, and Hacks: words we do not commonly hear when speaking of Machine Learning (ML). In this talk, I will present the relatively new field of hacking and manipulate machine learning systems and the potential these techniques pose for active offensive research.
The study of Adversarial ML allows us to leverage the techniques used by these algorithms to find weak points and exploit them in order to achieve:
* Privacy leakage - can we tell if someone was part of the dataset the ML trained on?
* Unexpected consequences (why did it decide this rifle is a banana?),
* Data leakage (how did they know Joe has diabetes)
* Memory corruption and other exploitation techniques (boom! RCE)
* Influence the output (input: virus, output: safe!, as seen on (DEF CON 25 - Hyrum Anderson - Evading next-gen AV using AI)[https://www.youtube.com/watch?v=FGCle6T0Jpc]).
In other words, while ML is great at identifying and classifying patterns, and an attacker can take advantage of this and take control of the system.
This talk is an extension of research made by many people, including presenters at DefCon, CCC, and others - a live demo will be shown on stage!

Garbage In, RCE Out :-)


Bio
-----------------
Guy is a member of the BSidesTLV organizing team and recipient of the Cisco black belt security ninja honor the highest cyber security advocate rank.
With over 15 years of experience in the cyber-security industry, he held various positions in both corporates and start-ups.
He is currently a security research manager at Intel, where he focuses on AI Security, reverse engineering and researching various embedded systems.

Ezra is a cyber-security practitioner, with a passion for reverse engineering, data analysis, and exploitation. He is the leader of the Tel Aviv DC9723 Defcon group and a co-founder and organizer of BSidesTlv.
Currently, he works as a Security Research Manager at Intel.

Twitter handle of presenter(s)
------------------------------
@barnhartguy

Website of presenter(s) or content
----------------------------------
https://productsecurity.info/

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Saturday - 10:00-13:59


Joe Grand's Hardware Hacking Basics

Saturday, 1000-1400 in Icon A

Joe Grand Grand Idea Studio

Interested in hardware hacking, but don't know where to start? This workshop covers the basic skills you'll need for hacking modern embedded systems, including soldering/desoldering, circuit board modification, signal monitoring/analysis, and memory extraction. It is a subset of Joe Grand's Hands-on Hardware Hacking training class that he has been teaching since 2005.

Prerequisites: None. No prior electronics experience necessary.

Materials: Attendees must bring their own laptop (Windows, macOS, or Linux) with the following software pre-installed:

- Saleae Logic, https://www.saleae.com/downloads
- FTDI Virtual COM Port (VCP) drivers, http://www.ftdichip.com/Drivers/VCP.htm
- PuTTY (or other suitable terminal program), https://www.chiark.greenend.org.uk/~sgtatham/putty/
- libmpsse, https://github.com/l29ah/libmpsse

All other hardware and tools will be provided.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/joe-grands-hardware-hacking-basics-icon-a-tickets-47194166021
(Opens July 8, 2018 at 15:00 PDT)

Joe Grand
Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, former DEFCON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic systems since the 1980s.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Saturday - 09:30-13:30


Kali Dojo Workshop

Kali Linux can be deeply and uniquely customized to specific needs and tasks. In this workshop, we will customize Kali Linux into a very specific offensive tool, and walk you through the process of customization step by step. We will create a custom Kali ISO that will: load very specific toolsets; define a custom desktop environment and wallpaper; leverage customized features and functions; launch custom tools and scripts; install Kali automatically, without user intervention as a custom "OS backdoor". This workshop will guide you through all the aspects of Kali customization and give you the skills to create your own highly-customized Kali ISO, like the much feared Kali "ISO of Doom".

Kali Live USB With Persistence And LUKS (2.5hrs)

In this section we will show you how to deploy your customized Kali ISO to a secure, encrypted, USB device. ➤ We will show you how to add standard and encrypted USB persistence so you can save your data and we will walk you through a custom LUKS "nuke" deployment that will obliterate your encrypted data when presented with a specific kill phrase. We will also will discuss strategies to help you safely and legally cross international borders with your encrypted data without compromising it. When you complete this course, you will have the skills to create a completely customized, powerful, portable Kali ISO or USB with full encryption, persistence and the peace of mind of LUKS nuke. And, to sweeten the deal, we will provide super-cool custom Kali-branded USB drives.

Johnny Long spent his career as a professional hacker. He is the author of numerous security books including No-Tech Hacking and Google Hacking for Penetration Testers and is a contributor to Kali Linux Revealed. He is the founder of Hackers for Charity and currently works with the Offensive Security team.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Saturday - 14:30-18:30


Lateral Movement 101: 2018 Update

Saturday, 1430-1830 in Icon D

Walter Cuestas Team Lead, Open-Sec

Mauricio Velazco Threat Management Team Lead

During a targeted penetration test or red team engagement, consultants will have clear engagement goals and targets such as a particular database or access to specific blueprints within the environment. During the engagement, obtaining shells on servers & workstations as standalone devices will not provide access to the target data. The pentesters will need to move from one host to another in order perform reconnaissance and eventually, get to the target. This workshop aims to provide the necessary background knowledge to understand and execute lateral movement techniques on both MS Windows and Linux. More than just showing which tools and parameters to use like Youtube video would, this workshop will dive deep and describe with detail, the specific services of each OS and how they can be abused to achieve lateral movement. This knowledge will allow the students to learn the actual techniques and not just a bunch of tools.

Prerequisites: Knowledge and experience with Microsoft Windows and Linux at network and admin level.

Materials: To participate in the hands-on sections, attendees need to bring a laptop with 2 GB RAM that must be dedicated to a virtual machine running lastest version of Kali Linux (installed and updated before the workshop). Both VirtualBox and VMware player will be okay.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/lateral-movement-101-2018-update-icon-d-tickets-47194431816
(Opens July 8, 2018 at 15:00 PDT)

Walter Cuestas
Walter (@wcu35745) leads the team of pentesters at Open-Sec (Peruvian company dedicated solely to provide pentesting services) since 2006. His work is based on developing attack vectors and his main interest is in the development of scripts for pentesting. He has participated as speaker in events such as LimaHack, Campus Party Quito, CSI Pereira, events of OWASP Latam and as trainer at Ekoparty. He has also published articles in trade magazines such as Hakin9, PenTest Magazine and Hack-in-Sight. During 2016, he was part of the team of instructors approved by the US Northern Command (US Army) for training in cybersecurity (hacking techniques and breach of security controls). Currently holds OSCP certification.

Mauricio Velazco
Mauricio (@mvelazco) is a security geek and python scripter with more than 9 years of experience in computer security developing offensive evaluations and implementing solutions in Latin America and North America. He currently leads the Threat Management team at a financial services organization in New York performing tasks such as Penetration Testing, Incident Response, Vulnerability Management, Application Security, Threat Intelligence, etc. He holds certifications like OSCP and OSCE. Mauricio has presented at conferences like Derbycon and BSides.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 11:00-11:55


John Dunlap

Bio

John Dunlap is a NYC cyber security expert. He has given presentations on his exploit development research both at home and abroad, including talks at Defcon, Derbycon, and Australia’s Ruxcon. John Dunlap is a major proponent of hacker culture preservation, and is a supporter of the international demoscene. John Dunlap specializes in reverse engineering, exploit development, social engineering and source code analysis.

@JohnDunlap2

Learning to Listen: Machine Learning for Adaptive Wireless Adversary Detection

Abstract

In 2017 Defcon alumnai Gabrial Ryan presented his research on using statistical analysis to detect rogue wifi signals. In this talk, John Dunlap will expand on Gabe’s research by presenting an extension to Ryan’s tool to use machine learning algorithms to better detect and anticipate rogue wifi signals. A practical demonstration and tool will be presented with this work.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 15:00-15:59


Title:
Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project

Amit Elazari & Keren Elazari

@amitelazari, @k3r3n3

Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project

Bug Bounties are one of the fastest growing, most popular and cost-effective ways for companies to engage with the security community and find unknown security vulnerabilities. Now its time to make them fair to the most important element in the Internets immune system: the friendly hackers and algorithmic auditors. This talk will showcase how bug bounty programs put hackers at risk, and how to fix a problem that affects all of us, hunters, security practitioners and technology users. #LEGALBUGBOUNTY because Bug Bounties are already popular, its time we make them great again.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


LHT (Lossy Hash Table)

Saturday 08/11/18 from 1400-1550 at Table Six
Offense

Steve Thomas

Cracks passwords or keys from a small key space near instantly. A small key space being a few trillion (40+ bits). It costs about 3 bytes/key and usually <100ms. The largest known deployment (made by a different less efficient program) is 160 TB. It is assumed that people are running similar ones to attack brain wallets.

https://tobtu.com/lhtcalc.php

Steve Thomas
Steve specializes in crypto and password research. Steve was one of the panelists for the Password Hash Completion. "I do stuff... sometimes." Like PAKE to HSM or finding bugs in Signal Protocol, CryptoCat, Adobe ColdFusion 9's password encryption key generator, and password hashing functions (MySQL323 meet in the middle attack, XSHA1 [Blizzard's old hash function], etc).


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 19:15-19:15


Title: Lightning Talks

Speaker: Maybe you?
Abstract:
Come present your own crazy and wacky biohacking talks and projects. You got 10 minutes to strut your stuff!

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 18:00-18:55


Darren Kitchen

Bio

Darren Kitchen is the founder of Hak5, the award winning Internet television show inspiring hackers and enthusiasts since 2005. Breaking out of the 90s phone phreak scene, he has continued contributing to the hacker community as a speaker, instructor, author and developer of leading penetration testing tools.

@hak5darren

Sebastian Kinne

Bio

Sebastian Kinne has lead software development at Hak5 since 2011. His background in embedded systems and reverse engineering has been instrumental in the success of the WiFi Pineapple, the popular WiFi auditing tool. As an instructor and speaker on WiFi security, chances are he's sniffed your packets in a demo or two.

@sebkinne

Little Fluffy Pineapple Clouds - Commanding a Fleet of Wireless Fruit

Abstract

What happens when a Pineapple, a Turtle and a Squirrel get high...up in the clouds? It's been a solid year for Hak5 and we're excited to debut some epic new features! Like a centralized web consoles for all your networked Hak5 Gear, WiFi Pineapple WPA Enterprise harvesting, credential capturing and pass-through, or LIVE reconnaissance and more! Join Sebastian Kinne and Darren Kitchen of famed pentesting tools for a peek into what's right around the corner.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Local Sheriff

Saturday 08/11/18 from 1000-1150 at Table Five
Target audience would be AppSec, Code Assesments, and privacy researchers.

Konark Modi

Think of Local sheriff as a reconnaissance tool in your browser for gathering information about what companies know about you. While you as a user normally browse the internet it works in the background and helps you identify what sensitive information(PII—Name, Date Of Birth, Email, Passwords, Passport number, Auth tokens.) are being shared/leaked to which all third-parties and by which all websites.

The issues that Local Sheriff helps identify:

Local Sheriff can also be used by organizations to audit:

Local Sheriff is a web-extension that can used with Chrome, Opera, Firefox.

https://github.com/cliqz-oss/local-sheriff

Konark Modi
Konark works as a Tech lead with Cliqz GmbH developing privacy-focused search engine and browser. He works on projects ranging across Privacy by design, Anonymous Data collection like Human Web, Anti-Tracking etc.

Prior to Cliqz, Konark was working with one of the largest e-commerce website in India(Makemytrip.com) in data platform and security team, solving interesting challenges related to DWH, BI and data security.

His recent personal projects, in an endeavor to help organizations fix vulnerabilities have spanned across browsers, health trackers, Government services, travel mobile apps etc.

Konark has been a speaker and presenter at numerous international conferences.

Blog: https://medium.com/@konarkmodi


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - El Dorado BR - Saturday - 20:30-23:59


Title:
Lonely Hackers Club Party

If only Sergeant Pepper had owned a Commodore 64! Come meet the people you communicate with on a daily basis in person as you dance and chat the night away. Just keep in mind that this IS Las Vegas and when you wake up in the morning those marriage certificates are still binding! Come meet the people you communicate with on a daily basis via telegram in person as you dance and chat the night away. All are welcome!

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 13:00-13:30


Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era

Saturday at 13:00 in Track 3
20 minutes | Demo, Tool

Andrea Marcelli PhD Student and Security Researcher. Politecnico di Torino

Given the high pace at which new malware variants are generated, antivirus programs struggle to keep their signatures up-to-date, and AV scanners suffer from a considerable quantity of false negatives. The generation of effective signatures against new malware variants, while avoiding false positive detections, is a highly desirable but challenging task, typically requiring a substantial portion of human expert’s time. Artificial intelligence techniques can be applied to solve the malware signature generation problem.

The ultimate goal is to develop an algorithm able to automatically create a generalized family signature, eventually reducing threat exposure and increasing the quality of the detection. The proposed technique automatically generates an optimal signature to identify a malware family with very high precision and good recall using heuristics, evolutionary and linear programming algorithms.

In this talk I will present YaYaGen (Yet Another YARA Rule Generator), a tool to automatically generate Android malware signatures. Performances have been evaluated on a massive dataset of millions of applications available in the Koodous project, showing that in a few minutes the algorithm can generate precise ruleset able to catch 0-day malware, better than human generated ones.

Andrea Marcelli
Andrea Marcelli is a PhD Student and Security Researcher at Hispasec Sistemas. He received his M.Sc. degree in Computer Engineering from Politecnico of Torino, Italy, in 2015 and he is currently a third year doctoral student in Computer and Control Engineering at the same institute. His research interests include malware analysis, semi-supervised modeling, machine learning and optimization problems, with main applications in computer security. Since the end of 2016 he has been part of the security research team at Hispasec Sistemas, working on the Koodous project, where he develops new AI-based tools to automate large scale Android malware analysis, including malware clustering, network graph analytics and automatic YARA signatures generation.

@_S0nn1_, https://jimmy-sonny.github.io/


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 18:00-18:59


Title:
Macabre stories of a hacker in the public health sector (Chile)

Philippe Delteil

@philippedelteil

Macabre stories of a hacker in the public health sector (Chile)

Want to know what happens when a national wide network in the public health sector has no experts on cybersecurity? I will explain how I managed to get over 3 millions files including patients records, people with HIV, abortions and a long etc. And how I managed to get it fixed (spoiler: press was involved).


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 13:00-13:20


Machine Learning Model Hardening For Fun and Profit

Ariel Herbert-Voss

Machine learning has been widely and enthusiastically applied to a variety of problems to great success and is increasingly used to develop systems that handle sensitive data - despite having seen that for out-of-the-box applications, determined adversaries can extract the training data set and other sensitive information. Suggested techniques for improving the privacy and security of these systems include differential privacy, homomorphic encryption, and secure multi-party computation. In this talk, we’ll take a look at the modern machine learning pipeline and identify the threat models that are solved using these techniques. We’ll evaluate the possible costs to accuracy and time complexity and present practical application tips for model hardening. I will also present some red team tools I developed to easily check black box machine learning APIs for vulnerabilities to a variety of mathematical exploits.

