Talk/Event Schedule


Sunday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Sunday - 08:00 PDT


Return to Index  -  Locations Legend
SEV - (08:30-08:59 PDT) - Social Engineering Community Village opens - morning welcome and introduction

 

Sunday - 09:00 PDT


Return to Index  -  Locations Legend
AIV - Automate Detection with Machine Learning  - Gavin Klondike 
APV - The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack - Elad Rapoport,tzachi(Zack) zorenshtain
DC - Merch (formerly swag) Area Open -- README -
PYV - Payment Hacking Challenge -
SEV - Heroes vs Villians, a SEC Youth Challenge -
SEV - Research Calls - Tessa Cole
SEV - (09:30-10:59 PDT) - Research and Cold Calls -
SKY - (09:30-10:20 PDT) - Eradicating Disease With BioTerrorism - Mixæl S. Laufer
SOC - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren

 

Sunday - 10:00 PDT


Return to Index  -  Locations Legend
AIV - cont...(09:00-10:20 PDT) - Automate Detection with Machine Learning  - Gavin Klondike 
AIV - (10:30-11:20 PDT) - Attacks on Tiny Intelligence - Yuvaraj Govindarajulu 
APV - How to find 0-days in your “memory safe” stack? - Cezary Cerekwicki
ASV - Self No-Fly Area Designing for UAV - Utku Yildirim
ASV - Pen Test Partners A320 Simulator -
ASV - Hack-A-Sat Digital Twin Workshop -
ASV - Hack the Airfield with DDS -
ASV - Satellite Eavesdropping with DDS -
ASV - Red Balloon Failsat Challenges -
ASV - Hack the Airport with Intelligenesis -
ASV - (10:30-11:20 PDT) - Control Acquisition Attack of Aerospace Systems by False Data Injection - Garrett Jares
AVV - Don’t be trusted: Active Directory trust attacks - Jonas Bülow Knudsen,Martin Sohn Christensen
AVV - (10:30-12:30 PDT) - Adversary Booth - Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee
AVV - (10:30-13:30 PDT) - Adversary Wars CTF -
BHV - (10:30-11:59 PDT) - Memento Vivere: A connected light installation on cerebral (dys)function - Rick Martinez Herrera
CLV - Understanding, Abusing and Monitoring AWS AppStream 2.0 - Rodrigo Montoro
CLV - (10:40-11:20 PDT) - How to do Cloud Security assessments like a pro in only #4Steps - Ricardo Sanchez
CON - Capture The Packet Finals -
CON - IoT Village CTF (the CTF formally known as SOHOplessly Broken) -
CON - Car Hacking Village CTF -
CON - Octopus Game - Final 8 Phase -
CON - DARKNET-NG -
CON - Red Team Village CTF Finals Part 2 -
CON - Hospital Under Siege -
CPV - (10:30-10:59 PDT) - XR Technology Has 99 Problems and Privacy is Several of Them (PRE-RECORDED) - Calli Schroeder,Suchi Pahi
DC - Human Registration Open
DC - Vendor Area Open
DC - cont...(09:00-14:59 PDT) - Merch (formerly swag) Area Open -- README -
DC - Memorial Room Open -
DC - Village Areas Open (Generally) -
DDV - Last chance to pick up drives at the DDV -
GHV - Hide and Seek: Why do you need OpSec? - Cybelle Oliveira
GHV - (10:30-10:59 PDT) - Edutainment: A gateway into the field of Cybersecurity & Online safety for girls. - Monique Head
HHV - Solder Skills Village - Open
HHV - Hardware Hacking Village - Open
ICSV - Tales from the trenches - why organizations struggle to get even the basics of OT asset visibility & detection right. - Vivek Ponnada
ICSV - CISA and Idaho National Lab Escape Room -
ICSV - Hack the Plan[e]t CTF -
ICSV - Fantom5 SeaTF CTF -
ICSV - DDS Hack-the-Microgrid -
IOTV - IoT Village CTF Challenges -
IOTV - Hands on hacking labs -
IOTV - Hands on Hardware Hacking – eMMC to Root - Deral Heiland
IOTV - Drone Hack -
LPV - (10:15-10:45 PDT) - Intro to Lockpicking - TOOOL
PHV - Linux Trainer -
PHV - Botnet Workshop -
PHV - HardWired -
PHV - Wall of Sheep -
PHV - Packet Inspector -
PHV - Packet Detective -
PHV - Honey Pot Workshop -
PHV - NetworkOS Workshop -
PHV - RegEx Trainer -
PLV - Improving International Vulnerability Disclosure: Why the US and Allies Have to Get Serious - Stewart Scott,Christopher Robinson
PLV - Better Policies for Better Lives: Hacker Input to international policy challenges - Peter Stephens
PSV - Physical Security Village -
PSV - (10:30-10:59 PDT) - Bypass 101 - Karen Ng
PYV - cont...(09:00-13:59 PDT) - Payment Hacking Challenge -
RFV - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
ROV - Workshop Overflow - Four Suits Co
RTV - Hacking WebApps with WebSploit Labs - Omar Santos
RTV - Intro to CTFs
RTV - Offensive Wireless Security 101
RTV - OSINT Skills Lab Challenge - Sandra Stibbards,Lee McWhorter
SEV - cont...(09:30-10:59 PDT) - Research and Cold Calls -
SKY - cont...(09:30-10:20 PDT) - Eradicating Disease With BioTerrorism - Mixæl S. Laufer
SKY - (10:35-11:25 PDT) - Basic Blockchain Forensics - K1ng_Cr4b
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
TEV - Learn at Tamper-Evident Village -

 

Sunday - 11:00 PDT


Return to Index  -  Locations Legend
AIV - cont...(10:30-11:20 PDT) - Attacks on Tiny Intelligence - Yuvaraj Govindarajulu 
AIV - (11:30-12:20 PDT) - AI Trojan Attacks, Defenses, and the TrojAI Competition - Taylor Kulp-Mcdowall 
APV - Offensive Application Security for Developers... - James McKee
ASV - cont...(10:00-11:59 PDT) - Pen Test Partners A320 Simulator -
ASV - cont...(10:00-12:59 PDT) - Hack-A-Sat Digital Twin Workshop -
ASV - cont...(10:00-12:59 PDT) - Hack the Airfield with DDS -
ASV - cont...(10:00-12:59 PDT) - Satellite Eavesdropping with DDS -
ASV - cont...(10:00-11:59 PDT) - Red Balloon Failsat Challenges -
ASV - cont...(10:00-12:59 PDT) - Hack the Airport with Intelligenesis -
ASV - cont...(10:30-11:20 PDT) - Control Acquisition Attack of Aerospace Systems by False Data Injection - Garrett Jares
ASV - (11:30-11:55 PDT) - Formalizing Security Assessment for Uncrewed Aerial Systems - Ronald Broberg,Rudy Mendoza
AVV - cont...(10:30-12:30 PDT) - Adversary Booth - Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee
AVV - cont...(10:30-13:30 PDT) - Adversary Wars CTF -
AVV - Helpful Principles in Adversarial Operations - Dan Borges
AVV - (11:30-11:59 PDT) - Purple Teaming for Auditors and the Business - Alex Martirosyan
BHV - cont...(10:30-11:59 PDT) - Memento Vivere: A connected light installation on cerebral (dys)function - Rick Martinez Herrera
BTV - Backdoors & Breaches, Back to the Stone Age! -
CLV - cont...(10:40-11:20 PDT) - How to do Cloud Security assessments like a pro in only #4Steps - Ricardo Sanchez
CLV - (11:20-11:50 PDT) - Cloud Sandboxes for Security Research - Fire from the Heavens - Louis Barrett
CLV - (11:50-12:30 PDT) - Deescalate the overly-permissive IAM - Jay Chen
CON - cont...(10:00-12:59 PDT) - Capture The Packet Finals -
CON - cont...(10:00-12:59 PDT) - IoT Village CTF (the CTF formally known as SOHOplessly Broken) -
CON - cont...(10:00-11:59 PDT) - Car Hacking Village CTF -
CON - cont...(10:00-13:59 PDT) - Red Team Village CTF Finals Part 2 -
CON - cont...(10:00-11:59 PDT) - DARKNET-NG -
CON - cont...(10:00-11:59 PDT) - Hospital Under Siege -
CPV - Voldrakus: Using Consent String Steganography to Exfiltrate Browser Fingerprinting Data - Kaileigh McCrea
CPV - (11:30-11:59 PDT) - Finding Crypto: Inventorying Cryptographic Operations - Kevin Lai
DC - Save The Environment (Variable): Hijacking Legitimate Applications with a Minimal Footprint - Wietze Beukema
DC - STrace - A DTrace on windows reimplementation. - Stephen Eckels
DC - cont...(10:00-15:59 PDT) - Human Registration Open
DC - Exploitation in the era of formal verification: a peek at a new frontier with AdaCore/SPARK - Alex Tereshkin,Adam 'pi3' Zabrocki
DC - emulation-driven reverse-engineering for finding vulns - atlas
DC - cont...(10:00-15:59 PDT) - Vendor Area Open
DC - cont...(09:00-14:59 PDT) - Merch (formerly swag) Area Open -- README -
DC - cont...(10:00-11:59 PDT) - Memorial Room Open -
DC - cont...(10:00-14:59 PDT) - Village Areas Open (Generally) -
GHV - Introduction to IOS Reverse Engineering with Frida - Christine Fossaceca
GHV - (11:30-14:30 PDT) - Workshop: Mobile Penetration Testing w Corellium - Corellium
HHV - cont...(10:00-12:59 PDT) - Solder Skills Village - Open
HHV - cont...(10:00-12:59 PDT) - Hardware Hacking Village - Open
HRV - Free Amateur Radio License Exams -
HRV - Oli: A Simpler Pi-Star Replacement - Danny Quist
ICSV - cont...(10:00-12:59 PDT) - CISA and Idaho National Lab Escape Room -
ICSV - cont...(10:00-12:59 PDT) - Hack the Plan[e]t CTF -
ICSV - cont...(10:00-12:59 PDT) - Fantom5 SeaTF CTF -
ICSV - cont...(10:00-12:59 PDT) - DDS Hack-the-Microgrid -
ICSV - OT:ICEFALL - Revisiting a decade of OT insecure-by-design practices - Jos Wetzels
IOTV - cont...(10:00-12:59 PDT) - IoT Village CTF Challenges -
IOTV - cont...(10:00-12:59 PDT) - Hands on hacking labs -
IOTV - cont...(10:00-12:59 PDT) - Hands on Hardware Hacking – eMMC to Root - Deral Heiland
IOTV - cont...(10:00-12:59 PDT) - Drone Hack -
LPV - Safecracking for Everyone - Jared Dygert
PHV - cont...(10:00-12:59 PDT) - Linux Trainer -
PHV - cont...(10:00-12:59 PDT) - Botnet Workshop -
PHV - cont...(10:00-12:59 PDT) - HardWired -
PHV - cont...(10:00-12:59 PDT) - Wall of Sheep -
PHV - cont...(10:00-12:59 PDT) - Packet Inspector -
PHV - cont...(10:00-12:59 PDT) - Packet Detective -
PHV - cont...(10:00-12:59 PDT) - Honey Pot Workshop -
PHV - cont...(10:00-12:59 PDT) - NetworkOS Workshop -
PHV - cont...(10:00-12:59 PDT) - RegEx Trainer -
PLV - cont...(10:00-11:45 PDT) - Improving International Vulnerability Disclosure: Why the US and Allies Have to Get Serious - Stewart Scott,Christopher Robinson
PLV - cont...(10:00-11:45 PDT) - Better Policies for Better Lives: Hacker Input to international policy challenges - Peter Stephens
PSV - cont...(10:00-14:59 PDT) - Physical Security Village -
PSV - Bypass 102 - Karen Ng
PYV - cont...(09:00-13:59 PDT) - Payment Hacking Challenge -
RFV - cont...(10:00-14:59 PDT) - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
RHV - I know what you ate last summer - Wesley Altham (aka Wesrl)
ROV - cont...(10:00-13:59 PDT) - Workshop Overflow - Four Suits Co
RTV - Cyber Resilience Bootcamp - Ron Taylor
RTV - Hacking WebApps with WebSploit Labs - Omar Santos
RTV - Intro to CTFs
RTV - OSINT Skills Lab Challenge - Sandra Stibbards,Lee McWhorter
SEV - (11:30-12:59 PDT) - Social Engineering Community Village Awards and Competitor Panel
SKY - cont...(10:35-11:25 PDT) - Basic Blockchain Forensics - K1ng_Cr4b
SKY - (11:40-13:30 PDT) - Abortion Tech - Maggie Mayhem
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
TEV - cont...(10:00-12:59 PDT) - Learn at Tamper-Evident Village -

 

Sunday - 12:00 PDT


Return to Index  -  Locations Legend
AIV - cont...(11:30-12:20 PDT) - AI Trojan Attacks, Defenses, and the TrojAI Competition - Taylor Kulp-Mcdowall 
AIV - (12:30-13:20 PDT) - AI Village CTF Results and Q&A - Will Pearce
APV - cont...(11:00-12:59 PDT) - Offensive Application Security for Developers... - James McKee
ASV - cont...(10:00-12:59 PDT) - Hack-A-Sat Digital Twin Workshop -
ASV - cont...(10:00-12:59 PDT) - Hack the Airfield with DDS -
ASV - cont...(10:00-12:59 PDT) - Satellite Eavesdropping with DDS -
ASV - cont...(10:00-12:59 PDT) - Hack the Airport with Intelligenesis -
ASV - Drones and Civil Liberties - Andrés Arrieta
AVV - cont...(10:30-12:30 PDT) - Adversary Booth - Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee
AVV - cont...(10:30-13:30 PDT) - Adversary Wars CTF -
AVV - Open Mic
AVV - (12:30-12:59 PDT) - Qemuno – An uninvited guest - Oleg Lerner
BHV - (12:30-13:59 PDT) - XR for Literally Everything, Everywhere, All at Once - Keenan Skelly
BHV - (12:45-13:30 PDT) - Hacking the Brave New Worlds and Extended Realities - Kavya Pearlman
BTV - Project Obsidian: Panel Discussion -
CLV - cont...(11:50-12:30 PDT) - Deescalate the overly-permissive IAM - Jay Chen
CLV - (12:30-12:50 PDT) - Sign of the Times: Exploiting Poor Validation of AWS SNS SigningCertUrl - Eugene Lim
CLV - (12:50-13:30 PDT) - Cloud Defaults are Easy Not Secure - Igal Flegmann
CON - cont...(10:00-12:59 PDT) - Capture The Packet Finals -
CON - cont...(10:00-12:59 PDT) - IoT Village CTF (the CTF formally known as SOHOplessly Broken) -
CON - cont...(10:00-13:59 PDT) - Red Team Village CTF Finals Part 2 -
CPV - Surviving and Designing for Survivors - Avi Zajac
CPV - (12:45-13:30 PDT) - PII: The Privacy Zombie - Alisha Kloc
DC - PreAuth RCE Chains on an MDM: KACE SMA - Jeffrey Hofmann
DC - Defaults - the faults. Bypassing android permissions from all protection levels - Nikita Kurtin
DC - cont...(10:00-15:59 PDT) - Human Registration Open
DC - The Call is Coming From Inside The Cluster: Mistakes that Lead to Whole Cluster Pwnership - Will Kline,Dagan Henderson
DC - Taking a Dump In The Cloud - Melvin Langvik,Flangvik
DC - cont...(10:00-15:59 PDT) - Vendor Area Open
DC - cont...(09:00-14:59 PDT) - Merch (formerly swag) Area Open -- README -
DC - cont...(10:00-14:59 PDT) - Village Areas Open (Generally) -
GHV - cont...(11:30-14:30 PDT) - Workshop: Mobile Penetration Testing w Corellium - Corellium
HHV - cont...(10:00-12:59 PDT) - Solder Skills Village - Open
HHV - cont...(10:00-12:59 PDT) - Hardware Hacking Village - Open
HRV - cont...(11:00-13:59 PDT) - Free Amateur Radio License Exams -
HRV - (12:30-12:59 PDT) - Off the grid - Supplying your own power - Eric Escobar
ICSV - Understanding CAN Bus and the GRACE Console [[Maritime]] - Dave Burke
ICSV - cont...(10:00-12:59 PDT) - CISA and Idaho National Lab Escape Room -
ICSV - cont...(10:00-12:59 PDT) - Hack the Plan[e]t CTF -
ICSV - cont...(10:00-12:59 PDT) - Fantom5 SeaTF CTF -
ICSV - cont...(10:00-12:59 PDT) - DDS Hack-the-Microgrid -
IOTV - cont...(10:00-12:59 PDT) - IoT Village CTF Challenges -
IOTV - cont...(10:00-12:59 PDT) - Hands on hacking labs -
IOTV - cont...(10:00-12:59 PDT) - Hands on Hardware Hacking – eMMC to Root - Deral Heiland
IOTV - cont...(10:00-12:59 PDT) - Drone Hack -
LPV - Doors, Cameras, and Mantraps. Oh, my! - Dylan Baklor
PHV - cont...(10:00-12:59 PDT) - Linux Trainer -
PHV - cont...(10:00-12:59 PDT) - Botnet Workshop -
PHV - cont...(10:00-12:59 PDT) - HardWired -
PHV - cont...(10:00-12:59 PDT) - Wall of Sheep -
PHV - cont...(10:00-12:59 PDT) - Packet Inspector -
PHV - cont...(10:00-12:59 PDT) - Packet Detective -
PHV - cont...(10:00-12:59 PDT) - Honey Pot Workshop -
PHV - cont...(10:00-12:59 PDT) - NetworkOS Workshop -
PHV - cont...(10:00-12:59 PDT) - RegEx Trainer -
PLV - Offensive Cyber Industry Roundtable - Sophia D'Antoine,Matt Holland,Winnona DeSombre
PLV - Protect Our Pentest Tools! Perks and Hurdles in Distributing Red Team Tools - Omar Santos
PSV - cont...(10:00-14:59 PDT) - Physical Security Village -
PSV - (12:30-12:59 PDT) - Forcible Entry 101 - Bill Graydon
PYV - cont...(09:00-13:59 PDT) - Payment Hacking Challenge -
RFV - cont...(10:00-14:59 PDT) - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
ROV - cont...(10:00-13:59 PDT) - Workshop Overflow - Four Suits Co
SEV - cont...(11:30-12:59 PDT) - Social Engineering Community Village Awards and Competitor Panel
SKY - cont...(11:40-13:30 PDT) - Abortion Tech - Maggie Mayhem
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - Friends of Bill W -
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
TEV - cont...(10:00-12:59 PDT) - Learn at Tamper-Evident Village -

 

Sunday - 13:00 PDT


Return to Index  -  Locations Legend
AIV - cont...(12:30-13:20 PDT) - AI Village CTF Results and Q&A - Will Pearce
APV - Layer 7 matters at Layers 2/3 : Appsec on Network Infrastructure - Ken Pyle
AVV - cont...(10:30-13:30 PDT) - Adversary Wars CTF -
AVV - Modern techniques used by Advanced Persistent Threat actors for discovering 0-day vulnerabilities - Or Yair
BHV - cont...(12:30-13:59 PDT) - XR for Literally Everything, Everywhere, All at Once - Keenan Skelly
BHV - cont...(12:45-13:30 PDT) - Hacking the Brave New Worlds and Extended Realities - Kavya Pearlman
BTV - Blue Team Village Closing Ceremony -
CLV - cont...(12:50-13:30 PDT) - Cloud Defaults are Easy Not Secure - Igal Flegmann
CLV - (13:30-13:45 PDT) - Cloud Village Closing Note - Jayesh Singh Chauhan
CON - cont...(10:00-13:59 PDT) - Red Team Village CTF Finals Part 2 -
CPV - cont...(12:45-13:30 PDT) - PII: The Privacy Zombie - Alisha Kloc
CPV - (13:30-14:15 PDT) - Cryptosploit - Matt Cheung,Benjamin Hendel
DC - ElectroVolt: Pwning popular desktop apps while uncovering new attack surface on Electron - Aaditya Purani,Max Garrett
DC - The Journey From an Isolated Container to Cluster Admin in Service Fabric - Aviv Sasson
DC - cont...(10:00-15:59 PDT) - Human Registration Open
DC - Less SmartScreen More Caffeine – ClickOnce (Ab)Use for Trusted Code Execution - Nick Powers,Steven Flores
DC - RingHopper – Hopping from User-space to God Mode - Jonathan Lusky,Benny Zeltser
DC - cont...(10:00-15:59 PDT) - Vendor Area Open
DC - cont...(09:00-14:59 PDT) - Merch (formerly swag) Area Open -- README -
DC - cont...(10:00-14:59 PDT) - Village Areas Open (Generally) -
GHV - cont...(11:30-14:30 PDT) - Workshop: Mobile Penetration Testing w Corellium - Corellium
HRV - cont...(11:00-13:59 PDT) - Free Amateur Radio License Exams -
ICSV - Spear Vishing / VoIP Poisoning - Maritime and Land - Travis Juhr
LPV - Intro to Lockpicking - TOOOL
PLV - cont...(12:00-13:45 PDT) - Offensive Cyber Industry Roundtable - Sophia D'Antoine,Matt Holland,Winnona DeSombre
PLV - cont...(12:00-13:45 PDT) - Protect Our Pentest Tools! Perks and Hurdles in Distributing Red Team Tools - Omar Santos
PSV - cont...(10:00-14:59 PDT) - Physical Security Village -
PYV - cont...(09:00-13:59 PDT) - Payment Hacking Challenge -
RFV - cont...(10:00-14:59 PDT) - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
ROV - cont...(10:00-13:59 PDT) - Workshop Overflow - Four Suits Co
SKY - cont...(11:40-13:30 PDT) - Abortion Tech - Maggie Mayhem
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren

