Talk/Event Schedule

Sunday

Sunday - 00:00 PDT

Sunday - 01:00 PDT

Sunday - 06:00 PDT

Sunday - 07:00 PDT

Sunday - 08:00 PDT

Sunday - 09:00 PDT

Sunday - 10:00 PDT

Sunday - 11:00 PDT

Sunday - 12:00 PDT

Sunday - 13:00 PDT

Sunday - 14:00 PDT

Sunday - 15:00 PDT

Sunday - 16:00 PDT

Sunday - 17:00 PDT

Sunday - 18:00 PDT

Sunday - 19:00 PDT

Sunday - 20:00 PDT

Sunday - 21:00 PDT

Sunday - 22:00 PDT

Sunday - 23:00 PDT

Talk/Event Descriptions

APV - Sunday - 09:05-09:45 PDT

YouTube: https://www.youtube.com/c/appsecvillage

DC - Sunday - 15:00-15:59 PDT

AVV - Sunday - 12:30-13:15 PDT

Jonas has recently developed a FOSS tool called ImproHound to identify the attack paths in BloodHound breaking AD tiering: https://github.com/improsec/ImproHound.

At least _wald0 (co-creator of BloodHound) thinks it is cool: https://twitter.com/_wald0/status/1403441218495807495

The concept is great, as it in theory prevents adversaries from gaining access to the server tiers (Tier 1 and 0) when they have obtained a shell on a workstation (Tier 2) i.e. through phishing, and it prevents adversaries from gaining access to the Domain Admins, Domain Controllers, etc. in Tier 0 when they have got a shell on a web server i.e. through an RCE vulnerability. But it turns out to be rather difficult to implement the tiering concept in AD, why most organizations fail it and end up leaving security gaps.

It doesn’t help on the organization’s motivation to make sure their tiering is sound, when Microsoft now call it the AD tier model “legacy” and have replaced it with the more cloud-focused enterprise access model: https://docs.microsoft.com/en-us/security/compass/privileged-access-access-model#evolution-from-the-legacy-ad-tier-model

As a person hired to help identify the vulnerabilities in an organization, you want to find and report the attack paths of their AD. BloodHound is well-known and great tool for revealing some of the hidden and often unintended relationships within an AD environment and can be used to identify highly complex chained attack paths that would otherwise be almost impossible to identify. It is great for finding the shortest attack path from a compromised user or computer to a desired target, but it is not built to find and report attack paths between tiers..

I will in my presentation explain and demonstrate a tool I have created called ImproHound, which take advantage of BloodHound’s graph database to identify and report the misconfigurations and security flaws that breaks the tiering of an AD environment.

ImproHound is a FOSS tool and available on GitHub: https://github.com/improsec/ImproHound

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon

AVV - Sunday - 11:00-11:45 PDT

While at FireEye, David personally oversaw the storage and access of Mandiant's threat intelligence data, as the leader of the (then secretive) Nucleus team. Over the years, David has also worked as a contractor for several U.S. intelligence agencies, working domestically and internationally, as a principal security specialist.

The app includes a library of RATs (agents) which can deploy into the field and supports a modular architecture of plugins and network protocols, including hundreds of TTPs mapped to ATT&CK. In this tool demonstration, we will highlight the key features of Operator and empower people to walk away with a developer-first adversary emulation desktop platform that is end-to-end free & open-source.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon

APV - Sunday - 13:00-13:45 PDT

YouTube: https://www.youtube.com/c/appsecvillage

DC - Sunday - 10:00-10:45 PDT

YouTube: https://www.youtube.com/watch?v=U2-8MNx8nsg

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Agent%20X%20-%20A%20look%20inside%20security%20at%20the%20New%20York%20Times.mp4

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one

HHV - Sunday - 10:00-10:59 PDT

#hhv-challenge-text https://discord.com/channels/708208267699945503/739567199647301702

Twitch: https://twitch.tv/dchhv

Twitch: https://www.twitch.tv/dchhv

SOC - Sunday - 13:00-23:59 PDT

AVV - Sunday - 16:00-16:59 PDT

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon

HRV - Sunday - 11:00-12:30 PDT

For more information, see https://hamvillage.org/dc29.html

Twitch: https://www.twitch.tv/hamradiovillage

#hrv-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991

APV - Sunday - 11:00-11:45 PDT

YouTube: https://www.youtube.com/c/appsecvillage

APV - Sunday - 15:00-15:15 PDT

YouTube: https://www.youtube.com/c/appsecvillage

APV - Sunday - 13:00-12:59 PDT

YouTube: https://www.youtube.com/c/appsecvillage

AVV - Sunday - 11:45-12:30 PDT

There are differences in how APT actors approach things, and this will be discussed from the perspective of someone who attacked plenty of systems in their youth - me. We'll talk about how APT differs from Red Teaming and Penetration Testing, and if you are trying to simulate it you need to throw the rulebook out of the window to do it right.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon

APV - Sunday - 14:00-14:45 PDT

YouTube: https://www.youtube.com/c/appsecvillage

BHV - Sunday - 14:00-14:30 PDT

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

LPV - Sunday - 13:00-13:59 PDT

Bobby pins
Paper clips (big ones)
Pocket clips from ink pens (Pilot rollerball) Old Wind Shield Wipers
Spark Plug Gappers
Bra Underwire

... and my favorite
Street cleaner bristles

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US

ICSV - Sunday - 10:00-10:30 PDT

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485

BCV - Sunday - 11:30-12:30 PDT

DC - Sunday - 12:00-12:59 PDT

REFERENCES

TrustZone technology for the ARMv8-M architecture Version 2.0; ARM; https://developer.arm.com/documentation/100690/0200

Your Peripheral Has Planted Malware -- An Exploit of NXP SOCs Vulnerability; Yuwei Zheng, Shaokun Cao, Yunding Jian, Mingchuang Qin; DEFCON 26; https://media.defcon.org/DEF CON 26/DEF CON 26 presentations/DEFCON-26-Yuwei-Zheng-Shaokun-Cao-Bypass-the-SecureBoot-and-etc-on-NXP-SOCs-Updated.pdf

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=eKKgaGbcq4o

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Laura%20Abbott%20Rick%20Altherr%20-%20Breaking%20TrustZone-M%20-%20Privilege%20Escalation%20on%20LPC55S69.mp4

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three

BTV - Sunday - 10:00-10:59 PDT

Threat Report Roulette will not discuss normal (BAU) CTI actions, such as searching the logs for hits on the IOCs or entering the IOCs into a Threat Intelligence Platform (TIP) or other alerting platform. Instead, the participants will focus on pivoting, TTPs, and how they would take the contents in the Threat Report to the NEXT LEVEL! When the Panelists respond to the threat reports, they are operating under the assumption that they performed the preliminary analysis and deemed the threat report relevant to their environment. The purpose of this assumption is to decrease the amount of debate on whether or not something is relevant to get to the part of the analysis that involves extracting actionable takeaways.

Spin the Threat Report Roulette Wheel - Link Moderator calls on Participant.
Participant is in the Hot Seat:

        15 seconds to organize their thoughts.
        1-5 minutes to share their thoughts on how they would get value out of the report.
    Panelists' input:
        3-5 minutes to share their insights as a group. Quick commentary that is short, sweet, rapid-fire, direct, and to the point!

Rinse & Repeat!
Check out our Github with links to the reports: https://github.com/ch33r10/DEFCON29-BTV-ThreatReportRoulette https://bit.ly/DC29Roulette

--

Twitch: https://twitch.tv/blueteamvillage

BTV - Sunday - 11:15-12:15 PDT

• Penetration Testing, Red Teaming, and Covert Operations • ICS / SCADA Security Assessment
• Threat Hunting Operations
• Incident Response
• Vulnerability Management and Security Assessment

--

Twitch: https://twitch.tv/blueteamvillage

ICSV - Sunday - 13:30-13:59 PDT

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485

APV - Sunday - 12:00-12:45 PDT

YouTube: https://www.youtube.com/c/appsecvillage

DC - Sunday - 09:00-20:59 PDT

There will be chill music playing:

09:00-12:00 DJ Pie & Darren
12:00-12:40 s1gns of l1fe
12:40-13:30 Louigi Verona
14:30-16:10 Mixmaster Morris
16:10-Close Merin MC

You can also watch the chill room stream on Twitch.

