The ONE!

One Schedule to Rule them All!


Welcome to the "One Schedule to Rule them All!". Thank you for your interest by using this. This is an attempt to make things easier for you, the DEF CON attendee, to figure out the when/what/where during the chaos of DEF CON 29.

It started out simple. I had a Kindle and wanted an ebook of the schedule so I didn't have to wear out the paper pamphlet by pulling it out after every talk to figure out where to go next. Back then there was only the main DEF CON tracks, not really any Villages, and production of the ebooks were easy. Over time the Village system developed with a resulting multiplication in complexity, both for attendees and for my production. The offerings no longer include epub and mobi formats and instead now include html, csv, PDF, ical, public Google calendar, and mysql dump format files. Hopefully you'll find something of use.

The intent is still to be a resource to answer the question at the end of an hour of "What's next?"

As a general rule I do not include:

Be sure to check out the Links section at the bottom of this. Most all of the events listed here were derived from these links and a Infoboot data feed. There is much more going on at DEF CON than what is listed here.

Check out the Guides/Tips/FAQs links if you're new to Las Vegas.
Notable suggestions are:

And finally, this is only as good as the ideas and information used to generate it. I welcome your constructive suggestions and comments. Please send them to qumqats@outel.org

Have a good time at DEF CON 29!


Index of DEF CON 29 Activities


Maps and detailed Village Info

Hour by Hour list of happenings, start at the top, or go to a specific day.
Schedule
 - Thursday  - Friday  - Saturday  - Sunday

Sorted list of all the Speakers Names linked to their talk's description.
Speaker List

Sorted list of all the Talk's titles linked to the talk description.
Talk Title List

Talk lists for each Village, start at the alphabetic top, or go to a specific Village.
Village Talk List
    AIV - APV - ASV - AVV - BCV - BHV - BICV - BTV - CAHV - CCV - CHV - CLV - CON - CPV - DC - DDV - DL - HHV - HRV - HTSV - ICSV - IOTV - LBV - LPV - MUS - PHV - PYV - RCV - RFV - RGV - SEV - SOC - VMV - WS

Descriptions and Info for all the talks.
Talk Descriptions

The latest news from defcon.org
DEF CON News

The answer to your questsions about DEF CON overall and for this year.
DEF CON FAQ
DEF CON 29 FAQ

Links to DEF CON 29 related pages

Maps and detailed Village Info



Full map of both Ballys's and Paris

Closeup view of activities at Paris

Full Map

Closeup view of activities at Bally's

Full Map
Closeup of Ballys' Resort/Indigo Tower 26'th floor and Jubilee Tower 2/3 floors

Full Map


AVV - Adversary Village


AVV VillageTalk List:
Home Page: https://adversaryvillage.org/index.html
Sched Page: https://adversaryvillage.org/adversary-events/DEFCON-29/
DC Forums Page: https://forum.defcon.org/node/236914
DC Discord Chan: https://discord.com/channels/708208267699945503/865456992101466192
Hours: Fri: 11:00 - 21:00 - Sat: 10:00 - 21:00 - Sun: 10:00 - 17:00
Social Media Links:
   TW @AdversaryVillag
   IG @AdversaryVillage
   LI @adversaryvillage
   FB @AdversaryVillage
   TI @AdversaryVillage
   DC https://discord.gg/GDB3rC7KYz
   YT link

The "Adversary Village" is a community torqued combat readiness platform purely focused on Adversary simulation, emulation tactics, Simulation CTFs, Supply chain security attack tactics, Adversary Tactics and urban survival skills.

This is different from any of what has been covered in the existing villages because our focus is on simulation of the actions of a threat actor or an adversary and this being simulated here.

As this domain matures, we anticipate active participation from enterprises as such simulations would help immensely towards internal capacity building from having a "live fire" training opportunity. An increasing number of researchers too are focusing on building tools and techniques for simulation of various adversarial actions against an organization or Supply chain, instead of actual real-world exploitation.The goal of the Adversary Village would be to build an open Security community for the researchers and organizations, who are putting together new means and methodologies towards the simulation/emulation of adversary tactics.


Return to Index

ASV - Aerospace Village


ASV VillageTalk List:
Home Page: https://aerospacevillage.org/
Sched Page: https://aerospacevillage.org/events/upcoming-events/def-con-29/def-con-29-schedule/
DC Forums Page: https://forum.defcon.org/node/236573
DC Discord Chan: https://discord.com/channels/708208267699945503/732393044363444264
Hours: Fri: 10:00 - 16:00 - Sat: 10:00 - 16:00
Social Media Links:
   TW @secureaerospace
   LI @aerospace-village
   TW @hack_a_sat

The Aerospace Village at DEF CON will encompass all aspects of the aerospace sector ranging from airports, air traffic management, aircraft and space.

The aviation and space industries, security researchers, and the public share a common goal: safe, reliable, and trustworthy aviation and space operations. For too long, negative perceptions and fractured trust on all sides have held back collaboration between the aviation, space, and security researcher communities that has advanced safety, reliability, and security of other industries. As the traditional domains of aviation safety and cybersecurity increasingly overlap, more effective collaboration between stakeholders ensures we will be safer, sooner, together.

Through the Aerospace Village, the security research community invites industry leaders, researchers and academia interested in aviation and space security, safety, and resilience to attend, understand, collaborate together to achieve our common goals. Empathy and understanding build common ground, while acts and words likely to increase division between these two communities undermine these efforts. The Aerospace Village welcomes those who seek to improve aviation and space security, safety, and resilience through positive, productive collaboration among all ecosystem stakeholders.

Our Goal
The Aerospace Village is a volunteer team of hackers, pilots, and policy advisors who come from the public and private sectors. We believe the flying public deserves safe, reliable, and trustworthy air travel which is highly dependent on secure aviation and space operations.

Our Mission
Create, sustain, and grow an inclusive community focused on aerospace cybersecurity;

Inspire the next generation of aerospace cybersecurity leaders; Promote and develop aerospace cybersecurity expertise and knowledge.

The Aviation Village will do this by:
- Building connections, trust, and understanding among all Village participants. - Developing aerospace security skills among DEF CON attendees through workshops and hands-on activities. - Promoting constructive dialog through talks and interaction.?


Return to Index

AIV - AI Village


AIV VillageTalk List:
Home Page: https://aivillage.org/
Sched Page: https://aivillage.org/events/2020/8/4/ai-village-def-con-28-safe-mode-w6wsl
DC Forums Page: https://forum.defcon.org/node/236533
DC Discord Chan: https://discord.com/channels/708208267699945503/732733090568339536
Hours: Fri: 09:00 - 17:00 - Sat: 09:00 - 17:00 - Sun: 09:00 - 14:00
Social Media Links:
   TW @aivillage_dc
   TI @aivillage
   YT link
   DC https://aivillage.org/discord-guide

Artificial Learning techniques are becoming more prevalent in core security technologies like malware detection and network traffic analysis. Its use has opened up new vectors for attacks against non-traditional targets, such as deep learning based image recognition systems used in self driving cars. There are unique challenges in defending and attacking these machine learning systems that the security community needs to be made aware of. This AI Village will introduce DEF CON attendees to these systems and the state of the art in defending and attacking them. We will provide a setting to educate DEF CON at large through workshops and a platform for researchers in this area to share the latest research.

Our main focus is on expanding the hands-on activities that attendees can participate in. This year, attendees will create a realistic face using StyleGAN, learn how to generate text, and attack a discriminatory resume screening program. We'll also have talks via CFP, and workshops: both introductory ML for beginners and intermediate/advanced on Facial Recognition/Adversarial ML. We are planning three contests inside the village: one as a standard CTF, another on evading a malware classifier (Ember), and a final realtime panel of Deepfaked DarkTangent's answering personal questions and giving opinions on life, the universe, and everything!


Return to Index

APV - AppSec Village


APV VillageTalk List:
Home Page: https://www.appsecvillage.com/
Sched Page: https://www.appsecvillage.com/events/dc-2021
DC Forums Page: https://forum.defcon.org/node/236574
DC Discord Chan: https://discord.com/channels/708208267699945503/790973922949726228
Social Media Links:
   TW @AppSec_Village
   LI @appsecvillage
   YT https://www.youtube.com/c/AppSecVillage

The first two AppSec Villages were a resounding success. We learned that whether in person or online, our AppSec community is fantastic. We are pumped to be back bigger and better.

Come immerse yourself in everything the world of application security has to offer. Whether you are a red, blue, or purple teamer, come learn from the best of the best to exploit software vulnerabilities and secure software. Software is everywhere, and Application Security vulnerabilities are lurking around every corner, making the software attack surface attractive for abuse. If you are just an AppSec n00b or launch deserialization attacks for fun and profit, you will find something to tickle your interest at the AppSec Village.

Software runs the world. Everything from IoT, medical devices, the power grid, smart cars, voting apps - all of it has software behind it. Such a variety of topics will be reflected in our cadre of guest speakers representing all backgrounds and walks of life.

AppSec Village welcomes all travelers to choose from talks by expert community members, an all AppSec-focused CTF, contests that challenge your mind and your skillz, and more. Bring your thirst for knowledge and passion for breaking things, and your visit to AppSec Village will be a thrill!

Like in the previous villages (but better this time), we will focus our efforts on hands-on activities and practical learning activities. We are planning workshops, interactive demos, step-by-step guided walkthroughs, CTF for AppSec beginners, and a reversed CTF for level builders.


Return to Index

BCV - Blockchain Village


BCV VillageTalk List:
Home Page: https://www.blockchainvillage.net/
Sched Page: https://www.blockchainvillage.net/schedule-2021/
DC Forums Page: https://forum.defcon.org/node/236915
DC Discord Chan: https://discord.com/channels/708208267699945503/732733136408019084
Hours: Fri: 10:00 - 17:30 - Sat: 10:00 - 18:00 - Sun: 10:00 - 13:30
Social Media Links:
   TW @BCOSvillage

Blockchain Village is a 'Not for Profit' event organized as a part of Information Security conferences like DEF CON. Primary focus of Blockchain village is to promote, research, development & knowledge sharing around security of blockchain technology and applications of blockchain in the field of information security.

The village organizes hands-on workshops, contests, discussions and talks by & for the community members. The event, its members and supporters form across the world love to share the best research & latest content with our awesome community.

This year at Blockchain Village we bring back Capture-The-Coin contest running in parallel with more hands on workshops (Mathematical and Practical) along with cutting edge Talks-n-Tools, noteworthy Demos-n-Discussions, all focused on security of Blockchains and Distributed Applications.

Join us at DEF CON 29 as we celebrate the power + potential of Distributed applications, enabled by Blockchain technology.


Return to Index

BICV - Blacks in Cybersecurity


BICV VillageTalk List:
Home Page: https://www.blacksincyberconf.com/
Sched Page: https://www.blacksincyberconf.com/bic-village
DC Forums Page: https://forum.defcon.org/node/236923
Hours: Fri: 10:00 - 17:00 - Sat: 10:00 - 17:00
Social Media Links:
   TW @BlackInCyberCo1
   IG @blackincyberconf
   TI @blacksincybersecurity
   YT https://youtu.be/YsUw9z_gZzY
   LI @blackincyberconference
   PT @blacksincybersecurity
   FB @blackincyberconf

The Blacks In Cybersecurity (BIC) Village seeks to bring culturally diverse perspectives to the holistic Cybersecurity community; by way of a series of talks and a capture the flag event.

In providing these activities, we believe that we can normalize the discussion of deficiency and prejudices in Cybersecurity literacy, education and development that ultimately impact the progress and development of the field.

Our village programming is also designed to highlight Black experiences, innovations in the field, Black culture and Black history which is designed to encourage more diverse hobbyists and professionals to engage and contribute to this conference and the greater Cybersecurity and Hacker/Maker communities.


Return to Index

BHV - Bio Hacking Village


BHV VillageTalk List:
Home Page: https://www.villageb.io/
DC Forums Page: https://forum.defcon.org/node/236534
DC Discord Chan: https://discord.com/channels/708208267699945503/735273390528528415
Social Media Links:
   TW @dc_bhv
   LI @biohacking-village
   YT http://youtube.com/biohackingvillage
   TI @biohackingvillage
   DC https://discord.gg/Q8ubDb5
   SP link

Growing from seeds of demand, the Biohacking Village emerged at DEF CON to deliver action-oriented reinvention of the safety and security of health care. THE BIOHACKING VILLAGE, a 501(c)3 organization, is uniquely poised to inform global conversations in health care cybersecurity research. Representing voices who see code as genetics, subroutines as organic processes, and programs as life itself the BHV has grown to become an expansive and inclusive, hands-on playground for the entire biomedical ecosystem - patients, clinicians, hackers, manufacturers, regulators, hospital administrators, and others seeking healthier futures through meaningful technology. This nimble community delivers hands-on, strident learning labs to influence in health care, industry, and manufacturing.

We bring the biomedical ecosystem to DEF CON in four ways:

Device Lab
A high-collaboration, hands-on learning environment builds trust and trustworthiness across multidisciplinary voices in healthcare, connecting security researchers, manufacturers, hospitals, and regulators in an experiential learning laboratory that encourages cross-pollination and real-world skills development. Device Lab research benefits patients and manufacturers by providing valuable, high-fidelity feedback on established, new, and developing devices.

Speaker Lab
Connection starts with shared experiences. Speakers at BHV have walked the walk - from their adventures in garage science to the emerging threats they uncover to next generation solutions and next level care. Full Stack Biotechnologists, security researchers, regulators, clinicians, citizen scientists, patients, and engineers enlighten and inspire BHV attendees through creative and collaborative discussions around emerging technologies and threats, novel work in biologics, security architectures, and the opportunities inside the interdisciplinary nature of healthcare.

Catalyst Lab
The worlds largest, meatiest problems cross through the BHV and the Catalyst Lab works to convene thought leaders, hacktivists, and manufacturers working in the biomedical industry to investigate the solutions of best fit and provide a series of tabletops for training, hands-on workshops, and solutions design that covers the entirety of the biomedical device and security ecosystem.

Capture The Flag
Hackers work to defend a hospital under siege, racing against the clock. The immersive, learn by doing environment challenges hackers to use their skills to anticipate, defend, and recover, as their adversary escalates their attacks throughout the game.


Return to Index

BTV - Blue Team Village


BTV VillageTalk List:
Home Page: https://blueteamvillage.org/
Sched Page: https://dc29.blueteamvillage.org/call-for-content-2021/schedule/
DC Forums Page: https://forum.defcon.org/node/236535
DC Discord Chan: https://discord.com/channels/708208267699945503/732454317658734613
Social Media Links:
   TW @BlueTeamVillage
   TI @blueteamvillage
   YT https://www.youtube.com/c/blueteamvillage
   DC https://discord.com/invite/blueteamvillage

We're still standing for our fourth DEF CON! Coming through the looking glass to showcase the defensive side of hacking, Blue Team Village is where you can find out all the multifarious facets of what it means to be a defender. You'll be able to teach and learn about the various ways to keep people safe - and how to subvert attacker expectations to turn their methods back on them.

You'll also be able to find community and mentor-ship within the defensive hacking paradigm, allowing you to find your path within this specialization to learning new skills and refining your old ones.

If you're looking for a community of like-minded hackers with a tendency towards forensics, threat hunting, and other blue-aligned topics, come celebrate the art of defensive hacking with us!


Return to Index

CHV - Car Hacking Village


CHV VillageTalk List:
Home Page: https://www.carhackingvillage.com/
DC Forums Page: https://forum.defcon.org/node/236536
DC Discord Chan: https://discord.com/channels/708208267699945503/732722838942777474
Hours: Fri: 10:00 - 16:30 - Sat: 10:00 - 16:30
Social Media Links:
   TW @CarHackVillage
   DC https://discord.gg/JWCcTAM

Learn, hack, play. The Car Hacking Village is an open, collaborative space to hack actual vehicles that you don't have to worry about breaking! Don't have tools? We'll loan you some. Never connected to a car? We'll show you how. Don't know where the controllers are? We'll show you how to take it apart.

Hybrid event this year: We'll be in-person in Las Vegas and Virtual. Check out CarHackingVillage or @CarHackVillage for up-to-date information.

Want to learn more about automotive hacking and cyber security? Check out our talks.

Want to hack mobility scooters? Yes! We'll do that to.

Also, check out the CHV CTF.


Return to Index

CAHV - Career Hacking Village


CAHV VillageTalk List:
Home Page: https://www.youtube.com/CareerHackingVillage
DC Forums Page: https://forum.defcon.org/node/236537
DC Discord Chan: https://discord.com/channels/708208267699945503/732732774347309077
Social Media Links:
   TW @HackingCareer
   YT https://www.youtube.com/CareerHackingVillage

This isnt just getting the next job, it is building, shifting, and presenting skills and capabilities to keep reaching the next level of where you want to go.

In 2020, studies showed that in the hacking community over 45% did not know how to find a job. Post pandemic with unemployment rising, this number has increased to 55%. These studies also show that many hackers do not know the next step in their career. From other studies, hackers have stated that they dont know the top ways to find a job and worse, how to plan the next step in their career. While we talk about the talent shortages, we are not equipping our community with the knowledge, skills, and expertise to sustain their career search and development.

Career Hacking village provides opportunities to build out your career plan and get through the next steps. We have workshops on plan development, resume refinement, identifying mentors, and practice interviews. We will complement this with one-on-one meetings with recruiters for resume review and career mentors for frank conversations about career search and development. New this year will be adding in Mock Interviews to finetune the virtual interviewing process.

The CAHV brings the opportunity to work with the one aspect of tech careers that wont run in the cloud - getting past recruiters and building a career that lets people match their passions with opportunities. No two paths are exactly the same.

From presentations that focus on key aspects of career search and career development to discussions with community career advisors these activities will help community members re-examine their overall career goals and tactics.


Return to Index

CLV - Cloud Village


CLV VillageTalk List:
Home Page: https://cloud-village.org/
Sched Page: https://cloud-village.org/#talks
DC Forums Page: https://forum.defcon.org/node/236916
DC Discord Chan: https://discord.com/channels/708208267699945503/732733373172285520
Hours: Fri: 10:00 - 17:00 - Sat: 10:00 - 17:00 - Sun: 10:00 - 13:20
Social Media Links:
   TW @cloudvillage_dc
   YT https://www.youtube.com/cloudvillage_dc

With the industry shifting towards cloud infrastructure at a rapid speed, the presence of an open platform to discuss and showcase cloud research becomes a necessity.

Cloud village is an open platform for researchers interested in the area of cloud security. We plan to organize talks, tool demos, CTF and workshops around Cloud Security and advancements. We will open Call for Papers/Workshops/Tools as soon as we get an approval from DEF CON.

Our CTF will be a jeopardy style 2.5 days contest where participants will have to solve challenges around Cloud infrastructure, security, recon, etc. These challenges will cover different cloud platforms including AWS, GCP, Azure, Digital Ocean, etc. We will also reward our top 3 teams with awards.


Return to Index

CCV - Cryptocurrency Village


CCV VillageTalk List:
Home Page: https://cryptocurrencyvillage.net/
Sched Page: https://cryptocurrencyvillage.net/#schedule
DC Forums Page: https://forum.defcon.org/node/236522
DC Discord Chan: https://discord.com/channels/708208267699945503/732733510288408676
Social Media Links:
   TW @DEFCONCCVillage
   YT https://www.youtube.com/c/MoneroSpaceWorkgroup

Cryptocurrency is a digital form of peer-to-peer money that is exchanged on decentralized networks independent of any central authority and is cryptographically secured. Networks operate under a set of programmatic rules, which maintains the immutability of a public ledger and ensures against double-spending. Although Bitcoin, Ethereum, and Dogecoin are the most well-known cryptocurrencies, other projects like Monero seek to address scalability, privacy, and censorship resistance in innovative ways.

The Cryptocurrency Village brings together leading experts in the area to explore substantive issues regarding the current state of blockchain technologies, regulatory landscape, and the general cryptocurrency ecosystem. The village hosts keynote talks, panels, workshops, networking events, and parties.


Return to Index

CPV - Crypto Privacy Village


CPV VillageTalk List:
Home Page: https://cryptovillage.org/
DC Forums Page: https://forum.defcon.org/node/236538
DC Discord Chan: https://discord.com/channels/708208267699945503/732734002011832320
Social Media Links:
   TW @cryptovillage
   SL https://cryptovillage.slack.com/
   YT link
   TI @cryptovillage
   YT link

At the Crypto & Privacy Village (CPV) you can learn how to secure your own systems while also picking up some tips and tricks on how to break classical and modern encryption. The CPV features workshops and talks on a wide range of cryptography and privacy topics from experts. We'll also have an intro to crypto talk for beginners, crypto-related games, the infamous CPV puzzle, a key-signing party, privacy-related art installations, and other great events.

The forum for the Gold Bug Crypto Privacy Contest is located here: https://forum.defcon.org/node/236491

The CPV discusses the interesting intersection of privacy and technology as well as building privacy enhancing technologies. We are able to dig into the nitty gritty details of cryptography and give high level crypo intros for those who might feel intimidated by it. We also discuss and hack on major topics and issues: facial recognition technology, license plate readers, privacy enhancing clothing, crypto backdoor laws.


Return to Index

DDV - Data Duplication Village


DDV VillageTalk List:
Home Page: https://dcddv.org/
Sched Page: https://dcddv.org/dc29-schedule
DC Forums Page: https://forum.defcon.org/node/236520
DC Discord Chan: https://discord.com/channels/708208267699945503/732732641694056478
Hours: Thur: 16:00 - 19:00 - Fri: 10:00 - 17:00 - Sat: 10:00 - 17:00 - Sun: 10:00 - 11:00
Social Media Links:
   TW @DDV_DC

It's true, the Data Duplication Village is back for DC 29! We have all the bits and bytes available from infocon.org packed up into nice, neat packages. If you're looking for something to fill up all your unused storage, may I recommend a nice hash table or two with a side of all of the DefCon talks? This is a "free-to-you" service where we're providing you direct access to terabytes of useful data to help build those skills.

HOW IT WORKS
DEF CON will provide a core set of drive duplicators as well as data content options. We accept 6, 8, and 10TB drives on a first come, first served basis and duplicate 'till we can no longer see straight. Bring in your blank SATA3 drives - check them in early - to get the data you want. Come back in about 24 hours to pick up your data-packed drive. Space allowing, we'll accept drives all the way through until Saturday morning - but remember, it's FIFO! It will be a first come, first served to duplicate 'till we drop. Bring labeled 6TB SATA blank drives, and submit them in the queue for the data you want. Come back in 14-24 hours to pick up your data-packed drive. Space allowing, the last drop-offs will be no later than Saturday afternoon and the last drives will run overnight with the final pickup time at 11:30am.

WHAT IS AVAILABLE - Three drives:
6TB drive 1-3: Updated archive of infocon.org plus other "direct from DT" content, built on last years collection and always adding more for your data consuming appetite. 6TB drive 2-3: freerainbowtables.com GSM A51 and MD5 hash tables (Tables 1-2) with about 404 gigs free 6TB drive 3-3: more rainbowtables, lanman, mysqlsha1, ntlm, and some word lists (Tables 2-2) with about 136 gigs free

The DC 29 content will be posted at dcddv.org once finalized

WHAT YOU NEED

If you want a full copy of everything you will need three drives. You can bring back last year's drive(s) to be wiped / updated (you should remove any 2018 stickers).

WHEN TO BE THERE
Data Duplication Village Hours:

We're working on a method to post completed ticket ranges to https://dcddv.org and https://twitter.com/DDV_DC

SIDE NOTES
Be aware that we cleared all the Vegas area stores of every single 6TB drive last year we did this so plan ahead and get them now! Duplicating a 6TB (About 5.46 usable) drive at an average of 120 Megabytes a second comes out to just under 14 hours per drive. With all about 16 duplicators going, we can duplicate about 95 drives concurrently. We're expect to push about 11GB per second out to the drives for 72 hours straight. We did 335 drives for DC24 and we're hoping to do even more at DC25! We are expecting more total duplicator capacity than last year!

THAT'S ALL?
But wait - there's more! At DC27, we made our our stretch goal a reality to provide a pick-and-pull datastore in the DDV. We expect to do it bigger and better this year!


Return to Index

HTSV - Hack the Sea Village


HTSV VillageTalk List:
Home Page: https://hackthesea.org/
DC Forums Page: https://forum.defcon.org/node/236575
DC Discord Chan: https://discord.com/channels/708208267699945503/732733427823935589
Social Media Links:
   TW @hack_the_sea

Hack The Sea Village 3.0, Deep Dive, will be an opportunity for DEF CON attendees to explore the world of underwater robotics, seasteading communities, and hacking with maritime industrial control systems (ICS) and operational technology (OT) through hands-on CTFs, show-and-tells with gear and tools, talks, and hackathon style contests.

With this year's focus on undersea technology, especially robotics and UUV/ROVs we will provide attendees an opportunity to explore the "last frontier" on Earth.


Return to Index

HRV - Ham Radio Village


HRV VillageTalk List:
Home Page: https://hamvillage.org/
Sched Page: https://hamvillage.org/dc29.html
DC Forums Page: https://forum.defcon.org/node/236540
DC Discord Chan: https://discord.com/channels/708208267699945503/732733631667372103
Hours: Sat: 11:00 - 16:45 - Sun: 11:00 - 16:45
Social Media Links:
   TW @HamRadioVillage
   TI @HamRadioVillage
   DC https://discord.gg/hrv

Ham radio isnt just what your grandpa does in the shed out back. Radios are an important piece of technology we use everyday, and amateur (ham) radio has been at the forefront of its development since day one -- we are some of the original hardware hackers! DIY, exploration, and sharing has always been a vital part of our community and the goal of Ham Radio Village is to nurture this growth into the next generation with all of the amazing people at DEF CON.

Our village will have demos, talks, presentations, contests, and of course, license exams!

So come visit Ham Radio Village to learn more about the hobby, including how antennas work (and how to build your own), how to actually use that software defined radio sitting on the shelf, how to trackdown a rogue transmitter with a handheld radio, and how you can legally transmit 1,500 Watts into the airwaves after taking a simple multiple-choice test!

One of the unique things about ham radio is that it goes deep into the theory and science of radio. This knowledge unlocks a whole new level of understanding about why and how radios work and radio waves propagate. With just about everything containing some sort of radio these days, this information can help us better research, attack, and defend all things that emit RF. For example: Just about anyone can build an antenna with simple hardware; having an understanding of the fundamentals allows you to troubleshoot and tune the performance of that antenna to pick up the exact signals you want while filtering out the rest.


Return to Index

HHV - Hardware Hacking and Soldering Skills Village


HHV VillageTalk List:
Home Page: https://dchhv.org/
Sched Page: https://dchhv.org/schedule/schedule.html
DC Forums Page: https://forum.defcon.org/node/236523
DC Discord Chan: https://discord.com/channels/708208267699945503/732728536149786665
Hours: Fri: 09:30 - 18:00 - Sat: 08:30 - 16:30 - Sun: 09:00 - 15:30
Social Media Links:
   TW @DC_HHV

Every day our lives become more connected to consumer hardware. Every day the approved uses of that hardware are reduced, while the real capabilities expand.

Come discover hardware hacking tricks and tips regain some of that capacity, and make your own use for things! We have interactive demos to help you learn new skills. We have challenges to compete against fellow attendees. We have some tools to help with your fever dream modifications. Come share what you know and learn something new.

We are two villages in one. We run a large number of tables for soldering when in person, and to allow people to understand that hardware is more than soldering we run the Hardware Hacking Village as embedded / reversing / hardware things other than soldering.


Return to Index

ICSV - IndustrialControlSystems Village


ICSV VillageTalk List:
Home Page: https://www.icsvillage.com/
DC Forums Page: https://forum.defcon.org/node/236564
DC Discord Chan: https://discord.com/channels/708208267699945503/735938018514567178
Social Media Links:
   TW @ICS_Village
   LI @icsvillage
   YT link
   TI @ics_village

Mission.
ICS Village is a non-profit organization with the purpose of providing education and awareness of Industrial Control System security. Connecting public, industry, media, policymakers, and others directly with ICS systems and experts. Providing educational tools and materials to increase understanding among media, policymakers, and the general population. Providing access to ICS for security researchers to learn and test. Hands on instruction for industry to defend ICS systems.

Why.
High profile Industrial Controls Systems security issues have grabbed headlines and sparked changes throughout the global supply chain. The ICS Village allows defenders of any experience level to understand these systems and how to better prepare and respond to the changing threat landscape.

Exhibits.
Interactive simulated ICS environments, such as Hack the Plan(e)t and Howdy Neighbor, provide safe yet realistic examples to preserve safe, secure, and reliable operations. We bring real components such as Programmable Logic Controllers (PLC), Human Machine Interfaces (HMI), Remote Telemetry Units (RTU), actuators, to simulate a realistic environment throughout different industrial sectors. Visitors can connect their laptops to assess these ICS devices with common security scanners, network sniffers to sniff the industrial traffic, and more!

The Village provides workshops, talks, and training classes.


Return to Index

IOTV - InternetOfThings Village


IOTV VillageTalk List:
Home Page: https://www.iotvillage.org/
Sched Page: https://www.iotvillage.org/defcon.html
DC Forums Page: https://forum.defcon.org/node/236542
DC Discord Chan: https://discord.com/channels/708208267699945503/732734565604655114
Hours: Fri: 10:00 - 21:15 - Sat: 10:00 - 21:00
Social Media Links:
   TW @iotvillage
   TW @ISEsecurity
   TW @Villageidiotlab
   LI @iotvillage
   TI @iotvillage
   YT https://www.youtube.com/c/IoTVillage/videos
   DC https://discord.gg/tmZASSpNnP

IoT Village advocates for advancing security in the Internet of Things (IoT) industry through bringing researchers and industry together. IoT Village hosts talks by expert security researchers, interactive hacking labs, live bug hunting in the latest IoT tech, and competitive IoT hacking contests. Over the years IoT Village has served as a platform to showcase and uncover hundreds of new vulnerabilities, giving attendees the opportunity to learn about the most innovative techniques to both hack and secure IoT. IoT Village is organized by security consulting and research firm, Independent Security Evaluators (ISE), and the non-profit organization, Village Idiot Labs (VIL).

The IoT RED ALERT Contest forum is located here: https://forum.defcon.org/node/236432

Check out the official IoT Village Store for all your IoT Village swag!

Watch IoT Village In Action to get an idea of our content and our attendees.


Return to Index

LBV - Lock Bypass Village


LBV VillageTalk List:
Home Page: https://bypassvillage.org/
Sched Page: https://www.bypassvillage.org/#schedule
DC Forums Page: https://forum.defcon.org/node/236524
DC Discord Chan: https://discord.com/channels/708208267699945503/732732893830447175
Hours: Fri: 09:00 - 19:00 - Sat: 09:00 - 19:00 - Sun: 09:00 - 17:00
Social Media Links:
   TW @bypassvillage
   TI @bypassvillage

The Lock Bypass Village explores the world of hardware bypasses and techniques generally outside of the realm of cyber security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself.

Well be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, attacking alarm systems at the sensor and communication line, and cut-away and display models of common hardware to show how it works on the inside.

Looking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!

The lock bypass village is almost 100% hands on and is one of the only villages that has content about physical security. We strive to develop new content on a yearly basis to retain the interest of new and existing participants. This year we will be rebuilding all of our door displays to improve the production value, we will also have new displays that capture elevator security, double doors (with a deadbolt), forceable entry, some content on Access controls/Wiegand/RFID cloning, and other subjects.


Return to Index

LPV - Lock Pick Village


LPV VillageTalk List:
Home Page: https://toool.us/
Sched Page: https://bit.ly/LPVSchedule2021
DC Forums Page: https://forum.defcon.org/node/236917
DC Discord Chan: https://discord.com/channels/708208267699945503/732734164780056708
Social Media Links:
   TW @toool
   TI @toool_us
   YT https://youtube.com/c/TOOOL-US

Want to tinker with locks and tools the likes of which you've only seen in movies featuring secret agents, daring heists, or covert entry teams?

Then come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.

The Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.

Experts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.


Return to Index

PHV - Packet Hacking Village


PHV VillageTalk List:
Home Page: https://www.wallofsheep.com/
Sched Page: https://www.wallofsheep.com/pages/dc29#talksschedule
DC Forums Page: https://forum.defcon.org/node/236521
DC Discord Chan: https://discord.com/channels/708208267699945503/708242376883306526
Hours: Fri: 14:00 - 18:00 - Sat: 14:00 - 18:00
Social Media Links:
   TW @wallofsheep
   FB @wallofsheep
   YT https://youtube.com/wallofsheep
   TI @wallofsheep
   PS https://www.periscope.tv/wallofsheep

The Packet Hacking Village is where youll find network shenanigans and a whole lot more. Theres exciting events, live music, competitions with awesome prizes, and tons of giveaways. PHV welcomes all DEF CON attendees and there is something for every level of security enthusiast from beginners to those seeking a black badge. Wall of Sheep gives attendees a friendly reminder to practice safe computing through strong end-to-end encryption. PHV Speakers, Workshops, and Walkthrough Workshops delivers high quality content for all skill levels. Packet Detective and Packet Inspector offers hands-on exercises to help anyone develop or improve their Packet-Fu. WoSDJCo has some of the hottest DJs at con spinning live for your enjoyment. Finally... Capture The Packet, the ultimate cyber defense competition that has been honored by DEF CON as a black badge event for seven of the eight years of its run.


Return to Index

PWV - Password Village


PWV VillageTalk List:
Home Page: https://passwordvillage.org/
Sched Page: https://passwordvillage.org/schedule.html
DC Forums Page: https://forum.defcon.org/node/236918
DC Discord Chan: https://discord.com/channels/708208267699945503/732733760742621214
Hours: Fri: 10:00 - 19:00 - Sat: 10:00 - 15:00 - Sun: 12:00 - 13:00
Social Media Links:
   TW @PasswordVillage
   TI @passwordvillage
   YT link

Have you ever been curious about password cracking, but were too embarrassed to admit you don't know anything about it? Have you seen the news about major password data breaches, but failed to see what all the fuss is about? Have you always wanted to implement password auditing at your organization, but you didn't know where to begin? Or do you feel like password cracking could not ever possibly relate to your job function? Does the prospect of discovering a unique intersection between human psychology, mathematics, information security, and high-performance computing arouse you? If you answered 'yes' to any of these questions, or if you just really fucking love password cracking, then the first-ever Password Village at DEF CON is right for you!

The Password Village provides training, discussion, and hands-on access to hardware and techniques utilized in modern password cracking, with an emphasis on how password cracking relates to your job function and the real world . No laptop? No problem! Feel free to use one of our terminals to access a pre-configured GPU environment to run password attacks against simulated real-world passwords. Village staff and expert volunteers will be standing by to assist you with on-the-spot training and introductions to Hashcat, as well as other FOSS cracking applications.

Already a password cracking aficionado? Feel free to give a lightning talk, show off your skills, help a n00b learn the basics, or engage in riveting conversation with other password crackers. Regardless of whether you're just a little hash-curious, a veteran cracker still relying on rainbow tables, a novice desiring to learn more, or an expert eager to share, we guarantee there will be something for everyone at the Password Village!


Return to Index

PYV - Payment Village


PYV VillageTalk List:
Home Page: https://www.paymentvillage.org/
Sched Page: https://www.paymentvillage.org/schedule
DC Forums Page: https://forum.defcon.org/node/236919
DC Discord Chan: https://discord.com/channels/708208267699945503/732733473558626314
Social Media Links:
   TW @paymentvillage
   TI @paymentvillage
   YT link

Payment technologies are an integral part of our lives, yet few of us know much about them. Have you ever wanted to learn how payments work? Do you know how criminals bypass security mechanisms on Point of Sales terminals, ATMs and digital wallets? Come to the Payment Village and learn about the history of payments. Well teach you how hackers gain access to banking endpoints, bypass fraud detection mechanisms, and ultimately, grab the money!

We're covering top notch topics of payment security, which is the intersection of RE, hardware, appsec domains related to money flows. This year we will be glad to provide more hands-on and tasks for participants, and we already have a few requests for talks and interest for our Village.


Return to Index

RCV - Recon Village


RCV VillageTalk List:
Home Page: https://www.reconvillage.org/
Sched Page: https://www.reconvillage.org/recon-village-defcon-29-talks
DC Forums Page: https://forum.defcon.org/node/236921
DC Discord Chan: https://discord.com/channels/708208267699945503/732733566051418193
Hours: Fri: 10:00 - 16:45 - Sat: 10:00 - 16:05
Social Media Links:
   TW @ReconVillage
   FB @reconvillage

Recon Village is an Open Space with Talks, Live Demos, Workshops, Discussions, CTFs, etc. with a common focus on Reconnaissance. The core objective of this village is to spread awareness about the importance of reconnaissance, open-source intelligence (OSINT), and demonstrating how even small information about a target can cause catastrophic damage to individuals and organizations.

Recon Village appeared at DEF CON 25, 26, 27, 28 as well as DEF CON China Beta and 1.0 and we received an overwhelming response from speakers, CTF/HackAThon participants, and attendees.

We strive to make Recon Village even better this time and are expecting more active participation from the attendees. It will be really great if we can get at least the same size space (or bigger) as we got in DEFCON 27.

We will be opening 'Call For Papers and Workshops' on 22nd March 2021.

We will have our Jeopardy Style OSINT CTF Contest throughout the Village timings. Based on the feedback from last year, we plan to make the CTF more challenging this year. The challenges will be around harvesting information about target organizations, their employee's social media profiles, their public svn/gits, password breach dumps, darknet, paste(s), etc. followed by active exploitation, bug hunting, investigation, and pentest scenarios of virtual targets. All the target organizations, employees, servers, etc. will be created by our team and hence will not attract any legal issues.

Similar to the last year, there will be Awesome rewards for CTF winners, along with free t-shirts, stickers, village coins, and other schwag which attendees can grab and show off.

Guess what! our Badge will also be more interesting this time and as usual, it will be free. P.S. We will not be selling our badges.


Return to Index

RFV - RF Village


RFV VillageTalk List:
Home Page: https://rfhackers.com/
Sched Page: https://rfhackers.com/calendar
DC Forums Page: https://forum.defcon.org/node/236546
DC Discord Chan: https://discord.com/channels/708208267699945503/732732595493666826
Social Media Links:
   TW @rfhackers
   TW @rf_ctf
         link
   DC https://discordapp.com/invite/JjPQhKy

After 14 years of evolution, from the WiFi Village, to the Wireless Village, RF Hackers Sanctuary presents: The Radio Frequency Village at DEF CON.

The Radio Frequency Village is an environment where people come to learn about the security of radio frequency (RF) transmissions, which includes wireless technology, applications of software defined radio (SDR), Bluetooth (BT), Zigbee, WiFi, Z-wave, RFID, IR and other protocols within the usable RF spectrum. As a security community we have grown beyond WiFi, and even beyond Bluetooth and Zigbee.

The RF Village includes talks on all manner of radio frequency command and control as well as communication systems. While everyone knows about the WiFi and Bluetooth attack surfaces, most of us rely on many additional technologies every day.

RF Hackers Sanctuary is supported by a group of experts in the area of information security as it relates to RF technologies. RF Hackers Sanctuarys common purpose is to provide an environment in which participants may explore these technologies with a focus on improving their skills through offense and defense. These learning environments are provided in the form of guest speakers, panels, and Radio Frequency Capture the Flag games, to promote learning on cutting edge topics as it relates to radio communications. We promise to still provide free WiFi. https://rfhackers.com/the-crew

Speaker and contest schedule can be found on our website: https://rfhackers.com/calendar

Co-located with the RF Village is the RF Capture the Flag. Come for the talks, stay for the practice and the competition.


Return to Index

RGV - Rogues Village


RGV VillageTalk List:
Home Page: https://foursuits.co/roguesvillage
DC Forums Page: https://forum.defcon.org/node/236525
DC Discord Chan: https://discord.com/channels/708208267699945503/732732701144121434
Hours: Fri: 10:00 - 18:00 - Sat: 10:00 - 18:00 - Sun: 10:00 - 14:00
Social Media Links:
   TW @RoguesVillage
   TI @roguesvillage
   TW @foursuits_co
   YT https://www.youtube.com/c/foursuits
   IG @foursuits_co

Rogues Village is a place to explore alternative approaches and uses for security concepts, tools, and techniques by looking to non-traditional areas of knowledge. Incorporating expertise from the worlds of magic, sleight of hand, con games, and advantage play, this village has a special emphasis on the overlap between Social Engineering, Physical Security, and Playful Mischief.

Because we specialize in non-traditional approaches, Rogues Village can be an excellent entry point for people with a less established background in the security space. By introducing and engaging with existing topics in innovative, relatable, and frequently hands-on ways, they can become easier for people to approach and pick up for the first time.

Additionally, we are one of the few villages with a view that explicitly extends beyond the security space, meaning our perspective will necessarily include influences, ideas, and inspirations that are unique to Rogues Village.


Return to Index

SLV - Security Leaders Village


SLV VillageTalk List:
Home Page: https://securityleadersvillage.org/
DC Forums Page: https://forum.defcon.org/node/236924
Social Media Links:
   TW @securityleader2
   DC https://discord.gg/wn58YfQEND

Security Leaders Village

Many of us who started out learning how technology worked through the security community now have leadership roles. There are many of us who don't wear the title of suit well, however we're in these positions. There are also quite a few of us who aspire to these roles and responsibilities, and don't know where to go. The goals of this village are to provide better support to security leaders who did not take the traditional career path, and to assist those currently on their path to achieve more.

We have not paid attention to how the hacker community has developed a significant amount of leaders. They are responsible for the safety and security of much of our critical infrastructure, including finance, healthcare, energy, and transportation. This village recognizes and realizes that, and gives these leaders the tools they need to further succeed. It's also there to develop a new generation.


Return to Index

SEV - Social Engineering Village


SEV VillageTalk List:
Home Page: https://www.social-engineer.org/
DC Forums Page: https://forum.defcon.org/node/236549
DC Discord Chan: https://discord.com/channels/708208267699945503/732733952867172382
Social Media Links:
   FB @socialengineerinc
   TW @humanhacker
   LI @social-engineer
   YT https://www.youtube.com/user/SocialEngineerOrg

Virtual SEV will be the one stop shop for all your SE needs during DEF CON. We will have a Social Engineering Capture for the Flag for Teens, we are planning another SECTF4Kids and we are working on a brand new competition for virtual SEV for all the rest of us. We plan on having a few speeches and Q&A sessions all about social engineering. Come and hang out with us, virtually of course.


Return to Index

VMV - Voting Machine Village


VMV VillageTalk List:
Sched Page: https://docs.google.com/document/d/123a7PYCkxzR6U2eW0C_YjYNRXIXqSHBKebb4b830J1I/edit
DC Forums Page: https://forum.defcon.org/node/236925
DC Discord Chan: https://discord.com/channels/708208267699945503/732733881148506164
Social Media Links:
   TW @votingvillagedc
   YT link

Looking forward to #DEFCON29 Aug. 5-8, 2021! Voting Village explores voting machines, systems, and databases and works to promote a more secure democracy.


Return to Index

SOC - Social Activities: Parties/Meetups


SOC VillageTalk List:

Return to Index

MUS - Music


MUS VillageTalk List:
Home Page: https://defconmusic.org
Sched Page: https://defconmusic.org/sched.txt
Social Media Links:
   TW @defcon_music
   YT link
   TI @defcon_music
   TI @defcon_chill

Music Link All the Things:

https://www.twitch.tv/defcon_music
https://www.twitch.tv/defcon_chill
http://www.defconmusic.org/


Return to Index

WS - DEF CON Workshops


WS VillageTalk List:
Home Page: https://defcon.org/html/defcon-29/dc-29-workshops.html

Return to Index

DL - DEF CON DemoLabs


DL VillageTalk List:
Home Page: https://forum.defcon.org/node/236373

Return to Index

DC - DEF CON Talks


DC VillageTalk List:
Home Page: https://defcon.org/html/defcon-29/dc-29-index.html
Sched Page: https://defcon.org/html/defcon-29/dc-29-schedule.html
Social Media Links:
   TW @defcon
   FB @defcon
   YT https://www.youtube.com/user/DEFCONConference
         http://www.reddit.com/r/defcon
   IG @wearedefcon
   DC https://discord.gg/defcon

Return to Index

CON - Contests


CON VillageTalk List:

Return to Index

QCV - Queercon


QCV VillageTalk List:
Home Page: https://www.queercon.org/
Social Media Links:
   TW @Queercon
   FB @126504813280
   DC https://discord.com/invite/jeG6Bh5

Return to Index

MISC - Misc


MISC VillageTalk List:

Return to Index

Talk/Event Schedule


Thursday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Thursday - 07:00 PDT


Return to Index  -  Locations Legend
BHV - Table Top Exercise - Deus Ex Machina (Pre-registration Required) -
DC - DEF CON Human Registration (Badge Pickup) Open -

 

Thursday - 08:00 PDT


Return to Index  -  Locations Legend
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -

 

Thursday - 09:00 PDT


Return to Index  -  Locations Legend
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC

 

Thursday - 10:00 PDT


Return to Index  -  Locations Legend
BHV - Biohacking Village CTF: Hospital Under Siege (Pre-Qual) (Pre-registration required) -
CON - Tin Foil Hat Contest -
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
PYV - Welcome to the Payment Village

 

Thursday - 11:00 PDT


Return to Index  -  Locations Legend
BHV - cont...(10:00-13:59 PDT) - Biohacking Village CTF: Hospital Under Siege (Pre-Qual) (Pre-registration required) -
CON - cont...(10:00-16:59 PDT) - Tin Foil Hat Contest -
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC

 

Thursday - 12:00 PDT


Return to Index  -  Locations Legend
BHV - cont...(10:00-13:59 PDT) - Biohacking Village CTF: Hospital Under Siege (Pre-Qual) (Pre-registration required) -
CON - cont...(10:00-16:59 PDT) - Tin Foil Hat Contest -
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
RFV - Frag, You’re it - Hacking Laser Tag - Eric Escobar
RFV - ESP8266, do you know what's inside your IoT? - JoshInGeneral
RFV - Using UAV in Military Zone Areas by GPS Spoofing with RF Devices - Mehmet Onder Key
RFV - Assless Chaps: a novel combination of prior work to crack MSCHAPv2, fast (or why MSCHAPv2 is so broken, it’s showing it’s whole ass) - singe,cablethief
RFV - RF Propagation and Visualization with DragonOS - cemaxecuter
SOC - Friends of Bill W. -

 

Thursday - 13:00 PDT


Return to Index  -  Locations Legend
BHV - cont...(10:00-13:59 PDT) - Biohacking Village CTF: Hospital Under Siege (Pre-Qual) (Pre-registration required) -
CON - cont...(10:00-16:59 PDT) - Tin Foil Hat Contest -
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
SOC - A&E Pool Party! -

 

Thursday - 14:00 PDT


Return to Index  -  Locations Legend
CON - cont...(10:00-16:59 PDT) - Tin Foil Hat Contest -
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Thursday - 15:00 PDT


Return to Index  -  Locations Legend
CON - cont...(10:00-16:59 PDT) - Tin Foil Hat Contest -
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
DDV - Data Duplication Village - Open for dropoff only -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Thursday - 16:00 PDT


Return to Index  -  Locations Legend
CON - cont...(10:00-16:59 PDT) - Tin Foil Hat Contest -
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
DDV - cont...(15:00-18:59 PDT) - Data Duplication Village - Open for dropoff only -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - Toxic BBQ -
SOC - QueerCon Party -

 

Thursday - 17:00 PDT


Return to Index  -  Locations Legend
BCV - COSTA (Coinbase Secure Trait Analyzer) - Peter Kacherginsky
BCV - DeFi Must Change or Hacks Will Accelerate - Kadan Stadelmann
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
DDV - cont...(15:00-18:59 PDT) - Data Duplication Village - Open for dropoff only -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-21:59 PDT) - Toxic BBQ -
SOC - cont...(16:00-17:59 PDT) - QueerCon Party -
SOC - Friends of Bill W. -

 

Thursday - 18:00 PDT


Return to Index  -  Locations Legend
CON - AutoDriving CTF -
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
DDV - cont...(15:00-18:59 PDT) - Data Duplication Village - Open for dropoff only -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-21:59 PDT) - Toxic BBQ -
SOC - QueerCon Virtual Mixer

 

Thursday - 19:00 PDT


Return to Index  -  Locations Legend
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-21:59 PDT) - Toxic BBQ -

 

Thursday - 20:00 PDT


Return to Index  -  Locations Legend
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-21:59 PDT) - Toxic BBQ -

 

Thursday - 21:00 PDT


Return to Index  -  Locations Legend
BCV - Flash Loans Demystified - Anto Joseph
BCV - Blockchain as a Threat Modeling Thinking Tool - Shinchul Park, Graduate Student
BCV - Subtle and Not So Subtle Ways to Lose Your Cryptocurrency - Josh McIntyre
BCV - Will Secure Element Really Help Strengthen the Security of Cryptocurrency Wallets? - Byeongcheol Yoo
BCV - Scaling Blockchains: A Novel Approach - Colin Cantrell
BCV - Towards Understanding the Unlimited Approval in Ethereum - Dabao Wang
BCV - Preventing Sandwich Attacks on DeFi Protocols using Recurrent and Recursive Zero Knowledge Proofs - Gokul Alex
MUS - Music - CTRL/RSM - CTRL/rsm
MUS - Music - Deep Therapy - Deep Therapy
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-21:59 PDT) - Toxic BBQ -

 

Thursday - 22:00 PDT


Return to Index  -  Locations Legend
MUS - Music - Abstrct - Abstrct
MUS - Music - Tense Future - Tense Future
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Thursday - 23:00 PDT


Return to Index  -  Locations Legend
MUS - Music - Dr. McGrew - Dr. McGrew
MUS - Music - FuzzyNop - FuzzyNop
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

Friday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Friday - 00:00 PDT


Return to Index  -  Locations Legend
CON - Coindroids -
MUS - Music - DJ St3rling - DJ St3rling

 

Friday - 01:00 PDT


Return to Index  -  Locations Legend
CON - cont...(00:00-23:59 PDT) - Coindroids -
MUS - Music - Acid T - Acid T

 

Friday - 02:00 PDT


Return to Index  -  Locations Legend
CON - cont...(00:00-23:59 PDT) - Coindroids -

 

Friday - 03:00 PDT


Return to Index  -  Locations Legend
CON - cont...(00:00-23:59 PDT) - Coindroids -

 

Friday - 04:00 PDT


Return to Index  -  Locations Legend
CON - cont...(00:00-23:59 PDT) - Coindroids -

 

Friday - 05:00 PDT


Return to Index  -  Locations Legend
CON - cont...(00:00-23:59 PDT) - Coindroids -

 

Friday - 06:00 PDT


Return to Index  -  Locations Legend
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - DEF CON Bike Ride -

 

Friday - 07:00 PDT


Return to Index  -  Locations Legend
CLV - Cloud Village CTF - Registration -
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(06:00-11:59 PDT) - DEF CON Bike Ride -
ICSV - Tabletop Exercise - GRIMM

 

Friday - 08:00 PDT


Return to Index  -  Locations Legend
CLV - cont...(07:00-12:15 PDT) - Cloud Village CTF - Registration -
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(06:00-11:59 PDT) - DEF CON Bike Ride -
DC - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -

 

Friday - 09:00 PDT


Return to Index  -  Locations Legend
AIV - Welcome. A Short Tour of Good and Bad AI in 2021 - AI Village Organizers
AIV - (09:30-10:59 PDT) - Intro to ML Workshop - Gavin Klondike
APV - AppSec Village Welcome and Introductions
APV - Colorful AppSec - Luis Gomes,Erez Yalon,Pedro Umbelino,Tanya Janca
ASV - Retired but not forgotten – A look at IFEs - Alex Lomas,Phil Eveleigh
ASV - A-ISAC CTF -- Pre-registration Required -
ASV - (09:30-10:20 PDT) - The Antenny Board Design and Fabrication Saga: Sweat and Tears Along the Supply Chain - Ang Cui
BTV - (09:30-10:30 PDT) - Yeet the leet with Osquery (Effective Threathunting Without Breaking Bank ) - Sebastiaan Provost
BTV - (09:30-10:59 PDT) - Attack and Detect with Prelude Operator and Security Onion - Wes Lambert
CLV - cont...(07:00-12:15 PDT) - Cloud Village CTF - Registration -
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(06:00-11:59 PDT) - DEF CON Bike Ride -
CON - Darknet-NG -
DC - cont...(08:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - Welcome to Discord - Dark Tangent
DC - Making the DEF CON 29 Badge - Katie Whiteley,Michael Whiteley
HHV - (09:30-09:59 PDT) - Meetup: Some HHV challenges - rehr
HRV - Ham Radio Exams -
LBV - (09:30-10:30 PDT) - Bypass 101
PHV - Web App Penetration Testing Workshop - Sunny Wear
PHV - The War for Control of DNS Encryption - Paul Vixie

 

Friday - 10:00 PDT


Return to Index  -  Locations Legend
AIV - cont...(09:30-10:59 PDT) - Intro to ML Workshop - Gavin Klondike
APV - Summer of Fuzz: MacOS - Jeremy Brown
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:30-10:20 PDT) - The Antenny Board Design and Fabrication Saga: Sweat and Tears Along the Supply Chain - Ang Cui
ASV - AIAA CubeSat Hacking Workshop - World Premier of the videos -
ASV - ARINC 429 Lab -
ASV - Deep Space Networking -
ASV - Hack-A-Sat2 Satellite Platform -
ASV - Antenny -
ASV - HACMS Live Demo -
ASV - Lego Spike Hub -
ASV - ADSB Demo and Paper Airplanes -
ASV - (10:30-11:20 PDT) - Hack-A-Sat 2: The Good, The Bad and the Cyber-Secure - Bryce Kerley,Capt Aaron Bolen,Frank Pound,Steve Wood
BCV - Welcome Note
BCV - (10:15-11:30 PDT) - Key Note
BHV - Biohacking Village Welcome Keynote - Nina Alli
BHV - Biohacking Village CTF: Hospital Under Siege (Pre-registration required)
BICV - (10:30-10:30 PDT) - Why don’t we have IoT, daddy? - Jessica Hoffman
BTV - cont...(09:30-10:30 PDT) - Yeet the leet with Osquery (Effective Threathunting Without Breaking Bank ) - Sebastiaan Provost
BTV - cont...(09:30-10:59 PDT) - Attack and Detect with Prelude Operator and Security Onion - Wes Lambert
BTV - (10:45-11:45 PDT) - Velociraptor - Dig Deeper - Mike Cohen
BTV - (10:45-12:15 PDT) - Windows Forensics 101 (Beginner) - Surya Teja Masanam
CHV - Ready, fire aim: Hacking State and Federal Law Enforcement Vehicles - Alissa Knight
CLV - cont...(07:00-12:15 PDT) - Cloud Village CTF - Registration -
CLV - Cloud Village Opening Keynote
CLV - (10:15-10:59 PDT) - Detection Challenges in Cloud Connected Credential Abuse Attacks - Rod Soto
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(06:00-11:59 PDT) - DEF CON Bike Ride -
CON - cont...(09:00-15:59 PDT) - Darknet-NG -
CON - DEF CON 29 CTF by OOO -
CON - OpenSOC Blue Team CTF -
CON - Secure Coding Tournament CTF -
CON - Red Team Village CTF - Qualifiers Part 1 -
CON - Red Alert ICS CTF -
CON - Beverage Cooling Contraption Contest -
CON - Car Hacking CTF -
CON - CMD+CTRL -
CON - Hack3r Runw@y -
CPV - New Face, Who Dis? Protecting Privacy in an Era of Surveillance - Mike Kiser
DC - cont...(08:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - Welcome To DEF CON - Dark Tangent & Making the DEF CON 29 Badge - Dark Tangent,Katie Whiteley,Michael Whiteley
DC - Gone Apple Pickin': Red Teaming macOS Environments in 2021 - Cedric Owens
DC - HTTP/2: The Sequel is Always Worse - James Kettle
DC - DEF CON Vendor Area Open
DC - Community Roundtable - (De)Criminalizing Hacking Around the Globe -
DDV - Data Duplication Village - Open -
DL - AIS Tools - Gary Kessler
DL - Mooltipass - Mathieu Stephan
DL - WiFi Kraken Lite - Mike Spicer,Henry Hill
HHV - Hardware Hacking 101: Rogue Keyboards and Eavesdropping Cables - Federico Lucifredi
HRV - cont...(09:00-15:59 PDT) - Ham Radio Exams -
HRV - Ham Radio Village Opening Remarks
HTSV - AIS Tools Demo (DEF CON) - Gary Kessler
ICSV - Keynote - PW Singer - PW Singer
ICSV - (10:30-11:30 PDT) - Tabletop Exercise - GRIMM
IOTV - Pentesting 101 -
IOTV - When Penetration Testing Isn’t Penetration Testing At All - Ted Harrington
IOTV - UART to UBOOT to ROOT -
IOTV - IoT Village Capture the Flag (CTF) -
IOTV - IoT Village Labs -
IOTV - Black Box Challenges -
IOTV - (10:45-11:30 PDT) - Representation Matters - Camille Eddy,Chloe Messdaghi
LBV - cont...(09:30-10:30 PDT) - Bypass 101
LBV - (10:30-11:30 PDT) - Tools 101
LPV - Intro To Lockpicking - TOOOL
PHV - cont...(09:00-10:59 PDT) - Web App Penetration Testing Workshop - Sunny Wear
PHV - Internet Protocol (IP) - Roy Feng
PYV - ATM Transaction Reversal Frauds (And how to fight them) - Hector Cuevas Cruz
RCV - Recon Village Keynote - Ben S
RCV - (10:55-11:25 PDT) - Using Passive DNS for gathering Business Intelligence - Andy Dennis
RGV - Top 10 BOGUS Biometrics! - Vic Harkness
SEV - SECTF4Kids (Pre-Registration Required) - Ryan M,Colin H
VMV - Voting Village Logistical Information Broadcast (Discord, Youtube, Twitch) -
VMV - (10:30-10:59 PDT) - Hacking to Save Democracy: What Technologists Need to Know About Election Administration - Eddie Perez
WS - The Joy of Reverse Engineering: Learning With Ghidra and WinDbg - Wesley McGrew
WS - Inspecting Signals from Satellites to Shock Collars - Eric Escobar,Trenton Ivey
WS - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - House of Heap Exploitation - James Dolan,Maxwell Dulin,Nathan Kirkland,Zachary Minneker

 

