-- MySQL dump 10.13 Distrib 5.7.38, for FreeBSD14.0 (amd64) -- -- Host: localhost Database: defcon30 -- ------------------------------------------------------ -- Server version 5.7.37-log /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; /*!40103 SET TIME_ZONE='+00:00' */; /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; SET @MYSQLDUMP_TEMP_LOG_BIN = @@SESSION.SQL_LOG_BIN; SET @@SESSION.SQL_LOG_BIN= 0; -- -- Table structure for table `contests` -- DROP TABLE IF EXISTS `contests`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `contests` ( `ID` int(11) NOT NULL AUTO_INCREMENT, `Name` varchar(65) COLLATE utf8_unicode_ci NOT NULL, `ForumPage` varchar(40) COLLATE utf8_unicode_ci NOT NULL, `ForumArticle` varchar(40) COLLATE utf8_unicode_ci NOT NULL, `Twitter` varchar(60) COLLATE utf8_unicode_ci NOT NULL, `Webpage` varchar(60) COLLATE utf8_unicode_ci NOT NULL, `Weblink` varchar(60) COLLATE utf8_unicode_ci NOT NULL, `ImagePath` varchar(30) COLLATE utf8_unicode_ci NOT NULL, `Descript` varchar(15000) COLLATE utf8_unicode_ci NOT NULL, PRIMARY KEY (`ID`) ) ENGINE=InnoDB AUTO_INCREMENT=513 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `contests` -- LOCK TABLES `contests` WRITE; /*!40000 ALTER TABLE `contests` DISABLE KEYS */; INSERT INTO `contests` VALUES (470,'\'Alpac@tack\'','\'https://forum.defcon.org/node/241377\'','\'https://forum.defcon.org/node/241378\'','','','','','\'\n[image may come later]
\n
\n
\nsite: \nhttps://www.baycyber.net/alpacattack\n
\n
\nAlpac@tack is an interactive defense simulation suite, which challenges participants to apply a wide variety of tools, knowledge and problem-solving skills to assess network and log activity, and build threat intelligence in a honeypot environment.
\n
\nUnlike most Defcon contests, Alpac@tack provides a unique opportunity for participants to develop and hone a more holistic skill set when it comes to threat assessment. Other contests will focus on breaking machines or defending systems from a particular threat, where Alpac@tack presents a leveled-up experience and challenges attendees to evaluate \nwhether \nthe honeypot is under attack, and if so, by what.
\n
\nTeams achieve success during the contest by expeditiously analyzing activity and accurately identifying threats. Every team will be presented with a graph and a set of toolsâ€“â€“the game platformâ€“â€“including Wireshark, Suricata, Velociraptor, and Wazuh, which will act as their source of truth for analyzing network and logging activity in the honeypot. The graph will update every 5 seconds, reflecting events and packets on ports and services. Participant teams must then select and leverage the appropriate tools to investigate and determine whether the incident is a benign anomaly or an attack. For each event and packet cataloged in the game platform, the team submits a report classifying the activity.
\n
\nWhile Alpac@tack is designed for players with some degree of literacy in defense systems, we will offer an associated workshop to provide an overview of the relevant systems and technologies the day prior to the contest with the goal of lowering the barrier to entry. So, if youâ€™re a beginnerâ€“â€“or just a little rustyâ€“â€“donâ€™t be discouraged! Alpac@tack is for you!\n\n\''),(471,'\'Defcon Ham Radio Fox Hunting Contest\'','\'https://forum.defcon.org/node/242044\'','\'https://forum.defcon.org/node/242045\'','','','','','\'\nDefcon Ham Radio Fox Hunting Contest
\n
\n
\nOfficial Contest or event Name: DC30 Ham Radio Fox Hunt Contest
\n[FIXME]
\n
\nIn the world of amateur radio, groups of hams will often put together a transmitter hunt (also called "fox hunting") in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Ham Radio Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. This contest is designed to be an introduction to ham radio fox hunting and as such will be simple to participate in and all people who participate will be guided towards successful completion!
\n
\nFriday: 10:00-20:00
\nSaturday: 10:00-20:00
\nSunday: None
\nIn-person only.\n\n\n\n\''),(472,'\'Auto Driving CTF\'','\'https://forum.defcon.org/node/241379\'','\'https://forum.defcon.org/node/241380\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\nTwitter: \nhttps://twitter.com/autodrivingctf\n
\nWebsite: \nhttps://autodrivingctf.org/\n
\n
\nLast year, we organized the AutoDriving CTF as an official contest of DEF CON 29 (\nhttps://forum.defcon.org/node/237292\n) and did reasonably well: more than 100 teams participated and 93 teams had valid scores. Last year, due to the pandemic, the contest was online only with on-site demonstrations. All the challenges were deployed in 3D simulators. This year, we propose a hybrid event with in-person challenges on-site. We also plan to introduce some new challenges with real vehicles involved, in addition to those based on autonomous driving simulators. We hope to continue the engagement with the hacking community to raise the awareness of real-world security challenges in autonomous driving.
\n
\nThe AutoDriving CTF contest focuses on the emerging security challenges in autonomous driving systems. Various levels of self-driving functionalities, such as AI-powered perception, sensor fusion and route planning, are entering the product portfolio of automobile companies. From the security perspective, these AI-powered components not only contain common security problems such as memory safety bugs, but also introduce new threats such as physical adversarial attacks and sensor manipulations. Two popular examples of physical adversarial attacks are camouflage stickers that interfere with vehicle detection systems, and road graffitis that disturb lane keeping systems. The AI-powered navigation and control relies on the fusion of multiple sensor inputs, and many of the sensor inputs can be manipulated by malicious attackers. These manipulations combined with logical bugs in autonomous driving systems pose severe threats to road safety.
\n
\nWe design autonomous driving CTF (AutoDriving CTF) contests around the security challenges specific to these self-driving functions and components.
\n
\nThe goals of the AutoDriving CTF are the followings:
\n
\n- Demonstrate security risks of poorly designed autonomous driving systems through hands-on challenges, increase the awareness of such risks in security professionals, and encourage them to propose defense solutions and tools to detect such risks.
\n- Provide CTF challenges that allow players to learn attack and defense practices related to autonomous driving in a well-controlled, repeatable, and visible environment.
\n- Build a set of vulnerable autonomous driving components that can be used for security research and defense evaluation.
\n
\nThe contest is based on a Jeopardy style of CTF game with a set of independent challenges. A typical contest challenge includes a backend that runs autonomous driving components in simulated or real environments, and a frontend that interacts with the players. This year\'s contest will follow the style of last year and includes the following types of challenges:
\n- â€œattackâ€: such as constructing adversarial patches and spoofing fake sensor inputs,
\n- â€œforensicsâ€: such as investigating a security incident related to autonomous driving,
\n- â€œdetectionâ€: such as detecting spoofed sensor inputs and fake obstacles,
\n- â€œcrashme on road!â€: such as creating dangerous traffic patterns to expose logical errors in autonomous driving systems.
\n
\nMost of these challenges will be developed using game-engine based autonomous driving simulators, such as CARLA and SVL.
\nThe following link containssome challenge videos from AutoDriving CTF at DEF CON 29
\n\nhttps://www.youtube.com/channel/UCPP...wk-464KIzr8xKw\n
\n
\n# What\'s new in 2022
\nThis year, we will unlock new security-critical driving scenarios such as stop-controlled and signalized intersections. New difficulty levels will be added to challenges in such scenarios by integrating real downstream AI modules such as object tracking from open-source autonomous driving software like Apollo, Autoware and OpenPilot. For example, players will be required to generate adversarial masks which will be overlayed on the surface of a stop sign to prevent the self-driving vehicle from stopping. The self-driving vehicle is equipped with a tracking component so merely hiding the stop sign in several frames will not work.
\n
\nA video demonstrating an attacked scenario is available at
\n\nhttps://youtu.be/4aedG1GNfRw\n
\n
\nIn addition to the simulation challenges, we will add challenges with real vehicles in the loop. In this setup, the vehicle under attack will be placed on a rack and the driving environment will be displayed on a monitor in front of the windshield camera. We will have the real vehicle running in a lab and players and players will interact with the vehicle by remotely manipulating the virtual surrounding environments (such as the projected road signs in front of the vehicle). The attack results will be judged based on systems logs (for open-source systems, such as openpilot) or dashboard visualizations (for closed-source vehicles).
\n
\nThe following URL shows some specifications about the real vehicles
\n\nhttps://docs.google.com/document/d/1...it?usp=sharing\n
\n
\nIn order to enable the audience to experience the challenges more directly, we plan to set up a vehicle wheel controller on site this year. Audiences can drive themselves to compete with the self-driving vehicle in some of the challenges.
\n
\n# For players
\n- What do players need to do to participate AutoDriving CTF?
\nMost of the challenges do not require domain knowledge of autonomous driving software or adversarial machine learning, although knowledge of those helps. For example, the players can generate images the way they like (e.g., drawing, photoshopping) to fool the AI-components or write a short python script to control the vehicle. Some challenges, such as incident forensics likely would require players to learn domain knowledge such as sensor information format and how fusion works.
\n
\n- What do we expect players to learn through the CTF event?
\nPlayers can (1) gain a deep understanding of real-world autonomous driving systems\' design, implementation, and their corresponding security properties and characteristics; and (2) learn the attack and defense practices related to autonomous driving in a well-controlled, repeatable, visible, and engaging environment.
\n
\n
\n# Additional information
\nBelow are some materials from our first AutoDriving CTF at DEF CON 29 in 2021, which includes some challenge videos (Warning: the videos files could be large in google drive), a summary of the event and some links reporting the events.
\n
\n\nhttps://drive.google.com/drive/folde...o4?usp=sharing\n
\n
\n\nhttp://www.buffalo.edu/ubnow/stories...ture-flag.html\n
\n
\n\nhttps://medium.com/@asguard.research...s-9b2d5903672a\n
\n
\n\nhttps://netsec.ccert.edu.cn/eng/hack...todrive-defcon\n
\n
\n\nhttps://cactilab.github.io/ctf.html\n
\n.
\n\n\n\n\n\''),(473,'\'Betting on Your Digital Rights: EFF Benefit Poker Tournament\'','\'https://forum.defcon.org/node/241652\'','\'https://forum.defcon.org/node/241885\'','','','','','\'\nWell this is cool:
\n
\nHave you played some poker before but could use a refresher on rules, strategy, table behavior, and general Vegas slang at the poker table? \nTarah Wheeler\n will run a poker clinic from 11 am-11:45 am just before the tournament at noon. Even if you know poker pretty well, come a bit early and help out. Just show up and donate anything to EFF. Make it over $50 and Tarah will teach you chip riffling, the three biggest tells, and how to stare blankly and intimidatingly through someoneâ€™s soul while theyâ€™re trying to decide if youâ€™re bluffing. ðŸ–¤
\n
\nFull tournament info and sign-ups over here: \nhttps://www.eff.org/poker\n\n\n\n\n\''),(474,'\'Beverage Cooling Contraption Contest\'','\'https://forum.defcon.org/node/241413\'','\'https://forum.defcon.org/node/241414\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\nIt\'s DEFCON 30 and the world is a tumultuous place. Maybe Putan has invaded NATO. Maybe China has invaded Taiwan or doubled down on its bid to claim the oddly sack-shaped "nine dash line". I think Pooh Bear may be trying to compensate for something. Whatever the current events, I\'m going to claim WWIII is right around the corner and you should be prepared! Prepared to chill your beverage that is. If the world is ending, do you really want to see it out with a warm beverage!? I thought not! If I\'m going out in a nuclear hellfire I want it to be with ice cold suds. So come on down and let\'s get prepped!
\n
\nIn person only
\nFriday 1100 - 1400
\nMaybe something on Saturday if beverage remains and interest exists.
\n\n\n\n\n\''),(475,'\'The BIC Village Capture the Flag\'','\'https://forum.defcon.org/node/241007\'','\'https://forum.defcon.org/node/241008\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\nTwitter: \nhttps://twitter.com/BlackInCyberCo1\n
\nWebsite: \nhttps://www.blacksincyberconf.com/ctf\n
\n
\n
\nThe BIC Village Capture The Flag Event is a jeopardy style event designed to practice solving challenges in multiple categories.
\n
\nThis event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. The gamified and challenge oriented sections of the event will not only challenge one\'s mind in problem solving and critical thinking but also charge one with the mission of identifying and learning about historical facts and figures that they would not otherwise be exposed to.
\n\n\n\n\n\''),(476,'\'Capture The Packet\'','\'https://forum.defcon.org/node/241669\'','\'https://forum.defcon.org/node/241670\'','','','','','\'\n\nCapture The Packet\n
\n
\n
\n
\nThe time for those of hardened mettle is drawing near; are you prepared to battle?
\nCompete in the worldâ€™s most challenging cyber defense competition based on the Aries Security cyber range. Tear through hundreds of bleeding-edge challenges, traverse a hostile enterprise-class network, and diligently analyze the findings to escape unscathed. Glory and prizes await those who emerge victorious from this upgraded labyrinth.
\n
\nWhile Capture The Packet can easily scale for users of every level, for DEF CON we pull out all the stops and present our most fiendishly difficult puzzles. Capture The Packet has been a DEF CON Black Badge event for over 10 years, and we donâ€™t plan on stopping. This event attracts the best of the best from around the world to play â€“ are you ready to show us what youâ€™ve got?
\n\n\n\n\n\''),(477,'\'Car Hacking CTF\'','\'https://forum.defcon.org/node/241402\'','\'https://forum.defcon.org/node/241403\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\nSite: \nhttps://www.carhackingvillage.com/\n
\nTwitter: \nhttps://twitter.com/CarHackVillage/\n
\n
\nThe Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OE\'s and suppliers to ensure our challenges give a real-world experience to hacking cars. We understand car hacking can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.
\n
\n\n\n\n\n\''),(478,'\'CMD+CTRL at DEF CON 30\'','\'https://forum.defcon.org/node/240958\'','\'https://forum.defcon.org/node/240959\'','','','','','\'\n\n $\"Click$ \n\n
\n
\n
\n
\n\n $\"Click$ \n\n
\n
\n
\n
\n
\n
\nCMD+CTRL at DEF CON 30
\n
\n
\nContest:
\nFriday 1000 PDT (GMT -7) to Saturday 1800 PDT (GMT -7)
\n
\nHEY HACKERS! ARE YOU LEET? PROVE IT BY BEATING MAILJAY, OUR NEW CYBER RANGE. POSTMESSAGE XSS! MFA BYPASS! RCE! LEENUX PRIVESC! HTTP DESYNC!?!?!? AND MORE!?!?!?
\n
\nJoin CMD+CTRL @ DEF CON 30 for this challenging CTF.
\n
\nCMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps everyone engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.
\n
\nAt DEF CON 30: We will be debuting our latest Cloud Cyber Range, MailJay, which focuses on exploiting a modern email marketing platform comprised of web applications, services, and a variety of cloud resources. Inspired by the latest trends and real world exploits, try your hands at bypassing a WAF, HTTP Desync, postMessage XSS, RCE, MFA bypass, and so, so much more! With twice as many challenges as our past Cloud Ranges do you think you can complete them all?
\n
\nThis year we are happy to announce that we will be returning to DEF CON in person. We will be running this event both on site and online via Discord. Join us Friday (8/12) through Saturday (8/13) for this invite-only CTF by signing up with the registration form below. This event is limited to 250 players, so save your seat now!
\n
\nRegister here: \nhttps://forms.gle/3TbT4JWsTfWVwr6r9\n
\nMore info: \nhttp://defcon30.cmdnctrl.net\n
\nDiscord: \nhttps://discord.com/channels/7082082...43642388807800\n
\nTwitter: \n@cmdnctrl_defcon\n
\n
\n\n\n\''),(479,'\'Crack Me If You Can\'','\'https://forum.defcon.org/node/241761\'','\'https://forum.defcon.org/node/241762\'','','','','','\'\nCrack Me If You Can
\n
\nSite: \nhttps://contest.korelogic.com/\n
\nTwitter: \nhttps://twitter.com/crackmeifyoucan\n
\nForum User Contact: \n@minga\n
\n
\nIn its 13th year, the premiere password cracking contest
\n"CrackMeIfYouCan" is back again to challenge the world\'s best
\npassword crackers. The contest is broken up into Pro and Street
\nteams - so \'take a chill pill\' if you are new to password cracking
\n(and don\'t have jigowatts of GPU power), there is still plenty of
\nfun to be had. We\'ve spent all year coming up with password-related
\nchallenges for our Pro teams that are DaBomb! So listen up home
\nskillet, come see us in the Villages area where we will have some
\nhella nice professional password crackers who are all that, and a
\nbag of chips!
\n
\nThis year\'s contest is going to be totally radical! We are like,
\ntotally psyched to be partnering with the Password Village this
\nyear. I kid you not, the contest is going to be so easy that even an
\nairhead or a jock could crack these passwords! PYSCH! The challenges
\nare going to be bodacious and like totally dope. This year, it is not
\nabout wordlists, rules, patterns, or about forensics. In the past
\nwe\'ve asked our teams how passwords have changed over time... now
\nwe are going to ask them to go back, to the future of password
\ncracking. Like, totally.\n\n\''),(480,'\'Crash and Compile\'','\'https://forum.defcon.org/node/241013\'','\'https://forum.defcon.org/node/241014\'','','','','','\'\n[Logo/Image may be coming soon]
\n
\nTwitter: \nhttps://twitter.com/CrashAndCompile\n
\nWebsite: \nhttps://crashandcompile.org/\n
\n
\nWhat happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.
\n
\nTeams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our "Team Distraction" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.
\n
\nCrash and Compile is looking for the top programmers to test their skills in our contest. Can you complete our challenges? Can you do so with style that sets your team ahead of the others? To play our game you must first complete our qualifying round. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest.
\n
\nQualifications for Crash and Compile will take place Friday from 10am to 3pm online at \nhttps://crashandcompile.org\n/ You may have up to two people per team. (Having two people on a team is highly suggested) Of the qualifiers, nine teams will move on to compete head to head on the contest stage.
\n\n\n\''),(481,'\'Creative Writing Short Story Contest\'','\'https://forum.defcon.org/node/240951\'','\'https://forum.defcon.org/node/240952\'','','','','','\'\nTwitter: \nhttps://twitter.com/dcshortstory\n
\n
\n
\nThe contest is run pre-con. The proposed contest will run from May 1, 2022 to June 15, 2022. Judging will run from June 16, 2022 to June 30, 2022. Winners will be announced July 3, 2022.
\n
\nThe DEF CON Short Story contest is a pre-con contest that is run entirely online utilizing the DEF CON forums, Twitter, and reddit. This contest follows the theme of DEF CON for the year and encourages hackers to roll up their sleeves, don their proverbial thinking cap, and write the best creative story that they can. The Short Story Contest encourages skills that are invaluable in the hackerâ€™s world, but are often overlooked. Creative writing in a contest setting helps celebrate creativity and originality in arenas other than hardware or software hacking and provides a creative outlet for individuals who may not have another place to tell their stories.
\n
\nMore Info: \nTwitter: @dcshortstory\n
\n
\nSo many hacker skills depend on your ability to tell a story. Whether it\'s social engineering, intrusion, or even the dreaded customer pentest report, ALL of these require the ability to tell a story. Storytelling is one of mankind\'s oldest traditions. Presenters even engage in storytelling when they get up on stage. A contest that celebrates and focuses on the ability to wind a yarn that captures and engages an audience is highly appropriate.
\n
\nSo why not?
\n
\nPrizes:
\n1st place: 2 badges
\n2nd place: 1 badge
\nCommunity choice: 1 badge\n\n\''),(482,'\'Darknet-NG\'','\'https://forum.defcon.org/node/240975\'','\'https://forum.defcon.org/node/240976\'','','','','','\'\n\n $\"Click$ \n\n
\n
\n
\nTwitter: \nhttps://twitter.com/DarknetNg\n
\nWebsite: \nhttps://darknet-ng.network/\n
\n
\nDarknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The "Learning Quests" help the agent gather knowledge from all across the other villages at the conference, while the "Challenge Quests" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year\'s challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site \nhttps://darknet-ng.network\n and join our growing Discord Community!
\n
\nFriday: 10 am - 4:30 pm
\nSaturday: 10 am - 4:30 pm
\nSunday: 10 am - 12 pm\n\n\n\n\''),(483,'\'DEF CON Capture the Flag\'','\'https://forum.defcon.org/node/242009\'','\'https://forum.defcon.org/node/240633\'','','','','','\'\nNautilus Institute will be hosting the final round of DEF CON 30 CTF Qualifiers May 28 and 29. Detail soon at defcon.org. Follow @Nautilus_CTF on twitter for updates and get your squad ready for the big event!
\n
\nIcal reminder file: \nDEF CON 30 CTF Quals.ics\n\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nMay 28, 2022 00:00\n\n\n\nEnds\n\nMay 29, 2022 01:00\n\n\n\nLocation\n\npending\n\n\n\n\n\''),(484,'\'DEF CON 30 Chess Tournament.\'','\'https://forum.defcon.org/node/241370\'','\'https://forum.defcon.org/node/241371\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\n
\n
\n
\nDEF CON 30 Chess Tournament
\n
\nChess, computers, and hacking. In the 18th century, the Mechanical Turk appeared to play a good game, but there was a human ghost in the shell. Some of the first computer software was written to play chess. In 1997, world champion Garry Kasparov lost to Deep Blue, but he accused IBM of cheating, alleging that only a rival grandmaster could make certain moves.
\n
\nAt DEF CON 30, we will run a human chess tournament with a â€œblitzâ€ time control of 5 minutes on each playerâ€™s clock, in a Swiss-system format. In each round, match pairings are based on similar running scores. Everyone plays the full tournament, and the winner has the highest aggregate score.
\n
\nThe Las Vegas Chess Center (LVCC) will manage the tournament. To help crown the best chess player at DEF CON 30, we will register the rated players first, on site, starting one hour prior to the tournament.
\n
\nSaturday 15:00 - 18:00 Room 133 Forum
\nIn person only.\n\n\''),(485,'\'DEF CON Kubernetes Capture the Flag (CTF)\'','\'https://forum.defcon.org/node/241018\'','\'https://forum.defcon.org/node/241019\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\nTwitter: \nhttps://twitter.com/CtfSecurity\n
\nWebsite: \nhttps://containersecurityctf.com/\n
\n
\nThe DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.
\n
\nA scoreboard tracks the teamsâ€™ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.
\n\n\n\n\n\''),(486,'\'DEF CON MUD\'','\'https://forum.defcon.org/node/241405\'','\'https://forum.defcon.org/node/241406\'','','','','','\'\n[for future image, icon or banner]
\n
\nThe DEFCON MUD is a virtual world that is remade every year for various conferences. Be prepared to enter into a virtual text based game in the style of zork.
\n
\nSpecifically the DEFCON MUD is an LPMUD, a mud programmed in the language of LPC which is an interpreted C variant.
\n
\nComplete quests, discover challenges, find out about parties.
\n
\nFeeling creative, write an area and submit it to the game, there will be an SDK.
\n
\nThe complete connection details will be available at \nhttps://churchofwifi.org\n
\n
\nThe MUD will open to the public at 0005 11 August 2022.
\n
\nDownload Mudlet, dust off your tintin++ scripts, and get ready for an old school challenge. Good luck, you will need it.
\n
\n\n\n\''),(487,'\'DEF CONs Next Top Threat Model\'','\'https://forum.defcon.org/node/240973\'','\'https://forum.defcon.org/node/240974\'','','','','','\'\n[Image may be added later]
\n
\nForum users that are running this contest:
\n* \nnoz\n
\n* \npid\n
\n
\nThreat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.
\n
\nAs part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CONâ€™s Next Top Threat Model(er).
\n
\nFriday: 10:00-18:00
\nSaturday: 10:00-18:00\n\n\''),(488,'\'DEF CON Red Team CTF\'','\'https://forum.defcon.org/node/240949\'','\'https://forum.defcon.org/node/240950\'','','','','','\'\n[Image may be added later]
\n
\nWebsite: \nhttps://threatsims.com/redteam-2022.html\n
\n
\nOnce again this year\'s DEF CON Red Team CTF will be hosted by Threat Simulations! We have an amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network. This event is not for the faint of heart, first you will battle with hundreds of teams in a jeopardy board style ctf, then the top teams will enter the finals where your Red Team skills will be tested in a full Active Directory environment. Your team will compete against some of the best red teamers in the world as you exploit, pivot, and loot the target environment.\n\n\n\n\''),(489,'\'DEF CON Scavenger Hunt\'','\'https://forum.defcon.org/node/240992\'','\'https://forum.defcon.org/node/240993\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\n
\n
\n
\nTwitter: \nhttps://twitter.com/defconscavhunt\n
\nWebsite: \nhttps://www.defconscavhunt.com/\n
\n
\nDEF CON Scavenger Hunt
\n
\nHere is our description:
\n
\nThe DEF CON Scavenger Hunt is back for the 25th hunt. We are gearing up to once again catch Las Vegas with its pants down #pantslessvillage. This year, we return to in-person only operations with up to 5 people per team and table submissions.
\n
\nFor those new to DEF CON, or otherwise uninitiated, the DEF CON Scavenger Hunt is regarded by many as the best way to interact with the con. We do our best to encourage you to challenge your comfort zone, meet people, and otherwise see and do a bit of everything that DEF CON 30 has to offer. For those who have aspirations to become more involved with DEF CON in the future, many of our veteran contestants include goons, speakers, and contest organizers.
\n
\nSo, how does a scavenger hunt run for 25 years? As this is DEF CON, this is not your ordinary scavenger hunt. The list is open to interpretation, it is a hacker con after all, so hack the list. Because how you interpret the list is entirely out of our hands, we have posted trigger warnings. You will be finding and doing a variety of things, it is up to you to convince the judges whatever you are turning in meets the criteria and is worth the points.
\n
\nYou don\'t have to devote all of your time to play and have fun, come turn in a couple items and enjoy yourself. If you want to win however, you will have to scavenge as much as you can over the weekend. While the hunt starts on Friday morning, with determination and a lack of sleep, we have seen people start at 2AM on Saturday night and place. Likewise, if you don\'t play well with others, we have seen single-players also place. In other words, we work very hard to keep the barrier to entry as low as possible. You don\'t need to be some binary reversing wizard, and there\'s no qualifier to compete, you can just show up and win if you want it enough.
\n
\nThe hunt was started by Pinguino at DEF CON 5 simply to avoid being bored; there was no hunt at DEF CON 8, for those doing math. In the intervening years, to further avoid boredom, we have been out scavenging and went from having a simple cardboard sign to a truly mesmerizing table.
\n
\nSo come to the scav hunt table in the contest area (it\'s hard to miss us) with a team name ready. Once you get a list, your assignment is to turn in as many items as you can before noon on Sunday. The team with the most points wins. Items are worth more points the sooner you turn them in, so come on down and turn in frequently.
\n
\nWe want to thank Pinguino, Grifter, Siviak , Salem, all of the judges, and all of the players that have made it possible for us to host the 25th DEF CON Scavenger Hunt.
\n
\nThe DEF CON 30 Scavenger Hunt is brought to you by DualD, EvilMoFo, Kaybz, Sconce, Shazbot, Zhora.
\nTHE RULES:
\n1: the judges are always right
\n2: not our problem
\n3: make it weird
\n4: don\'t disappoint the judge(s)
\n5: team name, item number, present your item
\n
\nIf you capture pictures or video of items from our list happening, or have some from previous years, please send it to us via email \nscavlist@gmail.com\n .\n\n\''),(490,'\'EFF Tech Trivia\'','\'https://forum.defcon.org/node/241015\'','\'https://forum.defcon.org/node/241016\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\nTwitter: \nhttps://twitter.com/eff\n
\nWebsite: \nhttps://eff.org/\n
\n
\nEFF\'s team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Plaque and EFF swag pack. The second and third place teams will also win great EFF gear.\n\n\n\n\''),(491,'\'The Gold Bug\'','\'https://forum.defcon.org/node/241391\'','\'https://forum.defcon.org/node/241392\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\nTwitter: \nhttps://twitter.com/CryptoVillage\n
\nWeb: \nhttps://goldbug.cryptovillage.org/\n
\n
\nThe Gold Bug â€“ Crypto and Privacy Village Puzzle
\n
\nLove puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go.The Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kidsâ€™ puzzles too! PELCGBTENCUL VF UNEQ
\n
\n\n\n\n\n\''),(492,'\'Hack Fortress\'','\'https://forum.defcon.org/node/241394\'','\'https://forum.defcon.org/node/241395\'','','','','','\'\n[image may appear later]
\n
\nTwitter: \nhttps://twitter.com/tf2shmoo\n
\nSite: \nhttps://hackfortress.net/\n
\n
\nHackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teamshackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.
\n
\nFriday: 10:00 - 20:00 open play
\nSaturday: 10:00 - 20:00 contest hours\n\n\n\n\''),(493,'\'The Hack-n-Attack Hacker Homecoming Heist\'','\'https://forum.defcon.org/node/241382\'','\'https://forum.defcon.org/node/241383\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\nSite: \nhttps://www.hacknattack.com/\n
\nTwitter: \nhttps://www.twitter.com/hack_n_attack\n
\n
\nReal-World hacking, real world rewards! Hack-N-Attack is an online mobile game where you hack real world locations for points and prizes. Pizza shop? Hack it! Friend next to you? Hack them! If you take Defcon, PokÃ©mon Go, and Oceans 11, and squished them all together, youâ€™d getâ€¦a lot of copyright complaints. But also Hack-N-Attack.
\n
\nThe Hacker Homecoming Heist an over-the-top Vegas style hacking contest for Defcon attendees. Once joined, attendees can run the game anywhere in Vegas and hack nearby locations for points and prizes. Wi-Fi Cracking? Got it. Exploit research? Got it. Betraying your friends for prizes? Got it!
\n
\nThroughout the weekend, we will be broadcasting location events, bonuses, and news through Twitter, Discord, and our YouTube live stream at our booth.
\n
\nWatch this space for more information on dates, prizes, and promotions.
\n
\nHack. Slash. Crash. Burn. Fun!
\n\n\n\n\n\''),(494,'\'Hack the Plan[e]t\'','\'https://forum.defcon.org/node/241407\'','\'https://forum.defcon.org/node/241408\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\nSite: \nhttps://www.icsvillage.com/\n
\nTwitter: \nhttps://twitter.com/ICS_Village\n
\n
\nHack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.
\n
\nHowdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home - made to be â€œsmartâ€ from basement to garage. Itâ€™s a test-bed for reverse engineering and hacking distinct consumer-focused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighborâ€™s challenges are composed of a real and simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.
\n
\nIn the same vein, this CTF challenge will also leverage the ICS Villageâ€™s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. There will be integrated elements from DHS/CISA with their ranges that are realistically miniaturized assets (ie - operational oil and natural gas pipeline, etc.)..\n\n\n\n\''),(495,'\'Hospital Under Seige\'','\'https://forum.defcon.org/node/241410\'','\'https://forum.defcon.org/node/241411\'','','','','','\'\n\n $\"Click$ \n\n
\n
\nSite: \nhttps://www.villageb.io/\n
\nTwitter: \nhttps://twitter.com/DC_BHV\n
\n
\n\nBiohacking Village: Hospital Under Siege\n
\n
\nAdversaries have gained a foothold in your local hospital and are increasing their control over clinical systems and medical devices. Soon they make it clear theyâ€™re not after patient records or financial information, but are out to disrupt care delivery and put patients\' lives at risk. Your team received an urgent request to use your blue, red, and purple team skills to defend against the escalating attacks, attempt to unmask the adversary, and - above all - protect patient lives.
\n
\nHospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others. You will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.
\n\n\n\n\n\''),(496,'\'Hack3r Runw@y\'','\'https://forum.defcon.org/node/240962\'','\'https://forum.defcon.org/node/240963\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\nTwitter: \nhttps://twitter.com/hack3rrunway\n
\nWebsite: \nhttps://hack3rrunway.github.io/\n
\n
\n
\nAfter 2 years virtual and one in person, weâ€™d like to return to stage for our 4th year where this contest shines best. Hack3r Runw@y brings out all the sheek geeks out there. It encourages rethinking fashion in the eyes of hackers. Be it smartwear, LED additions, obfuscation, cosplay or just everyday wear using fabrics and textures that are familiar to the community. Contestants can enter clothing, shoes, jewelry, hats or accessories. If it can be worn, it is perfect for the runway. For convenience, contestants can enter the contest with designs made ahead of the conference, however it needs to be made by them and not just store bought.
\n
\n
\n
\nAwards will be handed out in 4 categories and one trophy for the Peopleâ€™s Choice category where the winner is anyoneâ€™s guess:

\nDigital wearable - LED, electronic, passive
\nSmart wear - interactive, temperature sensing, mood changing, card skimmers, etc
\nAesthetics and More - 3d printed, geeky wear, passive design, obfuscation, cosplay
\nFunctional wear - did you bling out your mask and/or shield, have a hazmat suit, lock pick earrings, cufflinks shims

\n
\nWinners will be selected based on, but no limited to:

\nUniqueness
\nTrendy
\nPractical
\nCouture
\nCreativity
\nRelevance
\nOriginality
\nPresentation
\nMastery

\n\n\n\n\n\''),(497,'\'Hacker Jeopardy\'','\'https://forum.defcon.org/node/240982\'','\'https://forum.defcon.org/node/240983\'','','','','','\'\n\n $\"Click$ \n\n
\n
\n
\nTwitter: \nhttps://twitter.com/HackerJeopardy\n
\nWebsite: \nhttps://dfiu.tv/\n
\n
\nHacker Jeopardy, the classic DEF CON game show, is returning for yet another year of answers, questions, NULL beers, and occasionally some impressive feats of knowledge. You don\'t want to miss this opportunity to encourage the contestants, your fellow Humans, "DON\'T FUCK IT UP!"
\n
\nWe will be opening auditions, with the call posted on the \ndfiu.tv\n website, and linked to DEF CON forums (promoted on social media).
\n\n\n\''),(498,'\'IoT CTF Creators Challenge\'','\'https://forum.defcon.org/node/240955\'','\'https://forum.defcon.org/node/240956\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\nTwitter: \nhttps://twitter.com/IoTvillage\n
\nWebsite: \nhttps://www.iotvillage.org/\n
\n
\nFriday August 12, 2022: 10:00 - 18:00 PST
\n
\nHave you ever played in the IoT Village CTF and thought to yourself, â€˜Hey this is cool, Iâ€™ve seen some of these exploits on other deviceâ€™? Do you perform IoT Research and have a new, cool exploit that has been responsibly disclosed? If so, then this is a contest for you!
\n
\nSubmit a device (along with a vulnerability write-up) for a self-discovered and responsibly disclosed vulnerability that you think would be a good fit for the IoT Village CTF. Your device and vulnerability will be graded by our CTF Engineers (scoring rubric will be published in advance of DEFCON 30).
\n
\nYour device will also be added to this yearâ€™s IoT Village CTF and played by competitors live at DEF CON. Submissions must be made prior to 18:00 PST on Friday August 12th. Learn more and pre-register in advance at \nhttps://www.iotvillage.org/\n
\n
\n\n\n\n\n\''),(499,'\'IoT Village Hacking CTF\'','\'https://forum.defcon.org/node/240953\'','\'https://forum.defcon.org/node/240954\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\nTwitter: \nhttps://twitter.com/IoTvillage\n
\nWebsite: \nhttps://www.iotvillage.org/\n
\n
\nIoT Village Hacking CTF - (the CTF formally known as SOHOplessly Broken)
\n
\nIoT Village Hacking CTF is hosted in IoT Village, teams of 1-6 players access a local network filled with IoT devices primed to be exploited. You will compete against others by successfully exploiting real IoT products and finding the hidden flags in each. The hacking contest features more than 30 real-world, vulnerable IoT devices.
\n
\nThis event has been redesigned to include challenges which highlight tangible impacts when exploiting real vulnerabilities on real IoT devices. Hidden in the network are devices which require advanced skills to exploit or require creative attack chaining to find the flag. Players will encounter unique hacking scenarios like, exfiltrating files off a NAS to find â€œcluesâ€ or bypassing a router firewall to access a camera on a hidden network to â€œseeâ€ a flag. Prepare to outwit, see, sneak, move, and listen your way through these hidden scenarios which have a cyber-physical effect.
\n
\nThe IoT devices in the contest are not simulated and do not contain contrived/made-up vulnerabilities. Competitors must figure out what real-world vulnerabilities exist in these devices and exploit them to get a shell and find the flag. This is what makes the IoT Village CTF special.
\n
\nThis 3-time DEF CON Black Badge awarded contest CTF is open to anyone! Our contest provides a wonderful experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around!
\n
\nA few devices are approachable for entry level people to experience getting their first root shell, but to win this CTF your team must perform detailed network reconnaissance, lateral pivoting, vulnerability research, hardware hacking, firmware analysis, reverse engineering, and exploit development.
\n
\nSo, join a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.\n\n\''),(500,'\'Octopus Game\'','\'https://forum.defcon.org/node/241373\'','\'https://forum.defcon.org/node/242034\'','','','','','\'\n\n\n\n\nOctopus Game Registration Opens: July 15\n\n\n\n \n
\n\n\nhttps://www.mirolabs.info/octopusgamesignup\n\n\n
\nRegistration will stay open until either 160 people sign up or August 12th at 10:00 AM
\n
\nOctopus Game Dates:
\n
\nOnline Registration Opens: July 15, 10am
\nTarget Distribution: August 12, 10am
\nGame Begins: August 12, 12pm
\nFinal 10 Battle: Sunday August 14, 10am\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nJuly 15, 2022\n\n\n\nEnds\n\nJuly 15, 2022\n\n\n\nLocation\n\nhttps://www.mirolabs.info/octopusgamesignup\n\n\n\''),(501,'\'Packet Detective & Packet Inspector\'','\'https://forum.defcon.org/node/241671\'','\'https://forum.defcon.org/node/241672\'','','','','','\'\n\nPacket Detective & Packet Inspector\n
\n
\nDEF CON regularly attracts fresh talent in the Information Security field. Packet Detective and Packet Inspector engage experienced professionals and newcomers alike with hands-on, volunteer supported exercises.
\n
\nThese challenges promote critical thinking, teach core security tools, build professional cybersecurity skillsets, and inspire attendees towards larger Capture The Flag (or Packet!) style events.
\n
\nPacket Detective and Packet Inspector are a great way for folks of all experience levels to learn under the eye of our skilled volunteers. Whether itâ€™s time to brush up on skills or time to launch a new career, this is the best place to start.\n\n\n\n\''),(502,'\'pTFS Presents: Mayhem Industries â€“ Outside the Box\'','\'https://forum.defcon.org/node/240978\'','\'https://forum.defcon.org/node/240979\'','','','','','\'\nTwitter: \n@Mayhem_Ind\n
\nForum users running this:
\n* \nd15c0\n
\n* \npTFS\n
\n
\n
\npTFS is a hacker collective that has been competing in various DEF CON contests for almost 15 years.
\n
\nOutside the Box is a fun and interactive jeopardy style CTF contest. Don\'t worry if you don\'t know what that means. Winning will require demonstrating a wide range of hacking skills, but participating is encouraged for all ability levels. Challenges range from simple puzzles, to challenging crypto problems, to truly outside the box hijinks.
\n
\nMayhem Industries, a big multinational corporation, runs energy extraction and private military contracting all over the world. Our game begins with a tip that they\'re Up To Something on an oil rig in the Black Sea off the coast of Egypt. But what are they up to? How do you even hack an oil rig? Is this box with flashing light, exposed ports, and locked doors and ancient relic or of some extraterrestrial originâ€½ Join us at DEF CON 30 to find out.
\n
\nFk Gl Hlnvgsrmt
\n\n $\"Click$ \n\n
\n
\n
\n
\n
\n\n\n\''),(503,'\'Radio Frequency Capture the Flag\'','\'https://forum.defcon.org/node/241387\'','\'https://forum.defcon.org/node/241388\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\nTwitter: \nhttps://twitter.com/rf_ctf\n and \nhttps://twitter.com/rfhackers\n
\nDiscord: \nhttps://discordapp.com/invite/JjPQhKy\n
\nWebsite: \nhttp://rfhackers.com\n - play with us
\nGithub: \nhttps://github.com/rfhs\n
\nOfficial Support Ticketing System: \nhttps://github.com/rfhs/rfctf-support/issues\n
\n
\nRadio Frequency Capture the Flag
\n
\nDo you have what it takes to hack WiFi, Bluetooth, and Software
\nDefined Radio (SDR)?
\n
\nRF Hackers Sanctuary (the group formerly known as Wireless Village) is
\nonce again holding the Radio Frequency Capture the Flag (RFCTF) at DEF
\nCON 30. RFHS runs this game to teach security concepts and to give
\npeople a safe and legal way to practice attacks against new and old
\nwireless technologies.
\n
\n
\nWe cater to both those who are new to radio communications as well as
\nto those who have been playing for a long time. We are looking for
\ninexperienced players on up to the SIGINT secret squirrels to play our
\ngames. The RFCTF can be played with a little knowledge, a pen testerâ€™s
\ndetermination, and $0 to $$$$$ worth of special equipment. Our new
\nvirtual RFCTF can be played completely remotely without needing any
\nspecialized equipment at all, just using your web browser! The key is
\nto read the clues, determine the goal of each challenge, and have fun
\nlearning.
\n
\n
\nThere will be clues everywhere, and we will provide periodic updates
\nvia discord and twitter. Make sure you pay attention to whatâ€™s
\nhappening at the RFCTF desk, #rfctf on our discord, on Twitter
\n@rf_ctf, @rfhackers, and the interwebz, etc. If you have a question -
\nASK! We may or may not answer, at our discretion.
\n
\n
\nFOR THE NEW FOLKS
\n
\nOur virtual RFCTF environment is played remotely over ssh or through a
\nweb browser. It may help to have additional tools installed on your
\nlocal machine, but it isnâ€™t required.
\n
\nRead the presentations at: \nhttps://rfhackers.com/resources\n
\n
\n
\nHybrid Fun
\n
\nFor DEF CON 30 we will be running in â€œHybridâ€ mode. That means we
\nwill have both a physical presence AND the virtual game. All of the
\nchallenges we have perfected in the last 2 years in our virtual game
\nwill be up and running, available to anyone all over the world
\n(including at the conference), free of charge. In addition to the
\nvirtual challenges, we will also have a large number of â€œin personâ€
\nonly challenges. These â€œin-personâ€ only challenges will include our
\ntraditional fox hunts, hide and seeks, and king of the hill
\nchallenges. Additionally, we will have many challenges which we
\nsimply havenâ€™t had time or ability to virtualize. It should be clear
\nthat playing only the virtual game will put you in a severe available
\npoint disadvantage. Please donâ€™t expect to place if you play virtual
\nonly, consider the game an opportunity to learn, practice, hone your
\nskills, and still get on the scoreboard. The virtual challenges which
\nare available will have the same flags as the in-person challenges,
\nallowing physical attendees the choice of hacking those challenges
\nusing either (or both) methods of access.
\n
\n
\nTHE GAME
\n
\nTo score you will need to submit flags which will range from decoding
\ntransmissions in the spectrum, passphrases used to gain access to
\nwireless access points, or even files located on servers. Once you
\ncapture the flag, submit it to the scoreboard right away, if you are
\nconfident it is worth *positive* points. Some flags will be worth
\nmore points the earlier they are submitted, and others will be
\nnegative. Offense and defense are fully in play by the participants,
\nthe RFCTF organizers, and the Conference itself. Play nice, and we
\nmight also play nice.
\n
\nTo play our game at DEF CON 30 join SSID: RFCTF_Contestant with
\npassword: iluvpentoo
\n
\nGetting started guide: \nhttps://github.com/rfhs/rfhs-wiki/wiki\n
\n
\nHelpful files (in-brief, wordlist, resources) can be found at
\n\nhttps://github.com/rfhs/wctf-files\n
\n
\nSupport tickets may be opened at \nhttps://github.com/rfhs/wctf-support/issues\n
\n
\n
\nTL;DR
\n
\nTwitter: @rf_ctf and @rfhackers
\nDiscord: \nhttps://discordapp.com/invite/JjPQhKy\n
\nWebsite: \nhttp://rfhackers.com\n - play with us
\nGithub: \nhttps://github.com/rfhs\n
\nOfficial Support Ticketing System: \nhttps://github.com/rfhs/rfctf-support/issues\n
\n
\nDoes this contest or event plan to have a pre-qualifier?
\nWe prefer to accept all players,
\nincluding day of and mid-way through the game. While some of the
\nchallenges are very serious, many of them are approachable for the
\nnovice or even first time player.
\n
\nAs this contest co-locates with the RF Village, our hours are set by
\nthe village hours, except for closing the contest a little earlier to
\nprovide winners to the contest team in time for closing ceremonies.
\n
\nFriday: 10-18
\nSaturday: 10-18
\nSunday: 10-14
\n
\nWill your contest or event be Online ONLY, in-person, or both? Both,
\nbut with a caveat. We have had tremendous success virtualizing the
\nwifi and sdr challenges, and those will be available both in person
\n(in the air) and hybrid (accessible worldwide through our virtual
\nenvironment). Unfortunately, some wireless and radio technologies are
\nnot so easy to virtualize, and those challenges will be in person
\nonly. The purpose of the contest being "hybrid" is to give everyone
\nworldwide a chance to play and practice their skills, but the winners
\nwill have to be present due to the percentage of meatspace only
\nchallenge points.
\n\n\n $\"Click$ \n\n\n
\n\n\n\n\n\''),(504,'\'Red Alert ICS CTF\'','\'https://forum.defcon.org/node/241399\'','\'https://forum.defcon.org/node/241400\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\nTwitter: \nhttps://twitter.com/icsctf\n
\nForum User: \nhttps://forum.defcon.org/member/52803-redalert\n
\n(Forum user above is authoritative for all details: If they provide information contradicting this announcement, go with the data they provide.)
\n
\nRed Alert ICS CTF
\n
\nRed Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.
\n
\nThe contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.
\n
\nRed Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).
\n
\nHighlights of the Red Alert ICS CTF is available at: \nhttps://youtu.be/AanKdrrQ0u0\n
\n[]
\n\n\n\n\n\''),(505,'\'The Schemaverse Championship\'','\'https://forum.defcon.org/node/240965\'','\'https://forum.defcon.org/node/240966\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n\n\n $\"Click$ \n\n\n
\n
\n
\nWebsite: \nhttps://schemaverse.com/\n
\n
\nOnline Only this year.
\n
\nThe Schemaverse [skee-muh vurs] is a space battleground that lives inside a PostgreSQL database. Mine the hell out of resources and build up your fleet of ships, all while trying to protect your home planet. Once you\'re ready, head out and conquer the map from other DEF CON rivals.
\n
\nThis unique game gives you direct access to the database that governs the rules. Write SQL queries directly by connecting with any supported PostgreSQL client or use your favourite language to write AI that plays on your behalf. This is DEF CON of course so start working on your SQL Injections - anything goes!
\n\n\n\n\n\''),(506,'\'SE Community (SEC) Vishing Competition / #SECVC\'','\'https://forum.defcon.org/node/242344\'','\'https://forum.defcon.org/node/242345\'','','','','','\'\nSE Community (SEC) Vishing Competition / #SECVC
\n
\n
\nTwitter: \nsec_defcon\n
\n\nhttps://www.sÃ¥e.community/events/vishing-competition/\n
\n
\nIn this competition, teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.
\n
\nTeams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team is provided limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible.
\n
\nWhether youâ€™re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!
\n
\nFriday: 9:00 â€“ 16:00
\nSaturday: 9:00 â€“ 16:00
\nIn the SEC Village Linq
\n\n\n\n\n\''),(507,'\'Social Engineering Community (SEC) Youth Challenge\'','\'https://forum.defcon.org/node/242343\'','\'https://forum.defcon.org/node/242346\'','','','','','\'\nSocial Engineering Community (SEC) Youth Challenge
\n
\n
\nTwitter: \nsec_defcon\n
\n\nhttps://www.se.community/events/youth-challenge/\n
\n
\nCALLING ALL KIDS! Come use your super skills and powers to work with a team of heroes or villains. The balance of good and evil will be determined by individual participants completing various challenges in this \'Choose Your Own Adventure\' style event. By participating in this event, you will have opportunities to interact and learn from many other incredible villages at DEF CON while at the same time improving your Social Engineering abilities. If successful, you may even have the chance to help your team prevail and become the ultimate Superhero or Supervillain!
\n
\nFriday: 9:00 â€“ 18:00
\nSaturday: 9:00 â€“ 18:00
\nSunday: 9:00 â€“ 14:00
\nIn the SEC Village - Linq
\n\n\n\n\n\''),(508,'\'Sticker Design Contest\'','\'https://forum.defcon.org/node/241010\'','\'https://forum.defcon.org/node/241011\'','','','','','\'\n\n\n $\"Click$ \n\n\n
\n
\n
\nForum Contact: \nhttps://forum.defcon.org/member/47018-247arjun\n
\nTwitter: \nhttps://twitter.com/InfosecStickers\n
\n
\nAncient warriors used tattoos as a means of indicating rank in battle; it was the sort of mark that told the tales of their various conquests - their struggles and triumphs. Similarly, traversing the halls of DEF CON, one can see more modern versions manifesting as stickers - especially on laptops and other electronic equipment.
\n
\nThe DEF CON art contest showcases art of many different forms - wallpapers etc. However, there is not presently a medium for expression that is more portable and ubiquitous in hacker culture, especially at DEF CON. Just like DEF CON usually bundles stickers in its conference schedule booklet, which ends up on a majority of laptops and other devices of attendees, the winning entry in this contest could be either added to that list of stickers, or sold standalone as swag.
\n
\nWe use stickers to break the ice with strangers, as a barter currency, to tell the tales of our struggles and triumphs. After all, is a hacker really a hacker without a laptop adorned with these markings?
\n
\nHere\'s your chance to be part of hacker culture, by creating something that people around the world will treasure and proudly display. Submit original artwork in the theme of the con, that you believe best exemplifies hacker culture, that will be used as printed stickers.
\n
\nOn your marks... Make your mark.
\n
\n- The contest is open to artists of any age, in any country.
\n- Please submit a PNG file of no more than 6 inches x 6 inches (or 4096 px x 4096 px), any shape inside these dimensions is acceptable.
\n- Artwork can be an original painting, drawing, photo, computer generated illustration or screen print.
\n- Artwork must be original/copyright-free - please do not include copyrighted content in your submissions.
\n
\nSubmissions must be made via email (\n247arjun+dcstickers@gmail.com\n)
\nOn the forums as: \nhttps://forum.defcon.org/member/47018-247arjun\n
\nFollow: \nhttps://twitter.com/InfosecStickers\n For updates.
\n
\n\n\n\n\n\''),(509,'\'The TeleChallenge\'','\'https://forum.defcon.org/node/241365\'','\'https://forum.defcon.org/node/241366\'','','','','','\'\n\n\n \n $\"telechallenge$ \n\n\n\n
\n
\n
\n
\nSite: \nhttps://www.telechallenge.org/\n
\nTwitter: \nhttps://www.twitter.com/telechallenge\n
\nYoutube: \nhttps://www.youtube.com/channel/UCWx...lQkg/playlists\n
\n
\nThe TeleChallenge is a fast-paced, epic battle of wits and skill. Previous winners are few in number, and are among the most elite hackers at DEF CON. Designed to be played by teams, and running through the whole weekend, the TeleChallenge is entirely playable over a touch tone phone. Don\'t let fear of the Challenge hold you for ransom. Your voice is your passport!
\n\n\n \n $\"telechallenge$ \n\n\n\n
\n
\n\n\n\n\n\''),(510,'\'Tin Foil Hat Contest\'','\'https://forum.defcon.org/node/241396\'','\'https://forum.defcon.org/node/241397\'','','','','','\'\n\n $\"Click$ \n\n
\n
\n
\nTwitter: \nhttps://twitter.com/DC_Tin_Foil_Hat\n
\nSite: \nhttps://www.psychoholics.org/tfh\n
\n
\nWant to block those pesky 5G microchips coursing through your vaccinated body? Were you hacking back against Putin, and need to hide? Or do those alien mind control rays just have you down lately? Fear not, for we here at the Tin Foil Hat contest have your back for all of these! Come find us in the contest area, and we\'ll have you build a tin foil hat which is guaranteed to provide top quality protection for your noggin. How you ask? SCIENCE!
\n
\nShow us your skills by building a tin foil hat to shield your subversive thoughts, then test it out for effectiveness.
\n
\nThere are 2 categories: stock and unlimited. The hat in each category that causes the most signal attenuation will receive the "Substance" award for that category. We all know that hacker culture is all about looking good, though, so a single winner will be selected from each category for "Style".
\n\n\n\n\n\''),(511,'\'Trace Labs OSINT Search Party CTF\'','\'https://forum.defcon.org/node/240969\'','\'https://forum.defcon.org/node/240970\'','','','','','\'\n[Image may be added later]
\n
\nWebsite: \nhttps://www.tracelabs.org/initiatives/search-party\n
\n
\nThe Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons
\n
\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our Discord group to get started here: \nhttps://tracelabs.org/discord\n
\n
\n\nhttps://www.tracelabs.org/initiatives/search-party\n
\n\n\n\n\n\''),(512,'\'Whose Slide Is It Anyway\'','\'https://forum.defcon.org/node/240971\'','\'https://forum.defcon.org/node/240972\'','','','','','\'\n\n $\"Click$ \n\n
\n
\n
\nTwitter: \nhttps://improvhacker.com/\n
\nWebsite: \nhttps://improvhacker.com/\n
\n
\nIt\'s our sixth year but since we had to be virtual last year this will be our 5 YEAR ANNIVERSARY show of â€œWhose Slide Is It Anyway?â€! We\'re an unholy union of improv comedy, hacking and slide deck sado-masochism.
\n
\nOur team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.
\n
\nWhether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, itâ€™s a night of schadenfreude for the whole family.
\n
\nOh, and prizes. Lots and lots of prizes.\n\n\''); /*!40000 ALTER TABLE `contests` ENABLE KEYS */; UNLOCK TABLES; -- -- Table structure for table `demolabs` -- DROP TABLE IF EXISTS `demolabs`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `demolabs` ( `ID` int(11) NOT NULL AUTO_INCREMENT, `Name` varchar(200) COLLATE utf8_unicode_ci NOT NULL, `ForumPage` varchar(40) COLLATE utf8_unicode_ci NOT NULL, `ForumArticle` varchar(40) COLLATE utf8_unicode_ci NOT NULL, `Webpage` varchar(60) COLLATE utf8_unicode_ci NOT NULL, `Weblink` varchar(60) COLLATE utf8_unicode_ci NOT NULL, `ImagePath` varchar(30) COLLATE utf8_unicode_ci NOT NULL, `Descript` varchar(15000) COLLATE utf8_unicode_ci NOT NULL, PRIMARY KEY (`ID`) ) ENGINE=InnoDB AUTO_INCREMENT=121 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `demolabs` -- LOCK TABLES `demolabs` WRITE; /*!40000 ALTER TABLE `demolabs` DISABLE KEYS */; INSERT INTO `demolabs` VALUES (91,'\'AADInternals: The Ultimate Azure AD Hacking Toolkit - Nestori Syynimaa\'','\'https://forum.defcon.org/node/241983\'','\'https://forum.defcon.org/node/241984\'','','','','\'\nAADInternals: The Ultimate Azure AD Hacking Toolkit - Nestori Syynimaa
\n
\n
\n
\nTitle:
\nAADInternals: The Ultimate Azure AD Hacking Toolkit
\n
\nPresenter:
\nNestori Syynimaa
\n
\nAbstract:
\nAADInternals is an open-source hacking toolkit for Azure AD and Microsoft 365, having over 14,000 downloads from the PowerShell gallery. It has over 230 different functions in 15 categories for various purposes. The most famous ones are related to Golden SAML attacks: you can export AD FS token signing certificates remotely, forge SAML tokens, and impersonate users w/ MFA bypass. These techniques have been used in multiple attacks during the last two years, including Solorigate and other NOBELIUM attacks. AADInternals also allows you to harvest credentials, export Azure AD Connect passwords and modify numerous Azure AD / Office 365 settings not otherwise possible. The latest update can extract certificates and impersonate Azure AD joined devices allowing bypassing device based conditional access rules. \nhttps://o365blog.com/aadinternals/\n \nhttps://attack.mitre.org/software/S0677\n
\n
\nBiography:
\nDr Nestori Syynimaa is a white hat hacker working as a Senior Principal Security Researcher at Secureworks CTU. He holds Microsoft MVP and MVR awards and has published and maintained AADInternals since 2018.
\n
\n\n\n\n\n\''),(92,'\'Access Undenied on AWS - Noam Dahan\'','\'https://forum.defcon.org/node/241985\'','\'https://forum.defcon.org/node/241986\'','','','','\'\nAccess Undenied on AWS - Noam Dahan
\n
\n
\n
\nTitle:
\nAccess Undenied on AWS
\n
\nPresenter:
\nNoam Dahan
\n
\nAbstract:
\nAccess Undenied on AWS analyzes AWS CloudTrail AccessDenied events â€“ it scans the environment to identify and explain the reasons for which access was denied. When the reason is an explicit deny statement, AccessUndenied identifies the exact statement. When the reason is a missing allow statement, AccessUndenied offers a least-privilege policy that facilitates access.
\n
\nBiography:
\nNoam Dahan is a Senior Security Researcher at Ermetic with several years of experience in embedded security. He is a graduate of the Talpiot program at the Israel Defense Forces and spent several years in the 8200 Intelligence Corps. While this is his first time presenting at DEF CON, it is not his first time in front of a crowd. Noam was a competitive debater and is a former World Debating Champion.
\n
\n\n\n\n\n\''),(93,'\'alsanna - Jason Johnson\'','\'https://forum.defcon.org/node/242056\'','\'https://forum.defcon.org/node/242058\'','','','','\'\nalsanna - Jason Johnson
\nalsanna, a command-line based intercepting proxy for arbitrary TCP traffic.
\n
\nTitle:
\nalsanna
\n
\nPresenter:
\nJason Johnson
\n
\nAbstract:
\nalsanna is a command-line based intercepting proxy for arbitrary TCP traffic. It includes built-in support for decrypting TLS streams, and allows editing the stream as it passes over the network. It is deliberately lightweight and documented to help hackers who need to modify its behavior. This demo will include live instances of the tool which can be used by visitors, live support for anyone looking to learn how to use alsanna, and a short on-demand walkthrough for visitors, covering how the tool works and what you need to know to modify it.
\n
\nBiography:
\nJason has been hacking for years, getting great satisfaction from peeling back layers of abstraction. He enjoys working on network security and machine learning. He\'s been to two DEF CONs in the past, and loved every minute of them. He is currently employed by WithSecure and based out of upstate New York.\n\n\n\n\''),(94,'\'AWSGoat: A Damn Vulnerable AWS Infrastructure - Jeswin, Sanjeev\'','\'https://forum.defcon.org/node/242057\'','\'https://forum.defcon.org/node/242059\'','','','','\'\nTitle:
\nAWSGoat : A Damn Vulnerable AWS Infrastructure
\n
\nPresenter:
\nJeswin Mathai, Sanjeev Mahunta
\n
\nAbstract:
\nCompromising an organization\'s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure. Since cloud is relatively new, many developers are not fully aware of the threatscape and they end up deploying a vulnerable cloud infrastructure. When it comes to web application pentesting on traditional infrastructure, deliberately vulnerable applications such as DVWA and bWAPP have helped the infosec community in understanding the popular web attack vectors. However, at this point in time, we do not have a similar framework for the cloud environment. In this talk, we will be introducing AWSGoat, a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as IAM, S3, API Gateway, Lambda, EC2, and ECS. AWSGoat mimics real-world infrastructure but with added vulnerabilities. The idea behind AWSGoat is to provide security enthusiasts and pen-testers with an easy to deploy/destroy vulnerable infrastructure where they can learn how to enumerate cloud applications, identify vulnerabilities, and chain various attacks to compromise the AWS account. The deployment scripts will be open-source and made available after the talk.
\n
\n
\nBiography:
\nJeswin Mathai is a Senior Security Researcher at INE. Prior to joining INE, He was working as a senior security researcher at Pentester Academy (Acquired by INE). At Pentester Academy, he was also part of the platform engineering team who was responsible for managing the whole lab infrastructure. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo labs (DEFCON). He has also been a co-trainer in classroom trainings conducted at Black Hat Asia, HITB, RootCon, OWASP NZ Day. He has a Bachelor degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals, conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.
\n
\nSanjeev Mahunta is a Cloud Software Engineer at INE with a strong background in web, mobile application design and has high proficiency in AWS. He holds a bachelor\'s degree in Computer Science from Amity University Rajasthan. He has 2+ years of experience building front-end applications for the web and implementing ERP solutions. Having interned at Defence Research and Development Organisation (DRDO), he has acquired neat skills in application development. His areas of interest include Web Application Security, Serverless Application Deployment, System Design and Cloud.\n\n\n\n\''),(95,'\'AzureGoat: Damn Vulnerable Azure Infrastructure - Nishant, Rachna Learn/teach/practice Azure pentesting.\'','\'https://forum.defcon.org/node/242060\'','\'https://forum.defcon.org/node/242061\'','','','','\'\nTitle:
\nAzureGoat: Damn Vulnerable Azure Infrastructure
\n
\nPresenter:
\nNishant Sharma Rachna Umraniya
\n
\n
\nAbstract:
\nMicrosoft Azure cloud has become the second-largest vendor by market share in the cloud infrastructure providers (as per multiple reports), just behind AWS. There are numerous tools and vulnerable applications available for AWS for the security professional to perform attack/defense practices, but it is not the case with Azure. There are far fewer options available to the community. AzureGoat is our attempt to shorten this gap by providing a ready-to-deploy vulnerable setup (vulnerable application + misconfigured Azure components + multiple attack paths) that can be used to learn/teach/practice Azure cloud environment pentesting.
\n
\n
\nBiography:
\nNishant Sharma is a Security Research Manager at INE, where he manages the development of next-generation on-demand labs. Before INE, he worked as R&D Head of Pentester Academy (Acquired by INE), where he led a team of developers/researchers to create content and platform features for AttackDefense. He has also developed multiple gadgets for WiFi pentesting/monitoring such as WiMonitor, WiNX, and WiMini. With over 9+ years of experience in development and content creation, he has conducted trainings/workshops at Blackhat Asia/USA, HITB Amsterdam/Singapore, OWASP NZ day, and DEFCON USA villages. He has presented/published his work at Blackhat USA/Asia Arsenal, DEFCON USA/China, Wireless Village, Packet Village and IoT village. He has also conducted WiFi Pentesting training at Blackhat USA 2019, 2021. He had started his career as a firmware developer at Mojo Networks (Acquired by Arista) where he worked on new features for the enterprise-grade WiFi APs and maintenance of state-of-the-art WIPS. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi, Azure, and Container security.
\n
\nRachana Umaraniya is a Cloud Developer at INE and has two years of experience in software development. She specializes in building applications with Java frameworks and is well versed with databases. She has a Master\'s degree in Computer Science from NIT Hamirpur. Her area of interest includes cloud security, cryptography, web application, and docker security.\n\n\n\n\''),(96,'\'Badrats: Initial Access Made Easy - Kevin, Dominic\'','\'https://forum.defcon.org/node/242062\'','\'https://forum.defcon.org/node/242063\'','','','','\'\nTitle:
\nBadrats: Initial Access Made Easy
\n
\nPresenter:
\nKevin Clark Dominic â€œCryillicâ€ Cunningham
\n
\n
\nAbstract:
\nRemote Access Trojans (RATs) are one of the defining tradecraft for identifying an Advanced Persistent Threat. The reason being is that APTs typically leverage custom toolkits for gaining initial access, so they do not risk burning full-featured implants. Badrats takes characteristics from APT Tactics, Techniques, and Procedures (TTPs) and implements them into a custom Command and Control (C2) tool with a focus on initial access and implant flexibility. The key goal is to emulate that modern threat actors avoid loading fully-featured implants unless required, instead opting to use a smaller staged implant. Badrats implants are written in various languages, each with a similar yet limited feature set. The implants are designed to be small for antivirus evasion and provides multiple methods of loading additional tools, such as shellcode, .NET assemblies, PowerShell, and shell commands on a compromised host. One of the most advanced TTPs that Badrats supports is peer-to-peer communications over SMB to allow implants to communicate through other compromised hosts.
\n
\n
\nBiography:
\nKevin Clark is a Software Developer turned Pentester at TrustedSec. He focuses on initial access and active directory exploitation. Kevin contributes to open-source tools such as PowerShell Empire and publishes custom security toolkits such as Badrats and WindowsBinaryReplacements. Kevin authors a cybersecurity blog at \nhttps://henpeebin.com/kevin/blog\n.
\n
\nDominic â€œCryillicâ€ Cunningham is a Red Team Content Engineer for TryHackMe, a large cybersecurity education platform. He is currently pursuing a degree in computing security with a focus in digital forensics and malware. His work includes general adversary emulation, offensive operations, and evasion. He specializes in researching and documentation of Evasion Techniques, Windows Internals, and Active Directory. Most of his work and research has been published at \nhttps://www.tryhackme.com\n, where he has also developed and released numerous CTF boxes and enterprise-level ranges.\n\n\n\n\''),(97,'\'Control Validation Compass â€“ Threat Modeling Aide & Purple Team Content Repo - Scott Small\'','\'https://forum.defcon.org/node/242064\'','\'https://forum.defcon.org/node/242090\'','','','','\'\nControl Validation Compass â€“ Threat Modeling Aide & Purple Team Content Repo - Scott Small
\n
\n
\nTitle:
\nControl Validation Compass â€“ Threat Modeling Aide & Purple Team Content Repo - Scott Small
\n(no room for description)
\n
\nPresenter:
\nScott Small
\n
\n
\nAbstract:
\nControl Validation Compass ("Control Compass") provides a needed public resource that enables cyber security teams to actually operationalize MITRE ATT&CK for its best purpose: prioritized control validation. Control Compass unites tens of thousands of detection rules, offensive security scripts, and policy recommendations from 60+ open sources â€“ all aligned with MITRE ATT&CK â€“ into the largest single, continuously updated reference library for such content, wrapped in an easily searchable interface. This saves defenders, red teamers, and intel & GRC analysts serious time & effort when researching content for purple teaming efforts (aka control validation). Like its input components and sources, Control Compass resource sets are openly available to all, no strings attached. Control Compass supports a powerful second use case informed by its authorâ€™s experience advising security & intelligence teams across maturity levels: the tool also provides a library of unique, openly available threat landscape summaries organized by key adversary categories, including motivation, location, and victim industry. By enabling easy identification of relevant threat intelligence â€“ and a simple UI-based workflow to instantly surface corresponding security controls â€“ Control Compass greatly lowers the barrier to building accurate, intelligence-driven threat models and helps drive tighter control validation feedback loops around the threats that matter most to a given organization.
\n
\n
\nBiography:
\nScott Small has over 10 yearsâ€™ professional experience as a security & intelligence practitioner. Currently an analyst at a major retailer, Scottâ€™s prior roles focused on advising security teams across maturity levels on technical and strategic applications of intelligence. Scott is an active member of the professional security & intelligence communities. In addition to speaking and contributing to community projects, he has launched two projects that aggregate and streamline publicly accessible intelligence/security resources, as well as authored his own original tools & resources.\n\n\n\n\''),(98,'\'CyberPeace Builders - Adrien Ogee\'','\'https://forum.defcon.org/node/242065\'','\'https://forum.defcon.org/node/242066\'','','','','\'\nCyberPeace Builders - Adrien Ogee
\nPro hackers who volunteer to help NGOs improve their cybersecurity.
\n
\nTitle:
\nCyberPeace Builders
\n
\nPresenter:
\nAdrien Ogee
\n
\n
\nAbstract:
\nThe CyberPeace Builders are pro hackers who volunteer to help NGOs improve their cybersecurity. Through a portal that Iâ€™ll demo, hackers can access a variety of short engagements, from 1 to 4 hours, to provide targeted cybersecurity help to NGOs on topics ranging from staff awareness to DMARC implementation, password management and authentication practices, breach notification, OSINT and dark web monitoring, all the way to designing a cyber-related poster for the staff, reviewing their privacy policy and cyber insurance papers. The programme is the worldâ€™s first and only skills-based volunteering opportunity for professionals in the cybersecurity industry; it has been prototyped over 2 years, was launched in July 2021 and is now being used by over 60 NGOs worldwide, ultimately helping to protect over 350 million vulnerable people and $500 million in funds. Iâ€™ll demo the platform, show the type of help NGOs need and explain how NGOs and security professionals can leverage the programme.
\n
\n
\nBiography:
\nAdrien is currently Chief Operations Officer at the CyberPeace Institute, a cybersecurity non-profit based in Switzerland. At the Institute, he provides cybersecurity assistance to vulnerable communities around the world. Adrien has more than 15 years of experience in various cyber crisis response roles in the private sector, the French Cybersecurity Agency (ANSSI), the European Cybersecurity Agency (ENISA), and the World Economic Forum. Adrien holds an MEng in telecommunication and information systems, an MSc in Global Security and a Master in Business Administration.
\n
\n
\n
\n
\n\n\n\n\n\''),(99,'\'Defensive 5G - Eric Mair, Ryan Ashley A 4.5G/5G test infrastructure using COTS hardware and OS software.\'','\'https://forum.defcon.org/node/242067\'','\'https://forum.defcon.org/node/242068\'','','','','\'\nDefensive 5G - Eric Mair, Ryan Ashley
\nA 4.5G/5G test infrastructure using COTS hardware and OS software.
\n
\nTitle:
\nDefensive 5G
\n
\nPresenter:
\nEric Mair Ryan Ashley
\n
\n
\nAbstract:
\nIn this work we developed a 4.5G/5G network using only commercial off the shelf (COTS) hardware and open-source software to serve as test-infrastructure for studying vulnerabilities in 5G networks. We are using software defined networking (SDN) tools such as Faucet and Dovesnap and software defined radio(SDR) capabilities such as Open5gs and srsRAN along with Docker Containers to facilitate the rapid and reliable setup and configuration of network topologies that can be used to represent the 5G networks that we intend to test. By having a configurable and repeatable mechanism that could be shared among multiple users with differing hardware setups we were able to test 5G network configurations in a variety of ways and have those results validated by other team members.
\n
\n
\nBiography:
\nEric Mair has been working in wireless communications for over 20 years and is currently working for In- Q-Tel Labs in Arlington, VA as a senior communications-technologist focusing on 5G, SDR and the application of machine-learning to RF communications. Prior to IQT he was with the US Government for 19 years.
\n
\nRyan Ashley is currently a senior software-engineer at In-Q-Tel Labs. He is responsible for architecture, design, and implementation of open-source tools for analysis and visualization of network activity and other cyber-security use-cases. He is the primary maintainer of the IQT-Labs project NetworkML, and is a contributor to various other open-source projects.\n\n\n\n\''),(100,'\'EDR detection mechanisms and bypass techniques with EDRSandBlast - Thomas Diot, Maxime Meignan\'','\'https://forum.defcon.org/node/242107\'','\'https://forum.defcon.org/node/242108\'','','','','\'\nEDR detection mechanisms and bypass techniques with EDRSandBlast - Thomas Diot, Maxime Meignan
\n
\nTitle:
\nEDR detection mechanisms and bypass techniques with EDRSandBlast
\n
\nPresenter:
\nThomas Diot, Maxime Meignan
\n
\n
\nAbstract:
\nEDRSandBlast is a tool written in C that implements and industrializes known as well as original bypass techniques to make EDR evasion easier during adversary simulations. Both user-land and kernel-land EDR detection capabilities can be bypassed, using multiple unhooking techniques and a vulnerable signed driver to unregister kernel callbacks and disable the ETW Threat Intelligence provider. Since the initial release, multiple improvements have been implemented in EDRSandBlast: it is now possible to use this toolbox as a library from another attacking tool, new bypasses have been implemented, the embedded vulnerable driver is now interchangeable to increase stealthiness and the use of a pre-built offsets database is no more required! Come discover our tool and its new features, learn (or teach us!) something about EDRs and discuss about the potential improvements to this project.
\n
\n
\nBiography:
\nThomas Diot (Qazeer) is a security consultant at Wavestone, an independent French consulting firm. His work involves a mix of penetration testing, Red / Purple Teams engagements, and Incident Responses with Wavestone CERT-W. Thomas enjoys practicing and improving his skills by playing in CTFs, developing tools, and working on various security projects.
\n
\nMaxime Meignan (@th3m4ks) is a security consultant at Wavestone, based in Paris, since the middle of the last decade. Loving to reverse engineer binaries in both professional and CTF contexts, Maxime has an IDA sticker on the back of his smartphone. And writes this uninteresting fact in his bio. He is currently interested in various fields of security, related to EDR software, Windows internals and Virtualisation Based Security.\n\n\n\n\''),(101,'\'EMBA - Open-Source Firmware Security Testing - Messner, Eckmann\'','\'https://forum.defcon.org/node/242109\'','\'https://forum.defcon.org/node/242110\'','','','','\'\nEMBA - Open-Source Firmware Security Testing - Messner, Eckmann
\nSimplify, optimize and automate analysis
\n
\nTitle:
\nEMBA - Open-Source Firmware Security Testing
\n
\nPresenter:
\nMichael Messner, Pascal Eckmann
\n
\nAbstract:
\nPenetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis.
\n
\nBiography:
\nMichael Messner: As a security researcher and penetration tester, I have more than 10 years of experience in different penetration testing areas. In my current position, I\'m focused on hacking embedded devices used in critical environments.
\n
\nPascal Eckmann: As a security researcher and developer, I have worked on several internal and Open-Source projects in the areas of fuzzing, firmware analysis and web development. In addition to automated firmware analysis, I have experience in various penetration testing areas including hardware and wireless communication.\n\n\n\n\''),(102,'\'Empire 4.0 and Beyond - V. Rose, A. Rose\'','\'https://forum.defcon.org/node/242219\'','\'https://forum.defcon.org/node/242220\'','','','','\'\nEmpire 4.0 and Beyond - V. Rose, A. Rose
