Talk/Event Schedule

Thursday

This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC

Thursday - 10:00 PDT

Return to Index - Locations Legend

BHV - Biohacking Village CTF: Hospital Under Siege (Pre-Qual) (Pre-registration required) -
CON - Tin Foil Hat Contest -
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
PYV - Welcome to the Payment Village

Thursday - 11:00 PDT

Return to Index - Locations Legend

Thursday - 12:00 PDT

Return to Index - Locations Legend

BHV - cont...(10:00-13:59 PDT) - Biohacking Village CTF: Hospital Under Siege (Pre-Qual) (Pre-registration required) -
CON - cont...(10:00-16:59 PDT) - Tin Foil Hat Contest -
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
RFV - Frag, You’re it - Hacking Laser Tag - Eric Escobar
RFV - ESP8266, do you know what's inside your IoT? - JoshInGeneral
RFV - Using UAV in Military Zone Areas by GPS Spoofing with RF Devices - Mehmet Onder Key
RFV - Assless Chaps: a novel combination of prior work to crack MSCHAPv2, fast (or why MSCHAPv2 is so broken, it’s showing it’s whole ass) - singe,cablethief
RFV - RF Propagation and Visualization with DragonOS - cemaxecuter
SOC - Friends of Bill W. -

Thursday - 13:00 PDT

Return to Index - Locations Legend

Thursday - 14:00 PDT

Return to Index - Locations Legend

CON - cont...(10:00-16:59 PDT) - Tin Foil Hat Contest -
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

Thursday - 15:00 PDT

Return to Index - Locations Legend

Thursday - 16:00 PDT

Return to Index - Locations Legend

Thursday - 17:00 PDT

Return to Index - Locations Legend

BCV - COSTA (Coinbase Secure Trait Analyzer) - Peter Kacherginsky
BCV - DeFi Must Change or Hacks Will Accelerate - Kadan Stadelmann
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
DDV - cont...(15:00-18:59 PDT) - Data Duplication Village - Open for dropoff only -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-21:59 PDT) - Toxic BBQ -
SOC - cont...(16:00-17:59 PDT) - QueerCon Party -
SOC - Friends of Bill W. -

Thursday - 18:00 PDT

Return to Index - Locations Legend

CON - AutoDriving CTF -
DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
DDV - cont...(15:00-18:59 PDT) - Data Duplication Village - Open for dropoff only -
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-21:59 PDT) - Toxic BBQ -
SOC - QueerCon Virtual Mixer

Thursday - 19:00 PDT

Return to Index - Locations Legend

DC - cont...(07:00-19:59 PDT) - DEF CON Human Registration (Badge Pickup) Open -
DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-21:59 PDT) - Toxic BBQ -

Thursday - 20:00 PDT

Return to Index - Locations Legend

DC - cont...(09:00-20:59 PDT) - Chillout Lounges - djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-21:59 PDT) - Toxic BBQ -

Thursday - 21:00 PDT

Return to Index - Locations Legend

BCV - Flash Loans Demystified - Anto Joseph
BCV - Blockchain as a Threat Modeling Thinking Tool - Shinchul Park, Graduate Student
BCV - Subtle and Not So Subtle Ways to Lose Your Cryptocurrency - Josh McIntyre
BCV - Will Secure Element Really Help Strengthen the Security of Cryptocurrency Wallets? - Byeongcheol Yoo
BCV - Scaling Blockchains: A Novel Approach - Colin Cantrell
BCV - Towards Understanding the Unlimited Approval in Ethereum - Dabao Wang
BCV - Preventing Sandwich Attacks on DeFi Protocols using Recurrent and Recursive Zero Knowledge Proofs - Gokul Alex
MUS - Music - CTRL/RSM - CTRL/rsm
MUS - Music - Deep Therapy - Deep Therapy
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -
SOC - cont...(16:00-21:59 PDT) - Toxic BBQ -

Thursday - 22:00 PDT

Return to Index - Locations Legend

MUS - Music - Abstrct - Abstrct
MUS - Music - Tense Future - Tense Future
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