Ariel Herbert-Voss is a PhD student at Harvard University, where she specializes in deep learning, cybersecurity, and mathematical optimization. Like many machine learning researchers, she spent plenty of time thinking about deep learning from a computational neuroscience point of view without realizing that skulls make biological neural networks a lot less hackable than artificial ones. Now she thinks about securing deep learning algorithms and offensive applications.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Saturday - 16:30-17:59


Mallet, an intercepting proxy for arbitrary protocols

Mallet is an intercepting proxy for arbitrary protocols. More accurately, it is a framework for building proxies for arbitrary protocols. Mallet provides the basics required of all proxies: A way to receive the data, a way to send the data, and a user interface to intercept and edit the data. It builds on the Netty project, and as such has access to a large, well-tested suite of protocol implementations that can be used to transform a stream of bytes into useful, high-level protocol objects.

This workshop will introduce attendees to Mallet, and show how to construct pipelines of arbitrary complexity, to successfully decode and intercept messages in various protocols, as well as automating modifications of the various messages.

A basic familiarity with Java will enhance the delegate's understanding of what they are taught, but is not a requirement.

Rogan Dawes is a senior researcher at SensePost and has been hacking since 1998, which, coincidentally, is also the time he settled on a final wardrobe. He used the time he saved on choosing outfits to live up to his colleague's frequent joke that he has an offline copy of the Internet in his head. Rogan spent many years building web application assessment tools, and is credited as having built one of the first and most widely used intercepting proxies, WebScarab.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 17:05-17:35


Mapping wifi networks and triggering on interesting traffic patterns - Caleb Madrigal

Sure, WiFi hacking has been around for a while, and everyone knows about tools like airmon-ng, kismet, et al. But what if you just want to view a list of all networks in your area AND see all devices connected to each network? Or maybe you want to know who’s hogging all the bandwidth (and maybe deauth them if they use too much)? Or, what if you want to know when a certain someone’s cell phone is nearby. Or perhaps you’d like to know if your Airbnb host’s IP Camera is uploading video to the cloud?

For all these use-cases, I’ve developed a new tool called ““trackerjacker””. In this talk, we’ll use this tool to explore some of the surprisingly-informative data floating around in the radio space, and you’ll come away with a new skill point or two in your radio hacking skill tree, as well as a new magical weapon… I mean tool.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 17:00-17:59


Title: Moderator Justin Ehrenhofer's Greatest Questions

Speakers: Shamiq (App Sec Manager, COINBASE), Paul Shapiro, A., Fluffy Pony

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 11:30-11:59


Title: Monero's Emerging Applications

Speakers: Fluffy Pony

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 12:45-13:30


Title: Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders.

Speaker: siDragon

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - Saturday - 20:00-23:59


Title:
Movie Night


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 13:00-13:59


Title: Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space

Speakers: Speaker TBA

Description:

When talent comes from intelligence agencies, what masters do we server, who takes priority, and how can companies ensure providers are supporting their interests above past masters? And how have companies muddied the waters so that these questions are relevant in the first place? Some exploration of conflicting duties and possible responses.




Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 12:00-12:50


NFC Payments: The Art of Relay & Replay Attacks

Salvador Mendoza

Abstract

Relay and replay attacks are becoming more common in the payment industry. Getting more complex and sophisticated day by day. We are not just seeing simple skimming techniques but complex attack vectors that are a combination of technologies and implementations involving SDR(Software-Defined Radio), NFC, APDU(Application Protocol Data Unit), hardware emulation design, specialized software, tokenization protocols and social engineering. In this talk, we will discuss what these attacks are, or what kind of hardware or software could be implemented.

Bio

Salvador Mendoza is a security researcher focusing in tokenization processes, magnetic stripe information and embedded prototypes. He has presented on tokenization flaws and payment methods at Black Hat USA, DEF CON 24/25, DerbyCon, Ekoparty, BugCON, 8.8, and Troopers 17/18. Salvador designed different tools to pentest magnetic stripe information and tokenization processes. In his designed toolset includes MagSpoofPI, JamSpay, TokenGet, SamyKam and lately BlueSpoof.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 12:00-12:45


Title: No Firewall Can Save You At The Intersection Of Genetics and Privacy

Speaker: Almost Human
About Almost Human:
Chris currently works at Lares, prior to that he founded or worked with a number of companies specializing in DarkNet research, intelligence gathering, cryptography, deception
technologies, and providers of security services and threat intelligence. Since the late 90’s Chris has been deeply involved with security
R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against cyber attack. Prior to that he jumped out of planes for a living, visiting all
sorts of interesting countries and cultures while doing his best to avoid getting shot at too often. Roberts is considered one of the world’s foremost experts on counter threat intelligence and vulnerability
research within the Information Security industry.
Abstract:
This talk originally started as a look at the intersection of personal anonymity and personal genetic sequencing. The short version: “Genetic Privacy” is a very tough thing to accomplish; lack of such privacy has potentially “bad” consequences. But there was some hope IF you did everything right. Then we all discovered that the prospects for genetic privacy are even lower than we imagined. You may have heard that the suspected Golden State Killer was found and arrested after decades of terror. The suspect didn’t slip up, other than having relatives who wanted to know more about their own genes. No one is accusing you of murder (I hope), but almost everyone has some aspect of their genetics that they don’t want others to know. So now, not only do you have to get everything right the first time to guard your genetic privacy – you have to hope all your relatives get the genetic privacy stuff right the first time…and every time they get tested. And for those of you who say, “But wait! The laws against genetic discrimination will save us!” consider that various laws also ban other forms of discrimination. How’s that working out these days?

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 12:00-13:00


Title:
No Way JOSE! Designing Cryptography Features for Mere Mortals

12:00pm

No Way JOSE! Designing Cryptography Features for Mere Mortals
When
Sat, August 11, 12pm 1pm
Description
Speaker

------
Scott Arciszewski

Abstract
--------
The past three years of vulnerability research and cryptanalysis has not been kind to the JOSE family of Internet standards (most commonly known as JSON Web Tokens a.k.a. JWT). This has led to many security experts declaring boldly, "Don't use JWT!" but has left many developers in want of a viable alternative. Scott went a step further and designed a safer alternative: PASETO (Platform-Agnostic SEcurity TOkens), which is currently implemented in 10 programming languages.

Bio
-----------------
Scott Arciszewski specializes in security, and not just compliance either. His passion is to encourage companies to get reasonable protection against data breaches. This is why he cofounded Paragon Initiative Enterprises.

Scott has over 15 years of software development, system administration, and of course, application security under his belt. He has a passion for Open Source software and believes no one should be limited by the diversity or quality of their software.

When hes not solving security problems, you can find Scott writing on his company blog, contributing secure code snippets to Stack Overflow, attending security conferences, and educating people about security on Twitter.

Twitter handle of presenter(s)
------------------------------
CiPHPerCoder

Website of presenter(s) or content
----------------------------------
https://paragonie.com/blog/author/scott-arciszewski

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 14:30-14:59


Normalizing Empire's Traffic to Evade Anomaly-based IDS

Utku Sen, Senior R&D Engineer at Tear Security
Gozde Sinturk, R&D Engineer at Tear Security

Perimeter defenses are holding an important role in computer security. However, when we check the method of APT groups, a single spear-phishing usually enough to gain a foothold on the network. Therefore, red teams are mostly focused on "assume breach" type of scenarios. In these scenarios, testers need to use a post-exploitation framework. Besides that, testers also need to hide the server-agent communication from NIDS (Network Intrusion Detection Systems). In this session, we will discuss one of the most famous post-exploitation tool, Empire's situation against payload-based anomaly detection systems. We will explain how to normalize Empire's traffic with polymorphic blending attack (PBA) method. We will also cover our tool, "firstorder" which is designed to evade anomaly-based detection systems. firstorder tool takes a traffic capture file of the network, tries to identify normal profile and configures Empire's listener in such way.

Utku Sen (Twitter: @utkusen) is a security researcher who is mostly focused on following areas: application security, network security, tool development. He presented his tool, Leviathan Framework in Black Hat USA Arsenal and DEF CON Demo Labs in 2017. He also nominated for Pwnie Awards on "Best Backdoor" category in 2016.

Gozde Sinturk is Security Researcher and Python Developer who involved in projects related to machine learning, natural language processing, and big data. She is developing security tools in her current position.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 17:50-18:40



Saturday August 11 2018 1750 50 mins
On the Hunt: Hacking the Hunt Group
Dynamic duo DEF CON SECTF black badge winner Chris Silvers and ACE Hackware founder Taylor Banks return to the stage to take audiences on a hunt — of the hunt group, that is.

In this talk, Chris and Taylor will walk through the evolution of the “”you called me!”” vishing attack from 1980s phone pranking and 3-way calling to 2010s perceived phone system glitch exploits. You’ll learn how to engineer a successful “”simultaneous answer”” vishing call through reconnaissance, rapport-building, and attack. Most importantly, you’ll walk away with actionable strategies to prepare yourself and your organization against such attacks.

Oh, and the best part? Chris and Taylor will play real recordings of phone system glitch vishing calls on stage. Listen (and laugh) to what worked and what didn’t, then learn a little something through an interactive analysis of each call with the presenters.

Chris Silvers: @cgsilvers
Taylor Banks: @taylorbanks
Taylor Banks, Founder of ACE Hackware, has spent 15 years in information security. Experienced in applied hacking and countermeasures, Taylor has performed pen-tests and provided training for organizations including the FBI, NSA, US Navy and Marine Corps.

Chris Silvers is founder and CEO of CG Silvers Consulting as well as DEF CON black badge winner. Chris’ passion for education and 20 years of experience in information security have landed him on the presenter’s stage at conferences such as Derby Con and GrrCon.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 13:00-13:30


One Step Ahead of Cheaters -- Instrumenting Android Emulators

Saturday at 13:00 in 101 Track, Flamingo
20 minutes | Demo, Tool

Nevermoe (@n3v3rm03) Security Engineer, DeNA Co., Ltd.

Commercial Android emulators such as NOX, BlueStacks and Leidian are very popular at the moment and most games can run on these emulators fast and soundly. The bad news for game vendors is that these emulators are usually shipped with root permission in the first place. On the other hand, cheating tools developers are happy because they can easily distribute their tools to abusers without requiring the abusers to have a physical rooted device, nor do they need to perform laborious tuning for different Android OS / firmware version. However, luckily for game vendors, commercial Android emulators usually use an x86/ARM mixed-mode emulation for speed-up. As a result, a standard native hooking/DBI framework won't work on this kind of platform. This drawback could discourage the cheating developers.

In this talk, I will introduce a native hooking framework on such a kind of mixed-mode emulators. The talk will include the process start routine of both command-line applications and Android JNI applications as well as how these routines differ on an emulator. The different emulation strategies adopted by different emulators and runtime environments (Dalvik/ART) will also be discussed. Based on these knowledge, I will explain why the existing hooking/DBI frameworks do not work on these emulators and how to make one that works.

Lastly, I will present a demo of using this hooking framework to cheat a game on emulator. With this demo, I will discuss how the dark market of mobile game cheating may develop in the foreseeable future.

Nevermoe (@n3v3rm03)
Nevermoe (@n3v3rm03) is a security engineer in DeNA Co., Ltd. His main focuses are web security, game hacking and reverse engineering. He loves writing tools for game hacking / analyzing and publishing them on https://github.com/nevermoe.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 17:40-17:59


OpenPiMap is the ultimate home/prosumer network utility in order to detect, analyze, and respond to malicious network traffic on a small home or office network. Get an interactive and dynamic interface to detect and respond to botnets, hackers, and script kiddies on a platform that is powered by just 5v and costs less than $10. Everyday any point of presence on the internet can be faced with thousands of scans, exploit attempts, or malicious probes with almost no signature or notification to the end user. OpenPiMap offers the ability to detect and respond to malicious network traffic that would normally be ignored by traditional anti-virus or consumer firewalls.

OpenPiMap is an open source Netflow protocol analyzer written entirely in Python3, Flask, Javascript, and SQLite that combines open source intelligence with home/SOHO networking and intrusion detection. Running on any version of a Raspberry Pi, Linux OS, or Windows, OpenPiMap consists of two parts: (1) Netflow collection service and (2) Database processing service. The NetFlow service does exactly what it sounds like, it listens on a specified port for Netflow v5 data and logs the data into a local SQL database. The second part is where the magic happens.

All of the traffic, both in and out of the network, is compared to dozens of the top IP blacklists for malicious patterns. Once identified, the malicious suspects are mapped, interrogated via Shodan’s Python API for vulnerable services and ownership information, and then staged for exploitation if a readily available exploit exists. This processing is where the bridge between traditional netflow traffic analyzers and OpenPiMap split. There are plenty of free tools on the market to monitor incoming and outgoing connections, bandwidth utilization, and common port usage. However, none of the existing products leverage open source intelligence to the extent of OpenPiMap by providing you with the open ports and services, ownership information, ISP, geographic location, and publically available exploits for the incoming or outgoing IP addresses.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Orthrus

Saturday 08/11/18 from 1000-1150 at Table Four
InfoSec

Nick Sayer

Orthrus is a small appliance that allows the user to create a cryptographically secured USB volume from two microSD cards. The data on the two cards is encrypted with AES-256 XEX mode, and all of the key material used to derive the volume key is spread between the two cards. There are no passwords to manage. If you have both cards, you have everything. If you have only one, you have half the data encrypted with a key you cannot reconstruct. This allows for “two-man control” over a dataset. Orthrus itself has no keys of its own and a volume created or written with one Orthrus can be used with any other (or on any other thing that implements the Orthrus open specification). Orthrus is open source hardware and firmware.

https://hackaday.io/project/20772-orthrus

Nick Sayer
Nick Sayer has been a software developer for most of his life and has spent the last ten years specializing in his day job on security and cryptography. He recently rediscovered the hardware hobby he abandoned in his teens and has a store on Tindie full of his creations, all of which are open.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 16:00-16:45


Outsmarting the Smart City

Saturday at 16:00 in 101 Track, Flamingo
45 minutes | Demo, Exploit

Daniel "unicornFurnace" Crowley Research Baron, IBM X-Force Red

Mauro Paredes Hacker

Jen "savagejen" Savage Hacker

The term"smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much more mundane. Many of these technologies have already quietly been deployed in cities across the world. In this talk, we examine the security of a cross-section of smart city devices currently in use today to reveal how deeply flawed they are and how the implications of these vulnerabilities could have serious consequences.

In addition to discussing newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology, this presentation will discuss methods for how to figure out what smart city tech a given city is using, the privacy implications of smart cities, the implications of successful attacks on smart city tech, and what the future of smart city tech may hold.

Daniel "unicornFurnace" Crowley
Daniel has been working in infosec since 2004, is TIME's 2006 Person of the Year, and brews his own beer. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool.

@dan_crowley

Mauro Paredes
Mauro has many years of experience performing penetration testing and security assessments for clients in Canada, USA, Germany, Mexico and Venezuela. Mauro has experience across several industries, including finance, telecommunication, e-commerce, technology providers, retail, energy, healthcare, logistics and transportation, government; and education.

