You’ve disassembled and debugged. You’ve sprayed heaps and chained ROPs. You’ve found one downright ugly 0-day. What do you do now? Sure some industry giants like Google or Apple have established bug bounty programs, but many organizations in maritime sector don’t. How do you reach out? Brian will share his recent experiences as an independent researcher making ethical disclosures of vulnerabilities in maritime ICS and OT devices. He will cover what he has learned about working with vendors, CERTs, ISAOs, affected end-users, and even tech journalists. This talk is for anyone interested in independent bug hunting, IoT vulnerability research, and what to expect when they share discoveries in a responsible way.
REdout
Time: 11:30-12:00
Location: Ballys Event Center
Return to Index - Add to
- ics
Calendar file
SEV - Bally's Jubilee Tower - 3rd Floor - Las Vegas Ballroom - Friday - 17:40-18:09
Friday August 09 2019 1740 30 mins
Swing Away: How to Conquer Impostor Syndrome
“It is estimated that nearly 70% of people will experience signs or symptoms of Impostor Syndrome.” Too many people get stuck in a self-doubt loop. This is when feelings of being an impostor creep in. Billy Boatright is part of the nearly 30% that have not. Billy will share with you how an early failure and a “pep talk” from an all-time great has allowed him to avoid persistent feelings of self-doubt. Whether it’s your next social engineering engagement or giving a talk at a conference, Billy will also share ways that can help us all avoid the self-sabotage of Impostor Syndrome. Billy will also dive into the “Hero Worship” culture that social media created.
Billy Boatright: @fuzzy_l0gic
Billy began his social engineering career without even knowing it. He was a bartender on the Las Vegas Strip for the better part of a decade. He won numerous awards from all over the world as a Top-ranked Flair Bartender. He has taken the skills he learned behind the bar to the Information Security world. Billy has been a Judge for the Social Engineering Capture the Flag event at Defcon. He is also the namesake for the BSides Las Vegas Social Engineering Capture the Flag Championship Belt. Billy also volunteers time and expertise to the Las Vegas ISSA Chapter as a Board Member. He is also a member of the BSides Las Vegas Senior Staff.
Billy has multiple degrees and numerous certifications. However, when asked about them he will gladly quote George Moriarty, “The shining trophies on our shelves can never win tomorrow’s game.”
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 3 - Saturday - 13:00-13:45
Tag-side attacks against NFC
Saturday at 13:00 in Track 3
45 minutes | Demo, Tool
Christopher Wade
This talk covers tag-side attacks against NFC communication protocols, including cracking of Mifare encryption keys and performing targeted attacks against NFC readers. In addition, it will cover the design and creation of devices capable of emulating NFC tags down to the raw protocol using standard components and tools, with no abstraction to dedicated hardware, covering and expanding on the capabilities of available products. This talk will contain how 13.56MHz NFC works at a raw level, how tools can be built for analysing it, how the protocol can be implemented in full on standard Microcontrollers, and the security weaknesses present in its design.
Christopher Wade
Chris is a seasoned security researcher and testing consultant. His main focuses are in reverse engineering hardware, fingerprinting USB vulnerabilities and playing with Software Defined Radios, with his key strength lying in firmware analysis, which he utilises as part of the hardware testing team at Pen Test Partners.
Twitter: @Iskuri1
Github: https://github.com/Iskuri
Return to Index - Add to
- ics
Calendar file
DL - Planet Hollywood - Sunset 6 - Friday - 12:00 - 13:50
TaintedLove
Friday from 12:00 – 13:50 in Sunset 6 at Planet Hollywood
Audience: AppSec
Benoit Côté-Jodoin
TaintedLove is a dynamic security analysis tool for Ruby. It leverages Ruby's object tainting and monkey patching features to identify potentially vulnerable code paths at runtime. TaintedLove is library agnostic and provides a simple framework to extend the detection of unsafe method usage and user input tracking.
https://github.com/shopify/tainted_love
Benoit Côté-Jodoin
Benoit is an Application Security Engineer at Shopify having a strong interest in web application security and vulnerability research. Sometimes an active CTF player, he has taken part in multiple competitions with the team DCIETS/NorthernCoalition.
Return to Index - Add to
- ics
Calendar file
BCV - Flamingo 3rd Floor - Laughlin III Room - Saturday - 14:15-15:59
Take back control of user data with the decentralized cloud
No description available
Return to Index - Add to
- ics
Calendar file
CHV - Bally's Event Center - Friday - 14:30-14:55
Tell Me Lies - Automotive LIDAR and Low-Tech Obfuscation
Rick Hansen
Fri 8/09 •
2:30 PM-2:55 PM
25 min talk
What will it mean if LIDAR becomes ubiquitous in autonomous vehicles?
Join us for an exploration of a LIDAR’s operation, network attack surface, and the development of low-tech countermeasures that render solid objects invisible and turn thin air into a virtual wall of steel.
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 1 - Sunday - 11:00-11:45
The ABC of Next-Gen Shellcoding
Sunday at 11:00 in Track 1
45 minutes | Demo, Tool
Hadrien Barral Hacker
Rémi Géraud-Stewart Hacker
Georges-Axel Jaloyan PhD Student at ENS
Shellcodes are short executable stubs that are used in various attack scenarios, whenever code execution is possible. After briefly recalling how they work in general and what interesting things they can do, besides obviously running a reverse-shell, we'll have to deal with the reality that shellcodes are usually not particularly stealthy, due in part to the very suspicious presence of non-printable characters. In a tutorial-like fashion, we'll address increasingly more complex constraints. As a reward, we reveal new methods for writing in particular alphanumeric shellcodes and attacking platforms for which (to the best of our knowledge) no such shellcode was previously known.
Don't know anything about constrained shellcodes? Do not worry: we'll start from the ground up. Black-belt in shellcoding? We have you covered, stay until the end were we'll get our hands dirty!
Hadrien Barral
Hadrien Barral is an R&D engineer, focusing on Operating Systems, Security and High-Assurance software. In his spare time, he enjoys hacking on various and obscure systems.
Rémi Géraud-Stewart
Rémi Géraud-Stewart is a cryptologist and security expert with Ecole normale superieure in Paris, focusing on intrusion and cyberwarfare.
Georges-Axel Jaloyan
Georges-Axel Jaloyan is a PhD student at Ecole normale supérieure in Paris focusing on formal methods applied to reverse-engineering, in collaboration with the French Alternative Energies and Atomic Energy Commission (CEA).
Return to Index - Add to
- ics
Calendar file
SKY - Bally's Jubilee Tower - 2nd Floor - Jubilee Ballroom - Saturday - 11:00-11:59
The Art of Defeating Facial Recognition
August 10, 2019
11:00
-
12:00
Bally's, Jubilee Tower - Pacific BR - 2nd Floor
Vic Harkness
It's not a recent development that CCTV surveillance systems are everywhere. What is new is the use of automatic facial detection/recognition systems everywhere. A lot of people don’t like the potential for mass surveillance, including non-techies. Although there are various technical solutions for countering ubiquitous facial recognition systems (such as adversarial examples), people are also taking low-tech approaches to defeating them. In this talk, I will discuss the general concepts needed to understand how to defeat facial detection/recognition systems, how these factors can be leveraged, and provide various examples of how people have already done so. By talking about how facial detection/recognition systems can be defeated in general terms, I hope to inspire other people to begin exploring this domain. Or, perhaps, help people to bypass systems that they encounter in their day to day lives.
This talk will not be a deep dive in to how the technology works, making it suitable for a wide range of attendees.
Return to Index - Add to
- ics
Calendar file
PHVT - Bally's Resort (Indigo) Tower 26th floor - Friday - 13:00-13:59
The Art of Detection
Jay Dimartino, Head of Detections and Countermeasures at Fidelis Cybersecurity
Ever inherited a security rule you were afraid to modify? Ever import a Yara rule only to have the alerts blow up in your face? Does your SEIM or security appliance keep you up at night with email alerts? The Art of Detection focuses on the methodology of writing and sharing accurate detections to make you a better detection author. Gain confidence in managing false positives, learn rule sharing best practices, tackle large monolithic detections, and write detections that feed other detections. Learn the importance of your intelligence test data, and if your intelligence streams could be causing bias.
Jay Dimartino is a Threat Researcher for Fidelis Cybersecurity and Head of Detections & Countermeasures. He has been doing Malware Reverse Engineering for over nine years and also has several industry certifications including the GREM and GCFA.
Return to Index - Add to
- ics
Calendar file
SEV - Bally's Jubilee Tower - 3rd Floor - Las Vegas Ballroom - Saturday - 18:50-19:20
Saturday August 10 2019 1850 30 mins
The Aspie’s Guide to Social Engineering Your Way Through Life
CPerry Carpenter, Chief Evangelist & Strategy Officer for KnowBe4 will discuss how he, both knowingly and unknowingly, ethically used Social Engineering skills all throughout his career to be successful.
He hopes to teach and encourage others who struggle socially how to grow their careers by leaning into their personal differences. And to find the strengths embedded in those differences.
Perry Carpenter: @perrycarpenter
Perry Carpenter is the author of, “Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors” from Wiley Publishing, and he currently serves as Chief Evangelist and Strategy Officer for KnowBe4, the world’s most popular security awareness and simulated phishing platform.
Previously, Perry led security awareness, security culture management, and anti-phishing behavior management research at Gartner Research, in addition to covering areas of IAM strategy, CISO Program Management mentoring, and Technology Service Provider success strategies. With a long career as a security professional and researcher, Mr. Carpenter has broad experience in North America and Europe, providing security consulting and advisory services for many of the best-known global brands.
Perry holds a Master of Science in Information Assurance (MSIA) from Norwich University in Vermont and is a Certified Chief Information Security Officer (C|CISO).
Return to Index - Add to
- ics
Calendar file
SEV - Bally's Jubilee Tower - 3rd Floor - Las Vegas Ballroom - Thursday - 17:40-18:09
Thursday August 08 2019 1740 30 mins
The Basics of Social Engineering AKA How I break into Casinos, Airports and CNI
Ever wanted to get into Social Engineering (SE), but thought you needed to know body language, facial expressions, be charming, and outgoing to succeed? This is a common misconception and you don’t need to know or be those things to make a start in SE. I think most SE talks focus on the more technical “human” aspects and I’m purposefully ignoring that side.
I’m going to focus on the basics; how to perform reconnaissance, how to match dress styles, how to make up a pretext that fits your knowledge, how to get real staff to help you, what to do if you do get in, why you should interact with staff, and why you should practice being observant. These are important tools to learn and use, which can help you make a start in social engineering.
Chris Pritchard: @ghostie_
Chris has worked in a range of industries, most notable of which are Critical National Infrastructure (CNI), and leading edge design and manufacturing (Dyson). Doing so has given Chris a very varied array of knowledge, from penetration testing robot vacuum cleaners, to designing and testing secure SCADA networks.
During Chris’ time at Dyson, he was involved in developing the global security team and performing internal penetration testing. Chris was also heavily involved with securing the design of Dyson’s current and future internet connected appliances, and corresponding smartphone applications.
More recently, Chris has been conducting ever more security tests and audits of ICS in the rail, air, maritime, and utilities sectors, as well as CNI work at nuclear sites. Chris’ skill set also includes Social Engineering, and has successfully gained access into CNI, Airports and Casinos, which are regarded are some of the most secure facilities in the industry.
Return to Index - Add to
- ics
Calendar file
MOV - Bally's - Resort (Indigo) Tower 26th Floor - Skyview 4 - end of - Saturday - 11:15-11:45
11:15-11:45
The Cost of Good Open-Source Software
Amir Montazery, Open Source Technology Improvement Fund (OSTIF)
Amir will explain a new and impactful approach toward more secure and efficient software. He will give an overview of OSTIF and how it came to be, and he will talk about going from an idea to an international coalition of individuals and organizations focused on improving critical open-source software. He will share OSTIF’s accomplishments and relationship with the Monero community. He will share some of the behind-the-scenes work that went into coordinating the security and functionality of Monero with bulletproof and RandomX audits.
Return to Index - Add to
- ics
Calendar file
BCV - Flamingo 3rd Floor - Laughlin III Room - Friday - 17:10-17:59
The CryptoCurrency Security Standard (CCSS)
No description available
Return to Index - Add to
- ics
Calendar file
BTVT - Flamingo - 3rd Floor- Savoy Room - Friday - 17:00-17:30
The Cyber Threat Intelligence Mindset
Friday 17:00, Savoy Ballroom, Flamingo (Blue Team Village) (30M)
@ch33r10
works for a Financial Services Fortune 500 Company. She is a graduate of the SANS 2017 Women’s Academy, has an MBA in IT Management, and currently holds the CFR, GSEC, GCIH, GCFE, GMON, GDAT, and GPEN certifications. She is a member of the Financial Services Information Sharing and Analysis Center (FS-ISAC), Yara Exchange, and FuzzySnugglyDuck. @ch33r10 serves as an Advisor for a Cybersecurity Apprenticeship Program in Chicago and she is on the Advisory Board of SANS EMEA CyberThreat 2019 with the National Cyber Security Centre in London and SANS Purple Team Summit.
What if I told you that it is possible for blue teamers to practice CTI everyday?! With minimal guidance and insight, blue teamers can learn how to see things through the eyes of a cyber threat intel analyst. We’ll step through multiple examples of how a CTI analyst would view data, intel, analysis, and situations so you can gain helpful perspectives when performing analysis for your organization. Learn about the cognitive biases and logical fallacies that are killing your analysis and what to do about it. Take away CTI strategies that you can use in your org day one back from Hacker Summer Camp.
Return to Index - Add to
- ics
Calendar file
SKY - Bally's Jubilee Tower - 2nd Floor - Jubilee Ballroom - Saturday - 10:00-10:59
The Cyberlous Mrs. Maisel: A Comedic (and slightly terrifying) Introduction to Information Warfare
August 10, 2019
10:00
-
11:00
Bally's, Jubilee Tower - Pacific BR - 2nd Floor
Zhanna Malekos Smith
Like a dear family relative who won't stop talking at Thanksgiving dinner, a backdoor exploit also talks to anyone who'll listen. Come listen to the Cyberlous Mrs. Maisel! She'll offer a satirical reflection on how we engage with technology in the Information Age and explain the basic historical principles that animate Russia's approach to information warfare. Topics covered include maskirovka (i.e., camouflage, concealment and deception), disinformation, and reflexive control, among others. Although a strategic objective of information warfare is to induce complacency with falsehoods, this presentation's unique style can help jolt the public's consciousness awake through its originality and bite.
Return to Index - Add to
- ics
Calendar file
PHVT - Bally's Resort (Indigo) Tower 26th floor - Saturday - 19:00-19:59
The Cyberlous Mrs. Maisel: A Comedic (and slightly terrifying) Introduction to Information Warfare
J. Zhanna Malekos Smith, Duke Law School
Like a dear family relative who won't stop talking at Thanksgiving dinner, a backdoor exploit also talks to anyone who'll listen. Come listen to the Cyberlous Mrs. Maisel! She'll offer a satirical reflection on how we engage with technology in the Information Age and explain the basic historical principles that animate Russia's approach to information warfare. Topics covered include maskirovka (i.e., cover, concealment and deception), reflexive control, disinformation, and imitation, among others. Although a strategic objective of information warfare is to induce complacency with falsehoods, this presentation's unique style can help jolt the public's consciousness awake through its originality and bite.
J. Zhanna Malekos Smith is the Reuben Everett Cyber Scholar at Duke University Law School. Previously, she served as a Captain in the U.S. Air Force Judge Advocate General's Corps. Prior to military service, she was a post-doctoral fellow at the Belfer Center's Cyber Security Project at the Harvard Kennedy School. She holds a J.D. from the University of California, Davis; a B.A. from Wellesley College, where she was a Fellow of the Madeleine Korbel Albright Institute for Global Affairs; and is finishing her M.A. with the Department of War Studies at King's College London. She has presented her research at DEF CON, RSA, and ShmooCon, among others.
Return to Index - Add to
- ics
Calendar file
WLV - Bally's - Palace Meeting Rooms 1-7 - off hallway to Event Center - Saturday - 17:00-17:55
Woody
Bio
He likes to look into the light and hear stuff.
@tb69rr
The Ford Hack (Raptor Captor)
Abstract
"This talk will show flaws with development of security protocols in New Ford key fobs. This will exploit several areas. The ability for a denial of service to the keyfob WITHOUT jamming. How to trick the vehicle into resetting its rolling code count. How to lock, unlock, start, stop, and open the trunk of ford vehicles using a replay attacked after resetting rolling code count. How to find the master access code for Fords keypad to bypass security. This talk will also demonstrate how to reset your key fobs if they are attacked by a deauth attack. We will also demonstrate gnu-radio script to automate RF collection of Ford key fobs.
As seen on HAK5 episodes 2523-2525"
|
Return to Index - Add to
- ics
Calendar file
MOV - Bally's - Resort (Indigo) Tower 26th Floor - Skyview 4 - end of - Sunday - 12:30-12:59
12:30-13:00
The Future of Accessible Mining
Kristy-Leigh Minehan, CTO of Core Scientific
Kristy-Leigh will discuss the importance of accessible mining in consumer applications and the work that she has done at Core Scientific. She will explain how Monero’s development of RandomX is the best chance yet at preserving consumer-device mining.
Return to Index - Add to
- ics
Calendar file
LBV - Flamingo - Carson City II Room - Saturday - 18:00-18:59
Title:
The Human Body's Promise: How Your Bare Hands can Defeat Physical Security
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 4 - Friday - 16:00-16:30
The JOP ROCKET: A Supremely Wicked Tool for JOP Gadget Discovery, or What to Do If ROP Is Too Easy
Friday at 16:00 in Track 4
20 minutes | Demo, Tool
Dr. Bramwell Brizendine Assistant Professor of Computer and Cyber Sciences, Dakota State University
Dr. Joshua Stroschien Assistant Professor of Cyber Security/Network & Security Administration, Dakota State University
Return-oriented Programming (ROP) has been the predominate code-reuse attack for over a decade, but there are other options. Many mitigations can detect ROP due to heuristics, but these fail to detect Jump-oriented Programming (JOP). The JOP ROCKET is a reverse engineering framework dedicated to facilitating JOP exploits. It allows hackers to discover JOP gadgets. This includes dispatcher gadget's, which helps to subvert and direct the control flow, and functional gadgets, our primitives. This tool provides numerous options to give hackers flexibility on how to find gadgets, to narrow and expand possibilities. Additionally, the tool uses opcode-splitting to discover many unintended gadgets. All gadgets are classified based on operation as well as registers used and affected. Thus, hackers could easily obtain the desired functional gadgets, such as MOV EBX, [VALUE], using simple language commands. Because of JOP's much more complex set up, the tool provides this classification, so time isn’t wasted hunting through results.