Thursday - 23:00 PDT

Return to Index - Locations Legend

MUS - Music - Dr. McGrew - Dr. McGrew
MUS - Music - FuzzyNop - FuzzyNop
SOC - cont...(13:00-23:59 PDT) - A&E Pool Party! -

Talk/Event Descriptions

SOC - Thursday - 13:00-23:59 PDT

Title: A&E Pool Party!
When: Thursday, Aug 5, 13:00 - 23:59 PDT
Where: Bally's Pool

Description:
Pool Party Schedule is listed here: https://forum.defcon.org/node/238025

Return to Index - Add to

- ics Calendar file

RFV - Thursday - 12:00-11:59 PDT

Title: Assless Chaps: a novel combination of prior work to crack MSCHAPv2, fast (or why MSCHAPv2 is so broken, it’s showing it’s whole ass)
When: Thursday, Aug 5, 12:00 - 11:59 PDT
Where: Radio Frequency Village (Virtual)
Speakers:singe,cablethief

SpeakerBio:singe
No BIO available

SpeakerBio:cablethief
No BIO available

Description:
"Cracking intercepted MSCHAPv2 challenge/response pairs from Wi-Fi or VPN attacks has long been known to be possible. However, unless the underlying cleartext password was common, this can take frustratingly long. Especially, for at-the-same-time attacks like the auto-crack-and-add we proposed in 2014 [1]. We’ll combine some prior work and release tooling to show how even extremely large hashlists can be run through in seconds.

MSCHAPv2 has several weaknesses, the first is that one doesn’t need the clear-text password, as merely having the MD4 hash (aka NT hash) of the password is good enough to prove to either a client or authenticator you know the password. This means we can use a technique proposed in 2020 by Sam Croley called hash shucking [2] to use large NT hash lists such as the Have I Been Pwned set [3] to determine the NT hash used in the exchange. We'll go through the theory of MSCHAPv2, why the NT hash is useful and how to use it, as well as how hashcat modes for cracking it were developed.

The second weakness relates to the work done by Moxie Marlinspike and David Hulton in 2012 [4] where they found that because MSCHAPv2 breaks the NT hash into three parts, and pads the last two bytes with NULLs, its trivially easy to brute force this part (the ass). Then a brute force of the first two parts is performed using only a single DES round by iterating the entire DES keyspace with an FPGA. However, most of us still don’t have our own MSCHAPv2 cracking FPGA rigs, and this attack isn’t widely available or practical. Instead, if we limit our input hashlist to only those with the matching last two bytes, we can perform a far more efficient hash shucking attack against the exchange. We'll go through the theory of MSCHAPv2 in use here and the optimisations devised with an associated tool.

Finally, we’ll end on why we think MSCHAPv2 needs to finally die the death it has so deserved for so long.

[1] https://sensepost.com/blog/2015/improvements-in-rogue-ap-attacks-mana-1%2F2/ and DEF CON 22 - Dominic White and Ian de Villiers - Manna from Heaven https://youtu.be/i2-jReLBSVk?t=1380

[2] DEF CON Safe Mode: Password Village - Sam Croley: What the Shuck? Layered Hash Shucking https://www.youtube.com/watch?v=OQD3qDYMyYQ

[3] https://haveibeenpwned.com/Passwords

[4] https://web.archive.org/web/20160120152007/http://cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/"

This talk has been released on YouTube.

YouTube: https://www.youtube.com/watch?v=lm7Cuktpnb4

Radio Frequency Village will not be streaming any talks, but they will be making talks available on their YouTube channel.