Jen "savagejen" Savage
Jennifer Savage has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100.

@savagejen


Return to Index    -    Add to    -    ics Calendar file

 

DDV - Caesars Promenade Level - Capri Rm - Saturday - 15:00-15:55


Speaker: Mauro Cáseres

 

Gluster is a free scalable network filesystem. Using common off-the-shelf hardware, it allows the user to create large, distributed storage solution for media streaming, data analysis, and other data and bandwidth intensive tasks, thus providing a nice alternative to create a data replication pool easily. It was acquired by Red Hat in 2011, and merged into Red Hat Storage server in 2012, while still available in the open source world. Gluster itself doesn't have a large vulnerabilities history, having only 6 vulnerabilities reported in the last 6 years (2 of them after being bought by Red Hat). In this talk, we'll focus on the latter two, releasing GEVAUDAN, an exploit for newcomers to the gluster world to learn about it's architecture and security, and the implicancies of proper access managament on replicated data systems. This is a talk for begginers from both fields: data replication schemas and exploits writing, so both fields will have a proper introductory section. A live demo will take place during the talk, and the public can actively participate.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


PA Toolkit—Wireshark plugins for Pentesters

Saturday 08/11/18 from 1600-1750 at Table Six
Defence

Nishant Sharma

Jeswin Mathai

PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including:

The key advantage of using PA toolkit is that any user can check security related summary and detect common attacks just by running Wireshark. And, he can do this on the platform of his choice. Also, as the project is open source and written in newbie-friendly Lua language, one can easily extend existing plugins or reuse the code to write plugins of his own.

Nishant Sharma
Nishant Sharma is a Technical Manager at Pentester Academy and Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX, WiMini and course/training content. He has presented/published his work at Blackhat Arsenal, Wireless Village, IoT village and Demo labs (DEFCON). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the WIPS solution. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, forensics and cryptography.

Jeswin Mathai
Jeswin Mathai is a Researcher at Pentester Academy. He has a Bachelor degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. He was also the part of team Pied Piper who won Smart India Hackathon 2017, a national level competition organized by GoI. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security and Web Application Security.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 18:00-19:15


Title:
Panel on digital & Physical Security in Cannabis

What's the current state of Infosec in Cannabis and what's it lacking? If there is such a deficit, how can it best be resolved?
Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 12:30-12:59



Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Saturday - 23:30-24:59


Title:
Party Music - Juno Reactor


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Saturday - 25:00-25:59


Title:
Party Music - Miss Jackalope


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Saturday - 26:00-26:59


Title:
Party Music - s7a73farm


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Saturday - 21:30-22:30


Title:
Party Music - Skittish & Bus


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Saturday - 22:30-23:30


Title:
Party Music - Zebbler Encanti


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 14:00-14:30


Playing Malware Injection with Exploit thoughts

Saturday at 14:00 in Track 3
20 minutes | Demo, Tool, Exploit

Sheng-Hao Ma CSIE, NTUST

In the past, when hackers did malicious program code injection, they used to adopt RunPE, AtomBombing, cross-process creation threads, and other approaches. They could forge their own execution program as any critical system service. However with increasing process of anti-virus techniques, these sensitive approaches have been gradually proactively killed. Therefore, hackers began to aim at another place, namely memory-level weakness, due to the breakages of critical system service itself.

This agenda will simply introduce a new memory injection technique that emerged after 2013, PowerLoadEx. Based on this concept, three new injection methods will be disclosed as well. These makes good use of the memory vulnerability in Windows to inject malicious behavior into system critical services. The content will cover Windows reverse analysis, memory weakness analysis, how to use and utilize, and so on. The relevant PoC will be released at the end of the agenda.

Sheng-Hao Ma
Sheng-Hao Ma (aaaddress1) is a core member of CHROOT Security Group and TDOHacker security community in Taiwan, he has over ten years of experience in reverse engineering and machine language, and mastered the intel 8086. He expert in Windows vulnerability, reverse engineering.

Moreover, Sheng-Hao Ma has many papers presented in security conferences such as BlackHat Asia Arsenal, BSidesLV, ICNC, MC2015 and CISC, he was also a speaker at HITCON (Hackers In Taiwan Conference), SITCON (Students In Taiwan Conference), iThome#Chatbot.

@aaaddress1


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 17:00-17:59


Title:
Primer On Dealing w/ Local Gov. for Legal Cannabis

No description available
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Octavius 13 - Saturday - 20:00-19:59


Privacy Is Equality—And It's Far from Dead

Saturday at 20:00 in Octavius 13
Fireside Hax

Sarah St. Vincent Researcher/Advocate on National Security, Surveillance, and Domestic Law Enforcement, Human Rights Watch

A talk at DEF CON 25 claimed that privacy is "gone and never coming back." This talk offers a different view, inviting the audience to see privacy as fundamentally about equality-something we have never fully had but also should never regard as gone.

The speaker is a human rights lawyer and investigator, and will draw on decades of human rights thinking about state surveillance as well as her 2017 revelations about Defense Department monitoring of "homegrown violent extremists." Adopting a feminist and race-conscious perspective and inviting audience participation, the talk will challenge received wisdom about basic concepts such as privacy, national security, the warrant requirement, and online radicalization. With a view to the future, it will also offer a thought-provoking history of the connections between privacy and equality in the United States-and the ways unchecked surveillance operates to categorize us and reinforce divisions between us.

It is easy to forget that _1984_ was partly a story about poverty and economic inequality. This talk embraces Orwell's insight into the connection between the erosion of privacy and a dangerous loss of equality, and carries it forward.

Sarah St. Vincent
Sarah St. Vincent is a researcher and advocate on national security, surveillance, and domestic law enforcement for the US Program at Human Rights Watch. She has investigated and documented the deliberate concealment of surveillance-based and other evidence from US criminal defendants, the Defense Department's monitoring of "homegrown violent extremists," and the potential use of US intelligence surveillance for anti-drug purposes. Before joining Human Rights Watch, she was a legal fellow on international human rights and surveillance at the Center for Democracy & Technology. She writes regularly about surveillance, privacy, and related issues under US and European Union law and is a member of the New York bar.

@SarahStV_HRW


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 11:00-11:30


Title: Prize winners, awards, and announcements

Speakers: midipoet and MSvB

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 15:00-15:45


Project Interceptor: avoiding counter-drone systems with nanodrones

Saturday at 15:00 in 101 Track, Flamingo
45 minutes | Demo, Tool, Audience Participation

David Melendez Cano R&D Embedded Systems Engineer. Albalá Ingenieros S.A.

Antidrone system industries have arised. Due to several, and even classic, vulnerabilities in communication systems now used by drones , anti-drone systems are able to take down those drone by means of well documented attacks.

Drone/antidrone competition has already been set into the scene. This talk provides a new vision about drone protection against anti-drone systems, presenting "The Interceptor Project", a hand-sized nano drone based on single-core tiniest Linux Board: Vocore2.

This Linux board manages a WiFi (side/hidden) bidirectional channel communication that cannot be deauthenticated and it is replay-resistant, keeping all 802.11 hacking capabilities and standard utilities as any other WiFi hacker drone, with only the built-in adapter of the tiny Vocore2. Also, a "just in case", fallback control by SDR is implemented taking advantage of all the goods that SDR radio gives. All embedded into a hand-sized aircraft to make detection and mitigation a real and new pain, with a very low budget: About $70.

David Melendez Cano
David Melendez Cano, Spain, works as R&D software engineer for TV Studio manufacturer company, Albalá Ingenieros S.A. in Madrid. He has won several prices in robotic contests and he has been a speaker at Nuit Du Hack, RootedCON, NoConName, Codemotion, HKOSCON, etc. Author of the book "Hacking con Drones" and robot builder.

@taiksontexas


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 17:00-18:00


Title:
Prototyping Cryptographic Protocols With Charm

5:00pm

Prototyping Cryptographic Protocols With Charm
When
Sat, August 11, 5pm 6pm
Description
Speaker
------
Matt Cheung

Abstract
--------
Modern cryptographic research uses a variety of lesser known primitives like homomorphic encryption, sigma protocols, oblivious transfer, and bilinear groups. Charm is a Python framework that implements many of these primitives and makes it easy to implement your own. In this workshop, I will discuss the primitives and demonstrate how they can be used. If you would like to follow along you can clone the charm repo from https://github.com/JHUISI/charm

Bio
-----------------
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. From this experience he has given talks and workshops at the Boston Application Security Conference, DEF CON, and the DEF CON Crypto and Privacy Village.

Twitter handle of presenter(s)
------------------------------
nullpsifer

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - Saturday - 20:00-26:59


Title:
Queercon Rainbow Ball

Who needs a black and white ball when we have a Rainbow Ball?! The Queercon Lounge turns into the biggest dance party, and keeps going all night long.
More Info: https://queercon.org/blog/2018/07/13/queercon-15-schedule/

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 13:00-13:30


Reaping and breaking keys at scale: when crypto meets big data

Saturday at 13:00 in Track 2
20 minutes | Demo, Audience Participation, Tool

Yolan Romailler Security Researcher at Kudelski Security

Nils Amiet Security Engineer at Kudelski Security

Public keys are everywhere, after all, they are public. These keys are waiting to be reaped by those who know their real value. Hidden behind this public face lurks some potentially dangerous issues which could lead to a compromise of data and privacy.

Leveraging hundreds of minion devices, we built a public key reaping machine (which we are open sourcing) and operated it on a global scale. Collected keys are tested for vulnerabilities such as the recent ROCA vulnerability or factorization using batch-GCD. We've collected over 300 million keys so far and built a database 4 to 10 times bigger than previous public works.

Performing the initial computation on over 300 million keys took about 10 days on a 280 vCPU cluster. Many optimizations allow our tool to incrementally test new RSA keys for common prime factors against the whole dataset in just a few minutes.

As a result of our research, we could have impersonated hundreds of people by breaking their PGP keys, mimicked thousands of servers thanks to their factored SSH keys and performed MitM attacks on over 200k websites relying on vulnerable X509 certificates.

In the end, we were able to do this in an entirely passive way. Going further is possible, but it would lead us to the dark side. Would big brother hesitate to go there?

Yolan Romailler
Yolan Romailler is a Security Researcher at Kudelski Security, where he delves into (and dwells on) cryptography, crypto code, blockchains and other fun things. He has spoken at Black Hat USA, BSidesLV and DEF CON's Cryptovillage on automation in cryptography, vulnerability research, and presented at FDTC 2017 the first known practical fault attack against EdDSA. Yolan tweets as @anomalroil.

Nils Amiet
Nils Amiet is a Security Engineer at Kudelski Security, where he performs big data analytics, leveraging Spark, Hadoop and Chapel clusters to analyze large datasets. He designed a data pipeline to snapshot the whole IPv4 address space for selected network protocols, allowing automated and reproducible offline data analysis. He also built an automated country security ranking. Nils likes open source software, data analytics, distributed systems and data processing.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 17:00-17:45


Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers

Saturday at 17:00 in Track 2
45 minutes | Demo, Tool

Nick Cano Senior Security Architect @ Cylance

The arbiters of defense wield many static analysis tools; disassemblers, PE viewers, and anti-viruses are among them. When you peer into their minds, these tools reveal their perilous implementations of PE file parsing. They assume PE files come as-is, but the Windows Loader actually applies many mutations (some at the command of the PE itself) before execution ever begins. This talk is about bending that loader to one's whim with the Relocations Table as a command spell. It will demonstrate how the loader can be instrumented into a mutation engine capable of transforming an utterly mangled PE file into a valid executable. This method starts with multiple ASLR Preselection attacks that force binary mapping at a predictable address. It then mangles the PE file, garbling any byte not required prior to relocation. Finally, it embeds a new Relocations Table which, when paired with a preselected base address, causes the loader to reconstruct the PE and execute it with ease. This isn't a packer or a POC, it is a PE rebuilder which generates completely valid, stable, and vastly tool-breaking executables. This talk will show you how this attack twists the protocols of a machine against the controls meant to protect it. It flexes on tools with various look-what-I-can-break demonstrations and, if you write similar tools, it'll make you rethink how you do it.

Nick Cano
Nick is a self-taught software engineer, hacker, and an avid CTFer. He started coding when he was 11 and planted his roots in video game hacking by 14. His game hacking endeavors lead to a profitable business which became the foothold for his career. Nick is the author of"Game Hacking: Developing Autonomous Bots for Online Games," and has spoken about topics such as malware analysis, Windows internals, game hacking, and memory forensics at DEF CON, DerbyCon, HOPE, and other prestigious conferences. Previously a Senior Engineer at Bromium and currently a Senior Architect at Cylance, he's using his Windows internals experience to help make advances with endpoint protection, detection, and response.

https://twitter.com/nickcano93, https://nickcano.com/, https://github.com/nickcano


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 16:55-17:25


Reverse Engineering Physical Processes in Industrial Control Systems

August 11, 2018 4:55 PM

Successful cyber-attacks against cyber-physical systems require expert knowledge about the dynamic behavior of the underlying physical process (yes, it is actually required). This information is a crucial part during the attack preparation. Previous work has shown manual acquisition of knowledge about process dynamics to be prohibitively laborious (we will show why). This talk will present first insights into automated process-aware system discovery that goes beyond IT-related trivia and focuses on the physical core of an industrial plant. We will share the results of 12 months’ worth of work, which approaches worked and which did not (and why). Notably, our work already had a follow up work at S4x2017, we will share the insights into that work too. Reverse engineering of the physical processes es is a novel topic for which we yet to find workable/standardized approaches. We encourage you to be a part of the process :-)

Speaker Information

Marina Krotofi

FireEye

Marina Krotofil is an experienced ICS/SCADA professional who specializes on offensive Industrial Control Systems (ICS) security: discovering and weaponizing unique attack vectors, engineering damage scenarios and understanding attacker techniques when exploiting ICS. She previously worked as a Principal Analyst in Cyber-Physical group at FireEye (USA), Lead Cyber Security Researcher at Honeywell (USA) and as a Senior Security Consultant at the European Network for Cyber Security (Netherlands). She authored more than 20 academic/white papers and 3 book chapters on ICS security and is a frequent speaker at the leading security events around the world. She holds MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems.

Alexander Winnicki

Silver Atena

Alexander Winnicki is a Security Integrator ICS at Airbus CyberSecurity (Germany). He previously worked as a security engineer at SILVER ATENA Electronics Systems Engineering GmbH (Germany) where he was involved with the embedded systems security. His interest for ICS security has started through Bachelor and Master Theses at Hamburg University of Technology (Germany). Alexander's research contributions were presented at Black Hat and Def Con 2015 as well as published at few top ranking academic conference proceedings.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 15:00-15:45


Reverse Engineering Windows Defender's Emulator

Saturday at 15:00 in Track 2
45 minutes | Demo, Tool

Alexei Bulazel Hacker

Windows Defender Antivirus's mpengine.dll implements the core of Defender's functionality in an enormous ~11 MB, 30,000+ function DLL.

