-- MySQL dump 10.13 Distrib 5.7.31, for FreeBSD13.0 (i386)
--
-- Host: localhost Database: defcon28ib
-- ------------------------------------------------------
-- Server version 5.7.31-log
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
SET @MYSQLDUMP_TEMP_LOG_BIN = @@SESSION.SQL_LOG_BIN;
SET @@SESSION.SQL_LOG_BIN= 0;
--
-- GTID state at the beginning of the backup
--
SET @@GLOBAL.GTID_PURGED='f9f9d5a4-23aa-11e5-b61b-0021856cfce2:1-316626';
--
-- Table structure for table `events`
--
DROP TABLE IF EXISTS `events`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `events` (
`day` varchar(16) COLLATE utf8_unicode_ci NOT NULL,
`hour` varchar(2) COLLATE utf8_unicode_ci NOT NULL,
`starttime` varchar(6) COLLATE utf8_unicode_ci NOT NULL,
`endtime` varchar(6) COLLATE utf8_unicode_ci NOT NULL,
`continuation` char(1) COLLATE utf8_unicode_ci NOT NULL,
`village` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
`track` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
`title` varchar(512) COLLATE utf8_unicode_ci NOT NULL,
`speaker` varchar(128) COLLATE utf8_unicode_ci NOT NULL,
`hash` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
`desc` text COLLATE utf8_unicode_ci NOT NULL,
`modflag` tinyint(4) DEFAULT NULL,
`autoincre` int(11) NOT NULL AUTO_INCREMENT,
PRIMARY KEY (`autoincre`),
KEY `title` (`title`(255)),
KEY `hash` (`hash`)
) ENGINE=InnoDB AUTO_INCREMENT=69206 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `events`
--
LOCK TABLES `events` WRITE;
/*!40000 ALTER TABLE `events` DISABLE KEYS */;
INSERT INTO `events` VALUES ('1_Thursday','09','09:30','09:59','N','DC','','\'Discovering Hidden Properties to Attack Node.js ecosystem\'','\'Feng Xiao\'','DC_dfc41b2f5038b4493d9b08d5d3e69306','\'Title: Discovering Hidden Properties to Attack Node.js ecosystem
\nWhen: Thursday, Aug 6, 09:30 - 09:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Feng Xiao\n, security researcher at Georgia Tech
\nFeng Xiao is a security researcher at Georgia Tech. His research interests include software/system security. He has published three papers on top security venues such as DEFCON, IEEE S&P, and CCS.
\nhttps://fxiao.me/
\n\n
\nDescription:
\nNode.js is widely used for developing both server-side and desktop applications. It provides a cross-platform execution environment for JavaScript programs. Due to the increasing popularity, the security of Node.js is critical to web servers and desktop clients. \n
We present a novel attack method against the Node.js platform, called hidden property abusing (HPA). The new attack leverages the widely-used data exchanging feature of JavaScript to tamper critical program states of Node.js programs, like server-side applications. HPA entitles remote attackers to launch serious attacks, such as stealing confidential data, bypassing security checks, and launching denial of service attacks. To help developers detect the HPA issues of their Node.js applications, we develop a tool, named LYNX, that utilizes hybrid program analysis to automatically reveal HPA vulnerabilities and even synthesize exploits. We apply LYNX on a set of widely-used Node.js programs and identify 13 previously unknown vulnerabilities. LYNX successfully generates 10 severe exploits. We have reported all of our findings to the Node.js community. At the time of paper writing, we have received the confirmation of 12 vulnerabilities and got 12 CVEs assigned. Moreover, we collaborated with an authoritative public vulnerability database to help them use a new vulnerability notion and description in related security issues.\n
The talk consists of four parts. First, we will introduce recent offensive research on Node.js. Second, we will introduce HPA by demonstrating an exploit on a widely-used web framework. Third, we will explain how to leverage program analysis techniques to automatically detect and exploit HPA. In the end, we will have a comprehensive evaluation which discusses how we identified 13 HPA 0days with the help of our detection method.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68271),('1_Thursday','10','10:30','10:59','N','DC','','\'Room for Escape: Scribbling Outside the Lines of Template Security\'','\'Alvaro Munoz,Oleksandr Mirosh\'','DC_21aff9473c22cde3f204b9da9842d69c','\'Title: Room for Escape: Scribbling Outside the Lines of Template Security
\nWhen: Thursday, Aug 6, 10:30 - 10:59 PDT
\nWhere: DEF CON Q&A Twitch
\nSpeakers:Alvaro Munoz,Oleksandr Mirosh
\n
SpeakerBio:Alvaro Munoz\n
\nAlvaro Muñoz (@pwntester) works as Staff Security Researcher with GitHub Security Lab. His research focuses on different programming languages and web application frameworks searching for vulnerabilities or unsafe uses of APIs. Before joining the research field, he worked as an Application Security Consultant helping enterprises to deploy their application security programs. Muñoz has presented at many Security conferences including Defcon, RSA, AppSecEU, Protect, DISCCON, etc and holds several InfoSec certifications, including OSCP, GWAPT and CISSP, and is a proud member of int3pids CTF team.
\nTwitter: @pwntester
\n
SpeakerBio:Oleksandr Mirosh\n, Software Security Researcher, Micro Focus Fortify
\nOleksandr Mirosh has over 12 years of computer security experience, including vulnerability research, penetration testing, reverse engineering, fuzzing, developing exploits and consulting. He is working for Fortify Software Security Research team in Micro Focus investigating and analyzing new threats, vulnerabilities, security weaknesses, new techniques of exploiting security issues and development vulnerability detection, protection and remediation rules.
\nTwitter: @olekmirosh
\n\n
\nDescription:
\nNow more than ever, digital communication and collaboration are essential to the modern human experience. Shared digital content is everywhere and Content Management Systems (CMS) play a crucial role allowing users to design, create, modify and visualize dynamic content. In our research we discovered multiple ways to achieve Remote Code Execution (RCE) on CMS platforms through which an attacker can take full control of the resources your organization relies on.\n
Using a Microsoft SharePoint server as our main CMS attack surface, we combined flaws in its implementation and design with framework and language specific features to find six unique RCE vulnerabilities. In addition, we discovered ways to escape template sandboxes of the most popular Java Template engines and achieved RCE in many products including: Atlassian Confluence, Alfresco, Liferay, Crafter CMS, XWiki, Apache OfBiz, and more.\nWe will analyze how these products and frameworks implement security controls and review the various techniques that we used to bypass them. We will describe all the vulnerabilities we uncovered in detail and show working demos of the most interesting attacks. Finally, we will present our general review methodologies for systems with dynamic content templates and provide practical recommendations to better protect them.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68272),('1_Thursday','11','11:30','11:59','N','DC','','\'DNSSECTION: A practical attack on DNSSEC Zone Walking\'','\'Hadrien Barral,Rémi Géraud-Stewart\'','DC_fbf978fe8dd82689ffdf1f08c0099d42','\'Title: DNSSECTION: A practical attack on DNSSEC Zone Walking
\nWhen: Thursday, Aug 6, 11:30 - 11:59 PDT
\nWhere: DEF CON Q&A Twitch
\nSpeakers:Hadrien Barral,Rémi Géraud-Stewart
\n
SpeakerBio:Hadrien Barral\n, Hacker
\nHadrien Barral is an R&D engineer, focusing on security and high-assurance software. He enjoys hacking on exotic hardware.
\n
SpeakerBio:Rémi Géraud-Stewart\n, Hacker
\nRémi Géraud-Stewart is a cryptologist and security expert with École Normale Supérieure in Paris, focusing on intrusion and cyberwarfare.
\n\n
\nDescription:
\nDomain Name System (DNS) is an ubiquitous and essential component of the Internet. It performs translations between identifiers and resources (mostly domain names and computers, but not only), yet remains often invisible to the user. But DNS is not harmless: although not intended to be a general purpose database, it has been extended to incorporate additional types of information. Including information that should not be there. \n
In this talk we show how to exploit DNSSEC zone walking to perform advanced recon operations, on a real case, namely to obtain client private information from a large European cloud provider. This constitutes the first practical zone walking attack at such a scale.\n
Using this exploit we collected a substantial amount of private information, enough to share some interesting statistics. By the end of this talk, you will have everything you need to know to perform similar attacks -- and resist them.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68273),('1_Thursday','12','12:30','12:59','N','DC','','\'Hacking the Hybrid Cloud\'','\'Sean Metcalf\'','DC_dda55e7ec2a15bfb5d973a1b77e847e1','\'Title: Hacking the Hybrid Cloud
\nWhen: Thursday, Aug 6, 12:30 - 12:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Sean Metcalf\n, CTO, Trimarc
\nSean Metcalf is founder and CTO at Trimarc (www.TrimarcSecurity.com), a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a Microsoft MVP, and has presented on Active Directory & Microsoft Cloud attack and defense at security conferences such as Black Hat, BSides, DEF CON, and DerbyCon. He currently provides security consulting services to customers and posts interesting Active Directory security information on his blog, ADSecurity.org.
\nTwitter: @Pyrotek3
\n\n
\nDescription:
\nMost companies have moved into the cloud and on-premises applications and systems remain. This configuration is reasonably referred to as \"hybrid\"; in the cloud and not at the same time. Hybrid cloud requires integration and communication between the remaining on-prem infrastructure and the new(er) cloud services.\n
This talk describes several scenarios that appear to subvert typical security and protections which involve federation configuration, Identity Access Management (IAM), and interaction between SaaS and IaaS in the Microsoft Cloud.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68274),('1_Thursday','13','13:30','13:59','N','DC','','\'Hacking traffic lights\'','\'Rik van Duijn,Wesley Neelen\'','DC_4a9a24018d8eaec7b4b4526bbd874f23','\'Title: Hacking traffic lights
\nWhen: Thursday, Aug 6, 13:30 - 13:59 PDT
\nWhere: DEF CON Q&A Twitch
\nSpeakers:Rik van Duijn,Wesley Neelen
\n
SpeakerBio:Rik van Duijn\n, Hacker & co-founder at Zolder
\nRik is a security researcher with 7+ years of experience as a penetration tester. Nowadays Rik focusses on malware research and defense. His hobbies include cooking, bouldering and long walks on the beach. Rik has presented at SHA2017, (whiskey|fristi)leaks, DefCon BlueTeam Village and Tweakers Security/DEV Meetups.
\nTwitter: @rikvduijn
\n
SpeakerBio:Wesley Neelen\n, Hacker & co-founder at Zolder
\nWesley has about 7 years’ experience in the offensive security area working as a penetration tester. Next to his work assessing the security of infrastructures, he spends time researching trends within IT security and on developing defensive measures. Wesley likes to actively assess the security of home automation, internet of things and \'smart\' innovations. One of the vulnerabilities discovered by Wesley, is a remote command execution (RCE) vulnerability in the Fibaro home center appliance. The vulnerability allowed to remotely obtain root access on the Fibaro device whenever the web interface is reachable. Also, he discovered vulnerabilities within a smartwatch cloud that disclosed the location history of about 300.000 of its users.
\nTwitter: @wesleyneelen
\n\n
\nDescription:
\nNew systems are connected to the internet every day to make our lives easier or more comfortable. We are starting to see connected traffic and smart traffic lights innovations to improve traffic flow, safety and comfort. With smart systems entering and controlling our physical world, ethical hacking such systems to find possible ways of manipulation becomes even more important to society. \n
In the Netherlands there are some public innovations where traffic light systems are being connected to smartphone apps. We have looked at these innovations to see if these systems could be manipulated and how manipulation could benefit an attacker. Specifically, we found a way in two different platforms, that allows us to successfully fake a continuous flow of bicyclists that turns the cyclist traffic light instantly green or decreases the time to green.\n
More than 10 municipalities in the Netherlands connected a part of their cyclist traffic lights to the affected platforms. It was possible to perform these hacks from any remote location, which allows someone to remotely influence the traffic at scale. The hack results in turning the cyclists lights to green, while other lights on the intersection will turn to red.\n
The regular security systems that make sure lights are not turned green simultaneously stays intact. There are similar projects that turn the car traffic lights green for ambulances or trucks. If an attacker succeeds to exploit these projects with a similar attack, he could remotely influence the car traffic lights directly.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68275),('1_Thursday','14','14:30','14:59','N','DC','','\'Hacking the Supply Chain – The Ripple20 Vulnerabilities Haunt Hundreds of Millions of Critical Devices\'','\'Ariel Schön,Moshe Kol,Shlomi Oberman\'','DC_24089a94946470cdbf41a139fadeac3e','\'Title: Hacking the Supply Chain – The Ripple20 Vulnerabilities Haunt Hundreds of Millions of Critical Devices
\nWhen: Thursday, Aug 6, 14:30 - 14:59 PDT
\nWhere: DEF CON Q&A Twitch
\nSpeakers:Ariel Schön,Moshe Kol,Shlomi Oberman
\n
SpeakerBio:Ariel Schön\n, Security Researcher
\nAriel Schön is an experienced security researcher with unique experience in embedded and IoT security as well as vulnerability research. \n
Ariel is a veteran of the IDF Intelligence Corps, where he served in research and management positions. Currently, he is consuming caffeine and doing security research at JSOF.\n
\n
SpeakerBio:Moshe Kol\n, Security Researcher
\nMoshe Kol Moshe is a wickedly talented security researcher, currently finishing his Computer Science studies at the Hebrew University of Jerusalem. He has many years of networking and security research experience working for the MOD where he honed his skills originally developed at home – as he was led by sheer curiosity into the world of reverse engineering and security research.
\n
SpeakerBio:Shlomi Oberman\n, CEO, JSOF
\nShlomi Oberman is an experienced security researcher and leader with over a decade of experience in security research and product security. In the past few years his interest has been helping secure Software - while it is being written and after it has shipped. Shlomi is a veteran of the IDF Intelligence Corps and has many years of experience in the private sector working with companies who are leaders in their field. He has spoken internationally and his research has been presented in industry conferences such as CodeBlue Tokyo and Hack-In-The-Box as well as other conferences. He is also an experienced teacher, training researchers and engineers in Embedded Exploitation and Secure Coding, as well as an organizer of local community cyber-security events. Shlomi has the unique advantage of a broad technical understanding of the Security Field as well as deep knowledge of the attacker’s mindset, which is extremely useful when securing software.
\n\n
\nDescription:
\nThis is the story of how we found and exploited a series of critical vulnerabilities (later named Ripple20) affecting tens or hundreds of millions of IoT devices across all IoT sector conceivable - industrial controllers, power grids, medical, home, networking, transportation, enterprise, retail, defense, and a myriad of other types of IoT devices, manufactured and deployed by the largest American and international vendors in these fields.\n
These vulnerabilities were found in a TCP/IP software library located at the very beginning of a complex supply chain and have lurked undetected for at least 10 years, likely much more. Over the past two decades this library has spread around the world by means of direct use as well as indirectly, through \"second hand\" use, rebranding, collaborations, acquisitions and repackaging, having been embedded and configurated in a range of different ways. Many of the vendors indirectly selling and using this library were not aware of their using it. Now that they know, the patch propagation dynamics are very complex and may not be possible in some cases.\n
This library is a little known, but widely used, embedded library developed by Treck Inc.known for its high reliability, performance, and configurability. Its features make it suitable for real-time operating system usage and low-power devices.\n
Despite being used by many large, security-aware vendors, these vulnerabilities lay dormant and undiscovered - while actors of all types could have discovered these vulnerabilities by finding one of several bugs in any of the components, exposing hundreds of others immediately. This would provide a field day of affected devices for the picking.\n
In this presentation, we will discuss one of the vulnerabilities in technical depth, demonstrating an RCE exploit on a vulnerable device. We will explain how the vulnerabilities became so widespread, and what we still don’t know. We will speculate as to why these vulnerabilities survived for so long and show why some vendors are worse affected than others.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68276),('1_Thursday','15','15:30','15:59','N','DC','','\'Demystifying Modern Windows Rootkits\'','\'Bill Demirkapi\'','DC_c9f2b5a4ef6eb3e47c29eeaae03b62cf','\'Title: Demystifying Modern Windows Rootkits
\nWhen: Thursday, Aug 6, 15:30 - 15:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Bill Demirkapi\n, Independent Security Researcher
\nBill is a student at the Rochester Institute of Technology with an intense passion for Windows Internals. Bill\'s interests include game hacking, reverse engineering malware, and exploit development. In his pursuit to make the world a better place, Bill constantly looks for the next big vulnerability following the motto \"break anything and everything\".
\nTwitter: @BillDemirkapi
\n\n
\nDescription:
\nThis talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says \"Hello World\" to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that come with malware in kernel-mode rather than user-mode.\nWe\'ll walk through writing a rootkit from scratch, discussing how to load a rootkit, how to communicate with a rootkit, and how to hide a rootkit. With every method, we\'ll look into the drawbacks ranging from usability to detection vectors. The best part? We\'ll do this all under the radar, evading PatchGuard and anti-virus.
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68277),('1_Thursday','16','16:30','16:59','N','DC','','\'Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise\'','\'Erik Hunstad\'','DC_b57f631bd9d4b260e2609910c9097b32','\'Title: Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise
\nWhen: Thursday, Aug 6, 16:30 - 16:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Erik Hunstad\n, CTO, SIXGEN
\nErik Hunstad is a security expert and researcher who realized the power of programming and security when he coded an algorithm to reduce the search space of possible Master Lock combinations in RAPTOR. Erik is the CTO and Adversary Emulation Lead at SIXGEN where he specializes in deploying the latest offensive security techniques against customers. He previously worked for the Department of Defense.
\nTwitter: @SixGenInc
\n\n
\nDescription:
\nDomain fronting, the technique of circumventing internet censorship and monitoring by obfuscating the domain of an HTTPS connection was killed by major cloud providers in April of 2018. However, with the arrival of TLS 1.3, new technologies enable a new kind of domain fronting. This time, network monitoring and internet censorship tools are able to be fooled on multiple levels. This talk will give an overview of what domain fronting is, how it used to work, how TLS 1.3 enables a new form of domain fronting, and what it looks like to network monitoring. You can circumvent censorship and monitoring today without modifying your tools using an open source TCP and UDP pluggable transport tool that will be released alongside this talk.
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68278),('2_Friday','20','20:00','20:59','N','FSL','','\'D0 N0 H4RM: A Healthcare Security Conversation\'','\'Ash Luft,Christian “quaddi†Dameff,Jeff “r3plicant†Tully,Suzanne Schwartz,Vidya Murthy\'','FSL_0e056d52433b4e28974894572911f78f','\'Title: D0 N0 H4RM: A Healthcare Security Conversation
\nWhen: Friday, Aug 7, 20:00 - 20:59 PDT
\nWhere: DEF CON Fireside Twitch
\nSpeakers:Ash Luft,Christian “quaddi†Dameff,Jeff “r3plicant†Tully,Suzanne Schwartz,Vidya Murthy
\n
SpeakerBio:Ash Luft\n, Software Engineer Starfish Medical
\nAsh Luft is an Embedded Software Engineer with a background in Computer Science, Biochemistry, and Electrical Engineering. With industry experience in Software and Biomedical Device Development, Ash specializes in designing for and implementing safety, security, and privacy in Clinical IoT and Medical Devices. Ash is passionate about protecting patient outcomes while delivering cost-effective, high quality solutions.
\n
SpeakerBio:Christian “quaddi†Dameff\n, MD, Physician & Medical Director of Security at The University of California San Diego
\nChristian (quaddi) Dameff MD is an Assistant Professor of Emergency Medicine, Biomedical Informatics, and Computer Science (Affiliate) at the University of California San Diego. He is also a hacker, former open capture the flag champion, and prior DEF CON/RSA/Blackhat/HIMSS speaker. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Published security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his sixteenth DEF CON.
\nTwitter: @CDameffMD
\n
SpeakerBio:Jeff “r3plicant†Tully\n, MD, Anesthesiologist at The University of California Davis
\nJeff (r3plicant) Tully is an anesthesiologist, pediatrician and security researcher with an interest in understanding the ever-growing intersections between healthcare and technology.
\nTwitter: @JeffTullyMD
\n
SpeakerBio:Suzanne Schwartz\n, MD, Associate Director for Science and Strategic Partnerships at the US Food and Drug Administration FDA
\nDr. Suzanne Schwartz’s programmatic efforts in medical device cybersecurity extend beyond incident response to include raising awareness, educating, outreach, partnering and coalition-building within the Healthcare and Public Health Sector (HPH) as well as fostering collaborations across other government agencies and the private sector. Suzanne has been recognized for Excellence in Innovation at FDA’s Women’s History Month on March 1st 2018 for her work in Medical Device Cybersecurity. Suzanne chairs CDRH’s Cybersecurity Working Group, tasked with formulating FDA’s medical device cybersecurity policy. She also co-chairs the Government Coordinating Council (GCC) for the HPH Critical Infrastructure Sector, focusing on the sector’s healthcare cybersecurity initiatives.
\n
SpeakerBio:Vidya Murthy\n, Vice President Operations, MedCrypt
\nVidya is fascinated by the impact of cybersecurity on the healthcare space. Beginning her career in consulting, she realized a passion for healthcare and worked for global medical device manufacturer Becton Dickinson. She has since joined MedCrypt, a company focused on bringing cybersecurity leading practices to medical device manufacturers. Vidya holds an MBA from the Wharton School.
\n\n
\nDescription:
\nIt is certainly a time of discovery- though the truths revealed by the COVID-19 crisis can be bitter and bleak. At a time when all attention is focused on the ERs and ICUs that make up the battle’s front lines, it is easy to cast aside old warnings to focus solely on the clinical war. But the need for safety and security only increases in the face of a pandemic- and healthcare cybersecurity is no different. From testing to ventilators, every facet of our response to COVID-19 depends on trustworthy and reliable technology.\n
D0 No H4rm- DEF CON’s continuing conversation on healthcare returns for another up close (but not too close) and personal dialogue between hackers at the top of their fields- from the halls of the FDA to the cutting edge of medical devices security research for an all-encompassing look at what we need to focus on in the age of COVID. Moderated by physician hackers quaddi and r3plicant, this perennially packed event aims to recruit the talent, ingenuity, and vision of the DEF CON family for the challenges we face both now and after the immediate crisis passes.\n
Discord: https://discord.com/channels/708208267699945503/738141986476916826\n
This fireside is available on YouTube, direct-download from DEF CON Media (MP4, SRT), and is part of the DC28 Torrent.\n
YouTube: https://www.youtube.com/watch?v=fAU7V3pvj1Q\n
MP4: https://media.defcon.org/DEF%20CON%2028/DEF%20CON%20Safe%20Mode%20video%20and%20slides/DEF%20CON%20Safe%20Mode%20-%20Christian%20%E2%80%9Cquaddi%E2%80%9D%20Dameff%20MD%20and%20panel%20-%20D0%20N0%20H4RM-%20A%20Healthcare%20Security%20Conversation.mp4\n
SRT: https://media.defcon.org/DEF%20CON%2028/DEF%20CON%20Safe%20Mode%20video%20and%20slides/DEF%20CON%20Safe%20Mode%20-%20Christian%20%E2%80%9Cquaddi%E2%80%9D%20Dameff%20MD%20and%20panel%20-%20D0%20N0%20H4RM-%20A%20Healthcare%20Security%20Conversation.srt\n
Torrent: https://media.defcon.org/DEF%20CON%2028/DEF%20CON%2028.torrent\n
\n
DEF CON Fireside Lounges will be live-streamed on Twitch. \n
\nTwitch: https://www.twitch.tv/defconorg\n
#fireside-lounge-text: https://discord.com/channels/708208267699945503/738141986476916826\n
\'',NULL,68279),('2_Friday','10','10:30','10:59','N','DC','','\'Spectra—New Wireless Escalation Targets\'','\'Francesco Gringoli,Jiska Classen\'','DC_6fe7fe37ff37b2c7b9b3508babc2148a','\'Title: Spectra—New Wireless Escalation Targets
\nWhen: Friday, Aug 7, 10:30 - 10:59 PDT
\nWhere: DEF CON Q&A Twitch
\nSpeakers:Francesco Gringoli,Jiska Classen
\n
SpeakerBio:Francesco Gringoli\n, University of Brescia
\nNo BIO available
\n
SpeakerBio:Jiska Classen\n, Secure Mobile Networking Lab
\njiska likes to break things, and Francesco loves reverse engineering. They both have a history in binary patching on Broadcom chips. While jiska focuses on the Bluetooth side of this project, Francesco is the Wi-Fi specialist.
\nTwitter: @naehrdine
\n\n
\nDescription:
\nWireless coexistence enables high-performance communication on platforms with a small form factor despite overlapping frequency bands. On-chip coexistence is essential to combine wireless technologies, and manufacturers implement various proprietary solutions. This presentation demonstrates multiple attacks on two coexistence features of Broadcom and Cypress Wi-Fi/Bluetooth combo chips. Various popular devices that were released over a decade are affected, such as the Google Nexus 5 and iPhone 6, but also the newest iPhone 11 and Samsung Galaxy S20.\n
On the analyzed chips, Wi-Fi and Bluetooth run on separate processing cores, but various information leaks and even code execution become possible through their coexistence interfaces. As these escalations concern an internal chip interface, the operating system cannot prevent them. However, coexistence exploitation widens the possibilities to escalate into drivers and the operating system on top.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68280),('2_Friday','11','11:30','11:59','N','DC','','\'Pwn2Own Qualcomm compute DSP for fun and profit\'','\'Slava Makkaveev\'','DC_00783240ba71ab8d6b888490de9acff4','\'Title: Pwn2Own Qualcomm compute DSP for fun and profit
\nWhen: Friday, Aug 7, 11:30 - 11:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Slava Makkaveev\n, Security Researcher, Check Point
\nSlava Makkaveev is a Security Researcher at Check Point. Holds a PhD in Computer Science. Slava has found himself in the security field more than ten years ago and since that gained vast experience in reverse engineering and vulnerability research. Recently Slava has taken a particularly strong interest in mobile platforms and firmware security.
\n\n
\nDescription:
\nQualcomm Snapdragon SoC integrates multiple subsystems, each one is customized for a particular application domain. Compute digital-signal processor (cDSP) is a subsystem which allows a mobile device to process simple sets of data with high performance on low power. In the talk we will show that this little studied proprietary subsystem has many security problems that open the door to malicious Android applications for PE and DoS attacks of the device.\n
For security reasons, the cDSP is licensed for programming by OEMs and by a limited number of third-party software vendors. The code running on DSP is signed by Qualcomm. However, we will demonstrate how an Android application can bypass Qualcomm’s signature and execute privileged code on DSP, and what further security issues this can lead to.\n
Hexagon SDK is the official way for the vendors to prepare DSP related code. We discovered serious bugs in the SDK that have led to the hundreds of hidden vulnerabilities in the Qualcomm-owned and vendors’ code. The truth is that almost all DSP executable libraries embedded in Qualcomm-based smartphones are vulnerable to attacks due to issues in the Hexagon SDK. We are going to highlight the auto generated security holes in the DSP software and then exploit them.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68281),('2_Friday','12','12:30','12:59','N','DC','','\'Detecting Fake 4G Base Stations in Real Time\'','\'Cooper Quintin\'','DC_48ae8ac23b6e2880bc166faa7284ad3d','\'Title: Detecting Fake 4G Base Stations in Real Time
\nWhen: Friday, Aug 7, 12:30 - 12:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Cooper Quintin\n, Senior Staff Technologist, EFF
\nCooper is a security researcher and Senior Staff Technologist with the EFF threat lab. He has worked on projects such as Privacy Badger and Canary Watch. With his colleagues at threat lab he has helped discover state sponsored malware and nation state actors such as Dark Caracal and Operation Manul. He has also performed security trainings for activists, non profit workers and ordinary folks around the world. He also was a co-founder of the Hackbloc hacktivist collective and published several issues of the DIY hacker zine \"Hack This Zine.\" In his spare time he enjoys playing music and playing with his kid and imagining a better future.
\n\n
\nDescription:
\n4G based IMSI catchers such as the Hailstorm are becoming more popular with governments and law enforcement around the world, as well as spies, and even criminals. Until now IMSI catcher detection has focused on 2G IMSI catchers such as the Stingray which are quickly falling out of favor.\nIn this talk we will tell you how 4G IMSI Catchers might work to the best of our knowledge, and what they can and can\'t do. We demonstrate a brand new software project to detect fake 4G base stations, with open source software and relatively cheap hardware. And finally we will present a comprehensive plan to dramatically limit the capabilities of IMSI catchers (with the long term goal of making them useless once and for all).
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68282),('2_Friday','13','13:30','13:59','N','DC','','\'When TLS Hacks You\'','\'Joshua Maddux\'','DC_ff5a91546a1d6128b9a3e245d01e1381','\'Title: When TLS Hacks You
\nWhen: Friday, Aug 7, 13:30 - 13:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Joshua Maddux\n, Security Engineer, Latacora
\nJoshua Maddux started out as a software engineer. After a few years, having introduced his share of bugs to the world, he started hunting for vulnerabilities in his own code and elsewhere. At PKC Security he gained additional experience in software development and white-box penetration testing, and gave his first ever conference talk at Blackhat USA on a series of systemic SSRF vulnerabilities in sites supporting Apple Pay. Now on the Appsec team at Latacora, he helps advise startups in building secure products. Aside from work for clients, Joshua is also active in the bug bounty world. His past research has led to security updates in Java, Netflix, Gitlab, United Airlines, Zapier, and others.
\nTwitter: @joshmdx
\n\n
\nDescription:
\nLots of people try to attack the security of TLS. But what if we use TLS to attack other things? It\'s a huge standard, and it turns out that features intended to make TLS fast have also made it useful as an attack vector.\n
Among other things, these features provide a lot of flexibility for Server-Side Request Forgery (SSRF). While past work using HTTPS URLs in SSRF has relied upon platform-specific bugs such as SNI injection, we can go further. In this talk, I present a novel, cross-platform way of leveraging TLS to target internal services.\n
Uniquely, these attacks are more effective the more comprehensively a platform supports modern TLS, so won\'t go away with library upgrades. It is also unlikely that the TLS spec will change overnight at the whim of a random security researcher. Instead, we need to walk through scenarios and dispel common assumptions so the audience can know what to look out for. Of course, the best way to do so is with demos!\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68283),('2_Friday','14','14:30','14:59','N','DC','','\'Finding and Exploiting Bugs in Multiplayer Game Engines\'','\'Jack Baker\'','DC_3a6c4544b202464f9ea023172e23eb3c','\'Title: Finding and Exploiting Bugs in Multiplayer Game Engines
\nWhen: Friday, Aug 7, 14:30 - 14:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Jack Baker\n
\nJack Baker is a professional reverse engineer and amateur video game hacker. Jack is most known for having the same name as a Resident Evil villain.
\n\n
\nDescription:
\nUnreal Engine 4 and Unity3D dominate the multiplayer gaming landscape. They\'re also complicated pieces of software written in C and C++. In this talk, Jack will share the results of months of bug hunting in multiplayer game networking protocols. Be prepared for memory disclosures, speedhacks, and WONTFIX vulnerabilities.
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68284),('2_Friday','15','15:30','15:59','N','DC','','\'Don\'t Be Silly - It\'s Only a Lightbulb\'','\'Eyal Itkin\'','DC_9176e02c5d7bd111769be71457f81634','\'Title: Don\'t Be Silly - It\'s Only a Lightbulb
\nWhen: Friday, Aug 7, 15:30 - 15:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Eyal Itkin\n, Vulnerability Researcher at Check Point Software Technologies
\nEyal Itkin is a vulnerability researcher in the Malware and Vulnerability Research group at Check Point Software Technologies. Eyal has an extensive background in security research, that includes years of experience in embedded network devices and protocols, bug bounties from all popular interpreter languages, and an award by Microsoft for his CFG enhancement white paper. When not breaking RDP or FAX, he loves bouldering, swimming, and thinking about the next target for his research.
\nTwitter: @EyalItkin
\n\n
\nDescription:
\nA few years ago, a team of academic researchers showed how they can take over and control smart lightbulbs, and how this in turn allows them to create a chain reaction that can spread throughout a modern city. Their research brought up an interesting question: aside from triggering a blackout (and maybe a few epilepsy seizures), could these lightbulbs pose a serious risk to our network security? Could attackers somehow bridge the gap between the physical IoT network (the lightbulbs) and even more appealing targets, such as the computer network in our homes, offices or even our smart cities?\n
We’re here to tell you the answer is: Yes.\n
Join us as we take a deep dive into the world of ZigBee IoT devices. Continuing from where the previous research left off, we go right to the core: the smart hub that acts as a bridge between the IP network and the ZigBee network. And let me tell you this, this harsh embedded environment is surely not on our side. With a maximal message size of less than 128 bytes, complex state machines and various strict timing constraints, this challenge is going to be tough.\n
After a long journey, we finally made it. By masquerading as a legitimate ZigBee lightbulb, we were able to exploit vulnerabilities we found in the bridge, which enabled us to infiltrate the lucrative IP network using a remote over-the-air ZigBee exploit.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68285),('2_Friday','16','16:30','16:59','N','DC','','\'Exploiting Key Space Vulnerabilities in the Physical World\'','\'Bill Graydon\'','DC_9ac78bab5a992a7cdc25a37a1fa196d4','\'Title: Exploiting Key Space Vulnerabilities in the Physical World
\nWhen: Friday, Aug 7, 16:30 - 16:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Bill Graydon\n, Principal, Research, GGR Security
\nBill Graydon is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running DEF CON’s Lock Bypass Village. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in cyber security, software development, anti-money laundering, and infectious disease detection.
\n\n
\nDescription:
\nImagine being able to get together with a few of your co-workers, look at your office keys and derive a building master key. Or you may not have any working key at all: you could impression the lock, or use one of the many ways we’ll present in this talk to put together little bits of information from a lock to create a working key. \n
We apply information theory - the concept behind the “entropy†of a password - in an easy to understand way to show how every little bit of information about a system can be used to defeat it. The audience will be able to pull any key out of their pocket and understand how it works and how an attacker can create it covertly, and open whatever lock it is for, or even a lock it isn’t for, that shares the same system. \n
We’ll explain how to produce either a single final key, or a set small enough to economically brute force - and release a software tool to let anyone quickly try out all possibilities in an easy-to-visualize way. \n
Finally, we will discuss possible solutions to these problems and introduce vulnerabilities our research has uncovered in high-security systems like Medeco, Abloy, and Mul-T-Lock - including releasing a set of only 159 possible top level master key codes for certain large Medeco mastered systems.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68286),('2_Friday','17','17:30','17:59','N','DC','','\'A Hacker’s guide to reducing side-channel attack surfaces using deep-learning\'','\'Elie Bursztein\'','DC_44a8e648f7ede35704d57d05efae1274','\'Title: A Hacker’s guide to reducing side-channel attack surfaces using deep-learning
\nWhen: Friday, Aug 7, 17:30 - 17:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Elie Bursztein\n, Google
\nElie Bursztein leads Google\' security & anti-abuse research team. He has authored over fifty research papers in the field for which he was awarded 8 best papers awards and multiple industry distinctions including the Black Hat pwnie award. Born in Paris, he received a Ph.D. from ENS-cachan in 2008 before working at Stanford University and ultimately joining Google in 2011.
\nTwitter: @elie
\n\n
\nDescription:
\nin recent years, deep-learning based side-channel attacks have been proven to be very effective and opened the door to automated implementation techniques. Building on this line of work, this talk explores how to take the approach a step further and showcases how to leverage the recent advance in AI explainability to quickly assess which parts of the implementation is responsible for the information. Through a concrete set by step example, we will showcase the promise of this approach, its limitations, and how it can be used today.
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68287),('2_Friday','18','18:30','18:59','N','DC','','\'Office Drama on macOS\'','\'Patrick Wardle\'','DC_f39afe5e9ae7d3bba4964e2cb8ff09b9','\'Title: Office Drama on macOS
\nWhen: Friday, Aug 7, 18:30 - 18:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Patrick Wardle\n, Principal Security Researcher
\nPatrick Wardle is the Principal Security Researcher at Jamf and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.
\nTwitter: @Jamf
\n\n
\nDescription:
\nOn the Windows platform, macro-based Office attacks are well understood (and frankly are rather old news). However on macOS, though such attacks are growing in popularity and are quite en vogue, they have received far less attention from the research and security community.\n
In this talk, we will begin by analyzing recent documents that contain macro-based attacks targeting Apple\'s desktop OS, highlighting the macOS-specific exploit code and payloads. Though sophisticated APT groups are behind several of these attacks, (luckily) these malicious documents and their payloads are constrained by recent application and OS-level security mechanisms.\n
However, things could be far worse! To illustrate this claim, we\'ll detail the creation of a powerful exploit chain, that begins with CVE-2019-1457, leveraged a new sandbox escape and ended with a full bypass of Apple\'s stringent notarization requirements. Triggered by simply opening a malicious (macro-laced) Office document, no other user interaction was required in order to persistently infect even a fully-patched macOS Catalina system!\n
To end the talk, we\'ll discuss various prevention and detection mechanisms that could thwart each stage of the exploit chain, as well as that aim to generically provide protection against future attacks!\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68288),('3_Saturday','19','19:00','19:59','N','FSL','','\'Ask the EFF/Meet the EFA\'','\'Abi Hassen,Alexis Hancock,Elliot,Emilie St-Pierre,Eva Galperin,Hannah Zhao,Kurt Opsahl,nash,Rory Mir,Tracy Rosenberg \'','FSL_14d2fec17809cfcb89f609bb7926bf98','\'Title: Ask the EFF/Meet the EFA
\nWhen: Saturday, Aug 8, 19:00 - 19:59 PDT
\nWhere: DEF CON Fireside Twitch
\nSpeakers:Abi Hassen,Alexis Hancock,Elliot,Emilie St-Pierre,Eva Galperin,Hannah Zhao,Kurt Opsahl,nash,Rory Mir,Tracy Rosenberg
\n
SpeakerBio:Abi Hassen\n
\nAbi Hassen is an attorney, technologist, and co-founder of the Black Movement-Law Project (BMLP), a legal support rapid response group that grew out of the uprisings in Ferguson, Baltimore, and elsewhere. He is currently a partner at O\'Neill and Hassen LLP; a law practice focused on indigent criminal defense. Prior to his current work, he was the Mass Defense Coordinator at the National Lawyers Guild. Abi has also worked as a political campaign manager and strategist, union organizer, and community organizer. Abi conducts training, speaks, and writes on topics of race, technology, (in)justice, and the law.
\n
SpeakerBio:Alexis Hancock\n
\nAlexis works to secure the web by working on HTTPS Everywhere. She has previously been a web developer and system administrator for 7 years and a statistician in the education realm. She has earned degrees from the Rochester Institute of Technology in Media Arts and Technology (B.Sc.) and The New School in Organizational Change Management (MS). She is very passionate about encryption and tech equity for all and has been assisting activists and educators with their tech needs for almost 10 years.
\n
SpeakerBio:Elliot\n
\nElliot is a motion artist and creative coder who works in interactive, fabrication, and large scale immersive experiences. Elliot blends visual work with an interest in mutual aid, security, and privacy online. Based in Brooklyn.
\n
SpeakerBio:Emilie St-Pierre\n, Security Ambassador
\nEmilie St-Pierre is the Security Ambassador for Future Ada, a Spokane-based non-profit advocating for diversity and inclusion in STEAM. For the past six years, she has used her experience as an offensive security professional to provide privacy and security education within her community. Through her work with Future Ada, she has established free regular workshops and one-on-one technical support to the public. Emilie\'s focus has been to provide these workshops and services to underrepresented members of the public.
\n
SpeakerBio:Eva Galperin\n, Director of Cybersecurity
\nEva Galperin is EFF\'s Director of Cybersecurity. Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from SFSU. Her work is primarily focused on providing privacy and security for vulnerable populations around the world. To that end, she has applied the combination of her political science and technical background to everything from organizing EFF\'s Tor Relay Challenge, to writing privacy and security training materials (including Surveillance Self Defense and the Digital First Aid Kit), and publishing research on malware in Syria, Vietnam, Kazakhstan. When she is not collecting new and exotic malware, she practices aerial circus arts and learning new languages.
\n
SpeakerBio:Hannah Zhao\n
\nHannah is a staff attorney at EFF focusing on criminal justice and privacy issues, and is part of the Coder\'s Rights Project. Prior to joining EFF, Hannah represented criminal defendants on appeal in state and federal courts in New York, Illinois, and Missouri, and also worked at the human rights NGO, Human Rights in China. While pursuing her law degree at Washington University in St. Louis, she represented indigent defendants and refugee applicants in Durban, South Africa, and studied international law at Utrecht University in the Netherlands. She also competed in, and remains involved with, the Philip C. Jessup International Moot Court Competition, including as a problem author in 2019. In college, Hannah studied Computer Science and Management at Rensselaer Polytechnic Institute. In her spare time, she likes to climb things.
\n
SpeakerBio:Kurt Opsahl\n, Deputy Executive Director and General Counsel, EFF
\nKurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders\' Rights Project, and is representing several companies who are challenging National Security Letters. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation, and other online liability matters, including working on Kelly v. Arribasoft, MGM v. Groksterand CoStar v. LoopNet. For his work responding to government subpoenas, Opsahl is proud to have been called a \"rabid dog\" by the Department of Justice. Prior to Perkins, Opsahl was a research fellow to Professor Pamela Samuelson at the U.C. Berkeley School of Information Management & Systems. Opsahl received his law degree from Boalt Hall, and undergraduate degree from U.C. Santa Cruz. Opsahl co-authored \"Electronic Media and Privacy Law Handbook.\" In 2007, Opsahl was named as one of the \"Attorneys of the Year\" by California Lawyer magazine for his work on the O\'Grady v. Superior Court appeal. In 2014, Opsahl was elected to the USENIX Board of Directors.
\n
SpeakerBio:nash\n
\nnash leads EFF\'s grassroots, student, and community organizing efforts. As the lead coordinator of the Electronic Frontier Alliance, nash works to support the Alliance\'s member organizations in educating their neighbors on digital-privacy best practices, and advocating for privacy and innovation protecting policy and legislation.
\n
SpeakerBio:Rory Mir\n
\nRory is a Grassroots Advocacy Organizer primarily working on the Electronic Frontier Alliance. They are also a doctoral student of psychology at the City University of New York Graduate Center studying activist pedagogy. Before coming to the EFF they were active in several New York City groups including the Cypurr Collective, a member of the EFA engaging in community education on matters of cybersecurity. A long time advocate for open education and open science, they want to break down any barriers folks face to free expression, creativity, or knowledge.
\n
SpeakerBio:Tracy Rosenberg \n
\nTracy Rosenberg has worked as Media Alliance\'s Executive Director since 2007 and coordinates Oakland Privacy, a citizens coalition that works regionally to defend the right to privacy and enhance public transparency and oversight regarding the use of surveillance techniques and equipment. OP has written use policies and impact reports for a variety of surveillance technologies, conducted research and investigations, and developed frameworks for the implementation of equipment with respect for civil rights, privacy protections, and community control. Tracy blogs on media policy and surveillance and is published frequently around the country. She currently sits on the board of the Alliance for Community Media Western Region and Common Frequency serves on the anchor committee of the Media Action Grassroots Network
\n\n
\nDescription:
\nJoin the Electronic Frontier Foundation—the nation\'s premiere digital civil liberties group fighting for freedom and privacy in the computer age—for a candid chat about how the law is racing to catch up with technological change and discovery. \n
Then meet representatives from Electronic Frontier Alliance (eff.org/fight) allied community and campus organizations from across the country. These technologists and advocates are working within their communities to educate and empower their neighbors in the fight for data privacy and digital rights.\n
This discussion will include updates on current EFF issues such as the government\'s effort to compromise free expression online, the fight to end face surveillance, updates on cases and legislation affecting security research, and discussion of EFF\'s technology projects empowering users with greater control of what information they share online. \n
Half of this session will be given over to question-and-answer, so it\'s your chance to ask EFF questions about the law, surveillance and technology issues that are important to you.\n
Discord: https://discord.com/channels/708208267699945503/738141986476916826\n
\n
DEF CON Fireside Lounges will be live-streamed on Twitch. \n
\nTwitch: https://www.twitch.tv/defconorg\n
#fireside-lounge-text: https://discord.com/channels/708208267699945503/738141986476916826\n
\'',NULL,68289),('3_Saturday','09','09:30','09:59','N','DC','','\'A Decade After Stuxnet\'s Printer Vulnerability: Printing is still the Stairway to Heaven\'','\'Peleg Hadar,Tomer Bar\'','DC_6de50c2c85defe3066b98801470320f0','\'Title: A Decade After Stuxnet\'s Printer Vulnerability: Printing is still the Stairway to Heaven
\nWhen: Saturday, Aug 8, 09:30 - 09:59 PDT
\nWhere: DEF CON Q&A Twitch
\nSpeakers:Peleg Hadar,Tomer Bar
\n
SpeakerBio:Peleg Hadar\n, Security Researcher at SafeBreach Labs
\nPeleg Hadar (@peleghd) is a security researcher, having 8+ years of unique experience in the sec field. Currently doing research @SafeBreach Labs, previously serving in various sec positions @IDF.\n
His experience involved security from many angles: starting with network research, and now mostly software research. Peleg likes to investigate mostly Microsoft Windows components.\n
\nTwitter: @peleghd
\n
SpeakerBio:Tomer Bar\n, Research Team Leader at SafeBreach Labs
\nTomer Bar is a security researcher and a research team leader with 15+ years of unique experience in the sec field. Currently leading the research team of SafeBreach Labs.\n
His experience involved vulnerability research, malware analysis, etc.\n
\n\n
\nDescription:
\nIn 2010, Stuxnet, the most powerful malware in the world revealed itself, causing physical damage to Iranian nuclear enrichment centrifuges. In order to reach Iran\'s centrifuges, it exploited a vuln in the Windows Print Spooler service and gain code execution as SYSTEM.\nDue to the hype around this critical vuln, we (and probably everyone else) were pretty sure that this attack surface would no longer exist a decade later. We were wrong…\n
The first clue was that 2 out of 3 vulns which were involved in Stuxnet were not fully patched. That was the case also for the 3rd vuln used in Stuxnet, which we were able to exploit again in a different manner.\nIt appears that Microsoft has barely changed the code of the Print Spooler mechanism over the last 20 years.\nWe investigated the Print Spooler mechanism of Windows 10 Insider and found two 0-day vulns providing LPE and DoS (First one can also be used as a new persistence technique)\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68290),('3_Saturday','10','10:30','10:59','N','DC','','\'Whispers Among the Stars: Perpetrating (and Preventing) Satellite Eavesdropping Attacks\'','\'James Pavur\'','DC_f32a604202f9c7ff8c38a38babd93e1c','\'Title: Whispers Among the Stars: Perpetrating (and Preventing) Satellite Eavesdropping Attacks
\nWhen: Saturday, Aug 8, 10:30 - 10:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:James Pavur\n, DPhil Student, Oxford University
\nJames Pavur is a Rhodes Scholar at Oxford University working on a DPhil in Cyber Security. His academic research is primarily on the threats to satellite systems with a focus on satellite communications and trustworthy spaceflight operations. Prior to Oxford, he majored in Science, Technology and International Affairs (STIA) at Georgetown University where he graduated with the School of Foreign Service Dean’s Medal (highest cumulative GPA) in 2017.\n
He has held numerous internships and professional positions related to information security. This included acting as Director of Information Security for Students of Georgetown Inc. (The Corp), a student run non-profit with more than 300 employees. He has also assisted with computer crimes investigations as an intern with the United States Postal Service Office of the Inspector General, worked on embedded systems reverse-engineering as an intern at Booz Allen Hamilton, and even pentested air-conditioners for the Public Buildings Services while working for Telos Corporation.\n
Outside of computers, James enjoys flying kites and collecting rare and interesting teas.\n
\nTwitter: @JamesPavur
\n\n
\nDescription:
\nSpace is changing. The number of satellites in orbit will increase from around 2,000 today to more than 15,000 by 2030. This briefing provides a practical look at the considerations an attacker may take when targeting satellite broadband communications networks. Using $300 of widely available home television equipment I show that it is possible to intercept deeply sensitive data transmitted on satellite links by some of the world\'s largest organizations.\n
The talk follows a series of case studies looking at satellite communications affecting three domains: air, land, and sea. From home satellite broadband customers, to wind farms, to oil tankers and aircraft, I show how satellite eavesdroppers can threaten privacy and communications security. Beyond eavesdropping, I also discuss how, under certain conditions, this inexpensive hardware can be used to hijack active sessions over the satellite link.\n
The talk concludes by presenting new open source tools we have developed to help researchers seeking to improve satellite communications security and individual satellite customers looking to encrypt their traffic.\n
The talk assumes no background in satellite communications or cryptography but will be most interesting to researchers interested in tackling further unsolved security challenges in outer space.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68291),('3_Saturday','11','11:30','11:59','N','DC','','\'Don\'t Ruck Us Again - The Exploit Returns\'','\'Gal Zror\'','DC_0267825d88d187d6bf8c38a7f782fc45','\'Title: Don\'t Ruck Us Again - The Exploit Returns
\nWhen: Saturday, Aug 8, 11:30 - 11:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Gal Zror\n, Research team leader in Aleph Research
\nGal Zror is a research team leader in Aleph Research group at HCL AppScan, based in Herzliya Israel. Gal has extensive experience with vulnerability research and specialized in embedded systems and protocols. Gal is also an amateur boxer and a tiki culture enthusiast.
\nTwitter: @waveburst
\n\n
\nDescription:
\nFrom the researchers who brought to you \"Don\'t Ruck Us Too Hard\" comes a brand new follow-up research. This summer! We will show that all of Ruckus Wireless \"ZoneDirector\" and the \"\"Unleashed\"\" devices are still vulnerable.\n
This follow-up research includes six new vulnerabilities, such as command injection, information leakage, credentials overwrite, and stack overflow and XSS. With these vulnerabilities, we were able to achieve two new and different pre-auth RCEs. Combined with the first research, that is five entirely different RCEs in total. We also found that Ruckus did not fix some of the vulnerabilities from the first research correctly, and they are still exploitable by using a very neat payload :).\n
Other cool stuff about this research:
\nWe will share a new Ghidra script we used to map the critical sections in the webserver binary that were later found vulnerable. We managed to fingerprinted Universities and Organizations that were vulnerable from the internet. BlackHat uses Ruckus Wireless for Wi-Fi solutions.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68292),('3_Saturday','12','12:30','12:59','N','DC','','\'Applied Ca$h Eviction through ATM Exploitation\'','\'Brenda So,Trey Keown\'','DC_0e98d9df650c9c518d081c0a176e967c','\'Title: Applied Ca$h Eviction through ATM Exploitation
\nWhen: Saturday, Aug 8, 12:30 - 12:59 PDT
\nWhere: DEF CON Q&A Twitch
\nSpeakers:Brenda So,Trey Keown
\n
SpeakerBio:Brenda So\n, Security Researcher, Red Balloon Security
\nBrenda is a security researcher at Red Balloon Security. She earned her Bachelors in Electrical Engineering at The Cooper Union. She has spoken about reverse engineering at Hushcon West and CSAW. She has also organized the ATM CTF challenge at major conferences such as Recon and Defcon. When not messing around with ATMs, she is brewing a nice gallon of beer at her homebrew setup.
\nTwitter: @Sosogun3
\n
SpeakerBio:Trey Keown\n, Security Researcher, Red Balloon Security
\nTrey is a security researcher at Red Balloon Security focusing on securing embedded devices and firmware reverse-engineering automation. He is the co-creator of an ATM CTF challenge which has taken place at Re:con, CSAW, Hushcon, Summercon, and the IoT Village at DEF CON 27. He has also been a speaker at Hushcon West and CSAW.
\nTwitter: @TreyKeown
\n\n
\nDescription:
\nATMs are networked computers that dispense cash, so naturally they’re uniquely interesting devices to examine. We all remember ATM jackpotting from a decade ago. Unfortunately, it doesn’t look like ATM security has improved for some common models since then.\n \n
We present our reverse engineering process for working with an ATM and modifying its firmware. For this, we became our own \"bank\" by creating software that\'s able to speak the obscure protocols used by ATMs. For working with the device software at a low level, we restored JTAG access, defeated code signing, and developed custom debugging tools. We then leveraged this research to discover two 0-day network-based attacks, which we will demonstrate live. The first vulnerability takes advantage of the ATM’s remote administration interface, which can lead to arbitrary code execution and total device compromise. The second vulnerability is in the OEM’s implementation of a common middleware for ATM peripherals. This allows for command injection and jackpotting of ATMs over the network.\n \n
The high barrier to entry for even legally opening up one of these devices has left a lot of attack surface area unchecked. Through this talk, we want to shed light on the state of ATM security and encourage the security community to continue to challenge ATM vendors to do better.
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68293),('3_Saturday','13','13:30','13:59','N','DC','','\'How we recovered $XXX,000 in Bitcoin from an encrypted zip file\'','\'Michael Stay\'','DC_cda6c5d789fa984db0a30864d95c4c28','\'Title: How we recovered $XXX,000 in Bitcoin from an encrypted zip file
\nWhen: Saturday, Aug 8, 13:30 - 13:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Michael Stay\n, CTO, Pyrofex Corp.
\nMike Stay was a reverse engineer and cryptanalyst in the 1990s, worked for six years on Google\'s security team, and is currently the CTO of Pyrofex Corp.
\nTwitter: @metaweta
\n\n
\nDescription:
\nAbout six months ago, a Russian guy contacted me on LinkedIn with an intriguing offer. He had hundreds of thousands of dollars in Bitcoin keys locked in a zip file, and he couldn\'t remember the password. Could I break into it for him? He found my name by reading an old cryptanalysis paper I wrote nearly 20 years ago. In that attack, I needed five files to break into a zip archive. This one only had two files in it. Was it possible? How much would it cost? We had to modify my old attack with some new cryptanalytic techniques and rent a GPU farm, but we pulled it off. Come hear how.
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68294),('3_Saturday','14','14:30','14:59','N','DC','','\'Abusing P2P to Hack 3 Million Cameras: Ain\'t Nobody Got Time for NAT\'','\'Paul Marrapese\'','DC_d63e2539f28afabeacc0031e5786f995','\'Title: Abusing P2P to Hack 3 Million Cameras: Ain\'t Nobody Got Time for NAT
\nWhen: Saturday, Aug 8, 14:30 - 14:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Paul Marrapese\n, Security Researcher
\nPaul Marrapese (OSCP) is a security researcher from San Jose, CA. His work has resulted in the discovery of critical vulnerabilities affecting millions of IoT devices around the world, and has been featured on Krebs on Security, Forbes, Wired, ZDNet, and several security podcasts. Paul specializes in offensive security as part of the red team at a large enterprise cloud company. His interests include reverse engineering, music production, photography, and recently software-defined radio. Rumor has it that he makes a mean batch of cold-brew coffee.
\nTwitter: @PaulMarrapese
\n\n
\nDescription:
\nTo a hacker, making a bug-ridden IoT device directly accessible to the Internet sounds like an insanely bad idea. But what\'s truly insane is that millions of IoT devices are shipping with features that expose them to the Internet the moment they come online, even in the presence of NAT and firewalls. P2P, or “peer-to-peerâ€, is a convenience feature designed to make the lives of users easier, but has the nasty side effect of making attackers’ lives easier as well.\n
Come for the story of how supply chain vulnerabilities in modern IP cameras, baby monitors, and even alarm systems are putting millions at risk for eavesdropping and remote compromise. We\'ll talk about the hoards of IoT devices that exist outside of Shodan\'s reach and the botnet-like infrastructure they rely on. Learn how to find P2P networks and how to exploit them to jump firewalls, steal camera passwords over the Internet, and correlate devices to physical addresses. We\'ll demonstrate how to snoop on someone\'s video simply by using your own camera – and how someone may be snooping on your video, too.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68295),('3_Saturday','15','15:30','15:59','N','DC','','\'Bypassing Biometric Systems with 3D Printing and Enhanced Grease Attacks\'','\'Yamila Levalle\'','DC_da63c15332a51a68b7cf60bb07a61418','\'Title: Bypassing Biometric Systems with 3D Printing and Enhanced Grease Attacks
\nWhen: Saturday, Aug 8, 15:30 - 15:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Yamila Levalle\n, Researcher at Dreamlab Technologies
\nYamila Vanesa Levalle is an Information Systems Engineer, Security Researcher and Offensive Security Professional with more than 15 years of experience in the InfoSec area.\n
Yamila currently works as Security Researcher and Consultant at Dreamlab Technologies where she specializes in offensive techniques, conducts researches, gives trainings and write papers and blog posts. She is an international security conferences speaker and has presented her researches at important events such as BlackHat Arsenal Vegas, PHDays Moscow, Northsec Montreal, AusCERT Australia, 8.8 Security Conference Vegas, SCSD Fribourg, Ekoparty Ekolabs, OWASP Latam Tour and others. She has taught ethical hacking courses for women, CTF courses for beginners and several information security trainings.\n
\n\n
\nDescription:
\nDue to the well-known vulnerabilities in traditional authentication methods through users, passwords and tokens; biometric systems began to be widely implemented in millions of devices with the aim of having a more practical authentication system for users and -supposedly- more robust in terms of security.\n
Security researchers were not far behind and started to analyze the security of these biometric controls. In recent years, different techniques have been presented to bypass the authentication of, for example, the smartphones that began to implement these systems.\n
What is new in this talk? avoiding focusing on a particular device, we have gone deeper studying the operation of the sensors implemented in different biometric systems (Optical, Capacitive, Ultrasonic, Facial, etc.) and consequently, we discovered new techniques to bypass them. Through this talk, we will show how to fool biometric sensors by the enhanced grease attacks and, even better, the techniques to succeed at bypassing these controls using 3D printing.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68296),('3_Saturday','16','16:30','16:59','N','DC','','\'Reverse Engineering the Tesla Battery Management System for Moar Powerrr!\'','\'Patrick Kiley\'','DC_62cf4680e79aa0a29199b164bda770e2','\'Title: Reverse Engineering the Tesla Battery Management System for Moar Powerrr!
\nWhen: Saturday, Aug 8, 16:30 - 16:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Patrick Kiley\n, Principal Security Consultant, Rapid7
\nPatrick Kiley (GXPN, GPEN, GAWN, GCIH, CISSP, MCSE) has over 18 years of information security experience working with both private sector employers and the Department of Energy/National Nuclear Security Administration (NNSA). While he was with the NNSA he built the NNSA\'s SOC and spent several years working for emergency teams. Patrick has performed research in Avionics security and Internet connected transportation platforms. Patrick has experience in all aspects of penetration testing, security engineering, hardware hacking, IoT, Autonomous Vehicles and CAN bus.
\nTwitter: @gigstorm
\n\n
\nDescription:
\nTesla released the P85D in 2014. At that time the vehicle came with \"insane mode\" acceleration with a 0-60 time of 3.2 seconds. Later in July of 2015, Tesla announced \"Ludicrous mode\" that cut the 0-60 time down to 2.8 seconds. This upgrade was offered both new and as a hardware and firmware change to the existing fleet of P85D vehicles. Since then, Tesla has released newer ludicrous vehicles. What makes the P85D upgrade unique was how the process required changes to the vehicle\'s Battery Management System(BMS). The \'BMS\' handles power requests from the drive units of the car. I was able to reverse engineer this upgrade process by examining the CAN bus messages, CAN bus UDS routines and various firmware files that I extracted from a car. I also decrypted and decompiled Python source code used for diagnostics to determine that the process involved replacing the contactors and fuse with higher current versions as well as modifying the current sensing high voltage \"shunt\" inside the battery pack. I then performed this process on an actual donor P85D. I bricked the car in the process, forcing me to pay to have it towed to another state so I could troubleshoot. I came to understand that the BMS is the deciding module that allows the drive units to have only as much power as the BMS allows. The car is fixed and is faster.
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68297),('3_Saturday','17','17:30','17:59','N','DC','','\'Getting Shells on z/OS with Surrogat Chains\'','\'Jake Labelle\'','DC_53c31730b7df0d2ed271cb728e8732c4','\'Title: Getting Shells on z/OS with Surrogat Chains
\nWhen: Saturday, Aug 8, 17:30 - 17:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Jake Labelle\n, Security Consultant - F-Secure
\nJake Labelle graduated from Southampton University with a MEng in Computer Science. He currently works at F-Secure in Basingstoke as a Security Consultant.\n
He discovered z/OS this year in January, and now can not stop dabbling. He has created a number of security labs in z/OS and is currently scripting everything in REXX. If he had a choice between a windows host and an emulated z/OS host on his laptop, it would not be a competition.\n
He is currently ecstatic that Hercules, a mainframe emulator, can be compiled for arm and ran on a Raspberry Pi. There is also an open source mainframe (http://wotho.ethz.ch/tk4-/). I\'m probably carrying my portable open source mainframe with me right now.\n
\nhttps://github.com/southamptonjake
\n\n
\nDescription:
\nz/OS allows a user to submit a job as another user without a password with the surrogat class. However, z/OS systems often have hundreds of thousands of users and have been running for decades. This means that it is very likely that from a low priv user there is a surrogat chain that will give you special (z/OS\' root).\n
RACF (z/OS\' Security), does not allow users to view the security of resources to which they do not have access. This means that manually enumerating a chain required you to submit a reverse shell each time you wanted to move up the chain. This will take a long time with 200k users.\n
Gator (my tool), submits a batch job that will call a REXX program which will output the user\'s privs and the current surrogat chain of that user. It will then list all of that user’s surrogat privs, and call the same batch job as before, but running as those users.\n
Gator also provides a macro that will generate a CATSO (similar to a meterpreter shell), for any of the users in the surrogat chain.\n
Gator can also be exported to a GraphVis python program, which will display the users information and chain as a network of nodes.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68298),('4_Sunday','09','09:30','09:59','N','DC','','\'Evil Printer: How to Hack Windows Machines with Printing Protocol\'','\'Chuanda Ding,Zhipeng Huo\'','DC_b447d1d1710cc8e4457cd9c435c05162','\'Title: Evil Printer: How to Hack Windows Machines with Printing Protocol
\nWhen: Sunday, Aug 9, 09:30 - 09:59 PDT
\nWhere: DEF CON Q&A Twitch
\nSpeakers:Chuanda Ding,Zhipeng Huo
\n
SpeakerBio:Chuanda Ding\n, Senior Researcher, Tencent Security Xuanwu Lab
\nChuanda Ding is a senior security researcher on Windows platform security. He leads EcoSec team at Tencent Security Xuanwu Lab. He was a speaker at Black Hat Europe 2018, DEF CON China 2018, CanSecWest 2017, CanSecWest 2016, and QCon Beijing 2016.
\nTwitter: @FlowerCode_
\n
SpeakerBio:Zhipeng Huo\n, Senior Researcher, Tencent Security Xuanwu Lab
\nZhipeng Huo is a senior security researcher on Windows and macOS platform security at Tencent Security Xuanwu Lab. He reported Microsoft Edge sandbox escape bugs in 2017, 2018, and 2020. He was a speaker at Black Hat Europe 2018.
\nTwitter: @R3dF09
\n\n
\nDescription:
\nPrinter Spooler service, one of the important services in Microsoft Windows, has existed for more than 25 years.\nIt runs at highest privilege level, unsandboxed, does networking, and dynamically loads third-party binaries. What could possibly go wrong?\n
In this talk, we will walk you through an incredibly fun bug we have discovered in printer spooler service.\nIt can be exploited both locally and remotely, escapes sandbox, executes arbitrary code, and also elevates to SYSTEM.\nWhile Microsoft managed to develop the most restrictive sandbox for Microsoft Edge, this bug easily goes through it like it\'s a sieve.\n
We will talk in detail the implementation of this ancient service, the method we used to discover and exploit the bug, and also throw in some tips and tricks for logic bugs in between.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68299),('4_Sunday','10','10:30','10:59','N','DC','','\'Bytes In Disguise\'','\'Jesse Michael,Mickey Shkatov\'','DC_b23600335a8733ba318867451b763e80','\'Title: Bytes In Disguise
\nWhen: Sunday, Aug 9, 10:30 - 10:59 PDT
\nWhere: DEF CON Q&A Twitch
\nSpeakers:Jesse Michael,Mickey Shkatov
\n
SpeakerBio:Jesse Michael\n
\nJesse MichaelJesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.
\nTwitter: @JesseMichael
\n
SpeakerBio:Mickey Shkatov\n
\nMickey has been doing security research for almost a decade, one of specialties is simplifying complex concepts and finding security flaws in unlikely places. He has seen some crazy things and lived to tell about them at security conferences all over the world, his past talks range from web pentesting to black badges and from hacking cars to BIOS firmware.
\nTwitter: @HackingThings
\n\n
\nDescription:
\nNon-Volatile Memory. EVERY computer has it, from the chip that stores your BIOS to the controller that runs your laptop trackpad and even your new fancy USB-C monitor. These small nooks of storage can be (ab)used by anyone to store data or code without causing any side effects and none would be the wiser. We will show you more than one example of how this is possible and walk through everything you need to know to do it, too. \nIn this talk, we will describe how to hide persistence in these obscure memory chips using simple tools that we are releasing as open source. We will show multiple ways to accomplish this without detection. On the defensive front, we’ll discuss what can be done to detect and lock down systems.
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68300),('4_Sunday','11','11:30','11:59','N','DC','','\'Only takes a Spark - Popping a shell on a 1000 nodes\'','\'ayoul3\'','DC_13567c79faececb560347aad5323fa9d','\'Title: Only takes a Spark - Popping a shell on a 1000 nodes
\nWhen: Sunday, Aug 9, 11:30 - 11:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:ayoul3\n
\nAyoub currently works as Lead Security at Qonto. He spent several years working as a pentester and an incident responder. He gave talks at various security conferences about Mainframe hacking. Lately, his main focus is Cloud security.
\nTwitter: @ayoul3__
\n\n
\nDescription:
\nApache Spark is one of the major players if not the leader when it comes to distributed computing and processing. Want to use machine learning to build models and uncover fraud, make predictions, estimate future sales or calculate revenue ? Whip out a 200 nodes cluster on Spark and you are good to go.\n
This talk will show you how to get a shell on each one of these nodes! We are talking about systems that, by design, have access to almost every datastore in the company (S3, Cassandra, BigQuery, MySQL, Redshift, etc.). This is game over for most companies. I will also release a tool that will help pentesters pwn Spark clusters, execute code and even bypass authentication (CVE-2020-9480).\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68301),('4_Sunday','14','14:30','14:59','N','DC','','\'Beyond Root: Custom Firmware for Embedded Mobile Chipsets\'','\'Christopher Wade\'','DC_3794f3e7a17027bd2d3eabd7674c7f84','\'Title: Beyond Root: Custom Firmware for Embedded Mobile Chipsets
\nWhen: Sunday, Aug 9, 14:30 - 14:59 PDT
\nWhere: DEF CON Q&A Twitch
\n
SpeakerBio:Christopher Wade\n, Security Consultant at Pen Test Partners
\nChris is a seasoned security researcher and consultant. His main focuses are in reverse engineering hardware, fingerprinting USB vulnerabilities and playing with Software Defined Radios, with his key strength lying in firmware analysis, which he utilizes as part of the hardware testing team at Pen Test Partners.
\n\n
\nDescription:
\nRooting a smartphone is often considered the ultimate method to allow a user to take complete control of their device. Despite this, many smartphones contain hardware which is closed off to any modification. This talk aims to show how this hardware can be reverse engineered in order to bypass its protections and further expand its functionality.\n \n
Using proprietary NFC Controllers as an example, we will cover analysis of the protocols used by the chips, how the firmware protections could be broken, and how custom firmware could be developed and deployed to the phone with no hardware modifications. This will include methodologies for analyzing weaknesses in firmware update protocols, leveraging the Unicorn CPU Emulator to bypass debugging restrictions, and techniques for reverse engineering the hardware capabilities of an unknown chip in order to implement custom features. This will end with demonstration of a smartphone with passive NFC sniffing capabilities and expanded tag emulation functionality.
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68302),('4_Sunday','15','15:30','15:59','N','DC','','\'Practical VoIP/UC Hacking Using Mr.SIP: SIP-Based Audit & Attack Tool\'','\'Ismail Melih Tas,Kubilay Ahmet Kucuk\'','DC_862a1578203d9f33b63d575bce996330','\'Title: Practical VoIP/UC Hacking Using Mr.SIP: SIP-Based Audit & Attack Tool
\nWhen: Sunday, Aug 9, 15:30 - 15:59 PDT
\nWhere: DEF CON Q&A Twitch
\nSpeakers:Ismail Melih Tas,Kubilay Ahmet Kucuk
\n
SpeakerBio:Ismail Melih Tas\n, Senior Expert in Offensive Security (PhD), Private Bank
\nMelih Tas received B.Sc., M.Sc., and Ph.D. degrees in Computer Science & Engineering. He is working as Principal Penetration Tester in a private bank since 2015 in Istanbul, Turkey. He worked as multiple times award-winning entrepreneur and security expert in a private cybersecurity R&D company between 2010 and 2015 where he worked on funded projects. Previous to them, he also worked in a global troubleshooting center where he found the root causes of telecommunication security incidents and frauds and designed measures to prevent them from happening again. He wrote the National VoIP/UC Security Standard Draft by cooperating with Turkish Standards Institute. He is the author of open-source projects Mr.SIP:SIP-Based Audit and Attack Tool and SIP-DD: SIP-Based DDoS Defense Tool. He holds an OSCP certificate. He is an active speaker in hacker conferences including Black Hat Arsenal, Offzone and Nopcon. He likes to do bug bounty hunting in his spare time. His research interests include the design and analysis of both offensive and defensive security mechanisms in the fields of VoIP Security, Network Security, and Web/Mobile Application Security.
\nTwitter: @artinscience
\n
SpeakerBio:Kubilay Ahmet Kucuk\n, Senior Security Researcher (PhD), University of Oxford
\nKubilay Ahmet Kucuk is a DPhil (Ph.D.) candidate at the University of Oxford. His research interests include the problem of secure remote computation, and architectures with TPM, TEEs, ARM TZ, seL4. With a focus on SGX, he received Ph.D. studentship from Intel and completed the AppTRE (Trustworthy Remote Entity) project in Prof. Andrew Martin\'s group. Before Oxford, he was a research assistant for five years at ETH Zürich, in D-MAVT Simulation Group. He led the software engineering in two CTI/Innosuisse funded projects in Industry 4.0 domain. These projects, the Face-gear Drive and the Next-Generation Virtual Feeder resulted in software products alive in the industry other than the journals.
\n\n
\nDescription:
\nIn this talk, we will introduce the most comprehensive offensive VoIP security tool ever developed, Mr.SIP (comprehensive version). We will make a live attack demonstration using Mr.SIP in our security laboratory. Furthermore, we will also introduce novel SIP-based attacks using the vulnerabilities we found in the SIP retransmission mechanism and reflection logic.\n
Mr.SIP is developed to assist security experts and system administrators who want to perform security tests for VoIP systems and to measure and evaluate security risks. It quickly discovers all VoIP components and services in a network topology along with the vendor, brand, and version information, detects current vulnerabilities, configuration errors. It provides an environment to assist in performing advanced attacks to simulate abuse of detected vulnerabilities. It detects SIP components and existing users on the network, intervenes, filters and manipulates call information, develops DoS attacks, breaks user passwords, and can test the server system by sending irregular messages.\n
Status-controlled call flow and ability to bypass anomaly systems stand out as Mr.SIP’s unique aspects. It also has strengths and competencies in terms of advanced fake IP address generation, fuzzing, password cracker, interactive inter-module attack kit, and MiTM features.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68303),('4_Sunday','16','16:30','16:59','N','DC','','\'Lateral Movement and Privilege Escalation in GCP; Compromise any Organization Without Dropping an Implant\'','\'Allison Donovan,Dylan Ayrey\'','DC_a9186a25927f7632275825f12381c0bf','\'Title: Lateral Movement and Privilege Escalation in GCP; Compromise any Organization Without Dropping an Implant
\nWhen: Sunday, Aug 9, 16:30 - 16:59 PDT
\nWhere: DEF CON Q&A Twitch
\nSpeakers:Allison Donovan,Dylan Ayrey
\n
SpeakerBio:Allison Donovan\n, Security Engineer
\nAllison Donovan is a security researcher who specializes in cloud-based platforms and devices. She is currently employed as a Senior Infrastructure Security Engineer at Cruise, where she secures cloud-based environments at scale, and previously she worked at Microsoft on mobile application security and site reliability engineering.
\n
SpeakerBio:Dylan Ayrey\n, Security Engineer
\nI\'m a Senior Security. I\'ve been heavily involved in the open source community for a few years, and I\'ve been doing my best to bring security practices into the cloud/devsecops world.
\n\n
\nDescription:
\nGoogle Cloud’s security model in many ways is quite different from AWS. Spark jobs, Cloud Functions, Jupyter Notebooks, and more default to having administrative capabilities over cloud API\'s. Instead of defaulting to no capabilities, permissions are granted to default identities. One default permission these identities have is called actAs, which allows a service by default to assume the identity of every service account in its project; many of which typically have role bindings into other projects and across an organization\'s resources.\n
This means by default many API\'s and identities can compromise large swaths of an organization by moving laterally by impersonating or gaining access to other identities. This can all be done without dropping a single implant on a machine.\n
In this talk we\'ll demonstrate several techniques to perform identity compromise via the ActAs permission, privilege escalation, lateral movement, and widespread project compromise in Google Cloud. As well as release tools for exploitation.\n
Next we\'ll show what detection capabilities are possible in the Google Cloud ecosystem, by showing Stackdriver logs that correspond with our exploitation techniques, and showing limitations in what\'s available. We\'ll also release tools and queries that can be used for detection . As well as insight to how we have attempted to tackle this problem at scale.\n
Lastly we\'ll go over remediation efforts you can take as a Google Cloud customer, and show how difficult it can be to secure yourself against these attacks. We will release tools that can be used to harden your organization, and walk through user stories and anecdotes of what this process looks at scale within our organization.\n
\n
This is a live Question & Answer stream. You\'ll want to have watched the corresponding pre-recorded talk prior to this Q&A session.\n
All DEF CON Q&A streams will happen on Twitch. Discussions and attendee-to-speaker participation will happen on Discord (#track-1-live).\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live: https://discord.com/channels/708208267699945503/733079621402099732\n
\'',NULL,68304),('2_Friday','09','09:30','09:59','N','HHV','','\'Meetup: Some HHV Challenges\'','\'rehr\'','HHV_275d852797bc257b5ce7377e9e6adf22','\'Title: Meetup: Some HHV Challenges
\nWhen: Friday, Aug 7, 09:30 - 09:59 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:rehr\n
\nNo BIO available
\n\n
\nDescription:
\nHHV members have created a few challenges for this year\'s DEF CON. Come learn and chat about those challenges, or bring new challenges to share with the community. This time will start with an introduction to this year\'s HHV challenges, but the remaining time will be open to community questions and conversations.\n
\n#hhv-challenge-text: https://discord.com/channels/708208267699945503/739567199647301702 \n
#hhv-meetups-a-voice: https://discord.com/channels/708208267699945503/739571117756383333\n
\n\'',NULL,68305),('2_Friday','10','10:00','10:30','N','HHV','','\'Learn to Solder the BadgeBuddy Kit\'','\'Joseph Long (hwbxr)\'','HHV_f68bf793989bd90b876644d373ddbb79','\'Title: Learn to Solder the BadgeBuddy Kit
\nWhen: Friday, Aug 7, 10:00 - 10:30 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:Joseph Long (hwbxr)\n
\nJoseph Long (hwbxr) is the founder of HackerBoxes: the monthly subscription box for DIY electronics, computer technology, and hacker culture. He has extensive experience in technology R&D and is an attorney of technology law. A former member of the research faculty at Georgia Tech, Joseph is a licensed professional engineer, amateur radio volunteer examiner, past IEEE senior member and chair of multiple IEEE chapters. He has directed or contributed to numerous engineering projects in diverse technology areas including digital and embedded systems, medical devices, broadband communications, and information security. Joseph has provided engineering expertise to technology startups, Fortune 500 companies, NASA, various other government agencies, and research laboratories. He has also prepared and prosecuted hundreds of patent applications for technology leaders such as Google, Microsoft, IBM, AT&T, Cisco, and Boeing as well as technology startups and various university clients.
\n\n
\nDescription:
\nLearn to Solder with HackerBoxes. Assemble your very own BadgeBuddy. HackerBoxes has updated a special edition BadgeBuddy soldering kit for DEF CON 28 SAFE MODE. \n
The BadgeBuddy is a simple and fun kit to introduce basic soldering skills. Once assembled, the blinky mini-badge PCB can be hung from a conference lanyard, backpack, purse, belt, etc using the included bead-chain. The BadgeBuddy uses self-cycling rainbow LEDs for a reduced bill of materials requiring no external control circuitry. The result is a very nice colorful effect that is still simple enough for a first time soldering project.\n
As in past years, the BadgeBuddy is free (as in beer) and in light of DEF CON 28 SAFE MODE, HackerBoxes will send it directly to you, anywhere in the United States, for only $1 S&H. If you do not already have soldering tools on hand, HackerBoxes is also making a set of basic soldering tools available at cost. Both can be found at HackerBoxes.com and can be ordered now to ship starting on July 20. Orders as late as July 25 should still be received in time for DEF CON 28 SAFE MODE, but earlier is always better in light of recent postal delays.\n
\n#hhv-badgebuddy-qa-text: https://discord.com/channels/708208267699945503/709254868329693214\n
Twitch: https://twitch.tv/dchhv\n
\n\'',NULL,68306),('2_Friday','11','11:00','11:59','N','HHV','','\'Hardware hacking 101: There is plenty of room at the bottom\'','\'Federico Lucifredi\'','HHV_f6f4ee9de79cd6aeb3af27f3f8f4fdbf','\'Title: Hardware hacking 101: There is plenty of room at the bottom
\nWhen: Friday, Aug 7, 11:00 - 11:59 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:Federico Lucifredi\n
\nFederico Lucifredi is the Product Management Director for Ceph Storage at Red Hat and a co-author of O\'Reilly\'s \"Peccary Book\" on AWS System Administration. Previously, he was the Ubuntu Server product manager at Canonical, where he oversaw a broad portfolio and the rise of Ubuntu Server to the rank of most popular OS on Amazon AWS.
\n\n
\nDescription:
\nThis is a live demonstration of hacking into the processor embedded in an SD card, effectively turning the device into a potentially covert Raspberry Pi-class computer under your complete control. The ARM926EJ-S ARM processor made its appearance as the embedded CPU in Transcend’s WiFi-enabled SD cards, clocking in at an impressive 426 BogoMips – we can’t possibly leave that territory unexplored, can we?\n
In this session we root the card’s own CPU, install a more featureful OS, and explore the system’s common and unusual capabilities (in hardware AES encryption and native support for Java bytecode among them). These provide plenty of building blocks for our projects.\n
Clearly, complete control of such a hidden computer running with full network connectivity can be used in network penetration scenarios. We’ll discuss applicable security threat countermeasures.\n
There is plenty of room at the bottom, and opening these computer-within-the computer configurations create interesting miniaturized automation scenarios alongside the obvious, more ominous security aspects.\n
Use your newfound knowledge for good, with great power comes great responsibility!\n
\n#hhv-hw101-talk-qa-text: https://discord.com/channels/708208267699945503/709255105479704636\n
Twitch: https://twitch.tv/dchhv\n
\n\'',NULL,68307),('2_Friday','12','12:30','12:59','N','HHV','','\'onkeypress=hack();\'','\'Farith Pérez Sáez,Luis Ãngel RamÃrez Mendoza (@larm182luis),Mauro Cáseres\'','HHV_2d4bf633be4053301d8c408aaf841a8c','\'Title: onkeypress=hack();
\nWhen: Friday, Aug 7, 12:30 - 12:59 PDT
\nWhere: Hardware Hacking Vlg
\nSpeakers:Farith Pérez Sáez,Luis Ãngel RamÃrez Mendoza (@larm182luis),Mauro Cáseres
\n
SpeakerBio:Farith Pérez Sáez\n
\nFarith Pérez Sáez (@f_perezs) is a colombian engineer, hardware hacker and speaker. He spoke at DragonJAR Colombia (Biggest hacking spanish speaking conference in LATAM) and teaches at Universidad de La Guajira.
\nTwitter: @f_perezs
\n
SpeakerBio:Luis Ãngel RamÃrez Mendoza (@larm182luis)\n
\nLuis Ángel Ramírez Mendoza (@larm182luis) is a colombian electronic engineer, hacker and speaker. He spoke at DragonJAR Colombia (Biggest hacking spanish speaking conference in LATAM) and is currently working as a Cybersecurity and Artificial Intelligence Professor at University of Guajira in Colombia.
\nTwitter: @larm182luis
\n
SpeakerBio:Mauro Cáseres\n
\nMauro Cáseres (@mauroeldritch) is an argentine hacker and speaker. He spoke at DEF CON 26 Las Vegas (Recon & Data Duplication Villages), DevFest Siberia, DragonJAR Colombia, Roadsec Brasil, and DC7831 Nizhny Novgorod. Currently working as SecOps for the Argentine Ministry of Production.
\nTwitter: @mauroeldritch
\n\n
\nDescription:
\nIn this talk we will see the assembly and use of a modified BadUSB keyboard with an integrated DIY physical keylogger.\nUsing a built-in WiFi module, this keyboard is capable of sending user keystrokes to a remote server and storing it in a database.\nBoth the piece by piece assembly, its diagram, and its programming will be demonstrated. Also there will also be a live demo to demonstrate its operation.\n
This talk is recommended for both novice and experienced users alike.\n
\n#hhv-onkeypresshack-talk-qa-text: https://discord.com/channels/708208267699945503/736750677128249360\n
Twitch: https://twitch.tv/dchhv\n
\n\'',NULL,68308),('2_Friday','13','13:30','14:30','N','HHV','','\'HackerBox 0057 Build Session\'','\'Joseph Long (hwbxr)\'','HHV_5b441ef519523add67e4d39c81c75fc7','\'Title: HackerBox 0057 Build Session
\nWhen: Friday, Aug 7, 13:30 - 14:30 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:Joseph Long (hwbxr)\n
\nJoseph Long (hwbxr) is the founder of HackerBoxes: the monthly subscription box for DIY electronics, computer technology, and hacker culture. He has extensive experience in technology R&D and is an attorney of technology law. A former member of the research faculty at Georgia Tech, Joseph is a licensed professional engineer, amateur radio volunteer examiner, past IEEE senior member and chair of multiple IEEE chapters. He has directed or contributed to numerous engineering projects in diverse technology areas including digital and embedded systems, medical devices, broadband communications, and information security. Joseph has provided engineering expertise to technology startups, Fortune 500 companies, NASA, various other government agencies, and research laboratories. He has also prepared and prosecuted hundreds of patent applications for technology leaders such as Google, Microsoft, IBM, AT&T, Cisco, and Boeing as well as technology startups and various university clients.
\n\n
\nDescription:
\nBuild HackerBox 0057 to explore microcontroller programming, IoT WiFi exploits, Bluetooth control, IR hacks, lockpicking tools, audio/video signaling, and more. HackerBoxes are the monthly subscription box for DIY electronics and computer technology. Each monthly HackerBox is a surprise. But this month the cathode is out of the bag, so to speak. The theme is SAFE MODE.\n
There will be an indie badge kit featuring dual core ESP32, IPS full-color 240x135 display, AV out, IR in/out, micro joystick, USB-C interface, battery charger, Wi-Fi, Bluetooth, and it\'s Arduino programmable. Of course there will be swag galore. HackerBox 0057 will bring home a \"village\" of IoT, Wireless, Lockpicking, and of course Hardware Hacking that should not disappoint.\n
Monthly HackerBoxes usually ship around the last day of the month. However, SAFE MODE HackerBox 0057 will ship a few days early (for both existing a new members) and should be received in time for DEF CON 28 SAFE MODE. We recommend ordering by July 22, but earlier is always better in light of recent postal delays.\n
\n#hhv-badgebuddy-qa-text: https://discord.com/channels/708208267699945503/709254868329693214\n
Twitch: https://twitch.tv/dchhv\n
\n\'',NULL,68309),('2_Friday','14','13:30','14:30','Y','HHV','','\'HackerBox 0057 Build Session\'','\'Joseph Long (hwbxr)\'','HHV_5b441ef519523add67e4d39c81c75fc7','\'\'',NULL,68310),('2_Friday','14','14:30','14:59','N','HHV','','\'Meetup: PCB Proto and Rework\'','\'ShortTie\'','HHV_add64d070a65b5a949c28192fb095743','\'Title: Meetup: PCB Proto and Rework
\nWhen: Friday, Aug 7, 14:30 - 14:59 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:ShortTie\n
\nNo BIO available
\n\n
\nDescription:
\nA place to meet people with the same interests or challenges and discuss. The meetup is a nexus for finding and starting the conversation. Bring your expertise and your questions.\n
\n#hhv-meetups-a-text: https://discord.com/channels/708208267699945503/739567085004521533\n
#hhv-meetups-a-voice: https://discord.com/channels/708208267699945503/739571117756383333\n
\n\'',NULL,68311),('2_Friday','15','15:30','15:59','N','HHV','','\'Meetup: Legacy Hardware\'','\'ShortTie\'','HHV_d2d7f7f030f03ba284c30c024e2cab6f','\'Title: Meetup: Legacy Hardware
\nWhen: Friday, Aug 7, 15:30 - 15:59 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:ShortTie\n
\nNo BIO available
\n\n
\nDescription:
\nA place to meet people with the same interests or challenges and discuss. The meetup is a nexus for finding and starting the conversation. Bring your expertise and your questions.\n
\n#hhv-meetups-a-text: https://discord.com/channels/708208267699945503/739567085004521533\n
#hhv-meetups-a-voice: https://discord.com/channels/708208267699945503/739571117756383333\n
\n\'',NULL,68312),('2_Friday','17','17:30','17:59','N','HHV','','\'Meetup: Some HHV Challenges\'','\'rehr\'','HHV_a7ed45de7ee8f5c08eb3b0940a52b48a','\'Title: Meetup: Some HHV Challenges
\nWhen: Friday, Aug 7, 17:30 - 17:59 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:rehr\n
\nNo BIO available
\n\n
\nDescription:
\nHHV members have created a few challenges for this year\'s DEF CON. Come learn and chat about those challenges, or bring new challenges to share with the community. This time will start with an introduction to this year\'s HHV challenges, but the remaining time will be open to community questions and conversations\n
\n#hhv-challenge-text: https://discord.com/channels/708208267699945503/739567199647301702 \n
#hhv-meetups-a-voice: https://discord.com/channels/708208267699945503/739571117756383333\n
\n\'',NULL,68313),('2_Friday','18','18:00','18:59','N','HHV','','\'Meetup: 3H: Hardware Happy Hour\'','\'Chris Gammell\'','HHV_38bb575487c13b5006e5a6d3fa43dcc2','\'Title: Meetup: 3H: Hardware Happy Hour
\nWhen: Friday, Aug 7, 18:00 - 18:59 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:Chris Gammell\n
\nNo BIO available
\n\n
\nDescription:
\nWind down the first official day of DEF CON Safe Mode talking about hardware! Bring a project to share! All hardware projects are welcome, from a simple Arduino based thingamabob to your company\'s newest hardware product (and how you earn your living). The main focus is meeting like minded people who are building fun things!\n
\n#hhv-meetups-a-text: https://discord.com/channels/708208267699945503/739567085004521533\n
#hhv-meetups-a-voice: https://discord.com/channels/708208267699945503/739571117756383333\n
\n\'',NULL,68314),('3_Saturday','08','08:30','08:59','N','HHV','','\'Learn to Solder the BadgeBuddy Kit\'','\'Joseph Long (hwbxr)\'','HHV_778145466022a2f4782ec3e88c684130','\'Title: Learn to Solder the BadgeBuddy Kit
\nWhen: Saturday, Aug 8, 08:30 - 08:59 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:Joseph Long (hwbxr)\n
\nJoseph Long (hwbxr) is the founder of HackerBoxes: the monthly subscription box for DIY electronics, computer technology, and hacker culture. He has extensive experience in technology R&D and is an attorney of technology law. A former member of the research faculty at Georgia Tech, Joseph is a licensed professional engineer, amateur radio volunteer examiner, past IEEE senior member and chair of multiple IEEE chapters. He has directed or contributed to numerous engineering projects in diverse technology areas including digital and embedded systems, medical devices, broadband communications, and information security. Joseph has provided engineering expertise to technology startups, Fortune 500 companies, NASA, various other government agencies, and research laboratories. He has also prepared and prosecuted hundreds of patent applications for technology leaders such as Google, Microsoft, IBM, AT&T, Cisco, and Boeing as well as technology startups and various university clients.
\n\n
\nDescription:
\nLearn to Solder with HackerBoxes. Assemble your very own BadgeBuddy. HackerBoxes has updated a special edition BadgeBuddy soldering kit for DEF CON 28 SAFE MODE. \n
The BadgeBuddy is a simple and fun kit to introduce basic soldering skills. Once assembled, the blinky mini-badge PCB can be hung from a conference lanyard, backpack, purse, belt, etc using the included bead-chain. The BadgeBuddy uses self-cycling rainbow LEDs for a reduced bill of materials requiring no external control circuitry. The result is a very nice colorful effect that is still simple enough for a first time soldering project.\n
As in past years, the BadgeBuddy is free (as in beer) and in light of DEF CON 28 SAFE MODE, HackerBoxes will send it directly to you, anywhere in the United States, for only $1 S&H. If you do not already have soldering tools on hand, HackerBoxes is also making a set of basic soldering tools available at cost. Both can be found at HackerBoxes.com and can be ordered now to ship starting on July 20. Orders as late as July 25 should still be received in time for DEF CON 28 SAFE MODE, but earlier is always better in light of recent postal delays.\n
\n#hhv-badgebuddy-qa-text: https://discord.com/channels/708208267699945503/709254868329693214\n
Twitch: https://twitch.tv/dchhv\n
\n\'',NULL,68315),('3_Saturday','09','09:30','09:59','N','HHV','','\'Hardware hacking 101: There is plenty of room at the bottom\'','\'Federico Lucifredi\'','HHV_3cb35d77b7016ad98d8186f33e9ca306','\'Title: Hardware hacking 101: There is plenty of room at the bottom
\nWhen: Saturday, Aug 8, 09:30 - 09:59 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:Federico Lucifredi\n
\nFederico Lucifredi is the Product Management Director for Ceph Storage at Red Hat and a co-author of O\'Reilly\'s \"Peccary Book\" on AWS System Administration. Previously, he was the Ubuntu Server product manager at Canonical, where he oversaw a broad portfolio and the rise of Ubuntu Server to the rank of most popular OS on Amazon AWS.
\n\n
\nDescription:
\nThis is a live demonstration of hacking into the processor embedded in an SD card, effectively turning the device into a potentially covert Raspberry Pi-class computer under your complete control. The ARM926EJ-S ARM processor made its appearance as the embedded CPU in Transcend’s WiFi-enabled SD cards, clocking in at an impressive 426 BogoMips – we can’t possibly leave that territory unexplored, can we?\n
In this session we root the card’s own CPU, install a more featureful OS, and explore the system’s common and unusual capabilities (in hardware AES encryption and native support for Java bytecode among them). These provide plenty of building blocks for our projects.\n
Clearly, complete control of such a hidden computer running with full network connectivity can be used in network penetration scenarios. We’ll discuss applicable security threat countermeasures.\n
There is plenty of room at the bottom, and opening these computer-within-the computer configurations create interesting miniaturized automation scenarios alongside the obvious, more ominous security aspects.\n
Use your newfound knowledge for good, with great power comes great responsibility!\n
\n#hhv-hw101-talk-qa-text: https://discord.com/channels/708208267699945503/709255105479704636\n
Twitch: https://twitch.tv/dchhv\n
\n\'',NULL,68316),('3_Saturday','11','11:00','11:30','N','HHV','','\'onkeypress=hack();\'','\'Farith Pérez Sáez,Luis Ãngel RamÃrez Mendoza (@larm182luis),Mauro Cáseres\'','HHV_5372cf517fac45b58676957cbf363ed0','\'Title: onkeypress=hack();
\nWhen: Saturday, Aug 8, 11:00 - 11:30 PDT
\nWhere: Hardware Hacking Vlg
\nSpeakers:Farith Pérez Sáez,Luis Ãngel RamÃrez Mendoza (@larm182luis),Mauro Cáseres
\n
SpeakerBio:Farith Pérez Sáez\n
\nFarith Pérez Sáez (@f_perezs) is a colombian engineer, hardware hacker and speaker. He spoke at DragonJAR Colombia (Biggest hacking spanish speaking conference in LATAM) and teaches at Universidad de La Guajira.
\nTwitter: @f_perezs
\n
SpeakerBio:Luis Ãngel RamÃrez Mendoza (@larm182luis)\n
\nLuis Ángel Ramírez Mendoza (@larm182luis) is a colombian electronic engineer, hacker and speaker. He spoke at DragonJAR Colombia (Biggest hacking spanish speaking conference in LATAM) and is currently working as a Cybersecurity and Artificial Intelligence Professor at University of Guajira in Colombia.
\nTwitter: @larm182luis
\n
SpeakerBio:Mauro Cáseres\n
\nMauro Cáseres (@mauroeldritch) is an argentine hacker and speaker. He spoke at DEF CON 26 Las Vegas (Recon & Data Duplication Villages), DevFest Siberia, DragonJAR Colombia, Roadsec Brasil, and DC7831 Nizhny Novgorod. Currently working as SecOps for the Argentine Ministry of Production.
\nTwitter: @mauroeldritch
\n\n
\nDescription:
\nIn this talk we will see the assembly and use of a modified BadUSB keyboard with an integrated DIY physical keylogger.\nUsing a built-in WiFi module, this keyboard is capable of sending user keystrokes to a remote server and storing it in a database.\nBoth the piece by piece assembly, its diagram, and its programming will be demonstrated. Also there will also be a live demo to demonstrate its operation.\n
This talk is recommended for both novice and experienced users alike.\n
\n#hhv-onkeypresshack-talk-qa-text: https://discord.com/channels/708208267699945503/736750677128249360\n
Twitch: https://twitch.tv/dchhv\n
\n\'',NULL,68317),('3_Saturday','12','12:00','12:30','N','HHV','','\'Learn to Solder the BadgeBuddy Kit\'','\'Joseph Long (hwbxr)\'','HHV_934995cff6258ff0c00030719c889344','\'Title: Learn to Solder the BadgeBuddy Kit
\nWhen: Saturday, Aug 8, 12:00 - 12:30 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:Joseph Long (hwbxr)\n
\nJoseph Long (hwbxr) is the founder of HackerBoxes: the monthly subscription box for DIY electronics, computer technology, and hacker culture. He has extensive experience in technology R&D and is an attorney of technology law. A former member of the research faculty at Georgia Tech, Joseph is a licensed professional engineer, amateur radio volunteer examiner, past IEEE senior member and chair of multiple IEEE chapters. He has directed or contributed to numerous engineering projects in diverse technology areas including digital and embedded systems, medical devices, broadband communications, and information security. Joseph has provided engineering expertise to technology startups, Fortune 500 companies, NASA, various other government agencies, and research laboratories. He has also prepared and prosecuted hundreds of patent applications for technology leaders such as Google, Microsoft, IBM, AT&T, Cisco, and Boeing as well as technology startups and various university clients.
\n\n
\nDescription:
\nLearn to Solder with HackerBoxes. Assemble your very own BadgeBuddy. HackerBoxes has updated a special edition BadgeBuddy soldering kit for DEF CON 28 SAFE MODE. \n
The BadgeBuddy is a simple and fun kit to introduce basic soldering skills. Once assembled, the blinky mini-badge PCB can be hung from a conference lanyard, backpack, purse, belt, etc using the included bead-chain. The BadgeBuddy uses self-cycling rainbow LEDs for a reduced bill of materials requiring no external control circuitry. The result is a very nice colorful effect that is still simple enough for a first time soldering project.\n
As in past years, the BadgeBuddy is free (as in beer) and in light of DEF CON 28 SAFE MODE, HackerBoxes will send it directly to you, anywhere in the United States, for only $1 S&H. If you do not already have soldering tools on hand, HackerBoxes is also making a set of basic soldering tools available at cost. Both can be found at HackerBoxes.com and can be ordered now to ship starting on July 20. Orders as late as July 25 should still be received in time for DEF CON 28 SAFE MODE, but earlier is always better in light of recent postal delays.\n
\n#hhv-badgebuddy-qa-text: https://discord.com/channels/708208267699945503/709254868329693214\n
Twitch: https://twitch.tv/dchhv\n
\n\'',NULL,68318),('3_Saturday','13','13:00','13:30','N','HHV','','\'Meetup: Some HHV Challenges\'','\'rehr\'','HHV_4b18c8c8456997f085553501cafd3a35','\'Title: Meetup: Some HHV Challenges
\nWhen: Saturday, Aug 8, 13:00 - 13:30 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:rehr\n
\nNo BIO available
\n\n
\nDescription:
\nHHV members have created a few challenges for this year\'s DEF CON. Come learn and chat about those challenges, or bring new challenges to share with the community. This time will start with an introduction to this year\'s HHV challenges, but the remaining time will be open to community questions and conversations.\n
\n#hhv-challenge-text: https://discord.com/channels/708208267699945503/739567199647301702 \n
#hhv-meetups-a-voice: https://discord.com/channels/708208267699945503/739571117756383333\n
\n\'',NULL,68319),('3_Saturday','14','14:00','14:30','N','HHV','','\'Meetup: Sourcing Parts\'','\'bombnav\'','HHV_8367a404101a8e0f0a523d40d6c5230f','\'Title: Meetup: Sourcing Parts
\nWhen: Saturday, Aug 8, 14:00 - 14:30 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:bombnav\n
\nNo BIO available
\n\n
\nDescription:
\nSourcing parts in the COVID involves new challenges due to supply chain issues. Counterfeiting continues to be an problem with out of production parts. This meetup is designed to share ideas and sources for acquiring parts for electronic hobbyists.\n
\n#hhv-meetups-a-text: https://discord.com/channels/708208267699945503/739567085004521533\n
#hhv-meetups-a-voice: https://discord.com/channels/708208267699945503/739571117756383333\n
\n\'',NULL,68320),('3_Saturday','15','15:00','15:30','N','HHV','','\'Meetup: OSS ASIC\'','\'Josh Marks\'','HHV_01adad0a892e8937ad907d78691e2fbc','\'Title: Meetup: OSS ASIC
\nWhen: Saturday, Aug 8, 15:00 - 15:30 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:Josh Marks\n
\nNo BIO available
\n\n
\nDescription:
\nCome geek out about the new Google + efabless + Skywater 130 nm Process Design Kit that was recently released. Brainstorm IC design ideas for the free fab runs in November and in 2021 — an extraordinary value!! No ASIC knowledge? No problem — casual conversation about transistor structures, and basic circuit architectures included.\n
\n#hhv-meetups-a-text: https://discord.com/channels/708208267699945503/739567085004521533\n
#hhv-meetups-a-voice: https://discord.com/channels/708208267699945503/739571117756383333\n
\n\'',NULL,68321),('3_Saturday','16','16:00','16:30','N','HHV','','\'Meetup: Certification Processes (UL, FCC, etc.)\'','\'ShortTie\'','HHV_e5c1a8952efb9a5585d275947364b9d3','\'Title: Meetup: Certification Processes (UL, FCC, etc.)
\nWhen: Saturday, Aug 8, 16:00 - 16:30 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:ShortTie\n
\nNo BIO available
\n\n
\nDescription:
\nA place to meet people with the same interests or challenges and discuss. The meetup is a nexus for finding and starting the conversation. Bring your expertise and your questions.\n
\n#hhv-meetups-a-text: https://discord.com/channels/708208267699945503/739567085004521533\n
#hhv-meetups-a-voice: https://discord.com/channels/708208267699945503/739571117756383333\n
\n\'',NULL,68322),('4_Sunday','09','09:00','09:30','N','HHV','','\'Learn to Solder the BadgeBuddy Kit\'','\'Joseph Long (hwbxr)\'','HHV_e48914e146d22cf4e583ef0b86f533ab','\'Title: Learn to Solder the BadgeBuddy Kit
\nWhen: Sunday, Aug 9, 09:00 - 09:30 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:Joseph Long (hwbxr)\n
\nJoseph Long (hwbxr) is the founder of HackerBoxes: the monthly subscription box for DIY electronics, computer technology, and hacker culture. He has extensive experience in technology R&D and is an attorney of technology law. A former member of the research faculty at Georgia Tech, Joseph is a licensed professional engineer, amateur radio volunteer examiner, past IEEE senior member and chair of multiple IEEE chapters. He has directed or contributed to numerous engineering projects in diverse technology areas including digital and embedded systems, medical devices, broadband communications, and information security. Joseph has provided engineering expertise to technology startups, Fortune 500 companies, NASA, various other government agencies, and research laboratories. He has also prepared and prosecuted hundreds of patent applications for technology leaders such as Google, Microsoft, IBM, AT&T, Cisco, and Boeing as well as technology startups and various university clients.
\n\n
\nDescription:
\nLearn to Solder with HackerBoxes. Assemble your very own BadgeBuddy. HackerBoxes has updated a special edition BadgeBuddy soldering kit for DEF CON 28 SAFE MODE. \n
The BadgeBuddy is a simple and fun kit to introduce basic soldering skills. Once assembled, the blinky mini-badge PCB can be hung from a conference lanyard, backpack, purse, belt, etc using the included bead-chain. The BadgeBuddy uses self-cycling rainbow LEDs for a reduced bill of materials requiring no external control circuitry. The result is a very nice colorful effect that is still simple enough for a first time soldering project.\n
As in past years, the BadgeBuddy is free (as in beer) and in light of DEF CON 28 SAFE MODE, HackerBoxes will send it directly to you, anywhere in the United States, for only $1 S&H. If you do not already have soldering tools on hand, HackerBoxes is also making a set of basic soldering tools available at cost. Both can be found at HackerBoxes.com and can be ordered now to ship starting on July 20. Orders as late as July 25 should still be received in time for DEF CON 28 SAFE MODE, but earlier is always better in light of recent postal delays.\n
\n#hhv-badgebuddy-qa-text: https://discord.com/channels/708208267699945503/709254868329693214\n
Twitch: https://twitch.tv/dchhv\n
\n\'',NULL,68323),('4_Sunday','10','10:00','10:30','N','HHV','','\'Meetup: Sourcing Parts\'','\'bombnav\'','HHV_518432397aeba302c1de531118df39fb','\'Title: Meetup: Sourcing Parts
\nWhen: Sunday, Aug 9, 10:00 - 10:30 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:bombnav\n
\nNo BIO available
\n\n
\nDescription:
\nSourcing parts in the COVID involves new challenges due to supply chain issues. Counterfeiting continues to be an problem with out of production parts. This meetup is designed to share ideas and sources for acquiring parts for electronic hobbyists.\n
\n#hhv-meetups-a-text: https://discord.com/channels/708208267699945503/739567085004521533\n
#hhv-meetups-a-voice: https://discord.com/channels/708208267699945503/739571117756383333\n
\n\'',NULL,68324),('4_Sunday','11','11:30','12:30','N','HHV','','\'HackerBox 0057 Build Session\'','\'Joseph Long (hwbxr)\'','HHV_768e4e155cfd7f3f7b41372b89d748ea','\'Title: HackerBox 0057 Build Session
\nWhen: Sunday, Aug 9, 11:30 - 12:30 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:Joseph Long (hwbxr)\n
\nJoseph Long (hwbxr) is the founder of HackerBoxes: the monthly subscription box for DIY electronics, computer technology, and hacker culture. He has extensive experience in technology R&D and is an attorney of technology law. A former member of the research faculty at Georgia Tech, Joseph is a licensed professional engineer, amateur radio volunteer examiner, past IEEE senior member and chair of multiple IEEE chapters. He has directed or contributed to numerous engineering projects in diverse technology areas including digital and embedded systems, medical devices, broadband communications, and information security. Joseph has provided engineering expertise to technology startups, Fortune 500 companies, NASA, various other government agencies, and research laboratories. He has also prepared and prosecuted hundreds of patent applications for technology leaders such as Google, Microsoft, IBM, AT&T, Cisco, and Boeing as well as technology startups and various university clients.
\n\n
\nDescription:
\nBuild HackerBox 0057 to explore microcontroller programming, IoT WiFi exploits, Bluetooth control, IR hacks, lockpicking tools, audio/video signaling, and more. HackerBoxes are the monthly subscription box for DIY electronics and computer technology. Each monthly HackerBox is a surprise. But this month the cathode is out of the bag, so to speak. The theme is SAFE MODE.\n
There will be an indie badge kit featuring dual core ESP32, IPS full-color 240x135 display, AV out, IR in/out, micro joystick, USB-C interface, battery charger, Wi-Fi, Bluetooth, and it\'s Arduino programmable. Of course there will be swag galore. HackerBox 0057 will bring home a \"village\" of IoT, Wireless, Lockpicking, and of course Hardware Hacking that should not disappoint.\n
Monthly HackerBoxes usually ship around the last day of the month. However, SAFE MODE HackerBox 0057 will ship a few days early (for both existing a new members) and should be received in time for DEF CON 28 SAFE MODE. We recommend ordering by July 22, but earlier is always better in light of recent postal delays.\n
\n#hhv-badgebuddy-qa-text: https://discord.com/channels/708208267699945503/709254868329693214\n
Twitch: https://twitch.tv/dchhv\n
\n\'',NULL,68325),('4_Sunday','12','11:30','12:30','Y','HHV','','\'HackerBox 0057 Build Session\'','\'Joseph Long (hwbxr)\'','HHV_768e4e155cfd7f3f7b41372b89d748ea','\'\'',NULL,68326),('4_Sunday','12','12:30','12:59','N','HHV','','\'Meetup: Wearables\'','\'ShortTie\'','HHV_2c736a52533cda5f8300434011af038c','\'Title: Meetup: Wearables
\nWhen: Sunday, Aug 9, 12:30 - 12:59 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:ShortTie\n
\nNo BIO available
\n\n
\nDescription:
\nA place to meet people with the same interests or challenges and discuss. The meetup is a nexus for finding and starting the conversation. Bring your expertise and your questions.\n
\n#hhv-meetups-a-text: https://discord.com/channels/708208267699945503/739567085004521533\n
#hhv-meetups-a-voice: https://discord.com/channels/708208267699945503/739571117756383333\n
\n\'',NULL,68327),('4_Sunday','14','14:00','14:30','N','HHV','','\'Learn to Solder the BadgeBuddy Kit\'','\'Joseph Long (hwbxr)\'','HHV_c5ee0c46034ed648623b4b3218e34b3c','\'Title: Learn to Solder the BadgeBuddy Kit
\nWhen: Sunday, Aug 9, 14:00 - 14:30 PDT
\nWhere: Hardware Hacking Vlg
\n
SpeakerBio:Joseph Long (hwbxr)\n
\nJoseph Long (hwbxr) is the founder of HackerBoxes: the monthly subscription box for DIY electronics, computer technology, and hacker culture. He has extensive experience in technology R&D and is an attorney of technology law. A former member of the research faculty at Georgia Tech, Joseph is a licensed professional engineer, amateur radio volunteer examiner, past IEEE senior member and chair of multiple IEEE chapters. He has directed or contributed to numerous engineering projects in diverse technology areas including digital and embedded systems, medical devices, broadband communications, and information security. Joseph has provided engineering expertise to technology startups, Fortune 500 companies, NASA, various other government agencies, and research laboratories. He has also prepared and prosecuted hundreds of patent applications for technology leaders such as Google, Microsoft, IBM, AT&T, Cisco, and Boeing as well as technology startups and various university clients.
\n\n
\nDescription:
\nLearn to Solder with HackerBoxes. Assemble your very own BadgeBuddy. HackerBoxes has updated a special edition BadgeBuddy soldering kit for DEF CON 28 SAFE MODE. \n
The BadgeBuddy is a simple and fun kit to introduce basic soldering skills. Once assembled, the blinky mini-badge PCB can be hung from a conference lanyard, backpack, purse, belt, etc using the included bead-chain. The BadgeBuddy uses self-cycling rainbow LEDs for a reduced bill of materials requiring no external control circuitry. The result is a very nice colorful effect that is still simple enough for a first time soldering project.\n
As in past years, the BadgeBuddy is free (as in beer) and in light of DEF CON 28 SAFE MODE, HackerBoxes will send it directly to you, anywhere in the United States, for only $1 S&H. If you do not already have soldering tools on hand, HackerBoxes is also making a set of basic soldering tools available at cost. Both can be found at HackerBoxes.com and can be ordered now to ship starting on July 20. Orders as late as July 25 should still be received in time for DEF CON 28 SAFE MODE, but earlier is always better in light of recent postal delays.\n
\n#hhv-badgebuddy-qa-text: https://discord.com/channels/708208267699945503/709254868329693214\n
Twitch: https://twitch.tv/dchhv\n
\n\'',NULL,68328),('2_Friday','09','09:15','09:45','N','IOT','','\'How to get rights for hackers\'','\'Chloé Messdaghi\'','IOT_08830ce46f7e681693f12f925b7393ad','\'Title: How to get rights for hackers
\nWhen: Friday, Aug 7, 09:15 - 09:45 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Chloé Messdaghi\n
\nChloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WomenHackerz & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine\'s The Uncommon Journey, and runs the Hacker Book Club.
\n\n
\nDescription:
\nSixty percent of hackers don’t submit vulnerabilities due to the fear of out-of-date legislation, press coverage, and companies misdirected policies. This fear is based on socially constructed beliefs. This talk dives into the brain\'s response to fear while focusing on increasing public awareness in order to bring legislation that supports ethical hackers, ending black hoodie and ski mask imagery, and encourage organizations to support bilateral trust within their policies.
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68329),('2_Friday','10','10:00','10:30','N','IOT','','\'IoT Hacking Stories in Real Life\'','\'Besim Altinok\'','IOT_25522e6dd17e77db9971dcf23475b33b','\'Title: IoT Hacking Stories in Real Life
\nWhen: Friday, Aug 7, 10:00 - 10:30 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Besim Altinok\n
\nBesim Altinok (@AltnokBesim) has been researching Wi-Fi security for over a decade. He created WiPi-Hunter project against Wi-Fi hackers. He is the author of a book on Wi-Fi security. Besim\'s work on wireless security has been published in ArkaKapi Magazine and others. He has also spoken at top conferences including BlackHat Europe, Blackhat ASIA, Defcon, and others. Besim ALTINOK works currently at a Private Company which is located in Ankara, Turkey
\nTwitter: @AltnokBesim
\n\n
\nDescription:
\nThroughout this year, we had the chance to analyze two different models of electric scooters, three different models of smart locks, various kind of smart home devices and lastly one robot assistant which is in use at airports. During the analysis process, we have found some critical security vulnerabilities including privilege escalation, insecure communication and taking over the servers which these communications are being performed on. Additionally, we have identified two hard-coded secret keys and lastly one cryptographic key in the result of our analysis. In this presentation, we will be sharing the details of the vulnerabilities that we have identified during our analysis.
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68330),('2_Friday','10','10:45','11:45','N','IOT','','\'Getting Started – Building an IoT Hardware Hacking Lab\'','\' \'','IOT_835a81141115cb3b20a0c5ce6b1e107d','\'Title: Getting Started – Building an IoT Hardware Hacking Lab
\nWhen: Friday, Aug 7, 10:45 - 11:45 PDT
\nWhere: IOT Vlg
\n
\nDescription:
\nThis learning session will focus on the subject of building an IoT hardware hacking lab. During this learning session various tools and technologies will be shown and discussed that are needed for physical disassembly, soldering, debugging, and analyzing. Covering the basic entry level to the more advanced lab equipment needed and used. After each learning objective we will have Q&A sessions
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68331),('2_Friday','11','10:45','11:45','Y','IOT','','\'Getting Started – Building an IoT Hardware Hacking Lab\'','\' \'','IOT_835a81141115cb3b20a0c5ce6b1e107d','\'\'',NULL,68332),('2_Friday','12','12:15','12:59','N','IOT','','\'Exploring vulnerabilities in Smart Sex Toys, the exciting side of IoT research\'','\'Denise Giusto Bilic\'','IOT_ac3d13ce0a3b6ac6e3b6e9c7f2c2dd38','\'Title: Exploring vulnerabilities in Smart Sex Toys, the exciting side of IoT research
\nWhen: Friday, Aug 7, 12:15 - 12:59 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Denise Giusto Bilic\n
\nDenise Giusto Bilic is an Information Systems Engineer graduated from the National Technological University of Argentina. Nowadays she specializes in mobile and IoT security. \n
Denise currently works as a Security Researcher at ESET, where part of her job is preparing technical and educational materials related to information security. She has participated as a speaker in many international security conferences. She is also a co-organizer of NotPinkCon Security Conference.\n
\n\n
\nDescription:
\nSmart sex toys are a huge topic – and we’re not talking about their size! The Internet of Things (IoT) has triggered many personal items to become connected and smart, watches, toothbrushes, glasses and even toilets, to name just a few. The adult toy market has not been left behind with new models of toys that include the opportunity to connect them to the Internet and allow them to be remotely controlled.\n
IoT devices and their vulnerabilities are frequently discussed in the media, and sex toys are not the exception. Many of them have holes in them. Keep focused, we mean holes and bugs in the software. This is despite the sensitivity of the extremely personal information they handle.\nWe analyzed the security of the Android applications that control the most frequently purchased models of connected sexual pleasure devices, to determine the extent to which the confidentiality of user data could be vulnerable. Our research revealed interesting security flaws derived from both the implementation of the application and the design of the device, affecting the storage and processing of information.\n
If you’re one of the many users who have a smart sex toy connected to the internet, or plan to buy one, you cannot miss this talk, it may have you shaking in your seat. Our presentation may make you reconsider connecting it ever again or not purchasing one at all. \n
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68333),('2_Friday','13','13:15','13:59','N','IOT','','\'IoT Under the Microscope: Vulnerability Trends in the Supply Chain\'','\'Parker Wiksell\'','IOT_28ea879c0356edab16d639e890cf1028','\'Title: IoT Under the Microscope: Vulnerability Trends in the Supply Chain
\nWhen: Friday, Aug 7, 13:15 - 13:59 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Parker Wiksell\n
\nParker Wiksell (@pwiksell) is a security researcher and engineer at Finite State, an IoT security research company, and is the author of the AFL-Unicorn fuzzer and the Patchwerk kernel patching framework. Parker has over 25 years industry experience, with the last 9 being focused primarily on software and hardware security research, presenting at several major conferences. When not geeking out on computers, Parker has been known to write the occasional musical composition professionally.
\nTwitter: @pwiksell
\n\n
\nDescription:
\nIoT device manufacturers have no idea what\'s running on their devices -- they really don\'t.\n
In 2002 then-US Secretary of Defense, Donald Rumsfield, brought public attention to a notion that information can be divided into three categories: known knowns, known unknowns, and unknown unknowns. As hackers, how can we apply this formulation to IoT vulnerabilities?\n
The known knowns: Vulnerabilities that have been explicitly discovered through scanning and testing. The known unknowns: Newly created software that has yet to undergo any application security testing. The unknown unknowns: Systems that the defender does not know about.\n
There is, in fact, a fourth dimension: unknown knowns, which comprise “that which we intentionally refuse to acknowledge that we know†or “do not like to know.â€\nThe unknown knowns: Vulnerabilities that are known to exist, but that have not been associated with all the systems they actually affect.\n
In this talk, we report on IoT device vulnerability findings at massive scale, as a result of our firmware collection and analysis. For this research we have selected approximately 50k firmware images, representing over 7M files, 10k products, and 150 vendors, spanning many different architectures and operating systems. We will highlight some of the trends we\'ve uncovered in supply chain vulnerabilities, and reveal specific examples of device backdoors, botnets, and vulnerabilities discovered in medical, home, and commercial device firmware. \n
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68334),('2_Friday','14','14:15','14:59','N','IOT','','\'Hella Booters: Why IoT Botnets Aren\'t Going Anywhere\'','\'Netspooky\'','IOT_fef77557dd0d6e716c8273e45eac6d13','\'Title: Hella Booters: Why IoT Botnets Aren\'t Going Anywhere
\nWhen: Friday, Aug 7, 14:15 - 14:59 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Netspooky\n
\nnetspooky is a reverse engineer in the ICS and IoT space.
\n\n
\nDescription:
\n This talk discusses the rise of IoT botnets, the culture that surrounds them, and the vulnerabilities that enable their continued existence. I will discuss various analyses of major botnet families, discuss exploits and vulnerability classes in IoT devices, and examine the rapid growth of these botnets for commercial use. I will also discuss newer innovations in IoT malware, and outline some of the ways that vendors could reduce their impact moving forward.
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68335),('2_Friday','15','15:15','16:15','N','IOT','','\'NAND Flash – Recovering File Systems from Extracted Data\'','\' \'','IOT_d779e520f2a87addad0bd5808be45571','\'Title: NAND Flash – Recovering File Systems from Extracted Data
\nWhen: Friday, Aug 7, 15:15 - 16:15 PDT
\nWhere: IOT Vlg
\n
\nDescription:
\nThis learning session will introduce attendees to the process of recovering file systems from data extracted from NAND flash chips. As part of this learning session we will be discussing and demoing the tools, methods and common processes for successfully recovering data. After each learning objective we will have Q&A sessions
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68336),('2_Friday','16','15:15','16:15','Y','IOT','','\'NAND Flash – Recovering File Systems from Extracted Data\'','\' \'','IOT_d779e520f2a87addad0bd5808be45571','\'\'',NULL,68337),('2_Friday','16','16:45','17:30','N','IOT','','\'Assembling VULNtron: 4 CVEs that Turn a Teleconference Robot into a Spy\'','\'Mark Bereza\'','IOT_85e109c32ca55f105a65662f2f3444dc','\'Title: Assembling VULNtron: 4 CVEs that Turn a Teleconference Robot into a Spy
\nWhen: Friday, Aug 7, 16:45 - 17:30 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Mark Bereza\n
\nMark Bereza is a security researcher and new addition to McAfee\'s Advanced Threat Research team. A recent alumnus of Oregon State\'s Computer Science systems program, Mark\'s work has focused primarily on vulnerability discovery and exploit development for embedded systems. Mark previously presented at DEFCON 27, less than 6 months after graduating college.
\n\n
\nDescription:
\nOnce limited to the realm of science fiction, robotics now play a vital role in many industries, including manufacturing, agriculture, and even medicine. Despite this, the kind of robot that interfaces with humans directly, outside of the occasional toy or vacuum, threatens to remain an inhabitant of fiction for the foreseeable future.\n
temi, a “personal robot†created by Roboteam, may help make that fiction a reality. temi is a smart device for consumer, enterprise, retail, and even medical environments that is capable of both autonomous movement and teleconferencing. It’s precisely this functionality, however, that makes it a valuable target for hackers. Unlike a simple camera exploit, a compromised temi grants an attacker mobility in addition to audio/video, greatly increasing their ability to spy on victims in the most private of situations - their homes, medical appointments, or workplaces.\n
Not knowing when to quit, McAfee Advanced Threat Research uncovered four 0-day vulnerabilities in the temi. We’ll show how an attacker armed with nothing besides the victim’s phone number could exploit these vulnerabilities to intercept or join an existing temi call, gain video access, and even obtain “owner†privileges, granting the ability to remotely control the robot – all with zero authentication. \n
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68338),('2_Friday','17','16:45','17:30','Y','IOT','','\'Assembling VULNtron: 4 CVEs that Turn a Teleconference Robot into a Spy\'','\'Mark Bereza\'','IOT_85e109c32ca55f105a65662f2f3444dc','\'\'',NULL,68339),('2_Friday','17','17:45','18:15','N','IOT','','\'Pandemic In Plaintext\'','\'Troy Brown\'','IOT_9814081c6a1fea6177d02f766a66943a','\'Title: Pandemic In Plaintext
\nWhen: Friday, Aug 7, 17:45 - 18:15 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Troy Brown\n
\nTroy has been a RF and physical security hardware engineer for multiple manufacturers of access control, locks, and wireless security devices for over a decade. Troy holds multiple patents in areas of electronic security, energy harvesting, and wireless. Troy also hosts the YouTube channel for HackerWarehouse.TV and can be found on Twitter at @waveguyd.
\n\n
\nDescription:
\nWhen a wireless engineer decides to tune into hospitals to determine the state of COVID in the community, he finds detailed patient info being broadcast into thin air. By capturing, decoding, and analyzing the info, the true state of the pandemic is realized.
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68340),('2_Friday','18','17:45','18:15','Y','IOT','','\'Pandemic In Plaintext\'','\'Troy Brown\'','IOT_9814081c6a1fea6177d02f766a66943a','\'\'',NULL,68341),('3_Saturday','09','09:00','09:45','N','IOT','','\'Hacking smart-devices for fun and profit: From exploiting my smart-home into controlling thousands of smart-devices around the world\'','\'Barak Sternberg\'','IOT_e58ef1fdfb5d328d454d238fb062b869','\'Title: Hacking smart-devices for fun and profit: From exploiting my smart-home into controlling thousands of smart-devices around the world
\nWhen: Saturday, Aug 8, 09:00 - 09:45 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Barak Sternberg\n
\nBarak Sternberg is an Experienced Security Researcher who specializes in Offensive Security. Previously, he spent five years at Unit 8200, as an officer, PO and team leader of security researchers.\n
Barak is highly-skilled in cyber-security, from vulnerabilities research in various areas (IoT, embedded devices, Linux and web apps) to analyzing malware in the wild. Barak also acquires MSC (in CS) focused on algorithms from Tel-Aviv University.\n
\n\n
\nDescription:
\nSmart-devices are anywhere, connecting lights, AC, cameras and even heat-sensors. They present a weak spot in which hackers can hack and learn about internal network-configuration, change arbitrary controllers, and lead to high physical & software damage. In our scenario, thousands of HDL smart devices could have been exploited & remotely controlled in the wild. 4 unique vulnerabilities have been found and presented here - We show how they can be utilized by a sophisticated attacker to stealth-access smart-devices remotely, change, control and take advantage of their data. Also, we show how a full data-extraction of smart-devices managing accounts: private data and credentials could have been extracted as well. This unique attack scenario demonstrates the high-security impact of deploying IoT devices over any organization, especially when using dedicated IoT hardware and proprietary components which are interconnected and even remotely managed. A coordinated responsible disclosure was done and thankful to HDL responsiveness & approach - All was fixed.
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68342),('3_Saturday','10','10:00','10:45','N','IOT','','\'Your connected world isn\'t yours anymore! - Remote IoT attacks and data exfiltration.\'','\'Dewank Pant,Shruti Lohani\'','IOT_823101b05e6b7baf26fdca985b9305cc','\'Title: Your connected world isn\'t yours anymore! - Remote IoT attacks and data exfiltration.
\nWhen: Saturday, Aug 8, 10:00 - 10:45 PDT
\nWhere: IOT Vlg
\nSpeakers:Dewank Pant,Shruti Lohani
\n
SpeakerBio:Dewank Pant\n
\nDewank Pant is a Security Engineer working with NCC Group Inc. He graduated from and worked at Johns Hopkins University under the Information Security Track. He is skilled in IoT Security, Radio Hacking, Bot Development, and penetration testing. He has published several CVEs and holds 3+ years of work experience in the industry.
\n
SpeakerBio:Shruti Lohani\n
\nShruti Lohani is a Computer Scientist working in IoT Research & Development in the sectors of Energy, Petrochemical, Aerospace, Automotive, etc. at Nexess, France. She completed her M.Sc. from EURECOM, France and has 3 years of experience in the IoT domain. Her expertise in IoT application and security is not limited to Smart homes, autonomous vehicles, indoor/outdoor Geolocation.
\n\n
\nDescription:
\nFrom smart home devices to smart cars, IoT actually gave us our “connected worldâ€, but maybe not a “Safe†one. Imagine all your smart devices on your home network being controlled by someone on the other side of the world, your smart TVs, smart lights, baby monitors, routers, printers, workspace surveillance cameras, and literally everything else!\n
This talk explores how the methods of manipulating domain name resolution can be used to exploit and remotely take over most of the connected devices in a private network. We will talk about how it can be used to scan a private network externally for IoT devices, and how it can put even private devices open to the public!\nWe will cover some tools that can be used to takeover a device and exfiltrate the data of a victim under a minute with minimum user interaction. We demonstrate how the data can be exfiltrated and used to perform unwanted actions on the victim\'s devices from anywhere in the world.\n
We furthermore, talk about methods of prevention and best practices that a developer and product designer can consider to protect their devices against such attacks.\nSo if you\'re a pentester or a developer we\'ve got something for everyone! \n
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68343),('3_Saturday','11','11:00','11:59','N','IOT','','\'Introduction to U-Boot Interaction and Hacking\'','\'Garrett Enoch\'','IOT_4d8a5749cef7b4452b366227a7a168f0','\'Title: Introduction to U-Boot Interaction and Hacking
\nWhen: Saturday, Aug 8, 11:00 - 11:59 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Garrett Enoch\n
\nNo BIO available
\n\n
\nDescription:
\nThis learning session will guide the attendees through various concepts related U-boot including hacks to gain access to U-boot console, U-boot console commands and structure and various methods on using U-boot to exploit an embedded IoT systems. After each learning objective we will have Q&A sessions.
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68344),('3_Saturday','13','13:45','14:15','N','IOT','','\'In search of the perfect UPnP tool\'','\'Trevor Stevado t1v0\'','IOT_f7ac9ac544a36eb093a7dbbb7d832701','\'Title: In search of the perfect UPnP tool
\nWhen: Saturday, Aug 8, 13:45 - 14:15 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Trevor Stevado t1v0\n
\nTrevor is the Founding Partner of Loudmouth Security, an elite penetration testing and red teaming company in Canada\'s National Capital. Trevor has a black badge from DefCon 26 and is co-organizer for IoT Village at conferences across the Canada and the US.
\nTwitter: @_t1v0_
\n\n
\nDescription:
\nWhile researching UPnP vulnerabilities I became frustrated with the currently available UPnP tools. Some devices that I knew had UPnP just weren\'t found with any of the tools I tried. Out of this frustration, came a new and improved BHunter extension for Burp Suite. In this lightning talk I\'ll go over some of the issues I found and the improvements made to it, and I\'ll give a demo of the tool in action.
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68345),('3_Saturday','14','13:45','14:15','Y','IOT','','\'In search of the perfect UPnP tool\'','\'Trevor Stevado t1v0\'','IOT_f7ac9ac544a36eb093a7dbbb7d832701','\'\'',NULL,68346),('2_Friday','18','18:30','19:15','N','IOT','','\'The Joy of Coordinating Vulnerability Disclosure\'','\'Daniel Gruss,CRob,Lisa Bradley,Katie Noble,Omar Santos, Anders Fogh\'','IOT_dc62a47fcb719a97323850ff29ce763f','\'Title: The Joy of Coordinating Vulnerability Disclosure
\nWhen: Friday, Aug 7, 18:30 - 19:15 PDT
\nWhere: IOT Vlg
\nSpeakers:Daniel Gruss,CRob,Lisa Bradley,Katie Noble,Omar Santos, Anders Fogh
\n
SpeakerBio:Daniel Gruss\n, TU Graz
\nNo BIO available
\n
SpeakerBio:CRob\n, Red Hat
\nNo BIO available
\n
SpeakerBio:Lisa Bradley\n, Dell
\nNo BIO available
\n
SpeakerBio:Katie Noble\n, Intel Corp
\nKatie currently serves as a Director of PSIRT and Bug Bounty at Intel Corp. Where she leads the cyber security vulnerability Bug Bounty program, researcher outreach, and strategic planning efforts. Previous to this position, Katie served as the Section Chief of the Vulnerability Management and Coordination at the Department of Homeland Security, Cyber and Infrastructure Security Agency (CISA) where she led DHS’ primary operations arm for coordinating the responsible disclosure and mitigation of identified cyber vulnerabilities in control systems, enterprise, hardware and software. Katies team is credited by the Secretary of Homeland Security with the coordination and public disclosure of over 20,000 cyber security vulnerabilities within a two year period. Katie is a highly accomplished manager with over 14 years of U.S. Government experience, both in the Intelligence Community and Cyber Security Program Management. She has operated at all levels from individual contributor as an Intelligence Analyst for the National Intelligence Community to Senior Policy Advisor for White House led National Security Council (NSC) Cyber programs. Her work has directly impacted the decision making of the NSC, Defense Information Systems Agency, Office of the Director of National Intelligence, Department of Defense, Federal Communications Commission, Central Intelligence Agency, U.S. Coast Guard, U.K.Ministry of Defense, Canadian Government agencies, and Australian Cabinet Ministry.
\n
SpeakerBio:Omar Santos\n, Cisco
\nOmar Santos is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar is the author of over 20 books and video courses; numerous white papers, and other articles. Omar is a Principal Engineer of Cisco’s Product Security Incident Response Team (PSIRT) where he mentors and lead engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar is often presenting at many conferences and he is the co-lead of the DEF CON Red Team Village.
\nTwitter: @santosomar
\n
SpeakerBio: Anders Fogh\n, Intel
\nNo BIO available
\n\n
\nDescription:
\nUnder the best of circumstances, coordinating disclosure of vulnerabilities can be a challenge. At times it can feel like everyone involved in CVD has conflicting motivations. The truth is that all of us are aspiring to do the right thing for end-users based on our perspective. The panel will share experiences and show how researchers and technology companies can work together to improve the impact of disclosing vulnerabilities on the technology ecosystem. Join CRob (Red Hat), Lisa Bradley (Dell), Katie Noble (Intel), Omar Santos (Cisco), Anders Fogh (Intel) and Daniel Gruss (TU Graz) for an exciting and engaging dialog between security researchers and industry experts on the Joy of coordinating vulnerability disclosure.
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68347),('2_Friday','19','18:30','19:15','Y','IOT','','\'The Joy of Coordinating Vulnerability Disclosure\'','\'Daniel Gruss,CRob,Lisa Bradley,Katie Noble,Omar Santos, Anders Fogh\'','IOT_dc62a47fcb719a97323850ff29ce763f','\'\'',NULL,68348),('3_Saturday','15','15:30','16:30','N','IOT','','\'Learning to Use Logic Analyzers\'','\'Jonathan Stines\'','IOT_53e0e506cf8cf272cdc5534f54061786','\'Title: Learning to Use Logic Analyzers
\nWhen: Saturday, Aug 8, 15:30 - 16:30 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Jonathan Stines\n
\nJonathan is a Senior Security Consultant on Rapid7\'s Penetration Testing team and has 7 years of pen test and consulting experience. Jonathan has worked on a wide breadth of projects, ranging from hacking a regional bank\'s LAN network in Wales to breaking into a Chinese warehouse\'s wireless network in Guangdong. With a specialization in hacking IoT and embedded systems, Jonathan has a tendency of raiding local garage sales and thrift stores in search of the next gadget to tear into.
\n\n
\nDescription:
\nThis learning session attendees will learn how to properly utilize a logic analyzer for examining, testing and decoding digital communication on embedded systems. Also, various logic analyzers from cheap models to the more expensive models will be shown and discussed. After each learning objective we will have Q&A sessions.
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68349),('3_Saturday','16','15:30','16:30','Y','IOT','','\'Learning to Use Logic Analyzers\'','\'Jonathan Stines\'','IOT_53e0e506cf8cf272cdc5534f54061786','\'\'',NULL,68350),('3_Saturday','17','17:00','17:45','N','IOT','','\'IoT Honeypots and taming Rogue appliances\'','\'Kat Fitzgerald\'','IOT_63ac335c6d3d87ff478b31f79267df90','\'Title: IoT Honeypots and taming Rogue appliances
\nWhen: Saturday, Aug 8, 17:00 - 17:45 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Kat Fitzgerald\n
\nBased in Pittsburgh and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral Pop Tarts and have the only Pop Tart Sanctuary in the Pittsburgh area.
\n\n
\nDescription:
\nHoneypots AND IoT security, all in one place? Yes, why YES I tell you, and this is it! Oh sure, honeypots are not new, but how they are used is what makes this talk just a little bit different. Presented for your viewing pleasure will be IoT specific honeypot configurations, some deployed with k8s (some not) and how they are used to not only trap attacks against your IoT devices but also detect attacks FROM a compromised IoT device.
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68351),('3_Saturday','18','18:00','18:45','N','IOT','','\'Stepped on a Nail\'','\'Matthew Byrdwell\'','IOT_d6c0393fe7feaaff8b8feedcf3c113a8','\'Title: Stepped on a Nail
\nWhen: Saturday, Aug 8, 18:00 - 18:45 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Matthew Byrdwell\n
\nMatthew Byrdwell (\"Nerdwell\") is passionate about securing the Internet and helping others achieve their infosec career goals. He\'s been building and breaking IT systems for 20 years and currently works in Critical Infrastructure Protection. He enjoys doing cybersecurity research, both independently and through bug bounty programs, and contributes to the community as a Bugcrowd Ambassador.
\n\n
\nDescription:
\nIt was a crisp October evening as Nerdwell walked the streets of the Internet looking for juicy bugs. Suddenly, his attention was drawn to something that he could not ignore. \"\"Is that memory?\"\" He thought to himself, \"\"it sure is ... a whole heap of it!\"\"\n
In this talk, Nerdwell will share the story of how a chance observation, along with healthy doses of curiosity and persistence, ultimately led to a high severity finding of unauthenticated remote memory disclosure in the Mitel MiVoice 6800 and 6900 series SIP Phones. Nerdwell will take us through the technical details of CVE-2020-13617 and demonstrate exploitation. He\'ll then share some of the insights gained along the way, including:\n
\n - Unexpected benefits of the emerging bug bounty industry upon IoT security in general;\n
- The roles of curiosity and creativity in the hacker\'s mindset, and how these traits influence security research; and\n
- Ways to use open source tools, like Shodan.io and GitHub, to select IoT devices for further research.
\nThe talk will close with suggestions for future research and tips for new researchers looking to break into the field of IoT hacking. \n
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,68352),('2_Friday','13','13:00','14:59','N','PHVW','','\'Intrusion Analysis and Threat Hunting with Open Source Tools\'','\'Jack Mott,Jason Williams,Josh Stroschein\'','PHVW_b955ed55fe747a7ada13f3c370796fcf','\'Title: Intrusion Analysis and Threat Hunting with Open Source Tools
\nWhen: Friday, Aug 7, 13:00 - 14:59 PDT
\nWhere: Packet Hacking Vlg - Workshop
\nSpeakers:Jack Mott,Jason Williams,Josh Stroschein
\n
SpeakerBio:Jack Mott\n, Security Researcher
\nJack Mott is a security researcher who focuses on open source solutions to detect, track and hunt malware and malicious activity. He has been a signature writer for the Emerging Threats team for several years, producing community/premium Suricata signatures to help protect networks worldwide. Jack is a strong believer in the open source mission as well as helping people and organizations solve security issues with open source solutions. He resides in the USA.
\n
SpeakerBio:Jason Williams\n, Security Researcher
\nJason Williams is a security researcher with global enterprise experience in detecting, hunting and remediating threats with open source technologies. Primarily focusing on network communications, Jason has written thousands of commercial and community Suricata rules for Emerging Threats to help defenders protect their networks. Jason participates as a Signature Development and User Training instructor for the OISF.
