Talk/Event Schedule
Saturday
This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.
Saturday - 00:00 PDT
Return to Index - Locations Legend
MUS - Music - Scotch & Bubbles - Scotch & Bubbles
Saturday - 01:00 PDT
Return to Index - Locations Legend
MUS - Music - Magik Plan - Magik Plan
Saturday - 08:00 PDT
Return to Index - Locations Legend
HHV - (08:30-08:59 PDT) - Hardware Hacking 101: Rogue Keyboards and Eavesdropping Cables - Federico Lucifredi
RFV - The Basics of Breaking BLE - Part 2: Doing More With Less - freqy
Saturday - 09:00 PDT
Return to Index - Locations Legend
AIV - Welcome to AI Village - AI Village Organizers
AIV - (09:30-10:59 PDT) - Intro to ML Workshop - Gavin Klondike
APV - AppSec Village Welcome and Introductions
APV - Borrow a mentor
APV - Scaling AppSec through Education - Grant Ongers (rewtd)
ASV - A-ISAC CTF -- Pre-registration Required -
ASV - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - (09:30-10:50 PDT) - VDP in aviation: Experiences and lessons learnt as a researcher - Matt Gaffney
BTV - I know who has access to my cloud, do you? - Igal Flegmann
BTV - Wireshark for Incident Response & Threat Hunting - Michael Wylie
CON - OpenSOC Blue Team CTF -
CON - Trace Labs OSINT Search Party CTF - Briefing -
CON - Darknet-NG -
DC - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
HHV - (09:30-10:30 PDT) - Use a PortaProg to flash, dump, and test ISP and UPDI chips - Bradán Lane,Sara Cladlow
PHV - APT Hunting with Splunk - John Stoner
PHV - Seeing the Forest Through the Trees – Foundations of Event Log Analysis - Jake Williams
Saturday - 10:00 PDT
Return to Index - Locations Legend
AIV - cont...(09:30-10:59 PDT) - Intro to ML Workshop - Gavin Klondike
APV - I used AppSec skills to hack IoT, and so can you - Alexei Kojenov
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(09:30-10:50 PDT) - VDP in aviation: Experiences and lessons learnt as a researcher - Matt Gaffney
ASV - Antenny -
ASV - ARINC 429 Lab -
ASV - Deep Space Networking -
ASV - Hack-A-Sat2 Satellite Platform -
ASV - HACMS Live Demo -
ASV - Lego Spike Hub -
ASV - Understanding Space in the Cyber Domain -
ASV - ADSB Demo and Paper Airplanes -
AVV - The Way of The Adversary - Phillip Wylie
BCV - Welcome Note - Nathan,Ron Stoner
BCV - (10:15-11:30 PDT) - Key Note – The Three Amigos: Money Laundering, Cryptocurrencies, and Smart Contracts - Daniel Garrie,David Cass
BHV - How to Not Miss The Point: Reflections on Race, Health, and Equity - Nia Johnson
BHV - CTF: Hospital Under Siege (Pre-registration required)
BICV - (10:30-10:30 PDT) - Black Cyber Exodus: The Mis-Education (Certification) of Black Cyber - Stephen Pullum
BTV - cont...(09:00-10:30 PDT) - Wireshark for Incident Response & Threat Hunting - Michael Wylie
BTV - (10:15-11:15 PDT) - Use DNS to detect your domains are abused for phishing - Karl Lovink a.k.a. Cyb0rg42,Arnold Holzel
CCV - What Is Zero Knowledge - Sarang Noether, Ph.D.
CLV - Extracting all the Azure Passwords - Karl Fosaaen
CLV - (10:45-11:30 PDT) - Windows Server Containers are Broken - Here's How You Can Break Out - Daniel Prizmant
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - DEF CON 29 CTF by OOO -
CON - Red Team Village CTF - Qualifiers Part 2 -
CON - Red Alert ICS CTF -
CON - Trace Labs OSINT Search Party CTF -
CON - CMD+CTRL -
CON - Hack3r Runw@y -
CPV - CPV Through the Looking-Glass: Cryptography Codes and Secret Writing (DC 26)
CPV - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - DEF CON Vendor Area Open
DC - Privacy Without Monopoly: Paternalism Works Well, But Fails Badly - Cory Doctorow
DC - High-Stakes Updates | BIOS RCE OMG WTF BBQ - Jesse Michael,Mickey Shkatov
DC - Crossover Episode: The Real-Life Story of the First Mainframe Container Breakout - Chad Rikansrud (Bigendian Smalls),Ian Coldwater
DC - Community Roundtable - Supply Chain in the COVID Era -
DC - Community Roundtable - We need to talk about Norm – Discussions on International cyber norms in diplomacy -
DDV - Data Duplication Village - Open -
DL - Kubernetes Goat - Madhu Akula
DL - Ruse - Mike Kiser
DL - PMapper - Erik Steringer
DL - Depthcharge - Jon Szymaniak
HHV - cont...(09:30-10:30 PDT) - Use a PortaProg to flash, dump, and test ISP and UPDI chips - Bradán Lane,Sara Cladlow
HHV - (10:30-10:59 PDT) - The Black Box and the Brain Box: When Electronics and Deception Collide - Gigs
HTSV - OSINT Tales: What the Public Knows About Russia’s New Mega-Submarine - H I Sutton
ICSV - CybatiWorks Mission Station Workshop - Matthew Luallen
IOTV - Pentesting 101 -
IOTV - I used AppSec skills to hack IoT, and so can you - Alexei Kojenov
IOTV - UART to UBOOT to ROOT -
IOTV - IoT Village Capture the Flag (CTF) -
IOTV - IoT Village Labs -
IOTV - Black Box Challenges -
LBV - Bypass 101
LPV - Intro To Lockpicking - TOOOL
PHV - cont...(09:00-10:59 PDT) - APT Hunting with Splunk - John Stoner
PHV - *nix Processes. Starting, Stopping, and Everything In Between - Nick Roy
RCV - Adversary Infrastructure Tracking with Mihari - Manabu Niseki
RCV - (10:40-11:10 PDT) - The Bug Hunter’s Recon Methodology - Tushar Verma
SEV - SECTF4Teens - Chris Silvers,Kris Silvers
VMV - Voting Village Keynote Remarks - Thomas Hicks
VMV - (10:30-10:59 PDT) - Secrets of Social Media PsyOps - BiaSciLab
WS - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - Bug bounty Hunting Workshop - David Patten,Philippe Delteil
WS - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist
WS - Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders - Michael Register,Michael Solomon
Saturday - 11:00 PDT
Return to Index - Locations Legend
AIV - The Coming AI Hackers - Bruce Schneier
APV - The Curious case of knowing the unknown - Vandana Verma Sehgal
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-12:59 PDT) - Understanding Space in the Cyber Domain -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - Decoding NOAA Weather Sat Signals -
ASV - (11:30-12:59 PDT) - AIAA CubeSat Hacking Workshop - Virtual Lab #3 -
ASV - (11:30-11:55 PDT) - Defending the Unmanned Aerial Vehicle: Advancements in UAV Intrusion Detection - Jason Whelan
AVV - (Workshop) From zero to hero: creating a reflective loader in C# - Jean Francois Maes
BCV - cont...(10:15-11:30 PDT) - Key Note – The Three Amigos: Money Laundering, Cryptocurrencies, and Smart Contracts - Daniel Garrie,David Cass
BCV - (11:30-11:59 PDT) - Tryptich Talk - Sarang Noether, Ph.D.
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - Chinese Military Bioweapons and Intimidation Operations: Part III - RedDragon
BTV - cont...(10:15-11:15 PDT) - Use DNS to detect your domains are abused for phishing - Karl Lovink a.k.a. Cyb0rg42,Arnold Holzel
BTV - Tricks for the Triage of Adversarial Software - Dylan Barker,Quinten Bowen
BTV - BTV Presents: Malware Station - Maldoc Workshop - Clay (ttheveii0x)
BTV - (11:30-11:59 PDT) - What Machine Learning Can and Can't Do for Security - Wendy Edwards
CHV - My other car is your car: compromising the Tesla Model X keyless entry system - Lennert Wouters
CLV - cont...(10:45-11:30 PDT) - Windows Server Containers are Broken - Here's How You Can Break Out - Daniel Prizmant
CLV - (11:30-12:15 PDT) - AWS cloud attack vectors and security controls - Kavisha Sheth
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-11:59 PDT) - Red Team Village CTF - Qualifiers Part 2 -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CPV - cont...(10:00-11:30 PDT) - CPV Through the Looking-Glass: Cryptography Codes and Secret Writing (DC 26)
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - (11:30-12:30 PDT) - Breaking Historical Ciphers with Modern Algorithms - Elonka Dunin,Klaus Schmeh
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - Wibbly Wobbly, Timey Wimey – What's Really Inside Apple's U1 Chip - Alexander Heinrich,jiska
DC - UPnProxyPot: fake the funk, become a blackhat proxy, MITM their TLS, and scrape the wire - Chad Seaman
DC - (11:30-12:30 PDT) - Community Roundtable - If only you knew -
DL - cont...(10:00-11:50 PDT) - Kubernetes Goat - Madhu Akula
DL - cont...(10:00-11:50 PDT) - Ruse - Mike Kiser
DL - cont...(10:00-11:50 PDT) - PMapper - Erik Steringer
DL - cont...(10:00-11:50 PDT) - Depthcharge - Jon Szymaniak
HHV - Walkthrough of DC 28 HHV Challenges - rehr
HRV - Amateur Radio Mesh Networking: Enabling Higher Data-rate Communications - Tyler Gardner
HTSV - Cyber-SHIP Lab Talk and Demo - Kevin Jones,Kimberley Tam
ICSV - cont...(10:00-11:59 PDT) - CybatiWorks Mission Station Workshop - Matthew Luallen
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - You're Doing IoT RNG - Allan Cecil - dwangoAC,Dan Petro - AltF4
LBV - Bypassing Retail Security Tags
LPV - Hybrid PhySec tools - best of both worlds or just weird? - d1dymu5
PHV - Linux Binary Analysis w/ Strace - Jared Stroud
RCV - cont...(10:40-11:10 PDT) - The Bug Hunter’s Recon Methodology - Tushar Verma
RCV - (11:20-11:50 PDT) - Can I Make My Own Social Threat Score? - MasterChen
SEV - cont...(10:00-11:59 PDT) - SECTF4Teens - Chris Silvers,Kris Silvers
VMV - How to Weaponize RLAs to Discredit an Election - Carsten Schürmann
VMV - (11:30-11:59 PDT) - High Turnout, Wide Margins - Brianna Lennon,Eric Fey
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Bug bounty Hunting Workshop - David Patten,Philippe Delteil
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist
WS - cont...(10:00-13:59 PDT) - Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders - Michael Register,Michael Solomon
Saturday - 12:00 PDT
Return to Index - Locations Legend
AIV - Never a dill moment: Exploiting machine learning pickle files - Suha Sabi Hussain
AIV - (12:30-12:59 PDT) - Replication as a Security Threat: How to Save Millions By Recreating Someone Else’s Model - Stella Biderman
APV - CSP is broken, let’s fix it - Amir Shaked
APV - (Workshop) - Integrating DAST tools into developers' test process - Joe Schottman
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-12:59 PDT) - Understanding Space in the Cyber Domain -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(11:30-12:59 PDT) - AIAA CubeSat Hacking Workshop - Virtual Lab #3 -
ASV - Federal Perspective on Aerospace Cybersecurity - Larry Grossman,Steve Luczynski
ASV - In Space, No One Can Hear You Hack -
ASV - (12:30-13:20 PDT) - Lost In Space: No-one Can Hear Your Breach (Choose Wisely) - Elizabeth Wharton
AVV - cont...(11:00-13:15 PDT) - (Workshop) From zero to hero: creating a reflective loader in C# - Jean Francois Maes
BCV - Ethereum Hacks & How to Stop Them - Michael Lewellen
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - (12:30-13:30 PDT) - Cloud security for healthcare and life sciences - MIchelle Holko
BICV - (12:30-12:30 PDT) - The OPSEC of Protesting - Ochaun Marshall
BTV - cont...(11:00-12:30 PDT) - Tricks for the Triage of Adversarial Software - Dylan Barker,Quinten Bowen
BTV - cont...(11:00-12:30 PDT) - BTV Presents: Malware Station - Maldoc Workshop - Clay (ttheveii0x)
BTV - (12:15-12:45 PDT) - How do you ALL THE CLOUDS? - henry
CAHV - National Service Panel - Amelie Koran,Elizabeth Schweinsberg,Joe Billingsley,Teri Williams
CAHV - Resume Reviewing
CAHV - Career Coaching
CHV - Not so Passive: Vehicle Identification and Tracking via Passive Keyless Entry - Nick Ashworth
CLV - cont...(11:30-12:15 PDT) - AWS cloud attack vectors and security controls - Kavisha Sheth
CLV - (12:15-12:45 PDT) - Using Barq to perform AWS Post-Exploitation Actions - Mohammed Aldoub
CLV - (12:45-13:30 PDT) - Shift Left Using Cloud: Implementing baseline security into your deployment lifecycle - Avinash Jain
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - Red Team Village CTF - Qualifier Prizes and Announcements -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - cont...(11:30-12:30 PDT) - Breaking Historical Ciphers with Modern Algorithms - Elonka Dunin,Klaus Schmeh
CPV - (12:30-13:15 PDT) - CPV Through the Looking-Glass: Cryptanalysis in the Time of Ransomware (DC 25)
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - cont...(11:30-12:30 PDT) - Community Roundtable - If only you knew -
DC - Bring Your Own Print Driver Vulnerability - Jacob Baines
DC - Racketeer Toolkit. Prototyping Controlled Ransomware Operations - Dimitry "Op_Nomad" Snezhkov
DC - Time Turner - Hacking RF Attendance Systems (To Be in Two Places at Once) - Vivek Nair
DC - (12:30-12:50 PDT) - Hack the hackers: Leaking data over SSL/TLS - Ionut Cernica
DC - (12:30-12:50 PDT) - A new class of DNS vulnerabilities affecting many DNS-as-Service platforms - Ami Luttwak,Shir Tamari
DL - Tracee - Yaniv Agman
DL - USBSamurai - Luca Bongiorni
DL - Git Wild Hunt - Rod Soto,José Hernandez
HHV - A Lazy r2 Solve of @mediumrehr Challenge 6 - Ben Gardiner
HRV - Ham Radio Exams -
HTSV - Hack the Sea Cabana Party -
HTSV - Cyber in the Under Sea - David Strachan
ICSV - Fireside Chat - August Cole - August Cole
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - Strategic Trust and Deception in the Internet of Things - Juneau Jones
IOTV - (12:45-13:30 PDT) - MIPS-X - The next IoT Frontier - Patrick Ross,Zoltán Balázs
LBV - Tools 101 & Q&A
LPV - Intro To Lockpicking - TOOOL
PHV - Security Investigations with Splunk - Robert Wagner
PHV - RCE via Meow Variant along with an Example 0day - Özkan Mustafa AKKUŞ
RCV - Let the bugs come to me - how to build cloud-based recon automation at scale - Ryan Elkins
RGV - Twitter Q&A regarding Top 10 BOGUS Biometrics! - Vic Harkness
SEV - (12:30-13:30 PDT) - Using SE to create insider threats and win all the things - Lisa Forte
SOC - Friends of Bill W. -
VMV - Keeping Your Information Security Policy Up to Date - Sang-Oun Lee
VMV - (12:30-12:59 PDT) - Social Media Security = Election Security - Sebastian Bay
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Bug bounty Hunting Workshop - David Patten,Philippe Delteil
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist
WS - cont...(10:00-13:59 PDT) - Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders - Michael Register,Michael Solomon
Saturday - 13:00 PDT
Return to Index - Locations Legend
AIV - Who's Afraid of Thomas Bayes? - Erick Galinkin
AIV - (13:30-13:59 PDT) - Risks of ML Systems in Health Care: The Real Story - Barton Rhodes
APV - cont...(12:00-14:30 PDT) - (Workshop) - Integrating DAST tools into developers' test process - Joe Schottman
APV - When nothing goes right, push left. Designing logs for future breach investigations - Vee
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(12:00-15:59 PDT) - In Space, No One Can Hear You Hack -
ASV - cont...(12:30-13:20 PDT) - Lost In Space: No-one Can Hear Your Breach (Choose Wisely) - Elizabeth Wharton
AVV - cont...(11:00-13:15 PDT) - (Workshop) From zero to hero: creating a reflective loader in C# - Jean Francois Maes
AVV - (13:15-13:59 PDT) - (Tool Demo) Red Team Credentials Reconnaissance (OLD with a TWIST) - Shantanu Khandelwal
BCV - Certified Ethereum Professional (CEP) Overview - Abstrct
BCV - (13:30-13:59 PDT) - Sla(sh*t)ing happens when you stake - Nadir Akhtar,Y L
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - cont...(12:30-13:30 PDT) - Cloud security for healthcare and life sciences - MIchelle Holko
BHV - (13:30-13:59 PDT) - Securing the Internet of Biological Things - Thom Dixon
BTV - (13:45-14:15 PDT) - Leveraging NGFWs for Threat Hunting - Drimacus
CAHV - cont...(12:00-15:59 PDT) - Resume Reviewing
CAHV - cont...(12:00-15:59 PDT) - Career Coaching
CAHV - Selling Yourself as a Security Professional - Preston Pierce
CCV - Monero Scaling Opportunities and Challenges - Francisco Cabañas
CHV - Fuzzing CAN / CAN FD ECU's and Network - Samir Bhagwat
CLV - cont...(12:45-13:30 PDT) - Shift Left Using Cloud: Implementing baseline security into your deployment lifecycle - Avinash Jain
CLV - (13:30-13:50 PDT) - CSPM2CloudTrail - Extending CSPM Tools with (Near) Real-Time Detection Signatures (Lightning Talk) - Rodrigo "Sp0oKeR" Montoro
CLV - (13:50-14:35 PDT) - Azure Active Directory Hacking Wars - Batuhan Sancak
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - Red Team Village CTF - Finals Part 1 -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - cont...(12:30-13:15 PDT) - CPV Through the Looking-Glass: Cryptanalysis in the Time of Ransomware (DC 25)
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - TEMPEST radio station - Paz Hameiri
DC - PINATA: PIN Automatic Try Attack - Salvador Mendoza
DC - Defeating Physical Intrusion Detection Alarm Wires - Bill Graydon
DC - Community Roundtable - RANSOMWARE: Combatting Ransomware on a Global Stage / The realities of responding to ransomware -
DL - cont...(12:00-13:50 PDT) - Tracee - Yaniv Agman
DL - cont...(12:00-13:50 PDT) - USBSamurai - Luca Bongiorni
DL - cont...(12:00-13:50 PDT) - Git Wild Hunt - Rod Soto,José Hernandez
HHV - Meetup: Some HHV challenges - rehr
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - (13:30-14:30 PDT) - Amateur Radio Digital Modes Primer - Jon Marler
HTSV - cont...(12:00-14:59 PDT) - Hack the Sea Cabana Party -
HTSV - Sea Pods - Grant Romundt
ICSV - Toward a Collaborative Cyber Defense and Enhanced Threat Intelligence Structure - Lauren Zabierek
ICSV - (13:30-13:59 PDT) - Fortifying ICS - Hardening and Testing - Dieter Sarrazyn
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(12:45-13:30 PDT) - MIPS-X - The next IoT Frontier - Patrick Ross,Zoltán Balázs
IOTV - (13:45-14:30 PDT) - Mind the Gap - Managing Insecurity in Enterprise IoT - Cheryl Biswas
LBV - Electronic Warfare & Q&A
LPV - How I defeated the Western Electric 30c - N∅thing
PHV - cont...(12:00-13:59 PDT) - Security Investigations with Splunk - Robert Wagner
SEV - cont...(12:30-13:30 PDT) - Using SE to create insider threats and win all the things - Lisa Forte
SEV - (13:30-14:30 PDT) - The Innocent Lives Foundation: A Beacon of Light in a Dark World - John McCombs
SOC - A&E Pool Party! -
VMV - New Hampshire SB43 Forensic Audit - Harri Hursti
VMV - (13:30-13:59 PDT) - Why Hacking Voters Is Easier Than Hacking Ballots - Maurice Turner
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Bug bounty Hunting Workshop - David Patten,Philippe Delteil
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist
WS - cont...(10:00-13:59 PDT) - Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders - Michael Register,Michael Solomon
Saturday - 14:00 PDT
Return to Index - Locations Legend
AIV - The Real History of Adversarial Machine Learning - Eugene Neelou
APV - cont...(12:00-14:30 PDT) - (Workshop) - Integrating DAST tools into developers' test process - Joe Schottman
APV - How I broke into Mexico City's justice system application and database - Alfonso Ruiz Cruz
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(12:00-15:59 PDT) - In Space, No One Can Hear You Hack -
ASV - AIAA CubeSat Hacking Workshop - Virtual Lab #4 -
ASV - (14:30-14:55 PDT) - True Story: Hackers in the Aerospace Sector - Declyn S.,Ginny Spicer,Olivia Stella,Steve Luczynski,Thomas Bristow
AVV - Operation Bypass: Catch My Payload If You Can - Matthew Eidelberg
BCV - EIP-1559 Panel
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - The Real Story on Patching Medical Devices - Michael Murray
BICV - (14:30-14:30 PDT) - 40 cores and a CPU - Nico "Socks" Smith
BTV - cont...(13:45-14:15 PDT) - Leveraging NGFWs for Threat Hunting - Drimacus
BTV - BTV Presents: Forensics Station - Workshop 1 - Omenscan
BTV - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - (14:30-15:30 PDT) - Modern Authentication for the Security Admin - Bailey Bercik,Mark Morowczynski
CAHV - cont...(12:00-15:59 PDT) - Resume Reviewing
CAHV - cont...(12:00-15:59 PDT) - Career Coaching
CAHV - Career Hacking: Tips and Tricks to Making the Most of your Career - Andy Piazza
CHV - Build Automotive Gateways with Ease - Don Hatfield
CLV - cont...(13:50-14:35 PDT) - Azure Active Directory Hacking Wars - Batuhan Sancak
CLV - (14:35-16:59 PDT) - Onions In the Cloud Make the CISO Proud (Workshop) - Wes Lambert
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - cont...(13:00-16:59 PDT) - Red Team Village CTF - Finals Part 1 -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - Staying Fresh While the Feds Watch: Changes in Government Surveillance and Why it Matters - Anthony Hendricks
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - cont...(13:00-14:59 PDT) - Community Roundtable - RANSOMWARE: Combatting Ransomware on a Global Stage / The realities of responding to ransomware -
DC - Sneak into buildings with KNXnet/IP - Claire Vacherot
DC - SPARROW: A Novel Covert Communication Scheme Exploiting Broadcast Signals in LTE, 5G & Beyond - Chuck McAuley,Reza Soosahabi
DC - Over-the-air remote code execution on the DEF CON 27 badge via Near Field Magnetic Inductance or World’s first NFMI exploitation, sorta or OTARCEDC27NFMIOMGWTFBBQ - Seth Kintigh
DL - ParseAndC - Parbati Kumar Manna
DL - WiFi Kraken Lite - Henry Hill
DL - WiFi Kraken Lite - Henry Hill
DL - Shutter - Dimitry "Op_Nomad" Snezhkov
HHV - Meetup: Sourcing Parts & The Global Parts Shortage - bombnav
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - cont...(13:30-14:30 PDT) - Amateur Radio Digital Modes Primer - Jon Marler
HTSV - cont...(12:00-14:59 PDT) - Hack the Sea Cabana Party -
HTSV - Cyber Operations and Operational Wargames on Port Infrastructure - Tom Mouatt,Ed McGrady,John Curry
ICSV - Crippling the Grid: Examination of Dependencies and Cyber Vulnerabilities - Joe Slowik
ICSV - (14:30-14:59 PDT) - Leveraging SBOMs to Enhance ICS Security - Thomas Pace
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(13:45-14:30 PDT) - Mind the Gap - Managing Insecurity in Enterprise IoT - Cheryl Biswas
IOTV - (14:45-15:30 PDT) - Reverse Supply Chain Attack - A Dangerous Pathway To Medical Facilities’ Networks - Barak Hadad,Gal Kaufman
LBV - cont...(13:00-14:30 PDT) - Electronic Warfare & Q&A
LBV - (14:30-15:59 PDT) - Alarm Bypass & Q&A
LPV - (14:15-14:45 PDT) - Intro To Lockpicking - TOOOL
RCV - How vigilant researchers can uncover APT attacks for fun and non profit - Ladislav Baco
RCV - (14:40-15:10 PDT) - .GOV Doppelgänger: Your Häx Dollars at Work - Anthony Kava
SEV - cont...(13:30-14:30 PDT) - The Innocent Lives Foundation: A Beacon of Light in a Dark World - John McCombs
SEV - (14:30-15:30 PDT) - Make Them Want To Tell You: The Science of Elicitation - Christopher Hadnagy
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
Saturday - 15:00 PDT
Return to Index - Locations Legend
AIV - RTV/AIV Red Teaming AI Roundtable - Rich Harang,Anita Nikolich
APV - A Deep Dive Into Supply Chain Vulnerabilities: And How SecDevOps Can Save the Day - Adam Schaal
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(12:00-15:59 PDT) - In Space, No One Can Hear You Hack -
ASV - cont...(14:00-15:59 PDT) - AIAA CubeSat Hacking Workshop - Virtual Lab #4 -
ASV - Drone Security Research Series – Ep6 Hacking with drones - Matt Gaffney
AVV - (Tool Demo) PurpleSharp: Automated Adversary Simulation - Mauricio Velazco
AVV - (15:45-16:30 PDT) - Phish Like An APT - Sanne Maasakkers
BCV - Evils in the DeFi world - Minzhi He,Peiyu Wang
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - OWASP & CSA IoT: Impacting Medical Security - Aaron Guzman
BTV - cont...(14:00-15:30 PDT) - BTV Presents: Forensics Station - Workshop 1 - Omenscan
BTV - cont...(14:00-17:59 PDT) - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - cont...(14:30-15:30 PDT) - Modern Authentication for the Security Admin - Bailey Bercik,Mark Morowczynski
BTV - (15:45-16:45 PDT) - Uncomfortable Networking - Charles Rumford
CAHV - cont...(12:00-15:59 PDT) - Resume Reviewing
CAHV - cont...(12:00-15:59 PDT) - Career Coaching
CCV - Triptych - Sarang Noether, Ph.D.
CHV - Safety Third: Defeating Chevy StabiliTrak for Track Time Fun - Eric Gershman
CLV - cont...(14:35-16:59 PDT) - Onions In the Cloud Make the CISO Proud (Workshop) - Wes Lambert
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - cont...(13:00-16:59 PDT) - Red Team Village CTF - Finals Part 1 -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - CPV Through the Looking-Glass: Hacking on Multi-Party Computation (DC 25)
CPV - (15:30-16:30 PDT) - Gold Bug Q&A -
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - Hacking G Suite: The Power of Dark Apps Script Magic - Matthew Bryant
DC - Central bank digital currency, threats and vulnerabilities - Ian Vitek
DC - Breaking Secure Bootloaders - Christopher Wade
DL - cont...(14:00-15:50 PDT) - ParseAndC - Parbati Kumar Manna
DL - cont...(14:00-15:50 PDT) - WiFi Kraken Lite - Henry Hill
DL - cont...(14:00-15:50 PDT) - WiFi Kraken Lite - Henry Hill
DL - cont...(14:00-15:50 PDT) - Shutter - Dimitry "Op_Nomad" Snezhkov
HHV - Meetup: OSS ASIC - Josh Marks
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - How to Contact the ISS with a $30 Radio - Gregg Horton
HTSV - US Coast Guard 2021 Cyber Strategic Outlook - Michael Chien
ICSV - Smart Meters: I'm Hacking Infrastructure and So Should You - Hash Salehi
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(14:45-15:30 PDT) - Reverse Supply Chain Attack - A Dangerous Pathway To Medical Facilities’ Networks - Barak Hadad,Gal Kaufman
IOTV - (15:45-16:15 PDT) - Ethics at the Edge: IoT as the Embodiment of AI for Rampant Intelligence Actuation - Ria Cheruvu
LBV - cont...(14:30-15:59 PDT) - Alarm Bypass & Q&A
LPV - The Coat Hanger Talk: A Noob's Look Into the Thieves World - De
RCV - cont...(14:40-15:10 PDT) - .GOV Doppelgänger: Your Häx Dollars at Work - Anthony Kava
RCV - (15:20-16:05 PDT) - OSINT for Sex Workers - Kala Kinyon
SEV - cont...(14:30-15:30 PDT) - Make Them Want To Tell You: The Science of Elicitation - Christopher Hadnagy
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
WS - Network Analysis with Wireshark - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - Evading Detection a Beginner's Guide to Obfuscation - Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
WS - Advanced Wireless Attacks Against Enterprise Networks - Solstice
Saturday - 16:00 PDT
Return to Index - Locations Legend
AIV - Where We’re Going We Don’t Need Labels: Anomaly Detection for 2FA - Rebecca Lynch,Stefano Meschiari
AIV - (16:30-16:59 PDT) - AI Discord Happy Hour - Open Discussion on AIV Discord about the State of AI Security
APV - DevSecOps: Merging Security and Software Engineering - Magno Logan DELETE ME
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - Fuzzing NASA Core Flight System Software - Ronald Broberg
AVV - cont...(15:45-16:30 PDT) - Phish Like An APT - Sanne Maasakkers
AVV - (16:30-17:15 PDT) - (Tool Demo) Tenacity: An Adversary Emulation Tool for Persistence - Atul Nair,Harshal Tupsamudre
BCV - The Wild West of DeFi Exploits - Anna Szeto
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - cont...(15:00-16:45 PDT) - OWASP & CSA IoT: Impacting Medical Security - Aaron Guzman
BHV - (16:45-16:59 PDT) - A Cohort of Pirate Ships - Alex Pearlman
BICV - (16:30-16:30 PDT) - How Bias and Discrimination in Cybersecurity will have us locked up or dead - Tennisha Martin
BTV - cont...(14:00-17:59 PDT) - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - cont...(15:45-16:45 PDT) - Uncomfortable Networking - Charles Rumford
BTV - (16:30-17:59 PDT) - Ransomware ATT&CK and Defense with the Elastic Stack - Ben Hughes,Daniel Chen,Fred Mastrippolito
CCV - (16:30-16:59 PDT) - Cryptocurrency Trivia! - Justin Ehrenhofer
CLV - cont...(14:35-16:59 PDT) - Onions In the Cloud Make the CISO Proud (Workshop) - Wes Lambert
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(13:00-16:59 PDT) - Red Team Village CTF - Finals Part 1 -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - cont...(15:30-16:30 PDT) - Gold Bug Q&A -
CPV - (16:30-17:30 PDT) - The threat hiding in daylight: Police Monitoring legislation and individual privacy in chat - Vic Huang,Joy Ho
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - New Phishing Attacks Exploiting OAuth Authentication Flows - Jenko Hwong
DC - PunkSPIDER and IOStation: Making a Mess All Over the Internet - _hyp3ri0n aka Alejandro Caceres,Jason Hopper
DC - Adventures in MitM-land: Using Machine-in-the-Middle to Attack Active Directory Authentication Schemes - Eyal Karni,Sagi Sheinfeld,Yaron Zinar
DC - Community Roundtable - Thinking About Election Security -
DC - Community Roundtable - Implementing Cyber Solarium Commission Policy -
HHV - Meetup: Certification Processes (UL, FCC, etc.) - ShortTie
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - Getting started with low power & long distance communications - QRP - Eric Escobar
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(15:45-16:15 PDT) - Ethics at the Edge: IoT as the Embodiment of AI for Rampant Intelligence Actuation - Ria Cheruvu
IOTV - (16:30-16:59 PDT) - IoT devices as government witnesses: Can IoT devices ever be secure if law enforcement has unlimited access to their data? - Anthony Hendricks,Jordan Sessler
LBV - (16:30-16:59 PDT) - Bypass 101
LPV - (16:15-16:45 PDT) - Intro To Lockpicking - TOOOL
RCV - cont...(15:20-16:05 PDT) - OSINT for Sex Workers - Kala Kinyon
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - QueerCon Party -
WS - cont...(15:00-18:59 PDT) - Network Analysis with Wireshark - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(15:00-18:59 PDT) - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - cont...(15:00-18:59 PDT) - Evading Detection a Beginner's Guide to Obfuscation - Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
WS - cont...(15:00-18:59 PDT) - Advanced Wireless Attacks Against Enterprise Networks - Solstice
Saturday - 17:00 PDT
Return to Index - Locations Legend
APV - Can’t Stop the Code: Embrace the Code - Alton Crossley
APV - (17:45-17:50 PDT) - AppSec Quiz Time! - Eden Stroet
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
AVV - cont...(16:30-17:15 PDT) - (Tool Demo) Tenacity: An Adversary Emulation Tool for Persistence - Atul Nair,Harshal Tupsamudre
AVV - (17:15-18:15 PDT) - C2Centipede: APT level C2 communications for common reverse HTTP shell tools - Jose Garduno
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - The Little Things - Mixæl Laufer
BHV - (17:30-17:59 PDT) - Playing with FHIR: hacking and securing healthcare APIs - Alissa Knight,Mitch Parker
BTV - cont...(14:00-17:59 PDT) - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - cont...(16:30-17:59 PDT) - Ransomware ATT&CK and Defense with the Elastic Stack - Ben Hughes,Daniel Chen,Fred Mastrippolito
BTV - Structured Analytical Techniques for Improving Information Security Analyses - Rabbit
CCV - Monero After Party - Monero Sound
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - Trace Labs OSINT Search Party CTF - Award Ceremony -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - cont...(16:30-17:30 PDT) - The threat hiding in daylight: Police Monitoring legislation and individual privacy in chat - Vic Huang,Joy Ho
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - You're Doing IoT RNG - Allan Cecil - dwangoAC,Dan Petro - AltF4
DC - Hacking the Apple AirTags - Thomas Roth
DC - Don't Dare to Exploit - An Attack Surface Tour of SharePoint Server - Steven Seeley,Yuhao Weng,Zhiniang Peng
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - Remote Ham Radio Exams -
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - (17:15-17:59 PDT) - The Journey of Establishing IoT Trustworthiness and IoT Security Foundation - Amit Elazari,Anahit Tarkhanyan,Ria Cheruvu
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-17:59 PDT) - QueerCon Party -
SOC - DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup -
SOC - Friends of Bill W. -
WS - cont...(15:00-18:59 PDT) - Network Analysis with Wireshark - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(15:00-18:59 PDT) - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - cont...(15:00-18:59 PDT) - Evading Detection a Beginner's Guide to Obfuscation - Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
WS - cont...(15:00-18:59 PDT) - Advanced Wireless Attacks Against Enterprise Networks - Solstice
Saturday - 18:00 PDT
Return to Index - Locations Legend
AVV - cont...(17:15-18:15 PDT) - C2Centipede: APT level C2 communications for common reverse HTTP shell tools - Jose Garduno
AVV - (18:15-18:45 PDT) - Lightning talk: Autonomous lateral movement - Stephan Wampouille
AVV - (18:45-19:45 PDT) - Game Theory: Understanding and Strategy and Deception - Juneau Jones
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - HACKERS INTO THE UN? Engaging in the cyber discussions on war & peace - DEF CON Policy Panel
DC - Offensive Golang Bonanza: Writing Golang Malware - Benjamin Kurtz
DC - Vulnerability Exchange: One Domain Account For More Than Exchange Server RCE - Tianze Ding
HRV - cont...(17:00-18:59 PDT) - Remote Ham Radio Exams -
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(17:00-18:59 PDT) - DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup -
SOC - QueerCon Virtual Chat Mixer
SOC - Hacker Karaoke (Virtual) -
WS - cont...(15:00-18:59 PDT) - Network Analysis with Wireshark - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(15:00-18:59 PDT) - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - cont...(15:00-18:59 PDT) - Evading Detection a Beginner's Guide to Obfuscation - Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
WS - cont...(15:00-18:59 PDT) - Advanced Wireless Attacks Against Enterprise Networks - Solstice
Saturday - 19:00 PDT
Return to Index - Locations Legend
AVV - cont...(18:45-19:45 PDT) - Game Theory: Understanding and Strategy and Deception - Juneau Jones
AVV - (19:45-20:30 PDT) - (Tool Demo) New generation of PEAS - Carlos Polop
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - (Replay) UFOs: Misinformation, Disinformation, and the Basic Truth - Richard Thieme AKA neuralcowboy
DC - (Replay) Racketeer Toolkit. Prototyping Controlled Ransomware Operations - Dimitry "Op_Nomad" Snezhkov
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
Saturday - 20:00 PDT
Return to Index - Locations Legend
AVV - cont...(19:45-20:30 PDT) - (Tool Demo) New generation of PEAS - Carlos Polop
AVV - (20:30-21:30 PDT) - Panel discussion: Is Adversary Emulation Too ___ For You? - Jamie Williams,Cat Self,Tim Schulz,Michael Long,Frank Duff,Jose Barajas
CON - Hacker Jeopardy -
CON - Drunk Hacker History -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - DEF CON Movie Night - Upgrade -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
SOC - Hacker Flairgrounds -
SOC - Gothcon 2021 -
Saturday - 21:00 PDT
Return to Index - Locations Legend
AVV - cont...(20:30-21:30 PDT) - Panel discussion: Is Adversary Emulation Too ___ For You? - Jamie Williams,Cat Self,Tim Schulz,Michael Long,Frank Duff,Jose Barajas
CON - cont...(20:00-21:59 PDT) - Hacker Jeopardy -
CON - cont...(20:00-21:59 PDT) - Drunk Hacker History -
DC - cont...(20:00-21:59 PDT) - DEF CON Movie Night - Upgrade -
MUS - Music - Ohm-i - Ohm-i
MUS - Music - mattrix - mattrix
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
SOC - cont...(20:00-22:59 PDT) - Hacker Flairgrounds -
SOC - Vetcon Meetup (Hybrid) -
Saturday - 22:00 PDT
Return to Index - Locations Legend
ASV - (22:30-23:30 PDT) - The Hangar – Cocktail Making Event -
MUS - Music - Krisz Klink - Krisz Klink
MUS - Music - Icetre Normal - Icetre Normal
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
SOC - cont...(20:00-22:59 PDT) - Hacker Flairgrounds -
Saturday - 23:00 PDT
Return to Index - Locations Legend
ASV - cont...(22:30-23:30 PDT) - The Hangar – Cocktail Making Event -
MUS - Music - Miss Jackalope - Miss Jackalope
MUS - Music - Nina Lowe - Nina Lowe
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
Talk/Event Descriptions
RCV - Saturday - 14:40-15:10 PDT
Title: .GOV Doppelgänger: Your Häx Dollars at Work
When: Saturday, Aug 7, 14:40 - 15:10 PDT
Where: Recon Village (Virtual)
SpeakerBio:Anthony Kava
No BIO available
Twitter: @anthonykava
Description:No Description available
Recon Village talks will stream to YouTube.
YouTube: https://www.youtube.com/c/ReconVillage
Return to Index - Add to
- ics Calendar file
DC - Saturday - 19:00-19:30 PDT
Title: (Replay) Racketeer Toolkit. Prototyping Controlled Ransomware Operations
When: Saturday, Aug 7, 19:00 - 19:30 PDT
Where: Track 2 CLOSED; DCTV/Twitch #2 Pre-Recorded
SpeakerBio:Dimitry "Op_Nomad" Snezhkov
Dimitry Snezhkov is an Associate Director at Protiviti. In this role he hacks code, tools, networks, apps and sometimes subverts human behavior too. Dimitry has spoken at DEF CON, BlackHat, THOTCON conferences, and presented tools at BlackHat Arsenal.
Twitter: @Op_Nomad
Description:
*** SPECIAL NOTE: Technical difficulties prevented this talk from being shown at the correct time slot on DCTV/Twitch. This entry is for the replay. You may also watch this talk on-demand, by following the links at the bottom of this message. ***
Offensive testing in organizations has shown a tremendous value for simulating controlled attacks. While cyber extortion may be one of the main high ROI end goals for the attacker, surprisingly few tools exist to simulate ransomware operations.
Racketeer is one such tool. It is an offensive agent coupled with a C2 base, built to help teams to prototype and exercise a tightly controlled ransomware campaign.
We walk through the design considerations and implementation of a ransomware implant which emulates logical steps taken to manage connectivity and asset encryption and decryption capabilities. We showcase flexible and actionable ways to prototype components of fully remote ransomware operation including key and data management, as well as data communication that is used in ransomware campaigns.
Racketeer is equipped with practical safeguards for lights out operations, and can address the goals of keeping strict control of data and key management in its deployment, including target containment policy, safe credential management, and implementing operational security in simulated operations.
Racketeer can help gain better optics into IoCs, and is helpful in providing detailed logs that can be used to study the behavior and execution artifacts of a ransomware agent.
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=VJ8aqReB118
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Dimitry%20Op%20Nomad%20Snezhkov%20-%20Racketeer%20Toolkit.%20Prototyping%20Controlled%20Ransomware%20Operations.mp4
This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will only be broadcast to DCTV2, in local hotels and on Twitch. This talk is not being presented in Track 2.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_two
Return to Index - Add to
- ics Calendar file
DC - Saturday - 19:00-19:59 PDT
Title: (Replay) UFOs: Misinformation, Disinformation, and the Basic Truth
When: Saturday, Aug 7, 19:00 - 19:59 PDT
Where: Track 1 CLOSED; DCTV/Twitch #1 Pre-Recorded
SpeakerBio:Richard Thieme AKA neuralcowboy
Richard Thieme, https://thiemeworks.com has addressed security and intelligence issues for 28 years. He has keynoted security conferences in 15 countries and given presentations for the NSA, FBI, Secret Service, Pentagon Security Forum, U.S. Department of the Treasury, and Los Alamos National Laboratory. He has been speaking at Def Con since Def Con 4. His sixth book, a novel, Mobius: A Memoir, about an intelligence professional looking back on his career and how it led down unexpected paths, is receiving rave reviews. He has explored UFO phenomena seriously for 43 years.
Twitter: @neuralcowboy
Description:
** SPECIAL NOTE: This is a replay on DCTV/Twitch only, because a technical issue prevented part of the talk from airing during its previously scheduled slot. **
The talk, "UFOs and Government: A Historical Inquiry" given at Def Con 21 has been viewed thousands of times. It was a serious well-documented exploration of the UFO subject based on Thieme's participation in research into the subject with colleagues. The book of that name is the gold standard for historical research into the subject and is in 100+ university libraries.
This update was necessitated by recent UFO incidents and the diverse conversations triggered by them. Contextual understanding is needed to evaluate current reports from pilots and naval personnel, statements from senators and Pentagon personnel, and indeed, all the input from journalists who are often unfamiliar with the field and the real history of documented UFOs over the past 70 years.
Thieme was privileged to participate with scholars and lifelong researchers into the massive trove of reports. We estimate that 95% can be explained by mundane phenomena but the remainder suggest prolonged interaction with our planetary society over a long period. Thieme also knows that when you know you don't know something, don't suggest that you do. Stay with the facts, stay with the data. Sensible conclusions, when we do that, are astonishing enough.
Reality, as Philip K. Dick said, will not go away just because we refuse to believe in it.
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=mExktWB0qz4
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Richard%20Thieme%20AKA%20neuralcowboy%20-%20UFOs%20-%20Misinformation%2C%20Disinformation%2C%20and%20the%20Basic%20Truth.mp4
This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will only be broadcast to DCTV1, in local hotels and on Twitch. This talk is not being presented in Track 1.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_one
Return to Index - Add to
- ics Calendar file
AVV - Saturday - 19:45-20:30 PDT
Title: (Tool Demo) New generation of PEAS
When: Saturday, Aug 7, 19:45 - 20:30 PDT
Where: Adversary Village (Virtual)
SpeakerBio:Carlos Polop
, Senior Security Engineer, Mettle
Carlos is a Spanish Telecommunications Engineer with a Master in Cybersecurity.He had worked hard to pass some important certifications like OSCP, OSWE, CRTP, eMAPT, and eWPTXv2. He has worked mainly as penetration tester/red teamer but also as programmer and system administrator. Since he started learning cybersecurity he has been trying to share his knowledge and help improving the infosec world with his tools (the most remarkable ones are https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite and https://github.com/carlospolop/legion) and with his free hacking tricks online book: https://book.hacktricks.xyz
Twitter: @carlospolopm
https://es.linkedin.com/in/carlos-polop-martin
Description:
Local privilege escalation techniques are far beyond checking the Windows/Kernel version, looking for unquoted service paths or checking SUID binaries. Moreover, a local privilege escalation could make a huge difference when trying to comprise a domain. Several tools have been created to find possible privilege escalation paths, but most of the tools for Red Team and Pentesting just check for a few possible ways, so pentesters need to use several tools and do some manual recon to check for everything.
PEASS is a compilation of a bash script for Linux/MacOS/*nix and a .Net project and a batch script for Windows that I have created some time ago which aims to check and highlight every possible privescpath so professionals don’t need to execute several different tools for this purpose and can very easily find vulnerabilities.
During this talk I would like to present PEASS-ng. The architecture of these scripts has evolved and improved so much that I would like to present how they work at the moment and how the difficulty to collaborate with the project has been reduced significantly. Moreover, I would also like to present the 2 new PEAS that haven't been present anywhere yet: BotPEAS and WebPEAS (the latest one will be released the day of the talk). During the talk I will also present my local privilege escalation resources (https://book.hacktricks.xyz/linux-unix/privilege-escalation , https://book.hacktricks.xyz/windows/windows-local-privilege-escalation) so the attended will be able to continue learning about the topic after the talk.
Adversary Village talks and workshops will be streamed on YouTube and Twitch.
Q&A sessions will happen in DEF CON Official Discord server after each talk.
YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg
Twitch: https://twitch.tv/adversaryvillage
Discord: https://discord.gg/defcon
Return to Index - Add to
- ics Calendar file
AVV - Saturday - 15:00-15:45 PDT
Title: (Tool Demo) PurpleSharp: Automated Adversary Simulation
When: Saturday, Aug 7, 15:00 - 15:45 PDT
Where: Adversary Village (Virtual)
SpeakerBio:Mauricio Velazco
, Principal Threat Research Engineer, Splunk
Mauricio Velazco (@mvelazco) is a Peruvian, information security professionalwith more than a decade of work experience across different roles on both offensive and defensive security. In his current role as a Principal Threat Researcher on Splunk’s Threat Research Team, Mauricio focuses on adversary simulation and threat detection. Prior to Splunk, he led the Threat Management team at a Fortune 500 organization. Mauricio has presented/hosted workshops at conferences like Defcon, BlackHat, Derbycon, BSides, SANS, etc.
Twitter: @mvelazco
https://www.linkedin.com/in/mauricio-velazco-4314b51a/
Description:
Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, building new and testing existing detection capabilities will be constrained. PurpleSharp is an open source adversary simulation tool written in C# that executes adversary techniques within Windows Active Directory environments. The resulting telemetry can be leveraged to measure and improve the efficacy of a detection engineering program. PurpleSharp leverages the MITRE ATT&CK Framework and executes different techniques across the attack life cycle: execution, persistence, privilege escalation, credential access, lateral movement, etc
Adversary Village talks and workshops will be streamed on YouTube and Twitch.
Q&A sessions will happen in DEF CON Official Discord server after each talk.
YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg
Twitch: https://twitch.tv/adversaryvillage
Discord: https://discord.gg/defcon
Return to Index - Add to
- ics Calendar file
AVV - Saturday - 13:15-13:59 PDT
Title: (Tool Demo) Red Team Credentials Reconnaissance (OLD with a TWIST)
When: Saturday, Aug 7, 13:15 - 13:59 PDT
Where: Adversary Village (Virtual)
SpeakerBio:Shantanu Khandelwal
, Manager, KPMG Singapore
Shantanu is a Manager in the Cybersecurity Consulting practice in KPMG. He has experience in leading and performing Adversary Simulation exercises, Security Testing, and IT Security consultancy. He has worked in the Banking and Financial sectors, the Power and Utility sector, and the FMCG sector. He has led and performed various technical assessments, including Red/Purple Teaming, Security Architecture reviews, Application penetration tests, Network penetration tests, and source code reviews for many global multi-national companies. He has experience working in various world regions, including the Middle East, India, Hong Kong, and Singapore.
https://sg.linkedin.com/in/khandelwalshantanu
Description:
This talk covers the basics of credentials reconnaissance performed for a red team. Mostly covers the reconnaissance performed on GitHub to search for leaked passwords by developers. The current toolset and the Shiny new GitHub Credentials Stroller which dives into each repository and performs a deep scan.
Adversary Village talks and workshops will be streamed on YouTube and Twitch.
Q&A sessions will happen in DEF CON Official Discord server after each talk.
YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg
Twitch: https://twitch.tv/adversaryvillage
Discord: https://discord.gg/defcon
Return to Index - Add to
- ics Calendar file
AVV - Saturday - 16:30-17:15 PDT
Title: (Tool Demo) Tenacity: An Adversary Emulation Tool for Persistence
When: Saturday, Aug 7, 16:30 - 17:15 PDT
Where: Adversary Village (Virtual)
Speakers:Atul Nair,Harshal Tupsamudre
SpeakerBio:Atul Nair
, Malware Researcher, Qualys
Atul is a Malware Researcher at Qualys. His name has been listed in Google, Microsoft,Olx, Twitter Hall of fame for finding critical security vulnerabilities. Before joining Qualys he worked as a Cybersecurity consultant at Ernst & Young. Atul has extensive experience in MITRE ATT&CK framework and Adversary emulation. He is currently researching on Android adversary emulation techniques.
https://in.linkedin.com/in/atul-nair-3932a2141/
SpeakerBio:Harshal Tupsamudre
, Senior Threat Research Engineer, Qualys
Harshal Tupsamudre is a senior threat researcher at Qualys. He has 8 years of research experience in the areas of cryptanalysis and usable security. He has published 15+ research articles in top-tier international conferences. He has contributed techniques, threat groups and tools to MITRE ATT&CK framework. Currently, he is researching on detection methodologies for MITRE ATT&CK techniques.
https://in.linkedin.com/in/harshal-tupsamudre-28a58735
Description:
Persistence consists of techniques that adversaries use to maintain their foothold on systems across restarts. Techniques used for persistence include any access, action, or configuration changes that allow attackers retain access on systems. Persistence is one of the more sought-after techniques of an attacker. Every 3 techniques out of top 10 usedby Adversaries belong to Persistence. We leveraged data from MITRE ATT&CK and open source cyber threat intelligence to understand how adversary achieves persistence. We created Tenacity, a light-weight adversary emulation tool that emulates over 30+ persistence techniques using 100+ procedures employed by attackers in the wild. Using this tool the organizations and individuals can quickly validate the risk posture and exposure of their business as well as the performance of the existing security solutions.
Adversary Village talks and workshops will be streamed on YouTube and Twitch.
Q&A sessions will happen in DEF CON Official Discord server after each talk.
YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg
Twitch: https://twitch.tv/adversaryvillage
Discord: https://discord.gg/defcon
Return to Index - Add to
- ics Calendar file
APV - Saturday - 12:00-14:30 PDT
Title: (Workshop) - Integrating DAST tools into developers' test process
When: Saturday, Aug 7, 12:00 - 14:30 PDT
Where: AppSec Village (Virtual)
SpeakerBio:Joe Schottman
No BIO available
Description:
API testing is now vital to AppSec but presents some challenges that conventional DAST testing did not face. This session will show how running developers’ non-security tests for the APIs they develop through an interception proxy such as OWASP ZAP can enable easier, faster, and more accurate DAST testing.
AppSec Village events will be streamed to YouTube.
YouTube: https://www.youtube.com/c/appsecvillage
Return to Index - Add to
- ics Calendar file
AVV - Saturday - 11:00-13:15 PDT
Title: (Workshop) From zero to hero: creating a reflective loader in C#
When: Saturday, Aug 7, 11:00 - 13:15 PDT
Where: Adversary Village (Virtual)
SpeakerBio:Jean Francois Maes
, Senior Red Teamer, NVISO
Jean-François Maes is the technical red team lead at NVISO security and a SANS instructor for the SEC699:Adversary Emulation for Breach Prevention & Detection course. Jean-François wants to help people level up in their careers and make people want to join the infosec community. This is why he's the host of the voices of infosec podcast and the creator of redteamer.tips. Both tailored to inspire people to join in on the fun. Next to his job at NVISO and SANS, he is also very engaged with the infosec community on social media and is a strong believer of open source tooling. He has authored several C# tools such as SharpNukeEventLog, SharpZipRunner and Trustjack.
Twitter: @Jean_Maes_1994
Description:
Have you ever heard of reflective loading before? Ever worked with tools like donut and sRDI? Ever wanted to execute an assembly over Cobalt-Strike but it was bigger than a megabyte? Reflection is awesome, adversaries use it frequently, and in C# it is easier than ever. In this workshop, we will explorer how to create our own reflective loader starting from scratch, adding functionality as we go, in total we will create 6 to 7 loaders. In the end, you will have a better understanding of how reflection works, what appdomains are and do, and how you can leverage reflection in red team operations. In order to attend this workshop, you will need a Windows computer (or VM) and visual studio 2019.
Adversary Village talks and workshops will be streamed on YouTube and Twitch.
Q&A sessions will happen in DEF CON Official Discord server after each talk.
YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg
Twitch: https://twitch.tv/adversaryvillage
Discord: https://discord.gg/defcon
Return to Index - Add to
- ics Calendar file
PHV - Saturday - 10:00-10:59 PDT
Title: *nix Processes. Starting, Stopping, and Everything In Between
When: Saturday, Aug 7, 10:00 - 10:59 PDT
Where: Packet Hacking Village - Talks (Virtual)
SpeakerBio:Nick Roy
Nick Roy (Twitter: @superducktoes) currently works for a global security vendor creating training content and researching new attacker patterns and techniques. Previously he worked at an automation platform startup teaching people about the joys and benefits of automation. While not working he lives in Boston with his wife and two cats hunting out the best dive bars in Boston and solving math problems on college chalkboards overnight.
Twitter: @superducktoes
Description:
Recording discusses Linux and Unix processes, starting with a high level overview of what a process is and what the key components are. We then take a look at how the operating system manages multiple processes, what are the main components of a running process, and finally some common syscalls used in Linux when creating processes. Finally, we look at a few code samples to show how these calls are used with a simple shell. All code can be found here to compliment the video: https://github.com/superducktoes/syscall_processes
All Packet Hacking Village talks will stream on YouTube, Twitch, Facebook, and Periscope.
YouTube: https://youtube.com/wallofsheep
Twitch: https://twitch.tv/wallofsheep
Facebook: https://www.facebook.com/wallofsheep/
Periscope: https://www.periscope.tv/wallofsheep
Return to Index - Add to
- ics Calendar file
BICV - Saturday - 14:30-14:30 PDT
Title: 40 cores and a CPU
When: Saturday, Aug 7, 14:30 - 14:30 PDT
Where: Blacks in Cyber
SpeakerBio:Nico "Socks" Smith
Nico Smith is a technology hobbyist with over 15 years in Information Technology and 10years focused on developing defensive and offensive teams, privately and collegiately. He also is Captain in the US Army National Guard and previously a Cyber Network Defense Manager for a US Army National Guard Cyber Protection Team. In his spare time Nico Smith volunteers 30hrs a month to mentor and support college and high school students interested in entering the cyber career field. He also created the only functioning cyber challenge coin in the DOD. He also created the BIC Village Badge for DEFCON29. He has committed to improving cybersecurity and changing the way cyber is understood, leveraged, and cultivated.