\n
\n
\n
\nC2 framework in Python 3 for Windows, Linux, macOS exploitation
\n
\nTitle:
\nEmpire 4.0 and Beyond
\n
\nPresenter:
\nVincent "Vinnybod" Rose, Anthony "Cx01N" Rose
\n
\n
\nAbstract:
\nEmpire is a Command and Control (C2) framework powered by Python 3 that supports Windows, Linux, and macOS exploitation. It has evolved significantly since its introduction in 2015 and has become one of the most widely used open-source C2 platforms. Starting life as PowerShell Empire and later merging in Empyre, Empire is now a full-fledged .NET C2 leveraging PowerShell, Python, C#, and Dynamic Language Runtime (DLR) agents. It offers a flexible modular architecture that links Advanced Persistent Threats (APTs) Tactics, Techniques, and Procedures (TTPs) through the MITRE ATT&CK database. The framework aims to provide a flexible and easy-to-use interface to easily incorporate a wide array of tools into a single platform for red team operations to emulate APTs. This presentation will explore our most recent upgrades in Empire 4.0, including C# and IronPython agents, Customizable Bypasses, Malleable HTTP C2, Donut Integration, Beacon Object File (BoF), and much more. In addition, our team will be giving a preview of Empire 5.0 and its features. The most exciting of these being the brand-new web client (Starkiller 2.0) and v2 API, which will be released later this year.
\n
\n
\nBiography:
\nVincent "Vinnybod" Rose is the lead developer for Empire and Starkiller. He is a software engineer with experience in cloud services, large-scale web applications, build pipeline automation, and big data ETL. Vinnybod has presented at Black Hat and has taught courses at DEF CON on Red Teaming and Offensive PowerShell. He currently maintains a cybersecurity blog focused on offensive security at \nhttps://www.bc-security.org/blog/\n.
\n
\nAnthony "Cx01N" Rose, CISSP, is a Security Researcher and Chief Operating Officer at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, and RSA conferences. Anthony is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing widespread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at \nhttps://www.bc-security.org/blog/\n.
\n
\n
\n\n\n\n\n\''),(103,'\'FISSURE: The RF Framework - Christopher Poore\'','\'https://forum.defcon.org/node/242221\'','\'https://forum.defcon.org/node/242222\'','','','','\'\nFISSURE: The RF Framework - Christopher Poore
\n
\n
\n
\nAn open-source RF and reverse engineering framework.
\n
\nTitle:
\nFISSURE: The RF Framework
\n
\nPresenter:
\nChristopher Poore
\n
\nAbstract:
\nFISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signal data, scripts, flow graphs, reference material, and third-party tools. FISSURE is a workflow enabler that keeps software in one location and allows teams to effortlessly get up to speed while sharing the same proven baseline configuration for specific Linux distributions. The framework and tools included with FISSURE are designed to detect the presence of RF energy, understand the characteristics of a signal, collect and analyze samples, develop transmit and/or injection techniques, and craft custom payloads or messages. FISSURE contains a growing library of protocol and signal information to assist in identification, packet crafting, and fuzzing. Online archive capabilities exist to download signal files and build playlists to simulate traffic and test systems.
\n
\n
\nBiography:
\nChris Poore is a Senior Reverse Engineer at Assured Information Security in Rome, NY. He has expertise discovering vulnerabilities in wireless systems, gaining access to systems via RF, reverse engineering RF protocols, forensically testing cybersecurity systems, and administering RF collection events. He has been the main figure behind the design and implementation of FISSURE since its inception in 2014. Chris is excited about implementing ideas drawn from the community and taking advantage of increased networking opportunities, so please reach out to him.
\n
\n
\n\n\n\n\n\''),(104,'\'hls4ml - Open Source Machine Learning Accelerators on FPGAs - Hawks, Meza\'','\'https://forum.defcon.org/node/242223\'','\'https://forum.defcon.org/node/242224\'','','','','\'\nhls4ml - Open Source Machine Learning Accelerators on FPGAs - Hawks, Meza
\n
\n
\n
\nAn open-source Python package.
\n
\nTitle:
\nhls4ml - Open Source Machine Learning Accelerators on FPGAs
\n
\nPresenter:
\nBen Hawks, Andres Meza
\n
\nAbstract:
\nBorn from the high energy physics community at the Large Hadron Collider, hls4ml is an open-source Python package for machine learning inference in FPGAs (Field Programmable Gate Arrays). It creates firmware implementations of machine learning algorithms by translating traditional, open-source machine learning package models into optimized high level synthesis C++ that can then be customized for your use case and implemented on devices such as FPGAs and Application Specific Integrated Circuits (ASICs). Hls4ml can easily scale the implementation of a model to take advantage of the parallel processing capabilities that FPGAs offer, not only allowing for low latency, high throughput designs, but also designs sized to fit on lower cost, resource constrained hardware. Hls4ml also supports generating accelerators with different drivers that build minimal, self-contained implementations which enable control via Python or C/C++ with little extra development or hardware expertise.
\n
\nBiography:
\nBen Hawks is an AI Researcher at Fermi National Accelerator Laboratory, focusing on optimizing and compressing neural networks to be tiny, fast, and accurate for use on FPGAs and other specialized hardware. Since he was young, heâ€™s had a personal interest in computer security, programming, and electronics, and is interested in learning how to make machine learning fair, efficient, and fast. Outside of work, he spends his time messing with electronics, tabletop RPGs, and catering to the whims of a small feline overlord.
\n
\nAndres Meza is a research and development engineer in the Department of Computer Science and Engineering at the University of California, San Diego. He received a B.S. Computer Science and a B.S. Cognitive Science with a Machine Learning and Neural Computation Specialization from UCSD in 2020. His current research focuses on hardware security, optimization of ML models for hardware deployment, and computer vision.
\n
\n
\n\n\n\n\n\''),(105,'\'Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level - Fischer, Miller\'','\'https://forum.defcon.org/node/242225\'','\'https://forum.defcon.org/node/242226\'','','','','\'\nInjectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level - Fischer, Miller
\n
\n
\n
\nTitle:
\nInjectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level
\n
\nPresenter:
\nJonathan Fischer, Jeremy Miller
\n
\nAbstract:
\nEnterprises today are shifting away from dedicated workstations, and moving to flexible workspaces with shared hardware peripherals. This creates the ideal landscape for hardware implant attacks; however, implants have not kept up with this shift. While closed source, for-profit solutions exist and have seen some recent advances in innovation, they lack the customization to adapt to large targeted deployments. Open-source projects exist but focus more on individual workstations (dumb keyboards/terminals) relying on corporate networks for remote control. Our solution is an open source, hardware implant which adopts IoT technologies, using non-standard channels to create a remotely managed mesh network of hardware implants. Attendees will learn how to create a new breed of open-source hardware implants. Topics covered in this talk include the scaling of implants for enterprise takeover, creating and utilizing a custom C2 server, a reverse shell that survives screen lock, and more. They will also leave with a new platform from which to innovate custom implants. Live demos will be used to show these new tactics against real world infrastructure. This talk builds off of previous implant talks but will show how to leverage new techniques and technologies to push the innovation of hardware implants forward evolutionarily.
\n
\nBiography:
\nJonathan Fischer is a hardware and IoT security enthusiast that started off designing, programming, and implementing electronic controls for industrial control systems and off-highway machinery. After a decade in that industry, Jonathan obtained his BS in Computer Science and transitioned over to the cyber security industry where he has been working as a Red Team consultant and researcher for more than five years at a Fortune 500. Since joining the cyber security industry, Jonathan has since earned various industry certifications (OSCP, GPEN, etc.) and continues to leverage his unique experience in his research into hardware hacking.
\n
\nJeremy Miller is a 12+ year security professional that has worked in various industries including life-sciences, finance, and retail. Jeremy has worked both sides of the security spectrum ranging from Security Research, Red Teaming and Penetration Testing to Threat Intelligence and SOC Analyst. Jeremy currently works as a Security Technical Lead for an emerging R&D Life Science Platform where he works on product and infrastructure security.
\n
\n
\n\n\n\n\n\''),(106,'\'Memfini - A systemwide memory monitor interface for linux - Shubham Dubey, Rishal Dwivedi\'','\'https://forum.defcon.org/node/242227\'','\'https://forum.defcon.org/node/242228\'','','','','\'\nMemfini - A systemwide memory monitor interface for linux - Shubham Dubey, Rishal Dwivedi
\n
\n
\n
\nTitle:
\nMemfini - A systemwide memory monitor interface for linux
\n
\nPresenter:
\nShubham Dubey, Rishal Dwivedi
\n
\nAbstract:
\nSurprisingly, memory related events logging has been ignored by monitoring toolâ€™s authors since a long time. There are multiple event loggers present for Linux that are capable of monitoring processes, i/o operations, function calls or whole systemwide events. But something which lacks in most is global monitoring of memory related events like allocation, attachment to a shared memory, memory allocation in foreign process etc. This has many applications in security domain or even software engineering in general. The main area of focus or use case for Memfini is to assist Security professionals for carrying out memory specific Dynamic Malware Analysis, in order to help them in finding indicators for malicious activities without reversing the behavior. Below listed are few of the use cases (which we will also be demonstrating in the talk). â€¢ Process Injection â€¢ Fileless malware execution â€¢ Shellcode Execution â€¢ Malicious shared memory usage On the other hand, it can also be helpful for Software developers, who wish to have an eagle eye on the memory allocations â€¢ Finding Memory Leaks â€¢ Error detection for debugging purposes. The is possible as Memfini is capable of monitoring memory allocations on User space, Kernel space as well as some under looked allocations like PCI device mapping, DMA allocations etc. It provides a command line interface with multiple filters, allowing a user to interact with the logs generated & get the required data. Currently, the user will be able to filter the events by individual process, type of access etc.
\n
\nBiography:
\nShubham is a Security Researcher 2 at Microsoft where he works for Microsoftâ€™s defender product. His expertise lies in low level security and internals which includes reverse engineering, exploitation and firmware security. Prior to joining Microsoft, Shubham was Security researcher at Antivirus company working in exploit prevention team where he contributed to protect customers from 0days and vulnerabilities in the wild. Shubham has worked on multiple independent project on kernel level and firmware security. He own a security blog nixhacker.com where you will find lots of content on low level security and internals.
\n
\nRishal is a Security Researcher at Microsoft where he works for Microsoft\'s defender product. His expertise lies in Offensive security which includes vulnerability discovery and exploitation, owning multiple CVE\'s. Prior to joining Microsoft, Rishal was a Sr. Security researcher at company where he contributed to their Web Application Security product. Rishal gained fame in bug bounty at an early age of 13 years. After contributing to Application Security for multiple years, he went on to explore other domains of security including IOT security and Malware Analysis.
\n
\n
\n\n\n\n\n\''),(107,'\'Mercury - David McGrew, Brandon Enright\'','\'https://forum.defcon.org/node/242229\'','\'https://forum.defcon.org/node/242230\'','','','','\'\nMercury - David McGrew, Brandon Enright
\n
\n
\n
\nOpen source package for network metadata extraction & analysis
\n
\nTitle:
\nMercury
\n
\nPresenter:
\nDavid McGrew, Brandon Enright
\n
\nAbstract:
\nMercury is an open source package for network metadata extraction and analysis. It reports session metadata including fingerprint strings for TLS, QUIC, HTTP, DNS, and many other protocols. Mercury can output JSON or PCAP. Designed for large scale use, it can process packets in real time at 40Gbps on server-class commodity hardware, using Linux native zero-copy high performance networking. The Mercury package includes tools for analyzing PKIX/X.509 certificates and finding weak keys, and for analyzing fingerprints with destination context using a naive Bayes classifier.
\n
\nBiography:
\nDavid McGrew leads research and development into the detection of threats, vulnerabilities, and attacks using network data. He designed authenticated encryption algorithms and protocols, most notably GCM and Secure RTP, and he is a Fellow at Cisco Systems.
\n
\nBrandon Enright is a lead DIFR investigator for Cisco CSIRT, an expert at DNS and network data analysis, and a contributor to Nmap and other open source projects.
\n
\n
\n\n\n\n\n\''),(108,'\'OpenTDF - Paul Flynn, Cassandra Bailey\'','\'https://forum.defcon.org/node/242231\'','\'https://forum.defcon.org/node/242232\'','','','','\'\nOpenTDF - Paul Flynn, Cassandra Bailey
\n
\n
\n
\nBuild data protections using the Trusted Data Format
\n
\nTitle:
\nOpenTDF
\n
\nPresenter:
\nPaul Flynn, Cassandra Bailey
\n
\nAbstract:
\nOpenTDF is an open source project that provides developers with the tools to build data protections natively within their applications using the Trusted Data Format (TDF).
\n
\nBiography:
\nPaul has been a software developer for over 25 years, starting as a webmaster in 1995. Paul has worked on securely connecting merchants with banking mainframes; providing governments with digital signing and receipting of documents, and solved Y2K. He has helped scale some of the largest web sites of its time (eBay, Obamacare) and worked on command-and-control systems of life-saving McMurdo beacons. Paul has recognized the deficiency of security from his past and is proud of the solution that is available in OpenTDF.
\n
\nCassandra started her career as a full-stack developer for web and macOS applications, and has since managed projects and products in the DeFi, gaming, and most recently, data protection and security spaces. The latter corresponds to her role in helping to develop and manage the OpenTDF project, an open-source API and SDK that leverages the Trusted Data Format (TDF) to enable zero-trust data protection.
\n
\n
\n\n\n\n\n\''),(109,'\'Packet Sender - Dan Nagle\'','\'https://forum.defcon.org/node/242267\'','\'https://forum.defcon.org/node/242268\'','','','','\'\nPacket Sender - Dan Nagle
\nToolkit to troubleshoot and reverse engineer network-based devices
\n
\nTitle:
\nPacket Sender
\n
\nPresenter:
\nDan Nagle
\n
\nAbstract:
\nPacket Sender is a free open-source (GPLv2) cross-platform (Windows, Mac, Linux) tool used daily by security researchers, college students, and professional developers to troubleshoot and reverse engineer network-based devices. Its core features are crafting and listening for UDP, TCP, and SSL/TLS packets via IPv4 or IPv6. It can listen simultaneously on any number of ports while sending to any UDP, TCP, SSL/TLS packet server. It is available for direct download or through the Winget, Homebrew, Debian, or Snap repos.
\n
\nBiography:
\nDan Nagle has over 15 years of software development experience. He has written and published apps for desktop, mobile, servers, and embedded. He is the author and inventor of Packet Sender, an app used daily by security researchers, featured in manuals from major tech companies, and is taught in universities around the world. He is also the author of 2 network-related patents and a book published by CRC Press. His open source contributions have received international awards, and he has presented at many developer conferences about them.
\n\n\n\n\n\''),(110,'\'PCILeech and MemProcFS - Ulf Frisk, Ian Vitek\'','\'https://forum.defcon.org/node/242265\'','\'https://forum.defcon.org/node/242266\'','','','','\'\nPCILeech and MemProcFS - Ulf Frisk, Ian Vitek
\nA direct memory access attack toolkit.
\n
\nTitle:
\nPCILeech and MemProcFS
\n
\nPresenter:
\nUlf Frisk, Ian Vitek
\n
\nAbstract:
\nThe PCILeech direct memory access attack toolkit was presented at DEF CON 24 and quickly became popular amongst red teamers and game hackers alike. We will demonstrate how to take control of still vulnerable systems with PCIe DMA code injection using affordable FPGA hardware and the open source PCILeech toolkit. MemProcFS is memory forensics and analysis made super easy! Analyze memory by clicking on files in a virtual file system or by using the API. Analyze memory dump files or live memory acquired using drivers or PCILeech PCIe FPGA hardware devices.
\n
\n
\nBiography:
\nUlf is a pentester by day, and a security researcher by night. Ulf is the author of the PCILeech direct memory access attack toolkit and MemProcFS. Ulf is interested in things low-level and primarily focuses on memory analysis and DMA.
\n
\nIan Vitek has a background as a pentester but now works with information security in the Swedish financial sector. Ian has held several presentations at DEF CON, BSidesLV and other IT security conferences.
\n\n\n\n\n\''),(111,'\'PMR - PT & VA Management & Reporting - Alanazi, Bin Muatred\'','\'https://forum.defcon.org/node/242263\'','\'https://forum.defcon.org/node/242264\'','','','','\'\nPMR - PT & VA Management & Reporting - Alanazi, Bin Muatred
\nA collaboration platform for pentesting.
\n
\nTitle:
\nPMR - PT & VA Management & Reporting
\n
\nPresenter:
\nAbdul Alanazi Musaed Bin Muatred
\n
\nAbstract:
\nPMR (PTVA Management & Reporting) is an open-source collaboration platform that closes the gap between InfoSec Technical teams and Management in all assessment phases, from planning to reporting. Technical folks can focus on assessment methodology planning, test execution ,and engagement collaboration. Whereas management can plan engagements, track progress, assign testers, monitor remediation status, and escalate SLA breaches, this is an All-in-One fancy dashboard. The main features are: A) *Asset Management* which allows IT asset inventory tracking with system owner contacts. B) *Engagements Management & Planning* that enable security testers to follow a test execution roadmap by creating a new testing methodology or follow execution standards such as NIST, PTES or OWASP. It definitely will keep pentesting engagements and projects more professional. Also, it enables collaborative testing, gathering information and evidence uploading. C) *Report Automation* that automates boring tasks such as writing technical reports and validation reports. Generating a PDF report that is ready to share with clients and management can be accomplished with one-click. D) *All-in-One Dashboard* that will keep executives and management up-to-date with the organization\'s security posture. The dashboard components are: - High level of current vulnerabilities. - Engagement progress. - Remediation Status. - Track SLA breaches. -Monitoring risk exceptions.
\n
\nBiography:
\nAbdul Alenazi is a penetration testing technical manager @SabrySecurity, a founding member of Sabry InfoSec, with nearly 8 years of experience in pentesting. Prior to joining Sabry, he has worked as a Penetration Testing Consultant at Booz Allen Hamilton, HYAS infoSec, ManTech and other Global & Local Companies. Abdul has completed MASc in Computer Engineering with focus on Applied Network Security & Machine Learning at @UVIC.ca. He has also published academic research on Botnet Detection. In his free time, he enjoys coding and investigating open source security tools. Twitter: @alenazi_90
\n
\nMusaed Bin Muatred: is a Threat Intelligence expert with +8 years of experience in the field of cyber defence. He holds more than 10 certifications and MSc in Computer Science. Also, he has extensive experience in DFIR, threat hunting and reverse engineering\n\n\n\n\''),(112,'\'ResidueFree - Logan Arkema\'','\'https://forum.defcon.org/node/242261\'','\'https://forum.defcon.org/node/242262\'','','','','\'\nResidueFree - Logan Arkema
\nA privacy-enhancing tool to keep sensitive information off a filesystem
\n
\nTitle:
\nResidueFree
\n
\nPresenter:
\nLogan Arkema
\n
\nAbstract:
\nResidueFree is a privacy-enhancing tool that allows individuals to keep sensitive information off their device\'s filesystem. It takes on-device privacy protections from TAILS and "incognito" web browser modes and applies them to any app running on a user\'s regular operating system, effectively making the privacy protections offered by TAILS more usable and accessible while improving the on-device privacy guarantees made by web browsers and extending them to any application. While ResidueFree currently runs on Linux, its maintainers are hoping to port it to other operating systems in the near future. In addition, ResidueFree can help forensic analysts and application security engineers isolate filesystem changes made by a specific application. The same implementation ResidueFree uses to ensure that any file changes an application makes are not stored to disk can also be used to isolate those changes to a separate folder without impacting the original files.
\n
\nBiography:
\nLogan is a former student-turned-independent researcher and software developer. While he makes a living conducting IT, security, and privacy audits, his most impactful hacking is 1337ing his job\'s policies as a union rep to elevate workplace privileges. He has an OSCP, other certs from days wooing federal hiring screeners to pass along his application, and The Time Warp stuck in his head from the time he heard "rm -rf" could be pronounced "rimm raff."
\n\n\n\n\n\''),(113,'\'SharpSCCM - Chris Thompson, Duane Michael\'','\'https://forum.defcon.org/node/242259\'','\'https://forum.defcon.org/node/242260\'','','','','\'\nSharpSCCM - Chris Thompson, Duane Michael
\nPost-exploitation tool for lateral movement froma C2 agent.
\n
\nTitle:
\nSharpSCCM
\n
\nPresenter:
\nChris Thompson, Duane Michael
\n
\nAbstract:
\nSharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr, formerly SCCM) for lateral movement from a C2 agent without requiring access to the SCCM administration console. SharpSCCM supports lateral movement functions ported from PowerSCCM and contains additional functionality to abuse newly discovered attack primitives for coercing NTLM authentication from local administrator and SCCM site server machine accounts in environments where automatic client push installation is enabled. SharpSCCM can also dump information about the SCCM environment from a client, including domain credentials for Network Access Accounts. Further, with access to an SCCM administrator account, operators of SharpSCCM can execute code as SYSTEM or coerce NTLM authentication from the currently logged-in user or the machine account on any SCCM client.
\n
\nBiography:
\nChris is a senior consultant on SpecterOpsâ€™s adversary simulation team and has over ten years of experience in information security, serving numerous Fortune 500 clients in the retail, consumer products, financial, and telecom industries. He has extensive experience leading network, web application, and wireless penetration tests, social engineering engagements, and technical security assessments to provide actionable recommendations that align with each organization\'s security strategy and risk tolerance. Chris enjoys researching and applying new tradecraft to overcome technical challenges and writing tools that automate tasks and improve efficiency.
\n
\nDuane is a senior consultant on SpecterOps\'s adversary simulation team, where he conducts advanced red team exercises and instructs courses on red team operations and vulnerability research. He has over ten years of experience in information security, with a deep curiosity for researching Windows, its internals, and related technologies. Duane strives to demystify tradecraft for clients through both an offensive and defensive lens, an activity he has performed for numerous Fortune 100 clients.\n\n\n\n\''),(114,'\'svachal + machinescli - Ankur Tyagi\'','\'https://forum.defcon.org/node/242257\'','\'https://forum.defcon.org/node/242258\'','','','','\'\nsvachal + machinescli - Ankur Tyagi
\nTools for creating and learning from CTF writeups.
\n
\nTitle:
\nsvachal + machinescli
\n
\nPresenter:
\nAnkur Tyagi
\n
\nAbstract:
\nWriteups for CTF challenges and machines are a critical learning resource for our community. For the author, it presents an opportunity to document their methodology, tips/tricks and progress. For the audience, it serves as reference material. Oftentimes, authors switch roles and become the audience to learn from their own work. This demo aims to showcase tools, svachal and machinescli, developed with these insights. These work in conjunction to help users curate their learning in .yml structured files, find insights and query this knowledge base as and when needed.
\n
\nBiography:
\nAnkur is working with Qualys Inc. as a Principal Engineer. On the Internet, he goes by the handle 7h3rAm and usually blogs here: \nhttp://7h3ram.github.io/\n.\n\n\n\n\''),(115,'\'TheAllCommander - Matthew Handy\'','\'https://forum.defcon.org/node/242255\'','\'https://forum.defcon.org/node/242256\'','','','','\'\nTheAllCommander - Matthew Handy
\nAn open-source tool as a framework to prototype and model malware comms.
\n
\nTitle:
\nTheAllCommander
\n
\nPresenter:
\nMatthew Handy
\n
\nAbstract:
\nTheAllCommander is an open-source tool which offers red teams and blue teams a framework to rapidly prototype and model malware communications, as well as associated client-side indicators of compromise. The framework provides a structured, documented, and object-oriented API for both the client and server, allowing anyone to quickly implement a novel communications protocol between a simulated malware daemon and its command and control server. For Blue Teamers, this allows rapid modeling of emerging threats and comprehensive testing in a controlled manner to develop reliable detection models. For Red Teamers, this framework allows rapid iteration and development of new protocols and communications schemes with an easy to use Python interface. The framework has many tools or techniques used by red teams built in, such as a SOCKS5 proxy, which then use the implemented communication scheme. This allows comprehensive testing of the detection and functional capability of the communication scheme, allowing for efficient design and development choices to be made before committing to production tool development. To facilitate this goal, TheAllCommander includes a Java based command and control server with a simple API to allow new plug-ins for server-side control. There is a python-based emulation client, which can be easily extended using the API to allow new client side communications code. Several reference implementations for covert malware communication are provided to allow out-of-the-box modeling, including emulated client browser HTTPS traffic, DNS queries, and email traffic. The tool chain includes support for several common Red Team tactics, such as Remote Desktop tunneling and FODHelper UAC bypass. This implementation effectively generates both client side and network traffic indicators of compromise.
\n
\nBiography:
\nMatt Handy completed his BS in Computer Science at the University of Maryland, College Park (UMD) in 2010, and MS in CyberSecurity at Johns Hopkins in 2014. He has worked for NASA\'s Goddard Space Flight Center doing satellite ground systems development since 2009. He has specialized in secure software systems development and has helped to develop several missions over the course of his career. In his off time, he enjoys doing independent security research and creating tools like TheAllCommander to help make a more secure cyber world.\n\n\n\n\''),(116,'\'unblob - towards efficient firmware extraction - Kaiser, Lukavsky\'','\'https://forum.defcon.org/node/242253\'','\'https://forum.defcon.org/node/242254\'','','','','\'\nunblob - towards efficient firmware extraction - Kaiser, Lukavsky
\nA tool to obtain content binary blobs
\n
\nTitle:
\nunblob - towards efficient firmware extraction
\n
\nPresenter:
\nQuentin Kaiser, Florian Lukavsky
\n
\nAbstract:
\nUnblob is a command line extraction tool to obtain content from any kind of binary blob. It has been initially developed for the sound and safe extraction of arbitrary firmware images. It has been built as a modular framework where anyone can develop and submit new format handlers and extractors. Its public version already supports a large number of filesystems, archive, and compression formats: \nhttps://github.com/onekey-sec/unblob\n
\n
\nBiography:
\nQuentin Kaiser is an ex-penetration tester who turned binary analysis nerd. He\'s currently working as a security researcher at the ONEKEY Research Lab, where he focuses on binary exploitation of embedded devices and bug finding automation within large firmware. Florian Lukavsky started his hacker career in early ages, bypassing parental control systems. Since then, he has reported numerous zero-day vulnerabilities responsibly to software vendors and has conducted hundreds of pentests and security reviews of IoT devices as a CREST certified, ethical hacker. Today, Florian Lukavsky aid organizations with IoT security automation as CTO of ONEKEY, the leading European platform for automated security analyses of IoT firmware.
\n\n\n\n\n\''),(117,'\'Vajra - Your Weapon To Cloud - Raunak Parmar\'','\'https://forum.defcon.org/node/242250\'','\'https://forum.defcon.org/node/242251\'','','','','\'\nVajra - Your Weapon To Cloud - Raunak Parmar
\nFramework for validating a target\'s cloud security posture.
\n
\nTitle:
\nVajra - Your Weapon To Cloud
\n
\nPresenter:
\nRaunak Parmar
\n
\nAbstract:
\nVajra (Your Weapon to Cloud) is a framework capable of validating the cloud security posture of the target environment. In Indian mythology, the word Vajra refers to the Weapon of God Indra (God of Thunder and Storms). Because it is cloud-connected, it is an ideal name for the tool. Vajra supports multi-cloud environments and a variety of attack and enumeration strategies for both AWS and Azure. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking and enumerating techniques all in one place with web UI interfaces so that it can be accessed anywhere by just hosting it on your server. The following modules are currently available: â€¢ Azure - Attacking 1. OAuth Based Phishing (Illicit Consent Grant Attack) - Exfiltrate Data - Enumerate Environment - Deploy Backdoors - Send mails/Create Rules 2. Password Spray 3. Password Brute Force - Enumeration 1. Users 2. Subdomain 3. Azure Ad 4. Azure Services - Specific Service 1. Storage Accounts â€¢ AWS - Enumeration 1. IAM Enumeration 2. S3 Scanner - Misconfiguration
\n
\nBiography:
\nRaunak Parmar works as a Security Consultant. Web/Cloud security, source code review, scripting, and development are some of his interests. Also, familiar with PHP, NodeJs, Python, Ruby, and Java. He is OSWE certified and the author of Vajra and 365-Stealer.
\n
\n
\n\n\n\n\n\''),(118,'\'Wakanda Land - Stephen Kofi Asamoah\'','\'https://forum.defcon.org/node/242248\'','\'https://forum.defcon.org/node/242249\'','','','','\'\nWakanda Land - Stephen Kofi Asamoah
\nAutomated Cyber Range deployment tool to paractice attacks.
\n
\nTitle:
\nWakanda Land
\n
\nPresenter:
\nStephen Kofi Asamoah
\n
\nAbstract:
\nWakanda Land is a Cyber Range deployment tool that uses terraform for automating the process of deploying an Adversarial Simulation lab infrastructure for practicing various offensive attacks. This project inherits from other people\'s work in the Cybersecurity Community, to which I have added some additional sprinkles to their work from my other research. The tool deploys the following for the lab infrastructure (of course, more assets can be added): -Two Subnets -Guacamole Server --This provides dashboard access to --Kali GUI and Windows RDP instances The Kali GUI, Windows RDP and the user accounts used to log into these instances are already backed into the deployment process --To log into the Guacamole dashboard with the guacadmin account, you need to SSH into the Guacamole server using the public IP address (which is displayed after the deployment is complete) and then change into the guacamole directory and then type cat .env for the password (the guacadmin password is randomly generated and saved as an environment variable) -Windows Domain Controller for the Child Domain (first.local) -Windows Domain Controller for the Parent Domain (second.local) -Windows Server in the Child Domain -Windows 10 workstation in the Child Domain -Kali Machine - a directory called toolz is created on this box and Covenant C2 is downloaded into that folder, so its just a matter of running Covenant once you are authenticated into Kali -Debian Server serving as Web Server 1 - OWASP\'s Juice Shop deployed via Docker -Debian Server serving as Web Server 2 - Vulnerable web apps
\n
\n
\nBiography:
\nStephen Kofi Asamoah (q0phi80) is an Offensive Security professional, with over fifteen (15) years of experience running Offensive Security operations. Some of his previous places of employment include Ernst & Young, PwC and IBM X-Force Red. Currently as a Snr. Manager of Offensive Cybersecurity Operations, he runs an Enterprise\'s Offensive Security programs and manages a team of Offensive Security Operators.
\n
\n
\n\n\n\n\n\''),(119,'\'Xavier Memory Analysis Framework - Solomon Sonya\'','\'https://forum.defcon.org/node/242246\'','\'https://forum.defcon.org/node/242247\'','','','','\'\nXavier Memory Analysis Framework - Solomon Sonya
\nA visualization construct for memory analysis.
\n
\nTitle:
\nXavier Memory Analysis Framework
\n
\nPresenter:
\nSolomon Sonya
\n
\nAbstract:
\nMalware continues to advance in sophistication. Well-engineered malware can obfuscate itself from the user and the OS. Volatile memory is the unique structure malware cannot evade. I have engineered a new construct for memory analysis and a new open-source tool that automates memory analysis, correlation, and user-interaction to increase investigation accuracy, reduce analysis time and workload, and better detect malware presence from memory. This talk demos a new visualization construct that creates the ability to interact with memory analysis artifacts. Additionally, this talk demos new, very impactful data XREF and a system manifest analysis features. Data XREF provides an index and memory context detailing how your search data is coupled with processes, modules, and events captured in memory. The System Manifest distills the analysis data to create a new memory analysis snapshot and precise identification of malicious artifacts detectable from malware execution especially useful for exploit dev and malware analysis!
\n
\n
\nBiography:
\nSolomon Sonya (@Carpenter1010) is the Director of Cyber Operations Training at a large organization. He has a background in software development, malware analysis, covert channels, steganography, distributed computing, computer hacking, information protection paradigms, and cyber warfare. He received his Undergraduate Degree in Computer Science and has Masterâ€™s degrees in Computer Science and Information System Engineering. Before becoming Director of Cyber Operations Training, he was a university Computer Science Assistant Professor of Computer Science and Research Director. Solomonâ€™s current research includes computer system exploitation, cyber threat intelligence, digital forensics, and data protection. Solomon\'s previous keynote and conference engagements include: BlackHat USA, SecTor Canada, Hack in Paris, France, HackCon Norway, ICSIS â€“ Toronto, ICORES Italy, BruCon Belgium, CyberCentral â€“ Prague and Slovakia, Hack.Lu Luxembourg, Shmoocon DC, BotConf - France, DerbyCon Kentucky, SkyDogCon Tennessee, HackerHalted Georgia, Day-Con Ohio, and TakeDownCon Connecticut, Maryland, and Alabama, AFCEA â€“ Colorado Springs.
\n
\n\n\n\n\n\''),(120,'\'Zuthaka: A Command & Controls (C2s) integration framework - Lucas Bonastre, Alberto Herrera\'','\'https://forum.defcon.org/node/242244\'','\'https://forum.defcon.org/node/242245\'','','','','\'\nZuthaka: A Command & Controls (C2s) integration framework - Lucas Bonastre, Alberto Herrera
\n
\nTitle:
\nZuthaka: A Command & Controls (C2s) integration framework
\n
\nPresenter:
\nLucas Bonastre, Alberto Herrera
\n
\nAbstract:
\nThe current C2s ecosystem has rapidly grown in order to adapt to modern red team operations and diverse needs (further information on C2 selection can be found here). This comes with a lot of overhead work for Offensive Security professionals everywhere. Creating a C2 is already a demanding task, and most C2s available lack an intuitive and easy to use web interface. Most Red Teams must independently administer and understand each C2 in their infrastructure. Zuthaka presents a simplified API for fast and clear integration of C2s and provides a centralized management for multiple C2 instances through a unified interface for Red Team operations. A collaborative free open-source Command & Control development framework that allows developers to concentrate on the core function and goal of their C2. Zuthaka is more than just a collection of C2s, it is also a solid foundation that can be built upon and easily customized to meet the needs of the exercise that needs to be accomplished. This integration framework for C2 allows developers to concentrate on a unique target environment and not have to reinvent the wheel. After we first presented Zuthakas\' MVP at Black hat USA 2021 and DEFCON demo labs, we are now presenting the first release with updated post-exploitation modules to support text based modules, as well as file based ones. With a lab populated of commonly used C2s and its out-of-the-box integrations.
\n
\nBiography:
\nLucas started his career studying Mathematics at the University of Buenos Aires, however when his uncle gave him a C++ book, he realized his true passion for programming and his outstanding ability for problem-solving. He worked across cybersecurity and technology firms and is a vetted developer in many languages such as C/C++, Python, Java, and PHP. Now he is a full time developer and security researcher at Pucara Information Security. In his spare time, he is an expert chess player, and he is studying Computer Vision to analyze foosball strategies.
\n
\nAlberto began his journey in cybersecurity in a consulting firm, where he worked with one of the biggest telecommunication companies of the region. He continued as an advisor on the National Cyber-Defence Initiative for the Argentina Armed Forces where he worked on many high-level government programs which required elevated security clearance. He also worked for Immunity, a prominent offensive security firm that serves the financial sector, and large enterprises, where he performed cybersecurity assessments for Forbes 100 companies. In his spare time, he is a retro gaming evangelist, where he applies his hardware-hacking and low-level programming skills on different architectures.
\n
\n\n\n\''); /*!40000 ALTER TABLE `demolabs` ENABLE KEYS */; UNLOCK TABLES; -- -- Table structure for table `events` -- DROP TABLE IF EXISTS `events`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `events` ( `day` varchar(16) COLLATE utf8_unicode_ci NOT NULL, `hour` varchar(2) COLLATE utf8_unicode_ci NOT NULL, `starttime` varchar(6) COLLATE utf8_unicode_ci NOT NULL, `endtime` varchar(6) COLLATE utf8_unicode_ci NOT NULL, `continuation` char(1) COLLATE utf8_unicode_ci NOT NULL, `village` varchar(64) COLLATE utf8_unicode_ci NOT NULL, `track` varchar(90) COLLATE utf8_unicode_ci NOT NULL, `title` varchar(512) COLLATE utf8_unicode_ci NOT NULL, `speaker` varchar(256) COLLATE utf8_unicode_ci NOT NULL, `hash` varchar(64) COLLATE utf8_unicode_ci NOT NULL, `desc` text COLLATE utf8_unicode_ci NOT NULL, `modflag` tinyint(4) DEFAULT NULL, `autoincre` int(11) NOT NULL AUTO_INCREMENT, PRIMARY KEY (`autoincre`), KEY `title` (`title`(255)), KEY `hash` (`hash`) ) ENGINE=InnoDB AUTO_INCREMENT=151444 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `events` -- LOCK TABLES `events` WRITE; /*!40000 ALTER TABLE `events` DISABLE KEYS */; INSERT INTO `events` VALUES ('2_Friday','10','10:00','10:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Panel - \"So It\'s your first DEF CON\" - How to get the most out of DEF CON, What NOT to do.\'','\'DEF CON Goons\'','DC_170ceaa3a494798a00f9c897981a48c3','\'Title: Panel - \"So It\'s your first DEF CON\" - How to get the most out of DEF CON, What NOT to do.
\nWhen: Friday, Aug 12, 10:00 - 10:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\n
SpeakerBio:DEF CON Goons\n
\nNo BIO available
\n\n
\nDescription:
\nPanel - \"So It\'s your first DEF CON\" - How to get the most out of DEF CON, What NOT to do. This talk is a guide to enjoying DEF CON. We hope to talk about how to get the most out of your first con and asnwer questions live from the audience. Feel free to come meet some long time goons, attendees, and DEF CON staff as we discuss how to navigate Las Vegas hotels with 30k hackers surrounding around you.\n
\n\n\'',NULL,148833),('2_Friday','10','10:00','11:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Panel - DEF CON Policy Dept - What is it, and what are we trying to do for hackers in the policy world?\'','\'DEF CON Policy Dept,The Dark Tangent\'','DC_ea89fb4ca41a50d334e732bddad61325','\'Title: Panel - DEF CON Policy Dept - What is it, and what are we trying to do for hackers in the policy world?
\nWhen: Friday, Aug 12, 10:00 - 11:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\nSpeakers:DEF CON Policy Dept,The Dark Tangent
\n
SpeakerBio:DEF CON Policy Dept\n
\nNo BIO available
\n
SpeakerBio:The Dark Tangent\n, DEF CON
\nNo BIO available
\n\n
\nDescription:
\nThe nature of global power has changed. Cybersecurity is national security, economic stability, and public safety. Hackers - and the DEF CON community - sit at the intersection of technology and public policy. Policymakers seek our counsel and many of us have become regulars in policy discussions around the world. The DEF CON Policy Department creates a high-trust, high-collaboration forum unlike any other in the world for hackers and policymakers to come together.\n