YouTube: https://youtube.com/c/RFHackersSanctuary

Return to Index - Add to

- ics Calendar file

CON - Thursday - 18:00-17:59 PDT

Title: AutoDriving CTF
When: Thursday, Aug 5, 18:00 - 17:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/238185 and https://autodrivingctf.org/

Return to Index - Add to

- ics Calendar file

BHV - Thursday - 10:00-13:59 PDT

Title: Biohacking Village CTF: Hospital Under Siege (Pre-Qual) (Pre-registration required)
When: Thursday, Aug 5, 10:00 - 13:59 PDT
Where: Biohacking Village (CTF)

Description:
https://www.villageb.io/ctf2021

Return to Index - Add to

- ics Calendar file

BCV - Thursday - 21:00-20:59 PDT

Title: Blockchain as a Threat Modeling Thinking Tool
When: Thursday, Aug 5, 21:00 - 20:59 PDT
Where: Blockchain Village (YouTube)

SpeakerBio:Shinchul Park, Graduate Student
Shinchul Park is graduate student at the School of Cybersecurity, Korea University from 2021 and his research areas focus on security engineering, blockchain.

Description:
Threat modelling is a risk-based approach to designing secure systems. It is based on identifying threats in order to develop mitigations to them. Threat modeling is a “team sport,” because it requires the knowledge and skill set of a diverse team where all inputs can be viewed as equal in value. As the enabler of mass collaboration, blockchain is the framework that pieces everything together at a larger scale.

In this talk, we propose the first platform that combines blockchain with threat modeling. To this end, we first present a system model that combines a blockchain-based collective intelligence system with threat modeling, and then explain the role of the model, the scheme of the tool, and the operation procedure.

This talk is now available on YouTube: https://www.youtube.com/watch?v=vBGhW9gnCtU

Return to Index - Add to

- ics Calendar file

DC - Thursday - 09:00-20:59 PDT

Title: Chillout Lounges
When: Thursday, Aug 5, 09:00 - 20:59 PDT
Where: See Description
Speakers:djdead,DJ Pie & Darren,kampf,Rusty Hodge,Louigi Verona,Merin MC

SpeakerBio:djdead
No BIO available

SpeakerBio:DJ Pie & Darren
No BIO available

SpeakerBio:kampf
No BIO available

SpeakerBio:Rusty Hodge
No BIO available

SpeakerBio:Louigi Verona
No BIO available

SpeakerBio:Merin MC
No BIO available

Description:
There are two onsite chillout lounges available: Bally's Silver Ballroom, and Paris Concorde A.

There will be chill music playing:

09:00-12:00 DJ Pi & Darren
12:00-13:30 kampf
13:30-16:00 Rusty Hodge
16:00-16:51ish Louigi Verona
17:30 Merin MC
19:00-21:00 djdead

You can also watch the chill room stream on Twitch.

Twitch: https://www.twitch.tv/defcon_chill

Return to Index - Add to

- ics Calendar file

BCV - Thursday - 17:00-16:59 PDT

Title: COSTA (Coinbase Secure Trait Analyzer)
When: Thursday, Aug 5, 17:00 - 16:59 PDT
Where: Blockchain Village (YouTube)

SpeakerBio:Peter Kacherginsky , Founder OpenBlockSec project
No BIO available

Description:No Description available

Return to Index - Add to

- ics Calendar file

DDV - Thursday - 15:00-18:59 PDT

Title: Data Duplication Village - Open for dropoff only
When: Thursday, Aug 5, 15:00 - 18:59 PDT
Where: Data Duplication Village

Description:
Space permitting, last drop off is Saturday at 3:00pm.

Pick your drives full of data anytime 14-24 hours after drop off.

Last chance pickup is Sunday from 10:00 to 11:00.

Yes, 6TB and larger drives are accepted.

Any drives not picked up by Sunday at 11:00am are considered donated to the DDV.

See https://dcddv.org/dc29-schedule for more information.

Return to Index - Add to

- ics Calendar file

DC - Thursday - 07:00-19:59 PDT

Title: DEF CON Human Registration (Badge Pickup) Open
When: Thursday, Aug 5, 07:00 - 19:59 PDT
Where: Paris DEF CON Registration Desk

Description:
Starting Thursday at 07:00 badge pickup will open and you can start the 2-step process. There is no need to rush, if you have purchased on-line your badge is reserved and there is no concern about them running out:

1st you will pass through the vaccination check line, providing whatever original documentation your health care provider or vaccination center gave you. It will be checked against your State issued ID to make sure the names match, the dates are good, and that enough time has passed for you to be fully vaccinated, etc. We will not record your ID or records. If all is good you will get a WRISTBAND you must wear during the con.