JOP is rarely done in the wild. Part of that complexity is in set up, but another part is the lack of dedicated tools. Having to find JOP gadgets manually could be time-consuming and require expertise. JOP ROCKET simplifies that, allowing the JOP gadgets to be found quickly and easily.
This talk will give brief content on ROP, and then it introduces JOP and its history. Then we will dive into JOP ROCKET, discussing its features, how to use it to find JOP gadgets, and how to set up your own JOP exploit. We will then demo the tool.
Dr. Bramwell Brizendine
Dr. Bramwell Brizendine graduated with a Ph.D. in Cyber Operations in May, 2019. He holds master's degrees in Computer Science and Information Assurance. Bramwell is a professor at Dakota State University where he teaches topics such as reverse engineering, software exploitation, and malware analysis. Bramwell is the creator of the the JOP ROCKET, or the Jump-oriented Programming Reversing Open Cyber Knowledge Expert Tool. Bramwell has been interested in code-reuse attacks for several years. Bramwell was overcome by the urge to present a tool that made JOP more practical and useful for hackers who may wish to attempt using this more arcane class of code-reuse attacks. The JOP ROCKET is a by product of his doctoral dissertation.
Dr. Joshua Stroschien
Dr. Josh Stroschien is a professor at Dakota State University. Dr. Josh Stroschein teaches undergraduate and graduate courses in cyber security with a focus on malware analysis, reverse engineering and software exploitation. His research interests include malware analysis and software exploitation. Outside of DSU, you can find Josh providing training at such venues as DerbyCon, Hack-In-The-Box and ToorCon.
Website: https://0xevilc0de.com
Return to Index - Add to
- ics
Calendar file
BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 14:30-15:15
2:30 PM: The L33T Shall Inherit the Cosmos
Speaker: J.J. Hastings
Abstract: The era of the astro-jock is over, no more men in tin cans taking orders from mission control. Staying alive off Earth will require the ability to thrive in an environment that requires constant adaptation. Fellow hacker and analogue astronaut J.J. Hastings argues that hackers are an ideal match to the space environment. Her talk suggests how we might become extra-terrestrial hackers and shares insights from her missions as a field researcher and analogue astronaut.
Speaker Bio: A biohacker since 2009, JJ Hastings co-founded London Biohackspace and BioQuisitive, and has the first garage to be PC-1 certified in Australia. An alumna of NYU, Harvard and Oxford with advanced degrees in Biology and Bioinformatics, she is an analogue astronaut and field researcher for NASA/JPL.
T:
@HackerAstro
Return to Index - Add to
- ics
Calendar file
RCV - Planet Hollywood - Celebrity 5 Ballroom - Friday - 10:20-10:59
Return to Index - Add to
- ics
Calendar file
LPV - Bally's - Platinum II Ballroom - Sunday - 12:45-13:45
Title:
The Right Way To Do Wrong: Physical security secrets of criminals and professionals alike
Presented By
Patrick McNeil
Abstract
In 1905 Harry Houdini wrote his first book entitled The Right Way to Do Wrong wherein he divulged the lockpicking and other trade secrets of criminals. People make assumptions about how schemes work and believe them to be complicated, yet in many cases the insider knows how simple they are. Most people assume that besides tailgating and social engineering, real break-ins (or physical security testing) are all about picking locks. However, the secret is that on physical pentests its typically unnecessary to do that! Some physical controls have known bypasses, and some building contractors (or even locksmiths) don't implement things correctly. Just like Houdini, Ill be divulging the simple tricks of the trade employed by both criminals and professional physical pentesters to bypass physical controls without using picks. You may be shocked and amazed by what you see, and once you leave you'll be an insider too - seeing insecurity everywhere!
Return to Index - Add to
- ics
Calendar file
BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 15:15-15:59
3:15 PM: The Story of SICGRL Vulnerability
Speaker: Andrea Downing
Abstract: A massive security vulnerability was discovered which allowed PHI to be leaked from closed patient support groups on Facebook. In this session well discuss how a coalition of patients and security researchers faced this crisis and explore the need to develop a new model for collective data governance on social media.
Speaker Bio: Andrea Downing is a BRCA Community Data Organizer and founder of Brave Bosom. Along with Fred Trotter, Andrea discovered a security vulnerability in Facebook's Group product that affected all closed groups on Facebook.
T:
@BraveBosom
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 2 - Friday - 11:00-11:45
The Tor Censorship Arms Race: The Next Chapter
Friday at 11:00 in Track 2
45 minutes | Tool
Roger Dingledine The Tor Project
Tor is a free-software anonymizing network that helps people around the world use the Internet in safety. But who cares how good Tor's privacy is, if your government prevents you from reaching the Tor network?
In the beginning, some countries filtered torproject.org by DNS (so we made website mirrors and an email autoresponder for downloading Tor), and then some countries blocked Tor relays by IP address (so we developed bridges, which are essentially unlisted relays), and then some countries blocked Tor traffic by Deep Packet Inspection (so we developed pluggable transports to transform Tor flows into benign-looking traffic).
Then things got weird, with China's nationwide active probing infrastructure to enumerate bridges, with Amazon rolling over to Russia's threats when Telegram used "domain fronting" to get around blocking, with Turkey blocking Tor traffic by DPI in more subtle ways, with Venezuela and Ethiopia and Iran trying new tricks, and more.
In this talk I'll get you up to speed on all the ways governments have tried to block Tor, walk through our upcoming steps to stay ahead of the arms race, and give you some new—easier—ways that let you help censored users reach the internet safely.
Roger Dingledine
Roger Dingledine is president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online.
Wearing one hat, Roger works with journalists and activists on many continents to help them understand and defend against the threats they face. Wearing another, he is a lead researcher in the online anonymity field, coordinating and mentoring academic researchers working on Tor-related topics. Since 2002 he has helped organize the yearly international Privacy Enhancing Technologies Symposium (PETS).
Among his achievements, Roger was chosen by the MIT Technology Review as one of its top 35 innovators under 35, he co-authored the Tor design paper that won the Usenix Security "Test of Time" award, and he has been recognized by Foreign Policy magazine as one of its top 100 global thinkers.
Twitter: @RogerDingledine
Return to Index - Add to
- ics
Calendar file
SEV - Bally's Jubilee Tower - 3rd Floor - Las Vegas Ballroom - Saturday - 18:15-18:45
Saturday August 10 2019 1815 30 mins
The Voice Told Me To Do It
Corporate colors and logos characteristic of a brand are easily and freely accessed on the network. As consumers we have been advised to distrust an email with these identities.
Instead, the voice gives us confidence. When we need help, the voice is there. It is the first thing we hear when we call, it tells us how wonderful and beneficial it is to be associated with that brand. A voice that will never harm us, until now.
Identity spoofing is one of the most used social engineering formats to initiate major attacks. But what if cyber-criminals could go further? What would happen if someone could not only impersonate, but actually use the identity of an institution to make an attack on a national level? Is it possible to do this with a minimal investment or without capital? The answer is yes.
Daniel Isler: @Fr1endlyRATs
Daniel Isler is Security Consultant, Bachelor in Arts of Representation, Actor and Scenic Communicator and Voice Over Artist. With more than 10 years of experience as an academic in Acting classes at the University of Valparaíso, UNIACC University and Professional Institute Aiep. He also develops projects in the area of visual arts. With those who have participated in contemporary art festivals in Chile, Argentina, Portugal and Spain. Since 2015 he leads the Social Engineering team at Dreamlab Technologies.
Certifications / Competencies:
• Advanced Practical Social Engineering, Orlando, FL, United States.
• Usable Security, University of Maryland, United States.
• Improvisation Summer School, Keith Johnstone Workshop Inc. Calgary, Canada.
• French for foreign language, Université de Pau et des Pays de L’adour, Pau, France.
• Diploma in commercial speech, dubbing and neutral accentuation, Voces de Marca, Caracas, Venezuela.
• Diploma in Digital Photography, Arcos Professional Institute.
• Diploma in Audiovisual Language, UNIACC University.
Return to Index - Add to
- ics
Calendar file
VMV - Planet Hollywood - Melrose 4 Room - Friday - 17:00-17:30
Title:
Thirty Years Behind the Ballot Box: A firsthand look at the multiple factors preventing fair, effective and secure elections in America
5:00 PM Thirty Years Behind the Ballot Box: A firsthand look at the multiple factors preventing fair, effective and secure elections in America
Ion Sancho, former Supervisor of Elections, Leon County, Florida
Return to Index - Add to
- ics
Calendar file
PHVW - Bally's Resort (Indigo) Tower 26th floor - Sunday - 11:00-13:59
Threat Hunting with Suricata
Josh Stroschein, Director of Training, Open Information Security Foundation (OISF) / Suricata
Jason Williams, Jack Mott, Travis Green
Finding threats in your network traffic starts with understanding your traffic. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In this workshop, you will learn how to leverage Suricata to generate alerts, produce protocol specific logs and identify malicious or anomalous activity in your network traffic. You will get hands-on with managing alerts through EveBox and hunting through traffic with Moloch. You will also learn how to create custom Kibana visualizations and dashboards to help focus your analysis efforts. In-depth log analysis and hands-on real-world exercises will be used to reinforce the detection techniques and tactics explained throughout the workshop. This is an ideal workshop for security analysts, blue teamers and malware researchers to get hands-on diving deep into malicious traffic and see what Suricata can do.
Prerequisites: To help prepare for this workshop, we recommend that you are familiar with the basics of network security monitoring, IDS/IPS systems and Linux environments. Familiarization with IDS rules is recommended, but not required.
Josh Stroschein (Twitter: @suricata_ids) is a subject matter expert in malware analysis, reverse engineering and software exploitation. He is an Assistant Professor of Cyber Security at Dakota State University where he teaches malware analysis, reverse engineering, software exploitation and other related security topics. Josh is also an accomplished trainer, providing training in the aforementioned subject areas at Black Hat, DerbyCon, Toorcon, Hack-In-The-Box and other public and private venues. Josh is also the Director of Training for OISF/Suricata, an author on Pluralsight and a threat researcher for Bromium.
Jason Williams (Twitter: @switchingtoguns) is a security researcher with global enterprise experience in detecting, hunting and remediating threats with open source technologies. Primarily focusing on network communications, Jason has written thousands of commercial and community Suricata rules for Emerging Threats to help defenders protect their networks. Jason participates as a Signature Development and User Training instructor for the OISF.
Jack Mott (Twitter: @malwareforme) is a security researcher who focuses on open source solutions to detect, track and hunt malware and malicious activity. He has been a signature writer for the Emerging Threats team for several years, producing community/premium Suricata signatures to help protect networks worldwide. Jack is a strong believer in the open source mission as well as helping people and organizations solve security issues with open source solutions. He resides in the USA.
Travis Green (Twitter: @travisbgreen) is a passionate Cyber Security researcher and consultant with a 20-year career that includes extensive international work leading security initiatives and advising government and military clients, consulting to enterprise businesses, and mentoring teams in best practices. Effective communicator and self-starter able to analyze data to create security policy, develop and execute strategy, and develop tools to automate processes. OISF core team member with conference presentation experience and multiple certifications.
Return to Index - Add to
- ics
Calendar file
BTVW - Flamingo - 3rd Floor- Savoy Room - Friday - 09:00-12:59
Threat Hunting With The Elastic Stack
Friday 09:00, Savoy Ballroom, Flamingo (Blue Team Village) (4H)
@CyberPraesidium
brings over 12 years of diverse experience in cyber security, IT, and law. He leads Polito's commercial services including vulnerability assessments, penetration testing, incident response, forensics, and threat hunting. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients. He holds CISSP, GCFA, GWAPT, and Splunk Power User certifications.
@politoinc
has over 10 years of federal and commercial expertise in the field of Endpoint and Mobile based Intrusion Detection and Protection, Network Security, e-Discovery, Mobile Application Security, and Penetration Testing. Jeffrey holds a Masters of Science in Digital Forensics from George Mason Univ. along with a Bachelors in Business IT from St Johns Univ. Jeffrey also has earned certifications such as GIAC Certified Forensic Analyst, Encase Examiner and Encase E-Discovery, Xways, and Cellebrite Certifications.
With all new logs and revamped material from our 2018 workshop, this year's hands-on training will walk attendees through leveraging the open source ELK (Elastic) stack to proactively identify malicious activity hiding within diverse data sets. The basic tools and techniques taught during this class can be used to investigate isolated security incidents or implemented at scale for continuous monitoring and threat hunting. Attendees will be provided with access to a preconfigured ELK cluster and extensive sample logs containing malicious events waiting to be discovered on a simulated enterprise network. New for this year, attacker artifacts will be mapped to the MITRE ATT&CK Framework and tagged accordingly in the provided logs to help demonstrate the value of log enrichment, showcase both common and novel real-world attacker TTPs, and leverage a methodological approach to adversary and anomaly detection. Emphasis will be placed on live demos and practical training exercises throughout. The training will conclude with a friendly CTF tournament to give attendees the opportunity to collaborate and compete on teams in order to put their learning into practice and win some prizes.
Return to Index - Add to
- ics
Calendar file
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Saturday - 16:00-16:59
Through the Looking Glass: Own the Data Center
The data center embodies the heart of many businesses on the Internet. It contains much of the information in a centralized location which provides a huge incentive for those who would wish harm. The data centers in the realm of Cloud may no longer contain just a single entity, but many individual tenants that attach to a common fabric. The Cisco Application Centric Infrastructure (ACI) aims to meet these needs with a multi-tenant, scalable fabric that interconnects physical hosts, VMs and containers. ACI is Cisco's answer to the centrally-managed Software Defined Network (SDN). The Application Policy Infrastructure Controller (APIC) and Nexus 9000 series switches form the brains and backbone of ACI.
A member of Cisco's Advanced Security Initiatives Group (ASIG) will demonstrate their findings during an evaluation of ACI and the APIC, more than three years before the BH2019 talk "APIC's Adventures in Wonderland." Step into the mind of an attacker and scan, probe, and interact with the network fabric to progress from an unauthenticated user to administrator and root of the data center switch fabric. Once inside the system, see how the APIC can be modified in a nearly undetectable manner to provide the attacker unfettered internal access to all the interconnected hosts and VMs in the data center. The target audience for this talk includes those with a technical interest in offensive discovery and secure product development. Participants will receive an overview of how a data center product is viewed in an offensive light.
About Chris McCoy: Chris is a technical leader in Cisco's Advanced Security Initiatives Group (ASIG) and published author of Security Penetration Testing, The Art of Hacking Series LiveLessons with Cisco Press. He has over 20 years of experience in the networking and security industry. He has a passion for computer security, finding flaws in mission-critical systems, and designing mitigations to thwart motivated and resourceful adversaries. He was formerly with Spirent Communications and the U.S. Air Force. Chris is CCIE certified (Emeritus) in the Routing & Switching and Service Provider tracks, which he has held for over 10 years. Twitter: @chris_mccoy
Return to Index - Add to
- ics
Calendar file
Meetups - Planet Hollywood - Mezzanine Stage - Saturday - 17:00-17:59
Title:
Tinfoil Hat Contest
reddit post with info
Return to Index - Add to
- ics
Calendar file
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 13:00-13:59
Title:
Tiplines Today - Harlo Holmes
ABSTRACT
Nowadays, the majority of US-based newsrooms rely on primarily consumer-facing applications to facilitate secure communications with sources. Usage of tools like Signal, WhatsApp, Threema, and others, have spiked in usage as the most state-of-the-art way to ensure confidential conversations with at-risk leakers and whistleblowers. Documents flood newsrooms, sometimes in gigabytes at a time, and journalists need tools to interrogate that data in relative safety from device compromise, legal interception, all while getting the job at the accelerated speed of the news cycle. Let's explore how these tools, from both a technical and behavioral usage standpoint, *make the news*. Sometimes in a good way, when a story comes out after months of clandestine collaboration with sources, and toiling over data that needs to be interrogated; sometimes in a bad way, when sources get burned, or organizations endanger themselves.
BIO
Harlo Holmes is the Director of Digital Security at Freedom of the Press Foundation. She strives to help individual journalists in various media organizations become confident and effective in securing their communications within their newsrooms, with their sources, and with the public at large. She is a media scholar, software programmer, and activist.
Return to Index - Add to
- ics
Calendar file
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 11:00-11:59
Title:
TLS decryption attacks and back-doors to secure systems - Chris Hanlon
ABSTRACT
In this presentation, we show the audience how to use well documented protocol weaknesses to generate fraudulent domain security certificates, decrypt "secure https" web traffic, and decrypt TLS encrypted emails.
Then we show the audience how to use these weaknesses as backdoors to break into Cisco Meraki firewalls, Google Nest security cameras, physical building locks, Dropbox accounts, Onedrive accounts, Outlook.com accounts, Skype message histories, Amazon AWS Virtual Machines, Oracle Cloud virtual machines, LogMeIN remote access accounts, Online Medical Records, online backups, windows bit-locker encrypted hard drives, apple file-vault encrypted hard drives drives, and many other systems.
At the end of the presentation: we cite related research showing multiple government agencies successfully using these TLS interception attacks against citizens, businesses, other governments, ... then provide simple solutions to prevent this type of attack.
BIO
Chris Hanlon is the founder of Agile Data Security a company dedicated to helping businesses secure their software development life-cycle, protect their technology assets (computers, routers, servers, databases and cloud systems) and reduce their vulnerability to social engineering attacks.
Return to Index - Add to
- ics
Calendar file
PHVW - Bally's Resort (Indigo) Tower 26th floor - Saturday - 11:20-13:20
Tools? We Don’t Need No Stinkin’ Tools: Hands-on Hacking with Python
Jason Nickola, Directory of Technical Services, Pulsar Security
Wayne Marsh, Senior Software Engineer, Pulsar Security
The hacking world is full of fantastic tools, but the ability to write your own in order to customize and achieve new functionality is the real black magic. This workshop quickly builds from programming and python fundamentals to manual construction of real-world attack tactics and techniques. Prior hacking and programming skills are not required (although they help), but basic technical knowledge and an ahead-of-time review of introductory topics are highly recommended. Come in with nothing and leave with experience writing your own host and port scanner, reverse shell, packet parser, and more in a controlled (legal) environment.
Jason Nickola (Twitter: @chm0dx) is the Director of Technical Services at Pulsar Security where he also serves as Principle Security Consultant. He can frequently be found working with clients to develop creative solutions to red- (and increasingly blue-) team challenges. Passionate about both technology and the lifelong learning process, Jason enjoys enabling others via teaching and aiding in career development. Jason is a SANS instructor for SEC560: Network Penetration Testing and Ethical Hacking and holds the GIAC Security Expert, GXPN, GREM, and OSCP certifications among others.
