Saturday - 13:00 PDT

AIV - Who's Afraid of Thomas Bayes? - Erick Galinkin
AIV - (13:30-13:59 PDT) - Risks of ML Systems in Health Care: The Real Story - Barton Rhodes
APV - cont...(12:00-14:30 PDT) - (Workshop) - Integrating DAST tools into developers' test process - Joe Schottman
APV - When nothing goes right, push left. Designing logs for future breach investigations - Vee
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(12:00-15:59 PDT) - In Space, No One Can Hear You Hack -
ASV - cont...(12:30-13:20 PDT) - Lost In Space: No-one Can Hear Your Breach (Choose Wisely) - Elizabeth Wharton
AVV - cont...(11:00-13:15 PDT) - (Workshop) From zero to hero: creating a reflective loader in C# - Jean Francois Maes
AVV - (13:15-13:59 PDT) - (Tool Demo) Red Team Credentials Reconnaissance (OLD with a TWIST) - Shantanu Khandelwal
BCV - Certified Ethereum Professional (CEP) Overview - Abstrct
BCV - (13:30-13:59 PDT) - Sla(sh*t)ing happens when you stake - Nadir Akhtar,Y L
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - cont...(12:30-13:30 PDT) - Cloud security for healthcare and life sciences - MIchelle Holko
BHV - (13:30-13:59 PDT) - Securing the Internet of Biological Things - Thom Dixon
BTV - (13:45-14:15 PDT) - Leveraging NGFWs for Threat Hunting - Drimacus
CAHV - cont...(12:00-15:59 PDT) - Resume Reviewing
CAHV - cont...(12:00-15:59 PDT) - Career Coaching
CAHV - Selling Yourself as a Security Professional - Preston Pierce
CCV - Monero Scaling Opportunities and Challenges - Francisco Cabañas
CHV - Fuzzing CAN / CAN FD ECU's and Network - Samir Bhagwat
CLV - cont...(12:45-13:30 PDT) - Shift Left Using Cloud: Implementing baseline security into your deployment lifecycle - Avinash Jain
CLV - (13:30-13:50 PDT) - CSPM2CloudTrail - Extending CSPM Tools with (Near) Real-Time Detection Signatures (Lightning Talk) - Rodrigo "Sp0oKeR" Montoro
CLV - (13:50-14:35 PDT) - Azure Active Directory Hacking Wars - Batuhan Sancak
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - Red Team Village CTF - Finals Part 1 -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - cont...(12:30-13:15 PDT) - CPV Through the Looking-Glass: Cryptanalysis in the Time of Ransomware (DC 25)
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - TEMPEST radio station - Paz Hameiri
DC - PINATA: PIN Automatic Try Attack - Salvador Mendoza
DC - Defeating Physical Intrusion Detection Alarm Wires - Bill Graydon
DC - Community Roundtable - RANSOMWARE: Combatting Ransomware on a Global Stage / The realities of responding to ransomware -
DL - cont...(12:00-13:50 PDT) - Tracee - Yaniv Agman
DL - cont...(12:00-13:50 PDT) - USBSamurai - Luca Bongiorni
DL - cont...(12:00-13:50 PDT) - Git Wild Hunt - Rod Soto,José Hernandez
HHV - Meetup: Some HHV challenges - rehr
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - (13:30-14:30 PDT) - Amateur Radio Digital Modes Primer - Jon Marler
HTSV - cont...(12:00-14:59 PDT) - Hack the Sea Cabana Party -
HTSV - Sea Pods - Grant Romundt
ICSV - Toward a Collaborative Cyber Defense and Enhanced Threat Intelligence Structure - Lauren Zabierek
ICSV - (13:30-13:59 PDT) - Fortifying ICS - Hardening and Testing - Dieter Sarrazyn
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(12:45-13:30 PDT) - MIPS-X - The next IoT Frontier - Patrick Ross,Zoltán Balázs
IOTV - (13:45-14:30 PDT) - Mind the Gap - Managing Insecurity in Enterprise IoT - Cheryl Biswas
LBV - Electronic Warfare & Q&A
LPV - How I defeated the Western Electric 30c - N∅thing
PHV - cont...(12:00-13:59 PDT) - Security Investigations with Splunk - Robert Wagner
SEV - cont...(12:30-13:30 PDT) - Using SE to create insider threats and win all the things - Lisa Forte
SEV - (13:30-14:30 PDT) - The Innocent Lives Foundation: A Beacon of Light in a Dark World - John McCombs
SOC - A&E Pool Party! -
VMV - New Hampshire SB43 Forensic Audit - Harri Hursti
VMV - (13:30-13:59 PDT) - Why Hacking Voters Is Easier Than Hacking Ballots - Maurice Turner
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Bug bounty Hunting Workshop - David Patten,Philippe Delteil
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist
WS - cont...(10:00-13:59 PDT) - Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders - Michael Register,Michael Solomon

Saturday - 14:00 PDT

AIV - The Real History of Adversarial Machine Learning - Eugene Neelou
APV - cont...(12:00-14:30 PDT) - (Workshop) - Integrating DAST tools into developers' test process - Joe Schottman
APV - How I broke into Mexico City's justice system application and database - Alfonso Ruiz Cruz
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(12:00-15:59 PDT) - In Space, No One Can Hear You Hack -
ASV - AIAA CubeSat Hacking Workshop - Virtual Lab #4 -
ASV - (14:30-14:55 PDT) - True Story: Hackers in the Aerospace Sector - Declyn S.,Ginny Spicer,Olivia Stella,Steve Luczynski,Thomas Bristow
AVV - Operation Bypass: Catch My Payload If You Can - Matthew Eidelberg
BCV - EIP-1559 Panel
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - The Real Story on Patching Medical Devices - Michael Murray
BICV - (14:30-14:30 PDT) - 40 cores and a CPU - Nico "Socks" Smith
BTV - cont...(13:45-14:15 PDT) - Leveraging NGFWs for Threat Hunting - Drimacus
BTV - BTV Presents: Forensics Station - Workshop 1 - Omenscan
BTV - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - (14:30-15:30 PDT) - Modern Authentication for the Security Admin - Bailey Bercik,Mark Morowczynski
CAHV - cont...(12:00-15:59 PDT) - Resume Reviewing
CAHV - cont...(12:00-15:59 PDT) - Career Coaching
CAHV - Career Hacking: Tips and Tricks to Making the Most of your Career - Andy Piazza
CHV - Build Automotive Gateways with Ease - Don Hatfield
CLV - cont...(13:50-14:35 PDT) - Azure Active Directory Hacking Wars - Batuhan Sancak
CLV - (14:35-16:59 PDT) - Onions In the Cloud Make the CISO Proud (Workshop) - Wes Lambert
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - cont...(13:00-16:59 PDT) - Red Team Village CTF - Finals Part 1 -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - Staying Fresh While the Feds Watch: Changes in Government Surveillance and Why it Matters - Anthony Hendricks
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - cont...(13:00-14:59 PDT) - Community Roundtable - RANSOMWARE: Combatting Ransomware on a Global Stage / The realities of responding to ransomware -
DC - Sneak into buildings with KNXnet/IP - Claire Vacherot
DC - SPARROW: A Novel Covert Communication Scheme Exploiting Broadcast Signals in LTE, 5G & Beyond - Chuck McAuley,Reza Soosahabi
DC - Over-the-air remote code execution on the DEF CON 27 badge via Near Field Magnetic Inductance or World’s first NFMI exploitation, sorta or OTARCEDC27NFMIOMGWTFBBQ - Seth Kintigh
DL - ParseAndC - Parbati Kumar Manna
DL - WiFi Kraken Lite - Henry Hill
DL - WiFi Kraken Lite - Henry Hill
DL - Shutter - Dimitry "Op_Nomad" Snezhkov
HHV - Meetup: Sourcing Parts & The Global Parts Shortage - bombnav
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - cont...(13:30-14:30 PDT) - Amateur Radio Digital Modes Primer - Jon Marler
HTSV - cont...(12:00-14:59 PDT) - Hack the Sea Cabana Party -
HTSV - Cyber Operations and Operational Wargames on Port Infrastructure - Tom Mouatt,Ed McGrady,John Curry
ICSV - Crippling the Grid: Examination of Dependencies and Cyber Vulnerabilities - Joe Slowik
ICSV - (14:30-14:59 PDT) - Leveraging SBOMs to Enhance ICS Security - Thomas Pace
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(13:45-14:30 PDT) - Mind the Gap - Managing Insecurity in Enterprise IoT - Cheryl Biswas
IOTV - (14:45-15:30 PDT) - Reverse Supply Chain Attack - A Dangerous Pathway To Medical Facilities’ Networks - Barak Hadad,Gal Kaufman
LBV - cont...(13:00-14:30 PDT) - Electronic Warfare & Q&A
LBV - (14:30-15:59 PDT) - Alarm Bypass & Q&A
LPV - (14:15-14:45 PDT) - Intro To Lockpicking - TOOOL
RCV - How vigilant researchers can uncover APT attacks for fun and non profit - Ladislav Baco
RCV - (14:40-15:10 PDT) - .GOV Doppelgänger: Your Häx Dollars at Work - Anthony Kava
SEV - cont...(13:30-14:30 PDT) - The Innocent Lives Foundation: A Beacon of Light in a Dark World - John McCombs
SEV - (14:30-15:30 PDT) - Make Them Want To Tell You: The Science of Elicitation - Christopher Hadnagy
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

Saturday - 15:00 PDT

AIV - RTV/AIV Red Teaming AI Roundtable - Rich Harang,Anita Nikolich
APV - A Deep Dive Into Supply Chain Vulnerabilities: And How SecDevOps Can Save the Day - Adam Schaal
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(12:00-15:59 PDT) - In Space, No One Can Hear You Hack -
ASV - cont...(14:00-15:59 PDT) - AIAA CubeSat Hacking Workshop - Virtual Lab #4 -
ASV - Drone Security Research Series – Ep6 Hacking with drones - Matt Gaffney
AVV - (Tool Demo) PurpleSharp: Automated Adversary Simulation - Mauricio Velazco
AVV - (15:45-16:30 PDT) - Phish Like An APT - Sanne Maasakkers
BCV - Evils in the DeFi world - Minzhi He,Peiyu Wang
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - OWASP & CSA IoT: Impacting Medical Security - Aaron Guzman
BTV - cont...(14:00-15:30 PDT) - BTV Presents: Forensics Station - Workshop 1 - Omenscan
BTV - cont...(14:00-17:59 PDT) - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - cont...(14:30-15:30 PDT) - Modern Authentication for the Security Admin - Bailey Bercik,Mark Morowczynski
BTV - (15:45-16:45 PDT) - Uncomfortable Networking - Charles Rumford
CAHV - cont...(12:00-15:59 PDT) - Resume Reviewing
CAHV - cont...(12:00-15:59 PDT) - Career Coaching
CCV - Triptych - Sarang Noether, Ph.D.
CHV - Safety Third: Defeating Chevy StabiliTrak for Track Time Fun - Eric Gershman
CLV - cont...(14:35-16:59 PDT) - Onions In the Cloud Make the CISO Proud (Workshop) - Wes Lambert
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - cont...(13:00-16:59 PDT) - Red Team Village CTF - Finals Part 1 -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - CPV Through the Looking-Glass: Hacking on Multi-Party Computation (DC 25)
CPV - (15:30-16:30 PDT) - Gold Bug Q&A -
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - Hacking G Suite: The Power of Dark Apps Script Magic - Matthew Bryant
DC - Central bank digital currency, threats and vulnerabilities - Ian Vitek
DC - Breaking Secure Bootloaders - Christopher Wade
DL - cont...(14:00-15:50 PDT) - ParseAndC - Parbati Kumar Manna
DL - cont...(14:00-15:50 PDT) - WiFi Kraken Lite - Henry Hill
DL - cont...(14:00-15:50 PDT) - WiFi Kraken Lite - Henry Hill
DL - cont...(14:00-15:50 PDT) - Shutter - Dimitry "Op_Nomad" Snezhkov
HHV - Meetup: OSS ASIC - Josh Marks
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - How to Contact the ISS with a $30 Radio - Gregg Horton
HTSV - US Coast Guard 2021 Cyber Strategic Outlook - Michael Chien
ICSV - Smart Meters: I'm Hacking Infrastructure and So Should You - Hash Salehi
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(14:45-15:30 PDT) - Reverse Supply Chain Attack - A Dangerous Pathway To Medical Facilities’ Networks - Barak Hadad,Gal Kaufman
IOTV - (15:45-16:15 PDT) - Ethics at the Edge: IoT as the Embodiment of AI for Rampant Intelligence Actuation - Ria Cheruvu
LBV - cont...(14:30-15:59 PDT) - Alarm Bypass & Q&A
LPV - The Coat Hanger Talk: A Noob's Look Into the Thieves World - De
RCV - cont...(14:40-15:10 PDT) - .GOV Doppelgänger: Your Häx Dollars at Work - Anthony Kava
RCV - (15:20-16:05 PDT) - OSINT for Sex Workers - Kala Kinyon
SEV - cont...(14:30-15:30 PDT) - Make Them Want To Tell You: The Science of Elicitation - Christopher Hadnagy
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
WS - Network Analysis with Wireshark - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - Evading Detection a Beginner's Guide to Obfuscation - Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
WS - Advanced Wireless Attacks Against Enterprise Networks - Solstice

Saturday - 16:00 PDT

AIV - Where We’re Going We Don’t Need Labels: Anomaly Detection for 2FA - Rebecca Lynch,Stefano Meschiari
AIV - (16:30-16:59 PDT) - AI Discord Happy Hour - Open Discussion on AIV Discord about the State of AI Security
APV - DevSecOps: Merging Security and Software Engineering - Magno Logan DELETE ME
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - Fuzzing NASA Core Flight System Software - Ronald Broberg
AVV - cont...(15:45-16:30 PDT) - Phish Like An APT - Sanne Maasakkers
AVV - (16:30-17:15 PDT) - (Tool Demo) Tenacity: An Adversary Emulation Tool for Persistence - Atul Nair,Harshal Tupsamudre
BCV - The Wild West of DeFi Exploits - Anna Szeto
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - cont...(15:00-16:45 PDT) - OWASP & CSA IoT: Impacting Medical Security - Aaron Guzman
BHV - (16:45-16:59 PDT) - A Cohort of Pirate Ships - Alex Pearlman
BICV - (16:30-16:30 PDT) - How Bias and Discrimination in Cybersecurity will have us locked up or dead - Tennisha Martin
BTV - cont...(14:00-17:59 PDT) - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - cont...(15:45-16:45 PDT) - Uncomfortable Networking - Charles Rumford
BTV - (16:30-17:59 PDT) - Ransomware ATT&CK and Defense with the Elastic Stack - Ben Hughes,Daniel Chen,Fred Mastrippolito
CCV - (16:30-16:59 PDT) - Cryptocurrency Trivia! - Justin Ehrenhofer
CLV - cont...(14:35-16:59 PDT) - Onions In the Cloud Make the CISO Proud (Workshop) - Wes Lambert
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(13:00-16:59 PDT) - Red Team Village CTF - Finals Part 1 -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - cont...(15:30-16:30 PDT) - Gold Bug Q&A -
CPV - (16:30-17:30 PDT) - The threat hiding in daylight: Police Monitoring legislation and individual privacy in chat - Vic Huang,Joy Ho
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - New Phishing Attacks Exploiting OAuth Authentication Flows - Jenko Hwong
DC - PunkSPIDER and IOStation: Making a Mess All Over the Internet - _hyp3ri0n aka Alejandro Caceres,Jason Hopper
DC - Adventures in MitM-land: Using Machine-in-the-Middle to Attack Active Directory Authentication Schemes - Eyal Karni,Sagi Sheinfeld,Yaron Zinar
DC - Community Roundtable - Thinking About Election Security -
DC - Community Roundtable - Implementing Cyber Solarium Commission Policy -
HHV - Meetup: Certification Processes (UL, FCC, etc.) - ShortTie
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - Getting started with low power & long distance communications - QRP - Eric Escobar
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(15:45-16:15 PDT) - Ethics at the Edge: IoT as the Embodiment of AI for Rampant Intelligence Actuation - Ria Cheruvu
IOTV - (16:30-16:59 PDT) - IoT devices as government witnesses: Can IoT devices ever be secure if law enforcement has unlimited access to their data? - Anthony Hendricks,Jordan Sessler
LBV - (16:30-16:59 PDT) - Bypass 101
LPV - (16:15-16:45 PDT) - Intro To Lockpicking - TOOOL
RCV - cont...(15:20-16:05 PDT) - OSINT for Sex Workers - Kala Kinyon
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - QueerCon Party -
WS - cont...(15:00-18:59 PDT) - Network Analysis with Wireshark - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(15:00-18:59 PDT) - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - cont...(15:00-18:59 PDT) - Evading Detection a Beginner's Guide to Obfuscation - Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
WS - cont...(15:00-18:59 PDT) - Advanced Wireless Attacks Against Enterprise Networks - Solstice

Saturday - 17:00 PDT

APV - Can’t Stop the Code: Embrace the Code - Alton Crossley
APV - (17:45-17:50 PDT) - AppSec Quiz Time! - Eden Stroet
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
AVV - cont...(16:30-17:15 PDT) - (Tool Demo) Tenacity: An Adversary Emulation Tool for Persistence - Atul Nair,Harshal Tupsamudre
AVV - (17:15-18:15 PDT) - C2Centipede: APT level C2 communications for common reverse HTTP shell tools - Jose Garduno
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - The Little Things - Mixæl Laufer
BHV - (17:30-17:59 PDT) - Playing with FHIR: hacking and securing healthcare APIs - Alissa Knight,Mitch Parker
BTV - cont...(14:00-17:59 PDT) - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - cont...(16:30-17:59 PDT) - Ransomware ATT&CK and Defense with the Elastic Stack - Ben Hughes,Daniel Chen,Fred Mastrippolito
BTV - Structured Analytical Techniques for Improving Information Security Analyses - Rabbit
CCV - Monero After Party - Monero Sound
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - Trace Labs OSINT Search Party CTF - Award Ceremony -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - cont...(16:30-17:30 PDT) - The threat hiding in daylight: Police Monitoring legislation and individual privacy in chat - Vic Huang,Joy Ho
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - You're Doing IoT RNG - Allan Cecil - dwangoAC,Dan Petro - AltF4
DC - Hacking the Apple AirTags - Thomas Roth
DC - Don't Dare to Exploit - An Attack Surface Tour of SharePoint Server - Steven Seeley,Yuhao Weng,Zhiniang Peng
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - Remote Ham Radio Exams -
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - (17:15-17:59 PDT) - The Journey of Establishing IoT Trustworthiness and IoT Security Foundation - Amit Elazari,Anahit Tarkhanyan,Ria Cheruvu
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-17:59 PDT) - QueerCon Party -
SOC - DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup -
SOC - Friends of Bill W. -
WS - cont...(15:00-18:59 PDT) - Network Analysis with Wireshark - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(15:00-18:59 PDT) - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - cont...(15:00-18:59 PDT) - Evading Detection a Beginner's Guide to Obfuscation - Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
WS - cont...(15:00-18:59 PDT) - Advanced Wireless Attacks Against Enterprise Networks - Solstice

Saturday - 18:00 PDT

AVV - cont...(17:15-18:15 PDT) - C2Centipede: APT level C2 communications for common reverse HTTP shell tools - Jose Garduno
AVV - (18:15-18:45 PDT) - Lightning talk: Autonomous lateral movement - Stephan Wampouille
AVV - (18:45-19:45 PDT) - Game Theory: Understanding and Strategy and Deception - Juneau Jones
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - HACKERS INTO THE UN? Engaging in the cyber discussions on war & peace - DEF CON Policy Panel
DC - Offensive Golang Bonanza: Writing Golang Malware - Benjamin Kurtz
DC - Vulnerability Exchange: One Domain Account For More Than Exchange Server RCE - Tianze Ding
HRV - cont...(17:00-18:59 PDT) - Remote Ham Radio Exams -
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(17:00-18:59 PDT) - DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup -
SOC - QueerCon Virtual Chat Mixer
SOC - Hacker Karaoke (Virtual) -
WS - cont...(15:00-18:59 PDT) - Network Analysis with Wireshark - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(15:00-18:59 PDT) - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - cont...(15:00-18:59 PDT) - Evading Detection a Beginner's Guide to Obfuscation - Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
WS - cont...(15:00-18:59 PDT) - Advanced Wireless Attacks Against Enterprise Networks - Solstice

Saturday - 19:00 PDT

AVV - cont...(18:45-19:45 PDT) - Game Theory: Understanding and Strategy and Deception - Juneau Jones
AVV - (19:45-20:30 PDT) - (Tool Demo) New generation of PEAS - Carlos Polop
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - (Replay) UFOs: Misinformation, Disinformation, and the Basic Truth - Richard Thieme AKA neuralcowboy
DC - (Replay) Racketeer Toolkit. Prototyping Controlled Ransomware Operations - Dimitry "Op_Nomad" Snezhkov
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -

Saturday - 20:00 PDT

AVV - cont...(19:45-20:30 PDT) - (Tool Demo) New generation of PEAS - Carlos Polop
AVV - (20:30-21:30 PDT) - Panel discussion: Is Adversary Emulation Too ___ For You? - Jamie Williams,Cat Self,Tim Schulz,Michael Long,Frank Duff,Jose Barajas
CON - Hacker Jeopardy -
CON - Drunk Hacker History -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - DEF CON Movie Night - Upgrade -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
SOC - Hacker Flairgrounds -
SOC - Gothcon 2021 -

Saturday - 21:00 PDT

AVV - cont...(20:30-21:30 PDT) - Panel discussion: Is Adversary Emulation Too ___ For You? - Jamie Williams,Cat Self,Tim Schulz,Michael Long,Frank Duff,Jose Barajas
CON - cont...(20:00-21:59 PDT) - Hacker Jeopardy -
CON - cont...(20:00-21:59 PDT) - Drunk Hacker History -
DC - cont...(20:00-21:59 PDT) - DEF CON Movie Night - Upgrade -
MUS - Music - Ohm-i - Ohm-i
MUS - Music - mattrix - mattrix
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
SOC - cont...(20:00-22:59 PDT) - Hacker Flairgrounds -
SOC - Vetcon Meetup (Hybrid) -

Saturday - 22:00 PDT

ASV - (22:30-23:30 PDT) - The Hangar – Cocktail Making Event -
MUS - Music - Krisz Klink - Krisz Klink
MUS - Music - Icetre Normal - Icetre Normal
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
SOC - cont...(20:00-22:59 PDT) - Hacker Flairgrounds -

Saturday - 23:00 PDT

ASV - cont...(22:30-23:30 PDT) - The Hangar – Cocktail Making Event -
MUS - Music - Miss Jackalope - Miss Jackalope
MUS - Music - Nina Lowe - Nina Lowe
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -

Talk/Event Descriptions

RCV - Saturday - 14:40-15:10 PDT

Title: .GOV Doppelgänger: Your Häx Dollars at Work
When: Saturday, Aug 7, 14:40 - 15:10 PDT
Where: Recon Village (Virtual)

SpeakerBio:Anthony Kava
No BIO available
Twitter: @anthonykava

Description:No Description available

Recon Village talks will stream to YouTube.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Dimitry%20Op%20Nomad%20Snezhkov%20-%20Racketeer%20Toolkit.%20Prototyping%20Controlled%20Ransomware%20Operations.mp4

Return to Index - Add to

- ics Calendar file

DC - Saturday - 19:00-19:30 PDT

Title: (Replay) Racketeer Toolkit. Prototyping Controlled Ransomware Operations
When: Saturday, Aug 7, 19:00 - 19:30 PDT
Where: Track 2 CLOSED; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Dimitry "Op_Nomad" Snezhkov
Dimitry Snezhkov is an Associate Director at Protiviti. In this role he hacks code, tools, networks, apps and sometimes subverts human behavior too. Dimitry has spoken at DEF CON, BlackHat, THOTCON conferences, and presented tools at BlackHat Arsenal.
Twitter: @Op_Nomad

Description:
*** SPECIAL NOTE: Technical difficulties prevented this talk from being shown at the correct time slot on DCTV/Twitch. This entry is for the replay. You may also watch this talk on-demand, by following the links at the bottom of this message. ***

Offensive testing in organizations has shown a tremendous value for simulating controlled attacks. While cyber extortion may be one of the main high ROI end goals for the attacker, surprisingly few tools exist to simulate ransomware operations.

Racketeer is one such tool. It is an offensive agent coupled with a C2 base, built to help teams to prototype and exercise a tightly controlled ransomware campaign.

We walk through the design considerations and implementation of a ransomware implant which emulates logical steps taken to manage connectivity and asset encryption and decryption capabilities. We showcase flexible and actionable ways to prototype components of fully remote ransomware operation including key and data management, as well as data communication that is used in ransomware campaigns.

Racketeer is equipped with practical safeguards for lights out operations, and can address the goals of keeping strict control of data and key management in its deployment, including target containment policy, safe credential management, and implementing operational security in simulated operations.

Racketeer can help gain better optics into IoCs, and is helpful in providing detailed logs that can be used to study the behavior and execution artifacts of a ransomware agent.

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=VJ8aqReB118

This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will only be broadcast to DCTV2, in local hotels and on Twitch. This talk is not being presented in Track 2.

DCTV Channel Map: https://dctv.defcon.org/

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Richard%20Thieme%20AKA%20neuralcowboy%20-%20UFOs%20-%20Misinformation%2C%20Disinformation%2C%20and%20the%20Basic%20Truth.mp4

Return to Index - Add to

- ics Calendar file

DC - Saturday - 19:00-19:59 PDT

Title: (Replay) UFOs: Misinformation, Disinformation, and the Basic Truth
When: Saturday, Aug 7, 19:00 - 19:59 PDT
Where: Track 1 CLOSED; DCTV/Twitch #1 Pre-Recorded

SpeakerBio:Richard Thieme AKA neuralcowboy
Richard Thieme, https://thiemeworks.com has addressed security and intelligence issues for 28 years. He has keynoted security conferences in 15 countries and given presentations for the NSA, FBI, Secret Service, Pentagon Security Forum, U.S. Department of the Treasury, and Los Alamos National Laboratory. He has been speaking at Def Con since Def Con 4. His sixth book, a novel, Mobius: A Memoir, about an intelligence professional looking back on his career and how it led down unexpected paths, is receiving rave reviews. He has explored UFO phenomena seriously for 43 years.
Twitter: @neuralcowboy

Description:
** SPECIAL NOTE: This is a replay on DCTV/Twitch only, because a technical issue prevented part of the talk from airing during its previously scheduled slot. **

The talk, "UFOs and Government: A Historical Inquiry" given at Def Con 21 has been viewed thousands of times. It was a serious well-documented exploration of the UFO subject based on Thieme's participation in research into the subject with colleagues. The book of that name is the gold standard for historical research into the subject and is in 100+ university libraries.

This update was necessitated by recent UFO incidents and the diverse conversations triggered by them. Contextual understanding is needed to evaluate current reports from pilots and naval personnel, statements from senators and Pentagon personnel, and indeed, all the input from journalists who are often unfamiliar with the field and the real history of documented UFOs over the past 70 years.

Thieme was privileged to participate with scholars and lifelong researchers into the massive trove of reports. We estimate that 95% can be explained by mundane phenomena but the remainder suggest prolonged interaction with our planetary society over a long period. Thieme also knows that when you know you don't know something, don't suggest that you do. Stay with the facts, stay with the data. Sensible conclusions, when we do that, are astonishing enough.

Reality, as Philip K. Dick said, will not go away just because we refuse to believe in it.

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=mExktWB0qz4

This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will only be broadcast to DCTV1, in local hotels and on Twitch. This talk is not being presented in Track 1.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

AVV - Saturday - 19:45-20:30 PDT

Title: (Tool Demo) New generation of PEAS
When: Saturday, Aug 7, 19:45 - 20:30 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Carlos Polop , Senior Security Engineer, Mettle
Carlos is a Spanish Telecommunications Engineer with a Master in Cybersecurity.He had worked hard to pass some important certifications like OSCP, OSWE, CRTP, eMAPT, and eWPTXv2. He has worked mainly as penetration tester/red teamer but also as programmer and system administrator. Since he started learning cybersecurity he has been trying to share his knowledge and help improving the infosec world with his tools (the most remarkable ones are https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite and https://github.com/carlospolop/legion) and with his free hacking tricks online book: https://book.hacktricks.xyz
Twitter: @carlospolopm
https://es.linkedin.com/in/carlos-polop-martin

Description:
Local privilege escalation techniques are far beyond checking the Windows/Kernel version, looking for unquoted service paths or checking SUID binaries. Moreover, a local privilege escalation could make a huge difference when trying to comprise a domain. Several tools have been created to find possible privilege escalation paths, but most of the tools for Red Team and Pentesting just check for a few possible ways, so pentesters need to use several tools and do some manual recon to check for everything.

PEASS is a compilation of a bash script for Linux/MacOS/*nix and a .Net project and a batch script for Windows that I have created some time ago which aims to check and highlight every possible privescpath so professionals don’t need to execute several different tools for this purpose and can very easily find vulnerabilities.

During this talk I would like to present PEASS-ng. The architecture of these scripts has evolved and improved so much that I would like to present how they work at the moment and how the difficulty to collaborate with the project has been reduced significantly. Moreover, I would also like to present the 2 new PEAS that haven't been present anywhere yet: BotPEAS and WebPEAS (the latest one will be released the day of the talk). During the talk I will also present my local privilege escalation resources (https://book.hacktricks.xyz/linux-unix/privilege-escalation , https://book.hacktricks.xyz/windows/windows-local-privilege-escalation) so the attended will be able to continue learning about the topic after the talk.

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Return to Index - Add to

- ics Calendar file

AVV - Saturday - 15:00-15:45 PDT

Title: (Tool Demo) PurpleSharp: Automated Adversary Simulation
When: Saturday, Aug 7, 15:00 - 15:45 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Mauricio Velazco , Principal Threat Research Engineer, Splunk
Mauricio Velazco (@mvelazco) is a Peruvian, information security professionalwith more than a decade of work experience across different roles on both offensive and defensive security. In his current role as a Principal Threat Researcher on Splunk’s Threat Research Team, Mauricio focuses on adversary simulation and threat detection. Prior to Splunk, he led the Threat Management team at a Fortune 500 organization. Mauricio has presented/hosted workshops at conferences like Defcon, BlackHat, Derbycon, BSides, SANS, etc.
Twitter: @mvelazco
https://www.linkedin.com/in/mauricio-velazco-4314b51a/

Description:
Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, building new and testing existing detection capabilities will be constrained. PurpleSharp is an open source adversary simulation tool written in C# that executes adversary techniques within Windows Active Directory environments. The resulting telemetry can be leveraged to measure and improve the efficacy of a detection engineering program. PurpleSharp leverages the MITRE ATT&CK Framework and executes different techniques across the attack life cycle: execution, persistence, privilege escalation, credential access, lateral movement, etc

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Return to Index - Add to

- ics Calendar file

AVV - Saturday - 13:15-13:59 PDT

Title: (Tool Demo) Red Team Credentials Reconnaissance (OLD with a TWIST)
When: Saturday, Aug 7, 13:15 - 13:59 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Shantanu Khandelwal , Manager, KPMG Singapore
Shantanu is a Manager in the Cybersecurity Consulting practice in KPMG. He has experience in leading and performing Adversary Simulation exercises, Security Testing, and IT Security consultancy. He has worked in the Banking and Financial sectors, the Power and Utility sector, and the FMCG sector. He has led and performed various technical assessments, including Red/Purple Teaming, Security Architecture reviews, Application penetration tests, Network penetration tests, and source code reviews for many global multi-national companies. He has experience working in various world regions, including the Middle East, India, Hong Kong, and Singapore.
https://sg.linkedin.com/in/khandelwalshantanu

Description:
This talk covers the basics of credentials reconnaissance performed for a red team. Mostly covers the reconnaissance performed on GitHub to search for leaked passwords by developers. The current toolset and the Shiny new GitHub Credentials Stroller which dives into each repository and performs a deep scan.

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Return to Index - Add to

- ics Calendar file

AVV - Saturday - 16:30-17:15 PDT

Title: (Tool Demo) Tenacity: An Adversary Emulation Tool for Persistence
When: Saturday, Aug 7, 16:30 - 17:15 PDT
Where: Adversary Village (Virtual)
Speakers:Atul Nair,Harshal Tupsamudre

SpeakerBio:Atul Nair , Malware Researcher, Qualys
Atul is a Malware Researcher at Qualys. His name has been listed in Google, Microsoft,Olx, Twitter Hall of fame for finding critical security vulnerabilities. Before joining Qualys he worked as a Cybersecurity consultant at Ernst & Young. Atul has extensive experience in MITRE ATT&CK framework and Adversary emulation. He is currently researching on Android adversary emulation techniques.
https://in.linkedin.com/in/atul-nair-3932a2141/

SpeakerBio:Harshal Tupsamudre , Senior Threat Research Engineer, Qualys
Harshal Tupsamudre is a senior threat researcher at Qualys. He has 8 years of research experience in the areas of cryptanalysis and usable security. He has published 15+ research articles in top-tier international conferences. He has contributed techniques, threat groups and tools to MITRE ATT&CK framework. Currently, he is researching on detection methodologies for MITRE ATT&CK techniques.
https://in.linkedin.com/in/harshal-tupsamudre-28a58735

Description:
Persistence consists of techniques that adversaries use to maintain their foothold on systems across restarts. Techniques used for persistence include any access, action, or configuration changes that allow attackers retain access on systems. Persistence is one of the more sought-after techniques of an attacker. Every 3 techniques out of top 10 usedby Adversaries belong to Persistence. We leveraged data from MITRE ATT&CK and open source cyber threat intelligence to understand how adversary achieves persistence. We created Tenacity, a light-weight adversary emulation tool that emulates over 30+ persistence techniques using 100+ procedures employed by attackers in the wild. Using this tool the organizations and individuals can quickly validate the risk posture and exposure of their business as well as the performance of the existing security solutions.

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Title: 40 cores and a CPU
When: Saturday, Aug 7, 14:30 - 14:30 PDT
Where: Blacks in Cyber

SpeakerBio:Nico "Socks" Smith
Nico Smith is a technology hobbyist with over 15 years in Information Technology and 10years focused on developing defensive and offensive teams, privately and collegiately. He also is Captain in the US Army National Guard and previously a Cyber Network Defense Manager for a US Army National Guard Cyber Protection Team. In his spare time Nico Smith volunteers 30hrs a month to mentor and support college and high school students interested in entering the cyber career field. He also created the only functioning cyber challenge coin in the DOD. He also created the BIC Village Badge for DEFCON29. He has committed to improving cybersecurity and changing the way cyber is understood, leveraged, and cultivated.
Twitter: @nicolaismith1

Description:
The talk 40 Cores and a CPU will speak to the importance of participating in the cybersecurity field at every level for Black Technologists. I will demonstrate the benefits and struggles that can be both met and overcome through owning physical infrastructure and providing services to the community, with this question in mind: “If the goal is to own and secure your data, wouldn’t be easier if you owned the IP’s and the Bare Metal Infrastructure that supports it?” While the scale will always be dwarfed by larger companies that are Cloud Service Providers, the capabilities to grow and develop at a grassroots level, future engineers, and cybersecurity professionals of color is much easier, which in turn prepares better candidates for larger enterprises. This talk should start the discussion, is it possible for the black community to own spaces of the internet from the BareMetal to the code on the front-end server? And what economic impact would that have, or would it become a security issue, a new cyber target ?

Blacks in Cyber talks will be streamed on YouTube.

YouTube: https://www.youtube.com/c/BlacksInCybersecurity

Return to Index - Add to

- ics Calendar file

BHV - Saturday - 16:45-16:59 PDT

Title: A Cohort of Pirate Ships
When: Saturday, Aug 7, 16:45 - 16:59 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Alex Pearlman , Science and Health Policy + Emerging Issues in Bioethics
No BIO available

Description:
A presentation on our newly published research on ethics attitudes and preferences in biomedical citizen science, biohacker, and community bio groups. As biomedical citizen science initiatives become more prevalent, the unique ethical issues that they raise are attracting policy attention. One issue identified as a significant concern is the ethical oversight of bottom-up biomedical citizen science projects that are designed and executed primarily or solely by members of the public. That is because the federal rules that require ethical oversight of research by institutional review boards generally do not apply to such projects, creating what has been called an ethics gap. Working to close this gap, practitioners and scholars have considered new mechanisms of ethical oversight for biomedical citizen science. To date, however, participants’ attitudes about ethics and oversight preferences have not been systematically examined. This information is useful to efforts to develop ethical oversight mechanisms because it provides a basis for evaluating the likely effectiveness of specific features of such mechanisms and their acceptability from the perspective of biomedical citizen scientists. Here, we report data from qualitative interviews with 35 stakeholders (some from BHV!) in bottom-up biomedical citizen science about their general ethics attitudes and preferences regarding ethical oversight. Interviewees described ten ethical priorities and endorsed oversight mechanisms that are voluntary, community-driven, and offer guidance. Conversely, interviewees rejected mechanisms that are mandatory, hierarchical, and inflexible. Applying these findings, we conclude that expert consultation and community review models appear to align well with ethical priorities and oversight preferences of many biomedical citizen scientists, although local conditions should guide the development and use of mechanisms in specific communities.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

Return to Index - Add to

- ics Calendar file

APV - Saturday - 15:00-15:45 PDT

Title: A Deep Dive Into Supply Chain Vulnerabilities: And How SecDevOps Can Save the Day
When: Saturday, Aug 7, 15:00 - 15:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Adam Schaal
No BIO available

Description:
These are dangerous times. From left-pad to event-stream to the Node Security Platform shutdown - nowhere are supply chain vulnerabilities more prevalent than modern-day javascript applications. Join us as we discuss how investing in the DevOps cycle now can help save your assets in the long run.

AppSec Village events will be streamed to YouTube.

Return to Index - Add to

- ics Calendar file

HHV - Saturday - 12:00-12:59 PDT

Title: A Lazy r2 Solve of @mediumrehr Challenge 6
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Hardware Hacking Village (Virtual Talk)

SpeakerBio:Ben Gardiner
Mr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure heavy vehicles at the NMFTA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior YFS Inc. and joining the NMFTA team in 2019, Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer.
Twitter: @BenLGardiner

Description:
Join Ben for an informal let’s play of @mediumrehr’s Hardware Hacking Village challenge 6. Some topics we will cover include: radare2 , AVR assembly, 7 segment displays, and sigrok. It should be fun and relaxed with plenty of time to stop and re-do some steps if something needs more deliberation. See you there.

#hhv-challenge-text https://discord.com/channels/708208267699945503/739567199647301702

Hardware Hacking Village talks will be streamed to Twitch.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Shir%20Tamari%20Ami%20Luttwak%20-%20A%20new%20class%20of%20DNS%20vulnerabilities%20affecting%20many%20DNS-as-Service%20platforms.mp4

Return to Index - Add to

- ics Calendar file

DC - Saturday - 12:30-12:50 PDT

Title: A new class of DNS vulnerabilities affecting many DNS-as-Service platforms
When: Saturday, Aug 7, 12:30 - 12:50 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
Speakers:Ami Luttwak,Shir Tamari

SpeakerBio:Ami Luttwak
Ami Luttwak is a serial entrepreneur, an experienced cyber security CTO and a hacker by heart. Mainly interested in cloud security and cloud exploits, understanding how the cloud is built to uncover its weaknesses. Currently CTO of Wiz, the fastest growing unicorn in cloud security, prior to that led research as CTO of Microsoft cloud security and prior to that founded Adallom, a pioneering cloud security startup acquired by Microsoft in 2015.
Twitter: @amiluttwak

SpeakerBio:Shir Tamari
Shir Tamari is a security and technology researcher, specializing in vulnerability research and practical hacking. Works as Head of Research at the cloud security company Wiz. In the past, he served in the Israeli intelligence unit, and in recent years has led a variety of research and security products in the industry. Shir's interests include Android, Linux Kernel, Web hacking and Blockchain.
Twitter: @shirtamari

Description:
We present a novel class of DNS vulnerabilities that affects multiple DNS-as-a-Service (DNSaaS) providers. The vulnerabilities have been proven and successfully exploited on three major cloud providers including AWS Route 53 and may affect many others. Successful exploitation of the vulnerabilities may allow exfiltration of sensitive information from service customers' corporate networks. The leaked information contains internal and external IP addresses, computer names, and sometimes NTLM hashes. The number of organizations vulnerable to this weakness is shocking. Over a few hours of DNS sniffing, we received sensitive information carried by DNS update queries from ~1M Windows endpoints from around 15,000 potentially vulnerable companies, including 15 Fortune 500 companies. In some organizations, there were more than 20,000 endpoints that actively leaked their information out of the organization. We will review possible mitigations to this problem and solutions for both DNSaaS providers and managed networks.

REFERENCES: I. Microsoft Windows DNS Update algorithm explained - https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003 II. An excellent blog post by Matthew Bryant on hijacking DNS Updates abusing a dangling domain issue on Guatemala State's Top Level Domain - https://thehackerblog.com/hacking-guatemalas-dns-spying-on-active-directory-users-by-exploiting-a-tld-misconfiguration/

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=72uzIZPyVjI

This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Sagi%20Sheinfeld%20Eyal%20Karni%20Yaron%20Zinar%20-%20Using%20Machine-in-the-Middle%20to%20Attack%20Active%20Directory%20Authentication%20Schemes.mp4

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 09:00-17:59 PDT

Title: A-ISAC CTF -- Pre-registration Required
When: Saturday, Aug 7, 09:00 - 17:59 PDT
Where: Aerospace Village (Virtual CTF)

Description:
A-ISAC, ERAU with support from IntelliGenesis (CybatiWorks)

Day 1: Aug. 6th, 2021 9:00AM – 6:00PM PDT (UTC-7) Day 2: Aug. 7th, 2021 9:00AM – 6:00PM PDT (UTC-7)

Registration available at https://aisac.cyberskyline.com/defcon

Aviation ISAC is hosting a competition at DC29 Aerospace Village! This competition represents a simulated airport hosted on the Cyber Skyline platform and is developed by the Department of Cyber Intelligence and Security at Embry-Riddle Aeronautical University (Prescott) and Matthew E. Luallen, Chief Executive Inventor at CybatiWorks powered by IntelliGenesis. The ethical design of the competition is achieved through investigative themes that provides a focus in blue team while still offering red team aspects.

Storyline for CTF: On 8/6, an employee from ERAU Airline noticed a USB stick inside one of their kiosks. After further investigation, airport security suspects someone is carrying out an attack against the airport. You have been brought in to retrace the steps of the attackers, determine where security needs to be hardened, regain control of compromised systems, and prevent a successful attack at the airport. Identify the criminals by retracing their steps and utilizing OSINT to identify which suspects need to be arrested. Investigators have not ruled out insider threats which means you must remain undetected by airport staff while you attempt to regain control of the airport’s infrastructure. Good Luck and remember to register ahead of time!