\n
SpeakerBio:Josh Stroschein\n, Director of Training, Open Information Security Foundation (OISF) / Suricata
\nJosh Stroschein is an experienced malware analyst and reverse engineer who has a passion for sharing his knowledge with others. He is the Director of Training for OISF, where he leads all training activities for the foundation and is also responsible for academic outreach and developing research initiatives. Josh is an accomplished trainer, providing training in the aforementioned subject areas at BlackHat, DerbyCon, Toorcon, Hack-In-The-Box, Suricon and other public and private venues. Josh is an Assistant Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, an author on Pluralsight, and a threat researcher for Bromium.
\n\n
\nDescription:
\nIn today\'s threat landscape, sophisticated adversaries have routinely demonstrated the ability to compromise enterprise networks and remain hidden for extended periods of time. In Intrusion Analysis and Threat Hunting with Open Source Tools, you will learn how to dig deep into network traffic to identify key evidence that a compromise has occurred, learn how to deal with new forms of attack, and develop the skills necessary to proactively search for evidence of new breaches. We will explore key phases of adversary tactics and techniques - from delivery mechanisms to post-infection traffic to get hands-on analysis experience. Open-source tools such as Suricata and Moloch will be utilized to generate data, perform exhaustive traffic analysis, and develop comprehensive threat hunting strategies. By the end of this workshop, you will have the knowledge and skills necessary to discover new threats in your network.
\n
This workshop requires registration. If you are registered, please proceed to #phv-infobooth-text and you\'ll be given access to join.\n
\n#phv-infobooth-text: https://discord.com/channels/708208267699945503/708242376883306526\n
\'',NULL,68353),('2_Friday','14','13:00','14:59','Y','PHVW','','\'Intrusion Analysis and Threat Hunting with Open Source Tools\'','\'Jack Mott,Jason Williams,Josh Stroschein\'','PHVW_b955ed55fe747a7ada13f3c370796fcf','\'\'',NULL,68354),('2_Friday','16','16:00','17:59','N','PHVW','','\'Violent Python 3\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handleman,Sam Bowne\'','PHVW_f74c4b76262edb19b0e9ecb850c925a5','\'Title: Violent Python 3
\nWhen: Friday, Aug 7, 16:00 - 17:59 PDT
\nWhere: Packet Hacking Vlg - Workshop
\nSpeakers:Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handleman,Sam Bowne
\n
SpeakerBio:Elizabeth Biddlecome\n, Part-time Instructor, City College San Francisco
\nElizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She is a senior instructor for Infosec Decoded, Inc. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.
\n
SpeakerBio:Irvin Lemus\n
\nIrvin Lemus has served clients throughout California, providing valuable professional services that bring peace of mind to clients as well as security against the constant threats with our ever-connected world.
\n
SpeakerBio:Kaitlyn Handleman\n
\nKaitlyn Handleman is a Professional Red Teamer.
\n
SpeakerBio:Sam Bowne\n, Founder, Infosec Decoded Inc.; Instructor, City College San Francisco
\nSam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences.\n
Credentials: PhD, CISSP, DEF CON Black Badge Co-Winner\n
\nTwitter: @sambowne
\n\n
\nDescription:
\nEven if you have never programmed before, you can quickly and easily learn how to make custom hacking tools in Python. We build tools that perform port scanning, brute-force attacks, crack password hashes, and XOR encryption. Python is among the top three programming languages in the world, for good reason: it\'s the easiest language to use for general purposes.
\n
This workshop requires registration. If you are registered, please proceed to #phv-infobooth-text and you\'ll be given access to join.\n
\n#phv-infobooth-text: https://discord.com/channels/708208267699945503/708242376883306526\n
\'',NULL,68355),('2_Friday','17','16:00','17:59','Y','PHVW','','\'Violent Python 3\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handleman,Sam Bowne\'','PHVW_f74c4b76262edb19b0e9ecb850c925a5','\'\'',NULL,68356),('3_Saturday','09','09:00','10:59','N','PHVW','','\'Writing Wireshark Plugins for Security Analysis\'','\'Jeswin Mathai,Nishant Sharma\'','PHVW_be9c120d3af23220abe12a57256b7b7b','\'Title: Writing Wireshark Plugins for Security Analysis
\nWhen: Saturday, Aug 8, 09:00 - 10:59 PDT
\nWhere: Packet Hacking Vlg - Workshop
\nSpeakers:Jeswin Mathai,Nishant Sharma
\n
SpeakerBio:Jeswin Mathai\n, Security Researcher, Pentester Academy
\nJeswin Mathai (Twitter: @jeswinmathai) is a Researcher at Pentester Academy and Attack Defense. He has presented/published his work at DEF CON China, Blackhat Arsenal and Demo labs (DEFCON). He has a Bachelor\'s degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals, conducted awareness workshops for government institutions. He was also the part of team Pied Piper who won Smart India Hackathon 2017, a national level competition organized by GoI. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security and Web Application Security.
\nTwitter: @jeswinmathai
\n
SpeakerBio:Nishant Sharma\n, R&D Manager, Pentester Academy
\nNishant Sharma (Twitter: @wifisecguy) is an R&D Manager at Pentester Academy and Attack Defense. He is also the Architect at Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX and WiMini. He also handles technical content creation and moderation for Pentester Academy TV. He has 7+ years of experience in information security field including 5+ years in WiFi security research and development. He has presented/published his work at Blackhat USA/Asia, DEF CON China, Wireless Village, IoT village and Demo labs (DEFCON USA). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the state of art WiFi Intrusion Prevention System (WIPS). He has a Master\'s degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, Forensics and Cryptography.
\nTwitter: @wifisecguy
\n\n
\nDescription:
\nNetwork traffic always proves to be a gold mine when mined with proper tools. There are various open source and paid tools to analyze the traffic but most of them either have predefined functionality or scalability issues or one of a dozen other problems. And, in some cases when we are dealing with non-standard protocols, the analysis becomes more difficult. But, what if we can extend our favorite traffic analysis tool Wireshark to accommodate our requirements? As most people know, Wireshark supports custom plugins created in C and Lua which can be used to analyze or dissect the packets. In this workshop, we will learn the basics of Wireshark plugins and move on to create different types of plugins to perform dissection of non-standard protocol, provide macro statistics, detect attacks etc. We will use examples of older and newer protocols (including non-standard ones) to understand the plugin workflow and development.
\n
This workshop requires registration. If you are registered, please proceed to #phv-infobooth-text and you\'ll be given access to join.\n
\n#phv-infobooth-text: https://discord.com/channels/708208267699945503/708242376883306526\n
\'',NULL,68357),('3_Saturday','10','09:00','10:59','Y','PHVW','','\'Writing Wireshark Plugins for Security Analysis\'','\'Jeswin Mathai,Nishant Sharma\'','PHVW_be9c120d3af23220abe12a57256b7b7b','\'\'',NULL,68358),('3_Saturday','13','13:00','14:59','N','PHVW','','\'Wireshark for Incident Response & Threat Hunting\'','\'Michael Wylie\'','PHVW_ae36043e8ae0d988aa150659a005515e','\'Title: Wireshark for Incident Response & Threat Hunting
\nWhen: Saturday, Aug 8, 13:00 - 14:59 PDT
\nWhere: Packet Hacking Vlg - Workshop
\n
SpeakerBio:Michael Wylie\n, Director of Cybersecurity Services, Richey May Technology Solution
\nMichael Wylie (Twitter: @TheMikeWylie), MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GMON, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more.
\nTwitter: @TheMikeWylie
\n\n
\nDescription:
\nThis workshop will take student\'s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the workshop, we\'ll examine what different attacks and malware look like in Wireshark. Students will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network. There will be plenty of take home labs for additional practice.
\n
This workshop requires registration. If you are registered, please proceed to #phv-infobooth-text and you\'ll be given access to join.\n
\n#phv-infobooth-text: https://discord.com/channels/708208267699945503/708242376883306526\n
\'',NULL,68359),('3_Saturday','14','13:00','14:59','Y','PHVW','','\'Wireshark for Incident Response & Threat Hunting\'','\'Michael Wylie\'','PHVW_ae36043e8ae0d988aa150659a005515e','\'\'',NULL,68360),('3_Saturday','16','16:00','17:59','N','PHVW','','\'Advanced APT Hunting with Splunk\'','\'Matt Toth,Robert Wagner\'','PHVW_bbca83414da7716d1633c2bc5b9be9e2','\'Title: Advanced APT Hunting with Splunk
\nWhen: Saturday, Aug 8, 16:00 - 17:59 PDT
\nWhere: Packet Hacking Vlg - Workshop
\nSpeakers:Matt Toth,Robert Wagner
\n
SpeakerBio:Matt Toth\n, Security Strategist, Splunk
\nMatt Toth is a Security Strategist at Splunk with over 20 years of experience in the Information Technology industry, with a focus on Cyber Security. Working with the US Department of Defense, he has led teams in CyberWar simulations, and has advised senior leadership on new attack vectors and threat actors.
\n
SpeakerBio:Robert Wagner\n, Security Strategist
\nRobert Wagner is a security professional with 20+ years of InfoSec experience. He is a co-founder of \"Hak4Kidz.com\", an organizer with Burbsec and BurbSecCon in Chicago, and is on the Board of Directors of the ISSA Chicago Chapter.
\n\n
\nDescription:
\nYou wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the \"fictional\" APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre ATT&CK framework and how these concepts can frame your hunting. Using Splunk and OSINT, we will hunt for APT activity riddling a small startup\'s network. During the event, you will be presented a hypothesis and conduct your own hunts, whether it is for persistence, exfiltration, c2 or other adversary tactics. Heck, there might be some PowerShell to be found, too. We will regroup and review the specific hunt and discuss findings and what opportunities we have to operationalize these findings as well. At the end, we give you a dataset and tools to take home and try newly learned techniques yourself.
\n
This workshop requires registration. If you are registered, please proceed to #phv-infobooth-text and you\'ll be given access to join.\n
\n#phv-infobooth-text: https://discord.com/channels/708208267699945503/708242376883306526\n
\'',NULL,68361),('3_Saturday','17','16:00','17:59','Y','PHVW','','\'Advanced APT Hunting with Splunk\'','\'Matt Toth,Robert Wagner\'','PHVW_bbca83414da7716d1633c2bc5b9be9e2','\'\'',NULL,68362),('4_Sunday','09','09:00','12:59','N','PHVW','','\'Bad Active Directory (BAD)\'','\'Dhruv Verma,Michael Roberts,Xiang Wen Kuan\'','PHVW_e949af1b92865d5b624ba2c926437453','\'Title: Bad Active Directory (BAD)
\nWhen: Sunday, Aug 9, 09:00 - 12:59 PDT
\nWhere: Packet Hacking Vlg - Workshop
\nSpeakers:Dhruv Verma,Michael Roberts,Xiang Wen Kuan
\n
SpeakerBio:Dhruv Verma\n, Senior Security Consultant, NCC Group
\nDhruv Verma is a Senior Security Consultant at NCC Group, an information security firm specializing in application, network, and mobile security. Dhruv has extensive experience performing infrastructure assessments with a special interest in Windows Active Directory environments and projects involving social engineering vectors. He has gotten domain admin on multiple client networks by chaining together vulnerabilities in a very unique and interesting fashion. For instance, Dhruv combined a misconfigured Jenkins server with a AWS IAM privilege escalation attack to gain Domain Admin on an enterprise network via a clone\'n\'pwn attack.
\n
SpeakerBio:Michael Roberts\n, Senior Security Consultant, NCC Group
\nMichael Roberts is a Senior Security Consultant with NCC Group. Michael performs web, mobile application and network penetration tests, and has a passion for virtual reality and cooking outside of work life. Michael holds an bachelor\'s degree in computer and information technology from Purdue University.
\n
SpeakerBio:Xiang Wen Kuan\n, Security Consultant, NCC Group
\nXiang Wen Kuan is a Security Consultant at NCC Group. Kuan has conducted some infrastructure assessments and first started BAD under the supervision of Dhruv and Michael as his intern project at NCC. Kuan is as exciting as Kashi cereal and likes to eat free food at hacker events.
\n\n
\nDescription:
\nThis is an introductory to intermediate level Windows active directory (AD) training. The training has two parts: a lecture component, where we\'ll cover how active directory works and the core things you need to know to attack it effectively, and a series of hands-on labs modeled after real attacks we\'ve performed on client environments. The training will be heavily lab focused, with each student receiving their own AWS environment to play with. The labs are based off of how real modern networks look, not example test environments, and successfully completing each lab involves chaining together multiple vulnerabilities in a realistic kill chain methodology to get domain admin.
\n
This workshop requires registration. If you are registered, please proceed to #phv-infobooth-text and you\'ll be given access to join.\n
\n#phv-infobooth-text: https://discord.com/channels/708208267699945503/708242376883306526\n
\'',NULL,68363),('4_Sunday','10','09:00','12:59','Y','PHVW','','\'Bad Active Directory (BAD)\'','\'Dhruv Verma,Michael Roberts,Xiang Wen Kuan\'','PHVW_e949af1b92865d5b624ba2c926437453','\'\'',NULL,68364),('4_Sunday','11','09:00','12:59','Y','PHVW','','\'Bad Active Directory (BAD)\'','\'Dhruv Verma,Michael Roberts,Xiang Wen Kuan\'','PHVW_e949af1b92865d5b624ba2c926437453','\'\'',NULL,68365),('4_Sunday','12','09:00','12:59','Y','PHVW','','\'Bad Active Directory (BAD)\'','\'Dhruv Verma,Michael Roberts,Xiang Wen Kuan\'','PHVW_e949af1b92865d5b624ba2c926437453','\'\'',NULL,68366),('2_Friday','10','10:00','10:59','N','PHVT','','\'Media Analysis of Disinformation Campaigns\'','\'Chet Hosmer,Mike Raggo\'','PHVT_1e056300dd3b53583714d28b6a268730','\'Title: Media Analysis of Disinformation Campaigns
\nWhen: Friday, Aug 7, 10:00 - 10:59 PDT
\nWhere: Packet Hacking Vlg - Talk
\nSpeakers:Chet Hosmer,Mike Raggo
\n
SpeakerBio:Chet Hosmer\n, Owner, Python Forensics
\nChet Hosmer (Twitter: @chethosmer) is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.
\nTwitter: @chethosmer
\n
SpeakerBio:Mike Raggo\n, Co-Founder, SilentSignals.com
\nMike Raggo (Twitter: @MikeRaggo) has over 20 years of security research experience. Over the years he has uncovered numerous vulnerabilities in commercial networking, mobile, and security products. His current research focuses on multimedia disinformation campaigns. His research has been highlighted on television\'s CNN Tech, and numerous media publications including TIME, Forbes, Bloomberg, Dark Reading, TechCrunch, TechTarget, The Register, and countless others. Michael is the author of \"Mobile Data Loss: Threats & Countermeasures\" and \"Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols\" for Syngress Books, and is a contributing author for \"Information Security the Complete Reference 2nd Edition\". His Data Hiding book is also included at the NSA\'s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; and is a former participating member of FSISAC/BITS and the PCI Council. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon\'s Certificate of Appreciation.
\nTwitter: @MikeRaggo
\n\n
\nDescription:
\nIn this session we\'ll focus on the media aspects of disinformation campaigns with deep analysis of altered images, audio, and video to uncover methods used to twist narratives and mislead perceptions surrounding topical news stories. We\'ll dive into the taxonomy of fake photos, deepfakes, phishing audio fraud attacks, keyword squatting malware, fake rallies, narrative laundering, nation state fake intelligence. and media generated to inspire mass hysteria. We\'ll then further categorize these threats by their TTPs and provide methods for enhancing detection and response strategies. Real world examples will be demonstrated to provide deep and tangible insights into this systemic problem.
\n
\nYouTube: http://youtube.com/wallofsheep\n
Twitch: http://twitch.tv/wallofsheep\n
Facebook: http://facebook.com/wallofsheep/\n
Periscope: https://t.co/gnl7JLlftA?amp=1\n
\'',NULL,68367),('2_Friday','13','13:00','13:59','N','PHVT','','\'Dumpster Fires: 6 Things About IR I Learned by Being a Firefighter\'','\'Dr. Catherine Ullman\'','PHVT_eb0bfbaca8394f2b6e11a595fd9c1e5a','\'Title: Dumpster Fires: 6 Things About IR I Learned by Being a Firefighter
\nWhen: Friday, Aug 7, 13:00 - 13:59 PDT
\nWhere: Packet Hacking Vlg - Talk
\n
SpeakerBio:Dr. Catherine Ullman\n, Sr. Information Security Forensic Analyst
\nDr. Catherine J. Ullman (Twitter: @investigatorchi) is a security researcher, speaker, and Senior Information Security Forensic Analyst at University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a data forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness amongst faculty and staff via a comprehensive department-wide program which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous prestigious information security conferences including DEF CON and Hacker Halted. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.
\nTwitter: @investigatorchi
\n\n
\nDescription:
\nThreats surround us like a ring of burning fire. Unfortunately, incident response doesn\'t come naturally to an operational mindset where the focus tends to be on reactive problem solving. As a volunteer firefighter for over twenty years, investigatorchic has learned a lot about what is and isnt effective. There are surprising parallels between fighting real-life fires and the fire-fighting that passes for today\'s incident response. For example, striking a balance between swift response and patient reflection is often the difference between life and death, in a very literal sense for the firefighter and a figurative sense for the security professional. It\'s also all too easy to get tunnel vision and focus on the wrong areas, costing precious time. The security world is full of dumpster fires these days, so join this session to learn from a good firefighter what makes a good security person.
\n
\nYouTube: http://youtube.com/wallofsheep\n
Twitch: http://twitch.tv/wallofsheep\n
Facebook: http://facebook.com/wallofsheep/\n
Periscope: https://t.co/gnl7JLlftA?amp=1\n
\'',NULL,68368),('2_Friday','16','16:00','16:59','N','PHVT','','\'Take Down the Internet! With Scapy\'','\'C8 (John Hammond)\'','PHVT_125d8a055e1abcfbbe60e8df759f47f6','\'Title: Take Down the Internet! With Scapy
\nWhen: Friday, Aug 7, 16:00 - 16:59 PDT
\nWhere: Packet Hacking Vlg - Talk
\n
SpeakerBio:C8 (John Hammond)\n
\nJohn Hammond (Twitter: @_johnhammond) is a cybersecurity instructor, developer, red teamer, and CTF enthusiast. Cyber Training Academy curriculum developer and teacher for the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages and the adversarial mindset. He personally developed training material and infosec challenges for events such as PicoCTF and the \"Capture the Packet\" competition at DEFCON US. John speaks at security conferences such as BsidesNoVA, to students at colleges such as the University of North Carolina Greensboro, and other events like the SANS Holiday Hack Challenge/KringleCon. He is an online YouTube personality to showcase programming tutorials, cyber security guides, and CTF video walkthroughs. John currently holds the following certifications: Security+, eJPT, CEH, PCAP, OSWP, OSCP, OSCE, and OSWE.
\nTwitter: @_johnhammond
\n\n
\nDescription:
\nYou know Python remains a hacker\'s favorite language... and for both network defenders and attackers alike, Scapy shines as their favorite Python module! This talk introduces Scapy and its syntax, discusses and showcases multiple attacks that can be performed with Scapy (SYN flood, Ping of Death, DNS amplification attacks and more) as well as offering some defensive techniques to mitigate these attacks. These network attacks are often a \"denial of service\" and have dire consequences – so you choose your role as an attacker or defender, and be part of either the cause or the solution to take down the Internet!
\n
\nYouTube: http://youtube.com/wallofsheep\n
Twitch: http://twitch.tv/wallofsheep\n
Facebook: http://facebook.com/wallofsheep/\n
Periscope: https://t.co/gnl7JLlftA?amp=1\n
\'',NULL,68369),('3_Saturday','10','10:00','10:59','N','PHVT','','\'The Vulnerability That Gmail Overlooked and Enabling Threat Hunting\'','\'Özkan Mustafa Akkus\'','PHVT_8d358e8e85ea8203079c6e153733358c','\'Title: The Vulnerability That Gmail Overlooked and Enabling Threat Hunting
\nWhen: Saturday, Aug 8, 10:00 - 10:59 PDT
\nWhere: Packet Hacking Vlg - Talk
\n
SpeakerBio:Özkan Mustafa Akkus\n, Vulnerability Researcher and Penetration Testing Expert, Barikat Cyber Security
\nOzkan (Twitter: @ehakkus) is a vulnerability researcher and penetration testing expert in Turkey. While studying sports sciences and technologies, he decided to leave the University and step into the world of Cyber Security. His purpose is to provide added value to the world of cyber security through the training he has given and the research he has conducted. Ozkan publish security vulnerabilities on international platforms that he has discovered. He shares his experiences and works on his personal blog https://www.pentest.com.tr. Ozkan also has many internationally recognized certificates such as OSWE, OSCE, OSCP, OSWP, CEH, CCNA, TSE-STU. He gave trainings and presentations in many universities and institutions in his country. In addition to these studies, He gave the presentation of \"0day Hunting and RCE Exploitation in Web Applications\" in AppSec Village at Defcon 27.
\nTwitter: @ehakkus
\n\n
\nDescription:
\nThe use and working logic of the SMTP protocol is very simple, but it poses different threats. Large e-mail infrastructures such as Gmail can forget important and critical points that may threaten the security of people while using this protocol. By explaining this primitive structure of the SMTP protocol, we will examine the vulnerability that I discovered in Gmail. We will also do live examples.
\n
\nYouTube: http://youtube.com/wallofsheep\n
Twitch: http://twitch.tv/wallofsheep\n
Facebook: http://facebook.com/wallofsheep/\n
Periscope: https://t.co/gnl7JLlftA?amp=1\n
\'',NULL,68370),('3_Saturday','13','13:00','13:59','N','PHVT','','\'The Worst Mobile Apps\'','\'Sam Bowne\'','PHVT_f3b0d7372cbbb5e248e205658ee56d91','\'Title: The Worst Mobile Apps
\nWhen: Saturday, Aug 8, 13:00 - 13:59 PDT
\nWhere: Packet Hacking Vlg - Talk
\n
SpeakerBio:Sam Bowne\n, Founder, Infosec Decoded Inc.; Instructor, City College San Francisco
\nSam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences.\n
Credentials: PhD, CISSP, DEF CON Black Badge Co-Winner\n
\nTwitter: @sambowne
\n\n
\nDescription:
\nI\'ve audited hundreds of Android apps and now, thanks to the Checkra1n jailbreak, iOS apps as well. Many of these apps have security flaws such as exposing passwords on the phone or in network traffic, but a few of them are spectacularly insecure, exposing the entire user database to every user. I will explain how to perform simple tests to detect such errors and demonstrate them with live apps on both Android and iOS devices. Don\'t let this happen to your app!
\n
\nYouTube: http://youtube.com/wallofsheep\n
Twitch: http://twitch.tv/wallofsheep\n
Facebook: http://facebook.com/wallofsheep/\n
Periscope: https://t.co/gnl7JLlftA?amp=1\n
\'',NULL,68371),('4_Sunday','11','11:00','11:59','N','PHVT','','\'Packet Acquisition: Building the Haystack\'','\'Chris Abella,Pete Anderson\'','PHVT_67dc12384cc8569a0f54fb77197996a1','\'Title: Packet Acquisition: Building the Haystack
\nWhen: Sunday, Aug 9, 11:00 - 11:59 PDT
\nWhere: Packet Hacking Vlg - Talk
\nSpeakers:Chris Abella,Pete Anderson
\n
SpeakerBio:Chris Abella\n, P SE, ExtraHop Networks
\nNo BIO available
\n
SpeakerBio:Pete Anderson\n, Sr. SE, ExtraHop Networks
\nNo BIO available
\n\n
\nDescription:
\nPacket hacking doesn\'t happen without packets. There are multiple methods to get packets from a network; from local tcpdump and Wireshark all the way to enterprise wide tapping and span aggregation. In this talk, we\'ll discuss enterprise packet acquisition strategies and challenges, and the methods, tools, and techniques necessary to build the data foundation for effective network-based detection and forensics.\n
Garbage data in means garbage analysis out. Chris and Pete have spent decades working with Fortune 500 NOC and SOC teams to implement advanced packet analysis solutions, build better packet pipelines, and get more from those packets.\n
\n
\nYouTube: http://youtube.com/wallofsheep\n
Twitch: http://twitch.tv/wallofsheep\n
Facebook: http://facebook.com/wallofsheep/\n
Periscope: https://t.co/gnl7JLlftA?amp=1\n
\'',NULL,68372),('2_Friday','09','09:00','17:59','N','CNE','E','\'AppSec Village CtF\'','\' \'','CNE_2845126f214c777705d4a34607cd56ea','\'Title: AppSec Village CtF
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nCTFs test your skills, challenge your ingenuity and push mental boundaries. But what is even MORE AWESOME than a regular CTF?\n
A (CTF)2!! A competition that stretches your creative mind as a task author and makes you step up your game as a task player. This year, AppSec Village @ DEF CON 28 invites you to compete in both roles!\n
\nForum: https://forum.defcon.org/node/232292\n
Discord: https://discord.com/channels/708208267699945503/728703600586522739\n
Twitter: https://twitter.com/appsec_village\n
Web: https://www.appsecvillage.com/\n
\n\'',NULL,68373),('3_Saturday','09','09:00','17:59','N','CNE','E','\'AppSec Village CtF\'','\' \'','CNE_2ed3e7b3b86f153c7826f0b5f818edee','\'Title: AppSec Village CtF
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nCTFs test your skills, challenge your ingenuity and push mental boundaries. But what is even MORE AWESOME than a regular CTF?\n
A (CTF)2!! A competition that stretches your creative mind as a task author and makes you step up your game as a task player. This year, AppSec Village @ DEF CON 28 invites you to compete in both roles!\n
\nForum: https://forum.defcon.org/node/232292\n
Discord: https://discord.com/channels/708208267699945503/728703600586522739\n
Twitter: https://twitter.com/appsec_village\n
Web: https://www.appsecvillage.com/\n
\n\'',NULL,68374),('4_Sunday','09','09:00','17:59','N','CNE','E','\'AppSec Village CtF\'','\' \'','CNE_1547ef2fecf1e1db58737ff9c04d4cc9','\'Title: AppSec Village CtF
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nCTFs test your skills, challenge your ingenuity and push mental boundaries. But what is even MORE AWESOME than a regular CTF?\n
A (CTF)2!! A competition that stretches your creative mind as a task author and makes you step up your game as a task player. This year, AppSec Village @ DEF CON 28 invites you to compete in both roles!\n
\nForum: https://forum.defcon.org/node/232292\n
Discord: https://discord.com/channels/708208267699945503/728703600586522739\n
Twitter: https://twitter.com/appsec_village\n
Web: https://www.appsecvillage.com/\n
\n\'',NULL,68375),('2_Friday','09','09:00','17:59','N','CNE','E','\'Be the Match - registration drive\'','\' \'','CNE_29b6312ab2026fc2bd99fbc151c4e67c','\'Title: Be the Match - registration drive
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nBe the Match registration drive is returning once again! Swing by and check out one of the coolest biohacks out there, and how you could be the next person to save a life through cellular therapy.\n
\nDiscord: https://discord.com/channels/708208267699945503/711643405004046457\n
Web: https://bethematch.org\n
\n\'',NULL,68376),('3_Saturday','09','09:00','17:59','N','CNE','E','\'Be the Match - registration drive\'','\' \'','CNE_36bffe8d359d6042abfc3a485194ffb1','\'Title: Be the Match - registration drive
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nBe the Match registration drive is returning once again! Swing by and check out one of the coolest biohacks out there, and how you could be the next person to save a life through cellular therapy.\n
\nDiscord: https://discord.com/channels/708208267699945503/711643405004046457\n
Web: https://bethematch.org\n
\n\'',NULL,68377),('4_Sunday','09','09:00','17:59','N','CNE','E','\'Be the Match - registration drive\'','\' \'','CNE_ce356274063b964201876a9c850c8372','\'Title: Be the Match - registration drive
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nBe the Match registration drive is returning once again! Swing by and check out one of the coolest biohacks out there, and how you could be the next person to save a life through cellular therapy.\n
\nDiscord: https://discord.com/channels/708208267699945503/711643405004046457\n
Web: https://bethematch.org\n
\n\'',NULL,68378),('2_Friday','09','09:00','17:59','N','CNE','E','\'Bio-Hacking - Hospital Under Siege\'','\' \'','CNE_303aa50858462b2e9359eebec27c2c1e','\'Title: Bio-Hacking - Hospital Under Siege
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nAdversaries have gained a foothold in your local hospital and are increasing their control over clinical systems and medical devices. Soon they make it clear they’re not after patient records or financial information, but are out to disrupt care delivery and put patients lives at risk. Your team received an urgent request to use your blue, red, and purple team skills to defend against the escalating attacks, attempt to unmask the adversary, and - above all - protect patient lives.\n
Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others. You will hack actual medical devices and play with exotic protocols like DICOM, HL7 and FHIR.\n
\nForum: https://forum.defcon.org/node/232894\n
Discord: https://discord.com/channels/708208267699945503/711643365120278540\n
Twitter: https://twitter.com/DC_BHV\n
Web: https://www.villageb.io/\n
\n\'',NULL,68379),('3_Saturday','09','09:00','17:59','N','CNE','E','\'Bio-Hacking - Hospital Under Siege\'','\' \'','CNE_aa6271264266d819b5fa9563f62dd90a','\'Title: Bio-Hacking - Hospital Under Siege
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nAdversaries have gained a foothold in your local hospital and are increasing their control over clinical systems and medical devices. Soon they make it clear they’re not after patient records or financial information, but are out to disrupt care delivery and put patients lives at risk. Your team received an urgent request to use your blue, red, and purple team skills to defend against the escalating attacks, attempt to unmask the adversary, and - above all - protect patient lives.\n
Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others. You will hack actual medical devices and play with exotic protocols like DICOM, HL7 and FHIR.\n
\nForum: https://forum.defcon.org/node/232894\n
Discord: https://discord.com/channels/708208267699945503/711643365120278540\n
Twitter: https://twitter.com/DC_BHV\n
Web: https://www.villageb.io/\n
\n\'',NULL,68380),('4_Sunday','09','09:00','17:59','N','CNE','E','\'Bio-Hacking - Hospital Under Siege\'','\' \'','CNE_b6f542a956e4c0fa88e2129a00fa8d16','\'Title: Bio-Hacking - Hospital Under Siege
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nAdversaries have gained a foothold in your local hospital and are increasing their control over clinical systems and medical devices. Soon they make it clear they’re not after patient records or financial information, but are out to disrupt care delivery and put patients lives at risk. Your team received an urgent request to use your blue, red, and purple team skills to defend against the escalating attacks, attempt to unmask the adversary, and - above all - protect patient lives.\n
Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others. You will hack actual medical devices and play with exotic protocols like DICOM, HL7 and FHIR.\n
\nForum: https://forum.defcon.org/node/232894\n
Discord: https://discord.com/channels/708208267699945503/711643365120278540\n
Twitter: https://twitter.com/DC_BHV\n
Web: https://www.villageb.io/\n
\n\'',NULL,68381),('2_Friday','09','09:00','17:59','N','CNE','E','\'Capture The Packet (CTP)\'','\' \'','CNE_33f837ff5fd20eeaed1fc01bf2dd1ff6','\'Title: Capture The Packet (CTP)
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nCome compete in the world’s most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.\nFollow us on Twitter or Facebook (links below) to get notifications for dates and times your team will compete, as well as what prizes will be awarded.\n
\nTwitter capturetp: https://twitter.com/capturetp\n
Twitter wallofsheep: https://twitter.com/wallofsheep\n
Discord: https://discord.com/channels/708208267699945503/711643512625430529\n
Web: https://www.capturethepacket.com/\n
\n\'',NULL,68382),('3_Saturday','09','09:00','17:59','N','CNE','E','\'Capture The Packet (CTP)\'','\' \'','CNE_03d7a56606fc080333af66ce54363bcd','\'Title: Capture The Packet (CTP)
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nCome compete in the world’s most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.\nFollow us on Twitter or Facebook (links below) to get notifications for dates and times your team will compete, as well as what prizes will be awarded.\n
\nTwitter capturetp: https://twitter.com/capturetp\n
Twitter wallofsheep: https://twitter.com/wallofsheep\n
Discord: https://discord.com/channels/708208267699945503/711643512625430529\n
Web: https://www.capturethepacket.com/\n
\n\'',NULL,68383),('4_Sunday','09','09:00','17:59','N','CNE','E','\'Capture The Packet (CTP)\'','\' \'','CNE_b09a41ed81548370d136baa52f9a1041','\'Title: Capture The Packet (CTP)
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nCome compete in the world’s most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.\nFollow us on Twitter or Facebook (links below) to get notifications for dates and times your team will compete, as well as what prizes will be awarded.\n
\nTwitter capturetp: https://twitter.com/capturetp\n
Twitter wallofsheep: https://twitter.com/wallofsheep\n
Discord: https://discord.com/channels/708208267699945503/711643512625430529\n
Web: https://www.capturethepacket.com/\n
\n\'',NULL,68384),('2_Friday','09','09:00','17:59','N','CNE','E','\'Car Hacking Village CTF\'','\' \'','CNE_936044f39c86f5c1347f77e0f6c758cb','\'Title: Car Hacking Village CTF
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nCome learn, hack, play at the Car Hacking Village. The village is an open, collaborative space to hack actual vehicles that you don\'t have to worry about breaking! Don\'t have tools? We\'ll loan you some. Never connected to a car? We\'ll show you how. Don\'t know where the controllers are? We\'ll show you how to take it apart.\n
Additionally we\'ll host a Donkey Car race. Check out our web site for up to date info.\n
Want to race? Check out of full car simulator(s).\n
Want to learn more about automotive hacking and cyber security? Check out our talks.\n
Want to hack mobility scooters? Yes! We\'ll do that to.\n
Also, check out the CHV CTF.\n
\nDiscord: https://discord.com/channels/708208267699945503/711643596658311229\n
Twitter: https://twitter.com/CarHackVillage\n
Web: https://www.carhackingvillage.com/\n
\n\'',NULL,68385),('3_Saturday','09','09:00','17:59','N','CNE','E','\'Car Hacking Village CTF\'','\' \'','CNE_0335d28c5500775f5bb02cacca80cb72','\'Title: Car Hacking Village CTF
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nCome learn, hack, play at the Car Hacking Village. The village is an open, collaborative space to hack actual vehicles that you don\'t have to worry about breaking! Don\'t have tools? We\'ll loan you some. Never connected to a car? We\'ll show you how. Don\'t know where the controllers are? We\'ll show you how to take it apart.\n
Additionally we\'ll host a Donkey Car race. Check out our web site for up to date info.\n
Want to race? Check out of full car simulator(s).\n
Want to learn more about automotive hacking and cyber security? Check out our talks.\n
Want to hack mobility scooters? Yes! We\'ll do that to.\n
Also, check out the CHV CTF.\n
\nDiscord: https://discord.com/channels/708208267699945503/711643596658311229\n
Twitter: https://twitter.com/CarHackVillage\n
Web: https://www.carhackingvillage.com/\n
\n\'',NULL,68386),('4_Sunday','09','09:00','17:59','N','CNE','E','\'Car Hacking Village CTF\'','\' \'','CNE_bfa695ea296b0392a790db15cfa4bac1','\'Title: Car Hacking Village CTF
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nCome learn, hack, play at the Car Hacking Village. The village is an open, collaborative space to hack actual vehicles that you don\'t have to worry about breaking! Don\'t have tools? We\'ll loan you some. Never connected to a car? We\'ll show you how. Don\'t know where the controllers are? We\'ll show you how to take it apart.\n
Additionally we\'ll host a Donkey Car race. Check out our web site for up to date info.\n
Want to race? Check out of full car simulator(s).\n
Want to learn more about automotive hacking and cyber security? Check out our talks.\n
Want to hack mobility scooters? Yes! We\'ll do that to.\n
Also, check out the CHV CTF.\n
\nDiscord: https://discord.com/channels/708208267699945503/711643596658311229\n
Twitter: https://twitter.com/CarHackVillage\n
Web: https://www.carhackingvillage.com/\n
\n\'',NULL,68387),('2_Friday','09','09:00','17:59','N','CNE','E','\'CMD+CTRL CyberRange\'','\' \'','CNE_4bd53f83293866fe555ebddaa86bca01','\'Title: CMD+CTRL CyberRange
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nCMD+CTRL has evolved! Slip into an immersive scenario, spanning an entire corporate cloud environment. Intelligent chatbots acting as skilled hackers will guide you every step of the way, as you perform recon, social engineering, data exfiltration, privilege escalation and much more. Move through websites, servers, accounts and cloud services, all in an effort to thwart an evil CEO and corrupt corporation. Just don’t get caught, or you may have to burn it all down to cover your tracks!\n
\nForum: https://forum.defcon.org/node/231474\n
Discord: https://discord.com/channels/708208267699945503/711643642388807800\n
Twitter: https://twitter.com/SecInnovation\n
\n\'',NULL,68388),('3_Saturday','09','09:00','17:59','N','CNE','E','\'CMD+CTRL CyberRange\'','\' \'','CNE_484b48a53d9fc1d78fa8d5c0fa5def4d','\'Title: CMD+CTRL CyberRange
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nCMD+CTRL has evolved! Slip into an immersive scenario, spanning an entire corporate cloud environment. Intelligent chatbots acting as skilled hackers will guide you every step of the way, as you perform recon, social engineering, data exfiltration, privilege escalation and much more. Move through websites, servers, accounts and cloud services, all in an effort to thwart an evil CEO and corrupt corporation. Just don’t get caught, or you may have to burn it all down to cover your tracks!\n
\nForum: https://forum.defcon.org/node/231474\n
Discord: https://discord.com/channels/708208267699945503/711643642388807800\n
Twitter: https://twitter.com/SecInnovation\n
\n\'',NULL,68389),('4_Sunday','09','09:00','17:59','N','CNE','E','\'CMD+CTRL CyberRange\'','\' \'','CNE_36ad8af1a8e056aa4b43718a99768890','\'Title: CMD+CTRL CyberRange
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nCMD+CTRL has evolved! Slip into an immersive scenario, spanning an entire corporate cloud environment. Intelligent chatbots acting as skilled hackers will guide you every step of the way, as you perform recon, social engineering, data exfiltration, privilege escalation and much more. Move through websites, servers, accounts and cloud services, all in an effort to thwart an evil CEO and corrupt corporation. Just don’t get caught, or you may have to burn it all down to cover your tracks!\n
\nForum: https://forum.defcon.org/node/231474\n
Discord: https://discord.com/channels/708208267699945503/711643642388807800\n
Twitter: https://twitter.com/SecInnovation\n
\n\'',NULL,68390),('2_Friday','09','09:00','17:59','N','CNE','E','\'Crack Me If You Can (CMIYC)\'','\' \'','CNE_827660783ec7e399f8d80b57d546c2e8','\'Title: Crack Me If You Can (CMIYC)
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIn its tenth year, the premier password cracking contest \"Crack Me If You Can\" is returning to DEFCON. The world\'s best password cracking teams are assembled and are awaiting the hardest 48 hours of their year.\n
Every year, the contest has a different surprise/twist. One year it was all international passwords, last year it was password rotation and BCRYPT, and 10 years ago it was capital letters. Oh the humanity!\n
This year the teams will be cracking hashes, generated by the CMIYC team, using plain-texts donated by famous hackers and Internet founders. Time for you to test your password cracking skills against your heroes.\n
Teams have 48 hours to crack as many passwords as possible using what ever resources they can legally assemble. Teams are split into \"PRO\" (for the large, professional password cracking teams) and \"STREET\" for smaller teams, or beginners.\n
Each year the \"Crack Me If You Can\" team gives away hundreds of free password cracking shirts in the Contest area.\n
\nForum: https://forum.defcon.org/node/231475\n
Discord: https://discord.com/channels/708208267699945503/711644827053457478\n
Twitter: https://twitter.com/CrackMeIfYouCan\n
Web: https://contest-2020.korelogic.com/\n
\n\'',NULL,68391),('3_Saturday','09','09:00','17:59','N','CNE','E','\'Crack Me If You Can (CMIYC)\'','\' \'','CNE_f1841d85c111fdc0389deafed25b7c4f','\'Title: Crack Me If You Can (CMIYC)
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIn its tenth year, the premier password cracking contest \"Crack Me If You Can\" is returning to DEFCON. The world\'s best password cracking teams are assembled and are awaiting the hardest 48 hours of their year.\n
Every year, the contest has a different surprise/twist. One year it was all international passwords, last year it was password rotation and BCRYPT, and 10 years ago it was capital letters. Oh the humanity!\n
This year the teams will be cracking hashes, generated by the CMIYC team, using plain-texts donated by famous hackers and Internet founders. Time for you to test your password cracking skills against your heroes.\n
Teams have 48 hours to crack as many passwords as possible using what ever resources they can legally assemble. Teams are split into \"PRO\" (for the large, professional password cracking teams) and \"STREET\" for smaller teams, or beginners.\n
Each year the \"Crack Me If You Can\" team gives away hundreds of free password cracking shirts in the Contest area.\n
\nForum: https://forum.defcon.org/node/231475\n
Discord: https://discord.com/channels/708208267699945503/711644827053457478\n
Twitter: https://twitter.com/CrackMeIfYouCan\n
Web: https://contest-2020.korelogic.com/\n
\n\'',NULL,68392),('4_Sunday','09','09:00','17:59','N','CNE','E','\'Crack Me If You Can (CMIYC)\'','\' \'','CNE_b0e6a8cad29c4c404c27ad82056da2c5','\'Title: Crack Me If You Can (CMIYC)
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIn its tenth year, the premier password cracking contest \"Crack Me If You Can\" is returning to DEFCON. The world\'s best password cracking teams are assembled and are awaiting the hardest 48 hours of their year.\n
Every year, the contest has a different surprise/twist. One year it was all international passwords, last year it was password rotation and BCRYPT, and 10 years ago it was capital letters. Oh the humanity!\n
This year the teams will be cracking hashes, generated by the CMIYC team, using plain-texts donated by famous hackers and Internet founders. Time for you to test your password cracking skills against your heroes.\n
Teams have 48 hours to crack as many passwords as possible using what ever resources they can legally assemble. Teams are split into \"PRO\" (for the large, professional password cracking teams) and \"STREET\" for smaller teams, or beginners.\n
Each year the \"Crack Me If You Can\" team gives away hundreds of free password cracking shirts in the Contest area.\n
\nForum: https://forum.defcon.org/node/231475\n
Discord: https://discord.com/channels/708208267699945503/711644827053457478\n
Twitter: https://twitter.com/CrackMeIfYouCan\n
Web: https://contest-2020.korelogic.com/\n
\n\'',NULL,68393),('2_Friday','09','09:00','17:59','N','CNE','E','\'(Before Con) Creative Writing Short Story Contest\'','\' \'','CNE_6ad1dee380678682857cd8fdcc1c9e00','\'Title: (Before Con) Creative Writing Short Story Contest
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThe DEF CON Short Story contest is a pre-con contest that is run entirely online utilizing the DEF CON forums and subreddit. This contest follows the theme of DEF CON for the year and encourages hackers to roll up their sleeves and write the best creative story that they can. The Short Story Contest encourages skills that are invaluable in the hacker’s world, but are sometimes overlooked. Creative writing in a contest setting helps celebrate creativity and originality in arenas other than hardware or software hacking and provides a creative outlet for individuals who may not have another place to tell their stories.\n
\nForum: https://forum.defcon.org/node/231200\n
Discord: https://discord.com/channels/708208267699945503/711643275584340069\n
Twitter: https://twitter.com/dcshortstory\n
\n\'',NULL,68394),('3_Saturday','09','09:00','17:59','N','CNE','E','\'(Before Con) Creative Writing Short Story Contest\'','\' \'','CNE_5bc2e2f14d33ceb9df46515d2104c335','\'Title: (Before Con) Creative Writing Short Story Contest
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThe DEF CON Short Story contest is a pre-con contest that is run entirely online utilizing the DEF CON forums and subreddit. This contest follows the theme of DEF CON for the year and encourages hackers to roll up their sleeves and write the best creative story that they can. The Short Story Contest encourages skills that are invaluable in the hacker’s world, but are sometimes overlooked. Creative writing in a contest setting helps celebrate creativity and originality in arenas other than hardware or software hacking and provides a creative outlet for individuals who may not have another place to tell their stories.\n
\nForum: https://forum.defcon.org/node/231200\n
Discord: https://discord.com/channels/708208267699945503/711643275584340069\n
Twitter: https://twitter.com/dcshortstory\n
\n\'',NULL,68395),('4_Sunday','09','09:00','17:59','N','CNE','E','\'(Before Con) Creative Writing Short Story Contest\'','\' \'','CNE_fc3aeff6dc3878001484338971aadd52','\'Title: (Before Con) Creative Writing Short Story Contest
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThe DEF CON Short Story contest is a pre-con contest that is run entirely online utilizing the DEF CON forums and subreddit. This contest follows the theme of DEF CON for the year and encourages hackers to roll up their sleeves and write the best creative story that they can. The Short Story Contest encourages skills that are invaluable in the hacker’s world, but are sometimes overlooked. Creative writing in a contest setting helps celebrate creativity and originality in arenas other than hardware or software hacking and provides a creative outlet for individuals who may not have another place to tell their stories.\n
\nForum: https://forum.defcon.org/node/231200\n
Discord: https://discord.com/channels/708208267699945503/711643275584340069\n
Twitter: https://twitter.com/dcshortstory\n
\n\'',NULL,68396),('2_Friday','09','09:00','17:59','N','CNE','E','\'Coindroids\'','\' \'','CNE_359512759dd4d5fbf918fd73e858b21e','\'Title: Coindroids
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThe year is 20X5 and humanity has fallen: now there are only Coindroids. The machines we designed to manage our finances have supplanted and destroyed the human race by turning our own economy against us. Now they battle each other in the ruins of our fallen cities, driven by a single directive: money is power.\n \n
Battle your way to the top of the leaderboard by attacking rival droids and completing hidden challenges.\n \n
New to cryptocurrencies? No DEFCOIN to play with? Not a problem! Just come visit our booth in the contest area and we can help get you started.\n
\nForum: https://forum.defcon.org/node/233033\n
Discord: https://discord.com/channels/708208267699945503/711643539573833878\n
Twitter: https://twitter.com/coindroids\n
Web: https://www.coindroids.com\n
\n\'',NULL,68397),('3_Saturday','09','09:00','17:59','N','CNE','E','\'Coindroids\'','\' \'','CNE_9c9963909f7235fa23b431b8561b79ca','\'Title: Coindroids
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThe year is 20X5 and humanity has fallen: now there are only Coindroids. The machines we designed to manage our finances have supplanted and destroyed the human race by turning our own economy against us. Now they battle each other in the ruins of our fallen cities, driven by a single directive: money is power.\n \n
Battle your way to the top of the leaderboard by attacking rival droids and completing hidden challenges.\n \n
New to cryptocurrencies? No DEFCOIN to play with? Not a problem! Just come visit our booth in the contest area and we can help get you started.\n
\nForum: https://forum.defcon.org/node/233033\n
Discord: https://discord.com/channels/708208267699945503/711643539573833878\n
Twitter: https://twitter.com/coindroids\n
Web: https://www.coindroids.com\n
\n\'',NULL,68398),('4_Sunday','09','09:00','17:59','N','CNE','E','\'Coindroids\'','\' \'','CNE_a290db8c7a5bab0300df962651d18b07','\'Title: Coindroids
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThe year is 20X5 and humanity has fallen: now there are only Coindroids. The machines we designed to manage our finances have supplanted and destroyed the human race by turning our own economy against us. Now they battle each other in the ruins of our fallen cities, driven by a single directive: money is power.\n \n
Battle your way to the top of the leaderboard by attacking rival droids and completing hidden challenges.\n \n
New to cryptocurrencies? No DEFCOIN to play with? Not a problem! Just come visit our booth in the contest area and we can help get you started.\n
\nForum: https://forum.defcon.org/node/233033\n
Discord: https://discord.com/channels/708208267699945503/711643539573833878\n
Twitter: https://twitter.com/coindroids\n
Web: https://www.coindroids.com\n
\n\'',NULL,68399),('2_Friday','10','10:00','19:59','N','CNE','E','\'DEF CON Scavenger Hunt\'','\' \'','CNE_6b519b09e50984c3b10a13c7f9a3e31b','\'Title: DEF CON Scavenger Hunt
\nWhen: Friday, Aug 7, 10:00 - 19:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nWhile everyone in the world finds themselves socially distanced and in some level of quarantine, we are bringing the DEF CON Scavenger Hunt to you. As this year is so different, teams will be limited to one person.\n
The list will drop at 10AM on Friday, with items to produce and tasks to accomplish until the game ends at noon on Sunday. You will be competing for glory, bragging rights, and prizes (that you can pick up at the table, during the next in-person DEF CON).\n
\nForum: https://forum.defcon.org/node/232938\n
Discord: https://discord.com/channels/708208267699945503/711049278163779605\n
Twitter: https://twitter.com/DefConScavHunt\n
Web: http://defconscavhunt.com/\n
\n\'',NULL,68400),('3_Saturday','10','10:00','19:59','N','CNE','E','\'DEF CON Scavenger Hunt\'','\' \'','CNE_ea7bb677525d44ba05b9a7861c18b1f1','\'Title: DEF CON Scavenger Hunt
\nWhen: Saturday, Aug 8, 10:00 - 19:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nWhile everyone in the world finds themselves socially distanced and in some level of quarantine, we are bringing the DEF CON Scavenger Hunt to you. As this year is so different, teams will be limited to one person.\n
The list will drop at 10AM on Friday, with items to produce and tasks to accomplish until the game ends at noon on Sunday. You will be competing for glory, bragging rights, and prizes (that you can pick up at the table, during the next in-person DEF CON).\n
\nForum: https://forum.defcon.org/node/232938\n
Discord: https://discord.com/channels/708208267699945503/711049278163779605\n
Twitter: https://twitter.com/DefConScavHunt\n
Web: http://defconscavhunt.com/\n
\n\'',NULL,68401),('4_Sunday','10','10:00','11:59','N','CNE','E','\'DEF CON Scavenger Hunt\'','\' \'','CNE_ea515561b068905a702007f1099dac9e','\'Title: DEF CON Scavenger Hunt
\nWhen: Sunday, Aug 9, 10:00 - 11:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nWhile everyone in the world finds themselves socially distanced and in some level of quarantine, we are bringing the DEF CON Scavenger Hunt to you. As this year is so different, teams will be limited to one person.\n
The list will drop at 10AM on Friday, with items to produce and tasks to accomplish until the game ends at noon on Sunday. You will be competing for glory, bragging rights, and prizes (that you can pick up at the table, during the next in-person DEF CON).\n
\nForum: https://forum.defcon.org/node/232938\n
Discord: https://discord.com/channels/708208267699945503/711049278163779605\n
Twitter: https://twitter.com/DefConScavHunt\n
Web: http://defconscavhunt.com/\n
\n\'',NULL,68402),('2_Friday','17','17:00','18:59','N','CNE','','\'EFF Tech Trivia Pub Quiz\'','\' \'','CNE_31f65ca2a4bab19d56f071a40806b223','\'Title: EFF Tech Trivia Pub Quiz
\nWhen: Friday, Aug 7, 17:00 - 18:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nEFF\'s team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Plaque and EFF swag pack. The second and third place teams will also win great EFF gear.\n
\nForum: https://forum.defcon.org/node/232941\n
Discord: https://discord.com/channels/708208267699945503/711644552573747350\n
Twitter: https://twitter.com/EFF\n
Web: https://eff.org\n
\n\'',NULL,68403),('2_Friday','18','17:00','18:59','Y','CNE','','\'EFF Tech Trivia Pub Quiz\'','\' \'','CNE_31f65ca2a4bab19d56f071a40806b223','\'\'',NULL,68404),('2_Friday','09','09:00','17:59','N','CNE','E','\'The Gold Bug – Crypto and Privacy Village Puzzle\'','\' \'','CNE_cc3deccceb8989f29b0ca396a0b76461','\'Title: The Gold Bug – Crypto and Privacy Village Puzzle
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nLove puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go.\n
The Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!\nPELCGBTENCUL VF UNEQ\n
\nForum: https://forum.defcon.org/node/232942\n
Discord: https://discord.com/channels/708208267699945503/711644108837486602\n
Twitter: https://twitter.com/CryptoVillage \n
Web: https://goldbug.cryptovillage.org/\n
\n\'',NULL,68405),('3_Saturday','09','09:00','17:59','N','CNE','E','\'The Gold Bug – Crypto and Privacy Village Puzzle\'','\' \'','CNE_7cf2f27d64857e6664e61cb2a82a9f8c','\'Title: The Gold Bug – Crypto and Privacy Village Puzzle
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nLove puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go.\n
The Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!\nPELCGBTENCUL VF UNEQ\n
\nForum: https://forum.defcon.org/node/232942\n
Discord: https://discord.com/channels/708208267699945503/711644108837486602\n
Twitter: https://twitter.com/CryptoVillage \n
Web: https://goldbug.cryptovillage.org/\n
\n\'',NULL,68406),('4_Sunday','09','09:00','17:59','N','CNE','E','\'The Gold Bug – Crypto and Privacy Village Puzzle\'','\' \'','CNE_53bbe6e4eed0019c86c34c0443472cbc','\'Title: The Gold Bug – Crypto and Privacy Village Puzzle
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nLove puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go.\n
The Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!\nPELCGBTENCUL VF UNEQ\n
\nForum: https://forum.defcon.org/node/232942\n
Discord: https://discord.com/channels/708208267699945503/711644108837486602\n
Twitter: https://twitter.com/CryptoVillage \n
Web: https://goldbug.cryptovillage.org/\n
\n\'',NULL,68407),('2_Friday','09','09:00','17:59','N','CNE','E','\'Hackfortress\'','\' \'','CNE_43c64f6912982b5cce6e697576e12ac1','\'Title: Hackfortress
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy solving puzzles. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store.\n
\nForum: https://forum.defcon.org/node/232291\n
Discord: https://discord.com/channels/708208267699945503/711643831275225125\n
Twitter: https://twitter.com/tf2shmoo\n
Web: http://hackfortress.net\n
\n\'',NULL,68408),('3_Saturday','09','09:00','17:59','N','CNE','E','\'Hackfortress\'','\' \'','CNE_da535b2ffb83acb74515f6257e224022','\'Title: Hackfortress
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy solving puzzles. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store.\n
\nForum: https://forum.defcon.org/node/232291\n
Discord: https://discord.com/channels/708208267699945503/711643831275225125\n
Twitter: https://twitter.com/tf2shmoo\n
Web: http://hackfortress.net\n
\n\'',NULL,68409),('4_Sunday','09','09:00','17:59','N','CNE','E','\'Hackfortress\'','\' \'','CNE_1d49f1eee97bb1375b1f4f715c33915a','\'Title: Hackfortress
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy solving puzzles. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store.\n
\nForum: https://forum.defcon.org/node/232291\n
Discord: https://discord.com/channels/708208267699945503/711643831275225125\n
Twitter: https://twitter.com/tf2shmoo\n
Web: http://hackfortress.net\n
\n\'',NULL,68410),('2_Friday','08','08:30','15:59','N','AEV','E','\'Hack-a-Sat\'','\' \'','AEV_0b95a3a2967ff8de2b5448dcee585367','\'Title: Hack-a-Sat
\nWhen: Friday, Aug 7, 08:30 - 15:59 PDT
\nWhere: Aerospace Vlg
\n
\nDescription:
\nThe democratization of space has opened up a new frontier for exploration and innovation. But with this opportunity, new cybersecurity vulnerabilities are also being created. One human can design, build and launch a satellite, adhering to very few standards and security protocols. So how can we achieve safe, reliable and trustworthy operations to truly realize the promise of space?\n
...BY HACKING A SATELLITE\n
The United States Air Force, in conjunction with the Defense Digital Service, presents this year’s Space Security Challenge, Hack-A-Sat. This challenge asks hackers from around the world to focus their skills and creativity on solving cybersecurity challenges on space systems.\n
Security experts from around the globe are invited to pull together a team for our Hack-A-Sat Capture the Flag contest. Participants who successfully complete a set of qualification challenges on cybersecurity and space this spring will be invited to the ultimate challenge: to (ethically) hack a satellite.\n
\nForum: https://forum.defcon.org/node/231203\n
Twitter: asat\">https://twitter.com/hackasat\n
Web: https://www.HackASat.com\n
Discord: https://discord.com/channels/708208267699945503/732393766677119087\n
\n\'',NULL,68411),('3_Saturday','09','09:30','15:59','N','AEV','E','\'Hack-a-Sat\'','\' \'','AEV_eb443b0269a83d7ad222a4a7331ff942','\'Title: Hack-a-Sat
\nWhen: Saturday, Aug 8, 09:30 - 15:59 PDT
\nWhere: Aerospace Vlg
\n
\nDescription:
\nThe democratization of space has opened up a new frontier for exploration and innovation. But with this opportunity, new cybersecurity vulnerabilities are also being created. One human can design, build and launch a satellite, adhering to very few standards and security protocols. So how can we achieve safe, reliable and trustworthy operations to truly realize the promise of space?\n
...BY HACKING A SATELLITE\n
The United States Air Force, in conjunction with the Defense Digital Service, presents this year’s Space Security Challenge, Hack-A-Sat. This challenge asks hackers from around the world to focus their skills and creativity on solving cybersecurity challenges on space systems.\n
Security experts from around the globe are invited to pull together a team for our Hack-A-Sat Capture the Flag contest. Participants who successfully complete a set of qualification challenges on cybersecurity and space this spring will be invited to the ultimate challenge: to (ethically) hack a satellite.\n
\nForum: https://forum.defcon.org/node/231203\n
Twitter: asat\">https://twitter.com/hackasat\n
Web: https://www.HackASat.com\n
Discord: https://discord.com/channels/708208267699945503/732393766677119087\n
\n\'',NULL,68412),('4_Sunday','09','09:00','13:59','N','AEV','E','\'Hack-a-Sat\'','\' \'','AEV_3710e2bb0270eeecf56ed783b7c36950','\'Title: Hack-a-Sat
\nWhen: Sunday, Aug 9, 09:00 - 13:59 PDT
\nWhere: Aerospace Vlg
\n
\nDescription:
\nThe democratization of space has opened up a new frontier for exploration and innovation. But with this opportunity, new cybersecurity vulnerabilities are also being created. One human can design, build and launch a satellite, adhering to very few standards and security protocols. So how can we achieve safe, reliable and trustworthy operations to truly realize the promise of space?\n
...BY HACKING A SATELLITE\n
The United States Air Force, in conjunction with the Defense Digital Service, presents this year’s Space Security Challenge, Hack-A-Sat. This challenge asks hackers from around the world to focus their skills and creativity on solving cybersecurity challenges on space systems.\n
Security experts from around the globe are invited to pull together a team for our Hack-A-Sat Capture the Flag contest. Participants who successfully complete a set of qualification challenges on cybersecurity and space this spring will be invited to the ultimate challenge: to (ethically) hack a satellite.\n
\nForum: https://forum.defcon.org/node/231203\n
Twitter: asat\">https://twitter.com/hackasat\n
Web: https://www.HackASat.com\n
Discord: https://discord.com/channels/708208267699945503/732393766677119087\n
\n\'',NULL,68413),('2_Friday','09','09:00','17:59','N','CNE','E','\'H@cker Runw@y\'','\' \'','CNE_f27daae1c45038c5d2aa6c58e7626839','\'Title: H@cker Runw@y
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nFor the second year, H@ck3r Runw@y is bringing together fashionistas out there. Make it SMART, LIGHT it up, OBFUSCATE something, or be GEEKY on fleek. Enter clothing, shoes, jewelry, hats or accessories. If you wear it, the runway can handle it. Predesign entry or create something on the fly. Just do it before the stage and bring proof. \n
Awards will be handed out in 4 categories for predesign and one (1) for anything designed during contest hours. There will also be a People’s Choice category where the winner is anyone’s guess:\n
Digital (electronic, led, etc)
\n Smart wear (interactive, temperature sensing, mood changing, etc)\n Aesthetics (3d printed, geeky wear, passive design) \n Miscellaneous (obfuscation, lock picks, shims, card skimmers)\n Live creations
\n People’s Choice\n
Judgement based on, but not limited to:\n
Uniqueness
\nTrendy
\n Practical
\nCouture
\nCreativity
\nRelevance
\nOriginality
\nPresentation
\nMastery\n
\nForum: https://forum.defcon.org/node/232893\n
Discord: https://discord.com/channels/708208267699945503/711644666239647824\n
Twitter: https://twitter.com/Hack3rRunway\n
Web: https://hack3rrunway.github.io\n
\n\'',NULL,68414),('3_Saturday','09','09:00','17:59','N','CNE','E','\'H@cker Runw@y\'','\' \'','CNE_17e54351f4668a054beb6efbe9c37e29','\'Title: H@cker Runw@y
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nFor the second year, H@ck3r Runw@y is bringing together fashionistas out there. Make it SMART, LIGHT it up, OBFUSCATE something, or be GEEKY on fleek. Enter clothing, shoes, jewelry, hats or accessories. If you wear it, the runway can handle it. Predesign entry or create something on the fly. Just do it before the stage and bring proof. \n
Awards will be handed out in 4 categories for predesign and one (1) for anything designed during contest hours. There will also be a People’s Choice category where the winner is anyone’s guess:\n
Digital (electronic, led, etc)
\n Smart wear (interactive, temperature sensing, mood changing, etc)\n Aesthetics (3d printed, geeky wear, passive design) \n Miscellaneous (obfuscation, lock picks, shims, card skimmers)\n Live creations
\n People’s Choice\n
Judgement based on, but not limited to:\n
Uniqueness
\nTrendy
\n Practical
\nCouture
\nCreativity
\nRelevance
\nOriginality
\nPresentation
\nMastery\n
\nForum: https://forum.defcon.org/node/232893\n
Discord: https://discord.com/channels/708208267699945503/711644666239647824\n
Twitter: https://twitter.com/Hack3rRunway\n
Web: https://hack3rrunway.github.io\n
\n\'',NULL,68415),('4_Sunday','09','09:00','17:59','N','CNE','E','\'H@cker Runw@y\'','\' \'','CNE_9c1218082c54affb322834fda6412bc7','\'Title: H@cker Runw@y
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nFor the second year, H@ck3r Runw@y is bringing together fashionistas out there. Make it SMART, LIGHT it up, OBFUSCATE something, or be GEEKY on fleek. Enter clothing, shoes, jewelry, hats or accessories. If you wear it, the runway can handle it. Predesign entry or create something on the fly. Just do it before the stage and bring proof. \n
Awards will be handed out in 4 categories for predesign and one (1) for anything designed during contest hours. There will also be a People’s Choice category where the winner is anyone’s guess:\n
Digital (electronic, led, etc)
\n Smart wear (interactive, temperature sensing, mood changing, etc)\n Aesthetics (3d printed, geeky wear, passive design) \n Miscellaneous (obfuscation, lock picks, shims, card skimmers)\n Live creations
\n People’s Choice\n
Judgement based on, but not limited to:\n
Uniqueness
\nTrendy
\n Practical
\nCouture
\nCreativity
\nRelevance
\nOriginality
\nPresentation
\nMastery\n
\nForum: https://forum.defcon.org/node/232893\n
Discord: https://discord.com/channels/708208267699945503/711644666239647824\n
Twitter: https://twitter.com/Hack3rRunway\n
Web: https://hack3rrunway.github.io\n
\n\'',NULL,68416),('2_Friday','09','09:00','17:59','N','CNE','E','\'HomebrewHardware Contest\'','\' \'','CNE_4d5aeaad8f2407744a518231c3dc8ac0','\'Title: HomebrewHardware Contest
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHave you learned how to build your own hacking hardware at home? Are you etching circuit-boards in your lab, or soldering in a toaster oven in your garage? Are you hosting a MUD on your helmet, or making malicious USB hardware? Did you make something to help you in your everyday life, a unique wearable, or something really nefarious? Are you discovering what old boards do, bending circuits, or re-appropriating the innards of your local e-waste? \n
We want to see the awesome things you\'ve been building over the last year.\n
The HomebrewHardware competition is a place to showcase your skill, techniques, and project.\n
Check our website and twitter for this year’s rules.\n
\nForum: https://forum.defcon.org/node/233025\n
Discord: https://discord.com/channels/708208267699945503/711644075110957096\n
Twitter: https://twitter.com/homebrewhardwa1\n
Web: https://homebrewhardwarecontest.github.io/\n
\n\'',NULL,68417),('3_Saturday','09','09:00','17:59','N','CNE','E','\'HomebrewHardware Contest\'','\' \'','CNE_93935712fcc2357a114be6e85384869f','\'Title: HomebrewHardware Contest
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHave you learned how to build your own hacking hardware at home? Are you etching circuit-boards in your lab, or soldering in a toaster oven in your garage? Are you hosting a MUD on your helmet, or making malicious USB hardware? Did you make something to help you in your everyday life, a unique wearable, or something really nefarious? Are you discovering what old boards do, bending circuits, or re-appropriating the innards of your local e-waste? \n
We want to see the awesome things you\'ve been building over the last year.\n
The HomebrewHardware competition is a place to showcase your skill, techniques, and project.\n
Check our website and twitter for this year’s rules.\n
\nForum: https://forum.defcon.org/node/233025\n
Discord: https://discord.com/channels/708208267699945503/711644075110957096\n
Twitter: https://twitter.com/homebrewhardwa1\n
Web: https://homebrewhardwarecontest.github.io/\n
\n\'',NULL,68418),('4_Sunday','09','09:00','17:59','N','CNE','E','\'HomebrewHardware Contest\'','\' \'','CNE_973b8e83788e58295710c7ca8e1fdad1','\'Title: HomebrewHardware Contest
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHave you learned how to build your own hacking hardware at home? Are you etching circuit-boards in your lab, or soldering in a toaster oven in your garage? Are you hosting a MUD on your helmet, or making malicious USB hardware? Did you make something to help you in your everyday life, a unique wearable, or something really nefarious? Are you discovering what old boards do, bending circuits, or re-appropriating the innards of your local e-waste? \n
We want to see the awesome things you\'ve been building over the last year.\n
The HomebrewHardware competition is a place to showcase your skill, techniques, and project.\n
Check our website and twitter for this year’s rules.\n
\nForum: https://forum.defcon.org/node/233025\n
Discord: https://discord.com/channels/708208267699945503/711644075110957096\n
Twitter: https://twitter.com/homebrewhardwa1\n
Web: https://homebrewhardwarecontest.github.io/\n
\n\'',NULL,68419),('2_Friday','09','09:00','17:59','N','CNE','E','\'ICS Hack the Plan[e]t\'','\' \'','CNE_76d92a59f3e3b5d9c3a11cf923ba02b1','\'Title: ICS Hack the Plan[e]t
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.\n
Howdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home - made to be “smart†from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumer-focused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of a real or simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.\n
In the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. New this year, there will be integrated elements from DHS/CISA with their newly built mobile environments that are realistically miniaturized assets (ie - operational oil and natural gas pipeline, etc.) and will be the first they’ll be opened to the public for hacking.\n
\nForum: https://forum.defcon.org/node/233029\n
Discord: https://discord.com/channels/708208267699945503/711643691877531698\n
Twitter: https://twitter.com/ICS_Village\n
Web: https://www.icsvillage.com\n
\n\'',NULL,68420),('3_Saturday','09','09:00','17:59','N','CNE','E','\'ICS Hack the Plan[e]t\'','\' \'','CNE_745a2ecf8a584d8c4c6dc898d235e9ab','\'Title: ICS Hack the Plan[e]t
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.\n
Howdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home - made to be “smart†from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumer-focused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of a real or simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.\n
In the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. New this year, there will be integrated elements from DHS/CISA with their newly built mobile environments that are realistically miniaturized assets (ie - operational oil and natural gas pipeline, etc.) and will be the first they’ll be opened to the public for hacking.\n
\nForum: https://forum.defcon.org/node/233029\n
Discord: https://discord.com/channels/708208267699945503/711643691877531698\n
Twitter: https://twitter.com/ICS_Village\n
Web: https://www.icsvillage.com\n
\n\'',NULL,68421),('4_Sunday','09','09:00','17:59','N','CNE','E','\'ICS Hack the Plan[e]t\'','\' \'','CNE_18d84edb455d1187610c4cc5e97ba57d','\'Title: ICS Hack the Plan[e]t
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.\n
Howdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home - made to be “smart†from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumer-focused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of a real or simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.\n
In the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. New this year, there will be integrated elements from DHS/CISA with their newly built mobile environments that are realistically miniaturized assets (ie - operational oil and natural gas pipeline, etc.) and will be the first they’ll be opened to the public for hacking.\n
\nForum: https://forum.defcon.org/node/233029\n
Discord: https://discord.com/channels/708208267699945503/711643691877531698\n
Twitter: https://twitter.com/ICS_Village\n
Web: https://www.icsvillage.com\n
\n\'',NULL,68422),('2_Friday','09','09:00','17:59','N','CNE','E','\'Defcon Ham Radio Fox Hunting Contest\'','\' \'','CNE_cbd3ba0af87e7f3c51c231c46406143c','\'Title: Defcon Ham Radio Fox Hunting Contest
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIn the world of amateur radio, groups of hams will often put together a transmitter hunt (also called \"fox hunting\") in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. Each transmitter will provide a clue or one time use ticket which will prove the player found the fox transmitter. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. A small prize to be determined will be given to each participant who locates all of the foxes each day. In previous years a custom made embroidered velcro-backed patch was given out or a \"fun\" trophy. The patches are always a big hit so it\'s likely we\'ll do that again this year if selected.\n
\nForum: https://forum.defcon.org/node/232947\n
Discord: https://discord.com/channels/708208267699945503/711645275902574633\n
Twitter: https://twitter.com/richsentme\n
Web: https://defcon27foxhunt.com\n
\n\'',NULL,68423),('3_Saturday','09','09:00','17:59','N','CNE','E','\'Defcon Ham Radio Fox Hunting Contest\'','\' \'','CNE_14a9d8515186be069b12c75dde0d3aff','\'Title: Defcon Ham Radio Fox Hunting Contest
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIn the world of amateur radio, groups of hams will often put together a transmitter hunt (also called \"fox hunting\") in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. Each transmitter will provide a clue or one time use ticket which will prove the player found the fox transmitter. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. A small prize to be determined will be given to each participant who locates all of the foxes each day. In previous years a custom made embroidered velcro-backed patch was given out or a \"fun\" trophy. The patches are always a big hit so it\'s likely we\'ll do that again this year if selected.\n
\nForum: https://forum.defcon.org/node/232947\n
Discord: https://discord.com/channels/708208267699945503/711645275902574633\n
Twitter: https://twitter.com/richsentme\n
Web: https://defcon27foxhunt.com\n
\n\'',NULL,68424),('4_Sunday','09','09:00','17:59','N','CNE','E','\'Defcon Ham Radio Fox Hunting Contest\'','\' \'','CNE_beb04f2d6a3a1eb5d2c70d5579c52089','\'Title: Defcon Ham Radio Fox Hunting Contest
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIn the world of amateur radio, groups of hams will often put together a transmitter hunt (also called \"fox hunting\") in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. Each transmitter will provide a clue or one time use ticket which will prove the player found the fox transmitter. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. A small prize to be determined will be given to each participant who locates all of the foxes each day. In previous years a custom made embroidered velcro-backed patch was given out or a \"fun\" trophy. The patches are always a big hit so it\'s likely we\'ll do that again this year if selected.\n
\nForum: https://forum.defcon.org/node/232947\n
Discord: https://discord.com/channels/708208267699945503/711645275902574633\n
Twitter: https://twitter.com/richsentme\n
Web: https://defcon27foxhunt.com\n
\n\'',NULL,68425),('4_Sunday','09','09:00','11:59','N','CNE','E','\'OpenSOC Blue Team CTF - Finals Round\'','\' \'','CNE_8fd9984c1d23d10395db480d1dc42d63','\'Title: OpenSOC Blue Team CTF - Finals Round
\nWhen: Sunday, Aug 9, 09:00 - 11:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nOpenSOC is a Digital Forensics, Incident Response (DFIR), and Threat Hunting challenge meant to teach and test practical incident response skills in an environment that closely resembles a real enterprise network. This virtual environment is representative of what you would find in an enterprise network, including: workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated users are browsing the Internet, downloading files, watching videos, and accessing LAN resources. This creates a high-fidelity training environment for unleashing real-world attacks and testing responders’ abilities to filter and detect malicious activity on the network. This isn’t just another CTF. We’ve built this platform to train real-world responders to handle real-world situations, and each year we incorporate new scenarios that are modeled after threat actors and breaches experienced by the OpenSOC team. From APT attacks using 0-days and heavily weaponized shellcode to sneaky lateral movement and exfiltration techniques, we expose contestants to a wide-range of techniques that we see actively used in the wild.We encourage team participation, and always have folks on hand to assist those just getting started out.Even better - 100% of the security tools demonstrated within OpenSOC are Free and/or Open Source! These projects include Velociraptor, Sysmon, osquery, Suricata, Moloch, pfSense and Graylog + ELK bringing it all together in an awesome way. This allows our contestants to not only have fun at DEF CON, but also learn skills and tools they can take back to work on Monday. \n
The Challenge:\n
\n - Given an initial IOC (indicator of compromise), identify attacks that are being carried out against and within the enterprise environment, pivoting between key artifacts\n
- Trace the attackers throughout the kill chain, submitting key IOCs and observables to the scoreboard as you reveal their tactics.\n
- Reverse engineer any artifacts connected to hostile activities.\n
- Perform forensics analysis on PCAPs (Packet Captures), memory images, etc.\n
- Win awesome prizes, learn new skills, and get experience with some of the best Open Source tools for SecOps!
\n
\nForum: https://forum.defcon.org/node/232949\n
Discord: https://discord.com/channels/708208267699945503/711644213170667562\n
Twitter: https://twitter.com/Recon_InfoSec\n
Web: https://opensoc.io\n
\n\'',NULL,68426),('2_Friday','10','10:00','23:59','N','CNE','E','\'OpenSOC Blue Team CTF - General Round\'','\' \'','CNE_1bfb4e89cde0d4e463042308950ee264','\'Title: OpenSOC Blue Team CTF - General Round
\nWhen: Friday, Aug 7, 10:00 - 23:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nOpenSOC is a Digital Forensics, Incident Response (DFIR), and Threat Hunting challenge meant to teach and test practical incident response skills in an environment that closely resembles a real enterprise network. This virtual environment is representative of what you would find in an enterprise network, including: workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated users are browsing the Internet, downloading files, watching videos, and accessing LAN resources. This creates a high-fidelity training environment for unleashing real-world attacks and testing responders’ abilities to filter and detect malicious activity on the network. This isn’t just another CTF. We’ve built this platform to train real-world responders to handle real-world situations, and each year we incorporate new scenarios that are modeled after threat actors and breaches experienced by the OpenSOC team. From APT attacks using 0-days and heavily weaponized shellcode to sneaky lateral movement and exfiltration techniques, we expose contestants to a wide-range of techniques that we see actively used in the wild.We encourage team participation, and always have folks on hand to assist those just getting started out.Even better - 100% of the security tools demonstrated within OpenSOC are Free and/or Open Source! These projects include Velociraptor, Sysmon, osquery, Suricata, Moloch, pfSense and Graylog + ELK bringing it all together in an awesome way. This allows our contestants to not only have fun at DEF CON, but also learn skills and tools they can take back to work on Monday. \n
The Challenge:\n
\n - Given an initial IOC (indicator of compromise), identify attacks that are being carried out against and within the enterprise environment, pivoting between key artifacts\n
- Trace the attackers throughout the kill chain, submitting key IOCs and observables to the scoreboard as you reveal their tactics.\n
- Reverse engineer any artifacts connected to hostile activities.\n
- Perform forensics analysis on PCAPs (Packet Captures), memory images, etc.\n
- Win awesome prizes, learn new skills, and get experience with some of the best Open Source tools for SecOps!
\n
\nForum: https://forum.defcon.org/node/232949\n
Discord: https://discord.com/channels/708208267699945503/711644213170667562\n
Twitter: https://twitter.com/Recon_InfoSec\n
Web: https://opensoc.io\n
Registration: https://docs.google.com/document/d/1TbfOwv5C64ciirCQELq0HxJVd5oJd4qjvzXhidFgijw/edit?usp=sharing\n
\n\'',NULL,68427),('2_Friday','09','09:00','17:59','N','CNE','E','\'Online MUD - EvilMog\'','\' \'','CNE_0e2de4088bd6ca5937b4988f5d853d19','\'Title: Online MUD - EvilMog
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThis CTF is a MUD with 8-9 quests, intentional exploits, and about 1200 rooms has been setup at mog.ninja port 4000. A website documenting the MUD is at https://mog.ninja and a CTFd is setup at https://ctf.mog.ninja. The game is an LPMud and runs on gurbalib and DGD. If you complete all the quests you become a wizard. You connect by telneting on port 4000. The game has been balanced out to take about a week to complete all the quests and hit max level if you find most of the in game exploits.\n
\nForum: https://forum.defcon.org/node/232895\n
Discord: https://discord.com/channels/708208267699945503/728707998796480590\n
MUD Docs: https://mog.ninja\n
CTFd: https://ctf.mog.ninja\n
\n\'',NULL,68428),('3_Saturday','09','09:00','17:59','N','CNE','E','\'Online MUD - EvilMog\'','\' \'','CNE_216c66058b23201f731c3821c7964163','\'Title: Online MUD - EvilMog
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThis CTF is a MUD with 8-9 quests, intentional exploits, and about 1200 rooms has been setup at mog.ninja port 4000. A website documenting the MUD is at https://mog.ninja and a CTFd is setup at https://ctf.mog.ninja. The game is an LPMud and runs on gurbalib and DGD. If you complete all the quests you become a wizard. You connect by telneting on port 4000. The game has been balanced out to take about a week to complete all the quests and hit max level if you find most of the in game exploits.\n
\nForum: https://forum.defcon.org/node/232895\n
Discord: https://discord.com/channels/708208267699945503/728707998796480590\n
MUD Docs: https://mog.ninja\n
CTFd: https://ctf.mog.ninja\n
\n\'',NULL,68429),('4_Sunday','09','09:00','17:59','N','CNE','E','\'Online MUD - EvilMog\'','\' \'','CNE_856b96549dd3729a6e32d685fb444eb4','\'Title: Online MUD - EvilMog
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThis CTF is a MUD with 8-9 quests, intentional exploits, and about 1200 rooms has been setup at mog.ninja port 4000. A website documenting the MUD is at https://mog.ninja and a CTFd is setup at https://ctf.mog.ninja. The game is an LPMud and runs on gurbalib and DGD. If you complete all the quests you become a wizard. You connect by telneting on port 4000. The game has been balanced out to take about a week to complete all the quests and hit max level if you find most of the in game exploits.\n
\nForum: https://forum.defcon.org/node/232895\n
Discord: https://discord.com/channels/708208267699945503/728707998796480590\n
MUD Docs: https://mog.ninja\n
CTFd: https://ctf.mog.ninja\n
\n\'',NULL,68430),('2_Friday','09','09:00','17:59','N','CNE','E','\'The Schemaverse Championship\'','\' \'','CNE_d2c1bc0ffc10caf85944d832559d17fa','\'Title: The Schemaverse Championship
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThe Schemaverse [skee-muh vurs] is a space battleground that lives inside a PostgreSQL database. Mine the hell out of resources and build up your fleet of ships, all while trying to protect your home planet. Once you\'re ready, head out and conquer the map from other DEF CON rivals.\n
This unique game gives you direct access to the database that governs the rules. Write SQL queries directly by connecting with any supported PostgreSQL client or use your favourite language to write AI that plays on your behalf. This is DEF CON of course so start working on your SQL Injections - anything goes!\n
\nForum: https://forum.defcon.org/node/233021\n
Discord: https://discord.com/channels/708208267699945503/711644182116040784\n
Twitter: https://twitter.com/schemaverse\n
Web: https://schemaverse.com\n
\n\'',NULL,68431),('3_Saturday','09','09:00','17:59','N','CNE','E','\'The Schemaverse Championship\'','\' \'','CNE_f719fdf52ed96f187347cb5eb96d151a','\'Title: The Schemaverse Championship
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThe Schemaverse [skee-muh vurs] is a space battleground that lives inside a PostgreSQL database. Mine the hell out of resources and build up your fleet of ships, all while trying to protect your home planet. Once you\'re ready, head out and conquer the map from other DEF CON rivals.\n
This unique game gives you direct access to the database that governs the rules. Write SQL queries directly by connecting with any supported PostgreSQL client or use your favourite language to write AI that plays on your behalf. This is DEF CON of course so start working on your SQL Injections - anything goes!\n
\nForum: https://forum.defcon.org/node/233021\n
Discord: https://discord.com/channels/708208267699945503/711644182116040784\n
Twitter: https://twitter.com/schemaverse\n
Web: https://schemaverse.com\n
\n\'',NULL,68432),('4_Sunday','09','09:00','17:59','N','CNE','E','\'The Schemaverse Championship\'','\' \'','CNE_63b4f5e6beeadd380c5b93251476a395','\'Title: The Schemaverse Championship
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThe Schemaverse [skee-muh vurs] is a space battleground that lives inside a PostgreSQL database. Mine the hell out of resources and build up your fleet of ships, all while trying to protect your home planet. Once you\'re ready, head out and conquer the map from other DEF CON rivals.\n
This unique game gives you direct access to the database that governs the rules. Write SQL queries directly by connecting with any supported PostgreSQL client or use your favourite language to write AI that plays on your behalf. This is DEF CON of course so start working on your SQL Injections - anything goes!\n
\nForum: https://forum.defcon.org/node/233021\n
Discord: https://discord.com/channels/708208267699945503/711644182116040784\n
Twitter: https://twitter.com/schemaverse\n
Web: https://schemaverse.com\n
\n\'',NULL,68433),('2_Friday','06','06:00','15:59','N','CNE','E','\'SEATF: Maritime Hacking CTF\'','\' \'','CNE_9b1835fbdfd01a45e226ff8b9241357a','\'Title: SEATF: Maritime Hacking CTF
\nWhen: Friday, Aug 7, 06:00 - 15:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nFathom5’s Maritime-Industrial CTF event allows competitors to gain hands-on experience hacking real maritime hardware in a controlled environment using Fathom5’s Grace maritime cybersecurity testbed. Grace is an accessible, realistic configuration of maritime systems where competitors complete challenges in a simulated afloat environment, with real ICS components and fieldbus protocols. The Grace testbed replicates a series of different maritime-industrial environments, including navigation, fire main, and hydraulic steering systems. The testbed makes both physical and simulated components available to competitors in order to replicate performance of maritime systems at lifelike scale. The CTF challenges scale from novice to expert-level on both IT and OT fronts such that competitors can gain experience on either side of the system. This CTF event has been deployed at DEFCON 27 (Aug 2019) as part of the Hack The Sea Village v1.0 and at HACKtheMACHINE-NYC (Sept 2019). It is also planned for to be deployed at DEFC ON 28 and HACKtheMACHINE- Atlanta in Aug 2020. This CTF can support approximately 20 teams of 3-5 individuals concurrently and typically takes 14 hours for skilled teams to navigate the challenges. The number of teams, size of teams, and depth of challenges can be adjusted to fit within host event timelines.\n
\nForum: https://forum.defcon.org/node/233012\n
Discord: https://discord.com/channels/708208267699945503/711644244753776640\n
\n\'',NULL,68434),('3_Saturday','06','06:00','15:59','N','CNE','E','\'SEATF: Maritime Hacking CTF\'','\' \'','CNE_6d0a024951ff9c10aa6862c7c3338f8e','\'Title: SEATF: Maritime Hacking CTF
\nWhen: Saturday, Aug 8, 06:00 - 15:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nFathom5’s Maritime-Industrial CTF event allows competitors to gain hands-on experience hacking real maritime hardware in a controlled environment using Fathom5’s Grace maritime cybersecurity testbed. Grace is an accessible, realistic configuration of maritime systems where competitors complete challenges in a simulated afloat environment, with real ICS components and fieldbus protocols. The Grace testbed replicates a series of different maritime-industrial environments, including navigation, fire main, and hydraulic steering systems. The testbed makes both physical and simulated components available to competitors in order to replicate performance of maritime systems at lifelike scale. The CTF challenges scale from novice to expert-level on both IT and OT fronts such that competitors can gain experience on either side of the system. This CTF event has been deployed at DEFCON 27 (Aug 2019) as part of the Hack The Sea Village v1.0 and at HACKtheMACHINE-NYC (Sept 2019). It is also planned for to be deployed at DEFC ON 28 and HACKtheMACHINE- Atlanta in Aug 2020. This CTF can support approximately 20 teams of 3-5 individuals concurrently and typically takes 14 hours for skilled teams to navigate the challenges. The number of teams, size of teams, and depth of challenges can be adjusted to fit within host event timelines.\n
\nForum: https://forum.defcon.org/node/233012\n
Discord: https://discord.com/channels/708208267699945503/711644244753776640\n
\n\'',NULL,68435),('4_Sunday','06','06:00','15:59','N','CNE','E','\'SEATF: Maritime Hacking CTF\'','\' \'','CNE_f0e051ff177b592ecbcb00685b7ef4a1','\'Title: SEATF: Maritime Hacking CTF
\nWhen: Sunday, Aug 9, 06:00 - 15:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nFathom5’s Maritime-Industrial CTF event allows competitors to gain hands-on experience hacking real maritime hardware in a controlled environment using Fathom5’s Grace maritime cybersecurity testbed. Grace is an accessible, realistic configuration of maritime systems where competitors complete challenges in a simulated afloat environment, with real ICS components and fieldbus protocols. The Grace testbed replicates a series of different maritime-industrial environments, including navigation, fire main, and hydraulic steering systems. The testbed makes both physical and simulated components available to competitors in order to replicate performance of maritime systems at lifelike scale. The CTF challenges scale from novice to expert-level on both IT and OT fronts such that competitors can gain experience on either side of the system. This CTF event has been deployed at DEFCON 27 (Aug 2019) as part of the Hack The Sea Village v1.0 and at HACKtheMACHINE-NYC (Sept 2019). It is also planned for to be deployed at DEFC ON 28 and HACKtheMACHINE- Atlanta in Aug 2020. This CTF can support approximately 20 teams of 3-5 individuals concurrently and typically takes 14 hours for skilled teams to navigate the challenges. The number of teams, size of teams, and depth of challenges can be adjusted to fit within host event timelines.\n
\nForum: https://forum.defcon.org/node/233012\n
Discord: https://discord.com/channels/708208267699945503/711644244753776640\n
\n\'',NULL,68436),('3_Saturday','10','10:00','13:59','N','CNE','E','\'SOHOpelessly Broken CTF\'','\' \'','CNE_95600c4b398a778ef7b4c37d031a3585','\'Title: SOHOpelessly Broken CTF
\nWhen: Saturday, Aug 8, 10:00 - 13:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIn this 3 time DEF CON Black Badge CTF hosted in IoT Village, players compete against one another by exploiting off-the-shelf IoT devices. These 25+ devices all have known vulnerabilities, but to successfully exploit these devices requires lateral thinking, knowledge of networking, and competency in exploit development. CTFs are a great experience to learn more about security and test your skills, so join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.\n
\nForum: https://forum.defcon.org/node/232897\n
Discord: https://discord.com/channels/708208267699945503/711644307597164665\n
Twitter: https://twitter.com/IoTvillage\n
Web: https://www.iotvillage.org/#yolo\n
\n\'',NULL,68437),('4_Sunday','10','10:00','13:59','N','CNE','E','\'SOHOpelessly Broken CTF\'','\' \'','CNE_862ea1f6e58e74ad1aba5999741f2434','\'Title: SOHOpelessly Broken CTF
\nWhen: Sunday, Aug 9, 10:00 - 13:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIn this 3 time DEF CON Black Badge CTF hosted in IoT Village, players compete against one another by exploiting off-the-shelf IoT devices. These 25+ devices all have known vulnerabilities, but to successfully exploit these devices requires lateral thinking, knowledge of networking, and competency in exploit development. CTFs are a great experience to learn more about security and test your skills, so join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.\n
\nForum: https://forum.defcon.org/node/232897\n
Discord: https://discord.com/channels/708208267699945503/711644307597164665\n
Twitter: https://twitter.com/IoTvillage\n
Web: https://www.iotvillage.org/#yolo\n
\n\'',NULL,68438),('2_Friday','09','09:00','23:59','N','CNE','E','\'TeleChallenge\'','\' \'','CNE_13b28f5a16bbc2aa99ff76506565a70c','\'Title: TeleChallenge
\nWhen: Friday, Aug 7, 09:00 - 23:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIt’s Election 2020! The national vote-by-phone polls are about to open and it’s a knock down, drag-out battle of political wits between Presidential candidates Michael Key and Founder Jack Carson, VC. DEF CON hackers, team up and take to the phones: lie, cheat, and steal your way to the ultimate victory. Every hacker vote counts—so vote early and often!\n
\nForum: https://forum.defcon.org/node/231949\n
Discord: https://discord.com/channels/708208267699945503/711644470063399012\n
Twitter: https://twitter.com/TeleChallenge\n
Web: https://telechallenge.org\n
\n\'',NULL,68439),('3_Saturday','00','00:00','23:59','N','CNE','E','\'TeleChallenge\'','\' \'','CNE_e84b5ec99e7208cfbf17265b0e5fd335','\'Title: TeleChallenge
\nWhen: Saturday, Aug 8, 00:00 - 23:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIt’s Election 2020! The national vote-by-phone polls are about to open and it’s a knock down, drag-out battle of political wits between Presidential candidates Michael Key and Founder Jack Carson, VC. DEF CON hackers, team up and take to the phones: lie, cheat, and steal your way to the ultimate victory. Every hacker vote counts—so vote early and often!\n
\nForum: https://forum.defcon.org/node/231949\n
Discord: https://discord.com/channels/708208267699945503/711644470063399012\n
Twitter: https://twitter.com/TeleChallenge\n
Web: https://telechallenge.org\n
\n\'',NULL,68440),('4_Sunday','00','00:00','11:59','N','CNE','E','\'TeleChallenge\'','\' \'','CNE_f2c1f152c3e0c3aa30a802e515e74618','\'Title: TeleChallenge
\nWhen: Sunday, Aug 9, 00:00 - 11:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIt’s Election 2020! The national vote-by-phone polls are about to open and it’s a knock down, drag-out battle of political wits between Presidential candidates Michael Key and Founder Jack Carson, VC. DEF CON hackers, team up and take to the phones: lie, cheat, and steal your way to the ultimate victory. Every hacker vote counts—so vote early and often!\n
\nForum: https://forum.defcon.org/node/231949\n
Discord: https://discord.com/channels/708208267699945503/711644470063399012\n
Twitter: https://twitter.com/TeleChallenge\n
Web: https://telechallenge.org\n
\n\'',NULL,68441),('2_Friday','09','09:00','23:59','N','CNE','E','\'ULTIMATE Secure Coding Throwdown (Secure Code Warrior)\'','\' \'','CNE_42c6e1f4ebe954782a92c0c35a858e98','\'Title: ULTIMATE Secure Coding Throwdown (Secure Code Warrior)
\nWhen: Friday, Aug 7, 09:00 - 23:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nAre. You. Ready? Head to the AppSec battlefield and prove that you are the ultimate secure coding champion. Go head-to-head with your peers as you test your web application security knowledge of the OWASP Top 10. Strut your skills. Crush the competition. Score excellent prizes and take home the title of Secure Code Warrior!\n
Players will be presented with a series of vulnerable code challenges that will ask them to identify the problem, locate the insecure code, and fix the vulnerability. Select from a range of software languages to complete the tournament, including Java EE, Java Spring, C MVC, C WebForms, Ruby on Rails, Python Django, Scala Play & Node.JS. It’s gamified, it’s relevant, but most of all - it’s fun.\n
Watch as you earn points and climb to the top of the real-time leaderboard during the event. Prizes will be awarded to the top 3 point scorers, with one security superhero being crowned the ultimate Secure Code Warrior. Will it be you?\n
Psst: Want to test your secure coding skills at your own pace, without the competition? You’re welcome to come along and join the fun\n
\nWeb: https://discover.securecodewarrior.com/DEFCON28-tournament.html\n
Forum: https://forum.defcon.org/node/232898\n
Discord: https://discord.com/channels/708208267699945503/741327638815309984\n
\n\'',NULL,68442),('3_Saturday','00','00:00','23:59','N','CNE','E','\'ULTIMATE Secure Coding Throwdown (Secure Code Warrior)\'','\' \'','CNE_1d0712f7194e0f5bfb94f8961f0f8531','\'Title: ULTIMATE Secure Coding Throwdown (Secure Code Warrior)
\nWhen: Saturday, Aug 8, 00:00 - 23:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nAre. You. Ready? Head to the AppSec battlefield and prove that you are the ultimate secure coding champion. Go head-to-head with your peers as you test your web application security knowledge of the OWASP Top 10. Strut your skills. Crush the competition. Score excellent prizes and take home the title of Secure Code Warrior!\n
Players will be presented with a series of vulnerable code challenges that will ask them to identify the problem, locate the insecure code, and fix the vulnerability. Select from a range of software languages to complete the tournament, including Java EE, Java Spring, C MVC, C WebForms, Ruby on Rails, Python Django, Scala Play & Node.JS. It’s gamified, it’s relevant, but most of all - it’s fun.\n
Watch as you earn points and climb to the top of the real-time leaderboard during the event. Prizes will be awarded to the top 3 point scorers, with one security superhero being crowned the ultimate Secure Code Warrior. Will it be you?\n
Psst: Want to test your secure coding skills at your own pace, without the competition? You’re welcome to come along and join the fun\n
\nWeb: https://discover.securecodewarrior.com/DEFCON28-tournament.html\n
Forum: https://forum.defcon.org/node/232898\n
Discord: https://discord.com/channels/708208267699945503/741327638815309984\n
\n\'',NULL,68443),('4_Sunday','00','00:00','15:59','N','CNE','E','\'ULTIMATE Secure Coding Throwdown (Secure Code Warrior)\'','\' \'','CNE_f9ff0cc1e43e20795a8100364e9f6659','\'Title: ULTIMATE Secure Coding Throwdown (Secure Code Warrior)
\nWhen: Sunday, Aug 9, 00:00 - 15:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nAre. You. Ready? Head to the AppSec battlefield and prove that you are the ultimate secure coding champion. Go head-to-head with your peers as you test your web application security knowledge of the OWASP Top 10. Strut your skills. Crush the competition. Score excellent prizes and take home the title of Secure Code Warrior!\n
Players will be presented with a series of vulnerable code challenges that will ask them to identify the problem, locate the insecure code, and fix the vulnerability. Select from a range of software languages to complete the tournament, including Java EE, Java Spring, C MVC, C WebForms, Ruby on Rails, Python Django, Scala Play & Node.JS. It’s gamified, it’s relevant, but most of all - it’s fun.\n
Watch as you earn points and climb to the top of the real-time leaderboard during the event. Prizes will be awarded to the top 3 point scorers, with one security superhero being crowned the ultimate Secure Code Warrior. Will it be you?\n
Psst: Want to test your secure coding skills at your own pace, without the competition? You’re welcome to come along and join the fun\n
\nWeb: https://discover.securecodewarrior.com/DEFCON28-tournament.html\n
Forum: https://forum.defcon.org/node/232898\n
Discord: https://discord.com/channels/708208267699945503/741327638815309984\n
\n\'',NULL,68444),('2_Friday','09','09:00','17:59','N','CNE','E','\'Wireless Capture the Flag\'','\' \'','CNE_2b685a5d184685a723c6a4d4b04d5317','\'Title: Wireless Capture the Flag
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nDo you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\n
RF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Wireless Capture the Flag (WCTF) at DEF CON.\n
We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The WCTF can be completely done with a little knowledge, a pen tester’s determination, and $40 or $4000 worth of equipment; the key is to read the clues and determine the goal of each challenge.\n
Each WCTF event begins with a presentation: How to WCTF. There will be clues everywhere, and we will provide periodic updates. Make sure you pay attention to what’s happening at the WCTF desk, on Twitter https://twitter.com/wctf_us, https://twitter.com/rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer at our discretion.\n
Forum: https://forum.defcon.org/node/233017\n
Discord: https://discord.com/channels/708208267699945503/711644270976696380\n
Twitter: https://twitter.com/wctf_us\n
Web: https://wctf.us/\n
\n\'',NULL,68445),('3_Saturday','09','09:00','17:59','N','CNE','E','\'Wireless Capture the Flag\'','\' \'','CNE_6361f125d70622b63f398e096224955e','\'Title: Wireless Capture the Flag
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nDo you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\n
RF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Wireless Capture the Flag (WCTF) at DEF CON.\n
We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The WCTF can be completely done with a little knowledge, a pen tester’s determination, and $40 or $4000 worth of equipment; the key is to read the clues and determine the goal of each challenge.\n
Each WCTF event begins with a presentation: How to WCTF. There will be clues everywhere, and we will provide periodic updates. Make sure you pay attention to what’s happening at the WCTF desk, on Twitter https://twitter.com/wctf_us, https://twitter.com/rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer at our discretion.\n
Forum: https://forum.defcon.org/node/233017\n
Discord: https://discord.com/channels/708208267699945503/711644270976696380\n
Twitter: https://twitter.com/wctf_us\n
Web: https://wctf.us/\n
\n\'',NULL,68446),('4_Sunday','09','09:00','17:59','N','CNE','E','\'Wireless Capture the Flag\'','\' \'','CNE_5eb030c6c7c4ceef7eb34c4105ba6a9c','\'Title: Wireless Capture the Flag
\nWhen: Sunday, Aug 9, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nDo you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\n
RF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Wireless Capture the Flag (WCTF) at DEF CON.\n
We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The WCTF can be completely done with a little knowledge, a pen tester’s determination, and $40 or $4000 worth of equipment; the key is to read the clues and determine the goal of each challenge.\n
Each WCTF event begins with a presentation: How to WCTF. There will be clues everywhere, and we will provide periodic updates. Make sure you pay attention to what’s happening at the WCTF desk, on Twitter https://twitter.com/wctf_us, https://twitter.com/rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer at our discretion.\n
Forum: https://forum.defcon.org/node/233017\n
Discord: https://discord.com/channels/708208267699945503/711644270976696380\n
Twitter: https://twitter.com/wctf_us\n
Web: https://wctf.us/\n
\n\'',NULL,68447),('3_Saturday','20','20:00','21:59','N','CNE','','\'Whose Slide is It Anyway\'','\' \'','CNE_d54e009e7a87f340f315e779ab74d30f','\'Title: Whose Slide is It Anyway
\nWhen: Saturday, Aug 8, 20:00 - 21:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n\"Whose Slide Is It Anyway?†is an unholy union of improv comedy, hacking and slide deck sado-masochism.\n
Our team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.\n
But....why?
\nWhether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family.\n
Oh, and prizes. Lots and lots of prizes. \nSign ups will be the day of the contest with some special ways to secure your spot early. \n
\nForum: https://forum.defcon.org/node/232955\n
Discord: https://discord.com/channels/708208267699945503/711644337942822925\n
\n\'',NULL,68448),('3_Saturday','21','20:00','21:59','Y','CNE','','\'Whose Slide is It Anyway\'','\' \'','CNE_d54e009e7a87f340f315e779ab74d30f','\'\'',NULL,68449),('2_Friday','18','18:00','19:59','N','CNE','','\'Hacker Jeopardy\'','\' \'','CNE_c6546690bfd0b98379b044c2e7390062','\'Title: Hacker Jeopardy
\nWhen: Friday, Aug 7, 18:00 - 19:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n
\nForum: https://forum.defcon.org/node/232964\n
Discord: https://discord.com/channels/708208267699945503/732439600391389184\n
Twitch: https://www.twitch.tv/dfiutv\n
\n\'',NULL,68450),('2_Friday','19','18:00','19:59','Y','CNE','','\'Hacker Jeopardy\'','\' \'','CNE_c6546690bfd0b98379b044c2e7390062','\'\'',NULL,68451),('3_Saturday','18','18:00','19:59','N','CNE','','\'Hacker Jeopardy\'','\' \'','CNE_865e6b7c47ea9b3fa87ccb70eb75f6ec','\'Title: Hacker Jeopardy
\nWhen: Saturday, Aug 8, 18:00 - 19:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n
\nForum: https://forum.defcon.org/node/232964\n
Discord: https://discord.com/channels/708208267699945503/732439600391389184\n
Twitch: https://www.twitch.tv/dfiutv\n
\n\'',NULL,68452),('3_Saturday','19','18:00','19:59','Y','CNE','','\'Hacker Jeopardy\'','\' \'','CNE_865e6b7c47ea9b3fa87ccb70eb75f6ec','\'\'',NULL,68453),('2_Friday','09','09:00','17:59','N','CNE','E','\'lo57 Mystery Challenge\'','\' \'','CNE_549309d7cded0fafbb49883d2b630e5d','\'Title: lo57 Mystery Challenge
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n
\nForum: https://forum.defcon.org/node/231985\n
Discord: https://discord.com/channels/708208267699945503/732439421973954571\n
\n\'',NULL,68454),('3_Saturday','09','09:00','17:59','N','CNE','E','\'lo57 Mystery Challenge\'','\' \'','CNE_7732e0d372242251cc08b2938f513b71','\'Title: lo57 Mystery Challenge
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n
\nForum: https://forum.defcon.org/node/231985\n
Discord: https://discord.com/channels/708208267699945503/732439421973954571\n
\n\'',NULL,68455),('4_Sunday','00','00:00','15:59','N','CNE','E','\'lo57 Mystery Challenge\'','\' \'','CNE_b04f435b866fcd938d2c7bceb263a93d','\'Title: lo57 Mystery Challenge
\nWhen: Sunday, Aug 9, 00:00 - 15:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n
\nForum: https://forum.defcon.org/node/231985\n
Discord: https://discord.com/channels/708208267699945503/732439421973954571\n
\n\'',NULL,68456),('2_Friday','09','09:00','17:59','N','CNE','E','\'OSINTSECCryptoAIBlockchain\'','\' \'','CNE_48cd3406b79fda2adb604c36dfeca463','\'Title: OSINTSECCryptoAIBlockchain
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n
\nForum: https://forum.defcon.org/node/231050\n
Discord: https://discord.com/channels/708208267699945503/732439527213367346\n
\n\'',NULL,68457),('3_Saturday','09','09:00','17:59','N','CNE','E','\'OSINTSECCryptoAIBlockchain\'','\' \'','CNE_cbb7dc11c72c19aabe98cb47300cfe1c','\'Title: OSINTSECCryptoAIBlockchain
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n
\nForum: https://forum.defcon.org/node/231050\n
Discord: https://discord.com/channels/708208267699945503/732439527213367346\n
\n\'',NULL,68458),('4_Sunday','00','00:00','15:59','N','CNE','E','\'OSINTSECCryptoAIBlockchain\'','\' \'','CNE_c6202907de8d99f539e5d6634739436a','\'Title: OSINTSECCryptoAIBlockchain
\nWhen: Sunday, Aug 9, 00:00 - 15:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n
\nForum: https://forum.defcon.org/node/231050\n
Discord: https://discord.com/channels/708208267699945503/732439527213367346\n
\n\'',NULL,68459),('2_Friday','09','09:00','17:59','N','CNE','E','\'Social Engineer SECTF4Teens\'','\' \'','CNE_4e4d79fbedbcb0709aff20d562857124','\'Title: Social Engineer SECTF4Teens
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n
\nForum: https://forum.defcon.org/node/231051\n
Discord: https://discord.com/channels/708208267699945503/726609125760434176\n
Web: https://www.social-engineer.org/sevillage-def-con/the-sectf4teens/\n
\n\'',NULL,68460),('3_Saturday','09','09:00','17:59','N','CNE','E','\'Social Engineer SECTF4Teens\'','\' \'','CNE_7c0ecc08a948769498def33fa498c434','\'Title: Social Engineer SECTF4Teens
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n
\nForum: https://forum.defcon.org/node/231051\n
Discord: https://discord.com/channels/708208267699945503/726609125760434176\n
Web: https://www.social-engineer.org/sevillage-def-con/the-sectf4teens/\n
\n\'',NULL,68461),('4_Sunday','00','00:00','15:59','N','CNE','E','\'Social Engineer SECTF4Teens\'','\' \'','CNE_afc3b880690387a8429d944957ee45ce','\'Title: Social Engineer SECTF4Teens
\nWhen: Sunday, Aug 9, 00:00 - 15:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n
\nForum: https://forum.defcon.org/node/231051\n
Discord: https://discord.com/channels/708208267699945503/726609125760434176\n
Web: https://www.social-engineer.org/sevillage-def-con/the-sectf4teens/\n
\n\'',NULL,68462),('2_Friday','11','11:00','13:59','N','HRV','','\'Ham Radio USA License Exams (Friday)\'','\' \'','HRV_fb12e64b42c1d96fba5663e3e408916e','\'Title: Ham Radio USA License Exams (Friday)
\nWhen: Friday, Aug 7, 11:00 - 13:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThe Ham Radio Village team is happy to announce that we will be offering virtual license exams this year during DEF CON Safe Mode. The team has negotiated a special discount rate of $5 for the exams. Additionally, the fee is waived for any applicants that are under the age of 18, a student with a current student ID, active military, or a veteran of the armed forces. Registration for exams is required. \n
\nTwitter: https://twitter.com/DC_Ham_Exams\n
Discord: https://discord.com/channels/708208267699945503/732733631667372103\n
Info/Reg: https://ham.study/sessions/5f0e7677295c50941c2cad5f/1\n
\n\'',NULL,68463),('2_Friday','12','11:00','13:59','Y','HRV','','\'Ham Radio USA License Exams (Friday)\'','\' \'','HRV_fb12e64b42c1d96fba5663e3e408916e','\'\'',NULL,68464),('2_Friday','13','11:00','13:59','Y','HRV','','\'Ham Radio USA License Exams (Friday)\'','\' \'','HRV_fb12e64b42c1d96fba5663e3e408916e','\'\'',NULL,68465),('3_Saturday','14','14:00','16:59','N','HRV','','\'Ham Radio USA License Exams (Saturday)\'','\' \'','HRV_5c4c0d8cacaeaee55462084ea93883c9','\'Title: Ham Radio USA License Exams (Saturday)
\nWhen: Saturday, Aug 8, 14:00 - 16:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThe Ham Radio Village team is happy to announce that we will be offering virtual license exams this year during DEF CON Safe Mode. The team has negotiated a special discount rate of $5 for the exams. Additionally, the fee is waived for any applicants that are under the age of 18, a student with a current student ID, active military, or a veteran of the armed forces. Registration for exams is required.\n
\nTwitter: https://twitter.com/DC_Ham_Exams\n
Discord: https://discord.com/channels/708208267699945503/732733631667372103\n
Info/Reg: https://ham.study/sessions/5f0e7799017958f2523dbb97/1\n
\n\'',NULL,68466),('3_Saturday','15','14:00','16:59','Y','HRV','','\'Ham Radio USA License Exams (Saturday)\'','\' \'','HRV_5c4c0d8cacaeaee55462084ea93883c9','\'\'',NULL,68467),('3_Saturday','16','14:00','16:59','Y','HRV','','\'Ham Radio USA License Exams (Saturday)\'','\' \'','HRV_5c4c0d8cacaeaee55462084ea93883c9','\'\'',NULL,68468),('4_Sunday','15','15:00','17:59','N','HRV','','\'Ham Radio USA License Exams (Sunday)\'','\' \'','HRV_7a6887932f1610634666981a0d39db72','\'Title: Ham Radio USA License Exams (Sunday)
\nWhen: Sunday, Aug 9, 15:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n\nTwitter: https://twitter.com/DC_Ham_Exams\n
Discord: https://discord.com/channels/708208267699945503/732733631667372103\n
Info/Reg: https://ham.study/sessions/5f0e77d9a47e313e8e5295d9/1\n
\n\'',NULL,68469),('4_Sunday','16','15:00','17:59','Y','HRV','','\'Ham Radio USA License Exams (Sunday)\'','\' \'','HRV_7a6887932f1610634666981a0d39db72','\'\'',NULL,68470),('4_Sunday','17','15:00','17:59','Y','HRV','','\'Ham Radio USA License Exams (Sunday)\'','\' \'','HRV_7a6887932f1610634666981a0d39db72','\'\'',NULL,68471),('2_Friday','10','10:00','11:50','N','DL','','\'Carnivore (Microsoft External Attack Tool)\'','\'Chris Nevin\'','DL_107b1f2ccdc2e467f2bfbfdbbaec6f29','\'Title: Carnivore (Microsoft External Attack Tool)
\nWhen: Friday, Aug 7, 10:00 - 11:50 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Chris Nevin\n
\nSenior Security Consultant at NCCGroup
\n\n
\nDescription:
\nCarnivore is a username enumeration and password spraying tool for Microsoft services (Skype for Business, ADFS, RDWeb, Exchange and Office 365). It originally began as an on-premises Skype for Business enumeration/spray tool as I was finding that these days, organizations often seem to have locked down their implementations of Exchange, however, Skype for Business has been left externally accessible, and has not received as much attention from previous penetration tests due to the lack of tools as impactful as Mailsniper. Overtime this was improved and built upon to bring the same service discovery, username enumeration and password spraying capability to Skype, ADFS, RDWeb, Exchange, and O365 all in the same tool. Carnivore includes new post compromise functionality for Skype for Business (pulling the internal address list and user presence through the API), and smart detection of the username format for all services. As a practical means of entry into an organisation – numerous external penetration tests have uncovered an on-premises Skype for Business or ADFS server even for organisations that have moved Mail/SSO/etc to the cloud.\n
Audience: Offense\n
\nInteract @ #dl-nevin-carnivore-text: https://discord.com/channels/708208267699945503/730256550442041373\n
Watch @ #dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988\n
Github: https://github.com/ReverendThing/Carnivore\n
Forum: https://forum.defcon.org/node/233116\n
\n\'',NULL,68472),('2_Friday','11','10:00','11:50','Y','DL','','\'Carnivore (Microsoft External Attack Tool)\'','\'Chris Nevin\'','DL_107b1f2ccdc2e467f2bfbfdbbaec6f29','\'\'',NULL,68473),('3_Saturday','16','16:00','17:55','N','DL','','\'Cotopaxi: IoT Protocols Security Testing Toolkit\'','\'Jakub Botwicz\'','DL_d0aaa0d836df09f658ddd754709f0830','\'Title: Cotopaxi: IoT Protocols Security Testing Toolkit
\nWhen: Saturday, Aug 8, 16:00 - 17:55 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Jakub Botwicz\n
\nJakub Botwicz works as a Principal Security Engineer at Samsung Poland R&D Center leading a team of security researchers. He has more than 15 years of experience in information security and previously worked in one of the worlds leading payment card service providers, Big4 consulting company and vendor of network encryption devices. Jakub holds a PhD degree from Warsaw University of Technology and security community certificates including: GWAPT, CISSP, ECSA. Currently, he works providing security assessments (static and dynamic analysis) of different mobile and IoT components.
\n\n
\nDescription:
\nCotopaxi is a set of tools for security testing of Internet of Things devices using specific network IoT/IIoT/M2M protocols (e.g. AMQP, CoAP, MQTT, DTLS, mDNS, QUIC).\n
Audience: IoT, AppSec\n
\nInteract @ #dl-botwicz-cotopaxi-text: https://discord.com/channels/708208267699945503/730256477792632924\n
Watch @ #dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505\n
Github: https://github.com/Samsung/cotopaxi/\n
Forum: https://forum.defcon.org/node/233117\n
\n\'',NULL,68474),('3_Saturday','17','16:00','17:55','Y','DL','','\'Cotopaxi: IoT Protocols Security Testing Toolkit\'','\'Jakub Botwicz\'','DL_d0aaa0d836df09f658ddd754709f0830','\'\'',NULL,68475),('2_Friday','10','10:00','11:50','N','DL','','\'CIRCO v2: Cisco Implant Raspberry Controlled Operations\'','\'Emilio Couto\'','DL_8aea0f1ba2162cde67d3e029988e96f2','\'Title: CIRCO v2: Cisco Implant Raspberry Controlled Operations
\nWhen: Friday, Aug 7, 10:00 - 11:50 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Emilio Couto\n
\nEmilio Couto (@ekio_jp) is a Security Consultant with more than 20 years of experience in the network and security field.Born and raised in Argentina, he is currently located in Japan where multitasking between language, culture and technologies is a must.Over the last decade focusing mainly on Finance IT and presenting tools in conferences (DEF CON, BlackHat Asia, HITB, Code Blue, AV Tokyo and SECCON).In his spare time he enjoys 3D printing, tinkering electronics and home-made IoT devices.
\nTwitter: @ekio_jp
\n\n
\nDescription:
\nDesigned under Raspberry Pi and aimed for Red Team Ops, we take advantage of \"Sec/Net/Dev/Ops\" enterprise tools to capture network credentials in stealth mode\n
Audience: Offense/Hardware\n
\nInteract @ #dl-couto-circo-v2-text: https://discord.com/channels/708208267699945503/730256145771659335\n
Watch @ #dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505\n
Github: https://github.com/ekiojp/circo\n
Forum: https://forum.defcon.org/node/233127\n
\n\'',NULL,68476),('2_Friday','11','10:00','11:50','Y','DL','','\'CIRCO v2: Cisco Implant Raspberry Controlled Operations\'','\'Emilio Couto\'','DL_8aea0f1ba2162cde67d3e029988e96f2','\'\'',NULL,68477),('2_Friday','14','14:00','15:50','N','DL','','\'jeopardize\'','\'Utku Sen\'','DL_6a53ab228cf91df961ea0c70f5f91b92','\'Title: jeopardize
\nWhen: Friday, Aug 7, 14:00 - 15:50 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Utku Sen\n
\nUtku Sen is a security researcher who is mostly focused on application security, network security and tool development. He presented his different tools and researches in Black Hat USA Arsenal, DEF CON Demo Labs, Packet Hacking Village and Recon Village in the recent years. He\'s also nominated for Pwnie Awards on \"Best Backdoor\" category in 2016. He is currently working for HackerOne.
\n\n
\nDescription:
\nJeopardize tool is developed to provide basic threat intelligence&response capabilities against phishing domains at the minimum cost as possible. It detects registered phishing domain candidates (typosquatting, homograph etc.), analyzes them and assigns a risk score to them. After then, it sends valid-looking credentials to the login forms on those phishing sites. Main goals are to confuse the attackers and to buy organizations some time to take precautions.\n
Audience: Defense\n
\nDiscord: #dl-sen-jeopardize-text: https://discord.com/channels/708208267699945503/730256291032989728\n
Watch @ #dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505\n
Github: https://github.com/utkusen/jeopardize\n
Forum: https://forum.defcon.org/node/233129\n
\n\'',NULL,68478),('2_Friday','15','14:00','15:50','Y','DL','','\'jeopardize\'','\'Utku Sen\'','DL_6a53ab228cf91df961ea0c70f5f91b92','\'\'',NULL,68479),('4_Sunday','10','10:00','11:50','N','DL','','\'MalConfScan with Cuckoo\'','\'Tomoaki Tani,Shusei Tomonaga\'','DL_be9804a412f8799958c00eb63cbf7275','\'Title: MalConfScan with Cuckoo
\nWhen: Sunday, Aug 9, 10:00 - 11:50 PDT
\nWhere: See Description or Village
\nSpeakers:Tomoaki Tani,Shusei Tomonaga
\n
SpeakerBio:Tomoaki Tani\n
\nTomoaki Tani works as a Forensic Analyst at Incident Response Group of JPCERT/CC. His primary responsibility is in providing coordination and assistance for cybersecurity incidents related to Japanese constituents. With his technical insight, he is also in charge of analyzing incident trends and attack methods. He presented at CODE BLUE, BsidesLV, BlackHat USA Arsenal, PHDays, VB Conference, and more. Prior to joining JPCERT/CC, he was engaged in security analysis operations and incident handling at a major Japanese telco.
\n
SpeakerBio:Shusei Tomonaga\n
\nShusei Tomonaga is a member of the Incident Response Group of JPCERT/CC. Since December 2012, he has been engaged in malware analysis and forensic investigation. In particular, he spearheads the analysis of targeted attacks affecting critical Japanese industries. In addition, he has written blog posts on malware analysis and technical findings (https://blogs.jpcert.or.jp/en/). Prior to joining JPCERT/CC, he was engaged in security monitoring and analysis operations at a foreign-affiliated IT vendor. He has presented at CODE BLUE, BsidesLV, Botconf, VB Conference, PHDays, PacSec, FIRST Conference, BlackHat USA Arsenal, and more.
\n\n
\nDescription:
\n\"MalConfScan with Cuckoo\" is a tool for automatically extracting known Windows and Linux malware\'s configuration data.\n
Audience: Defense (Malware Analyst, BlueTeam)\n
\nInteract @ #dl-tani-malconfscan-text: https://discord.com/channels/708208267699945503/730256507702345813\n
Watch @ #dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505\n
Github: https://github.com/JPCERTCC/MalConfScan-with-Cuckoo\n
Forum: https://forum.defcon.org/node/233121\n
\n\'',NULL,68480),('4_Sunday','11','10:00','11:50','Y','DL','','\'MalConfScan with Cuckoo\'','\'Tomoaki Tani,Shusei Tomonaga\'','DL_be9804a412f8799958c00eb63cbf7275','\'\'',NULL,68481),('2_Friday','12','12:00','13:50','N','DL','','\'Mobile Security Framework - MobSF\'','\'Ajin Abraham\'','DL_47a24cd72ca57c87807636600039578d','\'Title: Mobile Security Framework - MobSF
\nWhen: Friday, Aug 7, 12:00 - 13:50 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Ajin Abraham\n
\nAjin Abraham is a Security Engineer with 7+ years of experience in Application Security and Offensive Security Research. He is passionate on developing new and unique security tools. Some of his contributions to Hacker\'s arsenal include OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), Droid Application Fuzz Framework (DAFF), NodeJsScan etc to name a few. He has been invited to speak at multiple security conferences including ClubHack, Nullcon, OWASP AppSec Eu, OWASP AppSec AsiaPac, BlackHat Europe, Hackmiami, Confidence, BlackHat US, BlackHat Asia, ToorCon, Ground Zero Summit, Hack In Paris, Hack In the Box, c0c0n and PHDays.
\n\n
\nDescription:
\nMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.\n
\nInteract @ #dl-ajin-mobile-securit-framework-text: https://discord.com/channels/708208267699945503/730256193683062825\n
Watch @ #dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505\n
Github: https://mobsf.github.io/Mobile-Security-Framework-MobSF/\n
Forum: https://forum.defcon.org/node/233122\n
\n\'',NULL,68482),('2_Friday','13','12:00','13:50','Y','DL','','\'Mobile Security Framework - MobSF\'','\'Ajin Abraham\'','DL_47a24cd72ca57c87807636600039578d','\'\'',NULL,68483),('3_Saturday','12','12:00','13:50','N','DL','','\'Phirautee\'','\'Viral Maniar\'','DL_713a1dbdcf9f0211160e5e9f636af107','\'Title: Phirautee
\nWhen: Saturday, Aug 8, 12:00 - 13:50 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Viral Maniar\n
\nViral Maniar is currently working as Technical Manager at RiskIQ managing the attack surface outside of the firewall for clients in the APAC region through his boutique cyber security firm Preemptive Cyber Security (www.preemptivecybersec.com) providing offensive and defensive consulting services based in Australia. Viral has provided security consulting services for over 8 years including infrastructure (internal-external), application penetration testing, vulnerability assessments, wireless penetration testing, social engineering, red team engagements, API testing, Thick & Thin client testing and cloud architecture security reviews to numerous clients across various industries in the APAC region. Viral has presented at conferences like Black Hat, ROOTCON and (ISC)2. Viral has also participated in a number of bug bounty programs and won awards for responsible disclosure of security vulnerabilities. In his leisure time, he enjoys developing security tools and maintains several projects on the GitHub. He has achieved industry certifications such as Offensive Security Certified Professional (OSCP) and SANS GPEN - Network Penetration Testing. Twitter: @ManiarViral / @PreemptiveCyber
\n\n
\nDescription:
\nOver the past few years, ransomware has gone wild and organisations around the world are getting targeted leading to the damage and disruption. As we all know that the threat landscape is changing rapidly and we hear the fuss about ransomware infection at the offices or read about it in the news.\n
Have you ever wondered how threat actors are writing ransomwares? What level of sophistication and understanding is required to target an organisation? In this demo, we will utilise the native Windows commands to build ransomware and target a host via phishing.\n
Introducing Phirautee, a proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation\'s data to hostage for payments or permanently encrypts/deletes the organisation data. The tool uses public-key cryptography to encrypt the data on the disk.\n \n
Before encrypting, it exfiltrates the files from the network to the attacker. Once the files are encrypted and exfiltrated, the original files are permanently deleted from the host and then tool demands a ransom. The ransom is asked using the cryptocurrency for payments, so transactions are more difficult for law enforcement to trace.\n
During the demonstration of Phirautee, you will see a complete attack chain i.e. from receiving ransomware attack via a phishing email and how the files get encrypted on the compromised systems. A detailed walkthrough of the source code would be provided to understand how hackers utilise simple methods to create something dangerous. I will end the demo with several defence mechanisms by performing forensics analysis on Phirautee using publicly available tools.\n
Audience: Offense\n
\nInteract @ #dl-maniar-phirautee-text: https://discord.com/channels/708208267699945503/730256398277148774\n
Watch @ #dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505\n
Github: https://github.com/Viralmaniar/Phirautee\n
\n\'',NULL,68484),('3_Saturday','13','12:00','13:50','Y','DL','','\'Phirautee\'','\'Viral Maniar\'','DL_713a1dbdcf9f0211160e5e9f636af107','\'\'',NULL,68485),('3_Saturday','14','14:00','15:50','N','DL','','\'PyRDP: Remote Desktop Protocol Monster-in-the-Middle (MITM) and Library\'','\'Olivier Bilodeau,Alexandre Beaulieu\'','DL_1e02c1670aa390a1dc5407871b77b2e0','\'Title: PyRDP: Remote Desktop Protocol Monster-in-the-Middle (MITM) and Library
\nWhen: Saturday, Aug 8, 14:00 - 15:50 PDT
\nWhere: See Description or Village
\nSpeakers:Olivier Bilodeau,Alexandre Beaulieu
\n
SpeakerBio:Olivier Bilodeau\n
\nOlivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, he enjoys luring malware operators into his traps, writing tools for malware research, reverse-engineering all-the-things and vulnerability research. Passionate communicator, Olivier has spoken at several conferences like BlackHat, Defcon, Botconf, SecTor, Derbycon, HackFest and more. Invested in his community, he co-organizes MontréHack, a monthly workshop focused on hands-on CTF problem solving, and NorthSec, a large non-profit conference and CTF based in Montreal.
\n
SpeakerBio:Alexandre Beaulieu\n
\nAlexandre is a security researcher working for GoSecure. His area of expertise is reverse engineering, binary exploitation and tool development. His previous experience as a software developer covers a broad spectrum of topics ranging from low-level systems and binary protocols to web applications. Prior to joining the research team, Alexandre spent time as an Ethical Hacker honing his offensive security skills. His areas of interest include binary analysis, compiler theory and systems programming. Alexandre gives back to the Montréal infosec community by volunteering his time, contributing workshops and designing application security challenges for events like MontréHack and REcon.
\n\n
\nDescription:
\nPyRDP is a Remote Desktop Protocol (RDP) monster-in-the-middle (MITM) tool and library useful in intrusion testing and malware research. Its out of the box offensive capabilities can be divided in three broad categories: client-side, MITM-side and server-side. On the client-side PyRDP can actively steal any clipboard activity, crawl mapped drives and collect all keystrokes. On the MITM-side PyRDP records everything on the wire in several formats (logs, json events), allows the attacker to take control of an active session and performs a pixel perfect recording of the RDP screen. On the server-side, on-logon PowerShell or cmd injection can be performed when a legitimate client connects. Over the last year, we implemented several features that we are going to uncover in this brand-new demo lab workshop: a headless mode that allows deployment on systems with less resources or without an X11 stack, a fully transparent layer-2 deployment capability leveraging IP_TRANSPARENT sockets, a brand new Windows Graphical Device Interface (GDI) implementation and the ability to convert recorded sessions into MP4 videos. On the malware research side, PyRDP can be used as part of a fully interactive honeypot. It can be placed in front of a Windows RDP server to intercept malicious sessions. It can replace the credentials provided in the connection sequence with working credentials to accelerate compromise and malicious behavior collection. It also saves a visual and textual recording of each RDP session, which is useful for investigation or to generate IOCs. Additionally, PyRDP saves a copy of the files that are transferred via the drive redirection feature, allowing it to collect malicious payloads.\n
Audience: Offense and Malware Researchers\n
\nInteract @ #dl-bilodeau-pyrdp-text: https://discord.com/channels/708208267699945503/730256435916832849\n
Watch @ #dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505\n
Github: https://github.com/GoSecure/pyrdp\n
Forum: https://forum.defcon.org/node/233124\n
\n\'',NULL,68486),('3_Saturday','15','14:00','15:50','Y','DL','','\'PyRDP: Remote Desktop Protocol Monster-in-the-Middle (MITM) and Library\'','\'Olivier Bilodeau,Alexandre Beaulieu\'','DL_1e02c1670aa390a1dc5407871b77b2e0','\'\'',NULL,68487),('2_Friday','16','16:00','17:55','N','DL','','\'redlure\'','\'Matthew Creel\'','DL_4e1efe0dfcdc2cd7758fb9973fd7f4c1','\'Title: redlure
\nWhen: Friday, Aug 7, 16:00 - 17:55 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Matthew Creel\n
\nMatt has been a member of the Schneider Downs cybersecurity practice since 2017 where he helps provide clients with penetration testing, red teaming and incident response services. One of Matt\'s focuses is offensive tool development, notably password spraying and phishing tools. Matt has served clients in manufacturing, healthcare, automotive, finanaical and higher education industires.
\n\n
\nDescription:
\nredlure can be descirbed as a distributed phishing platform. There is a centeralized API (redlure-console) where you can create the different aspects of your phishing campaigns. This console controls secondary servers running a more basic API (redlure-workers) that do the actual hosting of your phishing sites/files and communicate results back to the main server. Obviosuly there are existing tools that can accomplish phishing, but here are a few features to this tool that differentiate it and will be descirbed in the abstract.\n
Audience: Offense\n
\nInteract @ #dl-creel-redlure-text: https://discord.com/channels/708208267699945503/730256326868860949\n
Watch @ #dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505\n
Forum: https://forum.defcon.org/node/233131\n
\n\'',NULL,68488),('2_Friday','17','16:00','17:55','Y','DL','','\'redlure\'','\'Matthew Creel\'','DL_4e1efe0dfcdc2cd7758fb9973fd7f4c1','\'\'',NULL,68489),('3_Saturday','10','10:00','11:50','N','DL','','\'Starkiller\'','\'Vincent “Vinnybod†Rose\'','DL_a09e60741b05354c455f29ee8ec0d3b6','\'Title: Starkiller
\nWhen: Saturday, Aug 8, 10:00 - 11:50 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Vincent “Vinnybod†Rose\n
\nVincent \"Vinnybod\" Rose is a software engineer with experience in cloud services. He has a decade of experience in software development and networking. Recently, his focus has been on building ad-serving technologies, web and server-side applications. He is the lead developer for Starkiller, the graphical user interface for the Empire framework.
\n\n
\nDescription:
\nThe ultimate goal for any security team is to increase resiliency within an organization and adapt to the modern threat. Starkiller aims to provide red teams with a platform to emulate Advanced Persistent Threat (APT) tactics. Starkiller is a frontend for the post-exploitation framework, PowerShell Empire, which incorporates a multi-user GUI application that interfaces with a remote Command and Control (C2) server. Empire is powered by Python 3 and PowerShell and includes many widely used offensive security tools for Windows, Linux, and macOS exploitation. The framework\'s flexibility to easily incorporate new modules allows for a single solution for red team operations. Both red and blue teams can utilize Starkiller to emulate and defend against the most used APT attack vectors.\n
Audience: Offense, Defense\n
\nInteract @ #dl-rose-starkiller-text: https://discord.com/channels/708208267699945503/730256356292165682\n
Watch @ #dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505\n
Web: https://www.bc-security.org/post/an-introduction-to-starkiller\n
Forum: https://forum.defcon.org/node/233126\n
\n\'',NULL,68490),('3_Saturday','11','10:00','11:50','Y','DL','','\'Starkiller\'','\'Vincent “Vinnybod†Rose\'','DL_a09e60741b05354c455f29ee8ec0d3b6','\'\'',NULL,68491),('2_Friday','18','18:00','18:59','N','ENT','','\'Terrestrial Access Network\'','\' \'','ENT_2e18b09b0edac21c3fcddec3471bc49a','\'Title: Terrestrial Access Network
\nWhen: Friday, Aug 7, 18:00 - 18:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIf packets could dance, they would surely dance to this...\n
\nForum: https://forum.defcon.org/node/230970\n
Discord: https://discord.com/channels/708208267699945503/735624334302904350\n
Twitch: https://www.twitch.tv/defcon_music \n
Soundcloud: https://soundcloud.com/collinsullivan\n
Spotify: https://open.spotify.com/artist/53WcPPzAkgtrcJhAfytwMN\n
\n\'',NULL,68492),('2_Friday','19','19:00','19:59','N','ENT','','\'Acid T\'','\' \'','ENT_ec6a6384e73a3ad2d7968863783d0ac8','\'Title: Acid T
\nWhen: Friday, Aug 7, 19:00 - 19:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nDEF CON 28 may be cancelled, but our parties cannot be stopped! Tune in for a massive virtual party that will shake the NET\n
\nForum: https://forum.defcon.org/node/230970\n
Discord: https://discord.com/channels/708208267699945503/735624334302904350\n
Twitch: https://www.twitch.tv/defcon_music \n
Facebook: https://www.facebook.com/dj.sm0ke\n
Twitter: https://twitter.com/DJ_Sm0ke\n
YouTube: https://www.youtube.com/channel/UC55xsENb9PKz-IKB5zodYGA/featured\n
SoundCloud: https://soundcloud.com/acid_t\n
\n\'',NULL,68493),('2_Friday','20','20:00','20:59','N','ENT','','\'Icetre Normal\'','\' \'','ENT_f3d884ece555961993b5a62710409454','\'Title: Icetre Normal
\nWhen: Friday, Aug 7, 20:00 - 20:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIcetre has been a premier jubilation hacker, and party host since DEF CON X. People are still talking about the various shenanigans he\'s orchestrated and videos he\'s played. Even with this long history, it\'s still amazing how many people have to still tell him to turn it down. For what?\n
\nForum: https://forum.defcon.org/node/230970\n
Discord: https://discord.com/channels/708208267699945503/735624334302904350\n
Location: https://www.twitch.tv/defcon_music \n
Facebook: https://www.facebook.com/icetre.normal/\n
\n\'',NULL,68494),('2_Friday','22','22:00','22:59','N','ENT','','\'Ninjula\'','\' \'','ENT_d1aac63cc3b9993322a639723bd712be','\'Title: Ninjula
\nWhen: Friday, Aug 7, 22:00 - 22:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n#1 DJ in my mothers eyes\n
Forum: https://forum.defcon.org/node/230970\n
Discord: https://discord.com/channels/708208267699945503/735624334302904350\n
Location: https://www.twitch.tv/defcon_music \n
Facebook: https://facebook.com/countninjula\n
Twitter: https://twitter.com/countninjula\n
Soundcloud: https://soundcloud.com/ninjula\n
\n\'',NULL,68495),('2_Friday','23','23:00','23:59','N','ENT','','\'Shadowvex\'','\' \'','ENT_7de3ac1a91b18c0dd0fcc19153461a05','\'Title: Shadowvex
\nWhen: Friday, Aug 7, 23:00 - 23:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nUnderground hacker, audio/visual artist and researcher of entheogenic blockchain technology.¬â€ Music is magick.\n
\nForum: https://forum.defcon.org/node/230970\n
Discord: https://discord.com/channels/708208267699945503/735624334302904350\n
Location: https://www.twitch.tv/defcon_music \n
Web: https://shadowvex.com\n
Twitter: https://twitter.com/shadowvex\n
\n\'',NULL,68496),('3_Saturday','18','18:00','18:59','N','ENT','','\'tense future\'','\' \'','ENT_42968b35bbdd90b43827952ded251c85','\'Title: tense future
\nWhen: Saturday, Aug 8, 18:00 - 18:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nLos Angeles, CA. Trapped in an autonomous car during a solar flare. Anxiety attack over spying home appliances that tip their hand. General AI caretaker grappling over competing logical fallacies. Dark techno sounds from the tense future that was once distant.\n
\nForum: https://forum.defcon.org/node/230970\n
Discord: https://discord.com/channels/708208267699945503/735624334302904350\n
Location: https://www.twitch.tv/defcon_music \n
Soundcloud: https://soundcloud.com/tensefuture\n
Twitter: https://twitter.com/tensefutur3\n
\n\'',NULL,68497),('3_Saturday','19','19:00','19:59','N','ENT','','\'Mica Husky\'','\' \'','ENT_cd7e744a03b0d9c95b07021e5154ef93','\'Title: Mica Husky
\nWhen: Saturday, Aug 8, 19:00 - 19:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nMica has been absolutely obsessed with electronic music since she was a small child. She has been producing electronica for over a decade and DJing at house parties and conventions for 5 years. \nShe first discovered psytrance in particular after going to Equinox 2015 because it \"sounded fun\". She was instantly hooked. Mica\'s favorite noises are reminiscent of psychedelic crystals shattering into a million pieces on a forest floor. She can take a crowd on a journey through the world of psychedelia by catching them at the perfect time with the best of alien music.\n
\nForum: https://forum.defcon.org/node/230970\n
Discord: https://discord.com/channels/708208267699945503/735624334302904350\n
Location: https://www.twitch.tv/defcon_music \n
Web: http://www.barkbarkbarkbark.com\n
\n\'',NULL,68498),('3_Saturday','20','20:00','20:59','N','ENT','','\'Dj St3rling\'','\' \'','ENT_1e28d1aa29f7239e89ca302a36d03973','\'Title: Dj St3rling
\nWhen: Saturday, Aug 8, 20:00 - 20:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nPerforming for his second year in a row at DEF CON, Dj St3rling loves to spin electronic music. When he\'s not making music, he enjoys: bowling, eating tacos, sleeping, and CTF!\n
\nForum: https://forum.defcon.org/node/230970\n
Discord: https://discord.com/channels/708208267699945503/735624334302904350\n
Location: https://www.twitch.tv/defcon_music \n
Facebook: https://www.facebook.com/OfficialDjSt3rling\n
Soundcloud: https://soundcloud.com/theycallmest3r\n
Instagram: https://www.instagram.com/theycallmest3r/\n
\n\'',NULL,68499),('3_Saturday','21','21:00','21:59','N','ENT','','\'Skittish & Bus\'','\' \'','ENT_043ae4364236a59bbbea0f27421e6632','\'Title: Skittish & Bus
\nWhen: Saturday, Aug 8, 21:00 - 21:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nMarried DJ/Producer duo,¬â€ and hosts of underground dance music show Sonic Electronic.\n
@skittishandbus on instagram/twitter/facebook/soundcloud/mixcloud\n
\nForum: https://forum.defcon.org/node/230970\n
Discord: https://discord.com/channels/708208267699945503/735624334302904350\n
Location: https://www.twitch.tv/defcon_music \n
Twitter: https://twitter.com/skittishandbus\n
\n\'',NULL,68500),('3_Saturday','22','22:00','22:59','N','ENT','','\'Miss Jackalope\'','\' \'','ENT_8cb5c77251e8124bf564360d3a02ece5','\'Title: Miss Jackalope
\nWhen: Saturday, Aug 8, 22:00 - 22:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nDEF CON\'s Resident Community DJ. Miss Jackalope has been DJing drum and bass and breakbeats for a long time and doing InfoSec stuff, too! ($dayjob) She can be seen DJing parties, swagulating in the Vendor room, and making sure everyone is having a good time. Mega thanks to the Jackalope Army for their support.\n
\nForum: https://forum.defcon.org/node/230970\n
Discord: https://discord.com/channels/708208267699945503/735624334302904350\n
Location: https://www.twitch.tv/defcon_music \n
Twitter: https://twitter.com/djjackalope\n
Web: https://missjackalope.com\n
\n\'',NULL,68501),('3_Saturday','23','23:00','23:59','N','ENT','','\'Subxian\'','\' \'','ENT_d8392b6494c475a5bcd19831c8d450d2','\'Title: Subxian
\nWhen: Saturday, Aug 8, 23:00 - 23:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nLA/Seattle Underground Music 1997-present. DEF CON SoundGuy. Moontribe collective. So,many parties and so much good music made me picky but I love halftime beats! Twice as much opportunity for intricate layers!\n
\nForum: https://forum.defcon.org/node/230970\n
Discord: https://discord.com/channels/708208267699945503/735624334302904350\n
Location: https://www.twitch.tv/defcon_music\n
\n\'',NULL,68502),('2_Friday','21','21:00','21:59','N','ENT','','\'Zebbler Encanti Experience\'','\' \'','ENT_8823b270ee4cb6ae1f85cf97a1e9b242','\'Title: Zebbler Encanti Experience
\nWhen: Friday, Aug 7, 21:00 - 21:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nZebbler Encanti Experience (aka ZEE) is an audio/visual collaboration between video artist Zebbler and electronic music producer Encanti, based out of Boston and the Scottish Highlands. The Experience is a performance of mapped visuals on three custom winged projection screens, synchronized with heavy peak-hour psychedelic bass music, resulting in the creation of an immersive A/V fantasy world.\n
\nForum: https://forum.defcon.org/node/230970\n
Discord: https://discord.com/channels/708208267699945503/735624334302904350\n
Location: https://www.twitch.tv/defcon_music\n
Web: http://zebblerencantiexperience.com/\n
Facebook: https://www.facebook.com/zebblerencantiexperience\n
Instagram: https://www.instagram.com/zebblerencantiexperience/\n
\n\'',NULL,68503),('1_Thursday','09','09:00','09:59','N','BTVT1','','\'Blue Team Village - Opening Ceremony\'','\'\'','BTVT1_6e1589076c41752703c89f1ea5245c22','\'Title: Blue Team Village - Opening Ceremony
\nWhen: Thursday, Aug 6, 09:00 - 09:59 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\n
\nDescription:No Description available
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68504),('2_Friday','10','10:00','10:30','N','BTVT1','','\'Quark Engine - An Obfuscation-Neglect Android Malware Scoring System (Beginner)\'','\'JunWei Song,KunYu Chen\'','BTVT1_81f16b6a29e99610dc0decd62b2be840','\'Title: Quark Engine - An Obfuscation-Neglect Android Malware Scoring System (Beginner)
\nWhen: Friday, Aug 7, 10:00 - 10:30 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\nSpeakers:JunWei Song,KunYu Chen
\n
SpeakerBio:JunWei Song\n
\nJunWei is a Security Researcher from Taiwan. A paranoid Pythonista who focuses on cybersecurity, reverse engineering, and malware analysis. And as a CPython contributor, PyCon Taiwan Program Committee, presented at DEFCON, HITB, Europython, PyCon Taiwan, PyCon Korea, PyCon Malaysia. He’s the co-founder of Quark-Engine and a security research group, TWBGC.