Wayne Marsh (Twitter: @infogroke) is a Security Consultant and the Senior Software Engineer at Pulsar Security where he spends his time programming, architecting enterprise products, and breaking into the occasional network. His varied career has involved television and satellite broadcast systems, games development, and marketing before finally focusing on the infosec industry in recent years, where he realized that the common thread in all of these areas of development is security. He loves both obsolete and new, as well as increasingly unfashionable genres of music. Wayne’s security credentials include OSCP, GPYC, GXPN, and GCIA.
Return to Index - Add to
- ics
Calendar file
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 10:30-10:59
Title:
Towards Usable Dining Cryptographer Networks with Howl - Tyler Kell (NOT RECORDED)
ABSTRACT
Anonymous communication is important for dissidents, activists, whistleblowers, journalists, and any individuals that might be under surveillance by other parties. Dining Cryptographer Networks (DC-Nets) provide the strongest anonymity protections and the lowest possible latency of any current cryptographic solution. Unfortunately DC-Nets are faced with three fatal flaws that prevent their deployment in the real world: prohibitive bandwidth consumption, denial of service attacks (DoS) by participants, and low fault tolerance. In this talk, I will present Howl, our new open source project and decentralized anonymity network that solves these issues to make DC-Nets usable in the real world. We leverage a new aggregation protocol for bandwidth and fault tolerance issues, and use trusted execution environments (TEEs) to prevent DoS. All privacy is handled by the DC-net protocol and at no point does broadcast privacy rely on the trusted execution environment or aggregation network.
BIO
Tyler Kell is a Research Engineer at Cornell Tech in New York City. In a prior life, before becoming a researcher, he worked as a penetration tester and security consultant.
Return to Index - Add to
- ics
Calendar file
Meetups - Offsite - Sunset Park, Pavilion F - Thursday - 16:00-21:59
Title:
Toxic BBQ
The humans of Vegas invite everyone to kick off the con at this unofficial welcome party.
Bring your thinking-meat to Sunset Park, Pavilion F on Thursday afternoon. Burgers and dogs are provided; you bring everything else (more food, drinks, grill skills, conversation, rides, and donations). This year, help us explore "Textured Protein's Promise" through food, meetups, and contests.
This event is off-site, so watch #ToxicBBQ or the Info Booth @dcib for updates. Check with me on Twitter, @duncanyoudaho and on Reddit /u/DuncanYoudaho.
Forum Post
Return to Index - Add to
- ics
Calendar file
HTS - Bally's Event Center - Friday - 14:30-14:59
TROMMEL Demo – Sift through embedded device files, from firmware, to identify potential vulnerable indicators
No description available
Return to Index - Add to
- ics
Calendar file
VMV - Planet Hollywood - Melrose 4 Room - Friday - 13:00-13:30
Title:
Trustworthy Elections: Evidence and Dispute Resolution
1:00 PM Trustworthy Elections: Evidence and Dispute Resolution
Philip Stark, Professor of Statistics and Associate Dean of Mathematical and Physical Sciences, University of California, Berkeley
Return to Index - Add to
- ics
Calendar file
SKY - Bally's Jubilee Tower - 2nd Floor - Jubilee Ballroom - Saturday - 14:00-14:59
Two Talk Block: "88 Pints: The Story of an Ice Cream Heist" & "How to f**k with people and change history"
August 10, 2019
14:00
-
15:00
Bally's, Jubilee Tower - Pacific BR - 2nd Floor
NOTE: We will not be emptying the room between these two talks.
1400 – 1430
"88 Pints: The Story of an Ice Cream Heist"
by noodle
With the peak of "hustle culture", people in both mainstream culture and the Internet underground are finding ways save anywhere from a couple bucks to thousands of dollars with what often legally amounts to fraud. This talk is a brief overview of modern promotion fraud, including a discussion on legality, ways for companies to prevent it, tales of some high-profile cases in the past year, and the story of how a food delivery app gave out way more ice cream than they anticipated.
1430 – 1500
"How to f**k with people and change history"
by Oryx
The world is becoming a more divided place. My research recently has been around population manipulation in the context of security. It was when looking into this topic that I started to delve into online groups... what were fringe ideas before now have boiled to the surface. The fringe groups and forums are one thing, but when these attitudes go mainstream we all must pay attention. I want to share my experience interacting with folks across the political spectrum; which I did anonymously much of the time. By engaging a wide swath of folks I began to understand how information spreads, beliefs become solidified and divisions are sowed. This talk is about "human hacking"... though to do that, we need to understand the human first. We will demonstrate how one can f**k with people for better or worse.
Return to Index - Add to
- ics
Calendar file
SKY - Bally's Jubilee Tower - 2nd Floor - Jubilee Ballroom - Saturday - 15:00-15:59
Two Talk Block: "Securing Enterprise Systems: The Emperor Has No Clothes" & "Healthcare Cybersecurity: Is it all just a little bit of history repeating?"
August 10, 2019
15:00
-
16:00
Bally's, Jubilee Tower - Pacific BR - 2nd Floor
NOTE: We will not be emptying the room between these two talks.
1500 – 1530pm
"Securing Enterprise Systems: The Emperor Has No Clothes"
By 3ncr1pt3d
Let’s talk about the ugly realities of enterprise systems: unpatched, exposed legacy systems; limited visibility; shadow it; misconfiguration; BYoD; IoT. When attackers are living off the land inside your enterprise networks, that shit is gonna get you pwned. In this talk I’ll share what I’ve found just doing my job:
-No, we don’t really know what is on the network
-There will always be something internet-facing that shouldn’t be
-An accurate asset inventory is the stuff of fairytales
Based on my experiences, some of which I will share, when it comes to securing enterprise systems, our belief system is fucked:
-We believe that what we monitor is what we need to see.
-That our trusted partners are entirely trustworthy
-That our mitigating controls are enough.
How are we actually determining what is “enough”? I’m here to call out the fallacy that somebody’s risk ratio calculation over actual experience is going to save our enterprise asses when Petya 2.0 hits. Because it only takes once.
1530 – 1600
"Healthcare Cybersecurity: Is it all just a little bit of history repeating?"
By Audie
Healthcare cybersecurity is in critical condition. The disease from which it suffers is communicable and has plagued the advances of humankind throughout history. No one is immune. There’s something evolving.
What kind of public health hazard has been so persistent throughout history that even today, with all the promises of technology, it still threatens to trigger a crisis of confidence? Communication failures.
The need to communicate is fundamental and universal. It exists in every culture, in every industry, and — at an accelerating rate — in every new technology. We are increasingly dependent on connected technology — and our dependence is outpacing our ability to secure it. In healthcare, this presents significant safety concerns.
I’ve seen it before, I’ll see it again.
The Challenger explosion, the sinking of the Titanic, and Chernobyl are examples where communication issues contributed to or catalyzed failures. In this talk, we will extract lessons from these tragedies, draw parallels to events I have personally experienced working in healthcare, and outline treatments to improve communication — and safety, as a result.
Return to Index - Add to
- ics
Calendar file
VMV - Planet Hollywood - Melrose 4 Room - Friday - 17:30-17:59
Title:
UnclearBallot: Automated Ballot Image Manipulation
5:30 PM UnclearBallot: Automated Ballot Image Manipulation
Kartikeya Kandula, Graduate Student, University of Michigan
Jeremy Wink, Undergraduate Student, University of Michigan
Return to Index - Add to
- ics
Calendar file
HHV - Bally's Event Center - Saturday - 11:00-11:50
Understanding & Making Pcb Art
TwinkleTwinkie
Abstract
PCB Art is all over DEF CON and for some attendees one of their primary goals is to see, admire, and collect some of the dozens of stunning examples of PCB Art that premieres at DEF CON every year. In this talk I will walk you through an explanation of what a PCB is, how it’s made, how PCB Artists use the limitations of the PCB Manufacturing process to produce stunning artwork and finally how you can make your own PCB Art using Inkscape & KiCAD. This talk is intended for anyone who appreciates PCB Art, wants to make their own PCB Art, or just wants to know how the sausage gets made.
Bio
TwinkleTwinkie is an independent PCB Artist and has manufactured dozens of Artistic PCB Badges & Indie Badge Addons. His work was featured in Hackaday’s 2018 “Badge Life” Documentary. Some of his notable works that he has produced are: Arc Badge, BSides Vancouver 2019 Badge, BSides Atlanta 2019 Badge, Queercon 15 Badge Top Board & Access Pass, Krusty the It “SAO”, Prince & Pharoah OSHCat “SAO” for OSHPark, the Cheshire Cat “SAO”, and the Chestoro “SAO”.
Return to Index - Add to
- ics
Calendar file
WS - Flamingo - Lower Level - Red Rock III - Friday - 10:00-13:59
Understanding and Analyzing Weaponized Carrier Files
Friday, 1000-1400 in Flamingo, Red Rock III
Ryan Chapman Incident Response Analyst
Weaponized carrier files, such as PDF and Office docs, are used in various attack campaigns in order to compromise victims. In this workshop, we'll cover the file formats, associated weaponization methods, and analysis techniques of the attack code used with these types of files. We'll pull apart PDF object streams, deobfuscate JavaScript code, and analyze PDf-based attacks. For Office docs, we'll review the OLE file format; take a gander at VBA-based macros; extract, deobufscate, and debug the VBA code; and identify indicators of compromise. We'll be using a Windows-based malware VM along with tools such as oledump, PDFStreamDumper, the MS VBA Editor, and more!
Skill Level Intermediate
Prerequisites: This workshop will cover the file formats for both PDF and Office (e.g. docx) files. If you've never analyzed such a file for maliciousness, fear not! We'll be covering the basics. If you have programming/scripting experience, great. If not, don't worry. If you have worked to deobfuscate code, fantastic. If not, meh.
Materials: You will want to bring a laptop equipped with the following:
- The laptop will probably need at least 4GB of RAM, as you'll need to be able to run your host OS (doesn't matter which, I and my room proctors can help with any of them) along with a Windows 10 VM.
- Please try to have a USB port available. I will have USB 3.0 drives with me the day of the workshop. These drives will be FAT-formatted (nothing fancy) and contain the files required for the workshop. I will also pop the files on to a cloud-based file sharing service well ahead of the workshop for folks whom like to setup early.
- VM software! You'll need software to run a VM, such as VMware or VirtualBox. Doesn't matter if you're on a Mac with VMware Fusion, Windows, Linux, whatever. As long as you can run a VM (and take at least one snapshot), we're solid!
- If you do not have a Windows 10 malware analysis machine, please check out https://www.microsoft.com/en-us/evalcenter/evaluate-windows, as you can grab a trial of Windows that will work just fine for this workshop
- Speaking of MS products, you're going to want (in order to follow along with VBA file debugging), a copy (evaluation version works fine) of MS Office. Version doesn't really matter, but the more recent the better. Again, check out the MS Evaluation center for a copy of Office that you can use: https://www.microsoft.com/en-us/evalcenter/evaluate-office-365-proplus
- Python! You'll want to have Python installed (2.7.x preferred). I'll have an offline installer available should you need it (make sure you have that USB port available!)
-- I'll be providing some Python-based scripts for analysis, along with some tools such as PDFStreamDumper ahead of the workshop. I will provide direct links to the files as provided by the developers. I will also be providing carrier file samples ahead of time and on the workshop USB.
Max students: 90
Registration: https://www.eventbrite.com/e/understanding-and-analyzing-weaponized-carrier-files-red-rock-iii-tickets-63608133640
(Opens 8-Jul-19)
Ryan Chapman
Ryan Chapman is an incident response (IR) analyst with a background in host and network forensic analysis; malware analysis; threat intelligence; and all the other fun facets of the blue team realm. Prior to working in IR, Ryan worked as a technical trainer for many years. Outside of work, Ryan spends time with his family, gets tapped on the jiu jitsu mats, and plays plenty of Street Fighter. Hadouken!
Return to Index - Add to
- ics
Calendar file
VMV - Planet Hollywood - Melrose 4 Room - Saturday - 10:00-11:59
Title:
Unhack the Ballot
10:00 AM Unhack the Ballot
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 1 - Saturday - 16:30-16:50
Unpacking Pkgs: A Look Inside Macos Installer Packages And Common Security Flaws
Saturday at 16:30 in Track 1
20 minutes | Demo
Andy Grant Technical Vice President, NCC Group
We are hackers, we won't do as you expect or play by your rules, and we certainly don't trust you. JAR files are really ZIPs...unzip them! So are Microsoft's DOCX, XLSX, PPTX, etc. Let's open them up! macOS applications (.app "files") are really directories you can browse?! Sweet, let's do that.
Less well known but similarly prevalent are Flat Package Mac OS X Installer (.pkg) files. These are actually XAR archives that, among other things, contain many plaintext files (including shell, Perl, and Python scripts) as cpio files compressed using gzip.
In this presentation I'll walk you through extracting the contents of these installer packages, understanding their structure, and seeing how they work while highlighting where security issues can come up. To drive the point home of what can go wrong, I'll include examples of serious security issues I've seen in the wild and show you how they can be exploited to elevate privileges and gain code/command execution.
After this talk, .pkg files will no longer be opaque blobs to you. You'll walk away knowing tools and techniques to tear them open, understand how to evaluate what they're really doing on your computer, and a methodology for finding bugs in them. As a final bonus, I'll include a subtle trick or two that can be used on red teams.
Andy Grant
Andy Grant is a Technical Vice President for NCC Group. While at NCC Group, Andy has worked on a wide-variety of security assessment and advisory projects. He has performed numerous application assessments on mobile (Android, iOS, WP7), desktop (OS X/macOS, Windows, Linux), and web platforms. He has also performed many internal and external network penetration tests and widget/third-party platform reviews. Andy has worked with small tech start-ups, small and large software development groups, and large financial institutions. Andy has a BS in Computer Science and an Advanced Computer Security Certificate from Stanford University.
Twitter: @andywgrant
Return to Index - Add to
- ics
Calendar file
DL - Planet Hollywood - Sunset 4 - Sunday - 10:00 - 11:50
USB-Bootkit – New Bookit via USB Interface in Supply Chain Attacks
Sunday from 10:00 – 11:50 in Sunset 4 at Planet Hollywood
Audience: Offense, Defense and Hardware.
Haowen Bai
USB-Bootkit, a new type of Bootkit via the USB interface, contains malicious code inside the USB device that gets executed every time the system boots up. The malicious device, located either on the motherboard or inside external HID devices such as the keyboard, is invisible to ordinary users and capable to re-infect the system after the OS getting reinstalled, the hard drive being formatted or even replaced.
In order to make it looks innocuous, we implanted the USB-Bootkit inside a keyboard without changing the outward appearance. Supply chain attacks could be leveraged to replace the device and modify boot sequences accordingly. Once it is used by the target, we are able to carry out attacks persistently. Legacy and UEFI mode are covered in one USB to adapt the target system automatically. In the demonstration, the attack originates from the malicious keyboard and is able to compromise the full patched Windows 10 x64 operating system since power-on. The USB-Bootkit will get disconnected automatically afterwards to avoid being discovered when the victim logs into the operating system.
https://github.com/RedDrip7/USB-Bootkit
Haowen Bai
Haowen Bai, a senior security research engineer at QiAnXin Threat Intelligence Center (@RedDrip7), has over 12 years’ work experience in network security with discovery of zero-day vulnerabilities in targeted attacks. Currently he is researching on innovative approaches to discover vulnerabilities and exploits on Windows platform, as well as to utilize big data analysis system to catch perilous threats in the wild.
Return to Index - Add to
- ics
Calendar file
RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 11:55-12:30
Return to Index - Add to
- ics
Calendar file
RCV - Planet Hollywood - Celebrity 5 Ballroom - Sunday - 10:00-10:25
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 4 - Saturday - 16:00-16:30
Vacuum Cleaning Security—Pinky and the Brain Edition
Saturday at 16:00 in Track 4
20 minutes | Exploit
jiska TU Darmstadt, Secure
Mobile Networking Lab
clou (Fabian Ullrich)
Data collected by vacuum cleaning robot sensors is highly privacy-sensitive, as it includes details and metadata about consumers’ habits, how they live, when they work or invite friends, and more. Connected vacuum robots are not as low-budget as other IoT devices and vendors indeed invest into their security. This makes vacuum cleaning robot ecosystems interesting for further analysis to understand their security mechanisms and derive takeaways.
In this talk we discuss the security of the well-protected Neato and Vorwerk ecosystems. Their robots run the proprietary QNX operating system, are locally protected with secure boot, and use various mechanisms that ensure authentication and encryption in the cloud communication. Nonetheless, we were able to bypass substantial security components and even gain unauthenticated privileged remote execution on arbitrary robots. We present how we dissected ecosystem components including a selection of vacuum robot firmwares and their cloud interactions.
jiska
Jiska has a M.Sc. in IT-Security. She is a PhD student at the Secure Mobile Networking Lab (TU Darmstadt) since May 2014. Her main research interest are wireless physical layer security and reverse engineering. You might also know her embroidery projects or game shows from past CCC events.
Twitter: @seemoolab
clou (Fabian Ullrich)
Fabian has a M.Sc. in IT-Security. He is working as a researcher and analyst at ERNW. His main research interests are full stack IoT and web application security. In his free time, Fabian likes to capture some flags.
Return to Index - Add to
- ics
Calendar file
RGV - Flamingo - 3rd Floor - Carson City II - Saturday - 17:00-17:59
Title:
Verbal Steganography Workshop
Verbal Steganography Workshop with Four Suits Co. Space will be limited. Sign-up is available
here
Return to Index - Add to
- ics
Calendar file
RGV - Flamingo - 3rd Floor - Carson City II - Saturday - 16:00-16:59
Title:
Verbal Steganography
Verbal Steganography
Four Suits Co. presents a talk (and demonstration) of live stenographic communication. Boiled down to its simplest form that means all the ways for two or more people to secretly, and in an analog way, communicate with each other. This includes physical and verbal codes, as well as memory systems and shortcuts that allow large amounts of information to be remembered and transferred from person to person.
Return to Index - Add to
- ics
Calendar file
Night Life - Paris - Rivoli A Ballroom - Friday - 21:00-24:59
Title:
VETCON II
Back again! VETCON is a Party thrown by Veterans for everyone! Come join in as veterans from all branches come together to celebrate and take on challenges that you only hear about in movies. Space force recruiting? Airmen in a chair race? Military drill displays? All this and more. It's time to raise hell the way our people in uniform are famous for.