Twitch: https://www.twitch.tv/defcon_chill

CLV - Sunday - 12:20-13:05 PDT

• An archeological guide for where and how to find organizational context
• How to quickly find and kill the most common attack vectors at the perimeter (both network and identity)
• Common architectural and deployment patterns, how to spot them, and their security implications
• What you need to know, what you need to prioritize, and what ""best practices"" aren't worth the squeeze when you're in a crunch.

YouTube: https://www.youtube.com/cloudvillage_dc

DL - Sunday - 12:00-13:50 PDT

Short Abstract:
Cotopaxi is a set of tools for security testing of Internet of Things devices using specific network IoT/IIoT/M2M protocols (AMQP, CoAP, DTLS, gRPC, HTTP/2, HTCPCP, KNX, mDNS, MQTT, MQTT-SN, QUIC, RTSP, SSDP).

Short Developer Bio:
Jakub Botwicz, Ph.D. works as a security researcher in one of global investment banks. He has more than 17 years of experience in information security and previously worked in: one of the world's leading payment card service providers, Big4 consulting company and vendor of network encryption devices. Jakub holds a Ph.D. degree from Warsaw University of Technology. During the last 3 years he has reported more than 50 CVEs (security vulnerabilities) in publiccomponents - mainly IoT libraries.

URL to any additional information:
https://github.com/Samsung/cotopaxi/...aster/cotopaxi

Detailed Explanation of Tool:
Currently available tools used for security testing, like nmap or OpenVAS, do not support all new IoT protocols (e.g. CoAP, DTLS, HTCPCP, QUIC). So possibilities to test IoT products and discover such devices in tested networks are limited. We are working to fill this gap with the Cotopaxi toolkit.

New features in the release for DEF CON 2021 are: Integration with Metasploit
Extended set of corpuses for fuzzing and traffic classification Mutation-based features for server and client fuzzing New vulnerabilities in the database
Main features of our toolkit are:
Checking availability of network services for supported IoT protocols at given IPs and port ranges ("service ping") Recognizing the software used by remote network server ("software fingerprinting") based on responses for given messages using machine learning classifier, Analysis of network traffic to identify network protocols used. Classification of IoT devices based on captured traffic samples. Discovering resources identified by given URLs ("dirbusting" of URLs or services) Performing black-box fuzzing of IoT protocols based on corpus of packets prepared using coverage-based fuzzer. Identifying known vulnerabilities.
Detecting network traffic amplification (cases where network servers are responding with larger network messages than received requests).

Supporting Files, Code, etc:
https://pypi.org/project/cotopaxi/

Target Audience:
Offense, Defense, AppSec, IoT

#dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505

BHV - Sunday - 10:00-10:30 PDT

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

HTSV - Sunday - 12:00-12:55 PDT

Twitch: https://www.twitch.tv/h4ckthesea

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ

CON - Sunday - 09:00-23:59 PDT

• warning, end time is suspect, must confirm *

DDV - Sunday - 10:00-10:59 PDT

Pick your drives full of data anytime 14-24 hours after drop off.

Last chance pickup is Sunday from 10:00 to 11:00.

Yes, 6TB and larger drives are accepted.

Any drives not picked up by Sunday at 11:00am are considered donated to the DDV.

See https://dcddv.org/dc29-schedule for more information.

CON - Sunday - 10:00-13:59 PDT

DC - Sunday - 16:00-16:59 PDT

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one

DC - Sunday - 09:00-13:59 PDT

1st you will pass through the vaccination check line, providing whatever original documentation your health care provider or vaccination center gave you. It will be checked against your State issued ID to make sure the names match, the dates are good, and that enough time has passed for you to be fully vaccinated, etc. We will not record your ID or records. If all is good you will get a WRISTBAND you must wear during the con.

2nd Next you head to the badge pickup desks. There you will show your wristband and your in-person badge bar code and get it scanned. If the scan passes you get your Human reg pack.

Where to register / pick up badges: Paris, near the InfoBooth. Please find "REGISTRATION" on the provided DC29 floorplan (available in HackerTracker and online).

Both registration and the vaccine check processing functions are planning to be available from 8am/08:00 to 5pm/17:00. If those times change, this schedule entry will be updated in HackerTracker and info.defcon.org as soon as possible.

ICSV - Sunday - 10:30-10:59 PDT

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485

CCV - Sunday - 11:00-11:59 PDT

The Cryptocurrency Village is conveniently located in Paris Champagne Ballroom 1.

DC - Sunday - 12:00-12:45 PDT

His passion lies in further understanding the way the world works and uncovering the small secrets that we encounter in our day to day lives. This project started as an idle curiosity and grew into an opportunity to further explore the complex and deep world of RF communications and embedded systems.

Joseph is an avid part of the local maker community, with extensive experience in 3D printing, rapid-fabricobbling, and breaking stuff for fun and profit. Outside of his day job, he enjoys woodworking and metalworking and is constantly collecting new hobbies and interests.

We will go over the anatomy of remotely lockable shopping cart wheels, their basic theory, and get into how they’re controlled. We’ll deconstruct some samples of the lock and unlock signals captured using a homemade antenna and a HackRF, and briefly discuss methods of rebroadcasting them – as well as the challenges inherent to this process.

DISCLAIMER
This talk is the result of a personal project.

Any views, opinions, or research presented in this talk are personal and belong solely to the presenter. They do not represent or reflect those of any person, institution, or organization that the presenter may or may not be associated with in a professional or personal capacity unless explicitly stated otherwise.

REFERENCES

• The ARRL handbook for radio communications, 2007. Newington, CT: American Radio Relay League, 2006. Print.
• https://www.tmplab.org/2008/06/18/consumer-b-gone/
• http://www.woodmann.com/fravia/nola_wheel.htm -The wonderful people over at /r/rfelectronics -FCC.gov

--

This talk has been released to the DEF CON Media server.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Joseph%20Gabay%20-%20DoS-%20Denial%20of%20Shopping%20-%20Analyzing%20and%20Exploiting%20%28Physical%29%20Shopping%20Cart%20Immobilization%20Systems.mp4

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one

APV - Sunday - 10:00-10:45 PDT

YouTube: https://www.youtube.com/c/appsecvillage

DC - Sunday - 13:00-13:45 PDT

Barak spent more than six-years at Unit 8200, IDF, as a team leader of 5-10 security researchers. He is highly skilled in offensive cyber-security, from vulnerabilities research in various areas: Linux, IoT, embedded and web-apps to analyzing malware in the wild. Barak is also a CTF's addict, posting write-ups and technical vulnerabilty analysis in its blog (livingbeef.blogspot.com). Barak also acquires BSc, MSC (in CS) focused on algorithms from Tel-Aviv University and a DJ certificate from BPM college.

https://livingbeef.blogspot.com/
https://www.linkedin.com/in/barakolo/
https://www.barakolo.me

In this session, I will explore these unique internal extension API’s, hidden attack-surfaces and show how these concepts can be broken & exploited using new ways! I start showing how an attacker can "jump" from one low-permissions chrome-app/extension to another, hence elevating its permissions. Then, I will show how to gain full "browser-persistency" inside extensions' background-scripts context.

Chaining it all together, I show how attacker, starting from low permissions chrome-app, gains a fully-armed "extension-rootkit", a persistent JS-malware running inside of a “good” extension, along with C&C features, JS injection techniques to any tab/origin, obfuscation-techniques and more. Eventually, I will present a generic technique, targeting all chrome-users, for taking over any previously installed chrome extension and implant an "extension-rootkit" in it.

