Talk/Event Schedule


Sunday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Sunday - 00:00 PDT


Return to Index  -  Locations Legend
MUS - Music - Zebbler Encanti Experience - Zebbler Encanti Experience

 

Sunday - 01:00 PDT


Return to Index  -  Locations Legend
MUS - Music - CTRL/rsm - CTRL/rsm

 

Sunday - 06:00 PDT


Return to Index  -  Locations Legend
IOTV - IoT Village Labs -

 

Sunday - 07:00 PDT


Return to Index  -  Locations Legend
BHV - Table Top Exercise - Biologia et Machina (Pre-registration Required)
IOTV - cont...(06:00-10:59 PDT) - IoT Village Labs -

 

Sunday - 08:00 PDT


Return to Index  -  Locations Legend
IOTV - cont...(06:00-10:59 PDT) - IoT Village Labs -

 

Sunday - 09:00 PDT


Return to Index  -  Locations Legend
AIV - The State of AI Ethics - Abishek Gupta
AIV - (09:30-10:59 PDT) - Intro to ML Workshop - Gavin Klondike
APV - AppSec Village Welcome and Introductions
APV - "The Poisoned Diary": Supply Chain Attacks on Install scripts - Yakov Shafranovich
APV - Borrow a mentor
CON - Darknet-NG -
DC - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
HHV - Walkthrough of DC 28 HHV Challenges - rehr
IOTV - cont...(06:00-10:59 PDT) - IoT Village Labs -
PHV - Intrusion Analysis and Threat Hunting with Suricata - Peter Manev,Josh Stroschein

 

Sunday - 10:00 PDT


Return to Index  -  Locations Legend
AIV - cont...(09:30-10:59 PDT) - Intro to ML Workshop - Gavin Klondike
APV - Encryption for Developers - James McKee (punkcoder)
AVV - Panel discussion: Resilient cyber space: The role of hacker and security communities - Abhijith B R,Jay Turla,Manu Zacharia,Aseem Jakhar,Omar Santos,Dave Lewis,Dhillon ‘L33tdawg’ Kannabhiran
BCV - Welcome Note - Nathan,Ron Stoner
BCV - (10:15-11:30 PDT) - Surviving DeFi: How to Prevent Economic Attacks - Jan Gorzny
BHV - Cyber Defense Matrix in Healthcare - Sounil Yu
BHV - CTF: Hospital Under Siege (Pre-registration required)
BHV - (10:30-10:59 PDT) - Internet-of-Ingestible-Things Security by Design - Mariam Elgabry
BTV - BTV Presents: Threat Report Roulette - Blind Hacker JoeB,Will Thomas,Ricky Banda,Karan Aditya Ghoshal,Danny D. Henderson Jr,Christopher Russell,Jorge Orchilles,Ch33r10
CLV - Identifying toxic combinations of permissions in your cloud infrastructure - Michael Raggo
CLV - (10:45-11:15 PDT) - I know who has access to my cloud, do you? - Igal Flegmann
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
CON - DEF CON 29 CTF by OOO -
CON - Red Team Village CTF - Finals Part 2 -
CPV - CPV Through the Looking-Glass: Cicada (DC 26)
CPV - Workshop: Practically Protecting Phone Privacy (Pre-registration required) - Mauricio Tavares,Matt Nash
CPV - (10:35-13:59 PDT) - CPV Through the Looking-Glass: CPV Day 3 (DC 28)
DC - cont...(09:00-13:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - DEF CON Vendor Area Open
DC - A Discussion with Agent X - Agent X
DC - Hi! I'm DOMAIN\Steve, please let me access VLAN2 - Justin Perdok
DC - Taking Apart and Taking Over ICS & SCADA Ecosystems: A Case Study of Mitsubishi Electric - Mars Cheng,Selmon Yang
DDV - Data Duplication Village - Last Chance Pickup Only -
DL - reNgine - Yogesh Ojha
DL - Frack - William Vermaak
HHV - A Lazy r2 Solve of @mediumrehr Challenge 6 - Ben Gardiner
HTSV - Less Jaw Work, More Paw Work: Why We Need to Start “Doing” Cyber - Cliff Neve
ICSV - Bottom-Up and Top-Down: Exploiting Vulnerabilities In the OT Cloud Era - Sharon Brizinov,Uri Katz
ICSV - (10:30-10:59 PDT) - Detecting Attackers Using Your Own Sensors with State Estimation - Stefan Stephenson-Moe
IOTV - cont...(06:00-10:59 PDT) - IoT Village Labs -
IOTV - IoT Village Capture the Flag (CTF) -
LPV - Intro To Lockpicking - TOOOL
PHV - cont...(09:00-10:59 PDT) - Intrusion Analysis and Threat Hunting with Suricata - Peter Manev,Josh Stroschein
WS - Windows Internals - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - Modern Malware Analysis for Threat Hunters - Aaron Rosenmund,Ryan Chapman
WS - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist

 

Sunday - 11:00 PDT


Return to Index  -  Locations Legend
AIV - Potential Pitfalls Protecting Patient Privacy - Brian Martin
AIV - (11:30-11:59 PDT) - Robustness of client-side scanning for illegal content detection on E2EE platforms - Shubham Jain
APV - AppSec 101: A Journey from Engineer to Hacker - Arjun Gopalakrishna
AVV - (Tool Demo) Prelude Operator - David Hunt,Alex Manners
AVV - (11:45-12:30 PDT) - APT: A Short History and An Example Attack - Mark Loveless
BCV - cont...(10:15-11:30 PDT) - Surviving DeFi: How to Prevent Economic Attacks - Jan Gorzny
BCV - (11:30-12:30 PDT) - Breaking Future Crypto Custody - Mehow Powers,Chris Odom
BHV - cont...(10:00-12:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - Fishing or Hunting - Ohad Zaidenberg
BTV - (11:15-12:15 PDT) - BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel - Clay (ttheveii0x),plug,Ch33r10,Bassem Helmy,Wayland,O'Shea (sirmudbl00d),Ben (Innismir),Tino aka Paladin316,Neumann (aka scsideath)
CCV - DEX trading without leaking your identity: RAILGUN - Railgun Team
CLV - cont...(10:45-11:15 PDT) - I know who has access to my cloud, do you? - Igal Flegmann
CLV - (11:15-11:59 PDT) - Understanding common Google Cloud misconfiguration using GCP Goat - Joshua Jebaraj
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
CON - cont...(10:00-13:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-11:59 PDT) - Red Team Village CTF - Finals Part 2 -
CPV - cont...(10:00-13:59 PDT) - Workshop: Practically Protecting Phone Privacy (Pre-registration required) - Mauricio Tavares,Matt Nash
CPV - cont...(10:35-13:59 PDT) - CPV Through the Looking-Glass: CPV Day 3 (DC 28)
DC - cont...(09:00-13:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-15:59 PDT) - DEF CON Vendor Area Open
DC - The PACS-man Comes For Us All: We May Be Vaccinated, but Physical Access Control Still Sucks - Anze Jensterle,Babak Javadi,Eric Betts,Nick Draffen
DC - Glitching RISC-V chips: MTVEC corruption for hardening ISA - Adam 'pi3' Zabrocki,Alex Matrosov
DC - Fuzzing Linux with Xen - Tamas K Lengyel
DL - cont...(10:00-11:50 PDT) - reNgine - Yogesh Ojha
DL - cont...(10:00-11:50 PDT) - Frack - William Vermaak
HHV - (11:30-12:30 PDT) - Use a PortaProg to flash, dump, and test ISP and UPDI chips - Bradán Lane,Sara Cladlow
HRV - Ham Radio Exams -
HRV - An Introduction to RF Test Equipment - Kurits Kopf
HTSV - Hack the Wind - Mary Ann Hoppa
ICSV - Top 20 Secure PLC Coding Practices - Sarah Fluchs,Vivek Ponnada
IOTV - cont...(10:00-11:59 PDT) - IoT Village Capture the Flag (CTF) -
LPV - Safecracking for Everyone! - Jared Dygert
SOC - (11:30-12:30 PDT) - QueerCon End-of-Con Chat
WS - cont...(10:00-13:59 PDT) - Windows Internals - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Modern Malware Analysis for Threat Hunters - Aaron Rosenmund,Ryan Chapman
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist

 

Sunday - 12:00 PDT


Return to Index  -  Locations Legend
AIV - Twitter Ethics Bug Bounty: Winners and Wrap-up - Rumman Chowdhury
APV - Car Hacking + Bug Hunting Field Guide for Appsec Hackers - Jay Turla DELETE ME
AVV - cont...(11:45-12:30 PDT) - APT: A Short History and An Example Attack - Mark Loveless
AVV - (12:30-13:15 PDT) - (Tool Demo) ImproHound - Identify AD tiering violations - Jonas Bülow Knudsen
BCV - cont...(11:30-12:30 PDT) - Breaking Future Crypto Custody - Mehow Powers,Chris Odom
BHV - cont...(10:00-12:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - Red vs Blue vs Green : The ultimate battle of opinions (or is it) - Ken Kato,Vee Schmitt
BTV - cont...(11:15-12:15 PDT) - BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel - Clay (ttheveii0x),plug,Ch33r10,Bassem Helmy,Wayland,O'Shea (sirmudbl00d),Ben (Innismir),Tino aka Paladin316,Neumann (aka scsideath)
BTV - (12:30-12:59 PDT) - Year of Mentoring: BTV’s Meet-a-Mentor Turns One - muteki
CLV - PK-WHY - Kevin Chen
CLV - (12:20-13:05 PDT) - Cloud Security Orienteering - Rami McCarthy
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
CON - cont...(10:00-13:59 PDT) - DEF CON 29 CTF by OOO -
CON - Red Team Village CTF - Closing Ceremony -
CPV - cont...(10:00-13:59 PDT) - Workshop: Practically Protecting Phone Privacy (Pre-registration required) - Mauricio Tavares,Matt Nash
CPV - cont...(10:35-13:59 PDT) - CPV Through the Looking-Glass: CPV Day 3 (DC 28)
DC - cont...(09:00-13:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-15:59 PDT) - DEF CON Vendor Area Open
DC - DoS: Denial of Shopping – Analyzing and Exploiting (Physical) Shopping Cart Immobilization Systems - Joseph Gabay
DC - No Key? No PIN? No Combo? No Problem! P0wning ATMs For Fun and Profit - Roy Davis
DC - Breaking TrustZone-M: Privilege Escalation on LPC55S69 - Laura Abbott,Rick Altherr
DL - Cotopaxi - Jakub Botwicz
HHV - cont...(11:30-12:30 PDT) - Use a PortaProg to flash, dump, and test ISP and UPDI chips - Bradán Lane,Sara Cladlow
HRV - cont...(11:00-13:59 PDT) - Ham Radio Exams -
HRV - cont...(11:00-12:30 PDT) - An Introduction to RF Test Equipment - Kurits Kopf
HTSV - Cyber Risk Management in the MTS - Josie Long,Kelley Edwards
ICSV - ICS Cyber Threat Intelligence (CTI) Information Sharing Between Brazil and the United States - Helio Sant'ana,John Felker,Max Campos,Paul de Souza,Tom VanNorman
LPV - Intro To Lockpicking - TOOOL
PHV - Hands-On TCP Deep Dive with Wireshark - Chris Greer
SOC - cont...(11:30-12:30 PDT) - QueerCon End-of-Con Chat
SOC - Friends of Bill W. -
WS - cont...(10:00-13:59 PDT) - Windows Internals - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Modern Malware Analysis for Threat Hunters - Aaron Rosenmund,Ryan Chapman
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist

 

Sunday - 13:00 PDT


Return to Index  -  Locations Legend
AIV - Wrap Up - AI Village Organizers
APV - AppSec Village Capture the Flag Ends -
APV - 0-Days & Nat 20's - CVSSv3 Through the Lens of Dungeons & Dragons - Alex "RedWedgeX" Hoffman
AVV - cont...(12:30-13:15 PDT) - (Tool Demo) ImproHound - Identify AD tiering violations - Jonas Bülow Knudsen
AVV - (13:15-14:15 PDT) - Scaling Up Offensive Pipelines - Gil Biton
BHV - The Security of Your Digital DNA, from Inception to Death - Garrett Schumacher
BHV - (13:30-13:59 PDT) - It takes a village: Why you should join the Biohacking Village - Rob Suárez
BTV - (13:30-13:59 PDT) - BTV Closing Ceremony
CLV - cont...(12:20-13:05 PDT) - Cloud Security Orienteering - Rami McCarthy
CLV - Cloud Village Closing Keynote
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
CON - cont...(10:00-13:59 PDT) - DEF CON 29 CTF by OOO -
CPV - cont...(10:00-13:59 PDT) - Workshop: Practically Protecting Phone Privacy (Pre-registration required) - Mauricio Tavares,Matt Nash
CPV - cont...(10:35-13:59 PDT) - CPV Through the Looking-Glass: CPV Day 3 (DC 28)
DC - cont...(09:00-13:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-15:59 PDT) - DEF CON Vendor Area Open
DC - Extension-Land: exploits and rootkits in your browser extensions - Barak Sternberg
DC - Why does my security camera scream like a Banshee? Signal analysis and RE of a proprietary audio-data encoding protocol - Rion Carter
DC - Timeless Timing Attacks - Mathy Vanhoef,Tom Van Goethem
DL - cont...(12:00-13:50 PDT) - Cotopaxi - Jakub Botwicz
HRV - cont...(11:00-13:59 PDT) - Ham Radio Exams -
HTSV - SeaTF, Pirate Hat, and Salty Sensor Results, Closing Statements - Brian Satira
ICSV - ICS Intrusion KillChain explained with real simulation - Javier Perez,Juan Escobar
ICSV - (13:30-13:59 PDT) - Building an ICS Firing Range (in our kitchen): Sharing Our Journey & Lessons Learned (so you don’t have to) - Moritz Thomas,Nico Leidecker
LPV - Bobby Pins, More Effective Than Lockpicks? - John the Greek
PHV - cont...(12:00-13:59 PDT) - Hands-On TCP Deep Dive with Wireshark - Chris Greer
SOC - A&E Pool Party! -
WS - cont...(10:00-13:59 PDT) - Windows Internals - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Modern Malware Analysis for Threat Hunters - Aaron Rosenmund,Ryan Chapman
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist

 

Sunday - 14:00 PDT


Return to Index  -  Locations Legend
APV - Attacking Modern Environments Series: Attack Vectors on Terraform Environments - Mazin Ahmed
AVV - cont...(13:15-14:15 PDT) - Scaling Up Offensive Pipelines - Gil Biton
AVV - (14:15-15:15 PDT) - Signed, Sealed, Delivered: Comparing Chinese APTs behind Software Supply Chain Attacks - Cheryl Biswas
BHV - Biohacking Village Wrap-Up -
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-15:59 PDT) - DEF CON Vendor Area Open
DC - Robots with lasers and cameras (but no security): Liberating your vacuum from the cloud - Dennis Giese
DC - Old MacDonald Had a Barcode, E-I-E-I CAR - Richard Henderson
DC - Instrument and Find Out: Writing Parasitic Tracers for High(-Level) Languages - Jeff Dileo
DC - (14:30-14:50 PDT) - The Agricultural Data Arms Race: Exploiting a Tractor Load of Vulnerabilities In The Global Food Supply Chain - Sick Codes
HHV - Hardware Hacking 101: Rogue Keyboards and Eavesdropping Cables - Federico Lucifredi
HRV - Ham Radio Village Closing Commentary -
ICSV - ICS Jeopardy - Chris Sistrunk,Maggie Morganti,Mary Brooks,Tatyana Bolton
LBV - Bypass 101
LBV - (14:30-15:59 PDT) - Bypass Village Panel
LPV - (14:15-14:45 PDT) - Intro To Lockpicking - TOOOL
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 15:00 PDT


Return to Index  -  Locations Legend
APV - AppSec Quiz Time! - Eden Stroet
AVV - cont...(14:15-15:15 PDT) - Signed, Sealed, Delivered: Comparing Chinese APTs behind Software Supply Chain Attacks - Cheryl Biswas
AVV - (15:15-15:59 PDT) - How I got COVID in a RedTeam: Social engineering and physical intrusion for realistic attack simulations. - Daniel Isler
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-15:59 PDT) - DEF CON Vendor Area Open
DC - (CANCELED) Discord Closing Ceremonies - Dark Tangent
HHV - The Black Box and the Brain Box: When Electronics and Deception Collide - Gigs
LBV - cont...(14:30-15:59 PDT) - Bypass Village Panel
LPV - Intro to high security locks and lockpicking - N∅thing
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 16:00 PDT


Return to Index  -  Locations Legend
AVV - Adversary Village Closing Ceremony - Adversary Village Team
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - DEF CON Closing Ceremonies, Black Badge Ceremonies - Dark Tangent
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 17:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 18:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 19:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 20:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 21:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 22:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 23:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

Talk/Event Descriptions


 

APV - Sunday - 09:05-09:45 PDT


Title: "The Poisoned Diary": Supply Chain Attacks on Install scripts
When: Sunday, Aug 8, 09:05 - 09:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Yakov Shafranovich
No BIO available

Description:
The "curl | bash" pattern is in use everywhere but is it safe? How common is it and how can we make it safer? Join this talk to a discussion on install script security, Harry Potter and more!

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 15:00-15:59 PDT


Title: (CANCELED) Discord Closing Ceremonies
When: Sunday, Aug 8, 15:00 - 15:59 PDT
Where: See Description

SpeakerBio:Dark Tangent
No BIO available

Description:
There will be no Discord Closing Ceremony. Please view the live closing ceremony at 16:00 PDT instead.

Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 12:30-13:15 PDT


Title: (Tool Demo) ImproHound - Identify AD tiering violations
When: Sunday, Aug 8, 12:30 - 13:15 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Jonas Bülow Knudsen , Security Advisor, Improsec A/S
Jonas Bülow Knudsen is an Active Directory (AD) security advisor. Jonas have spent the past two years helping organizations implement technical countermeasures and remediate vulnerabilities in and around AD, including implementation of the AD tier model. Working closely together with penetration testers and having a strong interest in offensive security enable Jonas to focus on security measures that matters and not just best practice.

Jonas has recently developed a FOSS tool called ImproHound to identify the attack paths in BloodHound breaking AD tiering: https://github.com/improsec/ImproHound.

At least _wald0 (co-creator of BloodHound) thinks it is cool: https://twitter.com/_wald0/status/1403441218495807495

Twitter: @Jonas_B_K
https://www.linkedin.com/in/jonas-bülow-knudsen-950957b7/

Description:
It is not viable for system administrators and defenders in a large Active Directory (AD) environment to ensure all AD objects have only the exact permissions they need. Microsoft also realised that, why they recommended organizations to implement the AD tier model: Split the AD into three tiers and focus on preventing attack paths leading from one tier to a more business critical tier.

The concept is great, as it in theory prevents adversaries from gaining access to the server tiers (Tier 1 and 0) when they have obtained a shell on a workstation (Tier 2) i.e. through phishing, and it prevents adversaries from gaining access to the Domain Admins, Domain Controllers, etc. in Tier 0 when they have got a shell on a web server i.e. through an RCE vulnerability. But it turns out to be rather difficult to implement the tiering concept in AD, why most organizations fail it and end up leaving security gaps.

It doesn’t help on the organization’s motivation to make sure their tiering is sound, when Microsoft now call it the AD tier model “legacy” and have replaced it with the more cloud-focused enterprise access model: https://docs.microsoft.com/en-us/security/compass/privileged-access-access-model#evolution-from-the-legacy-ad-tier-model

As a person hired to help identify the vulnerabilities in an organization, you want to find and report the attack paths of their AD. BloodHound is well-known and great tool for revealing some of the hidden and often unintended relationships within an AD environment and can be used to identify highly complex chained attack paths that would otherwise be almost impossible to identify. It is great for finding the shortest attack path from a compromised user or computer to a desired target, but it is not built to find and report attack paths between tiers..

I will in my presentation explain and demonstrate a tool I have created called ImproHound, which take advantage of BloodHound’s graph database to identify and report the misconfigurations and security flaws that breaks the tiering of an AD environment.

ImproHound is a FOSS tool and available on GitHub: https://github.com/improsec/ImproHound


Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 11:00-11:45 PDT


Title: (Tool Demo) Prelude Operator
When: Sunday, Aug 8, 11:00 - 11:45 PDT
Where: Adversary Village (Virtual)
Speakers:David Hunt,Alex Manners

SpeakerBio:David Hunt , CTO, Prelude Research
David Hunt is the CTO of Prelude. David specializes in building teams which bridge cybersecurity with best-practice technology. Before coming to Prelude, David spent two years at MITRE Corporation in a dual-role as head developer and project lead for the CALDERA adversary emulation framework. David designed CALDERA v2 from the ground up and instrumented a plan which made it the industry leader in open-source breach and simulation. Prior to this work, David spent 15 years in offensive security and management roles, ranging organizations like Rockwell Collins, John Deere, Kenna Security and FireEye.

While at FireEye, David personally oversaw the storage and access of Mandiant's threat intelligence data, as the leader of the (then secretive) Nucleus team. Over the years, David has also worked as a contractor for several U.S. intelligence agencies, working domestically and internationally, as a principal security specialist.

Twitter: @privateducky
https://www.linkedin.com/in/david-hunt-b72864200

SpeakerBio:Alex Manners , Principal Cyber Security Engineer, Prelude Research
Alex Manners is a Principal Cyber Security Engineer at Prelude. Alex blends military cyber operations with a deep infrastructure and software engineering background. Prior to joining Prelude, Alex spent almost two years at The MITRE Corporation as a lead Adversary Emulation engineer and software development manager for the CALDERA adversary emulation framework. He led R&D for the CALDERA framework, designing multiple plugins and the current planning engine, as well as pushing the latest in offensive security tooling into the project. Earlier in Alex's career, he served as a Cyber Warfare Operations officer in the United State Air Force (USAF) where he led large operational support teams and integrated all aspects of offensive and defensive cyber operations into USAF Air Operations Center (AOC) operations. His cybersecurity experience spans the intelligence community, the U.S. military, non-military government, federal contracting, and the private sector.
Twitter: @khyberspache
https://linkedin.com/in/alexander-manners-87281a30

Description:
Prelude Operator is the new kid to the adversary emulation block party. Built by the same people who designed and built the MITRE Caldera framework, Operator is a free and largely open-source desktop platform that aims to make adversary emulation accessible to smaller organizations.