Twitter: @VetConActual
Standing orders to Report to VETCON II
Return to Index - Add to
- ics
Calendar file
DL - Planet Hollywood - Sunset 3 - Sunday - 10:00 - 11:50
Vulmap: Online Local Vulnerability Scanners Project
Sunday from 10:00 – 11:50 in Sunset 3 at Planet Hollywood
Audience: Offense, Defense
Yavuz Atlas & Fatih Ozel
Vulmap is an open source online local vulnerability scanner project. It consists of online local vulnerability scanning scripts for Windows and Linux. These scripts can be used for defensive and offensive purposes. It is possible to conduct vulnerability assessments by using these scripts. Also they can be used for privilege escalation by pentesters/red teamers. Vulmap scans vulnerabilities on localhost, shows related exploits and downloads them. It basically, scan localhost to gather installed software information and ask Vulmon API if there are any vulnerabilities and exploits related with installed software. If any vulnerability exists, Vulmap shows CVE ID, risk score, vulnerability's detail link, exploit ids and exploit titles. Exploits can be downloaded with Vulmap also. Main idea of Vulmap is getting real-time vulnerability data from Vulmon instead of relying of a local vulnerability database. Even the most recent vulnerabilities can be detected with this approach. Also its exploit download feature helps privilege escalation process. Since most Linux installations have Python, Vulmap Linux is developed with Python while Vulmap Windows is developed with PowerShell to make it easy to run it on most Windows versions without any installation.
https://github.com/vulmon/Vulmap
Yavuz Atlas
Yavuz Atlas is a cyber security researcher. He has academic and professional experience in areas like cyber security, software development, data science and information visualization. He works as a Tech Lead for Biznet. His current work focuses on pentesting and secure code reviews. Yavuz is also developer of Vulmon project.
Fatih Ozel
Fatih Ozel specializes in web application assessments, penetration testing, and software development. He is a former software developer and an open source enthusiast. He holds a Computer engineering degree from Suleyman Demirel University. Fatih is currently working as a Penetration tester for Biznet Bilisim.
Return to Index - Add to
- ics
Calendar file
MOV - Bally's - Resort (Indigo) Tower 26th Floor - Skyview 4 - end of - Sunday - 11:45-12:30
11:45-12:30
Walking Through the High-Level Math Behind Bulletproofs, a Zero-Knowledge Proof
Cathie Yun, Software Engineer and Applied Cryptographer
Bulletproofs are important zero-knowledge proofs used in Monero to hide transaction amounts, but they can be used to prove other statements too. Cathie will walk through many of these applications and constructions. This talk will start at a basic level.
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 4 - Sunday - 13:00-13:45
Want Strong Isolation? Just Reset Your Processor
Sunday at 13:00 in Track 4
45 minutes | Demo, Tool
Anish Athalye PhD student at MIT
Today's systems sandbox code through traditional techniques: memory protection and user-kernel mode. Even high-security devices like hardware cryptocurrency wallets use such an architecture. Unfortunately, this arrangement has a history of security bugs due to misconfigured protection hardware, bugs in kernel code, hardware bugs, and side channels.
This talk proposes a new approach to isolation for devices like crypto wallets: separate the user and kernel onto two CPUs and multiplex processes by completely resetting the user processor between tasks so that there is no leakage.
Processor reset is more complicated than might be expected. Simply asserting the reset line isn't enough to clear all CPU-internal state, but it turns out that software can be used to clear this state. However, reasoning about the correctness of such code is challenging. This talk presents a tool that can be used to develop and formally verify the correctness of reset code for a given CPU implementation.
This talk also walks through a design of a wallet based on this reset-based isolation technique, discusses known security vulnerabilities in current designs such as the Ledger and Trezor wallets (including bugs in MPU misconfiguration, system calls, and drivers), and explores how a reset-based design could prevent such vulnerabilities.
Anish Athalye
Anish is a PhD student at MIT working on systems, security, and formal verification. He is currently interested in making hardware wallets more secure. In his free time, he enjoys bending neural networks to his will: among other exploits, he has mastered the art of transfiguration (as far as computers are concerned), exemplified by turning a turtle into a rifle.
Twitter: @anishathalye
Websites: anish.io (academic), anishathalye.com(blog)
Return to Index - Add to
- ics
Calendar file
WLV - Bally's - Palace Meeting Rooms 1-7 - off hallway to Event Center - Saturday - 13:00-13:55
Gabriel Ryan (s0lst1c3)
Bio
Gabriel Ryan (s0lst1c3) is an offensive security R&D and consultant at SpecterOps. He is the author of EAPHammer, a toolkit for performing targeted rogue access point attacks against enterprise wireless networks.
@ss0lst1c3
Steve Darracott (wytshadow)
Bio
Steven Darracott (wytshadow) works as a Senior Security Consultant on Optiv’s Attack and Penetration team. Steven is the co-author of sniffair, a modular framework for performing security assessments against modern wireless networks.
@theDarracott
War Never Changes: Attacks Against WPA3's "Enhanced Open"
Abstract
In this presentation we will introduce working proof-of-concept attacks that can be used against wireless networks that use Opportunity Wireless Encryption (OWE), which is better known as WPA3’s “Enhanced Open.” We’ll also demonstrate a resource exhaustion attack that can be used to disconnect wireless clients from networks that use Protected Management Frames (PMF). By doing this we hope to inspire a conversation about whether OWE is truly a significant improvement from open WiFi, and whether it truly addresses the current wireless threat model.
|
Return to Index - Add to
- ics
Calendar file
DC - Planet Hollywood - Firesides Lounge - Saturday - 22:15-22:59
We Hacked Twitter… And the World Lost Their Sh*t Over It!
Saturday at 22:15 in Firesides Lounge
45 minutes
Mike Godfrey Penetration Tester, INSINIA Security
Matthew Carr Penetration Tester, INSINIA Security
In December 2018 INSINIA Security was involved in one of the biggest hacking stories of the year. A number of “celebrities”, including Louis Theroux, Eamon Holmes and more, logged into their Twitter accounts just after Christmas to find a Tweet, from their account, saying:
“This account has been temporarily hijacked by INSINIA SECURITY”.
The tweet immediately directed people to our blog post, and the compromised accounts retweeted INSINIA’s Tweet, saying:
“This account is now under the control of @InsiniaSRT. Luckily, this has been H4CK3D to highlight an important vulnerability. The user of this account has NOT lost access to it, no data compromised and is NOT under attack. See how it was done…”.
What we did was simple. We used spoof texts to Tweet from these accounts. We NEVER had access to these accounts. We could never read DM’s. We simply passively controlled these accounts with no opportunity of getting confidential data in return.
So what did the hacking community, journalists and commentators do?! They LOST THEIR SH*T OVER IT!
“It’s unethical” “It’s a crime” “Computer Misuse Act counts for security researchers too!” “You guys are total f*cking idiots!
These are the types of things we’d heard from our peers. But why was the backlash so bad? In this talk, INSINIA explains why it was done, how it was done, how people reacted and how research can be released quickly and responsibly… Without always getting the warm reception you might expect!
Mike Godfrey
Mike Godfrey, Director of INSINIA Security, started life as a “hacker” before he had hit his teens. With a professional background in Electro-technical / Electro-mechanical Engineering and almost 20 years’ experience in building and breaking computers.
Mike offers a unique perspective when it comes to varied and multi-vector attacks and is regarded as one of the UK’s most capable multi-skilled Cyber Security Specialists, gaining notoriety in the Cyber Security industry for using elements of different skills, both on hard and soft surfaces, to carry out highly technical and often highly intricate electronic attacks. One of these attacks includes hacking Costco’s high security Sentry display safe with nothing more than a magnet and a sock! This research was utilised and referenced by @Plor in his talk at DEF CON 25 – “Popping a Smart Gun”. Mike has also been lucky enough to become a DEF CON speaker in 2018, one of the proudest moments of his life!
Mike works as a Cyber Security contributor for the BBC, LBC, Channel 4 and was the Ethical Hacker who discovered the TalkTalk and O2 data breach stories.
Twitter: @MikeGHacks
Matthew Carr
Matthew's previous roles including Senior Penetration Tester and Researcher at SecureLink, Europe's largest managed security services provider and Operational Security Specialist at Ikea overseeing worldwide Operational Security as part of a Specialist Team.
Matthew regularly speaks at industry events and lectures offensive security at Malmö's Technology University in Sweden.
Matthew spent over 3 years as part of an R&D team building intrusion detection software, a secure cloud platform, SIEM tools and other security software, Matthew is not only a competent red teamer but also a valuable asset to any blue team.
Matthew works as a Cyber Security contributor for the Telegraph, Talk Radio and SVT.
Twitter: @sekuryti
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 1 - Saturday - 10:00-10:45
Weaponizing Hypervisors to Fight and Beat Car and Medical Devices Attacks
Saturday at 10:00 in Track 1
45 minutes | Demo, Tool
Ali Islam CEO, Numen Inc.
Dan Regalado (DanuX) CTO, Numen Inc
Historically, hypervisors have existed in the cloud for efficient utilization of resources, space, and money.
The isolation feature is one of the reasons hypervisors are heavily moving to other ecosystems, like Automobiles, so that for example, if an Infotainment crashes, it does not affect other sensitive ECUs like ADAS. Blackberry QNX and AGL announced the use of hypervisors in their deployments on Cars.
The trending is real, but there is a big challenge! Most of the systems in Cars and Medical devices run on ARM, plus, protection at the hypervisor level is still limited. So, is it possible to have a framework that runs at the hypervisor level, able to monitor at the OS level and most important, capable to identify and kill threats coming into the monitored devices?
During this talk we will walk you through the steps needed to setup a framework running on Xilinx ZCU102 board able to monitor ARM-based devices and to kill malicious threats identified. Also will discuss challenges on syscall monitoring, single-stepping limitations, techniques to stay stealthy, techniques to detect and kill traditional malware seen in enterprise like Ransomware, Heap Exploits and capabilities on VM Escape attacks and feasibilty to detect Spectre-like exploits.
Ali Islam
Ali Islam Khan is the Chief Executive Officer (CEO) and Co-Founder of Numen Inc. He is also an avid C programmer and has developed the core set of Numen’s Virtual Machine Introspection (VMI) capabilities. Before quitting his job to work full time on Numen, Ali was Director R&D at FireEye where he was leading the R&D efforts for FireEye’s flagship email and network products. He is the founding member of FireEye Labs where he invented & developed some of the key detection technologies used in FireEye products today. Ali has multiple patents to his name and has over 13 years’ experience in a wide range of cyber security disciplines, including cryptography, malware analysis, cyber-espionage and product development. He has successfully created and led global teams from scratch. Ali has spoken at conferences such as RSA and worked with various government agencies such as DHS, KISA on intelligence sharing efforts to counter nation-state level threats.
Khan holds an MBA from UC Berkeley and a Master’s degree in network security from Monash University, Australia. He is an AUSAID scholar and the recipient of the prestigious Golden Key Award.
Twitter: @Ali_Islam_Khan
LinkedIn: https://www.linkedin.com/in/aliislam/
Dan Regalado (DanuX)
Daniel Regalado aka DanuX is the CTO and Co-Founder of Numen Inc. He is a Mexican security researcher with more than 17 years in the scene. He has worked reversing malware and exploits at Symantec Security Response Team and FireEye Labs and lately focused on IoT threats at Zingbox. He is credited with the discovery of most of the ATM malware worldwide. He is the co-author of famous book Gray Hat Hacking and he likes to present his discoveries in major security conferences like RECon, RSA, DEF CON IoT/Car Hacking villages, BSIDES.
Twitter: @danuxx
LinkedIn: https://www.linkedin.com/in/daniel-regalado-200aa414/
Return to Index - Add to
- ics
Calendar file
CHV - Bally's Event Center - Saturday - 12:00-12:50
Weaponizing Hypervisors to protect Car Infotainment from hackers
Dan Regalado
Sat 8/10 •
12:00 PM-12:50 PM
50 min talk
Historically, hypervisors have existed in the cloud for efficient utilization of resources, saving space, and money.
The isolation feature is one of the reasons hypervisors are heavily moving to other ecosystems, like Automobiles, so that for example, if an Infotainment crashes, does not affect other sensitive ECUs like ADAS. Blackberry QNX and AGL announced the use of Hypervisors in their deployments on Cars.
The trending is real, but there is a big challenge! Most of the systems in Cars run on ARM, plus, protection at the hypervisor level is still limited. So, is it possible to have a framework that runs at the hypervisor level, able to monitor at the OS level and most important, capable to identify and kill threats coming into the monitored devices?
During this talk we will walk you through the steps needed to setup a framework running on Renesas R-Car H3 board able to monitor ARM-based devices and to kill malicious threats identified. Also will discuss challenges on syscall monitoring, single-stepping limitations, techniques to stay stealthy or to get better latency, techniques to detect and kill traditional malware seen in enterprise like Ransomware, Heap Exploits and capabilities on VM Escape attacks and feasibilty to detect Spectre-like exploits.
Return to Index - Add to
- ics
Calendar file
DC - DC101, Paris Theatre - Thursday - 14:00-14:45
Web2Own: Attacking Desktop Apps From Web Security's Perspective
Thursday at 14:00 in DC101, Paris Theatre
45 minutes
Junyu Zhou Security Researcher in Tencent Security Xuanwu Lab
Ce Qin Security Researcher in Tencent Security Xuanwu Lab
Jianing Wang Security Researcher in Tencent Security Xuanwu Lab
People are always talking about binary vulnerabilities when attacking desktop applications. Memory corruptions are always costly to find. Meanwhile, mitigations introduced by operating systems make them harder to be exploited. More and more applications are using hybrid technologies, so we can try web security tricks to pwn them reliably with less effort.
Our presentation will summarize attack surfaces and methods to find security issues in desktop applications. In particular, we will explicate some real-world cases, such as chaining multiple vulnerabilities (information leaking, CSP bypass, opened debugging port) to achieve RCE in a specialized IDE, sensitive file leaking in famous editors, privileged APIs abusing in many IM applications and so on. During our research, we find some issues actually reside in popular libraries. These flaws may affect more applications than we will demonstrate in this talk.
Web security knowledge is usually unfamiliar to desktop application developers. Attacking desktop apps using web security tricks is a non-competitive "blue ocean". Our presentation will focus on many design misconceptions and implementation mistakes in desktop applications. By sharing these representative lessons, we hope to help desktop application developers improve the security of their products.
Junyu Zhou
Junyu Zhou, Security Researcher in Tencent Security Xuanwu Lab, CTF player from 0ops/A*0*E, is focusing on vulnerability research and web application security. Speaker of HITB2018Dubai and ZeroNights2018.
Ce Qin
Ce Qin, Security Researcher in Tencent Security Xuanwu Lab for 3 years, focus on software security, mainly on browser and Desktop software.
Jianing Wang
Jianing Wang, Security Researcher in Tencent Security Xuanwu Lab, member of Syclover, is focusing on vulnerability research and web application security.
Return to Index - Add to
- ics
Calendar file
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Sunday - 12:00-12:59
WebSploit 2.0 Release and an Intense Introduction to Hacking Web Applications and APIs
In this talk a new version of the self-contained WebSploit VM will be released. WebSploit was created by Omar Santos for different Cybersecurity Ethical Hacking training sessions that have been delivered in several outlets.This VM contains hundreds of exercises from known intentionally vulnerable applications running in Docker containers on top of Kali Linux; and it also includes several additional tools and a mobile device emulator that can be used to test APIs. Omar will go over several demonstrations on how to get started with this collection of hundreds of exercises and participants will receive a lab guide that they can complete in their own time (which covers dozens of exercises).
About Omar Santos: Ωr is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar is the author of over 20 books and video courses; numerous white papers, articles, and security configuration guidelines and best practices. Omar is a Principal Engineer of Cisco’s Product Security Incident Response Team (PSIRT) where he mentors and lead engineers and incident managers during the investigation and resolution of security vulnerabilities. Twitter: @santosomar
Return to Index - Add to
- ics
Calendar file
VMV - Planet Hollywood - Melrose 4 Room - Friday - 10:00-10:45
Title:
Welcome and Kick-off
10:00 AM Welcome and Kick-off
Harri Hursti, Co-Founder, DEF CON Voting Village; Founding Partner, Nordic Innovation Labs
Matt Blaze, Co-Founder, DEF CON Voting Village; Professor of Law and McDevitt Chair for the Department of Computer Science, Georgetown University
Jake Braun, Co-Founder, DEF CON Voting Village; Executive Director, University of Chicago Harris Cyber Policy Initiative
Return to Index - Add to
- ics
Calendar file
MOV - Bally's - Resort (Indigo) Tower 26th Floor - Skyview 4 - end of - Friday - 10:00-10:30
10:00-10:30
Welcome to the Monero Village!
Diego “rehrar” Salazar
This talk will explain the fundamentals of Monero and explain the theme for this year: “foundations of digital money.” Diego will introduce the list of events and thank all the volunteers who contributed to make the village a reality. He will highlight important events during Defcon to watch out for.
Return to Index - Add to
- ics
Calendar file
MOV - Bally's - Resort (Indigo) Tower 26th Floor - Skyview 4 - end of - Saturday - 13:00-13:30
13:00-13:30
What Happens when the Block Reward Runs Out? The Critical Role of the Minimum Block Reward (Tail Emission) in Monero.
Francisco “ArticMine” Cabañas, Member of the Monero Core Team
Francisco will provide an overview and review of blockchain scaling and fees in Monero. He will review the relationship between fees and the Cryptonote (now Monero) penalty with an emphasis on the impact of the block reward on fees. He will focus on rational miner behavior, and how this creates a fee market in Monero which is totally dependent upon the block reward. He will also consider the case of the block reward going to zero, how this limits the Satoshi fee market in Bitcoin and the critical differences between Monero and Bitcoin. In addition, he will consider the possible impacts of block rewards falling to zero on large block and adaptive block crypto-currencies.
Return to Index - Add to
- ics
Calendar file
LPV - Bally's - Platinum II Ballroom - Saturday - 15:00-15:45
Title:
What I Wish I Knew When I Started Picking
Presented By
Harry
Abstract
A brief discussion of several techniques and concepts that I wish I knew when I started picking.
Return to Index - Add to
- ics
Calendar file
VMV - Planet Hollywood - Melrose 4 Room - Friday - 11:30-12:30
Title:
What Role Can Journalists Play in Securing Elections?
11:30 AM What Role Can Journalists Play in Securing Elections?
Kevin Collier, Reporter, CNN
Kim Zetter, Cybersecurity & National Security Reporter
Eric Geller, Cybersecurity Reporter, Politico
Maggie MacAlpine (moderator), Co-Founder, Nordic Innovation Labs
Return to Index - Add to
- ics
Calendar file
HHV - Bally's Event Center - Saturday - 12:00-12:50
What You Print Is Not What You Get Anymore: Mitm Attack On 3D Printers Network Communications
Hamza Alkofahi
Abstract
Additive Manufacturing (AM) and 3D Printing were conceived to reduce the cost of the prototyping process. Over time, these technologies became faster, more accurate, and much more affordable. All of these factors, as well as the potential to use AM in production parts and systems, have helped rapidly drive the growth of AM in both industrial and personal uses. Thus, there is a concomitant demand to understand the implications of cybersecurity in this field and these systems. In our research, we show how manufacturers of high-end 3D printers failed to protect the confidentiality and integrity of the printed 3D models. Also, our proof of concept demonstrates how network attacks (such as MITM) on 3D printers communication channels can cause a massive impact (such as stealing, replacing or even sabotaging models) on the whole printing process.