\nTwitter: @JunWei__Song
\n
SpeakerBio:KunYu Chen\n
\nNo BIO available
\n\n
\nDescription:
\nAndroid malware analysis engine is not a new story. Every antivirus company has their own secrets to build it. With python and curiosity, we develop a malware scoring system from the perspective of Taiwan Criminal Law in an easy but solid way.\n
We have an order theory of criminal which explains stages of committing a crime. For example, crime of murder consists of five stages, they are determined, conspiracy, preparation, start and practice. The latter the stage the more we’re sure that the crime is practiced.\n
According to the above principle, we developed our order theory of android malware. We develop five stages to see if the malicious activity is being practiced. They are:\n
Permission requested.
\n Native API call.
\n Certain combination of native API.
\n Calling sequence of native API.
\n APIs that handle the same register.\n
We not only define malicious activities and their stages but also develop weights and thresholds for calculating the threat level of a malware.\n
Malware evolved with new techniques to gain difficulties for reverse engineering. Obfuscation is one of the most commonly used techniques. In this talk, we present a Dalvik bytecode loader with the order theory of android malware to neglect certain cases of obfuscation.\n
Inspired by the design principles of the CPython interpreter, our Dalvik bytecode loader consists of functionalities such as 1. Finding cross-reference and calling sequence of the native API. 2. Tracing the bytecode register. The combination of these functionalities (yes, the order theory) not only can neglect obfuscation but also match perfectly to the design of our malware scoring system.\n
Further, we will also show a case study of Android malware and demonstrate how the obfuscation technique is useless to our engine. Last but not least, we will be open-sourcing everything (Malware Scoring System, Dalvik Bytecode Loader) during our presentation.\n
Github: https://github.com/quark-engine/quark-engine\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68505),('2_Friday','10','10:00','11:30','N','BTVW1','','\'Cypher for Defenders: Leveraging Bloodhound Data Beyond the UI (Intermediate)\'','\'Scoubi\'','BTVW1_b9b702967846dcf689c56b931d589e66','\'Title: Cypher for Defenders: Leveraging Bloodhound Data Beyond the UI (Intermediate)
\nWhen: Friday, Aug 7, 10:00 - 11:30 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
SpeakerBio:Scoubi\n
\nMathieu Saulnier is a “Security Enthusiast†©@h3xstream. He has held numerous positions as a consultant within several of Quebec’s largest institutions. For the last 8 years he has been focused on putting in place a few SOC and has specialized in detection (Blue Team), content creation and mentorship. He worked as a « Senior Security Architect » and acted as “Adversary Detection Team Lead†and “Threat Hunting Team Lead†for one of Canada’s largest carrier for many years and is now SOC Team Lead in a large financial institution. He loves to give talk and had the honor to do so at GoSec, BSidesCharm, NorthSec, BSidesLV, Defcon’s BTV and Derbycon.
\nTwitter: @ScoubiMtl
\n\n
\nDescription:
\nBloodhound stores AD data in a Neo4j. The UI allows you to get some information out of the box, but that is only the tip of the iceberg. Using Cypher if you can think it, you can visualize it!\n
The workshop will start with a quick presentation of BloodHound (BH). This is to make sure everybody understands the product as I very often meet security practitioners that never heard of the tool. (5 minutes)\n
The participants will be provided with test data, either in JSON format (a few KB) that can import in the BH UI or as a Neo4j database (very big). The reason to provide both is that BH is now detected by many AV as a Hacking tool and I don\'t want to exclude participants who come with their work computer. Those files will be provided ahead of time via Dropbox or similar file sharing site.\n
The first part of the workshop will go over the various objects present in BH: Computers, Groups, OU, Domains, etc. and the properties of those objects. We will learn how to interact with them using both the UI and the Neo4j Web Console (NWC). We will then use the prebuilt queries from the BH UI and use them in the NWC. From there we will start modifying them and see what impact it has. Debugging techniques will be shown. (~20 minutes)\n
After that we will go into a bit more advance query type, for example multiple relationships and chaining queries together. A few examples will be provided and the participants will be able to replicate the queries and see the result. (~30 minutes)\n
Finally, the participants will receive a list of questions and they will need to build the Cypher Queries themselves in order to find the answer. I will be there to assist them and debug their queries as needed. (~30 minutes)\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68506),('2_Friday','11','10:00','11:30','Y','BTVW1','','\'Cypher for Defenders: Leveraging Bloodhound Data Beyond the UI (Intermediate)\'','\'Scoubi\'','BTVW1_b9b702967846dcf689c56b931d589e66','\'\'',NULL,68507),('2_Friday','11','11:00','11:59','N','BTVT1','','\'OuterHaven - The UEFI Memory Space Just Itching to be Misused (Intermediate)\'','\'Connor Morley\'','BTVT1_40d09c154da877610c73c2971829560d','\'Title: OuterHaven - The UEFI Memory Space Just Itching to be Misused (Intermediate)
\nWhen: Friday, Aug 7, 11:00 - 11:59 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\n
SpeakerBio:Connor Morley\n
\nA computer security obsessive, Connor has been a threat hunter for the past 3 years spending half his job time looking for vulnerabilities and ripping apart exploitation tools/malware. In addition to his investigative action, he also participates in enhancement and development of the industry leading detection system employed to actively detect and disrupt active attackers. Enjoying advanced attack methods, he has participated in active attack prevention and remediation as well as publishing white papers on APT level attack frameworks (Is Killsuit laying in wait? - Equation group) and tackling detection problems (Truecrypt detection and distributed attack system - TCrunch).
\nTwitter: @Lavi16
\n\n
\nDescription:
\nThis presentation will cover research which explores the methods in which all levels of attackers can work with exploiting the UEFI memory space as well as methods for monitoring & enumerating this data haven and the associated access difficulties. I will also demonstrate some scripting and Python code that leverages Windows hosted elements to both exploit, enumerate and monitor this safe space for everyone to play with.\n
The exploitaiton of UEFI memory has previously only been thought of as something that is used for rootkits or advanced/targeted offensive operations. However, offensive actors and researchers have shown that they are willing to exploit this area with increasing ease. This presentation goes one step further and highlights the extremely basic level of computer knowledge needed to exploit this in current Windows OS, one-click and copy-paste scripts being able to generate the same results. However, the presentation also highlights solutions to monitor/access/analyze issues for this reclusive data set which allows active threats to be scrutinized and detection & preventative methods developed for both local and remote security solutions.\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68508),('2_Friday','13','13:30','14:59','N','BTVW1','','\'Turning Telemetry and Artifacts Into Information (Intermediate)\'','\'Omenscan\'','BTVW1_3ee60099d5a84b5cbe44e0da28a8292d','\'Title: Turning Telemetry and Artifacts Into Information (Intermediate)
\nWhen: Friday, Aug 7, 13:30 - 14:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
SpeakerBio:Omenscan\n
\nNo BIO available
\n\n
\nDescription:
\nThere are many excellent FOSS triage and live response tools for Windows. They can dive deep into Windows systems to extract the artifacts and telemetry that might identify what happened on a machine.\n
However, after extracting those artifacts, it is usually up to the analyst to parse and reformat the raw data from these artifacts to make sense of them.\n
What if you are looking for a basic, repeatable, automated way to create an overview of what happened on a machine? In this Show And Tell we\'ll walk through the process of turning raw artifacts into useful information.\n
The presenter has spent many years developing tools and methods to help junior forensicators collect, parse, and make sense of Windows telemetry and artifacts. And in the process help them learn more.\n
In this Show And Tell, we will walk through the process of doing an automated, targeted collection on a suspicious machine. We will take that collection, and use Open Source tools to turn that data into an immediately useful report. We will also cover how to collect locally, and remotely - and the unique challenges that each presents.\n
We will start with collecting data from a suspicious endpoint using AChoir, and creating a report from that data using AChReport. We will also use tools like Volatility and Loki to automate memory analysis and determine if something malicious is located in memory. We will cover this process for both live systems, and collected memory dumps. And we will talk about when you would use one method over the other.\n
Finally, we will take the collected data, and show how to run Plaso against it to get a timeline which can be further processed for a more detailed analysis.\n
This workshop is relevant for both the novice and experienced forensic analyst. It is targeted at automating parts of the forensic analysis process to find common signs of malicious activity. We will use specific tools, but the goal is to show how forensic tools can be automated to enhance the forensic analysis process.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68509),('2_Friday','14','13:30','14:59','Y','BTVW1','','\'Turning Telemetry and Artifacts Into Information (Intermediate)\'','\'Omenscan\'','BTVW1_3ee60099d5a84b5cbe44e0da28a8292d','\'\'',NULL,68510),('2_Friday','12','12:30','12:59','N','BTVT1','','\'No Question: Teamviewer, Police and Consequence (Beginner)\'','\'corvusactual\'','BTVT1_adc2fbfa8bd67ba4e97991f5da996ae1','\'Title: No Question: Teamviewer, Police and Consequence (Beginner)
\nWhen: Friday, Aug 7, 12:30 - 12:59 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\n
SpeakerBio:corvusactual\n
\nBill Dungey is a media maker, infoholic and professional nerd. Grab his latest work from postpunksuperhero.com.
\nTwitter: @corvusactual
\nhttps://postpunksuperhero.com
\n\n
\nDescription:
\nIn the summer of 2019, I attended DEFCON for the first time and spent my days lingering around the Blue Team Village. Two weeks after I returned, our largest client was breached. A malicious actor remotely installed keyloggers on over a hundred computers.\n
After a marathon of logs and OSINT, I traced the bad guy to his house. I offered a dossier with everything I’d found to the local Cyber Crime unit, leading to a full confession and finally, the release of the suspect for circumstances I’m not authorized to know.\n
This talk discusses an internal breach of a non-profit organization. A delicate mix of politics, technical challenge and pressure, this event fundamentally shifted my career.\n
A strange log file triggered a closer look at some servers. Within minutes, we had realized a massive breach had taken place.\n
We found a keylogger installed on over a hundred computers. After a little digging, we found an unknown username referenced in a handful of Teamviewer connection logs.\n
Teamviewer was uninterested in helping us without an international warrant of some kind. Through a day of parsing log files (no, we don’t have SIEM, IDS or IPS at this client), OSINT and the confidence I’d gained from finding a tribe at the BTV, I was able to identify the person responsible and gain insight into a real-world breach.\n
A search warrant was executed, devices were nabbed for forensics and the detective secured a full confession. I was told there was ‘No Question\', this was the person responsible, a client from the very organization that had been hit.\n
Some time later, after some political meetings between the parties involved, it was determined that a charge would not be levied against the malicious actor for reasons I have yet to be told. The organization is still actively under attack via weekly spear-phishing and whaling. After six weeks, the organization allowed the confirmed suspect back into the fold, accessing programs within the umbrella of the agency and within reach of the very systems he used to gain his foothold.\n
This is a vital topic to Blue Teamers. The real-world implications of a breach aren’t clear or fair and it’s all up to you.\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68511),('2_Friday','16','16:30','17:59','N','BTVW1','','\'Open-Source Tools for Hunting and Practical Intelligence (Intermediate)\'','\'Joe Slowik\'','BTVW1_7fef523e1ede5aff76ad0c74ca7aa104','\'Title: Open-Source Tools for Hunting and Practical Intelligence (Intermediate)
\nWhen: Friday, Aug 7, 16:30 - 17:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
SpeakerBio:Joe Slowik\n
\nJoe Slowik has experience across multiple facets of cyber and information operations stretching over 10 years. Past roles include operations planning and mission development within the US Department of Defense; planning network defense strategies for US Naval assets afloat; running incident response operations at Los Alamos National Laboratory; building a threat intelligence program within the US Department of Energy; critical infrastructure attack analysis and activity tracking; and assisting industrial control system asset owners and operators in defensive planning and response.
\nTwitter: @jfslowik
\n\n
\nDescription:
\nOrganizations need to identify and disposition new threats to ensure active, adaptive defense. This workshop will walk through open source resources and freely-available techniques to identify new threats and attack trends, and how to then formulate defensive strategies for enterprise protection.\n
Open source intelligence and information gathering\n Company blogs, articles, and media reporting\n Distinguishing between technical reporting and pure marketing\n \"Reading between the lines\" for search terms\n Social media and Twitter
\n Suggested accounts
\n Source vetting and evaluation
\n Public threat feeds: AlienVault, IBM X-Force\n Registration and data retrieval\n
Timeliness and value\n
Sample gathering and extracting information\n HybridAnalysis, ANY.RUN, MalShare, VirusShare – VT (commercial)\n Capabilities and limitations of free services\n Evaluating different reporting types, extracting information for further searching\n How to read an analysis or incident report\n More reading between the lines
\n Going beyond hashes and IPs\n
Extracting information for use and application\n
Formulating information into hypotheses and pivoting\n Network pivoting: DomainTools, RiskIQ, Censys, Shodan, Urlscan, VirusTotal (free)\n The art of network pivoting without going \'too far\'\n Pivoting types: registration information, SOA leaks, infrastructure similarities, etc.\n Host/Binary pivoting: VirusTotal, HybridAnalysis, ANY.RUN, etc.\n File metadata and compilation artifacts\n
Identifying common tooling, techniques, and references to publicly-available projects\n
Overview and exercise:
\n Beginning with a single sample (malicious document file), extracting additional information\n Identifying items of interest in document, identifying payload\n Using information to identify general patterns, trends, and behaviors\n Translating identified information into rules, hunting hypotheses, and defensive measures\n Deliverable: Additional IOCs, brief report for review and feedback (after conclusion of workshop)\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68512),('2_Friday','17','16:30','17:59','Y','BTVW1','','\'Open-Source Tools for Hunting and Practical Intelligence (Intermediate)\'','\'Joe Slowik\'','BTVW1_7fef523e1ede5aff76ad0c74ca7aa104','\'\'',NULL,68513),('2_Friday','13','13:30','14:30','N','BTVT1','','\'Building BLUESPAWN: An Open-Source, Active Defense & EDR Software (Intermediate)\'','\'Jake Smith,Jack McDowell\'','BTVT1_9aad67e328e8cf85188f436064fd53ca','\'Title: Building BLUESPAWN: An Open-Source, Active Defense & EDR Software (Intermediate)
\nWhen: Friday, Aug 7, 13:30 - 14:30 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\nSpeakers:Jake Smith,Jack McDowell
\n
SpeakerBio:Jake Smith\n
\nJake is recent graduate of the University of Virginia where he studied Computer Science and Cybersecurity. During his time in school, he was a Rodman Scholar and served as President of the Computer and Network Security (CNS) Club at UVA. In addition, he co-started UVA’s Cyber Defense and Offense Teams to compete in the Collegiate Cyber Defense Competition (CCDC) and Collegiate Penetration Testing Competition (CPTC). Outside of school, Jake co-founded MetaCTF, a cybersecurity training company, which has run CTF events across the United States and beyond.
\nTwitter: @jtsmith282
\n
SpeakerBio:Jack McDowell\n
\nNo BIO available
\n\n
\nDescription:
\nOur team has developed BLUESPAWN, a fully open-source, active defense and EDR tool for Windows. While there are ample offensive oriented tools publicly available, there is very little on the defensive side. We aim to use this project to demonstrate how modern-day security solutions work by building our own from the ground up. In addition, we integrate a number of popular community libraries and tools such as MITRE ATT&CK, DoD STIGs, YARA, and PE-Sieve with one goal: to enable any security analyst to quickly detect, identify, and eliminate malicious activity on a system.\n
In today’s world, computers running Microsoft’s Windows operating system remain a top target for threat actors given its popularity. While there are a number of commercial defensive cybersecurity tools and multi-purpose system analysis programs such as SysInternals, this software is often closed-source, operates in a black-box manner, or requires a payment to obtain. These characteristics impose costs for both attackers and defenders. In particular, while the restrictions prevent attackers from knowing exactly what these tools detect, defenders often end up not having a good understanding of how their tools work or exactly what malicious activity they can identify.\n
Building on prior work and other open-source software, our team decided to create BLUESPAWN. This open-source program is an active defense and endpoint detection & response (EDR) tool designed to quickly prevent, detect, and eliminate malicious activity on a Windows system. In addition, BLUESPAWN is centered around the MITRE ATT&CK Framework and the Department of Defense’s published STIGs. We have also integrated popular malware analysis libraries such as VirusTotal’s YARA to increase the tool’s effectiveness and accessibility. Currently, our team is developing the alpha version of the client which can already detect real-world malware. In the future, we will continue to build out the client and eventually integrate both a server component for controlling clients and a cloud component to deliver enhanced detection capabilities.\n
Github: https://github.com/ION28/BLUESPAWN\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68514),('2_Friday','14','13:30','14:30','Y','BTVT1','','\'Building BLUESPAWN: An Open-Source, Active Defense & EDR Software (Intermediate)\'','\'Jake Smith,Jack McDowell\'','BTVT1_9aad67e328e8cf85188f436064fd53ca','\'\'',NULL,68515),('2_Friday','15','15:00','16:30','N','BTVW2','','\'Threat Hunting with the Elastic Stack (Beginner)\'','\'Ben Hughes\'','BTVW2_541c2fd888084e3f7b5ac5f72da12f8d','\'Title: Threat Hunting with the Elastic Stack (Beginner)
\nWhen: Friday, Aug 7, 15:00 - 16:30 PDT
\nWhere: Blue Team Vlg - Workshop Track 2
\n
SpeakerBio:Ben Hughes\n
\nBen Hughes (@CyberPraesidium) brings over 15 years of diverse experience in cyber security, IT, and law. He leads Polito\'s commercial services including pen testing, DFIR, and threat hunting. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients. He holds CISSP, GWAPT, and GCFA certifications.
\nTwitter: @CyberPraesidium
\n\n
\nDescription:
\nThis hands-on workshop will walk you through leveraging the open source Elastic (ELK) stack to proactively identify attacker activity hiding within diverse data sets. The basic tools and techniques taught during this workshop can be used to investigate isolated security incidents or implemented at scale for continuous monitoring and threat hunting. You will be provided with access to a preconfigured Elastic cluster and extensive sample logs containing malicious endpoint and network events waiting to be discovered on a simulated enterprise network. Emphasis will be placed on live demos and practical training exercises throughout.\n
With all new logs and revamped material from our past versions of this workshop, this year\'s hands-on workshop will walk attendees through leveraging the open source Elastic (ELK) stack to proactively identify malicious activity hiding within diverse data sets. The basic tools and techniques taught during this class can be used to investigate isolated security incidents or implemented at scale for continuous monitoring and threat hunting. Attendees will be provided with access to a preconfigured Elastic cluster and extensive sample logs containing malicious endpoint and network events waiting to be discovered on a simulated enterprise network. New for this year, attacker artifacts will be more closely mapped to the MITRE ATT&CK Framework and tagged accordingly in the provided logs to help demonstrate the value of log enrichment, showcase both common and novel real-world attacker TTPs, and leverage a methodological approach to adversary and anomaly detection. Emphasis will be placed on live demos and practical training exercises throughout.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68516),('2_Friday','16','15:00','16:30','Y','BTVW2','','\'Threat Hunting with the Elastic Stack (Beginner)\'','\'Ben Hughes\'','BTVW2_541c2fd888084e3f7b5ac5f72da12f8d','\'\'',NULL,68517),('2_Friday','15','15:00','15:30','N','BTVT1','','\'Indicators of Emulation (Intermediate)\'','\'Ch33r10\'','BTVT1_326ff932e4a464620930e6f6ddb2cea2','\'Title: Indicators of Emulation (Intermediate)
\nWhen: Friday, Aug 7, 15:00 - 15:30 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\n
SpeakerBio:Ch33r10\n
\n@ch33r10 works for a Financial Services Fortune 500 Company. She is a graduate of the SANS 2017 Women’s Academy, has an MBA in IT Management, and currently holds the GSEC, GCIH, GCFE, GMON, GDAT, GPEN and GCTI certifications. She is a member of the Financial Services Information Sharing and Analysis Center (FS-ISAC), Yara Exchange, and FuzzySnugglyDuck. @ch33r10 is a doctoral student at Marymount University and has served on multiple CFP review boards.
\nTwitter: @ch33r10
\n\n
\nDescription:
\nCyber threat intelligence, in the past, has primarily focused on extracting, preparing, and analyzing indicators of compromise for digital forensics and incident response, the security operations center, and other teams. This talk proposes that cyber threat intelligence analysts extract indicators of emulation and include them in their threat reports for red team operations, adversary emulation, and purple team exercises. Learn how to extract Indicators of Emulation in Windows-based malware for high-value adversary emulation and purple team exercises based upon org specific data.\n
Cyber threat intelligence plays a pivotal role in collecting and analyzing data to produce intelligence for an organization. Most of the cyber threat intelligence reports include indicators of compromise that various teams, such as incident response, hunt, and security operations, consume; however, there is limited intelligence in most threat reports geared towards adversary emulation. There is a lack of research or information regarding indicators related to emulating an attacker’s malware, mainly Windows-based malware. As cyber threat intel teams mature through using their internal attack data to produce intelligence, it becomes necessary to determine how to build out existing capabilities and provide additional value to other teams in the organization. Cyber threat intelligence analysts can contribute to adversary emulation exercises through extracting indicators of emulation to include in their threat intelligence reports for a realistic emulation of the adversary.\nHere’s what I plan on showing the audience how to do step-by-step and with a pre-recorded demo:\n-Audit Log setup for Win10 VM
\n-Disable Window Defender SmartScreen before downloading samples\n-Create custom “test†malware to ensure command-line Audit logging is set up properly (blue teamers popping calc with a custom compiled program made in C++).\n-walk through how I picked samples from URLhaus so they can practice at home or use their own org’s samples\n-walk through of what I looked for in the command-line\n-Discussion of where I am at in the research\n-Ideas/suggestions on how to package the Indicators of Emulation for Adversary Emulation, Red Teams, and Purple Exercises.\n***I will document everything very well and include it in my presentation as a resource. I only need 15 minutes.\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68518),('2_Friday','16','16:00','16:30','N','BTVT1','','\'Detecting The Not-PowerShell Gang (Intermediate)\'','\'Mangatas Tondang\'','BTVT1_4df9cc819ca07196b4283b656e4b289e','\'Title: Detecting The Not-PowerShell Gang (Intermediate)
\nWhen: Friday, Aug 7, 16:00 - 16:30 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\n
SpeakerBio:Mangatas Tondang\n
\nProfessionally, Mangatas is a Threat Hunter for one of the major Canadian Telecommunication company. As a blue teamers, he is passionate on learning and breaking the hacking tools to pieces and try to develop detection against them. He also love following and building detection from the recent intelligence report on different APT groups. Coming from a school that taught him broad spectrum of Information Security, he also love exploring application security, reverse engineering, and script tools that can help him and his coworkers. He wouldn\'t be here without community support, that\'s why he love to give security training for other people and currently he is also a member of CTF challenge development team for his almamater. Outside the Security world, He is a guitarist and also \"wannabe\" astrophotographer.
\nTwitter: @tas_kmanager
\n\n
\nDescription:
\nSince the advancement of security features released in PowerShell version 5, Red Team folks are forced to not use PowerShell to have successful and undetectable engagements. Some of them even push the boundary and created their own Not-PowerShell tools and released it to the public. As a Blue Teamer, this means we need to reinforce our perimeter against these tools. This talk will uncovers some of the popular Not-PowerShell tools followed by how the blue teams can still spot these tools and build detection on it.\n
This talk will look into several not-powershell tools and craft several detection tactics based on their mechanism. We will utilize common logging tools, Sysmon and Windows Logs (Integrated to SIEM).\n
We will start with Introduction and will quickly go through the common mechanism used by the not-powershell tools\n
Tools we are going to look at are:
\n- InvisiShell
\n- NoPowerShell
\n- PowerShdll
\n- PowerLessShell
\n- And some other tools with similar mechanism\n
After getting familiar with the mechanisms, we will put our blue hat back and see what artifacts left by these tools and build reliable detection for each mechanisms leaving small room for false positives. At the end of the day, the blue team will be awarded with some queries (also known as rules or use cases) that they can use and deploy at their own SIEM solution.\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68519),('2_Friday','19','19:30','20:30','N','BTVT1','','\'Purple On My Mind: Cost Effective Automated Adversary Simulation (Intermediate)\'','\'Mauricio Velazco\'','BTVT1_2a24e8fc4b43f033bb2c4cbd15b8036a','\'Title: Purple On My Mind: Cost Effective Automated Adversary Simulation (Intermediate)
\nWhen: Friday, Aug 7, 19:30 - 20:30 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\n
SpeakerBio:Mauricio Velazco\n
\nMauricio Velazco (@mvelazco) is a Peruvian, Infosec professional who started his career as a penetration tester and jumped to the blue team 8 years ago. He currently leads the Threat Management team at a Fortune 500 where he focuses on threat detection/hunting and adversary simulation. Mauricio has presented and hosted workshops at conferences like Defcon, Derbycon, BSides and the SANS Threat Hunting Summit. He holds a few certifications including OSCP and OSCE.
\nTwitter: @mvelazco
\n\n
\nDescription:
\nAutomated adversary simulation is often perceived as a hard, dangerous and complicated program to implement and run. Fear no longer, our methodology and tooling will let you test and measure your defenses throughout your production environment to test not only your detection rule’s resilience but the whole event pipeline as well as your team’s response procedures. In this talk, we’ll share with the audience the open source tools we built and the methodology we use that will allow them to hit the ground running at nearly no cost.\n
Introduction (5 min)\n
Automated Adversary simulation - Design & Methodology (10 min)\n
State of the art (3 min)\n
Our approach (25 min )\n
Takeaways ( 3 min)\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68520),('2_Friday','20','19:30','20:30','Y','BTVT1','','\'Purple On My Mind: Cost Effective Automated Adversary Simulation (Intermediate)\'','\'Mauricio Velazco\'','BTVT1_2a24e8fc4b43f033bb2c4cbd15b8036a','\'\'',NULL,68521),('2_Friday','17','17:00','17:59','N','BTVT1','','\'Discovering ELK The First Time - Lessons Learned Over 2 Years (Beginner)\'','\'TheDrPinky\'','BTVT1_0725d395956f1cf28e6498227b9b955a','\'Title: Discovering ELK The First Time - Lessons Learned Over 2 Years (Beginner)
\nWhen: Friday, Aug 7, 17:00 - 17:59 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\n
SpeakerBio:TheDrPinky\n
\nDr. Pinky has been a computer scientist for the US Air Force for the last six years. She specializes in threat hunting and digital forensics for both Linux and Windows operating systems. You can find DrPinky in the infosec area as the social media coordinator for BSides San Antonio, participating in the San Antonio Hackers Association (SAHA), and presenting at events such as SANS Blue Team Summit and Texas Cyber Summit.
\nTwitter: @TheDrPinky
\n\n
\nDescription:
\nELK has become one of the favorite tools of blue teamers across the world. However, when you’re first getting used to ELK, you may be overwhelmed and not fully understanding what is happening. There is more to do with it than simply feed in logs and search it in a pretty web UI! This talk will focus on things I wish I knew about ELK back when I was first learning it to help provide some quick wins for those new to ELK, and maybe a few tidbits for those who already use it.\n
Elastic, Logstash, and Kibana (ELK) continue to keep becoming more popular with blue teamers - there’s plenty of documentation, you can custom develop anything you want with it due to the fact it’s open source, and it’s free! However, those first starting out with ELK can become quickly overwhelmed. When these people finally get the hang of ELK, they still may be missing some critical understanding that limits them - why can’t I filter by hostname? What do these pretty yellow triangles really mean? This is because most people will get used to just Kibana - not rest of the stack. In this talk I’ll cover lessons I wish I learned a lot sooner about ELK that would have helped me out - and hopefully they help you too!\n
Lesson 1: Elastic and Kibana are NOT the same. Going into the differences, why they get confused, and what the actual differences are.\n
Lesson 2: Logstash is more powerful than you give it credit for, but is incredibly overwhelming. Here’s some ways to get some quick bang for buck.\n
Lesson 3: How do you go about feeding in your own custom documents to ELK? This will quickly go into popular ways to feed logs into ELK, and if that doesn’t help, how to feed in other information to ELK through a more manual approach. Never know when a custom script output would be better put in elastic!\n
Lesson 4: Don’t forget about your Linux logs! With Linux we may be more used to relying on rsyslog to forward everything - but this most likely just captures your application logs. What about the equivalency of event logs on Linux? This will (very) briefly introduce auditd, how to forward it to ELK, and how to best parse through it.\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68522),('2_Friday','18','18:30','18:59','N','BTVT1','','\'Fighting a Virus with a Spreadsheet (Beginner)\'','\'Allen Baranov\'','BTVT1_af74f916ba04cd9a6210eb36fe26d33f','\'Title: Fighting a Virus with a Spreadsheet (Beginner)
\nWhen: Friday, Aug 7, 18:30 - 18:59 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\n
SpeakerBio:Allen Baranov\n
\nAllen is a seasoned information security professional with over 15 years of experience in diverse industry verticals such as banking and finance, manufacturing, retail and communications. He has extensive knowledge of IT Security Management, Compliance including ISO 27001 and PCI DSS, Network Security Architecture Review, Vulnerability assessment and Security Architecture.\n
As a senior information security consultant (GRC) at Sense of Security, Allen brings a keen interest in IT risk assessments and risk treatment, security architecture and design, PCI-DSS gap assessments, security strategy and roadmaps as well as the creation of frameworks, policies, standards and procedures.\n
Supported by his Bachelor of Commerce and multiple industry-recognised certifications such as PCI QSA, CISSP, and SABSA, Allen has extensive experience across many security compliance implementations and security operation requirements. His strengths include understanding the technical intricacies of security and the need for a balanced approach to meet business objectives and addressing risks appropriately.\n
\nTwitter: @abaranov
\n\n
\nDescription:
\nOn 27 June 2017, a piece of malware raced across the globe and took out many organisations including some that were similar to the one I was employed at. But we were safe and, in fact, not worried at all.\n
All thanks to clever use of spreadsheets.\n
In this talk, given entirely within Excel (yes, really) I go through the methods used to protect the organisation from this malware. If a talk given entirely in Excel sounds boring - you haven\'t seen this talk.\n
I have (virtually) given this talk twice - at a local Australian conference called ComfyCon and at a charity event hosted by Second Order Chaos. In both cases - they were blown away by the creativity of the \"slides\" and the fun way that this is presented.\n
There is a serious aspect to this though. It goes through the different phases of getting an effective patch program established. It has a \'hacker\' aspect to it in that it asks people to be excited and interested and curious about their security controls and the processes that lead to the outcomes that are achieved.\n
I\'ve thrown some humour and some easter eggs into the presentation.\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68523),('3_Saturday','09','09:00','09:59','N','BTVT1','','\'Reversing with Dynamic Data Resolver (DDR) – Best practice (Advanced)\'','\'Holger Unterbrink\'','BTVT1_3b640af5e833a4bae35213ade5b149c0','\'Title: Reversing with Dynamic Data Resolver (DDR) – Best practice (Advanced)
\nWhen: Saturday, Aug 8, 09:00 - 09:59 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\n
SpeakerBio:Holger Unterbrink\n
\nHolger is a security researcher working for Cisco Talos. His day job is to find and analyze new malware campaigns. He is the author of DDR and several other tools.
\nTwitter: @hunterbr72
\n\n
\nDescription:
\nDDR is an IDA plugin that instruments binaries using the DynamoRIO framework. In this presentation we will show you best practices how to reverse engineer malware with DDR. The talk will discuss the internals of DDR and show you by demonstration, the advantages of the tool.\n
The DDR plugin can easily resolve the majority of dynamic values for registers and memory locations which are usually missed in a static analysis. It can help to find jump locations such as “call eax†or interesting strings such as “PE†which are decoded at runtime. The tool can be used to dump interesting buffers, and gives the opportunity to patch the binary at runtime to bypass anti-analysis techniques.\n
In this presentation we will show you best practices for working with this tool, and the many ways in which it can facilitate malware analysis. More details and features can be found here: https://blog.talosintelligence.com/2020/05/dynamic-data-resolver-1-0.html\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68524),('3_Saturday','09','09:00','10:30','N','BTVW1','','\'Leveraging the critical YARA skills for Blue Teamers (Beginner)\'','\'David Bernal Michelena\'','BTVW1_95f07fd4b583848ef85b1fd0ad82b0c6','\'Title: Leveraging the critical YARA skills for Blue Teamers (Beginner)
\nWhen: Saturday, Aug 8, 09:00 - 10:30 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
SpeakerBio:David Bernal Michelena\n
\nDavid Bernal Michelena holds a bachelor\'s degree in Computer Engineering from the National Autonomous University of Mexico (UNAM) and 10 industry security certifications. He is a Senior Incident Handler Consultant in Mandiant and formerly has worked as Lead Security Researcher, Forensic Analyst and Digital Handler in both private and educational security organizations. David has spoken in various security conferences, such as Black Hat USA, SANS Threat Hunting Summit, Digital Crimes Consortium, 8.8 and BSidesCDMX. On his free time, he likes to code, swim and play music.
\nTwitter: @d4v3c0d3r
\n\n
\nDescription:
\nYARA rules have become one of the de facto industry standards for threat detection on files. It is important that blue teamers know what are YARA rules and the basic skills to correctly leverage them on file system, memory dumps and traffic analysis. This is useful for multiple blue team roles mainly malware researchers, security analysts, threat hunters and intelligence analyst.\n
YARA rules have become one of the de facto industry standards for threat detection on files. It is important that blue teamers know what are YARA rules and the basic skills to correctly leverage them on file system, memory dumps and traffic analysis. This is useful for multiple blue team roles mainly malware researchers, security analysts, threat hunters and intelligence analyst.\n
Writing YARA rules
\nReading YARA rules
\nEnhancing YARA rules
\nI will prepare a LINUX virtual machine that will be given to the attendees with some malware samples, memory dumps and pcaps and they will perform various exercises to learn the basic YARA skills. In this training, the attendees will learn:\n
• How to install on Linux and Windows
\n• How to develop several YARA rules for several malware samples\n• How to do targeted scans with YARA on file system\n• How to do memory YARA scans with volatility and rekall\n• How to YARA scan files on the network traffic\n• Video showing YARA detection on malicious files on pcap\n• Tool for automatically extracting and analyzing files with YARA rules on network traffic created by the author (YARAZeek)\n• Getting open YARA open source rules from well-known security researchers and other reputable sources.\n• Using VirusTotal Retrohunt\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68525),('3_Saturday','10','09:00','10:30','Y','BTVW1','','\'Leveraging the critical YARA skills for Blue Teamers (Beginner)\'','\'David Bernal Michelena\'','BTVW1_95f07fd4b583848ef85b1fd0ad82b0c6','\'\'',NULL,68526),('3_Saturday','10','10:30','11:59','N','BTVW2','','\'Wireshark for Incident Response & Threat Hunting (Beginner)\'','\'Michael Wylie\'','BTVW2_546e0f00b6a225911850ade8ffc01130','\'Title: Wireshark for Incident Response & Threat Hunting (Beginner)
\nWhen: Saturday, Aug 8, 10:30 - 11:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 2
\n
SpeakerBio:Michael Wylie\n, Director of Cybersecurity Services, Richey May Technology Solution
\nMichael Wylie (Twitter: @TheMikeWylie), MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GMON, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more.
\nTwitter: @TheMikeWylie
\n\n
\nDescription:
\nThis workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the workshop, we’ll examine what different attacks and malware look like in Wireshark.\n
This workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the workshop, we’ll examine what different attacks and malware look like in Wireshark. Students will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network. There will be plenty of take home labs for additional practice.\n
Attendees will learn:
\n- How to build traffic specific Wireshark profiles\n- How to setup Wireshark for threat hunting\n- How to enrich packets with threat intel\n- How to identify IOCs in a sea of packets\n- How to tap networks and where to setup sensors\n- NSM techniques
\n- Techniques to quickly identify evil on a network\n
Students are provided with PCAPs of incidents starting with 8 packets and growing to 10,000+ packet captures where students need to build a timeline of a breach.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68527),('3_Saturday','11','10:30','11:59','Y','BTVW2','','\'Wireshark for Incident Response & Threat Hunting (Beginner)\'','\'Michael Wylie\'','BTVW2_546e0f00b6a225911850ade8ffc01130','\'\'',NULL,68528),('3_Saturday','10','10:30','10:59','N','BTVT1','','\'O365Squatting (Intermediate)\'','\'Juan Francisco,Jose Miguel Gómez-Casero Marichal\'','BTVT1_b36b9d26826d7dcbbcce33a424352556','\'Title: O365Squatting (Intermediate)
\nWhen: Saturday, Aug 8, 10:30 - 10:59 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\nSpeakers:Juan Francisco,Jose Miguel Gómez-Casero Marichal
\n
SpeakerBio:Juan Francisco\n
\nJuan Francisco Bolivar is Chief Security Envoy at ElevenPaths and IT Security Manager on Pharma Industry, involved on security researching since more than 10 years, web, mobile applications and Industrial systems. His main focus is Industrial security critical infrastructures. He has recently published the first book in Spanish about Industrial security,\n
https://0xword.com/es/libros/85-infraestructuras-criticas-y-sistemas-industriales-auditorias-de-seguridad-y-fortificacion.html.\n
Previously he has been working as pentester and security engineer for international companies, releasing more than 10 0-days for vendors as Cisco, Honeywell, Siemens.... His is teaching at several university masters in Spain and South-America and public speaking on different security conferences Vicon, Hackron, TizonaConf, Honeycon, Isaca...\n
\nTwitter: @jfran_cbit
\n
SpeakerBio:Jose Miguel Gómez-Casero Marichal\n
\nNo BIO available
\n\n
\nDescription:
\n0365Squatting is a python tool created to identify that domains before the attack start. The tool can create a list of typo squatted domains based on the domain provided by the user and check all the domains against O365 infrastructure, (these domains will not appear on a DNS request).\n
At the same time, this tool can also be used by red teams and bug bunters, one of the classic attacks is the domain takeover so, the second option of this too is to check if the domain is registered in O365 in order to launch a domain takeover attack.\n
One of the main benefits of cloud technology is to deploy quickly services, with minimum interaction from the administrator side, this is an advantage exploited by cyber criminals too. Nowadays the main threats all size companies are facing is phishing, every day cyber criminals are creating more sophisticated techniques to cheat users and make more difficult the job of blue teams. The most common technique used is typo squatting.\nPart of the Blue team mission is to detect phishing, typo squatters, and attack domains before the phishing campaign begins, there is outside plenty of tools trying to detect that domains based on DNS, however none of them are focus into the cloud.\n
0365Squatting is an OpenSource tool created on Pyhton3, that can be launched automatically using cron. This is a unique tool, not only because of the cloud capabilities, if not because is prepared to be integrated with commercial SIEM as ArcSight based on the output possibilities, on screen or in format CEF and JSON.\n
When you create an account into O365 you can get a domain to use on your server mail on O365, however this domain is not published into DNS servers. Not publishing the domain automatically as AWS or GCloud is doing create a serious problem for organizations and blue team keeping a grey area for monitoring of domains. Our team has detected 100\'s of attacks using this method that classic tools are not detecting\n0365Squatting runs locally without sharing any info allowing:\n
Create list of squatted domains
\n Check squatted domains on O365
\n Check possible domain takeover on O365\n Export in several formats (CEF, JSON)\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68529),('3_Saturday','12','12:00','13:30','N','BTVW1','','\'Tracer FIRE 9 (Intermediate)\'','\'Andrew Chu\'','BTVW1_ab7d50c54739c14a6ab71864bee8a0c8','\'Title: Tracer FIRE 9 (Intermediate)
\nWhen: Saturday, Aug 8, 12:00 - 13:30 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
SpeakerBio:Andrew Chu\n
\nI am a senior undergraduate student working towards a B.S. in Computer Science at Purdue University. I’ve also worked as a year round R&D intern at Sandia National Laboratories for ~6 years, doing work on topics such as web exploitation, network virtualization, and malware classification.
\n\n
\nDescription:
\nTracer FIRE 9 (Forensic Incident Response Exercise) is a team-oriented, CTF-style exercise in which participants develop forensic incident response skills through a virtual simulated environment. It aims to provide a target rich setting for practicing forensic techniques, and utilizes malware from real-world APT campaigns to bridge the gap between reality, and a synthetic task context. At the end of the exercise, participants will have had the chance to interact with various forensic tools and files widely encountered in actual Blue Team operations, and will additionally be exposed to invaluable reflection on potential attack matrices used in exploitation.\n
Tracer FIRE (Forensic Incident Response Exercise) is a combined simulation and live exercise program developed by Sandia National Laboratories to help cyber security incident responders, analysts, and operators become proficient in critical skill areas. These exercises simulate various events such as attacks, emergencies, and disruptions to critical infrastructure. Participants in this latest Tracer FIRE scenario are hired by the electric skateboard company, WheelByte, to investigate a series of cyber attacks resulting in exfiltration of company data, degradation of service, and damage to consumer confidence. Provided with a set of artifacts spanning raw email sessions, network packet captures, disk images, and memory images, participants conduct analysis to advance their investigation. Tools such as Security Onion and Ghidra are then used to parse said artifacts, yielding intriguing findings which may then be merged for development of an overarching view of the scenario. Through such means, participants can gain understanding of potential approaches for emerging cybersecurity issues.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68530),('3_Saturday','13','12:00','13:30','Y','BTVW1','','\'Tracer FIRE 9 (Intermediate)\'','\'Andrew Chu\'','BTVW1_ab7d50c54739c14a6ab71864bee8a0c8','\'\'',NULL,68531),('3_Saturday','11','11:30','11:59','N','BTVT1','','\'Low Value Indicators For High Value Decisions (Intermediate)\'','\'Allan Stojanovic,Spencer Cureton\'','BTVT1_f952a1893a8d97573212cb73b41bd539','\'Title: Low Value Indicators For High Value Decisions (Intermediate)
\nWhen: Saturday, Aug 8, 11:30 - 11:59 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\nSpeakers:Allan Stojanovic,Spencer Cureton
\n
SpeakerBio:Allan Stojanovic\n
\nAllan Stojanovic has survived IT for over 25 years. He has worked in nearly every vertical doing may different roles, mostly in the Information Security field. A jack of all trades, Allan tries to know a little bit about everything, and is a self-proclaimed expert at nothing.
\nTwitter: @allansto
\n
SpeakerBio:Spencer Cureton\n
\nNo BIO available
\n\n
\nDescription:
\nWe will present how the Abuse Operations team uses collections of indicators to fingerprint and track adversaries on one of the largest pure-play, remote-code-execution-as-as service platforms on the Internet: Heroku. We can detect when they change tactics, we can spot the number of people involved, and we can misdirect them to the point that they become even easier to track!\n
We hope the ideas presented here will help your day to day routine as well as provide a solid model to guide future decisions from architecture to automation.\n
Introduction\n
\n Allan and Spencer
\n Heroku - A PaaS that\'s basically RCEaaS\n We keep customers from doing bad things on, to, and from the platform\n
\nAdversaries\n
\n Adversary classification and evolution - skids to apex threat actors\n Establishing intent to differentiate good from bad actor. \n
Definitions\n
\"Abuse\" - misuse, malice, crime
\n Indicators, TTPs, Fingerprints
\n Slang: splash, pivot, etc.\n
Methodology\n
Hunting - environment and tools (and lack of)\n Leveraging the home field advantage\n Determining intent with constellation of indicators\n Detecting adversary changes when pressure is applied - from TTP shifts to spotting multiple actors from a campaign\n Leading the adversary - limit their available choices \n
Examples of frustrating specific actors/campaigns\n
Cryptocurrency mining
\n Phishing
\n Blackhat SEO\n
Takeaways\n
Break spirits, not code!
\n Identify all sources of indicators - internal and external TI\n All low value indicators are equal until they are not.\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68532),('3_Saturday','16','16:30','17:59','N','BTVW2','','\'A N00b\'s Intro to Building Your Own Lab (Beginner)\'','\'Omar Santos\'','BTVW2_8ce57af8a3967d64a578181e60e6927d','\'Title: A N00b\'s Intro to Building Your Own Lab (Beginner)
\nWhen: Saturday, Aug 8, 16:30 - 17:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 2
\n
SpeakerBio:Omar Santos\n, Cisco
\nOmar Santos is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar is the author of over 20 books and video courses; numerous white papers, and other articles. Omar is a Principal Engineer of Cisco’s Product Security Incident Response Team (PSIRT) where he mentors and lead engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar is often presenting at many conferences and he is the co-lead of the DEF CON Red Team Village.
\nTwitter: @santosomar
\n\n
\nDescription:
\nThis is a brief introduction of how to build your own virtualized, physical, or cloud-based environment to practice your skills in a safe ecosystem. Create a lab for offensive and defensive cybersecurity concepts. You will also learn and obtain access to numerous tools that you can use to practice your skills, from virtual machines (VMs), Docker containers, and intentionally vulnerable systems. Using tools like Proxmox or even OpenStack to build your own cyber range. In addition, you will also learn how to use tools like Vagrant and Ansible to automate a lot of tasks.\n
Numerous cybersecurity, malware analysis, and penetration testing tools and techniques have the potential to damage or destroy the target system or the underlying network. In addition, if malware is used in testing, there is the potential for infection and spread if testing in an Internet-connected testbed. This is a brief introduction (beginners and intermediate) were you will learn how to build your own virtualized, physical, or cloud-based environment to practice your skills in a safe ecosystem.\n
You will learn what you need to do to create a lab for offensive and defensive cybersecurity concepts. You will also learn and obtain access to numerous tools that you can use to practice your skills, from virtual machines (VMs), Docker containers, and intentionally vulnerable systems. You will learn how you can leverage tools like Proxmox, or even OpenStack to build your own cyber range. In addition, you will also learn how to use tools like Vagrant and Ansible to automate a lot of tasks. Vagrant files and Ansible playbooks will be shared during the class for you to build complex lab environments within minutes. We will also go over a few demos on how to create environments in cloud services such as AWS, Azure, Google Cloud, and Digital Ocean.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68533),('3_Saturday','17','16:30','17:59','Y','BTVW2','','\'A N00b\'s Intro to Building Your Own Lab (Beginner)\'','\'Omar Santos\'','BTVW2_8ce57af8a3967d64a578181e60e6927d','\'\'',NULL,68534),('3_Saturday','15','15:30','16:15','N','BTVW1','','\'Defending Your UNIX Hosts (Intermediate)\'','\'Daniel Ward,Samuel Gasparro\'','BTVW1_5448b7096af54e85d1806fd26d8f81eb','\'Title: Defending Your UNIX Hosts (Intermediate)
\nWhen: Saturday, Aug 8, 15:30 - 16:15 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\nSpeakers:Daniel Ward,Samuel Gasparro
\n
SpeakerBio:Daniel Ward\n
\nInformation Security / Linux Systems Engineer, based in Strasbourg, France.\n
My background is comprised largely of Linux Systems Administration, Architecture & Engineering, data recovery / incident response.\n
\nTwitter: @ghostinthecable
\n
SpeakerBio:Samuel Gasparro\n
\nNo BIO available
\n\n
\nDescription:
\nOver the past 7 months, I have created an open-source monitoring suite called Secsuite.\nSecsuite is a fully automated Threat Detection, System Monitorization / Notifier suite for UNIX Sysadmins & Users alike.\nSecsuite has multiple packages, the focus in this workshop shall be Inframon, which is able to monitor, defend & notify you about your infrastructure, probing your hosts for:\n- Apache Server Status
\n- Bandwidth Usage
\n- CPU Load Averages & Temperatures
\n- Disk Space Usage
\n- Latency time
\n- Memory (RAM) Usage
\n- Users Monitor\n
Over the past 7 months, I have created an open-source monitoring suite called Secsuite.\nSecsuite is a fully automated Threat Detection, System Monitorization / Notifier suite for UNIX Sysadmins & Users alike.\nSecsuite has multiple packages, the focus in this workshop shall be Inframon, which is able to monitor, defend & notify you about your infrastructure, probing your hosts for:\n- Apache Server Status
\n- Bandwidth Usage
\n- CPU Load Averages & Temperatures
\n- Disk Space Usage
\n- Latency time
\n- Memory (RAM) Usage
\n- Users Monitor\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68535),('3_Saturday','16','15:30','16:15','Y','BTVW1','','\'Defending Your UNIX Hosts (Intermediate)\'','\'Daniel Ward,Samuel Gasparro\'','BTVW1_5448b7096af54e85d1806fd26d8f81eb','\'\'',NULL,68536),('4_Sunday','09','09:00','10:30','N','BTVW1','','\'Introduction to Malware Analysis & Response (MA&R) (Beginner)\'','\'Michael Wylie\'','BTVW1_385c3f08606c36717a527cacdff2126d','\'Title: Introduction to Malware Analysis & Response (MA&R) (Beginner)
\nWhen: Sunday, Aug 9, 09:00 - 10:30 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
SpeakerBio:Michael Wylie\n, Director of Cybersecurity Services, Richey May Technology Solution
\nMichael Wylie (Twitter: @TheMikeWylie), MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GMON, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more.
\nTwitter: @TheMikeWylie
\n\n
\nDescription:
\nIn this introductory hands-on fundamental malware analysis workshop. IT and Cybersecurity professionals will learn the basic skills necessary to safely analyze the characteristics and behavior of malware. Students will walk away with practical techniques and methodologies that can be immediately applied to statically and dynamically analyzing software with an emphasis on malicious software. Gone are the days where incident responders reformat infected systems destroying valuable evidence. Preserving and analyzing malware artifacts will give attendees the skills to understand, at a high level, the techniques and malicious intents of malware that defeated their security controls.\n
LEARNING OBJECTIVES \n
\n - Understand fundamentals of malware analysis \n
- Understand the goals and benefits of performing malware analysis \n
- Be able to perform basic static analysis on Windows malware \n
- Be able to setup a malware analysis lab \n
- Be able to perform dynamic analysis on Windows malware
\nWho should take this course?
\nIT and Cybersecurity students and professionals. This is an introduction to malware analysis course for beginners. \n
What will students be provided with?
\nStudents will be provided with a Windows 10 virtual machines (trial version) with malware analysis tools and training material. Attendees will be provided with step-by-step instructional labs.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68537),('4_Sunday','10','09:00','10:30','Y','BTVW1','','\'Introduction to Malware Analysis & Response (MA&R) (Beginner)\'','\'Michael Wylie\'','BTVW1_385c3f08606c36717a527cacdff2126d','\'\'',NULL,68538),('4_Sunday','10','10:30','11:59','N','BTVW2','','\'Incident Response and the ATT&CK Matrix (Beginner)\'','\'Sam Bowne\'','BTVW2_fc75dae892db74293df49773453dbd60','\'Title: Incident Response and the ATT&CK Matrix (Beginner)
\nWhen: Sunday, Aug 9, 10:30 - 11:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 2
\n
SpeakerBio:Sam Bowne\n, Founder, Infosec Decoded Inc.; Instructor, City College San Francisco
\nSam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences.\n
Credentials: PhD, CISSP, DEF CON Black Badge Co-Winner\n
\nTwitter: @sambowne
\n\n
\nDescription:
\nPractice techniques to detect, analyze and respond to intrusions on cloud servers. We will emulate APT attacks and detect them with Splunk, Suricata, Sysmon, Wireshark, Yara and other tools. We will use the ATT&CK Matrix to enumerate threat actors, tactics and techniques.\n
Beginners are welcome. No previous experience with these techniques is required. Participants need a credit card and a few dollars to rent Google Cloud servers.\n
Practice techniques to detect, analyze and respond to intrusions. We will construct targets and attackers on the Google cloud, and send attacks using Metasploit and Caldera to emulate APT attackers. We will monitor and analyze the attacks using Splunk, Suricata, Sysmon, Wireshark, Yara and online analysis tools including PacketTotal and VirusTotal.\n
We will cover the ATT&CK Matrix in detail, which enumerates threat actors, tactics and techniques, so red and blue teams can better communicate and work together to secure networks.\n
The workshop is structured in a CTF format. Each participant works at their own pace. The techniques will be demonstrated, with complete step-by-step instructions to lead beginners through the easy challenges. There are also harder challenges for more experienced participants. We will help participants as needed, to ensure that everyone learns new techniques.\n
Participants need a credit card and a few dollars to rent Google Cloud servers. We will use Debian Linux and Windows Server 2016 systems. All the tools we will use are freely available, and all the training materials will remain available to everyone after the workshop ends.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68539),('4_Sunday','11','10:30','11:59','Y','BTVW2','','\'Incident Response and the ATT&CK Matrix (Beginner)\'','\'Sam Bowne\'','BTVW2_fc75dae892db74293df49773453dbd60','\'\'',NULL,68540),('4_Sunday','12','12:00','13:30','N','BTVW1','','\'Deploying Pi-hole: More Than an Ad Blocker (Beginner)\'','\'Ben Hughes\'','BTVW1_5273768381db33258c68a15d84d968cd','\'Title: Deploying Pi-hole: More Than an Ad Blocker (Beginner)
\nWhen: Sunday, Aug 9, 12:00 - 13:30 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
SpeakerBio:Ben Hughes\n
\nBen Hughes (@CyberPraesidium) brings over 15 years of diverse experience in cyber security, IT, and law. He leads Polito\'s commercial services including pen testing, DFIR, and threat hunting. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients. He holds CISSP, GWAPT, and GCFA certifications.
\nTwitter: @CyberPraesidium
\n\n
\nDescription:
\nPi-hole is a popular open source DNS server that can block ads network-wide, before they even reach your browser. As it effectively functions as a DNS sinkhole, Pi-hole can be configured to securely handle DNS requests for your network devices and automatically block not just ads, but a variety of malicious traffic. This workshop will walk you through how to quickly deploy Pi-hole to protect your home network or in a lab environment. A Raspberry Pi is optional; a Docker container, lightweight virtual machine, or even an old computer will work just fine.\n
This hands-on workshop will cover the following training outline:\n* Intro to Pi-hole
\n* Main features and latest features in the brand new 5.0 release\n* Deployment options * Network design and DNS/DHCP considerations\n* HA/failover considerations
\n* Initial install and configuration
\n* Using blacklists and whitelists
\n* Viewing metrics and logs
\n* What\'s next? Advanced features and possibilities\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68541),('4_Sunday','13','12:00','13:30','Y','BTVW1','','\'Deploying Pi-hole: More Than an Ad Blocker (Beginner)\'','\'Ben Hughes\'','BTVW1_5273768381db33258c68a15d84d968cd','\'\'',NULL,68542),('4_Sunday','13','13:30','14:59','N','BTVW2','','\'Cloud Security Monitoring on a Dime Store Budget (Beginner)\'','\'Wes Lambert\'','BTVW2_efb548a7774dba423c2ff5d7bfece649','\'Title: Cloud Security Monitoring on a Dime Store Budget (Beginner)
\nWhen: Sunday, Aug 9, 13:30 - 14:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 2
\n
SpeakerBio:Wes Lambert\n
\nWes Lambert is a Senior Engineer at Security Onion Solutions, where he helps companies to implement enterprise security monitoring solutions and better understand their computer networks. Wes is a huge fan of open source software projects, and loves to solve problems and enhance organizational security using completely free and easily deploy-able tools.
\nTwitter: @therealwlambert
\n\n
\nDescription:
\nAs organizations continue to rely on the cloud to run critical production workloads and store potentially sensitive data, it is more important than ever to understand our cloud infrastructure, and implement monitoring to assist in providing greater insight into the \"goings on†of cloud environments.\nIn this workshop, attendees will learn how they can leverage free and open source tools to enable effective network security monitoring for major cloud providers, extending their visibility, providing greater overall context with regard to their organization\'s network traffic, and identifying anomalies that otherwise might have gone unnoticed.\n
This workshop will address the following topics:\n
Introduction to NSM (Network Security Monitoring Concepts) - key NSM concepts will be discussed/explained\n Major cloud providers, and native mechanisms to facilitate network security monitoring\n AWS/Google Cloud\n
Packet mirroring - we\'ll discuss what packet mirroring is, and how it can be utilized\n Cloud provider-specific core NSM/infrastructure/networking concepts and implementation - in this section, we\'ll discuss the components of each cloud provider\'s infrastructure, and how it relates to our approach to network security monitoring\n
\n AWS\n Google Cloud\n
\n Automating deployment for cloud environments - in this section, we\'ll discuss how to automate deployment of cloud security monitoring (for free), as well as how to quickly and easily spin up and environment for testing, academia, or even a PoC for a potential production deployment.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68543),('4_Sunday','14','13:30','14:59','Y','BTVW2','','\'Cloud Security Monitoring on a Dime Store Budget (Beginner)\'','\'Wes Lambert\'','BTVW2_efb548a7774dba423c2ff5d7bfece649','\'\'',NULL,68544),('4_Sunday','15','15:00','15:45','N','BTVW1','','\'Azure AD Logs for the Blue Team (Intermediate)\'','\'Mark Morowczynski\'','BTVW1_b3f042279c0b467d5c31cf7f99910d7e','\'Title: Azure AD Logs for the Blue Team (Intermediate)
\nWhen: Sunday, Aug 9, 15:00 - 15:45 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
SpeakerBio:Mark Morowczynski\n
\nMark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was Premier Field Engineer supporting Active Directory, Active Directory Federation Services and Windows Client performance. He was also one of the founders of the AskPFEPlat blog. He\'s spoken at various industry events such as Black Hat 2019, Bsides, Microsoft Ignite, Microsoft Inspire, Microsoft Ready, Microsoft MVP Summits, The Cloud Identity Summit, SANs Security Summits and TechMentor. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.
\nTwitter: @markmorow
\n\n
\nDescription:
\nAs enterprises move to cloud resources like Office365 and Azure AD it is imperative that they proactively monitor and protect against potential threats. But these vast quantities of security data are of no value if you, as a security admin, cannot make sense of it. In this session we\'ll explore the data that\'s available in Azure AD logs, how to integrate it with 3rd party SIEMs and get actionable insights from it. We\'ll also share the best practices on consuming Azure AD logs based on our insights from working with large enterprises.\n
\n - Outline
\n- Understanding the different types of logs in Azure AD (Sign-In, Audit, Risk, Application) what data is in each of them. (15 mins)\nExample Conditional Access Sign-in Logs (2 mins)\nExample Service Principal Log (2 mins)\nUnderstanding how to send logs to SIEMS (5 mins)\nDemo Configuring Azure Monitor Event Hub to send to 3rd party SIEM (2 mins)\nUnderstanding key events to look for and why (10 mins)\nDemo Using Azure work books and Log Analytics to look for key events (5 mins)\nQ and A (Remaining time)
\n\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68545),('4_Sunday','16','16:00','16:59','N','BTVT1','','\'Blue Team Village Closing Ceremony\'','\'\'','BTVT1_641736230720dc3c8fc53942dfcc1f2f','\'Title: Blue Team Village Closing Ceremony
\nWhen: Sunday, Aug 9, 16:00 - 16:59 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\n
\nDescription:No Description available
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68546),('1_Thursday','07','07:30','07:59','N','RTV','','\'Red Team Village Announcements and Remarks\'','\'Joseph Mlodzìanowskì (cedoXx),Omar Ωr\'','RTV_e366cefe7d81b56ceccb999d2e8ecd89','\'Title: Red Team Village Announcements and Remarks
\nWhen: Thursday, Aug 6, 07:30 - 07:59 PDT
\nWhere: Red Team Vlg
\nSpeakers:Joseph Mlodzìanowskì (cedoXx),Omar Ωr
\n
SpeakerBio:Joseph Mlodzìanowskì (cedoXx)\n
\nNo BIO available
\nTwitter: @cedoxX
\n
SpeakerBio:Omar Ωr\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68547),('1_Thursday','08','08:00','08:59','N','RTV','','\'The Bug Hunter’s Methodology\'','\'Jason Haddix\'','RTV_a0ecadb98994747729ca6206ef748f6c','\'Title: The Bug Hunter’s Methodology
\nWhen: Thursday, Aug 6, 08:00 - 08:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Jason Haddix\n
\nJason Haddix is the Head of Security for a leading videogame production company. Previously he was VP of Trust and Security at Bugcrowd and currently holds the 29th all-time ranked researcher position. Before joining Bugcrowd Jason was the Director of Penetration Testing for HP Fortify and also held the #1 rank on the Bugcrowd leaderboard for two years. He is a hacker and bug hunter through and through and specializes in recon and web application analysis. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason lives in Colorado with his wife and three children.Â
\n\n
\nDescription:
\nThe Bug Hunter’s Methodology is an ongoing yearly installment on the newest tools and techniques for bug hunters and red teamers. This version explores both common and lesser-known techniques to find assets for a target. The topics discussed will look at finding a targets main seed domains, subdomains, IP space, and discuss cutting edge tools and automation for each topic. By the end of this session a bug hunter or red team we will be able to discover and multiply their attack surface. We also discuss several vulnerabilities and misconfigurations related to the recon phase of assessment.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68548),('1_Thursday','09','09:15','10:15','N','RTV','','\'Securing AND Pentesting the Great Spaghetti Monster (k8s)\'','\'Kat Fitzgerald\'','RTV_815dd86552e6bbaeeed548d2432eaf37','\'Title: Securing AND Pentesting the Great Spaghetti Monster (k8s)
\nWhen: Thursday, Aug 6, 09:15 - 10:15 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Kat Fitzgerald\n
\nBased in Pittsburgh and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral Pop Tarts and have the only Pop Tart Sanctuary in the Pittsburgh area.
\n\n
\nDescription:
\nWe\'ve all heard of it - Kubernetes - but do you really know what it is and, more importantly, how to set it up securely? The Great Spaghetti Monster isn’t too difficult to secure if you just stop and use common sense (wait, WHAT?) security best practices. These techniques are for everyone - even those who have been playing with Kubernetes for some time.\n
Let’s talk about Docker, baby!\n
You have to start somewhere, and containers are the place. Next, let’s intro Kubernetes and the magic world of orchestration and what it really means to orchestrate containers. A quick recorded demo of my raspberry pi cluster will be shown here.\nAs the brief Kubernetes demo concludes, it’s time to bring in security by demonstrating the security plug-ins and tools used. Techniques are shown for best-in-show k8s security configuration. Remember this concept - “Common Sense� Let’s see if we can apply it with some best practices and build out the secure cluster. The focus on this is security threats to a Kubernetes cluster, containers and the apps deployed. A review of typical attack vectors in containers and Kubernetes clusters are shown with fun and exciting(?) pentesting tools specifically formulated for k8s. Now the fun begins - we have secured our cluster and our containers but how can we be sure? Let’s put our blue-skills to the test with some red-skills and pentest our cluster. It’s time to present some live security testing tools that are best suited for testing k8s. This is where the rubber meets the road, or in this case, where, wait for it —– common sense prevails!!\n
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68549),('1_Thursday','10','09:15','10:15','Y','RTV','','\'Securing AND Pentesting the Great Spaghetti Monster (k8s)\'','\'Kat Fitzgerald\'','RTV_815dd86552e6bbaeeed548d2432eaf37','\'\'',NULL,68550),('1_Thursday','10','10:30','11:30','N','RTV','','\'Guerrilla Red Team: Decentralize the Adversary\'','\'Christopher Cottrell\'','RTV_0855456ac9f61466129689057e0f860d','\'Title: Guerrilla Red Team: Decentralize the Adversary
\nWhen: Thursday, Aug 6, 10:30 - 11:30 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Christopher Cottrell\n
\nChristopher Cottrell is a security engineer and leader, focusing most of my career on offensive operations. I have built red teams, contributed to published works, open-sourced tools, and publicly discussed adversarial techniques. When I am not doing operations, I am refining long term strategy, uplifting the security community through red team mentoring programs, or learning about new adversarial techniques.Â
\n\n
\nDescription:
\n\"Guerrilla Red Team is a methodology by which a company can grow security IQ, technical expertise, and security brainpower, resulting in an internal mesh network of trusted decentralized ethical hackers. The program requires minimal capital investment from the hosting red team. It achieves its primary goals through weekly group mentorship hosted during a four-hour block, once per week, during the workday. It forms a peer network in which guerrilla operators share ideas and techniques, and ultimately grow technically and professionally as a unit. Members of the program come from various technical disciplines, but not necessarily security-focused verticals. The cohort of five to six members follows a nine-week syllabus that takes them from someone with minimal red team experience to autonomous operations. Guerrilla Operators will have a regular cadence of operations, which will require deconfliction from the parent red team to only ensure there are no safety concerns with the proposed target. Expected outcomes for the nine-week cohort are as follows: Guerrilla operators are armed with the skills to continue their red team learning, as well as a support network for challenging tasks The parent red team has an expanded network of internal, trusted, ethical hackers. This strengthens idea generation for campaigns, and enables communication through the use of a shared and common technical language. Over time, the Guerrilla Red Team provides a steady flow of trained homegrown red team operators or security analysts The company itself benefits by having security-focused mindsets placed throughout technical disciplines, resulting in staff that are poised to ward off attacks by thinking like an attacker, functioning similarly to security-focused Site Reliability Engineers (SRE) Provides the company with verification that their security program and infrastructure are as robust as they say it is through the use of decentralized, independent low-tier actors attacking the network: an Offsec ChaosMonkey Provides the guerrilla operators real world, hands on experience in a career field that is hard to break into outside of the Federal pipeline \"
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68551),('1_Thursday','11','10:30','11:30','Y','RTV','','\'Guerrilla Red Team: Decentralize the Adversary\'','\'Christopher Cottrell\'','RTV_0855456ac9f61466129689057e0f860d','\'\'',NULL,68552),('1_Thursday','11','11:45','12:45','N','RTV','','\'Evil Genius: Why you shouldn\'t trust that keyboard\'','\'Farith Perez,Mauro Cáseres\'','RTV_56df6ee1b5e8a752dd68285544ff02c8','\'Title: Evil Genius: Why you shouldn\'t trust that keyboard
\nWhen: Thursday, Aug 6, 11:45 - 12:45 PDT
\nWhere: Red Team Vlg
\nSpeakers:Farith Perez,Mauro Cáseres
\n
SpeakerBio:Farith Perez\n
\nNo BIO available
\n
SpeakerBio:Mauro Cáseres\n
\nMauro Cáseres (@mauroeldritch) is an argentine hacker and speaker. He spoke at DEF CON 26 Las Vegas (Recon & Data Duplication Villages), DevFest Siberia, DragonJAR Colombia, Roadsec Brasil, and DC7831 Nizhny Novgorod. Currently working as SecOps for the Argentine Ministry of Production.
\nTwitter: @mauroeldritch
\n\n
\nDescription:No Description available
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68553),('1_Thursday','12','11:45','12:45','Y','RTV','','\'Evil Genius: Why you shouldn\'t trust that keyboard\'','\'Farith Perez,Mauro Cáseres\'','RTV_56df6ee1b5e8a752dd68285544ff02c8','\'\'',NULL,68554),('1_Thursday','13','13:00','13:59','N','RTV','','\'Combining notebooks, datasets, and cloud for the ultimate automation factory\'','\'Ryan Elkins\'','RTV_952e3ecb7188b559de6503aed05dd421','\'Title: Combining notebooks, datasets, and cloud for the ultimate automation factory
\nWhen: Thursday, Aug 6, 13:00 - 13:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Ryan Elkins\n
\nRyan Elkins leads the cloud security architecture program for Eli Lilly and Company. Elkins has over 12 years of security experience leading programs across the financial, insurance, and pharmaceutical industries. Throughout his career, he has developed cloud and application security programs, managed a global security services center, performed security consulting, and has led a global information security program. Elkins holds the CISSP and CCSP certifications, a bachelors degree in Computer Technology, and a masters degree in Information Security.
\n\n
\nDescription:
\nThe technological landscape is rapidly transforming into a data driven, automated, and measured ecosystem. Cloud is an enabler for businesses to become more agile, scalable, and global to maintain a competitive advantage.\nThere are numerous opportunities for red teamers to adopt these same modern strategies to level up their skills, platforms, and yes, even reporting. Attendees will learn how to begin integrating cloud capabilities, scientific notebooks, and aggregated datasets into a highly efficient operating model. We will walkthrough cloud technologies including AWS SageMaker, Athena, Lambda, and API Gateway to build an end-to-end ecosystem of automation. This session will provide demos, accelerators, and code releases to make both routine processes and innovative techniques faster, repeatable, and scalable. \"
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68555),('1_Thursday','14','14:15','15:15','N','RTV','','\'Deep Dive into Adversary Emulation - Ransomware Edition\'','\'Jorge Orchilles\'','RTV_a4c824557d65bae87a1825f38273c621','\'Title: Deep Dive into Adversary Emulation - Ransomware Edition
\nWhen: Thursday, Aug 6, 14:15 - 15:15 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Jorge Orchilles\n
\nJorge Orchilles is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project. He led the offensive security team at Citi for over 10 years; a SANS Certified Instructor; author of Security 564: Red Team Exercises and Adversary Emulation; founding member of MITRE Engenuity Center of Threat-Informed Defense; CVSSv3.1 working group voting member; co-author of a Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry; ISSA Fellow; and NSI Technologist Fellow. Jorge holds post-graduate degrees from Stanford and Florida International University in Advanced Computer Security & Master of Science.Â
\n\n
\nDescription:
\nA day hardly goes by without hearing about another ransomware attack. This talk will focus on how to emulate a ransomware attack without introducing risk. We will understand how ransomware works, learn how criminals are evolving to get paid, create an adversary emulation plan that is safe but valuable for enterprises, and discuss how to defend against ransomware attacks.\n
Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement.\n
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68556),('1_Thursday','15','14:15','15:15','Y','RTV','','\'Deep Dive into Adversary Emulation - Ransomware Edition\'','\'Jorge Orchilles\'','RTV_a4c824557d65bae87a1825f38273c621','\'\'',NULL,68557),('1_Thursday','15','15:30','16:30','N','RTV','','\'Introducing DropEngine: A Malleable Payload Creation Framework\'','\'Gabriel Ryan\'','RTV_d8192d4e739afcd4ac51f0582104651f','\'Title: Introducing DropEngine: A Malleable Payload Creation Framework
\nWhen: Thursday, Aug 6, 15:30 - 16:30 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Gabriel Ryan\n
\nGabriel Ryan is an offensive security engineer at SpecterOps with nearly 8 years of programming experience in C and Python. Previously, he worked at Gotham Digital Science, where he was heavily involved in their research program GDS Labs. He is the creator and active developer of EAPHammer, a weaponized version of hostapd for performing rogue access point attacks against WPA/2-EAP networks. He is also credited with the first working bypass of 802.1x-2010, along with improvements to existing techniques for bypassing 802.1x-2004. Gabriel\'s most recent research involved novel proof-of-concept attacks against WPA3\'s \"Enhanced Open.\" His current endeavors involve deep dives into Kerberos abuse on both Windows and Linux platforms.
\n\n
\nDescription:
\nIn this talk, we\'ll introduce DropEngine -- a modular framework for creating malleable initial access payloads (also known as \"droppers\" or \"shellcode runners\").\n
Initial access payloads serve a deceptively simple purpose: loading implants from disk into memory. However, a number of obstacles stand in the way of this seemingly mundane task. To start with, the payload must safely be delivered to its intended target (usually via spearphishing). During delivery, the payload is exposed to signature-based detections and analyzed from within an automated sandbox. The payload must then be saved to disk without triggering antivirus, and must load the implant into memory without alerting Endpoint Detection and Response (EDR). Due to the widespread use of application whitelisting, payload authors are restricted to languages that are compatible with \"Live Off the Land Binaries and Scripts\" (LOLBAS), most of which are executed through the Windows Common Language Runtime (CLR). This means that most payloads must also contend with Microsoft\'s Anti-Malware Scan Interface (AMSI). Finally, the payload must be able to withstand analysis by threat hunters and reverse engineers. These obstacles are not insurmountable. However, defense evasion techniques tend to have a short shelf-life, and become particularly stale after repeated use. Because of this, payloads are often prepared on a per-engagement basis, which is hardly an easy feat when done by hand. DropEngine addresses this problem by providing a malleable framework for creating shellcode runners. Operators can choose from a selection of components and combine them to create highly sophisticated payloads within seconds. Available payload components include crypters, execution mechanisms, and environmental and remote keying functions. Also included are pre-execution modules such as sandbox checks and AMSI bypasses, as well cleanup modules that execute after the implant is loaded into memory. DropEngine comes pre-packaged with example modules that are more than sufficient to bypass signature and heuristic-based detections at the time of writing. However, DropEngine\'s true strength is that it improves operational efficiency by providing a high degree standardization, while allowing operators to control just about every aspect of the payload\'s signature and behavior.\n
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68558),('1_Thursday','16','15:30','16:30','Y','RTV','','\'Introducing DropEngine: A Malleable Payload Creation Framework\'','\'Gabriel Ryan\'','RTV_d8192d4e739afcd4ac51f0582104651f','\'\'',NULL,68559),('1_Thursday','18','18:00','18:59','N','RTV','','\'What college kids always get wrong, the art of attacking newbies to blueteam\'','\'Forrest Fuqua\'','RTV_53e9f6adb30f9e4ee846dc2772b67966','\'Title: What college kids always get wrong, the art of attacking newbies to blueteam
\nWhen: Thursday, Aug 6, 18:00 - 18:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Forrest Fuqua\n
\nForrest Fuqua (JRWR) - JRWR creator of Hatchan, 3 years of NECCDC (Collegiate Cyber Defense Competition) Redteam, and defense industrial base cybersecurity pentester / auditor has been seeing all the mistakes everyone is making and works hard to try and get people to understand why its important to get your shit together.
\n\n
\nDescription:
\nI’ve done a few years at NECCDC (Collegiate Cyber Defense Competition) Red team and teams make the same mistakes over and over again with the approach of trying to harden a system that is so far compromised that it\'s better if they could just reinstall everything. \n
This talk I will detail things that have worked and not worked over the last three years that everyone seems to miss and grounds the fact that the simpler the attack. the overall better you will have in endpoints responding home. Managing rapid response to teams who are actively dealing with your malware and other tidbits.\n
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68560),('1_Thursday','19','19:15','20:15','N','RTV','','\'Android Malware Adventures\'','\'Kürşat Oğuzhan Akıncı,Mert Can Coşkuner\'','RTV_3aea1492db6c9bbdd7d098bc0e2dcbb5','\'Title: Android Malware Adventures
\nWhen: Thursday, Aug 6, 19:15 - 20:15 PDT
\nWhere: Red Team Vlg
\nSpeakers:Kürşat Oğuzhan Akıncı,Mert Can Coşkuner
\n
SpeakerBio:Kürşat Oğuzhan Akıncı\n
\nKürÅŸat OÄŸuzhan Akıncı is a Security Engineer at Trendyol. He is also a team leader of Blackbox Cyber Security which is Turkey\'s first cyber security volunteer group, coordinator and mentor of Turkcell CyberCamp and Turkish Airlines CyberTakeOff. In his free time KürÅŸat is performing security researches in the form of bug bounty in which he has found several vulnerabilities in critical institutions such as NSA as well as helping Mert Can to break into C&Cs.
\n
SpeakerBio:Mert Can CoÅŸkuner\n
\nMert Can CoÅŸkuner is a Security Engineer at Trendyol. He is maintaining a Penetration Testing and Malware Analysis blog at medium.com/@mcoskuner. In his free time Mert Can is performing mobile malware research and threat intelligence.
\n\n
\nDescription:
\nAndroid malware is evolving every day and they are everywhere, even in Google Play Store. Malware developers have found ways to bypass Google\'s Bouncer as well as antivirus solutions and many alternative techniques to operate like Windows malware do. Using benign looking application working as a dropper is just one of them. This talk is about android malware on Google Play Store and targeting Turkey. The talk will cover;\nTechniques to Analyze Samples: Unencrypted samples are often used to retrieve personal informations to sell and do not have obfuscation. Encrypted samples however are used for much sophisticated tasks like stealing banking information. They decrypt themselves by getting the key from a twitter account who owned by the malware developer and operate by communicating with the C&C. Also, most banking samples are using techniques like screen injection and dependency injection which is mostly used by android application developers. \nBypassing Anti- Techniques: To be able to dynamically analyze the sample, defeating anti- techniques are often needed. We will introduce some (known) Frida scripts to be able to defeat common anti- checks malware uses. \nExtracting IoCs: Extracting twitter account as well as C&C from encrypted samples are often critical to perform threat intelligence over samples. Extracting IoCs while assets are still active was crucial for our research since we are also aiming to takeover C&Cs. We will introduce (known) automatization technique to extract twitter account, decryption key and C&C address. \n4. Extract Stolen Information from C&Cs: \nIn order to extract information from C&C, one should act swiftly. The speed of extraction process is critical since the actors change C&Cs often. We will give a detailed walkthrough about how we approach C&Cs as a target and extract the informations.\nThe samples and informations in the talk is the product of our researches over many bankbot samples as well as other Turkish malware developer actors\' samples.\nDetailed talk outline
\n• Google Play Store and Malware
\n• Common Android Malware Types
\n• Campaigns Aiming Turkish Users
\n• How To Approach An Android Malware — Techniques to Analyze\n• How To Approach An Android Malware — Defeating Anti- Techniques\n• How To Approach An Android Malware — Decrypting Bankbots\n• How To Approach An Android Malware — IoC Extraction\n• C&Cs — What Are They
\n• C&Cs — How To Infiltrate and Extract Information
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68561),('1_Thursday','20','19:15','20:15','Y','RTV','','\'Android Malware Adventures\'','\'Kürşat Oğuzhan Akıncı,Mert Can Coşkuner\'','RTV_3aea1492db6c9bbdd7d098bc0e2dcbb5','\'\'',NULL,68562),('1_Thursday','20','20:30','21:30','N','RTV','','\'Making Breach and Attack Simulation Accessible and Actionable with Infection Monkey - from IT to the C-suite\'','\'Shay Nehmad\'','RTV_c9aa0be2fe6f1f02a17fe41924eb25c8','\'Title: Making Breach and Attack Simulation Accessible and Actionable with Infection Monkey - from IT to the C-suite
\nWhen: Thursday, Aug 6, 20:30 - 21:30 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Shay Nehmad\n
\nShay Nehmad is a lead developer at Guardicore, where he is working on the Infection Monkey, an open-source breach and attack simulation tool. Over the last few years in the IDF, Shay amassed extensive experience in both Information Security and Software Development.
\n\n
\nDescription:
\nOftentimes one of the greatest challenges for security professionals today is finding a way to effectively communicate the state of a network’s security posture, and what steps are necessary to achieve the organization’s security goals. Red teamers are already familiar with executing a typical Breach and Attack simulation, but how can they take greater advantage of their findings, and better yet, share those with the C-suite? \nThe Infection Monkey is a mature, widely-used Open Source GPLv3 licensed tool specifically developed for enterprise red teams. Designed to test an organization’s detection and response methods and teams, the Monkey simulates all steps of an attack by mimicking a variety of adversary moves such as scanning, exploitation, lateral movement, password stealing, network mapping, security control bypass and more. \nOverall, the Infection Monkey’s simulation reveals it contains a lot of stages one might find in a manual penetration test (or in a real attack). The Monkey is easily configurable, and starts from a single machine and propagates according to the test scenario while collecting data, employing attack tactics, performing security tests and looking for more machines to attack. The results are generated in real-time, shown in a network map and also presented in 3 detailed reports. With the Monkey, red teams can autonomously test specific parts of the network with multiple attack scenarios on a regular basis - like executing a lateral movement scenario from an internet-facing server to a sensitive system deployed in a different part of the network.\nFurther, the Monkey maps its findings to both the MITRE ATT&CK knowledgebase and Forrester’s Zero Trust framework to provide in-depth reports with actionable recommendations for achieving a stronger security posture. When mapping to the Zero Trust framework, the report identifies and prioritizes the steps and decisions required to achieve a true Zero Trust network - whether that’s verifying that the current security stack meets Zero trust requirements or outlining specific actions that blue teams can perform to implement better security measures. By mapping the reports to MITRE ATT&CK, the Monkey communicates the results of the attack in plain language, making the advanced tool accessible and effective for any red team. These reports enable security professionals to address and improve their security posture using the metrics, methods, and ideas they already care about aka if your CISO wants to achieve Zero Trust, their team can clearly map out the steps required to get there with the Monkey’s reports.\nIn this talk, Penetration Testers, Network Engineers, Exploit Developers, and other Security professionals will experience a typical Breach & Attack simulation through the lens of the Monkey to learn how open source solutions can improve and add efficiencies to their teams. Shay will take attendees through a demo of Infection Monkey to demonstrate a typical “before and after†scenario with the Monkey. He will run the Monkey in a test environment, aka the “before,†to identify security gaps and then mitigate the issues using advice offered by the Monkey’s reporting. Finally, Shay will run the Monkey in the “after†environment to show how effective this Breach and Attack simulation can be in strengthening security posture.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68563),('1_Thursday','21','20:30','21:30','Y','RTV','','\'Making Breach and Attack Simulation Accessible and Actionable with Infection Monkey - from IT to the C-suite\'','\'Shay Nehmad\'','RTV_c9aa0be2fe6f1f02a17fe41924eb25c8','\'\'',NULL,68564),('1_Thursday','21','21:45','22:45','N','RTV','','\'Android Application Exploitation\'','\'Kyle Benac (aka @B3nac)\'','RTV_8997820996e2e5358154c629bc09fa43','\'Title: Android Application Exploitation
\nWhen: Thursday, Aug 6, 21:45 - 22:45 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Kyle Benac (aka @B3nac)\n
\nKyle Benac (aka @B3nac) currently works as a full time Security Researcher at Acronis SCS. Prior to this, he obtained his Bachelors of Science in Software Development and Security while active duty Air Force. He really enjoys hacking Android applications and participating in bug bounty programs. Creator of the InjuredAndroid Capture the Flag (CTF) training application and developer of HackerOne’s BountyPay Android application. Listed as a Top Contributor for the OWASP mobile security testing guide with over 58 contributions to the manual.Â
\nTwitter: @B3nac
\n\n
\nDescription:
\nAndroid applications are treasure chests of potential bugs waiting to be discovered. Having a structured, streamlined approach greatly improves your efficiency and assessment accuracy. This talk will go over methods used to identify the type of mobile framework to better assess possible attack vectors. Examples will be provided to demonstrate how to exploit those vectors.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68565),('1_Thursday','22','21:45','22:45','Y','RTV','','\'Android Application Exploitation\'','\'Kyle Benac (aka @B3nac)\'','RTV_8997820996e2e5358154c629bc09fa43','\'\'',NULL,68566),('1_Thursday','23','23:00','23:59','N','RTV','','\'Offensive Embedded Exploitation : Getting hands dirty with IOT/Embedded Device Security Testing\'','\'Kaustubh Padwad\'','RTV_5222bb2ce36e562c0e32c6ef1bc956a5','\'Title: Offensive Embedded Exploitation : Getting hands dirty with IOT/Embedded Device Security Testing
\nWhen: Thursday, Aug 6, 23:00 - 23:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Kaustubh Padwad\n
\nKaustubh is a Product security Assurance Manager at Reliance Jio Platform limited, his main work include Securing JIO’s Cutting Edge Enterprise, Consumer, and SMB(small,Medium,Big) business products. His main area of interest is Device security,Reverse engineering, discovering RCE,Priv-esc bugs in proprietary or close source devices. He was Null champion, He had deliver more than dozens of talk in null meet and he was champion for 3 years in null community. Also he was a speaker at Owasp SeaSide 2020,Bsides Boston 2020. Some of his works are published in SecurityWeek, ExploitDB, 0day.today and have more than Dozens of CVE, Recently he was the winner of SCADA CTF @ nullcon 2019.
\n\n
\nDescription:
\nThe world is moving towards smart culture everything nowadays is smart, and mostly all are those smart devices are basically embedded devices with internet connectivity or some provision to connect with the internet. Since these devices are booming in market this also tempting lots of people/groups for hacking. In this 1 hour talk we will discuss how to test the embedded/IoT devices, it would give you a methodology for assessment, how to perform firmware analysis, identifying vulnerable components, basic approach for reverse engineering the binaries to discover potential remote code execution, memory corruption vulnerabilities by looking for native vulnerable functions in C or bad implementation of functions like System, popen, pclose etc. After conducting static analysis, firmware analysis we will move towards dynamic testing approach which include web application testing, Underlying OS security testing, identifying vulnerabilities and misconfiguration in device. At last we will move towards fuzzing the device via web application parameters and installing appropriate debugger on device to identify memory corruption vulnerabilities.\n
DELIVERABLES
\nMethodology for testing embedded devices\nDeep dive into device security testing from beginner level to developing exploit\nAnd At last, a good intro into how to break known security boundary of embedded/IoT devices by knowing its weakness and thereby securing it.\n
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68567),('2_Friday','07','07:30','07:59','N','RTV','','\'Red Team Village Opening Remarks\'','\'Joseph Mlodzìanowskì (cedoXx),Omar Ωr\'','RTV_51e0d1312c1c7bb9e51997fc0672368d','\'Title: Red Team Village Opening Remarks
\nWhen: Friday, Aug 7, 07:30 - 07:59 PDT
\nWhere: Red Team Vlg
\nSpeakers:Joseph Mlodzìanowskì (cedoXx),Omar Ωr
\n
SpeakerBio:Joseph Mlodzìanowskì (cedoXx)\n
\nNo BIO available
\nTwitter: @cedoxX
\n
SpeakerBio:Omar Ωr\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68568),('2_Friday','09','09:15','10:15','N','RTV','','\'Red Teaming: Born from the Hacker Community\'','\'Chris Wysopal\'','RTV_4c2b7e90f30ea56d7b5850407e5bf722','\'Title: Red Teaming: Born from the Hacker Community
\nWhen: Friday, Aug 7, 09:15 - 10:15 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Chris Wysopal\n
\nChris Wysopal is currently Veracode\'s CTO and Co-Founder. He is responsible for the company\'s software security analysis capabilities. One of the original vulnerability researchers and a member of L0pht Heavy Industries, Chris has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He published his first advisory in 1996 on parameter tampering in Lotus Domino and has been trying to help people not repeat this type of mistake for 15 years. Back in 1997 he first got paid for hacking someone else\'s network and later a company\'s web application. Chris was hooked and has been performing security testing one way or another since.
\n\n
\nDescription:No Description available
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68569),('2_Friday','10','09:15','10:15','Y','RTV','','\'Red Teaming: Born from the Hacker Community\'','\'Chris Wysopal\'','RTV_4c2b7e90f30ea56d7b5850407e5bf722','\'\'',NULL,68570),('2_Friday','08','08:00','08:59','N','RTV','','\'Knock knock, who\'s there? Identifying assets in the cloud\'','\'Tanner Barnes (aka @_StaticFlow_),NahamSec\'','RTV_4b00f6f1d340dc5bbd58a19280ffe90a','\'Title: Knock knock, who\'s there? Identifying assets in the cloud
\nWhen: Friday, Aug 7, 08:00 - 08:59 PDT
\nWhere: Red Team Vlg
\nSpeakers:Tanner Barnes (aka @_StaticFlow_),NahamSec
\n
SpeakerBio:Tanner Barnes (aka @_StaticFlow_)\n
\nTanner Barnes (aka @StaticFlow) Software engineer and hacker who develops tools for the Cyber Security world. You can find the tools I build on stream here at https://github.com/Static-Flow
\nTwitter: @_StaticFlow_
\n
SpeakerBio:NahamSec\n
\nNahamSec currently works as the Head of Hacked Education at HackerOne by day, and a hacker by night. He has helped identify and exploit over 600 security vulnerabilities across 100+ of web and mobile applications for companies such as Yahoo, Google, Airbnb, Snapchat, The US Department of Defense, Yelp, and more. He also cofounded Bug Bounty Forum, a community of 500+ active hackers sharing ideas and their experiences. He also streams live hacking on Twitch, and create educational content about hacking on YouTube.Â
\n\n
\nDescription:
\nIdentifying and enumerating assets has become incredibly easy thanks to all the tools that have been released in the past few years, but being the first to a new target can be the difference between a P1 and a Duplicate! This talk will cover how we were able to monitor, fingerprint, and catalog cloud assets at a rate of over 200 thousand hosts a second in an attempt to find bounty targets and the bugs within them before anyone else.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68571),('2_Friday','10','10:30','11:30','N','RTV','','\'Panel: The Joy of Coordinating Vulnerability Disclosure\'','\'Daniel Gruss,CRob,Lisa Bradley,Katie Noble,Omar Santos, Anders Fogh\'','RTV_35d4f586427a4141fecb7aa215df784a','\'Title: Panel: The Joy of Coordinating Vulnerability Disclosure
\nWhen: Friday, Aug 7, 10:30 - 11:30 PDT
\nWhere: Red Team Vlg
\nSpeakers:Daniel Gruss,CRob,Lisa Bradley,Katie Noble,Omar Santos, Anders Fogh
\n
SpeakerBio:Daniel Gruss\n, TU Graz
\nNo BIO available
\n
SpeakerBio:CRob\n, Red Hat
\nNo BIO available
\n
SpeakerBio:Lisa Bradley\n, Dell
\nNo BIO available
\n
SpeakerBio:Katie Noble\n, Intel Corp
\nKatie currently serves as a Director of PSIRT and Bug Bounty at Intel Corp. Where she leads the cyber security vulnerability Bug Bounty program, researcher outreach, and strategic planning efforts. Previous to this position, Katie served as the Section Chief of the Vulnerability Management and Coordination at the Department of Homeland Security, Cyber and Infrastructure Security Agency (CISA) where she led DHS’ primary operations arm for coordinating the responsible disclosure and mitigation of identified cyber vulnerabilities in control systems, enterprise, hardware and software. Katies team is credited by the Secretary of Homeland Security with the coordination and public disclosure of over 20,000 cyber security vulnerabilities within a two year period. Katie is a highly accomplished manager with over 14 years of U.S. Government experience, both in the Intelligence Community and Cyber Security Program Management. She has operated at all levels from individual contributor as an Intelligence Analyst for the National Intelligence Community to Senior Policy Advisor for White House led National Security Council (NSC) Cyber programs. Her work has directly impacted the decision making of the NSC, Defense Information Systems Agency, Office of the Director of National Intelligence, Department of Defense, Federal Communications Commission, Central Intelligence Agency, U.S. Coast Guard, U.K.Ministry of Defense, Canadian Government agencies, and Australian Cabinet Ministry.
\n
SpeakerBio:Omar Santos\n, Cisco
\nOmar Santos is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar is the author of over 20 books and video courses; numerous white papers, and other articles. Omar is a Principal Engineer of Cisco’s Product Security Incident Response Team (PSIRT) where he mentors and lead engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar is often presenting at many conferences and he is the co-lead of the DEF CON Red Team Village.
\nTwitter: @santosomar
\n
SpeakerBio: Anders Fogh\n, Intel
\nNo BIO available
\n\n
\nDescription:
\nUnder the best of circumstances, coordinating disclosure of vulnerabilities can be a challenge. At times it can feel like everyone involved in CVD has conflicting motivations. The truth is that all of us are aspiring to do the right thing for end-users based on our perspective. The panel will share experiences and show how researchers and technology companies can work together to improve the impact of disclosing vulnerabilities on the technology ecosystem. Join CRob (Red Hat), Lisa Bradley (Dell), Katie Noble (Intel), Omar Santos (Cisco), Anders Fogh (Intel) and Daniel Gruss (TU Graz) for an exciting and engaging dialog between security researchers and industry experts on the Joy of coordinating vulnerability disclosure.\n
Presentation Outline
\nThis will be an interactive session between the panelists. The following questions are seeds for what will be a dynamic and lively discussion:\nWhat does CVD mean to you and what is your motivation to disclose?\nWhat benefits have the panelists seen in coordinating vulnerability disclosure?\nWhat problems have you had with CVD?
\nHow does CVD work in open source projects?\nHow do you prepare for coordinated vulnerability disclosure and what challenges do you face?\nHow could researchers and industries work better together?\n
Takeaways
\nLearn about the exciting world of Coordinated Vulnerability Disclosure.\nHear from experts from both the research community as well as the vendors they report issues to.\nLearn from the coordination mistakes from the past to not repeat them in the future.\nLearn about the current struggles with CVD and what needs to be done to improve CVD.\n
Problem to solve
\nThe hope is that this constructive interaction will remove some of the impediments of relationships between product developers and security researchers. The goal is to open a door for dialogue that will bring more stability in the experiences we all have in coordinating vulnerability disclosure. All technology users are impacted by security vulnerabilities, how those issues are communicated and dealt with are critical to impacted individuals and organizations to effectively manage the information security risk. The panel hopes to show \"both sides\" of the issue and highlight our different perspectives, and ideally showcase we\'re all working to help secure end-users around the globe. \n
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68572),('2_Friday','11','10:30','11:30','Y','RTV','','\'Panel: The Joy of Coordinating Vulnerability Disclosure\'','\'Daniel Gruss,CRob,Lisa Bradley,Katie Noble,Omar Santos, Anders Fogh\'','RTV_35d4f586427a4141fecb7aa215df784a','\'\'',NULL,68573),('2_Friday','11','11:45','12:45','N','RTV','','\'How to hack SWIFT, SPID, and SPEI with basic hacking techniques (from a Red Team Perspective)\'','\'Guillermo Buendia\'','RTV_36e8c6aabb02a904f8d67c21b38913d8','\'Title: How to hack SWIFT, SPID, and SPEI with basic hacking techniques (from a Red Team Perspective)
\nWhen: Friday, Aug 7, 11:45 - 12:45 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Guillermo Buendia\n
\nGuillermo Buendia is a Red Team Lead in one of the biggest insurance companies in the USA, he has worked for many Financial Institutions for the last 8 years.  He has presented his previous research in DEF CON, BSidesLV, BSides Manchester, Hackfest, etc.
\n\n
\nDescription:
\nBack in 2018, Financial entities in Mexico were hit by one of the biggest cybersecurity breaches in the history of Mexico, and in 2019 \"The Bandidos Hacker Team\", who allegedly committed the crime, were captured. But do you really need to be a 1337 H4x0r to compromise those systems? In this talk, I will be sharing (from a Red Team Perspective) How I was compromising the SWIFT, SPID, and SPEI systems in a Financial Institution until I gained root access to all the systems using basic hacking techniques like the pretty good old 1337 days. For the blue teamers, I will be sharing ways to detect these techniques that, although may appear simple, they pose a very challenging scenario to create a detection.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68574),('2_Friday','12','11:45','12:45','Y','RTV','','\'How to hack SWIFT, SPID, and SPEI with basic hacking techniques (from a Red Team Perspective)\'','\'Guillermo Buendia\'','RTV_36e8c6aabb02a904f8d67c21b38913d8','\'\'',NULL,68575),('2_Friday','13','13:00','13:59','N','RTV','','\'Trust, but Verify: Maintaining Democracy In Spite of Информационные контрмеры\'','\'Allie Mellen\'','RTV_5da47986e4f236465f4813e15b76e1f0','\'Title: Trust, but Verify: Maintaining Democracy In Spite of Информационные контрмеры
\nWhen: Friday, Aug 7, 13:00 - 13:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Allie Mellen\n
\nAllie Mellen - I’ve spent several years in cybersecurity and have been recognized globally for my security research. Over the past year, I have helped organize and execute multiple election security tabletop exercises with participants from the FBI, Secret Service, Department of Homeland Security, and state law enforcement. In these sessions, it’s hackers versus law enforcement as an exercise in what attackers can do to disrupt Election Day and what the government is prepared to do - or should be prepared to do - to stop them.
\n\n
\nDescription:
\nIn this session, we’ll discuss how Russia has influenced worldwide elections using cyberwarfare and how countries have fought back. We’ll understand the natural asymmetry between how countries are able to respond, and how they have changed their approach since 2016.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68576),('3_Saturday','14','14:15','14:59','N','RTV','','\'The Art of Balancing: A Burnout Talk\'','\'Chloé Messdaghi\'','RTV_53404a27a4197bdb1f3f6238246978c0','\'Title: The Art of Balancing: A Burnout Talk
\nWhen: Saturday, Aug 8, 14:15 - 14:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Chloé Messdaghi\n
\nChloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WomenHackerz & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine\'s The Uncommon Journey, and runs the Hacker Book Club.
\n\n
\nDescription:
\nMental health is an ongoing issue within infosec before and during COVID-19. There\'s a fine balance between hacking and personal life. Majority of the time, they cross over. This talk shares an overview of the warning signs, symptoms, and practices to prevent burnout and how to deal with burnout to keep balanced.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68577),('2_Friday','15','15:30','16:30','N','RTV','','\'Yippee-Ki-Yay MFA\'er - Bypassing Multi-Factor Authentication with Real-Time Replay Session Instantiation Attacks\'','\'Justin Hutchens (“Hutchâ€)\'','RTV_29841c13a875a6dd5d07375f2cba5e91','\'Title: Yippee-Ki-Yay MFA\'er - Bypassing Multi-Factor Authentication with Real-Time Replay Session Instantiation Attacks
\nWhen: Friday, Aug 7, 15:30 - 16:30 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Justin Hutchens (“Hutchâ€)\n
\nJustin Hutchens (“Hutchâ€) is a seasoned cyber-security professional who specializes in vulnerability management, attack simulations, penetration testing, and red teaming. In 2008, Hutch began his information security career doing Threat and Vulnerability Management for the United States Air Force. Since separating from the Air Force, he has gone on to lead multiple penetration testing teams in both consulting and internal capacities. He has also achieved a Master’s degree in Computer Security Management and multiple information security certifications to include CISSP, GPEN, GWAPT, and OSCP. Hutch has significant experience in the field and has led assessments in nearly every industry and vertical. He is skilled in coding in Python, JavaScript, PowerShell, and Bash -- and emphasizes the importance of automation for both assessment methodology and development of internal processes.
\n\n
\nDescription:
\nIn the not-too-distance past, it was fairly easy for red-teamers to conquer almost any environment with a combination of password sprays, or by leveraging social engineering to lure victims to fake login sites and harvest their credentials. But in the current landscape, there are new road-blocks to contend with. Nearly every company and organization has now deployed some form of Multi-Factor Authentication (MFA) on their perimeter services. Fortunately, for red-teamers, the vast majority of implementations of MFA across the Internet (email-based, SMS, OTP, and push requests) all share a common critical flaw that can still be easily circumvented using a modern revision of the classic “credential harvesting†attacks. This talk will offer a comprehensive methodology for how a red team can effectively bypass nearly any MFA service using Python-Flask and browser emulation libraries (Mechanize or Selenium) to replay MFA credentials in real-time, establish legitimate user sessions, and then harvest the session tokens to assume access to those compromised sessions. This methodology will prove once again, that the advantage is still square in the hands of the red team, and that even now…ALL YOUR BASE ARE BELONG TO US!!!
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68578),('2_Friday','16','15:30','16:30','Y','RTV','','\'Yippee-Ki-Yay MFA\'er - Bypassing Multi-Factor Authentication with Real-Time Replay Session Instantiation Attacks\'','\'Justin Hutchens (“Hutchâ€)\'','RTV_29841c13a875a6dd5d07375f2cba5e91','\'\'',NULL,68579),('2_Friday','16','16:45','17:45','N','RTV','','\'Enumerating Cloud File Storage Gems\'','\'Michael Wylie\'','RTV_6a7de9807a6a113c038cc545998e0f3b','\'Title: Enumerating Cloud File Storage Gems
\nWhen: Friday, Aug 7, 16:45 - 17:45 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Michael Wylie\n, Director of Cybersecurity Services, Richey May Technology Solution
\nMichael Wylie (Twitter: @TheMikeWylie), MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GMON, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more.
\nTwitter: @TheMikeWylie
\n\n
\nDescription:
\nOrganizational data is rapidly moving to the cloud, but it\'s not always intentional. The shift from on-premise data storage to the cloud constitutes a significant challenge and risk to the modern enterprise. The use of cloud file storage applications is on the rise for both consumer and business systems, which results in interesting data and metadata siting on endpoints. In this talk, we\'ll examine the large footprints of popular cloud file storage applications such as OneDrive and Box - learning what information can be enumerated from each cloud file storage solution. In some scenarios, data can be carved out from cache, restoring sensitive documents no longer on an endpoint.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68580),('2_Friday','17','16:45','17:45','Y','RTV','','\'Enumerating Cloud File Storage Gems\'','\'Michael Wylie\'','RTV_6a7de9807a6a113c038cc545998e0f3b','\'\'',NULL,68581),('2_Friday','18','18:00','18:59','N','RTV','','\'Total E(A)gression\'','\'Alvaro Folgado Rueda\'','RTV_9b008b1e79e80389ec9ae4966740141f','\'Title: Total E(A)gression
\nWhen: Friday, Aug 7, 18:00 - 18:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Alvaro Folgado Rueda\n
\nRebujacker works as a Product Security Engineer at Salesforce. He has multiple years of experience performing penetration tests, security assessment against different technologies, building automation tools for this purpose and performing application level research. In the recent years his field of study has been focused into red teaming and automation. The combination of his application level security and pentesting knowledge leads him to build tools/implants that blends-in better with nowadays cloud infrastructure and application stack of tested organizations. Â Working recently in its main project: Siesta Time Implant Framework for red teamers, presented in last Defcon Red team Village. Last progress includes new persistence and stealthier network modules.
\n\n
\nDescription:
\nDefensive techniques and tools keep getting better and therefore the creation of implants that are not detected is a harder and time consuming task every Red Team operator has to go through. Focusing on the network detection field; recent Intrusion Detection Systems (IDS) that uses new network analysis techniques can detect easily some of our handcrafted implants by analyzing connection fingerprints from both client and server side. In some environments , techniques like Deep Packet Inspection can map our implants to possible threats to be addressed. \nIn this talk, I provide solutions that can be used on implants; a modified TLS Go package that allows circumventing tools like JA3 by providing desired fingerprints that will help to mimic rightful client software, egression to Gmail servers and techniques like steganography/encryption to hide obvious payloads. All these ideas are tailored into a new network modules for the Siesta Time Framework, to help to automate the creation of desired Implants. As a finale, possible new defensive techniques to improve tools like JA3 will be explained.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68582),('2_Friday','19','19:15','20:15','N','RTV','','\'Password cracking beyond 15 characters and under $500\'','\'Travis Palmer\'','RTV_af928dad59ee71f4c1e5ba2961be97d6','\'Title: Password cracking beyond 15 characters and under $500
\nWhen: Friday, Aug 7, 19:15 - 20:15 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Travis Palmer\n
\nTravis Palmer is a Red Team Engineer at Intercontinental Exchange and a certified OSCP and OSCE. Most recently he has been a \"surprise\" backup speaker at DEFCON 27, DEFCON Red Team Village Staff, and a speaker at Wild West Hacking Fest and Cisco Offensive Summit. He is a fan (and sometimes-contributor) of a number of simulator/sandbox video games, and keeper of too many unfinished hardware projects. In his video games he enjoys long assaults on the beach, and dancing jets in the rain.
\n\n
\nDescription:
\nMost of us understand that it is a good idea to tailor an attack to a password policy. That being said, most password policies are fairly homogeneous. Does a minimum eight characters and at least three of four categories for complexity sound familiar? The hashcat-herders among us have prepared well for this endeavor. Many have hoarded hundreds of gigabytes of dumped passwords from hacked sites using these exact kinds of policies. Which means, when the hashes get dumped, sometimes more than half of a domain can be cracked in a single day. So… what if you have to crack passwords written under a different policy, like a paranoid 15 character minimum? Those gigabytes of dictionaries, full of shorter passwords, aren’t going to rockyou into domain admin anymore. It’s time to dive into the hashes with combinations of combinators, purple rain attacks, and word-level linguistically correct Markov chains. Along with the techniques themselves, this presentation will include the real-world results of various cracking attacks against a ~6000 person domain, at a Fortune 500 with a mature security program. As well as some recommendations for policies that allow memorable passwords while actually making them difficult to crack.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68583),('2_Friday','20','19:15','20:15','Y','RTV','','\'Password cracking beyond 15 characters and under $500\'','\'Travis Palmer\'','RTV_af928dad59ee71f4c1e5ba2961be97d6','\'\'',NULL,68584),('2_Friday','20','20:30','21:30','N','RTV','','\'50 Shades of Sudo Abuse\'','\'Tyler Boykin\'','RTV_1fd41f807db9b6ed33e125e3744488bd','\'Title: 50 Shades of Sudo Abuse
\nWhen: Friday, Aug 7, 20:30 - 21:30 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Tyler Boykin\n
\nTyler Boykin is a former 0602 (USMC), hobbyist infosec geek, and is a Security Engineer with By Light Professional IT Services LLC currently developing features for CyberCENTS (a By Light Offering). He currently holds a variety of industry credentials to include OSCE, OSCP, CISSP, CCNP, CCDP, and many others.
\n\n
\nDescription:
\nPrivilege escalation often includes abusing pre-existing features on a system. This talk gives a quick overview of sudo, sudoers, and ways of leveraging misconfigurations to increase access. Included in this talk, are vectors that range from common low-hanging fruit to downright crafty.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68585),('2_Friday','21','20:30','21:30','Y','RTV','','\'50 Shades of Sudo Abuse\'','\'Tyler Boykin\'','RTV_1fd41f807db9b6ed33e125e3744488bd','\'\'',NULL,68586),('2_Friday','21','21:45','22:45','N','RTV','','\'ATTPwn: Adversarial Emulation and Offensive Techniques Collaborative Project\'','\'Fran Ramirez,Pablo Gonzalez\'','RTV_faf4b4bc1a37e81006259eed80bcf337','\'Title: ATTPwn: Adversarial Emulation and Offensive Techniques Collaborative Project
\nWhen: Friday, Aug 7, 21:45 - 22:45 PDT
\nWhere: Red Team Vlg
\nSpeakers:Fran Ramirez,Pablo Gonzalez
\n
SpeakerBio:Fran Ramirez\n
\nFran Ramirez has a University degree in Computing Engineering, a Certificate of higher education in Industrial and Digital Electronics, and a Master\'s degree in Cybersecurity. He has experience working as an IT Senior System Engineer in the USA and Canada, consolidating IT technologies and datacenters. He began working as a Security Researcher at Telefonica and ElevenPaths in 2017. Francisco has also co-written books about Docker and Machine Learning, and been a speaker at Mobile World Congress (Barcelona), Black Hat Europe Arsenal (London), Hacktivity (Hungary), LeHack (Paris) and many other conferences.
\n
SpeakerBio:Pablo Gonzalez\n
\nPablo Gonzalez has a University degree in Computing Engineering and Master\'s degree in Cybersecurity. He has presented at Black Hat Europe Arsenal (2017, 2018, 2019), BlackHat USA Arsenal 2020, EkoParty 2018, 8dot8 Chile, DragonJAR Colombia, RootedCON, LeHACK 2019, etc. He is a Microsoft MVP 2017-2020. Pablo has written several computer security books, including Metasploit for Pentesters, Ethical Hacking, Pentesting with Kali, Metasploit hacking, Got Root and PowerShell pentesting. He is also a co-founder of flu-project and the founder of hackersClub. With more than 10 years working in cybersecurity and teaching several masters in cybersecurity in Spain, he is currently working as Project/Team Manager and Security Researcher at Telefonica (Ideas Locas department).
\n\n
\nDescription:
\nATTPwn is a computer security open source tool designed to emulate adversaries. The tool aims to bring emulation of a real threat into closer contact with implementations based on the techniques and tactics from the MITRE ATT&CK framework. The goal is to simulate how a threat works in an intrusion scenario, where the threat has been successfully deployed. It is focused on Microsoft Windows systems through the use of the Powershell command line. This enables the different techniques based on MITRE ATT&CK to be applied. ATTPwn is designed to allow the emulation of adversaries as for a Red Team exercise and to verify the effectiveness and efficiency of the organization\'s controls in the face of a real threat. \nFurthermore, ATTPwn provides the possibility of knowledge transfer between users. This knowledge is exchanged through implementation of ATT&CK techniques. This new user-generated knowledge can be shared with the community through a special feature within ATTPwn. The collaborative part of ATTPwn enhances the know-how that every users can bring to the community in the shape of offensive techniques, which are always being mapped with ATT&CK.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68587),('2_Friday','22','21:45','22:45','Y','RTV','','\'ATTPwn: Adversarial Emulation and Offensive Techniques Collaborative Project\'','\'Fran Ramirez,Pablo Gonzalez\'','RTV_faf4b4bc1a37e81006259eed80bcf337','\'\'',NULL,68588),('2_Friday','23','23:00','23:59','N','RTV','','\'ERPwnage - a red team approach to targeting SAP\'','\'Austin Marck\'','RTV_8f16854f731302430b191bfcb66f014a','\'Title: ERPwnage - a red team approach to targeting SAP
\nWhen: Friday, Aug 7, 23:00 - 23:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Austin Marck\n
\nNo BIO available
\n\n
\nDescription:
\nThe crown jewels are ripe for the taking. ERP systems like SAP are being targeted more than ever and red teams need the tools to demonstrate these threats. We\'ll demonstrate the TTPs needed to emulate real threats with lateral movement techniques in, out, and between SAP systems.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68589),('3_Saturday','01','01:00','01:59','N','RTV','','\'Back to the future: Computer science and systems biology \'','\'Dr Lorenz Adlung,Noa Novogroder\'','RTV_42500264ae101a2024754de1da58ba1a','\'Title: Back to the future: Computer science and systems biologyÂ
\nWhen: Saturday, Aug 8, 01:00 - 01:59 PDT
\nWhere: Red Team Vlg
\nSpeakers:Dr Lorenz Adlung,Noa Novogroder
\n
SpeakerBio:Dr Lorenz Adlung\n
\nDr. Lorenz Adlung (@lorenzadlung) obtained his PhD from Heidelberg University in Germany. Since 2017 he\'s a visiting scientist at the Weizmann Institute of Science in Israel working in the field of computational biology, with strong emphasis on both, the computation and the biology. Besides his profession, his main passion is science communication, preferably through poetry and performance.
\n
SpeakerBio:Noa Novogroder\n
\nNoa Novogroder (@noanovo) graduated from the first round of the Israeli cyber security academy and is currently a master student at the Weizmann Institute of Science in Israel. Before turning into biology, she’s worked for several years at Checkpoint, an Israeli high-tech company in the field of cyber security. In her free time, she likes to swim and offer cure to obese mice.
\nTwitter: @noanovo
\n\n
\nDescription:
\nWhich creature implemented code injection 1.5 billion years before any computer malware did? What is the decoding algorithm being used in each of our cells to run the program written in our genes? As computer scientists, we are pushing the edge to develop disruptive technologies for the future. In fact, we can learn from an industry that has been evolving since long before humankind existed: The evolution of biological systems. With our proposal we hope to show the incredible parallels between bacteria and computer malware, the complex algorithms implemented in each of our cells, and how each plays a pivotal role in furthering the research of the other. This lecture will take the audience on an educational journey through both disciplines. This will foster interdisciplinary collaboration and inspire innovative solutions to future challenges for instance in the context of synthetic biology (i.e. creating artificial life), or personalized medicine (i.e. machine learning to treat patients). We are made up of trillions of computational devices. The cells within our body are information-processing units, with memory, storage, cooling and communication devices. Hardware for executable programs was very successfully shaped during the evolution of uncountable biological entities. We are presenting a wormhole between the two parallel universes of computer science and systems biology. A leap through space and time will allow us to connect the evolution of life with recent advances in computer science. An intimate exchange between the computational and the biological spheres is a prerequisite for future generations to work together on aspects of gene editing, robotics and artificial intelligence. As an incentive, we will perform a small quiz during our lecture with attractive prizes. It is our firm belief that we are the right team to foster discussions on life-inspired computer (r)evolution. Lorenz holds a PhD in Systems Biology and works as a freelancing author, consultant and keynote speaker besides being a visiting scientist at the Weizmann Institute of Science, Israel. Noa is a cyber-security expert with seven years of work experience in a high-profile IT company in Israel. Together we will stir an interactive debate on the subject.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68590),('3_Saturday','02','02:15','03:15','N','RTV','','\'Modern Red Team Tradecraft - Informing Defenders by Evolving Your Attackers\'','\'Sajal Thomas\'','RTV_8c87d809d5202bbb6a3b619fe45f16f7','\'Title: Modern Red Team Tradecraft - Informing Defenders by Evolving Your Attackers
\nWhen: Saturday, Aug 8, 02:15 - 03:15 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Sajal Thomas\n
\nSajal Thomas is a Senior Consultant at FireEye Mandiant. He works with the Mandiant Red Team in the Asia Pacific region. Sajal has simulated adversaries and helped secure customers in India, Singapore, Malaysia, Thailand, Japan, Indonesia, Philippines, Hong Kong, Taiwan, Australia, New Zealand, United Kingdom, Germany and the United States which provides him a unique insight into the diverse landscape of the challenges faced by attackers and defenders. In his free time, Sajal enjoys brewing coffee, watching football and reading about nation-state cyber espionage tradecraft.
\n\n
\nDescription:
\nModern attacks against complex network infrastructure highlight a massive gap between state-affiliated cyber espionage attacks and Red Teams. As Red Teams face challenges that real-world attackers do not, replicating the sophisticated threat groups becomes all the more challenging with tight engagement deadlines and report submissions. The talk aims to bridge this gap by providing insights into modern tradecraft employed by the apex predators as well as the coin-miners and ransomware authors. The talk will also discuss the unique relationship between speed and stealth during Red Team operations. Sometimes \"speed is the new stealth\" but with evolved defensive technologies that baseline behaviour of endpoints on the host and network level, slow and steady may be the way to go instead. Additionally, the talk will walk through publicly-known implant design considerations to defeat mature host and network defences. Bleeding-edge credential harvesting techniques and the evolution of running Invoke-Mimikatz.ps1 to digging deep into C/C++ and Win32 API programming will be featured. Lastly, the evolution of a modern Red Team operator/developer/both will be discussed. The skills and mindset required to successfully complete objectives and evade defences have changed over time. A Red Teamer must evolve to be able to inform defence better.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68591),('3_Saturday','03','02:15','03:15','Y','RTV','','\'Modern Red Team Tradecraft - Informing Defenders by Evolving Your Attackers\'','\'Sajal Thomas\'','RTV_8c87d809d5202bbb6a3b619fe45f16f7','\'\'',NULL,68592),('3_Saturday','03','03:30','04:30','N','RTV','','\'Executing Red Team Scenarios with Built-in Scenario Place\'','\'Erdener Uyan,Gökberk Gülgün\'','RTV_9a94b67754faa27e25aa99aa4feb1f2d','\'Title: Executing Red Team Scenarios with Built-in Scenario Place
\nWhen: Saturday, Aug 8, 03:30 - 04:30 PDT
\nWhere: Red Team Vlg
\nSpeakers:Erdener Uyan,Gökberk Gülgün
\n
SpeakerBio:Erdener Uyan\n
\nErdener Uyan has worked in the field of information security for over 10 years as an engineer, researcher, practitioner and educator. His wide-ranging career has spanned many areas of information security, including research and development of very high-assurance, multi-level secure systems for use in government and the military, research and development of cryptographic systems, and general IT security and compliance for commercial organizations in the industries. Uyan earned his PhD degree in Cryptography at the Middle East Technical University.
\n
SpeakerBio:Gökberk Gülgün\n
\nGökberk Gülgün has worked in the field of information security for over 6 years as an engineer, researcher, practitioner and educator. Currently, Offensive security engineer at an industry-leading bank based in the Turkey. Plans and conducts full-scope Red Team engagements that simulate realistic, targeted, attacks. Responsible for performing host infrastructure penetration testing, physical security assessments, web and mobile application testing, social engineering engagements, source code reviews, embedded device assessments, and wireless penetration tests.In the past, he has given several presentations on Malware Analysis, Red Team Operations, discovered 0days and IoT security.
\n\n
\nDescription:
\nRed Team activities are undoubtedly one of the fastest developing solutions against the cyber attacks of today. In this talk, we\'ll take a look at our work on an open-source proactive machine learning powered automation tool that performs red team simulations. This automation tool provides the opportunity to try out all available attack scenarios, thereby helping the community, especially organizations, to develop mechanisms to protect against these attacks before attackers do. Currently, red, blue and purple teams are improving day by day with the contributions made by open source. We will demonstrate the scenario playbook developed to collect the scenarios prepared for the red, blue and purple team on a single scenario place. The aim of this playbook is to protect the systems from such attack vectors, to examine the attack scenarios, to protect their systems by viewing the protection mechanisms and to contribute to these scenarios. With the built-in Scenario Place, people can either run these scenarios or check the scenario configurations on their systems. All scenario titles are prepared in accordance with MITRE and Cyber Kill Chain.\nAll scenarios from various teams such as Atomic Red Team, Mitre and TIBER-EU are fed into the application as input.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68593),('3_Saturday','04','03:30','04:30','Y','RTV','','\'Executing Red Team Scenarios with Built-in Scenario Place\'','\'Erdener Uyan,Gökberk Gülgün\'','RTV_9a94b67754faa27e25aa99aa4feb1f2d','\'\'',NULL,68594),('3_Saturday','04','04:45','05:45','N','RTV','','\'OU having a laugh?\'','\'Petros Koutroumpis\'','RTV_7099bcaf89b007128ff1d8ed7ac87925','\'Title: OU having a laugh?
\nWhen: Saturday, Aug 8, 04:45 - 05:45 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Petros Koutroumpis\n
\nPetros Koutroumpis is a security consultant and has delivered multiple red and purple team engagements. His research is mainly focused on Active Directory and Windows post-exploitation. He likes to spend his free time developing new tools and contributing to open-source projects.
\n\n
\nDescription:
\nWhether you are trying to attack or defend Active Directory, BloodHound has been the default tool for identifying attack paths. With its latest release, BloodHound3 has introduced a number of new edges including the collection of ACLs for Organizational Units. \n
In this talk we will present a method to abuse edit rights on an OU by serving malicious Group Policy Objects in order to compromise any computer or user object that is a member of the vulnerable OU or any of its child OUs.\n
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68595),('3_Saturday','05','04:45','05:45','Y','RTV','','\'OU having a laugh?\'','\'Petros Koutroumpis\'','RTV_7099bcaf89b007128ff1d8ed7ac87925','\'\'',NULL,68596),('3_Saturday','06','06:00','06:59','N','RTV','','\'All of the threats: Intelligence, modelling and hunting through an ATT&CKers lens\'','\'Tim Wadhwa-Brown\'','RTV_b974214be293dc720b5edb6fdcde79b0','\'Title: All of the threats: Intelligence, modelling and hunting through an ATT&CKers lens
\nWhen: Saturday, Aug 8, 06:00 - 06:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Tim Wadhwa-Brown\n
\nTim Brown joined Cisco as part of their acquisition of Portcullis for whom he worked for almost 12 years. He is equally happy performing white box assessments with access to source code or where necessary diving into proprietary binaries and protocols using reverse engineering methodologies. Tim has contributed to a number of Cisco’s bespoke methodologies covering subjects as diverse as risk and compliance, secure development and host hardening. Tim has looked at targets as varied as risk, mainframes, MPLS, power stations, cars, banking middleware and devops as well as supporting Cisco\'s SOC and incident response capability. Outside of the customer driven realm of information assurance, Tim is also a prolific researcher with papers on UNIX, KDE, Vista, Active Directory and web application security to his name. Tim is credited with almost 150 vulnerability advisories covering both kernel and userland, remote and local. Most recently Tim spoke at to the ATT&CK community on some of his use of ATT&CK for data science and threat hunting research. Tim particularly like to bug hunt enterprise UNIX solutions.
\n\n
\nDescription:
\nATT&CK is a game changer and where it works, it can enable both blue and red teams to co-exist and work effectively together. However, what happens when it falls short and the threat intelligence and hypotheses don\'t exist? How do you build threat intelligence and threat hunt hypotheses from first principles. What do attackers on UNIX do when bitcoin miners aren\'t their motivation? \nI’ll go into:
\n* The target I chose and why – we have ~40 years’ experience looking at UNIX from an offensive standpoint, why wouldn\'t attackers\n* Building a collection worksheet and the information you\'ll need to track\n* Figuring out what TTPs the bad guys are using to attack UNIX when no-one has documented them previously – faced with a lack of DFIR reports, how do you validate your hypotheses\n* Working out whether your customer is exposed and why this matters\n* Translating concepts we see in the wild into things our customer can consume\n* What this means for users of ATT&CK
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68597),('3_Saturday','07','07:15','08:15','N','RTV','','\'Catch Me if You Can\'','\'Eduardo Arriols\'','RTV_f473decaec0e8525f56f269a3bf3ecd5','\'Title: Catch Me if You Can
\nWhen: Saturday, Aug 8, 07:15 - 08:15 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Eduardo Arriols\n
\nEduardo Arriols is RootPointer\'s Founder, a Cybersecurity Startup. Previously, he has worked for 6 years as head of Red Team teams in different organizations, coordinating and developing only advanced intrusion exercises (Red Team) at the international level (America, South America and Europe). Undergraduate and postgraduate university professor at U-tad University, where he teaches in the different courses of the Software Engineering degree. Likewise, he also teaches in different postgraduate courses at other Spanish Universities like UCLM and URJC. Author of the book \"The Company\'s Red Team\" by the 0xWord publisher (Spanish), which describes the Red Team concept, and how to run intrusion simulations on an organization at a technical level. Security researcher and speaker at national and international conferences such as RootedCON, Navaja Negra, STIC Conference (CCN-Cert) or 8.8 Security Conference (Chile and Bolivia).
\n\n
\nDescription:
\nThe presentation will show, from a technical point of view, how to deploy backdoors to guarantee access to an organization. Initially, a brief review about types of persistance, locations where it can be deploy and common aspects to be taken into account will be carried out, to then go on to describe all the details that allow a Red Team to guarantee access to the entity without the organization being able to detect it or being able to expel the attacker before the attacker re-enters using another alternative persistence.\nThe presentation will feature the following highlights:\n- General introduction to the concepts necessary to understand the details regarding the scenarios where it is necessary to deploy persistence in an organization (in real intrusion).\n- Reverse connection typology such as situations where there is direct access to the Internet, connection via proxy, proxy with authentication, DNS, …\n- Infrastructure and techniques for persistence deployment, indicating the type of servers and advanced techniques such as Domain fronting, IP laundry, ...\n- Traditional deployment of persistence on an organization both in existing systems in DMZ, internal servers, workstations, Cloud servers, Active Directory, …\n- Alternative persistence to guarantee unknown access through users with predictable credentials based on password history, Wireless backdoor on workstations (in both directions), extracting internal WiFi passwords, pivoting through resource reconstruction, periodic tasks to modify AD setting, monthly Outlook rules configured and upload interna GAL table of users, visual information extraction using screen and others. \n- Anti-forensic techniques for the deployment of persistence, to avoid the identification of these by the Security team.\n- Types of behavior to act and techniques when the security team detects a persistence, allowing access to the entity to be recovered before having lost access to company.\nThe combined use of the exposed techniques and actions, as will be shown in the presentation, means that the security team does not have the ability to expel the Red Team in any case, allowing the intrusion to be carried out with greater freedom.\nThe presentation is the result of experience in developing deep Red Team exercises on the main organizations in Spain (IBEX35), as well as large banking and industrial entities in Europe and America for more than 6 years.\nAfter the presentation, an Open Source tool will be published to help in the development of the persistence deployment.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68598),('3_Saturday','08','07:15','08:15','Y','RTV','','\'Catch Me if You Can\'','\'Eduardo Arriols\'','RTV_f473decaec0e8525f56f269a3bf3ecd5','\'\'',NULL,68599),('3_Saturday','08','08:30','09:30','N','RTV','','\'Mechanizing the Methodology: Automating Discovery, Testing, and Alerting using Recon/Testing Tools and Amazon SES\'','\'Daniel Miessler\'','RTV_67442b531ed56efecbcb5df14aec5ee2','\'Title: Mechanizing the Methodology: Automating Discovery, Testing, and Alerting using Recon/Testing Tools and Amazon SES
\nWhen: Saturday, Aug 8, 08:30 - 09:30 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Daniel Miessler\n
\nDaniel Miessler is a recognized cybersecurity expert and writer with 20 years in Information Security. His experience ranges from technical assessment and implementation, to executive level advisory services consulting, to building and running industry-leading security programs. His 20 years of experience in security ranges from the vibrant startup ecosystem in his birthplace of Silicon Valley, to working with many of the top 100 worldwide companies. He frequently gives talks and participates in panels around the world, and his work and commentary have been featured in dozens of the world’s leading publications.
\n\n
\nDescription:
\nThere are a million techniques out there for finding new attack surface and finding potential vulnerabilities; the problem is finding the time to run your entire methodology against all your targets. This talk will take you through finding new attack surface, performing multiple types of test against those targets, and sending real-time alerts---all on a continuous basis using automation from a cloud-based Linux host.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68600),('3_Saturday','09','08:30','09:30','Y','RTV','','\'Mechanizing the Methodology: Automating Discovery, Testing, and Alerting using Recon/Testing Tools and Amazon SES\'','\'Daniel Miessler\'','RTV_67442b531ed56efecbcb5df14aec5ee2','\'\'',NULL,68601),('3_Saturday','09','09:45','10:45','N','RTV','','\'Y\'all Tryna Bypass Python 3.8 Audit Hooks or Nah?\'','\'Leron Gray\'','RTV_b710c90cb63df822654236a5ee613e86','\'Title: Y\'all Tryna Bypass Python 3.8 Audit Hooks or Nah?
\nWhen: Saturday, Aug 8, 09:45 - 10:45 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Leron Gray\n
\nLeron Gray is a ten year Navy veteran and former NSA operator with six years of offensive security experience. He\'s currently works on the Azure Red Team at Microsoft, loves winning all the CTFs, and enjoys writing things in Python and Pythonic languages. Also a dope rapper. #BARS
\n\n
\nDescription:
\nPython 3.8, released October 2019, boasts a new security feature called “audit hooksâ€. According to PEP 578 and PEP 551, the purpose of audit hooking is to allow transparency into Python’s runtime so that events can be monitored and logged just like any other process. While additional insight is great for defenders, it\'s likely to become another hurdle for attackers to overcome in the same vein as PowerShell. Y\'all tryna bypass these audit hooks or nah? Come through.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68602),('3_Saturday','10','09:45','10:45','Y','RTV','','\'Y\'all Tryna Bypass Python 3.8 Audit Hooks or Nah?\'','\'Leron Gray\'','RTV_b710c90cb63df822654236a5ee613e86','\'\'',NULL,68603),('3_Saturday','11','11:00','11:59','N','RTV','','\'Initial Compromise through Web Side\'','\'Walter Cuestas\'','RTV_6dd4577270b401b00e2e8f5fd937386f','\'Title: Initial Compromise through Web Side
\nWhen: Saturday, Aug 8, 11:00 - 11:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Walter Cuestas\n
\nWalter Cuestas  - Pentester and Red Teamer for Open-Sec LLC and Cobalt Labs Inc with more then 15 years of experience focused on infrastructure and web applications pentesting and red team operations. Speaker at Ekoparty (several years) and instructor at DEF CON 26 (Lateral Movement workshop).
\n\n
\nDescription:
\nInitial compromise seems to be tied to client side, but, there are several attack vectors on Web side besides a simple RCE.\nDuring this talk I will show 3 cases of getting the initial compromise through vulnerabilities found in application servers and thin clients services going from breaking authentication process, escaping controls and how to solve some challenges during exploitation of what seems an easy peasy. Objectives of this talk are : show how important is to make a good OSINT, make a good dictionary, manage escape sequences in thin client services, how to modify already developed exploits for our current target and the benefit for blue teams to have applications security integrated with infrastructure/operations security.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68604),('3_Saturday','12','12:15','12:30','N','RTV','','\'Inside the Mind of a Threat Actor: Beyond Pentesting\'','\'Phillip Wylie\'','RTV_21891e9f4754958d6512e221179ad2da','\'Title: Inside the Mind of a Threat Actor: Beyond Pentesting
\nWhen: Saturday, Aug 8, 12:15 - 12:30 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Phillip Wylie\n
\nPhillip Wylie is the Senior Red Team Lead for a global consumer products company, Adjunct Instructor at Richland College, and The Pwn School Project founder. Phillip has over 22 years of experience with the last 8 years spent as a pentester. Phillip has a passion for mentoring and education. His passion motivated him to start teaching and founding The Pwn School Project a monthly educational meetup focusing on cybersecurity and ethical hacking. Phillip teaches Ethical Hacking and Web Application Pentesting at Richland College in Dallas, TX. Phillip is a co-host for The Uncommon Journey podcast. Phillip holds the following certifications; CISSP, NSA-IAM, OSCP, GWAPT.
\n\n
\nDescription:
\nRed team is a commonly misunderstood offensive security discipline. Red team has been used as a general term for all areas of offensive security just as blue team for defensive security. True red teaming goes Beyond Pentesting and into more adversarial emulation. While there are overlapping skills, there are differences that will be discussed as Phillip shares his experience of going from a pentester to a red teamer. In this talk, you will learn about the different areas that make up red team operations, common tools, and the path to becoming a red teamer. In this presentation, you will learn about resources helpful for a path into red teaming.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68605),('3_Saturday','12','12:45','13:45','N','RTV','','\'The Student Roadmap to Becoming A Penetration Tester\'','\'Jonathan Helmus\'','RTV_9ce8ce9810252beadafb9c46855cdcb6','\'Title: The Student Roadmap to Becoming A Penetration Tester
\nWhen: Saturday, Aug 8, 12:45 - 13:45 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Jonathan Helmus\n
\nJonathan Helmus - Security engineer and educator who has been working in engineering, security, and information technology for 10 years. Specializations in Penetration Testing, Threat and Adversarial Assessments, Vulnerability Management, Cloud Technology (AWS), and experience as a Technical Educator and University Level Professor.
\n\n
\nDescription:
\nThis presentation will go through various steps on how students can bridge the gap between academia and becoming a penetration tester. This will include a breakdown of certifications to get, career fields to take on before getting in the industry, what to expect, and speed bumps and road blocks that students can expect to see in their journey.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68606),('3_Saturday','13','12:45','13:45','Y','RTV','','\'The Student Roadmap to Becoming A Penetration Tester\'','\'Jonathan Helmus\'','RTV_9ce8ce9810252beadafb9c46855cdcb6','\'\'',NULL,68607),('2_Friday','14','14:15','15:15','N','RTV','','\'Grey Hat SSH: SShenanigans\'','\'Evan Anderson\'','RTV_10e8f2dd4399411e3a9abbd4c1e40c34','\'Title: Grey Hat SSH: SShenanigans
\nWhen: Friday, Aug 7, 14:15 - 15:15 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Evan Anderson\n
\nEvan Anderson is the Director of Offense at Randori. He has over 15 years of experience in red teaming, vulnerability research and exploit development and is a founding member of the NCCDC Red Team. Prior to co-founding Randori, he worked at Kyrus Technologies supporting commercial and federal projects.