2nd Next you head to the badge pickup desks. There you will show your wristband and your in-person badge bar code and get it scanned. If the scan passes you get your Human reg pack.

Where to register / pick up badges: Paris, near the InfoBooth. Please find "REGISTRATION" on the provided DC29 floorplan (available in HackerTracker and online).

Return to Index - Add to

- ics Calendar file

BCV - Thursday - 17:00-16:59 PDT

Title: DeFi Must Change or Hacks Will Accelerate
When: Thursday, Aug 5, 17:00 - 16:59 PDT
Where: Blockchain Village (YouTube)

SpeakerBio:Kadan Stadelmann , CTO Komodo Platform
Kadan Stadelmann is a blockchain developer, operations security expert and Komodo Platform’s chief technology officer. His experience ranges from working in operations security in the government sector and launching technology startups to application development and cryptography. Kadan started his journey into blockchain technology in 2011 and joined the Komodo team in 2016.

Kadan has published numerous articles on Forbes, Cointelegraph, NASDAQ and Yahoo Finance.

https://cointelegraph.com/authors/kadan-stadelmann https://www.forbes.com/sites/justinoconnell/2020/02/10/in-the-future-you-can-create-your-own-stablecoin-with-just-a-few-clicks-or-commands/ https://www.nasdaq.com/articles/can-we-build-a-post-feudal-web-3-2020-03-12 https://www.nasdaq.com/articles/heres-why-blockchain-hasnt-taken-over-the-world-yet-2019-05-09 https://finance.yahoo.com/finance/news/decentralized-exchange-launches-dogecoin-swaps-132541367.html

Description:
Decentralized Finance (DeFi) is here to stay, with over $118 Billion in total locked value highlighting evidence of faith in these new financial tools. This investment will continue increasing, but appears that with each new record in total value locked, there is another network attack being reported with astronomical losses.

Crypto crime cost companies and investors more than $10.5 Billion in 2020. In February 2021 alone, $200 Million was stolen in DeFi within just a 5 day period.

It is clear that there are far too many loopholes and hacks in current blockchain security protocols. From rug pulls to phishing scams, the security and technology is not as mature as the numbers make it out to be in this space. But there are critical practices both developers and users can implement to close this gap.

Return to Index - Add to

- ics Calendar file

RFV - Thursday - 12:00-11:59 PDT

Title: ESP8266, do you know what's inside your IoT?
When: Thursday, Aug 5, 12:00 - 11:59 PDT
Where: Radio Frequency Village (Virtual)

SpeakerBio:JoshInGeneral
Joshua Schroeder would describe himself as a security researcher that enjoys learning and advocating for people to get involved in RF and Cyber Security. His professional work includes working as a Unix Administrator, Incident Responder and Red Teamer.

As a long time Wireless CTF competitor, he led the Team JackTenna to a win in 2017. Attempting to share his knowledge with others, he previously spoke at the Defcon Wireless Village (Now RF Village) on 802.11 and 802.15 technologies (WiFi and Bluetooth) and later wrote and published the book ""Meeting People via Wifi and Bluetooth"". Prior speaking engagements also include ShmooCon, SkyDogCon, and Carolina Con.

In his free time he enjoys spending time with his wife and their dog, remodeling their house and tinkering with smart home technologies.

Description:
In this presentation we will look through together the inner workings of the ESP8266 chip. A common technology that is at the heart many IoT devices. I will demonstrate where I found this in a IoT switch and how you can identify and find them as well. Lastly I will show how the ESP8266 chip can be purchased for under $20 and deployed with a small as a decoy AP to capture credentials. Similar to what our team built and during the Wireless CTF in 2019.

This talk has been released to YouTube.

YouTube: https://www.youtube.com/watch?v=DIh-y5n_lDg

Radio Frequency Village will not be streaming any talks, but they will be making talks available on their YouTube channel.