REFERENCES

[1] Chrome Developers: Chrome extensions API Reference, https://developer.chrome.com/docs/extensions/reference/ [2] Chrome Developers: Chrome extensions Manfiest v2/v3 Security References, https://developer.chrome.com/docs/extensions/mv2/getstarted/ & https://developer.chrome.com/docs/extensions/mv3/security/ [3] "Websites Can Exploit Browser Extensions to Steal User Data", 2019 - https://www.securityweek.com/websites-can-exploit-browser-extensions-steal-user-data / https://www-sop.inria.fr/members/Doliere.Some/papers/empoweb.pdf [4] "Web Browser Extension User-Script XSS Vulnerabilities", 2020 - https://ieeexplore.ieee.org/document/9251185 [5] "Detecting DOM-Sourced Cross-Site Scripting in Browser Extensions", 2017 - https://ieeexplore.ieee.org/document/8094406 [6] "Attacking browser extensions", Nicolas Golubovic, 2016 - https://golubovic.net/thesis/master.pdf [7] "A Combined Static and Dynamic Analysis Approach to Detect Malicious Browser Extensions", 2018 - https://www.hindawi.com/journals/scn/2018/7087239/ [8] "Chrome Extensions: Threat Analysis and Countermeasures", 2012 - https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.374.8978&rep=rep1&type=pdf [9] "Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies", Usenix Security 2017 - https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-sanchez-rola.pdf [10] "Protecting Browsers from Extension Vulnerabilities", 2010 - https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/38394.pdf

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=PpSftQuCEDw

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Barak%20Sternberg%20-%20Extension-Land%20-%20exploits%20and%20rootkits%20in%20your%20browser%20extensions.mp4

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one

BHV - Sunday - 11:00-11:59 PDT

The CTI League aspires to protect the medical sector and the life-saving organizations (MS-LSO) worldwide from cyber-attacks, supplying reliable information, reducing the level of threat, supporting security departments, and neutralizing cyber threats.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

DL - Sunday - 10:00-11:50 PDT

Short Abstract:
Frack is a tool created to be an end-to-end solution to store, manage and query collected breach data. The tool has a basic workflow making it easy to use. Using a very minimal cloud footprint, Frack makes it possible to store vast amounts of data in the cloud while retaining an extremely fast query speed. Query results end up in a neat Excel sheet where all of the breaches the domain was found in, including user passwords or hashes (depending on what was leaked in the breach). The Excel sheet also gives information regarding the breach it was found in and the date the breach first appeared. Having this data at your fingertips makes it easy to show a client their exposure and to use the data as a starting point when doing external or infrastructure assessments. The tool also includes the ability to use custom parse plugins which will parse raw dumps into usable data and convert it so you can use it directly in the database.

Short Developer Bio:
William is a Security Analyst at Orange Cyberdefense's SensePost team, specialising in penetration testing. He has been an ethical hacker since 2012 working on many different types of projects for many major banks and insurance houses in South Africa and abroad. Mobile platforms are his focus as he thoroughly enjoys breaking mobile applications and figuring out how they work. He has done several radio interviews (https://iono.fm/e/892386 and https://iono.fm/e/893010) and has also presented several training courses such as the SensePost SecDevOps training. William is currently focussing on designing a Mobile Hacking course.

URL to any additional information:
The tool leverages Apache ORC as a destination file format for parsed breaches. These are uploaded to Google's Big Query for processing. See: https://orc.apache.org/
https://github.com/noirello/pyorc
Detailed Explanation of Tool:
The tool was written in Python and will be distributed under the GNU General Public v3 License. The tool consists of three modulesmain features; generic parsing, plugin-based parsing and database maintenance.

The parse module is used to parse a semi clean .CSV file consisting of any of the following formats: <email>,<password>
<email>,<hash>
<email>,<hash>,<salt>
For known data breaches, a plugin system lets you consume raw data dumps without any need for modification.The parser will then convert the data to the .ORC file format (https://orc.apache.org/) resulting in small uploads to the cloud and very fast query times. These .ORC files are then ingested into a Google BigQuery table. The query module can then be used to query the data that you have uploaded into the BigQuery table.

The tool also includes a DB module where you can perform basic DB maintenance, start ingestion jobs, and see stats of the database.

Supporting Files, Code, etc:
If needed, an invitation to look at the source code beforehand can be arranged. It currently lives in a private GitHub repository.

Target Audience:
Offense, Defense, OSINT

Nothing can stop the data flow! Every day we are bombarded with news reports of another data breach that has been published on the internet. Frack provides an easy way to manage this data on Google cloud infrastructure.

#dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988

SOC - Sunday - 12:00-12:59 PDT

WS - Sunday - 10:00-13:59 PDT

Customers expect web applications to provide significant functionality and data access. Even beyond the importance of customer-facing web applications, internal web applications increasingly represent the most commonly used business tools within any organization. Unfortunately, there is no "patch Tuesday" for custom web applications, so major industry studies find that web application flaws play a major role in significant breaches and intrusions.

In this workshop we will teach you how to find vulnerabilities in web security according to the latest methods and techniques. We will demonstrate every vulnerability by giving an example from vulnerability we have found in major tech companies like: Facebook, WhatsApp, Amazon, AliExpress, Snapchat, LG and more!

Registration Link: https://www.eventbrite.com/e/from-zero-to-hero-in-web-security-research-jubilee-2-tickets-162219662377

Prerequisites

Basic Web Concepts, Basic Web Development Skills, Ability to Understand JavaScript.

Materials needed:
Personal Laptop

DC - Sunday - 11:00-11:59 PDT

To illustrate the power of the platform we'll present the details of a real-world fuzzing operation that targeted Linux kernel-modules from an attack-vector that has previously been hard to reach: memory exposed to devices via Direct Memory Access (DMA) for fast I/O. If the input the kernel reads from DMA-exposed memory is malformed or malicious - what could happen?

So far we discovered: 9 NULL-pointer dereferences; 3 array index out-of-bound accesses; 2 infinite-loops in IRQ context and 2 instances of tricking the kernel into accessing user-memory but thinking it is kernel memory. The bugs have been in Linux for many years and were found in kernel modules used by millions of devices. All bugs are now fixed upstream.

This talk will walk you through how the bugs were found: what process we went through to identify the right code-locations; how we analyzed the kernel source and how we analyzed the runtime of the kernel with Xen to pinpoint the input points that read from DMA. The talk will explain the steps required to attach a debugger through the hypervisor to collect kernel crash logs and how to perform triaging of bugs via VM-fork execution-replay, a novel technique akin to time-travel debugging. Finally, we'll close with the release of a new open-source tool to perform full-VM taint analysis using Xen and Intel(r) Processor Trace.

REFERENCES

https://github.com/intel/kernel-fuzzer-for-xen-project https://www.youtube.com/watch?v=3MYo8ctD_aU

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=_dXC_I2ybr4

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Tamas%20K%20Lengyel%20-%20Fuzzing%20Linux%20with%20Xen.mp4

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three

DC - Sunday - 11:00-11:45 PDT

As a hobby, he was a developer in The ERESI Reverse Engineering Software Interface project, a bughunter (discovered vulnerabilities in Hyper-V hypervisor, Intel/NVIDIA vGPU, Linux kernel, OpenSSH, gcc SSP/ProPolice, Apache, Adobe Acrobat Reader, Xpdf, Torque GRID server, FreeBSD, and more) and studied exploitation and mitigation techniques, publishing results of his research in Phrack Magazine.

Many industry players like Google, IBM, NVIDIA, Qualcomm, and Samsung are members of the RISC-V Foundation and have long supported RISC-V development. In 2016, NVIDIA unveiled plans to replace the internal microcontrollers of their graphic cards with next-gen RISC-V-based controllers built for upcoming NVIDIA GPUs.

NVIDIA's Product Security undertook a detailed architectural analysis and research of the RISC-V IP, discovering a potential risk with the ambiguous specification of the Machine Trap Base Address (MTVEC) register. This ambiguity leads to potential fault injection vulnerabilities under physical attack models.

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=iz_Y1lOtX08

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Adam%20Zabrocki%20Alexander%20Matrosov%20-%20Glitching%20RISC-V%20chips%20-%20MTVEC%20corruption%20for%20hardening%20ISA.mp4

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two

HTSV - Sunday - 11:00-11:55 PDT

Twitch: https://www.twitch.tv/h4ckthesea

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ

WS - Sunday - 10:00-13:59 PDT

Registration Link: https://www.eventbrite.com/e/hacking-the-metal-an-introduction-to-assembly-language-programming-lv-34-tickets-162218597191

Prerequisites

Some previous programming experience is helpful but not vital.