\n\n
\nDescription:
\nThe Secure Shell (SSH) was designed to replace telnet/rsh with a secure channel over unsecured networks. SSH is a swiss army knife for red team engagements letting malicious actors accomplish a multitude of interesting tasks.\nAside from providing access to run commands on remote systems SSH can be used to complete a myriad of other activities including hop network boundaries, maintain persistent access, download files, steal credentials, hide access and even configure what commands users run on login. This talk goes through details of how to configure and abuse ssh for a number of red team oriented goals from beginner too advanced.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68608),('2_Friday','15','14:15','15:15','Y','RTV','','\'Grey Hat SSH: SShenanigans\'','\'Evan Anderson\'','RTV_10e8f2dd4399411e3a9abbd4c1e40c34','\'\'',NULL,68609),('3_Saturday','15','15:15','16:15','N','RTV','','\'APTs <3 PowerShell and Why You Should Too\'','\'Anthony Rose,Jake “Hubbl3†Krasnov\'','RTV_f84083e1d413425e18a34292bebb6ea5','\'Title: APTs <3 PowerShell and Why You Should Too
\nWhen: Saturday, Aug 8, 15:15 - 16:15 PDT
\nWhere: Red Team Vlg
\nSpeakers:Anthony Rose,Jake “Hubbl3†Krasnov
\n
SpeakerBio:Anthony Rose\n
\nAnthony “Cx01N†Rose, CISSP, is the Chief Operating Officer of BC-Security and Lead Pentester at Merculite Security. He has more than a decade’s worth of experience in digital communications, working with Red and Blue teams, and as an electrical engineer. His research has focused on wireless networks and embedded systems security. Anthony leveraged his research at DEF CON 24, where he published his work revealing wide-spread vulnerabilities in Bluetooth locks and brought awareness to the masses. His workshop at DEF CON 27 resulted in the reboot of the post-exploitation framework, Empire, which he actively develops and maintains.
\n
SpeakerBio:Jake “Hubbl3†Krasnov\n
\nJake “Hubbl3†Krasnov is the Chief Executive Officer of BC-Security. He spent the first half of his career as an astronautical engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. His most recent focus has been on developing cybersecurity testing tools for embedded systems. He was an instructor at DEF CON 27, where he taught AMSI evasion techniques and his most recent efforts contributed to the resurrection of the post-exploitation framework Empire.
\n\n
\nDescription:
\nQuite often, you may have heard people mention, “Why should you bother learning PowerShell, isn’t it dead?†or “Why not just use C#?†Many individuals in the offensive security field have a common misconception that PowerShell is obsolete for red team operations. Meanwhile, it remains one of the primary attack vectors employed by Advanced Persistent Threats (APTs). APTs are known for implementing sophisticated hacking tactics, techniques, and procedures (TTPs) to gain access to a system for an extended period of time. Their actions typically focus on high-value targets, which leave potentially crippling consequences to both nation-states and corporations. It is crucial that Red Teams accurately emulate real-world threats and do not ignore viable attack options. For this talk, we will walk through how many threat actors adapt and employ PowerShell tools. Our discussion begins with examining how script block logging and AMSI are powerful anti-offensive PowerShell measures. However, the implementation of script block logging places a technical burden on organizations to conduct auditing on a substantial amount of data. While AMSI is trivial to bypass for any capable adversary. Finally, we will demonstrate APT-like PowerShell techniques that remain incredibly effective against the latest generation of network defenses.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68610),('3_Saturday','16','15:15','16:15','Y','RTV','','\'APTs <3 PowerShell and Why You Should Too\'','\'Anthony Rose,Jake “Hubbl3†Krasnov\'','RTV_f84083e1d413425e18a34292bebb6ea5','\'\'',NULL,68611),('3_Saturday','16','16:30','17:30','N','RTV','','\'Indicators of Emulation: Extra Spicy Adversary Emulation\'','\'Ch33r10,haydnjohnson\'','RTV_2825773042dcac52ce356899524ebed2','\'Title: Indicators of Emulation: Extra Spicy Adversary Emulation
\nWhen: Saturday, Aug 8, 16:30 - 17:30 PDT
\nWhere: Red Team Vlg
\nSpeakers:Ch33r10,haydnjohnson
\n
SpeakerBio:Ch33r10\n
\n@ch33r10 works for a Financial Services Fortune 500 Company. She is a graduate of the SANS 2017 Women’s Academy, has an MBA in IT Management, and currently holds the GSEC, GCIH, GCFE, GMON, GDAT, GPEN and GCTI certifications. She is a member of the Financial Services Information Sharing and Analysis Center (FS-ISAC), Yara Exchange, and FuzzySnugglyDuck. @ch33r10 is a doctoral student at Marymount University and has served on multiple CFP review boards.
\nTwitter: @ch33r10
\n
SpeakerBio:haydnjohnson\n
\n@haydnjohnson has over 7 years of information security experience, including network/web penetration testing, vulnerability assessments and Cyber Threat Intelligence. He was on the 2019 SANS Purple Team CFP review board and currently holds the OSCP, GXPN and eCIR certifications. @haydnjohnson has gained both red and blue team experience.
\nTwitter: @haydnjohnson
\n\n
\nDescription:
\nCyber threat intelligence, in the past, has primarily focused on extracting, preparing, and analyzing indicators of compromise for digital forensics and incident response, the security operations center, and other teams. This talk proposes that there is a benefit to including cyber threat intelligence analysts in adversarial threat emulation. By including indicators of emulation (IOE) based upon internal organizational attack data, CTI analysts can enrich and customize red team TTPs to specific threats the organization is currently facing. Don’t have a CTI team? Well, we have solutions for you! From pulling TTPs and IOEs out of thin air to a custom Golang C2 tool you can use to execute payloads that are relevant to your organization. Sit back, relax, and enjoy the show!
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68612),('3_Saturday','17','16:30','17:30','Y','RTV','','\'Indicators of Emulation: Extra Spicy Adversary Emulation\'','\'Ch33r10,haydnjohnson\'','RTV_2825773042dcac52ce356899524ebed2','\'\'',NULL,68613),('3_Saturday','17','17:45','18:45','N','RTV','','\'Emulating an Adversary with Imperfect Intelligence\'','\'Adam Pennington\'','RTV_f1d158260f41d855f12f584d0d7b86cd','\'Title: Emulating an Adversary with Imperfect Intelligence
\nWhen: Saturday, Aug 8, 17:45 - 18:45 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Adam Pennington\n
\nAdam Pennington (@_whatshisface) leads ATT&CK at The MITRE Corporation and collected much of the intelligence leveraged in creating ATT&CK’s initial techniques. He has spent much of his 11 years with MITRE studying and preaching the use of deception for intelligence gathering. Prior to joining MITRE, Adam was a researcher at Carnegie Mellon\'s Parallel Data Lab and earned his BS and MS degrees in Computer Science and Electrical and Computer Engineering as well as the 2017 Alumni Service Award from Carnegie Mellon University. Adam has presented and published in a number of venues including FIRST CTI, USENIX Security and ACM Transactions on Information and System Security.
\nTwitter: @ _whatshisface
\n\n
\nDescription:
\nAdversary emulation has become an increasingly common type of engagement where red teams look to known threat groups to inspire the actions and behaviors used. While scoping activity might make operating easier, emulation introduces a new set of challenges to planning. How do you know how an adversary behaves? What do you do if you only know part of the picture? How do you turn all of that into a plan? In this talk I’ll examine how we can start building an adversary profile from the open source intel in MITRE ATT&CK. Open source intel often doesn’t give a complete picture of an adversary, and I’ll talk about some of where these gaps come from, how to spot them, and some ways of filling them in. I’ll work through a process for turning the profile we’ve created into an adversary emulation plan expressed in ATT&CK and how we can stay aligned with that plan as we operate.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68614),('3_Saturday','18','17:45','18:45','Y','RTV','','\'Emulating an Adversary with Imperfect Intelligence\'','\'Adam Pennington\'','RTV_f1d158260f41d855f12f584d0d7b86cd','\'\'',NULL,68615),('3_Saturday','19','19:00','19:59','N','RTV','','\'Automating Threat Hunting on the Dark Web and other nitty-gritty things\'','\'Apurv Singh Gautam\'','RTV_c7bcfb3d5539a11aea2712eb224b7443','\'Title: Automating Threat Hunting on the Dark Web and other nitty-gritty things
\nWhen: Saturday, Aug 8, 19:00 - 19:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Apurv Singh Gautam\n
\nApurv Singh Gautam is pursuing his Master\'s in Cybersecurity from Georgia Tech. He commenced work in Threat Intel/Hunting 2 years ago. Throughout his professional career, he worked on hunting threats from both clear web and dark web and is also involved in performing HUMINT on the d2web. He is very passionate about giving back to the community and has already conducted several talks and seminars in local security meetups, schools, and colleges. He loves volunteering with Cybrary and Station X to help students make their way in Cybersecurity. He looks forward to the end of the day to play and stream one of the AAA games Rainbow Six Siege.
\n\n
\nDescription:
\nWhat\'s the hype with the dark web? Why are security researchers focusing more on the dark web? How to perform threat hunting on the dark web? If you are curious about the answers to these questions, then this talk is for you. Dark web hosts several sites where criminals buy, sell, and trade goods and services like drugs, weapons, exploits, etc. Hunting on the dark web can help identify, profile, and mitigate any organization risks if done timely and appropriately. This is why threat intelligence obtained from the dark web can be crucial for any organization. In this presentation, you will learn why threat hunting on the dark web is necessary, different methodologies to perform hunting, the process after hunting, and how hunted data is analyzed. The main focus of this talk will be automating the threat hunting on the dark web. You will also get to know what operational security (OpSec) is and why it is essential while performing hunting on the dark web and how you can employ it in your daily life.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68616),('3_Saturday','20','20:15','21:15','N','RTV','','\'Bypassing in Mobile Network From Red-Team Points of View\'','\'Ali Abdollahi\'','RTV_7d34d0972304ae9685e2331baeb5ac48','\'Title: Bypassing in Mobile Network From Red-Team Points of View
\nWhen: Saturday, Aug 8, 20:15 - 21:15 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Ali Abdollahi\n
\nAli Abdollahi is a cyber security expert with over 8 years of experience working in a variety of security fields. Ali is a full-time consultant helping clients with product security testing, reverse engineering, penetration testing, exploit developing, red-teaming, secure coding, and more, giving him ample opportunity to use his skills in a diversity of ways. In addition, He is instructor, author and board of review at Hakin9 company. Ali is a self-confessed bug hunter, publisher of many vulnerabilities and CVEs. Ali is a regular speaker and trainer at industry conferences.
\nTwitter: @AliAbdollahi2
\n\n
\nDescription:
\nThis talk focus on reviewing implementation of new security features in mobile networks as well as detecting techniques and bypassing methods from red team perspective . The scope of the illustration include both radio (SDR) and signalling core network attacks. - The outline of the presentation // max 500 words One of the most complicated network is mobile telecom network. There are some segments include signalling, charging, packet data, Radio etc. Still there are many security holes that allow attackers to compromise the network and however telecom companies enable security mechanisms and put some security devices. In this talk, I will cover common high-tech security solutions used by telecom operators and and all ways to detect and after that bypass it as well as security recommendations to prevent theses activities. In this talk I will start the presentation with recent telecom abuse and related hacking news in 2019. In the next section I will cover common mobile network vulnerabilities and architecture. After that illustrate security of radio access network (RAN) and bypassing scenarios and techniques:\n1. Mobile Phone Registration (IMEI policies) Bypass\n2. Bypassing Unrevealed Ciphering Algorithms\n3. 5G, LTE/LTE Advanced Bypass
\nThe next part of the talk will be assign to Circuit Switch network (Signaling) and the technical bypass techniques are as below:\n1. Home Routing Detection
\n2. Bypassing Home Routing
\n3. Signalling Firewall Detection
\n4. Bypassing Signalling Firewall
\nAnd at the final section I will explain security solutions to defend against these malicious techniques.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68617),('3_Saturday','21','20:15','21:15','Y','RTV','','\'Bypassing in Mobile Network From Red-Team Points of View\'','\'Ali Abdollahi\'','RTV_7d34d0972304ae9685e2331baeb5ac48','\'\'',NULL,68618),('3_Saturday','21','21:30','22:30','N','RTV','','\'Sounds Legit: Why you shouldn\'t trust that speaker\'','\'Luis Ãngel RamÃrez Mendoza (@larm182luis),Mauro Cáseres\'','RTV_f31c84d845f681c684067516f3e54574','\'Title: Sounds Legit: Why you shouldn\'t trust that speaker
\nWhen: Saturday, Aug 8, 21:30 - 22:30 PDT
\nWhere: Red Team Vlg
\nSpeakers:Luis Ãngel RamÃrez Mendoza (@larm182luis),Mauro Cáseres
\n
SpeakerBio:Luis Ãngel RamÃrez Mendoza (@larm182luis)\n
\nLuis Ángel Ramírez Mendoza (@larm182luis) is a colombian electronic engineer, hacker and speaker. He spoke at DragonJAR Colombia (Biggest hacking spanish speaking conference in LATAM) and is currently working as a Cybersecurity and Artificial Intelligence Professor at University of Guajira in Colombia.
\nTwitter: @larm182luis
\n
SpeakerBio:Mauro Cáseres\n
\nMauro Cáseres (@mauroeldritch) is an argentine hacker and speaker. He spoke at DEF CON 26 Las Vegas (Recon & Data Duplication Villages), DevFest Siberia, DragonJAR Colombia, Roadsec Brasil, and DC7831 Nizhny Novgorod. Currently working as SecOps for the Argentine Ministry of Production.
\nTwitter: @mauroeldritch
\n\n
\nDescription:
\nBadUSB devices are popular worldwide, and almost no one ignores their nature: an object with a USB connection (usually a pendrive) connects to a computer and tells it \"I am a keyboard\", proceeding to send (\"type\") arbitrary commands, usually malicious. In this talk we have decided to go beyond the classic concept of a malicious pendrive. We use a set of classic USB speakers from a well-known brand available worldwide, which we disassemble to add our own hardware modification. This modification, which consists of cheap parts that can be acquired worldwide, makes this set of speakers an unprecedented local and remote attack vector: a device that looks and functions as a speaker, but is capable of acting as a keyboard, exfiltrate information, and use a SIM card to receive remote commands by telephone to leak information. When connected, the speaker passively waits for a phone call to its internal SIM from a specific number. Upon receiving it, launches a payload against the computer to which it was connected, allowing the attacker to obtain a shell. Now then, what would happen if someone left this speaker in its original box in a corner of an office? What would happen if someone connected this innocent device to their work terminal? Well, it is a speaker after all. And it definitely sounds legit...
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68619),('3_Saturday','22','21:30','22:30','Y','RTV','','\'Sounds Legit: Why you shouldn\'t trust that speaker\'','\'Luis Ãngel RamÃrez Mendoza (@larm182luis),Mauro Cáseres\'','RTV_f31c84d845f681c684067516f3e54574','\'\'',NULL,68620),('4_Sunday','01','01:00','01:59','N','RTV','','\'PatrOwl - Red flavour of SOC automation\'','\'Nicolas MATTIOCCO\'','RTV_6289c2189a9923ef74e233afce184a58','\'Title: PatrOwl - Red flavour of SOC automation
\nWhen: Sunday, Aug 9, 01:00 - 01:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Nicolas MATTIOCCO\n
\nNicolas MATTIOCCO is an information security expert since 12 years and was involved in various security consulting engagements from penetration tests to global risk assessments and security operations implementation. Today, he is working as a red teamer and in automating security operations at a large scale.
\n\n
\nDescription:
\nA company, regardless of its size and market power, may go out of business or lose a lot of value because of a security incident on its information system. The number of vulnerabilities and the interest of cyber-attackers is only increasing. With the advent of the monetization of botnet cyber attacks or the installation of crypto-miners for example, the threats are going more varied and intensified, but less targeted. The vast majority of companies are digital and increasingly exposed on the Internet. The level of cyber exposure is also higher. The \"Cyber\" risk has become vital. Today, everything has changed and tomorrow everything will change even faster. Where manual analysis was sufficient, paradigms of risk assessment are moving towards more automation. But **we need intelligent automation**.\n
This automation strategy also tends to address the drastic lack of competent cyber security resources and retention of talents. The automation of recurrent, time-consuming and low-value-added tasks will allow teams to focus on more complex and therefore more motivating topics. To efficiently support this strategy, we developed PatrOwl, an Open Source, Free and Scalable Security Operations Orchestration Platform. Technically, PatrOwl is a solution for automating calls to commercial or open source tools that perform checks. To date, more than 140 tools or online services are supported. Beyond centralizing the results (vulnerabilities, meta-data, asset metadata) obtained, the PatrOwl analysis engine compares these results with its knowledge base and other third-party services to determine scenarios of attacks (predictive analysis) or to trigger actions (alerting, program calls, ...). Largely customizable, PatrOwl is suitable for supporting penetration testing, vulnerability audit and compliance, static source audit, threat research (CTI) and security incident response activities (SOC / DFIR).\n
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68621),('4_Sunday','02','02:15','03:15','N','RTV','','\'Reviewing MS08-067, Illustration Of An Old Chapter\'','\'Etizaz Mohsin\'','RTV_42af99819d464dafb01afa97d193ea40','\'Title: Reviewing MS08-067, Illustration Of An Old Chapter
\nWhen: Sunday, Aug 9, 02:15 - 03:15 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Etizaz Mohsin\n
\nEtizaz Mohsin is an information security researcher and enthusiast. His core interest lies in low level software exploitation both in user and kernel mode, vulnerability research, reverse engineering. He holds a Bachelors in Software Engineering and started his career in Penetration Testing. He is an active speaker at international security conferences. He has achieved industry certifications, the prominent of which are OSCP, OSCE, OSWP, OSWE, OSEE, CREST CRT, CPSA, EWPTX, CEH.
\n\n
\nDescription:No Description available
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68622),('4_Sunday','03','02:15','03:15','Y','RTV','','\'Reviewing MS08-067, Illustration Of An Old Chapter\'','\'Etizaz Mohsin\'','RTV_42af99819d464dafb01afa97d193ea40','\'\'',NULL,68623),('4_Sunday','03','03:30','04:30','N','RTV','','\'RedTeamOps - Managing Red Team Infrastructure as a Red Teamer\'','\'Mert Can CoÅŸkuner\'','RTV_3ce837480af6efe1ec2770e54c2c6428','\'Title: RedTeamOps - Managing Red Team Infrastructure as a Red Teamer
\nWhen: Sunday, Aug 9, 03:30 - 04:30 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Mert Can CoÅŸkuner\n
\nMert Can CoÅŸkuner is a Security Engineer at Trendyol. He is maintaining a Penetration Testing and Malware Analysis blog at medium.com/@mcoskuner. In his free time Mert Can is performing mobile malware research and threat intelligence.
\n\n
\nDescription:
\nRed team operations involve many skills, the operation requires a lot of monitoring, consolidating and caution. In order to perform red team operations faster, and stealthier without thinking about the infrastructure every team has its’ own habits and standarts. However, there is a problem with those habits and standarts;\n- There are tons of tools but no operation management,\n- No aggregation between these tools,
\n- When OPSEC fails due to problems above or any other reason, it’s essential to possess the capability of maintaining robust infrastructure which can be recreated if discovered, and more importantly, without any issues upon deployment.\nIn this talk, infrastructure challenges we face as a red teamer will be discussed. Along with challenges, a solution will be proposed based on DevOps practices such as;\n- Design your infrastructure based on the standarts and habits which your team has\n- Create playbooks which suits your needs based on your design\n- Create CI pipeline to test and maintain your playbooks
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68624),('4_Sunday','04','03:30','04:30','Y','RTV','','\'RedTeamOps - Managing Red Team Infrastructure as a Red Teamer\'','\'Mert Can CoÅŸkuner\'','RTV_3ce837480af6efe1ec2770e54c2c6428','\'\'',NULL,68625),('4_Sunday','04','04:45','05:45','N','RTV','','\'From Discovery to Disclosure\'','\'Ibad Shah\'','RTV_6155c5c0ab4e50245f4ffa828465b226','\'Title: From Discovery to Disclosure
\nWhen: Sunday, Aug 9, 04:45 - 05:45 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Ibad Shah\n
\nProfessional Red Teamer in daylight and Security Researcher at night.
\n\n
\nDescription:
\nThis session will discuss about journey from discovering vulnerabilities in an android application having premium features leading towards approaching relevant authorities, disclosing all of the required details and solutions. It is to be noted that the application has been downloaded by more than 1.5 million users and exploiting such vulnerabilities would have adverse affect on organization as reputational and regulatory. The talk will also focus on how security researchers can contact relevant authorities of organization more effectively and disclose such critical vulnerabilities.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68626),('4_Sunday','05','04:45','05:45','Y','RTV','','\'From Discovery to Disclosure\'','\'Ibad Shah\'','RTV_6155c5c0ab4e50245f4ffa828465b226','\'\'',NULL,68627),('4_Sunday','06','06:00','06:59','N','RTV','','\'Hacking Zoom: a Hacker\'s Journey into Zoom Security\'','\'Mazin Ahmed\'','RTV_d2f3382974971319acddab6bdc8c59d9','\'Title: Hacking Zoom: a Hacker\'s Journey into Zoom Security
\nWhen: Sunday, Aug 9, 06:00 - 06:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Mazin Ahmed\n
\nMazin Ahmed is a security consultant who specializes in AppSec and offensive security. He is passionate about information security and has previously found vulnerabilities in Facebook, Twitter, Linkedin, and Oracle to name a few. Mazin is the developer of a number of popular open-source security tools that have been integrated into security testing frameworks and distributions. Furthermore, Mazin’s research of WAF security has earned the 4th place on top web hacking techniques of 2015 award. Mazin also built FullHunt, the next-generation vulnerability intelligence platform.
\n\n
\nDescription:
\nZoom is a popular digital video conferencing company. Zoom has become one of the most valuable companies in the world during the pandemic, with millions of users and hundreds of millions of monthly participants globally.\nI have done a security research experiment in spare time to test Zoom and to find security risks and vulnerabilities on Zoom. The experiment resulted in interesting findings along with interesting vectors I identified within the journey.\nIn this talk, I will be showcasing my findings and the results of my experiment. I will also discuss some of the challenges in the conducted responsible disclosure.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68628),('4_Sunday','07','07:15','08:15','N','RTV','','\'PWN The World\'','\'Chris Kubecka\'','RTV_39367be21d32c37731a2375a433c6d3d','\'Title: PWN The World
\nWhen: Sunday, Aug 9, 07:15 - 08:15 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Chris Kubecka\n
\nChris Kubecka - \"Fearless and powerful speaker, saves countries, fights cyber terrorism, advises several governments as a subject matter expert on cyber warfare national defense. Profiled by major media in the USA and Europe. USAF military combat veteran, former military aviator, and USAF Space Command. Defends critical infrastructure and handles country level cyber incidents, cyberwarfare, and cyber espionage. Reconnected Saudi Aramco international business operations & established digital security after the world’s most devastating cyberwarfare attack. Developing the highest level of exploit code against IT/IOT/ICS SCADA control systems whilst working with governments. Involved in the world’s biggest hacks, advising nations, NATO, Europol, Interpol exposing corruption and national security risks.\n
“She is a go-to professional for governments. There are only a certain number who can both frame the problem conceptually and put it in straight fuc**** English so somebody can understand. And she can do that.â€\n
\n\n
\nDescription:
\nWant to learn the basics of how to hack cool industrial IOT, industrial control systems and technology that moves the world? How to find them, leverage weaknesses in protocols & systems. Turn engineer technical tools into dual use reconnaissance and attack tools. Components of energy grids, digital security systems, production systems and more.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68629),('4_Sunday','08','07:15','08:15','Y','RTV','','\'PWN The World\'','\'Chris Kubecka\'','RTV_39367be21d32c37731a2375a433c6d3d','\'\'',NULL,68630),('4_Sunday','08','08:30','09:30','N','RTV','','\'Autonomous Security Analysis and Penetration Testing (ASAP)\'','\'Ankur Chowdhary\'','RTV_1c7b2ccec93dd02d15bc1a323cf3fc65','\'Title: Autonomous Security Analysis and Penetration Testing (ASAP)
\nWhen: Sunday, Aug 9, 08:30 - 09:30 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Ankur Chowdhary\n
\nAnkur Chowdhary is a PhD candidate at Arizona State University (ASU). His research interests include Cloud Security, Software Defined Networks, and application of Artificial Intelligence and Machine Learning in the field of cybersecurity. Ankur has over 5 years of cybersecurity industry experience. He has worked for companies like CSC Pvt. Ltd., Republic Services, Blackberry Pvt. Ltd., and Bishop Fox. Ankur has co-authored over 25 research papers and one textbook in the field of cybersecurity. Ankur co-founded cybersecurity startup CyNET LLC (2017). Ankur has been quite active in cybersecurity education. Ankur was ASU’s National Cybersecurity Defense Competition (NCCDC) captain (2015-2018), and he is current team coach (2018-). He co-founded hacking club DevilSec in 2019 to teach offensive and defensive security to students at ASU.
\n\n
\nDescription:
\nPenetration Testing (Pentesting) involves skilled cybersecurity professionals generating a plan of attack for finding and exploiting vulnerabilities in the networks, and applications. The current procedure used in pen-testing is semi-automated at best and requires significant human effort. Moreover, the plan of attack followed by pen-testers may not yield best outcomes in terms of exploiting vulnerabilities in the provided time. Our framework, ASAP utilizes software vulnerabilities and network topology information to provide an artificial intelligence-based automated attack plan. \nOur framework Autonomous Security Analysis and Penetration Testing (ASAP) utilizes the reachability information between different network hosts and software vulnerabilities to generate a state transition graph known as attack graph. Each state in the attack graph represents the current privilege of the attacker. The attack graph also encodes information about the possible next state transitions in the network. In effect attack graph maps all possible exploits and privilege escalations possible in a network. This information is provided to Artificial Intelligence (AI) module. The AI module utilizes a popular framework known as Partially Observable Markov Decision Process (POMDP) to encode uncertainty over different state transitions, and reward obtained by attackers on achieving different privilege levels. The output generated by the AI module - Attack Policy provides the best course of action for a penetration tester/ red team member in the current network setup. The attack policy generated by the ASAP framework can be deployed on target enterprise networks using automated exploitation tools such as Metasploit. Based on our experimental evaluation in a cloud network setup, the attack policy generated by our framework does significantly better than human penetration testers in terms of finding and exploiting vulnerabilities in a network.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68631),('4_Sunday','09','08:30','09:30','Y','RTV','','\'Autonomous Security Analysis and Penetration Testing (ASAP)\'','\'Ankur Chowdhary\'','RTV_1c7b2ccec93dd02d15bc1a323cf3fc65','\'\'',NULL,68632),('4_Sunday','09','09:45','10:45','N','RTV','','\'Kubernetes Goat - Vulnerable by Design Kubernetes Cluster Environment\'','\'Madhu Akula\'','RTV_ae83a7dccdcc407c6351e3f3ce5b82ed','\'Title: Kubernetes Goat - Vulnerable by Design Kubernetes Cluster Environment
\nWhen: Sunday, Aug 9, 09:45 - 10:45 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Madhu Akula\n
\nMadhu Akula is creator of Kubernetes Goat, security ninja, published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26 & 27), BlackHat USA (2018 & 19), USENIX LISA (2018 & 19), O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018 & 19), All Day DevOps (2016, 17, 18, 19 & 20), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon (2018, 19), SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.\"
\n\n
\nDescription:
\nKubernetes Goat is “vulnerable by design†Kubernetes Cluster environment to practice and learn about Kubernetes Security.\nIn this session Madhu Akula will present how to get started with Kubernetes Goat by exploring different vulnerabilities in Kubernetes Cluster and Containerised environments. Also he demonstrates the real-world vulnerabilities and maps the Kubernetes Goat scenarios with them.\nAlso, we will see the complete documentation and instruction to practice Kubernetes Security for performing security assessments. As a defender you will see how we can learn these attacks, misconfigurations to understand and improve your cloud native infrastructure security posture.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68633),('4_Sunday','10','09:45','10:45','Y','RTV','','\'Kubernetes Goat - Vulnerable by Design Kubernetes Cluster Environment\'','\'Madhu Akula\'','RTV_ae83a7dccdcc407c6351e3f3ce5b82ed','\'\'',NULL,68634),('4_Sunday','11','11:00','11:59','N','RTV','','\'Breaking the Attack Chain\'','\'Corey Ham,Matt Eidelberg\'','RTV_29300ebfd40c4449a1d187d25cc7e8dc','\'Title: Breaking the Attack Chain
\nWhen: Sunday, Aug 9, 11:00 - 11:59 PDT
\nWhere: Red Team Vlg
\nSpeakers:Corey Ham,Matt Eidelberg
\n
SpeakerBio:Corey Ham\n
\nCorey Ham & Matt Eidelberg are principal consultants/leaders within Optiv\'s advanced services sub-team. Together they have 13 years combined experience delivering offensive security engagements for clients, along with personal tool development and research.
\n
SpeakerBio:Matt Eidelberg\n
\nCorey Ham & Matt Eidelberg are principal consultants/leaders within Optiv\'s advanced services sub-team. Together they have 13 years combined experience delivering offensive security engagements for clients, along with personal tool development and research. Matthew has presented at multiple conferences across North America.
\n\n
\nDescription:
\nDespite the rising tide of security maturity, targeted attack chains are often successful due to systemic weaknesses in how modern IT administrators and blue teams operate. This talk gives the attacker\'s perspective on how common attack chains can be stopped before they spiral out of control.\nThis talk is fueled by two red team operators field experience in attacking modern enterprise environments. It will cover various tactics and techniques that are used with high success during red team engagements, as well as specific countermeasures that would hamper the success of the described attack chains. The speakers will cover a hypothetical red team style engagement, starting from a limited-knowledge basis on the Internet, moving to an internal foothold, leading to data compromise. This talk will focus on technical details at an executive level, and will be performed in a \"debrief\" style with no technical specifics or demos.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68635),('4_Sunday','12','12:15','13:15','N','RTV','','\'Hashes; Smothered, Covered, and Scattered: Modern Password Cracking as a Methodology\'','\'Lee Wangenheim\'','RTV_d805893ba7fa8e505dc6d0a96bfd68fe','\'Title: Hashes; Smothered, Covered, and Scattered: Modern Password Cracking as a Methodology
\nWhen: Sunday, Aug 9, 12:15 - 13:15 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Lee Wangenheim\n
\nLee Wangenheim works as a security consultant for the Attack and Penetration team at Optiv. As part of his job he helps to maintain the teams password crackers as well as perform enterprise password audits for various clients. After fielding several questions from the team about best practices, he set out to define the methodology a modern consultant can use to attack passwords they find on an engagement.
\n\n
\nDescription:
\nWith the explosion of GPU enabled processing power password cracking has long grown beyond the standard wordlist. New tools and techniques are being used in order to effectively and efficiently crack passwords that just a few years ago would have be unfathomable.\nPeople often ask me, what is the best way to crack this hash, and the truth is it really depends. Let us introduce some of the more modern and best ways to attack passwords by analyzing the language structures and character patterns of passwords, as well as developing custom rules and rule chains to maximize effort. Password cracking is one of those things that has been around for a long time, however people often do not associate a methodology behind it and consider it just a tool. My presentation has a large amount of content to cover within a 50-minute window, therefore our demos are light and quick showing the different tools built for cracking locally, in the cloud, or in a distributed environment. I feel that by passing along the knowledge of the ins and outs of the tools will be more valuable than having people watch us crack passwords on the screen. The slide decks can be made available to participants and contains sample commands for them to try out each technique I present.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68636),('4_Sunday','13','12:15','13:15','Y','RTV','','\'Hashes; Smothered, Covered, and Scattered: Modern Password Cracking as a Methodology\'','\'Lee Wangenheim\'','RTV_d805893ba7fa8e505dc6d0a96bfd68fe','\'\'',NULL,68637),('4_Sunday','13','13:30','14:30','N','RTV','','\'You\'re Adversary Within - The Golden Age of Insider Threats\'','\'Adam Mashinchi\'','RTV_a0aaf5c9c2e7f460632ddc15ea8cee62','\'Title: You\'re Adversary Within - The Golden Age of Insider Threats
\nWhen: Sunday, Aug 9, 13:30 - 14:30 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Adam Mashinchi\n
\nAdam Mashinchi is SCYTHE\'s VP of Product Management where he leads the project management, design, and quality assurance departments for SCYTHE\'s product portfolio. Before SCYTHE, Adam defined and managed the development of enterprise security and privacy solutions with an emphasis on usable encryption at a global scale and led numerous technical integration projects with a variety of partners and services.
\nTwitter: @adam_mashinchi
\n\n
\nDescription:
\nIntentional read as both “Your Adversary Within†and “You Are (The) Adversary Within†attendees of this talk will walk away with practical information on how to execute advanced insider threat scenarios with free and easily implemented solutions.\n
With the increased enterprise dependence on cloud-based solutions, paired with turn-key end-to-end encryption products for consumers; insider threat actors have a litany of tools at their disposal. In this talk we will walk-through a number of the (free!) tools one can utilize when performing adversarial simulations, provide insights on how to “sell†an assumed-compromise engagement as a Red/Blue/Purple Team, and some helpful places to start with MITRE ATT&CK technique alignment for offense & defense.\n
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68638),('4_Sunday','14','13:30','14:30','Y','RTV','','\'You\'re Adversary Within - The Golden Age of Insider Threats\'','\'Adam Mashinchi\'','RTV_a0aaf5c9c2e7f460632ddc15ea8cee62','\'\'',NULL,68639),('4_Sunday','15','15:00','15:59','N','RTV','','\'Have my keys been pwned? - API Edition\'','\'José Hernandez,Rod Soto\'','RTV_eb261f89cc92caf4c7ce260571850f28','\'Title: Have my keys been pwned? - API Edition
\nWhen: Sunday, Aug 9, 15:00 - 15:59 PDT
\nWhere: Red Team Vlg
\nSpeakers:José Hernandez,Rod Soto
\n
SpeakerBio:José Hernandez\n
\nJosé Hernandez is a Principal Security Researcher at Splunk. He started his professional career at Prolexic Technologies (now Akamai), fighting DDOS attacks from “anonymous†and “lulzsec†against Fortune 100 companies. As an engineering co-founder of Zenedge Inc. (acquired by Oracle Inc.), José helped build technologies to fight bots and web-application attacks. While working at Splunk as a Security Architect, he built and released an auto-mitigation framework that has been used to automatically fight attacks in large organizations. He has also built security operation centers and run a public threat-intelligence service. Although security information has been the focus of his career, José has found that his true passion is in solving problems and creating solutions. As an example, he built an underwater remote-control vehicle called the SensorSub, which was used to test and measure toxicity in Miami\'s waterways.
\n
SpeakerBio:Rod Soto\n
\nRod Soto worked at Prolexic, Akamai, Caspida. Won BlackHat CTF in 2012. Co-founded Hackmiami, Pacific Hackers meetup and conferences.
\n\n
\nDescription:
\nCurrent status quo of credential management in cloud related DEVOPS environments enables attackers to easily obtain leaked credentials. This presentation showcases how leaked credentials in public repositories can potentially lead to further compromise in enterprise environments.The focus will be on the DEVOPS attack surface and the toolchains involved within this process in cloud platform environments. Presenters will use a recently released tool (Git Wild Hunt) to show how public leaks can lead to further compromise of individuals and enterprises with actual examples of derived information from compromised secrets. An analysis of credentials leaked globally and its source (company affected and user) will be provided as examples.
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68640),('4_Sunday','16','16:00','16:59','N','RTV','','\'Red Team Village Closing Ceremony and Announcement of Winners of CTF and CyberWraith \'','\'Joseph Mlodzìanowskì (cedoXx),Omar Ωr\'','RTV_90ce9583a121cfe41be561ae8540fee7','\'Title: Red Team Village Closing Ceremony and Announcement of Winners of CTF and CyberWraithÂ
\nWhen: Sunday, Aug 9, 16:00 - 16:59 PDT
\nWhere: Red Team Vlg
\nSpeakers:Joseph Mlodzìanowskì (cedoXx),Omar Ωr
\n
SpeakerBio:Joseph Mlodzìanowskì (cedoXx)\n
\nNo BIO available
\nTwitter: @cedoxX
\n
SpeakerBio:Omar Ωr\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68641),('1_Thursday','11','11:15','11:59','N','BTVW1','','\'Kibana: An Introduction Into OpenSOC CTF Tools\'','\'TimDotZero\'','BTVW1_f7c066374651df4069adeabc2a948677','\'Title: Kibana: An Introduction Into OpenSOC CTF Tools
\nWhen: Thursday, Aug 6, 11:15 - 11:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
SpeakerBio:TimDotZero\n
\nNo BIO available
\nTwitter: @TimDotZero
\n\n
\nDescription:
\nEvery year the Blue Team Village hosts OpenSOC. A unique defense CTF meant to teach and test practical incident response skills in an environment that\'s as close to \"the real thing\" as it gets.\n
This year BTV wanted to do more. We know that some Blue Teamers might be unfamiliar with some of the tools used by OpenSOC. And we didn\'t want that to keep anyone from playing this incredible defense simulation.\n
So this year we are dedicating all day Thursday to demo the various OpenSOC tools, before OpenSOC starts on Friday. These are tools like Graylog, Moloch, Zeek, Osquery, and others that Blue Teamers rely on every day to defend their networks against attackers.\n
That means that after you LEARN the tools, you can PLAY the OpenSOC CTF, and then take that knowledge back to your own Blue Team to DO the work of defending your network.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68642),('1_Thursday','12','12:15','12:59','N','BTVW1','','\'OpenSOC CTF Tool Demo: Moloch\'','\'\'','BTVW1_822ba0bc158027961c584f27506e2e54','\'Title: OpenSOC CTF Tool Demo: Moloch
\nWhen: Thursday, Aug 6, 12:15 - 12:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
\nDescription:No Description available
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68643),('1_Thursday','16','16:15','16:59','N','BTVW1','','\'Suricata: An Introduction Into OpenSOC CTF Tools\'','\'Josh\'','BTVW1_b324799d38a67a82924f92899e733195','\'Title: Suricata: An Introduction Into OpenSOC CTF Tools
\nWhen: Thursday, Aug 6, 16:15 - 16:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
SpeakerBio:Josh\n
\nNo BIO available
\n\n
\nDescription:
\n\nEvery year the Blue Team Village hosts OpenSOC. A unique defense CTF meant to teach and test practical incident response skills in an environment that\'s as close to \"the real thing\" as it gets.\n
This year BTV wanted to do more. We know that some Blue Teamers might be unfamiliar with some of the tools used by OpenSOC. And we didn\'t want that to keep anyone from playing this incredible defense simulation.\n
So this year we are dedicating all day Thursday to demo the various OpenSOC tools, before OpenSOC starts on Friday. These are tools like Graylog, Moloch, Zeek, Osquery, and others that Blue Teamers rely on every day to defend their networks against attackers.\n
That means that after you LEARN the tools, you can PLAY the OpenSOC CTF, and then take that knowledge back to your own Blue Team to DO the work of defending your network.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68644),('1_Thursday','17','17:15','17:59','N','BTVW1','','\'OpenSOC CTF Tool Demo: Thinkst Canary\'','\'\'','BTVW1_ae890e1767a0110cb19294a241b855b3','\'Title: OpenSOC CTF Tool Demo: Thinkst Canary
\nWhen: Thursday, Aug 6, 17:15 - 17:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
\nDescription:No Description available
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68645),('1_Thursday','09','09:00','17:59','N','CNE','E','\'Darknet Contest\'','\' \'','CNE_8588177c8df3c3638af266163f344c8b','\'Title: Darknet Contest
\nWhen: Thursday, Aug 6, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHere at Darknet, We are a Real Life (RL) Massively Multiplayer Online Role Playing Game (MMORPG), where we teach you real life skills and you get in-game points for it. Some may call this Gamified learning. We assume no prior knowledge on a subject, teach you the basics, then challenge you to use what you have learned. Our contest has a range of quests, starting with simple tasks and working your way up to very complex problems.\n
In the past we have taught you how to lock pick, crack wifi, create a PGP Key and communicate online safely, as well as soldering, programming, and code cracking, just to name a few.From there we would have sent you on quests to go to the different villages to learn something from them, and then come back and test your skills.\n
But alas, we have been forced underground…And while the physical aspect of the conference has moved online, so have we. This year we will be focusing on the skills you will learn, past skills you will refresh, and your interactions with the community. There will not be a points scoreboard this year. Many of you who have previously bought the Darknet 8 Badge have not unlocked the full features. We have quests for you to learn how to interact, develop, and reprogram it. It’s time to Learn, Teach, and Play Agents, are you ready?\n
\nInfo: https://dcdark.net/\n
Discord: https://discordapp.com/channels/708208267699945503/735849065593438248/737077762845704224\n
Twitter DCDarkNet: https://twitter.com/DCDarknet\n
Twitter Holon: https://twitter.com/Holon_Network\n
\n\'',NULL,68646),('2_Friday','09','09:00','17:59','N','CNE','E','\'Darknet Contest\'','\' \'','CNE_cd3d2a0eae76666df57d8fc7bca3072b','\'Title: Darknet Contest
\nWhen: Friday, Aug 7, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHere at Darknet, We are a Real Life (RL) Massively Multiplayer Online Role Playing Game (MMORPG), where we teach you real life skills and you get in-game points for it. Some may call this Gamified learning. We assume no prior knowledge on a subject, teach you the basics, then challenge you to use what you have learned. Our contest has a range of quests, starting with simple tasks and working your way up to very complex problems.\n
In the past we have taught you how to lock pick, crack wifi, create a PGP Key and communicate online safely, as well as soldering, programming, and code cracking, just to name a few.From there we would have sent you on quests to go to the different villages to learn something from them, and then come back and test your skills.\n
But alas, we have been forced underground…And while the physical aspect of the conference has moved online, so have we. This year we will be focusing on the skills you will learn, past skills you will refresh, and your interactions with the community. There will not be a points scoreboard this year. Many of you who have previously bought the Darknet 8 Badge have not unlocked the full features. We have quests for you to learn how to interact, develop, and reprogram it. It’s time to Learn, Teach, and Play Agents, are you ready?\n
\nInfo: https://dcdark.net/\n
Discord: https://discordapp.com/channels/708208267699945503/735849065593438248/737077762845704224\n
Twitter DCDarkNet: https://twitter.com/DCDarknet\n
Twitter Holon: https://twitter.com/Holon_Network\n
\n\'',NULL,68647),('3_Saturday','09','09:00','17:59','N','CNE','E','\'Darknet Contest\'','\' \'','CNE_b5978d527c27756b22620e0fd2e83ec4','\'Title: Darknet Contest
\nWhen: Saturday, Aug 8, 09:00 - 17:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHere at Darknet, We are a Real Life (RL) Massively Multiplayer Online Role Playing Game (MMORPG), where we teach you real life skills and you get in-game points for it. Some may call this Gamified learning. We assume no prior knowledge on a subject, teach you the basics, then challenge you to use what you have learned. Our contest has a range of quests, starting with simple tasks and working your way up to very complex problems.\n
In the past we have taught you how to lock pick, crack wifi, create a PGP Key and communicate online safely, as well as soldering, programming, and code cracking, just to name a few.From there we would have sent you on quests to go to the different villages to learn something from them, and then come back and test your skills.\n
But alas, we have been forced underground…And while the physical aspect of the conference has moved online, so have we. This year we will be focusing on the skills you will learn, past skills you will refresh, and your interactions with the community. There will not be a points scoreboard this year. Many of you who have previously bought the Darknet 8 Badge have not unlocked the full features. We have quests for you to learn how to interact, develop, and reprogram it. It’s time to Learn, Teach, and Play Agents, are you ready?\n
\nInfo: https://dcdark.net/\n
Discord: https://discordapp.com/channels/708208267699945503/735849065593438248/737077762845704224\n
Twitter DCDarkNet: https://twitter.com/DCDarknet\n
Twitter Holon: https://twitter.com/Holon_Network\n
\n\'',NULL,68648),('4_Sunday','09','09:00','11:59','N','CNE','E','\'Darknet Contest\'','\' \'','CNE_1cbccae4ec06ce30f380c7b25dd56b44','\'Title: Darknet Contest
\nWhen: Sunday, Aug 9, 09:00 - 11:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nHere at Darknet, We are a Real Life (RL) Massively Multiplayer Online Role Playing Game (MMORPG), where we teach you real life skills and you get in-game points for it. Some may call this Gamified learning. We assume no prior knowledge on a subject, teach you the basics, then challenge you to use what you have learned. Our contest has a range of quests, starting with simple tasks and working your way up to very complex problems.\n
In the past we have taught you how to lock pick, crack wifi, create a PGP Key and communicate online safely, as well as soldering, programming, and code cracking, just to name a few.From there we would have sent you on quests to go to the different villages to learn something from them, and then come back and test your skills.\n
But alas, we have been forced underground…And while the physical aspect of the conference has moved online, so have we. This year we will be focusing on the skills you will learn, past skills you will refresh, and your interactions with the community. There will not be a points scoreboard this year. Many of you who have previously bought the Darknet 8 Badge have not unlocked the full features. We have quests for you to learn how to interact, develop, and reprogram it. It’s time to Learn, Teach, and Play Agents, are you ready?\n
\nInfo: https://dcdark.net/\n
Discord: https://discordapp.com/channels/708208267699945503/735849065593438248/737077762845704224\n
Twitter DCDarkNet: https://twitter.com/DCDarknet\n
Twitter Holon: https://twitter.com/Holon_Network\n
\n\'',NULL,68649),('3_Saturday','18','18:00','19:59','N','CNE','','\'No Tech Talks\'','\' \'','CNE_498ccc6c5096a2d94ce3a133e70c9f22','\'Title: No Tech Talks
\nWhen: Saturday, Aug 8, 18:00 - 19:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nNo tech? No problem. Come tell your no-tech stories here. It’s like karaoke, except without the music, or cheesy lyrics, or singing. OK, it’s not exactly like karaoke but it’ll still be entertaining. Suggested theme: “Discovery†and “Apocalypseâ€\n
Selected speakers will get 15 minutes to tell their stories on the Discord voice channel, and audience members will be able to ask questions, or discuss on the text channel.\n
The sign up form won’t be open until the night of the event, participation will be first come first serve, and subject to moderation.\n
\nSign Up: https://forms.gle/HX2Ujfgm5B9tP39H7\n
#war-story-and-no-tech-talk-voice: https://discord.com/channels/708208267699945503/733562286572306492\n
#war-story-and-no-tech-talk-text: https://discord.com/channels/708208267699945503/733562098315034735\n
\n\'',NULL,68650),('3_Saturday','19','18:00','19:59','Y','CNE','','\'No Tech Talks\'','\' \'','CNE_498ccc6c5096a2d94ce3a133e70c9f22','\'\'',NULL,68651),('2_Friday','18','18:00','19:59','N','CNE','','\'War Story Bunker\'','\' \'','CNE_0b5394a32de9a195c13c40a5c9153e40','\'Title: War Story Bunker
\nWhen: Friday, Aug 7, 18:00 - 19:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nOne of our favorite parts of DEF CON every year is hearing about what other hackers have been up with harrowing tales of red team exercises gone wrong, or so very right. We’ve also heard of valiant efforts of defense from our blue team folks while waiting in Linecon. Do you have a cool “war story†to share? Would you like to listen to some fun stories from your fellow hackers? This is the place to be. Join the DEF CON CFP Board, Goons, and fellow hackers around the bunker.\n
Selected speakers will get 15 minutes to tell their stories on the Discord voice channel, and audience members will be able to ask questions, or discuss on the text channel.\n
The sign up form won’t be open until the night of the event, participation will be first come first serve, and subject to moderation.\n
\nDiscord: https://discordapp.com/channels/708208267699945503/733562251285495818/736711109037522944\n
\n\'',NULL,68652),('2_Friday','19','18:00','19:59','Y','CNE','','\'War Story Bunker\'','\' \'','CNE_0b5394a32de9a195c13c40a5c9153e40','\'\'',NULL,68653),('2_Friday','10','10:00','10:59','N','ASV','','\'Who’s secure, who’s not, & who makes that choice\'','\'Maddie Stone\'','ASV_92dfc86efa8fe5eeea5e21213d6393c4','\'Title: Who’s secure, who’s not, & who makes that choice
\nWhen: Friday, Aug 7, 10:00 - 10:59 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Maddie Stone\n
\nNo BIO available
\nTwitter: @maddiestone
\n\n
\nDescription:No Description available
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68654),('2_Friday','11','11:00','11:45','N','ASV','','\'2FA in 2020 and Beyond\'','\'Kelley Robinson\'','ASV_81332ab477f9709afbdbb8f36f9d066f','\'Title: 2FA in 2020 and Beyond
\nWhen: Friday, Aug 7, 11:00 - 11:45 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Kelley Robinson\n
\nKelley works on the Account Security team at Twilio. Previously she worked in a variety of API platform and data engineering roles at startups. Her research focuses on authentication user experience and design trade-offs for different risk profiles and 2FA channels. Kelley lives in Brooklyn, is an avid home cook, and spends too much time on Twitter (@kelleyrobinson).
\nTwitter: @kelleyrobinson
\n\n
\nDescription:
\nSecurity professionals agree: SMS based Two-factor Authentication (2FA) is insecure, yet thousands of companies still employ this method to secure their customer-facing applications. This talk will look at the evolution of authentication and provide a data-driven analysis of the tradeoffs between the different types of factors available.
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68655),('2_Friday','11','11:00','12:59','N','ASV','','\'Applying Pysa to Identify Python Security Vulnerabilities\'','\'Graham Bleaney\'','ASV_b9bffa790805839713be488e27ee94df','\'Title: Applying Pysa to Identify Python Security Vulnerabilities
\nWhen: Friday, Aug 7, 11:00 - 12:59 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Graham Bleaney\n
\nNo BIO available
\nTwitter: @GrahamBleaney
\n\n
\nDescription:
\nThe Product Security teams at Facebook make extensive use of static analysis to find security vulnerabilities. We use systems like Zoncolan and the open source Python Static Analyzer (Pysa) on a daily basis. Using static analysis helped us find more than 1100 security bugs in 2018, accounting for more than a third of the bugs found by the application security team in that timeframe.\n
In this tutorial, we’ll cover the basics of static analysis, how to set up Pysa, and how you can write and run rules to identify vulnerabilities in your own codebase. We’ll also cover how Pysa deals with false positives and discuss its limitations as a tool. Each new concept you learn will immediately be reinforced by a practical exercise.\n
Attendees should leave this tutorial with all the tools they need to start applying static analysis to their Python projects at work and in open source.\nA computer with Python, Pip, and Git is required for this workshop. Attendees will need to pip install pyre-check and set up a small sample project.\n
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68656),('2_Friday','12','11:00','12:59','Y','ASV','','\'Applying Pysa to Identify Python Security Vulnerabilities\'','\'Graham Bleaney\'','ASV_b9bffa790805839713be488e27ee94df','\'\'',NULL,68657),('2_Friday','13','13:00','13:45','N','ASV','','\'Our journey into turning offsec mindset to developer\'s toolset\'','\'Paul Amar,Stanislas Molveau\'','ASV_f301c198a546b460bad2695068f6e964','\'Title: Our journey into turning offsec mindset to developer\'s toolset
\nWhen: Friday, Aug 7, 13:00 - 13:45 PDT
\nWhere: AppSec Vlg
\nSpeakers:Paul Amar,Stanislas Molveau
\n
SpeakerBio:Paul Amar\n
\nNo BIO available
\nTwitter: @PaulWebSec
\n
SpeakerBio:Stanislas Molveau\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68658),('2_Friday','12','12:00','12:45','N','ASV','','\'Android Bug Foraging\'','\'João Morais,Pedro Umbelino\'','ASV_2d0e4df41e64f33b7686915f05338f16','\'Title: Android Bug Foraging
\nWhen: Friday, Aug 7, 12:00 - 12:45 PDT
\nWhere: AppSec Vlg
\nSpeakers:João Morais,Pedro Umbelino
\n
SpeakerBio:João Morais\n
\nNo BIO available
\nTwitter: @jmoraissec
\n
SpeakerBio:Pedro Umbelino\n
\nNo BIO available
\nTwitter: @kripthor
\n\n
\nDescription:
\nIn this session, we will analyze four real-world examples of different high impact android vulnerabilities. We will show how we discover, developed, and leveraged the vulnerabilities into a fully working proof-of-concept, devised meaningful attack scenarios (demos included), and how our work was approached by the different vendors.
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68659),('2_Friday','15','15:00','15:45','N','ASV','','\'API (in)Security TOP 10: Guided tour to the Wild Wild World of APIs\'','\'David Sopas,Paulo Silva\'','ASV_c7cef74db97104c4f3a09e755e7d79cb','\'Title: API (in)Security TOP 10: Guided tour to the Wild Wild World of APIs
\nWhen: Friday, Aug 7, 15:00 - 15:45 PDT
\nWhere: AppSec Vlg
\nSpeakers:David Sopas,Paulo Silva
\n
SpeakerBio:David Sopas\n
\nNo BIO available
\nTwitter: @dsopas
\n
SpeakerBio:Paulo Silva\n
\nNo BIO available
\nTwitter: @pauloasilva_com
\n\n
\nDescription:
\nDo you speak API? Surely you do, even if you don\'t notice them in your world wide web everyday use. APIs are proved to be beneficial for business, but with great power comes great responsibility and some of them have serious problems. Last year we put a lot of effort to build and release the OWASP API Security Top 10 project. Then, we decided to go wild and have some fun. Now we will present our findings, from OWASP API Security Top 10 to lots of fun and profit.\nJoin us to learn common API pitfalls: how to find and abuse them. It won\'t hurt. Unless your data is in there...
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68660),('2_Friday','16','16:00','16:45','N','ASV','','\'Threat Modelling the Death Star\'','\'Mário Areias\'','ASV_4cf9395f2bf9d7af98f25df2d4f8ce2f','\'Title: Threat Modelling the Death Star
\nWhen: Friday, Aug 7, 16:00 - 16:45 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Mário Areias\n
\nNo BIO available
\n\n
\nDescription:
\nIt is a known fact the Empire needs to up their security game. The Rebellion hack their ships, steal their plans, and even create backdoors! In this talk, we will help the Empire by threat modeling the Death Star. Traditionally, Threat Models have been a slow and boring process that ends up with a giant document detailed any possible security problem. This approach, although useful in the past, is not necessarily good in an ever-changing environment (or when you have Jedis as enemies!).\n
I will introduce Attack Trees and how they can fit in nicely in a DevOps world. Come and join the Dark Side! We might save the Empire after all!\n
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68661),('2_Friday','16','16:00','17:59','N','ASV','','\'JWT Parkour\'','\'Louis Nyffenegger\'','ASV_c64dc6682a6d24371321b3970bd2467b','\'Title: JWT Parkour
\nWhen: Friday, Aug 7, 16:00 - 17:59 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Louis Nyffenegger\n
\nNo BIO available
\nTwitter: @snyff
\n\n
\nDescription:
\nNowadays, JSON Web Tokens are everywhere. They are used as session tokens or just to pass data between applications or µservices. By design, JWT contains a high number of security and cryptography pitfalls. In this workshop, we are going to learn how to exploit some of those issues!
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68662),('2_Friday','17','16:00','17:59','Y','ASV','','\'JWT Parkour\'','\'Louis Nyffenegger\'','ASV_c64dc6682a6d24371321b3970bd2467b','\'\'',NULL,68663),('3_Saturday','09','09:00','09:59','N','ASV','','\'Be Like Water: What Bruce Lee Can Teach Us About AppSec\'','\'Fredrick \"Flee\" Lee\'','ASV_e24d6e3bda8cc9817e9168d8e696492e','\'Title: Be Like Water: What Bruce Lee Can Teach Us About AppSec
\nWhen: Saturday, Aug 8, 09:00 - 09:59 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Fredrick \"Flee\" Lee\n
\nNo BIO available
\nTwitter: @fredrickl
\n\n
\nDescription:
\nEvery few years, security “thought leaders†tell us what is the one, proper way to practice application security. I’m just as guilty of this as anyone else in the “industryâ€. But, it turns out there isn’t just one true style of effective AppSec. This talk walks through my path of letting go of dogma, finding my style, and returning back to always being a student of the game. “Absorb what is useful, reject what is useless, add what is essentially your own.â€
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68664),('3_Saturday','10','10:00','10:59','N','ASV','','\'Web Shell Hunting - Part 1\'','\'Joe Schottman\'','ASV_851e5799b050afd10f19e1ede09f65ca','\'Title: Web Shell Hunting - Part 1
\nWhen: Saturday, Aug 8, 10:00 - 10:59 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Joe Schottman\n
\nNo BIO available
\nTwitter: @JoeSchottman
\n\n
\nDescription:
\nWeb shells 101.
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68665),('3_Saturday','10','10:00','10:45','N','ASV','','\'10,000 Dependencies Under The Sea: Exploring and Securing Open source dependencies\'','\'Gregg Horton,Ryan Slama\'','ASV_ae52e8d183a4b2fd2b8bdab0d034dbad','\'Title: 10,000 Dependencies Under The Sea: Exploring and Securing Open source dependencies
\nWhen: Saturday, Aug 8, 10:00 - 10:45 PDT
\nWhere: AppSec Vlg
\nSpeakers:Gregg Horton,Ryan Slama
\n
SpeakerBio:Gregg Horton\n
\nNo BIO available
\nTwitter: @greggawatt
\n
SpeakerBio:Ryan Slama\n
\nNo BIO available
\n\n
\nDescription:
\nCome on our journey of creating scalable tooling and processes to automatically identify vulnerabilities in third-party libraries and handle the question of “ok we found this, who’s going to fix it?â€
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68666),('3_Saturday','11','11:00','11:45','N','ASV','','\'Hackium: a browser for web hackers\'','\'Jarrod Overson\'','ASV_eaaa16977313e53d92db06cbb9b47058','\'Title: Hackium: a browser for web hackers
\nWhen: Saturday, Aug 8, 11:00 - 11:45 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Jarrod Overson\n
\nNo BIO available
\nTwitter: @jsoverson
\n\n
\nDescription:
\nThe web has changed. Sites went from being a few kilobytes of static, hand-written HTML to monstrosities of tangled JavaScript that eat hundreds of megs of RAM. Web sites are applications now, complete with security controls, complex state, and custom protocols. Our tools need to become smarter.\n
Hackium is part of a new tool suite designed to both give greater control over browsers and the content they execute, as well as make work more sharable and portable. Hackium itself acts like a CLI-driven browser that runs automation scripts. Add libraries like shift-refactor, a JavaScript transformation library, and shift-interpreter, a JavaScript meta-interpreter, and you can intercept and manipulate JavaScript with just a few lines of code, no proxies necessary.\nThis session will introduce Hackium and how you can use features like the REPL to automate in-page tasks, work with 3rd party APIs for tasks like CAPTCHA solving, and intercept traffic to automatically deobfuscate JavaScript.\n
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68667),('3_Saturday','12','12:00','12:45','N','ASV','','\'The DevOps & Agile Security Toolkit\'','\'David Waldrop\'','ASV_4bb5ca81a085dd7b90356280bd031e98','\'Title: The DevOps & Agile Security Toolkit
\nWhen: Saturday, Aug 8, 12:00 - 12:45 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:David Waldrop\n
\nNo BIO available
\n\n
\nDescription:
\nThe DevOps & Agile Security Toolkit - In this talk, we will look at integrating security into Agile and DevOps. We will discuss strategies, training, tools, and techniques that will let your organization move quickly while doing so safely.
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68668),('3_Saturday','12','12:00','13:59','N','ASV','','\'Web Shell Hunting - Part 2\'','\'Joe Schottman\'','ASV_2c385b54dd1aaaa780273dc44b09a291','\'Title: Web Shell Hunting - Part 2
\nWhen: Saturday, Aug 8, 12:00 - 13:59 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Joe Schottman\n
\nNo BIO available
\nTwitter: @JoeSchottman
\n\n
\nDescription:
\nWeb shells are malicious web applications used for remote access to and control of compromised servers. This workshop covers methods to detect web shells at the system and network level.
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68669),('3_Saturday','13','12:00','13:59','Y','ASV','','\'Web Shell Hunting - Part 2\'','\'Joe Schottman\'','ASV_2c385b54dd1aaaa780273dc44b09a291','\'\'',NULL,68670),('3_Saturday','13','13:00','13:45','N','ASV','','\'localghost: Escaping the Browser Sandbox Without 0-Days\'','\'Parsia Hakimian\'','ASV_136c1618045201cfaa4fe484eb079b1c','\'Title: localghost: Escaping the Browser Sandbox Without 0-Days
\nWhen: Saturday, Aug 8, 13:00 - 13:45 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Parsia Hakimian\n
\nNo BIO available
\nTwitter: @cryptogangsta
\n\n
\nDescription:No Description available
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68671),('3_Saturday','15','15:00','15:45','N','ASV','','\'Can\'t Touch This: Detecting Lateral Movement in Zero-Touch Environments\'','\'Phillip Marlow\'','ASV_c68e9df1f16b6de942353b961dfc82af','\'Title: Can\'t Touch This: Detecting Lateral Movement in Zero-Touch Environments
\nWhen: Saturday, Aug 8, 15:00 - 15:45 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Phillip Marlow\n
\nPhillip Marlow is a cybersecurity and DevOps engineer. He helps organizations understand how to adopt DevOps practices to increase their security rather than sacrifice it in the name of speed. Phillip holds several security, cloud, and agile certifications and is currently pursuing a Master’s Degree in Information Security Engineering at SANS Technology Institute.
\nTwitter: @wolramp
\n\n
\nDescription:
\nZero-touch environments are a product of the fast-moving world of DevOps which is being adopted by an increasing number of successful companies. This session will show that by leveraging the constraints of this environment, we can identify malicious network traffic which would otherwise blend into the noise.
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68672),('4_Sunday','09','09:00','09:45','N','ASV','','\'Threagile - Agile Threat Modeling with Open-Source Tools from within Your IDE\'','\'Christian Schneider\'','ASV_9fad99ff9b6321bdd75b8fc3f11d548e','\'Title: Threagile - Agile Threat Modeling with Open-Source Tools from within Your IDE
\nWhen: Sunday, Aug 9, 09:00 - 09:45 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Christian Schneider\n
\nNo BIO available
\nTwitter: @cschneider4711
\n\n
\nDescription:
\nThe open-source tool Threagile enables agile teams to create a threat model directly from within the IDE using a declarative approach: Given information about the data assets, technical assets, communication links, and trust boundaries as input in a simple to maintain YAML file, it executes a set of over 40 built-in risk rules, which can be extended with custom risk rules, against the processed model. The resulting artifacts are graphical diagrams, Excel, and PDF reports about the identified risks, their rating, and the mitigation steps as well as risk tracking state. DevSecOps pipelines can be enriched with Threagile as well to process the JSON output.
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68673),('4_Sunday','10','10:00','11:59','N','ASV','','\'Kubernetes Container Orchestration Security Assessment\'','\'Ali Abdollahi\'','ASV_6ea2f19e05a150e43c0e2e7b3285a946','\'Title: Kubernetes Container Orchestration Security Assessment
\nWhen: Sunday, Aug 9, 10:00 - 11:59 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Ali Abdollahi\n
\nAli Abdollahi is a cyber security expert with over 8 years of experience working in a variety of security fields. Ali is a full-time consultant helping clients with product security testing, reverse engineering, penetration testing, exploit developing, red-teaming, secure coding, and more, giving him ample opportunity to use his skills in a diversity of ways. In addition, He is instructor, author and board of review at Hakin9 company. Ali is a self-confessed bug hunter, publisher of many vulnerabilities and CVEs. Ali is a regular speaker and trainer at industry conferences.
\nTwitter: @AliAbdollahi2
\n\n
\nDescription:
\nIn this workshop, we will first discuss the fundamentals. After grasping underlying containerization technology, we will go deep about technology vulnerabilities, exploitation techniques, auditing, and hardening solutions.
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68674),('4_Sunday','11','10:00','11:59','Y','ASV','','\'Kubernetes Container Orchestration Security Assessment\'','\'Ali Abdollahi\'','ASV_6ea2f19e05a150e43c0e2e7b3285a946','\'\'',NULL,68675),('4_Sunday','10','10:00','10:45','N','ASV','','\'The Elephant in the Room: Burnout\'','\'Chloé Messdaghi\'','ASV_59b38336265649c478329a66dd401e1d','\'Title: The Elephant in the Room: Burnout
\nWhen: Sunday, Aug 9, 10:00 - 10:45 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Chloé Messdaghi\n
\nChloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WomenHackerz & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine\'s The Uncommon Journey, and runs the Hacker Book Club.
\n\n
\nDescription:
\nBurnout. We all go through it at one point, especially during a pandemic. It feels like you are low on battery and it can cause emotional and physical issues. This talk shares an overview of the warning signs, symptoms, and practices to prevent burnout and how to deal with burnout to keep balanced.
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68676),('4_Sunday','11','11:00','11:45','N','ASV','','\'A Heaven for Hackers: Breaking a Web Security Virtual Appliances\'','\'Mehmet D. Ince\'','ASV_07bc7d083f59a9d55b05caa391469ae8','\'Title: A Heaven for Hackers: Breaking a Web Security Virtual Appliances
\nWhen: Sunday, Aug 9, 11:00 - 11:45 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Mehmet D. Ince\n
\nNo BIO available
\nTwitter: @mdisec
\n\n
\nDescription:No Description available
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68677),('4_Sunday','12','12:00','12:45','N','ASV','','\'Secure Your Code — Injections and Logging\'','\'Philipp Krenn\'','ASV_436b060220dbf2d25c4a658a8d0fb22e','\'Title: Secure Your Code — Injections and Logging
\nWhen: Sunday, Aug 9, 12:00 - 12:45 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Philipp Krenn\n
\nNo BIO available
\nTwitter: @xeraa
\n\n
\nDescription:
\nThis talk combines two of the OWASP top ten security risks to highlight some widespread \"this is fine\" issues:\n
\n - Injections (A1:2017): We are using a simple application exploitable by injection and will then secure it with the Web Application Firewall (WAF) ModSecurity.\n
- Insufficient Logging & Monitoring (A10:2017): We are logging and monitoring both the secured and the unsecured application with the Elastic Stack.
\n\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68678),('4_Sunday','13','13:00','13:45','N','ASV','','\'Running an appsec program with open source projects\'','\'Vandana Verma Sehgal\'','ASV_cd907940f6599c39c713e2d053e6499e','\'Title: Running an appsec program with open source projects
\nWhen: Sunday, Aug 9, 13:00 - 13:45 PDT
\nWhere: AppSec Vlg
\n
SpeakerBio:Vandana Verma Sehgal\n
\nNo BIO available
\nTwitter: @InfosecVandana
\n\n
\nDescription:
\nWe are all heading towards the modernization of applications. However, we still see the companies being impacted with the most common website vulnerabilities like SQL Injection, Sensitive data exposure, security misconfiguration, etc.\n
OWASP has many projects which can be tied seamlessly into the application development pipeline structure. However, firstly we don’t know if the projects exist, second, if we know about the projects, we do not know the exact working of the projects. In the talk, I will be talking about how to run an AppSec program with open source projects (OWASP Projects).\n
\n
AppSec Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/channel/UCpT8Ll0b9ZLj1DeEQQz7f0A\n
\'',NULL,68679),('2_Friday','09','09:50','09:59','N','MOV','','\'Welcome Speech\'','\'rehr\'','MOV_c2e430fd4146fb13dd4d6a6ea4b5a0ee','\'Title: Welcome Speech
\nWhen: Friday, Aug 7, 09:50 - 09:59 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:rehr\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68680),('2_Friday','10','10:00','11:30','N','MOV','','\'Keynote: Monero: Sound Money Safe Mode\'','\'Dr. Daniel Kim\'','MOV_ab9a44082434afa6923c882a5d5f66b9','\'Title: Keynote: Monero: Sound Money Safe Mode
\nWhen: Friday, Aug 7, 10:00 - 11:30 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:Dr. Daniel Kim\n
\nNo BIO available
\n\n
\nDescription:
\n\"Monero Means Money\" -- with updated data, new data on government budget deficits, and increased emphasis on Monero\'s importance in the current medical & economic crisis
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68681),('2_Friday','11','10:00','11:30','Y','MOV','','\'Keynote: Monero: Sound Money Safe Mode\'','\'Dr. Daniel Kim\'','MOV_ab9a44082434afa6923c882a5d5f66b9','\'\'',NULL,68682),('2_Friday','12','12:00','12:30','N','MOV','','\'Proposed Mitigation Measures to Address a Disruption Such as The Economic Impact of COVID -19 on Transaction Capacity and Fees in Monero\'','\'Dr. Francisco \"ArticMine\" Cabañas\'','MOV_fd73fd8879d1af1149ae760e0a416bcb','\'Title: Proposed Mitigation Measures to Address a Disruption Such as The Economic Impact of COVID -19 on Transaction Capacity and Fees in Monero
\nWhen: Friday, Aug 7, 12:00 - 12:30 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:Dr. Francisco \"ArticMine\" Cabañas\n
\nNo BIO available
\n\n
\nDescription:
\nMonero uses an adaptive block weight based upon the CryptoNote excess size penalty with a median over the last 100 blocks, cryptonote.org/whitepaper.pdf, to provide the capacity for increases and decreases in the number of transactions. In 2019 this adaptive block weight was modified by the introduction of a long term median over the last 100,000 blocks to mitigate against a sharp increase in the block weight, due to possible spam attacks. We will consider the scenario of external economic events causing a sharp decrease in he number of transactions after several years of growth, followed by a recovery and then further growth several months later. We will also consider the possibility of a sharp increase in the number of transactions, due to economic disruptions, during the current COVID-19 pandemic. and in its aftermath. We will propose changes to the Monero adaptive block weight in order to mitigate against a sharp increase in transaction fees and allow for a smooth recovery, and further growth in the block weight after a sharp drop in the number of transactions . The period between the initial drop in the number of transactions to the full recovery with further growth of the block weight would be in the order of months.
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68683),('2_Friday','13','13:00','13:59','N','MOV','','\'This year\'s village badge\'','\'Michael Schloh von Bennewitz\'','MOV_5586dfaf08c25163cf06b40c23960716','\'Title: This year\'s village badge
\nWhen: Friday, Aug 7, 13:00 - 13:59 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:Michael Schloh von Bennewitz\n
\nNo BIO available
\n\n
\nDescription:
\nCodenamed Bob, this year\'s electronic badge enjoys collaboration from several villages and is called the Intervillage Badge. https://bob.monerodevices.com/ In this hour, we review the construction and feature set of this unique electronic badge. We consider it\'s energy harvesting ability, hackable nature, and radio signature. This year\'s badge contains three RFID/NFC long range circuits, dome switches never seen before on badges, and a trapazoidal 13.56 MHz trace antenna. It is enclosed in a translucent colored plastic frame, a full colour front overlay, and back mounted color leatherette (to protect your phone lens.) The Opensource design is located on scm.monerodevices.com with several of your Monero friends participating in the project. The Intervillage Badge is distributed by well known sellers, please see shop.monerodevices.com for information. For more information about this year\'s village badge (and many others), please visit the Monero Village office hours. View the schedule at Monerovillage.org and look for \'Badge Clinic\'.
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68684),('2_Friday','14','14:30','15:30','N','MOV','','\'Getting started with the Intervillage badge\'','\'Michael Schloh von Bennewitz\'','MOV_6fd1e8ae6934f085e67c60087a348507','\'Title: Getting started with the Intervillage badge
\nWhen: Friday, Aug 7, 14:30 - 15:30 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:Michael Schloh von Bennewitz\n
\nNo BIO available
\n\n
\nDescription:
\nCodenamed Bob, this year\'s electronic badge enjoys collaboration from several villages and is called the Intervillage Badge. https://bob.monerodevices.com/ In this hour, we focus on ways to use the Intervillage Badge including: - Out of the box data storage with NFCTools - Onboarding procedure for your village use - Impersonating radio IDs in your environment - Backing up data from mobile applications - Playing the Rogues Village Game online - Navigating the Bob village network Continuing, we consider modification strategies to make the badge suit your personal village style, like adding a lanyard, printing a new enclosure, and disassembly strategies. We conclude by reviewing hardware hacks the badge may support as well as VNA assisted antenna tuning. For more information about this year\'s village badge (and many others), please visit the Monero Village office hours. View the schedule at Monerovillage.org and look for \'Badge Clinic\'.
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68685),('2_Friday','15','14:30','15:30','Y','MOV','','\'Getting started with the Intervillage badge\'','\'Michael Schloh von Bennewitz\'','MOV_6fd1e8ae6934f085e67c60087a348507','\'\'',NULL,68686),('2_Friday','15','15:30','15:59','N','MOV','','\'Monero Wallet Basics: Sending, Receiving, Proving\'','\'rehr\'','MOV_c9ae5fdfeeeec7938b951fafb5f92760','\'Title: Monero Wallet Basics: Sending, Receiving, Proving
\nWhen: Friday, Aug 7, 15:30 - 15:59 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:rehr\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68687),('2_Friday','16','16:00','16:59','N','MOV','','\'Meme Competition\'','\'\'','MOV_27449bb9db39fb96b61d90396c869a2d','\'Title: Meme Competition
\nWhen: Friday, Aug 7, 16:00 - 16:59 PDT
\nWhere: Monero Vlg
\n
\nDescription:No Description available
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68688),('3_Saturday','10','10:00','11:30','N','MOV','','\'Keynote: Monero: Sound Money Safe Mode\'','\'Dr. Daniel Kim\'','MOV_fb22824c1426f69a9e42d2534daedefa','\'Title: Keynote: Monero: Sound Money Safe Mode
\nWhen: Saturday, Aug 8, 10:00 - 11:30 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:Dr. Daniel Kim\n
\nNo BIO available
\n\n
\nDescription:
\n\"Monero Means Money\" -- with updated data, new data on government budget deficits, and increased emphasis on Monero\'s importance in the current medical & economic crisis
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68689),('3_Saturday','11','10:00','11:30','Y','MOV','','\'Keynote: Monero: Sound Money Safe Mode\'','\'Dr. Daniel Kim\'','MOV_fb22824c1426f69a9e42d2534daedefa','\'\'',NULL,68690),('3_Saturday','12','12:00','12:59','N','MOV','','\'Open Office Q&A w/ Monero Research Lab\'s Sarang\'','\'Sarang\'','MOV_0241ed309fe9de2b73abd62dabbe2937','\'Title: Open Office Q&A w/ Monero Research Lab\'s Sarang
\nWhen: Saturday, Aug 8, 12:00 - 12:59 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:Sarang\n
\nNo BIO available
\n\n
\nDescription:
\nEver wanted to have one of your Monero or cryptography related questions answered by the Monero Research Lab? Ask away!
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68691),('3_Saturday','13','13:30','14:30','N','MOV','','\'Badge Clinic\'','\'Michael Schloh von Bennewitz\'','MOV_9059140fc83b5fdc86eba4d01119e6e9','\'Title: Badge Clinic
\nWhen: Saturday, Aug 8, 13:30 - 14:30 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:Michael Schloh von Bennewitz\n
\nNo BIO available
\n\n
\nDescription:
\nWith the help of a close range circuit camera, Michael illustrates the circuits of several recent conference hardware devices, including prototype models. Devices in circulation and on display include: DC28 Intervillage Badge DC27 Rising Badge 35C3 Blockchain DC26/BCOS Badge HCPP19 Badge HCPP18 Badge This is not a speech presentation, rather it is an easy office hours with show and tell to invite questions and answers about low power electronic devices. Visit the Badge Clinic on any day of Defcon in the Monero Village channel.
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68692),('3_Saturday','14','13:30','14:30','Y','MOV','','\'Badge Clinic\'','\'Michael Schloh von Bennewitz\'','MOV_9059140fc83b5fdc86eba4d01119e6e9','\'\'',NULL,68693),('3_Saturday','15','15:00','15:30','N','MOV','','\'Decentralization in a Centralized world\'','\'rehr\'','MOV_2801ee5f0d192db2f9e23aa06edec1da','\'Title: Decentralization in a Centralized world
\nWhen: Saturday, Aug 8, 15:00 - 15:30 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:rehr\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68694),('3_Saturday','16','16:00','16:30','N','MOV','','\'Tricky Bundles: Smarter Dependency Management for I2P-Bundling Applications\'','\'idk\'','MOV_18fd5cb7e38396429cb26e3688d9d681','\'Title: Tricky Bundles: Smarter Dependency Management for I2P-Bundling Applications
\nWhen: Saturday, Aug 8, 16:00 - 16:30 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:idk\n
\nNo BIO available
\n\n
\nDescription:
\nWe will explore the use of I2P distributions like Monero\'s own i2p-zero and how they can be used to create and distribute I2P applications that use I2P for networking in non-JVM languages, best practices for creating a tricky bundle, and how tricky bundles can help bridge the gaps between I2P and the applications that it can adapt. As part of this, we will examine the structure of I2P from a non-I2P developer\'s perspective, and explore it\'s relationships to the applications that use it with examples from the Java distribution and with third-party applications that use SAM.
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68695),('3_Saturday','16','16:30','16:59','N','MOV','','\'Kahoot! Quiz\'','\'\'','MOV_d5aeb40447e3b9c549beb4af6bd3e85f','\'Title: Kahoot! Quiz
\nWhen: Saturday, Aug 8, 16:30 - 16:59 PDT
\nWhere: Monero Vlg
\n
\nDescription:No Description available
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68696),('4_Sunday','10','10:00','11:30','N','MOV','','\'Keynote: Monero: Sound Money Safe Mode\'','\'Dr. Daniel Kim\'','MOV_5d6d96679369c296b74c0157bed3719d','\'Title: Keynote: Monero: Sound Money Safe Mode
\nWhen: Sunday, Aug 9, 10:00 - 11:30 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:Dr. Daniel Kim\n
\nNo BIO available
\n\n
\nDescription:
\n\"Monero Means Money\" -- with updated data, new data on government budget deficits, and increased emphasis on Monero\'s importance in the current medical & economic crisis
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68697),('4_Sunday','11','10:00','11:30','Y','MOV','','\'Keynote: Monero: Sound Money Safe Mode\'','\'Dr. Daniel Kim\'','MOV_5d6d96679369c296b74c0157bed3719d','\'\'',NULL,68698),('4_Sunday','12','12:00','12:30','N','MOV','','\'You\'re not the money printer, or why we need to separate coinbase rings\'','\'sgp\'','MOV_023a971480a2222d66a3f81cf8e35b61','\'Title: You\'re not the money printer, or why we need to separate coinbase rings
\nWhen: Sunday, Aug 9, 12:00 - 12:30 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:sgp\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68699),('4_Sunday','13','13:00','13:30','N','MOV','','\'Locha Mesh: Monero off-the-grid\'','\'Randy Brito\'','MOV_661d3951fb6f73168c2fc2a90781cf47','\'Title: Locha Mesh: Monero off-the-grid
\nWhen: Sunday, Aug 9, 13:00 - 13:30 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:Randy Brito\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68700),('4_Sunday','13','13:30','14:30','N','MOV','','\'Badge Clinic\'','\'Michael Schloh von Bennewitz\'','MOV_3bad504d98ad8d07e2986e13a3f0ddbc','\'Title: Badge Clinic
\nWhen: Sunday, Aug 9, 13:30 - 14:30 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:Michael Schloh von Bennewitz\n
\nNo BIO available
\n\n
\nDescription:
\nWith the help of a close range circuit camera, Michael illustrates the circuits of several recent conference hardware devices, including prototype models. Devices in circulation and on display include: DC28 Intervillage Badge DC27 Rising Badge 35C3 Blockchain DC26/BCOS Badge HCPP19 Badge HCPP18 Badge This is not a speech presentation, rather it is an easy office hours with show and tell to invite questions and answers about low power electronic devices. Visit the Badge Clinic on any day of Defcon in the Monero Village channel.\n
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68701),('4_Sunday','14','13:30','14:30','Y','MOV','','\'Badge Clinic\'','\'Michael Schloh von Bennewitz\'','MOV_3bad504d98ad8d07e2986e13a3f0ddbc','\'\'',NULL,68702),('4_Sunday','15','15:30','15:59','N','MOV','','\'Closing talk\'','\'rehr\'','MOV_fa5f9c9e0312b1e8b9b2aa7b3d4aa908','\'Title: Closing talk
\nWhen: Sunday, Aug 9, 15:30 - 15:59 PDT
\nWhere: Monero Vlg
\n
SpeakerBio:rehr\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Monero Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://www.twitch.tv/monerovillage/\n
YouTube: https://www.youtube.com/c/monerocommunityworkgroup/\n
#mv-general-text: https://discord.com/channels/708208267699945503/732733510288408676\n
\'',NULL,68703),('2_Friday','21','21:00','21:59','N','FSL','','\'Shrek, Juggs, and Toxic Trolls: a BADASS discussion about Online Sexuality and Hacktivism\'','\'Katelyn Bowden,Rachel Lamp,Allie Barnes,Kate Venable,Marleigh Farlow,Tim Doomsday\'','FSL_c351a5ad71d9a83b06a45040f0135732','\'Title: Shrek, Juggs, and Toxic Trolls: a BADASS discussion about Online Sexuality and Hacktivism
\nWhen: Friday, Aug 7, 21:00 - 21:59 PDT
\nWhere: DEF CON Fireside Twitch
\nSpeakers:Katelyn Bowden,Rachel Lamp,Allie Barnes,Kate Venable,Marleigh Farlow,Tim Doomsday
\n
SpeakerBio:Katelyn Bowden\n, CEO and Founder, BADASS
\nNo BIO available
\n
SpeakerBio:Rachel Lamp\n, COO, BADASS
\nNo BIO available
\n
SpeakerBio:Allie Barnes\n, CTO, BADASS
\nNo BIO available
\n
SpeakerBio:Kate Venable\n, Head of Legal, BADASS
\nNo BIO available
\n
SpeakerBio:Marleigh Farlow\n, CMO, BADASS
\nNo BIO available
\n
SpeakerBio:Tim Doomsday\n, CISO, BADASS
\nNo BIO available
\n\n
\nDescription:
\nIn this panel discussion, the BADASS army team will be talking about the intersection between security and sex, the problem of online exploitation and harassment, and what needs to be done to address these issues. After an introduction to the org and the culture of NOn Consensual Pornography, The panel will be a free form conversation with audience participation, covering a wide variety of topics related to NCP and online sexual abuse.\n
BADASS is a nonprofit org dedicated to fighting image based abuse. Founded in 2017 by victims of NCP, it has grown to be one of the major organizations trying to prevent online exploitation.\n
\n
DEF CON Fireside Lounges will be live-streamed on Twitch. \n
\nTwitch: https://www.twitch.tv/defconorg\n
#fireside-lounge-text: https://discord.com/channels/708208267699945503/738141986476916826\n
\'',NULL,68704),('2_Friday','10','10:00','10:30','N','LPV','','\'Intro to Lockpicking\'','\'The Open Orginisation Of Lockpickers\'','LPV_8fd808e3bb49332f0d9680fea576fdac','\'Title: Intro to Lockpicking
\nWhen: Friday, Aug 7, 10:00 - 10:30 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:The Open Orginisation Of Lockpickers\n
\nNo BIO available
\nTwitter: @toool
\n\n
\nDescription:
\nNew to lock picking? Haven\'t picked in a year and need a refresher? Don\'t know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68705),('2_Friday','12','12:00','12:30','N','LPV','','\'Intro to Lockpicking\'','\'The Open Orginisation Of Lockpickers\'','LPV_cc9ed5dcc7709d24bc84af394ff84b0b','\'Title: Intro to Lockpicking
\nWhen: Friday, Aug 7, 12:00 - 12:30 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:The Open Orginisation Of Lockpickers\n
\nNo BIO available
\nTwitter: @toool
\n\n
\nDescription:
\nNew to lock picking? Haven\'t picked in a year and need a refresher? Don\'t know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68706),('2_Friday','14','14:15','14:45','N','LPV','','\'Intro to Lockpicking\'','\'The Open Orginisation Of Lockpickers\'','LPV_d797cb871f4e4a770284a959c6733f8b','\'Title: Intro to Lockpicking
\nWhen: Friday, Aug 7, 14:15 - 14:45 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:The Open Orginisation Of Lockpickers\n
\nNo BIO available
\nTwitter: @toool
\n\n
\nDescription:
\nNew to lock picking? Haven\'t picked in a year and need a refresher? Don\'t know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68707),('2_Friday','16','16:15','16:45','N','LPV','','\'Intro to Lockpicking\'','\'The Open Orginisation Of Lockpickers\'','LPV_ec97331401b7c20c309dd920724f1f6f','\'Title: Intro to Lockpicking
\nWhen: Friday, Aug 7, 16:15 - 16:45 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:The Open Orginisation Of Lockpickers\n
\nNo BIO available
\nTwitter: @toool
\n\n
\nDescription:
\nNew to lock picking? Haven\'t picked in a year and need a refresher? Don\'t know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68708),('3_Saturday','10','10:00','10:30','N','LPV','','\'Intro to Lockpicking\'','\'The Open Orginisation Of Lockpickers\'','LPV_50bcdc67b9334e4c8cd6b55f86aa76eb','\'Title: Intro to Lockpicking
\nWhen: Saturday, Aug 8, 10:00 - 10:30 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:The Open Orginisation Of Lockpickers\n
\nNo BIO available
\nTwitter: @toool
\n\n
\nDescription:
\nNew to lock picking? Haven\'t picked in a year and need a refresher? Don\'t know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68709),('3_Saturday','12','12:00','12:30','N','LPV','','\'Intro to Lockpicking\'','\'The Open Orginisation Of Lockpickers\'','LPV_ee84ddc85cfeaf2170435a4ff55e50b5','\'Title: Intro to Lockpicking
\nWhen: Saturday, Aug 8, 12:00 - 12:30 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:The Open Orginisation Of Lockpickers\n
\nNo BIO available
\nTwitter: @toool
\n\n
\nDescription:
\nNew to lock picking? Haven\'t picked in a year and need a refresher? Don\'t know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68710),('3_Saturday','14','14:15','14:45','N','LPV','','\'Intro to Lockpicking\'','\'The Open Orginisation Of Lockpickers\'','LPV_14789d9bcebd1a5e32f792c79bf1d227','\'Title: Intro to Lockpicking
\nWhen: Saturday, Aug 8, 14:15 - 14:45 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:The Open Orginisation Of Lockpickers\n
\nNo BIO available
\nTwitter: @toool
\n\n
\nDescription:
\nNew to lock picking? Haven\'t picked in a year and need a refresher? Don\'t know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68711),('3_Saturday','16','16:15','16:45','N','LPV','','\'Intro to Lockpicking\'','\'The Open Orginisation Of Lockpickers\'','LPV_fa4dec1dc5c0952c9f46b585b822d936','\'Title: Intro to Lockpicking
\nWhen: Saturday, Aug 8, 16:15 - 16:45 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:The Open Orginisation Of Lockpickers\n
\nNo BIO available
\nTwitter: @toool
\n\n
\nDescription:
\nNew to lock picking? Haven\'t picked in a year and need a refresher? Don\'t know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68712),('4_Sunday','10','10:00','10:30','N','LPV','','\'Intro to Lockpicking\'','\'The Open Orginisation Of Lockpickers\'','LPV_28640b7a458047f60dafc37920f9943d','\'Title: Intro to Lockpicking
\nWhen: Sunday, Aug 9, 10:00 - 10:30 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:The Open Orginisation Of Lockpickers\n
\nNo BIO available
\nTwitter: @toool
\n\n
\nDescription:
\nNew to lock picking? Haven\'t picked in a year and need a refresher? Don\'t know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68713),('4_Sunday','12','12:00','12:30','N','LPV','','\'Intro to Lockpicking\'','\'The Open Orginisation Of Lockpickers\'','LPV_053721b1cd20df875e5948b7fd667d10','\'Title: Intro to Lockpicking
\nWhen: Sunday, Aug 9, 12:00 - 12:30 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:The Open Orginisation Of Lockpickers\n
\nNo BIO available
\nTwitter: @toool
\n\n
\nDescription:
\nNew to lock picking? Haven\'t picked in a year and need a refresher? Don\'t know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68714),('4_Sunday','14','14:15','14:45','N','LPV','','\'Intro to Lockpicking\'','\'The Open Orginisation Of Lockpickers\'','LPV_455ff38a514fd7cd4cb2c522b0cdc904','\'Title: Intro to Lockpicking
\nWhen: Sunday, Aug 9, 14:15 - 14:45 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:The Open Orginisation Of Lockpickers\n
\nNo BIO available
\nTwitter: @toool
\n\n
\nDescription:
\nNew to lock picking? Haven\'t picked in a year and need a refresher? Don\'t know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68715),('4_Sunday','16','16:15','16:45','N','LPV','','\'Intro to Lockpicking\'','\'The Open Orginisation Of Lockpickers\'','LPV_cddef4fa628240c1e88ac752b5f60bcc','\'Title: Intro to Lockpicking
\nWhen: Sunday, Aug 9, 16:15 - 16:45 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:The Open Orginisation Of Lockpickers\n
\nNo BIO available
\nTwitter: @toool
\n\n
\nDescription:
\nNew to lock picking? Haven\'t picked in a year and need a refresher? Don\'t know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68716),('2_Friday','11','11:00','11:50','N','LPV','','\'Key Duplication - It\'s not just for the movies!\'','\'Tony Virelli\'','LPV_c7b9e04a8f18d1dacd673a8ee4f0352b','\'Title: Key Duplication - It\'s not just for the movies!
\nWhen: Friday, Aug 7, 11:00 - 11:50 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:Tony Virelli\n
\nNo BIO available
\n\n
\nDescription:
\nHave you ever seen someone just walking around with a key hanging on their belt? How about a wall of keys behind a security desk? Better yet, has anyone you know every posted a picture of the keys to the new home they just bought? Well, what if you could take a picture and easily duplicate that key with a 3D Printer? Sound like something from a James Bond film? Well it\'s not! Better yet, if you can just get a moment alone with a key, you can get an imprint of it in less than 2 minutes, return the key to the owner and then cast a duplicate of that key for later use.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68717),('2_Friday','13','13:00','13:30','N','LPV','','\'Hybrid PhySec tools - best of both worlds or just weird?\'','\'d1dymu5\'','LPV_042a023d01ac0af1393a1936193e7de4','\'Title: Hybrid PhySec tools - best of both worlds or just weird?
\nWhen: Friday, Aug 7, 13:00 - 13:30 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:d1dymu5\n
\nNo BIO available
\n\n
\nDescription:
\nA few years ago, I invented lock pick collar stays (#GentlemansLockPicks). Since then, I\'ve had some other ideas of practical, small-form factored lockpicking and bypass tools that I can easily carry. I came up with a few ideas. I\'ll talk about inspiration, designing, manufacturing, and possible collab projects.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68718),('2_Friday','15','15:00','15:30','N','LPV','','\'Doors, Cameras, and Mantraps OH MY!\'','\'Dylan The Magician\'','LPV_fd68f15d1712230a6e887ba118c84eca','\'Title: Doors, Cameras, and Mantraps OH MY!
\nWhen: Friday, Aug 7, 15:00 - 15:30 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:Dylan The Magician\n
\nNo BIO available
\n\n
\nDescription:
\nLockpicking, door bypassing, and physical security are among the more eye catching components of an on premises risk assessment. It always draws the most questions and gets the most staff popping over to see what\'s going on. I suppose it\'s because the physical space is personal, it isn\'t digital and hence it draws more focus. I do on premises risk assessment and I want to tell you a bit about how the process goes with my company and share my personal philosophies on how I do my engagements. What I hope to gain is a stronger focus on Physical Security, or PhysSec, in the Cybersecurity domain.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68719),('3_Saturday','10','10:45','11:45','N','LPV','','\'High Security Wafer Locks - An Oxymoron?\'','\'zeefeene\'','LPV_9912a70c4b56a8150094dd485bb22441','\'Title: High Security Wafer Locks - An Oxymoron?
\nWhen: Saturday, Aug 8, 10:45 - 11:45 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:zeefeene\n
\nNo BIO available
\n\n
\nDescription:
\nThere\'s a lot that\'s been said about the poor quality of common wafer locks which lurk in offices today, but what if I told you there\'s a wafer lock that\'s been made since the 1800s, and you don\'t have a chance of picking it...?\n
Take a deep dive with me into the wonders and horrors of one of the most secure mechanical locks in the world, and let me show you why wafer locks might just hold the secret to better physical security!\n
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68720),('3_Saturday','11','10:45','11:45','Y','LPV','','\'High Security Wafer Locks - An Oxymoron?\'','\'zeefeene\'','LPV_9912a70c4b56a8150094dd485bb22441','\'\'',NULL,68721),('3_Saturday','13','13:00','13:45','N','LPV','','\'Law School for Lockpickers\'','\'Preston Thomas\'','LPV_8b50d4b3cf0fda47c7aee729c68fa349','\'Title: Law School for Lockpickers
\nWhen: Saturday, Aug 8, 13:00 - 13:45 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:Preston Thomas\n
\nNo BIO available
\n\n
\nDescription:
\nNo, Virginia, lockpicks aren\'t \"illegal\". Like lockpicking itself, the law of lockpicking is esoteric, widely misunderstood, and occasionally a source of hilarity when interpreted by outsiders. Class is in session as practicing attorney and former TOOOL Board member Preston Thomas hosts a lighthearted law school for locksporters, laying out the legal logic, busting myths, and telling stories. Expect raucous Q&A, real talk, and absolutely zero legal advice.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68722),('3_Saturday','15','15:00','15:59','N','LPV','','\'Bobby Pins, More Effective Than Lockpicks?\'','\'John the Greek\'','LPV_6e3a2e4df982c20e3aea67f70689c9b4','\'Title: Bobby Pins, More Effective Than Lockpicks?
\nWhen: Saturday, Aug 8, 15:00 - 15:59 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:John the Greek\n
\nNo BIO available
\n\n
\nDescription:
\nWhen should you not have picks in your pocket? Answer, never... but \n
This course will present to the novice and the less prepared suggestions for improvising lockpicks when the proper tools are not on hand as well as techniques of bypass that are more effective than trying to pick a lock especially when you don\'t have the proper tools on hand. This class is ideal for our current situation! Those interested should look around their locations for the following:\n
Bobby pins
\nPaper clips (big ones)
\nPocket clips from ink pens (Pilot rollerball)\nOld Wind Shield Wipers
\nSpark Plug Gappers
\nBra Underwire\n
... and my favorite
\nStreet cleaner bristles \n
The course will take approximately and hour\n
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68723),('3_Saturday','17','17:00','17:59','N','LPV','','\'Intro to high security locks and lockpicking\'','\'N∅thing\'','LPV_2e4bffb645a28fd5381e2974591bc7b2','\'Title: Intro to high security locks and lockpicking
\nWhen: Saturday, Aug 8, 17:00 - 17:59 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:N∅thing\n
\nNo BIO available
\n\n
\nDescription:
\nThis is a quick introduction to high security locks, what they are, what they look like and how to get started defeating them.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68724),('4_Sunday','11','11:00','11:50','N','LPV','','\'Safecracking for Everyone!\'','\'Jared Dygert\'','LPV_d9a24fd76dcf3e6d03db0732a2ada147','\'Title: Safecracking for Everyone!
\nWhen: Sunday, Aug 9, 11:00 - 11:50 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:Jared Dygert\n
\nNo BIO available
\n\n
\nDescription:
\nSafecracking is one of the more obscure type of lock in locksport. However, in most cases they can be manipulated without the need for any tools and opened in 5 minutes. This talk will get you an understanding of how that\'s done and started on your path to cracking your first safe!
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68725),('4_Sunday','13','13:00','13:30','N','LPV','','\'Keystone to the Kingdom\'','\'Austin Marck\'','LPV_653dacd14ab4eda2f92f6fb175f17090','\'Title: Keystone to the Kingdom
\nWhen: Sunday, Aug 9, 13:00 - 13:30 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:Austin Marck\n
\nNo BIO available
\n\n
\nDescription:
\nSFICs are very popular locks, but there are some tricks that might get you in the front door. By the end of this talk participants should be familiar with SFIC picking, Key Duplication, Lateral movement, and System decoding. There is even a remote CTF!
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68726),('4_Sunday','15','15:00','15:59','N','LPV','','\'How I defeated the Western Electric 30c\'','\'N∅thing\'','LPV_d72f3516cd934e40980c681aab13b758','\'Title: How I defeated the Western Electric 30c
\nWhen: Sunday, Aug 9, 15:00 - 15:59 PDT
\nWhere: Lockpick Vlg
\n
SpeakerBio:N∅thing\n
\nNo BIO available
\n\n
\nDescription:
\nI will take you through my thoughts, motivation and techniques on how I defeated the infamous Western Electric 30c.
\n
Lockpick Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/toool_us\n
\'',NULL,68727),('2_Friday','10','10:00','10:59','N','CPV','','\'STARTTLS is Dangerous\'','\'Hanno Böck\'','CPV_fac867383089d1226d94427bed72d38b','\'Title: STARTTLS is Dangerous
\nWhen: Friday, Aug 7, 10:00 - 10:59 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:Hanno Böck\n
\nHanno is a freelance writer and IT security professional. He has discovered high profile TLS vulnerabilities in the past, including the ROBOT attack and flaws in TLS GCM implementations. He is the author of the monthly Bulletproof TLS Newsletter.
\n\n
\nDescription:
\nThe STARTTLS mechanism allows upgrading insecure protocols to a TLS encrypted connection. This mechanism is incredibly fragile and almost by default leads to vulnerable implementations. In 2011 Wietse Venema discovered a flaw in Postfix that allowed a man in the middle attacker to inject commands into an encrypted connection [1].\n
We discovered that the flaw is still widely present in E-Mail servers and also, previously unknown, the same flaw exists in many mail clients. In some cases these flaws allow stealing E-Mail credentials. Furthermore the STARTTLS mechanism is weakly specified and in part contradictory, which allows other attacks.\n
The talk will give an overview on why STARTTLS is dangerous and should be avoided.\n
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68728),('2_Friday','11','11:00','11:59','N','CPV','','\'LadderLeak: Breaking ECDSA With Less Than One Bit Of Nonce Leakage\'','\'Akira Takahashi,F. Novaes,M. Tibouchi,Y. Yarom,Diego F. Aranha\'','CPV_714e2692effecb56f69986b116b7728e','\'Title: LadderLeak: Breaking ECDSA With Less Than One Bit Of Nonce Leakage
\nWhen: Friday, Aug 7, 11:00 - 11:59 PDT
\nWhere: Crypto & Privacy Vlg
\nSpeakers:Akira Takahashi,F. Novaes,M. Tibouchi,Y. Yarom,Diego F. Aranha
\n
SpeakerBio:Akira Takahashi\n
\nAkira Takahashi is currently a PhD student at Cryptography and Security Group, Aarhus University, Denmark. He was an intern in the Cryptography Research Laboratory at NTT Corporation, Japan and has also worked as a software developer at Richie Oy, Finland. His research interests cover implementation attack on public key cryptographic algorithms and construction of efficient secure two-/multi-party computation protocols. He has given talks about his research projects in different top-tier conferences, including Eurocrypt [3], Euro S&P, and CHES [4].
\n
SpeakerBio:F. Novaes\n
\nNo BIO available
\n
SpeakerBio:M. Tibouchi\n
\nNo BIO available
\n
SpeakerBio:Y. Yarom\n
\nNo BIO available
\n
SpeakerBio:Diego F. Aranha\n
\nDiego F. Aranha is an Associate Professor of Computer Science at Aarhus University, Denmark. His professional experience is in Cryptography and Computer Security, with a special interest in the efficient implementation of cryptographic algorithms and security analysis of real-world systems. He received the Google Latin America Research Award for research on privacy twice, and the MIT TechReview\'s Innovators Under 35 Brazil Award for his work in electronic voting. He has given talks about his research in more than 100 occasions in 10 different countries, including BlackHat Asia [1] and DEF CON Voting Village [2].
\n\n
\nDescription:
\nAlthough it is one of the most popular signature schemes today, ECDSA presents a number of implementation pitfalls, in particular due to the very sensitive nature of the random value (known as the nonce) generated as part of the signing algorithm. It is known that any small amount of nonce exposure or nonce bias can in principle lead to a full key recovery: the key recovery is then a particular instance of Boneh and Venkatesan\'s hidden number problem (HNP). That observation has been practically exploited in many attacks in the literature, taking advantage of implementation defects or side-channel vulnerabilities in various concrete ECDSA implementations. However, most of the attacks so far have relied on at least 2 bits of nonce bias (except for the special case of curves at the 80-bit security level, for which attacks against 1-bit biases are known, albeit with a very high number of required signatures).\n
In this paper, we uncover LadderLeak, a novel class of side-channel vulnerabilities in implementations of the Montgomery ladder used in ECDSA scalar multiplication. The vulnerability is in particular present in several recent versions of OpenSSL. However, it leaks less than 1 bit of information about the nonce, in the sense that it reveals the most significant bit of the nonce, but with probability <1. Exploiting such a mild leakage would be intractable using techniques present in the literature so far. However, we present a number of theoretical improvements of the Fourier analysis approach to solving the HNP (an approach originally due to Bleichenbacher), and this lets us practically break LadderLeak-vulnerable ECDSA implementations instantiated over the sect163r1 and NIST P-192 elliptic curves. In so doing, we achieve several significant computational records in practical attacks against the HNP.\n
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68729),('2_Friday','12','12:00','12:59','N','CPV','','\'The Norwegian Blue: A lesson in Privacy Engineering\'','\'Eivind Arvesen\'','CPV_6bb1b1cb05f34050ff79c4126e2d48e9','\'Title: The Norwegian Blue: A lesson in Privacy Engineering
\nWhen: Friday, Aug 7, 12:00 - 12:59 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:Eivind Arvesen\n
\nEivind is a senior software developer and architect who works as a consultant for Bouvet, specializing in security and privacy. He holds a master’s degree with a focus on machine learning, and has experience ranging from his own startup during his studies to large organizations both public and private. Eivind was recently temporarily pulled from his usual project within critical infrastructure to be part of a government appointed expert panel tasked with evaluating the Norwegian COVID-19 app. In his spare time, Eivind writes about privacy issues, participates in bug bounties, contributes to open source software and records music.
\n\n
\nDescription:
\n\"Can smartphones automate contact tracing?\" As COVID-19 spread like wildfire earlier this year, health authorities around the world asked themselves this question. If so: What data would you need, from whom, under what circumstances – and which safeguards should be in place? You could just upload all of everyone\'s data from every sensor continuously, right? It\'s not like you know for certain what data you\'ll need anyways. Besides, people should trust their government. What could go possibly wrong? Join me as I explore how Norway became worst-in-class in contact tracing. I\'ll be telling the story of how I became a member of the government appointed expert panel tasked with evaluating the Norwegian COVID-19 app, what we found, as well as the weirdness that unfolded around us before, during, and after our work.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68730),('2_Friday','13','13:00','13:59','N','CPV','','\'Dos, Donts and How-Tos of crypto building blocks using Java\'','\'Mansi Sheth\'','CPV_d88402da88ae45d4151ce807423d38e7','\'Title: Dos, Donts and How-Tos of crypto building blocks using Java
\nWhen: Friday, Aug 7, 13:00 - 13:59 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:Mansi Sheth\n
\nMansi Sheth is a Principal Security Researcher at Veracode Inc. In her career, she has been involved with breaking, defending and building secure applications. Mansi researches various languages and technologies, finds insecure usage in customer code and suggests automation measures in finding vulnerabilities for Veracode\'s Binary Static Analysis service. She is an avid traveller with the motto \"If not now, then when?â€
\n\n
\nDescription:
\nDo you feel unequipped to understand real world crypto attacks? Are you overwhelmed with the over-abundance of choices provided by any modern cryptography API, to make a secure decision while choosing a randomness provider, encryption scheme or digital signature APIs? Are you on top of all the latest happenings in cryptographic communities, to know which cryptographic primitives is deemed broken? Due to sheer lack of documentation of the chosen API, do you feel paralyzed on where and how to start designing or analyzing any cryptographic systems?\n
If any of these answers are \"yes\", come join me in this talk. I will be going over each cryptographic primitive like Random Number Generators, Encryption/Decryption algorithms, message authentication codes, digital signatures, password storage etc pointing out dos and donts based on evaluating bunch of leading cryptographic implementations. Java being one of the most widely used enterprise language, and simultaneously one of the most chaotic cryptography architecture, we chose it to get into some live coding exercises to showcase its secure usage, while also future-proofing your cryptographic applications.\n
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68731),('2_Friday','14','14:00','14:59','N','CPV','','\'How to store sensitive information in 2020?\'','\'Mansi Sheth\'','CPV_342a60a6a44f92d5965644947ce479a1','\'Title: How to store sensitive information in 2020?
\nWhen: Friday, Aug 7, 14:00 - 14:59 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:Mansi Sheth\n
\nMansi Sheth is a Principal Security Researcher at Veracode Inc. In her career, she has been involved with breaking, defending and building secure applications. Mansi researches various languages and technologies, finds insecure usage in customer code and suggests automation measures in finding vulnerabilities for Veracode\'s Binary Static Analysis service. She is an avid traveller with the motto \"If not now, then when?â€
\n\n
\nDescription:
\nIt goes without saying never ever store personal/sensitive information in clear text. It is also a well-known fact salting, hashing or stretching your information can just provide little offline information cracking protection against contemporary computer architectures and modern brute force attack constructs. Those abreast with this subject would have come across countless advocatory material suggesting to use key derivation functions (KDFs) to store sensitive information.\n
There are handful of solid KDFs, which are good candidates to use for storing sensitive information such as pbkdf2, bcrypt, scrypt, Argon2. In this talk, lets dive deeper to study some of its underlying crypto, what and how to tune these algorithms with secure input parameter configurations and how to decide which algorithm would be the right choice for your needs? Lastly, I will present some statistics on how well do all these different algorithms compare against each other.\n
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68732),('2_Friday','15','15:00','15:59','N','CPV','','\'Workshop: Let\'s Talk About Abusability Testing\'','\'Avi Zajac,Franchesca Spektor,Ji Su Yoo,Nicole Chi\'','CPV_481b70926ff14b4120cdcfbd6e3a45b0','\'Title: Workshop: Let\'s Talk About Abusability Testing
\nWhen: Friday, Aug 7, 15:00 - 15:59 PDT
\nWhere: Crypto & Privacy Vlg
\nSpeakers:Avi Zajac,Franchesca Spektor,Ji Su Yoo,Nicole Chi
\n
SpeakerBio:Avi Zajac\n
\nAvi (@_llzes, Avi/they/he) is a privacy-focused hacker and engineer. They love rabbits, cheesecake, and cute things like privacy and security, locksport, cryptography.
\nTwitter: @_llzes
\n
SpeakerBio:Franchesca Spektor\n
\nFranky’s (@3llsaria, she/her) expertise is in ethical design practices around bioethics, disability & sexuality, and she previously served as a Lab Manager for the Disability Design Lab at UC Berkeley.
\n
SpeakerBio:Ji Su Yoo\n
\nJi Su (she/her) is a PhD at UC Berkeley’s School of Information and former researcher at the Harvard Data Privacy Lab, where she worked on security protocol and data privacy.
\n
SpeakerBio:Nicole Chi\n
\nNicole’s (@tinween, she/her) focus is on the “tech for good†space in its many forms, having worked in civic tech, nonprofit digital capacity building, tech policy, and ML ethics. Her strength is bridging connections and expertise across disciplines.
\nTwitter: @tinween
\n\n
\nDescription:
\nAre you concerned about how your products may be used for harm: intentionally or unintentionally? We will be covering the concept of abusability testing for platform abuse in this hybrid panel and workshop, with a clicker style method of interacting to foster deep understanding and participate in discussions on abusability testing. You’ll walk away with an understanding of abusability testing, join a community passionate about fighting platform abuse, and maybe walk away with actionable steps you can take to alleviate harm in your own products.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68733),('2_Friday','16','16:00','16:59','N','CPV','','\'DNS Privacy\'','\'Matt Cheung\'','CPV_7ec54c9d70aba107a19c7b91778c2861','\'Title: DNS Privacy
\nWhen: Friday, Aug 7, 16:00 - 16:59 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:Matt Cheung\n
\nMatt developed his interest and skills in cryptography during graduate work in Mathematics and Computer Science. During this time he had an internship at HRL Laboratories LLC working on implementing elliptic curve support for a Secure (in the honest-but-curious model) Two-Party Computation protocol. From there he implemented the version secure in the malicious model. He currently works as an Application Security Consultant at Veracode, but continues to learn about cryptography in his spare time.
\n\n
\nDescription:
\nWhile there are many protocols such as https that encrypt network sessions to preserve the security and privacy of that communication, typically the first step is a DNS query. DNS, being a plaintext protocol, can compromise the privacy of a user. In this talk we will discuss what can be currently done and potential future protocols such as Oblivious DNS.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68734),('2_Friday','17','17:00','17:59','N','CPV','','\'Fireside Chat: All about Section 230, the EARN IT Act, and What They Mean for Free Speech and Encryption\'','\'Cathy Gellis,Riana Pfefferkorn\'','CPV_eabf7fbc7a67d601d6ba475ce1566066','\'Title: Fireside Chat: All about Section 230, the EARN IT Act, and What They Mean for Free Speech and Encryption
\nWhen: Friday, Aug 7, 17:00 - 17:59 PDT
\nWhere: Crypto & Privacy Vlg
\nSpeakers:Cathy Gellis,Riana Pfefferkorn
\n
SpeakerBio:Cathy Gellis\n
\nFrustrated that people were making the law without asking her for her opinion, Cathy Gellis gave up a career as a web developer to become a lawyer so that she could help them not make it badly, especially where it came to technology. A former aspiring journalist and longtime fan of free speech her legal work includes defending the rights of Internet users and advocating for policy that protects online speech and innovation. She also writes about the policy implications of technology regulation on sites such as the Daily Beast, Law.com, and Techdirt.com, where she is a regular contributor.Â
\n
SpeakerBio:Riana Pfefferkorn\n
\nRiana Pfefferkorn is the Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society.â€
\n\n
\nDescription:
\nIt seems like everyone\'s talking about Section 230 these days, and keen to change it, even without really knowing what it says and does. Or how badly most of the proposals to change it, such as the EARN IT Act bill, threaten all sorts of things we value, including encryption, privacy, security, and free speech online. Come to this crash course in Section 230 basics, followed by a fireside chat about EARN IT between two seasoned lawyers, to learn the truth about this crucial law, why these proposals are so terrible, and how you can take action to protect the Internet.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68735),('3_Saturday','10','10:00','10:59','N','CPV','','\'Quantum Computers & Cryptography\'','\'I. Shaheem\'','CPV_3b26121088884752f853ab4ecffae968','\'Title: Quantum Computers & Cryptography
\nWhen: Saturday, Aug 8, 10:00 - 10:59 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:I. Shaheem\n
\nImran Shaheem joined Cyberis Limited in early 2018 following the successful completion of an MSc in Theoretical Physics (Gravity, Particles and Fields) at the University of Nottingham. Prior to joining Cyberis, Imran participated in online bug bounty programs which led to private security research work for a Fortune 10 company. In conjunction to this, his work earned him BugCrowd’s VIP researcher accolade in 2017, placing him in the top 300 of over 50,000 researchers who use the platform.
\n\n
\nDescription:
\nQuantum Cryptography has exploded, both in terms of active research and public awareness, since scientific interest in the field took off in the 90s. The ramifications of quantum computers on classical (current) cryptography and what will be considered the standard for secure communication in the near future mandates a radical change in our approach. Successful trials that secure communication through the unique properties of quantum physics have already been undertaken. Progress in quantum technologies has been swift in the last decade. Quantum Key Distribution (QKD) systems have been tested by banks and governments, similar systems were deployed at the 2010 World Cup in South Africa. In 2017, researchers held a QKD-protected video conference between China and Austria using the quantum satellite Micius as a trusted relay, further strides and greater worldwide adoption is anticipated for the coming decade. This presentation will start with an overview of quantum information and its impact on classical cryptography. Following this, we’ll delve into the weird and wonderful world of quantum physics and its relationship to cryptography; the making, breaking and subsequent fixing of quantum protocols. We’ll discuss how much of the theoretical possibilities that are achievable with quantum computers we’ll likely see in practice in the near future and how we can go about building our own relatively inexpensive quantum lab to test new protocols and quantum devices. Everything will be discussed from an InfoSec perspective, looking at how testing methodologies can be adapted and what remediation advice can be given to clients during the transitory period as we migrate to quantum safe solutions. While some light mathematics may be called upon during the presentation, this talk is aimed squarely at cyber security professionals and enthusiasts, not physicists or mathematicians.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68736),('3_Saturday','11','11:00','11:30','N','CPV','','\'Online Ads as a Recon and Surveillance Tool\'','\'Neil M\'','CPV_7078ced214bd83d13685a1fd9b67d68d','\'Title: Online Ads as a Recon and Surveillance Tool
\nWhen: Saturday, Aug 8, 11:00 - 11:30 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:Neil M\n
\nI am a member of the US Army and work in a cybersecurity-focused software development role. I am also an OSINT and online privacy enthusiast.
\n\n
\nDescription:
\nInspired by and building on previous research and presentations on the topic (namely 0x200b\'s presentation from DEFCON 26*), this presentation will explore the possibility and feasibility of leveraging features of online targeted advertising platforms including Google and Facebook as a reconnaissance and surveillance tool. Unlike previous presentations at DEFCON, I intend to demonstrate that the targeted advertising attack has potential to be applied beyond the context of a red team targeting blue team personnel and can be leveraged against many average Internet users by a determined and resourced attacker. By exploring the advertising surveillance systems built into the majority of today’s Internet-connected devices and services, I hope to enable privacy-conscious individuals to better protect themselves against targeted ad information collection schemes.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68737),('3_Saturday','11','11:30','11:59','N','CPV','','\'Who needs spyware when you have COVID-19 apps? A look at global trends and what to do about it.\'','\'C. Nadal,J. DeBlois,M. DeBlois,Z. Anderson\'','CPV_b8b3c6e152c341ea27e6739a2914abe7','\'Title: Who needs spyware when you have COVID-19 apps? A look at global trends and what to do about it.
\nWhen: Saturday, Aug 8, 11:30 - 11:59 PDT
\nWhere: Crypto & Privacy Vlg
\nSpeakers:C. Nadal,J. DeBlois,M. DeBlois,Z. Anderson
\n
SpeakerBio:C. Nadal\n
\nNo BIO available
\n
SpeakerBio:J. DeBlois\n
\nNo BIO available
\n
SpeakerBio:M. DeBlois\n
\nNo BIO available
\n
SpeakerBio:Z. Anderson\n
\nNo BIO available
\n\n
\nDescription:
\nWith the current pandemic, privacy concerns have emerged around the large number of applications being published and promoted around the globe. From symptom tracking to contact tracing, the COVID-19 App Tracker Project (https://covid19apptracker.org) aims to automate detection of new and modified applications published on the Google Play Store.\n
Our session will discuss C19 app trends around the globe, emerging concerns, and what is required for greater transparency around the applications created and data collected by governments around the world.\n
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68738),('3_Saturday','12','12:00','12:59','N','CPV','','\'Differential Privacy..more important than ever in the world of Covid-19\'','\'Aditi Joshi\'','CPV_7b15c9489df8e6a0f7602d72f1a25191','\'Title: Differential Privacy..more important than ever in the world of Covid-19
\nWhen: Saturday, Aug 8, 12:00 - 12:59 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:Aditi Joshi\n
\nAditi Joshi works in Google Cloud\'s Security and Privacy Engineering team. Before Google, she was focused on data privacy research especially in health care with a focus on user trust at the core. She joined Google because she was excited about the work that Google was doing in privacy on a massive scale. She believes that privacy is a human right and will continue to work towards that end.
\n\n
\nDescription:
\nThe goal of this talk is to explain the concept of anonymization and differential privacy, as well as offer up Codelabs and modules with the purpose of explaining Google’s open source Differential Privacy library and other tools for implementation purposes. We will offer up our Covid Mobility reports as a case study and talk about the importance of privacy preserving aggregation from a social science perspective.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68739),('3_Saturday','13','13:00','13:59','N','CPV','','\'Rights You Can’t Exercise Can’t Protect You: Privacy by Design, Dark Patterns, and Cultural Context\'','\'Ben Brook,Maritza Johnson,Megan DeBlois,Zach Singleton\'','CPV_aabcdc0d730311e642d5897ea7ec2389','\'Title: Rights You Can’t Exercise Can’t Protect You: Privacy by Design, Dark Patterns, and Cultural Context
\nWhen: Saturday, Aug 8, 13:00 - 13:59 PDT
\nWhere: Crypto & Privacy Vlg
\nSpeakers:Ben Brook,Maritza Johnson,Megan DeBlois,Zach Singleton
\n
SpeakerBio:Ben Brook\n
\nBen Brook is the CEO and co-founder of Transcend, working to make it easy for companies to give users control over their data. Originally from Toronto, Canada, Brook is also a passionate and award-winning filmmaker.
\n
SpeakerBio:Maritza Johnson\n
\nMaritza Johnson is Senior User Experience Researcher at Google Research. Her research interests include human-centered security and privacy with a focus on how end-users think about personal data management. Previously, she was a research at the independent nonprofit International Computer Science Institute.
\n
SpeakerBio:Megan DeBlois\n
\nMegan DeBlois is a grad student at Oxford University, security consultant, and an infosec technologist working on usable technology development at Internews. She is passionate about making products usable and useful for communities who need them most.
\n
SpeakerBio:Zach Singleton\n
\nNo BIO available
\n\n
\nDescription:
\nPrivacy isn’t a one-size-fits-all solution and different perspectives, disciplines, and cultures are important considerations for giving consumers the choice & control they deserve—and the rights they are entitled to under the law. How can we bring new stakeholders to the table, build privacy controls users can find and understand, and hold companies accountable for respecting data rights?
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68740),('3_Saturday','14','14:00','14:59','N','CPV','','\'Hacking like Paris Hilton 14 years later - and still winning!\'','\'Per Thorsheim\'','CPV_5d9016bafdea02c57a6a41c61bad4ee7','\'Title: Hacking like Paris Hilton 14 years later - and still winning!
\nWhen: Saturday, Aug 8, 14:00 - 14:59 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:Per Thorsheim\n
\nPer Thorsheim is the founder of PasswordsCon. By day he works as CSO of a large hotel chain in northern europe, holds multiple relevant certifications & bla bla bla. By evening, night, weekends & vacations he is passionate about passwords, digital authentication, email & DNS security/privacy.\n
He has spoken at conferences in many countries around the world (including Cryptovillage!), and is frequently interviewed in media. He is known for his passionate & easy to understand presentations, mixing technical topics with humor, stories from real life & practical advice.\n
\n\n
\nDescription:
\nSimswap attacks has increased in recent years, with several high-profile cases in the media showing very fast & effective ways of duping people or getting access to valuable accounts . All the way back in 2006 Paris Hilton got accused of hacking into the voicemail of Lindsay Lohan, while similar scandals has been observed since then in other countries as well.\n
Asking around in my home country of Norway, neither simswap attacks or voicemail hacking seemed to be known among most infosec people, or at least not part of anyone\'s risk analysis. So I decided to take a closer look.\n
The results were shocking at many levels, from technical levels to political decisions & apathy. Several million customers of 3 different carriers in 3 countries were exposed to potential voicemail hacking for up to 13 years. A fake business card was enough to do a simswap & hijack the number of a famous female blogger, while credential stuffing against a mobile carrier allowed for account hijacking of women who used SMS 2FA with their accounts at various services.\n
This talk will explain what I found, what I did, and how it changed carriers, government agencies, politics & law.\n
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68741),('3_Saturday','15','15:00','15:59','N','CPV','','\'Online Voting: Theory and Practice\'','\'Emily Stamm,Porter Adams\'','CPV_1212811252b67989e9f0d2ecfa0e264d','\'Title: Online Voting: Theory and Practice
\nWhen: Saturday, Aug 8, 15:00 - 15:59 PDT
\nWhere: Crypto & Privacy Vlg
\nSpeakers:Emily Stamm,Porter Adams
\n
SpeakerBio:Emily Stamm\n
\nEmily Stamm is a security research engineer at Allstate specializing in cryptography. She graduated from Vassar college in 2018 with a degree in mathematics where she published original research papers in number theory. Her knowledge and interest in mathematics, quantum physics, and computer science motivated her passion for cryptography and quantum computing. Emily is also passionate about education and security awareness. She co-founded CyberSecurity Non-Profit (CSNP.org), an organization that provides free security educational resources, training, and events globally, with the purpose of making security more accessible, inclusive, and diverse.
\n
SpeakerBio:Porter Adams\n
\nPorter Adams is a software engineer at Blacktop Government Solutions, co-founder of Disappear Digital, and member of CyberSecurity Non-Profit (CSNP). He loves cryptography, privacy, and protecting people online. He lives in Washington DC with his dog.
\n\n
\nDescription:
\nThe concept of voting online is daunting to many because of the security risks, feasibility, and reliability. However, given the presence of election interference, limitations of in-person voting, and adoption of new technology, many countries are converting to electronic voting. In this talk, we discuss the theoretical and practical benefits and limitations of electronic voting. Emily Stamm will discuss the mathematics behind homomorphic encryption and blind signature schemes, with an emphasis on schemes that are secure against quantum computers. Porter Adams will discuss how these schemes and others are used in practice, and analyze the advantages and disadvantages of electronic voting.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68742),('3_Saturday','16','16:00','16:59','N','CPV','','\'Next level stalker ware\'','\'Cecilie Wian\'','CPV_3e1f7387a0cb6a8a768657c0cee20d88','\'Title: Next level stalker ware
\nWhen: Saturday, Aug 8, 16:00 - 16:59 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:Cecilie Wian\n
\nCecilie wian has a background in psychology and healthcare. She holds a BA in Educational psychology and a MA in Philosophy of technology. Her human-centric approach to software testing and development challenges established ways of creating systems meant for end-users.Â
\n\n
\nDescription:
\nWhat if parents could see everything their children had ever purchased? What if your ex could get a list of all your expenses? Without you knowing, or using the service yourself? It\'s already happening because many companies allow this kind of spying with nothing more than a person\'s bank card number, account number or license plate number.\n
Norway is far ahead in adoption of digital solutions. Services, bank services, and citizenship. Automatic detection of license plates, and digital receipt. Now the dark side of this is revealed: several cases of the next level stalker ware. Where bad actors gain access to other peoples information via centralized services, using easily obtainable, pieces of information.\n
Even when made aware of the problem the companies choose to accept the risk, pushing the responsibility and cost to stay safe on to the unknowing users. But what can we do ?\n
The talk will describe the process of pursuing some of the cases in a country with GDPR implemented, as well as discuss efforts to provide non-users with additional security and privacy.\n
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68743),('3_Saturday','17','17:00','17:59','N','CPV','','\'Workshop: Let\'s Talk About Abusability Testing\'','\'Avi Zajac,Franchesca Spektor,Ji Su Yoo,Nicole Chi\'','CPV_6b20c1a053a6488d021cfa49e46c848e','\'Title: Workshop: Let\'s Talk About Abusability Testing
\nWhen: Saturday, Aug 8, 17:00 - 17:59 PDT
\nWhere: Crypto & Privacy Vlg
\nSpeakers:Avi Zajac,Franchesca Spektor,Ji Su Yoo,Nicole Chi
\n
SpeakerBio:Avi Zajac\n
\nAvi (@_llzes, Avi/they/he) is a privacy-focused hacker and engineer. They love rabbits, cheesecake, and cute things like privacy and security, locksport, cryptography.
\nTwitter: @_llzes
\n
SpeakerBio:Franchesca Spektor\n
\nFranky’s (@3llsaria, she/her) expertise is in ethical design practices around bioethics, disability & sexuality, and she previously served as a Lab Manager for the Disability Design Lab at UC Berkeley.
\n
SpeakerBio:Ji Su Yoo\n
\nJi Su (she/her) is a PhD at UC Berkeley’s School of Information and former researcher at the Harvard Data Privacy Lab, where she worked on security protocol and data privacy.
\n
SpeakerBio:Nicole Chi\n
\nNicole’s (@tinween, she/her) focus is on the “tech for good†space in its many forms, having worked in civic tech, nonprofit digital capacity building, tech policy, and ML ethics. Her strength is bridging connections and expertise across disciplines.
\nTwitter: @tinween
\n\n
\nDescription:
\nAre you concerned about how your products may be used for harm: intentionally or unintentionally? We will be covering the concept of abusability testing for platform abuse in this hybrid panel and workshop, with a clicker style method of interacting to foster deep understanding and participate in discussions on abusability testing. You’ll walk away with an understanding of abusability testing, join a community passionate about fighting platform abuse, and maybe walk away with actionable steps you can take to alleviate harm in your own products.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68744),('4_Sunday','10','10:30','10:59','N','CPV','','\'European regulatory trends for Artificial Intelligence: same impact on US as GDPR?\'','\'Julia Reinhardt\'','CPV_9023f3c9f5b76bd1eba0967287fea500','\'Title: European regulatory trends for Artificial Intelligence: same impact on US as GDPR?
\nWhen: Sunday, Aug 9, 10:30 - 10:59 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:Julia Reinhardt\n
\nJulia is based in San Francisco and works as a tech policy consultant and privacy professional. As a Mozilla Fellow in Residence, she assesses opportunities and limitations of European approaches on Trustworthy AI in Silicon Valley and their potential for US businesses and advocacy.\n
In her first career as a German diplomat, she worked, among others, in EU negotiations on GDPR and on doing outreach and communicating for Germany in the Western US. Inspired by the Silicon Valley tech and policy network she built over the years and her understanding of EU policy-making, she has been consulting tech companies and non-profits in the Bay Area on European tech regulation for four years now. She holds an M.A. in International Relations from Sciences Po Paris, an M.A. in European Studies from Universität Osnabrück, and completed graduate and postgraduate coursework at UC Berkeley, American University of Beirut and Stanford University.\n
\n\n
\nDescription:
\nMy paper focuses on how the European Ethics Guidelines for Trustworthy AI will be implemented – whether directly or indirectly and if at all – in Silicon Valley. My perspective incorporates also other related EU regulation that affects AI, in particular the GDPR and the deriving obligation to implement the principles of “privacy by design†and “privacy by default†(Art. 25 GDPR).\n
During my Mozilla Fellowship (April 2020 through April 2021), I work on finding out what impact the new European Ethics Guidelines for Trustworthy AI will have on US businesses, how useful they find these, as well as how they’re evaluated by activists, and whether we therefore will see a similar trend with them as we saw with the GDPR. I want to share with DEFCON Privacy Village an insight into my research and what this means for Silicon Valley positions on future EU regulation.\n
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68745),('4_Sunday','11','11:00','11:30','N','CPV','','\'Fear, Uncertainty, and Doubt about Human Microchip Implants\'','\'Zhanna Malekos Smith\'','CPV_01ede90ce04330be8d034b70ab03fb23','\'Title: Fear, Uncertainty, and Doubt about Human Microchip Implants
\nWhen: Sunday, Aug 9, 11:00 - 11:30 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:Zhanna Malekos Smith\n
\nNo BIO available
\n\n
\nDescription:
\nWhy are some U.S. lawmakers calling for a preemptive ban on human microchip implants? Today, more than 50,000 people worldwide have elected to receive microchip implants. This technology is especially popular in Sweden, where more than 4,000 Swedes are replacing keycards for chip implants to use for gym access, e-tickets on railway travel, and even store emergency contact information and social media profiles. While chip implants are gradually being embraced, some U.S. lawmakers are taking preemptive action to prohibit forced microchipping and calling it “a rabbit hole I don’t think we should go down\". Together, let\'s go down this \'rabbit hole\' to explore the legal, technical, and ethical implications of human microchipping.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68746),('4_Sunday','11','11:30','11:59','N','CPV','','\'What if we had TLS for phone numbers? An introduction to SHAKEN/STIR\'','\'Kelley Robinson\'','CPV_0bddc1bde9a88e486b2d8750ed7af681','\'Title: What if we had TLS for phone numbers? An introduction to SHAKEN/STIR
\nWhen: Sunday, Aug 9, 11:30 - 11:59 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:Kelley Robinson\n
\nKelley works on the Account Security team at Twilio. Previously she worked in a variety of API platform and data engineering roles at startups. Her research focuses on authentication user experience and design trade-offs for different risk profiles and 2FA channels. Kelley lives in Brooklyn, is an avid home cook, and spends too much time on Twitter (@kelleyrobinson).
\nTwitter: @kelleyrobinson
\n\n
\nDescription:
\nIf you\'ve noticed a surge in unwanted robocalls from your own area code in the last few years, you\'re not alone. The way telephony systems are set up today, anyone can spoof a call or a text from any number. With an estimated 85 billion spam calls globally, it\'s time to address the problem. This talk will discuss the latest advancements with STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs), new tech standards that use well accepted public key cryptography methods to validate caller identification. We\'ll discuss the path and challenges to getting this implemented industry wide, where this tech will fall short, and what we can do to limit exposure to call spam and fraud in the meantime.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68747),('4_Sunday','12','12:00','12:59','N','CPV','','\'Workshop: Let\'s Talk About Abusability Testing\'','\'Avi Zajac,Franchesca Spektor,Ji Su Yoo,Nicole Chi\'','CPV_82b6bf37eb39abf7291d19460e3ccd1e','\'Title: Workshop: Let\'s Talk About Abusability Testing
\nWhen: Sunday, Aug 9, 12:00 - 12:59 PDT
\nWhere: Crypto & Privacy Vlg
\nSpeakers:Avi Zajac,Franchesca Spektor,Ji Su Yoo,Nicole Chi
\n
SpeakerBio:Avi Zajac\n
\nAvi (@_llzes, Avi/they/he) is a privacy-focused hacker and engineer. They love rabbits, cheesecake, and cute things like privacy and security, locksport, cryptography.
\nTwitter: @_llzes
\n
SpeakerBio:Franchesca Spektor\n
\nFranky’s (@3llsaria, she/her) expertise is in ethical design practices around bioethics, disability & sexuality, and she previously served as a Lab Manager for the Disability Design Lab at UC Berkeley.
\n
SpeakerBio:Ji Su Yoo\n
\nJi Su (she/her) is a PhD at UC Berkeley’s School of Information and former researcher at the Harvard Data Privacy Lab, where she worked on security protocol and data privacy.
\n
SpeakerBio:Nicole Chi\n
\nNicole’s (@tinween, she/her) focus is on the “tech for good†space in its many forms, having worked in civic tech, nonprofit digital capacity building, tech policy, and ML ethics. Her strength is bridging connections and expertise across disciplines.
\nTwitter: @tinween
\n\n
\nDescription:
\nAre you concerned about how your products may be used for harm: intentionally or unintentionally? We will be covering the concept of abusability testing for platform abuse in this hybrid panel and workshop, with a clicker style method of interacting to foster deep understanding and participate in discussions on abusability testing. You’ll walk away with an understanding of abusability testing, join a community passionate about fighting platform abuse, and maybe walk away with actionable steps you can take to alleviate harm in your own products.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68748),('4_Sunday','13','13:00','13:30','N','CPV','','\'File Encryption For Actual Humans\'','\'David Kane-Parry\'','CPV_47c94458f3dad6cec8efef790cebfb61','\'Title: File Encryption For Actual Humans
\nWhen: Sunday, Aug 9, 13:00 - 13:30 PDT
\nWhere: Crypto & Privacy Vlg
\n
SpeakerBio:David Kane-Parry\n
\ndkp has been breaking and building the software you depend on for decades. Presently, at Spotify. Previously, security lead for login.gov and other projects at 18F, cryptography policy owner at Amazon, and hacker-for-hire just about everywhere else.
\n\n
\nDescription:
\nI wrote a proof-of-concept tool to demonstrate that, by combining modern cryptography and human-centered design, emailing encrypted files doesn\'t have to be so thoroughly insecure. Better than Signal? No, but for many, emailing password-protected zip files is the only user-accessible and/or policy-approved method at their disposal. Leaving them at the mercy of broken algorithms and broken approaches to password selection. But both of which can fixed in about 100 lines of Python.
\n
Crypto & Privacy Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://twitch.tv/cryptovillage\n
YouTube: https://www.youtube.com/channel/UCGWMS6k9rg9uOf3FmYdjwwQ\n
\'',NULL,68749),('2_Friday','08','08:00','08:25','N','AEV','','\'Hack-A-Sat Launch Party\'','\' \'','AEV_e11c52d5ce24415aaa3b59749d4536af','\'Title: Hack-A-Sat Launch Party
\nWhen: Friday, Aug 7, 08:00 - 08:25 PDT
\nWhere: Aerospace Vlg
\n
\nDescription:
\nOverview of the Hack-A-Sat competition, teams and CTF challenges.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-hack-a-sat-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732393766677119087\n
\n\'',NULL,68750),('2_Friday','10','10:00','10:59','N','AEV','','\'Opening Remarks: Getting The Aerospace Village To Take-Off\'','\'Chris Krebs,Dr Will Roper,Pete Cooper\'','AEV_254fd34b5a3ecb62b7032c1242126a75','\'Title: Opening Remarks: Getting The Aerospace Village To Take-Off
\nWhen: Friday, Aug 7, 10:00 - 10:59 PDT
\nWhere: Aerospace Vlg
\nSpeakers:Chris Krebs,Dr Will Roper,Pete Cooper
\n
SpeakerBio:Chris Krebs\n
\nChristopher Krebs - serves as the first director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). Mr. Krebs was originally sworn in on June 15, 2018 as the Under Secretary for the predecessor of CISA, the National Protection and Programs Directorate (NPPD). Mr. Krebs was nominated for that position by President Trump in February 2018.\n
Before serving as CISA Director, Mr. Krebs was appointed in August 2017 as the Assistant Secretary for Infrastructure Protection. In the absence of a permanent NPPD Under Secretary at the time, Mr. Krebs took on the role of serving as the Senior Official Performing the Duties of the Under Secretary for NPPD until he was subsequently nominated as the Under Secretary and confirmed by the Senate the following year.\n
Mr. Krebs joined DHS in March 2017, first serving as Senior Counselor to the Secretary, where he advised DHS leadership on a range of cybersecurity, critical infrastructure, and national resilience issues. Prior to coming to DHS, he was a member of Microsoft’s U.S. Government Affairs team as the Director for Cybersecurity Policy, where he led Microsoft’s U.S. policy work on cybersecurity and technology issues.\n
Before Microsoft, Mr. Krebs advised industry and Federal, State, and local government customers on a range of cybersecurity and risk management issues. This is his second tour working at DHS, previously serving as the Senior Advisor to the Assistant Secretary for Infrastructure Protection and playing a formative role in a number of national and international risk management programs.\n
As Director, Mr. Krebs oversees CISA’s efforts to defend civilian networks, manage systemic risk to National critical functions, and work with stakeholders to raise the security baseline of the Nation’s cyber and physical infrastructure.\n
Mr. Krebs holds a bachelor’s degree in environmental sciences from the University of Virginia and a J.D. from the Antonin Scalia Law School at George Mason University.\n
\n
SpeakerBio:Dr Will Roper\n
\nDr. Will Roper - is the Assistant Secretary of the Air Force for Acquisition, Technology and Logistics. As the Air Force’s Service Acquisition Executive, Dr. Roper is responsible for and oversees Air Force research, development and acquisition activities totaling an annual budget in excess of $60 billion for more than 550 acquisition programs. In this position, Dr. Roper serves as the principal adviser to the Secretary and Chief of Staff of the Air Force for research and development, test, production and modernization efforts within the Air Force.\n
Prior to his current position, Dr. Roper was the founding Director of the Pentagon’s Strategic Capabilities Office. Established in 2012, the SCO imagines new—often unexpected and game-changing—uses of existing government and commercial systems: extending their shelf- life and restoring surprise to the military’s playbook. Since 2012, SCO has grown from an annual budget of $50 million to the current $1.5 billion request in the President’s 2018 budget with projects spanning new concepts such as hypervelocity artillery, multi-purpose missiles, autonomous fast-boats, smartphone-navigating weapons, big-data- enabled sensing, 3D-printed systems, standoff arsenal planes, fighter avatars and fighter-dispersed swarming micro-drones which formed the world’s then-largest swarm of 103 systems. During his tenure as SCO Director, Dr. Roper served on the Department’s 2018 National Defense Strategy Steering Group, Cloud Executive Steering Group and Defense Modernization Team.\n
Previously, Dr. Roper served as the Acting Chief Architect at the Missile Defense Agency where he developed 11 new systems, including the current European Defense architecture, advanced drones, and classified programs. Before this, he worked at MIT Lincoln Laboratory and served as a missile defense advisor to the Under Secretary of Defense for Acquisition, Technology and Logistics.\n
\n
SpeakerBio:Pete Cooper\n
\nPete Cooper - Dir Aerospace Village. His first tech love was a ZX Spectrum but then he then moved on to flying fast jets in the UK Royal Air Force. Then he moved into cyber operations before leaving the military 4 years ago. Since then he has started up his own cyber security firm and has advised on everything from developing global cyber security strategies with UN bodies such as ICAO, advising the ICRC on the nature of state vs state cyber conflict and also enjoys playing with active cyber defence and deception. Pete is also the founder and Dir of the UK Cyber Strategy Challenge “Cyber9/12â€, holds an MSc in Cyberspace Operations, is a Senior Fellow at Kings College London, a Non-Resident Senior Fellow at the Atlantic Council Cyber Statecraft Initiative and a Fellow of the Royal Aeronautical Society.