Friday - 11:00 PDT


Return to Index  -  Locations Legend
AIV - The Coming AI Hackers - Bruce Schneier
APV - Vulnerability Inheritance - Attacking companies and scoring bounties through 3rd party integrations - Gal Nagli
APV - AppSec Village Capture the Flag Starts -
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(10:00-11:30 PDT) - AIAA CubeSat Hacking Workshop - World Premier of the videos -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(10:30-11:20 PDT) - Hack-A-Sat 2: The Good, The Bad and the Cyber-Secure - Bryce Kerley,Capt Aaron Bolen,Frank Pound,Steve Wood
ASV - (11:30-11:55 PDT) - Steal This Drone: High-Assurance Cyber Military Systems - Darren Cofer
ASV - (11:30-12:59 PDT) - AIAA CubeSat Hacking Workshop - Virtual Lab #1 -
BCV - cont...(10:15-11:30 PDT) - Key Note
BCV - (11:30-11:59 PDT) - BCOS Village Contest Overview - Reddcoin
BHV - cont...(10:00-17:59 PDT) - Biohacking Village CTF: Hospital Under Siege (Pre-registration required)
BHV - The Digital Physiome - How wearables can (and are) transforming healthcare - Jennifer Goldsack,Jessilyn Dunn
BTV - cont...(10:45-11:45 PDT) - Velociraptor - Dig Deeper - Mike Cohen
BTV - cont...(10:45-12:15 PDT) - Windows Forensics 101 (Beginner) - Surya Teja Masanam
CCV - Getting Started with Decentralized Object Storage - Storj Team
CHV - Remotely Rooting Charging Station for fun and maybe profit - Huajiang "Kevin2600" Chen,Wu Ming
CLV - cont...(07:00-12:15 PDT) - Cloud Village CTF - Registration -
CLV - Cloud Village CTF -
CLV - The Fault in Our Stars - Attack vectors for APIs using AWS API Gateway Lambda Authorizers - Alexandre Sieira,Leonardo Viveiros
CLV - (11:45-12:05 PDT) - Exploiting the O365 Duo 2FA Misconfiguration (Lightning Talk) - Cassandra Young
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(06:00-11:59 PDT) - DEF CON Bike Ride -
CON - cont...(09:00-15:59 PDT) - Darknet-NG -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:30 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-14:59 PDT) - Secure Coding Tournament CTF -
CON - cont...(10:00-16:59 PDT) - Red Team Village CTF - Qualifiers Part 1 -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-13:59 PDT) - Beverage Cooling Contraption Contest -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CPV - Welcome to Gold Bug -
CPV - (11:30-12:30 PDT) - How expensive is quantum factoring, really? - Craig Gidney
DC - cont...(08:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - 2021 - Our Journey Back To The Future Of Windows Vulnerabilities and the 0-days we brought back with us - Eran Segal,Tomer Bar
DC - Caught you - reveal and exploit IPC logic bugs inside Apple - Chuanda Ding,Yuebin Sun,Zhipeng Huo
DC - (11:30-12:30 PDT) - Community Roundtable - We can build it. We have the technology. So why aren't we? -
DC - (11:30-12:30 PDT) - Community Roundtable - Toward a Global IoT Code of Practice -
DDV - cont...(10:00-16:59 PDT) - Data Duplication Village - Open -
DL - cont...(10:00-11:50 PDT) - AIS Tools - Gary Kessler
DL - cont...(10:00-11:50 PDT) - Mooltipass - Mathieu Stephan
DL - cont...(10:00-11:50 PDT) - WiFi Kraken Lite - Mike Spicer,Henry Hill
HHV - Use a PortaProg to flash, dump, and test ISP and UPDI chips - Bradán Lane,Sara Cladlow
HRV - cont...(09:00-15:59 PDT) - Ham Radio Exams -
HRV - "Ask a Ham" Q&A -
HTSV - cont...(10:00-11:50 PDT) - AIS Tools Demo (DEF CON) - Gary Kessler
ICSV - cont...(10:30-11:30 PDT) - Tabletop Exercise - GRIMM
ICSV - (11:30-12:30 PDT) - Your Infrastructure is Encrypted: Protecting Critical Infrastructure from Ransomware - David Etue,Ernie Bio,Jamil Jaffer,Jennifer DeTrani
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(10:45-11:30 PDT) - Representation Matters - Camille Eddy,Chloe Messdaghi
IOTV - (11:45-12:30 PDT) - 1.21 Gigawatts! Vulnerabilities in Solar Panel Controllers - Waylon Grange
LBV - cont...(10:30-11:30 PDT) - Tools 101
LBV - (11:30-12:30 PDT) - Intro to RFID Hacking
LPV - Key Duplication - It's not just for the movies! - Tony Virelli
PHV - MITRE Engage: A Framework for Adversary Engagement Operations - Stan Bar,Gabby Raymond,Maretta Morovitz
PYV - Racing cryptoexchanges or how I manipulated the balances - Vahagan Vardanyan
RCV - cont...(10:55-11:25 PDT) - Using Passive DNS for gathering Business Intelligence - Andy Dennis
RCV - (11:35-12:05 PDT) - So You Want to OPSEC, Eh? - Ritu Gill
SEV - cont...(10:00-11:59 PDT) - SECTF4Kids (Pre-Registration Required) - Ryan M,Colin H
VMV - A Deep Dive on Vulnerability Disclosure for Election Systems - Tod Beardsley
VMV - (11:30-11:59 PDT) - Wireless Odyssey or why is the federal government permitting devices with wireless networking capability in federally certified voting machines? - Susan Greenhalgh
WS - cont...(10:00-13:59 PDT) - The Joy of Reverse Engineering: Learning With Ghidra and WinDbg - Wesley McGrew
WS - cont...(10:00-13:59 PDT) - Inspecting Signals from Satellites to Shock Collars - Eric Escobar,Trenton Ivey
WS - cont...(10:00-13:59 PDT) - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - cont...(10:00-13:59 PDT) - House of Heap Exploitation - James Dolan,Maxwell Dulin,Nathan Kirkland,Zachary Minneker

 

Friday - 12:00 PDT


Return to Index  -  Locations Legend
AIV - Algorithmic Ethics Bug Bounty Contest Announcement - Rumman Chowdhury
AIV - (12:30-12:59 PDT) - Microsoft ML Security Evasion Competition Details - Hyrum Anderson
APV - Cross-document messaging technology, how to hack it, and how to use it safely. - Chen Gour-Arie
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(11:30-12:59 PDT) - AIAA CubeSat Hacking Workshop - Virtual Lab #1 -
ASV - Threat Modeling for Space Hitchhikers - James Pavur
ASV - (12:30-12:55 PDT) - Evaluating Wireless Attacks on Real-World Avionics Hardware - Leeloo Granger
AVV - Adversary Village Kick-off - Abhijith B R
AVV - (12:15-12:59 PDT) - Adversary Village Keynote - David Kennedy
BCV - Polyswarm Talk - Kevin Leffew
BHV - cont...(10:00-17:59 PDT) - Biohacking Village CTF: Hospital Under Siege (Pre-registration required)
BHV - The Next Critical Infrastructure: Understanding the Bioeconomy - Charles Fracchia,Nathan Case
BICV - (12:30-12:30 PDT) - The Action Plan for Cyber Diversity! - Keith Chapman
BTV - cont...(10:45-12:15 PDT) - Windows Forensics 101 (Beginner) - Surya Teja Masanam
BTV - This is what we thought would happen in 2021 - Gert-Jan Bruggink
CAHV - F**k You, Pay Me - Knowing your worth and getting paid - Alyssa Miller,Liana McCrea
CAHV - Resume Reviewing
CAHV - Career Coaching
CCV - (12:30-12:59 PDT) - Privacy on Public Blockchains with SGX - Secret Network Team
CHV - Commercial Transportation: Trucking Hacking - Ben Gardiner
CLV - cont...(07:00-12:15 PDT) - Cloud Village CTF - Registration -
CLV - cont...(11:00-12:15 PDT) - Cloud Village CTF -
CLV - cont...(11:45-12:05 PDT) - Exploiting the O365 Duo 2FA Misconfiguration (Lightning Talk) - Cassandra Young
CLV - Attacking Modern Environments Series: Attack Vectors on Terraform Environments - Mazin Ahmed
CLV - (12:50-13:20 PDT) - Kubernetes Goat - Kubernetes Security Learning (Tool Demo) - Madhu Akula
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(09:00-15:59 PDT) - Darknet-NG -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:30 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-14:59 PDT) - Secure Coding Tournament CTF -
CON - cont...(10:00-16:59 PDT) - Red Team Village CTF - Qualifiers Part 1 -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-13:59 PDT) - Beverage Cooling Contraption Contest -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - Blacks in Cybersecurity CTF -
CPV - cont...(11:30-12:30 PDT) - How expensive is quantum factoring, really? - Craig Gidney
CPV - (12:30-13:10 PDT) - CPV Through the Looking-Glass: How to Backdoor Diffie-Hellman (DC 24)
DC - cont...(08:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - cont...(11:30-12:30 PDT) - Community Roundtable - We can build it. We have the technology. So why aren't we? -
DC - cont...(11:30-12:30 PDT) - Community Roundtable - Toward a Global IoT Code of Practice -
DC - DHS REBOOTING CRITICAL INFRASTRUCTURE PROTECTION Panel with DEF CON Policy Panel - Lily Newman,Alexander Klimburg,Faye Francy,Eric Goldstein,Amelie Koran,Danny McPherson
DC - Your House is My House: Use of Offensive Enclaves In Adversarial Operations - Dimitry "Op_Nomad" Snezhkov
DC - Do you like to read? I know how to take over your Kindle with an e-book - Slava Makkaveev
DC - (12:30-12:50 PDT) - The Mechanics of Compromising Low Entropy RSA Keys - Austin Allshouse
DC - (12:30-12:50 PDT) - Worming through IDEs - David Dworken
DDV - cont...(10:00-16:59 PDT) - Data Duplication Village - Open -
DL - Solitude - Dan Hastings
DL - Siembol - Marian Novotny
HHV - The Black Box and the Brain Box: When Electronics and Deception Collide - Gigs
HHV - (12:30-13:30 PDT) - Walkthrough of DC 28 HHV Challenges - rehr
HRV - cont...(09:00-15:59 PDT) - Ham Radio Exams -
HRV - (12:30-13:30 PDT) - Spectrum Coordination for Amateur Radio - Bryan Fields
HTSV - Intro to SeaTF, Salty Sensor, and Tin Foil Competitions
ICSV - cont...(11:30-12:30 PDT) - Your Infrastructure is Encrypted: Protecting Critical Infrastructure from Ransomware - David Etue,Ernie Bio,Jamil Jaffer,Jennifer DeTrani
ICSV - (12:30-12:59 PDT) - Do We Really Want to Live in the Cyberpunk World? - Mert Can Kilic
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(11:45-12:30 PDT) - 1.21 Gigawatts! Vulnerabilities in Solar Panel Controllers - Waylon Grange
IOTV - (12:45-13:15 PDT) - LED Light Lunacy! - Victor Hanna
LBV - cont...(11:30-12:30 PDT) - Intro to RFID Hacking
LPV - Intro To Lockpicking - TOOOL
PHV - Hunting Evil with Wireshark - Michael Wylie
PHV - Seeing Through The Windows: Centralizing Windows Logs For Greater Visibility - Matthew Gracie
PYV - Automated Tear Machines - Meadow Ellis
RCV - cont...(11:35-12:05 PDT) - So You Want to OPSEC, Eh? - Ritu Gill
RCV - (12:15-12:59 PDT) - OSINT and the Hermit Kingdom. Leveraging online sources to learn more about the worlds most secret nation - Nick Roy
SEV - (12:30-13:30 PDT) - Judging by the Cover: Profiling & Targeting Through Social Media - Christina Lekati
SOC - Friends of Bill W. -
VMV - A Journalist’s Perspective on Fake News - Bob Sullivan
VMV - (12:30-12:59 PDT) - Are Barcodes on Ballots Bad?  - Kevin Skoglund
WS - cont...(10:00-13:59 PDT) - The Joy of Reverse Engineering: Learning With Ghidra and WinDbg - Wesley McGrew
WS - cont...(10:00-13:59 PDT) - Inspecting Signals from Satellites to Shock Collars - Eric Escobar,Trenton Ivey
WS - cont...(10:00-13:59 PDT) - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - cont...(10:00-13:59 PDT) - House of Heap Exploitation - James Dolan,Maxwell Dulin,Nathan Kirkland,Zachary Minneker

 

Friday - 13:00 PDT


Return to Index  -  Locations Legend
AIV - Shell Language Processing (SLP) - Dmitrijs Trizna
AIV - (13:30-14:30 PDT) - Trailblazing the AI for Cybersecurity Discipline: Overview of the Field and Promising Future Directions - Sagar Samtani
APV - Signed, Sealed, Delivered: Abusing Trust in Software Supply Chain Attacks - Cheryl Biswas
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - Unboxing the Spacecraft Software BlackBox – Hunting for Vulnerabilities - Brandon Bailey
ASV - Understanding Space in the Cyber Domain -
AVV - Look at me, I'm the Adversary now: Introduction to Adversary Emulation and its place in Security Operations - Samuel Kimmons
AVV - (13:45-14:45 PDT) - From On-Prem to the Cloud - Hybrid AD attack path - Sergey Chubarov
BCV - Catching (and Fixing) an Unlimited Burn Vulnerability - Nadir Akhtar
BHV - cont...(10:00-17:59 PDT) - Biohacking Village CTF: Hospital Under Siege (Pre-registration required)
BHV - "Who Bears the Risk?" Why a Market Incentives Perspective is Critical to Protecting Patients from Cyber Threats - Matt McMahon,Shannon Lantzky
BHV - (13:30-14:30 PDT) - At least ten questions for “Bad HIPPA Takes” (@BadHIPPA), 2021’s best tweeter on privacy, pandemic, and snark. - Lucia Savage
BTV - (13:30-13:59 PDT) - Forensicating Endpoint Artifacts in the World of Cloud Storage Services - Renzon Cruz
CAHV - cont...(12:00-15:59 PDT) - Resume Reviewing
CAHV - cont...(12:00-15:59 PDT) - Career Coaching
CAHV - Hacking Your Career: The Options - Chris Sperry,Deb Herrity,Jennifer Haverman
CHV - From CTF to CVE - Bill Hatzer
CLV - cont...(12:50-13:20 PDT) - Kubernetes Goat - Kubernetes Security Learning (Tool Demo) - Madhu Akula
CLV - (13:20-14:05 PDT) - Hunting for AWS Exposed Resources - Felipe Pr0teus Espósito
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(09:00-15:59 PDT) - Darknet-NG -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:30 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-14:59 PDT) - Secure Coding Tournament CTF -
CON - cont...(10:00-16:59 PDT) - Red Team Village CTF - Qualifiers Part 1 -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-13:59 PDT) - Beverage Cooling Contraption Contest -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(12:00-17:59 PDT) - Blacks in Cybersecurity CTF -
CPV - cont...(12:30-13:10 PDT) - CPV Through the Looking-Glass: How to Backdoor Diffie-Hellman (DC 24)
DC - cont...(08:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - Ransomeware’s Big Year – from nuisance to “scourge”? - DEF CON Policy Panel
DC - Sleight of ARM: Demystifying Intel Houdini - Brian Hong
DC - eBPF, I thought we were friends! - Guillaume Fournier,Sylvain Afchain,Sylvain Baubeau
DC - Policy Debrief - Myths and Legends of Section 230 -
DDV - cont...(10:00-16:59 PDT) - Data Duplication Village - Open -
DL - cont...(12:00-13:50 PDT) - Solitude - Dan Hastings
DL - cont...(12:00-13:50 PDT) - Siembol - Marian Novotny
HHV - cont...(12:30-13:30 PDT) - Walkthrough of DC 28 HHV Challenges - rehr
HHV - (13:30-14:30 PDT) - A Lazy r2 Solve of @mediumrehr Challenge 6 - Ben Gardiner
HRV - cont...(09:00-15:59 PDT) - Ham Radio Exams -
HRV - cont...(12:30-13:30 PDT) - Spectrum Coordination for Amateur Radio - Bryan Fields
HTSV - AIS Protocol Internals (Abridged) - Gary Kessler
ICSV - Tabletop Exercise - GRIMM
ICSV - Beetlejuice: The Lessons We Should Have Learned For ICS Cybersecurity - Tim Yardley
ICSV - (13:30-13:59 PDT) - Scripts and Tools to Help Your ICS InfoSec Journey - Don C. Weber
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(12:45-13:15 PDT) - LED Light Lunacy! - Victor Hanna
IOTV - (13:30-14:15 PDT) - 5 years of IoT vulnerability research and countless 0days - A retrospective - Alex "Jay" Balan
LBV - (13:30-14:30 PDT) - Alarm Bypass
LPV - Are We Still Doing it? 10 Locksport Hobbies that go Beyond Lock Picking - Lock Noob
PHV - cont...(12:00-13:59 PDT) - Hunting Evil with Wireshark - Michael Wylie
PYV - What happens when businesses decide to enroll cryptocurrency cards - Timur Yunusov
SEV - cont...(12:30-13:30 PDT) - Judging by the Cover: Profiling & Targeting Through Social Media - Christina Lekati
SEV - (13:30-14:30 PDT) - SE Team vs. Red Team - Ryan MacDougall
SOC - A&E Pool Party! -
VMV - Hack the Conspiracies - Barb Byrum
VMV - (13:30-13:59 PDT) - Kickoff Remarks (recorded in-person in Las Vegas) - Harri Hursti
WS - cont...(10:00-13:59 PDT) - The Joy of Reverse Engineering: Learning With Ghidra and WinDbg - Wesley McGrew
WS - cont...(10:00-13:59 PDT) - Inspecting Signals from Satellites to Shock Collars - Eric Escobar,Trenton Ivey
WS - cont...(10:00-13:59 PDT) - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - cont...(10:00-13:59 PDT) - House of Heap Exploitation - James Dolan,Maxwell Dulin,Nathan Kirkland,Zachary Minneker

 

Friday - 14:00 PDT


Return to Index  -  Locations Legend
AIV - cont...(13:30-14:30 PDT) - Trailblazing the AI for Cybersecurity Discipline: Overview of the Field and Promising Future Directions - Sagar Samtani
AIV - (14:30-14:59 PDT) - AI Policy Talk: "An AI Security ISAC" and "An AI Playbook" - Sagar Samtani
APV - Poking bots for fun and profit in the age of asynchronous stuff - Emanuel Rodrigues
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(13:00-15:59 PDT) - Understanding Space in the Cyber Domain -
ASV - AIAA CubeSat Hacking Workshop - Virtual Lab #2 -
ASV - Don’t fear the BUS, it won’t run you over. - Nicholas Childs
ASV - (14:30-14:55 PDT) - CPDLC: Man-in-the-middle attacks and how to defend against them - Joshua Smailes
AVV - cont...(13:45-14:45 PDT) - From On-Prem to the Cloud - Hybrid AD attack path - Sergey Chubarov
AVV - (14:45-15:45 PDT) - Exploiting Blue Team OPSEC failures with RedELK - Marc Smeets
BCV - Blockchain Security Tools - Mila Paul
BCV - (14:30-15:59 PDT) - Workshop - Decentralized Cloud
BHV - cont...(10:00-17:59 PDT) - Biohacking Village CTF: Hospital Under Siege (Pre-registration required)
BHV - cont...(13:30-14:30 PDT) - At least ten questions for “Bad HIPPA Takes” (@BadHIPPA), 2021’s best tweeter on privacy, pandemic, and snark. - Lucia Savage
BHV - (14:30-14:59 PDT) - Open-Source Vaccine Developer Kits (VDKs) with RaDVaC - Alex Hoekstra
BICV - (14:30-14:30 PDT) - The Big Cleanup: Tackling The Remnants of Systematic Discrimination in the Tech Industry - Maurice Turner
BTV - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part1 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - (14:15-15:15 PDT) - Adventures in Pro Bono Digital Forensics Work - John Bambenek
CAHV - cont...(12:00-15:59 PDT) - Resume Reviewing
CAHV - cont...(12:00-15:59 PDT) - Career Coaching
CAHV - Making the Leap - Changing Careers - Danyelle Davis
CCV - Hardware Wallet Show and Tell - Michael Schloh von Bennewitz
CHV - Bug Hunter's Guide to Bashing for a Car Hacking Bug Bash or Contest - Jay Turla
CLV - cont...(13:20-14:05 PDT) - Hunting for AWS Exposed Resources - Felipe Pr0teus Espósito
CLV - WhoC - Peeking under the hood of CaaS offerings - Yuval Avrahami
CLV - (14:35-16:59 PDT) - Kubernetes Security 101: Best Practices to Secure your Cluster (Workshop) - Magno Logan
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(09:00-15:59 PDT) - Darknet-NG -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:30 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-14:59 PDT) - Secure Coding Tournament CTF -
CON - cont...(10:00-16:59 PDT) - Red Team Village CTF - Qualifiers Part 1 -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(12:00-17:59 PDT) - Blacks in Cybersecurity CTF -
CPV - Playing God: How ambiguities in state and federal breach notification laws give lawyers too much discretion in deciding whether or not to disclose potential data breaches - Anthony Hendricks,Jordan Sessler
CPV - (14:45-14:59 PDT) - Lightning Talk: Differential Privacy and Census Data - Wendy Edwards
DC - cont...(08:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - MAVSH> Attacking from Above - Sach
DC - Hacking Humans with AI as a Service - Eugene Lim,Glenice Tan,Tan Kee Hock
DC - Rotten code, aging standards, & pwning IPv4 parsing across nearly every mainstream programming language - Kelly Kaoudis,Sick Codes
DC - (14:30-15:30 PDT) - Community Roundtable - Zero Trust, Critical Software, and a Cyber Safety Review Board -
DC - (14:30-15:30 PDT) - Policy Debrief - Global Cyber Capacity Building - triple challenge or triple opportunity? -
DDV - cont...(10:00-16:59 PDT) - Data Duplication Village - Open -
DL - Kubestriker - Vasant Chinnipilli
DL - Zuthaka - Lucas Bonastre
DL - Open Bridge - Constantine Macris
DL - Empire - Anthony "Cx01N" Rose,Vincent "Vinnybod" Rose
HHV - cont...(13:30-14:30 PDT) - A Lazy r2 Solve of @mediumrehr Challenge 6 - Ben Gardiner
HHV - (14:30-14:59 PDT) - Meetup: PCB Proto and Rework - K
HRV - cont...(09:00-15:59 PDT) - Ham Radio Exams -
HRV - Discord Practice Net -
HTSV - In-person broadcast via demolabs - Constantine Macris
ICSV - Consider the (Data) Source - Dan Gunter
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(13:30-14:15 PDT) - 5 years of IoT vulnerability research and countless 0days - A retrospective - Alex "Jay" Balan
IOTV - (14:30-15:15 PDT) - BLUEMONDAY Series – Exploitation & Mapping of vulnerable devices at scale through self-registration services (DATTO/ EGNYTE/ SYNOLOGY/ MERAKI/ GEOVISION) - Ken Pyle
LBV - cont...(13:30-14:30 PDT) - Alarm Bypass
LPV - (14:15-14:45 PDT) - Intro To Lockpicking - TOOOL
RCV - Finding Hidden Gems via URL Shortener Services - Utku Sen
RCV - (14:40-15:10 PDT) - Using OSINT to Aid in Human Trafficking and Smuggling Cases - Rae
RGV - The Neuroscience of Magic (Registration required) - Daniel Roy
SEV - cont...(13:30-14:30 PDT) - SE Team vs. Red Team - Ryan MacDougall
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - BADASS Meetup (Virtual) -

 

Friday - 15:00 PDT


Return to Index  -  Locations Legend
AIV - Identifying Excel 4.0 Macro strains using Anomaly Detection - Elad Ciuraru,Tal Leibovich
AIV - (15:30-16:30 PDT) - Workshop on Microsoft Counterfit - Will Pearce
APV - Scaling static analysis for free: add additional codebases with a single line of code and no money - Erin Browning,Tim Faraci 
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(13:00-15:59 PDT) - Understanding Space in the Cyber Domain -
ASV - cont...(14:00-15:59 PDT) - AIAA CubeSat Hacking Workshop - Virtual Lab #2 -
ASV - Developing Aerospace Security Training 3D Models - Kevin Hood
ASV - (15:30-15:55 PDT) - Collecting CANs: a Bridge Less Traveled - Peace Barry
AVV - cont...(14:45-15:45 PDT) - Exploiting Blue Team OPSEC failures with RedELK - Marc Smeets
AVV - (15:45-16:45 PDT) - Everything is a C2 if you're brave enough - Luis Ángel Ramírez Mendoza,Mauro Cáseres Rozanowski
BCV - cont...(14:30-15:59 PDT) - Workshop - Decentralized Cloud
BHV - cont...(10:00-17:59 PDT) - Biohacking Village CTF: Hospital Under Siege (Pre-registration required)
BHV - Truth, Trust, and Biodefense - Eric Perakslis
BHV - (15:30-15:59 PDT) - Healthcare Innovation With People of All Abilities - Joel Isaac,Pia Zaragoza
BTV - cont...(14:00-17:59 PDT) - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part1 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - cont...(14:15-15:15 PDT) - Adventures in Pro Bono Digital Forensics Work - John Bambenek
BTV - (15:30-16:30 PDT) - Uncovering covert network behaviors within critical infrastructure environments - Michael Raggo,Chester Hosmer
CAHV - cont...(12:00-15:59 PDT) - Resume Reviewing
CAHV - cont...(12:00-15:59 PDT) - Career Coaching
CAHV - This Job Ad Sucks - Kirsten Renner
CHV - Remote Adversarial Phantom Attacks against Tesla and Mobileye - Ben Nassi
CLV - cont...(14:35-16:59 PDT) - Kubernetes Security 101: Best Practices to Secure your Cluster (Workshop) - Magno Logan
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(09:00-15:59 PDT) - Darknet-NG -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:30 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-16:59 PDT) - Red Team Village CTF - Qualifiers Part 1 -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(12:00-17:59 PDT) - Blacks in Cybersecurity CTF -
CPV - So What? The CFAA after Van Buren - Kendra Albert
CPV - (15:30-16:30 PDT) - CPV Through the Looking-Glass: Adversarial Fashion (DC 27)
DC - cont...(08:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - cont...(14:30-15:30 PDT) - Community Roundtable - Zero Trust, Critical Software, and a Cyber Safety Review Board -
DC - cont...(14:30-15:30 PDT) - Policy Debrief - Global Cyber Capacity Building - triple challenge or triple opportunity? -
DC - UFOs: Misinformation, Disinformation, and the Basic Truth - Richard Thieme AKA neuralcowboy
DC - Abusing SAST tools! When scanners do more than just scanning - Rotem Bar
DC - ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Microsoft Exchange Server! - Orange Tsai
DC - (15:30-16:30 PDT) - Community Roundtable - 10 years after SOPA: where are we now? -
DDV - cont...(10:00-16:59 PDT) - Data Duplication Village - Open -
DL - cont...(14:00-15:50 PDT) - Kubestriker - Vasant Chinnipilli
DL - cont...(14:00-15:50 PDT) - Zuthaka - Lucas Bonastre
DL - cont...(14:00-15:50 PDT) - Open Bridge - Constantine Macris
DL - cont...(14:00-15:50 PDT) - Empire - Anthony "Cx01N" Rose,Vincent "Vinnybod" Rose
HHV - Robo Sumo On site - ShortTie
HHV - (15:30-15:59 PDT) - Meetup: Legacy Hardware - K
HRV - cont...(09:00-15:59 PDT) - Ham Radio Exams -
HTSV - cont...(14:00-15:50 PDT) - In-person broadcast via demolabs - Constantine Macris
ICSV - Approaches to Attract, Develop, and Retain an Industrial Cybersecurity Workforce - John Ellis,Julia Atkinson
ICSV - (15:30-15:59 PDT) - It Takes a Village (and a generous grant): Students Performing ICS Security Assessments - Alexander Vigovskiy,Christopher Von Reybyton,Dennis Skarr
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(14:30-15:15 PDT) - BLUEMONDAY Series – Exploitation & Mapping of vulnerable devices at scale through self-registration services (DATTO/ EGNYTE/ SYNOLOGY/ MERAKI/ GEOVISION) - Ken Pyle
IOTV - (15:30-16:15 PDT) - “Alexa, have you been compromised?” — Exploitation of Voice Assistants in Healthcare (and other business contexts) - Hutch (Justin Hutchens)
LPV - Doors, Cameras, and Mantraps OH MY! - Dylan The Magician
RCV - cont...(14:40-15:10 PDT) - Using OSINT to Aid in Human Trafficking and Smuggling Cases - Rae
RCV - (15:20-16:05 PDT) - Venator: Hunting & Smashing Trolls on Twitter - Mauro Cáseres Rozanowski
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(14:00-15:59 PDT) - BADASS Meetup (Virtual) -
WS - Windows Internals - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - Secure messaging over unsecured transports - Ash
WS - Learning to Hack Bluetooth Low Energy with BLE CTF - Ryan Holeman
WS - Writing Golang Malware - Benjamin Kurtz

 

Friday - 16:00 PDT


Return to Index  -  Locations Legend
AIV - cont...(15:30-16:30 PDT) - Workshop on Microsoft Counterfit - Will Pearce
AIV - (16:30-16:59 PDT) - AI Discord Happy Hour - Open Discussion on AIV Discord about the State of AI Security
APV - DFDs Ain't That Bad - Izar Tarandach,Matthew Coles
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - Holistic View of a Flight with Crowd Sourced Data - Allan Tart
AVV - cont...(15:45-16:45 PDT) - Everything is a C2 if you're brave enough - Luis Ángel Ramírez Mendoza,Mauro Cáseres Rozanowski
AVV - (16:45-17:45 PDT) - Designing a C2 Framework - Daniel "Rasta" Duggan
BCV - Surviving 51% Attacks on Blockchains - Yaz Khoury
BCV - (16:30-17:30 PDT) - Do You Really Own Your NFTs? - Francesco Piccoli,Steven Yang
BHV - cont...(10:00-17:59 PDT) - Biohacking Village CTF: Hospital Under Siege (Pre-registration required)
BHV - No Aggregation Without Representation - Andrea Downing
BTV - cont...(14:00-17:59 PDT) - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part1 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - cont...(15:30-16:30 PDT) - Uncovering covert network behaviors within critical infrastructure environments - Michael Raggo,Chester Hosmer
BTV - (16:30-17:59 PDT) - Watch Out! And just skip the packer - Felipe Duarte
BTV - (16:45-17:15 PDT) - A SERVERLESS SIEM: DETECTING ALL BADDIES ON A BUDGET - Chen Cao
CCV - State of Cryptocurrency Ransomware AMA - Guillermo Christensen
CLV - cont...(14:35-16:59 PDT) - Kubernetes Security 101: Best Practices to Secure your Cluster (Workshop) - Magno Logan
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:30 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-16:59 PDT) - Red Team Village CTF - Qualifiers Part 1 -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - cont...(12:00-17:59 PDT) - Blacks in Cybersecurity CTF -
CPV - cont...(15:30-16:30 PDT) - CPV Through the Looking-Glass: Adversarial Fashion (DC 27)
CPV - (16:30-17:30 PDT) - Piecing Together Your Personal Privacy Profile - Margaret Fero
DC - cont...(08:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - cont...(15:30-16:30 PDT) - Community Roundtable - 10 years after SOPA: where are we now? -
DC - Defending against nation-state (legal) attack: how to build a privacy-protecting service in the era of ubiquitous surveillance - Bill "Woody" Woodcock
DC - Bundles of Joy: Breaking macOS via Subverted Applications Bundles - Patrick Wardle
DC - The Unbelievable Insecurity of the Big Data Stack: An Offensive Approach to Analyzing Huge and Complex Big Data Infrastructures - Sheila A. Berta
DC - Community Roundtable - Volunteer Hacker Fire Department -
DDV - cont...(10:00-16:59 PDT) - Data Duplication Village - Open -
HRV - Remote Ham Radio Exams -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(15:30-16:15 PDT) - “Alexa, have you been compromised?” — Exploitation of Voice Assistants in Healthcare (and other business contexts) - Hutch (Justin Hutchens)
IOTV - (16:30-17:15 PDT) - IoT Testing Crash Course - Tim Jensen (EapolSniper)
LBV - Expoiting Retail Security with Tiktok's Hacker Community
LPV - (16:15-16:45 PDT) - Intro To Lockpicking - TOOOL
RCV - cont...(15:20-16:05 PDT) - Venator: Hunting & Smashing Trolls on Twitter - Mauro Cáseres Rozanowski
RCV - (16:15-16:45 PDT) - People Hunting: A Pentesters Perspective - Mishaal Khan
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - QueerCon Virtual Pool Party
SOC - QueerCon Party -
WS - cont...(15:00-18:59 PDT) - Windows Internals - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(15:00-18:59 PDT) - Secure messaging over unsecured transports - Ash
WS - cont...(15:00-18:59 PDT) - Learning to Hack Bluetooth Low Energy with BLE CTF - Ryan Holeman
WS - cont...(15:00-18:59 PDT) - Writing Golang Malware - Benjamin Kurtz

 

Friday - 17:00 PDT


Return to Index  -  Locations Legend
APV - (17:30-17:35 PDT) - AppSec Quiz Time! - Eden Stroet
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
AVV - cont...(16:45-17:45 PDT) - Designing a C2 Framework - Daniel "Rasta" Duggan
AVV - (17:45-19:59 PDT) - (Workshop) Tradecraft Development in Adversary Simulations - Fatih Ozavci
BCV - cont...(16:30-17:30 PDT) - Do You Really Own Your NFTs? - Francesco Piccoli,Steven Yang
BHV - cont...(10:00-17:59 PDT) - Biohacking Village CTF: Hospital Under Siege (Pre-registration required)
BHV - Lets Get Real About The Future State of Healthcare - Christian Dameff,Jeff 'R3plicant' Tully
BTV - cont...(14:00-17:59 PDT) - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part1 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - cont...(16:30-17:59 PDT) - Watch Out! And just skip the packer - Felipe Duarte
BTV - cont...(16:45-17:15 PDT) - A SERVERLESS SIEM: DETECTING ALL BADDIES ON A BUDGET - Chen Cao
BTV - (17:30-17:59 PDT) - Scope X: Hunt in the Ocean! - Meisam Eslahi
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:30 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - cont...(12:00-17:59 PDT) - Blacks in Cybersecurity CTF -
CON - EFF Tech Trivia -
CPV - cont...(16:30-17:30 PDT) - Piecing Together Your Personal Privacy Profile - Margaret Fero
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - Do No harm; Health Panel : Live version - A DEF CON Policy Panel - DEF CON Policy Panel
DC - Phantom Attack: Evading System Call Monitoring - Junyuan Zeng,Rex Guo
DC - Warping Reality - creating and countering the next generation of Linux rootkits using eBPF - PatH
HHV - (17:30-17:59 PDT) - Meetup: Some HHV challenges - rehr
HRV - cont...(16:00-17:59 PDT) - Remote Ham Radio Exams -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(16:30-17:15 PDT) - IoT Testing Crash Course - Tim Jensen (EapolSniper)
IOTV - (17:30-18:15 PDT) - Defending IoT in the Future of High-Tech Warfare - Harshit Agrawal
LBV - cont...(16:00-17:59 PDT) - Expoiting Retail Security with Tiktok's Hacker Community
LPV - Law School for Lockpickers - Preston Thomas
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-17:59 PDT) - QueerCon Virtual Pool Party
SOC - cont...(16:00-17:59 PDT) - QueerCon Party -
SOC - Friends of Bill W. -
WS - cont...(15:00-18:59 PDT) - Windows Internals - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(15:00-18:59 PDT) - Secure messaging over unsecured transports - Ash
WS - cont...(15:00-18:59 PDT) - Learning to Hack Bluetooth Low Energy with BLE CTF - Ryan Holeman
WS - cont...(15:00-18:59 PDT) - Writing Golang Malware - Benjamin Kurtz

 

Friday - 18:00 PDT


Return to Index  -  Locations Legend
AVV - cont...(17:45-19:59 PDT) - (Workshop) Tradecraft Development in Adversary Simulations - Fatih Ozavci
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - cont...(17:00-19:59 PDT) - EFF Tech Trivia -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - cont...(17:00-18:59 PDT) - Do No harm; Health Panel : Live version - A DEF CON Policy Panel - DEF CON Policy Panel
DC - Response Smuggling: Pwning HTTP/1.1 Connections - Martin Doyhenard
DC - How I use a JSON Deserialization 0day to Steal Your Money On The Blockchain - Hao Xing,Zekai Wu
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(17:30-18:15 PDT) - Defending IoT in the Future of High-Tech Warfare - Harshit Agrawal
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - Lawyers Meet -
SOC - Hacker Karaoke (Virtual) -
WS - cont...(15:00-18:59 PDT) - Windows Internals - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(15:00-18:59 PDT) - Secure messaging over unsecured transports - Ash
WS - cont...(15:00-18:59 PDT) - Learning to Hack Bluetooth Low Energy with BLE CTF - Ryan Holeman
WS - cont...(15:00-18:59 PDT) - Writing Golang Malware - Benjamin Kurtz

 

Friday - 19:00 PDT


Return to Index  -  Locations Legend
AVV - cont...(17:45-19:59 PDT) - (Workshop) Tradecraft Development in Adversary Simulations - Fatih Ozavci
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - cont...(17:00-19:59 PDT) - EFF Tech Trivia -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-19:59 PDT) - Lawyers Meet -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -

 

Friday - 20:00 PDT


Return to Index  -  Locations Legend
AVV - Panel discussion: Adversary simulation, emulation or purple teaming - How would you define it? - Tomer Bar,Samuel Kimmons,Anant Shrivastava,Vincent Yiu,Martin Ingesen,Joe Vest
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - Hacker Jeopardy -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - DEF CON Movie Night - Tron -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
SOC - Vampire the Masquerade (Party) -
SOC - War Story Bunker -

 

Friday - 21:00 PDT


Return to Index  -  Locations Legend
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - cont...(20:00-21:59 PDT) - Hacker Jeopardy -
DC - cont...(20:00-21:59 PDT) - DEF CON Movie Night - Tron -
MUS - Music - Thaad - Thaad
MUS - Music - Yesterday & Tomorrow - Yesterday & Tomorrow
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
SOC - cont...(20:00-21:59 PDT) - War Story Bunker -
SOC - Gothcon 2021 (Virtual) -

 

Friday - 22:00 PDT


Return to Index  -  Locations Legend
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - Whose Slide Is It Anyway -
MUS - Music - FuzzyNop - FuzzyNop
MUS - Music - Terrestrial Access Network - Terrestrial Access Network
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -

 

Friday - 23:00 PDT


Return to Index  -  Locations Legend
CON - cont...(00:00-23:59 PDT) - Coindroids -
CON - cont...(10:00-23:55 PDT) - Car Hacking CTF -
CON - cont...(22:00-23:59 PDT) - Whose Slide Is It Anyway -
MUS - Music - n0x08 - n0x08
MUS - Music - Z3NPI - Z3NPI
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -

Saturday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Saturday - 00:00 PDT


Return to Index  -  Locations Legend
MUS - Music - Scotch & Bubbles - Scotch & Bubbles

 

Saturday - 01:00 PDT


Return to Index  -  Locations Legend
MUS - Music - Magik Plan - Magik Plan

 

Saturday - 08:00 PDT


Return to Index  -  Locations Legend
HHV - (08:30-08:59 PDT) - Hardware Hacking 101: Rogue Keyboards and Eavesdropping Cables - Federico Lucifredi
RFV - The Basics of Breaking BLE - Part 2: Doing More With Less - freqy

 

Saturday - 09:00 PDT


Return to Index  -  Locations Legend
AIV - Welcome to AI Village - AI Village Organizers
AIV - (09:30-10:59 PDT) - Intro to ML Workshop - Gavin Klondike
APV - AppSec Village Welcome and Introductions
APV - Borrow a mentor
APV - Scaling AppSec through Education - Grant Ongers (rewtd)
ASV - A-ISAC CTF -- Pre-registration Required -
ASV - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - (09:30-10:50 PDT) - VDP in aviation: Experiences and lessons learnt as a researcher - Matt Gaffney
BTV - I know who has access to my cloud, do you? - Igal Flegmann
BTV - Wireshark for Incident Response & Threat Hunting - Michael Wylie
CON - OpenSOC Blue Team CTF -
CON - Trace Labs OSINT Search Party CTF - Briefing -
CON - Darknet-NG -
DC - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
HHV - (09:30-10:30 PDT) - Use a PortaProg to flash, dump, and test ISP and UPDI chips - Bradán Lane,Sara Cladlow
PHV - APT Hunting with Splunk - John Stoner
PHV - Seeing the Forest Through the Trees – Foundations of Event Log Analysis - Jake Williams

 

Saturday - 10:00 PDT


Return to Index  -  Locations Legend
AIV - cont...(09:30-10:59 PDT) - Intro to ML Workshop - Gavin Klondike
APV - I used AppSec skills to hack IoT, and so can you - Alexei Kojenov
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(09:30-10:50 PDT) - VDP in aviation: Experiences and lessons learnt as a researcher - Matt Gaffney
ASV - Antenny -
ASV - ARINC 429 Lab -
ASV - Deep Space Networking -
ASV - Hack-A-Sat2 Satellite Platform -
ASV - HACMS Live Demo -
ASV - Lego Spike Hub -
ASV - Understanding Space in the Cyber Domain -
ASV - ADSB Demo and Paper Airplanes -
AVV - The Way of The Adversary - Phillip Wylie
BCV - Welcome Note - Nathan,Ron Stoner
BCV - (10:15-11:30 PDT) - Key Note – The Three Amigos: Money Laundering, Cryptocurrencies, and Smart Contracts - Daniel Garrie,David Cass
BHV - How to Not Miss The Point: Reflections on Race, Health, and Equity - Nia Johnson
BHV - CTF: Hospital Under Siege (Pre-registration required)
BICV - (10:30-10:30 PDT) - Black Cyber Exodus: The Mis-Education (Certification) of Black Cyber - Stephen Pullum
BTV - cont...(09:00-10:30 PDT) - Wireshark for Incident Response & Threat Hunting - Michael Wylie
BTV - (10:15-11:15 PDT) - Use DNS to detect your domains are abused for phishing - Karl Lovink a.k.a. Cyb0rg42,Arnold Holzel
CCV - What Is Zero Knowledge - Sarang Noether, Ph.D.
CLV - Extracting all the Azure Passwords - Karl Fosaaen
CLV - (10:45-11:30 PDT) - Windows Server Containers are Broken - Here's How You Can Break Out - Daniel Prizmant
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - DEF CON 29 CTF by OOO -
CON - Red Team Village CTF - Qualifiers Part 2 -
CON - Red Alert ICS CTF -
CON - Trace Labs OSINT Search Party CTF -
CON - CMD+CTRL -
CON - Hack3r Runw@y -
CPV - CPV Through the Looking-Glass: Cryptography Codes and Secret Writing (DC 26)
CPV - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - DEF CON Vendor Area Open
DC - Privacy Without Monopoly: Paternalism Works Well, But Fails Badly - Cory Doctorow
DC - High-Stakes Updates | BIOS RCE OMG WTF BBQ - Jesse Michael,Mickey Shkatov
DC - Crossover Episode: The Real-Life Story of the First Mainframe Container Breakout - Chad Rikansrud (Bigendian Smalls),Ian Coldwater
DC - Community Roundtable - Supply Chain in the COVID Era -
DC - Community Roundtable - We need to talk about Norm – Discussions on International cyber norms in diplomacy -
DDV - Data Duplication Village - Open -
DL - Kubernetes Goat - Madhu Akula
DL - Ruse - Mike Kiser
DL - PMapper - Erik Steringer
DL - Depthcharge - Jon Szymaniak
HHV - cont...(09:30-10:30 PDT) - Use a PortaProg to flash, dump, and test ISP and UPDI chips - Bradán Lane,Sara Cladlow
HHV - (10:30-10:59 PDT) - The Black Box and the Brain Box: When Electronics and Deception Collide - Gigs
HTSV - OSINT Tales: What the Public Knows About Russia’s New Mega-Submarine - H I Sutton
ICSV - CybatiWorks Mission Station Workshop - Matthew Luallen
IOTV - Pentesting 101 -
IOTV - I used AppSec skills to hack IoT, and so can you - Alexei Kojenov
IOTV - UART to UBOOT to ROOT -
IOTV - IoT Village Capture the Flag (CTF) -
IOTV - IoT Village Labs -
IOTV - Black Box Challenges -
LBV - Bypass 101
LPV - Intro To Lockpicking - TOOOL
PHV - cont...(09:00-10:59 PDT) - APT Hunting with Splunk - John Stoner
PHV - *nix Processes. Starting, Stopping, and Everything In Between - Nick Roy
RCV - Adversary Infrastructure Tracking with Mihari - Manabu Niseki
RCV - (10:40-11:10 PDT) - The Bug Hunter’s Recon Methodology  - Tushar Verma
SEV - SECTF4Teens - Chris Silvers,Kris Silvers
VMV - Voting Village Keynote Remarks - Thomas Hicks
VMV - (10:30-10:59 PDT) - Secrets of Social Media PsyOps - BiaSciLab
WS - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - Bug bounty Hunting Workshop - David Patten,Philippe Delteil
WS - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist
WS - Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders - Michael Register,Michael Solomon

 

Saturday - 11:00 PDT


Return to Index  -  Locations Legend
AIV - The Coming AI Hackers - Bruce Schneier
APV - The Curious case of knowing the unknown - Vandana Verma Sehgal
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-12:59 PDT) - Understanding Space in the Cyber Domain -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - Decoding NOAA Weather Sat Signals -
ASV - (11:30-12:59 PDT) - AIAA CubeSat Hacking Workshop - Virtual Lab #3 -
ASV - (11:30-11:55 PDT) - Defending the Unmanned Aerial Vehicle: Advancements in UAV Intrusion Detection - Jason Whelan
AVV - (Workshop) From zero to hero: creating a reflective loader in C# - Jean Francois Maes
BCV - cont...(10:15-11:30 PDT) - Key Note – The Three Amigos: Money Laundering, Cryptocurrencies, and Smart Contracts - Daniel Garrie,David Cass
BCV - (11:30-11:59 PDT) - Tryptich Talk - Sarang Noether, Ph.D.
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - Chinese Military Bioweapons and Intimidation Operations: Part III - RedDragon
BTV - cont...(10:15-11:15 PDT) - Use DNS to detect your domains are abused for phishing - Karl Lovink a.k.a. Cyb0rg42,Arnold Holzel
BTV - Tricks for the Triage of Adversarial Software - Dylan Barker,Quinten Bowen
BTV - BTV Presents: Malware Station - Maldoc Workshop - Clay (ttheveii0x)
BTV - (11:30-11:59 PDT) - What Machine Learning Can and Can't Do for Security - Wendy Edwards
CHV - My other car is your car: compromising the Tesla Model X keyless entry system - Lennert Wouters
CLV - cont...(10:45-11:30 PDT) - Windows Server Containers are Broken - Here's How You Can Break Out - Daniel Prizmant
CLV - (11:30-12:15 PDT) - AWS cloud attack vectors and security controls - Kavisha Sheth
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-11:59 PDT) - Red Team Village CTF - Qualifiers Part 2 -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CPV - cont...(10:00-11:30 PDT) - CPV Through the Looking-Glass: Cryptography Codes and Secret Writing (DC 26)
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - (11:30-12:30 PDT) - Breaking Historical Ciphers with Modern Algorithms - Elonka Dunin,Klaus Schmeh
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - Wibbly Wobbly, Timey Wimey – What's Really Inside Apple's U1 Chip - Alexander Heinrich,jiska
DC - UPnProxyPot: fake the funk, become a blackhat proxy, MITM their TLS, and scrape the wire - Chad Seaman
DC - (11:30-12:30 PDT) - Community Roundtable - If only you knew -
DL - cont...(10:00-11:50 PDT) - Kubernetes Goat - Madhu Akula
DL - cont...(10:00-11:50 PDT) - Ruse - Mike Kiser
DL - cont...(10:00-11:50 PDT) - PMapper - Erik Steringer
DL - cont...(10:00-11:50 PDT) - Depthcharge - Jon Szymaniak
HHV - Walkthrough of DC 28 HHV Challenges - rehr
HRV - Amateur Radio Mesh Networking: Enabling Higher Data-rate Communications - Tyler Gardner
HTSV - Cyber-SHIP Lab Talk and Demo - Kevin Jones,Kimberley Tam
ICSV - cont...(10:00-11:59 PDT) - CybatiWorks Mission Station Workshop - Matthew Luallen
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - You're Doing IoT RNG - Allan Cecil - dwangoAC,Dan Petro - AltF4
LBV - Bypassing Retail Security Tags
LPV - Hybrid PhySec tools - best of both worlds or just weird? - d1dymu5
PHV - Linux Binary Analysis w/ Strace - Jared Stroud
RCV - cont...(10:40-11:10 PDT) - The Bug Hunter’s Recon Methodology  - Tushar Verma
RCV - (11:20-11:50 PDT) - Can I Make My Own Social Threat Score? - MasterChen
SEV - cont...(10:00-11:59 PDT) - SECTF4Teens - Chris Silvers,Kris Silvers
VMV - How to Weaponize RLAs to Discredit an Election - Carsten Schürmann
VMV - (11:30-11:59 PDT) - High Turnout, Wide Margins - Brianna Lennon,Eric Fey
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Bug bounty Hunting Workshop - David Patten,Philippe Delteil
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist
WS - cont...(10:00-13:59 PDT) - Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders - Michael Register,Michael Solomon

 

Saturday - 12:00 PDT


Return to Index  -  Locations Legend
AIV - Never a dill moment: Exploiting machine learning pickle files - Suha Sabi Hussain
AIV - (12:30-12:59 PDT) - Replication as a Security Threat: How to Save Millions By Recreating Someone Else’s Model - Stella Biderman
APV - CSP is broken, let’s fix it - Amir Shaked
APV - (Workshop) - Integrating DAST tools into developers' test process - Joe Schottman 
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-12:59 PDT) - Understanding Space in the Cyber Domain -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(11:30-12:59 PDT) - AIAA CubeSat Hacking Workshop - Virtual Lab #3 -
ASV - Federal Perspective on Aerospace Cybersecurity - Larry Grossman,Steve Luczynski
ASV - In Space, No One Can Hear You Hack -
ASV - (12:30-13:20 PDT) - Lost In Space: No-one Can Hear Your Breach (Choose Wisely) - Elizabeth Wharton
AVV - cont...(11:00-13:15 PDT) - (Workshop) From zero to hero: creating a reflective loader in C# - Jean Francois Maes
BCV - Ethereum Hacks & How to Stop Them - Michael Lewellen
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - (12:30-13:30 PDT) - Cloud security for healthcare and life sciences - MIchelle Holko
BICV - (12:30-12:30 PDT) - The OPSEC of Protesting - Ochaun Marshall
BTV - cont...(11:00-12:30 PDT) - Tricks for the Triage of Adversarial Software - Dylan Barker,Quinten Bowen
BTV - cont...(11:00-12:30 PDT) - BTV Presents: Malware Station - Maldoc Workshop - Clay (ttheveii0x)
BTV - (12:15-12:45 PDT) - How do you ALL THE CLOUDS? - henry
CAHV - National Service Panel - Amelie Koran,Elizabeth Schweinsberg,Joe Billingsley,Teri Williams
CAHV - Resume Reviewing
CAHV - Career Coaching
CHV - Not so Passive: Vehicle Identification and Tracking via Passive Keyless Entry - Nick Ashworth
CLV - cont...(11:30-12:15 PDT) - AWS cloud attack vectors and security controls - Kavisha Sheth
CLV - (12:15-12:45 PDT) - Using Barq to perform AWS Post-Exploitation Actions - Mohammed Aldoub
CLV - (12:45-13:30 PDT) - Shift Left Using Cloud: Implementing baseline security into your deployment lifecycle - Avinash Jain
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - Red Team Village CTF - Qualifier Prizes and Announcements -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - cont...(11:30-12:30 PDT) - Breaking Historical Ciphers with Modern Algorithms - Elonka Dunin,Klaus Schmeh
CPV - (12:30-13:15 PDT) - CPV Through the Looking-Glass: Cryptanalysis in the Time of Ransomware (DC 25)
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - cont...(11:30-12:30 PDT) - Community Roundtable - If only you knew -
DC - Bring Your Own Print Driver Vulnerability - Jacob Baines
DC - Racketeer Toolkit. Prototyping Controlled Ransomware Operations - Dimitry "Op_Nomad" Snezhkov
DC - Time Turner - Hacking RF Attendance Systems (To Be in Two Places at Once) - Vivek Nair
DC - (12:30-12:50 PDT) - Hack the hackers: Leaking data over SSL/TLS - Ionut Cernica
DC - (12:30-12:50 PDT) - A new class of DNS vulnerabilities affecting many DNS-as-Service platforms - Ami Luttwak,Shir Tamari
DL - Tracee - Yaniv Agman
DL - USBSamurai - Luca Bongiorni
DL - Git Wild Hunt - Rod Soto,José Hernandez
HHV - A Lazy r2 Solve of @mediumrehr Challenge 6 - Ben Gardiner
HRV - Ham Radio Exams -
HTSV - Hack the Sea Cabana Party -
HTSV - Cyber in the Under Sea - David Strachan
ICSV - Fireside Chat - August Cole - August Cole
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - Strategic Trust and Deception in the Internet of Things - Juneau Jones
IOTV - (12:45-13:30 PDT) - MIPS-X - The next IoT Frontier - Patrick Ross,Zoltán Balázs
LBV - Tools 101 & Q&A
LPV - Intro To Lockpicking - TOOOL
PHV - Security Investigations with Splunk - Robert Wagner
PHV - RCE via Meow Variant along with an Example 0day - Özkan Mustafa AKKUŞ
RCV - Let the bugs come to me - how to build cloud-based recon automation at scale - Ryan Elkins
RGV - Twitter Q&A regarding Top 10 BOGUS Biometrics! - Vic Harkness
SEV - (12:30-13:30 PDT) - Using SE to create insider threats and win all the things - Lisa Forte
SOC - Friends of Bill W. -
VMV - Keeping Your Information Security Policy Up to Date - Sang-Oun Lee
VMV - (12:30-12:59 PDT) - Social Media Security = Election Security - Sebastian Bay
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Bug bounty Hunting Workshop - David Patten,Philippe Delteil
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist
WS - cont...(10:00-13:59 PDT) - Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders - Michael Register,Michael Solomon

 

Saturday - 13:00 PDT


Return to Index  -  Locations Legend
AIV - Who's Afraid of Thomas Bayes? - Erick Galinkin
AIV - (13:30-13:59 PDT) - Risks of ML Systems in Health Care: The Real Story - Barton Rhodes
APV - cont...(12:00-14:30 PDT) - (Workshop) - Integrating DAST tools into developers' test process - Joe Schottman 
APV - When nothing goes right, push left. Designing logs for future breach investigations - Vee
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(12:00-15:59 PDT) - In Space, No One Can Hear You Hack -
ASV - cont...(12:30-13:20 PDT) - Lost In Space: No-one Can Hear Your Breach (Choose Wisely) - Elizabeth Wharton
AVV - cont...(11:00-13:15 PDT) - (Workshop) From zero to hero: creating a reflective loader in C# - Jean Francois Maes
AVV - (13:15-13:59 PDT) - (Tool Demo) Red Team Credentials Reconnaissance (OLD with a TWIST) - Shantanu Khandelwal
BCV - Certified Ethereum Professional (CEP) Overview - Abstrct
BCV - (13:30-13:59 PDT) - Sla(sh*t)ing happens when you stake - Nadir Akhtar,Y L
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - cont...(12:30-13:30 PDT) - Cloud security for healthcare and life sciences - MIchelle Holko
BHV - (13:30-13:59 PDT) - Securing the Internet of Biological Things - Thom Dixon
BTV - (13:45-14:15 PDT) - Leveraging NGFWs for Threat Hunting - Drimacus
CAHV - cont...(12:00-15:59 PDT) - Resume Reviewing
CAHV - cont...(12:00-15:59 PDT) - Career Coaching
CAHV - Selling Yourself as a Security Professional - Preston Pierce
CCV - Monero Scaling Opportunities and Challenges - Francisco Cabañas
CHV - Fuzzing CAN / CAN FD ECU's and Network - Samir Bhagwat
CLV - cont...(12:45-13:30 PDT) - Shift Left Using Cloud: Implementing baseline security into your deployment lifecycle - Avinash Jain
CLV - (13:30-13:50 PDT) - CSPM2CloudTrail - Extending CSPM Tools with (Near) Real-Time Detection Signatures (Lightning Talk) - Rodrigo "Sp0oKeR" Montoro
CLV - (13:50-14:35 PDT) - Azure Active Directory Hacking Wars - Batuhan Sancak
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - Red Team Village CTF - Finals Part 1 -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - cont...(12:30-13:15 PDT) - CPV Through the Looking-Glass: Cryptanalysis in the Time of Ransomware (DC 25)
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - TEMPEST radio station - Paz Hameiri
DC - PINATA: PIN Automatic Try Attack - Salvador Mendoza
DC - Defeating Physical Intrusion Detection Alarm Wires - Bill Graydon
DC - Community Roundtable - RANSOMWARE: Combatting Ransomware on a Global Stage / The realities of responding to ransomware -
DL - cont...(12:00-13:50 PDT) - Tracee - Yaniv Agman
DL - cont...(12:00-13:50 PDT) - USBSamurai - Luca Bongiorni
DL - cont...(12:00-13:50 PDT) - Git Wild Hunt - Rod Soto,José Hernandez
HHV - Meetup: Some HHV challenges - rehr
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - (13:30-14:30 PDT) - Amateur Radio Digital Modes Primer - Jon Marler
HTSV - cont...(12:00-14:59 PDT) - Hack the Sea Cabana Party -
HTSV - Sea Pods - Grant Romundt
ICSV - Toward a Collaborative Cyber Defense and Enhanced Threat Intelligence Structure - Lauren Zabierek
ICSV - (13:30-13:59 PDT) - Fortifying ICS - Hardening and Testing - Dieter Sarrazyn
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(12:45-13:30 PDT) - MIPS-X - The next IoT Frontier - Patrick Ross,Zoltán Balázs
IOTV - (13:45-14:30 PDT) - Mind the Gap - Managing Insecurity in Enterprise IoT - Cheryl Biswas
LBV - Electronic Warfare & Q&A
LPV - How I defeated the Western Electric 30c - N∅thing
PHV - cont...(12:00-13:59 PDT) - Security Investigations with Splunk - Robert Wagner
SEV - cont...(12:30-13:30 PDT) - Using SE to create insider threats and win all the things - Lisa Forte
SEV - (13:30-14:30 PDT) - The Innocent Lives Foundation: A Beacon of Light in a Dark World - John McCombs
SOC - A&E Pool Party! -
VMV - New Hampshire SB43 Forensic Audit - Harri Hursti
VMV - (13:30-13:59 PDT) - Why Hacking Voters Is Easier Than Hacking Ballots - Maurice Turner
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Bug bounty Hunting Workshop - David Patten,Philippe Delteil
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist
WS - cont...(10:00-13:59 PDT) - Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders - Michael Register,Michael Solomon