CybatiWorks part of the CTF Stage 7: Runway Lighting System: The Runway Lighting System (RLS) was taken over by the attackers and the lights are operating erratically. Identify what the attackers have changed causing the RLS HMI systems to work improperly and regain access to the remote logic controller operating the runway lights. Update the logic on the HMI system, regain control of the remote logic controller and successfully operate the RLS.

Architecture Design: The competitors are provided with a CybatiWorks custom docker image that they use to gain access to the operator and maintenance HMI logic. The competitors will review and update the logic to match the documentation provided in stage 4. Once the local components are successfully completed the competitors will request access to the remote RLS logic controller (i.e. a Raspberry PI with a 3d printed/LED runway lighting system accessible via a VPN). The competitors will complete additional challenges to confirm the logic program and then remotely control the RLS. All remote RLS stations will be visible

Return to Index - Add to

- ics Calendar file

SOC - Saturday - 13:00-23:59 PDT

Title: A&E Pool Party!
When: Saturday, Aug 7, 13:00 - 23:59 PDT
Where: Bally's Pool

Description:
Pool Party Schedule is listed here: https://forum.defcon.org/node/238025

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 10:00-15:59 PDT

Title: ADSB Demo and Paper Airplanes
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Paris Rivoli B)

Description:
Interactive ADS-B demonstration and paper airplane activity. Educational and fun

Return to Index - Add to

- ics Calendar file

WS - Saturday - 15:00-18:59 PDT

Title: Advanced Wireless Attacks Against Enterprise Networks
When: Saturday, Aug 7, 15:00 - 18:59 PDT
Where: Workshops - Las Vegas 5+6 (Onsite Only)

SpeakerBio:Solstice , Offensive Security Engineer
Solstice is an offensive security engineer at a major cloud provider. He currently specializes in kinetic threats, identifying attack vectors against "edge" devices deployed in hostile environments. Previously, he worked as a red team operator at companies such as SpecterOps, specializing in SIGINT and Windows-focused adversarial tradecraft. He is the author of EAPHammer, SilentBridge, DropEngine, and has contributed to high-profile projects such as hostapd-wpe and Empire.

Description:
This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks using relay attacks, how to abuse MSCHAPv2 and GTC to efficiently capture network credentials, perform effective target selection with zero prior knowledge, leverage rogue access point attacks to deliver malware and harvest keystrokes, and abuse Opportunistic Wireless Encryption (OWE) to perform PITM attacks. All material discussed in the lectures will be practiced within a realistic lab environment.

Registration Link: https://www.eventbrite.com/e/advanced-wireless-attacks-against-enterprise-networks-las-vegas-5-6-tickets-162214769743

Prerequisites: A previous wireless security background is helpful but certainly not required.

Materials needed:
- Students will be required to provide their own laptops, which must meet the following requirements:

must be capable of running virtualization software such as VMWare or VirtualBox
must have at least 100gb of free disk space OR have a free USB port and supplementary external hard drive with at least 100gb of free disk space available
must be provisioned with a 64-bit operating system

Corporate / managed laptops are not recommended due to software restrictions.

Return to Index - Add to

- ics Calendar file

DC - Saturday - 16:00-16:59 PDT

Title: Adventures in MitM-land: Using Machine-in-the-Middle to Attack Active Directory Authentication Schemes
When: Saturday, Aug 7, 16:00 - 16:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
Speakers:Eyal Karni,Sagi Sheinfeld,Yaron Zinar

SpeakerBio:Eyal Karni
Eyal Karni is a Sr. Engineer at CrowdStrike working on Identity Protection products (previously Preempt). Eyal spent over 11 years researching cyber security projects. Previously, he served 5 years in an elite unit of the IDF in Cyber Security Research and Development. Eyal is an expert on Windows Internals and has previously found numerous vulnerabilities. Eyal holds a B.Sc in Mathematics and Physics.
Twitter: @eyal_karni

SpeakerBio:Sagi Sheinfeld
Sagi Sheinfeld is a Sr. Engineer at CrowdStrike working on Identity Protection products (previously Preempt). Sagi spent over 14 years researching cyber security projects. Previously, he served 8 years in an elite unit of the IDF in Cyber Security Research and Development and in IBM Security. Sagi is an expert on Windows internals. Sagi holds a B.Sc in Computer Science.
Twitter: @sagish1233

SpeakerBio:Yaron Zinar
Yaron Zinar is a Sr. Manager at CrowdStrike working on Identity Protection products (previously Preempt). Previously, Yaron spent over 16 years at leading companies such as Google where he held various positions researching and leading big data, machine learning and cyber security projects. Yaron is an expert on Windows Authentication protocols and has previously presented his research at top conferences such as Black Hat and DEFCON. Yaron holds an M.Sc. in Computer Science with focus on statistical analysis.
Twitter: @YaronZi

Description:
Over the years, researchers were able to break many secure protocols using MitM attacks. A common theme in this family of vulnerabilities is the lack of proper validation for any of the communicating parties. We will review previous MitM attacks found on AD authentication protocols and the mitigation strategies previously implemented. We will show that the relay attack technique is not limited to NTLM alone and can be used to attack the newer Kerberos authentication protocol. In addition, we will show several injection attacks compromising client systems. We’ll show how the lack of validation can lead to devastating issues ranging from authentication bypass to remote code execution on various critical infrastructure systems. However, the issues do not stop on Windows on-premises networks but span to other infrastructure such as domain-joined unix machines, virtualization infrastructure, open-source security audit tools and even cloud directories. The talk will deep-dive into multiple vulnerabilities we have discovered along with several demos. Demos include a MitM attack which allows an attacker to inject user passwords in a hybrid AD environment allowing the attacker to authenticate as any user in the network. We will also show how to use a similar technique to compromise many other IT infrastructure.

REFERENCES: https://www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/ https://labs.f-secure.com/archive/practically-exploiting-ms15-014-and-ms15-011/ https://www.securityfocus.com/bid/1616/info

This talk has been released to the DEF CON Media server.

This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

RCV - Saturday - 10:00-10:30 PDT

Title: Adversary Infrastructure Tracking with Mihari
When: Saturday, Aug 7, 10:00 - 10:30 PDT
Where: Recon Village (Virtual)

SpeakerBio:Manabu Niseki
No BIO available
Twitter: @ninoseki

Description:No Description available

Recon Village talks will stream to YouTube.

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 11:30-12:59 PDT

Title: AIAA CubeSat Hacking Workshop - Virtual Lab #3
When: Saturday, Aug 7, 11:30 - 12:59 PDT
Where: See Description

Description:
DEF CON participants will be able to interact with CubeSat hardware and ground equipment in cybersecurity sandbox environment.

For more information, please see https://aerospacevillage.org/events/upcoming-events/def-con-29/aiaa-cubesat-hacking-workshop/

Return to Index - Add to

Title: Analysis 101 and 102 for the Incident Responder
When: Saturday, Aug 7, 15:00 - 18:59 PDT
Where: Workshops - Las Vegas 1+2 (Onsite Only)

SpeakerBio:Kristy Westphal , Vice President, Security Operations
Kristy Westphal is a versatile information technology professional with specific experience in providing advisory and management services in the area of information security and risk is currently employed as the Vice President, Security Operations at a financial services company. Specializing in leadership and program development, specific expertise in security areas includes: process analysis, risk assessments, security awareness programs, operating system security, network security, incident handling, vulnerability analysis and policy development.

Description:
You have a theory about something you have found while roaming the network or conducting your own hackfest, but how do you go about proving it? This workshop will be a hands-on journey deep into the world of analysis. While analysis is a bit of an art form, there are methods that can be applied to make it less of a gut feeling and more of a scientific approach to support your hypothesis. From network forensics to log analysis to endpoint forensics and cloud log analysis, we will review numerous quick methods to gain context over the data you have gathered and apply critical thinking in an attempt to find the answers. Sometimes, the answers weren’t meant to be found, but we’ll also discuss how to make the best of any conclusion that you reach.

Registration Link: https://www.eventbrite.com/e/analysis-101-and-102-for-the-incident-responder-las-vegas-1-2-tickets-162220226063

Prerequisites: None

Materials needed:
Laptop with Wireshark installed

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 10:00-15:59 PDT

Title: Antenny
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Virtual Workshop)

Description:
Come together to build on Antenny boards. Make things that can talk to the sky with very very very affordable hardware. What becomes possible when we have 1000 ground stations? I have a few ideas, I’m sure participants will have many others. Let’s build it and find out together!

Return to Index - Add to

- ics Calendar file

APV - Saturday - 17:45-17:50 PDT

Title: AppSec Quiz Time!
When: Saturday, Aug 7, 17:45 - 17:50 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Eden Stroet
No BIO available

Description:No Description available

AppSec Village events will be streamed to YouTube.

Return to Index - Add to

- ics Calendar file

PHV - Saturday - 09:00-10:59 PDT

Title: APT Hunting with Splunk
When: Saturday, Aug 7, 09:00 - 10:59 PDT
Where: Packet Hacking Village - Workshops (Virtual)

SpeakerBio:John Stoner , PRINCIPAL SECURITY STRATEGIST AT SPLUNK
John Stoner (Twitter: @stonerpsu) is a Principal Security Strategist at Splunk where he enjoys writing, problem solving and building stuff, including APT Scenarios. When not doing cyber things, you can find him watching his boys play hockey, reading or binge-watching TV series that everyone else has already seen.
Twitter: @stonerpsu

Description:
Interested in practicing your hunting skills? If so, this is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the “fictional” APT group Violent Memmes. We discuss the Diamond model, building hypotheses, LM Kill Chain, and MITRE ATT&CK and how these concepts can frame your hunting. Using Splunk, we will hunt for APT activity riddling a small startup's environment. During the event, we will be presented with a "notable event" and pull on that string to conduct our own hunts based on indicators that we uncover or are identified. Depending on the hunt, we will uncover persistence, exfiltration, c2 and other adversary tactics. We may even find some PowerShell scripts. We will regroup and review the specific hunt conducted and discuss the timeline of events, a narrative that could be shared with others on your team, the artifacts that were uncovered to better identify potential future hunts, ATT&CK techniques referenced as well as what could be operationalized. At the end, we will highlight some additional datasets and content that you can take with you and try newly learned techniques yourself.

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 10:00-15:59 PDT

Title: ARINC 429 Lab
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Virtual + Paris Rivoli B)

Description:
Sessions will be held for small audience 15-20 users to demonstrate the structure and use of avionic-specific communication protocol (ARINC 429). This is an opportunity for hands-on experience in a controlled setting.

Return to Index - Add to

- ics Calendar file

CLV - Saturday - 11:30-12:15 PDT

Title: AWS cloud attack vectors and security controls
When: Saturday, Aug 7, 11:30 - 12:15 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Kavisha Sheth
Kavisha is a Security Analyst at Appsecco. She is a cloud security and machine learning enthusiast who dabbles in application and API security and is passionate about helping customers in securing their IT assets. Kavisha is a member of a number of security communities including null community, InfoSecGirls, and WiCys India group. She believes in giving back to the community and frequently finds audiences to talk about Attacking GraphQL, different techniques to bypass authentication and Attacking AWS. When not breaking apps for Appsecco, Kavisha spends time learning and researching on different areas of security . She has also been listed as one of the top security researchers of the nation by NCIIPC RVDP.
Twitter: @sheth_kavisha

Description:
In the last decade, cloud computing has been incorporated in various industries, from Health to Military, which has been meticulously guided by exploring related technologies in the industry and academia alike. The enterprise computing model have shifted from on-site infrastructure to remote data centers which is accessible via internet and managed by cloud service providers.However, Many companies breached on AWS moved sensitive data to AWS without following best practices or implementing cloud security controls correctly. Main objective of the session is to bring awareness about some of the AWS cloud attack vectors and as well as security controls that can help. You get to know discovery, identification and exploitation of security weaknesses, misconfigurations lead to complete compromise of the cloud infrastructure. As,Cloud attack vectors and security controls are different as security professional you need to be aware about attack vector and controls. So, you will also learn about what can be possible best practices, detective controls to avoid some of the misconfigurations. In this session: - Learn about how an attacker can perform reconnaissance, leverage network, AWS Lambda functions, S3 misconfiguration and implementation in weaknesses to steal credentials and data. - Learn how misconfigurations and other leading cloud vulnerabilities put you at risk to exploitation with some real world example - Learn about Security controls, possible best practices, detective controls to avoid these misconfigurations

Cloud Village activities will be streamed to YouTube.

Return to Index - Add to

- ics Calendar file

CLV - Saturday - 13:50-14:35 PDT

Title: Azure Active Directory Hacking Wars
When: Saturday, Aug 7, 13:50 - 14:35 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Batuhan Sancak
Hello Cloud Village. I'm Batuhan (@nullx3d). He is a cyber security researcher. He's living Turkey and studying Management Information Systems at university. He's 21 age years old. He feel like he belong in cyberspace. Web Application Security, Linux structure is very attractive for he. He work on virtual machines, live web systems and on new technology(cloud security). Batuhan gave trainings and presentations in many universities in his country. He shares his experiences and works on his personal blog (docs.rka0x.com). If you accept he for defcon cloud village, he will very happy. This is he dream. he hopes you like the CFP.
Twitter: @nullx3d

Description:
Abstract Azure is one of the most popular cloud services today. It has 15.4 million customers worldwide. 95% of Fortune 500 companies use Azure. If you look at it from the hacker point of view, that's perfect. Is Azure completely secure? No! No system is completely secure. It would be good to talk about Azure and talk about attack techniques. Check out the attack vectors. The results obtained by comparing attack vectors and defense vectors will be beneficial for everyone. In this presentation, I would like to talk about Azure Active Directory technology and attack vectors. I wrote the titles for you to review. Outline

Azure Ad Overview Roles, terminology
Understand Active directory with azure
Azure AD security features Attacking
Azure Ad (Techniques)
- Unauth Recon
- Password Sniper
- MsOnline Powershell Module
- PHS
- Backdoor Azure
- SSO
- Spn scanning
- DcShadow Attack
- Group Policy, etc.
Defense Azure Ad Suggestions

Cloud Village activities will be streamed to YouTube.

Return to Index - Add to

- ics Calendar file

IOTV - Saturday - 10:00-18:30 PDT

Title: Black Box Challenges
When: Saturday, Aug 7, 10:00 - 18:30 PDT
Where: IoT Village (Onsite)

Description:
For more information, see https://www.iotvillage.org/defcon.html

Return to Index - Add to

- ics Calendar file

BICV - Saturday - 10:30-10:30 PDT

Title: Black Cyber Exodus: The Mis-Education (Certification) of Black Cyber
When: Saturday, Aug 7, 10:30 - 10:30 PDT
Where: Blacks in Cyber

SpeakerBio:Stephen Pullum
Stephen Pullum is a Cyber Security Evangelist and Pioneer. Stephen is an entrepreneur in Accra, Ghana to his company AFRICURITY. This company brings best practices in multiple lanes of Cybersecurity, Cyber Education, Cyber Resiliency and Cyber Scalability both corporate and individual. Stephen has over 40 years in the Cybersecurity field, having began in the early '80's with the handle 'The Madhatter'. Stephen is also recognized as an Alumni of the Cult of the Dead Cow (cDc). Stephen served in the United States Air Force from 1984 to 2012, and has a unique perspective of the Cybersecurity field as he has been participating in both the culture and the proffession since it's infancy.
Twitter: @The Madhatter

Description:
In this talk I will analyze the pipeline between many Black Cyber Practitioners that were never credited or brought to the forefront and the certification plans/materials being developed for the progression of the holistic industry, as well as discuss the premise; "How much of their non-profit revenue is being invested into the Black Community which they cleverly so snared into the premise of being qualified to do a job."

In1982, CompTIA was started under another name, yet still CompTIA. In 1989, SANS/GIAC was started and in 1992, ISC2 released the CBK that would 2 years later become the CISSP. In 2001, the EC Council formed in response to the attacks on the World Trade Center. Before these so-called cybersecurity certifications, how did the founders and instructors get certified to even instruct or create these organizations? Materials such as the Rainbow Books Series were the mainstay in the Trust Computing Model environment that are still being implemented today, just rebranded. These institutions implemented disproportionate programs when they gained traction and Cyber specific programs became profitable without giving up their "non-profit" status.

Blacks in Cyber talks will be streamed on YouTube.

YouTube: https://www.youtube.com/c/BlacksInCybersecurity

Return to Index - Add to

- ics Calendar file

CPV - Saturday - 11:30-12:30 PDT

Title: Breaking Historical Ciphers with Modern Algorithms
When: Saturday, Aug 7, 11:30 - 12:30 PDT
Where: Crypto & Privacy Village (Virtual)
Speakers:Elonka Dunin,Klaus Schmeh

SpeakerBio:Elonka Dunin
Elonka Dunin is co-founder of a group working to crack the Kryptos sculpture at CIA Headquarters, and a member of the National Cryptologic Foundation’s Board of Directors. Bestselling author Dan Brown named a character after her in one of his novels. She maintains popular websites about the world's most famous unsolved codes, and her publications include the book with Klaus Schmeh, "Codebreaking: A Practical Guide”, as well as a Cryptologia paper on Playfair cipher world records. She has also developed award-winning games at companies such as Simutronics.

SpeakerBio:Klaus Schmeh
Klaus Schmeh is the most-published cryptology author in the world. He has written 15 books about the subject, as well as over 200 articles, 25 scientific papers, and 1,400 blog posts. His blog "Cipherbrain" covers codebreaking and crypto history, and he is a member of the editorial board of the scientific magazine Cryptologia. He co-published his latest book "Codebreaking: A Practical Guide" with Elonka Dunin. He is known for his entertaining presentation style involving self-drawn cartoons and Lego models, and he has lectured at hundreds of conferences, including the NSA Cryptologic History Symposium and the RSA Conference. In his day job, Klaus works for a German cryptology company.

Description:
Many old encryption methods are still hard to break today. For instance, cryptanalyzing a short 19th century Playfair cipher is far from trivial. WW2 Enigma messages, spy ciphers from the Cold War, and manual methods used by criminals such as the Zodiac Killer can also be challenging, especially when the ciphertexts are short. On the other hand, techniques for breaking historical ciphers have recently made considerable progress. Computer-based cryptanalysis methods such as hill climbing and simulated annealing have been successfully applied to break original WWII Enigma messages, as well as one of the world's most famous unsolved codes, a 1970 ciphertext sent by the Zodiac Killer. The record in solving short Playfair messages has improved: whereas many years ago the shortest Playfair ciphertext that could be cracked required a minimum of 60 letters, now messages as short as 26 letters have been solved. However, many other historical ciphertexts are still unbroken to date. This presentation will introduce the most important historical ciphers, and modern techniques to break them - based on the 2020 book "Codebreaking: A Practical Guide" authored by the presenters. Many real-world examples will be provided, with slides that use an entertaining style including Lego brick models, self-drawn cartoons, and animations.

Crypto & Privacy Village will be streaming their events to YouTube and Twitch.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Christopher%20Wade%20-%20Breaking%20Secure%20Bootloaders.mp4

Return to Index - Add to

- ics Calendar file

DC - Saturday - 15:00-15:59 PDT

Title: Breaking Secure Bootloaders
When: Saturday, Aug 7, 15:00 - 15:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded

SpeakerBio:Christopher Wade
Christopher is a seasoned security researcher and consultant. His main focuses are in reverse engineering hardware, fingerprinting USB vulnerabilities and playing with Software Defined Radios, with his key strength lying in firmware analysis, which he utilizes as part of the hardware testing team at Pen Test Partners.
Twitter: @Iskuri1
https://github.com/Iskuri

Description:
Bootloaders often use signature verification mechanisms in order to protect a device from executing malicious software. This talk aims to outline actionable weaknesses in modern bootloaders which allow attackers to deploy unsigned code, despite these protection mechanisms.

In the first phase of this talk, we will discuss exploitation of the bootloaders in modern Android smartphones, demonstrating weaknesses which allow for bypassing bootloader unlocking restrictions, decryption of protected user data, and deployment of malicious software to devices using full disk encryption.

In the second phase, we will discuss bootloader weaknesses in the secondary hardware used by smartphones. Using an embedded RF chip as a target, we will demonstrate reverse engineering techniques which identified weaknesses in the signature verification mechanisms of the firmware update protocols used by the bootloader, allowing for deployment of custom firmware to the chip.

REFERENCES: Travis Goodspeed - Great Ideas in Reversing the Tytera MD380: https://nullcon.net/website/archives/ppt/goa-16/Great-Ideas-in-Reversing-the-Tytera-MD380-by-Travis-Goodspeed.pdf Roee Hay - fastboot oem vuln: Android Bootloader Vulnerabilities in Vendor Customizations: https://www.usenix.org/system/files/conference/woot17/woot17-paper-hay.pdf

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=z4gIxdFfJDg

This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Jacob%20Baines%20-%20Bring%20Your%20Own%20Print%20Driver%20Vulnerability.mp4

Return to Index - Add to

- ics Calendar file

DC - Saturday - 12:00-12:59 PDT

Title: Bring Your Own Print Driver Vulnerability
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded

SpeakerBio:Jacob Baines
Jacob is a vulnerability researcher at Dragos. He enjoys focusing much of his research time on routers and other embedded devices. Occasionally, he finds himself looking at Windows internals. Sometimes he even finds vulnerabilities.

Description:
What can you do, as an attacker, when you find yourself as a low privileged Windows user with no path to SYSTEM? Install a vulnerable print driver! In this talk, you'll learn how to introduce vulnerable print drivers to a fully patched system. Then, using three examples, you'll learn how to use the vulnerable drivers to escalate to SYSTEM.

REFERENCES: - Yarden Shafir and Alex Ionescu, PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more) - https://windows-internals.com/printdemon-cve-2020-1048/ - voidsec, CVE-2020-1337 – PrintDemon is dead, long live PrintDemon! - https://voidsec.com/cve-2020-1337-printdemon-is-dead-long-live-printdemon/ - Zhipeng Huo and Chuanda Ding, Evil Printer: How to Hack Windows Machines with Printing Protocol - https://media.defcon.org/DEF CON 28/DEF CON Safe Mode presentations/DEF CON Safe Mode - Zhipeng-Huo and Chuanda-Ding - Evil Printer How to Hack Windows Machines with Printing Protocol.pdf - Pentagrid AG, Local Privilege Escalation in many Ricoh Printer Drivers for Windows (CVE-2019-19363) - https://www.pentagrid.ch/en/blog/local-privilege-escalation-in-ricoh-printer-drivers-for-windows-cve-2019-19363/ - space-r7, Add module for CVE-2019-19363 - https://github.com/rapid7/metasploit-framework/pull/12906 - Microsoft, Point and Print with Packages - https://docs.microsoft.com/en-us/windows-hardware/drivers/print/point-and-print-with-packages - Microsoft, Driver Store - https://docs.microsoft.com/en-us/windows-hardware/drivers/install/driver-store - Microsoft, Printer INF Files - https://docs.microsoft.com/en-us/windows-hardware/drivers/print/printer-inf-files - Microsoft, Use Group Policy settings to control printers in Active Directory - https://docs.microsoft.com/en-us/troubleshoot/windows-server/printing/use-group-policy-to-control-ad-printer

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=vdesswZYz-8

This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

BTV - Saturday - 14:00-15:30 PDT

Title: BTV Presents: Forensics Station - Workshop 1
When: Saturday, Aug 7, 14:00 - 15:30 PDT
Where: Blue Team Village - Workshop Track 2 (Virtual)

SpeakerBio:Omenscan
I do stuff. Sometimes it works.

Description:
Forensics Station - Workshop 1
A walkthrough of triaging "compromised" Capstone servers.

In this workshop we will walk through a quick forensic triage of the "compromised" BTV Capstone servers.

Capstone is a Blue Team Village initiative to build and attack servers (and workstations) in a controlled environment, using common attacker techniques and tools in a safe way. We then use common Blue Team defender tools to gather information and review those machines, in order to train defenders on detecting, handling, and understanding common attacks.

This is the forensics workshop, and it will cover forensic triage. It's goal is to quickly answer some basic questions like:

Did Something Happen?
If So, When Did it Happen?
What Artifacts Can Help Us?
What Forensic Tools Can Help Us?
What Should We Look at Next?

The Capstone Project will provide the Telemetry and Artifacts to the community so they can use their own tools to explore the data and share findings. We encourage everyone at every level to participate and share findings - so everyone can learn and collaborate.

Return to Index - Add to

- ics Calendar file

BTV - Saturday - 11:00-12:30 PDT

Title: BTV Presents: Malware Station - Maldoc Workshop
When: Saturday, Aug 7, 11:00 - 12:30 PDT
Where: Blue Team Village - Workshop Track 2 (Virtual)

SpeakerBio:Clay (ttheveii0x)
Clay is a cyber threat intelligence and malware analysis manager at a consulting company.
Twitter: @ttheveii0x

Description:
This workshop covers an overview of maldoc analysis, a demo, and a hands-on section that takes a deep dive into a malicious Excel document. VM, artifact, and guide will be available for attendees to download and follow along. Breaks will be taken after each section to give attendees time to work through the section and ask questions.

Attendees will be exposed to a number of different tools including...

REMnux
DnSpy
oletools
CyberChef
xlmdeobfuscator
shell2exe
EXCELntDonut
Invoke-Obfuscation

Target audience

SOC analysts
Forensic investigators and junior malware analysts Red team/pen testers
Anyone interested in the topic

Return to Index - Add to

- ics Calendar file

WS - Saturday - 10:00-13:59 PDT

Title: Bug bounty Hunting Workshop
When: Saturday, Aug 7, 10:00 - 13:59 PDT
Where: Workshops - Las Vegas 1+2 (Onsite Only)
Speakers:David Patten,Philippe Delteil

SpeakerBio:David Patten
No BIO available

SpeakerBio:Philippe Delteil , Computer Science Engineer
Philippe Delteil is Computer Science Engineer from the University of Chile, he gave his first talk at Defcon 26 Skytalks, called "Macabre stories of a hacker in the public health sector", his country's government sent 3 officials to record the talk, they did. He's been reporting bugs for a year. He's an annoying github issue opener of some opensource tools like axiom, nuclei, dalfox and bbrf; also makes small contributions to 'Can I take Over XYZ?'

Description:
Bug bounty hunting is (probably) the most hype topic in the hacking subworld, some people read amazing stories of how a 18 years old won 1 million dollars only doing legal hacking. Many hit a wall when they realize that after two months they only won points, thanks or cheap swag. Where's the money?, they ask. What should I learn and how? How many books should I read? How many minutes of Youtube tutorials? What if I lose some weight? [always recommended] How can I be the next bug bounty millionare? In this workshop I will show you a path to be a bug bounty hunter, from my experience starting by chance and from scratch. I will teach you how to use the tools I use everyday to find bugs, but most importantly how to see bug bounty hunting as a complex business process .

What to know before
- Basic idea of bugs (and bounty hunting) - Basic Linux commands (sed, awk, grep) - Shell scripting basics
- Have some practice doing recon

What you will learn
- How bug bounty programs/platforms work - What tools hunters use and how do they work - How to hunt for bugs (hopefully for profit) - Automatization of your hunting process

How technical is the class
- 30% theory and concepts
- 70% Installing, configuring and using tools to find bugs. Send some reports if we are lucky.

What tools are we going to use
- Scanners/automated tools: nuclei, axiom, bbrf, dalfox, Burp. - Recon tools (subfinder, amass, assetfinder, waybackurls, httpx and more)

What to read/watch in advance
- Books

The Web Application Hacker's Handbook, 2nd Edition
Hands-On Bug Hunting for Penetration Testers (Joseph E. Marshall)
Web Hacking 101 (Peter Yaworski) - Videos
Live Recon and Distributed Recon Automation Using Axiom with @pry0cc (https://bit.ly/3gPsonz) The Bug Hunter's Methodology Full 2-hour Training by Jason Haddix (https://bit.ly/2PzHUsr)
Finding Your First Bug: Choosing Your Target by InsiderPhD (https://bit.ly/3uiF3n7)
HOW TO GET STARTED IN BUG BOUNTY (9x PRO TIPS) by STÖK (https://bit.ly/3u81U4m)

Registration Link: https://www.eventbrite.com/e/bug-bounty-hunting-workshop-tickets-162219297285

Prerequisites: Basic knowledge about Bug bounty programs Basic Linux Commands

Materials needed:
Laptop with Kali Linux (native or virtual machine).

Return to Index - Add to

- ics Calendar file

CHV - Saturday - 14:00-14:59 PDT

Title: Build Automotive Gateways with Ease
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: Car Hacking Village - Talks (Virtual)

SpeakerBio:Don Hatfield
No BIO available

Description:
Vehicle network architectures within modern vehicles have been transformed by the introduction of automotive gateways. These gateways enable seamless communication between different vehicle networks and are central to the success of modern architectures. In this presentation, we are going to cover some of the challenges that automotive engineers face when tasked with converting data between old and new network protocols. We’ll also detail how this process is made much easier.

This talk will stream on YouTube.

YouTube: https://www.youtube.com/watch?v=3elYcORppls

Return to Index - Add to

- ics Calendar file

AVV - Saturday - 17:15-18:15 PDT

Title: C2Centipede: APT level C2 communications for common reverse HTTP shell tools
When: Saturday, Aug 7, 17:15 - 18:15 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Jose Garduno , Senior Security Consultant, Dreamlab Technologies AG
José Garduño is a senior security consultant at Dreamlab Technologies since 2014, where he usually takes part in security audits, pentesting and red teaming engagements. He has participated as a speaker in several technical conferences like: Hackito Ergo Sum (France), Swiss Cybersecurity days (Switzerland), DSS ITSEC (Latvia), 8.8 Security Conference (Chile, Bolivia), OWASP Patagonia (Argentina), Congreso Seguridad en Computo UNAM (Mexico), DragonJar Security Conference (Colombia), where he has presented his work on privacy attacks on Latin-America (The government as your hacking partner), Hacking with open hardware platforms (revisiting hardware keyloggers, say hi to mikey: an offensive hardware keylogger) and C2 detection (RATSPOTTING: Analysis of popular Remote Administration Tools & discovery of C2 servers on the wild)

Description:
Adversaries have been continuously improving their malware to be stealthier and more resilient on both the victim’s host as well as on the network.Examples of these innovations on the latter include Fast Flux networks, Domain Generation Algorithms and Domain Fronting among other techniques.

Unfortunately, open source tools for threat emulation currently have limited support for such advanced features, leaving redteams with easy to detect C2 communications. We present C2Centipede, a proxy tool that provides these features to HTTP reverse shell tools (like Metasploit or Empire) to be stealthier on the network by dynamically and transparently modifying the trojan’s C2 communication routing and beaconing strategies, with the aim of evading some of the blueteam’s detection strategies.

BEACONING EVASION

Detection of HTTP reverse shell beaconing activity is possible because most of the patterns on which malware sends the beacons through the network can be identified as they occur in static time intervals or are adjusted in specific increments, attributes which are possible to detect using statistical analysis.[1]

For instance, Metasploit’s reverse_http meterpreter sends a message to the C2 server every 100 milliseconds and increases the interval by this same measure each time the C2 server gives no new jobs to the trojan, up to a maximum of 10 seconds.[2]

It is easy then for tools like RITA to perform statistical analysis on the number, timing and size of connections between pairs of hosts (source, destination)[3]. This IP-pair evaluation works in the most typical approach of having only one IP per C2 server. We implement a beaconing detection evasion method that works by 1) Altering the trojan’s C2 communication message interval and 2) Splitting and routing the C2 communication among many C2 server addresses to hide beaconing and exfiltration.

JITTER MODIFICATION

The Achille’s heel of most RAT (Remote Access Trojan) and TES (Threat Emulation Software) tools network stealthiness is fixed beaconing intervals. The time interval between each message that goes to the C2 server is usually hardcoded and just too short, making manyrequests across the network, so we have incorporated in the tool, better control of the beaconing, with the possibility of modifying the jitter on the fly or having preset configurations, like allowing C2 communication just on certain time window.

Some RAT/TES tools will fail after a specific amount of unsuccessful C2 communication attempts, so the C2Centipede proxy client cannot just drop the HTTP calls that don’t fit the operator’s beaconing strategy, therefore fake C2 response messages are generated in order to keep the trojan alive.

FAUX FLUX

The concept of Fast Flux networks as a technique to improve a botnet’s C2 availability has been in use since 2007-2008.[4] Using this technique, an attacker can hide the real C2 server behind proxies (which are usually compromised edge servers in a botnet), and distributing said proxies IPs through DNS records with a very low TTL[5], allowing them to rapidly (and thus the name fast flux) change the resolved IP for a given domain name. This results in making the shutdown of each C2 IP so difficult as to be usually compared to a whack a mole game.[4] The weakness of this approach is the reliance on a domain name[5], which can be sinkholed by the domain name registrar, as in the case of the shutdown of the Conficker botnet.[4] Some of the common detection methods for Fast Flux networks is the low TTL (time to live) of the record and a high number of IPs resolved for that record.[3]

We have incorporated the C2 proxying technique without the DNS and botnet requirements by utilizing open reverse tcp/http tunnels found on the internet, which provide plenty of IP addresses on which we can spread our C2 comms and provide anonymity as the real C2 server is hidden behind the reverse proxy. In our most recent internet-wide survey we found more than 1.5K servers that could be abused for this purpose

MULTIFRONTING

Domain fronting (ATT&CK T1090.004) is a widely used technique for evading network detection. This technique hides the trojan’s HTTP requests to the C2 as if it was directed to another domain hosted on the same Content Delivery Network (CDN) as the attacker’s. Without TLS inspection, where a mismatch between TLS’s SNI and the HTTP header could be detected, it becomes very hard for the defenders to detect malicious traffic using this technique, having as a last resource the detection via statistical analysis like beaconing detection.

C2Centipede has the ability to utilize multiple domain fronting configurations, which are not necessarily on the same CDN, this provides additional resilience in case one of the CDN providers blocks the redteamer’s account.

DOMAIN GENERATION ALGORITHMS

We have incorporated Flubot’s algorithm for Domain Generation Algorithm (ATT&CK: T1568.002). The seed, and maximum number of domains generated are easily configurable.

DYNAMIC PROXY CONFIGURATION

C2Centipede’s configuration on the server and client can be modified on the fly by the operator. The original trojan’s and C2 messages are wrapped in the tool’s own HTTP messages along with the configuration changes of the routing, jitter and encryption settings for the c2centipede client and server. These are piggybacked on the original HTTP requests, requiring no additional “noise” in the network.

LIMITATIONS

The tool currently works with reverse HTTP shells that close the TCP connections (eg. Metasploit, Empire) and currently does not support those with long connections (eg. PoshC2, Koadic)

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 09:00-16:59 PDT

Title: California Cyber Innovation Challenge CTF -- Pre-registration Required
When: Saturday, Aug 7, 09:00 - 16:59 PDT
Where: Aerospace Village (Virtual CTF)

Description:
Cal Poly

Starts August 7, 2021@ 9 AM PST,
Ends Aug 8, 2021 5 PM PST

Registration available at https://www.cognitoforms.com/CCI17/CaliforniaCyberInnovationChallengeAEROSPACEVILLAGEDEFCON2021

The CCIC promotes Gamification & Esports for Space and Cybersecurity Skills Development. This is an electronic game of clue that has characters and threat actors or the person(s) who committed the Space and Cyber crime. Find the person(s) of interest that you think committed the crime. You are Cybernauts and Cyber Sleuth Analysts. Remember, throughout the challenge, record and take notes of all information, findings, evidence, and clues regarding characters you encounter. Take note of technical skills you executed to create a digital forensics analysis report of who committed the crime and their motives.

About the Crime:

A multi-billion dollar company led by CEO, William Gecko, Moonshot Satellite’s constellation of 5000 CubeSat’s, located in Low Earth Orbit (LEO), provides a mesh-network of internet access to over 20 million commercial and governmental customers around the globe. Moonshot Satellite, a small cube satellite company whose constellation satellite infrastructure provides communication services that deliver Internet access to over 200 million individual commercial customers and real-time communications support for numerous government agencies.

Return to Index - Add to

- ics Calendar file

RCV - Saturday - 11:20-11:50 PDT

Title: Can I Make My Own Social Threat Score?
When: Saturday, Aug 7, 11:20 - 11:50 PDT
Where: Recon Village (Virtual)

SpeakerBio:MasterChen
No BIO available
Twitter: @chenb0x

Description:No Description available

Recon Village talks will stream to YouTube.

Return to Index - Add to

- ics Calendar file

APV - Saturday - 17:00-17:45 PDT

Title: Can’t Stop the Code: Embrace the Code
When: Saturday, Aug 7, 17:00 - 17:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Alton Crossley
No BIO available

Description:
You can't stop the code. So how do you make it all secure? The answer is: you don't. Let's discuss securing your software while using proprietary third parties and Open Source without disrupting ecosystems or innovation.

AppSec Village events will be streamed to YouTube.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Ian%20Vitek%20-%20Central%20bank%20digital%20currency%2C%20threats%20and%20vulnerabilities.mp4

Return to Index - Add to

- ics Calendar file

CAHV - Saturday - 14:00-14:59 PDT

Title: Career Hacking: Tips and Tricks to Making the Most of your Career
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: Career Hacking Village (Talk)

SpeakerBio:Andy Piazza
No BIO available

Description:
At some point in your infosec career, you’ll hit a point of “now what?”. You may experience this as soon as you land your first role, or you’ll experience it as a seasoned veteran of the field. There are plenty of talks out there now for “getting into infosec”, but where is the advice for managing and maintaining a career? This is my attempt to fill that gap. This talk will discuss several key areas for building an awesome career, including actionable takeaways for becoming a better analyst, teammate, and leader. Most importantly, I’ll break down the How and Why behind each concept presented and include specific examples based on real experiences.

This talk will be available on YouTube: https://www.youtube.com/watch?v=oozqj7axNYM

Career Hacking Village content will be available on YouTube.

YouTube: https://youtube.com/careerhackingvillage

Return to Index - Add to

- ics Calendar file

DC - Saturday - 15:00-15:45 PDT

Title: Central bank digital currency, threats and vulnerabilities
When: Saturday, Aug 7, 15:00 - 15:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Ian Vitek
Ian Vitek has a background as a pentester but has worked with information security in the Swedish financial sector the last 10 years. Currently working with security of the Swedish retail central bank digital currency prototype at the Riksbank, the Swedish central bank. Interested in web application security, network layer 2 (the writer of macof), DMA attacks and local pin bypass attacks (found some on iPhone).

Description:
What are the threats and vulnerabilities of a retail central bank digital currency (CBDC)? The central bank of Sweden has built a prototype of a retail CBDC system and I will run through the procurement requirements and design and point out where a two-tier CBDC need protection against attacks. The prototype is built on Corda Token SDK and I have during tests found reliable ways to exploit weaknesses in the design. The presentation will focus on the vulnerabilities that can crash the service that handles the tokens and permanently lock tokens rendering tokens and digital wallets useless. The presentation will also go into detail how tokens are validated and how information from all earlier transactions is needed for this. With D3.js and HTML5 I will visualize the token history (backchain) and describe how this can be a problem with GDPR and the Swedish bank secrecy regulation.

The presentation will end with a summary of identified threats and weaknesses of a two-tier retail central bank digital currency prototype and how to handle them. The goal of the presentation is to give the attendees insight of the security implications, challenges depending on the design and where an attack can be carried out and everything that cannot be missed when designing a CBDC.

REFERENCES: https://www.ingwb.com/media/3024436/solutions-for-the-corda-security-and-privacy-trade-off_-whitepaper.pdf https://d3js.org/

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=-MK0bn3Ys_M

This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

https://soundcloud.com/abstrct/saturday-morning-quarantoons-ep46 https://imgur.com/m5Jcql2
https://twitter.com/Abstr_ct
https://www.twitch.tv/abstr_ct

Return to Index - Add to

- ics Calendar file

BCV - Saturday - 13:00-13:30 PDT

Title: Certified Ethereum Professional (CEP) Overview
When: Saturday, Aug 7, 13:00 - 13:30 PDT
Where: Blockchain Village / Paris Vendome B

SpeakerBio:Abstrct
Abstrct has spent his quarantine bringing dirty progressive and dancey funk to your living rooms, kitchens, patios, and pools each weekend, but holy heck is he ready to bring the party back to DEF CON proper.

Twitter: @Abstr_ct

Description:No Description available

This content will be presented live and in-person.

Return to Index - Add to

- ics Calendar file

DC - Saturday - 09:00-20:59 PDT

Title: Chillout Lounges
When: Saturday, Aug 7, 09:00 - 20:59 PDT
Where: See Description
Speakers:djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf

SpeakerBio:djdead
No BIO available

SpeakerBio:DJ Pie & Darren
No BIO available

SpeakerBio:kampf
No BIO available

SpeakerBio:Rusty Hodge
No BIO available

SpeakerBio:Merin MC
No BIO available

SpeakerBio:Brian Behlendorf
No BIO available

Description:
There are two onsite chillout lounges available: Bally's Silver Ballroom, and Paris Concorde A.

There will be chill music playing:

09:00-12:00 DJ Pie & Darren
12:00-13:30 kampf
13:30-15:00 Merin MC & Rusty
15:00-18:00 Brian Behlendorf
19:00-21:00 djdead

You can also watch the chill room stream on Twitch.

Twitch: https://www.twitch.tv/defcon_chill

Return to Index - Add to

- ics Calendar file

BHV - Saturday - 11:00-11:59 PDT

Title: Chinese Military Bioweapons and Intimidation Operations: Part III
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:RedDragon
No BIO available

Description:
Chinese Military Bio Weapons Future State is third in a three part series examining the Chinese military use of biological reagents in a kinetic capacity. The unrestricted warfare strategy outlined in the early 1990's clearly defines this Chinese military initiative. The supply chain, Program 863 and other supporting components of his strategy will be revealed. It is TLP : RED

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

Return to Index - Add to

- ics Calendar file

BHV - Saturday - 12:30-13:30 PDT

Title: Cloud security for healthcare and life sciences
When: Saturday, Aug 7, 12:30 - 13:30 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:MIchelle Holko , Innovating at the intersection of biology technology and security at Google
Michelle Holko is a PhD scientist in genomics and bioinformatics, working at the intersection of biology, technology, and security. She currently works with at Google with the healthcare and life sciences cloud team. Prior to joining Google, she was a White House Presidential Innovation Fellow.

Description:
Cloud computing is increasingly used, across sectors, to scale data storage, compute, and services on demand. There are many recent examples of healthcare and life sciences cloud-based projects, including AnVIL for genomics data and the All of Us Research Program for precision medicine research. These cloud implementations include data and analytic workflows that pose added security concerns due to the sensitive nature of the information. This panel will discuss recent use cases highlighting best security practices for cloud computing in healthcare and life sciences.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

Return to Index - Add to

- ics Calendar file

CON - Saturday - 10:00-15:59 PDT

Title: CMD+CTRL
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236481

Return to Index - Add to

- ics Calendar file

DC - Saturday - 11:30-12:30 PDT

Title: Community Roundtable - If only you knew
When: Saturday, Aug 7, 11:30 - 12:30 PDT
Where: Policy (Virtual)

Description:
Regardless of the hat you wear – whether you are a policy person dealing with technology, a tech person reacting to policy, a legal advisor struggling to bridge the two, or a business person looking to keep the lights on in the meantime – you all confront your own challenges and issues. What are the top one or two things you know well about those challenges that you wish everyone else did? Come to this session to meet people wearing different hats than you and share those insights.