Materials needed:
Laptop

HRV - Sunday - 11:00-13:59 PDT

Register here: https://ham.study/sessions/610f2beb8f563a4f685389bf/1

HRV - Sunday - 14:00-14:15 PDT

PHV - Sunday - 12:00-13:59 PDT

HHV - Sunday - 14:00-14:30 PDT

We misuse the trust the operating system places on USB human-interaction devices to demonstrate once again the old adage that if you can physically access a computing device, there is no real security to be had. I will review hardware, its capabilities, how to breach OS security, and how attackers can enable it to perform a variety of tasks with its own tools. I will then show how to build and install additional software and customize the device with binary or scripted payloads.

We take the discussion to the next level by removing the need for a device and exploring attacks that can be delivered directly by a plain USB cable. We dissect easily-sourced, low-cost hardware implants embedded in standard, innocent-looking USB cables providing an attacker with further capabilities, including among them the ability to track its own geolocation.

#hhv-talk-qa-hw-hacking-101-text https://discord.com/channels/708208267699945503/709255105479704636

Twitch: https://twitch.tv/dchhv

Twitch: https://www.twitch.tv/dchhv

DC - Sunday - 10:00-10:59 PDT

Segmentation using firewalls is a critical security component for an organization. To scale, many firewall vendors have features that make rule implementation simpler, such as basing effective access on a user identity or workstation posture. Security products that probe client computers often have their credentials abused by either cracking a password hash, or by relaying an authentication attempt elsewhere. Prior work by Esteban Rodriguez and by Xavier Mertens cover this. In this talk I will show a new practical attack on identity-based firewalls to coerce them into applying chosen security policies to arbitrary IPs on a network by spoofing logged in users instead of cracking passwords.

Logged on user information is often gathered using the WKST (Workstation Service Remote Protocol) named pipe. By extending Impacket with the ability to respond to these requests, logged on users on a device can be spoofed, and arbitrary firewall rules applied.

We will dive into the details of how client probing has historically been a feature that should be avoided while introducing a new practical attack to emphasize that fact.

REFERENCES
https://www.coalfire.com/the-coalfire-blog/august-2018/the-dangers-client-probing-on-palo-alto-firewalls https://isc.sans.edu/forums/diary/The+Risk+of+Authenticated+Vulnerability+Scans/24942/ https://github.com/SecureAuthCorp/impacket https://www.rapid7.com/blog/post/2014/10/14/palo-alto-networks-userid-credential-exposure/ https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXHCA0

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=lDCoyxIhTN8

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Justin%20Perdok%20-%20Hi%20Im%20DOMAIN%20Steve%2C%20please%20let%20me%20access%20VLAN2.mp4

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two

AVV - Sunday - 15:15-15:59 PDT

Since 2015 leads Fr1endly RATs, the Social Engineering unit at Dreamlab Technologies Chile. Specializing and developing techniques and methodologies for simulations of Phishing attacks, Vishing, Pretexting, Physical Intrusions and Red Team.

Even having the best preparation, state-of-the-art devices and overwhelming information gathering. Reality will always have variants and surprises that attackers know how to take advantage of. Exposure to these variants is critical for simulation practitioners to emulate and recognize potential threats.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon

CLV - Sunday - 10:45-11:15 PDT

To follow his passion for identity and security, Igal decided to leave Microsoft and Co-found, Keytos a security company with the mission of eliminating passwords by creating easy to use PKI offerings. Earlier this year they launch their first product “EZSSH” which takes aim at stopping SSH Key theft by making it easy to use short lived SSH Certificates.

YouTube: https://www.youtube.com/cloudvillage_dc

ICSV - Sunday - 12:00-12:59 PDT

Felker is the former Assistant Director for Integrated Operations, Cybersecurity, and Infrastructure Security Agency (CISA) where he brought focus to integrated operations across the Agency that extended to Regional CISA elements, intelligence, operational planning, and mission execution with emphasis on risk mitigation and response efforts.

He previously served as the Director of the National Cybersecurity and Communications Integration Center from 2015 to 2019. Prior to joining CISA, Felker worked as Director of Cyber and Intelligence Strategy for HP Enterprise Services and in a 30-year career, served as Deputy Commander, Coast Guard Cyber Command; Commander, Coast Guard Cryptologic Group, as Executive Assistant to the Director of Coast Guard Intelligence and commanded the cutters CAPE UPRIGHT and RED CEDAR.

Felker is President of Morse Alpha Associates, Inc., a cyber leadership consultancy, serves as a member of the Parsons Corporation Senior Advisory Board, a Senior Advisor to the Chertoff Group, as a Senior Advisor to the Maritime Transportation System ISAC, a Senior Advisor to S-RM, an international cyber intelligence, response, and resilience company and a Senior Fellow at the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. He is a member of the National Technology Security Coalition’s Advisory Council and is currently on the Board of Directors of the Operation Renewed Hope Foundation and the Boards of Advisors for the Military Cyber Professionals Association, and the Cyber Security Forum Initiative.

He is the recipient of the Department of Homeland Security Outstanding Public Service Medal, and his military awards include the Defense Superior Service Medal, the Legion of Merit, and the Meritorious Service Medal.

Felker graduated from Ithaca College with a Bachelor of Science and earned his Master of Arts in Public Administration from the Maxwell School of Citizenship and Public Affairs at Syracuse University and has co-authored several papers on cyber intelligence under the auspices of the Intelligence and National Security Alliance.

Mr. de Souza holds various cybersecurity, cyber intelligence, and counter-terrorism Advisory Board positions for organizations such as the Military Cyber Professionals Association (MCPA), the Ben-Gurion University of the Negev in Israel, and IntellCorp in Portugal. Past board positions include the Institute of World Politics (IWP) and Visiting Research Fellow at the National Security Studies (INSS), Tel Aviv, Israel.

Paul serves as a visiting researcher, guest lecturer, ambassador, and faculty member for several higher educational institutions, such as Sheffield Hallam University (UK), Tel Aviv University, the Swedish Defence University (Försvarshögskolanand), American Public University, and George Washington University.

In addition to earning a master’s degree in National Security Studies with a concentration in Terrorism from American Military University, Mr. de Souza has completed the Executive Certificate Program in Counter-Terrorism Studies from the Interdisciplinary Center (IDC) Herzliya in Israel, is an alumnus from the Harvard Kennedy School’s Cybersecurity Executive Education program with a Higher Education Teaching certification from Harvard University, and is currently pursuing his Ph.D. in Critical Infrastructure from Capitol Technology University.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485

ICSV - Sunday - 13:00-13:30 PDT

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485

ICSV - Sunday - 14:00-14:59 PDT

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485

CLV - Sunday - 10:00-10:45 PDT

YouTube: https://www.youtube.com/cloudvillage_dc

DC - Sunday - 14:00-14:20 PDT

In this talk, we will discuss the process for developing generalized parasitic tracers targeting specific programming languages and runtimes using Ruby as our case study. We will show how feasible it is to write external tracers targeting a language and its runtime, and discuss best practices for supporting different versions over time.

REFERENCES

* https://github.com/ruby/ruby * https://frida.re/docs/javascript-api/

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=Iy1BNywebpY

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Jeff%20Dileo%20-%20Instrument%20and%20Find%20Out%20-%20Writing%20Parasitic%20Tracers%20for%20High%20Level%20Languages.mp4

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three

BHV - Sunday - 10:30-10:59 PDT

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

LPV - Sunday - 15:00-15:59 PDT

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US

LPV - Sunday - 10:00-10:30 PDT

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US

LPV - Sunday - 12:00-12:30 PDT

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US

LPV - Sunday - 14:15-14:45 PDT

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US

AIV - Sunday - 09:30-10:59 PDT

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.

Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536

PHV - Sunday - 09:00-10:59 PDT

IOTV - Sunday - 10:00-11:59 PDT

Twitch: https://www.twitch.tv/iotvillage

IOTV - Sunday - 06:00-10:59 PDT

Twitch: https://www.twitch.tv/iotvillage

BHV - Sunday - 13:30-13:59 PDT

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

HTSV - Sunday - 10:00-10:55 PDT

Twitch: https://www.twitch.tv/h4ckthesea

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ

WS - Sunday - 10:00-13:59 PDT

This workshop will utilize open-source and limited use tools such as Ghidra, IDA Pro Free/Demo, Oledump/OleVBA, PE Studio, and Suricata to perform deep technical analysis of malware, focusing on developing effective strategies to maximize your time spent. By the end of this workshop, you will be able to analyze malicious office documents, identify signs of packing, defeat obfuscation and other anti-analysis techniques and use traffic analysis to aid in detection and identifying of prevalent malware families. These skills ultimately allow you to generate valuable threat intelligence to aid in your efforts to defend your organization or respond to an incident.

This is a fast-paced course designed to take you deep into malware operations – from delivery methods to payloads! Numerous labs will reinforce key learning objectives throughout the workshop and each lab comes with a detailed lab guide. Comprehensive analysis activities and exercises are used to to test and reaffirm key learning objectives and ensure attendees have a start-to-finish understanding of the material.

Attendees will be provided with all the lab material used throughout the course in a digital format. This includes all lab material, lab guides and virtual machines used for training. This workshop will also utilize several live classroom sharing resources, such as chat and notes to ensure that attendees have access to all material discussed throughout the training. All the material provided will help to ensure that students have the ability to continue learning well after the course ends and maximize the knowledge gained from this course.

Registration Link: https://www.eventbrite.com/e/modern-malware-analysis-for-threat-hunters-las-vegas-1-2-tickets-162214781779

Prerequisites

The primary requirement for this course is a desire to learn and the determination to tackle challenging problems. In addition, having some familiarization with the following topics will help students maximize their time in this course:

• Basic familiarity with Linux and the terminal
• An understanding of programming languages such as control structures (IF statements, loops and functions), data structures (objects, structures, arrays) and variable usage will be helpful

Materials needed:

• Linux/Windows/Mac desktop environment
• A laptop with the ability to run virtualization software such as VMWare or VirtualBox
• Access to the system BIOS to enable virtualization, if disabled via the chipset
• Ability to temporarily disable anti-virus or white-list folders/files associated with lab material
• A laptop that the attendee is comfortable handling live malware on
• Enough disk space to store at least a single 40 GB VM, although multiple VMs may be used

MUS - Sunday - 01:00-01:59 PDT

https://www.instagram.com/ctrlrsm
https://www.facebook.com/ctrlrsm
https://www.twitch.tv/ctrlrsm

MUS - Sunday - 00:00-00:59 PDT

Zebbler Encanti Experience released a critically-acclaimed EP, End Trance, on standout bass label Wakaan, coupled with a performance at the inaugural Wakaan Festival. Coming out of the pandemic, ZEE released Syncorswim on longtime label Gravitas Recordings, which is a full audio-visual album exploring the ambient, glitchy, and IDM side of the project. Beautiful natural visuals accompany gorgeous, synth-heavy grooves. This different perspective gives fans a whole new look at what an A/V project can be.

ZEE have seen a considerable amount of road time in the last few years, serving as integral members of multiple tour teams. The architect behind the projection mapped projects for Shpongle and EOTO, and assisting with Infected Mushroom’s stage construction, Zebbler has toured the United States nonstop producing visual shows and performing as a VJ at hundreds of high profile events. In addition to ZEE performing as direct touring support for EOTO in venues throughout the country, and performing in the Shpongle Live band during their first few shows in the United States and final appearance at Red Rocks, Encanti has carved out some time to teach electronic music production to graduate students in the Valencia, Spain wing of Berklee College of Music.

https://zebblerencantiexperience.com/
https://facebook.com/zebblerencantiexperience https://instagram.com/zebblerencantiexperience https://soundcloud.com/zebblerencantiexperience

DC - Sunday - 12:00-12:45 PDT

https://www.linkedin.com/in/roy-davis/

REFERENCES
Barnaby Jack - “Jackpotting Automated Teller Machines” - (2010) from DEFCON - https://www.youtube.com/watch?v=FkteGFfvwJ0 Weston Hecker - “Hacking Next-Gen ATM's From Capture to Cashout” - (2016) from DEFCON - https://www.youtube.com/watch?v=1iPAzBcMmqA Trey Keown and Brenda So - “Applied Cash Eviction through ATM Exploitation” (2020) from DEFCON - https://www.youtube.com/watch?v=dJNLBfPo2V8 Triton - “Terminal Communications Protocol And Message Format Specification” (2004) from Complete ATM Services - tinyurl.com/7nf2fdy5 Rocket ATM - “Hyosung ATM Setup Part 1 - Step by Step” (2018) from Rocket ATM - https://www.youtube.com/watch?v=abylmrBkOGM&t=3s Rocket ATM - “Hyosung ATM Setup Part 2 - Step by Step” (2018) from Rocket ATM - https://www.youtube.com/watch?v=IM9ZG46fwL8 Hyosung - “NH2600 Service Manual v1.0” (2013) From Prineta - https://tinyurl.com/c6jd4hd9 Hyosung - “NH2700 Operator Manual v1.2” (2010) From AtmEquipment.com - https://tinyurl.com/rp2cad8

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=9cG-JL0LHYw

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Roy%20Davis%20-%20No%20Key-No%20PIN-No%20Combo%20-%20No%20Problem%20P0wning%20ATMs%20For%20Fun%20and%20Profit.mp4

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two

DC - Sunday - 14:00-14:45 PDT

REFERENCES

EICAR test string: https://www.eicar.org/?page_id=3950 EICAR wikipedia entry: https://en.wikipedia.org/wiki/EICAR_test_file QR codes: https://en.wikipedia.org/wiki/QR_code Risks surrounding QR codes: https://en.wikipedia.org/wiki/QR_code#Risks

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=cIcbAMO6sxo

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Richard%20Henderson%20-%20Old%20MacDonald%20Had%20a%20Barcode%2C%20E-I-E-I%20CAR.mp4

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two

AVV - Sunday - 10:00-10:59 PDT

Omar has been quoted by numerous media outlets, such as TheRegister, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune Magazine, Ars Technica, and more.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon

CLV - Sunday - 12:00-12:20 PDT

YouTube: https://www.youtube.com/cloudvillage_dc

AIV - Sunday - 11:00-11:30 PDT

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.

Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536

CON - Sunday - 12:00-12:59 PDT

CON - Sunday - 10:00-11:59 PDT

BHV - Sunday - 12:00-12:59 PDT

Ken Kato is an entrepreneur, platform/cloud architect, change agent, and innovator; with a wide range of experience across highly regulated industries from finance, to healthcare, to defense. Most recently as a founding member of Kessel Run, Ken disrupted USAF’s technology. Working alongside industry innovators Pivotal to provide a cloud platform and help begin their cloud native journey.

Spending a career working at the bleeding edge; Ken continues to iterate on concepts with a focus lately on IoT sensor data aggregation and predictive analysis, security across software and platform lifecycle, edge computing at the extremes of information availability. Evincing a passion to keep pursuing ideas from when the ideas are theory before technology is available until they are matured as an innovation.