YouTube: https://youtube.com/c/RFHackersSanctuary

Return to Index - Add to

- ics Calendar file

BCV - Thursday - 21:00-20:59 PDT

Title: Flash Loans Demystified
When: Thursday, Aug 5, 21:00 - 20:59 PDT
Where: Blockchain Village (YouTube)

SpeakerBio:Anto Joseph , Blockchain Security Engineer Coinbase
Anto Joseph works as a Blockchain Security Engineer @Coinbase. He enjoys researching distributed systems,DeFi protocols,Android and ML systems.He is involved in developing and advocating security in blockchains & DeFi. Previously, he has worked at Tinder, Intel, Citrix and E&Y in multiple information security roles.He has been a presenter and trainer at various security conferences including BH USA, Defcon, BruCon, HackInParis, HITB Amsterdam, HackLu, Hacktivity, PHdays, X33fCon, NullCon, c0c0n and more. He is an active contributor to many open-source projects and some of his work is available at https://github.com/antojoseph

Description:
Flash Loans are the first unsecured loan option in DeFi! They have been used for arbitrage, flash liquidation, collateral swaps and infamously Flash loan attacks. We explore the concepts behind flash loans, how they are used today and root cause of these attacks with plenty of demos throughout the talk. We also discuss strategies to protect against pump and arbitrage and oracle manipulation attacks.

This talk is now available on YouTube: https://www.youtube.com/watch?v=qSoKGINt7vw

Return to Index - Add to

- ics Calendar file

RFV - Thursday - 12:00-11:59 PDT

Title: Frag, You’re it - Hacking Laser Tag
When: Thursday, Aug 5, 12:00 - 11:59 PDT
Where: Radio Frequency Village (Virtual)

SpeakerBio:Eric Escobar , Principal Security Consultant
Eric is a seasoned pentester and a Principal Security Consultant at Secureworks. On a daily basis he attempts to compromise large enterprise networks to test their physical, human, network and wireless security. His team consecutively won first place at DEF CON 23, 24, and 25's Wireless CTF, snagging a black badge along the way. Forcibly retired from competing in the Wireless CTF, he’s now a member of the DEF CON Wireless Village team. Before entering the cyber security arena, Eric attained both a BS and MS in Civil Engineering along with his Professional Engineering license.

Description:
What do inexpensive hardware purchased from Amazon and a little git magic have in common? They are the ingredients to become a laser tag juggernaut armed with unlimited respawns and Contraesqe widespread rapid-fire. Hacking doesn't always have to be so serious; relegated to newsworthy 0days, Nation State actors, and vulnerable supply chains. Sometimes hacks are just to wreck your friends. This talk will dive into how laser tag actually uses focused beams of infrared light (similar to your TV remote) to ""tag"" your opponent. We'll look under the hood to see what qualifies as ""lasers"", and how they are interpreted by the game server. I'll discuss how these infrared signals can be replayed stealthily. Then we'll get to the carnage of warehouse Halo godmode.

This talk has been released to YouTube.

YouTube: https://www.youtube.com/watch?v=tNLddWViPl0

Radio Frequency Village will not be streaming any talks, but they will be making talks available on their YouTube channel.

YouTube: https://youtube.com/c/RFHackersSanctuary

Return to Index - Add to

- ics Calendar file

SOC - Thursday - 12:00-12:59 PDT

Title: Friends of Bill W.
When: Thursday, Aug 5, 12:00 - 12:59 PDT
Where: Bally's Pool Cabana

Description:
For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is in a Bally's poolside cabana, look for the sign.

Return to Index - Add to

Title: Preventing Sandwich Attacks on DeFi Protocols using Recurrent and Recursive Zero Knowledge Proofs
When: Thursday, Aug 5, 21:00 - 20:59 PDT
Where: Blockchain Village (YouTube)

SpeakerBio:Gokul Alex
"Gokul Alex is an Engineer, Economist and Educator experimenting with emerging and exponential technologies. He loves the creative convergence of programming, philosophy, poetry, psychology, physics with passion and perspectives. He is one of the global 100 Blockchain Experts selected by LATTICE80 Network. He is a top 20 Global thought leader on AI, Analytics, Big Data, Blockchain, Cloud, Cybersecurity, Cryptography, Data Science, Design Thinking, Enterprise Architecture, Quantum Computing and EduTech, FinTech, GovTech, HealthTech as ranked by Thinkers360 Platform.