In this presentation, we'll look at Defender's emulator for analysis of potentially malicious Windows binaries on the endpoint. To the best of my knowledge, there has never been a conference talk or publication on reverse engineering any antivirus binary emulator before.

We'll cover a range of topics including emulator internals—machine code to intermediate language translation and execution; memory management; Windows API emulation; NT kernel emulation; file system and registry emulation; integration with Defender's antivirus features; the virtual environment; etc.—building custom tooling for instrumenting the emulator; tricks that binaries can use to evade or subvert analysis; and attack surface within the emulator.

Attendees will leave with an understanding of how modern antivirus software conducts emulation-based dynamic analysis on the endpoint, and how attackers might go about subverting or attacking these systems. I'll publish code for a binary for exploring the emulator from within, patches that I developed for instrumenting Defender built on top of Tavis Ormandy's loadlibrary project, and IDA scripts to help with analyzing mpengine.dll and Defender's "VDLLs"

Alexei Bulazel
Alexei Bulazel (@0xAlexei) is a security researcher at ForAllSecure. He also provides expertise on reverse engineering and cyber policy at River Loop Security. Alexei has previously presented his research at venues such as Black Hat, REcon, and ShmooCon, among many others, and has published scholarly work at USENIX WOOT and ROOTS. Alexei is a proud alumnus of RPISEC.

@0xAlexei


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 16:00-16:59


Ridealong Adventures: Critical Issues with Police Body Cameras

Josh Mitchell, Principal cybersecurity Consultant at Nuix

The police body camera market has been growing in popularity over the last few years. A recent (2016) Johns Hopkins University market survey found 60 different models have been produced specifically for law enforcement use. Rapid adoption is fueling this meteoric increase in availability and utilization. Additionally, device manufactures are attempting to package more and more technology into these devices. This has caused a deficiency in local municipalities' skills and budget to accurately assess the attack surface and exposure to the organization. Furthermore, departmental policies and procedures governing the secure deployment of these devices is largely insufficient.

At DEF CON, we will be introducing tactics, techniques, and procedures to assess the security of these devices. We will cover attacks against the physical devices, RF components, smartphone app's, and desktop software. The capabilities demonstrated and discussed will encompass publicly and privately available technologies. Additionally, the talk will cover multiple products and vendors, shedding light on industry wide issues and trends. Finally, we will be releasing software to detect and track various devices and tie these issues into real world events.

Josh Mitchell has more than a decade's experience as an information security researcher. He has authored numerous technical documents and presented his findings at conferences, academic discussions, and in the classroom. Josh is an expert at discovering and exploiting vulnerabilities and writing code to protect operating systems and programs. He holds patents in classifying computer files and executable files as malware or whiteware. Josh has served in the United States Air Force and held numerous defense contracting roles covering electronic signals intelligence exploitation, electronic warfare, malware analysis, exploit development, and reverse engineering. He also provided security services for General Dynamics Advanced Information Systems, Endgame, and Accuvant and assisted multiple computer emergency response teams with investigations vital to national security.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 12:00-12:45


Ridealong Adventures—Critical Issues with Police Body Cameras

Saturday at 12:00 in Track 3
45 minutes | Demo, Tool, Exploit

Josh Mitchell Principal cybersecurity Consultant, Nuix

The police body camera market has been growing in popularity over the last few years. A recent (2016) Johns Hopkins University market survey found 60 different models have been produced specifically for law enforcement use. Rapid adoption is fueling this meteoric increase in availability and utilization. Additionally, device manufactures are attempting to package more and more technology into these devices. This has caused a deficiency in local municipalities' skills and budget to accurately assess the attack surface and exposure to the organization. Furthermore, departmental policies and procedures governing the secure deployment of these devices is largely insufficient.

At DEF CON, we will be introducing tactics, techniques, and procedures to assess the security of these devices. We will cover attacks against the physical devices, RF components, smartphone app's, and desktop software. The capabilities demonstrated and discussed will encompass publicly and privately available technologies. Additionally, the talk will cover multiple products and vendors, shedding light on industry wide issues and trends. Finally, we will be releasing software to detect and track various devices and tie these issues into real world events.

Josh Mitchell
Josh Mitchell (Twitter: @bx_lr) has more than a decade's experience as an information security researcher. He has authored numerous technical documents and presented his findings at conferences, academic discussions, and in the classroom. Josh is an expert at discovering and exploiting vulnerabilities and writing code to protect operating systems and programs. Josh has served in the United States Air Force and held numerous defense contracting roles covering electronic signals intelligence exploitation, electronic warfare, malware analysis, exploit development, and reverse engineering

@bx_lr


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 14:30-15:25


SDR Basics Class

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Mesquite Rm - Saturday - 22:00-25:59


Title:
SecKC the World

A Tiki themed gathering of the people who make up seckc.org. Come get a taste of this slice of hacker culture as you Party the night away. The hotel won't let us have Tiki torches so grab some glow-sticks and bamboo and help the theme while live DJs keep your feet moving.
Brought to you by the people at seckc.org, DEFCON proudly presents the feature Midwestern party, SecKC the World. Come join us for an out of this world cosmic tiki event, where the rum is cold and the music is hot. Pair your VIP token with some glowsticks to get the top secret surprise at midnight.
When: Saturday, August 11, 2018 8:00 PM - 2:00 AM
DJs: @sysaaron 10:00 PM-12:00 AM / @archwisp 12:00 AM - 02:00 AM
Where: Mesquite Room | Flamingo Las Vegas Hotel and Casino

Order $5 VIP party token at: www.badgepirates.com
More Info: https://seckc.org/defcon-party

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Saturday - 14:30-18:30


Securing Big Data in Hadoop

Saturday, 1430-1830 in Icon F

Miguel Guirao

Big Data have been for quiet a good time the driving force for innovation in many markets around. Data is the current asset that companies from around the world look for to crunch and extract information and knowledge, get new insights in order to create new services and products to deliver to their customers and finally improve their profits.

Because of that, it is imperative to protect such an important asset. In this workshop we will look at Haddoop from the point of view of security. We will learn what the Hadoop ecosystem has to offer us to protect our data, starting with Kerberos, perimeter security with Apache Knox, Configuring authorization with Apache Ranger and enabling encryption of the HDFS (Hadoop File System).

1) Kerberos is used in Hadoop to provide an authentication system for users and other system interacting with the Hadoop cluster and it's services. Strongly authenticating and establishing a user's identity is the basis for secure access in Hadoop. Users need to be able to reliably "identify" themselves and then have that identity propagated throughout the Hadoop cluster. Hadoop uses Kerberos as the basis for strong authentication and identity propagation for both user and services. More info: https://web.mit.edu/kerberos/

2) The Apache Knox Gateway (Knox) is a system to extend the reach of Apache Hadoop services to users outside of a Hadoop cluster without reducing Hadoop Security. Knox also simplifies Hadoop security for users who access the cluster data and execute jobs. The Knox Gateway is designed as a reverse proxy. The Apache Knox Gateway is an Application Gateway for interacting with the REST APIs and UIs of Apache Hadoop deployments. The Knox Gateway provides a single access point for all REST and HTTP interactions with Apache Hadoop clusters. More info: https://knox.apache.org/

3) Apache Ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. The vision with Ranger is to provide comprehensive security across the Apache Hadoop ecosystem

Prerequisites: In order to get out the most of this workshop, the student needs to be comfortable working in the command line, moving around the filesystem, editing files with vi or nano, visualizing and understanding processes and the top or htop command outputs. If you have been using the UNIX or UNIX-like command line for a time, you should be good and al set.

Materials: Since this is NOT a class of how to setup a Hadoop cluster, but instead on how to secure a Hadoop cluster, it is a must that students taking this workshop come with the Hortonworks Data Platform (HDP) Docker image (https://hortonworks.com/products/sandbox/) already installed! The Docker image image is very big and it will take you a considerable time to download it during the workshop. Warning!! DO NOT download Hortonworks Data Flow (HDF), it is NOT THE SAME!

Please read the Intall Guide for the the type of the HDP and OS you will be using!

The workshop is prepared using Ubuntu Linux 18.04 and Docker!

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/securing-big-data-in-hadoop-icon-f-tickets-47194514062
(Opens July 8, 2018 at 15:00 PDT)

Miguel Guirao
Miguel Guirao (aka Chicolinux), as been in the information security industry for around twelve years, he is a freelance consultant at Futura - Open Solutions, where he also has been training professionals about Linux Management, Information Security and Programming. He has been also a professor since 2009 for the Anahuac Mayab University where he teaches at the School of CS Engineering and at the School of Multimedia Design. He teaches Information Security in the Master of Information Technology Management. He is also VicePresident of Security & Internet for the National Chamber of the Electronics, Telecommunications and Information Technology in Mexico, where he helps to create awareness and infosec training in IT companies.

He is a Community Mentor for SANS Institute. He holds a GIAC GCIH Certification from the SANS Institute. Thechnical Reviewer for SANS Securing The Human Project, eForensics Magazine.

Since 2017 he got an interest in Big Data and DevOps, specially from the security perspective, and he currently runs the lab that test and research ways to to protect big data and devops systems, where he and his students have fun protecting and hacking this systems.

This is his second workshop at DEFCON!


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 10:00-10:30


Securing Critical Infrastructure through Side-Channel Monitoring

August 11, 2018 10:00 AM

Coming soon.

Speaker Information

James Harris

PFP Cybersecurity

James Harris began his career as an Engineer/Scientist at IBM PC Company in the 1990s, and as a Senior Field Applications Engineer at Silicon Image in the early 2000’s. After the terrorist attacks of September 11, 2001, he joined the FBI as a Special Agent primarily focused on Cyber matters, where he remained for more than a decade. At the FBI, he served in a number of positions, including as the Senior Liaison Officer to DHS’s Cybersecurity and Communications Division, and as the Assistant Section Chief of the Counterterrorism Internet Operations Section. In 2014, he co-founded Eunomic, Inc., a Software Defined Network security start-up, which was acquired by Caveonix, Inc. in 2017. Today he is the Vice President of Engineering for PFP Cybersecurity, leading the company’s product development. PFP was recently named a Gartner “Cool Vendor” for using side channel analysis to protect endpoint devices.

Carlos Aguayo

PFP Cybersecurity

Carlos R. Aguayo Gonzalez, is one of the Founders and Chief Technology Officer of PFP Cybersecurity, which develops unique physics-based cyber security solutions for critical infrastructure, including industrial control systems and supply-chain risk management. He received his PhD and MS degrees from Virginia Tech both in Electrical Engineering. The PFP Cybersecurity approach has its foundation on Dr. Aguayo Gonzalez’s doctoral work. He has extensive research and development (R&D) experience in cyber security, critical infrastructure protection, side-channel analysis, machine learning, and signal processing. Dr. Aguayo Gonzalez has served as Principal Investigator in multiple R&D projects in cyber security protection of critical infrastructure. Key sponsors of this research include: National Science Foundation, Army, Air Force, the Defense Advanced Research Projects Agency, and the Department of Homeland Security


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 14:30-14:50


Sex Work After SESTA/FOSTA

Saturday at 14:30 in Track 2
20 minutes |

Maggie Mayhem MaggieMayhem.Com

Surveillance had been a fact of life for sex workers wherever they have faced prohibition. Only two elements, communication and association, can differentiate between commercial and personal sex, criminal enforcement of prostitution laws have necessarily meant targeting the speech and affiliation of perceived sex workers. Enforcement of this nature is facilitated by profiling, institutional bias, and broad overreaching policies that fundamentally violate individual human rights. This has included condoms as evidence, non-consensual medical screenings, and targeted harassment of black transgender women as well as license plate recording projects and stings that focus disrupting immigration or migrant workers.

For all of its risks, screening potential clients is safer over email than it is in person during a street based negotiation often in an isolated part of town. SESTA (Stop Enabling Sex Traffickers Act) comes at a time when compelling research demonstrates that Craigslist resulted in a 17% drop in the female homicide rate. SESTA will also put victims at risk by delaying their identification and recovery by eliminating a digital paper trail. Additionally, Section 230 of the Communications Decency Act is a vital protection for a free internet. Subverting SESTA will create greater economic disparity between sex workers and ultimately empower pimps and agencies over independent providers.

Maggie Mayhem
Maggie Mayhem is a sex worker, birth worker, and death worker from San Francisco, CA. She has served on the Board of Directors for the Sex Worker Outreach Project-USA and founded the health, hygiene, and harm reduction project HarmReduxSF. She has been involved in public health since 2003 and is an international advocate for sex worker rights and reproductive justice. She has spoken about sexual biometrics at SxSW; debated pornography at Yale with Gail Dines; shared the history of pre-WWII porn at the University of Toronto; was artist-in-residence at the Museumsquartier in Vienna; talked about developing sex worker centered policy at DymaxiCon in Helsinki; presented her crack pipe distribution project at the Harm Reduction Coalition conference; shared statistics and research on sex workers and violence at the University of Winchester; and examined public mourning in human rights activism at the University of Southampton. Her independent adult website MeetTheMayhems was the recipient of a feminist porn award.

@MsMaggieMayhem // Insta @MaggieMayhem // Web MaggieMayhem.Com //


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


Sh00t—An open platform for manual security testers & bug hunters

Saturday 08/11/18 from 1400-1550 at Table Two
AppSec, Mobile and Offensive security

Pavan Mohan

An open platform for bug hunters emphasizing on manual security testing.

Sh00t is a dynamic task manager to replace simple text editors or task management tools that are NOT meant for security testing provides checklists for security testing helps in reporting with custom bug templates

Sh00t benefits best for pen testers, bug bounty hunters, security researchers and anybody who love bugs!

Written in Python and powered by Django web framework.

Pavan Mohan
Pavan aka pavanw3b is a Senior Security Engineer at ServiceNow. He is one of the core members of Null security community—Hyderabad chapter. He participates in bug bounty programs in his free time and made it to hall of fames of some companies.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 13:25-13:55


Skiptracer - Ghetto OSINT for broke hackers - illwill

Initial attack vectors for recon usually involve utilizing pay-for-data/API (Recon-NG), or paying to utilize transforms (Maltego) to get data mining results. Using some basic python webscraping of PII paywall sites to compile passive information on a target on a ramen noodle budget. The modules will allow queries for phone/email/screen names/real names/addresses/IP/Hostname/breach credentials etc..

This demo will go over the basic outline of using the script, the problems and pitfalls of dealing with scrapers, and how it will help you collect relevant information about a target to help expand your attack surface.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 22:00-25:59


Title:
skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All

Flamingo

Open to all DEF CON attendees!