The app includes a library of RATs (agents) which can deploy into the field and supports a modular architecture of plugins and network protocols, including hundreds of TTPs mapped to ATT&CK. In this tool demonstration, we will highlight the key features of Operator and empower people to walk away with a developer-first adversary emulation desktop platform that is end-to-end free & open-source.


Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 13:00-13:45 PDT


Title: 0-Days & Nat 20's - CVSSv3 Through the Lens of Dungeons & Dragons
When: Sunday, Aug 8, 13:00 - 13:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Alex "RedWedgeX" Hoffman
No BIO available

Description:
What do the Critical Vulnerability Scoring System and Dungeons & Dragons have in common? As a pentester, security professional, network defender, developer, or an RPG gamer, it's vital to know how to read your character sheet in order figure out how much the BBEG (big bad evil guy) is going to mess you up and what you can do to prevent it. We'll take a brief glance at the CVSSv3 Calculator and walk through a dungeon encounter in order to better understand how to translate the ancient, often-misunderstood language of vulnerability scoring metrics.

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 10:00-10:45 PDT


Title: A Discussion with Agent X
When: Sunday, Aug 8, 10:00 - 10:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded

SpeakerBio:Agent X
No BIO available

Description:
This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=U2-8MNx8nsg

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Agent%20X%20-%20A%20look%20inside%20security%20at%20the%20New%20York%20Times.mp4


This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Sunday - 10:00-10:59 PDT


Title: A Lazy r2 Solve of @mediumrehr Challenge 6
When: Sunday, Aug 8, 10:00 - 10:59 PDT
Where: Hardware Hacking Village (Virtual Talk)

SpeakerBio:Ben Gardiner
Mr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure heavy vehicles at the NMFTA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior YFS Inc. and joining the NMFTA team in 2019, Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer.
Twitter: @BenLGardiner

Description:
Join Ben for an informal let’s play of @mediumrehr’s Hardware Hacking Village challenge 6. Some topics we will cover include: radare2 , AVR assembly, 7 segment displays, and sigrok. It should be fun and relaxed with plenty of time to stop and re-do some steps if something needs more deliberation. See you there.

#hhv-challenge-text https://discord.com/channels/708208267699945503/739567199647301702

Twitch: https://twitch.tv/dchhv


Hardware Hacking Village talks will be streamed to Twitch.

Twitch: https://www.twitch.tv/dchhv


Return to Index    -    Add to    -    ics Calendar file

 

SOC - Sunday - 13:00-23:59 PDT


Title: A&E Pool Party!
When: Sunday, Aug 8, 13:00 - 23:59 PDT
Where: Bally's Pool

Description:
Pool Party Schedule is listed here: https://forum.defcon.org/node/238025

Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 16:00-16:59 PDT


Title: Adversary Village Closing Ceremony
When: Sunday, Aug 8, 16:00 - 16:59 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Adversary Village Team
No BIO available

Description:No Description available

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

HRV - Sunday - 11:00-12:30 PDT


Title: An Introduction to RF Test Equipment
When: Sunday, Aug 8, 11:00 - 12:30 PDT
Where: Ham Radio Village (Virtual Talks)

SpeakerBio:Kurits Kopf
Kurits Kopf is a software engineer, technology enthusiast, and perpetual hobby collector. He is a video game industry veteran, working in Los Angeles. When he's not building games or playing them with his kids, he's in the garage tinkering. He has been taking interesting things apart to see how they work since childhood, and sometimes has even managed to put them back together.

Description:
An overview covering several common pieces of equipment used in RF and Ham Radio testing, focusing on oscilloscopes, spectrum analyzers, and vector network analyzers. I cover the basics of each and demonstrate common uses of the equipment for RF testing on both homebrew and commercial equipment. I also introduce other testing tools, including temperature controlled oscillators, dummy loads, and attenuators.

All Ham Radio Village talks will be streamed to Twitch, with discussion in Discord.

For more information, see https://hamvillage.org/dc29.html


Twitch: https://www.twitch.tv/hamradiovillage

#hrv-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 11:00-11:45 PDT


Title: AppSec 101: A Journey from Engineer to Hacker
When: Sunday, Aug 8, 11:00 - 11:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Arjun Gopalakrishna
No BIO available

Description:
Join this session to appreciate the role of Application Security in the context of software development, by examining them side by side. We will walk through an insecure application to find (and exploit) a few security issues, and examine - from an AppSec lens - the issue classes and ways to unearth them. This is an introductory level talk, especially for hackers new to AppSec.

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 15:00-15:15 PDT


Title: AppSec Quiz Time!
When: Sunday, Aug 8, 15:00 - 15:15 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Eden Stroet
No BIO available

Description:No Description available

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 13:00-12:59 PDT


Title: AppSec Village Capture the Flag Ends
When: Sunday, Aug 8, 13:00 - 12:59 PDT
Where: AppSec Village (Virtual)

Description:
For more information, see https://www.appsecvillage.com/ctf

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 11:45-12:30 PDT


Title: APT: A Short History and An Example Attack
When: Sunday, Aug 8, 11:45 - 12:30 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Mark Loveless , Researcher, Gitlab
Mark Loveless - aka Simple Nomad - is a security researcher, hacker, and explorer.He has worked in startups, large companies, hardware and software vendors. He's spoken at numerous security and hacker conferences worldwide on security and privacy topics, including Blackhat, DEF CON, ShmooCon, RSA, AusCERT, among others. He has been quoted in television, online, and print media outlets as a security expert, including CNN, Washington Post, and the New York Times. He's paranoid (justified), has done ghost hunting, been mugged four times, storm chased, and seen UFOs. He is currently a Sr Security Researcher at GitLab.
Twitter: @simplenomad
https://linkedin.com/in/markloveless

Description:
Advanced Persistent Threat. Where did this term come from? What does it really mean? Exactly how can you determine that it is a "nation state" as opposed to a run-of-the-mill attack? All of this will be explained in detail. As an example, I will use an actual attempt against my home system, with a review of collected data to illustrate the whole APT thing.

There are differences in how APT actors approach things, and this will be discussed from the perspective of someone who attacked plenty of systems in their youth - me. We'll talk about how APT differs from Red Teaming and Penetration Testing, and if you are trying to simulate it you need to throw the rulebook out of the window to do it right.


Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 14:00-14:45 PDT


Title: Attacking Modern Environments Series: Attack Vectors on Terraform Environments
When: Sunday, Aug 8, 14:00 - 14:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Mazin Ahmed
No BIO available

Description:No Description available

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Sunday - 14:00-14:30 PDT


Title: Biohacking Village Wrap-Up
When: Sunday, Aug 8, 14:00 - 14:30 PDT
Where: Biohacking Village (Talk - Virtual)

Description:
Where do we go from here?

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

LPV - Sunday - 13:00-13:59 PDT


Title: Bobby Pins, More Effective Than Lockpicks?
When: Sunday, Aug 8, 13:00 - 13:59 PDT
Where: Lock Pick Village (Virtual)

SpeakerBio:John the Greek
No BIO available

Description:
When should you not have picks in your pocket? Answer, never... but This course will present to the novice and the less prepared suggestions for improvising lockpicks when the proper tools are not on hand as well as techniques of bypass that are more effective than trying to pick a lock especially when you don't have the proper tools on hand. This class is ideal for our current situation! Those interested should look around their locations for the following:

Bobby pins
Paper clips (big ones)
Pocket clips from ink pens (Pilot rollerball) Old Wind Shield Wipers
Spark Plug Gappers
Bra Underwire

... and my favorite
Street cleaner bristles


Lock Pick Village will be streaming their activities to Twitch and YouTube.

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 10:00-10:30 PDT


Title: Bottom-Up and Top-Down: Exploiting Vulnerabilities In the OT Cloud Era
When: Sunday, Aug 8, 10:00 - 10:30 PDT
Where: ICS Village (Virtual)
Speakers:Sharon Brizinov,Uri Katz

SpeakerBio:Sharon Brizinov , Claroty
Sharon Brizinov is the vulnerability research team lead at Claroty. He specializes in vulnerability research, malware analysis, network forensics, and ICS/SCADA security. In addition, Brizinov participated in well-known hacking competitions such as Pwn2Own, and he holds a DEFCON black-badge for winning the ICS CTF.

SpeakerBio:Uri Katz , Claroty
Uri is a security researcher at Claroty specializes in reverse engineering and vulnerability research across both embedded and Windows systems.

Description:
We researched the exploitability of cloud-based management platforms responsible for monitoring industrial control systems (ICS), and developed techniques to exploit vulnerabilities in automation vendor CODESYS’ Automation Server and vulnerabilities in the WAGO PLC platform. Our research mimics the top-down and bottom-up paths an attacker would take to either control a Level 1 device in order to eventually compromise the cloud-based management console, or the reverse, commandeer the cloud in order to manipulate all networked field devices.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Sunday - 11:30-12:30 PDT


Title: Breaking Future Crypto Custody
When: Sunday, Aug 8, 11:30 - 12:30 PDT
Where: Blockchain Village / Paris Vendome B
Speakers:Mehow Powers,Chris Odom

SpeakerBio:Mehow Powers
No BIO available

SpeakerBio:Chris Odom
No BIO available

Description:No Description available

This content will be presented live and in-person.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 12:00-12:59 PDT


Title: Breaking TrustZone-M: Privilege Escalation on LPC55S69
When: Sunday, Aug 8, 12:00 - 12:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
Speakers:Laura Abbott,Rick Altherr

SpeakerBio:Laura Abbott
Laura Abbott is a software engineer who focuses on low level software. Her background includes Linux kernel development with work in the memory management and security areas as well as ARM enablement.
Twitter: @openlabbott

SpeakerBio:Rick Altherr
Rick Altherr has a career ranging from ASICs to UX with a focus on the intersection of hardware and software, especially in server systems. His past work includes USBAnywhere, leading the unification of OpenBMC as a project under Linux Foundation, co-authoring a whitepaper on Google’s Titan, and reverse engineering Xilinx 7 Series FPGA bitstreams as part of prjxray.
Twitter: @kc8apf

Description:
The concept of Trusted Execution Environments has been broadly introduced to microcontrollers with ARM’s TrustZone-M. While much experience with TrustZone-A can be applied, architectural differences with ARMv8-M lead to a very different approach to configuration and transitions between secure and non-secure worlds. This talk will deep dive into how TrustZone-M works, where to look for weaknesses in implementations, and a detailed look into NXP LPC55S69’s implementation including discovering an undocumented peripheral that leads to a priviledge escalation vulnerability exploitable with TrustedFirmware-M. Finally, NXP PSIRT will be used as a case study in how not to respond to a vulnerability report.
REFERENCES
TrustZone technology for the ARMv8-M architecture Version 2.0; ARM; https://developer.arm.com/documentation/100690/0200

Your Peripheral Has Planted Malware -- An Exploit of NXP SOCs Vulnerability; Yuwei Zheng, Shaokun Cao, Yunding Jian, Mingchuang Qin; DEFCON 26; https://media.defcon.org/DEF CON 26/DEF CON 26 presentations/DEFCON-26-Yuwei-Zheng-Shaokun-Cao-Bypass-the-SecureBoot-and-etc-on-NXP-SOCs-Updated.pdf

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=eKKgaGbcq4o

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Laura%20Abbott%20Rick%20Altherr%20-%20Breaking%20TrustZone-M%20-%20Privilege%20Escalation%20on%20LPC55S69.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Sunday - 10:00-10:59 PDT


Title: BTV Presents: Threat Report Roulette
When: Sunday, Aug 8, 10:00 - 10:59 PDT
Where: Blue Team Village - Main Track (Virtual)
Speakers:Blind Hacker JoeB,Will Thomas,Ricky Banda,Karan Aditya Ghoshal,Danny D. Henderson Jr,Christopher Russell,Jorge Orchilles,Ch33r10

SpeakerBio:Blind Hacker JoeB
The Blind Hacker is an InfoSec enthusiast, mentor, coach, pentester, hacker, and more. He regularly mentors online through streams and online communities. He frequently volunteers time on workplace development for others, gives resume reviews, job advice, and coaches people into the roles they want with mock interviews. As a person with a disability, or who is differently-abled, he has never let it slow him down.
Twitter: @TheBlindHacker

SpeakerBio:Will Thomas
Will Thomas is a security researcher at Cyjax, a UK-based Cyber Threat Intelligence vendor. In his spare time, he offers his OSINT skills to work missing persons cases with the NCPTF and is a board member of the Curated Intelligence trust group. Will graduated with a BSc (Hons) in Computer and Information Security from the University of Plymouth.
Twitter: @BushidoToken

SpeakerBio:Ricky Banda
Ricky Banda is a Incident Commander for the Amazon Security Incident Response Team. He is a SANS MSISE Graduate Student, with over a dozen industry certifications and featured author in Tribe of Hackers: Blue Team Edition. He has over a decade of experience in Security Operations and Incident Response working in both Public and Private sectors.
Twitter: @teck923

SpeakerBio:Karan Aditya Ghoshal
Karan Aditya Ghoshal is a CTI Analyst at a Big Four cybersecurity firm. He is currently pursuing his Bachelors in Computer Science Engineering at Manav Rachna University.
Twitter: @0xDISREL

SpeakerBio:Danny D. Henderson Jr
Danny Henderson Jr. is a USAF veteran who is now an expat working as a Senior Cybersecurity Analyst at SecureWorks in Romania. He is a graduate of Capitol Technology University with MSc in Cyber and Information Security, six GIAC certifications in DFIR and Offensive Security.
Twitter: @B4nd1t0_

SpeakerBio:Christopher Russell
Christopher Russell is the Head of Information Security for tZERO Group Inc. He has a Masters Degree in Cybersecurity and numerous certifications and experience in cloud security, endpoint detection and response, SIEM and blockchain. He is a combat Veteran of the US Army, where he was a human intelligence (HUMINT) collector who graduated from the Defense Language Institute, for Arabic.
Twitter: @cr00ster

SpeakerBio:Jorge Orchilles
Jorge Orchilles is the Chief Technology Officer of SCYTHE, co-creator of the C2 Matrix project, and author of the Purple Team Exercise Framework. He is a SANS Certified Instructor and the author of Security 564: Red Team Exercises and Adversary Emulation.
Twitter: @jorgeorchilles

SpeakerBio:Ch33r10
Xena Olsen, @ch33r10, is a Senior Cybersecurity Analyst at a Fortune 500 Company. She is a graduate of SANS Women’s Academy with eight GIAC certifications, an MBA in IT management, and a doctoral student in cybersecurity at Marymount University.
Twitter: @ch33r10

Description:
Follow along as we spin the Threat Report Roulette Wheel and provide rapid fire responses to how we would create actionable takeaways from the publicly available, TLP: White Threat Reports. Pick up some tips and tricks to up your game! Check out our Github with links to the reports: https://github.com/ch33r10/DEFCON29-BTV-ThreatReportRoulette https://bit.ly/DC29Roulette

Threat Report Roulette will not discuss normal (BAU) CTI actions, such as searching the logs for hits on the IOCs or entering the IOCs into a Threat Intelligence Platform (TIP) or other alerting platform. Instead, the participants will focus on pivoting, TTPs, and how they would take the contents in the Threat Report to the NEXT LEVEL! When the Panelists respond to the threat reports, they are operating under the assumption that they performed the preliminary analysis and deemed the threat report relevant to their environment. The purpose of this assumption is to decrease the amount of debate on whether or not something is relevant to get to the part of the analysis that involves extracting actionable takeaways.

Spin the Threat Report Roulette Wheel - Link Moderator calls on Participant.
Participant is in the Hot Seat:

        15 seconds to organize their thoughts.
        1-5 minutes to share their thoughts on how they would get value out of the report.
    Panelists' input:
        3-5 minutes to share their insights as a group. Quick commentary that is short, sweet, rapid-fire, direct, and to the point!

Rinse & Repeat!
Check out our Github with links to the reports: https://github.com/ch33r10/DEFCON29-BTV-ThreatReportRoulette https://bit.ly/DC29Roulette


Blue Team Village talks will be streamed to Twitch.

--

Twitch: https://twitch.tv/blueteamvillage


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Sunday - 11:15-12:15 PDT


Title: BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel
When: Sunday, Aug 8, 11:15 - 12:15 PDT
Where: Blue Team Village - Main Track (Virtual)
Speakers:Clay (ttheveii0x),plug,Ch33r10,Bassem Helmy,Wayland,O'Shea (sirmudbl00d),Ben (Innismir),Tino aka Paladin316,Neumann (aka scsideath)

SpeakerBio:Clay (ttheveii0x)
Clay is a cyber threat intelligence and malware analysis manager at a consulting company.
Twitter: @ttheveii0x

SpeakerBio:plug
Plug started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually lead him to his first LA2600 meeting in 1998. From that point forward, he has been involved in computer security. Plug currently leads the Threat Hunting Program for a Fortune 20 organization. In his free time he enjoys building Legos, playing with synthesizers, and when possible, he volunteers his time to computer security events.

SpeakerBio:Ch33r10
Xena Olsen, @ch33r10, is a Senior Cybersecurity Analyst at a Fortune 500 Company. She is a graduate of SANS Women’s Academy with eight GIAC certifications, an MBA in IT management, and a doctoral student in cybersecurity at Marymount University.
Twitter: @ch33r10

SpeakerBio:Bassem Helmy
Cyber Security Professional with over eleven (11) years of experience with corporates and multinational organizations throughout the Middle East. Awarded Penetration Tester of the Year 2016 from EC-Council Foundation InfoSec Tech & Exec. Area of Expertise:

• Penetration Testing, Red Teaming, and Covert Operations • ICS / SCADA Security Assessment
• Threat Hunting Operations
• Incident Response
• Vulnerability Management and Security Assessment

Twitter: @bh3lmy

SpeakerBio:Wayland
Wayland is a cyber security practitioner with more than a decade of experience performing incident response in a variety of organizational environments. He has contributed to response efforts for multiple significant matters over the years and of late is focused on mentoring and leading the next wave of incident response professionals.
Twitter: @notx11

SpeakerBio:O'Shea (sirmudbl00d)
O'Shea Bowens is a cyber security enthusiast with 12years of experience. He is the founder and CEO of Null Hat Security which offers consulting services and addresses the cyber workforce shortage with skills and gap assessments in a custom built cyber arena. He is knowledgeable in the areas of digital forensics & incident response, threat hunting, cloud security, security analytics, security program management and architecture.
Twitter: @SirMuDbl00d

SpeakerBio:Ben (Innismir)
Ben is a security practitioner with over 15 years of hands on cyber security experience. Since 2011, Ben has been a CSIRT lead for a Fortune 500 company. In his spare time, he enjoys being a husband and dad, messing around with computers, VoIP, analog telephones, amateur radio, and generally pressing anything with a button on it. Ben was the lead author for Asterisk Hacking from Syngress Publishing, has spoken at various industry conferences, and has been featured on the BBC, New York Times, and CNET. Ben also strongly dislikes writing about himself in the third person.
Twitter: @innismir

SpeakerBio:Tino aka Paladin316
Tino has over 25 years experience in Cyber Security. His work experience spans diverse industries, a world-renowned children's hospital, a world leading Energy Company, an enterprise application service provider, a fortune 100 global manufacturing company, and a Global Financial Services Institution. His primary experience involves developing and implementing processes for Cyber Threat Hunting, Malware Analysis/Reverse Engineering, Digital Forensics/Incident Response (DFIR), and Purple Teaming. In addition, his favorite hobby is doing Cyber Security Research. He says he would do this job for free, but don't tell anyone.
Twitter: @Paladin3161

SpeakerBio:Neumann (aka scsideath)
Neumann Lim is a senior manager at Deloitte where he leads the development of the services, strategies and methodologies on cyber detection and incident response. With more than 14 years of infosec experience, he has coordinated national incident responses across multiple industries. Prior to this role, Neumann spent several years working with large enterprises and governments specializing in incident response.
Twitter: @cybersyrupblog

Description:
In this live table top, a group of panelist will be asked for their opinion on how to deal with a fictitious security incident as it unfolds. Live audience will be encourage to submit questions. Regardless of your skill level, this fun panel will take you in a day in IRLIFE!

Blue Team Village talks will be streamed to Twitch.

--

Twitch: https://twitch.tv/blueteamvillage


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 13:30-13:59 PDT


Title: Building an ICS Firing Range (in our kitchen): Sharing Our Journey & Lessons Learned (so you don’t have to)
When: Sunday, Aug 8, 13:30 - 13:59 PDT
Where: ICS Village (Virtual)
Speakers:Moritz Thomas,Nico Leidecker

SpeakerBio:Moritz Thomas , NVISO
Moritz is a security consultant working in the NVISO Software and Security assessment team. He is an ICS and IoT enthusiast, getting into the latest technologies in both fields. He loves to program and reverse engineer stuff.

SpeakerBio:Nico Leidecker , NVISO
Nico has worked in IT security for over 15 years as security consultant and penetration tester. For the past two years, his focus has been on all several aspects of OT security. At NVISO Germany, he leads the security assessment team.