 

Sunday - 14:00 PDT


Return to Index  -  Locations Legend
AIV - AI Village Closing Remarks - Sven Cattell,Brian Pendleton
APV - cont...(13:00-14:59 PDT) - Layer 7 matters at Layers 2/3 : Appsec on Network Infrastructure - Ken Pyle
CPV - cont...(13:30-14:15 PDT) - Cryptosploit - Matt Cheung,Benjamin Hendel
CPV - (14:15-14:59 PDT) - AES-GCM common pitfalls and how to work around them (PRE-RECORDED) - Santiago Kantorowicz
DC - Contest Closing Ceremonies & Awards - Grifter
DC - Solana JIT: Lessons from fuzzing a smart-contract compiler - Thomas Roth
DC - cont...(10:00-15:59 PDT) - Human Registration Open
DC - cont...(10:00-15:59 PDT) - Vendor Area Open
DC - cont...(09:00-14:59 PDT) - Merch (formerly swag) Area Open -- README -
DC - cont...(10:00-14:59 PDT) - Village Areas Open (Generally) -
GHV - cont...(11:30-14:30 PDT) - Workshop: Mobile Penetration Testing w Corellium - Corellium
GHV - (14:30-14:59 PDT) - Phishing for Your Next Cyber Opportunity - Cyrena Jackson,Teresa Green
ICSV - Navigating the High Seas When Dealing with Cybersecurity Attack - Daniel Garrie
LPV - The "Why" of Lock Picking - Christopher Forte (isaidnocookies)
PSV - cont...(10:00-14:59 PDT) - Physical Security Village -
RFV - cont...(10:00-14:59 PDT) - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
RFV - RF CTF Out-brief - RF Hackers Village Staff
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren
SOC - cont...(09:00-14:59 PDT) - Chillout Lounge (with entertainment) - Rusty,Merin MC,s1gnsofl1fe,Pie & Darren

 

Sunday - 15:00 PDT


Return to Index  -  Locations Legend
DC - cont...(14:00-15:15 PDT) - Contest Closing Ceremonies & Awards - Grifter
DC - cont...(10:00-15:59 PDT) - Human Registration Open
DC - (15:30-17:30 PDT) - DEF CON Closing Ceremonies & Awards - The Dark Tangent
DC - cont...(10:00-15:59 PDT) - Vendor Area Open

 

Sunday - 16:00 PDT


Return to Index  -  Locations Legend
DC - cont...(15:30-17:30 PDT) - DEF CON Closing Ceremonies & Awards - The Dark Tangent

 

Sunday - 17:00 PDT


Return to Index  -  Locations Legend
DC - cont...(15:30-17:30 PDT) - DEF CON Closing Ceremonies & Awards - The Dark Tangent

Talk/Event Descriptions


 

SKY - Sunday - 11:40-13:30 PDT


Title: Abortion Tech
When: Sunday, Aug 14, 11:40 - 13:30 PDT
Where: LINQ - BLOQ (SkyTalks 303) - Map

SpeakerBio:Maggie Mayhem
Maggie Mayhem is a former sex worker and current full spectrum doula. She has spoken previously at HOPE as well as DefCon, Skytalks, SxSW, the United Nations Internet Governance Forum, as well as many events and universities around the world. Her website is MaggieMayhem.Com.
Twitter: @msmaggiemayhem

Description:
In order to protect abortion access in America, it is imperative to understand what abortion is in material terms. This primer will discuss clinical and underground abortion procedures, provider opsec, targeted legislation against abortion access, how abortion access & gender affirming care are linked, and demonstrate how to build a DIY vacuum aspiration device. This talk will be presented from the perspective that abortion should be available on demand, without apology as part of a spectrum of human reproductive rights including gender affirming care and expression of sexual orientation. Providing abortions safely requires a background in healthcare that exceeds the time and content limitations of this talk. Though abortion will be discussed in practical terms, attendees will not be taught how to perform abortions.

Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 10:30-12:30 PDT


Title: Adversary Booth
When: Sunday, Aug 14, 10:30 - 12:30 PDT
Where: Flamingo - Scenic Ballroom (Adversary Village) - Map
Speakers:Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee

SpeakerBio:Dean Lawrence , Software Systems Engineer
No BIO available

SpeakerBio:Ethan Michalak , Cyber Security Intern
No BIO available

SpeakerBio:Melanie Chan , Senior Cybersecurity Engineer & Intern Coordinator
No BIO available

SpeakerBio:Michael Kouremetis , Lead Cyber Operations Engineer and Group Lead
No BIO available

SpeakerBio:Jay Yee , Senior Cyber Security Engineer, Defensive Cyber Operations
No BIO available

Description:
Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.

Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 10:30-13:30 PDT


Title: Adversary Wars CTF
When: Sunday, Aug 14, 10:30 - 13:30 PDT
Where: Flamingo - Scenic Ballroom (Adversary Village) - Map

Description:
Adversary Wars CTF will have real world simulation CTF scenarios and challenges, where the adversaries can simulate attacks and learn new attack vectors, TTPs, techniques, etc. There would be combined exercises which include different levels of threat/adversary emulation and purple teaming.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Sunday - 14:15-14:59 PDT


Title: AES-GCM common pitfalls and how to work around them (PRE-RECORDED)
When: Sunday, Aug 14, 14:15 - 14:59 PDT
Where: Flamingo - Vista Ballroom (Crypto Privacy Village) - Map

SpeakerBio:Santiago Kantorowicz
Santiago is a Staff Security Engineer at Twilio, with 14 years of experience in cybersecurity. He worked for 6 years securing and designing OTP and TOTP products, such as Authy and Twilio Verify. He is currently dedicated to securing Twilio Voice and video products along with Twilio Edge infrastructure. He started his cybersecurity journey doing Pen Test for 5 years, and then moved to MercadoLibre to kickstart the Appsec deparment. During his journey he discovered pasion for other topics and worked on non-security roles such as a Product Manager and as a Product Architect.

Description:
We will talk about AES-GCM documented and largely unknown limitations no how many encryptions it can do with one key. We won’t get into the cryptographic details of the algorithm, so no need to worry about that. I’ll propose some workarounds to the limitations too. There is some basic math involved :)

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Sunday - 11:30-12:20 PDT


Title: AI Trojan Attacks, Defenses, and the TrojAI Competition
When: Sunday, Aug 14, 11:30 - 12:20 PDT
Where: Caesars Forum - Summit 228->236 (AI Village) - Map

SpeakerBio:Taylor Kulp-Mcdowall 
No BIO available

Description:
As the current machine learning paradigm shifts toward the use of large pretrained models fine-tuned to a specific use case, it becomes increasingly important to trust the pretrained models that are downloaded from central model repositories (or other areas of the internet). As has been well documented in the machine learning literature, numerous attacks currently exist that allow an adversary to poison or “trojan” a machine learning model causing the model to behave correctly except when dealing with a specific adversary chosen input or “trigger”. This talk will introduce the threats posed by these AI trojan attacks, discuss the current types of attacks that exist, and then focus on the state of the art techniques used to both defend and detect these attacks.

As part of an emphasis on trojan detection, the talk will also cover key aspects of the TrojAI Competition (https://pages.nist.gov/trojai/)—an open leaderboard run by NIST and IARPA to spur the development of better trojan detection techniques. This leaderboard provides anyone with the opportunity to run and evaluate their own trojan detectors across large datasets of clean/poisoned AI models already developed by the TrojAI team. These datasets consist of numerous different AI architectures trained across tasks ranging from image classification to extractive question answering. They are open-source and ready for the community to use.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Sunday - 14:00-14:59 PDT


Title: AI Village Closing Remarks
When: Sunday, Aug 14, 14:00 - 14:59 PDT
Where: Caesars Forum - Summit 228->236 (AI Village) - Map
Speakers:Sven Cattell,Brian Pendleton

SpeakerBio:Sven Cattell
No BIO available
Twitter: @comathematician

SpeakerBio:Brian Pendleton
No BIO available
Twitter: @yaganub

Description:
A review of the weekend and a short discussion of the topics to look out for in the coming year.

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Sunday - 12:30-13:20 PDT


Title: AI Village CTF Results and Q&A
When: Sunday, Aug 14, 12:30 - 13:20 PDT
Where: Caesars Forum - Summit 228->236 (AI Village) - Map

SpeakerBio:Will Pearce
No BIO available
Twitter: @moo_hax

Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Sunday - 10:30-11:20 PDT


Title: Attacks on Tiny Intelligence
When: Sunday, Aug 14, 10:30 - 11:20 PDT
Where: Caesars Forum - Summit 228->236 (AI Village) - Map

SpeakerBio:Yuvaraj Govindarajulu 
No BIO available

Description:
As of this year, there are over a 2.5 billion Edge-enabled IoT devices and close to 1.5 million new AI Edge devices projected to be shipped. These devices include smaller compressed versions of AI models running on them. While in the last years, we have been able to improve the performance of the AI models and reduce their memory footprint on these devices, not much has been spoken about the security threats of the AI models on tiny models.

First step towards protecting these AI models from attacks such as Model Theft, evasion and data poisoning, would be to study the efficacy of attacks on these Tiny Intelligent systems. Some of them at the lower Hardware and software layers could be protected through classical embedded security, they alone would not suffice to protect these Tiny Intelligence. Many of these tiny devices (microcontrollers) do not come with built-in security features because of their price and power requirements. So an understanding of how the core AI algorithm could be attacked and protected become necessary. In this talk we go about discussing what could be the possible threats to these devices and provide directions on how additional AI security measures would save the Tiny intelligence.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Sunday - 09:00-10:20 PDT


Title: Automate Detection with Machine Learning 
When: Sunday, Aug 14, 09:00 - 10:20 PDT
Where: Caesars Forum - Summit 228->236 (AI Village) - Map

SpeakerBio:Gavin Klondike 
Gavin Klondike is a senior consultant and researcher who has a passion for network security, both attack and defense. Through that passion, he runs NetSec Explained; a blog and YouTube channel which covers intermediate and advanced level network security topics, in an easy to understand way. His work has given him the opportunity to be published in industry magazines and speak at conferences such as Def Con, Def Con China, and CactusCon. Currently, he is researching into ways to address the cybersecurity skills gap, by utilizing machine learning to augment the capabilities of current security analysts.

Description:
Today, over a quarter of security products for detection have some form of machine learning built in. However, “machine learning” is nothing more than a mysterious buzzword for many security analysts. In order to properly deploy and manage these products, analysts will need to understand how the machine learning components operate to ensure they are working efficiently. In this talk, we will dive head first into building and training our own security-related models using the 7-step machine learning process. No environment setup is necessary, but Python experience is strongly encouraged.

Return to Index    -    Add to    -    ics Calendar file

 

BTV - Sunday - 11:00-11:59 PDT


Title: Backdoors & Breaches, Back to the Stone Age!
When: Sunday, Aug 14, 11:00 - 11:59 PDT
Where: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map

Description:
Don't flake early! There will be several rounds of well-punned games all localized to Project Obsidian's killchain data and the tools utilized. Learn how the fates will treat you with an incident on the line. Backdoors & Breaches is an Incident Response Card Game from Black Hills Information Security and Active Countermeasures. The game contains 52 unique cards to conduct incident response tabletop exercises and learn attack tactics, tools, and methods.

https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/

A crowd interactive, igneous take on the BHIS IR card game.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Sunday - 10:35-11:25 PDT


Title: Basic Blockchain Forensics
When: Sunday, Aug 14, 10:35 - 11:25 PDT
Where: LINQ - BLOQ (SkyTalks 303) - Map

SpeakerBio:K1ng_Cr4b
As a Cryptocurrency Fraud and Compliance Analyst I follow nefarious activity that occurs on the blockchain. Cases can be anything from scams, hacks, ransomware, money laundering, illicit finance, or dark web criminal activity. The field is constantly evolving, and I am excited to share with you some real life cases and other exciting findings. All information in the talk is shared in the lens of how you can better protect your privacy while using cryptocurrency and how you should respond if victimized.

Description:
The transparency, immutability, and availibility of cryptocurrency blockchain data work to the advantage of Blockchain Forensics Investigators. Follow a crytpcurrency forensic analyst as we go from a single transaction to attribution.

Return to Index    -    Add to    -    ics Calendar file

 

PLV - Sunday - 10:00-11:45 PDT


Title: Better Policies for Better Lives: Hacker Input to international policy challenges
When: Sunday, Aug 14, 10:00 - 11:45 PDT
Where: Caesars Forum - Summit 226-227 - Policy Roundtable - Map

SpeakerBio:Peter Stephens , Policy Advisor for CyberSecurity, Organisation for Economic Co-operation and Development (OECD)
No BIO available

Description:
Every year, delivering effective cyber security policies becomes more urgent, and more complicated. These challenges are becoming more international. Just thinking about product security for IoT; consumers are buying more smart products through online marketplaces, supply chains are becoming more complex and overly reliant on online marketplaces , that often exist outside of the remit for existing legislation. Meanwhile, the vast majority of consumers simply don’t know what to look for to assess security. The problem isn’t just security, but it is one of market failure.

In the policy space, it also feels like there is a market failure at play. Security researchers want to feed into policy makers’ approaches, and civil servants (many of whom are generalists) need technical experts to help them assess lobbying and design proportionate plans.

The OECD exists to promote ‘better policies for better lives’. We support civil servants around the world, and would like to offer opportunities for the security research community to feed in at a broader scale. This will be a working session, with a particular focus on product security (including IoT) and the challenges facing the security research community in the handling of vulnerabilities.


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Sunday - 13:00-13:59 PDT


Title: Blue Team Village Closing Ceremony
When: Sunday, Aug 14, 13:00 - 13:59 PDT
Where: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map

Description:
Closing ceremony for Blue Team Village @ DEF CON 30

Closing ceremony for Blue Team Village @ DEF CON 30


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Sunday - 10:00-12:59 PDT


Title: Botnet Workshop
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map

Description:
What is a botnet and how does it work? Come to the Packet Hacking Village and we'll teach you! Our workshop covers the basics of setup, operation, and shenanigans. Learn a skill useful for offense and defense in infosec!

Return to Index    -    Add to    -    ics Calendar file

 

PSV - Sunday - 10:30-10:59 PDT


Title: Bypass 101
When: Sunday, Aug 14, 10:30 - 10:59 PDT
Where: Caesars Forum - Summit 201-202 (Physical Security Village) - Map

SpeakerBio:Karen Ng
As a founding member of the Physical Security Village, Karen has always been eager to spread awareness of physical security vulnerabilities. Karen works with GGR Security as a Security Risk Assessor.
Twitter: @hwenab

Description:
There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn the basics in this talk.

Return to Index    -    Add to    -    ics Calendar file

 

PSV - Sunday - 11:00-11:30 PDT


Title: Bypass 102
When: Sunday, Aug 14, 11:00 - 11:30 PDT
Where: Caesars Forum - Summit 201-202 (Physical Security Village) - Map

SpeakerBio:Karen Ng
As a founding member of the Physical Security Village, Karen has always been eager to spread awareness of physical security vulnerabilities. Karen works with GGR Security as a Security Risk Assessor.
Twitter: @hwenab

Description:
Now that you’re familiar with the techniques used to bypass locks in some door installation, come and learn the remediations for these common bypasses. In this talk, you will learn how to protect against or harden against attacks such as the Under the Door attack, latch slipping, and more.

Return to Index    -    Add to    -    ics Calendar file

 

CON - Sunday - 10:00-12:59 PDT


Title: Capture The Packet Finals
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map

Description:
Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes.

Return to Index    -    Add to    -    ics Calendar file

 

CON - Sunday - 10:00-11:59 PDT


Title: Car Hacking Village CTF
When: Sunday, Aug 14, 10:00 - 11:59 PDT
Where: Caesars Forum - Forum 124-128 (Car Hacking Village) - Map

Description:
The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OE's and suppliers to ensure our challenges give a real-world experience to hacking cars. We understand car hacking can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.

Return to Index    -    Add to    -    ics Calendar file

 

SOC - Sunday - 09:00-14:59 PDT


Title: Chillout Lounge (with entertainment)
When: Sunday, Aug 14, 09:00 - 14:59 PDT
Where: Flamingo - Carson City I (Chillout) - Map
Speakers:Rusty,Merin MC,s1gnsofl1fe,Pie & Darren

SpeakerBio:Rusty
No BIO available

SpeakerBio:Merin MC
No BIO available

SpeakerBio:s1gnsofl1fe
No BIO available

SpeakerBio:Pie & Darren
No BIO available

Description:
The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there.

All chillout lounges are planned to be open 09:00 - 15:00 for chillout purposes.

Entertainment schedule:

09:00 to 12:00 - Pie & Darren
12:00 to 13:00 - s1gnsofl1fe
13:00 to 14:00 - Rusty
14:00 to 15:00 - Merin MC


Return to Index    -    Add to    -    ics Calendar file

 

SOC - Sunday - 09:00-14:59 PDT


Title: Chillout Lounge (with entertainment)
When: Sunday, Aug 14, 09:00 - 14:59 PDT
Where: LINQ - 3rd flr - Chillout - Map
Speakers:Rusty,Merin MC,s1gnsofl1fe,Pie & Darren

SpeakerBio:Rusty
No BIO available

SpeakerBio:Merin MC
No BIO available

SpeakerBio:s1gnsofl1fe
No BIO available

SpeakerBio:Pie & Darren
No BIO available

Description:
The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there.

All chillout lounges are planned to be open 09:00 - 15:00 for chillout purposes.

Entertainment schedule:

09:00 to 12:00 - Pie & Darren
12:00 to 13:00 - s1gnsofl1fe
13:00 to 14:00 - Rusty
14:00 to 15:00 - Merin MC


Return to Index    -    Add to    -    ics Calendar file

 

SOC - Sunday - 09:00-14:59 PDT


Title: Chillout Lounge (with entertainment)
When: Sunday, Aug 14, 09:00 - 14:59 PDT
Where: Flamingo - Reno I Ballroom (Chillout Lounge) - Map
Speakers:Rusty,Merin MC,s1gnsofl1fe,Pie & Darren

SpeakerBio:Rusty
No BIO available

SpeakerBio:Merin MC
No BIO available

SpeakerBio:s1gnsofl1fe
No BIO available

SpeakerBio:Pie & Darren
No BIO available

Description:
The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there.

All chillout lounges are planned to be open 09:00 - 15:00 for chillout purposes.

Entertainment schedule:

09:00 to 12:00 - Pie & Darren
12:00 to 13:00 - s1gnsofl1fe
13:00 to 14:00 - Rusty
14:00 to 15:00 - Merin MC


Return to Index    -    Add to    -    ics Calendar file

 

SOC - Sunday - 09:00-14:59 PDT


Title: Chillout Lounge (with entertainment)
When: Sunday, Aug 14, 09:00 - 14:59 PDT
Where: Caesars Forum - Forum 120-123, 129, 137 (Chillout) - Map
Speakers:Rusty,Merin MC,s1gnsofl1fe,Pie & Darren

SpeakerBio:Rusty
No BIO available

SpeakerBio:Merin MC
No BIO available

SpeakerBio:s1gnsofl1fe
No BIO available

SpeakerBio:Pie & Darren
No BIO available

Description:
The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there.

All chillout lounges are planned to be open 09:00 - 15:00 for chillout purposes.

Entertainment schedule:

09:00 to 12:00 - Pie & Darren
12:00 to 13:00 - s1gnsofl1fe
13:00 to 14:00 - Rusty
14:00 to 15:00 - Merin MC


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 10:00-12:59 PDT


Title: CISA and Idaho National Lab Escape Room
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CISA Escape Room - Map

Description:
CISA and Idaho National Lab invite you to participate in an immersive Escape Room adventure to test your cybersecurity and infrastructure protection skills. This Escape Room will challenge you and your Team through a series of traditional time-bound Escape Room challenges mixed with cybersecurity elements. Participant’s skills will be confronted with cybersecurity puzzles involving wireless technologies, Open Source Intelligence (OSINT) analysis, database exploitation, network discovery, industrial control systems, cryptography, Arduino backed puzzles, and more. With the mix of traditional escape room puzzles, there is enough to do for everyone regardless of the level of their cyber skills. Come have fun while learning more about cybersecurity with CISA and Idaho National Lab.