\n\n
\nDescription:
\nLet’s face it, relationships between the hacker / researcher community and the aerospace sector in the past – haven’t been great. 20 months ago, a passionate voluntary group of hackers, pilots, engineers, policy wonks and others, decided to do something about it and start creating a community that would foster trusted relationships across all those interested in aviation cyber security. Here we are at our second DEF CON in the Aerospace Village with a rapidly growing hacker / researcher community supported by the aerospace industry, USAF, DDS, CISA, academia, regulators and more including the first satellite CTF.\n
A short intro to the Aerospace Village tells the story of how and why we do this, how we got here and where we are going.\n
Then we are honoured to have two guest speakers where we hear from Dir CISA, Chris Krebs, who will be chatting about all things CISA and Aerospace Cybersecurity, after which things are rounded off by Dr Will Roper, Assistant Secretary of the Air Force for Acquisition, Technology and Logistics who will talk to the Space Security Challenge – Hack-a-Sat and their support for the Aerospace Village and its vision.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-terminal-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732392946350948423\n
\n\'',NULL,68751),('2_Friday','11','11:00','11:59','N','AEV','','\'MITM - The Mystery In The Middle. An Introduction To The Aircraft Information Systems Domain\'','\'Matt Gaffney\'','AEV_8f05148f1be4ace5668d1cb158eec604','\'Title: MITM - The Mystery In The Middle. An Introduction To The Aircraft Information Systems Domain
\nWhen: Friday, Aug 7, 11:00 - 11:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Matt Gaffney\n
\nMatt is an aviation cybersecurity consultant at BSSI UK where he also holds the position of Managing Director. He started his cybersecurity career whilst serving in the British Army after being volunteered for a mandatory IT Security Officer course because he ‘has some experience with IT’. With more than 14 years experience across multiple industries from Military and Government to banking and aviation, Matt has mostly worked on the entry into service of e-Enabled aircraft at the operator (airline) level. Due to this, his focus is primarily on systems implemented by the operator and whose touchpoints are the Aircraft Information Systems Domain (AISD). His particular areas of interest are the Electronic Flight Bag (EFB) and ground systems. A relative newbie to the research field, he recently released his first paper ‘Securing e-Enabled aircraft information systems’ and plans on releasing others in the coming months.
\n\n
\nDescription:
\nThe mordern e-Enabled aircraft is often descrbed as a flying data center with half of it on the ground. Sometimes overlooked by researchers in favour of avionics and In-Flight Entertainment systems, this presentation will give an introduction to the Aircraft Information Systems Domain (AISD). This hidden yet important domain logically sits between the Avionics and the passenger network and operators need to consider security in the AISD when bringing e-Enabaled aircraft in to their fleet. \n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68752),('2_Friday','12','12:00','12:30','N','AEV','','\'Satellite Orbits 101\'','\'Matt Murray\'','AEV_a85908bcdcf03c9130eddfbaf437c7b3','\'Title: Satellite Orbits 101
\nWhen: Friday, Aug 7, 12:00 - 12:30 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Matt Murray\n
\nWith a degree in Electrical and Computer Engineering at the undergraduate level and Computer Information Systems Engineering with concentrations in Networks and Cyber Security at the Graduate level; Matthew Murray has spent the last twelve of a twenty year career supporting aerospace, cyber and software engineering contracts with Lockheed Martin. His industry knowledge and expertise includes infrastructure hardware, software/hardware interfaces, software development, networking and cyber security. Throughout his career he has gained an in-depth understanding of an array of disciplines and technologies that include satellite orbits and the software development techniques tied to them.
\n\n
\nDescription:
\nSatellite Orbits 101 will provide an introductory understanding of the orbit of satellites/space vehicles. Leveraging knowledge, experience and visualization tools designed to describe and present orbital behaviors; the presentation will cover introductions to an array of orbital topics including what it even takes to reach and maintain orbit; which launch sites and windows are as important as they are; altitude classifications, such as HEO and LEO; directional classifications; inclination classifications, eccentricity classifications and more. The overlaps and interactions of these topics will also be discussed, as for example a satellite launched from near the equator and destined for a low-inclination orbit could receive help in reaching orbit from the rotation of the earth itself, but how this is not true for satellites bound for high inclination orbits. An attendee will walk away layman’s introductory demystification of just how many layers are beneath the phrase Satellite Orbit.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-space-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394328105943180\n
\n\'',NULL,68753),('2_Friday','12','12:30','12:59','N','AEV','','\'GPS Spoofing 101\'','\'Harshad Sathaye\'','AEV_2b5280e9695cf24b0335f65f9f581763','\'Title: GPS Spoofing 101
\nWhen: Friday, Aug 7, 12:30 - 12:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Harshad Sathaye\n
\nHarshad is a Ph.D. candidate at Northeastern University and a soon-to-be student pilot. He is a cyber security enthusiast with research interests around wireless systems security, specifically navigation systems and development of secure cyber-physical systems
\n\n
\nDescription:
\nWith the advent of autonomous cyber-physical systems such as self-driving cars and unmanned aerial vehicles, the use of Global Positioning System (GPS) for positioning and navigation has become ubiquitous. In recent years we have seen a lot of GPS \"incidents\" which involve either denial of services or spoofing to mislead the receiver. This workshop will include the basics of GPS spoofing with a hands-on exercise and a discussion of state-of-the-art spoofing mitigation techniques\n
This event will be coordinated on the DEF CON Discord server, in channel #av-space-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394328105943180\n
\n\'',NULL,68754),('2_Friday','13','13:00','13:59','N','AEV','','\'Building Connections Across The Aviation Ecosystem\'','\'Katie Noble,Al Burke,Jeff Troy,Jen Ellis,John Craig,Randy Talley (CISA),Sidd Gejji\'','AEV_e9b3fa37141f2c6d0e0b2b8b95fc43e3','\'Title: Building Connections Across The Aviation Ecosystem
\nWhen: Friday, Aug 7, 13:00 - 13:59 PDT
\nWhere: Aerospace Vlg
\nSpeakers:Katie Noble,Al Burke,Jeff Troy,Jen Ellis,John Craig,Randy Talley (CISA),Sidd Gejji
\n
SpeakerBio:Katie Noble\n, Intel Corp
\nKatie currently serves as a Director of PSIRT and Bug Bounty at Intel Corp. Where she leads the cyber security vulnerability Bug Bounty program, researcher outreach, and strategic planning efforts. Previous to this position, Katie served as the Section Chief of the Vulnerability Management and Coordination at the Department of Homeland Security, Cyber and Infrastructure Security Agency (CISA) where she led DHS’ primary operations arm for coordinating the responsible disclosure and mitigation of identified cyber vulnerabilities in control systems, enterprise, hardware and software. Katies team is credited by the Secretary of Homeland Security with the coordination and public disclosure of over 20,000 cyber security vulnerabilities within a two year period. Katie is a highly accomplished manager with over 14 years of U.S. Government experience, both in the Intelligence Community and Cyber Security Program Management. She has operated at all levels from individual contributor as an Intelligence Analyst for the National Intelligence Community to Senior Policy Advisor for White House led National Security Council (NSC) Cyber programs. Her work has directly impacted the decision making of the NSC, Defense Information Systems Agency, Office of the Director of National Intelligence, Department of Defense, Federal Communications Commission, Central Intelligence Agency, U.S. Coast Guard, U.K.Ministry of Defense, Canadian Government agencies, and Australian Cabinet Ministry.
\n
SpeakerBio:Al Burke\n, Associate Deputy Director, Air Force Cyberspace Operations and Warfighter Communications
\nMr. Alan W. Burke is the Associate Deputy Director, Air Force Cyberspace Operations and Warfighter Communications and the DOD Chair for the interagency Aviation Cyber Initiative Task Force. Most recently he was a Distinguished Graduate of the College of Information and Cyberspace, National Defense University. He has 36-years of combined active military and government service in the U.S. Air Force and Department of Defense. Previously, he was Chief of the Integrated Air and Missile Defense (IAMD) Division, U.S. Air Forces in Europe-Africa responsible for integrating joint and coalition air, space and missile defense capabilities in support of the Joint Force Air Component Commander and implementation of Presidential policy for missile defense in Europe. On active duty, Colonel Burke was the Director, Operations Support Group and Deputy Director, Warfighter Support Center, Missile Defense Agency (MDA) that delivered global support for Ballistic Missile Defense operations and led the initial Missile Defense Agency Ballistic Missile Defense system deployments in Israel. His active duty service includes operational, staff and command experience in nuclear missile operations, space surveillance, space control, missile warning, national-level command and control, air and missile defense, military training and education, and Research, Development, Test and Evaluation.
\n
SpeakerBio:Jeff Troy\n, President, CEO, Aviation ISAC
\nOver the past three years, Jeff developed the A-ISAC comprehensive strategy, led the team’s expansion of the Aviation ISACs services, and tripled membership. He established relationships with global regulators, industry associations, and private sector companies to drive cyber risk reduction across the aviation eco-system. Concurrently, Jeff employed by General Electric and is on the Board of Directors, National Defense ISAC. ND-ISAC provides cutting edge cyber security training, intelligence development and a trusted information sharing environment for US cleared defense contractors. Jeff spent 25 years as a Special Agent of the FBI. He retired as the Deputy Assistant Director for Cyber National Security and Cyber Criminal Investigations.
\n
SpeakerBio:Jen Ellis\n, Rapid7
\nJen Ellis is the vice president of community and public affairs at Rapid7 and her primary focus is on advancing cybersecurity for all by building productive collaboration between those in the security community and those operating outside it. She works extensively with security researchers, technology providers and operators, and various government entities to help them understand and address cybersecurity challenges. She believes effective collaboration is our only path forward to reducing cybercrime and protecting consumers and businesses. Jen is a nonresident fellow of the Atlantic Council, sits on the boards of the Center for Cybersecurity Policy and Law, I Am The Cavalry, and the Aerospace Village, and is a member of the board of advisors for the CyberPeace Institute. She has testified before U.S. Congress and spoken at numerous security or business conferences.
\n
SpeakerBio:John Craig\n, Boeing
\nJohn Craig is currently the Chief Engineer of Cabin, Network and Security Systems and Product Security Officer for Boeing Commercial Airplanes. In this role, he is responsible for cabin systems, connectivity, onboard networks, cyber security, and airborne software design and implementation. In addition, he is the chairman of the board of the Aviation Information Sharing and Analysis Center, formed to encourage sharing of cyber threat information within the aviation industry. He is on the policy board and program management committee of RTCA to provide input for policy and programs for the aviation. In his 34 years of aviation experience, he has held roles in Electrical Subsystems, Engine Systems, Avionics, Cabin Systems, Onboard Networks, and Connectivity Systems. He is experienced in large scale systems development, software developmental programs and, as a previous FAA Designated Engineering Representative, knowledge of airplane certification programs.
\n
SpeakerBio:Randy Talley (CISA)\n
\nMr. Talley is a Senior Advisor assigned to the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) located in Arlington, VA. He uses his aviation expertise and operational Homeland Security background to provide aviation-specific advice to CISA leadership. In his primary role, Mr. Talley serves as the DHS Lead for the Aviation Cyber Initiative (ACI), a Tri-Chaired Task Force assigned to collaborate across the Federal Government, aviation industry and the research community to reduce risks and improve resilience within the Nation’s Aviation Ecosystem.
\n
SpeakerBio:Sidd Gejji\n, FAA
\nSiddharth (Sidd) Gejji is a Manager in the Federal Aviation Administration (FAA) Office of Information Security and Privacy, within the FAA Office of Information and Technology. Mr. Gejji leads the Aviation Ecosystem Stakeholder Engagement Branch, which is a team of experts responsible for conducting cybersecurity stakeholder engagements throughout the Aviation Ecosystem, including in the Airlines, Airports, Aviation Management, and Aircraft areas. Mr. Gejji serves as a Tri-Chair for the U.S. Aviation Cyber Initiative (ACI). The ACI is a US Government task force with Tri-Chairs from Department of Homeland Security (DHS), Department of Defense (DoD), and FAA. Mr. Gejji and his team support this important interagency mission to reduce cybersecurity risks and improve cyber resilience to support safe, secure, and efficient operations of the Nation’s Aviation Ecosystem. Prior to his current engagement, Sidd spent 12 years in various roles at the FAA, most notably in the FAA Office of Policy where he served as an Acting Manager of the Systems and Policy Analysis Group. He also spent a year on detail to the U.S. Senate Commerce, Science, and Transportation Committee.
\n\n
\nDescription:
\nAcross the Aviation Ecosystem, there is an increased effort to collaborate and coordinate to protect Information Technology (IT) and Operational Technology (OT) systems at airports, airlines, aviation management, and manufacturers and vendors via the supply chain. This diverse panel will share their insights and current activities between government, industry, and the security research community. Learn how you can participate in and ensure the safety and security of the Aviation Ecosystem.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68755),('2_Friday','14','14:00','14:59','N','AEV','','\'Experimental Aviation, Risks And Rewards\'','\'Patrick Kiley\'','AEV_2b77fa14670442a44ab10ac449a7428c','\'Title: Experimental Aviation, Risks And Rewards
\nWhen: Friday, Aug 7, 14:00 - 14:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Patrick Kiley\n, Principal Security Consultant, Rapid7
\nPatrick Kiley (GXPN, GPEN, GAWN, GCIH, CISSP, MCSE) has over 18 years of information security experience working with both private sector employers and the Department of Energy/National Nuclear Security Administration (NNSA). While he was with the NNSA he built the NNSA\'s SOC and spent several years working for emergency teams. Patrick has performed research in Avionics security and Internet connected transportation platforms. Patrick has experience in all aspects of penetration testing, security engineering, hardware hacking, IoT, Autonomous Vehicles and CAN bus.
\nTwitter: @gigstorm
\n\n
\nDescription:
\n This talk will cover a hacker’s perspective of building your own aircraft, what I consider to be the ultimate maker/hacker project. Over 10 years ago, I decided to see if I could build an aircraft from a set of plans. The model I chose was a 4 seat AeroCanard FG, a somewhat controversial derivative of the Cozy Mark IV. The Cozy itself was also a derivative, basically a widened version of the Burt Rutan designed Long EZ. This talk will cover why someone would choose to build their own aircraft. All of these topics will cover the risk as I see it as a professional who has been in the information risk field his entire professional career.\n
\n - I will break this talk down into the following topics.\n
- FAA and the 51% rule\n
- Plans vs Kits\n
- Composite vs riveted aluminum construction\n
- Making changes to tested designs\n
- Engine selection, aviation engines vs conversions\n
- Avionics selection
\nI will complete the talk with some discussion around becoming a test pilot, what you will become when you finally fly your creation.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68756),('2_Friday','15','15:00','15:59','N','AEV','','\'Talking To Satellites - 101\'','\'Eric Escobar\'','AEV_f818309e98af0270bb409f59e5f25347','\'Title: Talking To Satellites - 101
\nWhen: Friday, Aug 7, 15:00 - 15:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Eric Escobar\n
\nEric is a seasoned pentester and a Principal Security Consultant at Secureworks. On a daily basis he attempts to compromise large enterprise networks to test their physical, human, network and wireless security. He has successfully compromised companies from all sectors of business including: Healthcare, Pharmaceutical, Entertainment, Amusement Parks, Banking, Finance, Technology, Insurance, Retail, Food Distribution, Government, Education, Transportation, Energy and Industrial Manufacturing.\n
His team consecutively won first place at DEF CON 23, 24, and 25\'s Wireless CTF, snagging a black badge along the way. Forcibly retired from competing in the Wireless CTF, he now helps create challenges!\n
\n\n
\nDescription:
\nReaching out into space may seem like it would require a PhD and thousands of dollars of equipment, but it can actually be done for about $100. In this talk I will detail how to get started talking to satellites using basic equipment. With just a Ham Radio license and some gear, you too can talk to satellites and by extension people thousands of miles away.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-space-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394328105943180\n
\n\'',NULL,68757),('2_Friday','16','16:00','16:30','N','AEV','','\'Hack-A-Sat Friday Recap\'','\' \'','AEV_21559462ab8482607627b42845bff186','\'Title: Hack-A-Sat Friday Recap
\nWhen: Friday, Aug 7, 16:00 - 16:30 PDT
\nWhere: Aerospace Vlg
\n
\nDescription:
\nRecap of Friday\'s Hack-A-Sat competition and a look ahead to Saturday.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-hack-a-sat-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732393766677119087\n
\n\'',NULL,68758),('2_Friday','17','17:00','17:59','N','AEV','','\'Exploiting Spacecraft\'','\'Brandon Bailey\'','AEV_df4d70af4935a305485cb1bea1a3a0c3','\'Title: Exploiting Spacecraft
\nWhen: Friday, Aug 7, 17:00 - 17:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Brandon Bailey\n
\nBrandon Bailey is a cybersecurity senior project leader at The Aerospace Corporation. He has more than 14 years of experience supporting the intelligence and civil space arena. Bailey’s specialties include vulnerability assessments/ penetration testing for space systems and infusing secure coding principles within the software supply chain. Before joining Aerospace, Bailey worked for NASA, where he was responsible for building and maintaining a software testing and research laboratory to include a robust cybersecurity range as well as spearheading innovative cybersecurity assessments of ground infrastructure that support NASA’s mission operations. While at NASA, Bailey was honored with several group and individual awards, including NASA’s Exceptional Service Medal for his landmark cybersecurity work, NASA’s Early Career Achievement Award, and NASA Agency Honor Awards for Information Assurance/Cybersecurity. He has also contributed to teams who have received honorable mention in the 2012 and 2016 NASA’s Software of the Year competition. Bailey graduated summa cum laude with a bachelor’s degree in electrical engineering from West Virginia University and currently holds multiple certifications in the cybersecurity field. He recently co-authored Aerospace’s Center for Space Policy and Strategy’s Defending Spacecraft in the Cyber Domain paper which outlines security principles that can be applied on-board the spacecraft to improve its security posture.
\n\n
\nDescription:
\nThis presentation will describe the high-level cyber threat landscape for space systems and focus on three examples: Command Replay Attack, Command Link Intrusion, and Denial of Service using GPS jamming. These three attacks were performed using high fidelity ground-to-space simulators to demonstrate the benefit of performing such research using simulation. These simulations leverage many of the same software components used in operations today for several operational missions. Recommendations are provided on how to protect against the attacks and references are provided so the audience can build their own simulations to begin their own research.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-space-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394328105943180\n
\n\'',NULL,68759),('3_Saturday','08','08:30','08:59','N','AEV','','\'Attacking Flight Management Systems: This Is Your Captain Speaking, We Have A Small Problem!\'','\'Javad Dadgar,Mohammad-Reza Zamiri,Reza Dorosti\'','AEV_9605d2a6f606c3baeea69c5c070de6e4','\'Title: Attacking Flight Management Systems: This Is Your Captain Speaking, We Have A Small Problem!
\nWhen: Saturday, Aug 8, 08:30 - 08:59 PDT
\nWhere: Aerospace Vlg
\nSpeakers:Javad Dadgar,Mohammad-Reza Zamiri,Reza Dorosti
\n
SpeakerBio:Javad Dadgar\n
\nJavad Dadgar is an independent security researcher. He is currently working as a red teamer and part-time bug bounty hunter with 4 years of experience. Also he is interested in the aviation industry.
\n
SpeakerBio:Mohammad-Reza Zamiri\n
\nMohammad-Reza Zamiri is a cybersecurity researcher with more than 8 years of experience. His research focuses on computer and network security, with an emphasis on detecting vulnerabilities and threats, penetration testing, as well as embedded or cyber-physical systems. He has published several research papers and presented on top conferences including (ACM CCS, ACSAC, Kaspersky) and currently is working as a senior security analyst. He also likes to play CTF and was the champion of the first national ICS CTF(2019) in Iran.
\n
SpeakerBio:Reza Dorosti\n
\nReza Dorosti is a software reverse engineer with more than 15 years of experience with performing dynamic analysis of software binaries and also assembly language, including x86, ARM, MIPS. He is a fan of embedded devices security.
\n\n
\nDescription:
\nModern aircrafts are heavily relied on flight management systems to automate a wide variety of in-flight tasks, including producing flight plans, reducing the workload on the pilot, or allow the airplane to hook up the autopilot. Vulnerabilities in such systems could allow an attacker to manipulate critical data that are important during a flight. \n
In this talk, we will present the result of our research on the security of a famous flight management system and how we managed to detect a weakness in its security mechanism using reverse engineering. Then we will discuss possible risk scenarios regarding manipulation of mentioned critical data. \n
During this research, we have found a method to modify the navigation data on a flight management computer and also identified some risk scenarios that we think could cause some problems. We hope this may lead to future research and make the aviation industry more secure.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68760),('3_Saturday','09','09:00','09:30','N','AEV','','\'Hack-A-Sat Kickoff Segment\'','\' \'','AEV_d7ebbed1cee5c98ca9f13eca6a2816c5','\'Title: Hack-A-Sat Kickoff Segment
\nWhen: Saturday, Aug 8, 09:00 - 09:30 PDT
\nWhere: Aerospace Vlg
\n
\nDescription:
\nThe daily kickoff for Hack-A-Sat informs attendees of the day\'s schedule and activities for the competition. Tune in if you want to follow the CTF.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-hack-a-sat-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732393766677119087\n
\n\'',NULL,68761),('3_Saturday','09','09:30','09:59','N','AEV','','\'Aerospace Village Badge\'','\'Rick Hansen\'','AEV_7da7f924c7b8d0b89ddf36510cce59af','\'Title: Aerospace Village Badge
\nWhen: Saturday, Aug 8, 09:30 - 09:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Rick Hansen\n
\nProfessor Rick Hansen teaches cybersecurity and IoT at Capitol Technology University. He performs original research in vulnerability assessment for embedded systems and telecommunications. Rick also serves as the CEO of APS Global llc which provides cybersecurity, research, and training to government and industry. Rick is an Air Force veteran with degrees in computer science and electronic engineering. He volunteers with Capitol’s Astronautical Engineering program, assisting students with payloads operating in near-space and low-earth orbit. Professor Hansen was honored to be featured in this year’s NSA Centers of Excellence in Cyber Defense video (https://www.captechu.edu/student-experience/centers-and-labs/center-cybersecurity-research-and-analysis-ccra). Last year Rick’s DEFCON presentation focused on exploiting vulnerabilities in automotive LIDAR, which was the focus of this article by Unicorn Riot (https://unicornriot.ninja/2019/hacking-lidar-changing-what-autonomous-vehicles-see/).
\n\n
\nDescription:
\nInexpensive Software-Defined Radios (SDRs) can be used to receive digital communications from aircraft and satellites. This talk presents simple experiments in receiving these communications and assessing the associated strengths and vulnerabilities. This year’s Aerospace Village Badge can be used as an antenna for receiving aviation and satellite data. Materials can be purchased from Amazon and attendees will be able to follow along with the video.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-terminal-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732392946350948423\n
\n\'',NULL,68762),('3_Saturday','10','10:00','10:59','N','AEV','','\'Hackers And ISACS\'','\'Erin Miller,Jeff Troy,Ken Munro,Matthew Gaffney,Pete Cooper\'','AEV_6c96ed58bcb58778a4e12782fb554690','\'Title: Hackers And ISACS
\nWhen: Saturday, Aug 8, 10:00 - 10:59 PDT
\nWhere: Aerospace Vlg
\nSpeakers:Erin Miller,Jeff Troy,Ken Munro,Matthew Gaffney,Pete Cooper
\n
SpeakerBio:Erin Miller\n, VP of Operations for Space ISAC, National Cybersecurity Center
\nErin has over a decade of experience building meaningful tech collaborations and has formed hundreds of formal partnerships between government, industry and academia to solve problems for warfighters and national security. Currently Erin is building a Public-Private Partnership (P3), called Space ISAC. This is the third non-profit launch Erin has led and has been passionate about P3 for her entire career.\n
Erin was the Managing Director of the Center for Technology, Research and Commercialization (C-TRAC) and brought three USAF-funded programs to bear at the Catalyst Campus for Technology & Innovation (www.catalystcampus.org) from 2016-2018. Her expertise in brokering unique partnerships using non-FAR type agreements led to the standup of the Air Force’s first cyber focused design studio, AFCyberWorx at the United States Air Force Academy, and the first space accelerator, Catalyst Accelerator, at Catalyst Campus in Colorado Springs - in partnership with Air Force Research Laboratory and AFWERX.\n
In 2018 Erin was recognized by the Mayor of Colorado Springs as Mayor’s Young Leader (MYL) of the Year Award for Technology. She is also the recipient of Southern Colorado Women’s Chamber of Commerce Award for Young Female Leader in 2018. Erin serves on the board of cyber teaching certifications at Handshake Leadership. A company putting purpose over profit.\n
\n
SpeakerBio:Jeff Troy\n, President, CEO, Aviation ISAC
\nOver the past three years, Jeff developed the A-ISAC comprehensive strategy, led the team’s expansion of the Aviation ISACs services, and tripled membership. He established relationships with global regulators, industry associations, and private sector companies to drive cyber risk reduction across the aviation eco-system. Concurrently, Jeff employed by General Electric and is on the Board of Directors, National Defense ISAC. ND-ISAC provides cutting edge cyber security training, intelligence development and a trusted information sharing environment for US cleared defense contractors. Jeff spent 25 years as a Special Agent of the FBI. He retired as the Deputy Assistant Director for Cyber National Security and Cyber Criminal Investigations.
\n
SpeakerBio:Ken Munro\n
\nKen Munro is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He and colleagues hold private pilot’s licenses and have been interested in aviation security for many years. They also publish and blog about their research into aviation cyber security, covering topics from airborne connectivity, the potential risks of publicly available avionics component information, and even the entire attack surface of the modern airport. Ken and Pen Test Partners have also been invited to speak at various aviation industry events, and on aviation at specialist security events such as DEF CON’s Aviation Village, the Global Connected Aircraft Summit, and the Aviation ISAC Summit among others.
\n
SpeakerBio:Matthew Gaffney\n, Managing Director, BSSI UK
\nMatt is an aviation cybersecurity consultant at BSSI UK where he also holds the position of Managing Director. He started his cybersecurity career whilst serving in the British Army after being volunteered for a mandatory IT Security Officer course because he ‘has some experience with IT’. With more than 14 years experience across multiple industries from Military and Government to banking and aviation, Matt has mostly worked on the entry into service of e-Enabled aircraft at the operator (airline) level. Due to this, his focus is primarily on systems implemented by the operator and whose touchpoints are the Aircraft Information Systems Domain (AISD). His particular areas of interest are the Electronic Flight Bag (EFB) and ground systems. A relative newbie to the research field, he recently released his first paper ‘Securing e-Enabled aircraft information systems’ and plans on releasing others in the coming months.
\n
SpeakerBio:Pete Cooper\n
\nPete Cooper - Dir Aerospace Village. His first tech love was a ZX Spectrum but then he then moved on to flying fast jets in the UK Royal Air Force. Then he moved into cyber operations before leaving the military 4 years ago. Since then he has started up his own cyber security firm and has advised on everything from developing global cyber security strategies with UN bodies such as ICAO, advising the ICRC on the nature of state vs state cyber conflict and also enjoys playing with active cyber defence and deception. Pete is also the founder and Dir of the UK Cyber Strategy Challenge “Cyber9/12â€, holds an MSc in Cyberspace Operations, is a Senior Fellow at Kings College London, a Non-Resident Senior Fellow at the Atlantic Council Cyber Statecraft Initiative and a Fellow of the Royal Aeronautical Society.
\n\n
\nDescription:
\nAcross the aerospace sector, good faith research has a key role in highlighting both risks and vulnerabilities but it hasn’t always been welcomed with open arms. ISACs are often seen as a key point of contact for researchers and hackers doing this work but how best do we create relationships across hackers and ISACs to learn the lessons of the past and build the trust that we need?\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68763),('3_Saturday','11','11:00','11:30','N','AEV','','\'A View From The Cockpit: Exploring Pilot Reactions To Attacks On Avionic Systems\'','\'Matt Smith\'','AEV_d46814e2d419cb71c0fdcb7c1e1021a4','\'Title: A View From The Cockpit: Exploring Pilot Reactions To Attacks On Avionic Systems
\nWhen: Saturday, Aug 8, 11:00 - 11:30 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Matt Smith\n
\nMatt is a Postdoctoral Research Associate in the System Security Lab led by Prof. Ivan Martinovic, at the Department of Computer Science, University of Oxford. His research looks at the security of wireless systems in aviation, most recently focusing on the impacts of attacks on safety systems. Prior to this, Matt completed his PhD in the Department of Computer Science, University of Oxford, covering avionic data links and the effects of attacks in the cockpit. He holds a Masters degree in Computer Science from the University of Warwick.
\n\n
\nDescription:
\nResearchers have been crafting attacks on aviation systems for almost a decade now, on wireless technologies like ADS-B and ACARS to In Flight Entertainment (IFE) devices. Many attacks seek to affect what the pilots see or how the aircraft is flown. Although we can work out what should happen in theory, does this translate to practice? In this talk, we describe how we investigated this using a flight simulator and 30 type-rated commercial pilots.\n
In particular, we will discuss:
\n- What happens when your aircraft thinks you are on collision course - but nothing is there,\n- How pilots respond when landing guidance puts you at the wrong end of the runway (i.e. the reverse Die Hard),\n- Can attackers push flight crew into switching systems off?\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68764),('3_Saturday','11','11:30','11:59','N','AEV','','\'Checklist For Aviation Vulnerability Disclosure: Don\'t Go It Alone\'','\'Jay Angus\'','AEV_4d9992986135e4f959c1346d4feb1955','\'Title: Checklist For Aviation Vulnerability Disclosure: Don\'t Go It Alone
\nWhen: Saturday, Aug 8, 11:30 - 11:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Jay Angus\n
\nMr. Jay Angus is a career civil servant with 16 years of experience as a federal employee. He currently serves as the federal lead for the Industrial Control Systems Vulnerability Management and Coordination program within Cybersecurity Infrastructure Security Agency. Prior to joining CISA, he worked for 10 years as an Information Assurance Manager at Naval Hospital Pensacola and SpaWar.\n
In his current role, he manages day to day operations within the Cybersecurity Infrastructure Security Agency ICS vulnerability disclosure program. As the federal lead for this program he provides oversight of the responsible disclosure of Industrial Control Systems, IoT equipment, and medical devices. One of the significant challenges of this mission space is developing the trust of vendors, asset owners, and researchers, while providing actionable mitigation and remediation strategies to the system owners across the sixteen critical infrastructure sectors.\n
\n\n
\nDescription:
\nCybersecurity vulnerabilities are ever present in IT and OT systems and the aerospace sector is not exempt from these findings. What should a researcher or vendor do when they find a vulnerability? This is a common question but can have many and variety complex answers. Showing how a few simple steps by each participant in the process of coordinated disclosure can decrease the stress of the efforts and result in trust among researchers and a more resilient aviation sector.\n
Major points will focus on:
\n- What researchers should be doing in preparation of disclosure.\n- When a researcher should be looking for help with coordination.\n- Questions vendor should be asking in preparation of a public disclosure.\n- Each disclosure is a unique event and should be leveraged to build upon.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68765),('3_Saturday','12','12:00','12:59','N','AEV','','\'Low-Cost VHF Receiver: Eavesdropping Pilot/Controller Communication\'','\'Allan Tart,Fabian Landis\'','AEV_b1d8f2dbcad397aa97d74f473d38ee78','\'Title: Low-Cost VHF Receiver: Eavesdropping Pilot/Controller Communication
\nWhen: Saturday, Aug 8, 12:00 - 12:59 PDT
\nWhere: Aerospace Vlg
\nSpeakers:Allan Tart,Fabian Landis
\n
SpeakerBio:Allan Tart\n
\nAllan Tart joined OpenSky network in July 2019, where his main responsibilities include leading special research and development projects. He has more than a decade worth of experience working in the air traffic management domain, where he has filled different positions ranging from being surveillance systems engineer to leading various development projects. In addition to his work in ATM, he has been actively conducting research in the field of array processing and spatial filtering at Tallinn University of Technology. In recent years his research interests have shifted toward the area of radio network deployment, in which he cooperates with the Standards and Technology department in Ericsson AB.
\n
SpeakerBio:Fabian Landis\n
\nFabian Landis received his master\'s degree at the Swiss Federal Institute of Technology Zurich in 2004 in the areas of computer networks, computer vision, IT security and speech processing. He has been a developer since, working for banks and software providers in the area of infrastructure, trade finance and IAM. He has recently joined Opensky Networks and is now focusing on the ATCO2 project which this talk will cover to some extent.
\n\n
\nDescription:
\nThe objective of the talk is to give an overview of the latest development in OpenSky Network – recording Air Traffic Control ATC voice communications. \n
As the receiver-feeder system will be developed within ATCO2 project, an undertaking financed by the European Union, a short overview of the ATCO2 project will be given. The central question covered in this first part of the talk is: “What will happen with the voice recording after it’s uploaded to OpenSky Network?â€\n
The main part of the talk will focus on how to set up the receiver which is built around RTLSDR-Airband - an open source multichannel AM/NFM receiver (more about it here: https://github.com/szpajder/RTLSDR-Airband/wiki).\n
Participants are encouraged to take an active role during the workshop and set up the receiver during the talk. In order to do that, listeners should make sure they have the following items available:\n- Raspberry Pi (any version should work).\n- SDR-RTL dongle (RTL-SDR Blog R820T2 RTL2832U 1PPM TCXO SMA Software Defined Radio with Dipole Antenna Kit available from https://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-dongles/ as includes antenna and antenna cables).\n- SD card (with memory of 16GB is sufficient)\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
Github: https://github.com/szpajder/RTLSDR-Airband/wiki\n
\n\'',NULL,68766),('3_Saturday','13','13:00','13:30','N','AEV','','\'Product Cybersecurity: Secure Airplane Development Lifecycle\'','\'Michael Vanguardia\'','AEV_610da54bfda24e1cfc1fabf52f956939','\'Title: Product Cybersecurity: Secure Airplane Development Lifecycle
\nWhen: Saturday, Aug 8, 13:00 - 13:30 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Michael Vanguardia\n
\nMichael Vanguardia is an Associate Technical Fellow and Senior Product Cybersecurity Engineer for Boeing Commercial Airplanes, out of Seattle, Washington. In this role he supports security throughout the entire airplane development cycle; from security architecture definition and design, though software development and verification. This includes the execution of security testing against embedded avionic systems and networks across Boeing’s fleet of commercial aircraft. Recently, Michael’s role has been extended to spearhead security researcher engagement and airplane cyber incident investigations. Michael comes with 20+ years of experience working with space systems and avionics across the Department of Defense and the Commercial Aviation sectors.
\n\n
\nDescription:
\nThe Aviation industry has always focused on safety and with the advent of the e-enabled aircraft must now also contend with cybersecurity threats. Malicious intent via cyber means is a new area of concern that needs to be accounted for during airplane design, development, and verification. This talk will provide an overview of Boeing\'s Secure Airplane Development Lifecycle and activities that the Commercial Airplane, Product Security organization has undertaken to enhance the cyber resiliency of commercial aircraft.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68767),('3_Saturday','13','13:30','13:59','N','AEV','','\'Introduction To ACARS\'','\'Alex Lomas\'','AEV_20380f35c1bb6470e9ab4c736e355916','\'Title: Introduction To ACARS
\nWhen: Saturday, Aug 8, 13:30 - 13:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Alex Lomas\n
\nAlex Lomas is Pen Test Partner’s aerospace specialist. Alex undertakes penetration testing of traditional IT, such as networks, web applications, and APIs, as well as more aviation-specific areas including airport operational technology and avionics embedded systems such as inflight entertainment and e-enabled aircraft.
\n\n
\nDescription:
\nWe\'ll go through what ACARS is, its roots in Telex, through to how it\'s implemented and used in modern airline operations today over VHF, HF, and SATCOM.\n
We\'ll talk about how to setup your own ACARS receiver using an RTL-SDR and do a live demo of capturing real ACARS transmissions and attempt to decode what those messages are about. Then we\'ll take a thought experiment on how potentially malicious transmissions could be made to affect the aircraft.\n
There will also be a discussion around how ACARS is used in modern CPDLC air traffic to pilot data links, instead of voice communications and how these could be vulnerable, and a brief look at SELCAL which reduces the need for pilots to monitor the radio.\n
Lastly we\'ll look at the future of ACARS over IP and how this will integrate with modern e-enabled aircraft.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68768),('3_Saturday','14','14:00','14:59','N','AEV','','\'Ticketing To Takeoff: An Airport Hacking Choose Your Own Adventure\'','\'Liz Wharton\'','AEV_e32b7b4f9b39183a7a4668479ef35bbd','\'Title: Ticketing To Takeoff: An Airport Hacking Choose Your Own Adventure
\nWhen: Saturday, Aug 8, 14:00 - 14:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Liz Wharton\n
\nLiz, a technology-focused business and public policy attorney, has advised researchers, startups, and policymakers at the federal, state, and local level. Currently SCYTHE’s Chief of Staff, she was the World’s Busiest Airport’s technology attorney and hosted the Buzz Off with Lawyer Liz podcast.
\n\n
\nDescription:
\nCheck-in software glitches, payment system data breaches, gate signage ransomware attacks... Airports are an interconnected, mini-smart city of retail, dining, infrastructure, and transportation logistics operated by a hodgepodge of business interests + federal, state, and local entities and agencies. Join an interactive adventure as a passenger navigating the airport to catch a flight before hackers cause chaos, highlighting security pitfalls and risks all based on publicly disclosed incidents.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68769),('3_Saturday','15','15:00','15:30','N','AEV','','\'ILS and TCAS Spoofing Demonstration\'','\'Alex Lomas\'','AEV_c155c15f15ecfb9448c5c2642938838e','\'Title: ILS and TCAS Spoofing Demonstration
\nWhen: Saturday, Aug 8, 15:00 - 15:30 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Alex Lomas\n
\nAlex Lomas is Pen Test Partner’s aerospace specialist. Alex undertakes penetration testing of traditional IT, such as networks, web applications, and APIs, as well as more aviation-specific areas including airport operational technology and avionics embedded systems such as inflight entertainment and e-enabled aircraft.
\n\n
\nDescription:
\nThe Traffic Alert & Collision Avoidance System or TCAS was first developed in the early 1980s using transponders on aircraft to interrogate other aircraft within a set range about their distance, altitude, and heading. If a collision course is detected and the aircraft is suitably equipped, a TCAS alert will be sounded. In certain autopilot modes (mostly on Airbus), the aircraft will automatically follow the TCAS Resolution Advisory and climb or descend with no input from the pilot.Others have shown that it’s possible to create fake TCAS traffic. We’ve taken this further and investigated how airplanes equipped with autopilots capable of flying a resolution advisory themselves would respond in certain scenarios. \n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68770),('3_Saturday','15','15:30','15:59','N','AEV','','\'A Deeper Dive Into ILS And ADS-B Spoofing\'','\'Harshad Sathaye\'','AEV_d655b5648a116cfdd0d51a4dd28f3b5e','\'Title: A Deeper Dive Into ILS And ADS-B Spoofing
\nWhen: Saturday, Aug 8, 15:30 - 15:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Harshad Sathaye\n
\nHarshad is a Ph.D. candidate at Northeastern University and a soon-to-be student pilot. He is a cyber security enthusiast with research interests around wireless systems security, specifically navigation systems and development of secure cyber-physical systems
\n\n
\nDescription:
\nModern aircraft heavily rely on several wireless technologies for communications control and navigation. Researchers demonstrated vulnerabilities in many aviation systems e.g., spoofing ILS signals to disrupt the landing, injecting ghost aircraft into airspace, spoof locations, and manipulate key communication messages. This presentation will give the viewers a better understanding of the fundamental problems associated with these critical systems and what makes spoofing attacks possible.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68771),('3_Saturday','16','16:00','16:30','N','AEV','','\'Hack-A-Sat End Of Day Recap\'','\' \'','AEV_1a97c0288d17fa07abb9cf1a57c76cab','\'Title: Hack-A-Sat End Of Day Recap
\nWhen: Saturday, Aug 8, 16:00 - 16:30 PDT
\nWhere: Aerospace Vlg
\n
\nDescription:
\nThis segment will provide a round-up of the day\'s Hack-A-Sat activities, notable achievements and other information for the rest of the competition. \n
This event will be coordinated on the DEF CON Discord server, in channel #av-hack-a-sat-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732393766677119087\n
\n\'',NULL,68772),('3_Saturday','17','17:00','17:59','N','AEV','','\'General Aviation (GA) Electronic Flight Bags (EFB)\'','\'David Robinson\'','AEV_8732dafdf5bec2539c46fed8a9b2cb75','\'Title: General Aviation (GA) Electronic Flight Bags (EFB)
\nWhen: Saturday, Aug 8, 17:00 - 17:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:David Robinson\n
\nDave/Karit is currently part of the team at ZX Security in Wellington, New Zealand and works as a penetration tester. Since joining ZX Security Dave has presented at Defcon and Kiwicon along with other Cons and meetups. Along with aerospace, he has a keen interest in lock-picking and all things wireless.
\n\n
\nDescription:
\nOver the last while I have been looking at General Aviation (GA) Electronic Flight Bags (EFB). This talk will look at some of the potential security related issues I have noticed along the way. This talk will be a high level overview of the classes of problems which have been observed, opposed to focusing on particular products and individual bugs in these products. The goal here is to help an industry who is adding more connected services to their products and understanding the risks which the benefits bring.\n
The talk will highlight some categories of issues which have been identified. Along with information about why it is an issue, there will be information on methods to mitigating these security risks. I would like to see as an outcome form this talk people who develop EFBs taking away some of the ideas and mitigating the risk in their own products.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68773),('4_Sunday','08','08:30','08:59','N','AEV','','\'Hacking Airplane Air To Ground (A2G) Systems\'','\'Ali Abdollahi\'','AEV_60b7965e51b2169ac581de00d5b5827a','\'Title: Hacking Airplane Air To Ground (A2G) Systems
\nWhen: Sunday, Aug 9, 08:30 - 08:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Ali Abdollahi\n
\nAli Abdollahi is a cyber security expert with over 8 years of experience working in a variety of security fields. Ali is a full-time consultant helping clients with product security testing, reverse engineering, penetration testing, exploit developing, red-teaming, secure coding, and more, giving him ample opportunity to use his skills in a diversity of ways. In addition, He is instructor, author and board of review at Hakin9 company. Ali is a self-confessed bug hunter, publisher of many vulnerabilities and CVEs. Ali is a regular speaker and trainer at industry conferences.
\nTwitter: @AliAbdollahi2
\n\n
\nDescription:
\nOne of the most important parts of avionic systems is the communication. Airplanes use mobile communication to connect to stations on the ground. In many cases the connection is based on LTE-Advanced technology and in some cases when an airplane is on the seas or somewhere else that there is no base station on the ground, It uses the satellite as a hub. In this presentation I will explain vulnerabilities and ways to take advantage of A2G systems and other avionic components.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68774),('4_Sunday','09','09:00','09:59','N','AEV','','\'Hacking Aerospace Cybersecurity Regulation\'','\'Harley Geiger,Kaylin Trychon,Nicky Keeley\'','AEV_fe3ed70a773bf85168c7565ccdbd4df6','\'Title: Hacking Aerospace Cybersecurity Regulation
\nWhen: Sunday, Aug 9, 09:00 - 09:59 PDT
\nWhere: Aerospace Vlg
\nSpeakers:Harley Geiger,Kaylin Trychon,Nicky Keeley
\n
SpeakerBio:Harley Geiger\n, Director of Public Policy, Rapid7
\nHarley Geiger is Director of Public Policy at Rapid7, where he leads the company\'s policy engagement on cybersecurity, encryption, computer crime, exports, and digital trade issues. Prior to working at Rapid7, Geiger was Advocacy Director at the Center for Democracy & Technology (CDT), where he worked on issues related to government surveillance, privacy and computer crime. Prior to that, Geiger was Senior Legislative Counsel for U.S. Representative Zoe Lofgren of California, serving as lead staffer for technology policy. Geiger is an attorney and is CIPP/US certified.
\n
SpeakerBio:Kaylin Trychon\n
\nNo BIO available
\n
SpeakerBio:Nicky Keeley\n, Head of Cyber Security Oversight, Civil Aviation Authority
\nNicole leads the team responsible for regulatory cyber security oversight, for aviation in the UK. Her aim is to have a proportionate and effective approach that enables aviation to manage cyber security risks without compromising aviation safety, security or resilience (with a particular focus on critical national infrastructure). Having worked in a variety of industries in various GRC and technical information security roles, she loves the interconnected and diverse nature of aviation.
\n\n
\nDescription:
\nThe aerospace industry is highly regulated with a great deal of focus on cybersecurity. Other sectors have seen how good faith hackers and researchers can help increase resilience and highlight vulnerability – how best to do that in a highly regulated, safety critical industry like aerospace? Aerospace regulators have a key role in understanding risk and putting in place the legal frameworks and creating rules, regulations and best practice around good faith research, join us on a panel with the research community and aerospace regulators to chat about what where we are and what we need to do.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68775),('4_Sunday','10','10:00','10:30','N','AEV','','\'Trust And Truth In Space Situational Awareness\'','\'James Pavur\'','AEV_69147a38db4ae6a624299ab9e252325b','\'Title: Trust And Truth In Space Situational Awareness
\nWhen: Sunday, Aug 9, 10:00 - 10:30 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:James Pavur\n, DPhil Student, Oxford University
\nJames Pavur is a Rhodes Scholar at Oxford University working on a DPhil in Cyber Security. His academic research is primarily on the threats to satellite systems with a focus on satellite communications and trustworthy spaceflight operations. Prior to Oxford, he majored in Science, Technology and International Affairs (STIA) at Georgetown University where he graduated with the School of Foreign Service Dean’s Medal (highest cumulative GPA) in 2017.\n
He has held numerous internships and professional positions related to information security. This included acting as Director of Information Security for Students of Georgetown Inc. (The Corp), a student run non-profit with more than 300 employees. He has also assisted with computer crimes investigations as an intern with the United States Postal Service Office of the Inspector General, worked on embedded systems reverse-engineering as an intern at Booz Allen Hamilton, and even pentested air-conditioners for the Public Buildings Services while working for Telos Corporation.\n
Outside of computers, James enjoys flying kites and collecting rare and interesting teas.\n
\nTwitter: @JamesPavur
\n\n
\nDescription:
\nSpace Situational Awareness Data (SSA) is the lifeblood of responsible spaceflight. With tens of thousands of debris objects in orbit, knowing where and when collisions may occur is key to preventing lasting environmental harm. However, SSA data collection is inordinately complex, creating natural incentives for centralized information sharing. When actors lack the capability to independently monitor the state of orbit, they find themselves forced to trust third parties.\n
In this talk, we consider how a sufficiently motivated attacker might modify SSA repositories to deliberately conceal or falsify collision projections to influence the behaviors of satellite owners. In addition to a high-level discussion of the relevant threat model, we will present simulated implementations of these attacks. We will also briefly consider various mitigation techniques which can be employed by both SSA operators and data recipients against such attacks.\n
This talk will touch on basic principles of orbital dynamics and spaceflight operations but assumes no prior background in physics. It is intended to serve as starting point for those interested in how the physical dynamics of outer space can manifest as unique security challenges.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-space-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394328105943180\n
\n\'',NULL,68776),('4_Sunday','10','10:30','10:59','N','AEV','','\'747 Walkthrough From A Hacker\'s Perspective\'','\'Alex Lomas,Ken Munro\'','AEV_6c2a9eb2699dc505a32c3804a8321321','\'Title: 747 Walkthrough From A Hacker\'s Perspective
\nWhen: Sunday, Aug 9, 10:30 - 10:59 PDT
\nWhere: Aerospace Vlg
\nSpeakers:Alex Lomas,Ken Munro
\n
SpeakerBio:Alex Lomas\n
\nAlex Lomas is Pen Test Partner’s aerospace specialist. Alex undertakes penetration testing of traditional IT, such as networks, web applications, and APIs, as well as more aviation-specific areas including airport operational technology and avionics embedded systems such as inflight entertainment and e-enabled aircraft.
\n
SpeakerBio:Ken Munro\n
\nKen Munro is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He and colleagues hold private pilot’s licenses and have been interested in aviation security for many years. They also publish and blog about their research into aviation cyber security, covering topics from airborne connectivity, the potential risks of publicly available avionics component information, and even the entire attack surface of the modern airport. Ken and Pen Test Partners have also been invited to speak at various aviation industry events, and on aviation at specialist security events such as DEF CON’s Aviation Village, the Global Connected Aircraft Summit, and the Aviation ISAC Summit among others.
\n\n
\nDescription:
\nThis will be a tour of an end of life 747 airframe, covering a 101 of the cockpit systems and avionics bays. We will also be explaining the various systems & threat surfaces.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68777),('4_Sunday','11','11:00','11:59','N','AEV','','\'Critical Aerospace Cybersecurity: How Hacking And Designing Aerospace Systems Is Changing\'','\'Lawrence Rowell,Nathalie Feyt,Yannick Le Ray\'','AEV_bd261e07a870027b27aa1f489526e56b','\'Title: Critical Aerospace Cybersecurity: How Hacking And Designing Aerospace Systems Is Changing
\nWhen: Sunday, Aug 9, 11:00 - 11:59 PDT
\nWhere: Aerospace Vlg
\nSpeakers:Lawrence Rowell,Nathalie Feyt,Yannick Le Ray
\n
SpeakerBio:Lawrence Rowell\n
\nLawrence Rowell is the Product Security Officer for Thales Inflyt Experience. His responsibilities include cybersecurity governance, strategy and risk management for all business line products. He supports the continuous integration of cybersecurity in the product lifecycle from development to ongoing operations. He leads the cybersecurity product roadmap that includes new cybersecurity features and offerings. Lawrence also has 15 years of experience with cybersecurity in the finance industry, leading the cybersecurity program for a fortune 500 financial company. He graduated with an MS in Telecommunications Management from Oklahoma State University.
\n
SpeakerBio:Nathalie Feyt\n
\nNathalie Feyt - has worldwide responsibility of security activities for Thales Avionics, as Chief Product Security Officer. She leads the security solutions roadmap for the Thales aviation portfolio covering both airborne and ground operation systems to develop new generations of safe and secure avionics, enabling in-flight connectivity and digitalization of aviation operations. She also supports the governance of cybersecurity risks for products in operations. At a European policy level, she is the Chair of Cybersecurity for the ASD taskforce, and at the national level for France she is the Technical Expert Referee for Thales at Conseil de Cybersécurité du Transport Aérien.
\n
SpeakerBio:Yannick Le Ray\n
\nYannick Le Ray is an engineering graduate from Ecole Polytechnique of Montreal. He joined Thales in 2003 where he held a number of positions in bid and product management for air defence command & control systems as well as communication intelligence. Since 2018, Yannick has the worldwide responsibility of cybersecurity for the Thales aeronautics vertical including Air Traffic Management, Avionics & Airports.
\n\n
\nDescription:
\nAerospace is changing – Its digital transformation must now be synonymous with being cyber secure. In-cabin systems are looking more like your everyday living room and the numerous potential entry points must be tested for security. During this session we will take you through the offensive testing that we put systems through to show you what is happening to improve the life cycle of aviation systems thanks to cybersecurity-by-design principles influenced by a hack/fix process.\n
From design to operation, blue teams and red teams are working together for a first line of defense to help identify vulnerabilities and ensure more robust and resilient systems – systems which we all rely on, and must be certified by Airworthiness Authorities when safety is at stake.\n
Join Nathalie Feyt, Lawrence Rowell and Yannick Le Ray as they lead a presentation on securing avionics, passenger systems, and air traffic management systems, and show how industry designs, attacks, learns and improves aerospace systems.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-space-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394328105943180\n
\n\'',NULL,68778),('4_Sunday','12','12:00','12:59','N','AEV','','\'Cybersecurity Lessons Learned From Human Spaceflight\'','\'Pam Melroy\'','AEV_7d3514538fdad53070c487565faf9b38','\'Title: Cybersecurity Lessons Learned From Human Spaceflight
\nWhen: Sunday, Aug 9, 12:00 - 12:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Pam Melroy\n
\nPam Melroy is a retired US Air Force test pilot and former NASA astronaut and Space Shuttle commander. After NASA she worked at Lockheed Martin on the Orion lunar exploration vehicle program, the Federal Aviation Administration’s Office of Commercial Space Transportation, and at DARPA. She is now an independent consultant and advisor.
\n\n
\nDescription:
\nSpace is incredibly important in our daily lives – providing the GPS navigation on our phone and in our financial system, national security communications throughout the world, and remote sensing of weather conditions and other indicators of the health of the Earth. We’ve had a very complacent attitude about our satellites because physical access has been impossible. Now we know our key infrastructure is at threat on the ground, and it is in space as well from both physical and cyber threats. There are many important lessons to be learned about the software approach to human space flight and its high standards for software error rate and redundancy, tiered levels of access, distributed architecture, command protocols, and there are mistakes to learn from as well. The space industry is changing very rapidly. With commercial space stations, lunar exploration, and nation states competing for achievements – and resources – in space, we must understand the implications and prepare for the challenges ahead.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-space-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394328105943180\n
\n\'',NULL,68779),('4_Sunday','13','13:00','13:30','N','AEV','','\'Dissecting Wireless Privacy In Aviation\'','\'Martin Strohmeier\'','AEV_f8762a4b5435ab03adbbf9f9836aaba7','\'Title: Dissecting Wireless Privacy In Aviation
\nWhen: Sunday, Aug 9, 13:00 - 13:30 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Martin Strohmeier\n
\nMartin Strohmeier is a Junior Research Fellow of Kellogg College, University of Oxford and a Senior Scientist at the Swiss Cyber Defence Campus.The main focus of his work has been the design, implementation, and analysis of security protocols for cyber-physical systems, specifically those used in critical infrastructures such as aviation (civil and military). Using these domains as a driver for the real-world applicability of his research, his work has been published in many diverse venues, spanning wireless communications, cryptography, systems security, sensor networking, privacy, and aviation.\n
After his DPhil, he has been extending his interests towards areas of open-source intelligence, privacy issues in aviation and satellite environments, and most recently adversarial machine learning. Martin is also a co-founder of the aviation research network OpenSky where he is responsible for communication and research activities.\n
\n\n
\nDescription:
\nA multitude of wireless technologies are used within air traffic communication. From a conceptual perspective, all of them are insecure as confidentiality was never part of their design and they could not keep up with the change in threat models. This talk analyzes the current state of wireless privacy in aviation, covering air traffic control and datalink communication. We show how combining publicly available data sources enables global tracking of every aircraft for anyone interested. In particular, we present various case studies to demonstrate how anyone can undermine the privacy of military, governmental and corporate operators. Finally, we look at some industry responses and illustrate the futility of the current attempts to maintain privacy for aircraft owners in a world of ubiquitous sensor surveillance.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68780),('4_Sunday','13','13:30','13:59','N','AEV','','\'Breakdown Of The FAA\'s Privacy ICAO Address Program\'','\'Gui Michel\'','AEV_c2d684eb21e55e2517a647cb2bf90afd','\'Title: Breakdown Of The FAA\'s Privacy ICAO Address Program
\nWhen: Sunday, Aug 9, 13:30 - 13:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Gui Michel\n
\nGui is a Master student in the joint degree in Cybersecurity at EPFL and ETH Zürich. His research interests lie in distributed systems, computer security and privacy.
\n\n
\nDescription:
\nThe FAA launched the Privacy ICAO Address (PIA) program in January 2020 to address privacy concerns in General Aviation in the United States. This talk will present an analysis on the privacy performance of this program in its current state and our predictions for the future. We will demonstrate that it is possible to identify aircraft despite being enrolled in the program, using ADS-B data from crowdsourced networks. The privacy loss of participating aircraft over time is quantified through a purpose-built privacy simulator, showing that tracking is possible, even with a much greater participation in the program in the future. To address these issues, we will present two solutions that could significantly improve the privacy of the PIA program going forward.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68781),('4_Sunday','14','14:00','14:59','N','AEV','','\'Hack-A-Sat Closing Segment\'','\' \'','AEV_2dd9c024ba86e8b9d8cbdcdfd87a6cd8','\'Title: Hack-A-Sat Closing Segment
\nWhen: Sunday, Aug 9, 14:00 - 14:59 PDT
\nWhere: Aerospace Vlg
\n
\nDescription:
\nThis segment will officially end the Hack-A-Sat competition. Tune in for awards and celebrations!\n
This event will be coordinated on the DEF CON Discord server, in channel #av-hack-a-sat-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732393766677119087\n
\n\'',NULL,68782),('4_Sunday','15','15:00','15:59','N','AEV','','\'Cybersecurity Meets Aviation Regulation\'','\'Aaron Cornelius,Tim Brom\'','AEV_d0f61e13fa24920ecef9f24114d5ddee','\'Title: Cybersecurity Meets Aviation Regulation
\nWhen: Sunday, Aug 9, 15:00 - 15:59 PDT
\nWhere: Aerospace Vlg
\nSpeakers:Aaron Cornelius,Tim Brom
\n
SpeakerBio:Aaron Cornelius\n
\nAaron Cornelius is a Senior Security Researcher at GRIMM specializing in the security of automotive, aerospace, critical infrastructure and industrial control systems. Aaron has over 15 years developing embedded and safety critical systems for telecom, aviation, medical, and industrial applications.
\n
SpeakerBio:Tim Brom\n
\nTim Brom is the Managing, Senior Security Researcher for Embedded Systems at GRIMM specializing in automotive security research. Tim has over ten years experience as a software developer and security researcher with a focus on automotive, aerospace, critical infrastructure and industrial control systems. Additionally, Tim has contributed extensively to the development of CanCat, GRIMM’s open source CAN bus reverse-engineering tool, and CANT, a tool for interacting with CAN bus at the electrical layer. Tim was the lead engineer in the development of GRIMM’s car-hacking workbenches. Tim has also had publications about car-hacking tools and techniques, including on the Macchina M2.
\n\n
\nDescription:
\nSoftware development for aviation is highly regulated, and process driven. The current processes, as defined in DO-178C and related standards, originate from a history of designing and testing mechanical components. In the past you designed a part and once installed it only had to be monitored for physical condition. It was assumed that maintenance procedures would be able to identify which components are in flight condition and which are not. But now that there are USB ports and iPads in the cockpit, do these previous assumptions remain valid? How can we ensure that flight systems are not compromised after being installed? What can be done to help ensure aviation systems are secure?\n
There are 4 primary areas of concern on a modern aircraft:\n- Maintenance interfaces - What is necessary to ensure that software communicating with the aircraft is correct and operates in a secure manner?\n- Passenger interfaces - What is necessary to ensure that systems passengers interact with cannot interfere with the aircraft operation?\n- Crew accessible interfaces - What is necessary to ensure that the crew cannot accidentally connect a malicious device to flight systems?\n- Pre-flight software validation - Is there a procedure that could be used to ensure that the software running on aircraft systems is 100% correct and unmodified?\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68783),('4_Sunday','16','16:00','16:59','N','AEV','','\'What I Learned Trying To Hack A 737\'','\'Karl Koscher\'','AEV_f6da1f16dbca62103a5d3062e5c1655f','\'Title: What I Learned Trying To Hack A 737
\nWhen: Sunday, Aug 9, 16:00 - 16:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Karl Koscher\n
\nKarl Koscher is a research scientist working at the University of Washington Security and Privacy Research Lab where he specializes in wireless and embedded systems security. He led the first team to demonstrate a complete remote compromise of a car over cellular, Bluetooth, and other channels.
\n\n
\nDescription:
\nAs part of work looking at avionics security, we reverse-engineered two Communication Management Units used on 737s, and they are engineered unlike any other embedded system I’ve seen. CMUs must be certified to a high Design Assurance Level, but airlines typically want to add custom airline operations applications. This talk explores how these seemingly incompatible requirements are met in two very different ways, and takes a deep dive into how the CMUs work.\n
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.\n
\nDiscord: https://discord.com/channels/708208267699945503/732394164209057793\n
\n\'',NULL,68784),('2_Friday','11','11:00','11:45','N','BHV','','\'Fireside Chat with Dr. Amy Abernethy and Adama Ibrahim\'','\'Adama Ibrahim,Amy Abernethy\'','BHV_bede01c149bd1092baf742105f4b3823','\'Title: Fireside Chat with Dr. Amy Abernethy and Adama Ibrahim
\nWhen: Friday, Aug 7, 11:00 - 11:45 PDT
\nWhere: BioHacking Vlg
\nSpeakers:Adama Ibrahim,Amy Abernethy
\n
SpeakerBio:Adama Ibrahim\n
\nNo BIO available
\n
SpeakerBio:Amy Abernethy\n
\nAmy P. Abernethy, M.D., Ph.D. is an oncologist and internationally recognized clinical data expert and clinical researcher. As the Principal Deputy Commissioner of Food and Drugs, Dr. Abernethy helps oversee FDA’s day-to-day functioning and directs special and high-priority cross-cutting initiatives that impact the regulation of drugs, medical devices, tobacco and food. As acting Chief Information Officer, she oversees FDA’s data and technical vision, and its execution. She has held multiple executive roles at Flatiron Health and was professor of medicine at Duke University School of Medicine, where she ran the Center for Learning Health Care and the Duke Cancer Care Research Program. Dr. Abernethy received her M.D. at Duke University, where she did her internal medicine residency, served as chief resident, and completed her hematology/oncology fellowship. She received her Ph.D. from Flinders University, her B.A. from the University of Pennsylvania and is boarded in palliative medicine.
\n\n
\nDescription:
\nDiscussions around:
\n- Intersection of big data and patient rights\n- Real World Data and how to best serve patients in the digital era\n- Cybersecurity risk for medical devices\n- How FDA is working with security researchers (e.g., the FDA-led Evidence Accelerator at the FDA)
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68785),('2_Friday','11','11:30','11:59','N','BHV','','\'Porcupine: Rapid and robust tagging of physical objects using DNA with highly separable nanopore signatures\'','\'Katie Doroschak\'','BHV_5984d88f4a08c099dc886d5ba448f4c3','\'Title: Porcupine: Rapid and robust tagging of physical objects using DNA with highly separable nanopore signatures
\nWhen: Friday, Aug 7, 11:30 - 11:59 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Katie Doroschak\n
\nKatie Doroschak is a PhD candidate in the MISL lab in the Allen School for Computer Science & Engineering at the University of Washington. She specializes in data science & machine learning for computational & synthetic biology.
\n\n
\nDescription:
\nMolecular tagging is an approach to labeling physical objects using DNA or other molecules that can be used in cases where methods like RFID tags and QR codes are not suitable. No molecular tagging method exists that is inexpensive, fast and reliable to decode, and usable outside a lab setting to create or read tags. To address this, we present Porcupine, an end-user molecular tagging system that features DNA-based tags readable within seconds using a portable nanopore device. Porcupine\'s digital bits are represented by the presence or absence of distinct, nanopore-orthogonal DNA strands, which we call molecular bits (molbits). We classify molbits directly from the raw nanopore signal, avoiding basecalling. To extend the tag\'s shelf life, decrease readout time, and make tags robust to environmental contamination, molbits are prepared for readout during tag assembly and can be stabilized by dehydration. The result is an extensible, real time, high accuracy tagging system that includes a novel approach to developing nanopore-orthogonal barcodes.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68786),('2_Friday','12','12:00','12:59','N','BHV','','\'Redefining patient safety in the digital era\'','\'Dena Medelsohn,Jen Goldsack\'','BHV_76829a8b1e25d096e3fa952171af0886','\'Title: Redefining patient safety in the digital era
\nWhen: Friday, Aug 7, 12:00 - 12:59 PDT
\nWhere: BioHacking Vlg
\nSpeakers:Dena Medelsohn,Jen Goldsack
\n
SpeakerBio:Dena Medelsohn\n
\nDena Medelsohn is a passionate consumer advocate and boldly believe in data rights and access to quality healthcare. Dena is the director of health policy and data governance at Elektra Labs. Previously, Dena was the senior attorney at Consumer Reports.
\n
SpeakerBio:Jen Goldsack\n
\nJen Goldsack is the executive director of the Digital Medicine Society (DiMe), a 501c3 dedicated to advancing digital medicine to optimize human health. Jen’s research focuses on applied approaches to the safe, effective & equitable use of digital technologies to improve health, healthcare & health research.
\n\n
\nDescription:
\nDigital technologies are the future of medicine--and perhaps also public health--but these innovative tools that offer great promise for higher quality, more affordable, more accessible care also pose new risks to patients.\n
Using real-world examples, this presentation will make the case for expanding the list of harms considered when determining the risk-benefit profile of a medical product in the digital era of health. We will consider security practices -- and sometimes their absence -- and disparities in both access to technologies and technical literacy.\n
Digital technologies - and in particular remote monitoring technologies such as wearables and other in - home smart sensors have the potential to transform health, healthcare, and health research. But these innovative tools also pose new risks to patients.\n
Risk-benefit analysis is the bedrock of clinical decision making, from formulating individual treatment plans to drug approval decisions. However, while shaky data rights in the United States put patients at risk when they use digital health products, these risks are poorly understood and rarely included in risk-benefit analyses.\n
This presentation will illustrate the new risks to patients posed by their digital health footprint-from challenges accessing health care to discrimination in the workplace-and explain for readers why data rights and security must be folded into a contemporary definition of \'patient safety\'.\n
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68787),('2_Friday','13','13:00','13:59','N','BHV','','\'Russian Cyber Threats in The Pandemic Era\'','\'Dr. Khatuna Mshvidobadze\'','BHV_7b3db810fd29c0ebaca2009e8a93a190','\'Title: Russian Cyber Threats in The Pandemic Era
\nWhen: Friday, Aug 7, 13:00 - 13:59 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Dr. Khatuna Mshvidobadze\n
\nDr. Khatuna Mshvidobadze teaches cybersecurity and information management at Utica College and George Washington University. Her constantly updated “Russian Cyber Threats†has been presented around the world. Her articles have appeared throughout the international press.
\n\n
\nDescription:
\nRussia has seized upon the global Covid-19 pandemic as an opportunity to use its multifaceted, multidirectional information and cyberwarfare strategy against its prospective enemies. Russian state-sponsored hackers are using the coronavirus to spread different types of malware against western nations. Universities, hospitals and scientific facilities with access to classified information are targeted to steal data and research related to Covid-19. In this respect, the presentation will cover cyber-attack efforts against the healthcare industry in the United States and Europe. The presentation will discuss tactics, techniques and procedures (TTPs) of the advanced persistent threat (APT) groups. It will review Russian ransomware criminal actors and their communication channels (dark web).\n
The presentation also will highlight the role of the siloviki (people of power) in the country’s information warfare efforts. It will examine the structural units of the Russian Federal Security service (FSB) and Russian military intelligence (GRU), their projects and their networks of allied criminal groups. It will discuss how intelligence organizations are using APT groups through complex outsourcing strategies to conduct cyberwarfare over a broad spectrum.\nThe presentation suggests several factors that drive the current trends in Russian cyber capabilities. It will also survey current trends: growing sophistication of TTPs and tools, supply chain threats, false flag operations, deception tactics, third party entry vectors and cyber espionage. Finally, the Russian Cyber Threat presentation will cover the role and mission of the Russian Foundation for Advanced Research Projects in the Defense Industry, the Russian Army’s Technopolis, and Russia’s chemical, biological, medical, informational and research efforts.\n
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68788),('2_Friday','14','14:00','14:30','N','BHV','','\'Digital Health Technologies in the NIH All of Us Research Program\'','\'Michelle Holko\'','BHV_094ee944985e5f6c8e2fc7ee402463b4','\'Title: Digital Health Technologies in the NIH All of Us Research Program
\nWhen: Friday, Aug 7, 14:00 - 14:30 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Michelle Holko\n, PhD, PMP
\nMichelle Holko, PhD, PMP, is a White House Presidential Innovation Fellow working with NIH’s All of Us Research Program. Her technical expertise is in genomics and bioinformatics, and her work lies at the intersection of health and health security, technology, data/analytics, and biosecurity policy.
\n\n
\nDescription:
\nThe National Institutes of Health’s (NIH) All of Us Research Program (AoURP) aims to enroll at least one million US participants from diverse backgrounds; collect electronic health record (EHR) data, survey data, physical measurements, biospecimens for genomics and other assays, and digital health data; and create a researcher database and tools to enable precision medicine research. Since inception, digital health technologies (DHT) have been envisioned as integral to achieving the goals of the program. A “bring your own device†(BYOD) pilot for collecting Fitbit data from participants’ devices was developed with more recent integration of Apple HealthKit data donation and additional DHTs planned in the future. This presentation will describe 1) the initial process to assess, curate, and include Fitbit BYOD data in the All of Us Researcher Workbench, 2) the diversity and assessment of under-represented in biomedical research (UBR) in Fitbit BYOD participants compared with overall AoU participant population, and 3) future DHT studies planned for AoURP.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68789),('2_Friday','14','14:30','15:30','N','BHV','','\'Medical Device Vulnerability Disclosure\'','\'Chloé Messdaghi,Eirick Lurass,Casey John Ellis\'','BHV_b3cf285dacd2ccc97b1bdccb21e67862','\'Title: Medical Device Vulnerability Disclosure
\nWhen: Friday, Aug 7, 14:30 - 15:30 PDT
\nWhere: BioHacking Vlg
\nSpeakers:Chloé Messdaghi,Eirick Lurass,Casey John Ellis
\n
SpeakerBio:Chloé Messdaghi\n
\nChloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WomenHackerz & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine\'s The Uncommon Journey, and runs the Hacker Book Club.
\n
SpeakerBio:Eirick Lurass\n
\nEirick Lurass is a Chaotic Good Dual-class warrior mage. After trying many jobs, he eventually found out he could do magical things with computers. He works in MedSec and he spends most of his time failing and hearing no. His cats and dog still love him.
\n
SpeakerBio:Casey John Ellis\n, Founder and CTO, Bugcrowd
\nCasey Ellis is the Founder, Chairman and CTO of Bugcrowd and the co-founder of the The disclose.io Project. Casey has been making computers, companies, and markets misbehave for great justice since his youth, and pioneered the crowdsourced security-as-a-service industry in 2012.
\n\n
\nDescription:
\nHumans write code, humans make mistakes, and hackers are here to help. While this has been true since the beginning of the Internet, 2020 still see\'s laws like the DMCA and CFAA create a chilling effect on establishing a healthy \"Internet immune system\" between builders and breakers. In safety critical technology domains like Medical and Medical Devices, this has become especially obvious, and particularly urgent to solve. This mini-panel will run through the past, current, and future state of vulnerability disclosure in the medical sector; provide examples of where it has been needed, gone well, and where it has failed; and ends with an introduction to the The disclose.io Project and some practical steps that anyone in the audience can take to improve the ubiquity of healthy hacker/vendor relationships.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68790),('2_Friday','15','14:30','15:30','Y','BHV','','\'Medical Device Vulnerability Disclosure\'','\'Chloé Messdaghi,Eirick Lurass,Casey John Ellis\'','BHV_b3cf285dacd2ccc97b1bdccb21e67862','\'\'',NULL,68791),('2_Friday','15','15:30','15:59','N','BHV','','\'Hacking the Insulin Supply Chain To Save Lives\'','\'Anthony DiFranco\'','BHV_d0dfef42a12cc04ec554a52caea21b5c','\'Title: Hacking the Insulin Supply Chain To Save Lives
\nWhen: Friday, Aug 7, 15:30 - 15:59 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Anthony DiFranco\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68792),('2_Friday','16','16:15','16:45','N','BHV','','\'Cybersecurity informed consent for medical devices\'','\' \'','BHV_2c8999df9b9b410083a5cca126b3f270','\'Title: Cybersecurity informed consent for medical devices
\nWhen: Friday, Aug 7, 16:15 - 16:45 PDT
\nWhere: BioHacking Vlg
\n
\nDescription:
\nBuilding on conversation within the Biohacking Village at DEFCON 27, and expertise in clinical care and implementation science (Dameff, Doerr, Tully), cybersecurity in healthcare (Coravos, Dameff, Tully), device policy and regulation (Coravos, Doerr), and informed consent (Doerr), we have defined a framework for “cybersecurity informed consent,â€(CIC) a platform we hope will help directly address the patient (and clinician) awareness gap of the cybersecurity vulnerabilities of connected devices, enhancing the ecosystem of trust.(Tully, et al., 2020) In February 2020, we convened a 30-person advisory team comprised of white hat hackers, clinicians, and device makers focused on identifying potentially appropriate clinical scenarios for a demonstration of CIC, informed by legal and policy research performed by Science & Society Certificate Capstone students from Duke University (phase 2). We will present an overview of this work for comment and discussion as we move into the third phase of our project: implementation and assessment of CIC within the clinic.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68793),('2_Friday','16','16:45','17:45','N','BHV','','\'INCLUDES NO DIRT: Threat Modeling for Healthcare\'','\'\'','BHV_a229dcfb7705b0903ffc49b3c1b324fc','\'Title: INCLUDES NO DIRT: Threat Modeling for Healthcare
\nWhen: Friday, Aug 7, 16:45 - 17:45 PDT
\nWhere: BioHacking Vlg
\n
\nDescription:No Description available
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68794),('2_Friday','17','16:45','17:45','Y','BHV','','\'INCLUDES NO DIRT: Threat Modeling for Healthcare\'','\'\'','BHV_a229dcfb7705b0903ffc49b3c1b324fc','\'\'',NULL,68795),('3_Saturday','10','10:00','10:45','N','BHV','','\'DAY2 KEYNOTE: Understanding DIYBio and Community Labs - A Social Science Approach\'','\'Yong-Bee\'','BHV_7c0253b1e6a44046e7711d94c6d28c33','\'Title: DAY2 KEYNOTE: Understanding DIYBio and Community Labs - A Social Science Approach
\nWhen: Saturday, Aug 8, 10:00 - 10:45 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Yong-Bee\n
\nYong-Bee is a doctoral candidate at George Mason’s Biodefense program. He studies how biotechnology and society are expanding the population of those participating in the life sciences. He loves to go for hikes, travel outside the US, play video games, and strike up conversations with random people.
\n\n
\nDescription:
\nThe Do-It-Yourself Biology (DIYBio) community arose starting in the mid-2000\'s. This community falls is typically described in two ways in public discourse. More conservative elements paint this community as a cause of concern - increased access to life sciences technology, knowledge, and capabilities raises concerns that community members may produce biological products for harmful purposes. More progressive elements highlight that the self-enforcing nature of the community mitigates harmful outcomes, and that the DIYBio community can also contribute to society by addressing gaps in science education, innovation, and workforce training.\n
This presentation will be a distillation of work I have been doing during my PhD work to build a better understanding of community labs - one of several significant segments of the DIYBio community. I will provide a risk assessment framework that national security experts appear to use in assessing risks from emerging technologies and related phenomena. I will then describe how this risk assessment framework may interpret DIYBio as an emerging threat to national security. The remainder of the presentation will be on presenting the nuances that complicate this allegedly straightforward assessment.\n
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68796),('3_Saturday','11','11:00','11:30','N','BHV','','\'How COVID19 Changed Our Understanding of Cyber Disaster Medicine\'','\'Christian “quaddi†Dameff,Jeff “r3plicant†Tully\'','BHV_226b4ac69ab7ff8fea6221397c472dd5','\'Title: How COVID19 Changed Our Understanding of Cyber Disaster Medicine
\nWhen: Saturday, Aug 8, 11:00 - 11:30 PDT
\nWhere: BioHacking Vlg
\nSpeakers:Christian “quaddi†Dameff,Jeff “r3plicant†Tully
\n
SpeakerBio:Christian “quaddi†Dameff\n, MD, Physician & Medical Director of Security at The University of California San Diego
\nChristian (quaddi) Dameff MD is an Assistant Professor of Emergency Medicine, Biomedical Informatics, and Computer Science (Affiliate) at the University of California San Diego. He is also a hacker, former open capture the flag champion, and prior DEF CON/RSA/Blackhat/HIMSS speaker. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Published security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his sixteenth DEF CON.
\nTwitter: @CDameffMD
\n
SpeakerBio:Jeff “r3plicant†Tully\n, MD, Anesthesiologist at The University of California Davis
\nJeff (r3plicant) Tully is an anesthesiologist, pediatrician and security researcher with an interest in understanding the ever-growing intersections between healthcare and technology.
\nTwitter: @JeffTullyMD
\n\n
\nDescription:
\nEvangelists for improved security in healthcare have long been concerned about vulnerabilities and impacts stretching beyond privacy and personal health information into the disruption of care and worsening of patient outcomes. As the healthcare system struggles under the burden of the COVID-19 crisis, are there parallels between pandemic preparedness and response and the aims and objectives of healthcare security? Join quaddi and r3plicant, hackers who have been moonlighting as practicing physicians caring for COVID patients, as they discuss what recent experiences and events have taught them about how to reframe and re-address security challenges with the hard-earned hindsight and wisdom of medicine\'s collective struggles.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68797),('3_Saturday','12','12:00','12:30','N','BHV','','\'Medical Technology: How do we unfuck things\'','\'Veronica\'','BHV_ccc7d6b81c62853b547f50d91ffa6443','\'Title: Medical Technology: How do we unfuck things
\nWhen: Saturday, Aug 8, 12:00 - 12:30 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Veronica\n
\nVeronica started her forensic career in 2008. She is the Director of Incident Response within DFIRLABS. Veronica is also an Assistant Professor at Noroff University, where she will be given her own Minions to plan her world domination. Veronica holds a Master in Science at Rhodes University in Information Security with specialisation in the forensic analysis of malware. She prides herself in keeping patients safe as this is something which is near to her heart. She is also a cyborg sporting an embedded medical device herself. She also is a DEF CON Goon and she is the founder of DC2751.\nHer particular research interests include research into security vulnerabilities in medical devices forming part of the Internet of Things, and how these could be exploited by malicious attackers, as well as what types of forensic artefacts could be identified from any attacks. She is extremely passionate about protecting people whose lives depend on these medical devices, and her passion saw her becoming a researcher within an MDM . At her core Veronica is a forensicator and hacker and in love with every bit, byte and nibble of knowledge she has obtained.
\n\n
\nDescription:No Description available
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68798),('3_Saturday','12','12:30','13:30','N','BHV','','\'Advancing Medical Device Security – How collaboration between providers, manufacturers, and pen testers is advancing what’s possible with security.\'','\'Mitchell Parker\'','BHV_a68c3b0b22708ebc8ff3938a54c18feb','\'Title: Advancing Medical Device Security – How collaboration between providers, manufacturers, and pen testers is advancing what’s possible with security.
\nWhen: Saturday, Aug 8, 12:30 - 13:30 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Mitchell Parker\n
\nMitchell Parker is the CISO of a $6.5B integrated delivery network (IU Health) that runs 17 hospitals and hundreds of clinics, and is responsible for securing the networks that the devices which support them live on. He is also a vice chair of IEEE P2733, Trust, Integrity, Privacy, Protection, Safety, and Security for the Internet of Medical Things.
\n\n
\nDescription:
\nThis panel features five industry folks working toward improving medical device security through multiple channels and methods and discussing how provider, vendor, and security collaborations are leading toward significant improvements in medical device security.\n
These panelists and moderator represent the organizations working to actively collaborate between the independent researchers, device vendors, information security officers, clinical engineering, electronic medical records vendors, and security companies with a goal of continual improvement. These 5 represent part of a significantly larger effort, and have contributed to open standards.\n
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68799),('3_Saturday','13','12:30','13:30','Y','BHV','','\'Advancing Medical Device Security – How collaboration between providers, manufacturers, and pen testers is advancing what’s possible with security.\'','\'Mitchell Parker\'','BHV_a68c3b0b22708ebc8ff3938a54c18feb','\'\'',NULL,68800),('3_Saturday','14','14:00','14:30','N','BHV','','\'MedICS\'','\'Bryson Bort\'','BHV_4c22bff7c1bde2ec3859c15ba548a898','\'Title: MedICS
\nWhen: Saturday, Aug 8, 14:00 - 14:30 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Bryson Bort\n
\nFounder of SCYTHE, next generation attack emulation platform; GRIMM, cybersecurity consultancy; ICS Village Co-Founder, 501c3 for ICS security awareness. Senior Fellow for Cyber/National Security at R Street and National Security Institute; Advisor to the Army Cyber Institute and DHS/CISA.
\n\n
\nDescription:
\nCover what is ICS (industrial control systems), system architecture and typical hospital deployments, threat actors, and security roles and responsibilities (government, user, manufacturers).
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68801),('3_Saturday','14','14:45','15:15','N','BHV','','\'Towards an Institutional Review Board for Biohackers\'','\'Dr. Sarah Blossom Ware\'','BHV_82354c03541ca96c8415203fb4f0c3b6','\'Title: Towards an Institutional Review Board for Biohackers
\nWhen: Saturday, Aug 8, 14:45 - 15:15 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Dr. Sarah Blossom Ware\n
\nDr. Sarah Blossom Ware is Founder of BioBlaze Community Bio Lab in West Chicago, Illinois. She also teaches biology, humanities and writing at the university level. Sarah strives to bridge gaps between traditional scientists/members of regulatory agencies and non-traditional scientists/biohackers.
\n\n
\nDescription:
\nInstitutional Review Boards (IRBs) are groups that examine research plans of fellow members by applying community standards to that research. IRBs help researchers consider rigorous methodology, ethics and safety and the protection of vulnerable populations of people or animals. IRB approval is required by the FDA before human clinical trials can begin. People who serve on IRBs include general community members, researchers, bioethicists, physicians, clinicians, lawyers and members of regulatory agencies. Traditional research corporations and universities have internal IRBs, but external independent IRBs do also already exist. However, it is usually very expensive to hire an independent IRB, so most non-traditional scientists cannot afford it. This creates a major hindrance to bringing innovative human health related solutions to the general public. There has recently been a small grassroots push in the biohacking community to try to create an independent IRB for the biohacking community to help bridge this gap.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68802),('3_Saturday','15','14:45','15:15','Y','BHV','','\'Towards an Institutional Review Board for Biohackers\'','\'Dr. Sarah Blossom Ware\'','BHV_82354c03541ca96c8415203fb4f0c3b6','\'\'',NULL,68803),('3_Saturday','15','15:15','15:59','N','BHV','','\'DIY Diabetics and a Million Boluses\'','\'Dr. Mike Rushanan,Julian Suleder\'','BHV_0dbb2dd8194009e1a6af73020bd69a51','\'Title: DIY Diabetics and a Million Boluses
\nWhen: Saturday, Aug 8, 15:15 - 15:59 PDT
\nWhere: BioHacking Vlg
\nSpeakers:Dr. Mike Rushanan,Julian Suleder
\n
SpeakerBio:Dr. Mike Rushanan\n
\nDr. Mike Rushanan is the Director of Medical Security at Harbor Labs and is a security expert in diabetes management. Dr. Rushanan received his PhD in Computer Science through the Johns Hopkins University Health and Medical Security Lab studying under Dr. Avi Rubin.
\n
SpeakerBio:Julian Suleder\n
\nJulian Suleder is a Security Analyst & Researcher at ERNW Research GmbH in Heidelberg, Germany. His research interest is the security of medical devices as he holds a master’s degree in medical informatics from Heidelberg University and Heilbronn University, Germany.
\n\n
\nDescription:No Description available
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68804),('3_Saturday','16','16:00','16:30','N','BHV','','\'Chinese Military Labratory Mission + COVID-19\'','\'The Red Dragon\'','BHV_3d2c8e3ef7de21dbcb7aee7b1a9bf442','\'Title: Chinese Military Labratory Mission + COVID-19
\nWhen: Saturday, Aug 8, 16:00 - 16:30 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:The Red Dragon\n
\nNo BIO available
\n\n
\nDescription:
\nChinese Military Labratory Mission + COVID-19 discusses respectful research regarding military labs in the People\'s Republic of China and potential implications for weaponizing viruses, such as COVID-19. Audience will receive a filled experienced trip in the Chinese Military bio-weapons programs.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68805),('3_Saturday','16','16:30','17:30','N','BHV','','\'What\'s up with proposed privacy legislation and how to influence the debate\'','\'Lucia Savage \'','BHV_0a2c287ffd1d0721ba1f86617a55b164','\'Title: What\'s up with proposed privacy legislation and how to influence the debate
\nWhen: Saturday, Aug 8, 16:30 - 17:30 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Lucia Savage \n
\nLucia Savage is nationally recognized expert on health information privacy and the difference in US health privacy law i compared to other economic sectors like ad-tech or finance. From 2014 -2017 she served as Chief Privacy Office at the HHS Office of the National Coordinator for Health IT.
\n\n
\nDescription:
\nIn a Q/A format, with plenty of time for audience questions, Ms. Savage will explain the basic privacy legal landscape, what the hot debate topics are as people seek to change those laws nationally, and ways to influence the debate. At last count (June 4) there were three Covid-specific federal legislative proposal to oversee how commercial/ad-tech companies keep private the information they collect to help track Covid. There are approximately another 10 bills that propose to generally revamp ad-tech privacy on a national basis.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68806),('3_Saturday','17','16:30','17:30','Y','BHV','','\'What\'s up with proposed privacy legislation and how to influence the debate\'','\'Lucia Savage \'','BHV_0a2c287ffd1d0721ba1f86617a55b164','\'\'',NULL,68807),('4_Sunday','10','10:00','10:59','N','BHV','','\'DAY3 KEYNOTE: Why is Security Hard?\'','\'Seth Carmody\'','BHV_82c39123ca10e4d365c04a8afecae3ff','\'Title: DAY3 KEYNOTE: Why is Security Hard?
\nWhen: Sunday, Aug 9, 10:00 - 10:59 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Seth Carmody\n, PhD
\nSeth Carmody, PhD is the Vice President of Regulatory Strategy at MedCrypt. Prior to MedCrypt, Dr. Carmody worked as the cybersecurity program manager at the U.S. FDA\'s Center for Devices. Carmody brings eight years of experience in guiding medical device technology policy.
\n\n
\nDescription:
\nSecurity debt, the byproduct of market incentives, creates risk for healthcare stakeholders. The manifestation of that risk into harm and the resulting impact do not necessarily change active market incentives. As result, there is a series of cascading failures in the development, regulation, and maintenance of healthcare technology. Therefore, to make a significant impact on the security posture of healthcare and medical devices in particular, a system of policy and technological solutions must; align with active market incentives, enhance the effect of latent market incentives, or create new market incentives. A comprehensive solution is explored.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68808),('4_Sunday','10','10:30','10:59','N','BHV','','\'Infodemic: Threat models for patient communities on social networks\'','\'Andrea Downing\'','BHV_cc9107e65dec9c56ea2b3e39d0435e30','\'Title: Infodemic: Threat models for patient communities on social networks
\nWhen: Sunday, Aug 9, 10:30 - 10:59 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Andrea Downing\n
\nAndrea Downing is a Community Data Organizer, security researcher, and advocate hereditary cancer community. In 2018, she discovered the a security vulnerability that affected all closed groups on Facebook. She served on the organizing team at Stanford Medicine X.
\n\n
\nDescription:
\nPeople going through trauma are more vulnerable to misinformation. First coined by the World Health Organization, COVID19 has sparked a widespread infodemic. This talk will examine examples of disinformation campaigns. We\'ll look at ways that sock puppets target, scrape, at spread misinformation on COVID. Finally, we\'ll look at some examples of how disinformation has caused harm and loss of life for vulnerable populations.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68809),('4_Sunday','11','11:00','11:59','N','BHV','','\'How Independent Security Researchers work with Medical Device Manufacturers - The Bad, The Ugly & The Great (BUG)\'','\'Kyle Erickson,Natali,Peter,Veronica\'','BHV_cb5bf14b211cc1dbb44b647b84b4dbfb','\'Title: How Independent Security Researchers work with Medical Device Manufacturers - The Bad, The Ugly & The Great (BUG)
\nWhen: Sunday, Aug 9, 11:00 - 11:59 PDT
\nWhere: BioHacking Vlg
\nSpeakers:Kyle Erickson,Natali,Peter,Veronica
\n
SpeakerBio:Kyle Erickson\n
\nKyle Erickson, the Director of Product Security & Privacy Engineering, Cardiac Rhythm Heart Failure (CRHF), Medtronic. Leading a team of 10 engineers focused on Pre-Market & Post Market Medical Device Cyber Security. He has over a 10 years of incident response leadership at one of the largest HDOs.
\n
SpeakerBio:Natali\n
\nNatali brings over 10 years of experience, both as a researcher and a team leader, in the field of offensive cyber security and software development. After graduating magna cum laude B.Sc. in Computer Science at the age of 19, as part of a special program for gifted and talented kids, Natali was handpicked to an elite technology unit at 8200. As part of her military service, she researched various devices and platforms and designed and implemented mission-critical, zero fault software components. Following her military service, Natali joined Cellebrite, a global company that provides digital intelligence solutions for investigations and operations, as Vulnerability & Security Researcher. Her focus was on reverse engineering of mobile platforms, vulnerability research and exploitation and later on she served as a team leader, focusing on Linux kernel exploitation. Prior to founding Sternum, Natali held several security research related roles, including leading different R&D teams at two global cyber intelligence market leaders. In her (limited) spare time, Natali is a content junkie and writes short fiction stories. Natali holds an M.Sc. in Computer Science from Bar Ilan University.
\n
SpeakerBio:Peter\n
\nPeter came from Clever Security, a boutique security research company he founded. Clever Security focused on hardware and software reverse engineering, software defined radio, applied cryptography, exploitation and vulnerability research. Previously, he was CTO at Boldend, a cybersecurity-focused software defense contractor focused on cutting-edge research and development for the US DoD and Intelligence community. Before that, he was VP of Research and Development at Accuvant/Optiv where he led the Applied and Vulnerability Research teams focused on product security auditing, and capability development for the US DoD and Intelligence community. Before that, he was a security researcher with Matasano Security, where he was responsible for the Midwest practice region out of Chicago, IL. Peter’s career has focused on attacking the intersection of software and hardware to identify security vulnerabilities in products that most security researchers do not have the skillset to audit. While the vast majority of his work is protected via NDA some bespoke output is listed below.
\n
SpeakerBio:Veronica\n
\nVeronica started her forensic career in 2008. She is the Director of Incident Response within DFIRLABS. Veronica is also an Assistant Professor at Noroff University, where she will be given her own Minions to plan her world domination. Veronica holds a Master in Science at Rhodes University in Information Security with specialisation in the forensic analysis of malware. She prides herself in keeping patients safe as this is something which is near to her heart. She is also a cyborg sporting an embedded medical device herself. She also is a DEF CON Goon and she is the founder of DC2751.\nHer particular research interests include research into security vulnerabilities in medical devices forming part of the Internet of Things, and how these could be exploited by malicious attackers, as well as what types of forensic artefacts could be identified from any attacks. She is extremely passionate about protecting people whose lives depend on these medical devices, and her passion saw her becoming a researcher within an MDM . At her core Veronica is a forensicator and hacker and in love with every bit, byte and nibble of knowledge she has obtained.
\n\n
\nDescription:
\n\"Hear some of the top Security Researchers share their trials and tribulations with Medical Device Manufacturers.\n
Topics will include:
\nHow they have succeeded in their interactions with larger organizations and what they are working on next.\nThe success stories and failures of working with Medical Device Manufacturers.\nHow working with diverse backgrounds and being open to researchers has helped one company mature its cybersecurity program.\nWhat is a proactive security approach and how can it help anticipate failure?\nHow can we tackle the legacy device problem?\nExplore new ways the community can bring innovative solutions to Medical Device Security.\"\n
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68810),('4_Sunday','12','12:30','12:59','N','BHV','','\'How to Grow a Brain in a Jar - Neuroengineering 101\'','\'Jack\'','BHV_c04674efbcf16353cd46a2f3436c4054','\'Title: How to Grow a Brain in a Jar - Neuroengineering 101
\nWhen: Sunday, Aug 9, 12:30 - 12:59 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Jack\n
\nJack is a biomedical engineer, implantable hardware developer, and EMT. His research involves developing new tools for studying and interacting with the nervous system, including culture systems for emulating brain regions in miniature outside of the body for bioelectrical and neurochemical study.
\n\n
\nDescription:
\nAs the organ of consciousness, the brain represents the ultimate target for researchers and biohackers interested in investigating and eventually modifying the human organism. Advanced monitoring systems and - more recently - early prostheses targeting the central nervous system have been developed. At the same time, dramatic progress in cell culture techniques and stem cell differentiation have allowed for the creation of autonomous neural structures and “mini-brains†ex-vivo, which have been used for therapeutic purposes, microphysiological studies, and more. Additionally, researchers have worked towards creating electronics that mimic the function of the nervous system to enhance computing capabilities. All three of these thrusts fall under the broader umbrella of neuroengineering. This talk aims to provide a crash course in recent developments in the field of neuroengineering, and to show how some of this research might be replicated in the home lab. Come learn about the bleeding edge of neuroengineering, as these technologies begin to move out of the lab and into the biohacking world, and as the line between human and machine grows ever blurrier.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68811),('4_Sunday','13','13:15','13:45','N','BHV','','\'The Underestimated Threat Vector: Homogeneity\'','\'Vidya Murthy\'','BHV_e42969b6c076a87da17e7823d2e6d71c','\'Title: The Underestimated Threat Vector: Homogeneity
\nWhen: Sunday, Aug 9, 13:15 - 13:45 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Vidya Murthy\n, Vice President Operations, MedCrypt
\nVidya is fascinated by the impact of cybersecurity on the healthcare space. Beginning her career in consulting, she realized a passion for healthcare and worked for global medical device manufacturer Becton Dickinson. She has since joined MedCrypt, a company focused on bringing cybersecurity leading practices to medical device manufacturers. Vidya holds an MBA from the Wharton School.
\n\n
\nDescription:
\nThe number of times I\'ve heard it\'s a pipeline issue and there just aren\'t enough candidates enrages me. And yet when I finally have the ability and breath to actually make change, I\'m struggling to find candidates. What am I doing wrong? And if with all my intent I\'m still struggling, what hope is there for the industry? This talk explores why the burden of dismantling systemic racism in cybersecurity requires practitioners of every race, sector, and discipline.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68812),('4_Sunday','13','13:30','14:30','N','BHV','','\'Making Next Generation Drugs at Home\'','\'Mixæl Swan Laufer\'','BHV_cad672509a0e9496e0c2abf26d096dc2','\'Title: Making Next Generation Drugs at Home
\nWhen: Sunday, Aug 9, 13:30 - 14:30 PDT
\nWhere: BioHacking Vlg
\n
SpeakerBio:Mixæl Swan Laufer\n
\nMixæl Swan Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of global health and human rights. Perpetually disruptive, he continues to work to make it possible for people to manufacture their own medications at home.
\n\n
\nDescription:
\nThe structures of drugs and their delivery mechanisms have become orders of magnitude more sophisticated in recent years. Polymer subdermal trickle-delivery implants can now be manufactured with a 3D printer filament extruder. We can now find simple new synthesis pathways for complex molecules using machine learning systems, and these compounds can be made at home. The Four Thieves Vinegar Collective will show the free, open access, supercomputing platform they have built so that anyone can do research in this arena independently on our hardware. Additionally, they will show the latest version of the automated chemical reactor, the Apothecary Microlab, which requires no soldering, and is built entirely from off-the-shelf and 3D printed parts.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68813),('4_Sunday','14','13:30','14:30','Y','BHV','','\'Making Next Generation Drugs at Home\'','\'Mixæl Swan Laufer\'','BHV_cad672509a0e9496e0c2abf26d096dc2','\'\'',NULL,68814),('4_Sunday','14','14:00','14:30','N','BHV','','\'Open Ventilator Remote Monitoring Project\'','\' \'','BHV_a066ee906e951f81c42a5886b5636e98','\'Title: Open Ventilator Remote Monitoring Project
\nWhen: Sunday, Aug 9, 14:00 - 14:30 PDT
\nWhere: BioHacking Vlg
\n
\nDescription:
\n2020 has been the year of COVID-19. The healthcare sector has been on the frontlines of battling this pandemic. There was significant projected demand for rapidly-manufactured ventilators during the early stages of the COVID-19 pandemic in the United States. Massachusetts was hard hit during the early stages of this pandemic, and the state’s largest healthcare delivery organization brought together the open source community to develop new technologies and processes for rapidly developing resources needed to treat predicted growth of infections. The open source community came together to develop rapid prototype ventilators that could be potentially mass produced in quick succession. Many of these devices did not have built-in monitoring capabilities, so there was an anticipated need for staff to adequately track alarms in a centralized manner for these devices.\n
The Open Ventilator Monitoring Project addressed this need by rapidly creating a system that allows hospitals to monitor alarms and patient data from ventilators, integrating the status of multiple devices into a single display, similar to a central nursing station. During the design process of this project, an additional need was brought to the team’s attention. Due to infection control procedures that require closing doors to patient rooms, clinical staff were unable to hear alarms from ventilators that were not already integrated into a traditional central monitoring system. The team then pivoted to develop a solution to modify the hardware and software system to include the ability to auditorily monitor and alert based on the sound pressure of these ventilator alarms.\n
\nTo date, the team has delivered a Minimum Viable Product (MVP), which has undergone limited lab testing in the Massachusetts General Hospital’s Medical Device Interoperability and Cybersecurity Program Lab (MGH MD PnP). The project has longer term goals of safety/integration, and ultimately, deployment within settings such as field hospitals. It is expected that this project\'s capabilities may be useful to many hospitals, extending beyond the constantly-changing emergency of COVID-19\'s spread.\n
This open source project is led by Sam Cervantes, MakerGear CTO and David Guffrey, MGB/Partners HealthCare Medical Device Cybersecurity Program Lead and includes ten contributors from the open source community, students, clinical engineers, and MITRE. The project utilizes both a cloud-based and embedded architecture, deployed on affordable & widely available consumer-grade hardware such as Raspberry Pi & Arduino. Software stacks used include Ruby on Rails, Javascript, Python, and C++.\n
While the software has been designed to monitor ventilators, the project\'s architecture - utilizing APIs and plugins - is extensible to other network environments and other device types.\n
Ultimately, hospitals in the U.S. have not experienced a shortage of traditional ventilators, and so our software was not needed during the Covid-19 crisis. However, we present a framework for rapidly developing software in crisis situations along with a set of lessons learned for those who follow in future crises.\n
In this talk, we will cover topics such as:\n
\n - The project\'s roots in remotely monitoring 3D printers;\n
- Current technical challenges, both solved and unsolved, such as the need for security and the pre-eminence of reliability;\n
- Special considerations required for IT developers entering into industries such as healthcare, where safety is paramount;\n
- The technical difficulties of implementing the project with constantly-evolving requirements;\n
- Lessons learned in the socio-technical challenges to adoption of such work, such as regulatory uncertainty with FDA’s Emergency Use Authorization (EUA), finding corporate supporters and use cases, and moving beyond a minimum viable product.\n
- Lessons learned in product development during a crisis, such as the tradeoffs between deployment speed and stability\n
- Future developments / use-cases in broader sound-monitoring other medical devices (e.g. infusion pumps)\n
- Optional: live demo of hardware/software
\n\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68815),('4_Sunday','14','14:45','16:45','N','BHV','','\'Securing Your Medical Device Network on a Shoestring Budget\'','\'\'','BHV_5e8220aaa420787fbbc306a907228bf3','\'Title: Securing Your Medical Device Network on a Shoestring Budget
\nWhen: Sunday, Aug 9, 14:45 - 16:45 PDT
\nWhere: BioHacking Vlg
\n
\nDescription:No Description available
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68816),('4_Sunday','15','14:45','16:45','Y','BHV','','\'Securing Your Medical Device Network on a Shoestring Budget\'','\'\'','BHV_5e8220aaa420787fbbc306a907228bf3','\'\'',NULL,68817),('4_Sunday','16','14:45','16:45','Y','BHV','','\'Securing Your Medical Device Network on a Shoestring Budget\'','\'\'','BHV_5e8220aaa420787fbbc306a907228bf3','\'\'',NULL,68818),('2_Friday','10','10:00','10:50','N','CHV','','\'Automotive In-Vehicle Networks\'','\'Kamel Ghali\'','CHV_6815412023ea667fae5ab28708fd4acb','\'Title: Automotive In-Vehicle Networks
\nWhen: Friday, Aug 7, 10:00 - 10:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Kamel Ghali\n
\nKamel Ghali is a veteran of the automotive security industry, with experience working both within the automotive industry and as an external consultant. His passion for automotive security goes beyond his work, with him volunteering as an instructor for the Society of Automotive Engineers (SAE) Cyber Auto Challenge and leading the Japanese branch of the Automotive Security Research Group (ASRG). He\'s a two-time finalist of the Car Hacking Village\'s annual DefCon CTF and active member of the CHV community. He currently works at White Motion, an automotive cybersecurity firm based in Tokyo, Japan.
\n\n
\nDescription:
\nModern vehicles are home to tens of Electronic Control Units (ECUs) that each manage a different subsystem of the vehicle. With the control of the vehicle distributed across so many machines, sharing information in a robust, timely manner becomes a necessity. In-Vehicle Networks were developed to meet these communication needs, bringing functionality optimized for the automotive environment into the industry. In this CHV101 lecture, we\'ll explore the different In-Vehicle Network technologies used in vehicles today and each of their strengths and applications.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68819),('2_Friday','11','11:00','11:50','N','CHV','','\'OBD and what we CAN do with it\'','\'Infenet\'','CHV_c48b631cd11f116df5139848b874f8a9','\'Title: OBD and what we CAN do with it
\nWhen: Friday, Aug 7, 11:00 - 11:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Infenet\n
\nLifelong hacker and hacker of all the things. Founder of Enterprise Offensive Security, creator of security tools for DevOps Engineers such as auto-remediation using AWS Lambda and CIS Compliance Scanning Tools, SSO implementations on the Service Provider and Identity Provider side(s). Simulated Advanced Persistent Threat Actor. Started DEFCON group in Detroit DC313 and Director of #misec Detroit.
\n\n
\nDescription:
\nLearn about the history of on-board diagnostics, OBD I and II Standards, Data Is Accessible From the OBD II and Architecture of OBD-II and CAN.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68820),('2_Friday','12','12:00','12:50','N','CHV','','\'Fundamentals of Diagnostic Requests over CAN Bus\'','\'Robert Leale (CarFuCar)\'','CHV_d9a691f43983d1c3706500c67f8e92c6','\'Title: Fundamentals of Diagnostic Requests over CAN Bus
\nWhen: Friday, Aug 7, 12:00 - 12:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Robert Leale (CarFuCar)\n
\nRobert Leale (@carfucar) is an automotive hacker and a founding member of the Car Hacking Village. For more information please visit carhackingvillage.com/about
\nTwitter: @carfucar
\n\n
\nDescription:
\nData can be requested using CAN Network, but what data can you ask for? How do you know how to send requests? What type of requests can you send? What can data do with the data that you get back? How do you handle errors? So many questions on how to get started. We will answer the fundamentals of shaping a request and handling the response.Diagnostics are a way of communicating directly with Electronic Control Units in vehicle. UDS is a standard diagnostic protocol. We will explore how to format a UDS request and handle its response.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68821),('2_Friday','13','13:00','13:50','N','CHV','','\'Cluster fuzz!\'','\'Mintynet\'','CHV_05febe3643aa95ea518f857e818f94f1','\'Title: Cluster fuzz!
\nWhen: Friday, Aug 7, 13:00 - 13:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Mintynet\n
\nNetwork / security architect that has a passion for car hacking, found vulnerabilities in his own car and also private Car bug bounties. Now runs Car Hacking Village UK and is part of the team behind CHV at defcon\n
LinkedIn https://www.linkedin.com/in/mintynet/\nTwitter: https://twitter.com/mintynet
\nWebsite: www.mintynet.com \n
\nTwitter: @mintynet
\n\n
\nDescription:
\nHow to get started in #carhacking using cheap CAN hardware and an instrument cluster, shows the hardware needed and an example of a cluster. Then show some fuzzing of the cluster, including some tips for the CTF.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68822),('2_Friday','14','14:00','14:50','N','CHV','','\'Bluetooth Security in Automotive\'','\'Kamel Ghali\'','CHV_31883c1307ecd59cebf9fab559c7e0cc','\'Title: Bluetooth Security in Automotive
\nWhen: Friday, Aug 7, 14:00 - 14:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Kamel Ghali\n
\nKamel Ghali is a veteran of the automotive security industry, with experience working both within the automotive industry and as an external consultant. His passion for automotive security goes beyond his work, with him volunteering as an instructor for the Society of Automotive Engineers (SAE) Cyber Auto Challenge and leading the Japanese branch of the Automotive Security Research Group (ASRG). He\'s a two-time finalist of the Car Hacking Village\'s annual DefCon CTF and active member of the CHV community. He currently works at White Motion, an automotive cybersecurity firm based in Tokyo, Japan.
\n\n
\nDescription:
\nBluetooth is a short-range cable replacement technology that is found in millions of IoT devices around the world. Due to its ubiquity and breadth of functionality, it\'s been seen in vehicles as early as the late 2000s. While commonly used for phonebook access, hands-free phone usage, and media control, Bluetooth is nonetheless an important vector to consider when analyzing a vehicle\'s security case. In this CHV101 lecture, we\'ll explore Bluetooth as a technology and its relevance to automotive cybersecurity.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68823),('2_Friday','15','15:00','15:50','N','CHV','','\'Automotive Ethernet for the rest of us\'','\'Infenet\'','CHV_73a692aeeb5d8a6d0dcbb4507ef4c5f0','\'Title: Automotive Ethernet for the rest of us
\nWhen: Friday, Aug 7, 15:00 - 15:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Infenet\n
\nLifelong hacker and hacker of all the things. Founder of Enterprise Offensive Security, creator of security tools for DevOps Engineers such as auto-remediation using AWS Lambda and CIS Compliance Scanning Tools, SSO implementations on the Service Provider and Identity Provider side(s). Simulated Advanced Persistent Threat Actor. Started DEFCON group in Detroit DC313 and Director of #misec Detroit.
\n\n
\nDescription:
\nDiscover the latest in Automotive Ethernet adoption, learn who is using Automotive Ethernet and why are they using Automotive Ethernet.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68824),('2_Friday','16','16:00','16:50','N','CHV','','\'Car (to Cloud) Talk: Using MQTT for Car Hacking\'','\'Jaime\'','CHV_58746d16aaf5cd61606377aec474c869','\'Title: Car (to Cloud) Talk: Using MQTT for Car Hacking
\nWhen: Friday, Aug 7, 16:00 - 16:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Jaime\n
\nJaime is an EE turned software developer turned security researcher. She caught the infosec bug through playing CTFs, and now works at GRIMM hacking cars. In her spare time, she adds LEDs to things and hangs out with her dog.
\n\n
\nDescription:
\nAs with IoT, cars are becoming increasingly \"smart\". In the automotive and trucking world, this means adding the ability to collect real-time telemetry data, gather information for predictive maintenance, as well as consumer features like remote lock/unlock. This talk will cover the internals of how MQTT--a lightweight messaging protocol frequently used in automotive and IoT--works, and how it\'s used in automotive applications.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68825),('3_Saturday','10','10:00','10:50','N','CHV','','\'Automotive In-Vehicle Networks\'','\'Kamel Ghali\'','CHV_93a4c35236124223b08fa711958507c8','\'Title: Automotive In-Vehicle Networks
\nWhen: Saturday, Aug 8, 10:00 - 10:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Kamel Ghali\n
\nKamel Ghali is a veteran of the automotive security industry, with experience working both within the automotive industry and as an external consultant. His passion for automotive security goes beyond his work, with him volunteering as an instructor for the Society of Automotive Engineers (SAE) Cyber Auto Challenge and leading the Japanese branch of the Automotive Security Research Group (ASRG). He\'s a two-time finalist of the Car Hacking Village\'s annual DefCon CTF and active member of the CHV community. He currently works at White Motion, an automotive cybersecurity firm based in Tokyo, Japan.
\n\n
\nDescription:
\nModern vehicles are home to tens of Electronic Control Units (ECUs) that each manage a different subsystem of the vehicle. With the control of the vehicle distributed across so many machines, sharing information in a robust, timely manner becomes a necessity. In-Vehicle Networks were developed to meet these communication needs, bringing functionality optimized for the automotive environment into the industry. In this CHV101 lecture, we\'ll explore the different In-Vehicle Network technologies used in vehicles today and each of their strengths and applications.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68826),('3_Saturday','11','11:00','11:50','N','CHV','','\'OBD and what we CAN do with it\'','\'Infenet\'','CHV_aff7e5c61da7b71c2c1ab31ef4582ac2','\'Title: OBD and what we CAN do with it
\nWhen: Saturday, Aug 8, 11:00 - 11:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Infenet\n
\nLifelong hacker and hacker of all the things. Founder of Enterprise Offensive Security, creator of security tools for DevOps Engineers such as auto-remediation using AWS Lambda and CIS Compliance Scanning Tools, SSO implementations on the Service Provider and Identity Provider side(s). Simulated Advanced Persistent Threat Actor. Started DEFCON group in Detroit DC313 and Director of #misec Detroit.
\n\n
\nDescription:
\nLearn about the history of on-board diagnostics, OBD I and II Standards, Data Is Accessible From the OBD II and Architecture of OBD-II and CAN.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68827),('3_Saturday','12','12:00','12:50','N','CHV','','\'Fundamentals of Diagnostic Requests over CAN Bus\'','\'Robert Leale (CarFuCar)\'','CHV_556cd415e445de5590dc39457020a361','\'Title: Fundamentals of Diagnostic Requests over CAN Bus
\nWhen: Saturday, Aug 8, 12:00 - 12:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Robert Leale (CarFuCar)\n
\nRobert Leale (@carfucar) is an automotive hacker and a founding member of the Car Hacking Village. For more information please visit carhackingvillage.com/about
\nTwitter: @carfucar
\n\n
\nDescription:
\nData can be requested using CAN Network, but what data can you ask for? How do you know how to send requests? What type of requests can you send? What can data do with the data that you get back? How do you handle errors? So many questions on how to get started. We will answer the fundamentals of shaping a request and handling the response.Diagnostics are a way of communicating directly with Electronic Control Units in vehicle. UDS is a standard diagnostic protocol. We will explore how to format a UDS request and handle its response.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68828),('3_Saturday','13','13:00','13:50','N','CHV','','\'Cluster fuzz!\'','\'Mintynet\'','CHV_89a3649a727d03a8c4e037db10e0d70f','\'Title: Cluster fuzz!
\nWhen: Saturday, Aug 8, 13:00 - 13:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Mintynet\n
\nNetwork / security architect that has a passion for car hacking, found vulnerabilities in his own car and also private Car bug bounties. Now runs Car Hacking Village UK and is part of the team behind CHV at defcon\n
LinkedIn https://www.linkedin.com/in/mintynet/\nTwitter: https://twitter.com/mintynet
\nWebsite: www.mintynet.com \n
\nTwitter: @mintynet
\n\n
\nDescription:
\nHow to get started in #carhacking using cheap CAN hardware and an instrument cluster, shows the hardware needed and an example of a cluster. Then show some fuzzing of the cluster, including some tips for the CTF.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68829),('3_Saturday','14','14:00','14:50','N','CHV','','\'Bluetooth Security in Automotive\'','\'Kamel Ghali\'','CHV_e8daf5aed963b21b996b289e061e7c0f','\'Title: Bluetooth Security in Automotive
\nWhen: Saturday, Aug 8, 14:00 - 14:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Kamel Ghali\n
\nKamel Ghali is a veteran of the automotive security industry, with experience working both within the automotive industry and as an external consultant. His passion for automotive security goes beyond his work, with him volunteering as an instructor for the Society of Automotive Engineers (SAE) Cyber Auto Challenge and leading the Japanese branch of the Automotive Security Research Group (ASRG). He\'s a two-time finalist of the Car Hacking Village\'s annual DefCon CTF and active member of the CHV community. He currently works at White Motion, an automotive cybersecurity firm based in Tokyo, Japan.
\n\n
\nDescription:
\nBluetooth is a short-range cable replacement technology that is found in millions of IoT devices around the world. Due to its ubiquity and breadth of functionality, it\'s been seen in vehicles as early as the late 2000s. While commonly used for phonebook access, hands-free phone usage, and media control, Bluetooth is nonetheless an important vector to consider when analyzing a vehicle\'s security case. In this CHV101 lecture, we\'ll explore Bluetooth as a technology and its relevance to automotive cybersecurity.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68830),('3_Saturday','15','15:00','15:50','N','CHV','','\'Automotive Ethernet for the rest of us\'','\'Infenet\'','CHV_569728a33a4ebabc6c87683723cbd02f','\'Title: Automotive Ethernet for the rest of us
\nWhen: Saturday, Aug 8, 15:00 - 15:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Infenet\n
\nLifelong hacker and hacker of all the things. Founder of Enterprise Offensive Security, creator of security tools for DevOps Engineers such as auto-remediation using AWS Lambda and CIS Compliance Scanning Tools, SSO implementations on the Service Provider and Identity Provider side(s). Simulated Advanced Persistent Threat Actor. Started DEFCON group in Detroit DC313 and Director of #misec Detroit.
\n\n
\nDescription:
\nDiscover the latest in Automotive Ethernet adoption, learn who is using Automotive Ethernet and why are they using Automotive Ethernet.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68831),('3_Saturday','16','16:00','16:50','N','CHV','','\'Car (to Cloud) Talk: Using MQTT for Car Hacking\'','\'Jaime\'','CHV_b20d5cf3bf61788f653050c0956f89eb','\'Title: Car (to Cloud) Talk: Using MQTT for Car Hacking
\nWhen: Saturday, Aug 8, 16:00 - 16:50 PDT
\nWhere: Car Hacking Vlg 101
\n
SpeakerBio:Jaime\n
\nJaime is an EE turned software developer turned security researcher. She caught the infosec bug through playing CTFs, and now works at GRIMM hacking cars. In her spare time, she adds LEDs to things and hangs out with her dog.
\n\n
\nDescription:
\nAs with IoT, cars are becoming increasingly \"smart\". In the automotive and trucking world, this means adding the ability to collect real-time telemetry data, gather information for predictive maintenance, as well as consumer features like remote lock/unlock. This talk will cover the internals of how MQTT--a lightweight messaging protocol frequently used in automotive and IoT--works, and how it\'s used in automotive applications.
\n
\n#chv-101-talks-text: https://discord.com/channels/708208267699945503/735651343007744051\n
YouTube: https://www.youtube.com/watch?v=N4y_K4GGsLs\n
\'',NULL,68832),('3_Saturday','10','10:00','10:59','N','ETV','','\'Killer Robots Reconsidered\'','\'Diane Vavrichek,Larry Lewis\'','ETV_827c69be7a3083d7bba4d54b44af99b2','\'Title: Killer Robots Reconsidered
\nWhen: Saturday, Aug 8, 10:00 - 10:59 PDT
\nWhere: Ethics Vlg
\nSpeakers:Diane Vavrichek,Larry Lewis
\n
SpeakerBio:Diane Vavrichek\n
\nNo BIO available
\n
SpeakerBio:Larry Lewis\n
\nNo BIO available
\n\n
\nDescription:
\nThis will be a live talk.
\n
\nTwitch: https://www.twitch.tv/ethicsvillage\n
#ev-talks-voice: https://discord.com/channels/708208267699945503/730299696454696980\n
#ev-general-text: https://discord.com/channels/708208267699945503/732732980342030449\n
\'',NULL,68833),('3_Saturday','12','12:00','14:10','N','ETV','','\'Vote @ Home Workshop\'','\'Andrea Matwyshyn\'','ETV_11c1e359f7585d060a727ed2e8d98788','\'Title: Vote @ Home Workshop
\nWhen: Saturday, Aug 8, 12:00 - 14:10 PDT
\nWhere: Ethics Vlg
\n
SpeakerBio:Andrea Matwyshyn\n
\nNo BIO available
\n\n
\nDescription:
\nThis will be a 40-minute pre-recorded talk, followed by a 30-minute live Q&A session.
\n
\nTwitch: https://www.twitch.tv/ethicsvillage\n
#ev-talks-voice: https://discord.com/channels/708208267699945503/730299696454696980\n
#ev-general-text: https://discord.com/channels/708208267699945503/732732980342030449\n
\'',NULL,68834),('3_Saturday','13','12:00','14:10','Y','ETV','','\'Vote @ Home Workshop\'','\'Andrea Matwyshyn\'','ETV_11c1e359f7585d060a727ed2e8d98788','\'\'',NULL,68835),('3_Saturday','14','12:00','14:10','Y','ETV','','\'Vote @ Home Workshop\'','\'Andrea Matwyshyn\'','ETV_11c1e359f7585d060a727ed2e8d98788','\'\'',NULL,68836),('2_Friday','14','14:00','14:59','N','ETV','','\'Models of Privacy Norms\'','\'R. Jason Cronk,Ece Gumusel\'','ETV_072307535589b9187147eeccf955c31a','\'Title: Models of Privacy Norms
\nWhen: Friday, Aug 7, 14:00 - 14:59 PDT
\nWhere: Ethics Vlg
\nSpeakers:R. Jason Cronk,Ece Gumusel
\n
SpeakerBio:R. Jason Cronk\n
\nNo BIO available
\n
SpeakerBio:Ece Gumusel\n
\nNo BIO available
\n\n
\nDescription:
\nThis will be a live talk.
\n
\nTwitch: https://www.twitch.tv/ethicsvillage\n
#ev-talks-voice: https://discord.com/channels/708208267699945503/730299696454696980\n
#ev-general-text: https://discord.com/channels/708208267699945503/732732980342030449\n
\'',NULL,68837),('4_Sunday','12','12:00','12:59','N','ETV','','\'How to Start a Movement: Hackers Edition\'','\'Chloé Messdaghi\'','ETV_e0fdcd9f752bfece3e79c7e3d088735f','\'Title: How to Start a Movement: Hackers Edition
\nWhen: Sunday, Aug 9, 12:00 - 12:59 PDT
\nWhere: Ethics Vlg
\n
SpeakerBio:Chloé Messdaghi\n
\nChloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WomenHackerz & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine\'s The Uncommon Journey, and runs the Hacker Book Club.
\n\n
\nDescription:
\nThis will be a live talk.
\n
\nTwitch: https://www.twitch.tv/ethicsvillage\n
#ev-talks-voice: https://discord.com/channels/708208267699945503/730299696454696980\n
#ev-general-text: https://discord.com/channels/708208267699945503/732732980342030449\n
\'',NULL,68838),('4_Sunday','14','14:00','14:59','N','ETV','','\'Open Live Chat for all Speakers or another talk on Ethics of Moderation\'','\'Ethics Village Staff\'','ETV_444fec84a166498600f3ecb701843b10','\'Title: Open Live Chat for all Speakers or another talk on Ethics of Moderation
\nWhen: Sunday, Aug 9, 14:00 - 14:59 PDT
\nWhere: Ethics Vlg
\n
SpeakerBio:Ethics Village Staff\n
\nNo BIO available
\n\n
\nDescription:
\nThis will be a live and open chat for everyone to participate in.
\n
\nTwitch: https://www.twitch.tv/ethicsvillage\n
#ev-talks-voice: https://discord.com/channels/708208267699945503/730299696454696980\n
#ev-general-text: https://discord.com/channels/708208267699945503/732732980342030449\n
\'',NULL,68839),('1_Thursday','13','13:00','13:59','N','HTS','','\'Dockside with the US Coast Guard\'','\'\'','HTS_9db709dc5ea347cefe87868ceb134efd','\'Title: Dockside with the US Coast Guard
\nWhen: Thursday, Aug 6, 13:00 - 13:59 PDT
\nWhere: Hack the Sea Vlg
\n
\nDescription:No Description available
\n
Hack the Sea Village activities will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/hackthesea\n
\'',NULL,68840),('2_Friday','10','10:00','10:30','N','HTS','','\'Yacht PWNed\'','\'Stephen Gerling\'','HTS_5846d5b43e2095f03d05c0eb3036843e','\'Title: Yacht PWNed
\nWhen: Friday, Aug 7, 10:00 - 10:30 PDT
\nWhere: Hack the Sea Vlg
\n
SpeakerBio:Stephen Gerling\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Hack the Sea Village activities will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/hackthesea\n
\'',NULL,68841),('2_Friday','12','12:00','12:59','N','HTS','','\'Build a Raspberry AIS\'','\'Dr. Gary Kessler\'','HTS_9ec910b33ecfdd99e655e48cd188ca87','\'Title: Build a Raspberry AIS
\nWhen: Friday, Aug 7, 12:00 - 12:59 PDT
\nWhere: Hack the Sea Vlg
\n
SpeakerBio:Dr. Gary Kessler\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Hack the Sea Village activities will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/hackthesea\n
\'',NULL,68842),('2_Friday','14','14:00','14:59','N','HTS','','\'40,000 Leagues UUV Death Match\'','\'Dr. Nina Kollars\'','HTS_f03e3bdad5f5b30515815d0ac83c0803','\'Title: 40,000 Leagues UUV Death Match
\nWhen: Friday, Aug 7, 14:00 - 14:59 PDT
\nWhere: Hack the Sea Vlg
\n
SpeakerBio:Dr. Nina Kollars\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Hack the Sea Village activities will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/hackthesea\n
\'',NULL,68843),('3_Saturday','10','10:00','10:59','N','HTS','','\'Speed 2: The Poseidon Adventure – When Cruise Ships Go Wrong\'','\'Andrew Tierney\'','HTS_86744cac0723246f3081cae53a2e87c8','\'Title: Speed 2: The Poseidon Adventure – When Cruise Ships Go Wrong
\nWhen: Saturday, Aug 8, 10:00 - 10:59 PDT
\nWhere: Hack the Sea Vlg
\n
SpeakerBio:Andrew Tierney\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Hack the Sea Village activities will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/hackthesea\n
\'',NULL,68844),('3_Saturday','11','11:00','11:59','N','HTS','','\'Hack the SeaPod\'','\'Grant Romundt\'','HTS_16f1de551423342f40a26af5de6aa906','\'Title: Hack the SeaPod
\nWhen: Saturday, Aug 8, 11:00 - 11:59 PDT
\nWhere: Hack the Sea Vlg
\n
SpeakerBio:Grant Romundt\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Hack the Sea Village activities will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/hackthesea\n
\'',NULL,68845),('4_Sunday','11','11:00','11:59','N','HTS','','\'Hack the SeaPod\'','\'Fathom5\'','HTS_6e14383a4d273571ed44e12ffca94e9e','\'Title: Hack the SeaPod
\nWhen: Sunday, Aug 9, 11:00 - 11:59 PDT
\nWhere: Hack the Sea Vlg
\n
SpeakerBio:Fathom5\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Hack the Sea Village activities will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/hackthesea\n
\'',NULL,68846),('2_Friday','09','09:45','09:59','N','PAYV','','\'Welcome to the Payment Village\'','\'Leigh-Anne Galloway\'','PAYV_d9521ef026285f94b024eeb2f50993a6','\'Title: Welcome to the Payment Village
\nWhen: Friday, Aug 7, 09:45 - 09:59 PDT
\nWhere: Payment Vlg
\n
SpeakerBio:Leigh-Anne Galloway\n
\nNo BIO available
\n\n
\nDescription:
\nLeigh-Anne will introduce you to the Payment Village and cover key information required to participate in the Payment Village at DEF CON
\n
Payment Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/paymentvillage\n
YouTube: https://www.youtube.com/channel/UCivO-5rpPcv89Wt8okBW21Q\n
\'',NULL,68847),('2_Friday','10','10:00','10:59','N','PAYV','','\'Making sense of EMV card data – decoding the TLV format \'','\'Dr Steven J. Murdoch\'','PAYV_97ee0550b66eed8d13ed4acf621f0d4e','\'Title: Making sense of EMV card data – decoding the TLV format
\nWhen: Friday, Aug 7, 10:00 - 10:59 PDT
\nWhere: Payment Vlg
\n
SpeakerBio:Dr Steven J. Murdoch\n
\nNo BIO available
\n\n
\nDescription:
\nEMV (sometimes known as Chip and PIN) is the worldwide standard for smart card payments. It was designed to allow credit and debit cards issued by any bank work to make a payment through any terminal, even across international borders and despite chip cards being extremely limited in the computation they can perform. In this talk I’ll discuss how EMV achieves this difficult task, through the use of the TLV (Tag-Length-Value) data format. I will demonstrate how to decode TLV data found on real EMV chip cards, and what significance this data has in the wider payment ecosystem. Finally I’ll discuss how the use of TLV, despite its advantages, has contributed to the creation of security vulnerabilities in Chip and PIN.
\n
Payment Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/paymentvillage\n
YouTube: https://www.youtube.com/channel/UCivO-5rpPcv89Wt8okBW21Q\n
\'',NULL,68848),('2_Friday','11','11:00','11:59','N','PAYV','','\'Fear and Loathing in Payment Bug Bounty\'','\'Timur Yunusov\'','PAYV_864c73e656bb6f68f35f0a7d742f0bdc','\'Title: Fear and Loathing in Payment Bug Bounty
\nWhen: Friday, Aug 7, 11:00 - 11:59 PDT
\nWhere: Payment Vlg
\n
SpeakerBio:Timur Yunusov\n
\nNo BIO available
\n\n
\nDescription:
\nBug bounty - is an easy-to-start-and-succeed Information Security area. Low entry barriers, money engagement, low risks of being sued. But none of these can be applied when it comes to payment vulnerabilities. It\'s hard to find banks which allow digging into their assets. We\'re here to try and change it! Start with payment security today, vulnerabilities are waiting.
\n
Payment Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/paymentvillage\n
YouTube: https://www.youtube.com/channel/UCivO-5rpPcv89Wt8okBW21Q\n
\'',NULL,68849),('3_Saturday','10','10:00','10:59','N','PAYV','','\'Identity Crisis: the mad rise of online account opening fraud\'','\'Uri Rivner\'','PAYV_76e1ae27890faf0e87fafc8d29f26680','\'Title: Identity Crisis: the mad rise of online account opening fraud
\nWhen: Saturday, Aug 8, 10:00 - 10:59 PDT
\nWhere: Payment Vlg
\n
SpeakerBio:Uri Rivner\n
\nNo BIO available
\n\n
\nDescription:
\nIdentity data is a commodity these days, and conducting identity theft or synthetic ID operations has never been easier. In this 100% real case study we’ll track the second-by-second operation of cyber criminals attempting to target major card issuers and digital banks. \n
We’ll discuss their behavior, choices and motivations, what makes them so different than honest folks who wish to open an account online, and what next-gen data sources and analysis domains the industry is beginning to leverage against such attacks. It’s time to put up a good fight!\n
\n
Payment Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/paymentvillage\n
YouTube: https://www.youtube.com/channel/UCivO-5rpPcv89Wt8okBW21Q\n
\'',NULL,68850),('3_Saturday','11','11:00','11:59','N','PAYV','','\'Online Banking Security\'','\'Arkadiy Litvinenko\'','PAYV_a133f565afa097212a391649ed42bdc5','\'Title: Online Banking Security
\nWhen: Saturday, Aug 8, 11:00 - 11:59 PDT
\nWhere: Payment Vlg
\n
SpeakerBio:Arkadiy Litvinenko\n
\nNo BIO available
\n\n
\nDescription:
\nCompetition between banks leads to new opportunities for clients, which are the cause of new risks for the banks and for the clients themselves. During the talk we will discuss the internals of Online and Mobile banking, what vulnerabilities are common or specific for these services and what best practices exist for solving these problems.
\n
Payment Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/paymentvillage\n
YouTube: https://www.youtube.com/channel/UCivO-5rpPcv89Wt8okBW21Q\n
\'',NULL,68851),('3_Saturday','12','12:00','12:59','N','PAYV','','\'Trends in the online card payment security\'','\'Dr Mohammed Aamir Ali\'','PAYV_ec3677172db0534181d4971eec8589fc','\'Title: Trends in the online card payment security
\nWhen: Saturday, Aug 8, 12:00 - 12:59 PDT
\nWhere: Payment Vlg
\n
SpeakerBio:Dr Mohammed Aamir Ali\n
\nMohammed (Mo) Ali is currently the global head for digital development GCO at Boehringer Ingelheim Pharmaceuticals. Prior to this role he served as a Director within the R&D Operations and Innovations group at J&J Pharmaceuticals and also as one of the first founding members of the digital development group and Strategic Program Office at Novartis, responsible for several \"E\" initiatives within Digital Health. These programs aim to serve the needs of patients by creating a digital footprint and platform which would assist in the overall delivery and enrichment of their experience.
\n\n
\nDescription:
\nEver since the world-wide web emerged in the early nineties we have seen dramatic changes in how we pay, including the proliferation of online card payments, the introduction of mobile and contactless payment as well as the rise of bitcoin. Security is a key concern in the design and use of these payment methods, but these cannot be understood without also considering legacy issues, usability concerns and business incentives. \n
In this talk, I will start from the fundamentals of the online card payment system, its types and will also expand on the security features of each type. I’ll then discuss the inherent vulnerabilities of the system, the competing incentives of the many parties that are involved in payment and the role of PCI DSS and other approaches to resolve security challenges. This talk exposes attendees to the relevant industrial standards and approaches, introduces some cutting-edge research outcomes, and provides insight in the many competing concerns that impact on the online card payment security.\n
\n
Payment Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/paymentvillage\n
YouTube: https://www.youtube.com/channel/UCivO-5rpPcv89Wt8okBW21Q\n
\'',NULL,68852),('4_Sunday','10','10:00','10:59','N','PAYV','','\'PoS Terminal Security Uncovered\'','\'Aleksei Stennikov\'','PAYV_f18358ebb73f8d4f335f42d6c6bf9369','\'Title: PoS Terminal Security Uncovered
\nWhen: Sunday, Aug 9, 10:00 - 10:59 PDT
\nWhere: Payment Vlg
\n
SpeakerBio:Aleksei Stennikov\n
\nNo BIO available
\n\n
\nDescription:
\n\"Everyone uses different types of payment hardware in order to pay by card everyday. But how often do you think, how secure is it? \n
The speaker will talk about the payment terminals hardware internals and the approach to the security of common manufacturers, typical vulnerabilities, approaches to research and the consequences of research related to the payment security. This presentation uncovers some of results from our payment security projects.\"\n
\n
Payment Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/paymentvillage\n
YouTube: https://www.youtube.com/channel/UCivO-5rpPcv89Wt8okBW21Q\n
\'',NULL,68853),('4_Sunday','11','11:00','11:59','N','PAYV','','\'Architecting Modern Payment Gateways in .Net core with Azure\'','\'Menaka BaskerPillai\'','PAYV_255639d1878c61bed8344d93137529c0','\'Title: Architecting Modern Payment Gateways in .Net core with Azure
\nWhen: Sunday, Aug 9, 11:00 - 11:59 PDT
\nWhere: Payment Vlg
\n
SpeakerBio:Menaka BaskerPillai\n
\nNo BIO available
\n\n
\nDescription:
\nIn this session am going to explain how to work with payment gateways and how to implement a secured payment gateways in .net core web Apps. This session also includes some core concepts of Azure that plays an important role in transaction.
\n
Payment Village activities will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/paymentvillage\n
YouTube: https://www.youtube.com/channel/UCivO-5rpPcv89Wt8okBW21Q\n
\'',NULL,68854),('2_Friday','11','11:00','11:59','N','RGV','','\'Rogues Village Introduction\'','\'Rogues Village Team\'','RGV_edfb01255f64fb4dec660fb7ae8322d9','\'Title: Rogues Village Introduction
\nWhen: Friday, Aug 7, 11:00 - 11:59 PDT
\nWhere: Rogues Vlg
\n
SpeakerBio:Rogues Village Team\n
\nNo BIO available
\n\n
\nDescription:
\nWho are we? What are we doing? How many ham-sandwiches can you fit into a handbag? Well, tune in to find out all of our secrets at Rogues Village this year.
\n
Rogues Village activities will be streamed via Twitch.\n
\nTwitch: https://www.twitch.tv/roguesvillage\n
\'',NULL,68855),('2_Friday','12','12:00','13:59','N','RGV','','\'Google Maps Hacks\'','\'Simon Weckert\'','RGV_e181ecbd1da7a4864b639a3096069aa5','\'Title: Google Maps Hacks
\nWhen: Friday, Aug 7, 12:00 - 13:59 PDT
\nWhere: Rogues Vlg
\n
SpeakerBio:Simon Weckert\n
\nNo BIO available
\n\n
\nDescription:
\nYou’ve seen his Google Maps Hacks on international news just earlier this year, now come see the methodology behind his projects. Simon uses technology in the digital space to cleverly impact the physical space, all the while creating some playful mischief. Excited to welcome Simon to our village this year. \n
From Simon:
\n99 second hand smartphones are transported in a handcart to generate virtual traffic jam in Google Maps. Through this activity, it is possible to turn a green street red which has an impact in the physical world by navigating cars on another route to avoid being stuck in traffic. The presentation will give an insight of the hack. #googlemapshacks \n
\n
Rogues Village activities will be streamed via Twitch.\n
\nTwitch: https://www.twitch.tv/roguesvillage\n
\'',NULL,68856),('2_Friday','13','12:00','13:59','Y','RGV','','\'Google Maps Hacks\'','\'Simon Weckert\'','RGV_e181ecbd1da7a4864b639a3096069aa5','\'\'',NULL,68857),('2_Friday','14','14:00','14:59','N','RGV','','\'Performance\'','\'Daniel Roy\'','RGV_87d54ba011f9637c8da40a0bb8f80301','\'Title: Performance
\nWhen: Friday, Aug 7, 14:00 - 14:59 PDT
\nWhere: Rogues Vlg
\n
SpeakerBio:Daniel Roy\n
\nNo BIO available
\n\n
\nDescription:
\nIn this hybrid performance talk, Daniel will introduce you to the storied history of card cheats and con games and demonstrate some of the most legendary scams – and won’t have to bet a penny!\n
Daniel Roy is a magician who specializes in the most difficult branch of card manipulation: the sleight of hand techniques used by professional card cheats. He has appeared at the World-Famous Magic Castle in Hollywood, and his audiences have included Hollywood actors, millionaires, and members of U.S. Congress. In 2019, he received the Milbourne Christopher award for Close-Up Magician of the Year. \n
\n
Rogues Village activities will be streamed via Twitch.\n
\nTwitch: https://www.twitch.tv/roguesvillage\n
\'',NULL,68858),('2_Friday','16','16:00','17:59','N','RGV','','\'Pickpocketing @ Home\'','\'James Harrison\'','RGV_fce52ef079f0902ba9b48621f2fbf7bd','\'Title: Pickpocketing @ Home
\nWhen: Friday, Aug 7, 16:00 - 17:59 PDT
\nWhere: Rogues Vlg
\n
SpeakerBio:James Harrison\n
\nNo BIO available
\n\n
\nDescription:
\nJames Harrison returns to share his pickpocketing tips (a smash hit at Rogues Village at DEFCON 27 last year) via the internet. In this talk, James will show you how to practice your own pickpocketing skills inside your very own home! Come take a peek inside James’ own setup, and learn some of his tricks of the trade. Safeguard yourself while learning a new skill!