Twitter: @nicolaismith1
Description:
The talk 40 Cores and a CPU will speak to the importance of participating in the cybersecurity field at every level for Black Technologists. I will demonstrate the benefits and struggles that can be both met and overcome through owning physical infrastructure and providing services to the community, with this question in mind: “If the goal is to own and secure your data, wouldn’t be easier if you owned the IP’s and the Bare Metal Infrastructure that supports it?” While the scale will always be dwarfed by larger companies that are Cloud Service Providers, the capabilities to grow and develop at a grassroots level, future engineers, and cybersecurity professionals of color is much easier, which in turn prepares better candidates for larger enterprises. This talk should start the discussion, is it possible for the black community to own spaces of the internet from the BareMetal to the code on the front-end server? And what economic impact would that have, or would it become a security issue, a new cyber target ?
Blacks in Cyber talks will be streamed on YouTube.
YouTube: https://www.youtube.com/c/BlacksInCybersecurity
Return to Index - Add to
- ics Calendar file
BHV - Saturday - 16:45-16:59 PDT
Title: A Cohort of Pirate Ships
When: Saturday, Aug 7, 16:45 - 16:59 PDT
Where: Biohacking Village (Talk - Virtual)
SpeakerBio:Alex Pearlman
, Science and Health Policy + Emerging Issues in Bioethics
No BIO available
Description:
A presentation on our newly published research on ethics attitudes and preferences in biomedical citizen science, biohacker, and community bio groups. As biomedical citizen science initiatives become more prevalent, the unique ethical issues that they raise are attracting policy attention. One issue identified as a significant concern is the ethical oversight of bottom-up biomedical citizen science projects that are designed and executed primarily or solely by members of the public. That is because the federal rules that require ethical oversight of research by institutional review boards generally do not apply to such projects, creating what has been called an ethics gap. Working to close this gap, practitioners and scholars have considered new mechanisms of ethical oversight for biomedical citizen science. To date, however, participants’ attitudes about ethics and oversight preferences have not been systematically examined. This information is useful to efforts to develop ethical oversight mechanisms because it provides a basis for evaluating the likely effectiveness of specific features of such mechanisms and their acceptability from the perspective of biomedical citizen scientists. Here, we report data from qualitative interviews with 35 stakeholders (some from BHV!) in bottom-up biomedical citizen science about their general ethics attitudes and preferences regarding ethical oversight. Interviewees described ten ethical priorities and endorsed oversight mechanisms that are voluntary, community-driven, and offer guidance. Conversely, interviewees rejected mechanisms that are mandatory, hierarchical, and inflexible. Applying these findings, we conclude that expert consultation and community review models appear to align well with ethical priorities and oversight preferences of many biomedical citizen scientists, although local conditions should guide the development and use of mechanisms in specific communities.
All Biohacking Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q
Return to Index - Add to
- ics Calendar file
APV - Saturday - 15:00-15:45 PDT
Title: A Deep Dive Into Supply Chain Vulnerabilities: And How SecDevOps Can Save the Day
When: Saturday, Aug 7, 15:00 - 15:45 PDT
Where: AppSec Village (Virtual)
SpeakerBio:Adam Schaal
No BIO available
Description:
These are dangerous times. From left-pad to event-stream to the Node Security Platform shutdown - nowhere are supply chain vulnerabilities more prevalent than modern-day javascript applications. Join us as we discuss how investing in the DevOps cycle now can help save your assets in the long run.
AppSec Village events will be streamed to YouTube.
YouTube: https://www.youtube.com/c/appsecvillage
Return to Index - Add to
- ics Calendar file
HHV - Saturday - 12:00-12:59 PDT
Title: A Lazy r2 Solve of @mediumrehr Challenge 6
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Hardware Hacking Village (Virtual Talk)
SpeakerBio:Ben Gardiner
Mr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure heavy vehicles at the NMFTA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior YFS Inc. and joining the NMFTA team in 2019, Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer.
Twitter: @BenLGardiner
Description:
Join Ben for an informal let’s play of @mediumrehr’s Hardware Hacking Village challenge 6. Some topics we will cover include: radare2 , AVR assembly, 7 segment displays, and sigrok. It should be fun and relaxed with plenty of time to stop and re-do some steps if something needs more deliberation. See you there.
#hhv-challenge-text https://discord.com/channels/708208267699945503/739567199647301702
Twitch: https://twitch.tv/dchhv
Hardware Hacking Village talks will be streamed to Twitch.
Twitch: https://www.twitch.tv/dchhv
Return to Index - Add to
- ics Calendar file
DC - Saturday - 12:30-12:50 PDT
Title: A new class of DNS vulnerabilities affecting many DNS-as-Service platforms
When: Saturday, Aug 7, 12:30 - 12:50 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
Speakers:Ami Luttwak,Shir Tamari
SpeakerBio:Ami Luttwak
Ami Luttwak is a serial entrepreneur, an experienced cyber security CTO and a hacker by heart. Mainly interested in cloud security and cloud exploits, understanding how the cloud is built to uncover its weaknesses. Currently CTO of Wiz, the fastest growing unicorn in cloud security, prior to that led research as CTO of Microsoft cloud security and prior to that founded Adallom, a pioneering cloud security startup acquired by Microsoft in 2015.
Twitter: @amiluttwak
SpeakerBio:Shir Tamari
Shir Tamari is a security and technology researcher, specializing in vulnerability research and practical hacking. Works as Head of Research at the cloud security company Wiz. In the past, he served in the Israeli intelligence unit, and in recent years has led a variety of research and security products in the industry. Shir's interests include Android, Linux Kernel, Web hacking and Blockchain.
Twitter: @shirtamari
Description:
We present a novel class of DNS vulnerabilities that affects multiple DNS-as-a-Service (DNSaaS) providers. The vulnerabilities have been proven and successfully exploited on three major cloud providers including AWS Route 53 and may affect many others. Successful exploitation of the vulnerabilities may allow exfiltration of sensitive information from service customers' corporate networks. The leaked information contains internal and external IP addresses, computer names, and sometimes NTLM hashes. The number of organizations vulnerable to this weakness is shocking. Over a few hours of DNS sniffing, we received sensitive information carried by DNS update queries from ~1M Windows endpoints from around 15,000 potentially vulnerable companies, including 15 Fortune 500 companies. In some organizations, there were more than 20,000 endpoints that actively leaked their information out of the organization. We will review possible mitigations to this problem and solutions for both DNSaaS providers and managed networks.
- REFERENCES
- I. Microsoft Windows DNS Update algorithm explained - https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003
II. An excellent blog post by Matthew Bryant on hijacking DNS Updates abusing a dangling domain issue on Guatemala State's Top Level Domain - https://thehackerblog.com/hacking-guatemalas-dns-spying-on-active-directory-users-by-exploiting-a-tld-misconfiguration/
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=72uzIZPyVjI
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Shir%20Tamari%20Ami%20Luttwak%20-%20A%20new%20class%20of%20DNS%20vulnerabilities%20affecting%20many%20DNS-as-Service%20platforms.mp4
This talk will be given live in Track 2.
This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_two
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 09:00-17:59 PDT
Title: A-ISAC CTF -- Pre-registration Required
When: Saturday, Aug 7, 09:00 - 17:59 PDT
Where: Aerospace Village (Virtual CTF)
Description:
A-ISAC, ERAU with support from IntelliGenesis (CybatiWorks)
Day 1: Aug. 6th, 2021 9:00AM – 6:00PM PDT (UTC-7)
Day 2: Aug. 7th, 2021 9:00AM – 6:00PM PDT (UTC-7)
Registration available at https://aisac.cyberskyline.com/defcon
Aviation ISAC is hosting a competition at DC29 Aerospace Village! This competition represents a simulated airport hosted on the Cyber Skyline platform and is developed by the Department of Cyber Intelligence and Security at Embry-Riddle Aeronautical University (Prescott) and Matthew E. Luallen, Chief Executive Inventor at CybatiWorks powered by IntelliGenesis. The ethical design of the competition is achieved through investigative themes that provides a focus in blue team while still offering red team aspects.
Storyline for CTF: On 8/6, an employee from ERAU Airline noticed a USB stick inside one of their kiosks. After further investigation, airport security suspects someone is carrying out an attack against the airport. You have been brought in to retrace the steps of the attackers, determine where security needs to be hardened, regain control of compromised systems, and prevent a successful attack at the airport. Identify the criminals by retracing their steps and utilizing OSINT to identify which suspects need to be arrested. Investigators have not ruled out insider threats which means you must remain undetected by airport staff while you attempt to regain control of the airport’s infrastructure. Good Luck and remember to register ahead of time!
CybatiWorks part of the CTF Stage 7: Runway Lighting System: The Runway Lighting System (RLS) was taken over by the attackers and the lights are operating erratically. Identify what the attackers have changed causing the RLS HMI systems to work improperly and regain access to the remote logic controller operating the runway lights. Update the logic on the HMI system, regain control of the remote logic controller and successfully operate the RLS.
Architecture Design: The competitors are provided with a CybatiWorks custom docker image that they use to gain access to the operator and maintenance HMI logic. The competitors will review and update the logic to match the documentation provided in stage 4. Once the local components are successfully completed the competitors will request access to the remote RLS logic controller (i.e. a Raspberry PI with a 3d printed/LED runway lighting system accessible via a VPN). The competitors will complete additional challenges to confirm the logic program and then remotely control the RLS. All remote RLS stations will be visible
Return to Index - Add to
- ics Calendar file
SOC - Saturday - 13:00-23:59 PDT
Title: A&E Pool Party!
When: Saturday, Aug 7, 13:00 - 23:59 PDT
Where: Bally's Pool
Description:
Pool Party Schedule is listed here: https://forum.defcon.org/node/238025
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 10:00-15:59 PDT
Title: ADSB Demo and Paper Airplanes
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Paris Rivoli B)
Description:
Interactive ADS-B demonstration and paper airplane activity. Educational and fun
Return to Index - Add to
- ics Calendar file
WS - Saturday - 15:00-18:59 PDT
Title: Advanced Wireless Attacks Against Enterprise Networks
When: Saturday, Aug 7, 15:00 - 18:59 PDT
Where: Workshops - Las Vegas 5+6 (Onsite Only)
SpeakerBio:Solstice
, Offensive Security Engineer
Solstice is an offensive security engineer at a major cloud provider. He currently specializes in kinetic threats, identifying attack vectors against "edge" devices deployed in hostile environments. Previously, he worked as a red team operator at companies such as SpecterOps, specializing in SIGINT and Windows-focused adversarial tradecraft. He is the author of EAPHammer, SilentBridge, DropEngine, and has contributed to high-profile projects such as hostapd-wpe and Empire.
Description:
This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks using relay attacks, how to abuse MSCHAPv2 and GTC to efficiently capture network credentials, perform effective target selection with zero prior knowledge, leverage rogue access point attacks to deliver malware and harvest keystrokes, and abuse Opportunistic Wireless Encryption (OWE) to perform PITM attacks. All material discussed in the lectures will be practiced within a realistic lab environment.
Registration Link: https://www.eventbrite.com/e/advanced-wireless-attacks-against-enterprise-networks-las-vegas-5-6-tickets-162214769743
- Prerequisites
- A previous wireless security background is helpful but certainly not required.
Materials needed:
- Students will be required to provide their own laptops, which must meet the following requirements:
- must be capable of running virtualization software such as VMWare or VirtualBox
- must have at least 100gb of free disk space OR have a free USB port and supplementary external hard drive with at least 100gb of free disk space available
- must be provisioned with a 64-bit operating system
Corporate / managed laptops are not recommended due to software restrictions.
Return to Index - Add to
- ics Calendar file
DC - Saturday - 16:00-16:59 PDT
Title: Adventures in MitM-land: Using Machine-in-the-Middle to Attack Active Directory Authentication Schemes
When: Saturday, Aug 7, 16:00 - 16:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
Speakers:Eyal Karni,Sagi Sheinfeld,Yaron Zinar
SpeakerBio:Eyal Karni
Eyal Karni is a Sr. Engineer at CrowdStrike working on Identity Protection products (previously Preempt). Eyal spent over 11 years researching cyber security projects. Previously, he served 5 years in an elite unit of the IDF in Cyber Security Research and Development. Eyal is an expert on Windows Internals and has previously found numerous vulnerabilities. Eyal holds a B.Sc in Mathematics and Physics.
Twitter: @eyal_karni
SpeakerBio:Sagi Sheinfeld
Sagi Sheinfeld is a Sr. Engineer at CrowdStrike working on Identity Protection products (previously Preempt). Sagi spent over 14 years researching cyber security projects. Previously, he served 8 years in an elite unit of the IDF in Cyber Security Research and Development and in IBM Security. Sagi is an expert on Windows internals. Sagi holds a B.Sc in Computer Science.
Twitter: @sagish1233
SpeakerBio:Yaron Zinar
Yaron Zinar is a Sr. Manager at CrowdStrike working on Identity Protection products (previously Preempt). Previously, Yaron spent over 16 years at leading companies such as Google where he held various positions researching and leading big data, machine learning and cyber security projects. Yaron is an expert on Windows Authentication protocols and has previously presented his research at top conferences such as Black Hat and DEFCON. Yaron holds an M.Sc. in Computer Science with focus on statistical analysis.
Twitter: @YaronZi
Description:
Over the years, researchers were able to break many secure protocols using MitM attacks. A common theme in this family of vulnerabilities is the lack of proper validation for any of the communicating parties. We will review previous MitM attacks found on AD authentication protocols and the mitigation strategies previously implemented. We will show that the relay attack technique is not limited to NTLM alone and can be used to attack the newer Kerberos authentication protocol. In addition, we will show several injection attacks compromising client systems. We’ll show how the lack of validation can lead to devastating issues ranging from authentication bypass to remote code execution on various critical infrastructure systems. However, the issues do not stop on Windows on-premises networks but span to other infrastructure such as domain-joined unix machines, virtualization infrastructure, open-source security audit tools and even cloud directories. The talk will deep-dive into multiple vulnerabilities we have discovered along with several demos. Demos include a MitM attack which allows an attacker to inject user passwords in a hybrid AD environment allowing the attacker to authenticate as any user in the network. We will also show how to use a similar technique to compromise many other IT infrastructure.
- REFERENCES
- https://www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/
https://labs.f-secure.com/archive/practically-exploiting-ms15-014-and-ms15-011/
https://www.securityfocus.com/bid/1616/info
--
This talk has been released to the DEF CON Media server.
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Sagi%20Sheinfeld%20Eyal%20Karni%20Yaron%20Zinar%20-%20Using%20Machine-in-the-Middle%20to%20Attack%20Active%20Directory%20Authentication%20Schemes.mp4
This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_three
Return to Index - Add to
- ics Calendar file
RCV - Saturday - 10:00-10:30 PDT
Title: Adversary Infrastructure Tracking with Mihari
When: Saturday, Aug 7, 10:00 - 10:30 PDT
Where: Recon Village (Virtual)
SpeakerBio:Manabu Niseki
No BIO available
Twitter: @ninoseki
Description:No Description available
Recon Village talks will stream to YouTube.
YouTube: https://www.youtube.com/c/ReconVillage
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 11:30-12:59 PDT
Title: AIAA CubeSat Hacking Workshop - Virtual Lab #3
When: Saturday, Aug 7, 11:30 - 12:59 PDT
Where: See Description
Description:
DEF CON participants will be able to interact with CubeSat hardware and ground equipment in cybersecurity sandbox environment.
For more information, please see https://aerospacevillage.org/events/upcoming-events/def-con-29/aiaa-cubesat-hacking-workshop/
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 14:00-15:59 PDT
Title: AIAA CubeSat Hacking Workshop - Virtual Lab #4
When: Saturday, Aug 7, 14:00 - 15:59 PDT
Where: See Description
Description:
DEF CON participants will be able to interact with CubeSat hardware and ground equipment in cybersecurity sandbox environment.
For more information, please see https://aerospacevillage.org/events/upcoming-events/def-con-29/aiaa-cubesat-hacking-workshop/
Return to Index - Add to
- ics Calendar file
HRV - Saturday - 13:30-14:30 PDT
Title: Amateur Radio Digital Modes Primer
When: Saturday, Aug 7, 13:30 - 14:30 PDT
Where: Ham Radio Village (Virtual Talks)
SpeakerBio:Jon Marler
Jon is a product manager at SecureTrust with a true passion for information security. Jon is an amateur radio operator, lockpicker, phreaker, repairer of all things, and maker. As a result of his long-standing commitment to open source software, Jon has offered his expertise as a package manager for the Debian GNU/Linux OS distribution since 1998.
Description:
Amateur radio operator Jon Marler, callsign K4CHN, presents an introduction to many of the digital modes available to amateur radio operators. Jon will be discussing the modes available for voice and data, as well as many of the hardware options available. Jon will also be presenting a very simple design for a way to connect a Raspberry Pi to your radio safely. A demonstration of slow scan television (SSTV) will be made to end the presentation before Q&A.
All Ham Radio Village talks will be streamed to Twitch, with discussion in Discord.
For more information, see https://hamvillage.org/dc29.html
Twitch: https://www.twitch.tv/hamradiovillage
#hrv-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991
Return to Index - Add to
- ics Calendar file
HRV - Saturday - 11:00-11:59 PDT
Title: Amateur Radio Mesh Networking: Enabling Higher Data-rate Communications
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: Ham Radio Village (Virtual Talks)
SpeakerBio:Tyler Gardner
Tyler Gardner holds a General class U.S. amateur radio license. He received his first license in 2017 and enjoys participating in ARES, contesting, public service events, and digital modes. While attending college in Logan, Utah, Tyler was a member of the Bridgerland Amateur Radio Club. He now participates in amateur radio organizations in Dayton, Ohio, including the Miami Valley Mesh Alliance. Professionally, Tyler holds a master's degree in Aerospace Engineering and works as a research engineer.
Description:
Amateur radio encompasses a broad range of activities and applications. From contests and events to emergency communications and public service, hams have many different interests they can explore. One area that is being enabled by modern wireless technologies is mesh networking. Typical digital radio modes, such as those based on AX.25, offer low data rates. While fairly robust and widely used, the low data rates of these modes limits their capabilities. Mesh networking, such as AREDN, can supplement and empower many aspects of your amateur radio operations - and the entry cost is quite low! This presentation will talk about what mesh networking is, how it is being used by amateur radio operators, and how you can get started with mesh networking yourself!
All Ham Radio Village talks will be streamed to Twitch, with discussion in Discord.
For more information, see https://hamvillage.org/dc29.html
Twitch: https://www.twitch.tv/hamradiovillage
#hrv-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991
Return to Index - Add to
- ics Calendar file
WS - Saturday - 15:00-18:59 PDT
Title: Analysis 101 and 102 for the Incident Responder
When: Saturday, Aug 7, 15:00 - 18:59 PDT
Where: Workshops - Las Vegas 1+2 (Onsite Only)
SpeakerBio:Kristy Westphal
, Vice President, Security Operations
Kristy Westphal is a versatile information technology professional with specific experience in providing advisory and management services in the area of information security and risk is currently employed as the Vice President, Security Operations at a financial services company. Specializing in leadership and program development, specific expertise in security areas includes: process analysis, risk assessments, security awareness programs, operating system security, network security, incident handling, vulnerability analysis and policy development.
Description:
You have a theory about something you have found while roaming the network or conducting your own hackfest, but how do you go about proving it? This workshop will be a hands-on journey deep into the world of analysis. While analysis is a bit of an art form, there are methods that can be applied to make it less of a gut feeling and more of a scientific approach to support your hypothesis. From network forensics to log analysis to endpoint forensics and cloud log analysis, we will review numerous quick methods to gain context over the data you have gathered and apply critical thinking in an attempt to find the answers. Sometimes, the answers weren’t meant to be found, but we’ll also discuss how to make the best of any conclusion that you reach.
Registration Link: https://www.eventbrite.com/e/analysis-101-and-102-for-the-incident-responder-las-vegas-1-2-tickets-162220226063
- Prerequisites
- None
Materials needed:
Laptop with Wireshark installed
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 10:00-15:59 PDT
Title: Antenny
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Virtual Workshop)
Description:
Come together to build on Antenny boards. Make things that can talk to the sky with very very very affordable hardware. What becomes possible when we have 1000 ground stations? I have a few ideas, I’m sure participants will have many others. Let’s build it and find out together!
Return to Index - Add to
- ics Calendar file
APV - Saturday - 17:45-17:50 PDT
Title: AppSec Quiz Time!
When: Saturday, Aug 7, 17:45 - 17:50 PDT
Where: AppSec Village (Virtual)
SpeakerBio:Eden Stroet
No BIO available
Description:No Description available
AppSec Village events will be streamed to YouTube.
YouTube: https://www.youtube.com/c/appsecvillage
Return to Index - Add to
- ics Calendar file
PHV - Saturday - 09:00-10:59 PDT
Title: APT Hunting with Splunk
When: Saturday, Aug 7, 09:00 - 10:59 PDT
Where: Packet Hacking Village - Workshops (Virtual)
SpeakerBio:John Stoner
, PRINCIPAL SECURITY STRATEGIST AT SPLUNK
John Stoner (Twitter: @stonerpsu) is a Principal Security Strategist at Splunk where he enjoys writing, problem solving and building stuff, including APT Scenarios. When not doing cyber things, you can find him watching his boys play hockey, reading or binge-watching TV series that everyone else has already seen.
Twitter: @stonerpsu
Description:
Interested in practicing your hunting skills? If so, this is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the “fictional” APT group Violent Memmes. We discuss the Diamond model, building hypotheses, LM Kill Chain, and MITRE ATT&CK and how these concepts can frame your hunting. Using Splunk, we will hunt for APT activity riddling a small startup's environment. During the event, we will be presented with a "notable event" and pull on that string to conduct our own hunts based on indicators that we uncover or are identified. Depending on the hunt, we will uncover persistence, exfiltration, c2 and other adversary tactics. We may even find some PowerShell scripts. We will regroup and review the specific hunt conducted and discuss the timeline of events, a narrative that could be shared with others on your team, the artifacts that were uncovered to better identify potential future hunts, ATT&CK techniques referenced as well as what could be operationalized. At the end, we will highlight some additional datasets and content that you can take with you and try newly learned techniques yourself.
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 10:00-15:59 PDT
Title: ARINC 429 Lab
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Virtual + Paris Rivoli B)
Description:
Sessions will be held for small audience 15-20 users to demonstrate the structure and use of avionic-specific communication protocol (ARINC 429). This is an opportunity for hands-on experience in a controlled setting.
Return to Index - Add to
- ics Calendar file
CLV - Saturday - 11:30-12:15 PDT
Title: AWS cloud attack vectors and security controls
When: Saturday, Aug 7, 11:30 - 12:15 PDT
Where: Cloud Village (Virtual)
SpeakerBio:Kavisha Sheth
Kavisha is a Security Analyst at Appsecco. She is a cloud security and machine learning enthusiast who dabbles in application and API security and is passionate about helping customers in securing their IT assets. Kavisha is a member of a number of security communities including null community, InfoSecGirls, and WiCys India group. She believes in giving back to the community and frequently finds audiences to talk about Attacking GraphQL, different techniques to bypass authentication and Attacking AWS. When not breaking apps for Appsecco, Kavisha spends time learning and researching on different areas of security . She has also been listed as one of the top security researchers of the nation by NCIIPC RVDP.
Twitter: @sheth_kavisha
Description:
In the last decade, cloud computing has been incorporated in various industries, from Health to Military, which has been meticulously guided by exploring related technologies in the industry and academia alike. The enterprise computing model have shifted from on-site infrastructure to remote data centers which is accessible via internet and managed by cloud service providers.However, Many companies breached on AWS moved sensitive data to AWS without following best practices or implementing cloud security controls correctly. Main objective of the session is to bring awareness about some of the AWS cloud attack vectors and as well as security controls that can help. You get to know discovery, identification and exploitation of security weaknesses, misconfigurations lead to complete compromise of the cloud infrastructure. As,Cloud attack vectors and security controls are different as security professional you need to be aware about attack vector and controls. So, you will also learn about what can be possible best practices, detective controls to avoid some of the misconfigurations. In this session: - Learn about how an attacker can perform reconnaissance, leverage network, AWS Lambda functions, S3 misconfiguration and implementation in weaknesses to steal credentials and data. - Learn how misconfigurations and other leading cloud vulnerabilities put you at risk to exploitation with some real world example - Learn about Security controls, possible best practices, detective controls to avoid these misconfigurations
Cloud Village activities will be streamed to YouTube.
YouTube: https://www.youtube.com/cloudvillage_dc
Return to Index - Add to
- ics Calendar file
CLV - Saturday - 13:50-14:35 PDT
Title: Azure Active Directory Hacking Wars
When: Saturday, Aug 7, 13:50 - 14:35 PDT
Where: Cloud Village (Virtual)
SpeakerBio:Batuhan Sancak
Hello Cloud Village. I'm Batuhan (@nullx3d). He is a cyber security researcher. He's living Turkey and studying Management Information Systems at university. He's 21 age years old. He feel like he belong in cyberspace. Web Application Security, Linux structure is very attractive for he. He work on virtual machines, live web systems and on new technology(cloud security). Batuhan gave trainings and presentations in many universities in his country. He shares his experiences and works on his personal blog (docs.rka0x.com). If you accept he for defcon cloud village, he will very happy. This is he dream. he hopes you like the CFP.
Twitter: @nullx3d
Description:
Abstract Azure is one of the most popular cloud services today. It has 15.4 million customers worldwide. 95% of Fortune 500 companies use Azure. If you look at it from the hacker point of view, that's perfect. Is Azure completely secure? No! No system is completely secure. It would be good to talk about Azure and talk about attack techniques. Check out the attack vectors. The results obtained by comparing attack vectors and defense vectors will be beneficial for everyone. In this presentation, I would like to talk about Azure Active Directory technology and attack vectors. I wrote the titles for you to review. Outline
- Azure Ad Overview Roles, terminology
- Understand Active directory with azure
- Azure AD security features Attacking
- Azure Ad (Techniques)
- Unauth Recon
- Password Sniper
- MsOnline Powershell Module
- PHS
- Backdoor Azure
- SSO
- Spn scanning
- DcShadow Attack
- Group Policy, etc.
- Defense Azure Ad Suggestions
Cloud Village activities will be streamed to YouTube.
YouTube: https://www.youtube.com/cloudvillage_dc
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 10:00-18:30 PDT
Title: Black Box Challenges
When: Saturday, Aug 7, 10:00 - 18:30 PDT
Where: IoT Village (Onsite)
Description:
For more information, see https://www.iotvillage.org/defcon.html
Return to Index - Add to
- ics Calendar file
BICV - Saturday - 10:30-10:30 PDT
Title: Black Cyber Exodus: The Mis-Education (Certification) of Black Cyber
When: Saturday, Aug 7, 10:30 - 10:30 PDT
Where: Blacks in Cyber
SpeakerBio:Stephen Pullum
Stephen Pullum is a Cyber Security Evangelist and Pioneer. Stephen is an entrepreneur in Accra, Ghana to his company AFRICURITY. This company brings best practices in multiple lanes of Cybersecurity, Cyber Education, Cyber Resiliency and Cyber Scalability both corporate and individual. Stephen has over 40 years in the Cybersecurity field, having began in the early '80's with the handle 'The Madhatter'. Stephen is also recognized as an Alumni of the Cult of the Dead Cow (cDc). Stephen served in the United States Air Force from 1984 to 2012, and has a unique perspective of the Cybersecurity field as he has been participating in both the culture and the proffession since it's infancy.
Twitter: @The Madhatter
Description:
In this talk I will analyze the pipeline between many Black Cyber Practitioners that were never credited or brought to the forefront and the certification plans/materials being developed for the progression of the holistic industry, as well as discuss the premise; "How much of their non-profit revenue is being invested into the Black Community which they cleverly so snared into the premise of being qualified to do a job."
In1982, CompTIA was started under another name, yet still CompTIA. In 1989, SANS/GIAC was started and in 1992, ISC2 released the CBK that would 2 years later become the CISSP. In 2001, the EC Council formed in response to the attacks on the World Trade Center. Before these so-called cybersecurity certifications, how did the founders and instructors get certified to even instruct or create these organizations? Materials such as the Rainbow Books Series were the mainstay in the Trust Computing Model environment that are still being implemented today, just rebranded. These institutions implemented disproportionate programs when they gained traction and Cyber specific programs became profitable without giving up their "non-profit" status.
Blacks in Cyber talks will be streamed on YouTube.
YouTube: https://www.youtube.com/c/BlacksInCybersecurity
Return to Index - Add to
- ics Calendar file
CPV - Saturday - 11:30-12:30 PDT
Title: Breaking Historical Ciphers with Modern Algorithms
When: Saturday, Aug 7, 11:30 - 12:30 PDT
Where: Crypto & Privacy Village (Virtual)
Speakers:Elonka Dunin,Klaus Schmeh
SpeakerBio:Elonka Dunin
Elonka Dunin is co-founder of a group working to crack the Kryptos sculpture at CIA Headquarters, and a member of the National Cryptologic Foundation’s Board of Directors. Bestselling author Dan Brown named a character after her in one of his novels. She maintains popular websites about the world's most famous unsolved codes, and her publications include the book with Klaus Schmeh, "Codebreaking: A Practical Guide”, as well as a Cryptologia paper on Playfair cipher world records. She has also developed award-winning games at companies such as Simutronics.
SpeakerBio:Klaus Schmeh
Klaus Schmeh is the most-published cryptology author in the world. He has written 15 books about the subject, as well as over 200 articles, 25 scientific papers, and 1,400 blog posts. His blog "Cipherbrain" covers codebreaking and crypto history, and he is a member of the editorial board of the scientific magazine Cryptologia. He co-published his latest book "Codebreaking: A Practical Guide" with Elonka Dunin. He is known for his entertaining presentation style involving self-drawn cartoons and Lego models, and he has lectured at hundreds of conferences, including the NSA Cryptologic History Symposium and the RSA Conference. In his day job, Klaus works for a German cryptology company.
Description:
Many old encryption methods are still hard to break today. For instance, cryptanalyzing a short 19th century Playfair cipher is far from trivial. WW2 Enigma messages, spy ciphers from the Cold War, and manual methods used by criminals such as the Zodiac Killer can also be challenging, especially when the ciphertexts are short. On the other hand, techniques for breaking historical ciphers have recently made considerable progress. Computer-based cryptanalysis methods such as hill climbing and simulated annealing have been successfully applied to break original WWII Enigma messages, as well as one of the world's most famous unsolved codes, a 1970 ciphertext sent by the Zodiac Killer. The record in solving short Playfair messages has improved: whereas many years ago the shortest Playfair ciphertext that could be cracked required a minimum of 60 letters, now messages as short as 26 letters have been solved. However, many other historical ciphertexts are still unbroken to date. This presentation will introduce the most important historical ciphers, and modern techniques to break them - based on the 2020 book "Codebreaking: A Practical Guide" authored by the presenters. Many real-world examples will be provided, with slides that use an entertaining style including Lego brick models, self-drawn cartoons, and animations.
Crypto & Privacy Village will be streaming their events to YouTube and Twitch.
Twitch: https://www.twitch.tv/cryptovillage
YouTube: https://www.youtube.com/c/CryptoVillage
Return to Index - Add to
- ics Calendar file
DC - Saturday - 15:00-15:59 PDT
Title: Breaking Secure Bootloaders
When: Saturday, Aug 7, 15:00 - 15:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
SpeakerBio:Christopher Wade
Christopher is a seasoned security researcher and consultant. His main focuses are in reverse engineering hardware, fingerprinting USB vulnerabilities and playing with Software Defined Radios, with his key strength lying in firmware analysis, which he utilizes as part of the hardware testing team at Pen Test Partners.
Twitter: @Iskuri1
https://github.com/Iskuri
Description:
Bootloaders often use signature verification mechanisms in order to protect a device from executing malicious software. This talk aims to outline actionable weaknesses in modern bootloaders which allow attackers to deploy unsigned code, despite these protection mechanisms.
In the first phase of this talk, we will discuss exploitation of the bootloaders in modern Android smartphones, demonstrating weaknesses which allow for bypassing bootloader unlocking restrictions, decryption of protected user data, and deployment of malicious software to devices using full disk encryption.
In the second phase, we will discuss bootloader weaknesses in the secondary hardware used by smartphones. Using an embedded RF chip as a target, we will demonstrate reverse engineering techniques which identified weaknesses in the signature verification mechanisms of the firmware update protocols used by the bootloader, allowing for deployment of custom firmware to the chip.
- REFERENCES
- Travis Goodspeed - Great Ideas in Reversing the Tytera MD380: https://nullcon.net/website/archives/ppt/goa-16/Great-Ideas-in-Reversing-the-Tytera-MD380-by-Travis-Goodspeed.pdf
Roee Hay - fastboot oem vuln: Android Bootloader Vulnerabilities in Vendor Customizations: https://www.usenix.org/system/files/conference/woot17/woot17-paper-hay.pdf
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=z4gIxdFfJDg
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Christopher%20Wade%20-%20Breaking%20Secure%20Bootloaders.mp4
This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_three
Return to Index - Add to
- ics Calendar file
DC - Saturday - 12:00-12:59 PDT
Title: Bring Your Own Print Driver Vulnerability
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
SpeakerBio:Jacob Baines
Jacob is a vulnerability researcher at Dragos. He enjoys focusing much of his research time on routers and other embedded devices. Occasionally, he finds himself looking at Windows internals. Sometimes he even finds vulnerabilities.
Description:
What can you do, as an attacker, when you find yourself as a low privileged Windows user with no path to SYSTEM? Install a vulnerable print driver! In this talk, you'll learn how to introduce vulnerable print drivers to a fully patched system. Then, using three examples, you'll learn how to use the vulnerable drivers to escalate to SYSTEM.
- REFERENCES
- - Yarden Shafir and Alex Ionescu, PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more) - https://windows-internals.com/printdemon-cve-2020-1048/
- voidsec, CVE-2020-1337 – PrintDemon is dead, long live PrintDemon! - https://voidsec.com/cve-2020-1337-printdemon-is-dead-long-live-printdemon/
- Zhipeng Huo and Chuanda Ding, Evil Printer: How to Hack Windows Machines with Printing Protocol - https://media.defcon.org/DEF CON 28/DEF CON Safe Mode presentations/DEF CON Safe Mode - Zhipeng-Huo and Chuanda-Ding - Evil Printer How to Hack Windows Machines with Printing Protocol.pdf
- Pentagrid AG, Local Privilege Escalation in many Ricoh Printer Drivers for Windows (CVE-2019-19363) - https://www.pentagrid.ch/en/blog/local-privilege-escalation-in-ricoh-printer-drivers-for-windows-cve-2019-19363/
- space-r7, Add module for CVE-2019-19363 - https://github.com/rapid7/metasploit-framework/pull/12906
- Microsoft, Point and Print with Packages - https://docs.microsoft.com/en-us/windows-hardware/drivers/print/point-and-print-with-packages
- Microsoft, Driver Store - https://docs.microsoft.com/en-us/windows-hardware/drivers/install/driver-store
- Microsoft, Printer INF Files - https://docs.microsoft.com/en-us/windows-hardware/drivers/print/printer-inf-files
- Microsoft, Use Group Policy settings to control printers in Active Directory - https://docs.microsoft.com/en-us/troubleshoot/windows-server/printing/use-group-policy-to-control-ad-printer
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=vdesswZYz-8
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Jacob%20Baines%20-%20Bring%20Your%20Own%20Print%20Driver%20Vulnerability.mp4
This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_three
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 14:00-15:30 PDT
Title: BTV Presents: Forensics Station - Workshop 1
When: Saturday, Aug 7, 14:00 - 15:30 PDT
Where: Blue Team Village - Workshop Track 2 (Virtual)
SpeakerBio:Omenscan
I do stuff. Sometimes it works.
Description:
Forensics Station - Workshop 1
A walkthrough of triaging "compromised" Capstone servers.
In this workshop we will walk through a quick forensic triage of the "compromised" BTV Capstone servers.
Capstone is a Blue Team Village initiative to build and attack servers (and workstations) in a controlled environment, using common attacker techniques and tools in a safe way. We then use common Blue Team defender tools to gather information and review those machines, in order to train defenders on detecting, handling, and understanding common attacks.
This is the forensics workshop, and it will cover forensic triage. It's goal is to quickly answer some basic questions like:
Did Something Happen?
If So, When Did it Happen?
What Artifacts Can Help Us?
What Forensic Tools Can Help Us?
What Should We Look at Next?
The Capstone Project will provide the Telemetry and Artifacts to the community so they can use their own tools to explore the data and share findings. We encourage everyone at every level to participate and share findings - so everyone can learn and collaborate.
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 11:00-12:30 PDT
Title: BTV Presents: Malware Station - Maldoc Workshop
When: Saturday, Aug 7, 11:00 - 12:30 PDT
Where: Blue Team Village - Workshop Track 2 (Virtual)
SpeakerBio:Clay (ttheveii0x)
Clay is a cyber threat intelligence and malware analysis manager at a consulting company.
Twitter: @ttheveii0x
Description:
This workshop covers an overview of maldoc analysis, a demo, and a hands-on section that takes a deep dive into a malicious Excel document. VM, artifact, and guide will be available for attendees to download and follow along. Breaks will be taken after each section to give attendees time to work through the section and ask questions.
Attendees will be exposed to a number of different tools including...
REMnux
DnSpy
oletools
CyberChef
xlmdeobfuscator
shell2exe
EXCELntDonut
Invoke-Obfuscation
Target audience
SOC analysts
Forensic investigators and junior malware analysts
Red team/pen testers
Anyone interested in the topic
Return to Index - Add to
- ics Calendar file
WS - Saturday - 10:00-13:59 PDT
Title: Bug bounty Hunting Workshop
When: Saturday, Aug 7, 10:00 - 13:59 PDT
Where: Workshops - Las Vegas 1+2 (Onsite Only)
Speakers:David Patten,Philippe Delteil
SpeakerBio:David Patten
No BIO available
SpeakerBio:Philippe Delteil
, Computer Science Engineer
Philippe Delteil is Computer Science Engineer from the University of Chile, he gave his first talk at Defcon 26 Skytalks, called "Macabre stories of a hacker in the public health sector", his country's government sent 3 officials to record the talk, they did. He's been reporting bugs for a year. He's an annoying github issue opener of some opensource tools like axiom, nuclei, dalfox and bbrf; also makes small contributions to 'Can I take Over XYZ?'
Description:
Bug bounty hunting is (probably) the most hype topic in the hacking subworld, some people read amazing stories of how a 18 years old won 1 million dollars only doing legal hacking. Many hit a wall when they realize that after two months they only won points, thanks or cheap swag. Where's the money?, they ask. What should I learn and how? How many books should I read? How many minutes of Youtube tutorials? What if I lose some weight? [always recommended] How can I be the next bug bounty millionare? In this workshop I will show you a path to be a bug bounty hunter, from my experience starting by chance and from scratch. I will teach you how to use the tools I use everyday to find bugs, but most importantly how to see bug bounty hunting as a complex business process .
What to know before
- Basic idea of bugs (and bounty hunting)
- Basic Linux commands (sed, awk, grep)
- Shell scripting basics
- Have some practice doing recon
What you will learn
- How bug bounty programs/platforms work
- What tools hunters use and how do they work
- How to hunt for bugs (hopefully for profit)
- Automatization of your hunting process
How technical is the class
- 30% theory and concepts
- 70% Installing, configuring and using tools to find bugs. Send some reports if we are lucky.
What tools are we going to use
- Scanners/automated tools: nuclei, axiom, bbrf, dalfox, Burp.
- Recon tools (subfinder, amass, assetfinder, waybackurls, httpx and more)
What to read/watch in advance
- Books
- The Web Application Hacker's Handbook, 2nd Edition
- Hands-On Bug Hunting for Penetration Testers (Joseph E. Marshall)
- Web Hacking 101 (Peter Yaworski)
- Videos
- Live Recon and Distributed Recon Automation Using Axiom with @pry0cc (https://bit.ly/3gPsonz) The Bug Hunter's Methodology Full 2-hour Training by Jason Haddix (https://bit.ly/2PzHUsr)
- Finding Your First Bug: Choosing Your Target by InsiderPhD (https://bit.ly/3uiF3n7)
- HOW TO GET STARTED IN BUG BOUNTY (9x PRO TIPS) by STÖK (https://bit.ly/3u81U4m)
Registration Link: https://www.eventbrite.com/e/bug-bounty-hunting-workshop-tickets-162219297285
- Prerequisites
- Basic knowledge about Bug bounty programs Basic Linux Commands
Materials needed:
Laptop with Kali Linux (native or virtual machine).
Return to Index - Add to
- ics Calendar file
CHV - Saturday - 14:00-14:59 PDT
Title: Build Automotive Gateways with Ease
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: Car Hacking Village - Talks (Virtual)
SpeakerBio:Don Hatfield
No BIO available
Description:
Vehicle network architectures within modern vehicles have been transformed by the introduction of automotive gateways. These gateways enable seamless communication between different vehicle networks and are central to the success of modern architectures. In this presentation, we are going to cover some of the challenges that automotive engineers face when tasked with converting data between old and new network protocols. We’ll also detail how this process is made much easier.
This talk will stream on YouTube.
YouTube: https://www.youtube.com/watch?v=3elYcORppls
Return to Index - Add to
- ics Calendar file
AVV - Saturday - 17:15-18:15 PDT
Title: C2Centipede: APT level C2 communications for common reverse HTTP shell tools
When: Saturday, Aug 7, 17:15 - 18:15 PDT
Where: Adversary Village (Virtual)
SpeakerBio:Jose Garduno
, Senior Security Consultant, Dreamlab Technologies AG
José Garduño is a senior security consultant at Dreamlab Technologies since 2014, where he usually takes part in security audits, pentesting and red teaming engagements. He has participated as a speaker in several technical conferences like: Hackito Ergo Sum (France), Swiss Cybersecurity days (Switzerland), DSS ITSEC (Latvia), 8.8 Security Conference (Chile, Bolivia), OWASP Patagonia (Argentina), Congreso Seguridad en Computo UNAM (Mexico), DragonJar Security Conference (Colombia), where he has presented his work on privacy attacks on Latin-America (The government as your hacking partner), Hacking with open hardware platforms (revisiting hardware keyloggers, say hi to mikey: an offensive hardware keylogger) and C2 detection (RATSPOTTING: Analysis of popular Remote Administration Tools & discovery of C2 servers on the wild)
Description:
Adversaries have been continuously improving their malware to be stealthier and more resilient on both the victim’s host as well as on the network.Examples of these innovations on the latter include Fast Flux networks, Domain Generation Algorithms and Domain Fronting among other techniques.
Unfortunately, open source tools for threat emulation currently have limited support for such advanced features, leaving redteams with easy to detect C2 communications. We present C2Centipede, a proxy tool that provides these features to HTTP reverse shell tools (like Metasploit or Empire) to be stealthier on the network by dynamically and transparently modifying the trojan’s C2 communication routing and beaconing strategies, with the aim of evading some of the blueteam’s detection strategies.
BEACONING EVASION
Detection of HTTP reverse shell beaconing activity is possible because most of the patterns on which malware sends the beacons through the network can be identified as they occur in static time intervals or are adjusted in specific increments, attributes which are possible to detect using statistical analysis.[1]
For instance, Metasploit’s reverse_http meterpreter sends a message to the C2 server every 100 milliseconds and increases the interval by this same measure each time the C2 server gives no new jobs to the trojan, up to a maximum of 10 seconds.[2]
It is easy then for tools like RITA to perform statistical analysis on the number, timing and size of connections between pairs of hosts (source, destination)[3]. This IP-pair evaluation works in the most typical approach of having only one IP per C2 server. We implement a beaconing detection evasion method that works by 1) Altering the trojan’s C2 communication message interval and 2) Splitting and routing the C2 communication among many C2 server addresses to hide beaconing and exfiltration.
JITTER MODIFICATION
The Achille’s heel of most RAT (Remote Access Trojan) and TES (Threat Emulation Software) tools network stealthiness is fixed beaconing intervals. The time interval between each message that goes to the C2 server is usually hardcoded and just too short, making manyrequests across the network, so we have incorporated in the tool, better control of the beaconing, with the possibility of modifying the jitter on the fly or having preset configurations, like allowing C2 communication just on certain time window.
Some RAT/TES tools will fail after a specific amount of unsuccessful C2 communication attempts, so the C2Centipede proxy client cannot just drop the HTTP calls that don’t fit the operator’s beaconing strategy, therefore fake C2 response messages are generated in order to keep the trojan alive.
FAUX FLUX
The concept of Fast Flux networks as a technique to improve a botnet’s C2 availability has been in use since 2007-2008.[4] Using this technique, an attacker can hide the real C2 server behind proxies (which are usually compromised edge servers in a botnet), and distributing said proxies IPs through DNS records with a very low TTL[5], allowing them to rapidly (and thus the name fast flux) change the resolved IP for a given domain name. This results in making the shutdown of each C2 IP so difficult as to be usually compared to a whack a mole game.[4] The weakness of this approach is the reliance on a domain name[5], which can be sinkholed by the domain name registrar, as in the case of the shutdown of the Conficker botnet.[4] Some of the common detection methods for Fast Flux networks is the low TTL (time to live) of the record and a high number of IPs resolved for that record.[3]
We have incorporated the C2 proxying technique without the DNS and botnet requirements by utilizing open reverse tcp/http tunnels found on the internet, which provide plenty of IP addresses on which we can spread our C2 comms and provide anonymity as the real C2 server is hidden behind the reverse proxy. In our most recent internet-wide survey we found more than 1.5K servers that could be abused for this purpose
MULTIFRONTING
Domain fronting (ATT&CK T1090.004) is a widely used technique for evading network detection. This technique hides the trojan’s HTTP requests to the C2 as if it was directed to another domain hosted on the same Content Delivery Network (CDN) as the attacker’s. Without TLS inspection, where a mismatch between TLS’s SNI and the HTTP header could be detected, it becomes very hard for the defenders to detect malicious traffic using this technique, having as a last resource the detection via statistical analysis like beaconing detection.
C2Centipede has the ability to utilize multiple domain fronting configurations, which are not necessarily on the same CDN, this provides additional resilience in case one of the CDN providers blocks the redteamer’s account.
DOMAIN GENERATION ALGORITHMS
We have incorporated Flubot’s algorithm for Domain Generation Algorithm (ATT&CK: T1568.002). The seed, and maximum number of domains generated are easily configurable.
DYNAMIC PROXY CONFIGURATION
C2Centipede’s configuration on the server and client can be modified on the fly by the operator. The original trojan’s and C2 messages are wrapped in the tool’s own HTTP messages along with the configuration changes of the routing, jitter and encryption settings for the c2centipede client and server. These are piggybacked on the original HTTP requests, requiring no additional “noise” in the network.
LIMITATIONS
The tool currently works with reverse HTTP shells that close the TCP connections (eg. Metasploit, Empire) and currently does not support those with long connections (eg. PoshC2, Koadic)
Adversary Village talks and workshops will be streamed on YouTube and Twitch.
Q&A sessions will happen in DEF CON Official Discord server after each talk.
YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg
Twitch: https://twitch.tv/adversaryvillage
Discord: https://discord.gg/defcon
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 09:00-16:59 PDT
Title: California Cyber Innovation Challenge CTF -- Pre-registration Required
When: Saturday, Aug 7, 09:00 - 16:59 PDT
Where: Aerospace Village (Virtual CTF)
Description:
Cal Poly
Starts August 7, 2021@ 9 AM PST,
Ends Aug 8, 2021 5 PM PST
Registration available at https://www.cognitoforms.com/CCI17/CaliforniaCyberInnovationChallengeAEROSPACEVILLAGEDEFCON2021
The CCIC promotes Gamification & Esports for Space and Cybersecurity Skills Development. This is an electronic game of clue that has characters and threat actors or the person(s) who committed the Space and Cyber crime. Find the person(s) of interest that you think committed the crime. You are Cybernauts and Cyber Sleuth Analysts. Remember, throughout the challenge, record and take notes of all information, findings, evidence, and clues regarding characters you encounter. Take note of technical skills you executed to create a digital forensics analysis report of who committed the crime and their motives.
About the Crime:
A multi-billion dollar company led by CEO, William Gecko, Moonshot Satellite’s constellation of 5000 CubeSat’s, located in Low Earth Orbit (LEO), provides a mesh-network of internet access to over 20 million commercial and governmental customers around the globe. Moonshot Satellite, a small cube satellite company whose constellation satellite infrastructure provides communication services that deliver Internet access to over 200 million individual commercial customers and real-time communications support for numerous government agencies.
Return to Index - Add to
- ics Calendar file
RCV - Saturday - 11:20-11:50 PDT
Title: Can I Make My Own Social Threat Score?
When: Saturday, Aug 7, 11:20 - 11:50 PDT
Where: Recon Village (Virtual)
SpeakerBio:MasterChen
No BIO available
Twitter: @chenb0x
Description:No Description available
Recon Village talks will stream to YouTube.
YouTube: https://www.youtube.com/c/ReconVillage
Return to Index - Add to
- ics Calendar file
APV - Saturday - 17:00-17:45 PDT
Title: Can’t Stop the Code: Embrace the Code
When: Saturday, Aug 7, 17:00 - 17:45 PDT
Where: AppSec Village (Virtual)
SpeakerBio:Alton Crossley
No BIO available
Description:
You can't stop the code. So how do you make it all secure? The answer is: you don't. Let's discuss securing your software while using proprietary third parties and Open Source without disrupting ecosystems or innovation.
AppSec Village events will be streamed to YouTube.
YouTube: https://www.youtube.com/c/appsecvillage
Return to Index - Add to
- ics Calendar file
CAHV - Saturday - 14:00-14:59 PDT
Title: Career Hacking: Tips and Tricks to Making the Most of your Career
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: Career Hacking Village (Talk)
SpeakerBio:Andy Piazza
No BIO available
Description:
At some point in your infosec career, you’ll hit a point of “now what?”. You may experience this as soon as you land your first role, or you’ll experience it as a seasoned veteran of the field. There are plenty of talks out there now for “getting into infosec”, but where is the advice for managing and maintaining a career? This is my attempt to fill that gap. This talk will discuss several key areas for building an awesome career, including actionable takeaways for becoming a better analyst, teammate, and leader. Most importantly, I’ll break down the How and Why behind each concept presented and include specific examples based on real experiences.
This talk will be available on YouTube: https://www.youtube.com/watch?v=oozqj7axNYM
Career Hacking Village content will be available on YouTube.
YouTube: https://youtube.com/careerhackingvillage
Return to Index - Add to
- ics Calendar file
DC - Saturday - 15:00-15:45 PDT
Title: Central bank digital currency, threats and vulnerabilities
When: Saturday, Aug 7, 15:00 - 15:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
SpeakerBio:Ian Vitek
Ian Vitek has a background as a pentester but has worked with information security in the Swedish financial sector the last 10 years. Currently working with security of the Swedish retail central bank digital currency prototype at the Riksbank, the Swedish central bank. Interested in web application security, network layer 2 (the writer of macof), DMA attacks and local pin bypass attacks (found some on iPhone).
Description:
What are the threats and vulnerabilities of a retail central bank digital currency (CBDC)? The central bank of Sweden has built a prototype of a retail CBDC system and I will run through the procurement requirements and design and point out where a two-tier CBDC need protection against attacks. The prototype is built on Corda Token SDK and I have during tests found reliable ways to exploit weaknesses in the design. The presentation will focus on the vulnerabilities that can crash the service that handles the tokens and permanently lock tokens rendering tokens and digital wallets useless. The presentation will also go into detail how tokens are validated and how information from all earlier transactions is needed for this. With D3.js and HTML5 I will visualize the token history (backchain) and describe how this can be a problem with GDPR and the Swedish bank secrecy regulation.
The presentation will end with a summary of identified threats and weaknesses of a two-tier retail central bank digital currency prototype and how to handle them. The goal of the presentation is to give the attendees insight of the security implications, challenges depending on the design and where an attack can be carried out and everything that cannot be missed when designing a CBDC.
- REFERENCES
- https://www.ingwb.com/media/3024436/solutions-for-the-corda-security-and-privacy-trade-off_-whitepaper.pdf
https://d3js.org/
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=-MK0bn3Ys_M
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Ian%20Vitek%20-%20Central%20bank%20digital%20currency%2C%20threats%20and%20vulnerabilities.mp4
This talk will be given live in Track 2.
This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_two
Return to Index - Add to
- ics Calendar file
BCV - Saturday - 13:00-13:30 PDT
Title: Certified Ethereum Professional (CEP) Overview
When: Saturday, Aug 7, 13:00 - 13:30 PDT
Where: Blockchain Village / Paris Vendome B
SpeakerBio:Abstrct
Abstrct has spent his quarantine bringing dirty progressive and dancey funk to your living rooms, kitchens, patios, and pools each weekend, but holy heck is he ready to bring the party back to DEF CON proper.
https://soundcloud.com/abstrct/saturday-morning-quarantoons-ep46
https://imgur.com/m5Jcql2
https://twitter.com/Abstr_ct
https://www.twitch.tv/abstr_ct
Twitter: @Abstr_ct
Description:No Description available
This content will be presented live and in-person.
Return to Index - Add to
- ics Calendar file
DC - Saturday - 09:00-20:59 PDT
Title: Chillout Lounges
When: Saturday, Aug 7, 09:00 - 20:59 PDT
Where: See Description
Speakers:djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
SpeakerBio:djdead
No BIO available
SpeakerBio:DJ Pie & Darren
No BIO available
SpeakerBio:kampf
No BIO available
SpeakerBio:Rusty Hodge
No BIO available
SpeakerBio:Merin MC
No BIO available
SpeakerBio:Brian Behlendorf
No BIO available
Description:
There are two onsite chillout lounges available: Bally's Silver Ballroom, and Paris Concorde A.
There will be chill music playing:
09:00-12:00 DJ Pie & Darren
12:00-13:30 kampf
13:30-15:00 Merin MC & Rusty
15:00-18:00 Brian Behlendorf
19:00-21:00 djdead
You can also watch the chill room stream on Twitch.
Twitch: https://www.twitch.tv/defcon_chill
Return to Index - Add to
- ics Calendar file
BHV - Saturday - 11:00-11:59 PDT
Title: Chinese Military Bioweapons and Intimidation Operations: Part III
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: Biohacking Village (Talk - Virtual)
SpeakerBio:RedDragon
No BIO available
Description:
Chinese Military Bio Weapons Future State is third in a three part series examining the Chinese military use of biological reagents in a kinetic capacity. The unrestricted warfare strategy outlined in the early 1990's clearly defines this Chinese military initiative. The supply chain, Program 863 and other supporting components of his strategy will be revealed.
It is TLP : RED
All Biohacking Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q
Return to Index - Add to
- ics Calendar file
BHV - Saturday - 12:30-13:30 PDT
Title: Cloud security for healthcare and life sciences
When: Saturday, Aug 7, 12:30 - 13:30 PDT
Where: Biohacking Village (Talk - Virtual)
SpeakerBio:MIchelle Holko
, Innovating at the intersection of biology technology and security at Google
Michelle Holko is a PhD scientist in genomics and bioinformatics, working at the intersection of biology, technology, and security. She currently works with at Google with the healthcare and life sciences cloud team. Prior to joining Google, she was a White House Presidential Innovation Fellow.
Description:
Cloud computing is increasingly used, across sectors, to scale data storage, compute, and services on demand. There are many recent examples of healthcare and life sciences cloud-based projects, including AnVIL for genomics data and the All of Us Research Program for precision medicine research. These cloud implementations include data and analytic workflows that pose added security concerns due to the sensitive nature of the information. This panel will discuss recent use cases highlighting best security practices for cloud computing in healthcare and life sciences.