Return to Index - Add to

- ics Calendar file

DC - Saturday - 16:00-16:59 PDT

Title: Community Roundtable - Implementing Cyber Solarium Commission Policy
When: Saturday, Aug 7, 16:00 - 16:59 PDT
Where: Policy (Virtual & SkyView 1)

Description:
Within a year of publication of the Cyberspace Solarium Commission report, at least 25 of its recommendations were passed into law by Congress. Solarium Commission leadership wants to know how to improve their next set of recommendations - such as the Bureau of Cyber Statistics - before they become law, and wants DEF CON's help to do so. Commission staff will present their topics and elicit feedback from you and your fellow hackers to avoid unintended consequences and to strengthen their implementation plans.

For virtual access, register here: https://us02web.zoom.us/meeting/register/tZItdOCsqDouHd3-on_4mXNeaIsDQhq7HEz1

Return to Index - Add to

- ics Calendar file

DC - Saturday - 13:00-14:59 PDT

Title: Community Roundtable - RANSOMWARE: Combatting Ransomware on a Global Stage / The realities of responding to ransomware
When: Saturday, Aug 7, 13:00 - 14:59 PDT
Where: Policy (Virtual & SkyView 1)

Description:
Part 1:
Ransomware has made front page headlines and taken top stage in policy conversations, with even the US President issuing a letter to CEOs, Congress grilling Colonial Pipeline’s CEO, and the president of France committing 1 Billion Euro to fight ransomware in hospitals. While drafting and spreading technical “best practices” have failed to protect critical infrastructure around the world, which public policy levers are best suited to do so?

Part 2:
If it's Tuesday, it must be another ransomware attack. So what is a law-abiding company to do? If they pay, it just encourages the attacks. If they don't, then their business may suffer, or worse. Meanwhile, breach-notification regulation may have started a ticking clock forcing their hand – potentially in ways that are counter-productive to other policy efforts to stem the tide of these attacks. In this session we'll confront the practical realities and policy dilemmas these attacks provoke.

For virtual access, register here: https://us02web.zoom.us/meeting/register/tZYvduuorzgtG9MAPy9QjVRAaaC4JKIu89aq

Return to Index - Add to

- ics Calendar file

DC - Saturday - 10:00-10:59 PDT

Title: Community Roundtable - Supply Chain in the COVID Era
When: Saturday, Aug 7, 10:00 - 10:59 PDT
Where: Policy (Virtual & SkyView 1)

Description:
During the global COVID pandemic, accidents and adversaries revealed opaque and ignored supply chain security issues in near-catastrophic ways. With global markets, global suppliers, global networks, and global adversaries, is there space for a globally-cohesive approach to shoring up supply chain security?

For virtual access, register here: https://us02web.zoom.us/meeting/register/tZcud-Gprj8qE92RoBYuXTWhhHsakUjGvoLc

Return to Index - Add to

- ics Calendar file

DC - Saturday - 16:00-16:59 PDT

Title: Community Roundtable - Thinking About Election Security
When: Saturday, Aug 7, 16:00 - 16:59 PDT
Where: Policy (Virtual)

Description:
Election security has left the realm of election professionals and is now top of mind for anyone. But what does it mean? Is it just about the security of voting equipment? Or the security of the entire system of running elections? If you haven't been able to catch the Voting Village's content, or would like the opportunity for a deeper dive on some of the issues policymakers are wrestling with, this session is for you.

Return to Index - Add to

- ics Calendar file

DC - Saturday - 10:00-10:59 PDT

Title: Community Roundtable - We need to talk about Norm – Discussions on International cyber norms in diplomacy
When: Saturday, Aug 7, 10:00 - 10:59 PDT
Where: Policy (Onsite - SkyView 3)

Description:
This session will dive into the wide and wonderful world of “cyber norms” – the long-running international discussions seeking to establish rules of the road of behavior in cyberspace. After years of prolonged discussions in the United Nations but also informal groups like the Global Commission on the Stability of Cyberspace, we seem to be at an impasse – do we want to simply reinforce the already agreed upon 11 norms (like “non-interference in critical infrastructure”), do we want to expand the list of norms to include new behavior (like protecting the basic infrastructure of the Internet), or do we want to do both? And who is this “we” anyway? We'll kick off with a deeper look at the state of norm discussions and then open for a wider Q/A and discussion on what norms can and could do.

Return to Index - Add to

- ics Calendar file

ICSV - Saturday - 14:00-14:30 PDT

Title: Crippling the Grid: Examination of Dependencies and Cyber Vulnerabilities
When: Saturday, Aug 7, 14:00 - 14:30 PDT
Where: ICS Village (Virtual)

SpeakerBio:Joe Slowik , Gigamon
Joe Slowik currently leads threat intelligence and network detection work at Gigamon. Previously, Joe performed security research for DomainTools and hunted ICS-focused adversaries for Dragos. Joe remains fascinated by the ICS landscape and critical infrastructure intrusions, and continues to pursue such topics personally and professionally.
Twitter: @jfslowik

Description:
Typical views of cyber-focused attacks on electric utilities emphasize direct impacts to generation, transmission, or distribution assets. While some examples of this activity exist, most notably in Ukraine, such actions are relatively difficult given technical and access requirements to properly execute. Less explored, but far more dangerous, are critical dependencies in electric utility operations which are often more exposed to IT networks and require less specialized knowledge to subvert. This presentation will examine some of these dependencies and their implications to show how ICS-centric defense must include relevant IT links and functional requirements.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485

Return to Index - Add to

- ics Calendar file

DC - Saturday - 10:00-10:45 PDT

Title: Crossover Episode: The Real-Life Story of the First Mainframe Container Breakout
When: Saturday, Aug 7, 10:00 - 10:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
Speakers:Chad Rikansrud (Bigendian Smalls),Ian Coldwater

SpeakerBio:Chad Rikansrud (Bigendian Smalls)
Chad is the same, but for mainframes and mainframe security.
Twitter: @bigendiansmalls

SpeakerBio:Ian Coldwater
Ian is a leading expert on containers and container security.
Twitter: @IanColdwater

Description:
You've seen talks about container hacking. You've seen talks about mainframe hacking. But how often do you see them together? IBM decided to put containers on a mainframe, so a container hacker and a mainframe hacker decided to join forces and hack it. We became the first people on the planet to escape a container on a mainframe, and we’re going to show you how.

Containers on a mainframe? For real. IBM zCX is a Docker environment running on a custom Linux hypervisor built atop z/OS - IBM’s mainframe operating system. Building this platform introduces mainframe environments to a new generation of cloud-native developers-and introduces new attack surfaces that weren’t there before.

In this crossover episode, we’re going to talk about how two people with two very particular sets of skills went about breaking zCX in both directions, escaping containers into the mainframe host and spilling the secrets of the container implementation from the mainframe side.

When two very different technologies get combined for the first time, the result is new shells nobody’s ever popped before.

REFERENCES: Getting started with z/OS Container Extensions and Docker: https://www.redbooks.ibm.com/abstracts/sg248457.html The Path Less Traveled: Abusing Kubernetes Defaults: https://www.youtube.com/watch?v=HmoVSmTIOxM Attacking and Defending Kubernetes Clusters: A Guided Tour: https://securekubernetes.com Evil Mainframe penetration testing course :https://www.evilmainframe.com/ z/OS Unix System Services (USS): https://www.ibm.com/docs/en/zos/2.1.0?topic=system-basics-zos-unix-file z/OS Concepts: https://www.ibm.com/docs/en/zos-basic-skills?topic=zc-zos-operating-system-providing-virtual-environments-since-1960s Docker overview: https://docs.docker.com/get-started/overview/

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=7DXF7YDBf-g

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Ian%20Coldwater%20Chad%20Rikansrud%20%28Bigendian%20Smalls%29%20-%20The%20Real-Life%20Story%20of%20the%20First%20Mainframe%20Container%20Breakout.mp4

This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

CCV - Saturday - 16:30-16:59 PDT

Title: Cryptocurrency Trivia!
When: Saturday, Aug 7, 16:30 - 16:59 PDT
Where: Cryptocurrency Village (Onsite - Paris Champagne Ballroom 1)

SpeakerBio:Justin Ehrenhofer
No BIO available

Description:
Join us for cryptocurrency-themed trivia! Each player competes using their phone or computer on topics relating cryptocurrency news, lore, history, research, and development. This will be a super fun time!

The Cryptocurrency Village is built around conversations and events, not formal talks. Stop by any time to speak with knowledgeable individuals! This village focuses on the security and privacy side of cryptocurrencies, not the investment side.

The Cryptocurrency Village is conveniently located in Paris Champagne Ballroom 1.

Return to Index - Add to

- ics Calendar file

APV - Saturday - 12:00-12:45 PDT

Title: CSP is broken, let’s fix it
When: Saturday, Aug 7, 12:00 - 12:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Amir Shaked
No BIO available

Description:No Description available

AppSec Village events will be streamed to YouTube.

https://www.youtube.com/channel/UCzZK3vjJL9rKNPXNoCPFO5g/videos

Return to Index - Add to

- ics Calendar file

Title: Darknet-NG
When: Saturday, Aug 7, 09:00 - 16:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/238249

Return to Index - Add to

- ics Calendar file

DDV - Saturday - 10:00-09:59 PDT

Title: Data Duplication Village - Open
When: Saturday, Aug 7, 10:00 - 09:59 PDT
Where: Data Duplication Village

Description:
Space permitting, last drop off is Saturday at 3:00pm.

Pick your drives full of data anytime 14-24 hours after drop off.

Last chance pickup is Sunday from 10:00 to 11:00.

Yes, 6TB and larger drives are accepted.

Any drives not picked up by Sunday at 11:00am are considered donated to the DDV.

See https://dcddv.org/dc29-schedule for more information.

Return to Index - Add to

- ics Calendar file

SOC - Saturday - 17:00-18:59 PDT

Title: DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup
When: Saturday, Aug 7, 17:00 - 18:59 PDT
Where: Bally's Skyview 2

Description:
They say Atlanta is the city too busy to hate, but it also has too much traffic for its widespread hacker fam to get together in a single meetup. So instead we're meeting up in the desert during DEF CON! The one time of year when intown, northern burbs, south siders, and anyone else connected to DC404's 20+ year legacy can catch up and share stories. We typically meet up for an hour or two then will go get dinner afterwards before evening events.

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 11:00-11:59 PDT

Title: Decoding NOAA Weather Sat Signals
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: Aerospace Village (Workshop - Paris Rivoli B)

Description:

You’ll need a laptop with internet connection for this workshop

Title: Defeating Physical Intrusion Detection Alarm Wires
When: Saturday, Aug 7, 13:00 - 13:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Bill Graydon
Bill Graydon is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running DEF CON’s Lock Bypass Village. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in cyber security, software development, anti-money laundering, and infectious disease detection.

Twitter: @access_ctrl
https://github.com/bgraydon

Description:
Alarm systems are ubiquitous - no longer the realm of banks and vaults only, many people now have them in their homes or workplaces. But how do they work? And the logical follow-up question - how can they be hacked?

This talk focuses on the communication lines in physical intrusion detection systems: how they are secured, and what vulnerabilities exist. We’ll discuss the logic implemented in the controllers and protections on the communication lines including end of line resistors - and all the ways that this aspect of the system can be exploited.

In particular, we’ll release schematics for a tool we’ve developed that will enable measuring end-of-line resistor systems covertly, determining the necessary re-wiring to defeat the sensors, and deploy it without setting off the alarm.

After the talk, you can head over to the Lock Bypass Village to try these techniques out for yourself!

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=Liz9R_QxSgk

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Bill%20Graydon%20-%20Defeating%20Physical%20Intrusion%20Detection%20Alarm%20Wires.mp4

This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 11:30-11:55 PDT

Title: Defending the Unmanned Aerial Vehicle: Advancements in UAV Intrusion Detection
When: Saturday, Aug 7, 11:30 - 11:55 PDT
Where: Aerospace Village (Virtual Talk)

SpeakerBio:Jason Whelan
Jason (OSCP, OSCE, CCNP) holds a Bachelor of IT and is currently working towards a MSc in Computer Science from Ontario Tech University. He has presented at international conferences on UAV security, and has experience in both practical security research and penetration testing of operational UAS.

Description:
Many attacks against the UAV are becoming commonplace as they are simple to conduct with inexpensive hardware, such as spoofing and jamming. Unfortunately, many of the vulnerabilities UAVs suffer from are based on security flaws in the underlying technologies, including GPS and ADS-B. An intrusion detection system (IDS) for UAVs can increase security rapidly without the need to re-engineer underlying technologies. UAVs are cyber-physical systems which introduce a number of challenges for IDS development as they utilize a wide variety of sensors, communication protocols, platforms, and control configurations. Commercial off-the-shelf IDS solutions can be strategically implemented within the Unmanned aerial system (UAS) to detect threats to the underlying traditional IT infrastructure, however, the UAV itself requires specialized detection techniques. This talk discusses advancements in UAV intrusion detection, including proposed solutions in academics, pitfalls of these solutions, and how a practical technique using machine learning can be used to detect attacks across UAV platforms. A fully developed IDS is presented which makes use of flight logs and an onboard agent for autonomous detection and mitigation. The topics covered come from lessons learned in UAS penetration testing, live experiments, and academic research in the UAV security space.

This talk will be streamed on YouTube: https://www.youtube.com/watch?v=XEN9LTOUFFQ

Aerospace Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/c/AerospaceVillage

Return to Index - Add to

- ics Calendar file

DL - Saturday - 10:00-11:50 PDT

Title: Depthcharge
When: Saturday, Aug 7, 10:00 - 11:50 PDT
Where: Palace 3+4+5

SpeakerBio:Jon Szymaniak
Jon Szymaniak is Principle Security Consultant in NCC Group’s Hardware & Embedded Systems Services team and a former embedded systems engineer. His areas of interest include U-Boot, Linux, Yocto, and firmware reverse engineering. Through both his day job and hobby hacking adventures, he’s enjoyed exploring and exploiting boot ROMs, automotive ECUs, Android-based platforms, and a myriad of Internet-connected things that shouldn't be.

Description:
Depthcharge: A Framework for U-Boot Hacking

Short Abstract:
In modern embedded systems that implement a “secure boot” flow, the boot loader plays a critical role in establishing the integrity and authenticity of software and data required to boot an operating system. Given the role and vantage point of boot loaders, they are a particularly interesting target for hardware hackers seeking to root a device and instrument it for further vulnerability hunting and reverse engineering. Although the vast majority of devices leveraging the ubiquitous and open source U-Boot boot loader leave it unprotected and trivially exploited, more product vendors are finally implementing secure boot and (attempting to) lock down their U-Boot builds. These less common specimen offer exciting opportunities to pursue creative bypasses and explore underappreciated U-Boot functionality.

The Depthcharge framework was developed to help hardware hackers methodically (ab)use some of that underappreciated U-Boot functionality in novel ways to circumvent boot-time protections, as well as expedite the identification and exploitation of “the usual suspects” within exposed U-Boot device consoles. The project includes a Python 3 library for interfacing with devices, reading and writing memory via available primitives, deploying executable payloads, and analyzing various data structures. A collection of scripts built atop of library make this functionality readily available via the command line, and “Depthcharge Companion” firmware allows the tooling to extend its vantage point by presenting itself as a peripheral device connected to the target. This Demo Lab will introduce the basics of Depthcharge and explore how attendees can leverage and expand upon it when seeking to circumvent boot-time protections or just to further explore a system from within the U-Boot environment. For those wishing to protect their (employer’s) products from fellow DEF CON attendees, we’ll also cover the configuration checker functionality that can be used to avoid common U-Boot pitfalls.

Developer Bio:
Jon Szymaniak is Principle Security Consultant in NCC Group’s Hardware & Embedded Systems Services team and a former embedded systems engineer. His areas of interest include U-Boot, Linux, Yocto, and firmware reverse engineering. Through both his day job and hobby hacking adventures, he’s enjoyed exploring and exploiting boot ROMs, automotive ECUs, Android-based platforms, and a myriad of Internet-connected things that shouldn't be.

URLs: GitHub: https://github.com/nccgroup/depthcharge Documentation: https://depthcharge.readthedocs.io

Blog Posts and Prior Presentations:
Blog: https://research.nccgroup.com/2020/07/22/depthcharge/ Hardwear.io Webinar: https://www.youtube.com/watch?v=fTKMi3Is5x8 Blog: https://research.nccgroup.com/2020/1...hcharge-v0-2-0 OSFC Presentation: https://vimeo.com/488134063 Detailed Explanation:
Additional detail can be found here in the project documentation: https://depthcharge.readthedocs.io/e...is-depthcharge

The Depthcharge project aims to allow hackers, security practitioners, and engineering teams a way to “work smarter” when attempting to root a device or evaluate its security posture. This not only includes gaining control of a target’s U-Boot execution, but also leveraging the bootloader as a vantage point to further explore the target system.

The Python 3 Depthcharge API can be leveraged to enumerate functionality exposed by a U-Boot console and identify memory read/write primitives. Memory access abstractions built atop of these primitives seek to make dumping device firmware quicker and more robust, and custom payload deployment easier. With its colorized serial monitor, Depthcharge provides a more pleasant environment for hacking around and scripting while within a device’s U-Boot console. The “Companion” firmware extends Depthcharge reach into a target platform, allowing it to act as a “malicious” peripheral device (e.g. on an I2C bus). While much of the project focuses on console exposure, it also include some data structure identification (e.g. stored environments) functionality aimed at situations where such functionality is not available. For engineers and those on the “blue team” — build configuration checker functionality can help raise red flags and detect U-Boot pitfalls much earlier in the product development lifecycle.

Target Audience:
Hardware / Embedded Systems - Both “offense” and “defense” within this audience

I believe the Depthcharge Demo Lab can show that there’s more interesting hackery to be had within the U-Boot boot loader, and that we can work much smarter when we encounter it. Given that I tend to see discussions of U-Boot limited to unprotected IoT junkware, I’ve always been bummed that folks don’t seem to get to appreciate the joy of circumventing secure boot mechanisms, or otherwise leveraging their U-Boot environment to start exploring a hardware platform and its SoC from a lower level vantage point.

Whether it be folks enjoying the abuse of a CRC32 feature as an arbitrary memory primitive, or just gaining an appreciation for how U-Boot exports functionality for use by “stand alone applications” — I hope to share some new tricks and get people excited about hacking deeper on their devices. Demos will be based upon my earlier work bypassing a (now patched) 2019 Sonos vulnerability, as well as some “previously seen on client work” vulnerabilities modeled on development kits to protect the (not so?) innocent.

Warranty voiding and custom firmware development shall be strongly encouraged.

Return to Index - Add to

- ics Calendar file

APV - Saturday - 16:00-16:45 PDT

Title: DevSecOps: Merging Security and Software Engineering
When: Saturday, Aug 7, 16:00 - 16:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Magno Logan DELETE ME
No BIO available

Description:
Lately, we’ve been hearing a lot about Dev Ops and DevSecOps, and why they’re so important. While integrating these are considered very good practices, organizations may be unintentionally unaware of how to maximize DevOps to ensure security and compliance are being met without delays. This could be because many researchers and authors believe DevOps already includes security at its core, since software security and quality are closely related. However, in today’s cloud environment, one cannot assume that DevOps can do it all. That’s where a strong DevSecOps strategy and mindset comes into play.

AppSec Village events will be streamed to YouTube.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Yuhao%20Weng%20Steven%20Seeley%20Zhiniang%20Peng%20-%20don%27t%20Dare%20to%20Exploit%20-%20An%20Attack%20Surface%20Tour%20of%20SharePoint%20Server.mp4

Return to Index - Add to

- ics Calendar file

WS - Saturday - 10:00-13:59 PDT

Title: Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders
When: Saturday, Aug 7, 10:00 - 13:59 PDT
Where: Workshops - Las Vegas 5+6 (Onsite Only)
Speakers:Michael Register,Michael Solomon

SpeakerBio:Michael Register
Michael Register (S3curityN3rd) has 5 years of combined experience across IT, Networking, and Cybersecurity. He currently holds multiple certifications, including the GCIH. S3curityN3rd spent the last 3 years working in Incident Response before a recent transition into a Threat Hunting role. His areas of focus have been on forensics, malware analysis, and scripting.

SpeakerBio:Michael Solomon
Michael Solomon (mR_F0r3n51c5) is currently a Threat Hunter for a large managed security service provider. He has ten years of experience conducting Cyber Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting. He is very passionate about helping grow and inspire cybersecurity analysts for a better tomorrow.

Description:
Ever wondered what it is like being a cybersecurity or incident response analyst? Here is your chance to experience an exciting 4-hour class taught by mR_F0r3n51c5 and S3curityN3rd. Phishing and malicious spam attacks continue to pose a significant risk in today’s cyber threat landscape. Using forensic and malware analysis fundamentals, this class will teach students how to analyze malicious downloaders, phishing emails, and malicious spam.

Upon successful class completion, students will be able to:

Build analysis skills that leverage complex scenarios and improve comprehension. Demonstrate an understanding of forensic fundamentals used to analyze an email. Use open-source information to collect and analyze threat actor data; identify indicators of compromise, and demonstrate how to pivot on that information. Demonstrate how to analyze a malicious downloader; to include but not limited to debugging and deobfuscation. Participate in a hand to keyboard combat capstone. Students will be given a malicious file sample and demonstrate how to analyze it.

Registration Link: https://www.eventbrite.com/e/digital-forensics-and-ir-against-the-dark-arts-las-vegas-5-6-tickets-162218185961

Prerequisites: None

Materials needed:
Students will be required to download two virtual machines (OVA files). Students will be given a URL for download access. In regards to the downloaded virtual machines, these should be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.

Students must have a laptop that meets the following requirements:

A 64 bit CPU running at 2GHz or more. The students will be running two virtual machines on their host laptop.
Have the ability to update BIOS settings. Specifically, enable virtualization technology such as "Intel-VT."
The student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.
8 GB (Gigabytes) of RAM or higher
At least one open and working USB Type-A port
50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute
Students must have Local Administrator Access on their system.
Wireless 802.11 Capability
A host operating system that is running Windows 10, Linux, or macOS 10.4 or later.
Virtualization software is required. The supplied VMs have been built for out of the box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues.

At a minimum, the following VM features will be needed:

NATted networking from VM to Internet
Copy Paste of text and files between the Host machine and VM

Return to Index - Add to

- ics Calendar file

DC - Saturday - 17:00-17:59 PDT

Title: Don't Dare to Exploit - An Attack Surface Tour of SharePoint Server
When: Saturday, Aug 7, 17:00 - 17:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
Speakers:Steven Seeley,Yuhao Weng,Zhiniang Peng

SpeakerBio:Steven Seeley
Steven Seeley (@mr_me) is a member of the 360 Vulcan team and enjoys finding and exploiting bugs. Currently his focus is on web and cloud tech and has over 10 years experiance in offensive security. Steven won the Pwn2Own Miami competition with his team mate Chris Anastasio in early 2020 and has taught several classes in web security including his own, Full Stack Web Attack.
Twitter: @steventseeley

SpeakerBio:Yuhao Weng
Yuhao Weng(@cjm00nw) is an security researcher of Sangfor and a ctf player of Kap0k. He has been studying the web for three years and found a lot bugs in Sharepoint, Exchange and so on. Now he is focused on .NET security.
Twitter: @cjm00nw

SpeakerBio:Zhiniang Peng
Dr. Zhiniang Peng (@edwardzpeng) is the Principal Security Researcher at Sangfor. His current research areas include applied cryptography, software security and threat hunting. He has more than 10 years of experience in both offensive and defensive security and published much research in both academia and industry.
Twitter: @edwardzpeng

Description:
Due current global issues of 2020, organizations have been forced to make changes in how their business model operates and as such, have opened the doors to remote working. Microsoft SharePoint is one of the most popular and trusted Content Management System's (CMS) deployed today. The product is used to share and manage content, internal knowledge with embeded applications to empower teamwork and seamlessly collaborate across an organization for a truly remote experience.

After the efforts of countless talented engineers in Microsoft, SharePoint has been deployed in the Microsoft cloud as part of their office 365 offering. This presentation will analyze the security architecture of SharePoint server and how it differs from other popular CMS products. From an offensive point of view, we will also reveal several attack surfaces and mitigations implemented and how those mitigations can be bypassed. Finally we will disclose several high impact vulnerabilities detailing the discovery and exploitation.

REFERENCES: 1. http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ 2. https://docs.microsoft.com/en-us/dotnet/api/system.web.ui.control 3. https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524602(v=vs.90) 4. https://www.youtube.com/watch?v=Xfbu-pQ1tIc 5. https://www.blackhat.com/us-20/briefings/schedule/#room-for-escape-scribbling-outside-the-lines-of-template-security-20292 6. https://www.spguides.com/sharepoint-csom-tutorial/

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=mVXrl4W1jOU

This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 15:00-15:50 PDT

Title: Drone Security Research Series – Ep6 Hacking with drones
When: Saturday, Aug 7, 15:00 - 15:50 PDT
Where: Aerospace Village (Virtual Talk)

SpeakerBio:Matt Gaffney
Following his career in the British Army, Matt has been working with clients in various industries. However, his best years were spent working in aviation, specifically systems found in the Aircraft Information Systems Domain. More recently he has turned his attention to security in UAS.

Description:
In this series we have uncovered weaknesses in the MAVLink protocol, now we attempt to overcome physical security controls by getting within range of WiFi networks with a drone. In this episode we use a drone to get close to our target by taking the tools airborne and flying over our target. Let’s rewrite the physical security model!

This talk will be streamed on YouTube: https://www.youtube.com/watch?v=M0BDHT43Ucc

Aerospace Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/c/AerospaceVillage

Return to Index - Add to

- ics Calendar file

CON - Saturday - 20:00-21:59 PDT

Title: Drunk Hacker History
When: Saturday, Aug 7, 20:00 - 21:59 PDT
Where: See Description

Description:
This event will be held in Track 1 / Bally's Platinum Ballroom. This event was rescheduled from 22:00 to 20:00.

Twitter: https://twitter.com/drunkhackerhist?lang=en

Return to Index - Add to

- ics Calendar file

BCV - Saturday - 12:00-12:59 PDT

Title: Ethereum Hacks & How to Stop Them
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Blockchain Village / Paris Vendome B

SpeakerBio:Michael Lewellen , Project Manager - Security Services, OpenZeppelin
Michael works as the Technical Project Manager for the Security Research team managing audit projects. Michael has 9 years of experience as a software consultant and architect working on blockchain technologies. Outside of OpenZeppelin, Michael educates on blockchain technology as a lecturer at UT Dallas and a public policy advisor as part of the Texas Blockchain Council.

Description:
Learn about some of the recent smart contract security incidents and how to stop them using OpenZeppelin security tools like Defender.

This content will be presented live and in-person.

Return to Index - Add to

- ics Calendar file

IOTV - Saturday - 15:45-16:15 PDT

Title: Ethics at the Edge: IoT as the Embodiment of AI for Rampant Intelligence Actuation
When: Saturday, Aug 7, 15:45 - 16:15 PDT
Where: IoT Village (Talk - Virtual)

SpeakerBio:Ria Cheruvu
Ria Cheruvu is an AI Ethics Lead Architect at the Intel Network and Edge engineering group working on developing trustworthy AI products. She is 17 years old, and graduated with her bachelor’s degree in computer science at Harvard University at 11 and her master’s degree in data science from her alma mater at 16. Her pathfinding domains include solutions for security and privacy for machine learning, fairness, explainable and responsible AI systems, uncertain AI, reinforcement learning, and computational models of intelligence. She enjoys composing piano music, ocean-gazing with her family, and contributing to open-source communities in her free time.

Description:
In the eyes of a smart device and their human controllers, the world is an immense source of data and power. The expanding Internet of Things ecosystem only adds fuel to this, empowering real-time automatic sensing + actuation posing regulatory dilemmas, easily exploitable definitions of trusted entities (e.g., see the 2021 Verkada hack), and measurements of security, robustness, and ethics that change apropos data in the blink of an eye.

Governance and policing of Internet of Things devices is growing to cover the upcoming trail of destruction by flailing technical solutions, but some intriguing key unanswered questions are starting to reveal themselves.

In this talk, we’ll dive into what the sociotechnical problem of ethics means at the edge in the context of machine learning/artificial intelligence and address these questions:

Individual vectors of ethics (“Sustainability is an ethical principle?” “Edge devices have their own definition of fairness and bias different from human concepts?”)
Evolving principles and governance for IoT devices, and the importance of accountable anonymity
Definitions of trusted entities (“When are users a threat?” “Should humans be out of the loop?”), and how key ethical principles, such as privacy and transparency, can be a double-edged sword in the context of IoT security.
Incorporating morality into machines is now a reality (“How do we define a calculus and value alignment for IoT ethics?”) - what are key unconventional ethical concerns for human-centered design?

IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.

Return to Index - Add to

- ics Calendar file

WS - Saturday - 15:00-18:59 PDT

Title: Evading Detection a Beginner's Guide to Obfuscation
When: Saturday, Aug 7, 15:00 - 18:59 PDT
Where: Workshops - Las Vegas 3+4 (Onsite Only)
Speakers:Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose

SpeakerBio:Anthony "Cx01N" Rose , Lead Security Researcher
Anthony "Cx01N" Rose, CISSP, is the Lead Security Researcher at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, and RSA conferences. Cx01N is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing wide-spread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.

SpeakerBio:Jake "Hubbl3" Krasnov , Red Team Operations Lead
Jake "Hubbl3" Krasnov is the Red Team Operations Lead at BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Hubbl3 has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.

SpeakerBio:Vincent "Vinnybod" Rose , Lead Tool Developer
Vincent "Vinnybod" Rose is the Lead Tool Developer for Empire and Starkiller. He is a software engineer with expertise in cloud service and has over a decade of software development and networking experience. Recently, his focus has been on building ad-serving technologies, web and ad-tracking applications. Vinnybod has presented at Black Hat has taught courses at DEF CON on Red Teaming and Offensive PowerShell. He currently maintains a cybersecurity blog focused on offensive security at https://www.bc-security.org/blog/.

Description:
Defenders are constantly adapting their security to counter new threats. Our mission is to identify how they plan on securing their systems and avoid being identified as a threat. This is a hands-on class to learn the methodology behind malware delivery and avoiding detection. This workshop explores the inner workings of Microsoft's Antimalware Scan Interface (AMSI), Windows Defender, and Event Tracing for Windows (ETW). We will learn how to employ obfuscated malware using Visual Basic (VB), PowerShell, and C# to avoid Microsoft's defenses. Students will learn to build AMSI bypass techniques, obfuscate payloads from dynamic and static signature detection methods, and learn about alternative network evasion methods.

In this workshop, we will:

i. Understand the use and employment of obfuscation in red teaming. ii. Demonstrate the concept of least obfuscation. iii. Introduce Microsoft's Antimalware Scan Interface (AMSI) and explain its importance. iv. Demonstrate obfuscation methodology for .NET payloads.

Registration Link: https://www.eventbrite.com/e/evading-detection-a-beginners-guide-to-obfuscation-las-vegas-3-4-tickets-162219734593

Prerequisites: Basic level of PowerShell or C# experience.

Materials needed:
- Laptop
- VMWare or Virtual Box
- Windows Dev machine or other Windows VM - Kali Linux VM

Return to Index - Add to

- ics Calendar file

BCV - Saturday - 15:00-15:59 PDT

Title: Evils in the DeFi world
When: Saturday, Aug 7, 15:00 - 15:59 PDT
Where: Blockchain Village / Paris Vendome B
Speakers:Minzhi He,Peiyu Wang

SpeakerBio:Minzhi He
No BIO available

SpeakerBio:Peiyu Wang , Sr. Security Engineer CertIK
Peiyu Wang is a Senior Security Engineer at CertiK with years of professional experience in security assessments and blockchain technology, specializing in application penetration testing and smart contract audit. Prior to joining the CertiK, Peiyu was a security consultant at Harbor Labs and NCC group, where he focused on medical device security, software development and security assessments. Peiyu holds a Master's degree in information security from Johns Hopkins University, as well as professional industry certifications, which include Offensive Security Certified Professional(OSCP) and Offensive Security Web Expert (OSWE)

Description:
The growth of DeFi for the past year is astonishing, the TVL, users count and different types of projects prove the concept of DeFi can work. The space has good DeFi projects that bring users and investors. It also has projects that are complete scams; they come up with different ways to scam people and run away with user's money. Scammers have stolen millions of dollars worth of tokens from users for the past years.

How can regular users identify bad projects? What can a security company do to help DeFi users and investors? We can't stop scammers from deploying contracts on the blockchain and setting up fake websites, but we can warn users to stay away from them. CertiK set up a submission form on our website for community members to report risky projects, and we will investigate them. If we find the project is risky, we will publish an alert on our website and Twitter account.

We reviewed more than 50 submissions from community members and identified around 15 risky projects in the past. At the Defcon blockchain village, we want to share our work for the past couple of months. In this talk, we will do a case study to demonstrate different types of scams; we will also talk about how scammers earn trust from users and how we investigate user submitted projects.

This content will be presented live and in-person.

Return to Index - Add to

- ics Calendar file

CLV - Saturday - 10:00-10:45 PDT

Title: Extracting all the Azure Passwords
When: Saturday, Aug 7, 10:00 - 10:45 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Karl Fosaaen
As a Practice Director at NetSPI, Karl leads the Cloud Penetration Testing service line and oversees NetSPI’s Portland, OR office. Karl holds a BS in Computer Science from the University of Minnesota and has over a decade of consulting experience in the computer security industry. Karl spends most of his research time focusing on Azure security and contributing to the NetSPI blog. As part of this research, Karl created the MicroBurst toolkit (https://github.com/Netspi/Microburst) to house many of the PowerShell tools that he uses for testing Azure. Over the last year, Karl has co-authored the book “Penetration Testing Azure for Ethical Hackers” with David Okeyode. Over the years, Karl has held the Security+, CISSP, and GXPN certifications.
Twitter: @kfosaaen

Description:
Whether it's the migration of legacy systems or creation of brand-new applications, many organizations are turning to Microsoft’s Azure cloud as their platform of choice. This brings new challenges for penetration testers who are less familiar with the platform, and now have more attack surfaces to exploit. In an attempt to automate some of the common Azure escalation tasks, the MicroBurst toolkit was created to contain tools for attacking different layers of an Azure tenant. In this talk, we will be focusing on the password extraction functionality included in MicroBurst. We will review many of the places that passwords can hide in Azure, and the ways to manually extract them. For convenience, we will also show how the Get-AzPasswords function can be used to automate the extraction of credentials from an Azure tenant. Finally, we will review a case study on how this tool was recently used to find a critical issue in the Azure permissions model that resulted in a fix from Microsoft.

Cloud Village activities will be streamed to YouTube.

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 12:00-12:25 PDT

Title: Federal Perspective on Aerospace Cybersecurity
When: Saturday, Aug 7, 12:00 - 12:25 PDT
Where: Aerospace Village (Virtual Talk)
Speakers:Larry Grossman,Steve Luczynski

SpeakerBio:Larry Grossman
Larry Grossman is the Federal Aviation Administration’s Director of the Office of Information Security and Privacy and Chief Information Security Officer. In this role, he provides strategic leadership of FAA’s information security and privacy programs. He chairs FAA’s Executive Cybersecurity Steering Committee which provides oversight to cybersecurity activities across the FAA enterprise. Larry leads the FAA’s security operations, compliance, governance, and risk management functions. Looking externally, he oversees the FAA’s Aviation Ecosystem and Stakeholder Engagement Office whose role is to promote awareness and improve cyber resiliency across the aviation ecosystem. He also leads the evolution of FAA’s cybersecurity strategy, Security Operations Center modernization, new program deployments, and cyber incident response activities. Additionally, he represents FAA’s cybersecurity and programs at the Department of Transportation and other agencies; he participates in government-wide and international cybersecurity initiatives and exercises; and regularly briefs Congress on FAA and aviation cybersecurity. Larry has been with the FAA for over 25 years and prior to his current role, led the deployment of Air Traffic Control and Aviation Safety systems, as well as data modernization and external data distribution efforts.

An avid aviation enthusiast, Larry holds commercial pilot and flight instructor certificates in both land and sea, and travels in his own aircraft whenever possible.

SpeakerBio:Steve Luczynski
No BIO available

Description:
As the Federal Aviation Administration’s Chief Information Security Officer, Larry Grossman has a unique perspective on the challenges associated with building and sustaining adequate security for IT systems within a government agency and across the aerospace sector. Join us to learn more about his experiences and gain insight into the FAA’s current efforts to sustain the public’s trust in safe air travel.

This talk will be streamed on YouTube: https://www.youtube.com/watch?v=jcyL0zPNEuA

Aerospace Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/c/AerospaceVillage

Return to Index - Add to

- ics Calendar file

ICSV - Saturday - 12:00-12:59 PDT

Title: Fireside Chat - August Cole
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: ICS Village (Virtual)

SpeakerBio:August Cole
No BIO available

Description:No Description available

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485

Return to Index - Add to

- ics Calendar file

ICSV - Saturday - 13:30-13:59 PDT

Title: Fortifying ICS - Hardening and Testing
When: Saturday, Aug 7, 13:30 - 13:59 PDT
Where: ICS Village (Virtual)

SpeakerBio:Dieter Sarrazyn , Secudea
Dieter is a freelance SCADA/ICS/OT security consultant who’s working extensively on industrial control system security since 2008. He performs different kinds of security assessments within industrial environments including intrusion testing, physical penetration testing, technical system assessments, risk assessments and provides assistance in securing these environments. He also helps customers to manage security of solutions deployed by their industrial suppliers and integrators through doing security requirements management and security FAT and SAT tests. Next to assessing environments, he is also providing training and awareness sessions on scada/ics/ot security and coaches young graduates within this field.
Twitter: @dietersar

Description:
Every ICS environment will sooner or later have to deal with updates, upgrades or additions to the control system environment. Nowadays it is important to include cybersecurity within such projects, although that is still sometimes forgotten (sad but true). One of the ways to include security is to set security requirements but also perform hardening and cybersecurity testing within FAT and SAT cycles.

This talk will explain important elements of hardening as well as things to keep in mind when performing cybersecurity testing during FAT/SAT phases after performing said hardening.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485

Return to Index - Add to

- ics Calendar file

SOC - Saturday - 12:00-12:59 PDT

Title: Friends of Bill W.
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Bally's Pool Cabana

Description:
For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is in a Bally's poolside cabana, look for the sign.

Return to Index - Add to

- ics Calendar file

SOC - Saturday - 17:00-17:59 PDT

Title: Friends of Bill W.
When: Saturday, Aug 7, 17:00 - 17:59 PDT
Where: Bally's Pool Cabana

Description:
For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is in a Bally's poolside cabana, look for the sign.

Return to Index - Add to

- ics Calendar file

WS - Saturday - 10:00-13:59 PDT

Title: From Zero to Hero in Web Security Research
When: Saturday, Aug 7, 10:00 - 13:59 PDT
Where: Workshops - Jubilee 2 (Onsite Only)
Speakers:Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki

SpeakerBio:Dikla Barda
Dikla Barda is a Security Expert at Check Point Software Technologies. Her research has revealed significant flaws in popular services, and major vendors like: Facebook, WhatsApp, Telegram, eBay, AliExpress, LG, DJI, Microsoft, TikTok and more. She has over 15 years of experience in the field of cyber security research. She spoke at various leading conferences worldwide.

SpeakerBio:Oded Vanunu
Oded Vanunu has more than 15 years of InfoSec experience. He is a Security Leader and Offensive Security Expert who leads a security research domain from product design stages until post release. Vanunu leads security ideas into products. His expertise is in building a security research team, vulnerability research, security best practice and security design. He has been issued five patents on cybersecurity defense methods and has published dozens of research papers and product CVEs.

SpeakerBio:Roman Zaikin
Roman Zaikin is a Security Expert at Check Point Software Technologies. His research has revealed significant flaws in popular services, and major vendors (Facebook, WhatsApp, Telegram, eBay, AliExpress, LG, DJI, Microsoft and more). He has over 10 years of experience in the field of cyber security research. He spoke at various leading conferences worldwide and taught more than 1000 students, he is also responsible for the design and the material of various cyber courses worldwide. He holds more than 15 Certifications and extensive experience with system administration, network architecture, software development, penetration testing and reverse engineering. He has outstanding self-taught skills, having the ability to develop and thinking outside the box. Love technology and want to know exactly how things work behind the scenes at lowest level of the bit and the bytes. He has an innate curiosity of how software can be broken down or bypassed so you can do things with it that weren't intended to be done.

SpeakerBio:Yaara Shriki
Yaara Shriki is an experienced security researcher at Check Point. She is an IDF technological unit graduate with experience in penetration testing, vulnerability research and forensics. Outside of work, Yaara volunteers to promote women and girls in tech.

Description:
Web applications play a vital role in every modern organization. If your organization does not properly test and secure its web apps, adversaries can compromise these applications, damage business functionality, and steal data. Unfortunately, many organizations operate under the mistaken impression that a web application security scanner will reliably discover flaws in their systems.

Customers expect web applications to provide significant functionality and data access. Even beyond the importance of customer-facing web applications, internal web applications increasingly represent the most commonly used business tools within any organization. Unfortunately, there is no "patch Tuesday" for custom web applications, so major industry studies find that web application flaws play a major role in significant breaches and intrusions.

In this workshop we will teach you how to find vulnerabilities in web security according to the latest methods and techniques. We will demonstrate every vulnerability by giving an example from vulnerability we have found in major tech companies like: Facebook, WhatsApp, Amazon, AliExpress, Snapchat, LG and more!

Registration Link: https://www.eventbrite.com/e/from-zero-to-hero-in-web-security-research-jubilee-2-tickets-162214757707

Prerequisites: Basic Web Concepts, Basic Web Development Skills, Ability to Understand JavaScript.

Materials needed:
Personal Laptop

Return to Index - Add to

- ics Calendar file

CHV - Saturday - 13:00-13:59 PDT

Title: Fuzzing CAN / CAN FD ECU's and Network
When: Saturday, Aug 7, 13:00 - 13:59 PDT
Where: Car Hacking Village - Talks (Virtual)

SpeakerBio:Samir Bhagwat
No BIO available

Description:
Get an overview of fuzzing, various techniques used in vulnerability testing, and how to automate your Fuzzing.

This talk will stream on YouTube.

YouTube: https://www.youtube.com/watch?v=L7RCalagQ&feature=youtu.be

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 16:00-16:25 PDT

Title: Fuzzing NASA Core Flight System Software
When: Saturday, Aug 7, 16:00 - 16:25 PDT
Where: Aerospace Village (Virtual Talk)

SpeakerBio:Ronald Broberg
No BIO available

Description:
NASA Core Flight System (cFS) provides an open source software framework used in multiple NASA missions including the Lunar Reconnaissance Orbiter, the Parker Solar Probe, and the protoype Mighty Eagle robotic lunar lander. The cFS suite includes Command Ingest (CI_Lab) and Telemetry Output (TO_Lab) applications which are only representative of similar applications in actual mission software. Fuzzing techniques applied to cFS reveal issues in the Command Ingest application (CI_Lab).