Technology alone can’t solve complex problems and with that in mind, Ken thinks of what the future landscape may look like. Between experience and data, Ken predicts how decisions made today will be survivable for years ahead and strives to develop a sustainable strategy for organizational growth.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

DL - Sunday - 10:00-11:50 PDT

Tool or Project Name reNgine: An automated reconnaissance engine(framework)

Short Abstract: reNgine is an automated reconnaissance engine(framework) that is capable of performing end-to-end reconnaissance with the help of highly configurable scan engines on web application targets. reNgine makes use of various open-source tools and makes a highly configurable pipeline of reconnaissance to gather the recon result.reNgine also makes it possible for users to choose the tools they desire while following the same reconnaissance pipeline, example - with reNgine you aren't limited to using sublist3r for subdomains discovery, rather reNgine allows you to combine multiple tools like sublist3r, subfinder, assetfinder, and easily integrate them into your reconnaissance pipeline. The reconnaissance results are then displayed in a beautiful and structured UI after performing the co-relation in the results produced by these various tools. The developers behind reNgine understand that recon result most often is overwhelming due to the humongous data, so that’s why reNgine also comes with advanced query lookup using natural language operators like and, or and not. Imagine, doing recon on facebook.com and filtering the results like http_status!404&page_title=admin|page_title=dashbo ard&content_length>0&tech=phporseverity=critical|severity=high&vulnerability_titl e=xss|vulerability_title=cve-1234-xxxxreNgine’s flexibility to easily incorporate any existing open-source tools and with advanced features like configurable scan engines, parallel scans, advanced query lookup on recon results, instant notification about the scan, scheduled scans, etc, separates reNgine from any other recon frameworks. reNgine can be used for both reconnaissance and actively monitoring the targets.URL to any additional information: Official Documentation: https://rengine.wiki reNgine v0.5 Major Update with Vulnerability Scan and Advanced recon Lookup Trailer and Demo: https://www.youtube.com/watch?v=DSOS_dkorBMreNgine release Trailer: https://www.youtube.com/watch?v=u8_Z2-3-o2MreNgine Development Timeline Video Trailer: https://www.facebook.com/10000176436...1638639238246/reNgine featured on Portswigger’s The daily Swig: https://portswigger.net/daily-swig/r...or-pen-testers reNgine community review: https://twitter.com/Jhaddix/status/1286547230078275585 https://twitter.com/ITSecurityguard/...58400926543879 https://twitter.com/ojhayogesh11/sta...21166811471872 https://twitter.com/search?q=https%3...rc=typed_query

Detailed Explanation of Tool: reNgine is an advanced reconnaissance framework for web application targets that uses various existing open-source tools to achieve this. The idea for reNgine came when I was bored during the lockdown and had nothing better to do. Back then I was working as a Security Analyst and my day job was to perform penetration testing on web applications. While I enjoyed my job, I hated performing recon on these targets because in almost all the cases the recon steps were pretty similar. Except for certain cases, the recon steps I read, I performed, I saw others doing, were very similar. Same usage of tools, same usage of options/parameters/tuning. But I was bored with this recon methodology because, at times I needed the recon results to be saved in a structured way, come back the next day, and still do the analysis without wasting my yet another day on recon.

Also, since I had a day job, I used to do bug bounty during the night, and obviously, my office would fire me right away if I performed recon on bug bounty targets during my office hours, so also was looking for something that could help me schedule the scans on those targets, something like performing a scan every midnight, or lineup 100 scans on the pipeline and scan these targets one step at a time.

The recon results are very humongous on larger targets, and very difficult to search or find the specific results quickly. This was due to the reason that existing frameworks (open-source) had no ability to store the results on DB, almost all used text as output, and obviously, this wasn’t going to be helpful unless you write extremely complex greps. So, I went on to create one for myself and named it reNgine, abbreviated for reconnaissance engine. Why Engine? It is because reNgine has the ability to customize the scan engines. These engines are Yaml based configurations, you can add, remove or customize them.

So what is reNgine and how it solved the problems that no other recon frameworks were providing?

One of the most impressive features of reNgine is that it makes use of something called Scan Engines, these engines are highly configurable and allow you to choose the tools you like, configurations you like, example so you are not limited to using subfinder for subdomain gathering, you can use multiple of them, as many as you want. How difficult is it to choose tools? Very simple, just add the tool name in YAML configuration and you’re good to go, reNgine will take care of the rest.This scan engine allows you to fine-tune the tools and perform scans in a much-advanced way. These scan engines have one to many relationships with the targets, meaning, you can define one scan engine, let’s say ‘Defcon Scan’ that does Subdomain Discovery at 100 threads, grab screenshots at 50 threads, and also performs vulnerability scan. Now, once this scan engine is defined, you can use it against n number of targets without the need to modify and fine-tune the parameters every once in a while.

Sample Scan Engine Configuration:

subdomain_discovery: uses_tool: [ subfinder, sublist3r, assetfinder, oneforall ] thread: 10 wordlist: default amass_config: config_short_name subfinder_config: config_short_name port_scan: ports: [ top-100 ] exclude_ports: null thread: 10 visual_identification: port: xlarge thread: 2 http_timeout: 3000 screenshot_timeout: 30000 scan_timeout: 100 dir_file_search: extensions: [ php,asp,aspx,txt,conf,db,sql,json ] recursive: false recursive_level: 1 thread: 100 wordlist: default fetch_url: uses_tool: [ gau, hakrawler ] intensity: aggressive vulnerability_scan: concurrent: 10 template: all severity: all excluded_subdomains: - test.rengine.wiki - hello.test.com

This configuration and finetuning can be used against n targets. The result of this recon is then stored in DB for co-relation.

Technology Stack:
reNgine uses the following technology stack:Web Framework: DjangoDatabase: PostgresDistributed Message Broker: RedisAsync Tasks and Scheduling Scans: Celery and Celery-beat Redis acts as a message broker between Django and Celery.Containerized everything by Docker reNgine has a dashboard-like UI, which makes it easy to co-relate the recon results.Example: https://user-images.githubuserconten...087b2b48d3.pnghttps://user-images.githubuserconten...d626127d88.png The purpose of creating the dashboard-like UI was so that one can easily filter the recon results like, “Hey, I quickly want to filter a subdomain that has admin or dashboard in page title, and also has HTTP status as 200”. With the existing recon frameworks, this was quite impossible. reNgine’s dashboard makes it very easy to filter such use cases. Example: https://camo.githubusercontent.com/2...795f322e706e67

Key Features of reNgine:

Perform Recon:
Subdomain Discovery
Ports Discovery
Endpoints Discovery
Directory Bruteforce
Visual Reconnaissance (Screenshot the targets) IP Discovery
CNAME discovery
Subdomain Takeover Scan
Highly configurable scan engines, use tools of your choice, open-source or integrate your own tool, use one configuration, fine-tuning against multiple targets Run multiple scans in parallel, running multiple scans is very simple, select n targets, choose the scan engine, and initiate the scan. reNgine and celery will take care of the rest. Run Clocked Scans (Run reconnaissance exactly at X Hours and Y minutes) Run Periodic Scans (Runs reconnaissance every X minutes/hours/days/week) Perform Vulnerability Scan using Nuclei and get notified when a vulnerability is discovered Send scan related notifications to Slack or Discord Perform Advanced Query lookup using natural language alike and, or, not operations Example: Assume that, you are looking for open redirection, you can quickly search for =http and look for HTTP status 30X, this will give high accuracy of open redirection with bare minimum effort.Out-of-Scope options available, if recon need not be performed on specific targets, define them on the scan engine and you’re good to go. reNgine won’t perform anything on the out-of-scope subdomains.Redefined Dashboard that allows you to quickly find out the most vulnerable target and most commonly occurred vulnerability Example: https://user-images.githubuserconten...7e087c1a26.png

Upcoming Features:
Scan Comparision
Comparision of the scans performed on the target, to find out how many new vulnerabilities have been discovered since the last scan, how many new subdomains have been discovered since the last scan, etc. (Under Development)Interesting Subdomains Discovery

reNgine will discover the interesting subdomains based on the HTTP status, content length, and page title. For example, imagine the time saved by reNgine if reNgine tells you that, Hey admin.facebook.com is an interesting subdomain you might want to look up, now this is depended upon, HTTP status, content length, and many more factors (Under Development)

Source Code: https://github.com/yogeshojha/rengine

Target Audience:
The targeted audience is both Offence and Defence on Web application Security.

The audience on the offense can use reNgine to perform active reconnaissance and gather more information about their next penetration testing target. This information includes but not limited to subdomains, ip address associated with it, endpoints, visual reconnaissance screenshot gathering, ports scan, and vulnerability scan as well.

And, the audience on defense can learn how to use reNgine to perform periodic scans on their (Intra/Extra)net web services, run the periodic open-source-powered vulnerability scanner, and get notified instantly when a vulnerability is identified.The beauty of reNgine is that, with minimal penetration testing and security experience, one can run the entire reconnaissance and gather the result so that it is well suited for both offense and defense.

As the purpose of this demo lab would be to demonstrate the capabilities of reNgine, the demo would be outlined in such a way that it can be well received by the audience of both the offense and defense sides.

reNgine is something I have worked really hard, spent countless nights working on it. Within a very short period of time, reNgine became one of the popular reconnaissance tools. Presenting this to fellow hackers will certainly gather new ideas on making reNgine a more advanced reconnaissance tool, which is one of the major reasons why I wish to present this to Defcon. On the other hand, presenting this to Defcon will foster the open-source and hacker culture as I will explain about the in and out of reNgine and hopefully bring in many developers to contribute to reNgine as well.