** Swing by the ICS Village to reserve a time for your team. **

Escape Room Scenario: A disgruntled employee, Bob, has been plotting to bring down the company where he works. In retaliation for his perceived mistreatment, Bob has created an electromagnetic pulse device (EMP) to take out sensitive industrial control systems in the area. Thanks to a few diligent and observant company employees, Bob was taken into custody but not before the timer on the device could be activated! The EMP device has been armed and the clock is ticking. CISA needs your help in protecting our critical infrastructure by following the clues found in Bob’s office to help CISA to disarm the EMP device before it is too late.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 12:50-13:30 PDT


Title: Cloud Defaults are Easy Not Secure
When: Sunday, Aug 14, 12:50 - 13:30 PDT
Where: Flamingo - Scenic Ballroom (Cloud Village) - Map

SpeakerBio:Igal Flegmann
Igal started his career in Microsoft’s Azure Security team creating and managing identity services for Azure’s secure production tenants. After a successful career in Azure Security, Igal transferred teams to work in Azure’s ASCII (Azure Special Capabilities, Infrastructure, and Innovation) team, where he used his identity and security expertise to design and create security services to protect the critical infrastructure devices of the world.

To follow passion for identity and security, Igal decided to leave Microsoft and Co-found Keytos, a security company with the mission of eliminating passwords by creating easy to use PKI offerings.

Twitter: @igal_fs

Description:
In the last decade, the major cloud companies have been fighting to get market share by offering the easiest to use cloud with most services. Allowing you get a simple site up and running in a few minutes and quickly being able to scale it. While cloud providers market themselves as the most secure infrastructure for your code, their defaults are far from secure. With: certificates being able to be issued without proof of domain ownership, insecure SSH by default, default passwords, and more the move to the cloud is making it easier for you and your attackers to get into your infrastructure. In this talk we will talk about common Azure errors that will get you in trouble.

Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 11:20-11:50 PDT


Title: Cloud Sandboxes for Security Research - Fire from the Heavens
When: Sunday, Aug 14, 11:20 - 11:50 PDT
Where: Flamingo - Scenic Ballroom (Cloud Village) - Map

SpeakerBio:Louis Barrett
Louis L. Barrett is a Fullstack Security Researcher who has 10 years of experience in detection and response. He currently works as lead product security engineer for a SaaS AI company, where he is responsible for securing ML infrastructure and building paved road solutions for developers. He has a passion for solving hard, technical problems and integrating new software trends into traditional security practices.
Twitter: @0daysimpson

Description:
Analyzing malicious digital content safely typically requires specialized tools in a sandboxed environment, and an awareness of the risk associated with specific analysis techniques.

Traditionally the process of provisioning these environments was labor intensive, and technically demanding. In this presentation I'll show you how to use DevSecOps best practices to provision lightweight, anonymous, cloud sandboxes in seconds.

Comments: Text HOW or SHELL to 1337-561-1337* for an early demo of what I'm presenting. https://github.com/shell-company/public-shell-company


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 13:30-13:45 PDT


Title: Cloud Village Closing Note
When: Sunday, Aug 14, 13:30 - 13:45 PDT
Where: Flamingo - Scenic Ballroom (Cloud Village) - Map

SpeakerBio:Jayesh Singh Chauhan
No BIO available

Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 14:00-15:15 PDT


Title: Contest Closing Ceremonies & Awards
When: Sunday, Aug 14, 14:00 - 15:15 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map

SpeakerBio:Grifter , DEF CON, Contests & Events
No BIO available

Description:
DEF CON Contes & Events Awards, come find out who won what!!

Return to Index    -    Add to    -    ics Calendar file

 

ASV - Sunday - 10:30-11:20 PDT


Title: Control Acquisition Attack of Aerospace Systems by False Data Injection
When: Sunday, Aug 14, 10:30 - 11:20 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map

SpeakerBio:Garrett Jares
Garrett Jares is a Ph.D. student in the Department of Aerospace Engineering at Texas A&M University and a 2020 Recipient of the NSF Graduate Research Fellowship. His doctoral dissertation investigates cyber-attacks designed to take control of an aircraft by targeting the vehicle’s sensor data

Description:
The most dangerous cyber threat faced by unmanned air systems and other autonomous vehicles is the threat of hijacking via cyberattack. This work investigates and develops a novel method of attack by false data injection of the vehicle’s measurement data. It is shown that this approach is system agnostic and can be used to takeover a system without any prior knowledge of the system. The attack is demonstrated in both simulation and hardware experiments.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Sunday - 13:30-14:15 PDT


Title: Cryptosploit
When: Sunday, Aug 14, 13:30 - 14:15 PDT
Where: Flamingo - Vista Ballroom (Crypto Privacy Village) - Map
Speakers:Matt Cheung,Benjamin Hendel

SpeakerBio:Matt Cheung , Hacker
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given workshops at the Boston Application Security Conference, BSidesLV, DEF CON, and the Crypto and Privacy Village.

SpeakerBio:Benjamin Hendel


Description:
Cryptosploit is a new tool intended to aid in the development and use of cryptographic attacks in a variety of scenarios. Inspired by the cryptopals challenges and tools like metasploit this talk will discuss the origin of this tool and its uses. The main innovation of this tool is to write modules to implement attacks and separate code to interact with cryptographic systems called oracles. In this talk we will discuss how the attacks work and demonstrate how to execute them with this tool. The hope is this tool will encourage the use of cryptographic attacks where applicable by lowering the barrier of entry and community development.

Return to Index    -    Add to    -    ics Calendar file

 

RTV - Sunday - 11:00-11:59 PDT


Title: Cyber Resilience Bootcamp
When: Sunday, Aug 14, 11:00 - 11:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map

SpeakerBio:Ron Taylor
No BIO available
Twitter: @Gu5G0rman

Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

CON - Sunday - 10:00-11:59 PDT


Title: DARKNET-NG
When: Sunday, Aug 14, 10:00 - 11:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map

Description:
Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The “Learning Quests” help the agent gather knowledge from all across the other villages at the conference, while the “Challenge Quests” help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year’s challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!

Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 10:00-12:59 PDT


Title: DDS Hack-the-Microgrid
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS Workshop Area - Map

Description:
Microgrids are pretty high maintenance, and like satellites, primarily built for survivability, not security. As the Department of Defense marches toward deploying microgrids at scale to shore up mission resilience in response to the challenges presented by climate change, hackers are gonna hack.

In this lab, you’ll learn the basics of microgrid design – from what they are, how they work, and how they regulate themselves. Then, you’ll be able to use this knowledge to then attempt to take over and shut down a mock microgrid by hacking its weather data system and sensor input network to generate chaos.

(first-come-first-seated kind of event, essentially when a seat is free you are allowed to join)


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 11:50-12:30 PDT


Title: Deescalate the overly-permissive IAM
When: Sunday, Aug 14, 11:50 - 12:30 PDT
Where: Flamingo - Scenic Ballroom (Cloud Village) - Map

SpeakerBio:Jay Chen
Jay Chen is a security researcher with Palo Alto Networks. He has extensive research experience in cloud-native, public clouds, and edge computing. His current research focuses on investigating the vulnerabilities, design flaws, and adversary tactics in cloud-native technologies. In the past, he also researched Blockchain and mobile cloud security. Jay has authored 20+ academic and industrial papers.

Description:
The principle of least privilege states that a subject should be given only those privileges needed for it to complete its task. The concept is not new, but our recent research on 18,000 production cloud accounts across AWS and Azure showed that 99% of the cloud identities were overly-permissive. The majority of the identities only used less than 10% of their granted permissions. While I investigated the issue further, one interesting pattern quickly surfaced, many overly-permissive permissions were granted by CSP-managed permission policies. CSP-managed policies were granted 2.5 times more permissions than customer-managed policies. These excessive permissions unnecessarily increased the attack surface and risks of the cloud workloads. In particular, many identities could abuse the granted permissions to obtain admin privilege.

These findings raised a few questions. Are we all doing something terribly wrong? Is the principle of least privilege a realistic and necessary goal in modern cloud environments? What can be done to mitigate the problem? Knowing the problem and the risks, I will then introduce an open-source tool IAM-Deescalate to shine a light on the problem.

IAM-Deescalate can help identify and mitigate the privilege escalation risks in AWS. It models the relationship between every user and role in an AWS account as a graph using PMapper. It then identifies the possible privilege escalation paths that allow non-admin principals to reach admin principals. For each path, IAM-Deescalate revokes a minimal set of permissions to break the path to remediate the risks. At the time of writing, IAM-Deescalate can remediate 24 out of the 31 publicly known privilege escalation techniques. On average, it remediates 75% of the privilege escalation vulnerabilities that existing open-source tools can detect.

The audience will gain a new perspective on IAM security and pick up a new tool for their security toolbox.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 15:30-17:30 PDT


Title: DEF CON Closing Ceremonies & Awards
When: Sunday, Aug 14, 15:30 - 17:30 PDT
Where: Caesars Forum - Forum 104-110, 135-136, 138-139 (Tracks 1+2) - Map

SpeakerBio:The Dark Tangent , DEF CON
No BIO available

Description:
DEF CON Closing Ceremonies & Awards, the Uber Black badges are awarded to the winners of CTF and several other contests that earned a Black badge for DEF CON 30! We will wrap up the con, say thanks where it's due, and acknowledge special moments.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 12:00-12:45 PDT


Title: Defaults - the faults. Bypassing android permissions from all protection levels
When: Sunday, Aug 14, 12:00 - 12:45 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map

SpeakerBio:Nikita Kurtin , Hacker
By day - senior research developer
By night - street workout athlete
Sometimes vice versa ;-)
Favorite quote: "Between dream and reality, there is only you."

You can see CVE on my name here:
https://source.android.com/security/overview/acknowledgements


Description:
Exploring in depth the android permission mechanism, through different protection levels.

Step by step exploitations techniques that affect more than 98% of all Android devices including the last official release (Android 12).

In this talk I reveal a few different techniques that I uncovered in my research, which can allow hackers to bypass permissions from all protection levels in any Android device, which is more than 3 billion active devices according to the google official stats.

These vulnerabilities enable the hacker to bypass the security measures of android, by abusing default (built in) services and get access to abilities and resources which are protected by permission mechanism.

Some vulnerabilities are partially fixed, others won't be fixed as google considers as intended behavior.

In this talk I'll survey the different vulnerabilities, and deep dive into a few of different exploitations.

Finally, I'll demonstrate how those techniques can be combined together to create real life implications and to use for: Ransomware, Clickjacking, Uninstalling other apps and more, completely undetected by security measures.


Return to Index    -    Add to    -    ics Calendar file

 

RFV - Sunday - 10:00-14:59 PDT


Title: DEFCON Demonstrations and Presentations by Open Research Institute at RF Village
When: Sunday, Aug 14, 10:00 - 14:59 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map

SpeakerBio:Open Research Institute
No BIO available
Twitter: @OpenResearchIns

Description:
Opulent Voice Opulent Voice is an open source high bitrate digital voice (and data) protocol. It's intended to be useful for both space and terrestrial deployments. We’re getting nice clear 16kbps OPUS audio out of the demodulator. See and hear a demonstration at the ORI exhibit in RF Village. We’ll be using COBS protocol within Opulent Voice. If you’re unfamiliar with COBS, please read about it here: https://en.wikipedia.org/wiki/Consistent_Overhead_Byte_Stuffing Authentication and authorization is built in and optional. There is no separate “packet mode”. Things are designed to “just work” and get out of your way whether or not you’re sending voice or data. Based on Mobilinkd codebase that implemented M17, the Opulent Voice development implementation can be found here: https://github.com/phase4ground/opv-cxx-demod Authentication and Authorization functions will be summarized in a poster presentation. Find out more about this work here: https://github.com/phase4ground/documents/tree/master/Engineering/AAAAA Ribbit Ribbit is an open source SMS data mode that leverages smart phone hardware. The free Android app produces digital audio that you transmit over your HT or any other audio coupled device. There will be poster explaining the architecture and you can pick up a Ribbit sticker with QR code for the free Android app at ORI's exhibit in RF Village. Regulatory Interested in being able to do more with open source satellites? We have some landmark regulatory results that solve a big problem for those of us in the US that have wanted to do open source satellite work without fear. See our poster in RF Village and find out more at the following link: https://github.com/phase4ground/documents/tree/master/Regulatory OpenRTX OpenRTX is a team based in Italy that specializes in open source firmware for a variety of platforms in the VHF/UHF digital voice world. They work on DMR and M17 implementations for the MD-380, and more. Pick up a business card and see a demonstration of OpenRTX's work at ORI's exhibit in RF Village. Tiny CTF We'll have the World's Smallest Wireless CTF! Come and find it and get a mission patch for successful solves of the challenge. More! There's plenty more. If you see a Volcano and friendly people, you've found the right place.

Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 10:00-10:45 PDT


Title: Don’t be trusted: Active Directory trust attacks
When: Sunday, Aug 14, 10:00 - 10:45 PDT
Where: Flamingo - Scenic Ballroom (Adversary Village) - Map
Speakers:Jonas Bülow Knudsen,Martin Sohn Christensen

SpeakerBio:Jonas Bülow Knudsen
Jonas is a passionate Active Directory security professional. At Improsec, Jonas got experience as an AD hardening consultant helping organizations remediate their vulnerabilities and misconfiguration in and around Active Directory. This work included Windows OS hardening, clean-up in AD, and the AD tier model implementation. Additionally, he worked in incident response for a period, again focusing on AD. In Spring 2021, Jonas published a FOSS tool called ImproHound, which is a tool to identify the attack paths in breaking AD tiering, using BloodHound: https://github.com/improsec/ImproHound. ImproHound was presented at DEF CON 29 Adversary Village: https://www.youtube.com/watch?v=MTsPTI7OoqM. Jonas recently joined the BloodHound Enterprise team at SpecterOps as Technical Account Manager to help organizations identify and remediate attack paths in Active Directory and Azure.
Twitter: @jonas_b_k

SpeakerBio:Martin Sohn Christensen
Martin Sohn Christensen ,Martin is a security consultant at Improsec, a pragmatic security consulting firm in Denmark. With a background in Windows IT operations, he has pivoted to security in mainly Windows and Active Directory where he performs offence, analysis, and assessments. Although new to the industry, both his security passion and knowledge is strong because of a desire to understand concepts, technologies, and problems to their core. He enjoys researching, brain sharing, and solving hard problems in a team.
Twitter: @martinsohndk

Description:
Not understanding Active Directory domain- and forest trusts can be a big risk. We often have to stress, to quote from Microsoft: “the forest (not the domain) is the security boundary in an Active Directory implementation”. This means that any compromised child domain could result in a compromised root domain. But why is it so? We guessed the answer must be because of the attack/technique known as Access Token Manipulation: SID-History Injection, which enable a Domain Admin of a child domain to escalate to Enterprise Admin and gain full control of the forest. The attack can be mitigated by enabling SID filtering on the trust relationship, but it is not enabled by default for intra-forest domain trusts. SID Filtering is however enabled for inter-forest trusts by default, as Microsoft explains: “SID filtering helps prevent malicious users with administrative credentials in a trusted forest from taking control of a trusting forest”.

What is interesting is that SID filtering can be enabled on intra-forest domain trust as well and in theory prevent the SID-History injection technique. This posed the question – could SID filtering make the domain a security boundary? Our talk will take the audience through our research on this question. We will demonstrate typical trust attacks, how they can be mitigated, and present our SID filtering research including new techniques we discovered that make intra-forest SID filtering obsolete. Finally, we will explain and demonstrate a trust attack technique for moving from a TRUSTING domain to a TRUSTED domain (opposite direction of other trust attacks) which works even over one-way forest trusts (thereby breaking both Microsoft’s “forest is security boundary” statement and the “Red Forest”/ESAE design). Deep knowledge of Kerberos authentication is not necessary as the attacks are of low complexity, but a basic understanding of the protocol is an advantage. Attacks will be demonstrated using living-off-the-land tools and FOSS tools like Mimikatz and Rubeus. The talk is a summary of our work published in the “SID filter as security boundary between domains?” blog post series where part 1 explains Kerberos authentication between domains: https://improsec.com/tech-blog/o83i79jgzk65bbwn1fwib1ela0rl2d


Return to Index    -    Add to    -    ics Calendar file

 

LPV - Sunday - 12:00-12:25 PDT


Title: Doors, Cameras, and Mantraps. Oh, my!
When: Sunday, Aug 14, 12:00 - 12:25 PDT
Where: Caesars Forum - Summit 203-204, 235 (Lock Pick Village) - Map

SpeakerBio:Dylan Baklor
No BIO available

Description:
A general, high level talk, about practical physical security assessment.

Return to Index    -    Add to    -    ics Calendar file

 

IOTV - Sunday - 10:00-12:59 PDT


Title: Drone Hack
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Alliance 311, 320 (IoT Village) - Map

Description:
A handcrafted IoT challenge that will put your skills to the test. Be prepared to hack devices over bluetooth low energy, break into Wi-Fi networks, and exploit binaries. If you avoid the deadly sharks and laser beams you may be able to access smart locks, conduct electronic warfare, and fly drones.

Return to Index    -    Add to    -    ics Calendar file

 

ASV - Sunday - 12:00-12:50 PDT


Title: Drones and Civil Liberties
When: Sunday, Aug 14, 12:00 - 12:50 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map

SpeakerBio:Andrés Arrieta
As Director of Consumer Privacy Engineering, Andrés oversees projects and issues on privacy, competition, and cybersecurity. He has taken a particular interest in the benefits and risks that drones bring. 

Description:
Drones are capable of bringing many benefits to society but they also pose several risks to our civil liberties. With the FAA moving to create rules for BVLOS (mostly commercial operations) there are important privacy issues raised by a future with many commercial drones flying over our heads. Likewise government agencies want to be able to mitigate risks from operator error to use for nefarious purposes. But the powers they ask are broad, cut into civil liberties, and carry no protections

Return to Index    -    Add to    -    ics Calendar file

 

GHV - Sunday - 10:30-10:59 PDT


Title: Edutainment: A gateway into the field of Cybersecurity & Online safety for girls.
When: Sunday, Aug 14, 10:30 - 10:59 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map

SpeakerBio:Monique Head
Monique Head is known as a dynamic and accomplished, bilingual senior cybersecurity leader and educator with progressive experience in guiding cybersecurity training & awareness, compliance, and strategy development for industry leaders such as Netflix, Palo Alto Networks, PayPal, HP, and Visa. She possesses a passion for working in dynamic, global, business environments utilizing project management, learning technologies and instructional design methodologies to optimize learning ecosystems, communication efforts and employee knowledge. She drives strategic training initiatives that increase security acumen and customer/employee adoption to drive down security risk. With an expertise in developing, initiating & implementing online/traditional learning programs, crafting eLearning strategies, and creating innovative cost-effective training products/programs she has a proven method to improve security behaviors. She has a special interest in learning technologies such as xAPI, learner analytics, and multimedia communication delivery channels to uplift the security acumen of organizations. Her latest endeavor includes founding a nonprofit organization, CyberTorial, to help educate young girls of color on how to be safe online and to spark their interest in a role as a cybersecurity professional.

Monique Head is an accomplished, bilingual senior cybersecurity leader and educator experienced in guiding cybersecurity training & awareness, compliance, and strategy development for industry leaders such as Netflix, Palo Alto Networks, PayPal, HP, and Visa. She is passionate about using project management, learning technologies and instructional design methodologies to optimize learning ecosystems, communication efforts and employee knowledge. She has a special interest in learning technologies, learner analytics, and multimedia communication delivery channels to uplift the security acumen of organizations. Head founded the nonprofit, CyberTorial, to help educate young girls of color on how to be safe online and to spark their interest in a role as a cybersecurity professional.


Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 13:00-13:45 PDT


Title: ElectroVolt: Pwning popular desktop apps while uncovering new attack surface on Electron
When: Sunday, Aug 14, 13:00 - 13:45 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
Speakers:Aaditya Purani,Max Garrett

SpeakerBio:Aaditya Purani , Senior Security Engineer, Tesla
Aaditya Purani is a senior security engineer at a leading automotive company. Aaditya's primary areas of expertise are web/mobile application penetration testing, product security reviews, blockchain security, and source code review.

He contributes to responsible disclosure programs and is included in the hall of fame for Apple, Google and AT&T. He also participates in capture the flag (CTF) from perfect blue which is a globally ranked top-1 CTF team since 2020.

As a researcher, his notable public findings include BTCPay Pre-Auth RCE, Brave Browser Address Bar Vulnerability, and Akamai Zero Trust RCE. As a writer, Aaditya has authored articles for InfoSec Institute, Buzzfeed, and Hakin9. In the past, Aaditya has interned for Bishop Fox and Palo Alto Networks.