Join this session to hear the vision for public policy at DEF CON, including where weâ€™ve been, where we are, and where weâ€™re going - as well as how you can be a part of it. Guest speakers will describe the history of hacking and hackers in public policy and provide a preview of this yearâ€™s sessions.\n

\n\n\'',NULL,148834),('2_Friday','11','10:00','11:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Panel - DEF CON Policy Dept - What is it, and what are we trying to do for hackers in the policy world?\'','\'DEF CON Policy Dept,The Dark Tangent\'','DC_ea89fb4ca41a50d334e732bddad61325','\'\'',NULL,148835),('2_Friday','10','10:00','10:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters\'','\'Cesare Pizzi\'','DC_67163ec0744b791e2eacf720302a6fd7','\'Title: Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters
\nWhen: Friday, Aug 12, 10:00 - 10:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Cesare Pizzi\n, Hacker
\nCesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast at Sorint.lab.\n

He develops software and hardware, and tries to share this with the community. Mainly focused on low level programming, he develops and contributes to OpenSource software (Volatility, OpenCanary, Cetus, etc), sometimes hardware related (to interface some real world devices) sometimes not. Doing a lot of reverse engineering too, so he feels confident in both \"breaking\" and \"building\" (may be more on breaking?).\n

\nTwitter: @red5heep
\n\n
\nDescription:
\nWhy looking into a 30 years old \"malicious\" software make sense in 2022? Because this little \"jewels\", written in a bunch of bytes, reached a level of complexity surprisingly high. With no other reason than pranking people or show off technical knowledge, this software show how much you can do with very limited resources: this is inspiring for us, looking at modern malicious software, looking at how things are done and how the same things could have been done instead.\n
\n\n\'',NULL,148836),('2_Friday','10','10:00','10:20','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Computer Hacks in the Russia-Ukraine War\'','\'Kenneth Geers\'','DC_4dce3e8e42ff98f8b231a59f392e2bc5','\'Title: Computer Hacks in the Russia-Ukraine War
\nWhen: Friday, Aug 12, 10:00 - 10:20 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Kenneth Geers\n, Very Good Security / NATO Cyber Centre / Atlantic Council
\nDr. Kenneth Geers works at Very Good Security. He is an Atlantic Council Cyber Statecraft Initiative Senior Fellow, a NATO Cooperative Cyber Defence Centre of Excellence Ambassador, and a Digital Society Institute-Berlin Affiliate. Kenneth served for twenty years in the US Government: in the Army, National Security Agency (NSA), Naval Criminal Investigative Service (NCIS), and NATO. He was a professor at the Taras Shevchenko National University of Kyiv in Ukraine from 2014-2017. He is the author of \"Strategic Cyber Security\", editor of \"Cyber War in Perspective: Russian Aggression Against Ukraine\", editor of \"The Virtual Battlefield\", and technical expert to the \"Tallinn Manual\".
\nTwitter: @KennethGeers
\n\n
\nDescription:
\nThe Russia-Ukraine war has seen a lot of computer hacking, on both sides, by nations, haxor collectives, and random citizens, to steal, deny, alter, destroy, and amplify information. Satellite comms have gone down. Railway traffic has been stymied. Doxing is a weapon. Fake personas and false flags are expected. Every major platform has had issues with confidentiality, integrity, and availability. Hacked social media and TV have been a hall of mirrors and PSYOP. Russian comms are unreliable, so Ukrainian nets have become honeypots. Hackers have been shot in the kneecaps. Talking heads have called for a RUNET shutdown. The Ukrainian government has appealed for hacker volunteers â€“ just send your expertise, experience, and a reference. The Great Powers are hacking from afar, while defending their own critical infrastructure, including nuclear command-and-control. Ukraine has many hacker allies, while Russian hackers are fleeing their country in record numbers. Some lessons so far: connectivity is stronger than we thought, info ops are stealing the day, drones are the future, and it is always time for the next hack.\n
\n\n\'',NULL,148837),('2_Friday','10','10:30','11:15','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'OopsSec -The bad, the worst and the ugly of APTâ€™s operations security\'','\'Tomer Bar\'','DC_6e071acd2bcef9f30afbf1d297f04ff7','\'Title: OopsSec -The bad, the worst and the ugly of APTâ€™s operations security
\nWhen: Friday, Aug 12, 10:30 - 11:15 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Tomer Bar\n, Director of Security Research at SafeBreach
\nTomer Bar is a hands-on security researcher with ~20 years of unique experience in cyber security. In the past, he ran research groups for the Israeli government and then led the endpoint malware research for Palo Alto Networks. Currently, he leads the SafeBreach Labs as the director of security research.\n

His main interests are Windows vulnerability research, reverse engineering, and APT research.\n

His recent discoveries are the PrintDemon vulnerabilities in the Windows Spooler mechanism which were a candidate in the best privilege escalation of 2021 Pwnie awards and several research studies on Iranian APT campaigns.\n

He is a contributor to the MITRE ATT&CK® framework.\n

He presented his research at BlackHat 2020, Defcon 2020, 2021, and Sector 2020 conferences.\n

\n\n
\nDescription:
\nAdvanced Persistent Threat groups invest in developing their arsenal of exploits and malware to stay below the radar and persist on the target machines for as long as possible. We were curious if the same efforts are invested in the operation security of these campaigns.\nWe started a journey researching active campaigns from the Middle East to the Far East including the Palestinian Authority, Turkey, and Iran, Russia, China, and North Korea. These campaigns were both state-sponsored, surveillance-targeted attacks and large-scale financially-motivated attacks.\nWe analyzed every technology used throughout the attack chain: Windows (Go-lang/.Net/Delphi) and Android malware; both on Windows and Linux-based C2 servers. \nWe found unbelievable mistakes which allow us to discover new advanced TTPs used by attackers, for example: bypassing iCloud two-factor authentication\' and crypto wallet and NFT stealing methods. We were able to join the attackers\' internal groups, view their chats, bank accounts and crypto wallets. In some cases, we were able to take down the entire campaign.\nWe will present our latest breakthroughs from our seven-year mind-game against the sophisticated Infy threat actor who successfully ran a 15-year active campaign using the most secured opSec attack chain we\'ve encountered. We will explain how they improved their opSec over the years and how we recently managed to monitor their activity and could even cause a large-scale misinformation counterattack.\nWe will conclude by explaining how organizations can better defend themselves.\n
\n\n\'',NULL,148838),('2_Friday','11','10:30','11:15','Y','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'OopsSec -The bad, the worst and the ugly of APTâ€™s operations security\'','\'Tomer Bar\'','DC_6e071acd2bcef9f30afbf1d297f04ff7','\'\'',NULL,148839),('2_Friday','11','11:00','11:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks\'','\'Joseph Ravichandran\'','DC_e954e0363c40076f954609e029298d41','\'Title: The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks
\nWhen: Friday, Aug 12, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Joseph Ravichandran\n, First year PhD Student working with Dr. Mengjia Yan at MIT
\nJoseph Ravichandran is a PhD student in computer architecture studying microarchitectural security at MIT. His work includes microarchitectural and memory safety attacks and attack modeling. He plays CTF with SIGPwny. This is his first DEF CON talk.
\nTwitter: @0xjprx
\n\n
\nDescription:
\nWhat do you get when you cross pointer authentication with microarchitectural side channels?\n

The PACMAN attack is a new attack technique that can bruteforce the pointer authentication code (PAC) for an arbitrary kernel pointer without causing any crashes using microarchitectural side channels. We demonstrate the PACMAN attack against the Apple M1 CPU.\n

\n\n\'',NULL,148840),('2_Friday','11','11:00','11:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'The Dark Tangent & Mkfactor - Welcome to DEF CON & The Making of the DEF CON Badge\'','\'Michael Whiteley (Mkfactor),Katie Whiteley (Mkfactor),The Dark Tangent\'','DC_e1dcb053f3ef0e24fc99e379d33ddb5f','\'Title: The Dark Tangent & Mkfactor - Welcome to DEF CON & The Making of the DEF CON Badge
\nWhen: Friday, Aug 12, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\nSpeakers:Michael Whiteley (Mkfactor),Katie Whiteley (Mkfactor),The Dark Tangent
\n
SpeakerBio:Michael Whiteley (Mkfactor)\n
\nNo BIO available
\nTwitter: @compukidmike
\n
SpeakerBio:Katie Whiteley (Mkfactor)\n
\nNo BIO available
\nTwitter: @ktjgeekmom
\n
SpeakerBio:The Dark Tangent\n, DEF CON
\nNo BIO available
\n\n
\nDescription:
\nThe Dark Tangent welcomes you to DEF CON and introduces the DEF CON 30 badge makers Mkfactor, they discuss the labor of love that went into producing the DEF CON 30 Badge.\n
\n\n\'',NULL,148841),('2_Friday','11','11:30','12:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'A Policy Fireside Chat with the National Cyber Director\'','\'Kim Zetter,Chris Inglis\'','DC_5a269d2cd2458087f782071f11c86ea4','\'Title: A Policy Fireside Chat with the National Cyber Director
\nWhen: Friday, Aug 12, 11:30 - 12:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\nSpeakers:Kim Zetter,Chris Inglis
\n
SpeakerBio:Kim Zetter\n
\nNo BIO available
\n
SpeakerBio:Chris Inglis\n, National Cyber Director at the White House
\nNo BIO available
\n\n
\nDescription:No Description available
\n\'',NULL,148842),('2_Friday','12','11:30','12:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'A Policy Fireside Chat with the National Cyber Director\'','\'Kim Zetter,Chris Inglis\'','DC_5a269d2cd2458087f782071f11c86ea4','\'\'',NULL,148843),('2_Friday','11','11:30','11:50','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Running Rootkits Like A Nation-State Hacker\'','\'Omri Misgav\'','DC_72bd982bd5a401d1dc7aae79ec52b20b','\'Title: Running Rootkits Like A Nation-State Hacker
\nWhen: Friday, Aug 12, 11:30 - 11:50 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Omri Misgav\n, CTO, Security Research Group Fortinet
\nOmri has over a decade of experience in cyber-security. He serves as the CTO of a security research group at Fortinet focused on OS internals, malware and vulnerabilities and spearheads development of new offensive and defensive techniques. Prior to Fortinet, Omri was the security research team leader at enSilo. Before that, He led the R&D of unique network and endpoint security products for large-scale enterprise environments and was part of an incident response team, conducting investigations and hunting for nation-state threat actors.
\n\n
\nDescription:
\nCode Integrity is a threat protection feature first introduced by Microsoft over 15 years ago. On x64-based versions of Windows, kernel drivers must be digitally signed and checked each time they are loaded into memory. This is also referred to as Driver Signature Enforcement (DSE).\n \n

The passing year showed high-profile APT groups kept leveraging the well-known tampering technique to disable DSE on runtime. Meanwhile, Microsoft rolled out new mitigations: driver blocklists and Kernel Data Protection (KDP), a new platform security technology for preventing data-oriented attacks.\n \n

Since using blocklist only narrows the attack vector, we focused on how KDP was applied in this case to eliminate the attack surface.\n \n

We found two novel data-based attacks to bypass KDP-protected DSE, one of which is feasible in real-world scenarios. Furthermore, they work on all Windows versions, starting with the first release of DSE. Weâ€™ll present each method and run them on live machines.\n \n

Weâ€™ll discuss why KDP is an ineffective mitigation. As it didnâ€™t raise the bar against DSE tampering, we looked for a different approach to mitigate it. Weâ€™ll talk about how defenders can take a page out of attackersâ€™ playbook to cope with the issue until HVCI becomes prevalent and really eliminates this attack surface.\n

\n\n\'',NULL,148844),('2_Friday','12','12:00','12:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal\'','\'Lennert Wouters\'','DC_6d73120b9fe366fe877cb80d314866c1','\'Title: Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
\nWhen: Friday, Aug 12, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\n
SpeakerBio:Lennert Wouters\n, researcher at imec-COSIC, KU Leuven
\nLennert is a PhD researcher as the Computer Security and Industrial Cryptography (COSIC) research group, an imec research group at the KU Leuven University in Belgium. His research interests include hardware security of connected embedded devices, reverse engineering and physical attacks.
\nTwitter: @LennertWo
\n\n
\nDescription:
\nThis presentation covers the first black-box hardware security evaluation of the SpaceX Starlink User Terminal (UT). The UT uses a custom quad-core Cortex-A53 System-on-Chip that implements verified boot based on the ARM trusted firmware (TF-A) project. The early stage TF-A bootloaders, and in particular the immutable ROM bootloader include custom fault injection countermeasures. Despite the black-box nature of our evaluation we were able to bypass signature verification during execution of the ROM bootloader using voltage fault injection.\n

Using a modified second stage bootloader we could extract the ROM bootloader and eFuse memory. Our analysis demonstrates that the fault model used during countermeasure development does not hold in practice. Our voltage fault injection attack was first performed in a laboratory setting and later implemented as a custom printed circuit board or \'modchip\'. The presented attack results in an unfixable compromise of the Starlink UT and allows us to execute arbitrary code.\n

Obtaining root access on the Starlink UT is a prerequisite to freely explore the Starlink network and the underlying communication interfaces. \nThis presentation will cover an initial exploration of the Starlink network. Other researchers should be able to build on our work to further explore the Starlink ecosystem.\n