 

Saturday - 14:00 PDT


Return to Index  -  Locations Legend
AIV - The Real History of Adversarial Machine Learning - Eugene Neelou
APV - cont...(12:00-14:30 PDT) - (Workshop) - Integrating DAST tools into developers' test process - Joe Schottman 
APV - How I broke into Mexico City's justice system application and database - Alfonso Ruiz Cruz
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(12:00-15:59 PDT) - In Space, No One Can Hear You Hack -
ASV - AIAA CubeSat Hacking Workshop - Virtual Lab #4 -
ASV - (14:30-14:55 PDT) - True Story: Hackers in the Aerospace Sector - Declyn S.,Ginny Spicer,Olivia Stella,Steve Luczynski,Thomas Bristow
AVV - Operation Bypass: Catch My Payload If You Can - Matthew Eidelberg
BCV - EIP-1559 Panel
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - The Real Story on Patching Medical Devices - Michael Murray
BICV - (14:30-14:30 PDT) - 40 cores and a CPU - Nico "Socks" Smith
BTV - cont...(13:45-14:15 PDT) - Leveraging NGFWs for Threat Hunting - Drimacus
BTV - BTV Presents: Forensics Station - Workshop 1 - Omenscan
BTV - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - (14:30-15:30 PDT) - Modern Authentication for the Security Admin - Bailey Bercik,Mark Morowczynski
CAHV - cont...(12:00-15:59 PDT) - Resume Reviewing
CAHV - cont...(12:00-15:59 PDT) - Career Coaching
CAHV - Career Hacking: Tips and Tricks to Making the Most of your Career - Andy Piazza
CHV - Build Automotive Gateways with Ease - Don Hatfield
CLV - cont...(13:50-14:35 PDT) - Azure Active Directory Hacking Wars - Batuhan Sancak
CLV - (14:35-16:59 PDT) - Onions In the Cloud Make the CISO Proud (Workshop) - Wes Lambert
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - cont...(13:00-16:59 PDT) - Red Team Village CTF - Finals Part 1 -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - Staying Fresh While the Feds Watch: Changes in Government Surveillance and Why it Matters - Anthony Hendricks
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - cont...(13:00-14:59 PDT) - Community Roundtable - RANSOMWARE: Combatting Ransomware on a Global Stage / The realities of responding to ransomware -
DC - Sneak into buildings with KNXnet/IP - Claire Vacherot
DC - SPARROW: A Novel Covert Communication Scheme Exploiting Broadcast Signals in LTE, 5G & Beyond - Chuck McAuley,Reza Soosahabi
DC - Over-the-air remote code execution on the DEF CON 27 badge via Near Field Magnetic Inductance or World’s first NFMI exploitation, sorta or OTARCEDC27NFMIOMGWTFBBQ - Seth Kintigh
DL - ParseAndC - Parbati Kumar Manna
DL - WiFi Kraken Lite - Henry Hill
DL - WiFi Kraken Lite - Henry Hill
DL - Shutter - Dimitry "Op_Nomad" Snezhkov
HHV - Meetup: Sourcing Parts & The Global Parts Shortage - bombnav
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - cont...(13:30-14:30 PDT) - Amateur Radio Digital Modes Primer - Jon Marler
HTSV - cont...(12:00-14:59 PDT) - Hack the Sea Cabana Party -
HTSV - Cyber Operations and Operational Wargames on Port Infrastructure - Tom Mouatt,Ed McGrady,John Curry
ICSV - Crippling the Grid: Examination of Dependencies and Cyber Vulnerabilities - Joe Slowik
ICSV - (14:30-14:59 PDT) - Leveraging SBOMs to Enhance ICS Security - Thomas Pace
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(13:45-14:30 PDT) - Mind the Gap - Managing Insecurity in Enterprise IoT - Cheryl Biswas
IOTV - (14:45-15:30 PDT) - Reverse Supply Chain Attack - A Dangerous Pathway To Medical Facilities’ Networks - Barak Hadad,Gal Kaufman
LBV - cont...(13:00-14:30 PDT) - Electronic Warfare & Q&A
LBV - (14:30-15:59 PDT) - Alarm Bypass & Q&A
LPV - (14:15-14:45 PDT) - Intro To Lockpicking - TOOOL
RCV - How vigilant researchers can uncover APT attacks for fun and non profit - Ladislav Baco
RCV - (14:40-15:10 PDT) - .GOV Doppelgänger: Your Häx Dollars at Work - Anthony Kava
SEV - cont...(13:30-14:30 PDT) - The Innocent Lives Foundation: A Beacon of Light in a Dark World - John McCombs
SEV - (14:30-15:30 PDT) - Make Them Want To Tell You: The Science of Elicitation - Christopher Hadnagy
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Saturday - 15:00 PDT


Return to Index  -  Locations Legend
AIV - RTV/AIV Red Teaming AI Roundtable - Rich Harang,Anita Nikolich
APV - A Deep Dive Into Supply Chain Vulnerabilities: And How SecDevOps Can Save the Day - Adam Schaal
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - cont...(10:00-15:59 PDT) - Antenny -
ASV - cont...(10:00-15:59 PDT) - ARINC 429 Lab -
ASV - cont...(10:00-15:59 PDT) - Deep Space Networking -
ASV - cont...(10:00-15:59 PDT) - Hack-A-Sat2 Satellite Platform -
ASV - cont...(10:00-15:59 PDT) - HACMS Live Demo -
ASV - cont...(10:00-15:59 PDT) - Lego Spike Hub -
ASV - cont...(10:00-15:59 PDT) - ADSB Demo and Paper Airplanes -
ASV - cont...(12:00-15:59 PDT) - In Space, No One Can Hear You Hack -
ASV - cont...(14:00-15:59 PDT) - AIAA CubeSat Hacking Workshop - Virtual Lab #4 -
ASV - Drone Security Research Series – Ep6 Hacking with drones - Matt Gaffney
AVV - (Tool Demo) PurpleSharp: Automated Adversary Simulation - Mauricio Velazco
AVV - (15:45-16:30 PDT) - Phish Like An APT - Sanne Maasakkers
BCV - Evils in the DeFi world - Minzhi He,Peiyu Wang
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - OWASP & CSA IoT: Impacting Medical Security - Aaron Guzman
BTV - cont...(14:00-15:30 PDT) - BTV Presents: Forensics Station - Workshop 1 - Omenscan
BTV - cont...(14:00-17:59 PDT) - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - cont...(14:30-15:30 PDT) - Modern Authentication for the Security Admin - Bailey Bercik,Mark Morowczynski
BTV - (15:45-16:45 PDT) - Uncomfortable Networking - Charles Rumford
CAHV - cont...(12:00-15:59 PDT) - Resume Reviewing
CAHV - cont...(12:00-15:59 PDT) - Career Coaching
CCV - Triptych - Sarang Noether, Ph.D.
CHV - Safety Third: Defeating Chevy StabiliTrak for Track Time Fun - Eric Gershman
CLV - cont...(14:35-16:59 PDT) - Onions In the Cloud Make the CISO Proud (Workshop) - Wes Lambert
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(09:00-15:59 PDT) - OpenSOC Blue Team CTF -
CON - cont...(10:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-15:59 PDT) - Trace Labs OSINT Search Party CTF -
CON - cont...(10:00-15:59 PDT) - CMD+CTRL -
CON - cont...(13:00-16:59 PDT) - Red Team Village CTF - Finals Part 1 -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - CPV Through the Looking-Glass: Hacking on Multi-Party Computation (DC 25)
CPV - (15:30-16:30 PDT) - Gold Bug Q&A -
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - Hacking G Suite: The Power of Dark Apps Script Magic - Matthew Bryant
DC - Central bank digital currency, threats and vulnerabilities - Ian Vitek
DC - Breaking Secure Bootloaders - Christopher Wade
DL - cont...(14:00-15:50 PDT) - ParseAndC - Parbati Kumar Manna
DL - cont...(14:00-15:50 PDT) - WiFi Kraken Lite - Henry Hill
DL - cont...(14:00-15:50 PDT) - WiFi Kraken Lite - Henry Hill
DL - cont...(14:00-15:50 PDT) - Shutter - Dimitry "Op_Nomad" Snezhkov
HHV - Meetup: OSS ASIC - Josh Marks
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - How to Contact the ISS with a $30 Radio - Gregg Horton
HTSV - US Coast Guard 2021 Cyber Strategic Outlook - Michael Chien
ICSV - Smart Meters: I'm Hacking Infrastructure and So Should You - Hash Salehi
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(14:45-15:30 PDT) - Reverse Supply Chain Attack - A Dangerous Pathway To Medical Facilities’ Networks - Barak Hadad,Gal Kaufman
IOTV - (15:45-16:15 PDT) - Ethics at the Edge: IoT as the Embodiment of AI for Rampant Intelligence Actuation - Ria Cheruvu
LBV - cont...(14:30-15:59 PDT) - Alarm Bypass & Q&A
LPV - The Coat Hanger Talk: A Noob's Look Into the Thieves World - De
RCV - cont...(14:40-15:10 PDT) - .GOV Doppelgänger: Your Häx Dollars at Work - Anthony Kava
RCV - (15:20-16:05 PDT) - OSINT for Sex Workers - Kala Kinyon
SEV - cont...(14:30-15:30 PDT) - Make Them Want To Tell You: The Science of Elicitation - Christopher Hadnagy
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
WS - Network Analysis with Wireshark - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - Evading Detection a Beginner's Guide to Obfuscation - Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
WS - Advanced Wireless Attacks Against Enterprise Networks - Solstice

 

Saturday - 16:00 PDT


Return to Index  -  Locations Legend
AIV - Where We’re Going We Don’t Need Labels: Anomaly Detection for 2FA - Rebecca Lynch,Stefano Meschiari
AIV - (16:30-16:59 PDT) - AI Discord Happy Hour - Open Discussion on AIV Discord about the State of AI Security
APV - DevSecOps: Merging Security and Software Engineering - Magno Logan DELETE ME
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
ASV - cont...(09:00-16:59 PDT) - California Cyber Innovation Challenge CTF -- Pre-registration Required -
ASV - Fuzzing NASA Core Flight System Software - Ronald Broberg
AVV - cont...(15:45-16:30 PDT) - Phish Like An APT - Sanne Maasakkers
AVV - (16:30-17:15 PDT) - (Tool Demo) Tenacity: An Adversary Emulation Tool for Persistence - Atul Nair,Harshal Tupsamudre
BCV - The Wild West of DeFi Exploits - Anna Szeto
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - cont...(15:00-16:45 PDT) - OWASP & CSA IoT: Impacting Medical Security - Aaron Guzman
BHV - (16:45-16:59 PDT) - A Cohort of Pirate Ships - Alex Pearlman
BICV - (16:30-16:30 PDT) - How Bias and Discrimination in Cybersecurity will have us locked up or dead - Tennisha Martin
BTV - cont...(14:00-17:59 PDT) - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - cont...(15:45-16:45 PDT) - Uncomfortable Networking - Charles Rumford
BTV - (16:30-17:59 PDT) - Ransomware ATT&CK and Defense with the Elastic Stack - Ben Hughes,Daniel Chen,Fred Mastrippolito
CCV - (16:30-16:59 PDT) - Cryptocurrency Trivia! - Justin Ehrenhofer
CLV - cont...(14:35-16:59 PDT) - Onions In the Cloud Make the CISO Proud (Workshop) - Wes Lambert
CON - cont...(09:00-16:59 PDT) - Darknet-NG -
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(13:00-16:59 PDT) - Red Team Village CTF - Finals Part 1 -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - cont...(15:30-16:30 PDT) - Gold Bug Q&A -
CPV - (16:30-17:30 PDT) - The threat hiding in daylight: Police Monitoring legislation and individual privacy in chat - Vic Huang,Joy Ho
DC - cont...(09:00-16:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - New Phishing Attacks Exploiting OAuth Authentication Flows - Jenko Hwong
DC - PunkSPIDER and IOStation: Making a Mess All Over the Internet - _hyp3ri0n aka Alejandro Caceres,Jason Hopper
DC - Adventures in MitM-land: Using Machine-in-the-Middle to Attack Active Directory Authentication Schemes - Eyal Karni,Sagi Sheinfeld,Yaron Zinar
DC - Community Roundtable - Thinking About Election Security -
DC - Community Roundtable - Implementing Cyber Solarium Commission Policy -
HHV - Meetup: Certification Processes (UL, FCC, etc.) - ShortTie
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - Getting started with low power & long distance communications - QRP - Eric Escobar
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - cont...(15:45-16:15 PDT) - Ethics at the Edge: IoT as the Embodiment of AI for Rampant Intelligence Actuation - Ria Cheruvu
IOTV - (16:30-16:59 PDT) - IoT devices as government witnesses: Can IoT devices ever be secure if law enforcement has unlimited access to their data? - Anthony Hendricks,Jordan Sessler
LBV - (16:30-16:59 PDT) - Bypass 101
LPV - (16:15-16:45 PDT) - Intro To Lockpicking - TOOOL
RCV - cont...(15:20-16:05 PDT) - OSINT for Sex Workers - Kala Kinyon
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - QueerCon Party -
WS - cont...(15:00-18:59 PDT) - Network Analysis with Wireshark - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(15:00-18:59 PDT) - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - cont...(15:00-18:59 PDT) - Evading Detection a Beginner's Guide to Obfuscation - Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
WS - cont...(15:00-18:59 PDT) - Advanced Wireless Attacks Against Enterprise Networks - Solstice

 

Saturday - 17:00 PDT


Return to Index  -  Locations Legend
APV - Can’t Stop the Code: Embrace the Code - Alton Crossley
APV - (17:45-17:50 PDT) - AppSec Quiz Time! - Eden Stroet
ASV - cont...(09:00-17:59 PDT) - A-ISAC CTF -- Pre-registration Required -
AVV - cont...(16:30-17:15 PDT) - (Tool Demo) Tenacity: An Adversary Emulation Tool for Persistence - Atul Nair,Harshal Tupsamudre
AVV - (17:15-18:15 PDT) - C2Centipede: APT level C2 communications for common reverse HTTP shell tools - Jose Garduno
BHV - cont...(10:00-17:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - The Little Things - Mixæl Laufer
BHV - (17:30-17:59 PDT) - Playing with FHIR: hacking and securing healthcare APIs - Alissa Knight,Mitch Parker
BTV - cont...(14:00-17:59 PDT) - MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - Cat Self,plug,Ben Bornholm,Tilottama Sanyal,Dan Borges
BTV - cont...(16:30-17:59 PDT) - Ransomware ATT&CK and Defense with the Elastic Stack - Ben Hughes,Daniel Chen,Fred Mastrippolito
BTV - Structured Analytical Techniques for Improving Information Security Analyses - Rabbit
CCV - Monero After Party - Monero Sound
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-17:59 PDT) - Red Alert ICS CTF -
CON - Trace Labs OSINT Search Party CTF - Award Ceremony -
CPV - cont...(10:00-17:30 PDT) - Workshop & CTF: Practical Cryptographic Attacks - Daniel Crowley
CPV - cont...(16:30-17:30 PDT) - The threat hiding in daylight: Police Monitoring legislation and individual privacy in chat - Vic Huang,Joy Ho
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - You're Doing IoT RNG - Allan Cecil - dwangoAC,Dan Petro - AltF4
DC - Hacking the Apple AirTags - Thomas Roth
DC - Don't Dare to Exploit - An Attack Surface Tour of SharePoint Server - Steven Seeley,Yuhao Weng,Zhiniang Peng
HRV - cont...(12:00-17:59 PDT) - Ham Radio Exams -
HRV - Remote Ham Radio Exams -
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
IOTV - (17:15-17:59 PDT) - The Journey of Establishing IoT Trustworthiness and IoT Security Foundation - Amit Elazari,Anahit Tarkhanyan,Ria Cheruvu
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-17:59 PDT) - QueerCon Party -
SOC - DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup -
SOC - Friends of Bill W. -
WS - cont...(15:00-18:59 PDT) - Network Analysis with Wireshark - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(15:00-18:59 PDT) - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - cont...(15:00-18:59 PDT) - Evading Detection a Beginner's Guide to Obfuscation - Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
WS - cont...(15:00-18:59 PDT) - Advanced Wireless Attacks Against Enterprise Networks - Solstice

 

Saturday - 18:00 PDT


Return to Index  -  Locations Legend
AVV - cont...(17:15-18:15 PDT) - C2Centipede: APT level C2 communications for common reverse HTTP shell tools - Jose Garduno
AVV - (18:15-18:45 PDT) - Lightning talk: Autonomous lateral movement - Stephan Wampouille
AVV - (18:45-19:45 PDT) - Game Theory: Understanding and Strategy and Deception - Juneau Jones
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - HACKERS INTO THE UN? Engaging in the cyber discussions on war & peace - DEF CON Policy Panel
DC - Offensive Golang Bonanza: Writing Golang Malware - Benjamin Kurtz
DC - Vulnerability Exchange: One Domain Account For More Than Exchange Server RCE - Tianze Ding
HRV - cont...(17:00-18:59 PDT) - Remote Ham Radio Exams -
IOTV - cont...(10:00-18:30 PDT) - Pentesting 101 -
IOTV - cont...(10:00-18:30 PDT) - UART to UBOOT to ROOT -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Capture the Flag (CTF) -
IOTV - cont...(10:00-18:30 PDT) - IoT Village Labs -
IOTV - cont...(10:00-18:30 PDT) - Black Box Challenges -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(17:00-18:59 PDT) - DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup -
SOC - QueerCon Virtual Chat Mixer
SOC - Hacker Karaoke (Virtual) -
WS - cont...(15:00-18:59 PDT) - Network Analysis with Wireshark - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(15:00-18:59 PDT) - Analysis 101 and 102 for the Incident Responder - Kristy Westphal
WS - cont...(15:00-18:59 PDT) - Evading Detection a Beginner's Guide to Obfuscation - Anthony "Cx01N" Rose,Jake "Hubbl3" Krasnov,Vincent "Vinnybod" Rose
WS - cont...(15:00-18:59 PDT) - Advanced Wireless Attacks Against Enterprise Networks - Solstice

 

Saturday - 19:00 PDT


Return to Index  -  Locations Legend
AVV - cont...(18:45-19:45 PDT) - Game Theory: Understanding and Strategy and Deception - Juneau Jones
AVV - (19:45-20:30 PDT) - (Tool Demo) New generation of PEAS - Carlos Polop
CON - cont...(10:00-19:59 PDT) - DEF CON 29 CTF by OOO -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - cont...(10:00-19:59 PDT) - DEF CON Vendor Area Open
DC - (Replay) UFOs: Misinformation, Disinformation, and the Basic Truth - Richard Thieme AKA neuralcowboy
DC - (Replay) Racketeer Toolkit. Prototyping Controlled Ransomware Operations - Dimitry "Op_Nomad" Snezhkov
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -

 

Saturday - 20:00 PDT


Return to Index  -  Locations Legend
AVV - cont...(19:45-20:30 PDT) - (Tool Demo) New generation of PEAS - Carlos Polop
AVV - (20:30-21:30 PDT) - Panel discussion: Is Adversary Emulation Too ___ For You? - Jamie Williams,Cat Self,Tim Schulz,Michael Long,Frank Duff,Jose Barajas
CON - Hacker Jeopardy -
CON - Drunk Hacker History -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf
DC - DEF CON Movie Night - Upgrade -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
SOC - Hacker Flairgrounds -
SOC - Gothcon 2021 -

 

Saturday - 21:00 PDT


Return to Index  -  Locations Legend
AVV - cont...(20:30-21:30 PDT) - Panel discussion: Is Adversary Emulation Too ___ For You? - Jamie Williams,Cat Self,Tim Schulz,Michael Long,Frank Duff,Jose Barajas
CON - cont...(20:00-21:59 PDT) - Hacker Jeopardy -
CON - cont...(20:00-21:59 PDT) - Drunk Hacker History -
DC - cont...(20:00-21:59 PDT) - DEF CON Movie Night - Upgrade -
MUS - Music - Ohm-i - Ohm-i
MUS - Music - mattrix - mattrix
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
SOC - cont...(20:00-22:59 PDT) - Hacker Flairgrounds -
SOC - Vetcon Meetup (Hybrid) -

 

Saturday - 22:00 PDT


Return to Index  -  Locations Legend
ASV - (22:30-23:30 PDT) - The Hangar – Cocktail Making Event -
MUS - Music - Krisz Klink - Krisz Klink
MUS - Music - Icetre Normal - Icetre Normal
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -
SOC - cont...(20:00-22:59 PDT) - Hacker Flairgrounds -

 

Saturday - 23:00 PDT


Return to Index  -  Locations Legend
ASV - cont...(22:30-23:30 PDT) - The Hangar – Cocktail Making Event -
MUS - Music - Miss Jackalope - Miss Jackalope
MUS - Music - Nina Lowe - Nina Lowe
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(18:00-23:59 PDT) - Hacker Karaoke (Virtual) -

Sunday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Sunday - 00:00 PDT


Return to Index  -  Locations Legend
MUS - Music - Zebbler Encanti Experience - Zebbler Encanti Experience

 

Sunday - 01:00 PDT


Return to Index  -  Locations Legend
MUS - Music - CTRL/rsm - CTRL/rsm

 

Sunday - 06:00 PDT


Return to Index  -  Locations Legend
IOTV - IoT Village Labs -

 

Sunday - 07:00 PDT


Return to Index  -  Locations Legend
BHV - Table Top Exercise - Biologia et Machina (Pre-registration Required)
IOTV - cont...(06:00-10:59 PDT) - IoT Village Labs -

 

Sunday - 08:00 PDT


Return to Index  -  Locations Legend
IOTV - cont...(06:00-10:59 PDT) - IoT Village Labs -

 

Sunday - 09:00 PDT


Return to Index  -  Locations Legend
AIV - The State of AI Ethics - Abishek Gupta
AIV - (09:30-10:59 PDT) - Intro to ML Workshop - Gavin Klondike
APV - AppSec Village Welcome and Introductions
APV - "The Poisoned Diary": Supply Chain Attacks on Install scripts - Yakov Shafranovich
APV - Borrow a mentor
CON - Darknet-NG -
DC - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
HHV - Walkthrough of DC 28 HHV Challenges - rehr
IOTV - cont...(06:00-10:59 PDT) - IoT Village Labs -
PHV - Intrusion Analysis and Threat Hunting with Suricata - Peter Manev,Josh Stroschein

 

Sunday - 10:00 PDT


Return to Index  -  Locations Legend
AIV - cont...(09:30-10:59 PDT) - Intro to ML Workshop - Gavin Klondike
APV - Encryption for Developers - James McKee (punkcoder)
AVV - Panel discussion: Resilient cyber space: The role of hacker and security communities - Abhijith B R,Jay Turla,Manu Zacharia,Aseem Jakhar,Omar Santos,Dave Lewis,Dhillon ‘L33tdawg’ Kannabhiran
BCV - Welcome Note - Nathan,Ron Stoner
BCV - (10:15-11:30 PDT) - Surviving DeFi: How to Prevent Economic Attacks - Jan Gorzny
BHV - Cyber Defense Matrix in Healthcare - Sounil Yu
BHV - CTF: Hospital Under Siege (Pre-registration required)
BHV - (10:30-10:59 PDT) - Internet-of-Ingestible-Things Security by Design - Mariam Elgabry
BTV - BTV Presents: Threat Report Roulette - Blind Hacker JoeB,Will Thomas,Ricky Banda,Karan Aditya Ghoshal,Danny D. Henderson Jr,Christopher Russell,Jorge Orchilles,Ch33r10
CLV - Identifying toxic combinations of permissions in your cloud infrastructure - Michael Raggo
CLV - (10:45-11:15 PDT) - I know who has access to my cloud, do you? - Igal Flegmann
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
CON - DEF CON 29 CTF by OOO -
CON - Red Team Village CTF - Finals Part 2 -
CPV - CPV Through the Looking-Glass: Cicada (DC 26)
CPV - Workshop: Practically Protecting Phone Privacy (Pre-registration required) - Mauricio Tavares,Matt Nash
CPV - (10:35-13:59 PDT) - CPV Through the Looking-Glass: CPV Day 3 (DC 28)
DC - cont...(09:00-13:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - DEF CON Vendor Area Open
DC - A Discussion with Agent X - Agent X
DC - Hi! I'm DOMAIN\Steve, please let me access VLAN2 - Justin Perdok
DC - Taking Apart and Taking Over ICS & SCADA Ecosystems: A Case Study of Mitsubishi Electric - Mars Cheng,Selmon Yang
DDV - Data Duplication Village - Last Chance Pickup Only -
DL - reNgine - Yogesh Ojha
DL - Frack - William Vermaak
HHV - A Lazy r2 Solve of @mediumrehr Challenge 6 - Ben Gardiner
HTSV - Less Jaw Work, More Paw Work: Why We Need to Start “Doing” Cyber - Cliff Neve
ICSV - Bottom-Up and Top-Down: Exploiting Vulnerabilities In the OT Cloud Era - Sharon Brizinov,Uri Katz
ICSV - (10:30-10:59 PDT) - Detecting Attackers Using Your Own Sensors with State Estimation - Stefan Stephenson-Moe
IOTV - cont...(06:00-10:59 PDT) - IoT Village Labs -
IOTV - IoT Village Capture the Flag (CTF) -
LPV - Intro To Lockpicking - TOOOL
PHV - cont...(09:00-10:59 PDT) - Intrusion Analysis and Threat Hunting with Suricata - Peter Manev,Josh Stroschein
WS - Windows Internals - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - Modern Malware Analysis for Threat Hunters - Aaron Rosenmund,Ryan Chapman
WS - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist

 

Sunday - 11:00 PDT


Return to Index  -  Locations Legend
AIV - Potential Pitfalls Protecting Patient Privacy - Brian Martin
AIV - (11:30-11:59 PDT) - Robustness of client-side scanning for illegal content detection on E2EE platforms - Shubham Jain
APV - AppSec 101: A Journey from Engineer to Hacker - Arjun Gopalakrishna
AVV - (Tool Demo) Prelude Operator - David Hunt,Alex Manners
AVV - (11:45-12:30 PDT) - APT: A Short History and An Example Attack - Mark Loveless
BCV - cont...(10:15-11:30 PDT) - Surviving DeFi: How to Prevent Economic Attacks - Jan Gorzny
BCV - (11:30-12:30 PDT) - Breaking Future Crypto Custody - Mehow Powers,Chris Odom
BHV - cont...(10:00-12:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - Fishing or Hunting - Ohad Zaidenberg
BTV - (11:15-12:15 PDT) - BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel - Clay (ttheveii0x),plug,Ch33r10,Bassem Helmy,Wayland,O'Shea (sirmudbl00d),Ben (Innismir),Tino aka Paladin316,Neumann (aka scsideath)
CCV - DEX trading without leaking your identity: RAILGUN - Railgun Team
CLV - cont...(10:45-11:15 PDT) - I know who has access to my cloud, do you? - Igal Flegmann
CLV - (11:15-11:59 PDT) - Understanding common Google Cloud misconfiguration using GCP Goat - Joshua Jebaraj
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
CON - cont...(10:00-13:59 PDT) - DEF CON 29 CTF by OOO -
CON - cont...(10:00-11:59 PDT) - Red Team Village CTF - Finals Part 2 -
CPV - cont...(10:00-13:59 PDT) - Workshop: Practically Protecting Phone Privacy (Pre-registration required) - Mauricio Tavares,Matt Nash
CPV - cont...(10:35-13:59 PDT) - CPV Through the Looking-Glass: CPV Day 3 (DC 28)
DC - cont...(09:00-13:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-15:59 PDT) - DEF CON Vendor Area Open
DC - The PACS-man Comes For Us All: We May Be Vaccinated, but Physical Access Control Still Sucks - Anze Jensterle,Babak Javadi,Eric Betts,Nick Draffen
DC - Glitching RISC-V chips: MTVEC corruption for hardening ISA - Adam 'pi3' Zabrocki,Alex Matrosov
DC - Fuzzing Linux with Xen - Tamas K Lengyel
DL - cont...(10:00-11:50 PDT) - reNgine - Yogesh Ojha
DL - cont...(10:00-11:50 PDT) - Frack - William Vermaak
HHV - (11:30-12:30 PDT) - Use a PortaProg to flash, dump, and test ISP and UPDI chips - Bradán Lane,Sara Cladlow
HRV - Ham Radio Exams -
HRV - An Introduction to RF Test Equipment - Kurits Kopf
HTSV - Hack the Wind - Mary Ann Hoppa
ICSV - Top 20 Secure PLC Coding Practices - Sarah Fluchs,Vivek Ponnada
IOTV - cont...(10:00-11:59 PDT) - IoT Village Capture the Flag (CTF) -
LPV - Safecracking for Everyone! - Jared Dygert
SOC - (11:30-12:30 PDT) - QueerCon End-of-Con Chat
WS - cont...(10:00-13:59 PDT) - Windows Internals - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Modern Malware Analysis for Threat Hunters - Aaron Rosenmund,Ryan Chapman
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist

 

Sunday - 12:00 PDT


Return to Index  -  Locations Legend
AIV - Twitter Ethics Bug Bounty: Winners and Wrap-up - Rumman Chowdhury
APV - Car Hacking + Bug Hunting Field Guide for Appsec Hackers - Jay Turla DELETE ME
AVV - cont...(11:45-12:30 PDT) - APT: A Short History and An Example Attack - Mark Loveless
AVV - (12:30-13:15 PDT) - (Tool Demo) ImproHound - Identify AD tiering violations - Jonas Bülow Knudsen
BCV - cont...(11:30-12:30 PDT) - Breaking Future Crypto Custody - Mehow Powers,Chris Odom
BHV - cont...(10:00-12:59 PDT) - CTF: Hospital Under Siege (Pre-registration required)
BHV - Red vs Blue vs Green : The ultimate battle of opinions (or is it) - Ken Kato,Vee Schmitt
BTV - cont...(11:15-12:15 PDT) - BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel - Clay (ttheveii0x),plug,Ch33r10,Bassem Helmy,Wayland,O'Shea (sirmudbl00d),Ben (Innismir),Tino aka Paladin316,Neumann (aka scsideath)
BTV - (12:30-12:59 PDT) - Year of Mentoring: BTV’s Meet-a-Mentor Turns One - muteki
CLV - PK-WHY - Kevin Chen
CLV - (12:20-13:05 PDT) - Cloud Security Orienteering - Rami McCarthy
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
CON - cont...(10:00-13:59 PDT) - DEF CON 29 CTF by OOO -
CON - Red Team Village CTF - Closing Ceremony -
CPV - cont...(10:00-13:59 PDT) - Workshop: Practically Protecting Phone Privacy (Pre-registration required) - Mauricio Tavares,Matt Nash
CPV - cont...(10:35-13:59 PDT) - CPV Through the Looking-Glass: CPV Day 3 (DC 28)
DC - cont...(09:00-13:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-15:59 PDT) - DEF CON Vendor Area Open
DC - DoS: Denial of Shopping – Analyzing and Exploiting (Physical) Shopping Cart Immobilization Systems - Joseph Gabay
DC - No Key? No PIN? No Combo? No Problem! P0wning ATMs For Fun and Profit - Roy Davis
DC - Breaking TrustZone-M: Privilege Escalation on LPC55S69 - Laura Abbott,Rick Altherr
DL - Cotopaxi - Jakub Botwicz
HHV - cont...(11:30-12:30 PDT) - Use a PortaProg to flash, dump, and test ISP and UPDI chips - Bradán Lane,Sara Cladlow
HRV - cont...(11:00-13:59 PDT) - Ham Radio Exams -
HRV - cont...(11:00-12:30 PDT) - An Introduction to RF Test Equipment - Kurits Kopf
HTSV - Cyber Risk Management in the MTS - Josie Long,Kelley Edwards
ICSV - ICS Cyber Threat Intelligence (CTI) Information Sharing Between Brazil and the United States - Helio Sant'ana,John Felker,Max Campos,Paul de Souza,Tom VanNorman
LPV - Intro To Lockpicking - TOOOL
PHV - Hands-On TCP Deep Dive with Wireshark - Chris Greer
SOC - cont...(11:30-12:30 PDT) - QueerCon End-of-Con Chat
SOC - Friends of Bill W. -
WS - cont...(10:00-13:59 PDT) - Windows Internals - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Modern Malware Analysis for Threat Hunters - Aaron Rosenmund,Ryan Chapman
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist

 

Sunday - 13:00 PDT


Return to Index  -  Locations Legend
AIV - Wrap Up - AI Village Organizers
APV - AppSec Village Capture the Flag Ends -
APV - 0-Days & Nat 20's - CVSSv3 Through the Lens of Dungeons & Dragons - Alex "RedWedgeX" Hoffman
AVV - cont...(12:30-13:15 PDT) - (Tool Demo) ImproHound - Identify AD tiering violations - Jonas Bülow Knudsen
AVV - (13:15-14:15 PDT) - Scaling Up Offensive Pipelines - Gil Biton
BHV - The Security of Your Digital DNA, from Inception to Death - Garrett Schumacher
BHV - (13:30-13:59 PDT) - It takes a village: Why you should join the Biohacking Village - Rob Suárez
BTV - (13:30-13:59 PDT) - BTV Closing Ceremony
CLV - cont...(12:20-13:05 PDT) - Cloud Security Orienteering - Rami McCarthy
CLV - Cloud Village Closing Keynote
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
CON - cont...(10:00-13:59 PDT) - DEF CON 29 CTF by OOO -
CPV - cont...(10:00-13:59 PDT) - Workshop: Practically Protecting Phone Privacy (Pre-registration required) - Mauricio Tavares,Matt Nash
CPV - cont...(10:35-13:59 PDT) - CPV Through the Looking-Glass: CPV Day 3 (DC 28)
DC - cont...(09:00-13:59 PDT) - DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-15:59 PDT) - DEF CON Vendor Area Open
DC - Extension-Land: exploits and rootkits in your browser extensions - Barak Sternberg
DC - Why does my security camera scream like a Banshee? Signal analysis and RE of a proprietary audio-data encoding protocol - Rion Carter
DC - Timeless Timing Attacks - Mathy Vanhoef,Tom Van Goethem
DL - cont...(12:00-13:50 PDT) - Cotopaxi - Jakub Botwicz
HRV - cont...(11:00-13:59 PDT) - Ham Radio Exams -
HTSV - SeaTF, Pirate Hat, and Salty Sensor Results, Closing Statements - Brian Satira
ICSV - ICS Intrusion KillChain explained with real simulation - Javier Perez,Juan Escobar
ICSV - (13:30-13:59 PDT) - Building an ICS Firing Range (in our kitchen): Sharing Our Journey & Lessons Learned (so you don’t have to) - Moritz Thomas,Nico Leidecker
LPV - Bobby Pins, More Effective Than Lockpicks? - John the Greek
PHV - cont...(12:00-13:59 PDT) - Hands-On TCP Deep Dive with Wireshark - Chris Greer
SOC - A&E Pool Party! -
WS - cont...(10:00-13:59 PDT) - Windows Internals - Sam Bowne,Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman
WS - cont...(10:00-13:59 PDT) - From Zero to Hero in Web Security Research - Dikla Barda,Oded Vanunu,Roman Zaikin,Yaara Shriki
WS - cont...(10:00-13:59 PDT) - Modern Malware Analysis for Threat Hunters - Aaron Rosenmund,Ryan Chapman
WS - cont...(10:00-13:59 PDT) - Hacking the Metal: An Introduction to Assembly Language Programming - eigentourist

 

Sunday - 14:00 PDT


Return to Index  -  Locations Legend
APV - Attacking Modern Environments Series: Attack Vectors on Terraform Environments - Mazin Ahmed
AVV - cont...(13:15-14:15 PDT) - Scaling Up Offensive Pipelines - Gil Biton
AVV - (14:15-15:15 PDT) - Signed, Sealed, Delivered: Comparing Chinese APTs behind Software Supply Chain Attacks - Cheryl Biswas
BHV - Biohacking Village Wrap-Up -
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-15:59 PDT) - DEF CON Vendor Area Open
DC - Robots with lasers and cameras (but no security): Liberating your vacuum from the cloud - Dennis Giese
DC - Old MacDonald Had a Barcode, E-I-E-I CAR - Richard Henderson
DC - Instrument and Find Out: Writing Parasitic Tracers for High(-Level) Languages - Jeff Dileo
DC - (14:30-14:50 PDT) - The Agricultural Data Arms Race: Exploiting a Tractor Load of Vulnerabilities In The Global Food Supply Chain - Sick Codes
HHV - Hardware Hacking 101: Rogue Keyboards and Eavesdropping Cables - Federico Lucifredi
HRV - Ham Radio Village Closing Commentary -
ICSV - ICS Jeopardy - Chris Sistrunk,Maggie Morganti,Mary Brooks,Tatyana Bolton
LBV - Bypass 101
LBV - (14:30-15:59 PDT) - Bypass Village Panel
LPV - (14:15-14:45 PDT) - Intro To Lockpicking - TOOOL
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 15:00 PDT


Return to Index  -  Locations Legend
APV - AppSec Quiz Time! - Eden Stroet
AVV - cont...(14:15-15:15 PDT) - Signed, Sealed, Delivered: Comparing Chinese APTs behind Software Supply Chain Attacks - Cheryl Biswas
AVV - (15:15-15:59 PDT) - How I got COVID in a RedTeam: Social engineering and physical intrusion for realistic attack simulations. - Daniel Isler
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - cont...(10:00-15:59 PDT) - DEF CON Vendor Area Open
DC - (CANCELED) Discord Closing Ceremonies - Dark Tangent
HHV - The Black Box and the Brain Box: When Electronics and Deception Collide - Gigs
LBV - cont...(14:30-15:59 PDT) - Bypass Village Panel
LPV - Intro to high security locks and lockpicking - N∅thing
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 16:00 PDT


Return to Index  -  Locations Legend
AVV - Adversary Village Closing Ceremony - Adversary Village Team
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
DC - DEF CON Closing Ceremonies, Black Badge Ceremonies - Dark Tangent
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 17:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 18:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 19:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 20:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 21:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 22:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

 

Sunday - 23:00 PDT


Return to Index  -  Locations Legend
CON - cont...(09:00-23:59 PDT) - Darknet-NG -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

Speaker List


Graduate Student
Ph.D.
Ph.D.
Ph.D.
_hyp3ri0n aka Alejandro Caceres
Özkan Mustafa AKKUŞ
Aaron Guzman
Aaron Rosenmund
Abhijith B R
Abhijith B R
Abishek Gupta
Abstrct
Abstrct
Acid T
Adam 'pi3' Zabrocki
Adam Schaal
Adversary Village Team
Agent X
AI Village Organizers
AI Village Organizers
AI Village Organizers
Alex "Jay" Balan
Alex "RedWedgeX" Hoffman
Alex Hoekstra
Alex Lomas
Alex Manners
Alex Matrosov
Alex Pearlman
Alexander Heinrich
Alexander Klimburg
Alexander Vigovskiy
Alexandre Sieira
Alexei Kojenov
Alexei Kojenov
Alfonso Ruiz Cruz
Alissa Knight
Alissa Knight
Allan Cecil - dwangoAC
Allan Cecil - dwangoAC
Allan Tart
Alton Crossley
Alyssa Miller
Amelie Koran
Amelie Koran
Ami Luttwak
Amir Shaked
Amit Elazari
Anahit Tarkhanyan
Anant Shrivastava
Andrea Downing
Andy Dennis
Andy Piazza
Ang Cui
Anita Nikolich
Anna Szeto
Anthony "Cx01N" Rose
Anthony "Cx01N" Rose
Anthony Hendricks
Anthony Hendricks
Anthony Hendricks
Anthony Kava
Anto Joseph
Anze Jensterle
Arjun Gopalakrishna
Arnold Holzel
Aseem Jakhar
Ash
Atul Nair
August Cole
Austin Allshouse
Avinash Jain
Babak Javadi
Bailey Bercik
Barak Hadad
Barak Sternberg
Barb Byrum
Barton Rhodes
Bassem Helmy
Batuhan Sancak
Ben (Innismir)
Ben Bornholm
Ben Bornholm
Ben Gardiner
Ben Gardiner
Ben Gardiner
Ben Gardiner
Ben Hughes
Ben Nassi
Ben S
Benjamin Kurtz
Benjamin Kurtz
BiaSciLab
Bill "Woody" Woodcock
Bill Graydon
Bill Hatzer
Blind Hacker JoeB
Bob Sullivan
bombnav
Bradán Lane
Bradán Lane
Bradán Lane
Brandon Bailey
Brian Behlendorf
Brian Hong
Brian Martin
Brian Satira
Brianna Lennon
Bruce Schneier
Bruce Schneier
Bryan Fields
Bryce Kerley
Byeongcheol Yoo
cablethief
Camille Eddy
Capt Aaron Bolen
Carlos Polop
Carsten Schürmann
Cassandra Young
Cat Self
Cat Self
Cat Self
Cedric Owens
cemaxecuter
Ch33r10
Ch33r10
Chad Rikansrud (Bigendian Smalls)
Chad Seaman
Charles Fracchia
Charles Rumford
Chen Cao
Chen Gour-Arie
Cheryl Biswas
Cheryl Biswas
Cheryl Biswas
Chester Hosmer
Chloe Messdaghi
Chris Greer
Chris Odom
Chris Silvers
Chris Sistrunk
Chris Sperry
Christian Dameff
Christina Lekati
Christopher Hadnagy
Christopher Russell
Christopher Von Reybyton
Christopher Wade
Chuanda Ding
Chuck McAuley
Claire Vacherot
Clay (ttheveii0x)
Clay (ttheveii0x)
Cliff Neve
Colin Cantrell
Colin H
Constantine Macris
Constantine Macris
Cory Doctorow
Craig Gidney
CTRL/rsm
CTRL/rsm
d1dymu5
Dabao Wang
Dan Borges
Dan Borges
Dan Gunter
Dan Hastings
Dan Petro - AltF4
Dan Petro - AltF4
Daniel "Rasta" Duggan
Daniel Chen
Daniel Crowley
Daniel Garrie
Daniel Isler
Daniel Prizmant
Daniel Roy
Danny D. Henderson Jr
Danny McPherson
Danyelle Davis
Dark Tangent
Dark Tangent
Dark Tangent
Dark Tangent
Darren Cofer
Dave Lewis
David Cass
David Dworken
David Etue
David Hunt
David Kennedy
David Patten
David Strachan
De
Deb Herrity
Declyn S.
Deep Therapy
DEF CON Policy Panel
DEF CON Policy Panel
DEF CON Policy Panel
Dennis Giese
Dennis Skarr
Dhillon ‘L33tdawg’ Kannabhiran
Dieter Sarrazyn
Dikla Barda
Dikla Barda
Dimitry "Op_Nomad" Snezhkov
Dimitry "Op_Nomad" Snezhkov
Dimitry "Op_Nomad" Snezhkov
Dimitry "Op_Nomad" Snezhkov
DJ Pie & Darren
DJ Pie & Darren
DJ Pie & Darren
DJ Pie & Darren
DJ St3rling
djdead
djdead
djdead
Dmitrijs Trizna
Don C. Weber
Don Hatfield
Dr. McGrew
Drimacus
Dylan Barker
Dylan The Magician
Ed McGrady
Eddie Perez
Eden Stroet
Eden Stroet
Eden Stroet
eigentourist
eigentourist
Elad Ciuraru
Elizabeth Biddlecome
Elizabeth Biddlecome
Elizabeth Biddlecome
Elizabeth Schweinsberg
Elizabeth Wharton
Elonka Dunin
Emanuel Rodrigues
Eran Segal
Erez Yalon
Eric Betts
Eric Escobar
Eric Escobar
Eric Escobar
Eric Fey
Eric Gershman
Eric Goldstein
Eric Perakslis
Erick Galinkin
Erik Steringer
Erin Browning
Ernie Bio
Eugene Lim
Eugene Neelou
Eyal Karni
Fatih Ozavci
Faye Francy
Federico Lucifredi
Federico Lucifredi
Federico Lucifredi
Felipe Duarte
Felipe Pr0teus Espósito
Francesco Piccoli
Francisco Cabañas
Frank Duff
Frank Pound
Fred Mastrippolito
freqy
FuzzyNop
FuzzyNop
Gabby Raymond
Gal Kaufman
Gal Nagli
Garrett Schumacher
Gary Kessler
Gary Kessler
Gary Kessler
Gavin Klondike
Gavin Klondike
Gavin Klondike
Gert-Jan Bruggink
Gigs
Gigs
Gigs
Gil Biton
Ginny Spicer
Glenice Tan
Gokul Alex
Grant Ongers (rewtd)
Grant Romundt
Gregg Horton
Guillaume Fournier
Guillermo Christensen
H I Sutton
Hao Xing
Harri Hursti
Harri Hursti
Harshal Tupsamudre
Harshit Agrawal
Hash Salehi
Hector Cuevas Cruz
Helio Sant'ana
Henry Hill
Henry Hill
Henry Hill
Henry Hill
Henry Hill
henry
Huajiang "Kevin2600" Chen
Hutch (Justin Hutchens)
Hyrum Anderson
Ian Coldwater
Ian Vitek
Icetre Normal
Igal Flegmann
Igal Flegmann
Ionut Cernica
Irvin Lemus
Irvin Lemus
Irvin Lemus
Izar Tarandach
Jacob Baines
Jake "Hubbl3" Krasnov
Jake Williams
Jakub Botwicz
James Dolan
James Kettle
James McKee (punkcoder)
James Pavur
Jamie Williams
Jamil Jaffer
Jan Gorzny
Jared Dygert
Jared Stroud
Jason Hopper
Jason Whelan
Javier Perez
Jay Turla DELETE ME
Jay Turla
Jay Turla
Jean Francois Maes
Jeff 'R3plicant' Tully
Jeff Dileo
Jenko Hwong
Jennifer DeTrani
Jennifer Goldsack
Jennifer Haverman
Jeremy Brown
Jesse Michael
Jessica Hoffman
Jessilyn Dunn
jiska
Joe Billingsley
Joe Schottman 
Joe Slowik
Joe Vest
Joel Isaac
John Bambenek
John Curry
John Ellis
John Felker
John McCombs
John Stoner
John the Greek
Jon Marler
Jon Szymaniak
Jonas Bülow Knudsen
Jordan Sessler
Jordan Sessler
Jorge Orchilles
José Hernandez
Jose Barajas
Jose Garduno
Joseph Gabay
Josh Marks
Josh McIntyre
Josh Stroschein
JoshInGeneral
Joshua Jebaraj
Joshua Smailes
Josie Long
Joy Ho
Juan Escobar
Julia Atkinson
Juneau Jones
Juneau Jones
Junyuan Zeng
Justin Ehrenhofer
Justin Perdok
K
K
Kadan Stadelmann
Kaitlyn Handelman
Kaitlyn Handelman
Kaitlyn Handelman
Kala Kinyon
kampf
kampf
kampf
Karan Aditya Ghoshal
Karl Fosaaen
Karl Lovink a.k.a. Cyb0rg42
Katie Whiteley
Katie Whiteley
Kavisha Sheth
Keith Chapman
Kelley Edwards
Kelly Kaoudis
Ken Kato
Ken Pyle
Kendra Albert
Kevin Chen
Kevin Hood
Kevin Jones
Kevin Leffew
Kevin Skoglund
Kimberley Tam
Kirsten Renner
Klaus Schmeh
Kris Silvers
Kristy Westphal
Kristy Westphal
Krisz Klink
Kurits Kopf
Ladislav Baco
Larry Grossman
Laura Abbott
Lauren Zabierek
Leeloo Granger
Lennert Wouters
Leonardo Viveiros
Liana McCrea
Lily Newman
Lisa Forte
Lock Noob
Louigi Verona
Louigi Verona
Luca Bongiorni
Lucas Bonastre
Lucia Savage
Luis Ángel Ramírez Mendoza
Luis Gomes
Madhu Akula
Madhu Akula
Maggie Morganti
Magik Plan
Magno Logan DELETE ME
Magno Logan
Manabu Niseki
Manu Zacharia
Marc Smeets
Maretta Morovitz
Margaret Fero
Mariam Elgabry
Marian Novotny
Mark Loveless
Mark Morowczynski
Mars Cheng
Martin Doyhenard
Martin Ingesen
Mary Ann Hoppa
Mary Brooks
MasterChen
Mathieu Stephan
Mathy Vanhoef
Matt Gaffney
Matt Gaffney
Matt McMahon
Matt Nash
Matthew Bryant
Matthew Coles
Matthew Eidelberg
Matthew Gracie
Matthew Luallen
mattrix
Maurice Turner
Maurice Turner
Mauricio Tavares
Mauricio Velazco
Mauro Cáseres Rozanowski
Mauro Cáseres Rozanowski
Max Campos
Maxwell Dulin
Mazin Ahmed
Mazin Ahmed
Meadow Ellis
Mehmet Onder Key
Mehow Powers
Meisam Eslahi
Merin MC
Merin MC
Merin MC
Merin MC
Mert Can Kilic
Michael Chien
Michael Lewellen
Michael Long
Michael Murray
Michael Raggo
Michael Raggo
Michael Register
Michael Schloh von Bennewitz
Michael Solomon
Michael Whiteley
Michael Whiteley
Michael Wylie
Michael Wylie
MIchelle Holko
Mickey Shkatov
Mike Cohen
Mike Kiser
Mike Kiser
Mike Spicer
Mila Paul
Minzhi He
Mishaal Khan
Miss Jackalope
Mitch Parker
Mixæl Laufer
Mixmaster Morris
Mixmaster Morris
Mohammed Aldoub
Monero Sound
Moritz Thomas
muteki
n0x08
N∅thing
N∅thing
Nadir Akhtar
Nadir Akhtar
Nathan Case
Nathan Kirkland
Nathan
Nathan
Neumann (aka scsideath)
Nia Johnson
Nicholas Childs
Nick Ashworth
Nick Draffen
Nick Roy
Nick Roy
Nico "Socks" Smith
Nico Leidecker
Nina Alli
Nina Lowe
O'Shea (sirmudbl00d)
Ochaun Marshall
Oded Vanunu
Oded Vanunu
Ohad Zaidenberg
Ohm-i
Olivia Stella
Omar Santos
Omenscan
Orange Tsai
Parbati Kumar Manna
PatH
Patrick Ross
Patrick Wardle
Paul de Souza
Paul Vixie
Paz Hameiri
Peace Barry
Pedro Umbelino
Peiyu Wang
Peter Kacherginsky
Peter Manev
Phil Eveleigh
Philippe Delteil
Phillip Wylie
Pia Zaragoza
plug
plug
plug
Preston Pierce
Preston Thomas
PW Singer
Quinten Bowen
Rabbit
Rae
Railgun Team
Rami McCarthy
Rebecca Lynch
Reddcoin
RedDragon
rehr
rehr
rehr
rehr
rehr
rehr
Renzon Cruz
Rex Guo
Reza Soosahabi
Ria Cheruvu
Ria Cheruvu
Rich Harang
Richard Henderson
Richard Thieme AKA neuralcowboy
Richard Thieme AKA neuralcowboy
Rick Altherr
Ricky Banda
Rion Carter
Ritu Gill
Rob Suárez
Robert Wagner
Rod Soto
Rod Soto
Rodrigo "Sp0oKeR" Montoro
Roman Zaikin
Roman Zaikin
Ron Stoner
Ron Stoner
Ronald Broberg
Rotem Bar
Roy Davis
Roy Feng
Rumman Chowdhury
Rumman Chowdhury
Rusty Hodge
Rusty Hodge
Ryan Chapman
Ryan Elkins
Ryan Holeman
Ryan M
Ryan MacDougall
s1gns of l1fe
s1gns of l1fe
Sach
Sagar Samtani
Sagar Samtani
Sagi Sheinfeld
Salvador Mendoza
Sam Bowne
Sam Bowne
Sam Bowne
Samir Bhagwat
Samuel Kimmons
Samuel Kimmons
Sang-Oun Lee
Sanne Maasakkers
Sara Cladlow
Sara Cladlow
Sara Cladlow
Sarah Fluchs
Sarang Noether
Sarang Noether
Sarang Noether
Scotch & Bubbles
Sebastiaan Provost
Sebastian Bay
Secret Network Team
Selmon Yang
Sergey Chubarov
Seth Kintigh
Shannon Lantzky
Shantanu Khandelwal
Sharon Brizinov
Sheila A. Berta
Shinchul Park
Shir Tamari
ShortTie
ShortTie
Shubham Jain
Sick Codes
Sick Codes
singe
Slava Makkaveev
Solstice
Sounil Yu
Stan Bar
Stefan Stephenson-Moe
Stefano Meschiari
Stella Biderman
Stephan Wampouille
Stephen Pullum
Steve Luczynski
Steve Luczynski
Steve Wood
Steven Seeley
Steven Yang
Storj Team
Suha Sabi Hussain
Sunny Wear
Surya Teja Masanam
Susan Greenhalgh
Sylvain Afchain
Sylvain Baubeau
Tal Leibovich
Tamas K Lengyel
Tan Kee Hock
Tanya Janca
Tatyana Bolton
Ted Harrington
Tennisha Martin
Tense Future
Teri Williams
Terrestrial Access Network
Thaad
Thom Dixon
Thomas Bristow
Thomas Hicks
Thomas Pace
Thomas Roth
Tianze Ding
Tilottama Sanyal
Tilottama Sanyal
Tim Faraci 
Tim Jensen (EapolSniper)
Tim Schulz
Tim Yardley
Timur Yunusov
Tino aka Paladin316
Tod Beardsley
Tom Mouatt
Tom Van Goethem
Tom VanNorman
Tomer Bar
Tomer Bar
Tony Virelli
TOOOL
TOOOL
TOOOL
TOOOL
TOOOL
TOOOL
TOOOL
TOOOL
TOOOL
TOOOL
TOOOL
Trenton Ivey
Tushar Verma
Tyler Gardner
Uri Katz
Utku Sen
Vahagan Vardanyan
Vandana Verma Sehgal
Vasant Chinnipilli
Vee Schmitt
Vee
Vic Harkness
Vic Harkness
Vic Huang
Victor Hanna
Vincent "Vinnybod" Rose
Vincent "Vinnybod" Rose
Vincent Yiu
Vivek Nair
Vivek Ponnada
Wayland
Waylon Grange
Wendy Edwards
Wendy Edwards
Wes Lambert
Wes Lambert
Wesley McGrew
Will Pearce
Will Thomas
William Vermaak
Wu Ming
Y L
Yaara Shriki
Yaara Shriki
Yakov Shafranovich
Yaniv Agman
Yaron Zinar
Yaz Khoury
Yesterday & Tomorrow
Yogesh Ojha
Yuebin Sun
Yuhao Weng
Yuval Avrahami
Z3NPI
Zachary Minneker
Zebbler Encanti Experience
Zekai Wu
Zhiniang Peng
Zhipeng Huo
Zoltán Balázs