Twitter: @aaditya_purani

SpeakerBio:Max Garrett , Application Security Auditor, Cure53
No BIO available

Description:
Electron based apps are becoming a norm these days as it allows encapsulating web applications into a desktop app which is rendered using chromium. However, if Electron apps load remote content of attackers choice either via feature or misconfiguration of Deep Link or Open redirect or XSS it would lead to Remote Code Execution on the OS.

Previously, it was known that lack of certain feature flags and inefficiency to apply best practices would cause this behavior but we have identified sophisticated novel attack vectors within the core electron framework which could be leveraged to gain remote code execution on Electron apps despite all feature flags being set correctly under certain circumstances.

This presentation covers the vulnerabilities found in twenty commonly used Electron applications and demonstrates Remote Code Execution within apps such as Discord, Teams(local file read), VSCode, Basecamp, Mattermost, Element, Notion, and others.

The speaker's would like to thank Mohan Sri Rama Krishna Pedhapati, Application Security Auditor, Cure53 and William Bowling, Senior Software Developer, Biteable for their contributions to this presentation.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 11:00-11:45 PDT


Title: emulation-driven reverse-engineering for finding vulns
When: Sunday, Aug 14, 11:00 - 11:45 PDT
Where: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map

SpeakerBio:atlas , chief pwning officer, 0fd00m c0rp0ration
atlas is a binary ninja who's been working to improve his understanding of this digital world for nearly two decades. firmware, software, hardware, rf, protocols, it's all fun to him. after all these years, he still enjoys making sense of low level things and bringing along friends who share the passion. background in development, client/server admin, hardware reversing, software reversing, vulnerability research, exploiting things in SCADA/ICS, Power Grid, Automotive, Medical, Aerospace, and devving tools to make it all easier, faster, and more consistent.
Twitter: @at1as

Description:
do your eyes hurt? is your brain aching? is your pain caused from too much deciphering difficult assembly (or decompiled C) code?

assembly can hurt, C code can be worse. partial emulation to the rescue! let the emulator walk you through the code, let it answer hard questions/problems you run into in your reversing/vuln research. this talk will introduce you the power of emulator-driven reversing. guide your RE with the help of an emulator (one that can survive limited context), emulate code you don't want to reverse, be better, learn more, be faster, with less brain-drain. make no mistake, RE will always have room for magicians to show their wizardry... but after this talk, you may find yourself a much more powerful wizard.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Sunday - 09:30-10:20 PDT


Title: Eradicating Disease With BioTerrorism
When: Sunday, Aug 14, 09:30 - 10:20 PDT
Where: LINQ - BLOQ (SkyTalks 303) - Map

SpeakerBio:Mixæl S. Laufer
Mixæl Swan Laufer worked in mathematics and high energy physics until he decided to tackle problems of global health and human rights. He continues to work to make it possible for people to manufacture their own medications and devices at home by creating public access to tools and information.
Twitter: @MichaelSLaufer

Description:
We all know that person who never brushes their teeth, but seems never to get drilled in the dentist's chair. Why are they special? We also know the person who no matter how diligent they are with oral hygiene is constantly in the dentist's office. Why are they unlucky? The most common infectious disease in humans is dental caries, commonly referred to as cavities. This has plagued humanity since it became a species, and continues to this day. It disproportionately is suffered by those in the lower socioeconomic classes and in the global south. Conventional wisdom suggests that all that is needed is a good tooth-brushing regimen, and everything will be fine. But we know this is false. We now know that the cavity phenomenon is modulated by bacteria, and now that we can manipulate the genetic material of bacteria, we can eliminate this disease. Come see how we did it, get the new genetically modified bacteria which is the cure for yourself, and help save teeth all over the world.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 11:00-11:45 PDT


Title: Exploitation in the era of formal verification: a peek at a new frontier with AdaCore/SPARK
When: Sunday, Aug 14, 11:00 - 11:45 PDT
Where: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
Speakers:Alex Tereshkin,Adam 'pi3' Zabrocki

SpeakerBio:Alex Tereshkin
Alex Tereshkin is an experienced reverse engineer and an expert in UEFI security, Windows kernel and hardware virtualization, specializing in rootkit technologies and kernel exploitation. He has been involved in the BIOS and SMM security research since 2008. He is currently working as a Principal Offensive Security Researcher at NVIDIA. He has done significant work in the field of virtualization-based malware and Windows kernel security. He is a co-author of a few courses taught at major security conferences and a co-author of the first UEFI BIOS and Intel ME exploits.
Twitter: @AlexTereshkin

SpeakerBio:Adam 'pi3' Zabrocki , Principal System Software Engineer (Offensive Security) at NVIDIA
Adam Zabrocki 'pi3' is a computer security researcher, pentester and bughunter, currently working as a Principal Offensive Security Researcher at NVIDIA. He is a creator and developer of Linux Kernel Runtime Guard (LKRG) - his moonlight project defended by Openwall. Among others, he used to work in Microsoft, European Organization for Nuclear Research (CERN), HISPASEC Sistemas (known from the virustotal.com project), Wroclaw Center for Networking and Supercomputing, Cigital. The main area of his research is low-level security (CPU arch, uCode, FW, hypervisor, kernel, OS).

As a hobby, he was a developer in The ERESI Reverse Engineering Software Interface project, a bughunter (discovered vulnerabilities in Hyper-V, KVM, RISC-V ISA, Intel's Reference Code, Intel/NVIDIA vGPU, Linux kernel, FreeBSD, OpenSSH, gcc SSP/ProPolice, Apache, Adobe Acrobat Reader, Xpdf, Torque GRID server, and more) and studied exploitation and mitigation techniques, publishing results of his research in Phrack Magazine.

Adam is driving Pointer Masking extension for RISC-V, he is a co-author of a subchapter to Windows Internals and was The Pwnie Awards 2021 nominee for most under-hyped research. He was a speaker at well-known security conferences including Blackhat, DEF CON, Security BSides, Open Source Tech conf and more.

Twitter: @Adam_pi3

Description:
For decades, software vulnerabilities have remained an unsolvable security problem regardless of years of investment in various mitigations, hardening and fuzzing strategies. In the last years there have been moves to formal methods as a path toward better security. Verification and formal methods can produce rigorous arguments about the absence of the entire classes of security bugs, and are a powerful tool to build highly secure software.

AdaCore/SPARK is a formally defined programming language intended for the development of high integrity software used in systems where predictable and highly reliable operation is crucial. The formal, unambiguous, definition of SPARK allows a variety of static analysis techniques to be applied, including information flow analysis, proof of absence of run-time exceptions, proof of termination, proof of functional correctness, and proof of safety and security properties.

In this talk we will dive-into AdaCore/SPARK, cover the blind spots and limitations, and show real-world vulnerabilities which we met during my work and which are still possible in the formally proven software. We will also show an exploit targeting one of the previously described vulnerabilities.


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 10:00-12:59 PDT


Title: Fantom5 SeaTF CTF
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CTF Area - Map

Description:
Contestants will be able to try their hand and compete in a point based Capture the Flag hacking competition based around 3 Maritime consoles. The consoles involved will be Navigation systems, Steering and Propulsion systems, and Ballast systems. These systems provide a relative experience of the actual systems found aboard a naval vessel.

This is a registration required based CTF https://www.sea-tf.com/registration First come first serve basis on time slots.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Sunday - 11:30-11:59 PDT


Title: Finding Crypto: Inventorying Cryptographic Operations
When: Sunday, Aug 14, 11:30 - 11:59 PDT
Where: Flamingo - Vista Ballroom (Crypto Privacy Village) - Map

SpeakerBio:Kevin Lai
Kevin is a Security Engineer at Datadog in the cozy San Francisco office. After spending a decade doing full stack web development, he's moved into security for a different set of fun challenges. Out of the office you'll find him making digital art, designing games, critiquing food, and writing oddball articles.

Description:
Despite the importance, most organizations don't have a good understanding of cryptographic operations in use across their various code bases. IBM's Cost of a Data Breach Report 2021 notes that organizations that use strong encryption had a $1.25 million average lower cost of a breach than those with weak or no encryption.

Due to aging ciphers and increasing computational power, dated cipher suites are the future of insecure cryptographic practices. In order to effectively counter this threat, every organization needs to be aware of what ciphers are used, where, and how.

One solution to this problem is adding static analysis checks as part of your core continuous integration (CI) testing. In this talk, we'll see two open source static analysis solutions with default rules around detection of cryptographic weakness: Semgrep and CodeQL.

In this talk, I’ll demonstrate how to implement rules with Semgrep and CodeQL, then modify cryptographic rules to suit your needs. As a demonstration, we’ll look at this through the lens of achieving US Federal Information Processing Standard (FIPS) 140-2 compliance which is mandated by federal customers.

If you're looking for ways to audit, create controls, or validate tooling around determining cryptographic usage, this talk will give you solid practices to get started.


Return to Index    -    Add to    -    ics Calendar file

 

PSV - Sunday - 12:30-12:59 PDT


Title: Forcible Entry 101
When: Sunday, Aug 14, 12:30 - 12:59 PDT
Where: Caesars Forum - Summit 201-202 (Physical Security Village) - Map

SpeakerBio:Bill Graydon , Principal, Physical Security Analytics, GGR Security
Bill Graydon is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running DEF CON’s Lock Bypass Village. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in cyber security, anti-money laundering, and infectious disease detection.
Twitter: @access_ctrl

Description:
Learn about the common methods of forcible entry employed by firefighters, police/military, locksmiths and criminals, and try some out for yourself.

Return to Index    -    Add to    -    ics Calendar file

 

ASV - Sunday - 11:30-11:55 PDT


Title: Formalizing Security Assessment for Uncrewed Aerial Systems
When: Sunday, Aug 14, 11:30 - 11:55 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Speakers:Ronald Broberg,Rudy Mendoza

SpeakerBio:Ronald Broberg
Ronald Broberg performs security assessments on Uncrewed Aerial Systems (UAS) with Dark Wolf Solutions. Previously, he was employed with Lockheed Martin. He had presented at the Aerospace Village during DEFCON 29
Twitter: @noiq15

SpeakerBio:Rudy Mendoza , Senior Penetration Tester
Rudy Mendoza (rudy.mendoza@darkwolfsolutions.com) is Senior Penetration Tester with Dark Wolf Solutions. He has been working on the Blue UAS project for the past year conducting penetration tests on multiple commercial drones for the Department of Defense. Prior to Dark Wolf Solutions he was in the U.S Air Force, where he started out as a client systems technician but quickly moved over to stand up a pathfinder program called the Mission Defense Team, providing cyber security capabilities to detect and respond to cyber threats against Air Force Space Command mission systems. 

Description:
 Increased adoption of Uncrewed Aerial Systems (UAS) by a wide range of local, state, and federal government entities requires greater attention to the security requirements of UAS. Such requirements must support both operational (flight) security and data security of the UAS. We discuss the architectural decomposition used for our security assessments, common security features and failures found in current UAS, and discuss the use of IoT security frameworks in a UAS context.

Return to Index    -    Add to    -    ics Calendar file

 

HRV - Sunday - 11:00-13:59 PDT


Title: Free Amateur Radio License Exams
When: Sunday, Aug 14, 11:00 - 13:59 PDT
Where: Flamingo - Virginia City I (Ham Radio Village Exams) - Map

Description:
Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 30 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on https://ham.study/, and may sign up here: https://ham.study/sessions/626c9a8357cbff833ac7f4b7/1

Return to Index    -    Add to    -    ics Calendar file

 

SOC - Sunday - 12:00-11:59 PDT


Title: Friends of Bill W
When: Sunday, Aug 14, 12:00 - 11:59 PDT
Where: Caesars Forum - Unity Boardroom - Map

Description:
For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.

Please note: the Caesars Forum Unity Ballroom is at the "front" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Sunday - 10:00-12:59 PDT


Title: Hack the Airfield with DDS
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map

Description:
Hack the Airfield is broken down into two primary components, the aircraft and the system used to locate and find them.

BRICKS IN THE AIR
Learn how avionics systems work in a safe and fun way in our Bricks in the Air workshop that simulates an environment requiring similar approaches to hacking on actual aviation buses without using any of the real hardware, protocols, or commands. Challengers can freely play and develop skills without worrying about legalities or sensitivities of real systems.

SPOOFING ADS-B
ADS-B is the latest version of Identify Friend or Foe (IFF), which is the common name for cooperative radar surveillance of aircraft. Unlike traditional IFF, in ADS-B the aircraft periodically sends a broadcast out roughly every half second to alert all nearby receivers of its current location. These broadcasts are unencrypted and fairly easy to spoof, allowing anyone to create as many aircraft as they want. Stop by the workshop and learn what it takes to spoof fake aircraft into the system used to track them.

Required gear: none!


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Sunday - 10:00-12:59 PDT


Title: Hack the Airport with Intelligenesis
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map

Description:
Can you restore the Aerospace Village runway lighting system? IntelliGenesis will be holding a mini-Hack the Airport that is designed to showcase the impact of a cyber-attack on critical infrastructure commercial or government facilities; specifically, Aviation Control Systems. Transportation Systems is one of the 16 Cybersecurity and Infrastructure Agency Critical Infrastructure Sectors for the US. There is a hyper focus on cybersecurity surrounding airports and the critical infrastructure systems supporting aviation operations. Come on over and give it an attempt, there will be 4 stages culminating in restoring the lighting system so that the village can begin landing and launching aircraft. All levels of experience can participate.

Signups: beginning Monday 8/8 – but not required to participate


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 10:00-12:59 PDT


Title: Hack the Plan[e]t CTF
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CTF Area - Map

Description:
Hack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.

Howdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home - made to be “smart” from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumerfocused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of a real and simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.

In the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. There will be integrated elements from DHS/CISA with their ranges that are realistically miniaturized assets (ie operational oil and natural gas pipeline, etc.).


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Sunday - 10:00-12:59 PDT


Title: Hack-A-Sat Digital Twin Workshop
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map

Description:
The Hack-A-Sat team is working hard to build the next competition platform for the Hack-A-Sat 3 (HAS3) Finals competition, where space math, hacking, and satellite operations are interwoven into a realistic space CTF environment. We will be demoing the HAS3 digital twin satellite in the Aerospace Village for participants to experience basic satellite command & control operations and flight software exploitation with two challenges created specifically for DEF CON. This year’s digital twin brings new tools, processor architecture, and physics simulation capabilities that we will be unveiling for the first time.

Required gear: We are hosting the demo on our own hardware so all you need to bring is your own desire to “Learn. Space. Faster”.

Signups: first come first serve, come by the Aerospace Village during its normal operating hours!


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Sunday - 12:45-13:30 PDT


Title: Hacking the Brave New Worlds and Extended Realities
When: Sunday, Aug 14, 12:45 - 13:30 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map

SpeakerBio:Kavya Pearlman
Kavya Pearlman is Well known as the “Cyber Guardian,” founder & CEO of the XR Safety Initiative (XRSI), Kavya Pearlman is an award-winning cybersecurity professional with a deep interest in immersive and emerging technologies. Kavya is a pioneer of the novel XRSI Privacy and Safety Framework for the Immersive Technologies Domain, Security awareness in the Metaverse, and various baseline security and privacy standards for Emerging Technologies. She has won several awards for her work and has been named one of the Top twenty Cybersecurity influencers for three consecutive years, 2018-2019-2020, and again for the year 2022 by IFSEC Global. Kavya serves as the key member of the Global Coalition for Digital Safety at the World Economic Forum (WEF) and is part of the new Metaverse Initiative at WEF. Kavya currently advises over 20 global governments on global policies for emerging technologies and human rights considerations and provides oversight to several key open source efforts on Metaverse-related technologies, including The Metaverse Standard Forum and Responsible Metaverse Alliance Kavya has previously advised Facebook on third-party security risks during the 2016 US presidential elections and worked as the head of security for the oldest virtual world, “Second Life” by Linden Lab. Kavya is the leading voice in cybersecurity, privacy, and Ethics for Emerging technologies including AR, VR, and XR, exploring cross-sections of 5G, AI, and BCI - leading Standards development and promoting Diversity and Inclusion in Immersive Technologies. Kavya is one of the Top 50 speakers in the cybersecurity industry and constantly shares knowledge via webinars, conference talks, and blog posts around Application Security, Cloud-native technologies, Machine Learning, and the global challenges that come along with the next iteration of the internet, the Metaverse and web 3.0.

Description:
As the industry looks towards mass adoption of XR and build brave new virtual worlds and ultimately the Metaverse, what are the traditional and novel threats and how can we get ready for the emerging and disruptive threats? What role does XRSI play in helping build Security, safety, and privacy in the emerging technological ecosystems? Kavya Pearlman, Founder & CEO of XRSI will share the insights, new types of cyber attacks, and potential solutions on the horizon.

Return to Index    -    Add to    -    ics Calendar file

 

RTV - Sunday - 10:00-10:59 PDT


Title: Hacking WebApps with WebSploit Labs
When: Sunday, Aug 14, 10:00 - 10:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map

SpeakerBio:Omar Santos , Principal Engineer
No BIO available
Twitter: @santosomar

Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

RTV - Sunday - 11:00-11:59 PDT


Title: Hacking WebApps with WebSploit Labs
When: Sunday, Aug 14, 11:00 - 11:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map

SpeakerBio:Omar Santos , Principal Engineer
No BIO available
Twitter: @santosomar

Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

IOTV - Sunday - 10:00-12:59 PDT


Title: Hands on hacking labs
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Alliance 311, 320 (IoT Village) - Map

Description:
IoT Hacking 101 is a set of quick, hands-on labs developed to teach the tools techniques for discovering and exploiting some of the common weaknesses found in loT devices today. Whether you're a pentester that has never hacked loT devices or even someone that has never hacked anything (!), these self-guided labs will walk you through all the steps in order to successfully pwn loT.

Return to Index    -    Add to    -    ics Calendar file

 

IOTV - Sunday - 10:00-12:59 PDT


Title: Hands on Hardware Hacking – eMMC to Root
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Alliance 311, 320 (IoT Village) - Map

SpeakerBio:Deral Heiland
No BIO available

Description:
Hardware hacking with Rapid7! Rapid7 guided exercises will lead you through the hands-on hardware hacking process to gain root level access to embedded IoT technology. This series of exercises will cover multiple steps including embedded multimedia controller (eMMC) interaction, making binary images copies of flash, interaction with read only squash files systems to unpack and repack systems, and altering startup files systems within the devices’ file system to allow you to eventually gain root level access over SSH.

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Sunday - 10:00-12:59 PDT


Title: HardWired
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map

Description:
New at DEF CON: come play our newest Packet Hacking Village game, HardWired! Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!

Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 11:00-11:30 PDT


Title: Helpful Principles in Adversarial Operations
When: Sunday, Aug 14, 11:00 - 11:30 PDT
Where: Flamingo - Scenic Ballroom (Adversary Village) - Map

SpeakerBio:Dan Borges
Dan Borges is an experienced incident responder and red teamer. He plays on the national CCDC red team and leads the virtual region each year annually, writing and leveraging custom red team tools. He also helped start CPTC, or the Collegiate Penetration Testing Competition. Last year he wrote a book on adversarial tradecraft in cyber security, drawing on many lessons from these attack and defense competitions, as well as real world operations. Today he leads an incident response and detection effort at a small startup.
Twitter: @1njection

Description:
I released a book last year titled Adversarial Tradecraft in CyberSecurity: Offense vs Defense in real time. This book includes several red team and blue team techniques that help get the advantage over the opponent, ultimately giving the user an edge in the conflict. Throughout this book I distilled several principles or theories that either side can leverage in an abstract sense to gain these advantages. I will cover the principles, as well as several real world examples of using them from both the offense and defensive perspectives. The principles and some examples are as follows:

*Principle of Physical Access - Offensive perspective will show how physical keyloggers are so effective, grabbing creds and remaining off the wire. Defensive perspective will show how no matter what an attacker does defender can reimage and regain control if they have physical access

*Principle of Humanity - Offensive perspective will show how researching the people involved can help you find the path to the access you need, and who you need to exploit target to get there. Defensive perspective will show how profiling the attackers will help to understand their TTPs, and thus defend against them.

*Principle of Economy - Shows how both sides are limited on personal, and how understanding where they spend their money can help you avoid their strongest areas, or target their weakest spend locations. Principle of Planning We will show how planning, to get to run books or even automation will save critical time during operations.

*Principle of Innovation - Will show how researching the attackers or defenders tools can help develop exploits, which can be used to change the came or get unexpected access, such as the defenders getting access to a c2 server, or the offense getting an 0day to get in on the edge.