Smart Contract Auditor | QuillAudits
- Penetration Tester
- Blockchain Security Researcher
- Founder | CipherShastra
- Founder | RazzorSec
- Malware Analyst
- Adversarial ML Researcher"

Description:
We would like to present a session on the most recent attack vector in the DeFi space - Sandwich Attack. Essentially Sandwich attacks creates an imbroglio in the information space of a blockchain by concurrent execution of front running and back running attacks. We have come up with a solution for this problem by leveraging hash time locks implemented as verifiable delay functions coupled with recursive and recurrent combination of zkSNARKS and zkSTARKS. We will also use Polynomial Rings to obfuscate the accounts, transactions and receipts with addition of Identity Mixers.

This talk is now available on YouTube: https://www.youtube.com/watch?v=nEkEsZ0zjkY

Return to Index - Add to

- ics Calendar file

SOC - Thursday - 16:00-17:59 PDT

Title: QueerCon Party
When: Thursday, Aug 5, 16:00 - 17:59 PDT
Where: Bally's Pool

Description:
Come hang out with the queer hacker community

Return to Index - Add to

- ics Calendar file

RFV - Thursday - 12:00-11:59 PDT

Title: RF Propagation and Visualization with DragonOS
When: Thursday, Aug 5, 12:00 - 11:59 PDT
Where: Radio Frequency Village (Virtual)

SpeakerBio:cemaxecuter
No BIO available

Description:
"Today's presentation will start with a brief history of DragonOS, where it started and where it's at today. After a short introduction, I'll dive into the subject of visualizing RF propagation with DragonOS. I'll be showing a fresh OS install and the necessary steps to generate a rough estimate of a transmitter based on SRTM-3 elevation data, as well as a new feature enabling visualization/calculations of the path between transmitter and receiver .

Topics and hands on (pre-recorded) demonstrations will include the following,

SPLAT! is an RF Signal Propagation, Loss, And Terrain analysis tool for the electromagnetic spectrum between 20 MHz and 20 GHz.
Signal Server Multi-threaded RF coverage calculator
Dr. Bill Walker's role
Signal Server and DragonOS integration
DF-Aggregator Developer / Modifications for visualization

I’ll conclude talking about future improvements to RF propagation and visualization tools."

This talk has been released on YouTube.

YouTube: https://www.youtube.com/watch?v=49RVycafF54

Radio Frequency Village will not be streaming any talks, but they will be making talks available on their YouTube channel.

YouTube: https://youtube.com/c/RFHackersSanctuary

Return to Index - Add to

- ics Calendar file

BCV - Thursday - 21:00-20:59 PDT

Title: Scaling Blockchains: A Novel Approach
When: Thursday, Aug 5, 21:00 - 20:59 PDT
Where: Blockchain Village (YouTube)

SpeakerBio:Colin Cantrell
No BIO available

Description:
This talk is now available on YouTube: https://www.youtube.com/watch?v=xJ_I4quSTfI

Return to Index - Add to

- ics Calendar file

BCV - Thursday - 21:00-20:59 PDT

Title: Subtle and Not So Subtle Ways to Lose Your Cryptocurrency
When: Thursday, Aug 5, 21:00 - 20:59 PDT
Where: Blockchain Village (YouTube)

SpeakerBio:Josh McIntyre , Software Engineer, Founder of Chaintuts
Josh McIntyre is a software engineer and tech educator with a passion for learning and teaching others. His project chaintuts hopes to educate people on the fascinating world of cryptocurrency and security with free and open-license content.

Description:
As the cryptocurrency ecosystem grows, thieves and scammers are evolving their tactics to get their piece of someone else's crypto pie. This talk will examine common ways that users lose cryptocurrency, and how to prevent these types of attacks. We will cover attack vectors such as malware, social engineering, user error, and more.