\n
Rogues Village activities will be streamed via Twitch.\n
\nTwitch: https://www.twitch.tv/roguesvillage\n
\'',NULL,68859),('2_Friday','17','16:00','17:59','Y','RGV','','\'Pickpocketing @ Home\'','\'James Harrison\'','RGV_fce52ef079f0902ba9b48621f2fbf7bd','\'\'',NULL,68860),('3_Saturday','14','14:00','14:59','N','RGV','','\'Performance\'','\'Daniel Roy\'','RGV_e5321c469c922bb356ba75825355bf46','\'Title: Performance
\nWhen: Saturday, Aug 8, 14:00 - 14:59 PDT
\nWhere: Rogues Vlg
\n
SpeakerBio:Daniel Roy\n
\nNo BIO available
\n\n
\nDescription:
\nIn this hybrid performance talk, Daniel will introduce you to the storied history of card cheats and con games and demonstrate some of the most legendary scams – and won’t have to bet a penny!\n
Daniel Roy is a magician who specializes in the most difficult branch of card manipulation: the sleight of hand techniques used by professional card cheats. He has appeared at the World-Famous Magic Castle in Hollywood, and his audiences have included Hollywood actors, millionaires, and members of U.S. Congress. In 2019, he received the Milbourne Christopher award for Close-Up Magician of the Year. \n
\n
Rogues Village activities will be streamed via Twitch.\n
\nTwitch: https://www.twitch.tv/roguesvillage\n
\'',NULL,68861),('3_Saturday','16','16:00','17:59','N','RGV','','\'Outs, Forces, and Equivoque: A treatise on how Magicians speak\'','\'Brandon Martinez\'','RGV_b0151cad3abd4d4473f24c094ff8b909','\'Title: Outs, Forces, and Equivoque: A treatise on how Magicians speak
\nWhen: Saturday, Aug 8, 16:00 - 17:59 PDT
\nWhere: Rogues Vlg
\n
SpeakerBio:Brandon Martinez\n
\nNo BIO available
\n\n
\nDescription:
\nIn this talk, BM explores the similarities of language between both a magician and social engineer. Learn about common language tricks and methods used in magic and how those same methods could be used to make your social engineering more effective. After learning these principals, learn how to apply them them in ethical scenarios to help practice your skills, as well as having the tools to create new ones.
\n
Rogues Village activities will be streamed via Twitch.\n
\nTwitch: https://www.twitch.tv/roguesvillage\n
\'',NULL,68862),('3_Saturday','17','16:00','17:59','Y','RGV','','\'Outs, Forces, and Equivoque: A treatise on how Magicians speak\'','\'Brandon Martinez\'','RGV_b0151cad3abd4d4473f24c094ff8b909','\'\'',NULL,68863),('4_Sunday','12','12:00','13:59','N','RGV','','\'Rogues adventure & the intervillage badge\'','\'Monero Village Team,Rogues Village Team\'','RGV_f0db3dbc8316dbf1ef4372599f97e549','\'Title: Rogues adventure & the intervillage badge
\nWhen: Sunday, Aug 9, 12:00 - 13:59 PDT
\nWhere: Rogues Vlg
\nSpeakers:Monero Village Team,Rogues Village Team
\n
SpeakerBio:Monero Village Team\n
\nNo BIO available
\n
SpeakerBio:Rogues Village Team\n
\nNo BIO available
\n\n
\nDescription:
\nYou’ve played the game, now hear the story. ZY, the author of the Rogues Adventure (http://www.foursuits.co/game) will be here to answer your questions and talk about his journey in creating the adventure game, along with its integrations with the InterVillage Badge. Michael from Monero Village joins us to talk about the badge itself, and his collaborative process throughout its creation!
\n
Rogues Village activities will be streamed via Twitch.\n
\nTwitch: https://www.twitch.tv/roguesvillage\n
\'',NULL,68864),('4_Sunday','13','12:00','13:59','Y','RGV','','\'Rogues adventure & the intervillage badge\'','\'Monero Village Team,Rogues Village Team\'','RGV_f0db3dbc8316dbf1ef4372599f97e549','\'\'',NULL,68865),('2_Friday','10','10:00','10:59','N','CRV','','\'From Barista to Cyber Security Pro, Breaking the Entry Level Barrier\'','\'Alyssa Miller\'','CRV_95a2e6f92ab4df45c2e650e2004c1641','\'Title: From Barista to Cyber Security Pro, Breaking the Entry Level Barrier
\nWhen: Friday, Aug 7, 10:00 - 10:59 PDT
\nWhere: Career Hacking Vlg
\n
SpeakerBio:Alyssa Miller\n
\nNo BIO available
\n\n
\nDescription:
\nIf you\'re a barista that has never worked in a tech job, how do you land a role in security? What if I told you there are skills you have that apply directly to roles in security. In this session we\'re going to get into some real talk about landing your first security gig. We will analyze the challenges that aspiring security professionals need to overcome in order to find their way into an entry level position. We\'ll look at the issues of job descriptions, certifications, degrees, and other job search related challenges. We\'ll analyze data from a recent primary research to better understand how education, certifications, mentoring, and other characteristics impact the job search. Finally we\'ll use that information to share tangible real strategies you can use to overcome those hiring obstacles.
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68866),('2_Friday','11','11:00','11:59','N','CRV','','\'But I Still Need A Job!\'','\'Kirsten Renner\'','CRV_921a96c755d0622ad0e660f086afb8a5','\'Title: But I Still Need A Job!
\nWhen: Friday, Aug 7, 11:00 - 11:59 PDT
\nWhere: Career Hacking Vlg
\n
SpeakerBio:Kirsten Renner\n
\nNo BIO available
\n\n
\nDescription:
\nAs if finding your next gig wasn\'t already a challenge, now we have to do it in the midst of a pandemic. Let\'s talk about the new hurdles, how to get around them and the classic fundamentals like searching, networking, and negotiating
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68867),('2_Friday','12','12:00','12:59','N','CRV','','\'Hacking Security Leadership\'','\'Pete Keenan\'','CRV_a86c22a2ed1aed6c9a7a8f23fa51ade7','\'Title: Hacking Security Leadership
\nWhen: Friday, Aug 7, 12:00 - 12:59 PDT
\nWhere: Career Hacking Vlg
\n
SpeakerBio:Pete Keenan\n
\nNo BIO available
\n\n
\nDescription:
\nSo you are a great hacker who can pop shells all day and make the IT team weep. At some point, that will have diminishing returns for both you and the company you serve. Every one of us has delivered or received that dreaded vulnerability report with 100,000+ items on it and heard (or made) that desperate sigh of defeat. Too many times we perform amazing red team work and deliver reports full of detailed findings, only to come back a year later and see nothing has been fixed. Breaking things is the easy part; how do you drive change when you don’t have direct authority? Our goal is to make an enterprise or product more secure while not driving it out of business and alienating everyone along the way.
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68868),('2_Friday','13','13:00','13:59','N','CRV','','\'Key Ingredients for the Job Interviews (Virtual or Face-2-Face)\'','\'Roy Wattanasin\'','CRV_8f6f127790bdc1ef7f99be0f46d64b55','\'Title: Key Ingredients for the Job Interviews (Virtual or Face-2-Face)
\nWhen: Friday, Aug 7, 13:00 - 13:59 PDT
\nWhere: Career Hacking Vlg
\n
SpeakerBio:Roy Wattanasin\n
\nNo BIO available
\n\n
\nDescription:
\nThis presentation focuses on the major key areas to become more successful in your interviews. This includes (6) items: preparation, looking great, resume-review, confidence, note-taking and asking back. This talk will include both considerations when having a virtual or face to face interview(s).
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68869),('2_Friday','14','14:00','14:59','N','CRV','','\'Pwning Your Resume\'','\'Kris Rides\'','CRV_3838eaf4946af6b0235551bfbb60f56d','\'Title: Pwning Your Resume
\nWhen: Friday, Aug 7, 14:00 - 14:59 PDT
\nWhere: Career Hacking Vlg
\n
SpeakerBio:Kris Rides\n
\nNo BIO available
\n\n
\nDescription:
\nDoes your resume writing professional know the Cyber Security Industry? If not why are you paying them to do a job you’re better qualified to do your self? Put that money towards building your knowledge or something that will really help further your career. This presentation will focus on what makes an excellent cyber security resume and how to write it yourself.
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68870),('2_Friday','15','15:00','15:59','N','CRV','','\'In theory, there is no difference between theory and practice\'','\'Pablo Breuer\'','CRV_67cb6d772cc0f851a5174109471826ed','\'Title: In theory, there is no difference between theory and practice
\nWhen: Friday, Aug 7, 15:00 - 15:59 PDT
\nWhere: Career Hacking Vlg
\n
SpeakerBio:Pablo Breuer\n
\nNo BIO available
\n\n
\nDescription:
\nThere are three general paths to an INFOSEC career: the school of hard knocks, certificates, and college. Every few months a flame war erupts out arguing which is the \"right\" path. What are the pros and cons of each of these paths? Come have a balanced conversation about the three paths and learn which is the best one for you depending upon your unique needs
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68871),('2_Friday','16','16:00','16:59','N','CRV','','\'Building Teams in the New Normal \'','\'Mike Murray\'','CRV_c09a66bd9f9f58480ac8c2b4644b11ca','\'Title: Building Teams in the New Normal
\nWhen: Friday, Aug 7, 16:00 - 16:59 PDT
\nWhere: Career Hacking Vlg
\n
SpeakerBio:Mike Murray\n
\nNo BIO available
\n\n
\nDescription:
\n2020 has created massive change across our industry, both from the perspective of COVID-19 as well as the social movements that have changed the way we view ourselves. Nowhere has this affected the industry more than the experience by which we onboard employees - as an example, before 2020, even most remote employees had in person interviews in the process. In short, the \"new normal\" that is evolving requires us to hire and interview differently. From where and how we find (especially diverse) candidates, our interview processes and the way we onboard employees in to our culture, everything requires a thoughtful new approach. In this talk, Mike will talk about everything he has learned and how he has modified his own processes to promote diversity, find the best people to join the team, and brought them aboard as part of the culture.
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68872),('3_Saturday','15','15:00','15:59','N','CRV','','\'Drinks with Recruiters\'','\'Kris Rides,Rachel Bozeman,Matt Duren,Pete Radloff\'','CRV_bd95fcc539c3965d074e078ca01e8927','\'Title: Drinks with Recruiters
\nWhen: Saturday, Aug 8, 15:00 - 15:59 PDT
\nWhere: Career Hacking Vlg
\nSpeakers:Kris Rides,Rachel Bozeman,Matt Duren,Pete Radloff
\n
SpeakerBio:Kris Rides\n
\nNo BIO available
\n
SpeakerBio:Rachel Bozeman\n
\nNo BIO available
\n
SpeakerBio:Matt Duren\n
\nNo BIO available
\n
SpeakerBio:Pete Radloff\n
\nNo BIO available
\n\n
\nDescription:
\nRecruiters are people too, but given the backlashes we have seen along with the poor spam messages from \"recruiters\" you would think otherwise. So a group of recruiters familiar with the community will sit down over drinks and share some of their horror stories. From this you will learn how to improve your job search, your interviewing and maybe come to enjoy working with recruiters.
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68873),('3_Saturday','10','10:00','10:59','N','CRV','','\'Cons and Careers\'','\'Steven Bernstein\'','CRV_69a52bde2d38e29efc388820ee606c1b','\'Title: Cons and Careers
\nWhen: Saturday, Aug 8, 10:00 - 10:59 PDT
\nWhere: Career Hacking Vlg
\n
SpeakerBio:Steven Bernstein\n
\nNo BIO available
\n\n
\nDescription:
\nWhen I got my first job out in the real world, I thought: this is it: All I’m ever going to need to know for my career, for my job. Got a rude awakening that was one of those worthwhile lessons taught outside of school: invest in becoming a lifelong learner. How do you come across new ideas to keep things fresh? To borrow a saying, if you’re the smartest person in the room, you’re in the wrong room! Attending conferences is one way to learn about different viewpoints. Revisiting ideas is one way to renew our minds and impact the way we think. Peeking into points along a career path will demonstrate an approach to keeping an eye on constant growth, while watching out for warning signs for burn out. Compete against yourself and you’ll Maybe it was the dialog in the scene or suddenly understanding what the writer must have been thinking. The point is, the introduction of new ideas is essential to keep adding value to ourselves and the things we do
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68874),('3_Saturday','11','11:00','11:59','N','CRV','','\'The Individual Contributor to Tech Executive, or There and Back Again \'','\'Amelie Koran\'','CRV_ce57078a2d34d3694f6d36b9b80469eb','\'Title: The Individual Contributor to Tech Executive, or There and Back Again
\nWhen: Saturday, Aug 8, 11:00 - 11:59 PDT
\nWhere: Career Hacking Vlg
\n
SpeakerBio:Amelie Koran\n
\nNo BIO available
\n\n
\nDescription:
\nIt’s common perceived expectation that you’re expected to move from an individual contributor on a team to eventually a senior leadership role, if given time an interest, but what works for somebody else may not work for you based on interests, changes in career demands, as well as life in general. Following a similar role, I’d like to impart how, like the Hobbit’s journey, explore, adventure and challenges will forge a life you can be proud of and be able to live to tell the tale.\n
Audience: This presentation is geared towards all levels of attendees, entry to senior-level professionals. It’s a discussion on the journey, a “lessons learned†but also novel perspectives given experiences in multiple roles and industries, both private and public sectors. Also, as an LGBTQ+ community member, I will offer a rather unique perspective on the challenge of career development and advancement within multiple “ceilingsâ€.\n
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68875),('3_Saturday','12','12:00','12:59','N','CRV','','\'Entrepeneurial Adventures: What It Takes to Start A Company\'','\'Bryson Bort\'','CRV_1fd63aa6718c3bdd0af3288c9c660d5e','\'Title: Entrepeneurial Adventures: What It Takes to Start A Company
\nWhen: Saturday, Aug 8, 12:00 - 12:59 PDT
\nWhere: Career Hacking Vlg
\n
SpeakerBio:Bryson Bort\n
\nFounder of SCYTHE, next generation attack emulation platform; GRIMM, cybersecurity consultancy; ICS Village Co-Founder, 501c3 for ICS security awareness. Senior Fellow for Cyber/National Security at R Street and National Security Institute; Advisor to the Army Cyber Institute and DHS/CISA.
\n\n
\nDescription:
\nSo you’re not crazy, you just want to start your own company. Which kinda takes a level of crazy to pull it off. We’ll talk through what it takes to be an entrepreneur, ideation and the phases of startup, different kinds of companies (service, product, non-profit), how and why (or why not) to raise capital, types of investors, legal requirements, working (or not) with friends, challenges, building total/service addressable market size, back-office administration, employee benefits, equity, pricing, Intellectual Property Rights, economics, and resources for more information and networking. Will include anecdotes and insights my experiences starting several companies and from multiple Founders across the spectrum.
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68876);
INSERT INTO `events` VALUES ('3_Saturday','13','13:00','13:59','N','CRV','','\'National Service Panel: Career Opportunities Supporting the Country\'','\'John Felker,Diane Janosek,Chris Pimlott,Roman Vitkovitsky,Liz Popiak,Joe Billingsley\'','CRV_b885c897209c2d7dcad81f7e67350219','\'Title: National Service Panel: Career Opportunities Supporting the Country
\nWhen: Saturday, Aug 8, 13:00 - 13:59 PDT
\nWhere: Career Hacking Vlg
\nSpeakers:John Felker,Diane Janosek,Chris Pimlott,Roman Vitkovitsky,Liz Popiak,Joe Billingsley
\n
SpeakerBio:John Felker\n, Assistant Director of the DHS Cybersecurity and Infrastructure Security Agency (CISA)
\nNo BIO available
\nhttps://www.linkedin.com/in/jofelker/
\n
SpeakerBio:Diane Janosek\n, Commandant of the NSA\'s National Cryptologic School and President of the Women in Cybersecurity Mid-Atlantic Affiliate
\nNo BIO available
\nhttps://www.linkedin.com/in/diane-janosek-abc/
\n
SpeakerBio:Chris Pimlott\n, Engineer at the US Digital Service
\nNo BIO available
\nhttps://www.linkedin.com/in/pimlottc/
\n
SpeakerBio:Roman Vitkovitsky\n, US Marine Marine Corps Cyber Auxiliar
\nNo BIO available
\nhttps://www.linkedin.com/in/rvitko/
\n
SpeakerBio:Liz Popiak\n
\nCreated the US Army Cyber Speciality Direct Commissioning Program
\nhttps://www.linkedin.com/in/elizabeth-popiak-mba-881a4b16/
\n
SpeakerBio:Joe Billingsley\n, Founder of the Military Cyber Professionals Association
\nNo BIO available
\nhttps://www.linkedin.com/in/joebillingsley/
\n\n
\nDescription:
\nThe National Service Panel highlights the opportunities and challenges with national service, focusing on tech-related programs across the federal government. The panel is organized by the Military Cyber Professionals Association (MCPA) and includes reps discussing the US Digital Service, US Marine Corps Cyber Auxiliary, National Security Agency (NSA), US Army Cyber Direct Commissioning Program, and Cybersecurity and Infrastructure Security Agency (CISA).
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68877),('3_Saturday','14','14:00','14:59','N','CRV','','\'Veteran Transition Tips\'','\'Bob Wheeler\'','CRV_33f256567ba802e850bb272576776878','\'Title: Veteran Transition Tips
\nWhen: Saturday, Aug 8, 14:00 - 14:59 PDT
\nWhere: Career Hacking Vlg
\n
SpeakerBio:Bob Wheeler\n
\nNo BIO available
\n\n
\nDescription:
\nThere’s no shortage of advice out there for transitioning veteran job seekers – unfortunately much of the advice tends to be cookie cutter tips focusing on the most basic of topics. This program will help transitioning veterans in the cyber security industry understand the hiring landscape, highlight the difference between the recruiters who put you in the service and ones working to help you land that first job as a civilian, as well as how to leverage job board and job fairs, including virtual events. We’ll even put some special emphasis on how to really build your professional network and manage a your transition from different geographical locations.
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68878),('2_Friday','17','17:00','17:59','N','CRV','','\'Future Proofing Your Career\'','\'Jenai Marinkovic\'','CRV_b6cba31eeb7da3eee95465bfa800d003','\'Title: Future Proofing Your Career
\nWhen: Friday, Aug 7, 17:00 - 17:59 PDT
\nWhere: Career Hacking Vlg
\n
SpeakerBio:Jenai Marinkovic\n
\nNo BIO available
\n\n
\nDescription:
\nWe have entered the 4th industrial revolution, a time marked by the interconnection of hyper-instrumented physical, biological, and digital worlds. \nThe accompanying pace of technological development will exert profound changes in the way people live and work, impacting all disciplines, economies, and industries. Preparing the cybersecurity workforce for the changes that will reframe their careers requires insight and a vision of our possible future. \n
Next-generation security professionals will both leverage and work alongside purpose-based digital assistants to help navigate the explosion of data created by intelligent ecosystems. These virtual assistants will replace current knowledge management platforms/intranets, dashboards, and manage any security process that can be automated. As machine learning and cognitive solutions evolve in sophistication, security teams must re-examine how they organize work, design jobs, and plan for future growth. Let\'s futurecast near term technological trends and identify the concrete steps all security professionals need in the Age of the Intelligent Ecosystem and the Augmented Workforce.\n
\n
Career Hacking Village activities can be watched on YouTube.\n
\nCHV YouTube: https://www.youtube.com/channel/UCxF_PpndJEoi4fsrQx6yuQw\n
\'',NULL,68879),('2_Friday','09','09:30','15:59','N','RTV','','\'Red Team Village CTF - Finals\'','\' \'','RTV_8594ec4d57f260b6eacc0766630511ac','\'Title: Red Team Village CTF - Finals
\nWhen: Friday, Aug 7, 09:30 - 15:59 PDT
\nWhere: Red Team Vlg
\n
\nDescription:
\nThe first part of the CTF will be qualifiers in jeopardy format, then the top teams will move into finals where each will compete in the Pendulum Red Team environment, a full corporate network (each team will have their own env) .\n
Skills required to win: pentesting/red team, scripting, reversing, exploitation, privilege escalation, pivoting, exploit development and anti-virus evasion.\n
\nInfo: https://redteamvillage.io/ctf.html\n
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68880),('2_Friday','10','09:30','15:59','Y','RTV','','\'Red Team Village CTF - Finals\'','\' \'','RTV_8594ec4d57f260b6eacc0766630511ac','\'\'',NULL,68881),('2_Friday','11','09:30','15:59','Y','RTV','','\'Red Team Village CTF - Finals\'','\' \'','RTV_8594ec4d57f260b6eacc0766630511ac','\'\'',NULL,68882),('2_Friday','12','09:30','15:59','Y','RTV','','\'Red Team Village CTF - Finals\'','\' \'','RTV_8594ec4d57f260b6eacc0766630511ac','\'\'',NULL,68883),('2_Friday','13','09:30','15:59','Y','RTV','','\'Red Team Village CTF - Finals\'','\' \'','RTV_8594ec4d57f260b6eacc0766630511ac','\'\'',NULL,68884),('2_Friday','14','09:30','15:59','Y','RTV','','\'Red Team Village CTF - Finals\'','\' \'','RTV_8594ec4d57f260b6eacc0766630511ac','\'\'',NULL,68885),('2_Friday','15','09:30','15:59','Y','RTV','','\'Red Team Village CTF - Finals\'','\' \'','RTV_8594ec4d57f260b6eacc0766630511ac','\'\'',NULL,68886),('1_Thursday','09','09:00','08:59','N','RTV','','\'Red Team Village CTF - Prequal\'','\' \'','RTV_ee8f3c343f566cd00e35f377762a730b','\'Title: Red Team Village CTF - Prequal
\nWhen: Thursday, Aug 6, 09:00 - 08:59 PDT
\nWhere: Red Team Vlg
\n
\nDescription:
\nThe first part of the CTF will be qualifiers in jeopardy format, then the top teams will move into finals where each will compete in the Pendulum Red Team environment, a full corporate network (each team will have their own env) .\n
Skills required to win: pentesting/red team, scripting, reversing, exploitation, privilege escalation, pivoting, exploit development and anti-virus evasion.\n
\nInfo: https://redteamvillage.io/ctf.html\n
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,68887),('2_Friday','09','09:00','09:59','N','ICS','','\'Keynote\'','\'Chris Krebs\'','ICS_f284be62f1b7b6d9ea698cdecbcc9ce6','\'Title: Keynote
\nWhen: Friday, Aug 7, 09:00 - 09:59 PDT
\nWhere: ICS Vlg
\n
SpeakerBio:Chris Krebs\n
\nChristopher Krebs - serves as the first director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). Mr. Krebs was originally sworn in on June 15, 2018 as the Under Secretary for the predecessor of CISA, the National Protection and Programs Directorate (NPPD). Mr. Krebs was nominated for that position by President Trump in February 2018.\n
Before serving as CISA Director, Mr. Krebs was appointed in August 2017 as the Assistant Secretary for Infrastructure Protection. In the absence of a permanent NPPD Under Secretary at the time, Mr. Krebs took on the role of serving as the Senior Official Performing the Duties of the Under Secretary for NPPD until he was subsequently nominated as the Under Secretary and confirmed by the Senate the following year.\n
Mr. Krebs joined DHS in March 2017, first serving as Senior Counselor to the Secretary, where he advised DHS leadership on a range of cybersecurity, critical infrastructure, and national resilience issues. Prior to coming to DHS, he was a member of Microsoft’s U.S. Government Affairs team as the Director for Cybersecurity Policy, where he led Microsoft’s U.S. policy work on cybersecurity and technology issues.\n
Before Microsoft, Mr. Krebs advised industry and Federal, State, and local government customers on a range of cybersecurity and risk management issues. This is his second tour working at DHS, previously serving as the Senior Advisor to the Assistant Secretary for Infrastructure Protection and playing a formative role in a number of national and international risk management programs.\n
As Director, Mr. Krebs oversees CISA’s efforts to defend civilian networks, manage systemic risk to National critical functions, and work with stakeholders to raise the security baseline of the Nation’s cyber and physical infrastructure.\n
Mr. Krebs holds a bachelor’s degree in environmental sciences from the University of Virginia and a J.D. from the Antonin Scalia Law School at George Mason University.\n
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68888),('2_Friday','10','10:15','10:45','N','ICS','','\'ICS Village CTF Kick-Off\'','\'Tom\'','ICS_8832f72f8e6cd4df53fbbba9b73d4a68','\'Title: ICS Village CTF Kick-Off
\nWhen: Friday, Aug 7, 10:15 - 10:45 PDT
\nWhere: ICS Vlg
\n
SpeakerBio:Tom\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68889),('2_Friday','11','11:00','11:30','N','ICS','','\'Mission Kill: Process Targeting in ICS Attacks\'','\'Joe Slowik\'','ICS_ce9d6120bed7560a221fe56f39388fa6','\'Title: Mission Kill: Process Targeting in ICS Attacks
\nWhen: Friday, Aug 7, 11:00 - 11:30 PDT
\nWhere: ICS Vlg
\n
SpeakerBio:Joe Slowik\n
\nJoe Slowik has experience across multiple facets of cyber and information operations stretching over 10 years. Past roles include operations planning and mission development within the US Department of Defense; planning network defense strategies for US Naval assets afloat; running incident response operations at Los Alamos National Laboratory; building a threat intelligence program within the US Department of Energy; critical infrastructure attack analysis and activity tracking; and assisting industrial control system asset owners and operators in defensive planning and response.
\nTwitter: @jfslowik
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68890),('2_Friday','11','11:45','12:15','N','ICS','','\'Vulnerability Discovery - Tips for Surviving and Thriving\'','\'Dor Yardeni,Mike Lemley\'','ICS_0d61770af557636a3c0496e9955f083d','\'Title: Vulnerability Discovery - Tips for Surviving and Thriving
\nWhen: Friday, Aug 7, 11:45 - 12:15 PDT
\nWhere: ICS Vlg
\nSpeakers:Dor Yardeni,Mike Lemley
\n
SpeakerBio:Dor Yardeni\n
\nNo BIO available
\n
SpeakerBio:Mike Lemley\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68891),('2_Friday','12','11:45','12:15','Y','ICS','','\'Vulnerability Discovery - Tips for Surviving and Thriving\'','\'Dor Yardeni,Mike Lemley\'','ICS_0d61770af557636a3c0496e9955f083d','\'\'',NULL,68892),('2_Friday','12','12:30','13:30','N','ICS','','\'On the insecure nature of turbine control systems in power generation\'','\'Alexander Korotin,Radu Motspan\'','ICS_a057f8e7665946d3af8adc93ba1765ac','\'Title: On the insecure nature of turbine control systems in power generation
\nWhen: Friday, Aug 7, 12:30 - 13:30 PDT
\nWhere: ICS Vlg
\nSpeakers:Alexander Korotin,Radu Motspan
\n
SpeakerBio:Alexander Korotin\n
\nAlexander Korotin is ICS security specialist at Kaspresky, focused on ICS security assessment, analysis of industrial software and protocols and penetration testing. At his previous job at Russian Railway Cybersecurity Center Alexander was involved in the security research of the railway transportation systems. Alexander has over five years of experience in this field. He is also OSCP certified.
\n
SpeakerBio:Radu Motspan\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68893),('2_Friday','13','12:30','13:30','Y','ICS','','\'On the insecure nature of turbine control systems in power generation\'','\'Alexander Korotin,Radu Motspan\'','ICS_a057f8e7665946d3af8adc93ba1765ac','\'\'',NULL,68894),('2_Friday','13','13:45','14:45','N','ICS','','\'The Journey of ICS Project Files - Visibility and Forensics to Exploitation\'','\'Nadav Erez\'','ICS_ae1c4ffd453356e2aca818e9f76ae73a','\'Title: The Journey of ICS Project Files - Visibility and Forensics to Exploitation
\nWhen: Friday, Aug 7, 13:45 - 14:45 PDT
\nWhere: ICS Vlg
\n
SpeakerBio:Nadav Erez\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68895),('2_Friday','14','13:45','14:45','Y','ICS','','\'The Journey of ICS Project Files - Visibility and Forensics to Exploitation\'','\'Nadav Erez\'','ICS_ae1c4ffd453356e2aca818e9f76ae73a','\'\'',NULL,68896),('2_Friday','15','15:00','15:30','N','ICS','','\'5 Quick Wins for Improving your ICS Cybersecurity Posture\'','\'Austin Scott\'','ICS_f853dc8259f9257848272ead3a6af591','\'Title: 5 Quick Wins for Improving your ICS Cybersecurity Posture
\nWhen: Friday, Aug 7, 15:00 - 15:30 PDT
\nWhere: ICS Vlg
\n
SpeakerBio:Austin Scott\n
\nWith 18 years of industrial automation experience, Austin Scott (GICSP, CISSP, OSCP) is a Principal Industrial Penetration Tester at Dragos Inc., where he identifies cyber risk within industrial control networks. Before Dragos, Austin worked as part of the OT cybersecurity team at Sempra, Shell, and as an industrial cybersecurity consultant at Accenture. Austin is a SANS Cybersecurity Difference Maker (2015) winner for his industrial cybersecurity contributions. Austin has won the DEFCON UBER black badge and has also published three books on PLC programming.
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68897),('2_Friday','15','15:45','16:45','N','ICS','','\'PowerLine Truck Hacking: 2TOOLS4PLC4TRUCKS\'','\'Ben Gardiner\'','ICS_a0676576979eb5fb7e3691fe0ee7fddb','\'Title: PowerLine Truck Hacking: 2TOOLS4PLC4TRUCKS
\nWhen: Friday, Aug 7, 15:45 - 16:45 PDT
\nWhere: ICS Vlg
\n
SpeakerBio:Ben Gardiner\n
\nBen Gardiner is a Senior Cybersecurity Research Engineer contractor at the National Motor Freight Traffic Association, Inc. (NMFTA) specializing in hardware and low-level software security. Prior to joining the NMFTA team in 2019, Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He is a DEF CON Hardware Hacking Village (DC HHV) volunteer. He is chair of the SAE TEVEES18A1 Cybersecurity Assurance Testing TF (drafting J3061-2), and a voting member of the SAE Vehicle Electronic Systems Security Committee.
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68898),('2_Friday','16','15:45','16:45','Y','ICS','','\'PowerLine Truck Hacking: 2TOOLS4PLC4TRUCKS\'','\'Ben Gardiner\'','ICS_a0676576979eb5fb7e3691fe0ee7fddb','\'\'',NULL,68899),('3_Saturday','09','09:00','09:30','N','ICS','','\'ICS SecOps: Active Defense Concept with Effective Incident Response in Industrial Control Systems\'','\'\'','ICS_035e89618cb690faacffeda545beade1','\'Title: ICS SecOps: Active Defense Concept with Effective Incident Response in Industrial Control Systems
\nWhen: Saturday, Aug 8, 09:00 - 09:30 PDT
\nWhere: ICS Vlg
\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68900),('3_Saturday','09','09:45','10:45','N','ICS','','\'Confessions of an Offensive ICS Cyber Security Researcher\'','\'Marina Krotofil\'','ICS_683aa067c5cb496f530f544170cffdf4','\'Title: Confessions of an Offensive ICS Cyber Security Researcher
\nWhen: Saturday, Aug 8, 09:45 - 10:45 PDT
\nWhere: ICS Vlg
\n
SpeakerBio:Marina Krotofil\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68901),('3_Saturday','10','09:45','10:45','Y','ICS','','\'Confessions of an Offensive ICS Cyber Security Researcher\'','\'Marina Krotofil\'','ICS_683aa067c5cb496f530f544170cffdf4','\'\'',NULL,68902),('3_Saturday','11','11:00','11:59','N','ICS','','\'Playing with Electricity: Hacking into Distribution Companies\'','\'Can Demirel,Serkan Temel\'','ICS_be4805fca5e0bd2b06dd3e0bbec8b65e','\'Title: Playing with Electricity: Hacking into Distribution Companies
\nWhen: Saturday, Aug 8, 11:00 - 11:59 PDT
\nWhere: ICS Vlg
\nSpeakers:Can Demirel,Serkan Temel
\n
SpeakerBio:Can Demirel\n
\nNo BIO available
\n
SpeakerBio:Serkan Temel\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68903),('3_Saturday','12','12:15','13:15','N','ICS','','\'Vivisecting PowerPC\'','\'ac0rn,atlas 0f d00m\'','ICS_c2225a93dc238cfcbb37313244120bd9','\'Title: Vivisecting PowerPC
\nWhen: Saturday, Aug 8, 12:15 - 13:15 PDT
\nWhere: ICS Vlg
\nSpeakers:ac0rn,atlas 0f d00m
\n
SpeakerBio:ac0rn\n
\nNo BIO available
\n
SpeakerBio:atlas 0f d00m\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68904),('3_Saturday','13','12:15','13:15','Y','ICS','','\'Vivisecting PowerPC\'','\'ac0rn,atlas 0f d00m\'','ICS_c2225a93dc238cfcbb37313244120bd9','\'\'',NULL,68905),('3_Saturday','13','13:30','13:59','N','ICS','','\'MITRE ICS ATT&CK\'','\'Marie,Otis\'','ICS_5494583d8b04fea05dd6104704641259','\'Title: MITRE ICS ATT&CK
\nWhen: Saturday, Aug 8, 13:30 - 13:59 PDT
\nWhere: ICS Vlg
\nSpeakers:Marie,Otis
\n
SpeakerBio:Marie\n
\nNo BIO available
\n
SpeakerBio:Otis\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68906),('3_Saturday','14','14:15','15:15','N','ICS','','\'Building a Physical Testbed for Blackstart Restoration under Cyber Fire\'','\'Tim Yardley\'','ICS_a38053a2a414b3258bfe3a61fa7d4941','\'Title: Building a Physical Testbed for Blackstart Restoration under Cyber Fire
\nWhen: Saturday, Aug 8, 14:15 - 15:15 PDT
\nWhere: ICS Vlg
\n
SpeakerBio:Tim Yardley\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68907),('3_Saturday','15','14:15','15:15','Y','ICS','','\'Building a Physical Testbed for Blackstart Restoration under Cyber Fire\'','\'Tim Yardley\'','ICS_a38053a2a414b3258bfe3a61fa7d4941','\'\'',NULL,68908),('3_Saturday','15','15:30','16:30','N','ICS','','\'Operationalizing Cyber Norms: Critical Infrastructure Protection\'','\'Chris Kubecka\'','ICS_4ba593b0dcbe6faa947564c0f55de0ed','\'Title: Operationalizing Cyber Norms: Critical Infrastructure Protection
\nWhen: Saturday, Aug 8, 15:30 - 16:30 PDT
\nWhere: ICS Vlg
\n
SpeakerBio:Chris Kubecka\n
\nChris Kubecka - \"Fearless and powerful speaker, saves countries, fights cyber terrorism, advises several governments as a subject matter expert on cyber warfare national defense. Profiled by major media in the USA and Europe. USAF military combat veteran, former military aviator, and USAF Space Command. Defends critical infrastructure and handles country level cyber incidents, cyberwarfare, and cyber espionage. Reconnected Saudi Aramco international business operations & established digital security after the world’s most devastating cyberwarfare attack. Developing the highest level of exploit code against IT/IOT/ICS SCADA control systems whilst working with governments. Involved in the world’s biggest hacks, advising nations, NATO, Europol, Interpol exposing corruption and national security risks.\n
“She is a go-to professional for governments. There are only a certain number who can both frame the problem conceptually and put it in straight fuc**** English so somebody can understand. And she can do that.â€\n
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68909),('3_Saturday','16','15:30','16:30','Y','ICS','','\'Operationalizing Cyber Norms: Critical Infrastructure Protection\'','\'Chris Kubecka\'','ICS_4ba593b0dcbe6faa947564c0f55de0ed','\'\'',NULL,68910),('3_Saturday','16','16:45','17:15','N','ICS','','\'Industrial Cybersecurity in Mexico\'','\'Octavio Fernandez,Victor Gomez\'','ICS_e85e28b5047c5089672df706c13f0c52','\'Title: Industrial Cybersecurity in Mexico
\nWhen: Saturday, Aug 8, 16:45 - 17:15 PDT
\nWhere: ICS Vlg
\nSpeakers:Octavio Fernandez,Victor Gomez
\n
SpeakerBio:Octavio Fernandez\n
\nNo BIO available
\n
SpeakerBio:Victor Gomez\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
ICS Village activities will be streamed to YouTube and Twitch.\n
\nYouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw\n
Twitch: https://www.twitch.tv/ics_village\n
\'',NULL,68911),('3_Saturday','17','16:45','17:15','Y','ICS','','\'Industrial Cybersecurity in Mexico\'','\'Octavio Fernandez,Victor Gomez\'','ICS_e85e28b5047c5089672df706c13f0c52','\'\'',NULL,68912),('2_Friday','10','10:00','10:59','N','CHV','','\'Adding new features by manipulating CAN bus\'','\'Teejay\'','CHV_e955001e874ae498400f12be1c9e8cf3','\'Title: Adding new features by manipulating CAN bus
\nWhen: Friday, Aug 7, 10:00 - 10:59 PDT
\nWhere: Car Hacking Vlg 001
\n
SpeakerBio:Teejay\n
\nNo BIO available
\n\n
\nDescription:
\nOverview of how I added a front camera to my vehicle last year by utilizing CAN
\n
\n#chv-track001-text: https://discord.com/channels/708208267699945503/735650705930453173\n
YouTube: https://www.youtube.com/watch?v=VvojAHUej1Q&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack001\n
\'',NULL,68913),('2_Friday','11','11:00','11:59','N','CHV','','\'PowerLine Truck Hacking: 2TOOLS4PLC4TRUCKS\'','\'Ben Gardiner,Chris Poore\'','CHV_500e21e7881e42c809381134e092a75b','\'Title: PowerLine Truck Hacking: 2TOOLS4PLC4TRUCKS
\nWhen: Friday, Aug 7, 11:00 - 11:59 PDT
\nWhere: Car Hacking Vlg 001
\nSpeakers:Ben Gardiner,Chris Poore
\n
SpeakerBio:Ben Gardiner\n
\nBen Gardiner is a Senior Cybersecurity Research Engineer contractor at the National Motor Freight Traffic Association, Inc. (NMFTA) specializing in hardware and low-level software security. Prior to joining the NMFTA team in 2019, Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He is a DEF CON Hardware Hacking Village (DC HHV) volunteer. He is chair of the SAE TEVEES18A1 Cybersecurity Assurance Testing TF (drafting J3061-2), and a voting member of the SAE Vehicle Electronic Systems Security Committee.
\n
SpeakerBio:Chris Poore\n
\nChris Poore is a Senior Computer Engineer at Assured Information Security in Rome, NY and a member of the Systems Analysis and Exploitation (SAE) group. He works to analyze, understand, characterize, and exploit cyber systems using adversarial techniques with a focus on RF-enabled devices. He has experience writing code for software-defined radios and GNU Radio to reverse-engineer RF communication protocols and perform sophisticated attacks. Mr. Poore has a degree in Social Engineering, is an active somnambulist, was King of the Pirates for three years, and frequently violates PornHub’s terms of service.
\n\n
\nDescription:
\nTrailer ABS functionality has been a regulated requirement in the US & Canada for decades now. The \'PLC4TRUCKS\' technology that realizes this requirement is ubiquitous on the road today and can also be found in buses, trains and some other unexpected places. We are releasing tools to read and write PLC4TRUCKS traffic. The first, gr-j2497 is a GNU Radio flowgraph with custom block and the second is an extension to the Truck Duck tool released at DEF CON 24. With these tools in hand, attendees can read PLC traffic without touching the bus -- or control their own trailer air brake controllers connected at home and we will show them how
\n
\n#chv-track001-text: https://discord.com/channels/708208267699945503/735650705930453173\n
YouTube: https://www.youtube.com/watch?v=VvojAHUej1Q&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack001\n
\'',NULL,68914),('2_Friday','12','12:00','12:59','N','CHV','','\'Before J1939: A J1708/J1587 Protocol Decoder\'','\'Thomas Hayes,Dan Salloum\'','CHV_ee5c447333923bf826729cae5dcd77ba','\'Title: Before J1939: A J1708/J1587 Protocol Decoder
\nWhen: Friday, Aug 7, 12:00 - 12:59 PDT
\nWhere: Car Hacking Vlg 002
\nSpeakers:Thomas Hayes,Dan Salloum
\n
SpeakerBio:Thomas Hayes\n
\nThomas Hayes is a Hardware Engineer at Bendix Commercial Vehicle Systems in Elyria, OH and a member of the SAE J1939 committees. In his current role, he manages the hardware process for braking and other heavy vehicle systems from brainstorming with napkin drawings to the creation of full PCBs to product testing and manufacturing. Prior to Bendix Thomas held design and leadership roles in a number of venture backed startups and worked in simulation technology for the aviation industry. In his spare time, Thomas enjoys rebuilding vintage motorcycles and teaching kids how to solder without burning their fingers off: success rate unknow.
\n
SpeakerBio:Dan Salloum\n
\nDaniel Salloum is a Reverse Engineer by title and curious at heart. He is currently employed by Assured Information Security where he spends his days doing security evaluations and creating tools that help. His background as both a system administrator and programmer help him to navigate system innards. If it must be done more than twice, he\'ll script it. If it can be recreated in a few hours, it probably will be. Daniel has recently been accepted into the world of ham radio, and may be heard on the airwaves at some point. This is his first conference and expects it won\'t be the last.
\n\n
\nDescription:
\nMedium and heavy duty equipment communicate over vehicle networks using a number of protocols and busses. While researching the interaction between tractors and semi-trailers, we identified the presence of two legacy protocols, J1708 (physical layer), and J1587 (transport layer). The current mechanisms to capture and decode this data do not promote cost efficient data DISCOVERY, but as a team, we have developed techniques that will allow us to use existing diagnostic hardware to capture and decode J1587, and J1708, messages from the vehicle bus.\n
pretty_1587, our software application, has been designed to process input streams and convert SAE J1708 and J1587 messages to a convenient format that a user can read or pass to another software application. Our open source python code has been designed to be versatile and to work with the output of existing diagnostic tools and can consume data over network sockets, from files, or from stdin, allowing most hardware solutions that interface directly with the serial bus will be able to pass data to pretty_1587 to decode the data contained in the J1587 messages.\n
\n
\n#chv-track002-text: https://discord.com/channels/708208267699945503/739564953014632579\n
YouTube: https://www.youtube.com/watch?v=5DYhXbWkWoA&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack002\n
\'',NULL,68915),('2_Friday','14','14:00','14:59','N','CHV','','\'Realistic Trends in Vulnerability based on Hacking into Vehicle\'','\'Ryosuke Uematsu,Shogo Nakao,Ryoichi Teramura,Tatsuya Katsuhara\'','CHV_52dc7688ac0b3974748fe6d88455de9a','\'Title: Realistic Trends in Vulnerability based on Hacking into Vehicle
\nWhen: Friday, Aug 7, 14:00 - 14:59 PDT
\nWhere: Car Hacking Vlg 001
\nSpeakers:Ryosuke Uematsu,Shogo Nakao,Ryoichi Teramura,Tatsuya Katsuhara
\n
SpeakerBio:Ryosuke Uematsu\n
\nNo BIO available
\n
SpeakerBio:Shogo Nakao\n
\nNo BIO available
\n
SpeakerBio:Ryoichi Teramura\n
\nNo BIO available
\n
SpeakerBio:Tatsuya Katsuhara\n
\nNo BIO available
\n\n
\nDescription:
\nThis presentation introduces the trends in the ECU vulnerabilities and the mitigations against the ones, and also our assessment method.\n
We have worked with more than 10 auto manufacturers and suppliers, and we have assessed a lot of their ECUs in development. Here, we had already found over 200 vulnerabilities, making it reveal the trends in both the vulnerabilities and mitigations statistically. Some of them make a huge impact on automotive safety, that is we can hack into the vehicle via the wireless connection.\n
\n
\n#chv-track001-text: https://discord.com/channels/708208267699945503/735650705930453173\n
YouTube: https://www.youtube.com/watch?v=VvojAHUej1Q&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack001\n
\'',NULL,68916),('2_Friday','15','15:00','15:59','N','CHV','','\'CAN be super secure: Bit Smashing FTW\'','\'Brent Stone\'','CHV_fe7e31bf52ea4e70e2f75269a19fdbcc','\'Title: CAN be super secure: Bit Smashing FTW
\nWhen: Friday, Aug 7, 15:00 - 15:59 PDT
\nWhere: Car Hacking Vlg 002
\n
SpeakerBio:Brent Stone\n
\nNo BIO available
\n\n
\nDescription:
\nBit smashing CAN transceivers are already on the market and cost pennies. Using them would make vehicles, robots, and medical devices effectively immune from almost every layer 2 attack including denial of service. Brent explains why this security measure works so well. This is also a call to action for industries using exclusively multicast ICS protocols like CAN to invest the <$5/platform to greatly improve their product\'s security.
\n
\n#chv-track002-text: https://discord.com/channels/708208267699945503/739564953014632579\n
YouTube: https://www.youtube.com/watch?v=5DYhXbWkWoA&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack002\n
\'',NULL,68917),('2_Friday','16','16:00','16:59','N','CHV','','\'Misbehavior Detection for V2X communication\'','\'Jaime\'','CHV_ca219cd8716441f8fcf5b7f1dfde3c99','\'Title: Misbehavior Detection for V2X communication
\nWhen: Friday, Aug 7, 16:00 - 16:59 PDT
\nWhere: Car Hacking Vlg 001
\n
SpeakerBio:Jaime\n
\nJaime is an EE turned software developer turned security researcher. She caught the infosec bug through playing CTFs, and now works at GRIMM hacking cars. In her spare time, she adds LEDs to things and hangs out with her dog.
\n\n
\nDescription:
\nIn this talk, we will present network attacks that aim at fooling V2X applications. Then, we will show how our misbehavior detection system can detect such attacks. We will also demonstrate the progression of an attacker that becomes smarter and smarter in order to highlight the limitations of current misbehavior detection systems. Attacks and defenses will be shown working on production-ready onboard unit.
\n
\n#chv-track001-text: https://discord.com/channels/708208267699945503/735650705930453173\n
YouTube: https://www.youtube.com/watch?v=VvojAHUej1Q&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack001\n
\'',NULL,68918),('3_Saturday','10','10:00','10:59','N','CHV','','\'Hacking TESLA Model 3 - NFC Relay Revisited\'','\'Huajiang \"Kevin2600\" Chen,Yuchao (Alex) Zhang\'','CHV_3d3be93c1ad053f8cf4a7e4f5b5b7fd9','\'Title: Hacking TESLA Model 3 - NFC Relay Revisited
\nWhen: Saturday, Aug 8, 10:00 - 10:59 PDT
\nWhere: Car Hacking Vlg 001
\nSpeakers:Huajiang \"Kevin2600\" Chen,Yuchao (Alex) Zhang
\n
SpeakerBio:Huajiang \"Kevin2600\" Chen\n
\nHuajiang \"Kevin2600\" Chen (Twitter: @kevin2600) is a senior security researcher at the Ingeek security research lab. He mainly focuses on vulnerability research in wireless and embedded systems. Kevin2600 has spoken at various conferences including XCON; KCON; DEFCON; BLACKHAT; CANSECWEST; OZSecCon and BSIDES
\nTwitter: @kevin2600
\n
SpeakerBio:Yuchao (Alex) Zhang\n
\nYuchao (Alex) Zhang is a senior security researcher at the Ingeek security research lab. Alex specializes in Vehicle and IOT Pentesting; Android reverse engineering and mobile vulnerability research.)
\n\n
\nDescription:
\nNFC technology is widely developed in payment; ticketing and access control systems. In the automobiles key fob field, Tesla Model 3 is one of the modern vehicles using an NFC tag as a digital car key. By implementing such a system, allows owners driving experience much conveniently.\n
However, on the other hand, attacking methods against the NFC system also emerge endlessly. The NFC Relay attack is one of the top methods. In this talk, we will reveal the research and attack methods for Tesla Model 3 NFC key tag system. By investigating how this feature works, and how to exploit the protocol by a design flaw. By the end of this talk, we will demonstrate the security limitations of such a system. And the attendees will not only understand how to exploit Tesla\'s NFC key tag system. But can also apply the same research methods for other brands of vehicles with similar NFC technology.\n
\n
\n#chv-track001-text: https://discord.com/channels/708208267699945503/735650705930453173\n
YouTube: https://www.youtube.com/watch?v=VvojAHUej1Q&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack001\n
\'',NULL,68919),('3_Saturday','12','12:00','12:59','N','CHV','','\'Houston, we CAV a problem\'','\'Vic Harkness\'','CHV_ec9857fbb60fcd69fa75c50aaf402682','\'Title: Houston, we CAV a problem
\nWhen: Saturday, Aug 8, 12:00 - 12:59 PDT
\nWhere: Car Hacking Vlg 002
\n
SpeakerBio:Vic Harkness\n
\nVic is a security consultant working at F-Secure Consulting in England. She works with a wide variety of tech, but her pet areas are novel networks, facial recognition systems, and novel biometric modalities. Outside of work she enjoys annoying birds, travel (or did), and photography. Find her on Twitter @vicharkness, where she mainly shitposts.
\n\n
\nDescription:
\nIn the future, connected and autonomous vehicles (CAVs) will be everywhere. A lot of different technologies have been proposed for use in CAV intelligent roadways. This talk presents the results of a literature review which aimed to examine the security of the proposals and standards. The proposed CAM/DENM protocols for maintaining awareness between vehicles are paid particular attention, as well as the use of 802.11p/OCB to create base-stationless ad-hoc networks. The results of threat modelling exercises to examine how an attacker may pivot through CAV networks to reach their goals are also described.
\n
\n#chv-track002-text: https://discord.com/channels/708208267699945503/739564953014632579\n
YouTube: https://www.youtube.com/watch?v=5DYhXbWkWoA&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack002\n
\'',NULL,68920),('3_Saturday','13','13:00','13:59','N','CHV','','\'CMAP: Open Source Vehicle Services Mapping Tool for noobs\'','\'Robert Leale (CarFuCar)\'','CHV_22e5d1eb5e1db00b7570d73884880088','\'Title: CMAP: Open Source Vehicle Services Mapping Tool for noobs
\nWhen: Saturday, Aug 8, 13:00 - 13:59 PDT
\nWhere: Car Hacking Vlg 001
\n
SpeakerBio:Robert Leale (CarFuCar)\n
\nRobert Leale (@carfucar) is an automotive hacker and a founding member of the Car Hacking Village. For more information please visit carhackingvillage.com/about
\nTwitter: @carfucar
\n\n
\nDescription:
\nCMAP works to catalog open services on vehicle Ex is by using the Diagnostic Scanning to automatically capture as much information as possible from your vehicle.
\n
\n#chv-track001-text: https://discord.com/channels/708208267699945503/735650705930453173\n
YouTube: https://www.youtube.com/watch?v=VvojAHUej1Q&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack001\n
\'',NULL,68921),('3_Saturday','14','14:00','14:59','N','CHV','','\'All Aboard the CAN Bus… or Motorcycle\'','\'Derrick (CanBusDutch)\'','CHV_44820a9665dc70451957f838c74f67ae','\'Title: All Aboard the CAN Bus… or Motorcycle
\nWhen: Saturday, Aug 8, 14:00 - 14:59 PDT
\nWhere: Car Hacking Vlg 002
\n
SpeakerBio:Derrick (CanBusDutch)\n
\nDerrick is a corporate IT infrastructure professional, Cyber security hobbyist and motorcycle enthusiast, with more than a decade involved in the fields. When Derrick isn’t consulting for major firms in the San Francisco area, feeding his autodidact addiction, or working on independent projects, he can be briefly seen as a blur passing you on the highway.
\n\n
\nDescription:
\nFollow me as my passion for motorcycles, goes head first into my passion for computers, and I build tools and software to reverse engineer my motorcycle\'s CAN system. Python scripts, microcontrollers, pulse width modulation, some potentiometers, and a bit of what I like to call “Ruthless Engineeringâ€, has helped me finally reach the pinnacle of CAN bus packet reversing. We’ll cover some engine simulation, execute some packet capture session analysis, and put it all back together again, for the development of an aftermarket gauge cluster.
\n
\n#chv-track002-text: https://discord.com/channels/708208267699945503/739564953014632579\n
YouTube: https://www.youtube.com/watch?v=5DYhXbWkWoA&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack002\n
\'',NULL,68922),('3_Saturday','15','15:00','15:59','N','CHV','','\'From Blackbox to Automotive Ransomware\'','\'Nils Weiss,Enrico Pozzobon\'','CHV_05b867e7a6941068b0d9ea6686acd6c2','\'Title: From Blackbox to Automotive Ransomware
\nWhen: Saturday, Aug 8, 15:00 - 15:59 PDT
\nWhere: Car Hacking Vlg 001
\nSpeakers:Nils Weiss,Enrico Pozzobon
\n
SpeakerBio:Nils Weiss\n
\nNils Weiss and Enrico Pozzobon are PhD students at the University of Applied Sciences in Regensburg. Both are focusing on automotive security research since more than 4 years. After an internship at Tesla Motors, Nils decided to focus on automotive security as a research field. During his bachelor and master program, he started with penetration testing of entire vehicles.\n
Enrico Pozzobon started with automotive security during his Erasmus semester at the University of Applied Sciences in Regensburg. He studied telecommunication engineering at the University of Padua. Since 3 years, Nils and Enrico are building up a laboratory for automotive penetration testing at the University of Applied Sciences in Regensburg. Besides penetration testing of automotive systems, both are contributing to open source penetration testing frameworks for automotive systems (Scapy).\n
\n
SpeakerBio:Enrico Pozzobon\n
\nNils Weiss and Enrico Pozzobon are PhD students at the University of Applied Sciences in Regensburg. Both are focusing on automotive security research since more than 4 years. After an internship at Tesla Motors, Nils decided to focus on automotive security as a research field. During his bachelor and master program, he started with penetration testing of entire vehicles.\n
Enrico Pozzobon started with automotive security during his Erasmus semester at the University of Applied Sciences in Regensburg. He studied telecommunication engineering at the University of Padua. Since 3 years, Nils and Enrico are building up a laboratory for automotive penetration testing at the University of Applied Sciences in Regensburg. Besides penetration testing of automotive systems, both are contributing to open source penetration testing frameworks for automotive systems (Scapy).\n
\n\n
\nDescription:
\nThe lack of state of the art security features in many current cars can lead to devastating impacts for the vehicle owners and passengers. This talk presents the full path from the investigation of safety critical ECUs to the development of a proof of concept malware/ransomware affecting the whole car.
\n
\n#chv-track001-text: https://discord.com/channels/708208267699945503/735650705930453173\n
YouTube: https://www.youtube.com/watch?v=VvojAHUej1Q&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack001\n
\'',NULL,68923),('3_Saturday','16','16:00','16:59','N','CHV','','\'ChupaCarBrah: Open Source Hardware and Software for Interacting with your Vehicle CAN Bus\'','\'Marcelo Sacchetin\'','CHV_7513076e8248c2a76e3488d0c15f0b71','\'Title: ChupaCarBrah: Open Source Hardware and Software for Interacting with your Vehicle CAN Bus
\nWhen: Saturday, Aug 8, 16:00 - 16:59 PDT
\nWhere: Car Hacking Vlg 002
\n
SpeakerBio:Marcelo Sacchetin\n
\nNo BIO available
\n\n
\nDescription:
\nCommercial products for interacting with CAN can be pricey and not easily extensible. Some good open source hardware are very often out of stock by distributors. ChupaCarBrah is a Python based device for sending and receiving CAN messages from your vehicle that requires just a BeagleBone Blue and some wiring.\n
We cover how to build a device 100% based on open source software and hardware. It makes it more affordable, and easy to use/extend. It is designed for newcomers to the car hacking community, and also for more seasoned hackers that will be able to leverage a single board computer attached to the car\'s CAN bus. As an example on how to extend it, we show how to use cellular LTE network to exfiltrate all the OBDII/CAN and GPS data to the cloud. It is pretty useful specially for remotely monitoring the car, and also for online training and/or virtual meetings. All source code and detailed instructions on how to install, assemble and use the device are shared on Github and Hackster.io.\n
\n
\n#chv-track002-text: https://discord.com/channels/708208267699945503/739564953014632579\n
YouTube: https://www.youtube.com/watch?v=5DYhXbWkWoA&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack002\n
\'',NULL,68924),('4_Sunday','10','10:00','10:59','N','CHV','','\'Hacking Ludicrous Mode on a Tesla (moar powerr!)\'','\'Patrick Kiley\'','CHV_d43f5340948810e8791741cf9297ae9e','\'Title: Hacking Ludicrous Mode on a Tesla (moar powerr!)
\nWhen: Sunday, Aug 9, 10:00 - 10:59 PDT
\nWhere: Car Hacking Vlg 001
\n
SpeakerBio:Patrick Kiley\n, Principal Security Consultant, Rapid7
\nPatrick Kiley (GXPN, GPEN, GAWN, GCIH, CISSP, MCSE) has over 18 years of information security experience working with both private sector employers and the Department of Energy/National Nuclear Security Administration (NNSA). While he was with the NNSA he built the NNSA\'s SOC and spent several years working for emergency teams. Patrick has performed research in Avionics security and Internet connected transportation platforms. Patrick has experience in all aspects of penetration testing, security engineering, hardware hacking, IoT, Autonomous Vehicles and CAN bus.
\nTwitter: @gigstorm
\n\n
\nDescription:
\nThis talk will cover how I reverse engineered the ludicrous upgrade process on the P85D. I then successfully upgraded the hardware and firmware on a P85D to make the car faster. I will cover the hardware upgrades, the firmware changes as well as the architecture of the Tesla Battery Management System.
\n
\n#chv-track001-text: https://discord.com/channels/708208267699945503/735650705930453173\n
YouTube: https://www.youtube.com/watch?v=VvojAHUej1Q&feature=youtu.be\n
Twitch: https://www.twitch.tv/chvtrack001\n
\'',NULL,68925),('2_Friday','10','10:00','10:30','N','VMV','','\'Welcome and Kick-Off\'','\'Harri Hursti,Matt Blaze,Maggie MacAlpine\'','VMV_9a49f59a83390a870385e1f3d9d2cdad','\'Title: Welcome and Kick-Off
\nWhen: Friday, Aug 7, 10:00 - 10:30 PDT
\nWhere: Voting Vlg
\nSpeakers:Harri Hursti,Matt Blaze,Maggie MacAlpine
\n
SpeakerBio:Harri Hursti\n
\nCo-Founder, DEF CON Voting Village
\nFounding Partner, Nordic Innovation Labs
\n
SpeakerBio:Matt Blaze\n
\nCo-Founder, DEF CON Voting Village
\nProfessor of Law and McDevitt Chair for the Department of Computer Science, Georgetown University
\n
SpeakerBio:Maggie MacAlpine\n
\nCo-Founder, DEF CON Voting Village
\nCo-Founder, Nordic Innovation Labs
\n\n
\nDescription:No Description available
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68926),('2_Friday','10','10:30','10:59','N','VMV','','\'Keynote Remarks: Representative Jackie Speier\'','\'Jackie Speier\'','VMV_d5ae627dafe18cff19a8e3ffe4c9d217','\'Title: Keynote Remarks: Representative Jackie Speier
\nWhen: Friday, Aug 7, 10:30 - 10:59 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Jackie Speier\n
\nRepresentative Jackie Speier, 14th District, California
\n\n
\nDescription:No Description available
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68927),('2_Friday','11','11:00','11:30','N','VMV','','\'A Policy Approach to Resolving Cybersecurity Problems inthe Election Process\'','\'Jody Westby\'','VMV_3fc5d6096fe6322357cb7365ebc4697c','\'Title: A Policy Approach to Resolving Cybersecurity Problems inthe Election Process
\nWhen: Friday, Aug 7, 11:00 - 11:30 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Jody Westby\n, CEO, Global Cyber Risk LLC
\nNo BIO available
\n\n
\nDescription:
\nCybersecurity researchers keep identifying cybersecurity vulnerabilities in voting machines andin the election process, but not much happens in closing identified vulnerabilities. The privatesector vendors involved in voter registration, manufacturing and programming voting machines,and vote tabulation are less than responsive and few have not provided evidence that they havestrong cybersecurity programs that meet best practices and standards and regular have cyberrisk assessments performed. This presentation will put forward a federal policy approach thatwill help correct these problems and advance the integrity of elections across the country.
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68928),('2_Friday','11','11:30','12:30','N','VMV','','\'Hacking Democracy II: On Securing an Election Under Times of Uncertainty and Upheaval\'','\'Casey John Ellis,Kimber Dowsett,Tod Beardsley,Jack Cable,Amèlie Koran\'','VMV_625487c857965c7eed14912d7f77138f','\'Title: Hacking Democracy II: On Securing an Election Under Times of Uncertainty and Upheaval
\nWhen: Friday, Aug 7, 11:30 - 12:30 PDT
\nWhere: Voting Vlg
\nSpeakers:Casey John Ellis,Kimber Dowsett,Tod Beardsley,Jack Cable,Amèlie Koran
\n
SpeakerBio:Casey John Ellis\n, Founder and CTO, Bugcrowd
\nCasey Ellis is the Founder, Chairman and CTO of Bugcrowd and the co-founder of the The disclose.io Project. Casey has been making computers, companies, and markets misbehave for great justice since his youth, and pioneered the crowdsourced security-as-a-service industry in 2012.
\n
SpeakerBio:Kimber Dowsett\n, Director of Security Engineering, Truss
\nNo BIO available
\n
SpeakerBio:Tod Beardsley\n, Director of Research, Rapid7
\nNo BIO available
\n
SpeakerBio:Jack Cable\n, Election Security Technical Advisor, U.S. CISA
\nNo BIO available
\n
SpeakerBio:Amèlie Koran\n, Senior Technology Advocate, Splunk
\nNo BIO available
\n\n
\nDescription:
\nDemocracy is the cornerstone of America’s Constitution, identity, and ideology, and this foundation was shaken during the 2016 Presidential Election. Four years later, we still have great lengths to go to ensure that the integrity of the 2020 Presidential Election, and any election moving forward, is protected.\n
In February, this panel convened to discuss the threats and challenges that are present and may arise between then and the November election. We discussed the intersection of people,technology, security, and elections, with a focus on themes including:\n
\n - The true scope of the problem when it comes to “hacking electionsâ€\n
- The biggest threats to the 2020 vote–threat modeling for disinformation, voting machine vulnerabilities, website hacking, and election manipulation\n
- The role of hackers and coordinated vulnerability disclosure in building voter trust and improve cyber-resilience\n
- The impact for the elections in the west at large, driven by the U.S.’s prominence as the champion for democracy.
\nHowever, we did not know a pandemic and a constantly changing rhetoric by candidates and government leaders, along with several court cases, primaries and other events would add even more challenges for the 2020 election. We will discuss what is left in the 90 days left between now and the election, what can be feasibly helped by the public, governments, and others to ensure a secure and valid election, as well as what will need to be carried forward as lessons learned.\n
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68929),('2_Friday','12','11:30','12:30','Y','VMV','','\'Hacking Democracy II: On Securing an Election Under Times of Uncertainty and Upheaval\'','\'Casey John Ellis,Kimber Dowsett,Tod Beardsley,Jack Cable,Amèlie Koran\'','VMV_625487c857965c7eed14912d7f77138f','\'\'',NULL,68930),('2_Friday','12','12:30','12:59','N','VMV','','\'See Something, Say Something\'','\'Marten Mickos\'','VMV_8ad8d9809e3f6bd41a441e1277af04a0','\'Title: See Something, Say Something
\nWhen: Friday, Aug 7, 12:30 - 12:59 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Marten Mickos\n, CEO, HackerOne
\nNo BIO available
\n\n
\nDescription:No Description available
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68931),('2_Friday','13','13:00','13:59','N','VMV','','\'A Panel with the Feds on Election Security\'','\'Bryson Bort,David Imbordino,Brig. Gen. William Hartman,Matthew Masterson,Cynthia Kaiser,Dan Kimmage\'','VMV_53793c26a1d6fe9fa375efbd699728be','\'Title: A Panel with the Feds on Election Security
\nWhen: Friday, Aug 7, 13:00 - 13:59 PDT
\nWhere: Voting Vlg
\nSpeakers:Bryson Bort,David Imbordino,Brig. Gen. William Hartman,Matthew Masterson,Cynthia Kaiser,Dan Kimmage
\n
SpeakerBio:Bryson Bort\n
\nFounder of SCYTHE, next generation attack emulation platform; GRIMM, cybersecurity consultancy; ICS Village Co-Founder, 501c3 for ICS security awareness. Senior Fellow for Cyber/National Security at R Street and National Security Institute; Advisor to the Army Cyber Institute and DHS/CISA.
\n
SpeakerBio:David Imbordino\n, Election Security Lead, National Security Agency
\nNo BIO available
\n
SpeakerBio:Brig. Gen. William Hartman\n, Commander, Cyber National Mission Force
\nNo BIO available
\n
SpeakerBio:Matthew Masterson\n, Senior Cybersecurity Advisor, CISA
\nNo BIO available
\n
SpeakerBio:Cynthia Kaiser\n, Deputy Chief of Analysis for National Security Cyber Threats, FBI
\nNo BIO available
\n
SpeakerBio:Dan Kimmage\n, Principal Deputy Coordinator, Global Engagement Center, Department of State
\nNo BIO available
\n\n
\nDescription:
\nElections are critical in a free and fair society. Public trust in election infrastructure begins with understanding what the Government has done with transparency and how the hacker community can help. We are all citizens and our voices should be heard.\n
\n - What has the Federal Government done since 2016 including with state and local? \n
- What changes have come about with the military’s Defend Forward strategy in 2018?\n
- How do they work together with the domestic efforts? \n
- How are foreign and domestic campaigns of disinformation managed? \n
- What else could we do better? \n
- How can the hacker community help?
\n\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68932),('2_Friday','14','14:00','14:30','N','VMV','','\'Keynote Remarks: Senator Ron Wyden\'','\'Ron Wyden\'','VMV_f2d023c0034f118e06b7f0e104e6493b','\'Title: Keynote Remarks: Senator Ron Wyden
\nWhen: Friday, Aug 7, 14:00 - 14:30 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Ron Wyden\n, Senator, Oregon
\nNo BIO available
\n\n
\nDescription:No Description available
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68933),('2_Friday','14','14:30','14:59','N','VMV','','\'Chairman Benjamin Hovland, US Election Assistance Commission\'','\'Benjamin Hovland\'','VMV_1df67cbf71c8d5c3e52a7d6e65277aa6','\'Title: Chairman Benjamin Hovland, US Election Assistance Commission
\nWhen: Friday, Aug 7, 14:30 - 14:59 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Benjamin Hovland\n, Chairman, U.S. Election Assistance Commission
\nNo BIO available
\n\n
\nDescription:No Description available
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68934),('2_Friday','15','15:00','15:30','N','VMV','','\'Secretary Kim Wyman, Washington\'','\'Kim Wyman\'','VMV_bf46992fc23a90be744dad53f1a7a7db','\'Title: Secretary Kim Wyman, Washington
\nWhen: Friday, Aug 7, 15:00 - 15:30 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Kim Wyman\n, Secretary of State, Washington
\nNo BIO available
\n\n
\nDescription:No Description available
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68935),('3_Saturday','10','10:00','10:30','N','VMV','','\'War By Other Means: How Influence Operations Undermine Democracy\'','\'Ben Dubow\'','VMV_2a84fc1fdf9870b9700dbbac858cfed7','\'Title: War By Other Means: How Influence Operations Undermine Democracy
\nWhen: Saturday, Aug 8, 10:00 - 10:30 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Ben Dubow\n, CTO and President, Omelas
\nNo BIO available
\n\n
\nDescription:
\nNew tactics and capabilities in information warfare give authoritarians unprecedented power to \"hack\" the electorates. Our research on campaigns in Poland and Taiwan show the breadth and impact of operations against democracies around the world and what they foreshadow for the US Presidential election.
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68936),('3_Saturday','10','10:30','10:59','N','VMV','','\'John Odum, Montpelier, VT\'','\'John Odum\'','VMV_c733a4c71fe196b87a6f7dee0efb0dbd','\'Title: John Odum, Montpelier, VT
\nWhen: Saturday, Aug 8, 10:30 - 10:59 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:John Odum\n, City Clerk, Montpelier, Vermont
\nCMC, CEH, CNDA, MCP, CIW\n
\n\n
\nDescription:No Description available
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68937),('3_Saturday','11','11:00','11:30','N','VMV','','\'Heightened Election Security Risks Admist the Pandemic\'','\'Jack Cable,Alex Zaheer\'','VMV_4a0f651ade8a18cfdc38ce23e83ebf27','\'Title: Heightened Election Security Risks Admist the Pandemic
\nWhen: Saturday, Aug 8, 11:00 - 11:30 PDT
\nWhere: Voting Vlg
\nSpeakers:Jack Cable,Alex Zaheer
\n
SpeakerBio:Jack Cable\n, Election Security Technical Advisor, U.S. CISA
\nNo BIO available
\n
SpeakerBio:Alex Zaheer\n, Election Security Technical Advisor, U.S. CISA
\nNo BIO available
\n\n
\nDescription:
\nAmidst the COVID-19 pandemic, countless aspects of American life have been impacted, including our elections. Accommodations for the pandemic include an unprecedented shift towards absentee balloting across the United States, as well as drastically reduced in-person voting options. While we cannot predict the state of the pandemic come November, it is clear that elections will operate differently, constrained by health concerns around in-person voting,reduced polling place staff, and massive budget shortfalls. Such large-scale change will necessarily impact election security, as new attack surfaces open due to states relying on rapidly expanded infrastructure. With political polarization at a high, it is crucial that elections remain safe and secure despite the pandemic, and that American citizens believe their elections credible. In this talk, we will explore the areas of election infrastructure that are changing, and new associated security concerns based on our work at the U.S. Cybersecurity and Infrastructure Security Agency (CISA).\n
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68938),('3_Saturday','11','11:30','11:59','N','VMV','','\'Hack-a-Fax\'','\'Forrest Senti,Mattie Gullixson,Caleb Gardner\'','VMV_1c4fc6a8b871a60bcea6db9e04e1fb9f','\'Title: Hack-a-Fax
\nWhen: Saturday, Aug 8, 11:30 - 11:59 PDT
\nWhere: Voting Vlg
\nSpeakers:Forrest Senti,Mattie Gullixson,Caleb Gardner
\n
SpeakerBio:Forrest Senti\n, Director of Business & Government Affairs, National Cybersecurity Center
\nNo BIO available
\n
SpeakerBio:Mattie Gullixson\n, Secure the Vote Project Manager, National Cybersecurity Center
\nNo BIO available
\n
SpeakerBio:Caleb Gardner\n, NCC Research Fellow, National Cybersecurity Center
\nNo BIO available
\n\n
\nDescription:
\nMillions of overseas voters must choose between the following ballot return methods: international mail, email or fax return as allowed by each respective state law. The insecurity of email and fax, arguably, creates a security gap in the overall elections infrastructure that undermines its integrity. The National Cybersecurity Center proposes to ‘hack a fax’ in order to demonstrate the lack of security, and create an opportunity to strengthen standards. The concern to the broader community is that as we continue to seek to make voting more accessible, it must also be secure. Policies that limit overseas voters to technology that may not have security standards in place, and therefore are insecure, reduces the integrity of the overall elections ecosystem.
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68939),('3_Saturday','12','12:00','12:30','N','VMV','','\'Analysis of the Attack Data Collected During Mobile Voting Pilots\'','\'Nimit Sawhney,Nailah Mims\'','VMV_2ed40dc3baab4f334497cee9aa30650f','\'Title: Analysis of the Attack Data Collected During Mobile Voting Pilots
\nWhen: Saturday, Aug 8, 12:00 - 12:30 PDT
\nWhere: Voting Vlg
\nSpeakers:Nimit Sawhney,Nailah Mims
\n
SpeakerBio:Nimit Sawhney\n, Co-Founder and CSO, Voatz, Inc.
\nNo BIO available
\n
SpeakerBio:Nailah Mims\n, Principal Security Engineer/Analyst, Voatz, Inc.
\nNo BIO available
\n\n
\nDescription:
\nSince 2018, we have been experimenting with smartphone-app based mobile voting for a very small number of voters across various jurisdictions in the United States. The small-scale nature of these pilots has not prevented attackers and researchers from around the world from attempting to break into the platform at multiple levels. In this paper, we present the significant amount of attack data that has been collected over the past couple of years and an early analysis of the nature of these attack attempts, their lethality, origins, etc. We also present the mitigation measures that have worked and the ones that haven’t. Lastly, we will also dive deeper into a couple of very significant attack attempts and present a detailed analysis of the threat vectors, the attack modality, duration, etc. All this data is being shared in the public domain for the very first time and an anonymized dataset will be available for open downloads. We hope that it will further inform research in this space.
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68940),('3_Saturday','12','12:30','12:59','N','VMV','','\'Remote Online Balloting Delivery and Marking Options and Security Considerations for Absentee Voting During the COVID-19 Pandemic\'','\'Susan Greenhalgh,Steve Newell\'','VMV_a4f12a81771200bc8abf6a87094f405a','\'Title: Remote Online Balloting Delivery and Marking Options and Security Considerations for Absentee Voting During the COVID-19 Pandemic
\nWhen: Saturday, Aug 8, 12:30 - 12:59 PDT
\nWhere: Voting Vlg
\nSpeakers:Susan Greenhalgh,Steve Newell
\n
SpeakerBio:Susan Greenhalgh\n, Senior Advisor on Election Security, Free Speech for People
\nNo BIO available
\n
SpeakerBio:Steve Newell\n, Project Director, Center for Scientific Evidence in Public Issues, American Association for the Advancement of Science, Center for Scientific Evidence in Public Issues
\nNo BIO available
\n\n
\nDescription:
\nAs States grapple with the difficult task of holding elections during the novel coronavirus pandemic, election administrators are exploring and implementing technology to deliver blank ballots electronically. The expansion of vote by mail in many states also necessitates a remote accessible ballot marking option for voters with disabilities.\n
A number of available systems allow the voter to receive a blank ballot electronically, mark it on their computer and print it for mailing or drop off without transmitting the voted ballot to the election office. However, these remote accessible ballot marking systems can be designed indifferent ways that have significantly different security and privacy profiles.\n
We explore the different architectures for remote ballot marking, comparing systems that conduct the marking process over the internet, (on a remote server), and those that mark ballots statelessly, on the client’s device. We consider the security and privacy issues associated with both technologies, and offer specific recommendations to limit security and privacy risks.\n
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68941),('3_Saturday','13','13:00','13:30','N','VMV','','\'Don’t Go Postal Over Mail In Voting\'','\'Bianca Lewis\'','VMV_efa172e81d3debac313517de6d936c05','\'Title: Don’t Go Postal Over Mail In Voting
\nWhen: Saturday, Aug 8, 13:00 - 13:30 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Bianca Lewis\n, Founder and CEO, Girls Who Hack; Secure OpenVote
\nNo BIO available
\n\n
\nDescription:
\nAs the previous DEF CON Voting Villages have proved, our voting equipment and infrastructure are very vulnerable to multiple types of attacks. But now, with everything that’s going on in the world ,voting by mail is the new vulnerable thing! Instead of focusing on problems and broken things, this talk will focus on simple fixes that vendors and governments can put into action right now. Starting with the registering to vote, then moving through parts of the entire system, BiaSciLab will offer suggestions on how simple practices and changes in thinking can improve the security of the entire system.\n
Last year, in the Voting Village BiaSciLab did a talk on the election systems problems and howto fix them. This year with voting by mail, new problems are appearing! Like States not allowing people to vote by mail! Breaking down these flaws and offering real solutions for each one, BiaSciLab will bring hope in the face of this daunting and complex security problem in these hard times.\n
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68942),('3_Saturday','15','15:30','15:59','N','VMV','','\'A Lawyer\'s Reflections on Elections\'','\'Cordero Alexander Delgadillo\'','VMV_5cd8050c95ad5c5aed36e823865f2c18','\'Title: A Lawyer\'s Reflections on Elections
\nWhen: Saturday, Aug 8, 15:30 - 15:59 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Cordero Alexander Delgadillo\n, Attorney, Sublime Law, PLLC
\nNo BIO available
\nTwitter: @CORDERO_ESQ
\n\n
\nDescription:
\nJoin Cordero Alexander Delgadillo (@CORDERO_ESQ), a business and technology lawyer, and more recently a former political candidate, as he demonstrates that elections, especially local elections, are akin to information systems (even reasonably locked down systems), because both are highly susceptible to the very non-tech, human vulnerabilities (nefarious and negligent). In this talk Cordero will provide insight by:\n
\n - Examining the structures of American Democracy\n
- Telling stories from his own election lawsuit: Delgadillo v. City of Peoria et al\n
- Highlighting election process issues deemed “inconsequential†or “un-addressableâ€\n
- Sharing information and resources
\n\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68943),('3_Saturday','14','14:00','14:30','N','VMV','','\'Vote-from-home? Review of Election Security on Remote Voting in Response to COVID-19\'','\'Sang-Oun Lee\'','VMV_fc161eab88a22aaf6ca992d8213c152f','\'Title: Vote-from-home? Review of Election Security on Remote Voting in Response to COVID-19
\nWhen: Saturday, Aug 8, 14:00 - 14:30 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Sang-Oun Lee\n, Applied Data Fellow, International Innovation Corps, University of Chicago
\nNo BIO available
\n\n
\nDescription:
\nThis presentation poses a question on whether the remote voting by online or vote-by-mail is trustworthy under the COVID-19 pandemic situation. One of the worldwide efforts to contain thevirus was to work-from-home and restriction orders. Besides, because of the human contact is critical in the dissemination of the virus, possibilities of alternative methods of voting such as online voting, blockchain voting, vote-by-mail are proposed. In light of such a situation, the article proposes a framework to evaluate the election security of remote voting methods. Further, the article provides a case of best practice for election administration from the case of the Republic of Korea. Based off of the assessment results from the proposed evaluation framework, the article provides modest suggestions and policy implications to the election administrators.
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68944),('3_Saturday','14','14:30','14:59','N','VMV','','\'Electronic Ballot Return Standards & Guidelines\'','\'Forrest Senti,Mattie Gullixson\'','VMV_18e79844d695b24342cce6b7a2998161','\'Title: Electronic Ballot Return Standards & Guidelines
\nWhen: Saturday, Aug 8, 14:30 - 14:59 PDT
\nWhere: Voting Vlg
\nSpeakers:Forrest Senti,Mattie Gullixson
\n
SpeakerBio:Forrest Senti\n, Director of Business & Government Affairs, National Cybersecurity Center
\nNo BIO available
\n
SpeakerBio:Mattie Gullixson\n, Secure the Vote Project Manager, National Cybersecurity Center
\nNo BIO available
\n\n
\nDescription:
\nThe emergence of new electronic ballot return methods creates an opportunity for greater vote access and potential enfranchisement, but also raises concerns about security in an increasingly tumultuous cyber-election landscape. The challenge of security is further compounded by a lack of proactive guidance from the federal level on developing these new technologies, leaving a gap in the secure development of the technologies to adopt an elections framework and approach to security. Experts from the National Cybersecurity Center (NCC) will offer a draft of security guidelines for the new electronic ballot return platforms to consider, and for federal agencies to adopt. The guidelines format mimics the Voluntary Voting System Guidelines created by the Election Assistance Commission.
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68945),('3_Saturday','15','15:00','15:30','N','VMV','','\'Understanding Cyber-Attacks and Their Implications to Democratic Regimes\'','\'Javier F. Patiño GarcÃa\'','VMV_eefe53630fdcaf21e336597557fb0390','\'Title: Understanding Cyber-Attacks and Their Implications to Democratic Regimes
\nWhen: Saturday, Aug 8, 15:00 - 15:30 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Javier F. Patiño GarcÃa\n, MPP Candidate, University of Chicago Harris School of Public Policy
\nNo BIO available
\n\n
\nDescription:
\nCyber-security experts have documented how authoritarian regimes attacked the US voting infrastructure or how this type of governments stole information from American companies. This evidence suggests that authoritarian regimes are more likely to conduct cyber-attacks than democratic ones. The purpose of this research is to prove this hypothesis. With information from the Center for Strategic and International Studies (CSIS), this research provides a descriptive analysis of the Significant Cyber Incidents that occurred worldwide from 2006 to 2019. To prove the former hypothesis, this research shows the results from panel data models with random and fixed effects, which provide evidence that confirms this hypothesis: authoritarian regimes are more likely to commit cyber-attacks than democratic states. However, there is no evidence to sustain that democracies are more likely to be attacked than authoritarian regimes. In otherwords, all regimes are subject to cyber-attacks.\n
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68946),('3_Saturday','16','16:00','16:30','N','VMV','','\'Protecting Elections with Data Science -- A Tool for 2020 and Beyond\'','\'Stephanie Singer\'','VMV_3848dc752c8aba07d4ee3dad86cfde6c','\'Title: Protecting Elections with Data Science -- A Tool for 2020 and Beyond
\nWhen: Saturday, Aug 8, 16:00 - 16:30 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Stephanie Singer\n, Consultant and Data Scientist, Verified Voting
\nNo BIO available
\n\n
\nDescription:
\nWhat are the possibilities, and challenges, for using data science to protect elections? Stephanie Singer will describe an open source tool to aid in quick consolidation of election results, and a public-facing web front end planned for November 2020 and beyond.
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68947),('2_Friday','10','10:00','11:30','N','LBV','','\'Bypass 101 + Q&A\'','\'\'','LBV_c38755132cd46374edb36addc5422e34','\'Title: Bypass 101 + Q&A
\nWhen: Friday, Aug 7, 10:00 - 11:30 PDT
\nWhere: Lock Bypass Vlg
\n
\nDescription:No Description available
\n
\n#lbv-infobooth-text: https://discord.com/channels/708208267699945503/737042096904732703\n
\'',NULL,68948),('2_Friday','11','10:00','11:30','Y','LBV','','\'Bypass 101 + Q&A\'','\'\'','LBV_c38755132cd46374edb36addc5422e34','\'\'',NULL,68949),('2_Friday','11','11:30','12:59','N','LBV','','\'DIY Bypass Tool Workshop + Q&A\'','\'\'','LBV_7ceab890e2654fd24e319ca007f70e1d','\'Title: DIY Bypass Tool Workshop + Q&A
\nWhen: Friday, Aug 7, 11:30 - 12:59 PDT
\nWhere: Lock Bypass Vlg
\n
\nDescription:No Description available
\n
\n#lbv-infobooth-text: https://discord.com/channels/708208267699945503/737042096904732703\n
\'',NULL,68950),('2_Friday','12','11:30','12:59','Y','LBV','','\'DIY Bypass Tool Workshop + Q&A\'','\'\'','LBV_7ceab890e2654fd24e319ca007f70e1d','\'\'',NULL,68951),('2_Friday','15','15:00','16:30','N','LBV','','\'Alarm Bypass + Q&A\'','\'\'','LBV_5ef14a1f21be11f26b30e23438ec8db4','\'Title: Alarm Bypass + Q&A
\nWhen: Friday, Aug 7, 15:00 - 16:30 PDT
\nWhere: Lock Bypass Vlg
\n
\nDescription:No Description available
\n
\n#lbv-infobooth-text: https://discord.com/channels/708208267699945503/737042096904732703\n
\'',NULL,68952),('2_Friday','16','15:00','16:30','Y','LBV','','\'Alarm Bypass + Q&A\'','\'\'','LBV_5ef14a1f21be11f26b30e23438ec8db4','\'\'',NULL,68953),('2_Friday','13','13:00','14:59','N','LBV','','\'General Q&A / Drop-in and Chat\'','\'\'','LBV_40e8174cc9f1954f835cae9b3e99e868','\'Title: General Q&A / Drop-in and Chat
\nWhen: Friday, Aug 7, 13:00 - 14:59 PDT
\nWhere: Lock Bypass Vlg
\n
\nDescription:No Description available
\n
\n#lbv-infobooth-text: https://discord.com/channels/708208267699945503/737042096904732703\n
\'',NULL,68954),('2_Friday','14','13:00','14:59','Y','LBV','','\'General Q&A / Drop-in and Chat\'','\'\'','LBV_40e8174cc9f1954f835cae9b3e99e868','\'\'',NULL,68955),('2_Friday','16','16:30','16:59','N','LBV','','\'General Q&A / Drop-in and Chat\'','\'\'','LBV_e0c553b515cfe1d7e4986bb5d5432712','\'Title: General Q&A / Drop-in and Chat
\nWhen: Friday, Aug 7, 16:30 - 16:59 PDT
\nWhere: Lock Bypass Vlg
\n
\nDescription:No Description available
\n
\n#lbv-infobooth-text: https://discord.com/channels/708208267699945503/737042096904732703\n
\'',NULL,68956),('3_Saturday','11','11:00','12:30','N','LBV','','\'Bypass 101 + Q&A\'','\'\'','LBV_e9b0de49a78556a92c2db5e781132730','\'Title: Bypass 101 + Q&A
\nWhen: Saturday, Aug 8, 11:00 - 12:30 PDT
\nWhere: Lock Bypass Vlg
\n
\nDescription:No Description available
\n
\n#lbv-infobooth-text: https://discord.com/channels/708208267699945503/737042096904732703\n
\'',NULL,68957),('3_Saturday','12','11:00','12:30','Y','LBV','','\'Bypass 101 + Q&A\'','\'\'','LBV_e9b0de49a78556a92c2db5e781132730','\'\'',NULL,68958),('3_Saturday','12','12:30','13:59','N','LBV','','\'Alarm Bypass + Q&A\'','\'\'','LBV_eed209de6553e502198621e320b8b039','\'Title: Alarm Bypass + Q&A
\nWhen: Saturday, Aug 8, 12:30 - 13:59 PDT
\nWhere: Lock Bypass Vlg
\n
\nDescription:No Description available
\n
\n#lbv-infobooth-text: https://discord.com/channels/708208267699945503/737042096904732703\n
\'',NULL,68959),('3_Saturday','13','12:30','13:59','Y','LBV','','\'Alarm Bypass + Q&A\'','\'\'','LBV_eed209de6553e502198621e320b8b039','\'\'',NULL,68960),('3_Saturday','14','14:00','15:30','N','LBV','','\'Reconnaissance + Q&A\'','\'\'','LBV_c6fd3358ece1cfefe4f85d8288d08d1f','\'Title: Reconnaissance + Q&A
\nWhen: Saturday, Aug 8, 14:00 - 15:30 PDT
\nWhere: Lock Bypass Vlg
\n
\nDescription:No Description available
\n
\n#lbv-infobooth-text: https://discord.com/channels/708208267699945503/737042096904732703\n
\'',NULL,68961),('3_Saturday','15','14:00','15:30','Y','LBV','','\'Reconnaissance + Q&A\'','\'\'','LBV_c6fd3358ece1cfefe4f85d8288d08d1f','\'\'',NULL,68962),('3_Saturday','15','15:30','16:59','N','LBV','','\'Bypass 101 + Q&A\'','\'\'','LBV_eb8f6e0691c35fe99cbed3fa5e193667','\'Title: Bypass 101 + Q&A
\nWhen: Saturday, Aug 8, 15:30 - 16:59 PDT
\nWhere: Lock Bypass Vlg
\n
\nDescription:No Description available
\n
\n#lbv-infobooth-text: https://discord.com/channels/708208267699945503/737042096904732703\n
\'',NULL,68963),('3_Saturday','16','15:30','16:59','Y','LBV','','\'Bypass 101 + Q&A\'','\'\'','LBV_eb8f6e0691c35fe99cbed3fa5e193667','\'\'',NULL,68964),('4_Sunday','15','15:30','16:59','N','LBV','','\'General Q&A / Drop-in and Chat\'','\'\'','LBV_384b257bd457baf65619a4a7fa9f11dd','\'Title: General Q&A / Drop-in and Chat
\nWhen: Sunday, Aug 9, 15:30 - 16:59 PDT
\nWhere: Lock Bypass Vlg
\n
\nDescription:No Description available
\n
\n#lbv-infobooth-text: https://discord.com/channels/708208267699945503/737042096904732703\n
\'',NULL,68965),('4_Sunday','16','15:30','16:59','Y','LBV','','\'General Q&A / Drop-in and Chat\'','\'\'','LBV_384b257bd457baf65619a4a7fa9f11dd','\'\'',NULL,68966),('4_Sunday','11','11:00','12:30','N','LBV','','\'Bypass 101 + Q&A\'','\'\'','LBV_4f3719ed59a735d37a77a8954cf09b73','\'Title: Bypass 101 + Q&A
\nWhen: Sunday, Aug 9, 11:00 - 12:30 PDT
\nWhere: Lock Bypass Vlg
\n
\nDescription:No Description available
\n
\n#lbv-infobooth-text: https://discord.com/channels/708208267699945503/737042096904732703\n
\'',NULL,68967),('4_Sunday','12','11:00','12:30','Y','LBV','','\'Bypass 101 + Q&A\'','\'\'','LBV_4f3719ed59a735d37a77a8954cf09b73','\'\'',NULL,68968),('4_Sunday','14','14:00','15:30','N','LBV','','\'DIY Bypass Tool Workshop + Q&A\'','\'\'','LBV_885850b30a2a1b9749718ba98e5c23ea','\'Title: DIY Bypass Tool Workshop + Q&A
\nWhen: Sunday, Aug 9, 14:00 - 15:30 PDT
\nWhere: Lock Bypass Vlg
\n
\nDescription:No Description available
\n
\n#lbv-infobooth-text: https://discord.com/channels/708208267699945503/737042096904732703\n
\'',NULL,68969),('4_Sunday','15','14:00','15:30','Y','LBV','','\'DIY Bypass Tool Workshop + Q&A\'','\'\'','LBV_885850b30a2a1b9749718ba98e5c23ea','\'\'',NULL,68970),('2_Friday','09','09:30','10:45','N','BHV','','\'DAY1 KEYNOTE: The Trust Talks\'','\'Nina Alli,Vee Schmitt,Yusuf Henriques,Josh O\'Connor,Cannibal,Devabhaktuni Srikrishna,Najla Lindsay,Nate DeNicola\'','BHV_70591b5cb907ce858a8ca9aec639ca2c','\'Title: DAY1 KEYNOTE: The Trust Talks
\nWhen: Friday, Aug 7, 09:30 - 10:45 PDT
\nWhere: BioHacking Vlg
\nSpeakers:Nina Alli,Vee Schmitt,Yusuf Henriques,Josh O\'Connor,Cannibal,Devabhaktuni Srikrishna,Najla Lindsay,Nate DeNicola
\n
SpeakerBio:Nina Alli\n
\nNo BIO available
\n
SpeakerBio:Vee Schmitt\n
\nPatient, Hacker
\n
SpeakerBio:Yusuf Henriques\n
\nArmy Veteran, Entrepreneur
\n
SpeakerBio:Josh O\'Connor\n
\nRecording Producer, Future Social Worker
\n
SpeakerBio:Cannibal\n
\nHacker, Maker
\n
SpeakerBio:Devabhaktuni Srikrishna\n
\nData Scientist
\n
SpeakerBio:Najla Lindsay\n
\nDFIR Scientist, BHV Speaker Ops
\n
SpeakerBio:Nate DeNicola\n, MD
\nTelehealth, Physician
\n\n
\nDescription:
\nNina Alli, Executive Director of the Biohacking Village, interviews folks in the biomedical and health industry for their insight and thoughts on where healthcare is and calls to action. They were not informed of the questions, these are real reactions and real talk.
\n
BioHacking Village activities will be streamed to Twitch and YouTube.\n
\nTwitch: https://m.twitch.tv/biohackingvillage/profile\n
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q/\n
\'',NULL,68971),('2_Friday','10','09:30','10:45','Y','BHV','','\'DAY1 KEYNOTE: The Trust Talks\'','\'Nina Alli,Vee Schmitt,Yusuf Henriques,Josh O\'Connor,Cannibal,Devabhaktuni Srikrishna,Najla Lindsay,Nate DeNicola\'','BHV_70591b5cb907ce858a8ca9aec639ca2c','\'\'',NULL,68972),('3_Saturday','12','12:30','13:30','N','BTVT1','','\'Incident Response Panel\'','\'Russell Mosley,Vyrus,Litmoose,Xavier Ashe\'','BTVT1_7b1f40acba4bb7f80912880e10015194','\'Title: Incident Response Panel
\nWhen: Saturday, Aug 8, 12:30 - 13:30 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\nSpeakers:Russell Mosley,Vyrus,Litmoose,Xavier Ashe
\n
SpeakerBio:Russell Mosley\n
\nRussell is a \'hands-on\' CISO who \'still knows how to use tcpdump\' with over 20 years experience in systems administration, secops, audits and compliance. Russell is an volunteer with several Bsides events and the Blue Team Village, who prefers turning wrenches and crashing drones in his spare time.
\nTwitter: @sm0kem
\n
SpeakerBio:Vyrus\n
\nNo BIO available
\nTwitter: @vyrus001
\n
SpeakerBio:Litmoose\n
\nNo BIO available
\nTwitter: @LitMoose
\n
SpeakerBio:Xavier Ashe\n
\nNo BIO available
\n\n
\nDescription:
\nOur panel of experts will discuss lessons learned from their experiences on the front lines of incident response. What happens during a breach? What are common mistakes victims make? What are key steps you can take to prepare for the worst? How can you best secure your organization today?
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68973),('3_Saturday','13','12:30','13:30','Y','BTVT1','','\'Incident Response Panel\'','\'Russell Mosley,Vyrus,Litmoose,Xavier Ashe\'','BTVT1_7b1f40acba4bb7f80912880e10015194','\'\'',NULL,68974),('1_Thursday','13','13:15','13:59','N','BTVW1','','\'Osquery: An Introduction Into OpenSOC CTF Tools\'','\'Whitney Champion\'','BTVW1_4e8b1a68ca761efbcae012f088dd9e26','\'Title: Osquery: An Introduction Into OpenSOC CTF Tools
\nWhen: Thursday, Aug 6, 13:15 - 13:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
SpeakerBio:Whitney Champion\n
\nWhitney is the lead architect at Recon InfoSec. In the last 15 years, she has worked on security, operations, support, development, and consulting teams, in both the private and public sector, supporting anywhere from a handful of users to hundreds of thousands. No matter the role, security has always been an area of passion and focus.\n\n
\nTwitter: @shortxstack
\n\n
\nDescription:
\nLearn. Play. Do.\n
Every year the Blue Team Village hosts OpenSOC. A unique defense CTF meant to teach and test practical incident response skills in an environment that\'s as close to \"the real thing\" as it gets.\n
This year BTV wanted to do more. We know that some Blue Teamers might be unfamiliar with some of the tools used by OpenSOC. And we didn\'t want that to keep anyone from playing this incredible defense simulation.\n
So this year we are dedicating all day Thursday to demo the various OpenSOC tools, before OpenSOC starts on Friday. These are tools like Graylog, Moloch, Zeek, Osquery, and others that Blue Teamers rely on every day to defend their networks against attackers.\n
That means that after you LEARN the tools, you can PLAY the OpenSOC CTF, and then take that knowledge back to your own Blue Team to DO the work of defending your network.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68975),('3_Saturday','13','13:30','15:30','N','BTVW2','','\'An Introduction to Hunting Adversaries Using the Attack Lifecycle Methodology (Beginner)\'','\'Ben Bornholm\'','BTVW2_2ec10b1ae250306f8a4ac3038428367d','\'Title: An Introduction to Hunting Adversaries Using the Attack Lifecycle Methodology (Beginner)
\nWhen: Saturday, Aug 8, 13:30 - 15:30 PDT
\nWhere: Blue Team Vlg - Workshop Track 2
\n
SpeakerBio:Ben Bornholm\n
\nNo BIO available
\n\n
\nDescription:
\nHave you ever wondered, how should I get started in Threat Hunting? How should I start? What should I hunt for? What tools should I use? How should I do it? Have you always wanted to hunt an APT? Then this intro level workshops is the right place for you. Our workshop will introduce hunting an APT style attack to detect malicious activity at each stage of an attack’s lifecycle.\n
This workshop will introduce you to the Attack Lifecycle model to create a fundamental framework for hunting adversaries. Our workshop will have you hunt an APT style attack to detect malicious activity at each stage of an attack’s lifecycle. This will enable you to connect information found at one stage as leverage for hunting in another stage.\n
Participants of this workshop will have the following takeaways:\n- A fundamental understanding of the attacker mindset\n- A fundamental understanding of the phases of the Attack Lifecycle\n- Knowledge of the tools and techniques used by attackers\n- An ability to hunt for attacker tools and techniques using a SIEM\n- Exposure to an APT style attack
\n- IMPORTANT: This is a 101 Intro Workshop\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68976),('3_Saturday','14','13:30','15:30','Y','BTVW2','','\'An Introduction to Hunting Adversaries Using the Attack Lifecycle Methodology (Beginner)\'','\'Ben Bornholm\'','BTVW2_2ec10b1ae250306f8a4ac3038428367d','\'\'',NULL,68977),('3_Saturday','15','13:30','15:30','Y','BTVW2','','\'An Introduction to Hunting Adversaries Using the Attack Lifecycle Methodology (Beginner)\'','\'Ben Bornholm\'','BTVW2_2ec10b1ae250306f8a4ac3038428367d','\'\'',NULL,68978),('1_Thursday','10','10:15','10:59','N','BTVT1','','\'Graylog: An Introduction Into OpenSOC CTF Tools\'','\'Lennart Koopmann\'','BTVT1_cd975aae871a561d232aa8650990d811','\'Title: Graylog: An Introduction Into OpenSOC CTF Tools
\nWhen: Thursday, Aug 6, 10:15 - 10:59 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\n
SpeakerBio:Lennart Koopmann\n
\nNo BIO available
\nTwitter: @_lennart
\n\n
\nDescription:
\nLearn. Play. Do.\n
Every year the Blue Team Village hosts OpenSOC. A unique defense CTF meant to teach and test practical incident response skills in an environment that\'s as close to \"the real thing\" as it gets.\n
This year BTV wanted to do more. We know that some Blue Teamers might be unfamiliar with some of the tools used by OpenSOC. And we didn\'t want that to keep anyone from playing this incredible defense simulation.\n
So this year we are dedicating all day Thursday to demo the various OpenSOC tools, before OpenSOC starts on Friday. These are tools like Graylog, Moloch, Zeek, Osquery, and others that Blue Teamers rely on every day to defend their networks against attackers.\n
That means that after you LEARN the tools, you can PLAY the OpenSOC CTF, and then take that knowledge back to your own Blue Team to DO the work of defending your network.\n
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68979),('2_Friday','18','18:00','19:30','N','BTVW2','','\'Data Analysis for Detection Research Through Jupyter Notebooks 101 (Beginner)\'','\'Roberto Rodriguez,Jose Rodriguez\'','BTVW2_9258c896431d694dd0a1b28b9df3763e','\'Title: Data Analysis for Detection Research Through Jupyter Notebooks 101 (Beginner)
\nWhen: Friday, Aug 7, 18:00 - 19:30 PDT
\nWhere: Blue Team Vlg - Workshop Track 2
\nSpeakers:Roberto Rodriguez,Jose Rodriguez
\n
SpeakerBio:Roberto Rodriguez\n
\nRoberto Rodriquez is a threat researcher and security engineer at the Microsoft Threat Intelligence Center (MSTIC) R&D team.\n
He is also the author of several open source projects, such as the Threat Hunter Playbook, Mordor, OSSEM, HELK and others, to aid the community development of techniques and tooling for threat research. He is also the founder of a new community movement to empower others in the InfoSec community named Open Threat Research.\n
Blog at https://medium.com/@Cyb3rWard0g\n
\nTwitter: @Cyb3rWard0g
\nhttps://medium.com/@Cyb3rWard0g
\n
SpeakerBio:Jose Rodriguez\n
\nJose is currently part of the ATT&CK team where he is currently revamping the concept of data sources. He is also one of the founders of Open Threat Research (OTR) and author of open source projects such as Infosec Jupyter Book, Open Source Security Event Metadata (OSSEM), Mordor, and Openhunt.
\nTwitter: @Cyb3rPandaH
\n\n
\nDescription:
\nPlease see https://cfc.blueteamvillage.org/call-for-content-2020/talk/GCUYNN/ for pre-reqs.\n
From a detection research perspective, even after learning how to simulate a threat actor technique and generate some data in your lab environment, you might still struggle to know what to do with it. In some cases, you might need to filter, transform, correlate and visualize your data to come up with the right detection logic. In this workshop, we will walk you through a few basic data analysis techniques using open source and SIEM agnostic tools such as Jupyter Notebooks which are not only used by large organizations, but also can be deployed at home for free.\nPre Requirements\n
Basics of Python
\n (optional) A computer with Docker Installed.\n If you are planning on deploying Jupyter in your own system, we will show you how to deploy it via Docker. It is not necessary since we are going to use BinderHub to interact with Jupyter Notebooks throughout the whole workshop.\n
Outline\n
Introduction to Jupyter Notebooks (10 mins)\n* Deployment Options
\n* Binder Project\n
Introduction to Apache Spark (5 mins)
\n* Spark Engine
\n* Spark SQL & DataFrames\n
Data Analysis Process 101 (10 mins)\n
We need data! (Mordor Project) (5 mins)\n* Download Datasets
\n* Raw Data -> DataFrame\n
A few data analysis techniques: (1 hour)\n* filter
\n* transform
\n* correlate
\n* visualize\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68980),('2_Friday','19','18:00','19:30','Y','BTVW2','','\'Data Analysis for Detection Research Through Jupyter Notebooks 101 (Beginner)\'','\'Roberto Rodriguez,Jose Rodriguez\'','BTVW2_9258c896431d694dd0a1b28b9df3763e','\'\'',NULL,68981),('1_Thursday','15','15:15','15:59','N','BTVW1','','\'Zeek: An Introduction Into OpenSOC CTF Tools\'','\'Aaron Soto,Amber Graner\'','BTVW1_8204ada2927c6a79a4df5822bb8eed05','\'Title: Zeek: An Introduction Into OpenSOC CTF Tools
\nWhen: Thursday, Aug 6, 15:15 - 15:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\nSpeakers:Aaron Soto,Amber Graner
\n
SpeakerBio:Aaron Soto\n
\nAaron Soto is at Corelight, training users on the Zeek (formerly Bro) network monitoring platform. He was recently on Rapid7\'s Metasploit team. In his off-time, he enjoys endurance automotive racing, ham radio, and helping at the DEF CON OpenSOC Blue Team Village CTF.\n\n
\nTwitter: @_surefire_
\n
SpeakerBio:Amber Graner\n
\nNo BIO available
\n\n
\nDescription:
\nLearn. Play. Do.\n
Every year the Blue Team Village hosts OpenSOC. A unique defense CTF meant to teach and test practical incident response skills in an environment that\'s as close to \"the real thing\" as it gets.\n
This year BTV wanted to do more. We know that some Blue Teamers might be unfamiliar with some of the tools used by OpenSOC. And we didn\'t want that to keep anyone from playing this incredible defense simulation.\n
So this year we are dedicating all day Thursday to demo the various OpenSOC tools, before OpenSOC starts on Friday. These are tools like Graylog, Moloch, Zeek, Osquery, and others that Blue Teamers rely on every day to defend their networks against attackers.\n
That means that after you LEARN the tools, you can PLAY the OpenSOC CTF, and then take that knowledge back to your own Blue Team to DO the work of defending your network.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68982),('1_Thursday','14','14:15','14:59','N','BTVW1','','\'Velociraptor: An Introduction Into OpenSOC CTF Tools\'','\'Mike Cohen\'','BTVW1_7253f2faacdc9c315a7b0fc9446925f2','\'Title: Velociraptor: An Introduction Into OpenSOC CTF Tools
\nWhen: Thursday, Aug 6, 14:15 - 14:59 PDT
\nWhere: Blue Team Vlg - Workshop Track 1
\n
SpeakerBio:Mike Cohen\n
\nMike is a digital forensic researcher and senior software engineer. He\'s supported leading open-source DFIR projects including as a core developer of Volatility and lead developer of both Rekall and Grr Rapid Response while working for the Google IR team. Mike founded Velocidex in 2018 - the company behind Velociraptor. Mike is our \"Digital Paleontologist\" and brings his years of expertise to the role of principal developer of Velociraptor.
\nTwitter: @velocidex
\n\n
\nDescription:
\nLearn. Play. Do\n
We then demonstrate some of the major features that you can use to rapidly investigate, triage and contain adversaries on your network.\n
Try Velociraptor by downloading it from Github at https://github.com/Velocidex/velociraptor\n
Every year the Blue Team Village hosts OpenSOC. A unique defense CTF meant to teach and test practical incident response skills in an environment that\'s as close to \"the real thing\" as it gets.\n
This year BTV wanted to do more. We know that some Blue Teamers might be unfamiliar with some of the tools used by OpenSOC. And we didn\'t want that to keep anyone from playing this incredible defense simulation.\n
So this year we are dedicating all day Thursday to demo the various OpenSOC tools, before OpenSOC starts on Friday. These are tools like Graylog, Moloch, Zeek, Osquery, and others that Blue Teamers rely on every day to defend their networks against attackers.\n
That means that after you LEARN the tools, you can PLAY the OpenSOC CTF, and then take that knowledge back to your own Blue Team to DO the work of defending your network.\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68983),('2_Friday','11','11:30','13:30','N','BTVW2','','\'An Introduction to Hunting Adversaries Using the Attack Lifecycle Methodology (Beginner)\'','\'Ben Bornholm\'','BTVW2_b408b7396cacc94a360488f6f6bc5cae','\'Title: An Introduction to Hunting Adversaries Using the Attack Lifecycle Methodology (Beginner)
\nWhen: Friday, Aug 7, 11:30 - 13:30 PDT
\nWhere: Blue Team Vlg - Workshop Track 2
\n
SpeakerBio:Ben Bornholm\n
\nNo BIO available
\n\n
\nDescription:
\nHave you ever wondered, how should I get started in Threat Hunting? How should I start? What should I hunt for? What tools should I use? How should I do it? Have you always wanted to hunt an APT? Then this intro level workshops is the right place for you. Our workshop will introduce hunting an APT style attack to detect malicious activity at each stage of an attack’s lifecycle.\n
This workshop will introduce you to the Attack Lifecycle model to create a fundamental framework for hunting adversaries. Our workshop will have you hunt an APT style attack to detect malicious activity at each stage of an attack’s lifecycle. This will enable you to connect information found at one stage as leverage for hunting in another stage.\n
Participants of this workshop will have the following takeaways:\n- A fundamental understanding of the attacker mindset\n- A fundamental understanding of the phases of the Attack Lifecycle\n- Knowledge of the tools and techniques used by attackers\n- An ability to hunt for attacker tools and techniques using a SIEM\n- Exposure to an APT style attack
\n- IMPORTANT: This is a 101 Intro Workshop\n
\n
This is a workshop that requires pre-registration. Details for how to participate in this workshop can be obtained by contacting the Blue Team Village staff.
\'',NULL,68984),('2_Friday','12','11:30','13:30','Y','BTVW2','','\'An Introduction to Hunting Adversaries Using the Attack Lifecycle Methodology (Beginner)\'','\'Ben Bornholm\'','BTVW2_b408b7396cacc94a360488f6f6bc5cae','\'\'',NULL,68985),('2_Friday','13','11:30','13:30','Y','BTVW2','','\'An Introduction to Hunting Adversaries Using the Attack Lifecycle Methodology (Beginner)\'','\'Ben Bornholm\'','BTVW2_b408b7396cacc94a360488f6f6bc5cae','\'\'',NULL,68986),('3_Saturday','14','14:00','14:59','N','BTVT1','','\'Blue Team Village & Red Team Village Panel\'','\'Joseph Mlodzìanowskì (cedoXx),Adam Mashinchi,Plug,Dani,Jorge Orchilles,David J. Bianco\'','BTVT1_9648d0d6a9c523c8eba9d88ba9bdee19','\'Title: Blue Team Village & Red Team Village Panel
\nWhen: Saturday, Aug 8, 14:00 - 14:59 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\nSpeakers:Joseph Mlodzìanowskì (cedoXx),Adam Mashinchi,Plug,Dani,Jorge Orchilles,David J. Bianco
\n
SpeakerBio:Joseph Mlodzìanowskì (cedoXx)\n
\nNo BIO available
\nTwitter: @cedoxX
\n
SpeakerBio:Adam Mashinchi\n
\nAdam Mashinchi is SCYTHE\'s VP of Product Management where he leads the project management, design, and quality assurance departments for SCYTHE\'s product portfolio. Before SCYTHE, Adam defined and managed the development of enterprise security and privacy solutions with an emphasis on usable encryption at a global scale and led numerous technical integration projects with a variety of partners and services.
\nTwitter: @adam_mashinchi
\n
SpeakerBio:Plug\n
\nNo BIO available
\nTwitter: @plugxor
\n
SpeakerBio:Dani\n
\nNo BIO available
\nTwitter: @_ChezDaniela
\n
SpeakerBio:Jorge Orchilles\n
\nNo BIO available
\nTwitter: @jorgeorchilles
\n
SpeakerBio:David J. Bianco\n
\nDavid is a defensive security researcher specializing in incident detection & response. HIs major focus areas are threat hunting and the strategic consumption of Cyber Threat Intelligence. He\'s currently a Principal Engineer, Cybersecurity at a major US retailer.\n
David is probably most well known as the originator of the Pyramid of Pain and the Hunting Maturity Model. You can follow him online via Twitter @DavidJBianco or subscribe to his blog, Enterprise Detection & Response.\n
\nTwitter: @DavidJBianco
\n\n
\nDescription:No Description available
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,68987),('3_Saturday','13','13:30','13:59','N','VMV','','\'The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections\'','\'Michael A. Specter\'','VMV_206dee515fbc0e27369ede8f99137042','\'Title: The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections
\nWhen: Saturday, Aug 8, 13:30 - 13:59 PDT
\nWhere: Voting Vlg
\n
SpeakerBio:Michael A. Specter\n, EECS PhD Candidate, Massachusetts Institute of Technology (MIT)
\nNo BIO available
\n\n
\nDescription:
\nIn the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called “Voatz.†Although there was no public formal description of Voatz\'s security model, the company claimed that election security and integrity were maintained through the use of a permissioned blockchain, biometrics, a mixnet, and hardware-backed key storage modules on the user\'s device. In this work, we present the first public security analysis of Voatz, based on a reverse engineering of their Android application and the minimal available documentation. We performed a cleanroom reimplementation of Voatz\'s server and present an analysis of the election process as visible from the app itself.\n
We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user\'s vote, including a sidechannel attack in which a completely passive network adversary can recover a user\'s secret ballot. We additionally find that Voatz has a number of privacy issues stemming from their use of third party services for crucial app functionality. Our findings serve as a concrete illustration of the common wisdom against Internet voting, and of the importance of transparency to the legitimacy of elections.\n
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,68988),('2_Friday','10','10:00','10:59','N','PWDV','','\'Getting Started with Hashcat\'','\'Password Village Staff\'','PWDV_558f3dfef9aa69a3082503918d6f48d6','\'Title: Getting Started with Hashcat
\nWhen: Friday, Aug 7, 10:00 - 10:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Password Village Staff\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,68989),('2_Friday','13','13:00','13:30','N','PWDV','','\'Making Targeted Wordlists\'','\'Password Village Staff\'','PWDV_39f99a2e27bc90a55af2d800f1035fa6','\'Title: Making Targeted Wordlists
\nWhen: Friday, Aug 7, 13:00 - 13:30 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Password Village Staff\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,68990),('2_Friday','15','15:00','15:30','N','PWDV','','\'Result of Longer Passwords in Real World Application\'','\'Minga\'','PWDV_963868f350b877c561c9e6836ed0c054','\'Title: Result of Longer Passwords in Real World Application
\nWhen: Friday, Aug 7, 15:00 - 15:30 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Minga\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,68991),('2_Friday','16','16:00','16:59','N','PWDV','','\'From Printers to Silver Tickets or Something\'','\'EvilMog\'','PWDV_62b695bf507b2deeb11115889016c056','\'Title: From Printers to Silver Tickets or Something
\nWhen: Friday, Aug 7, 16:00 - 16:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:EvilMog\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,68992),('2_Friday','18','18:00','18:59','N','PWDV','','\'Getting Advanced with Hashcat\'','\'Password Village Staff\'','PWDV_15366663289248486d3050cc711c407b','\'Title: Getting Advanced with Hashcat
\nWhen: Friday, Aug 7, 18:00 - 18:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Password Village Staff\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,68993),('3_Saturday','10','10:00','10:59','N','PWDV','','\'Cracking at Extreme Scale: The Evolution of Hashstack\'','\'Jeremi M Gosney (epixoip)\'','PWDV_da9ae126c98a2f0a2525054e9c34a272','\'Title: Cracking at Extreme Scale: The Evolution of Hashstack
\nWhen: Saturday, Aug 8, 10:00 - 10:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Jeremi M Gosney (epixoip)\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,68994),('3_Saturday','12','12:00','12:59','N','PWDV','','\'What the Shuck? Layered Hash Shucking\'','\'Sam Croley (Chick3nman)\'','PWDV_d68e5374b9780cc45795ff0988695a3a','\'Title: What the Shuck? Layered Hash Shucking
\nWhen: Saturday, Aug 8, 12:00 - 12:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Sam Croley (Chick3nman)\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,68995),('3_Saturday','13','13:00','13:59','N','PWDV','','\'PathWell: Dynamic Password Strength Enforcement\'','\'Hank Leininger\'','PWDV_e22d5368cf16281f015f481ca0094369','\'Title: PathWell: Dynamic Password Strength Enforcement
\nWhen: Saturday, Aug 8, 13:00 - 13:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Hank Leininger\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,68996),('3_Saturday','14','14:00','14:59','N','PWDV','','\'Practical PCFG Password Cracking\'','\'Matt Weir\'','PWDV_f3625a3a80a7645a0532ef0cc7f21ddf','\'Title: Practical PCFG Password Cracking
\nWhen: Saturday, Aug 8, 14:00 - 14:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Matt Weir\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,68997),('2_Friday','09','09:30','09:59','N','AIV','','\'Opening Remarks\'','\'AI Village Organizers\'','AIV_e407e3124c9910d550e113ab73aea8aa','\'Title: Opening Remarks
\nWhen: Friday, Aug 7, 09:30 - 09:59 PDT
\nWhere: AI Vlg
\n
SpeakerBio:AI Village Organizers\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,68998),('2_Friday','10','10:00','10:30','N','AIV','','\'ML Security Evasion Competition 2020\'','\'drhyrum,zh4ck\'','AIV_fa805c0bf4b5f637d04f83de65394b1a','\'Title: ML Security Evasion Competition 2020
\nWhen: Friday, Aug 7, 10:00 - 10:30 PDT
\nWhere: AI Vlg
\nSpeakers:drhyrum,zh4ck
\n
SpeakerBio:drhyrum\n
\nNo BIO available
\nTwitter: @drhyrum
\n
SpeakerBio:zh4ck\n
\nNo BIO available
\nTwitter: @zh4ck
\n\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,68999),('2_Friday','10','10:30','10:59','N','AIV','','\'Baby\'s First 100 MLSec Words\'','\'erickgalinkin\'','AIV_28a3d9182ce035059dde0da343c7661b','\'Title: Baby\'s First 100 MLSec Words
\nWhen: Friday, Aug 7, 10:30 - 10:59 PDT
\nWhere: AI Vlg
\n
SpeakerBio:erickgalinkin\n
\nNo BIO available
\nTwitter: @erickgalinkin
\n\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69000),('2_Friday','11','11:00','12:30','N','AIV','','\'Workshop 1\'','\'\'','AIV_767d93a744310382849a25dcaea919cb','\'Title: Workshop 1
\nWhen: Friday, Aug 7, 11:00 - 12:30 PDT
\nWhere: AI Vlg
\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69001),('2_Friday','12','11:00','12:30','Y','AIV','','\'Workshop 1\'','\'\'','AIV_767d93a744310382849a25dcaea919cb','\'\'',NULL,69002),('2_Friday','13','13:00','13:30','N','AIV','','\'Hyperlocal Drift detection with Goko: Finding abusers of your Dataset\'','\'comathematician\'','AIV_f37cf4d93c0a8df6f22e40923b7388e1','\'Title: Hyperlocal Drift detection with Goko: Finding abusers of your Dataset
\nWhen: Friday, Aug 7, 13:00 - 13:30 PDT
\nWhere: AI Vlg
\n
SpeakerBio:comathematician\n
\nNo BIO available
\nTwitter: @comathematician
\n\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69003),('2_Friday','13','13:30','13:59','N','AIV','','\'Spectrum: An End-to-End Framework for ML-based Threat Monitoring and Detection\'','\'Nahid Farhady\'','AIV_a3ce4f54478ebc168bc3cdd321b63473','\'Title: Spectrum: An End-to-End Framework for ML-based Threat Monitoring and Detection
\nWhen: Friday, Aug 7, 13:30 - 13:59 PDT
\nWhere: AI Vlg
\n
SpeakerBio:Nahid Farhady\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69004),('2_Friday','14','14:00','14:50','N','AIV','','\'Hacking with Skynet - How AI is Empowering Adversaries\'','\'GTKlondike\'','AIV_bf0fe1a26b42fb80aea23cf5107d1990','\'Title: Hacking with Skynet - How AI is Empowering Adversaries
\nWhen: Friday, Aug 7, 14:00 - 14:50 PDT
\nWhere: AI Vlg
\n
SpeakerBio:GTKlondike\n
\nNo BIO available
\nTwitter: @GTKlondike
\n\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69005),('2_Friday','15','15:00','15:59','N','AIV','','\'Breakout Session\'','\'\'','AIV_5da27bd21f830a60d6d6db22c0848206','\'Title: Breakout Session
\nWhen: Friday, Aug 7, 15:00 - 15:59 PDT
\nWhere: AI Vlg
\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69006),('2_Friday','16','16:00','17:30','N','AIV','','\'Workshop 2\'','\'\'','AIV_8dfc9b1e4b8fe6eb6481cdb0f4890c27','\'Title: Workshop 2
\nWhen: Friday, Aug 7, 16:00 - 17:30 PDT
\nWhere: AI Vlg
\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69007),('2_Friday','17','16:00','17:30','Y','AIV','','\'Workshop 2\'','\'\'','AIV_8dfc9b1e4b8fe6eb6481cdb0f4890c27','\'\'',NULL,69008),('3_Saturday','09','09:30','09:59','N','AIV','','\'\"SECRETS ARE LIES, SHARING IS CARING, PRIVACY IS THEFT.\"- A Dive into Privacy Preserving Machine Learning\'','\'Nahid Farhady\'','AIV_81f826c32ed716c887d6214919f55b1d','\'Title: \"SECRETS ARE LIES, SHARING IS CARING, PRIVACY IS THEFT.\"- A Dive into Privacy Preserving Machine Learning
\nWhen: Saturday, Aug 8, 09:30 - 09:59 PDT
\nWhere: AI Vlg
\n
SpeakerBio:Nahid Farhady\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69009),('3_Saturday','10','10:00','10:30','N','AIV','','\'Misinformation & Covid\'','\'lmeyerov\'','AIV_9b6ace5d990e246195d51ca1714fcf7d','\'Title: Misinformation & Covid
\nWhen: Saturday, Aug 8, 10:00 - 10:30 PDT
\nWhere: AI Vlg
\n
SpeakerBio:lmeyerov\n
\nNo BIO available
\nTwitter: @lmeyerov
\n\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69010),('3_Saturday','11','11:00','12:30','N','AIV','','\'Workshop 3\'','\'\'','AIV_730491bddf76d93006e8311048f43de6','\'Title: Workshop 3
\nWhen: Saturday, Aug 8, 11:00 - 12:30 PDT
\nWhere: AI Vlg
\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69011),('3_Saturday','12','11:00','12:30','Y','AIV','','\'Workshop 3\'','\'\'','AIV_730491bddf76d93006e8311048f43de6','\'\'',NULL,69012),('3_Saturday','13','13:00','13:59','N','AIV','','\'Journal Club Live! Fawkes FR\'','\'AI Village Journal Club\'','AIV_baa000f51ad1dba836c6b8dafafbc2ba','\'Title: Journal Club Live! Fawkes FR
\nWhen: Saturday, Aug 8, 13:00 - 13:59 PDT
\nWhere: AI Vlg
\n
SpeakerBio:AI Village Journal Club\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69013),('3_Saturday','14','14:00','14:59','N','AIV','','\'Does AI Live up to the Hype?\'','\'\'','AIV_569b517c462f473c9dee768a52a3a9a1','\'Title: Does AI Live up to the Hype?
\nWhen: Saturday, Aug 8, 14:00 - 14:59 PDT
\nWhere: AI Vlg
\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69014),('3_Saturday','15','15:00','15:30','N','AIV','','\'AI vs. Airplanes and IT-Security: What Security Regulations Teach Us About AI Governance\'','\'Laurin Weissinger\'','AIV_f90e05f6df316e1e4f4a7e5226b308db','\'Title: AI vs. Airplanes and IT-Security: What Security Regulations Teach Us About AI Governance
\nWhen: Saturday, Aug 8, 15:00 - 15:30 PDT
\nWhere: AI Vlg
\n
SpeakerBio:Laurin Weissinger\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69015),('3_Saturday','16','16:00','17:30','N','AIV','','\'Workshop 4\'','\'\'','AIV_29d9ee1c29d8c7fc60ed4bffdcc06edb','\'Title: Workshop 4
\nWhen: Saturday, Aug 8, 16:00 - 17:30 PDT
\nWhere: AI Vlg
\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69016),('3_Saturday','17','16:00','17:30','Y','AIV','','\'Workshop 4\'','\'\'','AIV_29d9ee1c29d8c7fc60ed4bffdcc06edb','\'\'',NULL,69017),('4_Sunday','09','09:00','09:30','N','AIV','','\'Detecting hand-crafted social engineering emails with a bleeding-edge neural language model\'','\'Younghoo Lee,Joshua Saxe\'','AIV_45858fc101e12c6d1a515989daa48b91','\'Title: Detecting hand-crafted social engineering emails with a bleeding-edge neural language model
\nWhen: Sunday, Aug 9, 09:00 - 09:30 PDT
\nWhere: AI Vlg
\nSpeakers:Younghoo Lee,Joshua Saxe
\n
SpeakerBio:Younghoo Lee\n
\nNo BIO available
\n
SpeakerBio:Joshua Saxe\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69018),('4_Sunday','10','10:00','10:59','N','AIV','','\'Journal Club Live! Summoning Demons: The Pursuit of Exploitable Bugs in Machine Learning<\\a>\'','\'\'','AIV_5212ef4913ecc0280d6934a76d12f34d','\'Title: Journal Club Live! Summoning Demons: The Pursuit of Exploitable Bugs in Machine Learning<\\a>
\nWhen: Sunday, Aug 9, 10:00 - 10:59 PDT
\nWhere: AI Vlg
\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69019),('4_Sunday','13','13:00','13:59','N','AIV','','\'Faults in our Pi Stars: Security Issues and Challenges in Deep Reinforcement Learning\'','\'Vahid Behzadan\'','AIV_f3a663cda1872b9f06fa3189a8d2bbf6','\'Title: Faults in our Pi Stars: Security Issues and Challenges in Deep Reinforcement Learning
\nWhen: Sunday, Aug 9, 13:00 - 13:59 PDT
\nWhere: AI Vlg
\n
SpeakerBio:Vahid Behzadan\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69020),('4_Sunday','14','14:00','14:59','N','AIV','','\'Ethics & Bias Panel\'','\'\'','AIV_ccf397645bce8884a30a370390ca8000','\'Title: Ethics & Bias Panel
\nWhen: Sunday, Aug 9, 14:00 - 14:59 PDT
\nWhere: AI Vlg
\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69021),('4_Sunday','15','15:30','15:59','N','AIV','','\'Closing Remarks\'','\'\'','AIV_f68e6ded2623231b3606527f9b8cf696','\'Title: Closing Remarks
\nWhen: Sunday, Aug 9, 15:30 - 15:59 PDT
\nWhere: AI Vlg
\n
\nDescription:No Description available
\n
AI Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/aivillage\n
\'',NULL,69022),('2_Friday','10','10:00','10:10','N','BCV','','\'Welcome Note\'','\'\'','BCV_794ad0b1f41385d303fc3eae4186ab20','\'Title: Welcome Note
\nWhen: Friday, Aug 7, 10:00 - 10:10 PDT
\nWhere: Blockchain Vlg
\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69023),('2_Friday','10','10:10','10:59','N','BCV','','\'Key Note - State of Blockchain Security\'','\'Peter Kacherginsky\'','BCV_377478ecacbf3bc21f0587615998a241','\'Title: Key Note - State of Blockchain Security
\nWhen: Friday, Aug 7, 10:10 - 10:59 PDT
\nWhere: Blockchain Vlg
\n
SpeakerBio:Peter Kacherginsky\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69024),('2_Friday','11','11:00','11:59','N','BCV','','\'Verifiable Delay Functions for preventing DDoS Attacks on Ethereum 2.0\'','\'Gokul Alex,Tejaswa Rastogi\'','BCV_9513eae37a93b69f6ca7762ab6f1f4fa','\'Title: Verifiable Delay Functions for preventing DDoS Attacks on Ethereum 2.0
\nWhen: Friday, Aug 7, 11:00 - 11:59 PDT
\nWhere: Blockchain Vlg
\nSpeakers:Gokul Alex,Tejaswa Rastogi
\n
SpeakerBio:Gokul Alex\n
\nNo BIO available
\n
SpeakerBio:Tejaswa Rastogi\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69025),('2_Friday','12','12:00','12:59','N','BCV','','\'Security Focused Operating System Design\'','\'Colin Cantrell\'','BCV_4dade926cd317d063505e72b3716ddf3','\'Title: Security Focused Operating System Design
\nWhen: Friday, Aug 7, 12:00 - 12:59 PDT
\nWhere: Blockchain Vlg
\n
SpeakerBio:Colin Cantrell\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69026),('2_Friday','13','13:00','13:30','N','BCV','','\'Cryptocurrencies have superusers?\'','\'Mark Nesbitt\'','BCV_1b615352168a643712f84a282a58555b','\'Title: Cryptocurrencies have superusers?
\nWhen: Friday, Aug 7, 13:00 - 13:30 PDT
\nWhere: Blockchain Vlg
\n
SpeakerBio:Mark Nesbitt\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69027),('2_Friday','13','13:30','13:59','N','BCV','','\'Double Spending in BSV, is it Possible?\'','\'Poming Lee\'','BCV_cd2c6fd2675e74e5670ea2f146c0c28a','\'Title: Double Spending in BSV, is it Possible?
\nWhen: Friday, Aug 7, 13:30 - 13:59 PDT
\nWhere: Blockchain Vlg
\n
SpeakerBio:Poming Lee\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69028),('2_Friday','14','14:00','14:59','N','BCV','','\'Creating a decentralized storage for Kubernetes with Tardigrade and Velero\'','\'Kevin Leffew\'','BCV_409a20e0d7c32a08572666bd2ae09cf7','\'Title: Creating a decentralized storage for Kubernetes with Tardigrade and Velero
\nWhen: Friday, Aug 7, 14:00 - 14:59 PDT
\nWhere: Blockchain Vlg
\n
SpeakerBio:Kevin Leffew\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69029),('2_Friday','15','15:00','15:59','N','BCV','','\'Attacking and Defending Blockchain Nodes\'','\'Peter Kacherginsky\'','BCV_9da42cecc1049daac5a384f1dfa20ba5','\'Title: Attacking and Defending Blockchain Nodes
\nWhen: Friday, Aug 7, 15:00 - 15:59 PDT
\nWhere: Blockchain Vlg
\n
SpeakerBio:Peter Kacherginsky\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69030),('2_Friday','16','16:00','16:59','N','BCV','','\'Panel Discussion\'','\'\'','BCV_f8fc5d27500befb70ce2c11b0109671b','\'Title: Panel Discussion
\nWhen: Friday, Aug 7, 16:00 - 16:59 PDT
\nWhere: Blockchain Vlg
\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69031),('3_Saturday','10','10:00','10:10','N','BCV','','\'Welcome Note\'','\'\'','BCV_857c30af34cdae6835248af47754e82f','\'Title: Welcome Note
\nWhen: Saturday, Aug 8, 10:00 - 10:10 PDT
\nWhere: Blockchain Vlg
\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69032),('3_Saturday','10','10:10','10:59','N','BCV','','\'Twitter’s Tax Day Disaster: The Beginning (and End) of Mainstream Crypto Scams\'','\'Victor Fang\'','BCV_83ff376dbe11d3399b6e491c2d082ae6','\'Title: Twitter’s Tax Day Disaster: The Beginning (and End) of Mainstream Crypto Scams
\nWhen: Saturday, Aug 8, 10:10 - 10:59 PDT
\nWhere: Blockchain Vlg
\n
SpeakerBio:Victor Fang\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69033),('3_Saturday','11','11:00','11:59','N','BCV','','\'Decentralized Finance (DeFi) - ready for prime time ?\'','\'Ryan Rubin\'','BCV_0f15fc9dfc59408d15fff1e500677de7','\'Title: Decentralized Finance (DeFi) - ready for prime time ?
\nWhen: Saturday, Aug 8, 11:00 - 11:59 PDT
\nWhere: Blockchain Vlg
\n
SpeakerBio:Ryan Rubin\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69034),('3_Saturday','12','12:00','12:59','N','BCV','','\'Securing the COSMOS: How to operate and secure a validator\'','\'Ron Stoner\'','BCV_8925af897d70a661d11a81f207e5cf10','\'Title: Securing the COSMOS: How to operate and secure a validator
\nWhen: Saturday, Aug 8, 12:00 - 12:59 PDT
\nWhere: Blockchain Vlg
\n
SpeakerBio:Ron Stoner\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69035),('3_Saturday','13','13:00','13:30','N','BCV','','\'Blockchain for Cyber Defense: Will it be as good as you think?\'','\'Seungjoo,Suhyeon Lee\'','BCV_b66eedc70964e9ba320cb1383b010de4','\'Title: Blockchain for Cyber Defense: Will it be as good as you think?
\nWhen: Saturday, Aug 8, 13:00 - 13:30 PDT
\nWhere: Blockchain Vlg
\nSpeakers:Seungjoo,Suhyeon Lee
\n
SpeakerBio:Seungjoo\n
\nNo BIO available
\n
SpeakerBio:Suhyeon Lee\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69036),('3_Saturday','13','13:30','13:59','N','BCV','','\'Identifying and fixing out-of-gas errors in smart contracts with smart fuzzing\'','\'Sebastian Banescu\'','BCV_bdf190e59e9359b3e20318bdd41404d3','\'Title: Identifying and fixing out-of-gas errors in smart contracts with smart fuzzing
\nWhen: Saturday, Aug 8, 13:30 - 13:59 PDT
\nWhere: Blockchain Vlg
\n
SpeakerBio:Sebastian Banescu\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69037),('3_Saturday','14','14:00','14:59','N','BCV','','\'Monetary Maximalism and Millennial Finance - Building Decentralized Tooling to Empower Everyone\'','\'Kris Jones,Matt Luongo\'','BCV_1b615fbf5f0e5258742fd1e6fd858dee','\'Title: Monetary Maximalism and Millennial Finance - Building Decentralized Tooling to Empower Everyone
\nWhen: Saturday, Aug 8, 14:00 - 14:59 PDT
\nWhere: Blockchain Vlg
\nSpeakers:Kris Jones,Matt Luongo
\n
SpeakerBio:Kris Jones\n
\nNo BIO available
\n
SpeakerBio:Matt Luongo\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69038),('3_Saturday','15','15:00','15:59','N','BCV','','\'7 Phases of Smart Contract Hacking\'','\'Martin Abbatemarco\'','BCV_bbf00cba2490a69f69430f0759fcf9dc','\'Title: 7 Phases of Smart Contract Hacking
\nWhen: Saturday, Aug 8, 15:00 - 15:59 PDT
\nWhere: Blockchain Vlg
\n
SpeakerBio:Martin Abbatemarco\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69039),('3_Saturday','16','16:00','16:59','N','BCV','','\'Panel Discussion\'','\'\'','BCV_76d8b2832f7aa8c28950e6c0646d1783','\'Title: Panel Discussion
\nWhen: Saturday, Aug 8, 16:00 - 16:59 PDT
\nWhere: Blockchain Vlg
\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69040),('4_Sunday','10','10:00','10:10','N','BCV','','\'Welcome Note\'','\'\'','BCV_ce7c6d30053fd5d354f4279808dc805c','\'Title: Welcome Note
\nWhen: Sunday, Aug 9, 10:00 - 10:10 PDT
\nWhere: Blockchain Vlg
\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69041),('4_Sunday','10','10:10','10:59','N','BCV','','\'Modeling systematic threat: testing on mainnet fork\'','\'Martinet Lee\'','BCV_980fe4b9e60454f0fc609bf35aea30e1','\'Title: Modeling systematic threat: testing on mainnet fork
\nWhen: Sunday, Aug 9, 10:10 - 10:59 PDT
\nWhere: Blockchain Vlg
\n
SpeakerBio:Martinet Lee\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69042),('4_Sunday','11','11:00','11:59','N','BCV','','\'Building a Microcontroller Bitcoin Address Generator\'','\'chaintuts,Josh McIntyre\'','BCV_0fb0c3ea969d8647fce50629d378ac9e','\'Title: Building a Microcontroller Bitcoin Address Generator
\nWhen: Sunday, Aug 9, 11:00 - 11:59 PDT
\nWhere: Blockchain Vlg
\nSpeakers:chaintuts,Josh McIntyre
\n
SpeakerBio:chaintuts\n
\nNo BIO available
\n
SpeakerBio:Josh McIntyre\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69043),('4_Sunday','12','12:00','12:40','N','BCV','','\'exploit insecure crypto wallet\'','\'Minzhi He,peiyu wang\'','BCV_271cbeffc71d326745f8d93cf4faeec1','\'Title: exploit insecure crypto wallet
\nWhen: Sunday, Aug 9, 12:00 - 12:40 PDT
\nWhere: Blockchain Vlg
\nSpeakers:Minzhi He,peiyu wang
\n
SpeakerBio:Minzhi He\n
\nNo BIO available
\n
SpeakerBio:peiyu wang\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69044),('4_Sunday','12','12:40','12:59','N','BCV','','\'Closing Note\'','\'\'','BCV_7b242e07a1a6c87cecd1eb070ea9e0a2','\'Title: Closing Note
\nWhen: Sunday, Aug 9, 12:40 - 12:59 PDT
\nWhere: Blockchain Vlg
\n
\nDescription:No Description available
\n
Blockchain Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/blockchainvillage\n
\'',NULL,69045),('3_Saturday','13','13:00','14:30','N','CNE','','\'Film Festival: Project Immerse: A Deepfake Paranoid Thriller\'','\' \'','CNE_944e809561da7410e787d7b938619244','\'Title: Film Festival: Project Immerse: A Deepfake Paranoid Thriller
\nWhen: Saturday, Aug 8, 13:00 - 14:30 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nFrom the creators of \"Frankenstein AI\" and \"Sherlock Holmes and the Internet of Things\" comes a new experiment AI manipulation...\nCo-created with AI, Project immerse is a paranoid thriller set in a world of deepfakes, shallow fakes, and bots...\n
Project Immerse leads up to 100 participants through a tangled conspiracy-driven collaborative investigation, co-created with AI.\nRunning time: 80 minutes\n
The first 100 participants in the Zoom waiting room will be admitted.\n
\nZoom: https://columbiauniversity.zoom.us/j/99339173670\n
\n\'',NULL,69046),('3_Saturday','14','13:00','14:30','Y','CNE','','\'Film Festival: Project Immerse: A Deepfake Paranoid Thriller\'','\' \'','CNE_944e809561da7410e787d7b938619244','\'\'',NULL,69047),('3_Saturday','18','18:30','19:59','N','CNE','','\'Film Festival: Project Immerse: A Deepfake Paranoid Thriller\'','\' \'','CNE_8e8c99a26121f42a1a46d2240120776d','\'Title: Film Festival: Project Immerse: A Deepfake Paranoid Thriller
\nWhen: Saturday, Aug 8, 18:30 - 19:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nFrom the creators of \"Frankenstein AI\" and \"Sherlock Holmes and the Internet of Things\" comes a new experiment AI manipulation...\nCo-created with AI, Project immerse is a paranoid thriller set in a world of deepfakes, shallow fakes, and bots...\n
Project Immerse leads up to 100 participants through a tangled conspiracy-driven collaborative investigation, co-created with AI.\nRunning time: 80 minutes\n
The first 100 participants in the Zoom waiting room will be admitted.\n
\nZoom: https://columbiauniversity.zoom.us/j/96118316158\n
\n\'',NULL,69048),('3_Saturday','19','18:30','19:59','Y','CNE','','\'Film Festival: Project Immerse: A Deepfake Paranoid Thriller\'','\' \'','CNE_8e8c99a26121f42a1a46d2240120776d','\'\'',NULL,69049),('3_Saturday','17','17:00','17:59','N','BTVT1','','\'Introducing the Meet a Mentor Program\'','\'Scoubi,Plug,Litmoose,Xavier Ashe,Rand0h,Muteki,PacketSqueezins,ttheveii0x,Allie Hansen,nohackme\'','BTVT1_e924343dc90373f31c4fd9eb78b0f607','\'Title: Introducing the Meet a Mentor Program
\nWhen: Saturday, Aug 8, 17:00 - 17:59 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\nSpeakers:Scoubi,Plug,Litmoose,Xavier Ashe,Rand0h,Muteki,PacketSqueezins,ttheveii0x,Allie Hansen,nohackme
\n
SpeakerBio:Scoubi\n
\nMathieu Saulnier is a “Security Enthusiast†©@h3xstream. He has held numerous positions as a consultant within several of Quebec’s largest institutions. For the last 8 years he has been focused on putting in place a few SOC and has specialized in detection (Blue Team), content creation and mentorship. He worked as a « Senior Security Architect » and acted as “Adversary Detection Team Lead†and “Threat Hunting Team Lead†for one of Canada’s largest carrier for many years and is now SOC Team Lead in a large financial institution. He loves to give talk and had the honor to do so at GoSec, BSidesCharm, NorthSec, BSidesLV, Defcon’s BTV and Derbycon.