*Principle of Time - On the offense will show how previous automations can help get an advantage, where as doing it by hand will not get the same advantage (think killing the AV/EDR, then running an automated tool while it restarts) The defensive perspective will show how and when you respond to an incident can make or break it, depending on how much access the offense has already gained.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Sunday - 09:00-09:59 PDT


Title: Heroes vs Villians, a SEC Youth Challenge
When: Sunday, Aug 14, 09:00 - 09:59 PDT
Where: LINQ - 3rd flr - Social A (Social Engineering Community) - Map

Description:
CALLING ALL KIDS! Come use your VS super skills and powers to work with a team of heroes SE COMMUNITY YOUTH CHALLENGE or villains.

The balance of good and evil will be determined by individual participants completing various challenges in this ‘Choose Your Own Adventure’ style event. By participating in this event, you will have opportunities to interact and learn from many other incredible villages at DEF CON while at the same time improving your Social Engineering abilities. If successful, you may even have the chance to help your team prevail and become the ultimate Superhero or Supervillain!


Return to Index    -    Add to    -    ics Calendar file

 

GHV - Sunday - 10:00-10:30 PDT


Title: Hide and Seek: Why do you need OpSec?
When: Sunday, Aug 14, 10:00 - 10:30 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map

SpeakerBio:Cybelle Oliveira
Cybelle Oliveira is a proud cat mom and senior cybersecurity analyst at Tempest Security Intelligence in Brazil. She has been involved in privacy and security activism for almost 10 years and has presented talks in events all over the world, such as the Internet Freedom Festival, Radical Networks, Mozilla Festival, Roadsec, Cryptorave, among others. Cybelle is part of the Mozilla community, one of the ambassadors and curators of the Mozilla Festival, and director of the Brazilian organization Casa Hacker.

Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Sunday - 10:00-12:59 PDT


Title: Honey Pot Workshop
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map

Description:
Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.

Return to Index    -    Add to    -    ics Calendar file

 

CON - Sunday - 10:00-11:59 PDT


Title: Hospital Under Siege
When: Sunday, Aug 14, 10:00 - 11:59 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map

Description:
Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others.

You will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.

Visit https://www.villageb.io/capturetheflag for more information.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 10:40-11:20 PDT


Title: How to do Cloud Security assessments like a pro in only #4Steps
When: Sunday, Aug 14, 10:40 - 11:20 PDT
Where: Flamingo - Scenic Ballroom (Cloud Village) - Map

SpeakerBio:Ricardo Sanchez
Ricardo Sanchez is a Senior cloud security expert with 10+ years of experience in security. He is currently leading the Cloud Security Unit in one of the larger focused cybersecurity firms in the Netherlands.

Description:
Cloud security is evolving rapidly and can be challenging. The growing need for remote working over the last year enhances this development. How can companies keep up with the pace of change? How do you know you are secure? Are the default installations secure? How do you find and fix your Cloud misconfigurations? How do you even start doing a Cloud assessment? Is it like an on-premise one? At the end of the conversation you will have a detailed guide with tools and examples of how can you hack/secure a cloud environment in only #4Steps.

Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 10:00-10:59 PDT


Title: How to find 0-days in your “memory safe” stack?
When: Sunday, Aug 14, 10:00 - 10:59 PDT
Where: Flamingo - Twilight Ballroom - AppSec Village - Main Stage - Map

SpeakerBio:Cezary Cerekwicki
Responsible for the AppSec program, covering all Opera products globally. Spiritual leader of security champions. Vacation approver of penetration testers. Bug bounty distributor. Holder of some certificates. Occasionally hacks things.

Description:
Your memory-safe stack is not memory-safe at all. For instance, many popular Python libraries have substantial amounts of memory-unsafe code. Python is not unique here. You can find some potential for memory safety bugs in practically every software stack. If three simple, realistic conditions are met, you may have an RCEs waiting to be found. Let me tell you how I dealt with such a case. It’s a story of an actual attack against an open-source software used in production by my employer to process content served to millions of users. All 30 zero-days found have been responsibly disclosed and fixed. I will provide guidance on how to find patterns like this in your stack and fix it.

Return to Index    -    Add to    -    ics Calendar file

 

RHV - Sunday - 11:00-11:59 PDT


Title: I know what you ate last summer
When: Sunday, Aug 14, 11:00 - 11:59 PDT
Where: Caesars Forum - Alliance 310, 320 (Retail Hacking Village) - Map

SpeakerBio:Wesley Altham (aka Wesrl)
Wesley Altham (Aka Wesrl) is the president of the Middle Georgia State University Cyber Knights; a CTF club that has won multiple awards and hosts yearly competitions. He is into forensic imaging and analysis as a hobby

Description:
A high level talk about a digital forensics investigation on a unwiped Cash register.

Return to Index    -    Add to    -    ics Calendar file

 

PLV - Sunday - 10:00-11:45 PDT


Title: Improving International Vulnerability Disclosure: Why the US and Allies Have to Get Serious
When: Sunday, Aug 14, 10:00 - 11:45 PDT
Where: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
Speakers:Stewart Scott,Christopher Robinson

SpeakerBio:Stewart Scott , Assistant Director
Stewart Scott is an assistant director with the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council. His work there focuses on systems security policy, including software supply chain risk management, federal acquisitions processes, and open source software security. He holds a BA in Public Policy and a minor in Applications of Computing from Princeton University.

SpeakerBio:Christopher Robinson , Intel
No BIO available

Description:
Join the Atlantic Council's Cyber Statecraft Initiative and DefCon Policy Track Initiative for a discussion on the strategic urgency behind better vulnerability disclosure. The session will focus on why the US and allied states need to take steps to make vulnerability disclosure easier, motivating the discussion with results from a study of the effects of a recently passed Chinese law on vulnerability disclosure.

Return to Index    -    Add to    -    ics Calendar file

 

LPV - Sunday - 10:15-10:45 PDT


Title: Intro to Lockpicking
When: Sunday, Aug 14, 10:15 - 10:45 PDT
Where: Caesars Forum - Summit 203-204, 235 (Lock Pick Village) - Map

SpeakerBio:TOOOL
No BIO available

Description:
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.

Return to Index    -    Add to    -    ics Calendar file

 

LPV - Sunday - 13:00-13:30 PDT


Title: Intro to Lockpicking
When: Sunday, Aug 14, 13:00 - 13:30 PDT
Where: Caesars Forum - Summit 203-204, 235 (Lock Pick Village) - Map

SpeakerBio:TOOOL
No BIO available

Description:
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.

Return to Index    -    Add to    -    ics Calendar file

 

GHV - Sunday - 11:00-11:30 PDT


Title: Introduction to IOS Reverse Engineering with Frida
When: Sunday, Aug 14, 11:00 - 11:30 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map

SpeakerBio:Christine Fossaceca
Christine Fossaceca is a senior mobile security researcher at Microsoft. She received a Bachelor’s of Science in Computer Engineering from Villanova University, and is working towards a Master’s of science in Computer Science at Johns Hopkins University.

Christine specializes in iOS device reversing, and also has experience reversing Android devices, as well as other ARM devices. She is also a part of the @furiousMAC research team, and co-hosts an upcoming podcast, HerHax Podcast.

In her spare time, she likes to go hiking with her dog, Honey.


Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

CON - Sunday - 10:00-12:59 PDT


Title: IoT Village CTF (the CTF formally known as SOHOplessly Broken)
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Alliance 311, 320 (IoT Village) - Map

Description:
The IoT Village CTF has over 30+ devices and challenges to find and exploit vulnerabilities in real IoT devices. Players, or teams up to 6 people, can register and compete against one another to win great prizes!. With an overall focus on real-life consequences, this year's CTF is the newest and best IoT Village CTF yet! The challenges will require creative thinking, knowledge in networking, and competency in exploit development to claim the top prize. Prizes will be awarded to the top 3 teams/players at the end of the event

IoT Village Hacking CTF is hosted in IoT Village, teams of 1-6 players access a local network filled with IoT devices primed to be exploited. You will compete against others by successfully exploiting real IoT products and finding the hidden flags in each. The hacking contest features more than 30 real-world, vulnerable IoT devices.

This event has been redesigned to include challenges which highlight tangible impacts when exploiting real vulnerabilities on real IoT devices. Hidden in the network are devices which require advanced skills to exploit or require creative attack chaining to find the flag. Players will encounter unique hacking scenarios like, exfiltrating files off a NAS to find “clues” or bypassing a router firewall to access a camera on a hidden network to “see” a flag. Prepare to outwit, see, sneak, move, and listen your way through these hidden scenarios which have a cyber-physical effect.

The IoT devices in the contest are not simulated and do not contain contrived/made-up vulnerabilities. Competitors must figure out what real-world vulnerabilities exist in these devices and exploit them to get a shell and find the flag. This is what makes the IoT Village CTF special.

This 3-time DEF CON Black Badge awarded contest CTF is open to anyone! Our contest provides a wonderful experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around!

A few devices are approachable for entry level people to experience getting their first root shell, but to win this CTF your team must perform detailed network reconnaissance, lateral pivoting, vulnerability research, hardware hacking, firmware analysis, reverse engineering, and exploit development.

So, join a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.


Return to Index    -    Add to    -    ics Calendar file

 

IOTV - Sunday - 10:00-12:59 PDT


Title: IoT Village CTF Challenges
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Alliance 311, 320 (IoT Village) - Map

Description:
Dive into hacking challenges with HTB at the IoT Village DEFCON 30 CTF. “House Edge” is a themed CTF challenge that aims to have the players travel through a mission inside a space casino with the final goal of accessing a safe box to retrieve its contents. Each challenge is a standalone and does not require to have solved any other challenges. That said, the content is structured in a specific order that helps facilitate the scenario, which at a high level can be broken down into the following side-tasks of the mission:

Gain access to the main security system to avoid being identified Steal RFID credentials of the reads in the open areas to gain access to restricted areas Disable the additional motion sensors in the restricted areas to avoid triggering an alarm Open a safe box and retrieve its contents.


Return to Index    -    Add to    -    ics Calendar file

 

DDV - Sunday - 10:00-10:59 PDT


Title: Last chance to pick up drives at the DDV
When: Sunday, Aug 14, 10:00 - 10:59 PDT
Where: Flamingo - Exec Conf Ctr - Lake Meade and Valley of Fire (Data Duplication Village) - Map

Description:
This is your last chance to pickup your drives whether they're finished or not. Get here before 11:00am on Sunday as any drives left behind are considered donations.

Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 13:00-14:59 PDT


Title: Layer 7 matters at Layers 2/3 : Appsec on Network Infrastructure
When: Sunday, Aug 14, 13:00 - 14:59 PDT
Where: Flamingo - Twilight Ballroom - AppSec Village - Main Stage - Map

SpeakerBio:Ken Pyle
Ken Pyle is a partner of CYBIR, specializing in exploit development, penetration testing, reverse engineering, and enterprise risk management. As a highly rated and popular lecturer he’s presented groundbreaking research at major industry events .

Description:
How does a stored XSS on a switch become a covert, firewall bypassing protocol? How does rebooting a switch using unsanitized input allow an attacker to eavesdrop or poison traffic? When do these bugs become weapons?

In this lecture / interactive lab environment, attendees will learn bug hunting, refine exploitation techniques, and understand tradecraft via public disclosure of application flaws in many HPE / Aruba Networks switches. Through the abuse of onboard functionality and "minor bugs", attendees can build a rudimentary covert protocol using stored XSS in limited space, inject arbitrary HTML content across segmented networks, and understand how cyberweapons and capabilities are built from the ground up. The labs will be available post-session: Attendees do not need to be able actively exploit applications to watch and learn!

To participate actively, you will need: + Wi-fi or RJ45 connection
+ Burp Community or Professional (Some trial licenses will be available) + Kali
+ Python 3 with JSON REQUESTS SYS RE
+ Putty or SSH Client
+ xHydra or an SSH brute forcer


Return to Index    -    Add to    -    ics Calendar file

 

TEV - Sunday - 10:00-12:59 PDT


Title: Learn at Tamper-Evident Village
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Summit 203-204, 235 (Tamper Evident Village) - Map

Description:
Stop by anytime we're open for 1:1 or small-group teaching about tamper-evident hardware, such as mechanical seals, adhesive seals, electronic seals, and mail tampering.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 13:00-13:45 PDT


Title: Less SmartScreen More Caffeine – ClickOnce (Ab)Use for Trusted Code Execution
When: Sunday, Aug 14, 13:00 - 13:45 PDT
Where: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
Speakers:Nick Powers,Steven Flores

SpeakerBio:Nick Powers , Consultant at SpecterOps
Nick Powers is an operator and red teamer at SpecterOps. He has experience with providing, as well as leading, pentest and red team service offerings for a large number of fortune 500 companies. Prior to offensive security, Nick gained security and consulting experience while offering compliance-based gap assessments and vulnerability audits. With a career focused on offensive security, his interests and prior research focuses have included initial access techniques, evasive Windows code execution, and the application of alternate C2 and data exfiltration channels.
Twitter: @zyn3rgy

SpeakerBio:Steven Flores , Senior Consultant at SpecterOps
Steven Flores is an experienced red team operator and former Marine. Over the years Steven has performed engagements against organizations of varying sizes in industries that include financial, healthcare, legal, and government. Steven enjoys learning new tradecraft and developing tools used during red team engagements. Steven has developed several commonly used red team tools such as SharpRDP, SharpMove, and SharpStay.
Twitter: @0xthirteen

Description:
Initial access payloads have historically had limited methods that work seamlessly in phishing campaigns and can maintain a level of evasion. This payload category has been dominated by Microsoft Office types, but as recent news has shown, the lifespan of even this technique is shortening. A vehicle for payload delivery that has been greatly overlooked for initial access is ClickOnce. ClickOnce is very versatile and has a lot of opportunities for maintaining a level of evasion and obfuscation. In this talk we’ll cover methods of bypassing Windows controls such as SmartScreen, application whitelisting, and trusted code abuses with ClickOnce applications. Additionally, we’ll discuss methods of turning regular signed or high reputation .NET assemblies into weaponized ClickOnce deployments. This will result in circumvention of common security controls and extend the value of ClickOnce in the offensive use case. Finally, we’ll discuss delivery mechanisms to increase the overall legitimacy of ClickOnce application deployment in phishing campaigns. This talk can bring to attention the power of ClickOnce applications and code execution techniques that are not commonly used.

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Sunday - 10:00-12:59 PDT


Title: Linux Trainer
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map

Description:
New this year at DEF CON! Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Sunday - 10:30-11:59 PDT


Title: Memento Vivere: A connected light installation on cerebral (dys)function
When: Sunday, Aug 14, 10:30 - 11:59 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map

SpeakerBio:Rick Martinez Herrera
"Ricardo Martinez Herrera (Riikc) is a Mexican artist based in Brussels, Belgium. His work focuses on the intersections of technology and art, including themes related to human anatomy; mathematics, particularly geometric patterns found in nature; and the interactions between nature and the built environment. His artistic approach focuses on combining traditional methods with new materials and approaches, to highlight the continued or even renewed relevance of ancient techniques.

A self-taught approach underlies much of his artistic work. To fund his studies in sculpture, Riikc spent 10 years working in the digital sector, as a web developer and visual content creator. After finishing his MFA in sculpture (2016) at the Académie Royale des Beaux Arts in Brussels, Ricardo then launched his own technology and communications agency. Today, Riikc draws on his experiences in both the fine arts and the technology sectors, to create artwork that spans several genres, including metalwork; digital art; 3D printing and drawing; connected art; and mixed media artwork.

Since 2017, Ricardo has been working with the 3D pen company, 3Doodler, to develop their STEAM education strategy and content. His approach has focused on how this new, hands-on technology can be used to make science education — in particular human, animal, and plant anatomy — more accessible.

In 2021, Ricardo received a research grant from the Fédération Wallonie-Bruxelles to continue his sculptural work. This grant supports his materials research into 3D pen and bronze sculpting, as well as the development of a connected light installation using IoT capture points."


Description:
"This light installation ""Memento Vivere"" is made up of several connected objects, which will interact with spectators as they pass through the event space. The aim of this multidisciplinary project is to give viewers an experience at the intersection of art and technology, by pushing the public to think critically about the relationship between technology and cognitive function (or even dysfunction).

The installation consists of a series of electroluminescent cables that emerge out of a skull structure built using 3D pen technology. The cables together form a massive connected object, which responds to the interactions of its spectators. Different cables and sectors of the installation will light up according to the movement in front of the piece, the acoustic vibration, and the electronic objects that are present in the room. The spectator is thus encouraged to move and walk in front of the installation, to discover the actions that stimulate the brain.

The IoT technology used in this piece reflects the guiding question of this project: over time, how does the Internet influence our mental functions, human creativity, and the connections between people? IoT sensors can be used to stimulate, and perhaps even expand, the brain's function. However, when taken to its extreme, the overstimulation generated by a constant flow of information from IoT capture points to the brain, leads to a degradation of some of the functions that make up the foundation of a human being. I hope to convey the message that technology creates an important bridge between people and ideas, while encouraging healthy criticism or interrogation of the influence that digital tools have in our lives.

This project is being developed in collaboration with Dr. Frederik Van Gestel, a neuroscience researcher at UZ Brussel, who focuses on the uses of XR technologies in neuro rehabilitation. This piece was first initiated through research funding provided by the Fédération Wallonie-Bruxelles. "


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 10:00-11:59 PDT


Title: Memorial Room Open
When: Sunday, Aug 14, 10:00 - 11:59 PDT
Where: Flamingo - Carson City II (Memorial Room) - Map

Description:
Our Memorial Room is returning this year. A bit more space and more to participate & honoring our community and friends. In FLAMINGO – Carson City 2.

Take some time to remember and honor our friends that are no longer with us. You can share your stories and adventures across the many years of DEFCON and our hacker community. If this is your first year – you are welcome to come and experience the depth of our community.

Add names of friends no longer with us to our books or create some art that you feel is right. It is all your choice. We know that being at DEFCON often brings up memories and feeling about past highlights and this is the place to come and let those thoughts, feelings, and memories flow. DEFCON is an international community, and it is your community.

Last year we were sort of set up to print photos from your phones – we have a few glitches – a ask about it when you drop by. BUT we think we are set to go!

Email the photos – with name or handle if you have it – to memorial@defconmusic.org and of course you can load them in when you are in the room. We have some really nice printers so they look good. And you can place them in the room. And we have lots of other ways to celebrate our family that is no longer with us.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 09:00-14:59 PDT


Title: Merch (formerly swag) Area Open -- README
When: Sunday, Aug 14, 09:00 - 14:59 PDT
Where: Caesars Forum - Summit 229 (Merch) - Map

Description:
The published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)

Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 13:00-13:15 PDT


Title: Modern techniques used by Advanced Persistent Threat actors for discovering 0-day vulnerabilities
When: Sunday, Aug 14, 13:00 - 13:15 PDT
Where: Flamingo - Scenic Ballroom (Adversary Village) - Map

SpeakerBio:Or Yair
Or is a security researcher with over 4 years of experience in cyber security. Currently a researcher in SafeBreach Labs, he started his professional career in the IDF. Most of his work focused on Platform Research, including Linux kernel components and some Android as well. For over a year, Or has been drawn to the Windows world and focuses on low level components research.

Description:
Advanced Persistent Threat (APT) actors have a lot of resources and motivation for reaching their targets. In many cases they pick specific targets very carefully. Unlike regular threat actors, APTs are covert and difficult to track. They are not likely to try 1-day vulnerabilities to find just any target; their targets are likely to have the latest security updates. Most APTs carry out cyber attacks with only unknown vulnerabilities (0-days). They need to find their own new 0-days in order to breach their target environment. To succeed in the long run, they probably need to find many 0-days, so they can minimize the number of times each one is used in the wild and the risk of exposing it. The top APTs will aim for kernel vulnerabilities where they can alter what users see in user-space, be persistent, and generally have much more control over the system.

They may also aim for hypervisor vulnerabilities to attack cloud services based on virtualization. While the search for new vulnerabilities may be done manually, APTs may prefer to use automation for better results and longer term usage. One type of automation APTs are likely to use is fuzzing! In this talk, I will present the main components of fuzzing, different fuzzing strategies, and provide a quick look at kernel / hypervisor fuzzing - the most delicate fuzzing arena of them all.


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 14:00-14:30 PDT


Title: Navigating the High Seas When Dealing with Cybersecurity Attack
When: Sunday, Aug 14, 14:00 - 14:30 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map

SpeakerBio:Daniel Garrie , Adjunct Professor
Daniel has been a dominant voice in the computer forensic and cybersecurity space for the past 20 years, as an attorney and technologist. As Co-Founder of Law & Forensics LLC, where he heads the Computer Forensics and Cybersecurity teams, he has built the business to be one of the leading boutique cybersecurity forensic engineering firms in the industry. In addition to his role at Law & Forensics, Daniel is a mediator, arbitrator, and e-discovery special master for JAMS, an Adjunct Faculty member at Harvard teaching graduate-level focusing on Cybersecurity Law, and is the CISO at Zeichner, Ellman & Krause LLP. He has both a Bachelor’s and a Master’s degree in computer science from Brandeis University, as well as a J.D. from Rutgers Law School. Daniel has led cyber and forensic teams in some of the most visible and sensitive cyber incidents in the United States as well as globally. In addition, he has been awarded several patents for advanced cybersecurity and forensic platforms built with his team that are currently used in the industry, Forensic Scan.