This talk will be streamed on YouTube: https://www.youtube.com/watch?v=D5yiIlMy2Lg

Aerospace Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/c/AerospaceVillage

Return to Index - Add to

- ics Calendar file

AVV - Saturday - 18:45-19:45 PDT

Title: Game Theory: Understanding and Strategy and Deception
When: Saturday, Aug 7, 18:45 - 19:45 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Juneau Jones
Raised in the woods of Alaska, Juneau attributes her love of hacking to a childhood spentbuilding and breaking things outside. After studying computer science and economics, she moved to Dallas, Texas, where she found a home in the local hacker community. Juneau began research on applying behavioral economics to adversarial tactics. After her successful first talk at Dallas Hacker's Association on the prisoner’s dilemma, she began presenting her research at cons across the country. Currently, she works as an adversarial analyst doing consultant red teaming. She is also continuing her research and education as a cybersecurity fellow at NYU. When she is not hacking or asking strangers to act out the prisoner's dilemma, Juneau breathes fire, plays the bass, and runs DC214; Dallas's DefCon group.

Description:
Game Theory is the study of choices and strategies made by rational actors, called "players," in competitive situations, and it offers us a way to study and map human conflict. Statisticians use game theory to model war, biology, and even football. We will model the choices and behavior demonstrated by real-world adversarial conflict. Usingthese models, we will discuss how players form strategies and how other actors can influence those strategies. The talk will begin with an overview of game-theoretic modeling and its application to adversary behavior. Using the Prisoner's Dilemma as an example, we will look at how to model and analyze a single game. We can then model repeated interactions and demonstrate how "players" can influence each other's choices. These models will lay the foundations we need to look at more realistic adversary conflict. Next, we are going to look at how players can exploit information asymmetry. Emerging techniques such as dynamic honeynets and virtual attack surfaces both investigate attackers while manipulating their beliefs. We will build a Signaling Game model to show how defenders can credibly deceive adversaries. Using this model, we will look at a scenario where a defender observes multiple attacker movements within a network. While sustained engagement can help the defender learn more about the attacker and provide them false information, it comes at the risk of added exposure. In this scenario, there is a trade-off between information gained and short-term security. This talk will not look at network topology or protocols but will instead look at information exchange and strategy. We will then apply the same models to an adversarial perspective. Sustained engagement with a defender can provide an attacker with information and the opportunity to deceive defenders. However, that comes with a risk. How does an attacker's strategy change when a defender can eject them from the network at any time? By analyzing conflict where strategy and choices determine the outcome, we learn more about how to understand others' tactics and influence them with our own decisions.

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Return to Index - Add to

- ics Calendar file

HRV - Saturday - 16:00-16:30 PDT

Title: Getting started with low power & long distance communications - QRP
When: Saturday, Aug 7, 16:00 - 16:30 PDT
Where: Ham Radio Village (Virtual Talks)

SpeakerBio:Eric Escobar , Principal Security Consultant
Eric is a seasoned pentester and a Principal Security Consultant at Secureworks. On a daily basis he attempts to compromise large enterprise networks to test their physical, human, network and wireless security. His team consecutively won first place at DEF CON 23, 24, and 25's Wireless CTF, snagging a black badge along the way. Forcibly retired from competing in the Wireless CTF, he’s now a member of the DEF CON Wireless Village team. Before entering the cyber security arena, Eric attained both a BS and MS in Civil Engineering along with his Professional Engineering license.

Description:
Solar minimums have you down? Anxious to get out of the shack? This talk is for the ham who wants to take their gear on the go and still have reliable and long distance communications. Be prepared to be amazed at just how far 5 watts will truly go. I'll be covering the hardware, software, and configuration for the shack that will fit in a backpack.

All Ham Radio Village talks will be streamed to Twitch, with discussion in Discord.

For more information, see https://hamvillage.org/dc29.html

Twitch: https://www.twitch.tv/hamradiovillage

#hrv-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991

Return to Index - Add to

- ics Calendar file

DL - Saturday - 12:00-13:50 PDT

Title: Git Wild Hunt
When: Saturday, Aug 7, 12:00 - 13:50 PDT
Where: Palace 3+4+5
Speakers:Rod Soto,José Hernandez

SpeakerBio:Rod Soto
Over 15 years of experience in information technology and security. He has spoken at ISSA, ISC2, OWASP, DEFCON, RSA Conference,Hackmiami, DerbyCon, Splunk .CONF, Black Hat,BSides, Underground Economy and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision, BBC, Forbes, VICE, Fox News and CNN. Co-founder of Hackmiami, Pacific Hackers Meetups and Conferences. Co-founder of Pacific Hackers Association.

SpeakerBio:José Hernandez
Principal Security Researcher at Splunk. He started his professional career at Prolexic Technologies (now Akamai), fighting DDOS attacks against Fortune 100 companies perpetrated by “anonymous” and “lulzsec.” As an engineering co-founder of Zenedge Inc. (acquired by Oracle Inc.), José helped build technologies to fight bots and web-application attacks. He has also built security operation centers and run a public threat-intelligence service.
Twitter: @d1vious

Description:
Tool or Project Name: Git Wild Hunt A tool for hunting leaked credentials

Short Abstract:
Git Wild Hunt is a tool designed to search and identify leaked credentials at public repositories such as Github. Git Wild Hunt searches for footprints and patterns of over 30 of the most used secrets/credentials on the internet, especially those used in Devops and IT Operations. This tool helps developers and security operation departments discover leaked credentials in public repositories. This tool is also a recon tool for red teamers and pentesters, as it also provides metadata from leaks such as usernames, company names, secret types and dates.

License: Apache-2.0 License

Short Developer Bio:
José Hernandez @d1vious
Principal Security Researcher at Splunk. He started his professional career at Prolexic Technologies (now Akamai), fighting DDOS attacks against Fortune 100 companies perpetrated by “anonymous” and “lulzsec.” As an engineering co-founder of Zenedge Inc. (acquired by Oracle Inc.), José helped build technologies to fight bots and web-application attacks. He has also built security operation centers and run a public threat-intelligence service.

Rod Soto @rodsoto
Principal Security Research Engineer at Splunk. Worked at Prolexic Technologies (now Akamai), and Caspida. Cofounder of Hackmiami and Pacific Hackers meetups and conferences. Creator of Kommand && KonTroll / NoQrtr-CTF.

URL to any additional information: https://github.com/d1vious/git-wild-hunt

Detailed Explanation of Tool:
This tool is very effective in finding leaked credentials here is a list of the credentials that are detected: AWS API Key
Amazon AWS Access Key ID
Amazon MWS Auth Token
Facebook Access Token
Facebook OAuth
Generic API Key
Generic Secret
GitHub
Google (GCP) Service-account
Google API Key
Google Cloud Platform API Key
Google Cloud Platform OAuth
Google Drive API Key
Google Drive OAuth
Google Gmail API Key
Google Gmail OAuth
Google OAuth Access Token
Google YouTube API Key
Google YouTube OAuth
Heroku API Key
MailChimp API Key
Mailgun API Key
PGP private key block
Password in URL
PayPal Braintree Access Token
Picatic API Key
RSA private key
SSH (DSA) private key
SSH (EC) private key
Slack Token
Slack Webhook
Square Access Token
Square OAuth Secret
Stripe API Key
Stripe Restricted API Key
Twilio API Key
Twitter Access Token
Twitter OAuth
Target Audience:
Offense, Vulnerability Assessment

This tool is very effective in bringing awareness of the danger of leaked credentials in public repositories.

Return to Index - Add to

- ics Calendar file

CPV - Saturday - 15:30-16:30 PDT

Title: Gold Bug Q&A
When: Saturday, Aug 7, 15:30 - 16:30 PDT
Where: Crypto & Privacy Village (Virtual)

Description:
Join puzzlemasters Kevin & Maya to discuss this year's puzzle!

goldbug.cryptovillage.org

Crypto & Privacy Village will be streaming their events to YouTube and Twitch.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Ionut%20Cernica%20-%20Hack%20the%20hackers-%20Leaking%20data%20over%20SSL-TLS.mp4

Return to Index - Add to

- ics Calendar file

SOC - Saturday - 20:00-01:59 PDT

Title: Gothcon 2021
When: Saturday, Aug 7, 20:00 - 01:59 PDT
Where: Bally's Skyview 4

Description:
Join us, hybrid style, as we continue yet another year of #DCGOTHCON. Digital hangs will be found at https://www.twitch.tv/dcgothcon. Watch our twitter @dcgothcon for updates about some renegade IRL meet-ups. We will be streaming our fav goth DJ's Friday evening, 10p-2a Paciﬁc. DM on twitter to join our discord.

Return to Index - Add to

- ics Calendar file

DC - Saturday - 12:30-12:50 PDT

Title: Hack the hackers: Leaking data over SSL/TLS
When: Saturday, Aug 7, 12:30 - 12:50 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded

SpeakerBio:Ionut Cernica
Ionut Cernica started his security career with the bug bounty program from Facebook. His passion for security led him to get involved in dozens of such programs and he found problems in very large companies such as Google, Microsoft, Yahoo, AT&T, eBay, VMware. He has also been testing web application security for 9 years and has had a large number of projects on the penetration testing side.

Another stage of his career was to get involved in security contests and participated in more than 100 such contests. He also reached important finals such as Codegate, Trend Micro and Defcon with the PwnThyBytes team. He also won several individual competitions, including the mini CTF from the first edition of Appsec village - Defcon village.

Now he is doing research in the field of web application security, being also a PhD student at University Polytechnic of Bucharest. Through his research he wants to innovate in the field and to bring a new layer of security to web applications. He has also been working as a Security Researcher @Future Networks 5G Lab for a few months now and hopes to make an important contribution to the 5G security area through research.

Twitter: @CernicaIonut

Description:
Have you considered that in certain situations the way hackers exploit vulnerabilities over the network can be predictable? Anyone with access to encrypted traffic can reverse the logic behind the exploit and thus obtain the same data as the exploit.

Various automated tools have been analyzed and it has been found that these tools operate in an unsafe way. Various exploit databases were analyzed and we learned that some of these are written in an insecure (predictable) way.

This presentation will showcase the results of the research, including examples of exploits that once executed can be harmful. The data we obtain after exploitation can be accessible to other entities without the need of decrypting the traffic. The SSL/TLS specs will not change. There is a clear reason for that and in this presentation I will argue this, but what will change for sure is the way hackers will write some of the exploits.

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=WNXEuFaRUkU

This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

HTSV - Saturday - 12:00-14:59 PDT

Title: Hack the Sea Cabana Party
When: Saturday, Aug 7, 12:00 - 14:59 PDT
Where: Hack the Sea (Virtual)

Description:
For more information see https://hackthesea.org/cabana-party/

Come visit our Cabana Saturday from 12:00-3:00pm PST pool-side at Bally’s!

Hack the Sea Village will stream their events to YouTube and Twitch.

https://twitter.com/hack3rrunway

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 10:00-15:59 PDT

Title: Hack-A-Sat2 Satellite Platform
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Virtual + Paris Rivoli B)

Description:
Come and gets hands on with Hack-a-Sat 2 hardware and learn about the unique problems presented by cybersecurity in the space realm. The Air Force and Space Force will be presenting the HAS2 flatsat – the primary platform hosting the hacking challenges for HAS2, comprised of a variety of software and processor architectures commonly used in space vehicles. Visitors can command various settings changes in the flatsat and see the resulting changes in the telemetry from the device as well as visual attitude changes in the NASA 42 simulation. Visitors will also be introduced to the HAS2 Digital Twin, an emulated version of all the flight software running on the flatsat, and will have a chance to capture and analyze an exploit being thrown against the flight software. Lastly, the Aerospace Corporation will demonstrate cyber defense onboard a satellite by using machine learning and signatures to detect anomalous command sequences and onboard cyber events.

For virtual attendees, the Digital twin demonstration will also be accessible via VNC to an instance running inside Docker containers in Amazon AWS (remote viewers will need to have a VNC client on their own computer).

Return to Index - Add to

- ics Calendar file

CON - Saturday - 10:00-15:59 PDT

Title: Hack3r Runw@y
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: See Description

Description:
More info: https://forum.defcon.org/node/236429

More info: https://hack3rrunway.github.io/

Also see #ce-hack3r-runway.

Register here: https://docs.google.com/forms/d/e/1FAIpQLSdua561gCbWEbGk7_ZuS7cg3w7_IFbtrahibeKsU0iR%20ENiIiw/viewform?usp=sf_link

- ics Calendar file

DC - Saturday - 15:00-15:45 PDT

Title: Hacking G Suite: The Power of Dark Apps Script Magic
When: Saturday, Aug 7, 15:00 - 15:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded

SpeakerBio:Matthew Bryant
mandatory (Mathew Bryant) is a passionate hacker currently leading the red team effort at Snapchat. In his personal time he’s published a variety of tools such as XSS Hunter, CursedChrome, and tarnish. His security research has been recognized in publications such as Forbes, The Washington Post, CBS News, Techcrunch, and The Huffington Post. He has previously presented at Blackhat, RSA, Kiwicon, Derbycon, and Grrcon. Previous gigs include Google, Uber, and Bishop Fox.
Twitter: @IAmMandatory
https://thehackerblog.com

Description:
You’ve seen plenty of talks on exploiting, escalating, and exfiltrating the magical world of Google Cloud (GCP), but what about its buttoned-down sibling? This talk delves into the dark art of utilizing Apps Script to exploit G Suite (AKA Google Workspace).

As a studious sorcerer, you’ll discover how to pierce even the most fortified G Suite enterprises. You’ll learn to conjure Apps Script payloads to bypass powerful protective enchantments such as U2F, OAuth app allowlisting, and locked-down enterprise Chromebooks.

Our incantations don’t stop at the perimeter, we will also discover novel spells to escalate our internal privileges and bring more G Suite accounts under our control. Once we’ve obtained the access we seek, we’ll learn various curses to persist ourselves whilst keeping a low profile so as to not risk an unwelcome exorcism.

You don’t need divination to see that this knowledge just might rival alchemy in value.

REFERENCES: No real academic references, this is all original research gleaned from real-world testing and reading documentation.

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=6AsVUS79gLw

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Matthew%20Bryant%20-%20Hacking%20G%20Suite%20-%20The%20Power%20of%20Dark%20Apps%20Script%20Magic.mp4

This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Thomas%20Roth%20-%20Hacking%20the%20Apple%20AirTags.mp4

Return to Index - Add to

- ics Calendar file

DC - Saturday - 17:00-17:45 PDT

Title: Hacking the Apple AirTags
When: Saturday, Aug 7, 17:00 - 17:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Thomas Roth
Thomas Roth, also known as stacksmashing, is a security researcher from Germany with a focus on embedded devices: From hacking payment terminals, crypto wallets, secure processor, the Nintendo Game & Watch, up to Apple’s AirTag he loves to explore embedded & IoT security. On how YouTube channel “stacksmashing” he attempts to make reverse-engineering & hardware hacking more accessible.
Twitter: @ghidraninja
https://youtube.com/stacksmashing

Description:
Apple’s AirTags enable tracking of personal belongings. They are the most recent and cheapest device interacting with the Apple ecosystem. In contrast to other tracking devices, they feature Ultrawide-band precise positioning and leverage almost every other Apple device within the Find My localization network.

Less than 10 days after the AirTag release, we bypassed firmware protections by glitching the nRF52 microcontroller. This opens the AirTags for firmware analysis and modification. In this talk, we will explain the initial nRF52 bypass as well as various hacks built on top of this. In particular, AirTags can now act as phishing device by providing malicious links via the NFC interface, be cloned and appear at a completely different location, used without privacy protections that should alert users as tracking protection, act as low-quality microphone by reutilizing the accelerometer, and send arbitrary data via the Find My network. Besides these malicious use cases, AirTags are now a research platform that even allows access to the new Ultrawide-band chip U1.

REFERENCES: LimitedResults nRF52 APPROTECT Bypass: https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/

Positive Security’s Send My Research for sending arbitrary data via the find my network: https://positive.security/blog/send-my

Colin O’Flynn’s notes on the AirTag Hardware: https://github.com/colinoflynn/airtag-re

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=paxErRRsrTU

This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

WS - Saturday - 10:00-13:59 PDT

Title: Hacking the Metal: An Introduction to Assembly Language Programming
When: Saturday, Aug 7, 10:00 - 13:59 PDT
Where: Workshops - Las Vegas 3+4 (Onsite Only)

SpeakerBio:eigentourist , Programmer
Eigentourist is a programmer who learned the craft in the early 1980s. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes it's hard to tell which was which. Today, he works on systems integration and engineering in the healthcare industry.

Description:
Deep below the surface of the web, the visible desktop, and your favorite mobile apps, lies a labyrinth where the rules of most programming languages cease to exist. This is the world of the reverse engineer, the malware analyst, and the veteran systems programmer. Here, we write code in assembly language, the lowest level at which a computing machine can be programmed. This workshop will introduce you to the world of assembly language programming, give you the opportunity to write some real-world code, and finally, to play the role of reverse engineer and try your hand at some guided malware analysis.

Registration Link: https://www.eventbrite.com/e/hacking-the-metal-an-introduction-to-assembly-language-programming-lv-34-tickets-162218563089

Prerequisites: Some previous programming experience is helpful but not vital.

Materials needed:
Laptop

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 10:00-15:59 PDT

Title: HACMS Live Demo
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Paris Rivoli B)

Description:
As part of DARPA-s High-Assurance Cyber Military Systems program, Collins Aerospace led a team of researchers using formal methods tools to construct aircraft software that was provably secure against many classes of cyber attack. We will have an operational (but non-flying) version of our secure quadcopter present whose mission and telemetry software runs on the formally verified seL4 kernel. We will provide wifi access to an isolated virtual machine running on its mission computer. DEF CON participants will be challenged to break out of the VM environment to read or write the encryption keys used for vehicle telemetry.

Return to Index - Add to

- ics Calendar file

HRV - Saturday - 12:00-17:59 PDT

Title: Ham Radio Exams
When: Saturday, Aug 7, 12:00 - 17:59 PDT
Where: Ham Radio Village (Onsite - Bally's Bronze 1-2)

Description:
Come stop by the Ham Radio Village to get your amateur radio license during our free license exams! More info on the DEF CON fourms

Return to Index - Add to

- ics Calendar file

HHV - Saturday - 08:30-08:59 PDT

Title: Hardware Hacking 101: Rogue Keyboards and Eavesdropping Cables
When: Saturday, Aug 7, 08:30 - 08:59 PDT
Where: Hardware Hacking Village (Virtual Talk)

SpeakerBio:Federico Lucifredi
Federico Lucifredi is the Product Management Director for Ceph Storage at Red Hat and a co-author of O’Reilly’s ““Peccary Book”” on AWS System Administration. Previously, he was the Ubuntu Server product manager at Canonical, where he oversaw a broad portfolio and the rise of Ubuntu Server to the rank of most popular OS on Amazon AWS. A software engineer-turned-manager at the Novell corporation, he was part of the SUSE Linux team, overseeing the update lifecycle and delivery stack of a $150 million maintenance business. A CIO and a network software architect at advanced technology and embedded Linux startups, Federico was also a lecturer for over 200 students in Boston University’s graduate and undergraduate programs, and simultaneously a consultant for MIT implementing fluid-dynamics simulations in Java.
Twitter: @0xF2
f2.svbtle.com

Description:
This is a live tutorial of hacking with keystroke injection attacks. We take advantage of the inherent trust that computers place on what is believed to be a regular keyboard to unleash pre-programmed keystroke payloads at well over 1000 words a minute. We access the host system and bypass traditional security countermeasures for payloads that can include reverse shells, binary injection, brute force password attacks, and just about any attack that can be fully automated.

We misuse the trust the operating system places on USB human-interaction devices to demonstrate once again the old adage that if you can physically access a computing device, there is no real security to be had. I will review hardware, its capabilities, how to breach OS security, and how attackers can enable it to perform a variety of tasks with its own tools. I will then show how to build and install additional software and customize the device with binary or scripted payloads.

We take the discussion to the next level by removing the need for a device and exploring attacks that can be delivered directly by a plain USB cable. We dissect easily-sourced, low-cost hardware implants embedded in standard, innocent-looking USB cables providing an attacker with further capabilities, including among them the ability to track its own geolocation.

#hhv-talk-qa-hw-hacking-101-text https://discord.com/channels/708208267699945503/709255105479704636

Hardware Hacking Village talks will be streamed to Twitch.

Return to Index - Add to

- ics Calendar file

VMV - Saturday - 11:30-11:59 PDT

Title: High Turnout, Wide Margins
When: Saturday, Aug 7, 11:30 - 11:59 PDT
Where: Voting Village (Talks - Virtual)
Speakers:Brianna Lennon,Eric Fey

SpeakerBio:Brianna Lennon
Brianna Lennon is the County Clerk and local election official for Boone County, Missouri. She holds a Master's in Public Policy and a law degree, both from the University of Missouri. Prior to her election as Boone County Clerk, Brianna served as an Assistant Attorney General in the Consumer Protection Division of the Missouri Attorney General's Office before joining the Missouri Secretary of State's Office under former Secretary Jason Kander. As the Deputy Director of Elections and first coordinator of the Election Integrity Unit in the Secretary of State's Office, she worked closely with local election authorities across the state to ensure that elections were simple, secure, and accessible for voters.

SpeakerBio:Eric Fey
Eric Fey is the Director of the St. Louis County Board of Elections in St. Louis, Missouri. Along with a bachelor's degree from Webster University in political science, Fey holds a Master’s in public administration from the University of Missouri-St. Louis with a specialty in election management and has served as a foreign election observer in a range of countries, from the now Russian-occupied territory in Ukraine to Belarus to Kazakhstan to Macedonia.

Description:
Local election officials faced unprecedented challenges while administering elections in 2020, from widespread disinformation to COVID-19 safety precautions. Unlike in previous election cycles, though, the global pandemic prevented officials from connecting in person to commiserate, share best practices, and support each other.

In December of 2020, the High Turnout Wide Margins podcast launched to fill the void and give administrators an outlet for discussing the nuts and bolts of elections. Co-hosts Brianna Lennon, an elected county clerk in Boone County, Missouri and Eric Fey, an appointed director of elections in St. Louis County, Missouri, talk to subject-matter experts on topics like cybersecurity, disinformation, and elections integrity. In this presentation, Lennon and Fey share key takeaways from these discussions.

High Turnout Wide Margins is not a commercial podcast.

Voting Village talks will be streamed to YouTube and Twitch.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Mickey%20Shkatov%20Jesse%20Michael%20-%20High-Stakes%20Updates%20-%20BIOS%20RCE%20OMG%20WTF%20BBQ.mp4

YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg

Return to Index - Add to

- ics Calendar file

DC - Saturday - 10:00-10:45 PDT

Title: High-Stakes Updates | BIOS RCE OMG WTF BBQ
When: Saturday, Aug 7, 10:00 - 10:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded
Speakers:Jesse Michael,Mickey Shkatov

SpeakerBio:Jesse Michael
Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.
Twitter: @JesseMichael

SpeakerBio:Mickey Shkatov
Mickey has been doing security research for almost a decade, one of specialties is simplifying complex concepts and finding security flaws in unlikely places. He has seen some crazy things and lived to tell about them at security conferences all over the world, his past talks range from web pentesting to black badges and from hacking cars to BIOS firmware.
Twitter: @HackingThings

Description:
With attacks moving below the operating system and computer firmware vulnerability discovery on the rise, the need to keep current platforms updated becomes important and new technology is developed to help defend against such threats. Major computer manufacturers are adding capabilities to make it easier to update BIOS.

Our research has identified multiple vulnerabilities in Dell's BiosConnect feature used for remote update and recovery of the operating system. These vulnerabilities are easy to exploit by an adversary in the right position, and are not prevented by protective technologies such as Secured Core PCs, BitLocker, BootGuard, and BIOS Guard.

Join us and together we will explore the new attack surfaces introduced by these UEFI firmware update mechanisms -- including a full walk-through of multiple vulnerability findings and the methods we used to create fully working exploits that gain remote code execution within the laptop BIOS and their effects on the operating system.

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=qxWfkSonK7M

This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

BICV - Saturday - 16:30-16:30 PDT

Title: How Bias and Discrimination in Cybersecurity will have us locked up or dead
When: Saturday, Aug 7, 16:30 - 16:30 PDT
Where: Blacks in Cyber

SpeakerBio:Tennisha Martin
Tennisha Martin is the founder and Executive Director of a National Cybersecurity non-profit organization dedicated to providing education and resources to underserved communities and increasing the diversity in cyber. She has worked in a government consulting capacity for over 15 years and in her spare time is a Cyber Instructor, mentor, and red-team leaning ethical hacking advocate for diversity in Cyber and the executive suites.
Twitter: @misstennisha

Description:
This talk focuses on algorithmic analysis and machine learning in the healthcare and criminal justice settings. Algorithms make a lot of important decisions including selecting candidates for a particular residency in medical school, tests that identify skin cancer in patients or determining the sentencing recommendations for people convicted of a crime. The outcome of these decisions includes impacting the number of people (or people of color) in certain specialties, failing to identify skin cancer in people of color and recommending longer sentences for black people and in particular black men. Studies have been shown that bias in algorithms have a wide-ranging impact, especially in the areas of clinical decision support and in criminal justice. Clinical decision support is integrated into electronic health records around the world and are used to establish things like best practices, medication guidelines, and prioritization of patients. The idea behind clinical decision support is that the algorithms are used based on aggregated data to help health care providers provide a standard of care. The reality, however, is that there is a thin line between the algorithms acting as the basis for recommendations and them acting autonomously. The aggregation of data and the formulation of algorithms by a largely homogeneous population results in bias and discrimination against people of color. In criminal justice, the racial impact of predictive policing is that black people serve longer times in jail. In healthcare, the impact of algorithmic bias results in poorer health outcomes, and failure to diagnose and treat patients of color. The result is that bias and discrimination in artificial intelligence will have members of the Black community incarcerated or dead.

Blacks in Cyber talks will be streamed on YouTube.

YouTube: https://www.youtube.com/c/BlacksInCybersecurity

Return to Index - Add to

- ics Calendar file

BTV - Saturday - 12:15-12:45 PDT

Title: How do you ALL THE CLOUDS?
When: Saturday, Aug 7, 12:15 - 12:45 PDT
Where: Blue Team Village - Main Track (Virtual)

SpeakerBio:henry
As a security {engineer | data scientist}, Henry operates as an information/data security architect, previously as a security consultant and developer in the industry. In his current role, he interfaces with internal business partners in providing architectural guidance and aligning the business with best practices and building countless tools and automation for the benefit of IT and security personnel alike. He has learned the hard and fun way that learning itself shouldn’t be considered a chore or a negative, but an opportunity to be able to be more effective and adaptive with the ever-changing needs of the business.
Twitter: @Bazinga73

Description:
If you think I'm shouting something about security strategy for a multi-cloud environment...it's because I AM. Secure your dangling DNS records. Your object storage is showing. I can see your compute workload from here. Get your security groups straight. Have you seen the laundry list of accounts no one has performed nary an IAM credential analysis? Are your analytic processes hamstrung and kludgey from, you know, being cloudy? Don't know to even assess your options? Let's talk about how to evaluate cloud security tools and the considerations you need to make for your enterprise.

By now, every company should not only be aware of the cloud but actively using it to some degree—whether run by your IT department or, unofficially, by your engineering teams and sales organizations itching to invite a script kiddie to pluck your precious intellectual property—I mean, POC and strut their stuff that they can take their security and IT matters into their own hands.

Either way, you need a strategy or a clue. One is good. Both are better. Tying them together is best.

In this talk, I'll cover a number of random things. The generic reasons why many teams want to use cloud accounts. The common gotchas that may improve or disrupt your obviously super awesome demo for your customer, boss, team. Or just to actually do real work and expand your organization's compute demand en masse.

The focus will be addressing the technical gotchas in managing, monitoring, and assessing the security needs against the "business" needs for your organization: engineering, IT, and compliance. Operationally, you'll hit a breaking point. Too many users, too many accounts, too many workloads hammering your cloud interface. I'll focus primarily on AWS but also generically cover the other major Cloud Service Provider flavors, as, in the end, it's all the same: your org may have gotten wind that there are other cloud accounts and they just wanted to play with ALL OF THEM. How do you corral these little beasts? Tools. Technology. Processes.

I'll focus on open source tools like Prowler and ScoutSuite, touch some for closed source, but you'll still need to understand how to operationally point, aim, and fire to make it scale for you. In my experience, there's a certain level of "je ne sais quoi" element to getting to a comfortable level in overseeing the management of all these cloud accounts. I'll probably spend the balance of the time critiquing each tool in the end and present pros/cons and likely scenarios for you/your team/your org's maturity here to help you to drive your choice. Who knows, maybe I'll talk about my own open-source spin on things!

Blue Team Village talks will be streamed to Twitch.

Return to Index - Add to

- ics Calendar file

APV - Saturday - 14:00-14:45 PDT

Title: How I broke into Mexico City's justice system application and database
When: Saturday, Aug 7, 14:00 - 14:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Alfonso Ruiz Cruz
No BIO available

Description:
Brief talk about how a chain of simple vulnerabilities gained me admin access to the whole database and application of Mexico City's justice system. Leaving exposed every file from criminal, civil and familiar trials since 2008.

AppSec Village events will be streamed to YouTube.

Return to Index - Add to

- ics Calendar file

LPV - Saturday - 13:00-13:59 PDT

Title: How I defeated the Western Electric 30c
When: Saturday, Aug 7, 13:00 - 13:59 PDT
Where: Lock Pick Village (Virtual)

SpeakerBio:N∅thing
No BIO available

Description:
I will take you through my thoughts, motivation and techniques on how I defeated the infamous Western Electric 30c.

Lock Pick Village will be streaming their activities to Twitch and YouTube.

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US

Return to Index - Add to

- ics Calendar file

HRV - Saturday - 15:00-15:30 PDT

Title: How to Contact the ISS with a $30 Radio
When: Saturday, Aug 7, 15:00 - 15:30 PDT
Where: Ham Radio Village (Virtual Talks)

SpeakerBio:Gregg Horton
Gregg Horton K6XSS is a security professional by day and by night explores the airwaves with ham radio. He got his general license in January 2021 and is very interested in digital modes like JS8CALL. When not playing with antennas, He enjoys gardening and getting beat at pokemon cards by his 5 year old son.

Description:
This presentation will go over the basics of how to listen to the international space station using a handheld ham radio. We will also cover how to utilize the repeater on the ISS, Capturing SSTV images from the ISS, and what equipment you can use to maximize your contacts.

All Ham Radio Village talks will be streamed to Twitch, with discussion in Discord.

- ics Calendar file

APV - Saturday - 10:00-10:45 PDT

Title: I used AppSec skills to hack IoT, and so can you
When: Saturday, Aug 7, 10:00 - 10:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Alexei Kojenov
Alexei began his career as a software developer. A decade later, he realized that breaking code was way more fun than writing code, and decided to switch direction. He is now a full-time application security professional, with several years of assisting various development teams in delivering secure code, as well as security consulting. Outside of his day job, Alexei enjoys doing security research and learning new hacking techniques.

Description:
We tend to think of AppSec and IoT as two separate infosec disciplines. Sure, the domain knowledge, attack vectors, and threat mitigation are not exactly the same in those two worlds. At the same time, as the hardware continues to evolve, we see more and more tiny general purpose computers around us. Many of these tiny computers nowadays run software that is written in a conventional programming language, listen on network ports, process data inputs, and communicate with the outside world. These devices can be attacked just like any other application running on a desktop, on a server, or in the cloud.

AppSec Village events will be streamed to YouTube.

Return to Index - Add to

Title: Intro to ML Workshop
When: Saturday, Aug 7, 09:30 - 10:59 PDT
Where: AI Village (Virtual)

SpeakerBio:Gavin Klondike
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536

Return to Index - Add to

- ics Calendar file

IOTV - Saturday - 16:30-16:59 PDT

Title: IoT devices as government witnesses: Can IoT devices ever be secure if law enforcement has unlimited access to their data?
When: Saturday, Aug 7, 16:30 - 16:59 PDT
Where: IoT Village (Talk - Virtual)
Speakers:Anthony Hendricks,Jordan Sessler

SpeakerBio:Anthony Hendricks
Anthony Hendricks is an attorney who advises clients as the chair of Crowe & Dunlevy’s Cybersecurity & Data Privacy Practice Group. In that role, he frequently analyzes and litigates legal issues related to IoT devices. Prior to beginning his practice, he studied as Howard University's first Marshall Scholar and later graduated from Harvard Law School. He now teaches cybersecurity law as an adjunct professor at Oklahoma City University School of Law.

SpeakerBio:Jordan Sessler
Jordan Sessler is an attorney who advises clients on data security as a member of Crowe & Dunlevy’s Cybersecurity & Data Privacy Practice Group. In that role, he regularly engages with legal issues related to IoT devices and has represented companies in disputes with law enforcement regarding the discoverability of user- and device-generated data. Prior to beginning his practice, he graduated from Harvard Law School and clerked for U.S. District Court Judge D.P. Marshall Jr.

Description:
A man in Connecticut was arrested after his wife’s Fitbit implicated him in her murder. Prosecutors in Arkansas sought to use data from an Amazon Echo as evidence against a murder suspect. Local police sought access to car, TV, and even refrigerator data to monitor Black Lives Matter protestors—and the FBI did the same thing to help track down suspects in the aftermath of the January 6th, 2021 riot at the U.S. Capitol.

These examples are hardly isolated instances—there are thousands of other cases just like them. And they all speak to an important truth: IoT devices are increasingly being used by law enforcement for investigational purposes and, in some cases, even being made into star witnesses at trial. But law enforcement’s use of IoT devices raises two important questions. First, does allowing the government to use IoT data violate consumer expectations of privacy, particularly at a time when IoT products are being made and marketed with an eye toward information security? Second, are criminal suspects being provided with the same near-limitless access to IoT data for purposes of mounting their legal defense?

The answers to both of these questions are troubling, in large part because the law is inherently back-ward looking and is thus not equipped to grapple with the raw amount of information is now generated. Just as many consumers did not realize several years that their watch or car audio system would be used by law enforcement to track their location 24/7, so lawmakers and judges did not either. For example, the Federal Privacy Act of 1974 never contemplated that, rather than maintaining records, the government would simply buy access to private records—as ICE recently did by purchasing access to CLEAR—or create its own iOS app to ensnare criminals, as the FBI recently did. Likewise, although the Supreme Court noted the private nature of cell phone location data in Carpenter v. United States, this was a 5-4 decision (while RBG was still on the bench) that only applied the Fourth Amendment to historical cell phone GPS data, effectively leaving the law unsettled on many other types of IoT data. This has led courts, including a New York federal court in a case involving Apple, to express concerns that, even where warrants are involved, allowing the government to force companies to produce IoT device data could “result in a virtually limitless expansion of the government’s legal authority to surreptitiously intrude on personal privacy.”

These concerns are heightened by the fact that, although the Federal Rules of Criminal Procedure are supposed provide defendants with equal discovery rights, the Stored Communications Act often prevents defendants from accessing the IoT data of others, such as witnesses, accusers, or potential other defendants. In practice, this means that IoT data can effectively be used against criminal suspects but is not available for them to use in arguing their legal defense. This results in an incredible inequality in the criminal justice system. And it may also lead to erroneous outcomes: as with DNA evidence, IoT data may help exonerate criminals just as often as it implicates them. Indeed, in the Arkansas v. Bates murder case, the prosecution dismissed the charges against the defendant shortly after it obtained the Amazon Echo data, which apparently validated the defendant’s alibi. Similarly, allegations of cheating against low-income students at Dartmouth Medical School were dismissed after IoT data brought into question potentially erroneous remote test monitoring that may have been skewed by poor internet.

So what can we do to reform or limit government use of IoT data? This talk aims to talk through ways in which both the infosec and legal communities can increase their mutual understanding and help drive reform. In the short term, the infosec community can increase security by minimizing, encrypting, or de-identifying data. This can reduce the amount of information that IoT devices collect and, thus, are required to turn over to law enforcement. Over the long-term, the best solution may be to pass new laws or drive new judicial precedent that incorporates an understanding as to what IoT data is, how it is changing expectations of privacy, and how it is being used by law enforcement. Such laws could either limit access to IoT data—enshrining a greater degree of privacy—or set forth procedures delineating when authorities may use it and guaranteeing defendants equal access. Of course, there are other potential solutions and we hope this talk will help launch a broader discussion on how to help the law interact with IoT technology.

IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.

Return to Index - Add to

- ics Calendar file

IOTV - Saturday - 10:00-18:30 PDT

Title: IoT Village Capture the Flag (CTF)
When: Saturday, Aug 7, 10:00 - 18:30 PDT
Where: IoT Village (Virtual + Paris Vendome A)

Description:
For more information, see https://www.iotvillage.org/defcon.html

IoT Village virtual events will be streamed to Twitch.

URL to any additional information:
https://github.com/madhuakula/kubernetes-goat https://madhuakula.com/kubernetes-goat
Detailed Explanation of Tool:
Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security. Some of the high-level scenarios include, but not limited to below: Sensitive keys in code bases
DIND (docker-in-docker) exploitation
SSRF in K8S world
Container escape to access host system
Docker CIS Benchmarks analysis
Kubernetes CIS Benchmarks analysis
Attacking private registry
NodePort exposed services
Helm v2 tiller to PwN the cluster
Analysing crypto miner container
Kubernetes Namespaces bypass
Gaining environment information
DoS the memory/cpu resources
Hacker Container preview
Hidden in layers
Supporting Files, Code, etc:
https://github.com/madhuakula/kubernetes-goat https://madhuakula.com/kubernetes-goat/

Target Audience:
Offense, Defense

The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most of the security teams struggle to understand these modern technologies. So this project helps and brings a completely new area of research to share with the community to learn and practice from years of experience.

Title: Lost In Space: No-one Can Hear Your Breach (Choose Wisely)
When: Saturday, Aug 7, 12:30 - 13:20 PDT
Where: Aerospace Village (Virtual Talk)

SpeakerBio:Elizabeth Wharton
Liz, a cybersecurity-focused business and public policy attorney, has advised researchers, startups, and policymakers at the federal, state, and local level. Currently SCYTHE’s Chief of Staff, she was the World’s (second) Busiest Airport’s technology attorney and hosts the CISO Stressed podcast.

Description:
Navigating the space race is difficult enough with privately sponsored flights, internationally owned stations, and interplanetary destinations. Supply-chain vulnerabilities, ransomware threats, and other cybersecurity challenges are magnified when the galactic rules are still being written. Join an interactive adventure dodging malicious attackers, signal and software glitches, and potential liabilities trekking to Mars, highlighting cybersecurity pitfalls and pending policy issues.

This talk will be streamed on YouTube: https://www.youtube.com/watch?v=TEUgTF5zDHA

Aerospace Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/c/AerospaceVillage

Return to Index - Add to

- ics Calendar file

BTV - Saturday - 14:00-17:59 PDT

Title: MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2
When: Saturday, Aug 7, 14:00 - 17:59 PDT
Where: Blue Team Village - Workshop Track 1 (Virtual)
Speakers:Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges

SpeakerBio:Cat Self , Lead Cyber Adversarial Engineer – The MITRE Corporation
Cat Self is a Lead Cyber Adversarial Engineer working on MITRE ATT&CK® and ATT&CK Evaluations teams at MITRE. Cat previously worked at Target as a red team operator, threat hunter, and developer. Cat is an Army Military Intelligence veteran with a passion for mentorship, hiking in foreign lands, and finding opportunities to give back.

SpeakerBio:plug
Plug started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually lead him to his first LA2600 meeting in 1998. From that point forward, he has been involved in computer security. Plug currently leads the Threat Hunting Program for a Fortune 20 organization. In his free time he enjoys building Legos, playing with synthesizers, and when possible, he volunteers his time to computer security events.

SpeakerBio:Ben Bornholm
Ben (@CptOfEvilMinion) is not new to creating workshops as this is his second time creating a DEFCON workshop, yet he has never actually been to DEFCON in person! Ben crafted his whimsical presenting style from being President of RIT’s security club previously known as RC3.

During the day Ben fights off cyber criminals as a DART engineer at Dropbox.com. At night Ben is the author of his blog HoldMyBeerSecurity.com where he discusses topics in security that interest him such as incident response, threat hunting, Osquery, and DevSecOps.

Twitter: @CptOfEvilMinion

SpeakerBio:Tilottama Sanyal
Tilottama Sanyal (wildphish) has a degree in Information technology from India and has almost 8 years of combined experience across DevOps and Cybersecurity. She holds certifications like the GCIH and currently works as an Incident Response Team member at Verizon Media (Yahoo!). Her areas of expertise include risk assessments, vulnerability analysis, and incident response. Her current interests include threat hunting and this is her first-ever workshop.
Twitter: @wildphish

SpeakerBio:Dan Borges
A core member of the National CCDC red team and a director for the Global CPTC. Recently wrote a book on deception applied to infosec and attack-defense competitions: https://ahhh.github.io/Cybersecurity-Tradecraft/

Description:
The Hunt for Red Apples workshop guides participants through emulation walkthroughs, hunting playbooks, & hunting exercises around an Ocean Lotus intrusion, an established threat actor targeting macOS. The workshop is broken into sections using both the attack lifecycle & Mitre ATT&CK knowledge base.

For each phase in the attack live cycle participants learn about one particular tactic, relevant macOS data sources, how to build a hunting plan, practice hunting, & how the red team emulated the tactic using open source intelligence.

This workshop is a resource on how to threat hunt, emulate, & use open source threat intelligence on a specific threat actor.

The Hunt for Red Apples workshop guides participants through emulation walkthroughs, hunting playbooks, and hunting exercises around an Ocean Lotus intrusion, an established threat actor targeting macOS. The workshop is broken into sections using both the attack lifecycle and Mitre ATT&CK knowledge base. For each phase in the attack live cycle participants learn about one particular tactic, relevant macOS data sources, how to build a hunting plan, practice hunting, and how the red team emulated the tactic using open source intelligence.

The objective of this workshop is to provide a balanced approach that showcases both hunting and adversary actions. This workshop is a resource on how to threat hunt, emulate, and use open source threat intelligence on a specific threat actor.

The Hunt for Red Apples workshop is broken into two four hour sessions over two days. As a bonus, we are releasing a second data set for a different scenario on day two for more advanced hunters with no playbooks or walkthroughs. Participants will get to test their macOS Threat Hunting skills! And it's all FREE!

Return to Index - Add to

- ics Calendar file

SEV - Saturday - 14:30-15:30 PDT

Title: Make Them Want To Tell You: The Science of Elicitation
When: Saturday, Aug 7, 14:30 - 15:30 PDT
Where: Social Engineer Village (Virtual)

SpeakerBio:Christopher Hadnagy
Christopher Hadnagy is the founder and CEO of Social-Engineer, LLC. During Chris’ 18 years in the information security industry, he created the world’s first social engineering framework and newsletter, as well as hosted the first social engineering based podcast.