Talk List


.GOV Doppelgänger: Your Häx Dollars at Work - RCV
"Ask a Ham" Q&A - HRV
"The Poisoned Diary": Supply Chain Attacks on Install scripts - APV
"Who Bears the Risk?" Why a Market Incentives Perspective is Critical to Protecting Patients from Cyber Threats - BHV
(CANCELED) Discord Closing Ceremonies - DC
(Replay) Racketeer Toolkit. Prototyping Controlled Ransomware Operations - DC
(Replay) UFOs: Misinformation, Disinformation, and the Basic Truth - DC
(Tool Demo) ImproHound - Identify AD tiering violations - AVV
(Tool Demo) New generation of PEAS - AVV
(Tool Demo) Prelude Operator - AVV
(Tool Demo) PurpleSharp: Automated Adversary Simulation - AVV
(Tool Demo) Red Team Credentials Reconnaissance (OLD with a TWIST) - AVV
(Tool Demo) Tenacity: An Adversary Emulation Tool for Persistence - AVV
(Workshop) - Integrating DAST tools into developers' test process - APV
(Workshop) From zero to hero: creating a reflective loader in C# - AVV
(Workshop) Tradecraft Development in Adversary Simulations - AVV
*nix Processes. Starting, Stopping, and Everything In Between - PHV
0-Days & Nat 20's - CVSSv3 Through the Lens of Dungeons & Dragons - APV
1.21 Gigawatts! Vulnerabilities in Solar Panel Controllers - IOTV
2021 - Our Journey Back To The Future Of Windows Vulnerabilities and the 0-days we brought back with us - DC
40 cores and a CPU - BICV
5 years of IoT vulnerability research and countless 0days - A retrospective - IOTV
A Cohort of Pirate Ships - BHV
A Deep Dive Into Supply Chain Vulnerabilities: And How SecDevOps Can Save the Day - APV
A Deep Dive on Vulnerability Disclosure for Election Systems - VMV
A Discussion with Agent X - DC
A Journalist’s Perspective on Fake News - VMV
A Lazy r2 Solve of @mediumrehr Challenge 6 - HHV
A Lazy r2 Solve of @mediumrehr Challenge 6 - HHV
A Lazy r2 Solve of @mediumrehr Challenge 6 - HHV
A new class of DNS vulnerabilities affecting many DNS-as-Service platforms - DC
A SERVERLESS SIEM: DETECTING ALL BADDIES ON A BUDGET - BTV
A-ISAC CTF -- Pre-registration Required - ASV
A-ISAC CTF -- Pre-registration Required - ASV
A&E Pool Party! - SOC
A&E Pool Party! - SOC
A&E Pool Party! - SOC
A&E Pool Party! - SOC
“Alexa, have you been compromised?” — Exploitation of Voice Assistants in Healthcare (and other business contexts) - IOTV
Abusing SAST tools! When scanners do more than just scanning - DC
ADSB Demo and Paper Airplanes - ASV
ADSB Demo and Paper Airplanes - ASV
Advanced Wireless Attacks Against Enterprise Networks - WS
Adventures in MitM-land: Using Machine-in-the-Middle to Attack Active Directory Authentication Schemes - DC
Adventures in Pro Bono Digital Forensics Work - BTV
Adversary Infrastructure Tracking with Mihari - RCV
Adversary Village Closing Ceremony - AVV
Adversary Village Keynote - AVV
Adversary Village Kick-off - AVV
AI Policy Talk: "An AI Security ISAC" and "An AI Playbook" - AIV
AIAA CubeSat Hacking Workshop - Virtual Lab #1 - ASV
AIAA CubeSat Hacking Workshop - Virtual Lab #2 - ASV
AIAA CubeSat Hacking Workshop - Virtual Lab #3 - ASV
AIAA CubeSat Hacking Workshop - Virtual Lab #4 - ASV
AIAA CubeSat Hacking Workshop - World Premier of the videos - ASV
AIS Protocol Internals (Abridged) - HTSV
AIS Tools Demo (DEF CON) - HTSV
AIS Tools - DL
Algorithmic Ethics Bug Bounty Contest Announcement - AIV
Amateur Radio Digital Modes Primer - HRV
Amateur Radio Mesh Networking: Enabling Higher Data-rate Communications - HRV
An Introduction to RF Test Equipment - HRV
Analysis 101 and 102 for the Incident Responder - WS
Analysis 101 and 102 for the Incident Responder - WS
Antenny - ASV
Antenny - ASV
Approaches to Attract, Develop, and Retain an Industrial Cybersecurity Workforce - ICSV
AppSec 101: A Journey from Engineer to Hacker - APV
AppSec Quiz Time! - APV
AppSec Quiz Time! - APV
AppSec Quiz Time! - APV
AppSec Village Capture the Flag Ends - APV
AppSec Village Capture the Flag Starts - APV
APT Hunting with Splunk - PHV
APT: A Short History and An Example Attack - AVV
Are Barcodes on Ballots Bad?  - VMV
Are We Still Doing it? 10 Locksport Hobbies that go Beyond Lock Picking - LPV
ARINC 429 Lab - ASV
ARINC 429 Lab - ASV
Assless Chaps: a novel combination of prior work to crack MSCHAPv2, fast (or why MSCHAPv2 is so broken, it’s showing it’s whole ass) - RFV
At least ten questions for “Bad HIPPA Takes” (@BadHIPPA), 2021’s best tweeter on privacy, pandemic, and snark. - BHV
ATM Transaction Reversal Frauds (And how to fight them) - PYV
Attack and Detect with Prelude Operator and Security Onion - BTV
Attacking Modern Environments Series: Attack Vectors on Terraform Environments - CLV
Attacking Modern Environments Series: Attack Vectors on Terraform Environments - APV
AutoDriving CTF - CON
Automated Tear Machines - PYV
AWS cloud attack vectors and security controls - CLV
Azure Active Directory Hacking Wars - CLV
BADASS Meetup (Virtual) - SOC
BCOS Village Contest Overview - BCV
Beetlejuice: The Lessons We Should Have Learned For ICS Cybersecurity - ICSV
Beverage Cooling Contraption Contest - CON
Biohacking Village CTF: Hospital Under Siege (Pre-Qual) (Pre-registration required) - BHV
Biohacking Village Welcome Keynote - BHV
Biohacking Village Wrap-Up - BHV
Black Box Challenges - IOTV
Black Box Challenges - IOTV
Black Cyber Exodus: The Mis-Education (Certification) of Black Cyber - BICV
Blacks in Cybersecurity CTF - CON
Blockchain as a Threat Modeling Thinking Tool - BCV
Blockchain Security Tools - BCV
BLUEMONDAY Series – Exploitation & Mapping of vulnerable devices at scale through self-registration services (DATTO/ EGNYTE/ SYNOLOGY/ MERAKI/ GEOVISION) - IOTV
Bobby Pins, More Effective Than Lockpicks? - LPV
Bottom-Up and Top-Down: Exploiting Vulnerabilities In the OT Cloud Era - ICSV
Breaking Future Crypto Custody - BCV
Breaking Historical Ciphers with Modern Algorithms - CPV
Breaking Secure Bootloaders - DC
Breaking TrustZone-M: Privilege Escalation on LPC55S69 - DC
Bring Your Own Print Driver Vulnerability - DC
BTV Presents: Forensics Station - Workshop 1 - BTV
BTV Presents: Malware Station - Maldoc Workshop - BTV
BTV Presents: Threat Report Roulette - BTV
BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel - BTV
Bug bounty Hunting Workshop - WS
Bug Hunter's Guide to Bashing for a Car Hacking Bug Bash or Contest - CHV
Build Automotive Gateways with Ease - CHV
Building an ICS Firing Range (in our kitchen): Sharing Our Journey & Lessons Learned (so you don’t have to) - ICSV
Bundles of Joy: Breaking macOS via Subverted Applications Bundles - DC
C2Centipede: APT level C2 communications for common reverse HTTP shell tools - AVV
California Cyber Innovation Challenge CTF -- Pre-registration Required - ASV
Can I Make My Own Social Threat Score? - RCV
Can’t Stop the Code: Embrace the Code - APV
Car Hacking + Bug Hunting Field Guide for Appsec Hackers - APV
Car Hacking CTF - CON
Career Hacking: Tips and Tricks to Making the Most of your Career - CAHV
Catching (and Fixing) an Unlimited Burn Vulnerability - BCV
Caught you - reveal and exploit IPC logic bugs inside Apple - DC
Central bank digital currency, threats and vulnerabilities - DC
Certified Ethereum Professional (CEP) Overview - BCV
Chillout Lounges - DC
Chillout Lounges - DC
Chillout Lounges - DC
Chillout Lounges - DC
Chinese Military Bioweapons and Intimidation Operations: Part III - BHV
Cloud security for healthcare and life sciences - BHV
Cloud Security Orienteering - CLV
Cloud Village CTF - Registration - CLV
Cloud Village CTF - CLV
CMD+CTRL - CON
CMD+CTRL - CON
Coindroids - CON
Collecting CANs: a Bridge Less Traveled - ASV
Colorful AppSec - APV
Commercial Transportation: Trucking Hacking - CHV
Community Roundtable - (De)Criminalizing Hacking Around the Globe - DC
Community Roundtable - 10 years after SOPA: where are we now? - DC
Community Roundtable - If only you knew - DC
Community Roundtable - Implementing Cyber Solarium Commission Policy - DC
Community Roundtable - RANSOMWARE: Combatting Ransomware on a Global Stage / The realities of responding to ransomware - DC
Community Roundtable - Supply Chain in the COVID Era - DC
Community Roundtable - Thinking About Election Security - DC
Community Roundtable - Toward a Global IoT Code of Practice - DC
Community Roundtable - Volunteer Hacker Fire Department - DC
Community Roundtable - We can build it. We have the technology. So why aren't we? - DC
Community Roundtable - We need to talk about Norm – Discussions on International cyber norms in diplomacy - DC
Community Roundtable - Zero Trust, Critical Software, and a Cyber Safety Review Board - DC
Consider the (Data) Source - ICSV
COSTA (Coinbase Secure Trait Analyzer) - BCV
Cotopaxi - DL
CPDLC: Man-in-the-middle attacks and how to defend against them - ASV
Crippling the Grid: Examination of Dependencies and Cyber Vulnerabilities - ICSV
Cross-document messaging technology, how to hack it, and how to use it safely. - APV
Crossover Episode: The Real-Life Story of the First Mainframe Container Breakout - DC
Cryptocurrency Trivia! - CCV
CSP is broken, let’s fix it - APV
CSPM2CloudTrail - Extending CSPM Tools with (Near) Real-Time Detection Signatures (Lightning Talk) - CLV
CybatiWorks Mission Station Workshop - ICSV
Cyber Defense Matrix in Healthcare - BHV
Cyber in the Under Sea - HTSV
Cyber Operations and Operational Wargames on Port Infrastructure - HTSV
Cyber Risk Management in the MTS - HTSV
Cyber-SHIP Lab Talk and Demo - HTSV
Darknet-NG - CON
Darknet-NG - CON
Darknet-NG - CON
Data Duplication Village - Last Chance Pickup Only - DDV
Data Duplication Village - Open for dropoff only - DDV
Data Duplication Village - Open - DDV
Data Duplication Village - Open - DDV
DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup - SOC
Decoding NOAA Weather Sat Signals - ASV
Deep Space Networking - ASV
Deep Space Networking - ASV
DEF CON 29 CTF by OOO - CON
DEF CON 29 CTF by OOO - CON
DEF CON 29 CTF by OOO - CON
DEF CON Bike Ride - CON
DEF CON Closing Ceremonies, Black Badge Ceremonies - DC
DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open - DC
DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open - DC
DEF CON Human Registration (Badge Pickup) and Vaccine Check Processing Open - DC
DEF CON Human Registration (Badge Pickup) Open - DC
DEF CON Movie Night - Tron - DC
DEF CON Movie Night - Upgrade - DC
Defeating Physical Intrusion Detection Alarm Wires - DC
Defending against nation-state (legal) attack: how to build a privacy-protecting service in the era of ubiquitous surveillance - DC
Defending IoT in the Future of High-Tech Warfare - IOTV
Defending the Unmanned Aerial Vehicle: Advancements in UAV Intrusion Detection - ASV
DeFi Must Change or Hacks Will Accelerate - BCV
Depthcharge - DL
Designing a C2 Framework - AVV
Detecting Attackers Using Your Own Sensors with State Estimation - ICSV
Detection Challenges in Cloud Connected Credential Abuse Attacks - CLV
Developing Aerospace Security Training 3D Models - ASV
DevSecOps: Merging Security and Software Engineering - APV
DEX trading without leaking your identity: RAILGUN - CCV
DFDs Ain't That Bad - APV
DHS REBOOTING CRITICAL INFRASTRUCTURE PROTECTION Panel with DEF CON Policy Panel - DC
Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders - WS
Discord Practice Net - HRV
Do No harm; Health Panel : Live version - A DEF CON Policy Panel - DC
Do We Really Want to Live in the Cyberpunk World? - ICSV
Do you like to read? I know how to take over your Kindle with an e-book - DC
Do You Really Own Your NFTs? - BCV
Don't Dare to Exploit - An Attack Surface Tour of SharePoint Server - DC
Don’t fear the BUS, it won’t run you over. - ASV
Doors, Cameras, and Mantraps OH MY! - LPV
DoS: Denial of Shopping – Analyzing and Exploiting (Physical) Shopping Cart Immobilization Systems - DC
Drone Security Research Series – Ep6 Hacking with drones - ASV
Drunk Hacker History - CON
eBPF, I thought we were friends! - DC
EFF Tech Trivia - CON
Empire - DL
Encryption for Developers - APV
ESP8266, do you know what's inside your IoT? - RFV
Ethereum Hacks & How to Stop Them - BCV
Ethics at the Edge: IoT as the Embodiment of AI for Rampant Intelligence Actuation - IOTV
Evading Detection a Beginner's Guide to Obfuscation - WS
Evaluating Wireless Attacks on Real-World Avionics Hardware - ASV
Everything is a C2 if you're brave enough - AVV
Evils in the DeFi world - BCV
Exploiting Blue Team OPSEC failures with RedELK - AVV
Exploiting the O365 Duo 2FA Misconfiguration (Lightning Talk) - CLV
Extension-Land: exploits and rootkits in your browser extensions - DC
Extracting all the Azure Passwords - CLV
F**k You, Pay Me - Knowing your worth and getting paid - CAHV
Federal Perspective on Aerospace Cybersecurity - ASV
Finding Hidden Gems via URL Shortener Services - RCV
Fireside Chat - August Cole - ICSV
Fishing or Hunting - BHV
Flash Loans Demystified - BCV
Forensicating Endpoint Artifacts in the World of Cloud Storage Services - BTV
Fortifying ICS - Hardening and Testing - ICSV
Frack - DL
Frag, You’re it - Hacking Laser Tag - RFV
Friends of Bill W. - SOC
Friends of Bill W. - SOC
Friends of Bill W. - SOC
Friends of Bill W. - SOC
Friends of Bill W. - SOC
Friends of Bill W. - SOC
Friends of Bill W. - SOC
From CTF to CVE - CHV
From On-Prem to the Cloud - Hybrid AD attack path - AVV
From Zero to Hero in Web Security Research - WS
From Zero to Hero in Web Security Research - WS
Fuzzing CAN / CAN FD ECU's and Network - CHV
Fuzzing Linux with Xen - DC
Fuzzing NASA Core Flight System Software - ASV
Game Theory: Understanding and Strategy and Deception - AVV
Getting Started with Decentralized Object Storage - CCV
Getting started with low power & long distance communications - QRP - HRV
Git Wild Hunt - DL
Glitching RISC-V chips: MTVEC corruption for hardening ISA - DC
Gold Bug Q&A - CPV
Gone Apple Pickin': Red Teaming macOS Environments in 2021 - DC
Gothcon 2021 (Virtual) - SOC
Gothcon 2021 - SOC
Hack the Conspiracies - VMV
Hack the hackers: Leaking data over SSL/TLS - DC
Hack the Sea Cabana Party - HTSV
Hack the Wind - HTSV
Hack-A-Sat 2: The Good, The Bad and the Cyber-Secure - ASV
Hack-A-Sat2 Satellite Platform - ASV
Hack-A-Sat2 Satellite Platform - ASV
Hack3r Runw@y - CON
Hack3r Runw@y - CON
Hacker Flairgrounds - SOC
Hacker Jeopardy - CON
Hacker Jeopardy - CON
Hacker Karaoke (Virtual) - SOC
Hacker Karaoke (Virtual) - SOC
HACKERS INTO THE UN? Engaging in the cyber discussions on war & peace - DC
Hacking G Suite: The Power of Dark Apps Script Magic - DC
Hacking Humans with AI as a Service - DC
Hacking the Apple AirTags - DC
Hacking the Metal: An Introduction to Assembly Language Programming - WS
Hacking the Metal: An Introduction to Assembly Language Programming - WS
Hacking to Save Democracy: What Technologists Need to Know About Election Administration - VMV
Hacking Your Career: The Options - CAHV
HACMS Live Demo - ASV
HACMS Live Demo - ASV
Ham Radio Exams - HRV
Ham Radio Exams - HRV
Ham Radio Exams - HRV
Ham Radio Village Closing Commentary - HRV
Hands-On TCP Deep Dive with Wireshark - PHV
Hardware Hacking 101: Rogue Keyboards and Eavesdropping Cables - HHV
Hardware Hacking 101: Rogue Keyboards and Eavesdropping Cables - HHV
Hardware Hacking 101: Rogue Keyboards and Eavesdropping Cables - HHV
Hardware Wallet Show and Tell - CCV
Healthcare Innovation With People of All Abilities - BHV
Hi! I'm DOMAIN\Steve, please let me access VLAN2 - DC
High Turnout, Wide Margins - VMV
High-Stakes Updates | BIOS RCE OMG WTF BBQ - DC
Holistic View of a Flight with Crowd Sourced Data - ASV
House of Heap Exploitation - WS
How Bias and Discrimination in Cybersecurity will have us locked up or dead - BICV
How do you ALL THE CLOUDS? - BTV
How expensive is quantum factoring, really? - CPV
How I broke into Mexico City's justice system application and database - APV
How I defeated the Western Electric 30c - LPV
How I got COVID in a RedTeam: Social engineering and physical intrusion for realistic attack simulations. - AVV
How I use a JSON Deserialization 0day to Steal Your Money On The Blockchain - DC
How to Contact the ISS with a $30 Radio - HRV
How to Not Miss The Point: Reflections on Race, Health, and Equity - BHV
How to Weaponize RLAs to Discredit an Election - VMV
How vigilant researchers can uncover APT attacks for fun and non profit - RCV
HTTP/2: The Sequel is Always Worse - DC
Hunting Evil with Wireshark - PHV
Hunting for AWS Exposed Resources - CLV
Hybrid PhySec tools - best of both worlds or just weird? - LPV
I know who has access to my cloud, do you? - BTV
I know who has access to my cloud, do you? - CLV
I used AppSec skills to hack IoT, and so can you - IOTV
I used AppSec skills to hack IoT, and so can you - APV
ICS Cyber Threat Intelligence (CTI) Information Sharing Between Brazil and the United States - ICSV
ICS Intrusion KillChain explained with real simulation - ICSV
ICS Jeopardy - ICSV
Identifying Excel 4.0 Macro strains using Anomaly Detection - AIV
Identifying toxic combinations of permissions in your cloud infrastructure - CLV
In Space, No One Can Hear You Hack - ASV
In-person broadcast via demolabs - HTSV
Inspecting Signals from Satellites to Shock Collars - WS
Instrument and Find Out: Writing Parasitic Tracers for High(-Level) Languages - DC
Internet Protocol (IP) - PHV
Internet-of-Ingestible-Things Security by Design - BHV
Intro to high security locks and lockpicking - LPV
Intro To Lockpicking - LPV
Intro To Lockpicking - LPV
Intro To Lockpicking - LPV
Intro To Lockpicking - LPV
Intro To Lockpicking - LPV
Intro To Lockpicking - LPV
Intro To Lockpicking - LPV
Intro To Lockpicking - LPV
Intro To Lockpicking - LPV
Intro To Lockpicking - LPV
Intro To Lockpicking - LPV
Intro to ML Workshop - AIV
Intro to ML Workshop - AIV
Intro to ML Workshop - AIV
Intrusion Analysis and Threat Hunting with Suricata - PHV
IoT devices as government witnesses: Can IoT devices ever be secure if law enforcement has unlimited access to their data? - IOTV
IoT Testing Crash Course - IOTV
IoT Village Capture the Flag (CTF) - IOTV
IoT Village Capture the Flag (CTF) - IOTV
IoT Village Capture the Flag (CTF) - IOTV
IoT Village Labs - IOTV
IoT Village Labs - IOTV
IoT Village Labs - IOTV
It Takes a Village (and a generous grant): Students Performing ICS Security Assessments - ICSV
It takes a village: Why you should join the Biohacking Village - BHV
Judging by the Cover: Profiling & Targeting Through Social Media - SEV
Keeping Your Information Security Policy Up to Date - VMV
Key Duplication - It's not just for the movies! - LPV
Key Note – The Three Amigos: Money Laundering, Cryptocurrencies, and Smart Contracts - BCV
Keynote - PW Singer - ICSV
Kickoff Remarks (recorded in-person in Las Vegas) - VMV
Kubernetes Goat - Kubernetes Security Learning (Tool Demo) - CLV
Kubernetes Goat - DL
Kubernetes Security 101: Best Practices to Secure your Cluster (Workshop) - CLV
Kubestriker - DL
Law School for Lockpickers - LPV
Lawyers Meet - SOC
Learning to Hack Bluetooth Low Energy with BLE CTF - WS
LED Light Lunacy! - IOTV
Lego Spike Hub - ASV
Lego Spike Hub - ASV
Less Jaw Work, More Paw Work: Why We Need to Start “Doing” Cyber - HTSV
Let the bugs come to me - how to build cloud-based recon automation at scale - RCV
Lets Get Real About The Future State of Healthcare - BHV
Leveraging NGFWs for Threat Hunting - BTV
Leveraging SBOMs to Enhance ICS Security - ICSV
Lightning talk: Autonomous lateral movement - AVV
Lightning Talk: Differential Privacy and Census Data - CPV
Linux Binary Analysis w/ Strace - PHV
Look at me, I'm the Adversary now: Introduction to Adversary Emulation and its place in Security Operations - AVV
Lost In Space: No-one Can Hear Your Breach (Choose Wisely) - ASV
MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part 2 - BTV
MacOs Workshop - Hunt for Red Apples: Ocean Lotus Edition Part1 - BTV
Make Them Want To Tell You: The Science of Elicitation - SEV
Making the DEF CON 29 Badge - DC
Making the Leap - Changing Careers - CAHV
MAVSH> Attacking from Above - DC
Meetup: Certification Processes (UL, FCC, etc.) - HHV
Meetup: Legacy Hardware - HHV
Meetup: OSS ASIC - HHV
Meetup: PCB Proto and Rework - HHV
Meetup: Some HHV challenges - HHV
Meetup: Some HHV challenges - HHV
Meetup: Some HHV challenges - HHV
Meetup: Sourcing Parts & The Global Parts Shortage - HHV
Microsoft ML Security Evasion Competition Details - AIV
Mind the Gap - Managing Insecurity in Enterprise IoT - IOTV
MIPS-X - The next IoT Frontier - IOTV
MITRE Engage: A Framework for Adversary Engagement Operations - PHV
Modern Authentication for the Security Admin - BTV
Modern Malware Analysis for Threat Hunters - WS
Monero After Party - CCV
Monero Scaling Opportunities and Challenges - CCV
Mooltipass - DL
Music - Abstrct - MUS
Music - Acid T - MUS
Music - CTRL/RSM - MUS
Music - CTRL/rsm - MUS
Music - Deep Therapy - MUS
Music - DJ St3rling - MUS
Music - Dr. McGrew - MUS
Music - FuzzyNop - MUS
Music - FuzzyNop - MUS
Music - Icetre Normal - MUS
Music - Krisz Klink - MUS
Music - Magik Plan - MUS
Music - mattrix - MUS
Music - Miss Jackalope - MUS
Music - n0x08 - MUS
Music - Nina Lowe - MUS
Music - Ohm-i - MUS
Music - Scotch & Bubbles - MUS
Music - Tense Future - MUS
Music - Terrestrial Access Network - MUS
Music - Thaad - MUS
Music - Yesterday & Tomorrow - MUS
Music - Z3NPI - MUS
Music - Zebbler Encanti Experience - MUS
My other car is your car: compromising the Tesla Model X keyless entry system - CHV
National Service Panel - CAHV
Network Analysis with Wireshark - WS
Never a dill moment: Exploiting machine learning pickle files - AIV
New Face, Who Dis? Protecting Privacy in an Era of Surveillance - CPV
New Hampshire SB43 Forensic Audit - VMV
New Phishing Attacks Exploiting OAuth Authentication Flows - DC
No Aggregation Without Representation - BHV
No Key? No PIN? No Combo? No Problem! P0wning ATMs For Fun and Profit - DC
Not so Passive: Vehicle Identification and Tracking via Passive Keyless Entry - CHV
Offensive Golang Bonanza: Writing Golang Malware - DC
Old MacDonald Had a Barcode, E-I-E-I CAR - DC
Onions In the Cloud Make the CISO Proud (Workshop) - CLV
Open Bridge - DL
Open-Source Vaccine Developer Kits (VDKs) with RaDVaC - BHV
OpenSOC Blue Team CTF - CON
OpenSOC Blue Team CTF - CON
Operation Bypass: Catch My Payload If You Can - AVV
OSINT and the Hermit Kingdom. Leveraging online sources to learn more about the worlds most secret nation - RCV
OSINT for Sex Workers - RCV
OSINT Tales: What the Public Knows About Russia’s New Mega-Submarine - HTSV
Over-the-air remote code execution on the DEF CON 27 badge via Near Field Magnetic Inductance or World’s first NFMI exploitation, sorta or OTARCEDC27NFMIOMGWTFBBQ - DC
OWASP & CSA IoT: Impacting Medical Security - BHV
Panel discussion: Adversary simulation, emulation or purple teaming - How would you define it? - AVV
Panel discussion: Is Adversary Emulation Too ___ For You? - AVV
Panel discussion: Resilient cyber space: The role of hacker and security communities - AVV
ParseAndC - DL
Pentesting 101 - IOTV
Pentesting 101 - IOTV
People Hunting: A Pentesters Perspective - RCV
Phantom Attack: Evading System Call Monitoring - DC
Phish Like An APT - AVV
Piecing Together Your Personal Privacy Profile - CPV
PINATA: PIN Automatic Try Attack - DC
PK-WHY - CLV
Playing God: How ambiguities in state and federal breach notification laws give lawyers too much discretion in deciding whether or not to disclose potential data breaches - CPV
Playing with FHIR: hacking and securing healthcare APIs - BHV
PMapper - DL
Poking bots for fun and profit in the age of asynchronous stuff - APV
Policy Debrief - Global Cyber Capacity Building - triple challenge or triple opportunity? - DC
Policy Debrief - Myths and Legends of Section 230 - DC
Polyswarm Talk - BCV
Potential Pitfalls Protecting Patient Privacy - AIV
Preventing Sandwich Attacks on DeFi Protocols using Recurrent and Recursive Zero Knowledge Proofs - BCV
Privacy on Public Blockchains with SGX - CCV
Privacy Without Monopoly: Paternalism Works Well, But Fails Badly - DC
ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Microsoft Exchange Server! - DC
PunkSPIDER and IOStation: Making a Mess All Over the Internet - DC
QueerCon Party - SOC
QueerCon Party - SOC
QueerCon Party - SOC
Racing cryptoexchanges or how I manipulated the balances - PYV
Racketeer Toolkit. Prototyping Controlled Ransomware Operations - DC
Ransomeware’s Big Year – from nuisance to “scourge”? - DC
Ransomware ATT&CK and Defense with the Elastic Stack - BTV
RCE via Meow Variant along with an Example 0day - PHV
Ready, fire aim: Hacking State and Federal Law Enforcement Vehicles - CHV
Recon Village Keynote - RCV
Red Alert ICS CTF - CON
Red Alert ICS CTF - CON
Red Team Village CTF - Closing Ceremony - CON
Red Team Village CTF - Finals Part 1 - CON
Red Team Village CTF - Finals Part 2 - CON
Red Team Village CTF - Qualifier Prizes and Announcements - CON
Red Team Village CTF - Qualifiers Part 1 - CON
Red Team Village CTF - Qualifiers Part 2 - CON
Red vs Blue vs Green : The ultimate battle of opinions (or is it) - BHV
Remote Adversarial Phantom Attacks against Tesla and Mobileye - CHV
Remote Ham Radio Exams - HRV
Remote Ham Radio Exams - HRV
Remotely Rooting Charging Station for fun and maybe profit - CHV
reNgine - DL
Replication as a Security Threat: How to Save Millions By Recreating Someone Else’s Model - AIV
Representation Matters - IOTV
Response Smuggling: Pwning HTTP/1.1 Connections - DC
Retired but not forgotten – A look at IFEs - ASV
Reverse Supply Chain Attack - A Dangerous Pathway To Medical Facilities’ Networks - IOTV
RF Propagation and Visualization with DragonOS - RFV
Risks of ML Systems in Health Care: The Real Story - AIV
Robo Sumo On site - HHV
Robots with lasers and cameras (but no security): Liberating your vacuum from the cloud - DC
Robustness of client-side scanning for illegal content detection on E2EE platforms - AIV
Rotten code, aging standards, & pwning IPv4 parsing across nearly every mainstream programming language - DC
RTV/AIV Red Teaming AI Roundtable - AIV
Ruse - DL
Safecracking for Everyone! - LPV
Safety Third: Defeating Chevy StabiliTrak for Track Time Fun - CHV
Scaling AppSec through Education - APV
Scaling Blockchains: A Novel Approach - BCV
Scaling static analysis for free: add additional codebases with a single line of code and no money - APV
Scaling Up Offensive Pipelines - AVV
Scope X: Hunt in the Ocean! - BTV
Scripts and Tools to Help Your ICS InfoSec Journey - ICSV
SE Team vs. Red Team - SEV
Sea Pods - HTSV
SeaTF, Pirate Hat, and Salty Sensor Results, Closing Statements - HTSV
Secrets of Social Media PsyOps - VMV
SECTF4Kids (Pre-Registration Required) - SEV
SECTF4Teens - SEV
Secure Coding Tournament CTF - CON
Secure messaging over unsecured transports - WS
Securing the Internet of Biological Things - BHV
Security Investigations with Splunk - PHV
Seeing the Forest Through the Trees – Foundations of Event Log Analysis - PHV
Seeing Through The Windows: Centralizing Windows Logs For Greater Visibility - PHV
Selling Yourself as a Security Professional - CAHV
Shell Language Processing (SLP) - AIV
Shift Left Using Cloud: Implementing baseline security into your deployment lifecycle - CLV
Shutter - DL
Siembol - DL
Signed, Sealed, Delivered: Abusing Trust in Software Supply Chain Attacks - APV
Signed, Sealed, Delivered: Comparing Chinese APTs behind Software Supply Chain Attacks - AVV
Sla(sh*t)ing happens when you stake - BCV
Sleight of ARM: Demystifying Intel Houdini - DC
Smart Meters: I'm Hacking Infrastructure and So Should You - ICSV
Sneak into buildings with KNXnet/IP - DC
So What? The CFAA after Van Buren - CPV
So You Want to OPSEC, Eh? - RCV
Social Media Security = Election Security - VMV
Solitude - DL
SPARROW: A Novel Covert Communication Scheme Exploiting Broadcast Signals in LTE, 5G & Beyond - DC
Spectrum Coordination for Amateur Radio - HRV
State of Cryptocurrency Ransomware AMA - CCV
Staying Fresh While the Feds Watch: Changes in Government Surveillance and Why it Matters - CPV
Steal This Drone: High-Assurance Cyber Military Systems - ASV
Strategic Trust and Deception in the Internet of Things - IOTV
Structured Analytical Techniques for Improving Information Security Analyses - BTV
Subtle and Not So Subtle Ways to Lose Your Cryptocurrency - BCV
Summer of Fuzz: MacOS - APV
Surviving 51% Attacks on Blockchains - BCV
Surviving DeFi: How to Prevent Economic Attacks - BCV
Table Top Exercise - Deus Ex Machina (Pre-registration Required) - BHV
Taking Apart and Taking Over ICS & SCADA Ecosystems: A Case Study of Mitsubishi Electric - DC
TEMPEST radio station - DC
The Action Plan for Cyber Diversity! - BICV
The Agricultural Data Arms Race: Exploiting a Tractor Load of Vulnerabilities In The Global Food Supply Chain - DC
The Antenny Board Design and Fabrication Saga: Sweat and Tears Along the Supply Chain - ASV
The Basics of Breaking BLE - Part 2: Doing More With Less - RFV
The Big Cleanup: Tackling The Remnants of Systematic Discrimination in the Tech Industry - BICV
The Black Box and the Brain Box: When Electronics and Deception Collide - HHV
The Black Box and the Brain Box: When Electronics and Deception Collide - HHV
The Black Box and the Brain Box: When Electronics and Deception Collide - HHV
The Bug Hunter’s Recon Methodology  - RCV
The Coat Hanger Talk: A Noob's Look Into the Thieves World - LPV
The Coming AI Hackers - AIV
The Coming AI Hackers - AIV
The Curious case of knowing the unknown - APV
The Digital Physiome - How wearables can (and are) transforming healthcare - BHV
The Fault in Our Stars - Attack vectors for APIs using AWS API Gateway Lambda Authorizers - CLV
The Hangar – Cocktail Making Event - ASV
The Innocent Lives Foundation: A Beacon of Light in a Dark World - SEV
The Journey of Establishing IoT Trustworthiness and IoT Security Foundation - IOTV
The Joy of Reverse Engineering: Learning With Ghidra and WinDbg - WS
The Little Things - BHV
The Mechanics of Compromising Low Entropy RSA Keys - DC
The Neuroscience of Magic (Registration required) - RGV
The Next Critical Infrastructure: Understanding the Bioeconomy - BHV
The OPSEC of Protesting - BICV
The PACS-man Comes For Us All: We May Be Vaccinated, but Physical Access Control Still Sucks - DC
The Real History of Adversarial Machine Learning - AIV
The Real Story on Patching Medical Devices - BHV
The Security of Your Digital DNA, from Inception to Death - BHV
The State of AI Ethics - AIV
The threat hiding in daylight: Police Monitoring legislation and individual privacy in chat - CPV
The Unbelievable Insecurity of the Big Data Stack: An Offensive Approach to Analyzing Huge and Complex Big Data Infrastructures - DC
The War for Control of DNS Encryption - PHV
The Way of The Adversary - AVV
The Wild West of DeFi Exploits - BCV
This is what we thought would happen in 2021 - BTV
This Job Ad Sucks - CAHV
Threat Modeling for Space Hitchhikers - ASV
Time Turner - Hacking RF Attendance Systems (To Be in Two Places at Once) - DC
Timeless Timing Attacks - DC
Tin Foil Hat Contest - CON
Top 10 BOGUS Biometrics! - RGV
Top 20 Secure PLC Coding Practices - ICSV
Toward a Collaborative Cyber Defense and Enhanced Threat Intelligence Structure - ICSV
Towards Understanding the Unlimited Approval in Ethereum - BCV
Toxic BBQ - SOC
Trace Labs OSINT Search Party CTF - Award Ceremony - CON
Trace Labs OSINT Search Party CTF - Briefing - CON
Trace Labs OSINT Search Party CTF - CON
Tracee - DL
Trailblazing the AI for Cybersecurity Discipline: Overview of the Field and Promising Future Directions - AIV
Tricks for the Triage of Adversarial Software - BTV
Triptych - CCV
True Story: Hackers in the Aerospace Sector - ASV
Truth, Trust, and Biodefense - BHV
Tryptich Talk - BCV
Twitter Ethics Bug Bounty: Winners and Wrap-up - AIV
Twitter Q&A regarding Top 10 BOGUS Biometrics! - RGV
UART to UBOOT to ROOT - IOTV
UART to UBOOT to ROOT - IOTV
UFOs: Misinformation, Disinformation, and the Basic Truth - DC
Unboxing the Spacecraft Software BlackBox – Hunting for Vulnerabilities - ASV
Uncomfortable Networking - BTV
Uncovering covert network behaviors within critical infrastructure environments - BTV
Understanding common Google Cloud misconfiguration using GCP Goat - CLV
Understanding Space in the Cyber Domain - ASV
Understanding Space in the Cyber Domain - ASV
UPnProxyPot: fake the funk, become a blackhat proxy, MITM their TLS, and scrape the wire - DC
US Coast Guard 2021 Cyber Strategic Outlook - HTSV
USBSamurai - DL
Use a PortaProg to flash, dump, and test ISP and UPDI chips - HHV
Use a PortaProg to flash, dump, and test ISP and UPDI chips - HHV
Use a PortaProg to flash, dump, and test ISP and UPDI chips - HHV
Use DNS to detect your domains are abused for phishing - BTV
Using Barq to perform AWS Post-Exploitation Actions - CLV
Using OSINT to Aid in Human Trafficking and Smuggling Cases - RCV
Using Passive DNS for gathering Business Intelligence - RCV
Using SE to create insider threats and win all the things - SEV
Using UAV in Military Zone Areas by GPS Spoofing with RF Devices - RFV
Vampire the Masquerade (Party) - SOC
VDP in aviation: Experiences and lessons learnt as a researcher - ASV
Velociraptor - Dig Deeper - BTV
Venator: Hunting & Smashing Trolls on Twitter - RCV
Vetcon Meetup (Hybrid) - SOC
Voting Village Keynote Remarks - VMV
Voting Village Logistical Information Broadcast (Discord, Youtube, Twitch) - VMV
Vulnerability Exchange: One Domain Account For More Than Exchange Server RCE - DC
Vulnerability Inheritance - Attacking companies and scoring bounties through 3rd party integrations - APV
Walkthrough of DC 28 HHV Challenges - HHV
Walkthrough of DC 28 HHV Challenges - HHV
Walkthrough of DC 28 HHV Challenges - HHV
War Story Bunker - SOC
Warping Reality - creating and countering the next generation of Linux rootkits using eBPF - DC
Watch Out! And just skip the packer - BTV
Web App Penetration Testing Workshop - PHV
Welcome Note - BCV
Welcome Note - BCV
Welcome to AI Village - AIV
Welcome To DEF CON - Dark Tangent & Making the DEF CON 29 Badge - DC
Welcome to Discord - DC
Welcome to Gold Bug - CPV
Welcome. A Short Tour of Good and Bad AI in 2021 - AIV
What happens when businesses decide to enroll cryptocurrency cards - PYV
What Is Zero Knowledge - CCV
What Machine Learning Can and Can't Do for Security - BTV
When nothing goes right, push left. Designing logs for future breach investigations - APV
When Penetration Testing Isn’t Penetration Testing At All - IOTV
Where We’re Going We Don’t Need Labels: Anomaly Detection for 2FA - AIV
Who's Afraid of Thomas Bayes? - AIV
WhoC - Peeking under the hood of CaaS offerings - CLV
Whose Slide Is It Anyway - CON
Why does my security camera scream like a Banshee? Signal analysis and RE of a proprietary audio-data encoding protocol - DC
Why don’t we have IoT, daddy? - BICV
Why Hacking Voters Is Easier Than Hacking Ballots - VMV
Wibbly Wobbly, Timey Wimey – What's Really Inside Apple's U1 Chip - DC
WiFi Kraken Lite - DL
WiFi Kraken Lite - DL
WiFi Kraken Lite - DL
Will Secure Element Really Help Strengthen the Security of Cryptocurrency Wallets? - BCV
Windows Forensics 101 (Beginner) - BTV
Windows Internals - WS
Windows Internals - WS
Windows Server Containers are Broken - Here's How You Can Break Out - CLV
Wireless Odyssey or why is the federal government permitting devices with wireless networking capability in federally certified voting machines? - VMV
Wireshark for Incident Response & Threat Hunting - BTV
Workshop & CTF: Practical Cryptographic Attacks - CPV
Workshop on Microsoft Counterfit - AIV
Workshop: Practically Protecting Phone Privacy (Pre-registration required) - CPV
Worming through IDEs - DC
Wrap Up - AIV
Writing Golang Malware - WS
Year of Mentoring: BTV’s Meet-a-Mentor Turns One - BTV
Yeet the leet with Osquery (Effective Threathunting Without Breaking Bank ) - BTV
You're Doing IoT RNG - IOTV
You're Doing IoT RNG - DC
Your House is My House: Use of Offensive Enclaves In Adversarial Operations - DC
Your Infrastructure is Encrypted: Protecting Critical Infrastructure from Ransomware - ICSV
Zuthaka - DL

Village Talk List



AIV - AI Village


Hours: Fri: 09:00 - 17:00 - Sat: 09:00 - 17:00 - Sun: 09:00 - 14:00
Home Page: https://aivillage.org/
Sched Page: https://aivillage.org/events/2020/8/4/ai-village-def-con-28-safe-mode-w6wsl
DC Discord Chan: https://discord.com/channels/708208267699945503/732733090568339536



PDT Times Title speaker
Friday
09:00 - 09:30 Welcome. A Short Tour of Good and Bad AI in 2021 AI Village Organizers
09:30 - 10:59 Intro to ML Workshop Gavin Klondike
11:00 - 11:59 The Coming AI Hackers Bruce Schneier
12:00 - 12:30 Algorithmic Ethics Bug Bounty Contest Announcement Rumman Chowdhury
12:30 - 12:59 Microsoft ML Security Evasion Competition Details Hyrum Anderson
13:00 - 13:30 Shell Language Processing (SLP) Dmitrijs Trizna
13:30 - 14:30 Trailblazing the AI for Cybersecurity Discipline: . . . Sagar Samtani
14:30 - 14:59 AI Policy Talk: "An AI Security ISAC" and "An AI P . . . Sagar Samtani
15:00 - 15:30 Identifying Excel 4.0 Macro strains using Anomaly . . . Elad Ciuraru,Tal Leibovic . . .
15:30 - 16:30 Workshop on Microsoft Counterfit Will Pearce
16:30 - 16:59 AI Discord Happy Hour - Open Discussion on AIV Dis . . .
Saturday
09:00 - 09:30 Welcome to AI Village AI Village Organizers
09:30 - 10:59 Intro to ML Workshop Gavin Klondike
11:00 - 11:59 The Coming AI Hackers Bruce Schneier
12:00 - 12:30 Never a dill moment: Exploiting machine learning p . . . Suha Sabi Hussain
12:30 - 12:59 Replication as a Security Threat: How to Save Mill . . . Stella Biderman
13:00 - 13:30 Who's Afraid of Thomas Bayes? Erick Galinkin
13:30 - 13:59 Risks of ML Systems in Health Care: The Real Story Barton Rhodes
14:00 - 14:59 The Real History of Adversarial Machine Learning Eugene Neelou
15:00 - 15:59 RTV/AIV Red Teaming AI Roundtable Rich Harang,Anita Nikolic . . .
16:00 - 16:30 Where We’re Going We Don’t Need Labels: Anomal . . . Rebecca Lynch,Stefano Mes . . .
16:30 - 16:59 AI Discord Happy Hour - Open Discussion on AIV Dis . . .
Sunday
09:00 - 09:30 The State of AI Ethics Abishek Gupta
09:30 - 10:59 Intro to ML Workshop Gavin Klondike
11:30 - 11:59 Robustness of client-side scanning for illegal con . . . Shubham Jain
11:00 - 11:30 Potential Pitfalls Protecting Patient Privacy Brian Martin
12:00 - 12:59 Twitter Ethics Bug Bounty: Winners and Wrap-up Rumman Chowdhury
13:00 - 13:59 Wrap Up AI Village Organizers

Return to Index


APV - AppSec Village


Home Page: https://www.appsecvillage.com/
Sched Page: https://www.appsecvillage.com/events/dc-2021
DC Discord Chan: https://discord.com/channels/708208267699945503/790973922949726228



PDT Times Title speaker
Friday
09:00 - 09:05 AppSec Village Welcome and Introductions
09:05 - 09:59 Colorful AppSec Luis Gomes,Erez Yalon,Ped . . .
10:00 - 10:45 Summer of Fuzz: MacOS Jeremy Brown
11:00 - 11:45 Vulnerability Inheritance - Attacking companies an . . . Gal Nagli
11:00 - 10:59 AppSec Village Capture the Flag Starts
12:00 - 12:45 Cross-document messaging technology, how to hack i . . . Chen Gour-Arie
13:00 - 13:45 Signed, Sealed, Delivered: Abusing Trust in Softwa . . . Cheryl Biswas
14:00 - 14:30 Poking bots for fun and profit in the age of async . . . Emanuel Rodrigues
15:00 - 15:45 Scaling static analysis for free: add additional c . . . Erin Browning,Tim Faraci . . .
16:00 - 16:59 DFDs Ain't That Bad Izar Tarandach,Matthew Co . . .
17:30 - 17:35 AppSec Quiz Time! Eden Stroet
Saturday
09:00 - 09:05 AppSec Village Welcome and Introductions
09:05 - 09:59 Borrow a mentor
09:05 - 09:59 Scaling AppSec through Education Grant Ongers (rewtd)
10:00 - 10:45 I used AppSec skills to hack IoT, and so can you Alexei Kojenov
11:00 - 11:45 The Curious case of knowing the unknown Vandana Verma Sehgal
12:00 - 12:45 CSP is broken, let’s fix it Amir Shaked
12:00 - 14:30 (Workshop) - Integrating DAST tools into developer . . . Joe Schottman 
13:00 - 13:45 When nothing goes right, push left. Designing logs . . . Vee
14:00 - 14:45 How I broke into Mexico City's justice system appl . . . Alfonso Ruiz Cruz
15:00 - 15:45 A Deep Dive Into Supply Chain Vulnerabilities: And . . . Adam Schaal
16:00 - 16:45 DevSecOps: Merging Security and Software Engineeri . . . Magno Logan DELETE ME
17:00 - 17:45 Can’t Stop the Code: Embrace the Code Alton Crossley
17:45 - 17:50 AppSec Quiz Time! Eden Stroet
Sunday
09:00 - 09:05 AppSec Village Welcome and Introductions
09:05 - 09:45 "The Poisoned Diary": Supply Chain Attacks on Inst . . . Yakov Shafranovich
09:05 - 09:45 Borrow a mentor
10:00 - 10:45 Encryption for Developers James McKee (punkcoder)
11:00 - 11:45 AppSec 101: A Journey from Engineer to Hacker Arjun Gopalakrishna
12:00 - 12:45 Car Hacking + Bug Hunting Field Guide for Appsec H . . . Jay Turla DELETE ME
13:00 - 12:59 AppSec Village Capture the Flag Ends
13:00 - 13:45 0-Days & Nat 20's - CVSSv3 Through the Lens of Dun . . . Alex "RedWedgeX" Hoffman
14:00 - 14:45 Attacking Modern Environments Series: Attack Vecto . . . Mazin Ahmed
15:00 - 15:15 AppSec Quiz Time! Eden Stroet

Return to Index


ASV - Aerospace Village


Hours: Fri: 10:00 - 16:00 - Sat: 10:00 - 16:00
Home Page: https://aerospacevillage.org/
Sched Page: https://aerospacevillage.org/events/upcoming-events/def-con-29/def-con-29-schedule/
DC Discord Chan: https://discord.com/channels/708208267699945503/732393044363444264



PDT Times Title speaker
Friday
09:00 - 09:25 Retired but not forgotten – A look at IFEs Alex Lomas,Phil Eveleigh
09:30 - 10:20 The Antenny Board Design and Fabrication Saga: Swe . . . Ang Cui
09:00 - 17:59 A-ISAC CTF -- Pre-registration Required
10:30 - 11:20 Hack-A-Sat 2: The Good, The Bad and the Cyber-Secu . . . Bryce Kerley,Capt Aaron B . . .
10:00 - 11:30 AIAA CubeSat Hacking Workshop - World Premier of t . . .
10:00 - 15:59 ARINC 429 Lab
10:00 - 15:59 Deep Space Networking
10:00 - 15:59 Hack-A-Sat2 Satellite Platform
10:00 - 15:59 Antenny
10:00 - 15:59 HACMS Live Demo
10:00 - 15:59 Lego Spike Hub
10:00 - 15:59 ADSB Demo and Paper Airplanes
11:30 - 11:55 Steal This Drone: High-Assurance Cyber Military Sy . . . Darren Cofer
11:30 - 12:59 AIAA CubeSat Hacking Workshop - Virtual Lab #1
12:00 - 12:25 Threat Modeling for Space Hitchhikers James Pavur
12:30 - 12:55 Evaluating Wireless Attacks on Real-World Avionics . . . Leeloo Granger
13:00 - 13:50 Unboxing the Spacecraft Software BlackBox – Hunt . . . Brandon Bailey
13:00 - 15:59 Understanding Space in the Cyber Domain
14:00 - 15:59 AIAA CubeSat Hacking Workshop - Virtual Lab #2
14:00 - 14:25 Don’t fear the BUS, it won’t run you over. Nicholas Childs
14:30 - 14:55 CPDLC: Man-in-the-middle attacks and how to defend . . . Joshua Smailes
15:00 - 15:25 Developing Aerospace Security Training 3D Models Kevin Hood
15:30 - 15:55 Collecting CANs: a Bridge Less Traveled Peace Barry
16:00 - 16:25 Holistic View of a Flight with Crowd Sourced Data Allan Tart
Saturday
09:30 - 10:50 VDP in aviation: Experiences and lessons learnt as . . . Matt Gaffney
09:00 - 17:59 A-ISAC CTF -- Pre-registration Required
09:00 - 16:59 California Cyber Innovation Challenge CTF -- Pre-r . . .
10:00 - 15:59 Antenny
10:00 - 15:59 ARINC 429 Lab
10:00 - 15:59 Deep Space Networking
10:00 - 15:59 Hack-A-Sat2 Satellite Platform
10:00 - 15:59 HACMS Live Demo
10:00 - 15:59 Lego Spike Hub
10:00 - 12:59 Understanding Space in the Cyber Domain
10:00 - 15:59 ADSB Demo and Paper Airplanes
11:30 - 12:59 AIAA CubeSat Hacking Workshop - Virtual Lab #3
11:30 - 11:55 Defending the Unmanned Aerial Vehicle: Advancement . . . Jason Whelan
11:00 - 11:59 Decoding NOAA Weather Sat Signals
12:00 - 12:25 Federal Perspective on Aerospace Cybersecurity Larry Grossman,Steve Lucz . . .
12:30 - 13:20 Lost In Space: No-one Can Hear Your Breach (Choose . . . Elizabeth Wharton
12:00 - 15:59 In Space, No One Can Hear You Hack
14:00 - 15:59 AIAA CubeSat Hacking Workshop - Virtual Lab #4
14:30 - 14:55 True Story: Hackers in the Aerospace Sector Declyn S.,Ginny Spicer,Ol . . .
15:00 - 15:50 Drone Security Research Series – Ep6 Hacking wit . . . Matt Gaffney
16:00 - 16:25 Fuzzing NASA Core Flight System Software Ronald Broberg
22:30 - 23:30 The Hangar – Cocktail Making Event

Return to Index


AVV - Adversary Village


Hours: Fri: 11:00 - 21:00 - Sat: 10:00 - 21:00 - Sun: 10:00 - 17:00
Home Page: https://adversaryvillage.org/index.html
Sched Page: https://adversaryvillage.org/adversary-events/DEFCON-29/
DC Discord Chan: https://discord.com/channels/708208267699945503/865456992101466192



PDT Times Title speaker
Friday
12:00 - 12:15 Adversary Village Kick-off Abhijith B R
12:15 - 12:59 Adversary Village Keynote David Kennedy
13:00 - 13:45 Look at me, I'm the Adversary now: Introduction to . . . Samuel Kimmons
13:45 - 14:45 From On-Prem to the Cloud - Hybrid AD attack path Sergey Chubarov
14:45 - 15:45 Exploiting Blue Team OPSEC failures with RedELK Marc Smeets
15:45 - 16:45 Everything is a C2 if you're brave enough Luis Ángel Ramírez Mend . . .
16:45 - 17:45 Designing a C2 Framework Daniel "Rasta" Duggan
17:45 - 19:59 (Workshop) Tradecraft Development in Adversary Sim . . . Fatih Ozavci
20:00 - 20:59 Panel discussion: Adversary simulation, emulation . . . Tomer Bar,Samuel Kimmons, . . .
Saturday
10:00 - 10:59 The Way of The Adversary Phillip Wylie
11:00 - 13:15 (Workshop) From zero to hero: creating a reflectiv . . . Jean Francois Maes
13:15 - 13:59 (Tool Demo) Red Team Credentials Reconnaissance (O . . . Shantanu Khandelwal
14:00 - 14:59 Operation Bypass: Catch My Payload If You Can Matthew Eidelberg
15:00 - 15:45 (Tool Demo) PurpleSharp: Automated Adversary Simul . . . Mauricio Velazco
15:45 - 16:30 Phish Like An APT Sanne Maasakkers
16:30 - 17:15 (Tool Demo) Tenacity: An Adversary Emulation Tool . . . Atul Nair,Harshal Tupsamu . . .
17:15 - 18:15 C2Centipede: APT level C2 communications for commo . . . Jose Garduno
18:15 - 18:45 Lightning talk: Autonomous lateral movement Stephan Wampouille
18:45 - 19:45 Game Theory: Understanding and Strategy and Decept . . . Juneau Jones
19:45 - 20:30 (Tool Demo) New generation of PEAS Carlos Polop
20:30 - 21:30 Panel discussion: Is Adversary Emulation Too ___ F . . . Jamie Williams,Cat Self,T . . .
Sunday
10:00 - 10:59 Panel discussion: Resilient cyber space: The role . . . Abhijith B R,Jay Turla,Ma . . .
11:00 - 11:45 (Tool Demo) Prelude Operator David Hunt,Alex Manners
11:45 - 12:30 APT: A Short History and An Example Attack Mark Loveless
12:30 - 13:15 (Tool Demo) ImproHound - Identify AD tiering viola . . . Jonas Bülow Knudsen
13:15 - 14:15 Scaling Up Offensive Pipelines Gil Biton
14:15 - 15:15 Signed, Sealed, Delivered: Comparing Chinese APTs . . . Cheryl Biswas
15:15 - 15:59 How I got COVID in a RedTeam: Social engineering a . . . Daniel Isler
16:00 - 16:59 Adversary Village Closing Ceremony Adversary Village Team

Return to Index


BCV - Blockchain Village


Hours: Fri: 10:00 - 17:30 - Sat: 10:00 - 18:00 - Sun: 10:00 - 13:30
Home Page: https://www.blockchainvillage.net/
Sched Page: https://www.blockchainvillage.net/schedule-2021/
DC Discord Chan: https://discord.com/channels/708208267699945503/732733136408019084



PDT Times Title speaker
Thursday
17:00 - 16:59 COSTA (Coinbase Secure Trait Analyzer) Peter Kacherginsky
17:00 - 16:59 DeFi Must Change or Hacks Will Accelerate Kadan Stadelmann
21:00 - 20:59 Flash Loans Demystified Anto Joseph
21:00 - 20:59 Blockchain as a Threat Modeling Thinking Tool Shinchul Park, Graduate S . . .
21:00 - 20:59 Subtle and Not So Subtle Ways to Lose Your Cryptoc . . . Josh McIntyre
21:00 - 20:59 Will Secure Element Really Help Strengthen the Sec . . . Byeongcheol Yoo
21:00 - 20:59 Scaling Blockchains: A Novel Approach Colin Cantrell
21:00 - 20:59 Towards Understanding the Unlimited Approval in Et . . . Dabao Wang
21:00 - 20:59 Preventing Sandwich Attacks on DeFi Protocols usin . . . Gokul Alex
Friday
10:00 - 10:15 Welcome Note
10:15 - 11:30 Key Note
11:30 - 11:59 BCOS Village Contest Overview Reddcoin
12:00 - 12:30 Polyswarm Talk Kevin Leffew
13:00 - 13:59 Catching (and Fixing) an Unlimited Burn Vulnerabil . . . Nadir Akhtar
14:30 - 15:59 Workshop - Decentralized Cloud
14:00 - 14:30 Blockchain Security Tools Mila Paul
16:00 - 16:30 Surviving 51% Attacks on Blockchains Yaz Khoury
16:30 - 17:30 Do You Really Own Your NFTs? Francesco Piccoli,Steven . . .
Saturday
10:00 - 10:15 Welcome Note Nathan,Ron Stoner
10:15 - 11:30 Key Note – The Three Amigos: Money Laundering, C . . . Daniel Garrie,David Cass
11:30 - 11:59 Tryptich Talk Sarang Noether, Ph.D.
12:00 - 12:59 Ethereum Hacks & How to Stop Them Michael Lewellen
13:00 - 13:30 Certified Ethereum Professional (CEP) Overview Abstrct
13:30 - 13:59 Sla(sh*t)ing happens when you stake Nadir Akhtar,Y L
14:00 - 14:59 EIP-1559 Panel
15:00 - 15:59 Evils in the DeFi world Minzhi He,Peiyu Wang
16:00 - 16:30 The Wild West of DeFi Exploits Anna Szeto
Sunday
10:15 - 11:30 Surviving DeFi: How to Prevent Economic Attacks Jan Gorzny
10:00 - 10:15 Welcome Note Nathan,Ron Stoner
11:30 - 12:30 Breaking Future Crypto Custody Mehow Powers,Chris Odom

Return to Index


BHV - Bio Hacking Village


Home Page: https://www.villageb.io/
DC Discord Chan: https://discord.com/channels/708208267699945503/735273390528528415



PDT Times Title speaker
Thursday
07:00 - 06:59 Table Top Exercise - Deus Ex Machina (Pre-registra . . .
10:00 - 13:59 Biohacking Village CTF: Hospital Under Siege (Pre- . . .
Friday
10:00 - 10:45 Biohacking Village Welcome Keynote Nina Alli
10:00 - 17:59 Biohacking Village CTF: Hospital Under Siege (Pre- . . .
11:00 - 11:45 The Digital Physiome - How wearables can (and are) . . . Jennifer Goldsack,Jessily . . .
12:00 - 12:59 The Next Critical Infrastructure: Understanding th . . . Charles Fracchia,Nathan C . . .
13:30 - 14:30 At least ten questions for “Bad HIPPA Takes” ( . . . Lucia Savage
13:00 - 13:30 "Who Bears the Risk?" Why a Market Incentives Pers . . . Matt McMahon,Shannon Lant . . .
14:30 - 14:59 Open-Source Vaccine Developer Kits (VDKs) with RaD . . . Alex Hoekstra
15:00 - 15:30 Truth, Trust, and Biodefense Eric Perakslis
15:30 - 15:59 Healthcare Innovation With People of All Abilities Joel Isaac,Pia Zaragoza
16:00 - 16:59 No Aggregation Without Representation Andrea Downing
17:00 - 17:30 Lets Get Real About The Future State of Healthcare Christian Dameff,Jeff 'R3 . . .
Saturday
10:00 - 10:59 How to Not Miss The Point: Reflections on Race, He . . . Nia Johnson
10:00 - 17:59 CTF: Hospital Under Siege (Pre-registration requir . . .
11:00 - 11:59 Chinese Military Bioweapons and Intimidation Opera . . . RedDragon
12:30 - 13:30 Cloud security for healthcare and life sciences MIchelle Holko
13:30 - 13:59 Securing the Internet of Biological Things Thom Dixon
14:00 - 14:59 The Real Story on Patching Medical Devices Michael Murray
15:00 - 16:45 OWASP & CSA IoT: Impacting Medical Security Aaron Guzman
16:45 - 16:59 A Cohort of Pirate Ships Alex Pearlman
17:00 - 17:30 The Little Things Mixæl Laufer
17:30 - 17:59 Playing with FHIR: hacking and securing healthcare . . . Alissa Knight,Mitch Parke . . .
Sunday
07:00 - 06:59 Table Top Exercise - Biologia et Machina (Pre-regi . . .
10:30 - 10:59 Internet-of-Ingestible-Things Security by Design Mariam Elgabry
10:00 - 10:30 Cyber Defense Matrix in Healthcare Sounil Yu
10:00 - 12:59 CTF: Hospital Under Siege (Pre-registration requir . . .
11:00 - 11:59 Fishing or Hunting Ohad Zaidenberg
12:00 - 12:59 Red vs Blue vs Green : The ultimate battle of opin . . . Ken Kato,Vee Schmitt
13:30 - 13:59 It takes a village: Why you should join the Biohac . . . Rob Suárez
13:00 - 13:30 The Security of Your Digital DNA, from Inception t . . . Garrett Schumacher
14:00 - 14:30 Biohacking Village Wrap-Up

Return to Index


BICV - Blacks in Cybersecurity


Hours: Fri: 10:00 - 17:00 - Sat: 10:00 - 17:00
Home Page: https://www.blacksincyberconf.com/
Sched Page: https://www.blacksincyberconf.com/bic-village