Bio
Hamza is a cybersecurity researcher and a white-hat hacker, currently doing his Ph.D. at Auburn University. He is interested in vulnerability assessment, reverse engineering, and detecting business logic vulnerabilities. He developed the first parser for a closed source file format (CMB) also built an automated system for detecting vulnerabilities in critical infrastructure websites.
Return to Index - Add to
- ics
Calendar file
BTVT - Flamingo - 3rd Floor- Savoy Room - Saturday - 16:30-16:59
When A Plan Comes Together: Building A SOC A-Team
Saturday 16:30, Savoy Ballroom, Flamingo (Blue Team Village) (30M)
@markaorlando
started his security career in 2001 as a Security Analyst, and since then has been both fighting for blue team resources and trying to automate them out of a job. He has built, assessed, and managed security teams at the Pentagon, the White House, the Department of Energy, global Managed Security Service Providers, and numerous financial sector and Fortune 500 clients. Short on patience and attention, Mark is constantly working on new projects to improve defensive security through automation and other short cut-y things so defenders can be more agile and creative. While Director of Operations at Foreground Security, he designed and launched a Managed Detection and Response (MDR) service offering and helped to invent an automated cyber threat hunting technology, both of which were later acquired. He enjoys teaching and learning from others but spends far more time doing the latter.
The security industry is facing a severe talent shortage, but the threats are growing in number and sophistication. Finding talent, honing it to meet your specific mission, and retaining it have become immense challenges for modern operations teams. In this talk, we’ll explore these challenges and discuss creative ways to find, train, and equip a security operations “A-Team”.
Return to Index - Add to
- ics
Calendar file
MOV - Bally's - Resort (Indigo) Tower 26th Floor - Skyview 4 - end of - Sunday - 13:30-13:59
13:30-14:00
Where We Go from Here: Closing Remarks and Game
Diego “rehrar” Salazar
Diego will recap the most exciting events of the Monero village. There will be a fun game for people to participate in at the end for prizes.
Return to Index - Add to
- ics
Calendar file
VMV - Planet Hollywood - Melrose 4 Room - Friday - 12:30-12:59
Title:
While the Bots Distracted You: Hacking the Electorate
12:30 PM While the Bots Distracted You: Hacking the Electorate
Evanna Hu, CEO and Partner, Omelas
Ben Dubow, CTO and President, Omelas
Return to Index - Add to
- ics
Calendar file
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Friday - 14:00-14:59
Title:
Who Belongs Where? How to Effectively Integrate Your Company's Privacy, Legal, & Security Teams - Various
ABSTRACT
You've got a whole pack of privacy lawyers, cybersecurity team members, a CISO, a CTO, a CPO, a General Counsel, privacy engineers, security engineers, and more. Where do you put them? Who reports to who? There is a robust and lively debate going on among CISOs, CPOs, GCs, and others about structuring privacy and security teams efficiently and effectively within an organization. Sit in and listen to that debate here - and maybe take away some recommendations for your own teams.
BIO
Suchi is a data privacy and cybersecurity lawyer (@SuchiPahi). She was supposed to be a doctor, but went rogue and wound up in law school arguing about the CFAA. After 4 years of working on some of the most incredible incidents as a cybersecurity lawyer and of helping companies of all sizes set up privacy and security practices, she decided to leave the law firm life so that she could do more tech law things.
Robin Andruss - Director, Privacy Operations at Twilio has over 15 years experience in privacy, audit, and compliance. Currently, as a Director, Privacy Operations for Twilio, Robin leads a variety of internal strategic privacy initiatives to help Twilio meet its internal and external privacy commitments.
Prior to Twilio, Robin's privacy career includes privacy roles from Google, Yahoo and TrustArc and developed a strong background in project and process management, financial audit and compliance (Sarbanes Oxley internal/process audits), and consulting from Deloitte.
Marina is a well-established change agent in technology and cyber security with over 15 years of experience developing and delivering cyber security and IT strategy and programs. She has extensive experience aligning cyber strategy with business strategy while executing enterprise wide initiatives. Marina has expertise in risk management, data strategy and governance, security controls, information technology implementation and transformation, training, and project management. As Planned Parenthood Federation of Americas (PPFA) and Planned Parenthood Action Funds CISO, she works with senior leadership team to provide technical and cyber security expertise to mature the security posture of the Federation.
Mike has over twenty years of experience in the security industry. Hes currently enjoying some well earned time off after a year and a half as Lyfts first CISO where he had overall responsibility for their cybersecurity efforts. Prior to Lyft, he spent nine years at Salesforce in various roles, ultimately building and growing their world class Detection and Response organization. He started his career prototyping intrusion detection systems for battlefield networks.
Fred is yet another privacy and cybersecurity lawyer, with a background in cybercrime defense. As GitHubs Associate Corporate Counsel, he works closely with their security teams on bug bounty policy, incident response, and breach notifications. When not lawyering, Fred enjoys shell script kludges and improbable vehicles.
Return to Index - Add to
- ics
Calendar file
BTVT - Flamingo - 3rd Floor- Savoy Room - Sunday - 10:00-10:59
Who Dis? Who Dis? The Right Way To Authenticate
Sunday 10:00, Savoy Ballroom, Flamingo (Blue Team Village) (1H)
@Lak5hmi5udheer
is a Security Researcher at Adobe. She holds a Master of Science in Information Security and has been in the security industry for about four years now. At Adobe, she works on reviewing architectures and providing security guidelines to various product teams. Prior to Adobe, she was at a startup doing all things Application Security and has experience with security consulting at Bishop Fox. She has also spoken about her open source projects at security conferences like RSA 2018, Appsec USA & AppSec Cali.
@dhivus
is a Security Researcher at Adobe. She received her master’s degree in Information Security and Information Technology from Carnegie Mellon University in 2017. At Adobe, she provides proactive security guidance to key product teams, develops security automation tools and enjoys reviewing security of new technologies. She loves talking about her open source projects at conferences, most recent being Girls Who Code, DefendCon and CISO summit.
In today's ecosystem, verification of identity is no longer applicable just to the user; extending to microservices, cloud providers, IoT devices and many other emerging systems as well. 81% of discovered breaches are due to broken authentication, indicate it as a prevalent issue. Developers are generally aware of different authentication methods used for secure interaction between these entities, but most often lose context on best practices. In this context, we talk about popular authentication schemes like SAML, OAuth, token, magic links, adopted by developers today and emerging ones like WebAuthN. We will present incorrectly coded authentication patterns observed in disclosed reports related to these schemes. Finally, we will conclude with actionable solutions to correct these flaws realized in the form of practical guidelines. These would be security design patterns that developers or designers could refer to in their daily tasks.
Return to Index - Add to
- ics
Calendar file
Night Life - Planet Hollywood - Mezzanine Stage - Friday - 22:00-23:59
Title:
Who's Slide is it anyway?
No description available
Return to Index - Add to
- ics
Calendar file
SEV - Bally's Jubilee Tower - 3rd Floor - Las Vegas Ballroom - Friday - 16:30-16:59
Friday August 09 2019 1630 30 mins
Why Vigilantism Doesn’t Work
Fighting child abuse is dirty work. Does getting dirty justify the ends? Join our new COO as he discusses the very important topic.
Shane McCombs: @InnocentOrg
McCombs comes to ILF uniquely primed with more than 20 years of experience in the tech industry, combined with more than a decade of experience in C-level roles. In those critical capacities, McCombs led enterprise-wide initiatives within project management, customer relationship management and acquisition, policies and procedures, process improvement, and infrastructure. McCombs is also an accomplished public speaker and trainer, focused on change management, professionalism, social engineering, and corporate security. In the past, McCombs volunteered for the Autism Hope Alliance and currently donates his time to local business as a trusted advisor.
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 3 - Saturday - 12:00-12:45
Why You Should Fear Your “mundane” Office Equipment
Saturday at 12:00 in Track 3
45 minutes | Demo, Tool, Exploit
Daniel Romero Managing Security Consultant, NCC Group
Mario Rivas Senior Security Consultant, NCC Group
The security of common enterprise infrastructure devices such as desktops and laptops has advanced over the years through incremental improvements in operating system and endpoint security. However, security controls for network devices such as enterprise printers are often ignored and thus present a greater potential for exploitation and compromise by threat actors seeking to gain a persistent foothold on target organisations.
In order to assess the current state of mainstream enterprise printer product security and to challenge common assumptions made about the security of these devices, which sit on key parts of enterprise networks and process sensitive data, we set out on a vulnerability and exploitation research project of six known vendors. We were able to find remote vulnerabilities in all printers tested through various attack vectors, revealing a large number of 0-day vulnerabilities in the process.
In this talk we walk through the entire research engagement, from initial phases such as threat modelling to understand printer attack surfaces to the development of attack methodologies and fuzzing tools used to target printer-specific protocols and functions. Besides of remarking important vulnerabilities found and their respective CVE’s, proof of concept exploits showing how it is possible to gain full control of printers and all of the data they manage will be presented. This will show how to use enterprise printers as a method of persistence on a network, perhaps to exfiltrate sensitive data or support C2 persistence on Red Team engagements.
We also address a number of challenges that researchers can face when performing vulnerability research on devices such as printers and how we used different techniques to overcome these challenges, working with limited to no debugging and triage capabilities. We also present mitigations that printer manufacturers can implement in order to reduce printer attack surfaces and render exploitation more difficult.
Daniel Romero
Daniel is currently a security consultant and researcher at NCC Group. During his career he has worked in interesting security projects, always trying to “break” as much as possible. In the last years Daniel has mostly been focused on embedded devices / IoT and all what surrounds it such as hardware, code review, reverse engineering, fuzzing or exploiting.
Twitter: @daniel_rome
Mario Rivas
Mario is a penetration tester and security consultant at NCC Group in Madrid. His interests revolve around all areas of computer security, always trying to learn new things, and specially enjoying writing tools during the process to make his life a bit easier.
Twitter: @Grifo
Return to Index - Add to
- ics
Calendar file
WLV - Bally's - Palace Meeting Rooms 1-7 - off hallway to Event Center - Friday - 14:00-15:55
Eric Johnson
Bio
31 year wireless engineer. Antennas, cellular, Wi-Fi design
@ej_wireless
Wi-Fi 6 Tech deep dive
Abstract
802.11ax (Wi-Fi 6). Discussion of Antenna and Modulation techniques used with Wi-Fi and new radio features used with Wi-Fi 6
|
Return to Index - Add to
- ics
Calendar file
PHVT - Bally's Resort (Indigo) Tower 26th floor - Sunday - 10:00-10:59
Wi-Fi Threat Modelling and Monitoring (WiNT)
Besim Altinok, Barikat Internet Security
Can Kurnaz, Senior Cybersecurity Consultant at KPMG Netherlands
With the widespread use of wireless Internet access, we see that the use of portable technologies is rapidly increasing. Increasing public networks and facilitating access to these networks have attracted the attention of attackers. Due to easy availability of mature honeypot creation tools, this attack is a slam dunk for even the most novice of Wi-Fi attackers. Enterprise security products have tried but failed to solve this problem with rule and lockdown based approaches. In this talk, we are going to tell a story experienced about Wi-Fi network attackers. We will practically demonstrate how using new detection and deception techniques we can make Wi-Fi clients and environmentally secure.
Besim Altinok (Twitter: @AltnokBesim) has been researching Wi-Fi security for over a decade. He created WiPi-Hunter project against Wi-Fi hackers. He is the author of a book on Wi-Fi security. Besim's work on wireless security has been published in ArkaKapi Magazine and others. He has also spoken at top conferences including BlackHat Europe, ASIA, Defcon, and others. Besim ALTINOK works currently at BARIKAT Internet Security in Turkey. Besim also founded Pentester Training project.
Can Kurnaz (Twitter: @0x43414e) is conducting penetration tests from internet and internal networks to web-based applications, network infrastructures, wireless devices, IoT devices and operational technology infrastructures such as ICS/SCADA systems and components.
Return to Index - Add to
- ics
Calendar file
DL - Planet Hollywood - Sunset 1 - Saturday - 10:00 - 11:50
WiFi Kraken – Scalable Wireless Monitoring
Saturday from 10:00 – 11:50 in Sunset 1 at Planet Hollywood
Audience: Offense, Defense, Hardware
Mike Spicer
This tool is the culmination of lessoned learned during the last 3 years of wireless monitoring at DEF CON using tools like the #WiFiCactus. This demo will show you the software and hardware needed to build a robust wireless monitoring sensor network that is capable of capturing everything up to 802.11ac including Bluetooth. This demo will include a distributed capture network that will take captured data from multiple nodes and send it back to a single capture server. This project will show you how to use advanced features of Kismet Wireless to increase the amount of data you capture. Wireless threats and attacker tactics will be discussed and identified as they happen in the environment. Data analytic techniques will be demonstrated and discussed using tools like Wireshark, NetworkMiner and PCAPinator.
http://palshack.org/def-con-27-demolab/
Mike Spicer
d4rkm4tter is a mad scientist hacker who likes to meddle with hardware and software. He is particularly obsessed with wireless. He has a degree in computer science from Southern Utah University which he has put to use building and breaking a wide array of systems. These include web application pentesting, wireless monitoring and tracking as well as good old fashioned reverse engineering. He is the creator of the #WiFiCactus and has been seen presenting Demolabs at DEF CON and DEF CON China Beta. He is a Kismet cultist and active in the wireless and wardriving communities.
Return to Index - Add to
- ics
Calendar file
AVV - Bally's Event Center - Sunday - 10:30-10:59
Speaker – Harshad (@harshadsathaye)
Synopsis
Modern aircraft heavily rely on several wireless technologies for communications control, and navigation. Researchers demonstrated vulnerabilities in many aviation systems e.g., injecting ghost aircraft into airspace, spoof locations and manipulate key communication messages. However, the resilience of the aircraft landing systems to adversarial wireless attacks have not been studied in the open literature, despite their criticality and the increasing availability of low-cost SDR platforms. In this work, we investigate and demonstrate the vulnerability of aircraft instrument landing systems (ILS) to wireless attacks ( https://www.youtube.com/watch?v=Wp4CpyxYJq4).
In majority of airports today, commercial traffic is typically assigned some type of instrument approach into the landing phase to maintain smooth flow of traffic in and out of the airport environment. The demonstrated attacks can cause last-minute go around decisions, missing the landing zone in low visibility, and even cause crash landings depending on the level of automation in the future. We analyze the ILS waveforms and show the feasibility of spoofing such radio signals using commercially-available SDR. We show that it is possible to fully and in fine-grain control the course deviation indicator, as displayed by the ILS receiver, in real-time, and demonstrate it on aviation-grade ILS receivers. Additionally, we introduce a novel attack called the single-tone attack that significantly reduces the power requirements of the attack. We develop a tightly-controlled closed-loop ILS spoofer that autonomously adjusts the adversary’s transmitted signals based on the aircraft’s GPS location to cause an undetected off-runway landing. We demonstrate the integrated attack on an FAA certified flight-simulator’s (X-Plane) AI-based auto-land feature and show success rate with offset touchdowns of 18 meters to over 50 meters. We discuss potential countermeasures and show that unlike other aviation security issues that can be fixed with conventional crypto, they are ineffective against the demonstrated attack and securing ILS poses unique challenges.
About the Speaker
Harshad is a Ph.D. student at Northeastern University’s Khoury College of Computer Sciences. He is a cybersecurity enthusiast with research interests around wireless systems security, specifically sophisticated navigation systems that are available today. He is also involved in developing secure cyber-physical systems with Prof. Aanjhan Ranganathan and Prof. Guevara Noubir as his advisors.
Return to Index - Add to
- ics
Calendar file
PHVW - Bally's Resort (Indigo) Tower 26th floor - Friday - 12:15-14:15
Wireshark for Incident Response & Threat Hunting
Michael Wylie, Director of Cybersecurity Services, Richey May Technology Solution
This workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the workshop, we’ll examine what different attacks and malware look like in Wireshark. Students will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network. There will be plenty of take home labs for additional practice.
Michael Wylie (Twitter: @TheMikeWylie) is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, Moorpark College, California State Universities, and for clients around the world. Michael is the winner of the SANS Continuous Monitoring and Security Operations challenge coin and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more.
Return to Index - Add to
- ics
Calendar file
ASV - Flamingo 3rd Floor - Mesquite Room - Sunday - 14:00-15:59
WORKSHOP "Exploiting Bad Crypto Found in the Wild!"
In this workshop you will learn to exploit a few examples of poorly implemented cryptography found in real-world penetration tests and reverse engineered into CTF-style challenges. The hand-picked exercises will take you on a trip from bad credential storage mechanisms that allow "hash" decryption to epic failures in ransomware design which allowed full decryption of encrypted files. By the end of the workshop, you will be able to recognize some instances of insecure crypto and exploit them for fun and profit!
Return to Index - Add to
- ics
Calendar file
ASV - Flamingo 3rd Floor - Mesquite Room - Sunday - 11:00-12:59
WORKSHOP "Offensive Python: Custom Scripts for Pentests"
In this workshop, we'll write custom Python scripts to automate and augment penetration testing. Learn the basics of port scanning, crafting custom packets, and building your own exploits in Python.
We will work through examples using a Jupyter Notebook, which you can make a copy of to play around with after the conference. (To get the most out of this class, you should already have some basic programming experience in Python or a similar programming language like Ruby.)
Return to Index - Add to
- ics
Calendar file
ASV - Flamingo 3rd Floor - Mesquite Room - Saturday - 14:00-17:59
WORKSHOP "The OWASP Top Ten for Developers- Secure Coding Seminar"
Student Requirements: Familiarity with the technical details of building web applications and web services from a software engineering point of view.
Laptop Requirements: This seminar will be mostly lecture and demonstration. A laptop is not required but might be useful to take notes.
Description: The major cause of webservice and web application insecurity is insecure software development practices. This highly intensive and interactive 4-hour seminar will provide essential application security training for web application and webservice developers and architects.
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web and API solutions via defense-based code samples.