Chris is also a well-known author, having written five books on social engineering. Chris’ new book, “Human Hacking: Win Friends, Influence People and Leave Them Better Off for Having Met You”, released January 5, 2021.

Learn more about the book: https://humanhackingbook.com/

Chris is an Adjunct Professor of Social Engineering for the University of Arizona’s NSA designated Center of Academic Excellence in Cyber Operations (CAE-CO). He also lectures and teaches about social engineering around the globe. Moreover, he’s been invited to speak at the Pentagon, as well as other high secure facilities. Additionally, as the creator of the world’s first Social Engineering Capture the Flag (SECTF), Chris leads the way in educating people on this serious threat.

Making it Better: (5 min)
• IoT policy and compliance
• Strong authentication: what do we do better when we know that passwords and certs have failed us • Automating the identification of IoT – no more hide and seek • Network segmentation - it only works if we do it • Automatically securing IoT devices before something happens, not after • The need for Unified Endpoint Management over Enterprise Mobility Management.

Takeaways: Attendees will have recommendations to bring back they they can action within their environments for increased security posture

IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.

Return to Index - Add to

- ics Calendar file

IOTV - Saturday - 12:45-13:30 PDT

Title: MIPS-X - The next IoT Frontier
When: Saturday, Aug 7, 12:45 - 13:30 PDT
Where: IoT Village (Talk - Virtual)
Speakers:Patrick Ross,Zoltán Balázs

SpeakerBio:Patrick Ross
Patrick (0xn00b), a DEF CON 26 Black Badge holder, is the co-founder of Village Idiot Labs which helps run IoT Village across the globe. Patrick has created a fully immersible/virtual web-based lab environment that people can learn how to hack IoT without the need for their own tools, equipment or even prior knowledge.

SpeakerBio:Zoltán Balázs
Zoltan (@zh4ck) is the Head of Vulnerability Research Lab at CUJO AI, a company focusing on smart home security. Before joining CUJO AI he worked as a CTO for an AV Tester company, as an IT Security expert in the financial industry, and as a senior IT security consultant. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes. He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras.
Twitter: @zh4ck

Description:
IoT vulnerability research usually involves both static and dynamic analysis of the target device. To aid in this task, researchers typically perform some sort of emulation to enumerate the filesystem as well as run the respective binaries. Luckily, there are tools like QEMU and/or Buildroot to guide our path on the way, but this does not mean the way is smooth.

Our main goal was to create a framework and documentation suitable for MIPS (LE/BE) device research, which can be used in a Dockerized environment to set up as many emulated IoT devices as desired. The goal was to create the least amount of pain and effort to set up the emulation infrastructure. This means, you will have a target MIPS architecture virtual machine running natively with all the binaries, full network stack, debugging tools, and other useful tools. Let the pwning begin!

IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.

Return to Index - Add to

- ics Calendar file

BTV - Saturday - 14:30-15:30 PDT

Title: Modern Authentication for the Security Admin
When: Saturday, Aug 7, 14:30 - 15:30 PDT
Where: Blue Team Village - Main Track (Virtual)
Speakers:Bailey Bercik,Mark Morowczynski

SpeakerBio:Bailey Bercik
Bailey Bercik (@baileybercik on Twitter) is a Program Manager in the customer facing arm of the Identity Engineering division at Microsoft. As part of the “Get-To-Production” team, she acts as a trusted advisor to Fortune 500 enterprises deploying Azure Active Directory. She's previously spoken about Azure AD customer stories and security recommendations at Microsoft Ready & Ignite, Blue Team Con, The Diana Initiative, and BSides Portland. Prior to this role, Bailey worked on Microsoft's incubation team for Decentralized Identity and volunteered as a computer science teacher at Warden High School.
Twitter: @BaileyBercik

SpeakerBio:Mark Morowczynski
Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. He's spoken at various industry events such as Black Hat 2019, Defcon Blue Team Village, GrayHat, several BSides, Microsoft Ignite, Microsoft Inspire, Microsoft MVP Summits, The Experts Conference (TEC), The Cloud Identity Summit, SANs Security Summits and TechMentor. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.
Twitter: @markmorow

Description:
Modern authentication protocols such as SAML, OAuth and OpenID Connect. Claims, bearer tokens and JWT tokens are traversing various authentication flow paths in your environment today. In this session we will break down these authentication concepts and common flows for the non-identity admin. We will also discuss some common attacks and defenses the security team should be monitoring for and implementing in their environment.

Many organization's applications are moving to modern authentication protocols such as SAML, OAuth and OpenID Connect. Claims, bearer tokens and JWT tokens are traversing various authentication flow paths in your environment today. Security teams need to be just as familiar with how these work, the risks and the benefits they provide, as they are with Kerberos tickets and NTLM hashes (please stop btw). In this session we will break down these authentication concepts and common flows for the non-identity admin. We will also discuss some common attacks and defenses the security team should be monitoring for and implementing in their environment.

Blue Team Village talks will be streamed to Twitch.

https://photos.app.goo.gl/tUi8xmRuKpLCuVC16 https://www.facebook.com/icetre.normal
https://www.twitter.com/aniabeenz
https://www.youtube.com/channel/UCVY8zEm23QFbO-7LfWLR6xg

Return to Index - Add to

- ics Calendar file

CCV - Saturday - 17:00-17:15 PDT

Title: Monero After Party
When: Saturday, Aug 7, 17:00 - 17:15 PDT
Where: Cryptocurrency Village (Onsite - Paris Champagne Ballroom 1)

SpeakerBio:Monero Sound
No BIO available

Description:
Quick reminder for the Monero Party that will begin later that evening. Previous Monero parties have been so excellent that they made the news. Tickets available at monerosound.com

The Cryptocurrency Village is built around conversations and events, not formal talks. Stop by any time to speak with knowledgeable individuals! This village focuses on the security and privacy side of cryptocurrencies, not the investment side.

The Cryptocurrency Village is conveniently located in Paris Champagne Ballroom 1.

Return to Index - Add to

- ics Calendar file

CCV - Saturday - 13:00-13:15 PDT

Title: Monero Scaling Opportunities and Challenges
When: Saturday, Aug 7, 13:00 - 13:15 PDT
Where: Cryptocurrency Village (Onsite - Paris Champagne Ballroom 1)

SpeakerBio:Francisco Cabañas
No BIO available

Description:
This is a short 15 minute talk followed by an open Q&A session. We will cover the impact of technology, business models and protocols on payment ledgers starting with the advent of general purpose payment, credit and debit cards since the 1940’s followed by the advent of de centralized blockchain based ledgers such as Bitcoin (2009) and Monero (2014). The critical distinction between technological limitations and protocol / business model limitations and the impact of technological limitations at a given point in time on the development of protocols and business models. We will consider how various protocols and business models can compete with each other and in particular what the Monero scaling protocol has to tell us about the limitations of scaling in Bitcoin and similar cryptocurrencies.

The Cryptocurrency Village is built around conversations and events, not formal talks. Stop by any time to speak with knowledgeable individuals! This village focuses on the security and privacy side of cryptocurrencies, not the investment side.

The Cryptocurrency Village is conveniently located in Paris Champagne Ballroom 1.

Return to Index - Add to

- ics Calendar file

MUS - Saturday - 22:00-22:59 PDT

Title: Music - Icetre Normal
When: Saturday, Aug 7, 22:00 - 22:59 PDT
Where: Bally's Pool

SpeakerBio:Icetre Normal
Sometime in 1975, a fissure in the time-space continuum, allowed for only briefest of moments the possibility of time travel. A young iconoclast first born in 2275 took advantage of this brief opportunity.

He traveled with only his knowledge of the art of party creation, ability to bend space and time, and supreme skill of serving the masses with only the smallest pool of available alcohol.

First appearing at Defcon X, since then Icetre can always be found somehow making the impossible possible, and bringing the funk while doing so.

Description:No Description available

Return to Index - Add to

- ics Calendar file

MUS - Saturday - 22:00-22:59 PDT

Title: Music - Krisz Klink
When: Saturday, Aug 7, 22:00 - 22:59 PDT
Where: Bally's Silver Ballroom

SpeakerBio:Krisz Klink
No BIO available

Description:No Description available

Return to Index - Add to

- ics Calendar file

MUS - Saturday - 01:00-01:59 PDT

Title: Music - Magik Plan
When: Saturday, Aug 7, 01:00 - 01:59 PDT
Where: Bally's Silver Ballroom

SpeakerBio:Magik Plan
Magik Plan was founded in 2008 by Garrett Jones. Originally getting his start in electronic music by setting up projections for underground parties, he carved his way through the early days of the dance music scene while making a name for himself as Magik Plan. His obsession with guitars and live instrumentals lead him into diving into the world of sound design. After graduating college in 2009, Garrett began releasing music on online platforms such as SoundCloud.

Fast forward 10 years later, Magik Plan has become a growing name in PsyTrance, Progressive House, Drum n Bass, Chillout and more flavors of electronica.

https://drive.google.com/file/d/1Mj2TAyZdj5tZljcK3oTzg-5lSNpZh5pg/view?usp=sharing https://soundcloud.com/magikplan
https://instagram.com/magikplan
https://facebook.com/magikplan
https://spoti.fi/3jBy8ko

Description:No Description available

Title: National Service Panel
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Career Hacking Village (Talk)
Speakers:Amelie Koran,Elizabeth Schweinsberg,Joe Billingsley,Teri Williams

SpeakerBio:Amelie Koran , Senior Technology Advocate, Splunk
No BIO available

SpeakerBio:Elizabeth Schweinsberg
No BIO available

SpeakerBio:Joe Billingsley
No BIO available

SpeakerBio:Teri Williams
No BIO available

Description:
What background do you need to work with different federal agencies? Which ones have authorities for enforcing regulations, protecting different areas, or engaging adversaries? How do you get hired into the organization? Whether someone is just entering the workforce or wants to consider the options as part of career planning, our panel helps provide the insights and answer the questions you have. We draw from the US Digital Service, DHS CISA, NASA, Marine Corps Cyber Auxiliary, NSA, and other federal agencies. Join us on the Defcon Forums and let us know what questions you have for our panel.

This talk will be available on YouTube: https://www.youtube.com/watch?v=PqLEFsaFWes

Career Hacking Village content will be available on YouTube.

YouTube: https://youtube.com/careerhackingvillage

Return to Index - Add to

- ics Calendar file

WS - Saturday - 15:00-18:59 PDT

Title: Network Analysis with Wireshark
When: Saturday, Aug 7, 15:00 - 18:59 PDT
Where: Workshops - Jubilee 2 (Onsite Only)
Speakers:Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman

SpeakerBio:Sam Bowne , Proprietor, Bowne Consulting
Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, HOPE, BSidesSF, BSidesLV, RSA, and many conferences and colleges.

SpeakerBio:Elizabeth Biddlecome , Consultant and Part-Time Instructor
Elizabeth Biddlecome is a consultant and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.

SpeakerBio:Irvin Lemus , Cybersecurity Professor
Irvin Lemus has been in the industry for 10+ years as an MSP technician, consultant, instructor and coordinator. He is currently the cybersecurity professor at Cabrillo College in Santa Cruz, CA. He also is the Bay Area Cyber Competitions Regional Coordinator as well as the contest creator for SkillsUSA CA and FL. Irvin has spoken at various cybersecurity and educational conferences. Irvin holds a CISSP and a Bachelor's Degree in Information Security.

Irvin Lemus is an instructor at Cabrillo College, teaching cyber security courses for 3 years. Irvin runs the cybersecurity competition program for the Bay Area Community Colleges. He also creates the SkillsUSA Cybersecurity contests for California and Florida. He has Security+, CySA+, WCNA, CISSP.

SpeakerBio:Kaitlyn Handelman , Hacker
I like to hack stuff, and I’m like really good at computers.

Description:
Summarize what your training will cover, attendees will read this to get an idea of what they should know before training, and what they will learn after. Use this to section to broadly describe how technical your class is, what tools will be used, and what materials to read in advance to get the most out of your training. This abstract is the primary way people will be drawn to your session.

This workshop will introduce participants to Network Analysis by understanding Wireshark. Participants will learn to understand packet activity, abnormalities and anomalies to detect attacks, troubleshoot network problems, and perform network forensics. This workshop is structured as a CTF.

Registration Link: https://www.eventbrite.com/e/network-analysis-with-wireshark-tickets-162219979325

Prerequisites: Basic networking knowledge

Materials needed:
Any laptop with Wireshark installed.

Return to Index - Add to

- ics Calendar file

AIV - Saturday - 12:00-12:30 PDT

Title: Never a dill moment: Exploiting machine learning pickle files
When: Saturday, Aug 7, 12:00 - 12:30 PDT
Where: AI Village (Virtual)

SpeakerBio:Suha Sabi Hussain
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536

Return to Index - Add to

- ics Calendar file

VMV - Saturday - 13:00-13:30 PDT

Title: New Hampshire SB43 Forensic Audit
When: Saturday, Aug 7, 13:00 - 13:30 PDT
Where: Voting Village (Talks - Virtual)

SpeakerBio:Harri Hursti
Co-Founder, DEF CON Voting Village; Founding Partner, Nordic Innovation Labs

Harri Hursti is considered one of the world’s foremost experts on the topic of electronic voting security, having served in all aspects of the industry sector. He is considered an authority on uncovering critical problems in electronic voting systems worldwide.

As a consultant, he has conducted and co-authored many studies, both academic and commercial, on various election systems’ data security and vulnerability. These studies have come at the request of officials, legislators and policy makers in 5 countries; including the U.S. government, at both the state and federal level.

Description:
Election security expert Harri Hursti will explain the process and findings from the 2020 post-election audit conducted in Windham, NH.

Voting Village talks will be streamed to YouTube and Twitch.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Jenko%20Hwong%20-%20New%20Phishing%20Attacks%20Exploiting%20OAuth%20Authentication%20Flows.mp4

YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg

Return to Index - Add to

- ics Calendar file

DC - Saturday - 16:00-16:45 PDT

Title: New Phishing Attacks Exploiting OAuth Authentication Flows
When: Saturday, Aug 7, 16:00 - 16:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded

SpeakerBio:Jenko Hwong
Jenko Hwong is on the Netskope Threat Research team, focusing on cloud threats/vectors. He's spent time in engineering and product roles at various security startups in vulnerability scanning, AV/AS, pen-testing/exploits, L3/4 appliances, threat intel, and windows security.
Twitter: @jenkohwong

Description:
OAuth 2.0 device authentication gives users on limited-input devices like TVs an easier way to authenticate against a cloud website/app by entering a code on a computer/phone. This authentication flow leads to new phishing attacks that: - do not need server infrastructure--the login page is served by the authorization provider using their domain and cert - do not require a client application--application identities can be reused/spoofed - do not require user consent of application permissions

Since the phish attacks hijack oauth session tokens, MFA will be ineffective as the attacker does not need to reauthenticate. The ability to defend against these attacks is hindered by limited info and functionality to detect, mitigate, and prevent session token compromise.

I'll demonstrate these new phishing attacks, access to sensitive user data, and lateral movement.

Defensive measures against these phishing attacks will be discussed, specifically the challenges in detection, mitigation, and prevention, and the overall lack of support for managing temporary credentials.

Open-source tools have been developed and will be used to demonstrate how users can: - self-phish their organizations using these techniques - audit security settings that help prevent/mitigate the attacks

REFERENCES: 1.0 Evolving Phishing Attacks 1.1 A Big Catch: Cloud Phishing from Google App Engine and Azure App Service: https://www.netskope.com/blog/a-big-catch-cloud-phishing-from-google-app-engine-and-azure-app-service 1.2 Microsoft Seizes Malicious Domains Used in Mass Office 365 Attacks: https://threatpost.com/microsoft-seizes-domains-office-365-phishing-scam/157261/ 1.3 Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/ 1.4 Office 365 Phishing Attack Leverages Real-Time Active Directory Validation: https://threatpost.com/office-365-phishing-attack-leverages-real-time-active-directory-validation/159188/ 1.5 Demonstration - Illicit Consent Grant Attack in Azure AD: https://www.nixu.com/blog/demonstration-illicit-consent-grant-attack-azure-ad-office-365 https://securecloud.blog/2018/10/02/demonstration-illicit-consent-grant-attack-in-azure-ad-office-365/ 1.6 Detection and Mitigation of Illicit Consent Grant Attacks in Azure AD: https://www.cloud-architekt.net/detection-and-mitigation-consent-grant-attacks-azuread/ 1.7 HelSec Azure AD write-up: Phishing on Steroids with Azure AD Consent Extractor: https://securecloud.blog/2019/12/17/helsec-azure-ad-write-up-phishing-on-steroids-with-azure-ad-consent-extractor/ 1.8 Pawn Storm Abuses OAuth In Social Engineering Attack: https://www.trendmicro.com/en_us/research/17/d/pawn-storm-abuses-open-authentication-advanced-social-engineering-attacks.html

2.0 OAuth Device Code Flow
2.1 OAuth 2.0 RFC:
https://tools.ietf.org/html/rfc6749#page-24 2.2 OAuth 2.0 for TV and Limited-Input Device Applications: https://developers.google.com/identity/protocols/oauth2/limited-input-device 2.3 OAuth 2.0 Scopes for Google APIs:
https://developers.google.com/identity/protocols/oauth2/scopes 2.2 Introducing a new phishing technique for compomising Office 365 accounts: https://o365blog.com/post/phishing/#oauth-consent 2.3. Office Device Code Phishing:
https://gist.github.com/Mr-Un1k0d3r/afef5a80cb72dfeaa78d14465fb0d333

3.0 Additional OAuth Research Areas
3.1 Poor OAuth implementation leaves millions at risk of stolen data: https://searchsecurity.techtarget.com/news/450402565/Poor-OAuth-implementation-leaves-millions-at-risk-of-stolen-data 3.2 How did a full access OAuth token get issued to the Pokémon GO app?: https://searchsecurity.techtarget.com/answer/How-did-a-full-access-OAuth-token-get-issued-to-the-Pokemon-GO-app

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=9slRYvpKHp4

This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

C-Sto:
https://github.com/c-sto/goWMIExec
https://github.com/C-Sto/BananaPhone
https://github.com/C-Sto/gosecretsdump

Return to Index - Add to

- ics Calendar file

CHV - Saturday - 12:00-12:59 PDT

Title: Not so Passive: Vehicle Identification and Tracking via Passive Keyless Entry
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Car Hacking Village - Talks (Virtual)

SpeakerBio:Nick Ashworth
No BIO available
Twitter: @zeetw11

Description:
Attacks on the passive keyless entry system have been around for a while, with most focused on gaining physical access to the vehicle. We have developed a new attack, Marco, that instead focuses on identifying and tracking vehicles by exploiting weaknesses in passive keyless entry systems. This attack works similar to a cooperative radar system, where the attacker transmits an interrogation message, and any nearby key fob will automatically respond. The attacker can then use these responses to identify and track key fobs either generically, such as all fobs of the same make and model of vehicle, or specifically, such as a key fob with a specific identifier.

This talk will stream on YouTube.

YouTube: https://www.youtube.com/watch?v=aiSA4QdF4m8

Return to Index - Add to

- ics Calendar file

DC - Saturday - 18:00-18:45 PDT

Title: Offensive Golang Bonanza: Writing Golang Malware
When: Saturday, Aug 7, 18:00 - 18:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Benjamin Kurtz , Hacker
Ben Kurtz is a hacker, a hardware enthusiast, and the host of the Hack the Planet podcast (https://symbolcrash.com/podcast). After his first talk, at DefCon 13, he ditched development and started a long career in security. He has been a pentester for IOActive, head of security for an MMO company, and on the internal pentest team for the Xbox One at Microsoft. Along the way, he volunteered on anti-censorship projects, which resulted in his conversion to Golang and the development of the ratnet project (https://github.com/awgh/ratnet). A few years ago, he co-founded the Binject group to develop core offensive components for Golang-based malware, and Symbol Crash, which focuses on sharing hacker knowledge through trainings for red teams, a free monthly Hardware Hacking workshop in Seattle, and podcasts. He is currently developing a ratnet-based handheld device for mobile encrypted mesh messenging, planned for release next year.
Twitter: @symbolcrash1
symbolcrash.com

Description:
The past two years have seen the rise of Golang-based malware from its beginnings as a way to win at CCDC and red team engagements to its current use by actual threat actors. This talk will break down why Golang is so useful for malware with a detailed tour through the available components used for exploitation, EDR and NIDS evasion, and post-exploitation, by one of the main authors of the core components. Although focused on the offensive perspective, there will be valuable insights into the challenges in detecting Golang malware. Interested in learning Golang? Interested in writing or detecting malware? This is your invitation into the weird and wonderful world of Golang malware.

REFERENCES

List of Golang Security Tools:
https://github.com/Binject/awesome-go-security

capnspacehook: https://github.com/capnspacehook/pandorasbox https://github.com/capnspacehook/taskmaster

Vyrus / gscript crew:
https://github.com/gen0cide/gscript
https://github.com/vyrus001/go-mimikatz https://github.com/vyrus001/msflib

secretsquirrel / Josh Pitts:
https://github.com/secretsquirrel/the-backdoor-factory https://github.com/Genetic-Malware/Ebowla https://github.com/secretsquirrel/SigThief https://github.com/golang/go/issues/16292

malwareunicorn on OSX loading:
https://malwareunicorn.org/workshops/macos_dylib_injection.html

Misc: https://github.com/sassoftware/relic https://github.com/EgeBalci/sgn https://github.com/moonD4rk/HackBrowserData https://github.com/emperorcow/go-netscan https://github.com/CUCyber/ja3transport https://github.com/swarley7/padoracle

Command and Control:
https://github.com/BishopFox/sliver
https://github.com/DeimosC2/DeimosC2
https://github.com/t94j0/satellite

Obfuscation/RE:
https://github.com/unixpickle/gobfuscate https://github.com/mvdan/garble
https://github.com/goretk/redress

Of interest for defense, but breaks Docker & Terraform: https://github.com/unsecureio/gokiller

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=3RQb05ITSyk

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Ben%20Kurtz%20-%20Offensive%20Golang%20Bonanza%20-%20Writing%20Golang%20Malware.mp4

This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

CLV - Saturday - 14:35-16:59 PDT

Title: Onions In the Cloud Make the CISO Proud (Workshop)
When: Saturday, Aug 7, 14:35 - 16:59 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Wes Lambert
Wes Lambert is the Director of Support and Professional Services at Security Onion Solutions, where he helps customers to implement enterprise security monitoring solutions and understand their computer networks. A huge fan of OSS projects, Wes loves to solve problems and enhance security using completely free and easily deployable tools.
Twitter: @therealwlambert

Description:
It's been said that 94% of enterprises already use a cloud service, and that 30% of all IT budgets are allocated to cloud computing. What does this mean for network defenders? It means that many organizations are invested in the cloud, and unfortunately, many organizations still have little visibility into inter-instance, instance-to-internet, and control plane activity, as well as management functions and bucket access within the cloud. While some of this activity may be logged, it may not be analyzed or aggregated for quick review. In this workshop, we'll cover how Security Onion, a completely free and open platform for intrusion detection, enterprise security monitoring, and log management can be leveraged to increase visibility in the cloud. By using Security Onion, defenders can facilitate effective threat detection and ease compliance efforts. Attendees should walk away with an understanding of how they can utilize Security Onion to find evil in their cloud environments and make their adversaries cry. Outline:

Introduction to the Cloud
- Asset/Threats
- Monitoring Challenges
Introduction to Security Onion
- Components and Data Collected
Security Onion in the Cloud
- Traffic Mirroring
- Cloud Telemetry
- Deployment

Cloud Village activities will be streamed to YouTube.

Return to Index - Add to

- ics Calendar file

CON - Saturday - 09:00-15:59 PDT

Title: OpenSOC Blue Team CTF
When: Saturday, Aug 7, 09:00 - 15:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/238017

Return to Index - Add to

- ics Calendar file

AVV - Saturday - 14:00-14:59 PDT

Title: Operation Bypass: Catch My Payload If You Can
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Matthew Eidelberg , Technical Manager, Optiv
Matthew Eidelberg is a Technical Manager in Optiv’s Threat Management Team (Attack and Penetration specialization). Matthew has over 8 years’ experience in both consulting and information security. Matthew’s primary role is focused on leading Threat Management’s Adversary Simulation Services which focus on physical, red/purple team, and other advanced assessments.

Matthew’s expertise also involves research development, focusing on developing new techniques and tooling for endpoint security bypass and evasion. Matthew’s experience working in enterprise networks has also given him a deep understanding of the business operations.

https://ca.linkedin.com/in/matthew-eidelberg-b0422997/

Description:
Endpoint Detection and Response (EDR) have become the punching bags of the security world. Attackers employ sophisticated techniques to circumvent these controls and as a result, there has been a driving need for defenders to detect and prevent these attacks... but are they sufficient? This talk will go over all the operational considerations and tradecraft theory I've developed over the past few years when evading EDRs and other endpoint controls. This will primarily focus on techniques to ensure command and controls servers are not easily detected and contain virtually no Indicators of Compromise. This talk will then deep dive into the inner workings of the EDR bypassing framework ScareCrow,highlighting some of the lesser-known techniques and new features that are available to red teamers and pentesters. By the end of this talk, the audience should walk away with a detailed understanding of how to use ScareCrow and other opsec considerations to avoid being detected by endpoint controls and blue teams.

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Return to Index - Add to

- ics Calendar file

RCV - Saturday - 15:20-16:05 PDT

Title: OSINT for Sex Workers
When: Saturday, Aug 7, 15:20 - 16:05 PDT
Where: Recon Village (Virtual)

SpeakerBio:Kala Kinyon
No BIO available
Twitter: @TankKala

Description:No Description available

Recon Village talks will stream to YouTube.

Return to Index - Add to

- ics Calendar file

HTSV - Saturday - 10:00-10:55 PDT

Title: OSINT Tales: What the Public Knows About Russia’s New Mega-Submarine
When: Saturday, Aug 7, 10:00 - 10:55 PDT
Where: Hack the Sea (Virtual)

SpeakerBio:H I Sutton
No BIO available

Description:No Description available

Hack the Sea Village will stream their events to YouTube and Twitch.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Seth%20Kintigh%20-%20Over-the-air%20remote%20code%20execution%20on%20the%20DEF%20CON%2027%20badge%20via%20Near%20Field%20Magnetic%20Inductance.mp4

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ

Return to Index - Add to

- ics Calendar file

DC - Saturday - 14:00-14:45 PDT

Title: Over-the-air remote code execution on the DEF CON 27 badge via Near Field Magnetic Inductance or World’s first NFMI exploitation, sorta or OTARCEDC27NFMIOMGWTFBBQ
When: Saturday, Aug 7, 14:00 - 14:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Seth Kintigh
Seth Kintigh learned to program at age 12 on an IBM PC jr and his grandmother taught him how to crack ciphers. His first hack was to get infinite lives and beat the Atari 2600 game Solaris. He earned a BS EE with minors in CS and physics and a MS EE with concentration in cryptography and information security from WPI. He worked 6 years as a hardware engineer and 17 in security. Hobbies include cracking historical ciphers and restoring a Victorian home

Description:
The DEF CON 27 badge employed an obscure form of wireless communication: Near Field Magnetic Inductance (NFMI). The badges were part of a contest and while poking through the firmware for hints I noticed a buffer overflow flaw. All it required to exploit it was an oversized packet… via a chip with no datasheet and no documentation on the proprietary protocol. Thus started a 2 year odyssey.

I used Software Defined Radio tools to study the signal’s modulations. I built a receiver in GNURadio and Python to convert signals into symbols, symbols obfuscated by a pattern that I had to deduce while only controlling a fraction of the bytes. Data was encoded in those symbols using proprietary convolution for even bits and Trellis Code Modulation for odd bits. I then reversed their bizarre CRC and wrote tools to craft and send packets. Using those tools I chained bugs in 2 chips and remotely crashed the badge. However, limitations in the NFMI protocol made more sophisticated attacks impossible.

But after a year and a half invested, I was not about to give up. I soldered leads to middle layer traces, extracted and reverse engineered the NFMI firmware, fixed their protocol, and patched a badge FW to patch the NFMI FW. At long last I achieved what may be the world’s first, over-the-air, remote code exploit via NFMI.

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=sDCIjcUEFj0&

This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

BHV - Saturday - 15:00-16:45 PDT

Title: OWASP & CSA IoT: Impacting Medical Security
When: Saturday, Aug 7, 15:00 - 16:45 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Aaron Guzman , OWASP Project Leader
Aaron Guzman is co-author of IoT Penetration Testing Cookbook and Product Security Lead with Cisco Meraki. He spends his days building security into IoT products and crafting designs that keep users safe from compromise. A co-chair of Cloud Security Alliance’s IoT Working Group and a technical reviewer for several published security books, he also spearheads many open-source initiatives, raising awareness about IoT hacking and proactive defensive strategies under OWASP’s IoT and Embedded Application Security projects. He has extensive public speaking experience, delivering conference presentations, training, and workshops globally. Follow Aaron on Twitter @scriptingxss.
Twitter: @scriptingxss

Description:
The Open Web Application Security Project (OWASP) IoT Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things as well as enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies. Similarly, CSA's IoT Working group is dedicated to understanding IoT deployments and defining actionable guidance to secure ecosystems. Their efforts are often used to develop medical security guidelines for developers and manufacturers alike but also to influence IoT security assessment methodologies for later use on commercial IoT certification schemes. This session will provide insights into current project initiatives, including those that directly impact medical devices and how you can save lives by getting involved.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

Return to Index - Add to

- ics Calendar file

AVV - Saturday - 20:30-21:30 PDT

Title: Panel discussion: Is Adversary Emulation Too ___ For You?
When: Saturday, Aug 7, 20:30 - 21:30 PDT
Where: Adversary Village (Virtual)
Speakers:Jamie Williams,Cat Self,Tim Schulz,Michael Long,Frank Duff,Jose Barajas

SpeakerBio:Jamie Williams , Principal Adversary Emulation Engineer – The MITRE Corporation
Jamie Williams is an engineer at MITRE where he works on various exciting efforts involving security operations and research, specializing in adversary emulation and behavior-based detections. He also leads teams that help shape and deliver the “adversary-touch” within MITRE ATT&CK® and ATT&CK Evaluations.

SpeakerBio:Cat Self , Lead Cyber Adversarial Engineer – The MITRE Corporation
Cat Self is a Lead Cyber Adversarial Engineer working on MITRE ATT&CK® and ATT&CK Evaluations teams at MITRE. Cat previously worked at Target as a red team operator, threat hunter, and developer. Cat is an Army Military Intelligence veteran with a passion for mentorship, hiking in foreign lands, and finding opportunities to give back.

SpeakerBio:Tim Schulz , Adversary Emulation Lead - SCYTHE
Tim Schulz is SCYTHE’s Adversary Emulation Lead. He has been helping organizations build and train teams to understand and emulate cyber threats for the last seven years while working at multiple FFRDCs. He is the author of the Purple Maturity Model, and has given talks on purple teaming, adversary emulation, security testing, and technical leadership.

SpeakerBio:Michael Long , Capability Area Lead for Cyber Adversary Emulation – The MITRE Corporation
Michael Long is a Principal Adversary Emulation Engineer at the MITRE Corporation and a former U.S. Army Cyber Operations Specialist. Michael has over 10 years’ experience in offensive and defensive cyber operations. With MITRE, Michael leads adversary emulation activities for ATT&CK Evaluations. Michael is also an instructor for MITRE ATT&CK Defender’s upcoming ATT&CK Adversary Emulation course.

SpeakerBio:Frank Duff , Director of ATT&CK Evaluations - MITRE Engenuity
Frank Duff is the General Manager for MITRE Engenuity's ATT&CK Evaluations. Frank has spent over 15 years at the MITRE Corporation, starting in radar signal analysis and then transitioning to cyber security. He was on the forefront of early endpoint detection and response research, before leading a team responsible for developing and executing test methodologies. He now leverages this experience to foster public-private partnerships to drive organizational security and product improvement.

SpeakerBio:Jose Barajas
No BIO available

Description:No Description available

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Return to Index - Add to

- ics Calendar file

DL - Saturday - 14:00-15:50 PDT

Title: ParseAndC
When: Saturday, Aug 7, 14:00 - 15:50 PDT
Where: DemoLab Video Channel 1

SpeakerBio:Parbati Kumar Manna
Parbati Kumar Manna got his Bachelor of Technology from Indian Institute of Technology, Kharagpur in 1997. After spending a bit of time in the software industry, he went back to school to earn his MS and PhD in Computer Science from University of Florida in 2008. His dissertation involved the creation and detection of some of the smartest malware (particularly internet worms) that leave minimal footprint during their spread yet propagate at the maximal speed. After his PhD he joined the premier security group within Intel, working with other like-minded security researchers looking over the security of various Intel products, including hardware, firmware and software. He has published and reviewed in eminent conferences and journals.

Description:
ParseAndC - A Universal Parser and Data Visualization Tool for Security Testing

Short Abstract:
Parsing is the process of extracting the data values of various fields by mapping the data format (known) onto the datastream (known) from a certain offset (known). Parsing is often an integral part of hacking - even when we do not know the exact format of the data, we still have some vague idea, and we want to parse the data based on our assumed data format to see if our hunch is true. While it is trivial to write a parser that will output the values corresponding to the fields of a single C structure, that parser becomes useless if now we have to deal with a different C structure. A parser that can handle any and all C structures as its input is essentially a compiler, since even C header files contain enough complexity (#define constants, macros calling macros, variadic macros, conditional code via if-else etc., included files, packed/aligned attributes, pragmas, bitfield, complex variable declarations, nested and anonymous structure declaration etc.). This tool is capable of mapping any C structure(s) to any datastream from any offset, and then visually displaying the 1:1 correspondence between the variables and the data in a very colorful, intuitive display so that it becomes very easy to understand which field has what value.

This tool is extremely portable - it is a single 800KB Python text file, supports all versions of Python, is cross-platform (Windows/Mac/Unix), and also works in the terminal /batch mode without GUI. For multi-byte datatypes (e.g. integer or float) it supports both endianness (little/big) and displays value in both decimal and Hex formats. The tool needs no internet connection and works fully offline. It is self-contained - it doesn't import almost anything, to the extent that it implements its own C compiler (front-end) from scratch!!

This tool is useful for both security- and non-security testing alike (reverse engineering, network traffic analyzing, packet processing etc.). It is currently being widely used at Intel, and in the users' own words, this tool has reduced their days' work into minutes. The author of this tool led many security hackathons at Intel and there this tool was found to be very useful.

Short Developer Bio:
Parbati Kumar Manna got his Bachelor of Technology from Indian Institute of Technology, Kharagpur in 1997. After spending a bit of time in the software industry, he went back to school to earn his MS and PhD in Computer Science from University of Florida in 2008. His dissertation involved the creation and detection of some of the smartest malware (particularly internet worms) that leave minimal footprint during their spread yet propagate at the maximal speed. After his PhD he joined the premier security group within Intel, working with other like-minded security researchers looking over the security of various Intel products, including hardware, firmware and software. He has published and reviewed in eminent conferences and journals.

URL to any additional information:
The tool has just been open-sourced, but no public announcement has been made (don't want to steal the thunder from DEFCON) https://github.com/intel/ParseAndC

Detailed Explanation of Tool:
If one knows the data format of any datastream (basically, if you have access to the source code), parsing is easy since it takes <5 minutes to write a parser for a C structure. However, if one's job involves looking at many different datastreams, each with a different data format (basically, a different C structure), then this process becomes very tedious as you have to write a fresh parser for every new structure. As part of the Intel's in-house core hacking team, this author faced this very problem where he had to parse many different datastreams based on their individual data formats. So, to rid himself of the trouble of writing a new parser every time, he chose to write a tool that can parse any datastream with any data format (a C structure) with just two clicks.

The other big problem that this tool handles is the data visualization. The problem is, not every time we have a 1:1 mapping between code and data - we can have one-to-many relationship (for arrays), and can have many-to-one relationship (many union members pointing to same chunk of data). For example, if we have a single line of code like int a[30][40][50];, suddenly for a single line of code we have sixty thousand chucks of 4-byte data. This tool handles these many-to-one and one-to-many relationships between code and data very gracefully (just try hovering your cursor over the variables in the Interpreted code window or the data windows, and you will see). Also, if you double-click on any variable, it will re-display the datastream centered around the place where the variable maps to. Similarly, if you double-click on any data byte, it will scroll the Interpreted code window to pinpoint to the variable(s) that map to that data.

You can see all that just by clicking the "Run Demo" button on the tool. :-)

Supporting Files, Code, etc:
The tools needs no supporting file to run. To show its capability, just run the Demo (see below how). There is a huge README explaining everything right at the top of the script itself (the same README is also available in the Open Source repo https://github.com/intel/ParseAndC), but in case you don't have time to read that, below is a TL;DR version.

Just download the tool source (a single Python file) anywhere (Windows/Linux/Mac), run it using Python 2 or 3, and click on the "Run Demo" button on top right corner. It will load a datafile (the tool script itself), choose a builtin data format (expressed via C structures and variable declarations), compile/Interpret that code and finally map the variables in the data format onto the data file. Once this happens, the Interpreted code window and the Data window will contain colorful items. Just hover your cursor over those colorful items (or double-click) and see the magic happen!

There is also a bottom window which lays out a Tree-like view of the data format. You can expand/collapse all the structures and arrays in the data format here using left/right arrows (or mouse click).

It also creates a snapshot.csv file with all the data format variables with their values. It also prints the same in the background (console).

The tool is currently in Beta stage (a lot of new features have been added lately), but it will absolutely be mature during the actual conference time.

Target Audience:
The target audience for this tool is pretty broad - it involves both White Hat and Black Hat researchers alike. Basically, anybody who tests C programs, or reverse engineers any datastream produced from a C program will find this tool extremely useful. Examples of actual usage of this tool are noted below.

White Hat Testing (has access to source code): At Intel, of course we have access to our own source code, so we do not need to speculate about the data format of Intel products. In Intel, this tool has found its wide usage in driver testing, network packet analyzing, firmware reversing etc. where the testers use this tool to confirm that we are indeed observing the intended value in the datastream.

Black Hat Testing (no access to source code): An example of how this tool is useful for even Black Hat hackers is as follows. Suppose you believe that a certain executable or datastream should begin with a certain magic number, followed by version number, followed by a header, followed by data etc. So, you can just write a C structure corresponding to your "hunch", and then use this tool to map that hypothetical structure onto the datastream to see if the values corresponding to the fields "make sense" visually. This is where the visualization part of this tool comes as immensely useful - you can hover your cursor on top of any variable and see its corresponding data value, or hover your cursor over any data byte and see its corresponding variable(s). If some of the supposed fields in the structure make sense but others do not, you know for which fields you have hit the jackpot, and for which you didn't. So, you modify your structure accordingly and just two more clicks will give you the new visualization of the mapped data with the new structure. This way, you can use this tool iteratively to figure out the format of the datastream.

To summarize, this is a tool that has been widely used at Intel for both security testing and regular non-security testing for the last two years.

This tool, per se, is not targeted ONLY for security, but it has been proven to be extremely useful for security research (just like the case of a binary disassembler).

For the past couple of years, it has been used at Intel for both kinds of testers: Security researchers and regular non-security folks. Both groups of people found the tool to be extremely useful.

To the best of the author's knowledge, no such hacking tool currently exists. Thus, this tool can definitely contribute to a new perspective to DEF CON.

This content will be presented on a Discord video channel.

#dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505

Return to Index - Add to

- ics Calendar file

IOTV - Saturday - 10:00-18:30 PDT

Title: Pentesting 101
When: Saturday, Aug 7, 10:00 - 18:30 PDT
Where: IoT Village (Onsite)

Description:
For more information, see https://www.iotvillage.org/defcon.html

Return to Index - Add to

- ics Calendar file

AVV - Saturday - 15:45-16:30 PDT

Title: Phish Like An APT
When: Saturday, Aug 7, 15:45 - 16:30 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Sanne Maasakkers , Security Expert, Fox-IT
Sanne Maasakkers works as a security expert in the Red Team and Strategic Threat Intelligence team at Fox-IT in the Netherlands. Next to her focus on pentesting and threat analysis (which was recently demonstrated by ‘being’ the attacking APT during the biggest Dutch cyber crisis exercise), she loves to perform social engineering attacks and has a strong expertise on getting initial access by using this technique. In addition to her work, she contributes to "a more secure society" by providing awareness training, guest lectures and hack demos in both professional and educational environments and as team captain of the European team during the International Cyber Security Challenge (ICSC).
https://nl.linkedin.com/in/sannemaasakkers/

Description:
Have you ever wondered what phishing strategy real world APTs use? And how these compare with the scenarios that you use during your Red Team / social engineering activities? If you did, you probably found out that there's a lot of research about APT techniques, tactics and procedures, like the use of specific malware or attack vectors, but there are not many public resources on which techniques those attackers actually use to convince a non-suspecting person to aid them in their operation. In this talk an analysis is presented of hundreds of phishing emails that were used in real campaigns. All characteristics of an email, like the method of influence, tone of speech and used technologies are classified and measures how well a phishing campaign is designed, scoring from “obvious spam” to “near-realistic original mail”. By comparing and measuring the state of these phishing emails,we can learn more about how certain groups operate and how much “effort” they put into their scenarios. This is important knowledge for both attackers and defenders. If you want to know how to phish like you’re an APT, then this talk is for you. Spoiler alert: you might already be a better phisher than these groups.

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Salvador%20Mendoza%20-%20PINATA-%20PIN%20Automatic%20Try%20Attack.mp4

Return to Index - Add to

- ics Calendar file

DC - Saturday - 13:00-13:45 PDT

Title: PINATA: PIN Automatic Try Attack
When: Saturday, Aug 7, 13:00 - 13:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded

SpeakerBio:Salvador Mendoza
Salvador Mendoza is a Metabase Q security researcher and member of the Ocelot Offensive Security Team.

Salvador focuses on tokenization processes, payment systems, mag-stripe information and embedded prototypes. He has presented on tokenization flaws and payment methods in different conferences such as Black Hat USA, DEF CON, HITB, Troopers and many others. Also, Salvador designed different tools to pentest mag-stripe information and tokenization processes.

Author of “Show me the (e-) money Hacking a sistemas de pagos digitales: NFC. RFID, MST y Chips EMV“. A Spanish-written book with a collection of different attacks against payment systems.

Twitter: @Netxing
salmg.net

Description:
A brute force attack is a trial-and-error method used to obtain information such as user passwords or personal identification numbers (PINs). This attack methodology should be impossible to apply to the actual secured EMV bank cards. In this talk, we will analyze how an inadequate implementation could rely on an extreme and sophisticated PIN brute force attack against 10,000 combinations from 4 digit PIN that could affect millions of contact EMV cards.