PDT Times Title speaker
Friday
10:30 - 10:30 Why don’t we have IoT, daddy? Jessica Hoffman
12:30 - 12:30 The Action Plan for Cyber Diversity! Keith Chapman
14:30 - 14:30 The Big Cleanup: Tackling The Remnants of Systemat . . . Maurice Turner
Saturday
10:30 - 10:30 Black Cyber Exodus: The Mis-Education (Certificati . . . Stephen Pullum
12:30 - 12:30 The OPSEC of Protesting Ochaun Marshall
14:30 - 14:30 40 cores and a CPU Nico "Socks" Smith
16:30 - 16:30 How Bias and Discrimination in Cybersecurity will . . . Tennisha Martin

Return to Index


BTV - Blue Team Village


Home Page: https://blueteamvillage.org/
Sched Page: https://dc29.blueteamvillage.org/call-for-content-2021/schedule/
DC Discord Chan: https://discord.com/channels/708208267699945503/732454317658734613



PDT Times Title speaker
Friday
09:30 - 10:30 Yeet the leet with Osquery (Effective Threathuntin . . . Sebastiaan Provost
09:30 - 10:59 Attack and Detect with Prelude Operator and Securi . . . Wes Lambert
10:45 - 11:45 Velociraptor - Dig Deeper Mike Cohen
10:45 - 12:15 Windows Forensics 101 (Beginner) Surya Teja Masanam
12:00 - 12:30 This is what we thought would happen in 2021 Gert-Jan Bruggink
13:30 - 13:59 Forensicating Endpoint Artifacts in the World of C . . . Renzon Cruz
14:15 - 15:15 Adventures in Pro Bono Digital Forensics Work John Bambenek
14:00 - 17:59 MacOs Workshop - Hunt for Red Apples: Ocean Lotus . . . Cat Self,plug,Ben Bornhol . . .
15:30 - 16:30 Uncovering covert network behaviors within critica . . . Michael Raggo,Chester Hos . . .
16:45 - 17:15 A SERVERLESS SIEM: DETECTING ALL BADDIES ON A BUDG . . . Chen Cao
16:30 - 17:59 Watch Out! And just skip the packer Felipe Duarte
17:30 - 17:59 Scope X: Hunt in the Ocean! Meisam Eslahi
Saturday
09:00 - 09:15 I know who has access to my cloud, do you? Igal Flegmann
09:00 - 10:30 Wireshark for Incident Response & Threat Hunting Michael Wylie
10:15 - 11:15 Use DNS to detect your domains are abused for phis . . . Karl Lovink a.k.a. Cyb0rg . . .
11:30 - 11:59 What Machine Learning Can and Can't Do for Securit . . . Wendy Edwards
11:00 - 12:30 Tricks for the Triage of Adversarial Software Dylan Barker,Quinten Bowe . . .
11:00 - 12:30 BTV Presents: Malware Station - Maldoc Workshop Clay (ttheveii0x)
12:15 - 12:45 How do you ALL THE CLOUDS? henry
13:45 - 14:15 Leveraging NGFWs for Threat Hunting Drimacus
14:30 - 15:30 Modern Authentication for the Security Admin Bailey Bercik,Mark Morowc . . .
14:00 - 15:30 BTV Presents: Forensics Station - Workshop 1 Omenscan
14:00 - 17:59 MacOs Workshop - Hunt for Red Apples: Ocean Lotus . . . Cat Self,plug,Ben Bornhol . . .
15:45 - 16:45 Uncomfortable Networking Charles Rumford
16:30 - 17:59 Ransomware ATT&CK and Defense with the Elastic Sta . . . Ben Hughes,Daniel Chen,Fr . . .
17:00 - 17:30 Structured Analytical Techniques for Improving Inf . . . Rabbit
Sunday
10:00 - 10:59 BTV Presents: Threat Report Roulette Blind Hacker JoeB,Will Th . . .
11:15 - 12:15 BTV Presents: Welcome to #IRLIFE. A live IR TableT . . . Clay (ttheveii0x),plug,Ch . . .
12:30 - 12:59 Year of Mentoring: BTV’s Meet-a-Mentor Turns One muteki
13:30 - 13:59 BTV Closing Ceremony

Return to Index


CAHV - Career Hacking Village


Home Page: https://www.youtube.com/CareerHackingVillage
DC Discord Chan: https://discord.com/channels/708208267699945503/732732774347309077



PDT Times Title speaker
Friday
12:00 - 12:59 F**k You, Pay Me - Knowing your worth and getting . . . Alyssa Miller,Liana McCre . . .
12:00 - 15:59 Resume Reviewing
12:00 - 15:59 Career Coaching
13:00 - 13:59 Hacking Your Career: The Options Chris Sperry,Deb Herrity, . . .
14:00 - 14:59 Making the Leap - Changing Careers Danyelle Davis
15:00 - 15:59 This Job Ad Sucks Kirsten Renner
Saturday
12:00 - 12:59 National Service Panel Amelie Koran,Elizabeth Sc . . .
12:00 - 15:59 Resume Reviewing
12:00 - 15:59 Career Coaching
13:00 - 13:59 Selling Yourself as a Security Professional Preston Pierce
14:00 - 14:59 Career Hacking: Tips and Tricks to Making the Most . . . Andy Piazza

Return to Index


CCV - Cryptocurrency Village


Home Page: https://cryptocurrencyvillage.net/
Sched Page: https://cryptocurrencyvillage.net/#schedule
DC Discord Chan: https://discord.com/channels/708208267699945503/732733510288408676



PDT Times Title speaker
Friday
11:00 - 11:30 Getting Started with Decentralized Object Storage Storj Team
12:30 - 12:59 Privacy on Public Blockchains with SGX Secret Network Team
14:00 - 14:59 Hardware Wallet Show and Tell Michael Schloh von Bennew . . .
16:00 - 16:30 State of Cryptocurrency Ransomware AMA Guillermo Christensen
Saturday
10:00 - 10:15 What Is Zero Knowledge Sarang Noether, Ph.D.
13:00 - 13:15 Monero Scaling Opportunities and Challenges Francisco Cabañas
15:00 - 15:15 Triptych Sarang Noether, Ph.D.
16:30 - 16:59 Cryptocurrency Trivia! Justin Ehrenhofer
17:00 - 17:15 Monero After Party Monero Sound
Sunday
11:00 - 11:59 DEX trading without leaking your identity: RAILGUN Railgun Team

Return to Index


CHV - Car Hacking Village


Hours: Fri: 10:00 - 16:30 - Sat: 10:00 - 16:30
Home Page: https://www.carhackingvillage.com/
DC Discord Chan: https://discord.com/channels/708208267699945503/732722838942777474



PDT Times Title speaker
Friday
10:00 - 10:59 Ready, fire aim: Hacking State and Federal Law Enf . . . Alissa Knight
11:00 - 11:59 Remotely Rooting Charging Station for fun and mayb . . . Huajiang "Kevin2600" Chen . . .
12:00 - 12:59 Commercial Transportation: Trucking Hacking Ben Gardiner
13:00 - 13:59 From CTF to CVE Bill Hatzer
14:00 - 14:59 Bug Hunter's Guide to Bashing for a Car Hacking Bu . . . Jay Turla
15:00 - 15:59 Remote Adversarial Phantom Attacks against Tesla a . . . Ben Nassi
Saturday
11:00 - 11:59 My other car is your car: compromising the Tesla M . . . Lennert Wouters
12:00 - 12:59 Not so Passive: Vehicle Identification and Trackin . . . Nick Ashworth
13:00 - 13:59 Fuzzing CAN / CAN FD ECU's and Network Samir Bhagwat
14:00 - 14:59 Build Automotive Gateways with Ease Don Hatfield
15:00 - 15:59 Safety Third: Defeating Chevy StabiliTrak for Trac . . . Eric Gershman

Return to Index


CLV - Cloud Village


Hours: Fri: 10:00 - 17:00 - Sat: 10:00 - 17:00 - Sun: 10:00 - 13:20
Home Page: https://cloud-village.org/
Sched Page: https://cloud-village.org/#talks
DC Discord Chan: https://discord.com/channels/708208267699945503/732733373172285520



PDT Times Title speaker
Friday
07:00 - 12:15 Cloud Village CTF - Registration
10:00 - 10:15 Cloud Village Opening Keynote
10:15 - 10:59 Detection Challenges in Cloud Connected Credential . . . Rod Soto
11:00 - 12:15 Cloud Village CTF
11:00 - 11:45 The Fault in Our Stars - Attack vectors for APIs u . . . Alexandre Sieira,Leonardo . . .
11:45 - 12:05 Exploiting the O365 Duo 2FA Misconfiguration (Ligh . . . Cassandra Young
12:05 - 12:50 Attacking Modern Environments Series: Attack Vecto . . . Mazin Ahmed
12:50 - 13:20 Kubernetes Goat - Kubernetes Security Learning (To . . . Madhu Akula
13:20 - 14:05 Hunting for AWS Exposed Resources Felipe Pr0teus Espósito
14:05 - 14:35 WhoC - Peeking under the hood of CaaS offerings Yuval Avrahami
14:35 - 16:59 Kubernetes Security 101: Best Practices to Secure . . . Magno Logan
Saturday
10:00 - 10:45 Extracting all the Azure Passwords Karl Fosaaen
10:45 - 11:30 Windows Server Containers are Broken - Here's How . . . Daniel Prizmant
11:30 - 12:15 AWS cloud attack vectors and security controls Kavisha Sheth
12:15 - 12:45 Using Barq to perform AWS Post-Exploitation Action . . . Mohammed Aldoub
12:45 - 13:30 Shift Left Using Cloud: Implementing baseline secu . . . Avinash Jain
13:30 - 13:50 CSPM2CloudTrail - Extending CSPM Tools with (Near) . . . Rodrigo "Sp0oKeR" Montoro
13:50 - 14:35 Azure Active Directory Hacking Wars Batuhan Sancak
14:35 - 16:59 Onions In the Cloud Make the CISO Proud (Workshop) Wes Lambert
Sunday
10:00 - 10:45 Identifying toxic combinations of permissions in y . . . Michael Raggo
10:45 - 11:15 I know who has access to my cloud, do you? Igal Flegmann
11:15 - 11:59 Understanding common Google Cloud misconfiguration . . . Joshua Jebaraj
12:00 - 12:20 PK-WHY Kevin Chen
12:20 - 13:05 Cloud Security Orienteering Rami McCarthy
13:05 - 13:20 Cloud Village Closing Keynote

Return to Index


CON - Contests





PDT Times Title speaker
Thursday
10:00 - 16:59 Tin Foil Hat Contest
18:00 - 17:59 AutoDriving CTF
Friday
00:00 - 23:59 Coindroids
06:00 - 11:59 DEF CON Bike Ride
09:00 - 15:59 Darknet-NG
10:00 - 19:59 DEF CON 29 CTF by OOO
10:00 - 17:30 OpenSOC Blue Team CTF
10:00 - 14:59 Secure Coding Tournament CTF
10:00 - 16:59 Red Team Village CTF - Qualifiers Part 1
10:00 - 17:59 Red Alert ICS CTF
10:00 - 13:59 Beverage Cooling Contraption Contest
10:00 - 23:55 Car Hacking CTF
10:00 - 15:59 CMD+CTRL
10:00 - 15:59 Hack3r Runw@y
10:00 - 11:59 DEF CON Scavenger Hunt
12:00 - 17:59 Blacks in Cybersecurity CTF
17:00 - 19:59 EFF Tech Trivia
20:00 - 21:59 Hacker Jeopardy
22:00 - 23:59 Whose Slide Is It Anyway
Saturday
09:00 - 15:59 OpenSOC Blue Team CTF
09:00 - 09:59 Trace Labs OSINT Search Party CTF - Briefing
09:00 - 16:59 Darknet-NG
10:00 - 19:59 DEF CON 29 CTF by OOO
10:00 - 11:59 Red Team Village CTF - Qualifiers Part 2
10:00 - 17:59 Red Alert ICS CTF
10:00 - 15:59 Trace Labs OSINT Search Party CTF
10:00 - 15:59 CMD+CTRL
10:00 - 15:59 Hack3r Runw@y
12:00 - 12:59 Red Team Village CTF - Qualifier Prizes and Announ . . .
13:00 - 16:59 Red Team Village CTF - Finals Part 1
17:00 - 17:59 Trace Labs OSINT Search Party CTF - Award Ceremony
20:00 - 21:59 Hacker Jeopardy
20:00 - 21:59 Drunk Hacker History
Sunday
09:00 - 23:59 Darknet-NG
10:00 - 13:59 DEF CON 29 CTF by OOO
10:00 - 11:59 Red Team Village CTF - Finals Part 2
12:00 - 12:59 Red Team Village CTF - Closing Ceremony

Return to Index


CPV - Crypto Privacy Village


Home Page: https://cryptovillage.org/
DC Discord Chan: https://discord.com/channels/708208267699945503/732734002011832320



PDT Times Title speaker
Friday
10:00 - 10:59 New Face, Who Dis? Protecting Privacy in an Era of . . . Mike Kiser
11:00 - 11:30 Welcome to Gold Bug
11:30 - 12:30 How expensive is quantum factoring, really? Craig Gidney
12:30 - 13:10 CPV Through the Looking-Glass: How to Backdoor Dif . . .
14:00 - 14:45 Playing God: How ambiguities in state and federal . . . Anthony Hendricks,Jordan . . .
14:45 - 14:59 Lightning Talk: Differential Privacy and Census Da . . . Wendy Edwards
15:30 - 16:30 CPV Through the Looking-Glass: Adversarial Fashion . . .
15:00 - 15:30 So What? The CFAA after Van Buren Kendra Albert
16:30 - 17:30 Piecing Together Your Personal Privacy Profile Margaret Fero
Saturday
10:00 - 11:30 CPV Through the Looking-Glass: Cryptography Codes . . .
10:00 - 17:30 Workshop & CTF: Practical Cryptographic Attacks Daniel Crowley
11:30 - 12:30 Breaking Historical Ciphers with Modern Algorithms Elonka Dunin,Klaus Schmeh
12:30 - 13:15 CPV Through the Looking-Glass: Cryptanalysis in th . . .
14:00 - 14:59 Staying Fresh While the Feds Watch: Changes in Gov . . . Anthony Hendricks
15:00 - 15:30 CPV Through the Looking-Glass: Hacking on Multi-Pa . . .
15:30 - 16:30 Gold Bug Q&A
16:30 - 17:30 The threat hiding in daylight: Police Monitoring l . . . Vic Huang,Joy Ho
Sunday
10:00 - 10:35 CPV Through the Looking-Glass: Cicada (DC 26)
10:35 - 13:59 CPV Through the Looking-Glass: CPV Day 3 (DC 28)
10:00 - 13:59 Workshop: Practically Protecting Phone Privacy (Pr . . . Mauricio Tavares,Matt Nas . . .

Return to Index


DC - DEF CON Talks


Home Page: https://defcon.org/html/defcon-29/dc-29-index.html
Sched Page: https://defcon.org/html/defcon-29/dc-29-schedule.html



PDT Times Title speaker
Thursday
07:00 - 19:59 DEF CON Human Registration (Badge Pickup) Open
09:00 - 20:59 Chillout Lounges djdead,DJ Pie & Darren,ka . . .
Friday
08:00 - 16:59 DEF CON Human Registration (Badge Pickup) and Vacc . . .
09:00 - 20:59 Chillout Lounges djdead,DJ Pie & Darren,ka . . .
09:00 - 09:59 Welcome to Discord Dark Tangent
09:00 - 09:59 Making the DEF CON 29 Badge Katie Whiteley,Michael Wh . . .
10:00 - 10:59 Welcome To DEF CON - Dark Tangent & Making the DEF . . . Dark Tangent,Katie Whitel . . .
10:00 - 10:45 Gone Apple Pickin': Red Teaming macOS Environments . . . Cedric Owens
10:00 - 10:59 HTTP/2: The Sequel is Always Worse James Kettle
10:00 - 19:59 DEF CON Vendor Area Open
10:00 - 10:59 Community Roundtable - (De)Criminalizing Hacking A . . .
11:00 - 11:45 2021 - Our Journey Back To The Future Of Windows V . . . Eran Segal,Tomer Bar
11:00 - 11:59 Caught you - reveal and exploit IPC logic bugs ins . . . Chuanda Ding,Yuebin Sun,Z . . .
11:30 - 12:30 Community Roundtable - We can build it. We have th . . .
11:30 - 12:30 Community Roundtable - Toward a Global IoT Code of . . .
12:00 - 12:59 DHS REBOOTING CRITICAL INFRASTRUCTURE PROTECTION P . . . Lily Newman,Alexander Kli . . .
12:00 - 12:20 Your House is My House: Use of Offensive Enclaves . . . Dimitry "Op_Nomad" Snezhk . . .
12:00 - 12:20 Do you like to read? I know how to take over your . . . Slava Makkaveev
12:30 - 12:50 The Mechanics of Compromising Low Entropy RSA Keys Austin Allshouse
12:30 - 12:50 Worming through IDEs David Dworken
13:00 - 13:59 Ransomeware’s Big Year – from nuisance to “s . . . DEF CON Policy Panel
13:00 - 13:45 Sleight of ARM: Demystifying Intel Houdini Brian Hong
13:00 - 13:59 eBPF, I thought we were friends! Guillaume Fournier,Sylvai . . .
13:00 - 13:59 Policy Debrief - Myths and Legends of Section 230
14:00 - 14:45 MAVSH> Attacking from Above Sach
14:00 - 14:45 Hacking Humans with AI as a Service Eugene Lim,Glenice Tan,Ta . . .
14:00 - 14:59 Rotten code, aging standards, & pwning IPv4 parsin . . . Kelly Kaoudis,Sick Codes
14:30 - 15:30 Community Roundtable - Zero Trust, Critical Softwa . . .
14:30 - 15:30 Policy Debrief - Global Cyber Capacity Building - . . .
15:00 - 15:59 UFOs: Misinformation, Disinformation, and the Basi . . . Richard Thieme AKA neural . . .
15:00 - 15:45 Abusing SAST tools! When scanners do more than jus . . . Rotem Bar
15:00 - 15:59 ProxyLogon is Just the Tip of the Iceberg, A New A . . . Orange Tsai
15:30 - 16:30 Community Roundtable - 10 years after SOPA: where . . .
16:00 - 16:59 Defending against nation-state (legal) attack: how . . . Bill "Woody" Woodcock
16:00 - 16:45 Bundles of Joy: Breaking macOS via Subverted Appli . . . Patrick Wardle
16:00 - 16:59 The Unbelievable Insecurity of the Big Data Stack: . . . Sheila A. Berta
16:00 - 16:59 Community Roundtable - Volunteer Hacker Fire Depar . . .
17:00 - 18:59 Do No harm; Health Panel : Live version - A DEF CO . . . DEF CON Policy Panel
17:00 - 17:45 Phantom Attack: Evading System Call Monitoring Junyuan Zeng,Rex Guo
17:00 - 17:59 Warping Reality - creating and countering the next . . . PatH
18:00 - 18:45 Response Smuggling: Pwning HTTP/1.1 Connections Martin Doyhenard
18:00 - 18:59 How I use a JSON Deserialization 0day to Steal You . . . Hao Xing,Zekai Wu
20:00 - 21:59 DEF CON Movie Night - Tron
Saturday
09:00 - 16:59 DEF CON Human Registration (Badge Pickup) and Vacc . . .
09:00 - 20:59 Chillout Lounges djdead,DJ Pie & Darren,ka . . .
10:00 - 19:59 DEF CON Vendor Area Open
10:00 - 10:59 Privacy Without Monopoly: Paternalism Works Well, . . . Cory Doctorow
10:00 - 10:45 High-Stakes Updates | BIOS RCE OMG WTF BBQ Jesse Michael,Mickey Shka . . .
10:00 - 10:45 Crossover Episode: The Real-Life Story of the Firs . . . Chad Rikansrud (Bigendian . . .
10:00 - 10:59 Community Roundtable - Supply Chain in the COVID E . . .
10:00 - 10:59 Community Roundtable - We need to talk about Norm . . .
11:00 - 11:59 Wibbly Wobbly, Timey Wimey – What's Really Insid . . . Alexander Heinrich,jiska
11:00 - 11:45 UPnProxyPot: fake the funk, become a blackhat prox . . . Chad Seaman
11:30 - 12:30 Community Roundtable - If only you knew
12:00 - 12:59 Bring Your Own Print Driver Vulnerability Jacob Baines
12:00 - 12:20 Racketeer Toolkit. Prototyping Controlled Ransomwa . . . Dimitry "Op_Nomad" Snezhk . . .
12:00 - 12:20 Time Turner - Hacking RF Attendance Systems (To Be . . . Vivek Nair
12:30 - 12:50 Hack the hackers: Leaking data over SSL/TLS Ionut Cernica
12:30 - 12:50 A new class of DNS vulnerabilities affecting many . . . Ami Luttwak,Shir Tamari
13:00 - 13:59 TEMPEST radio station Paz Hameiri
13:00 - 13:45 PINATA: PIN Automatic Try Attack Salvador Mendoza
13:00 - 13:45 Defeating Physical Intrusion Detection Alarm Wires Bill Graydon
13:00 - 14:59 Community Roundtable - RANSOMWARE: Combatting Rans . . .
14:00 - 14:59 Sneak into buildings with KNXnet/IP Claire Vacherot
14:00 - 14:45 SPARROW: A Novel Covert Communication Scheme Explo . . . Chuck McAuley,Reza Soosah . . .
14:00 - 14:45 Over-the-air remote code execution on the DEF CON . . . Seth Kintigh
15:00 - 15:45 Hacking G Suite: The Power of Dark Apps Script Mag . . . Matthew Bryant
15:00 - 15:45 Central bank digital currency, threats and vulnera . . . Ian Vitek
15:00 - 15:59 Breaking Secure Bootloaders Christopher Wade
16:00 - 16:45 New Phishing Attacks Exploiting OAuth Authenticati . . . Jenko Hwong
16:00 - 16:45 PunkSPIDER and IOStation: Making a Mess All Over t . . . _hyp3ri0n aka Alejandro C . . .
16:00 - 16:59 Adventures in MitM-land: Using Machine-in-the-Midd . . . Eyal Karni,Sagi Sheinfeld . . .
16:00 - 16:59 Community Roundtable - Thinking About Election Sec . . .
16:00 - 16:59 Community Roundtable - Implementing Cyber Solarium . . .
17:00 - 17:45 You're Doing IoT RNG Allan Cecil - dwangoAC,Da . . .
17:00 - 17:45 Hacking the Apple AirTags Thomas Roth
17:00 - 17:59 Don't Dare to Exploit - An Attack Surface Tour of . . . Steven Seeley,Yuhao Weng, . . .
18:00 - 18:59 HACKERS INTO THE UN? Engaging in the cyber discuss . . . DEF CON Policy Panel
18:00 - 18:45 Offensive Golang Bonanza: Writing Golang Malware Benjamin Kurtz
18:00 - 18:59 Vulnerability Exchange: One Domain Account For Mor . . . Tianze Ding
19:00 - 19:59 (Replay) UFOs: Misinformation, Disinformation, and . . . Richard Thieme AKA neural . . .
19:00 - 19:30 (Replay) Racketeer Toolkit. Prototyping Controlled . . . Dimitry "Op_Nomad" Snezhk . . .
20:00 - 21:59 DEF CON Movie Night - Upgrade
Sunday
09:00 - 13:59 DEF CON Human Registration (Badge Pickup) and Vacc . . .
09:00 - 20:59 Chillout Lounges DJ Pie & Darren,Louigi Ve . . .
10:00 - 15:59 DEF CON Vendor Area Open
10:00 - 10:45 A Discussion with Agent X Agent X
10:00 - 10:59 Hi! I'm DOMAIN\Steve, please let me access VLAN2 Justin Perdok
10:00 - 10:59 Taking Apart and Taking Over ICS & SCADA Ecosystem . . . Mars Cheng,Selmon Yang
11:00 - 11:45 The PACS-man Comes For Us All: We May Be Vaccinate . . . Anze Jensterle,Babak Java . . .
11:00 - 11:45 Glitching RISC-V chips: MTVEC corruption for harde . . . Adam 'pi3' Zabrocki,Alex . . .
11:00 - 11:59 Fuzzing Linux with Xen Tamas K Lengyel
12:00 - 12:45 DoS: Denial of Shopping – Analyzing and Exploiti . . . Joseph Gabay
12:00 - 12:45 No Key? No PIN? No Combo? No Problem! P0wning ATMs . . . Roy Davis
12:00 - 12:59 Breaking TrustZone-M: Privilege Escalation on LPC5 . . . Laura Abbott,Rick Altherr
13:00 - 13:45 Extension-Land: exploits and rootkits in your brow . . . Barak Sternberg
13:00 - 13:45 Why does my security camera scream like a Banshee? . . . Rion Carter
13:00 - 13:59 Timeless Timing Attacks Mathy Vanhoef,Tom Van Goe . . .
14:00 - 14:45 Robots with lasers and cameras (but no security): . . . Dennis Giese
14:00 - 14:45 Old MacDonald Had a Barcode, E-I-E-I CAR Richard Henderson
14:00 - 14:20 Instrument and Find Out: Writing Parasitic Tracers . . . Jeff Dileo
14:30 - 14:50 The Agricultural Data Arms Race: Exploiting a Trac . . . Sick Codes
15:00 - 15:59 (CANCELED) Discord Closing Ceremonies Dark Tangent
16:00 - 16:59 DEF CON Closing Ceremonies, Black Badge Ceremonies Dark Tangent

Return to Index


DDV - Data Duplication Village


Hours: Thur: 16:00 - 19:00 - Fri: 10:00 - 17:00 - Sat: 10:00 - 17:00 - Sun: 10:00 - 11:00
Home Page: https://dcddv.org/
Sched Page: https://dcddv.org/dc29-schedule
DC Discord Chan: https://discord.com/channels/708208267699945503/732732641694056478



PDT Times Title speaker
Thursday
15:00 - 18:59 Data Duplication Village - Open for dropoff only
Friday
10:00 - 16:59 Data Duplication Village - Open
Saturday
10:00 - 09:59 Data Duplication Village - Open
Sunday
10:00 - 10:59 Data Duplication Village - Last Chance Pickup Only

Return to Index


DL - DEF CON DemoLabs


Home Page: https://forum.defcon.org/node/236373



PDT Times Title speaker
Friday
10:00 - 11:50 AIS Tools Gary Kessler
10:00 - 11:50 Mooltipass Mathieu Stephan
10:00 - 11:50 WiFi Kraken Lite Mike Spicer,Henry Hill
12:00 - 13:50 Solitude Dan Hastings
12:00 - 13:50 Siembol Marian Novotny
14:00 - 15:50 Kubestriker Vasant Chinnipilli
14:00 - 15:50 Zuthaka Lucas Bonastre
14:00 - 15:50 Open Bridge Constantine Macris
14:00 - 15:50 Empire Anthony "Cx01N" Rose,Vinc . . .
Saturday
10:00 - 11:50 Kubernetes Goat Madhu Akula
10:00 - 11:50 Ruse Mike Kiser
10:00 - 11:50 PMapper Erik Steringer
10:00 - 11:50 Depthcharge Jon Szymaniak
12:00 - 13:50 Tracee Yaniv Agman
12:00 - 13:50 USBSamurai Luca Bongiorni
12:00 - 13:50 Git Wild Hunt Rod Soto,José Hernandez
14:00 - 15:50 ParseAndC Parbati Kumar Manna
14:00 - 15:50 WiFi Kraken Lite Henry Hill
14:00 - 15:50 WiFi Kraken Lite Henry Hill
14:00 - 15:50 Shutter Dimitry "Op_Nomad" Snezhk . . .
Sunday
10:00 - 11:50 reNgine Yogesh Ojha
10:00 - 11:50 Frack William Vermaak
12:00 - 13:50 Cotopaxi Jakub Botwicz

Return to Index


HHV - Hardware Hacking and Soldering Skills Village


Hours: Fri: 09:30 - 18:00 - Sat: 08:30 - 16:30 - Sun: 09:00 - 15:30
Home Page: https://dchhv.org/
Sched Page: https://dchhv.org/schedule/schedule.html
DC Discord Chan: https://discord.com/channels/708208267699945503/732728536149786665



PDT Times Title speaker
Friday
09:30 - 09:59 Meetup: Some HHV challenges rehr
10:00 - 10:30 Hardware Hacking 101: Rogue Keyboards and Eavesdro . . . Federico Lucifredi
11:00 - 11:59 Use a PortaProg to flash, dump, and test ISP and U . . . Bradán Lane,Sara Cladlow
12:00 - 12:30 The Black Box and the Brain Box: When Electronics . . . Gigs
12:30 - 13:30 Walkthrough of DC 28 HHV Challenges rehr
13:30 - 14:30 A Lazy r2 Solve of @mediumrehr Challenge 6 Ben Gardiner
14:30 - 14:59 Meetup: PCB Proto and Rework K
15:00 - 15:30 Robo Sumo On site ShortTie
15:30 - 15:59 Meetup: Legacy Hardware K
17:30 - 17:59 Meetup: Some HHV challenges rehr
Saturday
08:30 - 08:59 Hardware Hacking 101: Rogue Keyboards and Eavesdro . . . Federico Lucifredi
09:30 - 10:30 Use a PortaProg to flash, dump, and test ISP and U . . . Bradán Lane,Sara Cladlow
10:30 - 10:59 The Black Box and the Brain Box: When Electronics . . . Gigs
11:00 - 11:59 Walkthrough of DC 28 HHV Challenges rehr
12:00 - 12:59 A Lazy r2 Solve of @mediumrehr Challenge 6 Ben Gardiner
13:00 - 13:30 Meetup: Some HHV challenges rehr
14:00 - 14:30 Meetup: Sourcing Parts & The Global Parts Shortage bombnav
15:00 - 15:30 Meetup: OSS ASIC Josh Marks
16:00 - 16:30 Meetup: Certification Processes (UL, FCC, etc.) ShortTie
Sunday
09:00 - 09:59 Walkthrough of DC 28 HHV Challenges rehr
10:00 - 10:59 A Lazy r2 Solve of @mediumrehr Challenge 6 Ben Gardiner
11:30 - 12:30 Use a PortaProg to flash, dump, and test ISP and U . . . Bradán Lane,Sara Cladlow
14:00 - 14:30 Hardware Hacking 101: Rogue Keyboards and Eavesdro . . . Federico Lucifredi
15:00 - 15:30 The Black Box and the Brain Box: When Electronics . . . Gigs

Return to Index


HRV - Ham Radio Village


Hours: Sat: 11:00 - 16:45 - Sun: 11:00 - 16:45
Home Page: https://hamvillage.org/
Sched Page: https://hamvillage.org/dc29.html
DC Discord Chan: https://discord.com/channels/708208267699945503/732733631667372103



PDT Times Title speaker
Friday
09:00 - 15:59 Ham Radio Exams
10:00 - 10:15 Ham Radio Village Opening Remarks
11:00 - 11:30 "Ask a Ham" Q&A
12:30 - 13:30 Spectrum Coordination for Amateur Radio Bryan Fields
14:00 - 14:30 Discord Practice Net
16:00 - 17:59 Remote Ham Radio Exams
Saturday
11:00 - 11:59 Amateur Radio Mesh Networking: Enabling Higher Dat . . . Tyler Gardner
12:00 - 17:59 Ham Radio Exams
13:30 - 14:30 Amateur Radio Digital Modes Primer Jon Marler
15:00 - 15:30 How to Contact the ISS with a $30 Radio Gregg Horton
16:00 - 16:30 Getting started with low power & long distance com . . . Eric Escobar
17:00 - 18:59 Remote Ham Radio Exams
Sunday
11:00 - 13:59 Ham Radio Exams
11:00 - 12:30 An Introduction to RF Test Equipment Kurits Kopf
14:00 - 14:15 Ham Radio Village Closing Commentary

Return to Index


HTSV - Hack the Sea Village


Home Page: https://hackthesea.org/
DC Discord Chan: https://discord.com/channels/708208267699945503/732733427823935589



PDT Times Title speaker
Friday
10:00 - 11:50 AIS Tools Demo (DEF CON) Gary Kessler
12:00 - 12:55 Intro to SeaTF, Salty Sensor, and Tin Foil Competi . . .
13:00 - 13:55 AIS Protocol Internals (Abridged) Gary Kessler
14:00 - 15:50 In-person broadcast via demolabs Constantine Macris
Saturday
10:00 - 10:55 OSINT Tales: What the Public Knows About Russia’ . . . H I Sutton
11:00 - 11:55 Cyber-SHIP Lab Talk and Demo Kevin Jones,Kimberley Tam
12:00 - 14:59 Hack the Sea Cabana Party
12:00 - 12:55 Cyber in the Under Sea David Strachan
13:00 - 13:55 Sea Pods Grant Romundt
14:00 - 14:55 Cyber Operations and Operational Wargames on Port . . . Tom Mouatt,Ed McGrady,Joh . . .
15:00 - 15:55 US Coast Guard 2021 Cyber Strategic Outlook Michael Chien
Sunday
10:00 - 10:55 Less Jaw Work, More Paw Work: Why We Need to Start . . . Cliff Neve
11:00 - 11:55 Hack the Wind Mary Ann Hoppa
12:00 - 12:55 Cyber Risk Management in the MTS Josie Long,Kelley Edwards
13:00 - 13:55 SeaTF, Pirate Hat, and Salty Sensor Results, Closi . . . Brian Satira

Return to Index


ICSV - IndustrialControlSystems Village


Home Page: https://www.icsvillage.com/
DC Discord Chan: https://discord.com/channels/708208267699945503/735938018514567178



PDT Times Title speaker
Friday
07:00 - 07:59 Tabletop Exercise - GRIMM
10:00 - 10:59 Keynote - PW Singer PW Singer
10:30 - 11:30 Tabletop Exercise - GRIMM
11:30 - 12:30 Your Infrastructure is Encrypted: Protecting Criti . . . David Etue,Ernie Bio,Jami . . .
12:30 - 12:59 Do We Really Want to Live in the Cyberpunk World? Mert Can Kilic
13:00 - 13:59 Tabletop Exercise - GRIMM
13:00 - 13:30 Beetlejuice: The Lessons We Should Have Learned Fo . . . Tim Yardley
13:30 - 13:59 Scripts and Tools to Help Your ICS InfoSec Journey Don C. Weber
14:00 - 14:59 Consider the (Data) Source Dan Gunter
15:00 - 15:30 Approaches to Attract, Develop, and Retain an Indu . . . John Ellis,Julia Atkinson
15:30 - 15:59 It Takes a Village (and a generous grant): Student . . . Alexander Vigovskiy,Chris . . .
Saturday
10:00 - 11:59 CybatiWorks Mission Station Workshop Matthew Luallen
12:00 - 12:59 Fireside Chat - August Cole August Cole
13:00 - 13:30 Toward a Collaborative Cyber Defense and Enhanced . . . Lauren Zabierek
13:30 - 13:59 Fortifying ICS - Hardening and Testing Dieter Sarrazyn
14:00 - 14:30 Crippling the Grid: Examination of Dependencies an . . . Joe Slowik
14:30 - 14:59 Leveraging SBOMs to Enhance ICS Security Thomas Pace
15:00 - 15:30 Smart Meters: I'm Hacking Infrastructure and So Sh . . . Hash Salehi
Sunday
10:00 - 10:30 Bottom-Up and Top-Down: Exploiting Vulnerabilities . . . Sharon Brizinov,Uri Katz
10:30 - 10:59 Detecting Attackers Using Your Own Sensors with St . . . Stefan Stephenson-Moe
11:00 - 11:59 Top 20 Secure PLC Coding Practices Sarah Fluchs,Vivek Ponnad . . .
12:00 - 12:59 ICS Cyber Threat Intelligence (CTI) Information Sh . . . Helio Sant'ana,John Felke . . .
13:00 - 13:30 ICS Intrusion KillChain explained with real simula . . . Javier Perez,Juan Escobar
13:30 - 13:59 Building an ICS Firing Range (in our kitchen): Sha . . . Moritz Thomas,Nico Leidec . . .
14:00 - 14:59 ICS Jeopardy Chris Sistrunk,Maggie Mor . . .

Return to Index


IOTV - InternetOfThings Village


Hours: Fri: 10:00 - 21:15 - Sat: 10:00 - 21:00
Home Page: https://www.iotvillage.org/
Sched Page: https://www.iotvillage.org/defcon.html
DC Discord Chan: https://discord.com/channels/708208267699945503/732734565604655114



PDT Times Title speaker
Friday
10:00 - 18:30 Pentesting 101
10:00 - 10:30 When Penetration Testing Isn’t Penetration Testi . . . Ted Harrington
10:45 - 11:30 Representation Matters Camille Eddy,Chloe Messda . . .
10:00 - 18:30 UART to UBOOT to ROOT
10:00 - 18:30 IoT Village Capture the Flag (CTF)
10:00 - 18:30 IoT Village Labs
10:00 - 18:30 Black Box Challenges
11:45 - 12:30 1.21 Gigawatts! Vulnerabilities in Solar Panel Con . . . Waylon Grange
12:45 - 13:15 LED Light Lunacy! Victor Hanna
13:30 - 14:15 5 years of IoT vulnerability research and countles . . . Alex "Jay" Balan
14:30 - 15:15 BLUEMONDAY Series – Exploitation & Mapping of vu . . . Ken Pyle
15:30 - 16:15 “Alexa, have you been compromised?” — Exploi . . . Hutch (Justin Hutchens)
16:30 - 17:15 IoT Testing Crash Course Tim Jensen (EapolSniper)
17:30 - 18:15 Defending IoT in the Future of High-Tech Warfare Harshit Agrawal
Saturday
10:00 - 18:30 Pentesting 101
10:00 - 10:45 I used AppSec skills to hack IoT, and so can you Alexei Kojenov
10:00 - 18:30 UART to UBOOT to ROOT
10:00 - 18:30 IoT Village Capture the Flag (CTF)
10:00 - 18:30 IoT Village Labs
10:00 - 18:30 Black Box Challenges
11:00 - 11:45 You're Doing IoT RNG Allan Cecil - dwangoAC,Da . . .
12:00 - 12:30 Strategic Trust and Deception in the Internet of T . . . Juneau Jones
12:45 - 13:30 MIPS-X - The next IoT Frontier Patrick Ross,Zoltán Bal . . .
13:45 - 14:30 Mind the Gap - Managing Insecurity in Enterprise I . . . Cheryl Biswas
14:45 - 15:30 Reverse Supply Chain Attack - A Dangerous Pathway . . . Barak Hadad,Gal Kaufman
15:45 - 16:15 Ethics at the Edge: IoT as the Embodiment of AI fo . . . Ria Cheruvu
16:30 - 16:59 IoT devices as government witnesses: Can IoT devic . . . Anthony Hendricks,Jordan . . .
17:15 - 17:59 The Journey of Establishing IoT Trustworthiness an . . . Amit Elazari,Anahit Tarkh . . .
Sunday
06:00 - 10:59 IoT Village Labs
10:00 - 11:59 IoT Village Capture the Flag (CTF)

Return to Index


LBV - Lock Bypass Village


Hours: Fri: 09:00 - 19:00 - Sat: 09:00 - 19:00 - Sun: 09:00 - 17:00
Home Page: https://bypassvillage.org/
Sched Page: https://www.bypassvillage.org/#schedule
DC Discord Chan: https://discord.com/channels/708208267699945503/732732893830447175



PDT Times Title speaker
Friday
09:30 - 10:30 Bypass 101
10:30 - 11:30 Tools 101
11:30 - 12:30 Intro to RFID Hacking
13:30 - 14:30 Alarm Bypass
16:00 - 17:59 Expoiting Retail Security with Tiktok's Hacker Com . . .
Saturday
10:00 - 10:30 Bypass 101
11:00 - 11:59 Bypassing Retail Security Tags
12:00 - 12:59 Tools 101 & Q&A
13:00 - 14:30 Electronic Warfare & Q&A
14:30 - 15:59 Alarm Bypass & Q&A
16:30 - 16:59 Bypass 101
Sunday
14:00 - 14:30 Bypass 101
14:30 - 15:59 Bypass Village Panel

Return to Index


LPV - Lock Pick Village


Home Page: https://toool.us/
Sched Page: https://bit.ly/LPVSchedule2021
DC Discord Chan: https://discord.com/channels/708208267699945503/732734164780056708



PDT Times Title speaker
Friday
10:00 - 10:30 Intro To Lockpicking TOOOL
11:00 - 11:50 Key Duplication - It's not just for the movies! Tony Virelli
12:00 - 12:30 Intro To Lockpicking TOOOL
13:00 - 13:20 Are We Still Doing it? 10 Locksport Hobbies that g . . . Lock Noob
14:15 - 14:45 Intro To Lockpicking TOOOL
15:00 - 15:30 Doors, Cameras, and Mantraps OH MY! Dylan The Magician
16:15 - 16:45 Intro To Lockpicking TOOOL
17:00 - 17:45 Law School for Lockpickers Preston Thomas
Saturday
10:00 - 10:30 Intro To Lockpicking TOOOL
11:00 - 11:30 Hybrid PhySec tools - best of both worlds or just . . . d1dymu5
12:00 - 12:30 Intro To Lockpicking TOOOL
13:00 - 13:59 How I defeated the Western Electric 30c N∅thing
14:15 - 14:45 Intro To Lockpicking TOOOL
15:00 - 15:30 The Coat Hanger Talk: A Noob's Look Into the Thiev . . . De
16:15 - 16:45 Intro To Lockpicking TOOOL
Sunday
10:00 - 10:30 Intro To Lockpicking TOOOL
11:00 - 11:50 Safecracking for Everyone! Jared Dygert
12:00 - 12:30 Intro To Lockpicking TOOOL
13:00 - 13:59 Bobby Pins, More Effective Than Lockpicks? John the Greek
14:15 - 14:45 Intro To Lockpicking TOOOL
15:00 - 15:59 Intro to high security locks and lockpicking N∅thing

Return to Index


MUS - Music


Home Page: https://defconmusic.org
Sched Page: https://defconmusic.org/sched.txt



PDT Times Title speaker
Thursday
21:00 - 21:59 Music - CTRL/RSM CTRL/rsm
21:00 - 21:59 Music - Deep Therapy Deep Therapy
22:00 - 22:59 Music - Abstrct Abstrct
22:00 - 22:59 Music - Tense Future Tense Future
23:00 - 23:59 Music - Dr. McGrew Dr. McGrew
23:00 - 23:59 Music - FuzzyNop FuzzyNop
Friday
00:00 - 00:59 Music - DJ St3rling DJ St3rling
01:00 - 01:59 Music - Acid T Acid T
21:00 - 21:59 Music - Thaad Thaad
21:00 - 21:59 Music - Yesterday & Tomorrow Yesterday & Tomorrow
22:00 - 22:59 Music - FuzzyNop FuzzyNop
22:00 - 22:59 Music - Terrestrial Access Network Terrestrial Access Networ . . .
23:00 - 23:59 Music - n0x08 n0x08
23:00 - 23:59 Music - Z3NPI Z3NPI
Saturday
00:00 - 00:59 Music - Scotch & Bubbles Scotch & Bubbles
01:00 - 01:59 Music - Magik Plan Magik Plan
21:00 - 21:59 Music - Ohm-i Ohm-i
21:00 - 21:59 Music - mattrix mattrix
22:00 - 22:59 Music - Krisz Klink Krisz Klink
22:00 - 22:59 Music - Icetre Normal Icetre Normal
23:00 - 23:59 Music - Miss Jackalope Miss Jackalope
23:00 - 23:59 Music - Nina Lowe Nina Lowe
Sunday
00:00 - 00:59 Music - Zebbler Encanti Experience Zebbler Encanti Experienc . . .
01:00 - 01:59 Music - CTRL/rsm CTRL/rsm

Return to Index


PHV - Packet Hacking Village


Hours: Fri: 14:00 - 18:00 - Sat: 14:00 - 18:00
Home Page: https://www.wallofsheep.com/
Sched Page: https://www.wallofsheep.com/pages/dc29#talksschedule
DC Discord Chan: https://discord.com/channels/708208267699945503/708242376883306526



PDT Times Title speaker
Friday
09:00 - 10:59 Web App Penetration Testing Workshop Sunny Wear
09:00 - 09:59 The War for Control of DNS Encryption Paul Vixie
10:00 - 10:59 Internet Protocol (IP) Roy Feng
11:00 - 11:59 MITRE Engage: A Framework for Adversary Engagement . . . Stan Bar,Gabby Raymond,Ma . . .
12:00 - 13:59 Hunting Evil with Wireshark Michael Wylie
12:00 - 12:59 Seeing Through The Windows: Centralizing Windows L . . . Matthew Gracie
Saturday
09:00 - 10:59 APT Hunting with Splunk John Stoner
09:00 - 09:59 Seeing the Forest Through the Trees – Foundation . . . Jake Williams
10:00 - 10:59 *nix Processes. Starting, Stopping, and Everything . . . Nick Roy
11:00 - 11:59 Linux Binary Analysis w/ Strace Jared Stroud
12:00 - 13:59 Security Investigations with Splunk Robert Wagner
12:00 - 12:59 RCE via Meow Variant along with an Example 0day Özkan Mustafa AKKUŞ
Sunday
09:00 - 10:59 Intrusion Analysis and Threat Hunting with Suricat . . . Peter Manev,Josh Strosche . . .
12:00 - 13:59 Hands-On TCP Deep Dive with Wireshark Chris Greer

Return to Index


PYV - Payment Village


Home Page: https://www.paymentvillage.org/
Sched Page: https://www.paymentvillage.org/schedule
DC Discord Chan: https://discord.com/channels/708208267699945503/732733473558626314



PDT Times Title speaker
Thursday
10:00 - 10:59 Welcome to the Payment Village
Friday
10:00 - 10:59 ATM Transaction Reversal Frauds (And how to fight . . . Hector Cuevas Cruz
11:00 - 11:59 Racing cryptoexchanges or how I manipulated the ba . . . Vahagan Vardanyan
12:00 - 12:59 Automated Tear Machines Meadow Ellis
13:00 - 13:59 What happens when businesses decide to enroll cryp . . . Timur Yunusov

Return to Index


RCV - Recon Village


Hours: Fri: 10:00 - 16:45 - Sat: 10:00 - 16:05
Home Page: https://www.reconvillage.org/
Sched Page: https://www.reconvillage.org/recon-village-defcon-29-talks
DC Discord Chan: https://discord.com/channels/708208267699945503/732733566051418193



PDT Times Title speaker
Friday
10:00 - 10:45 Recon Village Keynote Ben S
10:55 - 11:25 Using Passive DNS for gathering Business Intellige . . . Andy Dennis
11:35 - 12:05 So You Want to OPSEC, Eh? Ritu Gill
12:15 - 12:59 OSINT and the Hermit Kingdom. Leveraging online so . . . Nick Roy
14:00 - 14:30 Finding Hidden Gems via URL Shortener Services Utku Sen
14:40 - 15:10 Using OSINT to Aid in Human Trafficking and Smuggl . . . Rae
15:20 - 16:05 Venator: Hunting & Smashing Trolls on Twitter Mauro Cáseres Rozanowski
16:15 - 16:45 People Hunting: A Pentesters Perspective Mishaal Khan
Saturday
10:00 - 10:30 Adversary Infrastructure Tracking with Mihari Manabu Niseki
10:40 - 11:10 The Bug Hunter’s Recon Methodology  Tushar Verma
11:20 - 11:50 Can I Make My Own Social Threat Score? MasterChen
12:00 - 12:45 Let the bugs come to me - how to build cloud-based . . . Ryan Elkins
14:00 - 14:30 How vigilant researchers can uncover APT attacks f . . . Ladislav Baco
14:40 - 15:10 .GOV Doppelgänger: Your Häx Dollars at Work Anthony Kava
15:20 - 16:05 OSINT for Sex Workers Kala Kinyon

Return to Index


RFV - RF Village


Home Page: https://rfhackers.com/
Sched Page: https://rfhackers.com/calendar
DC Discord Chan: https://discord.com/channels/708208267699945503/732732595493666826



PDT Times Title speaker
Thursday
12:00 - 11:59 Frag, You’re it - Hacking Laser Tag Eric Escobar
12:00 - 11:59 ESP8266, do you know what's inside your IoT? JoshInGeneral
12:00 - 11:59 Using UAV in Military Zone Areas by GPS Spoofing w . . . Mehmet Onder Key
12:00 - 11:59 Assless Chaps: a novel combination of prior work t . . . singe,cablethief
12:00 - 11:59 RF Propagation and Visualization with DragonOS cemaxecuter
Saturday
08:00 - 07:59 The Basics of Breaking BLE - Part 2: Doing More Wi . . . freqy

Return to Index


RGV - Rogues Village


Hours: Fri: 10:00 - 18:00 - Sat: 10:00 - 18:00 - Sun: 10:00 - 14:00
Home Page: https://foursuits.co/roguesvillage
DC Discord Chan: https://discord.com/channels/708208267699945503/732732701144121434



PDT Times Title speaker
Friday
10:00 - 10:59 Top 10 BOGUS Biometrics! Vic Harkness
14:00 - 14:30 The Neuroscience of Magic (Registration required) Daniel Roy
Saturday
12:00 - 12:59 Twitter Q&A regarding Top 10 BOGUS Biometrics! Vic Harkness

Return to Index


SEV - Social Engineering Village


Home Page: https://www.social-engineer.org/
DC Discord Chan: https://discord.com/channels/708208267699945503/732733952867172382



PDT Times Title speaker
Friday
10:00 - 11:59 SECTF4Kids (Pre-Registration Required) Ryan M,Colin H
12:30 - 13:30 Judging by the Cover: Profiling & Targeting Throug . . . Christina Lekati
13:30 - 14:30 SE Team vs. Red Team Ryan MacDougall
Saturday
10:00 - 11:59 SECTF4Teens Chris Silvers,Kris Silver . . .
12:30 - 13:30 Using SE to create insider threats and win all the . . . Lisa Forte
13:30 - 14:30 The Innocent Lives Foundation: A Beacon of Light i . . . John McCombs
14:30 - 15:30 Make Them Want To Tell You: The Science of Elicita . . . Christopher Hadnagy

Return to Index


SOC - Social Activities: Parties/Meetups





PDT Times Title speaker
Thursday
12:00 - 12:59 Friends of Bill W.
13:00 - 23:59 A&E Pool Party!
16:00 - 21:59 Toxic BBQ
16:00 - 17:59 QueerCon Party
17:00 - 17:59 Friends of Bill W.
18:00 - 18:59 QueerCon Virtual Mixer
Friday
12:00 - 12:59 Friends of Bill W.
13:00 - 23:59 A&E Pool Party!
14:00 - 15:59 BADASS Meetup (Virtual)
16:00 - 17:59 QueerCon Virtual Pool Party
16:00 - 17:59 QueerCon Party
17:00 - 17:59 Friends of Bill W.
18:00 - 19:59 Lawyers Meet
18:00 - 23:59 Hacker Karaoke (Virtual)
20:00 - 01:59 Vampire the Masquerade (Party)
20:00 - 21:59 War Story Bunker
21:00 - 01:59 Gothcon 2021 (Virtual)
Saturday
12:00 - 12:59 Friends of Bill W.
13:00 - 23:59 A&E Pool Party!
16:00 - 17:59 QueerCon Party
17:00 - 18:59 DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup
17:00 - 17:59 Friends of Bill W.
18:00 - 18:59 QueerCon Virtual Chat Mixer
18:00 - 23:59 Hacker Karaoke (Virtual)
20:00 - 22:59 Hacker Flairgrounds
20:00 - 01:59 Gothcon 2021
21:00 - 01:59 Vetcon Meetup (Hybrid)
Sunday
11:30 - 12:30 QueerCon End-of-Con Chat
12:00 - 12:59 Friends of Bill W.
13:00 - 23:59 A&E Pool Party!

Return to Index


VMV - Voting Machine Village


Sched Page: https://docs.google.com/document/d/123a7PYCkxzR6U2eW0C_YjYNRXIXqSHBKebb4b830J1I/edit
DC Discord Chan: https://discord.com/channels/708208267699945503/732733881148506164



PDT Times Title speaker
Friday
10:00 - 10:30 Voting Village Logistical Information Broadcast (D . . .
10:30 - 10:59 Hacking to Save Democracy: What Technologists Need . . . Eddie Perez
11:00 - 11:30 A Deep Dive on Vulnerability Disclosure for Electi . . . Tod Beardsley
11:30 - 11:59 Wireless Odyssey or why is the federal government . . . Susan Greenhalgh
12:00 - 12:10 A Journalist’s Perspective on Fake News Bob Sullivan
12:30 - 12:59 Are Barcodes on Ballots Bad?  Kevin Skoglund
13:00 - 13:30 Hack the Conspiracies Barb Byrum
13:30 - 13:59 Kickoff Remarks (recorded in-person in Las Vegas) Harri Hursti
Saturday
10:30 - 10:59 Secrets of Social Media PsyOps BiaSciLab
10:00 - 10:30 Voting Village Keynote Remarks Thomas Hicks
11:00 - 11:30 How to Weaponize RLAs to Discredit an Election Carsten Schürmann
11:30 - 11:59 High Turnout, Wide Margins Brianna Lennon,Eric Fey
12:00 - 12:30 Keeping Your Information Security Policy Up to Dat . . . Sang-Oun Lee
12:30 - 12:59 Social Media Security = Election Security Sebastian Bay
13:00 - 13:30 New Hampshire SB43 Forensic Audit Harri Hursti
13:30 - 13:59 Why Hacking Voters Is Easier Than Hacking Ballots Maurice Turner

Return to Index


WS - DEF CON Workshops


Home Page: https://defcon.org/html/defcon-29/dc-29-workshops.html



PDT Times Title speaker
Friday
10:00 - 13:59 The Joy of Reverse Engineering: Learning With Ghid . . . Wesley McGrew
10:00 - 13:59 Inspecting Signals from Satellites to Shock Collar . . . Eric Escobar,Trenton Ivey
10:00 - 13:59 Analysis 101 and 102 for the Incident Responder Kristy Westphal
10:00 - 13:59 House of Heap Exploitation James Dolan,Maxwell Dulin . . .
15:00 - 18:59 Windows Internals Sam Bowne,Elizabeth Biddl . . .
15:00 - 18:59 Secure messaging over unsecured transports Ash
15:00 - 18:59 Learning to Hack Bluetooth Low Energy with BLE CTF Ryan Holeman
15:00 - 18:59 Writing Golang Malware Benjamin Kurtz
Saturday
10:00 - 13:59 From Zero to Hero in Web Security Research Dikla Barda,Oded Vanunu,R . . .
10:00 - 13:59 Bug bounty Hunting Workshop David Patten,Philippe Del . . .
10:00 - 13:59 Hacking the Metal: An Introduction to Assembly Lan . . . eigentourist
10:00 - 13:59 Digital Forensics and Incident Response Against th . . . Michael Register,Michael . . .
15:00 - 18:59 Network Analysis with Wireshark Sam Bowne,Elizabeth Biddl . . .
15:00 - 18:59 Analysis 101 and 102 for the Incident Responder Kristy Westphal
15:00 - 18:59 Evading Detection a Beginner's Guide to Obfuscatio . . . Anthony "Cx01N" Rose,Jake . . .
15:00 - 18:59 Advanced Wireless Attacks Against Enterprise Netwo . . . Solstice
Sunday
10:00 - 13:59 Windows Internals Sam Bowne,Elizabeth Biddl . . .
10:00 - 13:59 From Zero to Hero in Web Security Research Dikla Barda,Oded Vanunu,R . . .
10:00 - 13:59 Modern Malware Analysis for Threat Hunters Aaron Rosenmund,Ryan Chap . . .
10:00 - 13:59 Hacking the Metal: An Introduction to Assembly Lan . . . eigentourist

Return to Index

Talk/Event Descriptions


 

RCV - Saturday - 14:40-15:10 PDT


Title: .GOV Doppelgänger: Your Häx Dollars at Work
When: Saturday, Aug 7, 14:40 - 15:10 PDT
Where: Recon Village (Virtual)

SpeakerBio:Anthony Kava
No BIO available
Twitter: @anthonykava

Description:No Description available

Recon Village talks will stream to YouTube.

YouTube: https://www.youtube.com/c/ReconVillage


Return to Index    -    Add to    -    ics Calendar file

 

HRV - Friday - 11:00-11:30 PDT


Title: "Ask a Ham" Q&A
When: Friday, Aug 6, 11:00 - 11:30 PDT
Where: Ham Radio Village (Virtual Talks)

Description:
Got a question about anything ham radio? Come ask us in this open forum of all things ham radio!

All Ham Radio Village talks will be streamed to Twitch, with discussion in Discord.

For more information, see https://hamvillage.org/dc29.html


Twitch: https://www.twitch.tv/hamradiovillage

#hrv-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 09:05-09:45 PDT


Title: "The Poisoned Diary": Supply Chain Attacks on Install scripts
When: Sunday, Aug 8, 09:05 - 09:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Yakov Shafranovich
No BIO available

Description:
The "curl | bash" pattern is in use everywhere but is it safe? How common is it and how can we make it safer? Join this talk to a discussion on install script security, Harry Potter and more!

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Friday - 13:00-13:30 PDT


Title: "Who Bears the Risk?" Why a Market Incentives Perspective is Critical to Protecting Patients from Cyber Threats
When: Friday, Aug 6, 13:00 - 13:30 PDT
Where: Biohacking Village (Talk - Virtual)
Speakers:Matt McMahon,Shannon Lantzky

SpeakerBio:Matt McMahon , Senior Product Manager - Cybersecurity at Philips
Matt is currently a Program Manager for IoMT with Booz Allen, Grad Adj Professor, teaching coursework in Cyber and Healthcare at Salve Regina University and a Cyber & IOT SME with MIT

SpeakerBio:Shannon Lantzky , Chief Scientist, Secure Connected Health, Strategic Innovation Group at Booz Allen Hamilton
Dr. Shannon Lantzy is a leader in Booz Allen’s regulatory science practice, focused on efficient regulatory decisions to promote public health. Based out of our Bethesda, Maryland office, Shannon oversees innovation projects in the areas of secure connected health, medical device premarket review program assessment, digital health, simulation modeling, and decision science support services. Her team includes biologists, economists, operations researchers, engineers, chemists, epidemiologists, technologists, and data scientists.

Shannon has a background in data science, strategy, and mission integration. Prior to joining Booz Allen, she supported NASA’s science and human space flight mission directorates for close to a decade. After NASA, she took a 5-year academic hiatus to conduct research in consumer decision making using econometrics, predictive modeling, and experimental methods.

Shannon has three degrees from the University of Maryland, College Park, including a Ph.D. in business information systems from the Robert H. Smith School of Business; a master’s degree in information management from the College of Information Studies; and a bachelor’s degree in mathematics and philosophy.