Description:
Discussion of the interplay of admiralty law and cyber attacks on the high seas. Most individuals do not realize that admiralty law has not evolved since the 1800s and plays a role in managing and responding to cyber attacks that happen at sea. The presentation will discuss why cyber folks should care and how they may need to change their approach to avoid violating admiralty law or taking on personal and company risk. The presentation will also touch on how and where the current playbook cyber incident responders use in responding to an incident may need to be tweaked when the hack is happening at sea.

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Sunday - 10:00-12:59 PDT


Title: NetworkOS Workshop
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map

Description:
The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste.

Return to Index    -    Add to    -    ics Calendar file

 

CON - Sunday - 10:00-10:59 PDT


Title: Octopus Game - Final 8 Phase
When: Sunday, Aug 14, 10:00 - 10:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map

Description:
Are you the next Octopus Champion? Find out at DEF CON 30! Enter here: https://www.mirolabs.info/octopusgame

Once entered, contestants are provided a random opponent. Locate your opponent and challenge them to a contest: rock-paper-scissors, Ddakji, staring contest, etc. Winners receive their opponents’ targets and the game continues until we reach the top 4. The Octopus Champion is then decided at a special tournament with events designed by the Octopus Master.

Phases:

Recruitment/Registration: until Friday Aug 12 10:00 Mandatory On-site Sign-in: Friday Aug 12 10:00 - 12:00 Individual Phase: Friday Aug 12 12:00 - Sunday Aug 14 10:00 Final 8 Phase: Sunday Aug 14 10:00 - 11:00


Return to Index    -    Add to    -    ics Calendar file

 

HRV - Sunday - 12:30-12:59 PDT


Title: Off the grid - Supplying your own power
When: Sunday, Aug 14, 12:30 - 12:59 PDT
Where: Flamingo - Virginia City II (Ham Radio Village Activities) - Map

SpeakerBio:Eric Escobar
Eric is a seasoned pentester and a Security Principal Consultant at Secureworks. On a daily basis he attempts to compromise large enterprise networks to test their physical, human, network and wireless security. He has successfully compromised companies from all sectors of business including: Healthcare, Pharmaceutical, Entertainment, Amusement Parks, Banking, Finance, Technology, Insurance, Retail, Food Distribution, Government, Education, Transportation, Energy and Industrial Manufacturing.

His team consecutively won first place at DEF CON 23, 24, and 25's Wireless CTF, snagging a black badge along the way. Forcibly retired from competing in the Wireless CTF, he now helps create challenges!

Twitter: @EricEscobar

Description:
Ever want to take your rig off-grid powered by only the sun an a variety of batteries? This talk will discuss how to operate low power off the grid indefinitely as well as considerations to make on batteries. We'll talk power, cables, batteries, crimping and more. Every ham has unique use cases, and this talk will allow you to tailor your kit to your off-grid needs!

Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 11:00-12:59 PDT


Title: Offensive Application Security for Developers...
When: Sunday, Aug 14, 11:00 - 12:59 PDT
Where: Flamingo - Twilight Ballroom - AppSec Village - Main Stage - Map

SpeakerBio:James McKee
Punkcoder is a developer and security advocate whose biggest responsibility is leading developer security practices to build better software. Functioning as an advocate for development teams seeking to improve security for customers.

Description:
Application developers are the first line in defending applications from attack, there are thousands of software and hardware solutions to attempt to make your software more safe and secure. In the end if the software isn't developed properly and securely no amount of software or hardware is going to protect you. In this session I plan to go over, identifying weak code, testing for it, and fixing it.

In this session we will go over in-depth the process for doing application security testing on your own applications. As part of the session we will go through and identify all of the items on the OWASP top 10, how to test them using DVWA (the Damn Vulnerable Web Application) and other sandbox applications, and talk about strategies to mitigate the risk and turn weakness into advantage.


Return to Index    -    Add to    -    ics Calendar file

 

PLV - Sunday - 12:00-13:45 PDT


Title: Offensive Cyber Industry Roundtable
When: Sunday, Aug 14, 12:00 - 13:45 PDT
Where: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
Speakers:Sophia D'Antoine,Matt Holland,Winnona DeSombre

SpeakerBio:Sophia D'Antoine , Founder of Margin Research
No BIO available

SpeakerBio:Matt Holland , Founder of Field Effect
No BIO available

SpeakerBio:Winnona DeSombre
No BIO available

Description:
Join us for a Chatham House Rule conversation with hackers that provide capabilities to government cyber operations. Learn about the development and sale of offensive cyber capabilities, and what the government/policy perspectives are for regulating this space.

Return to Index    -    Add to    -    ics Calendar file

 

PT - Monday - 09:00-16:59 PDT


Title: Offensive IoT Exploitation
When: Monday, Aug 15, 09:00 - 16:59 PDT
Where: Caesars Forum - Map
Speakers:Trevor Hough,Trevor Stevado,Patrick Ross,Nicholas Coad

SpeakerBio:Trevor Hough
• 10+ years in offensive application and network security • Led and contributed to dozens of security assessments (Red Team, VA, Pen Test) • DEF CON 26 Black Badge holder (part of 3-person team) • Member of Pros versus Joes (PvJ) Red Cell • Managing Partner & Hacker @ Loudmouth Security

SpeakerBio:Trevor Stevado
• 12+ years in offensive application and network security • Led and contributed to over 100 security assessments (Red Team, VA, Pen Test) • DEF CON 26 Black Badge holder (part of 3-person team) • Leads Pros versus Joes (PvJ) Red Cell • Founding Partner & Hacker @ Loudmouth Security

SpeakerBio:Patrick Ross
• 7+ years in offensive security roles
• 10+ years in security architecture
• DEF CON 26 Black Badge holder (part of 3-person team) • Member of Pros versus Joes (PvJ) Red Cell • Hacker @ Village Idiot Labs

SpeakerBio:Nicholas Coad
• 5+ years in offensive application and network security • 10+ years in network administration and security operations • Contributed to dozens of security assessments (Red Team, VA, Pen Test) • Managed security operations for Fortune 500 company • Winner of the IoT CTF, DEF CON 27
• Member of Pros versus Joes (PvJ) Red Cell • Hacker @ Loudmouth Security

Description:
Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/trevor-stevado-trevor-hough-nicholas-coad-patrick-ross-offensive-iot-exploitation

Training description:

As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices. The base skills required are the same as many other security disciplines, whether the task is to perform defensive-based penetration testing or gain covert access for evidence or intelligence collection. Testing IoT devices for security bridges several skill sets from application security, operating systems penetration testing, wireless signals analysis, and embedded hardware security. Unfortunately, many courses in this industry deal with each topic individually, either taking a deep dive into hardware hacking, teaching advanced web application security, or teaching exploit development of different microarchitectures. This training is curated to take a step back and look at the bigger picture of IoT security testing, teaching the basics of each skill set to bridge the gaps and enable students to apply modern penetration testing techniques to IoT devices.


Return to Index    -    Add to    -    ics Calendar file

 

PT - Tuesday - 09:00-16:59 PDT


Title: Offensive IoT Exploitation
When: Tuesday, Aug 16, 09:00 - 16:59 PDT
Where: Caesars Forum - Map
Speakers:Trevor Hough,Trevor Stevado,Patrick Ross,Nicholas Coad

SpeakerBio:Trevor Hough
• 10+ years in offensive application and network security • Led and contributed to dozens of security assessments (Red Team, VA, Pen Test) • DEF CON 26 Black Badge holder (part of 3-person team) • Member of Pros versus Joes (PvJ) Red Cell • Managing Partner & Hacker @ Loudmouth Security

SpeakerBio:Trevor Stevado
• 12+ years in offensive application and network security • Led and contributed to over 100 security assessments (Red Team, VA, Pen Test) • DEF CON 26 Black Badge holder (part of 3-person team) • Leads Pros versus Joes (PvJ) Red Cell • Founding Partner & Hacker @ Loudmouth Security

SpeakerBio:Patrick Ross
• 7+ years in offensive security roles
• 10+ years in security architecture
• DEF CON 26 Black Badge holder (part of 3-person team) • Member of Pros versus Joes (PvJ) Red Cell • Hacker @ Village Idiot Labs

SpeakerBio:Nicholas Coad
• 5+ years in offensive application and network security • 10+ years in network administration and security operations • Contributed to dozens of security assessments (Red Team, VA, Pen Test) • Managed security operations for Fortune 500 company • Winner of the IoT CTF, DEF CON 27
• Member of Pros versus Joes (PvJ) Red Cell • Hacker @ Loudmouth Security

Description:
Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/trevor-stevado-trevor-hough-nicholas-coad-patrick-ross-offensive-iot-exploitation

Training description:

As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices. The base skills required are the same as many other security disciplines, whether the task is to perform defensive-based penetration testing or gain covert access for evidence or intelligence collection. Testing IoT devices for security bridges several skill sets from application security, operating systems penetration testing, wireless signals analysis, and embedded hardware security. Unfortunately, many courses in this industry deal with each topic individually, either taking a deep dive into hardware hacking, teaching advanced web application security, or teaching exploit development of different microarchitectures. This training is curated to take a step back and look at the bigger picture of IoT security testing, teaching the basics of each skill set to bridge the gaps and enable students to apply modern penetration testing techniques to IoT devices.


Return to Index    -    Add to    -    ics Calendar file

 

HRV - Sunday - 11:00-11:30 PDT


Title: Oli: A Simpler Pi-Star Replacement
When: Sunday, Aug 14, 11:00 - 11:30 PDT
Where: Flamingo - Virginia City II (Ham Radio Village Activities) - Map

SpeakerBio:Danny Quist
Danny Quist is an extra class amateur radio operator. He was first licensed in 1994 and enjoys CW, FT8, DMR, Dstar, and YSF operations. Aside from radio, Danny is a reverse engineer. He has spoken at Blackhat, Defcon, Shmoocon, Recon, and other conferences about reverse engineering topics.

Description:
Oli: A Pi-Star replacement rewritten from scratch. DMR, Dstar, and other digital voice modes have long been the exclusive domain of Pi-Star. While a workhorse, there are many complicated settings to navigate before being able to make the first contact. This talk will discuss Oli, a project built from the ground up to be fast and pleasant to use. This will be a live demo and tool release.

Return to Index    -    Add to    -    ics Calendar file

 

RTV - Sunday - 10:00-10:59 PDT


Title: OSINT Skills Lab Challenge
When: Sunday, Aug 14, 10:00 - 10:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
Speakers:Sandra Stibbards,Lee McWhorter

SpeakerBio:Sandra Stibbards
Sandra Stibbards opened her investigation agency, Camelot Investigations, in 1996. Currently, she maintains a private investigator license in the state of California. Stibbards specializes in financial fraud investigations, competitive intelligence, counterintelligence, business and corporate espionage, physical penetration tests, online vulnerability assessments, brand protection/IP investigations, corporate due diligence, and Internet investigations. Stibbards has conducted investigations internationally in five continents. Stibbards clients include several Fortune 500 and international companies. Stibbards has been providing training seminars and presentations on Open Source Intelligence (OSINT) internationally since 2010 to federal governments and corporations.
Twitter: @camelotinv

SpeakerBio:Lee McWhorter
Lee McWhorter, CTO at Covered 6, has been involved in IT since its early days and has over 30 years of experience. He is a highly sought-after professional who first learned about identifying weaknesses in computer networks, systems, and software when Internet access was achieved using just a modem. McWhorter currently holds an MBA and over 20 industry certifications (including all of CompTIA’s) in such areas as IT, system admin, networking, programming, Linux, IoT, and cybersecurity. His roles have ranged from the server room to the board room, and he has taught for numerous universities, colleges, commercial trainers, and non-profits. McWhorter works closely with the DEFCON Red Team Village, Dark Arts Village, CompTIA, and the CompTIA Instructor Network (he is a Board Member) as a Speaker, SME, and Instructor.
Twitter: @tleemcjr

Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

RTV - Sunday - 11:00-11:59 PDT


Title: OSINT Skills Lab Challenge
When: Sunday, Aug 14, 11:00 - 11:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
Speakers:Sandra Stibbards,Lee McWhorter

SpeakerBio:Sandra Stibbards
Sandra Stibbards opened her investigation agency, Camelot Investigations, in 1996. Currently, she maintains a private investigator license in the state of California. Stibbards specializes in financial fraud investigations, competitive intelligence, counterintelligence, business and corporate espionage, physical penetration tests, online vulnerability assessments, brand protection/IP investigations, corporate due diligence, and Internet investigations. Stibbards has conducted investigations internationally in five continents. Stibbards clients include several Fortune 500 and international companies. Stibbards has been providing training seminars and presentations on Open Source Intelligence (OSINT) internationally since 2010 to federal governments and corporations.
Twitter: @camelotinv

SpeakerBio:Lee McWhorter
Lee McWhorter, CTO at Covered 6, has been involved in IT since its early days and has over 30 years of experience. He is a highly sought-after professional who first learned about identifying weaknesses in computer networks, systems, and software when Internet access was achieved using just a modem. McWhorter currently holds an MBA and over 20 industry certifications (including all of CompTIA’s) in such areas as IT, system admin, networking, programming, Linux, IoT, and cybersecurity. His roles have ranged from the server room to the board room, and he has taught for numerous universities, colleges, commercial trainers, and non-profits. McWhorter works closely with the DEFCON Red Team Village, Dark Arts Village, CompTIA, and the CompTIA Instructor Network (he is a Board Member) as a Speaker, SME, and Instructor.
Twitter: @tleemcjr

Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 11:00-11:59 PDT


Title: OT:ICEFALL - Revisiting a decade of OT insecure-by-design practices
When: Sunday, Aug 14, 11:00 - 11:59 PDT
Where: ICS Village Virtual

SpeakerBio:Jos Wetzels , Security Researcher
Jos Wetzels is a security researcher at Forescout specializing in embedded systems security. His research has involved reverse-engineering, vulnerability research and exploit development across various domains ranging from industrial and automotive systems to IoT, networking equipment and deeply embedded SoCs. He previously worked as a researcher at the Distributed and Embedded Security group (DIES) at the University of Twente (UT) in the Netherlands where he developed exploit mitigation solutions for constrained Industrial Control Systems (ICS) devices used in critical infrastructure, performed security analyses of state-of-the-art network and host-based intrusion detection systems and has been involved in research projects regarding on-the-fly detection and containment of unknown malware and Advanced Persistent Threats.

Description:
More than a decade ago, Project Basecamp highlighted how many OT devices and protocols were insecure-by-design. Ever since, the absence of basic security controls has continued to complicate OT security programs. While the past decade has seen the advent of standards-driven hardening efforts at the component and system level, it has also seen impactful real-world OT incidents abusing insecure-by-design functionality, which has left many defenders wondering just how much has changed. In this talk, we will present dozens of previously undisclosed issues in products from almost 20 vendors deployed in a wide range of industry verticals. We will provide a quantitative overview of these issues and illustrate how the opaque and proprietary nature of the systems has resulted in insecure-by-design products achieving security certification as well as complicating vulnerability management. In addition, we will take a technical deep-dive into several RCE vulnerabilities on level 1 devices (ab)using nothing but legitimate functionality and present quantitative insights into our research process in order to provide the audience with some hard numbers on the resources required to develop basic offensive capabilities for the issues discussed and its potential implications for the relevant threat landscape.

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Sunday - 10:00-12:59 PDT


Title: Packet Detective
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map

Description:
Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Sunday - 10:00-12:59 PDT


Title: Packet Inspector
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map

Description:
New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.

Return to Index    -    Add to    -    ics Calendar file

 

PYV - Sunday - 09:00-13:59 PDT


Title: Payment Hacking Challenge
When: Sunday, Aug 14, 09:00 - 13:59 PDT
Where: Virtual - Payment Village

Description:
Try yourself in ATM, Online bank, POS and Cards hacking challenges

Return to Index    -    Add to    -    ics Calendar file

 

ASV - Sunday - 10:00-11:59 PDT


Title: Pen Test Partners A320 Simulator
When: Sunday, Aug 14, 10:00 - 11:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map

Description:
Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.

Return to Index    -    Add to    -    ics Calendar file

 

GHV - Sunday - 14:30-14:59 PDT


Title: Phishing for Your Next Cyber Opportunity
When: Sunday, Aug 14, 14:30 - 14:59 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map
Speakers:Cyrena Jackson,Teresa Green

SpeakerBio:Cyrena Jackson
No BIO available

SpeakerBio:Teresa Green
No BIO available

Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

PSV - Sunday - 10:00-14:59 PDT


Title: Physical Security Village
When: Sunday, Aug 14, 10:00 - 14:59 PDT
Where: Caesars Forum - Summit 201-202 (Physical Security Village) - Map

Description:
The Physical Security Village (formerly known as the Lock Bypass Village) explores the world of hardware bypasses and techniques generally outside of the realm of cyber security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself!

We'll be covering the basics, including the under-the-door-tool and latch slipping attacks, as well as an in-depth look at more complicated bypasses. Learn about elevator hacking, try out alarm system attacks at the sensor and communication line, and have an inside look at common hardware to see how it works.

No prior experience or skills necessary - drop in and learn as much or as little as you'd like!

Looking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Sunday - 12:45-13:30 PDT


Title: PII: The Privacy Zombie
When: Sunday, Aug 14, 12:45 - 13:30 PDT
Where: Flamingo - Vista Ballroom (Crypto Privacy Village) - Map

SpeakerBio:Alisha Kloc
Alisha Kloc has worked in the security and privacy industry for over a decade, at companies ranging from aerospace behemoths to tech juggernauts to insurance startups. She has given numerous talks about security and privacy around the US and Europe. She is passionate about data security and user privacy, and believes in combining technology, policy, and culture to ensure consumers are protected from the misuse and abuse of personal data.

Description:
The concept of PII, or personally identifying information, has guided critical decisions around privacy for years. Companies, governments, and consumers believe that protecting a limited subset of data points is sufficient to protect an individual’s privacy. But they’re dangerously wrong. This talk explains how the term “PII” died a long time ago, why it still lingers in undeath, and what we can do to protect privacy in the modern data era.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 12:00-12:45 PDT


Title: PreAuth RCE Chains on an MDM: KACE SMA
When: Sunday, Aug 14, 12:00 - 12:45 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map

SpeakerBio:Jeffrey Hofmann , Security Engineer at Nuro
Jeffrey Hofmann is a Security Engineer at Nuro who loves to do security research both on and off the clock. He has a background in penetration testing and a passion for exploit development/reverse engineering.
Twitter: @jeffssh

Description:
MDM solutions are, by design, a single point of failure for organizations. MDM appliances often have the ability to execute commands on most of the devices in an organization and provide an “instant win” target for attackers. KACE Systems Management Appliance is a popular MDM choice for hybrid environments. This talk will cover the technical details of 3 preauthentication RCE as root chains on KACE SMA and the research steps taken to identify the individual vulnerabilities used.

Return to Index    -    Add to    -    ics Calendar file

 

BTV - Sunday - 12:00-12:59 PDT


Title: Project Obsidian: Panel Discussion
When: Sunday, Aug 14, 12:00 - 12:59 PDT
Where: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map

Description:
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).

Project Obsidian crew members talk about how they put it all together.

Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).


Return to Index    -    Add to    -    ics Calendar file

 

PLV - Sunday - 12:00-13:45 PDT


Title: Protect Our Pentest Tools! Perks and Hurdles in Distributing Red Team Tools
When: Sunday, Aug 14, 12:00 - 13:45 PDT
Where: Caesars Forum - Summit 226-227 - Policy Roundtable - Map

SpeakerBio:Omar Santos , Principal Engineer
No BIO available
Twitter: @santosomar

Description:
A panel with Q&A about offensive cybersecurity tools like CobaltStrike, how the tools affect both defensive and offensive security practitioners, and the practical difficulties of controlling the licenses and distribution of these pentest tools. This is meant to be an impact-focused discussion on the merits and challenges of producing offensive tools and NOT a law-based debate/interpretation of export controls.

Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 11:30-11:59 PDT


Title: Purple Teaming for Auditors and the Business
When: Sunday, Aug 14, 11:30 - 11:59 PDT
Where: Flamingo - Scenic Ballroom (Adversary Village) - Map

SpeakerBio:Alex Martirosyan , Senior Penetration Tester
Alex is a Senior Penetration Tester at Wolf’s IT Assurance Services group where he’s responsible for coordinating and conducting penetration testing services for clients in a variety of industries, including financial, healthcare, and software. His expertise consists of internal and external network penetration testing, threat emulation exercises, social engineering, vulnerability assessments, cloud security assessments, and Active Directory security reviews. Additionally, he has experience working with standards from the National Institute of Standards and Technology (NIST), the Center for Internet Security (CIS), and leveraging the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework. Alex has over three years of experience performing security assessments and holds certifications from industry-recognized organizations such as Offensive Security and Global Information Assurance Certification (GIAC).
Twitter: @almartiros

Description:
Security teams are often tasked with building a layered control environment through a defense-in-depth approach. Audit and compliance teams may even require these controls to align to a specific benchmark or framework. Unfortunately, the scenario often arises where these controls are only put to the test when a real attack occurs leading teams confused when responding to an incident. Assumptions are made by all business units about the operating effectiveness of the environment. Remember when we all relied on the perimeter firewall for security a decade ago? We now have the same problem with heavily relying on default configs within EDR’s. Business leaders may be lulled into thinking that these tools will prevent sophisticated attack chains by nation state adversaries and meanwhile get burned by lazy PowerShell tradecraft that goes undetected. These assumptions are rarely validated through active testing or standard day-to-day activity due to the complexities of a behavior or technique. From an auditing perspective, this is a critical hidden gap that creates a cyclical problem. We are maybe the only industry that provides technical solutions that still requires customers to continuously tune and validate they are working as intended. Although the controls may align to a specific need on paper, significant gaps go unnoticed allowing attackers to achieve their end objectives. A purple team/threat emulation exercise can help prevent this. However, most businesses are often unequipped to know where to begin.

Many of us are not speaking the same language as the business when attempting to introduce the enterprise matrix from MITRE ATT&CK(®). Further, we have now entered an unfortunate reality where every vendor, tool, and third party reference the framework. As an industry, we need to be able to use this framework in a concise and repeatable manner. We also must be honest with the short comings of ATT&CK and what it cannot be used for. It is extremely enticing to fall under several traps when attempting to use the framework and perform simulations internally. This includes playing bingo and not truly understanding how techniques are emulated in an environment. This talk proposes an approach for how to use existing free tools including the Atomic Red Team library, Prelude Operator, and Vectr to begin tracking adversaries and testing control resiliency in an environment. This talk will educate all business units about the MITRE ATT&CK framework and how it can be incorporated within their assessments. To proactively defend against cyber threats, we cannot rely on individual experts alone. Many of us have been exposed to the ATT&CK framework in some capacity. However, as an industry we do not have a clear way to abstract specific detail from the framework and align to our businesses primary mission. The business from the top-down need to be able to understand how to conduct these types of tests and why they matter. Strong relationships between audit, compliance, third-parties, IT, and security lead to the most secure environments. Everyone, whether on the blue team or red team, plays a role in executing these tests, remediating, and communicating results across the business.

As assessors we build test procedures to identify gaps, remediate issues, and retest just like any traditional audit. When examined closely, we are effectively quality assurance for cybersecurity. We have specific playbooks of what adversaries attempt upon achieving initial access. Think about the Conti Playbook that was released and translated earlier this year. We can leverage existing tooling to emulate the identified behaviors in our environment creating a “data-driven” and threat informed test. Equipped with this knowledge, we can layout controls that allow the business to operate and provide assurances that an attack chain is mitigated. We have rich and continuously improving public cyber threat intelligence reports that must be used in our programs. Public annual reports from Red Canary, Microsoft, DFIR Report, Scythe, and countless others all can be used to tune our controls against a specific threat. Security professionals can emulate adversaries for cheap all the while expanding budgets and showcasing their work to executives. My hope is to be able to bridge existing understanding of ATT&CK and provide a path to reliably use it regardless of size or complexity of an institution.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Sunday - 12:30-12:59 PDT


Title: Qemuno – An uninvited guest
When: Sunday, Aug 14, 12:30 - 12:59 PDT
Where: Flamingo - Scenic Ballroom (Adversary Village) - Map

SpeakerBio:Oleg Lerner
Oleg leads Sygnia’s Adversarial Research team, which is focused on offensive and defensive research for Sygnia’s Adversarial Tactics department. Oleg is a cyber security expert with more than 9 years of offensive and defensive cyber security experience in research and development, as well as red/purple team engagements and product assessments. Oleg has a deep technical background that spans offensive engineering projects and tools development to security research and analysis. Before joining Sygnia, Oleg served in an IDF technological unit, and later worked as a security researcher at CyberArk, researching domain network protocols and a variety of security solutions. At Sygnia, Oleg leads research and innovation of offensive tools and infrastructure, for red-team activities. His experience enables him to bring a unique perspective to security engagements and network operations, and challenge operational assets from a unique perspective.
Twitter: @oleglerner

Description:
Evolving endpoint protection controls, including hardening and security software with enhanced detection capabilities and greater visibility coverage, have been pushing red team and purple team operational complexity to a higher level. Malicious actors and security professionals alike are increasingly focusing on leveraging virtualization technologies to overcome prevention and detection mechanisms. Although utilizing virtualization as an attack platform assists in evading most security controls by “default”, creating and using a virtualization platform in a client environment poses its own challenges. We embraced the trend and created our own virtualized offensive operations suite , which can be utilized to execute any offensive tool, starting from network reconnaissance to privilege escalation, avoiding the cat and mouse game of crafting custom payloads and tools to evade the latest endpoint security stack detection mechanisms. The offensive operations suite utilizes a QEMU open-source emulator as the virtualization software, coupled with a lean Linux distribution, docker containerization platform, and a custom GUI web interface based on a Flask micro-framework. The suite leverages docker technology to create modularity, in order to maximize functionality and avoid issues like software and OS dependencies, while keeping the build lean for ease of deployment in offensive security engagements. In this talk, we will present the architecture and capabilities of the Qemuno offensive operations suite, present several real use cases where we leveraged Qemuno, and demo how it can be leveraged in a highly-hardened environment.

Return to Index    -    Add to    -    ics Calendar file

 

ASV - Sunday - 10:00-11:59 PDT


Title: Red Balloon Failsat Challenges
When: Sunday, Aug 14, 10:00 - 11:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map

Description:
Red Balloon Security will provide satellite modems as well as a small satellite for the modems to communicate with. We will provide support and training at the event to help people work through all steps of the challenges using OFRAK. OFRAK (Open Firmware Reverse Analysis Konsole) combines the ability to unpack, analyze, modify, and repack binaries & firmware in a single application. PWNSAT CHALLENGE Participants will analyze and modify the modem firmware with the goal of successfully patching in shellcode to send malicious commands to the CubeSat to make it spin. Modifications may include – disabling firewall, finding credentials, and shellcode writing + injection. Winners with the most interesting CubeSat spin results will be rewarded with a prize.

SAFE SPACE: SATELLITE CONTROL PATCHING In this challenge, participants will have the opportunity to construct and apply a patch modeled after a real world bug detected in spacecrafts. The challenge will be to understand and patch code that’s trying to solve an equation, but has a bug that makes the satellite unusable. We provide guidance on how to identify the mistake and present multiple approaches in increasing degrees of patching complexity.


Return to Index    -    Add to    -    ics Calendar file

 

CON - Sunday - 10:00-13:59 PDT


Title: Red Team Village CTF Finals Part 2
When: Sunday, Aug 14, 10:00 - 13:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map

Description:
Once again this year’s DEF CON Red Team CTF will be hosted by Threat Simulations! We have an amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network. This event is not for the faint of heart, first you will battle with hundreds of teams in a jeopardy board style ctf, then the top teams will enter the finals where your Red Team skills will be tested in a full Active Directory environment. Your team will compete against some of the best red teamers in the world as you exploit, pivot, and loot the target environment.

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Sunday - 10:00-12:59 PDT


Title: RegEx Trainer
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map

Description:
Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work.

Return to Index    -    Add to    -    ics Calendar file

 

SEV - Sunday - 09:30-10:59 PDT


Title: Research and Cold Calls
When: Sunday, Aug 14, 09:30 - 10:59 PDT
Where: LINQ - 3rd flr - Social A (Social Engineering Community) - Map

Description:
https://www.se.community/research-cold-calls/

Return to Index    -    Add to    -    ics Calendar file

 

SEV - Sunday - 09:00-09:30 PDT


Title: Research Calls
When: Sunday, Aug 14, 09:00 - 09:30 PDT
Where: LINQ - 3rd flr - Social A (Social Engineering Community) - Map

SpeakerBio:Tessa Cole
Tessa Cole is a Ph.D. Candidate in the Department of Criminal Justice and Criminology at Georgia State University. She earned a Bachelor of Science in Political Science from Berry College and a Master of Science in Criminal Justice from the University of Tennessee at Chattanooga. Tessa's area of research focuses on offenders' effect(s) on targets and victims within the cybercrime ecosystem, including, but not limited to revenge pornography, sexting among adolescents, and online fraud. She is proficient in both SPSS and STATA and is currently developing GIS and PYTHON skills. Recently, Dr. Rege has invited her to participate and share her research knowledge in two panels, an academic panel highlighting black cybercrime researchers and Temple University's Cybersecurity in Application, Research, and Education (CARE) Lab's Social Engineering Educator Workshop.

Additionally, she is published in Victims & Offenders with several forthcoming articles in peer-reviewed journals. She volunteers for the Crisis Hotline and has served as a mentor in the Pipeline Mentorship Program at Georgia State University. She has received several awards, such as the University of Tennessee at Chattanooga Department of Social, Cultural, and Justice Studies Most Outstanding Graduate Student in 2018, the Andrew Young Dean's Fellowship Scholarship at Georgia State University from 2018 to 2021, and the Department of Criminal Justice and Criminology Graduate Teaching Award at Georgia State University in the spring of 2021. Currently, she is completing her dissertation exploring online fraudsters' decision-making processes which is constructed in the three-journal article format to be published upon her degree confirmation.


Description:
https://www.se.community/research-cold-calls/

Return to Index    -    Add to    -    ics Calendar file

 

RFV - Sunday - 14:00-14:59 PDT


Title: RF CTF Out-brief
When: Sunday, Aug 14, 14:00 - 14:59 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map

SpeakerBio:RF Hackers Village Staff
No BIO available
Twitter: @rfhackers

Description:
Free discussion and Q&A covering all the challenges in the RF CTF

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 13:00-13:45 PDT


Title: RingHopper – Hopping from User-space to God Mode
When: Sunday, Aug 14, 13:00 - 13:45 PDT
Where: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
Speakers:Jonathan Lusky,Benny Zeltser

SpeakerBio:Jonathan Lusky , Security Research Team Lead, Intel
No BIO available

SpeakerBio:Benny Zeltser , Security Researcher, Intel
No BIO available

Description:
The SMM is a well-guarded fortress that holds a treasure – an unlimited god mode. We hopped over the walls, fooled the guards, and entered the holy grail of privileges. An attacker running in System Management Mode (SMM) can bypass practically any security mechanism, steal sensitive information, install a bootkit, or even brick the entire platform. We discovered a family of industry wide TOCTOU vulnerabilities in various UEFI implementations affecting more than 8 major vendors making billions of devices vulnerable to our attack. RingHopper leverages peripheral devices that exist on every platform to perform a confused deputy attack. With RingHopper we hop from ring 3 (user-space) into ring -2 (SMM), bypass all mitigations, and gain arbitrary code execution. In our talk, we will deep-dive into this class of vulnerabilities, exploitation method and how it can be prevented. Finally, we will demonstrate a PoC of a full exploitation using RingHopper, hopping from user-space into SMM.

Return to Index    -    Add to    -    ics Calendar file

 

LPV - Sunday - 11:00-11:45 PDT


Title: Safecracking for Everyone
When: Sunday, Aug 14, 11:00 - 11:45 PDT
Where: Caesars Forum - Summit 203-204, 235 (Lock Pick Village) - Map

SpeakerBio:Jared Dygert
No BIO available

Description:
Safecracking is a more obscure art of locksport and this talk will cover types of safe locks, how they work, and how to defeat them.

Return to Index    -    Add to    -    ics Calendar file

 

ASV - Sunday - 10:00-12:59 PDT


Title: Satellite Eavesdropping with DDS
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map

Description:
Satellite communications are used by millions of people every day. From television broadcasts to internet services, satellites bring connectivity beyond the reach of wired infrastructure. In this lab, you’ll learn about one of the most popular satellite communications protocols – DVB-S (Digital Video Broadcasting for Satellite) – and how anyone with inexpensive radio equipment and freely available software can intercept and listen to these signals.

Required gear: none!


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 11:00-11:45 PDT


Title: Save The Environment (Variable): Hijacking Legitimate Applications with a Minimal Footprint
When: Sunday, Aug 14, 11:00 - 11:45 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map

SpeakerBio:Wietze Beukema , Threat Detection & Response at CrowdStrike
Wietze has been hacking around with computers for years. Originally from the Netherlands, he currently works in Threat Detection & Response at CrowdStrike in London. As a threat hunting enthusiast and security researcher, he has presented his findings on topics including attacker emulation, command-line obfuscation and DLL Hijacking at a variety of security conferences. By sharing his research, publishing related tools and his involvement in the open source LOLBAS project, he aims to give back to the community he learnt so much from.
Twitter: @wietze

Description:
DLL Hijacking, being a well-known technique for executing malicious payloads via trusted executables, has been scrutinised extensively, to the point where defensive measures are in a much better position to detect abuse. To bypass detection, stealthier and harder-to-detect alternatives need to come into play.

In this presentation, we will take a closer look at how process-level Environment Variables can be abused for taking over legitimate applications. Taking a systemic approach, we will demonstrate that over 80 Windows-native executables are vulnerable to this special type of DLL Hijacking. As this raises additional opportunities for User Account Control (UAC) bypass and Privilege Escalation, we will discuss the value and further implications of this technique and these findings.


Return to Index    -    Add to    -    ics Calendar file

 

ASV - Sunday - 10:00-10:25 PDT


Title: Self No-Fly Area Designing for UAV
When: Sunday, Aug 14, 10:00 - 10:25 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map

SpeakerBio:Utku Yildirim , Red Teamer / Penetration Tester
Utku Yildirim is Red Teamer / Penetration Tester at Hoffmann Cybersecurity Netherlands. He is a computer engineer and MSc student in Cyber Security. He has multiple red team certificates such as OSCE, OSCP, OSWP and LPT. Utku has spoken at international congresses before DEF CON 30.

Description:
His method is able to create a no-fly area by spreading signals that can display the coordinates of any selected area as airport GPS coordinates with multiple HackRF. With this method, you can ensure security and privacy by closing the desired areas from public areas such as homes, workplaces etc.

Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 12:30-12:50 PDT


Title: Sign of the Times: Exploiting Poor Validation of AWS SNS SigningCertUrl
When: Sunday, Aug 14, 12:30 - 12:50 PDT
Where: Flamingo - Scenic Ballroom (Cloud Village) - Map

SpeakerBio:Eugene Lim , Cybersecurity Specialist, Government Technology Agency of Singapore
Eugene (spaceraccoon) hacks for good! At GovTech Singapore, he protects citizen data and government systems through security research. He also develops SecOps integrations to secure code at scale. He recently reported remote code execution vulnerabilities in Microsoft Office and Apache OpenOffice and discussed defensive coding techniques he observed from hacking Synology Network Attached Storage devices at ShmooCon.

As a bug hunter, he helps secure products globally, from Amazon to Zendesk. In 2021, he was selected from a pool of 1 million registered hackers for HackerOne's H1-Elite Hall of Fame. Besides bug hunting, he builds security tools, including a malicious npm package scanner and a social engineering honeypot that were presented at Black Hat Arsenal. He writes about his research on https://spaceraccoon.dev.

He enjoys tinkering with new technologies. He presented "Hacking Humans with AI as a Service" at DEF CON 29 and attended IBM's Qiskit Global Quantum Machine Learning Summer School.

Twitter: @spaceraccoonsec

Description:
Countless projects rely on Amazon Web Services' Simple Notification Service for application-to-application communication such as webhooks and callbacks. To verify the authenticity of these messages, these projects use certificate-based signature validation based on the SigningCertURL value. Unfortunately, developers are tasked with verifying the authenticity of the certificate URL themselves, creating a vulnerable-by-default 'configuration over convention' situation that spawns numerous vulnerabilities. This is an official design pattern recommended by AWS itself (https://docs.aws.amazon.com/sns/latest/dg/sns-verify-signature-of-message.html). I will demonstrate how various custom checks and regexes in real projects can be bypassed to forge SNS messages by leveraging a namespace clash with Amazon S3. Attackers can generate and host their own public keys on S3 buckets that pass custom verification checks, allowing them to trigger sensitive webhook functionality. In addition, I will go further to discuss a key loophole (pending disclosure) in official AWS SDKs like sns-validator that affects all downstream dependents, from Firefox Monitor to the 70 million download/week Definitely Typed package. I will dive into possible short-, medium-, and long-term fixes pending AWS' own patch. As a result, attendees will walk away with a better understanding of the difficulties in securing trusted application-to-application cloud messaging tools. I will discuss how to code defensively by going for convention over configuration in cloud architecture. I will also provide pointers on discovering vulnerable SNS webhook implementations through code review.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 14:00-14:45 PDT


Title: Solana JIT: Lessons from fuzzing a smart-contract compiler
When: Sunday, Aug 14, 14:00 - 14:45 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map

SpeakerBio:Thomas Roth
Thomas Roth is a security researcher from Germany. In the past he has published research on topics like TrustZone, fault injection, payment terminals, cryptocurrency-wallets and embedded security.

Description:
Solana is a blockchain with a $37 billion dollar market cap with the security of that chain relying on the security of the smart contracts on the chain - and we found very little research on the actual execution environment of those contracts. In contrast to Ethereum, where contracts are mostly written in Solidity and then compiled to the Ethereum Virtual Machine, Solana uses a different approach: Solana contracts can be written in C, Rust, and C++, and are compiled to eBPF. Underneath the hood, Solana uses rBPF: A Rust BPF implementation with a just-in-time compiler. Given the security history of eBPF in the Linux kernel, and the lack of previous public, low-level Solana research, we decided to dig deeper: We built Solana reverse-engineering tooling and fuzzing harnesses as we slowly dug our way into the JIT - eventually discovering multiple out-of-bounds vulnerabilities.

Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 13:00-13:59 PDT


Title: Spear Vishing / VoIP Poisoning - Maritime and Land
When: Sunday, Aug 14, 13:00 - 13:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map

SpeakerBio:Travis Juhr , Associate Voice Architect / Unified Comms Engineer
Navy and Coast Guard Rescue Swimmer turned Paramedic and then Networking, Security, Systems, and Unified Comms Engineering. I have been conducting research and development on secure voice and network hardening practices in merging ICS, PSTN, and modern IP networks

Description:
Discussion of the underlying functionality of the PSTN integration into modern SIP/VoIP platforms and the inherent security flaws of those integrations. This will be a heavy focus on end user experience, particularly for remote users (land and sea), when a SIP trunk is used by an Enterprise and using the PTSN as a backdoor for targeted vishing attacks of which I am dubbing "Spear Vishing" or "VoIP Poisoning". This is when an attacker calls a victim using a number that is well known to the victim to have the underlying system (Cell phone, SIP soft client, or hard phone) populate the rest of the data to legitimize the phone call and use known problems with remote calling such as call quality variability and lack of physical presence to verify the caller as a vector for sewing chaos or social engineering.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 11:00-11:45 PDT


Title: STrace - A DTrace on windows reimplementation.
When: Sunday, Aug 14, 11:00 - 11:45 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map

SpeakerBio:Stephen Eckels
Stephen Eckels, is a reverse engineer that explores blue team tooling and regularly sees front line malware. Stephen has published past tools such as GoReSym - a golang symbol recovery tool, and written extensively about many forms of hooking including hooking the wow64 layer. Stephen maintains the open source hooking library PolyHook, some of his other work is public on the Mandiant blog!
Twitter: @stevemk14ebr

Description:
II'll document the kernel tracing APIs in modern versions of windows, implemented to support Microsofts' port of the ‘DTrace’ system to windows. This system provides an officially supported mechanism to perform system call interception that is patchguard compatible, but not secure boot compatible. Alongside the history and details of DTrace this talk will also cover a C++ and Rust based reimplementation of the system that I call STrace. This reimplementation allows users to write custom plugin dlls which are manually mapped to the kernel address space. These plugins can then log all system calls, or perform any side effects before and after system call execution by invoking the typical kernel driver APIs – if desired.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Sunday - 12:00-12:30 PDT


Title: Surviving and Designing for Survivors
When: Sunday, Aug 14, 12:00 - 12:30 PDT
Where: Flamingo - Vista Ballroom (Crypto Privacy Village) - Map

SpeakerBio:Avi Zajac
Avi (@_llzes, Avi/they/he) is a privacy-focused hacker. They love rabbits, cheesecake, and cute things like privacy and security, locksport, cryptography. They builds mission-driven products; help individuals and organisations protect their privacy and safety; and enjoy making and breaking things for a more equitable world.