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=VOIvEqjJNOY

This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

https://www.alissaknight.com/

Return to Index - Add to

- ics Calendar file

BHV - Saturday - 17:30-17:59 PDT

Title: Playing with FHIR: hacking and securing healthcare APIs
When: Saturday, Aug 7, 17:30 - 17:59 PDT
Where: Biohacking Village (Talk - Virtual)
Speakers:Alissa Knight,Mitch Parker

SpeakerBio:Alissa Knight , Content Creator | Hacker
Alissa Knight is a recovering hacker of 20 years, blending hacking with a unique style of written and visual content creation for challenger brands and market leaders in cybersecurity. Alissa is a cybersecurity influencer, content creator, and community manager as a partner at Knight Ink (http://www.knightinkmedia.com/) that provides vendors go-to market and content strategy for telling brand stories at scale in cybersecurity. Alissa is also the principal analyst in cybersecurity at Alissa Knight & Associates.

Alissa is a published author through her publisher at Wiley, having published the first book on hacking connected cars (https://www.amazon.com/Hacking-Connected-Cars-Techniques-Procedures/dp/1119491800/ref=sr_1_1?crid=X8OQ88MUEP4T&dchild=1&keywords=hacking+connected+cars&qid=1592558581&sprefix=hacking+connected+cars%2Caps%2C300&sr=8-1) and recently received two new book contracts to publish her autobiography and a new book on hacking APIs.

As a serial entrepreneur, Alissa has started and sold two cybersecurity companies to public companies in international markets and also sits as the group CEO of Brier & Thorn, a managed security service provider (MSSP).

https://www.alissaknight.com/

SpeakerBio:Mitch Parker , CISO, Indiana University Health
No BIO available

Description:
Hear from renowned bank, automotive, and healthcare API Hacker Alissa Knight on her tactics and techniques in hacking mHealth and FHIR APIs. Alissa walks through the tactics and techniques she uses in her API kill chain. Mitch, IU Health CISO, follows up with tactical and strategic maneuvers to maintain the integrity of the data.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

Return to Index - Add to

- ics Calendar file

DL - Saturday - 10:00-11:50 PDT

Title: PMapper
When: Saturday, Aug 7, 10:00 - 11:50 PDT
Where: Palace 1+2

SpeakerBio:Erik Steringer
Erik Steringer is a Senior Security Consultant with NCC Group.

Description:
Tool or Project Name: Principal Mapper (PMapper) - Mapping Privilege Escalation and More in AWS IAM

Short Abstract:
Principal Mapper (PMapper) is an open-source tool and library for assessing AWS IAM and AWS Organizations for security concerns, such as privilege escalation and resource isolation. It tracks and identifies the different ways that one given IAM User/Role (Principal) could pivot to other IAM Users or Roles by reviewing all applicable IAM Policies. After gathering this data, PMapper can perform additional analysis, querying, and visualization.

The querying and analysis systems of PMapper goes beyond checking if a principal is authorized to make a specific AWS API call. It will check if the principal can go through other principals to make a specified AWS API call. In a real-world example: if a user is not authorized to get an S3 object, PMapper also checks if the user can run an EC2 instance with a role as a means of bypassing that restriction. This means that PMapper tells you the effective permissions of each IAM User and Role, and the impact of the extra access you may inadvertently grant to those principals.

Short Developer Bio:
Erik Steringer is a Senior Security Consultant with NCC Group.

URL to any additional information:
https://github.com/nccgroup/PMapper/wiki

Detailed Explanation of Tool:
PMapper is a free and open source project written in Python 3. The v1.1.X release added support for resource policies, SCPs, permission boundaries, and session policies, which means it now works for cross-account scenarios. Additionally, it can now map and handle AWS Organizations.

At a high level, the different operations of PMapper include gathering data (account or organization), querying, analysis, and visualization. All work typically starts with gathering data. When gathering an account's data, PMapper composes a graph to represent the account. The graph includes different IAM Users/Roles, represented as nodes. The graph also tracks how nodes can access each other, as edges. One example of an edge is when a principal can call sts:AssumeRole to access an IAM Role.

The account graph is used by the query component. During all queries, PMapper checks the specified principal and then other principals that can be pivoted to by the specified principal. This catches risks where a given user or role can bypass their own limited permissions with other users or roles. This is also the root of the privilege escalation detection. The different users and roles are marked as administrators if they can effectively call any API operation with any resource, and the privilege escalation detection finds non admins that can pivot to admins through an edge.

The authorization simulator of PMapper runs completely locally, with no calls to the AWS IAM Policy Simulation APIs. It can handle the most complex types of IAM Policies, and other types of policies that even the simulation APIs don’t include (SCPs, Session Policies).

The graph data, query component, and underlying authorization simulator enable PMapper to catch risks that other tools (ScoutSuite, awspx, Cartography, Aaia, CloudMapper, AWS IAM Access Analyzer) cannot. A lot of those risks are covered with the analysis component of PMapper. It can also be extended through the `principalmapper` package to check for even more specific needs.

Supporting Files, Code, etc:
https://github.com/nccgroup/PMapper

Target Audience:
Defense, Cloud

As a consultant, I’ve had the opportunity to work in a variety of AWS environments across a range of clients and requirements. I think PMapper reflects a lot of the lessons learned during these last few years. Some of the recent work I’ve put into PMapper helps show where I think the future is (infrastructure as code analysis) for tools in this space.

Return to Index - Add to

- ics Calendar file

DC - Saturday - 10:00-10:59 PDT

Title: Privacy Without Monopoly: Paternalism Works Well, But Fails Badly
When: Saturday, Aug 7, 10:00 - 10:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded

SpeakerBio:Cory Doctorow
Cory Doctorow (craphound.com) is a science fiction novelist, journalist and technology activist. He is a contributor to many magazines, websites and newspapers. He is a special consultant to the Electronic Frontier Foundation (eff.org), a non-profit civil liberties group that defends freedom in technology law, policy, standards and treaties. He holds an honorary doctorate in computer science from the Open University (UK), where he is a Visiting Professor; he is also a MIT Media Lab Research Affiliate and a Visiting Professor of Practice at the University of North Carolina’s School of Library and Information Science. In 2007, he served as the Fulbright Chair at the Annenberg Center for Public Diplomacy at the University of Southern California.

His novels have been translated into dozens of languages and are published by Tor Books, Head of Zeus (UK), Titan Books (UK) and HarperCollins (UK). He has won the Locus, Prometheus, Copper Cylinder, White Pine and Sunburst Awards, and been nominated for the Hugo, Nebula and British Science Fiction Awards.

His recent books include ATTACK SURFACE (2020), a standalone sequel to LITTLE BROTHER intended for adults, POESY THE MONSTER SLAYER, a picture book for young children (2020), the nonfiction tech/politics book HOW TO DESTROY SURVEILLANCE CAPITALISM (2020), RADICALIZED (2019) and WALKAWAY (2017), science fiction for adults; and IN REAL LIFE, a young adult graphic novel created with Jen Wang (2014).

His latest young adult novel is HOMELAND, the bestselling sequel to 2008’s LITTLE BROTHER. His New York Times Bestseller LITTLE BROTHER was published in 2008. His latest short story collection is WITH A LITTLE HELP, available in paperback, ebook, audiobook and limited edition hardcover. In 2011, Tachyon Books published a collection of his essays, called CONTEXT: FURTHER SELECTED ESSAYS ON PRODUCTIVITY, CREATIVITY, PARENTING, AND POLITICS IN THE 21ST CENTURY (with an introduction by Tim O’Reilly) and IDW published a collection of comic books inspired by his short fiction called CORY DOCTOROW’S FUTURISTIC TALES OF THE HERE AND NOW. THE GREAT BIG BEAUTIFUL TOMORROW, a PM Press Outspoken Authors chapbook, was also published in 2011.

LITTLE BROTHER was nominated for the 2008 Hugo, Nebula, Sunburst and Locus Awards. It won the Ontario Library White Pine Award, the Prometheus Award as well as the Indienet Award for bestselling young adult novel in America’s top 1000 independent bookstores in 2008; it was the San Francisco Public Library’s One City/One Book choice for 2013. It has also been adapted for stage by Josh Costello.

He co-founded the open source peer-to-peer software company OpenCola, and serves on the boards and advisory boards of the Participatory Culture Foundation, the Clarion Foundation, the Open Technology Fund and the Metabrainz Foundation. He maintains a daily blog at Pluralistic.net.

Twitter: @doctorow

Description:
Governments around the world (US, UK, EU) are planning to force interoperability on the biggest tech platforms. Companies like Facebook say that this is a privacy disaster because it would hurt their ability to keep us safe from privacy invasions. Yeah, I know. But even if you DO think Facebook has our best interests at heart, monopoly is a deeply stupid way protect privacy. I will present "Privacy Without Monopoly," a major EFF white paper I co-authored with Bennett Cyphers, which sets out a framework for understanding how privacy and interop aren't just compatible - they rely on one another!

https://www.eff.org/wp/interoperability-and-privacy

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=deRRR5B1hwI

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Cory%20Doctorow%20-%20Privacy%20Without%20Monopoly.mp4

This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20hyp3ri0n%20aka%20Alejandro%20Caceres%20Jason%20Hopper%20-%20PunkSPIDER%20and%20IOStation-%20Making%20a%20Mess%20All%20Over%20the%20Internet.mp4

Return to Index - Add to

- ics Calendar file

DC - Saturday - 16:00-16:45 PDT

Title: PunkSPIDER and IOStation: Making a Mess All Over the Internet
When: Saturday, Aug 7, 16:00 - 16:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
Speakers:_hyp3ri0n aka Alejandro Caceres,Jason Hopper

SpeakerBio:_hyp3ri0n aka Alejandro Caceres
No BIO available

SpeakerBio:Jason Hopper
No BIO available

Description:
We've been getting asked a lot for "that tool that was like Shodan but for web app vulns.” In particular WTF happened to it? Punkspider (formerly known as PunkSPIDER but renamed because none of us could remember where tf the capital letters go) was taken down a couple of years ago due to multiple ToS issues and threats. It was originally funded by DARPA. We weren’t sure in which direction to keep expanding, and it ended up being a nightmare to sustain. We got banned more than a 15 year old with a fake ID trying to get into a bar. It became a pain and hardly sustainable without a lot of investment in time and money. Each time we got banned it meant thousands of dollars and countless hours moving sh** around.

Now we’ve solved our problems and completely re-engineered/expanded the system. It is not only far more efficient with real-time distributed computing and checks for way more vulns, we had to take some creative ways through the woods – this presentation covers both the tool itself and the story of the path we had to take to get where it is, spoiler alert: it involves creating our own ISP and data center in Canada and integrating freely available data that anyone can get but most don’t know is available. Come play with us and see what the wild west of the web looks like and listen to our story, it’s fun and full of angry web developers. We’ll also be releasing at least 10s of thousands of vulnerabilities and will be taking suggestions from the audience on what to search. Fun vulns found get a t-shirt, super fun ones get a hoodie thrown at them.

REFERENCES: https://www.youtube.com/watch?v=AbS_EGzkNgI (Shmoo 2013 talk) https://hadoop.apache.org/ https://aws.amazon.com/kubernetes/ https://www.docker.com/ https://www.python.org/ https://www.apache.org/licenses/LICENSE-2.0 https://kafka.apache.org/ https://owasp.org/www-project-top-ten/

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=DlS_sl4hTWg

This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

SOC - Saturday - 16:00-17:59 PDT

Title: QueerCon Party
When: Saturday, Aug 7, 16:00 - 17:59 PDT
Where: Bally's Pool

Description:
Come hang out with the queer hacker community

Return to Index - Add to

- ics Calendar file

DC - Saturday - 12:00-12:20 PDT

Title: Racketeer Toolkit. Prototyping Controlled Ransomware Operations
When: Saturday, Aug 7, 12:00 - 12:20 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded

SpeakerBio:Dimitry "Op_Nomad" Snezhkov
Dimitry Snezhkov is an Associate Director at Protiviti. In this role he hacks code, tools, networks, apps and sometimes subverts human behavior too. Dimitry has spoken at DEF CON, BlackHat, THOTCON conferences, and presented tools at BlackHat Arsenal.
Twitter: @Op_Nomad

Description:
*** SPECIAL NOTE: Technical difficulties prevented this talk from being shown at the correct time slot on DCTV/Twitch. Please look for another event on the schedule, by the same name; replay is estimated to begin at 19:00 on Track 2 DCTV/Twitch only. You may also watch this talk on-demand, by following the links at the bottom of this message. ***

Racketeer is one such tool. It is an offensive agent coupled with a C2 base, built to help teams to prototype and exercise a tightly controlled ransomware campaign.

Racketeer can help gain better optics into IoCs, and is helpful in providing detailed logs that can be used to study the behavior and execution artifacts of a ransomware agent.

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=VJ8aqReB118

This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

BTV - Saturday - 16:30-17:59 PDT

Title: Ransomware ATT&CK and Defense with the Elastic Stack
When: Saturday, Aug 7, 16:30 - 17:59 PDT
Where: Blue Team Village - Workshop Track 2 (Virtual)
Speakers:Ben Hughes,Daniel Chen,Fred Mastrippolito

SpeakerBio:Ben Hughes
Ben Hughes (@CyberPraesidium) brings over 15 years of diverse experience in cyber security, IT, and law. He leads Polito's commercial services including Digital Forensics & Incident Response (DFIR), threat hunting, pen testing, and risk assessment. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients. He holds CISSP, GCFA, and GWAPT certifications.
Twitter: @CyberPraesidium

SpeakerBio:Daniel Chen
No BIO available

SpeakerBio:Fred Mastrippolito
Pentester, and incdent response engineer with a passion for technology. Founded @politoinc and focuses on assisting customers operate securely.
Twitter: @politoinc

Description:
This hands-on training will walk attendees through leveraging the open source Elastic (ELK) Stack to proactively identify common ransomware tactics, techniques, and procedures (TTPs) within diverse log data sets. The blue team tools and techniques taught during this workshop can be used to investigate isolated ransomware incidents or implemented at scale for continuous monitoring and threat hunting.

This hands-on training will walk attendees through leveraging the open source Elastic (ELK) Stack to proactively identify common ransomware tactics, techniques, and procedures (TTPs) within diverse log data sets. The blue team tools and techniques taught during this workshop can be used to investigate isolated ransomware incidents or implemented at scale for continuous monitoring and threat hunting. Attendees will be provided with access to a preconfigured Elastic cluster and extensive sample logs containing malicious endpoint and network events waiting to be discovered on a simulated enterprise network. Ransomware attack artifacts will be mapped to the MITRE ATT&CK Framework and tagged accordingly in the provided logs to help demonstrate the value of log enrichment, showcase real-world attacker TTPs, and leverage a methodological approach to incident response and anomaly detection. Emphasis will be placed on live demos and practical training exercises throughout.

Workshop Outline: * Introduction to Ransomware Digital Forensics and Incident Response (DFIR), Threat Hunting, and Threat Intelligence Principles * Introduction to the ATT&CK Framework and Mapping Ransomware TTPs to Relevant Log Data (live demos and labs) * Introduction to the Elastic Stack and Log Data-Driven Analysis (live demos and labs) * Hallmarks of the Ransomware Attack Lifecycle (live demos and labs) * Identifying Ransomware Adversaries and TTPs from Reconnaissance to Exfiltration (live demos and labs)

Return to Index - Add to

- ics Calendar file

PHV - Saturday - 12:00-12:59 PDT

Title: RCE via Meow Variant along with an Example 0day
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Packet Hacking Village - Talks (Virtual)

SpeakerBio:Özkan Mustafa AKKUŞ , SENIOR CYBER SECURITY CONSULTANT AND VULNERABILITY RESEARCHER AT TURK TELEKOM
Ozkan (Twitter: @ehakkus) is a vulnerability researcher and senior cyber security consultant in Turkey. Ozkan publishes security vulnerabilities on international platforms that he has discovered. He shares his experiences and works on his personal blog (https://www.pentest.com.tr). He gave training and presentations in many universities and institutions in his country. In addition to these studies, He gave the presentation of "The Vulnerability That Gmail Overlooked and Enabling Threat Hunting" in Packet Hacking Village at DEF CON 28 and "0day Hunting and RCE Exploitation in Web Applications" in AppSec Village at DEF CON 27.
Twitter: @ehakkus

Description:
I will touch Some Alternative Bypass Restriction Techniques. Then I will present a vulnerability of Ericsson Network Location that provides the infrastructure of the research and we are going to touch on the meow variant with details through this vulnerability Towards the end we are going to prepare a Metasploit module and exploit the vulnerability.

All Packet Hacking Village talks will stream on YouTube, Twitch, Facebook, and Periscope.

YouTube: https://youtube.com/wallofsheep

Twitch: https://twitch.tv/wallofsheep

Facebook: https://www.facebook.com/wallofsheep/

Title: Ruse
When: Saturday, Aug 7, 10:00 - 11:50 PDT
Where: DemoLab Video Channel 2

SpeakerBio:Mike Kiser
Mike Kiser is insecure. He has been this way since birth, despite holding a panoply of industry positions over the past 20 years—from the Office of the CTO to Security Strategist to Security Analyst to Security Architect—that might imply otherwise. In spite of this, he has designed, directed, and advised on large-scale security deployments for a global clientele. He is currently in a long-term relationship with fine haberdashery, is a chronic chronoptimist (look it up), and delights in needlessly convoluted verbiage. He speaks regularly at events such as the European Identity Conference and the RSA Conference, is a member of several standards groups, and has presented identity-related research at Black Hat and Def Con. He is currently a Senior Identity Strategist for SailPoint Technologies.

Description:
Tool or Project Name: Ruse

Short Abstract:
Facial recognition is eroding privacy and other human rights. Industry and government have ethical responsibilities to prevent this, but what if there were a way to enhance privacy for individuals without waiting for the cavalry? Adversarial technology gives people a way to protect this biometric. Ruse is an open-source mobile app that uses some of the research from the past year to enable “normal” people to protect the photos that they put online from being processed by commercial facial recognition products.

Short Developer Bio:
Mike Kiser is insecure. He has been this way since birth, despite holding a panoply of industry positions over the past 20 years—from the Office of the CTO to Security Strategist to Security Analyst to Security Architect—that might imply otherwise. In spite of this, he has designed, directed, and advised on large-scale security deployments for a global clientele. He is currently in a long-term relationship with fine haberdashery, is a chronic chronoptimist (look it up), and delights in needlessly convoluted verbiage. He speaks regularly at events such as the European Identity Conference and the RSA Conference, is a member of several standards groups, and has presented identity-related research at Black Hat and Def Con. He is currently a Senior Identity Strategist for SailPoint Technologies.

URL to any additional information:
https://github.com/derrumbe/Ruse

Detailed Explanation of Tool:

In an ideal world, this tool would utilize two of the latest techniques (Fawkes (http://sandlab.cs.uchicago.edu/fawkes/) / Lowkey) that have been pioneered at various academic institutions over the past year. However, for an app such as this one to truly work, ease-of-use is essential. This means that it must be delivered in a mobile format, which restricts the app to using TensorFlow Lite - which in turn means no on-board learning, and that whatever techniques it uses must be as quick and as easy to use as FaceID on a localized device is. (ironic, no?)

However, decent results can be had with a cheaper, faster combination of techniques — injecting perlin noise into the photos, a la Camera Adversaria: https://github.com/kieranbrowne/camera-adversaria, and modifying the photo by applying an arbitrary style through the relatively well known “arbitrary style transfer” technique. The combination of these two is powerful enough to warrant further development because it impacts two different processes involved in facial recognition: facial detection and facial classification.

This currently comes at a slight cost to the end user in terms of human intelligibility, but the app also allows for in-flow modification of the impact of these changes (and their protection.) There are some onboard facilities to check for the impact of these changes: Google MLKit to check for facial recognition, for example, so that the end user can dial down the modifications to a limit that is effective but not as disruptive.

This is a camera-centric mobile app, so the flow looks like this: photo from camera or roll -> apply perlin noise -> apply style filter -> check for impact against facial recognition -> save to roll or upload to social media

The app is on github here: https://github.com/derrumbe/Ruse and will be released onto the android and apple app stores in its first release (hopefully for DefCon): as noted before, ease-of-use is the goal.

Operating system:
Swift (iOS) / Java (android – lagging behind ios currently, but it will be transposed later this summer, hopefully) Tensorflow Version: TensorFlowLiteSwift , nightly build (with GPU accel on) GoogleMLKit
GPUImage: https://github.com/BradLarson/GPUImage (open source) SimplexNoise : https://weber.itn.liu.se/~stegu/simp...plexNoise.java (open source)

Supporting Files, Code, etc:
https://github.com/derrumbe/Ruse

Target Audience:
Consumer Mobile Offense?

This content will be presented on a Discord video channel.

#dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988

Return to Index - Add to

- ics Calendar file

CHV - Saturday - 15:00-15:59 PDT

Title: Safety Third: Defeating Chevy StabiliTrak for Track Time Fun
When: Saturday, Aug 7, 15:00 - 15:59 PDT
Where: Car Hacking Village - Talks (Virtual)

SpeakerBio:Eric Gershman
No BIO available

Description:
Electronic Stability Control (ESC) system saves thousands of lives every year by preventing accidents before a driver starts to lose control but it can be a real drag when trying to race a modern electric vehicle. Both the Chevy Spark EV and Bolt electric car communities have been unable to defeat the ESC to get full control of their cars on the track. Join me on my journey as I attempt to defeat Chevy’s Stabilitrak to turn an EV econobox into an autocross speed racer.

This talk will stream on YouTube.

YouTube: https://www.youtube.com/watch?v=OS6rSHZq2N8

Return to Index - Add to

- ics Calendar file

APV - Saturday - 09:05-09:59 PDT

Title: Scaling AppSec through Education
When: Saturday, Aug 7, 09:05 - 09:59 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Grant Ongers (rewtd)
No BIO available

Description:
Given that:

Security teams are outnumbered by developers 100:1 50 - 80% more bugs are found in code review than in testing More than 70% of CVEs are caused by implementations in code It must follow that AppSec should be the biggest part of your concern as a security person, and that you either need to seriously invest in more AppSec people to keep up with the developer population or you need to get developers looking for AppSec issues during code review.

So, how does one do that?

We'll lay out the problem space in a bit more detail, covering some of the issues described in our BlackHat EU talk (https://www.blackhat.com/eu-20/features/schedule/index.html#are-you-big-friendly-giant---red-unless-blue-finds-green-ru-bfg-22029) and then we'll move onto how we solve this.

We'll talk about the OWASP Application Security Curriculum project, it's goals, ambitions, and milestones - as well as talking about the current artefacts.

We'll then talk about how you get developers engaged in the education program and how we leverage other OWASP projects (like Cornucopia and the ASVS) to make it all fit together.

AppSec Village events will be streamed to YouTube.

Return to Index - Add to

- ics Calendar file

HTSV - Saturday - 13:00-13:55 PDT

Title: Sea Pods
When: Saturday, Aug 7, 13:00 - 13:55 PDT
Where: Hack the Sea (Virtual)

SpeakerBio:Grant Romundt
No BIO available

Description:No Description available

Hack the Sea Village will stream their events to YouTube and Twitch.

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ

Return to Index - Add to

- ics Calendar file

VMV - Saturday - 10:30-10:59 PDT

Title: Secrets of Social Media PsyOps
When: Saturday, Aug 7, 10:30 - 10:59 PDT
Where: Voting Village (Talks - Virtual)

SpeakerBio:BiaSciLab
BiaSciLab is a 14 year old hacker and maker. She was the youngest speaker at H.O.P.E. and has spoken at DEF CON in the Voting Village, Bio Hacking Village and the r00tz Asylum kids con. She has spoken internationally on election security at DefCamp in Romania. She also received national attention when she hacked the election reporting system at DEF CON 26, this work was recently highlighted at the Congressional Hearing on Election Security. This inspired her to build her own election system, Secure Open Vote.

BiaSciLab is also the Founder and CEO of Girls Who Hack, an organization focused on teaching girls the skills of hacking so that they can change the future. She enjoys inventing things, giving talks and teaching classes on making, programming and hacking. Follow her on twitter @BiaSciLab @GirlsWhoHack @SecureOpenVote or check out her websites www.BiaSciLab.com www.GirlsWhoHack.com www.SecureOpenVote.com

Twitter: @BiaSciLab

Description:
Psychological Warfare through social media is one of the most powerful weapons in today's political battlefield. PsyOps groups have figured out how to sharpen the blade through algorithms and targeted advertising. Nation states are using PsyOps to influence the citizens of their enemies, fighting battles from behind the keyboard. In this talk, BiaSciLab with cover a brief history of PsyOps and how it has been used both on the battlefield and the political stage. Followed by a dive deep into how it works on the mind and how PsyOps groups are using social media to influence the political climate and elections worldwide.

Voting Village talks will be streamed to YouTube and Twitch.

YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg

Return to Index - Add to

- ics Calendar file

SEV - Saturday - 10:00-11:59 PDT

Title: SECTF4Teens
When: Saturday, Aug 7, 10:00 - 11:59 PDT
Where: Social Engineer Village (Virtual)
Speakers:Chris Silvers,Kris Silvers

SpeakerBio:Chris Silvers
No BIO available

SpeakerBio:Kris Silvers
No BIO available

Description:
For more information, please see https://www.social-engineer.org/events/sevillage-def-con/the-sectf4teens/

Social Engineer Village will stream content to Twitch.

Twitch: https://www.twitch.tv/socialengineerllc

Return to Index - Add to

- ics Calendar file

BHV - Saturday - 13:30-13:59 PDT

Title: Securing the Internet of Biological Things
When: Saturday, Aug 7, 13:30 - 13:59 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Thom Dixon , National Security & Defence, PhD student at Macquarie University
Thom Dixon is Vice President for the Australian Institute of International Affairs NSW and the Manager, National Security and Defence at Macquarie University, Sydney, Australia.

Description:
The coming age of robust two-way communication between living and non-living systems can simply be described as the Internet of Biological Things (IoBT). Interfacing optoelectronic systems with optogenetic-, bioelectrochemical- and biosensor-based information substrates will challenge key assumptions underpinning information security. A cyberbiosecurity mindset is needed to maximise the benefits and minimise the downsides of the pervasive, persistent and immersive information environment that arises from an IoBT world.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

Return to Index - Add to

- ics Calendar file

PHV - Saturday - 12:00-13:59 PDT

Title: Security Investigations with Splunk
When: Saturday, Aug 7, 12:00 - 13:59 PDT
Where: Packet Hacking Village - Workshops (Virtual)

SpeakerBio:Robert Wagner , SPLUNK AND CO-FOUNDER OF HAK4KIDZ
Robert Wagner (Twitter: @mr_minion) is a security professional with 15+ years of InfoSec experience. He is a co-founder of the “Hak4Kidz” charity, a co-organizer of BurbSec and BurbSecCon in Chicago, and is on the Board of Directors of the ISSA Chicago Chapter.
Twitter: @mr_minion

Description:
Investigating with Splunk is a hands-on workshop designed to familiarize participants with how to investigate incidents using Splunk and open source. This workshop provides users a way to gain experience searching in Splunk to answer specific questions related to an investigation. These questions are similar to what would be asked in their own organizations. The workshop leverages the popular Boss of the SOC (BOTS) dataset in a question-and-answer format. Users will leave with a better understanding of how Splunk can be used to investigate in their enterprise. The class includes access to download the free “Investigating with Splunk” app that can be used to review the exercises after the class.

Return to Index - Add to

- ics Calendar file

PHV - Saturday - 09:00-09:59 PDT

Title: Seeing the Forest Through the Trees – Foundations of Event Log Analysis
When: Saturday, Aug 7, 09:00 - 09:59 PDT
Where: Packet Hacking Village - Talks (Virtual)

SpeakerBio:Jake Williams , CTO OF BREACHQUEST
Jake Williams (Twitter: @malwarejake) is an incident responder, red teamer, occasional vCISO, and prolific infosec shitposter. He has traveled the world, but isn't welcome in China or Russia (and avoids most countries they have extradition treaties with). When not speaking at a conference like this one, it's a good bet that Jake is engaged in hand to hand combat with an adversary rooted deep in a network or engineering ways to keep them out. Jake's career in infosec started in the intelligence community, but has taken around the world securing networks of all shapes and sizes, from utilities to hospitals to manufacturing plants.
Twitter: @malwarejake

Description:
During an incident, everyone knows you need to review the logs – but what are they actually telling you? There's a wealth of information to be had in your logs event logs, but most analysts miss the forest because they don't understand the trees. In this talk, Jake will walk you through some of the most impactful event logs to focus on in your analysis. We'll target some old favorites covering login events, service creation, and process execution. We'll also examine task scheduler logs, useful in uncovering lateral movement and privilege escalation. Finally, we'll discuss some of the new event logs available in Windows 10 (if only you enable them first). If you don't want to be barking up the wrong tree during your next insider investigation or getting axed because you failed to identify the lateral movement attempts, make sure to watch this video.

All Packet Hacking Village talks will stream on YouTube, Twitch, Facebook, and Periscope.

YouTube: https://youtube.com/wallofsheep

Twitch: https://twitch.tv/wallofsheep

Facebook: https://www.facebook.com/wallofsheep/

Periscope: https://www.periscope.tv/wallofsheep

Return to Index - Add to

- ics Calendar file

CAHV - Saturday - 13:00-13:59 PDT

Title: Selling Yourself as a Security Professional
When: Saturday, Aug 7, 13:00 - 13:59 PDT
Where: Career Hacking Village (Talk)

SpeakerBio:Preston Pierce
No BIO available

Description:
What is the key to advancing your career in cybersecurity? The answer is SALES. No, you don't have to go make cold calls worry about CAN-SPAM laws, but you need to learn how to sell yourself. Many security professionals treat the industry like a chess tournament, expecting the most skilled player to come out on top and relying on skills alone to make the difference. This is not the reality of the world we live in. Most estimates say over half of jobs are filled through networking. Sometimes, who you know will matter as much as what you know in seeking a job. Leave the job boards and online postings and learn from one who has spent a decade in cybersecurity in recruiting (including running a cybersecurity recruiting agency) and sales how best to sell yourself for your next career move. This is going to be a tactical, practical discussion. How do you approach finding a new role from an outbound vs. inbound approach? What are the best places to put yourself out there in the market? What does it really mean to network to find your next job? How can you create a pipeline of job opportunities? Join to learn how to create more demand for YOU in the marketplace, find more job opportunities, and become a sought after person in our industry.

This talk will be available on YouTube: https://www.youtube.com/watch?v=9EA1DtgTrbU

Career Hacking Village content will be available on YouTube.

YouTube: https://youtube.com/careerhackingvillage

Return to Index - Add to

- ics Calendar file

CLV - Saturday - 12:45-13:30 PDT

Title: Shift Left Using Cloud: Implementing baseline security into your deployment lifecycle
When: Saturday, Aug 7, 12:45 - 13:30 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Avinash Jain
I am an information security researcher working as a Lead Security Engineer managing complete end-to-end information security. I love to break application logic and find vulnerabilities in them, have been - acknowledged by various MNCs like Google, Yahoo, NASA, Vmware, MongoDB, and other top companies. I am also an active blogger, some of my articles and interviews have been published in various newspapers like Forbes, BBC, Techcrunch, Economic times, Huffingtonpost, Hindustan times, ZDNet, Hakin9, Hackerone, etc. I am also a cybersecurity speaker, love to share my views on various infosec threads.
Twitter: @logicbomb_1

Description:
In the agile world, where continuous iteration of development and testing happens throughout the software development lifecycle involving constant collaboration with stakeholders and continuous improvement and iteration at every stage, where engineers release their changes very frequently. All this makes the chances of potential security loopholes become more and more real. A fast-moving lean and agile culture makes it necessary to bring the testing of software support earlier in the development and release process. This brings us to the quote - “Security shouldn’t be treated as an after-thought”, it should be brought as close to engineers and as early in SDLC. When we bring something close to the source, and in this context, if we bring Security closer to the source, we call it Shift Left Security. It not only gives a much better opportunity to see improved security outcomes in products sooner, and include the requirements, suggestions, advice at an earlier stage, but also saves time, effort, and overall cost of product delivery. Shift Left approach takes this a step further, integrating security into CICD. With security requirements represented earlier in the software development process, it also makes enforcement part of the Continuous Delivery pipeline with improved testing, monitoring, and response to support security drift detection. By integrating security in CICD, one can deliver secure and compliant application changes rapidly while running operations consistently with automation. In order to do this well, the most logical place security can be checked are code reviews. But now the series of questions raised - How can it be achieved? How can we make sure every release that goes to production has proper security sign-off? How can we scan and test every piece of code that is changed from not just DAST or SAST point of view but also including wide custom and flexible security test cases? Here we will talk about building such a solution and framework to integrate security in CICD and automating the complete process for continuous scanning of different kinds of potential security issues on every code change in AWS Codepipeline. Some of the improvement it brings - Wide Variety of Security checks — Integration of standard and custom checks Early Checks — Now security checks are performed as soon as any PR is raised or code is modified Highly Flexible —The security checks are very modular. We can add more checks as we want and configure them to perform response-based action Completely Automated — Automation is the key/let the machines do the work Alerting - Integration of SNS alert for check success or failure Reporting - Scan reports are shared across different communication channels Framework as code - Any company having their CICD over AWS can use this framework by just running my in-house built cloud formation template Vulnerability Management - All the vulnerabilities and findings are logged in a single place - AWS Security Hub

Cloud Village activities will be streamed to YouTube.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Claire%20Vacherot%20-%20Sneak%20into%20buildings%20with%20KNXnetIP.mp4

Return to Index - Add to

- ics Calendar file

DL - Saturday - 14:00-15:50 PDT

Title: Shutter
When: Saturday, Aug 7, 14:00 - 15:50 PDT
Where: Palace 1+2

SpeakerBio:Dimitry "Op_Nomad" Snezhkov
Dimitry Snezhkov is an Associate Director at Protiviti. In this role he hacks code, tools, networks, apps and sometimes subverts human behavior too. Dimitry has spoken at DEF CON, BlackHat, THOTCON conferences, and presented tools at BlackHat Arsenal.
Twitter: @Op_Nomad

Description:
Tool or Project Name: Shutter

Short Abstract:
The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permitting traffic based on IP or an executable that initiates or receives the traffic.

This is useful to blackhole event logging, defensive agent communication, or explicitly permit specific executables to communicate if they have been previously restricted by policy.

Shutter installs rules in a memory running session without touching the windows firewall itself or invocation of `netsh` command, thereby minimizing detection during long haul RT operations.

As a generic mechanism for managing network traffic it can help operators in: punching through firewalls without shutting them down not creating persistent rules
evading reporting on `netsh` invocation blackholing EDRs and activity supervising agents. studying existing security providers, active filters and network endpoints involved in network communication Short Developer Bio:
I support initiatives in offensive testing for my team by writing code where needed.

Interests include network-based command and controls, data exfiltration mechanisms, evasion.

URL to any additional information: https://github.com/dsnezhkov/shutter

Detailed Explanation of Tool: Please see https://github.com/dsnezhkov/shutter...main/README.md

Supporting Files, Code, etc: https://github.com/dsnezhkov/shutter

Target Audience: Offense

Offensive teams can use the tool to better simulate attacks that involve WFP.

Return to Index - Add to

- ics Calendar file

BCV - Saturday - 13:30-13:59 PDT

Title: Sla(sh*t)ing happens when you stake
When: Saturday, Aug 7, 13:30 - 13:59 PDT
Where: Blockchain Village / Paris Vendome B
Speakers:Nadir Akhtar,Y L

SpeakerBio:Nadir Akhtar , Blockchain Security Engineer, Coinbase
Blockchain security engineer @ Coinbase with deep expertise in digital asset security vulnerabilities https://blog.coinbase.com/securing-an-erc-20-token-for-launch-on-coinbase-68313652768f Former President, Blockchain @ Berkeley edX Blockchain Fundamentals curriculum developer and lecturer

Nadir Akhtar is a Blockchain Security engineer at Coinbase, where he leads security reviews of assets under consideration for Coinbase listing. Previously at Quantstamp, he audited smart contracts and contributed to a book on smart contract security fundamentals. He graduated from UC Berkeley in 2019 with a degree in Computer Science. During his time in Blockchain at Berkeley, he was President and an instructor for the UC Berkeley-endorsed blockchain fundamentals edX course series, reaching over 225,000 enrolled students to date.

SpeakerBio:Y L , System Security Architect, Coinbase
System security Architect @ Coinbase. Leads team that designed, built, and operates Coinbase’s current cold storage system. https://www.wired.com/story/coinbase-physical-vault-to-secure-a-virtual-currency/

Description:
Proof of Stake protocols come with their own programmed reward/penalty incentives that impact principal token balance staked as well as staking rewards earning potential. Our talk first reviews our threat model for staking operations and then presents threat countermeasure recommendations to minimize risk of staking losses. This knowledge can be used to help you assess the risk posture of staking service providers and can be used as a best practices guide if you want to build out your own staking infrastructure.

This content will be presented live and in-person.

Return to Index - Add to

- ics Calendar file

ICSV - Saturday - 15:00-15:30 PDT

Title: Smart Meters: I'm Hacking Infrastructure and So Should You
When: Saturday, Aug 7, 15:00 - 15:30 PDT
Where: ICS Village (Virtual)

SpeakerBio:Hash Salehi
Hash grew up on IRC freely sharing information and benefitting from those more knowledgeable who were willing to reciprocate. He is the founder of RECESSIM, a reverse engineering community where information is freely shared. Over the last few years he has focused on reverse engineering smart meter technology analyzing both the RF communications and hardware design, openly publishing all his findings.
Twitter: @BitBangingBytes

Description:
Why Smart Meters? This is a question Hash is often asked. There's no bitcoin or credit card numbers hiding inside, so he must want to steal power, right? Openly analyzing the technology running our critical infrastructure and publishing the findings is something Hash is passionate about. In the wake of the great Texas freeze of 2021, we can no longer "hope" those in power will make decisions that are in the people's best interest. This talk will present research on the Landis+Gyr GridStream series of smart meters used by Oncor, the largest energy provider in Texas.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485

Return to Index - Add to

- ics Calendar file

DC - Saturday - 14:00-14:59 PDT

Title: Sneak into buildings with KNXnet/IP
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded

SpeakerBio:Claire Vacherot
Claire Vacherot is a pentester at Orange Cyberdefense. She likes to test systems and devices that interact with the real world and is particularly interested in industrial and embedded device cybersecurity. As a former software developer, she never misses a chance to write scripts and tools.

Description:
Building Management Systems control a myriad of devices such as lighting, shutters and HVAC. KNX (and by extension KNXnet/IP) is a common protocol used to interact with these BMS. However, the public's understanding and awareness is lacking, and effective tooling is scarce all while the BMS device market keeps on growing.

The ability to craft arbitrary KNXnet/IP frames to interact with these often-insecure BMS provides an excellent opportunity in uncovering vulnerabilities in both the implementation of KNX as well as the protocol itself. From unpacking KNX at a lower level, to using a Python-based protocol crafting framework we developed to interact with KNXnet/IP implementations, in this talk we’ll go on a journey of discovering how BMS that implement KNXnet/IP work as well as how to interact with and fuzz them.

After this talk you could also claim that “the pool on the roof has a leak”!

REFERENCES: KNX Standard v2.1 https://my.knx.org/fr/shop/knx-specifications?product_type=knx-specifications Scapy https://github.com/secdev/scapy KNXmap https://github.com/takeshixx/knxmap Papers & talks: in)security in building automation how to create dark buildings with light speed Thomas Brandstetter and Kerstin Reisinger Presented at BlackHat USA 2017 https://www.blackhat.com/docs/us-17/wednesday/us-17-Brandstetter-insecurity-In-Building-Automation-How-To-Create-Dark-Buildings-With-Light-Speed-wp.pdf Hacking Intelligent Building - Pwning KNX & ZigBee Networks HuiYu Wu and YuXiang Li (Tencent) Presented at HITB Amsterdam 2018 https://conference.hitb.org/hitbsecconf2018ams/materials/D1T2%20-%20YuXiang%20Li,%20HuiYu%20Wu%20&%20Yong%20Yang%20-%20Hacking%20Intelligent%20Buildings%20-%20Pwning%20KNX%20&%20ZigBee%20Networks.pdf Security in KNX or how to steal a skyscraper Egor Litvinov Presented at Zero Nights 2015 http://2015.zeronights.org/assets/files/20-Litvinov.pdf HVACking: Understanding the Delta Between Security and Reality Douglas McKee and Mark Bereza Presented at Defcon 27, 2019 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hvacking-understanding-the-delta-between-security-and-reality/ Anomaly Detection in BACnet/IP managed Building Automation Systems Matthew Peacock – 2019 https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=3180&context=theses

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=QofeTV39kQE

This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

VMV - Saturday - 12:30-12:59 PDT

Title: Social Media Security = Election Security
When: Saturday, Aug 7, 12:30 - 12:59 PDT
Where: Voting Village (Talks - Virtual)

SpeakerBio:Sebastian Bay
Sebastian Bay is a researcher with the Swedish Defense Research Agency specialising in election security and digital harms.

Description:
Digital disinformation is a significant threat to trusted elections and poses a cybersecurity challenge for social media companies. Fake accounts spread content to authentic users, mislead users, and trick users into believing content is more popular. The global market for media manipulation is extensive and growing - many providers openly market their fake engagement services.

Sebastian Bay and his fellow researchers bought fake engagement on Facebook, Instagram, Twitter, Youtube, and Tik Tok to assess the social media companies’ ability to combat disinformation. This presentation explores their findings, highlights the differences between social media platforms, and provides recommendations for companies and policy makers.

Voting Village talks will be streamed to YouTube and Twitch.

(Demo)
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Reza%20Soosahabi%20Chuck%20McAuley%20-%20SPARROW%20-%20A%20Novel%20Covert%20Communication%20Scheme%20Exploiting%20Broadcast%20Signals%20in%20LTE%2C%205G%20%26%20Beyond%20-%20Demo.mp4

YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg

Return to Index - Add to

- ics Calendar file

DC - Saturday - 14:00-14:45 PDT

Title: SPARROW: A Novel Covert Communication Scheme Exploiting Broadcast Signals in LTE, 5G & Beyond
When: Saturday, Aug 7, 14:00 - 14:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded
Speakers:Chuck McAuley,Reza Soosahabi

SpeakerBio:Chuck McAuley
Chuck McAuley is a principal security researcher with the Application & Threat Intelligence Research Center (ATIRC) at Keysight Technologies. Chuck has a variety of interests that include 5G and LTE packet core vulnerabilities, reverse engineering botnets, finding novel forms of denial of service, and researching weird esoteric protocols for weaknesses and vulnerabilities
Twitter: @nobletrout

SpeakerBio:Reza Soosahabi
Reza Soosahabi is a lead R&D engineer with Application & Threat Intelligence Research Center (ATIRC) at Keysight Technologies. His current field of research includes RAN security, data exfiltration and ML / statistical algorithms. He has been a 5G system engineer prior to joining Keysight in 2018. He contributes in IEEE proceedings related to signal processing and information security. As a math-enthusiast, Reza often tries unconventional analytical approaches to discover and solve technically diverse problems. He also enjoys cutting boxes with Occam’s Razor and encourages the others around him to do so.
Twitter: @darthsohos
https://scholar.google.com/citations?user=SNFxK60AAAAJ&hl=en

Description:
When researching methods for covert communications in the wireless space, we noticed most hackers are barely looking below the IP layer, and even the wireless guys are focused on creating their own radio (PHY layer) solutions rather than looking at what’s already available to them. We discovered a sweet spot that takes advantage of MAC layer protocols in LTE and 5G, enabling long range communication using other people’s networks, GSMA CVD-2021-0045. We can use SPARROW devices almost everywhere in a variety of scenarios, such as data exfiltration and command and control. Despite limited data rates, the new scheme can defeat known covert communication schemes with dedicated PHY in the following ways:

Maximum Anonymity: SPARROW devices do not authenticate with the host network while operating. This eliminates their exposure to network security and lawful intercept systems as well as spectrum scanners. Utilizing limited resources, they cause very minimal impact on the host network services.
More Miles per Watt: SPARROW devices can be several miles apart exploiting broadcast power of base stations or non-terrestrial technologies. The range can be further extended by deploying several of them in a geographically sparse mesh network.
Low Power & Low Complexity: SPARROW devices can utilize existing protocol implementation libraries installed on commodity SDRs. They can operate on batteries or harvest energy from the environment for long durations, just like real sparrows!