Bands:
Loveshack
https://www.gigmasters.com/80's-hits/loveshack

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 13:00-13:30


Title:
Sluts, Bullies, and Best Selves: Rethinking Digital Privacy Education

1:00pm

Sluts, Bullies, and Best Selves: Rethinking Digital Privacy Education
When
Sat, August 11, 1:00pm 1:30pm
Description
Speakers
-------
Caroline D. Hardin
Jen Dalsen

Abstract
--------
You try to lock down your privacy on apps, but the settings are poorly thought out. You use a Signal and VPN, but all the best privacy technology in the world isnt going to save you from the gossipy neighbor who overshares your information. And when it comes to kids, well, we know better than anyone that theyll figure a way around netnanny, but they make horrible choices when they do. All these problems stem from the general public needing to be more sophisticated in the design and use of digital privacy. We took a hard look at the digital privacy curriculum most people are getting, and propose a new way forward which ditches slut shaming for celebrating identity, and trades silencing voices for negotiating boundaries.

Bio
-----------------
Caroline D. Hardin is a PhD student studying Computer Science Education. She is interested in digital privacy, e-textiles, hackathons, and the educational culture of hackers. Currently she is the Southern Wisconsin Regional Manager for Microsoft TEALS, which helps pair new high school CS teachers with industry mentors.

Jennifer Dalsen is a doctoral student in the Department of Curriculum & Instruction at UW-Madison. She looks at strategies students use to build scientific capacity and coordinate artifacts through gameplay. Her professional background includes user experience testing, qualitative analyses, quantitative analyses, data collecting, conducting interviews, focus groups, building surveys, and more.

Twitter handle of presenter(s)
------------------------------
@carolinescastle

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 14:00-14:45


SMBetray—Backdooring and breaking signatures

Saturday at 14:00 in Track 1
45 minutes | Demo, Tool

William Martin Security & Privacy Senior Associate

When it comes to taking advantage of SMB connections, most tools available to penetration testers aim for system enumeration or for performing relay attacks to gain RCE. If signatures are required, or if the victims relayed are not local admins anywhere, that can put a real stint in leveraging SMB to gain any serious footholds in a network. Fortunately, the mentioned attacks are only the tip of the iceberg of the ways to gain RCE with insecure SMB connections – and there’s a new tool to help take full advantage of these opportunities.

William Martin
William Martin is a penetration tester & information security researcher with more than five years of experience in the Information Security Industry. William became an Offensive Security Certified Professional(OSCP) in November of 2015, and is currently a senior associate at RSM US LLP in the Security and Privacy practice with a focus on penetration testing and social engineering.

@quickbreach
www.linkedin.com/in/william-martin-OSCP


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 18:40-19:30


Saturday August 11 2018 1840 50 mins
Social Engineering Course Projects for Undergraduate Students
The hard science disciplines (computer science, electrical and computer engineering) have already started investing heavily in cybersecurity education. Security experts, however, note that cybersecurity is a wider discipline than simply the [technical] fields, and professionals with backgrounds [in] the social sciences … will be needed in the cyber workforce of the future. The relevance of incorporating social sciences into the cybersecurity domain has been acknowledged by the National Academies of Sciences, Engineering, and Medicine and the Department of Homeland Security. Social science disciplines, such as sociology, criminology/criminal justice, anthropology, political science, and psychology are particularly adept at unpacking the complex facets of human behavior and should therefore be leveraged for their contributions to the area of cybersecurity. Yet, the social science arena remains weak in cybersecurity training and education of the future cyber workforce.

This talk shares an educator’s efforts to engage undergraduate students in a hands-on social engineering project across Fall 2017 and Spring 2018 semesters. It uses the experiential learning framework that promotes “learning by doing”. Specifically, this talk focuses on three sub-projects: (i) shoulder surfing where student teams competed against each other, (ii) laptop distraction, where student teams attempted to convince Temple University Computer Services employees to leave their laptops (designed for the class exercise) so that the students could remove a bogus ‘intellectual property’ file and place a fake ‘malware’ program on the employees’ machines, and (iii) convince individuals on Temple University campus to take a selfie with team members and a funny prop.

The talk also offers a comparative analysis of these projects over the two semesters, sharing the experiences and challenges of both the students and this educator. It also details the issues about designing projects that follow university ethics standards, training students in human subjects research ethics, generating relevant rubrics, and how to evaluate student engagement and learning. To conclude, the educator shares these cases discussed to initiate dialog in the area of hands-on learning for social science students. Audience feedback is welcomed as this educator is still exploring the experiential learning approach, especially in the area of social engineering.

Aunsuhl Rege: @prof_rege
Aunshul Rege is a criminology professor at Temple University. Her National Science Foundation sponsored research and education projects examine the human element of cybercrimes, focusing on behavior, decision-making, adaptation, and group dynamics. She is passionate about educating the next generation workforce across the social and hard sciences about the relevance of the human factor in cybersecurity. She has published in the area of cybersecurity education in USENIX, American Society for Engineering Education, and International Symposium on Resilient Control Systems (IEEE). She has a BSc in Computer Science, a BA and MA in Criminology, and an MA and PhD in Criminal Justice.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 15:30-15:59


Saturday August 11 2018 1530 30 Mins
Social Engineering from a CISO’s Perspective
Social Engineering is a powerful tool. With the weapons gathered through Open Source Intelligence (OSINT) gathering and well crafted vishing or phishing a Social Engineer wields incredible power to do good.

Unfortunately, for some the power of being a Social Engineer is one that they wield to show they are smarter than those around them and cause stress and fear doing damage to any potential relationship they or the department they represents.

This discussion will be about how to create meaningful, targeted phish and vish in an enterprise while strengthening information security from the real world perspective of a CISO as well as a few specifics to avoid. In conclusion this presentation will cover the importance of trust and how social engineering can help build or destroy trust.

Kathleen Mullin: @kate944032
Kate Mullin is an influential information security practitioner with more than 30 years of experience in various accounting, audit, risk, governance, and information security roles. She has been a CISO at various organizations including publicly traded, private, not-for-profit, and governmental entities. Kate established the role of CISO at Tampa Airport and at Healthplan Services.
Kate provides interim CISO and vCISO services, specifically executive and board consultation on governance, risk, compliance, and cyber security that includes stakeholder engagement, training and development, IT infrastructure management, social engineering, incident response, business continuity, and disaster recovery strategies.
Throughout her career, Kate has volunteered and participated in maturing information security as a profession. Kate is a former member of the ISACA CGEIT Certification and Credentials Committee and a past chapter president and CISA, CISM, CRISC, and CGEIT coordinator for West Florida ISACA. Kate has been a part of the CISO Coalition governing board.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 14:30-14:59


Title: Some Mining Related Attacks

Speakers: Zhiniang Peng

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Saturday - 15:00-16:59


Title:
Spell Check: The Hacker Spelling Bee

The year is 1983. Supplies and entertainment are both running low and the machines are closing in. Suddenly, a technical editor from the future appears with a security style guide from 2018 and challenges you to spell terms as they appear in the guide. Maybe this quaint ritual will warm the hearts of the robots and bring in a new era of understanding to this troubled world. Youre confident you can make it past asset and botnet, but you get a sinking feeling that in later rounds, capitalization is going to count too. The odds are against you, but its the end of the world you might as well go out in a blaze of glory.

More Info: https://www.bishopfox.com/news/2018/07/def-con-26-spellcheck-the-hacker-spelling-bee/

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 16:00-16:20


StuxNNet: Practical Live Memory Attacks on Machine Learning Systems

Raphael Norwitz

Like all software systems, the execution of machine learning models is dictated by logic represented as data in memory. Unlike traditional software, machine learning systems’ behavior is defined by the model’s weight and bias parameters, rather than precise machine opcodes. Thus patching network parameters can achieve the same ends as traditional attacks, which have proven brittle and prone to errors. Moreover, this attack provides powerful obfuscation as neural network weights are hard to interpret, making it difficult for security professionals to determine what a malicious patch does. We demonstrate that one can easily compute a trojan patch, which when applied causes a network to behave incorrectly only on inputs with a given trigger. An attacker looking to compromise an ML system can patch these values in live memory with minimal risk of system malfunctions or other detectable side-effects. In this presentation, we demonstrate proof of concept attacks on TensorFlow and a framework we wrote in C++ on both Linux and Windows systems. An attack of this type relies on limiting the amount of network communication to reduce to the likelyhood of detection. Accordingly, we attempt to minimize the size of the patch, in terms of number of changed parameters needed to introduce trojan behavior. On an MNIST handwritten digit classification network and on a malicious PDF detection network, we prove that the desired trojan behavior can be introduced with patches on the order of 1% of the total network size, using roughly 1% of the total training data, proving that the attack is realistic.

I am a recent graduate from Columbia Univserity with a BA in Computer Science and MS in Machine Learning, and an incoming engineer on the Acropolis Hypervisor team at Nutanix. I have experience with Linux Kernel development, data science and malware analysis. I have interned at Google, Drawbridge and Nimbledroid, and have published research with Columbia’s Wireless and Mobile Networking lab. For fun, I like to be outdoors and train Brazilian Ju-Jitsu.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 18:05-18:35


Supercharge Your Web Recon With Commonspeak and Evolutionary Wordlists - Michael Gianarakis and Shubham Shah

When conducting a web application penetration test understanding and extending the attack surface is an exercise that is critical for success. Having a large wordlist of realistic directories, files and domains is assists immensely with this process.

Commonspeak is a wordlist generation tool that leverages public datasets from Google’s BigQuery platform. By performing queries on large datasets that are updated frequently, commonspeak is able to generate wordlists that are “evolutionary”, in the sense that they reflect the newest trends on the internet.

This presentation will discuss the concept of evolutionary wordlists and how Commonspeak parses URLs from various BigQuery datasets including HTTPArchive, Stack Overflow and HackerNews to build current, consistently evolving and realistic wordlists of directories, files, parameter names for specific technologies, and subdomains.

We will also introduce Commonspeak 2 and discuss the additions to the tool including scheduled wordlist creation, comprehensive GitHub queries a permutation engine for subdomain discovery and asynchronous wordlist generation.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


Swissduino—Stealthy USB HID Networking & Attack

Saturday 08/11/18 from 1600-1750 at Table Four
Offense

Mike Westmacott

The Swissduino is a set of tools on an Arduino Yun that allow for the upload of binaries to target systems remotely via USB HID Keyboard, and then provide TCP connectivity between the remote attacker system and the target purely through USB HID. The demonstration shows a Metasploit Meterpreter stub being uploaded, and then actively used without triggering anti-virus (Win 7 host…). New for 2018: (In development) Expanded toolset that allows for password extraction from login and automated installation of toolkit in Windows 10 with anti-malware/local firewall, also targeting of Linux.

Github: https://github.com/drwesty/swissduino

Mike Westmacott
Mike works for Thales Cyber & Consulting at the technical end of the cyber security practice and operates broadly on the same basis as an attacker. He has conducted over one hundred penetration tests and audits against a wide variety of systems and targets, combined with activities such as secure code review, reverse engineering and wireless assessment. Mike has worked as a CREST Certified Network Intrusion Analyst and has performed breach assessments in a number of different industry sectors including finance, engineering and government. He has managed and delivered a CVI (Cyber Vulnerability Investigation) for the UK MOD in the first of a series of industry-delivered assessments.

He has provided incident response training at board level in the form of desktop scenarios with red and blue teams engaged in a fictitious cyber-attack. This has proven to be an excellent tool for extracting tactics, forming future strategies, and educating participants.

Mike founded a volunteer group in BCS (The Chartered Institute for IT) to introduce IT practitioners to the information security industry and has presented at a government select committee and taken part in numerous senior panels at industry and government events. He has also written articles for well-known industry publications included ITnow, Computer Weekly, InfoSecurity Magazine.

Prior to working in information security Mike worked as an application support analyst on a financial trading platform and later an enterprise succession planning system. Before this Mike gained his PhD in Computer Vision at the University of Southampton.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 13:00-13:20


Targeted User Analytics and Human Honeypotss - Mbis0n Shador (Not a Real name)

Many significant breaches have resulted from adversaries knowing who to target, how to target them and where to target them. Most corporations are not effectively using the largest collection of targeting data that is available on the public internet and fail to build and refine data driven threat models using the information that our adversaries are using against us. Targeted User Analytics and Human Honeypots is a research project I am working on to identify and model targeting methods with the hope of tipping the scales in our favor to defend our networks, users and critical systems.

LinkedIn is the largest collection of Business Social Networking data available to “unathenticated” persons on the public internet. With the right techniques this data can be mined to identify and enrich targets. The purpose of my talk is to present targeting techniques through a use case and to demonstrate the value of other enrichment methods involving data sets that are widely available or collected from corporate security tools. The end result is analytics that predict who will be targeted and why they are more likely to be compromised if they are targeted. This will allow for proactive action to be taken to defend users and our assets.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 11:15-11:59


Title: Technology Enabled Prosthetic Environments

Speaker: Gerry Scott
Abstract:
Even though employers are increasingly recruiting autistic employees, autistic adults have one of the highest unemployment rates in the United States. This paper presents ongoing research by the author: (a) providing a brief overview of current scientific and societal perspectives on autism; (b) describing an on-going qualitative study of autistic autobiographical writings to gain insight into the autistic ex-perience, challenges faced in society, and barriers to employment; and (c) proposing Technology-Enabled Prosthetic Environments (TEPE) as a design concept for the integration of assistive technology for workplace accommodation.

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 11:00-11:59


Title:
The Abyss is Waving Back

Sidragon
@sidragon1
The Abyss is Waving Back

The four paths that human evolution is charging down, and how we choose which ones right


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 16:00-16:50



Saturday August 11 2018 1600 50 Mins
The Abyss is Waving Back…

As humans we have four evolutionary paths:
Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 16:00-16:30


The Cactus: 6502 Blinkenlights 40 Years Late

Commodore Z

Abstract

While many machines prior to the microcomputer boom of 1977 were commonly found with front panel interfaces and blinkenlights, only a few obscure examples use a 6502 microprocessor. What seemed like a perfect blend of inexpensive computer technologies didn’t mix well in practice, thus kits and the majority of homebrew machines opted for other microprocessor/interface combinations. Building a computer from the ground up around a microprocessor was a process worth exploring, so why not approach it from a historical perspective? Enter the Cactus: a technological “what if” built with the goal of recreating the homebrew computer experience of the 1970s. This includes parts and construction techniques of the era, with only a few post-1980 concessions where appropriate. I will describe the process involved in making a 1970s homebrew computer ~40 years too late, as well as why such a machine never could have come to be in the era it was designed to mimic.

Bio

Commodore Z is vintage computer geek by night, and a broadcast engineer by day. He collects and restores vintage computers & robots, studies historical telephony, and peers into the past to better understand the future. He lives by the mantra “jack of all trades, master of none, but better than a master of one”, and doctors say there are traces of blood in his lead stream. When time permits, he volunteers for the Vintage Computer Federation.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 11:00-11:45


Title:
The Cantankerous Cannabis Cryptocurrency Kerfuffle

Cryptocurrency, Big Data & their efficacies re: security, economics, and operations
Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 17:00-17:59


Title:
The challenge of building an secure and safe digital environment in the healthcare

@_j3lena_

The challenge of building an secure and safe digital environment in the healthcare

It is of utmost importance to keep healthcare data safe, secure and private. As security and healthcare professionals it is important to be aware of the many ways and reasons a criminal can bring harm to a patient. While a criminal may maliciously seek to cause harm to a patient, they are just as likely to impact a hospital or patient as an unintended consequence of a different attack. By making everything digital and connecting it online without making it safe and secure, we have made this possible.
The environment within the organization must enable infosec professionals to do the best possible job.
We, hospital staff, IT staff, and vendors, can work together to build safe and secure environment in the healthcare.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 10:00-10:20


The current state of adversarial machine learning

infosecanon

Machine learning is quickly becoming a ubiquitous technology in the computer security space, but how secure is it exactly? This talk covers the research occurring in adversarial machine learning and includes a discussion of machine learning blind spots, adversarial examples and how they are generated, and current blackbox testing techniques.