Description:
The privacy and security communities spin out new technologies, platforms, policies, regulations, and other novel research rapidly in the pursuit of creating a positive impact in the world at a dizzying pace. Unfortunately, systems often behave or are used in ways that we did not intend them to. Perhaps we could have caught the potential harms associated with systems intended to protect vulnerable people had we taken a systematic approach in evaluating them. In this talk, we build up the building blocks with examples and case studies to understand the challenges many survivors face systemically and in their day-to-day lives, with resources for survivors and takeaways for practitioners.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 12:00-12:45 PDT


Title: Taking a Dump In The Cloud
When: Sunday, Aug 14, 12:00 - 12:45 PDT
Where: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
Speakers:Melvin Langvik,Flangvik

SpeakerBio:Melvin Langvik , Security Consultant, TrustedSec Targeted Operations
Melvin started as a C Azure developer and integrations consultant after finishing his bachelor’s degree in computer engineering. During his time as a developer, he got hands-on experience with rapidly creating and deploying critical backend infrastructure for an international client base. It was during this period Melvin started to pursue his goal of transiting into offensive security. Melvin broke into the HackTheBox cybersecurity platform “Hall Of Fame” and subsequently successfully landed as a security consultant. While working as a penetration tester, Melvin has contributed to the infosec community by releasing open-source and offensively targeted C based tools and techniques, such as BetterSafetyKatz, SharpProxyLogon, AzureC2Relay, and CobaltBus. Melvin is also the creator and maintainer of the SharpCollection project, a project which utilizes Azure DevOps PipeLines to automatically release pre-compiled binaries of the most common offensive C# projects, triggered by updates from their respective main branch
Twitter: @Flangvik

SpeakerBio:Flangvik
No BIO available

Description:
Taking a Dump In The Cloud is a tale of countless sleepless nights spent reversing and understanding the integration between Microsoft Office resources and how desktop applications implement them. The release of the TeamFiltration toolkit, connecting all the data points to more effectively launch attacks against Microsoft Azure Tenants. Understanding the lack of conditional access for non-interactive logins and how one can abuse the magic of Microsofts OAuth implementation with Single-Sign-On to exfiltrate all the loot. Streamlining the process of account enumeration and validation. Thoughts on working effectively against Azure Smart Lockout. Exploring options of vertical movement given common cloud configurations, and more!

Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 10:00-10:59 PDT


Title: Tales from the trenches - why organizations struggle to get even the basics of OT asset visibility & detection right.
When: Sunday, Aug 14, 10:00 - 10:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map

SpeakerBio:Vivek Ponnada , Regional Sales Director
Vivek Ponnada is an OT practitioner with global (14 countries) experience and currently works at Nozomi Networks as a Regional Sales Director. Having started his career in ICS as an Instrumentation Technician, Vivek became a Controls Engineer and commissioned Gas Turbine Controls systems in Europe, Middle-East, Africa and South-East Asia. Throughout his career, Vivek held multiple roles including Sales, Marketing & Business Development and Services covering Control systems & Cybersecurity solutions for Critical Infrastructure (Power, Oil & Gas, Water, Mining etc.) industries at GE and ICI Electrical Engineering in North America. He is the co-lead for the Top 20 Secure PLC Coding Practices Project and his recent talks/contributions include S4x22, Gartner Risk Summit, GRIMMCon 0x7, BSides Vancouver and many others. Vivek has a Bachelors Degree in Electrical Engineering from I.E. India, MBA from The University of Texas at Austin and GICSP certification from GIAC. He is an active member of the Infosec community as a Board Member for Mainland Advanced Research Society (Vancouver, BC), member of the ISA and also a Volunteer for ISACA.

Description:
Whether it's due to increasing awareness or due to Board/Compliance requirements, most OT Security programs start with a preliminary risk assessment. One of the initial steps is to get a list of OT assets, which used to be a rudimentary spreadsheet exercise. With the wide availability of passive OT asset discovery tools, many go down that path via a Proof of Concept to generate Asset Inventory. This talk focus on lessons learnt from the trenches performing the proof of concepts, and covers challenges including availability of infrastructure (span ports/tap, routing, bandwidth), archaic protocol implementations, organizational policies for network flows, risk appetite for active probing on low traffic networks, OT & IT personnel knowledge of each other's domains, and finally budgeting.

Return to Index    -    Add to    -    ics Calendar file

 

LPV - Sunday - 14:00-14:20 PDT


Title: The "Why" of Lock Picking
When: Sunday, Aug 14, 14:00 - 14:20 PDT
Where: Caesars Forum - Summit 203-204, 235 (Lock Pick Village) - Map

SpeakerBio:Christopher Forte (isaidnocookies)
No BIO available

Description:
"Why would you possibly need to know how to do that?" and “Couldn’t you just break the lock?” are two of the more common questions I get when discussing lock picking or various bypasses. At first glance, many see lock picking as a nefarious and largely unnecessary hobby. But, whether you are a locksport enthusiast, security researcher, emergency responder, or just someone who enjoys puzzles, lock picking can be a constructive—and useful—skill to learn. This talk aims to show how diverse the community is, explore some of the many reasons we engage in this hobby, and try to give some answers as to why we practice lock picking.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 12:00-12:45 PDT


Title: The Call is Coming From Inside The Cluster: Mistakes that Lead to Whole Cluster Pwnership
When: Sunday, Aug 14, 12:00 - 12:45 PDT
Where: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
Speakers:Will Kline,Dagan Henderson

SpeakerBio:Will Kline , Senior Principal / Dark Wolf Solutions
Will Kline is a Senior Principal with Dark Wolf Solutions, where he works with different customers to modernize their containerized development environments. He’s been working with Linux containers since the pre-Docker days. He has been attending DEF CON since DEF CON 21. He has been coming back almost every year, becoming increasingly involved with the SOHOplessly Broken IoT CTF and the Wireless CTF. At DEF CON 25 his team “Wolf Emoji” took a Black Badge. In his recent work with Dagan, he has been excited to see the intersection between his off-hours hacking fun and real world cloud architecture and SRE work.

SpeakerBio:Dagan Henderson , Principal / RAFT
Dagan Henderson is a Principal Engineer at Raft, LLC, where he specializes in Kubernetes platform development. Dagan’s interest in hacking dates back to the late 80s when AOL and BBSs were the spots (yep, he hosted a very short lived BBS from his home PC—and it got hacked). His first useful computer program was a DOS BAT on a bootable floppy that removed a very persistent Windows 95 Trojan, which he wrote for the mom-and-pop computer shop he worked at for his first job. While in college, Dagan began working for a medical services provider, and when his acumen with computer systems became well-known, he was asked to evaluate a new electronic medical records system. He was able to identify several information-disclosure vulnerabilities and work with the development team to address them. As his career in software engineering took off, Dagan remained committed to developing secure applications, which is essentially the art of not developing insecure systems, and he remains committed to the practice today. As a 25-year veteran of the industry, Dagan has seen (and made) many, many mistakes. He knows where bodies get buried.

Description:
Kubernetes has taken the DevOps world by storm, but its rapid uptake has created an ecosystem where many popular solutions for common challenges—storage, release management, observability, etc.—are either somewhat immature or have been “lifted and shifted” to Kubernetes. What critical security smells can pentesters look for when looking at the security of a cluster?

We are going to talk through five different security problems that we have found (and reported, no 0-days here) in popular open-source projects and how you can look for similar vulnerabilities in other projects.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 13:00-13:45 PDT


Title: The Journey From an Isolated Container to Cluster Admin in Service Fabric
When: Sunday, Aug 14, 13:00 - 13:45 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map

SpeakerBio:Aviv Sasson , Principal security researcher, Palo Alto Networks
Aviv Sasson is a security research team lead in Palo Alto Networks under Prisma Cloud, specializing in cloud, network, and application security. He started his career in the Israeli intelligence forces and continued to work in the cyber security industry. He is fascinated by container and cloud security and is now working in the Prisma Cloud research team, finding security issues and zero days in the cloud ecosystem.

Description:
Service Fabric is a scalable and reliable container orchestrator developed by Microsoft. It is widely used in Microsoft Azure as well as in Microsoft’s internal production environments as an infrastructure for containerized applications.

Developing a container orchestrator is not an easy task as it involves harnessing many technologies in a complicated and distributed environment. This complexity can ultimately lead to security issues. Such security issues can impose a critical risk since compromising an infrastructure allows attackers to escalate their privileges and take over an entire environment quickly and effectively.

In this session, Aviv will share his research on Service Fabric and his journey of escalating from an isolated container to cluster admin. He will go through researching the code and finding a zero-day vulnerability, explaining his exploitation process in Azure Service Fabric offering while dealing with race conditions and other limitations, and explain how it all allowed him to break out of his container to later gain full control over the underlying Service Fabric cluster.

In the end, he will share his thoughts on security in the cloud and his concerns on cloud multitenancy.


Return to Index    -    Add to    -    ics Calendar file

 

APV - Sunday - 09:00-09:59 PDT


Title: The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack
When: Sunday, Aug 14, 09:00 - 09:59 PDT
Where: Flamingo - Twilight Ballroom - AppSec Village - Main Stage - Map
Speakers:Elad Rapoport,tzachi(Zack) zorenshtain

SpeakerBio:Elad Rapoport
Software Architect with a passion for Serverless development and Infrastructure as Code

SpeakerBio:tzachi(Zack) zorenshtain
Tzachi Zorenshtain is the Head of SCS, Checkmarx. Prior to Checkmarx, Tzachi was the Co-Founder and CEO of Dustico, a SaaS-based solution that detects malicious attacks and backdoors in open-source software supply chains.

Description:
Security teams nowadays are struggling to contain the risk of software supply chain attacks on their organizations, implementing control of that sort varies from internal controls hardening CI services /hardening developer workstations to demanding compliance to standards from vendors\contactors. However, one of the places security teams having harder time is in the field of open-source software.

The use of third-party software components is part of the modern software development culture with over 90% of engineering teams worldwide building and shipping software that uses external code. While facilitating extreme agility, it also increases the attack surface of organizations as seen in the spike of recent major incidents . It’s known in cybersecurity that you must understand the threat you are facing with. In this session, we will do an overview of the software supply chain flow and deep dive into each one’s weak spots.

We will also demonstrate the ease of conducting this sort of attack and our point of view as a defenders.


Return to Index    -    Add to    -    ics Calendar file

 

ICSV - Sunday - 12:00-12:59 PDT


Title: Understanding CAN Bus and the GRACE Console [[Maritime]]
When: Sunday, Aug 14, 12:00 - 12:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map

SpeakerBio:Dave Burke , Chief Engineer
Prior to joining Fathom5, Dr. Burke spent 10 years working at various positions within the government. From acting as the Program Executive Officer for NAVAIR to becoming a chairman of the NATO UAS and then the Director of Cyber Warfare Detachment, Dr. Burke has mastered the focus and understanding of cybersecurity. In the summer of 2019, Dr. Burke left government service to join Fathom5 as their chief engineer where he directs the development of novel approaches to embedded system DEVOPS and cybersecurity. He holds three bachelor’s degrees in electrical engineering, computer engineering, and computer science from North Carolina State University, a master’s degree in computer engineering, and a Ph.D. in aerospace engineering.

Description:
Fathom5 will be hosting a number of Grace Maritime Cyber Testbed consoles at the ICS Village to support the SeaTF activity. This "lunchtime tutorial" will discuss the Controller Area Network (CAN) Bus protocol, which is employed in the Grace Steering and Propulsion console. CAN Bus is an industry standard for the interconnection of embedded microcontrollers using a distributed control architecture. This mini-tutorial will address the protocol history, architecture, frame format, and operation.

Return to Index    -    Add to    -    ics Calendar file

 

CLV - Sunday - 10:00-10:40 PDT


Title: Understanding, Abusing and Monitoring AWS AppStream 2.0
When: Sunday, Aug 14, 10:00 - 10:40 PDT
Where: Flamingo - Scenic Ballroom (Cloud Village) - Map

SpeakerBio:Rodrigo Montoro
Rodrigo "Sp0oKeR" Montoro has more than 20 years of experience in Information Technology and Computer Security. Most of his career worked with open source security software (firewalls, IDS, IPS, HIDS, log management, endpoint monitoring), incident detection & response, and Cloud Security. Currently, he is a Senior Threat Detection Engineer at Tempest Security. Before that, he worked as Cloud Researcher at Tenchi Security, Head of Research and Development at Apura Cyber Intelligence, SOC/Researcher at Clavis, Senior Security Administrator at Sucuri, Researcher at Spiderlabs. Author of 2 patented technologies involving innovation in the detection field. One is related to discovering malicious digital documents. The second one is in how to analyze malicious HTTP traffic. Rodrigo has spoken at several open-source and security conferences (OWASP AppSec, SANS (DFIR ,SIEM Summit and CloudSecNext), Defcon Cloud Village, Toorcon (USA), H2HC (Sπo Paulo and Mexico), SecTor (Canada - 5x), CNASI, SOURCE Boston & Seattle, ZonCon (Amazon Internal Conference), Blackhat Brazil, BSides (Las Vegas e Sπo Paulo)).
Twitter: @spookerlabs

Description:
Amazon Web Services (AWS) is a complex ecosystem with hundreds of different services. In the case of a security breach or compromised credentials, attackers look for ways to abuse the customer's configuration of services with their compromised credentials, as the credentials are often granted more IAM permissions than is usually needed. Most research to date has focused on the core AWS services, such as , S3, EC2, IAM, CodeBuild, Lambda, KMS, etc. In our research, we present our analysis on a previously overlooked attack surface that is ripe for abuse in the wrong hands - an AWS Service called Amazon AppStream 2.0. Amazon AppStream 2.0 is a fully managed desktop service that provides users with instant access to their desktop applications from anywhere. Using AppStream 2.0, you can add your desktop applications to a virtual machine and share access to the VM by sharing a link - without requiring any credentials, you can share an image (an attack toolset) with a target account without needing any approval from the other side or attach some privileged role to an image and get those credentials.

In this talk, you'll learn about how AppStream works, how misconfigurations and excessive IAM permissions can be abused to compromise your AWS environment and allow attackers to control your entire AWS account. We'll cover tactics such as persistence, lateral movement, exfiltration, social engineering, and privilege escalation. We will also cover the key indicators of compromise for security incidents in AppStream and how to prevent these abuse cases, showing how excessive privileges without great monitoring could become a nightmare in your Cloud Security posture, making possible attackers control your AWS account.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Sunday - 10:00-14:59 PDT


Title: Village Areas Open (Generally)
When: Sunday, Aug 14, 10:00 - 14:59 PDT
Where: Other/See Description

Description:
These are the general operating hours for villages, across all locations. Refer to each village's location to see their specific hours or activities.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Sunday - 11:00-11:30 PDT


Title: Voldrakus: Using Consent String Steganography to Exfiltrate Browser Fingerprinting Data
When: Sunday, Aug 14, 11:00 - 11:30 PDT
Where: Flamingo - Vista Ballroom (Crypto Privacy Village) - Map

SpeakerBio:Kaileigh McCrea
Kaileigh is a Privacy Engineer at Confiant, where she researches violations of privacy regulations and user rights in ad tech, and builds tools to detect them, and consumes huge amounts of cookies. Before joining Confiant she was a software engineer at Swing Left and Vote Forward where she helped volunteers send over 18 million GOTV letters in the 2020 General Election. Her background includes software engineering, comedy writing, and politics, and when she's not working, she is usually reading excessive amounts and hanging out with her dog.

Description:
The IAB TCF consent string is an encoded data structure which is supposed to hold information about a user’s privacy preferences to communicate them to would be trackers on a page to ensure GDPR compliance. Consent string abuse is serious, but using the consent string itself to smuggle out the payload from invasive data collection is a new level of audacity. Walk through a real case of consent string steganography we caught operating at a massive scale.

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Sunday - 10:00-12:59 PDT


Title: Wall of Sheep
When: Sunday, Aug 14, 10:00 - 12:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map

Description:
We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.

Return to Index    -    Add to    -    ics Calendar file

 

ROV - Sunday - 10:00-13:59 PDT


Title: Workshop Overflow
When: Sunday, Aug 14, 10:00 - 13:59 PDT
Where: LINQ - 3rd flr - Evolution (Rogues Village) - Map

SpeakerBio:Four Suits Co
No BIO available
Twitter: @foursuits_co

Description:
We’re keeping this space open for any overflow that may have occurred during one of our performances/workshops. Please come today and check out any of our over-filled workshops — because they’ll be back!

Return to Index    -    Add to    -    ics Calendar file

 

GHV - Sunday - 11:30-14:30 PDT


Title: Workshop: Mobile Penetration Testing w Corellium
When: Sunday, Aug 14, 11:30 - 14:30 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map

SpeakerBio:Corellium
No BIO available

Description:No Description available

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Sunday - 12:30-13:59 PDT


Title: XR for Literally Everything, Everywhere, All at Once
When: Sunday, Aug 14, 12:30 - 13:59 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map

SpeakerBio:Keenan Skelly
Ms. Skelly has more than twenty years’ experience providing security and strategic solutions to include personnel, physical, and cyber security. She brings more than ten years in government service with a focus on National and Homeland Security. Ms. Skelly served in the US Army as an Explosive Ordnance Disposal Technician and went on to work for DHS in the Office for Infrastructure Protection. In this capacity she ran vulnerability assessments and exercises on Critical Infrastructure assets throughout the Nation, developing the first systems assessment approach for Critical Infrastructure. In addition to government service, Skelly has ten years’ experience with the private sector in Technology & Security Business Management and Strategy. Her former roles include Director of Strategic Partnerships, VP of Sales and Marketing, VP of Global Partnerships, Chief Revenue Officer, Chief Growth Officer, CEO, and Board Member. Her expertise in business strategy, crisis management, cybersecurity, intelligence analysis, and Homeland Security make her an admired and respected leader among her colleagues. Skelly has been recognized as one of the Top 25 Women in Cybersecurity 2019 by Cyber Defense Magazine, by The Software Report in the Top 25 Women Leaders in Cybersecurity 2019, and one of the Top Female Executives by Women World Awards in 2019. Skelly is also a mentor and coach for Cyber Patriot, Girls Who Code and, was awarded the Women’s Society of Cyberjutsu Mentor of the Year for 2019, and Top Women in Cybersecurity 2020 by Cyber Defense Magazine.

Description:
Everyone is cashing in on opportunities to buy and sell, anything in the mythical metaverse.  A world driven by augmented reality (AR), virtual reality (VR), mixed reality (MR), and every other combination of reality you can imagine.  It’s the metaverse of madness now.  XR or extended reality is how we are going to smoosh all these together. What are the odds that security, safety, and privacy are at the top of mind for companies developing XR Tech?  Let’s spend a minute or two in the vast world of XR and specifically in MedTech and Biotech to check out the mind-blowing progress in hardware, software, and infrastructure.  And hey, maybe we hacks stuff along the way.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Sunday - 10:30-10:59 PDT


Title: XR Technology Has 99 Problems and Privacy is Several of Them (PRE-RECORDED)
When: Sunday, Aug 14, 10:30 - 10:59 PDT
Where: Flamingo - Vista Ballroom (Crypto Privacy Village) - Map
Speakers:Calli Schroeder,Suchi Pahi

SpeakerBio:Calli Schroeder
Calli Schroeder is a privacy attorney focusing on the connection to human rights, emerging tech, and international law. Through writing, conferences, presentations, and Twitter threads, she tries to make privacy issues clear and understandable. Through work at the IAPP, FTC, law firms, and compliance companies, she has tracked international privacy developments, worked on online speech and intellectual property issues, created data maps for clients, built and run privacy programs, and drafted privacy policies, terms of use, and data protection addenda.

She is currently Global Privacy Counsel at The Electronic Privacy Information Center (EPIC).


SpeakerBio:Suchi Pahi
Suchi Pahi is a data privacy and cybersecurity attorney with a passion for tech. Her goal at conferences is to make privacy and cybersecurity law more accessible and transparent for people who are directly impacted by these legal frameworks, and to explore new developments on the tech side. She has a depth of experience in managing cybersecurity incident response and health privacy regulatory issues, as well as in building effective cybersecurity and privacy programs, partnering with product teams to create products that embed privacy, and counseling clients on privacy, cybersecurity, intellectual property, and other implications of new technologies or services.

She is currently Senior Privacy & Product Counsel at Databricks, Inc. Suchi is not speaking on behalf of Databricks, Inc., but in her own capacity.


Description:
We've all heard, seen, and probably played in "the metaverse." The metaverse is a type of extended reality (XR), like virtual reality or augmented reality. Some of you may have wondered: Where is my information going? What kinds of things does XR tech know about me? What XR information about me is accessible to private companies and to the government? Do privacy laws protect me in the metaverse?

Over the last two years, we've looked at various pieces of XR tech and where it intersects with the law. We have several answers for you, none of them satisfying, and each one raising even more questions.

Come join us for a wild ride to explore how extended reality plays both within and outside of existing privacy regulations, the rights you might have, and what we really need from legislators and companies to protect your privacy.


Return to Index    -    Add to    -    ics Calendar file