\n\n\'',NULL,148845),('2_Friday','12','12:30','13:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Global Challenges, Global Approaches in Cyber Policy\'','\'Gaurav Keerthi,Lily Newman,Pete Cooper\'','DC_a21fc3f96609aba9ded92b9a903c6e2d','\'Title: Global Challenges, Global Approaches in Cyber Policy
\nWhen: Friday, Aug 12, 12:30 - 13:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\nSpeakers:Gaurav Keerthi,Lily Newman,Pete Cooper
\n
SpeakerBio:Gaurav Keerthi\n, Deputy Chief Executive
\nNo BIO available
\n
SpeakerBio:Lily Newman\n, Senior Writer
\nNo BIO available
\n
SpeakerBio:Pete Cooper\n, Deputy Director Cyber Defence
\nNo BIO available
\n\n
\nDescription:
\nWhile each nation and region around the world has unique governance models and concerns, there is a large commonality in our: adversaries, markets, supply chains, vulnerabilities, and connectivity. So each nation and region approaches cyber policy in ways that are unique and ways that are in common with the broader global community. Join this session to hear from national leaders in cyber policy on what makes their distinct practices appropriate for them, and how they work together on the international stage where interests and concerns are aligned.\n
\n\n\'',NULL,148846),('2_Friday','13','12:30','13:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Global Challenges, Global Approaches in Cyber Policy\'','\'Gaurav Keerthi,Lily Newman,Pete Cooper\'','DC_a21fc3f96609aba9ded92b9a903c6e2d','\'\'',NULL,148847),('2_Friday','12','12:00','12:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More\'','\'Kyle Avery\'','DC_6c6c21f0aa6c2c8cfc18475a538d0342','\'Title: Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More
\nWhen: Friday, Aug 12, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Kyle Avery\n, Hacker
\nKyle Avery has been interested in computers for his entire life. Growing up, he and his dad self-hosted game servers and ran their own websites. He focused on offensive security in university and has spent the last few years learning about malware and post-exploitation. Kyle previously worked at Black Hills Information Security as a red teamer, specializing in .NET development. He has since moved to lead an internal red team at H-E-B, where he works to improve the organization\'s security posture through continuous testing of configurations and processes. Before this talk, Kyle hosted BHIS and WWHF webcasts on Covert .NET Tradecraft, Abusing Microsoft Office, and Modern C2 Communications.
\nTwitter: @kyleavery_
\n\n
\nDescription:
\nTired of encoding strings or recompiling to break signatures? Wish you could keep PE-sieve from ripping your malware out of memory? Interested in learning how to do all of this with your existing COTS or private toolsets?\n

For years, reverse engineers and endpoint security software have used memory scanning to locate shellcode and malware implants in Windows memory. These tools rely on IoCs such as signatures and unbacked executable memory. This talk will dive into the various methods in which memory scanners search for these indicators and demonstrate a stable evasion technique for each method. A new position-independent reflective DLL loader, AceLdr, will be released alongside the presentation and features the demonstrated techniques to evade all of the previously described memory scanners. The presenter and their colleagues have used AceLdr on red team operations against mature security programs to avoid detection successfully.\n

This talk will focus on the internals of Pe-sieve, MalMemDetect, Moneta, Volatility malfind, and YARA to understand how they find malware in memory and how malware can be modified to fly under their radar consistently.\n

\n\n\'',NULL,148848),('2_Friday','12','12:00','12:45','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'One Bootloader to Load Them All\'','\'Jesse Michael,Mickey Shkatov\'','DC_7bf6388877a040a39455bdd6a6cbf047','\'Title: One Bootloader to Load Them All
\nWhen: Friday, Aug 12, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\nSpeakers:Jesse Michael,Mickey Shkatov
\n
SpeakerBio:Jesse Michael\n, Hacker
\nJesse Michael - Jesse is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.
\nTwitter: @JesseMichael
\n
SpeakerBio:Mickey Shkatov\n, Hacker
\nMickey has been doing security research for almost a decade, one of specialties is simplifying complex concepts and finding security flaws in unlikely places. He has seen some crazy things and lived to tell about them at security conferences all over the world, his past talks range from web pentesting to black badges and from hacking cars to BIOS firmware.
\nTwitter: @HackingThings
\n\n
\nDescription:
\nIntroduced in 2012, Secure Boot - the OG trust in boot - has become a foundational rock in modern computing and is used by millions of UEFI-enabled computers around the world due to its integration in their BIOS. \nThe way Secure Boot works is simple and effective, by using tightly controlled code signing certificates, OEMs like Microsoft, Lenovo, Dell and others secure their boot process, blocking unsigned code from running during boot. \nBut this model puts its trust in developers developing code without vulnerabilities or backdoors; in this presentation we will discuss past and current flaws in valid bootloaders, including some which misuse built-in features to inadvertently bypass Secure Boot. We will also discuss how in some cases malicious executables can hide from TPM measurements used by BitLocker and remote attestation mechanisms. \nCome join us as we dive deeper and explain how it all works, describe the vulnerabilities we found and walk you through how to use the new exploits and custom tools we created to allow for a consistent bypass for secure boot effective against every X86-64 UEFI platform.\n
\n\n\'',NULL,148849),('2_Friday','13','13:00','13:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Emoji Shellcoding: ðŸ› ï¸, ðŸ§Œ, and ðŸ¤¯\'','\'Georges-Axel Jaloyan,Hadrien Barral\'','DC_374f1ff7a5c0648bff196288c09dd7a0','\'Title: Emoji Shellcoding: ðŸ› ï¸, ðŸ§Œ, and ðŸ¤¯
\nWhen: Friday, Aug 12, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\nSpeakers:Georges-Axel Jaloyan,Hadrien Barral
\n
SpeakerBio:Georges-Axel Jaloyan\n, Hacker
\nGeorges-Axel Jaloyan is an R&D engineer, focusing on formal methods applied to cybersecurity. He enjoys reverse-engineering and formalizing anything he comes by, always for fun and sometimes for profit.
\n
SpeakerBio:Hadrien Barral\n, Hacker
\nHadrien Barral is an R&D engineer and security expert, focusing on intrusion and high-assurance software. He enjoys hacking on exotic hardware.
\n\n
\nDescription:
\nShellcodes are short executable stubs that are used in various attack scenarios, whenever code execution is possible. After quickly recalling what a shellcode is and why designing shellcodes under constraints is an art, we\'ll study a new constraint for which (to the best of our knowledge) no such shellcode was previously known: emoji shellcoding. We\'ll tackle this problem by introducing a new and more generic approach to shellcoding under constraints. Brace yourselves, you\'ll see some black magic weaponizing these cute little emojis ðŸ¥° into merciless exploits ðŸ‘¿.\n
\n\n\'',NULL,148850),('2_Friday','13','13:00','13:20','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Backdooring Pickles: A decade only made things worse\'','\'ColdwaterQ\'','DC_c5e2386d24b82b0ccba83f9d3a36b7f9','\'Title: Backdooring Pickles: A decade only made things worse
\nWhen: Friday, Aug 12, 13:00 - 13:20 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:ColdwaterQ\n, Senior Security Engineer at Nvidia
\nColdwaterQ has always been interested in understanding how things work. This led to a career in the security industry and allowed him to be a part of NVIDIAâ€™s AI Red Team where he works currently. He has attended every DEF CON starting in 2012, even if the last two were only remotely, and has returned this year hoping to help give some of what he learned back to the community.
\nTwitter: @ColdwaterQ
\n\n
\nDescription:
\nEleven years ago, \"Sour Pickles\" was presented by Marco Slaviero. Python docs already said pickles were insecure at that time. But since then, machine learning frameworks started saving models in pickled formats as well. So, I will show how simple it is to add a backdoor into any pickled object using machine learning models as an example. As well as an example of how to securely save a model to prevent malicious code from being injected into it.\n
\n\n\'',NULL,148851),('2_Friday','13','13:00','13:45','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Youâ€™re <strike>Muted</strike>Rooted\'','\'Patrick Wardle\'','DC_05aa551bd3f986a712b9f32e75060374','\'Title: Youâ€™re <strike>Muted</strike>Rooted
\nWhen: Friday, Aug 12, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Patrick Wardle\n, Founder, Objective-See Foundation
\nPatrick Wardle is the creator of the non-profit Objective-See Foundation, author of the â€œThe Art of Mac Malwareâ€ book series, and founder of the â€œObjective by the Seaâ€ macOS Security conference.\n

Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.\n

Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing free open-source security tools to protect Mac users.\n

\nTwitter: @patrickwardle
\n\n
\nDescription:
\nWith a recent market cap of over $100 billion and the genericization of its name, the popularity of Zoom is undeniable. But what about its security? This imperative question is often quite personal, as who amongst us isn\'t jumping on weekly (daily?) Zoom calls? \n

In this talk, weâ€™ll explore Zoomâ€™s macOS application to uncover several critical security flaws. Flaws, that provided a local unprivileged attacker a direct and reliable path to root. \n

The first flaw, presents itself subtly in a core cryptographic validation routine, while the second is due to a nuanced trust issue between Zoomâ€™s client and its privileged helper component.\n

After detailing both root cause analysis and full exploitation of these flaws, weâ€™ll end the talk by showing how such issues could be avoided â€¦both by Zoom, but also in other macOS applications.\n

\n\n\'',NULL,148852),('2_Friday','13','13:30','13:50','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Weaponizing Windows Syscalls as Modern, 32-bit Shellcode\'','\'Tarek Abdelmotaleb,Dr. Bramwell Brizendine\'','DC_949e7430ef618cbadfdf04c8811af290','\'Title: Weaponizing Windows Syscalls as Modern, 32-bit Shellcode
\nWhen: Friday, Aug 12, 13:30 - 13:50 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\nSpeakers:Tarek Abdelmotaleb,Dr. Bramwell Brizendine
\n
SpeakerBio:Tarek Abdelmotaleb\n, Security Researcher, VERONA Labs
\nTarek Abdelmotaleb is a security researcher at VERONA Labs, and he is a graduate student at Dakota State University, who will soon graduate with a MS in Computer Science. Tarek specializes in malware development, software exploitation, reverse engineering, and malware analysis. Tarek recently published an IEEE paper that provides a new way for finding the base address of kernel32, making it possible to do shellcode without needing to make use of walking the Process Environment Block (PEB).
\n
SpeakerBio:Dr. Bramwell Brizendine\n
\nDr. Bramwell Brizendine completed his Ph.D. in Cyber Operations recently, where he did his dissertation on Jump-Oriented Programming, a hitherto, seldom-studied and poorly understood subset of code-reused attacks. Bramwell developed a fully featured tool that helps facilitate JOP exploit development, the JOP ROCKET. Bramwell is the Director of the Vulnerability and Exploitation Research for Offensive and Novel Attacks (VERONA Lab), specializing in vulnerability research, software exploitation, software security assessments, and the development of new, cutting-edge tools and techniques with respect to software exploitation and malware analysis. Bramwell also teaches undergraduate, graduate, and doctoral level courses in software exploitation, reverse engineering, malware analysis, and offensive security. Bramwell teaches the development of modern Windows shellcode from scratch in various courses. Bramwell is a PI on an NSA grant to develop a shellcode analysis framework. Bramwell has been a speaker at many top security conferences, such as DEF CON, Black Hat Asia, Hack in the Box Amsterdam, Hack, and more.
\n\n
\nDescription:
\nWhile much knowledge exists on using syscalls for red team efforts, information on writing original shellcode with syscalls so in modern x86 is sparse and lacking. Our reverse engineering efforts, however, have revealed the necessary steps to take to successfully perform syscalls in shellcode, both for Windows 7 and 10, as there are some significant differences.\n

In this talk, we will embark upon a journey that will show the process of reverse engineering how Windows syscalls work in both Windows 7 and 10, while focusing predominately on the latter. With this necessary foundation, we will explore the process of effectively utilizing syscalls inside shellcode. We will explore the special steps that must be taken to set up syscalls â€“ steps that may not be required to do equivalent actions with WinAPI functions.\n

This talk will feature various demonstrations of syscalls in x86 shellcode.\n

\n\n\'',NULL,148853),('2_Friday','13','13:30','14:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'A Policy Fireside Chat with Jay Healey\'','\'Jason Healey,Fahmida Rashid\'','DC_83c7bc987210b4539ee21335f1dff721','\'Title: A Policy Fireside Chat with Jay Healey
\nWhen: Friday, Aug 12, 13:30 - 14:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\nSpeakers:Jason Healey,Fahmida Rashid
\n
SpeakerBio:Jason Healey\n, Senior Research Scholar
\nNo BIO available
\n
SpeakerBio:Fahmida Rashid\n, Managing Editor of Features
\nNo BIO available
\n\n
\nDescription:
\nIn this fireside chat, Jason Healey (w0nk) will talk about the earliest days of information security and hacking, back in 1970s, where weâ€™ve come since, and the future role of security researchers and hackers. This year is not just the 30th DEF CON but the 50th anniversary of the first realizations that hackers (red teams) will almost always succeed. Jason will reflect on the lessons for information security and hacking and explore if we have any chance of getting blue better than red. Unless we make substantial changes, our kids will be coming to DEF CON 60 without much left of a global, resilient Internet.\n
\n\n\'',NULL,148854),('2_Friday','14','13:30','14:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'A Policy Fireside Chat with Jay Healey\'','\'Jason Healey,Fahmida Rashid\'','DC_83c7bc987210b4539ee21335f1dff721','\'\'',NULL,148855),('2_Friday','14','14:00','14:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Space Jam: Exploring Radio Frequency Attacks in Outer Space\'','\'James Pavur\'','DC_97e5d117f7da5efda14f9dc4def94b5e','\'Title: Space Jam: Exploring Radio Frequency Attacks in Outer Space
\nWhen: Friday, Aug 12, 14:00 - 14:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\n
SpeakerBio:James Pavur\n, Digital Service Expert, Defense Digital Service
\nDr. James Pavur is a Digital Service Expert at the DoD Directorate of Digital Services where he advises and assists the US Department of Defense in implementing modern digital solutions to urgent and novel challenges. Prior to joining DDS, James received his PhD. from Oxford Universityâ€™s Department of Computer Science as a Rhodes Scholar. His thesis â€œSecuring New Space: On Satellite Cybersecurityâ€ focused on the security of modern space platforms - with a particular interest in vulnerability identification and remediation. His previous research on satellite security has been published at top academic venues, such as IEEE S&P and NDSS, presented at major cybersecurity conferences, including Black Hat USA and DEFCON, and covered in the popular press. Outside of tech, James enjoys flying kites and collecting rare and interesting teas.
\nTwitter: @jamespavur
\n\n
\nDescription:
\nSatellite designs are myriad as stars in the sky, but one common denominator across all modern missions is their dependency on long-distance radio links. In this briefing, we will turn a hackerâ€™s eye towards the signals that are the lifeblood of space missions. Weâ€™ll learn how both state and non-state actors can, and have, executed physical-layer attacks on satellite communications systems and what their motivations have been for causing such disruption. \n

Building on this foundation, weâ€™ll present modern evolutions of these attack strategies which can threaten next-generation space missions. From jamming, to spoofing, to signal hijacking, weâ€™ll see how radio links represent a key attack surface for space platforms and how technological developments make these attacks ever more accessible and affordable. Weâ€™ll simulate strategies attackers may use to cause disruption in key space communications links and even model attacks which may undermine critical safety controls involved in rocket launches.\n

The presentation will conclude with a discussion of strategies which can defend against many of these attacks.\n

While this talk includes technical components, it is intended to be accessible to all audiences and does not assume any prior background in radio communications, astrodynamics, or aerospace engineering. The hope is to provide a launchpad for researchers across the security community to contribute to protecting critical infrastructure in space and beyond.\n

\n\n\'',NULL,148856),('2_Friday','14','14:00','14:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Process injection: breaking all macOS security layers with a single vulnerability\'','\'Thijs Alkemade\'','DC_87d94726580426484457256140c86197','\'Title: Process injection: breaking all macOS security layers with a single vulnerability
\nWhen: Friday, Aug 12, 14:00 - 14:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Thijs Alkemade\n, Security Researcher at Computest
\nThijs Alkemade (@xnyhps) works at the security research division of at Computest. This division is responsible for advanced security research on commonly used systems and environments. Thijs has won Pwn2Own twice, by demonstrating a zero-day attack against Zoom at Pwn2Own Vancouver 2021 and by demonstrating multiple exploits in ICS systems at Pwn2Own Miami 2022. In previous research he demonstrated several attacks against the macOS and iOS operating systems. He has a background in both mathematics and computer science, which gives him a lot of experience with cryptography and programming language theory.
\nTwitter: @xnyhps
\n\n
\nDescription:
\nmacOS local security is shifting more and more to the iOS model, where every application is codesigned, sandboxed and needs to ask for permission to access sensitive data. New security layers have been added to make it harder for malware that has gained a foothold to compromise the user\'s most sensitive data. Changing the security model of something as large and established as macOS is a long process, as it requires many existing parts of the system to be re-examined. For example, creating a security boundary between applications running as the same user is a large change from the previous security model.\n

CVE-2021-30873 is a process injection vulnerability we reported to Apple that affected all macOS applications. This was addressed in the macOS Monterey update, but completely fixing this vulnerability requires changes to all third-party applications as well. Apple has even changed the template for new applications in Xcode to assist developers with this.\n

In this talk, we\'ll explain what a process injection vulnerability is and why it can have critical impact on macOS. Then, we\'ll explain the details of this vulnerability, including how to exploit insecure deserialization in macOS. Finally, we will explain how we exploited it to escape the macOS sandbox, elevate our privileges to root and bypass SIP.\n

\n\n\'',NULL,148857),('2_Friday','14','14:00','14:20','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Phreaking 2.0 - Abusing Microsoft Teams Direct Routing\'','\'Moritz Abrell\'','DC_447d79c7fb06214196a7f1df25a777d2','\'Title: Phreaking 2.0 - Abusing Microsoft Teams Direct Routing
\nWhen: Friday, Aug 12, 14:00 - 14:20 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Moritz Abrell\n, SySS GmbH
\nMoritz Abrell is an experienced expert in Voice-over-IP and network technologies with a focus on information security.\n

He works as a senior IT security consultant and penetration tester for the Germany-based pentest company SySS GmbH, where he daily deals with the practical exploitation of vulnerabilities and advises customers on how to fix them.\n

In addition, he regularly publishes his security research in blog posts or presents it at IT security conferences.\n

\nTwitter: @moritz_abrell
\n\n
\nDescription:
\nMicrosoft Teams offers the possibility to integrate your own communication infrastructure, e.g. your own SIP provider for phone services. This requires a Microsoft-certified and -approved Session Border Controller. During the security analysis of this federation, Moritz Abrell identified several vulnerabilities that allow an external, unauthenticated attacker to perform toll fraud.\n

This talk is a summary of this analysis, the identified security issues and the practical exploitation as well as the manufacturer\'s capitulation to the final fix of the vulnerabilities.\n

\n\n\'',NULL,148858),('2_Friday','14','14:30','15:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Leak The Planet: Veritatem cognoscere non pereat mundus\'','\'Xan North,Emma Best\'','DC_5b955ae876a8b08523106d608989e2f5','\'Title: Leak The Planet: Veritatem cognoscere non pereat mundus
\nWhen: Friday, Aug 12, 14:30 - 15:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\nSpeakers:Xan North,Emma Best
\n
SpeakerBio:Xan North\n
\nXan North is a member of Distributed Denial of Secrets, a 501(c)(3) transparency non-profit sometimes referred to as a successor to WikiLeaks which has published leaks from over 50 countries. They have worked extensively in antifascist, anti-racist, and pro-choice activism and previously ran the Jeremy Hammond Support Committee for seven years and provided prisoner support to other associates of Anonymous.
\nTwitter: @brazendyke
\n
SpeakerBio:Emma Best\n
\nEmma Best is the co-founder of Distributed Denial of Secrets, a 501(c)(3) transparency non-profit sometimes referred to as a successor to WikiLeaks which has published leaks from over 50 countries. Previously, she has filed thousands of Freedom of Information Act (FOIA) requests, helped push the Central Intelligence Agency to publish 13 million pages of declassified files online, and written hundreds of articles. More importantly, she\'s the proud mom of two cats, a human and many Pokémon.
\nTwitter: @NatSecGeek
\n\n
\nDescription:
\nAs leaks become more prevalent, they come from an increasing variety of sources: from data that simply isn\'t secured, to insiders, to hacktivists, and even occassional state-actors (both covert and overt). Often treated as a threat, when handled responsibly leaks are a necessary part of the ecosystem of a healthy and free society and economy. In spite of prosecutors\' love of prosecution, the eternal fixation with Fear, Uncertainty and Doubt and DDoSecrets\' apocalyptic motto, leaks won\'t destroy the world - they can only save it.\n

In this presentation, we\'ll discuss the necessity and evolution of leaks, and how various types of leaks and sources can offer different sorts of revelations. We\'ll then explore how we can responsibly handle different types of leaks even during volatile and politically charged situations, as well as past failures.\n

We\'ll also debunk the myth that hacktivism is just a cover for state actors by exploring examples of entities with state ties and how they were identified, as well as how both hacktivists and state actors have been misidentified or mishandled in the past.\n

Finally, we\'ll discuss some of the lessons activists, newsrooms and governments can learn from the last decade, and where we should collectively go from here.\n

\n\n\'',NULL,148859),('2_Friday','15','14:30','15:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Leak The Planet: Veritatem cognoscere non pereat mundus\'','\'Xan North,Emma Best\'','DC_5b955ae876a8b08523106d608989e2f5','\'\'',NULL,148860),('2_Friday','14','14:30','15:15','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Trace me if you can: Bypassing Linux Syscall Tracing\'','\'Rex Guo,Junyuan Zeng\'','DC_27673f8f87ea24a1df133fdb78684e9b','\'Title: Trace me if you can: Bypassing Linux Syscall Tracing
\nWhen: Friday, Aug 12, 14:30 - 15:15 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\nSpeakers:Rex Guo,Junyuan Zeng
\n
SpeakerBio:Rex Guo\n, Principal Engineer
\nRex Guo works as a Principal Engineer at Lacework where he leads data-driven cloud security product development, detection efficacy roadmap and research on new attack vectors in the cloud. Previously, he was the Head of Research at Confluera where he led the research and development of the cloud XDR product which offers real-time attack narratives. Before that, he was an Engineering Manager at Cisco Tetration where his team bootstrapped the cloud workload protection product deployed on millions of workloads. Before that, Rex worked at Intel Security and Qualcomm. In these positions, he worked on application security, infrastructure security, malware analysis, and mobile/IoT security. Most notably, he led the Intel team to secure millions of iPhones which had Intel cellular modems inside. He has presented at Blackhat and Defcon multiple times. He has 30+ patents and publications. He received a PhD from New York University.
\nTwitter: @Xiaofei_REX
\n
SpeakerBio:Junyuan Zeng\n, Senior Software Engineer, Linkedin.com\n
\nJunyuan Zeng is Senior Software Engineer at Linkedin. Before Linkedin, he was Staff Security Architect at JD.com where he designed and architected container security monitoring solutions. Before that he was Staff Software Engineer for mobile payment security at Samsung and a security researcher at FireEye where he worked on mobile malware analysis. He has spoken multiple times at Blackhat and Defcon. He has published in ACM CCS, USENIX ATC, and other top academic conferences. He obtained his PhD in Computer Science from The University of Texas at Dallas.
\n\n
\nDescription:
\nIn this talk, we will present novel vulnerabilities and exploitation techniques that reliably bypass Linux syscall tracing. A user mode program does not need any special privileges or capabilities to reliably avoid system call tracing detections by exploiting these vulnerabilities. The exploits work even when seccomp, SELinux, and AppArmor are enforced.\n

Advanced security monitoring solutions on Linux VMs and containers offer system call monitoring to effectively detect attack behaviors. Linux system calls can be monitored by kernel tracing technologies such as tracepoint, kprobe, ptrace, etc. These technologies intercept system calls at different places in the system call execution. These monitoring solutions can be deployed on cloud compute instances such as AWS EC2, Fargate, EKS, and the corresponding services from other cloud providers.\n

We comprehensively analyzed the Time-of-check-to-time-of-use (TOCTOU) issues in the Linux kernel syscall tracing framework and showed that these issues can be reliably exploited to bypass syscall tracing. Our exploits manipulate different system interactions that can impact the execution time of a syscall. We demonstrated that significant syscall execution delays can be introduced to make TOCTOU bypass reliable even when seccomp, SELinux, and AppArmor are enforced. Compared to the phantom attacks in DEFCON 29, the new exploit primitives we use do not require precise timing control or synchronization. \n

We will demonstrate our bypass for Falco on Linux VMs/containers and GKE. We will also demonstrate bypass for pdig on AWS Fargate. In addition, we will demonstrate exploitation techniques for syscall enter and explain the reason why certain configurations are difficult to reliably exploit. Finally, we will summarize exploitable TOCTOU scenarios and discuss potential mitigations in various cloud computing environments.\n

\n\n\'',NULL,148861),('2_Friday','15','14:30','15:15','Y','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Trace me if you can: Bypassing Linux Syscall Tracing\'','\'Rex Guo,Junyuan Zeng\'','DC_27673f8f87ea24a1df133fdb78684e9b','\'\'',NULL,148862),('2_Friday','15','15:00','15:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtekâ€™s SDK for eCos OS.\'','\'Octavio Gianatiempo,Octavio Galland\'','DC_3b0f675dc44e376405113b9a74e248ac','\'Title: Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtekâ€™s SDK for eCos OS.
\nWhen: Friday, Aug 12, 15:00 - 15:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\nSpeakers:Octavio Gianatiempo,Octavio Galland
\n
SpeakerBio:Octavio Gianatiempo\n, Security Researcher at Faraday
\nOctavio Gianatiempo is a Security Researcher at Faraday and a Computer Science student at the University of Buenos Aires. He\'s also a biologist with research experience in molecular biology and neuroscience. The necessity of analyzing complex biological data was his point of entry into programming. But he wanted to achieve a deeper understanding of how computers work, so he enrolled in Computer Science. An entry-level CTF introduced him to the world of computer security, and there he won his first ticket to a security conference. This event was a point of no return, after which he began taking classes on computer architecture and organization and operating systems to deepen his low-level knowledge. As a Security Researcher at Faraday, he focuses on reverse engineering and fuzzing open and closed source software to find new vulnerabilities and exploit them.
\nTwitter: @ogianatiempo
\n
SpeakerBio:Octavio Galland\n, Security Researcher at Faraday
\nOctavio Galland is a computer science student at Universidad de Buenos Aires and a security researcher at Faraday. His main topics of interest include taking part in CTFs, fuzzing open-source software and binary reverse engineering/exploitation (mostly on x86/amd64 and MIPS).
\nTwitter: @GallandOctavio
\n\n
\nDescription:
\nIn this presentation, we go over the main challenges we faced during our analysis of the top selling router in a local eCommerce, and how we found a zero-click remote unauthenticated RCE vulnerability. We will do a walkthrough on how we located the root cause of this vulnerability and found that it was ingrained in Realtekâ€™s implementation of a networking functionality in its SDK for eCos devices. \n

We then present the method we used to automate the detection of this vulnerability in other firmware images. We reflect on the fact that on most routers this functionality is not even documented and canâ€™t be disabled via the routerâ€™s web interface. We take this as an example of the hidden attack surface that lurks in OEM internet-connected devices.\n

We conclude by discussing why this vulnerability hasnâ€™t been reported yet, despite being easy to spot (having no prior IoT experience), widespread (affecting multiple devices from different vendors), and critical.\n

Our research highlights the poor state of firmware security, where vulnerable code introduced down the supply chain might never get reviewed and end up having a great impact, evidencing that security is not a priority for the vendors and opening the possibility for attackers to find high impact bugs with low investment and little prior knowledge.\n

\n\n\'',NULL,148863),('2_Friday','15','15:00','15:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'LSASS Shtinkering: Abusing Windows Error Reporting to Dump LSASS\'','\'Asaf Gilboa,Ron Ben Yitzhak\'','DC_1e17c8726f5781f4b24ec817a3b6209c','\'Title: LSASS Shtinkering: Abusing Windows Error Reporting to Dump LSASS
\nWhen: Friday, Aug 12, 15:00 - 15:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\nSpeakers:Asaf Gilboa,Ron Ben Yitzhak
\n
SpeakerBio:Asaf Gilboa\n, Security Researcher, Deep Instinct
\nAsaf and Ron are Security Researchers at Deep Instinct where they both work on developing new defense capabilities based on research and understanding and novel attack techniques and vectors. After serving for several years in the advanced technological cyber units of the IDF, Asaf and Ron gained experience in the multiple aspects of technical cyber-security work including forensics, incident response, development, reverse engineering and malware research.
\n
SpeakerBio:Ron Ben Yitzhak\n
\nAsaf Gilboa and Ron Ben Yitzhak\n

Asaf and Ron are Security Researchers at Deep Instinct where they both work on developing new defense capabilities based on research and understanding and novel attack techniques and vectors. After serving for several years in the advanced technological cyber units of the IDF, Asaf and Ron gained experience in the multiple aspects of technical cyber-security work including forensics, incident response, development, reverse engineering and malware research. \n

\n\n
\nDescription:
\nThis presentation will show a new method of dumping LSASS that bypasses current EDR defenses without using a vulnerability but by abusing a built-in mechanism in the Windows environment which is the WER (Windows Error Reporting) service. \n

WER is a built-in system in Windows designed to gather information about software crashes. One of its main features is producing a memory dump of crashing user-mode processes for further analysis.\n

We will present in detail and demo a new attack vector for dumping LSASS, which we dubbed LSASS Shtinkering, by manually reporting an exception to WER on the LSASS process without crashing it. The technique can also be used to dump the memory of any other process of interest on the system.\n

This attack can bypass defenses that wrongfully assume that a memory dump generated from the WER service is always a benign or non-attacker triggered activity.\n

The talk will take the audience through the steps and approach of how we reverse-engineered the WER dumping process, the challenges we found along the way, as well as how we have managed to solve them.\n

\n\n\'',NULL,148864),('2_Friday','15','15:30','16:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'How Russia is trying to block Tor\'','\'Roger Dingledine\'','DC_8241edf988dacc38324ae26321ff36c5','\'Title: How Russia is trying to block Tor
\nWhen: Friday, Aug 12, 15:30 - 16:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\n
SpeakerBio:Roger Dingledine\n, The Tor Project
\nRoger Dingledine is president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online.\n

Wearing one hat, Roger works with journalists and activists on many continents to help them understand and defend against the threats they face. Wearing another, he is a lead researcher in the online anonymity field, coordinating and mentoring academic researchers working on Tor-related topics. Since 2002 he has helped organize the yearly international Privacy Enhancing Technologies Symposium (PETS).\n

Among his achievements, Roger was chosen by the MIT Technology Review as one of its top 35 innovators under 35, he co-authored the Tor design paper that won the Usenix Security \"Test of Time\" award, and he has been recognized by Foreign Policy magazine as one of its top 100 global thinkers.\n

\nTwitter: @RogerDingledine
\n\n
\nDescription:
\nIn December 2021, some ISPs in Russia started blocking Tor\'s website,\nalong with protocol-level (DPI) and network-level (IP address) blocking to\ntry to make it harder for people in Russia to reach the Tor network. Some\nmonths later, we\'re now at a steady-state where they are trying to find\nnew IP addresses to block and we\'re rotating IP addresses to keep up.\n

In this talk I\'ll walk through what steps the Russian censors have taken,\nand how we reverse engineered their attempts and changed our strategies\nand our software. Then we\'ll discuss where the arms race goes from here,\nwhat new techniques the anti-censorship world needs if we\'re going to\nstay ahead of future attacks, and what it means for the world that more\nand more countries are turning to network-level blocking as the solution\nto their political problems.\n