Description:
Aiming to improve our own expertise in ICS security, we went to build our own ICS firing range for internal and external trainings, and hacking demos. It covers multiple technical aspects about IT infrastructure, PLC configuration and programming, ICS protocols and specific methodologies for red and blue teaming. Beginning with a bridge operation scenario we planned our approach on implementing the ICS Firing Range addressing all levels of the Purdue Model, from enterprise to physical processes. We were faced with a variety of practical challenges and challenges specific to the ICS context and prototyping: we learned how to implement ladder logic, how CAD modelling works, how to print 3D models with a 3D printer and how to combine all ICS and bridge components into a single, confined and mobile lab environment. Lastly, we designed a series of kill chains for our firing range that we use for trainings on a variety of professions such as digital forensics and incident response.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 12:00-12:45 PDT


Title: Car Hacking + Bug Hunting Field Guide for Appsec Hackers
When: Sunday, Aug 8, 12:00 - 12:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Jay Turla DELETE ME
No BIO available

Description:No Description available

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 09:00-20:59 PDT


Title: Chillout Lounges
When: Sunday, Aug 8, 09:00 - 20:59 PDT
Where: See Description
Speakers:DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris

SpeakerBio:DJ Pie & Darren
No BIO available

SpeakerBio:Louigi Verona
No BIO available

SpeakerBio:Merin MC
No BIO available

SpeakerBio:s1gns of l1fe
No BIO available

SpeakerBio:Mixmaster Morris
No BIO available

Description:
There are two onsite chillout lounges available: Bally's Silver Ballroom, and Paris Concorde A.

There will be chill music playing:

09:00-12:00 DJ Pie & Darren
12:00-12:40 s1gns of l1fe
12:40-13:30 Louigi Verona
14:30-16:10 Mixmaster Morris
16:10-Close Merin MC

You can also watch the chill room stream on Twitch.


Twitch: https://www.twitch.tv/defcon_chill


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 12:20-13:05 PDT


Title: Cloud Security Orienteering
When: Sunday, Aug 8, 12:20 - 13:05 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Rami McCarthy
Rami McCarthy is a Staff Security Engineer at Cedar (a healthtech unicorn), and a recovering Security Consultant. He spent 3 years at NCC Group where he executed dozens of security assessments and sat on the Cloud Security working group. He was a core contributor to ScoutSuite - a multi-cloud auditing tool (and SaaS offering), and released sadcloud - a tool for Terraforming insecure AWS environments. Rami holds the CCSK, the AWS Certified Security – Specialty, and is completing an MS in information security leadership.
Twitter: @ramimacisabird

Description:
Most of us are not lucky enough to have architected the perfect cloud environment, according to this month's best practices, and without any legacy elements or ""surprise"" assets. Over the course of a career in cloud security, you'll likely find yourself walking into a new environment and needing to rapidly orient yourself to both mitigate the biggest risks and also develop a roadmap towards a sustainable, secure future. As a security consultant, I had the challenge and opportunity to enter blind into a variety of cloud environments. They were across Azure, GCP, and AWS, some well-architected and others organically sprawling, containing a single account/project and hundreds. This gave me a rapid education in how to find the information necessary to familiarize myself with the environment, dig in to identify the risks that matter, and put together remediation plans that address short, medium, and long term goals. This talk will present a cloud and environment agnostic methodology for getting your bearings if tasked with securing a novel cloud environment. We'll learn by applying this to a sample AWS environment in order to cover:

Cloud Village activities will be streamed to YouTube.

YouTube: https://www.youtube.com/cloudvillage_dc


Return to Index    -    Add to    -    ics Calendar file

 

DL - Sunday - 12:00-13:50 PDT


Title: Cotopaxi
When: Sunday, Aug 8, 12:00 - 13:50 PDT
Where: DemoLab Video Channel 1

SpeakerBio:Jakub Botwicz
Jakub Botwicz, Ph.D. works as a security researcher in one of global investment banks. He has more than 17 years of experience in information security and previously worked in: one of the world's leading payment card service providers, Big4 consulting company and vendor of network encryption devices. Jakub holds a Ph.D. degree from Warsaw University of Technology. During the last 3 years he has reported more than 50 CVEs (security vulnerabilities) in publiccomponents - mainly IoT libraries.

Description:
Tool or Project Name: Cotopaxi

Short Abstract:
Cotopaxi is a set of tools for security testing of Internet of Things devices using specific network IoT/IIoT/M2M protocols (AMQP, CoAP, DTLS, gRPC, HTTP/2, HTCPCP, KNX, mDNS, MQTT, MQTT-SN, QUIC, RTSP, SSDP).

Short Developer Bio:
Jakub Botwicz, Ph.D. works as a security researcher in one of global investment banks. He has more than 17 years of experience in information security and previously worked in: one of the world's leading payment card service providers, Big4 consulting company and vendor of network encryption devices. Jakub holds a Ph.D. degree from Warsaw University of Technology. During the last 3 years he has reported more than 50 CVEs (security vulnerabilities) in publiccomponents - mainly IoT libraries.

URL to any additional information:
https://github.com/Samsung/cotopaxi/...aster/cotopaxi

Detailed Explanation of Tool:
Currently available tools used for security testing, like nmap or OpenVAS, do not support all new IoT protocols (e.g. CoAP, DTLS, HTCPCP, QUIC). So possibilities to test IoT products and discover such devices in tested networks are limited. We are working to fill this gap with the Cotopaxi toolkit.

New features in the release for DEF CON 2021 are: Integration with Metasploit
Extended set of corpuses for fuzzing and traffic classification Mutation-based features for server and client fuzzing New vulnerabilities in the database
Main features of our toolkit are:
Checking availability of network services for supported IoT protocols at given IPs and port ranges ("service ping") Recognizing the software used by remote network server ("software fingerprinting") based on responses for given messages using machine learning classifier, Analysis of network traffic to identify network protocols used. Classification of IoT devices based on captured traffic samples. Discovering resources identified by given URLs ("dirbusting" of URLs or services) Performing black-box fuzzing of IoT protocols based on corpus of packets prepared using coverage-based fuzzer. Identifying known vulnerabilities.
Detecting network traffic amplification (cases where network servers are responding with larger network messages than received requests).

Supporting Files, Code, etc:
https://pypi.org/project/cotopaxi/

Target Audience:
Offense, Defense, AppSec, IoT


This content will be presented on a Discord video channel.

#dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Sunday - 10:00-10:30 PDT


Title: Cyber Defense Matrix in Healthcare
When: Sunday, Aug 8, 10:00 - 10:30 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Sounil Yu , Cyber Strategist
Sounil Yu is a security innovator with over 30 years of hands-on experience creating, breaking, and fixing computer and network systems. He is currently the CISO & Head of Research for the startup JupiterOne. Sounil created the Cyber Defense Matrix and the DIE Triad, which are reshaping approaches to cybersecurity. He's a Board Member of the FAIR Institute and SCVX; co-chairs Art into Science: A Conference on Defense; is a visiting fellow at GMU Scalia Law School's National Security Institute; teaches at Yeshiva University; and advises many startups. Sounil previously served as the CISO-in-Residence at YL Ventures and Chief Security Scientist at Bank of America, driving innovation to meet emerging security needs and develop alternative approaches to hard problems in security. Before Bank of America, he helped improve information security at several institutions spanning from Fortune 100 companies with three letters on the stock exchange to secretive three letter agencies that are not.

Description:
The Cyber Defense Matrix helps us understand what we need organized through a logical construct so that when we go into the security vendor marketplace, we can quickly discern what products solve what problems and be informed on what is the core function of a given product. In addition, the Cyber Defense Matrix provides a mechanism to ensure that we have capabilities across the entire spectrum of options to help secure our environments.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

HTSV - Sunday - 12:00-12:55 PDT


Title: Cyber Risk Management in the MTS
When: Sunday, Aug 8, 12:00 - 12:55 PDT
Where: Hack the Sea (Virtual)
Speakers:Josie Long,Kelley Edwards

SpeakerBio:Josie Long , USCG Cyber
No BIO available

SpeakerBio:Kelley Edwards
No BIO available

Description:No Description available

Hack the Sea Village will stream their events to YouTube and Twitch.

Twitch: https://www.twitch.tv/h4ckthesea

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ


Return to Index    -    Add to    -    ics Calendar file

 

CON - Sunday - 09:00-23:59 PDT


Title: Darknet-NG
When: Sunday, Aug 8, 09:00 - 23:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/238249

Return to Index    -    Add to    -    ics Calendar file

 

DDV - Sunday - 10:00-10:59 PDT


Title: Data Duplication Village - Last Chance Pickup Only
When: Sunday, Aug 8, 10:00 - 10:59 PDT
Where: Data Duplication Village

Description:
Space permitting, last drop off is Saturday at 3:00pm.

Pick your drives full of data anytime 14-24 hours after drop off.

Last chance pickup is Sunday from 10:00 to 11:00.

Yes, 6TB and larger drives are accepted.

Any drives not picked up by Sunday at 11:00am are considered donated to the DDV.

See https://dcddv.org/dc29-schedule for more information.


Return to Index    -    Add to    -    ics Calendar file

 

CON - Sunday - 10:00-13:59 PDT


Title: DEF CON 29 CTF by OOO
When: Sunday, Aug 8, 10:00 - 13:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236417

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 16:00-16:59 PDT


Title: DEF CON Closing Ceremonies, Black Badge Ceremonies
When: Sunday, Aug 8, 16:00 - 16:59 PDT
Where: Track 1 Live; DCTV/Twitch #1 Live

SpeakerBio:Dark Tangent
No BIO available

Description:No Description available

This talk will be given live in Track 1, and will be streamed to DCTV1, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 09:00-13:59 PDT


Title: DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open
When: Sunday, Aug 8, 09:00 - 13:59 PDT
Where: Paris DEF CON Registration Desk

Description:
You can start the 2-step process. There is no need to rush, if you have purchased on-line your badge is reserved and there is no concern about them running out:

1st you will pass through the vaccination check line, providing whatever original documentation your health care provider or vaccination center gave you. It will be checked against your State issued ID to make sure the names match, the dates are good, and that enough time has passed for you to be fully vaccinated, etc. We will not record your ID or records. If all is good you will get a WRISTBAND you must wear during the con.

2nd Next you head to the badge pickup desks. There you will show your wristband and your in-person badge bar code and get it scanned. If the scan passes you get your Human reg pack.

Where to register / pick up badges: Paris, near the InfoBooth. Please find "REGISTRATION" on the provided DC29 floorplan (available in HackerTracker and online).

Both registration and the vaccine check processing functions are planning to be available from 8am/08:00 to 5pm/17:00. If those times change, this schedule entry will be updated in HackerTracker and info.defcon.org as soon as possible.


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 10:30-10:59 PDT


Title: Detecting Attackers Using Your Own Sensors with State Estimation
When: Sunday, Aug 8, 10:30 - 10:59 PDT
Where: ICS Village (Virtual)

SpeakerBio:Stefan Stephenson-Moe , Coalfire
I have eight years infosec experience working in critical infrastructure, three years working in the power industry, four years working in the finance sector. My experience is mostly on the operations and implementation side, designing, implementing and operating Security Operations Centers. I have an education in Mechanical Engineering and am a mostly self-taught infosec professional. I currently work as a network and application penetration tester in the government sector.

Description:
As OT technologies like PLCs and RTU become smarter and more capable of running standard operating systems, the concern of malware infecting OT technologies has become more of a realistic threat. In cases like Stuxnet where the attacker wishes to cause damage to a system while keeping the user unaware it must do so by modifying sensor data that would alert the user to a change in the system. State estimation is a technique used in the Power Industry to detect when sensors are providing garbage data. In this talk I plan to explain how state estimation works and how it can be applied as a technique for detecting an attacker attempting to manipulate sensor data for nefarious purposes.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485


Return to Index    -    Add to    -    ics Calendar file

 

CCV - Sunday - 11:00-11:59 PDT


Title: DEX trading without leaking your identity: RAILGUN
When: Sunday, Aug 8, 11:00 - 11:59 PDT
Where: Cryptocurrency Village (Onsite - Paris Champagne Ballroom 1)

SpeakerBio:Railgun Team
No BIO available

Description:
Railgun is a tool that offers additional privacy on Ethereum.

The Cryptocurrency Village is built around conversations and events, not formal talks. Stop by any time to speak with knowledgeable individuals! This village focuses on the security and privacy side of cryptocurrencies, not the investment side.

The Cryptocurrency Village is conveniently located in Paris Champagne Ballroom 1.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 12:00-12:45 PDT


Title: DoS: Denial of Shopping – Analyzing and Exploiting (Physical) Shopping Cart Immobilization Systems
When: Sunday, Aug 8, 12:00 - 12:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded

SpeakerBio:Joseph Gabay
Joseph is a robotics engineer in Boston, Massachusetts where he works on a variety of projects ranging from electromechanical designs to embedded systems.

His passion lies in further understanding the way the world works and uncovering the small secrets that we encounter in our day to day lives. This project started as an idle curiosity and grew into an opportunity to further explore the complex and deep world of RF communications and embedded systems.

Joseph is an avid part of the local maker community, with extensive experience in 3D printing, rapid-fabricobbling, and breaking stuff for fun and profit. Outside of his day job, he enjoys woodworking and metalworking and is constantly collecting new hobbies and interests.


Description:
Many supermarkets and shopping centers have implemented devices that “lock” their shopping carts if they’re taken outside of an approved boundary (e.g, a parking lot). This talk examines some of the technology that’s used to do this, as well as ways to capture and spoof the control signals to defeat these devices.

We will go over the anatomy of remotely lockable shopping cart wheels, their basic theory, and get into how they’re controlled. We’ll deconstruct some samples of the lock and unlock signals captured using a homemade antenna and a HackRF, and briefly discuss methods of rebroadcasting them – as well as the challenges inherent to this process.

DISCLAIMER
This talk is the result of a personal project.

Any views, opinions, or research presented in this talk are personal and belong solely to the presenter. They do not represent or reflect those of any person, institution, or organization that the presenter may or may not be associated with in a professional or personal capacity unless explicitly stated otherwise.

REFERENCES

--

This talk has been released to the DEF CON Media server.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Joseph%20Gabay%20-%20DoS-%20Denial%20of%20Shopping%20-%20Analyzing%20and%20Exploiting%20%28Physical%29%20Shopping%20Cart%20Immobilization%20Systems.mp4


This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 10:00-10:45 PDT


Title: Encryption for Developers
When: Sunday, Aug 8, 10:00 - 10:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:James McKee (punkcoder)
No BIO available

Description:
Encryption has become a major part of the implementation of many products, but how many of us really understand what is going on behind the scenes. During your implementation, do you really know what an initialization vector does? What is the difference between AES-CBC and AES-CFB, and when should you use one over the other? How do you store the decryption key to prevent the same code leaking both the data and the key?

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 13:00-13:45 PDT


Title: Extension-Land: exploits and rootkits in your browser extensions
When: Sunday, Aug 8, 13:00 - 13:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded

SpeakerBio:Barak Sternberg
Barak Sternberg is an Experienced Security Researcher who specializes in Offensive Security. Founder of "WildPointer", and previously an author at SentinelLabs ("Hacking smart devices for fun and profit", Defcon 2020 IoT Village) and leading innovative cybersecurity research.

Barak spent more than six-years at Unit 8200, IDF, as a team leader of 5-10 security researchers. He is highly skilled in offensive cyber-security, from vulnerabilities research in various areas: Linux, IoT, embedded and web-apps to analyzing malware in the wild. Barak is also a CTF's addict, posting write-ups and technical vulnerabilty analysis in its blog (livingbeef.blogspot.com). Barak also acquires BSc, MSC (in CS) focused on algorithms from Tel-Aviv University and a DJ certificate from BPM college.

https://livingbeef.blogspot.com/
https://www.linkedin.com/in/barakolo/
https://www.barakolo.me

Twitter: @livingbeef

Description:
Browser extensions are installed anywhere, they serve as an integral part of our day-to-day web routine, from AdBlockers to Auto-Translators. But - do we know what is running inside of them? Do we know what goes deep-down inside their communication routines? How do they use their internal API’s? And how do their different JS execution contexts work?

In this session, I will explore these unique internal extension API’s, hidden attack-surfaces and show how these concepts can be broken & exploited using new ways! I start showing how an attacker can "jump" from one low-permissions chrome-app/extension to another, hence elevating its permissions. Then, I will show how to gain full "browser-persistency" inside extensions' background-scripts context.

Chaining it all together, I show how attacker, starting from low permissions chrome-app, gains a fully-armed "extension-rootkit", a persistent JS-malware running inside of a “good” extension, along with C&C features, JS injection techniques to any tab/origin, obfuscation-techniques and more. Eventually, I will present a generic technique, targeting all chrome-users, for taking over any previously installed chrome extension and implant an "extension-rootkit" in it.

REFERENCES
[1] Chrome Developers: Chrome extensions API Reference, https://developer.chrome.com/docs/extensions/reference/ [2] Chrome Developers: Chrome extensions Manfiest v2/v3 Security References, https://developer.chrome.com/docs/extensions/mv2/getstarted/ & https://developer.chrome.com/docs/extensions/mv3/security/ [3] "Websites Can Exploit Browser Extensions to Steal User Data", 2019 - https://www.securityweek.com/websites-can-exploit-browser-extensions-steal-user-data / https://www-sop.inria.fr/members/Doliere.Some/papers/empoweb.pdf [4] "Web Browser Extension User-Script XSS Vulnerabilities", 2020 - https://ieeexplore.ieee.org/document/9251185 [5] "Detecting DOM-Sourced Cross-Site Scripting in Browser Extensions", 2017 - https://ieeexplore.ieee.org/document/8094406 [6] "Attacking browser extensions", Nicolas Golubovic, 2016 - https://golubovic.net/thesis/master.pdf [7] "A Combined Static and Dynamic Analysis Approach to Detect Malicious Browser Extensions", 2018 - https://www.hindawi.com/journals/scn/2018/7087239/ [8] "Chrome Extensions: Threat Analysis and Countermeasures", 2012 - https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.374.8978&rep=rep1&type=pdf [9] "Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies", Usenix Security 2017 - https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-sanchez-rola.pdf [10] "Protecting Browsers from Extension Vulnerabilities", 2010 - https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/38394.pdf

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=PpSftQuCEDw

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Barak%20Sternberg%20-%20Extension-Land%20-%20exploits%20and%20rootkits%20in%20your%20browser%20extensions.mp4


This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Sunday - 11:00-11:59 PDT


Title: Fishing or Hunting
When: Sunday, Aug 8, 11:00 - 11:59 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Ohad Zaidenberg , Founder and Executive at CTI League
No BIO available

Description:
Create a safer cyber space for the medical sector and the life-saving organizations.

The CTI League aspires to protect the medical sector and the life-saving organizations (MS-LSO) worldwide from cyber-attacks, supplying reliable information, reducing the level of threat, supporting security departments, and neutralizing cyber threats.


All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

DL - Sunday - 10:00-11:50 PDT


Title: Frack
When: Sunday, Aug 8, 10:00 - 11:50 PDT
Where: DemoLab Video Channel 2

SpeakerBio:William Vermaak
William is a Security Analyst at Orange Cyberdefense's SensePost team, specialising in penetration testing. He has been an ethical hacker since 2012 working on many different types of projects for many major banks and insurance houses in South Africa and abroad. Mobile platforms are his focus as he thoroughly enjoys breaking mobile applications and figuring out how they work. He has done several radio interviews (https://iono.fm/e/892386 and https://iono.fm/e/893010) and has also presented several training courses such as the SensePost SecDevOps training. William is currently focussing on designing a Mobile Hacking course.

Description:
Tool or Project Name: Frack

Short Abstract:
Frack is a tool created to be an end-to-end solution to store, manage and query collected breach data. The tool has a basic workflow making it easy to use. Using a very minimal cloud footprint, Frack makes it possible to store vast amounts of data in the cloud while retaining an extremely fast query speed. Query results end up in a neat Excel sheet where all of the breaches the domain was found in, including user passwords or hashes (depending on what was leaked in the breach). The Excel sheet also gives information regarding the breach it was found in and the date the breach first appeared. Having this data at your fingertips makes it easy to show a client their exposure and to use the data as a starting point when doing external or infrastructure assessments. The tool also includes the ability to use custom parse plugins which will parse raw dumps into usable data and convert it so you can use it directly in the database.

Short Developer Bio:
William is a Security Analyst at Orange Cyberdefense's SensePost team, specialising in penetration testing. He has been an ethical hacker since 2012 working on many different types of projects for many major banks and insurance houses in South Africa and abroad. Mobile platforms are his focus as he thoroughly enjoys breaking mobile applications and figuring out how they work. He has done several radio interviews (https://iono.fm/e/892386 and https://iono.fm/e/893010) and has also presented several training courses such as the SensePost SecDevOps training. William is currently focussing on designing a Mobile Hacking course.

URL to any additional information:
The tool leverages Apache ORC as a destination file format for parsed breaches. These are uploaded to Google's Big Query for processing. See: https://orc.apache.org/
https://github.com/noirello/pyorc
Detailed Explanation of Tool:
The tool was written in Python and will be distributed under the GNU General Public v3 License. The tool consists of three modulesmain features; generic parsing, plugin-based parsing and database maintenance.

The parse module is used to parse a semi clean .CSV file consisting of any of the following formats: <email>,<password>
<email>,<hash>
<email>,<hash>,<salt>
For known data breaches, a plugin system lets you consume raw data dumps without any need for modification.The parser will then convert the data to the .ORC file format (https://orc.apache.org/) resulting in small uploads to the cloud and very fast query times. These .ORC files are then ingested into a Google BigQuery table. The query module can then be used to query the data that you have uploaded into the BigQuery table.

The tool also includes a DB module where you can perform basic DB maintenance, start ingestion jobs, and see stats of the database.

Supporting Files, Code, etc:
If needed, an invitation to look at the source code beforehand can be arranged. It currently lives in a private GitHub repository.

Target Audience:
Offense, Defense, OSINT

Nothing can stop the data flow! Every day we are bombarded with news reports of another data breach that has been published on the internet. Frack provides an easy way to manage this data on Google cloud infrastructure.


This content will be presented on a Discord video channel.