Also, I plan to announce a major update in reNgine during Defcon, which I believe will bring innovation and excitement among the attendees as well. And of course, Defcon is the right platform to make everyone aware of the updates, advancements, and new features of reNgine.

#dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505

DC - Sunday - 14:00-14:45 PDT

While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices.

His most known projects are the rooting and hacking of various vacuum robots

I previously showed ways to root robots such as Roborock and Xiaomi, which enabled owners to use their devices safely with open-source home automation. In response, vendors began locking down their devices with technologies like Secure Boot, SELinux, LUKS encrypted partitions and custom crypto that prevents gaining control over our own devices. This talk will update my newest methods for rooting these devices.

The market of vacuum robots expanded in the past 2 years. In particular, the Dreame company has recently released many models with interesting hardware, like ToF cameras and line lasers. This can be a nice alternative for rooting. I will show easy ways to get root access on these devices and bypass all security. I will also discuss backdoors and security issues I discovered from analysis. You will be surprised what the developers left in the firmware.

REFERENCES

Unleash your smart-home devices: Vacuum Cleaning Robot Hacking (34C3) https://dontvacuum.me/talks/34c3-2017/34c3.html

Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices https://dontvacuum.me/talks/DEFCON26/DEFCON26-Having_fun_with_IoT-Xiaomi.html

https://linux-sunxi.org/Main_Page

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=EWqFxQpRbv8

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Dennis%20Giese%20-%20Robots%20with%20lasers%20and%20cameras%20but%20no%20security%20-%20Liberating%20your%20vacuum%20from%20the%20cloud.mp4

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one

AIV - Sunday - 11:30-11:59 PDT

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.

Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536

LPV - Sunday - 11:00-11:50 PDT

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US

AVV - Sunday - 13:15-14:15 PDT

In this talk, we will discuss the essentials of offensive pipeline and present our innovative approach, while referring to the challenges we solved, and demonstrate how you can leverage our offensive CI/CD framework to empower red team and purple team operations.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon

HTSV - Sunday - 13:00-13:55 PDT

Twitch: https://www.twitch.tv/h4ckthesea

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ

AVV - Sunday - 14:15-15:15 PDT

This talk will walk attendees through the stages of past attacks by Chinese APTs - notably APT10, APT17 and APT41- to show how capabilities have evolved and what lessons could be applied to recent attacks, comparing tactics, techniques and procedures.

TOPICS COVERED:

What constitutes software supply chain attacks. The abuse of trust and compromise at the source. Trust third parties with third parties. How cloud migration and innovation fuel increased code dependency. Understanding CI/CD continuous integration and continuous delivery. The increased use and targeting of online code repositories and automated software distribution. Where mistakes and misconfigurations occur, creating adversarial opportunity A brief history of software supply chain attacks on repositories.

LEARNING FROM THE PAST

A walk through of several major attack including Operation Aurora, CCleaner, NetSarang. Contrast these to a walk through of recent attacks including SolarWinds, Dependency Confusion, Codecov and XCodeSpy.

The value of historical context is that it helps illuminate TTPs that should be monitored for and secured against, especially those which aid in deception and evasion. Recommendations for mitigations and best practices to secure code, dependencies.

TAKEAWAYS

Attendees will learn what software supply chain attacks are and why they are increasing They will understand the opportunity for adversaries because of the vulnerability created by multiple dependencies. A breakdown of key attacks will be mapped to the Lockheed Martin Kill Chain steps and Mitre ATT&CK. Attendees will be familiarized with major Chinese APT group TTPs which they can bring back to their organizations to implement in their monitoring.

Q&A sessions will happen in DEF CON Official Discord server after each talk.

YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon

BCV - Sunday - 10:15-11:30 PDT

DC - Sunday - 10:00-10:59 PDT

This research will enter the Mitsubishi ecosystem’s communication protocol, using it as a lens with which to deeply explore the differences between itself and other ecosystems. We will show how we successfully uncovered flaws in its identity authentication function, including how to take it over and show that such an attack can cause physical damage in different critical sectors. We’ll explain how we accomplished this by applying reverse engineering and communication analysis. This flaw allows attackers to take over any asset within the entire series of Mitsubishi PLCs, allowing command of the ecosystem and full control of the relevant sensors. A further complication is that making a fix to the various communication protocols in the ICS/SCADA is extremely difficult. We will also share the various problems we encountered while researching these findings and provide the most workable detection and mitigation strategies for those protocols.

REFERENCES
[1] https://ladderlogicworld.com/plc-manufacturers/ [2] https://www.mitsubishielectric.com/fa/products/cnt/plc/pmerit/case.html [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5594 [4] https://www.mitsubishielectric.com/fa/products/cnt/plc/pmerit/index.html

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=L0w_aE4jRFw

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Mars%20Cheng%20Selmon%20Yang%20-%20Taking%20Apart%20and%20Taking%20Over%20ICS%20%26%20SCADA%20Ecosystems%20-%20A%20Case%20Study%20of%20Mitsubishi%20Electric.mp4

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three

DC - Sunday - 14:30-14:50 PDT

Sick Codes: I am a Hacker, an Independent Security Researcher, an Australian, and an Open Source maintainer. I regularly publish nasty vulnerabilities in everyone's favorite products, from all the best vendors. I've published CVEs in Smart TV's, Browsers, missile design software, and entire programming languages. Freelance automation specialist by day and hacker by trade. I publish weaponized code on GitHub, namely Docker-OSX, which was my first big "thing," which now has 15k stars, and my biggest project, Docker-OSX has over 100,000 downloads on DockerHub.

@sickcodes
https://github.com/sickcodes
https://www.linkedin.com/in/sickcodes/
https://sick.codes

How the ongoing analytics arms race affects everyone, and how Tractor companies have metastasized into Tech companies, with little to no cyber defenses in place. Learn how farms are not like they used to be; telemetry, crop & yield analytics, and more telemetry.

REFERENCES

https://github.com/sickcodes/Docker-OSX https://github.com/sickcodes/osx-serial-generator https://www.vice.com/en/article/akdmb8/open-source-app-lets-anyone-create-a-virtual-army-of-hackintoshes https://www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/ https://sick.codes/sick-2021-012/ https://sick.codes/sick-2021-031/ https://sick.codes/leaky-john-deere-apis-serious-food-supply-chain-vulnerabilities-discovered-by-sick-codes-kevin-kenney-willie-cade/ https://www.vice.com/en/article/4avy8j/bugs-allowed-hackers-to-dox-all-john-deere-owners https://www.youtube.com/watch?v=rB_SleNKBus wabaf3t https://twitter.com/wabafet1 D0rkerDevil https://twitter.com/D0rkerDevil ChiefCoolArrow https://twitter.com/ChiefCoolArrow johnjhacking https://twitter.com/johnjhacking rej_ex https://twitter.com/rej_ex w0rmer https://twitter.com/0x686967 https://climate.com/press-releases/transform-data-into-value-with-climate-fieldview/14 https://www.agriculture.com/news/business/john-deere-to-acquire-precision-plting_5-ar50937 https://www.reuters.com/article/us-monsanto-m-a-deere-idUSKBN17X2FZ https://twitter.com/sickcodes/status/1385218039734423565?s=20

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=zpouLO-GXLo

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Sick%20Codes%20-%20The%20Agricultural%20Data%20Arms%20Race%20-%20Exploiting%20a%20Tractor%20Load%20of%20Vulnerabilities%20In%20The%20Global%20Food%20Supply%20Chain.mp4

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three

HHV - Sunday - 15:00-15:30 PDT

#hhv-talk-qa-blackbox-brainbox-text https://discord.com/channels/708208267699945503/709254868329693214

Twitch: https://twitch.tv/dchhv

Twitch: https://www.twitch.tv/dchhv

DC - Sunday - 11:00-11:45 PDT

Nay, these are but fruits of the poisonous physical security tree! Come, fellow hackers and weary travelers, visit with the ghosts of access control and learn of the lies they’ve laid before us!