Description:
Cyberattacks in healthcare abound. Sensitive health data is stolen, and patients’ lives are put at risk by the fleet of outdated, legacy medical devices in our hospitals that are vulnerable to attackers. As the market for internet of medical things (IoMT) rapidly expands, these trends will only increase. While we have the technology to fix this problem, traditional market incentives have not been able to induce a more secure healthcare environment. This talk will discuss those market failures from an economics perspective and suggest new strategies for properly incentivizing medical device manufacturers to make more cyber secure and resilient devices.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 15:00-15:59 PDT


Title: (CANCELED) Discord Closing Ceremonies
When: Sunday, Aug 8, 15:00 - 15:59 PDT
Where: See Description

SpeakerBio:Dark Tangent
No BIO available

Description:
There will be no Discord Closing Ceremony. Please view the live closing ceremony at 16:00 PDT instead.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 19:00-19:30 PDT


Title: (Replay) Racketeer Toolkit. Prototyping Controlled Ransomware Operations
When: Saturday, Aug 7, 19:00 - 19:30 PDT
Where: Track 2 CLOSED; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Dimitry "Op_Nomad" Snezhkov
Dimitry Snezhkov is an Associate Director at Protiviti. In this role he hacks code, tools, networks, apps and sometimes subverts human behavior too. Dimitry has spoken at DEF CON, BlackHat, THOTCON conferences, and presented tools at BlackHat Arsenal.
Twitter: @Op_Nomad

Description:
*** SPECIAL NOTE: Technical difficulties prevented this talk from being shown at the correct time slot on DCTV/Twitch. This entry is for the replay. You may also watch this talk on-demand, by following the links at the bottom of this message. ***

Offensive testing in organizations has shown a tremendous value for simulating controlled attacks. While cyber extortion may be one of the main high ROI end goals for the attacker, surprisingly few tools exist to simulate ransomware operations.

Racketeer is one such tool. It is an offensive agent coupled with a C2 base, built to help teams to prototype and exercise a tightly controlled ransomware campaign.

We walk through the design considerations and implementation of a ransomware implant which emulates logical steps taken to manage connectivity and asset encryption and decryption capabilities. We showcase flexible and actionable ways to prototype components of fully remote ransomware operation including key and data management, as well as data communication that is used in ransomware campaigns.

Racketeer is equipped with practical safeguards for lights out operations, and can address the goals of keeping strict control of data and key management in its deployment, including target containment policy, safe credential management, and implementing operational security in simulated operations.

Racketeer can help gain better optics into IoCs, and is helpful in providing detailed logs that can be used to study the behavior and execution artifacts of a ransomware agent.

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=VJ8aqReB118

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Dimitry%20Op%20Nomad%20Snezhkov%20-%20Racketeer%20Toolkit.%20Prototyping%20Controlled%20Ransomware%20Operations.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will only be broadcast to DCTV2, in local hotels and on Twitch. This talk is not being presented in Track 2.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two


Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 19:00-19:59 PDT


Title: (Replay) UFOs: Misinformation, Disinformation, and the Basic Truth
When: Saturday, Aug 7, 19:00 - 19:59 PDT
Where: Track 1 CLOSED; DCTV/Twitch #1 Pre-Recorded

SpeakerBio:Richard Thieme AKA neuralcowboy
Richard Thieme, https://thiemeworks.com has addressed security and intelligence issues for 28 years. He has keynoted security conferences in 15 countries and given presentations for the NSA, FBI, Secret Service, Pentagon Security Forum, U.S. Department of the Treasury, and Los Alamos National Laboratory. He has been speaking at Def Con since Def Con 4. His sixth book, a novel, Mobius: A Memoir, about an intelligence professional looking back on his career and how it led down unexpected paths, is receiving rave reviews. He has explored UFO phenomena seriously for 43 years.
Twitter: @neuralcowboy

Description:
** SPECIAL NOTE: This is a replay on DCTV/Twitch only, because a technical issue prevented part of the talk from airing during its previously scheduled slot. **

The talk, "UFOs and Government: A Historical Inquiry" given at Def Con 21 has been viewed thousands of times. It was a serious well-documented exploration of the UFO subject based on Thieme's participation in research into the subject with colleagues. The book of that name is the gold standard for historical research into the subject and is in 100+ university libraries.

This update was necessitated by recent UFO incidents and the diverse conversations triggered by them. Contextual understanding is needed to evaluate current reports from pilots and naval personnel, statements from senators and Pentagon personnel, and indeed, all the input from journalists who are often unfamiliar with the field and the real history of documented UFOs over the past 70 years.

Thieme was privileged to participate with scholars and lifelong researchers into the massive trove of reports. We estimate that 95% can be explained by mundane phenomena but the remainder suggest prolonged interaction with our planetary society over a long period. Thieme also knows that when you know you don't know something, don't suggest that you do. Stay with the facts, stay with the data. Sensible conclusions, when we do that, are astonishing enough.

Reality, as Philip K. Dick said, will not go away just because we refuse to believe in it.

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=mExktWB0qz4

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Richard%20Thieme%20AKA%20neuralcowboy%20-%20UFOs%20-%20Misinformation%2C%20Disinformation%2C%20and%20the%20Basic%20Truth.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will only be broadcast to DCTV1, in local hotels and on Twitch. This talk is not being presented in Track 1.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 12:30-13:15 PDT


Title: (Tool Demo) ImproHound - Identify AD tiering violations
When: Sunday, Aug 8, 12:30 - 13:15 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Jonas Bülow Knudsen , Security Advisor, Improsec A/S
Jonas Bülow Knudsen is an Active Directory (AD) security advisor. Jonas have spent the past two years helping organizations implement technical countermeasures and remediate vulnerabilities in and around AD, including implementation of the AD tier model. Working closely together with penetration testers and having a strong interest in offensive security enable Jonas to focus on security measures that matters and not just best practice.

Jonas has recently developed a FOSS tool called ImproHound to identify the attack paths in BloodHound breaking AD tiering: https://github.com/improsec/ImproHound.

At least _wald0 (co-creator of BloodHound) thinks it is cool: https://twitter.com/_wald0/status/1403441218495807495

Twitter: @Jonas_B_K
https://www.linkedin.com/in/jonas-bülow-knudsen-950957b7/

Description:
It is not viable for system administrators and defenders in a large Active Directory (AD) environment to ensure all AD objects have only the exact permissions they need. Microsoft also realised that, why they recommended organizations to implement the AD tier model: Split the AD into three tiers and focus on preventing attack paths leading from one tier to a more business critical tier.

The concept is great, as it in theory prevents adversaries from gaining access to the server tiers (Tier 1 and 0) when they have obtained a shell on a workstation (Tier 2) i.e. through phishing, and it prevents adversaries from gaining access to the Domain Admins, Domain Controllers, etc. in Tier 0 when they have got a shell on a web server i.e. through an RCE vulnerability. But it turns out to be rather difficult to implement the tiering concept in AD, why most organizations fail it and end up leaving security gaps.

It doesn’t help on the organization’s motivation to make sure their tiering is sound, when Microsoft now call it the AD tier model “legacy” and have replaced it with the more cloud-focused enterprise access model: https://docs.microsoft.com/en-us/security/compass/privileged-access-access-model#evolution-from-the-legacy-ad-tier-model

As a person hired to help identify the vulnerabilities in an organization, you want to find and report the attack paths of their AD. BloodHound is well-known and great tool for revealing some of the hidden and often unintended relationships within an AD environment and can be used to identify highly complex chained attack paths that would otherwise be almost impossible to identify. It is great for finding the shortest attack path from a compromised user or computer to a desired target, but it is not built to find and report attack paths between tiers..

I will in my presentation explain and demonstrate a tool I have created called ImproHound, which take advantage of BloodHound’s graph database to identify and report the misconfigurations and security flaws that breaks the tiering of an AD environment.

ImproHound is a FOSS tool and available on GitHub: https://github.com/improsec/ImproHound


Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Saturday - 19:45-20:30 PDT


Title: (Tool Demo) New generation of PEAS
When: Saturday, Aug 7, 19:45 - 20:30 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Carlos Polop , Senior Security Engineer, Mettle
Carlos is a Spanish Telecommunications Engineer with a Master in Cybersecurity.He had worked hard to pass some important certifications like OSCP, OSWE, CRTP, eMAPT, and eWPTXv2. He has worked mainly as penetration tester/red teamer but also as programmer and system administrator. Since he started learning cybersecurity he has been trying to share his knowledge and help improving the infosec world with his tools (the most remarkable ones are https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite and https://github.com/carlospolop/legion) and with his free hacking tricks online book: https://book.hacktricks.xyz
Twitter: @carlospolopm
https://es.linkedin.com/in/carlos-polop-martin

Description:
Local privilege escalation techniques are far beyond checking the Windows/Kernel version, looking for unquoted service paths or checking SUID binaries. Moreover, a local privilege escalation could make a huge difference when trying to comprise a domain. Several tools have been created to find possible privilege escalation paths, but most of the tools for Red Team and Pentesting just check for a few possible ways, so pentesters need to use several tools and do some manual recon to check for everything.

PEASS is a compilation of a bash script for Linux/MacOS/*nix and a .Net project and a batch script for Windows that I have created some time ago which aims to check and highlight every possible privescpath so professionals don’t need to execute several different tools for this purpose and can very easily find vulnerabilities.

During this talk I would like to present PEASS-ng. The architecture of these scripts has evolved and improved so much that I would like to present how they work at the moment and how the difficulty to collaborate with the project has been reduced significantly. Moreover, I would also like to present the 2 new PEAS that haven't been present anywhere yet: BotPEAS and WebPEAS (the latest one will be released the day of the talk). During the talk I will also present my local privilege escalation resources (https://book.hacktricks.xyz/linux-unix/privilege-escalation , https://book.hacktricks.xyz/windows/windows-local-privilege-escalation) so the attended will be able to continue learning about the topic after the talk.


Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 11:00-11:45 PDT


Title: (Tool Demo) Prelude Operator
When: Sunday, Aug 8, 11:00 - 11:45 PDT
Where: Adversary Village (Virtual)
Speakers:David Hunt,Alex Manners

SpeakerBio:David Hunt , CTO, Prelude Research
David Hunt is the CTO of Prelude. David specializes in building teams which bridge cybersecurity with best-practice technology. Before coming to Prelude, David spent two years at MITRE Corporation in a dual-role as head developer and project lead for the CALDERA adversary emulation framework. David designed CALDERA v2 from the ground up and instrumented a plan which made it the industry leader in open-source breach and simulation. Prior to this work, David spent 15 years in offensive security and management roles, ranging organizations like Rockwell Collins, John Deere, Kenna Security and FireEye.

While at FireEye, David personally oversaw the storage and access of Mandiant's threat intelligence data, as the leader of the (then secretive) Nucleus team. Over the years, David has also worked as a contractor for several U.S. intelligence agencies, working domestically and internationally, as a principal security specialist.

Twitter: @privateducky
https://www.linkedin.com/in/david-hunt-b72864200

SpeakerBio:Alex Manners , Principal Cyber Security Engineer, Prelude Research
Alex Manners is a Principal Cyber Security Engineer at Prelude. Alex blends military cyber operations with a deep infrastructure and software engineering background. Prior to joining Prelude, Alex spent almost two years at The MITRE Corporation as a lead Adversary Emulation engineer and software development manager for the CALDERA adversary emulation framework. He led R&D for the CALDERA framework, designing multiple plugins and the current planning engine, as well as pushing the latest in offensive security tooling into the project. Earlier in Alex's career, he served as a Cyber Warfare Operations officer in the United State Air Force (USAF) where he led large operational support teams and integrated all aspects of offensive and defensive cyber operations into USAF Air Operations Center (AOC) operations. His cybersecurity experience spans the intelligence community, the U.S. military, non-military government, federal contracting, and the private sector.
Twitter: @khyberspache
https://linkedin.com/in/alexander-manners-87281a30

Description:
Prelude Operator is the new kid to the adversary emulation block party. Built by the same people who designed and built the MITRE Caldera framework, Operator is a free and largely open-source desktop platform that aims to make adversary emulation accessible to smaller organizations.

The app includes a library of RATs (agents) which can deploy into the field and supports a modular architecture of plugins and network protocols, including hundreds of TTPs mapped to ATT&CK. In this tool demonstration, we will highlight the key features of Operator and empower people to walk away with a developer-first adversary emulation desktop platform that is end-to-end free & open-source.


Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Saturday - 15:00-15:45 PDT


Title: (Tool Demo) PurpleSharp: Automated Adversary Simulation
When: Saturday, Aug 7, 15:00 - 15:45 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Mauricio Velazco , Principal Threat Research Engineer, Splunk
Mauricio Velazco (@mvelazco) is a Peruvian, information security professionalwith more than a decade of work experience across different roles on both offensive and defensive security. In his current role as a Principal Threat Researcher on Splunk’s Threat Research Team, Mauricio focuses on adversary simulation and threat detection. Prior to Splunk, he led the Threat Management team at a Fortune 500 organization. Mauricio has presented/hosted workshops at conferences like Defcon, BlackHat, Derbycon, BSides, SANS, etc.
Twitter: @mvelazco
https://www.linkedin.com/in/mauricio-velazco-4314b51a/

Description:
Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, building new and testing existing detection capabilities will be constrained. PurpleSharp is an open source adversary simulation tool written in C# that executes adversary techniques within Windows Active Directory environments. The resulting telemetry can be leveraged to measure and improve the efficacy of a detection engineering program. PurpleSharp leverages the MITRE ATT&CK Framework and executes different techniques across the attack life cycle: execution, persistence, privilege escalation, credential access, lateral movement, etc

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Saturday - 13:15-13:59 PDT


Title: (Tool Demo) Red Team Credentials Reconnaissance (OLD with a TWIST)
When: Saturday, Aug 7, 13:15 - 13:59 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Shantanu Khandelwal , Manager, KPMG Singapore
Shantanu is a Manager in the Cybersecurity Consulting practice in KPMG. He has experience in leading and performing Adversary Simulation exercises, Security Testing, and IT Security consultancy. He has worked in the Banking and Financial sectors, the Power and Utility sector, and the FMCG sector. He has led and performed various technical assessments, including Red/Purple Teaming, Security Architecture reviews, Application penetration tests, Network penetration tests, and source code reviews for many global multi-national companies. He has experience working in various world regions, including the Middle East, India, Hong Kong, and Singapore.
https://sg.linkedin.com/in/khandelwalshantanu

Description:
This talk covers the basics of credentials reconnaissance performed for a red team. Mostly covers the reconnaissance performed on GitHub to search for leaked passwords by developers. The current toolset and the Shiny new GitHub Credentials Stroller which dives into each repository and performs a deep scan.

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Saturday - 16:30-17:15 PDT


Title: (Tool Demo) Tenacity: An Adversary Emulation Tool for Persistence
When: Saturday, Aug 7, 16:30 - 17:15 PDT
Where: Adversary Village (Virtual)
Speakers:Atul Nair,Harshal Tupsamudre

SpeakerBio:Atul Nair , Malware Researcher, Qualys
Atul is a Malware Researcher at Qualys. His name has been listed in Google, Microsoft,Olx, Twitter Hall of fame for finding critical security vulnerabilities. Before joining Qualys he worked as a Cybersecurity consultant at Ernst & Young. Atul has extensive experience in MITRE ATT&CK framework and Adversary emulation. He is currently researching on Android adversary emulation techniques.
https://in.linkedin.com/in/atul-nair-3932a2141/

SpeakerBio:Harshal Tupsamudre , Senior Threat Research Engineer, Qualys
Harshal Tupsamudre is a senior threat researcher at Qualys. He has 8 years of research experience in the areas of cryptanalysis and usable security. He has published 15+ research articles in top-tier international conferences. He has contributed techniques, threat groups and tools to MITRE ATT&CK framework. Currently, he is researching on detection methodologies for MITRE ATT&CK techniques.
https://in.linkedin.com/in/harshal-tupsamudre-28a58735

Description:
Persistence consists of techniques that adversaries use to maintain their foothold on systems across restarts. Techniques used for persistence include any access, action, or configuration changes that allow attackers retain access on systems. Persistence is one of the more sought-after techniques of an attacker. Every 3 techniques out of top 10 usedby Adversaries belong to Persistence. We leveraged data from MITRE ATT&CK and open source cyber threat intelligence to understand how adversary achieves persistence. We created Tenacity, a light-weight adversary emulation tool that emulates over 30+ persistence techniques using 100+ procedures employed by attackers in the wild. Using this tool the organizations and individuals can quickly validate the risk posture and exposure of their business as well as the performance of the existing security solutions.

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

APV - Saturday - 12:00-14:30 PDT


Title: (Workshop) - Integrating DAST tools into developers' test process
When: Saturday, Aug 7, 12:00 - 14:30 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Joe Schottman 
No BIO available

Description:
API testing is now vital to AppSec but presents some challenges that conventional DAST testing did not face. This session will show how running developers’ non-security tests for the APIs they develop through an interception proxy such as OWASP ZAP can enable easier, faster, and more accurate DAST testing.

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Saturday - 11:00-13:15 PDT


Title: (Workshop) From zero to hero: creating a reflective loader in C#
When: Saturday, Aug 7, 11:00 - 13:15 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Jean Francois Maes , Senior Red Teamer, NVISO
Jean-François Maes is the technical red team lead at NVISO security and a SANS instructor for the SEC699:Adversary Emulation for Breach Prevention & Detection course. Jean-François wants to help people level up in their careers and make people want to join the infosec community. This is why he's the host of the voices of infosec podcast and the creator of redteamer.tips. Both tailored to inspire people to join in on the fun. Next to his job at NVISO and SANS, he is also very engaged with the infosec community on social media and is a strong believer of open source tooling. He has authored several C# tools such as SharpNukeEventLog, SharpZipRunner and Trustjack.
Twitter: @Jean_Maes_1994

Description:
Have you ever heard of reflective loading before? Ever worked with tools like donut and sRDI? Ever wanted to execute an assembly over Cobalt-Strike but it was bigger than a megabyte? Reflection is awesome, adversaries use it frequently, and in C# it is easier than ever. In this workshop, we will explorer how to create our own reflective loader starting from scratch, adding functionality as we go, in total we will create 6 to 7 loaders. In the end, you will have a better understanding of how reflection works, what appdomains are and do, and how you can leverage reflection in red team operations. In order to attend this workshop, you will need a Windows computer (or VM) and visual studio 2019.

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Friday - 17:45-19:59 PDT


Title: (Workshop) Tradecraft Development in Adversary Simulations
When: Friday, Aug 6, 17:45 - 19:59 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Fatih Ozavci , Managing Security Consultant, The Missing Link (Australia)
Fatih Ozavci is a multidisciplinary security manager, engineer and researcher with two decades of experience on offensive and defensive security technologies. He has managed several international security assessment and research projects focused on various technologies including service provider networks, unified communications, application security and embedded systems. He shared his researches, tools, advisories and vulnerabilities in major security conferences such as Black Hat USA, DEF CON and HITB. Nowadays, he combines his skillsets to perform realistic adversary simulations and defence exercises for larger organisations. Fatih is also studying Master of Cyber Security (Advanced Tradecraft) at University of New South Wales at Australian Defence Force Academy.
https://au.linkedin.com/in/fozavci

Description:
Threat actors build their tradecraft for each campaign, they need to select the right tactics, techniques. Most of the time they use open source or commercial, but publicly available tools. They even re-purpose or pack existing malware acquired from other threat actors. The reason behind of this decision is tool development takes time, and if the known/current tools already work well, they don’t need upgrades either. However, the adversary simulation specialists need to operate in safer environments, therefore, they’re not allowed to use malicious tradecraft or unknown tools in general. Tradecraft development is an essential skills for an adversary simulation specialist as it needs custom C2 protocols, implants, safer but realistic Mitre Att&ck TTPs, and finally cutting-edge evasions for the modern security controls including EDRs and Cyber Analytics. In this workshop, we’ll walk through reasons and ways of Tradecraft development, talk about where to start, and to go, finding example source codes, walking through the source code of existing C2s, implants, and draft tools. We’ll also discuss about weaponization techniques such as offensive pipelines, modern evasions techniques and tool integrations. Duringthe exercises, we’ll prefer C# for programming, but you can replicate what you learn in various languages after this workshop (e.g. Python, Go, Rust). During the workshop, the participants will be able to develop their own implants, C2s, evasions and more using examples and active tools such as Petaq Purple Team C2 and Malware, TA505+ Adversary Simulation Pack and Tehsat Malware Traffic Generator

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Saturday - 10:00-10:59 PDT


Title: *nix Processes. Starting, Stopping, and Everything In Between
When: Saturday, Aug 7, 10:00 - 10:59 PDT
Where: Packet Hacking Village - Talks (Virtual)

SpeakerBio:Nick Roy
Nick Roy (Twitter: @superducktoes) currently works for a global security vendor creating training content and researching new attacker patterns and techniques. Previously he worked at an automation platform startup teaching people about the joys and benefits of automation. While not working he lives in Boston with his wife and two cats hunting out the best dive bars in Boston and solving math problems on college chalkboards overnight.
Twitter: @superducktoes

Description:
Recording discusses Linux and Unix processes, starting with a high level overview of what a process is and what the key components are. We then take a look at how the operating system manages multiple processes, what are the main components of a running process, and finally some common syscalls used in Linux when creating processes. Finally, we look at a few code samples to show how these calls are used with a simple shell. All code can be found here to compliment the video: https://github.com/superducktoes/syscall_processes

All Packet Hacking Village talks will stream on YouTube, Twitch, Facebook, and Periscope.

YouTube: https://youtube.com/wallofsheep

Twitch: https://twitch.tv/wallofsheep

Facebook: https://www.facebook.com/wallofsheep/

Periscope: https://www.periscope.tv/wallofsheep


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 13:00-13:45 PDT


Title: 0-Days & Nat 20's - CVSSv3 Through the Lens of Dungeons & Dragons
When: Sunday, Aug 8, 13:00 - 13:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Alex "RedWedgeX" Hoffman
No BIO available

Description:
What do the Critical Vulnerability Scoring System and Dungeons & Dragons have in common? As a pentester, security professional, network defender, developer, or an RPG gamer, it's vital to know how to read your character sheet in order figure out how much the BBEG (big bad evil guy) is going to mess you up and what you can do to prevent it. We'll take a brief glance at the CVSSv3 Calculator and walk through a dungeon encounter in order to better understand how to translate the ancient, often-misunderstood language of vulnerability scoring metrics.

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

IOTV - Friday - 11:45-12:30 PDT


Title: 1.21 Gigawatts! Vulnerabilities in Solar Panel Controllers
When: Friday, Aug 6, 11:45 - 12:30 PDT
Where: IoT Village (Talk - Virtual)

SpeakerBio:Waylon Grange
Waylon Grange is an experienced vulnerability researcher, reverse engineer, and developer. Prior to Stage 2, he worked for Symantec and the NSA. Waylon has been a speaker at Black Hat, DefCon, RSA, CanSecWest, and DerbyCon and is credited with a US patient, multiple CVEs, and exposing APT groups. His in-depth knowledge of embedded systems is utilized to evaluate the security of IoT systems and develop electronic badges for conferences.

Description:
Embedded device security has come a long way since the days of telnet and default passwords. Product vendors are now doing more to secure their devices but how effective are they? This presentation will outline many of the software and hardware-based attacks used to compromise embedded systems. It also discusses some of the mitigations used to prevent these attacks. Many previous IoT talks show the simplicity of hacking devices that have weak security or no hardening. In contrast, this presentation shows how even secured devices have attack surfaces that still need to be addressed. It demonstrates the need for embedded devices to incorporate a security lifecycle plan and hardware designs must be audited for security weakness before production. Topics to be covered include firmware image encryption, disabling UART console access, hardening JTAG development access, securing e.MMC storage, NOR Flash protection, processor glitching, update lifecycle attacks, avoiding custom crypto, dealing with reverse engineers, and initial device setup vs authentication. None of these topics will be a deep dive. The intent is to show how they are attacked or utilized to mitigate specific attacks. To illustrate these topics the presentation will use a recent security audit of a US solar equipment manufacturer as a case study. The vendor incorporated many best practices for securing embedded devices but made some architecture decisions in the guise of security that ended up weakening their security posture rather than helping it. Finally, we'll show the ramifications of an attack against solar systems and how it could be used for racketeering. Attacks in this talk are beneficial to system designers, hobbyists, and researchers.

IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.

Twitch: https://www.twitch.tv/iotvillage


Return to Index    -    Add to    -    ics Calendar file

 

DC - Friday - 11:00-11:45 PDT


Title: 2021 - Our Journey Back To The Future Of Windows Vulnerabilities and the 0-days we brought back with us
When: Friday, Aug 6, 11:00 - 11:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
Speakers:Eran Segal,Tomer Bar

SpeakerBio:Eran Segal
Eran Segal is a security researcher, having 7+ years experience in cyber security research. He is working on security research projects in SafeBreach Labs in the last 2 years after serving in various sec positions at the IDF.

His experience involves research on Windows and embedded devices


SpeakerBio:Tomer Bar
Tomer Bar is hands-on security researcher and head of research manager with ~20 years of unique experience in the cyber security. In the Past, he ran research groups for the Israeli government and then lead the endpoint malware research for Palo Alto Networks. Currently, he leads the SafeBreach Labs research which is the research and development arm of SafeBreach.

His main interest is focused on Windows vulnerability research, reverse engineering and APT research.

His recent discoveries are vulnerabilities in the Windows Spooler mechansim and a research on the most persistent Iranian APT campaign. He is a contributor to Mitre Attack framework and a Speaker at BlackHat, Defcon and Sector conferences.


Description:
In 2020, security researchers reported a record number of Windows vulnerabilities. We were curious what superpowers will we get from researching this huge number of vulnerabilities? Can we leverage our findings to discover 0-days?

We decided to go back in time to 2016 to search for patterns and automatically classify all the public vulnerabilities since then. We believed that only by connecting the dots to a bigger picture, we will be able to come back 2021 with the success of achieving our goal.

We adopted a new approach, in terms of both the goal and how to get there. Until now, the main goal of patch-diff was focused on the root cause of the vulnerability and building a 1-day to exploit it Usually patch-diff was done manually on a single patch.

We reached higher for the holy grail. We understood that in order to find 0-days we needed to build an automated process that would gather all the insights from all the patches in a single, searchable db.

It worked! We discovered the root causes of multiple classes of vulnerabilities. We used these discoveries on a fully patched Windows 10 host in order to highlight opportunities for exploitation. As a consequence, we found and reported (1) 6 information disclosure vulnerabilities to Microsoft, (2) 2 post exploitation techniques allowing covert exfiltration of private user data, and (3) an additional surprise.

In this presentation, we'll describe our research process, demonstrate a live exploitation of the vulnerabilities we found, share the tools we developed, and explain how other researchers can use it to discover 0-days.

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=VxNi5pVDZU0

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Tomer%20Bar%20Eran%20Segal%20-%202021%20-%20Our%20Journey%20Back%20To%20The%20Future%20Of%20Windows%20Vulnerabilities%20and%20the%200-days%20we%20brought%20back%20with%20us.mp4


This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two


Return to Index    -    Add to    -    ics Calendar file

 

BICV - Saturday - 14:30-14:30 PDT


Title: 40 cores and a CPU
When: Saturday, Aug 7, 14:30 - 14:30 PDT
Where: Blacks in Cyber

SpeakerBio:Nico "Socks" Smith
Nico Smith is a technology hobbyist with over 15 years in Information Technology and 10years focused on developing defensive and offensive teams, privately and collegiately. He also is Captain in the US Army National Guard and previously a Cyber Network Defense Manager for a US Army National Guard Cyber Protection Team. In his spare time Nico Smith volunteers 30hrs a month to mentor and support college and high school students interested in entering the cyber career field. He also created the only functioning cyber challenge coin in the DOD. He also created the BIC Village Badge for DEFCON29. He has committed to improving cybersecurity and changing the way cyber is understood, leveraged, and cultivated.
Twitter: @nicolaismith1

Description:
The talk 40 Cores and a CPU will speak to the importance of participating in the cybersecurity field at every level for Black Technologists. I will demonstrate the benefits and struggles that can be both met and overcome through owning physical infrastructure and providing services to the community, with this question in mind: “If the goal is to own and secure your data, wouldn’t be easier if you owned the IP’s and the Bare Metal Infrastructure that supports it?” While the scale will always be dwarfed by larger companies that are Cloud Service Providers, the capabilities to grow and develop at a grassroots level, future engineers, and cybersecurity professionals of color is much easier, which in turn prepares better candidates for larger enterprises. This talk should start the discussion, is it possible for the black community to own spaces of the internet from the BareMetal to the code on the front-end server? And what economic impact would that have, or would it become a security issue, a new cyber target ?

Blacks in Cyber talks will be streamed on YouTube.

YouTube: https://www.youtube.com/c/BlacksInCybersecurity


Return to Index    -    Add to    -    ics Calendar file

 

IOTV - Friday - 13:30-14:15 PDT


Title: 5 years of IoT vulnerability research and countless 0days - A retrospective
When: Friday, Aug 6, 13:30 - 14:15 PDT
Where: IoT Village (Talk - Virtual)

SpeakerBio:Alex "Jay" Balan
Alex "Jay" Balan is the Security Research Director and Spokesperson for Bitdefender. His career is focused on Information Security and Innovation, fields in which he has so far accumulated over 20 years of experience. He is now furthering security and privacy research and has been actively involved in creating awareness by speaking at a number of conferences including DEFCON , Derbycon, RSA, BSides, ISC China, and many others

Description:
How many 0days can a research team discover in 4 years of vulnerability research in IoT? How many of them are relevant and can be used even today? How to get started (or advance further) with IoT vulnerability research? This talk will answer all these questions and show you some hands-on shell-popping and authentication bypasses as well as some new 0days published this year

IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.

Twitch: https://www.twitch.tv/iotvillage


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Saturday - 16:45-16:59 PDT


Title: A Cohort of Pirate Ships
When: Saturday, Aug 7, 16:45 - 16:59 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Alex Pearlman , Science and Health Policy + Emerging Issues in Bioethics
No BIO available

Description:
A presentation on our newly published research on ethics attitudes and preferences in biomedical citizen science, biohacker, and community bio groups. As biomedical citizen science initiatives become more prevalent, the unique ethical issues that they raise are attracting policy attention. One issue identified as a significant concern is the ethical oversight of bottom-up biomedical citizen science projects that are designed and executed primarily or solely by members of the public. That is because the federal rules that require ethical oversight of research by institutional review boards generally do not apply to such projects, creating what has been called an ethics gap. Working to close this gap, practitioners and scholars have considered new mechanisms of ethical oversight for biomedical citizen science. To date, however, participants’ attitudes about ethics and oversight preferences have not been systematically examined. This information is useful to efforts to develop ethical oversight mechanisms because it provides a basis for evaluating the likely effectiveness of specific features of such mechanisms and their acceptability from the perspective of biomedical citizen scientists. Here, we report data from qualitative interviews with 35 stakeholders (some from BHV!) in bottom-up biomedical citizen science about their general ethics attitudes and preferences regarding ethical oversight. Interviewees described ten ethical priorities and endorsed oversight mechanisms that are voluntary, community-driven, and offer guidance. Conversely, interviewees rejected mechanisms that are mandatory, hierarchical, and inflexible. Applying these findings, we conclude that expert consultation and community review models appear to align well with ethical priorities and oversight preferences of many biomedical citizen scientists, although local conditions should guide the development and use of mechanisms in specific communities.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

APV - Saturday - 15:00-15:45 PDT


Title: A Deep Dive Into Supply Chain Vulnerabilities: And How SecDevOps Can Save the Day
When: Saturday, Aug 7, 15:00 - 15:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Adam Schaal
No BIO available

Description:
These are dangerous times. From left-pad to event-stream to the Node Security Platform shutdown - nowhere are supply chain vulnerabilities more prevalent than modern-day javascript applications. Join us as we discuss how investing in the DevOps cycle now can help save your assets in the long run.

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

VMV - Friday - 11:00-11:30 PDT


Title: A Deep Dive on Vulnerability Disclosure for Election Systems
When: Friday, Aug 6, 11:00 - 11:30 PDT
Where: Voting Village (Talks - Virtual)

SpeakerBio:Tod Beardsley
Tod Beardsley is the Director of Research at Rapid7. He has over 30 years of hands-on security experience, stretching from in-band telephony switching to modern IoT implementations. He has held IT Ops and Security positions in large organizations such as 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner. Today, Tod directs the security research program at Rapid7, is a zealous advocate for coordinated vulnerability disclosure, is a CVE Board member, is a contributing author to a number of research papers produced by Rapid7, and is often a Travis County Election Judge in Texas. Because of this last qualifier, it is permissible to address him as “Your Honor.”

Description:
The norms and practices of vulnerability disclosure among voting machine manufacturers and election infrastructure providers have radically changed since the first Voting Machine Hacking Village of DEFCON 25. In just a few short years, private companies in the election services sector have matured from recalcitrant, close-lipped antagonists to active and willing participants in coordinated vulnerability disclosure (CVD) with published vulnerability disclosure programs (VDPs). And yet, truly unbelievable claims about voting security have risen to the fore, and as a result, the public imagination around how cybersecurity works and what are realistic threats to election integrity seems more fanciful than ever. In this short presentation, we will explore how CVD works for voting machines and other election systems, provide guidance on how well-meaning, virtuous hackers can best interface with this niche but crucial industry, and how we can all do our part to bring some reason and rigor to the practice of information security when it comes to one of our most important institutions.

Voting Village talks will be streamed to YouTube and Twitch.

Twitch: https://www.twitch.tv/votingvillagedc

YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 10:00-10:45 PDT


Title: A Discussion with Agent X
When: Sunday, Aug 8, 10:00 - 10:45 PDT
Where: Track 1 Live; DCTV/Twitch #1 Pre-Recorded

SpeakerBio:Agent X
No BIO available

Description:
This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=U2-8MNx8nsg

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Agent%20X%20-%20A%20look%20inside%20security%20at%20the%20New%20York%20Times.mp4


This talk will be given live in Track 1.

This talk has also been pre-recorded and will be broadcast on DCTV1, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_one


Return to Index    -    Add to    -    ics Calendar file

 

VMV - Friday - 12:00-12:10 PDT


Title: A Journalist’s Perspective on Fake News
When: Friday, Aug 6, 12:00 - 12:10 PDT
Where: Voting Village (Talks - Virtual)

SpeakerBio:Bob Sullivan
Bob Sullivan is a veteran journalist and the author of five books, including New York Times Best-Sellers, Gotcha Capitalism and Stop Getting Ripped Off! He has won the Society of Professional Journalists Public Service Award, a Peabody award, a Carnegie Mellon University CyLab Cybersecurity Journalism Award, and the Consumer Federation of America Betty Furness Consumer Media Service Award. He spent nearly two decades working at MSNBC.com and NBC News, and he still appears on TODAY, NBC Nightly News, and CNBC. He’s now a syndicated columnist and frequent TV guest. He is also host of AARP’s The Perfect Scam podcast, co-host of the podcast / audio documentary “Breach“, which examines history’s biggest hacking stories, and co-host of the podcast “So, Bob,” which tackles stories about the unintended consequences of technology. His latest podcast is called Debugger, exploring issues at the intersection of technology and democracy, produced in cooperation with Duke University’s Sanford School of Public Policy and the Kenan Institute for Ethics.

He holds a master’s degree in journalism from the University of Missouri and degrees in history and mathematics from Fairfield University. He is on the advisory board of the University of Georgia journalism school’s Cox Institute for Media Innovation and is a mentor/editor at the Op-Ed Project.


Description:
Why pseudo-events led to fake news.

Voting Village talks will be streamed to YouTube and Twitch.

Twitch: https://www.twitch.tv/votingvillagedc

YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Friday - 13:30-14:30 PDT


Title: A Lazy r2 Solve of @mediumrehr Challenge 6
When: Friday, Aug 6, 13:30 - 14:30 PDT
Where: Hardware Hacking Village (Virtual Talk)

SpeakerBio:Ben Gardiner
Mr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure heavy vehicles at the NMFTA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior YFS Inc. and joining the NMFTA team in 2019, Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer.
Twitter: @BenLGardiner

Description:
Join Ben for an informal let’s play of @mediumrehr’s Hardware Hacking Village challenge 6. Some topics we will cover include: radare2 , AVR assembly, 7 segment displays, and sigrok. It should be fun and relaxed with plenty of time to stop and re-do some steps if something needs more deliberation. See you there.

#hhv-challenge-text https://discord.com/channels/708208267699945503/739567199647301702

Twitch: https://twitch.tv/dchhv


Hardware Hacking Village talks will be streamed to Twitch.

Twitch: https://www.twitch.tv/dchhv


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Saturday - 12:00-12:59 PDT


Title: A Lazy r2 Solve of @mediumrehr Challenge 6
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: Hardware Hacking Village (Virtual Talk)

SpeakerBio:Ben Gardiner
Mr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure heavy vehicles at the NMFTA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior YFS Inc. and joining the NMFTA team in 2019, Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer.
Twitter: @BenLGardiner

Description:
Join Ben for an informal let’s play of @mediumrehr’s Hardware Hacking Village challenge 6. Some topics we will cover include: radare2 , AVR assembly, 7 segment displays, and sigrok. It should be fun and relaxed with plenty of time to stop and re-do some steps if something needs more deliberation. See you there.

#hhv-challenge-text https://discord.com/channels/708208267699945503/739567199647301702

Twitch: https://twitch.tv/dchhv


Hardware Hacking Village talks will be streamed to Twitch.

Twitch: https://www.twitch.tv/dchhv


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Sunday - 10:00-10:59 PDT


Title: A Lazy r2 Solve of @mediumrehr Challenge 6
When: Sunday, Aug 8, 10:00 - 10:59 PDT
Where: Hardware Hacking Village (Virtual Talk)

SpeakerBio:Ben Gardiner
Mr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure heavy vehicles at the NMFTA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior YFS Inc. and joining the NMFTA team in 2019, Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer.
Twitter: @BenLGardiner

Description:
Join Ben for an informal let’s play of @mediumrehr’s Hardware Hacking Village challenge 6. Some topics we will cover include: radare2 , AVR assembly, 7 segment displays, and sigrok. It should be fun and relaxed with plenty of time to stop and re-do some steps if something needs more deliberation. See you there.

#hhv-challenge-text https://discord.com/channels/708208267699945503/739567199647301702

Twitch: https://twitch.tv/dchhv


Hardware Hacking Village talks will be streamed to Twitch.

Twitch: https://www.twitch.tv/dchhv


Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 12:30-12:50 PDT


Title: A new class of DNS vulnerabilities affecting many DNS-as-Service platforms
When: Saturday, Aug 7, 12:30 - 12:50 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded
Speakers:Ami Luttwak,Shir Tamari

SpeakerBio:Ami Luttwak
Ami Luttwak is a serial entrepreneur, an experienced cyber security CTO and a hacker by heart. Mainly interested in cloud security and cloud exploits, understanding how the cloud is built to uncover its weaknesses. Currently CTO of Wiz, the fastest growing unicorn in cloud security, prior to that led research as CTO of Microsoft cloud security and prior to that founded Adallom, a pioneering cloud security startup acquired by Microsoft in 2015.
Twitter: @amiluttwak

SpeakerBio:Shir Tamari
Shir Tamari is a security and technology researcher, specializing in vulnerability research and practical hacking. Works as Head of Research at the cloud security company Wiz. In the past, he served in the Israeli intelligence unit, and in recent years has led a variety of research and security products in the industry. Shir's interests include Android, Linux Kernel, Web hacking and Blockchain.
Twitter: @shirtamari

Description:
We present a novel class of DNS vulnerabilities that affects multiple DNS-as-a-Service (DNSaaS) providers. The vulnerabilities have been proven and successfully exploited on three major cloud providers including AWS Route 53 and may affect many others. Successful exploitation of the vulnerabilities may allow exfiltration of sensitive information from service customers' corporate networks. The leaked information contains internal and external IP addresses, computer names, and sometimes NTLM hashes. The number of organizations vulnerable to this weakness is shocking. Over a few hours of DNS sniffing, we received sensitive information carried by DNS update queries from ~1M Windows endpoints from around 15,000 potentially vulnerable companies, including 15 Fortune 500 companies. In some organizations, there were more than 20,000 endpoints that actively leaked their information out of the organization. We will review possible mitigations to this problem and solutions for both DNSaaS providers and managed networks.
REFERENCES
I. Microsoft Windows DNS Update algorithm explained - https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003 II. An excellent blog post by Matthew Bryant on hijacking DNS Updates abusing a dangling domain issue on Guatemala State's Top Level Domain - https://thehackerblog.com/hacking-guatemalas-dns-spying-on-active-directory-users-by-exploiting-a-tld-misconfiguration/

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=72uzIZPyVjI

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Shir%20Tamari%20Ami%20Luttwak%20-%20A%20new%20class%20of%20DNS%20vulnerabilities%20affecting%20many%20DNS-as-Service%20platforms.mp4


This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Friday - 16:45-17:15 PDT


Title: A SERVERLESS SIEM: DETECTING ALL BADDIES ON A BUDGET
When: Friday, Aug 6, 16:45 - 17:15 PDT
Where: Blue Team Village - Main Track (Virtual)

SpeakerBio:Chen Cao
A security engineer at Cloudflare focuses on Detection and Response. Chen holds a Master of Science degree in Security Informatics from Johns Hopkins University and has been in the security industry for about 4 years now. He enjoys sharing & learning good practices in the industry and currently working on finding a reliable, scalable and cheap way for log collection and alerting.
Twitter: @chencao_cc

Description:
Commercial SIEMs are expensive, inflexible and risk a vendor lock-in. At Cloudflare, we built a SIEM using a Serverless architecture that provides scalability and flexibility to perform various Detection and Response functions. We will discuss this architecture and how it can be built upon to solve many Security problems, in a true pay-as-you-use model after 2 years of use handling Cloudflare’s data.

A SIEM is pivotal to a Threat Detection and Incident Response function. But, commercial SIEMs are expensive both in terms of cost of usage and maintenance, and risk a vendor lock-in. At Cloudflare, we build a SIEM to manage logs from 200+ data centers, 2000s endpoints and our corporate networks. The SIEM is built using a Serverless architecture in GCP that scales up and down based on usage, for a true pay-as-you-go model. It provides multiple data processing and analyzing paradigms that enable various D&R workflows. In this talk, we will discuss the motivation, constraints and the SIEM architecture. We’ll also dive into our logging pipeline, detection, automation and notification workflows using this SIEM.


Blue Team Village talks will be streamed to Twitch.

--

Twitch: https://twitch.tv/blueteamvillage


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Friday - 09:00-17:59 PDT


Title: A-ISAC CTF -- Pre-registration Required
When: Friday, Aug 6, 09:00 - 17:59 PDT
Where: Aerospace Village (Virtual CTF)

Description:
A-ISAC, ERAU with support from IntelliGenesis (CybatiWorks)

Day 1: Aug. 6th, 2021 9:00AM – 6:00PM PDT (UTC-7) Day 2: Aug. 7th, 2021 9:00AM – 6:00PM PDT (UTC-7)

Registration available at https://aisac.cyberskyline.com/defcon

Aviation ISAC is hosting a competition at DC29 Aerospace Village! This competition represents a simulated airport hosted on the Cyber Skyline platform and is developed by the Department of Cyber Intelligence and Security at Embry-Riddle Aeronautical University (Prescott) and Matthew E. Luallen, Chief Executive Inventor at CybatiWorks powered by IntelliGenesis. The ethical design of the competition is achieved through investigative themes that provides a focus in blue team while still offering red team aspects.

Storyline for CTF: On 8/6, an employee from ERAU Airline noticed a USB stick inside one of their kiosks. After further investigation, airport security suspects someone is carrying out an attack against the airport. You have been brought in to retrace the steps of the attackers, determine where security needs to be hardened, regain control of compromised systems, and prevent a successful attack at the airport. Identify the criminals by retracing their steps and utilizing OSINT to identify which suspects need to be arrested. Investigators have not ruled out insider threats which means you must remain undetected by airport staff while you attempt to regain control of the airport’s infrastructure. Good Luck and remember to register ahead of time!

CybatiWorks part of the CTF Stage 7: Runway Lighting System: The Runway Lighting System (RLS) was taken over by the attackers and the lights are operating erratically. Identify what the attackers have changed causing the RLS HMI systems to work improperly and regain access to the remote logic controller operating the runway lights. Update the logic on the HMI system, regain control of the remote logic controller and successfully operate the RLS.

Architecture Design: The competitors are provided with a CybatiWorks custom docker image that they use to gain access to the operator and maintenance HMI logic. The competitors will review and update the logic to match the documentation provided in stage 4. Once the local components are successfully completed the competitors will request access to the remote RLS logic controller (i.e. a Raspberry PI with a 3d printed/LED runway lighting system accessible via a VPN). The competitors will complete additional challenges to confirm the logic program and then remotely control the RLS. All remote RLS stations will be visible


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Saturday - 09:00-17:59 PDT


Title: A-ISAC CTF -- Pre-registration Required
When: Saturday, Aug 7, 09:00 - 17:59 PDT
Where: Aerospace Village (Virtual CTF)

Description:
A-ISAC, ERAU with support from IntelliGenesis (CybatiWorks)

Day 1: Aug. 6th, 2021 9:00AM – 6:00PM PDT (UTC-7) Day 2: Aug. 7th, 2021 9:00AM – 6:00PM PDT (UTC-7)

Registration available at https://aisac.cyberskyline.com/defcon

Aviation ISAC is hosting a competition at DC29 Aerospace Village! This competition represents a simulated airport hosted on the Cyber Skyline platform and is developed by the Department of Cyber Intelligence and Security at Embry-Riddle Aeronautical University (Prescott) and Matthew E. Luallen, Chief Executive Inventor at CybatiWorks powered by IntelliGenesis. The ethical design of the competition is achieved through investigative themes that provides a focus in blue team while still offering red team aspects.

Storyline for CTF: On 8/6, an employee from ERAU Airline noticed a USB stick inside one of their kiosks. After further investigation, airport security suspects someone is carrying out an attack against the airport. You have been brought in to retrace the steps of the attackers, determine where security needs to be hardened, regain control of compromised systems, and prevent a successful attack at the airport. Identify the criminals by retracing their steps and utilizing OSINT to identify which suspects need to be arrested. Investigators have not ruled out insider threats which means you must remain undetected by airport staff while you attempt to regain control of the airport’s infrastructure. Good Luck and remember to register ahead of time!

CybatiWorks part of the CTF Stage 7: Runway Lighting System: The Runway Lighting System (RLS) was taken over by the attackers and the lights are operating erratically. Identify what the attackers have changed causing the RLS HMI systems to work improperly and regain access to the remote logic controller operating the runway lights. Update the logic on the HMI system, regain control of the remote logic controller and successfully operate the RLS.

Architecture Design: The competitors are provided with a CybatiWorks custom docker image that they use to gain access to the operator and maintenance HMI logic. The competitors will review and update the logic to match the documentation provided in stage 4. Once the local components are successfully completed the competitors will request access to the remote RLS logic controller (i.e. a Raspberry PI with a 3d printed/LED runway lighting system accessible via a VPN). The competitors will complete additional challenges to confirm the logic program and then remotely control the RLS. All remote RLS stations will be visible


Return to Index    -    Add to    -    ics Calendar file

 

SOC - Thursday - 13:00-23:59 PDT


Title: A&E Pool Party!
When: Thursday, Aug 5, 13:00 - 23:59 PDT
Where: Bally's Pool

Description:
Pool Party Schedule is listed here: https://forum.defcon.org/node/238025

Return to Index    -    Add to    -    ics Calendar file

 

SOC - Friday - 13:00-23:59 PDT


Title: A&E Pool Party!
When: Friday, Aug 6, 13:00 - 23:59 PDT
Where: Bally's Pool

Description:
Pool Party Schedule is listed here: https://forum.defcon.org/node/238025

Return to Index    -    Add to    -    ics Calendar file

 

SOC - Saturday - 13:00-23:59 PDT


Title: A&E Pool Party!
When: Saturday, Aug 7, 13:00 - 23:59 PDT
Where: Bally's Pool

Description:
Pool Party Schedule is listed here: https://forum.defcon.org/node/238025

Return to Index    -    Add to    -    ics Calendar file

 

SOC - Sunday - 13:00-23:59 PDT


Title: A&E Pool Party!
When: Sunday, Aug 8, 13:00 - 23:59 PDT
Where: Bally's Pool

Description:
Pool Party Schedule is listed here: https://forum.defcon.org/node/238025

Return to Index    -    Add to    -    ics Calendar file

 

IOTV - Friday - 15:30-16:15 PDT


Title: “Alexa, have you been compromised?” — Exploitation of Voice Assistants in Healthcare (and other business contexts)
When: Friday, Aug 6, 15:30 - 16:15 PDT
Where: IoT Village (Talk - Virtual)

SpeakerBio:Hutch (Justin Hutchens)
Justin Hutchens (“Hutch”) is the Assessments Services Practice Lead at Set Solutions and manages TVM, IR, and GRC services. He is the co-host of the "Ready, Set, Secure" InfoSec podcast. He is also the creator of Sociosploit, a research blog which examines exploitation opportunities on the social web – a confluence of his interests in both hacking and social psychology. Hutch has spoken at multiple conferences to include HouSecCon, ToorCon, and DEF CON.

Description:
As voice assistant technologies (such as Amazon Alexa and Google Assistant) become increasingly sophisticated, we are beginning to see adoption of these technologies in the workplace. Whether supporting conference room communications, or even supporting interactions between an organization and its customers — these technologies are becoming increasingly integrated into the ways that we do business. While implementations of these solutions can streamline operations, they are not always without risk. During this talk, the speaker will discuss lessons learned during a recent penetration test of a large-scale “Alexa for Business” implementation in a hospital environment where voice assistants were implemented to assist with patient interactions during the peak of the COVID-19 pandemic. The speaker will provide a live demonstration of how a cyber-criminal could potentially use pre-staged AWS Lambda functions to compromise an “Alexa for Business” device with less than one-minute of physical access. Multiple attack scenarios will be discussed to include making Alexa verbally abuse her users (resulting in possible reputation damage), remote eavesdropping on user interactions, and even active “vishing” (voice phishing) attacks to obtain sensitive information. Finally, the talk will conclude with a discussion of best-practice hardening measures that can be taken to prevent your “Alexa for Business” devices from being transformed into foul-mouthed miscreants with malicious intent.

IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.

Twitch: https://www.twitch.tv/iotvillage


Return to Index    -    Add to    -    ics Calendar file

 

DC - Friday - 15:00-15:45 PDT


Title: Abusing SAST tools! When scanners do more than just scanning
When: Friday, Aug 6, 15:00 - 15:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Rotem Bar
Rotem Bar has over a decade of experience in the security field including penetration testing both application and network, design reviews, code reviews, architecture reviews, tech management, and of course development.

Over the years Rotem has gained experience in a diversity of industries from the financial services, to insurance, through high-tech & the automotive industry, along with other complex environments.

In the last couple of years Rotem has been working in concept design and development, pen testing and working with hardware in Cymotive, which is a company that focuses on end to end cyber security for the automotive industry, and after that he served as an application security expert at AppsFlyer.

Today Rotem is the Head of Marketplace Integrations at Cider Security, that is focusing on revolutionizing CI/CD security.

During his free time, Rotem plays with robotics, bug-bounty and and enjoys traveling with his family.

Twitter: @rotembar
www.rotem-bar.com

Description:
When we write code, we often run many scanners for different purposes on our code - from linters, to testing, security scanning, secret scanning, and more.

Scanning the code occurs on developers' machines and in CI/CD pipelines, which assumes the code is untrusted and unverified and based on this assumption scanners shouldn't have the ability to dynamically run code.

Our research focuses on the many static analyzers out there if this is really the case. Many of the scanners allow different ways of interaction - From requesting external resources, overriding the configuration and to remote code execution as part of the process.This talk will be technical and show examples of well-known scanning tools and how we created code that attacks them.

TLDR -
When integrating and using new tools in our CI systems and especially when running on unverified code, Which tools can we trust and how can we scan safe untrusted code in a secure way?

REFERENCES
https://github.com/jonase/kibit/issues/235 - Issue I raised in the past in one of the tools

Hiroki Suezawa in a thread in cloud security forum talked about exploiting terraform plan https://cloudsecurityforum.slack.com/archives/CNJKBFXMH/p1584035704035800

This reference was released after I've started my research but nevertheless a good resource and has interesting perspectives and I will reference it: https://alex.kaskaso.li/post/terraform-plan-rce

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=Jl-CU6G4Ofc

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Rotem%20Bar%20-%20Abusing%20SAST%20tools%20When%20scanners%20do%20more%20than%20just%20scanning.mp4


This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Friday - 10:00-15:59 PDT


Title: ADSB Demo and Paper Airplanes
When: Friday, Aug 6, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Paris Rivoli B)

Description:
Interactive ADS-B demonstration and paper airplane activity. Educational and fun

Return to Index    -    Add to    -    ics Calendar file

 

ASV - Saturday - 10:00-15:59 PDT


Title: ADSB Demo and Paper Airplanes
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Paris Rivoli B)

Description:
Interactive ADS-B demonstration and paper airplane activity. Educational and fun

Return to Index    -    Add to    -    ics Calendar file

 

WS - Saturday - 15:00-18:59 PDT


Title: Advanced Wireless Attacks Against Enterprise Networks
When: Saturday, Aug 7, 15:00 - 18:59 PDT
Where: Workshops - Las Vegas 5+6 (Onsite Only)

SpeakerBio:Solstice , Offensive Security Engineer
Solstice is an offensive security engineer at a major cloud provider. He currently specializes in kinetic threats, identifying attack vectors against "edge" devices deployed in hostile environments. Previously, he worked as a red team operator at companies such as SpecterOps, specializing in SIGINT and Windows-focused adversarial tradecraft. He is the author of EAPHammer, SilentBridge, DropEngine, and has contributed to high-profile projects such as hostapd-wpe and Empire.

Description:
This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks using relay attacks, how to abuse MSCHAPv2 and GTC to efficiently capture network credentials, perform effective target selection with zero prior knowledge, leverage rogue access point attacks to deliver malware and harvest keystrokes, and abuse Opportunistic Wireless Encryption (OWE) to perform PITM attacks. All material discussed in the lectures will be practiced within a realistic lab environment.

Registration Link: https://www.eventbrite.com/e/advanced-wireless-attacks-against-enterprise-networks-las-vegas-5-6-tickets-162214769743

Prerequisites
A previous wireless security background is helpful but certainly not required.

Materials needed:
- Students will be required to provide their own laptops, which must meet the following requirements:

Corporate / managed laptops are not recommended due to software restrictions.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 16:00-16:59 PDT


Title: Adventures in MitM-land: Using Machine-in-the-Middle to Attack Active Directory Authentication Schemes
When: Saturday, Aug 7, 16:00 - 16:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
Speakers:Eyal Karni,Sagi Sheinfeld,Yaron Zinar

SpeakerBio:Eyal Karni
Eyal Karni is a Sr. Engineer at CrowdStrike working on Identity Protection products (previously Preempt). Eyal spent over 11 years researching cyber security projects. Previously, he served 5 years in an elite unit of the IDF in Cyber Security Research and Development. Eyal is an expert on Windows Internals and has previously found numerous vulnerabilities. Eyal holds a B.Sc in Mathematics and Physics.
Twitter: @eyal_karni

SpeakerBio:Sagi Sheinfeld
Sagi Sheinfeld is a Sr. Engineer at CrowdStrike working on Identity Protection products (previously Preempt). Sagi spent over 14 years researching cyber security projects. Previously, he served 8 years in an elite unit of the IDF in Cyber Security Research and Development and in IBM Security. Sagi is an expert on Windows internals. Sagi holds a B.Sc in Computer Science.
Twitter: @sagish1233

SpeakerBio:Yaron Zinar
Yaron Zinar is a Sr. Manager at CrowdStrike working on Identity Protection products (previously Preempt). Previously, Yaron spent over 16 years at leading companies such as Google where he held various positions researching and leading big data, machine learning and cyber security projects. Yaron is an expert on Windows Authentication protocols and has previously presented his research at top conferences such as Black Hat and DEFCON. Yaron holds an M.Sc. in Computer Science with focus on statistical analysis.
Twitter: @YaronZi

Description:
Over the years, researchers were able to break many secure protocols using MitM attacks. A common theme in this family of vulnerabilities is the lack of proper validation for any of the communicating parties. We will review previous MitM attacks found on AD authentication protocols and the mitigation strategies previously implemented. We will show that the relay attack technique is not limited to NTLM alone and can be used to attack the newer Kerberos authentication protocol. In addition, we will show several injection attacks compromising client systems. We’ll show how the lack of validation can lead to devastating issues ranging from authentication bypass to remote code execution on various critical infrastructure systems. However, the issues do not stop on Windows on-premises networks but span to other infrastructure such as domain-joined unix machines, virtualization infrastructure, open-source security audit tools and even cloud directories. The talk will deep-dive into multiple vulnerabilities we have discovered along with several demos. Demos include a MitM attack which allows an attacker to inject user passwords in a hybrid AD environment allowing the attacker to authenticate as any user in the network. We will also show how to use a similar technique to compromise many other IT infrastructure.
REFERENCES
https://www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/ https://labs.f-secure.com/archive/practically-exploiting-ms15-014-and-ms15-011/ https://www.securityfocus.com/bid/1616/info

--

This talk has been released to the DEF CON Media server.

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Sagi%20Sheinfeld%20Eyal%20Karni%20Yaron%20Zinar%20-%20Using%20Machine-in-the-Middle%20to%20Attack%20Active%20Directory%20Authentication%20Schemes.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Friday - 14:15-15:15 PDT


Title: Adventures in Pro Bono Digital Forensics Work
When: Friday, Aug 6, 14:15 - 15:15 PDT
Where: Blue Team Village - Main Track (Virtual)

SpeakerBio:John Bambenek
John Bambenek is President of Bambenek Labs, a threat intelligence firm, and a PhD student studying cyber security machine learning at the University of Illinois at Urbana-Champaign. He has 20 years experience investigating cyber crime and has participated in large investigations in ransomware, the 2016 election-related hacking, and extremist fundraising in cryptocurrency.
Twitter: @bambenek

Description:
Most of DFIR work never makes it to a courtroom and even when it does it is often unchallenged. This talk will cover cases of doing pro bono digital forensics for public defenders and journalists and the shoddy work that often passes for science.