#dl-video2-voice: https://discord.com/channels/708208267699945503/734027778646867988


Return to Index    -    Add to    -    ics Calendar file

 

SOC - Sunday - 12:00-12:59 PDT


Title: Friends of Bill W.
When: Sunday, Aug 8, 12:00 - 12:59 PDT
Where: Bally's Pool Cabana

Description:
For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is in a Bally's poolside cabana, look for the sign.

Return to Index    -    Add to    -    ics Calendar file

 

WS - Sunday - 10:00-13:59 PDT


Title: From Zero to Hero in Web Security Research
When: Sunday, Aug 8, 10:00 - 13:59 PDT
Where: Workshops - Jubilee 2 (Onsite Only)
Speakers:Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki

SpeakerBio:Dikla Barda
Dikla Barda is a Security Expert at Check Point Software Technologies. Her research has revealed significant flaws in popular services, and major vendors like: Facebook, WhatsApp, Telegram, eBay, AliExpress, LG, DJI, Microsoft, TikTok and more. She has over 15 years of experience in the field of cyber security research. She spoke at various leading conferences worldwide.

SpeakerBio:Oded Vanunu
Oded Vanunu has more than 15 years of InfoSec experience. He is a Security Leader and Offensive Security Expert who leads a security research domain from product design stages until post release. Vanunu leads security ideas into products. His expertise is in building a security research team, vulnerability research, security best practice and security design. He has been issued five patents on cybersecurity defense methods and has published dozens of research papers and product CVEs.

SpeakerBio:Roman Zaikin
Roman Zaikin is a Security Expert at Check Point Software Technologies. His research has revealed significant flaws in popular services, and major vendors (Facebook, WhatsApp, Telegram, eBay, AliExpress, LG, DJI, Microsoft and more). He has over 10 years of experience in the field of cyber security research. He spoke at various leading conferences worldwide and taught more than 1000 students, he is also responsible for the design and the material of various cyber courses worldwide. He holds more than 15 Certifications and extensive experience with system administration, network architecture, software development, penetration testing and reverse engineering. He has outstanding self-taught skills, having the ability to develop and thinking outside the box. Love technology and want to know exactly how things work behind the scenes at lowest level of the bit and the bytes. He has an innate curiosity of how software can be broken down or bypassed so you can do things with it that weren't intended to be done.

SpeakerBio:Yaara Shriki
Yaara Shriki is an experienced security researcher at Check Point. She is an IDF technological unit graduate with experience in penetration testing, vulnerability research and forensics. Outside of work, Yaara volunteers to promote women and girls in tech.

Description:
Web applications play a vital role in every modern organization. If your organization does not properly test and secure its web apps, adversaries can compromise these applications, damage business functionality, and steal data. Unfortunately, many organizations operate under the mistaken impression that a web application security scanner will reliably discover flaws in their systems.

Customers expect web applications to provide significant functionality and data access. Even beyond the importance of customer-facing web applications, internal web applications increasingly represent the most commonly used business tools within any organization. Unfortunately, there is no "patch Tuesday" for custom web applications, so major industry studies find that web application flaws play a major role in significant breaches and intrusions.

In this workshop we will teach you how to find vulnerabilities in web security according to the latest methods and techniques. We will demonstrate every vulnerability by giving an example from vulnerability we have found in major tech companies like: Facebook, WhatsApp, Amazon, AliExpress, Snapchat, LG and more!

Registration Link: https://www.eventbrite.com/e/from-zero-to-hero-in-web-security-research-jubilee-2-tickets-162219662377

Prerequisites
Basic Web Concepts, Basic Web Development Skills, Ability to Understand JavaScript.

Materials needed:
Personal Laptop


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 11:00-11:59 PDT


Title: Fuzzing Linux with Xen
When: Sunday, Aug 8, 11:00 - 11:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded

SpeakerBio:Tamas K Lengyel
Tamas works as Senior Security Researcher at Intel. He received his PhD in Computer Science from the University of Connecticut where he built hypervisor-based malware-analysis and collection tools. In his free time he is maintainer of the Xen Project Hypervisor's VMI subsystem, LibVMI & the DRAKVUF binary analysis project. He currently serves as the Chief Research Officer at The Honeynet Project, a leading international non-profit organization that coordinates the development of open-source tools to fight against malware. Tamas gave prior talks at conferences such as BlackHat, CCC and Hacktivity.
Twitter: @tklengyel

Description:
Last year we've successfully upstreamed a new feature to Xen that allows high-speed fuzzing of virtual machines (VMs) using VM-forking. Recently through collaboration with the Xen community external monitoring of VMs via Intel(r) Processor Trace has also been upstreamed. Combined with the native Virtual Machine Introspection (VMI) capability Xen now provides a unique platform for fuzzing and binary analysis.

To illustrate the power of the platform we'll present the details of a real-world fuzzing operation that targeted Linux kernel-modules from an attack-vector that has previously been hard to reach: memory exposed to devices via Direct Memory Access (DMA) for fast I/O. If the input the kernel reads from DMA-exposed memory is malformed or malicious - what could happen?

So far we discovered: 9 NULL-pointer dereferences; 3 array index out-of-bound accesses; 2 infinite-loops in IRQ context and 2 instances of tricking the kernel into accessing user-memory but thinking it is kernel memory. The bugs have been in Linux for many years and were found in kernel modules used by millions of devices. All bugs are now fixed upstream.

This talk will walk you through how the bugs were found: what process we went through to identify the right code-locations; how we analyzed the kernel source and how we analyzed the runtime of the kernel with Xen to pinpoint the input points that read from DMA. The talk will explain the steps required to attach a debugger through the hypervisor to collect kernel crash logs and how to perform triaging of bugs via VM-fork execution-replay, a novel technique akin to time-travel debugging. Finally, we'll close with the release of a new open-source tool to perform full-VM taint analysis using Xen and Intel(r) Processor Trace.

REFERENCES
https://github.com/intel/kernel-fuzzer-for-xen-project https://www.youtube.com/watch?v=3MYo8ctD_aU

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=_dXC_I2ybr4

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Tamas%20K%20Lengyel%20-%20Fuzzing%20Linux%20with%20Xen.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 11:00-11:45 PDT


Title: Glitching RISC-V chips: MTVEC corruption for hardening ISA
When: Sunday, Aug 8, 11:00 - 11:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
Speakers:Adam 'pi3' Zabrocki,Alex Matrosov

SpeakerBio:Adam 'pi3' Zabrocki
Adam 'pi3' Zabrocki is a computer security researcher, pentester and bughunter, currently working as a Principal Offensive Security Researcher at NVIDIA. He is a creator and a developer of Linux Kernel Runtime Guard (LKRG) - his moonlight project defended by Openwall. Among others, he used to work in Microsoft, European Organization for Nuclear Research (CERN), HISPASEC Sistemas (known from the virustotal.com project), Wroclaw Center for Networking and Supercomputing, Cigital. The main area of his research interest is a low-level security (CPU architecture, uCode, FW, hypervisor, kernel, OS).

As a hobby, he was a developer in The ERESI Reverse Engineering Software Interface project, a bughunter (discovered vulnerabilities in Hyper-V hypervisor, Intel/NVIDIA vGPU, Linux kernel, OpenSSH, gcc SSP/ProPolice, Apache, Adobe Acrobat Reader, Xpdf, Torque GRID server, FreeBSD, and more) and studied exploitation and mitigation techniques, publishing results of his research in Phrack Magazine.

Twitter: @Adam_pi3
http://pi3.com.pl

SpeakerBio:Alex Matrosov
Alex Matrosov is a well-recognized offensive security researcher. He has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. Alex served as Chief Offensive Security Researcher at Nvidia, Intel Security Center of Excellence (SeCoE), spent more than six years in the Intel Advanced Threat Research team, and was Senior Security Researcher at ESET. Alex has authored and co-authored numerous research papers, and is a frequent speaker at security conferences, including REcon, Zeronigths, Black Hat, DEF CON, and others. Additionally, he is awarded by Hex-Rays for open-source plugin efiXplorer and HexRaysCodeXplorer which has been developed and supported since 2013 by REhint's team.
Twitter: @matrosov
https://medium.com/firmware-threat-hunting

Description:
RISC-V is an open standard instruction set architecture (ISA) provided under open-source licenses that do not require fees to use. ISA is based on established reduced instruction set computer (RISC) principles. RISC-V has features to increase computer speed, while reducing cost and power use.

Many industry players like Google, IBM, NVIDIA, Qualcomm, and Samsung are members of the RISC-V Foundation and have long supported RISC-V development. In 2016, NVIDIA unveiled plans to replace the internal microcontrollers of their graphic cards with next-gen RISC-V-based controllers built for upcoming NVIDIA GPUs.

NVIDIA's Product Security undertook a detailed architectural analysis and research of the RISC-V IP, discovering a potential risk with the ambiguous specification of the Machine Trap Base Address (MTVEC) register. This ambiguity leads to potential fault injection vulnerabilities under physical attack models.

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=iz_Y1lOtX08

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Adam%20Zabrocki%20Alexander%20Matrosov%20-%20Glitching%20RISC-V%20chips%20-%20MTVEC%20corruption%20for%20hardening%20ISA.mp4


This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two


Return to Index    -    Add to    -    ics Calendar file

 

HTSV - Sunday - 11:00-11:55 PDT


Title: Hack the Wind
When: Sunday, Aug 8, 11:00 - 11:55 PDT
Where: Hack the Sea (Virtual)

SpeakerBio:Mary Ann Hoppa
No BIO available

Description:No Description available

Hack the Sea Village will stream their events to YouTube and Twitch.

Twitch: https://www.twitch.tv/h4ckthesea

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ


Return to Index    -    Add to    -    ics Calendar file

 

WS - Sunday - 10:00-13:59 PDT


Title: Hacking the Metal: An Introduction to Assembly Language Programming
When: Sunday, Aug 8, 10:00 - 13:59 PDT
Where: Workshops - Las Vegas 3+4 (Onsite Only)

SpeakerBio:eigentourist , Programmer
Eigentourist is a programmer who learned the craft in the early 1980s. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes it's hard to tell which was which. Today, he works on systems integration and engineering in the healthcare industry.

Description:
Deep below the surface of the web, the visible desktop, and your favorite mobile apps, lies a labyrinth where the rules of most programming languages cease to exist. This is the world of the reverse engineer, the malware analyst, and the veteran systems programmer. Here, we write code in assembly language, the lowest level at which a computing machine can be programmed. This workshop will introduce you to the world of assembly language programming, give you the opportunity to write some real-world code, and finally, to play the role of reverse engineer and try your hand at some guided malware analysis.

Registration Link: https://www.eventbrite.com/e/hacking-the-metal-an-introduction-to-assembly-language-programming-lv-34-tickets-162218597191

Prerequisites
Some previous programming experience is helpful but not vital.

Materials needed:
Laptop


Return to Index    -    Add to    -    ics Calendar file

 

HRV - Sunday - 11:00-13:59 PDT


Title: Ham Radio Exams
When: Sunday, Aug 8, 11:00 - 13:59 PDT
Where: Ham Radio Village (Onsite - Bally's Bronze 1-2)

Description:
Come stop by the Ham Radio Village to get your amateur radio license during our free license exams! More info on the DEF CON fourms

Register here: https://ham.study/sessions/610f2beb8f563a4f685389bf/1


Return to Index    -    Add to    -    ics Calendar file

 

HRV - Sunday - 14:00-14:15 PDT


Title: Ham Radio Village Closing Commentary
When: Sunday, Aug 8, 14:00 - 14:15 PDT
Where: Ham Radio Village (Onsite - Bally's Bronze 1-2)

Description:
As our village wraps up for this year, a huge thank you to everyone for participating!

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Sunday - 12:00-13:59 PDT


Title: Hands-On TCP Deep Dive with Wireshark
When: Sunday, Aug 8, 12:00 - 13:59 PDT
Where: Packet Hacking Village - Workshops (Virtual)

SpeakerBio:Chris Greer , NETWORK ANALYST AND WIRESHARK INSTRUCTOR AT PACKET PIONEER
Chris Greer is a network analyst and Wireshark instructor for Packet Pioneer, a Wireshark University partner. He has focused much of his career at the transport layer, specifically TCP, specializing in how this core protocol works to deliver applications, services, and attacks between systems. Chris is a regular speaker at Sharkfest - the Wireshark Developer and User Conference, as well as an author for Pluralsight.

Description:
A solid understanding of how TCP works is critical for anyone interested in cybersecurity. Almost all enumeration, incident response, and traffic forensics require the analyst to dig into and interpret TCP flows. In this video we will take a look at how TCP is used to investigate and establish connections, how data is transmitted and acknowledged, how connections are torn down, and what problem indicators should catch our eye in Wireshark. This video welcomes all cybersecurity and Wireshark experience levels.

Return to Index    -    Add to    -    ics Calendar file

 

HHV - Sunday - 14:00-14:30 PDT


Title: Hardware Hacking 101: Rogue Keyboards and Eavesdropping Cables
When: Sunday, Aug 8, 14:00 - 14:30 PDT
Where: Hardware Hacking Village (Virtual Talk)

SpeakerBio:Federico Lucifredi
Federico Lucifredi is the Product Management Director for Ceph Storage at Red Hat and a co-author of O’Reilly’s ““Peccary Book”” on AWS System Administration. Previously, he was the Ubuntu Server product manager at Canonical, where he oversaw a broad portfolio and the rise of Ubuntu Server to the rank of most popular OS on Amazon AWS. A software engineer-turned-manager at the Novell corporation, he was part of the SUSE Linux team, overseeing the update lifecycle and delivery stack of a $150 million maintenance business. A CIO and a network software architect at advanced technology and embedded Linux startups, Federico was also a lecturer for over 200 students in Boston University’s graduate and undergraduate programs, and simultaneously a consultant for MIT implementing fluid-dynamics simulations in Java.
Twitter: @0xF2
f2.svbtle.com

Description:
This is a live tutorial of hacking with keystroke injection attacks. We take advantage of the inherent trust that computers place on what is believed to be a regular keyboard to unleash pre-programmed keystroke payloads at well over 1000 words a minute. We access the host system and bypass traditional security countermeasures for payloads that can include reverse shells, binary injection, brute force password attacks, and just about any attack that can be fully automated.

We misuse the trust the operating system places on USB human-interaction devices to demonstrate once again the old adage that if you can physically access a computing device, there is no real security to be had. I will review hardware, its capabilities, how to breach OS security, and how attackers can enable it to perform a variety of tasks with its own tools. I will then show how to build and install additional software and customize the device with binary or scripted payloads.

We take the discussion to the next level by removing the need for a device and exploring attacks that can be delivered directly by a plain USB cable. We dissect easily-sourced, low-cost hardware implants embedded in standard, innocent-looking USB cables providing an attacker with further capabilities, including among them the ability to track its own geolocation.


#hhv-talk-qa-hw-hacking-101-text https://discord.com/channels/708208267699945503/709255105479704636

Twitch: https://twitch.tv/dchhv


Hardware Hacking Village talks will be streamed to Twitch.

Twitch: https://www.twitch.tv/dchhv


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 10:00-10:59 PDT


Title: Hi! I'm DOMAIN\Steve, please let me access VLAN2
When: Sunday, Aug 8, 10:00 - 10:59 PDT
Where: Track 2 CLOSED; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Justin Perdok
Justin is a Security Specialist at Orange Cyberdefense. Prior to working in 'The Cybers' he has worked at multiple MSPs as a jack of all trades with a focus on security and automation. Stuck in his old ways he's always trying to learn new things; Followed up by him spending 6 hours automating the 'new thing' instead of relying on 5 minutes of manual labor.
Twitter: @justinperdok

Description:
By responding to probing requests made by Palo Alto and SonicWALL firewalls, it's possible to apply security policies to arbitrary IPs on the network, allowing access to segmented resources.

Segmentation using firewalls is a critical security component for an organization. To scale, many firewall vendors have features that make rule implementation simpler, such as basing effective access on a user identity or workstation posture. Security products that probe client computers often have their credentials abused by either cracking a password hash, or by relaying an authentication attempt elsewhere. Prior work by Esteban Rodriguez and by Xavier Mertens cover this. In this talk I will show a new practical attack on identity-based firewalls to coerce them into applying chosen security policies to arbitrary IPs on a network by spoofing logged in users instead of cracking passwords.

Logged on user information is often gathered using the WKST (Workstation Service Remote Protocol) named pipe. By extending Impacket with the ability to respond to these requests, logged on users on a device can be spoofed, and arbitrary firewall rules applied.

We will dive into the details of how client probing has historically been a feature that should be avoided while introducing a new practical attack to emphasize that fact.

REFERENCES
https://www.coalfire.com/the-coalfire-blog/august-2018/the-dangers-client-probing-on-palo-alto-firewalls https://isc.sans.edu/forums/diary/The+Risk+of+Authenticated+Vulnerability+Scans/24942/ https://github.com/SecureAuthCorp/impacket https://www.rapid7.com/blog/post/2014/10/14/palo-alto-networks-userid-credential-exposure/ https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXHCA0

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=lDCoyxIhTN8

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Justin%20Perdok%20-%20Hi%20Im%20DOMAIN%20Steve%2C%20please%20let%20me%20access%20VLAN2.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will only be broadcast to DCTV2, in local hotels and on Twitch. This talk is not being presented in Track 2.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 15:15-15:59 PDT


Title: How I got COVID in a RedTeam: Social engineering and physical intrusion for realistic attack simulations.
When: Sunday, Aug 8, 15:15 - 15:59 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Daniel Isler , Senior Social Engineer Pentester, Dreamlab Technologies
Senior Social Engineer Pentester, Bachelor in Arts of Representation, Actor and Scenic Communicator. With more than 10 years of experience as an academic in Acting classes in several Universities.

Since 2015 leads Fr1endly RATs, the Social Engineering unit at Dreamlab Technologies Chile. Specializing and developing techniques and methodologies for simulations of Phishing attacks, Vishing, Pretexting, Physical Intrusions and Red Team.

Twitter: @Fr1endlyRATs
https://www.linkedin.com/in/daniel-isler

Description:
Is it correct to define as Red Team a service that only exploits vulnerabilities from a single vector without including elements typical of highly complex attacks such as social engineering and physical intrusion? By leaving out the starting point of actual attacks to create simulations of these, are we really focusing on potential threats or just particular vulnerabilities? Isn't layer eight the first layer we should consider for threats and consequently recognize vulnerabilities? Through four extremely particular and highly probable scenarios. Under a storytelling format we will immerse ourselves in a test narrated in first person, under the context of a Red Team exercise. We will understand the importance of including social engineering and physical intrusion actions for highly complex attack simulations.

Even having the best preparation, state-of-the-art devices and overwhelming information gathering. Reality will always have variants and surprises that attackers know how to take advantage of. Exposure to these variants is critical for simulation practitioners to emulate and recognize potential threats.


Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 10:45-11:15 PDT


Title: I know who has access to my cloud, do you?
When: Sunday, Aug 8, 10:45 - 11:15 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Igal Flegmann
Igal started his career in Microsoft’s Azure Security team creating and managing identity services for Azure’s secure production tenants. During his time at Azure Security, Igal had the opportunity to create and manage PKI services, Identity Management products, tools for migrating running services across Azure tenants, and created products for password-less bootstrap to new domains. After a successful career in Azure Security, Igal transferred teams to work in Azure’s ASCII (Azure Special Capabilities, Infrastructure, and Innovation) team, where he used his identity and security expertise to design and create security services to protect the critical infrastructure devices of the world.

To follow his passion for identity and security, Igal decided to leave Microsoft and Co-found, Keytos a security company with the mission of eliminating passwords by creating easy to use PKI offerings. Earlier this year they launch their first product “EZSSH” which takes aim at stopping SSH Key theft by making it easy to use short lived SSH Certificates.

Twitter: @igal_fs

Description:
Working in security over the last few years I have learned that it is nearly impossible to stop a breach from happening. While having great security practices such as: Isolated password-less identities, isolated devices, and condition access; will help you stop 99% of the attacks we need to ask ourselves the following questions: Are we monitoring our infrastructure for changes that might open an attack vector? Are we ready to detect and remediate our next breach before the attacker can do any damage? Azure Security Center provides us with some great tools to check some of these errors. For example, it will alert on the SSH port being left open but it would not alert on a very large IP address range being added to your networking rules. The Solution? CloudWatcher our open-source tool that monitors your Azure Subscription ACLs and will alert you if they changed based on the baseline you have created.

Cloud Village activities will be streamed to YouTube.

YouTube: https://www.youtube.com/cloudvillage_dc


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 12:00-12:59 PDT


Title: ICS Cyber Threat Intelligence (CTI) Information Sharing Between Brazil and the United States
When: Sunday, Aug 8, 12:00 - 12:59 PDT
Where: ICS Village (Virtual)
Speakers:Helio Sant'ana,John Felker,Max Campos,Paul de Souza,Tom VanNorman

SpeakerBio:Helio Sant'ana
Master's student in Cyber Security, Post-Graduate in IT Management, Digital Forensic and graduated in Information Systems. Held many management positions in Information Technology units, working last decades within Private, Civil, and Military Public agencies. Experienced in the development of Public Policies, Data Protection, Information, and Cyber Security, currently holds the position of Director of Information Technology at the Presidency of Brazil.
https://www.linkedin.com/in/hcsantana/

SpeakerBio:John Felker
Building upon a long career in government and the private sector, John Felker works with senior leaders to see and understand the big cybersecurity picture, the risk, and the business impact of cyber threats. He brings wide-ranging leadership, organizational, and business experiences that can help you prepare for the worst, understand, and address the issues, and ultimately, succeed. A sought-after cybersecurity and leadership expert, he is a frequent speaker at national and international cybersecurity conferences.

Felker is the former Assistant Director for Integrated Operations, Cybersecurity, and Infrastructure Security Agency (CISA) where he brought focus to integrated operations across the Agency that extended to Regional CISA elements, intelligence, operational planning, and mission execution with emphasis on risk mitigation and response efforts.