\n\n\'',NULL,148865),('2_Friday','16','15:30','16:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'How Russia is trying to block Tor\'','\'Roger Dingledine\'','DC_8241edf988dacc38324ae26321ff36c5','\'\'',NULL,148866),('2_Friday','15','15:30','16:15','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling\'','\'James Kettle\'','DC_cf02786f300149a77e43fda3db433df5','\'Title: Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
\nWhen: Friday, Aug 12, 15:30 - 16:15 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:James Kettle\n, Director of Research, PortSwigger
\nJames \'albinowax\' Kettle is the Director of Research at PortSwigger - he\'s best known for his HTTP Desync Attacks research, which popularized HTTP Request Smuggling. James has extensive experience cultivating novel attack techniques, including web cache poisoning, HTTP/2 desync attacks, Server-Side Template Injection, and password reset poisoning. James is also the author of multiple popular open-source tools including Param Miner, Turbo Intruder, and HTTP Request Smuggler. He is a frequent speaker at numerous prestigious venues including both Black Hat USA and EU, OWASP AppSec USA and EU, and DEF CON.
\nTwitter: @albinowax
\n\n
\nDescription:
\nThe recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessible systems with a reverse proxy front-end... until now.\n

In this session, I\'ll show you how to turn your victim\'s web browser into a desync delivery platform, shifting the request smuggling frontier by exposing single-server websites and internal networks. You\'ll learn how to combine cross-domain requests with server flaws to poison browser connection pools, install backdoors, and release desync worms. With these techniques I\'ll compromise targets including Apache, Akamai, Varnish, Amazon, and multiple web VPNs.\n

While some classic desync gadgets can be adapted, other scenarios force extreme innovation. To help, I\'ll share a battle-tested methodology combining browser features and custom open-source tooling. We\'ll also release free online labs to help hone your new skillset.\n

I\'ll also share the research journey, uncovering a strategy for black-box analysis that solved several long-standing desync obstacles and unveiled an extremely effective novel desync trigger. The resulting fallout will encompass client-side, server-side, and even MITM attacks; to wrap up, I\'ll live-demo breaking HTTPS on Apache.\n

\n\n\'',NULL,148867),('2_Friday','16','15:30','16:15','Y','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling\'','\'James Kettle\'','DC_cf02786f300149a77e43fda3db433df5','\'\'',NULL,148868),('2_Friday','16','16:00','16:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Hacking ISPs with Point-to-Pwn Protocol over Ethernet (PPPoE)\'','\'Gal Zror\'','DC_ace331d9844bd7fbbb0fe7e02da232d6','\'Title: Hacking ISPs with Point-to-Pwn Protocol over Ethernet (PPPoE)
\nWhen: Friday, Aug 12, 16:00 - 16:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\n
SpeakerBio:Gal Zror\n, Vulnerability Research Manager at CyberArk Labs
\nGal Zror (@waveburst) acts as the vulnerability research manager in CyberArk labs. Gal has over 12 years of experience in vulnerability research and he specializes in embedded systems and protocols. Besides research, he is also an amateur boxer and a tiki culture enthusiastic.
\nTwitter: @waveburst
\n\n
\nDescription:
\nHello, my name is BWL-X8620, and I\'m a SOHO router. For many years my fellow SOHO routers and I were victims of endless abuse by hackers. Default credentials, command injections, file uploading - you name it. And it is all just because we\'re WAN-facing devices. Just because our ISP leaves our web server internet-facing makes hackers think it\'s okay to attack and make us zombies. But today, I say NO MORE! \n

In this talk, I will show that if a web client can attack a web server, then an ISP client can attack the ISP servers!\nI will reveal a hidden attack surface and vulnerabilities in popular network equipment used by ISPs worldwide to connect end-users to the internet. \nBRAS devices are not that different from us SOHO routers. No one is infallible. But, BRAS devices can support up to 256,000 subscribers, and exploiting them can cause a ruckus. Code executing can lead to a total ISP compromise, mass client DNS poisoning, end-points RCE, and more!\n

This talk will present a high severity logical DOS vulnerability in a telecommunications vendor implementation of PPPoE and a critical RCE vulnerability in PPP. That means we, the SOHO routers, can attack and execute code on the ISP\'s that connect us to the internet!\n

Today we are fighting back!\n

\n\n\'',NULL,148869),('2_Friday','16','16:00','16:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Wireless Keystroke Injection (WKI) via Bluetooth Low Energy (BLE)\'','\'Jose Pico,Fernando Perera\'','DC_778018f0b2f7ca3c1c9b4029cac6a6c2','\'Title: Wireless Keystroke Injection (WKI) via Bluetooth Low Energy (BLE)
\nWhen: Friday, Aug 12, 16:00 - 16:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\nSpeakers:Jose Pico,Fernando Perera
\n
SpeakerBio:Jose Pico\n, Founder at LAYAKK
\nJose Pico is co-founder and senior security analyst in LAYAKK. Apart from carrying out red team activities and product security evaluations, he is a researcher in wireless communications security. In this field he has published books, articles and research in the form of talks in top events, both in Spain and worldwide. He is also an appointed member of the Ad hoc Working Group on the candidate European Union 5G Cybersecurity Certification Scheme (EU5G AHWG).
\n
SpeakerBio:Fernando Perera\n, Security Analyst at LAYAKK
\nFernando Perera has been a Security Engineer at LAYAKK for 5 years, where he collaborates on RedTeam projects, development of security tools and software analysis. He has previously presented at RootedCON Satelite VLC 2016 and 2019, among other security events.
\n\n
\nDescription:
\n\"We present a Microsoft Windows vulnerability that allows a remote attacker to impersonate a Bluetooth Low Energy (BLE) keyboard and perform Wireless Key Injection (WKI) on its behalf. It can occur after a legitimate BLE keyboard automatically closes its connection because of inactivity. In that situation, an attacker can impersonate it and wirelessly send keys. \nIn this talk we will demonstrate the attack live and we will explain the theoretical basis behind it and the process that led us to discover the vulnerability. We will also release the tool that allows to reproduce the attack and we will detail how to use it.\"\n
\n\n\'',NULL,148870),('2_Friday','16','16:30','17:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'The Internetâ€™s role in sanctions enforcement: Russia/Ukraine and the future\'','\'Bill Woodcock\'','DC_ba47916c81bb4b53d681169ab54cc37c','\'Title: The Internetâ€™s role in sanctions enforcement: Russia/Ukraine and the future
\nWhen: Friday, Aug 12, 16:30 - 17:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\n
SpeakerBio:Bill Woodcock\n, Executive Director
\nNo BIO available
\n\n
\nDescription:
\nAs Russia invaded Ukraine in February of this year, the Ukrainian government sent requests to ICANN and RIPE to have Russia removed from the Internet. Those requests were refused, but engendered a lively debate on the role of Internet operators and the Internet governance system in sanctioning bad actors, on the Internet and in the world. This talk will introduce how governmental and intergovernmental sanctions are defined and enacted, and discuss the Internet communityâ€™s reaction to past attempts to engage the Internet in sanctions enforcement, the current conflict, and what the Internet community is doing in this area to prepare for future conflicts.\n
\n\n\'',NULL,148871),('2_Friday','17','16:30','17:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'The Internetâ€™s role in sanctions enforcement: Russia/Ukraine and the future\'','\'Bill Woodcock\'','DC_ba47916c81bb4b53d681169ab54cc37c','\'\'',NULL,148872),('2_Friday','16','16:30','17:15','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'A dead manâ€™s full-yet-responsible-disclosure system\'','\'Yolan Romailler\'','DC_8446af463370ff8014a320a0f941ea02','\'Title: A dead manâ€™s full-yet-responsible-disclosure system
\nWhen: Friday, Aug 12, 16:30 - 17:15 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Yolan Romailler\n, Applied Cryptographer
\nYolan is an applied cryptographer delving into (and mostly dwelling on) cryptography, secure coding, and other fun things. He has previously spoken at Black Hat USA, BSidesLV, Cryptovillage, NorthSec, GopherConEU and DEF CON on topics including automation in cryptography, public keys vulnerabilities, elliptic curves, post-quantum cryptography, functional encryption, open source security, and more! He notably introduced the first practical fault attack against the EdDSA signature scheme, and orchestrated the full-disclosure with code of the CurveBall vulnerability.
\n\n
\nDescription:
\nDo you ever worry about responsible disclosure because they could instead exploit the time-to-patch to find you and remove you from the equation? Dead man switches exist for a reason... \n

In this talk we present a new form of vulnerability disclosure relying on timelock encryption of content: where you encrypt a message that cannot be decrypted until a given (future) time. This notion of timelock encryption first surfaced on the Cypherpunks mailing list in 1993 by the crypto-anarchist founder, Tim May, and to date while there have been numerous attempts to tackle it, none have been deployed at scale, nor made available to be used in any useful way.\n This changes today: weâ€™re releasing a free, open-source tool that achieves this goal with proper security guarantees. We rely on threshold cryptography and decentralization of trust to exploit the existing League of Entropy (that is running a distributed, public, verifiable randomness beacon network) in order to do so. We will first cover what all of these means, we will then see how these building blocks allow us to deploy a responsible disclosure system that guarantees that your report will be fully disclosed after the time-to-patch has elapsed. This system works without any further input from you, unlike the usual Twitter SHA256 commitments to a file on your computer.\n

\n\n\'',NULL,148873),('2_Friday','17','16:30','17:15','Y','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'A dead manâ€™s full-yet-responsible-disclosure system\'','\'Yolan Romailler\'','DC_8446af463370ff8014a320a0f941ea02','\'\'',NULL,148874),('2_Friday','17','17:00','17:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Hunting Bugs in The Tropics\'','\'Daniel Jensen\'','DC_306986756a76e45c9c5e21619e66a03c','\'Title: Hunting Bugs in The Tropics
\nWhen: Friday, Aug 12, 17:00 - 17:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\n
SpeakerBio:Daniel Jensen\n
\nDaniel (aka dozer) works as a security consultant at a large cybersecurity company. He has been a professional penetration tester for several years, and has discovered numerous vulnerabilities in a wide range of software. He currently lives in New Zealand, and his favourite animal is the goose.
\nTwitter: @dozernz
\n\n
\nDescription:
\nAruba Networks makes networking products for the enterprise. I make enterprise products run arbitrary code.\n

Over the past couple of years, I\'ve been hunting for vulnerabilities in some of Aruba\'s on-premise networking products and have had a bountiful harvest. A curated (read: patched) selection of these will be presented for your enjoyment. Pre-auth vulnerabilities and interesting bug chains abound, as well as a few unexpected attack surfaces and a frequently overlooked bug class.\n

This talk will explore some of the vulnerabilities I\'ve found in various products in the Aruba range, and include details of their exploitation. I\'ll elaborate on how I found these bugs, detailing my workflow for breaking open virtual appliances and searching for vulnerabilities in them.\n

\n\n\'',NULL,148875),('2_Friday','17','17:00','17:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Let\'s Dance in the Cache - Destabilizing Hash Table on Microsoft IIS\'','\'Orange Tsai\'','DC_ccf81f03414fa3bb701ae503cefbc4ed','\'Title: Let\'s Dance in the Cache - Destabilizing Hash Table on Microsoft IIS
\nWhen: Friday, Aug 12, 17:00 - 17:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Orange Tsai\n, Principal Security Researcher of DEVCORE
\nCheng-Da Tsai, aka Orange Tsai, is the principal security researcher of DEVCORE and the core member of CHROOT security group in Taiwan. He is also the champion and got the \"Master of Pwn\" title in Pwn2Own 2021. In addition, Orange has spoken at several top conferences such as Black Hat USA/ASIA, DEF CON, HITCON, HITB GSEC/AMS, CODE BLUE, POC, and WooYun!\n

Currently, Orange is a 0day researcher focusing on web/application security. His research got not only the Pwnie Awards winner for \"Best Server-Side Bug\" of 2019/2021 but also 1st place in \"Top 10 Web Hacking Techniques\" of 2017/2018. Orange also enjoys bug bounties in his free time. He is enthusiastic about the RCE bugs and uncovered RCEs in numerous vendors such as Twitter, Facebook, Uber, Apple, GitHub, Amazon, etc. You can find him on Twitter @orange_8361 and blog http://blog.orange.tw/\n

\nTwitter: @orange_8361
\n\n
\nDescription:
\nHash Table, as the most fundamental Data Structure in Computer Science, is extensively applied in Software Architecture to store data in an associative manner. However, its architecture makes it prone to Collision Attacks. To deal with this problem, 25 years ago, Microsoft designed its own Dynamic Hashing algorithm and applied it everywhere in IIS, the Web Server from Microsoft, to serve various data from HTTP Stack. As Hash Table is everywhere, isn\'t the design from Microsoft worth scrutinizing?\n

We dive into IIS internals through months of Reverse-Engineering efforts to examine both the Hash Table implementation and the use of Hash Table algorithms. Several types of attacks are proposed and uncovered in our research, including (1) A specially designed Zero-Hash Flooding Attack against Microsoft\'s self-implemented algorithm. (2) A Cache Poisoning Attack based on the inconsistency between Hash-Keys. (3) An unusual Authentication Bypass based on a hash collision.\n

By understanding this talk, the audience won\'t be surprised why we can destabilize the Hash Table easily. The audience will also learn how we explore the IIS internals and will be surprised by our results. These results could not only make a default installed IIS Server hang with 100% CPU but also modify arbitrary HTTP responses through crafted HTTP request. Moreover, we\'ll demonstrate how we bypass the authentication requirement with a single, crafted password by colliding the identity cache!\n

\n\n\'',NULL,148876),('2_Friday','17','17:30','17:50','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Deanonymization of TOR HTTP hidden services\'','\'Ionut Cernica\'','DC_dc34810e3ec1335a2dd6f66c69431e16','\'Title: Deanonymization of TOR HTTP hidden services
\nWhen: Friday, Aug 12, 17:30 - 17:50 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Ionut Cernica\n, PHD Student Department of Computer Science, Faculty of Automatic Control and Computer Science, University Politehnica of Bucharest
\nIonut Cernica started his security career with the bug bounty program from Facebook. His passion for security led him to get involved in dozens of such programs and he found problems in very large companies such as Google, Microsoft, Yahoo, AT&T, eBay, VMware. He has also been testing web application security for 9 years and has had many projects on the penetration testing side.\n

Another stage of his career was to get involved in security contests and participated in more than 100 such contests. He also reached important finals such as Codegate, Trend Micro and Defcon with the PwnThyBytes team. He also won several individual competitions, including the mini CTF from the first edition of Appsec village - Defcon village.\n

Now he is doing research in the field of web application security, being also a PhD student at University Polytechnic of Bucharest. Through his research he wants to innovate in the field and to bring a new layer of security to web applications.\n

\nTwitter: @CernicaIonut
\n\n
\nDescription:
\nAnonymity networks such as Tor are used to protect the identity of people or services. Several deanonymization techniques have been described over time. Some of them attacked the protocol, others exploited various configuration issues. Through this presentation I will focus on deanonymization techniques of the http services of such networks by exploiting configuration issues.\n

In the first part of the presentation, I will present deanonymization techniques on TOR which are public, and I will also present the techniques developed by me and the interesting story of how I came to develop them.\n

In the last part of my presentation, I will do a demo with the exploitation of http hidden services in TOR and I will present each technique separately. I will also present how one of the techniques can be used successfully not only in the TOR network, but also on the internet in order to obtain information about the server that will help you discover other services.\n

\n\n\'',NULL,148877),('2_Friday','17','17:30','18:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Walk This Way: What Run D.M.C. and Aerosmith Can Teach Us About the Future of Cybersecurity\'','\'Jen Easterly,The Dark Tangent\'','DC_ff3d68b9d37c26b3346640d5fbc0ff0c','\'Title: Walk This Way: What Run D.M.C. and Aerosmith Can Teach Us About the Future of Cybersecurity
\nWhen: Friday, Aug 12, 17:30 - 18:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\nSpeakers:Jen Easterly,The Dark Tangent
\n
SpeakerBio:Jen Easterly\n, Director
\nNo BIO available
\n
SpeakerBio:The Dark Tangent\n, DEF CON
\nNo BIO available
\n\n
\nDescription:
\nThe year was 1986 and the arena rock of the 1970s was coming to a whimpering end, while rap had not quite gained a mainstream foothold. The unlikely collaboration between Aerosmith and Run D.M.C. changed the course of music forever, reinvigorating the relevance of rock while bringing rap to the forefront of prominence. This collaboration, unexpected, and by some accounts uncomfortable, paved the way for the future of music and celebrated the genius of innovation of partnership. The cybersecurity community has much to learn from this example of partnership for the better. \n \n

Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), and Jeff Moss, founder and President of DefCon Communications, will discuss the importance of partnership between the Federal Government and the hacker community. The growing partnership through CISAâ€™s recently established Cybersecurity Advisory Committee and the work of the technical advisory council could have the same effect on our future shared cybersecurity posture to truly raise our shared cyber defense. Through this Council, researchers, academics, and technologists are working together with government to evolve how to understand new vulnerabilities, how to identify and encourage adoption of strong security controls, and how to use increasing volumes of security data to derive actionable insights that can be shared across the broader community. #walkthisway\n

\n\n\'',NULL,148878),('2_Friday','18','17:30','18:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Walk This Way: What Run D.M.C. and Aerosmith Can Teach Us About the Future of Cybersecurity\'','\'Jen Easterly,The Dark Tangent\'','DC_ff3d68b9d37c26b3346640d5fbc0ff0c','\'\'',NULL,148879),('2_Friday','18','18:00','18:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Killer Hertz\'','\'Chris Rock\'','DC_0fe5fe31b63785645d6a9dbb04502aa2','\'Title: Killer Hertz
\nWhen: Friday, Aug 12, 18:00 - 18:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\n
SpeakerBio:Chris Rock\n, Hacker
\nChris Rock is a Cyber Mercenary who has worked in the Middle East, US and Asia for the last 30 years working for both government and private organizations. Ë‡He is the Chief Information Security Officer and co-founder of SIEMonster.\n

Chris is an Information Security researcher who specializes on vulnerabilities in global systems. He presented at the largest hacking conference in the world, I Will Kill You? at DEFCON 23 in Las Vegas. Where he detailed how hackers could create fake people and kill them using vulnerabilities in the Birth and Death Registration systems around the world. Chris also presented How to Overthrow a Government? at DEFCON 24, working with the coup mercenary Simon Mann.\n

Chris is also the author of the Baby Harvest, a book based on criminals and terrorists using virtual babies and fake deaths for financing. He has also been invited to speak at TED global.\n

\nTwitter: @chrisrockhacker
\n\n
\nDescription:
\nGovernments and the private sector around the world spend billions of dollars on Electronic Counter Measures (ECMs) which include jamming technologies. These jammers are used by police departments to disrupt criminal communication operations as well as in prisons to disrupt prisoners using smuggled in cell phones. The military use jammers to disrupt radar communications, prevent remote IEDs from triggering and radio communications. The private sector use jammers to disrupt espionage in the board room and to protect VIPS from RC-IEDs.\n \n

What if there was a way of communicating that was immune to jammers without knowing the point of origin. A way of communicating at short to medium distances, an Electronic Counter Countermeasure ECCM to the jammer.\n \n

Using a custom-built Tx/Rx, I will use the earthâ€™s crust to generate a H-field Near Field Communication (NFC) channel spanning 1-11km away in the sub 9 kHz range to communicate encrypted messages in a jammed environment.\n

\n\n\'',NULL,148880),('2_Friday','18','18:30','18:50','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Dragon Tails: Supply-side Security and International Vulnerability Disclosure Law\'','\'Trey Herr,Stewart Scott\'','DC_1efa848ddd63c653e6cf2c338baabefb','\'Title: Dragon Tails: Supply-side Security and International Vulnerability Disclosure Law
\nWhen: Friday, Aug 12, 18:30 - 18:50 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\nSpeakers:Trey Herr,Stewart Scott
\n
SpeakerBio:Trey Herr\n, Director
\nTrey Herr is the director of the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council. His team works on cybersecurity and geopolitics including cloud computing, the security of the internet, supply chain policy, cyber effects on the battlefield, and growing a more capable cybersecurity policy workforce. Previously, he was a senior security strategist with Microsoft handling cloud computing and supply chain security policy as well as a fellow with the Belfer Cybersecurity Project at Harvard Kennedy School and a non-resident fellow with the Hoover Institution at Stanford University. He holds a PhD in Political Science and BS in Musical Theatre and Political Science.
\n
SpeakerBio:Stewart Scott\n, Assistant Director
\nStewart Scott is an assistant director with the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council. His work there focuses on systems security policy, including software supply chain risk management, federal acquisitions processes, and open source software security. He holds a BA in Public Policy and a minor in Applications of Computing from Princeton University.
\n\n
\nDescription:
\nThis talk will present a study of the reliance of proprietary and open source software on Chinese vulnerability research. A difficult political environment for Chinese security researchers became acute when a law requiring vulnerability disclosure to government and banning it to all others but the affected vendor took effect in Sept. 2021. No public evaluation of this law\'s impact has yet been made. This talk will present results of a quantitative analysis on the changing proportion of Chinese-based disclosures to major software products from Google, Microsoft, Apple, and VMWare alongside several major open source packages. The analysis will measure change over time in response to evolving Chinese legislation, significant divergence from data on the allocation of bug bounty rewards, and notable trends in the kinds of disclosed vulnerabilities. The Chinese research communityâ€™s prowess is well known, from exploits at the Tianfu Cup to preeminent enterprise labs like Qihoo 360. However, the recent law aiming to give the Chinese government early access to the communityâ€™s discoveriesâ€”and the governmentâ€™s apparent willingness to enforce it even on high-profile corporations as seen in its punishment of Alibabaâ€”demand more thorough scrutiny. This talk will address implications for policy and the wider hacker community.\n
\n\n\'',NULL,148881),('2_Friday','18','18:00','18:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Pulling Passwords out of Configuration Manager: Practical Attacks against Microsoft\'s Endpoint Management Software\'','\'Christopher Panayi\'','DC_4bae4033f4dcfb869eb241f4e905009c','\'Title: Pulling Passwords out of Configuration Manager: Practical Attacks against Microsoft\'s Endpoint Management Software
\nWhen: Friday, Aug 12, 18:00 - 18:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Christopher Panayi\n, Chief Research Officer, MWR CyberSec
\nChristopher is the Chief Research Officer at MWR CyberSec (https://mwrcybersec.com), having previously led cyber-defense, red team, and targeted attack simulation (TAS) engagements for several years, as well as having designed and help run the in-house training programme for security consultants at MWR. As part of this work, a major focus area for him had been understanding attack techniques impacting Active Directory (AD); this led to publications such as: a discussion of practical ways to perform pass-the-hash attacks (https://labs.f-secure.com/blog/pth-attacks-against-ntlm-authenticated-web-applications/) and a discussion of the previous gold standard in AD security, the red forest, and why it did not meet its goal of making environments more secure in many cases (https://www.f-secure.com/content/dam/press/ja/media-library/reports/F-Secure%20Whitepaper%20-%20Tending%20To%20the%20Red%20Forest%20(English).pdf). His interest in how things work at a deep technical level - and desire to develop an understanding of how to use this information to compromise and secure systems and environments - has led him to his current focus, investigating and understanding Microsoft Endpoint Configuration Manager, how it interacts with AD, and how to abuse its configuration to attack enterprise environments.
\nTwitter: @Raiona_ZA
\n\n
\nDescription:
\nSystem Center Configuration Manager, now Microsoft Endpoint Configuration Manager (MECM), is a software management product that has been widely adopted by large organizations to deploy, update, and manage software; it is commonly responsible for the deployment and management of the majority of server and workstation machines in enterprise Windows environments.\n

This talk will provide an outline of how MECM is used to deploy machines into enterprise environments (typically through network booting, although it supports various Operating System deployment techniques), and will explore attacks that allow Active Directory credentials to be extracted from this process. The common MECM misconfigurations leading to these attacks will be detailed and, in so doing, the talk will aim to show how to identify and exploit these misconfigurations and how to defend against these attacks. Each viable attack will be discussed in depth (mostly by discussing the protocols and architecture in use, but sometimes by diving into relevant code, if necessary) so that the context of how and why the attack works will be understood. These concepts will be illustrated through the demo and release of a tool that allows for the extraction of credentials from several of the onsite deployment techniques that MECM supports.\n

\n\n\'',NULL,148882),('2_Friday','18','18:00','18:45','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware\'','\'Jay Lagorio\'','DC_8132a2a23c4410ca8522fc1c60877f04','\'Title: Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware
\nWhen: Friday, Aug 12, 18:00 - 18:45 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Jay Lagorio\n, Independent Security Researcher
\nJay Lagorio, a software engineer and independent security researcher, has been building computers and networks and finding ways to break them nearly his entire life. Being a nerd that likes to dig too far into things spilled over into the real world and he accidentally became a licensed private investigator. Releaser of the occasional tool or writeup on Github, he wishes he had enough time to do all the hacker things and crush griefers in GTA Online every day. He received a B.S. in Computer Science from UMBC and an M. Eng. from the Naval Postgraduate School.
\nTwitter: @jaylagorio
\n\n
\nDescription:
\nHow do you go bug hunting in devices you own when the manufacturer has slapped some pesky encryption scheme on the firmware? Starting from an encrypted blob of bits and getting to executable code is hard and can be even more frustrating when you already know the bug is there, you just want to see it! Join me on my expedition to access the contents of my Zyxel firewall\'s firmware using password and hash cracking, hardware and software reverse engineering, and duct taping puzzle pieces together. We\'ll start with a device and a firmware blob, flail helplessly at the crypto, tear apart the hardware, reverse engineer the software and emulate the platform, and finally identify the decryption routine â€“ ultimately breaking the protection used by the entire product line to decrypt whatever firmware version we want.\n
\n\n\'',NULL,148883),('3_Saturday','10','10:00','11:15','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Brazil Redux: Short Circuiting Tech-Enabled Dystopia with The Right to Repair\'','\'Kyle Wiens,Corynne McSherry,Louis Rossmann,Paul Roberts,Joe Grand\'','DC_e9c936be0b617a64b2a337a66659a9ea','\'Title: Brazil Redux: Short Circuiting Tech-Enabled Dystopia with The Right to Repair
\nWhen: Saturday, Aug 13, 10:00 - 11:15 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\nSpeakers:Kyle Wiens,Corynne McSherry,Louis Rossmann,Paul Roberts,Joe Grand
\n
SpeakerBio:Kyle Wiens\n, CEO, iFixit
\nKyle Wiens is the cofounder and CEO of iFixit, an online repair community and parts retailer internationally renowned for its open source repair manuals and product teardowns.
\nTwitter: @kwiens
\n
SpeakerBio:Corynne McSherry\n, Legal Director, Electronic Frontier Foundation
\nCorynne McSherry is the Legal Director at EFF, specializing in intellectual property, open access, and free speech issues.
\nTwitter: @cmcsherr
\n
SpeakerBio:Louis Rossmann\n, Founder, Rossmanngroup.com
\nLouis Rossmann is the owner of Rossmann Repair Group, a computer repair shop established in 2007 that specializes in repair of MacBooks, iPhones and other electronic devices. Louisâ€™s YouTube channel, with more than 1.7 million subscribers, documents repairs as and dispenses advice and opinions on the right to repair.
\nTwitter: @rossmannsupply
\n
SpeakerBio:Paul Roberts\n, Founder, SecuRepairs.org, Editor in Chief, The Security Ledger
\nPaul Roberts is the publisher and Editor in Chief of The Security Ledger (securityledger.com), and the founder of SecuRepairs.org, an organization of more than 200 information security professionals who support a right to repair.
\n
SpeakerBio:Joe Grand\n, Founder and CEO, Grand Idea Studios
\nJoe Grand is a product designer, hardware hacker, and the founder of Grand Idea Studio, Inc. He specializes in creating, exploring, manipulating, and teaching about electronic devices.
\nTwitter: @joegrand
\n\n
\nDescription:
\nTerry Gilliamâ€™s 1985 cult film Brazil posits a polluted, hyper-consumerist and totalitarian dystopia in which a renegade heating engineer, Archibald Tuttle, takes great risks to conduct repairs outside of the stifling and inefficient bureaucracy of â€œCentral Services.â€ When Tuttleâ€™s rogue repairs are detected, Central Services workers demolish and seize repaired systems under the pretext of â€œfixingâ€ them. Itâ€™s dark. It\'s also not so far off from our present reality in which device makers use always-on Internet connections, DRM and expansive copyright and IP claims to sustain â€œCentral Servicesâ€-like monopolies on the service and repair of appliances, agricultural and medical equipment, personal electronics and more. The net effect of this is a less- not more secure ecosystem of connected things that burdens consumers, businesses and the planet. Our panel of repair and cybersecurity experts will delve into how OEMsâ€™ anti-repair arguments trumpet cybersecurity risks, while strangling independent repair and dissembling about the abysmal state of embedded device security. Weâ€™ll also examine how the emergent â€œright to repairâ€ movement aims to dismantle this emerging â€œBrazilâ€ style dystopia and lay the foundation for a â€œcircularâ€ economy that reduces waste while also ensuring better security and privacy protections for technology users.\n
\n\n\'',NULL,148884),('3_Saturday','11','10:00','11:15','Y','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Brazil Redux: Short Circuiting Tech-Enabled Dystopia with The Right to Repair\'','\'Kyle Wiens,Corynne McSherry,Louis Rossmann,Paul Roberts,Joe Grand\'','DC_e9c936be0b617a64b2a337a66659a9ea','\'\'',NULL,148885),('3_Saturday','10','10:00','10:45','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Literal Self-Pwning: Why Patients - and Their Advocates - Should Be Encouraged to Hack, Improve, and Mod Med Tech\'','\'Cory Doctorow,Christian \"quaddi\" Dameff MD,Jeff â€œr3plicantâ€ Tully MD\'','DC_3c91e44799dcc828e49cc00800f9c611','\'Title: Literal Self-Pwning: Why Patients - and Their Advocates - Should Be Encouraged to Hack, Improve, and Mod Med Tech
\nWhen: Saturday, Aug 13, 10:00 - 10:45 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\nSpeakers:Cory Doctorow,Christian \"quaddi\" Dameff MD,Jeff â€œr3plicantâ€ Tully MD
\n
SpeakerBio:Cory Doctorow\n, Science fiction author, activist and journalist
\nCory Doctorow (craphound.com) is a science fiction author, activist and journalist. He is the author of many books, most recently RADICALIZED and WALKAWAY, science fiction for adults, IN REAL LIFE, a graphic novel; INFORMATION DOESNâ€™T WANT TO BE FREE, a book about earning a living in the Internet age, and HOMELAND, a YA sequel to LITTLE BROTHER. His next book is ATTACK SURFACE.
\nTwitter: @doctorow
\n
SpeakerBio:Christian \"quaddi\" Dameff MD\n, Emergency Medicine Physician & Hacker at The University of California San Diego
\nChristian (quaddi) Dameff MD is an Assistant Professor of Emergency Medicine, Biomedical Informatics, and Computer Science (Affiliate) at the University of California San Diego. He is also a hacker, former open capture the flag champion, and prior DEF CON/RSA/Blackhat/HIMSS speaker. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works. Published security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his eighteenth DEF CON.
\nTwitter: @CDameffMD
\n
SpeakerBio:Jeff â€œr3plicantâ€ Tully MD\n, Anesthesiologist at The University of California San Diego
\nJeff (r3plicant) Tully is a security researcher with an interest in understanding the ever-growing intersections between healthcare and technology. His day job focuses primarily on the delivery of oxygen to tissues.
\nTwitter: @JeffTullyMD
\n\n
\nDescription:
\nWhat do Apple, John Deere and Wahl Shavers have in common with med-tech companies? They all insist that if you were able to mod their \nstuff, you would kill yourself and/or someone else... and they\'ve all demonstrated, time and again, that they are unfit to have the final\n say over how the tools you depend on should work. As right to repair and other interoperability movements gain prominence, med-tech wants\n us to think that it\'s too life-or-death for modding. We think that med-tech is too life-or-death NOT to to be open, accountable and \nconfigurable by the people who depend on it. Hear two hacker doctors and a tech activist talk about who\'s on the right side of history \nand how the people on the wrong side of history are trying to turn you into a walking inkjet printer, locked into an app store.\n
\n\n\'',NULL,148886),('3_Saturday','10','10:00','10:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All\'','\'Jonathan Leitschuh\'','DC_b7c2d6ceabc5c254a0d4a96ed9e35df7','\'Title: Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All
\nWhen: Saturday, Aug 13, 10:00 - 10:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Jonathan Leitschuh\n, OSS Security Researcher - Dan Kaminsky Fellowship @ HUMAN Security
\nJonathan Leitschuh is a Software Engineer and Software Security Researcher. He is the first ever Dan Kaminsky Fellow. Jonathan is best known for his July 2019 bombshell Zoom 0-day vulnerability disclosure. He is amongst the top OSS researchers on GitHub by advisory credit. Heâ€™s both a GitHub Star and a GitHub Security Ambassador. In 2019 he championed an industry-wide initiative to get all major artifact servers in the JVM ecosystem to formally decommission the support of HTTP in favor of HTTPS only. In his free time he loves rock climbing, surfing, and sailing his Hobie catamaran.\n