Return to Index - Add to
- ics
Calendar file
WS - Flamingo - Lower Level - Lake Mead II - Saturday - 10:00-13:59
Writing custom backdoor payloads using C#
Saturday, 1000-1400 in Flamingo, Lake Mead II
Mauricio Velazco Threat Management Team Lead
Olindo Verrillo Hacker
This workshop aims to provide attendees hands-on experience on writing custom backdoor payloads using C# for the most common command and control frameworks including Metasploit, Powershell Empire and Cobalt Strike. The workshop consists in 7 lab exercises; each of the exercises goes over a different technique that leverages C# and .NET capabilities to obtain a reverse shell on a victim Windows host. The covered techniques include raw shellcode injection, process injection, process hollowing, runtime compilation, parent pid spoofing, antivirus bypassing, etc. At the end of this workshop attendees will have a clear understanding of these techniques both from an attack and defense perspective.
Skill Level Intermediate
Prerequisites: Basic to intermediate programming/scripting skills.
Prior experience with C# helps bot not required.
Materials: Laptop with virtualization software.
A Windows virtual machine
A Kali Linux Virtual Machine.
Max students: 40
Registration: https://www.eventbrite.com/e/writing-custom-backdoor-payloads-using-c-lake-mead-ii-tickets-63439591526
(Opens 8-Jul-19)
Mauricio Velazco
Mauricio Velazco (@mvelazco) is a Peruvian, Infosec geek who started his career as a penetration tester and jumped to the blue team 7 years ago. He currently leads the Threat Management team at a financial services organization in New York where he focuses on threat detection/hunting and adversary simulation. Mauricio has presented and hosted workshops at conferences like Defcon, Derbycon and BSides. He also holds certifications like OSCP and OSCE.
Olindo Verrillo
Olindo Verrillo is a Senior Security Engineer who straddles the line between blue and red. He currently focuses most of his attention on purple teaming and detection engineering. Olindo has worked as Senior consultant, performing both offensive and defensive engagements for numerous Fortune 500 companies.
Return to Index - Add to
- ics
Calendar file
PHVW - Bally's Resort (Indigo) Tower 26th floor - Saturday - 13:40-15:40
Writing Wireshark Plugins for Security Analysis
Nishant Sharma, R&D Manager, Pentester Academy
Jeswin Mathai, Security Researcher, Pentester Academy
Network traffic always proves to be a gold mine when mined with proper tools. There are various open source and paid tools to analyze the traffic but most of them either have predefined functionality or scalability issues or one of a dozen other problems. And, in some cases when we are dealing with non-standard protocols, the analysis becomes more difficult. But, what if we can extend our favourite traffic analysis tool Wireshark to accommodate our requirements? As most people know, Wireshark supports custom plugins created in C and Lua which can be used to analyze or dissect the packets. In this workshop, we will learn the basics of Wireshark plugins and move on to create different types of plugins to perform dissection of non-standard protocol, provide macro statistics, detect attacks etc. We will use examples of older and newer protocols (including non-standard ones) to understand the plugin workflow and development.
Nishant Sharma (Twitter: @wifisecguy) is an R&D Manager at Pentester Academy and Attack Defense. He is also the Architect at Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX and WiMini. He also handles technical content creation and moderation for Pentester Academy TV. He has 7+ years of experience in information security field including 5+ years in WiFi security research and development. He has presented/published his work at Blackhat USA/Asia, DEF CON China, Wireless Village, IoT village and Demo labs (DEFCON USA). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the state of art WiFi Intrusion Prevention System (WIPS). He has a Master's degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, Forensics and Cryptography.
Jeswin Mathai (Twitter: @jeswinmathai) is a Researcher at Pentester Academy and Attack Defense. He has presented/published his work at DEF CON China, Blackhat Arsenal and Demo labs (DEFCON). He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals, conducted awareness workshops for government institutions. He was also the part of team Pied Piper who won Smart India Hackathon 2017, a national level competition organized by GoI. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security and Web Application Security.
Return to Index - Add to
- ics
Calendar file
HTS - Bally's Event Center - Sunday - 10:30-11:30
In this Talk Stephan will present the latest attack scenarios against modern vessel and yachts.
While modern vessels connected to Internet via SAT-Com or WiFi / GSM Internet Router and the security of the Network is relaying on those devices, this could be interesting, because of NMEA Gateways connecting the Backbone of the Ship with the IP Network. The NMEA backbone (National Marine Electronics Association) is like a CAN Bus in Cars and this bidirectional Gateways are used for communications.
Marine Routers are sometimes worst, as my research will present a couple of holes in a maritime router model that is common in yachts to get access to the internal network. (CVE-2017-17673)
Targeting Super or Mega Yachts in harbors or offshore could be a new threat for celebrities, if private informations from onboard are stolen.
Other threat could be to manipulate the Autopilot remotely.
Finally Stephan will present also SatCom devices with their security holes up to a command line interface.
At the end Stephan publish his latest 0-Day against a Satcom Device. Reported under CVE-2018-16114 on 29/8/2018. A PoC script he will release on GitHub.
The following Attack scenarios against yachts and vessels will addressed:
– GPS Spoofing and protection
– AIS (automatic identification system) spoofing
– vessel backbone, the NMEA protocol and possible attacks
– Autopilot
– internet routers on board
– entertainment network and systems
– SatCom
Stephan Gerling
Time: 10:00-11:00
Location: Ballys Event Center
Speaker Bio:
It started with an Comodore C64 under the Christmas tree in 1983.
Since then, Stephan Gerling was infected with the “Computer Virus”. A Virus was then the start into computer security.
He started to learn how Malware works, analyzed them and cleaned the infected computers of the friends.
Stephan’s career started as electrician and he dug deeper into electronics and micro computer technique and stopped for a couple of years in the Germany Army as aviation electronic specialist for navigation systems.
Currently, Stephan is working more than 19 years as an IT security specialist in the Oil and Gas industry.
Now Stephan is older than the Internet and focused on Forensics, Incident response, penetration tests and research in maritime security sector and is driven by wanting to know how things work.
Return to Index - Add to
- ics
Calendar file
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Sunday - 10:30-11:30
Your Adversary Within
No description available
Return to Index - Add to
- ics
Calendar file
CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 15:10-15:50
Your Blacklist is Dead. Airgap Everything: The Future of CNC is the Cloud
Speaker: Erick Galinkin
Twitter: @erickgalinkin
Abstract: What happens when attackers start taking advantage of whitelisted APIs as a form of obfuscated command and control? Companies both large and small are moving workloads to the cloud and are very concerned with how to secure their resources which actually live in AWS, GCP, and Azure. However, they don't address how enabling this access changes their internal attack surface and weakens their defenses.
In this talk, we demonstrate that attackers no longer have any reason to rely on conventional CNC, being able to outsource their costs and infrastructure management to the likes of Slack, Github, Pastebin, Dropbox, Google, and social media sites. Using these sorts of techniques, URL blacklisting becomes obsolete, IDS becomes less effective, and attackers no longer have to waste their time writing domain generation algorithms.
Specifically, I will demo a proof-of-concept malware which uses multiple SaaS services, social networks, and more conventional "cloud infrastructure" (S3) that would be extremely difficult to mitigate generically with today's IPS solutions, and we discuss how the same techniques can be used by red teams and attackers to quietly maintain persistence and exfiltrate data.
About Erick: Erick is a security researcher at Netskope focused on malicious SaaS usage and attacks against Microsoft Azure. He previously was previously at Cisco's Talos group where he focused on hunting exploit kits. As part of his academic research at Johns Hopkins University, he conducts research on neural networks, verifiable computing, and computational complexity.
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 1 - Saturday - 11:00-11:45
Your Car is My Car
Saturday at 11:00 in Track 1
45 minutes | Demo, Tool, Exploit
Jmaxxz
For many of us, our cars are one of the largest purchases we will ever make. In an always connected world it is natural that we would want to have the convenience of being able to remotely monitor our vehicles: to do everything from remind ourselves exactly where exactly we parked, verify we locked our vehicle, or even remote start it so it will be warmed up (or cooled down) when we get in. There are a variety of vendors offering aftermarket alarm systems that provide these conveniences and offer a peace of mind. But how much can we trust the vendors of these systems are protecting access to our cars in the digital domain? In this talk, Jmaxxz will tell the story of what he found when he looked into one such system.
Jmaxxz
Jmaxxz works as a software engineer, but is a hacker by passion. He is best known for his work on the August Smart Lock (DEF CON 24 “Backdooring the Frontdoor”). In recent years IoT devices have been the focus of his work. He participated in the IoT village zero day track at DEF CON 24 and DEF CON 25. After enduring several polar vortexes, he decided it was probably time to investigate an IoT remote car starter.
twitter: @jmaxxz
Website: jmaxxz.com
Return to Index - Add to
- ics
Calendar file
PHVT - Bally's Resort (Indigo) Tower 26th floor - Friday - 17:00-17:59
Your Phone is Using Tor and Leaking Your PII
Milind Bhargava, Manager at Deloitte Canada
Adam Podgorski, Manager at Deloitte Canada
Do you have a cellphone? Do you run apps on it? Your personal information is most probably traversing over TOR without your knowledge or consent. As part of our research, we identified a surprising amount of unencrypted, sensitive and confidential user data originating from mobile devices traversing the TOR network, which included: GPS coordinates, WiFi BSSID, and general keys typed by the user. In some cases, we were able to build a complete user profile from physical movements to purchasing habits. At the end of the day, how comfortable are you that anyone can track you?
Milind Bhargava is a Manager with Deloitte's Risk Advisory team where he performs security audits and assessments, leads the incident response team. He also leads his own security consulting company that is known for Darknet Threat Intelligence Research.
Adam Podgorski is a Manager at Deloitte Canada. He has managed and lead the delivery of a broad range of IT strategies and multiple technical advisory engagements. He presented at Black Hat in 2017.
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 4 - Sunday - 10:00-10:45
Your Secret Files Are Mine: Bug Finding And Exploit Techniques On File Transfer App Of All Top Android Vendors
Sunday at 10:00 in Track 4
45 minutes | Demo, Tool, Exploit
Xiangqian Zhang
Huiming Liu
Nearby sharing apps are very convenient and fast when you want to transfer files and have been pre-installed on billions of devices. However, we found that most of them will also open a door for attackers to steal your files and even more.
First, we did a comprehensive research about all top mobile vendors' pre-installed nearby sharing apps by reverse engineering. Many serious vulnerabilities are found on most of them and reported to vendors. Algorithm and design flaws in these apps can lead to file leaking and tampering, privacy leaks, arbitrary file downloads and even remote code execution. We will present all the related vulnerabilities' details and exploit techniques. Next, we conducted the same research on lots of third-party file sharing apps and found that they are even worse about security and are used by surprising more than 1 billion users. Files transferred between them are nearly naked when our MITM attack devices are nearby. Finally, we will summarize all the attack vectors and two common attack models. We will also present the attack demos and related tools.
Besides, we will present our practical mitigations. Currently, we are working with most of the top vendors to mitigate these vulnerabilities. Through this talk, we want to notify users and mobile vendors to pay more attention to this serious situation and fix it better and sooner.
Xiangqian Zhang
Xiangqian Zhang is a security researcher at Tencent Security Xuanwu Lab and his research focuses on Mobile Security and IOT Security. Xiangqian found multiple Android kernel and system security vulnerabilities.
Twitter: @h3rb0x
Huiming Liu
Huiming Liu is a security researcher at Tencent Security Xuanwu Lab and his research focuses on Mobile Security and IOT Security. Huiming has spoken at several security conferences including CanSecWest and BlackHat Asia.
Twitter: @liuhm09
Return to Index - Add to
- ics
Calendar file
MOV - Bally's - Resort (Indigo) Tower 26th Floor - Skyview 4 - end of - Sunday - 11:30-13:30
11:30-13:30
Zcoin Station
Zcoin team members will be present after their talk to answer questions about Zcoin, Lelantus, Sigma, Zerocoin, and other privacy-related questions.
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 3 - Saturday - 14:00-14:45
Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets
Saturday at 14:00 in Track 3
45 minutes | Demo, Tool, Exploit
Maksim Shudrak Security Researcher
Fuzzing remains to be the most effective technique for bugs hunting in memory-unsafe programs. Last year, hundreds of security papers and talks on fuzzing have been published and dozens of them were focused on adapting or improving American Fuzzy Lop in some way. Attracting with its simplicity and efficiency, AFL is the number one choice for the vast majority of security researchers. This high popularity means that hunting for bugs with AFL or a similar tool is becoming less and less fruitful since many projects are already covered by other researchers. It is especially hard when we talk about a project participating in Google OSS-Fuzz program which utilizes AFL to generate a half-trillion test cases per day.
In practice, this means that we can not blindly rely on AFL anymore and should search for better fuzzing techniques. In order to overcome this challenge, we need to understand how AFL and similar fuzzers work and be able to use their weaknesses to find new 0days. This talk is aimed to discuss these weaknesses on real examples, explain how we can do fuzzing better and release a new open-source fuzzer called Manul.
Manul is a high-scalable coverage-guided parallel fuzzer with the ability to search for bugs in open source and black box binaries on Windows and Linux. Manul was able to find 10 0-days in 4 widely-used projects that have been extensively tested by AFL. These vulnerabilities were not found by chance, but by analyzing and addressing issues exist in AFL. Authors will show several of the most critical vulnerabilities and explain why AFL overlooked them.
This talk will be interested for experienced hackers, who are willing to improve their bug hunting capabilities, as well as for new researchers, who are making their first steps on the thorny trail of bug hunting.
Maksim Shudrak
Maksim is a security researcher and vulnerability hunter in open-source and blackbox applications. In the past, he had experience working on dynamic binary instrumentation framework DynamoRIO, developing extremely abstract Windows OS emulator for malware analysis at IBM Research as well as writing sophisticated fuzzer to search for vulnerabilities in machine code. The latter was so exciting that he defended PhD on this topic. Today, he works on Red Team side at large cloud-based software company.
Maksim has spoken at various security conferences around the world such as DEF CON, Positive Hack Days, Virus Bulletin and BSides SF.
Twitter: @Mshudrak
LinkedIn: https://www.linkedin.com/in/mshudrak
Return to Index - Add to
- ics
Calendar file
DL - Planet Hollywood - Sunset 2 - Sunday - 10:00 - 11:50
Zigbee Hacking: Smarter Home Invasion with ZigDiggity
Sunday from 10:00 – 11:50 in Sunset 2 at Planet Hollywood
Audience: Offense, Hardware, Product, IoT, Zigbee, Zigbee Hacking
Francis Brown & Matt Gleason
Do you feel safe in your home with the security system armed? You may reconsider after watching a demo of our new hacking toolkit, ZigDiggity, where we target door & window sensors using an "ACK Attack". ZigDiggity will emerge as the weapon of choice for testing Zigbee-enabled systems, replacing all previous efforts. Zigbee continues to grow in popularity as a method for providing simple wireless communication between devices (i.e. low power/traffic, short distance), & can be found in a variety of consumer products that range from smart home automation to healthcare. Unfortunately, existing Zigbee hacking solutions have fallen into disrepair, having barely been maintained, let alone improved upon. Left without a practical way to evaluate the security of Zigbee networks, we've created ZigDiggity, a new open-source pentest arsenal from Bishop Fox. Updates include migration to better hardware for testing (e.g. SDRs), and a slew of newly implemented Zigbee attacks types. Our DEMO-rich presentation showcases ZigDiggity's attack capabilities by pitting it against common Internet of Things (IoT) products that use Zigbee. Come experience the future of Zigbee hacking, in a talk that the New York Times will be hailing as "a veritable triumph of the human spirit." ... ya know, probably
https://github.com/BishopFox/zigdiggity
Francis Brown
Francis Brown is the Chief Technology Officer (CTO) at Bishop Fox, a consulting firm providing cyber security services to the Fortune 1000, global financial institutions, and high-tech startups. Before founding Bishop Fox, Francis worked for Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology.
Matt Gleason
Matthew Gleason is a Senior Security Associate at Bishop Fox, where he focuses on application security penetration testing, source code review, and network penetration testing. Prior to joining Bishop Fox, Matthew worked as a software engineer for Boeing, where his work involved validation testing for the AH-64E attack helicopter. Matthew holds a Master of Science from Arizona State University in Computer Science. He also has earned a Bachelor of Science in Economics and a Bachelor of Science in Mathematics from Arizona State University.
Return to Index - Add to
- ics
Calendar file
DC - Paris - Track 4 - Saturday - 12:00-12:45
Zombie Ant Farm: Practical Tips for Playing Hide and Seek with Linux EDRs
Saturday at 12:00 in Track 4
45 minutes | Demo, Tool
Dimitry Snezhkov Sr. Security Consultant, X-Force Red
EDR solutions have landed in Linux. With the ever increasing footprint of Linux machines deployed in data centers, offensive operators have to answer the call.
In the first part of the talk we will share practical tips and techniques hackers can use to slide under the EDR radar, and expand post-exploitation capabilities.
We will see how approved executables could be used as decoys to execute foreign functionality. We will walk through the process of using well known capabilities of the dynamic loader. We will take lessons from user-land root-kits in evasion choices.
Part two will focus on weaponizing the capabilities. We will show how to create custom preloaders, and use mimicry to hide modular malware in memory. We will create a "Preloader-as-a-Service" capability of sorts by abstracting storage of modular malware from its executing cradles. This PaaS is free to you though!
We fully believe the ability to retool in the field matters, so we have packaged the techniques into reusable code patterns in a toolkit you will be able to use (or base your own code on) after it is released.
This talk is for hackers, offensive operators, malware analysts and system defenders. We sincerely hope defensive hackers can attend and also have fun.
Dimitry Snezhkov
Dimitry Snezhkov is a Sr. Security Consultant for X-Force Red. In this role he hacks code, tools, networks, apps and sometimes subverts human behavior too. Dimitry has spoken at DEF CON, THOTCON, DerbyCon, CircleCityCon, NorthSec, and presented tools at BlackHat Arsenal.
Twitter: @Op_Nomad
Return to Index - Add to
- ics
Calendar file
DEF CON News
Check out Napoleon's Chillout!
Posted 8.9.19
Napoleon's Piano Bar in Paris opened up today as one of our official chillout spots!
Chillout and Live Music, Stay or go food and drink options, and a great place to pause and reflect!
Friday Live Music!
21:00 - 22:00 - Steph Infection
22:00 - 23:00 - s7a73farm
23:00 - 00:00 - Acid-T a.k.a dj sm0ke
00:00 - 01:00 - Wil Austin
01:00 - 02:00 - ASHSLAY
Saturday Live Music!
21:00 - 22:00 - DJ Th@d
22:00 - 23:00 - Azuki
23:00 - 00:00 - Magik Plan
00:00 - 01:00 - E.ghtB.t
01:00 - 02:00 - Yurk
DEF CON wants to help hackers anonymously submit bugs to the government: Let's discuss.
Posted 8.8.19
Here’s the use case. You learn of a problem with a government system or some technology, and you want to do the right thing. You want to get the information into the right hands, but you’d be more comfortable sharing if you knew you couldn’t be identified as the messenger of the problem. Sound familiar?