He previously served as the Director of the National Cybersecurity and Communications Integration Center from 2015 to 2019. Prior to joining CISA, Felker worked as Director of Cyber and Intelligence Strategy for HP Enterprise Services and in a 30-year career, served as Deputy Commander, Coast Guard Cyber Command; Commander, Coast Guard Cryptologic Group, as Executive Assistant to the Director of Coast Guard Intelligence and commanded the cutters CAPE UPRIGHT and RED CEDAR.

Felker is President of Morse Alpha Associates, Inc., a cyber leadership consultancy, serves as a member of the Parsons Corporation Senior Advisory Board, a Senior Advisor to the Chertoff Group, as a Senior Advisor to the Maritime Transportation System ISAC, a Senior Advisor to S-RM, an international cyber intelligence, response, and resilience company and a Senior Fellow at the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. He is a member of the National Technology Security Coalition’s Advisory Council and is currently on the Board of Directors of the Operation Renewed Hope Foundation and the Boards of Advisors for the Military Cyber Professionals Association, and the Cyber Security Forum Initiative.

He is the recipient of the Department of Homeland Security Outstanding Public Service Medal, and his military awards include the Defense Superior Service Medal, the Legion of Merit, and the Meritorious Service Medal.

Felker graduated from Ithaca College with a Bachelor of Science and earned his Master of Arts in Public Administration from the Maxwell School of Citizenship and Public Affairs at Syracuse University and has co-authored several papers on cyber intelligence under the auspices of the Intelligence and National Security Alliance.

https://www.linkedin.com/in/jofelker/

SpeakerBio:Max Campos
Brazilian Army Major Max Campos is Head of the Knowledge Management Section of the Department of Strategic Management of the Cyber Defense Command and serves as Coordinator of the Cyber Guardian Exercise Study Group. He has a master’s degree in Computer Systems from the University of Salvador (Brazil) and has earned his CISSP, GISCP, CISO and Cyber Ops certifications. With over a decade of cyber experience, Major Campos has supported various major international events such as Rio + 20, Confederations Cup, World Cup, and in many strategic projects of the Brazilian Ministry of Defense. Starting with the first iteration of the Cyber Guardian Exercise in 2018, he has acted as Coordinator of the Study Group and the leading representative of national critical infrastructure for the development of scenarios for sectors of interest in the formulation of themes and matters of interest to the sector.
https://www.linkedin.com/in/maxcampos/

SpeakerBio:Paul de Souza , Founder and President for the Cyber Security Forum Initiative (CSFI)
Mr. Paul de Souza is the Founder of the Cyber Security Forum Initiative (CSFI), a nonprofit organization specializing in cyberspace operations awareness and training. As a former Federal Director of Training and Education for Norman Data Defense Systems, Chief Security Engineer for AT&T, and security engineer for Computer Sciences Corporation (CSC) and US Robotics, Mr. de Souza has over 20 years of cybersecurity experience. He has consulted for several governments, military organizations, and private institutions around the globe. He is a recipient of the Order of Thor Medal.

Mr. de Souza holds various cybersecurity, cyber intelligence, and counter-terrorism Advisory Board positions for organizations such as the Military Cyber Professionals Association (MCPA), the Ben-Gurion University of the Negev in Israel, and IntellCorp in Portugal. Past board positions include the Institute of World Politics (IWP) and Visiting Research Fellow at the National Security Studies (INSS), Tel Aviv, Israel.

Paul serves as a visiting researcher, guest lecturer, ambassador, and faculty member for several higher educational institutions, such as Sheffield Hallam University (UK), Tel Aviv University, the Swedish Defence University (Försvarshögskolanand), American Public University, and George Washington University.

In addition to earning a master’s degree in National Security Studies with a concentration in Terrorism from American Military University, Mr. de Souza has completed the Executive Certificate Program in Counter-Terrorism Studies from the Interdisciplinary Center (IDC) Herzliya in Israel, is an alumnus from the Harvard Kennedy School’s Cybersecurity Executive Education program with a Higher Education Teaching certification from Harvard University, and is currently pursuing his Ph.D. in Critical Infrastructure from Capitol Technology University.

https://www.linkedin.com/in/paulcsfi/

SpeakerBio:Tom VanNorman
Tom co-founded the ICS Village, a non-profit organization focused on Control System security and awareness. He is also retired from the Air National Guard, where he worked in Cyber Warfare Operations. Tom leads the CyPhy Product group at GRIMM, where his primary focus is securing Industrial Control Systems and the networking of such systems. Tom brings an unparalleled level of operational knowledge and experience, as he has been working in the Operational Technology (OT) field for almost three decades. He also has considerable knowledge in constructing Cyber-Physical testing environments for OT systems.
https://www.linkedin.com/in/thomasvannorman/

Description:
The panelists will touch on topics such as the annual critical infrastructure themed exercise Cyber Guardian run by the Brazilian Cyber Command and the opportunities for industrial control systems (ICS) professionals in the US to become more involved. Topics such as national Malware Information Sharing Platform (MISP) implementation in Brazil focusing on information sharing, particularly in the ICS world, will be discussed. The ICS Village and the Cyber Security Forum Initiative will engage in conversation with the Brazilian government during this session.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 13:00-13:30 PDT


Title: ICS Intrusion KillChain explained with real simulation
When: Sunday, Aug 8, 13:00 - 13:30 PDT
Where: ICS Village (Virtual)
Speakers:Javier Perez,Juan Escobar

SpeakerBio:Javier Perez , Dreamlab Technologies
Director of R&D at Dreamlab Technologies. Fan of tech and cybersecurity, more than 10 years in the cybersecurity world. ISECOM OSSTMM and MILE2 instructor, trainer for private cybersecurity courses, speaker, researcher, cybersecurity consultant, penetration tester. During recent years, I have specialized in payment systems (EMV, NFC, POS, ATM) and industrial environment (ICS/SCADA).
Twitter: @the_s41nt

SpeakerBio:Juan Escobar
Professional with solid skills and knowledge in pentesting methodologies such as OWASP and OSSTMM, with extensive expertise in projects of Ethical hacking web applications, mobile applications and infrastructure, ATM Pentesting and Code analysis, combined with a good attitude to work. He has extensive experience in the development of exploits for the Metasploit Framework, with excellent command of Python, PHP, Java, C#, C and Ruby programming languages. He developed a translation extension for Mozilla Firefox that currently has more than half a million active users: https://addons.mozilla.org/firefox/addon/to-google-translate/He has participated in international computer security competitions, together with the Latin American team NULL Life, as well as internationally recognized talks and conference.
Twitter: @itsecurityco

Description:
Cyber attacks on Industrial Control Systems (ICS) differ in scope and impact based on a number of factors, including the adversary's intent, sophistication and capabilities, and familiarity with ICS and automated indutrial processes. In order to understand, identify and address the specific points that can prevent or stop an attack, a systematic model known as "Cyber Kill Chain" is detailed, a term that comes from the military environment and registered by the Lockheed Martin company. While most are familiar with terms and theoretical diagrams of how security should be implemented, in this talk we want to present live how an attack chain occurs from scratch to compromise industrial devices, the full kill chain, based in our experiences. The goal is to land these threats into the real world without the need to carry out these attacks with a nation-state budget.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 14:00-14:59 PDT


Title: ICS Jeopardy
When: Sunday, Aug 8, 14:00 - 14:59 PDT
Where: ICS Village (Virtual)
Speakers:Chris Sistrunk,Maggie Morganti,Mary Brooks,Tatyana Bolton

SpeakerBio:Chris Sistrunk , Mandiant
Chris Sistrunk is Technical Manager on the Mandiant ICS/OT Security Consulting team at FireEye focusing on protecting critical infrastructure. Before FireEye, Sistrunk was a Senior Engineer at Entergy where he was a subject matter expert for Transmission & Distribution SCADA systems. Sistrunk was awarded Energy Sector Security Professional of the Year in 2014. He is a Senior Member of the IEEE and is a registered Professional Engineer in Louisiana. He founded BSidesJackson, co-founded the BEER-ISAC, and helped organize the ICS Village at DEFCON 22. He holds BS Electrical Engineering and MS Engineering & Technology Management degrees from Louisiana Tech University.
Twitter: @chrissistrunk

SpeakerBio:Maggie Morganti , Schneider Electric
Maggie Morganti is a Product Security Researcher at Schneider Electric where she works on vulnerability handling, supply chain security, and secure product development for power systems. She also serves as the Director-Elect of the ISA Communications Division (COMDIV). She previously held roles as a Cyber Technical Staff member for Oak Ridge National Laboratory’s Power & Energy Systems team and as a Threat Intelligence Analyst for FireEye Mandiant’s Cyber-Physical team. She holds a M.S. in Intelligence Studies with a focus on cybersecurity from Mercyhurst University.
Twitter: @magg_py

SpeakerBio:Mary Brooks , R Street Institute
Mary Brooks is a senior research associate for Cybersecurity and Emerging Threats at R Street Institute. Before joining R Street, she was lead researcher and associate producer for The Perfect Weapon (2020). Prior to this, she served as the special assistant for the international human rights law firm Perseus Strategies, LLC, based in Washington, D.C. She graduated cum laude from Harvard University with a bachelor’s degree in government and a language certificate in Arabic.
Twitter: @Mary_K_Brooks

SpeakerBio:Tatyana Bolton , R Street Institute
Tatyana Bolton is the Policy Director for R Street’s Cybersecurity & Emerging Threats team. She crafts and oversees the public policy strategy for the department with a focus on secure and competitive markets, data security and data privacy, and diversity in cybersecurity. Most recently, Tatyana worked as the senior policy director for the U.S. Cyberspace Solarium Commission focusing on U.S. government reorganization and resilience portfolios. From 2017-2020, Tatyana also served at the Cybersecurity and Infrastructure Security Agency as the cyber policy lead in the Office of Strategy, Policy and Plans where she developed strategies for strengthening the cybersecurity of our nation’s critical infrastructure.
Twitter: @TechnoTats

Description:
This. Is. Jeopardy. ICS-style. Join our intrepid contestants in a full round of the iconic game show Jeopardy as they test their knowledge of the various categories every good cybersecurity expert should know—including historical ICS incidents, nerdy fiction and random trivia—all the while performing on-the-spot asset identification (aka: figuring out the remote buzzer system because we're still in a pandemic.) Tune in to watch Maggie Morganti of Schneider Electric, Chris Sistrunk of Mandiant, and Tatyana Bolton of the R Street Institute battle it out to win one of three, appropriately mediocre, prizes.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 10:00-10:45 PDT


Title: Identifying toxic combinations of permissions in your cloud infrastructure
When: Sunday, Aug 8, 10:00 - 10:45 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Michael Raggo
Michael Raggo has over 20 years of security research experience. His current research focuses on Cloud security. His research has been highlighted on television’s CNN Tech, and numerous media publications including TIME, Forbes, Bloomberg, Dark Reading, TechCrunch, TechTarget, The Register, and countless others. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Books, and is a contributing author for “Information Security the Complete Reference 2nd Edition”. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon; and is a former participating member of the PCI Council. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, RSA, OWASP, HackCon, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.
Twitter: @datahiding

Description:
With more than 24,000 permissions across AWS, Azure, and GCP, how does one determine who gets what permissions? Half of the 10,000 permissions in AWS are admin-like permissions. This is even more complicated when new permissions and services are being added almost daily. Mapping these out and understanding their implications is a difficult task, yet attackers understand them well enough to leverage toxic combinations of these permissions for privilege escalation and exploiting your cloud infrastructure. In this presentation, we'll share our experiences in doing > 150 risk assessments across AWS, Azure, and GCP. We'll review common admin permissions that we commonly find accidentally assigned to developers and users. We'll reveal some extremely powerful permissions that can be mapped to a Cyber Kill Chain specific to cloud infrastructure. This will uncover toxic combinations of permissions that can lead to lateral movement, privilege escalation, exfiltration, and more. We'll provide real world examples of findings from audit logs, activity monitoring, and ML-based anomaly analysis. We'll then outline a strategy to tracking this moving forward actively within your environment and how to mitigate this over-permissioned access to build a permissions management lifecycle.

Cloud Village activities will be streamed to YouTube.

YouTube: https://www.youtube.com/cloudvillage_dc


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 14:00-14:20 PDT


Title: Instrument and Find Out: Writing Parasitic Tracers for High(-Level) Languages
When: Sunday, Aug 8, 14:00 - 14:20 PDT
Where: DCTV/Twitch #3 Pre-Recorded

SpeakerBio:Jeff Dileo
Jeff Dileo (chaosdata) is a security consultant by day, and sometimes by night. He hacks on embedded systems, mobile apps and devices, web apps, and complicated things that don't have names. He likes candy and arguing about text editors and window managers he doesn't actually use.
Twitter: @chaosdatumz

Description:
Modern programming languages are, more and more, being designed not just around performance, ease-of-use, and (sometimes) security, but also performance monitoring and introspectability. But what about the languages that never adopted such concepts from their peers? Or worse, what about the languages that tacked on half-hearted implementations as an afterthought? The answer is simple, you write your own and instrument them into the language dynamically.

In this talk, we will discuss the process for developing generalized parasitic tracers targeting specific programming languages and runtimes using Ruby as our case study. We will show how feasible it is to write external tracers targeting a language and its runtime, and discuss best practices for supporting different versions over time.

REFERENCES
* https://github.com/ruby/ruby * https://frida.re/docs/javascript-api/

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=Iy1BNywebpY

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Jeff%20Dileo%20-%20Instrument%20and%20Find%20Out%20-%20Writing%20Parasitic%20Tracers%20for%20High%20Level%20Languages.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Sunday - 10:30-10:59 PDT


Title: Internet-of-Ingestible-Things Security by Design
When: Sunday, Aug 8, 10:30 - 10:59 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Mariam Elgabry , Co-founder & Director of Enteromics
Co-founder and Director of Enteromics, a MedTech startup that builds smart pills for smart health. She has led award winning projects at AstraZeneca and Microsoft and her bio-crime research has been recognised by the UK Parliament Joint Committee on National Security.
Twitter: @MariamElgabry11

Description:
In this talk I will share the outcomes of the very first Internet-of-Ingestible-Things workshop that brings cybersecurity experts and medical device regulatory bodies together to think about cyber-biosecurity at design stage of medical devices and to inform policy by delivering a set of principles for Security by Design.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

LPV - Sunday - 15:00-15:59 PDT


Title: Intro to high security locks and lockpicking
When: Sunday, Aug 8, 15:00 - 15:59 PDT
Where: Lock Pick Village (Virtual)

SpeakerBio:N∅thing
No BIO available

Description:
This is a quick introduction to high security locks, what they are, what they look like and how to get started defeating them.

Lock Pick Village will be streaming their activities to Twitch and YouTube.

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US


Return to Index    -    Add to    -    ics Calendar file

 

LPV - Sunday - 10:00-10:30 PDT


Title: Intro To Lockpicking
When: Sunday, Aug 8, 10:00 - 10:30 PDT
Where: Lock Pick Village (Virtual)

SpeakerBio:TOOOL
No BIO available

Description:
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.

Lock Pick Village will be streaming their activities to Twitch and YouTube.

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US


Return to Index    -    Add to    -    ics Calendar file

 

LPV - Sunday - 12:00-12:30 PDT


Title: Intro To Lockpicking
When: Sunday, Aug 8, 12:00 - 12:30 PDT
Where: Lock Pick Village (Virtual)

SpeakerBio:TOOOL
No BIO available

Description:
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.

Lock Pick Village will be streaming their activities to Twitch and YouTube.

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US


Return to Index    -    Add to    -    ics Calendar file

 

LPV - Sunday - 14:15-14:45 PDT


Title: Intro To Lockpicking
When: Sunday, Aug 8, 14:15 - 14:45 PDT
Where: Lock Pick Village (Virtual)

SpeakerBio:TOOOL
No BIO available

Description:
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.

Lock Pick Village will be streaming their activities to Twitch and YouTube.

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Sunday - 09:30-10:59 PDT


Title: Intro to ML Workshop
When: Sunday, Aug 8, 09:30 - 10:59 PDT
Where: AI Village (Virtual)

SpeakerBio:Gavin Klondike
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.


Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Sunday - 09:00-10:59 PDT


Title: Intrusion Analysis and Threat Hunting with Suricata
When: Sunday, Aug 8, 09:00 - 10:59 PDT
Where: Packet Hacking Village - Workshops (Virtual)
Speakers:Peter Manev,Josh Stroschein

SpeakerBio:Peter Manev , CSO OF STAMUS NETWORKS
Peter Manev (Twitter: @pevma) is a co-founder of Stamus Networks, where he acts as CSO. He has been an active OISF member for a decade and has a 15 year-long record of activity in the field of IT security. An adamant admirer and explorer of innovative open-source security software, Peter is also the lead developer of SELKS.
Twitter: @pevma

SpeakerBio:Josh Stroschein , DIRECTOR OF IT TRAINING AT OPEN INFORMATION SECURITY FOUNDATION (OISF)
Josh Stroschein (Twitter: @jstrosch) is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is the Director of Training for OISF, where he leads all training activity for the foundation and is also responsible for academic outreach and developing research initiatives. Josh is also an Associate Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, an author on Pluralsight, and a threat researcher for Bromium.
Twitter: @jstrosch

Description:
In today’s threat landscape, sophisticated adversaries have routinely demonstrated the ability to compromise enterprise networks and remain hidden for extended periods of time. In Intrusion Analysis and Threat Hunting with open-source Tools, you will learn how to dig deep into network traffic to identify key evidence that a compromise has occurred, learn how to deal with new forms of attack, and develop the skills necessary to proactively search for evidence of new breaches. We will explore key phases of adversary tactics and techniques - from delivery mechanisms to post-infection traffic to get hands-on analysis experience. Open-source tools such as Suricata and Moloch will be utilized to generate data, perform exhaustive traffic analysis, and develop comprehensive threat hunting strategies. By the end of this workshop, you will have the knowledge and skills necessary to discover new threats in your network.

Return to Index    -    Add to    -    ics Calendar file

 

IOTV - Sunday - 10:00-11:59 PDT


Title: IoT Village Capture the Flag (CTF)
When: Sunday, Aug 8, 10:00 - 11:59 PDT
Where: IoT Village (Virtual + Paris Vendome A)

Description:
For more information, see https://www.iotvillage.org/defcon.html

IoT Village virtual events will be streamed to Twitch.

Twitch: https://www.twitch.tv/iotvillage


Return to Index    -    Add to    -    ics Calendar file

 

IOTV - Sunday - 06:00-10:59 PDT


Title: IoT Village Labs
When: Sunday, Aug 8, 06:00 - 10:59 PDT
Where: IoT Village (Virtual + Paris Vendome A)

Description:
For more information, see https://www.iotvillage.org/defcon.html

IoT Village virtual events will be streamed to Twitch.

Twitch: https://www.twitch.tv/iotvillage


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Sunday - 13:30-13:59 PDT


Title: It takes a village: Why you should join the Biohacking Village
When: Sunday, Aug 8, 13:30 - 13:59 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Rob Suárez , CISO, BD
Rob Suárez is a cybersecurity and privacy professional in the medical device and healthcare IT industry. At BD, Rob serves as Chief Information Security Officer and oversees cybersecurity across the company’s enterprise, IT and manufacturing systems. Rob currently chairs the Cybersecurity Steering Committee for the Medical Device Innovation Consortium and the Cybersecurity Working Group for AdvaMed. He was also one of three leaders to co-chair the public-private Healthcare and Public Health Sector Coordinating Council (HSCC) Med Tech Cybersecurity Risk Management Task Group, which issued the seminal Medical Device and Healthcare Information Technology Joint Security Plan (JSP) in 2019.

Description:
The Biohacking Village at DEF CON brings medical device manufacturers and security researchers together for one purpose: to strengthen medical device cybersecurity. In this presentation, BD CISO Rob Suárez will share his perspective on crowdsourcing cybersecurity and how creating a community of practice strengthens cybersecurity, promotes ethical coordinated vulnerability disclosure processes, and accelerates the application of emerging best practices across industries. Participants will also hear from Scott Shindledecker, Chief Product Security Officer for BD and Nastassia Tamari, Director of Information Security - Operations for BD, on practical tips for participating in events like the Biohacking Village Medical Device Lab and fostering collaborative relationships with security researchers and fellow medical device manufacturers.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

HTSV - Sunday - 10:00-10:55 PDT


Title: Less Jaw Work, More Paw Work: Why We Need to Start “Doing” Cyber
When: Sunday, Aug 8, 10:00 - 10:55 PDT
Where: Hack the Sea (Virtual)

SpeakerBio:Cliff Neve
No BIO available

Description:No Description available

Hack the Sea Village will stream their events to YouTube and Twitch.

Twitch: https://www.twitch.tv/h4ckthesea

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ


Return to Index    -    Add to    -    ics Calendar file

 

WS - Sunday - 10:00-13:59 PDT


Title: Modern Malware Analysis for Threat Hunters
When: Sunday, Aug 8, 10:00 - 13:59 PDT
Where: Workshops - Las Vegas 1+2 (Onsite Only)
Speakers:Aaron Rosenmund,Ryan Chapman

SpeakerBio:Aaron Rosenmund , Security Researcher
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber security workforce and technologies for business and national enterprises alike. In support of the Air National Guard, he contributes those skills part time in various initiatives to defend the nation in cyberspace. Certifications: GIAC GCIA, GIAC GCED, CCNA Cyber Operations, Pentest+, CySa+ www.AaronRosenmund.com @arosenmund "ironcat"
Twitter: @arosenmund

SpeakerBio:Ryan Chapman , Principal IR Consultant
Ryan is an experienced incident response practitioner, malware analyst, and trainer. He is a Principal IR Consultant for BlackBerry, the lead organizer of CactusCon, a SANS trainer for FOR610: Reverse Engineering Malware, and a Pluralsight author. Ryan strives to imbue comedy into his trainings and loves being able to teach others while learning from them at the same time. He is a veteran speaker having presented talks and/or workshops at conferences including DefCon, SANS Summits, BSides events, CactusCon, and more. Prior to working in IR, Ryan worked as a technical trainer for over five years. "We must not teach people how to press buttons to get results. We must teach people what happens when these buttons are clicked, such that they fully understand the processes occurring in the background," says Ryan.