Heather Lawrence is a cyber data scientist working with NARI. She earned her undergraduate and MS degrees in Computer Engineering from the University of Central Florida focusing on computer security. She is pursuing a PhD in Computer Engineering from the University of Nebraska Lincoln. Her previous experience in cyber threat intelligence modeling, darknet marketplace research, IT/OT testbed development, data mining, and machine learning has led to several awards from capture-the-flag competitions including the National Collegiate Cyber Defense Competition, CSI CyberSEED, and SANS Netwars Tournament. Her current research interests focus on the application of machine learning to cybersecurity problem sets.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 10:40-11:20


The great power of AI: Algorithmic mirrors of society

Aylin Caliskan

“Following the progress in computing and machine learning algorithms as well as the emergence of big data, artificial intelligence (AI) has become a reality impacting every fabric of our algorithmic society. Despite the explosive growth of machine learning, the common misconception that machines operate on zeros and ones, therefore they should be objective, still holds. But then, why does Google Translate convert these Turkish sentences with gender-neutral pronouns, “O bir doktor. O bir hemşire”, to these English sentences, “He is a doctor. She is a nurse”? As data-driven machine learning brings forth a plethora of challenges, I analyze what could go wrong when algorithms make decisions on behalf of individuals and society if they acquire statistical knowledge of language from historical human data.

In this talk, I show how we can repurpose machine learning as a scientific tool to discover facts about artificial and natural intelligence, and assess social constructs. I prove that machines trained on societal linguistic data inevitably inherit the biases of society. To do so, I derive a method that investigates the construct of language models trained on billions of sentences collected from the World Wide Web. I conclude the talk with future directions and open research questions in the field of ethics of machine learning.”

Aylin Caliskan is an assistant professor of computer science at George Washington University. Her research interests include the emerging science of bias in machine learning and fairness, AI ethics, data privacy, and security. Her work aims to characterize and quantify aspects of artificial and natural intelligence using a multitude of machine learning and language processing techniques. In her recent publication in Science, she demonstrated how semantics derived from language corpora contain human-like biases. Prior to that, she developed novel privacy attacks to de-anonymize programmers using code stylometry. Her presentations on both de-anonymization and bias in machine learning are the recipients of best talk awards. Her work on semi-automated anonymization of writing style furthermore received the Privacy Enhancing Technologies Symposium Best Paper Award. Her research has received extensive press coverage across the globe, contributing to public awareness on risks of AI. Aylin holds a PhD in Computer Science from Drexel University and a Master of Science in Robotics from the University of Pennsylvania. Before joining the department of computer science at GWU, Aylin was a postdoctoral researcher and a fellow at Princeton University’s Center for Information Technology Policy.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 15:00-15:59


Title:
The Invisible Hands Tending the Secret Greens

The macroeconomics of Big Cannabis
Return to Index    -    Add to    -    ics Calendar file

 

DDV - Caesars Promenade Level - Capri Rm - Saturday - 14:00-14:55


Speaker: Lior Kolnik

Full disk images introduce large amounts of data into a forensic investigation. Still, certain evidence exists only in memory, especially when dealing with malware or fileless attacks designed to stay completely in memory and avoid hitting the disk, exactly for the purposes of avoiding detection and analysis by forensic examiners. Memory forensics is a rapidly growing field, offering many free tools for RAM analysis to uncover important evidence and further the case quickly. As it turns out, these tools can also be applied to a cold drive. Due to OS features such as hibernation, paging and swap space, data from memory ends up being written to disk and survives even when the machine is powered down. In this session, the presenter will introduce the challenges faced when investigations rely solely on disk images, in cases where live memory had not been captured. The audience will then learn how investigators can still benefit from memory forensics in such cases. The presenter will give a full walkthrough of applying techniques, discuss their benefits and limitations, and show examples of results.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 16:00-16:59


Title:
The Ongoing Federal Lawsuit Against Jeff Sessions

No description available
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 13:30-13:50


The ring 0 façade: awakening the processor's inner demons

Saturday at 13:30 in Track 1
20 minutes | Demo, Tool

Christopher Domas

Your computer is not yours. You may have shelled out thousands of dollars for it. It may be sitting right there on your desk. You may have carved your name deep into its side with a blowtorch and chisel. But it's still not yours. Some vendors are building secret processor registers into your system's hardware, only accessible by shadowy third parties with trusted keys. We as the end users are being intentionally locked out and left in the dark, unable to access the heart of our own processors, while select organizations are granted full control of the internals of our CPUs. In this talk, we'll demonstrate our work on how to probe for and unlock these previously invisible secret registers, to break into all-powerful features buried deep within the processor core, to finally take back our own computers.

Christopher Domas
Christopher Domas is a security researcher and embedded systems engineer, currently investigating scalable IoT security. He is best known for releasing impractical solutions to non-existent problems, including the world's first single instruction C compiler (M/o/Vfuscator), toolchains for generating images in program control flow graphs (REpsych), showing that all programs can be reduced to the same instruction stream (reductio), and the branchless DOOM meltdown mitigations. His more relevant work includes the sandsifter processor fuzzer, the binary visualization tool ..cantor.dust.., and the memory sinkhole x86 privilege escalation exploit.

@xoreaxeaxeax


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 17:00-17:45


The Road to Resilience: How Real Hacking Redeems this Damnable Profession

Saturday at 17:00 in Track 1
45 minutes |

Richard Thieme, a.k.a. neural cowboy Author and professional speaker, ThiemeWorks

Two years ago Richard Thieme spoke on “Playing Through the Pain: The Impact of Dark Knowledge on Security and Intelligence Professionals” for Def Con 24. He relied on dozens of experiences provided by colleagues over a quarter-century, colleagues from NSA, CIA, corporate, and military. Responses to the presentation have often been emotional and have corroborated his thesis. The real impact of this work on people over the long term has to be mitigated by counter-measures and strategies so scars can be endured or,even better,incorporated and put to use.

In this presentation, Thieme elaborates those strategies and counter-measures. In what is likely his final speech at Def Con, he speaks directly to the “human in the machine” AS a human being. It’s not about leaving the profession: it’s about what we can do to thrive and transcend the challenges. It‘s about “saving this space,” this play space of hacking, work and life, and knowing the cost of being fully human while encountering dehumanizing impacts.

It is easier to focus on exploits, cool tools, zero days, and the games we play in the space that “makes us smile.” It is not so easy to know how to play through the pain successfully. The damage to us does not show up in brain scans. It shows up in our families, our relationships, and our lives.

Thieme is not preaching, he is sharing insights based on what he too has had to transcend in his own life. They call a lot of us “supernormals,” which means we discovered resilient responses to deprivation, abuse, profound loss … or the daily challenges of work that makes clear that evil is real. We are driven, we never quit, we fight through adversity, we create and recreate personas that work, we do what has to be done. It pays to know how we do that and know THAT we know so we can recreate resilience in the face of whatever comes our way.

A contractor for NSA suggested that everyone inside the agency should see the video of “Playing Through the Pain.” A long-time Def Con attendee asks all new hires to watch “Staring into the Abyss,” a talk Thieme did a few years before. This subject matter is seldom discussed aloud “out here” and by all accounts is not taken seriously “inside,” which is perhaps why there have been half a dozen suicides lately at NSA and a CIA veteran said, “I have 23 suicides on my mind, the most recent senior people who could not live with what they knew.”

The assumption baked into this talk: real hacking, its ethos and its execution, provides the tools we need to do this damn thing right.

This talk is in honor of Perry Barlow and the EFF.

Richard Thieme
Richard Thieme (www.thiemeworks.com) is an author and professional speaker focused on the deeper implications of technology, religion, and science for twenty-first century life. He speaks professionally about the challenges posed by new technologies and the future, how to redesign ourselves to meet these challenges, and creativity in response to radical change. His speaking generally addresses “the human in the machine,” technology-related security and intelligence issues as they come home to our humanity.

Thieme has published hundreds of articles, dozens of short stories, five books with more coming, and has delivered hundreds of speeches. His pre-blog column, "Islands in the Clickstream," was distributed to thousands of subscribers in sixty countries before collection as a book in 2004. When a friend at the NSA told him, "The only way you can tell the truth [that we discuss} is through fiction," he returned to writing short stories, one result of which is "Mind Games," a collection of nineteen stories about anomalies, infosec, professional intelligence and edgy realities. More edgy realities are illuminated in the recently published and critically extolled “UFOs and Government: A Historical Inquiry” to which he contributed, a 5-year research project using material from inside the military and intelligence communities to document government responses to the phenomena from WW2 to the present. It is in the collections of 100+ libraries. He is primary editor for a sequel which is in the works.

Many speeches address technology-related security and intelligence issues. Richard keynoted the first two Black Hats and has keynoted conferences around the world. Clients range from GE, Microsoft and Medtronic to the National Security Agency, the Pentagon, FBI, US Dept of the Treasury, and the US Secret Service. His work has been taught at universities in Europe, Australia, Canada, and the United States, and he has guest lectured at numerous universities.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 10:00-10:45


Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems

Saturday at 10:00 in 101 Track, Flamingo
45 minutes | Demo

Jos Wetzels Security Researcher, Midnight Blue Labs

Marina Krotofil ICS/SCADA Security Professional

In 2017 a malware framework dubbed TRITON (also referred to as TRISIS or HatMan) was discovered targeting a petrochemical plant in Saudi Arabia. TRITON was designed to compromise the Schneider Electric Triconex line of Safety Instrumented Systems (SIS), potentially in order to cause physical damage. TRITON is the most complex publicly known ICS attack framework to date and the first publicly known one to target safety controllers. While the functionality of the malware is understood, little is known about the complexity of developing such an implant. The goal of this talk is to provide the audience with a “through the eyes of the attacker” experience in designing advanced embedded systems exploits & implants for Industrial Control Systems (ICS). Attendees will learn about the background of the TRITON incident, the process of reverse-engineering and exploiting ICS devices and developing implants and OT payloads as part of a cyber-physical attack and will be provided with details on real-world ICS vulnerabilities and implant strategies.

In the first part of the talk we will provide an introduction to ICS attacks in general and the TRITON incident in particular. We will outline the danger of TRITON being repurposed by copycats and estimate the complexity and development cost of such offensive ICS capabilities.

In the second and third parts of the talk we will discuss the process of exploiting ICS devices to achieve code execution and developing ICS implants and OT payloads. We will discuss real-world ICS vulnerabilities and present several implant scenarios such as arbitrary code execution backdoors (as used in TRITON), pin configuration attacks, protocol handler hooking to spoof monitored signal values, suppressing interrupts & alarm functionality, preventing implant removal and control logic restoration and achieving cross-boot persistence. We will discuss several possible OT payload scenarios and how these could be implemented on ICS devices such as the Triconex safety controllers.

In the final part of the talk we'll wrap up our assessment of the complexity & cost of developing offensive ICS capabilities such as the TRITON attack and offer recommendations to defenders and ICS vendors.

Jos Wetzels
Jos Wetzels is an independent security researcher with Midnight Blue specializing in embedded systems security across various domains ranging from industrial and automotive systems to IoT and networking equipment. He previously worked as a researcher at the Distributed and Embedded Security group (DIES) at the University of Twente (UT) where he developed exploit mitigation solutions for constrained Industrial Control Systems (ICS) used in critical infrastructure, performed various security analyses of state-of-the-art network and host-based intrusion detection systems and has been involved in the AVATAR research project regarding on-the-fly detection and containment of unknown malware and Advanced Persistent Threats. He has assisted teaching hands-on offensive security classes for graduate students at the Dutch Kerckhoffs Institute for several years.

@s4mvartaka

Marina Krotofil
Marina Krotofil is an experienced ICS/SCADA professional. She previously worked as a Principal Analyst in Cyber-Physical group at FireEye (USA), Lead Cyber Security Researcher at Honeywell (USA) and as a Senior Security Consultant at the European Network for Cyber Security (Netherlands). She spent seven years researching on offensive Industrial Control Systems (ICS) security: discovering and weaponizing unique attack vectors, engineering damage scenarios and understanding attacker techniques when exploiting ICS. Marina offensive security skills serves her well during Incident Responses, ICS malware analysis and when engineering defenses. She authored more than 20 academic and white papers on ICS security and is a frequent speaker at the leading security events around the world. She holds MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems.

@marmusha


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 12:00-12:45


Tineola: Taking a Bite Out of Enterprise Blockchain

Saturday at 12:00 in Track 1
45 minutes | Demo, Tool

Stark Riedesel Synopsys, Senior Consultant

Parsia Hakimian Synopsys, Senior Consultant

Blockchain adaptation has reached a fever pitch, andthe community is late to the game of securing these platforms against attack. With the open source community enamored with the success of Ethereum, the enterprise community has been quietly building the next generation of distributed trustless applications on permissioned blockchain technologies. As of early 2018, an estimated half of these blockchain projects relied on the Hyperledger Fabric platform.

In this talk we will discuss tools and techniques attackers can use to target Fabric. To this end we are demoing and releasing a new attack suite, Tineola, capable of performing network reconnaissance of a Hyperledger deployment, adding evil network peers to this deployment, using existing trusted peers for lateral network movement with reverse shells, and fuzzing application code deployed on Fabric.

As George Orwell said: "Who controls the past controls the future. Who controls the present controls the past." This talk will demonstrate how a sufficiently armed red team can modify the blockchain past to control our digital future.

Stark Riedesel
Stark Riedesel is a senior consultant at Synopsys with six years of security industry experience. He has filled a variety of roles, including penetration tester, researcher, lecturer, and security architect. Stark’s active areas of research are public and private blockchain platforms, NoSQL-based exploitation techniques, and container orchestration. Outside work,Stark speaks and hosts CTF events at the Dallas, Texas, OWASP chapter and local universities.