This very problem has been the subject of a years-long conversation in the space between government and independent security research. The goal is to create a sturdy, anonymous system for hackers and researchers that shares your tip directly with the part of government that needs to know, and keeps you out of the equation. This is your chance to be part of the conversation. Join The Dark Tangent, the NYT’s Runa Sandvik, Leviathan’s Corbin Souffrant, SOFWERX and The Donovan Groups Pablo Breuer, the ACLU’s Jennifer Granick and the DHS CISA Christopher Krebs and have your voice heard.
Be there Friday at 09:00 in Track 1!
DEF CON 26 Badge Updates at DEF CON 27!
Posted 8.4.19
Attention Badgelife enthusiasts! You’ll likely have plenty to do with the DC27 badge and all the unofficial badges and add-ons, but if you’ve still got some solving to do on the DEF CON 26 badge we have good news. We’re setting up four flashing stations in the Hardware Hacking Village just for you! Come by to get your updates and maybe meet some other folks to solve with!
If you want some heavily illustrated instructions to get you rolling, we have a thread in the forum.
Want to finish last year’s challenge but don’t have last year’s badge? We’ll have some available for sale in the Swag area fully updated and ready for action.
DEF CON CTF Details and Qualifying Teams!
Posted 8.2.19
From oooverflow.io:
DEF CON CTF 2019 is held Friday, August 9th through Sunday, August 11th. 2019.
We’ll be located in Planet Hollywood in the Mezzanine for the duration of the competition, come say hi, and watch the best hackers on the planet duke it out.
Based on an excellent qualification round, 16 teams accepted our invitation to compete for the glory of DEF CON CTF.
The teams are (in no particular order):
A*0*E
CGC
HITCON⚔BFKinesiS
hxp
KaisHack GoN
mhackeroni
Plaid Parliament of Pwning
r00timentary
r3kapig
saarsec
Samurai
Sauercloud
SeoulPlusBadAss
Shellphish
Tea Deliverers
TokyoWesterns
Rabbit in the Moon at DEF CON 27!
Posted 7.26.19
DEF CON brings you glad tidings of great joy - this year's musical headliner is the majestic Rabbit in the Moon! They'll be bringing you their intense fusion of soul-shaking beats and otherworldly performance art at midnight Saturday in Paris's Vendome. You won't want to miss this.
Speaking Schedule is Live!
Posted 7.24.19
More pre-con recon - the DEF CON 27 speaker schedule is live now, just bristling with the kind of dates, locations and presentation names you crave. But that's not all! There's also a handy printable .pdf file for the analog wood-pulp and ink heads out there.
We're getting pretty excited - how about you?
Check it all out!
Posted 7.17.19
Can you feel that? It’s getting close now. Just a few weeks. Time to get your pre-con recon together.
To that end, we’ve got a lot of stuff on defcon.org ready to help you. You need maps? We got maps. You want to know the lowdown on contests? Villages? It’s in there. Parties, Demo Labs, Talks, everything you could want, just waiting for you to check on it.
And if any of that leaves you with questions, or suggestions, or the sudden urge to communicate, please stop by the DEF CON Forums, where the forum elves have thoughtfully left you a thread for just about any con topic you can conjure.
Let’s DO this thing, people.
Lend a hand to DEAFCON!
Posted 7.12.19
The wonderful people of DEAFCON have been providing ASL interpreters to DEF CON for years now. This year they're raising funds to expand - to bring out 8 volunteers to float around the conference and interpret by request. Please consider a donation.
DEF CON 27 Workshops!
Posted 7.1.19
The v. popular Workshops are back for DEF CON 27 and workshops page is UP! You can dig into all the sweet details and see if any of the offerings call out to you.
If you want in, you’ll need to be ready Monday, July 8 at 3pm PST when registration goes live. Workshops fill up _very_ quickly. Be ready! Bookmark your favorites and keep your mousing finger loose and hydrated.
All DEF CON 27 Speakers are Live!
Posted 6.28.19
DEF CON 27 is another step closer: speaker selection is complete! The speaker page has the full lineup waiting for your careful examination. Your planning can now begin in earnest.
We’d like to thank everyone who submitted presentations this year - Getting the speaker list into its final form is never easy, largely because of how many great submissions we get.
Also, much respect to the CFP review board, who must read through the tsunami of submissions, assist the promising and make the hard cuts. This is high-effort, low-visibility work, but anyone who’s ever been inspired by a DEF CON talk owes them some love.
It’s time to get psyched, people. The time of our reunion approaches.
Short Story Contest Winners Announced!
Posted 6.24.19
Congratulations to the winners of the DEF CON 27 Short Story Contest!
from the official thread on the DEF CON forums:
"In FIRST place we have "Dye Sublimation" by Selene Sun! We loved the quick, well-told, and charming story about taking chances.
In SECOND place is "Parsnips" by David Hash Miller (@DavidHashMiller), a fun and creative romp with nanotechnology. Congrats!
People's Choice award goes to "Red Balloons Over China" by FengJiu! It was a hard choice, but it won majority vote amongst our judges for this year. What a wild and wonderful story that gives hope for tomorrow!
While we couldn’t give out badges to everyone, we absolutely loved all of the entries and highly encourage folks to go out and read them all! Congrats to our winners and thank you to everyone for making choosing just a few so difficult."
Consider reading these a DC27 homework assignment. Stop by the forum thread and show a little love for the literary champions of DEF CON 27.
First DEF CON 27 Speakers are Posted!
Posted 6.15.19
Attention, luminous humans of the DEF CON Community! We bring you tidings of great joy - the first batch of accepted speakers are LIVE on the DEF CON website for your immediate perusal. Stay tuned to the DEF CON frequencies for more announcements - message output will increase from here on in.
Check it out, start your planning, and pass it on.
Plan your DEF CON 27 on the DEF CON Forums
Posted 6.14.19
We’re getting into the home stretch, people! Less than two months until the doors open on DEF CON 27.
Please stop by our newly revamped DEF CON Forums for info, answers and discussions of all things DC27. While it’s true that the forums are still in beta, they’re also the perfect place to connect directly to the event organizers and attendees with your specific concerns or recommendations. You’ll be helping us smooth the rough edges, and we’ll help you get the most out of your Con experience. Wins all around.
A new feature you might find useful is the con calendar, with the dates of major DEF CON deadlines like calls and village CFPs, all right there to keep you on track!
Two months is nothing, Welcome to DEF CON season!
Open DEF CON 27 Village CFPs!
Posted 6.10.19
Need a handy guide to which DEF CON 27 Village CFPs are still open? Look no further. /r/defcon has you covered.
TL:DR; there's still a bunch of open CFPs but they're closing really soon. Don't get left behind!
Reminder: DEF CON 27 Call for Services is Still Open!
Posted 5.28.19
Friendly reminder for DEF CON 27 - The Call for Services is up and running. We’re looking for fun and interesting servers/services to hang out on the DEF CON onsite networks. That old-school MUD you’ve wanted to share, the impenetrable server you want to test on the DEF CON crowd - all good ideas are welcome. The rules and regs can be found on the DEF CON site, and you should read them. Show us what you’ve got, everybody.
Press Policy & Registration for DEF CON 27!
Posted 4.9.19
Press Registration for DEF CON 27 is now OPEN! As always, we have a limited number of badges available, so act quickly to reserve your spot. You can get all the relevant details on the press registration page. Make sure to read it carefully as there have been some changes in policy that might impact your operation. Feel free to drop us a line if you have questions - we look forward to hearing from all of you!
Demo Labs are back for DEF CON 27!
Posted 4.9.19
If you’re unfamiliar, Demo Labs is a space we set aside for the community to show off what they’re working on. The requirements are simple: it’s gotta be something interesting to your fellow hackers and it’s gotta be open-source. We give you a table and a time slot, and you get to share your new hotness with a pretty ideal demographic. Get feedback, find collaborators, impress complete strangers. Wins all around.
If you’ve got the goods, head over to the Call for Demo Labs and get the process underway. Show us what you’ve got, fam.
DEF CON 27 Voting Village Call for Papers!
Posted 3.28.19
DEF CON Voting Village has an open Call for Papers! We're looking for people with something important to say about the issue of Election Security - if that's you let's talk. You have until July 12 to get your submissions in.
Come help us secure the vote!
DEF CON 27 Call For Services!
Posted 3.16.19
We haven't done this one since DEF CON 22, but we're asking for your services! So if you want to put a box or service with something super cool on the DEF CON network, find out all about it on the Call for Services Page!
DEF CON 27 CFP Alert!
Posted 3.1.19
NEW this year, if you submit to the Call For Papers and are selected to speak, DEF CON will cover three hotel room nights per talk! This is in addition to the existing speaker payment method you choose.
I hope that making speaking at DEF CON more affordable will bring in more submissions from a broader range of applicants, increasing both quality and diversity of topics.
The DC27 CFP is open, and we can’t wait to see what you’ve been working on.
- The Dark Tangent
Throw a Party or Meetup at DEF CON 27!
Posted 3.1.19
t’s time to start thinking about DEF CON parties, people. DEF CON 27 is getting closer every day and our Call for Parties is officially OPEN!
This is a golden opportunity for everyone who has always wanted to try their hand at throwing a hacker party in Vegas. Submit your dream party, and if it’s cool (and possible, obvs) enough we will help you make that dream a DC27 reality.
We’ve got a lot of space and a lot of people looking to party. Let’s put our heads together and make this amazing. Are you in?
Call for Workshops at DEF CON 27!
Posted 2.12.19
Boom! Another DEF CON 27 Call goes live!
Our wildly popular Workshops are back for DC27, and if you’ve got a fire abstract you could be leading one!
The details and submission guidelines are on the workshops page, but the tl;dr is this:
You (singular or plural) have he perfect idea for a DEF CON training.
You take this idea and submit it to us before May 1, with all the information we ask for in the workshops page.
We are psyched about the magnificence of your idea and we maybe ask for some more info.
We allot you a projector, a whiteboard and a time slot to make magic with at DC27.
Dozens of hackers pick up what you’re putting down, depart the Con wiser and embiggened.
You feel awesome. They feel awesome. Your Speaker badge looks awesome.
Sounds good, right? If you’ve got the goods, get busy submitting.
DEF CON 27 Vendor App is Live!
Posted 2.9.19
Attention merchants and purveyors of quality hacker-centric products and/or services: the Call for Vendors is now Open! Let’s get your goodies and gear in front of many thousands of hacker types, many of whom enjoy shopping for cool stuff.
There are a few rules to learn and an application process, so please head to the vendor application and get familiar. Please also note that we have a limited amount of space to offer, so the early birds have an advantage.
Operators are standing by, metaphorically speaking. Act now!
DEF CON 27 CFP is Open!
Posted 2.4.19
Yes, hacker fam, the Season of the Con is upon us all. Our elite team of reviewers is standing by, ready to examine your proposals for DC27 talks, offer feedback and begin shaping the speaking tracks.
The details are here. Follow directions carefully to stay in the good pile.
Some pro tips:
Link to the theme if you can. We are giving a little extra consideration to proposals that can link DC27’s 'Technology’s Promise' motif.
Get on it ASAP. The reviewers can sometimes help get a worthy though undercooked idea over the finish line, but only if it arrives early enough. Once we get in the red zone you’re kind of on your own, so don’t wait until the last minute.
However it feels right now, summer will be upon us sooner than you think. Get your best ideas together and let’s get busy proposing.
Pencils up!
DEF CON 27 Call for Villages!
Posted 1.17.19
It’s officially DEF CON 27 Open Call season, and we have a nice big one for you today: the Call for Villages is officially open!
Did you look at last year’s 20+ villages and say to yourself, “You know what Village they really need”? Have you been sitting on an idea you know could change the Village game? This is your moment. Share it with us, and if we agree with you we’ll help you make it happen.
A word to the wise, however. The Villages are a lot of work. They require a lot of planning and thinking through, and a lot of personnel support. If you want a chance at getting your idea on, it’s in your interest not to wait until the deadline. The sooner you get in touch, the more we can help. Procrastinating entrants will be fighting for limited space and limited attention from the team making the decisions. Don’t let that be you.
The rules and regulations are available online, and our operators are standing by. Get your ideas together, assemble your team and let’s do this one big.
That rumble you’re feeling? It’s the DEF CON machinery coming online for 2019. Feel free to get psyched.
DEF CON 27 Call for Music!
Posted 1.9.19
Attention, singers of songs, players of instruments and spinners of records, both real and imaginary!
The DEF CON 27 Call for Music is live, and your services are urgently required. DC27 has a great deal of space, and where possible we want to fill it with music and merriment. If you’ve got the requisite crowd-moving skills, we want to hear from you. Thousands of hackers are depending on you to bring the beats - do not let them down.
Your move, bards and troubadours.
DEF CON 27 Call for Contests & Events is Live!
Posted 1.1.19
Happy 2019, everyone! The DEF CON 27 train is picking up speed, and today’s milestone is the Call for Contests and Events!
If you want to host a new Contest or Event or renew an ongoing, you have until March 1 to get your proposal emailed to contests[at]defcon.org. For a list of the questions you’re required to answer, head over to https://defcon.org/dc-27-cfce.html.
Don’t procrastinate - March 1 will get here faster than you think, and the more time we have, the more chance we can work with you to get your proposal over the finish line.
We can’t wait to see what you’ve got cooking. Let’s light this candle!
DEF CON 27 Theme guide!
Posted 12.23.18
Tidings of comfort and joy, luminous humans of DEF CON! It’s almost 2019, which means we’re that much closer to DC27.
In anticipation, we’ve created a little 'Technology’s Promise' ePub with homework assignments for the eager, and color and style suggestions for those of you looking to create themed content.
There will be plenty more prompts and inspirations in the coming days, but we encourage you dig in and start preparing. Marinate.
As always, we thank the whole community for the love and enthusiasm you bring to all things DEF CON. We love you right back.
Big things are brewing, y’all. Let’s get it underway!
DEF CON 27 Theme!
Posted 12.13.18
Preparations are well underway for DEF CON 27. Meetings are being met, plans are being planned, and the theme is ready for its unveiling.
DEF CON 26 was about the inflection point between disorder and dystopia - the moment before point of no return. This year's theme, in a way, responds to '1983' with new questions. What does it look like when we make the better choice? What kind of world do we hack together in the sunniest timeline? How does our real best-case scenario compare to the future we've been dreaming of for generations?
So, we offer you 'Technology's Promise'. It's a break from the dystopian imagery into a major-key, blue-sky thoughtscape, full of color and light. It's a future where we have tamed some of the more intractable problems that plague us in the present, where technology supports and inspires instead of controlling and surveilling.
To get you in the proper mindset, here's some media to sample:
Star Trek TOS - because the series is based on a future Earth that has learned to manage itself, make working alliances with neighbors and turn its attention to the disciplined exploration of the broader universe. Also LCARS is still cool.
Asimov's Robot series - a future where humankind has built AI android tech that supports rather than supplants humanity, and (usually) behaves itself admirably.
BioShock - a genuinely thought-provoking game about the promises and limits of tech-based utopia.
Kraftwerk, Com Truise, Tangerine Dream - the beautiful sounds of our neon future, rendered in the gorgeously synthesized tones that can only come from the fruitful marriage of human and machine.
We'll be posting more of this as DC27 approaches. Lots more. This is going to be fun.
Join us, won't you?
Return to Index
DEF CON 27 FAQ
This FAQ was created to help answer some questions you may have about
this years DEF CON. If you need more info or questions regarding DEF CON
please check out the general DEF CON FAQ list. Available here: https://www.defcon.org/html/links/dc-faq/dc-faq.html
When and where is DEF CON 27?
DEF CON is generally in the last week of July or first week of August in Las Vegas. DEF CON 27 will be held August 8-11, 2019, at Paris, Ballys, Flamingo & Planet Hollywood hotels in Las Vegas. Many people arrive a day early, and many stay a day later. Again this year we will have some things running on Thursday.
Is DEF CON 27 canceled?
No.
How much is admission?
$300.00 USD, Cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.
Can I pre-register for DEF CON?
No.
How many people will be there?
Last year we had more than 25,000 people at DEF CON! The last few years, attendence has been in the 20-25k range.
How much do rooms at cost, and how do I reserve a room?
The DEF CON rate is available at the following hotels: Caesars Palace, Paris, Bally's, Flamingo and Quad.
Check out the DEF CON 27 Venue page for all the details!
I can't afford that.
Try the Ride and Room sharing threads on the Forums.
You may also want to visit your Local DEF CON Groups meeting and see who you might want to bunk up with. It's important to mention you should use
good judgment when sharing a room and consider who is sleeping next to you and who has access to your belongings. That said, there are a lot of great people looking to save a buck or pinch a penny, good luck.
Can I get a discount on DEF CON badges?
DEF CON charges one price regardless of your social status or affiliation. Please know that we depend on attendee income to pay the costs of the conference and don't have sponsors to help defray the expenses.
We sometimes get requests for discounts [students, veterans, children], unfortunately we don't want to try and validate if you are a current student, look at your ID to determine your age, decode military discharge papers, etc.
If you really want to attend DEF CON for free then do something for the con.
You could:
Submit a CFP and be an accepted speaker or workshop instructor.
Work on a contest, event, or village.
Qualify for CTF/Contests that include entry.
Find a team to become a Goon newbie.
Contribute to content, or perform some entertainment.
I need a letter of invite for my visa application, how do I get that?
In most cases, DEF CON can send a signed letter of invite, usually within a few short business days once we have all the info. If you also require verification of housing, we can put you in touch with someone to help you get your hotel stay organized, let us know if you need that.
Along with your request, please email us the following to info(at)defcon(.)org
Name as is on passport:
Passport number:
Country of issue:
Date of issue:
Date of expiration:
Country of origin:
How much is internet access in the rooms
It Varies by hotel. Internet access is available for free in the convention area.
Is there a free network at DEF CON?
Why yes, DEF CON is FULLY network-enabled. Now that we've perfected the art of a stable hacker con network, we're ascending to a higher level - we're providing you a network that you feel SAFE in using! Since DEF CON 18 we're WPA2 encrypted over-the-air, with a direct trunk out to the Internet. No peer-to-peer, no sniffing, just straight to the net (and internal servers). We'll provide login credentials at Registration. We know the 3G airwaves will be saturated so we're putting our own cred on the line to give you a net that even we would put our own mobile phones on.
If you're feeling frisky, we'll still have the traditional "open" network for you - bring your laptop (we'd recommend a clean OS, fully patched--you know the procedure) because we don't police what happens on that net. Share & enjoy!
What about the smoking policy?
Due to the Clean Air Act in Las Vegas, the
Vendor Area, Speaking rooms, and Hallways will be completely non-smoking in order to comply with the law. The Hotel will have
designated smoking areas clearly posted.