Description:
Malware authors go to great lengths to bypass enterprise security to deliver malware, avoid detection after the initial intrusion and maintain persistence to compromise an organization. To achieve this, malware authors employ a wide variety of obfuscation and anti-analysis techniques at each phase of an attack. In this workshop, you will get hands-on with real-world malware and learn how to identify key indicators of compromise (IOCs)/indicators of attack (IOAs), apply analysis to enhance security products to protect users and infrastructure and gain a deeper understanding of malware behavior through reverse engineering.

This workshop will utilize open-source and limited use tools such as Ghidra, IDA Pro Free/Demo, Oledump/OleVBA, PE Studio, and Suricata to perform deep technical analysis of malware, focusing on developing effective strategies to maximize your time spent. By the end of this workshop, you will be able to analyze malicious office documents, identify signs of packing, defeat obfuscation and other anti-analysis techniques and use traffic analysis to aid in detection and identifying of prevalent malware families. These skills ultimately allow you to generate valuable threat intelligence to aid in your efforts to defend your organization or respond to an incident.

This is a fast-paced course designed to take you deep into malware operations – from delivery methods to payloads! Numerous labs will reinforce key learning objectives throughout the workshop and each lab comes with a detailed lab guide. Comprehensive analysis activities and exercises are used to to test and reaffirm key learning objectives and ensure attendees have a start-to-finish understanding of the material.

Attendees will be provided with all the lab material used throughout the course in a digital format. This includes all lab material, lab guides and virtual machines used for training. This workshop will also utilize several live classroom sharing resources, such as chat and notes to ensure that attendees have access to all material discussed throughout the training. All the material provided will help to ensure that students have the ability to continue learning well after the course ends and maximize the knowledge gained from this course.

Registration Link: https://www.eventbrite.com/e/modern-malware-analysis-for-threat-hunters-las-vegas-1-2-tickets-162214781779

Prerequisites
The primary requirement for this course is a desire to learn and the determination to tackle challenging problems. In addition, having some familiarization with the following topics will help students maximize their time in this course:

Materials needed:


Return to Index    -    Add to    -    ics Calendar file

 

MUS - Sunday - 01:00-01:59 PDT


Title: Music - CTRL/rsm
When: Sunday, Aug 8, 01:00 - 01:59 PDT
Where: Bally's Silver Ballroom

SpeakerBio:CTRL/rsm
an audio / visual bombardment of your cerebral cortex

https://www.instagram.com/ctrlrsm
https://www.facebook.com/ctrlrsm
https://www.twitch.tv/ctrlrsm


Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

MUS - Sunday - 00:00-00:59 PDT


Title: Music - Zebbler Encanti Experience
When: Sunday, Aug 8, 00:00 - 00:59 PDT
Where: Bally's Silver Ballroom

SpeakerBio:Zebbler Encanti Experience
Zebbler Encanti Experience (aka “ZEE”) is an audio/visual collaboration between video artist Zebbler and electronic music producer Encanti, based out of Boston, Massachusetts and Valencia, Spain. The Experience is an immersive performance of mapped visuals on three custom winged projection screens, synchronized with heavy peak-hour psychedelic bass music, resulting in the creation of a fantasy world for audiences to lose themselves in.

Zebbler Encanti Experience released a critically-acclaimed EP, End Trance, on standout bass label Wakaan, coupled with a performance at the inaugural Wakaan Festival. Coming out of the pandemic, ZEE released Syncorswim on longtime label Gravitas Recordings, which is a full audio-visual album exploring the ambient, glitchy, and IDM side of the project. Beautiful natural visuals accompany gorgeous, synth-heavy grooves. This different perspective gives fans a whole new look at what an A/V project can be.

ZEE have seen a considerable amount of road time in the last few years, serving as integral members of multiple tour teams. The architect behind the projection mapped projects for Shpongle and EOTO, and assisting with Infected Mushroom’s stage construction, Zebbler has toured the United States nonstop producing visual shows and performing as a VJ at hundreds of high profile events. In addition to ZEE performing as direct touring support for EOTO in venues throughout the country, and performing in the Shpongle Live band during their first few shows in the United States and final appearance at Red Rocks, Encanti has carved out some time to teach electronic music production to graduate students in the Valencia, Spain wing of Berklee College of Music.

https://zebblerencantiexperience.com/
https://facebook.com/zebblerencantiexperience https://instagram.com/zebblerencantiexperience https://soundcloud.com/zebblerencantiexperience


Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 12:00-12:45 PDT


Title: No Key? No PIN? No Combo? No Problem! P0wning ATMs For Fun and Profit
When: Sunday, Aug 8, 12:00 - 12:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Roy Davis
Roy Davis is a security researcher and engineer with 15 years of pentesting, security research and programming experience. He has worked on security teams at Zoom, Salesforce, Apple, Barclays Bank, and Thomson Reuters. He holds a B.S. degree in Computer Science from Purdue University and an M.S. in Cybersecurity and Digital Forensics from WGU. Roy has presented at several security conferences from 2008 to his most recent talk at the “HackerOne Security@” conference in San Francisco.

https://www.linkedin.com/in/roy-davis/

Twitter: @hack_all_things
https://www.davisinfosec.com

Description:
Since the late great Barnaby Jack gave us “Jack Potting” in the late 2000s, there have been several talks on ATM network attacks, USB port attacks, and digital locks attacks which apply to several brands of ATM safes. In this session, I’ll discuss and demonstrate how most of these known attack vectors have been remediated, while several fairly simple attacks against the machine and the safe still remain. We’ll dive into how ATMs work, the steps I went through to become a “licenced ATM operator” which enabled my research, and how I identified the vulnerabilities. I’ll show how, with very little technical expertise and 20 minutes, these attacks lead directly past “secure” and allow attackers to collect a lot more than $200.

REFERENCES
Barnaby Jack - “Jackpotting Automated Teller Machines” - (2010) from DEFCON - https://www.youtube.com/watch?v=FkteGFfvwJ0 Weston Hecker - “Hacking Next-Gen ATM's From Capture to Cashout” - (2016) from DEFCON - https://www.youtube.com/watch?v=1iPAzBcMmqA Trey Keown and Brenda So - “Applied Cash Eviction through ATM Exploitation” (2020) from DEFCON - https://www.youtube.com/watch?v=dJNLBfPo2V8 Triton - “Terminal Communications Protocol And Message Format Specification” (2004) from Complete ATM Services - tinyurl.com/7nf2fdy5 Rocket ATM - “Hyosung ATM Setup Part 1 - Step by Step” (2018) from Rocket ATM - https://www.youtube.com/watch?v=abylmrBkOGM&t=3s Rocket ATM - “Hyosung ATM Setup Part 2 - Step by Step” (2018) from Rocket ATM - https://www.youtube.com/watch?v=IM9ZG46fwL8 Hyosung - “NH2600 Service Manual v1.0” (2013) From Prineta - https://tinyurl.com/c6jd4hd9 Hyosung - “NH2700 Operator Manual v1.2” (2010) From AtmEquipment.com - https://tinyurl.com/rp2cad8

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=9cG-JL0LHYw

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Roy%20Davis%20-%20No%20Key-No%20PIN-No%20Combo%20-%20No%20Problem%20P0wning%20ATMs%20For%20Fun%20and%20Profit.mp4


This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 14:00-14:45 PDT


Title: Old MacDonald Had a Barcode, E-I-E-I CAR
When: Sunday, Aug 8, 14:00 - 14:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Richard Henderson
Richard Henderson is a writer, researcher, and ham radio/electronics nerd who has worked in infosec and technology for almost two decades. Richard has taught multiple times at DEF CON and leads the annual DEF CON Ham Radio Fox Hunt Contest. Richard is currently co-authoring a book on cybersecurity for ICS/Scada systems.
Twitter: @richsentme

Description:
For decades, the EICAR test string has been used by antivirus and security vendors to safely test their detection engines without having to use live virulent samples which could cause harm. What would happen if you took that string, encoded it into a machine readable format like a QR code and started scanning various devices with the QR code? This talk shows how there are a lot of systems out there that aren't expecting an input string like EICAR and how many of them just collapse when shown the code. We will also discuss the types of systems you can target and how you may be able to extend this to more than a nuisance attack.
REFERENCES
EICAR test string: https://www.eicar.org/?page_id=3950 EICAR wikipedia entry: https://en.wikipedia.org/wiki/EICAR_test_file QR codes: https://en.wikipedia.org/wiki/QR_code Risks surrounding QR codes: https://en.wikipedia.org/wiki/QR_code#Risks

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=cIcbAMO6sxo

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Richard%20Henderson%20-%20Old%20MacDonald%20Had%20a%20Barcode%2C%20E-I-E-I%20CAR.mp4


This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 10:00-10:59 PDT


Title: Panel discussion: Resilient cyber space: The role of hacker and security communities
When: Sunday, Aug 8, 10:00 - 10:59 PDT
Where: Adversary Village (Virtual)
Speakers:Abhijith B R,Jay Turla,Manu Zacharia,Aseem Jakhar,Omar Santos,Dave Lewis,Dhillon ‘L33tdawg’ Kannabhiran

SpeakerBio:Abhijith B R
No BIO available

SpeakerBio:Jay Turla , Manager, Security Operations at Bugcrowd
Jay Turla is a Manager, Security operations at Bugcrowd Inc., and one of the goons of ROOTCON. He has been acknowledged and rewarded by Facebook, Adobe, Yahoo, Microsoft, Mozilla, etc. for his responsible disclosures. He has also contributed auxiliary and exploit modules to the Metasploit Framework: Host Header Injection Detection, BisonWare BisonFTP Server Buffer Overflow, Zemra Botnet CnC Web Panel Remote Code Execution, Simple Backdoor Shell Remote Code Execution, w3tw0rk / Pitbul IRC Bot Remote Code Execution, etc. He used to work for HP Fortify where he performs Vulnerability Assessment, Remediation and Advance Testing.

SpeakerBio:Manu Zacharia , President at ISRA, Founder of c0c0n International Hacking & Information Security Conference
Information Security evangelist with more than 23 years of professional experience. CEO – HackIT Technology and Advisory Services (Singapore, India, UAE) - www.hackit.co. External Consultant to Kerala State IT Mission / Computer Emergency Response Team (Kerala) – CERT-K from Feb 2016 to Jul 2016. Awarded the prestigious Microsoft Most Valuable Professional - MVP award consecutively for four years (2009, 2010, 2011 and 2012) in Enterprise Security stream. Also honored with the prestigious Asia Pacific Information Security Leadership Achievements Award for 2010 from (ISC)² under Senior Information Security Professional Category. Awarded the Nullcon Black Shield Awards for 2014 under the Community Star category for contribution to community in terms of knowledge sharing, administration, communication, proliferation. Founder of c0c0n International Hacking & Information Security Conference and also Information Security Day Initiatives.

SpeakerBio:Aseem Jakhar , Co-founder/Director R&D - Payatu, Nullcon, Hardwear.io, EXPLIoT
Aseem Jakhar is the Director, research at Payatu Software Labs http://payatu.com a boutique security testing company specializing in IoT, Embedded, cloud, mobile security testing. He is the founder of null-The open security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon security conference http://nullcon.net and hardwear.io security conference. He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, bayesian engine to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon, Hack.lu, Hack in Paris, Hack In The Box, PHDays and many more. He has authored various open source security software including - ExplIoT - IoT Exploitation Framework - DIVA (Damn Insecure and Vulnerable App) for Android - Jugaad/Indroid - Linux Thread injection kit for x86 and ARM - Dexfuzzer - Dex file format fuzzer

SpeakerBio:Omar Santos , Principal Engineer, Cisco PSIRT, DEF CON Red Team Village
Omar Santos is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar is the author of over 20 books and video courses; numerous white papers, articles, and security configuration guidelines and best practices. Omar is a Principal Engineer of Cisco’s Product Security Incident Response Team (PSIRT) where he mentors and lead engineers and incident managers during the investigation and resolution of security vulnerabilities.

Omar has been quoted by numerous media outlets, such as TheRegister, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune Magazine, Ars Technica, and more.


SpeakerBio:Dave Lewis , Global Advisory CISO for CISCO
Dave Lewis has twenty five years+ of industry experience. He has extensive experience in IT security operations and management including a decade dealing with critical infrastructure security. Lewis is a Global Advisory CISO for Cisco. He is the founder of the security site Liquidmatrix Security Digest and cohost of the Liquidmatrix podcast as well as the host of the Plaintext and Murder Board podcasts. Lewis serves on the advisory boards for several firms. He is currently enrolled in a graduate program at Harvard University. Lewis has written columns for Daily Swig, Forbes and several other publications

SpeakerBio:Dhillon ‘L33tdawg’ Kannabhiran , Founder, CEO at Hack In The Box
Dhillon Andrew Kannabhiran (@l33tdawg on Twitter) is the Founder and Chief Executive Officer of Hack in The Box, organiser of the HITBSecConf series of network security conferences which has been held annually for over a decade in various countries including Malaysia, The Netherlands, The UAE and now China!

Description:
How do security communities help the information security industry and professionals? Why does the security industry need open security communities and forums? The relevance of such communities in standardizing Vulnerability disclosures Building frameworks and tools etc

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 12:00-12:20 PDT


Title: PK-WHY
When: Sunday, Aug 8, 12:00 - 12:20 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Kevin Chen
Kevin Chen was the first Developer Advocate at the now-unicorn open source company Kong and currently works at smallstep, an early stage open source startup. When not developing tech and demos for the PKI space, he likes to bake, travel, and tend to his motorcycle.
Twitter: @devadvocado

Description:
Certificates and public key infrastructure (PKI) are hard. No shit, right? I know a lot of smart people who’ve avoided this particular rabbit hole. Personally, I avoided it for a long time and felt some shame for not knowing more. The obvious result was a vicious cycle: I was too embarrassed to ask questions so I never learned. Well, now everything needs a certificate so let's be embarrassed together and learn they why.

Cloud Village activities will be streamed to YouTube.

YouTube: https://www.youtube.com/cloudvillage_dc


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Sunday - 11:00-11:30 PDT


Title: Potential Pitfalls Protecting Patient Privacy
When: Sunday, Aug 8, 11:00 - 11:30 PDT
Where: AI Village (Virtual)

SpeakerBio:Brian Martin
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.


Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536


Return to Index    -    Add to    -    ics Calendar file

 

CON - Sunday - 12:00-12:59 PDT


Title: Red Team Village CTF - Closing Ceremony
When: Sunday, Aug 8, 12:00 - 12:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236421

Return to Index    -    Add to    -    ics Calendar file

 

CON - Sunday - 10:00-11:59 PDT


Title: Red Team Village CTF - Finals Part 2
When: Sunday, Aug 8, 10:00 - 11:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236421

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Sunday - 12:00-12:59 PDT


Title: Red vs Blue vs Green : The ultimate battle of opinions (or is it)
When: Sunday, Aug 8, 12:00 - 12:59 PDT
Where: Biohacking Village (Talk - Virtual)
Speakers:Ken Kato,Vee Schmitt

SpeakerBio:Ken Kato , Entrepreneur In Residence @ US Navy, White House Presidential Innovation Fellows
Thought leader. Technology disruptor. Innovator. Experienced in solving problems from bare metal to cloud. Steeped deeply in agile methods and development. Track record of success as a change agent in highly regulated industries.

Ken Kato is an entrepreneur, platform/cloud architect, change agent, and innovator; with a wide range of experience across highly regulated industries from finance, to healthcare, to defense. Most recently as a founding member of Kessel Run, Ken disrupted USAF’s technology. Working alongside industry innovators Pivotal to provide a cloud platform and help begin their cloud native journey.

Spending a career working at the bleeding edge; Ken continues to iterate on concepts with a focus lately on IoT sensor data aggregation and predictive analysis, security across software and platform lifecycle, edge computing at the extremes of information availability. Evincing a passion to keep pursuing ideas from when the ideas are theory before technology is available until they are matured as an innovation.

Technology alone can’t solve complex problems and with that in mind, Ken thinks of what the future landscape may look like. Between experience and data, Ken predicts how decisions made today will be survivable for years ahead and strives to develop a sustainable strategy for organizational growth.

Twitter: @askKenKato

SpeakerBio:Vee Schmitt , Assistant Professor at Noroff/ Independent Security Researcher at Medtronic/ Partner DFIRLABS
No BIO available

Description:
Often when it comes Medical Devices and Healthcare everyone has an opinion. Ever wonder why there is such a difference of opinion. Deep diving into the context and perspective of the various teams involved in the manufacturing, attacking, and defending of medical devices. We explore and discuss why these opinions are different and how we can better communicate our perspective to one another. This talk explores the complexity and constraints that each team faces and how if the silos are broken down it makes for a more collaborative understanding and coming full circle. Often you will that it is Red versus Blue then versus Green. We work against each other rather than coming full circle logically and openly discussing problems in this space. The main theme of this talk is that differences in opinions are often needed to solve complex problems. Let’s face it the secure manufacturing and implementation of these devices is a complex problem. Lifting the veil of problems that each of these team’s face.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

DL - Sunday - 10:00-11:50 PDT


Title: reNgine
When: Sunday, Aug 8, 10:00 - 11:50 PDT
Where: DemoLab Video Channel 1

SpeakerBio:Yogesh Ojha
Yogesh Ojha is a Research Software Engineer in TRG Research and Development, Cyprus where his research focuses on building solutions for Crime and Terror.As a Passionate Developer and a Hacker, Yogesh builds and maintains reNgine, an automated reconnaissance framework.He has delivered talks on IoT Security and Car Hacking at several conferences like BlackHat Europe, HITB Cyber Week Abu Dhabi, Open Source Summit, IoT Innovatech LATM, GreHack, NoConName, KazHackStan, FOSS Asia Summit, etc. When not building or breaking technologies, he spends his time with his dog Jasper.

Description:
Short Developer Bio: Yogesh Ojha is a Research Software Engineer in TRG Research and Development, Cyprus where his research focuses on building solutions for Crime and Terror.As a Passionate Developer and a Hacker, Yogesh builds and maintains reNgine, an automated reconnaissance framework.He has delivered talks on IoT Security and Car Hacking at several conferences like BlackHat Europe, HITB Cyber Week Abu Dhabi, Open Source Summit, IoT Innovatech LATM, GreHack, NoConName, KazHackStan, FOSS Asia Summit, etc. When not building or breaking technologies, he spends his time with his dog Jasper.

Tool or Project Name reNgine: An automated reconnaissance engine(framework)

Short Abstract: reNgine is an automated reconnaissance engine(framework) that is capable of performing end-to-end reconnaissance with the help of highly configurable scan engines on web application targets. reNgine makes use of various open-source tools and makes a highly configurable pipeline of reconnaissance to gather the recon result.reNgine also makes it possible for users to choose the tools they desire while following the same reconnaissance pipeline, example - with reNgine you aren't limited to using sublist3r for subdomains discovery, rather reNgine allows you to combine multiple tools like sublist3r, subfinder, assetfinder, and easily integrate them into your reconnaissance pipeline. The reconnaissance results are then displayed in a beautiful and structured UI after performing the co-relation in the results produced by these various tools. The developers behind reNgine understand that recon result most often is overwhelming due to the humongous data, so that’s why reNgine also comes with advanced query lookup using natural language operators like and, or and not. Imagine, doing recon on facebook.com and filtering the results like http_status!404&page_title=admin|page_title=dashbo ard&content_length>0&tech=phporseverity=critical|severity=high&vulnerability_titl e=xss|vulerability_title=cve-1234-xxxxreNgine’s flexibility to easily incorporate any existing open-source tools and with advanced features like configurable scan engines, parallel scans, advanced query lookup on recon results, instant notification about the scan, scheduled scans, etc, separates reNgine from any other recon frameworks. reNgine can be used for both reconnaissance and actively monitoring the targets.URL to any additional information: Official Documentation: https://rengine.wiki reNgine v0.5 Major Update with Vulnerability Scan and Advanced recon Lookup Trailer and Demo: https://www.youtube.com/watch?v=DSOS_dkorBMreNgine release Trailer: https://www.youtube.com/watch?v=u8_Z2-3-o2MreNgine Development Timeline Video Trailer: https://www.facebook.com/10000176436...1638639238246/reNgine featured on Portswigger’s The daily Swig: https://portswigger.net/daily-swig/r...or-pen-testers reNgine community review: https://twitter.com/Jhaddix/status/1286547230078275585 https://twitter.com/ITSecurityguard/...58400926543879 https://twitter.com/ojhayogesh11/sta...21166811471872 https://twitter.com/search?q=https%3...rc=typed_query

Detailed Explanation of Tool: reNgine is an advanced reconnaissance framework for web application targets that uses various existing open-source tools to achieve this. The idea for reNgine came when I was bored during the lockdown and had nothing better to do. Back then I was working as a Security Analyst and my day job was to perform penetration testing on web applications. While I enjoyed my job, I hated performing recon on these targets because in almost all the cases the recon steps were pretty similar. Except for certain cases, the recon steps I read, I performed, I saw others doing, were very similar. Same usage of tools, same usage of options/parameters/tuning. But I was bored with this recon methodology because, at times I needed the recon results to be saved in a structured way, come back the next day, and still do the analysis without wasting my yet another day on recon.

Also, since I had a day job, I used to do bug bounty during the night, and obviously, my office would fire me right away if I performed recon on bug bounty targets during my office hours, so also was looking for something that could help me schedule the scans on those targets, something like performing a scan every midnight, or lineup 100 scans on the pipeline and scan these targets one step at a time.