Come see how false guardians have used BLE slight-of-hand to increase complexity and cost while reducing security and ask that they be paid a tithing for the privilege! Witness young software-defined gladiators do battle in an arena they did not prepare for and falter!

Behold as our friendly ghosts of access control forge never-before seen tools to help slay false security prophets!

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=NARJrwX_KFY

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Babak%20Javadi%20Nick%20Draffen%20Eric%20Bettse%20Anze%20Jensterle%20-%20The%20PACS-man%20Comes%20For%20Us%20All.mp4

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one

BHV - Sunday - 13:00-13:30 PDT

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q

AIV - Sunday - 09:00-09:30 PDT

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.

Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536

DC - Sunday - 13:00-13:59 PDT

In this presentation, we introduce a conceptually novel way of performing timing attacks that is completely resilient to network jitter. This means that remote timing attacks can now be executed with a performance and accuracy that is similar as if the attack was performed on the local system. With this technique, which leverages coalescing of network packets and request multiplexing, it is possible to detect timing differences as small as 100ns over any Internet connection. We will elaborate on how this technique can be launched against HTTP/2 webservers, Tor onion services, and EAP-pwd, a popular Wi-Fi authentication method.

REFERENCES

See page 15 to 17 in our paper for a list of references: https://www.usenix.org/system/files/sec20-van_goethem.pdf

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=s5w4RG7-Y6g

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Tom%20Van%20Goethem%20Mathy%20Vanhoef%20-%20Timeless%20Timing%20Attacks.mp4

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three

ICSV - Sunday - 11:00-11:59 PDT

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485

AIV - Sunday - 12:00-12:59 PDT

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.

Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536

CLV - Sunday - 11:15-11:59 PDT

• Attacking Compute Engine (5 mins)
• Attacking the App engine (5 mins)
• Attacking SQL Instance (5 mins)
• Attacking GCP buckets (5 mins)
• Attacking GCP GKE clusters (5 mins)
• Privilege Escalation (5 mins)
• Conclusion and QA (5 mins)

YouTube: https://www.youtube.com/cloudvillage_dc

HHV - Sunday - 11:30-12:30 PDT

Website: https://aosc.cc
https://gitlab.com/bradanlane
https://aosc.cc/blinks

#hhv-talk-qa-use-a-portaprog-text https://discord.com/channels/708208267699945503/739571364821729310

Twitch: https://twitch.tv/dchhv

Twitch: https://www.twitch.tv/dchhv

HHV - Sunday - 09:00-09:59 PDT

#hhv-challenge-text https://discord.com/channels/708208267699945503/739567199647301702

Twitch: https://twitch.tv/dchhv

Twitch: https://www.twitch.tv/dchhv

BCV - Sunday - 10:00-10:15 PDT

DC - Sunday - 13:00-13:45 PDT

REFERENCES

- JADX: Dex to Java Decompiler - https://github.com/skylot/jadx - Efficiency: Reverse Engineering with ghidra - http://wapiflapi.github.io/2019/10/10/efficiency-reverse-engineering-with-ghidra.html - Guide to JNI (Java Native Interface) - https://www.baeldung.com/jni - JDSP - Digital Signal Processing in Java - https://psambit9791.github.io/jDSP/transforms.html - Understanding FFT output - https://stackoverflow.com/questions/6740545/understanding-fft-output - Spectral Selection and Editing - Audacity Manual - https://manual.audacityteam.org/man/spectral_selection.html - Edit>Labelled Audio>everything greyed out - https://forum.audacityteam.org/viewtopic.php?t=100856 - Get a spectrum of frequencies from WAV/RIFF using linux command line - https://stackoverflow.com/questions/21756237/get-a-spectrum-of-frequencies-from-wav-riff-using-linux-command-line - How to interpret output of FFT and extract frequency information - https://stackoverflow.com/questions/21977748/how-to-interpret-output-of-fft-and-extract-frequency-information?rq=1 - Calculate Frequency from sound input using FFT - https://stackoverflow.com/questions/16060134/calculate-frequency-from-sound-input-using-fft?rq=1 - Intorduction - Window Size - https://support.ircam.fr/docs/AudioSculpt/3.0/co/Window%20Size.html - Android: Sine Wave Generation - https://stackoverflow.com/questions/11436472/android-sine-wave-generation - Android Generate tone of a specific frequency - https://riptutorial.com/android/example/28432/generate-tone-of-a-specific-frequency - Android Tone Generator - https://gist.github.com/slightfoot/6330866 - Android: Audiotrack to play sine wave generates buzzing noise - https://stackoverflow.com/questions/23174228/android-audiotrack-to-play-sine-wave-generates-buzzing-noise

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=JpL3lySZNeM

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Rion%20Carter%20-%20Why%20does%20my%20security%20camera%20scream%20like%20a%20Banshee-%20Signal%20analysis%20and%20RE%20of%20a%20proprietary%20audio-data%20encoding%20protocol.mp4

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two

WS - Sunday - 10:00-13:59 PDT

Irvin Lemus is an instructor at Cabrillo College, teaching cyber security courses for 3 years. Irvin runs the cybersecurity competition program for the Bay Area Community Colleges. He also creates the SkillsUSA Cybersecurity contests for California and Florida. He has Security+, CySA+, WCNA, CISSP.

To prepare for this workshop, please prepare a FLARE-VM in advance, as explained here: https://samsclass.info/126/proj/PMA40.htm

Registration Link: https://www.eventbrite.com/e/windows-internals-jubilee-1-tickets-162218647341

Prerequisites

Previous experience troubleshooting Windows is helpful but not required

Materials needed:
A computer that can run virtual machines locally, or a few dollars to rent cloud servers

CPV - Sunday - 10:00-13:59 PDT

He only knows two facts about geese, both of which are wrong.

As a security consultant, Matt works in a variety of realms, including: internal/external network infrastructure, cloud environments, web applications, automated teller machines (ATMs), physical security, social engineering, digital forensics and incident response, mobile, and wireless. As well, these assessments span a number of sectors: energy, utility, manufacturing, software development, financial, retail, municipal, and medical.

Matt holds a B.S. in Food and Resource Economics, and is therefore totally qualified to speak on the tasty topics of security and privacy.

Your phone is a little snitch. For as long as it is turned on, it is monitoring your activities (physical and digital). It knows where you go, who else may be around, and likely what you are doing. Further, it shares (at least some of) the information with different organizations - which then sell or directly aggregate the data to profile you for fun and profit. The modern phone compromises your privacy by design.

To add insult to injury, you do not have a say on it. Or do you?

If you're willing to put in some effort, you can do something about it. But, it will require more than just installing some app with a big Easy Button. If we can do it, so can you!

Takeaways

Attendees will come out of this workshop with a privacy mindset:

• Appreciating the privacy and security implications of using a smart phone in general -- specifically consumer Android devices.
• Knowing how to achieve two different levels privacy in their phones and understanding the costs and benefits of each approach.
• Understanding what "attribution of traffic" tying IP to a person through a VPN is.
• Finding out which apps are privacy-respecting, and how to contain those untrusted apps you need to have

Who should take this workshop:

• Privacy-conscious smartphone users who would like to understand and control what their mobile devices share about them.

Audience Skill Level:

Beginner/Intermediate

Attendees' requirements:

• An understanding of basic Linux commands
• Comfortable with the idea of installing an aftermarket firmware/OS ("ROM") on a mobile device. Soft/hard "bricking" is a possibility, so having a spare phone may be a good investment.

What student should bring:

• A phone that has support for the latest version of LineageOS - as of this writing, 18.1 (Android 11). It does not need to be the "latest and greatest", most expensive flagship device. In fact, we will compare and contrast the effectiveness and viability of higher-end and inexpensive models. We will not cover iPhones or other Apple products here.

INSTRUCTIONS

https://github.com/matthewnash/building-phone-privacy

AIV - Sunday - 13:00-13:59 PDT

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.

Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536

BTV - Sunday - 12:30-12:59 PDT

Visit https://www.blueteamvillage.org/meet-a-mentor/ for more info on the program.

--

Twitch: https://twitch.tv/blueteamvillage