This talk is now available on YouTube: https://www.youtube.com/watch?v=npvSnOiqh10

Return to Index - Add to

- ics Calendar file

BHV - Thursday - 07:00-06:59 PDT

Title: Table Top Exercise - Deus Ex Machina (Pre-registration Required)
When: Thursday, Aug 5, 07:00 - 06:59 PDT
Where: Biohacking Village (TTX)

Description:
https://www.villageb.io/ttx

Return to Index - Add to

- ics Calendar file

CON - Thursday - 10:00-16:59 PDT

Title: Tin Foil Hat Contest
When: Thursday, Aug 5, 10:00 - 16:59 PDT
Where: See Description

Description:
For more information, see https://forum.defcon.org/node/236423

Return to Index - Add to

- ics Calendar file

BCV - Thursday - 21:00-20:59 PDT

Title: Towards Understanding the Unlimited Approval in Ethereum
When: Thursday, Aug 5, 21:00 - 20:59 PDT
Where: Blockchain Village (YouTube)

SpeakerBio:Dabao Wang , Research Assistant at Zhejiang University
DABAO WANG is currently a research assistant at Zhejiang University, Hangzhou, China. His current research interests include Blockchain and DeFi security. Wang received a bachelor degree with honours in computer science from Monash University. Contact him at dabao.wang@monash.edu

Description:
With the prosperous development of the DeFi ecosystem, trading tokens in decentralized applications (DApps) has become more and more frequent. ERC20 tokens, as one of the most popular token types, vastly circulate in the crypto market and obtain great value. Ideally, to trade ERC20 tokens in DApps, users first invoke the method approve() to permit DApps or other users to transfer the expected amount of tokens based on the ERC20 standard. In reality, many DApps request unlimited approvals from users to improve user experience. Unfortunately, this design caused a considerable loss on both users or even DApps themself. For example, the design flaw of smart contracts might cause the permission leak of approved tokens (Bancor). Moreover, some malicious platforms even trick users into approving tokens so that they can easily steal users’ approved asserts (Unicat). In this paper, we carefully elaborate on the unlimited approval problem with five real-world incidents. We then conduct two types of measurements. As a result, 21 platforms require unlimited approval in their service. However, only 3 (out of 15) wallets and no (out of 27) platforms reveal sufficient information and provide the modification feature for users. Moreover, we discover that over half of the approval transactions belong to unlimited approval.

This talk is now available on YouTube: https://www.youtube.com/watch?v=ijgYfdOADVI

Return to Index - Add to

- ics Calendar file

SOC - Thursday - 16:00-21:59 PDT

Title: Toxic BBQ
When: Thursday, Aug 5, 16:00 - 21:59 PDT
Where: See Description

Description:
Off-site at Sunset Park, Pavilion F, (36.0636, -115.1178)

Communal Supply Run leaves at 1300 from Paris Info Booth near Reg

Drop by the park and see how you can help. Here are things we always need:

More meat!
Ice
Chips and Sides
Drinks (soft and hard, no glass)
Grill volunteers
Clean-up volunteers

See #ToxicBBQ on Twitter

For more information, see https://forum.defcon.org/node/236426

Forums: https://forum.defcon.org/node/236426

History: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20events/ToxicBBQ-History-Continuous.pdf

Return to Index - Add to

- ics Calendar file

RFV - Thursday - 12:00-11:59 PDT

Title: Using UAV in Military Zone Areas by GPS Spoofing with RF Devices
When: Thursday, Aug 5, 12:00 - 11:59 PDT
Where: Radio Frequency Village (Virtual)

SpeakerBio:Mehmet Onder Key
No BIO available

Description:
This talk has been released on YouTube.

YouTube: https://www.youtube.com/watch?v=yQ2lrUJ5a04

Radio Frequency Village will not be streaming any talks, but they will be making talks available on their YouTube channel.