REFERENCES

There are no direct references of prior study that I (Reza) have (aside from general knowledge of 5G standard and RF), however the following talks and items led me towards this discovery:
DEF CON Safe Mode - James Pavur - Whispers Among the Stars - https://www.youtube.com/watch?v=ku0Q_Wey4K0
DNS Data Exfiltration techniques
My boss buying me a 5G base station emulator and saying "find something wrong with this!"

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=oaLIo9HwW-g

Media: (Main Talk) https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Reza%20Soosahabi%20Chuck%20McAuley%20-%20SPARROW%20-%20A%20Novel%20Covert%20Communication%20Scheme%20Exploiting%20Broadcast%20Signals%20in%20LTE%2C%205G%20%26%20Beyond.mp4

This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

CPV - Saturday - 14:00-14:59 PDT

Title: Staying Fresh While the Feds Watch: Changes in Government Surveillance and Why it Matters
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: Crypto & Privacy Village (Virtual)

SpeakerBio:Anthony Hendricks
Anthony Hendricks is an attorney who advises clients as the chair of Crowe & Dunlevy’s Cybersecurity & Data Privacy Practice Group. In that role, he frequently analyzes and litigates legal issues related to IoT devices. Prior to beginning his practice, he studied as Howard University's first Marshall Scholar and later graduated from Harvard Law School. He now teaches cybersecurity law as an adjunct professor at Oklahoma City University School of Law.

Description:
Technology is constantly changing and evolving. While our laws are slow to keep up, this hasn’t stopped the government from adapting. Whether it’s using IoT devices as informants, paying for access to databases of information that the government could not collect without a warrant, or the increased use of facial recognition software, government surveillance is changing. This presentation will explore the current trends in government surveillance and investigations, the gaps in the law, the impact on all of us, and what we should be asking the law to do.

Crypto & Privacy Village will be streaming their events to YouTube and Twitch.

Return to Index - Add to

- ics Calendar file

IOTV - Saturday - 12:00-12:30 PDT

Title: Strategic Trust and Deception in the Internet of Things
When: Saturday, Aug 7, 12:00 - 12:30 PDT
Where: IoT Village (Talk - Virtual)

SpeakerBio:Juneau Jones
Raised in the woods of Alaska, Juneau attributes her love of hacking to a childhood spentbuilding and breaking things outside. After studying computer science and economics, she moved to Dallas, Texas, where she found a home in the local hacker community. Juneau began research on applying behavioral economics to adversarial tactics. After her successful first talk at Dallas Hacker's Association on the prisoner’s dilemma, she began presenting her research at cons across the country. Currently, she works as an adversarial analyst doing consultant red teaming. She is also continuing her research and education as a cybersecurity fellow at NYU. When she is not hacking or asking strangers to act out the prisoner's dilemma, Juneau breathes fire, plays the bass, and runs DC214; Dallas's DefCon group.

Description:
Game Theory is the study of choices and strategies made by rational actors, called ""players,"" during times of conflict or competition. It has been used throughout history to map human conflict. Statisticians use game theory to model war, biology, and even football. In this talk, we will model interactions between IoT devices based on strategic trust; how agents decide to trust each other. The talk will provide an overview of game-theoretic modeling and its application to the IoT landscape. The landscape facilitates deception; players must decide whether or not to trust other agents in the network, and agents may have misaligned incentives. There is a trade-off between information gained and short-term security. This talk will build a framework for predictive and strategic trust where players make decisions based on the incentives of their ""opponents."" This talk will not look at network topology or protocols but will instead look at information exchange and strategy.

IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.

Return to Index - Add to

- ics Calendar file

BTV - Saturday - 17:00-17:30 PDT

Title: Structured Analytical Techniques for Improving Information Security Analyses
When: Saturday, Aug 7, 17:00 - 17:30 PDT
Where: Blue Team Village - Main Track (Virtual)

SpeakerBio:Rabbit
Rabbit is an information security engineer and lagomorph enthusiast with a background in medical device security and biometric access system assessment who now manages the secure development and testing of IoT smart home and smart lock devices.
Twitter: @ra6bit

Description:
Based on tradecraft documents openly published by the CIA, this talk takes structured analytical techniques intended for intelligence analysis and refactors them for use in improving typical Information Security investigations and analyses as well as OSINT investigations.

In 2009, the Central Intelligence Agency published a document titled "A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis " which lays out a number of techniques for improving the accuracy and reliability of intelligence analyses. I found the document fascinating and set out to reapply the techniques for use in my day to day Information Security work. The techniques are a fantastic tool set for improving the quality of analysis products by bringing alternative narratives and solutions to light, highlighting contradictory evidence, and developing confidence in analysis conclusions. Additionally there are techniques for imaginatively creating and evaluating new scenarios which may fit a given set of evidence.

The techniques can be divided into three categories. "Diagnostic Techniques", which are intended to assess and improve the quality of source material used in an analysis. "Contrarian Techniques", which are intended to surface potential alternate hypotheses that fit the information available, and "Imaginative Thinking" techniques which are used to generate new starting points for hypotheses that can then be developed further by applying the previous techniques.

An example of a Diagnostic technique is a "Key assumptions check". This exercise is simply to list all of the assumptions that have been made within an analysis, which can then be analyzed to identify unsupported assumptions or assumptions with excessive uncertainty. In an information security context, such as during incident response, this type of analysis can illuminate where assumptions have been made that can't be verified, such as confusing correlation with causation, or when errors have been made due to trusting timing information sources without verifying other reference events are properly synchronized in the source material. In an OSINT investigation, this technique can help weed out correlations that have been made based on dubious evidence.

An example of a Contrarian technique most people are probably familiar with already is the "Devils advocate" technique, where narratives are created which intentionally directly refute the hypothesis of the analysis to be improved. These opposite narratives are then evaluated to determine if they could be valid primary hypotheses. A lesser known technique, however, would be a "High Impact/Low probability" analysis, where an incident is analyzed in reverse. If the event is assumed to be a foregone conclusion, analyzing what conditions would necessarily have to have occurred for that condition to be possible can lead to the identification of additional places where supporting evidence may be available, or it may lead to a hypothesis being rejected as not fitting the available evidence.

An example of an Imaginative analysis is the "Red Team analysis". While a lot of people in Information Security will be familiar with what a red team is, particularly in the BTV, in this technique, the focus is on analyzing the red team itself, rather than applying red team techniques. What this means is to analyze the driving motivations of the adversary and factors which may influence their behavior as attackers. It's more like "red teaming the red team" to develop an idea of how and why they may act in a certain way in a given situation. In the information security realm, an example of applying this sort of technique is to develop a potential model of a threat based on their TTPs, then use that to determine if there are other investigations that should occur. For instance, if a breach was caused by a hacktivist, the ultimate goal of their attack may be completely different than that of a corporate rival, or a nation state, and identifying those motivations can help you further understand the motives and meanings behind the actions they take and their ultimate goals within your systems.

The final portion of this talk would be to apply some of the techniques to sample sets of evidence to illustrate how each technique can be applied, and how each can improve, support, or refute the initial hypothesis.

Blue Team Village talks will be streamed to Twitch.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Paz%20Hameiri%20-%20TEMPEST%20radio%20station.mp4

Return to Index - Add to

- ics Calendar file

DC - Saturday - 13:00-13:59 PDT

Title: TEMPEST radio station
When: Saturday, Aug 7, 13:00 - 13:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded

SpeakerBio:Paz Hameiri
Paz started his professional life 30 years ago, hacking games and developing tools in his teen years. Since then, he has worked in several companies, developing both hardware and software.

Paz has six years of experience with telecommunication systems design and circuits. He explored GPU hardware and software design in his Master's thesis. For 12 years, Paz led multidisciplinary systems development as a systems engineer in an international homeland security company.

At home, Paz explores ideas he finds interesting. In 2019 he published his work on a body-tracking device that records keystrokes on a safe's keypad.

https://il.linkedin.com/in/paz-hameiri-251b11143

Description:
TEMPEST is a cyber security term that refers to the use of electromagnetic energy emissions generated by electronic devices to leak data out of a target device. The attacks may be passive (where the attacker receives the emissions and recovers the data) or active (where the attacker uses dedicated malware to target and emit specific data).

In this talk I present a new side channel attack that uses GPU memory transfers to emit electromagnetic waves which are then received and processed by the attacker. Software developed for this work encodes audio on one computer and transmits it to the reception equipment positioned fifty feet away. The signals are received and processed and the audio is decoded and played. The maximum bit rate achieved was 33kbit/s and more than 99% of the packets were received.

Frequency selection not only enables maximization of signal quality over distance, but also enables the attacker to receive signals from a specific computer when several computers in the area are active. The software developed demonstrates audio packets transfers, but other types of digital data may be transmitted using the same technique.

REFERENCES: Eck W. “Electromagnetic radiation from video display units: an eavesdropping risk?” Computers and Security, 4, no. 4: 269-286, 1985. Kuhn, M. G., and Anderson, R. J. Soft. “Tempest: Hidden Data Transmission Using Electromagnetic Emanations.” In Information Hiding (1998), ed. D. Aucsmith, vol. 1525 of Lecture Notes in Computer Science, (Springer): 124–142. Thiele, E., “Tempest for Eliza.” 2001. http://www.erikyyy.de/tempest/. Kania B., “VGASIG: FM radio transmitter using VGA graphics card.” 2009. http://bk.gnarf.org/creativity/vgasig/vgasig.pdf. Guri M., Kedma G., Kachlon A., Elovici Y. “AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies.” In Malicious and Unwanted Software: The Americas (MALWARE), 2014 9th International Conference on IEEE, 2014: 58-67. 2pkaqwtuqm2q7djg,"OVERCLOCKING TOOLS FOR NVIDIA GPUS SUCK, I MADE MY OWN". 2015. https://1vwjbxf1wko0yhnr.wordpress.com/2015/08/10/overclocking-tools-for-nvidia-gpus-suck-i-made-my-own/ nvapioc project: https://github.com/Demion/nvapioc SDRplay API Specification v3, https://www.sdrplay.com/docs/SDRplay_API_Specification_v3.pdf Simon Rockliff's Reed-Solomon encoding-decoding code at http://www.eccpage.com/rs.c

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=m9WkEwshNKc

This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

RFV - Saturday - 08:00-07:59 PDT

Title: The Basics of Breaking BLE - Part 2: Doing More With Less
When: Saturday, Aug 7, 08:00 - 07:59 PDT
Where: Radio Frequency Village (Virtual)

SpeakerBio:freqy
Freqy is a security consultant and researcher with a particular interest in wireless technologies like BLE, ZigBee, Wi-Fi, etc. She has spent the past two year working with companies to help improve the wireless security of devices found in millions of homes and businesses.
Twitter: @freqyXin

Description:
Part 2 of this series continues our discussion on BLE security with an introduction to some additional testing methods using affordable devices and open-source software. From there, we’ll talk about scripting simple BLE attacks, dealing with BlueZ, and exploring BLE devices in the wild. Attendees will also have the opportunity to field questions about BLE security during a live Q/A session following the video.

Radio Frequency Village will not be streaming any talks, but they will be making talks available on their YouTube channel.

YouTube: https://youtube.com/c/RFHackersSanctuary

Return to Index - Add to

- ics Calendar file

HHV - Saturday - 10:30-10:59 PDT

Title: The Black Box and the Brain Box: When Electronics and Deception Collide
When: Saturday, Aug 7, 10:30 - 10:59 PDT
Where: Hardware Hacking Village (Virtual Talk)

SpeakerBio:Gigs
Gigs is the founder of ##electronics on Freenode (may it rest in peace), and a long time electronics enthusiast and DEF CON HHV volunteer. He, working with see_ess, did the PCB and hardware design for this year’s TorBadge, a mini-polygraph device.
Twitter: @gigstaggart
gigsatdc.org

Description:
Electricity has, from the earliest history of man, been seen as an almost mystical force. From Thor’s lightning onward, various individuals and groups have used electricity and electrical devices to baffle, mystify, mislead, and control people. In the modern day, this practice continues in the form of polygraph, questionable uses of fMRI and EEG, and other high-tech props intended to dazzle the victim or lend a technological veneer of credibility to the user. This talk will focus on the history and current applications of deception by and with electrical and electronic devices.

#hhv-talk-qa-blackbox-brainbox-text https://discord.com/channels/708208267699945503/709254868329693214

Hardware Hacking Village talks will be streamed to Twitch.

Return to Index - Add to

- ics Calendar file

RCV - Saturday - 10:40-11:10 PDT

Title: The Bug Hunter’s Recon Methodology
When: Saturday, Aug 7, 10:40 - 11:10 PDT
Where: Recon Village (Virtual)

SpeakerBio:Tushar Verma
No BIO available
Twitter: @e11i0t_4lders0n

Description:No Description available

Recon Village talks will stream to YouTube.

Return to Index - Add to

- ics Calendar file

LPV - Saturday - 15:00-15:30 PDT

Title: The Coat Hanger Talk: A Noob's Look Into the Thieves World
When: Saturday, Aug 7, 15:00 - 15:30 PDT
Where: Lock Pick Village (Virtual)

SpeakerBio:De
No BIO available

Description:
The talk starts with me describing a typical work environment, and explaining how creativity is a fundamental for the LPV. I, As a noob, steps into the shoes of a broad audience and explains how creativity is a huge issue when it comes to basic security, both physical, with locks, and a bit with software.

Lock Pick Village will be streaming their activities to Twitch and YouTube.

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US

Return to Index - Add to

- ics Calendar file

AIV - Saturday - 11:00-11:59 PDT

Title: The Coming AI Hackers
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: AI Village (Virtual)

SpeakerBio:Bruce Schneier
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536

Return to Index - Add to

- ics Calendar file

APV - Saturday - 11:00-11:45 PDT

Title: The Curious case of knowing the unknown
When: Saturday, Aug 7, 11:00 - 11:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Vandana Verma Sehgal
No BIO available

Description:No Description available

AppSec Village events will be streamed to YouTube.

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 22:30-23:30 PDT

Title: The Hangar – Cocktail Making Event
When: Saturday, Aug 7, 22:30 - 23:30 PDT
Where: Aerospace Village (Workshop - Paris Rivoli B)

Description:
There’s nothing like a nice cocktail after a long day of travel and/or hacking! Come join us Saturday afternoon for a cocktail building session. We’ll be making and tasting the most appropriate cocktail, the Aviation, which evokes beautiful clouds and sunsets. It’s sophisticated and full of gin (just like our UK friends). We’re working on a virtual version where we will publish a CBOM – Cocktail Bill of Materials, so you know what to collect/purchase to build your own while we share one with you, no matter your location.

Return to Index - Add to

- ics Calendar file

SEV - Saturday - 13:30-14:30 PDT

Title: The Innocent Lives Foundation: A Beacon of Light in a Dark World
When: Saturday, Aug 7, 13:30 - 14:30 PDT
Where: Social Engineer Village (Virtual)

SpeakerBio:John McCombs
John McCombs serves as the Executive Assistant to the ILF, where he assists in administrative duties, fundraising, project management and public speaking. At age 12, John began his first job in the industry as a web developer, and shortly thereafter, as a help-desk operator at an international health supplement company.

In addition to having over a decade of experience in the technology industry, John also holds a bachelor’s degree in Teaching English to Speakers of Other Languages (TESOL) and has had extensive training in public speaking.

Description:
The Innocent Lives Foundation: A Beacon of Light in a Dark World, is a talk to bring awareness to the ILF and the mission of identifying and bringing child predators to justice. Topics will include an introduction to the ILF, our mission, our vision, why we are needed now more than ever, our stance on vigilantism, and neutrality. We wish to introduce the ILF to a broad audience and encourage involvement through financial support and ambassadorship.

Social Engineer Village will stream content to Twitch.

Twitch: https://www.twitch.tv/socialengineerllc

Return to Index - Add to

- ics Calendar file

IOTV - Saturday - 17:15-17:59 PDT

Title: The Journey of Establishing IoT Trustworthiness and IoT Security Foundation
When: Saturday, Aug 7, 17:15 - 17:59 PDT
Where: IoT Village (Talk - Virtual)
Speakers:Amit Elazari,Anahit Tarkhanyan,Ria Cheruvu

SpeakerBio:Amit Elazari
Dr. Amit Elazari is Director, Global Cybersecurity Policy, Government Affairs at Intel Corp. and a Lecturer at UC Berkeley School of Information Master in Cybersecurity program. She graduated her Doctor of Science of the Law (J.S.D.) from UC Berkeley School of Law. Her work on security and technology law has been published in leading academic journals and popular press, including The New York Times, The Washington Post and Wall Street Journal and presented in top conferences including RSA, BlackHat, USENIX Enigma, USENIX Security and more. Elazari holds three prior degrees, summa cum laude (LL.B., LL.M. in the Law and a B.A. in Business) from IDC, Israel. Her work was awarded among others a USENIX Security Distinguished Paper Award, Annual Privacy Papers for Policymakers (PPPM) Award Academic Paper Honorable Mention, Casper Bowden PET award for Outstanding Research in Privacy Enhancing Technologies, University of California, Berkeley School of Information Distinguished Faculty Award. She is currently one of the co-editors of ISO/IEC 27402 at JTC1, SC27 (in draft, IoT Security Baseline Requirements).

SpeakerBio:Anahit Tarkhanyan , Principal Engineer, Intel Corp., Network and Edge Group, IoT CTO Office
Anahit leads the security architecture of Intel edge portfolio. Her area of expertise covers security of Edge to Cloud systems and AI/ML, security standards and regulation. Anahit is IEEE Senior Member and has PhD in Distributed Computer Systems and Networks. She holds several patents, and has publications in diverse security technology. "Dr. Amit Elazari, Intel Corp., Director, Global Cybersecurity Policy, Government Affairs

SpeakerBio:Ria Cheruvu
Ria Cheruvu is an AI Ethics Lead Architect at the Intel Network and Edge engineering group working on developing trustworthy AI products. She is 17 years old, and graduated with her bachelor’s degree in computer science at Harvard University at 11 and her master’s degree in data science from her alma mater at 16. Her pathfinding domains include solutions for security and privacy for machine learning, fairness, explainable and responsible AI systems, uncertain AI, reinforcement learning, and computational models of intelligence. She enjoys composing piano music, ocean-gazing with her family, and contributing to open-source communities in her free time.

Description:
The Internet of Things (IoT) ecosystem holds tremendous promise to promote innovation and productivity, and societal benefits. Yet, with increased connectivity, concerns remain with the growing attack surface. While the DFECON community often focuses on the security aspects of these issues, the multidimensional nature of IoT devices and the combination of AI/ML solutions, sparked standardization activities focusing more generally on the concept of “IoT trustworthiness”. This talk will introduce the audience to the latest developments in the IoT Security Policy landscape, proposals for confidence/certifications mechanisms emerging globally, and key IoT Security baseline standards developments, while exploring the connection to the IoT trustworthiness concept across the IoT Supply Chain. We will describe a case study of IoT robustness and trustworthiness applied in context of AI and smart analytics, including the importance of characterizing the behavior of data.

IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.

Return to Index - Add to

- ics Calendar file

BHV - Saturday - 17:00-17:30 PDT

Title: The Little Things
When: Saturday, Aug 7, 17:00 - 17:30 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Mixæl Laufer , Director of the Institute for Autonomous Medicine. Four Thieves Vinegar Collective.
No BIO available

Description:
Was 2020 not the best year for you? Has 2021 not been a huge improvement? Are you sick of being dependent on infrastructure which fails? Do you wish there was something to look forward to? The Four Thieves Vinegar Collective has been quiet, because we've been busy this last year. We have a lot of things to share.

But that's not what this talk is about. Instead of the new tools to eradicate diseases, tools to make medicines, ways to administer them, and DIY medical machinery, we're talking about just making it through the day.

There are tools which are not well known, but are easily accessible and can help you sleep better, not be hungover, clear brain fog, and take the edge off depression. These tools are not as well known as they should be, so we're talking about them.

Because as fun as the big things are, daily life is about the little things.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

Return to Index - Add to

- ics Calendar file

BICV - Saturday - 12:30-12:30 PDT

Title: The OPSEC of Protesting
When: Saturday, Aug 7, 12:30 - 12:30 PDT
Where: Blacks in Cyber

SpeakerBio:Ochaun Marshall
Ochaun (pronounced O-shawn) Marshall is an application security consultant. In his roles at Secure Ideas, he works on ongoing development projects utilizing Amazon Web Services and breaks other people's web applications. When he is not swallowing gallons of the DevOps Kool-Aid, he can be found blasting J Cole while hacking, blogging, and coding. He covers everything he does with the signature phrase: I code; I teach; I hack.
Twitter: @OchaunM

Description:
Technology both facilitates and complicates the human condition in many ways, especially in the tradition of protesting. Activists and those supporting social movements need to be aware of the risks of social demonstrations. In this talk, we dive into communication strategies for activists, as well as the basics of OPSEC. We’ll do threat modeling against both nation-state & opposition movements and discuss the utility of basic security hygiene in this context. We will also examine these principles against case studies of the Civil rights movement, BLM, Hong Kong Separation movement, Election protests, and recent “hacktivist” attacks against Parler and Gab.

Blacks in Cyber talks will be streamed on YouTube.

YouTube: https://www.youtube.com/c/BlacksInCybersecurity

Return to Index - Add to

- ics Calendar file

AIV - Saturday - 14:00-14:59 PDT

Title: The Real History of Adversarial Machine Learning
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: AI Village (Virtual)

SpeakerBio:Eugene Neelou
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536

Return to Index - Add to

- ics Calendar file

BHV - Saturday - 14:00-14:59 PDT

Title: The Real Story on Patching Medical Devices
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Michael Murray , Founder / CEO · Chief Security Officer, Scope Security
Mike Murray is the CEO of Scope Security where he builds on his nearly two decades of experience to solve critical security problems in healthcare. Prior to Scope, Murray served as the CSO at Lookout, lead pre-market security at GE Healthcare and co-founded The Hacker Academy & MAD Security.
Twitter: @mmurray

Description:
One of the constant debates in the medical device sector is around patching of medical devices. While the FDA issues clear guidance that devices can and should be patched, some device manufacturers often claim that the FDA is the reason that they can't issue patches, and the hospitals and healthcare organizations using the devices are left confused and accepting risk that they can't manage. With this panel, we will have the conversation out in front of the Defcon audience. Panelists will include representation from the FDA, a product security leader from a device manufacturer and a healthcare CISO with the goal being for the entire Defcon Biohacking Village audience to come away understanding what the truth really is about whether they can patch their devices, and how the sector can continue to move this conversation forward.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

Return to Index - Add to

- ics Calendar file

CPV - Saturday - 16:30-17:30 PDT

Title: The threat hiding in daylight: Police Monitoring legislation and individual privacy in chat
When: Saturday, Aug 7, 16:30 - 17:30 PDT
Where: Crypto & Privacy Village (Virtual)
Speakers:Vic Huang,Joy Ho

SpeakerBio:Vic Huang , Member, UCCU Hacker
Vic Huang is member of UCCU Hacker, a hacker community in Taiwan. He is interested in Web/Mobile/Blockchain Security and penetration testing. He has been focusing on Blockchain for over 4 years. Vic shared his research on CYBERSEC 2021, CODE BLUE 2020, HITB+cyberweek 2019, HITCON Pacific 2018, AIS3, ISIP (Information Security Incubation Program), and so on.

SpeakerBio:Joy Ho , Ph. D. Candidate, Soochow University
Joy Ho is a privacy counsel now working in a technical company in handling personal data infringement events and in legal compliance of Personal Information Protection Act. Joy is certified Internal Management Specialist, Internal Auditor & Certified Verification Professional – Lead Auditor of Taiwan Personal Information Protection & Administration System (TPIPAS), also Lead Auditor of ISO 27001.

Description:
Since all the messenger services emphasize the trust relationship between the service provider and users, technology companies have been actively strengthening user data protection and providing better encryption measures in recent years. However, focusing on criminal investigation, national security and Anti-terrorism, law enforcement agencies in many countries have begun to formulate rules requiring technology companies to cooperate with the government to provide user data decryption to protect national security. This presentation try to introduce relevant issues about the police monitoring legislation and individual privacy in chat from technical and legal perspectives and the special case study from Taiwan.

First , we would share some police investigation in TW. The methods and targets have been changed due to the evolution of times. Then we would dive into a new critical target - messengers apps. Discuss about the technical part of messengers apps and Police Monitoring possibility. There are some messengers which is popular in different regions. In these apps, not only personal information are stored in the data collector side - service provider, but also our private chat messages with our family and friends. The messenger app companies say they use point-to-point encryption (end-to-end encryption, E2EE) to technically protect user privacy, but actually each what is E2EE? What is the difference between messenger apps E2EE? And how’s it possible that there are some monitor(spying) apps clarify that they could reach to the data under E2EE scope? It makes the Police monitoring possible because many spying apps are existed. In this part we will also discuss about the technical part of privacy protection and spying. The discussion would then point out “what and how the police could really get in real world” from the technical perspective.

Secondly, we would start from Technology Investigation Act draft in Taiwan. On September 8, 2020, the Taiwan Ministry of Justice announced the draft Technology Investigation Act, which introduced different high-tech investigation approaches, including the “source telecommunications surveillance.” We will introduce the draft Technology Investigation Act and the source telecommunications surveillance ruled. The issues related to the access of individual communication content would be raised: (1) If public interest is the reason to get individual communication, what is the line between privacy protection and public interest?What is the legal basis to get individual communication? (2) Could Government request or compel technology companies to provide my communication content? (3) How about the encrypted one? Through the discussion of 3 questions above, this presentation would provide an example to see the accessible information of messengers by criminal investigation, hoping to find the balance between privacy protection and police investigation. The last but not the least, we would share a case study about the police in Taiwan use the personal information collected for COVID-19 measurements to investigate the case.

Crypto & Privacy Village will be streaming their events to YouTube and Twitch.

Return to Index - Add to

- ics Calendar file

AVV - Saturday - 10:00-10:59 PDT

Title: The Way of The Adversary
When: Saturday, Aug 7, 10:00 - 10:59 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Phillip Wylie , Offensive Cybersecurity Practitioner & Educator, The PWN School Project
Phillip has over two decades of information technology and cybersecurity experience. His specialties include penetration testing, red teaming, and application security. When Phillip is not hacking, he is educating others. Phillip is the founder of The Pwn School Project, an education-focused cybersecurity organization. He co-authored the book, “The Pentester Blueprint: Starting a Career as an Ethical Hacker” based on his popular talk presented at numerous conferences. He is an Innocent Lives Foundation Ambassador and a ‘Hacking is NOT a Crime’ Advocate.
Twitter: @PhillipWylie
https://www.linkedin.com/in/phillipwylie

Description:
The adversary philosophy and mindset are important when trying to emulate a threat actor during a red team operation or offensive cybersecurity assessment or trying to understand them as a defender. In this talk we will take a look at the philosophy and mindset of an adversary as well as what motivates them.

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Media Server (Main Talk):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29.mp4

Return to Index - Add to

- ics Calendar file

BCV - Saturday - 16:00-16:30 PDT

Title: The Wild West of DeFi Exploits
When: Saturday, Aug 7, 16:00 - 16:30 PDT
Where: Blockchain Village / Paris Vendome B

SpeakerBio:Anna Szeto , Intern Blockchain Security Coinbase
Anna Szeto is a Software Engineering Intern on the Blockchain Security team at Coinbase. She is a rising third-year student at Columbia University, with a major in computer science and interests in blockchain, decentralized finance, and artificial intelligence.

Description:
Decentralized finance (DeFi) has become increasingly popular, and DeFi-related hacks and scams have become more frequent as the market expands. This talk reviews how and why these hacks and scams occur, both from a technical, code-oriented perspective and a psychological perspective. Recent examples of DeFi scams, as well as tips for avoiding them, are also covered. DeFi can seem like a lawless land, but investors can navigate safely if they know what to look out for.

This content will be presented live and in-person.

Return to Index - Add to

- ics Calendar file

DC - Saturday - 12:00-12:20 PDT

Title: Time Turner - Hacking RF Attendance Systems (To Be in Two Places at Once)
When: Saturday, Aug 7, 12:00 - 12:20 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Vivek Nair
Vivek Nair is a Ph.D. student studying applied cryptography in the EECS department at UC Berkeley. He was the youngest-ever recipient of Bachelor’s and Master’s degrees in Computer Science at the University of Illinois at the ages of 18 and 19 respectively. He is also a National Science Foundation CyberCorps Scholar and a National Physical Science Consortium Fellow.
https://github.com/VCNinc/Time-Turner

Description:
It's a tale as old as time: a graduating senior needs two more courses to graduate, but the lectures happen to be scheduled at the same time and the school's new high-tech wireless attendance tracking system makes it impossible to attend both courses... in theory. By reverse-engineering the attendance devices and emulating them using a hidden Arduino, the system can be tricked into giving attendance credit for both courses without being physically present. It's a real-life "time turner," allowing him to be in two places at once.

REFERENCES: https://github.com/wizard97/iSkipper/releases/download/v1.0.0/iskipper.pdf https://courses.ece.ubc.ca/cpen442/termproject/reports/2010/iclicker.pdf https://people.ece.cornell.edu/land/courses/ece4760/FinalProjects/f2015/cs886_kdv8/cs886_kdv8/cs886_kdv8/index.html https://github.com/wizard97/iSkipper https://github.com/charlescao460/iSkipper-Software

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=wEslemikn48

Media Server (Demo 1):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%201.mp4

Media Server (Demo 2):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%202.mp4

Media Server (Demo 3):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%203.mp4

Media Server (Demo 4):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%204.mp4

Media Server (Demo 5):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%205.mp4

Media Server (Demo 6):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%206.mp4

Media Server (Demo 7):
https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Vivek%20Nair%2C%20Ph.D.%20-%20Time%20Turner%20-%20Hacking%20RF%20Attendance%20Systems%20%28To%20Be%20in%20Two%20Places%20at%20Once%29-Demo%207.mp4

This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Chad%20Seaman%20-%20UPnProxyPot%20-%20fake%20the%20funk%2C%20become%20a%20blackhat%20proxy%2C%20MITM%20their%20TLS%2C%20and%20scrape%20the%20wire.mp4

Return to Index - Add to

- ics Calendar file

ICSV - Saturday - 13:00-13:30 PDT

Title: Toward a Collaborative Cyber Defense and Enhanced Threat Intelligence Structure
When: Saturday, Aug 7, 13:00 - 13:30 PDT
Where: ICS Village (Virtual)

SpeakerBio:Lauren Zabierek , Harvard Kennedy School's Belfer Center for Science and International Affairs
Lauren Zabierek is the Executive Director of the Cyber Project at Harvard Kennedy School’s Belfer Center. She comes to this role as a 2019 graduate of the Kennedy School's mid-career MPA program.

Lauren served as an intelligence officer in the United States Air Force at the beginning of her career. Later, as a civilian intelligence analyst with the National Geospatial Intelligence Agency (NGA) assigned to the Office of Counterterrorism, she completed three war zone deployments. Throughout her six years at NGA, she became a subject matter expert on Activity Based Intelligence (ABI) and served as an adjunct professor in ABI at the NGA college.

After leaving NGA, she joined the cybersecurity threat intelligence startup Recorded Future, and was instrumental in building its Public Sector business practice. In her role as a Senior Intelligence Analyst, she fused intelligence methodologies with cybersecurity and machine learning technologies to help public and private sector customers improve their cyber posture. She also managed a team of analysts and worked alongside the Product Management and Training teams to improve her customers' experience with the software.

A Gold Star Sister, Lauren is committed to supporting families of the fallen and has volunteered several times as a mentor with the Tragedy Assistance Program for Survivors (TAPS). She also co-founded the Recorded Future Women's Mentorship Initiative, helped to start a women's initiative at NGA, is a member of the NatSecGirlSquad, and is the co-founder of the online social media movement called #ShareTheMicInCyber, which aims to dismantle racism and sexism in cybersecurity and privacy.

Twitter: @lzxdc

Description:
The recent ransomware and cyber espionage campaigns prove that a fundamental redesign of our domestic cyber defensive posture is both necessary and urgent to protect against future cyber threats. As such, we believe the time is now to develop an integrated, networked approach to collaborative defense and intelligence analysis and sharing between the federal government, state and local governments, and the private sector. My team of student researchers and I conducted several interviews with stakeholders in both the state and federal governments and the private sector and poured over existing literature. We've created a roadmap toward this vision, answering how a 21st century threat can be tackled by the tools available in its own time. We don't purport to have all the answers, but we would be interested in feedback from the community on the feasiblity and desirability of these ideas.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485

Return to Index - Add to

- ics Calendar file

CON - Saturday - 17:00-17:59 PDT

Title: Trace Labs OSINT Search Party CTF - Award Ceremony
When: Saturday, Aug 7, 17:00 - 17:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236424

Return to Index - Add to

- ics Calendar file

CON - Saturday - 09:00-09:59 PDT

Title: Trace Labs OSINT Search Party CTF - Briefing
When: Saturday, Aug 7, 09:00 - 09:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236424

Return to Index - Add to

- ics Calendar file

CON - Saturday - 10:00-15:59 PDT

Title: Trace Labs OSINT Search Party CTF
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236424

Return to Index - Add to

- ics Calendar file

DL - Saturday - 12:00-13:50 PDT

Title: Tracee
When: Saturday, Aug 7, 12:00 - 13:50 PDT
Where: DemoLab Video Channel 1

SpeakerBio:Yaniv Agman
Yaniv Agman is a Security Researcher at Aqua Security. He specializes in low-level Linux instrumentation technologies to perform dynamic analysis on Linux containers and systems. He is currently completing his Master's thesis in cyber security at BGU on detecting Android malware with eBPF technology. While not in front of a computer screen, he likes watching Sci-Fi movies and playing with his kids.

Description:
Tool or Project Name: Tracee

Short Abstract:
Linux Runtime Security and Forensics using eBPF

Short Developer Bio:
Yaniv Agman is a Security Researcher at Aqua Security. He specializes in low-level Linux instrumentation technologies to perform dynamic analysis on Linux containers and systems. He is currently completing his Master's thesis in cyber security at BGU on detecting Android malware with eBPF technology. While not in front of a computer screen, he likes watching Sci-Fi movies and playing with his kids.

Roi is a Security Researcher at Aqua Security. His work focuses on researching threats in the cloud native world. When not at work, Roi is a B.A. student in Computer Science at the Open University. He also enjoys going out into nature and spending time with family and friends.

URL to any additional information:
https://aquasecurity.github.io/tracee/dev

Detailed Explanation of Tool:
Tracee is a Runtime Security and forensics tool for Linux. It is using Linux eBPF technology to trace your system and applications at runtime, analyze collected events to detect suspicious behavioral patterns, and capture forensics artifacts. It is delivered as a Docker image that monitors the OS and detects suspicious behavior based on a predefined set of behavioral patterns.

Here is a more detailed information about the tool: Tracee is a runtime security and forensics tool for Linux. It is composed of tracee-ebpf, which collects OS events based on some given filters, and tracee-rules, which is the runtime security detection engine.

Tracee-ebpf is capable of tracing all processes in the system or a group of processes according to some given filters (these are: newly created processes, processes in a container, uid, command name, pid, tid, mount namespace id, process namespace id, uts name).

The user can select the set of events to trace, and also filter by their arguments.

The events which can be traced include the following: System calls and their arguments
LSM hooks (e.g. security_file_open, security_bprm_check, cap_capable) Internal kernel functions: (e.g. vfs_write and commit_creds) Special events and alerts (magic_write and mem_prot_alert) Other than tracing, Tracee-ebpf is also capable of capturing files written to disk or memory (e.g. "fileless" malwares), and extracting binaries that are dynamically loaded to an application's memory (e.g. when a malware uses a packer). Using these capabilities, it is possible to automatically collect forensic artifacts for later investigation. For more detailed information about these capabilities, see: https://blog.aquasec.com/ebpf-contai...ware-detection

Tracee-Rules, is a rule engine that helps you detect suspicious behavioral patterns in streams of events. It is primarily made to leverage events collected with Tracee-eBPF into a Runtime Security solution. Tracee supports authoring rules in Golang or in Rego.

Following are some of the currently available rules: Code injection - Possible code injection into another process Dynamic Code Loading - Writing to executable allocated memory region Fileless Execution - Executing a process from memory, without a file in the disk Supporting Files, Code, etc:
https://github.com/aquasecurity/tracee

Target Audience: Defense
We believe Tracee is a valuable tool for anyone who want to perform runtime protection on Linux systems. In the demo we will introduce the tool, and see how it helped us to find real threats and other possible uses.

This content will be presented on a Discord video channel.

#dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505

Return to Index - Add to

- ics Calendar file

BTV - Saturday - 11:00-12:30 PDT

Title: Tricks for the Triage of Adversarial Software
When: Saturday, Aug 7, 11:00 - 12:30 PDT
Where: Blue Team Village - Workshop Track 1 (Virtual)
Speakers:Dylan Barker,Quinten Bowen

SpeakerBio:Dylan Barker
Dylan Barker is a technology professional with 10 years' experience in the information security space, in industries ranging from K12 and telecom to financial services. He has held many distinct roles, from security infrastructure engineering to vulnerability management. In the past, he has spoken at BSides events and has written articles for CrowdStrike, where he is currently employed as a senior analyst.
Twitter: @HBRH_314

SpeakerBio:Quinten Bowen
Quinten Bowen is an Information Security Professional who works as a Senior Analyst at CrowdStrike. Additionally, Quinten has expertise in malware analysis, penetration testing, threat hunting, and incident response in enterprise environments, holding relevant certifications such as GREM, OSCP, eCPPT, and eCMAP. Quinten spends his off-time volunteering for the Collegiate Cyber Defense Competition (CCDC), mentoring, and can be found around a table playing D&D.

Description:
A malware analysis and triage workshop covering quick static and dynamic analysis techniques along with common adversarial obfuscation techniques. Followed by a short malware analysis tournament challenge with gift-card prizes.

The workshop will cover techniques outlined in Malware Analysis Techniques (Published by Packt), written and delivered by myself, Dylan Barker, and the Technical Reviewer Quinten Bowen.

We'll examine ways to de-obfuscate common malicious scripts and droppers utilized in real-world attacks by threat actors such as those responsible for DarkSide ransomware and Emotet Banking Trojan threats.

Also covered will be ascertaining the capabilities and instruction flow of malware within NSA's Ghidra framework, crafting IOCs based on PE characteristics, and advanced dynamic analysis techniques including utilizing tools such as Inetsim, ProcDot, and manually unpacking malicious samples using debuggers to closely examine them without obfuscation.

The second half of the workshop will revolve around utilizing these techniques to answer questions, which will be scored on time and accuracy utilizing a CTF framework.

Return to Index - Add to

- ics Calendar file

CCV - Saturday - 15:00-15:15 PDT

Title: Triptych
When: Saturday, Aug 7, 15:00 - 15:15 PDT
Where: Cryptocurrency Village (Onsite - Paris Champagne Ballroom 1)

SpeakerBio:Sarang Noether, Ph.D.
Sarang Noether is a researcher who focuses on privacy-preserving cryptographic constructions and protocols.

Description:
Triptych is a zero-knowledge proving system that can be used as part of a privacy-preserving transaction model. In this talk, we'll walk through the research and development process that led to an ongoing implementation of Triptych compatible with the Monero protocol, and provide insight into some of the tradeoffs and complexities that come with protocol updates. No particular background is required to understand this talk!

The Cryptocurrency Village is built around conversations and events, not formal talks. Stop by any time to speak with knowledgeable individuals! This village focuses on the security and privacy side of cryptocurrencies, not the investment side.

The Cryptocurrency Village is conveniently located in Paris Champagne Ballroom 1.

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 14:30-14:55 PDT

Title: True Story: Hackers in the Aerospace Sector
When: Saturday, Aug 7, 14:30 - 14:55 PDT
Where: Aerospace Village (Virtual Talk)
Speakers:Declyn S.,Ginny Spicer,Olivia Stella,Steve Luczynski,Thomas Bristow

SpeakerBio:Declyn S.
Declyn is a cybersecurity specialist for the Aviation ISAC. He taught himself basic security principles and after finding aviation related vulnerabilities and reported them to the A-ISAC. He now works in the intel team at the A-ISAC specialising in threat intelligence and vulnerability disclosure management.

SpeakerBio:Ginny Spicer
Ginny Spicer is a master’s student studying information security at Royal Holloway University of London. She is a packet nerd and likes to focus on network analysis, Wireshark, new protocols, and interplanetary communications. Ginny is a member of the technical documentation working group in the Interplanetary Networking SIG and an advisor for the California Cyber Innovation Challenge. Her particular areas of interest are DTN and encrypted DNS. This is her second year helping out with the DEF CON Aerospace Village.

SpeakerBio:Olivia Stella
Olivia Stella is a cybersecurity engineer for Los Alamos National Laboratory. In her current role, she focuses on agile space cybersecurity. With over twelve years of experience, she’s worked for multiple companies in the aerospace industry including an in-flight entertainment company, major US airline, and government contractors. Olivia has supported incident response, vulnerability management, pen testing, bug bounty & coordinated disclosure, risk & compliance activities. Her academic background includes degrees in computer science and software engineering, along with an alphabet soup of security certifications. When she’s not wearing her security hat, she loves to curl and is an avid toastmaster. (That’s right, ice curling.)

SpeakerBio:Steve Luczynski
No BIO available

SpeakerBio:Thomas Bristow
Thomas Bristow is a Cyber Security Certification Specialist for the UK Civil Aviation Authority where he works on a whole range of things, from cyber threat modeling to running the CyberFirst summer placement scheme. He’s a recent graduate from Royal Holloway with a degree in computer science and two back to back wins of society of the year. While his role is in cyber security he always tries to help others: whether this is educating colleagues on the LGBTQIA+ flags (and their meanings), performing careers talks at schools or just helping to make their team wiki easy to use.