One of the major problems with our justice system is how the power dynamics work when one side of a legal dispute has resources and the other does not. This plays out in digital forensics too. Most of our work never ends up in court and is rarely challenged. While most of us are honest, there is far more work that needs to be done and not enough qualified people doing it. In short, not every analyst is qualified or experienced but their testimony is accepted unquestioned.

This talk will cover cases that were performed pro bono for clients who would not normally have access to an expert to challenge the government’s experts. Cautionary tales of bad analysis will be shown to emphasize the importance of sound forensic techniques and the risks of sloppy work.

The talk will end with a call to action for more professionals to contribute their time on similar pro bono efforts.


Blue Team Village talks will be streamed to Twitch.

--

Twitch: https://twitch.tv/blueteamvillage


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Saturday - 10:00-10:30 PDT


Title: Adversary Infrastructure Tracking with Mihari
When: Saturday, Aug 7, 10:00 - 10:30 PDT
Where: Recon Village (Virtual)

SpeakerBio:Manabu Niseki
No BIO available
Twitter: @ninoseki

Description:No Description available

Recon Village talks will stream to YouTube.

YouTube: https://www.youtube.com/c/ReconVillage


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 16:00-16:59 PDT


Title: Adversary Village Closing Ceremony
When: Sunday, Aug 8, 16:00 - 16:59 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Adversary Village Team
No BIO available

Description:No Description available

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Friday - 12:15-12:59 PDT


Title: Adversary Village Keynote
When: Friday, Aug 6, 12:15 - 12:59 PDT
Where: Adversary Village (Virtual)

SpeakerBio:David Kennedy , CEO, TrustedSec
David is a cybersecurity authority whose mission is to drive the industry forward and make the world a more secure place. In addition to creating two large-scale cybersecurity firms, David has testified before Congress on issues of national security and has appeared as a subject matter expert on hundreds of national news and TV shows.

Prior to creating TrustedSec, David was a Chief Security Officer (CSO) for Diebold Incorporated, a Fortune 1000 company. As a forward thinker in the security field, David has had the privilege of speaking at some of the nation’s largest conferences, including Microsoft’s BlueHat, DEF CON, Black Hat, and DerbyCon, which he co-created in 2011 and expanded into DerbyCon Communities.

Twitter: @HackingDave
https://www.linkedin.com/in/davidkennedy4

Description:No Description available

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Friday - 12:00-12:15 PDT


Title: Adversary Village Kick-off
When: Friday, Aug 6, 12:00 - 12:15 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Abhijith B R
No BIO available

Description:No Description available

Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Friday - 14:30-14:59 PDT


Title: AI Policy Talk: "An AI Security ISAC" and "An AI Playbook"
When: Friday, Aug 6, 14:30 - 14:59 PDT
Where: AI Village (Virtual)

SpeakerBio:Sagar Samtani
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.


Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Friday - 11:30-12:59 PDT


Title: AIAA CubeSat Hacking Workshop - Virtual Lab #1
When: Friday, Aug 6, 11:30 - 12:59 PDT
Where: See Description

Description:
DEF CON participants will be able to interact with CubeSat hardware and ground equipment in cybersecurity sandbox environment.

For more information, please see https://aerospacevillage.org/events/upcoming-events/def-con-29/aiaa-cubesat-hacking-workshop/


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Friday - 14:00-15:59 PDT


Title: AIAA CubeSat Hacking Workshop - Virtual Lab #2
When: Friday, Aug 6, 14:00 - 15:59 PDT
Where: See Description

Description:
DEF CON participants will be able to interact with CubeSat hardware and ground equipment in cybersecurity sandbox environment.

For more information, please see https://aerospacevillage.org/events/upcoming-events/def-con-29/aiaa-cubesat-hacking-workshop/


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Saturday - 11:30-12:59 PDT


Title: AIAA CubeSat Hacking Workshop - Virtual Lab #3
When: Saturday, Aug 7, 11:30 - 12:59 PDT
Where: See Description

Description:
DEF CON participants will be able to interact with CubeSat hardware and ground equipment in cybersecurity sandbox environment.

For more information, please see https://aerospacevillage.org/events/upcoming-events/def-con-29/aiaa-cubesat-hacking-workshop/


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Saturday - 14:00-15:59 PDT


Title: AIAA CubeSat Hacking Workshop - Virtual Lab #4
When: Saturday, Aug 7, 14:00 - 15:59 PDT
Where: See Description

Description:
DEF CON participants will be able to interact with CubeSat hardware and ground equipment in cybersecurity sandbox environment.

For more information, please see https://aerospacevillage.org/events/upcoming-events/def-con-29/aiaa-cubesat-hacking-workshop/


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Friday - 10:00-11:30 PDT


Title: AIAA CubeSat Hacking Workshop - World Premier of the videos
When: Friday, Aug 6, 10:00 - 11:30 PDT
Where: See Description

Description:
DEF CON participants will be able to interact with CubeSat hardware and ground equipment in cybersecurity sandbox environment.

For more information, please see https://aerospacevillage.org/events/upcoming-events/def-con-29/aiaa-cubesat-hacking-workshop/


Return to Index    -    Add to    -    ics Calendar file

 

HTSV - Friday - 13:00-13:55 PDT


Title: AIS Protocol Internals (Abridged)
When: Friday, Aug 6, 13:00 - 13:55 PDT
Where: Hack the Sea (Virtual)

SpeakerBio:Gary Kessler
Gary Kessler, Ph.D., CISSP is a principal consultant at Fathom5, a retired professor of cybersecurity, and co-author of "Maritime Cybersecurity: A Guide for Leaders and Managers." He is a past speaker at DEFCON, where he has presented on AIS cybersecurity vulnerabilities and an encryption-based demonstration-of-capability method to mitigate some of those vulnerabilities. Gary's background is in mathematics and computer science, and he has spent several decades teaching about network protocols, data communications, digital forensics, and information security. He holds a leadership position in USCG Auxiliary cybersecurity efforts, is a Master SCUBA Diver Trainer, and holds a 50GT captain license.

Description:No Description available

Hack the Sea Village will stream their events to YouTube and Twitch.

Twitch: https://www.twitch.tv/h4ckthesea

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ


Return to Index    -    Add to    -    ics Calendar file

 

HTSV - Friday - 10:00-11:50 PDT


Title: AIS Tools Demo (DEF CON)
When: Friday, Aug 6, 10:00 - 11:50 PDT
Where: Hack the Sea (Virtual)

SpeakerBio:Gary Kessler
Gary Kessler, Ph.D., CISSP is a principal consultant at Fathom5, a retired professor of cybersecurity, and co-author of "Maritime Cybersecurity: A Guide for Leaders and Managers." He is a past speaker at DEFCON, where he has presented on AIS cybersecurity vulnerabilities and an encryption-based demonstration-of-capability method to mitigate some of those vulnerabilities. Gary's background is in mathematics and computer science, and he has spent several decades teaching about network protocols, data communications, digital forensics, and information security. He holds a leadership position in USCG Auxiliary cybersecurity efforts, is a Master SCUBA Diver Trainer, and holds a 50GT captain license.

Description:
This is a placeholder event.

Hack the Sea Village will stream their events to YouTube and Twitch.

Twitch: https://www.twitch.tv/h4ckthesea

YouTube: https://www.youtube.com/channel/UC5htD_rPiP8N7v8VQKyJkOQ


Return to Index    -    Add to    -    ics Calendar file

 

DL - Friday - 10:00-11:50 PDT


Title: AIS Tools
When: Friday, Aug 6, 10:00 - 11:50 PDT
Where: DemoLab Video Channel 1

SpeakerBio:Gary Kessler
Gary Kessler, Ph.D., CISSP is a principal consultant at Fathom5, a retired professor of cybersecurity, and co-author of "Maritime Cybersecurity: A Guide for Leaders and Managers." He is a past speaker at DEFCON, where he has presented on AIS cybersecurity vulnerabilities and an encryption-based demonstration-of-capability method to mitigate some of those vulnerabilities. Gary's background is in mathematics and computer science, and he has spent several decades teaching about network protocols, data communications, digital forensics, and information security. He holds a leadership position in USCG Auxiliary cybersecurity efforts, is a Master SCUBA Diver Trainer, and holds a 50GT captain license.

Description:
Tool or Project Name: AIS Tools

Short Abstract: AIS Tools is a suite of Perl-based scripts to create, capture, interpret, and play NMEA 0183 Automatic Identification System (AIS) messages.

Short Developer Bio: Gary Kessler, Ph.D., CISSP is a principal consultant at Fathom5, a retired professor of cybersecurity, and co-author of "Maritime Cybersecurity: A Guide for Leaders and Managers." He is a past speaker at DEFCON, where he has presented on AIS cybersecurity vulnerabilities and an encryption-based demonstration-of-capability method to mitigate some of those vulnerabilities. Gary's background is in mathematics and computer science, and he has spent several decades teaching about network protocols, data communications, digital forensics, and information security. He holds a leadership position in USCG Auxiliary cybersecurity efforts, is a Master SCUBA Diver Trainer, and holds a 50GT captain license.

URL to any additional information:
https://www.garykessler.net/library/ais_pi.html https://www.garykessler.net/software/AIS_README.TXT https://gpsd.gitlab.io/gpsd/AIVDM.html
https://github.com/trendmicro/ais/

Detailed Explanation of Tool:
AIS Tools is a suite of Perl scripts that allow a user to customize and parse National Marine Electronics Association (NMEA) 0183 standard AIS messages (seen in over-the-air broadcasts per ITU Recommendation M.1371). It is conceptually based upon the TrendMicro AIS Blacktoolkit, but is an extension intended for research and development purposes by incorporating more message types and standard default values.

The suite includes the following programs and functions: AIS_menu: Allows the user to create a custom NMEA 0183 AIS message by entering parameters specific to a requested message type. (At this time, the tools supports 22 of the 27 message types.) The output of the program is a properly formatted command line with all appropriate switches for the AIS_ping program. AIS_ping: AIS_ping allows a user to define an AIS message that will be properly formatted but could, in fact, contain invalid parameter values (a la hping3). The output is a binary string representing the AIS message. The binary string could be directed to a radio transmission (using Blacktoolkit software for GNU Radio) or formatted into one or more AIS sentences using AIS_NMEA. AIS_NMEA: This program accepts an AIS message binary string and produces a set of one or more AIS sentences. AIS_parser: Decodes an NMEA binary string or AIS sentence, displaying the contents field by field. parser2html: Produces HTML formatting of parsed messages. timestamp_data: Capture live AIS data from over-the-air transmissions and store the sentences in a file with a timestamp. play_ais: Replay timestamped AIS data from a file. This is code that was used for research and development purposes, gathering input from, and directing output to, OpenCPN. Data can also be received and broadcast via software-defined radio.

More detail can be found in https://www.garykessler.net/software/AIS_README.TXT

Supporting Files, Code, etc: https://www.garykessler.net/software/index.html#ais

Target Audience:
Defense, students, researchers, product developers (but, like any good tool, can be used for offense)

This tool is specifically directed at those interested in maritime cybersecurity, particularly with respect to navigation systems, but applies to anyone interested in a deep understanding of the AIS protocol as observed in over-the-air transmissions. It will aid researchers in capturing and analyzing AIS data, and designing scenarios with which to prepare exercises and test products.


This content will be presented on a Discord video channel.

#dl-video1-voice: https://discord.com/channels/708208267699945503/734027693250576505


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Friday - 12:00-12:30 PDT


Title: Algorithmic Ethics Bug Bounty Contest Announcement
When: Friday, Aug 6, 12:00 - 12:30 PDT
Where: AI Village (Virtual)

SpeakerBio:Rumman Chowdhury
No BIO available

Description:No Description available

AI Village events will be streamed to Twitch, and later be made available as videos on YouTube.

Speakers will be made available on DEF CON's Discord, in #aiv-general-text.


Twitch: https://www.twitch.tv/aivillage

YouTube: https://www.youtube.com/c/aivillage

#aiv-general-text: https://discord.com/channels/708208267699945503/732733090568339536


Return to Index    -    Add to    -    ics Calendar file

 

HRV - Saturday - 13:30-14:30 PDT


Title: Amateur Radio Digital Modes Primer
When: Saturday, Aug 7, 13:30 - 14:30 PDT
Where: Ham Radio Village (Virtual Talks)

SpeakerBio:Jon Marler
Jon is a product manager at SecureTrust with a true passion for information security. Jon is an amateur radio operator, lockpicker, phreaker, repairer of all things, and maker. As a result of his long-standing commitment to open source software, Jon has offered his expertise as a package manager for the Debian GNU/Linux OS distribution since 1998.

Description:
Amateur radio operator Jon Marler, callsign K4CHN, presents an introduction to many of the digital modes available to amateur radio operators. Jon will be discussing the modes available for voice and data, as well as many of the hardware options available. Jon will also be presenting a very simple design for a way to connect a Raspberry Pi to your radio safely. A demonstration of slow scan television (SSTV) will be made to end the presentation before Q&A.

All Ham Radio Village talks will be streamed to Twitch, with discussion in Discord.

For more information, see https://hamvillage.org/dc29.html


Twitch: https://www.twitch.tv/hamradiovillage

#hrv-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991


Return to Index    -    Add to    -    ics Calendar file

 

HRV - Saturday - 11:00-11:59 PDT


Title: Amateur Radio Mesh Networking: Enabling Higher Data-rate Communications
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: Ham Radio Village (Virtual Talks)

SpeakerBio:Tyler Gardner
Tyler Gardner holds a General class U.S. amateur radio license. He received his first license in 2017 and enjoys participating in ARES, contesting, public service events, and digital modes. While attending college in Logan, Utah, Tyler was a member of the Bridgerland Amateur Radio Club. He now participates in amateur radio organizations in Dayton, Ohio, including the Miami Valley Mesh Alliance. Professionally, Tyler holds a master's degree in Aerospace Engineering and works as a research engineer.

Description:
Amateur radio encompasses a broad range of activities and applications. From contests and events to emergency communications and public service, hams have many different interests they can explore. One area that is being enabled by modern wireless technologies is mesh networking. Typical digital radio modes, such as those based on AX.25, offer low data rates. While fairly robust and widely used, the low data rates of these modes limits their capabilities. Mesh networking, such as AREDN, can supplement and empower many aspects of your amateur radio operations - and the entry cost is quite low! This presentation will talk about what mesh networking is, how it is being used by amateur radio operators, and how you can get started with mesh networking yourself!

All Ham Radio Village talks will be streamed to Twitch, with discussion in Discord.

For more information, see https://hamvillage.org/dc29.html


Twitch: https://www.twitch.tv/hamradiovillage

#hrv-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991


Return to Index    -    Add to    -    ics Calendar file

 

HRV - Sunday - 11:00-12:30 PDT


Title: An Introduction to RF Test Equipment
When: Sunday, Aug 8, 11:00 - 12:30 PDT
Where: Ham Radio Village (Virtual Talks)

SpeakerBio:Kurits Kopf
Kurits Kopf is a software engineer, technology enthusiast, and perpetual hobby collector. He is a video game industry veteran, working in Los Angeles. When he's not building games or playing them with his kids, he's in the garage tinkering. He has been taking interesting things apart to see how they work since childhood, and sometimes has even managed to put them back together.

Description:
An overview covering several common pieces of equipment used in RF and Ham Radio testing, focusing on oscilloscopes, spectrum analyzers, and vector network analyzers. I cover the basics of each and demonstrate common uses of the equipment for RF testing on both homebrew and commercial equipment. I also introduce other testing tools, including temperature controlled oscillators, dummy loads, and attenuators.

All Ham Radio Village talks will be streamed to Twitch, with discussion in Discord.

For more information, see https://hamvillage.org/dc29.html


Twitch: https://www.twitch.tv/hamradiovillage

#hrv-presentation-text: https://discord.com/channels/708208267699945503/736674835413073991


Return to Index    -    Add to    -    ics Calendar file

 

WS - Saturday - 15:00-18:59 PDT


Title: Analysis 101 and 102 for the Incident Responder
When: Saturday, Aug 7, 15:00 - 18:59 PDT
Where: Workshops - Las Vegas 1+2 (Onsite Only)

SpeakerBio:Kristy Westphal , Vice President, Security Operations
Kristy Westphal is a versatile information technology professional with specific experience in providing advisory and management services in the area of information security and risk is currently employed as the Vice President, Security Operations at a financial services company. Specializing in leadership and program development, specific expertise in security areas includes: process analysis, risk assessments, security awareness programs, operating system security, network security, incident handling, vulnerability analysis and policy development.

Description:
You have a theory about something you have found while roaming the network or conducting your own hackfest, but how do you go about proving it? This workshop will be a hands-on journey deep into the world of analysis. While analysis is a bit of an art form, there are methods that can be applied to make it less of a gut feeling and more of a scientific approach to support your hypothesis. From network forensics to log analysis to endpoint forensics and cloud log analysis, we will review numerous quick methods to gain context over the data you have gathered and apply critical thinking in an attempt to find the answers. Sometimes, the answers weren’t meant to be found, but we’ll also discuss how to make the best of any conclusion that you reach.

Registration Link: https://www.eventbrite.com/e/analysis-101-and-102-for-the-incident-responder-las-vegas-1-2-tickets-162220226063

Prerequisites
None

Materials needed:
Laptop with Wireshark installed


Return to Index    -    Add to    -    ics Calendar file

 

WS - Friday - 10:00-13:59 PDT


Title: Analysis 101 and 102 for the Incident Responder
When: Friday, Aug 6, 10:00 - 13:59 PDT
Where: Workshops - Las Vegas 3+4 (Onsite Only)

SpeakerBio:Kristy Westphal , Vice President, Security Operations
Kristy Westphal is a versatile information technology professional with specific experience in providing advisory and management services in the area of information security and risk is currently employed as the Vice President, Security Operations at a financial services company. Specializing in leadership and program development, specific expertise in security areas includes: process analysis, risk assessments, security awareness programs, operating system security, network security, incident handling, vulnerability analysis and policy development.

Description:
You have a theory about something you have found while roaming the network or conducting your own hackfest, but how do you go about proving it? This workshop will be a hands-on journey deep into the world of analysis. While analysis is a bit of an art form, there are methods that can be applied to make it less of a gut feeling and more of a scientific approach to support your hypothesis. From network forensics to log analysis to endpoint forensics and cloud log analysis, we will review numerous quick methods to gain context over the data you have gathered and apply critical thinking in an attempt to find the answers. Sometimes, the answers weren’t meant to be found, but we’ll also discuss how to make the best of any conclusion that you reach.

Registration Link: https://www.eventbrite.com/e/analysis-101-and-102-for-the-incident-responder-las-vegas-3-4-tickets-162216976343

Prerequisites
None

Materials needed:
Laptop with Wireshark installed


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Friday - 10:00-15:59 PDT


Title: Antenny
When: Friday, Aug 6, 10:00 - 15:59 PDT
Where: Aerospace Village (Virtual Workshop)

Description:
Come together to build on Antenny boards. Make things that can talk to the sky with very very very affordable hardware. What becomes possible when we have 1000 ground stations? I have a few ideas, I’m sure participants will have many others. Let’s build it and find out together!

Return to Index    -    Add to    -    ics Calendar file

 

ASV - Saturday - 10:00-15:59 PDT


Title: Antenny
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Virtual Workshop)

Description:
Come together to build on Antenny boards. Make things that can talk to the sky with very very very affordable hardware. What becomes possible when we have 1000 ground stations? I have a few ideas, I’m sure participants will have many others. Let’s build it and find out together!

Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Friday - 15:00-15:30 PDT


Title: Approaches to Attract, Develop, and Retain an Industrial Cybersecurity Workforce
When: Friday, Aug 6, 15:00 - 15:30 PDT
Where: ICS Village (Virtual)
Speakers:John Ellis,Julia Atkinson

SpeakerBio:John Ellis , Siemens Energy
John Ellis has 10 years of experience in global customer-centric strategic and business roles with a focus on relationship building, commercial intelligence, strategic advisory, and transforming technological innovation into business success. In his current role as the Global Head of Industrial Cyber Alliances at Siemens Energy, he works to develop partnerships between industry, academia, and government to solve some of the most challenging critical infrastructure cybersecurity challenges. John holds a BS in Mechanical Engineering and an MS in Engineering Management from the University of Maryland Baltimore County, an MBA from Johns Hopkins Carey Business School, and an MPS in Cybersecurity and Information Assurance from Penn State.

SpeakerBio:Julia Atkinson , Siemens Energy
Julia Atkinson has 10 years of relationship building experience across multiple sectors including business, government, NGO, and journalism. As a Global Cyber Program Alliance Manager at Siemens Energy, Julia believes in the power of diverse partnerships in solving today’s cybersecurity challenges. Julia graduated with her Master’s Degree in International Economics and Strategic Studies from The Johns Hopkins School of Advanced International Studies and holds a Bachelor’s in Political Science from Yale University.

Description:
Gaps in the industrial cybersecurity workforce leave critical infrastructure assets vulnerable to attack. In a 2020 ICS2 report, 64% of companies reported a significant or slight shortage of cybersecurity professionals. At the same time, 56% of companies reported that their organization is extremely or moderately at risk due to the cyber workforce shortage. A National Initiative for Cybersecurity Education (NICE) report found that industry-wide there was only one qualified worker to fill every 10 cybersecurity jobs in 2020. To protect the cyber-physical systems that form the lifeblood of the economy, something needs to be done to develop the ICS/OT cybersecurity workforce pipeline. This session will present models to attract, develop, and retain talent in industrial cybersecurity.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 11:00-11:45 PDT


Title: AppSec 101: A Journey from Engineer to Hacker
When: Sunday, Aug 8, 11:00 - 11:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Arjun Gopalakrishna
No BIO available

Description:
Join this session to appreciate the role of Application Security in the context of software development, by examining them side by side. We will walk through an insecure application to find (and exploit) a few security issues, and examine - from an AppSec lens - the issue classes and ways to unearth them. This is an introductory level talk, especially for hackers new to AppSec.

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

APV - Friday - 17:30-17:35 PDT


Title: AppSec Quiz Time!
When: Friday, Aug 6, 17:30 - 17:35 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Eden Stroet
No BIO available

Description:No Description available

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

APV - Saturday - 17:45-17:50 PDT


Title: AppSec Quiz Time!
When: Saturday, Aug 7, 17:45 - 17:50 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Eden Stroet
No BIO available

Description:No Description available

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 15:00-15:15 PDT


Title: AppSec Quiz Time!
When: Sunday, Aug 8, 15:00 - 15:15 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Eden Stroet
No BIO available

Description:No Description available

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 13:00-12:59 PDT


Title: AppSec Village Capture the Flag Ends
When: Sunday, Aug 8, 13:00 - 12:59 PDT
Where: AppSec Village (Virtual)

Description:
For more information, see https://www.appsecvillage.com/ctf

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

APV - Friday - 11:00-10:59 PDT


Title: AppSec Village Capture the Flag Starts
When: Friday, Aug 6, 11:00 - 10:59 PDT
Where: AppSec Village (Virtual)

Description:
For more information, see https://www.appsecvillage.com/ctf

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Saturday - 09:00-10:59 PDT


Title: APT Hunting with Splunk
When: Saturday, Aug 7, 09:00 - 10:59 PDT
Where: Packet Hacking Village - Workshops (Virtual)

SpeakerBio:John Stoner , PRINCIPAL SECURITY STRATEGIST AT SPLUNK
John Stoner (Twitter: @stonerpsu) is a Principal Security Strategist at Splunk where he enjoys writing, problem solving and building stuff, including APT Scenarios. When not doing cyber things, you can find him watching his boys play hockey, reading or binge-watching TV series that everyone else has already seen.
Twitter: @stonerpsu

Description:
Interested in practicing your hunting skills? If so, this is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the “fictional” APT group Violent Memmes. We discuss the Diamond model, building hypotheses, LM Kill Chain, and MITRE ATT&CK and how these concepts can frame your hunting. Using Splunk, we will hunt for APT activity riddling a small startup's environment. During the event, we will be presented with a "notable event" and pull on that string to conduct our own hunts based on indicators that we uncover or are identified. Depending on the hunt, we will uncover persistence, exfiltration, c2 and other adversary tactics. We may even find some PowerShell scripts. We will regroup and review the specific hunt conducted and discuss the timeline of events, a narrative that could be shared with others on your team, the artifacts that were uncovered to better identify potential future hunts, ATT&CK techniques referenced as well as what could be operationalized. At the end, we will highlight some additional datasets and content that you can take with you and try newly learned techniques yourself.

Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 11:45-12:30 PDT


Title: APT: A Short History and An Example Attack
When: Sunday, Aug 8, 11:45 - 12:30 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Mark Loveless , Researcher, Gitlab
Mark Loveless - aka Simple Nomad - is a security researcher, hacker, and explorer.He has worked in startups, large companies, hardware and software vendors. He's spoken at numerous security and hacker conferences worldwide on security and privacy topics, including Blackhat, DEF CON, ShmooCon, RSA, AusCERT, among others. He has been quoted in television, online, and print media outlets as a security expert, including CNN, Washington Post, and the New York Times. He's paranoid (justified), has done ghost hunting, been mugged four times, storm chased, and seen UFOs. He is currently a Sr Security Researcher at GitLab.
Twitter: @simplenomad
https://linkedin.com/in/markloveless

Description:
Advanced Persistent Threat. Where did this term come from? What does it really mean? Exactly how can you determine that it is a "nation state" as opposed to a run-of-the-mill attack? All of this will be explained in detail. As an example, I will use an actual attempt against my home system, with a review of collected data to illustrate the whole APT thing.

There are differences in how APT actors approach things, and this will be discussed from the perspective of someone who attacked plenty of systems in their youth - me. We'll talk about how APT differs from Red Teaming and Penetration Testing, and if you are trying to simulate it you need to throw the rulebook out of the window to do it right.


Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

VMV - Friday - 12:30-12:59 PDT


Title: Are Barcodes on Ballots Bad? 
When: Friday, Aug 6, 12:30 - 12:59 PDT
Where: Voting Village (Talks - Virtual)

SpeakerBio:Kevin Skoglund
Ke​​vin Skoglund is a digital security and election technology expert, and the President and Chief Technologist for Citizens for Better Elections, a non-profit, non-partisan group advocating for evidence-based elections. Kevin serves on the Board of Advisors for Verified Voting, participates in the NIST Voting System Cybersecurity Working Group which develops national guidelines for U.S. voting systems, and is a designated speaker on election security for the U.S. Department of State. His past work includes advising nonprofits, counties, cities, and members of the U.S. Congress on voting system technology and election legislation, researching security vulnerabilities, and identifying voting systems connected to the internet. Kevin is also a Judge of Election (chief poll worker) in Pennsylvania. Outside of his election work, Kevin has been a programmer, consultant, and teacher for over 20 years.

Description:
This presentation focuses on the use of barcodes on ballots, specifically barcodes on ballots that store vote selections. Skoglund teaches us how voting systems store votes and barcodes, explains how to decode them, and explores their attack surface from a security perspective. Through close examination of three examples (ES&S ExpressVote, Dominion ImageCast X, Unisyn Freedom Vote Tablet), the presentation explains potential attacks, and highlights detection and mitigation strategies.

Voting Village talks will be streamed to YouTube and Twitch.

Twitch: https://www.twitch.tv/votingvillagedc

YouTube: https://www.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg


Return to Index    -    Add to    -    ics Calendar file

 

LPV - Friday - 13:00-13:20 PDT


Title: Are We Still Doing it? 10 Locksport Hobbies that go Beyond Lock Picking
When: Friday, Aug 6, 13:00 - 13:20 PDT
Where: Lock Pick Village (Virtual)

SpeakerBio:Lock Noob
No BIO available

Description:
There is so much more to locksport than just lock picking. In this presentation I look at 10 inspiring locksport hobbies that every lock picker should try! From key casting to tool making, from impressioning to making jewellery and many more, you will be surprised by the range and depth of the skills you can choose from.

Lock Pick Village will be streaming their activities to Twitch and YouTube.

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Friday - 10:00-15:59 PDT


Title: ARINC 429 Lab
When: Friday, Aug 6, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Virtual + Paris Rivoli B)

Description:
Sessions will be held for small audience 15-20 users to demonstrate the structure and use of avionic-specific communication protocol (ARINC 429). This is an opportunity for hands-on experience in a controlled setting.

Return to Index    -    Add to    -    ics Calendar file

 

ASV - Saturday - 10:00-15:59 PDT


Title: ARINC 429 Lab
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: Aerospace Village (Workshop - Virtual + Paris Rivoli B)

Description:
Sessions will be held for small audience 15-20 users to demonstrate the structure and use of avionic-specific communication protocol (ARINC 429). This is an opportunity for hands-on experience in a controlled setting.

Return to Index    -    Add to    -    ics Calendar file

 

RFV - Thursday - 12:00-11:59 PDT


Title: Assless Chaps: a novel combination of prior work to crack MSCHAPv2, fast (or why MSCHAPv2 is so broken, it’s showing it’s whole ass)
When: Thursday, Aug 5, 12:00 - 11:59 PDT
Where: Radio Frequency Village (Virtual)
Speakers:singe,cablethief

SpeakerBio:singe
No BIO available

SpeakerBio:cablethief
No BIO available

Description:
"Cracking intercepted MSCHAPv2 challenge/response pairs from Wi-Fi or VPN attacks has long been known to be possible. However, unless the underlying cleartext password was common, this can take frustratingly long. Especially, for at-the-same-time attacks like the auto-crack-and-add we proposed in 2014 [1]. We’ll combine some prior work and release tooling to show how even extremely large hashlists can be run through in seconds.

MSCHAPv2 has several weaknesses, the first is that one doesn’t need the clear-text password, as merely having the MD4 hash (aka NT hash) of the password is good enough to prove to either a client or authenticator you know the password. This means we can use a technique proposed in 2020 by Sam Croley called hash shucking [2] to use large NT hash lists such as the Have I Been Pwned set [3] to determine the NT hash used in the exchange. We'll go through the theory of MSCHAPv2, why the NT hash is useful and how to use it, as well as how hashcat modes for cracking it were developed.

The second weakness relates to the work done by Moxie Marlinspike and David Hulton in 2012 [4] where they found that because MSCHAPv2 breaks the NT hash into three parts, and pads the last two bytes with NULLs, its trivially easy to brute force this part (the ass). Then a brute force of the first two parts is performed using only a single DES round by iterating the entire DES keyspace with an FPGA. However, most of us still don’t have our own MSCHAPv2 cracking FPGA rigs, and this attack isn’t widely available or practical. Instead, if we limit our input hashlist to only those with the matching last two bytes, we can perform a far more efficient hash shucking attack against the exchange. We'll go through the theory of MSCHAPv2 in use here and the optimisations devised with an associated tool.

Finally, we’ll end on why we think MSCHAPv2 needs to finally die the death it has so deserved for so long.

[1] https://sensepost.com/blog/2015/improvements-in-rogue-ap-attacks-mana-1%2F2/ and DEF CON 22 - Dominic White and Ian de Villiers - Manna from Heaven https://youtu.be/i2-jReLBSVk?t=1380

[2] DEF CON Safe Mode: Password Village - Sam Croley: What the Shuck? Layered Hash Shucking https://www.youtube.com/watch?v=OQD3qDYMyYQ

[3] https://haveibeenpwned.com/Passwords

[4] https://web.archive.org/web/20160120152007/http://cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/"

This talk has been released on YouTube.


YouTube: https://www.youtube.com/watch?v=lm7Cuktpnb4


Radio Frequency Village will not be streaming any talks, but they will be making talks available on their YouTube channel.

YouTube: https://youtube.com/c/RFHackersSanctuary


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Friday - 13:30-14:30 PDT


Title: At least ten questions for “Bad HIPPA Takes” (@BadHIPPA), 2021’s best tweeter on privacy, pandemic, and snark.
When: Friday, Aug 6, 13:30 - 14:30 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Lucia Savage , 21st Century health care strategic expert
Lucia is a nationally recognized expert on health information privacy. She was an architect of the foundational aspects of ONC's new interoperability rules. She believes in vaccine records.
Twitter: @savagelucia

Description:
From the start of the pandemic, through the election and the insurrection on the Capitol and on into the vaccine roll-out, the nationwide health privacy law, HIPAA, has gotten more famous and more misunderstood than ever. Out of this morass of politicization and polemic emerged “Bad HIPPA Takes” (@BadHIPPA), shining a light on the absurd, funny, sad and even accurate in a must-follow for anyone interested in privacy. In this session, we’ll ask Bad HIPPA Takes some questions, check out their views based on the past year, and even see if they have any inkling about the future of privacy law in the U. S.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

PYV - Friday - 10:00-10:59 PDT


Title: ATM Transaction Reversal Frauds (And how to fight them)
When: Friday, Aug 6, 10:00 - 10:59 PDT
Where: Payment Village (Virtual)

SpeakerBio:Hector Cuevas Cruz
No BIO available

Description:
Transaction Reversal Frauds (TRF) are a type of attack that doesn't require a malware, complex physical attacks or even opening an ATM, instead they abuse some business and operational rules defined by the financial institutions to cash-out an ATM. This presentation describe what Transaction Reversal Frauds are, why this type of attacks are on rise and more important, how to detect them through an integral analysis of journaling and some other logs

Payment Village events will stream to Twitch and YouTube.

--

Twitch: https://www.twitch.tv/paymentvillage

YouTube: https://www.youtube.com/c/PaymentVillage


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Friday - 09:30-10:59 PDT


Title: Attack and Detect with Prelude Operator and Security Onion
When: Friday, Aug 6, 09:30 - 10:59 PDT
Where: Blue Team Village - Workshop Track 1 (Virtual)

SpeakerBio:Wes Lambert
Wes Lambert is the Director of Support and Professional Services at Security Onion Solutions, where he helps customers to implement enterprise security monitoring solutions and understand their computer networks. A huge fan of OSS projects, Wes loves to solve problems and enhance security using completely free and easily deployable tools.
Twitter: @therealwlambert

Description:
In this workshop, we’ll leverage Prelude Operator, an easy-to-use desktop platform for autonomous red teaming. With Operator, we can generate adversary profiles, complete with TTPs and goals, then deploy an “adversary”, evaluating our detection coverage against the MITRE ATT&CK framework using Security Onion, a free and open platform for intrusion detection, enterprise security monitoring, and log management. By providing network, host, and other types of data, Security Onion can provide a leg up to defenders, allowing them to track down their adversaries and make them cry.

This talk will go over the introduction of red/purple teaming, along with how individuals can emulate adversary actions, as well as track those actions across their enterprise, evaluating their detection coverage.

We'll first go over how a tool like Prelude Operator can be used to emulate these adversary actions, then learn how Security Onion can be leveraged to detect these actions and track our coverage across the MITRE attack framework.

Throughout the discussion the following tools will be introduced:

Prelude Operator - autonomous red-teaming platform, creating adversaries to test detection Zeek - Policy-neutral NIDS
Suricata - Signature-based NIDS
Stenographer – Full Packet capture
Playbook - Detection development
ATT&CK Navigator - Track detection coverage Strelka - File analysis
Osquery - Host-based monitoring
Wazuh - HIDS


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Friday - 12:05-12:50 PDT


Title: Attacking Modern Environments Series: Attack Vectors on Terraform Environments
When: Friday, Aug 6, 12:05 - 12:50 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Mazin Ahmed
Mazin Ahmed is a security engineer that specializes in AppSec and offensive security. He is passionate about information security and has previously found vulnerabilities in Facebook, Twitter, Linkedin, and Oracle to name a few. Mazin is the developer of several popular open-source security tools that have been integrated into security testing frameworks and distributions. Mazin also built FullHunt.io, the next-generation continuous attack surface security platform. He is also passionate about cloud security where he has been running dozens of experiments in the cloud security world.
Twitter: @mazen160

Description:
Ever come across an environment in an engagement that uses Terraform for IAC (infrastructure-as-code) management? Almost every modern company does now.

In this talk, I will be sharing techniques and attack vectors to exploit and compromise Terraform environments in engagements, as well as patterns that I have seen that achieve successful infrastructure takeover against companies. I will be also covering prevention methods for the discussed attack vectors in my talk. This is part of my work-in-progress research in cloud security and attacking modern environments.


Cloud Village activities will be streamed to YouTube.

YouTube: https://www.youtube.com/cloudvillage_dc


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 14:00-14:45 PDT


Title: Attacking Modern Environments Series: Attack Vectors on Terraform Environments
When: Sunday, Aug 8, 14:00 - 14:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Mazin Ahmed
No BIO available

Description:No Description available

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

CON - Thursday - 18:00-17:59 PDT


Title: AutoDriving CTF
When: Thursday, Aug 5, 18:00 - 17:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/238185 and https://autodrivingctf.org/

Return to Index    -    Add to    -    ics Calendar file

 

PYV - Friday - 12:00-12:59 PDT


Title: Automated Tear Machines
When: Friday, Aug 6, 12:00 - 12:59 PDT
Where: Payment Village (Virtual)

SpeakerBio:Meadow Ellis
No BIO available

Description:
Short, yet packed with information talk about why ATMs are bad, why they are a literal magnet for criminals, what types of attacks do actually happen and why it is so bloody hard to do any kind of research on them, unless you are a criminal. I won't bore you with stuff you can read on Wikipedia but rather give you an overview of terms, parts and crazy things people do to either get the money out of you or out of an ATM itself. And, what can you do to try and protect yourself and what to do when you see something 'that doesn't look right'. Don't tear off the magstripe from your card, though.

Payment Village events will stream to Twitch and YouTube.

--

Twitch: https://www.twitch.tv/paymentvillage

YouTube: https://www.youtube.com/c/PaymentVillage


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Saturday - 11:30-12:15 PDT


Title: AWS cloud attack vectors and security controls
When: Saturday, Aug 7, 11:30 - 12:15 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Kavisha Sheth
Kavisha is a Security Analyst at Appsecco. She is a cloud security and machine learning enthusiast who dabbles in application and API security and is passionate about helping customers in securing their IT assets. Kavisha is a member of a number of security communities including null community, InfoSecGirls, and WiCys India group. She believes in giving back to the community and frequently finds audiences to talk about Attacking GraphQL, different techniques to bypass authentication and Attacking AWS. When not breaking apps for Appsecco, Kavisha spends time learning and researching on different areas of security . She has also been listed as one of the top security researchers of the nation by NCIIPC RVDP.
Twitter: @sheth_kavisha

Description:
In the last decade, cloud computing has been incorporated in various industries, from Health to Military, which has been meticulously guided by exploring related technologies in the industry and academia alike. The enterprise computing model have shifted from on-site infrastructure to remote data centers which is accessible via internet and managed by cloud service providers.However, Many companies breached on AWS moved sensitive data to AWS without following best practices or implementing cloud security controls correctly. Main objective of the session is to bring awareness about some of the AWS cloud attack vectors and as well as security controls that can help. You get to know discovery, identification and exploitation of security weaknesses, misconfigurations lead to complete compromise of the cloud infrastructure. As,Cloud attack vectors and security controls are different as security professional you need to be aware about attack vector and controls. So, you will also learn about what can be possible best practices, detective controls to avoid some of the misconfigurations. In this session: - Learn about how an attacker can perform reconnaissance, leverage network, AWS Lambda functions, S3 misconfiguration and implementation in weaknesses to steal credentials and data. - Learn how misconfigurations and other leading cloud vulnerabilities put you at risk to exploitation with some real world example - Learn about Security controls, possible best practices, detective controls to avoid these misconfigurations

Cloud Village activities will be streamed to YouTube.

YouTube: https://www.youtube.com/cloudvillage_dc


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Saturday - 13:50-14:35 PDT


Title: Azure Active Directory Hacking Wars
When: Saturday, Aug 7, 13:50 - 14:35 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Batuhan Sancak
Hello Cloud Village. I'm Batuhan (@nullx3d). He is a cyber security researcher. He's living Turkey and studying Management Information Systems at university. He's 21 age years old. He feel like he belong in cyberspace. Web Application Security, Linux structure is very attractive for he. He work on virtual machines, live web systems and on new technology(cloud security). Batuhan gave trainings and presentations in many universities in his country. He shares his experiences and works on his personal blog (docs.rka0x.com). If you accept he for defcon cloud village, he will very happy. This is he dream. he hopes you like the CFP.
Twitter: @nullx3d

Description:
Abstract Azure is one of the most popular cloud services today. It has 15.4 million customers worldwide. 95% of Fortune 500 companies use Azure. If you look at it from the hacker point of view, that's perfect. Is Azure completely secure? No! No system is completely secure. It would be good to talk about Azure and talk about attack techniques. Check out the attack vectors. The results obtained by comparing attack vectors and defense vectors will be beneficial for everyone. In this presentation, I would like to talk about Azure Active Directory technology and attack vectors. I wrote the titles for you to review. Outline

Cloud Village activities will be streamed to YouTube.

YouTube: https://www.youtube.com/cloudvillage_dc


Return to Index    -    Add to    -    ics Calendar file

 

SOC - Friday - 14:00-15:59 PDT


Title: BADASS Meetup (Virtual)
When: Friday, Aug 6, 14:00 - 15:59 PDT
Where: See Description

Description:
We represent the BADASS army, an organization that empowers and assists victims of revenge-porn and non-consensual images through education in privacy, operational security, and evidence collection. This’d be an event where we discuss how we fight NCI/RP, how that battlespace has changed, what we’ve learned and more.

BADASS is going to be from 2 PM PDT til 4 PM PDT on Discord in Fireside Lounge for a video discussion.


Fireside Lounge: https://discord.com/channels/708208267699945503/738141986476916826


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Friday - 11:30-11:59 PDT


Title: BCOS Village Contest Overview
When: Friday, Aug 6, 11:30 - 11:59 PDT
Where: Blockchain Village / Paris Vendome B

SpeakerBio:Reddcoin
No BIO available

Description:No Description available

This content will be presented live and in-person.

Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Friday - 13:00-13:30 PDT


Title: Beetlejuice: The Lessons We Should Have Learned For ICS Cybersecurity
When: Friday, Aug 6, 13:00 - 13:30 PDT
Where: ICS Village (Virtual)

SpeakerBio:Tim Yardley , University of Illinois Urbana-Champaign
Tim Yardley is a Principal Research Scientist and Associate Director at the Information Trust Institute (ITI) in the University of Illinois Urbana-Champaign. He works on trustworthiness and resiliency in critical infrastructure. Much of his work has focused on experimentation frameworks, device analytics, assessments, verification and validation, intrusion detection and data fusion approaches. Enough of the boring bio’s though, let’s have some fun.
Twitter: @timyardley

Description:
In this talk I will present the top 15 quotes from redacted and how we can transform them to operational advice to improve ICS cyber security. Hold tight, this is going to be a wild ride.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485


Return to Index    -    Add to    -    ics Calendar file

 

CON - Friday - 10:00-13:59 PDT


Title: Beverage Cooling Contraption Contest
When: Friday, Aug 6, 10:00 - 13:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236475

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Thursday - 10:00-13:59 PDT


Title: Biohacking Village CTF: Hospital Under Siege (Pre-Qual) (Pre-registration required)
When: Thursday, Aug 5, 10:00 - 13:59 PDT
Where: Biohacking Village (CTF)

Description:
https://www.villageb.io/ctf2021

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Friday - 10:00-10:45 PDT


Title: Biohacking Village Welcome Keynote
When: Friday, Aug 6, 10:00 - 10:45 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:Nina Alli , Executive Director, Biohacking Village
No BIO available

Description:
Willkommen, Bienvenue, Bienvenido, Bem-vindo, Добро пожаловать, أهلا بك , ברוך הבא, kaabo.

Lets talk about the strides we, as a village and a community, have made in one year.


All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Sunday - 14:00-14:30 PDT


Title: Biohacking Village Wrap-Up
When: Sunday, Aug 8, 14:00 - 14:30 PDT
Where: Biohacking Village (Talk - Virtual)

Description:
Where do we go from here?

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

IOTV - Saturday - 10:00-18:30 PDT


Title: Black Box Challenges
When: Saturday, Aug 7, 10:00 - 18:30 PDT
Where: IoT Village (Onsite)

Description:
For more information, see https://www.iotvillage.org/defcon.html

Return to Index    -    Add to    -    ics Calendar file

 

IOTV - Friday - 10:00-18:30 PDT


Title: Black Box Challenges
When: Friday, Aug 6, 10:00 - 18:30 PDT
Where: IoT Village (Onsite)

Description:
For more information, see https://www.iotvillage.org/defcon.html

Return to Index    -    Add to    -    ics Calendar file

 

BICV - Saturday - 10:30-10:30 PDT


Title: Black Cyber Exodus: The Mis-Education (Certification) of Black Cyber
When: Saturday, Aug 7, 10:30 - 10:30 PDT
Where: Blacks in Cyber

SpeakerBio:Stephen Pullum
Stephen Pullum is a Cyber Security Evangelist and Pioneer. Stephen is an entrepreneur in Accra, Ghana to his company AFRICURITY. This company brings best practices in multiple lanes of Cybersecurity, Cyber Education, Cyber Resiliency and Cyber Scalability both corporate and individual. Stephen has over 40 years in the Cybersecurity field, having began in the early '80's with the handle 'The Madhatter'. Stephen is also recognized as an Alumni of the Cult of the Dead Cow (cDc). Stephen served in the United States Air Force from 1984 to 2012, and has a unique perspective of the Cybersecurity field as he has been participating in both the culture and the proffession since it's infancy.
Twitter: @The Madhatter

Description:
In this talk I will analyze the pipeline between many Black Cyber Practitioners that were never credited or brought to the forefront and the certification plans/materials being developed for the progression of the holistic industry, as well as discuss the premise; "How much of their non-profit revenue is being invested into the Black Community which they cleverly so snared into the premise of being qualified to do a job."

In1982, CompTIA was started under another name, yet still CompTIA. In 1989, SANS/GIAC was started and in 1992, ISC2 released the CBK that would 2 years later become the CISSP. In 2001, the EC Council formed in response to the attacks on the World Trade Center. Before these so-called cybersecurity certifications, how did the founders and instructors get certified to even instruct or create these organizations? Materials such as the Rainbow Books Series were the mainstay in the Trust Computing Model environment that are still being implemented today, just rebranded. These institutions implemented disproportionate programs when they gained traction and Cyber specific programs became profitable without giving up their "non-profit" status.


Blacks in Cyber talks will be streamed on YouTube.

YouTube: https://www.youtube.com/c/BlacksInCybersecurity


Return to Index    -    Add to    -    ics Calendar file

 

CON - Friday - 12:00-17:59 PDT


Title: Blacks in Cybersecurity CTF
When: Friday, Aug 6, 12:00 - 17:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236493 or https://www.blacksincyberconf.com/ctf

Return to Index    -    Add to    -    ics Calendar file

 

BCV - Thursday - 21:00-20:59 PDT


Title: Blockchain as a Threat Modeling Thinking Tool
When: Thursday, Aug 5, 21:00 - 20:59 PDT
Where: Blockchain Village (YouTube)

SpeakerBio:Shinchul Park, Graduate Student
Shinchul Park is graduate student at the School of Cybersecurity, Korea University from 2021 and his research areas focus on security engineering, blockchain.

Description:
Threat modelling is a risk-based approach to designing secure systems. It is based on identifying threats in order to develop mitigations to them. Threat modeling is a “team sport,” because it requires the knowledge and skill set of a diverse team where all inputs can be viewed as equal in value. As the enabler of mass collaboration, blockchain is the framework that pieces everything together at a larger scale.

In this talk, we propose the first platform that combines blockchain with threat modeling. To this end, we first present a system model that combines a blockchain-based collective intelligence system with threat modeling, and then explain the role of the model, the scheme of the tool, and the operation procedure.

This talk is now available on YouTube: https://www.youtube.com/watch?v=vBGhW9gnCtU


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Friday - 14:00-14:30 PDT


Title: Blockchain Security Tools
When: Friday, Aug 6, 14:00 - 14:30 PDT
Where: Blockchain Village / Paris Vendome B

SpeakerBio:Mila Paul , Blockchain Security Researcher
Mila Paul is a researcher in cybersecurity and blockchain startup technology. Her background includes systems, network and storage in a secure and virtual infrastructure. She recently earned a Ph.D in Cyber Operations and enjoys teaching.

Description:
Blockchain was originally created by cypherpunks to integrate privacy and integrity in cash transactions. Since the inception of Bitcoin and its blockhain back-end, research and development in blockchain has revealed its strength in providing security through cryptology. This lecture inspires an exploration into finding blockchain based solution for common cybersecurity issues.

This content will be presented live and in-person.

Return to Index    -    Add to    -    ics Calendar file

 

IOTV - Friday - 14:30-15:15 PDT


Title: BLUEMONDAY Series – Exploitation & Mapping of vulnerable devices at scale through self-registration services (DATTO/ EGNYTE/ SYNOLOGY/ MERAKI/ GEOVISION)
When: Friday, Aug 6, 14:30 - 15:15 PDT
Where: IoT Village (Talk - Virtual)

SpeakerBio:Ken Pyle
Ken Pyle is a partner of CYBIR, specializing in Information Security, exploit development, penetration testing and enterprise risk management. Ken is a graduate professor of CyberSecurity at Chestnut Hill College. He has published academic works on a wide range of topics and has presented at industry events such as ShmooCon, Secureworld, HTCIA International.

Description:
Vendors like DATTO, MERAKI, GEOVISION, SYNOLOGY, EGNYTE and others are which leverage or depend on these services are imperiling data, networks, and businesses through insecure design, intentional design decisions, and web application flaws.

These devices frequently self-provision services which leak critical data or through insecure network design and installation practices which are easily mapped, attacked, and discovered via insecure vendor, software, and integrator practices (ex. PKI, Dynamic DNS, “Finder” service registrations, DNS leakage, Layer 2 Attacks / DHCP network attacks, DNS passive hijacking through domain purchases & active record injection)

Some concepts and new attacks may be obliquely referenced or held private by the researcher. Essential PoC is contained in this document and is easily reproduced using supplied narrative and screenshots.

The affected devices are easily discoverable either through insecure practices (ex. insecure Zones, algorithmic FQDN generation, lack of local network controls, public metadata leakage) or vendor provided interfaces and access methods. (DATTOWEB, DATTOLOCAL, SYNOLOGY.ME, DYNAMIC-M, GVDIP.COM, EGNYTE-APPLIANCE.COM)

Many issues develop due to these problems. For example, nearly all of these devices and appliances provide easily discoverable portals / content / metadata with which to craft extremely convincing social engineering campaigns, even in the absence of technical exploit vectors.

Host Header Attacks & 302 redirects used in concert with malicious DNS records / spoofed or squatted domains can be abused in this manner. An attacker can identify the MERAKI device a victim uses through registration, abuse the API to obtain sensitive metadata, and send the victim to a spoofed site or malicious content purported to be a Meraki Dashboard alert. An attacker can change the dynamic DNS record through a number of vectors (ex. Third party service attacks, local vectors) and effectively “hijack” the user or content being accessed.

Through our DNS harvesting and our undisclosed 0-days, we can establish a complex exploit network and botnet via poor vendor controls (ex. MIRAI) We can also hide exploit code in APIs, persist across multiple appliance types, and abuse multiple dynamic DNS networks.

The DNS zones we have provided are intentionally designed, demonstrably insecure, provide detailed information, and can be abused easily. Registrations can be abused for data exfiltration or beaconing over the vendor’s DNS network. These DYNAMIC DNS services allow for efficient, mass exploitation and recon. The poor controls and “spoofability” of these networks (will demonstrate at another time) allow an attacker to not only FIND vulnerable devices.. but automate mass exploitation via attacks such as those we provided or other common attacks.

The author wishes for this to be noted as responsible disclosure and ethical considerations for the attacks / exploits seriously impacted disclosure dates and continues to.

Some initial work can be found here:

https://cybir.com/2021/cyber-security/bluemonday-series-part-1-exploitation-mapping-of-vulnerable-devices-at-scale-through-self-registration-services/


IoT Village talks will be streamed to Twitch. Select speakers may be available in the IoT Village on-site to answer questions.

Twitch: https://www.twitch.tv/iotvillage


Return to Index    -    Add to    -    ics Calendar file

 

LPV - Sunday - 13:00-13:59 PDT


Title: Bobby Pins, More Effective Than Lockpicks?
When: Sunday, Aug 8, 13:00 - 13:59 PDT
Where: Lock Pick Village (Virtual)

SpeakerBio:John the Greek
No BIO available

Description:
When should you not have picks in your pocket? Answer, never... but This course will present to the novice and the less prepared suggestions for improvising lockpicks when the proper tools are not on hand as well as techniques of bypass that are more effective than trying to pick a lock especially when you don't have the proper tools on hand. This class is ideal for our current situation! Those interested should look around their locations for the following:

Bobby pins
Paper clips (big ones)
Pocket clips from ink pens (Pilot rollerball) Old Wind Shield Wipers
Spark Plug Gappers
Bra Underwire

... and my favorite
Street cleaner bristles


Lock Pick Village will be streaming their activities to Twitch and YouTube.

Twitch: https://www.twitch.tv/toool_us?

YouTube: https://youtube.com/c/TOOOL-US


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 10:00-10:30 PDT


Title: Bottom-Up and Top-Down: Exploiting Vulnerabilities In the OT Cloud Era
When: Sunday, Aug 8, 10:00 - 10:30 PDT
Where: ICS Village (Virtual)
Speakers:Sharon Brizinov,Uri Katz

SpeakerBio:Sharon Brizinov , Claroty
Sharon Brizinov is the vulnerability research team lead at Claroty. He specializes in vulnerability research, malware analysis, network forensics, and ICS/SCADA security. In addition, Brizinov participated in well-known hacking competitions such as Pwn2Own, and he holds a DEFCON black-badge for winning the ICS CTF.

SpeakerBio:Uri Katz , Claroty
Uri is a security researcher at Claroty specializes in reverse engineering and vulnerability research across both embedded and Windows systems.

Description:
We researched the exploitability of cloud-based management platforms responsible for monitoring industrial control systems (ICS), and developed techniques to exploit vulnerabilities in automation vendor CODESYS’ Automation Server and vulnerabilities in the WAGO PLC platform. Our research mimics the top-down and bottom-up paths an attacker would take to either control a Level 1 device in order to eventually compromise the cloud-based management console, or the reverse, commandeer the cloud in order to manipulate all networked field devices.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Sunday - 11:30-12:30 PDT


Title: Breaking Future Crypto Custody
When: Sunday, Aug 8, 11:30 - 12:30 PDT
Where: Blockchain Village / Paris Vendome B
Speakers:Mehow Powers,Chris Odom

SpeakerBio:Mehow Powers
No BIO available

SpeakerBio:Chris Odom
No BIO available

Description:No Description available

This content will be presented live and in-person.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Saturday - 11:30-12:30 PDT


Title: Breaking Historical Ciphers with Modern Algorithms
When: Saturday, Aug 7, 11:30 - 12:30 PDT
Where: Crypto & Privacy Village (Virtual)
Speakers:Elonka Dunin,Klaus Schmeh

SpeakerBio:Elonka Dunin
Elonka Dunin is co-founder of a group working to crack the Kryptos sculpture at CIA Headquarters, and a member of the National Cryptologic Foundation’s Board of Directors. Bestselling author Dan Brown named a character after her in one of his novels. She maintains popular websites about the world's most famous unsolved codes, and her publications include the book with Klaus Schmeh, "Codebreaking: A Practical Guide”, as well as a Cryptologia paper on Playfair cipher world records. She has also developed award-winning games at companies such as Simutronics.

SpeakerBio:Klaus Schmeh
Klaus Schmeh is the most-published cryptology author in the world. He has written 15 books about the subject, as well as over 200 articles, 25 scientific papers, and 1,400 blog posts. His blog "Cipherbrain" covers codebreaking and crypto history, and he is a member of the editorial board of the scientific magazine Cryptologia. He co-published his latest book "Codebreaking: A Practical Guide" with Elonka Dunin. He is known for his entertaining presentation style involving self-drawn cartoons and Lego models, and he has lectured at hundreds of conferences, including the NSA Cryptologic History Symposium and the RSA Conference. In his day job, Klaus works for a German cryptology company.

Description:
Many old encryption methods are still hard to break today. For instance, cryptanalyzing a short 19th century Playfair cipher is far from trivial. WW2 Enigma messages, spy ciphers from the Cold War, and manual methods used by criminals such as the Zodiac Killer can also be challenging, especially when the ciphertexts are short. On the other hand, techniques for breaking historical ciphers have recently made considerable progress. Computer-based cryptanalysis methods such as hill climbing and simulated annealing have been successfully applied to break original WWII Enigma messages, as well as one of the world's most famous unsolved codes, a 1970 ciphertext sent by the Zodiac Killer. The record in solving short Playfair messages has improved: whereas many years ago the shortest Playfair ciphertext that could be cracked required a minimum of 60 letters, now messages as short as 26 letters have been solved. However, many other historical ciphertexts are still unbroken to date. This presentation will introduce the most important historical ciphers, and modern techniques to break them - based on the 2020 book "Codebreaking: A Practical Guide" authored by the presenters. Many real-world examples will be provided, with slides that use an entertaining style including Lego brick models, self-drawn cartoons, and animations.

Crypto & Privacy Village will be streaming their events to YouTube and Twitch.

Twitch: https://www.twitch.tv/cryptovillage

YouTube: https://www.youtube.com/c/CryptoVillage


Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 15:00-15:59 PDT


Title: Breaking Secure Bootloaders
When: Saturday, Aug 7, 15:00 - 15:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded

SpeakerBio:Christopher Wade
Christopher is a seasoned security researcher and consultant. His main focuses are in reverse engineering hardware, fingerprinting USB vulnerabilities and playing with Software Defined Radios, with his key strength lying in firmware analysis, which he utilizes as part of the hardware testing team at Pen Test Partners.
Twitter: @Iskuri1
https://github.com/Iskuri

Description:
Bootloaders often use signature verification mechanisms in order to protect a device from executing malicious software. This talk aims to outline actionable weaknesses in modern bootloaders which allow attackers to deploy unsigned code, despite these protection mechanisms.

In the first phase of this talk, we will discuss exploitation of the bootloaders in modern Android smartphones, demonstrating weaknesses which allow for bypassing bootloader unlocking restrictions, decryption of protected user data, and deployment of malicious software to devices using full disk encryption.

In the second phase, we will discuss bootloader weaknesses in the secondary hardware used by smartphones. Using an embedded RF chip as a target, we will demonstrate reverse engineering techniques which identified weaknesses in the signature verification mechanisms of the firmware update protocols used by the bootloader, allowing for deployment of custom firmware to the chip.