YouTube: https://youtube.com/c/RFHackersSanctuary

Return to Index - Add to

- ics Calendar file

BCV - Thursday - 21:00-20:59 PDT

Title: Will Secure Element Really Help Strengthen the Security of Cryptocurrency Wallets?
When: Thursday, Aug 5, 21:00 - 20:59 PDT
Where: Blockchain Village (YouTube)

SpeakerBio:Byeongcheol Yoo , Graduate Student
Byeongcheol Yoo is a master's student at the School of Cybersecurity in Korea University and his research areas focus on security engineering, blockchain, and IoT security.

In addition to being a master's student, he has been working as a senior researcher at Keypair Inc. which is a Korean company that specializes in blockchain and IoT security. He is a lead developer of an NFC-enabled card-type cryptocurrency wallet called 'KeyWallet Touch' in the company.

Description:
Cryptocurrency wallets are used to store the public and private keys of your account, keep track of the balance, conduct transactions in sending and receiving the currencies, as well as other functions with the blockchain. Wallets are divided into two types: software (a.k.a. hot) wallets and hardware (a.k.a. cold) wallets. Software wallets are accounts on cryptocurrency exchanges or accounts based on online websites. Hardware wallets are accounts stored on an offline means.

In this talk, we deal with a comparative analysis of all categories of these wallets. For this, first, we present a systematic method to evaluate the risk of cryptocurrency wallets, and then we review two hardware wallets ('Ledger Nano S' and 'Trezor One', both of which are the world's best-selling wallet) and four software wallets ('Bread', 'Trust Wallet' for mobile, and 'Copay', 'Electrum' for PC).

This talk is now available on YouTube: https://www.youtube.com/watch?v=bim4q1G3_c0

Return to Index - Add to

- ics Calendar file

Talk/Event Schedule

Thursday

Thursday - 07:00 PDT

Thursday - 08:00 PDT

Thursday - 09:00 PDT

Thursday - 10:00 PDT

Thursday - 11:00 PDT

Thursday - 12:00 PDT

Thursday - 13:00 PDT

Thursday - 14:00 PDT

Thursday - 15:00 PDT

Thursday - 16:00 PDT

Thursday - 17:00 PDT

Thursday - 18:00 PDT

Thursday - 19:00 PDT

Thursday - 20:00 PDT

Thursday - 21:00 PDT

Thursday - 22:00 PDT

Thursday - 23:00 PDT

Talk/Event Descriptions

SOC - Thursday - 13:00-23:59 PDT

RFV - Thursday - 12:00-11:59 PDT

CON - Thursday - 18:00-17:59 PDT

BHV - Thursday - 10:00-13:59 PDT

BCV - Thursday - 21:00-20:59 PDT

DC - Thursday - 09:00-20:59 PDT

BCV - Thursday - 17:00-16:59 PDT

DDV - Thursday - 15:00-18:59 PDT

DC - Thursday - 07:00-19:59 PDT

BCV - Thursday - 17:00-16:59 PDT

RFV - Thursday - 12:00-11:59 PDT

BCV - Thursday - 21:00-20:59 PDT

RFV - Thursday - 12:00-11:59 PDT

SOC - Thursday - 12:00-12:59 PDT

SOC - Thursday - 17:00-17:59 PDT

MUS - Thursday - 22:00-22:59 PDT

MUS - Thursday - 21:00-21:59 PDT

MUS - Thursday - 21:00-21:59 PDT

MUS - Thursday - 23:00-23:59 PDT

MUS - Thursday - 23:00-23:59 PDT

MUS - Thursday - 22:00-22:59 PDT

BCV - Thursday - 21:00-20:59 PDT

SOC - Thursday - 16:00-17:59 PDT

RFV - Thursday - 12:00-11:59 PDT

BCV - Thursday - 21:00-20:59 PDT

BCV - Thursday - 21:00-20:59 PDT

BHV - Thursday - 07:00-06:59 PDT

CON - Thursday - 10:00-16:59 PDT

BCV - Thursday - 21:00-20:59 PDT

SOC - Thursday - 16:00-21:59 PDT

RFV - Thursday - 12:00-11:59 PDT

BCV - Thursday - 21:00-20:59 PDT