All Biohacking Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q
Return to Index - Add to
- ics Calendar file
CON - Saturday - 10:00-15:59 PDT
Title: CMD+CTRL
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: See Description
Description:
For more information, see https://forum.defcon.org/node/236481
Return to Index - Add to
- ics Calendar file
DC - Saturday - 11:30-12:30 PDT
Title: Community Roundtable - If only you knew
When: Saturday, Aug 7, 11:30 - 12:30 PDT
Where: Policy (Virtual)
Description:
Regardless of the hat you wear – whether you are a policy person dealing with technology, a tech person reacting to policy, a legal advisor struggling to bridge the two, or a business person looking to keep the lights on in the meantime – you all confront your own challenges and issues. What are the top one or two things you know well about those challenges that you wish everyone else did? Come to this session to meet people wearing different hats than you and share those insights.
Register here: https://us02web.zoom.us/meeting/register/tZAlc-2pqT8uHNARKeSvxvivpQHj3UYH3hwV
Return to Index - Add to
- ics Calendar file
DC - Saturday - 16:00-16:59 PDT
Title: Community Roundtable - Implementing Cyber Solarium Commission Policy
When: Saturday, Aug 7, 16:00 - 16:59 PDT
Where: Policy (Virtual & SkyView 1)
Description:
Within a year of publication of the Cyberspace Solarium Commission report, at least 25 of its recommendations were passed into law by Congress. Solarium Commission leadership wants to know how to improve their next set of recommendations - such as the Bureau of Cyber Statistics - before they become law, and wants DEF CON's help to do so. Commission staff will present their topics and elicit feedback from you and your fellow hackers to avoid unintended consequences and to strengthen their implementation plans.
For virtual access, register here: https://us02web.zoom.us/meeting/register/tZItdOCsqDouHd3-on_4mXNeaIsDQhq7HEz1
Return to Index - Add to
- ics Calendar file
DC - Saturday - 13:00-14:59 PDT
Title: Community Roundtable - RANSOMWARE: Combatting Ransomware on a Global Stage / The realities of responding to ransomware
When: Saturday, Aug 7, 13:00 - 14:59 PDT
Where: Policy (Virtual & SkyView 1)
Description:
Part 1:
Ransomware has made front page headlines and taken top stage in policy conversations, with even the US President issuing a letter to CEOs, Congress grilling Colonial Pipeline’s CEO, and the president of France committing 1 Billion Euro to fight ransomware in hospitals. While drafting and spreading technical “best practices” have failed to protect critical infrastructure around the world, which public policy levers are best suited to do so?
Part 2:
If it's Tuesday, it must be another ransomware attack. So what is a law-abiding company to do? If they pay, it just encourages the attacks. If they don't, then their business may suffer, or worse. Meanwhile, breach-notification regulation may have started a ticking clock forcing their hand – potentially in ways that are counter-productive to other policy efforts to stem the tide of these attacks. In this session we'll confront the practical realities and policy dilemmas these attacks provoke.
For virtual access, register here: https://us02web.zoom.us/meeting/register/tZYvduuorzgtG9MAPy9QjVRAaaC4JKIu89aq
Return to Index - Add to
- ics Calendar file
DC - Saturday - 10:00-10:59 PDT
Title: Community Roundtable - Supply Chain in the COVID Era
When: Saturday, Aug 7, 10:00 - 10:59 PDT
Where: Policy (Virtual & SkyView 1)
Description:
During the global COVID pandemic, accidents and adversaries revealed opaque and ignored supply chain security issues in near-catastrophic ways. With global markets, global suppliers, global networks, and global adversaries, is there space for a globally-cohesive approach to shoring up supply chain security?
For virtual access, register here: https://us02web.zoom.us/meeting/register/tZcud-Gprj8qE92RoBYuXTWhhHsakUjGvoLc
Return to Index - Add to
- ics Calendar file
DC - Saturday - 16:00-16:59 PDT
Title: Community Roundtable - Thinking About Election Security
When: Saturday, Aug 7, 16:00 - 16:59 PDT
Where: Policy (Virtual)
Description:
Election security has left the realm of election professionals and is now top of mind for anyone. But what does it mean? Is it just about the security of voting equipment? Or the security of the entire system of running elections? If you haven't been able to catch the Voting Village's content, or would like the opportunity for a deeper dive on some of the issues policymakers are wrestling with, this session is for you.
Register here: https://us02web.zoom.us/meeting/register/tZUlfu6hqTMoGtxIQ8TXdKvAUL4gZLj9x_o8
Return to Index - Add to
- ics Calendar file
DC - Saturday - 10:00-10:59 PDT
Title: Community Roundtable - We need to talk about Norm – Discussions on International cyber norms in diplomacy
When: Saturday, Aug 7, 10:00 - 10:59 PDT
Where: Policy (Onsite - SkyView 3)
Description:
This session will dive into the wide and wonderful world of “cyber norms” – the long-running international discussions seeking to establish rules of the road of behavior in cyberspace. After years of prolonged discussions in the United Nations but also informal groups like the Global Commission on the Stability of Cyberspace, we seem to be at an impasse – do we want to simply reinforce the already agreed upon 11 norms (like “non-interference in critical infrastructure”), do we want to expand the list of norms to include new behavior (like protecting the basic infrastructure of the Internet), or do we want to do both? And who is this “we” anyway? We'll kick off with a deeper look at the state of norm discussions and then open for a wider Q/A and discussion on what norms can and could do.
Return to Index - Add to
- ics Calendar file
ICSV - Saturday - 14:00-14:30 PDT
Title: Crippling the Grid: Examination of Dependencies and Cyber Vulnerabilities
When: Saturday, Aug 7, 14:00 - 14:30 PDT
Where: ICS Village (Virtual)
SpeakerBio:Joe Slowik
, Gigamon
Joe Slowik currently leads threat intelligence and network detection work at Gigamon. Previously, Joe performed security research for DomainTools and hunted ICS-focused adversaries for Dragos. Joe remains fascinated by the ICS landscape and critical infrastructure intrusions, and continues to pursue such topics personally and professionally.
Twitter: @jfslowik
Description:
Typical views of cyber-focused attacks on electric utilities emphasize direct impacts to generation, transmission, or distribution assets. While some examples of this activity exist, most notably in Ukraine, such actions are relatively difficult given technical and access requirements to properly execute. Less explored, but far more dangerous, are critical dependencies in electric utility operations which are often more exposed to IT networks and require less specialized knowledge to subvert. This presentation will examine some of these dependencies and their implications to show how ICS-centric defense must include relevant IT links and functional requirements.
ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.
YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw
#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485
Return to Index - Add to
- ics Calendar file
DC - Saturday - 10:00-10:45 PDT
Title: Crossover Episode: The Real-Life Story of the First Mainframe Container Breakout
When: Saturday, Aug 7, 10:00 - 10:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
Speakers:Chad Rikansrud (Bigendian Smalls),Ian Coldwater
SpeakerBio:Chad Rikansrud (Bigendian Smalls)
Chad is the same, but for mainframes and mainframe security.
Twitter: @bigendiansmalls
SpeakerBio:Ian Coldwater
Ian is a leading expert on containers and container security.
Twitter: @IanColdwater
Description:
You've seen talks about container hacking. You've seen talks about mainframe hacking. But how often do you see them together? IBM decided to put containers on a mainframe, so a container hacker and a mainframe hacker decided to join forces and hack it. We became the first people on the planet to escape a container on a mainframe, and we’re going to show you how.
Containers on a mainframe? For real. IBM zCX is a Docker environment running on a custom Linux hypervisor built atop z/OS - IBM’s mainframe operating system. Building this platform introduces mainframe environments to a new generation of cloud-native developers-and introduces new attack surfaces that weren’t there before.
In this crossover episode, we’re going to talk about how two people with two very particular sets of skills went about breaking zCX in both directions, escaping containers into the mainframe host and spilling the secrets of the container implementation from the mainframe side.
When two very different technologies get combined for the first time, the result is new shells nobody’s ever popped before.
REFERENCES: Getting started with z/OS Container Extensions and Docker: https://www.redbooks.ibm.com/abstracts/sg248457.html
The Path Less Traveled: Abusing Kubernetes Defaults: https://www.youtube.com/watch?v=HmoVSmTIOxM
Attacking and Defending Kubernetes Clusters: A Guided Tour: https://securekubernetes.com
Evil Mainframe penetration testing course :https://www.evilmainframe.com/
z/OS Unix System Services (USS): https://www.ibm.com/docs/en/zos/2.1.0?topic=system-basics-zos-unix-file
z/OS Concepts: https://www.ibm.com/docs/en/zos-basic-skills?topic=zc-zos-operating-system-providing-virtual-environments-since-1960s
Docker overview: https://docs.docker.com/get-started/overview/
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=7DXF7YDBf-g
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Ian%20Coldwater%20Chad%20Rikansrud%20%28Bigendian%20Smalls%29%20-%20The%20Real-Life%20Story%20of%20the%20First%20Mainframe%20Container%20Breakout.mp4
This talk will be given live in Track 2.
This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_two
Return to Index - Add to
- ics Calendar file
CCV - Saturday - 16:30-16:59 PDT
Title: Cryptocurrency Trivia!
When: Saturday, Aug 7, 16:30 - 16:59 PDT
Where: Cryptocurrency Village (Onsite - Paris Champagne Ballroom 1)
SpeakerBio:Justin Ehrenhofer
No BIO available
Description:
Join us for cryptocurrency-themed trivia! Each player competes using their phone or computer on topics relating cryptocurrency news, lore, history, research, and development. This will be a super fun time!
The Cryptocurrency Village is built around conversations and events, not formal talks. Stop by any time to speak with knowledgeable individuals! This village focuses on the security and privacy side of cryptocurrencies, not the investment side.
The Cryptocurrency Village is conveniently located in Paris Champagne Ballroom 1.
Return to Index - Add to
- ics Calendar file
APV - Saturday - 12:00-12:45 PDT
Title: CSP is broken, let’s fix it
When: Saturday, Aug 7, 12:00 - 12:45 PDT
Where: AppSec Village (Virtual)
SpeakerBio:Amir Shaked
No BIO available
Description:No Description available
AppSec Village events will be streamed to YouTube.
YouTube: https://www.youtube.com/c/appsecvillage
Return to Index - Add to
- ics Calendar file
CLV - Saturday - 13:30-13:50 PDT
Title: CSPM2CloudTrail - Extending CSPM Tools with (Near) Real-Time Detection Signatures (Lightning Talk)
When: Saturday, Aug 7, 13:30 - 13:50 PDT
Where: Cloud Village (Virtual)
SpeakerBio:Rodrigo "Sp0oKeR" Montoro
Rodrigo "Sp0oKeR'' Montoro has 20 years of experience deploying open source security software (firewalls, IDS, IPS, HIDS, log management) and hardening systems. Currently, he is a Senior Researcher at Tempest Security. Before it, he worked as Cloud Researcher at Tenchi Security, Head of Research and Development at Apura Cyber Intelligence, SOC/Researcher at Clavis, Senior Security Administrator at Sucuri, Spiderlabs Researcher, where he focuses on IDS/IPS Signatures, Modsecurity rules, and new detection researches. Author of 2 patented technologies involving the discovery of malicious digital documents and analyzing malicious HTTP traffic. He is currently coordinator and Snort evangelist for the Brazilian Snort Community. Rodrigo has spoken at several open-source and security conferences (OWASP AppSec, SANS DFIR & SIEM Summit, Toorcon (USA), H2HC (São Paulo and Mexico), SecTor (Canada), CNASI, SOURCE Boston & Seattle, ZonCon (Amazon Internal Conference), Blackhat Brazil, BSides (Las Vegas e São Paulo)).
Twitter: @spookerlabs
Description:
The AWS service APIs provide around 9,400 different actions (and growing!) that, when logged, give a lot of extra info that can be correlated and used to find malicious activities. However, as with most data sources, it is very noisy. Plus, it fails to include in its events critical contextual information that threat hunters need. Working with our Threat Detection Engineering Team to create very actionable use cases that don’t need much additional context and exceptions. We developed an idea to detect the creation time of events discovered by most CSPMs check when evaluating a cloud provider, particularly AWS in this case. Cloud Security Posture Management (CSPM), which works by detecting cloud service misconfigurations, is one of the most common technologies used to improve cloud security and is used heavily worldwide by thousands of companies. Despite this, CSPM tools cannot detect most of the real-time findings, need privileges to be executed and scheduled to run and analyze preferably daily to decrease windows exposure. Cloud misconfigurations typically result in second-stage attacks. Aside from some risks that make information public, attackers likely need some credentials with privileges to perform actions that could impact privilege escalation, resource exposure, crypto mining, infrastructure modification, and access to sensitive data. Starting with some CloudSploit checks, we named this research CSPM2CloudTrail, so we create misconfigured services based on their findings and analyze how these changes are logged to CloudTrail. We made many use cases that we mainly transform in cards (with CloudSploit information) and sigma rules, having information such as severity, recommendations, AWS Documentation, and more importantly, for our SOC, Splunk searches. Besides this great use of trying to detect this almost in real-time (since CloudTrail delays around 15 minutes), these queries could enrich CSPM findings, making incident responses on misconfigurations caught faster. All information and detections created will be shared in our Github repository.
Cloud Village activities will be streamed to YouTube.
YouTube: https://www.youtube.com/cloudvillage_dc
Return to Index - Add to
- ics Calendar file
ICSV - Saturday - 10:00-11:59 PDT
Title: CybatiWorks Mission Station Workshop
When: Saturday, Aug 7, 10:00 - 11:59 PDT
Where: ICS Village (Virtual)
SpeakerBio:Matthew Luallen
, Chief Executive Inventor, IntelliGenesis
Matthew E. Luallen is the Chief Executive Inventor of IntelliGenesis, LLC. He leads the company in further developing and expanding training services to enhance the understanding of, and provide protection from, cyber-physical threats. IntelliGenesis acquired CybatiWorks™ where Luallen served as a Co-Founder of CYBATI. He also served as a Co-Founder of Dragos Security co-developing CyberLens™ for Operational Technology device and communications discovery and analysis. He was a Co-Founder of Encari, a NERC CIP cybersecurity consulting firm helping the US and Canadian power grid defend strategic assets from cyber-physical attacks. He was an Information Security Network Engineer and Architect at Argonne National Laboratory. He is a 22-year CCIE and an 18-year Certified Instructor for the SANS Institute.
Twitter: @cybati
Description:
Introduce, demonstrate and provide an interactive overview of the CybatiWorks exploratory cyber-physical mission station workshop. Participants mission station exercises cover an introduction to cyber-physical topics of logic, sensors and actuators, OT system architecture, communication protocols and data analysis. Participant mission station access is provided on a first-serve (FIFO) basis.
ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.
YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw
#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485
Return to Index - Add to
- ics Calendar file
HTSV - Saturday - 12:00-12:55 PDT
Title: Cyber in the Under Sea
When: Saturday, Aug 7, 12:00 - 12:55 PDT
Where: Hack the Sea (Virtual)
SpeakerBio:David Strachan
No BIO available
Description:No Description available
Hack the Sea Village will stream their events to YouTube and Twitch.
Twitch: https://www.twitch.tv/h4ckthesea
YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ
Return to Index - Add to
- ics Calendar file
HTSV - Saturday - 14:00-14:55 PDT
Title: Cyber Operations and Operational Wargames on Port Infrastructure
When: Saturday, Aug 7, 14:00 - 14:55 PDT
Where: Hack the Sea (Virtual)
Speakers:Tom Mouatt,Ed McGrady,John Curry
SpeakerBio:Tom Mouatt
No BIO available
SpeakerBio:Ed McGrady
No BIO available
SpeakerBio:John Curry
No BIO available
Description:No Description available
Hack the Sea Village will stream their events to YouTube and Twitch.
Twitch: https://www.twitch.tv/h4ckthesea
YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ
Return to Index - Add to
- ics Calendar file
HTSV - Saturday - 11:00-11:55 PDT
Title: Cyber-SHIP Lab Talk and Demo
When: Saturday, Aug 7, 11:00 - 11:55 PDT
Where: Hack the Sea (Virtual)
Speakers:Kevin Jones,Kimberley Tam
SpeakerBio:Kevin Jones
No BIO available
SpeakerBio:Kimberley Tam
No BIO available
Description:No Description available
Hack the Sea Village will stream their events to YouTube and Twitch.
Twitch: https://www.twitch.tv/h4ckthesea
YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ
Return to Index - Add to
- ics Calendar file
CON - Saturday - 09:00-16:59 PDT
Title: Darknet-NG
When: Saturday, Aug 7, 09:00 - 16:59 PDT
Where: See Description
Description:
For more information, see https://forum.defcon.org/node/238249
Return to Index - Add to
- ics Calendar file
DDV - Saturday - 10:00-09:59 PDT
Title: Data Duplication Village - Open
When: Saturday, Aug 7, 10:00 - 09:59 PDT
Where: Data Duplication Village
Description:
Space permitting, last drop off is Saturday at 3:00pm.
Pick your drives full of data anytime 14-24 hours after drop off.
Last chance pickup is Sunday from 10:00 to 11:00.
Yes, 6TB and larger drives are accepted.
Any drives not picked up by Sunday at 11:00am are considered donated to the DDV.
See https://dcddv.org/dc29-schedule for more information.
Return to Index - Add to
- ics Calendar file
SOC - Saturday - 17:00-18:59 PDT
Title: DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup
When: Saturday, Aug 7, 17:00 - 18:59 PDT
Where: Bally's Skyview 2
Description:
They say Atlanta is the city too busy to hate, but it also has too much traffic for its widespread hacker fam to get together in a single meetup. So instead we're meeting up in the desert during DEF CON! The one time of year when intown, northern burbs, south siders, and anyone else connected to DC404's 20+ year legacy can catch up and share stories. We typically meet up for an hour or two then will go get dinner afterwards before evening events.
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 11:00-11:59 PDT
Title: Decoding NOAA Weather Sat Signals
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: Aerospace Village (Workshop - Paris Rivoli B)
Description:
- You’ll need a laptop with internet connection for this workshop
My goal for this workshop is to introduce receiving and decoding NOAA weather satellite signals. I’ll demonstrate this first with a commercially available radio, and then I’ll demonstrate how to listen to to NOAA satellites for free using publicly accessible and internet connected radios scattered across the globe.
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 10:00-15:59 PDT
Title: Deep Space Networking
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Virtual Workshop)
Description:
Deep space communications utilize TCP/IP protocols with some added assistance from a TCP Convergence Layer and the Bundle Protocol. In this workshop, participants will contrast data transmission on the Earth terrestrial Internet to the Deep Space Network and then delve into the latest version of the Bundle protocol and the TCP Convergence Layer. We will examine key fields in the headers, locate the first packet of a bundle and the first and second legs of the relay process, as reassembled by Wireshark. Participants will learn to build a custom Wireshark profile to quickly identify key fields of the Bundle Protocol, including fields that define priority, destination type, endpoint IDs, and reporting of bundle delivery.
Return to Index - Add to
- ics Calendar file
CON - Saturday - 10:00-19:59 PDT
Title: DEF CON 29 CTF by OOO
When: Saturday, Aug 7, 10:00 - 19:59 PDT
Where: See Description
Description:
For more information, see https://forum.defcon.org/node/236417
Return to Index - Add to
- ics Calendar file
DC - Saturday - 09:00-16:59 PDT
Title: DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open
When: Saturday, Aug 7, 09:00 - 16:59 PDT
Where: Paris DEF CON Registration Desk
Description:
You can start the 2-step process. There is no need to rush, if you have purchased on-line your badge is reserved and there is no concern about them running out:
1st you will pass through the vaccination check line, providing whatever original documentation your health care provider or vaccination center gave you. It will be checked against your State issued ID to make sure the names match, the dates are good, and that enough time has passed for you to be fully vaccinated, etc. We will not record your ID or records. If all is good you will get a WRISTBAND you must wear during the con.
2nd Next you head to the badge pickup desks. There you will show your wristband and your in-person badge bar code and get it scanned. If the scan passes you get your Human reg pack.
Where to register / pick up badges: Paris, near the InfoBooth. Please find "REGISTRATION" on the provided DC29 floorplan (available in HackerTracker and online).
Both registration and the vaccine check processing functions are planning to be available from 8am/08:00 to 5pm/17:00. If those times change, this schedule entry will be updated in HackerTracker and info.defcon.org as soon as possible.
Return to Index - Add to
- ics Calendar file
DC - Saturday - 20:00-21:59 PDT
Title: DEF CON Movie Night - Upgrade
When: Saturday, Aug 7, 20:00 - 21:59 PDT
Where: See Description
Description:
Upgrade will be shown in Track 2.
Return to Index - Add to
- ics Calendar file
DC - Saturday - 13:00-13:45 PDT
Title: Defeating Physical Intrusion Detection Alarm Wires
When: Saturday, Aug 7, 13:00 - 13:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
SpeakerBio:Bill Graydon
Bill Graydon is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running DEF CON’s Lock Bypass Village. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in cyber security, software development, anti-money laundering, and infectious disease detection.
https://www.youtube.com/channel/UCzZK3vjJL9rKNPXNoCPFO5g/videos
Twitter: @access_ctrl
https://github.com/bgraydon
Description:
Alarm systems are ubiquitous - no longer the realm of banks and vaults only, many people now have them in their homes or workplaces. But how do they work? And the logical follow-up question - how can they be hacked?
This talk focuses on the communication lines in physical intrusion detection systems: how they are secured, and what vulnerabilities exist. We’ll discuss the logic implemented in the controllers and protections on the communication lines including end of line resistors - and all the ways that this aspect of the system can be exploited.
In particular, we’ll release schematics for a tool we’ve developed that will enable measuring end-of-line resistor systems covertly, determining the necessary re-wiring to defeat the sensors, and deploy it without setting off the alarm.
After the talk, you can head over to the Lock Bypass Village to try these techniques out for yourself!
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=Liz9R_QxSgk
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Bill%20Graydon%20-%20Defeating%20Physical%20Intrusion%20Detection%20Alarm%20Wires.mp4
This talk will be given live in Track 2.
This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_two
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 11:30-11:55 PDT
Title: Defending the Unmanned Aerial Vehicle: Advancements in UAV Intrusion Detection
When: Saturday, Aug 7, 11:30 - 11:55 PDT
Where: Aerospace Village (Virtual Talk)
SpeakerBio:Jason Whelan
Jason (OSCP, OSCE, CCNP) holds a Bachelor of IT and is currently working towards a MSc in Computer Science from Ontario Tech University. He has presented at international conferences on UAV security, and has experience in both practical security research and penetration testing of operational UAS.
Description:
Many attacks against the UAV are becoming commonplace as they are simple to conduct with inexpensive hardware, such as spoofing and jamming. Unfortunately, many of the vulnerabilities UAVs suffer from are based on security flaws in the underlying technologies, including GPS and ADS-B. An intrusion detection system (IDS) for UAVs can increase security rapidly without the need to re-engineer underlying technologies. UAVs are cyber-physical systems which introduce a number of challenges for IDS development as they utilize a wide variety of sensors, communication protocols, platforms, and control configurations. Commercial off-the-shelf IDS solutions can be strategically implemented within the Unmanned aerial system (UAS) to detect threats to the underlying traditional IT infrastructure, however, the UAV itself requires specialized detection techniques. This talk discusses advancements in UAV intrusion detection, including proposed solutions in academics, pitfalls of these solutions, and how a practical technique using machine learning can be used to detect attacks across UAV platforms. A fully developed IDS is presented which makes use of flight logs and an onboard agent for autonomous detection and mitigation. The topics covered come from lessons learned in UAS penetration testing, live experiments, and academic research in the UAV security space.
This talk will be streamed on YouTube: https://www.youtube.com/watch?v=XEN9LTOUFFQ
Aerospace Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/c/AerospaceVillage
Return to Index - Add to
- ics Calendar file
DL - Saturday - 10:00-11:50 PDT
Title: Depthcharge
When: Saturday, Aug 7, 10:00 - 11:50 PDT
Where: Palace 3+4+5
SpeakerBio:Jon Szymaniak
Jon Szymaniak is Principle Security Consultant in NCC Group’s Hardware & Embedded Systems Services team and a former embedded systems engineer. His areas of interest include U-Boot, Linux, Yocto, and firmware reverse engineering. Through both his day job and hobby hacking adventures, he’s enjoyed exploring and exploiting boot ROMs, automotive ECUs, Android-based platforms, and a myriad of Internet-connected things that shouldn't be.
Description:
Depthcharge: A Framework for U-Boot Hacking
Short Abstract:
In modern embedded systems that implement a “secure boot” flow, the boot loader plays a critical role in establishing the integrity and authenticity of software and data required to boot an operating system. Given the role and vantage point of boot loaders, they are a particularly interesting target for hardware hackers seeking to root a device and instrument it for further vulnerability hunting and reverse engineering. Although the vast majority of devices leveraging the ubiquitous and open source U-Boot boot loader leave it unprotected and trivially exploited, more product vendors are finally implementing secure boot and (attempting to) lock down their U-Boot builds. These less common specimen offer exciting opportunities to pursue creative bypasses and explore underappreciated U-Boot functionality.
The Depthcharge framework was developed to help hardware hackers methodically (ab)use some of that underappreciated U-Boot functionality in novel ways to circumvent boot-time protections, as well as expedite the identification and exploitation of “the usual suspects” within exposed U-Boot device consoles. The project includes a Python 3 library for interfacing with devices, reading and writing memory via available primitives, deploying executable payloads, and analyzing various data structures. A collection of scripts built atop of library make this functionality readily available via the command line, and “Depthcharge Companion” firmware allows the tooling to extend its vantage point by presenting itself as a peripheral device connected to the target. This Demo Lab will introduce the basics of Depthcharge and explore how attendees can leverage and expand upon it when seeking to circumvent boot-time protections or just to further explore a system from within the U-Boot environment. For those wishing to protect their (employer’s) products from fellow DEF CON attendees, we’ll also cover the configuration checker functionality that can be used to avoid common U-Boot pitfalls.
Developer Bio:
Jon Szymaniak is Principle Security Consultant in NCC Group’s Hardware & Embedded Systems Services team and a former embedded systems engineer. His areas of interest include U-Boot, Linux, Yocto, and firmware reverse engineering. Through both his day job and hobby hacking adventures, he’s enjoyed exploring and exploiting boot ROMs, automotive ECUs, Android-based platforms, and a myriad of Internet-connected things that shouldn't be.
- URLs
- GitHub: https://github.com/nccgroup/depthcharge
Documentation: https://depthcharge.readthedocs.io
Blog Posts and Prior Presentations:
Blog: https://research.nccgroup.com/2020/07/22/depthcharge/
Hardwear.io Webinar: https://www.youtube.com/watch?v=fTKMi3Is5x8
Blog: https://research.nccgroup.com/2020/1...hcharge-v0-2-0
OSFC Presentation: https://vimeo.com/488134063
Detailed Explanation:
Additional detail can be found here in the project documentation:
https://depthcharge.readthedocs.io/e...is-depthcharge
The Depthcharge project aims to allow hackers, security practitioners, and engineering teams a way to “work smarter” when attempting to root a device or evaluate its security posture. This not only includes gaining control of a target’s U-Boot execution, but also leveraging the bootloader as a vantage point to further explore the target system.
The Python 3 Depthcharge API can be leveraged to enumerate functionality exposed by a U-Boot console and identify memory read/write primitives. Memory access abstractions built atop of these primitives seek to make dumping device firmware quicker and more robust, and custom payload deployment easier. With its colorized serial monitor, Depthcharge provides a more pleasant environment for hacking around and scripting while within a device’s U-Boot console. The “Companion” firmware extends Depthcharge reach into a target platform, allowing it to act as a “malicious” peripheral device (e.g. on an I2C bus). While much of the project focuses on console exposure, it also include some data structure identification (e.g. stored environments) functionality aimed at situations where such functionality is not available. For engineers and those on the “blue team” — build configuration checker functionality can help raise red flags and detect U-Boot pitfalls much earlier in the product development lifecycle.
Target Audience:
Hardware / Embedded Systems - Both “offense” and “defense” within this audience
I believe the Depthcharge Demo Lab can show that there’s more interesting hackery to be had within the U-Boot boot loader, and that we can work much smarter when we encounter it. Given that I tend to see discussions of U-Boot limited to unprotected IoT junkware, I’ve always been bummed that folks don’t seem to get to appreciate the joy of circumventing secure boot mechanisms, or otherwise leveraging their U-Boot environment to start exploring a hardware platform and its SoC from a lower level vantage point.
Whether it be folks enjoying the abuse of a CRC32 feature as an arbitrary memory primitive, or just gaining an appreciation for how U-Boot exports functionality for use by “stand alone applications” — I hope to share some new tricks and get people excited about hacking deeper on their devices. Demos will be based upon my earlier work bypassing a (now patched) 2019 Sonos vulnerability, as well as some “previously seen on client work” vulnerabilities modeled on development kits to protect the (not so?) innocent.
Warranty voiding and custom firmware development shall be strongly encouraged.
Return to Index - Add to
- ics Calendar file
APV - Saturday - 16:00-16:45 PDT
Title: DevSecOps: Merging Security and Software Engineering
When: Saturday, Aug 7, 16:00 - 16:45 PDT
Where: AppSec Village (Virtual)
SpeakerBio:Magno Logan DELETE ME
No BIO available
Description:
Lately, we’ve been hearing a lot about Dev Ops and DevSecOps, and why they’re so important. While integrating these are considered very good practices, organizations may be unintentionally unaware of how to maximize DevOps to ensure security and compliance are being met without delays. This could be because many researchers and authors believe DevOps already includes security at its core, since software security and quality are closely related. However, in today’s cloud environment, one cannot assume that DevOps can do it all. That’s where a strong DevSecOps strategy and mindset comes into play.
AppSec Village events will be streamed to YouTube.
YouTube: https://www.youtube.com/c/appsecvillage
Return to Index - Add to
- ics Calendar file
WS - Saturday - 10:00-13:59 PDT
Title: Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders
When: Saturday, Aug 7, 10:00 - 13:59 PDT
Where: Workshops - Las Vegas 5+6 (Onsite Only)
Speakers:Michael Register,Michael Solomon
SpeakerBio:Michael Register
Michael Register (S3curityN3rd) has 5 years of combined experience across IT, Networking, and Cybersecurity. He currently holds multiple certifications, including the GCIH. S3curityN3rd spent the last 3 years working in Incident Response before a recent transition into a Threat Hunting role. His areas of focus have been on forensics, malware analysis, and scripting.
SpeakerBio:Michael Solomon
Michael Solomon (mR_F0r3n51c5) is currently a Threat Hunter for a large managed security service provider. He has ten years of experience conducting Cyber Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting. He is very passionate about helping grow and inspire cybersecurity analysts for a better tomorrow.
Description:
Ever wondered what it is like being a cybersecurity or incident response analyst? Here is your chance to experience an exciting 4-hour class taught by mR_F0r3n51c5 and S3curityN3rd. Phishing and malicious spam attacks continue to pose a significant risk in today’s cyber threat landscape. Using forensic and malware analysis fundamentals, this class will teach students how to analyze malicious downloaders, phishing emails, and malicious spam.
Upon successful class completion, students will be able to:
Build analysis skills that leverage complex scenarios and improve comprehension.
Demonstrate an understanding of forensic fundamentals used to analyze an email.
Use open-source information to collect and analyze threat actor data; identify indicators of compromise, and demonstrate how to pivot on that information.
Demonstrate how to analyze a malicious downloader; to include but not limited to debugging and deobfuscation.
Participate in a hand to keyboard combat capstone. Students will be given a malicious file sample and demonstrate how to analyze it.
Registration Link: https://www.eventbrite.com/e/digital-forensics-and-ir-against-the-dark-arts-las-vegas-5-6-tickets-162218185961
- Prerequisites
- None
Materials needed:
Students will be required to download two virtual machines (OVA files). Students will be given a URL for download access. In regards to the downloaded virtual machines, these should be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.
Students must have a laptop that meets the following requirements:
- A 64 bit CPU running at 2GHz or more. The students will be running two virtual machines on their host laptop.
- Have the ability to update BIOS settings. Specifically, enable virtualization technology such as "Intel-VT."
- The student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.
- 8 GB (Gigabytes) of RAM or higher
- At least one open and working USB Type-A port
- 50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute
- Students must have Local Administrator Access on their system.
- Wireless 802.11 Capability
- A host operating system that is running Windows 10, Linux, or macOS 10.4 or later.
- Virtualization software is required. The supplied VMs have been built for out of the box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues.
At a minimum, the following VM features will be needed:
- NATted networking from VM to Internet
- Copy Paste of text and files between the Host machine and VM
Return to Index - Add to
- ics Calendar file
DC - Saturday - 17:00-17:59 PDT
Title: Don't Dare to Exploit - An Attack Surface Tour of SharePoint Server
When: Saturday, Aug 7, 17:00 - 17:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
Speakers:Steven Seeley,Yuhao Weng,Zhiniang Peng
SpeakerBio:Steven Seeley
Steven Seeley (@mr_me) is a member of the 360 Vulcan team and enjoys finding and exploiting bugs. Currently his focus is on web and cloud tech and has over 10 years experiance in offensive security. Steven won the Pwn2Own Miami competition with his team mate Chris Anastasio in early 2020 and has taught several classes in web security including his own, Full Stack Web Attack.
Twitter: @steventseeley
SpeakerBio:Yuhao Weng
Yuhao Weng(@cjm00nw) is an security researcher of Sangfor and a ctf player of Kap0k. He has been studying the web for three years and found a lot bugs in Sharepoint, Exchange and so on. Now he is focused on .NET security.
Twitter: @cjm00nw
SpeakerBio:Zhiniang Peng
Dr. Zhiniang Peng (@edwardzpeng) is the Principal Security Researcher at Sangfor. His current research areas include applied cryptography, software security and threat hunting. He has more than 10 years of experience in both offensive and defensive security and published much research in both academia and industry.
Twitter: @edwardzpeng
Description:
Due current global issues of 2020, organizations have been forced to make changes in how their business model operates and as such, have opened the doors to remote working. Microsoft SharePoint is one of the most popular and trusted Content Management System's (CMS) deployed today. The product is used to share and manage content, internal knowledge with embeded applications to empower teamwork and seamlessly collaborate across an organization for a truly remote experience.
After the efforts of countless talented engineers in Microsoft, SharePoint has been deployed in the Microsoft cloud as part of their office 365 offering. This presentation will analyze the security architecture of SharePoint server and how it differs from other popular CMS products. From an offensive point of view, we will also reveal several attack surfaces and mitigations implemented and how those mitigations can be bypassed. Finally we will disclose several high impact vulnerabilities detailing the discovery and exploitation.
- REFERENCES
- 1. http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/
2. https://docs.microsoft.com/en-us/dotnet/api/system.web.ui.control
3. https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524602(v=vs.90)
4. https://www.youtube.com/watch?v=Xfbu-pQ1tIc
5. https://www.blackhat.com/us-20/briefings/schedule/#room-for-escape-scribbling-outside-the-lines-of-template-security-20292
6. https://www.spguides.com/sharepoint-csom-tutorial/
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=mVXrl4W1jOU
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Yuhao%20Weng%20Steven%20Seeley%20Zhiniang%20Peng%20-%20don%27t%20Dare%20to%20Exploit%20-%20An%20Attack%20Surface%20Tour%20of%20SharePoint%20Server.mp4
This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_three
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 15:00-15:50 PDT
Title: Drone Security Research Series – Ep6 Hacking with drones
When: Saturday, Aug 7, 15:00 - 15:50 PDT
Where: Aerospace Village (Virtual Talk)
SpeakerBio:Matt Gaffney
Following his career in the British Army, Matt has been working with clients in various industries. However, his best years were spent working in aviation, specifically systems found in the Aircraft Information Systems Domain. More recently he has turned his attention to security in UAS.
Description:
In this series we have uncovered weaknesses in the MAVLink protocol, now we attempt to overcome physical security controls by getting within range of WiFi networks with a drone. In this episode we use a drone to get close to our target by taking the tools airborne and flying over our target. Let’s rewrite the physical security model!
This talk will be streamed on YouTube: https://www.youtube.com/watch?v=M0BDHT43Ucc
Aerospace Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/c/AerospaceVillage
Return to Index - Add to
- ics Calendar file
CON - Saturday - 20:00-21:59 PDT
Title: Drunk Hacker History
When: Saturday, Aug 7, 20:00 - 21:59 PDT
Where: See Description
Description:
This event will be held in Track 1 / Bally's Platinum Ballroom. This event was rescheduled from 22:00 to 20:00.
Twitter: https://twitter.com/drunkhackerhist?lang=en
Return to Index - Add to
- ics Calendar file
BCV - Saturday - 12:00-12:59 PDT
Title: Ethereum Hacks & How to Stop Them
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Blockchain Village / Paris Vendome B
SpeakerBio:Michael Lewellen
, Project Manager - Security Services, OpenZeppelin
Michael works as the Technical Project Manager for the Security Research team managing audit projects. Michael has 9 years of experience as a software consultant and architect working on blockchain technologies. Outside of OpenZeppelin, Michael educates on blockchain technology as a lecturer at UT Dallas and a public policy advisor as part of the Texas Blockchain Council.
Description:
Learn about some of the recent smart contract security incidents and how to stop them using OpenZeppelin security tools like Defender.
This content will be presented live and in-person.
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 15:45-16:15 PDT
Title: Ethics at the Edge: IoT as the Embodiment of AI for Rampant Intelligence Actuation
When: Saturday, Aug 7, 15:45 - 16:15 PDT
Where: IoT Village (Talk - Virtual)
SpeakerBio:Ria Cheruvu
Ria Cheruvu is an AI Ethics Lead Architect at the Intel Network and Edge engineering group working on developing trustworthy AI products. She is 17 years old, and graduated with her bachelor’s degree in computer science at Harvard University at 11 and her master’s degree in data science from her alma mater at 16. Her pathfinding domains include solutions for security and privacy for machine learning, fairness, explainable and responsible AI systems, uncertain AI, reinforcement learning, and computational models of intelligence. She enjoys composing piano music, ocean-gazing with her family, and contributing to open-source communities in her free time.
Description:
In the eyes of a smart device and their human controllers, the world is an immense source of data and power. The expanding Internet of Things ecosystem only adds fuel to this, empowering real-time automatic sensing + actuation posing regulatory dilemmas, easily exploitable definitions of trusted entities (e.g., see the 2021 Verkada hack), and measurements of security, robustness, and ethics that change apropos data in the blink of an eye.
Governance and policing of Internet of Things devices is growing to cover the upcoming trail of destruction by flailing technical solutions, but some intriguing key unanswered questions are starting to reveal themselves.
In this talk, we’ll dive into what the sociotechnical problem of ethics means at the edge in the context of machine learning/artificial intelligence and address these questions:
- Individual vectors of ethics (“Sustainability is an ethical principle?” “Edge devices have their own definition of fairness and bias different from human concepts?”)
- Evolving principles and governance for IoT devices, and the importance of accountable anonymity
- Definitions of trusted entities (“When are users a threat?” “Should humans be out of the loop?”), and how key ethical principles, such as privacy and transparency, can be a double-edged sword in the context of IoT security.
- Incorporating morality into machines is now a reality (“How do we define a calculus and value alignment for IoT ethics?”) - what are key unconventional ethical concerns for human-centered design?
IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.
Twitch: https://www.twitch.tv/iotvillage
Return to Index - Add to
- ics Calendar file
WS - Saturday - 15:00-18:59 PDT
Title: Evading Detection a Beginner's Guide to Obfuscation
When: Saturday, Aug 7, 15:00 - 18:59 PDT
Where: Workshops - Las Vegas 3+4 (Onsite Only)
Speakers:Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
SpeakerBio:Anthony "Cx01N" Rose
, Lead Security Researcher
Anthony "Cx01N" Rose, CISSP, is the Lead Security Researcher at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, and RSA conferences. Cx01N is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing wide-spread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
SpeakerBio:Jake "Hubbl3" Krasnov
, Red Team Operations Lead
Jake "Hubbl3" Krasnov is the Red Team Operations Lead at BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Hubbl3 has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
SpeakerBio:Vincent "Vinnybod" Rose
, Lead Tool Developer
Vincent "Vinnybod" Rose is the Lead Tool Developer for Empire and Starkiller. He is a software engineer with expertise in cloud service and has over a decade of software development and networking experience. Recently, his focus has been on building ad-serving technologies, web and ad-tracking applications. Vinnybod has presented at Black Hat has taught courses at DEF CON on Red Teaming and Offensive PowerShell. He currently maintains a cybersecurity blog focused on offensive security at https://www.bc-security.org/blog/.
Description:
Defenders are constantly adapting their security to counter new threats. Our mission is to identify how they plan on securing their systems and avoid being identified as a threat. This is a hands-on class to learn the methodology behind malware delivery and avoiding detection. This workshop explores the inner workings of Microsoft's Antimalware Scan Interface (AMSI), Windows Defender, and Event Tracing for Windows (ETW). We will learn how to employ obfuscated malware using Visual Basic (VB), PowerShell, and C# to avoid Microsoft's defenses. Students will learn to build AMSI bypass techniques, obfuscate payloads from dynamic and static signature detection methods, and learn about alternative network evasion methods.
In this workshop, we will:
i. Understand the use and employment of obfuscation in red teaming.
ii. Demonstrate the concept of least obfuscation.
iii. Introduce Microsoft's Antimalware Scan Interface (AMSI) and explain its importance.
iv. Demonstrate obfuscation methodology for .NET payloads.
Registration Link: https://www.eventbrite.com/e/evading-detection-a-beginners-guide-to-obfuscation-las-vegas-3-4-tickets-162219734593
- Prerequisites
- Basic level of PowerShell or C# experience.
Materials needed:
- Laptop
- VMWare or Virtual Box
- Windows Dev machine or other Windows VM
- Kali Linux VM
Return to Index - Add to
- ics Calendar file
BCV - Saturday - 15:00-15:59 PDT
Title: Evils in the DeFi world
When: Saturday, Aug 7, 15:00 - 15:59 PDT
Where: Blockchain Village / Paris Vendome B
Speakers:Minzhi He,Peiyu Wang
SpeakerBio:Minzhi He
No BIO available
SpeakerBio:Peiyu Wang
, Sr. Security Engineer CertIK
Peiyu Wang is a Senior Security Engineer at CertiK with years of professional experience in security assessments and blockchain technology, specializing in application penetration testing and smart contract audit. Prior to joining the CertiK, Peiyu was a security consultant at Harbor Labs and NCC group, where he focused on medical device security, software development and security assessments. Peiyu holds a Master's degree in information security from Johns Hopkins University, as well as professional industry certifications, which include Offensive Security Certified Professional(OSCP) and Offensive Security Web Expert (OSWE)
Description:
The growth of DeFi for the past year is astonishing, the TVL, users count and different types of projects prove the concept of DeFi can work. The space has good DeFi projects that bring users and investors. It also has projects that are complete scams; they come up with different ways to scam people and run away with user's money. Scammers have stolen millions of dollars worth of tokens from users for the past years.
How can regular users identify bad projects? What can a security company do to help DeFi users and investors? We can't stop scammers from deploying contracts on the blockchain and setting up fake websites, but we can warn users to stay away from them. CertiK set up a submission form on our website for community members to report risky projects, and we will investigate them. If we find the project is risky, we will publish an alert on our website and Twitter account.
We reviewed more than 50 submissions from community members and identified around 15 risky projects in the past. At the Defcon blockchain village, we want to share our work for the past couple of months. In this talk, we will do a case study to demonstrate different types of scams; we will also talk about how scammers earn trust from users and how we investigate user submitted projects.
This content will be presented live and in-person.
Return to Index - Add to
- ics Calendar file
CLV - Saturday - 10:00-10:45 PDT
Title: Extracting all the Azure Passwords
When: Saturday, Aug 7, 10:00 - 10:45 PDT
Where: Cloud Village (Virtual)
SpeakerBio:Karl Fosaaen
As a Practice Director at NetSPI, Karl leads the Cloud Penetration Testing service line and oversees NetSPI’s Portland, OR office. Karl holds a BS in Computer Science from the University of Minnesota and has over a decade of consulting experience in the computer security industry. Karl spends most of his research time focusing on Azure security and contributing to the NetSPI blog. As part of this research, Karl created the MicroBurst toolkit (https://github.com/Netspi/Microburst) to house many of the PowerShell tools that he uses for testing Azure. Over the last year, Karl has co-authored the book “Penetration Testing Azure for Ethical Hackers” with David Okeyode. Over the years, Karl has held the Security+, CISSP, and GXPN certifications.
Twitter: @kfosaaen
Description:
Whether it's the migration of legacy systems or creation of brand-new applications, many organizations are turning to Microsoft’s Azure cloud as their platform of choice. This brings new challenges for penetration testers who are less familiar with the platform, and now have more attack surfaces to exploit. In an attempt to automate some of the common Azure escalation tasks, the MicroBurst toolkit was created to contain tools for attacking different layers of an Azure tenant. In this talk, we will be focusing on the password extraction functionality included in MicroBurst. We will review many of the places that passwords can hide in Azure, and the ways to manually extract them. For convenience, we will also show how the Get-AzPasswords function can be used to automate the extraction of credentials from an Azure tenant. Finally, we will review a case study on how this tool was recently used to find a critical issue in the Azure permissions model that resulted in a fix from Microsoft.
Cloud Village activities will be streamed to YouTube.
YouTube: https://www.youtube.com/cloudvillage_dc
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 12:00-12:25 PDT
Title: Federal Perspective on Aerospace Cybersecurity
When: Saturday, Aug 7, 12:00 - 12:25 PDT
Where: Aerospace Village (Virtual Talk)
Speakers:Larry Grossman,Steve Luczynski
SpeakerBio:Larry Grossman
Larry Grossman is the Federal Aviation Administration’s Director of the Office of Information Security and Privacy and Chief Information Security Officer. In this role, he provides strategic leadership of FAA’s information security and privacy programs. He chairs FAA’s Executive Cybersecurity Steering Committee which provides oversight to cybersecurity activities across the FAA enterprise. Larry leads the FAA’s security operations, compliance, governance, and risk management functions. Looking externally, he oversees the FAA’s Aviation Ecosystem and Stakeholder Engagement Office whose role is to promote awareness and improve cyber resiliency across the aviation ecosystem. He also leads the evolution of FAA’s cybersecurity strategy, Security Operations Center modernization, new program deployments, and cyber incident response activities. Additionally, he represents FAA’s cybersecurity and programs at the Department of Transportation and other agencies; he participates in government-wide and international cybersecurity initiatives and exercises; and regularly briefs Congress on FAA and aviation cybersecurity. Larry has been with the FAA for over 25 years and prior to his current role, led the deployment of Air Traffic Control and Aviation Safety systems, as well as data modernization and external data distribution efforts.
An avid aviation enthusiast, Larry holds commercial pilot and flight instructor certificates in both land and sea, and travels in his own aircraft whenever possible.
SpeakerBio:Steve Luczynski
No BIO available
Description:
As the Federal Aviation Administration’s Chief Information Security Officer, Larry Grossman has a unique perspective on the challenges associated with building and sustaining adequate security for IT systems within a government agency and across the aerospace sector. Join us to learn more about his experiences and gain insight into the FAA’s current efforts to sustain the public’s trust in safe air travel.
This talk will be streamed on YouTube: https://www.youtube.com/watch?v=jcyL0zPNEuA
Aerospace Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/c/AerospaceVillage
Return to Index - Add to
- ics Calendar file
ICSV - Saturday - 12:00-12:59 PDT
Title: Fireside Chat - August Cole
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: ICS Village (Virtual)
SpeakerBio:August Cole
No BIO available
Description:No Description available
ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.
YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw
#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485
Return to Index - Add to
- ics Calendar file
ICSV - Saturday - 13:30-13:59 PDT
Title: Fortifying ICS - Hardening and Testing
When: Saturday, Aug 7, 13:30 - 13:59 PDT
Where: ICS Village (Virtual)
SpeakerBio:Dieter Sarrazyn
, Secudea
Dieter is a freelance SCADA/ICS/OT security consultant who’s working extensively on industrial control system security since 2008. He performs different kinds of security assessments within industrial environments including intrusion testing, physical penetration testing, technical system assessments, risk assessments and provides assistance in securing these environments. He also helps customers to manage security of solutions deployed by their industrial suppliers and integrators through doing security requirements management and security FAT and SAT tests. Next to assessing environments, he is also providing training and awareness sessions on scada/ics/ot security and coaches young graduates within this field.
Twitter: @dietersar
Description:
Every ICS environment will sooner or later have to deal with updates, upgrades or additions to the control system environment. Nowadays it is important to include cybersecurity within such projects, although that is still sometimes forgotten (sad but true). One of the ways to include security is to set security requirements but also perform hardening and cybersecurity testing within FAT and SAT cycles.
This talk will explain important elements of hardening as well as things to keep in mind when performing cybersecurity testing during FAT/SAT phases after performing said hardening.
ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.
YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw
#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485
Return to Index - Add to
- ics Calendar file
SOC - Saturday - 12:00-12:59 PDT
Title: Friends of Bill W.
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Bally's Pool Cabana
Description:
For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is in a Bally's poolside cabana, look for the sign.
Return to Index - Add to
- ics Calendar file
SOC - Saturday - 17:00-17:59 PDT
Title: Friends of Bill W.
When: Saturday, Aug 7, 17:00 - 17:59 PDT
Where: Bally's Pool Cabana
Description:
For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is in a Bally's poolside cabana, look for the sign.
Return to Index - Add to
- ics Calendar file
WS - Saturday - 10:00-13:59 PDT
Title: From Zero to Hero in Web Security Research
When: Saturday, Aug 7, 10:00 - 13:59 PDT
Where: Workshops - Jubilee 2 (Onsite Only)
Speakers:Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
SpeakerBio:Dikla Barda
Dikla Barda is a Security Expert at Check Point Software Technologies. Her research has revealed significant flaws in popular services, and major vendors like: Facebook, WhatsApp, Telegram, eBay, AliExpress, LG, DJI, Microsoft, TikTok and more. She has over 15 years of experience in the field of cyber security research. She spoke at various leading conferences worldwide.
SpeakerBio:Oded Vanunu
Oded Vanunu has more than 15 years of InfoSec experience. He is a Security Leader and Offensive Security Expert who leads a security research domain from product design stages until post release. Vanunu leads security ideas into products. His expertise is in building a security research team, vulnerability research, security best practice and security design. He has been issued five patents on cybersecurity defense methods and has published dozens of research papers and product CVEs.
SpeakerBio:Roman Zaikin
Roman Zaikin is a Security Expert at Check Point Software Technologies. His research has revealed significant flaws in popular services, and major vendors (Facebook, WhatsApp, Telegram, eBay, AliExpress, LG, DJI, Microsoft and more). He has over 10 years of experience in the field of cyber security research. He spoke at various leading conferences worldwide and taught more than 1000 students, he is also responsible for the design and the material of various cyber courses worldwide. He holds more than 15 Certifications and extensive experience with system administration, network architecture, software development, penetration testing and reverse engineering. He has outstanding self-taught skills, having the ability to develop and thinking outside the box. Love technology and want to know exactly how things work behind the scenes at lowest level of the bit and the bytes. He has an innate curiosity of how software can be broken down or bypassed so you can do things with it that weren't intended to be done.
SpeakerBio:Yaara Shriki
Yaara Shriki is an experienced security researcher at Check Point. She is an IDF technological unit graduate with experience in penetration testing, vulnerability research and forensics. Outside of work, Yaara volunteers to promote women and girls in tech.
Description:
Web applications play a vital role in every modern organization. If your organization does not properly test and secure its web apps, adversaries can compromise these applications, damage business functionality, and steal data. Unfortunately, many organizations operate under the mistaken impression that a web application security scanner will reliably discover flaws in their systems.
Customers expect web applications to provide significant functionality and data access. Even beyond the importance of customer-facing web applications, internal web applications increasingly represent the most commonly used business tools within any organization. Unfortunately, there is no "patch Tuesday" for custom web applications, so major industry studies find that web application flaws play a major role in significant breaches and intrusions.
In this workshop we will teach you how to find vulnerabilities in web security according to the latest methods and techniques. We will demonstrate every vulnerability by giving an example from vulnerability we have found in major tech companies like: Facebook, WhatsApp, Amazon, AliExpress, Snapchat, LG and more!
Registration Link: https://www.eventbrite.com/e/from-zero-to-hero-in-web-security-research-jubilee-2-tickets-162214757707
- Prerequisites
- Basic Web Concepts, Basic Web Development Skills, Ability to Understand JavaScript.
Materials needed:
Personal Laptop
Return to Index - Add to
- ics Calendar file
CHV - Saturday - 13:00-13:59 PDT
Title: Fuzzing CAN / CAN FD ECU's and Network
When: Saturday, Aug 7, 13:00 - 13:59 PDT
Where: Car Hacking Village - Talks (Virtual)
SpeakerBio:Samir Bhagwat
No BIO available
Description:
Get an overview of fuzzing, various techniques used in vulnerability testing, and how to automate your Fuzzing.
This talk will stream on YouTube.
YouTube: https://www.youtube.com/watch?v=L7RCalagQ&feature=youtu.be
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 16:00-16:25 PDT
Title: Fuzzing NASA Core Flight System Software
When: Saturday, Aug 7, 16:00 - 16:25 PDT
Where: Aerospace Village (Virtual Talk)
SpeakerBio:Ronald Broberg
No BIO available
Description:
NASA Core Flight System (cFS) provides an open source software framework used in multiple NASA missions including the Lunar Reconnaissance Orbiter, the Parker Solar Probe, and the protoype Mighty Eagle robotic lunar lander. The cFS suite includes Command Ingest (CI_Lab) and Telemetry Output (TO_Lab) applications which are only representative of similar applications in actual mission software. Fuzzing techniques applied to cFS reveal issues in the Command Ingest application (CI_Lab).
This talk will be streamed on YouTube: https://www.youtube.com/watch?v=D5yiIlMy2Lg
Aerospace Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/c/AerospaceVillage
Return to Index - Add to
- ics Calendar file
AVV - Saturday - 18:45-19:45 PDT
Title: Game Theory: Understanding and Strategy and Deception
When: Saturday, Aug 7, 18:45 - 19:45 PDT
Where: Adversary Village (Virtual)
SpeakerBio:Juneau Jones
Raised in the woods of Alaska, Juneau attributes her love of hacking to a childhood spentbuilding and breaking things outside. After studying computer science and economics, she moved to Dallas, Texas, where she found a home in the local hacker community. Juneau began research on applying behavioral economics to adversarial tactics. After her successful first talk at Dallas Hacker's Association on the prisoner’s dilemma, she began presenting her research at cons across the country. Currently, she works as an adversarial analyst doing consultant red teaming. She is also continuing her research and education as a cybersecurity fellow at NYU. When she is not hacking or asking strangers to act out the prisoner's dilemma, Juneau breathes fire, plays the bass, and runs DC214; Dallas's DefCon group.
Description:
Game Theory is the study of choices and strategies made by rational actors, called "players," in competitive situations, and it offers us a way to study and map human conflict. Statisticians use game theory to model war, biology, and even football. We will model the choices and behavior demonstrated by real-world adversarial conflict. Usingthese models, we will discuss how players form strategies and how other actors can influence those strategies. The talk will begin with an overview of game-theoretic modeling and its application to adversary behavior. Using the Prisoner's Dilemma as an example, we will look at how to model and analyze a single game. We can then model repeated interactions and demonstrate how "players" can influence each other's choices. These models will lay the foundations we need to look at more realistic adversary conflict. Next, we are going to look at how players can exploit information asymmetry. Emerging techniques such as dynamic honeynets and virtual attack surfaces both investigate attackers while manipulating their beliefs. We will build a Signaling Game model to show how defenders can credibly deceive adversaries. Using this model, we will look at a scenario where a defender observes multiple attacker movements within a network. While sustained engagement can help the defender learn more about the attacker and provide them false information, it comes at the risk of added exposure. In this scenario, there is a trade-off between information gained and short-term security. This talk will not look at network topology or protocols but will instead look at information exchange and strategy. We will then apply the same models to an adversarial perspective. Sustained engagement with a defender can provide an attacker with information and the opportunity to deceive defenders. However, that comes with a risk. How does an attacker's strategy change when a defender can eject them from the network at any time? By analyzing conflict where strategy and choices determine the outcome, we learn more about how to understand others' tactics and influence them with our own decisions.