This work is sponsored by the new Dan Kaminsky Fellowship which celebrates Danâ€™s memory and legacy by funding OSS work that makes the world a better (and more secure) place.\n

\nTwitter: @JLLeitschuh
\n\n
\nDescription:
\nHundreds of thousands of human hours are invested every year in finding common security vulnerabilities with relatively simple fixes. These vulnerabilities arenâ€™t sexy, cool, or new, weâ€™ve known about them for years, but theyâ€™re everywhere!\n

The scale of GitHub & tools like CodeQL (GitHub\'s code query language) enable one to scan for vulnerabilities across hundreds of thousands of OSS projects, but the challenge is how to scale the triaging, reporting, and fixing. Simply automating the creation of thousands of bug reports by itself isnâ€™t useful, & would be even more of a burden on volunteer maintainers of OSS projects. Ideally the maintainers would be provided with not only information about the vulnerability, but also a fix in the form of an easily actionable pull request.\n

When facing a problem of this scale, what is the most efficient way to leverage researcher knowledge to fix the most vulnerabilities across OSS? This talk will cover a highly scalable solution - automated bulk pull request generation. Weâ€™ll discuss the practical applications of this technique on real world OSS projects. Weâ€™ll also cover technologies like CodeQL & OpenRewrite (a style-preserving refactoring tool created at Netflix & now developed by Moderne). Letâ€™s not just talk about vulnerabilities, letâ€™s actually fix them at scale.\n

\n\n\'',NULL,148887),('3_Saturday','11','11:00','11:45','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'How To Get MUMPS Thirty Years Later (or, Hacking The Government via FOIA\'d Code)\'','\'Zachary Minneker\'','DC_b883ece66eb0692517f824fbe5a63a66','\'Title: How To Get MUMPS Thirty Years Later (or, Hacking The Government via FOIA\'d Code)
\nWhen: Saturday, Aug 13, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Zachary Minneker\n, Senior Security Engineer, Security Innovation
\nZachary Minneker is a senior security engineer and security researcher at Security Innovation. His first computer was a PowerPC Macintosh, an ISA which he continues to defend to this day. At Security Innovation, he has performed security assessments on a variety of systems, including robots for kids, audio transcription codecs, and electronic medical systems. He has previous experience administrating electronic medical systems, and deep experience in fuzzing, reverse engineering, and protocol analysis. His research has focused on techniques for in-memory fuzzing, IPC methods, and vulnerability discovery in electronic medical record systems and health care protocols. In his free time he works on music and synthesizers.
\nTwitter: @seiranib
\n\n
\nDescription:
\nIn the 60s, engineers working in a lab at Massachusettes General Hospital in Boston invented a programming environment for use in medical contexts. This is before C, before the Unix epoch, before the concept of an electronic medical records system even existed. But if you have medical records in the US, or if you\'ve banked in the US, its likely that this language has touched your data. Since the 1960s, this language has been used in everything from EMRs to core banking to general database needs, and even is contained in apt to this day.\n

This is the Massachusettes General Hospital Utility Multi-Programming System. This is MUMPS.\n

This talk covers new research into common open-source MUMPS implementations, starting with an application that relies on MUMPS: the Department of Veterans Affairs\' VistA EMR. Weâ€™ll cover a short history of VistA before diving into its guts and examining MUMPS, the language that VistA was written in. Then we\'ll talk about 30 memory bugs discovered while fuzzing open source MUMPS implementations before returning to VistA to cover critical vulnerabilities found in credential handling and login mechanisms. We\'ll close by taking a step back and asking questions about how we even got here in the first place, the right moves we made, and what we can do better.\n

\n\n\'',NULL,148888),('3_Saturday','11','11:00','11:45','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'My First Hack Was in 1958 (Then A Career in Rockâ€™nâ€™Roll Taught Me About Security)\'','\'Winn Schwartau\'','DC_113cc830c3c464e4804b6360b6122a95','\'Title: My First Hack Was in 1958 (Then A Career in Rockâ€™nâ€™Roll Taught Me About Security)
\nWhen: Saturday, Aug 13, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\n
SpeakerBio:Winn Schwartau\n, Security Thinker Since 1983
\nâ€œAfter talking to Winn for an hour and a half, youâ€™re like, what the f*** just happened? - Bob Todrank\n

Winn has lived Cybersecurity since 1983, and now says, â€œI think, maybe, Iâ€™m starting to understand it.â€\nSince 1988, his predictions about security have been scarily spot on. He coined â€œElectronic Pearl Harborâ€ while testifying before Congress in 1991 and prognosticated a future with massive surveillance, loss of personal privacy, nation-state hacking, cyberwar and cyber-terrorism. He was named the â€œCivilian Architect of Information Warfare,â€ by Admiral Tyrrell of the British MoD.\n

His latest book, â€œAnalogue Network Securityâ€ is a math and time-based, probabilistic approach to security with designs â€œfix security and the internet. It will twist your mind.\n

Fellow, Royal Society of the Arts
\nDistinguished Fellow: Ponemon Institute\nIntâ€™l Security Hall of Fame: ISSA
\nTop 20 industry pioneers: SC Magazine
\nTop 25 Most Influential: Security Magazine\nTop 5 Security Thinkers: SC Magazine
\nPower Thinker (and one of 50 most powerful people) Network World\nTop Rated (4.85/5) RSA Speaker
\nTop Rated ISC2: 4.56
\n.001% Top Influencer RSAC 2019\n

Author: Information Warfare, CyberShock, Internet & Computer Ethics for Kids, Time Based Security, Pearl Harbor Dot Com (Die Hard IV)\nFounder: www.TheSecurityAwarenessCompany.Com\nProducer: Hackers Are People Too\n

\nTwitter: @WinnSchwartau
\n\n
\nDescription:
\nMy first hack was in 1958, and it was all my motherâ€™s fault. Or perhaps I should also blame my father. They were both engineers and I got their DNA. As a kid I hacked phonesâ€¦ cuz, well, phones were expensive! (Cardboard was an important hacking tool.) At age 6 I made a decent living cuz I could fix tube TVs. True!\n \n

In roughly 1970 (thanks to NYU) we moved on to hacking Hollerith (punch) cards to avoid paying for telephone and our utilities, and of course, shenanigans.\n \n

As a recording studio designer and builder, we dumpster dived for technology from AT&T. We never threw anything out and learned how to repurpose and abuse tech from the 1940s.\n \n

As a rockâ€™nâ€™roll engineer, I learned to live with constant systems epic failures. Anything that could break would break: before a live TV event or a massive concert. Talk about lessons in Disaster Recovery and Incident Response.\n \n

This talk, chock full of pictures and stories from the past, covers my hacking path as a kid then as a necessary part of survival in the entertainment industry. 1958-1981.\n \n

Come on down for the ride and see how 64 years of lessons learned can give you an entirely different view of Hacking and how and why I have embraced failure for both of my careers!\n

\n\n\'',NULL,148889),('3_Saturday','11','11:00','11:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'No-Code Malware: Windows 11 At Your Service\'','\'Michael Bargury\'','DC_ad0ca65b9a7c92415a1ae00ce7f51328','\'Title: No-Code Malware: Windows 11 At Your Service
\nWhen: Saturday, Aug 13, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Michael Bargury\n, Co-Founder and CTO, Zenity.io
\nMichael Bargury is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past, he headed security product efforts at Azure focused on IoT, APIs and IaC. Michael is passionate about all things related to cloud, SaaS and low-code security, and spends his time finding ways they could go wrong. He also leads the OWASP low-code security project and writes about it on DarkReading.
\nTwitter: @mbrg0
\n\n
\nDescription:
\nWindows 11 ships with a nifty feature called Power Automate, which lets users automate mundane processes. In a nutshell, Users can build custom processes and hand them to Microsoft, which in turn ensures they are distributed to all user machines or Office cloud, executed successfully and reports back to the cloud. You can probably already see where this is going..\nIn this presentation, we will show how Power Automate can be repurposed to power malware operations. We will demonstrate the full cycle of distributing payloads, bypassing perimeter controls, executing them on victim machines and exfiltrating data. All while using nothing but Windows baked-in and signed executables, and Office cloud services.\nWe will then take you behind the scenes and explore how this service works, what attack surface it exposes on the machine and in the cloud, and how it is enabled by-default and can be used without explicit user consent. We will also point out a few promising future research directions for the community to pursue.\nFinally, we will share an open-source command line tool to easily accomplish all of the above, so you will be able to add it into your Red Team arsenal and try out your own ideas.\n
\n\n\'',NULL,148890),('3_Saturday','11','11:30','12:15','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Reversing the Original Xbox Live Protocols\'','\'Tristan Miller\'','DC_6e830c392820f61e0596ac1d21758e6d','\'Title: Reversing the Original Xbox Live Protocols
\nWhen: Saturday, Aug 13, 11:30 - 12:15 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\n
SpeakerBio:Tristan Miller\n, Hacker
\nmonocasa has over a decade of industry experience as an engineer in related sub-fields such as firmware development, binary reversing, cloud based device and identity management, and custom tunneling of IP.
\n\n
\nDescription:
\nXbox Live for original Xbox systems launched on November 15, 2002 and was subsequently discontinued on April 15, 2010. The first half of this talk will be an infromation dense overview of the gritty details of how the underlying protocols work and intermixing a retrospective of two decades of how the industry has approached IOT and network security. The second half of the talk will use that base to discuss the architecture of drop in replacement server infrastructure, how the speaker approaches the ethics of third party support for non-updatable abandoned networked devices, and culminating in a demo.\n
\n\n\'',NULL,148891),('3_Saturday','12','11:30','12:15','Y','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Reversing the Original Xbox Live Protocols\'','\'Tristan Miller\'','DC_6e830c392820f61e0596ac1d21758e6d','\'\'',NULL,148892),('3_Saturday','12','12:00','12:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'All Roads leads to GKE\'s Host : 4+ Ways to Escape\'','\'Billy Jheng,Muhammad ALifa Ramdhan\'','DC_7b0ff57985f0fede1e2109a124bb1cee','\'Title: All Roads leads to GKE\'s Host : 4+ Ways to Escape
\nWhen: Saturday, Aug 13, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\nSpeakers:Billy Jheng,Muhammad ALifa Ramdhan
\n
SpeakerBio:Billy Jheng\n, Security Researcher at STAR Labs
\nBilly Jheng is a information security researcher at STAR Labs, focusing on Hypervisor and Linux Kernel vulnerability research and exploitation, a member of the Balsn CTF team.\n

He participated in Pwn2Own 2021 Vancouver & Austin and was a speaker at conferences HITCON.\n

\nTwitter: @st424204
\n
SpeakerBio:Muhammad ALifa Ramdhan\n, Security Researcher at STAR Labs
\nMuhammad Ramdhan is a security researcher at STAR Labs, currently interested on Linux Kernel, Hypervisor or Container vulnerability research and exploitation. He is also a CTF enthusiast who is currently a member of CTF team SuperGuesser focusing on binary exploitation problems.
\nTwitter: @n0psledbyte
\n\n
\nDescription:
\nContainer security is a prevalent topic in security research. Due to the great design and long-term effort, containers have been more and more secure. Usage of container technology is increasingly being used. Container security is a topic that has started to be discussed a lot lately.\n

In late 2021, Google increased the vulnerability reward program in kCTF infrastructure, which was built on top of Kubernetes and Google Container Optimized OS, with a minimum reward of $31,337 per submission.\n

In this talk, we will share about how we managed to have 4 successful submissions on kCTF VRP by exploiting four Linux kernel bugs to perform container escape on kCTF cluster, we will explain some interesting kernel exploit techniques and tricks that can be used to bypass the latest security mitigation in Linux kernel. We will also share what we did wrong that causes us to nearly lose 1 of the bounty.\n

As of writing, there are 14 successful entries to kCTF. In this presentation, we are willing to share our full, in-depth details on the research of kCTF.\n

To the best of our knowledge, this presentation will be the first to talk about a complete methodology to pwn kCTF (find and exploit bugs within 0-day and 1-day) in public.\n

\n\n\'',NULL,148893),('3_Saturday','12','12:00','12:20','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'The Evil PLC Attack: Weaponizing PLCs\'','\'Sharon Brizinov\'','DC_88ef67946c32b7f8e1977c5ea794ce82','\'Title: The Evil PLC Attack: Weaponizing PLCs
\nWhen: Saturday, Aug 13, 12:00 - 12:20 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Sharon Brizinov\n, Vulnerability Research Team Lead @ Claroty
\nSharon Brizinov leads the vulnerability research at Claroty. Brizinov specializes in vulnerability research, malware analysis, network forensics, and ICS/SCADA security. In addition, Brizinov participated in well-known hacking competitions such as Pwn2Own (2020, 2022), and he holds a DEFCON black-badge for winning the ICS CTF (DEFCON 27).
\n\n
\nDescription:
\nThese days, Programmable Logic Controllers (PLC) in an industrial network are a critical attack target, with more exploits being identified every day. But what if the PLC wasnâ€™t the prey, but the predator? This presentation demonstrates a novel TTP called the \"Evil PLC Attack\", where a PLC is weaponized in a way that when an engineer is trying to configure or troubleshoot it, the engineerâ€™s machine gets compromised.\n

We will describe how engineers diagnose PLC issues, write code, and transfer bytecode to PLCs for execution with industrial processes in any number of critical sectors, including electric, water and wastewater, heavy industry, and automotive manufacturing. Then we will describe how we conceptualized, developed, and implemented different techniques to weaponize a PLC in order to achieve code execution on an engineerâ€™s machine. \n

The research resulted in working PoCs against ICS market leaders which fixed all the reported vulnerabilities and remediated the attack vector. Such vendors include Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO and more.\n

\n\n\'',NULL,148894),('3_Saturday','12','12:00','12:20','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Tracking Military Ghost Helicopters over our Nation\'s Capital\'','\'Andrew Logan\'','DC_0fd59641c52431e73086b05576140e80','\'Title: Tracking Military Ghost Helicopters over our Nation\'s Capital
\nWhen: Saturday, Aug 13, 12:00 - 12:20 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\n
SpeakerBio:Andrew Logan\n
\nAndrew Logan is an audio engineer, videographer and DJ based in Washington, D.C. He is an aerospace and radio nerd, and a fierce defender of the First Amendment.
\nTwitter: @HelicoptersofDC
\n\n
\nDescription:
\nThere\'s a running joke around Washington D.C. that the \"State Bird\" is the helicopter. Yet 96% of helicopter noise complaints from 2018-2021 went unattributed: D.C. Residents can not tell a news helicopter from a black hawk. Flight tracking sites remove flights as a paid service to aircraft owners and government agencies; even in the best case these sites do not receive tracking information from most military helicopters due to a Code of Federal Regulations exemption for \"sensitive government mission for national defense, homeland security, intelligence or law enforcement.\" This makes an enormous amount of helicopter flights untraceable even for the FAA and leaves residents in the dark.\n

What if we could help residents identify helicopters? What if we could crowd source helicopter tracking? What if we could collect images to identify helicopters using computer vision? What if we could make aircraft radio as accessible as reading a map? What if we could make spotting helicopters a game that appeals to the competitive spirit of Washingtonians? And what if we could do all of this... on Twitter?\n

\n\n\'',NULL,148895),('3_Saturday','12','12:30','13:15','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Analyzing PIPEDREAM: Challenges in testing an ICS attack toolkit.\'','\'Jimmy Wylie\'','DC_f2df4ed8e657356642a8b4fe1971c55a','\'Title: Analyzing PIPEDREAM: Challenges in testing an ICS attack toolkit.
\nWhen: Saturday, Aug 13, 12:30 - 13:15 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Jimmy Wylie\n, Principal Malware Analyst II , Dragos, Inc.
\nJimmy Wylie is a Principal Malware Analyst at Dragos, Inc. who spends his days (and nights) searching for and analyzing threats to critical infrastructure. He was the lead analyst on PIPEDREAM, the first ICS attack \"utility belt\", TRISIS, the first malware to target a safety instrumented system, and analysis of historical artifacts of the CRASHOVERRIDE attack, the first attack featuring malware specifically tailored to disrupt breakers and switchgear in an electric transmission substation.\n

Jimmy has worked for various DoD contractors, leveraging a variety of skills against national level adversaries, including network analysis, dead disk and memory forensics, and software development for detection and analysis of malware. After leaving the DoD contracting world, he joined Focal Point Academy, where he developed and taught malware analysis courses to civilian and military professionals across the country. In his off-time, Jimmy enjoys learning about operating systems internals, playing pool, cheap beer, and good whiskey.\n

\nTwitter: @mayahustle
\n\n
\nDescription:
\nIdentified early in 2022, PIPEDREAM is the seventh-known ICS-specific\nmalware and the fifth malware specifically developed to disrupt\nindustrial processes. PIPEDREAM demonstrates significant adversary\nresearch and development focused on the disruption, degradation, and\npotentially, the destruction of industrial environments and physical\nprocesses. PIPEDREAM can impact a wide variety of PLCs including Omron\nand Schneider Electric controllers. PIPEDREAM can also execute attacks\nthat take advantage of ubiquitous industrial protocols, including\nCODESYS, Modbus, FINS, and OPC-UA.\n

This presentation will summarize the malware, and detail the\ndifficulties encountered during the reverse engineering and analysis\nof the malware to include acquiring equipment and setting up our\nlab. This talk will also release the latest results from Drago\'s lab\nincluding an assessment of the breadth of impact of PIPEDREAM\'s\nCODESYS modules on equipment beyond Schneider Electric\'s PLCs, testing\nOmron servo manipulation, as well as OPC-UA server manipulation.\nWhile a background in ICS is helpful to understand this talk, it is\nnot required. The audience will learn about what challenges they can\nexpect to encounter when testing ICS malware and how to overcome them.\n

\n\n\'',NULL,148896),('3_Saturday','13','12:30','13:15','Y','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Analyzing PIPEDREAM: Challenges in testing an ICS attack toolkit.\'','\'Jimmy Wylie\'','DC_f2df4ed8e657356642a8b4fe1971c55a','\'\'',NULL,148897),('3_Saturday','12','12:30','12:50','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'The hitchhackerâ€™s guide to iPhone Lightning & JTAG hacking\'','\'stacksmashing\'','DC_42826498b2d634d4f540350b3dd0e2d4','\'Title: The hitchhackerâ€™s guide to iPhone Lightning & JTAG hacking
\nWhen: Saturday, Aug 13, 12:30 - 12:50 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\n
SpeakerBio:stacksmashing\n, Hacker
\nstacksmashing is a security researcher with a focus on embedded devices: From hacking payment terminals, crypto-wallets, secure processors or Apple AirTags, he loves to explore embedded & IoT security. On his YouTube channel he attempts to make reverse-engineering & hardware hacking more accessible. He is known for trying to hack everything for under $5, which is probably related to him living in the stingiest part of Germany.
\nTwitter: @ghidraninja
\n\n
\nDescription:
\nAppleâ€™s Lightning connector was introduced almost 10 years ago - and\nunder the hood it can be used for much more than just charging an\niPhone: Using a proprietary protocol it can also be configured to give\naccess to a serial-console and even expose the JTAG pins of the\napplication processor! So far these hidden debugging features have not\nbeen very accessible, and could only be accessed using expensive and\ndifficult to acquire \"Kanzi\" and \"Bonobo\" cables. In this talk we\nintroduce the cheap and open-source \"Tamarin Cable\", bringing\nLightning exploration to the masses!\n

In this talk we are diving deep into the weeds of Apple Lightning:\nWhatâ€™s â€œTristarâ€, â€œHydraâ€ and â€œHiFiveâ€? Whatâ€™s SDQ and IDBUS? And how\ndoes it all fit together?\n

We show how you can analyze Lightning communications, what different\ntypes of cables (such as DCSD, Kanzi & co) communicate with the\niPhone, and how everything works on the hardware level.\n

We then show how we developed the â€œTamarin Cableâ€: An open-source,\nsuper cheap (~$5 and a sacrificed cable) Lightning explorer that\nsupports sending custom IDBUS & SDQ commands, can access the iPhoneâ€™s\nserial-console, and even provides a full JTAG/SWD probe able to debug\niPhones.\n

We also show how we fuzzed Lightning to uncover new commands, and\nreverse engineer some Lightning details hidden in iOS itself.\n

\n\n\'',NULL,148898),('3_Saturday','12','12:30','13:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'UFOs, Alien Life, and the Least Untruthful Things I Can Say.\'','\'Richard Thieme\'','DC_299d46aa1a7dca61d0eb6e7cbfc93091','\'Title: UFOs, Alien Life, and the Least Untruthful Things I Can Say.
\nWhen: Saturday, Aug 13, 12:30 - 13:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\n
SpeakerBio:Richard Thieme\n, ThiemeWorks
\nRichard Thieme is an author/professional speaker who addresses â€œthe human in the machine,â€ technology-related security and intelligence issues as they come home to our humanity. He has published hundreds of articles, dozens of stories, seven books, and delivered hundreds of speeches, including for NSA, FBI, the Secret Service, etc. He spoke in 2021 at Def Con for the 25th year and has keynoted security conferences in 15 countries. His latest book about an intelligence professional, \"Mobius: A Memoir,\" is a novel receiving over-the-top reviews.
\nTwitter: @neuralcowboy
\n\n
\nDescription:
\nI have explored the subject of UFOs seriously and in depth and detail for 44 years. I have worked with some of the best and brightest in the \"invisible college\" to do academic research and reach conclusions based on the evidence. I contributed to the celebrated history, \"UFOs and Government: A Historical Inquiry,\" the gold standard for historical research into the subject now in over 100 university libraries. This talk more than updates the latest government statements on the subject--it is the most complete, honest, and forthright presentation I can make. I will tell the most truth I can, based on data and evidence. As an NSA analyst told me, \"Richard, they are here. They\'re here.\"\n
\n\n\'',NULL,148899),('3_Saturday','13','12:30','13:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'UFOs, Alien Life, and the Least Untruthful Things I Can Say.\'','\'Richard Thieme\'','DC_299d46aa1a7dca61d0eb6e7cbfc93091','\'\'',NULL,148900),('3_Saturday','13','13:00','13:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Chromebook Breakout: Escaping Jail, with your friends, using a Pico Ducky\'','\'Jimi Allee\'','DC_b90fa0602dee4fda59c54a9566782b38','\'Title: Chromebook Breakout: Escaping Jail, with your friends, using a Pico Ducky
\nWhen: Saturday, Aug 13, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\n
SpeakerBio:Jimi Allee\n, CEO @ Lost Rabbit Labs
\nWith 30 years in the Information Security industry, Jimi Allee has successfully navigated through many roles within the Infosec landscape, including Network/System/Security Engineering, Threat Intel/Risk Analysis, Offensive Security, Red/Blue/Purple Teaming as well as Research & Development. A former member of the US National Video Game Team, Jimiâ€™s passionate curiosity brings a gamer mentality to the world of Threat Research, Detection and Elimination. Jimi is currently the CEO of Lost Rabbit Labs, a Full-Spectrum Cybersecurity Services company that specializes in Collaborative Penetration Testing and Assessments.
\nTwitter: @jimi2x303
\n\n
\nDescription:
\nLearn how we used our Pico Ducky to escape Chromebook jail, rescue our friends along the way, and have some fun Living Off the Land! Leveraging a discovered (but previously disclosed) Command Injection vulnerability in the ChromeOS crosh shell, we rabbithole into the internal ChromeOS Linux system, obtain persistence across reboots, and exfiltrate user data even before Developer Mode has been enabled. Learn how to provision and utilize local services in order to perform Privilege Escalations, and also create a \'Master Key\' with the Pico Ducky and custom GTFO 1-liners, in order to perform a full Chromebook Breakout!\n
\n\n\'',NULL,148901),('3_Saturday','13','13:00','13:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Exploring Ancient Ruins to Find Modern Bugs: Discovering a 0-Day in an MS-RPC Service\'','\'Ben Barnea,Ophir Harpaz\'','DC_21a94aea5d2d552566753d6bff79e623','\'Title: Exploring Ancient Ruins to Find Modern Bugs: Discovering a 0-Day in an MS-RPC Service
\nWhen: Saturday, Aug 13, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\nSpeakers:Ben Barnea,Ophir Harpaz
\n
SpeakerBio:Ben Barnea\n, Senior Security Researcher, Akamai
\nBen Barnea is a security researcher at Akamai with interest and experience conducting low-level security research and vulnerability research across various architectures - Windows, Linux, IoT and mobile. He likes learning how complex mechanisms work and most importantly, how they fail.
\nTwitter: @nachoskrnl
\n
SpeakerBio:Ophir Harpaz\n, Senior Security Research Team Lead, Akamai
\nOphir Harpaz is a security research team lead in Akamai, where she manages research projects around OS internals, exploitation and malware analysis. Ophir has spoken in various security conferences including Black Hat USA, Botconf, SEC-T, HackFest and more. As an active member in Baot - a community for women engineers - she has taught a reverse-engineering workshop (https://begin.re) to share her enthusiasm for reversing. Ophir has entered Forbes\' list of 30-under-30 and won the Rising Star category of SC Magazine\'s Reboot awards for her achievements and contribution to the Cyber security industry.
\nTwitter: @OphirHarpaz
\n\n
\nDescription:
\nMS-RPC is Microsoft\'s implementation of the Remote Procedure Calls protocol. Even though the protocol is extremely widespread, and serves as the basis for nearly all Windows services on both managed and unmanaged networks, little has been published about MS-RPC, its attack surface and design flaws.\n

In this talk, we will walkthrough and demonstrate a 0-day RCE vulnerability which we discovered through our research of MS-RPC. When exploited, this vulnerability allows an attacker to execute code remotely and potentially take over the Domain Controller. We believe this vulnerability may belong to a somewhat novel bug-class which is unique to RPC server implementations, and would like to share this idea as a possible research direction with the audience.\n

To aid future research into the topic of MS-RPC, we will share a deep, technical overview of the RPC system in Windows, explain why we decided to target it, and point out several design flaws. We will also outline the methodology we developed around RPC as a research target along with some tools we built to facilitate the bug-hunting process.\n

\n\n\'',NULL,148902),('3_Saturday','13','13:30','14:15','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Do Not Trust the ASA, Trojans!\'','\'Jacob Baines\'','DC_5293adf4204e0eba06ad25b32aaff635','\'Title: Do Not Trust the ASA, Trojans!
\nWhen: Saturday, Aug 13, 13:30 - 14:15 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Jacob Baines\n, Lead Security Researcher, Rapid7
\nJacob Baines is a Lead Security Researcher at Rapid7 and a member of the Emergent Threat Response team. As part of his daily duties, Jacob conducts n-day and zero-day vulnerability research on important or impactful systems. He particularly enjoys sharing findings with the security community and developing Metasploit exploits.\n

Jacob has been active in the Security field for well over a decade. Heâ€™s held positions as a developer, reverse engineer, and vulnerability researcher. As a vulnerability researcher, Jacob has had the good fortune to publish and present his research which varies from embedded system exploitation, web application attacks, and Windows vulnerabilities.\n

\nTwitter: @Junior_Baines
\n\n
\nDescription:
\nCisco ASA and ASA-X are widely deployed firewalls that are relied upon to protect internal networks from the dangers of the outside world. This key piece of network infrastructure is an obvious point of attack, and a known target for exploitation and implantation by APT such as the Equation Group. Yet itâ€™s been a number of years since a new vulnerability has been published that can provide privileged access to the ASA or the protected internal network. But all good things must come to an end.\n

In this talk, new vulnerabilities affecting the Cisco ASA will be presented. Weâ€™ll exploit the firewall, the systemâ€™s administrators, and the ASA-X FirePOWER module. The result of which should call into question the firewallâ€™s trustworthiness.\n

The talk will focus on the practical exploitation of the ASA using these new vulnerabilities. To that end, new tooling and Metasploit modules will be presented. For IT protectors, mitigation and potential indicators of compromise will also be explored.\n

\n\n\'',NULL,148903),('3_Saturday','14','13:30','14:15','Y','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Do Not Trust the ASA, Trojans!\'','\'Jacob Baines\'','DC_5293adf4204e0eba06ad25b32aaff635','\'\'',NULL,148904),('3_Saturday','13','13:30','14:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'HACK THE HEMISPHERE! How we (legally) broadcasted hacker content to all of North America using an end-of-life geostationary satellite, and how you can set up your own broadcast too!\'','\'Andrew Green,Karl Koscher\'','DC_d75d99ed7dd44af5614eae8bf598711e','\'Title: HACK THE HEMISPHERE! How we (legally) broadcasted hacker content to all of North America using an end-of-life geostationary satellite, and how you can set up your own broadcast too!
\nWhen: Saturday, Aug 13, 13:30 - 14:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\nSpeakers:Andrew Green,Karl Koscher
\n
SpeakerBio:Andrew Green\n, Hacker
\nAndrew Green is a multidisciplinary jack of all trades, who specializes in information technology and broadcasting. He brings together many years of unique experiences, with a talent for understanding complex systems on the fly. He currently holds an Advanced amateur radio license, VO1VO.
\n
SpeakerBio:Karl Koscher\n, Hacker
\nKarl Koscher is a technology and security generalist with an emphasis on wireless and embedded systems security. As part of his dissertation work at the University of Washington, he and his collaborators were the first to demonstrate a complete remote compromise of a car over cellular, Bluetooth and other channels. He is a co-organizer of the Crypto and Privacy Village and holds an Amateur Extra license.
\n\n
\nDescription:
\nThe Shadytel cabal had an unprecedented opportunity to legally uplink to and use a vacant transponder slot on a geostationary satellite about to be decommissioned. This talk will explain how we modified an unused commercial uplink facility to broadcast modern HD DVB-S2 signals and created the media processing chain to generate the ultimate information broadcast. You\'ll learn how satellite transponders work, how HDTV is encoded and transmitted, and how you can create your own hacker event broadcast.\n
\n\n\'',NULL,148905),('3_Saturday','14','13:30','14:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'HACK THE HEMISPHERE! How we (legally) broadcasted hacker content to all of North America using an end-of-life geostationary satellite, and how you can set up your own broadcast too!\'','\'Andrew Green,Karl Koscher\'','DC_d75d99ed7dd44af5614eae8bf598711e','\'\'',NULL,148906),('3_Saturday','14','14:00','14:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'OpenCola. The AntiSocial Network\'','\'John Midgley\'','DC_ff1af31d65ef7ad74607ff392d1ef294','\'Title: OpenCola. The AntiSocial Network
\nWhen: Saturday, Aug 13, 14:00 - 14:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\n
SpeakerBio:John Midgley\n, Cult of the Dead Cow
\nJohn Midgley was born and raised in Toronto, Canada. He studied computer science at the University of Toronto where he earned a B.Sc. and a Masters in Computer Vision. His first job out of school was building the search algorithms for openCola, an early peer to peer collaboration tool that was arguably 20 years ahead of its time. Not being able to afford a time machine, he busied himself by working at a string of startups and then a couple larger companies (Microsoft and Netflix). From 2011 to 2021 he worked at Netflix on Facebook integration, search, video ranking, content promotion and ended up managing the personalization organization, responsible for the systems and algorithms that construct the Netflix experience. Now that itâ€™s 20 years later, the world may finally be ready for a new and improved version of OpenCola.
\n\n
\nDescription:
\nThe internet, as it stands today, is not a very trustworthy environment, as evidenced by the numerous headlines of companies abusing personal data and activity. This is not really surprising since companies are responsible for optimizing revenue, which is often at odds with user benefit. The result of these incentives has produced or exacerbated significant problems: tech silos, misinformation, privacy abuse, concentration of wealth, the attention economy, etc. We built OpenCola, free and open source, as an alternative to existing big-tech applications. It puts users in control of their personal activity and the algorithms that shape the flow of data to them. We believe that this solution, although simple, can significantly mitigate the challenges facing the Internet.\n
\n\n\'',NULL,148907),('3_Saturday','14','14:00','14:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'The COW (Container On Windows) Who Escaped the Silo\'','\'Eran Segal\'','DC_dc605fe6bd47e69e9fa96f1291818b70','\'Title: The COW (Container On Windows) Who Escaped the Silo
\nWhen: Saturday, Aug 13, 14:00 - 14:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Eran Segal\n, Security research team leader at SafeBreach
\nEran Segal is a research team leader, with more than 7 years experience in cyber security research. Over the last three years, he has been researching security projects in SafeBreach Labs, after serving in various security positions in the IDF. He specializes in research on Windows and embedded devices.
\n\n
\nDescription:
\nVirtualization and containers are the foundations of cloud services. Containers should be isolated from the real hostâ€™s settings to ensure the security of the host.\n