What is the age limit?
People have brought children to DEF CON - it is not recommended to do
this unless you are going to constantly supervise them. It is generally
an ‘adult’ atmosphere (language, booze, et cetera). If you've never been
to DEF CON, you may want to refrain from bringing your children (unless
they are demanding that you bring them). While there are no age limits,
we have consistently cooperated with parents and/or private
investigators who are looking for children that ‘ran away from home’ to
go to DEF CON. You must be 18 years of age or older to reserve a hotel
room and to check-in. A valid ID is required upon check-in.
DEF CON 27 will have enforcement of the 21 or older rule in certain
"private" parties with possible bouncers at the doors checking IDs. This
is generally the rule in all areas where alcohol is being served.
However, DEF CON does not take responsibility for anything potentially
indecent or offensive your minor may witness or participate in. The
underage attendee is the responsibility of his or her guardian or
themselves.
The presentations are open to all ages.
Observation of contests as they take place on the contest floor is open
to all ages.
Competition in some contests may have age restrictions due to laws.
There is plenty fun to be had without booze and gambling! There is a
discussion regarding fun for those under 21 on the forums.
https://forum.defcon.org/showthread.php?t=8232
I want to speak, how do I give a talk?
GREAT! We are looking for and give preference to: unique research,
new tool releases, Ø-day attacks (with responsible disclosure), highly
technical material, social commentaries, and ground breaking material of
any kind. Want to screen a new hacking documentary or release research?
Consider DEF CON.
To submit a speech, read the Announcement and complete the DEF CON 27 Call for Papers
Form: https://www.defcon.org/html/defcon-27/dc-27-cfp-form.html CFP forms and questions should get mailed to: talks/at/defcon.org
When does the CFP Close? Can I get an Extension?
DEF CON 27 Call For Papers will close on May 1, 2019.
How can I help or participate?
DEF CON is not a spectator sport! Before the con, during, and after
there are chances for you to get involved. Below is a list of this
years contests and events. This list may not be complete so check the
forums to see what people are up to.
Go to the forums for more info on Contests and Events:
https://forum.defcon.org/node/227574
How do I become a Vendor?
If you want a space in our vendor area, you need to apply. Because of limited space and our attempt to have a diversity of vendors, you may not be able to get a booth. It is wise to think of staffing issues - if you are one person do you want to spend your entire time behind a vendors booth?
I'm press, how do I sign up, why can't I get in for free (I'm just
doing my job)?
Please check out the DEF CON 27 Press Registration page if you wish press credentials.
Lots of people come to DEF CON and are doing their job; security
professionals, federal agents, and the press. It wouldn't be fair to
DEF CON attendees if we exempted one group from paying. If you are a
major network and plan on doing a two minute piece showing all the
people with blue hair, you probably shouldn't bother applying for a
press pass - you won't get one. If you are a security writer or from a
real publication please submit, and someone will respond with an answer.
What should I bring to DEF CON?
It depends on what you're going to do at DEF CON. This is discussed in
quite some depth on the unofficial DC FAQ. You may want to
bring fancy (or outrageously silly) clothes for the Black and White
Balls, annual Friday and Saturday night events where everyone shows off nifty
attire. SWAG is Always recommended, people LOVE to trade! You never
know when or where a t-shirt with your .org will come in handy.
Government SWAG is a hot commodity, however, DT wishes to pillage those
goods first!
Its generally a good idea if you are a pale geek to have some
sunscreen at the top of your list. Other honorable mentions are: Blister
preventions, Band-aids, Gel shoe inserts, Personal cooling devices, Pain
relievers and antacids, Bottle openers, Personal voice recorders, water
filters, and last but not least an Alibi.
This FAQ didn't answer my questions, or was unclear, how can I get
further information?
Please visit:
https://www.defcon.org for previous conference archives, information,
and speeches. Updated announcements will be posted to news groups,
security mailing lists and this web site.
https://forum.defcon.org/ for a look at all the events and contests
being planned for DEF CON 27. Join in on the action.
https://www.defcon.org/defconrss.xml for news and announcements
surrounding DEF CON. Also check out our Twitter, Facebook, and G+ accounts for up to the minute news.
Return to Index
DEF CON FAQ
Frequently asked questions about DEF CON
What is DEF CON?
DEF CON is one of the oldest continuously running hacker conventions around, and also one of the largest.
How did DEF CON start?
Originally started in 1993, it was a meant to be a party for member of "Platinum Net", a Fido protocol based hacking network out of Canada. As the main U.S. hub I was helping the Platinum Net organizer (I forget his name) plan a closing party for all the member BBS systems and their users. He was going to shut down the network when his dad took a new job and had to move away. We talking about where we might hold it, when all of a sudden he left early and disappeared. I was just planning a party for a network that was shut down, except for my U.S. nodes. I decided what the hell, I'll invite the members of all the other networks my BBS (A Dark Tangent System) system was a part of including Cyber Crime International (CCI), Hit Net, Tired of Protection (ToP), and like 8 others I can't remember. Why not invite everyone on #hack? Good idea!
Where did the name come from?
The short answer is a combination of places. There as a SummerCon in the summer, a HoHoCon in the winter, a PumpCon during Halloween, etc. I didn't want any association with a time of year. If you are a Phreak, or just use your phone a lot you'll notes "DEF" is #3 on the phone. If you are into military lingo DEF CON is short for "Defense Condition." Now being a fan of the movie War Games I took note that the main character, David Lightman, lived in Seattle, as I do, and chose to nuke Las Vegas with W.O.P.R. when given the chance. Well I knew I was doing a con in Vegas, so it all just sort of worked out.
There are several resources that will give you an idea of what DEF CON is all about.
DEF CON Press: through the prism of the media
DEF CON Groups: Local groups that meet
DEF CON Media Server: DC 1 to the present, captured
Google: always a good research starting point
Just remember, DEF CON is what you make of it.
When and where is DEF CON?
DEF CON is generally in the last week of July or first week of August in Las Vegas. DEF CON 27 will be held August 8th through August 11th at Paris, Bally's, Flamingo, and Planet Hollywood in Las Vegas. Many people arrive a day early, and many stay a day later.
Isn't there a DEF CON FAQ already?
Yes, an unofficial one. It's quite humorous, sometimes informative, and DEF CON takes no responsibility for its content. It can be found at http://defcon.stotan.org/faq/
What are the rules of DEF CON?
Physical violence is prohibited. We don't support illegal drug use. Minors should be accompanied by their parent(s) or guardian(s). Please refrain from doing anything that might jeopardize the conference or attendees such as lighting your hair on fire or throwing lit road flares in elevators. DEF CON Goons are there to answer your questions and keep everything moving. Hotel security is there to watch over their property. Each has a different mission, and it is wise to not anger the hotel people. Please be aware that if you engage in illegal activities there is a large contingency of feds that attend DEF CON. Talking about how you are going to bomb the RNC convention in front of an FBI agent is a Career Limiting Move!
Is DEF CON cancelled?
No.
What is there to do at DEF CON?
DEF CON is a unique experience for each con-goer. If you google around you'll find dozens of write-ups that will give you an idea of what people have experienced at DEF CON. Trust write-ups more than media articles about the con. Some people play capture the flag 24x7, while many people never touch a computer at DEF CON. Some people see every speech they can, while others miss all speeches. Other activities include contests, movie marathons, scavenger hunts, sleep deprivation, lock picking, warez trading, drunken parties, spot the fed contest, the official music events. Because DEF CON is what the attendees make of it, there are more events than even we are aware of. Half the fun is learning what happened at DEF CON after the fact!
I'm not a hacker, should I go to DEF CON?
Many people have different definitions of what is a ‘hacker’. I would recommend looking at previous years speeches, and write-ups from past attendees - this should give you a good idea if DEF CON is for you. This hacker FAQ might give you some insight into the matter as well. If you do not have any technical interests, DEF CON is probably not for you. Sure there is a lot of socializing you can do, but technology and hacking is the core of the con.
Do criminals go to DEF CON?
Yes. They also go to high school, college, work in your workplace, and the government. There are also lawyers, law enforcement agents, civil libertarians, cryptographers, and hackers in attendance. Ssshhh. Don't tell anyone.
What are Goons?
They are the staff at DEF CON. They have many roles including safety, speaker coordination, vendor room coordination, network operations, et cetera... Please try to be helpful to them if they make requests of you. If any goon tells you to move, please do so immediately as there may be safety issues they are attempting to address.
How can I help out or become a Goon?
The staff at DEF CON has grown organically. All positions have some degree of trust associated with them, so typically new goons are ‘inducted’ by friends of existing goons. There are many random points when goons need help and may ask people for help, generally for helping move stuff or other tasks that don't require high amounts of trust or unsupervised work. Just because you help out doesn't make you a goon. If you really want to be a goon, talk with one and see how much work they actually do (Hint: you may want to enjoy being at DEF CON, not working full-time at it). One year the network group got a new Goon when a networking engineer was needed, and he came to the rescue. The intent behind the goons is not to be elitist, but to have a network of trusted people who can help run the conference - please do not feel upset if you are not chosen to be a goon.
How can I help or participate?
DEF CON is not a spectator sport! Before the con, during, and after there are chances for you to get involved. Before the con you can read about the contests and maybe sign up for one like Capture the Flag. There are artwork contests for shirts and posters. You can practice your lock pick skills, or just get your laptop all locked down and ready to do battle. Organize your .mp3s. Check out the DEF CON Forums to see what other people are up to. If you want to create your own event, you can do that as well - you will not get official space or sanctions, but virtually every official event at DEF CON started out as an unofficial event.
I would love to see XYZ event, how do I make this happen?
Virtually all events at DEF CON were conceived by the attendees. The DEF CON forums are a great place for recruiting help for an event you want to put on, and making sure your efforts aren't being duplicated. If it doesn't require resources from DEF CON (space, namely) you generally don't have to ask anyone’s permission. Most events are unofficial until they've been going on for a couple of years. Please let us know if you have an idea for an event, we may help facilitate or promote it. Email [suggestions at DEF CON dot org] to keep us in the loop.
How can I speak at DEF CON?
You can submit a response to our CFP (call for papers). All entries are read and evaluated by a selection committee. We would love to have your submission. The call for papers usually opens in March and closes mid-May.
I'm press, how do I sign up, why can't I get in for free (I'm just doing my job)?
Please email press[at]defcon[d0t]org if you wish press credentials. Lots of people come to DEF CON and are doing their job; security professionals, federal agents, and the press. It wouldn't be fair to DEF CON attendees if we exempted one group from paying. If you are a major network and plan on doing a two minute piece showing all the people with blue hair, you probably shouldn't bother applying for a press pass - you won't get one. If you are a security writer or from a real publication please submit, and someone will respond with an answer.
I want to sell stuff, how do I do this?
If you want a space in our vendor area, you need to apply. Because of limited space and our attempt to have a diversity of vendors, you may not be able to get a booth. It is wise to think of staffing issues - if you are one person do you want to spend your entire time behind a vendors booth?
What are the different price rates?
Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege.
How much is admission DEF CON, and do you take credit cards?
DEF CON 27 will cost $300 USD Cash for all four days. Do we take credit cards? Are you JOKING? No, we only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.
Does my underage child need a badge?
Children under the age of 8 will not need to purchase a badge.
Can I pre-register for DEF CON?
No. We used to do this a long time ago, but found that managing the registration list, and preventing one 'Dr. Evil' from impersonating another 'Dr. Ev1l' too much of a hassle. Seeing how we would only take cash in the first place, and things becomes time consuming and easy to abuse. Cash at the door works every time.
Can I get a discount on DEF CON badges?
DEF CON charges one price regardless of your social status or affiliation. Please know that we depend on attendee income to pay the costs of the conference and don't have sponsors to help defray the expenses.
We sometimes get requests for discounts [students, veterans, children], unfortunately we don't want to try and validate if you are a current student, look at your ID to determine your age, decode military discharge papers, etc.
If you really want to attend DEF CON for free then do something for the con.
You could:
Submit a CFP and be an accepted speaker or workshop instructor.
Work on a contest, event, or village.
Qualify for CTF/Contests that include entry.
Find a team to become a Goon newbie.
Contribute to content, or perform some entertainment.
I need a letter of invite for my visa application, how do I get that?
In most cases, DEF CON can send a signed letter of invite, usually within a few short business days once we have all the info. If you also require verification of housing, we can put you in touch with someone to help you get your hotel stay organized, let us know if you need that.
Along with your request, please email us the following to info(at)defcon(.)org
Name as is on passport:
Passport number:
Country of issue:
Date of issue:
Date of expiration:
Country of origin:
DEF CON is too expensive, how can I afford it?
DEF CON is cheaper than many concerts, and certainly cheaper than many shows in Vegas. Many people have made an art and science out of coming to DEF CON very cheaply. Here are a couple of tips.
Travel: Buy airfare in advance, go Greyhound, Carpool, hitch-hike. (Note: this may be dangerous and/or illegal.)
Lodging: Share rooms - some people have up to 10 people they share a room with, find a hotel cheaper than the one that the conference is scheduled at, stay up for three days, etc. (note: this can be hazardous to your health.)
Food: Pack food for your trip, go off site to find food, eat in your hotel rooms, and look for cheap Vegas food at Casinos. (Look for deals and specials that are trying to get you in the door to gamble.)
Booze: You don't need to drink. Brew your own and bring it. (It's been done.)
Entrance: $300 can be saved, mow some lawns. Try to go to another 4 day event for cheaper than this that offers so much. We have increased the fees slowly over the years, but also the amount and quality of events have increased.
Inevitably people will try to do some math and pretend that DT gets rich each DEF CON - they seem to lack the ability to subtract.
How many people typically attend DEF CON?
There have been roughly 20,000-23,000 attendees in the last few years of DEF CON. DEF CON 26 had a record showing with well over 25,000.
4
Is there a network at DEF CON?
Why yes, DEF CON is FULLY network-enabled. Now that we've perfected the art of a stable hacker con network, we're ascending to a higher level - we're providing you a network that you feel SAFE in using! Since DEF CON 18 we're WPA2 encrypted over-the-air, with a direct trunk out to the Internet. No peer-to-peer, no sniffing, just straight to the net (and internal servers). We'll provide login credentials at Registration. We know the LTE airwaves will be saturated so we're putting our own cred on the line to give you a net that even we would put our own mobile phones on.
If you're feeling frisky, we'll still have the traditional "open" network for you - bring your laptop (we'd recommend a clean OS, fully patched--you know the procedure) because we don't police what happens on that net. Share & enjoy!
What is the age limit?
People have brought children to DEF CON - it is not recommended to do this unless you are going to constantly supervise them. It is generally an ‘adult’ atmosphere (language, booze, et cetera). If you've never been to DEF CON, you may want to refrain from bringing your children (unless they are demanding that you bring them). While there are no age limits, we have consistently cooperated with parents and/or private investigators who are looking for children that ‘ran away from home’ to go to DEF CON. You will have to be 18 to reserve a room.
What is a DEF CON "Black Badge"?
The Black Badge is the highest award DEF CON gives to contest winners of certain events. CTF winners sometimes earn these, as well as Hacker Jeopardy winners. The contests that are awarded Black Badges vary from year to year, and a Black Badge allows free entrance to DEF CON for life, potentially a value of thousands of dollars.
How can I get a hold of DT? I tried to mail him and haven't seen a response yet.
DT doesn't dislike you, isn't trying to hurt your feelings, and bears you no ill will. The fact is he gets an unmanageable load of mail continually. Mailing him again may elicit a response. Try mailing FAQ (at) DEFCON.ORG if you have a general question that isn't answered here or in the forums.
Is it hot in Vegas?
Yes. Bring sunscreen (high SPF), do not fall asleep near the pool (lest you wake up to sunburn), and do not walk far in the sun unless you are experienced in dealing with extreme heat. The sun is dangerous in Las Vegas. Sleeping in lawn chairs is a sure way to wake up to severe burns in the morning when that bright yellow thing scorches your skin. Drink plenty of water and liquids - remember that alcohol will dehydrate you.
What should I bring?
It depends on what you're going to do at DEF CON. This is discussed in quite some depth on the unofficial DC FAQ, as well as a thread in the DC Forums. You may want to bring fancy (or outrageously silly) clothes for the official Music events, on Friday and Saturday nights, where everyone shows off nifty attire.
How much do rooms cost, and how do I reserve a room?
The DEF CON 27 group room registration is now live! We have room rates at five hotels, until they run out of rooms in our block.
You may either follow this link: https://book.passkey.com/go/SPDEF9
Do not worry if the form doesn't immediately show the discounted rate. To verify that you're getting our price you can mouse over the dates you've selected or begin the checkout process.
How much is internet access?
We are looking into this. Free (and possibly more dangerous) internet access is available in the convention area.
Will the hotels broadcast the speeches on their cable system?
More info as to the content will be available as planning ensues.
Will we have DEF CON branded poker chips?
You will have to attend DEF CON to find out.
Will conference attendees have entire floors of hotel rooms to themselves?
Probably not. The hotel is very cooperative in attempting to centralize the DEF CON attendees, for their convenience and ours, but there will be non-DEF CON attendees in hotel rooms next to us.
This FAQ didn't answer my questions, or was unclear, how can I get further information?
Check out the DEF CON Forums to ask follow up questions.
Return to Index
Links to DEF CON 27 related pages
Links
DEF CON . org
Main DEFCON site
DEFCON 27
DEFCON 27 Planning
Forums
DEFCON 27 [Official / Unofficial] [Parties / Social Gatherings / Events / Contests]
Forums
DEFCON 27
FAQ
DEFCON
FAQ
DEFCON 27
Recent News
DEFCON 27
Schedule and
Speakers pages
DEFCON 27
Villages
DEFCON 27
Contest & Events
DEFCON 27
DemoLabs Schedule
DEFCON 27
Workshops Schedule
village info derived from the following pages
reddit - DEF CON 27 - Mega Thread (Info) - thanks defconama
reddit - DEF CON 27 Village CFP's - thanks highwiz
DEF CON 27 Villages page
Villages with talks
Villages without known talks
Other Interesting Links
Other cons during #SummerHackerCamp
@defconparties Google calendar
List of unofficial DEF CON badges and SAOs -
reddit thread
DEF CON Media Server thumbnails
Guides/Tips/FAQs
Lonely Hackers Club - DEF CON n00b guide -
reddit thread
DEF CON for N00bs
The Lost Policymaker's Guide to Hacker Summer Camp
Preparing for "Hacker Summer Camp"
General / previous years
JK-47 - BSidesLV & DEFCON Conference Tips
Unofficial Defcon FAQvt4
Just another DEF CON guide
HACKER SUMMER CAMP 2018 GUIDE
On Attending DefCon
calibre ebook managment