\nTwitter: @ScoubiMtl
\n
SpeakerBio:Plug\n
\nNo BIO available
\nTwitter: @plugxor
\n
SpeakerBio:Litmoose\n
\nNo BIO available
\nTwitter: @LitMoose
\n
SpeakerBio:Xavier Ashe\n
\nNo BIO available
\n
SpeakerBio:Rand0h\n
\nNo BIO available
\n
SpeakerBio:Muteki\n
\nNo BIO available
\n
SpeakerBio:PacketSqueezins\n
\nGarrett\'s career started in systems administration, took a couple detours, jumped to Big 4 advisory security consulting and penetration testing, eventually landed in boutique security consulting @secrisk. Specializes in solving weird and seemingly impossible problems.\n
Organizer for BSides Philly (badges), builds trebuchets for fun (Punkin Chunkin, when it was still a thing) among other things.\n
\nTwitter: @LegitBinary
\n
SpeakerBio:ttheveii0x\n
\nNo BIO available
\n
SpeakerBio:Allie Hansen\n
\nNo BIO available
\n
SpeakerBio:nohackme\n
\nMick fell in love with the idea of cyberspace around 9 years old after reading Neuromancer, which led him to pursue a career in computer operations, with a focus on information security. He was the Chief Information Security Officer at Pete for America; holding the honor of being the first CISO in the history of presidential campaigns. Previously the White House Threat Intelligence Branch Chief in both the Obama and Trump administrations, Mick also helped create a threat intelligence program during the rollout of the Affordable Care Act at the Department of Health and Human Services. Mick has served in cybersecurity and technical roles at the Department of Defense and Centers for Disease Control, and is a US Navy veteran. Mick is currently a Security Advisor at Splunk, leveraging his background and expertise to help customers solve security problems. When not posting pictures of cats, food, and sneakers to social media, Mick is the Vice President of The Open Organisation of Lockpickers in Washington DC, and a SOC Goon at DEFCon.
\nTwitter: @nohackme
\n\n
\nDescription:No Description available
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,69050),('3_Saturday','15','15:30','16:30','N','BTVT1','','\'Practical Advice on Threat Hunting Panel\'','\'Plug,Roberto Rodriguez,Tony M Lambert,Valentina PalacÃn,Samir,Ruth Barbacil,Anna McAbee,Paul Melson\'','BTVT1_c92a6a76a4aa56375751cdc8509ae880','\'Title: Practical Advice on Threat Hunting Panel
\nWhen: Saturday, Aug 8, 15:30 - 16:30 PDT
\nWhere: Blue Team Vlg - Talks Track 1
\nSpeakers:Plug,Roberto Rodriguez,Tony M Lambert,Valentina PalacÃn,Samir,Ruth Barbacil,Anna McAbee,Paul Melson
\n
SpeakerBio:Plug\n
\nNo BIO available
\nTwitter: @plugxor
\n
SpeakerBio:Roberto Rodriguez\n
\nRoberto Rodriquez is a threat researcher and security engineer at the Microsoft Threat Intelligence Center (MSTIC) R&D team.\n
He is also the author of several open source projects, such as the Threat Hunter Playbook, Mordor, OSSEM, HELK and others, to aid the community development of techniques and tooling for threat research. He is also the founder of a new community movement to empower others in the InfoSec community named Open Threat Research.\n
Blog at https://medium.com/@Cyb3rWard0g\n
\nTwitter: @Cyb3rWard0g
\nhttps://medium.com/@Cyb3rWard0g
\n
SpeakerBio:Tony M Lambert\n
\nTony is a professional geek who loves to jump into all things related to detection and digital forensics. After working in enterprise IT administration and detection engineering for several years, he now applies his DFIR skills to research malware, detect malicious activity, and recommend remediation paths. Tony is a natural teacher and regularly shares his findings and expertise through blogs, research reports, and presentations at conferences and events.
\nTwitter: @ForensicITGuy
\n
SpeakerBio:Valentina PalacÃn\n
\nValentina is a Threat Intelligence Senior Analyst, specializing in tracking Advanced Persistent Threats (APTs) worldwide and using the ATT&CK Framework to analyze their tools, tactics and techniques. She is a self-taught developer with a degree in Translation and Interpretation from the Universidad de Málaga (UMA), and a Cyber Security Diploma from the Universidad Tecnológica Nacional (UTN).\n
She recently published an article on how to get started with Threat Hunting using Atomic Red Team on the blog she shares with Ruth Barbacil: https://medium.com/intelforge\n
She is one of Ekoparty\'s BlueSpace coordinators and a member of a new community movement named Open Threat Research founded by Roberto Rodriguez.\n
\nTwitter: @fierytermite
\n
SpeakerBio:Samir\n
\nSecurity Researcher at Elastic Security focusing on detection engineering and threats hunting
\n
SpeakerBio:Ruth Barbacil\n
\nRuth Barbacil is an Information Systems Engineer (UTN FRBA) and a Threat Intelligence & Analytics Specialist at Deloitte Argentina. She has carried out tasks of investigation and analysis of Malware, Tactics, Techniques and Procedures (TTPs) and advanced persistent threats activities in order to help customers to defend and mitigate them. She\'s interested in Intelligence, Malware Analysis and Threat Hunting.
\nTwitter: @33root
\n
SpeakerBio:Anna McAbee\n
\nNo BIO available
\n
SpeakerBio:Paul Melson\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Blue Team Village activities in \'Talks Track 1\' will be streamed to Twitch.\n
\nTwitch: https://twitch.tv/BlueTeamVillage\n
\'',NULL,69051),('3_Saturday','16','15:30','16:30','Y','BTVT1','','\'Practical Advice on Threat Hunting Panel\'','\'Plug,Roberto Rodriguez,Tony M Lambert,Valentina PalacÃn,Samir,Ruth Barbacil,Anna McAbee,Paul Melson\'','BTVT1_c92a6a76a4aa56375751cdc8509ae880','\'\'',NULL,69052),('2_Friday','10','10:00','10:15','N','HRV','','\'Village Opening Remarks\'','\' \'','HRV_6821505cab75802cc6ed92a6cbd3a489','\'Title: Village Opening Remarks
\nWhen: Friday, Aug 7, 10:00 - 10:15 PDT
\nWhere: Ham Radio Vlg
\n
\nDescription:
\nWelcome to Ham Radio Village @ DEF CON Safe Mode
\n
This Ham Radio Village event will be held on Twitch. Related conversation will be held in the DEF CON Discord, channel #ham-presentation-text (Q&A).\n
\nTwitch: https://www.twitch.tv/hamradiovillage\n
#ham-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991\n
\'',NULL,69053),('2_Friday','11','11:00','11:59','N','HRV','','\'Talking to Satellites\'','\' \'','HRV_29dd74a1ee45a00bf52308126de2d48e','\'Title: Talking to Satellites
\nWhen: Friday, Aug 7, 11:00 - 11:59 PDT
\nWhere: Ham Radio Vlg
\n
\nDescription:
\nReaching out into space may seem like it would require a PhD and thousands of dollars of equipment, but it can actually be done for about $100. In this talk I will detail how to get started talking to satellites using basic equipment. With just a Ham Radio license and some gear, you too can talk to satellites and by extension people thousands of miles away.
\n
This Ham Radio Village event will be held on Twitch. Related conversation will be held in the DEF CON Discord, channel #ham-presentation-text (Q&A).\n
\nTwitch: https://www.twitch.tv/hamradiovillage\n
#ham-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991\n
\'',NULL,69054),('2_Friday','13','13:00','13:30','N','HRV','','\'A Basic Ham Station Setup\'','\' \'','HRV_62d45813206647384aada3f33785cf60','\'Title: A Basic Ham Station Setup
\nWhen: Friday, Aug 7, 13:00 - 13:30 PDT
\nWhere: Ham Radio Vlg
\n
\nDescription:
\nIn this live demo, we\'ll go over a basic home ham radio station setup, including all of the components and how they work together.
\n
This Ham Radio Village event will be held on Twitch. Related conversation will be held in the DEF CON Discord, channel #ham-presentation-text (Q&A).\n
\nTwitch: https://www.twitch.tv/hamradiovillage\n
#ham-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991\n
\'',NULL,69055),('2_Friday','14','14:00','14:59','N','HRV','','\'So You Got an SDR: Common Signals and the Wiki\'','\' \'','HRV_8b5613cc07eaf2bb1bc9a08ee7a1a13e','\'Title: So You Got an SDR: Common Signals and the Wiki
\nWhen: Friday, Aug 7, 14:00 - 14:59 PDT
\nWhere: Ham Radio Vlg
\n
\nDescription:
\nCome learn about how to use an software defined radio (SDR) to pick up and signals, and how to identify what they are and what they mean.
\n
This Ham Radio Village event will be held on Twitch. Related conversation will be held in the DEF CON Discord, channel #ham-presentation-text (Q&A).\n
\nTwitch: https://www.twitch.tv/hamradiovillage\n
#ham-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991\n
\'',NULL,69056),('3_Saturday','10','10:00','10:59','N','HRV','','\'Single Board Computers in Amateur Radio\'','\' \'','HRV_a28a830205eda7cff129d2fadfefdbbc','\'Title: Single Board Computers in Amateur Radio
\nWhen: Saturday, Aug 8, 10:00 - 10:59 PDT
\nWhere: Ham Radio Vlg
\n
\nDescription:
\nHave you ever tried Raspberry Pi and Ham together? It\'s a surprisingly good combination. In this talk, learn about how Raspberry Pis (and other single-board computers) play with ham radio.
\n
This Ham Radio Village event will be held on Twitch. Related conversation will be held in the DEF CON Discord, channel #ham-presentation-text (Q&A).\n
\nTwitch: https://www.twitch.tv/hamradiovillage\n
#ham-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991\n
\'',NULL,69057),('3_Saturday','11','11:30','12:30','N','HRV','','\'Discussion: What makes a good ham radio operator?\'','\' \'','HRV_56d7ee6bc73b477bcf1dda2d06ea137d','\'Title: Discussion: What makes a good ham radio operator?
\nWhen: Saturday, Aug 8, 11:30 - 12:30 PDT
\nWhere: Ham Radio Vlg
\n
\nDescription:
\nPanel discussion around what makes a good ham operator, as opposed to a \'lid\' (a bad operator). We\'ll also talk about all of the strange lingo ham radio loves to use.
\n
This Ham Radio Village event will be held on Twitch. Related conversation will be held in the DEF CON Discord, channel #ham-presentation-text (Q&A).\n
\nTwitch: https://www.twitch.tv/hamradiovillage\n
#ham-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991\n
\'',NULL,69058),('3_Saturday','12','11:30','12:30','Y','HRV','','\'Discussion: What makes a good ham radio operator?\'','\' \'','HRV_56d7ee6bc73b477bcf1dda2d06ea137d','\'\'',NULL,69059),('3_Saturday','13','13:30','13:59','N','HRV','','\'Practice \'Net\' via Discord\'','\' \'','HRV_310f88dd05490459213c10184ed683f7','\'Title: Practice \'Net\' via Discord
\nWhen: Saturday, Aug 8, 13:30 - 13:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nIn this \'demo\', we\'ll be hosting a practice \'net\' (ham-speak for on-air meeting) on the #ham-get-on-the-air-voice channel in the village. All persons, even non-hams, are invited to join us in this practice so you can become familiar with expected etiquette. And later on, you can put these skills to use on the DMR Net!\n
This event will be held exclusively on Discord, in the #ham-get-on-the-air-voice channel.\n
\nDiscord: https://discord.com/channels/708208267699945503/736674175179292673\n
\n\'',NULL,69060),('3_Saturday','15','15:00','15:30','N','HRV','','\'OSTWERK Initiative\'','\' \'','HRV_be0d47361224f2f7316e461d5dfc4624','\'Title: OSTWERK Initiative
\nWhen: Saturday, Aug 8, 15:00 - 15:30 PDT
\nWhere: Ham Radio Vlg
\n
\nDescription:
\nOSTWERK stands for Open Source Tactical Wireless Emergency Radio Kit, an all-in-one customizable solution for building ham radio kits. This will be a a 30 minute talk and Q&A about the initiative, my sample kit, and what I hope to accomplish (website features, sponsorships for kits for schools, etc). Feel free to ask any questions!
\n
This Ham Radio Village event will be held on Twitch. Related conversation will be held in the DEF CON Discord, channel #ham-presentation-text (Q&A).\n
\nTwitch: https://www.twitch.tv/hamradiovillage\n
#ham-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991\n
\'',NULL,69061),('4_Sunday','10','10:00','11:30','N','HRV','','\'The K0BAK Rover Van\'','\' \'','HRV_fb0a91bc0d15bd1836f9fa552aa11e62','\'Title: The K0BAK Rover Van
\nWhen: Sunday, Aug 9, 10:00 - 11:30 PDT
\nWhere: Ham Radio Vlg
\n
\nDescription:
\nCome see how Pete (K0BAK) is converting an old TV news station van, the kind used to produce and relay live TV reporting, into a mobile ham radio station!
\n
This Ham Radio Village event will be held on Twitch. Related conversation will be held in the DEF CON Discord, channel #ham-presentation-text (Q&A).\n
\nTwitch: https://www.twitch.tv/hamradiovillage\n
#ham-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991\n
\'',NULL,69062),('4_Sunday','11','10:00','11:30','Y','HRV','','\'The K0BAK Rover Van\'','\' \'','HRV_fb0a91bc0d15bd1836f9fa552aa11e62','\'\'',NULL,69063),('4_Sunday','13','13:00','13:30','N','HRV','','\'APRS: Automatic Packet Reporting System Demo\'','\' \'','HRV_17fda50e5f229dc0a7fe4512ba5acc32','\'Title: APRS: Automatic Packet Reporting System Demo
\nWhen: Sunday, Aug 9, 13:00 - 13:30 PDT
\nWhere: Ham Radio Vlg
\n
\nDescription:
\nIn this live demo, we\'ll go over what APRS is, what you can do with it, and a quick primer on how to get started.
\n
This Ham Radio Village event will be held on Twitch. Related conversation will be held in the DEF CON Discord, channel #ham-presentation-text (Q&A).\n
\nTwitch: https://www.twitch.tv/hamradiovillage\n
#ham-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991\n
\'',NULL,69064),('4_Sunday','14','14:30','14:45','N','HRV','','\'Village Closing Commentary\'','\' \'','HRV_e890bb78f295f321e9b97d9ee8e1f964','\'Title: Village Closing Commentary
\nWhen: Sunday, Aug 9, 14:30 - 14:45 PDT
\nWhere: Ham Radio Vlg
\n
\nDescription:
\nAs our village wraps up for this year, a huge thank you to everyone for participating!
\n
This Ham Radio Village event will be held on Twitch. Related conversation will be held in the DEF CON Discord, channel #ham-presentation-text (Q&A).\n
\nTwitch: https://www.twitch.tv/hamradiovillage\n
#ham-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991\n
\'',NULL,69065),('3_Saturday','10','10:00','10:30','N','RCV','','\'Twitter Word Phrequency\'','\'Master Chen\'','RCV_b66a73d141c2d822c7bf4268d6d9afe4','\'Title: Twitter Word Phrequency
\nWhen: Saturday, Aug 8, 10:00 - 10:30 PDT
\nWhere: Recon Vlg
\n
SpeakerBio:Master Chen\n
\nNo BIO available
\n\n
\nDescription:
\nWhat you say can hurt you, but how? In this talk, I will take a deep dive into Twitter Word Phrequency analysis and the implications of the resulting data. I will cover data acquisition, curation, analysis, weaponization, and maybe even profit. What is revealed by everyday social media engagent? Predictive speech? Password lists? Automated trolling? Let\'s find out!
\n
Recon Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/c/ReconVillage\n
#rv-talks-text: https://discord.com/channels/708208267699945503/737048009732522014\n
\'',NULL,69066),('3_Saturday','11','11:00','11:30','N','RCV','','\'Burnout is real\'','\'Chloé Messdaghi\'','RCV_b454a39a99f1a4154171a5d6d565f211','\'Title: Burnout is real
\nWhen: Saturday, Aug 8, 11:00 - 11:30 PDT
\nWhere: Recon Vlg
\n
SpeakerBio:Chloé Messdaghi\n
\nChloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WomenHackerz & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine\'s The Uncommon Journey, and runs the Hacker Book Club.
\n\n
\nDescription:
\nMental health is an ongoing issue within infosec before and during COVID-19. There\'s a fine balance between hacking and personal life. Majority of the time, they cross over. This talk shares an overview of the warning signs, symptoms, and practices to prevent burnout and how to deal with burnout to keep balanced.
\n
Recon Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/c/ReconVillage\n
#rv-talks-text: https://discord.com/channels/708208267699945503/737048009732522014\n
\'',NULL,69067),('3_Saturday','12','12:00','12:30','N','RCV','','\'Hunting for Blue Mockingbird Coinminers\'','\'Ladislav B\'','RCV_01e7e888e6e83ae04c62a5d14bb3cbdd','\'Title: Hunting for Blue Mockingbird Coinminers
\nWhen: Saturday, Aug 8, 12:00 - 12:30 PDT
\nWhere: Recon Vlg
\n
SpeakerBio:Ladislav B\n
\nNo BIO available
\n\n
\nDescription:
\nDuring March-May 2020 the Blue Mockingbird group infected thousands of computer systems, mainly in the enterprise environments. There are known incidents in which they exploited the CVE-2019-18935 vulnerability in Telerik Web UI for ASP.NET, then they used various backdoors and finally, they deployed XMRig-based CoinMiners for mining Monero cryptocurrency. Interesting about these cases is the persistence which they used for CoinMiners - lot of techniques including scheduled tasks, services, but also WMI Event Subscription and COR Profilers.\n
During forensic analysis and incident response process it was possible to find these persistences and many coinminers artifacts, but malware samples responsible for their installation and persistence creation have been missing. However, when we enriched results of the standard malware analysis with the Threat Intelligence data and OSInt, we were able to find the missed pieces of puzzle and reconstruct the original attack chain including the initial exploitation, local privilege exploit, two backdoors, main payload and multiple persistence techniques. Moreover, this research reveal many about the tools, techniques and procedures (TTP) of Blue Mockingbird Threat Actor.\n
Finally, with more knowledge about the attackers it is possible to collect more samples of coinminers used by them. After next step of reconnaissance we can get insight into profit of their attacks and compare them with the damages caused by these attacks.\n
\n
Recon Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/c/ReconVillage\n
#rv-talks-text: https://discord.com/channels/708208267699945503/737048009732522014\n
\'',NULL,69068),('3_Saturday','13','13:00','13:45','N','RCV','','\'Ambly, the Smart Darknet Spider \'','\'Levi\'','RCV_6a8d7b3da3614d27ace5bea52b60ac27','\'Title: Ambly, the Smart Darknet SpiderÂ
\nWhen: Saturday, Aug 8, 13:00 - 13:45 PDT
\nWhere: Recon Vlg
\n
SpeakerBio:Levi\n
\nNo BIO available
\n\n
\nDescription:
\nCombating cybercriminal activity requires quick turnover time between detecting indicators of attack and moving to protect or remediate the malicious activity. Currently, investigations slow down at the bottleneck of manual labor required to identify and evaluate cyber threat intelligence before making an actionable decision. While this can be an issue on the Clearnet, it becomes a more difficult problem for analysts on the Darknet. This leaves cybersecurity analysts in a position of constant responsiveness, rather than endorsing a position of preemptive protection.\n
To minimize the need for manual labor in the triage stage of cyber threat intelligence identification and preliminary evaluation on the darknet, Ambly, a smart darknet spider, is currently under development. Utilizing this tool will help identify darknet webpages containing cyber threat intelligence and produce a report ranking webpages for further human evaluation.\n
Ambly is a tool designed for interacting with the Tor network, hosted by the Tor Project. By connecting to the onion routers, Ambly is able to access ‘.onion’ URLs and begin crawling while gathering information. During the development cycle for Ambly, further layers of machine-learning modules are being added, including Natural Language Processing (NLP) classifications, language identification, and leading toward further development into cyber threat intelligence identification. This is an ongoing and dynamic research endeavor with future updates eminent.\nMain Talking Points:
\n- OSINT into CTI
\n- Difficulties of CTI on the Darknet
\n- Ambly’s current abilities for intelligence gathering.\n- The future of Ambly and Darknet CTI.\n
\n
Recon Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/c/ReconVillage\n
#rv-talks-text: https://discord.com/channels/708208267699945503/737048009732522014\n
\'',NULL,69069),('3_Saturday','14','14:00','14:30','N','RCV','','\'COVID 1984_ Propaganda and Surveillance during a Pandemic\'','\'Mauro Cáseres\'','RCV_eadb2c90e2749ec0d74b4eed17b6a816','\'Title: COVID 1984_ Propaganda and Surveillance during a Pandemic
\nWhen: Saturday, Aug 8, 14:00 - 14:30 PDT
\nWhere: Recon Vlg
\n
SpeakerBio:Mauro Cáseres\n
\nMauro Cáseres (@mauroeldritch) is an argentine hacker and speaker. He spoke at DEF CON 26 Las Vegas (Recon & Data Duplication Villages), DevFest Siberia, DragonJAR Colombia, Roadsec Brasil, and DC7831 Nizhny Novgorod. Currently working as SecOps for the Argentine Ministry of Production.
\nTwitter: @mauroeldritch
\n\n
\nDescription:
\nWhat does a propaganda apparatus look like from the inside? How do groups dedicated to setting trends and censoring the opposition act? What if your government forces you to install an app that tracks you during the pandemic? What if we infiltrate a sock puppet account to understand all this better?\n
The official political propaganda and digital surveillance in Argentina are not new. However, in the last fifteen years, both phenomena have adopted in their favor a new technological approach worthy of study, with the emergence of companies dedicated to manufacturing online trends; cyber militancy groups aimed at setting up debates, responding to them or denouncing rival trends in a coordinated way; the project to establish an exclusive social network for pro-government and “against the establishment†militants (sponsored by the Government itself); the rise of state digital surveillance after the implementation of a Cyber ​​Patrol Protocol, and the permanent monitoring of citizens through a mandatory mobile government application during the COVID-19 Pandemic. This work aims not only to review the previous events, but also to detail the two greatest milestones of political propaganda and digital surveillance in Argentina today: the political propaganda apparatus on social networks and the digital privacy abuses caused by the government application CUIDAR-COVID19 (ar.gob.coronavirus).\n
For the first case, a fictitious account (sock puppet) will be infiltrated within the propaganda apparatus on social networks to achieve a detailed technical dissection of its entire operation (including its interventions and actors). Our own cyber intelligence tool, Venator.lua, will be used to obtain and process data. The following section will be devoted to the study of privacy abuses caused by the mandatory government application CUIDAR-COVID19, reverse engineering it and analyzing its source code.\n
\n
Recon Village activities will be streamed to YouTube.\n
\nYouTube: https://www.youtube.com/c/ReconVillage\n
#rv-talks-text: https://discord.com/channels/708208267699945503/737048009732522014\n
\'',NULL,69070),('2_Friday','21','21:00','21:30','N','PWDV','','\'Getting Started with Hashcat (Rebroadcast)\'','\'Password Village Staff\'','PWDV_9e3cd1563b643ea21cf53340b29f695f','\'Title: Getting Started with Hashcat (Rebroadcast)
\nWhen: Friday, Aug 7, 21:00 - 21:30 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Password Village Staff\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,69071),('2_Friday','21','21:30','21:59','N','PWDV','','\'Making Targeted Wordlists (Rebroadcast)\'','\'Password Village Staff\'','PWDV_ffc57b43cf19c67e4128310c3c1bee0e','\'Title: Making Targeted Wordlists (Rebroadcast)
\nWhen: Friday, Aug 7, 21:30 - 21:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Password Village Staff\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,69072),('2_Friday','22','22:00','22:30','N','PWDV','','\'Result of Longer Passwords in Real World Application (Rebroadcast)\'','\'Minga\'','PWDV_11603f3fdb2c1677241504517a85b9d8','\'Title: Result of Longer Passwords in Real World Application (Rebroadcast)
\nWhen: Friday, Aug 7, 22:00 - 22:30 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Minga\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,69073),('2_Friday','22','22:30','22:40','N','PWDV','','\'From Printers to Silver Tickets or Something (Rebroadcast)\'','\'EvilMog\'','PWDV_efb91f42e1fb8c70cce028c4ba7000c3','\'Title: From Printers to Silver Tickets or Something (Rebroadcast)
\nWhen: Friday, Aug 7, 22:30 - 22:40 PDT
\nWhere: Password Vlg
\n
SpeakerBio:EvilMog\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,69074),('2_Friday','22','22:40','23:30','N','PWDV','','\'Getting Advanced with Hashcat (Rebroadcast)\'','\'Password Village Staff\'','PWDV_73d7fca23803359a684392baa9ce1b45','\'Title: Getting Advanced with Hashcat (Rebroadcast)
\nWhen: Friday, Aug 7, 22:40 - 23:30 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Password Village Staff\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,69075),('2_Friday','23','22:40','23:30','Y','PWDV','','\'Getting Advanced with Hashcat (Rebroadcast)\'','\'Password Village Staff\'','PWDV_73d7fca23803359a684392baa9ce1b45','\'\'',NULL,69076),('3_Saturday','21','21:00','21:59','N','PWDV','','\'Cracking at Extreme Scale: The Evolution of Hashstack (Rebroadcast)\'','\'Jeremi M Gosney (epixoip)\'','PWDV_dd7866479f76019294d3f8fae8d753e1','\'Title: Cracking at Extreme Scale: The Evolution of Hashstack (Rebroadcast)
\nWhen: Saturday, Aug 8, 21:00 - 21:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Jeremi M Gosney (epixoip)\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,69077),('3_Saturday','22','22:00','22:59','N','PWDV','','\'Length 15 & No Change. Implementing NIST SP800-63B for real (Rebroadcast\'','\'Per Thorsheim\'','PWDV_2e22b01c771e03cd9cf4f9a65a8168a5','\'Title: Length 15 & No Change. Implementing NIST SP800-63B for real (Rebroadcast
\nWhen: Saturday, Aug 8, 22:00 - 22:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Per Thorsheim\n
\nPer Thorsheim is the founder of PasswordsCon. By day he works as CSO of a large hotel chain in northern europe, holds multiple relevant certifications & bla bla bla. By evening, night, weekends & vacations he is passionate about passwords, digital authentication, email & DNS security/privacy.\n
He has spoken at conferences in many countries around the world (including Cryptovillage!), and is frequently interviewed in media. He is known for his passionate & easy to understand presentations, mixing technical topics with humor, stories from real life & practical advice.\n
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,69078),('3_Saturday','23','23:00','23:59','N','PWDV','','\'What the Shuck? Layered Hash Shucking (Rebroadcast)\'','\'Sam Croley (Chick3nman)\'','PWDV_ad5ffdff072ec6a10e498c991abeaa7f','\'Title: What the Shuck? Layered Hash Shucking (Rebroadcast)
\nWhen: Saturday, Aug 8, 23:00 - 23:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Sam Croley (Chick3nman)\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,69079),('3_Saturday','00','00:00','00:59','N','PWDV','','\'PathWell: Dynamic Password Strength Enforcement (Rebroadcast)\'','\'Hank Leininger\'','PWDV_f40a64eb4464eaf05c8d438c86b35687','\'Title: PathWell: Dynamic Password Strength Enforcement (Rebroadcast)
\nWhen: Saturday, Aug 8, 00:00 - 00:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Hank Leininger\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,69080),('4_Sunday','01','01:00','01:59','N','PWDV','','\'Practical PCFG Password Cracking (Rebroadcast)\'','\'Matt Weir\'','PWDV_6edce1e277dce3ef77b8eafd3644e67b','\'Title: Practical PCFG Password Cracking (Rebroadcast)
\nWhen: Sunday, Aug 9, 01:00 - 01:59 PDT
\nWhere: Password Vlg
\n
SpeakerBio:Matt Weir\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Password Village events will be streamed to both YouTube and Twitch concurrently. \n
\nTwitch: https://twitch.tv/passwordvillage\n
YouTube: https://youtube.com/channel/UCqVng_SmexXf4TW3AVdMIyQ\n
\'',NULL,69081),('2_Friday','15','15:30','16:30','N','POV','','\'Election Security\'','\' \'','POV_b37e2712a3f74ec841e4ec9fd172b7a8','\'Title: Election Security
\nWhen: Friday, Aug 7, 15:30 - 16:30 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThis event requires registration. Please see the below URL for details.\n
\nRegistration: https://www.eventbrite.com/e/def-con-community-roundtable-election-security-tickets-115977739541\n
\n\'',NULL,69082),('2_Friday','16','15:30','16:30','Y','POV','','\'Election Security\'','\' \'','POV_b37e2712a3f74ec841e4ec9fd172b7a8','\'\'',NULL,69083),('3_Saturday','11','11:00','11:59','N','POV','','\'AMA w/@hackingdave & @kennwhite\'','\'hackingdave,kennwhite\'','POV_bd2c503bdda0d657e96543c03a3f784b','\'Title: AMA w/@hackingdave & @kennwhite
\nWhen: Saturday, Aug 8, 11:00 - 11:59 PDT
\nWhere: See Description or Village
\nSpeakers:hackingdave,kennwhite
\n
SpeakerBio:hackingdave\n
\nNo BIO available
\nTwitter: @hackingdave
\n
SpeakerBio:kennwhite\n
\nNo BIO available
\nTwitter: @kennwhite
\n\n
\nDescription:
\nThis event requires registration. Please see the link below for more information.\n
\nRegistration: https://www.eventbrite.com/e/def-con-policy-ama-ask-a-hacker-with-hackingdave-kennwhite-tickets-115981562977\n
\n\'',NULL,69084),('3_Saturday','14','14:00','14:59','N','POV','','\'AMA w/Policymakers\'','\' \'','POV_45f9de7c1bc42bd74ee9d11184c87f4e','\'Title: AMA w/Policymakers
\nWhen: Saturday, Aug 8, 14:00 - 14:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThis event requires registration. Please see the below link for more information.\n
\nRegistration: https://www.eventbrite.com/e/def-con-policy-ama-ask-a-policymaker-with-tbd-tickets-115983414515\n
\n\'',NULL,69085),('3_Saturday','16','16:00','16:59','N','POV','','\'Mis/Dis Information & Democracy\'','\' \'','POV_23e6b8f052aeae9d472a915c2f60089f','\'Title: Mis/Dis Information & Democracy
\nWhen: Saturday, Aug 8, 16:00 - 16:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThis event requires registration. Please see the below link for more information.\n
\nRegistration: https://www.eventbrite.com/e/def-con-policy-community-roundtable-misdis-information-democracy-tickets-115984678295\n
\n\'',NULL,69086),('2_Friday','09','09:30','09:59','N','DC','','\'Welcome to DEF CON Safe Mode\'','\'The Dark Tangent\'','DC_fd833522fc82bee04a84f54f7a283705','\'Title: Welcome to DEF CON Safe Mode
\nWhen: Friday, Aug 7, 09:30 - 09:59 PDT
\nWhere: See Description or Village
\n
SpeakerBio:The Dark Tangent\n
\nNo BIO available
\n\n
\nDescription:
\n
\nYouTube: https://www.youtube.com/watch?v=pn68aAZc5Sg\n
Twitch: https://www.twitch.tv/defconorg\n
\n\'',NULL,69087),('2_Friday','12','12:00','17:59','N','AEV','E','\'Bricks in the Air\'','\' \'','AEV_24a8a2b0a36d092304ad5a2657055f57','\'Title: Bricks in the Air
\nWhen: Friday, Aug 7, 12:00 - 17:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nA huge hit at Def Con 27, we’ve partnered with the Defense Digital Service to bring back Bricks-In-The-Air for #DEFCON28SafeMode. Whether you’re a noob or a pro, this is your chance to attempt sending messages to mock LEGO aircraft over I2C to learn and experiment with direct injection attacks on a data bus.
\n\'',NULL,69088),('3_Saturday','09','09:00','15:59','N','AEV','E','\'Bricks in the Air\'','\' \'','AEV_37d1eaf1a1723d4b368d7bad0b196a1e','\'Title: Bricks in the Air
\nWhen: Saturday, Aug 8, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nA huge hit at Def Con 27, we’ve partnered with the Defense Digital Service to bring back Bricks-In-The-Air for #DEFCON28SafeMode. Whether you’re a noob or a pro, this is your chance to attempt sending messages to mock LEGO aircraft over I2C to learn and experiment with direct injection attacks on a data bus.
\n\'',NULL,69089),('4_Sunday','09','09:00','13:59','N','AEV','E','\'Bricks in the Air\'','\' \'','AEV_c17cbe7490b04aee80dbf1272c7d86fd','\'Title: Bricks in the Air
\nWhen: Sunday, Aug 9, 09:00 - 13:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nA huge hit at Def Con 27, we’ve partnered with the Defense Digital Service to bring back Bricks-In-The-Air for #DEFCON28SafeMode. Whether you’re a noob or a pro, this is your chance to attempt sending messages to mock LEGO aircraft over I2C to learn and experiment with direct injection attacks on a data bus.
\n\'',NULL,69090),('2_Friday','09','09:00','15:59','N','AEV','E','\'Cal Poly Workshop - Simulated Satellite Communications on Raspberry Pi\'','\' \'','AEV_cbf238ff26ab40743a031c9343d03bfd','\'Title: Cal Poly Workshop - Simulated Satellite Communications on Raspberry Pi
\nWhen: Friday, Aug 7, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nUsers will need to purchase own equiptment before the workshop/challenge is run. (users will attempt to see simulated altitude, battery level, telemetry data from the mock satellite. It will be awesome because, we will expose participants new to the convergence of space and cybersecurity a crawl/beginner experience to gain their interest. It\'s designed as a workshop. The Convergence of Space & Cybersecurity Innovation.\n
The goal of this workshop would be to construct a “CubeSat Simulator Lite https://github.com/alanbjohnston/CubeSatSim/wiki†specifically https://github.com/alanbjohnston/CubeSatSim/wiki/CubeSat-Simulator-Lite.\n
We would run through the installation of the software via a screensharing method. We’d show participants how to setup a Raspberry Pi, set up the device, install the necessary packages, attach a necessary antenna, and view the transmitted data using a software defined radio.\n
Building materials:
\nRaspberry Pi Kit - https://www.amazon.com/dp/B07BCC8PK7/\nSoftware Defined Radio - https://www.amazon.com/dp/B011HVUEME/\n
\n\'',NULL,69091),('3_Saturday','09','09:00','15:59','N','AEV','E','\'Cal Poly Workshop - Simulated Satellite Communications on Raspberry Pi\'','\' \'','AEV_5531f9d7b65228b32819b6bd4f33904f','\'Title: Cal Poly Workshop - Simulated Satellite Communications on Raspberry Pi
\nWhen: Saturday, Aug 8, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nUsers will need to purchase own equiptment before the workshop/challenge is run. (users will attempt to see simulated altitude, battery level, telemetry data from the mock satellite. It will be awesome because, we will expose participants new to the convergence of space and cybersecurity a crawl/beginner experience to gain their interest. It\'s designed as a workshop. The Convergence of Space & Cybersecurity Innovation.\n
The goal of this workshop would be to construct a “CubeSat Simulator Lite https://github.com/alanbjohnston/CubeSatSim/wiki†specifically https://github.com/alanbjohnston/CubeSatSim/wiki/CubeSat-Simulator-Lite.\n
We would run through the installation of the software via a screensharing method. We’d show participants how to setup a Raspberry Pi, set up the device, install the necessary packages, attach a necessary antenna, and view the transmitted data using a software defined radio.\n
Building materials:
\nRaspberry Pi Kit - https://www.amazon.com/dp/B07BCC8PK7/\nSoftware Defined Radio - https://www.amazon.com/dp/B011HVUEME/\n
\n\'',NULL,69092),('4_Sunday','09','09:00','15:59','N','AEV','E','\'Cal Poly Workshop - Simulated Satellite Communications on Raspberry Pi\'','\' \'','AEV_10fc8d93cb212839d9a78bd2fad9744a','\'Title: Cal Poly Workshop - Simulated Satellite Communications on Raspberry Pi
\nWhen: Sunday, Aug 9, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nUsers will need to purchase own equiptment before the workshop/challenge is run. (users will attempt to see simulated altitude, battery level, telemetry data from the mock satellite. It will be awesome because, we will expose participants new to the convergence of space and cybersecurity a crawl/beginner experience to gain their interest. It\'s designed as a workshop. The Convergence of Space & Cybersecurity Innovation.\n
The goal of this workshop would be to construct a “CubeSat Simulator Lite https://github.com/alanbjohnston/CubeSatSim/wiki†specifically https://github.com/alanbjohnston/CubeSatSim/wiki/CubeSat-Simulator-Lite.\n
We would run through the installation of the software via a screensharing method. We’d show participants how to setup a Raspberry Pi, set up the device, install the necessary packages, attach a necessary antenna, and view the transmitted data using a software defined radio.\n
Building materials:
\nRaspberry Pi Kit - https://www.amazon.com/dp/B07BCC8PK7/\nSoftware Defined Radio - https://www.amazon.com/dp/B011HVUEME/\n
\n\'',NULL,69093),('2_Friday','12','12:00','17:59','N','AEV','E','\'CPX SimpleSat\'','\' \'','AEV_95e45d823baa92a286e1e740fa63cebc','\'Title: CPX SimpleSat
\nWhen: Friday, Aug 7, 12:00 - 17:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nCan you Hack-A-Sat? You won’t know until you try! Intended for noobs, CPX SimpleSat was built to allow you to experiment with attacking a mock satellite through a ground station, mimicking the types of commands used in Hack-a-Sat to gain control of the Satellite. No previous experience required. Just curiosity and a willingness to learn!
\n\'',NULL,69094),('3_Saturday','09','09:00','15:59','N','AEV','E','\'CPX SimpleSat\'','\' \'','AEV_533bc877d67e2dd21527ba2524d37209','\'Title: CPX SimpleSat
\nWhen: Saturday, Aug 8, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nCan you Hack-A-Sat? You won’t know until you try! Intended for noobs, CPX SimpleSat was built to allow you to experiment with attacking a mock satellite through a ground station, mimicking the types of commands used in Hack-a-Sat to gain control of the Satellite. No previous experience required. Just curiosity and a willingness to learn!
\n\'',NULL,69095),('4_Sunday','09','09:00','13:59','N','AEV','E','\'CPX SimpleSat\'','\' \'','AEV_b082419103e1b2b04512779cb460ee11','\'Title: CPX SimpleSat
\nWhen: Sunday, Aug 9, 09:00 - 13:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nCan you Hack-A-Sat? You won’t know until you try! Intended for noobs, CPX SimpleSat was built to allow you to experiment with attacking a mock satellite through a ground station, mimicking the types of commands used in Hack-a-Sat to gain control of the Satellite. No previous experience required. Just curiosity and a willingness to learn!
\n\'',NULL,69096),('2_Friday','12','12:00','17:59','N','AEV','E','\'DDSAT-1\'','\' \'','AEV_da1beb2d0e2c605b0c8cd0b024d7f9b8','\'Title: DDSAT-1
\nWhen: Friday, Aug 7, 12:00 - 17:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nIf CPX SimpleSat was, well, too simple, try your hand at hacking DDSat-1. Here you’ll get to experiment with RF exploitation by attacking a mock satellite over RF while it is talking to a mock ground station. You’ll be able to mimic the style of RF commands being generated as a part of Hack-a-Sat, but in a more simplified and user friendly manner.
\n\'',NULL,69097),('3_Saturday','09','09:00','15:59','N','AEV','E','\'DDSAT-1\'','\' \'','AEV_128c9ad03c0cfefee2e3fccc8f3e2cdb','\'Title: DDSAT-1
\nWhen: Saturday, Aug 8, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nIf CPX SimpleSat was, well, too simple, try your hand at hacking DDSat-1. Here you’ll get to experiment with RF exploitation by attacking a mock satellite over RF while it is talking to a mock ground station. You’ll be able to mimic the style of RF commands being generated as a part of Hack-a-Sat, but in a more simplified and user friendly manner.
\n\'',NULL,69098),('4_Sunday','09','09:00','13:59','N','AEV','E','\'DDSAT-1\'','\' \'','AEV_147e8b516d7729114d2905e3797fd56d','\'Title: DDSAT-1
\nWhen: Sunday, Aug 9, 09:00 - 13:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nIf CPX SimpleSat was, well, too simple, try your hand at hacking DDSat-1. Here you’ll get to experiment with RF exploitation by attacking a mock satellite over RF while it is talking to a mock ground station. You’ll be able to mimic the style of RF commands being generated as a part of Hack-a-Sat, but in a more simplified and user friendly manner.
\n\'',NULL,69099),('2_Friday','09','09:00','15:59','N','AEV','E','\'Deep Space Networking\'','\' \'','AEV_517b1d74186a5776a6582720869d8014','\'Title: Deep Space Networking
\nWhen: Friday, Aug 7, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nDeep space communications utilize TCP/IP protocols with some added assistance from a TCP Convergence Layer and the Bundle Protocol. In this workshop, participants will examine the store-and-forward techniques used to transmit \"bundles\" of information from one host to another via a relay system. Using the latest version of Wireshark, participants will examine the TCP Convergence Header and locate the first packet of a bundle and the first and second legs of the relay process, as reassembled by Wireshark. After identifying the content contained within the bundle, participants will create a filter to locate the last packet of a bundle and examine key fields of the Bundle Protocol, including fields that define priority, destination type, endpoint IDs, and reporting of bundle delivery.
\n\'',NULL,69100),('3_Saturday','09','09:00','15:59','N','AEV','E','\'Deep Space Networking\'','\' \'','AEV_b5f9e30936b1977e7d9cffd965754b11','\'Title: Deep Space Networking
\nWhen: Saturday, Aug 8, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nDeep space communications utilize TCP/IP protocols with some added assistance from a TCP Convergence Layer and the Bundle Protocol. In this workshop, participants will examine the store-and-forward techniques used to transmit \"bundles\" of information from one host to another via a relay system. Using the latest version of Wireshark, participants will examine the TCP Convergence Header and locate the first packet of a bundle and the first and second legs of the relay process, as reassembled by Wireshark. After identifying the content contained within the bundle, participants will create a filter to locate the last packet of a bundle and examine key fields of the Bundle Protocol, including fields that define priority, destination type, endpoint IDs, and reporting of bundle delivery.
\n\'',NULL,69101),('4_Sunday','09','09:00','15:59','N','AEV','E','\'Deep Space Networking\'','\' \'','AEV_36543df57caf1d35aff3ecbc24625dec','\'Title: Deep Space Networking
\nWhen: Sunday, Aug 9, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nDeep space communications utilize TCP/IP protocols with some added assistance from a TCP Convergence Layer and the Bundle Protocol. In this workshop, participants will examine the store-and-forward techniques used to transmit \"bundles\" of information from one host to another via a relay system. Using the latest version of Wireshark, participants will examine the TCP Convergence Header and locate the first packet of a bundle and the first and second legs of the relay process, as reassembled by Wireshark. After identifying the content contained within the bundle, participants will create a filter to locate the last packet of a bundle and examine key fields of the Bundle Protocol, including fields that define priority, destination type, endpoint IDs, and reporting of bundle delivery.
\n\'',NULL,69102),('2_Friday','09','09:00','15:59','N','AEV','E','\'Nyan Sat Workshop\'','\' \'','AEV_2b97c8e6e8c9e0c133ee5805e3296700','\'Title: Nyan Sat Workshop
\nWhen: Friday, Aug 7, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nWhat’s another way to hack a satellite? Through ground stations. \n
Nyansat consists of three fun, non-competitive challenges: building your own satellite tracking antenna, exploiting a ground station modem, and participating in our livestreamed, internet-accessible, community ground station event.\n
\n\'',NULL,69103),('3_Saturday','09','09:00','15:59','N','AEV','E','\'Nyan Sat Workshop\'','\' \'','AEV_defa3a86eccf128dcbafad1d9470b02e','\'Title: Nyan Sat Workshop
\nWhen: Saturday, Aug 8, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nWhat’s another way to hack a satellite? Through ground stations. \n
Nyansat consists of three fun, non-competitive challenges: building your own satellite tracking antenna, exploiting a ground station modem, and participating in our livestreamed, internet-accessible, community ground station event.\n
\n\'',NULL,69104),('4_Sunday','09','09:00','13:59','N','AEV','E','\'Nyan Sat Workshop\'','\' \'','AEV_c7185e392cf862c1e5529b49a348c443','\'Title: Nyan Sat Workshop
\nWhen: Sunday, Aug 9, 09:00 - 13:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nWhat’s another way to hack a satellite? Through ground stations. \n
Nyansat consists of three fun, non-competitive challenges: building your own satellite tracking antenna, exploiting a ground station modem, and participating in our livestreamed, internet-accessible, community ground station event.\n
\n\'',NULL,69105),('2_Friday','10','10:00','13:30','N','AEV','E','\'Understanding Space Through a CyberSecurity Lens\'','\' \'','AEV_9cebd9e6c1ace1c4456258ce98f82e80','\'Title: Understanding Space Through a CyberSecurity Lens
\nWhen: Friday, Aug 7, 10:00 - 13:30 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nThis exciting, fast-paced course delivers the \"big picture\" of space missions from cradle to grave. Understanding Space is the ideal course for technical or non-technical professionals new to the space industry or who need a refresher on the fundamentals. \n
Learning outcomes will be:
\n- Gain Core Space Knowledge
\n- Comprehend space mission Capabilities, Trade-offs and Limitations \n- Apply Space Concepts to real-world problems \n- Analyze Typical Space Problems
\n- Synthesize concepts to Design a Space Mission \n- Evaluate basic technical and programmatic space issues \n
This will be a half-day course instead of the normal 2-day course.\n
\n\'',NULL,69106),('2_Friday','14','14:30','17:59','N','AEV','E','\'Understanding Space Through a CyberSecurity Lens\'','\' \'','AEV_6f17f81a7353973a38794ad768bfec85','\'Title: Understanding Space Through a CyberSecurity Lens
\nWhen: Friday, Aug 7, 14:30 - 17:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nThis exciting, fast-paced course delivers the \"big picture\" of space missions from cradle to grave. Understanding Space is the ideal course for technical or non-technical professionals new to the space industry or who need a refresher on the fundamentals. \n
Learning outcomes will be:
\n- Gain Core Space Knowledge
\n- Comprehend space mission Capabilities, Trade-offs and Limitations \n- Apply Space Concepts to real-world problems \n- Analyze Typical Space Problems
\n- Synthesize concepts to Design a Space Mission \n- Evaluate basic technical and programmatic space issues \n
This will be a half-day course instead of the normal 2-day course.\n
\n\'',NULL,69107),('3_Saturday','09','09:00','12:30','N','AEV','E','\'Understanding Space Through a CyberSecurity Lens\'','\' \'','AEV_c54512560f4ea0b7b20416c08a0d410e','\'Title: Understanding Space Through a CyberSecurity Lens
\nWhen: Saturday, Aug 8, 09:00 - 12:30 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nThis exciting, fast-paced course delivers the \"big picture\" of space missions from cradle to grave. Understanding Space is the ideal course for technical or non-technical professionals new to the space industry or who need a refresher on the fundamentals. \n
Learning outcomes will be:
\n- Gain Core Space Knowledge
\n- Comprehend space mission Capabilities, Trade-offs and Limitations \n- Apply Space Concepts to real-world problems \n- Analyze Typical Space Problems
\n- Synthesize concepts to Design a Space Mission \n- Evaluate basic technical and programmatic space issues \n
This will be a half-day course instead of the normal 2-day course.\n
\n\'',NULL,69108),('3_Saturday','13','13:30','16:59','N','AEV','E','\'Understanding Space Through a CyberSecurity Lens\'','\' \'','AEV_8fb6e8b5d65a03b78ad330c13fa28ebc','\'Title: Understanding Space Through a CyberSecurity Lens
\nWhen: Saturday, Aug 8, 13:30 - 16:59 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nThis exciting, fast-paced course delivers the \"big picture\" of space missions from cradle to grave. Understanding Space is the ideal course for technical or non-technical professionals new to the space industry or who need a refresher on the fundamentals. \n
Learning outcomes will be:
\n- Gain Core Space Knowledge
\n- Comprehend space mission Capabilities, Trade-offs and Limitations \n- Apply Space Concepts to real-world problems \n- Analyze Typical Space Problems
\n- Synthesize concepts to Design a Space Mission \n- Evaluate basic technical and programmatic space issues \n
This will be a half-day course instead of the normal 2-day course.\n
\n\'',NULL,69109),('4_Sunday','09','09:00','12:30','N','AEV','E','\'Understanding Space Through a CyberSecurity Lens\'','\' \'','AEV_82e1457e88ab60d978917510f2bcba8b','\'Title: Understanding Space Through a CyberSecurity Lens
\nWhen: Sunday, Aug 9, 09:00 - 12:30 PDT
\nWhere: Aerospace Vlg Workshop
\n
\nDescription:
\nThis exciting, fast-paced course delivers the \"big picture\" of space missions from cradle to grave. Understanding Space is the ideal course for technical or non-technical professionals new to the space industry or who need a refresher on the fundamentals. \n
Learning outcomes will be:
\n- Gain Core Space Knowledge
\n- Comprehend space mission Capabilities, Trade-offs and Limitations \n- Apply Space Concepts to real-world problems \n- Analyze Typical Space Problems
\n- Synthesize concepts to Design a Space Mission \n- Evaluate basic technical and programmatic space issues \n
This will be a half-day course instead of the normal 2-day course.\n
\n\'',NULL,69110),('3_Saturday','08','08:00','19:59','N','AEV','E','\'A-ISAC CTF\'','\' \'','AEV_da002528b3bcc678acb6f3e04616e222','\'Title: A-ISAC CTF
\nWhen: Saturday, Aug 8, 08:00 - 19:59 PDT
\nWhere: Aerospace Vlg
\n
\nDescription:
\nAviation is under attack! A Tier 1 airport is in chaos!\n
Ticketing kiosks, airline servers, flight information displays, transportation security, runway lights, aircraft, and other critical systems have all been compromised. And there are indicators that airport insiders may have colluded with hackers to bring the airport to its knees!\n
It’s up to you now. YOU have 24 hours to research and investigate this crisis to regain control of the targeted airport and its airspace. From collecting evidence (and flags) to restoring all compromised assets and assisting impacted stakeholders, the clock is ticking!\n
Its time to apply everything you know about cybersecurity (e.g., password cracking, log analysis, computer forensics, and ethical hacking), intelligence (e.g., OSINT), and aviation (e.g., crew, avionics, air traffic control communications, airline operations, security screening, airport information systems, and aviation cyber-physical systems) to help the airport return to normal operations.\n
You have been given full authority to do whatever it takes to catch the hackers, seize back control of the airport, and restore aviation operations.\n
\nDiscord: https://discord.com/channels/708208267699945503/734477413186273400\n
\n\'',NULL,69111),('2_Friday','08','08:00','19:59','N','AEV','E','\'A-ISAC CTF\'','\' \'','AEV_29d36ecacb0740492c8de9a5d21fa14f','\'Title: A-ISAC CTF
\nWhen: Friday, Aug 7, 08:00 - 19:59 PDT
\nWhere: Aerospace Vlg
\n
\nDescription:
\nAviation is under attack! A Tier 1 airport is in chaos!\n
Ticketing kiosks, airline servers, flight information displays, transportation security, runway lights, aircraft, and other critical systems have all been compromised. And there are indicators that airport insiders may have colluded with hackers to bring the airport to its knees!\n
It’s up to you now. YOU have 24 hours to research and investigate this crisis to regain control of the targeted airport and its airspace. From collecting evidence (and flags) to restoring all compromised assets and assisting impacted stakeholders, the clock is ticking!\n
Its time to apply everything you know about cybersecurity (e.g., password cracking, log analysis, computer forensics, and ethical hacking), intelligence (e.g., OSINT), and aviation (e.g., crew, avionics, air traffic control communications, airline operations, security screening, airport information systems, and aviation cyber-physical systems) to help the airport return to normal operations.\n
You have been given full authority to do whatever it takes to catch the hackers, seize back control of the airport, and restore aviation operations.\n
\nDiscord: https://discord.com/channels/708208267699945503/734477413186273400\n
\n\'',NULL,69112),('2_Friday','09','09:00','15:59','N','AEV','E','\'Aviation Privacy Treasure Hunt\'','\'Martin Strohmeier\'','AEV_6d15f5a8752c18fca2945b59312dc07f','\'Title: Aviation Privacy Treasure Hunt
\nWhen: Friday, Aug 7, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Martin Strohmeier\n
\nMartin Strohmeier is a Junior Research Fellow of Kellogg College, University of Oxford and a Senior Scientist at the Swiss Cyber Defence Campus.The main focus of his work has been the design, implementation, and analysis of security protocols for cyber-physical systems, specifically those used in critical infrastructures such as aviation (civil and military). Using these domains as a driver for the real-world applicability of his research, his work has been published in many diverse venues, spanning wireless communications, cryptography, systems security, sensor networking, privacy, and aviation.\n
After his DPhil, he has been extending his interests towards areas of open-source intelligence, privacy issues in aviation and satellite environments, and most recently adversarial machine learning. Martin is also a co-founder of the aviation research network OpenSky where he is responsible for communication and research activities.\n
\n\n
\nDescription:
\nThis OSINT CTF sends the participant on a wild treasure hunt across open aviation data, demonstrating the severe impact of some of the issues surrounding aviation tracking and datalink privacy. The participants will learn how the lack of security in wireless protocols affects the privacy of passengers and aircraft operators alike and how to exploit them. This treasure hunt will cover privacy leaks on datalinks and ATC communication used by corporate, government, military and commercial aircraft. We will actively engage with countermeasures and mitigations, showing which ones are helpful and which ones are not. This will include the most current industry attempts, including the FAA’s Privacy ICAO Address programme and ACARS encryption measures. For this CTF, we will use a mixture of OSINT data sources available on the web, exclusive real-world datasets, and mock data based on our research over the past five years.
\n\'',NULL,69113),('2_Friday','09','09:00','15:59','N','AEV','E','\'Mission Alenium: Launching the Next Generation into an Immersive Cybersecurity and Space Systems Challenge\'','\'Henry Danielson\'','AEV_65bf75b9af9b4977fd2d13f59da2614e','\'Title: Mission Alenium: Launching the Next Generation into an Immersive Cybersecurity and Space Systems Challenge
\nWhen: Friday, Aug 7, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Henry Danielson\n
\nNo BIO available
\n\n
\nDescription:
\nThe Convergence of Space and Cybersecurity is here! The goal of this immersive, two-part challenge is to expose beginner-level participants to Space Networks, Cybersecurity, Satellites, IoT devices and Digital Forensics Analysis through a gamified satellite cybercrime scenario. The first part includes a series of five online 3D “escape rooms†which each simulate different locations that contain important evidence. After all the information is collected, participants enter the second phase of the challenge and begin conducting forensic analysis. Participants will respond to a fictional storyline where the flight control system of a Low Earth Orbit (LEO) is compromised. Due to the hack, the rocket and its accompanying satellite crash before reaching orbit. The software payload survives the crash and is sufficiently intact for digital forensic analysis. The participants act as cybersecurity digital forensics analysts, attempting to find out how and why the system was hacked and by whom. It is being deployed at the California Cyber Innovation Challenge 2020, the state championship for cybersecurity competitions in California, for teams of middle school and high school students this upcoming October.\n
\nDiscord: https://discord.com/channels/708208267699945503/732393009215176854\n
\n\'',NULL,69114),('3_Saturday','09','09:00','15:59','N','AEV','E','\'Mission Alenium: Launching the Next Generation into an Immersive Cybersecurity and Space Systems Challenge\'','\'Henry Danielson\'','AEV_01c32ae080e7b1a8195eccbf56a2edab','\'Title: Mission Alenium: Launching the Next Generation into an Immersive Cybersecurity and Space Systems Challenge
\nWhen: Saturday, Aug 8, 09:00 - 15:59 PDT
\nWhere: Aerospace Vlg
\n
SpeakerBio:Henry Danielson\n
\nNo BIO available
\n\n
\nDescription:
\nThe Convergence of Space and Cybersecurity is here! The goal of this immersive, two-part challenge is to expose beginner-level participants to Space Networks, Cybersecurity, Satellites, IoT devices and Digital Forensics Analysis through a gamified satellite cybercrime scenario. The first part includes a series of five online 3D “escape rooms†which each simulate different locations that contain important evidence. After all the information is collected, participants enter the second phase of the challenge and begin conducting forensic analysis. Participants will respond to a fictional storyline where the flight control system of a Low Earth Orbit (LEO) is compromised. Due to the hack, the rocket and its accompanying satellite crash before reaching orbit. The software payload survives the crash and is sufficiently intact for digital forensic analysis. The participants act as cybersecurity digital forensics analysts, attempting to find out how and why the system was hacked and by whom. It is being deployed at the California Cyber Innovation Challenge 2020, the state championship for cybersecurity competitions in California, for teams of middle school and high school students this upcoming October.\n
\nDiscord: https://discord.com/channels/708208267699945503/732393009215176854\n
\n\'',NULL,69115),('1_Thursday','09','09:00','09:01','N','WLV','','\'Introduction to WiFi Security\'','\'Nishant Sharma\'','WLV_3a8bc64cd58ab13591804acfe2219baa','\'Title: Introduction to WiFi Security
\nWhen: Thursday, Aug 6, 09:00 - 09:01 PDT
\nWhere: Wireless Vlg
\n
SpeakerBio:Nishant Sharma\n, R&D Manager, Pentester Academy
\nNishant Sharma (Twitter: @wifisecguy) is an R&D Manager at Pentester Academy and Attack Defense. He is also the Architect at Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX and WiMini. He also handles technical content creation and moderation for Pentester Academy TV. He has 7+ years of experience in information security field including 5+ years in WiFi security research and development. He has presented/published his work at Blackhat USA/Asia, DEF CON China, Wireless Village, IoT village and Demo labs (DEFCON USA). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the state of art WiFi Intrusion Prevention System (WIPS). He has a Master\'s degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, Forensics and Cryptography.
\nTwitter: @wifisecguy
\n\n
\nDescription:
\nEvery year a lot of new people attend DEF CON to explore new topics and some even move to new fields based on their newly discovered interests. The workshops organised by the DEF CON villages always played an important role. This year the DEF CON has gone virtual and it is apt for the workshops to do so too. \n
Our workshop is focused on the beginner people who want to explore/learn WiFi security and understand how the WiFi network attacks work. To adapt to this new normal, we will change the approach a little, we will explain the basics and theory (in brief) using slides and then give the users access to our cloud labs. The labs consist of an emulated WiFi environment and the users have everything they need to get cracking along with step by step instructions. We are planning to cover the following:\n
\n - Basics of WiFi (What is WiFi, important standard, bands, channels, SSID, BSSID)
- Introduction to WiFi Recon (Locating nearby APs and clients)
\n-WEP (What is WEP, How it works, Why WEP is broken, How to hack WEP)\n
-WPA2-PSK (What is WPA2-PSK, How 4-way handshake works, How to crack WPA2-PSK)\n
-WPA2-ENT (What is WPA2-ENT, How MSCHAPv2 auth works, How to crack WPA2-ENT MSCHAPv2)\n
This talk is available on YouTube.\n
\nLink from instructor: http://linux-basics-bootcamp-pa-beta.ue.r.appspot.com/courses/\n
Talk: https://www.youtube.com/watch?v=zV_yWVTbhlc\n
\n\'',NULL,69116),('1_Thursday','09','09:00','09:01','N','WLV','','\'Wireless Blue Team\'','\'Eric Escobar\'','WLV_9c5e5c83b4211459f4c2153de267ad3d','\'Title: Wireless Blue Team
\nWhen: Thursday, Aug 6, 09:00 - 09:01 PDT
\nWhere: Wireless Vlg
\n
SpeakerBio:Eric Escobar\n
\nEric is a seasoned pentester and a Principal Security Consultant at Secureworks. On a daily basis he attempts to compromise large enterprise networks to test their physical, human, network and wireless security. He has successfully compromised companies from all sectors of business including: Healthcare, Pharmaceutical, Entertainment, Amusement Parks, Banking, Finance, Technology, Insurance, Retail, Food Distribution, Government, Education, Transportation, Energy and Industrial Manufacturing.\n
His team consecutively won first place at DEF CON 23, 24, and 25\'s Wireless CTF, snagging a black badge along the way. Forcibly retired from competing in the Wireless CTF, he now helps create challenges!\n
\n\n
\nDescription:
\nWireless security is often overlooked, or deemed \"good enough\". However, for many companies, access to the corporate Wi-Fi means direct access to the internal network. This talk will demonstrate a variety of opening attacks performed by threat actors whose goal it is to infiltrate your organization. These tactics are detectable to the vigilant sysadmin, but all too often go unnoticed in a sea of log files. Check out this talk for access to the \"Free Public WiFi\".\n
This talk is available on YouTube.\n
\nTalk: https://www.youtube.com/watch?v=tvYpd6sbH2g\n
\n\'',NULL,69117),('1_Thursday','09','09:00','09:01','N','WLV','','\'DragonOS - How I kept busy during COVID19\'','\'cemaxecuter\'','WLV_3df29d454963ee0fd34065d03f802143','\'Title: DragonOS - How I kept busy during COVID19
\nWhen: Thursday, Aug 6, 09:00 - 09:01 PDT
\nWhere: Wireless Vlg
\n
SpeakerBio:cemaxecuter\n
\nI\'d rather keep my job experience private. I am from a small town, but have been all over. I\'ve met the developers of OpenWRT in Germany, developed my own line of dual mesh radios under the AWDMESH name, back when OpenMesh used the OM1P\'s, put together the ZoneMinder DVD using remastersys, and now fast forward I\'ve put all my effort during COVID19 into making the Linux distributions called DragonOS 10, DragonOS LTS, and DragonOS Focal specifically for SDRs. \n
I\'ve easily put hundreds and hundreds of hours into testing and making everything work along with making videos for YouTube in the hopes they\'ll help others develop a passion for Linux and SDRs. \n
A buddy of mine by the name of Rick from Wireless Village encouraged me to talk about DragonOS 10/LTS and now my latest work, DragonOS Focal.\n
\n\n
\nDescription:
\nIntro
\nWhy I started DragonOS
\nWhat is DragonOS
\nWhat problems and challenges I had to overcome\nWhat companies and developers helped and who donated equipment\n
This talk is available on YouTube.\n
\nTalk: https://www.youtube.com/watch?v=69k1Dmr2Ruk\n
\n\'',NULL,69118),('1_Thursday','09','09:00','09:01','N','WLV','','\'The Basics Of Breaking BLE v3\'','\'FreqyXin\'','WLV_d776a8f60a5e13e7fdd2789f3b958f78','\'Title: The Basics Of Breaking BLE v3
\nWhen: Thursday, Aug 6, 09:00 - 09:01 PDT
\nWhere: Wireless Vlg
\n
SpeakerBio:FreqyXin\n
\nMaxine is a US Army Veteran, and recent graduate from the University of Washington – Tacoma completing a degree in Information Assurance and Cybersecurity. She has experience as a Security Analyst hunting wireless threats and vulnerabilities, and currently works for IOActive as a Security Consultant applying her knowledge to help companies identify wireless risks within their environments and products. She has taught wireless security concepts as a guest lecturer at the University of Washington, a speaker at industry conferences, and as an outside consultant for the US Army. Maxine was also selected for the SANS Women’s Immersion Academy 2018 Cohort and holds the GSEC, GCIH, and GPEN GIAC certifications.
\n\n
\nDescription:
\nEvolving over the past twenty-two years, Bluetooth, especially Bluetooth Low Energy (BLE), has become the ubiquitous backbone modern devices use to perform low energy communications. From mobile, to IoT, to Auto, most smart devices now support Bluetooth connections, meaning that the attack vector is becoming an increasingly important aspect of security testing. This talk will breakdown the various phases of testing Bluetooth devices with an emphasis on sniffing BLE connections, spoofing devices, and exploiting GATT services. We will cover key components of the Bluetooth protocol stack, and the tools required to start testing BLE in your home, or as part of a Bluetooth pentest. This talk will also demonstrate that all you need to start testing BLE is an Android or iOS device, and a bit of curiosity. \n
This talk is available on YouTube.\n
\nTalk: https://www.youtube.com/watch?v=7giQCeNBJek\n
\n\'',NULL,69119),('1_Thursday','09','09:00','09:01','N','WLV','','\'wicked wardriving with gps and glonass\'','\'wytshadow\'','WLV_a8eb807ca005399aa009d29aa508f553','\'Title: wicked wardriving with gps and glonass
\nWhen: Thursday, Aug 6, 09:00 - 09:01 PDT
\nWhere: Wireless Vlg
\n
SpeakerBio:wytshadow\n
\nWytshadow is a wireless security researcher who learned RF fundamentals while working for Air Force Space Command. After transitioning to the civilian world, Wytshadow became a security consultant with a specialization in wireless security where he continues to perform independent research on wireless attacks and defensive strategies on existing and emerging wireless technologies. Wytshadow has presented on independent work in the past including the wireless pentesting framework SniffAir and he also presented on attacks against WPA3 OWE.
\n\n
\nDescription:
\nI\'ll begin the talk giving my experience working in Air Force Space Command and how they fly GPS satellites. GPS is only one constellation of “GPS†satellites in space. Several other countries have their own version of GPS. Russia has GLONASS, China has Beidou, Europe has Galileo, Japan and India also have their own satellite constellations. All these satellites speak a common language known as GNSS. With the correct dongle, NOT THE BU-353, you can receive location data from more than the US controlled GPS satellites in space, this gives you more reliable location data for war driving.\n
I’ll then go into a description of war driving with kismet and all the things kismet can collect on. I’ll then show off a dongle box I slapped together that is similar to El Kentaro’s kismet box. It is a pelican case with a 7 port, USB hub hot glued inside with holes drilled in it so antennas can be mounted externally.\n
After talking about wardriving, I’ll talk about uploading results to WiGLE or uploading a kismet pcapppi file to google earth to keep wardrive data private. This is how you can review actively collected war drive data, but what if you want to review the work that others have done? Enter wigleQuery (https://github.com/wytshadow/wigleQuery). Querying WiGLE through their web interface provides a weak user experience, the access points are hard to see, even when you zoom in, and getting additional details on each access point is not very intuitive. WigleQuery provides an easier way to query WiGLE for WiFi Access Points based on BSSID(s), ESSID(s), Lat/Long and plots the result on google maps using easy to see colors and also outputs the results in CSV format for further processing. This output data can also be used when asking WiGLE admins to have your access points removed from the WiGLE database.\n
I’ll conclude talking about future improvements to be made to wigleQuery.\n
This talk is available on YouTube.\n
\nTalk: https://www.youtube.com/watch?v=2h8H3XEgWvw\n
\n\'',NULL,69120),('2_Friday','20','20:00','20:59','N','VMV','','\'Live Q&A with Special Guests Regarding \"Kill Chain\"\'','\' \'','VMV_81c96b1e51d38b69ffd57e8f522f9e01','\'Title: Live Q&A with Special Guests Regarding \"Kill Chain\"
\nWhen: Friday, Aug 7, 20:00 - 20:59 PDT
\nWhere: Voting Vlg
\n
\nDescription:
\nExciting News for DEF CON Safe Mode! Voting Village and HBO have arranged for a limited time FREE access to the Kill Chain Documentary on YouTube! \n
In conjunction, the Voting Village will host a LIVE Q + A with SPECIAL GUESTS at 20:00 on FRIDAY August 7. \n
View the Q and A on the Voting Village Twitch and YouTube streams; there is ongoing discussion on Discord in #vmhv-talks-text, and you can submit questions at #vmhv-talks-questions-text.\n
\nMovie: https://www.youtube.com/watch?v=nQuwTdrVrg4\n
Village YouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Village Twitch: https://www.twitch.tv/votingvillagedc/about\n
Store: https://www.bonfire.com/store/eif/\n
#vmhv-talks-text: https://discord.com/channels/708208267699945503/737818386796511312\n
#vmhv-talks-questions-text: https://discord.com/channels/708208267699945503/737818504627093575\n
\n
\nYouTube: https://www.youtube.com/watch?v=GTiltX4vwLA\n
Twitch: https://www.twitch.tv/votingvillagedc\n
\'',NULL,69121),('2_Friday','10','10:00','10:59','N','ETV','','\'Federal Communications Commission\'','\'Comm. Geoffrey Starks\'','ETV_3f51d6a2492adcf56b03234d636942d0','\'Title: Federal Communications Commission
\nWhen: Friday, Aug 7, 10:00 - 10:59 PDT
\nWhere: Ethics Vlg
\n
SpeakerBio:Comm. Geoffrey Starks\n
\nNo BIO available
\n\n
\nDescription:
\nThis will be a pre-recorded talk.
\n
\nTwitch: https://www.twitch.tv/ethicsvillage\n
#ev-talks-voice: https://discord.com/channels/708208267699945503/730299696454696980\n
#ev-general-text: https://discord.com/channels/708208267699945503/732732980342030449\n
\'',NULL,69122),('2_Friday','12','12:00','12:59','N','ETV','','\'U.S. Privacy and Civil Liberties Oversight Board Member\'','\'Travis LeBlanc\'','ETV_d6d3cae0ac275b844515e9a57ba07bf9','\'Title: U.S. Privacy and Civil Liberties Oversight Board Member
\nWhen: Friday, Aug 7, 12:00 - 12:59 PDT
\nWhere: Ethics Vlg
\n
SpeakerBio:Travis LeBlanc\n
\nNo BIO available
\n\n
\nDescription:
\nThis will be a pre-recorded talk.
\n
\nTwitch: https://www.twitch.tv/ethicsvillage\n
#ev-talks-voice: https://discord.com/channels/708208267699945503/730299696454696980\n
#ev-general-text: https://discord.com/channels/708208267699945503/732732980342030449\n
\'',NULL,69123),('2_Friday','16','16:00','16:59','N','ETV','','\'Security of Election Systems: A contract case study in progress\'','\'Rim Boujnah\'','ETV_23e2e8f9a4b19b72cbc538dc152abd0e','\'Title: Security of Election Systems: A contract case study in progress
\nWhen: Friday, Aug 7, 16:00 - 16:59 PDT
\nWhere: Ethics Vlg
\n
SpeakerBio:Rim Boujnah\n
\nNo BIO available
\n\n
\nDescription:
\nThis will be a live talk.
\n
\nTwitch: https://www.twitch.tv/ethicsvillage\n
#ev-talks-voice: https://discord.com/channels/708208267699945503/730299696454696980\n
#ev-general-text: https://discord.com/channels/708208267699945503/732732980342030449\n
\'',NULL,69124),('3_Saturday','14','14:10','15:20','N','ETV','','\'Federal Trade Commision\'','\'Comm. Rohit Chopra\'','ETV_c781545f3a1a3f5f30addcd7f4fc15a2','\'Title: Federal Trade Commision
\nWhen: Saturday, Aug 8, 14:10 - 15:20 PDT
\nWhere: Ethics Vlg
\n
SpeakerBio:Comm. Rohit Chopra\n
\nNo BIO available
\n\n
\nDescription:
\nThis will be a 40-minute pre-recorded talk, followed by a 30-minute live Q&A session.
\n
\nTwitch: https://www.twitch.tv/ethicsvillage\n
#ev-talks-voice: https://discord.com/channels/708208267699945503/730299696454696980\n
#ev-general-text: https://discord.com/channels/708208267699945503/732732980342030449\n
\'',NULL,69125),('3_Saturday','15','14:10','15:20','Y','ETV','','\'Federal Trade Commision\'','\'Comm. Rohit Chopra\'','ETV_c781545f3a1a3f5f30addcd7f4fc15a2','\'\'',NULL,69126),('3_Saturday','15','15:20','16:30','N','ETV','','\'Food and Drug Administration\'','\'Jessica Wilkerson\'','ETV_776a9441cb1933999f0fb42a03109177','\'Title: Food and Drug Administration
\nWhen: Saturday, Aug 8, 15:20 - 16:30 PDT
\nWhere: Ethics Vlg
\n
SpeakerBio:Jessica Wilkerson\n
\nNo BIO available
\n\n
\nDescription:
\nThis will be a 40-minute pre-recorded talk, followed by a 30-minute live Q&A session.
\n
\nTwitch: https://www.twitch.tv/ethicsvillage\n
#ev-talks-voice: https://discord.com/channels/708208267699945503/730299696454696980\n
#ev-general-text: https://discord.com/channels/708208267699945503/732732980342030449\n
\'',NULL,69127),('3_Saturday','16','15:20','16:30','Y','ETV','','\'Food and Drug Administration\'','\'Jessica Wilkerson\'','ETV_776a9441cb1933999f0fb42a03109177','\'\'',NULL,69128),('3_Saturday','16','16:30','17:40','N','ETV','','\'TechCongress\'','\'Leisel Bogan\'','ETV_daef3e26e4280ff807195a9798af3745','\'Title: TechCongress
\nWhen: Saturday, Aug 8, 16:30 - 17:40 PDT
\nWhere: Ethics Vlg
\n
SpeakerBio:Leisel Bogan\n
\nNo BIO available
\n\n
\nDescription:
\nThis will be a 40-minute pre-recorded talk, followed by a 30-minute live Q&A session.
\n
\nTwitch: https://www.twitch.tv/ethicsvillage\n
#ev-talks-voice: https://discord.com/channels/708208267699945503/730299696454696980\n
#ev-general-text: https://discord.com/channels/708208267699945503/732732980342030449\n
\'',NULL,69129),('3_Saturday','17','16:30','17:40','Y','ETV','','\'TechCongress\'','\'Leisel Bogan\'','ETV_daef3e26e4280ff807195a9798af3745','\'\'',NULL,69130),('4_Sunday','10','10:00','10:59','N','ETV','','\'Blackmail, Extortion and the Ethics of Disclosure\'','\'Michael Antonino\'','ETV_92aaa12609b11386da6411c99f81e9c4','\'Title: Blackmail, Extortion and the Ethics of Disclosure
\nWhen: Sunday, Aug 9, 10:00 - 10:59 PDT
\nWhere: Ethics Vlg
\n
SpeakerBio:Michael Antonino\n
\nNo BIO available
\n\n
\nDescription:
\nThis will be a live talk.
\n
\nTwitch: https://www.twitch.tv/ethicsvillage\n
#ev-talks-voice: https://discord.com/channels/708208267699945503/730299696454696980\n
#ev-general-text: https://discord.com/channels/708208267699945503/732732980342030449\n
\'',NULL,69131),('3_Saturday','22','22:45','23:59','N','RTV','','\'Weaponized XSS - Moving Beyond Alert(1)\'','\'Ray Doyle\'','RTV_a023977bf7657003cd986de88b7512ae','\'Title: Weaponized XSS - Moving Beyond Alert(1)
\nWhen: Saturday, Aug 8, 22:45 - 23:59 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Ray Doyle\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,69132),('3_Saturday','23','22:45','23:59','Y','RTV','','\'Weaponized XSS - Moving Beyond Alert(1)\'','\'Ray Doyle\'','RTV_a023977bf7657003cd986de88b7512ae','\'\'',NULL,69133),('1_Thursday','16','16:45','17:45','N','RTV','','\'Zero Trust - A Vision for Securing Cloud and Redefining Security\'','\'Vandana Verma Sehgal\'','RTV_808b9e5e39f7877043da9f6a897cbb06','\'Title: Zero Trust - A Vision for Securing Cloud and Redefining Security
\nWhen: Thursday, Aug 6, 16:45 - 17:45 PDT
\nWhere: Red Team Vlg
\n
SpeakerBio:Vandana Verma Sehgal\n
\nNo BIO available
\nTwitter: @InfosecVandana
\n\n
\nDescription:No Description available
\n
Red Team Village events will be streamed to YouTube and Twitch.\n
\nTwitch: https://www.twitch.tv/redteamvillage\n
\'',NULL,69134),('1_Thursday','17','16:45','17:45','Y','RTV','','\'Zero Trust - A Vision for Securing Cloud and Redefining Security\'','\'Vandana Verma Sehgal\'','RTV_808b9e5e39f7877043da9f6a897cbb06','\'\'',NULL,69135),('2_Friday','11','11:00','11:20','N','CLV','','\'Opening Keynote\'','\'\'','CLV_bd11715c8727120138a9d29f8ac8ac5b','\'Title: Opening Keynote
\nWhen: Friday, Aug 7, 11:00 - 11:20 PDT
\nWhere: Cloud Vlg
\n
\nDescription:No Description available
\n\'',NULL,69136),('2_Friday','11','11:20','12:05','N','CLV','','\'IAM Concerned: OAuth Token Hijacking in Google Cloud (GCP)\'','\'Jenko Hwong\'','CLV_e360f494e20ab923bbd28acab6370129','\'Title: IAM Concerned: OAuth Token Hijacking in Google Cloud (GCP)
\nWhen: Friday, Aug 7, 11:20 - 12:05 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Jenko Hwong\n
\nJenko Hwong is on the Threat Research Team at Netskope, focusing on cloud threats/vectors. He\'s spent time in engineering and product roles at various security startups in vulnerability scanning, AV/AS, pen-testing/exploits, L3/4 appliances, threat intel, and windows security.
\nTwitter: @jenkohwong
\n\n
\nDescription:
\nImagine you\'ve protected your production Google Cloud environment from compromised credentials, using MFA and a hardware security key. However, you find that your GCP environment has been breached through hijacking of OAuth session tokens cached by gcloud access. Tokens were exfiltrated and used to invoke API calls from another host. The tokens were refreshed by the attacker and did not require MFA. Detecting the breach via Strackdriver was confusing, slowing incident response. And revoking the active OAuth sessions required finding OAuth tokens from logs and using a REST API call, causing further delays in remediation.\n
This talk will demonstrate a compromised credential attack in Google Cloud Platform by:\n
\n - hijacking cached OAuth tokens stored on a GCP administrator\'s client machine and\n
- reusing existing gcloud CLI sessions to gain access to multiple GCP environments\n
- showing that MFA does not apply to OAuth token refreshes for cached credentials (only the initial login)
\nThe POC takes advantage of several issues with GCP IAM design or configuration: OAuth tokens are cached and unencrypted, allowing easy access once the client endpoint has been exploited.\n
\n - Tokens can have long or no expiration, allowing potentially long time windows for compromise.\n
- The attacker can easily refresh tokens, allowing persistence.\n
- Token refresh does not require MFA making it easy to maintain persistence, creating a false sense of security when MFA is enabled.\n
- Authentication and Access policies are defined in different admin areas, are confusing, and easily misconfigured.\n
- Configuring Stackdriver Logging is confusing, leading to slow or ineffective incident response.\n
- OAuth tokens cannot be revoked easily making remediation difficult.
\nWe will discuss various approaches and challenges to defending:\n
\n - Prevention
\n - MFA is not required to refresh the OAuth token\n
- Google cloud session timeout (GSuite Admin)\n
- IP whitelisting (using VPC Service Controls and Access Context Manager)\n
- Explicit client-side revokes (manual)\n
\n - Detection
\n - Stackdriver logging data access events must be enabled for all services or else the abuse of OAuth tokens will not be logged and remediation will not be possible.\n
- Periodic audit checks on the logs or IAM configurations can be somewhat useful for compliance, but are not real-time so are of limited use for detection.\n
\n - Remediation
\n - OAuth tokens can be revoked, but there are caveats:\n+ \"\"gcloud auth revoke\"\" only works on the compromised user\'s endpoint and requires the user account in order to look up the locally cached OAuth token. This will fail if the attacker deletes the gcloud credential cache.\n+ A REST API revoke call works and requires the OAuth token, so reliable logging and event parsing must be implemented to ensure tokens can be extracted quickly for IR.\n
- Deletion of user accounts has a huge impact.\n
- Browser sessions can be revoked but does not apply to Google Cloud sessions.
\n
\n\n\'',NULL,69137),('2_Friday','12','11:20','12:05','Y','CLV','','\'IAM Concerned: OAuth Token Hijacking in Google Cloud (GCP)\'','\'Jenko Hwong\'','CLV_e360f494e20ab923bbd28acab6370129','\'\'',NULL,69138),('2_Friday','12','12:05','12:50','N','CLV','','\'Ransom in the Cloud\'','\'Spencer Gietzen\'','CLV_66401bdf3e92cf3ce297d8f7183d45aa','\'Title: Ransom in the Cloud
\nWhen: Friday, Aug 7, 12:05 - 12:50 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Spencer Gietzen\n
\nSpencer Gietzen comes from a background in web development and penetration testing. He is now a Cloud Security Researcher at CrowdStrike, spearheading research and development of new and upcoming cloud threats. Spencer has published a variety of research blogs and developed cloud security tools for the open source community, such as Pacu, an offensive AWS pentesting framework.
\nTwitter: @SpenGietz
\n\n
\nDescription:
\nTraditional ransomware has become a popular tool for cybercriminals to make their buck and has cost a variety of industries hundreds of millions to billions of dollars in recent years. As trends change and corporations move from traditional data centers to cloud environments like AWS, GCP, and Azure, adversaries are adapting their techniques to match the new climate. Because of this, attackers abusing cloud APIs rather than host/network-based commands are becoming more prevalent. This talk explores the services most likely to be targeted by ransomware in AWS cloud, techniques that attackers may use, and preventative/detective measures to assist the blue team.\n
Spencer Gietzen comes from a background in web development and penetration testing. He is now a Cloud Security Researcher at CrowdStrike, spearheading research and development of new and upcoming cloud threats. Spencer has published a variety of research blogs and developed cloud security tools for the open source community, such as Pacu, an offensive AWS pentesting framework. \n
\n\'',NULL,69139),('2_Friday','12','12:50','13:25','N','CLV','','\'Static analysis of Infrastructure as code: Terraform, Kubernetes, Cloudformation and more!\'','\'Barak Schoster\'','CLV_6c177e32c058bb084e9fa9e0db229076','\'Title: Static analysis of Infrastructure as code: Terraform, Kubernetes, Cloudformation and more!
\nWhen: Friday, Aug 7, 12:50 - 13:25 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Barak Schoster\n
\nBarak Schosteris CTO and Co-founder at Bridgecrew, working from Tel Aviv, Israel, Helping teams secure cloud infrastructure. Often contributing to open source projects including Checkov, AirIAM, Terragoat, Prowler, and others. He has previously worked for RSA focused on cybersecurity machine learning and big data architecture as well as at Fortscale and IDF tech unit. When not writing code or Barak loves to drink coffee and wine (but not at the same time).
\nTwitter: @BarakSchoster
\n\n
\nDescription:
\nPlanning, provisioning, and changing infrastructure are becoming vital to rapid cloud application development. Incorporating infrastructure-as-code into software development promotes transparency and immutability and helps prevent bad configurations upstream.\n
About this talk: Planning, provisioning, and changing infrastructure are becoming vital to rapid cloud application development. Incorporating infrastructure-as-code into software development promotes transparency and immutability and helps prevent bad configurations upstream.\n
In this talk:\n
We\'ll cover the current state of infrastructure security in the open source registries.\n
From there we will continue to discuss best practices for writing, testing, and maintaining infrastructure at scale, keeping the infrastructure code secured using open source scanners.\n
We will cover infrastructure security use cases like encryption, public-facing data entities and plain text secrets, And will show how to find those using policy as code.\n
Based on the open source tool:\n
https://github.com/bridgecrewio/checkov/tree/master/docs\n
And the training resources:\n
https://github.com/bridgecrewio/terragoat/\nhttps://github.com/madhuakula/kubernetes-goat\n
\n\'',NULL,69140),('2_Friday','13','12:50','13:25','Y','CLV','','\'Static analysis of Infrastructure as code: Terraform, Kubernetes, Cloudformation and more!\'','\'Barak Schoster\'','CLV_6c177e32c058bb084e9fa9e0db229076','\'\'',NULL,69141),('2_Friday','13','13:25','14:10','N','CLV','','\'Can\'t Touch This: Detecting Lateral Movement in Zero-Touch Environments\'','\'Phillip Marlow\'','CLV_96cbc1722dfe2e0a4e4ff4df848c97c7','\'Title: Can\'t Touch This: Detecting Lateral Movement in Zero-Touch Environments
\nWhen: Friday, Aug 7, 13:25 - 14:10 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Phillip Marlow\n
\nPhillip Marlow is a cybersecurity and DevOps engineer. He helps organizations understand how to adopt DevOps practices to increase their security rather than sacrifice it in the name of speed. Phillip holds several security, cloud, and agile certifications and is currently pursuing a Master’s Degree in Information Security Engineering at SANS Technology Institute.
\nTwitter: @wolramp
\n\n
\nDescription:
\nAttackers frequently use valid accounts to access servers with sensitive data. This gives them ninja-like stealth in most environments, but this session will show you how to turn the tables and use a zero-touch environment to catch them.\n
Zero-touch environments are a product of the fast-moving world of DevOps which is being adopted by an increasing number of successful companies including Google. This session will show that by leveraging the constraints of this environment, we can identify malicious network traffic which would otherwise blend into the noise.\n
This proposal is based on active research and new details may emerge during preparation of the final session. A brief overview of expected included topics:\n
• Why care about DevOps and Zero-Touch?\n• How application servers are deployed in traditional environments\n• What lateral movement with valid credentials looks like in traditional environments\n• How deployment works in Zero-Touch environments\n• What lateral movement with valid credentials looks like in zero-touch\n• Detecting the lateral movement with existing network sensors\n
\n\'',NULL,69142),('2_Friday','14','13:25','14:10','Y','CLV','','\'Can\'t Touch This: Detecting Lateral Movement in Zero-Touch Environments\'','\'Phillip Marlow\'','CLV_96cbc1722dfe2e0a4e4ff4df848c97c7','\'\'',NULL,69143),('2_Friday','14','14:10','16:30','N','CLV','','\'Peeling Back the Layers and Peering Through the Clouds with Security Onion\'','\'Wes Lambert\'','CLV_3646c8a9a93ecd45f12b9a41dae10287','\'Title: Peeling Back the Layers and Peering Through the Clouds with Security Onion
\nWhen: Friday, Aug 7, 14:10 - 16:30 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Wes Lambert\n
\nWes Lambert is a Senior Engineer at Security Onion Solutions, where he helps companies to implement enterprise security monitoring solutions and better understand their computer networks. Wes is a huge fan of open source software projects, and loves to solve problems and enhance organizational security using completely free and easily deploy-able tools.
\nTwitter: @therealwlambert
\n\n
\nDescription:
\nPeeling Back the Layers and Peering Through the Clouds with Security Onion\nAs the number of production assets and workloads transition to cloud, it is more important than ever to be able to understand the \"\"goings-on\"\" of these type of environments. Unfortunately, many organizations still have little visibility into cloud infrastructure. Vendor-specific solutions can be cost-prohibitive, and don\'t always offer a complete solution for security monitoring. In this session, we\'ll discuss how we can better defend cloud environments by leveraging Security Onion, a completely free and open source platform for intrusion detection, enterprise security monitoring, and log management. By using Security Onion, we can pierce the veil of the cloud, and gain better visibility to facilitate threat detection, identify application misconfigurations, and assist with compliance-related efforts. Attendees should walk away with a firm grasp of the platform, understanding how they can utilize Security Onion to improve their organization\'s security posture, and make their adversaries cry.\n
\n - Outline
\n
\n(1) Cloud
\n (a) Assets/Data
\n (b) Threats
\n (c) Monitoring Challenges
\n(2) Introduction to Security Onion
\n (a) Components
\n (b) Data types
\n(3) Security Onion in the Cloud
\n (a) Facilitating cloud-based intrustion detection and monitoring with traffic mirroring\n (b) Ingesting telemetry from external/vendor-specific sources\n(4) Automating the Onion
\n (a) Automating Security Onion Deployment\n
This talk assumes you have secured your individual AWS accounts at the basic level by locking down your root accounts with 2FA, and etc.\n
For more details on the workshop pre-requisites, please refer the following link:\nhttps://docs.google.com/document/d/1kYHM3B3Opok4UXZALBKdYsJppPhNbBMUovNR4dclnhg/edit?usp=sharing\n
\n\'',NULL,69144),('2_Friday','15','14:10','16:30','Y','CLV','','\'Peeling Back the Layers and Peering Through the Clouds with Security Onion\'','\'Wes Lambert\'','CLV_3646c8a9a93ecd45f12b9a41dae10287','\'\'',NULL,69145),('2_Friday','16','14:10','16:30','Y','CLV','','\'Peeling Back the Layers and Peering Through the Clouds with Security Onion\'','\'Wes Lambert\'','CLV_3646c8a9a93ecd45f12b9a41dae10287','\'\'',NULL,69146),('3_Saturday','11','11:00','11:45','N','CLV','','\'Least privilege using infrastructure as code\'','\'Nimrod Kor\'','CLV_404f6ac479374b726f50cf4b9704d63d','\'Title: Least privilege using infrastructure as code
\nWhen: Saturday, Aug 8, 11:00 - 11:45 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Nimrod Kor\n
\nNimrod cloud security engineers team lead. He is an open source contributor to various AWS security projects and also part of Bridgecrew\'s founding team. A believer in terraform as a security enabler.
\n\n
\nDescription:
\nSecurity teams in the cloud are faced with an overwhelming amount of information to process in order to keep their environments secure. Keeping up with everything manually is a difficult, never-ending task where failure can have high consequences. Permissions management can be a time-consuming task, and as a security engineer, you’d often ask your self “how should have access to what?†, “who have access it in the past?†and “Is it OK to remediate those excessive permissions or would it cause a downtime?“.\n
In this talk, we will demonstrate a method to automatically secure a live AWS IAM environment to a specific, less-permissive role that best fits the access pattern using the open-source tool: https://github.com/bridgecrewio/AirIAM/ . At the end of the talk, we will have a result in Terraform code with a much smaller attack surface and reduced risk.\n
\nYouTube: https://www.youtube.com/watch?v=gwBG_oKDINQ\n
#cloudv-general-text: https://discord.com/channels/708208267699945503/732733373172285520\n
\n\'',NULL,69147),('3_Saturday','11','11:45','12:30','N','CLV','','\'How Blue Penetrates You\'','\'Dani Goland,Mohsan Farid\'','CLV_9eda6431953fec9bd979e3ba403e21f8','\'Title: How Blue Penetrates You
\nWhen: Saturday, Aug 8, 11:45 - 12:30 PDT
\nWhere: Cloud Vlg
\nSpeakers:Dani Goland,Mohsan Farid
\n
SpeakerBio:Dani Goland\n
\nDani Goland, at the age of 20 he founded his own boutique company for innovative software and hardware solutions. He is a certified AWS Cloud Solutions Architect. While gaining experience in business and finance, Dani did not neglect his hands-on capabilities in both making and breaking systems. Dani recently relocated from Israel to the United States to study Data Science at the prestigious UC Berkeley. During his studies, Dani founded VirusBay, a collaborative malware research community that skyrocketed amongst the global security community with over 2500 researchers. Dani spoke at numerous cybersecurity conferences such as BlackHat USA, CodeBlue Japan, CONfidence, SEC-T, and more. After serving in the Israeli Defense Forces as a commander of a Field Intelligence unit, Dani went on an 8-month journey across South America. He loves snowboarding, music concerts, and having crazy, breathtaking experiences such as spending 5 days in the Bolivian Jungle with no food or water.
\nTwitter: @DaniGoland
\n
SpeakerBio:Mohsan Farid\n
\nMohsan has over 13 years of experience in the cyber security game. Mohsan has ran the gamut in the security space: from penetration testing as a Rapid7 consultant, pen testing for numerous federal agencies, hacking mobile applications, pentesting Fortune 500 companies, and speaking at cybersecurity conferences such as Defcon, Sec-T, Black Alps, and others. Mohsan’s traveled to over 100 countries and counting. When he isn’t isn\'t breaking into things, he likes to travel the globe in search of incredible surf, scuba diving, rock climbing, hiking, and is an avid yogi.
\n\n
\nDescription:
\nWhen we started taking a proactive approach to blue teaming, the number of daily scans by automated vulnerability scanners dropped immensely.\n
In this talk, we will present the mindset we found useful and the techniques we used to make scanning our applications and infrastructure a slow and manual process.\n
Starting with blocking path and subdomain enumeration with a couple of lines on the proxy bombarding the banners with randomized content that is not differentiable from real content.\n
Next, we will simulate known vulnerabilities in a subtle way, allowing attackers to connect, pivot, perform lateral movement, and let them exfiltrate terabytes of useless data, wasting their time, resources, and letting your systems fingerprint their TTPs and IOCs\n
We had a blast presenting at the cloud village last year, and we have many interesting things cooking for this year!\n
\nYouTube: https://www.youtube.com/watch?v=gwBG_oKDINQ\n
#cloudv-general-text: https://discord.com/channels/708208267699945503/732733373172285520\n
\n\'',NULL,69148),('3_Saturday','12','11:45','12:30','Y','CLV','','\'How Blue Penetrates You\'','\'Dani Goland,Mohsan Farid\'','CLV_9eda6431953fec9bd979e3ba403e21f8','\'\'',NULL,69149),('3_Saturday','12','12:30','13:15','N','CLV','','\'21 Jump Server: Going Bastionless in the Cloud\'','\'Colin Estep\'','CLV_421eee273547679cd98b97e1dc1191e3','\'Title: 21 Jump Server: Going Bastionless in the Cloud
\nWhen: Saturday, Aug 8, 12:30 - 13:15 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Colin Estep\n
\nColin Estep is currently a threat researcher at Netskope focused on AWS and GCP. Colin was previously the CSO at Sift Security (acquired by Netskope), where he helped move the product towards breach detection for IaaS. He was a senior engineer on the security teams at Netflix and Apple before joining Sift. He was also a FBI Agent specializing in Cyber crime, where he spent a fair amount of time coordinating with other countries to locate and arrest malware authors and botnet operators.
\nTwitter: @colinestep
\n\n
\nDescription:
\nIf you are a customer of AWS, Azure, or GCP, you may have deployed your own bastion hosts to provide RDP or SSH access to your virtual machines. While bastions help to protect your infrastructure, there are challenges that come along with them, such as managing the identities, obtaining logs, and preventing SSH multiplexing attacks.\n
In this talk, we will briefly review bastion hosts and some of their shortcomings, as well as the SSH multiplexing attack. The SSH multiplexing attack uses a feature of SSH to pivot from a compromised laptop to your bastion hosts. From there, the attacker could use this feature to compromise other users and gain access to your virtual machines hosted in the cloud.\n
Finally, we’ll show you services that provide access to your virtual machines in all three major cloud providers that eliminate the need for bastion hosts. Some providers have more than one alternative. However, this presentation will not present all of the alternatives. It is focused on the services that generally take the following approach:\n
Users authenticate to the access service with their Identity and Access Management (IAM) credentials for the cloud provider.\nOnce authenticated, the cloud service creates an encrypted tunnel with port forwarding, which runs SSH or RDP for the user.\n
The benefits of this approach include:
\nPublic IP addresses are not required in order to access the virtual machines.\nIt eliminates the possibility of compromising an entire organization with SSH multiplexing attacks.\nIn some cases, disabling a user’s IAM credentials also removes SSH or RDP access.\nCloud audit logs will capture metadata for RDP or SSH sessions, and in some cases, full session logs are easy to collect through the provider’s service.\nWe’ll cover Session Manager in AWS, OS Login and Identity-Aware Proxy (IAP) in GCP, and the Bastion Service in Azure. You’ll see how the services work, how they help with identity management, and where to find the SSH sessions in logs.\nIf you are migrating to any of these platforms, this could save you from having to go through the pain of deploying your own solutions!\n
\nYouTube: https://www.youtube.com/watch?v=gwBG_oKDINQ\n
#cloudv-general-text: https://discord.com/channels/708208267699945503/732733373172285520\n
\n\'',NULL,69150),('3_Saturday','13','12:30','13:15','Y','CLV','','\'21 Jump Server: Going Bastionless in the Cloud\'','\'Colin Estep\'','CLV_421eee273547679cd98b97e1dc1191e3','\'\'',NULL,69151),('3_Saturday','13','13:15','13:59','N','CLV','','\'Cloud Frontier\'','\'Setu Parimi\'','CLV_52bf71d6bb7f2350bd32721bebba1c3a','\'Title: Cloud Frontier
\nWhen: Saturday, Aug 8, 13:15 - 13:59 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Setu Parimi\n
\nSetu Parimi is a Cloud Security Architect with specialization towards defense-in-depth and incident response in the cloud-native environments.
\nTwitter: @setuparimi
\n\n
\nDescription:
\nCloud Frontier is a security monitoring tool for Internet Facing Assets in AWS, GCP, and Azure. It can be quickly deployed into AWS and will periodically enumerate internet-facing IP addresses, Domain Names, Block Storages, CDNs, and Object Storage resources from AWS, GCP, and Azure.\n
The results from this enumeration process are pushed into a DynamoDB and then are sent to analyzers using an asynchronous queuing system. Analyzers use Shodan, VirusTotal, URLScan.io, Mozilla Observatory, and whois to provide insights around the following:\n
-Web Reputation
\n-IP Reputation
\n-DNS Information
\n-GeoIP Information
\n-IP and Domain Blacklist check etc
\nLicense: MIT License\n
\nYouTube: https://www.youtube.com/watch?v=gwBG_oKDINQ\n
#cloudv-general-text: https://discord.com/channels/708208267699945503/732733373172285520\n
\n\'',NULL,69152),('3_Saturday','14','14:00','14:45','N','CLV','','\'Attacking the Helmsman\'','\'Mohit Gupta\'','CLV_9b4e75b35db56701f8a9895fc3487053','\'Title: Attacking the Helmsman
\nWhen: Saturday, Aug 8, 14:00 - 14:45 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Mohit Gupta\n
\nMohit has been a Security Consultant at F-Secure Consulting (previously known as MWR InfoSecurity) for the past four years with one of his specialiastions in containerisation and orchestration technologies. Mohit leads the delivery of security services in these areas, and has been involved in a wide variety of offensive and defensive security engagements involving Docker, Docker Swarm and Kubernetes. In addition to this, he has developed and led training both externally and internally for these areas.
\nTwitter: @_Skybound
\n\n
\nDescription:
\nKubernetes is rapidly growing in popularity and is the most popular technology for container orchestration. However, it also brings its own set of challenges and security issues which may lead to novel or unexpected attack scenarios. This talk aims to go over various areas of Kubernetes security and ways that Kubernetes features could be leveraged by an attacker. It will review the core architecture and functionality of Kubernetes from a security perspective, and cover most of the common Kubernetes security features, including Pod Security Policies, Network Policies, and RBAC.\n
These discussions will be underlined by examples of attack paths that have been found in real-world environments, discussing how it was possible to exploit misconfigurations to escalate privileges with the end goal of compromising the cluster and breaking out into the broader environment.\n
\nYouTube: https://www.youtube.com/watch?v=gwBG_oKDINQ\n
#cloudv-general-text: https://discord.com/channels/708208267699945503/732733373172285520\n
\n\'',NULL,69153),('3_Saturday','14','14:45','15:30','N','CLV','','\'SaaSpocalypse - The Complexity and Power of AWS Cross Account Access\'','\'Alexandre Sieira\'','CLV_cd50542a8b15d59b632483f097a00419','\'Title: SaaSpocalypse - The Complexity and Power of AWS Cross Account Access
\nWhen: Saturday, Aug 8, 14:45 - 15:30 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Alexandre Sieira\n
\nAlexandre (or Alex) Sieira is a successful information security entrepreneur in the information security field with a global footprint since 2003. He began his security career as a Co-Founder and CTO of CIPHER, an international security consulting and MSSP headquartered in Brazil which was later acquired by Prosegur. In 2015, he became Co-Founder and CTO of Niddel, a bootstrapped security analytics SaaS startup running entirely on the cloud, which was awarded a Gartner Cool Vendor award in 2016. After the acquisition of Niddel by Verizon in January 2018, he became the Senior manager and global leader of the Managed Security Services - analytics products under the Detect & Respond portfolio tower at Verizon.\n
Currently is the Founder of Tenchi Security, a startup focused on cloud security headquartered in Brazil.\n
Alexandre is an experienced conference speaker in English and Brazilian Portuguese, with previous talks accepted at Black Hat, BSides San Francisco, FIRST Conference and local Latin American conferences. \n
\nTwitter: @AlexandreSieira
\n\n
\nDescription:
\nAWS is a very complex and ever-changing platform, which presents a challenge to defenders and an opportunity for attackers. Among some of the most complex and powerful features of AWS is its IAM functionality, which allows for very granular control but is famously complex to learn and set up.\n
One the features of access control in AWS is that AWS accounts are a self-contained unit of processing, storage and access control. Given how AWS itself recommends segregation across accounts as a best practice, and the fact that many SaaS vendors request access to their customers\' accounts in order to perform their services, this presents a challenge.\n
In this talk we will present in detail the policy-fu needed in order to securely allow principals from one account to perform actions on another, both inside different accounts in an organization but especially from the perspective of a SaaS provider that needs to access hundreds or thousands of customer accounts. Existing research on defenses and possible attacks will be presented and demonstrated to illustrate the concepts.\n
SaaS vendors like \"\"single pane of glass\"\" offerings, multi-cloud solutions and CSPM offerings are huge concentrators of risk since they have access to potentially thousands of customer AWS accounts. By exploring how this access can be uniquely secured due to capabilities only AWS provides and how vendors can fail at this we hope to allow attendees to better understand the risks of using these services, and also help service providers mitigate them.\n
\nYouTube: https://www.youtube.com/watch?v=gwBG_oKDINQ\n
#cloudv-general-text: https://discord.com/channels/708208267699945503/732733373172285520\n
\n\'',NULL,69154),('3_Saturday','15','14:45','15:30','Y','CLV','','\'SaaSpocalypse - The Complexity and Power of AWS Cross Account Access\'','\'Alexandre Sieira\'','CLV_cd50542a8b15d59b632483f097a00419','\'\'',NULL,69155),('3_Saturday','15','15:30','17:30','N','CLV','','\'Discovering Cloud File Storage Artifacts\'','\'Michael Wylie\'','CLV_915bedc5ef65ab0b97804cfecd88536d','\'Title: Discovering Cloud File Storage Artifacts
\nWhen: Saturday, Aug 8, 15:30 - 17:30 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Michael Wylie\n, Director of Cybersecurity Services, Richey May Technology Solution
\nMichael Wylie (Twitter: @TheMikeWylie), MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GMON, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more.
\nTwitter: @TheMikeWylie
\n\n
\nDescription:
\nOrganizational data is rapidly moving to the cloud, but it\'s not always intentional. The shift from on-premise data storage to the cloud constitutes a significant challenge and risk to the modern enterprise. The use of cloud file storage applications is on the rise for both consumer and business systems, which results in interesting data and metadata siting on endpoints. In this talk, we\'ll examine the large footprints of popular cloud file storage applications such as OneDrive and Box - learning what information can be enumerated from each cloud file storage solution. In some scenarios, data can be carved out from cache, restoring sensitive documents no longer on an endpoint.\n
Attendees will:\n
\n - Understand why it\'s critical to investigate cloud file storage applications during an incident\n
- Learn what files are available to examiners during an incident (e.g. local, cloud, deleted, and cached)\n
- See what kind of cloud file storage user activity can be audited\n
- Be introduced to two scenarios of unauthorized data transfer to investigate\n
- Be introduced to where and how different cloud file storage applications log\n
- Learn how to examine incidents with suspected data exfiltration using corporate issued and person cloud file storage use
\nThe slides and labs will take a deep dive into Microsoft OneDrive, Google Drive, Dropbox, Box, and Citrix ShareFile to first understand what is known about the applications and artifacts left behind, then move into hands-on labs to analyze registry keys, log files, and other traces left behind by the applications.\n
\nYouTube: https://www.youtube.com/watch?v=gwBG_oKDINQ\n
#cloudv-general-text: https://discord.com/channels/708208267699945503/732733373172285520\n
\n\'',NULL,69156),('3_Saturday','16','15:30','17:30','Y','CLV','','\'Discovering Cloud File Storage Artifacts\'','\'Michael Wylie\'','CLV_915bedc5ef65ab0b97804cfecd88536d','\'\'',NULL,69157),('3_Saturday','17','15:30','17:30','Y','CLV','','\'Discovering Cloud File Storage Artifacts\'','\'Michael Wylie\'','CLV_915bedc5ef65ab0b97804cfecd88536d','\'\'',NULL,69158),('4_Sunday','11','11:00','11:45','N','CLV','','\'Cloud host base strategy by staging defensive tools for Threat Hunting and Forensics\'','\'Michael Mimo\'','CLV_4926b48376001e37f86917892526274e','\'Title: Cloud host base strategy by staging defensive tools for Threat Hunting and Forensics
\nWhen: Sunday, Aug 9, 11:00 - 11:45 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Michael Mimo\n
\nNo BIO available
\nTwitter: @securitydevops
\n\n
\nDescription:
\nCloud instance forensic acquisition presents certain challenges to forensics teams. Traditional forensic methods usually are not effective in the cloud. Access and networks are designed differently than in an on-premise Data Center. Forward thinking strategies need to be implemented so that Incident Response Cyber teams can effectively use forensically sound methods to examine artifacts on hosts.\n
My talk is about how to prepare your organization for forensic acquisitions in a cloud infrastructure. I will quickly cover how to prepare a fleet of systems for memory and physical disk forensics. The targets are AWS EC2 instances but could be applied to any other cloud providers host provisioning infrastructure. I will focus on the process and infrastructure required to do this level of inspection. By the end you will be able to apply these strategies to activities such as Threat Hunting.\n
Many organizations struggle with implementing Threat Hunting programs with orchestration in mind to capture memory and disk level forensics. How does a Cyber team respond to an alert they receive from a cloud host? How can they quickly collect artifacts for further forensic inspection? Last, how can you best secure the forensics infrastructure from where you launch the orchestrated forensic examiner systems?\n
The first part of my talk will describe the infrastructure required to be in the place to support forensic orchestration. I will outline a strategy: servers, tools, storage, and protective measures to ensure that forensic activities are conducted behind a cloud of secrecy. Maintaining stealth mode is critically important to enabling the forensic team to do their job while the business is not impacted by the investigative activities.\n
In the second part, we will examine the pipeline process to implement solutions in EC2 instances with pre-configured memory and acquisition tools ready to be tapped into by the forensic team. I will discuss some of the challenges encountered when conducting forensics with the different AWS hypervisor solutions.\n
As a result, testing each design of the Linux instances with your forensics tools is an important part of the process. Do not expect the forensic tools to work seamlessly when the architecture teams switch fundamental infrastructure designs. Each phase of the AMI delivery pipeline needs to be tested and verified that the Cyber team can continue to perform their investigations without running into challenges during a real incident. Do not wait until forensics is really needed to only find out that the tools designed did not perform their job.\n
\nYouTube: https://www.youtube.com/watch?v=DSipgVlsAfo\n
#cloudv-general-text: https://discord.com/channels/708208267699945503/732733373172285520\n
\n\'',NULL,69159),('4_Sunday','11','11:45','12:30','N','CLV','','\'Remediation Framework - Auto respond to AWS nightmares.\'','\'Sahir Khan,Justin Paglierani\'','CLV_dbb8b3de373cf2fd91fb5d5127d4e5a0','\'Title: Remediation Framework - Auto respond to AWS nightmares.
\nWhen: Sunday, Aug 9, 11:45 - 12:30 PDT
\nWhere: Cloud Vlg
\nSpeakers:Sahir Khan,Justin Paglierani
\n
SpeakerBio:Sahir Khan\n
\nSahir Khan is Senior Security Engineer at Flatiron Health focused on Cloud Security and has deep interests in Security automation.
\n
SpeakerBio:Justin Paglierani\n
\nJustin Paglierani is a Staff Security Engineer at Flatiron Health. Prior to Flatiron, Justin worked at Bishop Fox and within the Federal Reserve System.
\n\n
\nDescription:
\nRemediation Framework is event driven, near real time, multi account, serverless platform which identifies and remediates AWS security issues to ensure AWS usage is in compliance with a set of rules. Major focus is on remediations for misconfigurations which could make resources(ec2-ami,snapshots, s3, redshift, rds..) publicly exposed, making it low lift for attackers to get foothold or data exfiltration. The framework is easily customizable, giving the ability to add new modules for AWS resources you want to watch for/automatically fix, when they become non compliant.\n
This talk will be structured as below:\n
Introductions (1-2 minutes): Brief bio of what we do.\nBackground (3 minutes): Introduction to the problem statement which led us to work on automated remediation.\nFirst iteration - Independent Lambda for remediation of each resource and the challenges we faced.\nIntroduction to the Framework: (5 minutes) A walkthrough of the framework, how it is pieced together to support event driven remediation for multiple AWS accounts and regions.\nDemo and Q&A (10 minutes): We will open source and demo the Remediation Framework by making few AWS resources publicly exposed and letting the remediation framework fix it automatically.\n
\nYouTube: https://www.youtube.com/watch?v=DSipgVlsAfo\n
#cloudv-general-text: https://discord.com/channels/708208267699945503/732733373172285520\n
\n\'',NULL,69160),('4_Sunday','12','11:45','12:30','Y','CLV','','\'Remediation Framework - Auto respond to AWS nightmares.\'','\'Sahir Khan,Justin Paglierani\'','CLV_dbb8b3de373cf2fd91fb5d5127d4e5a0','\'\'',NULL,69161),('4_Sunday','12','12:30','13:30','N','CLV','','\'Cloud-Native Attack Detection and Simulation.\'','\'Nick Jones\'','CLV_441103d8c8781e08f2303dd852382293','\'Title: Cloud-Native Attack Detection and Simulation.
\nWhen: Sunday, Aug 9, 12:30 - 13:30 PDT
\nWhere: Cloud Vlg
\n
SpeakerBio:Nick Jones\n
\nNick Jones is the cloud security lead and a senior security consultant at F-Secure Consulting (formerly MWR InfoSecurity), where he focuses on AWS security in mature, cloud-native organisations and large enterprises. He has a number of years experience delivering offensive security assessments and services to a broad client base. When he\'s not delivering offensively-focused engagements, he\'s typically found working with clients to help them develop their security operations and attack detection capabilities.
\nTwitter: @nojonesuk
\n\n
\nDescription:
\nThe cloud brings a broad range of benefits from a security perspective, including network isolation by default, strong identity controls and unprecedented visibility. It does, however, bring many changes and unique challenges of its own when compared to an on-premise estate, with modern cloud environments make heavy use of containerisation, serverless functions and other new paradigms. As such, many of the data sources used for threat hunting and attack detection in traditional environments are no longer available. In addition, most attacks consist of abusing legitimate functionality, making it challenging at times to differentiate the malicious from the benign.\n
Based on ï¬rst-hand experience attacking and defending large enterprises, this talk will compare and contrast the benefits and challenges of attack detection in the cloud against on-premise detection, and highlight some of the key advantages, common pitfalls and key data sources. It will also offer advice and guidance on developing your own cloud attack detection capabilities in house.\n
Lastly, it will present Leonidas - a cloud native toolchain that allows users to easily define, simulate and detect new attack vectors and techniques against cloud environments, all tied back to the MITRE ATT&CK framework. This will include deploying and using Leonidas, constructing and executing an attack path end-to-end, and how to implement your own test cases. It\'ll also cover Leonidas into your detection stack to track improvement over time and support learning and skills development within your team. \n
\nYouTube: https://www.youtube.com/watch?v=DSipgVlsAfo\n
#cloudv-general-text: https://discord.com/channels/708208267699945503/732733373172285520\n
\n\'',NULL,69162),('4_Sunday','13','12:30','13:30','Y','CLV','','\'Cloud-Native Attack Detection and Simulation.\'','\'Nick Jones\'','CLV_441103d8c8781e08f2303dd852382293','\'\'',NULL,69163),('4_Sunday','13','13:30','13:50','N','CLV','','\'Closing Note\'','\' \'','CLV_2e8891b09a52534580323b21ebb3c4a0','\'Title: Closing Note
\nWhen: Sunday, Aug 9, 13:30 - 13:50 PDT
\nWhere: Cloud Vlg
\n
\nDescription:
\n
\nYouTube: https://www.youtube.com/watch?v=DSipgVlsAfo\n
#cloudv-general-text: https://discord.com/channels/708208267699945503/732733373172285520\n
\n\'',NULL,69164),('2_Friday','06','06:00','12:30','N','CLV','','\'Cloud Village CTF\'','\' \'','CLV_e220a5d8a3ec86ecf8321d648ed47731','\'Title: Cloud Village CTF
\nWhen: Friday, Aug 7, 06:00 - 12:30 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nRegistrations Open - 6 AM PDT 7th August 2020\nCTF start time - August 7th 11 AM PDT
\nCTF close time - August 9th 12:30 PM PDT\n
The winners will be announced on August 9th 1:30 PM PDT at the closing note\n
\nCTF Site: https://cloudvillagectf.co/\n
\n\'',NULL,69165),('2_Friday','07','06:00','12:30','Y','CLV','','\'Cloud Village CTF\'','\' \'','CLV_e220a5d8a3ec86ecf8321d648ed47731','\'\'',NULL,69166),('2_Friday','8','06:00','12:30','Y','CLV','','\'Cloud Village CTF\'','\' \'','CLV_e220a5d8a3ec86ecf8321d648ed47731','\'\'',NULL,69167),('2_Friday','9','06:00','12:30','Y','CLV','','\'Cloud Village CTF\'','\' \'','CLV_e220a5d8a3ec86ecf8321d648ed47731','\'\'',NULL,69168),('2_Friday','10','06:00','12:30','Y','CLV','','\'Cloud Village CTF\'','\' \'','CLV_e220a5d8a3ec86ecf8321d648ed47731','\'\'',NULL,69169),('2_Friday','11','06:00','12:30','Y','CLV','','\'Cloud Village CTF\'','\' \'','CLV_e220a5d8a3ec86ecf8321d648ed47731','\'\'',NULL,69170),('2_Friday','12','06:00','12:30','Y','CLV','','\'Cloud Village CTF\'','\' \'','CLV_e220a5d8a3ec86ecf8321d648ed47731','\'\'',NULL,69171),('2_Friday','12','12:00','13:50','N','DL','','\'PyRDP: Remote Desktop Protocol Monster-in-the-Middle (MITM) and Library\'','\'Olivier Bilodeau\'','DL_4597228a4db2be6e2bd750babff4ba0d','\'Title: PyRDP: Remote Desktop Protocol Monster-in-the-Middle (MITM) and Library
\nWhen: Friday, Aug 7, 12:00 - 13:50 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Olivier Bilodeau\n
\nOlivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, he enjoys luring malware operators into his traps, writing tools for malware research, reverse-engineering all-the-things and vulnerability research. Passionate communicator, Olivier has spoken at several conferences like BlackHat, Defcon, Botconf, SecTor, Derbycon, HackFest and more. Invested in his community, he co-organizes MontréHack, a monthly workshop focused on hands-on CTF problem solving, and NorthSec, a large non-profit conference and CTF based in Montreal.
\n\n
\nDescription:
\nPyRDP is a Remote Desktop Protocol (RDP) monster-in-the-middle (MITM) tool and library useful in intrusion testing and malware research. Its out of the box offensive capabilities can be divided in three broad categories: client-side, MITM-side and server-side. On the client-side PyRDP can actively steal any clipboard activity, crawl mapped drives and collect all keystrokes. On the MITM-side PyRDP records everything on the wire in several formats (logs, json events), allows the attacker to take control of an active session and performs a pixel perfect recording of the RDP screen. On the server-side, on-logon PowerShell or cmd injection can be performed when a legitimate client connects. Over the last year, we implemented several features that we are going to uncover in this brand-new demo lab workshop: a headless mode that allows deployment on systems with less resources or without an X11 stack, a fully transparent layer-2 deployment capability leveraging IP_TRANSPARENT sockets, a brand new Windows Graphical Device Interface (GDI) implementation and the ability to convert recorded sessions into MP4 videos. On the malware research side, PyRDP can be used as part of a fully interactive honeypot. It can be placed in front of a Windows RDP server to intercept malicious sessions. It can replace the credentials provided in the connection sequence with working credentials to accelerate compromise and malicious behavior collection. It also saves a visual and textual recording of each RDP session, which is useful for investigation or to generate IOCs. Additionally, PyRDP saves a copy of the files that are transferred via the drive redirection feature, allowing it to collect malicious payloads.\n
Audience: Offense and Malware Researchers\n
\nInteract @ #dl-bilodeau-pyrdp-text: https://discord.com/channels/708208267699945503/730256435916832849\n
Watch @ #dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988\n
Github: https://github.com/GoSecure/pyrdp\n
Forum: https://forum.defcon.org/node/233124\n
\n\'',NULL,69172),('2_Friday','13','12:00','13:50','Y','DL','','\'PyRDP: Remote Desktop Protocol Monster-in-the-Middle (MITM) and Library\'','\'Olivier Bilodeau\'','DL_4597228a4db2be6e2bd750babff4ba0d','\'\'',NULL,69173),('4_Sunday','12','12:00','13:50','N','DL','','\'Carnivore (Microsoft External Attack Tool)\'','\'Chris Nevin\'','DL_78422eecc78f4761436c280f049a2d2d','\'Title: Carnivore (Microsoft External Attack Tool)
\nWhen: Sunday, Aug 9, 12:00 - 13:50 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Chris Nevin\n
\nSenior Security Consultant at NCCGroup
\n\n
\nDescription:
\nCarnivore is a username enumeration and password spraying tool for Microsoft services (Skype for Business, ADFS, RDWeb, Exchange and Office 365). It originally began as an on-premises Skype for Business enumeration/spray tool as I was finding that these days, organizations often seem to have locked down their implementations of Exchange, however, Skype for Business has been left externally accessible, and has not received as much attention from previous penetration tests due to the lack of tools as impactful as Mailsniper. Overtime this was improved and built upon to bring the same service discovery, username enumeration and password spraying capability to Skype, ADFS, RDWeb, Exchange, and O365 all in the same tool. Carnivore includes new post compromise functionality for Skype for Business (pulling the internal address list and user presence through the API), and smart detection of the username format for all services. As a practical means of entry into an organisation – numerous external penetration tests have uncovered an on-premises Skype for Business or ADFS server even for organisations that have moved Mail/SSO/etc to the cloud.\n
Audience: Offense\n
\nInteract @ #dl-nevin-carnivore-text: https://discord.com/channels/708208267699945503/730256550442041373\n
Watch @ #dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505\n
Github: https://github.com/ReverendThing/Carnivore\n
Forum: https://forum.defcon.org/node/233116\n
\n\'',NULL,69174),('4_Sunday','13','12:00','13:50','Y','DL','','\'Carnivore (Microsoft External Attack Tool)\'','\'Chris Nevin\'','DL_78422eecc78f4761436c280f049a2d2d','\'\'',NULL,69175),('3_Saturday','16','16:00','17:55','N','DL','','\'CIRCO v2: Cisco Implant Raspberry Controlled Operations\'','\'Emilio Couto\'','DL_a4c2ae63640247bbd5f539bd60951c1c','\'Title: CIRCO v2: Cisco Implant Raspberry Controlled Operations
\nWhen: Saturday, Aug 8, 16:00 - 17:55 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Emilio Couto\n
\nEmilio Couto (@ekio_jp) is a Security Consultant with more than 20 years of experience in the network and security field.Born and raised in Argentina, he is currently located in Japan where multitasking between language, culture and technologies is a must.Over the last decade focusing mainly on Finance IT and presenting tools in conferences (DEF CON, BlackHat Asia, HITB, Code Blue, AV Tokyo and SECCON).In his spare time he enjoys 3D printing, tinkering electronics and home-made IoT devices.
\nTwitter: @ekio_jp
\n\n
\nDescription:
\nDesigned under Raspberry Pi and aimed for Red Team Ops, we take advantage of \"Sec/Net/Dev/Ops\" enterprise tools to capture network credentials in stealth mode\n
Audience: Offense/Hardware\n
\nInteract @ #dl-couto-circo-v2-text: https://discord.com/channels/708208267699945503/730256145771659335\n
Watch @ #dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988\n
Github: https://github.com/ekiojp/circo\n
Forum: https://forum.defcon.org/node/233127\n
\n\'',NULL,69176),('3_Saturday','17','16:00','17:55','Y','DL','','\'CIRCO v2: Cisco Implant Raspberry Controlled Operations\'','\'Emilio Couto\'','DL_a4c2ae63640247bbd5f539bd60951c1c','\'\'',NULL,69177),('3_Saturday','10','10:00','11:50','N','DL','','\'jeopardize\'','\'Utku Sen\'','DL_20c749c8de8568e48c0ef5e4aa14cbda','\'Title: jeopardize
\nWhen: Saturday, Aug 8, 10:00 - 11:50 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Utku Sen\n
\nUtku Sen is a security researcher who is mostly focused on application security, network security and tool development. He presented his different tools and researches in Black Hat USA Arsenal, DEF CON Demo Labs, Packet Hacking Village and Recon Village in the recent years. He\'s also nominated for Pwnie Awards on \"Best Backdoor\" category in 2016. He is currently working for HackerOne.
\n\n
\nDescription:
\nJeopardize tool is developed to provide basic threat intelligence&response capabilities against phishing domains at the minimum cost as possible. It detects registered phishing domain candidates (typosquatting, homograph etc.), analyzes them and assigns a risk score to them. After then, it sends valid-looking credentials to the login forms on those phishing sites. Main goals are to confuse the attackers and to buy organizations some time to take precautions.\n
Audience: Defense\n
\nDiscord: #dl-sen-jeopardize-text: https://discord.com/channels/708208267699945503/730256291032989728\n
Watch @ #dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988\n
Github: https://github.com/utkusen/jeopardize\n
Forum: https://forum.defcon.org/node/233129\n
\n\'',NULL,69178),('3_Saturday','11','10:00','11:50','Y','DL','','\'jeopardize\'','\'Utku Sen\'','DL_20c749c8de8568e48c0ef5e4aa14cbda','\'\'',NULL,69179),('4_Sunday','10','10:00','11:50','N','DL','','\'redlure\'','\'Matthew Creel\'','DL_c067bd15ae7acf819684bde9b92a79f1','\'Title: redlure
\nWhen: Sunday, Aug 9, 10:00 - 11:50 PDT
\nWhere: See Description or Village
\n
SpeakerBio:Matthew Creel\n
\nMatt has been a member of the Schneider Downs cybersecurity practice since 2017 where he helps provide clients with penetration testing, red teaming and incident response services. One of Matt\'s focuses is offensive tool development, notably password spraying and phishing tools. Matt has served clients in manufacturing, healthcare, automotive, finanaical and higher education industires.
\n\n
\nDescription:
\nredlure can be descirbed as a distributed phishing platform. There is a centeralized API (redlure-console) where you can create the different aspects of your phishing campaigns. This console controls secondary servers running a more basic API (redlure-workers) that do the actual hosting of your phishing sites/files and communicate results back to the main server. Obviosuly there are existing tools that can accomplish phishing, but here are a few features to this tool that differentiate it and will be descirbed in the abstract.\n
Audience: Offense\n
\nInteract @ #dl-creel-redlure-text: https://discord.com/channels/708208267699945503/730256326868860949\n
Watch @ #dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988\n
Forum: https://forum.defcon.org/node/233131\n
\n\'',NULL,69180),('4_Sunday','11','10:00','11:50','Y','DL','','\'redlure\'','\'Matthew Creel\'','DL_c067bd15ae7acf819684bde9b92a79f1','\'\'',NULL,69181),('4_Sunday','17','17:00','17:59','N','DC','','\'Closing Ceremonies\'','\'The Dark Tangent\'','DC_585aaf4aad9522f2701b50a87905ab17','\'Title: Closing Ceremonies
\nWhen: Sunday, Aug 9, 17:00 - 17:59 PDT
\nWhere: See Description or Village
\n
SpeakerBio:The Dark Tangent\n
\nNo BIO available
\n\n
\nDescription:
\nThe closing ceremonies will be streamed on the DEF CON Twitch. There will be a live Q&A session during part of the event, and questions can be posted in #track-1-live-qa.\n
\nTwitch: https://www.twitch.tv/defconorg\n
#track-1-live-qa: https://discord.com/channels/708208267699945503/733079691145117848\n
\n\'',NULL,69182),('2_Friday','13','13:00','13:59','N','SEV','','\'Live SE Q&A\'','\' \'','SEV_9ebcf5df76898657f22936b36261a9fc','\'Title: Live SE Q&A
\nWhen: Friday, Aug 7, 13:00 - 13:59 PDT
\nWhere: Social Engineer Village
\n
\nDescription:
\n
\n#sev-qa-voice: https://discord.com/channels/708208267699945503/736686395631992852\n
\n\'',NULL,69183),('3_Saturday','14','14:30','15:20','N','IOT','','\'The future of IoT Security “Baselines,†Standards, and Regulatory Domain\'','\'Amit Elazari,Anahit Tarkhanyan\'','IOT_566d27896ddc0647c28ab4bf8db5bf40','\'Title: The future of IoT Security “Baselines,†Standards, and Regulatory Domain
\nWhen: Saturday, Aug 8, 14:30 - 15:20 PDT
\nWhere: IOT Vlg
\nSpeakers:Amit Elazari,Anahit Tarkhanyan
\n
SpeakerBio:Amit Elazari\n
\nDr. Amit Elazari is a Director, Global Cybersecurity Policy at Intel Corporation and a Lecturer at UC Berkeley’s School of Information Master in Information and Cybersecurity. She holds a Doctoral Degree in the Law (J.S.D.) from UC Berkeley School of Law and graduated summa cum laude three prior degrees. Her research in information security law and policy has appeared in leading technology law and computer science journals, presented at conferences such as RSA, Black Hat, USENIX Enigma, USENIX Security, BsidesLV, BsidesSF and DEF CON Villages, and featured at leading news sites such as The Wall Street Journal, The Washington Post and the New York Times. In 2018, she received a Center for Long Term Cybersecurity grant for her work on private ordering regulating information security, exploring safe harbors for security researchers. She practiced law in Israel.\n
\n
SpeakerBio:Anahit Tarkhanyan\n
\nAnahit Tarkhanyan is Platform Architect at Intel and leads IoT hardware-based security product architecture. She joined Intel in 2011 and has over 20 years of industry experience delivering security solutions to the market. Her area of expertise covers silicon-based Edge to Cloud systems security and AI/ML protection. Anahit is a recognized contributor to Intel’s hardware security and a trusted advisor for ecosystem partners. She has PhD in Distributed Computer Systems and Networks, holds several patents, and has publications in diverse security technology areas.
\n\n
\nDescription:
\nSecurity is one of the most dynamic and impactful landscapes in the regulatory sphere. Proposed initiatives and standards in IoT security specifically, are shaping the industry at a fast pace and on a global scale. With the potential for marked impact to the researcher community, this evolving landscape also serves as an opportunity for technology innovation and collaboration. This talk, a joint presentation from policy expert, Dr. Amit Elazari, and IoT platform architect, Anahit Tarkhanyan, will introduce the audience to a variety of regulatory concepts and baseline proposals shaping the future of IoT security. They’ll focus on recent trends including: NISTIR 8259, C2, international standards, supply chain transparency, researchers’ collaboration, proposed legislation, Coordinated Vulnerability Disclosure, and the innovative, technical capabilities that can support and enhance development from the foundation up.
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,69184),('3_Saturday','15','14:30','15:20','Y','IOT','','\'The future of IoT Security “Baselines,†Standards, and Regulatory Domain\'','\'Amit Elazari,Anahit Tarkhanyan\'','IOT_566d27896ddc0647c28ab4bf8db5bf40','\'\'',NULL,69185),('2_Friday','17','17:45','18:45','N','WLV','','\'Wireless Village Fireside Talk\'','\' \'','WLV_cd3dbaa4f6b7076bcaf0347bbe35b188','\'Title: Wireless Village Fireside Talk
\nWhen: Friday, Aug 7, 17:45 - 18:45 PDT
\nWhere: Wireless Vlg
\n
\nDescription:
\n FIRESIDE Talk, on stryngs, scapy with a dash of bluetooth, anyone want a code release and some demo on packet creation in BT and other work\n
\n#wv-general-voice: https://discord.com/channels/708208267699945503/731262451974144071\n
\n\'',NULL,69186),('2_Friday','18','17:45','18:45','Y','WLV','','\'Wireless Village Fireside Talk\'','\' \'','WLV_cd3dbaa4f6b7076bcaf0347bbe35b188','\'\'',NULL,69187),('3_Saturday','12','12:30','13:15','N','IOT','','\'Kicking Devices and Taking CVEs : The Zoomer’s Guide to Hacking Shit\'','\'Sanjana Sarda\'','IOT_47b4ab57b26b107282e4811e1331299b','\'Title: Kicking Devices and Taking CVEs : The Zoomer’s Guide to Hacking Shit
\nWhen: Saturday, Aug 8, 12:30 - 13:15 PDT
\nWhere: IOT Vlg
\n
SpeakerBio:Sanjana Sarda\n
\nSanjana Sarda is a Junior Security Analyst at Independent Security Evaluators and is a rising Electrical Engineering senior at UCLA. She is primarily focused on Cryptography, IoT and Hardware Security and hiding from her dog. Sarda has been researching various IoT devices and has discovered several CVEs. Her research has been covered by publications such as Motherboard, the Daily Swig, and ISMG.