Adversary Village talks and workshops will be streamed on YouTube and Twitch.
Q&A sessions will happen in DEF CON Official Discord server after each talk.
YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg
Twitch: https://twitch.tv/adversaryvillage
Discord: https://discord.gg/defcon
Return to Index - Add to
- ics Calendar file
HRV - Saturday - 16:00-16:30 PDT
Title: Getting started with low power & long distance communications - QRP
When: Saturday, Aug 7, 16:00 - 16:30 PDT
Where: Ham Radio Village (Virtual Talks)
SpeakerBio:Eric Escobar
, Principal Security Consultant
Eric is a seasoned pentester and a Principal Security Consultant at Secureworks. On a daily basis he attempts to compromise large enterprise networks to test their physical, human, network and wireless security. His team consecutively won first place at DEF CON 23, 24, and 25's Wireless CTF, snagging a black badge along the way. Forcibly retired from competing in the Wireless CTF, he’s now a member of the DEF CON Wireless Village team. Before entering the cyber security arena, Eric attained both a BS and MS in Civil Engineering along with his Professional Engineering license.
Description:
Solar minimums have you down? Anxious to get out of the shack? This talk is for the ham who wants to take their gear on the go and still have reliable and long distance communications. Be prepared to be amazed at just how far 5 watts will truly go. I'll be covering the hardware, software, and configuration for the shack that will fit in a backpack.
All Ham Radio Village talks will be streamed to Twitch, with discussion in Discord.
For more information, see https://hamvillage.org/dc29.html
Twitch: https://www.twitch.tv/hamradiovillage
#hrv-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991
Return to Index - Add to
- ics Calendar file
DL - Saturday - 12:00-13:50 PDT
Title: Git Wild Hunt
When: Saturday, Aug 7, 12:00 - 13:50 PDT
Where: Palace 3+4+5
Speakers:Rod Soto,José Hernandez
SpeakerBio:Rod Soto
Over 15 years of experience in information technology and security. He has spoken at ISSA, ISC2, OWASP, DEFCON, RSA Conference,Hackmiami, DerbyCon, Splunk .CONF, Black Hat,BSides, Underground Economy and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision, BBC, Forbes, VICE, Fox News and CNN. Co-founder of Hackmiami, Pacific Hackers Meetups and Conferences. Co-founder of Pacific Hackers Association.
SpeakerBio:José Hernandez
Principal Security Researcher at Splunk. He started his professional career at Prolexic Technologies (now Akamai), fighting DDOS attacks against Fortune 100 companies perpetrated by “anonymous” and “lulzsec.” As an engineering co-founder of Zenedge Inc. (acquired by Oracle Inc.), José helped build technologies to fight bots and web-application attacks. He has also built security operation centers and run a public threat-intelligence service.
Twitter: @d1vious
Description:
Tool or Project Name: Git Wild Hunt A tool for hunting leaked credentials
Short Abstract:
Git Wild Hunt is a tool designed to search and identify leaked credentials at public repositories such as Github. Git Wild Hunt searches for footprints and patterns of over 30 of the most used secrets/credentials on the internet, especially those used in Devops and IT Operations. This tool helps developers and security operation departments discover leaked credentials in public repositories. This tool is also a recon tool for red teamers and pentesters, as it also provides metadata from leaks such as usernames, company names, secret types and dates.
License: Apache-2.0 License
Short Developer Bio:
José Hernandez @d1vious
Principal Security Researcher at Splunk. He started his professional career at Prolexic Technologies (now Akamai), fighting DDOS attacks against Fortune 100 companies perpetrated by “anonymous” and “lulzsec.” As an engineering co-founder of Zenedge Inc. (acquired by Oracle Inc.), José helped build technologies to fight bots and web-application attacks. He has also built security operation centers and run a public threat-intelligence service.
Rod Soto @rodsoto
Principal Security Research Engineer at Splunk. Worked at Prolexic Technologies (now Akamai), and Caspida. Cofounder of Hackmiami and Pacific Hackers meetups and conferences. Creator of Kommand && KonTroll / NoQrtr-CTF.
URL to any additional information: https://github.com/d1vious/git-wild-hunt
Detailed Explanation of Tool:
This tool is very effective in finding leaked credentials here is a list of the credentials that are detected:
AWS API Key
Amazon AWS Access Key ID
Amazon MWS Auth Token
Facebook Access Token
Facebook OAuth
Generic API Key
Generic Secret
GitHub
Google (GCP) Service-account
Google API Key
Google Cloud Platform API Key
Google Cloud Platform OAuth
Google Drive API Key
Google Drive OAuth
Google Gmail API Key
Google Gmail OAuth
Google OAuth Access Token
Google YouTube API Key
Google YouTube OAuth
Heroku API Key
MailChimp API Key
Mailgun API Key
PGP private key block
Password in URL
PayPal Braintree Access Token
Picatic API Key
RSA private key
SSH (DSA) private key
SSH (EC) private key
Slack Token
Slack Webhook
Square Access Token
Square OAuth Secret
Stripe API Key
Stripe Restricted API Key
Twilio API Key
Twitter Access Token
Twitter OAuth
Target Audience:
Offense, Vulnerability Assessment
This tool is very effective in bringing awareness of the danger of leaked credentials in public repositories.
Return to Index - Add to
- ics Calendar file
CPV - Saturday - 15:30-16:30 PDT
Title: Gold Bug Q&A
When: Saturday, Aug 7, 15:30 - 16:30 PDT
Where: Crypto & Privacy Village (Virtual)
Description:
Join puzzlemasters Kevin & Maya to discuss this year's puzzle!
goldbug.cryptovillage.org
Crypto & Privacy Village will be streaming their events to YouTube and Twitch.
Twitch: https://www.twitch.tv/cryptovillage
YouTube: https://www.youtube.com/c/CryptoVillage
Return to Index - Add to
- ics Calendar file
SOC - Saturday - 20:00-01:59 PDT
Title: Gothcon 2021
When: Saturday, Aug 7, 20:00 - 01:59 PDT
Where: Bally's Skyview 4
Description:
Join us, hybrid style, as we continue yet another year of #DCGOTHCON. Digital hangs will be found at https://www.twitch.tv/dcgothcon. Watch our twitter @dcgothcon for updates about some renegade IRL meet-ups. We will be streaming our fav goth DJ's Friday evening, 10p-2a Pacific. DM on twitter to join our discord.
Return to Index - Add to
- ics Calendar file
DC - Saturday - 12:30-12:50 PDT
Title: Hack the hackers: Leaking data over SSL/TLS
When: Saturday, Aug 7, 12:30 - 12:50 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded
SpeakerBio:Ionut Cernica
Ionut Cernica started his security career with the bug bounty program from Facebook. His passion for security led him to get involved in dozens of such programs and he found problems in very large companies such as Google, Microsoft, Yahoo, AT&T, eBay, VMware. He has also been testing web application security for 9 years and has had a large number of projects on the penetration testing side.
Another stage of his career was to get involved in security contests and participated in more than 100 such contests. He also reached important finals such as Codegate, Trend Micro and Defcon with the PwnThyBytes team. He also won several individual competitions, including the mini CTF from the first edition of Appsec village - Defcon village.
Now he is doing research in the field of web application security, being also a PhD student at University Polytechnic of Bucharest. Through his research he wants to innovate in the field and to bring a new layer of security to web applications. He has also been working as a Security Researcher @Future Networks 5G Lab for a few months now and hopes to make an important contribution to the 5G security area through research.
Twitter: @CernicaIonut
Description:
Have you considered that in certain situations the way hackers exploit vulnerabilities over the network can be predictable? Anyone with access to encrypted traffic can reverse the logic behind the exploit and thus obtain the same data as the exploit.
Various automated tools have been analyzed and it has been found that these tools operate in an unsafe way. Various exploit databases were analyzed and we learned that some of these are written in an insecure (predictable) way.
This presentation will showcase the results of the research, including examples of exploits that once executed can be harmful. The data we obtain after exploitation can be accessible to other entities without the need of decrypting the traffic. The SSL/TLS specs will not change. There is a clear reason for that and in this presentation I will argue this, but what will change for sure is the way hackers will write some of the exploits.
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=WNXEuFaRUkU
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Ionut%20Cernica%20-%20Hack%20the%20hackers-%20Leaking%20data%20over%20SSL-TLS.mp4
This talk will be given live in Track 1.
This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_one
Return to Index - Add to
- ics Calendar file
HTSV - Saturday - 12:00-14:59 PDT
Title: Hack the Sea Cabana Party
When: Saturday, Aug 7, 12:00 - 14:59 PDT
Where: Hack the Sea (Virtual)
Description:
For more information see https://hackthesea.org/cabana-party/
Come visit our Cabana Saturday from 12:00-3:00pm PST pool-side at Bally’s!
Hack the Sea Village will stream their events to YouTube and Twitch.
Twitch: https://www.twitch.tv/h4ckthesea
YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 10:00-15:59 PDT
Title: Hack-A-Sat2 Satellite Platform
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Virtual + Paris Rivoli B)
Description:
Come and gets hands on with Hack-a-Sat 2 hardware and learn about the unique problems presented by cybersecurity in the space realm. The Air Force and Space Force will be presenting the HAS2 flatsat – the primary platform hosting the hacking challenges for HAS2, comprised of a variety of software and processor architectures commonly used in space vehicles. Visitors can command various settings changes in the flatsat and see the resulting changes in the telemetry from the device as well as visual attitude changes in the NASA 42 simulation. Visitors will also be introduced to the HAS2 Digital Twin, an emulated version of all the flight software running on the flatsat, and will have a chance to capture and analyze an exploit being thrown against the flight software. Lastly, the Aerospace Corporation will demonstrate cyber defense onboard a satellite by using machine learning and signatures to detect anomalous command sequences and onboard cyber events.
For virtual attendees, the Digital twin demonstration will also be accessible via VNC to an instance running inside Docker containers in Amazon AWS (remote viewers will need to have a VNC client on their own computer).
Return to Index - Add to
- ics Calendar file
CON - Saturday - 10:00-15:59 PDT
Title: Hack3r Runw@y
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: See Description
Description:
More info: https://forum.defcon.org/node/236429
More info: https://hack3rrunway.github.io/
https://twitter.com/hack3rrunway
Also see #ce-hack3r-runway.
Register here: https://docs.google.com/forms/d/e/1FAIpQLSdua561gCbWEbGk7_ZuS7cg3w7_IFbtrahibeKsU0iR%20ENiIiw/viewform?usp=sf_link
#ce-hack3r-runway: https://discord.com/channels/708208267699945503/711644666239647824
Return to Index - Add to
- ics Calendar file
SOC - Saturday - 20:00-22:59 PDT
Title: Hacker Flairgrounds
When: Saturday, Aug 7, 20:00 - 22:59 PDT
Where: Paris Chillout 2
Description:
The destination for badge collectors, designers, and hardware hacks to celebrate the flashier side of DEF CON. It is a melding of the 1337 and the un1eet interested in hardware and IoT. We see #badgelife, #badgelove, SAOs and badge hacking as a great potential for securing IoT and keeping the power in the hands of the consumer by spreading knowledge about the craft/ trade. Those involved should be celebrated for sharing their knowledge. Many of them do not like the limelight, so this gives us a chance to personally say thank you.
Return to Index - Add to
- ics Calendar file
CON - Saturday - 20:00-21:59 PDT
Title: Hacker Jeopardy
When: Saturday, Aug 7, 20:00 - 21:59 PDT
Where: Bally's Gold Ballroom (and Virtual)
Description:
Hacker Jeopardy is being held in Bally's Gold Ballroom at 20:00 Saturday.
For more information, see https://forum.defcon.org/node/236486
Twitch: https://www.twitch.tv/DFIUtv
Twitter: https://twitter.com/HackerJeopardy
#ce-hacker-jeopardy-text: https://discord.com/channels/708208267699945503/732439600391389184/
Return to Index - Add to
- ics Calendar file
SOC - Saturday - 18:00-23:59 PDT
Title: Hacker Karaoke (Virtual)
When: Saturday, Aug 7, 18:00 - 23:59 PDT
Where: See Description
Description:
Even though we cannot be there in person to run the event, we will be event on the Discord Defcon Channel in the Hacker Karaoke room. We will be running from 6PM pacific to Midnight Pacific on Friday and Saturday night. Additional information on joining the event will be available online. Follow us at @hackerkaraoke for more information.
Return to Index - Add to
- ics Calendar file
DC - Saturday - 18:00-18:59 PDT
Title: HACKERS INTO THE UN? Engaging in the cyber discussions on war & peace
When: Saturday, Aug 7, 18:00 - 18:59 PDT
Where: Track 1 Live; DCTV/Twitch #1 Live
SpeakerBio:DEF CON Policy Panel
No BIO available
Description:No Description available
This talk will be given live in Track 1, and will be streamed to DCTV1, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_one
Return to Index - Add to
- ics Calendar file
DC - Saturday - 15:00-15:45 PDT
Title: Hacking G Suite: The Power of Dark Apps Script Magic
When: Saturday, Aug 7, 15:00 - 15:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded
SpeakerBio:Matthew Bryant
mandatory (Mathew Bryant) is a passionate hacker currently leading the red team effort at Snapchat. In his personal time he’s published a variety of tools such as XSS Hunter, CursedChrome, and tarnish. His security research has been recognized in publications such as Forbes, The Washington Post, CBS News, Techcrunch, and The Huffington Post. He has previously presented at Blackhat, RSA, Kiwicon, Derbycon, and Grrcon. Previous gigs include Google, Uber, and Bishop Fox.
Twitter: @IAmMandatory
https://thehackerblog.com
Description:
You’ve seen plenty of talks on exploiting, escalating, and exfiltrating the magical world of Google Cloud (GCP), but what about its buttoned-down sibling? This talk delves into the dark art of utilizing Apps Script to exploit G Suite (AKA Google Workspace).
As a studious sorcerer, you’ll discover how to pierce even the most fortified G Suite enterprises. You’ll learn to conjure Apps Script payloads to bypass powerful protective enchantments such as U2F, OAuth app allowlisting, and locked-down enterprise Chromebooks.
Our incantations don’t stop at the perimeter, we will also discover novel spells to escalate our internal privileges and bring more G Suite accounts under our control. Once we’ve obtained the access we seek, we’ll learn various curses to persist ourselves whilst keeping a low profile so as to not risk an unwelcome exorcism.
You don’t need divination to see that this knowledge just might rival alchemy in value.
- REFERENCES
- No real academic references, this is all original research gleaned from real-world testing and reading documentation.
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=6AsVUS79gLw
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Matthew%20Bryant%20-%20Hacking%20G%20Suite%20-%20The%20Power%20of%20Dark%20Apps%20Script%20Magic.mp4
This talk will be given live in Track 1.
This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_one
Return to Index - Add to
- ics Calendar file
DC - Saturday - 17:00-17:45 PDT
Title: Hacking the Apple AirTags
When: Saturday, Aug 7, 17:00 - 17:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
SpeakerBio:Thomas Roth
Thomas Roth, also known as stacksmashing, is a security researcher from Germany with a focus on embedded devices: From hacking payment terminals, crypto wallets, secure processor, the Nintendo Game & Watch, up to Apple’s AirTag he loves to explore embedded & IoT security. On how YouTube channel “stacksmashing” he attempts to make reverse-engineering & hardware hacking more accessible.
Twitter: @ghidraninja
https://youtube.com/stacksmashing
Description:
Apple’s AirTags enable tracking of personal belongings. They are the most recent and cheapest device interacting with the Apple ecosystem. In contrast to other tracking devices, they feature Ultrawide-band precise positioning and leverage almost every other Apple device within the Find My localization network.
Less than 10 days after the AirTag release, we bypassed firmware protections by glitching the nRF52 microcontroller. This opens the AirTags for firmware analysis and modification. In this talk, we will explain the initial nRF52 bypass as well as various hacks built on top of this. In particular, AirTags can now act as phishing device by providing malicious links via the NFC interface, be cloned and appear at a completely different location, used without privacy protections that should alert users as tracking protection, act as low-quality microphone by reutilizing the accelerometer, and send arbitrary data via the Find My network. Besides these malicious use cases, AirTags are now a research platform that even allows access to the new Ultrawide-band chip U1.
- REFERENCES
- LimitedResults nRF52 APPROTECT Bypass:
https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/
Positive Security’s Send My Research for sending arbitrary data via the find my network:
https://positive.security/blog/send-my
Colin O’Flynn’s notes on the AirTag Hardware:
https://github.com/colinoflynn/airtag-re
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=paxErRRsrTU
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Thomas%20Roth%20-%20Hacking%20the%20Apple%20AirTags.mp4
This talk will be given live in Track 2.
This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_two
Return to Index - Add to
- ics Calendar file
WS - Saturday - 10:00-13:59 PDT
Title: Hacking the Metal: An Introduction to Assembly Language Programming
When: Saturday, Aug 7, 10:00 - 13:59 PDT
Where: Workshops - Las Vegas 3+4 (Onsite Only)
SpeakerBio:eigentourist
, Programmer
Eigentourist is a programmer who learned the craft in the early 1980s. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes it's hard to tell which was which. Today, he works on systems integration and engineering in the healthcare industry.
Description:
Deep below the surface of the web, the visible desktop, and your favorite mobile apps, lies a labyrinth where the rules of most programming languages cease to exist. This is the world of the reverse engineer, the malware analyst, and the veteran systems programmer. Here, we write code in assembly language, the lowest level at which a computing machine can be programmed. This workshop will introduce you to the world of assembly language programming, give you the opportunity to write some real-world code, and finally, to play the role of reverse engineer and try your hand at some guided malware analysis.
Registration Link: https://www.eventbrite.com/e/hacking-the-metal-an-introduction-to-assembly-language-programming-lv-34-tickets-162218563089
- Prerequisites
- Some previous programming experience is helpful but not vital.
Materials needed:
Laptop
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 10:00-15:59 PDT
Title: HACMS Live Demo
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Paris Rivoli B)
Description:
As part of DARPA-s High-Assurance Cyber Military Systems program, Collins Aerospace led a team of researchers using formal methods tools to construct aircraft software that was provably secure against many classes of cyber attack. We will have an operational (but non-flying) version of our secure quadcopter present whose mission and telemetry software runs on the formally verified seL4 kernel. We will provide wifi access to an isolated virtual machine running on its mission computer. DEF CON participants will be challenged to break out of the VM environment to read or write the encryption keys used for vehicle telemetry.
Return to Index - Add to
- ics Calendar file
HRV - Saturday - 12:00-17:59 PDT
Title: Ham Radio Exams
When: Saturday, Aug 7, 12:00 - 17:59 PDT
Where: Ham Radio Village (Onsite - Bally's Bronze 1-2)
Description:
Come stop by the Ham Radio Village to get your amateur radio license during our free license exams! More info on the DEF CON fourms
Register here: https://ham.study/sessions/60fa327596cc8a184ebc8f89/1
Return to Index - Add to
- ics Calendar file
HHV - Saturday - 08:30-08:59 PDT
Title: Hardware Hacking 101: Rogue Keyboards and Eavesdropping Cables
When: Saturday, Aug 7, 08:30 - 08:59 PDT
Where: Hardware Hacking Village (Virtual Talk)
SpeakerBio:Federico Lucifredi
Federico Lucifredi is the Product Management Director for Ceph Storage at Red Hat and a co-author of O’Reilly’s ““Peccary Book”” on AWS System Administration. Previously, he was the Ubuntu Server product manager at Canonical, where he oversaw a broad portfolio and the rise of Ubuntu Server to the rank of most popular OS on Amazon AWS. A software engineer-turned-manager at the Novell corporation, he was part of the SUSE Linux team, overseeing the update lifecycle and delivery stack of a $150 million maintenance business. A CIO and a network software architect at advanced technology and embedded Linux startups, Federico was also a lecturer for over 200 students in Boston University’s graduate and undergraduate programs, and simultaneously a consultant for MIT implementing fluid-dynamics simulations in Java.
Twitter: @0xF2
f2.svbtle.com
Description:
This is a live tutorial of hacking with keystroke injection attacks. We take advantage of the inherent trust that computers place on what is believed to be a regular keyboard to unleash pre-programmed keystroke payloads at well over 1000 words a minute. We access the host system and bypass traditional security countermeasures for payloads that can include reverse shells, binary injection, brute force password attacks, and just about any attack that can be fully automated.
We misuse the trust the operating system places on USB human-interaction devices to demonstrate once again the old adage that if you can physically access a computing device, there is no real security to be had. I will review hardware, its capabilities, how to breach OS security, and how attackers can enable it to perform a variety of tasks with its own tools. I will then show how to build and install additional software and customize the device with binary or scripted payloads.
We take the discussion to the next level by removing the need for a device and exploring attacks that can be delivered directly by a plain USB cable. We dissect easily-sourced, low-cost hardware implants embedded in standard, innocent-looking USB cables providing an attacker with further capabilities, including among them the ability to track its own geolocation.
#hhv-talk-qa-hw-hacking-101-text https://discord.com/channels/708208267699945503/709255105479704636
Twitch: https://twitch.tv/dchhv
Hardware Hacking Village talks will be streamed to Twitch.
Twitch: https://www.twitch.tv/dchhv
Return to Index - Add to
- ics Calendar file
VMV - Saturday - 11:30-11:59 PDT
Title: High Turnout, Wide Margins
When: Saturday, Aug 7, 11:30 - 11:59 PDT
Where: Voting Village (Talks - Virtual)
Speakers:Brianna Lennon,Eric Fey
SpeakerBio:Brianna Lennon
Brianna Lennon is the County Clerk and local election official for Boone County, Missouri. She holds a Master's in Public Policy and a law degree, both from the University of Missouri. Prior to her election as Boone County Clerk, Brianna served as an Assistant Attorney General in the Consumer Protection Division of the Missouri Attorney General's Office before joining the Missouri Secretary of State's Office under former Secretary Jason Kander. As the Deputy Director of Elections and first coordinator of the Election Integrity Unit in the Secretary of State's Office, she worked closely with local election authorities across the state to ensure that elections were simple, secure, and accessible for voters.
SpeakerBio:Eric Fey
Eric Fey is the Director of the St. Louis County Board of Elections in St. Louis, Missouri. Along with a bachelor's degree from Webster University in political science, Fey holds a Master’s in public administration from the University of Missouri-St. Louis with a specialty in election management and has served as a foreign election observer in a range of countries, from the now Russian-occupied territory in Ukraine to Belarus to Kazakhstan to Macedonia.
Description:
Local election officials faced unprecedented challenges while administering elections in 2020, from widespread disinformation to COVID-19 safety precautions. Unlike in previous election cycles, though, the global pandemic prevented officials from connecting in person to commiserate, share best practices, and support each other.
In December of 2020, the High Turnout Wide Margins podcast launched to fill the void and give administrators an outlet for discussing the nuts and bolts of elections. Co-hosts Brianna Lennon, an elected county clerk in Boone County, Missouri and Eric Fey, an appointed director of elections in St. Louis County, Missouri, talk to subject-matter experts on topics like cybersecurity, disinformation, and elections integrity. In this presentation, Lennon and Fey share key takeaways from these discussions.
High Turnout Wide Margins is not a commercial podcast.
Voting Village talks will be streamed to YouTube and Twitch.
Twitch: https://www.twitch.tv/votingvillagedc
YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg
Return to Index - Add to
- ics Calendar file
DC - Saturday - 10:00-10:45 PDT
Title: High-Stakes Updates | BIOS RCE OMG WTF BBQ
When: Saturday, Aug 7, 10:00 - 10:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded
Speakers:Jesse Michael,Mickey Shkatov
SpeakerBio:Jesse Michael
Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.
Twitter: @JesseMichael
SpeakerBio:Mickey Shkatov
Mickey has been doing security research for almost a decade, one of specialties is simplifying complex concepts and finding security flaws in unlikely places. He has seen some crazy things and lived to tell about them at security conferences all over the world, his past talks range from web pentesting to black badges and from hacking cars to BIOS firmware.
Twitter: @HackingThings
Description:
With attacks moving below the operating system and computer firmware vulnerability discovery on the rise, the need to keep current platforms updated becomes important and new technology is developed to help defend against such threats. Major computer manufacturers are adding capabilities to make it easier to update BIOS.
Our research has identified multiple vulnerabilities in Dell's BiosConnect feature used for remote update and recovery of the operating system. These vulnerabilities are easy to exploit by an adversary in the right position, and are not prevented by protective technologies such as Secured Core PCs, BitLocker, BootGuard, and BIOS Guard.
Join us and together we will explore the new attack surfaces introduced by these UEFI firmware update mechanisms -- including a full walk-through of multiple vulnerability findings and the methods we used to create fully working exploits that gain remote code execution within the laptop BIOS and their effects on the operating system.
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=qxWfkSonK7M
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Mickey%20Shkatov%20Jesse%20Michael%20-%20High-Stakes%20Updates%20-%20BIOS%20RCE%20OMG%20WTF%20BBQ.mp4
This talk will be given live in Track 1.
This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_one
Return to Index - Add to
- ics Calendar file
BICV - Saturday - 16:30-16:30 PDT
Title: How Bias and Discrimination in Cybersecurity will have us locked up or dead
When: Saturday, Aug 7, 16:30 - 16:30 PDT
Where: Blacks in Cyber
SpeakerBio:Tennisha Martin
Tennisha Martin is the founder and Executive Director of a National Cybersecurity non-profit organization dedicated to providing education and resources to underserved communities and increasing the diversity in cyber. She has worked in a government consulting capacity for over 15 years and in her spare time is a Cyber Instructor, mentor, and red-team leaning ethical hacking advocate for diversity in Cyber and the executive suites.
Twitter: @misstennisha
Description:
This talk focuses on algorithmic analysis and machine learning in the healthcare and criminal justice settings. Algorithms make a lot of important decisions including selecting candidates for a particular residency in medical school, tests that identify skin cancer in patients or determining the sentencing recommendations for people convicted of a crime. The outcome of these decisions includes impacting the number of people (or people of color) in certain specialties, failing to identify skin cancer in people of color and recommending longer sentences for black people and in particular black men. Studies have been shown that bias in algorithms have a wide-ranging impact, especially in the areas of clinical decision support and in criminal justice. Clinical decision support is integrated into electronic health records around the world and are used to establish things like best practices, medication guidelines, and prioritization of patients. The idea behind clinical decision support is that the algorithms are used based on aggregated data to help health care providers provide a standard of care. The reality, however, is that there is a thin line between the algorithms acting as the basis for recommendations and them acting autonomously. The aggregation of data and the formulation of algorithms by a largely homogeneous population results in bias and discrimination against people of color. In criminal justice, the racial impact of predictive policing is that black people serve longer times in jail. In healthcare, the impact of algorithmic bias results in poorer health outcomes, and failure to diagnose and treat patients of color. The result is that bias and discrimination in artificial intelligence will have members of the Black community incarcerated or dead.
Blacks in Cyber talks will be streamed on YouTube.
YouTube: https://www.youtube.com/c/BlacksInCybersecurity
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 12:15-12:45 PDT
Title: How do you ALL THE CLOUDS?
When: Saturday, Aug 7, 12:15 - 12:45 PDT
Where: Blue Team Village - Main Track (Virtual)
SpeakerBio:henry
As a security {engineer | data scientist}, Henry operates as an information/data security architect, previously as a security consultant and developer in the industry. In his current role, he interfaces with internal business partners in providing architectural guidance and aligning the business with best practices and building countless tools and automation for the benefit of IT and security personnel alike. He has learned the hard and fun way that learning itself shouldn’t be considered a chore or a negative, but an opportunity to be able to be more effective and adaptive with the ever-changing needs of the business.
Twitter: @Bazinga73
Description:
If you think I'm shouting something about security strategy for a multi-cloud environment...it's because I AM. Secure your dangling DNS records. Your object storage is showing. I can see your compute workload from here. Get your security groups straight. Have you seen the laundry list of accounts no one has performed nary an IAM credential analysis? Are your analytic processes hamstrung and kludgey from, you know, being cloudy? Don't know to even assess your options? Let's talk about how to evaluate cloud security tools and the considerations you need to make for your enterprise.
By now, every company should not only be aware of the cloud but actively using it to some degree—whether run by your IT department or, unofficially, by your engineering teams and sales organizations itching to invite a script kiddie to pluck your precious intellectual property—I mean, POC and strut their stuff that they can take their security and IT matters into their own hands.
Either way, you need a strategy or a clue. One is good. Both are better. Tying them together is best.
In this talk, I'll cover a number of random things. The generic reasons why many teams want to use cloud accounts. The common gotchas that may improve or disrupt your obviously super awesome demo for your customer, boss, team. Or just to actually do real work and expand your organization's compute demand en masse.
The focus will be addressing the technical gotchas in managing, monitoring, and assessing the security needs against the "business" needs for your organization: engineering, IT, and compliance. Operationally, you'll hit a breaking point. Too many users, too many accounts, too many workloads hammering your cloud interface. I'll focus primarily on AWS but also generically cover the other major Cloud Service Provider flavors, as, in the end, it's all the same: your org may have gotten wind that there are other cloud accounts and they just wanted to play with ALL OF THEM. How do you corral these little beasts? Tools. Technology. Processes.
I'll focus on open source tools like Prowler and ScoutSuite, touch some for closed source, but you'll still need to understand how to operationally point, aim, and fire to make it scale for you. In my experience, there's a certain level of "je ne sais quoi" element to getting to a comfortable level in overseeing the management of all these cloud accounts. I'll probably spend the balance of the time critiquing each tool in the end and present pros/cons and likely scenarios for you/your team/your org's maturity here to help you to drive your choice. Who knows, maybe I'll talk about my own open-source spin on things!
Blue Team Village talks will be streamed to Twitch.
--
Twitch: https://twitch.tv/blueteamvillage
Return to Index - Add to
- ics Calendar file
APV - Saturday - 14:00-14:45 PDT
Title: How I broke into Mexico City's justice system application and database
When: Saturday, Aug 7, 14:00 - 14:45 PDT
Where: AppSec Village (Virtual)
SpeakerBio:Alfonso Ruiz Cruz
No BIO available
Description:
Brief talk about how a chain of simple vulnerabilities gained me admin access to the whole database and application of Mexico City's justice system. Leaving exposed every file from criminal, civil and familiar trials since 2008.
AppSec Village events will be streamed to YouTube.
YouTube: https://www.youtube.com/c/appsecvillage
Return to Index - Add to
- ics Calendar file
LPV - Saturday - 13:00-13:59 PDT
Title: How I defeated the Western Electric 30c
When: Saturday, Aug 7, 13:00 - 13:59 PDT
Where: Lock Pick Village (Virtual)
SpeakerBio:N∅thing
No BIO available
Description:
I will take you through my thoughts, motivation and techniques on how I defeated the infamous Western Electric 30c.
Lock Pick Village will be streaming their activities to Twitch and YouTube.
Twitch: https://www.twitch.tv/toool_us?
YouTube: https://youtube.com/c/TOOOL-US
Return to Index - Add to
- ics Calendar file
HRV - Saturday - 15:00-15:30 PDT
Title: How to Contact the ISS with a $30 Radio
When: Saturday, Aug 7, 15:00 - 15:30 PDT
Where: Ham Radio Village (Virtual Talks)
SpeakerBio:Gregg Horton
Gregg Horton K6XSS is a security professional by day and by night explores the airwaves with ham radio. He got his general license in January 2021 and is very interested in digital modes like JS8CALL. When not playing with antennas, He enjoys gardening and getting beat at pokemon cards by his 5 year old son.
Description:
This presentation will go over the basics of how to listen to the international space station using a handheld ham radio. We will also cover how to utilize the repeater on the ISS, Capturing SSTV images from the ISS, and what equipment you can use to maximize your contacts.
All Ham Radio Village talks will be streamed to Twitch, with discussion in Discord.
For more information, see https://hamvillage.org/dc29.html
Twitch: https://www.twitch.tv/hamradiovillage
#hrv-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991
Return to Index - Add to
- ics Calendar file
BHV - Saturday - 10:00-10:59 PDT
Title: How to Not Miss The Point: Reflections on Race, Health, and Equity
When: Saturday, Aug 7, 10:00 - 10:59 PDT
Where: Biohacking Village (Talk - Virtual)
SpeakerBio:Nia Johnson
, Bioethicist, Lawyer, and Harvard Health Policy Ph.D. student
Nia Johnson is a bioethicist, a lawyer, and a Health Policy Ph.D. student at Harvard University, with a concentration in Political Analysis. She is originally from the Washington, D.C. Metropolitan area. Nia received her Bachelor of Arts in International Studies at Oakwood University, her Masters of Bioethics from the University of Pennsylvania, and her law degree from Boston University School of Law. Her research interests are at the intersection of health policy, race, bioethics, and the law. She is a writer for Crash Course’s forthcoming African-American History series, has lectured at multiple institutions such as Yale University and the International Bioethics Retreat. She ran and founded The Neighborhood Bioethicist - a bioethics blog geared towards millennials and Black Americans - and served as the Editor-in-Chief of the American Journal of Law and Medicine from 2018-2019. Her work has been featured in Hastings Law Journal, JAMA Health Forum, and the Journal of Urban Health. She loves mentoring young women, bouldering, and entertaining in her spare time. Her favorite quote is from Beyoncé’s Diva – “Where’s my ladies up in here that like to talk back?”
Description:No Description available
All Biohacking Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q
Return to Index - Add to
- ics Calendar file
VMV - Saturday - 11:00-11:30 PDT
Title: How to Weaponize RLAs to Discredit an Election
When: Saturday, Aug 7, 11:00 - 11:30 PDT
Where: Voting Village (Talks - Virtual)
SpeakerBio:Carsten Schürmann
Carsten is a professor in computer science at the IT University of Copenhagen and heads the Center for Information Security and Trust. His research focuses on cyber- and information security, with particular emphasis on election security. He consults with EMBs, governmental, and non-governmental organizations on requirements and quality assurance for election technologies. Carsten is an expert in voting machine security and demonstrated at DefCon 2017 vulnerabilities of the WinVote voting machine. He has conducted experiments with risk-limiting audits in Denmark in 2014. Carsten has participated as core team member (IT expert) in the Carter Center Mission to Kenya 2017 and was part of the IFES Cyber Assessment Week in Ukraine 2018.He has also served as New Voting Technology Analyst for the OSCE Limited Election Observation Mission to the United States in 2018 and the Expert Election Mission to Estonia in 2019. Prior to moving to Denmark, Carsten was a member of the computer science faculty at Yale University. He holds a PhD degree from Carnegie-Mellon University.
Description:
Risk-limiting audits (RLAs) are widely considered to be the gold standard of election auditing, and there is an implicit assumption that a successful audit will also create confidence among the voters and hence public trust. If this were true, there would be little reason to fear that RLAs could ever be misused in a disinformation campaign. It turns out, however, that this assumption is not necessarily true: In a recent user study to appear this year's E-Vote-ID, we show that a significant number of survey participants change their opinion whether to trust an election after they learn the size of the sample needed to complete the RLA. In this talk we argue that even a well-intended correctly conducted RLA can be weaponized in a disinformation campaign.
Voting Village talks will be streamed to YouTube and Twitch.
Twitch: https://www.twitch.tv/votingvillagedc
YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg
Return to Index - Add to
- ics Calendar file
RCV - Saturday - 14:00-14:30 PDT
Title: How vigilant researchers can uncover APT attacks for fun and non profit
When: Saturday, Aug 7, 14:00 - 14:30 PDT
Where: Recon Village (Virtual)
SpeakerBio:Ladislav Baco
No BIO available
Twitter: @ladislav_b
Description:No Description available
Recon Village talks will stream to YouTube.
YouTube: https://www.youtube.com/c/ReconVillage
Return to Index - Add to
- ics Calendar file
LPV - Saturday - 11:00-11:30 PDT
Title: Hybrid PhySec tools - best of both worlds or just weird?
When: Saturday, Aug 7, 11:00 - 11:30 PDT
Where: Lock Pick Village (Virtual)
SpeakerBio:d1dymu5
No BIO available
Description:
A few years ago, I invented lock pick collar stays (#GentlemansLockPicks). Since then, I've had some other ideas of practical, small-form factored lockpicking and bypass tools that I can easily carry. I came up with a few ideas. I'll talk about inspiration, designing, manufacturing, and possible collab projects.
Lock Pick Village will be streaming their activities to Twitch and YouTube.
Twitch: https://www.twitch.tv/toool_us?
YouTube: https://youtube.com/c/TOOOL-US
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 09:00-09:15 PDT
Title: I know who has access to my cloud, do you?
When: Saturday, Aug 7, 09:00 - 09:15 PDT
Where: Blue Team Village - Main Track (Virtual)
SpeakerBio:Igal Flegmann
Igal started his career in Microsoft’s Azure Security team creating and managing identity services for Azure’s secure production tenants. During his time at Azure Security, Igal had the opportunity to create and manage PKI services, Identity Management products, tools for migrating running services across Azure tenants, and created products for password-less bootstrap to new domains. After a successful career in Azure Security, Igal transferred teams to work in Azure’s ASCII (Azure Special Capabilities, Infrastructure, and Innovation) team, where he used his identity and security expertise to design and create security services to protect the critical infrastructure devices of the world.
To follow his passion for identity and security, Igal decided to leave Microsoft and Co-found, Keytos a security company with the mission of eliminating passwords by creating easy to use PKI offerings. Earlier this year they launch their first product “EZSSH” which takes aim at stopping SSH Key theft by making it easy to use short lived SSH Certificates.
Twitter: @igal_fs
Description:
In this talk, we will talk about the importance of monitoring your Azure RBAC and we will introduce SubWatcher our newly released open-source tool that we use internally to compliment Azure security tools and scan our subscriptions to make sure our systems are not being accessed by bad actors. Can’t wait to see where the community takes this amazing tool!
When comparing security reviews with red team findings, I always found that security reviews are based on what they think their system looks like and not how it actually is. Is the SSH port really closed? Or did I forget to close it the last time I was debugging something? Wait who added this identity as owner of the resources and when?!
Azure Security Center provides us with some great tools to check some of these errors. For example, from the two examples above it will alert on the SSH port being left open but it would not alert on some new person being added to your production subscription.
The Solution? SubWatcher our internal tool that it was too good to keep in-house and not share it with the world. SubWatches is an open-source tool that monitors your Azure Subscription ACLs and will alert you if they changed based on the baseline you have created.
Blue Team Village talks will be streamed to Twitch.
--
Twitch: https://twitch.tv/blueteamvillage
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 10:00-10:45 PDT
Title: I used AppSec skills to hack IoT, and so can you
When: Saturday, Aug 7, 10:00 - 10:45 PDT
Where: IoT Village (Talk - Virtual)
SpeakerBio:Alexei Kojenov
Alexei began his career as a software developer. A decade later, he realized that breaking code was way more fun than writing code, and decided to switch direction. He is now a full-time application security professional, with several years of assisting various development teams in delivering secure code, as well as security consulting. Outside of his day job, Alexei enjoys doing security research and learning new hacking techniques.
Description:
We tend to think of AppSec and IoT as two separate infosec disciplines. Sure, the domain knowledge, attack vectors, and threat mitigation are not exactly the same in those two worlds. At the same time, as the hardware continues to evolve, we see more and more tiny general purpose computers around us. Many of these tiny computers nowadays run software that is written in a conventional programming language, listen on network ports, process data inputs, and communicate with the outside world. These devices can be attacked just like any other application running on a desktop, on a server, or in the cloud.
In this talk, I am going to tell you a story about my hacking journey that unexpectedly took me from device configuration settings to software reverse engineering, vulnerability discovery, and six new CVEs. Together, we’ll go step by step through reconnaissance, firmware analysis, decompiling, code review, and remote debugging. I’ll also share my experience with the responsible disclosure process. I hope this talk inspires you to apply your general hacking skills to new areas such as IoT, even if you’ve never done that before.
IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.
Twitch: https://www.twitch.tv/iotvillage
Return to Index - Add to
- ics Calendar file
APV - Saturday - 10:00-10:45 PDT
Title: I used AppSec skills to hack IoT, and so can you
When: Saturday, Aug 7, 10:00 - 10:45 PDT
Where: AppSec Village (Virtual)
SpeakerBio:Alexei Kojenov
Alexei began his career as a software developer. A decade later, he realized that breaking code was way more fun than writing code, and decided to switch direction. He is now a full-time application security professional, with several years of assisting various development teams in delivering secure code, as well as security consulting. Outside of his day job, Alexei enjoys doing security research and learning new hacking techniques.
Description:
We tend to think of AppSec and IoT as two separate infosec disciplines. Sure, the domain knowledge, attack vectors, and threat mitigation are not exactly the same in those two worlds. At the same time, as the hardware continues to evolve, we see more and more tiny general purpose computers around us. Many of these tiny computers nowadays run software that is written in a conventional programming language, listen on network ports, process data inputs, and communicate with the outside world. These devices can be attacked just like any other application running on a desktop, on a server, or in the cloud.
AppSec Village events will be streamed to YouTube.
YouTube: https://www.youtube.com/c/appsecvillage
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 12:00-15:59 PDT
Title: In Space, No One Can Hear You Hack
When: Saturday, Aug 7, 12:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Paris Rivoli B)
Description:
In Space, No One Can Hear You Hack: DEF CON participants will learn the basics of space hacking and space vehicle security. This is the perfect point of entry for those interested in space hacking.
Return to Index - Add to
- ics Calendar file
LPV - Saturday - 10:00-10:30 PDT
Title: Intro To Lockpicking
When: Saturday, Aug 7, 10:00 - 10:30 PDT
Where: Lock Pick Village (Virtual)
SpeakerBio:TOOOL
No BIO available
Description:
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
Lock Pick Village will be streaming their activities to Twitch and YouTube.
Twitch: https://www.twitch.tv/toool_us?
YouTube: https://youtube.com/c/TOOOL-US
Return to Index - Add to
- ics Calendar file
LPV - Saturday - 12:00-12:30 PDT
Title: Intro To Lockpicking
When: Saturday, Aug 7, 12:00 - 12:30 PDT
Where: Lock Pick Village (Virtual)
SpeakerBio:TOOOL
No BIO available
Description:
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
Lock Pick Village will be streaming their activities to Twitch and YouTube.
Twitch: https://www.twitch.tv/toool_us?
YouTube: https://youtube.com/c/TOOOL-US
Return to Index - Add to
- ics Calendar file
LPV - Saturday - 14:15-14:45 PDT
Title: Intro To Lockpicking
When: Saturday, Aug 7, 14:15 - 14:45 PDT
Where: Lock Pick Village (Virtual)
SpeakerBio:TOOOL
No BIO available
Description:
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
Lock Pick Village will be streaming their activities to Twitch and YouTube.
Twitch: https://www.twitch.tv/toool_us?
YouTube: https://youtube.com/c/TOOOL-US
Return to Index - Add to
- ics Calendar file
LPV - Saturday - 16:15-16:45 PDT
Title: Intro To Lockpicking
When: Saturday, Aug 7, 16:15 - 16:45 PDT
Where: Lock Pick Village (Virtual)
SpeakerBio:TOOOL
No BIO available
Description:
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
Lock Pick Village will be streaming their activities to Twitch and YouTube.
Twitch: https://www.twitch.tv/toool_us?
YouTube: https://youtube.com/c/TOOOL-US
Return to Index - Add to
- ics Calendar file
AIV - Saturday - 09:30-10:59 PDT
Title: Intro to ML Workshop
When: Saturday, Aug 7, 09:30 - 10:59 PDT
Where: AI Village (Virtual)
SpeakerBio:Gavin Klondike
No BIO available
Description:No Description available
AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.
Speakers will be made available on DEF CON's Discord, in #aiv-general-text.
Twitch: https://www.twitch.tv/aivillage
YouTube: https://www.youtube.com/c/aivillage
#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 16:30-16:59 PDT
Title: IoT devices as government witnesses: Can IoT devices ever be secure if law enforcement has unlimited access to their data?
When: Saturday, Aug 7, 16:30 - 16:59 PDT
Where: IoT Village (Talk - Virtual)
Speakers:Anthony Hendricks,Jordan Sessler
SpeakerBio:Anthony Hendricks
Anthony Hendricks is an attorney who advises clients as the chair of Crowe & Dunlevy’s Cybersecurity & Data Privacy Practice Group. In that role, he frequently analyzes and litigates legal issues related to IoT devices. Prior to beginning his practice, he studied as Howard University's first Marshall Scholar and later graduated from Harvard Law School. He now teaches cybersecurity law as an adjunct professor at Oklahoma City University School of Law.
SpeakerBio:Jordan Sessler
Jordan Sessler is an attorney who advises clients on data security as a member of Crowe & Dunlevy’s Cybersecurity & Data Privacy Practice Group. In that role, he regularly engages with legal issues related to IoT devices and has represented companies in disputes with law enforcement regarding the discoverability of user- and device-generated data. Prior to beginning his practice, he graduated from Harvard Law School and clerked for U.S. District Court Judge D.P. Marshall Jr.
Description:
A man in Connecticut was arrested after his wife’s Fitbit implicated him in her murder. Prosecutors in Arkansas sought to use data from an Amazon Echo as evidence against a murder suspect. Local police sought access to car, TV, and even refrigerator data to monitor Black Lives Matter protestors—and the FBI did the same thing to help track down suspects in the aftermath of the January 6th, 2021 riot at the U.S. Capitol.
These examples are hardly isolated instances—there are thousands of other cases just like them. And they all speak to an important truth: IoT devices are increasingly being used by law enforcement for investigational purposes and, in some cases, even being made into star witnesses at trial. But law enforcement’s use of IoT devices raises two important questions. First, does allowing the government to use IoT data violate consumer expectations of privacy, particularly at a time when IoT products are being made and marketed with an eye toward information security? Second, are criminal suspects being provided with the same near-limitless access to IoT data for purposes of mounting their legal defense?
The answers to both of these questions are troubling, in large part because the law is inherently back-ward looking and is thus not equipped to grapple with the raw amount of information is now generated. Just as many consumers did not realize several years that their watch or car audio system would be used by law enforcement to track their location 24/7, so lawmakers and judges did not either. For example, the Federal Privacy Act of 1974 never contemplated that, rather than maintaining records, the government would simply buy access to private records—as ICE recently did by purchasing access to CLEAR—or create its own iOS app to ensnare criminals, as the FBI recently did. Likewise, although the Supreme Court noted the private nature of cell phone location data in Carpenter v. United States, this was a 5-4 decision (while RBG was still on the bench) that only applied the Fourth Amendment to historical cell phone GPS data, effectively leaving the law unsettled on many other types of IoT data. This has led courts, including a New York federal court in a case involving Apple, to express concerns that, even where warrants are involved, allowing the government to force companies to produce IoT device data could “result in a virtually limitless expansion of the government’s legal authority to surreptitiously intrude on personal privacy.”
These concerns are heightened by the fact that, although the Federal Rules of Criminal Procedure are supposed provide defendants with equal discovery rights, the Stored Communications Act often prevents defendants from accessing the IoT data of others, such as witnesses, accusers, or potential other defendants. In practice, this means that IoT data can effectively be used against criminal suspects but is not available for them to use in arguing their legal defense. This results in an incredible inequality in the criminal justice system. And it may also lead to erroneous outcomes: as with DNA evidence, IoT data may help exonerate criminals just as often as it implicates them. Indeed, in the Arkansas v. Bates murder case, the prosecution dismissed the charges against the defendant shortly after it obtained the Amazon Echo data, which apparently validated the defendant’s alibi. Similarly, allegations of cheating against low-income students at Dartmouth Medical School were dismissed after IoT data brought into question potentially erroneous remote test monitoring that may have been skewed by poor internet.
So what can we do to reform or limit government use of IoT data? This talk aims to talk through ways in which both the infosec and legal communities can increase their mutual understanding and help drive reform. In the short term, the infosec community can increase security by minimizing, encrypting, or de-identifying data. This can reduce the amount of information that IoT devices collect and, thus, are required to turn over to law enforcement. Over the long-term, the best solution may be to pass new laws or drive new judicial precedent that incorporates an understanding as to what IoT data is, how it is changing expectations of privacy, and how it is being used by law enforcement. Such laws could either limit access to IoT data—enshrining a greater degree of privacy—or set forth procedures delineating when authorities may use it and guaranteeing defendants equal access. Of course, there are other potential solutions and we hope this talk will help launch a broader discussion on how to help the law interact with IoT technology.
IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.
Twitch: https://www.twitch.tv/iotvillage
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 10:00-18:30 PDT
Title: IoT Village Capture the Flag (CTF)
When: Saturday, Aug 7, 10:00 - 18:30 PDT
Where: IoT Village (Virtual + Paris Vendome A)
Description:
For more information, see https://www.iotvillage.org/defcon.html
IoT Village virtual events will be streamed to Twitch.
Twitch: https://www.twitch.tv/iotvillage
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 10:00-18:30 PDT
Title: IoT Village Labs
When: Saturday, Aug 7, 10:00 - 18:30 PDT
Where: IoT Village (Virtual + Paris Vendome A)
Description:
For more information, see https://www.iotvillage.org/defcon.html
IoT Village virtual events will be streamed to Twitch.
Twitch: https://www.twitch.tv/iotvillage
Return to Index - Add to
- ics Calendar file
VMV - Saturday - 12:00-12:30 PDT
Title: Keeping Your Information Security Policy Up to Date
When: Saturday, Aug 7, 12:00 - 12:30 PDT
Where: Voting Village (Talks - Virtual)
SpeakerBio:Sang-Oun Lee
Sang-Oun Lee is an IT Security Specialist-Compliance at the City of Chicago. Prior to his current position at the City, Mr. Lee served as a cybersecurity policy expert in both public and private sectors. In the public sector, Mr. Lee served two government agencies in the Republic of Korea, Korea Internet & Security Agency and National Security Research Institute respectively. In the private sector, Mr. Lee was a Chief Information & Financial Officer at EPIKAR Inc., a mobility start-up company based in Seoul, Korea. Mr. Lee holds Master of Public Policy from the University of Chicago, Master of Science in Engineering from Seoul National University, Seoul, Korea, and Bachelor’s degree from Waseda University, Tokyo, Japan.
Description:
Information security policy (ISP) is the highest directive of the cybersecurity posture of an organization. ISPs play a role by providing a subset of administrative, operational, and technical controls to mitigate omnidirectional cyber risks. Local government, which provides a wide range of public services with various functions, is a double-edged sword.
On the one hand, its public impact on every activity is wide enough to influence a far broader audience with multiple interests. On the other hand, this wider audience than private organizations allows salient cyberattacks such as influence operations with social media, conveyance of wrongful policy information, a breach in personal health information (PHI) and privacy, and so forth - protecting a local government is both protection of an organization and its residents.
This presentation suggests a method to revise existing ISP to make contributions for ISP staying up-to-date, align to the latest industry standards and regulations to be compliant, and narrowing down newly identified gaps from the local government perspective.
Voting Village talks will be streamed to YouTube and Twitch.
Twitch: https://www.twitch.tv/votingvillagedc
YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg
Return to Index - Add to
- ics Calendar file
BCV - Saturday - 10:15-11:30 PDT
Title: Key Note – The Three Amigos: Money Laundering, Cryptocurrencies, and Smart Contracts
When: Saturday, Aug 7, 10:15 - 11:30 PDT
Where: Blockchain Village / Paris Vendome B
Speakers:Daniel Garrie,David Cass
SpeakerBio:Daniel Garrie
, Esq. (Law & Forensics)
No BIO available
SpeakerBio:David Cass
, Federal Reserve
No BIO available
Description:No Description available
This content will be presented live and in-person.
Return to Index - Add to
- ics Calendar file
DL - Saturday - 10:00-11:50 PDT
Title: Kubernetes Goat
When: Saturday, Aug 7, 10:00 - 11:50 PDT
Where: DemoLab Video Channel 1
SpeakerBio:Madhu Akula
Madhu Akula is the creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native security researcher with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26 & 27), BlackHat USA (2018 & 19), USENIX LISA (2018 & 19), O'Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018 & 19), All Day DevOps (2016, 17, 18, 19 & 20), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon (2018, 19), SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc, and credited with multiple CVE's, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. Also, technical reviewer of Learn Kubernetes Security book published by Packt. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
Twitter: @madhuakula
Description:
Tool or Project Name: Kubernetes Goat
Short Abstract:
Kubernetes Goat is “vulnerable by design” Kubernetes Cluster environment to practice and learn about Kubernetes Security. It has step by step detailed guide and digital book on how to get started with Kubernetes Goat by exploring different vulnerabilities in Kubernetes Cluster and Containerized environments. Also, it has scenarios taken from the real-world vulnerabilities and maps the Kubernetes Goat scenarios. The complete documentation and instruction to practice Kubernetes Security for performing security assessments, pentesting, and in general Kubernetes Security. As a defender you will see how we can learn these attacks, misconfigurations to understand and improve your cloud native infrastructure security posture.
Short Developer Bio:
Madhu Akula is the creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native security architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEF CON (24, 26, 27, 28), Black Hat USA (2018, 19, 21), USENIX LISA (2018, 19, 21), O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018 & 19), All Day DevOps (2016, 17, 18, 19 & 20), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18, 20), Nullcon (2018, 19, 21), SACON 2019, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc, and credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. Also, technical reviewer of Learn Kubernetes Security book published by Packt. Won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams
URL to any additional information:
https://github.com/madhuakula/kubernetes-goat
https://madhuakula.com/kubernetes-goat
Detailed Explanation of Tool:
Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
Some of the high-level scenarios include, but not limited to below:
Sensitive keys in code bases
DIND (docker-in-docker) exploitation
SSRF in K8S world
Container escape to access host system
Docker CIS Benchmarks analysis
Kubernetes CIS Benchmarks analysis
Attacking private registry
NodePort exposed services
Helm v2 tiller to PwN the cluster
Analysing crypto miner container
Kubernetes Namespaces bypass
Gaining environment information
DoS the memory/cpu resources
Hacker Container preview
Hidden in layers
Supporting Files, Code, etc:
https://github.com/madhuakula/kubernetes-goat
https://madhuakula.com/kubernetes-goat/
Target Audience:
Offense, Defense
The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most of the security teams struggle to understand these modern technologies. So this project helps and brings a completely new area of research to share with the community to learn and practice from years of experience.
This content will be presented on a Discord video channel.
#dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 10:00-15:59 PDT
Title: Lego Spike Hub
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Paris Rivoli B)
Description:
Participants will be given the opportunity to program a Lego Spike Hub to perform a space mission of transporting and sorting valuable minerals. The workshop is intended to be an introductory workshop to give participants an appreciation for the operation of autonomous space vehicles and an understanding of finite state machines and hardware limitations. There will be 4 prebuilt Lego robots, 2 will be for tracing a line while the other 2 will be for color sorting. The scenario presented to the participant is that they are on a foreign planet and need to transport minerals along a predefined path to safely arrive at the sorting facility and as such will program in Scratch code code for the transport shuttle to execute. Participants will also have a chance to program in Scratch the code to execute on the color sorting robot, thus demonstrating the ability to correctly sort the minerals in appropriate colors.