REFERENCES
Travis Goodspeed - Great Ideas in Reversing the Tytera MD380: https://nullcon.net/website/archives/ppt/goa-16/Great-Ideas-in-Reversing-the-Tytera-MD380-by-Travis-Goodspeed.pdf Roee Hay - fastboot oem vuln: Android Bootloader Vulnerabilities in Vendor Customizations: https://www.usenix.org/system/files/conference/woot17/woot17-paper-hay.pdf

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=z4gIxdFfJDg

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Christopher%20Wade%20-%20Breaking%20Secure%20Bootloaders.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 12:00-12:59 PDT


Title: Breaking TrustZone-M: Privilege Escalation on LPC55S69
When: Sunday, Aug 8, 12:00 - 12:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
Speakers:Laura Abbott,Rick Altherr

SpeakerBio:Laura Abbott
Laura Abbott is a software engineer who focuses on low level software. Her background includes Linux kernel development with work in the memory management and security areas as well as ARM enablement.
Twitter: @openlabbott

SpeakerBio:Rick Altherr
Rick Altherr has a career ranging from ASICs to UX with a focus on the intersection of hardware and software, especially in server systems. His past work includes USBAnywhere, leading the unification of OpenBMC as a project under Linux Foundation, co-authoring a whitepaper on Google’s Titan, and reverse engineering Xilinx 7 Series FPGA bitstreams as part of prjxray.
Twitter: @kc8apf

Description:
The concept of Trusted Execution Environments has been broadly introduced to microcontrollers with ARM’s TrustZone-M. While much experience with TrustZone-A can be applied, architectural differences with ARMv8-M lead to a very different approach to configuration and transitions between secure and non-secure worlds. This talk will deep dive into how TrustZone-M works, where to look for weaknesses in implementations, and a detailed look into NXP LPC55S69’s implementation including discovering an undocumented peripheral that leads to a priviledge escalation vulnerability exploitable with TrustedFirmware-M. Finally, NXP PSIRT will be used as a case study in how not to respond to a vulnerability report.
REFERENCES
TrustZone technology for the ARMv8-M architecture Version 2.0; ARM; https://developer.arm.com/documentation/100690/0200

Your Peripheral Has Planted Malware -- An Exploit of NXP SOCs Vulnerability; Yuwei Zheng, Shaokun Cao, Yunding Jian, Mingchuang Qin; DEFCON 26; https://media.defcon.org/DEF CON 26/DEF CON 26 presentations/DEFCON-26-Yuwei-Zheng-Shaokun-Cao-Bypass-the-SecureBoot-and-etc-on-NXP-SOCs-Updated.pdf

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=eKKgaGbcq4o

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Laura%20Abbott%20Rick%20Altherr%20-%20Breaking%20TrustZone-M%20-%20Privilege%20Escalation%20on%20LPC55S69.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three


Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 12:00-12:59 PDT


Title: Bring Your Own Print Driver Vulnerability
When: Saturday, Aug 7, 12:00 - 12:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded

SpeakerBio:Jacob Baines
Jacob is a vulnerability researcher at Dragos. He enjoys focusing much of his research time on routers and other embedded devices. Occasionally, he finds himself looking at Windows internals. Sometimes he even finds vulnerabilities.

Description:
What can you do, as an attacker, when you find yourself as a low privileged Windows user with no path to SYSTEM? Install a vulnerable print driver! In this talk, you'll learn how to introduce vulnerable print drivers to a fully patched system. Then, using three examples, you'll learn how to use the vulnerable drivers to escalate to SYSTEM.
REFERENCES
- Yarden Shafir and Alex Ionescu, PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more) - https://windows-internals.com/printdemon-cve-2020-1048/ - voidsec, CVE-2020-1337 – PrintDemon is dead, long live PrintDemon! - https://voidsec.com/cve-2020-1337-printdemon-is-dead-long-live-printdemon/ - Zhipeng Huo and Chuanda Ding, Evil Printer: How to Hack Windows Machines with Printing Protocol - https://media.defcon.org/DEF CON 28/DEF CON Safe Mode presentations/DEF CON Safe Mode - Zhipeng-Huo and Chuanda-Ding - Evil Printer How to Hack Windows Machines with Printing Protocol.pdf - Pentagrid AG, Local Privilege Escalation in many Ricoh Printer Drivers for Windows (CVE-2019-19363) - https://www.pentagrid.ch/en/blog/local-privilege-escalation-in-ricoh-printer-drivers-for-windows-cve-2019-19363/ - space-r7, Add module for CVE-2019-19363 - https://github.com/rapid7/metasploit-framework/pull/12906 - Microsoft, Point and Print with Packages - https://docs.microsoft.com/en-us/windows-hardware/drivers/print/point-and-print-with-packages - Microsoft, Driver Store - https://docs.microsoft.com/en-us/windows-hardware/drivers/install/driver-store - Microsoft, Printer INF Files - https://docs.microsoft.com/en-us/windows-hardware/drivers/print/printer-inf-files - Microsoft, Use Group Policy settings to control printers in Active Directory - https://docs.microsoft.com/en-us/troubleshoot/windows-server/printing/use-group-policy-to-control-ad-printer

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=vdesswZYz-8

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Jacob%20Baines%20-%20Bring%20Your%20Own%20Print%20Driver%20Vulnerability.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Saturday - 14:00-15:30 PDT


Title: BTV Presents: Forensics Station - Workshop 1
When: Saturday, Aug 7, 14:00 - 15:30 PDT
Where: Blue Team Village - Workshop Track 2 (Virtual)

SpeakerBio:Omenscan
I do stuff. Sometimes it works.

Description:
Forensics Station - Workshop 1
A walkthrough of triaging "compromised" Capstone servers.

In this workshop we will walk through a quick forensic triage of the "compromised" BTV Capstone servers.

Capstone is a Blue Team Village initiative to build and attack servers (and workstations) in a controlled environment, using common attacker techniques and tools in a safe way. We then use common Blue Team defender tools to gather information and review those machines, in order to train defenders on detecting, handling, and understanding common attacks.

This is the forensics workshop, and it will cover forensic triage. It's goal is to quickly answer some basic questions like:

Did Something Happen?
If So, When Did it Happen?
What Artifacts Can Help Us?
What Forensic Tools Can Help Us?
What Should We Look at Next?

The Capstone Project will provide the Telemetry and Artifacts to the community so they can use their own tools to explore the data and share findings. We encourage everyone at every level to participate and share findings - so everyone can learn and collaborate.


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Saturday - 11:00-12:30 PDT


Title: BTV Presents: Malware Station - Maldoc Workshop
When: Saturday, Aug 7, 11:00 - 12:30 PDT
Where: Blue Team Village - Workshop Track 2 (Virtual)

SpeakerBio:Clay (ttheveii0x)
Clay is a cyber threat intelligence and malware analysis manager at a consulting company.
Twitter: @ttheveii0x

Description:
This workshop covers an overview of maldoc analysis, a demo, and a hands-on section that takes a deep dive into a malicious Excel document. VM, artifact, and guide will be available for attendees to download and follow along. Breaks will be taken after each section to give attendees time to work through the section and ask questions.

Attendees will be exposed to a number of different tools including...

REMnux
DnSpy
oletools
CyberChef
xlmdeobfuscator
shell2exe
EXCELntDonut
Invoke-Obfuscation

Target audience

SOC analysts
Forensic investigators and junior malware analysts Red team/pen testers
Anyone interested in the topic


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Sunday - 10:00-10:59 PDT


Title: BTV Presents: Threat Report Roulette
When: Sunday, Aug 8, 10:00 - 10:59 PDT
Where: Blue Team Village - Main Track (Virtual)
Speakers:Blind Hacker JoeB,Will Thomas,Ricky Banda,Karan Aditya Ghoshal,Danny D. Henderson Jr,Christopher Russell,Jorge Orchilles,Ch33r10

SpeakerBio:Blind Hacker JoeB
The Blind Hacker is an InfoSec enthusiast, mentor, coach, pentester, hacker, and more. He regularly mentors online through streams and online communities. He frequently volunteers time on workplace development for others, gives resume reviews, job advice, and coaches people into the roles they want with mock interviews. As a person with a disability, or who is differently-abled, he has never let it slow him down.
Twitter: @TheBlindHacker

SpeakerBio:Will Thomas
Will Thomas is a security researcher at Cyjax, a UK-based Cyber Threat Intelligence vendor. In his spare time, he offers his OSINT skills to work missing persons cases with the NCPTF and is a board member of the Curated Intelligence trust group. Will graduated with a BSc (Hons) in Computer and Information Security from the University of Plymouth.
Twitter: @BushidoToken

SpeakerBio:Ricky Banda
Ricky Banda is a Incident Commander for the Amazon Security Incident Response Team. He is a SANS MSISE Graduate Student, with over a dozen industry certifications and featured author in Tribe of Hackers: Blue Team Edition. He has over a decade of experience in Security Operations and Incident Response working in both Public and Private sectors.
Twitter: @teck923

SpeakerBio:Karan Aditya Ghoshal
Karan Aditya Ghoshal is a CTI Analyst at a Big Four cybersecurity firm. He is currently pursuing his Bachelors in Computer Science Engineering at Manav Rachna University.
Twitter: @0xDISREL

SpeakerBio:Danny D. Henderson Jr
Danny Henderson Jr. is a USAF veteran who is now an expat working as a Senior Cybersecurity Analyst at SecureWorks in Romania. He is a graduate of Capitol Technology University with MSc in Cyber and Information Security, six GIAC certifications in DFIR and Offensive Security.
Twitter: @B4nd1t0_

SpeakerBio:Christopher Russell
Christopher Russell is the Head of Information Security for tZERO Group Inc. He has a Masters Degree in Cybersecurity and numerous certifications and experience in cloud security, endpoint detection and response, SIEM and blockchain. He is a combat Veteran of the US Army, where he was a human intelligence (HUMINT) collector who graduated from the Defense Language Institute, for Arabic.
Twitter: @cr00ster

SpeakerBio:Jorge Orchilles
Jorge Orchilles is the Chief Technology Officer of SCYTHE, co-creator of the C2 Matrix project, and author of the Purple Team Exercise Framework. He is a SANS Certified Instructor and the author of Security 564: Red Team Exercises and Adversary Emulation.
Twitter: @jorgeorchilles

SpeakerBio:Ch33r10
Xena Olsen, @ch33r10, is a Senior Cybersecurity Analyst at a Fortune 500 Company. She is a graduate of SANS Women’s Academy with eight GIAC certifications, an MBA in IT management, and a doctoral student in cybersecurity at Marymount University.
Twitter: @ch33r10

Description:
Follow along as we spin the Threat Report Roulette Wheel and provide rapid fire responses to how we would create actionable takeaways from the publicly available, TLP: White Threat Reports. Pick up some tips and tricks to up your game! Check out our Github with links to the reports: https://github.com/ch33r10/DEFCON29-BTV-ThreatReportRoulette https://bit.ly/DC29Roulette

Threat Report Roulette will not discuss normal (BAU) CTI actions, such as searching the logs for hits on the IOCs or entering the IOCs into a Threat Intelligence Platform (TIP) or other alerting platform. Instead, the participants will focus on pivoting, TTPs, and how they would take the contents in the Threat Report to the NEXT LEVEL! When the Panelists respond to the threat reports, they are operating under the assumption that they performed the preliminary analysis and deemed the threat report relevant to their environment. The purpose of this assumption is to decrease the amount of debate on whether or not something is relevant to get to the part of the analysis that involves extracting actionable takeaways.

Spin the Threat Report Roulette Wheel - Link Moderator calls on Participant.
Participant is in the Hot Seat:

        15 seconds to organize their thoughts.
        1-5 minutes to share their thoughts on how they would get value out of the report.
    Panelists' input:
        3-5 minutes to share their insights as a group. Quick commentary that is short, sweet, rapid-fire, direct, and to the point!

Rinse & Repeat!
Check out our Github with links to the reports: https://github.com/ch33r10/DEFCON29-BTV-ThreatReportRoulette https://bit.ly/DC29Roulette


Blue Team Village talks will be streamed to Twitch.

--

Twitch: https://twitch.tv/blueteamvillage


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Sunday - 11:15-12:15 PDT


Title: BTV Presents: Welcome to #IRLIFE. A live IR TableTop Panel
When: Sunday, Aug 8, 11:15 - 12:15 PDT
Where: Blue Team Village - Main Track (Virtual)
Speakers:Clay (ttheveii0x),plug,Ch33r10,Bassem Helmy,Wayland,O'Shea (sirmudbl00d),Ben (Innismir),Tino aka Paladin316,Neumann (aka scsideath)

SpeakerBio:Clay (ttheveii0x)
Clay is a cyber threat intelligence and malware analysis manager at a consulting company.
Twitter: @ttheveii0x

SpeakerBio:plug
Plug started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually lead him to his first LA2600 meeting in 1998. From that point forward, he has been involved in computer security. Plug currently leads the Threat Hunting Program for a Fortune 20 organization. In his free time he enjoys building Legos, playing with synthesizers, and when possible, he volunteers his time to computer security events.

SpeakerBio:Ch33r10
Xena Olsen, @ch33r10, is a Senior Cybersecurity Analyst at a Fortune 500 Company. She is a graduate of SANS Women’s Academy with eight GIAC certifications, an MBA in IT management, and a doctoral student in cybersecurity at Marymount University.
Twitter: @ch33r10

SpeakerBio:Bassem Helmy
Cyber Security Professional with over eleven (11) years of experience with corporates and multinational organizations throughout the Middle East. Awarded Penetration Tester of the Year 2016 from EC-Council Foundation InfoSec Tech & Exec. Area of Expertise:

• Penetration Testing, Red Teaming, and Covert Operations • ICS / SCADA Security Assessment
• Threat Hunting Operations
• Incident Response
• Vulnerability Management and Security Assessment

Twitter: @bh3lmy

SpeakerBio:Wayland
Wayland is a cyber security practitioner with more than a decade of experience performing incident response in a variety of organizational environments. He has contributed to response efforts for multiple significant matters over the years and of late is focused on mentoring and leading the next wave of incident response professionals.
Twitter: @notx11

SpeakerBio:O'Shea (sirmudbl00d)
O'Shea Bowens is a cyber security enthusiast with 12years of experience. He is the founder and CEO of Null Hat Security which offers consulting services and addresses the cyber workforce shortage with skills and gap assessments in a custom built cyber arena. He is knowledgeable in the areas of digital forensics & incident response, threat hunting, cloud security, security analytics, security program management and architecture.
Twitter: @SirMuDbl00d

SpeakerBio:Ben (Innismir)
Ben is a security practitioner with over 15 years of hands on cyber security experience. Since 2011, Ben has been a CSIRT lead for a Fortune 500 company. In his spare time, he enjoys being a husband and dad, messing around with computers, VoIP, analog telephones, amateur radio, and generally pressing anything with a button on it. Ben was the lead author for Asterisk Hacking from Syngress Publishing, has spoken at various industry conferences, and has been featured on the BBC, New York Times, and CNET. Ben also strongly dislikes writing about himself in the third person.
Twitter: @innismir

SpeakerBio:Tino aka Paladin316
Tino has over 25 years experience in Cyber Security. His work experience spans diverse industries, a world-renowned children's hospital, a world leading Energy Company, an enterprise application service provider, a fortune 100 global manufacturing company, and a Global Financial Services Institution. His primary experience involves developing and implementing processes for Cyber Threat Hunting, Malware Analysis/Reverse Engineering, Digital Forensics/Incident Response (DFIR), and Purple Teaming. In addition, his favorite hobby is doing Cyber Security Research. He says he would do this job for free, but don't tell anyone.
Twitter: @Paladin3161

SpeakerBio:Neumann (aka scsideath)
Neumann Lim is a senior manager at Deloitte where he leads the development of the services, strategies and methodologies on cyber detection and incident response. With more than 14 years of infosec experience, he has coordinated national incident responses across multiple industries. Prior to this role, Neumann spent several years working with large enterprises and governments specializing in incident response.
Twitter: @cybersyrupblog

Description:
In this live table top, a group of panelist will be asked for their opinion on how to deal with a fictitious security incident as it unfolds. Live audience will be encourage to submit questions. Regardless of your skill level, this fun panel will take you in a day in IRLIFE!

Blue Team Village talks will be streamed to Twitch.

--

Twitch: https://twitch.tv/blueteamvillage


Return to Index    -    Add to    -    ics Calendar file

 

WS - Saturday - 10:00-13:59 PDT


Title: Bug bounty Hunting Workshop
When: Saturday, Aug 7, 10:00 - 13:59 PDT
Where: Workshops - Las Vegas 1+2 (Onsite Only)
Speakers:David Patten,Philippe Delteil

SpeakerBio:David Patten
No BIO available

SpeakerBio:Philippe Delteil , Computer Science Engineer
Philippe Delteil is Computer Science Engineer from the University of Chile, he gave his first talk at Defcon 26 Skytalks, called "Macabre stories of a hacker in the public health sector", his country's government sent 3 officials to record the talk, they did. He's been reporting bugs for a year. He's an annoying github issue opener of some opensource tools like axiom, nuclei, dalfox and bbrf; also makes small contributions to 'Can I take Over XYZ?'

Description:
Bug bounty hunting is (probably) the most hype topic in the hacking subworld, some people read amazing stories of how a 18 years old won 1 million dollars only doing legal hacking. Many hit a wall when they realize that after two months they only won points, thanks or cheap swag. Where's the money?, they ask. What should I learn and how? How many books should I read? How many minutes of Youtube tutorials? What if I lose some weight? [always recommended] How can I be the next bug bounty millionare? In this workshop I will show you a path to be a bug bounty hunter, from my experience starting by chance and from scratch. I will teach you how to use the tools I use everyday to find bugs, but most importantly how to see bug bounty hunting as a complex business process .

What to know before
- Basic idea of bugs (and bounty hunting) - Basic Linux commands (sed, awk, grep) - Shell scripting basics
- Have some practice doing recon

What you will learn
- How bug bounty programs/platforms work - What tools hunters use and how do they work - How to hunt for bugs (hopefully for profit) - Automatization of your hunting process

How technical is the class
- 30% theory and concepts
- 70% Installing, configuring and using tools to find bugs. Send some reports if we are lucky.

What tools are we going to use
- Scanners/automated tools: nuclei, axiom, bbrf, dalfox, Burp. - Recon tools (subfinder, amass, assetfinder, waybackurls, httpx and more)

What to read/watch in advance
- Books

Registration Link: https://www.eventbrite.com/e/bug-bounty-hunting-workshop-tickets-162219297285

Prerequisites
Basic knowledge about Bug bounty programs Basic Linux Commands

Materials needed:
Laptop with Kali Linux (native or virtual machine).


Return to Index    -    Add to    -    ics Calendar file

 

CHV - Friday - 14:00-14:59 PDT


Title: Bug Hunter's Guide to Bashing for a Car Hacking Bug Bash or Contest
When: Friday, Aug 6, 14:00 - 14:59 PDT
Where: Car Hacking Village - Talks (Virtual)

SpeakerBio:Jay Turla , Manager, Security Operations at Bugcrowd
Jay Turla is a Manager, Security operations at Bugcrowd Inc., and one of the goons of ROOTCON. He has been acknowledged and rewarded by Facebook, Adobe, Yahoo, Microsoft, Mozilla, etc. for his responsible disclosures. He has also contributed auxiliary and exploit modules to the Metasploit Framework: Host Header Injection Detection, BisonWare BisonFTP Server Buffer Overflow, Zemra Botnet CnC Web Panel Remote Code Execution, Simple Backdoor Shell Remote Code Execution, w3tw0rk / Pitbul IRC Bot Remote Code Execution, etc. He used to work for HP Fortify where he performs Vulnerability Assessment, Remediation and Advance Testing.

Description:
Bug Bounty Programs and Bug Bashes geared towards vehicles or automobiles are getting attention now. A lot of our brethren have also been wining some of these competitions. What is their secret to their success? How do you prepare for one? This talk will summarize some techniques and methodologies the speaker observed during his stint as a triager for automotive security bugs and a common car hacker. This talk will also be an eye opener for other bug hunters who wants to dive into car hacking so that they may be able to participate car hacking bug bashes soon.

This talk will stream on YouTube.


YouTube: https://www.youtube.com/watch?v=5-JM1QRGUYc


Return to Index    -    Add to    -    ics Calendar file

 

CHV - Saturday - 14:00-14:59 PDT


Title: Build Automotive Gateways with Ease
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: Car Hacking Village - Talks (Virtual)

SpeakerBio:Don Hatfield
No BIO available

Description:
Vehicle network architectures within modern vehicles have been transformed by the introduction of automotive gateways. These gateways enable seamless communication between different vehicle networks and are central to the success of modern architectures. In this presentation, we are going to cover some of the challenges that automotive engineers face when tasked with converting data between old and new network protocols. We’ll also detail how this process is made much easier.

This talk will stream on YouTube.


YouTube: https://www.youtube.com/watch?v=3elYcORppls


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 13:30-13:59 PDT


Title: Building an ICS Firing Range (in our kitchen): Sharing Our Journey & Lessons Learned (so you don’t have to)
When: Sunday, Aug 8, 13:30 - 13:59 PDT
Where: ICS Village (Virtual)
Speakers:Moritz Thomas,Nico Leidecker

SpeakerBio:Moritz Thomas , NVISO
Moritz is a security consultant working in the NVISO Software and Security assessment team. He is an ICS and IoT enthusiast, getting into the latest technologies in both fields. He loves to program and reverse engineer stuff.

SpeakerBio:Nico Leidecker , NVISO
Nico has worked in IT security for over 15 years as security consultant and penetration tester. For the past two years, his focus has been on all several aspects of OT security. At NVISO Germany, he leads the security assessment team.

Description:
Aiming to improve our own expertise in ICS security, we went to build our own ICS firing range for internal and external trainings, and hacking demos. It covers multiple technical aspects about IT infrastructure, PLC configuration and programming, ICS protocols and specific methodologies for red and blue teaming. Beginning with a bridge operation scenario we planned our approach on implementing the ICS Firing Range addressing all levels of the Purdue Model, from enterprise to physical processes. We were faced with a variety of practical challenges and challenges specific to the ICS context and prototyping: we learned how to implement ladder logic, how CAD modelling works, how to print 3D models with a 3D printer and how to combine all ICS and bridge components into a single, confined and mobile lab environment. Lastly, we designed a series of kill chains for our firing range that we use for trainings on a variety of professions such as digital forensics and incident response.

ICS Village will be releasing their events to YouTube at each event's scheduled time. Discussion will be available on Discord in #ics-speaker-questions-and-answers-text.

YouTube: https://www.youtube.com/channel/UCI_GT2-OMrsqqglv0JijHhw

#ics-speaker-questions-and-answers-text: https://discord.com/channels/708208267699945503/735937961908109485


Return to Index    -    Add to    -    ics Calendar file

 

DC - Friday - 16:00-16:45 PDT


Title: Bundles of Joy: Breaking macOS via Subverted Applications Bundles
When: Friday, Aug 6, 16:00 - 16:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Patrick Wardle
Patrick Wardle is the founder of Objective-See. Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing free open-source security tools to protect Mac users.
Twitter: @patrickwardle
https://objective-see.com/

Description:
A recent vulnerability, CVE-2021-30657, neatly bypassed a myriad of foundational macOS security features such as File Quarantine, Gatekeeper, and Notarization. Armed with this capability attackers could (and were!) hacking macOS systems with a simple user (double)-click. Yikes!

In this presentation we’ll dig deep into the bowels of macOS to uncover the root cause of the bug: a subtle logic flaw in the complex and undocumented policy subsystem. Moreover, we’ll highlight the discovery of malware exploiting this bug as an 0day, reversing Apple’s patch, and discuss novel methods of both detection and prevention.

REFERENCES
“All Your Macs Are Belong To Us” https://objective-see.com/blog/blog_0x64.html “macOS Gatekeeper Bypass (2021 Edition)” https://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508 “Shlayer Malware Abusing Gatekeeper Bypass On Macos” https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=raSTgFqYaoc

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Patrick%20Wardle%20-%20Bundles%20of%20Joy%20-%20Breaking%20macOS%20via%20Subverted%20Applications%20Bundles.mp4


This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Saturday - 17:15-18:15 PDT


Title: C2Centipede: APT level C2 communications for common reverse HTTP shell tools
When: Saturday, Aug 7, 17:15 - 18:15 PDT
Where: Adversary Village (Virtual)

SpeakerBio:Jose Garduno , Senior Security Consultant, Dreamlab Technologies AG
José Garduño is a senior security consultant at Dreamlab Technologies since 2014, where he usually takes part in security audits, pentesting and red teaming engagements. He has participated as a speaker in several technical conferences like: Hackito Ergo Sum (France), Swiss Cybersecurity days (Switzerland), DSS ITSEC (Latvia), 8.8 Security Conference (Chile, Bolivia), OWASP Patagonia (Argentina), Congreso Seguridad en Computo UNAM (Mexico), DragonJar Security Conference (Colombia), where he has presented his work on privacy attacks on Latin-America (The government as your hacking partner), Hacking with open hardware platforms (revisiting hardware keyloggers, say hi to mikey: an offensive hardware keylogger) and C2 detection (RATSPOTTING: Analysis of popular Remote Administration Tools & discovery of C2 servers on the wild)

Description:
Adversaries have been continuously improving their malware to be stealthier and more resilient on both the victim’s host as well as on the network.Examples of these innovations on the latter include Fast Flux networks, Domain Generation Algorithms and Domain Fronting among other techniques.

Unfortunately, open source tools for threat emulation currently have limited support for such advanced features, leaving redteams with easy to detect C2 communications. We present C2Centipede, a proxy tool that provides these features to HTTP reverse shell tools (like Metasploit or Empire) to be stealthier on the network by dynamically and transparently modifying the trojan’s C2 communication routing and beaconing strategies, with the aim of evading some of the blueteam’s detection strategies.

BEACONING EVASION

Detection of HTTP reverse shell beaconing activity is possible because most of the patterns on which malware sends the beacons through the network can be identified as they occur in static time intervals or are adjusted in specific increments, attributes which are possible to detect using statistical analysis.[1]

For instance, Metasploit’s reverse_http meterpreter sends a message to the C2 server every 100 milliseconds and increases the interval by this same measure each time the C2 server gives no new jobs to the trojan, up to a maximum of 10 seconds.[2]

It is easy then for tools like RITA to perform statistical analysis on the number, timing and size of connections between pairs of hosts (source, destination)[3]. This IP-pair evaluation works in the most typical approach of having only one IP per C2 server. We implement a beaconing detection evasion method that works by 1) Altering the trojan’s C2 communication message interval and 2) Splitting and routing the C2 communication among many C2 server addresses to hide beaconing and exfiltration.

JITTER MODIFICATION

The Achille’s heel of most RAT (Remote Access Trojan) and TES (Threat Emulation Software) tools network stealthiness is fixed beaconing intervals. The time interval between each message that goes to the C2 server is usually hardcoded and just too short, making manyrequests across the network, so we have incorporated in the tool, better control of the beaconing, with the possibility of modifying the jitter on the fly or having preset configurations, like allowing C2 communication just on certain time window.

Some RAT/TES tools will fail after a specific amount of unsuccessful C2 communication attempts, so the C2Centipede proxy client cannot just drop the HTTP calls that don’t fit the operator’s beaconing strategy, therefore fake C2 response messages are generated in order to keep the trojan alive.

FAUX FLUX

The concept of Fast Flux networks as a technique to improve a botnet’s C2 availability has been in use since 2007-2008.[4] Using this technique, an attacker can hide the real C2 server behind proxies (which are usually compromised edge servers in a botnet), and distributing said proxies IPs through DNS records with a very low TTL[5], allowing them to rapidly (and thus the name fast flux) change the resolved IP for a given domain name. This results in making the shutdown of each C2 IP so difficult as to be usually compared to a whack a mole game.[4] The weakness of this approach is the reliance on a domain name[5], which can be sinkholed by the domain name registrar, as in the case of the shutdown of the Conficker botnet.[4] Some of the common detection methods for Fast Flux networks is the low TTL (time to live) of the record and a high number of IPs resolved for that record.[3]

We have incorporated the C2 proxying technique without the DNS and botnet requirements by utilizing open reverse tcp/http tunnels found on the internet, which provide plenty of IP addresses on which we can spread our C2 comms and provide anonymity as the real C2 server is hidden behind the reverse proxy. In our most recent internet-wide survey we found more than 1.5K servers that could be abused for this purpose

MULTIFRONTING

Domain fronting (ATT&CK T1090.004) is a widely used technique for evading network detection. This technique hides the trojan’s HTTP requests to the C2 as if it was directed to another domain hosted on the same Content Delivery Network (CDN) as the attacker’s. Without TLS inspection, where a mismatch between TLS’s SNI and the HTTP header could be detected, it becomes very hard for the defenders to detect malicious traffic using this technique, having as a last resource the detection via statistical analysis like beaconing detection.

C2Centipede has the ability to utilize multiple domain fronting configurations, which are not necessarily on the same CDN, this provides additional resilience in case one of the CDN providers blocks the redteamer’s account.

DOMAIN GENERATION ALGORITHMS

We have incorporated Flubot’s algorithm for Domain Generation Algorithm (ATT&CK: T1568.002). The seed, and maximum number of domains generated are easily configurable.

DYNAMIC PROXY CONFIGURATION

C2Centipede’s configuration on the server and client can be modified on the fly by the operator. The original trojan’s and C2 messages are wrapped in the tool’s own HTTP messages along with the configuration changes of the routing, jitter and encryption settings for the c2centipede client and server. These are piggybacked on the original HTTP requests, requiring no additional “noise” in the network.

LIMITATIONS

The tool currently works with reverse HTTP shells that close the TCP connections (eg. Metasploit, Empire) and currently does not support those with long connections (eg. PoshC2, Koadic)


Adversary Village talks and workshops will be streamed on YouTube and Twitch.

Q&A sessions will happen in DEF CON Official Discord server after each talk.


YouTube: https://www.youtube.com/channel/UCOhn9WALnpb5YAbW18R1Hzg

Twitch: https://twitch.tv/adversaryvillage

Discord: https://discord.gg/defcon


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Saturday - 09:00-16:59 PDT


Title: California Cyber Innovation Challenge CTF -- Pre-registration Required
When: Saturday, Aug 7, 09:00 - 16:59 PDT
Where: Aerospace Village (Virtual CTF)

Description:
Cal Poly

Starts August 7, 2021@ 9 AM PST,
Ends Aug 8, 2021 5 PM PST

Registration available at https://www.cognitoforms.com/CCI17/CaliforniaCyberInnovationChallengeAEROSPACEVILLAGEDEFCON2021

The CCIC promotes Gamification & Esports for Space and Cybersecurity Skills Development. This is an electronic game of clue that has characters and threat actors or the person(s) who committed the Space and Cyber crime. Find the person(s) of interest that you think committed the crime. You are Cybernauts and Cyber Sleuth Analysts. Remember, throughout the challenge, record and take notes of all information, findings, evidence, and clues regarding characters you encounter. Take note of technical skills you executed to create a digital forensics analysis report of who committed the crime and their motives.

About the Crime:

A multi-billion dollar company led by CEO, William Gecko, Moonshot Satellite’s constellation of 5000 CubeSat’s, located in Low Earth Orbit (LEO), provides a mesh-network of internet access to over 20 million commercial and governmental customers around the globe. Moonshot Satellite, a small cube satellite company whose constellation satellite infrastructure provides communication services that deliver Internet access to over 200 million individual commercial customers and real-time communications support for numerous government agencies.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Saturday - 11:20-11:50 PDT


Title: Can I Make My Own Social Threat Score?
When: Saturday, Aug 7, 11:20 - 11:50 PDT
Where: Recon Village (Virtual)

SpeakerBio:MasterChen
No BIO available
Twitter: @chenb0x

Description:No Description available

Recon Village talks will stream to YouTube.

YouTube: https://www.youtube.com/c/ReconVillage


Return to Index    -    Add to    -    ics Calendar file

 

APV - Saturday - 17:00-17:45 PDT


Title: Can’t Stop the Code: Embrace the Code
When: Saturday, Aug 7, 17:00 - 17:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Alton Crossley
No BIO available

Description:
You can't stop the code. So how do you make it all secure? The answer is: you don't. Let's discuss securing your software while using proprietary third parties and Open Source without disrupting ecosystems or innovation.

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 12:00-12:45 PDT


Title: Car Hacking + Bug Hunting Field Guide for Appsec Hackers
When: Sunday, Aug 8, 12:00 - 12:45 PDT
Where: AppSec Village (Virtual)

SpeakerBio:Jay Turla DELETE ME
No BIO available

Description:No Description available

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

CON - Friday - 10:00-23:55 PDT


Title: Car Hacking CTF
When: Friday, Aug 6, 10:00 - 23:55 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236495

Return to Index    -    Add to    -    ics Calendar file

 

CAHV - Saturday - 14:00-14:59 PDT


Title: Career Hacking: Tips and Tricks to Making the Most of your Career
When: Saturday, Aug 7, 14:00 - 14:59 PDT
Where: Career Hacking Village (Talk)

SpeakerBio:Andy Piazza
No BIO available

Description:
At some point in your infosec career, you’ll hit a point of “now what?”. You may experience this as soon as you land your first role, or you’ll experience it as a seasoned veteran of the field. There are plenty of talks out there now for “getting into infosec”, but where is the advice for managing and maintaining a career? This is my attempt to fill that gap. This talk will discuss several key areas for building an awesome career, including actionable takeaways for becoming a better analyst, teammate, and leader. Most importantly, I’ll break down the How and Why behind each concept presented and include specific examples based on real experiences.

This talk will be available on YouTube: https://www.youtube.com/watch?v=oozqj7axNYM


Career Hacking Village content will be available on YouTube.

YouTube: https://youtube.com/careerhackingvillage


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Friday - 13:00-13:59 PDT


Title: Catching (and Fixing) an Unlimited Burn Vulnerability
When: Friday, Aug 6, 13:00 - 13:59 PDT
Where: Blockchain Village / Paris Vendome B

SpeakerBio:Nadir Akhtar , Blockchain Security Engineer, Coinbase
Blockchain security engineer @ Coinbase with deep expertise in digital asset security vulnerabilities https://blog.coinbase.com/securing-an-erc-20-token-for-launch-on-coinbase-68313652768f Former President, Blockchain @ Berkeley edX Blockchain Fundamentals curriculum developer and lecturer

Nadir Akhtar is a Blockchain Security engineer at Coinbase, where he leads security reviews of assets under consideration for Coinbase listing. Previously at Quantstamp, he audited smart contracts and contributed to a book on smart contract security fundamentals. He graduated from UC Berkeley in 2019 with a degree in Computer Science. During his time in Blockchain at Berkeley, he was President and an instructor for the UC Berkeley-endorsed blockchain fundamentals edX course series, reaching over 225,000 enrolled students to date.


Description:
Bitcoin, Ethereum, and more blockchains come with an infamous storage problem: taking up too much space on miners’ hard drives. In response, protocols are implementing novel methods for reducing the size of the blockchain, often deleting accounts beneath a certain balance. DOT provides a case study of the financial consequences to exchanges of pruning account data.

In this talk, you’ll learn about Polkadot’s reaping mechanism and its implications for exchanges and other organizations managing DOT at scale. We’ll dive into the “Existential Deposit,” understanding its motivation for existing in the network as well as the implications of pruning account data below a certain threshold, namely replay attacks.

We’ll discover how replay attacks can be performed, as well as their consequences through a demonstration along with some protocol-level mitigations. We’ll discuss how naively reaping accounts can still expose exchanges to attacks, investigate potential but infeasible mitigations, then finally reveal the solution which Coinbase discovered for protection against replay attacks.

Finally, we’ll examine some final edge cases which arose from the final solution, demonstrating that protecting against attacks may not be perfect but significantly improves our defenses.


This content will be presented live and in-person.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Friday - 11:00-11:59 PDT


Title: Caught you - reveal and exploit IPC logic bugs inside Apple
When: Friday, Aug 6, 11:00 - 11:59 PDT
Where: DCTV/Twitch #3 Pre-Recorded
Speakers:Chuanda Ding,Yuebin Sun,Zhipeng Huo

SpeakerBio:Chuanda Ding
Chuanda Ding is a senior security researcher on Windows platform security. He leads EcoSec team at Tencent Security Xuanwu Lab. He was a speaker at Black Hat Europe 2018, DEF CON China 2018, CanSecWest 2017, CanSecWest 2016, and QCon Beijing 2016.
Twitter: @FlowerCode_

SpeakerBio:Yuebin Sun
Yuebin Sun is a senior security researcher at Tencent Security Xuanwu Lab.
Twitter: @yuebinsun2020

SpeakerBio:Zhipeng Huo
Zhipeng Huo is a senior security researcher on macOS and Windows platform security at Tencent Security Xuanwu Lab. He was a speaker at Black Hat Europe 2018 and DEF CON 28.
Twitter: @R3dF09

Description:
Apple's iOS, macOS and other OS have existed for a long time. There are numerous interesting logic bugs hidden for many years. We demonstrated the world's first public 0day exploit running natively on Apple M1 on a MacBook Air (M1, 2020). Without any modification, we exploited an iPhone 12 Pro with the same bug.

In this talk, we will show you the advantage and beauty of the IPC logic bugs, how we rule all Apple platforms, Intel and Apple Silicon alike, even with all the latest hardware mitigations enabled, without changing one line of code. We would talk about the security features introduced by Apple M1, like Pointer Authentication Code (PAC), System Integrity, and Data Protection. How did they make exploiting much harder to provide better security and protect user's privacy. We will talk about different IPC mechanisms like Mach Message, XPC, and NSXPC. They are widely used on Apple platforms which could be abused to break the well designed security boundaries.

We will walk you through some incredibly fun logic bugs we have discovered, share the stories behind them and methods of finding them, and also talk about how to exploit these logic bugs to achieve privilege escalation.

REFERENCES
https://www.youtube.com/watch?v=Kh6sEcdGruU https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT211850 https://support.apple.com/en-us/HT212011 https://support.apple.com/en-us/HT212317 https://helpx.adobe.com/security/products/acrobat/apsb20-24.html https://helpx.adobe.com/security/products/acrobat/apsb20-48.html https://helpx.adobe.com/security/products/acrobat/apsb20-67.html

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=oAMZxKsZQp0

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Zhipeng%20Huo%20Yuebin%20Sun%20Chuanda%20Ding%20-%20Caught%20you%20-%20reveal%20and%20exploit%20IPC%20logic%20bugs%20inside%20Apple.mp4


This talk has been pre-recorded and will be released to the DEF CON Media Server, torrents, and YouTube. At the time of this event, it will also stream on DCTV3, both in local hotels and on Twitch.

DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_three


Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 15:00-15:45 PDT


Title: Central bank digital currency, threats and vulnerabilities
When: Saturday, Aug 7, 15:00 - 15:45 PDT
Where: Track 2 Live; DCTV/Twitch #2 Pre-Recorded

SpeakerBio:Ian Vitek
Ian Vitek has a background as a pentester but has worked with information security in the Swedish financial sector the last 10 years. Currently working with security of the Swedish retail central bank digital currency prototype at the Riksbank, the Swedish central bank. Interested in web application security, network layer 2 (the writer of macof), DMA attacks and local pin bypass attacks (found some on iPhone).

Description:
What are the threats and vulnerabilities of a retail central bank digital currency (CBDC)? The central bank of Sweden has built a prototype of a retail CBDC system and I will run through the procurement requirements and design and point out where a two-tier CBDC need protection against attacks. The prototype is built on Corda Token SDK and I have during tests found reliable ways to exploit weaknesses in the design. The presentation will focus on the vulnerabilities that can crash the service that handles the tokens and permanently lock tokens rendering tokens and digital wallets useless. The presentation will also go into detail how tokens are validated and how information from all earlier transactions is needed for this. With D3.js and HTML5 I will visualize the token history (backchain) and describe how this can be a problem with GDPR and the Swedish bank secrecy regulation.

The presentation will end with a summary of identified threats and weaknesses of a two-tier retail central bank digital currency prototype and how to handle them. The goal of the presentation is to give the attendees insight of the security implications, challenges depending on the design and where an attack can be carried out and everything that cannot be missed when designing a CBDC.

REFERENCES
https://www.ingwb.com/media/3024436/solutions-for-the-corda-security-and-privacy-trade-off_-whitepaper.pdf https://d3js.org/

--

This talk has been released to YouTube and the DEF CON Media server.

YouTube: https://www.youtube.com/watch?v=-MK0bn3Ys_M

Media: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/DEF%20CON%2029%20-%20Ian%20Vitek%20-%20Central%20bank%20digital%20currency%2C%20threats%20and%20vulnerabilities.mp4


This talk will be given live in Track 2.

This talk has also been pre-recorded and will be broadcast on DCTV2, both in local hotels and on Twitch.


DCTV Channel Map: https://dctv.defcon.org/

Twitch: https://www.twitch.tv/defcon_dctv_two


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Saturday - 13:00-13:30 PDT


Title: Certified Ethereum Professional (CEP) Overview
When: Saturday, Aug 7, 13:00 - 13:30 PDT
Where: Blockchain Village / Paris Vendome B

SpeakerBio:Abstrct
Abstrct has spent his quarantine bringing dirty progressive and dancey funk to your living rooms, kitchens, patios, and pools each weekend, but holy heck is he ready to bring the party back to DEF CON proper.

https://soundcloud.com/abstrct/saturday-morning-quarantoons-ep46 https://imgur.com/m5Jcql2
https://twitter.com/Abstr_ct
https://www.twitch.tv/abstr_ct

Twitter: @Abstr_ct

Description:No Description available

This content will be presented live and in-person.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 09:00-20:59 PDT


Title: Chillout Lounges
When: Sunday, Aug 8, 09:00 - 20:59 PDT
Where: See Description
Speakers:DJ Pie & Darren,Louigi Verona,Merin MC,s1gns of l1fe,Mixmaster Morris

SpeakerBio:DJ Pie & Darren
No BIO available

SpeakerBio:Louigi Verona
No BIO available

SpeakerBio:Merin MC
No BIO available

SpeakerBio:s1gns of l1fe
No BIO available

SpeakerBio:Mixmaster Morris
No BIO available

Description:
There are two onsite chillout lounges available: Bally's Silver Ballroom, and Paris Concorde A.

There will be chill music playing:

09:00-12:00 DJ Pie & Darren
12:00-12:40 s1gns of l1fe
12:40-13:30 Louigi Verona
14:30-16:10 Mixmaster Morris
16:10-Close Merin MC

You can also watch the chill room stream on Twitch.


Twitch: https://www.twitch.tv/defcon_chill


Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 09:00-20:59 PDT


Title: Chillout Lounges
When: Saturday, Aug 7, 09:00 - 20:59 PDT
Where: See Description
Speakers:djdead,DJ Pie & Darren,kampf,Rusty Hodge,Merin MC,Brian Behlendorf

SpeakerBio:djdead
No BIO available

SpeakerBio:DJ Pie & Darren
No BIO available

SpeakerBio:kampf
No BIO available

SpeakerBio:Rusty Hodge
No BIO available

SpeakerBio:Merin MC
No BIO available

SpeakerBio:Brian Behlendorf
No BIO available

Description:
There are two onsite chillout lounges available: Bally's Silver Ballroom, and Paris Concorde A.

There will be chill music playing:

09:00-12:00 DJ Pie & Darren
12:00-13:30 kampf
13:30-15:00 Merin MC & Rusty
15:00-18:00 Brian Behlendorf
19:00-21:00 djdead

You can also watch the chill room stream on Twitch.


Twitch: https://www.twitch.tv/defcon_chill


Return to Index    -    Add to    -    ics Calendar file

 

DC - Friday - 09:00-20:59 PDT


Title: Chillout Lounges
When: Friday, Aug 6, 09:00 - 20:59 PDT
Where: See Description
Speakers:djdead,DJ Pie & Darren,kampf,Merin MC,s1gns of l1fe,Mixmaster Morris

SpeakerBio:djdead
No BIO available

SpeakerBio:DJ Pie & Darren
No BIO available

SpeakerBio:kampf
No BIO available

SpeakerBio:Merin MC
No BIO available

SpeakerBio:s1gns of l1fe
No BIO available

SpeakerBio:Mixmaster Morris
No BIO available

Description:
There are two onsite chillout lounges available: Bally's Silver Ballroom, and Paris Concorde A.

There will be chill music playing:

09:00-12:00 DJ Pi & Darren
12:00-12:40 s1gns of l1fe
12:40-14:20 Mixmaster Morris
14:30-17:00 kampf
17:00-18:30 Merin MC
18:30-21:00 djdead

You can also watch the chill room stream on Twitch.


Twitch: https://www.twitch.tv/defcon_chill


Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 09:00-20:59 PDT


Title: Chillout Lounges
When: Thursday, Aug 5, 09:00 - 20:59 PDT
Where: See Description
Speakers:djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC

SpeakerBio:djdead
No BIO available

SpeakerBio:DJ Pie & Darren
No BIO available

SpeakerBio:kampf
No BIO available

SpeakerBio:Rusty Hodge
No BIO available

SpeakerBio:Louigi Verona
No BIO available

SpeakerBio:Merin MC
No BIO available

Description:
There are two onsite chillout lounges available: Bally's Silver Ballroom, and Paris Concorde A.

There will be chill music playing:

09:00-12:00 DJ Pi & Darren
12:00-13:30 kampf
13:30-16:00 Rusty Hodge
16:00-16:51ish Louigi Verona
17:30 Merin MC
19:00-21:00 djdead

You can also watch the chill room stream on Twitch.


Twitch: https://www.twitch.tv/defcon_chill


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Saturday - 11:00-11:59 PDT


Title: Chinese Military Bioweapons and Intimidation Operations: Part III
When: Saturday, Aug 7, 11:00 - 11:59 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:RedDragon
No BIO available

Description:
Chinese Military Bio Weapons Future State is third in a three part series examining the Chinese military use of biological reagents in a kinetic capacity. The unrestricted warfare strategy outlined in the early 1990's clearly defines this Chinese military initiative. The supply chain, Program 863 and other supporting components of his strategy will be revealed. It is TLP : RED

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Saturday - 12:30-13:30 PDT


Title: Cloud security for healthcare and life sciences
When: Saturday, Aug 7, 12:30 - 13:30 PDT
Where: Biohacking Village (Talk - Virtual)

SpeakerBio:MIchelle Holko , Innovating at the intersection of biology technology and security at Google
Michelle Holko is a PhD scientist in genomics and bioinformatics, working at the intersection of biology, technology, and security. She currently works with at Google with the healthcare and life sciences cloud team. Prior to joining Google, she was a White House Presidential Innovation Fellow.

Description:
Cloud computing is increasingly used, across sectors, to scale data storage, compute, and services on demand. There are many recent examples of healthcare and life sciences cloud-based projects, including AnVIL for genomics data and the All of Us Research Program for precision medicine research. These cloud implementations include data and analytic workflows that pose added security concerns due to the sensitive nature of the information. This panel will discuss recent use cases highlighting best security practices for cloud computing in healthcare and life sciences.

All Biohacking Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/channel/UCm1Kas76P64rs2s1LUA6s2Q


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 12:20-13:05 PDT


Title: Cloud Security Orienteering
When: Sunday, Aug 8, 12:20 - 13:05 PDT
Where: Cloud Village (Virtual)

SpeakerBio:Rami McCarthy
Rami McCarthy is a Staff Security Engineer at Cedar (a healthtech unicorn), and a recovering Security Consultant. He spent 3 years at NCC Group where he executed dozens of security assessments and sat on the Cloud Security working group. He was a core contributor to ScoutSuite - a multi-cloud auditing tool (and SaaS offering), and released sadcloud - a tool for Terraforming insecure AWS environments. Rami holds the CCSK, the AWS Certified Security – Specialty, and is completing an MS in information security leadership.
Twitter: @ramimacisabird

Description:
Most of us are not lucky enough to have architected the perfect cloud environment, according to this month's best practices, and without any legacy elements or ""surprise"" assets. Over the course of a career in cloud security, you'll likely find yourself walking into a new environment and needing to rapidly orient yourself to both mitigate the biggest risks and also develop a roadmap towards a sustainable, secure future. As a security consultant, I had the challenge and opportunity to enter blind into a variety of cloud environments. They were across Azure, GCP, and AWS, some well-architected and others organically sprawling, containing a single account/project and hundreds. This gave me a rapid education in how to find the information necessary to familiarize myself with the environment, dig in to identify the risks that matter, and put together remediation plans that address short, medium, and long term goals. This talk will present a cloud and environment agnostic methodology for getting your bearings if tasked with securing a novel cloud environment. We'll learn by applying this to a sample AWS environment in order to cover:

Cloud Village activities will be streamed to YouTube.

YouTube: https://www.youtube.com/cloudvillage_dc


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Friday - 07:00-12:15 PDT


Title: Cloud Village CTF - Registration
When: Friday, Aug 6, 07:00 - 12:15 PDT
Where: See Description

Description:
For more information, see https://cloud-village.org/

Return to Index    -    Add to    -    ics Calendar file

 

CLV - Friday - 11:00-12:15 PDT


Title: Cloud Village CTF
When: Friday, Aug 6, 11:00 - 12:15 PDT
Where: See Description

Description:
For more information, see https://cloud-village.org/

Return to Index    -    Add to    -    ics Calendar file

 

CON - Friday - 10:00-15:59 PDT


Title: CMD+CTRL
When: Friday, Aug 6, 10:00 - 15:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236481

Return to Index    -    Add to    -    ics Calendar file

 

CON - Saturday - 10:00-15:59 PDT


Title: CMD+CTRL
When: Saturday, Aug 7, 10:00 - 15:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236481

Return to Index    -    Add to    -    ics Calendar file

 

CON - Friday - 00:00-23:59 PDT


Title: Coindroids
When: Friday, Aug 6, 00:00 - 23:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236482

Return to Index    -    Add to    -    ics Calendar file

 

ASV - Friday - 15:30-15:55 PDT


Title: Collecting CANs: a Bridge Less Traveled
When: Friday, Aug 6, 15:30 - 15:55 PDT
Where: Aerospace Village (Virtual Talk)

SpeakerBio:Peace Barry
Having worked as a Metasploit developer and later as a manager of Metasploit development at Rapid7, Pearce currently keeps busy doing security research at Rumble, Inc. and following advances in space technologies.

Description:
We’ll step back a few years to early 2017, when @zombieCraig released the Metasploit Hardware Bridge as a mechanism to allow Metasploit Framework to reach into networks beyond Ethernet. While the now-defunct HWBridge initially focused on automotive targets, some of that tech, including CAN buses and RF transceivers, has commonality in aviation targets. In this talk, we’ll cover basic design and use of the HWBridge, how one can use it with CAN and RF transceivers, and what it takes to set it up.

This talk will be streamed on YouTube: https://www.youtube.com/watch?v=6nxlqh-m3Jc


Aerospace Village talks will be streamed to YouTube.

YouTube: https://www.youtube.com/c/AerospaceVillage


Return to Index    -    Add to    -    ics Calendar file

 

APV - Friday - 09:05-09:59 PDT


Title: Colorful AppSec
When: Friday, Aug 6, 09:05 - 09:59 PDT
Where: AppSec Village (Virtual)
Speakers:Luis Gomes,Erez Yalon,Pedro Umbelino,Tanya Janca

SpeakerBio:Luis Gomes
No BIO available

SpeakerBio:Erez Yalon
No BIO available

SpeakerBio:Pedro Umbelino
No BIO available

SpeakerBio:Tanya Janca
No BIO available

Description:No Description available

AppSec Village events will be streamed to YouTube.

YouTube: https://www.youtube.com/c/appsecvillage


Return to Index    -    Add to    -    ics Calendar file

 

CHV - Friday - 12:00-12:59 PDT


Title: Commercial Transportation: Trucking Hacking
When: Friday, Aug 6, 12:00 - 12:59 PDT
Where: Car Hacking Village - Talks (Virtual)

SpeakerBio:Ben Gardiner
Mr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure heavy vehicles at the NMFTA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior YFS Inc. and joining the NMFTA team in 2019, Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer.
Twitter: @BenLGardiner

Description:
Join us for a technical review of the how-to of hacking big rig trucks. Included is an overview and introduction to commercial transportation, specifically trucking (tractors and trailers), and its technologies. It will cover the vehicle networks J1939, J1708/J1587 and J2497, how they operate and what they can be used for both intentionally and unintentionally. Several tools for truck hacking are presented and a survey of the public truck attacks are covered. Many tools are introduced and discussed, some are covered with examples. Attendees should leave with a good sense of what are the potentially fruitful areas of technical research into commercial transport cybersecurity and how they can equip themselves to successfully explore those areas. Some exposure to the CAN bus is assumed but no specific experience with commercial transport is needed.

This talk will stream on YouTube.


YouTube: https://www.youtube.com/watch?v=RzcpZODAJE0


Return to Index    -    Add to    -    ics Calendar file

 

DC - Friday - 10:00-10:59 PDT


Title: Community Roundtable - (De)Criminalizing Hacking Around the Globe
When: Friday, Aug 6, 10:00 - 10:59 PDT
Where: Policy (Virtual & SkyView 1)

Description:
In the last 12 months, the Supreme Court has weighed in on the Computer Fraud and Abuse Act, a groundswell of support has arisen in the UK to reform the Computer Misuse Act, and a proposed law in Mexico would have criminalized hacking. In all cases, members of the hacker community had a voice. And with several more upcoming in the next 12 months, our community needs to continue engaging with policymakers so they understand our value to the global security ecosystem.

For virtual access, register here: https://us02web.zoom.us/meeting/register/tZcvd-yqpzkqE9bzjZeppc0bGmvkYjHnwQZN


Return to Index    -    Add to    -    ics Calendar file

 

DC - Friday - 15:30-16:30 PDT


Title: Community Roundtable - 10 years after SOPA: where are we now?
When: Friday, Aug 6, 15:30 - 16:30 PDT
Where: Policy (Virtual)

Description:
Ten years ago the Internet nearly changed forever, with the passage of the SOPA/PIPA bills. Driven by copyright interests, it would have unleashed new powers for individuals and governments to censor speech online. Thanks to the public outrage by enough users, those bills didn't make it into law. But whether it comes cloaked in copyright, privacy, antitrust, or some other initiative, the appetite to control speech still continues to inform Internet policymaking discussions. Will they succeed this time in shaping new law? What happens to the Internet if they do? Come discuss these and other questions with Internet policy practitioners who interact with them daily.

Register here: https://us02web.zoom.us/meeting/register/tZAqdO2tqT0tGdRR1k_xro6MUseFIxMUAuGf


Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 11:30-12:30 PDT


Title: Community Roundtable - If only you knew
When: Saturday, Aug 7, 11:30 - 12:30 PDT
Where: Policy (Virtual)

Description:
Regardless of the hat you wear – whether you are a policy person dealing with technology, a tech person reacting to policy, a legal advisor struggling to bridge the two, or a business person looking to keep the lights on in the meantime – you all confront your own challenges and issues. What are the top one or two things you know well about those challenges that you wish everyone else did? Come to this session to meet people wearing different hats than you and share those insights.

Register here: https://us02web.zoom.us/meeting/register/tZAlc-2pqT8uHNARKeSvxvivpQHj3UYH3hwV


Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 16:00-16:59 PDT


Title: Community Roundtable - Implementing Cyber Solarium Commission Policy
When: Saturday, Aug 7, 16:00 - 16:59 PDT
Where: Policy (Virtual & SkyView 1)

Description:
Within a year of publication of the Cyberspace Solarium Commission report, at least 25 of its recommendations were passed into law by Congress. Solarium Commission leadership wants to know how to improve their next set of recommendations - such as the Bureau of Cyber Statistics - before they become law, and wants DEF CON's help to do so. Commission staff will present their topics and elicit feedback from you and your fellow hackers to avoid unintended consequences and to strengthen their implementation plans.

For virtual access, register here: https://us02web.zoom.us/meeting/register/tZItdOCsqDouHd3-on_4mXNeaIsDQhq7HEz1


Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 13:00-14:59 PDT


Title: Community Roundtable - RANSOMWARE: Combatting Ransomware on a Global Stage / The realities of responding to ransomware
When: Saturday, Aug 7, 13:00 - 14:59 PDT
Where: Policy (Virtual & SkyView 1)

Description:
Part 1:
Ransomware has made front page headlines and taken top stage in policy conversations, with even the US President issuing a letter to CEOs, Congress grilling Colonial Pipeline’s CEO, and the president of France committing 1 Billion Euro to fight ransomware in hospitals. While drafting and spreading technical “best practices” have failed to protect critical infrastructure around the world, which public policy levers are best suited to do so?

Part 2:
If it's Tuesday, it must be another ransomware attack. So what is a law-abiding company to do? If they pay, it just encourages the attacks. If they don't, then their business may suffer, or worse. Meanwhile, breach-notification regulation may have started a ticking clock forcing their hand – potentially in ways that are counter-productive to other policy efforts to stem the tide of these attacks. In this session we'll confront the practical realities and policy dilemmas these attacks provoke.

For virtual access, register here: https://us02web.zoom.us/meeting/register/tZYvduuorzgtG9MAPy9QjVRAaaC4JKIu89aq


Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 10:00-10:59 PDT


Title: Community Roundtable - Supply Chain in the COVID Era
When: Saturday, Aug 7, 10:00 - 10:59 PDT
Where: Policy (Virtual & SkyView 1)

Description:
During the global COVID pandemic, accidents and adversaries revealed opaque and ignored supply chain security issues in near-catastrophic ways. With global markets, global suppliers, global networks, and global adversaries, is there space for a globally-cohesive approach to shoring up supply chain security?

For virtual access, register here: https://us02web.zoom.us/meeting/register/tZcud-Gprj8qE92RoBYuXTWhhHsakUjGvoLc


Return to Index    -    Add to    -    ics Calendar file

 

DC - Saturday - 16:00-16:59 PDT


Title: Community Roundtable - Thinking About Election Security
When: Saturday, Aug 7, 16:00 - 16:59 PDT
Where: Policy (Virtual)

Description:
Election security has left the realm of election professionals and is now top of mind for anyone. But what does it mean? Is it just about the security of voting equipment? Or the security of the entire system of running elections? If you haven't been able to catch the Voting Village's content, or would like the opportunity for a deeper dive on some of the issues policymakers are wrestling with, this session is for you.

Register here: https://us02web.zoom.us/meeting/register/tZUlfu6hqTMoGtxIQ8TXdKvAUL4gZLj9x_o8


Return to Index    -    Add to