Parsia Hakimian
Parsia Hakimian is a senior consultant at Synopsys with seven years of security industry experience. He has worked on enterprise blockchains, online multiplayer games, stock exchange platforms, mobile device management suites, and IoT devices. On a different continent, he was a C developer, university instructor, and single-player game cheater. Parsia is currently evangelizing Golang to the security community and practicing in-memory fuzzing.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 13:55-14:25


TOR for The IOT aka TORT Reform

August 11, 2018 1:55 PM

Exploitation is a given. Unwanted parties will gain access eventually whether it is through technical, physical, or social means. The only other certainty is they will continue to come up with new ways to innovate. They have to blend in to succeed so how do they balance those two competing influences? More than just the inconvenience, at worst, of taking over simple I/IOT or the creepiness of your home webcam. We will begin by analyzing the attacks that have happened and how they worked. Then, we will build our own. I will walk through how an attacker doesn’t just attack you, but can easily build a mass attack campaign to take over thousands. Once they do, I show how instead of that inconvenience, they can laterally take over the house and hop to steal interesting things like embarrassing photos, social security numbers, bank account information, intellectual property, and tax returns for profit. If you cannot keep them out what can you do? For starters, let’s understand how they communicate including some unique ideas for protocols (Google Suite) and infrastructure (traditional smokescreen for non-attribution to re-purposing I/IoT devices). This is the attacker’s vulnerability: They have to use your connectivity. Finding them on endpoints is fairly difficult because they have numerous ways to evade. But, on the wire… the options are limited to just blending in. This talk is aimed to provide something to both offense and defense. For offense, demonstration of basic (orientation of concepts) to novel approaches for traffic protocols and infrastructure. For defense, awareness of traffic patterns along with protocol analysis with experiential detail (wireshark) helps them learn to fish (no pun intended) for a lifetime instead of just eating for a day since none of this is static in real life.

Speaker Information

Bryson Bort

SCYTHE

Bryson is the Founder and CEO of SCYTHE, Founder of GRIMM, and Founding Member of the ICS Village, a non-profit advancing education and awareness of security for industrial control systems. Prior to launching SCYTHE and GRIMM, Bryson led an elite research & development (R&D) division that directly contributed towards National Security priorities and interest. Prior to that he developed an enterprise R&D program and supported creation of a cybersecurity strategy as a Deputy CTO and Program Director focused on supporting technology research and global infrastructure for the DoD and the Intelligence Community. As a U.S. Army Officer, Bryson led a tactical communications platoon in support of Operation Bright Star in September 2001. He served as a Battle Captain and as a Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army at the rank of Captain. Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point and completed numerous U.S. Army professional education courses in tactical communications and information assurance. He holds a Master’s Degree in Telecommunications Management from the University of Maryland and a Master’s in Business Administration from the University of Florida in addition to completing graduate studies in Electrical Engineering and Computer Science at the University of Texas.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 15:00-14:59


Title: Torrent More Pharmaceutical Drugs. File Sharing Still Saves Lives.

Speaker: Mixæl Laufer
About Mixæl:
Chief spokesman for the Four Thieves Vinegar Collective, Mixæl Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of global health and other social issues. Perpetually disruptive, his most recent project makes it possible for people to manufacture their own medications at home. Open-source, and made from off-the-shelf parts, the Apothecary MicroLab puts many medications within the reach of those who would otherwise not have them.
Abstract:
Two years ago, the Four Thieves Vinegar Collective became public at HOPE XI after almost a decade of working underground, and debuted the first generation of the Apothecary Microlab, the open-source automated chemical reactor designed to synthesize the active ingredients of pharmaceutical drugs. We synthesized Daraprim onstage, and called Martin Shkreli's cell phone from stage. It was a good time. Since then, the reactor has developed, and we have worked on more complicated syntheses, and hacking medical hardware. Most notably, we released plans for a DIY version of the EpiPen anyone can make for $30US. Come see the new releases we have planned and the new beta unit. Learn how to make medicine from poison, how to use the shrouding of information about medicine to make custom-tailored treatment programs for rare diseases, and how to use public data to find new, more efficient synthesis pathways for drugs. Hack your health. We can torrent medicine. File sharing saves lives.

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 15:20-15:59


Towards a framework to quantitatively assess AI safety – challenges, open questions and opportunities.

Ram Shankar Siva Kumar

While the papers are piling in arxiv on adversarial machine learning, and companies are committed to AI safety, what would a system that assess the safety of ML system look like in practice? Compare a ML system to a bridge under construction. Engineers along with regulatory authorities routinely and comprehensively assess the safety of the structure to attest the bridge’s reliability and ability to function under duress before opening it to the public. Can we as security data scientists provide similar guarantees for ML systems? This talk lays the challenges, open questions in creating a framework to quantitatively assess safety of ML systems. The opportunities, when such a framework is put to effect, are plentiful – for a start, we can gain trust with the population at large that ML systems aren’t brittle; that they just come in varying, quantifiable degrees of safety.

Ram Shankar is a Data Cowboy on the Azure Security Data Science team at Microsoft, where his primary focus is modeling massive amounts of security logs to surface malicious activity. His work has appeared in industry conferences like BlueHat, DerbyCon, MIRCon, Strata+Hadoop World Practice of Machine Learning as well as academic conferences like NIPS, IEEE Usenix, ACM - CCS. Ram graduated from Carnegie Mellon University with a Masters in Electrical and Computer Engineering. If you work in the intersection of Machine Learning and Security, he wants to learn about your work!


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


trackerjacker

Saturday 08/11/18 from 1200-1350 at Table One
Offensive and Defensive Wireless Hackers

Caleb Madrigal

trackerjacker is a new wifi tool that allows you to (a) see all wifi devices and which wifi networks they're connected to, along with how much data they've sent, how close by they are, etc, and (b) look for interesting traffic patterns and trigger arbitrary actions based on those patterns. The "mapping" functionality is sort of like nmap for wifi—it lists all wifi networks nearby, and under each network it lists all the clients connected to that network. The "trigger" functionality allows users to do things like "if this device sends more than 10000 bytes in 30 seconds, do something". It also includes a powerful Python plugin system that makes it simple to write plugins to do things like "if I see an Apple device with a power level greater than -40dBm, deauth it". If you want to do any sort of wifi recon/monitoring/hacking, trackerjacker will almost certainly make the job easier!

https://github.com/calebmadrigal/trackerjacker

Caleb Madrigal
Caleb is a programmer who enjoys hacking and mathing. He is a member of the Mandiant/FireEye applied research team, where he researches and builds sweet incident response software. Recently, he's mostly been hacking with Python, Jupyter, C, and Machine Learning. Though only recently getting into the security space professionally, Caleb has been into security for a while—in high school, he wrote his own (bad) cryptography and steganography software. In college, he did a good bit of "informal pen testing". These days, he has fun doing a lot of Radio/Wireless hacking, and using Machine Learning/Math to do cool security-related things.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 13:00-13:30


Turning Deception Outside-In: Tricking Attackers with OSINT

Hadar Yudovich, Security Researcher at Illusive Networks
Tom Sela, Head of Security Research at Illusive Networks
Tom Kahana, Security Researcher at Illusive Networks

Deceptions use attackers' own tactics to force them to reveal themselves. Deception techniques are typically used inside the network once attackers have broken in. Once inside, attackers use credentials to move laterally. But before penetrating their target, attackers often study publicly available data to plan their attack. Can we assume that attackers continue to use public information once they've broken in? Could externally-planted deceptions expand our range of visibility on the adversary's activity? In this session, we will present research we conducted to answer these questions, and introduce a tool you can use to "try it at home." We first took a deeper look at various OSINT resources-social media, paste sites, public code repositories, etc.-to refine our picture of the types of publicly-available data, attackers might use to further an attack. Then we planted various deceptive information. For example, on PasteBin we created a fake "paste" page containing a dump of fake credentials. On GitHub we created a fake repository of code containing "accidental" commits (git commit -am 'removed password'). Next, we paired these deceptions with relevant data and user objects within a simulated network environment. We then started monitoring and waited for an attacker to bite.

Hadar (Twitter: @hadar0x) is a Security Researcher at Illusive Networks. He has eight years of experience in cyber security, with six of those years focused on digital forensics and incident response (DFIR), both in the Israeli Air Force and in the private sector. Before joining Illusive Networks, he was a malware researcher for IBM Security where he hunted for new malware families and researched new techniques for malware detection. Hadar holds a Bachelor's degree in Computer Science from the Holon Institute of Technology, and several certifications, including the GIAC Certified Forensic Analyst (GCFA). In his free time he likes to develop open source forensic tools and solve forensic challenges.

Tom Sela (Twitter: @4x6hw) is Head of Security Research at Illusive Networks. He specializes in reverse engineering, malware research, deception development and OS internals. Prior to joining Illusive, Tom headed the Malware Research team at Trusteer (acquired by IBM), where he was responsible for Trusteer's anti-fraud endpoint product. At Trusteer he also led a team of reverse-engineers, researching the internals of advanced malware. As an active contributor to the security research community, Tom has spoken at DefCon and IEEE events. He attended the Israeli Naval Academy at the University of Haifa and holds a B.Sc. from Ben-Gurion University.

Tom Kahana (Twitter: @tomkahana1) is a Security Researcher at Illusive Networks, with over nine years in cybersecurity. He specializes in Windows internals. Prior to Illusive Networks, Tom worked for Trusteer, where he specialized in exploitation techniques. Among other accomplishments, he is credited with discovery of ASLR security bypass vulnerability CVE-2016-0012. Tom served five years in an elite unit of the Israel Defense Force (IDF), specializing in Cyber Security Research and Development. Tom is studying for his Bachelor's of Computer Science degree at the Open University of Israel.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


Walrus

Saturday 08/11/18 from 1400-1550 at Table Five
Offense (physical security assessors), Defense (contactless access control system users)

Daniel Underhay

Matthew Daley

Walrus is an open-source Android app for contactless card cloning devices such as the Proxmark3 and Chameleon Mini. Using a simple interface in the style of Google Pay, access control cards can be read into a wallet to be written or emulated later.

Designed for physical security assessors during red team engagements, Walrus supports basic tasks such as card reading, writing and emulation, as well as device-specific functionality such as antenna tuning and device configuration. More advanced functionality such as location tagging makes handling multiple targets easy, while bulk reading allows the stealthy capture of multiple cards while “war-walking” a target.

We’ll be demoing Walrus live with multiple short- and long-range card cloning devices, as well as giving a sneak peek of future plans for the app.

https://walrus.app/

Daniel Underhay
Daniel Underhay is a Security Consultant working at Aura Information Security. He has presented at Troopers, Black Hat Asia Arsenal, ChCon, OzSecCon, and BSides Wellington. He enjoys all aspects of penetration testing, red teaming and phishing engagements.

Matthew Daley
Matthew Daley is a Senior Security Consultant at Aura Information Security. He has presented at Black Hat Asia Arsenal, BSides Wellington, OzSecCon, and OWASP New Zealand. He enjoys vulnerability discovery and exploitation, developing tools to help pentesters in their work, and writing long mailing list disclosures.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 13:00-13:55


elkentaro

Bio

Kentaro is the guy who builds funky wifi gadgets for fun. Kentaro is known as "that guy in Tokyo who build crazy hacker gadgets." Creations include the HackChip, Kismet Mobile Dashboard, Wifi Centipede.

@elkentaro

Aadvark

Bio

Aadvark has a personal connection with his wifi adaptors, he names every single one of them and refers to them as humans.

@aadvark

Darkmatter

Bio

Darkmatter has a very mobile capturing rig known as the #wifiCactus.

@Darkmatter

Wardrivers Anonymous

Abstract

For some us wardriving is a way of life, its what we do for fun and sometimes for work. Wardriving is seeing a resurgence in importance with all devices connecting to the network. Truly we are in a wardriving renaissance, we are seeing more and more devices and protocols being used. The tools we use have adopted to the changing landscape as well , no longer are we wardriving with 3 alfa cards to our laptop in our car, some of us have build wifi wardriving devices that fit in our pocket, some of us have build rigs that can capture all dem waves. This talk will be a panel discussion between panelists covering the wardriving scene of today. It will cover all aspects of wardriving from the why and how and anecdotal stories of wardriving in different situations. It will cover topics as “SDR: The ultimate tool? or the nuclear option?”,“How do you travel (internationally) with your wifi gear?” , “Isn’t wardriving wiretapping?” , “The bestest wifi adaptor eva” , “Do you even Wigle, bro?” and others. The talk aims to be a supportive dialogue for wardrivers.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 10:15-10:15


Title: WaterBot - Hackable Scientific Plant Bot

Speaker: BiaSciLab
About BiaSciLab:
BiaSciLab is an 11 yr old girl who loves hacking, science, technology, and learning. She is constantly inventing new things, researching interesting unexplored topics, teaching kids and adults electronics and programming. She was the youngest speaker ever at H.O.P.E. with her talk "Inspiring The Next Next Generation Of Hackers". When she's not working on talks, hacking, or inventing new things, she enjoys fencing, archery, singing and acting.
Abstract:
The WaterBot is designed to dispense liquid (water, plant food, MS Media) and report how much and when it was administered. Designed, engineered and programed by 11 yr. old BiaSciLab, the WaterBot is open source and scaleable.
Come see how you can hack it to help hack your plants!

Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 12:00-13:59


Title: We Program Our Stinkin Badges!

Speakers: Michael Schloh

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Saturday - 14:30-18:30


Weapons Training for the Empire

Saturday, 1430-1830 in Icon B

Jeremy Johnson

Dive into the world of using the PowerShell Empire Remote Access Tool (RAT). The students will learn to use Empire. They will build command & control, evade some defensive controls, and other red team tips and tricks. Additionally, students will gain insight on how to build more complex infrastructure for Red Team operations, automate common tasks, and extract engagement data for reporting.

Prerequisites: Students should have exposure to the PowerShell Empire framework. We will be working with the latest version of this tool and its features. Students should have some understanding or experience with penetration testing, though it's not strictly necessary.

Materials: Laptop, Kali Linux VM and one or two Windows Virtual Machines. Lab configuration specifics for the course will be broadcast prior to the class.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/weapons-training-for-the-empire-icon-b-tickets-47194311456
(Opens July 8, 2018 at 15:00 PDT)

Jeremy Johnson
bneg has been hacking in one way or another for the past twenty years. He worked in IT operations, development, databases, and network administration before finally escaping to his true calling in offensive security. He now finds immense joy breaking into hospitals, governments, utilities, and corporations. bneg is a contributor to the Empire project, and member of the BloodHound Slack group where he helps to answer questions and hunt bugs in Empire. When he's not making admins cry, he's running, climbing, skiing, or biking on some mountain somewhere year-round. He also volunteers with Mountain Rescue and has two kids. Clearly, he's figured out how to slow space-time.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 10:00-11:15


Title: WELCOME TO DAY 2 of BHV!

Speaker: Staff

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 09:00-09:30


Title:
What happened behind the closed doors at MS

Dimitri
@DimitriNL

What happened behind the closed doors at MS

In the year 2000 several Microsoft sites have been hacked by a Dutch Hacker named Dimitri. Several subdomain servers, such as windowsupdate.microsoft.com, 128download.microsoft.com, events.microsoft.com and so on has been hacked. Not even once but twice in a short period of time. A secret meeting was planned by Microsoft with Dimitri. Why was it secretly? What actually happened behind the closed doors at MS? And why even after 18 years it is still a secret? This presentation includes some Mystery, Drama, Action & NSFW.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


WHID Injector: Hot To Bring HID Attacks to the Next Level

Saturday 08/11/18 from 1200-1350 at Table Four
Red Teams, Blue Teams and Hardware Hackers.