Return to Index - Add to
- ics Calendar file
RCV - Saturday - 12:00-12:45 PDT
Title: Let the bugs come to me - how to build cloud-based recon automation at scale
When: Saturday, Aug 7, 12:00 - 12:45 PDT
Where: Recon Village (Virtual)
SpeakerBio:Ryan Elkins
No BIO available
Twitter: @ryanelkins
Description:No Description available
Recon Village talks will stream to YouTube.
YouTube: https://www.youtube.com/c/ReconVillage
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 13:45-14:15 PDT
Title: Leveraging NGFWs for Threat Hunting
When: Saturday, Aug 7, 13:45 - 14:15 PDT
Where: Blue Team Village - Main Track (Virtual)
SpeakerBio:Drimacus
Drimacus is a veteran in the security focusing around Network Security, Emerging Threats, and Innovation.
Description:
Sharing research and details around running passive NGFWs to complement threat hunting tools. This talk will walk through sharing why, how, and what I learned about these to share with the community and the value that can be gained by leveraging NGFWs for threat hunting.
With the introduction of NGFWs came new operational risk in the form of application ID. After taking a path down to mitigate this risk by implementing passive NGFWs, it also become an opportunity to leverage them for threat hunting.
This talk will review research over the past 5 years of running such passive NGFWs.
The pros/cons of the environment over exiting threat hunting tools, review of architecture, and a deep dive into the various functionality will be discussed.
Talk presented by - Shawn Wallis (Drimacus) - Cyber Security Research Strategiest
Blue Team Village talks will be streamed to Twitch.
--
Twitch: https://twitch.tv/blueteamvillage
Return to Index - Add to
- ics Calendar file
ICSV - Saturday - 14:30-14:59 PDT
Title: Leveraging SBOMs to Enhance ICS Security
When: Saturday, Aug 7, 14:30 - 14:59 PDT
Where: ICS Village (Virtual)
SpeakerBio:Thomas Pace
, NetRise
Thomas is currently the co-founder and CEO of NetRise, a cybersecurity company focusing on securing firmware across a heterogenous device set. Prior to NetRise, Thomas served as the Global Vice President of Enterprise Solutions at Cylance where his responsibilities ranged from conducting incident response investigations, product marketing, public speaking and analyst relations. Thomas was also responsible for ICS security at the DOE for 3 years and served in the United States Marine Corps serving in both Iraq and Afghanistan. Thomas has spoken at Black Hat, RSA, and was interviewed on 60 Minutes for his efforts related to ransomware."
Twitter: @tommypastry
Description:
In this talk Tom Pace will discuss how SBOMs (Software Bill of Materials) can be leveraged to enhance ICS security. The recent executive order and guidance from the NTIA have reignited the SBOM discussion and its importance, especially to critical assets such as ICS devices. Tom will explain what an SBOM is, how they can be generated and consumed as well as the vale of the data once an SBOM has been generated. This will include but not be limited to use cases such as known vulnerabilities, integrity verification, provenance and license compliance. Tom will further explain the value an SBOM can have to various stakeholders, from ICS device manufacturers to end-users of the devices themselves. Tom will highlight how significant time savings can be realized once SBOMs are in place, while at the same time provide commentary on the challenges of generating an SBOM especially for devices deemed "legacy" or out of support.
ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.
YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw
#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485
Return to Index - Add to
- ics Calendar file
AVV - Saturday - 18:15-18:45 PDT
Title: Lightning talk: Autonomous lateral movement
When: Saturday, Aug 7, 18:15 - 18:45 PDT
Where: Adversary Village (Virtual)
SpeakerBio:Stephan Wampouille
, Cyber Security Engineer (Intern), Prelude Research
Stephan is a Cyber Security Engineering intern at Prelude Research, where he uses his mechanical engineering background to construct realistic adversary profiles which are runnable within the Prelude Operator application or on their own. Stephan works on attacks which are designed to bypass detection through creative measures.
https://www.linkedin.com/in/stephan-wampouille
Description:
See autonomous lateral movement in a live environment. In this Linux-based attack, multiple benign behaviors - each designed not to be detected - are chained together to complete a lateral movement action. Using a creative approach to parsing indicators of compromise out of RAT responses and injecting them automatically into commands later down the kill chain, this lateral movement demonstration will be fully hands-off. The techniques and TTPs in this demonstration will be made open-source following the talk.
Adversary Village talks and workshops will be streamed on YouTube and Twitch.
Q&A sessions will happen in DEF CON Official Discord server after each talk.
YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg
Twitch: https://twitch.tv/adversaryvillage
Discord: https://discord.gg/defcon
Return to Index - Add to
- ics Calendar file
PHV - Saturday - 11:00-11:59 PDT
Title: Linux Binary Analysis w/ Strace
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: Packet Hacking Village - Talks (Virtual)
SpeakerBio:Jared Stroud
, LACEWORK
Jared Stroud (Twitter: @DLL_Cool_J) is a Cloud Security Researcher at Lacework where he focuses on emerging Linux and Cloud platform threats. Previously, he worked at The MITRE Corporation where he contributed Unix and Windows tooling for the ATT&CK Fin7/CARBANAK Evaluation and the Open Source adversary emulation utility CALDERA.
Twitter: @DLL_Cool_J
Description:
The strace utility allows for deep insight into what an application is doing on a nix host. While the amount of data produced can be overwhelming, in this video I'll demonstrate how to filter, log and obtain relevant information for a wide variety of use cases around file analysis. From diagnosing a bisheaving application, to revealing a malware's secrets. This video will give a practical introduction in using strace to spy on *nix applications at the syscall level. All resources can be found here: https://www.github.com/lacework-dev/strace_lab_PUBLIC
All Packet Hacking Village talks will stream on YouTube, Twitch, Facebook, and Periscope.
YouTube: https://youtube.com/wallofsheep
Twitch: https://twitch.tv/wallofsheep
Facebook: https://www.facebook.com/wallofsheep/
Periscope: https://www.periscope.tv/wallofsheep
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 12:30-13:20 PDT
Title: Lost In Space: No-one Can Hear Your Breach (Choose Wisely)
When: Saturday, Aug 7, 12:30 - 13:20 PDT
Where: Aerospace Village (Virtual Talk)
SpeakerBio:Elizabeth Wharton
Liz, a cybersecurity-focused business and public policy attorney, has advised researchers, startups, and policymakers at the federal, state, and local level. Currently SCYTHE’s Chief of Staff, she was the World’s (second) Busiest Airport’s technology attorney and hosts the CISO Stressed podcast.
Description:
Navigating the space race is difficult enough with privately sponsored flights, internationally owned stations, and interplanetary destinations. Supply-chain vulnerabilities, ransomware threats, and other cybersecurity challenges are magnified when the galactic rules are still being written. Join an interactive adventure dodging malicious attackers, signal and software glitches, and potential liabilities trekking to Mars, highlighting cybersecurity pitfalls and pending policy issues.
This talk will be streamed on YouTube: https://www.youtube.com/watch?v=TEUgTF5zDHA
Aerospace Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/c/AerospaceVillage
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 14:00-17:59 PDT
Title: MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2
When: Saturday, Aug 7, 14:00 - 17:59 PDT
Where: Blue Team Village - Workshop Track 1 (Virtual)
Speakers:Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
SpeakerBio:Cat Self
, Lead Cyber Adversarial Engineer – The MITRE Corporation
Cat Self is a Lead Cyber Adversarial Engineer working on MITRE ATT&CK® and ATT&CK Evaluations teams at MITRE. Cat previously worked at Target as a red team operator, threat hunter, and developer. Cat is an Army Military Intelligence veteran with a passion for mentorship, hiking in foreign lands, and finding opportunities to give back.
SpeakerBio:plug
Plug started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually lead him to his first LA2600 meeting in 1998. From that point forward, he has been involved in computer security. Plug currently leads the Threat Hunting Program for a Fortune 20 organization. In his free time he enjoys building Legos, playing with synthesizers, and when possible, he volunteers his time to computer security events.
SpeakerBio:Ben Bornholm
Ben (@CptOfEvilMinion) is not new to creating workshops as this is his second time creating a DEFCON workshop, yet he has never actually been to DEFCON in person! Ben crafted his whimsical presenting style from being President of RIT’s security club previously known as RC3.
During the day Ben fights off cyber criminals as a DART engineer at Dropbox.com. At night Ben is the author of his blog HoldMyBeerSecurity.com where he discusses topics in security that interest him such as incident response, threat hunting, Osquery, and DevSecOps.
Twitter: @CptOfEvilMinion
SpeakerBio:Tilottama Sanyal
Tilottama Sanyal (wildphish) has a degree in Information technology from India and has almost 8 years of combined experience across DevOps and Cybersecurity. She holds certifications like the GCIH and currently works as an Incident Response Team member at Verizon Media (Yahoo!). Her areas of expertise include risk assessments, vulnerability analysis, and incident response. Her current interests include threat hunting and this is her first-ever workshop.
Twitter: @wildphish
SpeakerBio:Dan Borges
A core member of the National CCDC red team and a director for the Global CPTC. Recently wrote a book on deception applied to infosec and attack-defense competitions: https://ahhh.github.io/Cybersecurity-Tradecraft/
Description:
The Hunt for Red Apples workshop guides participants through emulation walkthroughs, hunting playbooks, & hunting exercises around an Ocean Lotus intrusion, an established threat actor targeting macOS. The workshop is broken into sections using both the attack lifecycle & Mitre ATT&CK knowledge base.
For each phase in the attack live cycle participants learn about one particular tactic, relevant macOS data sources, how to build a hunting plan, practice hunting, & how the red team emulated the tactic using open source intelligence.
This workshop is a resource on how to threat hunt, emulate, & use open source threat intelligence on a specific threat actor.
The Hunt for Red Apples workshop guides participants through emulation walkthroughs, hunting playbooks, and hunting exercises around an Ocean Lotus intrusion, an established threat actor targeting macOS. The workshop is broken into sections using both the attack lifecycle and Mitre ATT&CK knowledge base. For each phase in the attack live cycle participants learn about one particular tactic, relevant macOS data sources, how to build a hunting plan, practice hunting, and how the red team emulated the tactic using open source intelligence.
The objective of this workshop is to provide a balanced approach that showcases both hunting and adversary actions. This workshop is a resource on how to threat hunt, emulate, and use open source threat intelligence on a specific threat actor.
The Hunt for Red Apples workshop is broken into two four hour sessions over two days. As a bonus, we are releasing a second data set for a different scenario on day two for more advanced hunters with no playbooks or walkthroughs. Participants will get to test their macOS Threat Hunting skills! And it's all FREE!
Return to Index - Add to
- ics Calendar file
SEV - Saturday - 14:30-15:30 PDT
Title: Make Them Want To Tell You: The Science of Elicitation
When: Saturday, Aug 7, 14:30 - 15:30 PDT
Where: Social Engineer Village (Virtual)
SpeakerBio:Christopher Hadnagy
Christopher Hadnagy is the founder and CEO of Social-Engineer, LLC. During Chris’ 18 years in the information security industry, he created the world’s first social engineering framework and newsletter, as well as hosted the first social engineering based podcast.
Chris is also a well-known author, having written five books on social engineering. Chris’ new book, “Human Hacking: Win Friends, Influence People and Leave Them Better Off for Having Met You”, released January 5, 2021.
Learn more about the book: https://humanhackingbook.com/
Chris is an Adjunct Professor of Social Engineering for the University of Arizona’s NSA designated Center of Academic Excellence in Cyber Operations (CAE-CO). He also lectures and teaches about social engineering around the globe. Moreover, he’s been invited to speak at the Pentagon, as well as other high secure facilities. Additionally, as the creator of the world’s first Social Engineering Capture the Flag (SECTF), Chris leads the way in educating people on this serious threat.
Chris works with some of the world’s leaders in scientific research for the purpose of acquiring a deeper understanding of social engineering. Notably, Chris authored a book with Dr. Paul Ekman regarding the use of nonverbal communication by social engineers.
Description:
What is elicitation? Can it be brought to a science and taught? This talk dives deep into the principles of elicitation and how to use them as an SE, also in every day life.
Social Engineer Village will stream content to Twitch.
Twitch: https://www.twitch.tv/socialengineerllc
Return to Index - Add to
- ics Calendar file
HHV - Saturday - 16:00-16:30 PDT
Title: Meetup: Certification Processes (UL, FCC, etc.)
When: Saturday, Aug 7, 16:00 - 16:30 PDT
Where: Hardware Hacking Village (Virtual Meetup)
SpeakerBio:ShortTie
No BIO available
Description:
A place to meet people with the same interests or challenges and discuss. The meetup is a nexus for finding and starting the conversation. Bring your expertise and your questions.
#hhv-meetups-A: https://discord.com/channels/708208267699945503/739567085004521533
#hhv-meetups-A-voice: https://discord.com/channels/708208267699945503/739571117756383333
Return to Index - Add to
- ics Calendar file
HHV - Saturday - 15:00-15:30 PDT
Title: Meetup: OSS ASIC
When: Saturday, Aug 7, 15:00 - 15:30 PDT
Where: Hardware Hacking Village (Virtual Meetup)
SpeakerBio:Josh Marks
No BIO available
Description:
Come geek out about ASICs! No ASIC knowledge? No problem — casual conversation about transistor structures, and basic circuit architectures included.
#hhv-meetups-A: https://discord.com/channels/708208267699945503/739567085004521533
#hhv-meetups-A-voice: https://discord.com/channels/708208267699945503/739571117756383333
Return to Index - Add to
- ics Calendar file
HHV - Saturday - 13:00-13:30 PDT
Title: Meetup: Some HHV challenges
When: Saturday, Aug 7, 13:00 - 13:30 PDT
Where: Hardware Hacking Village (Virtual Meetup)
SpeakerBio:rehr
Rehr is an electrical engineering, and long-time Hardware Hacking Village volunteer. He enjoys teaching and creating challenges that help grow and challenge the hardware hacking community.
Twitter: @mediumrehr
Description:
HHV members have created a few challenges for this year’s DEF CON. Come learn and chat about those challenges, or bring new challenges to share with the community. This time will start with an introduction to this year’s HHV challenges, but the remaining time will be open to community questions and conversations
#hhv-challenge: https://discord.com/channels/708208267699945503/739567199647301702
#hhv-meetups-A-voice: https://discord.com/channels/708208267699945503/739571117756383333
Return to Index - Add to
- ics Calendar file
HHV - Saturday - 14:00-14:30 PDT
Title: Meetup: Sourcing Parts & The Global Parts Shortage
When: Saturday, Aug 7, 14:00 - 14:30 PDT
Where: Hardware Hacking Village (Virtual Meetup)
SpeakerBio:bombnav
No BIO available
Description:
Sourcing parts in the COVID involves new challenges due to supply chain issues. Counterfeiting continues to be an problem with out of production parts. This meetup is designed to share ideas and sources for acquiring parts for electronic hobbyists.
#hhv-meetups-A: https://discord.com/channels/708208267699945503/739567085004521533
#hhv-meetups-A-voice: https://discord.com/channels/708208267699945503/739571117756383333
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 13:45-14:30 PDT
Title: Mind the Gap - Managing Insecurity in Enterprise IoT
When: Saturday, Aug 7, 13:45 - 14:30 PDT
Where: IoT Village (Talk - Virtual)
SpeakerBio:Cheryl Biswas
, Threat Intel Specialist, TD
Cheryl Biswas is a Threat Intelligence Specialist with TD Bank in Toronto, Canada, where she produces and delivers annual cyber threat forecasts, and has experience in security audits and assessments, privacy, disaster recovery and change management. She holds an ITIL certification and a specialized honours degree in Political Science. Cheryl is actively engaged in the security community as a conference speaker and volunteer, mentors those entering the field, and champions women and diversity in cyber security as a founding member of “The Diana Initiative”.
Twitter: @3ncr1pt3d
Description:
IoT is an ever-expanding attack surface about which we have many misconceptions and assumptions but for which we have very few policies, regulations or security. These are devices built for one purpose, not meant to be upgraded and rarely if ever patched. As more devices are enabled to connect and communicate online, in the relentless pursuit of innovation, we’ve put the cart before the horse and failed to construct a framework to effectively control and secure the capability created.
Consider this: over 90% of the data in the world was created over the past two years, and current output is roughly 2.5 quintillion bytes per day. As IoT moves into a range of enterprise environments, driven by consumer demand and BYOD desire, Shadow IT becomes Shadow ET, bringing new challenges and risks that our existing compliance and security don’t address or regulate.
Misconfiguration usurps any benefits of eroding segregation as online exposure of both sensitive data and critical systems increases. Adversaries at all levels have been watching, waiting and are making their moves because ignorance isn’t an excuse – it’s an invitation to exploitation.
Introduction: (2 min)
• A deluge of data
• So many devices and growing
I have a dream: (5 min)
• Perceived benefits of IoT
• Improved efficiency, innovation, collaboration
• We don’t know what we’re doing
• The dangers of upholding a Utopian ideal as reality
• “The cost of breaches will be viewed like the toll taken by car crashes, which have not persuaded very many people not to drive.”
Defining IoT: (10 min)
• Our assumptions: what we think IoT is
• What is and isn't IoT. Adding intelligence to devices that are normally “dumb”, enabling them to communicate without human involvement
• Failure to inventory IoT devices because no centralized control over what IoT devices and applications are in the workplace
• Me and My Shadow IoT
o An open invitation to Shadow IoT through increasing unmonitored, unsanctioned BYOD
• Recent statistics on IoT cyberattacks on organizations
o “82% of organizations that manufacture IoT devices are concerned that the devices they develop are not adequately secured from a cyberattack.” (Irdeto Global Connected Industries Cybersecurity Survey 2019)
• Insecure third parties and Shadow IoT risks - what the party of your third party allows without your knowledge or consent
• Different flavors – ET, IIoT, IoHT, OT
Takeaways:
Attendees will understand what makes IoT/ET different from standard equipment we connect, and why we cannot secure them the same way.
Attendees will be alerted to the ongoing and increasing risk of Shadow IT within their networks so they can take action on it
Understanding IoT Architecture: (5 min)
• Sensors working overtime - Sensors and actuators connecting the digital and physical realms
• Internet gateway
• The Edge
• Managing, securing and storing all the data
• Communication architectures
• What is Enterprise Architecture
• Understanding IoT in the Enterprise
• Enterprise Architecture and IoT: How to build IoT into Enterprise Architecture
How IoT Attacks are Different: (5 min)
• A lack of awareness around the motivation, perpetrators, attacks
• Different threat dynamic: industrial espionage, damage, destruction.
• Geopolitics and the games nationstates play. After Stuxnet - Iran and Shamoon wiper malware.
• Threat actors seek something more than just monetary gain. Triton destructive malware.
• How sanctions drive retaliation. What could we expect in the current climate?
Takeaway: Attendees will understand IoT/ET as a potential threat, who attackers are and how to evaluate what they have in place to improve their security
It Only Takes One: Analysis of Attacks (15 min)
• It only takes ONE exposed, misconfigured system to spread the infection.
• Think ransomware: an increase in targeted ransomware attacks on industry in 2019 using LockerGoga and MegaCortex. Norsk Hydro
• Think NotPetya. Targeted attack that spread from one laptop globally bringing Maersk down.
• How cryptominers are increasingly leveraging exploits on critical vulnerabilities in enterprise realms and spreading via EternalBlue. Targets include Docker containers, and container escapes.
• Compromised conference equipment. Examine the attack on Polycom HDX video conferencing systems. Thousands exposed externally, many more deployed internally. Polycom systems are linked to each other across different corporate offices globally.
Takeaway: Attendees will be able to understand how an attack could be leveraged against IoT/ET in their enterprise environments
Making it Better: (5 min)
• IoT policy and compliance
• Strong authentication: what do we do better when we know that passwords and certs have failed us
• Automating the identification of IoT – no more hide and seek
• Network segmentation - it only works if we do it
• Automatically securing IoT devices before something happens, not after
• The need for Unified Endpoint Management over Enterprise Mobility Management.
Takeaways: Attendees will have recommendations to bring back they they can action within their environments for increased security posture
IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.
Twitch: https://www.twitch.tv/iotvillage
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 12:45-13:30 PDT
Title: MIPS-X - The next IoT Frontier
When: Saturday, Aug 7, 12:45 - 13:30 PDT
Where: IoT Village (Talk - Virtual)
Speakers:Patrick Ross,Zoltán Balázs
SpeakerBio:Patrick Ross
Patrick (0xn00b), a DEF CON 26 Black Badge holder, is the co-founder of Village Idiot Labs which helps run IoT Village across the globe. Patrick has created a fully immersible/virtual web-based lab environment that people can learn how to hack IoT without the need for their own tools, equipment or even prior knowledge.
SpeakerBio:Zoltán Balázs
Zoltan (@zh4ck) is the Head of Vulnerability Research Lab at CUJO AI, a company focusing on smart home security. Before joining CUJO AI he worked as a CTO for an AV Tester company, as an IT Security expert in the financial industry, and as a senior IT security consultant. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes.
He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras.
Twitter: @zh4ck
Description:
IoT vulnerability research usually involves both static and dynamic analysis of the target device. To aid in this task, researchers typically perform some sort of emulation to enumerate the filesystem as well as run the respective binaries. Luckily, there are tools like QEMU and/or Buildroot to guide our path on the way, but this does not mean the way is smooth.
Our main goal was to create a framework and documentation suitable for MIPS (LE/BE) device research, which can be used in a Dockerized environment to set up as many emulated IoT devices as desired. The goal was to create the least amount of pain and effort to set up the emulation infrastructure. This means, you will have a target MIPS architecture virtual machine running natively with all the binaries, full network stack, debugging tools, and other useful tools. Let the pwning begin!
IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.
Twitch: https://www.twitch.tv/iotvillage
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 14:30-15:30 PDT
Title: Modern Authentication for the Security Admin
When: Saturday, Aug 7, 14:30 - 15:30 PDT
Where: Blue Team Village - Main Track (Virtual)
Speakers:Bailey Bercik,Mark Morowczynski
SpeakerBio:Bailey Bercik
Bailey Bercik (@baileybercik on Twitter) is a Program Manager in the customer facing arm of the Identity Engineering division at Microsoft. As part of the “Get-To-Production” team, she acts as a trusted advisor to Fortune 500 enterprises deploying Azure Active Directory. She's previously spoken about Azure AD customer stories and security recommendations at Microsoft Ready & Ignite, Blue Team Con, The Diana Initiative, and BSides Portland. Prior to this role, Bailey worked on Microsoft's incubation team for Decentralized Identity and volunteered as a computer science teacher at Warden High School.
Twitter: @BaileyBercik
SpeakerBio:Mark Morowczynski
Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. He's spoken at various industry events such as Black Hat 2019, Defcon Blue Team Village, GrayHat, several BSides, Microsoft Ignite, Microsoft Inspire, Microsoft MVP Summits, The Experts Conference (TEC), The Cloud Identity Summit, SANs Security Summits and TechMentor. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.
Twitter: @markmorow
Description:
Modern authentication protocols such as SAML, OAuth and OpenID Connect. Claims, bearer tokens and JWT tokens are traversing various authentication flow paths in your environment today. In this session we will break down these authentication concepts and common flows for the non-identity admin. We will also discuss some common attacks and defenses the security team should be monitoring for and implementing in their environment.
Many organization's applications are moving to modern authentication protocols such as SAML, OAuth and OpenID Connect. Claims, bearer tokens and JWT tokens are traversing various authentication flow paths in your environment today. Security teams need to be just as familiar with how these work, the risks and the benefits they provide, as they are with Kerberos tickets and NTLM hashes (please stop btw). In this session we will break down these authentication concepts and common flows for the non-identity admin. We will also discuss some common attacks and defenses the security team should be monitoring for and implementing in their environment.
Blue Team Village talks will be streamed to Twitch.
--
Twitch: https://twitch.tv/blueteamvillage
Return to Index - Add to
- ics Calendar file
CCV - Saturday - 17:00-17:15 PDT
Title: Monero After Party
When: Saturday, Aug 7, 17:00 - 17:15 PDT
Where: Cryptocurrency Village (Onsite - Paris Champagne Ballroom 1)
SpeakerBio:Monero Sound
No BIO available
Description:
Quick reminder for the Monero Party that will begin later that evening. Previous Monero parties have been so excellent that they made the news. Tickets available at monerosound.com
The Cryptocurrency Village is built around conversations and events, not formal talks. Stop by any time to speak with knowledgeable individuals! This village focuses on the security and privacy side of cryptocurrencies, not the investment side.
The Cryptocurrency Village is conveniently located in Paris Champagne Ballroom 1.
Return to Index - Add to
- ics Calendar file
CCV - Saturday - 13:00-13:15 PDT
Title: Monero Scaling Opportunities and Challenges
When: Saturday, Aug 7, 13:00 - 13:15 PDT
Where: Cryptocurrency Village (Onsite - Paris Champagne Ballroom 1)
SpeakerBio:Francisco Cabañas
No BIO available
Description:
This is a short 15 minute talk followed by an open Q&A session. We will cover the impact of technology, business models and protocols on payment ledgers starting with the advent of general purpose payment, credit and debit cards since the 1940’s followed by the advent of de centralized blockchain based ledgers such as Bitcoin (2009) and Monero (2014). The critical distinction between technological limitations and protocol / business model limitations and the impact of technological limitations at a given point in time on the development of protocols and business models. We will consider how various protocols and business models can compete with each other and in particular what the Monero scaling protocol has to tell us about the limitations of scaling in Bitcoin and similar cryptocurrencies.
The Cryptocurrency Village is built around conversations and events, not formal talks. Stop by any time to speak with knowledgeable individuals! This village focuses on the security and privacy side of cryptocurrencies, not the investment side.
The Cryptocurrency Village is conveniently located in Paris Champagne Ballroom 1.
Return to Index - Add to
- ics Calendar file
MUS - Saturday - 22:00-22:59 PDT
Title: Music - Icetre Normal
When: Saturday, Aug 7, 22:00 - 22:59 PDT
Where: Bally's Pool
SpeakerBio:Icetre Normal
Sometime in 1975, a fissure in the time-space continuum, allowed for only briefest of moments the possibility of time travel. A young iconoclast first born in 2275 took advantage of this brief opportunity.
He traveled with only his knowledge of the art of party creation, ability to bend space and time, and supreme skill of serving the masses with only the smallest pool of available alcohol.
First appearing at Defcon X, since then Icetre can always be found somehow making the impossible possible, and bringing the funk while doing so.
https://photos.app.goo.gl/tUi8xmRuKpLCuVC16
https://www.facebook.com/icetre.normal
https://www.twitter.com/aniabeenz
https://www.youtube.com/channel/UCVY8zEm23QFbO-7LfWLR6xg
Description:No Description available
Return to Index - Add to
- ics Calendar file
MUS - Saturday - 22:00-22:59 PDT
Title: Music - Krisz Klink
When: Saturday, Aug 7, 22:00 - 22:59 PDT
Where: Bally's Silver Ballroom
SpeakerBio:Krisz Klink
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
MUS - Saturday - 01:00-01:59 PDT
Title: Music - Magik Plan
When: Saturday, Aug 7, 01:00 - 01:59 PDT
Where: Bally's Silver Ballroom
SpeakerBio:Magik Plan
Magik Plan was founded in 2008 by Garrett Jones.
Originally getting his start in electronic music by setting up projections for underground parties, he carved his way through the early days of the dance music scene while making a name for himself as Magik Plan.
His obsession with guitars and live instrumentals lead him into diving into the world of sound design. After graduating college in 2009, Garrett began releasing music on online platforms such as SoundCloud.
Fast forward 10 years later, Magik Plan has become a growing name in PsyTrance, Progressive House, Drum n Bass, Chillout and more flavors of electronica.
https://drive.google.com/file/d/1Mj2TAyZdj5tZljcK3oTzg-5lSNpZh5pg/view?usp=sharing
https://soundcloud.com/magikplan
https://instagram.com/magikplan
https://facebook.com/magikplan
https://spoti.fi/3jBy8ko
Description:No Description available
Return to Index - Add to
- ics Calendar file
MUS - Saturday - 21:00-21:59 PDT
Title: Music - mattrix
When: Saturday, Aug 7, 21:00 - 21:59 PDT
Where: Bally's Pool
SpeakerBio:mattrix
https://1drv.ms/v/s!AKEhFmBpC9cHimI
https://twitter.com/mattrix_
Insta @mattrixla
Twitter: @mattrix_
Description:No Description available
Return to Index - Add to
- ics Calendar file
MUS - Saturday - 23:00-23:59 PDT
Title: Music - Miss Jackalope
When: Saturday, Aug 7, 23:00 - 23:59 PDT
Where: Bally's Silver Ballroom
SpeakerBio:Miss Jackalope
Miss Jackalope is DEF CON's resident community DJ who has a Threat Intel $day job, makes a ton of awesome Jackalope Army swag (see the DC Vendor area), hosts a goofy DJ steam on Twitch, herds Ingress cats, and says silly things on Twitter. She plays drum and bass and techno and is known for playing so hard the ceiling caves in. Long live the Jackalope Army!
http://www.dj-jackalope.com/appearence.html
https://Twitch.tv/missjackalope
https://twitter.com/djjackalope
https://instgram.com/djjackalope
https://missjackalope.com
https://mixcloud.com/djjackalope
https://missjackalope.square.site
Twitter: @djjackalope
Description:No Description available
Return to Index - Add to
- ics Calendar file
MUS - Saturday - 23:00-23:59 PDT
Title: Music - Nina Lowe
When: Saturday, Aug 7, 23:00 - 23:59 PDT
Where: Bally's Pool
SpeakerBio:Nina Lowe
Nina fights crime as a cyber threat analyst, defending global, diverse environments. She's most passionate about food, science fiction, music, and kicking all the @ss.
Genres: DnB, Tech House, Techno, Psytrance
https://imgur.com/a/bSyxPzE
https://twitter.com/PacketTorta
https://soundcloud.com/ninalowe
https://www.twitch.tv/packettorta
Twitter: @PacketTorta
Description:No Description available
Return to Index - Add to
- ics Calendar file
MUS - Saturday - 21:00-21:59 PDT
Title: Music - Ohm-i
When: Saturday, Aug 7, 21:00 - 21:59 PDT
Where: Bally's Silver Ballroom
SpeakerBio:Ohm-i
Ohm-I is known for his music that primarily focuses on storytelling and comedy from a nerdy perspective. He is a Navy veteran and currently a red teamer with a strong penchant for causing you to involuntarily dance and sing along. He has performed at several major anime/gaming conventions and heavily supports spreading awareness of information security careers to kids in underrepresented communities. Ohm-I has performed at DEF CON NYE, Sony Online Entertainment Live, Otakon, SXSW, various PAX venues, and various other cons and venues all over the country as part of the Nerdy People of Color Collective.
https://mcohmi.com/photos
https://twitter.com/mcohmi
https://www.instagram.com/mcohmi/
https://twitter.com/NPCCollective
https://www.twitch.tv/mcohmi
Twitter: @mcohmi
Description:No Description available
Return to Index - Add to
- ics Calendar file
MUS - Saturday - 00:00-00:59 PDT
Title: Music - Scotch & Bubbles
When: Saturday, Aug 7, 00:00 - 00:59 PDT
Where: Bally's Silver Ballroom
SpeakerBio:Scotch & Bubbles
Scotch and Bubbles have a long history of brining the untz, unce, and wub to nursing homes, children's hospitals, and employee sexual harassment training (giggity). When not running her NFT side hustle with Ken in her dreamhouse, the Barbie has kept playing on during COVID at “it’s not you it’s the virus” break-ups, awkward coworker Zoom game nights, background music for Floyd Mayweather’s Cameo videos, and private pool cocktail deliveries for the at-home cabana experience. Previous tik-tock and YouTube vloggers have said about Zack " it’s better than still being stuck at home", "definitely some value as a free show", and "he’s better off backstage".
Fan [girls|boys] can find Erin on-the-line as @secbarbie on Twitter and Erin's Secret Society of Stalkers at secbarbie.com. Interested peeps, stalkers, and midget strippers can join Zack's A++ #1 Fan club @ zfasel.com on Twitter or unliking/unsubscribing/refusing to comment as zfasel here.
http://scotchandbubbles.club/wp-content/uploads/2021/05/profile_zack-barbie.png
https://www.twitch.tv/secbarbie
https://soundcloud.com/secbarbie
https://twitter.com/secbarbie
https://twitter.com/zfasel
Description:No Description available
Return to Index - Add to
- ics Calendar file
CHV - Saturday - 11:00-11:59 PDT
Title: My other car is your car: compromising the Tesla Model X keyless entry system
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: Car Hacking Village - Talks (Virtual)
SpeakerBio:Lennert Wouters
No BIO available
Description:
This talk covers a practical security evaluation of the Tesla Model X keyless entry system. We will cover the internal workings of the system, including the key fob, the body control module and the pairing protocol. Additionally, we detail our reverse engineering techniques and document several security issues. The identified issues in the key fob firmware update mechanism and the key fob pairing protocol allow us to bypass all of the cryptographic security measures put in place. Our proof-of-concept attack allows to unlock and start a Model X in a matter of minutes. The vulnerability in the key fob firmware update mechanism was fixed by Tesla using an OTA update.
This talk will stream on YouTube.
YouTube: https://www.youtube.com/watch?v=36AvYW48JtQ
Return to Index - Add to
- ics Calendar file
CAHV - Saturday - 12:00-12:59 PDT
Title: National Service Panel
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Career Hacking Village (Talk)
Speakers:Amelie Koran,Elizabeth Schweinsberg,Joe Billingsley,Teri Williams
SpeakerBio:Amelie Koran
, Senior Technology Advocate, Splunk
No BIO available
SpeakerBio:Elizabeth Schweinsberg
No BIO available
SpeakerBio:Joe Billingsley
No BIO available
SpeakerBio:Teri Williams
No BIO available
Description:
What background do you need to work with different federal agencies? Which ones have authorities for enforcing regulations, protecting different areas, or engaging adversaries? How do you get hired into the organization? Whether someone is just entering the workforce or wants to consider the options as part of career planning, our panel helps provide the insights and answer the questions you have. We draw from the US Digital Service, DHS CISA, NASA, Marine Corps Cyber Auxiliary, NSA, and other federal agencies. Join us on the Defcon Forums and let us know what questions you have for our panel.
This talk will be available on YouTube: https://www.youtube.com/watch?v=PqLEFsaFWes
Career Hacking Village content will be available on YouTube.
YouTube: https://youtube.com/careerhackingvillage
Return to Index - Add to
- ics Calendar file
WS - Saturday - 15:00-18:59 PDT
Title: Network Analysis with Wireshark
When: Saturday, Aug 7, 15:00 - 18:59 PDT
Where: Workshops - Jubilee 2 (Onsite Only)
Speakers:Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
SpeakerBio:Sam Bowne
, Proprietor, Bowne Consulting
Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, HOPE, BSidesSF, BSidesLV, RSA, and many conferences and colleges.
SpeakerBio:Elizabeth Biddlecome
, Consultant and Part-Time Instructor
Elizabeth Biddlecome is a consultant and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.
SpeakerBio:Irvin Lemus
, Cybersecurity Professor
Irvin Lemus has been in the industry for 10+ years as an MSP technician, consultant, instructor and coordinator. He is currently the cybersecurity professor at Cabrillo College in Santa Cruz, CA. He also is the Bay Area Cyber Competitions Regional Coordinator as well as the contest creator for SkillsUSA CA and FL. Irvin has spoken at various cybersecurity and educational conferences. Irvin holds a CISSP and a Bachelor's Degree in Information Security.
Irvin Lemus is an instructor at Cabrillo College, teaching cyber security courses for 3 years. Irvin runs the cybersecurity competition program for the Bay Area Community Colleges. He also creates the SkillsUSA Cybersecurity contests for California and Florida. He has Security+, CySA+, WCNA, CISSP.
SpeakerBio:Kaitlyn Handelman
, Hacker
I like to hack stuff, and I’m like really good at computers.
Description:
Summarize what your training will cover, attendees will read this to get an idea of what they should know before training, and what they will learn after. Use this to section to broadly describe how technical your class is, what tools will be used, and what materials to read in advance to get the most out of your training. This abstract is the primary way people will be drawn to your session.
This workshop will introduce participants to Network Analysis by understanding Wireshark. Participants will learn to understand packet activity, abnormalities and anomalies to detect attacks, troubleshoot network problems, and perform network forensics. This workshop is structured as a CTF.
Registration Link: https://www.eventbrite.com/e/network-analysis-with-wireshark-tickets-162219979325
- Prerequisites
- Basic networking knowledge
Materials needed:
Any laptop with Wireshark installed.
Return to Index - Add to
- ics Calendar file
AIV - Saturday - 12:00-12:30 PDT
Title: Never a dill moment: Exploiting machine learning pickle files
When: Saturday, Aug 7, 12:00 - 12:30 PDT
Where: AI Village (Virtual)
SpeakerBio:Suha Sabi Hussain
No BIO available
Description:No Description available
AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.
Speakers will be made available on DEF CON's Discord, in #aiv-general-text.
Twitch: https://www.twitch.tv/aivillage
YouTube: https://www.youtube.com/c/aivillage
#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536
Return to Index - Add to
- ics Calendar file
VMV - Saturday - 13:00-13:30 PDT
Title: New Hampshire SB43 Forensic Audit
When: Saturday, Aug 7, 13:00 - 13:30 PDT
Where: Voting Village (Talks - Virtual)
SpeakerBio:Harri Hursti
Co-Founder, DEF CON Voting Village; Founding Partner, Nordic Innovation Labs
Harri Hursti is considered one of the world’s foremost experts on the topic of electronic voting security, having served in all aspects of the industry sector. He is considered an authority on uncovering critical problems in electronic voting systems worldwide.
As a consultant, he has conducted and co-authored many studies, both academic and commercial, on various election systems’ data security and vulnerability. These studies have come at the request of officials, legislators and policy makers in 5 countries; including the U.S. government, at both the state and federal level.
Description:
Election security expert Harri Hursti will explain the process and findings from the 2020 post-election audit conducted in Windham, NH.
Voting Village talks will be streamed to YouTube and Twitch.
Twitch: https://www.twitch.tv/votingvillagedc
YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg
Return to Index - Add to
- ics Calendar file
DC - Saturday - 16:00-16:45 PDT
Title: New Phishing Attacks Exploiting OAuth Authentication Flows
When: Saturday, Aug 7, 16:00 - 16:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded
SpeakerBio:Jenko Hwong
Jenko Hwong is on the Netskope Threat Research team, focusing on cloud threats/vectors. He's spent time in engineering and product roles at various security startups in vulnerability scanning, AV/AS, pen-testing/exploits, L3/4 appliances, threat intel, and windows security.
Twitter: @jenkohwong
Description:
OAuth 2.0 device authentication gives users on limited-input devices like TVs an easier way to authenticate against a cloud website/app by entering a code on a computer/phone. This authentication flow leads to new phishing attacks that:
- do not need server infrastructure--the login page is served by the authorization provider using their domain and cert
- do not require a client application--application identities can be reused/spoofed
- do not require user consent of application permissions
Since the phish attacks hijack oauth session tokens, MFA will be ineffective as the attacker does not need to reauthenticate. The ability to defend against these attacks is hindered by limited info and functionality to detect, mitigate, and prevent session token compromise.
I'll demonstrate these new phishing attacks, access to sensitive user data, and lateral movement.
Defensive measures against these phishing attacks will be discussed, specifically the challenges in detection, mitigation, and prevention, and the overall lack of support for managing temporary credentials.
Open-source tools have been developed and will be used to demonstrate how users can:
- self-phish their organizations using these techniques
- audit security settings that help prevent/mitigate the attacks
- REFERENCES
- 1.0 Evolving Phishing Attacks
1.1 A Big Catch: Cloud Phishing from Google App Engine and Azure App Service:
https://www.netskope.com/blog/a-big-catch-cloud-phishing-from-google-app-engine-and-azure-app-service
1.2 Microsoft Seizes Malicious Domains Used in Mass Office 365 Attacks:
https://threatpost.com/microsoft-seizes-domains-office-365-phishing-scam/157261/
1.3 Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps:
https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/
1.4 Office 365 Phishing Attack Leverages Real-Time Active Directory Validation:
https://threatpost.com/office-365-phishing-attack-leverages-real-time-active-directory-validation/159188/
1.5 Demonstration - Illicit Consent Grant Attack in Azure AD:
https://www.nixu.com/blog/demonstration-illicit-consent-grant-attack-azure-ad-office-365
https://securecloud.blog/2018/10/02/demonstration-illicit-consent-grant-attack-in-azure-ad-office-365/
1.6 Detection and Mitigation of Illicit Consent Grant Attacks in Azure AD:
https://www.cloud-architekt.net/detection-and-mitigation-consent-grant-attacks-azuread/
1.7 HelSec Azure AD write-up: Phishing on Steroids with Azure AD Consent Extractor:
https://securecloud.blog/2019/12/17/helsec-azure-ad-write-up-phishing-on-steroids-with-azure-ad-consent-extractor/ 1.8 Pawn Storm Abuses OAuth In Social Engineering Attack:
https://www.trendmicro.com/en_us/research/17/d/pawn-storm-abuses-open-authentication-advanced-social-engineering-attacks.html
2.0 OAuth Device Code Flow
2.1 OAuth 2.0 RFC:
https://tools.ietf.org/html/rfc6749#page-24
2.2 OAuth 2.0 for TV and Limited-Input Device Applications:
https://developers.google.com/identity/protocols/oauth2/limited-input-device
2.3 OAuth 2.0 Scopes for Google APIs:
https://developers.google.com/identity/protocols/oauth2/scopes
2.2 Introducing a new phishing technique for compomising Office 365 accounts:
https://o365blog.com/post/phishing/#oauth-consent
2.3. Office Device Code Phishing:
https://gist.github.com/Mr-Un1k0d3r/afef5a80cb72dfeaa78d14465fb0d333
3.0 Additional OAuth Research Areas
3.1 Poor OAuth implementation leaves millions at risk of stolen data:
https://searchsecurity.techtarget.com/news/450402565/Poor-OAuth-implementation-leaves-millions-at-risk-of-stolen-data
3.2 How did a full access OAuth token get issued to the Pokémon GO app?:
https://searchsecurity.techtarget.com/answer/How-did-a-full-access-OAuth-token-get-issued-to-the-Pokemon-GO-app
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=9slRYvpKHp4
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Jenko%20Hwong%20-%20New%20Phishing%20Attacks%20Exploiting%20OAuth%20Authentication%20Flows.mp4
This talk will be given live in Track 1.
This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_one
Return to Index - Add to
- ics Calendar file
CHV - Saturday - 12:00-12:59 PDT
Title: Not so Passive: Vehicle Identification and Tracking via Passive Keyless Entry
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Car Hacking Village - Talks (Virtual)
SpeakerBio:Nick Ashworth
No BIO available
Twitter: @zeetw11
Description:
Attacks on the passive keyless entry system have been around for a while, with most focused on gaining physical access to the vehicle. We have developed a new attack, Marco, that instead focuses on identifying and tracking vehicles by exploiting weaknesses in passive keyless entry systems. This attack works similar to a cooperative radar system, where the attacker transmits an interrogation message, and any nearby key fob will automatically respond. The attacker can then use these responses to identify and track key fobs either generically, such as all fobs of the same make and model of vehicle, or specifically, such as a key fob with a specific identifier.
This talk will stream on YouTube.
YouTube: https://www.youtube.com/watch?v=aiSA4QdF4m8
Return to Index - Add to
- ics Calendar file
DC - Saturday - 18:00-18:45 PDT
Title: Offensive Golang Bonanza: Writing Golang Malware
When: Saturday, Aug 7, 18:00 - 18:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
SpeakerBio:Benjamin Kurtz
, Hacker
Ben Kurtz is a hacker, a hardware enthusiast, and the host of the Hack the Planet podcast (https://symbolcrash.com/podcast). After his first talk, at DefCon 13, he ditched development and started a long career in security. He has been a pentester for IOActive, head of security for an MMO company, and on the internal pentest team for the Xbox One at Microsoft. Along the way, he volunteered on anti-censorship projects, which resulted in his conversion to Golang and the development of the ratnet project (https://github.com/awgh/ratnet). A few years ago, he co-founded the Binject group to develop core offensive components for Golang-based malware, and Symbol Crash, which focuses on sharing hacker knowledge through trainings for red teams, a free monthly Hardware Hacking workshop in Seattle, and podcasts. He is currently developing a ratnet-based handheld device for mobile encrypted mesh messenging, planned for release next year.
Twitter: @symbolcrash1
symbolcrash.com
Description:
The past two years have seen the rise of Golang-based malware from its beginnings as a way to win at CCDC and red team engagements to its current use by actual threat actors. This talk will break down why Golang is so useful for malware with a detailed tour through the available components used for exploitation, EDR and NIDS evasion, and post-exploitation, by one of the main authors of the core components. Although focused on the offensive perspective, there will be valuable insights into the challenges in detecting Golang malware. Interested in learning Golang? Interested in writing or detecting malware? This is your invitation into the weird and wonderful world of Golang malware.
- REFERENCES
List of Golang Security Tools:
https://github.com/Binject/awesome-go-security
C-Sto:
https://github.com/c-sto/goWMIExec
https://github.com/C-Sto/BananaPhone
https://github.com/C-Sto/gosecretsdump
- capnspacehook
- https://github.com/capnspacehook/pandorasbox
https://github.com/capnspacehook/taskmaster
Vyrus / gscript crew:
https://github.com/gen0cide/gscript
https://github.com/vyrus001/go-mimikatz
https://github.com/vyrus001/msflib
secretsquirrel / Josh Pitts:
https://github.com/secretsquirrel/the-backdoor-factory
https://github.com/Genetic-Malware/Ebowla
https://github.com/secretsquirrel/SigThief
https://github.com/golang/go/issues/16292
malwareunicorn on OSX loading:
https://malwareunicorn.org/workshops/macos_dylib_injection.html
- Misc
- https://github.com/sassoftware/relic
https://github.com/EgeBalci/sgn
https://github.com/moonD4rk/HackBrowserData
https://github.com/emperorcow/go-netscan
https://github.com/CUCyber/ja3transport
https://github.com/swarley7/padoracle
Command and Control:
https://github.com/BishopFox/sliver
https://github.com/DeimosC2/DeimosC2
https://github.com/t94j0/satellite
Obfuscation/RE:
https://github.com/unixpickle/gobfuscate
https://github.com/mvdan/garble
https://github.com/goretk/redress
Of interest for defense, but breaks Docker & Terraform:
https://github.com/unsecureio/gokiller
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=3RQb05ITSyk
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Ben%20Kurtz%20-%20Offensive%20Golang%20Bonanza%20-%20Writing%20Golang%20Malware.mp4
This talk will be given live in Track 2.
This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_two
Return to Index - Add to
- ics Calendar file
CLV - Saturday - 14:35-16:59 PDT
Title: Onions In the Cloud Make the CISO Proud (Workshop)
When: Saturday, Aug 7, 14:35 - 16:59 PDT
Where: Cloud Village (Virtual)
SpeakerBio:Wes Lambert
Wes Lambert is the Director of Support and Professional Services at Security Onion Solutions, where he helps customers to implement enterprise security monitoring solutions and understand their computer networks. A huge fan of OSS projects, Wes loves to solve problems and enhance security using completely free and easily deployable tools.
Twitter: @therealwlambert
Description:
It's been said that 94% of enterprises already use a cloud service, and that 30% of all IT budgets are allocated to cloud computing. What does this mean for network defenders? It means that many organizations are invested in the cloud, and unfortunately, many organizations still have little visibility into inter-instance, instance-to-internet, and control plane activity, as well as management functions and bucket access within the cloud. While some of this activity may be logged, it may not be analyzed or aggregated for quick review. In this workshop, we'll cover how Security Onion, a completely free and open platform for intrusion detection, enterprise security monitoring, and log management can be leveraged to increase visibility in the cloud. By using Security Onion, defenders can facilitate effective threat detection and ease compliance efforts. Attendees should walk away with an understanding of how they can utilize Security Onion to find evil in their cloud environments and make their adversaries cry. Outline:
- Introduction to the Cloud
- Asset/Threats
- Monitoring Challenges
- Introduction to Security Onion
- Components and Data Collected
- Security Onion in the Cloud
- Traffic Mirroring
- Cloud Telemetry
- Deployment
Cloud Village activities will be streamed to YouTube.
YouTube: https://www.youtube.com/cloudvillage_dc
Return to Index - Add to
- ics Calendar file
CON - Saturday - 09:00-15:59 PDT
Title: OpenSOC Blue Team CTF
When: Saturday, Aug 7, 09:00 - 15:59 PDT
Where: See Description
Description:
For more information, see https://forum.defcon.org/node/238017
Return to Index - Add to
- ics Calendar file
AVV - Saturday - 14:00-14:59 PDT
Title: Operation Bypass: Catch My Payload If You Can
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: Adversary Village (Virtual)
SpeakerBio:Matthew Eidelberg
, Technical Manager, Optiv
Matthew Eidelberg is a Technical Manager in Optiv’s Threat Management Team (Attack and Penetration specialization). Matthew has over 8 years’ experience in both consulting and information security. Matthew’s primary role is focused on leading Threat Management’s Adversary Simulation Services which focus on physical, red/purple team, and other advanced assessments.
Matthew’s expertise also involves research development, focusing on developing new techniques and tooling for endpoint security bypass and evasion. Matthew’s experience working in enterprise networks has also given him a deep understanding of the business operations.
https://ca.linkedin.com/in/matthew-eidelberg-b0422997/
Description:
Endpoint Detection and Response (EDR) have become the punching bags of the security world. Attackers employ sophisticated techniques to circumvent these controls and as a result, there has been a driving need for defenders to detect and prevent these attacks... but are they sufficient? This talk will go over all the operational considerations and tradecraft theory I've developed over the past few years when evading EDRs and other endpoint controls. This will primarily focus on techniques to ensure command and controls servers are not easily detected and contain virtually no Indicators of Compromise. This talk will then deep dive into the inner workings of the EDR bypassing framework ScareCrow,highlighting some of the lesser-known techniques and new features that are available to red teamers and pentesters. By the end of this talk, the audience should walk away with a detailed understanding of how to use ScareCrow and other opsec considerations to avoid being detected by endpoint controls and blue teams.
Adversary Village talks and workshops will be streamed on YouTube and Twitch.
Q&A sessions will happen in DEF CON Official Discord server after each talk.
YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg
Twitch: https://twitch.tv/adversaryvillage
Discord: https://discord.gg/defcon
Return to Index - Add to
- ics Calendar file
RCV - Saturday - 15:20-16:05 PDT
Title: OSINT for Sex Workers
When: Saturday, Aug 7, 15:20 - 16:05 PDT
Where: Recon Village (Virtual)
SpeakerBio:Kala Kinyon
No BIO available
Twitter: @TankKala
Description:No Description available
Recon Village talks will stream to YouTube.
YouTube: https://www.youtube.com/c/ReconVillage
Return to Index - Add to
- ics Calendar file
HTSV - Saturday - 10:00-10:55 PDT
Title: OSINT Tales: What the Public Knows About Russia’s New Mega-Submarine
When: Saturday, Aug 7, 10:00 - 10:55 PDT
Where: Hack the Sea (Virtual)
SpeakerBio:H I Sutton
No BIO available
Description:No Description available
Hack the Sea Village will stream their events to YouTube and Twitch.
Twitch: https://www.twitch.tv/h4ckthesea
YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ
Return to Index - Add to
- ics Calendar file
DC - Saturday - 14:00-14:45 PDT
Title: Over-the-air remote code execution on the DEF CON 27 badge via Near Field Magnetic Inductance or World’s first NFMI exploitation, sorta or OTARCEDC27NFMIOMGWTFBBQ
When: Saturday, Aug 7, 14:00 - 14:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
SpeakerBio:Seth Kintigh
Seth Kintigh learned to program at age 12 on an IBM PC jr and his grandmother taught him how to crack ciphers. His first hack was to get infinite lives and beat the Atari 2600 game Solaris. He earned a BS EE with minors in CS and physics and a MS EE with concentration in cryptography and information security from WPI. He worked 6 years as a hardware engineer and 17 in security. Hobbies include cracking historical ciphers and restoring a Victorian home
Description:
The DEF CON 27 badge employed an obscure form of wireless communication: Near Field Magnetic Inductance (NFMI). The badges were part of a contest and while poking through the firmware for hints I noticed a buffer overflow flaw. All it required to exploit it was an oversized packet… via a chip with no datasheet and no documentation on the proprietary protocol. Thus started a 2 year odyssey.
I used Software Defined Radio tools to study the signal’s modulations. I built a receiver in GNURadio and Python to convert signals into symbols, symbols obfuscated by a pattern that I had to deduce while only controlling a fraction of the bytes. Data was encoded in those symbols using proprietary convolution for even bits and Trellis Code Modulation for odd bits. I then reversed their bizarre CRC and wrote tools to craft and send packets. Using those tools I chained bugs in 2 chips and remotely crashed the badge. However, limitations in the NFMI protocol made more sophisticated attacks impossible.
But after a year and a half invested, I was not about to give up. I soldered leads to middle layer traces, extracted and reverse engineered the NFMI firmware, fixed their protocol, and patched a badge FW to patch the NFMI FW. At long last I achieved what may be the world’s first, over-the-air, remote code exploit via NFMI.
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=sDCIjcUEFj0&
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Seth%20Kintigh%20-%20Over-the-air%20remote%20code%20execution%20on%20the%20DEF%20CON%2027%20badge%20via%20Near%20Field%20Magnetic%20Inductance.mp4
This talk will be given live in Track 2.
This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_two
Return to Index - Add to
- ics Calendar file
BHV - Saturday - 15:00-16:45 PDT
Title: OWASP & CSA IoT: Impacting Medical Security
When: Saturday, Aug 7, 15:00 - 16:45 PDT
Where: Biohacking Village (Talk - Virtual)
SpeakerBio:Aaron Guzman
, OWASP Project Leader
Aaron Guzman is co-author of IoT Penetration Testing Cookbook and Product Security Lead with Cisco Meraki. He spends his days building security into IoT products and crafting designs that keep users safe from compromise. A co-chair of Cloud Security Alliance’s IoT Working Group and a technical reviewer for several published security books, he also spearheads many open-source initiatives, raising awareness about IoT hacking and proactive defensive strategies under OWASP’s IoT and Embedded Application Security projects. He has extensive public speaking experience, delivering conference presentations, training, and workshops globally. Follow Aaron on Twitter @scriptingxss.
Twitter: @scriptingxss
Description:
The Open Web Application Security Project (OWASP) IoT Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things as well as enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies. Similarly, CSA's IoT Working group is dedicated to understanding IoT deployments and defining actionable guidance to secure ecosystems. Their efforts are often used to develop medical security guidelines for developers and manufacturers alike but also to influence IoT security assessment methodologies for later use on commercial IoT certification schemes. This session will provide insights into current project initiatives, including those that directly impact medical devices and how you can save lives by getting involved.
All Biohacking Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q
Return to Index - Add to
- ics Calendar file
AVV - Saturday - 20:30-21:30 PDT
Title: Panel discussion: Is Adversary Emulation Too ___ For You?
When: Saturday, Aug 7, 20:30 - 21:30 PDT
Where: Adversary Village (Virtual)
Speakers:Jamie Williams,Cat Self,Tim Schulz,Michael Long,Frank Duff,Jose Barajas
SpeakerBio:Jamie Williams
, Principal Adversary Emulation Engineer – The MITRE Corporation
Jamie Williams is an engineer at MITRE where he works on various exciting efforts involving security operations and research, specializing in adversary emulation and behavior-based detections. He also leads teams that help shape and deliver the “adversary-touch” within MITRE ATT&CK® and ATT&CK Evaluations.