The recon results are very humongous on larger targets, and very difficult to search or find the specific results quickly. This was due to the reason that existing frameworks (open-source) had no ability to store the results on DB, almost all used text as output, and obviously, this wasn’t going to be helpful unless you write extremely complex greps. So, I went on to create one for myself and named it reNgine, abbreviated for reconnaissance engine. Why Engine? It is because reNgine has the ability to customize the scan engines. These engines are Yaml based configurations, you can add, remove or customize them.

So what is reNgine and how it solved the problems that no other recon frameworks were providing?

One of the most impressive features of reNgine is that it makes use of something called Scan Engines, these engines are highly configurable and allow you to choose the tools you like, configurations you like, example so you are not limited to using subfinder for subdomain gathering, you can use multiple of them, as many as you want. How difficult is it to choose tools? Very simple, just add the tool name in YAML configuration and you’re good to go, reNgine will take care of the rest.This scan engine allows you to fine-tune the tools and perform scans in a much-advanced way. These scan engines have one to many relationships with the targets, meaning, you can define one scan engine, let’s say ‘Defcon Scan’ that does Subdomain Discovery at 100 threads, grab screenshots at 50 threads, and also performs vulnerability scan. Now, once this scan engine is defined, you can use it against n number of targets without the need to modify and fine-tune the parameters every once in a while.

Sample Scan Engine Configuration:

subdomain_discovery: uses_tool: [ subfinder, sublist3r, assetfinder, oneforall ] thread: 10 wordlist: default amass_config: config_short_name subfinder_config: config_short_name port_scan: ports: [ top-100 ] exclude_ports: null thread: 10 visual_identification: port: xlarge thread: 2 http_timeout: 3000 screenshot_timeout: 30000 scan_timeout: 100 dir_file_search: extensions: [ php,asp,aspx,txt,conf,db,sql,json ] recursive: false recursive_level: 1 thread: 100 wordlist: default fetch_url: uses_tool: [ gau, hakrawler ] intensity: aggressive vulnerability_scan: concurrent: 10 template: all severity: all excluded_subdomains: - test.rengine.wiki - hello.test.com

This configuration and finetuning can be used against n targets. The result of this recon is then stored in DB for co-relation.

Technology Stack:
reNgine uses the following technology stack:Web Framework: DjangoDatabase: PostgresDistributed Message Broker: RedisAsync Tasks and Scheduling Scans: Celery and Celery-beat Redis acts as a message broker between Django and Celery.Containerized everything by Docker reNgine has a dashboard-like UI, which makes it easy to co-relate the recon results.Example: https://user-images.githubuserconten...087b2b48d3.pnghttps://user-images.githubuserconten...d626127d88.png The purpose of creating the dashboard-like UI was so that one can easily filter the recon results like, “Hey, I quickly want to filter a subdomain that has admin or dashboard in page title, and also has HTTP status as 200”. With the existing recon frameworks, this was quite impossible. reNgine’s dashboard makes it very easy to filter such use cases. Example: https://camo.githubusercontent.com/2...795f322e706e67

Key Features of reNgine:

Perform Recon:
Subdomain Discovery
Ports Discovery
Endpoints Discovery
Directory Bruteforce
Visual Reconnaissance (Screenshot the targets) IP Discovery
CNAME discovery
Subdomain Takeover Scan
Highly configurable scan engines, use tools of your choice, open-source or integrate your own tool, use one configuration, fine-tuning against multiple targets Run multiple scans in parallel, running multiple scans is very simple, select n targets, choose the scan engine, and initiate the scan. reNgine and celery will take care of the rest. Run Clocked Scans (Run reconnaissance exactly at X Hours and Y minutes) Run Periodic Scans (Runs reconnaissance every X minutes/hours/days/week) Perform Vulnerability Scan using Nuclei and get notified when a vulnerability is discovered Send scan related notifications to Slack or Discord Perform Advanced Query lookup using natural language alike and, or, not operations Example: Assume that, you are looking for open redirection, you can quickly search for =http and look for HTTP status 30X, this will give high accuracy of open redirection with bare minimum effort.Out-of-Scope options available, if recon need not be performed on specific targets, define them on the scan engine and you’re good to go. reNgine won’t perform anything on the out-of-scope subdomains.Redefined Dashboard that allows you to quickly find out the most vulnerable target and most commonly occurred vulnerability Example: https://user-images.githubuserconten...7e087c1a26.png

Upcoming Features:
Scan Comparision
Comparision of the scans performed on the target, to find out how many new vulnerabilities have been discovered since the last scan, how many new subdomains have been discovered since the last scan, etc. (Under Development)Interesting Subdomains Discovery

reNgine will discover the interesting subdomains based on the HTTP status, content length, and page title. For example, imagine the time saved by reNgine if reNgine tells you that, Hey admin.facebook.com is an interesting subdomain you might want to look up, now this is depended upon, HTTP status, content length, and many more factors (Under Development)

Source Code: https://github.com/yogeshojha/rengine

Target Audience:
The targeted audience is both Offence and Defence on Web application Security.

The audience on the offense can use reNgine to perform active reconnaissance and gather more information about their next penetration testing target. This information includes but not limited to subdomains, ip address associated with it, endpoints, visual reconnaissance screenshot gathering, ports scan, and vulnerability scan as well.

And, the audience on defense can learn how to use reNgine to perform periodic scans on their (Intra/Extra)net web services, run the periodic open-source-powered vulnerability scanner, and get notified instantly when a vulnerability is identified.The beauty of reNgine is that, with minimal penetration testing and security experience, one can run the entire reconnaissance and gather the result so that it is well suited for both offense and defense.

As the purpose of this demo lab would be to demonstrate the capabilities of reNgine, the demo would be outlined in such a way that it can be well received by the audience of both the offense and defense sides.

reNgine is something I have worked really hard, spent countless nights working on it. Within a very short period of time, reNgine became one of the popular reconnaissance tools. Presenting this to fellow hackers will certainly gather new ideas on making reNgine a more advanced reconnaissance tool, which is one of the major reasons why I wish to present this to Defcon. On the other hand, presenting this to Defcon will foster the open-source and hacker culture as I will explain about the in and out of reNgine and hopefully bring in many developers to contribute to reNgine as well.

Also, I plan to announce a major update in reNgine during Defcon, which I believe will bring innovation and excitement among the attendees as well. And of course, Defcon is the right platform to make everyone aware of the updates, advancements, and new features of reNgine.


This content will be presented on a Discord video channel.

#dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 14:00-14:45 PDT


Title: Robots with lasers and cameras (but no security): Liberating your vacuum from the cloud
When: Sunday, Aug 8, 14:00 - 14:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded

SpeakerBio:Dennis Giese
Dennis is a PhD student and a cybersecurity researcher at Northeastern University. He was a member of one european ISP's CERT for several years.

While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices.

His most known projects are the rooting and hacking of various vacuum robots

Twitter: @dgi_DE
https://dontvacuum.me

Description:
Vacuum robots are becoming increasingly popular and affordable as their technology grows ever more advanced, including sensors like lasers and cameras. It is easy to imagine interesting new projects to exploit these capabilities. However, all of them rely on sending data to the cloud. Do you trust the companies promise that no video streams are uploaded to the cloud and that your personal data is safe? Why not collect the dust with open-source software?

I previously showed ways to root robots such as Roborock and Xiaomi, which enabled owners to use their devices safely with open-source home automation. In response, vendors began locking down their devices with technologies like Secure Boot, SELinux, LUKS encrypted partitions and custom crypto that prevents gaining control over our own devices. This talk will update my newest methods for rooting these devices.

The market of vacuum robots expanded in the past 2 years. In particular, the Dreame company has recently released many models with interesting hardware, like ToF cameras and line lasers. This can be a nice alternative for rooting. I will show easy ways to get root access on these devices and bypass all security. I will also discuss backdoors and security issues I discovered from analysis. You will be surprised what the developers left in the firmware.

REFERENCES
Unleash your smart-home devices: Vacuum Cleaning Robot Hacking (34C3) https://dontvacuum.me/talks/34c3-2017/34c3.html

Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices https://dontvacuum.me/talks/DEFCON26/DEFCON26-Having_fun_with_IoT-Xiaomi.html

https://linux-sunxi.org/Main_Page

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=EWqFxQpRbv8

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Dennis%20Giese%20-%20Robots%20with%20lasers%20and%20cameras%20but%20no%20security%20-%20Liberating%20your%20vacuum%20from%20the%20cloud.mp4


This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Sunday - 11:30-11:59 PDT


Title: Robustness of client-side scanning for illegal content detection on E2EE platforms
When: Sunday, Aug 8, 11:30 - 11:59 PDT
Where: AI Village (Virtual)

SpeakerBio:Shubham Jain
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.


Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536


Return to Index    -    Add to    -    ics Calendar file

 

LPV - Sunday - 11:00-11:50 PDT


Title: Safecracking for Everyone!
When: Sunday, Aug 8, 11:00 - 11:50 PDT
Where: Lock Pick Village (Virtual)

SpeakerBio:Jared Dygert
No BIO available

Description:
Safecracking is one of the more obscure type of lock in locksport. However, in most cases they can be manipulated without the need for any tools and opened in 5 minutes. This talk will get you an understanding of how that's done and started on your path to cracking your first safe!

Lock Pick Village will be streaming their activities to Twitch and YouTube.

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 13:15-14:15 PDT


Title: Scaling Up Offensive Pipelines
When: Sunday, Aug 8, 13:15 - 14:15 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Gil Biton , Adversarial Tactics Expert, Sygnia
Gil has over 5 years of experience in the Cyber Security industry, specializing in Red Team operations, phishing campaigns, and network infrastructure assessments. Gil has been involved in numerous security engagements with Fortune 100-500 client where he brought his extensive experience in the development and research domains to implement complex techniques and automate offensive security processes. Gil is a member of the Adversarial Tactics team, the offensive security team within Sygnia's Enterprise Security division.
https://www.linkedin.com/in/gil-biton-a3a385101

Description:
Evolving endpoint protection software with enhanced detection capabilities and greater visibility coverage have been taking red team and purple team operation’s complexity to a higher level. The current situation forces adversaries to take precautions and invest much more time in the weaponization phase to overcome prevention and detection mechanisms. The community has adapted CI/CD pipelines to automate tasks related to offensive tools weaponization. Offensive CI/CD pipelines have been around for a couple of years, with the goal of helping red teams to automate offensive tools creation and evasion techniques implementation. As part of this evolution, we designed and built our own offensive CI/CD pipeline framework that is simple to use, modular, self-managed, automated, collaborative, and fast. Our framework leverages Infrastructure as Code (IaC) to fully automate the deployment of our offensive CI/CD pipeline framework with built in recipes for evading host and network detections. Each recipe is modular and can be customized to fit red team or purple team requirements, such as proprietary techniques or imitation of specific threat actor TTPs.The framework leverages Gitlab CI/CD in conjunction with Kubernetes cluster to automate and manage the process of building and deploying offensive tools at scale.

In this talk, we will discuss the essentials of offensive pipeline and present our innovative approach, while referring to the challenges we solved, and demonstrate how you can leverage our offensive CI/CD framework to empower red team and purple team operations.


Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

HTSV - Sunday - 13:00-13:55 PDT


Title: SeaTF, Pirate Hat, and Salty Sensor Results, Closing Statements
When: Sunday, Aug 8, 13:00 - 13:55 PDT
Where: Hack the Sea (Virtual)

SpeakerBio:Brian Satira
No BIO available

Description:No Description available

Hack the Sea Village will stream their events to YouTube and Twitch.

Twitch: https://www.twitch.tv/h4ckthesea

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 14:15-15:15 PDT


Title: Signed, Sealed, Delivered: Comparing Chinese APTs behind Software Supply Chain Attacks
When: Sunday, Aug 8, 14:15 - 15:15 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Cheryl Biswas , Threat Intel Specialist, TD
Cheryl Biswas is a Threat Intelligence Specialist with TD Bank in Toronto, Canada, where she produces and delivers annual cyber threat forecasts, and has experience in security audits and assessments, privacy, disaster recovery and change management. She holds an ITIL certification and a specialized honours degree in Political Science. Cheryl is actively engaged in the security community as a conference speaker and volunteer, mentors those entering the field, and champions women and diversity in cyber security as a founding member of “The Diana Initiative”.
Twitter: @3ncr1pt3d

Description:
State-sponsored threat actors have engaged in software supply chain attacks for longer than most people realize, as governments seek out access to information and potential control. Of Russia, North Korea and Iran, China has been behind the most attacks, targeting the technology sector for economic espionage and intellectual property theft. In their current drive for innovation and cloud migration, organizations increasingly rely on software development and all its dependencies: third-party code, open - libraries andshared repositories. Recent attacks have shown how easy it is to create confusion and send malicious code undetected through automated channels to waiting recipients.

This talk will walk attendees through the stages of past attacks by Chinese APTs - notably APT10, APT17 and APT41- to show how capabilities have evolved and what lessons could be applied to recent attacks, comparing tactics, techniques and procedures.

TOPICS COVERED:

What constitutes software supply chain attacks. The abuse of trust and compromise at the source. Trust third parties with third parties. How cloud migration and innovation fuel increased code dependency. Understanding CI/CD continuous integration and continuous delivery. The increased use and targeting of online code repositories and automated software distribution. Where mistakes and misconfigurations occur, creating adversarial opportunity A brief history of software supply chain attacks on repositories.

LEARNING FROM THE PAST

A walk through of several major attack including Operation Aurora, CCleaner, NetSarang. Contrast these to a walk through of recent attacks including SolarWinds, Dependency Confusion, Codecov and XCodeSpy.

The value of historical context is that it helps illuminate TTPs that should be monitored for and secured against, especially those which aid in deception and evasion. Recommendations for mitigations and best practices to secure code, dependencies.

TAKEAWAYS

Attendees will learn what software supply chain attacks are and why they are increasing They will understand the opportunity for adversaries because of the vulnerability created by multiple dependencies. A breakdown of key attacks will be mapped to the Lockheed Martin Kill Chain steps and Mitre ATT&CK. Attendees will be familiarized with major Chinese APT group TTPs which they can bring back to their organizations to implement in their monitoring.


Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Sunday - 10:15-11:30 PDT


Title: Surviving DeFi: How to Prevent Economic Attacks
When: Sunday, Aug 8, 10:15 - 11:30 PDT
Where: Blockchain Village / Paris Vendome B

SpeakerBio:Jan Gorzny , Senior Blockchain Researcher at QuantStamp
No BIO available

Description:No Description available

This content will be presented live and in-person.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 10:00-10:59 PDT


Title: Taking Apart and Taking Over ICS & SCADA Ecosystems: A Case Study of Mitsubishi Electric
When: Sunday, Aug 8, 10:00 - 10:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
Speakers:Mars Cheng,Selmon Yang

SpeakerBio:Mars Cheng
Mars Cheng (@marscheng_) is a threat researcher for TXOne Networks, blending a background and experience in both ICS/SCADA and enterprise cybersecurity systems. Mars has directly contributed to more than 10 CVE-IDs, and has had work published in three Science Citation Index (SCI) applied cryptography journals. Before joining TXOne, Mars was a security engineer at the Taiwan National Center for Cyber Security Technology (NCCST). Mars is a frequent speaker and trainer at several international cyber security conferences such as Black Hat Europe, SecTor, FIRST, HITB, ICS Cyber Security Conference Asia and USA, HITCON, SINCON, CYBERSEC, CLOUDSEC and InfoSec Taiwan as well as other conferences and seminars related to the topics of ICS and IoT security. Mars is general coordinator of HITCON (Hacks in Taiwan Conference) 2021 and was vice general coordinator of HITCON 2020.
Twitter: @marscheng_

SpeakerBio:Selmon Yang
Selmon Yang is a Staff Engineer at TXOne Networks. He is responsible for parsing IT/OT Protocol, linux kernel programming, and honeypot development and adjustment. Selmon also spoke at ICS Cyber Security Conference Asia, HITCON, SecTor and HITB.

Description:
Diversified Industrial Control System (ICS) providers create a variety of ecosystems, which have come to operate silently in the background of our lives. Among these organizations, Mitsubishi Electric ranks among the most prolific. Because the operation of this ecosystem is so widely used in key manufacturing, natural gas supply, oil, water, aviation, railways, chemicals, food and beverages, and construction, it is closely-related to people's lives. For this reason, the security of this ecosystem is extraordinarily important.

This research will enter the Mitsubishi ecosystem’s communication protocol, using it as a lens with which to deeply explore the differences between itself and other ecosystems. We will show how we successfully uncovered flaws in its identity authentication function, including how to take it over and show that such an attack can cause physical damage in different critical sectors. We’ll explain how we accomplished this by applying reverse engineering and communication analysis. This flaw allows attackers to take over any asset within the entire series of Mitsubishi PLCs, allowing command of the ecosystem and full control of the relevant sensors. A further complication is that making a fix to the various communication protocols in the ICS/SCADA is extremely difficult. We will also share the various problems we encountered while researching these findings and provide the most workable detection and mitigation strategies for those protocols.

REFERENCES
[1] https://ladderlogicworld.com/plc-manufacturers/ [2] https://www.mitsubishielectric.com/fa/products/cnt/plc/pmerit/case.html [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5594 [4] https://www.mitsubishielectric.com/fa/products/cnt/plc/pmerit/index.html

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=L0w_aE4jRFw

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Mars%20Cheng%20Selmon%20Yang%20-%20Taking%20Apart%20and%20Taking%20Over%20ICS%20%26%20SCADA%20Ecosystems%20-%20A%20Case%20Study%20of%20Mitsubishi%20Electric.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 14:30-14:50 PDT


Title: The Agricultural Data Arms Race: Exploiting a Tractor Load of Vulnerabilities In The Global Food Supply Chain
When: Sunday, Aug 8, 14:30 - 14:50 PDT
Where: DCTV/Twitch #3 Pre-Recorded

SpeakerBio:Sick Codes
Sick Codes maintains popular open source projects, publishes high-profile security vulnerabilities in good faith, and administers his namesake https://sick.codes, a security research and tutorial resource for developers. Sick Codes' work coordinating communication across many companies, foundations, and other open source organisations was invaluable in getting these vulnerabilities patched and responsibly disclosed.

Sick Codes: I am a Hacker, an Independent Security Researcher, an Australian, and an Open Source maintainer. I regularly publish nasty vulnerabilities in everyone's favorite products, from all the best vendors. I've published CVEs in Smart TV's, Browsers, missile design software, and entire programming languages. Freelance automation specialist by day and hacker by trade. I publish weaponized code on GitHub, namely Docker-OSX, which was my first big "thing," which now has 15k stars, and my biggest project, Docker-OSX has over 100,000 downloads on DockerHub.

@sickcodes
https://github.com/sickcodes
https://www.linkedin.com/in/sickcodes/
https://sick.codes

Twitter: @sickcodes
https://sick.codes

Description:
How I hacked the entire American Food Supply Chain over the course of 3 months, assembled a team of hacker strangers, and how we used a "full house" of exploits on almost every aspect of the agriculture industry. See the process in which it happened, the private exploits we used, the vectors we attacked from, and how it could happen again, or be happening right now.

How the ongoing analytics arms race affects everyone, and how Tractor companies have metastasized into Tech companies, with little to no cyber defenses in place. Learn how farms are not like they used to be; telemetry, crop & yield analytics, and more telemetry.

REFERENCES
https://github.com/sickcodes/Docker-OSX https://github.com/sickcodes/osx-serial-generator https://www.vice.com/en/article/akdmb8/open-source-app-lets-anyone-create-a-virtual-army-of-hackintoshes https://www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/ https://sick.codes/sick-2021-012/ https://sick.codes/sick-2021-031/ https://sick.codes/leaky-john-deere-apis-serious-food-supply-chain-vulnerabilities-discovered-by-sick-codes-kevin-kenney-willie-cade/ https://www.vice.com/en/article/4avy8j/bugs-allowed-hackers-to-dox-all-john-deere-owners https://www.youtube.com/watch?v=rB_SleNKBus wabaf3t https://twitter.com/wabafet1 D0rkerDevil https://twitter.com/D0rkerDevil ChiefCoolArrow https://twitter.com/ChiefCoolArrow johnjhacking https://twitter.com/johnjhacking rej_ex https://twitter.com/rej_ex w0rmer https://twitter.com/0x686967 https://climate.com/press-releases/transform-data-into-value-with-climate-fieldview/14 https://www.agriculture.com/news/business/john-deere-to-acquire-precision-plting_5-ar50937 https://www.reuters.com/article/us-monsanto-m-a-deere-idUSKBN17X2FZ https://twitter.com/sickcodes/status/1385218039734423565?s=20

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=zpouLO-GXLo

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Sick%20Codes%20-%20The%20Agricultural%20Data%20Arms%20Race%20-%20Exploiting%20a%20Tractor%20Load%20of%20Vulnerabilities%20In%20The%20Global%20Food%20Supply%20Chain.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Sunday - 15:00-15:30 PDT


Title: The Black Box and the Brain Box: When Electronics and Deception Collide
When: Sunday, Aug 8, 15:00 - 15:30 PDT
Where: Hardware Hacking Village (Virtual Talk)

SpeakerBio:Gigs
Gigs is the founder of ##electronics on Freenode (may it rest in peace), and a long time electronics enthusiast and DEF CON HHV volunteer. He, working with see_ess, did the PCB and hardware design for this year’s TorBadge, a mini-polygraph device.
Twitter: @gigstaggart
gigsatdc.org

Description:
Electricity has, from the earliest history of man, been seen as an almost mystical force. From Thor’s lightning onward, various individuals and groups have used electricity and electrical devices to baffle, mystify, mislead, and control people. In the modern day, this practice continues in the form of polygraph, questionable uses of fMRI and EEG, and other high-tech props intended to dazzle the victim or lend a technological veneer of credibility to the user. This talk will focus on the history and current applications of deception by and with electrical and electronic devices.

#hhv-talk-qa-blackbox-brainbox-text https://discord.com/channels/708208267699945503/709254868329693214

Twitch: https://twitch.tv/dchhv


Hardware Hacking Village talks will be streamed to Twitch.