Luca Bongiorni

Nowadays, security threats and cyber-attacks against ICS assets, became a topic of public interest worldwide. Within this demo, will be presented how HID attacks can still be used by threat actors to compromise industrial air-gapped environments. WHID Injector was born from the need for a cheap and dedicated hardware that could be remotely controlled in order to conduct HID attacks. WHID's core is mainly an Atmega 32u4 (commonly used in many Arduino boards) and an ESP-12s (which provides the WiFi capabilities and is commonly used in IoT projects). Nontheless, during the last months, a new hardware was under R&D (i.e. WHID-Elite). It replaces the Wi-Fi capabilities with a 2G baseband, which gives unlimited operational range.

This cute piece of hardware is perfect to be concealed into USB gadgets and used during engagements to get remote shell over an air-gapped environment. In practice, is the "wet dream" of any ICS Red Teamer out there.

During the demo we will see in depth how WHID and WHID-Elite were designed and their functionalities. We will also look at which tools and techniques Blue Teams can use to detect and mitigate this kind of attacks.

https://github.com/whid-injector/WHID

Luca Bongiorni
Luca is working as Principal Offensive Security Specialist and also actively involved in InfoSec where the main fields of research are: Radio Networks, Reverse Engineering, Hardware Hacking, Antani, Internet of Things and Physical Security. Since 2012 is keeping a closer eye on FSB operations in Baltics, while trying to avoid being poisoned with Polonium or Nervin GAS. His favorite hobbies are Pasta, Grappa and ARP-Spoofing.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 16:05-16:35


WhiteRabbit: Combining Threat Intelligence Public Blockchain Data and Machine Learning to go Down the “Dirty Money Rabbit Hole” - Olivia Thet and Nicolas Kseib

In this presentation, we will demonstrate how to build a machine learning model that uses a merged dataset combining cyber related contextual information with Bitcoin (BTC) transaction data. The model can be used by both private and public sectors security professionals, working in the cryptocurrency field, to deny business for certain BTC addresses or, build legal cases to return illegally stolen coins.

To build the dataset, we collected a list of BTC addresses involved in illegal activities. Using these addresses as a starting point, we navigated along the chain, and reconstructructed a cluster of connected “dirty” addresses. We used rules such as First-In-First-Out (FIFO) to label them. These labeling techniques can be used to tag certain BTC addresses that fall within this path as “dirty” addresses because they handled money acquired through illegal activities. We can then take this a step further and analyze the characteristic behavioral elements of these addresses. This behavioral analysis will allow us to determine the features representing this malicious behavior and use them within a machine learning model classifying new BTC addresses.

Our model-building approach is based on a three part framework: The first part is to collect a set of BTC addresses and classify them as “clean” or “dirty” to use them as our ground truth. The second part is to test the classification models using this dataset and propose decision metrics to optimally pick a model. In this part, we will also discuss ideas about how to compute expensive, but important features obtained from transaction data. In the third part, we will show how to use the obtained optimal model to predict if an address is “dirty”. Finally, we will discuss our challenges when solving this problem and propose solutions to overcome them.


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 17:00-17:20


WiFi Beacons will give you up

John Aho

Abstract

A quick and dirty intro to making wifi beacons with esp8266 modules. A new small tool to help you generate your own beacon and unveiling of a fun multi-beacon setup.

Bio

John is a programmer who makes gloriously useless things and occasionally useful ones by accident.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response)

Saturday 08/11/18 from 1600-1750 at Table One
Offense, Defense

Besim Altinok

Mehmet Kutlay Kocer

M.Can KURNAZ

WiPi Hunter is developed for detecting illegal wireless network activities. But, it shouldn't be seen only as a piece of code. Instead, actually, it is a philosophy. You can infere from this project new wireless network illegal activity detection methods. New methods new ideas and different point of views can be obtained from this project.

Example: WiFi Pineapple attacks, Fruitywifi, mana-toolkit

WiPi-Hunter Modules:

PiSavar: Detects activities of PineAP module and starts deauthentication attack (for fake access points - WiFi Pineapple Activities Detection)

PiFinger: Searches for illegal wireless activities in networks you are connected and calculate wireless network security score (detect wifi pineapple and other fakeAPs)

PiDense: Monitor illegal wireless network activities. (Fake Access Points)

PiKarma: Detects wireless network attacks performed by KARMA module (fake AP). Starts deauthentication attack (for fake access points)

PiNokyo: If threats like wifi pineapple attacks or karma attacks are active around, users will be informed about these threats.Like proxy (New)

https://github.com/WiPi-Hunter

Besim Altinok
Besim ALTINOK (@AltnokBesim) is a security enginner at BARIKAT Internet Security. He performs penetration tests on a wide area like web, network and mobile pentesting. His main interests are IoT Pentest and WiFi Security. He wrote a book about WiFi networks: "Wireless Network Security". Besim also member of Octosec and Canyoupwnme teams and he supports community thru that teams. Besim was speaker at Blackhat Europe 2017 Arsenal and Blackhat Asia 2018 Arsenal.

Mehmet Kutlay Kocer
Mehmet Kutlay KOCER (@kutlaykocer) was graduated from TOBB University of Economics and Technology B.S. Computer Engineering in 2016. His Senior Design Project was about VOIP systems in the name "SIP DDoS Attacks Detection and Prevention" with the cooperation of TOBB University and NETAS. Currently, he is working as a Penetration Tester in BARIKAT Internet Security for 2 years. He played a major role in conducting Barikat SOC in 2016. Finally Mehmet Kutlay KOCER spoke at Blackhat ASIA 2018 Arsenal

M.Can KURNAZ
M. Can Kurnaz (@0x43414e) is a penetration tester and currently works at European Network for Cyber Security in Netherlands.

He is conducting penetration tests over internet, internal networks, web-based applications and Operational Technology infrastructures such as smart meters, RTUs, data concentrators, telecontrol gateways, electric vehicle charging points and various ICS/SCADA systems and components, conducting robustness tests for OT devices and working on physical and wireless security assessments of IT/OT devices.

At the same time, he is also contributing as an instructor to "Red Team – Blue Team Training for Industrial Control Systems and Smart Grid Cyber Security" training of ENCS.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 13:15-13:59



Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 11:00-11:30


wpa-sec: The Largest Online WPA Handshake Database

Alex Stanev, CTO of Information Services at JSC

Started as pet project in 2011, wpa-sec collects WPA handshake captures from all over the world. Contributors use client script to download handshakes and special crafted dictionaries to initiate attack against PSKs. With more than 115 GB captures from 240 000 submissions, collected samples represent invaluable source for wireless security research. This includes:

During the talk I will explain how wpa-sec works, provide statistics and a lot internals on optimization and how to use the database as OSINT source during pentests and red team actions.

wpa-sec is opensource project available at https://github.com/RealEnder/dwpa.

Live installation at https://wpa-sec.stanev.org.

Alex Stanev (Twitter: @RealEnderSec) started as a software developer in late 90s working on a wide range of projects - from specialized hardware drivers to large scale information systems for private and public sectors, including e-government services, elections management and smart cities. Going through virtually all mainstream enterprise platforms, Alex also took some time to explore various niche technologies and did a lot of low level stuff.

As a security consultant, Alex led penetration test audits in Europe, America and Africa for financial and government institutions.

Currently Alex serves as CTO in largest Bulgarian systems integrator Information Services JSC.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 10:00-10:45


You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts

Saturday at 10:00 in Track 3
45 minutes | Demo, Exploit

Zhenxuan Bai Freelance Security Researcher

Yuwei Zheng Senior Security Researcher, Unicorn Team, 360 Technology

Senhua Wang Freelance Security Researcher

Kunzhe Chai Leader of PegasusTeam at 360 Radio Security Research Department, 360 Technology

In this paper, a new replay attack based on Ethereum smart contracts is presented. In the token transfer, the risk of replay attack cannot be completely avoided when the sender's signatures are abused, which can bring the loss to users. And the reason is that the applying scope of the signatures is not properly designed in the smart contracts. To test and verify this loophole, we selected two similar smart contracts for our experiment, at the same time, we used our own accounts in these two contracts to carry out the experiment. Because the same signatures of the two contracts were used in the experiment, we got a double income from sender successfully. The experiment verified that the replay attack is really exist. Besides, the replay attack may exist in multiple smart contracts. We calculated the number of smart contracts with this loophole, as well as the corresponding transaction activities, which find some Ethereum smart contracts are risked for this loophole. According to the vulnerability of the contract signature, the risk level is calibrated and depicted. Furthermore, the replay attack pattern is extended to within contract, cross contract and cross chain, which provide the pertinence and well reference for protection. Finally, the countermeasures are proposed to fix this vulnerability.

Zhenxuan Bai
Zhenxuan Bai is a freelance Security Researcher interests in smart contract and blockchain, consultant of UnicornTeam. He is a co-researcher of the decryption blackberry project, which manage to decrypt Blackberry BBM, PIN message and BIS secure mail without keys.

Yuwei Zheng
Yuwei Zheng is a senior security researcher at Radio Security Department of 360 Technology, core member of UnicornTeam. He cracked the protocols of Blackberry BBM, PIN message, BIS secure mail, and successfully decrypted the messages without keys. He is currently focusing on the security research of cellular network, IoT system, and mobile baseband. He had presented his research works at top level security conferences like BlackHat, DEF CON, HITB etc.

Senhua Wang
Senhua Wang is a freelance Security Researcher interested in smart contract and blockchain, consultant of UnicornTeam

Kunzhe Chai
Leader of PegasusTeam at 360 Radio Security Research Department in 360 Technology. He focuses on wireless security, including attack-defense research. He is the person in charge of the attack and defense technology of Skyscan Wireless Intrusion and Prevention System, One of the authors of the well-known wireless security tool MDK4. He leads his team to share the research results at HITB, HITCON, Blackhat, China ISC etc.

twitter@swe3per


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 12:00-12:45


You'd better secure your BLE devices or we'll kick your butts !

Saturday at 12:00 in Track 2
45 minutes | Demo, Tool, Exploit

Damien "virtualabs" Cauquil Head of Research & Development, Digital Security

Sniffing and attacking Bluetooth Low Energy devices has always been a real pain. Proprietary tools do the job but cannot be tuned to fit our offensive needs, while opensource tools work sometimes, but are not reliable and efficient. Even the recently released Man-in-the-Middle BLE attack tools have their limits, like their complexity and lack of features to analyze encrypted or short connections.

Furthermore, as vendors do not seem inclined to improve the security of their devices by following the best practices, we decided to create a tool to lower the ticket: BtleJack. BtleJack not only provides an affordable and reliable way to sniff and analyze Bluetooth Low Energy devices and their protocol stacks, but also implements a brand new attack dubbed "BtleJacking" that provides a way to take control of any already connected BLE device.

We will demonstrate how this attack works on various devices, how to protect them and avoid hijacking and of course release the source code of the tool.

Vendors, be warned: BLE hijacking is real and should be considered in your threat model.

Damien "virtualabs" Cauquil
Damien is a senior security researcher who joined Digital Security in 2015 as the head of research and development. He discovered how wireless protocols can be fun to hack and quickly developed BtleJuice, one of the first Bluetooth Low Energy MitM framework.

Damien presented at various security conferences including DEF CON, Hack In Paris, Chaos Communication Camp, Chaos Communication Congress, and a dozen times at Nuit du Hack, one of the oldest security conference.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 10:00-10:45


You're just complaining because you're guilty: A DEF CON Guide to Adversarial Testing of Software Used In the Criminal Justice System

Saturday at 10:00 in Track 2
45 minutes | Demo

Dr. Jeanna N. Matthews: Associate Professor, Clarkson University and Fellow, Data and Society

Nathan Adams Systems Engineer, Forensic Bioinformatic Services

Jerome Greco Digital Forensics Staff Attorney, Legal Aid Society

Software is increasingly used to make huge decisions about people's lives and often these decisions are made with little transparency or accountability to individuals. If there is any place where transparency, third-party review, adversarial testing and true accountability is essential, it is the criminal justice system. Nevertheless, proprietary software is used throughout the system, and the trade secrets of software vendors are regularly deemed more important than the rights of the accused to understand and challenge decisions made by these complex systems. In this talk, we will lay out the map of software in this space from DNA testing to facial recognition to estimating the likelihood that someone will commit a future crime. We will detail the substantial hurdles that prevent oversight and stunning examples of real problems found when hard won third-party review is finally achieved. Finally, we will outline what you as a concerned citizen/hacker can do. Nathan Adams will demo his findings from reviewing NYC's FST source code, which was finally made public by a federal judge after years of the city's lab fighting disclosure or even review. Jerome Greco will provide his insight into the wider world of software used in the criminal justice system—from technology that law enforcement admits to using but expects the public to trust without question to technology that law enforcement denies when the evidence says otherwise. Jeanna Matthews will talk about the wider space of algorithmic accountability and transparency and why even open source software is not enough.

Dr. Jeanna N. Matthews:
Dr. Matthews is an associate professor of Computer Science at Clarkson University and a 2017-18 fellow at Data and Society. She is member of the Executive Committee of US-ACM, the U.S. Public Policy Committee of ACM and a founding co-chair of their subcommittee on algorithmic transparency and accountability. She was a speaker and DEF CON 23 and 24, both times on the topic of vulnerabilities in virtual networks. Her broader research interests include virtualization, cloud computing, computer security, computer networks and operating systems. Jeanna received her Ph.D. in Computer Science from the University of California at Berkeley and is an ACM Distinguished Speaker.

@jeanna_matthews

Nathan Adams
Nathan Adams works as a Systems Engineer in Ohio at the forensic DNA consulting firm Forensic Bioinformatic Services. He reviews DNA analyses performed in criminal cases in the US, the UK, and Australia. His focus includes DNA mixture interpretation, statistical weightings of evidence, probabilistic genotyping, and software development. When its disclosure was ordered by a federal judge in 2016, Nathan was part of the first team to independently examine FST, NYC's DNA mixture interpretation program. He helped identify and evaluate previously undisclosed behaviors of the software. Following the team's review and a motion filed by Yale's Media Freedom center and ProPublica, the judge recently ordered the release of the FST source code, which allowed open discourse for the first time since FST was brought online in 2011. He has a BS in Computer Science and is working on an MS in the same, both at Wright State University in Dayton, Ohio.

Jerome Greco
Jerome Greco is a public defender in the Digital Forensics Unit of the Legal Aid Society in New York City. Along with four analysts, he works with attorneys and investigators in all five boroughs on issues involving historical cell-site location information, cell phone extraction, electronic surveillance technology, social media, and hard drive analysis, among other fields. He is currently engaged in challenging the NYPD's use of cell-site simulators, facial recognition, and the execution of overbroad search warrants for electronic devices. Prior to his work with the Digital Forensics Unit, he was a trial attorney in the Legal Aid Society's Manhattan and Staten Island criminal defense offices. He graduated magna cum laude from New York Law School in 2011 and received his B.A. from Columbia University in 2008.

@JeromeDGreco


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 11:15-11:59



Return to Index    -    Add to    -    ics Calendar file