\n\n
\nDescription:
\nDo you ever play iSpy with the smart devices around you and wonder how easy it is to hack shit and get CVEs? In the Zoomer era, smart devices are extremely accessible, generally cheap and not very security focused. In this talk, Sarda (a fellow Zoomer) will walk the audience through the basic methodology, tooling, exploitation, and disclosure process used when hacking an IoT device. This talk will include a “livish†demo of the exploitation of 5 CVEs, including remote code execution and telnet access, discovered while researching the Tenda AC1900 router—which can be chained to provide persistent root shell access to the device
\n
IOT Village activities will be streamed to Twitch.\n
\nTwitch: https://www.twitch.tv/iotvillage\n
\'',NULL,69188),('3_Saturday','13','12:30','13:15','Y','IOT','','\'Kicking Devices and Taking CVEs : The Zoomer’s Guide to Hacking Shit\'','\'Sanjana Sarda\'','IOT_47b4ab57b26b107282e4811e1331299b','\'\'',NULL,69189),('3_Saturday','10','10:00','10:59','N','DCG','','\'OWASP API Top 10\'','\' \'','DCG_abaafd2754ff3db8b7fc14913038f983','\'Title: OWASP API Top 10
\nWhen: Saturday, Aug 8, 10:00 - 10:59 PDT
\nWhere: DEF CON Groups
\n
\nDescription:
\nPresentation by DC9111 (New Delhi, India)
\n
All DEF CON Groups presentations are happening in AltSpace.\n
\nAltSpace: https://account.altvr.com/events/1520704529866162594\n
Listen @ #dcg-stage-voice: https://discord.com/channels/708208267699945503/740428852999880704\n
Interact @ #dcg-stage-text: https://discord.com/channels/708208267699945503/710379858429083698\n
\'',NULL,69190),('3_Saturday','11','11:00','11:59','N','DCG','','\'Government Espionage on a School Lunch Budget\'','\' \'','DCG_2247307bd04c28619737481b6ffeb16c','\'Title: Government Espionage on a School Lunch Budget
\nWhen: Saturday, Aug 8, 11:00 - 11:59 PDT
\nWhere: DEF CON Groups
\n
\nDescription:
\nPresentation by DC664 (Mexico)
\n
All DEF CON Groups presentations are happening in AltSpace.\n
\nAltSpace: https://account.altvr.com/events/1520704529866162594\n
Listen @ #dcg-stage-voice: https://discord.com/channels/708208267699945503/740428852999880704\n
Interact @ #dcg-stage-text: https://discord.com/channels/708208267699945503/710379858429083698\n
\'',NULL,69191),('3_Saturday','12','12:00','12:59','N','DCG','','\'Basic OSINT: Mining Personal Data\'','\' \'','DCG_b2f391753708bc61c66762b320daf855','\'Title: Basic OSINT: Mining Personal Data
\nWhen: Saturday, Aug 8, 12:00 - 12:59 PDT
\nWhere: DEF CON Groups
\n
\nDescription:
\nPresentation by DC574 (Indiana, USA)
\n
All DEF CON Groups presentations are happening in AltSpace.\n
\nAltSpace: https://account.altvr.com/events/1520704529866162594\n
Listen @ #dcg-stage-voice: https://discord.com/channels/708208267699945503/740428852999880704\n
Interact @ #dcg-stage-text: https://discord.com/channels/708208267699945503/710379858429083698\n
\'',NULL,69192),('3_Saturday','13','13:00','13:15','N','DCG','','\'Intro to DC858\'','\' \'','DCG_9421f2671fdcc644d75c6bc288bd6513','\'Title: Intro to DC858
\nWhen: Saturday, Aug 8, 13:00 - 13:15 PDT
\nWhere: DEF CON Groups
\n
\nDescription:
\nPresentation by DC858 (San Diego, California, USA)
\n
All DEF CON Groups presentations are happening in AltSpace.\n
\nAltSpace: https://account.altvr.com/events/1520704529866162594\n
Listen @ #dcg-stage-voice: https://discord.com/channels/708208267699945503/740428852999880704\n
Interact @ #dcg-stage-text: https://discord.com/channels/708208267699945503/710379858429083698\n
\'',NULL,69193),('3_Saturday','13','13:15','13:59','N','DCG','','\'Saving Yourself from Microsoft: It\'s by design\'','\' \'','DCG_ab8fed075ab7ac549cfbe185b954985e','\'Title: Saving Yourself from Microsoft: It\'s by design
\nWhen: Saturday, Aug 8, 13:15 - 13:59 PDT
\nWhere: DEF CON Groups
\n
\nDescription:
\nPresentation by DC858 (San Diego, California, USA)
\n
All DEF CON Groups presentations are happening in AltSpace.\n
\nAltSpace: https://account.altvr.com/events/1520704529866162594\n
Listen @ #dcg-stage-voice: https://discord.com/channels/708208267699945503/740428852999880704\n
Interact @ #dcg-stage-text: https://discord.com/channels/708208267699945503/710379858429083698\n
\'',NULL,69194),('3_Saturday','14','14:00','14:59','N','DCG','','\'Understanding the Threat: Malicious Software, Malicious Actors, and the Promise of Connected Medical Technology\'','\' \'','DCG_05880fb30ec565f96d406bcd24d65281','\'Title: Understanding the Threat: Malicious Software, Malicious Actors, and the Promise of Connected Medical Technology
\nWhen: Saturday, Aug 8, 14:00 - 14:59 PDT
\nWhere: DEF CON Groups
\n
\nDescription:
\nPresentation by DC858 (San Diego, California, USA)
\n
All DEF CON Groups presentations are happening in AltSpace.\n
\nAltSpace: https://account.altvr.com/events/1520704529866162594\n
Listen @ #dcg-stage-voice: https://discord.com/channels/708208267699945503/740428852999880704\n
Interact @ #dcg-stage-text: https://discord.com/channels/708208267699945503/710379858429083698\n
\'',NULL,69195),('3_Saturday','15','15:00','15:15','N','DCG','','\'Intro to DC603\'','\' \'','DCG_64bbe716ca44338ac85fc04a02dca1a9','\'Title: Intro to DC603
\nWhen: Saturday, Aug 8, 15:00 - 15:15 PDT
\nWhere: DEF CON Groups
\n
\nDescription:
\nPresentation by DC603 (New Hampshire, USA)
\n
All DEF CON Groups presentations are happening in AltSpace.\n
\nAltSpace: https://account.altvr.com/events/1520704529866162594\n
Listen @ #dcg-stage-voice: https://discord.com/channels/708208267699945503/740428852999880704\n
Interact @ #dcg-stage-text: https://discord.com/channels/708208267699945503/710379858429083698\n
\'',NULL,69196),('3_Saturday','15','15:15','15:59','N','DCG','','\'DNS New World Order, version 1.4: QuadX! DoH! DoT! Da Fuq?\'','\' \'','DCG_5b1695f099ee1750033387b73667a521','\'Title: DNS New World Order, version 1.4: QuadX! DoH! DoT! Da Fuq?
\nWhen: Saturday, Aug 8, 15:15 - 15:59 PDT
\nWhere: DEF CON Groups
\n
\nDescription:
\nPresentation by DC603 (New Hampshire, USA)
\n
All DEF CON Groups presentations are happening in AltSpace.\n
\nAltSpace: https://account.altvr.com/events/1520704529866162594\n
Listen @ #dcg-stage-voice: https://discord.com/channels/708208267699945503/740428852999880704\n
Interact @ #dcg-stage-text: https://discord.com/channels/708208267699945503/710379858429083698\n
\'',NULL,69197),('3_Saturday','17','17:00','17:59','N','DCG','','\'Introducing Melbourne DCG by Allen and Friends\'','\' \'','DCG_54f554c27b60c652aa40c381a717b6fc','\'Title: Introducing Melbourne DCG by Allen and Friends
\nWhen: Saturday, Aug 8, 17:00 - 17:59 PDT
\nWhere: DEF CON Groups
\n
\nDescription:
\nPresentation by DCG11613 (Melbourne, Australia)
\n
All DEF CON Groups presentations are happening in AltSpace.\n
\nAltSpace: https://account.altvr.com/events/1520704529866162594\n
Listen @ #dcg-stage-voice: https://discord.com/channels/708208267699945503/740428852999880704\n
Interact @ #dcg-stage-text: https://discord.com/channels/708208267699945503/710379858429083698\n
\'',NULL,69198),('4_Sunday','12','12:00','13:50','N','DL','','\'Starkiller\'','\' \'','DL_bf1cd20659003248941d942c09d87d09','\'Title: Starkiller
\nWhen: Sunday, Aug 9, 12:00 - 13:50 PDT
\nWhere: See Description or Village
\n
\nDescription:
\nThe ultimate goal for any security team is to increase resiliency within an organization and adapt to the modern threat. Starkiller aims to provide red teams with a platform to emulate Advanced Persistent Threat (APT) tactics. Starkiller is a frontend for the post-exploitation framework, PowerShell Empire, which incorporates a multi-user GUI application that interfaces with a remote Command and Control (C2) server. Empire is powered by Python 3 and PowerShell and includes many widely used offensive security tools for Windows, Linux, and macOS exploitation. The framework\'s flexibility to easily incorporate new modules allows for a single solution for red team operations. Both red and blue teams can utilize Starkiller to emulate and defend against the most used APT attack vectors.\n
Audience: Offense, Defense\n
\nInteract @ #dl-rose-starkiller-text: https://discord.com/channels/708208267699945503/730256356292165682\n
Watch @ #dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988\n
Web: https://www.bc-security.org/post/an-introduction-to-starkiller\n
Forum: https://forum.defcon.org/node/233126\n
\n\'',NULL,69199),('4_Sunday','13','12:00','13:50','Y','DL','','\'Starkiller\'','\' \'','DL_bf1cd20659003248941d942c09d87d09','\'\'',NULL,69200),('4_Sunday','15','15:00','15:59','N','DCG','','\'DEF CON Groups Panel\'','\'Brent White / B1TK1LL3R,Casey Bourbonnais / ADAM_915,Jayson E. Street,April C Wright\'','DCG_d30766231508160ae660d562ad0f2ff3','\'Title: DEF CON Groups Panel
\nWhen: Sunday, Aug 9, 15:00 - 15:59 PDT
\nWhere: DEF CON Groups
\nSpeakers:Brent White / B1TK1LL3R,Casey Bourbonnais / ADAM_915,Jayson E. Street,April C Wright
\n
SpeakerBio:Brent White / B1TK1LL3R\n
\nBrent is a Sr. Security Consultant at NTT Security as well as a Trusted Advisor for the Tennessee Department of Safety and Homeland Security on the topics of Physical and Cyber Security. He is also the founder of the Nashville DEF CON group (DC615), and is the Global Coordinator for the DEF CON conference “Groups†program. He has held the role of Web/Project Manager and IT Security Director for a global franchise company as well as Web Manager and information security positions for multiple television personalities and television shows on The Travel Channel.
\nTwitter: @brentwdesign
\n
SpeakerBio:Casey Bourbonnais / ADAM_915\n
\nNo BIO available
\nTwitter: @Bourbonnais_c
\n
SpeakerBio:Jayson E. Street\n
\nJayson E. Street is the VP of InfoSec at SphereNY ... He is also DEF CON Groups Global Ambassador. Jayson battled a dragon during the Fire Run in Barcelona Spain. He \'accidentally broke into a shark tank in the Dominican Republic and climbed the pyramid of Giza (until the guards carrying AK-47s expressed their displeasure). He consulted with the Secret Service in 2007 on the WIFI security of the White House, and has had tea with a Lebanese General in Beirut. Jayson never finished High School but does have his GED. His first book is used as course material at four colleges in three countries (that he knows of), and he has spoken at numerous universities in the US and gave an eight-hour lecture at the Beijing Institute of Technology in 2014. Outside of standardized education, Jayson has spoken numerous times at DEF CON, at the first six DerbyCons and at many other Cons (Hack in Paris, Nuit Du Hack, IT-Defense, SYSCAN360, PH-Neutral, etc....) around the world. He was also on the David Letterman show (seriously) though he is still waiting for Stephen Colbert to have him on his show! Jayson is only one degree away from Kevin Bacon after awkward hugging Oliver Stone and Jimmy Fallon. He started in security and law enforcement over 30 years ago and has always striven to make things more secure. Jayson has been in the Information Security industry for over 18 years, and once broke into a high scale hotel in the South of France - barefoot - wearing Teenage Mutant Ninja Turtles pajamas. He was also noted as the best janitor of all McDonald\'s in the South East Texas region for 2 consecutive years.
\n
SpeakerBio:April C Wright\n
\nApril C. Wright is a hacker, author, teacher, and community leader who has been breaking, making, fixing, and defending the security of global critical communications and connections for over 25 years. She is an international speaker and trainer, educating and advising on matters of privacy and information security with the goal of safeguarding the digital components we rely on every day. April has held roles on defensive, operational, adversarial, and development teams throughout her career and is currently a Senior Application Security Architect. Her book, “Fixing An Insecure Software Life Cycle†was published through O’Reilly, and she is currently writing a new book to be published by No Starch Press. She is a co-host for the SecurityWeekly family of webcasts. April has spoken and contributed to numerous worldwide security conferences (often during repeat appearances), including BlackHat on three continents, DEF CON on two continents, DerbyCon, GRRcon, Layer 8, Hack in Paris, DefCamp Romania, ITWeb South Africa. She has also presented for the US Government and industry organizations such as OWASP and ISSA. She has started multiple small businesses including a non-profit and a photography studio. April currently handles communications for the Official DEF CON Groups global community outreach, and in 2017 she co-founded the local Boston meetup “DC617â€. April has collected dozens of certifications to add capital letters at the end of her name, almost died in Dracula’s secret staircase, and once read on The Onion that researchers at the University of North Carolina released a comprehensive report in 2014 confirming her status as the “most significant and interesting person currently inhabiting the earthâ€, and it was on ‘teh internet’ so it must be true.
\nTwitter: @aprilwright
\n\n
\nDescription:
\nDo you love DEF CON? Do you hate having to wait for it all year? Well, thanks to DEF CON groups, you\'re able to carry the spirit of DEF CON with you year round, and with local people, transcending borders, languages, and anything else that may separate us! In this moderated panel, your DEF CON groups team who works behind the scenes to make DCG possible will discuss what DCG is all about, getting involved in the community, starting your own local group, and Q&A. \n
\nTwitch: https://www.twitch.tv/jaysonstreet\n
Interact @ #dcg-stage-text: https://discord.com/channels/708208267699945503/710379858429083698\n
\n
All DEF CON Groups presentations are happening in AltSpace.\n
\nAltSpace: https://account.altvr.com/events/1520704529866162594\n
Listen @ #dcg-stage-voice: https://discord.com/channels/708208267699945503/740428852999880704\n
Interact @ #dcg-stage-text: https://discord.com/channels/708208267699945503/710379858429083698\n
\'',NULL,69201),('4_Sunday','12','12:00','12:59','N','WLV','','\'Ghosting the PACS-man: New Tools and Techniques\'','\'Iceman,Omikron\'','WLV_8dd6b2045b08d8de0b5baf287f67514e','\'Title: Ghosting the PACS-man: New Tools and Techniques
\nWhen: Sunday, Aug 9, 12:00 - 12:59 PDT
\nWhere: Wireless Vlg
\nSpeakers:Iceman,Omikron
\n
SpeakerBio:Iceman\n
\nNo BIO available
\n
SpeakerBio:Omikron\n
\nNo BIO available
\n\n
\nDescription:
\nDo you fear the PACS-man? Do you lie awake at night atop your pile of RFID cards of unknown origin, pondering grand questions of access control? Is Wiegand a card or a data format? What is an \"encrypted\" credential and is it actually any more secure? Fear not, fellow explorer. Come discuss your woes with professional ghosts of access control and learn how to keep the PACS-man at bay. This livestream will provide a holistic context of modern access control and outline common design limitations that can be exploited when systems are not implemented correctly. From credentials, to readers, to door controllers and beyond, Babak Javadi and Iceman from the Red Team Alliance will share a practical understanding of what PACS looks like in the field, and how to intercept, clone, downgrade, replay, and one\'s way through the system.\n
The talk will demonstrate several new tools, exploits, and refined methods for compromising modern PACS, including:\n
\n - DoS Attacks Involving Improper Reconfiguration of Readers\n
- New iCLASS Standalone Modes for Proxmark3 RDV4.0\n
- Tech Downgrade Attacks: Techniques for compromising systems using high security credentials such as SEOS and DESFire EV1/EV2.\n
- Plus More Special Surprises!
\nCustomers, integrators, and system designers will also learn more about best practices and defensive methods that can be used to defend systems and deter attackers.\n
\n\'',NULL,69202),('3_Saturday','20','20:00','21:59','N','DC','','\'Movie Stream - Lost World\'','\' \'','DC_8ba1d46c47942fdd8d4c0d293eaa21f0','\'Title: Movie Stream - Lost World
\nWhen: Saturday, Aug 8, 20:00 - 21:59 PDT
\nWhere: See Description or Village
\n
\nDescription:
\n\'The Lost World\' - Like Jurassic park but with title cards. Silent FIlm era, with dinosaurs. From 1925.\n
\nBanter @ #movie-night-text: https://discord.com/channels/708208267699945503/741067993617924227\n
Watch @ #movie-night-voice: https://discord.com/channels/708208267699945503/741068040132624505\n
\n\'',NULL,69203),('3_Saturday','21','20:00','21:59','Y','DC','','\'Movie Stream - Lost World\'','\' \'','DC_8ba1d46c47942fdd8d4c0d293eaa21f0','\'\'',NULL,69204),('4_Sunday','13','13:00','13:59','N','HHV','','\'Importing vector graphics in to EagleCAD\'','\' \'','HHV_4d202e74c9b6209240195409b0fe8953','\'Title: Importing vector graphics in to EagleCAD
\nWhen: Sunday, Aug 9, 13:00 - 13:59 PDT
\nWhere: Hardware Hacking Vlg
\n
\nDescription:
\n
\nTwitch: https://www.twitch.tv/dchhv\n
\n\'',NULL,69205);
/*!40000 ALTER TABLE `events` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `speakers`
--
DROP TABLE IF EXISTS `speakers`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `speakers` (
`speaker_sort` varchar(128) COLLATE utf8_unicode_ci NOT NULL,
`speaker` varchar(128) COLLATE utf8_unicode_ci NOT NULL,
`hash` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
`autoincre` int(11) NOT NULL AUTO_INCREMENT,
PRIMARY KEY (`autoincre`),
KEY `speaker_sort` (`speaker_sort`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=67651 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `speakers`
--
LOCK TABLES `speakers` WRITE;
/*!40000 ALTER TABLE `speakers` DISABLE KEYS */;
INSERT INTO `speakers` VALUES ('\'Feng Xiao\'','\'Feng Xiao\'','DC_dfc41b2f5038b4493d9b08d5d3e69306',66727),('\'Alvaro Munoz\'','\'Alvaro Munoz\'','DC_21aff9473c22cde3f204b9da9842d69c',66728),('\'Oleksandr Mirosh\'','\'Oleksandr Mirosh\'','DC_21aff9473c22cde3f204b9da9842d69c',66729),('\'Hadrien Barral\'','\'Hadrien Barral\'','DC_fbf978fe8dd82689ffdf1f08c0099d42',66730),('\'Rémi Géraud-Stewart\'','\'Rémi Géraud-Stewart\'','DC_fbf978fe8dd82689ffdf1f08c0099d42',66731),('\'Sean Metcalf\'','\'Sean Metcalf\'','DC_dda55e7ec2a15bfb5d973a1b77e847e1',66732),('\'Rik van Duijn\'','\'Rik van Duijn\'','DC_4a9a24018d8eaec7b4b4526bbd874f23',66733),('\'Wesley Neelen\'','\'Wesley Neelen\'','DC_4a9a24018d8eaec7b4b4526bbd874f23',66734),('\'Ariel Schön\'','\'Ariel Schön\'','DC_24089a94946470cdbf41a139fadeac3e',66735),('\'Moshe Kol\'','\'Moshe Kol\'','DC_24089a94946470cdbf41a139fadeac3e',66736),('\'Shlomi Oberman\'','\'Shlomi Oberman\'','DC_24089a94946470cdbf41a139fadeac3e',66737),('\'Bill Demirkapi\'','\'Bill Demirkapi\'','DC_c9f2b5a4ef6eb3e47c29eeaae03b62cf',66738),('\'Erik Hunstad\'','\'Erik Hunstad\'','DC_b57f631bd9d4b260e2609910c9097b32',66739),('\'Ash Luft\'','\'Ash Luft\'','FSL_0e056d52433b4e28974894572911f78f',66740),('\'Christian “quaddi†Dameff\'','\'Christian “quaddi†Dameff\'','FSL_0e056d52433b4e28974894572911f78f',66741),('\'Jeff “r3plicant†Tully\'','\'Jeff “r3plicant†Tully\'','FSL_0e056d52433b4e28974894572911f78f',66742),('\'Suzanne Schwartz\'','\'Suzanne Schwartz\'','FSL_0e056d52433b4e28974894572911f78f',66743),('\'Vidya Murthy\'','\'Vidya Murthy\'','FSL_0e056d52433b4e28974894572911f78f',66744),('\'Francesco Gringoli\'','\'Francesco Gringoli\'','DC_6fe7fe37ff37b2c7b9b3508babc2148a',66745),('\'Jiska Classen\'','\'Jiska Classen\'','DC_6fe7fe37ff37b2c7b9b3508babc2148a',66746),('\'Slava Makkaveev\'','\'Slava Makkaveev\'','DC_00783240ba71ab8d6b888490de9acff4',66747),('\'Cooper Quintin\'','\'Cooper Quintin\'','DC_48ae8ac23b6e2880bc166faa7284ad3d',66748),('\'Joshua Maddux\'','\'Joshua Maddux\'','DC_ff5a91546a1d6128b9a3e245d01e1381',66749),('\'Jack Baker\'','\'Jack Baker\'','DC_3a6c4544b202464f9ea023172e23eb3c',66750),('\'Eyal Itkin\'','\'Eyal Itkin\'','DC_9176e02c5d7bd111769be71457f81634',66751),('\'Bill Graydon\'','\'Bill Graydon\'','DC_9ac78bab5a992a7cdc25a37a1fa196d4',66752),('\'Elie Bursztein\'','\'Elie Bursztein\'','DC_44a8e648f7ede35704d57d05efae1274',66753),('\'Patrick Wardle\'','\'Patrick Wardle\'','DC_f39afe5e9ae7d3bba4964e2cb8ff09b9',66754),('\'Abi Hassen\'','\'Abi Hassen\'','FSL_14d2fec17809cfcb89f609bb7926bf98',66755),('\'Alexis Hancock\'','\'Alexis Hancock\'','FSL_14d2fec17809cfcb89f609bb7926bf98',66756),('\'Elliot\'','\'Elliot\'','FSL_14d2fec17809cfcb89f609bb7926bf98',66757),('\'Emilie St-Pierre\'','\'Emilie St-Pierre\'','FSL_14d2fec17809cfcb89f609bb7926bf98',66758),('\'Eva Galperin\'','\'Eva Galperin\'','FSL_14d2fec17809cfcb89f609bb7926bf98',66759),('\'Hannah Zhao\'','\'Hannah Zhao\'','FSL_14d2fec17809cfcb89f609bb7926bf98',66760),('\'Kurt Opsahl\'','\'Kurt Opsahl\'','FSL_14d2fec17809cfcb89f609bb7926bf98',66761),('\'nash\'','\'nash\'','FSL_14d2fec17809cfcb89f609bb7926bf98',66762),('\'Rory Mir\'','\'Rory Mir\'','FSL_14d2fec17809cfcb89f609bb7926bf98',66763),('\'Tracy Rosenberg \'','\'Tracy Rosenberg \'','FSL_14d2fec17809cfcb89f609bb7926bf98',66764),('\'Peleg Hadar\'','\'Peleg Hadar\'','DC_6de50c2c85defe3066b98801470320f0',66765),('\'Tomer Bar\'','\'Tomer Bar\'','DC_6de50c2c85defe3066b98801470320f0',66766),('\'James Pavur\'','\'James Pavur\'','DC_f32a604202f9c7ff8c38a38babd93e1c',66767),('\'Gal Zror\'','\'Gal Zror\'','DC_0267825d88d187d6bf8c38a7f782fc45',66768),('\'Brenda So\'','\'Brenda So\'','DC_0e98d9df650c9c518d081c0a176e967c',66769),('\'Trey Keown\'','\'Trey Keown\'','DC_0e98d9df650c9c518d081c0a176e967c',66770),('\'Michael Stay\'','\'Michael Stay\'','DC_cda6c5d789fa984db0a30864d95c4c28',66771),('\'Paul Marrapese\'','\'Paul Marrapese\'','DC_d63e2539f28afabeacc0031e5786f995',66772),('\'Yamila Levalle\'','\'Yamila Levalle\'','DC_da63c15332a51a68b7cf60bb07a61418',66773),('\'Patrick Kiley\'','\'Patrick Kiley\'','DC_62cf4680e79aa0a29199b164bda770e2',66774),('\'Jake Labelle\'','\'Jake Labelle\'','DC_53c31730b7df0d2ed271cb728e8732c4',66775),('\'Chuanda Ding\'','\'Chuanda Ding\'','DC_b447d1d1710cc8e4457cd9c435c05162',66776),('\'Zhipeng Huo\'','\'Zhipeng Huo\'','DC_b447d1d1710cc8e4457cd9c435c05162',66777),('\'Jesse Michael\'','\'Jesse Michael\'','DC_b23600335a8733ba318867451b763e80',66778),('\'Mickey Shkatov\'','\'Mickey Shkatov\'','DC_b23600335a8733ba318867451b763e80',66779),('\'ayoul3\'','\'ayoul3\'','DC_13567c79faececb560347aad5323fa9d',66780),('\'Christopher Wade\'','\'Christopher Wade\'','DC_3794f3e7a17027bd2d3eabd7674c7f84',66781),('\'Ismail Melih Tas\'','\'Ismail Melih Tas\'','DC_862a1578203d9f33b63d575bce996330',66782),('\'Kubilay Ahmet Kucuk\'','\'Kubilay Ahmet Kucuk\'','DC_862a1578203d9f33b63d575bce996330',66783),('\'Allison Donovan\'','\'Allison Donovan\'','DC_a9186a25927f7632275825f12381c0bf',66784),('\'Dylan Ayrey\'','\'Dylan Ayrey\'','DC_a9186a25927f7632275825f12381c0bf',66785),('\'rehr\'','\'rehr\'','HHV_275d852797bc257b5ce7377e9e6adf22',66786),('\'Joseph Long (hwbxr)\'','\'Joseph Long (hwbxr)\'','HHV_f68bf793989bd90b876644d373ddbb79',66787),('\'Federico Lucifredi\'','\'Federico Lucifredi\'','HHV_f6f4ee9de79cd6aeb3af27f3f8f4fdbf',66788),('\'Farith Pérez Sáez\'','\'Farith Pérez Sáez\'','HHV_2d4bf633be4053301d8c408aaf841a8c',66789),('\'Luis Ãngel RamÃrez Mendoza (@larm182luis)\'','\'Luis Ãngel RamÃrez Mendoza (@larm182luis)\'','HHV_2d4bf633be4053301d8c408aaf841a8c',66790),('\'Mauro Cáseres\'','\'Mauro Cáseres\'','HHV_2d4bf633be4053301d8c408aaf841a8c',66791),('\'Joseph Long (hwbxr)\'','\'Joseph Long (hwbxr)\'','HHV_5b441ef519523add67e4d39c81c75fc7',66792),('\'ShortTie\'','\'ShortTie\'','HHV_add64d070a65b5a949c28192fb095743',66793),('\'ShortTie\'','\'ShortTie\'','HHV_d2d7f7f030f03ba284c30c024e2cab6f',66794),('\'rehr\'','\'rehr\'','HHV_a7ed45de7ee8f5c08eb3b0940a52b48a',66795),('\'Chris Gammell\'','\'Chris Gammell\'','HHV_38bb575487c13b5006e5a6d3fa43dcc2',66796),('\'Joseph Long (hwbxr)\'','\'Joseph Long (hwbxr)\'','HHV_778145466022a2f4782ec3e88c684130',66797),('\'Federico Lucifredi\'','\'Federico Lucifredi\'','HHV_3cb35d77b7016ad98d8186f33e9ca306',66798),('\'Farith Pérez Sáez\'','\'Farith Pérez Sáez\'','HHV_5372cf517fac45b58676957cbf363ed0',66799),('\'Luis Ãngel RamÃrez Mendoza (@larm182luis)\'','\'Luis Ãngel RamÃrez Mendoza (@larm182luis)\'','HHV_5372cf517fac45b58676957cbf363ed0',66800),('\'Mauro Cáseres\'','\'Mauro Cáseres\'','HHV_5372cf517fac45b58676957cbf363ed0',66801),('\'Joseph Long (hwbxr)\'','\'Joseph Long (hwbxr)\'','HHV_934995cff6258ff0c00030719c889344',66802),('\'rehr\'','\'rehr\'','HHV_4b18c8c8456997f085553501cafd3a35',66803),('\'bombnav\'','\'bombnav\'','HHV_8367a404101a8e0f0a523d40d6c5230f',66804),('\'Josh Marks\'','\'Josh Marks\'','HHV_01adad0a892e8937ad907d78691e2fbc',66805),('\'ShortTie\'','\'ShortTie\'','HHV_e5c1a8952efb9a5585d275947364b9d3',66806),('\'Joseph Long (hwbxr)\'','\'Joseph Long (hwbxr)\'','HHV_e48914e146d22cf4e583ef0b86f533ab',66807),('\'bombnav\'','\'bombnav\'','HHV_518432397aeba302c1de531118df39fb',66808),('\'Joseph Long (hwbxr)\'','\'Joseph Long (hwbxr)\'','HHV_768e4e155cfd7f3f7b41372b89d748ea',66809),('\'ShortTie\'','\'ShortTie\'','HHV_2c736a52533cda5f8300434011af038c',66810),('\'Joseph Long (hwbxr)\'','\'Joseph Long (hwbxr)\'','HHV_c5ee0c46034ed648623b4b3218e34b3c',66811),('\'Chloé Messdaghi\'','\'Chloé Messdaghi\'','IOT_08830ce46f7e681693f12f925b7393ad',66812),('\'Besim Altinok\'','\'Besim Altinok\'','IOT_25522e6dd17e77db9971dcf23475b33b',66813),('\' \'','\' \'','IOT_835a81141115cb3b20a0c5ce6b1e107d',66814),('\'Denise Giusto Bilic\'','\'Denise Giusto Bilic\'','IOT_ac3d13ce0a3b6ac6e3b6e9c7f2c2dd38',66815),('\'Parker Wiksell\'','\'Parker Wiksell\'','IOT_28ea879c0356edab16d639e890cf1028',66816),('\'Netspooky\'','\'Netspooky\'','IOT_fef77557dd0d6e716c8273e45eac6d13',66817),('\' \'','\' \'','IOT_d779e520f2a87addad0bd5808be45571',66818),('\'Mark Bereza\'','\'Mark Bereza\'','IOT_85e109c32ca55f105a65662f2f3444dc',66819),('\'Troy Brown\'','\'Troy Brown\'','IOT_9814081c6a1fea6177d02f766a66943a',66820),('\'Barak Sternberg\'','\'Barak Sternberg\'','IOT_e58ef1fdfb5d328d454d238fb062b869',66821),('\'Dewank Pant\'','\'Dewank Pant\'','IOT_823101b05e6b7baf26fdca985b9305cc',66822),('\'Shruti Lohani\'','\'Shruti Lohani\'','IOT_823101b05e6b7baf26fdca985b9305cc',66823),('\'Garrett Enoch\'','\'Garrett Enoch\'','IOT_4d8a5749cef7b4452b366227a7a168f0',66824),('\'Trevor Stevado t1v0\'','\'Trevor Stevado t1v0\'','IOT_f7ac9ac544a36eb093a7dbbb7d832701',66825),('\'Daniel Gruss\'','\'Daniel Gruss\'','IOT_dc62a47fcb719a97323850ff29ce763f',66826),('\'CRob\'','\'CRob\'','IOT_dc62a47fcb719a97323850ff29ce763f',66827),('\'Lisa Bradley\'','\'Lisa Bradley\'','IOT_dc62a47fcb719a97323850ff29ce763f',66828),('\'Katie Noble\'','\'Katie Noble\'','IOT_dc62a47fcb719a97323850ff29ce763f',66829),('\'Omar Santos\'','\'Omar Santos\'','IOT_dc62a47fcb719a97323850ff29ce763f',66830),('\' Anders Fogh\'','\' Anders Fogh\'','IOT_dc62a47fcb719a97323850ff29ce763f',66831),('\'Jonathan Stines\'','\'Jonathan Stines\'','IOT_53e0e506cf8cf272cdc5534f54061786',66832),('\'Kat Fitzgerald\'','\'Kat Fitzgerald\'','IOT_63ac335c6d3d87ff478b31f79267df90',66833),('\'Matthew Byrdwell\'','\'Matthew Byrdwell\'','IOT_d6c0393fe7feaaff8b8feedcf3c113a8',66834),('\'Jack Mott\'','\'Jack Mott\'','PHVW_b955ed55fe747a7ada13f3c370796fcf',66835),('\'Jason Williams\'','\'Jason Williams\'','PHVW_b955ed55fe747a7ada13f3c370796fcf',66836),('\'Josh Stroschein\'','\'Josh Stroschein\'','PHVW_b955ed55fe747a7ada13f3c370796fcf',66837),('\'Elizabeth Biddlecome\'','\'Elizabeth Biddlecome\'','PHVW_f74c4b76262edb19b0e9ecb850c925a5',66838),('\'Irvin Lemus\'','\'Irvin Lemus\'','PHVW_f74c4b76262edb19b0e9ecb850c925a5',66839),('\'Kaitlyn Handleman\'','\'Kaitlyn Handleman\'','PHVW_f74c4b76262edb19b0e9ecb850c925a5',66840),('\'Sam Bowne\'','\'Sam Bowne\'','PHVW_f74c4b76262edb19b0e9ecb850c925a5',66841),('\'Jeswin Mathai\'','\'Jeswin Mathai\'','PHVW_be9c120d3af23220abe12a57256b7b7b',66842),('\'Nishant Sharma\'','\'Nishant Sharma\'','PHVW_be9c120d3af23220abe12a57256b7b7b',66843),('\'Michael Wylie\'','\'Michael Wylie\'','PHVW_ae36043e8ae0d988aa150659a005515e',66844),('\'Matt Toth\'','\'Matt Toth\'','PHVW_bbca83414da7716d1633c2bc5b9be9e2',66845),('\'Robert Wagner\'','\'Robert Wagner\'','PHVW_bbca83414da7716d1633c2bc5b9be9e2',66846),('\'Dhruv Verma\'','\'Dhruv Verma\'','PHVW_e949af1b92865d5b624ba2c926437453',66847),('\'Michael Roberts\'','\'Michael Roberts\'','PHVW_e949af1b92865d5b624ba2c926437453',66848),('\'Xiang Wen Kuan\'','\'Xiang Wen Kuan\'','PHVW_e949af1b92865d5b624ba2c926437453',66849),('\'Chet Hosmer\'','\'Chet Hosmer\'','PHVT_1e056300dd3b53583714d28b6a268730',66850),('\'Mike Raggo\'','\'Mike Raggo\'','PHVT_1e056300dd3b53583714d28b6a268730',66851),('\'Dr. Catherine Ullman\'','\'Dr. Catherine Ullman\'','PHVT_eb0bfbaca8394f2b6e11a595fd9c1e5a',66852),('\'C8 (John Hammond)\'','\'C8 (John Hammond)\'','PHVT_125d8a055e1abcfbbe60e8df759f47f6',66853),('\'Özkan Mustafa Akkus\'','\'Özkan Mustafa Akkus\'','PHVT_8d358e8e85ea8203079c6e153733358c',66854),('\'Sam Bowne\'','\'Sam Bowne\'','PHVT_f3b0d7372cbbb5e248e205658ee56d91',66855),('\'Chris Abella\'','\'Chris Abella\'','PHVT_67dc12384cc8569a0f54fb77197996a1',66856),('\'Pete Anderson\'','\'Pete Anderson\'','PHVT_67dc12384cc8569a0f54fb77197996a1',66857),('\' \'','\' \'','CNE_2845126f214c777705d4a34607cd56ea',66858),('\' \'','\' \'','CNE_2ed3e7b3b86f153c7826f0b5f818edee',66859),('\' \'','\' \'','CNE_1547ef2fecf1e1db58737ff9c04d4cc9',66860),('\' \'','\' \'','CNE_29b6312ab2026fc2bd99fbc151c4e67c',66861),('\' \'','\' \'','CNE_36bffe8d359d6042abfc3a485194ffb1',66862),('\' \'','\' \'','CNE_ce356274063b964201876a9c850c8372',66863),('\' \'','\' \'','CNE_303aa50858462b2e9359eebec27c2c1e',66864),('\' \'','\' \'','CNE_aa6271264266d819b5fa9563f62dd90a',66865),('\' \'','\' \'','CNE_b6f542a956e4c0fa88e2129a00fa8d16',66866),('\' \'','\' \'','CNE_33f837ff5fd20eeaed1fc01bf2dd1ff6',66867),('\' \'','\' \'','CNE_03d7a56606fc080333af66ce54363bcd',66868),('\' \'','\' \'','CNE_b09a41ed81548370d136baa52f9a1041',66869),('\' \'','\' \'','CNE_936044f39c86f5c1347f77e0f6c758cb',66870),('\' \'','\' \'','CNE_0335d28c5500775f5bb02cacca80cb72',66871),('\' \'','\' \'','CNE_bfa695ea296b0392a790db15cfa4bac1',66872),('\' \'','\' \'','CNE_4bd53f83293866fe555ebddaa86bca01',66873),('\' \'','\' \'','CNE_484b48a53d9fc1d78fa8d5c0fa5def4d',66874),('\' \'','\' \'','CNE_36ad8af1a8e056aa4b43718a99768890',66875),('\' \'','\' \'','CNE_827660783ec7e399f8d80b57d546c2e8',66876),('\' \'','\' \'','CNE_f1841d85c111fdc0389deafed25b7c4f',66877),('\' \'','\' \'','CNE_b0e6a8cad29c4c404c27ad82056da2c5',66878),('\' \'','\' \'','CNE_6ad1dee380678682857cd8fdcc1c9e00',66879),('\' \'','\' \'','CNE_5bc2e2f14d33ceb9df46515d2104c335',66880),('\' \'','\' \'','CNE_fc3aeff6dc3878001484338971aadd52',66881),('\' \'','\' \'','CNE_359512759dd4d5fbf918fd73e858b21e',66882),('\' \'','\' \'','CNE_9c9963909f7235fa23b431b8561b79ca',66883),('\' \'','\' \'','CNE_a290db8c7a5bab0300df962651d18b07',66884),('\' \'','\' \'','CNE_6b519b09e50984c3b10a13c7f9a3e31b',66885),('\' \'','\' \'','CNE_ea7bb677525d44ba05b9a7861c18b1f1',66886),('\' \'','\' \'','CNE_ea515561b068905a702007f1099dac9e',66887),('\' \'','\' \'','CNE_31f65ca2a4bab19d56f071a40806b223',66888),('\' \'','\' \'','CNE_cc3deccceb8989f29b0ca396a0b76461',66889),('\' \'','\' \'','CNE_7cf2f27d64857e6664e61cb2a82a9f8c',66890),('\' \'','\' \'','CNE_53bbe6e4eed0019c86c34c0443472cbc',66891),('\' \'','\' \'','CNE_43c64f6912982b5cce6e697576e12ac1',66892),('\' \'','\' \'','CNE_da535b2ffb83acb74515f6257e224022',66893),('\' \'','\' \'','CNE_1d49f1eee97bb1375b1f4f715c33915a',66894),('\' \'','\' \'','AEV_0b95a3a2967ff8de2b5448dcee585367',66895),('\' \'','\' \'','AEV_eb443b0269a83d7ad222a4a7331ff942',66896),('\' \'','\' \'','AEV_3710e2bb0270eeecf56ed783b7c36950',66897),('\' \'','\' \'','CNE_f27daae1c45038c5d2aa6c58e7626839',66898),('\' \'','\' \'','CNE_17e54351f4668a054beb6efbe9c37e29',66899),('\' \'','\' \'','CNE_9c1218082c54affb322834fda6412bc7',66900),('\' \'','\' \'','CNE_4d5aeaad8f2407744a518231c3dc8ac0',66901),('\' \'','\' \'','CNE_93935712fcc2357a114be6e85384869f',66902),('\' \'','\' \'','CNE_973b8e83788e58295710c7ca8e1fdad1',66903),('\' \'','\' \'','CNE_76d92a59f3e3b5d9c3a11cf923ba02b1',66904),('\' \'','\' \'','CNE_745a2ecf8a584d8c4c6dc898d235e9ab',66905),('\' \'','\' \'','CNE_18d84edb455d1187610c4cc5e97ba57d',66906),('\' \'','\' \'','CNE_cbd3ba0af87e7f3c51c231c46406143c',66907),('\' \'','\' \'','CNE_14a9d8515186be069b12c75dde0d3aff',66908),('\' \'','\' \'','CNE_beb04f2d6a3a1eb5d2c70d5579c52089',66909),('\' \'','\' \'','CNE_8fd9984c1d23d10395db480d1dc42d63',66910),('\' \'','\' \'','CNE_1bfb4e89cde0d4e463042308950ee264',66911),('\' \'','\' \'','CNE_0e2de4088bd6ca5937b4988f5d853d19',66912),('\' \'','\' \'','CNE_216c66058b23201f731c3821c7964163',66913),('\' \'','\' \'','CNE_856b96549dd3729a6e32d685fb444eb4',66914),('\' \'','\' \'','CNE_d2c1bc0ffc10caf85944d832559d17fa',66915),('\' \'','\' \'','CNE_f719fdf52ed96f187347cb5eb96d151a',66916),('\' \'','\' \'','CNE_63b4f5e6beeadd380c5b93251476a395',66917),('\' \'','\' \'','CNE_9b1835fbdfd01a45e226ff8b9241357a',66918),('\' \'','\' \'','CNE_6d0a024951ff9c10aa6862c7c3338f8e',66919),('\' \'','\' \'','CNE_f0e051ff177b592ecbcb00685b7ef4a1',66920),('\' \'','\' \'','CNE_95600c4b398a778ef7b4c37d031a3585',66921),('\' \'','\' \'','CNE_862ea1f6e58e74ad1aba5999741f2434',66922),('\' \'','\' \'','CNE_13b28f5a16bbc2aa99ff76506565a70c',66923),('\' \'','\' \'','CNE_e84b5ec99e7208cfbf17265b0e5fd335',66924),('\' \'','\' \'','CNE_f2c1f152c3e0c3aa30a802e515e74618',66925),('\' \'','\' \'','CNE_42c6e1f4ebe954782a92c0c35a858e98',66926),('\' \'','\' \'','CNE_1d0712f7194e0f5bfb94f8961f0f8531',66927),('\' \'','\' \'','CNE_f9ff0cc1e43e20795a8100364e9f6659',66928),('\' \'','\' \'','CNE_2b685a5d184685a723c6a4d4b04d5317',66929),('\' \'','\' \'','CNE_6361f125d70622b63f398e096224955e',66930),('\' \'','\' \'','CNE_5eb030c6c7c4ceef7eb34c4105ba6a9c',66931),('\' \'','\' \'','CNE_d54e009e7a87f340f315e779ab74d30f',66932),('\' \'','\' \'','CNE_c6546690bfd0b98379b044c2e7390062',66933),('\' \'','\' \'','CNE_865e6b7c47ea9b3fa87ccb70eb75f6ec',66934),('\' \'','\' \'','CNE_549309d7cded0fafbb49883d2b630e5d',66935),('\' \'','\' \'','CNE_7732e0d372242251cc08b2938f513b71',66936),('\' \'','\' \'','CNE_b04f435b866fcd938d2c7bceb263a93d',66937),('\' \'','\' \'','CNE_48cd3406b79fda2adb604c36dfeca463',66938),('\' \'','\' \'','CNE_cbb7dc11c72c19aabe98cb47300cfe1c',66939),('\' \'','\' \'','CNE_c6202907de8d99f539e5d6634739436a',66940),('\' \'','\' \'','CNE_4e4d79fbedbcb0709aff20d562857124',66941),('\' \'','\' \'','CNE_7c0ecc08a948769498def33fa498c434',66942),('\' \'','\' \'','CNE_afc3b880690387a8429d944957ee45ce',66943),('\' \'','\' \'','HRV_fb12e64b42c1d96fba5663e3e408916e',66944),('\' \'','\' \'','HRV_5c4c0d8cacaeaee55462084ea93883c9',66945),('\' \'','\' \'','HRV_7a6887932f1610634666981a0d39db72',66946),('\'Chris Nevin\'','\'Chris Nevin\'','DL_107b1f2ccdc2e467f2bfbfdbbaec6f29',66947),('\'Jakub Botwicz\'','\'Jakub Botwicz\'','DL_d0aaa0d836df09f658ddd754709f0830',66948),('\'Emilio Couto\'','\'Emilio Couto\'','DL_8aea0f1ba2162cde67d3e029988e96f2',66949),('\'Utku Sen\'','\'Utku Sen\'','DL_6a53ab228cf91df961ea0c70f5f91b92',66950),('\'Tomoaki Tani\'','\'Tomoaki Tani\'','DL_be9804a412f8799958c00eb63cbf7275',66951),('\'Shusei Tomonaga\'','\'Shusei Tomonaga\'','DL_be9804a412f8799958c00eb63cbf7275',66952),('\'Ajin Abraham\'','\'Ajin Abraham\'','DL_47a24cd72ca57c87807636600039578d',66953),('\'Viral Maniar\'','\'Viral Maniar\'','DL_713a1dbdcf9f0211160e5e9f636af107',66954),('\'Olivier Bilodeau\'','\'Olivier Bilodeau\'','DL_1e02c1670aa390a1dc5407871b77b2e0',66955),('\'Alexandre Beaulieu\'','\'Alexandre Beaulieu\'','DL_1e02c1670aa390a1dc5407871b77b2e0',66956),('\'Matthew Creel\'','\'Matthew Creel\'','DL_4e1efe0dfcdc2cd7758fb9973fd7f4c1',66957),('\'Vincent “Vinnybod†Rose\'','\'Vincent “Vinnybod†Rose\'','DL_a09e60741b05354c455f29ee8ec0d3b6',66958),('\' \'','\' \'','ENT_2e18b09b0edac21c3fcddec3471bc49a',66959),('\' \'','\' \'','ENT_ec6a6384e73a3ad2d7968863783d0ac8',66960),('\' \'','\' \'','ENT_f3d884ece555961993b5a62710409454',66961),('\' \'','\' \'','ENT_d1aac63cc3b9993322a639723bd712be',66962),('\' \'','\' \'','ENT_7de3ac1a91b18c0dd0fcc19153461a05',66963),('\' \'','\' \'','ENT_42968b35bbdd90b43827952ded251c85',66964),('\' \'','\' \'','ENT_cd7e744a03b0d9c95b07021e5154ef93',66965),('\' \'','\' \'','ENT_1e28d1aa29f7239e89ca302a36d03973',66966),('\' \'','\' \'','ENT_043ae4364236a59bbbea0f27421e6632',66967),('\' \'','\' \'','ENT_8cb5c77251e8124bf564360d3a02ece5',66968),('\' \'','\' \'','ENT_d8392b6494c475a5bcd19831c8d450d2',66969),('\' \'','\' \'','ENT_8823b270ee4cb6ae1f85cf97a1e9b242',66970),('\'JunWei Song\'','\'JunWei Song\'','BTVT1_81f16b6a29e99610dc0decd62b2be840',66971),('\'KunYu Chen\'','\'KunYu Chen\'','BTVT1_81f16b6a29e99610dc0decd62b2be840',66972),('\'Scoubi\'','\'Scoubi\'','BTVW1_b9b702967846dcf689c56b931d589e66',66973),('\'Connor Morley\'','\'Connor Morley\'','BTVT1_40d09c154da877610c73c2971829560d',66974),('\'Omenscan\'','\'Omenscan\'','BTVW1_3ee60099d5a84b5cbe44e0da28a8292d',66975),('\'corvusactual\'','\'corvusactual\'','BTVT1_adc2fbfa8bd67ba4e97991f5da996ae1',66976),('\'Joe Slowik\'','\'Joe Slowik\'','BTVW1_7fef523e1ede5aff76ad0c74ca7aa104',66977),('\'Jake Smith\'','\'Jake Smith\'','BTVT1_9aad67e328e8cf85188f436064fd53ca',66978),('\'Jack McDowell\'','\'Jack McDowell\'','BTVT1_9aad67e328e8cf85188f436064fd53ca',66979),('\'Ben Hughes\'','\'Ben Hughes\'','BTVW2_541c2fd888084e3f7b5ac5f72da12f8d',66980),('\'Ch33r10\'','\'Ch33r10\'','BTVT1_326ff932e4a464620930e6f6ddb2cea2',66981),('\'Mangatas Tondang\'','\'Mangatas Tondang\'','BTVT1_4df9cc819ca07196b4283b656e4b289e',66982),('\'Mauricio Velazco\'','\'Mauricio Velazco\'','BTVT1_2a24e8fc4b43f033bb2c4cbd15b8036a',66983),('\'TheDrPinky\'','\'TheDrPinky\'','BTVT1_0725d395956f1cf28e6498227b9b955a',66984),('\'Allen Baranov\'','\'Allen Baranov\'','BTVT1_af74f916ba04cd9a6210eb36fe26d33f',66985),('\'Holger Unterbrink\'','\'Holger Unterbrink\'','BTVT1_3b640af5e833a4bae35213ade5b149c0',66986),('\'David Bernal Michelena\'','\'David Bernal Michelena\'','BTVW1_95f07fd4b583848ef85b1fd0ad82b0c6',66987),('\'Michael Wylie\'','\'Michael Wylie\'','BTVW2_546e0f00b6a225911850ade8ffc01130',66988),('\'Juan Francisco\'','\'Juan Francisco\'','BTVT1_b36b9d26826d7dcbbcce33a424352556',66989),('\'Jose Miguel Gómez-Casero Marichal\'','\'Jose Miguel Gómez-Casero Marichal\'','BTVT1_b36b9d26826d7dcbbcce33a424352556',66990),('\'Andrew Chu\'','\'Andrew Chu\'','BTVW1_ab7d50c54739c14a6ab71864bee8a0c8',66991),('\'Allan Stojanovic\'','\'Allan Stojanovic\'','BTVT1_f952a1893a8d97573212cb73b41bd539',66992),('\'Spencer Cureton\'','\'Spencer Cureton\'','BTVT1_f952a1893a8d97573212cb73b41bd539',66993),('\'Omar Santos\'','\'Omar Santos\'','BTVW2_8ce57af8a3967d64a578181e60e6927d',66994),('\'Daniel Ward\'','\'Daniel Ward\'','BTVW1_5448b7096af54e85d1806fd26d8f81eb',66995),('\'Samuel Gasparro\'','\'Samuel Gasparro\'','BTVW1_5448b7096af54e85d1806fd26d8f81eb',66996),('\'Michael Wylie\'','\'Michael Wylie\'','BTVW1_385c3f08606c36717a527cacdff2126d',66997),('\'Sam Bowne\'','\'Sam Bowne\'','BTVW2_fc75dae892db74293df49773453dbd60',66998),('\'Ben Hughes\'','\'Ben Hughes\'','BTVW1_5273768381db33258c68a15d84d968cd',66999),('\'Wes Lambert\'','\'Wes Lambert\'','BTVW2_efb548a7774dba423c2ff5d7bfece649',67000),('\'Mark Morowczynski\'','\'Mark Morowczynski\'','BTVW1_b3f042279c0b467d5c31cf7f99910d7e',67001),('\'Joseph Mlodzìanowskì (cedoXx)\'','\'Joseph Mlodzìanowskì (cedoXx)\'','RTV_e366cefe7d81b56ceccb999d2e8ecd89',67002),('\'Omar Ωr\'','\'Omar Ωr\'','RTV_e366cefe7d81b56ceccb999d2e8ecd89',67003),('\'Jason Haddix\'','\'Jason Haddix\'','RTV_a0ecadb98994747729ca6206ef748f6c',67004),('\'Kat Fitzgerald\'','\'Kat Fitzgerald\'','RTV_815dd86552e6bbaeeed548d2432eaf37',67005),('\'Christopher Cottrell\'','\'Christopher Cottrell\'','RTV_0855456ac9f61466129689057e0f860d',67006),('\'Farith Perez\'','\'Farith Perez\'','RTV_56df6ee1b5e8a752dd68285544ff02c8',67007),('\'Mauro Cáseres\'','\'Mauro Cáseres\'','RTV_56df6ee1b5e8a752dd68285544ff02c8',67008),('\'Ryan Elkins\'','\'Ryan Elkins\'','RTV_952e3ecb7188b559de6503aed05dd421',67009),('\'Jorge Orchilles\'','\'Jorge Orchilles\'','RTV_a4c824557d65bae87a1825f38273c621',67010),('\'Gabriel Ryan\'','\'Gabriel Ryan\'','RTV_d8192d4e739afcd4ac51f0582104651f',67011),('\'Forrest Fuqua\'','\'Forrest Fuqua\'','RTV_53e9f6adb30f9e4ee846dc2772b67966',67012),('\'KürÅŸat OÄŸuzhan Akıncı\'','\'KürÅŸat OÄŸuzhan Akıncı\'','RTV_3aea1492db6c9bbdd7d098bc0e2dcbb5',67013),('\'Mert Can CoÅŸkuner\'','\'Mert Can CoÅŸkuner\'','RTV_3aea1492db6c9bbdd7d098bc0e2dcbb5',67014),('\'Shay Nehmad\'','\'Shay Nehmad\'','RTV_c9aa0be2fe6f1f02a17fe41924eb25c8',67015),('\'Kyle Benac (aka @B3nac)\'','\'Kyle Benac (aka @B3nac)\'','RTV_8997820996e2e5358154c629bc09fa43',67016),('\'Kaustubh Padwad\'','\'Kaustubh Padwad\'','RTV_5222bb2ce36e562c0e32c6ef1bc956a5',67017),('\'Joseph Mlodzìanowskì (cedoXx)\'','\'Joseph Mlodzìanowskì (cedoXx)\'','RTV_51e0d1312c1c7bb9e51997fc0672368d',67018),('\'Omar Ωr\'','\'Omar Ωr\'','RTV_51e0d1312c1c7bb9e51997fc0672368d',67019),('\'Chris Wysopal\'','\'Chris Wysopal\'','RTV_4c2b7e90f30ea56d7b5850407e5bf722',67020),('\'Tanner Barnes (aka @_StaticFlow_)\'','\'Tanner Barnes (aka @_StaticFlow_)\'','RTV_4b00f6f1d340dc5bbd58a19280ffe90a',67021),('\'NahamSec\'','\'NahamSec\'','RTV_4b00f6f1d340dc5bbd58a19280ffe90a',67022),('\'Daniel Gruss\'','\'Daniel Gruss\'','RTV_35d4f586427a4141fecb7aa215df784a',67023),('\'CRob\'','\'CRob\'','RTV_35d4f586427a4141fecb7aa215df784a',67024),('\'Lisa Bradley\'','\'Lisa Bradley\'','RTV_35d4f586427a4141fecb7aa215df784a',67025),('\'Katie Noble\'','\'Katie Noble\'','RTV_35d4f586427a4141fecb7aa215df784a',67026),('\'Omar Santos\'','\'Omar Santos\'','RTV_35d4f586427a4141fecb7aa215df784a',67027),('\' Anders Fogh\'','\' Anders Fogh\'','RTV_35d4f586427a4141fecb7aa215df784a',67028),('\'Guillermo Buendia\'','\'Guillermo Buendia\'','RTV_36e8c6aabb02a904f8d67c21b38913d8',67029),('\'Allie Mellen\'','\'Allie Mellen\'','RTV_5da47986e4f236465f4813e15b76e1f0',67030),('\'Chloé Messdaghi\'','\'Chloé Messdaghi\'','RTV_53404a27a4197bdb1f3f6238246978c0',67031),('\'Justin Hutchens (“Hutchâ€)\'','\'Justin Hutchens (“Hutchâ€)\'','RTV_29841c13a875a6dd5d07375f2cba5e91',67032),('\'Michael Wylie\'','\'Michael Wylie\'','RTV_6a7de9807a6a113c038cc545998e0f3b',67033),('\'Alvaro Folgado Rueda\'','\'Alvaro Folgado Rueda\'','RTV_9b008b1e79e80389ec9ae4966740141f',67034),('\'Travis Palmer\'','\'Travis Palmer\'','RTV_af928dad59ee71f4c1e5ba2961be97d6',67035),('\'Tyler Boykin\'','\'Tyler Boykin\'','RTV_1fd41f807db9b6ed33e125e3744488bd',67036),('\'Fran Ramirez\'','\'Fran Ramirez\'','RTV_faf4b4bc1a37e81006259eed80bcf337',67037),('\'Pablo Gonzalez\'','\'Pablo Gonzalez\'','RTV_faf4b4bc1a37e81006259eed80bcf337',67038),('\'Austin Marck\'','\'Austin Marck\'','RTV_8f16854f731302430b191bfcb66f014a',67039),('\'Dr Lorenz Adlung\'','\'Dr Lorenz Adlung\'','RTV_42500264ae101a2024754de1da58ba1a',67040),('\'Noa Novogroder\'','\'Noa Novogroder\'','RTV_42500264ae101a2024754de1da58ba1a',67041),('\'Sajal Thomas\'','\'Sajal Thomas\'','RTV_8c87d809d5202bbb6a3b619fe45f16f7',67042),('\'Erdener Uyan\'','\'Erdener Uyan\'','RTV_9a94b67754faa27e25aa99aa4feb1f2d',67043),('\'Gökberk Gülgün\'','\'Gökberk Gülgün\'','RTV_9a94b67754faa27e25aa99aa4feb1f2d',67044),('\'Petros Koutroumpis\'','\'Petros Koutroumpis\'','RTV_7099bcaf89b007128ff1d8ed7ac87925',67045),('\'Tim Wadhwa-Brown\'','\'Tim Wadhwa-Brown\'','RTV_b974214be293dc720b5edb6fdcde79b0',67046),('\'Eduardo Arriols\'','\'Eduardo Arriols\'','RTV_f473decaec0e8525f56f269a3bf3ecd5',67047),('\'Daniel Miessler\'','\'Daniel Miessler\'','RTV_67442b531ed56efecbcb5df14aec5ee2',67048),('\'Leron Gray\'','\'Leron Gray\'','RTV_b710c90cb63df822654236a5ee613e86',67049),('\'Walter Cuestas\'','\'Walter Cuestas\'','RTV_6dd4577270b401b00e2e8f5fd937386f',67050),('\'Phillip Wylie\'','\'Phillip Wylie\'','RTV_21891e9f4754958d6512e221179ad2da',67051),('\'Jonathan Helmus\'','\'Jonathan Helmus\'','RTV_9ce8ce9810252beadafb9c46855cdcb6',67052),('\'Evan Anderson\'','\'Evan Anderson\'','RTV_10e8f2dd4399411e3a9abbd4c1e40c34',67053),('\'Anthony Rose\'','\'Anthony Rose\'','RTV_f84083e1d413425e18a34292bebb6ea5',67054),('\'Jake “Hubbl3†Krasnov\'','\'Jake “Hubbl3†Krasnov\'','RTV_f84083e1d413425e18a34292bebb6ea5',67055),('\'Ch33r10\'','\'Ch33r10\'','RTV_2825773042dcac52ce356899524ebed2',67056),('\'haydnjohnson\'','\'haydnjohnson\'','RTV_2825773042dcac52ce356899524ebed2',67057),('\'Adam Pennington\'','\'Adam Pennington\'','RTV_f1d158260f41d855f12f584d0d7b86cd',67058),('\'Apurv Singh Gautam\'','\'Apurv Singh Gautam\'','RTV_c7bcfb3d5539a11aea2712eb224b7443',67059),('\'Ali Abdollahi\'','\'Ali Abdollahi\'','RTV_7d34d0972304ae9685e2331baeb5ac48',67060),('\'Luis Ãngel RamÃrez Mendoza (@larm182luis)\'','\'Luis Ãngel RamÃrez Mendoza (@larm182luis)\'','RTV_f31c84d845f681c684067516f3e54574',67061),('\'Mauro Cáseres\'','\'Mauro Cáseres\'','RTV_f31c84d845f681c684067516f3e54574',67062),('\'Nicolas MATTIOCCO\'','\'Nicolas MATTIOCCO\'','RTV_6289c2189a9923ef74e233afce184a58',67063),('\'Etizaz Mohsin\'','\'Etizaz Mohsin\'','RTV_42af99819d464dafb01afa97d193ea40',67064),('\'Mert Can CoÅŸkuner\'','\'Mert Can CoÅŸkuner\'','RTV_3ce837480af6efe1ec2770e54c2c6428',67065),('\'Ibad Shah\'','\'Ibad Shah\'','RTV_6155c5c0ab4e50245f4ffa828465b226',67066),('\'Mazin Ahmed\'','\'Mazin Ahmed\'','RTV_d2f3382974971319acddab6bdc8c59d9',67067),('\'Chris Kubecka\'','\'Chris Kubecka\'','RTV_39367be21d32c37731a2375a433c6d3d',67068),('\'Ankur Chowdhary\'','\'Ankur Chowdhary\'','RTV_1c7b2ccec93dd02d15bc1a323cf3fc65',67069),('\'Madhu Akula\'','\'Madhu Akula\'','RTV_ae83a7dccdcc407c6351e3f3ce5b82ed',67070),('\'Corey Ham\'','\'Corey Ham\'','RTV_29300ebfd40c4449a1d187d25cc7e8dc',67071),('\'Matt Eidelberg\'','\'Matt Eidelberg\'','RTV_29300ebfd40c4449a1d187d25cc7e8dc',67072),('\'Lee Wangenheim\'','\'Lee Wangenheim\'','RTV_d805893ba7fa8e505dc6d0a96bfd68fe',67073),('\'Adam Mashinchi\'','\'Adam Mashinchi\'','RTV_a0aaf5c9c2e7f460632ddc15ea8cee62',67074),('\'José Hernandez\'','\'José Hernandez\'','RTV_eb261f89cc92caf4c7ce260571850f28',67075),('\'Rod Soto\'','\'Rod Soto\'','RTV_eb261f89cc92caf4c7ce260571850f28',67076),('\'Joseph Mlodzìanowskì (cedoXx)\'','\'Joseph Mlodzìanowskì (cedoXx)\'','RTV_90ce9583a121cfe41be561ae8540fee7',67077),('\'Omar Ωr\'','\'Omar Ωr\'','RTV_90ce9583a121cfe41be561ae8540fee7',67078),('\'TimDotZero\'','\'TimDotZero\'','BTVW1_f7c066374651df4069adeabc2a948677',67079),('\'Josh\'','\'Josh\'','BTVW1_b324799d38a67a82924f92899e733195',67080),('\' \'','\' \'','CNE_8588177c8df3c3638af266163f344c8b',67081),('\' \'','\' \'','CNE_cd3d2a0eae76666df57d8fc7bca3072b',67082),('\' \'','\' \'','CNE_b5978d527c27756b22620e0fd2e83ec4',67083),('\' \'','\' \'','CNE_1cbccae4ec06ce30f380c7b25dd56b44',67084),('\' \'','\' \'','CNE_498ccc6c5096a2d94ce3a133e70c9f22',67085),('\' \'','\' \'','CNE_0b5394a32de9a195c13c40a5c9153e40',67086),('\'Maddie Stone\'','\'Maddie Stone\'','ASV_92dfc86efa8fe5eeea5e21213d6393c4',67087),('\'Kelley Robinson\'','\'Kelley Robinson\'','ASV_81332ab477f9709afbdbb8f36f9d066f',67088),('\'Graham Bleaney\'','\'Graham Bleaney\'','ASV_b9bffa790805839713be488e27ee94df',67089),('\'Paul Amar\'','\'Paul Amar\'','ASV_f301c198a546b460bad2695068f6e964',67090),('\'Stanislas Molveau\'','\'Stanislas Molveau\'','ASV_f301c198a546b460bad2695068f6e964',67091),('\'João Morais\'','\'João Morais\'','ASV_2d0e4df41e64f33b7686915f05338f16',67092),('\'Pedro Umbelino\'','\'Pedro Umbelino\'','ASV_2d0e4df41e64f33b7686915f05338f16',67093),('\'David Sopas\'','\'David Sopas\'','ASV_c7cef74db97104c4f3a09e755e7d79cb',67094),('\'Paulo Silva\'','\'Paulo Silva\'','ASV_c7cef74db97104c4f3a09e755e7d79cb',67095),('\'Mário Areias\'','\'Mário Areias\'','ASV_4cf9395f2bf9d7af98f25df2d4f8ce2f',67096),('\'Louis Nyffenegger\'','\'Louis Nyffenegger\'','ASV_c64dc6682a6d24371321b3970bd2467b',67097),('\'Fredrick \"Flee\" Lee\'','\'Fredrick \"Flee\" Lee\'','ASV_e24d6e3bda8cc9817e9168d8e696492e',67098),('\'Joe Schottman\'','\'Joe Schottman\'','ASV_851e5799b050afd10f19e1ede09f65ca',67099),('\'Gregg Horton\'','\'Gregg Horton\'','ASV_ae52e8d183a4b2fd2b8bdab0d034dbad',67100),('\'Ryan Slama\'','\'Ryan Slama\'','ASV_ae52e8d183a4b2fd2b8bdab0d034dbad',67101),('\'Jarrod Overson\'','\'Jarrod Overson\'','ASV_eaaa16977313e53d92db06cbb9b47058',67102),('\'David Waldrop\'','\'David Waldrop\'','ASV_4bb5ca81a085dd7b90356280bd031e98',67103),('\'Joe Schottman\'','\'Joe Schottman\'','ASV_2c385b54dd1aaaa780273dc44b09a291',67104),('\'Parsia Hakimian\'','\'Parsia Hakimian\'','ASV_136c1618045201cfaa4fe484eb079b1c',67105),('\'Phillip Marlow\'','\'Phillip Marlow\'','ASV_c68e9df1f16b6de942353b961dfc82af',67106),('\'Christian Schneider\'','\'Christian Schneider\'','ASV_9fad99ff9b6321bdd75b8fc3f11d548e',67107),('\'Ali Abdollahi\'','\'Ali Abdollahi\'','ASV_6ea2f19e05a150e43c0e2e7b3285a946',67108),('\'Chloé Messdaghi\'','\'Chloé Messdaghi\'','ASV_59b38336265649c478329a66dd401e1d',67109),('\'Mehmet D. Ince\'','\'Mehmet D. Ince\'','ASV_07bc7d083f59a9d55b05caa391469ae8',67110),('\'Philipp Krenn\'','\'Philipp Krenn\'','ASV_436b060220dbf2d25c4a658a8d0fb22e',67111),('\'Vandana Verma Sehgal\'','\'Vandana Verma Sehgal\'','ASV_cd907940f6599c39c713e2d053e6499e',67112),('\'rehr\'','\'rehr\'','MOV_c2e430fd4146fb13dd4d6a6ea4b5a0ee',67113),('\'Dr. Daniel Kim\'','\'Dr. Daniel Kim\'','MOV_ab9a44082434afa6923c882a5d5f66b9',67114),('\'Dr. Francisco \"ArticMine\" Cabañas\'','\'Dr. Francisco \"ArticMine\" Cabañas\'','MOV_fd73fd8879d1af1149ae760e0a416bcb',67115),('\'Michael Schloh von Bennewitz\'','\'Michael Schloh von Bennewitz\'','MOV_5586dfaf08c25163cf06b40c23960716',67116),('\'Michael Schloh von Bennewitz\'','\'Michael Schloh von Bennewitz\'','MOV_6fd1e8ae6934f085e67c60087a348507',67117),('\'rehr\'','\'rehr\'','MOV_c9ae5fdfeeeec7938b951fafb5f92760',67118),('\'Dr. Daniel Kim\'','\'Dr. Daniel Kim\'','MOV_fb22824c1426f69a9e42d2534daedefa',67119),('\'Sarang\'','\'Sarang\'','MOV_0241ed309fe9de2b73abd62dabbe2937',67120),('\'Michael Schloh von Bennewitz\'','\'Michael Schloh von Bennewitz\'','MOV_9059140fc83b5fdc86eba4d01119e6e9',67121),('\'rehr\'','\'rehr\'','MOV_2801ee5f0d192db2f9e23aa06edec1da',67122),('\'idk\'','\'idk\'','MOV_18fd5cb7e38396429cb26e3688d9d681',67123),('\'Dr. Daniel Kim\'','\'Dr. Daniel Kim\'','MOV_5d6d96679369c296b74c0157bed3719d',67124),('\'sgp\'','\'sgp\'','MOV_023a971480a2222d66a3f81cf8e35b61',67125),('\'Randy Brito\'','\'Randy Brito\'','MOV_661d3951fb6f73168c2fc2a90781cf47',67126),('\'Michael Schloh von Bennewitz\'','\'Michael Schloh von Bennewitz\'','MOV_3bad504d98ad8d07e2986e13a3f0ddbc',67127),('\'rehr\'','\'rehr\'','MOV_fa5f9c9e0312b1e8b9b2aa7b3d4aa908',67128),('\'Katelyn Bowden\'','\'Katelyn Bowden\'','FSL_c351a5ad71d9a83b06a45040f0135732',67129),('\'Rachel Lamp\'','\'Rachel Lamp\'','FSL_c351a5ad71d9a83b06a45040f0135732',67130),('\'Allie Barnes\'','\'Allie Barnes\'','FSL_c351a5ad71d9a83b06a45040f0135732',67131),('\'Kate Venable\'','\'Kate Venable\'','FSL_c351a5ad71d9a83b06a45040f0135732',67132),('\'Marleigh Farlow\'','\'Marleigh Farlow\'','FSL_c351a5ad71d9a83b06a45040f0135732',67133),('\'Tim Doomsday\'','\'Tim Doomsday\'','FSL_c351a5ad71d9a83b06a45040f0135732',67134),('\'The Open Orginisation Of Lockpickers\'','\'The Open Orginisation Of Lockpickers\'','LPV_8fd808e3bb49332f0d9680fea576fdac',67135),('\'The Open Orginisation Of Lockpickers\'','\'The Open Orginisation Of Lockpickers\'','LPV_cc9ed5dcc7709d24bc84af394ff84b0b',67136),('\'The Open Orginisation Of Lockpickers\'','\'The Open Orginisation Of Lockpickers\'','LPV_d797cb871f4e4a770284a959c6733f8b',67137),('\'The Open Orginisation Of Lockpickers\'','\'The Open Orginisation Of Lockpickers\'','LPV_ec97331401b7c20c309dd920724f1f6f',67138),('\'The Open Orginisation Of Lockpickers\'','\'The Open Orginisation Of Lockpickers\'','LPV_50bcdc67b9334e4c8cd6b55f86aa76eb',67139),('\'The Open Orginisation Of Lockpickers\'','\'The Open Orginisation Of Lockpickers\'','LPV_ee84ddc85cfeaf2170435a4ff55e50b5',67140),('\'The Open Orginisation Of Lockpickers\'','\'The Open Orginisation Of Lockpickers\'','LPV_14789d9bcebd1a5e32f792c79bf1d227',67141),('\'The Open Orginisation Of Lockpickers\'','\'The Open Orginisation Of Lockpickers\'','LPV_fa4dec1dc5c0952c9f46b585b822d936',67142),('\'The Open Orginisation Of Lockpickers\'','\'The Open Orginisation Of Lockpickers\'','LPV_28640b7a458047f60dafc37920f9943d',67143),('\'The Open Orginisation Of Lockpickers\'','\'The Open Orginisation Of Lockpickers\'','LPV_053721b1cd20df875e5948b7fd667d10',67144),('\'The Open Orginisation Of Lockpickers\'','\'The Open Orginisation Of Lockpickers\'','LPV_455ff38a514fd7cd4cb2c522b0cdc904',67145),('\'The Open Orginisation Of Lockpickers\'','\'The Open Orginisation Of Lockpickers\'','LPV_cddef4fa628240c1e88ac752b5f60bcc',67146),('\'Tony Virelli\'','\'Tony Virelli\'','LPV_c7b9e04a8f18d1dacd673a8ee4f0352b',67147),('\'d1dymu5\'','\'d1dymu5\'','LPV_042a023d01ac0af1393a1936193e7de4',67148),('\'Dylan The Magician\'','\'Dylan The Magician\'','LPV_fd68f15d1712230a6e887ba118c84eca',67149),('\'zeefeene\'','\'zeefeene\'','LPV_9912a70c4b56a8150094dd485bb22441',67150),('\'Preston Thomas\'','\'Preston Thomas\'','LPV_8b50d4b3cf0fda47c7aee729c68fa349',67151),('\'John the Greek\'','\'John the Greek\'','LPV_6e3a2e4df982c20e3aea67f70689c9b4',67152),('\'N∅thing\'','\'N∅thing\'','LPV_2e4bffb645a28fd5381e2974591bc7b2',67153),('\'Jared Dygert\'','\'Jared Dygert\'','LPV_d9a24fd76dcf3e6d03db0732a2ada147',67154),('\'Austin Marck\'','\'Austin Marck\'','LPV_653dacd14ab4eda2f92f6fb175f17090',67155),('\'N∅thing\'','\'N∅thing\'','LPV_d72f3516cd934e40980c681aab13b758',67156),('\'Hanno Böck\'','\'Hanno Böck\'','CPV_fac867383089d1226d94427bed72d38b',67157),('\'Akira Takahashi\'','\'Akira Takahashi\'','CPV_714e2692effecb56f69986b116b7728e',67158),('\'F. Novaes\'','\'F. Novaes\'','CPV_714e2692effecb56f69986b116b7728e',67159),('\'M. Tibouchi\'','\'M. Tibouchi\'','CPV_714e2692effecb56f69986b116b7728e',67160),('\'Y. Yarom\'','\'Y. Yarom\'','CPV_714e2692effecb56f69986b116b7728e',67161),('\'Diego F. Aranha\'','\'Diego F. Aranha\'','CPV_714e2692effecb56f69986b116b7728e',67162),('\'Eivind Arvesen\'','\'Eivind Arvesen\'','CPV_6bb1b1cb05f34050ff79c4126e2d48e9',67163),('\'Mansi Sheth\'','\'Mansi Sheth\'','CPV_d88402da88ae45d4151ce807423d38e7',67164),('\'Mansi Sheth\'','\'Mansi Sheth\'','CPV_342a60a6a44f92d5965644947ce479a1',67165),('\'Avi Zajac\'','\'Avi Zajac\'','CPV_481b70926ff14b4120cdcfbd6e3a45b0',67166),('\'Franchesca Spektor\'','\'Franchesca Spektor\'','CPV_481b70926ff14b4120cdcfbd6e3a45b0',67167),('\'Ji Su Yoo\'','\'Ji Su Yoo\'','CPV_481b70926ff14b4120cdcfbd6e3a45b0',67168),('\'Nicole Chi\'','\'Nicole Chi\'','CPV_481b70926ff14b4120cdcfbd6e3a45b0',67169),('\'Matt Cheung\'','\'Matt Cheung\'','CPV_7ec54c9d70aba107a19c7b91778c2861',67170),('\'Cathy Gellis\'','\'Cathy Gellis\'','CPV_eabf7fbc7a67d601d6ba475ce1566066',67171),('\'Riana Pfefferkorn\'','\'Riana Pfefferkorn\'','CPV_eabf7fbc7a67d601d6ba475ce1566066',67172),('\'I. Shaheem\'','\'I. Shaheem\'','CPV_3b26121088884752f853ab4ecffae968',67173),('\'Neil M\'','\'Neil M\'','CPV_7078ced214bd83d13685a1fd9b67d68d',67174),('\'C. Nadal\'','\'C. Nadal\'','CPV_b8b3c6e152c341ea27e6739a2914abe7',67175),('\'J. DeBlois\'','\'J. DeBlois\'','CPV_b8b3c6e152c341ea27e6739a2914abe7',67176),('\'M. DeBlois\'','\'M. DeBlois\'','CPV_b8b3c6e152c341ea27e6739a2914abe7',67177),('\'Z. Anderson\'','\'Z. Anderson\'','CPV_b8b3c6e152c341ea27e6739a2914abe7',67178),('\'Aditi Joshi\'','\'Aditi Joshi\'','CPV_7b15c9489df8e6a0f7602d72f1a25191',67179),('\'Ben Brook\'','\'Ben Brook\'','CPV_aabcdc0d730311e642d5897ea7ec2389',67180),('\'Maritza Johnson\'','\'Maritza Johnson\'','CPV_aabcdc0d730311e642d5897ea7ec2389',67181),('\'Megan DeBlois\'','\'Megan DeBlois\'','CPV_aabcdc0d730311e642d5897ea7ec2389',67182),('\'Zach Singleton\'','\'Zach Singleton\'','CPV_aabcdc0d730311e642d5897ea7ec2389',67183),('\'Per Thorsheim\'','\'Per Thorsheim\'','CPV_5d9016bafdea02c57a6a41c61bad4ee7',67184),('\'Emily Stamm\'','\'Emily Stamm\'','CPV_1212811252b67989e9f0d2ecfa0e264d',67185),('\'Porter Adams\'','\'Porter Adams\'','CPV_1212811252b67989e9f0d2ecfa0e264d',67186),('\'Cecilie Wian\'','\'Cecilie Wian\'','CPV_3e1f7387a0cb6a8a768657c0cee20d88',67187),('\'Avi Zajac\'','\'Avi Zajac\'','CPV_6b20c1a053a6488d021cfa49e46c848e',67188),('\'Franchesca Spektor\'','\'Franchesca Spektor\'','CPV_6b20c1a053a6488d021cfa49e46c848e',67189),('\'Ji Su Yoo\'','\'Ji Su Yoo\'','CPV_6b20c1a053a6488d021cfa49e46c848e',67190),('\'Nicole Chi\'','\'Nicole Chi\'','CPV_6b20c1a053a6488d021cfa49e46c848e',67191),('\'Julia Reinhardt\'','\'Julia Reinhardt\'','CPV_9023f3c9f5b76bd1eba0967287fea500',67192),('\'Zhanna Malekos Smith\'','\'Zhanna Malekos Smith\'','CPV_01ede90ce04330be8d034b70ab03fb23',67193),('\'Kelley Robinson\'','\'Kelley Robinson\'','CPV_0bddc1bde9a88e486b2d8750ed7af681',67194),('\'Avi Zajac\'','\'Avi Zajac\'','CPV_82b6bf37eb39abf7291d19460e3ccd1e',67195),('\'Franchesca Spektor\'','\'Franchesca Spektor\'','CPV_82b6bf37eb39abf7291d19460e3ccd1e',67196),('\'Ji Su Yoo\'','\'Ji Su Yoo\'','CPV_82b6bf37eb39abf7291d19460e3ccd1e',67197),('\'Nicole Chi\'','\'Nicole Chi\'','CPV_82b6bf37eb39abf7291d19460e3ccd1e',67198),('\'David Kane-Parry\'','\'David Kane-Parry\'','CPV_47c94458f3dad6cec8efef790cebfb61',67199),('\' \'','\' \'','AEV_e11c52d5ce24415aaa3b59749d4536af',67200),('\'Chris Krebs\'','\'Chris Krebs\'','AEV_254fd34b5a3ecb62b7032c1242126a75',67201),('\'Dr Will Roper\'','\'Dr Will Roper\'','AEV_254fd34b5a3ecb62b7032c1242126a75',67202),('\'Pete Cooper\'','\'Pete Cooper\'','AEV_254fd34b5a3ecb62b7032c1242126a75',67203),('\'Matt Gaffney\'','\'Matt Gaffney\'','AEV_8f05148f1be4ace5668d1cb158eec604',67204),('\'Matt Murray\'','\'Matt Murray\'','AEV_a85908bcdcf03c9130eddfbaf437c7b3',67205),('\'Harshad Sathaye\'','\'Harshad Sathaye\'','AEV_2b5280e9695cf24b0335f65f9f581763',67206),('\'Katie Noble\'','\'Katie Noble\'','AEV_e9b3fa37141f2c6d0e0b2b8b95fc43e3',67207),('\'Al Burke\'','\'Al Burke\'','AEV_e9b3fa37141f2c6d0e0b2b8b95fc43e3',67208),('\'Jeff Troy\'','\'Jeff Troy\'','AEV_e9b3fa37141f2c6d0e0b2b8b95fc43e3',67209),('\'Jen Ellis\'','\'Jen Ellis\'','AEV_e9b3fa37141f2c6d0e0b2b8b95fc43e3',67210),('\'John Craig\'','\'John Craig\'','AEV_e9b3fa37141f2c6d0e0b2b8b95fc43e3',67211),('\'Randy Talley (CISA)\'','\'Randy Talley (CISA)\'','AEV_e9b3fa37141f2c6d0e0b2b8b95fc43e3',67212),('\'Sidd Gejji\'','\'Sidd Gejji\'','AEV_e9b3fa37141f2c6d0e0b2b8b95fc43e3',67213),('\'Patrick Kiley\'','\'Patrick Kiley\'','AEV_2b77fa14670442a44ab10ac449a7428c',67214),('\'Eric Escobar\'','\'Eric Escobar\'','AEV_f818309e98af0270bb409f59e5f25347',67215),('\' \'','\' \'','AEV_21559462ab8482607627b42845bff186',67216),('\'Brandon Bailey\'','\'Brandon Bailey\'','AEV_df4d70af4935a305485cb1bea1a3a0c3',67217),('\'Javad Dadgar\'','\'Javad Dadgar\'','AEV_9605d2a6f606c3baeea69c5c070de6e4',67218),('\'Mohammad-Reza Zamiri\'','\'Mohammad-Reza Zamiri\'','AEV_9605d2a6f606c3baeea69c5c070de6e4',67219),('\'Reza Dorosti\'','\'Reza Dorosti\'','AEV_9605d2a6f606c3baeea69c5c070de6e4',67220),('\' \'','\' \'','AEV_d7ebbed1cee5c98ca9f13eca6a2816c5',67221),('\'Rick Hansen\'','\'Rick Hansen\'','AEV_7da7f924c7b8d0b89ddf36510cce59af',67222),('\'Erin Miller\'','\'Erin Miller\'','AEV_6c96ed58bcb58778a4e12782fb554690',67223),('\'Jeff Troy\'','\'Jeff Troy\'','AEV_6c96ed58bcb58778a4e12782fb554690',67224),('\'Ken Munro\'','\'Ken Munro\'','AEV_6c96ed58bcb58778a4e12782fb554690',67225),('\'Matthew Gaffney\'','\'Matthew Gaffney\'','AEV_6c96ed58bcb58778a4e12782fb554690',67226),('\'Pete Cooper\'','\'Pete Cooper\'','AEV_6c96ed58bcb58778a4e12782fb554690',67227),('\'Matt Smith\'','\'Matt Smith\'','AEV_d46814e2d419cb71c0fdcb7c1e1021a4',67228),('\'Jay Angus\'','\'Jay Angus\'','AEV_4d9992986135e4f959c1346d4feb1955',67229),('\'Allan Tart\'','\'Allan Tart\'','AEV_b1d8f2dbcad397aa97d74f473d38ee78',67230),('\'Fabian Landis\'','\'Fabian Landis\'','AEV_b1d8f2dbcad397aa97d74f473d38ee78',67231),('\'Michael Vanguardia\'','\'Michael Vanguardia\'','AEV_610da54bfda24e1cfc1fabf52f956939',67232),('\'Alex Lomas\'','\'Alex Lomas\'','AEV_20380f35c1bb6470e9ab4c736e355916',67233),('\'Liz Wharton\'','\'Liz Wharton\'','AEV_e32b7b4f9b39183a7a4668479ef35bbd',67234),('\'Alex Lomas\'','\'Alex Lomas\'','AEV_c155c15f15ecfb9448c5c2642938838e',67235),('\'Harshad Sathaye\'','\'Harshad Sathaye\'','AEV_d655b5648a116cfdd0d51a4dd28f3b5e',67236),('\' \'','\' \'','AEV_1a97c0288d17fa07abb9cf1a57c76cab',67237),('\'David Robinson\'','\'David Robinson\'','AEV_8732dafdf5bec2539c46fed8a9b2cb75',67238),('\'Ali Abdollahi\'','\'Ali Abdollahi\'','AEV_60b7965e51b2169ac581de00d5b5827a',67239),('\'Harley Geiger\'','\'Harley Geiger\'','AEV_fe3ed70a773bf85168c7565ccdbd4df6',67240),('\'Kaylin Trychon\'','\'Kaylin Trychon\'','AEV_fe3ed70a773bf85168c7565ccdbd4df6',67241),('\'Nicky Keeley\'','\'Nicky Keeley\'','AEV_fe3ed70a773bf85168c7565ccdbd4df6',67242),('\'James Pavur\'','\'James Pavur\'','AEV_69147a38db4ae6a624299ab9e252325b',67243),('\'Alex Lomas\'','\'Alex Lomas\'','AEV_6c2a9eb2699dc505a32c3804a8321321',67244),('\'Ken Munro\'','\'Ken Munro\'','AEV_6c2a9eb2699dc505a32c3804a8321321',67245),('\'Lawrence Rowell\'','\'Lawrence Rowell\'','AEV_bd261e07a870027b27aa1f489526e56b',67246),('\'Nathalie Feyt\'','\'Nathalie Feyt\'','AEV_bd261e07a870027b27aa1f489526e56b',67247),('\'Yannick Le Ray\'','\'Yannick Le Ray\'','AEV_bd261e07a870027b27aa1f489526e56b',67248),('\'Pam Melroy\'','\'Pam Melroy\'','AEV_7d3514538fdad53070c487565faf9b38',67249),('\'Martin Strohmeier\'','\'Martin Strohmeier\'','AEV_f8762a4b5435ab03adbbf9f9836aaba7',67250),('\'Gui Michel\'','\'Gui Michel\'','AEV_c2d684eb21e55e2517a647cb2bf90afd',67251),('\' \'','\' \'','AEV_2dd9c024ba86e8b9d8cbdcdfd87a6cd8',67252),('\'Aaron Cornelius\'','\'Aaron Cornelius\'','AEV_d0f61e13fa24920ecef9f24114d5ddee',67253),('\'Tim Brom\'','\'Tim Brom\'','AEV_d0f61e13fa24920ecef9f24114d5ddee',67254),('\'Karl Koscher\'','\'Karl Koscher\'','AEV_f6da1f16dbca62103a5d3062e5c1655f',67255),('\'Adama Ibrahim\'','\'Adama Ibrahim\'','BHV_bede01c149bd1092baf742105f4b3823',67256),('\'Amy Abernethy\'','\'Amy Abernethy\'','BHV_bede01c149bd1092baf742105f4b3823',67257),('\'Katie Doroschak\'','\'Katie Doroschak\'','BHV_5984d88f4a08c099dc886d5ba448f4c3',67258),('\'Dena Medelsohn\'','\'Dena Medelsohn\'','BHV_76829a8b1e25d096e3fa952171af0886',67259),('\'Jen Goldsack\'','\'Jen Goldsack\'','BHV_76829a8b1e25d096e3fa952171af0886',67260),('\'Dr. Khatuna Mshvidobadze\'','\'Dr. Khatuna Mshvidobadze\'','BHV_7b3db810fd29c0ebaca2009e8a93a190',67261),('\'Michelle Holko\'','\'Michelle Holko\'','BHV_094ee944985e5f6c8e2fc7ee402463b4',67262),('\'Chloé Messdaghi\'','\'Chloé Messdaghi\'','BHV_b3cf285dacd2ccc97b1bdccb21e67862',67263),('\'Eirick Lurass\'','\'Eirick Lurass\'','BHV_b3cf285dacd2ccc97b1bdccb21e67862',67264),('\'Casey John Ellis\'','\'Casey John Ellis\'','BHV_b3cf285dacd2ccc97b1bdccb21e67862',67265),('\'Anthony DiFranco\'','\'Anthony DiFranco\'','BHV_d0dfef42a12cc04ec554a52caea21b5c',67266),('\' \'','\' \'','BHV_2c8999df9b9b410083a5cca126b3f270',67267),('\'Yong-Bee\'','\'Yong-Bee\'','BHV_7c0253b1e6a44046e7711d94c6d28c33',67268),('\'Christian “quaddi†Dameff\'','\'Christian “quaddi†Dameff\'','BHV_226b4ac69ab7ff8fea6221397c472dd5',67269),('\'Jeff “r3plicant†Tully\'','\'Jeff “r3plicant†Tully\'','BHV_226b4ac69ab7ff8fea6221397c472dd5',67270),('\'Veronica\'','\'Veronica\'','BHV_ccc7d6b81c62853b547f50d91ffa6443',67271),('\'Mitchell Parker\'','\'Mitchell Parker\'','BHV_a68c3b0b22708ebc8ff3938a54c18feb',67272),('\'Bryson Bort\'','\'Bryson Bort\'','BHV_4c22bff7c1bde2ec3859c15ba548a898',67273),('\'Dr. Sarah Blossom Ware\'','\'Dr. Sarah Blossom Ware\'','BHV_82354c03541ca96c8415203fb4f0c3b6',67274),('\'Dr. Mike Rushanan\'','\'Dr. Mike Rushanan\'','BHV_0dbb2dd8194009e1a6af73020bd69a51',67275),('\'Julian Suleder\'','\'Julian Suleder\'','BHV_0dbb2dd8194009e1a6af73020bd69a51',67276),('\'The Red Dragon\'','\'The Red Dragon\'','BHV_3d2c8e3ef7de21dbcb7aee7b1a9bf442',67277),('\'Lucia Savage \'','\'Lucia Savage \'','BHV_0a2c287ffd1d0721ba1f86617a55b164',67278),('\'Seth Carmody\'','\'Seth Carmody\'','BHV_82c39123ca10e4d365c04a8afecae3ff',67279),('\'Andrea Downing\'','\'Andrea Downing\'','BHV_cc9107e65dec9c56ea2b3e39d0435e30',67280),('\'Kyle Erickson\'','\'Kyle Erickson\'','BHV_cb5bf14b211cc1dbb44b647b84b4dbfb',67281),('\'Natali\'','\'Natali\'','BHV_cb5bf14b211cc1dbb44b647b84b4dbfb',67282),('\'Peter\'','\'Peter\'','BHV_cb5bf14b211cc1dbb44b647b84b4dbfb',67283),('\'Veronica\'','\'Veronica\'','BHV_cb5bf14b211cc1dbb44b647b84b4dbfb',67284),('\'Jack\'','\'Jack\'','BHV_c04674efbcf16353cd46a2f3436c4054',67285),('\'Vidya Murthy\'','\'Vidya Murthy\'','BHV_e42969b6c076a87da17e7823d2e6d71c',67286),('\'Mixæl Swan Laufer\'','\'Mixæl Swan Laufer\'','BHV_cad672509a0e9496e0c2abf26d096dc2',67287),('\' \'','\' \'','BHV_a066ee906e951f81c42a5886b5636e98',67288),('\'Kamel Ghali\'','\'Kamel Ghali\'','CHV_6815412023ea667fae5ab28708fd4acb',67289),('\'Infenet\'','\'Infenet\'','CHV_c48b631cd11f116df5139848b874f8a9',67290),('\'Robert Leale (CarFuCar)\'','\'Robert Leale (CarFuCar)\'','CHV_d9a691f43983d1c3706500c67f8e92c6',67291),('\'Mintynet\'','\'Mintynet\'','CHV_05febe3643aa95ea518f857e818f94f1',67292),('\'Kamel Ghali\'','\'Kamel Ghali\'','CHV_31883c1307ecd59cebf9fab559c7e0cc',67293),('\'Infenet\'','\'Infenet\'','CHV_73a692aeeb5d8a6d0dcbb4507ef4c5f0',67294),('\'Jaime\'','\'Jaime\'','CHV_58746d16aaf5cd61606377aec474c869',67295),('\'Kamel Ghali\'','\'Kamel Ghali\'','CHV_93a4c35236124223b08fa711958507c8',67296),('\'Infenet\'','\'Infenet\'','CHV_aff7e5c61da7b71c2c1ab31ef4582ac2',67297),('\'Robert Leale (CarFuCar)\'','\'Robert Leale (CarFuCar)\'','CHV_556cd415e445de5590dc39457020a361',67298),('\'Mintynet\'','\'Mintynet\'','CHV_89a3649a727d03a8c4e037db10e0d70f',67299),('\'Kamel Ghali\'','\'Kamel Ghali\'','CHV_e8daf5aed963b21b996b289e061e7c0f',67300),('\'Infenet\'','\'Infenet\'','CHV_569728a33a4ebabc6c87683723cbd02f',67301),('\'Jaime\'','\'Jaime\'','CHV_b20d5cf3bf61788f653050c0956f89eb',67302),('\'Diane Vavrichek\'','\'Diane Vavrichek\'','ETV_827c69be7a3083d7bba4d54b44af99b2',67303),('\'Larry Lewis\'','\'Larry Lewis\'','ETV_827c69be7a3083d7bba4d54b44af99b2',67304),('\'Andrea Matwyshyn\'','\'Andrea Matwyshyn\'','ETV_11c1e359f7585d060a727ed2e8d98788',67305),('\'R. Jason Cronk\'','\'R. Jason Cronk\'','ETV_072307535589b9187147eeccf955c31a',67306),('\'Ece Gumusel\'','\'Ece Gumusel\'','ETV_072307535589b9187147eeccf955c31a',67307),('\'Chloé Messdaghi\'','\'Chloé Messdaghi\'','ETV_e0fdcd9f752bfece3e79c7e3d088735f',67308),('\'Ethics Village Staff\'','\'Ethics Village Staff\'','ETV_444fec84a166498600f3ecb701843b10',67309),('\'Stephen Gerling\'','\'Stephen Gerling\'','HTS_5846d5b43e2095f03d05c0eb3036843e',67310),('\'Dr. Gary Kessler\'','\'Dr. Gary Kessler\'','HTS_9ec910b33ecfdd99e655e48cd188ca87',67311),('\'Dr. Nina Kollars\'','\'Dr. Nina Kollars\'','HTS_f03e3bdad5f5b30515815d0ac83c0803',67312),('\'Andrew Tierney\'','\'Andrew Tierney\'','HTS_86744cac0723246f3081cae53a2e87c8',67313),('\'Grant Romundt\'','\'Grant Romundt\'','HTS_16f1de551423342f40a26af5de6aa906',67314),('\'Fathom5\'','\'Fathom5\'','HTS_6e14383a4d273571ed44e12ffca94e9e',67315),('\'Leigh-Anne Galloway\'','\'Leigh-Anne Galloway\'','PAYV_d9521ef026285f94b024eeb2f50993a6',67316),('\'Dr Steven J. Murdoch\'','\'Dr Steven J. Murdoch\'','PAYV_97ee0550b66eed8d13ed4acf621f0d4e',67317),('\'Timur Yunusov\'','\'Timur Yunusov\'','PAYV_864c73e656bb6f68f35f0a7d742f0bdc',67318),('\'Uri Rivner\'','\'Uri Rivner\'','PAYV_76e1ae27890faf0e87fafc8d29f26680',67319),('\'Arkadiy Litvinenko\'','\'Arkadiy Litvinenko\'','PAYV_a133f565afa097212a391649ed42bdc5',67320),('\'Dr Mohammed Aamir Ali\'','\'Dr Mohammed Aamir Ali\'','PAYV_ec3677172db0534181d4971eec8589fc',67321),('\'Aleksei Stennikov\'','\'Aleksei Stennikov\'','PAYV_f18358ebb73f8d4f335f42d6c6bf9369',67322),('\'Menaka BaskerPillai\'','\'Menaka BaskerPillai\'','PAYV_255639d1878c61bed8344d93137529c0',67323),('\'Rogues Village Team\'','\'Rogues Village Team\'','RGV_edfb01255f64fb4dec660fb7ae8322d9',67324),('\'Simon Weckert\'','\'Simon Weckert\'','RGV_e181ecbd1da7a4864b639a3096069aa5',67325),('\'Daniel Roy\'','\'Daniel Roy\'','RGV_87d54ba011f9637c8da40a0bb8f80301',67326),('\'James Harrison\'','\'James Harrison\'','RGV_fce52ef079f0902ba9b48621f2fbf7bd',67327),('\'Daniel Roy\'','\'Daniel Roy\'','RGV_e5321c469c922bb356ba75825355bf46',67328),('\'Brandon Martinez\'','\'Brandon Martinez\'','RGV_b0151cad3abd4d4473f24c094ff8b909',67329),('\'Monero Village Team\'','\'Monero Village Team\'','RGV_f0db3dbc8316dbf1ef4372599f97e549',67330),('\'Rogues Village Team\'','\'Rogues Village Team\'','RGV_f0db3dbc8316dbf1ef4372599f97e549',67331),('\'Alyssa Miller\'','\'Alyssa Miller\'','CRV_95a2e6f92ab4df45c2e650e2004c1641',67332),('\'Kirsten Renner\'','\'Kirsten Renner\'','CRV_921a96c755d0622ad0e660f086afb8a5',67333),('\'Pete Keenan\'','\'Pete Keenan\'','CRV_a86c22a2ed1aed6c9a7a8f23fa51ade7',67334),('\'Roy Wattanasin\'','\'Roy Wattanasin\'','CRV_8f6f127790bdc1ef7f99be0f46d64b55',67335),('\'Kris Rides\'','\'Kris Rides\'','CRV_3838eaf4946af6b0235551bfbb60f56d',67336),('\'Pablo Breuer\'','\'Pablo Breuer\'','CRV_67cb6d772cc0f851a5174109471826ed',67337),('\'Mike Murray\'','\'Mike Murray\'','CRV_c09a66bd9f9f58480ac8c2b4644b11ca',67338),('\'Kris Rides\'','\'Kris Rides\'','CRV_bd95fcc539c3965d074e078ca01e8927',67339),('\'Rachel Bozeman\'','\'Rachel Bozeman\'','CRV_bd95fcc539c3965d074e078ca01e8927',67340),('\'Matt Duren\'','\'Matt Duren\'','CRV_bd95fcc539c3965d074e078ca01e8927',67341),('\'Pete Radloff\'','\'Pete Radloff\'','CRV_bd95fcc539c3965d074e078ca01e8927',67342),('\'Steven Bernstein\'','\'Steven Bernstein\'','CRV_69a52bde2d38e29efc388820ee606c1b',67343),('\'Amelie Koran\'','\'Amelie Koran\'','CRV_ce57078a2d34d3694f6d36b9b80469eb',67344),('\'Bryson Bort\'','\'Bryson Bort\'','CRV_1fd63aa6718c3bdd0af3288c9c660d5e',67345),('\'John Felker\'','\'John Felker\'','CRV_b885c897209c2d7dcad81f7e67350219',67346),('\'Diane Janosek\'','\'Diane Janosek\'','CRV_b885c897209c2d7dcad81f7e67350219',67347),('\'Chris Pimlott\'','\'Chris Pimlott\'','CRV_b885c897209c2d7dcad81f7e67350219',67348),('\'Roman Vitkovitsky\'','\'Roman Vitkovitsky\'','CRV_b885c897209c2d7dcad81f7e67350219',67349),('\'Liz Popiak\'','\'Liz Popiak\'','CRV_b885c897209c2d7dcad81f7e67350219',67350),('\'Joe Billingsley\'','\'Joe Billingsley\'','CRV_b885c897209c2d7dcad81f7e67350219',67351),('\'Bob Wheeler\'','\'Bob Wheeler\'','CRV_33f256567ba802e850bb272576776878',67352),('\'Jenai Marinkovic\'','\'Jenai Marinkovic\'','CRV_b6cba31eeb7da3eee95465bfa800d003',67353),('\' \'','\' \'','RTV_8594ec4d57f260b6eacc0766630511ac',67354),('\' \'','\' \'','RTV_ee8f3c343f566cd00e35f377762a730b',67355),('\'Chris Krebs\'','\'Chris Krebs\'','ICS_f284be62f1b7b6d9ea698cdecbcc9ce6',67356),('\'Tom\'','\'Tom\'','ICS_8832f72f8e6cd4df53fbbba9b73d4a68',67357),('\'Joe Slowik\'','\'Joe Slowik\'','ICS_ce9d6120bed7560a221fe56f39388fa6',67358),('\'Dor Yardeni\'','\'Dor Yardeni\'','ICS_0d61770af557636a3c0496e9955f083d',67359),('\'Mike Lemley\'','\'Mike Lemley\'','ICS_0d61770af557636a3c0496e9955f083d',67360),('\'Alexander Korotin\'','\'Alexander Korotin\'','ICS_a057f8e7665946d3af8adc93ba1765ac',67361),('\'Radu Motspan\'','\'Radu Motspan\'','ICS_a057f8e7665946d3af8adc93ba1765ac',67362),('\'Nadav Erez\'','\'Nadav Erez\'','ICS_ae1c4ffd453356e2aca818e9f76ae73a',67363),('\'Austin Scott\'','\'Austin Scott\'','ICS_f853dc8259f9257848272ead3a6af591',67364),('\'Ben Gardiner\'','\'Ben Gardiner\'','ICS_a0676576979eb5fb7e3691fe0ee7fddb',67365),('\'Marina Krotofil\'','\'Marina Krotofil\'','ICS_683aa067c5cb496f530f544170cffdf4',67366),('\'Can Demirel\'','\'Can Demirel\'','ICS_be4805fca5e0bd2b06dd3e0bbec8b65e',67367),('\'Serkan Temel\'','\'Serkan Temel\'','ICS_be4805fca5e0bd2b06dd3e0bbec8b65e',67368),('\'ac0rn\'','\'ac0rn\'','ICS_c2225a93dc238cfcbb37313244120bd9',67369),('\'atlas 0f d00m\'','\'atlas 0f d00m\'','ICS_c2225a93dc238cfcbb37313244120bd9',67370),('\'Marie\'','\'Marie\'','ICS_5494583d8b04fea05dd6104704641259',67371),('\'Otis\'','\'Otis\'','ICS_5494583d8b04fea05dd6104704641259',67372),('\'Tim Yardley\'','\'Tim Yardley\'','ICS_a38053a2a414b3258bfe3a61fa7d4941',67373),('\'Chris Kubecka\'','\'Chris Kubecka\'','ICS_4ba593b0dcbe6faa947564c0f55de0ed',67374),('\'Octavio Fernandez\'','\'Octavio Fernandez\'','ICS_e85e28b5047c5089672df706c13f0c52',67375),('\'Victor Gomez\'','\'Victor Gomez\'','ICS_e85e28b5047c5089672df706c13f0c52',67376),('\'Teejay\'','\'Teejay\'','CHV_e955001e874ae498400f12be1c9e8cf3',67377),('\'Ben Gardiner\'','\'Ben Gardiner\'','CHV_500e21e7881e42c809381134e092a75b',67378),('\'Chris Poore\'','\'Chris Poore\'','CHV_500e21e7881e42c809381134e092a75b',67379),('\'Thomas Hayes\'','\'Thomas Hayes\'','CHV_ee5c447333923bf826729cae5dcd77ba',67380),('\'Dan Salloum\'','\'Dan Salloum\'','CHV_ee5c447333923bf826729cae5dcd77ba',67381),('\'Ryosuke Uematsu\'','\'Ryosuke Uematsu\'','CHV_52dc7688ac0b3974748fe6d88455de9a',67382),('\'Shogo Nakao\'','\'Shogo Nakao\'','CHV_52dc7688ac0b3974748fe6d88455de9a',67383),('\'Ryoichi Teramura\'','\'Ryoichi Teramura\'','CHV_52dc7688ac0b3974748fe6d88455de9a',67384),('\'Tatsuya Katsuhara\'','\'Tatsuya Katsuhara\'','CHV_52dc7688ac0b3974748fe6d88455de9a',67385),('\'Brent Stone\'','\'Brent Stone\'','CHV_fe7e31bf52ea4e70e2f75269a19fdbcc',67386),('\'Jaime\'','\'Jaime\'','CHV_ca219cd8716441f8fcf5b7f1dfde3c99',67387),('\'Huajiang \"Kevin2600\" Chen\'','\'Huajiang \"Kevin2600\" Chen\'','CHV_3d3be93c1ad053f8cf4a7e4f5b5b7fd9',67388),('\'Yuchao (Alex) Zhang\'','\'Yuchao (Alex) Zhang\'','CHV_3d3be93c1ad053f8cf4a7e4f5b5b7fd9',67389),('\'Vic Harkness\'','\'Vic Harkness\'','CHV_ec9857fbb60fcd69fa75c50aaf402682',67390),('\'Robert Leale (CarFuCar)\'','\'Robert Leale (CarFuCar)\'','CHV_22e5d1eb5e1db00b7570d73884880088',67391),('\'Derrick (CanBusDutch)\'','\'Derrick (CanBusDutch)\'','CHV_44820a9665dc70451957f838c74f67ae',67392),('\'Nils Weiss\'','\'Nils Weiss\'','CHV_05b867e7a6941068b0d9ea6686acd6c2',67393),('\'Enrico Pozzobon\'','\'Enrico Pozzobon\'','CHV_05b867e7a6941068b0d9ea6686acd6c2',67394),('\'Marcelo Sacchetin\'','\'Marcelo Sacchetin\'','CHV_7513076e8248c2a76e3488d0c15f0b71',67395),('\'Patrick Kiley\'','\'Patrick Kiley\'','CHV_d43f5340948810e8791741cf9297ae9e',67396),('\'Harri Hursti\'','\'Harri Hursti\'','VMV_9a49f59a83390a870385e1f3d9d2cdad',67397),('\'Matt Blaze\'','\'Matt Blaze\'','VMV_9a49f59a83390a870385e1f3d9d2cdad',67398),('\'Maggie MacAlpine\'','\'Maggie MacAlpine\'','VMV_9a49f59a83390a870385e1f3d9d2cdad',67399),('\'Jackie Speier\'','\'Jackie Speier\'','VMV_d5ae627dafe18cff19a8e3ffe4c9d217',67400),('\'Jody Westby\'','\'Jody Westby\'','VMV_3fc5d6096fe6322357cb7365ebc4697c',67401),('\'Casey John Ellis\'','\'Casey John Ellis\'','VMV_625487c857965c7eed14912d7f77138f',67402),('\'Kimber Dowsett\'','\'Kimber Dowsett\'','VMV_625487c857965c7eed14912d7f77138f',67403),('\'Tod Beardsley\'','\'Tod Beardsley\'','VMV_625487c857965c7eed14912d7f77138f',67404),('\'Jack Cable\'','\'Jack Cable\'','VMV_625487c857965c7eed14912d7f77138f',67405),('\'Amèlie Koran\'','\'Amèlie Koran\'','VMV_625487c857965c7eed14912d7f77138f',67406),('\'Marten Mickos\'','\'Marten Mickos\'','VMV_8ad8d9809e3f6bd41a441e1277af04a0',67407),('\'Bryson Bort\'','\'Bryson Bort\'','VMV_53793c26a1d6fe9fa375efbd699728be',67408),('\'David Imbordino\'','\'David Imbordino\'','VMV_53793c26a1d6fe9fa375efbd699728be',67409),('\'Brig. Gen. William Hartman\'','\'Brig. Gen. William Hartman\'','VMV_53793c26a1d6fe9fa375efbd699728be',67410),('\'Matthew Masterson\'','\'Matthew Masterson\'','VMV_53793c26a1d6fe9fa375efbd699728be',67411),('\'Cynthia Kaiser\'','\'Cynthia Kaiser\'','VMV_53793c26a1d6fe9fa375efbd699728be',67412),('\'Dan Kimmage\'','\'Dan Kimmage\'','VMV_53793c26a1d6fe9fa375efbd699728be',67413),('\'Ron Wyden\'','\'Ron Wyden\'','VMV_f2d023c0034f118e06b7f0e104e6493b',67414),('\'Benjamin Hovland\'','\'Benjamin Hovland\'','VMV_1df67cbf71c8d5c3e52a7d6e65277aa6',67415),('\'Kim Wyman\'','\'Kim Wyman\'','VMV_bf46992fc23a90be744dad53f1a7a7db',67416),('\'Ben Dubow\'','\'Ben Dubow\'','VMV_2a84fc1fdf9870b9700dbbac858cfed7',67417),('\'John Odum\'','\'John Odum\'','VMV_c733a4c71fe196b87a6f7dee0efb0dbd',67418),('\'Jack Cable\'','\'Jack Cable\'','VMV_4a0f651ade8a18cfdc38ce23e83ebf27',67419),('\'Alex Zaheer\'','\'Alex Zaheer\'','VMV_4a0f651ade8a18cfdc38ce23e83ebf27',67420),('\'Forrest Senti\'','\'Forrest Senti\'','VMV_1c4fc6a8b871a60bcea6db9e04e1fb9f',67421),('\'Mattie Gullixson\'','\'Mattie Gullixson\'','VMV_1c4fc6a8b871a60bcea6db9e04e1fb9f',67422),('\'Caleb Gardner\'','\'Caleb Gardner\'','VMV_1c4fc6a8b871a60bcea6db9e04e1fb9f',67423),('\'Nimit Sawhney\'','\'Nimit Sawhney\'','VMV_2ed40dc3baab4f334497cee9aa30650f',67424),('\'Nailah Mims\'','\'Nailah Mims\'','VMV_2ed40dc3baab4f334497cee9aa30650f',67425),('\'Susan Greenhalgh\'','\'Susan Greenhalgh\'','VMV_a4f12a81771200bc8abf6a87094f405a',67426),('\'Steve Newell\'','\'Steve Newell\'','VMV_a4f12a81771200bc8abf6a87094f405a',67427),('\'Bianca Lewis\'','\'Bianca Lewis\'','VMV_efa172e81d3debac313517de6d936c05',67428),('\'Cordero Alexander Delgadillo\'','\'Cordero Alexander Delgadillo\'','VMV_5cd8050c95ad5c5aed36e823865f2c18',67429),('\'Sang-Oun Lee\'','\'Sang-Oun Lee\'','VMV_fc161eab88a22aaf6ca992d8213c152f',67430),('\'Forrest Senti\'','\'Forrest Senti\'','VMV_18e79844d695b24342cce6b7a2998161',67431),('\'Mattie Gullixson\'','\'Mattie Gullixson\'','VMV_18e79844d695b24342cce6b7a2998161',67432),('\'Javier F. Patiño GarcÃa\'','\'Javier F. Patiño GarcÃa\'','VMV_eefe53630fdcaf21e336597557fb0390',67433),('\'Stephanie Singer\'','\'Stephanie Singer\'','VMV_3848dc752c8aba07d4ee3dad86cfde6c',67434),('\'Nina Alli\'','\'Nina Alli\'','BHV_70591b5cb907ce858a8ca9aec639ca2c',67435),('\'Vee Schmitt\'','\'Vee Schmitt\'','BHV_70591b5cb907ce858a8ca9aec639ca2c',67436),('\'Yusuf Henriques\'','\'Yusuf Henriques\'','BHV_70591b5cb907ce858a8ca9aec639ca2c',67437),('\'Josh O\'Connor\'','\'Josh O\'Connor\'','BHV_70591b5cb907ce858a8ca9aec639ca2c',67438),('\'Cannibal\'','\'Cannibal\'','BHV_70591b5cb907ce858a8ca9aec639ca2c',67439),('\'Devabhaktuni Srikrishna\'','\'Devabhaktuni Srikrishna\'','BHV_70591b5cb907ce858a8ca9aec639ca2c',67440),('\'Najla Lindsay\'','\'Najla Lindsay\'','BHV_70591b5cb907ce858a8ca9aec639ca2c',67441),('\'Nate DeNicola\'','\'Nate DeNicola\'','BHV_70591b5cb907ce858a8ca9aec639ca2c',67442),('\'Russell Mosley\'','\'Russell Mosley\'','BTVT1_7b1f40acba4bb7f80912880e10015194',67443),('\'Vyrus\'','\'Vyrus\'','BTVT1_7b1f40acba4bb7f80912880e10015194',67444),('\'Litmoose\'','\'Litmoose\'','BTVT1_7b1f40acba4bb7f80912880e10015194',67445),('\'Xavier Ashe\'','\'Xavier Ashe\'','BTVT1_7b1f40acba4bb7f80912880e10015194',67446),('\'Whitney Champion\'','\'Whitney Champion\'','BTVW1_4e8b1a68ca761efbcae012f088dd9e26',67447),('\'Ben Bornholm\'','\'Ben Bornholm\'','BTVW2_2ec10b1ae250306f8a4ac3038428367d',67448),('\'Lennart Koopmann\'','\'Lennart Koopmann\'','BTVT1_cd975aae871a561d232aa8650990d811',67449),('\'Roberto Rodriguez\'','\'Roberto Rodriguez\'','BTVW2_9258c896431d694dd0a1b28b9df3763e',67450),('\'Jose Rodriguez\'','\'Jose Rodriguez\'','BTVW2_9258c896431d694dd0a1b28b9df3763e',67451),('\'Aaron Soto\'','\'Aaron Soto\'','BTVW1_8204ada2927c6a79a4df5822bb8eed05',67452),('\'Amber Graner\'','\'Amber Graner\'','BTVW1_8204ada2927c6a79a4df5822bb8eed05',67453),('\'Mike Cohen\'','\'Mike Cohen\'','BTVW1_7253f2faacdc9c315a7b0fc9446925f2',67454),('\'Ben Bornholm\'','\'Ben Bornholm\'','BTVW2_b408b7396cacc94a360488f6f6bc5cae',67455),('\'Joseph Mlodzìanowskì (cedoXx)\'','\'Joseph Mlodzìanowskì (cedoXx)\'','BTVT1_9648d0d6a9c523c8eba9d88ba9bdee19',67456),('\'Adam Mashinchi\'','\'Adam Mashinchi\'','BTVT1_9648d0d6a9c523c8eba9d88ba9bdee19',67457),('\'Plug\'','\'Plug\'','BTVT1_9648d0d6a9c523c8eba9d88ba9bdee19',67458),('\'Dani\'','\'Dani\'','BTVT1_9648d0d6a9c523c8eba9d88ba9bdee19',67459),('\'Jorge Orchilles\'','\'Jorge Orchilles\'','BTVT1_9648d0d6a9c523c8eba9d88ba9bdee19',67460),('\'David J. Bianco\'','\'David J. Bianco\'','BTVT1_9648d0d6a9c523c8eba9d88ba9bdee19',67461),('\'Michael A. Specter\'','\'Michael A. Specter\'','VMV_206dee515fbc0e27369ede8f99137042',67462),('\'Password Village Staff\'','\'Password Village Staff\'','PWDV_558f3dfef9aa69a3082503918d6f48d6',67463),('\'Password Village Staff\'','\'Password Village Staff\'','PWDV_39f99a2e27bc90a55af2d800f1035fa6',67464),('\'Minga\'','\'Minga\'','PWDV_963868f350b877c561c9e6836ed0c054',67465),('\'EvilMog\'','\'EvilMog\'','PWDV_62b695bf507b2deeb11115889016c056',67466),('\'Password Village Staff\'','\'Password Village Staff\'','PWDV_15366663289248486d3050cc711c407b',67467),('\'Jeremi M Gosney (epixoip)\'','\'Jeremi M Gosney (epixoip)\'','PWDV_da9ae126c98a2f0a2525054e9c34a272',67468),('\'Sam Croley (Chick3nman)\'','\'Sam Croley (Chick3nman)\'','PWDV_d68e5374b9780cc45795ff0988695a3a',67469),('\'Hank Leininger\'','\'Hank Leininger\'','PWDV_e22d5368cf16281f015f481ca0094369',67470),('\'Matt Weir\'','\'Matt Weir\'','PWDV_f3625a3a80a7645a0532ef0cc7f21ddf',67471),('\'AI Village Organizers\'','\'AI Village Organizers\'','AIV_e407e3124c9910d550e113ab73aea8aa',67472),('\'drhyrum\'','\'drhyrum\'','AIV_fa805c0bf4b5f637d04f83de65394b1a',67473),('\'zh4ck\'','\'zh4ck\'','AIV_fa805c0bf4b5f637d04f83de65394b1a',67474),('\'erickgalinkin\'','\'erickgalinkin\'','AIV_28a3d9182ce035059dde0da343c7661b',67475),('\'comathematician\'','\'comathematician\'','AIV_f37cf4d93c0a8df6f22e40923b7388e1',67476),('\'Nahid Farhady\'','\'Nahid Farhady\'','AIV_a3ce4f54478ebc168bc3cdd321b63473',67477),('\'GTKlondike\'','\'GTKlondike\'','AIV_bf0fe1a26b42fb80aea23cf5107d1990',67478),('\'Nahid Farhady\'','\'Nahid Farhady\'','AIV_81f826c32ed716c887d6214919f55b1d',67479),('\'lmeyerov\'','\'lmeyerov\'','AIV_9b6ace5d990e246195d51ca1714fcf7d',67480),('\'AI Village Journal Club\'','\'AI Village Journal Club\'','AIV_baa000f51ad1dba836c6b8dafafbc2ba',67481),('\'Laurin Weissinger\'','\'Laurin Weissinger\'','AIV_f90e05f6df316e1e4f4a7e5226b308db',67482),('\'Younghoo Lee\'','\'Younghoo Lee\'','AIV_45858fc101e12c6d1a515989daa48b91',67483),('\'Joshua Saxe\'','\'Joshua Saxe\'','AIV_45858fc101e12c6d1a515989daa48b91',67484),('\'Vahid Behzadan\'','\'Vahid Behzadan\'','AIV_f3a663cda1872b9f06fa3189a8d2bbf6',67485),('\'Peter Kacherginsky\'','\'Peter Kacherginsky\'','BCV_377478ecacbf3bc21f0587615998a241',67486),('\'Gokul Alex\'','\'Gokul Alex\'','BCV_9513eae37a93b69f6ca7762ab6f1f4fa',67487),('\'Tejaswa Rastogi\'','\'Tejaswa Rastogi\'','BCV_9513eae37a93b69f6ca7762ab6f1f4fa',67488),('\'Colin Cantrell\'','\'Colin Cantrell\'','BCV_4dade926cd317d063505e72b3716ddf3',67489),('\'Mark Nesbitt\'','\'Mark Nesbitt\'','BCV_1b615352168a643712f84a282a58555b',67490),('\'Poming Lee\'','\'Poming Lee\'','BCV_cd2c6fd2675e74e5670ea2f146c0c28a',67491),('\'Kevin Leffew\'','\'Kevin Leffew\'','BCV_409a20e0d7c32a08572666bd2ae09cf7',67492),('\'Peter Kacherginsky\'','\'Peter Kacherginsky\'','BCV_9da42cecc1049daac5a384f1dfa20ba5',67493),('\'Victor Fang\'','\'Victor Fang\'','BCV_83ff376dbe11d3399b6e491c2d082ae6',67494),('\'Ryan Rubin\'','\'Ryan Rubin\'','BCV_0f15fc9dfc59408d15fff1e500677de7',67495),('\'Ron Stoner\'','\'Ron Stoner\'','BCV_8925af897d70a661d11a81f207e5cf10',67496),('\'Seungjoo\'','\'Seungjoo\'','BCV_b66eedc70964e9ba320cb1383b010de4',67497),('\'Suhyeon Lee\'','\'Suhyeon Lee\'','BCV_b66eedc70964e9ba320cb1383b010de4',67498),('\'Sebastian Banescu\'','\'Sebastian Banescu\'','BCV_bdf190e59e9359b3e20318bdd41404d3',67499),('\'Kris Jones\'','\'Kris Jones\'','BCV_1b615fbf5f0e5258742fd1e6fd858dee',67500),('\'Matt Luongo\'','\'Matt Luongo\'','BCV_1b615fbf5f0e5258742fd1e6fd858dee',67501),('\'Martin Abbatemarco\'','\'Martin Abbatemarco\'','BCV_bbf00cba2490a69f69430f0759fcf9dc',67502),('\'Martinet Lee\'','\'Martinet Lee\'','BCV_980fe4b9e60454f0fc609bf35aea30e1',67503),('\'chaintuts\'','\'chaintuts\'','BCV_0fb0c3ea969d8647fce50629d378ac9e',67504),('\'Josh McIntyre\'','\'Josh McIntyre\'','BCV_0fb0c3ea969d8647fce50629d378ac9e',67505),('\'Minzhi He\'','\'Minzhi He\'','BCV_271cbeffc71d326745f8d93cf4faeec1',67506),('\'peiyu wang\'','\'peiyu wang\'','BCV_271cbeffc71d326745f8d93cf4faeec1',67507),('\' \'','\' \'','CNE_944e809561da7410e787d7b938619244',67508),('\' \'','\' \'','CNE_8e8c99a26121f42a1a46d2240120776d',67509),('\'Scoubi\'','\'Scoubi\'','BTVT1_e924343dc90373f31c4fd9eb78b0f607',67510),('\'Plug\'','\'Plug\'','BTVT1_e924343dc90373f31c4fd9eb78b0f607',67511),('\'Litmoose\'','\'Litmoose\'','BTVT1_e924343dc90373f31c4fd9eb78b0f607',67512),('\'Xavier Ashe\'','\'Xavier Ashe\'','BTVT1_e924343dc90373f31c4fd9eb78b0f607',67513),('\'Rand0h\'','\'Rand0h\'','BTVT1_e924343dc90373f31c4fd9eb78b0f607',67514),('\'Muteki\'','\'Muteki\'','BTVT1_e924343dc90373f31c4fd9eb78b0f607',67515),('\'PacketSqueezins\'','\'PacketSqueezins\'','BTVT1_e924343dc90373f31c4fd9eb78b0f607',67516),('\'ttheveii0x\'','\'ttheveii0x\'','BTVT1_e924343dc90373f31c4fd9eb78b0f607',67517),('\'Allie Hansen\'','\'Allie Hansen\'','BTVT1_e924343dc90373f31c4fd9eb78b0f607',67518),('\'nohackme\'','\'nohackme\'','BTVT1_e924343dc90373f31c4fd9eb78b0f607',67519),('\'Plug\'','\'Plug\'','BTVT1_c92a6a76a4aa56375751cdc8509ae880',67520),('\'Roberto Rodriguez\'','\'Roberto Rodriguez\'','BTVT1_c92a6a76a4aa56375751cdc8509ae880',67521),('\'Tony M Lambert\'','\'Tony M Lambert\'','BTVT1_c92a6a76a4aa56375751cdc8509ae880',67522),('\'Valentina PalacÃn\'','\'Valentina PalacÃn\'','BTVT1_c92a6a76a4aa56375751cdc8509ae880',67523),('\'Samir\'','\'Samir\'','BTVT1_c92a6a76a4aa56375751cdc8509ae880',67524),('\'Ruth Barbacil\'','\'Ruth Barbacil\'','BTVT1_c92a6a76a4aa56375751cdc8509ae880',67525),('\'Anna McAbee\'','\'Anna McAbee\'','BTVT1_c92a6a76a4aa56375751cdc8509ae880',67526),('\'Paul Melson\'','\'Paul Melson\'','BTVT1_c92a6a76a4aa56375751cdc8509ae880',67527),('\' \'','\' \'','HRV_6821505cab75802cc6ed92a6cbd3a489',67528),('\' \'','\' \'','HRV_29dd74a1ee45a00bf52308126de2d48e',67529),('\' \'','\' \'','HRV_62d45813206647384aada3f33785cf60',67530),('\' \'','\' \'','HRV_8b5613cc07eaf2bb1bc9a08ee7a1a13e',67531),('\' \'','\' \'','HRV_a28a830205eda7cff129d2fadfefdbbc',67532),('\' \'','\' \'','HRV_56d7ee6bc73b477bcf1dda2d06ea137d',67533),('\' \'','\' \'','HRV_310f88dd05490459213c10184ed683f7',67534),('\' \'','\' \'','HRV_be0d47361224f2f7316e461d5dfc4624',67535),('\' \'','\' \'','HRV_fb0a91bc0d15bd1836f9fa552aa11e62',67536),('\' \'','\' \'','HRV_17fda50e5f229dc0a7fe4512ba5acc32',67537),('\' \'','\' \'','HRV_e890bb78f295f321e9b97d9ee8e1f964',67538),('\'Master Chen\'','\'Master Chen\'','RCV_b66a73d141c2d822c7bf4268d6d9afe4',67539),('\'Chloé Messdaghi\'','\'Chloé Messdaghi\'','RCV_b454a39a99f1a4154171a5d6d565f211',67540),('\'Ladislav B\'','\'Ladislav B\'','RCV_01e7e888e6e83ae04c62a5d14bb3cbdd',67541),('\'Levi\'','\'Levi\'','RCV_6a8d7b3da3614d27ace5bea52b60ac27',67542),('\'Mauro Cáseres\'','\'Mauro Cáseres\'','RCV_eadb2c90e2749ec0d74b4eed17b6a816',67543),('\'Password Village Staff\'','\'Password Village Staff\'','PWDV_9e3cd1563b643ea21cf53340b29f695f',67544),('\'Password Village Staff\'','\'Password Village Staff\'','PWDV_ffc57b43cf19c67e4128310c3c1bee0e',67545),('\'Minga\'','\'Minga\'','PWDV_11603f3fdb2c1677241504517a85b9d8',67546),('\'EvilMog\'','\'EvilMog\'','PWDV_efb91f42e1fb8c70cce028c4ba7000c3',67547),('\'Password Village Staff\'','\'Password Village Staff\'','PWDV_73d7fca23803359a684392baa9ce1b45',67548),('\'Jeremi M Gosney (epixoip)\'','\'Jeremi M Gosney (epixoip)\'','PWDV_dd7866479f76019294d3f8fae8d753e1',67549),('\'Per Thorsheim\'','\'Per Thorsheim\'','PWDV_2e22b01c771e03cd9cf4f9a65a8168a5',67550),('\'Sam Croley (Chick3nman)\'','\'Sam Croley (Chick3nman)\'','PWDV_ad5ffdff072ec6a10e498c991abeaa7f',67551),('\'Hank Leininger\'','\'Hank Leininger\'','PWDV_f40a64eb4464eaf05c8d438c86b35687',67552),('\'Matt Weir\'','\'Matt Weir\'','PWDV_6edce1e277dce3ef77b8eafd3644e67b',67553),('\' \'','\' \'','POV_b37e2712a3f74ec841e4ec9fd172b7a8',67554),('\'hackingdave\'','\'hackingdave\'','POV_bd2c503bdda0d657e96543c03a3f784b',67555),('\'kennwhite\'','\'kennwhite\'','POV_bd2c503bdda0d657e96543c03a3f784b',67556),('\' \'','\' \'','POV_45f9de7c1bc42bd74ee9d11184c87f4e',67557),('\' \'','\' \'','POV_23e6b8f052aeae9d472a915c2f60089f',67558),('\'The Dark Tangent\'','\'The Dark Tangent\'','DC_fd833522fc82bee04a84f54f7a283705',67559),('\' \'','\' \'','AEV_24a8a2b0a36d092304ad5a2657055f57',67560),('\' \'','\' \'','AEV_37d1eaf1a1723d4b368d7bad0b196a1e',67561),('\' \'','\' \'','AEV_c17cbe7490b04aee80dbf1272c7d86fd',67562),('\' \'','\' \'','AEV_cbf238ff26ab40743a031c9343d03bfd',67563),('\' \'','\' \'','AEV_5531f9d7b65228b32819b6bd4f33904f',67564),('\' \'','\' \'','AEV_10fc8d93cb212839d9a78bd2fad9744a',67565),('\' \'','\' \'','AEV_95e45d823baa92a286e1e740fa63cebc',67566),('\' \'','\' \'','AEV_533bc877d67e2dd21527ba2524d37209',67567),('\' \'','\' \'','AEV_b082419103e1b2b04512779cb460ee11',67568),('\' \'','\' \'','AEV_da1beb2d0e2c605b0c8cd0b024d7f9b8',67569),('\' \'','\' \'','AEV_128c9ad03c0cfefee2e3fccc8f3e2cdb',67570),('\' \'','\' \'','AEV_147e8b516d7729114d2905e3797fd56d',67571),('\' \'','\' \'','AEV_517b1d74186a5776a6582720869d8014',67572),('\' \'','\' \'','AEV_b5f9e30936b1977e7d9cffd965754b11',67573),('\' \'','\' \'','AEV_36543df57caf1d35aff3ecbc24625dec',67574),('\' \'','\' \'','AEV_2b97c8e6e8c9e0c133ee5805e3296700',67575),('\' \'','\' \'','AEV_defa3a86eccf128dcbafad1d9470b02e',67576),('\' \'','\' \'','AEV_c7185e392cf862c1e5529b49a348c443',67577),('\' \'','\' \'','AEV_9cebd9e6c1ace1c4456258ce98f82e80',67578),('\' \'','\' \'','AEV_6f17f81a7353973a38794ad768bfec85',67579),('\' \'','\' \'','AEV_c54512560f4ea0b7b20416c08a0d410e',67580),('\' \'','\' \'','AEV_8fb6e8b5d65a03b78ad330c13fa28ebc',67581),('\' \'','\' \'','AEV_82e1457e88ab60d978917510f2bcba8b',67582),('\' \'','\' \'','AEV_da002528b3bcc678acb6f3e04616e222',67583),('\' \'','\' \'','AEV_29d36ecacb0740492c8de9a5d21fa14f',67584),('\'Martin Strohmeier\'','\'Martin Strohmeier\'','AEV_6d15f5a8752c18fca2945b59312dc07f',67585),('\'Henry Danielson\'','\'Henry Danielson\'','AEV_65bf75b9af9b4977fd2d13f59da2614e',67586),('\'Henry Danielson\'','\'Henry Danielson\'','AEV_01c32ae080e7b1a8195eccbf56a2edab',67587),('\'Nishant Sharma\'','\'Nishant Sharma\'','WLV_3a8bc64cd58ab13591804acfe2219baa',67588),('\'Eric Escobar\'','\'Eric Escobar\'','WLV_9c5e5c83b4211459f4c2153de267ad3d',67589),('\'cemaxecuter\'','\'cemaxecuter\'','WLV_3df29d454963ee0fd34065d03f802143',67590),('\'FreqyXin\'','\'FreqyXin\'','WLV_d776a8f60a5e13e7fdd2789f3b958f78',67591),('\'wytshadow\'','\'wytshadow\'','WLV_a8eb807ca005399aa009d29aa508f553',67592),('\' \'','\' \'','VMV_81c96b1e51d38b69ffd57e8f522f9e01',67593),('\'Comm. Geoffrey Starks\'','\'Comm. Geoffrey Starks\'','ETV_3f51d6a2492adcf56b03234d636942d0',67594),('\'Travis LeBlanc\'','\'Travis LeBlanc\'','ETV_d6d3cae0ac275b844515e9a57ba07bf9',67595),('\'Rim Boujnah\'','\'Rim Boujnah\'','ETV_23e2e8f9a4b19b72cbc538dc152abd0e',67596),('\'Comm. Rohit Chopra\'','\'Comm. Rohit Chopra\'','ETV_c781545f3a1a3f5f30addcd7f4fc15a2',67597),('\'Jessica Wilkerson\'','\'Jessica Wilkerson\'','ETV_776a9441cb1933999f0fb42a03109177',67598),('\'Leisel Bogan\'','\'Leisel Bogan\'','ETV_daef3e26e4280ff807195a9798af3745',67599),('\'Michael Antonino\'','\'Michael Antonino\'','ETV_92aaa12609b11386da6411c99f81e9c4',67600),('\'Ray Doyle\'','\'Ray Doyle\'','RTV_a023977bf7657003cd986de88b7512ae',67601),('\'Vandana Verma Sehgal\'','\'Vandana Verma Sehgal\'','RTV_808b9e5e39f7877043da9f6a897cbb06',67602),('\'Jenko Hwong\'','\'Jenko Hwong\'','CLV_e360f494e20ab923bbd28acab6370129',67603),('\'Spencer Gietzen\'','\'Spencer Gietzen\'','CLV_66401bdf3e92cf3ce297d8f7183d45aa',67604),('\'Barak Schoster\'','\'Barak Schoster\'','CLV_6c177e32c058bb084e9fa9e0db229076',67605),('\'Phillip Marlow\'','\'Phillip Marlow\'','CLV_96cbc1722dfe2e0a4e4ff4df848c97c7',67606),('\'Wes Lambert\'','\'Wes Lambert\'','CLV_3646c8a9a93ecd45f12b9a41dae10287',67607),('\'Nimrod Kor\'','\'Nimrod Kor\'','CLV_404f6ac479374b726f50cf4b9704d63d',67608),('\'Dani Goland\'','\'Dani Goland\'','CLV_9eda6431953fec9bd979e3ba403e21f8',67609),('\'Mohsan Farid\'','\'Mohsan Farid\'','CLV_9eda6431953fec9bd979e3ba403e21f8',67610),('\'Colin Estep\'','\'Colin Estep\'','CLV_421eee273547679cd98b97e1dc1191e3',67611),('\'Setu Parimi\'','\'Setu Parimi\'','CLV_52bf71d6bb7f2350bd32721bebba1c3a',67612),('\'Mohit Gupta\'','\'Mohit Gupta\'','CLV_9b4e75b35db56701f8a9895fc3487053',67613),('\'Alexandre Sieira\'','\'Alexandre Sieira\'','CLV_cd50542a8b15d59b632483f097a00419',67614),('\'Michael Wylie\'','\'Michael Wylie\'','CLV_915bedc5ef65ab0b97804cfecd88536d',67615),('\'Michael Mimo\'','\'Michael Mimo\'','CLV_4926b48376001e37f86917892526274e',67616),('\'Sahir Khan\'','\'Sahir Khan\'','CLV_dbb8b3de373cf2fd91fb5d5127d4e5a0',67617),('\'Justin Paglierani\'','\'Justin Paglierani\'','CLV_dbb8b3de373cf2fd91fb5d5127d4e5a0',67618),('\'Nick Jones\'','\'Nick Jones\'','CLV_441103d8c8781e08f2303dd852382293',67619),('\' \'','\' \'','CLV_2e8891b09a52534580323b21ebb3c4a0',67620),('\' \'','\' \'','CLV_e220a5d8a3ec86ecf8321d648ed47731',67621),('\'Olivier Bilodeau\'','\'Olivier Bilodeau\'','DL_4597228a4db2be6e2bd750babff4ba0d',67622),('\'Chris Nevin\'','\'Chris Nevin\'','DL_78422eecc78f4761436c280f049a2d2d',67623),('\'Emilio Couto\'','\'Emilio Couto\'','DL_a4c2ae63640247bbd5f539bd60951c1c',67624),('\'Utku Sen\'','\'Utku Sen\'','DL_20c749c8de8568e48c0ef5e4aa14cbda',67625),('\'Matthew Creel\'','\'Matthew Creel\'','DL_c067bd15ae7acf819684bde9b92a79f1',67626),('\'The Dark Tangent\'','\'The Dark Tangent\'','DC_585aaf4aad9522f2701b50a87905ab17',67627),('\' \'','\' \'','SEV_9ebcf5df76898657f22936b36261a9fc',67628),('\'Amit Elazari\'','\'Amit Elazari\'','IOT_566d27896ddc0647c28ab4bf8db5bf40',67629),('\'Anahit Tarkhanyan\'','\'Anahit Tarkhanyan\'','IOT_566d27896ddc0647c28ab4bf8db5bf40',67630),('\' \'','\' \'','WLV_cd3dbaa4f6b7076bcaf0347bbe35b188',67631),('\'Sanjana Sarda\'','\'Sanjana Sarda\'','IOT_47b4ab57b26b107282e4811e1331299b',67632),('\' \'','\' \'','DCG_abaafd2754ff3db8b7fc14913038f983',67633),('\' \'','\' \'','DCG_2247307bd04c28619737481b6ffeb16c',67634),('\' \'','\' \'','DCG_b2f391753708bc61c66762b320daf855',67635),('\' \'','\' \'','DCG_9421f2671fdcc644d75c6bc288bd6513',67636),('\' \'','\' \'','DCG_ab8fed075ab7ac549cfbe185b954985e',67637),('\' \'','\' \'','DCG_05880fb30ec565f96d406bcd24d65281',67638),('\' \'','\' \'','DCG_64bbe716ca44338ac85fc04a02dca1a9',67639),('\' \'','\' \'','DCG_5b1695f099ee1750033387b73667a521',67640),('\' \'','\' \'','DCG_54f554c27b60c652aa40c381a717b6fc',67641),('\' \'','\' \'','DL_bf1cd20659003248941d942c09d87d09',67642),('\'Brent White / B1TK1LL3R\'','\'Brent White / B1TK1LL3R\'','DCG_d30766231508160ae660d562ad0f2ff3',67643),('\'Casey Bourbonnais / ADAM_915\'','\'Casey Bourbonnais / ADAM_915\'','DCG_d30766231508160ae660d562ad0f2ff3',67644),('\'Jayson E. Street\'','\'Jayson E. Street\'','DCG_d30766231508160ae660d562ad0f2ff3',67645),('\'April C Wright\'','\'April C Wright\'','DCG_d30766231508160ae660d562ad0f2ff3',67646),('\'Iceman\'','\'Iceman\'','WLV_8dd6b2045b08d8de0b5baf287f67514e',67647),('\'Omikron\'','\'Omikron\'','WLV_8dd6b2045b08d8de0b5baf287f67514e',67648),('\' \'','\' \'','DC_8ba1d46c47942fdd8d4c0d293eaa21f0',67649),('\' \'','\' \'','HHV_4d202e74c9b6209240195409b0fe8953',67650);
/*!40000 ALTER TABLE `speakers` ENABLE KEYS */;
UNLOCK TABLES;
SET @@SESSION.SQL_LOG_BIN = @MYSQLDUMP_TEMP_LOG_BIN;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2020-08-09 14:22:45