SpeakerBio:Cat Self
, Lead Cyber Adversarial Engineer – The MITRE Corporation
Cat Self is a Lead Cyber Adversarial Engineer working on MITRE ATT&CK® and ATT&CK Evaluations teams at MITRE. Cat previously worked at Target as a red team operator, threat hunter, and developer. Cat is an Army Military Intelligence veteran with a passion for mentorship, hiking in foreign lands, and finding opportunities to give back.
SpeakerBio:Tim Schulz
, Adversary Emulation Lead - SCYTHE
Tim Schulz is SCYTHE’s Adversary Emulation Lead. He has been helping organizations build and train teams to understand and emulate cyber threats for the last seven years while working at multiple FFRDCs. He is the author of the Purple Maturity Model, and has given talks on purple teaming, adversary emulation, security testing, and technical leadership.
SpeakerBio:Michael Long
, Capability Area Lead for Cyber Adversary Emulation – The MITRE Corporation
Michael Long is a Principal Adversary Emulation Engineer at the MITRE Corporation and a former U.S. Army Cyber Operations Specialist. Michael has over 10 years’ experience in offensive and defensive cyber operations. With MITRE, Michael leads adversary emulation activities for ATT&CK Evaluations. Michael is also an instructor for MITRE ATT&CK Defender’s upcoming ATT&CK Adversary Emulation course.
SpeakerBio:Frank Duff
, Director of ATT&CK Evaluations - MITRE Engenuity
Frank Duff is the General Manager for MITRE Engenuity's ATT&CK Evaluations. Frank has spent over 15 years at the MITRE Corporation, starting in radar signal analysis and then transitioning to cyber security. He was on the forefront of early endpoint detection and response research, before leading a team responsible for developing and executing test methodologies. He now leverages this experience to foster public-private partnerships to drive organizational security and product improvement.
SpeakerBio:Jose Barajas
No BIO available
Description:No Description available
Adversary Village talks and workshops will be streamed on YouTube and Twitch.
Q&A sessions will happen in DEF CON Official Discord server after each talk.
YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg
Twitch: https://twitch.tv/adversaryvillage
Discord: https://discord.gg/defcon
Return to Index - Add to
- ics Calendar file
DL - Saturday - 14:00-15:50 PDT
Title: ParseAndC
When: Saturday, Aug 7, 14:00 - 15:50 PDT
Where: DemoLab Video Channel 1
SpeakerBio:Parbati Kumar Manna
Parbati Kumar Manna got his Bachelor of Technology from Indian Institute of Technology, Kharagpur in 1997. After spending a bit of time in the software industry, he went back to school to earn his MS and PhD in Computer Science from University of Florida in 2008. His dissertation involved the creation and detection of some of the smartest malware (particularly internet worms) that leave minimal footprint during their spread yet propagate at the maximal speed. After his PhD he joined the premier security group within Intel, working with other like-minded security researchers looking over the security of various Intel products, including hardware, firmware and software. He has published and reviewed in eminent conferences and journals.
Description:
ParseAndC - A Universal Parser and Data Visualization Tool for Security Testing
Short Abstract:
Parsing is the process of extracting the data values of various fields by mapping the data format (known) onto the datastream (known) from a certain offset (known). Parsing is often an integral part of hacking - even when we do not know the exact format of the data, we still have some vague idea, and we want to parse the data based on our assumed data format to see if our hunch is true. While it is trivial to write a parser that will output the values corresponding to the fields of a single C structure, that parser becomes useless if now we have to deal with a different C structure. A parser that can handle any and all C structures as its input is essentially a compiler, since even C header files contain enough complexity (#define constants, macros calling macros, variadic macros, conditional code via if-else etc., included files, packed/aligned attributes, pragmas, bitfield, complex variable declarations, nested and anonymous structure declaration etc.). This tool is capable of mapping any C structure(s) to any datastream from any offset, and then visually displaying the 1:1 correspondence between the variables and the data in a very colorful, intuitive display so that it becomes very easy to understand which field has what value.
This tool is extremely portable - it is a single 800KB Python text file, supports all versions of Python, is cross-platform (Windows/Mac/Unix), and also works in the terminal /batch mode without GUI. For multi-byte datatypes (e.g. integer or float) it supports both endianness (little/big) and displays value in both decimal and Hex formats. The tool needs no internet connection and works fully offline. It is self-contained - it doesn't import almost anything, to the extent that it implements its own C compiler (front-end) from scratch!!
This tool is useful for both security- and non-security testing alike (reverse engineering, network traffic analyzing, packet processing etc.). It is currently being widely used at Intel, and in the users' own words, this tool has reduced their days' work into minutes. The author of this tool led many security hackathons at Intel and there this tool was found to be very useful.
Short Developer Bio:
Parbati Kumar Manna got his Bachelor of Technology from Indian Institute of Technology, Kharagpur in 1997. After spending a bit of time in the software industry, he went back to school to earn his MS and PhD in Computer Science from University of Florida in 2008. His dissertation involved the creation and detection of some of the smartest malware (particularly internet worms) that leave minimal footprint during their spread yet propagate at the maximal speed. After his PhD he joined the premier security group within Intel, working with other like-minded security researchers looking over the security of various Intel products, including hardware, firmware and software. He has published and reviewed in eminent conferences and journals.
URL to any additional information:
The tool has just been open-sourced, but no public announcement has been made (don't want to steal the thunder from DEFCON)
https://github.com/intel/ParseAndC
Detailed Explanation of Tool:
If one knows the data format of any datastream (basically, if you have access to the source code), parsing is easy since it takes <5 minutes to write a parser for a C structure. However, if one's job involves looking at many different datastreams, each with a different data format (basically, a different C structure), then this process becomes very tedious as you have to write a fresh parser for every new structure. As part of the Intel's in-house core hacking team, this author faced this very problem where he had to parse many different datastreams based on their individual data formats. So, to rid himself of the trouble of writing a new parser every time, he chose to write a tool that can parse any datastream with any data format (a C structure) with just two clicks.
The other big problem that this tool handles is the data visualization. The problem is, not every time we have a 1:1 mapping between code and data - we can have one-to-many relationship (for arrays), and can have many-to-one relationship (many union members pointing to same chunk of data). For example, if we have a single line of code like int a[30][40][50];, suddenly for a single line of code we have sixty thousand chucks of 4-byte data. This tool handles these many-to-one and one-to-many relationships between code and data very gracefully (just try hovering your cursor over the variables in the Interpreted code window or the data windows, and you will see). Also, if you double-click on any variable, it will re-display the datastream centered around the place where the variable maps to. Similarly, if you double-click on any data byte, it will scroll the Interpreted code window to pinpoint to the variable(s) that map to that data.
You can see all that just by clicking the "Run Demo" button on the tool. :-)
Supporting Files, Code, etc:
The tools needs no supporting file to run. To show its capability, just run the Demo (see below how). There is a huge README explaining everything right at the top of the script itself (the same README is also available in the Open Source repo https://github.com/intel/ParseAndC), but in case you don't have time to read that, below is a TL;DR version.
Just download the tool source (a single Python file) anywhere (Windows/Linux/Mac), run it using Python 2 or 3, and click on the "Run Demo" button on top right corner. It will load a datafile (the tool script itself), choose a builtin data format (expressed via C structures and variable declarations), compile/Interpret that code and finally map the variables in the data format onto the data file. Once this happens, the Interpreted code window and the Data window will contain colorful items. Just hover your cursor over those colorful items (or double-click) and see the magic happen!
There is also a bottom window which lays out a Tree-like view of the data format. You can expand/collapse all the structures and arrays in the data format here using left/right arrows (or mouse click).
It also creates a snapshot.csv file with all the data format variables with their values. It also prints the same in the background (console).
The tool is currently in Beta stage (a lot of new features have been added lately), but it will absolutely be mature during the actual conference time.
Target Audience:
The target audience for this tool is pretty broad - it involves both White Hat and Black Hat researchers alike. Basically, anybody who tests C programs, or reverse engineers any datastream produced from a C program will find this tool extremely useful. Examples of actual usage of this tool are noted below.
White Hat Testing (has access to source code):
At Intel, of course we have access to our own source code, so we do not need to speculate about the data format of Intel products. In Intel, this tool has found its wide usage in driver testing, network packet analyzing, firmware reversing etc. where the testers use this tool to confirm that we are indeed observing the intended value in the datastream.
Black Hat Testing (no access to source code):
An example of how this tool is useful for even Black Hat hackers is as follows. Suppose you believe that a certain executable or datastream should begin with a certain magic number, followed by version number, followed by a header, followed by data etc. So, you can just write a C structure corresponding to your "hunch", and then use this tool to map that hypothetical structure onto the datastream to see if the values corresponding to the fields "make sense" visually. This is where the visualization part of this tool comes as immensely useful - you can hover your cursor on top of any variable and see its corresponding data value, or hover your cursor over any data byte and see its corresponding variable(s). If some of the supposed fields in the structure make sense but others do not, you know for which fields you have hit the jackpot, and for which you didn't. So, you modify your structure accordingly and just two more clicks will give you the new visualization of the mapped data with the new structure. This way, you can use this tool iteratively to figure out the format of the datastream.
To summarize, this is a tool that has been widely used at Intel for both security testing and regular non-security testing for the last two years.
This tool, per se, is not targeted ONLY for security, but it has been proven to be extremely useful for security research (just like the case of a binary disassembler).
For the past couple of years, it has been used at Intel for both kinds of testers: Security researchers and regular non-security folks. Both groups of people found the tool to be extremely useful.
To the best of the author's knowledge, no such hacking tool currently exists. Thus, this tool can definitely contribute to a new perspective to DEF CON.
This content will be presented on a Discord video channel.
#dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 10:00-18:30 PDT
Title: Pentesting 101
When: Saturday, Aug 7, 10:00 - 18:30 PDT
Where: IoT Village (Onsite)
Description:
For more information, see https://www.iotvillage.org/defcon.html
Return to Index - Add to
- ics Calendar file
AVV - Saturday - 15:45-16:30 PDT
Title: Phish Like An APT
When: Saturday, Aug 7, 15:45 - 16:30 PDT
Where: Adversary Village (Virtual)
SpeakerBio:Sanne Maasakkers
, Security Expert, Fox-IT
Sanne Maasakkers works as a security expert in the Red Team and Strategic Threat Intelligence team at Fox-IT in the Netherlands. Next to her focus on pentesting and threat analysis (which was recently demonstrated by ‘being’ the attacking APT during the biggest Dutch cyber crisis exercise), she loves to perform social engineering attacks and has a strong expertise on getting initial access by using this technique. In addition to her work, she contributes to "a more secure society" by providing awareness training, guest lectures and hack demos in both professional and educational environments and as team captain of the European team during the International Cyber Security Challenge (ICSC).
https://nl.linkedin.com/in/sannemaasakkers/
Description:
Have you ever wondered what phishing strategy real world APTs use? And how these compare with the scenarios that you use during your Red Team / social engineering activities? If you did, you probably found out that there's a lot of research about APT techniques, tactics and procedures, like the use of specific malware or attack vectors, but there are not many public resources on which techniques those attackers actually use to convince a non-suspecting person to aid them in their operation. In this talk an analysis is presented of hundreds of phishing emails that were used in real campaigns. All characteristics of an email, like the method of influence, tone of speech and used technologies are classified and measures how well a phishing campaign is designed, scoring from “obvious spam” to “near-realistic original mail”. By comparing and measuring the state of these phishing emails,we can learn more about how certain groups operate and how much “effort” they put into their scenarios. This is important knowledge for both attackers and defenders. If you want to know how to phish like you’re an APT, then this talk is for you. Spoiler alert: you might already be a better phisher than these groups.
Adversary Village talks and workshops will be streamed on YouTube and Twitch.
Q&A sessions will happen in DEF CON Official Discord server after each talk.
YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg
Twitch: https://twitch.tv/adversaryvillage
Discord: https://discord.gg/defcon
Return to Index - Add to
- ics Calendar file
DC - Saturday - 13:00-13:45 PDT
Title: PINATA: PIN Automatic Try Attack
When: Saturday, Aug 7, 13:00 - 13:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded
SpeakerBio:Salvador Mendoza
Salvador Mendoza is a Metabase Q security researcher and member of the Ocelot Offensive Security Team.
Salvador focuses on tokenization processes, payment systems, mag-stripe information and embedded prototypes. He has presented on tokenization flaws and payment methods in different conferences such as Black Hat USA, DEF CON, HITB, Troopers and many others. Also, Salvador designed different tools to pentest mag-stripe information and tokenization processes.
Author of “Show me the (e-) money Hacking a sistemas de pagos digitales: NFC. RFID, MST y Chips EMV“. A Spanish-written book with a collection of different attacks against payment systems.
Twitter: @Netxing
salmg.net
Description:
A brute force attack is a trial-and-error method used to obtain information such as user passwords or personal identification numbers (PINs). This attack methodology should be impossible to apply to the actual secured EMV bank cards. In this talk, we will analyze how an inadequate implementation could rely on an extreme and sophisticated PIN brute force attack against 10,000 combinations from 4 digit PIN that could affect millions of contact EMV cards.
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=VOIvEqjJNOY
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Salvador%20Mendoza%20-%20PINATA-%20PIN%20Automatic%20Try%20Attack.mp4
This talk will be given live in Track 1.
This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_one
Return to Index - Add to
- ics Calendar file
BHV - Saturday - 17:30-17:59 PDT
Title: Playing with FHIR: hacking and securing healthcare APIs
When: Saturday, Aug 7, 17:30 - 17:59 PDT
Where: Biohacking Village (Talk - Virtual)
Speakers:Alissa Knight,Mitch Parker
SpeakerBio:Alissa Knight
, Content Creator | Hacker
Alissa Knight is a recovering hacker of 20 years, blending hacking with a unique style of written and visual content creation for challenger brands and market leaders in cybersecurity. Alissa is a cybersecurity influencer, content creator, and community manager as a partner at Knight Ink (http://www.knightinkmedia.com/) that provides vendors go-to market and content strategy for telling brand stories at scale in cybersecurity. Alissa is also the principal analyst in cybersecurity at Alissa Knight & Associates.
Alissa is a published author through her publisher at Wiley, having published the first book on hacking connected cars (https://www.amazon.com/Hacking-Connected-Cars-Techniques-Procedures/dp/1119491800/ref=sr_1_1?crid=X8OQ88MUEP4T&dchild=1&keywords=hacking+connected+cars&qid=1592558581&sprefix=hacking+connected+cars%2Caps%2C300&sr=8-1) and recently received two new book contracts to publish her autobiography and a new book on hacking APIs.
As a serial entrepreneur, Alissa has started and sold two cybersecurity companies to public companies in international markets and also sits as the group CEO of Brier & Thorn, a managed security service provider (MSSP).
https://www.alissaknight.com/
https://www.alissaknight.com/
SpeakerBio:Mitch Parker
, CISO, Indiana University Health
No BIO available
Description:
Hear from renowned bank, automotive, and healthcare API Hacker Alissa Knight on her tactics and techniques in hacking mHealth and FHIR APIs. Alissa walks through the tactics and techniques she uses in her API kill chain. Mitch, IU Health CISO, follows up with tactical and strategic maneuvers to maintain the integrity of the data.
All Biohacking Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q
Return to Index - Add to
- ics Calendar file
DL - Saturday - 10:00-11:50 PDT
Title: PMapper
When: Saturday, Aug 7, 10:00 - 11:50 PDT
Where: Palace 1+2
SpeakerBio:Erik Steringer
Erik Steringer is a Senior Security Consultant with NCC Group.
Description:
Tool or Project Name: Principal Mapper (PMapper) - Mapping Privilege Escalation and More in AWS IAM
Short Abstract:
Principal Mapper (PMapper) is an open-source tool and library for assessing AWS IAM and AWS Organizations for security concerns, such as privilege escalation and resource isolation. It tracks and identifies the different ways that one given IAM User/Role (Principal) could pivot to other IAM Users or Roles by reviewing all applicable IAM Policies. After gathering this data, PMapper can perform additional analysis, querying, and visualization.
The querying and analysis systems of PMapper goes beyond checking if a principal is authorized to make a specific AWS API call. It will check if the principal can go through other principals to make a specified AWS API call. In a real-world example: if a user is not authorized to get an S3 object, PMapper also checks if the user can run an EC2 instance with a role as a means of bypassing that restriction. This means that PMapper tells you the effective permissions of each IAM User and Role, and the impact of the extra access you may inadvertently grant to those principals.
Short Developer Bio:
Erik Steringer is a Senior Security Consultant with NCC Group.
URL to any additional information:
https://github.com/nccgroup/PMapper/wiki
Detailed Explanation of Tool:
PMapper is a free and open source project written in Python 3. The v1.1.X release added support for resource policies, SCPs, permission boundaries, and session policies, which means it now works for cross-account scenarios. Additionally, it can now map and handle AWS Organizations.
At a high level, the different operations of PMapper include gathering data (account or organization), querying, analysis, and visualization. All work typically starts with gathering data. When gathering an account's data, PMapper composes a graph to represent the account. The graph includes different IAM Users/Roles, represented as nodes. The graph also tracks how nodes can access each other, as edges. One example of an edge is when a principal can call sts:AssumeRole to access an IAM Role.
The account graph is used by the query component. During all queries, PMapper checks the specified principal and then other principals that can be pivoted to by the specified principal. This catches risks where a given user or role can bypass their own limited permissions with other users or roles. This is also the root of the privilege escalation detection. The different users and roles are marked as administrators if they can effectively call any API operation with any resource, and the privilege escalation detection finds non admins that can pivot to admins through an edge.
The authorization simulator of PMapper runs completely locally, with no calls to the AWS IAM Policy Simulation APIs. It can handle the most complex types of IAM Policies, and other types of policies that even the simulation APIs don’t include (SCPs, Session Policies).
The graph data, query component, and underlying authorization simulator enable PMapper to catch risks that other tools (ScoutSuite, awspx, Cartography, Aaia, CloudMapper, AWS IAM Access Analyzer) cannot. A lot of those risks are covered with the analysis component of PMapper. It can also be extended through the `principalmapper` package to check for even more specific needs.
Supporting Files, Code, etc:
https://github.com/nccgroup/PMapper
Target Audience:
Defense, Cloud
As a consultant, I’ve had the opportunity to work in a variety of AWS environments across a range of clients and requirements. I think PMapper reflects a lot of the lessons learned during these last few years. Some of the recent work I’ve put into PMapper helps show where I think the future is (infrastructure as code analysis) for tools in this space.
Return to Index - Add to
- ics Calendar file
DC - Saturday - 10:00-10:59 PDT
Title: Privacy Without Monopoly: Paternalism Works Well, But Fails Badly
When: Saturday, Aug 7, 10:00 - 10:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
SpeakerBio:Cory Doctorow
Cory Doctorow (craphound.com) is a science fiction novelist, journalist and technology activist. He is a contributor to many magazines, websites and newspapers. He is a special consultant to the Electronic Frontier Foundation (eff.org), a non-profit civil liberties group that defends freedom in technology law, policy, standards and treaties. He holds an honorary doctorate in computer science from the Open University (UK), where he is a Visiting Professor; he is also a MIT Media Lab Research Affiliate and a Visiting Professor of Practice at the University of North Carolina’s School of Library and Information Science. In 2007, he served as the Fulbright Chair at the Annenberg Center for Public Diplomacy at the University of Southern California.
His novels have been translated into dozens of languages and are published by Tor Books, Head of Zeus (UK), Titan Books (UK) and HarperCollins (UK). He has won the Locus, Prometheus, Copper Cylinder, White Pine and Sunburst Awards, and been nominated for the Hugo, Nebula and British Science Fiction Awards.
His recent books include ATTACK SURFACE (2020), a standalone sequel to LITTLE BROTHER intended for adults, POESY THE MONSTER SLAYER, a picture book for young children (2020), the nonfiction tech/politics book HOW TO DESTROY SURVEILLANCE CAPITALISM (2020), RADICALIZED (2019) and WALKAWAY (2017), science fiction for adults; and IN REAL LIFE, a young adult graphic novel created with Jen Wang (2014).
His latest young adult novel is HOMELAND, the bestselling sequel to 2008’s LITTLE BROTHER. His New York Times Bestseller LITTLE BROTHER was published in 2008. His latest short story collection is WITH A LITTLE HELP, available in paperback, ebook, audiobook and limited edition hardcover. In 2011, Tachyon Books published a collection of his essays, called CONTEXT: FURTHER SELECTED ESSAYS ON PRODUCTIVITY, CREATIVITY, PARENTING, AND POLITICS IN THE 21ST CENTURY (with an introduction by Tim O’Reilly) and IDW published a collection of comic books inspired by his short fiction called CORY DOCTOROW’S FUTURISTIC TALES OF THE HERE AND NOW. THE GREAT BIG BEAUTIFUL TOMORROW, a PM Press Outspoken Authors chapbook, was also published in 2011.
LITTLE BROTHER was nominated for the 2008 Hugo, Nebula, Sunburst and Locus Awards. It won the Ontario Library White Pine Award, the Prometheus Award as well as the Indienet Award for bestselling young adult novel in America’s top 1000 independent bookstores in 2008; it was the San Francisco Public Library’s One City/One Book choice for 2013. It has also been adapted for stage by Josh Costello.
He co-founded the open source peer-to-peer software company OpenCola, and serves on the boards and advisory boards of the Participatory Culture Foundation, the Clarion Foundation, the Open Technology Fund and the Metabrainz Foundation. He maintains a daily blog at Pluralistic.net.
Twitter: @doctorow
Description:
Governments around the world (US, UK, EU) are planning to force interoperability on the biggest tech platforms. Companies like Facebook say that this is a privacy disaster because it would hurt their ability to keep us safe from privacy invasions. Yeah, I know. But even if you DO think Facebook has our best interests at heart, monopoly is a deeply stupid way protect privacy. I will present "Privacy Without Monopoly," a major EFF white paper I co-authored with Bennett Cyphers, which sets out a framework for understanding how privacy and interop aren't just compatible - they rely on one another!
https://www.eff.org/wp/interoperability-and-privacy
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=deRRR5B1hwI
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Cory%20Doctorow%20-%20Privacy%20Without%20Monopoly.mp4
This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_three
Return to Index - Add to
- ics Calendar file
DC - Saturday - 16:00-16:45 PDT
Title: PunkSPIDER and IOStation: Making a Mess All Over the Internet
When: Saturday, Aug 7, 16:00 - 16:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
Speakers:_hyp3ri0n aka Alejandro Caceres,Jason Hopper
SpeakerBio:_hyp3ri0n aka Alejandro Caceres
No BIO available
SpeakerBio:Jason Hopper
No BIO available
Description:
We've been getting asked a lot for "that tool that was like Shodan but for web app vulns.” In particular WTF happened to it? Punkspider (formerly known as PunkSPIDER but renamed because none of us could remember where tf the capital letters go) was taken down a couple of years ago due to multiple ToS issues and threats. It was originally funded by DARPA. We weren’t sure in which direction to keep expanding, and it ended up being a nightmare to sustain. We got banned more than a 15 year old with a fake ID trying to get into a bar. It became a pain and hardly sustainable without a lot of investment in time and money. Each time we got banned it meant thousands of dollars and countless hours moving sh** around.
Now we’ve solved our problems and completely re-engineered/expanded the system. It is not only far more efficient with real-time distributed computing and checks for way more vulns, we had to take some creative ways through the woods – this presentation covers both the tool itself and the story of the path we had to take to get where it is, spoiler alert: it involves creating our own ISP and data center in Canada and integrating freely available data that anyone can get but most don’t know is available. Come play with us and see what the wild west of the web looks like and listen to our story, it’s fun and full of angry web developers. We’ll also be releasing at least 10s of thousands of vulnerabilities and will be taking suggestions from the audience on what to search. Fun vulns found get a t-shirt, super fun ones get a hoodie thrown at them.
- REFERENCES
- https://www.youtube.com/watch?v=AbS_EGzkNgI (Shmoo 2013 talk)
https://hadoop.apache.org/
https://aws.amazon.com/kubernetes/
https://www.docker.com/
https://www.python.org/
https://www.apache.org/licenses/LICENSE-2.0
https://kafka.apache.org/
https://owasp.org/www-project-top-ten/
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=DlS_sl4hTWg
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20hyp3ri0n%20aka%20Alejandro%20Caceres%20Jason%20Hopper%20-%20PunkSPIDER%20and%20IOStation-%20Making%20a%20Mess%20All%20Over%20the%20Internet.mp4
This talk will be given live in Track 2.
This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_two
Return to Index - Add to
- ics Calendar file
SOC - Saturday - 16:00-17:59 PDT
Title: QueerCon Party
When: Saturday, Aug 7, 16:00 - 17:59 PDT
Where: Bally's Pool
Description:
Come hang out with the queer hacker community
Return to Index - Add to
- ics Calendar file
DC - Saturday - 12:00-12:20 PDT
Title: Racketeer Toolkit. Prototyping Controlled Ransomware Operations
When: Saturday, Aug 7, 12:00 - 12:20 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded
SpeakerBio:Dimitry "Op_Nomad" Snezhkov
Dimitry Snezhkov is an Associate Director at Protiviti. In this role he hacks code, tools, networks, apps and sometimes subverts human behavior too. Dimitry has spoken at DEF CON, BlackHat, THOTCON conferences, and presented tools at BlackHat Arsenal.
Twitter: @Op_Nomad
Description:
*** SPECIAL NOTE: Technical difficulties prevented this talk from being shown at the correct time slot on DCTV/Twitch. Please look for another event on the schedule, by the same name; replay is estimated to begin at 19:00 on Track 2 DCTV/Twitch only. You may also watch this talk on-demand, by following the links at the bottom of this message. ***
Offensive testing in organizations has shown a tremendous value for simulating controlled attacks. While cyber extortion may be one of the main high ROI end goals for the attacker, surprisingly few tools exist to simulate ransomware operations.
Racketeer is one such tool. It is an offensive agent coupled with a C2 base, built to help teams to prototype and exercise a tightly controlled ransomware campaign.
We walk through the design considerations and implementation of a ransomware implant which emulates logical steps taken to manage connectivity and asset encryption and decryption capabilities. We showcase flexible and actionable ways to prototype components of fully remote ransomware operation including key and data management, as well as data communication that is used in ransomware campaigns.
Racketeer is equipped with practical safeguards for lights out operations, and can address the goals of keeping strict control of data and key management in its deployment, including target containment policy, safe credential management, and implementing operational security in simulated operations.
Racketeer can help gain better optics into IoCs, and is helpful in providing detailed logs that can be used to study the behavior and execution artifacts of a ransomware agent.
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=VJ8aqReB118
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Dimitry%20Op%20Nomad%20Snezhkov%20-%20Racketeer%20Toolkit.%20Prototyping%20Controlled%20Ransomware%20Operations.mp4
This talk will be given live in Track 1.
This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_one
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 16:30-17:59 PDT
Title: Ransomware ATT&CK and Defense with the Elastic Stack
When: Saturday, Aug 7, 16:30 - 17:59 PDT
Where: Blue Team Village - Workshop Track 2 (Virtual)
Speakers:Ben Hughes,Daniel Chen,Fred Mastrippolito
SpeakerBio:Ben Hughes
Ben Hughes (@CyberPraesidium) brings over 15 years of diverse experience in cyber security, IT, and law. He leads Polito's commercial services including Digital Forensics & Incident Response (DFIR), threat hunting, pen testing, and risk assessment. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients. He holds CISSP, GCFA, and GWAPT certifications.
Twitter: @CyberPraesidium
SpeakerBio:Daniel Chen
No BIO available
SpeakerBio:Fred Mastrippolito
Pentester, and incdent response engineer with a passion for technology. Founded @politoinc and focuses on assisting customers operate securely.
Twitter: @politoinc
Description:
This hands-on training will walk attendees through leveraging the open source Elastic (ELK) Stack to proactively identify common ransomware tactics, techniques, and procedures (TTPs) within diverse log data sets. The blue team tools and techniques taught during this workshop can be used to investigate isolated ransomware incidents or implemented at scale for continuous monitoring and threat hunting.
This hands-on training will walk attendees through leveraging the open source Elastic (ELK) Stack to proactively identify common ransomware tactics, techniques, and procedures (TTPs) within diverse log data sets. The blue team tools and techniques taught during this workshop can be used to investigate isolated ransomware incidents or implemented at scale for continuous monitoring and threat hunting. Attendees will be provided with access to a preconfigured Elastic cluster and extensive sample logs containing malicious endpoint and network events waiting to be discovered on a simulated enterprise network. Ransomware attack artifacts will be mapped to the MITRE ATT&CK Framework and tagged accordingly in the provided logs to help demonstrate the value of log enrichment, showcase real-world attacker TTPs, and leverage a methodological approach to incident response and anomaly detection. Emphasis will be placed on live demos and practical training exercises throughout.
Workshop Outline: * Introduction to Ransomware Digital Forensics and Incident Response (DFIR), Threat Hunting, and Threat Intelligence Principles * Introduction to the ATT&CK Framework and Mapping Ransomware TTPs to Relevant Log Data (live demos and labs) * Introduction to the Elastic Stack and Log Data-Driven Analysis (live demos and labs) * Hallmarks of the Ransomware Attack Lifecycle (live demos and labs) * Identifying Ransomware Adversaries and TTPs from Reconnaissance to Exfiltration (live demos and labs)
Return to Index - Add to
- ics Calendar file
PHV - Saturday - 12:00-12:59 PDT
Title: RCE via Meow Variant along with an Example 0day
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Packet Hacking Village - Talks (Virtual)
SpeakerBio:Özkan Mustafa AKKUŞ
, SENIOR CYBER SECURITY CONSULTANT AND VULNERABILITY RESEARCHER AT TURK TELEKOM
Ozkan (Twitter: @ehakkus) is a vulnerability researcher and senior cyber security consultant in Turkey. Ozkan publishes security vulnerabilities on international platforms that he has discovered. He shares his experiences and works on his personal blog (https://www.pentest.com.tr). He gave training and presentations in many universities and institutions in his country. In addition to these studies, He gave the presentation of "The Vulnerability That Gmail Overlooked and Enabling Threat Hunting" in Packet Hacking Village at DEF CON 28 and "0day Hunting and RCE Exploitation in Web Applications" in AppSec Village at DEF CON 27.
Twitter: @ehakkus
Description:
I will touch Some Alternative Bypass Restriction Techniques. Then I will present a vulnerability of Ericsson Network Location that provides the infrastructure of the research and we are going to touch on the meow variant with details through this vulnerability Towards the end we are going to prepare a Metasploit module and exploit the vulnerability.
All Packet Hacking Village talks will stream on YouTube, Twitch, Facebook, and Periscope.
YouTube: https://youtube.com/wallofsheep
Twitch: https://twitch.tv/wallofsheep
Facebook: https://www.facebook.com/wallofsheep/
Periscope: https://www.periscope.tv/wallofsheep
Return to Index - Add to
- ics Calendar file
CON - Saturday - 10:00-17:59 PDT
Title: Red Alert ICS CTF
When: Saturday, Aug 7, 10:00 - 17:59 PDT
Where: See Description
Description:
For more information, see https://forum.defcon.org/node/236432
Return to Index - Add to
- ics Calendar file
CON - Saturday - 13:00-16:59 PDT
Title: Red Team Village CTF - Finals Part 1
When: Saturday, Aug 7, 13:00 - 16:59 PDT
Where: See Description
Description:
For more information, see https://forum.defcon.org/node/236421
Return to Index - Add to
- ics Calendar file
CON - Saturday - 12:00-12:59 PDT
Title: Red Team Village CTF - Qualifier Prizes and Announcements
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: See Description
Description:
For more information, see https://forum.defcon.org/node/236421
Return to Index - Add to
- ics Calendar file
CON - Saturday - 10:00-11:59 PDT
Title: Red Team Village CTF - Qualifiers Part 2
When: Saturday, Aug 7, 10:00 - 11:59 PDT
Where: See Description
Description:
For more information, see https://forum.defcon.org/node/236421
Return to Index - Add to
- ics Calendar file
HRV - Saturday - 17:00-18:59 PDT
Title: Remote Ham Radio Exams
When: Saturday, Aug 7, 17:00 - 18:59 PDT
Where: Ham Radio Village (Virtual Exams)
Description:
For those participating in DEF CON remotely, the HRV is offering remote ham radio exams as well as in-person exams! Register, as well as study for the exam online though ham.study. Registration can be completed at https://ham.study/sessions/6106030b38fc691617d940f8/1
Return to Index - Add to
- ics Calendar file
AIV - Saturday - 12:30-12:59 PDT
Title: Replication as a Security Threat: How to Save Millions By Recreating Someone Else’s Model
When: Saturday, Aug 7, 12:30 - 12:59 PDT
Where: AI Village (Virtual)
SpeakerBio:Stella Biderman
No BIO available
Description:No Description available
AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.
Speakers will be made available on DEF CON's Discord, in #aiv-general-text.
Twitch: https://www.twitch.tv/aivillage
YouTube: https://www.youtube.com/c/aivillage
#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 14:45-15:30 PDT
Title: Reverse Supply Chain Attack - A Dangerous Pathway To Medical Facilities’ Networks
When: Saturday, Aug 7, 14:45 - 15:30 PDT
Where: IoT Village (Talk - Virtual)
Speakers:Barak Hadad,Gal Kaufman
SpeakerBio:Barak Hadad
Barak Hadad is a security researcher at Armis, responsible for hunting zero days and reverse engineering. Formerly an R&D team lead in the Israeli Defense Forces Intelligence, his current focus is unraveling the mysteries of various embedded devices, found in hospitals, factories and anything in-between.
SpeakerBio:Gal Kaufman
No BIO available
Description:
The supply-chain attack vector has gained a lot of attention in the passing year. Our talk, however, will present a different type of a supply-chain attack vector -- the reverse supply-chain attack.
The process of a supply chain attack involves an attacker altering code of software, or the hardware of a device, en route to a potential victim. The reverse supply chain attack starts from the other end of the chain -- when a device is removed from a secure network. While IT departments are aware of the importance of wiping the harddrives of PCs, before they are being thrown away, or sold off, they are not fully aware that certain medical devices also withhold sensitive data, and the process to wipe these devices is also non-trivial.
In this talk, we will demonstrate the type of data that can be recovered from the most popular infusion pump -- the BD Alaris Infusion Pump. The recovered data can allow an attacker to infiltrate internal networks of medical facilities and exfiltrate or alter personal patient data. In the process of analyzing this attack vector, we purchased a handful of these used infusion pumps from eBay, which led us to the credentials of internal networks of large hospital facilities all over the US.
IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.
Twitch: https://www.twitch.tv/iotvillage
Return to Index - Add to
- ics Calendar file
AIV - Saturday - 13:30-13:59 PDT
Title: Risks of ML Systems in Health Care: The Real Story
When: Saturday, Aug 7, 13:30 - 13:59 PDT
Where: AI Village (Virtual)
SpeakerBio:Barton Rhodes
No BIO available
Description:No Description available
AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.
Speakers will be made available on DEF CON's Discord, in #aiv-general-text.
Twitch: https://www.twitch.tv/aivillage
YouTube: https://www.youtube.com/c/aivillage
#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536
Return to Index - Add to
- ics Calendar file
AIV - Saturday - 15:00-15:59 PDT
Title: RTV/AIV Red Teaming AI Roundtable
When: Saturday, Aug 7, 15:00 - 15:59 PDT
Where: AI Village (Virtual)
Speakers:Rich Harang,Anita Nikolich
SpeakerBio:Rich Harang
No BIO available
SpeakerBio:Anita Nikolich
No BIO available
Description:No Description available
AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.
Speakers will be made available on DEF CON's Discord, in #aiv-general-text.
Twitch: https://www.twitch.tv/aivillage
YouTube: https://www.youtube.com/c/aivillage
#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536
Return to Index - Add to
- ics Calendar file
DL - Saturday - 10:00-11:50 PDT
Title: Ruse
When: Saturday, Aug 7, 10:00 - 11:50 PDT
Where: DemoLab Video Channel 2
SpeakerBio:Mike Kiser
Mike Kiser is insecure. He has been this way since birth, despite holding a panoply of industry positions over the past 20 years—from the Office of the CTO to Security Strategist to Security Analyst to Security Architect—that might imply otherwise. In spite of this, he has designed, directed, and advised on large-scale security deployments for a global clientele. He is currently in a long-term relationship with fine haberdashery, is a chronic chronoptimist (look it up), and delights in needlessly convoluted verbiage. He speaks regularly at events such as the European Identity Conference and the RSA Conference, is a member of several standards groups, and has presented identity-related research at Black Hat and Def Con. He is currently a Senior Identity Strategist for SailPoint Technologies.
Description:
Tool or Project Name: Ruse
Short Abstract:
Facial recognition is eroding privacy and other human rights. Industry and government have ethical responsibilities to prevent this, but what if there were a way to enhance privacy for individuals without waiting for the cavalry? Adversarial technology gives people a way to protect this biometric. Ruse is an open-source mobile app that uses some of the research from the past year to enable “normal” people to protect the photos that they put online from being processed by commercial facial recognition products.
Short Developer Bio:
Mike Kiser is insecure. He has been this way since birth, despite holding a panoply of industry positions over the past 20 years—from the Office of the CTO to Security Strategist to Security Analyst to Security Architect—that might imply otherwise. In spite of this, he has designed, directed, and advised on large-scale security deployments for a global clientele. He is currently in a long-term relationship with fine haberdashery, is a chronic chronoptimist (look it up), and delights in needlessly convoluted verbiage. He speaks regularly at events such as the European Identity Conference and the RSA Conference, is a member of several standards groups, and has presented identity-related research at Black Hat and Def Con. He is currently a Senior Identity Strategist for SailPoint Technologies.
URL to any additional information:
https://github.com/derrumbe/Ruse
Detailed Explanation of Tool:
In an ideal world, this tool would utilize two of the latest techniques (Fawkes (http://sandlab.cs.uchicago.edu/fawkes/) / Lowkey) that have been pioneered at various academic institutions over the past year. However, for an app such as this one to truly work, ease-of-use is essential. This means that it must be delivered in a mobile format, which restricts the app to using TensorFlow Lite - which in turn means no on-board learning, and that whatever techniques it uses must be as quick and as easy to use as FaceID on a localized device is. (ironic, no?)
However, decent results can be had with a cheaper, faster combination of techniques — injecting perlin noise into the photos, a la Camera Adversaria: https://github.com/kieranbrowne/camera-adversaria, and modifying the photo by applying an arbitrary style through the relatively well known “arbitrary style transfer” technique. The combination of these two is powerful enough to warrant further development because it impacts two different processes involved in facial recognition: facial detection and facial classification.
This currently comes at a slight cost to the end user in terms of human intelligibility, but the app also allows for in-flow modification of the impact of these changes (and their protection.) There are some onboard facilities to check for the impact of these changes: Google MLKit to check for facial recognition, for example, so that the end user can dial down the modifications to a limit that is effective but not as disruptive.
This is a camera-centric mobile app, so the flow looks like this: photo from camera or roll -> apply perlin noise -> apply style filter -> check for impact against facial recognition -> save to roll or upload to social media
The app is on github here: https://github.com/derrumbe/Ruse and will be released onto the android and apple app stores in its first release (hopefully for DefCon): as noted before, ease-of-use is the goal.
Operating system:
Swift (iOS) / Java (android – lagging behind ios currently, but it will be transposed later this summer, hopefully)
Tensorflow Version: TensorFlowLiteSwift , nightly build (with GPU accel on)
GoogleMLKit
GPUImage: https://github.com/BradLarson/GPUImage (open source)
SimplexNoise : https://weber.itn.liu.se/~stegu/simp...plexNoise.java (open source)
Supporting Files, Code, etc:
https://github.com/derrumbe/Ruse
Target Audience:
Consumer Mobile Offense?
This content will be presented on a Discord video channel.
#dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988
Return to Index - Add to
- ics Calendar file
CHV - Saturday - 15:00-15:59 PDT
Title: Safety Third: Defeating Chevy StabiliTrak for Track Time Fun
When: Saturday, Aug 7, 15:00 - 15:59 PDT
Where: Car Hacking Village - Talks (Virtual)
SpeakerBio:Eric Gershman
No BIO available
Description:
Electronic Stability Control (ESC) system saves thousands of lives every year by preventing accidents before a driver starts to lose control but it can be a real drag when trying to race a modern electric vehicle. Both the Chevy Spark EV and Bolt electric car communities have been unable to defeat the ESC to get full control of their cars on the track. Join me on my journey as I attempt to defeat Chevy’s Stabilitrak to turn an EV econobox into an autocross speed racer.
This talk will stream on YouTube.
YouTube: https://www.youtube.com/watch?v=OS6rSHZq2N8
Return to Index - Add to
- ics Calendar file
APV - Saturday - 09:05-09:59 PDT
Title: Scaling AppSec through Education
When: Saturday, Aug 7, 09:05 - 09:59 PDT
Where: AppSec Village (Virtual)
SpeakerBio:Grant Ongers (rewtd)
No BIO available
Description:
Given that:
Security teams are outnumbered by developers 100:1
50 - 80% more bugs are found in code review than in testing
More than 70% of CVEs are caused by implementations in code
It must follow that AppSec should be the biggest part of your concern as a security person, and that you either need to seriously invest in more AppSec people to keep up with the developer population or you need to get developers looking for AppSec issues during code review.
So, how does one do that?
We'll lay out the problem space in a bit more detail, covering some of the issues described in our BlackHat EU talk (https://www.blackhat.com/eu-20/features/schedule/index.html#are-you-big-friendly-giant---red-unless-blue-finds-green-ru-bfg-22029) and then we'll move onto how we solve this.
We'll talk about the OWASP Application Security Curriculum project, it's goals, ambitions, and milestones - as well as talking about the current artefacts.
We'll then talk about how you get developers engaged in the education program and how we leverage other OWASP projects (like Cornucopia and the ASVS) to make it all fit together.
AppSec Village events will be streamed to YouTube.
YouTube: https://www.youtube.com/c/appsecvillage
Return to Index - Add to
- ics Calendar file
HTSV - Saturday - 13:00-13:55 PDT
Title: Sea Pods
When: Saturday, Aug 7, 13:00 - 13:55 PDT
Where: Hack the Sea (Virtual)
SpeakerBio:Grant Romundt
No BIO available
Description:No Description available
Hack the Sea Village will stream their events to YouTube and Twitch.
Twitch: https://www.twitch.tv/h4ckthesea
YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ
Return to Index - Add to
- ics Calendar file
VMV - Saturday - 10:30-10:59 PDT
Title: Secrets of Social Media PsyOps
When: Saturday, Aug 7, 10:30 - 10:59 PDT
Where: Voting Village (Talks - Virtual)
SpeakerBio:BiaSciLab
BiaSciLab is a 14 year old hacker and maker. She was the youngest speaker at H.O.P.E. and has spoken at DEF CON in the Voting Village, Bio Hacking Village and the r00tz Asylum kids con. She has spoken internationally on election security at DefCamp in Romania. She also received national attention when she hacked the election reporting system at DEF CON 26, this work was recently highlighted at the Congressional Hearing on Election Security. This inspired her to build her own election system, Secure Open Vote.
BiaSciLab is also the Founder and CEO of Girls Who Hack, an organization focused on teaching girls the skills of hacking so that they can change the future. She enjoys inventing things, giving talks and teaching classes on making, programming and hacking. Follow her on twitter @BiaSciLab @GirlsWhoHack @SecureOpenVote or check out her websites www.BiaSciLab.com www.GirlsWhoHack.com www.SecureOpenVote.com
Twitter: @BiaSciLab
Description:
Psychological Warfare through social media is one of the most powerful weapons in today's political battlefield. PsyOps groups have figured out how to sharpen the blade through algorithms and targeted advertising. Nation states are using PsyOps to influence the citizens of their enemies, fighting battles from behind the keyboard. In this talk, BiaSciLab with cover a brief history of PsyOps and how it has been used both on the battlefield and the political stage. Followed by a dive deep into how it works on the mind and how PsyOps groups are using social media to influence the political climate and elections worldwide.
Voting Village talks will be streamed to YouTube and Twitch.
Twitch: https://www.twitch.tv/votingvillagedc
YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg
Return to Index - Add to
- ics Calendar file
SEV - Saturday - 10:00-11:59 PDT
Title: SECTF4Teens
When: Saturday, Aug 7, 10:00 - 11:59 PDT
Where: Social Engineer Village (Virtual)
Speakers:Chris Silvers,Kris Silvers
SpeakerBio:Chris Silvers
No BIO available
SpeakerBio:Kris Silvers
No BIO available
Description:
For more information, please see https://www.social-engineer.org/events/sevillage-def-con/the-sectf4teens/
Social Engineer Village will stream content to Twitch.
Twitch: https://www.twitch.tv/socialengineerllc
Return to Index - Add to
- ics Calendar file
BHV - Saturday - 13:30-13:59 PDT
Title: Securing the Internet of Biological Things
When: Saturday, Aug 7, 13:30 - 13:59 PDT
Where: Biohacking Village (Talk - Virtual)
SpeakerBio:Thom Dixon
, National Security & Defence, PhD student at Macquarie University
Thom Dixon is Vice President for the Australian Institute of International Affairs NSW and the Manager, National Security and Defence at Macquarie University, Sydney, Australia.
Description:
The coming age of robust two-way communication between living and non-living systems can simply be described as the Internet of Biological Things (IoBT). Interfacing optoelectronic systems with optogenetic-, bioelectrochemical- and biosensor-based information substrates will challenge key assumptions underpinning information security. A cyberbiosecurity mindset is needed to maximise the benefits and minimise the downsides of the pervasive, persistent and immersive information environment that arises from an IoBT world.
All Biohacking Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q
Return to Index - Add to
- ics Calendar file
PHV - Saturday - 12:00-13:59 PDT
Title: Security Investigations with Splunk
When: Saturday, Aug 7, 12:00 - 13:59 PDT
Where: Packet Hacking Village - Workshops (Virtual)
SpeakerBio:Robert Wagner
, SPLUNK AND CO-FOUNDER OF HAK4KIDZ
Robert Wagner (Twitter: @mr_minion) is a security professional with 15+ years of InfoSec experience. He is a co-founder of the “Hak4Kidz” charity, a co-organizer of BurbSec and BurbSecCon in Chicago, and is on the Board of Directors of the ISSA Chicago Chapter.
Twitter: @mr_minion
Description:
Investigating with Splunk is a hands-on workshop designed to familiarize participants with how to investigate incidents using Splunk and open source. This workshop provides users a way to gain experience searching in Splunk to answer specific questions related to an investigation. These questions are similar to what would be asked in their own organizations. The workshop leverages the popular Boss of the SOC (BOTS) dataset in a question-and-answer format. Users will leave with a better understanding of how Splunk can be used to investigate in their enterprise. The class includes access to download the free “Investigating with Splunk” app that can be used to review the exercises after the class.
Return to Index - Add to
- ics Calendar file
PHV - Saturday - 09:00-09:59 PDT
Title: Seeing the Forest Through the Trees – Foundations of Event Log Analysis
When: Saturday, Aug 7, 09:00 - 09:59 PDT
Where: Packet Hacking Village - Talks (Virtual)
SpeakerBio:Jake Williams
, CTO OF BREACHQUEST
Jake Williams (Twitter: @malwarejake) is an incident responder, red teamer, occasional vCISO, and prolific infosec shitposter. He has traveled the world, but isn't welcome in China or Russia (and avoids most countries they have extradition treaties with). When not speaking at a conference like this one, it's a good bet that Jake is engaged in hand to hand combat with an adversary rooted deep in a network or engineering ways to keep them out. Jake's career in infosec started in the intelligence community, but has taken around the world securing networks of all shapes and sizes, from utilities to hospitals to manufacturing plants.
Twitter: @malwarejake
Description:
During an incident, everyone knows you need to review the logs – but what are they actually telling you? There's a wealth of information to be had in your logs event logs, but most analysts miss the forest because they don't understand the trees. In this talk, Jake will walk you through some of the most impactful event logs to focus on in your analysis. We'll target some old favorites covering login events, service creation, and process execution. We'll also examine task scheduler logs, useful in uncovering lateral movement and privilege escalation. Finally, we'll discuss some of the new event logs available in Windows 10 (if only you enable them first). If you don't want to be barking up the wrong tree during your next insider investigation or getting axed because you failed to identify the lateral movement attempts, make sure to watch this video.
All Packet Hacking Village talks will stream on YouTube, Twitch, Facebook, and Periscope.
YouTube: https://youtube.com/wallofsheep
Twitch: https://twitch.tv/wallofsheep
Facebook: https://www.facebook.com/wallofsheep/
Periscope: https://www.periscope.tv/wallofsheep
Return to Index - Add to
- ics Calendar file
CAHV - Saturday - 13:00-13:59 PDT
Title: Selling Yourself as a Security Professional
When: Saturday, Aug 7, 13:00 - 13:59 PDT
Where: Career Hacking Village (Talk)
SpeakerBio:Preston Pierce
No BIO available
Description:
What is the key to advancing your career in cybersecurity? The answer is SALES. No, you don't have to go make cold calls worry about CAN-SPAM laws, but you need to learn how to sell yourself. Many security professionals treat the industry like a chess tournament, expecting the most skilled player to come out on top and relying on skills alone to make the difference. This is not the reality of the world we live in. Most estimates say over half of jobs are filled through networking. Sometimes, who you know will matter as much as what you know in seeking a job. Leave the job boards and online postings and learn from one who has spent a decade in cybersecurity in recruiting (including running a cybersecurity recruiting agency) and sales how best to sell yourself for your next career move. This is going to be a tactical, practical discussion. How do you approach finding a new role from an outbound vs. inbound approach? What are the best places to put yourself out there in the market? What does it really mean to network to find your next job? How can you create a pipeline of job opportunities? Join to learn how to create more demand for YOU in the marketplace, find more job opportunities, and become a sought after person in our industry.
This talk will be available on YouTube: https://www.youtube.com/watch?v=9EA1DtgTrbU
Career Hacking Village content will be available on YouTube.
YouTube: https://youtube.com/careerhackingvillage
Return to Index - Add to
- ics Calendar file
CLV - Saturday - 12:45-13:30 PDT
Title: Shift Left Using Cloud: Implementing baseline security into your deployment lifecycle
When: Saturday, Aug 7, 12:45 - 13:30 PDT
Where: Cloud Village (Virtual)
SpeakerBio:Avinash Jain
I am an information security researcher working as a Lead Security Engineer managing complete end-to-end information security. I love to break application logic and find vulnerabilities in them, have been - acknowledged by various MNCs like Google, Yahoo, NASA, Vmware, MongoDB, and other top companies. I am also an active blogger, some of my articles and interviews have been published in various newspapers like Forbes, BBC, Techcrunch, Economic times, Huffingtonpost, Hindustan times, ZDNet, Hakin9, Hackerone, etc. I am also a cybersecurity speaker, love to share my views on various infosec threads.
Twitter: @logicbomb_1
Description:
In the agile world, where continuous iteration of development and testing happens throughout the software development lifecycle involving constant collaboration with stakeholders and continuous improvement and iteration at every stage, where engineers release their changes very frequently. All this makes the chances of potential security loopholes become more and more real. A fast-moving lean and agile culture makes it necessary to bring the testing of software support earlier in the development and release process. This brings us to the quote - “Security shouldn’t be treated as an after-thought”, it should be brought as close to engineers and as early in SDLC. When we bring something close to the source, and in this context, if we bring Security closer to the source, we call it Shift Left Security. It not only gives a much better opportunity to see improved security outcomes in products sooner, and include the requirements, suggestions, advice at an earlier stage, but also saves time, effort, and overall cost of product delivery. Shift Left approach takes this a step further, integrating security into CICD. With security requirements represented earlier in the software development process, it also makes enforcement part of the Continuous Delivery pipeline with improved testing, monitoring, and response to support security drift detection. By integrating security in CICD, one can deliver secure and compliant application changes rapidly while running operations consistently with automation. In order to do this well, the most logical place security can be checked are code reviews. But now the series of questions raised - How can it be achieved? How can we make sure every release that goes to production has proper security sign-off? How can we scan and test every piece of code that is changed from not just DAST or SAST point of view but also including wide custom and flexible security test cases? Here we will talk about building such a solution and framework to integrate security in CICD and automating the complete process for continuous scanning of different kinds of potential security issues on every code change in AWS Codepipeline. Some of the improvement it brings - Wide Variety of Security checks — Integration of standard and custom checks Early Checks — Now security checks are performed as soon as any PR is raised or code is modified Highly Flexible —The security checks are very modular. We can add more checks as we want and configure them to perform response-based action Completely Automated — Automation is the key/let the machines do the work Alerting - Integration of SNS alert for check success or failure Reporting - Scan reports are shared across different communication channels Framework as code - Any company having their CICD over AWS can use this framework by just running my in-house built cloud formation template Vulnerability Management - All the vulnerabilities and findings are logged in a single place - AWS Security Hub
Cloud Village activities will be streamed to YouTube.
YouTube: https://www.youtube.com/cloudvillage_dc
Return to Index - Add to
- ics Calendar file
DL - Saturday - 14:00-15:50 PDT
Title: Shutter
When: Saturday, Aug 7, 14:00 - 15:50 PDT
Where: Palace 1+2
SpeakerBio:Dimitry "Op_Nomad" Snezhkov
Dimitry Snezhkov is an Associate Director at Protiviti. In this role he hacks code, tools, networks, apps and sometimes subverts human behavior too. Dimitry has spoken at DEF CON, BlackHat, THOTCON conferences, and presented tools at BlackHat Arsenal.
Twitter: @Op_Nomad
Description:
Tool or Project Name: Shutter
Short Abstract:
The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permitting traffic based on IP or an executable that initiates or receives the traffic.
This is useful to blackhole event logging, defensive agent communication, or explicitly permit specific executables to communicate if they have been previously restricted by policy.
Shutter installs rules in a memory running session without touching the windows firewall itself or invocation of `netsh` command, thereby minimizing detection during long haul RT operations.
As a generic mechanism for managing network traffic it can help operators in:
punching through firewalls without shutting them down
not creating persistent rules
evading reporting on `netsh` invocation
blackholing EDRs and activity supervising agents.
studying existing security providers, active filters and network endpoints involved in network communication
Short Developer Bio:
I support initiatives in offensive testing for my team by writing code where needed.
Interests include network-based command and controls, data exfiltration mechanisms, evasion.
URL to any additional information: https://github.com/dsnezhkov/shutter
Detailed Explanation of Tool: Please see https://github.com/dsnezhkov/shutter...main/README.md
Supporting Files, Code, etc: https://github.com/dsnezhkov/shutter
Target Audience: Offense
Offensive teams can use the tool to better simulate attacks that involve WFP.
Return to Index - Add to
- ics Calendar file
BCV - Saturday - 13:30-13:59 PDT
Title: Sla(sh*t)ing happens when you stake
When: Saturday, Aug 7, 13:30 - 13:59 PDT
Where: Blockchain Village / Paris Vendome B
Speakers:Nadir Akhtar,Y L
SpeakerBio:Nadir Akhtar
, Blockchain Security Engineer, Coinbase
Blockchain security engineer @ Coinbase with deep expertise in digital asset security vulnerabilities https://blog.coinbase.com/securing-an-erc-20-token-for-launch-on-coinbase-68313652768f
Former President, Blockchain @ Berkeley
edX Blockchain Fundamentals curriculum developer and lecturer
Nadir Akhtar is a Blockchain Security engineer at Coinbase, where he leads security reviews of assets under consideration for Coinbase listing. Previously at Quantstamp, he audited smart contracts and contributed to a book on smart contract security fundamentals. He graduated from UC Berkeley in 2019 with a degree in Computer Science. During his time in Blockchain at Berkeley, he was President and an instructor for the UC Berkeley-endorsed blockchain fundamentals edX course series, reaching over 225,000 enrolled students to date.