Description:
What’s it like to be a hacker working in government, for an airline, or pursuing a degree? When you read that question did you think, ew, why would I ever do that?! Or did you think, wow, that sounds great tell me more!

This isn’t your typical workforce talk!

Join a diverse panel of folks working in the aerospace sector who are just like you! Learn how they got into their roles, why they chose to work there, what motivates them, and how they gained their skills and experience.

This talk will be streamed on YouTube: https://www.youtube.com/watch?v=ngoYRudoJqA

Aerospace Village talks will be streamed to YouTube.

Title: Understanding Space in the Cyber Domain
When: Saturday, Aug 7, 10:00 - 12:59 PDT
Where: Aerospace Village (Virtual Workshop)

Description:
This half-day course examines the practical issues of developing and sustaining a secure cyber environment through all phases of the space mission lifecycle. The course is organized around the SPAce Domain Cybersecurity (SpaDoCs) Framework. The SpaDoCs Framework provides a comprehensive and systematic model for understanding and tackling all critical issues of cybersecurity in the space domain. An examination of the Key objectives— confidentiality, integrity, availability—provides the foundation for the course. From there, the space domain is examined layer by layer starting from the enterprise layer, then drilling down through mission, system and DevSecOps layers. Threats and vulnerabilities at each layer are highlighted. Finally, first principles of cybersecurity are discussed (domain separation, process isolation, etc.) as well as key enablers (vision, strategy, etc.) to help frame plans for action to address the cybersecurity issues exposed by this course. Course exercises center around practical application of the material to real-world space mission scenarios.

Return to Index - Add to

- ics Calendar file

DC - Saturday - 11:00-11:45 PDT

Title: UPnProxyPot: fake the funk, become a blackhat proxy, MITM their TLS, and scrape the wire
When: Saturday, Aug 7, 11:00 - 11:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Chad Seaman
Chad is the SIRT team lead @ Akamai Technologies. He spends his time being an internet dumpster diver and emerging threats researcher focusing on DDoS, malware, botnets, and digital hooliganism in general.
https://www.linkedin.com/in/that-chad-seaman/

Description:
UPnP sucks, everybody knows it, especially blackhat proxy operators. UPnProxyPot was developed to MITM these operators to see what they're doing with their IoT proxy networks and campaigns. We'll cover SSDP, UPnP, UPnProxy research/campaigns as well as cover a new Golang based honeypot, so we can all snoop on them together!

REFERENCES: http://www.upnp-hacks.org (OG disclosure) https://www.youtube.com/watch?v=FU6qX0-GHRU (DEF CON 19 talk I attended) https://www.akamai.com/us/en/multimedia/documents/white-paper/upnproxy-blackhat-proxies-via-nat-injections-white-paper.pdf (my initial UPnProxy research) https://blogs.akamai.com/sitr/2018/11/upnproxy-eternalsilence.html (additional UPnProxy campaign researcher, also mine)

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=mHCGNUsrTf0

This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

HTSV - Saturday - 15:00-15:55 PDT

Title: US Coast Guard 2021 Cyber Strategic Outlook
When: Saturday, Aug 7, 15:00 - 15:55 PDT
Where: Hack the Sea (Virtual)

SpeakerBio:Michael Chien , CDR, USCG Cyber
No BIO available

Description:No Description available

Hack the Sea Village will stream their events to YouTube and Twitch.

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ

Return to Index - Add to

- ics Calendar file

DL - Saturday - 12:00-13:50 PDT

Title: USBSamurai
When: Saturday, Aug 7, 12:00 - 13:50 PDT
Where: DemoLab Video Channel 2

SpeakerBio:Luca Bongiorni
Luca Bongiorni is working as Head of Offensive Security. He is also actively involved in InfoSec where his main fields of research are: Radio Networks, Reverse Engineering, Hardware Hacking, Internet of Things, and Physical Security. He also loves to share his knowledge and present some cool projects at security conferences around the globe.

Description:
Tool or Project Name: USBsamurai

Short Abstract:
During this talk, after a bit of history of hardware implants, will be presented a new hacking device: USBsamurai. A remotely-controlled USB HID injecting cable that costs less than 10 EUR to produce from off-the-shelf components (a cable and a USB radio transceiver) that can be used to compromise targets remotely (i.e. over a 2.4GHz undetectable protocol) in the stealthiest way ever seen & also bypass Air-Gapped Environments like a boss!

Extended Version:
During the last years, hardware implants have become a popular attack vector in air-gapped environments such as industrial networks: Stuxnet (2010), Operation Copperfield (2017), and the recent ransomware attack that has led to a shutdown in a US natural gas facility are only some notable cases. In parallel, in an effort to raise the bar of red-teaming operations, security researchers have been designing and releasing powerful open-source devices with the intent to make Red-Teaming operations even more interesting and disruptive. Smoothing the path to new TTPs and improving old ones. As a result, hardware implants should always be included in the threat modeling of an industrial facility. During this talk, after a bit of history of hardware implants, will be presented a new hacking device: USBsamurai. A remotely-controlled USB HID injecting cable that costs less than 10 EUR to produce from off-the-shelf components (a cable and a USB radio transceiver) that can be used to compromise targets remotely (i.e. over a 2.4GHz undetectable protocol) in the stealthiest way ever seen & also bypass Air-Gapped Environments like a boss!

This presentation will be quite technical, tailored for an ICS security audience. Come to this talk to start preparing for the next wave of attacks that can pass undetected by most of the existing security solutions available on the market.

Finally, I'll conclude the talk with practical, actionable countermeasures to prevent and detect HID attacks, and conclude by explaining how to approach a forensics analysis in presence of USB implants.

Short Developer Bio:
Luca Bongiorni is working as Head of Offensive Security. He is also actively involved in InfoSec where his main fields of research are: Radio Networks, Reverse Engineering, Hardware Hacking, Internet of Things, and Physical Security. He also loves to share his knowledge and present some cool projects at security conferences around the globe.

URL to any additional information:
https://medium.com/@LucaBongiorni/us...0-ebf4b81e1d0b

Detailed Explanation of Tool:
USBsamurai is a DIY hardware implant disguised as USB cable that allows to remotely inject over an undetectable RF channel an agent in memory that allows a remote threat actor to get a realtime shell over a target that can also be air-gapped. In practice a nightmare for any BlueTeam out there. Have you ever seen an USB cable that can bypass an air-gapped system and return a live remote-shell over an undetectable RF channel? https://www.youtube.com/watch?v=2BAzD27k_Gk (Please keep it confidential because the link is unlisted)

Supporting Files, Code, etc:
https://medium.com/@LucaBongiorni/us...s-4bd47abf8f87

Target Audience:
Offense, Hardware, ICS

Create awareness on Hardware Implants. The real ones. Not the grain of rice from Bloomberg's article. ;]

During the years I have tested multiple DLP solutions out there claiming to sanitize and protect assets from USB-related threats. Surprisingly, most of the time vendors kinda lie (or... saying in a more polite way... they forget about HID class of devices).

Security Officers MUST understand that hardware implants exist and they don't cost anymore like 10,000 $USD like NSA's TAO FIREWALK implant!

Finally, in pure DEF CON style, sharing how to create an offensive hardware implant out of a 10$ USB dongle from a commercial mouse, it is always a good way to spread knowledge among fellow hackers. :)

This content will be presented on a Discord video channel.

#dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988

Return to Index - Add to

- ics Calendar file

HHV - Saturday - 09:30-10:30 PDT

Title: Use a PortaProg to flash, dump, and test ISP and UPDI chips
When: Saturday, Aug 7, 09:30 - 10:30 PDT
Where: Hardware Hacking Village (Virtual Talk)
Speakers:Bradán Lane,Sara Cladlow

SpeakerBio:Bradán Lane
Bradán Lane is a UX Design and User Researcher who had his own ““Alice’s Adventures in Wonderland”” experience when he discovered badge making. While he has made a number of fun blinky beepy ornaments and badges, his found his passion with the 2020 eChallengeCoin - an interactive and text story challenge puzzle. To help with his development, he created the PortableISP. The 2021 eChallengeCoin required a new chip which precipitated the creation of the PortaProg which serves as both his development tool an his production and test device.

Website: https://aosc.cc
https://gitlab.com/bradanlane
https://aosc.cc/blinks

Twitter: @bradanlane

SpeakerBio:Sara Cladlow
No BIO available

Description:
What is a PortaProg and why would I use it? You can use the PortaProg for flashing firmware to a wide range of Atmel chips using the ISP or UPDI interfaces. It can also read/write FUSES, and access EEPROM. It can flash a chip interactively during development or from its on-board SPIFFS storage at the bench or in the field. The talk will demonstrate it being used for rapid programming of ATTiny badges, performing an update to an ATMega device in the field, and dumping the firmware from an Ardiuno based device without a computer. You will also see how the PortProg has spawned a 3D printed plug-and-play test jig design …. or just attend to see if the demos crash and burn.

#hhv-talk-qa-use-a-portaprog-text https://discord.com/channels/708208267699945503/739571364821729310

Hardware Hacking Village talks will be streamed to Twitch.

Return to Index - Add to

- ics Calendar file

BTV - Saturday - 10:15-11:15 PDT

Title: Use DNS to detect your domains are abused for phishing
When: Saturday, Aug 7, 10:15 - 11:15 PDT
Where: Blue Team Village - Main Track (Virtual)
Speakers:Karl Lovink a.k.a. Cyb0rg42,Arnold Holzel

SpeakerBio:Karl Lovink a.k.a. Cyb0rg42
Jarl is the Technical Lead of the Security Operations Center of the Dutch Tax and Customs Administration. He must ensure that the security analysts of the SOC can do their job well in the technical field. Besides, he is responsible, among other things, for strengthening the network of governments and companies, so that the right information is quickly available in the event of threats and incidents. Karl obtained the title Master of Security in Information Technology (MSIT) at Eindhoven University of Technology. He loves biohacking technology and has seven RFID / NFC chips implanted in his body, including a credit card.
Twitter: @cyb0rg42

SpeakerBio:Arnold Holzel
No BIO available

Description:
As a high-profile public-sector organization, the Dutch Tax and Customs Administration deals with criminals claiming to be representatives of the organization and contacting the public with phishing e-mails every day. By using Splunk and RFC’s like, RFC7208 – Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, we have developed a technique to identify phishing attacks that are carried out under the disguise of the Dutch Tax and Customs Administration.

We start with a short introduction to protocols available to secure e-mail. Securing e-mail means making it more difficult to intercept e-mails in transport and perform phishing attacks. After that, we present some real-life phishing examples pointing to how finding the phishers would have been much easier. The same applies to the Notice and Take Downs for the phishing sites. We continue by introducing the secure e-mail standards like STARTTLS, Sender Policy Framework (SPF), Domain Identified Keys (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC), SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE), SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) on which the technique detecting phishing attacks is based on. Here we present how all secure e-mail protocols work together to be able to monitor e-mail traffic for potential phishing attacks. You can get information about the senders' e-mail address, sender’s MTA and the recipient’s MTA. Both the receiving and the sending MTAs are not located within your infrastructure. Passive DNS intelligence and Shodan are used for the enrichment of the IP addresses. We have implemented these techniques in Splunk, including various dashboards, searches, and lookups. But the implementation can be done in either which log management system, for instance, ElasticSearch. Also, a wizard has been created to facilitate the generation of the TXT records for your DNS zone file. The implementation we have created in Splunk is downloadable from GitHub for free. The Splunk App contains all necessary dashboards, searches, lookups to get a quick start. Also, a wizard is included to create the DNS TXT records, which can be complicated. In principle, an e-mail track-and-trace system has been built using Splunk and DNS logs.

Blue Team Village talks will be streamed to Twitch.

Return to Index - Add to

- ics Calendar file

CLV - Saturday - 12:15-12:45 PDT

Title: Using Barq to perform AWS Post-Exploitation Actions
When: Saturday, Aug 7, 12:15 - 12:45 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Mohammed Aldoub
Mohammed Aldoub is an independent security consultant and Blackhat Trainer from Kuwait, who, in his 11 years of experience, worked on creating Kuwait's national infrastructure for PKI, cryptography, smartcards and authentication. Mohammed delivers security trainings, workshops and talks in the Netherlands, USA, Sweden, London, Czech Republic, Singapore, Dubai, Lebanon, Riyadh, Kuwait, in events like Blackhat (USA,EU) Infosec in the City, OPCDE, SEC-T and others. Mohammed is focusing now on APIs, secure devops, modern appsec, cloud-native security, applied cryptography, security architecture and microservices. He is the author of "barq", the AWS post exploitation attack framework, which you can find at: https://github.com/Voulnet/barq and he's also the author of Desharialize, which you can find at: https://github.com/Voulnet/desharialize Mohammed is deeply interested in malware, especially those used by state actors in the Middle East zone, where he volunteered as OWASP Kuwait's chapter leader.
Twitter: @Voulnet
https://github.com/voulnet

Description:
barq is a post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure. It allows you to attack running EC2 instances without having the original instance SSH keypairs. It also allows you to perform enumeration and extraction of stored Secrets and Parameters in AWS.

Cloud Village activities will be streamed to YouTube.

Return to Index - Add to

- ics Calendar file

SEV - Saturday - 12:30-13:30 PDT

Title: Using SE to create insider threats and win all the things
When: Saturday, Aug 7, 12:30 - 13:30 PDT
Where: Social Engineer Village (Virtual)

SpeakerBio:Lisa Forte
Lisa Forte is a European social engineering and insider threat expert. She runs cyber crisis simulations for large companies to help them prepare for attacks of all types. She actually started her security career stopping pirates off the coast of Somalia.

Lisa a passionate about two things: tech for good and that pineapple on pizza should be banned by the United Nations.

She is a proud Italian/ Brit and has won numerous awards for her contributions in tech. Little known fact she actually once auditioned for Cirque Du Soleil.

When she is not working you can usually find her exploring abandoned mines or hanging off the side of a cliff somewhere.

Description:
We talk a lot about that “quick and dirty” social engineering but there is a much scarier, longer term attack that yields far more damage. Instead of that persuasive email or that one hugely urgent phone call these attacks are aimed at turning your key staff from loyal employees into insider threats- Without your knowledge and even without theirs.

How can loyal, hard working staff be convinced to acquire and exfiltrate sensitive commercial data? It all starts with a friend request.

Social Engineer Village will stream content to Twitch.

Twitch: https://www.twitch.tv/socialengineerllc

Return to Index - Add to

- ics Calendar file

ASV - Saturday - 09:30-10:50 PDT

Title: VDP in aviation: Experiences and lessons learnt as a researcher
When: Saturday, Aug 7, 09:30 - 10:50 PDT
Where: Aerospace Village (Virtual Talk)

SpeakerBio:Matt Gaffney
Following his career in the British Army, Matt has been working with clients in various industries. However, his best years were spent working in aviation, specifically systems found in the Aircraft Information Systems Domain. More recently he has turned his attention to security in UAS.

Description:
Following a Vulnerability Disclosure to an aircraft manufacturer in 2019 little did Gaffers know that he was about to start on a journey in to a world where vulnerabilities are considered features and unless you can argue a safety impact you are not taken seriously. Without divulging the details, this talk will discuss the steps taken, what worked, what failed and some advice for anyone else who finds themselves in a similar situation.

This talk will be streamed on YouTube: https://www.youtube.com/watch?v=q5E_y8jLTv8

Aerospace Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/c/AerospaceVillage

Return to Index - Add to

- ics Calendar file

SOC - Saturday - 21:00-01:59 PDT

Title: Vetcon Meetup (Hybrid)
When: Saturday, Aug 7, 21:00 - 01:59 PDT
Where: Bally's Skyview 5

Description:
A large friendly gathering of Veterans AND Non-Veterans, to help those who are recent Veterans integrate within our INFOSEC community, to make them feel welcome, and that there are other Veterans and Veteran supporters who are here to help them further their infosec career. Both online and in-person.

Return to Index - Add to

- ics Calendar file

VMV - Saturday - 10:00-10:30 PDT

Title: Voting Village Keynote Remarks
When: Saturday, Aug 7, 10:00 - 10:30 PDT
Where: Voting Village (Talks - Virtual)

SpeakerBio:Thomas Hicks
Thomas Hicks was nominated by President Barack H. Obama and confirmed by unanimous consent of the United States Senate on December 16, 2014 to serve on the U.S. Election Assistance Commission (EAC). He has served as chairman of the commission for two terms. Commissioner Hicks has focused his efforts on voter access. Under his leadership, the EAC developed a pocket-sized voter card that serves as a guide on voting rights for voters with disabilities. The card is provided in both Braille and large print. The EAC has worked with advocacy groups and election officials to distribute the card.

In addition, Mr. Hicks has addressed the difficulties overseas voters have when requesting and returning their ballots, such as dealing with foreign IP addresses and issues with timely ballot delivery. He worked with key states to set up a help desk. Now, overseas voters receive an email response directing them to the help desk to obtain their ballots.

He serves as the designated federal officer for the Board of Advisors.

Mr. Hicks is a frequent speaker at conferences in the United States and overseas on issues such as voter access and cybersecurity.

Prior to his appointment with EAC, Commissioner Hicks served as a senior elections counsel and minority elections counsel on the U.S. House of Representatives Committee on House Administration, a position he held from 2003 to 2014. In this role, Mr. Hicks was responsible for issues relating to campaign finance, election reform, contested elections and oversight of both the U.S. Election Assistance Commission and the Federal Election Commission. His primary responsibility was advising and providing guidance to the committee members and caucus on election issues. Mr. Hicks has talked with Americans in every state about their voting experiences. In addition, he has worked with state and local election officials across America to address critical election concerns.

Prior to joining the U.S. House of Representatives, Mr. Hicks served as a senior lobbyist and policy analyst from 2001 to 2003 for Common Cause, a nonpartisan, nonprofit organization that empowers citizens to make their voices heard in the political process and to hold their elected leaders accountable to the public interest. Mr. Hicks has enjoyed working with state and local election officials, civil rights organizations and all other stakeholders to improve the voting process.

Mr. Hicks served from 1993 to 2001 in the Clinton administration as a special assistant and legislative assistant in the Office of Congressional Relations for the Office of Personnel Management. He served as agency liaison to the United State Congress and the president’s administration on matters regarding federal personnel policies and regulations.

Mr. Hicks received his J.D. from the Catholic University of America, Columbus School of Law and his B.A. in Government from Clark University (Worcester, MA). He also studied at the University of London (London, England) and law at the University of Adelaide (Adelaide, Australia).

Description:No Description available

Voting Village talks will be streamed to YouTube and Twitch.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Tianze%20Ding%20-%20Vulnerability%20Exchange%20-%20One%20Domain%20Account%20For%20More%20Than%20Exchange%20Server%20RCE.mp4

YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg

Return to Index - Add to

- ics Calendar file

DC - Saturday - 18:00-18:59 PDT

Title: Vulnerability Exchange: One Domain Account For More Than Exchange Server RCE
When: Saturday, Aug 7, 18:00 - 18:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded

SpeakerBio:Tianze Ding
Tianze Ding is a senior security researcher at Tencent Security Xuanwu Lab. His research focuses on web security, active directory security and red teaming. He reported some vulnerabilities to Microsoft, Apple, Google, etc. He has spoken at BlackHat Asia.
Twitter: @D1iv3

Description:
Microsoft Exchange Server is one of the most famous mail servers in the world. It not only stores a large amount of sensitive corporate information, but also plays an important role in Microsoft Active Directory, so it has become a high-value target for both APT groups and red teams.

In the past few months, some high-risk vulnerabilities in Exchange Server have been exposed, which mainly target vulnerable ASP.NET code. But the architecture of Exchange Server is complicated, and its attack surface is not limited to ASP.NET, this talk will analyze and attack Exchange Server from a different perspective.

I will share the following two new vulnerabilities I found, as well as the new attack surfaces and how I chained several techniques to successfully exploit them in detail.

One of them can result in arbitrary mailbox takeover, attackers can read emails, download attachments, send emails, etc. as any Exchange user.
The other can lead to remote code execution on Exchange Server, attackers can gain local administrator privileges and execute arbitrary commands. Furthermore, there is an interesting point, even if you have applied the latest Exchange Server patches, your Exchange Server may still be compromised by this type of attack.

For red teams, Exchange Server RCE is only the beginning. Usually, there are some high-privileged domain users and groups on Exchange Server, I will also introduce a new method in depth to help you perform lateral movement and even privilege escalation to Domain Admin after achieving Exchange Server RCE.

These vulnerabilities have been reported to MSRC and the exploit tools will be released after the talk.

References: [1] https://www.zerodayinitiative.com/blog/2018/12/19/an-insincere-form-of-flattery-impersonating-users-on-microsoft-exchange [2] https://www.slideshare.net/harmj0y/derbycon-the-unintended-risks-of-trusting-active-directory [3] https://docs.microsoft.com/en-us/exchange/client-developer/web-service-reference/ews-operations-in-exchange [4] https://github.com/quickbreach/ExchangeRelayX [5] https://blog.compass-security.com/2020/05/relaying-ntlm-authentication-over-rpc/ [6] https://www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/ [7] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/425a7c53-c33a-4868-8e5b-2a850d40dc73 [8] https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/ [9] https://github.com/SecureAuthCorp/impacket [10] https://github.com/gdedrouas/Exchange-AD-Privesc [11] https://labs.f-secure.com/tools/sharpgpoabuse/

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=7h38rI8KT30

This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

HHV - Saturday - 11:00-11:59 PDT

Title: Walkthrough of DC 28 HHV Challenges
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: Hardware Hacking Village (Virtual Talk)

SpeakerBio:rehr
Rehr is an electrical engineering, and long-time Hardware Hacking Village volunteer. He enjoys teaching and creating challenges that help grow and challenge the hardware hacking community.
Twitter: @mediumrehr

Description:
Last year we (the HHV) released a series of hardware hacking challenges for DEF CON attendees to solve during the conference (and after). Many attempted the challenges, but only a few (3) solved all 5! Join us as we will walk through how to solve all 5 of the DC 28 HHV challenges, and attempt to demystify the world of hardware hacking. We may even drop a hint or two for this years’ challenges.

#hhv-challenge-text https://discord.com/channels/708208267699945503/739567199647301702

Hardware Hacking Village talks will be streamed to Twitch.

Return to Index - Add to

- ics Calendar file

BCV - Saturday - 10:00-10:15 PDT

Title: Welcome Note
When: Saturday, Aug 7, 10:00 - 10:15 PDT
Where: Blockchain Village / Paris Vendome B
Speakers:Nathan,Ron Stoner

SpeakerBio:Nathan
No BIO available

SpeakerBio:Ron Stoner
No BIO available

Description:No Description available

This content will be presented live and in-person.

Return to Index - Add to

- ics Calendar file

AIV - Saturday - 09:00-09:30 PDT

Title: Welcome to AI Village
When: Saturday, Aug 7, 09:00 - 09:30 PDT
Where: AI Village (Virtual)

SpeakerBio:AI Village Organizers
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536

Return to Index - Add to

- ics Calendar file

CCV - Saturday - 10:00-10:15 PDT

Title: What Is Zero Knowledge
When: Saturday, Aug 7, 10:00 - 10:15 PDT
Where: Cryptocurrency Village (Onsite - Paris Champagne Ballroom 1)

SpeakerBio:Sarang Noether, Ph.D.
Sarang Noether is a researcher who focuses on privacy-preserving cryptographic constructions and protocols.

Description:
Lightning overview of the basics of zero knowledge proofs and transaction protocols, and how they relate (or don't) to each other. A Q&A session will follow.

The Cryptocurrency Village is built around conversations and events, not formal talks. Stop by any time to speak with knowledgeable individuals! This village focuses on the security and privacy side of cryptocurrencies, not the investment side.

The Cryptocurrency Village is conveniently located in Paris Champagne Ballroom 1.

Return to Index - Add to

- ics Calendar file

BTV - Saturday - 11:30-11:59 PDT

Title: What Machine Learning Can and Can't Do for Security
When: Saturday, Aug 7, 11:30 - 11:59 PDT
Where: Blue Team Village - Main Track (Virtual)

SpeakerBio:Wendy Edwards
Wendy is a software developer interested in the intersection of cybersecurity and data science. She’s involved in the NASA Datanauts program and participated in the SANS Women’s Academy, earning GIAC GSEC, GCIH, and GCIA certifications. She has masters degrees in computer science and library and information science from the University of Illinois. She has spoken at Summercon, BSides Chicago, The Diana Initiative, Hackfest Canada, Circle City Con, and DEFCON Ethics Village. In her spare time, she enjoys Scrabble and swimming and has a lively flat-coated retriever named Ciaran.
Twitter: @wayward710

Description:
What can machine learning do for security? A number of things. One major challenge is determining what’s normal and what’s malicious. Machine learning can help with this. For example, ML techniques are used in spam filtering scan email. Machine learning is also being applied to other areas like network traffic monitoring and malware analysis and has potential to detect zero days exploits. However, machine learning isn't magic. We discuss some of the limitations of machine learning, and how problems like false positives can be mitigated.

Most of us have heard vendors promoting products that use "machine learning." But what does that mean? This is a general introduction to machine learning concepts and a discussion of applications to security. We begin by talking about commonly used terminology – what are artificial intelligence, neural networks, machine learning, and deep learning? How do they work?

What can machine learning do for security? A number of things. One major challenge is determining what’s normal and what’s malicious. Machine learning can help with this. For example, ML techniques are used in spam filtering scan email. Large email providers, e.g., Google and Yahoo, have intelligent systems that can create new spam filtering rules based on automated learning.

Machine learning is also being applied to other areas like network traffic monitoring and malware analysis. Traditional network intrusion detection (NIDS) and malware identification involve rules and signatures, where behavior associated with known threats is identified. But what about new threats, such as zero-day exploits? Anomaly-based detection compares traffic to normal behavior, and has the potential to detect previously unknown attacks with no established signature. We present some examples of freely available machine learning software and walk through some simple use cases.

However, machine learning isn't magic, and it has its limitations. The quality of the training data significantly affects the quality of the results, and training data needs to be updated to reflect changes in relationships and new data points. False positives can consume a lot of analysts' time and lead to alert fatigue. We discuss some techniques, e.g. cross-domain correlation, to reduce the number of false positives.

What is "machine learning?" * Definition * How does it work? * What is a neural network? * Common machine learning terminology explained * Supervised vs unsupervised learning * Different kinds of machine learning * Examples of machine learning and security Classification problem * What’s normal? What’s malicious? * Example: spam filtering
* Example: network traffic analysis * Traditional NIDS involves rules/signatures * Anomaly detection NIDS (ADNIDS) compares traffic to normal patterns * Example: Behavior-based Malware Analysis * Common AV malware detection involves signatures (patterns related to known behavior) * What about zero-day exploits or malware that can morph? Attack behaviors are different from normal behaviors * Unusual system calls * Writing stolen data to files, registry manipulation, etc * Unusual network traffic (e.g. command and control) * Destinations (lots of unexplained traffic to a particular destination) * Payloads (C&C traffic likely has similar structure) * Software currently using machine learning for security * Examples: spam filters, Splunk Limitations of machine learning * Training data * False positives / alert fatigue * Mitigating false positives Future directions in machine learning and security

Blue Team Village talks will be streamed to Twitch.

Return to Index - Add to

- ics Calendar file

Title: Why Hacking Voters Is Easier Than Hacking Ballots
When: Saturday, Aug 7, 13:30 - 13:59 PDT
Where: Voting Village (Talks - Virtual)

SpeakerBio:Maurice Turner
Maurice Turner is the Cybersecurity Fellow at the Alliance for Securing Democracy (ASD) at the German Marshall Fund of the United States (GMF). Turner is a recognized public interest technologist and cybersecurity expert focused on developing strategies to secure critical infrastructure and deter cyber operation escalation. He has been regularly featured in national and international media including the Washington Post, Wall Street Journal, Bloomberg, Fox News, and Reuters. He has also provided testimony before the United States Congress, shared his insights with the European Union, and spoken at numerous security conferences. Turner most recently served as Senior Advisor to the Executive Director at the United States Election Assistance Commission (EAC) providing subject matter expertise in support of local, state, and federal partners to administer elections fairly and securely. Prior to that Turner was Deputy Director of the Internet Architecture project at the Center for Democracy & Technology (CDT) where he led the Election Security and Privacy Project, identifying and updating election cybersecurity practices and infrastructure through multi-sector partnerships. Turner also served as a TechCongress Congressional Innovation Fellow assigned to the U.S. Senate Homeland Security and Governmental Affairs Committee, where he shaped policy and oversaw the preparation of memos, briefings, and hearings on federal IT systems, cybersecurity threats, and cybersecurity regulations.

He holds an MA in Public Administration from the University of Southern California, an BA in Political Science from California State University Fullerton, and a Certificate in Cybersecurity Strategy from Georgetown University.

Description:
Vulnerabilities in US election infrastructure not only expose the nation’s elections to hybrid physical and network attacks, but its voters to influence campaigns designed to cast doubt in the process itself. Authoritarian regimes such as Russia, Iran, and China are capable of conducting both sophisticated disinformation operations and cyber campaigns, and using both methods can be a particularly effective strategy for disrupting an election. Despite significant attention and more (but insufficient) funding in recent years, the overall defensive posture of election infrastructure operators lags behind the offensive cyber capabilities of sophisticated adversaries and criminals.

Elections are not alone. Other critical infrastructure sectors have sustained major disruptions because of cyber attacks like ransomware. However, elections are unique in that a sizable segment of the American public views the electoral process suspiciously and is primed to believe any errors or inconsistencies presented that supports that belief. As a result, adversaries now have at least three distinct attack strategies at their disposal: quietly change enough actual ballots to alter the outcome of a contest, loudly manipulate a small number of ballots to provide “evidence” of a systemic failure to suspicious voters, or launch a pure perception hack through the dissemination of false information to convince voters of widespread fraud absent any evidence.

By analyzing state-backed government messaging across various information mediums using a tool called Hamilton, researchers can track narratives and topics promoted by Russian, Chinese, and Iranian government officials and state-funded media. These trends can help provide context and insights into publicly-available information of breaches, ransomware, or other related attacks against election infrastructure. Election officials and network defenders can work together to improve the resilience of the most important component of the electoral system: voters.

Voting Village talks will be streamed to YouTube and Twitch.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Jiska%20Alexander%20Heinrich%20-%20Wibbly%20Wobbly%2C%20Timey%20Wimey%20-%20Whats%20Really%20Inside%20Apples%20U1%20Chip.mp4

YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg

Return to Index - Add to

- ics Calendar file

DC - Saturday - 11:00-11:59 PDT

Title: Wibbly Wobbly, Timey Wimey – What's Really Inside Apple's U1 Chip
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
Speakers:Alexander Heinrich,jiska

SpeakerBio:Alexander Heinrich
Alexander is a security researcher at the Secure Mobile Networking Lab at the Technical University of Darmstadt. Before he joined the university as a researcher he gained a lot of experiences an an app developer on Apple operating systems starting with iOS 5. This deep understanding of the systems naturally resulted in a focus on those systems in his security research. He joined the Secure Mobile Networking Lab 2020 as a PhD student right after his Master Thesis on the security of Apple’s Handoff and Universal Clipboard features. After working with a team of skilled researchers on AirDrop and Apple’s Find My network his focus now shifted to the security and privacy of ultra-wideband and Apple U1 chip.
Twitter: @Sn0wfreeze

SpeakerBio:jiska
jiska breaks things.
Twitter: @naehrdine

Description:
Apple introduced an Ultra Wideband (UWB) chip in the iPhone 11. Its cryptographically secured spatial measurement capabilities are accessible via the Nearby Interaction framework since iOS 14. As of now, it only supports interaction with other Apple devices including the latest Apple Watch and HomePod mini. These are the first steps to support UWB in a larger ecosystem, as measuring precise distance and direction can be an enabler for various future applications. The automotive industry already announced UWB support for mobile car keys on the iPhone.

But what’s really inside Apple’s U1 chip, internally called Rose? In this talk, we will travel through time, space, firmware and kernel components—and fight daemons to modify firmware interaction from user space. This will not only cover one or two, but three firmwares that process or forward each Rose time measurement: The Rose Digital Signal Processor (DSP), Rose Application Processor (AP), and the Always-On Processor (AOP).

REFERENCES: There's almost nothing known about UWB on the iPhones... So the only reference is this: https://support.apple.com/guide/security/ultra-wideband-security-sec1e6108efd/web

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=k1H7fiVlTPA

This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Return to Index - Add to

- ics Calendar file

DL - Saturday - 14:00-15:50 PDT

Title: WiFi Kraken Lite
When: Saturday, Aug 7, 14:00 - 15:50 PDT
Where: DemoLab Video Channel 2

SpeakerBio:Henry Hill
Henry Hill is an expert with computer hardware and is able to design and build the most bleeding edge systems that are the fastest in the world. His internal knowledge of architecture and system bottlenecks help him build systems capable of extreme processing and even faster storage. Henry is also an expert with mechanical engineering and fabrication. When his modifications aren’t appearing in d4rkm4tter’s projects, they can be seen in his race car at the track.

Description:
Tool or Project Name: The WiFi Kraken Lite

Short Abstract:
D4rkm4tter and Henry have been obsessed with monitoring wireless networks and have built hardware to meet the challenges of scanning and testing in the most busy and client dense environments. The WiFi-Kraken Lite contends with these issues in a smaller package without sacrificing any monitoring performance. This project is the results of years of research into the most effective way to scan and audit wireless in a single box that can be easily deployed or used as a hardened terminal in the most rugged conditions.

The WiFi-Kraken Lite consists of a single-board computer which connects 12 wireless radios that enables scanning and auditing WiFi, Bluetooth, LoRaWAN and other commonly used wireless protocols. The number of wireless devices is growing as well as the way those devices are being connected. Having an all-in-one wireless monitoring solution will give you the ability to track this data across these bands and give you the best picture of what’s happening in the air around you.

This demonstration will provide you the information so that you can build your own all-in-one monitoring device. You will also gain an overview of capture technologies including Kismet that will help you perform this type of analysis in your own environments. Finally once the data is capture, you will get an understanding of efficient data processing using tools like Wireshark and d4rkm4tter’s own PCAPinator tool.

Short Developer Bio:
Mike Spicer (d4rkm4tter) is a mad scientist hacker who likes to meddle with hardware and software. He is particularly obsessed with wireless. He has a degree in computer science which he has put to use building and breaking a wide array of systems. These include web application pentesting, wireless monitoring and tracking as well as reverse engineering. He is the creator of the #WiFiCactus and has been seen presenting and demoing at a number of conferences including DEF CON. He is a Kismet cultist and active in the wireless and wardriving communities.

Henry Hill is an expert with computer hardware and is able to design and build the most bleeding edge systems that are the fastest in the world. His internal knowledge of architecture and system bottlenecks help him build systems capable of extreme processing and even faster storage. Henry is also an expert with mechanical engineering and fabrication. When his modifications aren’t appearing in d4rkm4tter’s projects, they can be seen in his race car at the track.

URL to any additional information:
Palshack.org/wifi-kraken-lite (Site will be online for DEF CON)

Detailed Explanation of Tool:
The WiFi-Kraken Lite is a wireless monitoring system that is a rugged box with a single board computer and 12 wireless devices that are capable of simultaneously monitoring a large number of frequencies and protocols while storing that data in real time. The primary motivation for this project was to be able to gain visibility into as much of the wireless spectrum as possible in very congested networks in a small rugged form factor. Networks with a large number of clients that have a large number of access points can be difficult to perform analysis on. These networks typically have clients who switch between networks and can switch frequencies lending to more confusion when tracking with only a single radio. By increasing the number of radios as well as adding support for other protocols beyond just WiFi, a more complete understanding of the wireless environment can be documented. This information can then be used for defenders or penetration testers to identify vulnerable networks, vulnerable clients, or verify security that can be easily documented and audited.

The hardware is set up so that it minimizes the number of bottlenecks between the actual frames in the air and when it writes the data to disk. It does this by taking advantage of the high-bandwidth PCI-express bus to connect wireless devices. From there the data transfers to a high-speed NVMe storage device. The operating system is Linux which allows us to take advantage of a number of open source tools and projects that help us capture the data. These projects include Kismet, BlueZ, btscanner, and Feather TFT LoRa Sniffer. Custom scripts help us manage and easily configure The WiFi-Kraken Lite for the desired mode.

The buildout of the project uses a hardened Pelican like case which provides the ruggedness and physical security so that the system can be left in harsh environments. Inside the case is a mounted LCD screen that gives the user easy access to make changes in the field if necessary. The electronic components including the single board computer wireless cards are all mounted inside to protect them. The project also features battery packs so that it can run for up to 24 hours or longer depending on the monitoring task.

Data captured with the system can be stored on disk or be analyzed in real time thanks to the internally mounted LCD. Data can also be analyzed remotely by using one of the radios to connect to a nearby laptop. This can be useful in scenarios where the WiFi-Kraken Lite needs to be concealed. The form factor was chosen for not only its strength but also for being inconspicuous especially at conferences where lots of large polycarbonate cases can be seen.

Further data analysis can be performed in real time thanks to Kismet’s fully featured web dashboard. Additionally post monitoring analysis can be performed using Wireshark or d4rkm4tter’s PCAPinator tool which is a multithreaded wrapper around tshark to optimize queries on large datasets. The wireless data captured in this type of analysis can help to determine vulnerabilities which then you can use The WiFi-Kraken Lite to attack what you found.

This tool can be used entirely passively as a silent listener to validate bring your own device (BYOD) policies, monitor if wireless attacks are happening against your infrastructure, see if there are strange behaviors happening in your wireless network due to misconfiguration or maliciousness, or track devices as they moved throughout the networks so that you can have a better understanding of client flow. It can be used to perform a number of active attacks including impersonation, evil twin and other common wireless attacks.

It has never been more important to perform wireless assessments and continual monitoring of your infrastructure considering the number of wireless enabled devices increases daily. Rolling out new wireless infrastructure is costly and implementing the most secure system is daunting for even the most seasoned network integrators. This leads to misconfiguration and sub optimal security settings which are still connected to important infrastructure. For the defender this project brings clarity to the risks and also provides information into the most important mitigations that should be implemented. For the attacker this tool provides valuable recon that will allow them to focus solely on the vulnerable target making as little noise as possible all from it a single box.

Target Audience:
Offense, Defense and Hardware

By bringing equipment that can monitor the latest in wireless technologies, including WiFi 6, this project will shed light on a new and up and coming standard of technology that is slowly being rolled out across the world. With new technology, new tools are required so that research can be conducted to find flaws and validate the real world applications. The WiFi Kraken Lite will bring an enhanced perspective to the wireless monitoring in a box with new tools, new wireless bands captured, and new data processing.

This content will be presented on a Discord video channel.

#dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988

Return to Index - Add to

- ics Calendar file

DL - Saturday - 14:00-15:50 PDT

Title: WiFi Kraken Lite
When: Saturday, Aug 7, 14:00 - 15:50 PDT
Where: Palace 3+4+5

SpeakerBio:Henry Hill
Henry Hill is an expert with computer hardware and is able to design and build the most bleeding edge systems that are the fastest in the world. His internal knowledge of architecture and system bottlenecks help him build systems capable of extreme processing and even faster storage. Henry is also an expert with mechanical engineering and fabrication. When his modifications aren’t appearing in d4rkm4tter’s projects, they can be seen in his race car at the track.

Description:
Tool or Project Name: The WiFi Kraken Lite

URL to any additional information:
Palshack.org/wifi-kraken-lite (Site will be online for DEF CON)

Target Audience:
Offense, Defense and Hardware

Return to Index - Add to

Title: You're Doing IoT RNG
When: Saturday, Aug 7, 11:00 - 11:45 PDT
Where: IoT Village (Talk - Virtual)
Speakers:Allan Cecil - dwangoAC,Dan Petro - AltF4

SpeakerBio:Allan Cecil - dwangoAC
Allan Cecil (dwangoAC) is a Security Consultant with Bishop Fox and the President of the North Bay Linux User’s Group. He acts as an ambassador for Tasvideos.org, a website devoted to using emulators to complete video games as quickly as the hardware allows. He participates in Games Done Quick charity speed running marathons using TASBot to entertain viewers with never-before-seen glitches in games.
Twitter: @mrtasbot

SpeakerBio:Dan Petro - AltF4
Dan "AltF4" Petro is Lead Researcher at Bishop Fox. Dan is widely known for the tools he creates: Eyeballer (a convolutional neural network pentest tool), the Rickmote Controller (a Chromecast-hacking device), Untwister (pseudorandom number generator cracker), and SmashBot (a merciless Smash Bros noob-pwning machine).
Twitter: @2600AltF4

Description:
Think of a random number between '0' and infinity. Was your number '0'? Seriously? Crap. Well unfortunately, the hardware random number generators (RNG) used by your favorite IoT devices to create encryption keys may not work much better than you when it comes to randomness.

In this talk, we'll delve into murky design specs, opaque software libraries, and lots of empirical results. We wrote code for many popular IoT SoC platforms to extract gigabytes of data from their hardware RNGs and analyze them. What we found was a systemic minefield of vulnerabilities in almost every platform that could undermine IoT security. Something needs to change in how the Internet of Things does RNG.

The vulnerabilities are widespread and the attacks are practical. RNG is bad out there - "IoT Crypto-pocalypse" bad.

IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Dan%20Petro%20-%20You%27re%20Doing%20IoT%20RNG%20-%20Demo.mp4

Return to Index - Add to

- ics Calendar file

DC - Saturday - 17:00-17:45 PDT

Title: You're Doing IoT RNG
When: Saturday, Aug 7, 17:00 - 17:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded
Speakers:Allan Cecil - dwangoAC,Dan Petro - AltF4

SpeakerBio:Allan Cecil - dwangoAC
Allan Cecil (dwangoAC) is a Security Consultant with Bishop Fox and the President of the North Bay Linux User’s Group. He acts as an ambassador for Tasvideos.org, a website devoted to using emulators to complete video games as quickly as the hardware allows. He participates in Games Done Quick charity speed running marathons using TASBot to entertain viewers with never-before-seen glitches in games.
Twitter: @mrtasbot

SpeakerBio:Dan Petro - AltF4
Dan "AltF4" Petro is Lead Researcher at Bishop Fox. Dan is widely known for the tools he creates: Eyeballer (a convolutional neural network pentest tool), the Rickmote Controller (a Chromecast-hacking device), Untwister (pseudorandom number generator cracker), and SmashBot (a merciless Smash Bros noob-pwning machine).
Twitter: @2600AltF4

Description:
Think of a random number between '0' and infinity. Was your number '0'? Seriously? Crap. Well unfortunately, the hardware random number generators (RNG) used by your favorite IoT devices to create encryption keys may not work much better than you when it comes to randomness. In this talk, we'll delve into murky design specs, opaque software libraries, and lots of empirical results. We wrote code for many popular IoT SoC platforms to extract gigabytes of data from their hardware RNGs and analyze them. What we found was a systemic minefield of vulnerabilities in almost every platform that could undermine IoT security. Something needs to change in how the Internet of Things does RNG. The vulnerabilities are widespread and the attacks are practical. RNG is bad out there - "IoT Crypto-pocalypse" bad.

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=Zuqw0-jZh9Y

This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/