Twitch: https://www.twitch.tv/dchhv


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 11:00-11:45 PDT


Title: The PACS-man Comes For Us All: We May Be Vaccinated, but Physical Access Control Still Sucks
When: Sunday, Aug 8, 11:00 - 11:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded
Speakers:Anze Jensterle,Babak Javadi,Eric Betts,Nick Draffen

SpeakerBio:Anze Jensterle
Anze Jensterle is a Computer Science student by day, professional door opener by night that comes from Slovenia (not Slovakia). Having been involved with InfoSec since he was 17, when he made his first bug bounty, he has continuously been developing his skills in different areas including Web, RFID and Embedded System Security.
Twitter: @applejacksec

SpeakerBio:Babak Javadi
Babak Javadi is the Founder of The CORE Group and Co-Founder of the Red Team Alliance. In 2006 he co-founded of The Open Organisation of Lockpickers, serving as Director for 13 years. As a professional red teamer with over a decade of field experience, Babak’s expertise includes disciplines from high-security mechanical cylinders to alarms and physical access controls.
Twitter: @babakjavadi

SpeakerBio:Eric Betts
Eric Betts is an exuberant, passionate, pragmatic software engineer. He is an avid open-source contributor. He likes to buy all the latest gadgets, and then take them apart. His claim to fame is making $10k from Snapchat (without taking his clothes off) for an RCE bug bounty. He responds to "Bettse" both online and in-person.
Twitter: @aguynamedbettse

SpeakerBio:Nick Draffen
Nick Draffen sometimes gives off a mad scientist vibe, an engineer who dives deep into technology, namely in the area where the physical and digital world meet. By day a security engineer/architect working to secure lab instruments and everything around them, and by night building/breaking things in his lab.
Twitter: @tcprst

Description:
It's 2021. You’re still here! You’re vaccinated! You should be happy and carefree! And yet…the PACS-man still haunts us all. Why should this be? Don’t we have newer, better tech with more bits of encryption and fewer wires? Haven’t the professional sentinels we’ve entrusted with our physical security software-defined ALL THE THINGS and made them better?

Nay, these are but fruits of the poisonous physical security tree! Come, fellow hackers and weary travelers, visit with the ghosts of access control and learn of the lies they’ve laid before us!

Come see how false guardians have used BLE slight-of-hand to increase complexity and cost while reducing security and ask that they be paid a tithing for the privilege! Witness young software-defined gladiators do battle in an arena they did not prepare for and falter!

Behold as our friendly ghosts of access control forge never-before seen tools to help slay false security prophets!

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=NARJrwX_KFY

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Babak%20Javadi%20Nick%20Draffen%20Eric%20Bettse%20Anze%20Jensterle%20-%20The%20PACS-man%20Comes%20For%20Us%20All.mp4


This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Sunday - 13:00-13:30 PDT


Title: The Security of Your Digital DNA, from Inception to Death
When: Sunday, Aug 8, 13:00 - 13:30 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Garrett Schumacher , Cybersecurity Engineer at Velentium | Co-Founder & CTO at GeneInfoSec
Garrett Schumacher both hacks biology and defends it. He began his career in genetics and biotech, but he now focuses on infosec within these fields. He is a medical device cybersecurity engineer at Velentium, the co-founder and CTO of GeneInfoSec, and an instructor at the University of Colorado.
Twitter: @GJSchumacher

Description:
Genetic data is some of your most sensitive and personal info, and it is being used to advance society. However, it is also identifiable, immutable and weaponizable. For these and other reasons, our genetic data deserves the highest security. But how secure is its point of origin? This talk will cover the current genetic threat landscape and the potential risks from the misuse of genetic data. A focus will be applied to DNA sequencers and their operational environments, where both digital genetic data and insecurity are introduced into the system.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Sunday - 09:00-09:30 PDT


Title: The State of AI Ethics
When: Sunday, Aug 8, 09:00 - 09:30 PDT
Where: AI Village (Virtual)

SpeakerBio:Abishek Gupta
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.


Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 13:00-13:59 PDT


Title: Timeless Timing Attacks
When: Sunday, Aug 8, 13:00 - 13:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
Speakers:Mathy Vanhoef,Tom Van Goethem

SpeakerBio:Mathy Vanhoef
Mathy Vanhoef is a postdoctoral researcher at New York University Abu Dhabi. His research interest lies in computer security with a focus on network and wireless security (e.g. Wi-Fi), software security, and applied cryptography. In these areas Mathy tries to bridge the gap between real-world code and (protocol) standards. He previously discovered the KRACK attack against WPA2, the RC4 NOMORE attack against RC4, and the Dragonblood attack against WPA3.
Twitter: @vanhoefm

SpeakerBio:Tom Van Goethem
Tom Van Goethem is a researcher with the DistriNet group at KU Leuven in Belgium, mainly focusing on practical side-channel attacks against web applications and browsers. By exposing flaws that result from the unintended interplay of different components or network layers, Tom aims to bring us closer to a more secure web that we all deserve. He has spoken at various venues such as Black Hat USA and Asia, OWASP Global, and USENIX Security. In his spare time, Tom provides animal sculptures with pink tutus.
Twitter: @tomvangoethem

Description:
25 years ago, the first timing attacks against well-known cryptosystems such as RSA and Diffie-Hellman were introduced. By carefully measuring the execution time of crypto operations, an attacker could infer the bits of the secret. Ever since, timing attacks have frequently resurfaced, leading to many vulnerabilities in various applications and cryptosystems that do not have constant-time execution. As networks became more stable and low-latency, it soon became possible to perform these timing attacks over an Internet connection, potentially putting millions of devices at risk. However, attackers still face the challenge of overcoming the jitter that is incurred on the network path, as it obfuscates the real timing values. Up until now, an adversary would have to collect thousands or millions of measurements to infer a single bit of information.

In this presentation, we introduce a conceptually novel way of performing timing attacks that is completely resilient to network jitter. This means that remote timing attacks can now be executed with a performance and accuracy that is similar as if the attack was performed on the local system. With this technique, which leverages coalescing of network packets and request multiplexing, it is possible to detect timing differences as small as 100ns over any Internet connection. We will elaborate on how this technique can be launched against HTTP/2 webservers, Tor onion services, and EAP-pwd, a popular Wi-Fi authentication method.

REFERENCES
See page 15 to 17 in our paper for a list of references: https://www.usenix.org/system/files/sec20-van_goethem.pdf

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=s5w4RG7-Y6g

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Tom%20Van%20Goethem%20Mathy%20Vanhoef%20-%20Timeless%20Timing%20Attacks.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 11:00-11:59 PDT


Title: Top 20 Secure PLC Coding Practices
When: Sunday, Aug 8, 11:00 - 11:59 PDT
Where: ICS Village (Virtual)
Speakers:Sarah Fluchs,Vivek Ponnada

SpeakerBio:Sarah Fluchs , CTO, admeritia
Sarah Fluchs is the CTO of admeritia, which specializes in security consulting for the process industry, manufacturing, and critical infrastructures. A process and automation engineer herself, Sarah is convinced that creating solid engineering methods that speak the language of automation engineers is key for OT Security. Her main research interests include security and systems engineering, security for safety, and security engineering information models. Sarah is an active contributor to ISA/IEC standards and a board member at the ISA Standards & Practices board and the German water industry organization KDW. She writes a monthly ""security briefing for hard hats"" (admeritia.de/hardhats) and a blog (fluchsfriction.medium.com). She's one of the founders and leaders of the Top 20 Secure PLC Coding Project (plc-security.com).
Twitter: @SarahFluchs

SpeakerBio:Vivek Ponnada , GE
Vivek Ponnada works for GE as a Service Manager and is responsible for GE's Gas Power transactional customers (Utilities and Co-generation) across Canada. Prior to this role, he was in Sales & Business development (Control system upgrades and Cybersecurity solutions), and started his career as a Field Engineer, commissioning turbine controls systems in Europe, Africa, Middle-East and South East Asia. Vivek is passionate about industrial controls cybersecurity and enjoys learning & contributing to the security community.
Twitter: @ControlsCyber

Description:
This presentation is the outcome of a community driven project called "Top 20 Secure PLC Coding Practices", with document version 1.0 to be released on plc-security.com on June 15th, 2021, for downloading free or charge, and will have no restrictions on distribution and use.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Sunday - 12:00-12:59 PDT


Title: Twitter Ethics Bug Bounty: Winners and Wrap-up
When: Sunday, Aug 8, 12:00 - 12:59 PDT
Where: AI Village (Virtual)

SpeakerBio:Rumman Chowdhury
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.


Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 11:15-11:59 PDT


Title: Understanding common Google Cloud misconfiguration using GCP Goat
When: Sunday, Aug 8, 11:15 - 11:59 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Joshua Jebaraj
Joshua Jebaraj is Security Researcher at we45. He is an active member of many open-source communities like Null, Ansible and Hashicorp. He frequently speaks at null Chennai chapter and OWASP Vit Chennai. He has previously spoken at conferences like Owasp-Seasides,Bsides-Delhi and Open-Security-Summit.
Twitter: @joshva_jebaraj

Description:
As organisations workflows move into the cloud we see a wider adoption of cloud based platforms like Google Cloud (GCP). While cloud based platforms offer a higher level of scalability critical aspects into security can fall to the sidelines. With cybersecurity attacks on the rise in the cloud space (Gitlab-blog, Rhino-security-blog) we have to make sure all our applications hosted on cloud infrastructure like GCP are kept safe. The talk starts with the common service misconfiguration like open buckets and moves to advanced and GCP specific services like, gcloud container registry. This talk not only covers the offensive side but also covers the defensive side where the audience will see demonstration of how those vulnerabilities can be mitigated. GCP Goat is an intentionally vulnerable project which consists of common misconfiguration in the Google Cloud that is open source for the audience to test their newly learned information after the talk. By the end of the talk the audience will have a better understanding of the common threat surface on GCP and How they can mitigate it. The talk starts with Introduction about the GCP goat and how we can deploy it(5 mins) -

Cloud Village activities will be streamed to YouTube.

YouTube: https://www.youtube.com/cloudvillage_dc


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Sunday - 11:30-12:30 PDT


Title: Use a PortaProg to flash, dump, and test ISP and UPDI chips
When: Sunday, Aug 8, 11:30 - 12:30 PDT
Where: Hardware Hacking Village (Virtual Talk)
Speakers:Bradán Lane,Sara Cladlow

SpeakerBio:Bradán Lane
Bradán Lane is a UX Design and User Researcher who had his own ““Alice’s Adventures in Wonderland”” experience when he discovered badge making. While he has made a number of fun blinky beepy ornaments and badges, his found his passion with the 2020 eChallengeCoin - an interactive and text story challenge puzzle. To help with his development, he created the PortableISP. The 2021 eChallengeCoin required a new chip which precipitated the creation of the PortaProg which serves as both his development tool an his production and test device.

Website: https://aosc.cc
https://gitlab.com/bradanlane
https://aosc.cc/blinks

Twitter: @bradanlane

SpeakerBio:Sara Cladlow
No BIO available

Description:
What is a PortaProg and why would I use it? You can use the PortaProg for flashing firmware to a wide range of Atmel chips using the ISP or UPDI interfaces. It can also read/write FUSES, and access EEPROM. It can flash a chip interactively during development or from its on-board SPIFFS storage at the bench or in the field. The talk will demonstrate it being used for rapid programming of ATTiny badges, performing an update to an ATMega device in the field, and dumping the firmware from an Ardiuno based device without a computer. You will also see how the PortProg has spawned a 3D printed plug-and-play test jig design …. or just attend to see if the demos crash and burn.

#hhv-talk-qa-use-a-portaprog-text https://discord.com/channels/708208267699945503/739571364821729310

Twitch: https://twitch.tv/dchhv


Hardware Hacking Village talks will be streamed to Twitch.

Twitch: https://www.twitch.tv/dchhv


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Sunday - 09:00-09:59 PDT


Title: Walkthrough of DC 28 HHV Challenges
When: Sunday, Aug 8, 09:00 - 09:59 PDT
Where: Hardware Hacking Village (Virtual Talk)

SpeakerBio:rehr
Rehr is an electrical engineering, and long-time Hardware Hacking Village volunteer. He enjoys teaching and creating challenges that help grow and challenge the hardware hacking community.
Twitter: @mediumrehr

Description:
Last year we (the HHV) released a series of hardware hacking challenges for DEF CON attendees to solve during the conference (and after). Many attempted the challenges, but only a few (3) solved all 5! Join us as we will walk through how to solve all 5 of the DC 28 HHV challenges, and attempt to demystify the world of hardware hacking. We may even drop a hint or two for this years’ challenges.

#hhv-challenge-text https://discord.com/channels/708208267699945503/739567199647301702

Twitch: https://twitch.tv/dchhv


Hardware Hacking Village talks will be streamed to Twitch.

Twitch: https://www.twitch.tv/dchhv


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Sunday - 10:00-10:15 PDT


Title: Welcome Note
When: Sunday, Aug 8, 10:00 - 10:15 PDT
Where: Blockchain Village / Paris Vendome B
Speakers:Nathan,Ron Stoner

SpeakerBio:Nathan
No BIO available

SpeakerBio:Ron Stoner
No BIO available

Description:No Description available

This content will be presented live and in-person.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 13:00-13:45 PDT


Title: Why does my security camera scream like a Banshee? Signal analysis and RE of a proprietary audio-data encoding protocol
When: Sunday, Aug 8, 13:00 - 13:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Rion Carter
Rion likes to solve interesting problems- the more esoteric and niche the better! He has varied interests ranging from software development and reverse-engineering to baking and recipe hacking. Rion currently works in DevSecOps where he and his colleagues wonder how they'll be rebranded next (DevSecBizFinOps?). Rumor has it that he bakes a mean batch of fudge brownies.

Description:
All I wanted was a camera to monitor my pumpkin patch for pests, what I found was a wireless security camera that spoke with an accent and asked to speak with my fax machine. Join me as I engage in a signals analysis of the Amiccom 1080p Outdoor Security Camera and hack the signal to reverse engineer the audio tones used to communicate and configure this inexpensive outdoor camera. This journey takes us through spectrum-analysis, APK decompiling, tone generation in Android and the use of Ghidra for when things REALLY get hairy.
REFERENCES
- JADX: Dex to Java Decompiler - https://github.com/skylot/jadx - Efficiency: Reverse Engineering with ghidra - http://wapiflapi.github.io/2019/10/10/efficiency-reverse-engineering-with-ghidra.html - Guide to JNI (Java Native Interface) - https://www.baeldung.com/jni - JDSP - Digital Signal Processing in Java - https://psambit9791.github.io/jDSP/transforms.html - Understanding FFT output - https://stackoverflow.com/questions/6740545/understanding-fft-output - Spectral Selection and Editing - Audacity Manual - https://manual.audacityteam.org/man/spectral_selection.html - Edit>Labelled Audio>everything greyed out - https://forum.audacityteam.org/viewtopic.php?t=100856 - Get a spectrum of frequencies from WAV/RIFF using linux command line - https://stackoverflow.com/questions/21756237/get-a-spectrum-of-frequencies-from-wav-riff-using-linux-command-line - How to interpret output of FFT and extract frequency information - https://stackoverflow.com/questions/21977748/how-to-interpret-output-of-fft-and-extract-frequency-information?rq=1 - Calculate Frequency from sound input using FFT - https://stackoverflow.com/questions/16060134/calculate-frequency-from-sound-input-using-fft?rq=1 - Intorduction - Window Size - https://support.ircam.fr/docs/AudioSculpt/3.0/co/Window%20Size.html - Android: Sine Wave Generation - https://stackoverflow.com/questions/11436472/android-sine-wave-generation - Android Generate tone of a specific frequency - https://riptutorial.com/android/example/28432/generate-tone-of-a-specific-frequency - Android Tone Generator - https://gist.github.com/slightfoot/6330866 - Android: Audiotrack to play sine wave generates buzzing noise - https://stackoverflow.com/questions/23174228/android-audiotrack-to-play-sine-wave-generates-buzzing-noise

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=JpL3lySZNeM

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Rion%20Carter%20-%20Why%20does%20my%20security%20camera%20scream%20like%20a%20Banshee-%20Signal%20analysis%20and%20RE%20of%20a%20proprietary%20audio-data%20encoding%20protocol.mp4


This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two


Return to Index    -    Add to    -    ics Calendar file

 

WS - Sunday - 10:00-13:59 PDT


Title: Windows Internals
When: Sunday, Aug 8, 10:00 - 13:59 PDT
Where: Workshops - Jubilee 1 (Onsite Only)
Speakers:Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman

SpeakerBio:Sam Bowne , Proprietor, Bowne Consulting
Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, HOPE, BSidesSF, BSidesLV, RSA, and many conferences and colleges.

SpeakerBio:Elizabeth Biddlecome , Consultant and Part-Time Instructor
Elizabeth Biddlecome is a consultant and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.

SpeakerBio:Irvin Lemus , Cybersecurity Professor
Irvin Lemus has been in the industry for 10+ years as an MSP technician, consultant, instructor and coordinator. He is currently the cybersecurity professor at Cabrillo College in Santa Cruz, CA. He also is the Bay Area Cyber Competitions Regional Coordinator as well as the contest creator for SkillsUSA CA and FL. Irvin has spoken at various cybersecurity and educational conferences. Irvin holds a CISSP and a Bachelor's Degree in Information Security.

Irvin Lemus is an instructor at Cabrillo College, teaching cyber security courses for 3 years. Irvin runs the cybersecurity competition program for the Bay Area Community Colleges. He also creates the SkillsUSA Cybersecurity contests for California and Florida. He has Security+, CySA+, WCNA, CISSP.


SpeakerBio:Kaitlyn Handelman , Hacker
I like to hack stuff, and I’m like really good at computers.

Description:
Explore the structure of Windows executable files and the operating system itself, to better understand programs, services, malware, and defenses. Projects include: cheating at games, building malicious DLL libraries, stealing passwords from the API, building a keylogger, and debugging a driver. Tools used include FLARE-VM, pestudio, API Monitor, Visual Studio, OllyDbg, IDA Pro, Ghidra, and WinDbg. No previous experience with programming is required.

To prepare for this workshop, please prepare a FLARE-VM in advance, as explained here: https://samsclass.info/126/proj/PMA40.htm

Registration Link: https://www.eventbrite.com/e/windows-internals-jubilee-1-tickets-162218647341

Prerequisites
Previous experience troubleshooting Windows is helpful but not required

Materials needed:
A computer that can run virtual machines locally, or a few dollars to rent cloud servers


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Sunday - 10:00-13:59 PDT


Title: Workshop: Practically Protecting Phone Privacy (Pre-registration required)
When: Sunday, Aug 8, 10:00 - 13:59 PDT
Where: See Description
Speakers:Mauricio Tavares,Matt Nash

SpeakerBio:Mauricio Tavares
Mauricio has worked in the credit card and medical industry, which led to an interest in the behavioral aspect of data security and privacy. He has published in topics ranging from aerospace engineering to computer automation and data privacy. Currently, he is the senior security engineer of some multinational research project or another, helping craft the policies and procedures and advise IT staff to effectively protect it, shiny thingies, and laser pointers. And maybe user and data privacy in the process.

He only knows two facts about geese, both of which are wrong.


SpeakerBio:Matt Nash
Matt Nash breaks things (sometimes intentionally)

As a security consultant, Matt works in a variety of realms, including: internal/external network infrastructure, cloud environments, web applications, automated teller machines (ATMs), physical security, social engineering, digital forensics and incident response, mobile, and wireless. As well, these assessments span a number of sectors: energy, utility, manufacturing, software development, financial, retail, municipal, and medical.

Matt holds a B.S. in Food and Resource Economics, and is therefore totally qualified to speak on the tasty topics of security and privacy.


Description:
This workshop will be held on Zoom. Join here: https://unc.zoom.us/j/9853325800?pwd=WTlDYlRPM1ZTUEtkOG5uelc5Rk5Ddz09 Meeting ID: 985 332 5800
Passcode: 800855

Your phone is a little snitch. For as long as it is turned on, it is monitoring your activities (physical and digital). It knows where you go, who else may be around, and likely what you are doing. Further, it shares (at least some of) the information with different organizations - which then sell or directly aggregate the data to profile you for fun and profit. The modern phone compromises your privacy by design.

To add insult to injury, you do not have a say on it. Or do you?

If you're willing to put in some effort, you can do something about it. But, it will require more than just installing some app with a big Easy Button. If we can do it, so can you!

Takeaways

Attendees will come out of this workshop with a privacy mindset:

Who should take this workshop:

Audience Skill Level:

Beginner/Intermediate

Attendees' requirements:

What student should bring:

INSTRUCTIONS

https://github.com/matthewnash/building-phone-privacy


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Sunday - 13:00-13:59 PDT


Title: Wrap Up
When: Sunday, Aug 8, 13:00 - 13:59 PDT
Where: AI Village (Virtual)

SpeakerBio:AI Village Organizers
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.


Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Sunday - 12:30-12:59 PDT


Title: Year of Mentoring: BTV’s Meet-a-Mentor Turns One
When: Sunday, Aug 8, 12:30 - 12:59 PDT
Where: Blue Team Village - Main Track (Virtual)

SpeakerBio:muteki
muteki is the Meet-a-Mentor Lead as well as a director of Blue Team Village, a not-for-profit organization bringing free Blue Team talks, workshops and more to the broader InfoSec community.

Description:
Blue Team Village's Meet-a-Mentor program turns 1 year old at DEF CON 29! Join us as we share all the work we've done and what we've learned in the past year, and also listen to three mentor-mentee matches share their experiences with us.

Visit https://www.blueteamvillage.org/meet-a-mentor/ for more info on the program.


Blue Team Village talks will be streamed to Twitch.

--

Twitch: https://twitch.tv/blueteamvillage


Return to Index    -    Add to    -    ics Calendar file