SpeakerBio:Y L
, System Security Architect, Coinbase
System security Architect @ Coinbase. Leads team that designed, built, and operates Coinbase’s current cold storage system. https://www.wired.com/story/coinbase-physical-vault-to-secure-a-virtual-currency/
Description:
Proof of Stake protocols come with their own programmed reward/penalty incentives that impact principal token balance staked as well as staking rewards earning potential. Our talk first reviews our threat model for staking operations and then presents threat countermeasure recommendations to minimize risk of staking losses. This knowledge can be used to help you assess the risk posture of staking service providers and can be used as a best practices guide if you want to build out your own staking infrastructure.
This content will be presented live and in-person.
Return to Index - Add to
- ics Calendar file
ICSV - Saturday - 15:00-15:30 PDT
Title: Smart Meters: I'm Hacking Infrastructure and So Should You
When: Saturday, Aug 7, 15:00 - 15:30 PDT
Where: ICS Village (Virtual)
SpeakerBio:Hash Salehi
Hash grew up on IRC freely sharing information and benefitting from those more knowledgeable who were willing to reciprocate. He is the founder of RECESSIM, a reverse engineering community where information is freely shared. Over the last few years he has focused on reverse engineering smart meter technology analyzing both the RF communications and hardware design, openly publishing all his findings.
Twitter: @BitBangingBytes
Description:
Why Smart Meters? This is a question Hash is often asked. There's no bitcoin or credit card numbers hiding inside, so he must want to steal power, right? Openly analyzing the technology running our critical infrastructure and publishing the findings is something Hash is passionate about. In the wake of the great Texas freeze of 2021, we can no longer "hope" those in power will make decisions that are in the people's best interest. This talk will present research on the Landis+Gyr GridStream series of smart meters used by Oncor, the largest energy provider in Texas.
ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.
YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw
#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485
Return to Index - Add to
- ics Calendar file
DC - Saturday - 14:00-14:59 PDT
Title: Sneak into buildings with KNXnet/IP
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
SpeakerBio:Claire Vacherot
Claire Vacherot is a pentester at Orange Cyberdefense. She likes to test systems and devices that interact with the real world and is particularly interested in industrial and embedded device cybersecurity. As a former software developer, she never misses a chance to write scripts and tools.
Description:
Building Management Systems control a myriad of devices such as lighting, shutters and HVAC. KNX (and by extension KNXnet/IP) is a common protocol used to interact with these BMS. However, the public's understanding and awareness is lacking, and effective tooling is scarce all while the BMS device market keeps on growing.
The ability to craft arbitrary KNXnet/IP frames to interact with these often-insecure BMS provides an excellent opportunity in uncovering vulnerabilities in both the implementation of KNX as well as the protocol itself. From unpacking KNX at a lower level, to using a Python-based protocol crafting framework we developed to interact with KNXnet/IP implementations, in this talk we’ll go on a journey of discovering how BMS that implement KNXnet/IP work as well as how to interact with and fuzz them.
After this talk you could also claim that “the pool on the roof has a leak”!
- REFERENCES
- KNX Standard v2.1
https://my.knx.org/fr/shop/knx-specifications?product_type=knx-specifications
Scapy
https://github.com/secdev/scapy
KNXmap
https://github.com/takeshixx/knxmap
Papers & talks:
in)security in building automation how to create dark buildings with light speed
Thomas Brandstetter and Kerstin Reisinger
Presented at BlackHat USA 2017
https://www.blackhat.com/docs/us-17/wednesday/us-17-Brandstetter-insecurity-In-Building-Automation-How-To-Create-Dark-Buildings-With-Light-Speed-wp.pdf
Hacking Intelligent Building - Pwning KNX & ZigBee Networks
HuiYu Wu and YuXiang Li (Tencent)
Presented at HITB Amsterdam 2018
https://conference.hitb.org/hitbsecconf2018ams/materials/D1T2%20-%20YuXiang%20Li,%20HuiYu%20Wu%20&%20Yong%20Yang%20-%20Hacking%20Intelligent%20Buildings%20-%20Pwning%20KNX%20&%20ZigBee%20Networks.pdf
Security in KNX or how to steal a skyscraper
Egor Litvinov
Presented at Zero Nights 2015
http://2015.zeronights.org/assets/files/20-Litvinov.pdf
HVACking: Understanding the Delta Between Security and Reality
Douglas McKee and Mark Bereza
Presented at Defcon 27, 2019
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hvacking-understanding-the-delta-between-security-and-reality/
Anomaly Detection in BACnet/IP managed Building Automation Systems
Matthew Peacock – 2019
https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=3180&context=theses
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=QofeTV39kQE
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Claire%20Vacherot%20-%20Sneak%20into%20buildings%20with%20KNXnetIP.mp4
This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_three
Return to Index - Add to
- ics Calendar file
VMV - Saturday - 12:30-12:59 PDT
Title: Social Media Security = Election Security
When: Saturday, Aug 7, 12:30 - 12:59 PDT
Where: Voting Village (Talks - Virtual)
SpeakerBio:Sebastian Bay
Sebastian Bay is a researcher with the Swedish Defense Research Agency specialising in election security and digital harms.
Description:
Digital disinformation is a significant threat to trusted elections and poses a cybersecurity challenge for social media companies. Fake accounts spread content to authentic users, mislead users, and trick users into believing content is more popular. The global market for media manipulation is extensive and growing - many providers openly market their fake engagement services.
Sebastian Bay and his fellow researchers bought fake engagement on Facebook, Instagram, Twitter, Youtube, and Tik Tok to assess the social media companies’ ability to combat disinformation. This presentation explores their findings, highlights the differences between social media platforms, and provides recommendations for companies and policy makers.
Voting Village talks will be streamed to YouTube and Twitch.
Twitch: https://www.twitch.tv/votingvillagedc
YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg
Return to Index - Add to
- ics Calendar file
DC - Saturday - 14:00-14:45 PDT
Title: SPARROW: A Novel Covert Communication Scheme Exploiting Broadcast Signals in LTE, 5G & Beyond
When: Saturday, Aug 7, 14:00 - 14:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded
Speakers:Chuck McAuley,Reza Soosahabi
SpeakerBio:Chuck McAuley
Chuck McAuley is a principal security researcher with the Application & Threat Intelligence Research Center (ATIRC) at Keysight Technologies. Chuck has a variety of interests that include 5G and LTE packet core vulnerabilities, reverse engineering botnets, finding novel forms of denial of service, and researching weird esoteric protocols for weaknesses and vulnerabilities
Twitter: @nobletrout
SpeakerBio:Reza Soosahabi
Reza Soosahabi is a lead R&D engineer with Application & Threat Intelligence Research Center (ATIRC) at Keysight Technologies. His current field of research includes RAN security, data exfiltration and ML / statistical algorithms. He has been a 5G system engineer prior to joining Keysight in 2018. He contributes in IEEE proceedings related to signal processing and information security. As a math-enthusiast, Reza often tries unconventional analytical approaches to discover and solve technically diverse problems. He also enjoys cutting boxes with Occam’s Razor and encourages the others around him to do so.
Twitter: @darthsohos
https://scholar.google.com/citations?user=SNFxK60AAAAJ&hl=en
Description:
When researching methods for covert communications in the wireless space, we noticed most hackers are barely looking below the IP layer, and even the wireless guys are focused on creating their own radio (PHY layer) solutions rather than looking at what’s already available to them. We discovered a sweet spot that takes advantage of MAC layer protocols in LTE and 5G, enabling long range communication using other people’s networks, GSMA CVD-2021-0045. We can use SPARROW devices almost everywhere in a variety of scenarios, such as data exfiltration and command and control. Despite limited data rates, the new scheme can defeat known covert communication schemes with dedicated PHY in the following ways:
- Maximum Anonymity: SPARROW devices do not authenticate with the host network while operating. This eliminates their exposure to network security and lawful intercept systems as well as spectrum scanners. Utilizing limited resources, they cause very minimal impact on the host network services.
- More Miles per Watt: SPARROW devices can be several miles apart exploiting broadcast power of base stations or non-terrestrial technologies. The range can be further extended by deploying several of them in a geographically sparse mesh network.
- Low Power & Low Complexity: SPARROW devices can utilize existing protocol implementation libraries installed on commodity SDRs. They can operate on batteries or harvest energy from the environment for long durations, just like real sparrows!
- REFERENCES
- There are no direct references of prior study that I (Reza) have (aside from general knowledge of 5G standard and RF), however the following talks and items led me towards this discovery:
- DEF CON Safe Mode - James Pavur - Whispers Among the Stars - https://www.youtube.com/watch?v=ku0Q_Wey4K0
- DNS Data Exfiltration techniques
- My boss buying me a 5G base station emulator and saying "find something wrong with this!"
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=oaLIo9HwW-g
- Media
- (Main Talk)
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Reza%20Soosahabi%20Chuck%20McAuley%20-%20SPARROW%20-%20A%20Novel%20Covert%20Communication%20Scheme%20Exploiting%20Broadcast%20Signals%20in%20LTE%2C%205G%20%26%20Beyond.mp4
(Demo)
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Reza%20Soosahabi%20Chuck%20McAuley%20-%20SPARROW%20-%20A%20Novel%20Covert%20Communication%20Scheme%20Exploiting%20Broadcast%20Signals%20in%20LTE%2C%205G%20%26%20Beyond%20-%20Demo.mp4
This talk will be given live in Track 1.
This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_one
Return to Index - Add to
- ics Calendar file
CPV - Saturday - 14:00-14:59 PDT
Title: Staying Fresh While the Feds Watch: Changes in Government Surveillance and Why it Matters
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: Crypto & Privacy Village (Virtual)
SpeakerBio:Anthony Hendricks
Anthony Hendricks is an attorney who advises clients as the chair of Crowe & Dunlevy’s Cybersecurity & Data Privacy Practice Group. In that role, he frequently analyzes and litigates legal issues related to IoT devices. Prior to beginning his practice, he studied as Howard University's first Marshall Scholar and later graduated from Harvard Law School. He now teaches cybersecurity law as an adjunct professor at Oklahoma City University School of Law.
Description:
Technology is constantly changing and evolving. While our laws are slow to keep up, this hasn’t stopped the government from adapting. Whether it’s using IoT devices as informants, paying for access to databases of information that the government could not collect without a warrant, or the increased use of facial recognition software, government surveillance is changing. This presentation will explore the current trends in government surveillance and investigations, the gaps in the law, the impact on all of us, and what we should be asking the law to do.
Crypto & Privacy Village will be streaming their events to YouTube and Twitch.
Twitch: https://www.twitch.tv/cryptovillage
YouTube: https://www.youtube.com/c/CryptoVillage
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 12:00-12:30 PDT
Title: Strategic Trust and Deception in the Internet of Things
When: Saturday, Aug 7, 12:00 - 12:30 PDT
Where: IoT Village (Talk - Virtual)
SpeakerBio:Juneau Jones
Raised in the woods of Alaska, Juneau attributes her love of hacking to a childhood spentbuilding and breaking things outside. After studying computer science and economics, she moved to Dallas, Texas, where she found a home in the local hacker community. Juneau began research on applying behavioral economics to adversarial tactics. After her successful first talk at Dallas Hacker's Association on the prisoner’s dilemma, she began presenting her research at cons across the country. Currently, she works as an adversarial analyst doing consultant red teaming. She is also continuing her research and education as a cybersecurity fellow at NYU. When she is not hacking or asking strangers to act out the prisoner's dilemma, Juneau breathes fire, plays the bass, and runs DC214; Dallas's DefCon group.
Description:
Game Theory is the study of choices and strategies made by rational actors, called ""players,"" during times of conflict or competition. It has been used throughout history to map human conflict. Statisticians use game theory to model war, biology, and even football. In this talk, we will model interactions between IoT devices based on strategic trust; how agents decide to trust each other.
The talk will provide an overview of game-theoretic modeling and its application to the IoT landscape. The landscape facilitates deception; players must decide whether or not to trust other agents in the network, and agents may have misaligned incentives. There is a trade-off between information gained and short-term security. This talk will build a framework for predictive and strategic trust where players make decisions based on the incentives of their ""opponents."" This talk will not look at network topology or protocols but will instead look at information exchange and strategy.
IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.
Twitch: https://www.twitch.tv/iotvillage
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 17:00-17:30 PDT
Title: Structured Analytical Techniques for Improving Information Security Analyses
When: Saturday, Aug 7, 17:00 - 17:30 PDT
Where: Blue Team Village - Main Track (Virtual)
SpeakerBio:Rabbit
Rabbit is an information security engineer and lagomorph enthusiast with a background in medical device security and biometric access system assessment who now manages the secure development and testing of IoT smart home and smart lock devices.
Twitter: @ra6bit
Description:
Based on tradecraft documents openly published by the CIA, this talk takes structured analytical techniques intended for intelligence analysis and refactors them for use in improving typical Information Security investigations and analyses as well as OSINT investigations.
In 2009, the Central Intelligence Agency published a document titled "A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis " which lays out a number of techniques for improving the accuracy and reliability of intelligence analyses. I found the document fascinating and set out to reapply the techniques for use in my day to day Information Security work. The techniques are a fantastic tool set for improving the quality of analysis products by bringing alternative narratives and solutions to light, highlighting contradictory evidence, and developing confidence in analysis conclusions. Additionally there are techniques for imaginatively creating and evaluating new scenarios which may fit a given set of evidence.
The techniques can be divided into three categories. "Diagnostic Techniques", which are intended to assess and improve the quality of source material used in an analysis. "Contrarian Techniques", which are intended to surface potential alternate hypotheses that fit the information available, and "Imaginative Thinking" techniques which are used to generate new starting points for hypotheses that can then be developed further by applying the previous techniques.
An example of a Diagnostic technique is a "Key assumptions check". This exercise is simply to list all of the assumptions that have been made within an analysis, which can then be analyzed to identify unsupported assumptions or assumptions with excessive uncertainty. In an information security context, such as during incident response, this type of analysis can illuminate where assumptions have been made that can't be verified, such as confusing correlation with causation, or when errors have been made due to trusting timing information sources without verifying other reference events are properly synchronized in the source material. In an OSINT investigation, this technique can help weed out correlations that have been made based on dubious evidence.
An example of a Contrarian technique most people are probably familiar with already is the "Devils advocate" technique, where narratives are created which intentionally directly refute the hypothesis of the analysis to be improved. These opposite narratives are then evaluated to determine if they could be valid primary hypotheses. A lesser known technique, however, would be a "High Impact/Low probability" analysis, where an incident is analyzed in reverse. If the event is assumed to be a foregone conclusion, analyzing what conditions would necessarily have to have occurred for that condition to be possible can lead to the identification of additional places where supporting evidence may be available, or it may lead to a hypothesis being rejected as not fitting the available evidence.
An example of an Imaginative analysis is the "Red Team analysis". While a lot of people in Information Security will be familiar with what a red team is, particularly in the BTV, in this technique, the focus is on analyzing the red team itself, rather than applying red team techniques. What this means is to analyze the driving motivations of the adversary and factors which may influence their behavior as attackers. It's more like "red teaming the red team" to develop an idea of how and why they may act in a certain way in a given situation. In the information security realm, an example of applying this sort of technique is to develop a potential model of a threat based on their TTPs, then use that to determine if there are other investigations that should occur. For instance, if a breach was caused by a hacktivist, the ultimate goal of their attack may be completely different than that of a corporate rival, or a nation state, and identifying those motivations can help you further understand the motives and meanings behind the actions they take and their ultimate goals within your systems.
The final portion of this talk would be to apply some of the techniques to sample sets of evidence to illustrate how each technique can be applied, and how each can improve, support, or refute the initial hypothesis.
Blue Team Village talks will be streamed to Twitch.
--
Twitch: https://twitch.tv/blueteamvillage
Return to Index - Add to
- ics Calendar file
DC - Saturday - 13:00-13:59 PDT
Title: TEMPEST radio station
When: Saturday, Aug 7, 13:00 - 13:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
SpeakerBio:Paz Hameiri
Paz started his professional life 30 years ago, hacking games and developing tools in his teen years. Since then, he has worked in several companies, developing both hardware and software.
Paz has six years of experience with telecommunication systems design and circuits. He explored GPU hardware and software design in his Master's thesis. For 12 years, Paz led multidisciplinary systems development as a systems engineer in an international homeland security company.
At home, Paz explores ideas he finds interesting. In 2019 he published his work on a body-tracking device that records keystrokes on a safe's keypad.
https://il.linkedin.com/in/paz-hameiri-251b11143
Description:
TEMPEST is a cyber security term that refers to the use of electromagnetic energy emissions generated by electronic devices to leak data out of a target device. The attacks may be passive (where the attacker receives the emissions and recovers the data) or active (where the attacker uses dedicated malware to target and emit specific data).
In this talk I present a new side channel attack that uses GPU memory transfers to emit electromagnetic waves which are then received and processed by the attacker. Software developed for this work encodes audio on one computer and transmits it to the reception equipment positioned fifty feet away. The signals are received and processed and the audio is decoded and played. The maximum bit rate achieved was 33kbit/s and more than 99% of the packets were received.
Frequency selection not only enables maximization of signal quality over distance, but also enables the attacker to receive signals from a specific computer when several computers in the area are active. The software developed demonstrates audio packets transfers, but other types of digital data may be transmitted using the same technique.
- REFERENCES
- Eck W. “Electromagnetic radiation from video display units: an eavesdropping risk?” Computers and Security, 4, no. 4: 269-286, 1985.
Kuhn, M. G., and Anderson, R. J. Soft. “Tempest: Hidden Data Transmission Using Electromagnetic Emanations.” In Information Hiding (1998), ed. D. Aucsmith, vol. 1525 of Lecture Notes in Computer Science, (Springer): 124–142.
Thiele, E., “Tempest for Eliza.” 2001. http://www.erikyyy.de/tempest/.
Kania B., “VGASIG: FM radio transmitter using VGA graphics card.” 2009. http://bk.gnarf.org/creativity/vgasig/vgasig.pdf.
Guri M., Kedma G., Kachlon A., Elovici Y. “AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies.” In Malicious and Unwanted Software: The Americas (MALWARE), 2014 9th International Conference on IEEE, 2014: 58-67.
2pkaqwtuqm2q7djg,"OVERCLOCKING TOOLS FOR NVIDIA GPUS SUCK, I MADE MY OWN". 2015. https://1vwjbxf1wko0yhnr.wordpress.com/2015/08/10/overclocking-tools-for-nvidia-gpus-suck-i-made-my-own/
nvapioc project: https://github.com/Demion/nvapioc
SDRplay API Specification v3, https://www.sdrplay.com/docs/SDRplay_API_Specification_v3.pdf
Simon Rockliff's Reed-Solomon encoding-decoding code at http://www.eccpage.com/rs.c
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=m9WkEwshNKc
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Paz%20Hameiri%20-%20TEMPEST%20radio%20station.mp4
This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_three
Return to Index - Add to
- ics Calendar file
RFV - Saturday - 08:00-07:59 PDT
Title: The Basics of Breaking BLE - Part 2: Doing More With Less
When: Saturday, Aug 7, 08:00 - 07:59 PDT
Where: Radio Frequency Village (Virtual)
SpeakerBio:freqy
Freqy is a security consultant and researcher with a particular interest in wireless technologies like BLE, ZigBee, Wi-Fi, etc. She has spent the past two year working with companies to help improve the wireless security of devices found in millions of homes and businesses.
Twitter: @freqyXin
Description:
Part 2 of this series continues our discussion on BLE security with an introduction to some additional testing methods using affordable devices and open-source software. From there, we’ll talk about scripting simple BLE attacks, dealing with BlueZ, and exploring BLE devices in the wild. Attendees will also have the opportunity to field questions about BLE security during a live Q/A session following the video.
Radio Frequency Village will not be streaming any talks, but they will be making talks available on their YouTube channel.
YouTube: https://youtube.com/c/RFHackersSanctuary
Return to Index - Add to
- ics Calendar file
HHV - Saturday - 10:30-10:59 PDT
Title: The Black Box and the Brain Box: When Electronics and Deception Collide
When: Saturday, Aug 7, 10:30 - 10:59 PDT
Where: Hardware Hacking Village (Virtual Talk)
SpeakerBio:Gigs
Gigs is the founder of ##electronics on Freenode (may it rest in peace), and a long time electronics enthusiast and DEF CON HHV volunteer. He, working with see_ess, did the PCB and hardware design for this year’s TorBadge, a mini-polygraph device.
Twitter: @gigstaggart
gigsatdc.org
Description:
Electricity has, from the earliest history of man, been seen as an almost mystical force. From Thor’s lightning onward, various individuals and groups have used electricity and electrical devices to baffle, mystify, mislead, and control people. In the modern day, this practice continues in the form of polygraph, questionable uses of fMRI and EEG, and other high-tech props intended to dazzle the victim or lend a technological veneer of credibility to the user. This talk will focus on the history and current applications of deception by and with electrical and electronic devices.
#hhv-talk-qa-blackbox-brainbox-text https://discord.com/channels/708208267699945503/709254868329693214
Twitch: https://twitch.tv/dchhv
Hardware Hacking Village talks will be streamed to Twitch.
Twitch: https://www.twitch.tv/dchhv
Return to Index - Add to
- ics Calendar file
RCV - Saturday - 10:40-11:10 PDT
Title: The Bug Hunter’s Recon Methodology
When: Saturday, Aug 7, 10:40 - 11:10 PDT
Where: Recon Village (Virtual)
SpeakerBio:Tushar Verma
No BIO available
Twitter: @e11i0t_4lders0n
Description:No Description available
Recon Village talks will stream to YouTube.
YouTube: https://www.youtube.com/c/ReconVillage
Return to Index - Add to
- ics Calendar file
LPV - Saturday - 15:00-15:30 PDT
Title: The Coat Hanger Talk: A Noob's Look Into the Thieves World
When: Saturday, Aug 7, 15:00 - 15:30 PDT
Where: Lock Pick Village (Virtual)
SpeakerBio:De
No BIO available
Description:
The talk starts with me describing a typical work environment, and explaining how creativity is a fundamental for the LPV. I, As a noob, steps into the shoes of a broad audience and explains how creativity is a huge issue when it comes to basic security, both physical, with locks, and a bit with software.
Lock Pick Village will be streaming their activities to Twitch and YouTube.
Twitch: https://www.twitch.tv/toool_us?
YouTube: https://youtube.com/c/TOOOL-US
Return to Index - Add to
- ics Calendar file
AIV - Saturday - 11:00-11:59 PDT
Title: The Coming AI Hackers
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: AI Village (Virtual)
SpeakerBio:Bruce Schneier
No BIO available
Description:No Description available
AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.
Speakers will be made available on DEF CON's Discord, in #aiv-general-text.
Twitch: https://www.twitch.tv/aivillage
YouTube: https://www.youtube.com/c/aivillage
#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536
Return to Index - Add to
- ics Calendar file
APV - Saturday - 11:00-11:45 PDT
Title: The Curious case of knowing the unknown
When: Saturday, Aug 7, 11:00 - 11:45 PDT
Where: AppSec Village (Virtual)
SpeakerBio:Vandana Verma Sehgal
No BIO available
Description:No Description available
AppSec Village events will be streamed to YouTube.
YouTube: https://www.youtube.com/c/appsecvillage
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 22:30-23:30 PDT
Title: The Hangar – Cocktail Making Event
When: Saturday, Aug 7, 22:30 - 23:30 PDT
Where: Aerospace Village (Workshop - Paris Rivoli B)
Description:
There’s nothing like a nice cocktail after a long day of travel and/or hacking! Come join us Saturday afternoon for a cocktail building session. We’ll be making and tasting the most appropriate cocktail, the Aviation, which evokes beautiful clouds and sunsets. It’s sophisticated and full of gin (just like our UK friends). We’re working on a virtual version where we will publish a CBOM – Cocktail Bill of Materials, so you know what to collect/purchase to build your own while we share one with you, no matter your location.
Return to Index - Add to
- ics Calendar file
SEV - Saturday - 13:30-14:30 PDT
Title: The Innocent Lives Foundation: A Beacon of Light in a Dark World
When: Saturday, Aug 7, 13:30 - 14:30 PDT
Where: Social Engineer Village (Virtual)
SpeakerBio:John McCombs
John McCombs serves as the Executive Assistant to the ILF, where he assists in administrative duties, fundraising, project management and public speaking. At age 12, John began his first job in the industry as a web developer, and shortly thereafter, as a help-desk operator at an international health supplement company.
In addition to having over a decade of experience in the technology industry, John also holds a bachelor’s degree in Teaching English to Speakers of Other Languages (TESOL) and has had extensive training in public speaking.
Description:
The Innocent Lives Foundation: A Beacon of Light in a Dark World, is a talk to bring awareness to the ILF and the mission of identifying and bringing child predators to justice. Topics will include an introduction to the ILF, our mission, our vision, why we are needed now more than ever, our stance on vigilantism, and neutrality. We wish to introduce the ILF to a broad audience and encourage involvement through financial support and ambassadorship.
Social Engineer Village will stream content to Twitch.
Twitch: https://www.twitch.tv/socialengineerllc
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 17:15-17:59 PDT
Title: The Journey of Establishing IoT Trustworthiness and IoT Security Foundation
When: Saturday, Aug 7, 17:15 - 17:59 PDT
Where: IoT Village (Talk - Virtual)
Speakers:Amit Elazari,Anahit Tarkhanyan,Ria Cheruvu
SpeakerBio:Amit Elazari
Dr. Amit Elazari is Director, Global Cybersecurity Policy, Government Affairs at Intel Corp. and a Lecturer at UC Berkeley School of Information Master in Cybersecurity program. She graduated her Doctor of Science of the Law (J.S.D.) from UC Berkeley School of Law. Her work on security and technology law has been published in leading academic journals and popular press, including The New York Times, The Washington Post and Wall Street Journal and presented in top conferences including RSA, BlackHat, USENIX Enigma, USENIX Security and more. Elazari holds three prior degrees, summa cum laude (LL.B., LL.M. in the Law and a B.A. in Business) from IDC, Israel. Her work was awarded among others a USENIX Security Distinguished Paper Award, Annual Privacy Papers for Policymakers (PPPM) Award Academic Paper Honorable Mention, Casper Bowden PET award for Outstanding Research in Privacy Enhancing Technologies, University of California, Berkeley School of Information Distinguished Faculty Award. She is currently one of the co-editors of ISO/IEC 27402 at JTC1, SC27 (in draft, IoT Security Baseline Requirements).
SpeakerBio:Anahit Tarkhanyan
, Principal Engineer, Intel Corp., Network and Edge Group, IoT CTO Office
Anahit leads the security architecture of Intel edge portfolio. Her area of expertise covers security of Edge to Cloud systems and AI/ML, security standards and regulation. Anahit is IEEE Senior Member and has PhD in Distributed Computer Systems and Networks. She holds several patents, and has publications in diverse security technology. "Dr. Amit Elazari, Intel Corp., Director, Global Cybersecurity Policy, Government Affairs
SpeakerBio:Ria Cheruvu
Ria Cheruvu is an AI Ethics Lead Architect at the Intel Network and Edge engineering group working on developing trustworthy AI products. She is 17 years old, and graduated with her bachelor’s degree in computer science at Harvard University at 11 and her master’s degree in data science from her alma mater at 16. Her pathfinding domains include solutions for security and privacy for machine learning, fairness, explainable and responsible AI systems, uncertain AI, reinforcement learning, and computational models of intelligence. She enjoys composing piano music, ocean-gazing with her family, and contributing to open-source communities in her free time.
Description:
The Internet of Things (IoT) ecosystem holds tremendous promise to promote innovation and productivity, and societal benefits. Yet, with increased connectivity, concerns remain with the growing attack surface. While the DFECON community often focuses on the security aspects of these issues, the multidimensional nature of IoT devices and the combination of AI/ML solutions, sparked standardization activities focusing more generally on the concept of “IoT trustworthiness”. This talk will introduce the audience to the latest developments in the IoT Security Policy landscape, proposals for confidence/certifications mechanisms emerging globally, and key IoT Security baseline standards developments, while exploring the connection to the IoT trustworthiness concept across the IoT Supply Chain. We will describe a case study of IoT robustness and trustworthiness applied in context of AI and smart analytics, including the importance of characterizing the behavior of data.
IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.
Twitch: https://www.twitch.tv/iotvillage
Return to Index - Add to
- ics Calendar file
BHV - Saturday - 17:00-17:30 PDT
Title: The Little Things
When: Saturday, Aug 7, 17:00 - 17:30 PDT
Where: Biohacking Village (Talk - Virtual)
SpeakerBio:Mixæl Laufer
, Director of the Institute for Autonomous Medicine. Four Thieves Vinegar Collective.
No BIO available
Description:
Was 2020 not the best year for you? Has 2021 not been a huge improvement? Are you sick of being dependent on infrastructure which fails? Do you wish there was something to look forward to? The Four Thieves Vinegar Collective has been quiet, because we've been busy this last year. We have a lot of things to share.
But that's not what this talk is about. Instead of the new tools to eradicate diseases, tools to make medicines, ways to administer them, and DIY medical machinery, we're talking about just making it through the day.
There are tools which are not well known, but are easily accessible and can help you sleep better, not be hungover, clear brain fog, and take the edge off depression. These tools are not as well known as they should be, so we're talking about them.
Because as fun as the big things are, daily life is about the little things.
All Biohacking Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q
Return to Index - Add to
- ics Calendar file
BICV - Saturday - 12:30-12:30 PDT
Title: The OPSEC of Protesting
When: Saturday, Aug 7, 12:30 - 12:30 PDT
Where: Blacks in Cyber
SpeakerBio:Ochaun Marshall
Ochaun (pronounced O-shawn) Marshall is an application security consultant. In his roles at Secure Ideas, he works on ongoing development projects utilizing Amazon Web Services and breaks other people's web applications. When he is not swallowing gallons of the DevOps Kool-Aid, he can be found blasting J Cole while hacking, blogging, and coding. He covers everything he does with the signature phrase: I code; I teach; I hack.
Twitter: @OchaunM
Description:
Technology both facilitates and complicates the human condition in many ways, especially in the tradition of protesting. Activists and those supporting social movements need to be aware of the risks of social demonstrations. In this talk, we dive into communication strategies for activists, as well as the basics of OPSEC. We’ll do threat modeling against both nation-state & opposition movements and discuss the utility of basic security hygiene in this context. We will also examine these principles against case studies of the Civil rights movement, BLM, Hong Kong Separation movement, Election protests, and recent “hacktivist” attacks against Parler and Gab.
Blacks in Cyber talks will be streamed on YouTube.
YouTube: https://www.youtube.com/c/BlacksInCybersecurity
Return to Index - Add to
- ics Calendar file
AIV - Saturday - 14:00-14:59 PDT
Title: The Real History of Adversarial Machine Learning
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: AI Village (Virtual)
SpeakerBio:Eugene Neelou
No BIO available
Description:No Description available
AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.
Speakers will be made available on DEF CON's Discord, in #aiv-general-text.
Twitch: https://www.twitch.tv/aivillage
YouTube: https://www.youtube.com/c/aivillage
#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536
Return to Index - Add to
- ics Calendar file
BHV - Saturday - 14:00-14:59 PDT
Title: The Real Story on Patching Medical Devices
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: Biohacking Village (Talk - Virtual)
SpeakerBio:Michael Murray
, Founder / CEO · Chief Security Officer, Scope Security
Mike Murray is the CEO of Scope Security where he builds on his nearly two decades of experience to solve critical security problems in healthcare. Prior to Scope, Murray served as the CSO at Lookout, lead pre-market security at GE Healthcare and co-founded The Hacker Academy & MAD Security.
Twitter: @mmurray
Description:
One of the constant debates in the medical device sector is around patching of medical devices. While the FDA issues clear guidance that devices can and should be patched, some device manufacturers often claim that the FDA is the reason that they can't issue patches, and the hospitals and healthcare organizations using the devices are left confused and accepting risk that they can't manage. With this panel, we will have the conversation out in front of the Defcon audience. Panelists will include representation from the FDA, a product security leader from a device manufacturer and a healthcare CISO with the goal being for the entire Defcon Biohacking Village audience to come away understanding what the truth really is about whether they can patch their devices, and how the sector can continue to move this conversation forward.
All Biohacking Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q
Return to Index - Add to
- ics Calendar file
CPV - Saturday - 16:30-17:30 PDT
Title: The threat hiding in daylight: Police Monitoring legislation and individual privacy in chat
When: Saturday, Aug 7, 16:30 - 17:30 PDT
Where: Crypto & Privacy Village (Virtual)
Speakers:Vic Huang,Joy Ho
SpeakerBio:Vic Huang
, Member, UCCU Hacker
Vic Huang is member of UCCU Hacker, a hacker community in Taiwan. He is interested in Web/Mobile/Blockchain Security and penetration testing. He has been focusing on Blockchain for over 4 years. Vic shared his research on CYBERSEC 2021, CODE BLUE 2020, HITB+cyberweek 2019, HITCON Pacific 2018, AIS3, ISIP (Information Security Incubation Program), and so on.
SpeakerBio:Joy Ho
, Ph. D. Candidate, Soochow University
Joy Ho is a privacy counsel now working in a technical company in handling personal data infringement events and in legal compliance of Personal Information Protection Act. Joy is certified Internal Management Specialist, Internal Auditor & Certified Verification Professional – Lead Auditor of Taiwan Personal Information Protection & Administration System (TPIPAS), also Lead Auditor of ISO 27001.
Description:
Since all the messenger services emphasize the trust relationship between the service provider and users, technology companies have been actively strengthening user data protection and providing better encryption measures in recent years. However, focusing on criminal investigation, national security and Anti-terrorism, law enforcement agencies in many countries have begun to formulate rules requiring technology companies to cooperate with the government to provide user data decryption to protect national security. This presentation try to introduce relevant issues about the police monitoring legislation and individual privacy in chat from technical and legal perspectives and the special case study from Taiwan.
First , we would share some police investigation in TW. The methods and targets have been changed due to the evolution of times. Then we would dive into a new critical target - messengers apps. Discuss about the technical part of messengers apps and Police Monitoring possibility. There are some messengers which is popular in different regions. In these apps, not only personal information are stored in the data collector side - service provider, but also our private chat messages with our family and friends. The messenger app companies say they use point-to-point encryption (end-to-end encryption, E2EE) to technically protect user privacy, but actually each what is E2EE? What is the difference between messenger apps E2EE? And how’s it possible that there are some monitor(spying) apps clarify that they could reach to the data under E2EE scope? It makes the Police monitoring possible because many spying apps are existed. In this part we will also discuss about the technical part of privacy protection and spying. The discussion would then point out “what and how the police could really get in real world” from the technical perspective.
Secondly, we would start from Technology Investigation Act draft in Taiwan. On September 8, 2020, the Taiwan Ministry of Justice announced the draft Technology Investigation Act, which introduced different high-tech investigation approaches, including the “source telecommunications surveillance.” We will introduce the draft Technology Investigation Act and the source telecommunications surveillance ruled. The issues related to the access of individual communication content would be raised: (1) If public interest is the reason to get individual communication, what is the line between privacy protection and public interest?What is the legal basis to get individual communication? (2) Could Government request or compel technology companies to provide my communication content? (3) How about the encrypted one? Through the discussion of 3 questions above, this presentation would provide an example to see the accessible information of messengers by criminal investigation, hoping to find the balance between privacy protection and police investigation. The last but not the least, we would share a case study about the police in Taiwan use the personal information collected for COVID-19 measurements to investigate the case.
Crypto & Privacy Village will be streaming their events to YouTube and Twitch.
Twitch: https://www.twitch.tv/cryptovillage
YouTube: https://www.youtube.com/c/CryptoVillage
Return to Index - Add to
- ics Calendar file
AVV - Saturday - 10:00-10:59 PDT
Title: The Way of The Adversary
When: Saturday, Aug 7, 10:00 - 10:59 PDT
Where: Adversary Village (Virtual)
SpeakerBio:Phillip Wylie
, Offensive Cybersecurity Practitioner & Educator, The PWN School Project
Phillip has over two decades of information technology and cybersecurity experience. His specialties include penetration testing, red teaming, and application security. When Phillip is not hacking, he is educating others. Phillip is the founder of The Pwn School Project, an education-focused cybersecurity organization. He co-authored the book, “The Pentester Blueprint: Starting a Career as an Ethical Hacker” based on his popular talk presented at numerous conferences. He is an Innocent Lives Foundation Ambassador and a ‘Hacking is NOT a Crime’ Advocate.
Twitter: @PhillipWylie
https://www.linkedin.com/in/phillipwylie
Description:
The adversary philosophy and mindset are important when trying to emulate a threat actor during a red team operation or offensive cybersecurity assessment or trying to understand them as a defender. In this talk we will take a look at the philosophy and mindset of an adversary as well as what motivates them.
Adversary Village talks and workshops will be streamed on YouTube and Twitch.
Q&A sessions will happen in DEF CON Official Discord server after each talk.
YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg
Twitch: https://twitch.tv/adversaryvillage
Discord: https://discord.gg/defcon
Return to Index - Add to
- ics Calendar file
BCV - Saturday - 16:00-16:30 PDT
Title: The Wild West of DeFi Exploits
When: Saturday, Aug 7, 16:00 - 16:30 PDT
Where: Blockchain Village / Paris Vendome B
SpeakerBio:Anna Szeto
, Intern Blockchain Security Coinbase
Anna Szeto is a Software Engineering Intern on the Blockchain Security team at Coinbase. She is a rising third-year student at Columbia University, with a major in computer science and interests in blockchain, decentralized finance, and artificial intelligence.
Description:
Decentralized finance (DeFi) has become increasingly popular, and DeFi-related hacks and scams have become more frequent as the market expands. This talk reviews how and why these hacks and scams occur, both from a technical, code-oriented perspective and a psychological perspective. Recent examples of DeFi scams, as well as tips for avoiding them, are also covered. DeFi can seem like a lawless land, but investors can navigate safely if they know what to look out for.
This content will be presented live and in-person.
Return to Index - Add to
- ics Calendar file
DC - Saturday - 12:00-12:20 PDT
Title: Time Turner - Hacking RF Attendance Systems (To Be in Two Places at Once)
When: Saturday, Aug 7, 12:00 - 12:20 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
SpeakerBio:Vivek Nair
Vivek Nair is a Ph.D. student studying applied cryptography in the EECS department at UC Berkeley. He was the youngest-ever recipient of Bachelor’s and Master’s degrees in Computer Science at the University of Illinois at the ages of 18 and 19 respectively. He is also a National Science Foundation CyberCorps Scholar and a National Physical Science Consortium Fellow.
https://github.com/VCNinc/Time-Turner
Description:
It's a tale as old as time: a graduating senior needs two more courses to graduate, but the lectures happen to be scheduled at the same time and the school's new high-tech wireless attendance tracking system makes it impossible to attend both courses... in theory. By reverse-engineering the attendance devices and emulating them using a hidden Arduino, the system can be tricked into giving attendance credit for both courses without being physically present. It's a real-life "time turner," allowing him to be in two places at once.
- REFERENCES
- https://github.com/wizard97/iSkipper/releases/download/v1.0.0/iskipper.pdf
https://courses.ece.ubc.ca/cpen442/termproject/reports/2010/iclicker.pdf
https://people.ece.cornell.edu/land/courses/ece4760/FinalProjects/f2015/cs886_kdv8/cs886_kdv8/cs886_kdv8/index.html
https://github.com/wizard97/iSkipper
https://github.com/charlescao460/iSkipper-Software
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=wEslemikn48
Media Server (Main Talk):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29.mp4
Media Server (Demo 1):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%201.mp4
Media Server (Demo 2):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%202.mp4
Media Server (Demo 3):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%203.mp4
Media Server (Demo 4):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%204.mp4
Media Server (Demo 5):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%205.mp4
Media Server (Demo 6):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%206.mp4
Media Server (Demo 7):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%207.mp4
This talk will be given live in Track 2.
This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_two
Return to Index - Add to
- ics Calendar file
ICSV - Saturday - 13:00-13:30 PDT
Title: Toward a Collaborative Cyber Defense and Enhanced Threat Intelligence Structure
When: Saturday, Aug 7, 13:00 - 13:30 PDT
Where: ICS Village (Virtual)
SpeakerBio:Lauren Zabierek
, Harvard Kennedy School's Belfer Center for Science and International Affairs
Lauren Zabierek is the Executive Director of the Cyber Project at Harvard Kennedy School’s Belfer Center. She comes to this role as a 2019 graduate of the Kennedy School's mid-career MPA program.
Lauren served as an intelligence officer in the United States Air Force at the beginning of her career. Later, as a civilian intelligence analyst with the National Geospatial Intelligence Agency (NGA) assigned to the Office of Counterterrorism, she completed three war zone deployments. Throughout her six years at NGA, she became a subject matter expert on Activity Based Intelligence (ABI) and served as an adjunct professor in ABI at the NGA college.
After leaving NGA, she joined the cybersecurity threat intelligence startup Recorded Future, and was instrumental in building its Public Sector business practice. In her role as a Senior Intelligence Analyst, she fused intelligence methodologies with cybersecurity and machine learning technologies to help public and private sector customers improve their cyber posture. She also managed a team of analysts and worked alongside the Product Management and Training teams to improve her customers' experience with the software.
A Gold Star Sister, Lauren is committed to supporting families of the fallen and has volunteered several times as a mentor with the Tragedy Assistance Program for Survivors (TAPS). She also co-founded the Recorded Future Women's Mentorship Initiative, helped to start a women's initiative at NGA, is a member of the NatSecGirlSquad, and is the co-founder of the online social media movement called #ShareTheMicInCyber, which aims to dismantle racism and sexism in cybersecurity and privacy.
Twitter: @lzxdc
Description:
The recent ransomware and cyber espionage campaigns prove that a fundamental redesign of our domestic cyber defensive posture is both necessary and urgent to protect against future cyber threats. As such, we believe the time is now to develop an integrated, networked approach to collaborative defense and intelligence analysis and sharing between the federal government, state and local governments, and the private sector. My team of student researchers and I conducted several interviews with stakeholders in both the state and federal governments and the private sector and poured over existing literature. We've created a roadmap toward this vision, answering how a 21st century threat can be tackled by the tools available in its own time. We don't purport to have all the answers, but we would be interested in feedback from the community on the feasiblity and desirability of these ideas.
ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.
YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw
#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485
Return to Index - Add to
- ics Calendar file
CON - Saturday - 17:00-17:59 PDT
Title: Trace Labs OSINT Search Party CTF - Award Ceremony
When: Saturday, Aug 7, 17:00 - 17:59 PDT
Where: See Description
Description:
For more information, see https://forum.defcon.org/node/236424
Return to Index - Add to
- ics Calendar file
CON - Saturday - 09:00-09:59 PDT
Title: Trace Labs OSINT Search Party CTF - Briefing
When: Saturday, Aug 7, 09:00 - 09:59 PDT
Where: See Description
Description:
For more information, see https://forum.defcon.org/node/236424
Return to Index - Add to
- ics Calendar file
CON - Saturday - 10:00-15:59 PDT
Title: Trace Labs OSINT Search Party CTF
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: See Description
Description:
For more information, see https://forum.defcon.org/node/236424
Return to Index - Add to
- ics Calendar file
DL - Saturday - 12:00-13:50 PDT
Title: Tracee
When: Saturday, Aug 7, 12:00 - 13:50 PDT
Where: DemoLab Video Channel 1
SpeakerBio:Yaniv Agman
Yaniv Agman is a Security Researcher at Aqua Security. He specializes in low-level Linux instrumentation technologies to perform dynamic analysis on Linux containers and systems. He is currently completing his Master's thesis in cyber security at BGU on detecting Android malware with eBPF technology. While not in front of a computer screen, he likes watching Sci-Fi movies and playing with his kids.
Description:
Tool or Project Name: Tracee
Short Abstract:
Linux Runtime Security and Forensics using eBPF
Short Developer Bio:
Yaniv Agman is a Security Researcher at Aqua Security. He specializes in low-level Linux instrumentation technologies to perform dynamic analysis on Linux containers and systems. He is currently completing his Master's thesis in cyber security at BGU on detecting Android malware with eBPF technology. While not in front of a computer screen, he likes watching Sci-Fi movies and playing with his kids.
Roi is a Security Researcher at Aqua Security. His work focuses on researching threats in the cloud native world. When not at work, Roi is a B.A. student in Computer Science at the Open University. He also enjoys going out into nature and spending time with family and friends.
URL to any additional information:
https://aquasecurity.github.io/tracee/dev
Detailed Explanation of Tool:
Tracee is a Runtime Security and forensics tool for Linux.
It is using Linux eBPF technology to trace your system and applications at runtime, analyze collected events to detect suspicious behavioral patterns, and capture forensics artifacts.
It is delivered as a Docker image that monitors the OS and detects suspicious behavior based on a predefined set of behavioral patterns.
Here is a more detailed information about the tool:
Tracee is a runtime security and forensics tool for Linux. It is composed of tracee-ebpf, which collects OS events based on some given filters, and tracee-rules, which is the runtime security detection engine.
Tracee-ebpf is capable of tracing all processes in the system or a group of processes according to some given filters (these are: newly created processes, processes in a container, uid, command name, pid, tid, mount namespace id, process namespace id, uts name).
The user can select the set of events to trace, and also filter by their arguments.
The events which can be traced include the following:
System calls and their arguments
LSM hooks (e.g. security_file_open, security_bprm_check, cap_capable)
Internal kernel functions: (e.g. vfs_write and commit_creds)
Special events and alerts (magic_write and mem_prot_alert)
Other than tracing, Tracee-ebpf is also capable of capturing files written to disk or memory (e.g. "fileless" malwares), and extracting binaries that are dynamically loaded to an application's memory (e.g. when a malware uses a packer). Using these capabilities, it is possible to automatically collect forensic artifacts for later investigation. For more detailed information about these capabilities, see: https://blog.aquasec.com/ebpf-contai...ware-detection
Tracee-Rules, is a rule engine that helps you detect suspicious behavioral patterns in streams of events. It is primarily made to leverage events collected with Tracee-eBPF into a Runtime Security solution. Tracee supports authoring rules in Golang or in Rego.
Following are some of the currently available rules:
Code injection - Possible code injection into another process
Dynamic Code Loading - Writing to executable allocated memory region
Fileless Execution - Executing a process from memory, without a file in the disk
Supporting Files, Code, etc:
https://github.com/aquasecurity/tracee
Target Audience: Defense
We believe Tracee is a valuable tool for anyone who want to perform runtime protection on Linux systems.
In the demo we will introduce the tool, and see how it helped us to find real threats and other possible uses.
This content will be presented on a Discord video channel.
#dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 11:00-12:30 PDT
Title: Tricks for the Triage of Adversarial Software
When: Saturday, Aug 7, 11:00 - 12:30 PDT
Where: Blue Team Village - Workshop Track 1 (Virtual)
Speakers:Dylan Barker,Quinten Bowen
SpeakerBio:Dylan Barker
Dylan Barker is a technology professional with 10 years' experience in the information security space, in industries ranging from K12 and telecom to financial services. He has held many distinct roles, from security infrastructure engineering to vulnerability management. In the past, he has spoken at BSides events and has written articles for CrowdStrike, where he is currently employed as a senior analyst.
Twitter: @HBRH_314
SpeakerBio:Quinten Bowen
Quinten Bowen is an Information Security Professional who works as a Senior Analyst at CrowdStrike. Additionally, Quinten has expertise in malware analysis, penetration testing, threat hunting, and incident response in enterprise environments, holding relevant certifications such as GREM, OSCP, eCPPT, and eCMAP. Quinten spends his off-time volunteering for the Collegiate Cyber Defense Competition (CCDC), mentoring, and can be found around a table playing D&D.
Description:
A malware analysis and triage workshop covering quick static and dynamic analysis techniques along with common adversarial obfuscation techniques. Followed by a short malware analysis tournament challenge with gift-card prizes.
The workshop will cover techniques outlined in Malware Analysis Techniques (Published by Packt), written and delivered by myself, Dylan Barker, and the Technical Reviewer Quinten Bowen.
We'll examine ways to de-obfuscate common malicious scripts and droppers utilized in real-world attacks by threat actors such as those responsible for DarkSide ransomware and Emotet Banking Trojan threats.
Also covered will be ascertaining the capabilities and instruction flow of malware within NSA's Ghidra framework, crafting IOCs based on PE characteristics, and advanced dynamic analysis techniques including utilizing tools such as Inetsim, ProcDot, and manually unpacking malicious samples using debuggers to closely examine them without obfuscation.
The second half of the workshop will revolve around utilizing these techniques to answer questions, which will be scored on time and accuracy utilizing a CTF framework.
Return to Index - Add to
- ics Calendar file
CCV - Saturday - 15:00-15:15 PDT
Title: Triptych
When: Saturday, Aug 7, 15:00 - 15:15 PDT
Where: Cryptocurrency Village (Onsite - Paris Champagne Ballroom 1)
SpeakerBio:Sarang Noether, Ph.D.
Sarang Noether is a researcher who focuses on privacy-preserving cryptographic constructions and protocols.
Description:
Triptych is a zero-knowledge proving system that can be used as part of a privacy-preserving transaction model. In this talk, we'll walk through the research and development process that led to an ongoing implementation of Triptych compatible with the Monero protocol, and provide insight into some of the tradeoffs and complexities that come with protocol updates. No particular background is required to understand this talk!
The Cryptocurrency Village is built around conversations and events, not formal talks. Stop by any time to speak with knowledgeable individuals! This village focuses on the security and privacy side of cryptocurrencies, not the investment side.
The Cryptocurrency Village is conveniently located in Paris Champagne Ballroom 1.
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 14:30-14:55 PDT
Title: True Story: Hackers in the Aerospace Sector
When: Saturday, Aug 7, 14:30 - 14:55 PDT
Where: Aerospace Village (Virtual Talk)
Speakers:Declyn S.,Ginny Spicer,Olivia Stella,Steve Luczynski,Thomas Bristow
SpeakerBio:Declyn S.
Declyn is a cybersecurity specialist for the Aviation ISAC. He taught himself basic security principles and after finding aviation related vulnerabilities and reported them to the A-ISAC. He now works in the intel team at the A-ISAC specialising in threat intelligence and vulnerability disclosure management.
SpeakerBio:Ginny Spicer
Ginny Spicer is a master’s student studying information security at Royal Holloway University of London. She is a packet nerd and likes to focus on network analysis, Wireshark, new protocols, and interplanetary communications. Ginny is a member of the technical documentation working group in the Interplanetary Networking SIG and an advisor for the California Cyber Innovation Challenge. Her particular areas of interest are DTN and encrypted DNS. This is her second year helping out with the DEF CON Aerospace Village.
SpeakerBio:Olivia Stella
Olivia Stella is a cybersecurity engineer for Los Alamos National Laboratory. In her current role, she focuses on agile space cybersecurity. With over twelve years of experience, she’s worked for multiple companies in the aerospace industry including an in-flight entertainment company, major US airline, and government contractors. Olivia has supported incident response, vulnerability management, pen testing, bug bounty & coordinated disclosure, risk & compliance activities. Her academic background includes degrees in computer science and software engineering, along with an alphabet soup of security certifications. When she’s not wearing her security hat, she loves to curl and is an avid toastmaster. (That’s right, ice curling.)
SpeakerBio:Steve Luczynski
No BIO available
SpeakerBio:Thomas Bristow
Thomas Bristow is a Cyber Security Certification Specialist for the UK Civil Aviation Authority where he works on a whole range of things, from cyber threat modeling to running the CyberFirst summer placement scheme. He’s a recent graduate from Royal Holloway with a degree in computer science and two back to back wins of society of the year. While his role is in cyber security he always tries to help others: whether this is educating colleagues on the LGBTQIA+ flags (and their meanings), performing careers talks at schools or just helping to make their team wiki easy to use.
Description:
What’s it like to be a hacker working in government, for an airline, or pursuing a degree?
When you read that question did you think, ew, why would I ever do that?! Or did you think, wow, that sounds great tell me more!
This isn’t your typical workforce talk!
Join a diverse panel of folks working in the aerospace sector who are just like you! Learn how they got into their roles, why they chose to work there, what motivates them, and how they gained their skills and experience.
This talk will be streamed on YouTube: https://www.youtube.com/watch?v=ngoYRudoJqA
Aerospace Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/c/AerospaceVillage
Return to Index - Add to
- ics Calendar file
BCV - Saturday - 11:30-11:59 PDT
Title: Tryptich Talk
When: Saturday, Aug 7, 11:30 - 11:59 PDT
Where: Blockchain Village / Paris Vendome B
SpeakerBio:Sarang Noether, Ph.D.
Sarang Noether is a researcher who focuses on privacy-preserving cryptographic constructions and protocols.
Description:No Description available
This content will be presented live and in-person.
Return to Index - Add to
- ics Calendar file
RGV - Saturday - 12:00-12:59 PDT
Title: Twitter Q&A regarding Top 10 BOGUS Biometrics!
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Rogues Village (Virtual)
SpeakerBio:Vic Harkness
Vic is a Security Consultant at F-Secure Consulting who can commonly be found talking about something weird. She has previously spoken at conferences about defeating facial recognition systems, ATM malware, and future attacks on connected/autonomous vehicles. She holds a Bachelor's degree in Robotics & Artificial Intelligence and a Master's degree in Cyber Security, which she believes qualifies her to talk about a range of completely unrelated topics.
Twitter: @VicHarkness
https://vicharkness.co.uk/
Description:
The talk can be found on our our Twitch channel (https://www.twitch.tv/roguesvillage) after 10am, Friday August 6. Post questions you have for her about her talk on Twitter with the hashtag #BogusBio and tag her (@VicHarkness) or us (@RoguesVillage). Starting at 12pm PDT she will post replies and answers to your questions, as well as additional fun facts and details that didn’t make it into the talk.
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 10:00-18:30 PDT
Title: UART to UBOOT to ROOT
When: Saturday, Aug 7, 10:00 - 18:30 PDT
Where: IoT Village (Onsite)
Description:
For more information, see https://www.iotvillage.org/defcon.html
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 15:45-16:45 PDT
Title: Uncomfortable Networking
When: Saturday, Aug 7, 15:45 - 16:45 PDT
Where: Blue Team Village - Main Track (Virtual)
SpeakerBio:Charles Rumford
Charles is currently a network engineer with Deft. He has a background in network engineering, programming, information security, usability, and linux systems administration. He likes to ensure things are secure, usable, and users are informed.
Twitter: @TallWireless
Description:
There is so much networking architecture we do in the name of security which ultimately just gets in the way of so many thing. Learn about things to simplify your network design and reduce your management overhead while maintaining or increasing your security posture.
When it comes to security, networking can be your first line of defense, but it shouldn't be your only, and it shouldn't add complexity and management overhead to your system. There are ways to keep the network design simple while also keeping resources secure.
Come and hear from a security and usability focused network engineer about the things we do to our network architectures and design in the name of security but ultimately create large amounts of complexity, management overhead, and the need to redesign constantly.
Blue Team Village talks will be streamed to Twitch.
--
Twitch: https://twitch.tv/blueteamvillage
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 10:00-12:59 PDT
Title: Understanding Space in the Cyber Domain
When: Saturday, Aug 7, 10:00 - 12:59 PDT
Where: Aerospace Village (Virtual Workshop)
Description:
This half-day course examines the practical issues of developing and sustaining a secure cyber environment through all phases of the space mission lifecycle. The course is organized around the SPAce Domain Cybersecurity (SpaDoCs) Framework. The SpaDoCs Framework provides a comprehensive and systematic model for understanding and tackling all critical issues of cybersecurity in the space domain. An examination of the Key objectives— confidentiality, integrity, availability—provides the foundation for the course. From there, the space domain is examined layer by layer starting from the enterprise layer, then drilling down through mission, system and DevSecOps layers. Threats and vulnerabilities at each layer are highlighted. Finally, first principles of cybersecurity are discussed (domain separation, process isolation, etc.) as well as key enablers (vision, strategy, etc.) to help frame plans for action to address the cybersecurity issues exposed by this course. Course exercises center around practical application of the material to real-world space mission scenarios.
Return to Index - Add to
- ics Calendar file
DC - Saturday - 11:00-11:45 PDT
Title: UPnProxyPot: fake the funk, become a blackhat proxy, MITM their TLS, and scrape the wire
When: Saturday, Aug 7, 11:00 - 11:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
SpeakerBio:Chad Seaman
Chad is the SIRT team lead @ Akamai Technologies. He spends his time being an internet dumpster diver and emerging threats researcher focusing on DDoS, malware, botnets, and digital hooliganism in general.
https://www.linkedin.com/in/that-chad-seaman/
Description:
UPnP sucks, everybody knows it, especially blackhat proxy operators. UPnProxyPot was developed to MITM these operators to see what they're doing with their IoT proxy networks and campaigns. We'll cover SSDP, UPnP, UPnProxy research/campaigns as well as cover a new Golang based honeypot, so we can all snoop on them together!
- REFERENCES
- http://www.upnp-hacks.org (OG disclosure)
https://www.youtube.com/watch?v=FU6qX0-GHRU (DEF CON 19 talk I attended)
https://www.akamai.com/us/en/multimedia/documents/white-paper/upnproxy-blackhat-proxies-via-nat-injections-white-paper.pdf (my initial UPnProxy research)
https://blogs.akamai.com/sitr/2018/11/upnproxy-eternalsilence.html (additional UPnProxy campaign researcher, also mine)
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=mHCGNUsrTf0
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Chad%20Seaman%20-%20UPnProxyPot%20-%20fake%20the%20funk%2C%20become%20a%20blackhat%20proxy%2C%20MITM%20their%20TLS%2C%20and%20scrape%20the%20wire.mp4
This talk will be given live in Track 2.
This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_two
Return to Index - Add to
- ics Calendar file
HTSV - Saturday - 15:00-15:55 PDT
Title: US Coast Guard 2021 Cyber Strategic Outlook
When: Saturday, Aug 7, 15:00 - 15:55 PDT
Where: Hack the Sea (Virtual)
SpeakerBio:Michael Chien
, CDR, USCG Cyber
No BIO available
Description:No Description available
Hack the Sea Village will stream their events to YouTube and Twitch.
Twitch: https://www.twitch.tv/h4ckthesea
YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ
Return to Index - Add to
- ics Calendar file
DL - Saturday - 12:00-13:50 PDT
Title: USBSamurai
When: Saturday, Aug 7, 12:00 - 13:50 PDT
Where: DemoLab Video Channel 2
SpeakerBio:Luca Bongiorni
Luca Bongiorni is working as Head of Offensive Security. He is also actively involved in InfoSec where his main fields of research are: Radio Networks, Reverse Engineering, Hardware Hacking, Internet of Things, and Physical Security. He also loves to share his knowledge and present some cool projects at security conferences around the globe.
Description:
Tool or Project Name: USBsamurai
Short Abstract:
During this talk, after a bit of history of hardware implants, will be presented a new hacking device: USBsamurai. A remotely-controlled USB HID injecting cable that costs less than 10 EUR to produce from off-the-shelf components (a cable and a USB radio transceiver) that can be used to compromise targets remotely (i.e. over a 2.4GHz undetectable protocol) in the stealthiest way ever seen & also bypass Air-Gapped Environments like a boss!
Extended Version:
During the last years, hardware implants have become a popular attack vector in air-gapped environments such as industrial networks: Stuxnet (2010), Operation Copperfield (2017), and the recent ransomware attack that has led to a shutdown in a US natural gas facility are only some notable cases. In parallel, in an effort to raise the bar of red-teaming operations, security researchers have been designing and releasing powerful open-source devices with the intent to make Red-Teaming operations even more interesting and disruptive. Smoothing the path to new TTPs and improving old ones. As a result, hardware implants should always be included in the threat modeling of an industrial facility.
During this talk, after a bit of history of hardware implants, will be presented a new hacking device: USBsamurai. A remotely-controlled USB HID injecting cable that costs less than 10 EUR to produce from off-the-shelf components (a cable and a USB radio transceiver) that can be used to compromise targets remotely (i.e. over a 2.4GHz undetectable protocol) in the stealthiest way ever seen & also bypass Air-Gapped Environments like a boss!
This presentation will be quite technical, tailored for an ICS security audience. Come to this talk to start preparing for the next wave of attacks that can pass undetected by most of the existing security solutions available on the market.
Finally, I'll conclude the talk with practical, actionable countermeasures to prevent and detect HID attacks, and conclude by explaining how to approach a forensics analysis in presence of USB implants.
Short Developer Bio:
Luca Bongiorni is working as Head of Offensive Security. He is also actively involved in InfoSec where his main fields of research are: Radio Networks, Reverse Engineering, Hardware Hacking, Internet of Things, and Physical Security. He also loves to share his knowledge and present some cool projects at security conferences around the globe.
URL to any additional information:
https://medium.com/@LucaBongiorni/us...0-ebf4b81e1d0b
Detailed Explanation of Tool:
USBsamurai is a DIY hardware implant disguised as USB cable that allows to remotely inject over an undetectable RF channel an agent in memory that allows a remote threat actor to get a realtime shell over a target that can also be air-gapped. In practice a nightmare for any BlueTeam out there. Have you ever seen an USB cable that can bypass an air-gapped system and return a live remote-shell over an undetectable RF channel?
https://www.youtube.com/watch?v=2BAzD27k_Gk (Please keep it confidential because the link is unlisted)
Supporting Files, Code, etc:
https://medium.com/@LucaBongiorni/us...s-4bd47abf8f87
Target Audience:
Offense, Hardware, ICS
Create awareness on Hardware Implants. The real ones. Not the grain of rice from Bloomberg's article. ;]
During the years I have tested multiple DLP solutions out there claiming to sanitize and protect assets from USB-related threats. Surprisingly, most of the time vendors kinda lie (or... saying in a more polite way... they forget about HID class of devices).
Security Officers MUST understand that hardware implants exist and they don't cost anymore like 10,000 $USD like NSA's TAO FIREWALK implant!
Finally, in pure DEF CON style, sharing how to create an offensive hardware implant out of a 10$ USB dongle from a commercial mouse, it is always a good way to spread knowledge among fellow hackers. :)
This content will be presented on a Discord video channel.
#dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988
Return to Index - Add to
- ics Calendar file
HHV - Saturday - 09:30-10:30 PDT
Title: Use a PortaProg to flash, dump, and test ISP and UPDI chips
When: Saturday, Aug 7, 09:30 - 10:30 PDT
Where: Hardware Hacking Village (Virtual Talk)
Speakers:Bradán Lane,Sara Cladlow
SpeakerBio:Bradán Lane
Bradán Lane is a UX Design and User Researcher who had his own ““Alice’s Adventures in Wonderland”” experience when he discovered badge making. While he has made a number of fun blinky beepy ornaments and badges, his found his passion with the 2020 eChallengeCoin - an interactive and text story challenge puzzle. To help with his development, he created the PortableISP. The 2021 eChallengeCoin required a new chip which precipitated the creation of the PortaProg which serves as both his development tool an his production and test device.
Website: https://aosc.cc
https://gitlab.com/bradanlane
https://aosc.cc/blinks
Twitter: @bradanlane
SpeakerBio:Sara Cladlow
No BIO available
Description:
What is a PortaProg and why would I use it? You can use the PortaProg for flashing firmware to a wide range of Atmel chips using the ISP or UPDI interfaces. It can also read/write FUSES, and access EEPROM. It can flash a chip interactively during development or from its on-board SPIFFS storage at the bench or in the field. The talk will demonstrate it being used for rapid programming of ATTiny badges, performing an update to an ATMega device in the field, and dumping the firmware from an Ardiuno based device without a computer. You will also see how the PortProg has spawned a 3D printed plug-and-play test jig design …. or just attend to see if the demos crash and burn.
#hhv-talk-qa-use-a-portaprog-text https://discord.com/channels/708208267699945503/739571364821729310
Twitch: https://twitch.tv/dchhv
Hardware Hacking Village talks will be streamed to Twitch.
Twitch: https://www.twitch.tv/dchhv
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 10:15-11:15 PDT
Title: Use DNS to detect your domains are abused for phishing
When: Saturday, Aug 7, 10:15 - 11:15 PDT
Where: Blue Team Village - Main Track (Virtual)
Speakers:Karl Lovink a.k.a. Cyb0rg42,Arnold Holzel
SpeakerBio:Karl Lovink a.k.a. Cyb0rg42
Jarl is the Technical Lead of the Security Operations Center of the Dutch Tax and Customs Administration. He must ensure that the security analysts of the SOC can do their job well in the technical field. Besides, he is responsible, among other things, for strengthening the network of governments and companies, so that the right information is quickly available in the event of threats and incidents. Karl obtained the title Master of Security in Information Technology (MSIT) at Eindhoven University of Technology. He loves biohacking technology and has seven RFID / NFC chips implanted in his body, including a credit card.
Twitter: @cyb0rg42
SpeakerBio:Arnold Holzel
No BIO available
Description:
As a high-profile public-sector organization, the Dutch Tax and Customs Administration deals with criminals claiming to be representatives of the organization and contacting the public with phishing e-mails every day. By using Splunk and RFC’s like, RFC7208 – Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, we have developed a technique to identify phishing attacks that are carried out under the disguise of the Dutch Tax and Customs Administration.
We start with a short introduction to protocols available to secure e-mail. Securing e-mail means making it more difficult to intercept e-mails in transport and perform phishing attacks. After that, we present some real-life phishing examples pointing to how finding the phishers would have been much easier. The same applies to the Notice and Take Downs for the phishing sites. We continue by introducing the secure e-mail standards like STARTTLS, Sender Policy Framework (SPF), Domain Identified Keys (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC), SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE), SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) on which the technique detecting phishing attacks is based on. Here we present how all secure e-mail protocols work together to be able to monitor e-mail traffic for potential phishing attacks. You can get information about the senders' e-mail address, sender’s MTA and the recipient’s MTA. Both the receiving and the sending MTAs are not located within your infrastructure. Passive DNS intelligence and Shodan are used for the enrichment of the IP addresses. We have implemented these techniques in Splunk, including various dashboards, searches, and lookups. But the implementation can be done in either which log management system, for instance, ElasticSearch. Also, a wizard has been created to facilitate the generation of the TXT records for your DNS zone file. The implementation we have created in Splunk is downloadable from GitHub for free. The Splunk App contains all necessary dashboards, searches, lookups to get a quick start. Also, a wizard is included to create the DNS TXT records, which can be complicated. In principle, an e-mail track-and-trace system has been built using Splunk and DNS logs.
Blue Team Village talks will be streamed to Twitch.
--
Twitch: https://twitch.tv/blueteamvillage
Return to Index - Add to
- ics Calendar file
CLV - Saturday - 12:15-12:45 PDT
Title: Using Barq to perform AWS Post-Exploitation Actions
When: Saturday, Aug 7, 12:15 - 12:45 PDT
Where: Cloud Village (Virtual)
SpeakerBio:Mohammed Aldoub
Mohammed Aldoub is an independent security consultant and Blackhat Trainer from Kuwait, who, in his 11 years of experience, worked on creating Kuwait's national infrastructure for PKI, cryptography, smartcards and authentication. Mohammed delivers security trainings, workshops and talks in the Netherlands, USA, Sweden, London, Czech Republic, Singapore, Dubai, Lebanon, Riyadh, Kuwait, in events like Blackhat (USA,EU) Infosec in the City, OPCDE, SEC-T and others. Mohammed is focusing now on APIs, secure devops, modern appsec, cloud-native security, applied cryptography, security architecture and microservices. He is the author of "barq", the AWS post exploitation attack framework, which you can find at: https://github.com/Voulnet/barq and he's also the author of Desharialize, which you can find at: https://github.com/Voulnet/desharialize Mohammed is deeply interested in malware, especially those used by state actors in the Middle East zone, where he volunteered as OWASP Kuwait's chapter leader.
Twitter: @Voulnet
https://github.com/voulnet
Description:
barq is a post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure. It allows you to attack running EC2 instances without having the original instance SSH keypairs. It also allows you to perform enumeration and extraction of stored Secrets and Parameters in AWS.
Cloud Village activities will be streamed to YouTube.
YouTube: https://www.youtube.com/cloudvillage_dc
Return to Index - Add to
- ics Calendar file
SEV - Saturday - 12:30-13:30 PDT
Title: Using SE to create insider threats and win all the things
When: Saturday, Aug 7, 12:30 - 13:30 PDT
Where: Social Engineer Village (Virtual)
SpeakerBio:Lisa Forte
Lisa Forte is a European social engineering and insider threat expert. She runs cyber crisis simulations for large companies to help them prepare for attacks of all types. She actually started her security career stopping pirates off the coast of Somalia.
Lisa a passionate about two things: tech for good and that pineapple on pizza should be banned by the United Nations.
She is a proud Italian/ Brit and has won numerous awards for her contributions in tech. Little known fact she actually once auditioned for Cirque Du Soleil.
When she is not working you can usually find her exploring abandoned mines or hanging off the side of a cliff somewhere.
Description:
We talk a lot about that “quick and dirty” social engineering but there is a much scarier, longer term attack that yields far more damage. Instead of that persuasive email or that one hugely urgent phone call these attacks are aimed at turning your key staff from loyal employees into insider threats- Without your knowledge and even without theirs.
How can loyal, hard working staff be convinced to acquire and exfiltrate sensitive commercial data? It all starts with a friend request.
Social Engineer Village will stream content to Twitch.
Twitch: https://www.twitch.tv/socialengineerllc
Return to Index - Add to
- ics Calendar file
ASV - Saturday - 09:30-10:50 PDT
Title: VDP in aviation: Experiences and lessons learnt as a researcher
When: Saturday, Aug 7, 09:30 - 10:50 PDT
Where: Aerospace Village (Virtual Talk)
SpeakerBio:Matt Gaffney
Following his career in the British Army, Matt has been working with clients in various industries. However, his best years were spent working in aviation, specifically systems found in the Aircraft Information Systems Domain. More recently he has turned his attention to security in UAS.
Description:
Following a Vulnerability Disclosure to an aircraft manufacturer in 2019 little did Gaffers know that he was about to start on a journey in to a world where vulnerabilities are considered features and unless you can argue a safety impact you are not taken seriously. Without divulging the details, this talk will discuss the steps taken, what worked, what failed and some advice for anyone else who finds themselves in a similar situation.
This talk will be streamed on YouTube: https://www.youtube.com/watch?v=q5E_y8jLTv8
Aerospace Village talks will be streamed to YouTube.
YouTube: https://www.youtube.com/c/AerospaceVillage
Return to Index - Add to
- ics Calendar file
SOC - Saturday - 21:00-01:59 PDT
Title: Vetcon Meetup (Hybrid)
When: Saturday, Aug 7, 21:00 - 01:59 PDT
Where: Bally's Skyview 5
Description:
A large friendly gathering of Veterans AND Non-Veterans, to help those who are recent Veterans integrate within our INFOSEC community, to make them feel welcome, and that there are other Veterans and Veteran supporters who are here to help them further their infosec career. Both online and in-person.
Return to Index - Add to
- ics Calendar file
VMV - Saturday - 10:00-10:30 PDT
Title: Voting Village Keynote Remarks
When: Saturday, Aug 7, 10:00 - 10:30 PDT
Where: Voting Village (Talks - Virtual)
SpeakerBio:Thomas Hicks
Thomas Hicks was nominated by President Barack H. Obama and confirmed by unanimous consent of the United States Senate on December 16, 2014 to serve on the U.S. Election Assistance Commission (EAC). He has served as chairman of the commission for two terms.
Commissioner Hicks has focused his efforts on voter access. Under his leadership, the EAC developed a pocket-sized voter card that serves as a guide on voting rights for voters with disabilities. The card is provided in both Braille and large print. The EAC has worked with advocacy groups and election officials to distribute the card.
In addition, Mr. Hicks has addressed the difficulties overseas voters have when requesting and returning their ballots, such as dealing with foreign IP addresses and issues with timely ballot delivery. He worked with key states to set up a help desk. Now, overseas voters receive an email response directing them to the help desk to obtain their ballots.
He serves as the designated federal officer for the Board of Advisors.
Mr. Hicks is a frequent speaker at conferences in the United States and overseas on issues such as voter access and cybersecurity.
Prior to his appointment with EAC, Commissioner Hicks served as a senior elections counsel and minority elections counsel on the U.S. House of Representatives Committee on House Administration, a position he held from 2003 to 2014. In this role, Mr. Hicks was responsible for issues relating to campaign finance, election reform, contested elections and oversight of both the U.S. Election Assistance Commission and the Federal Election Commission. His primary responsibility was advising and providing guidance to the committee members and caucus on election issues. Mr. Hicks has talked with Americans in every state about their voting experiences. In addition, he has worked with state and local election officials across America to address critical election concerns.
Prior to joining the U.S. House of Representatives, Mr. Hicks served as a senior lobbyist and policy analyst from 2001 to 2003 for Common Cause, a nonpartisan, nonprofit organization that empowers citizens to make their voices heard in the political process and to hold their elected leaders accountable to the public interest. Mr. Hicks has enjoyed working with state and local election officials, civil rights organizations and all other stakeholders to improve the voting process.
Mr. Hicks served from 1993 to 2001 in the Clinton administration as a special assistant and legislative assistant in the Office of Congressional Relations for the Office of Personnel Management. He served as agency liaison to the United State Congress and the president’s administration on matters regarding federal personnel policies and regulations.
Mr. Hicks received his J.D. from the Catholic University of America, Columbus School of Law and his B.A. in Government from Clark University (Worcester, MA). He also studied at the University of London (London, England) and law at the University of Adelaide (Adelaide, Australia).
Description:No Description available
Voting Village talks will be streamed to YouTube and Twitch.
Twitch: https://www.twitch.tv/votingvillagedc
YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg
Return to Index - Add to
- ics Calendar file
DC - Saturday - 18:00-18:59 PDT
Title: Vulnerability Exchange: One Domain Account For More Than Exchange Server RCE
When: Saturday, Aug 7, 18:00 - 18:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
SpeakerBio:Tianze Ding
Tianze Ding is a senior security researcher at Tencent Security Xuanwu Lab. His research focuses on web security, active directory security and red teaming. He reported some vulnerabilities to Microsoft, Apple, Google, etc. He has spoken at BlackHat Asia.
Twitter: @D1iv3
Description:
Microsoft Exchange Server is one of the most famous mail servers in the world. It not only stores a large amount of sensitive corporate information, but also plays an important role in Microsoft Active Directory, so it has become a high-value target for both APT groups and red teams.
In the past few months, some high-risk vulnerabilities in Exchange Server have been exposed, which mainly target vulnerable ASP.NET code. But the architecture of Exchange Server is complicated, and its attack surface is not limited to ASP.NET, this talk will analyze and attack Exchange Server from a different perspective.
I will share the following two new vulnerabilities I found, as well as the new attack surfaces and how I chained several techniques to successfully exploit them in detail.
- One of them can result in arbitrary mailbox takeover, attackers can read emails, download attachments, send emails, etc. as any Exchange user.
- The other can lead to remote code execution on Exchange Server, attackers can gain local administrator privileges and execute arbitrary commands. Furthermore, there is an interesting point, even if you have applied the latest Exchange Server patches, your Exchange Server may still be compromised by this type of attack.
For red teams, Exchange Server RCE is only the beginning. Usually, there are some high-privileged domain users and groups on Exchange Server, I will also introduce a new method in depth to help you perform lateral movement and even privilege escalation to Domain Admin after achieving Exchange Server RCE.
These vulnerabilities have been reported to MSRC and the exploit tools will be released after the talk.
- References
- [1] https://www.zerodayinitiative.com/blog/2018/12/19/an-insincere-form-of-flattery-impersonating-users-on-microsoft-exchange
[2] https://www.slideshare.net/harmj0y/derbycon-the-unintended-risks-of-trusting-active-directory
[3] https://docs.microsoft.com/en-us/exchange/client-developer/web-service-reference/ews-operations-in-exchange
[4] https://github.com/quickbreach/ExchangeRelayX
[5] https://blog.compass-security.com/2020/05/relaying-ntlm-authentication-over-rpc/
[6] https://www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/
[7] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/425a7c53-c33a-4868-8e5b-2a850d40dc73
[8] https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
[9] https://github.com/SecureAuthCorp/impacket
[10] https://github.com/gdedrouas/Exchange-AD-Privesc
[11] https://labs.f-secure.com/tools/sharpgpoabuse/
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=7h38rI8KT30
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Tianze%20Ding%20-%20Vulnerability%20Exchange%20-%20One%20Domain%20Account%20For%20More%20Than%20Exchange%20Server%20RCE.mp4
This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_three
Return to Index - Add to
- ics Calendar file
HHV - Saturday - 11:00-11:59 PDT
Title: Walkthrough of DC 28 HHV Challenges
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: Hardware Hacking Village (Virtual Talk)
SpeakerBio:rehr
Rehr is an electrical engineering, and long-time Hardware Hacking Village volunteer. He enjoys teaching and creating challenges that help grow and challenge the hardware hacking community.
Twitter: @mediumrehr
Description:
Last year we (the HHV) released a series of hardware hacking challenges for DEF CON attendees to solve during the conference (and after). Many attempted the challenges, but only a few (3) solved all 5! Join us as we will walk through how to solve all 5 of the DC 28 HHV challenges, and attempt to demystify the world of hardware hacking. We may even drop a hint or two for this years’ challenges.
#hhv-challenge-text https://discord.com/channels/708208267699945503/739567199647301702
Twitch: https://twitch.tv/dchhv
Hardware Hacking Village talks will be streamed to Twitch.
Twitch: https://www.twitch.tv/dchhv
Return to Index - Add to
- ics Calendar file
BCV - Saturday - 10:00-10:15 PDT
Title: Welcome Note
When: Saturday, Aug 7, 10:00 - 10:15 PDT
Where: Blockchain Village / Paris Vendome B
Speakers:Nathan,Ron Stoner
SpeakerBio:Nathan
No BIO available
SpeakerBio:Ron Stoner
No BIO available
Description:No Description available
This content will be presented live and in-person.
Return to Index - Add to
- ics Calendar file
AIV - Saturday - 09:00-09:30 PDT
Title: Welcome to AI Village
When: Saturday, Aug 7, 09:00 - 09:30 PDT
Where: AI Village (Virtual)
SpeakerBio:AI Village Organizers
No BIO available
Description:No Description available
AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.
Speakers will be made available on DEF CON's Discord, in #aiv-general-text.
Twitch: https://www.twitch.tv/aivillage
YouTube: https://www.youtube.com/c/aivillage
#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536
Return to Index - Add to
- ics Calendar file
CCV - Saturday - 10:00-10:15 PDT
Title: What Is Zero Knowledge
When: Saturday, Aug 7, 10:00 - 10:15 PDT
Where: Cryptocurrency Village (Onsite - Paris Champagne Ballroom 1)
SpeakerBio:Sarang Noether, Ph.D.
Sarang Noether is a researcher who focuses on privacy-preserving cryptographic constructions and protocols.
Description:
Lightning overview of the basics of zero knowledge proofs and transaction protocols, and how they relate (or don't) to each other. A Q&A session will follow.
The Cryptocurrency Village is built around conversations and events, not formal talks. Stop by any time to speak with knowledgeable individuals! This village focuses on the security and privacy side of cryptocurrencies, not the investment side.
The Cryptocurrency Village is conveniently located in Paris Champagne Ballroom 1.
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 11:30-11:59 PDT
Title: What Machine Learning Can and Can't Do for Security
When: Saturday, Aug 7, 11:30 - 11:59 PDT
Where: Blue Team Village - Main Track (Virtual)
SpeakerBio:Wendy Edwards
Wendy is a software developer interested in the intersection of cybersecurity and data science. She’s involved in the NASA Datanauts program and participated in the SANS Women’s Academy, earning GIAC GSEC, GCIH, and GCIA certifications. She has masters degrees in computer science and library and information science from the University of Illinois. She has spoken at Summercon, BSides Chicago, The Diana Initiative, Hackfest Canada, Circle City Con, and DEFCON Ethics Village. In her spare time, she enjoys Scrabble and swimming and has a lively flat-coated retriever named Ciaran.
Twitter: @wayward710
Description:
What can machine learning do for security? A number of things. One major challenge is determining what’s normal and what’s malicious. Machine learning can help with this. For example, ML techniques are used in spam filtering scan email. Machine learning is also being applied to other areas like network traffic monitoring and malware analysis and has potential to detect zero days exploits.
However, machine learning isn't magic. We discuss some of the limitations of machine learning, and how problems like false positives can be mitigated.
Most of us have heard vendors promoting products that use "machine learning." But what does that mean? This is a general introduction to machine learning concepts and a discussion of applications to security. We begin by talking about commonly used terminology – what are artificial intelligence, neural networks, machine learning, and deep learning? How do they work?
What can machine learning do for security? A number of things. One major challenge is determining what’s normal and what’s malicious. Machine learning can help with this. For example, ML techniques are used in spam filtering scan email. Large email providers, e.g., Google and Yahoo, have intelligent systems that can create new spam filtering rules based on automated learning.
Machine learning is also being applied to other areas like network traffic monitoring and malware analysis. Traditional network intrusion detection (NIDS) and malware identification involve rules and signatures, where behavior associated with known threats is identified. But what about new threats, such as zero-day exploits? Anomaly-based detection compares traffic to normal behavior, and has the potential to detect previously unknown attacks with no established signature. We present some examples of freely available machine learning software and walk through some simple use cases.
However, machine learning isn't magic, and it has its limitations. The quality of the training data significantly affects the quality of the results, and training data needs to be updated to reflect changes in relationships and new data points. False positives can consume a lot of analysts' time and lead to alert fatigue. We discuss some techniques, e.g. cross-domain correlation, to reduce the number of false positives.
What is "machine learning?" * Definition * How does it work? * What is a neural network? * Common machine learning terminology explained
* Supervised vs unsupervised learning * Different kinds of machine learning * Examples of machine learning and security
Classification problem * What’s normal? What’s malicious?
* Example: spam filtering
* Example: network traffic analysis * Traditional NIDS involves rules/signatures * Anomaly detection NIDS (ADNIDS) compares traffic to normal patterns
* Example: Behavior-based Malware Analysis * Common AV malware detection involves signatures (patterns related to known behavior) * What about zero-day exploits or malware that can morph?
Attack behaviors are different from normal behaviors * Unusual system calls * Writing stolen data to files, registry manipulation, etc * Unusual network traffic (e.g. command and control) * Destinations (lots of unexplained traffic to a particular destination) * Payloads (C&C traffic likely has similar structure) * Software currently using machine learning for security * Examples: spam filters, Splunk
Limitations of machine learning * Training data * False positives / alert fatigue * Mitigating false positives
Future directions in machine learning and security
Blue Team Village talks will be streamed to Twitch.
--
Twitch: https://twitch.tv/blueteamvillage
Return to Index - Add to
- ics Calendar file
APV - Saturday - 13:00-13:45 PDT
Title: When nothing goes right, push left. Designing logs for future breach investigations
When: Saturday, Aug 7, 13:00 - 13:45 PDT
Where: AppSec Village (Virtual)
SpeakerBio:Vee
No BIO available
Description:
If we do not have it we should build it.- If nothing goes right, push left.
TL;DR: Your logs should be simple, and structured, they should also contain enough information without disclosing sensitive data. Often accidental information disclosure within the logs can lead to future breaches. This talk focuses on the process of building logs taking into consideration the attack, the defense, and the investigation of breaches. Using the ideals from The Unicorn and The Phoenix project to develop the "Five Philosophies of Logging". This talk explores different aspects of logging pulling from years of experience of breach investigations and magic-wielding.
AppSec Village events will be streamed to YouTube.
YouTube: https://www.youtube.com/c/appsecvillage
Return to Index - Add to
- ics Calendar file
AIV - Saturday - 16:00-16:30 PDT
Title: Where We’re Going We Don’t Need Labels: Anomaly Detection for 2FA
When: Saturday, Aug 7, 16:00 - 16:30 PDT
Where: AI Village (Virtual)
Speakers:Rebecca Lynch,Stefano Meschiari
SpeakerBio:Rebecca Lynch
No BIO available
SpeakerBio:Stefano Meschiari
No BIO available
Description:No Description available
AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.
Speakers will be made available on DEF CON's Discord, in #aiv-general-text.
Twitch: https://www.twitch.tv/aivillage
YouTube: https://www.youtube.com/c/aivillage
#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536
Return to Index - Add to
- ics Calendar file
AIV - Saturday - 13:00-13:30 PDT
Title: Who's Afraid of Thomas Bayes?
When: Saturday, Aug 7, 13:00 - 13:30 PDT
Where: AI Village (Virtual)
SpeakerBio:Erick Galinkin
No BIO available
Description:No Description available
AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.
Speakers will be made available on DEF CON's Discord, in #aiv-general-text.
Twitch: https://www.twitch.tv/aivillage
YouTube: https://www.youtube.com/c/aivillage
#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536
Return to Index - Add to
- ics Calendar file
VMV - Saturday - 13:30-13:59 PDT
Title: Why Hacking Voters Is Easier Than Hacking Ballots
When: Saturday, Aug 7, 13:30 - 13:59 PDT
Where: Voting Village (Talks - Virtual)
SpeakerBio:Maurice Turner
Maurice Turner is the Cybersecurity Fellow at the Alliance for Securing Democracy (ASD) at the German Marshall Fund of the United States (GMF). Turner is a recognized public interest technologist and cybersecurity expert focused on developing strategies to secure critical infrastructure and deter cyber operation escalation. He has been regularly featured in national and international media including the Washington Post, Wall Street Journal, Bloomberg, Fox News, and Reuters. He has also provided testimony before the United States Congress, shared his insights with the European Union, and spoken at numerous security conferences. Turner most recently served as Senior Advisor to the Executive Director at the United States Election Assistance Commission (EAC) providing subject matter expertise in support of local, state, and federal partners to administer elections fairly and securely. Prior to that Turner was Deputy Director of the Internet Architecture project at the Center for Democracy & Technology (CDT) where he led the Election Security and Privacy Project, identifying and updating election cybersecurity practices and infrastructure through multi-sector partnerships. Turner also served as a TechCongress Congressional Innovation Fellow assigned to the U.S. Senate Homeland Security and Governmental Affairs Committee, where he shaped policy and oversaw the preparation of memos, briefings, and hearings on federal IT systems, cybersecurity threats, and cybersecurity regulations.
He holds an MA in Public Administration from the University of Southern California, an BA in Political Science from California State University Fullerton, and a Certificate in Cybersecurity Strategy from Georgetown University.
Description:
Vulnerabilities in US election infrastructure not only expose the nation’s elections to hybrid physical and network attacks, but its voters to influence campaigns designed to cast doubt in the process itself. Authoritarian regimes such as Russia, Iran, and China are capable of conducting both sophisticated disinformation operations and cyber campaigns, and using both methods can be a particularly effective strategy for disrupting an election. Despite significant attention and more (but insufficient) funding in recent years, the overall defensive posture of election infrastructure operators lags behind the offensive cyber capabilities of sophisticated adversaries and criminals.
Elections are not alone. Other critical infrastructure sectors have sustained major disruptions because of cyber attacks like ransomware. However, elections are unique in that a sizable segment of the American public views the electoral process suspiciously and is primed to believe any errors or inconsistencies presented that supports that belief. As a result, adversaries now have at least three distinct attack strategies at their disposal: quietly change enough actual ballots to alter the outcome of a contest, loudly manipulate a small number of ballots to provide “evidence” of a systemic failure to suspicious voters, or launch a pure perception hack through the dissemination of false information to convince voters of widespread fraud absent any evidence.
By analyzing state-backed government messaging across various information mediums using a tool called Hamilton, researchers can track narratives and topics promoted by Russian, Chinese, and Iranian government officials and state-funded media. These trends can help provide context and insights into publicly-available information of breaches, ransomware, or other related attacks against election infrastructure. Election officials and network defenders can work together to improve the resilience of the most important component of the electoral system: voters.
Voting Village talks will be streamed to YouTube and Twitch.
Twitch: https://www.twitch.tv/votingvillagedc
YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg
Return to Index - Add to
- ics Calendar file
DC - Saturday - 11:00-11:59 PDT
Title: Wibbly Wobbly, Timey Wimey – What's Really Inside Apple's U1 Chip
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
Speakers:Alexander Heinrich,jiska
SpeakerBio:Alexander Heinrich
Alexander is a security researcher at the Secure Mobile Networking Lab at the Technical University of Darmstadt. Before he joined the university as a researcher he gained a lot of experiences an an app developer on Apple operating systems starting with iOS 5. This deep understanding of the systems naturally resulted in a focus on those systems in his security research. He joined the Secure Mobile Networking Lab 2020 as a PhD student right after his Master Thesis on the security of Apple’s Handoff and Universal Clipboard features. After working with a team of skilled researchers on AirDrop and Apple’s Find My network his focus now shifted to the security and privacy of ultra-wideband and Apple U1 chip.
Twitter: @Sn0wfreeze
SpeakerBio:jiska
jiska breaks things.
Twitter: @naehrdine
Description:
Apple introduced an Ultra Wideband (UWB) chip in the iPhone 11. Its cryptographically secured spatial measurement capabilities are accessible via the Nearby Interaction framework since iOS 14. As of now, it only supports interaction with other Apple devices including the latest Apple Watch and HomePod mini. These are the first steps to support UWB in a larger ecosystem, as measuring precise distance and direction can be an enabler for various future applications. The automotive industry already announced UWB support for mobile car keys on the iPhone.
But what’s really inside Apple’s U1 chip, internally called Rose? In this talk, we will travel through time, space, firmware and kernel components—and fight daemons to modify firmware interaction from user space. This will not only cover one or two, but three firmwares that process or forward each Rose time measurement: The Rose Digital Signal Processor (DSP), Rose Application Processor (AP), and the Always-On Processor (AOP).
- REFERENCES
- There's almost nothing known about UWB on the iPhones... So the only reference is this:
https://support.apple.com/guide/security/ultra-wideband-security-sec1e6108efd/web
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=k1H7fiVlTPA
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Jiska%20Alexander%20Heinrich%20-%20Wibbly%20Wobbly%2C%20Timey%20Wimey%20-%20Whats%20Really%20Inside%20Apples%20U1%20Chip.mp4
This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_three
Return to Index - Add to
- ics Calendar file
DL - Saturday - 14:00-15:50 PDT
Title: WiFi Kraken Lite
When: Saturday, Aug 7, 14:00 - 15:50 PDT
Where: DemoLab Video Channel 2
SpeakerBio:Henry Hill
Henry Hill is an expert with computer hardware and is able to design and build the most bleeding edge systems that are the fastest in the world. His internal knowledge of architecture and system bottlenecks help him build systems capable of extreme processing and even faster storage. Henry is also an expert with mechanical engineering and fabrication. When his modifications aren’t appearing in d4rkm4tter’s projects, they can be seen in his race car at the track.
Description:
Tool or Project Name: The WiFi Kraken Lite
Short Abstract:
D4rkm4tter and Henry have been obsessed with monitoring wireless networks and have built hardware to meet the challenges of scanning and testing in the most busy and client dense environments. The WiFi-Kraken Lite contends with these issues in a smaller package without sacrificing any monitoring performance. This project is the results of years of research into the most effective way to scan and audit wireless in a single box that can be easily deployed or used as a hardened terminal in the most rugged conditions.
The WiFi-Kraken Lite consists of a single-board computer which connects 12 wireless radios that enables scanning and auditing WiFi, Bluetooth, LoRaWAN and other commonly used wireless protocols. The number of wireless devices is growing as well as the way those devices are being connected. Having an all-in-one wireless monitoring solution will give you the ability to track this data across these bands and give you the best picture of what’s happening in the air around you.
This demonstration will provide you the information so that you can build your own all-in-one monitoring device. You will also gain an overview of capture technologies including Kismet that will help you perform this type of analysis in your own environments. Finally once the data is capture, you will get an understanding of efficient data processing using tools like Wireshark and d4rkm4tter’s own PCAPinator tool.
Short Developer Bio:
Mike Spicer (d4rkm4tter) is a mad scientist hacker who likes to meddle with hardware and software. He is particularly obsessed with wireless. He has a degree in computer science which he has put to use building and breaking a wide array of systems. These include web application pentesting, wireless monitoring and tracking as well as reverse engineering. He is the creator of the #WiFiCactus and has been seen presenting and demoing at a number of conferences including DEF CON. He is a Kismet cultist and active in the wireless and wardriving communities.
Henry Hill is an expert with computer hardware and is able to design and build the most bleeding edge systems that are the fastest in the world. His internal knowledge of architecture and system bottlenecks help him build systems capable of extreme processing and even faster storage. Henry is also an expert with mechanical engineering and fabrication. When his modifications aren’t appearing in d4rkm4tter’s projects, they can be seen in his race car at the track.
URL to any additional information:
Palshack.org/wifi-kraken-lite (Site will be online for DEF CON)
Detailed Explanation of Tool:
The WiFi-Kraken Lite is a wireless monitoring system that is a rugged box with a single board computer and 12 wireless devices that are capable of simultaneously monitoring a large number of frequencies and protocols while storing that data in real time. The primary motivation for this project was to be able to gain visibility into as much of the wireless spectrum as possible in very congested networks in a small rugged form factor. Networks with a large number of clients that have a large number of access points can be difficult to perform analysis on. These networks typically have clients who switch between networks and can switch frequencies lending to more confusion when tracking with only a single radio. By increasing the number of radios as well
as adding support for other protocols beyond just WiFi, a more complete understanding of the wireless environment can be documented. This information can then be used for defenders or penetration testers to identify vulnerable networks, vulnerable clients, or verify security that can be easily documented and audited.
The hardware is set up so that it minimizes the number of bottlenecks between the actual frames in the air and when it writes the data to disk. It does this by taking advantage of the high-bandwidth PCI-express bus to connect wireless devices. From there the data transfers to a high-speed NVMe storage device. The operating system is Linux which allows us to take advantage of a number of open source tools and projects that help us capture the data. These projects include Kismet, BlueZ, btscanner, and Feather TFT LoRa Sniffer. Custom scripts help us manage and easily configure The WiFi-Kraken Lite for the desired mode.
The buildout of the project uses a hardened Pelican like case which provides the ruggedness and physical security so that the system can be left in harsh environments. Inside the case is a mounted LCD screen that gives the user easy access to make changes in the field if necessary. The electronic components including the single board computer wireless cards are all mounted inside to protect them. The project also features battery packs so that it can run for up to 24 hours or longer depending on the monitoring task.
Data captured with the system can be stored on disk or be analyzed in real time thanks to the internally mounted LCD. Data can also be analyzed remotely by using one of the radios to connect to a nearby laptop. This can be useful in scenarios where the WiFi-Kraken Lite needs to be concealed. The form factor was chosen for not only its strength but also for being inconspicuous especially at conferences where lots of large polycarbonate cases can be seen.
Further data analysis can be performed in real time thanks to Kismet’s fully featured web dashboard. Additionally post monitoring analysis can be performed using Wireshark or d4rkm4tter’s PCAPinator tool which is a multithreaded wrapper around tshark to optimize queries on large datasets. The wireless data captured in this type of analysis can help to determine vulnerabilities which then you can use The WiFi-Kraken Lite to attack what you found.
This tool can be used entirely passively as a silent listener to validate bring your own device (BYOD) policies, monitor if wireless attacks are happening against your infrastructure, see if there are strange behaviors happening in your wireless network due to misconfiguration or maliciousness, or track devices as they moved throughout the networks so that you can have a better understanding of client flow. It can be used to perform a number of active attacks including impersonation, evil twin and other common wireless attacks.
It has never been more important to perform wireless assessments and continual monitoring of your infrastructure considering the number of wireless enabled devices increases daily. Rolling out new wireless infrastructure is costly and implementing the most secure system is daunting for even the most seasoned network integrators. This leads to misconfiguration and sub optimal security settings which are still connected to important infrastructure. For the defender this project brings clarity to the risks and also provides information into the most important mitigations that should be implemented. For the attacker this tool provides valuable recon that will allow them to focus solely on the vulnerable target making as little noise as possible all from it a single box.
Target Audience:
Offense, Defense and Hardware
By bringing equipment that can monitor the latest in wireless technologies, including WiFi 6, this project will shed light on a new and up and coming standard of technology that is slowly being rolled out across the world. With new technology, new tools are required so that research can be conducted to find flaws and validate the real world applications. The WiFi Kraken Lite will bring an enhanced perspective to the wireless monitoring in a box with new tools, new wireless bands captured, and new data processing.
This content will be presented on a Discord video channel.
#dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988
Return to Index - Add to
- ics Calendar file
DL - Saturday - 14:00-15:50 PDT
Title: WiFi Kraken Lite
When: Saturday, Aug 7, 14:00 - 15:50 PDT
Where: Palace 3+4+5
SpeakerBio:Henry Hill
Henry Hill is an expert with computer hardware and is able to design and build the most bleeding edge systems that are the fastest in the world. His internal knowledge of architecture and system bottlenecks help him build systems capable of extreme processing and even faster storage. Henry is also an expert with mechanical engineering and fabrication. When his modifications aren’t appearing in d4rkm4tter’s projects, they can be seen in his race car at the track.
Description:
Tool or Project Name: The WiFi Kraken Lite
Short Abstract:
D4rkm4tter and Henry have been obsessed with monitoring wireless networks and have built hardware to meet the challenges of scanning and testing in the most busy and client dense environments. The WiFi-Kraken Lite contends with these issues in a smaller package without sacrificing any monitoring performance. This project is the results of years of research into the most effective way to scan and audit wireless in a single box that can be easily deployed or used as a hardened terminal in the most rugged conditions.
The WiFi-Kraken Lite consists of a single-board computer which connects 12 wireless radios that enables scanning and auditing WiFi, Bluetooth, LoRaWAN and other commonly used wireless protocols. The number of wireless devices is growing as well as the way those devices are being connected. Having an all-in-one wireless monitoring solution will give you the ability to track this data across these bands and give you the best picture of what’s happening in the air around you.
This demonstration will provide you the information so that you can build your own all-in-one monitoring device. You will also gain an overview of capture technologies including Kismet that will help you perform this type of analysis in your own environments. Finally once the data is capture, you will get an understanding of efficient data processing using tools like Wireshark and d4rkm4tter’s own PCAPinator tool.
Short Developer Bio:
Mike Spicer (d4rkm4tter) is a mad scientist hacker who likes to meddle with hardware and software. He is particularly obsessed with wireless. He has a degree in computer science which he has put to use building and breaking a wide array of systems. These include web application pentesting, wireless monitoring and tracking as well as reverse engineering. He is the creator of the #WiFiCactus and has been seen presenting and demoing at a number of conferences including DEF CON. He is a Kismet cultist and active in the wireless and wardriving communities.
Henry Hill is an expert with computer hardware and is able to design and build the most bleeding edge systems that are the fastest in the world. His internal knowledge of architecture and system bottlenecks help him build systems capable of extreme processing and even faster storage. Henry is also an expert with mechanical engineering and fabrication. When his modifications aren’t appearing in d4rkm4tter’s projects, they can be seen in his race car at the track.
URL to any additional information:
Palshack.org/wifi-kraken-lite (Site will be online for DEF CON)
Detailed Explanation of Tool:
The WiFi-Kraken Lite is a wireless monitoring system that is a rugged box with a single board computer and 12 wireless devices that are capable of simultaneously monitoring a large number of frequencies and protocols while storing that data in real time. The primary motivation for this project was to be able to gain visibility into as much of the wireless spectrum as possible in very congested networks in a small rugged form factor. Networks with a large number of clients that have a large number of access points can be difficult to perform analysis on. These networks typically have clients who switch between networks and can switch frequencies lending to more confusion when tracking with only a single radio. By increasing the number of radios as well
as adding support for other protocols beyond just WiFi, a more complete understanding of the wireless environment can be documented. This information can then be used for defenders or penetration testers to identify vulnerable networks, vulnerable clients, or verify security that can be easily documented and audited.
The hardware is set up so that it minimizes the number of bottlenecks between the actual frames in the air and when it writes the data to disk. It does this by taking advantage of the high-bandwidth PCI-express bus to connect wireless devices. From there the data transfers to a high-speed NVMe storage device. The operating system is Linux which allows us to take advantage of a number of open source tools and projects that help us capture the data. These projects include Kismet, BlueZ, btscanner, and Feather TFT LoRa Sniffer. Custom scripts help us manage and easily configure The WiFi-Kraken Lite for the desired mode.
The buildout of the project uses a hardened Pelican like case which provides the ruggedness and physical security so that the system can be left in harsh environments. Inside the case is a mounted LCD screen that gives the user easy access to make changes in the field if necessary. The electronic components including the single board computer wireless cards are all mounted inside to protect them. The project also features battery packs so that it can run for up to 24 hours or longer depending on the monitoring task.
Data captured with the system can be stored on disk or be analyzed in real time thanks to the internally mounted LCD. Data can also be analyzed remotely by using one of the radios to connect to a nearby laptop. This can be useful in scenarios where the WiFi-Kraken Lite needs to be concealed. The form factor was chosen for not only its strength but also for being inconspicuous especially at conferences where lots of large polycarbonate cases can be seen.
Further data analysis can be performed in real time thanks to Kismet’s fully featured web dashboard. Additionally post monitoring analysis can be performed using Wireshark or d4rkm4tter’s PCAPinator tool which is a multithreaded wrapper around tshark to optimize queries on large datasets. The wireless data captured in this type of analysis can help to determine vulnerabilities which then you can use The WiFi-Kraken Lite to attack what you found.
This tool can be used entirely passively as a silent listener to validate bring your own device (BYOD) policies, monitor if wireless attacks are happening against your infrastructure, see if there are strange behaviors happening in your wireless network due to misconfiguration or maliciousness, or track devices as they moved throughout the networks so that you can have a better understanding of client flow. It can be used to perform a number of active attacks including impersonation, evil twin and other common wireless attacks.
It has never been more important to perform wireless assessments and continual monitoring of your infrastructure considering the number of wireless enabled devices increases daily. Rolling out new wireless infrastructure is costly and implementing the most secure system is daunting for even the most seasoned network integrators. This leads to misconfiguration and sub optimal security settings which are still connected to important infrastructure. For the defender this project brings clarity to the risks and also provides information into the most important mitigations that should be implemented. For the attacker this tool provides valuable recon that will allow them to focus solely on the vulnerable target making as little noise as possible all from it a single box.
Target Audience:
Offense, Defense and Hardware
By bringing equipment that can monitor the latest in wireless technologies, including WiFi 6, this project will shed light on a new and up and coming standard of technology that is slowly being rolled out across the world. With new technology, new tools are required so that research can be conducted to find flaws and validate the real world applications. The WiFi Kraken Lite will bring an enhanced perspective to the wireless monitoring in a box with new tools, new wireless bands captured, and new data processing.
Return to Index - Add to
- ics Calendar file
CLV - Saturday - 10:45-11:30 PDT
Title: Windows Server Containers are Broken - Here's How You Can Break Out
When: Saturday, Aug 7, 10:45 - 11:30 PDT
Where: Cloud Village (Virtual)
SpeakerBio:Daniel Prizmant
Daniel started out his career developing hacks for video games and soon became a professional in the information security field. He is an expert in anything related to reverse engineering, vulnerability research and the development of fuzzers and other research tools. To this day Daniel is passionate about reverse engineering video games at his leisure. Before joining Palo Alto Networks Daniel was employed at CheckPoint, KayHut and Nyotron. Daniel holds a Bachelor of Computer Science from Ben Gurion University.
Twitter: @pushrsp
Description:
A container packages up code and its dependencies, creating a minimal computing environment that can be cloned quickly and reliably across the ever-changing variety of operating system distributions. Originally available for Linux alone, containerized software will always run the same, regardless of the infrastructure. Microsoft teamed up with Docker to offer a container solution for Windows. Support for containers was added in 2016, but little documentation on the internal implementation was released. It was necessary to reverse engineer some of the components of Windows in order to better understand the kernel implementation. How does Windows prevent containers from running system calls that may allow attackers to escape containers? How does Windows prevent containers from accessing sensitive files outside the container, on the host? Why go through all this trouble? A vulnerability in the low level implementation of containers could impact hundreds of thousands of affected instances. Not to mention a full escape from the container to its host machine. How would such an escape vulnerability affect Kuberenetes and Azure services? In this presentation I will show you how to fully escape a Windows container and gain full access to the host’s file system. I will discuss why Microsoft originally didn’t consider this a vulnerability, but do now. I will also show the use of this vulnerability in the wild by a malware.
Cloud Village activities will be streamed to YouTube.
YouTube: https://www.youtube.com/cloudvillage_dc
Return to Index - Add to
- ics Calendar file
BTV - Saturday - 09:00-10:30 PDT
Title: Wireshark for Incident Response & Threat Hunting
When: Saturday, Aug 7, 09:00 - 10:30 PDT
Where: Blue Team Village - Workshop Track 1 (Virtual)
SpeakerBio:Michael Wylie
Michael Wylie, MBA, CISSP is the Sr. Manager of a 24/7/365 global managed threat hunting team. Prior to his current role, he was the Director of Cybersecurity at a top 100 CPA firm where he built out the offensive/defensive security service practice. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Colleges, and for clients around the world. Michael is the winner of numerous SANS challenge coin and holds the following credentials: CISSP, CCNA R&S, GPEN, GMON, GCFE, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, CNVP, Microsoft Azure, and more.
Twitter: @themikewylie
Description:
This workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail.
This workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the workshop, we’ll examine what different attacks and malware look like in Wireshark. Students will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network. There will be plenty of take home labs for additional practice.
Attendees will learn:
- How to build traffic specific Wireshark profiles
- How to setup Wireshark for threat hunting
- How to enrich packets with threat intel
- How to identify IOCs in a sea of packets
- How to tap networks and where to setup sensors
- NSM techniques
- Techniques to quickly identify evil on a network
Students are provided with PCAPs of incidents starting with 8 packets and growing to 10,000+ packet captures where students need to build a timeline of a breach.
Return to Index - Add to
- ics Calendar file
CPV - Saturday - 10:00-17:30 PDT
Title: Workshop & CTF: Practical Cryptographic Attacks
When: Saturday, Aug 7, 10:00 - 17:30 PDT
Where: See Description
SpeakerBio:Daniel Crowley
Daniel Crowley is the head of research and a penetration tester for X-Force Red. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. Daniel enjoys climbing large rocks and is TIME magazine's 2006 person of the year. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie and brews his own beer. Daniel's work has been included in books and college courses. Daniel also holds the noble title of Baron in the micronation of Sealand.
Description:
While new cryptographic attacks are regularly published, there are a series of common, practically exploitable mistakes that have been made by application developers at both large and small companies for years when using cryptography. For example, using a hard-coded IV (a common mistake) led to the flaw known as Zerologon, exploiting Microsoft's Netlogon protocol to allow pre-auth domain compromise in 2020. This workshop will provide a working knowledge of cryptography for those unfamiliar, and explain a series of practical attacks against cryptographic mistakes that are common in production systems today, accompanied by practical challenges in the form of a CTF.
CTF URL: https://crypto.iscool.af/
Python3 module for crypto exploit writing: https://github.com/unicornsasfuel/cryptanalib3.
Recommended for rapid exploit writing: pwntools -- install docs at:
https://docs.pwntools.com/en/stable/install.html
This talk will be streamed at https://www.twitch.tv/DrSensualPotatoPhD
Return to Index - Add to
- ics Calendar file
IOTV - Saturday - 11:00-11:45 PDT
Title: You're Doing IoT RNG
When: Saturday, Aug 7, 11:00 - 11:45 PDT
Where: IoT Village (Talk - Virtual)
Speakers:Allan Cecil - dwangoAC,Dan Petro - AltF4
SpeakerBio:Allan Cecil - dwangoAC
Allan Cecil (dwangoAC) is a Security Consultant with Bishop Fox and the President of the North Bay Linux User’s Group. He acts as an ambassador for Tasvideos.org, a website devoted to using emulators to complete video games as quickly as the hardware allows. He participates in Games Done Quick charity speed running marathons using TASBot to entertain viewers with never-before-seen glitches in games.
Twitter: @mrtasbot
SpeakerBio:Dan Petro - AltF4
Dan "AltF4" Petro is Lead Researcher at Bishop Fox. Dan is widely known for the tools he creates: Eyeballer (a convolutional neural network pentest tool), the Rickmote Controller (a Chromecast-hacking device), Untwister (pseudorandom number generator cracker), and SmashBot (a merciless Smash Bros noob-pwning machine).
Twitter: @2600AltF4
Description:
Think of a random number between '0' and infinity. Was your number '0'? Seriously? Crap. Well unfortunately, the hardware random number generators (RNG) used by your favorite IoT devices to create encryption keys may not work much better than you when it comes to randomness.
In this talk, we'll delve into murky design specs, opaque software libraries, and lots of empirical results. We wrote code for many popular IoT SoC platforms to extract gigabytes of data from their hardware RNGs and analyze them. What we found was a systemic minefield of vulnerabilities in almost every platform that could undermine IoT security. Something needs to change in how the Internet of Things does RNG.
The vulnerabilities are widespread and the attacks are practical. RNG is bad out there - "IoT Crypto-pocalypse" bad.
IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.
Twitch: https://www.twitch.tv/iotvillage
Return to Index - Add to
- ics Calendar file
DC - Saturday - 17:00-17:45 PDT
Title: You're Doing IoT RNG
When: Saturday, Aug 7, 17:00 - 17:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded
Speakers:Allan Cecil - dwangoAC,Dan Petro - AltF4
SpeakerBio:Allan Cecil - dwangoAC
Allan Cecil (dwangoAC) is a Security Consultant with Bishop Fox and the President of the North Bay Linux User’s Group. He acts as an ambassador for Tasvideos.org, a website devoted to using emulators to complete video games as quickly as the hardware allows. He participates in Games Done Quick charity speed running marathons using TASBot to entertain viewers with never-before-seen glitches in games.
Twitter: @mrtasbot
SpeakerBio:Dan Petro - AltF4
Dan "AltF4" Petro is Lead Researcher at Bishop Fox. Dan is widely known for the tools he creates: Eyeballer (a convolutional neural network pentest tool), the Rickmote Controller (a Chromecast-hacking device), Untwister (pseudorandom number generator cracker), and SmashBot (a merciless Smash Bros noob-pwning machine).
Twitter: @2600AltF4
Description:
Think of a random number between '0' and infinity. Was your number '0'? Seriously? Crap. Well unfortunately, the hardware random number generators (RNG) used by your favorite IoT devices to create encryption keys may not work much better than you when it comes to randomness. In this talk, we'll delve into murky design specs, opaque software libraries, and lots of empirical results. We wrote code for many popular IoT SoC platforms to extract gigabytes of data from their hardware RNGs and analyze them. What we found was a systemic minefield of vulnerabilities in almost every platform that could undermine IoT security. Something needs to change in how the Internet of Things does RNG. The vulnerabilities are widespread and the attacks are practical. RNG is bad out there - "IoT Crypto-pocalypse" bad.
--
This talk has been released to YouTube and the DEF CON Media server.
YouTube: https://www.youtube.com/watch?v=Zuqw0-jZh9Y
Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Dan%20Petro%20-%20You%27re%20Doing%20IoT%20RNG%20-%20Demo.mp4
This talk will be given live in Track 1.
This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.
DCTV Channel Map: https://dctv.defcon.org/
Twitch: https://www.twitch.tv/defcon_dctv_one
Return to Index - Add to
- ics Calendar file