In this talk weâ€™ll answer these questions: â€œAre Windows process-isolated containers really isolated?â€ and â€œWhat can an attacker achieve by breaking the isolation?â€\n

Before we jump into the vulnerabilities, weâ€™ll explain how Windows isolates the containerâ€™s processes, filesystem and how the host prevents the container from executing syscalls which can impact the host.\nSpecifically, weâ€™ll focus on the isolation implementation of Ntoskrnl using server silos and job objects.\n

Weâ€™ll compare Windows containers to Linux containers and describe the differences between their security architectural designs.\nWeâ€™ll follow the scenario of an attacker-crafted container running with low privileges. We\'ll show in multiple ways how to gain privilege escalation inside the container to NT/System. After gaining NT/System permissions, we\'ll talk about how we escaped the isolation of the container and easily achieved a dump of the entire hostâ€™s kernel memory from within the container. If the host is configured with a kernel debugger, we can even dump the hostâ€™s Admin credentials. \n

Weâ€™ll finish by demonstrating how an attacker-crafted container with low privileges can read UEFI settings and then set them. Using this technique an attacker can communicate between containers and cause a permanent Denial-of-Service (DoS) to a host with default settings, through the UEFI interface.\n

\n\n\'',NULL,148908),('3_Saturday','14','14:30','14:50','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Digging into Xiaomiâ€™s TEE to get to Chinese money\'','\'Slava Makkaveev\'','DC_1272250b43de66c14932e51c4abb9e76','\'Title: Digging into Xiaomiâ€™s TEE to get to Chinese money
\nWhen: Saturday, Aug 13, 14:30 - 14:50 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\n
SpeakerBio:Slava Makkaveev\n, Security Researcher, Check Point
\nSlava Makkaveev is a Security Researcher at Check Point Research. Holds a PhD in Computer Science. Slava has found himself in the security field more than ten years ago and since that gained vast experience in reverse engineering and vulnerability research. Recently Slava has taken a particularly strong interest in mobile platforms and firmware security. Slava was a speaker at DEF CON, CanSecWest, REcon, HITB and others.
\n\n
\nDescription:
\nThe Far East and China account for two-thirds of global mobile payments in 2021. That is about $4 billion in mobile wallet transactions. Such a huge amount of money is sure to attract the attention of hackers. Have you ever wondered how safe it is to pay from a mobile device? Can a malicious app steal money from your digital wallet? To answer these questions, we researched the payment system built into Xiaomi smartphones based on MediaTek chips, which are very popular in China. As a result, we discovered vulnerabilities that allow forging payment packages or disabling the payment system directly from an unprivileged Android application.\n

Mobile payment signatures are carried out in the Trusted Execution Environment (TEE) that remains secure on compromised devices. The attacker needs to hack the TEE in order to hack the payment. There is a lot of good research about mobile TEEs in the public domain, but no one pays attention to trusted apps written by device vendors like Xiaomi and not by chip makers, while the core of mobile payments is implemented there. In our research, we reviewed Xiaomi\'s TEE for security issues in order to find a way to scam WeChat Pay.\n

\n\n\'',NULL,148909),('3_Saturday','14','14:30','15:15','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Doing the Impossible: How I Found Mainframe Buffer Overflows\'','\'Jake Labelle\'','DC_0823d49ad356b9e9f52f706d5595346e','\'Title: Doing the Impossible: How I Found Mainframe Buffer Overflows
\nWhen: Saturday, Aug 13, 14:30 - 15:15 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Jake Labelle\n, Security Consultant
\nJake, a security consultant from Basingstoke, UK, got his hands on a licensed emulator for z/OS over the pandemic , and considering that we have been in and out of lockdown for the past two years, started playing around with it for a fairly good portion of time. As someone who adores the 80s cyber aesthetic, he loves mucking around with it, but also there is nothing legacy about mainframes, docker, node js, python all your modern applications/programs are on there. Over the past year, he has found and reported a number of z/OS LPEs and RCEs vulns to IBM.
\nTwitter: @Jabellz2
\n\n
\nDescription:
\nMainframes run the world, literally. Have you ever paid for something,\na mainframe was involved, flown? Used a bank? Gone to college? A\nmainframe was involved. Do you live in a country with a government?\nMainframes! The current (and really only) mainframe OS is z/OS from\nIBM. If you\'ve ever talked to a mainframer you\'ll get told how they\'re\nmore secure because buffer overflows are (were) impossible. This talk\nwill prove them all wrong!\n

Finding exploits on z/OS is no different than any other platform. This\ntalk will walk through how you too can become a mainframe exploit\nresearcher!\n

Remote code execution is extra tricky on a mainframe as almost all\nsockets read data with the ASCII character set and convert that to\nEBCDIC for the application. With this talk you will find out how to\nfind and then remotely overflow a vulnerable mainframe C program and\ncreate a ASCII -> EBCDIC shellcode to escalate your privileges\nremotely, without auth. Previous mainframe talks focused on\ninfrastructure based attacks. This talk builds on those but adds a\nclass of vulnerabilities, opening up the mainframe hacking community.\n

\n\n\'',NULL,148910),('3_Saturday','15','14:30','15:15','Y','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Doing the Impossible: How I Found Mainframe Buffer Overflows\'','\'Jake Labelle\'','DC_0823d49ad356b9e9f52f706d5595346e','\'\'',NULL,148911),('3_Saturday','15','15:00','15:20','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'DÃ©jÃ Vu: Uncovering Stolen Algorithms in Commercial Products\'','\'Patrick Wardle,Tom McGuire\'','DC_896c73b227d17bb93ba8e96b7d75664c','\'Title: DÃ©jÃ Vu: Uncovering Stolen Algorithms in Commercial Products
\nWhen: Saturday, Aug 13, 15:00 - 15:20 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\nSpeakers:Patrick Wardle,Tom McGuire
\n
SpeakerBio:Patrick Wardle\n, Founder, Objective-See Foundation
\nPatrick Wardle is the creator of the non-profit Objective-See Foundation, author of the â€œThe Art of Mac Malwareâ€ book series, and founder of the â€œObjective by the Seaâ€ macOS Security conference.\n

Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.\n

\nTwitter: @patrickwardle
\n
SpeakerBio:Tom McGuire\n
\nTom has been working in the security industry since the late 90s. He is the CTO of a cybersecurity firm and an Instructor at Johns Hopkins University where he teaches Reverse Engineering, OS Security, Cryptology and Cyber Risk Management. He loves his family, all things security, biotech and the Red Sox!
\n\n
\nDescription:
\nIn an ideal world, members of a community work together towards a common goal or greater good. Unfortunately, we do not (yet) live in such a world.\n

In this talk, we discuss what appears to be a systemic issue impacting our cyber-security community: the theft and unauthorized use of algorithms by corporate entities. Entities who themselves may be part of the community.\n

First, weâ€™ll present a variety of search techniques that can automatically point to unauthorized code in commercial products. Then weâ€™ll show how reverse-engineering and binary comparison techniques can confirm such findings.\n

Next, we will apply these approaches in a real-world case study. Specifically, weâ€™ll focus on a popular tool from a non-profit organization that was reverse-engineered by multiple entities such that its core algorithm could be recovered and used (unauthorized), in multiple commercial products.\n

The talk will end with actionable takeaways and recommendations, as who knows, this may happen to you too! For one, we\'ll present strategic approaches (and the challenges) of confronting culpable commercial entities (and their legal teams). Moreover, weâ€™ll provide recommendations for corporations to ensure this doesnâ€™t happen in the first place, thus ensuring that our community can remain cohesively focused on its mutual goals.\n

\n\n\'',NULL,148912),('3_Saturday','15','15:00','15:20','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'The Big Rick: How I Rickrolled My High School District and Got Away With It\'','\'Minh Duong\'','DC_6ffdbcb91e0751bbf0e9bd967716c8c3','\'Title: The Big Rick: How I Rickrolled My High School District and Got Away With It
\nWhen: Saturday, Aug 13, 15:00 - 15:20 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\n
SpeakerBio:Minh Duong\n, Student at University of Illinois at Urbana-Champaign
\nMinh Duong is an undergraduate studying Computer Science at the University of Illinois at Urbana-Champaign. Over the summer, he worked as an application security intern for Trail of Bits, focusing on compositor security and the Wayland protocol. In his free time, he plays CTFs with SIGPwny, UIUC\'s cybersecurity club. This will be his first time at DEF CON.
\nTwitter: @WhiteHoodHacker
\n\n
\nDescription:
\nWhat happens when you have networked projectors, misconfigured devices, and a bored high school student looking for the perfect senior prank? You get a massive rickroll spanning six high schools and over 11,000 students at one of the largest school districts in suburban Chicago.\n

This talk will go over the coordination required to execute a hack of this scale and the logistics of commanding a botnet of IoT systems. It will also describe the operational security measures taken so that you can evade detection, avoid punishment, and successfully walk at graduation.\n

\n\n\'',NULL,148913),('3_Saturday','15','15:00','15:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'You Have One New Appwntment - Hacking Proprietary iCalendar Properties\'','\'Eugene Lim\'','DC_fdc5e3d217761ad7fd2430b63dbd465a','\'Title: You Have One New Appwntment - Hacking Proprietary iCalendar Properties
\nWhen: Saturday, Aug 13, 15:00 - 15:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Eugene Lim\n, Cybersecurity Specialist, Government Technology Agency of Singapore
\nEugene (spaceraccoon) hacks for good! At GovTech Singapore, he protects citizen data and government systems through security research. He also develops SecOps integrations to secure code at scale. He recently reported remote code execution vulnerabilities in Microsoft Office and Apache OpenOffice and discussed defensive coding techniques he observed from hacking Synology Network Attached Storage devices at ShmooCon.\n

As a bug hunter, he helps secure products globally, from Amazon to Zendesk. In 2021, he was selected from a pool of 1 million registered hackers for HackerOne\'s H1-Elite Hall of Fame. Besides bug hunting, he builds security tools, including a malicious npm package scanner and a social engineering honeypot that were presented at Black Hat Arsenal. He writes about his research on https://spaceraccoon.dev.\n

He enjoys tinkering with new technologies. He presented \"Hacking Humans with AI as a Service\" at DEF CON 29 and attended IBM\'s Qiskit Global Quantum Machine Learning Summer School.\n

\nTwitter: @spaceraccoonsec
\n\n
\nDescription:
\nFirst defined in 1998, the iCalendar standard remains ubiquitous in enterprise software. However, it did not account for modern security concerns and allowed vendors to create proprietary extensions that expanded the attack surface.\n

I demonstrate how flawed RFC implementations led to new vulnerabilities in popular applications such as Apple Calendar, Google Calendar, Microsoft Outlook, and VMware Boxer. Attackers can trigger exploits remotely with zero user interaction due to automatic parsing of event invitations. Some of these zombie properties were abandoned years ago for their obvious security problems but continue to pop up in legacy code.\n

Furthermore, I explain how iCalendarâ€™s integrations with the SMTP and CalDAV protocols enable multi-stage attacks. Despite attempts to secure these technologies separately, the interactions that arise from features such as emailed event reminders require a full-stack approach to calendar security. I conclude that developers should strengthen existing iCalendar standards in terms of design and implementation.\n

I advocate for an open-source and open-standards approach to secure iCalendar rather than proprietary fragmentation. I will release a database of proprietary iCalendar properties and a technical whitepaper.\n

\n\n\'',NULL,148914),('3_Saturday','15','15:30','15:50','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing\'','\'Jonghyuk Song,Soohwan Oh,Woongjo choi\'','DC_5234d43f75d79fa9f3d51d1eb2ce1037','\'Title: Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing
\nWhen: Saturday, Aug 13, 15:30 - 15:50 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\nSpeakers:Jonghyuk Song,Soohwan Oh,Woongjo choi
\n
SpeakerBio:Jonghyuk Song\n, \"Jonghyuk Song, Redteam Leader, Autocrypt\"
\nJonghyuk Song is lead for Autocryptâ€™s Red Team. His current tasks are security testing for automotive including fuzzing, penetration testing, and vulnerability scanning.\n

He researches security issues in not only in-vehicle systems, but also V2G and V2X systems. Jonghyuk received his Ph.D. in Computer Science and Engineering at POSTECH, South Korea in 2015. He has worked in Samsung Research as an offensive security researcher, where his work included finding security issues in smartphones, smart home appliances and network routers.\n

\n
SpeakerBio:Soohwan Oh\n, Blueteam Engineer, Autocrypt
\nSoohwan Oh is an automotive engineer and security tester at Autocrypt blue team.\n

He is mainly working on fuzzing test and issue analysis on the in-vehicle networks, such as CAN/CAN-FD, UDSonCAN and Automotive Ethernet.\n

Also, he has designed the requirements of automotive security test solutions.\n

\n
SpeakerBio:Woongjo choi\n, Blueteam Leader, Autocrypt
\nWoongjo Choi is in charge of team leader of blue team and also vehicle security test engineer at Autocrypt. Also, he designed automotive security test solution and conducted the fuzzing test.Experienced in various fields : Vehicle security, Mobile phone, Application Processor, Ultrasound system, etc.
\n\n
\nDescription:
\nCar hacking is a tricky subject to hackers because it requires lots of money and hardware knowledge to research with a real car. \nAn alternative way would be to research with an ECU but it also difficult to know how to setup the equipment. \nMoreover, in order to communicate with Automotive Ethernet services running on the ECU, \nyou need additional devices such as media converters and Ethernet adapters supporting Virtual LAN(VLAN). \nEven if you succeed in building the hardware environment, \nyou can\'t communicate with the ECU over SOME/IP protocol of Automotive Ethernet if you don\'t know the network configuration, such as VLAN ID, service IDs and IP/port mapped to each service.\n

This talk describes how to do fuzzing on the SOME/IP services step by step. \nFirst, we demonstrate how to buy an ECU, how to power and wire it. \nSecond, we explain network configurations to communicate between ECU and PC. \nThird, we describe how to find out the information required to perform SOME/IP fuzzing and how to implement SOME/IP Fuzzer. \nWe have conducted the fuzzing with the BMW ECUs purchased by official BMW sales channels, not used products.\n

We hope this talk will make more people to try car hacking and will not go through the trials and errors that we have experienced.\n

\n\n\'',NULL,148915),('3_Saturday','15','15:30','16:15','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Perimeter Breached! Hacking an Access Control System\'','\'Steve Povolny,Sam Quinn\'','DC_99b36fca024ee45a37eabef127f17af6','\'Title: Perimeter Breached! Hacking an Access Control System
\nWhen: Saturday, Aug 13, 15:30 - 16:15 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\nSpeakers:Steve Povolny,Sam Quinn
\n
SpeakerBio:Steve Povolny\n, Principal Engineer & Head of Advanced Threat Research
\nSteve Povolny, @spovolny, is the Head of Advanced Threat Research for Trellix, which delivers groundbreaking vulnerability research spanning nearly every industry. With more than a decade of experience in network security, Steve is a recognized authority on hardware and software vulnerabilities, and regularly collaborates with influencers in academia, government, law enforcement, consumers and enterprise businesses of all sizes. Steve is a sought after public speaker and media commentator who often blogs on key topics. He brings his passion for threat research and a unique vision to harness the power of collaboration between the research community and product vendors, through responsible disclosure, for the benefit of all.
\nTwitter: @spovolny
\n
SpeakerBio:Sam Quinn\n, Senior Security Researcher
\nSam Quinn, @eAyeP, is a Senior Security Researcher on the Advanced Threat Research team, focused on finding new vulnerabilities in both software and hardware. Sam has a focus on embedded devices with knowledge in the fields of reverse engineering and exploitation. He has had numerous vulnerability findings and published CVEs in the areas of IOT and enterprise software.
\nTwitter: @eAyeP
\n\n
\nDescription:
\nThe first critical component to any attack is an entry point. As we lock down firewalls and routers, it can be easy to overlook the network-connected physical access control systems. A study done by IBM in 2021 showed that the average cost of a physical security compromise is $3.54 million and takes an average of 223 days to identify a breach.\n

HID Mercury is a global distributor of access control systems with more than 20 OEM partners, deployed across multiple industries and certified for use in federal and state government facilities.\n

Trellix\'s Advanced Threat Research team uncovered 4 unique 0-day vulnerabilities and 4 additional undisclosed vulnerabilities leading to remote, unauthenticated code execution on multiple HID Mercury access control panels. These findings lead to full system control including the ability for an attacker to remotely manipulate door locks. During this presentation, we will briefly cover the hardware debugging process, leading to a root shell on the target. We will explore in greater depth the vulnerability discovery techniques, including emulation, fuzzing, static and dynamic reverse engineering, and a detailed walkthrough of several of the most critical vulnerabilities. Weâ€™ll address our approach to exploitation using simplistic malware we designed to control system functionality and culminate the talk with a live demo featuring full system control, unlocking doors remotely without triggering any software notification\n

\n\n\'',NULL,148916),('3_Saturday','16','15:30','16:15','Y','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Perimeter Breached! Hacking an Access Control System\'','\'Steve Povolny,Sam Quinn\'','DC_99b36fca024ee45a37eabef127f17af6','\'\'',NULL,148917),('3_Saturday','15','15:30','16:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Tor: Darknet Opsec By a Veteran Darknet Vendor & the Hackers Mentality\'','\'Sam Bent\'','DC_82cea425fe58c9bd3e01cf8c5b78f6f3','\'Title: Tor: Darknet Opsec By a Veteran Darknet Vendor & the Hackers Mentality
\nWhen: Saturday, Aug 13, 15:30 - 16:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\n
SpeakerBio:Sam Bent\n, KS LLC
\nFormer admin and co-founder on Dread Forum (Darknet), staff on multiple Darknet sites, Darknet vendor: 2happytimes2, lockpicker, hacker, hak5 enthusiast, haxme.org admin (Clearnet), Sam Bent spends his days writing technical manuals and doing graphics (using all Adobe Products) for the company he works for, while also doing federal prison consulting on the side. He is a certificated paralegal. Runs his blog where he does federal prison consulting, is currently about to publish a book on compassionate release for federal prisoners, and runs multiple youtube channels. He is a student in college,\n

He has been in the scene for almost 20 years. He has written multiple guides and published numerous whitepapers and how-toâ€™s on hacking, including one article written in combination with r4tdance (of #suidrewt) published on packetstomsecurity called A Newbies Guide To The Underground Volume 2. Sam Bentâ€™s former handles include killab, 2happytimes, 2happytimes2, and most recently, DoingFedTime.\n

\nTwitter: @DoingFedTime
\n\n
\nDescription:
\nThe hacking subculture\'s closest relative is that of the Darknet. Both have knowledgeable people, many of whom are highly proficient with technology and wish to remain somewhat anonymous. They are both composed of a vast amount of introverts and abide by the same first rule: â€œDonâ€™t get caught.\"\n

Over the past decade, there have been many DEF CON talks that have discussed topics related to Tor and the Darknet. Having an IT, Infosec, and hacking background, the goal is to present a unique perspective from a hacker turned Darknet Vendor, who then learned about the law andâ€“using metaphorical privilege escalation and social engineeringâ€“got himself out of federal prison after a year and a half by acting as his own lawyer.\n

The focus of this talk will surround operational security policies that a skilled Darknet Market Vendor (DMV) implements to avoid compromising their identity. We will look at tactics used by Law Enforcement and common attacks prevalent on the Darknet, ranging from linguistic analysis and United States Postal Inspector operations all the way to correlation attacks and utilizing long-range wifi antennas to avoid detection as a failsafe.\n

By focusing less on the basics of Tor and more on how insiders operate within it, we will uncover what it takes to navigate this ever-evolving landscape with clever OpSec.\n

\n\n\'',NULL,148918),('3_Saturday','16','15:30','16:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Tor: Darknet Opsec By a Veteran Darknet Vendor & the Hackers Mentality\'','\'Sam Bent\'','DC_82cea425fe58c9bd3e01cf8c5b78f6f3','\'\'',NULL,148919),('3_Saturday','16','16:00','16:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Low Code High Risk: Enterprise Domination via Low Code Abuse\'','\'Michael Bargury\'','DC_744e428a2a33b84e6aa6389a08f28616','\'Title: Low Code High Risk: Enterprise Domination via Low Code Abuse
\nWhen: Saturday, Aug 13, 16:00 - 16:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Michael Bargury\n, Co-Founder and CTO, Zenity.io
\nMichael Bargury is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past, he headed security product efforts at Azure focused on IoT, APIs and IaC. Michael is passionate about all things related to cloud, SaaS and low-code security, and spends his time finding ways they could go wrong. He also leads the OWASP low-code security project and writes about it on DarkReading.
\nTwitter: @mbrg0
\n\n
\nDescription:
\nWhy focus on heavily guarded crown jewels when you can dominate an organization through its shadow IT?\n

Low-Code applications have become a reality in the enterprise, with surveys showing that most enterprise apps are now built outside of IT, with lacking security practices. Unsurprisingly, attackers have figured out ways to leverage these platforms for their gain.\n

In this talk, we demonstrate a host of attack techniques found in the wild, where enterprise No-Code platforms are leveraged and abused for every step in the cyber killchain. You will learn how attackers perform an account takeover by making the user simply click a link, move laterally and escalate privileges with zero network traffic, leave behind an untraceable backdoor, and automate data exfiltration, to name a few capabilities. All capabilities will be demonstrated with POCs, and their source code will be shared.\n

Finally, we will introduce an open-source recon tool that identifies opportunities for lateral movement and privilege escalation through low-code platforms.\n

\n\n\'',NULL,148920),('3_Saturday','16','16:00','16:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Trailer Shouting: Talking PLC4TRUCKS Remotely with an SDR\'','\'Chris Poore,Ben Gardiner\'','DC_296570bfc96b431c12b957031c86cfc3','\'Title: Trailer Shouting: Talking PLC4TRUCKS Remotely with an SDR
\nWhen: Saturday, Aug 13, 16:00 - 16:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\nSpeakers:Chris Poore,Ben Gardiner
\n
SpeakerBio:Chris Poore\n, Senior Reverse Engineer, Assured Information Security
\nChris Poore is a Senior Reverse Engineer at Assured Information Security in Rome, NY. He has expertise discovering vulnerabilities in wireless systems, gaining access to systems via RF, reverse engineering RF protocols, forensically testing cybersecurity systems, and administering RF collection events. He has experience writing code for software-defined radios and GNU Radio to reverse-engineer RF communication protocols and perform sophisticated attacks. Chris is excitable when working with the community to draw out ideas and takes advantage of networking opportunities with both humans and computers.
\n
SpeakerBio:Ben Gardiner\n, Senior Cybersecurity Research Engineer, National Motor Freight Traffic Association Inc.,
\nBen Gardiner is a Senior Cybersecurity Research Engineer contractor at the National Motor Freight Traffic Association, Inc. (NMFTA) specializing in hardware and low-level software security. Prior to joining the NMFTA team in 2019, Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He is a DEF CON Hardware Hacking Village and Car Hacking Village volunteer. He also participates in and contributes to working groups in SAE and ATA TMC.
\n\n
\nDescription:
\nBen Gardiner, Chris Poore and other security researchers have been analyzing signals and performing research against trailers and Power Line Communication for multiple years. This year the team was able to disclose two vulnerabilities focused on the ability to remotely inject RF messages onto the powerline and in turn send un-authenticated messages to the brake controller over the link. The team will discuss the details of PLC4TRUCKS, identify what led to this research and the discovery of the vulnerabilities, and then highlight the details of the SDR and software used to perform the attack. The talk will conclude with the demonstration of a remotely induced brake controller solenoid test using an FL2K and the release of the GNU radio block used to perform the test to the community to promote further research in the area.\n
\n\n\'',NULL,148921),('3_Saturday','16','16:30','17:15','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Defeating Moving Elements in High Security Keys\'','\'Bill Graydon\'','DC_fc044cdf43d750be691870ac10a78ebf','\'Title: Defeating Moving Elements in High Security Keys
\nWhen: Saturday, Aug 13, 16:30 - 17:15 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Bill Graydon\n, Principal, Physical Security Analytics, GGR Security
\nBill Graydon is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. Heâ€™s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running DEF CONâ€™s Lock Bypass Village. Heâ€™s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in cyber security, anti-money laundering, and infectious disease detection.
\nTwitter: @access_ctrl
\n\n
\nDescription:
\nA recent trend in high security locks is to add a moving element to the key: this prevents casting, 3D printing and many other forms of unauthorised duplication. Pioneered by the Mul-T-Lock Interactive locks, we see the technique used in recent Mul-T-Lock iterations, the Abloy Protec 2 and most recently, the Medeco M4, which is only rolling out to customers now. \n

We have identified a major vulnerability in this technology, and have developed a number of techniques to unlock these locks using a key made from a solid piece of material, which defeats all of the benefits of an interactive key. Iâ€™ll demonstrate how it can be applied to Mul-T-Lock Interactive, Mul-T-Lock MT5+ and the Medeco M4, allowing keys to be duplicated by casting, 3D printing and more. Iâ€™ll also cover other techniques to defeat moving elements in a key, such as printing a compliant mechanism and printing a captive element directly. With this talk, weâ€™re also releasing a web application for anyone to generate 3D printable files based on this exploit.\nFinally, Iâ€™ll also discuss the responsible disclosure process, and working with the lock manufacturers to patch the vulnerability and mitigate the risk.\n

\n\n\'',NULL,148922),('3_Saturday','17','16:30','17:15','Y','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Defeating Moving Elements in High Security Keys\'','\'Bill Graydon\'','DC_fc044cdf43d750be691870ac10a78ebf','\'\'',NULL,148923),('3_Saturday','16','16:30','17:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Why did you lose the last PS5 restock to a bot Top-performing app-hackers business modules, architecture, and techniques\'','\'Arik\'','DC_e6eb61a4c178cf94edd285829379c87f','\'Title: Why did you lose the last PS5 restock to a bot Top-performing app-hackers business modules, architecture, and techniques
\nWhen: Saturday, Aug 13, 16:30 - 17:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\n
SpeakerBio:Arik\n, Threat Intelligence Researcher
\nFor the last four years, Arik spent most of his time on darknet and deep web marketplaces, hunting threat intelligence and interacting with hackers under 64 identities.\n

As a Threat Intelligence Researcher at Human Security Inc, Arik trades cracking tools and executes multiple honeypot operations that provide valuable intelligence about web-automated attacks and their actors. Arik\'s research focuses primarily on retail bots, NTF bots, and account take-over vectors: brute-force and cookie infostealers.\n

Previously, Arik worked as the first Threat Researcher at BrightData (Formally Luminati networks). Between 2018 and 2020, Arik was responsible for investigating, limiting, and blocking 50K$/Month+ clients that misused the Brightdata residential proxy network for cyberattacks. Analyzing the proxy server logs exposed him to complex fraud operations - from the attacker\'s perspective.\n

As a proxy network gatekeeper, he investigated and enticed app-sec hackers to share their pain points, hacking mindsets, and techniques, information He leverages in his current role at Human Security Inc when researching relevant attack groups and increasing the accuracy of the company\'s products.\n

\n\n
\nDescription:
\nThe rise of the machines. \n

Whenever you are buying online, especially if itâ€™s a limited stock item, you are competing against Bots and lose miserably. Even when you are asleep, thereâ€™s a 14% chance that a bot trying to log into one of the 200+ digital accounts you own. \n

Your mom called to say someone from her bank ask for 4 digit SMS? It was an OTP bot. \n

Malicious automation is here to stay as it serves tens of thousands of hackers and retail scalpers and drives billions of dollars worth of marketplaces. \n

During my talk, we will deep dive into the most fascinating architecture, business modules, and techniques top-performing of account crackers and retail bots use to maximize their success rate and revenue.\n

\n\n\'',NULL,148924),('3_Saturday','17','16:30','17:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Why did you lose the last PS5 restock to a bot Top-performing app-hackers business modules, architecture, and techniques\'','\'Arik\'','DC_e6eb61a4c178cf94edd285829379c87f','\'\'',NULL,148925),('3_Saturday','17','17:00','17:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Hacking The Farm: Breaking Badly Into Agricultural Devices.\'','\'Sick Codes\'','DC_a82fad099599293359b28bbab915a28d','\'Title: Hacking The Farm: Breaking Badly Into Agricultural Devices.
\nWhen: Saturday, Aug 13, 17:00 - 17:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\n
SpeakerBio:Sick Codes\n, Hacker
\nOrdinary everyday hacker.\n

Sick Codes is an alleged Australian hacker, who resides somewhere in Asia: I love finding vulns, the thrill of the the 0day, emulation, free software, reverse engineering, standing up for other researchers & fast motorbikes. I hack anything with an electromagnetic pulse, including TV\'s, cars, tractors, ice cream machines, and more. My heart lies with Free Software but I like to go where no researcher has gone before. My works include Docker-OSX, which regularly trends on GitHub with 22k+ stars, 300k+ downloads.\n

\nTwitter: @sickcodes
\n\n
\nDescription:
\nHacking the farm. In this session, I\'ll demonstrate tractor-sized hardware hacking techniques, firmware extraction, duplication, emulation, and cloning. We\'ll be diving into how the inner workings of agricultural cyber security; how such low-tech devices are now high-tech devices. The \"connected farm\" is now a reality; a slurry of EOL devices, trade secrets, data transfer, and overall shenanigans in an industry that accounts for roughly one-fifth of the US economic activity. We\'ll be discussing hacking into tractors, combines, cotton harvesters, sugar cane and more.\n
\n\n\'',NULL,148926),('3_Saturday','17','17:00','17:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Internal Server Error: Exploiting Inter-Process Communication with new desynchronization primitives\'','\'Martin Doyhenard\'','DC_766b69588b7b83098bd27fb2df725ffd','\'Title: Internal Server Error: Exploiting Inter-Process Communication with new desynchronization primitives
\nWhen: Saturday, Aug 13, 17:00 - 17:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Martin Doyhenard\n, Security Researcher at Onapsis
\nMartin is a security researcher at the Onapsis Research Labs. His work includes performing security assessment on SAP and Oracle products and detecting vulnerabilities in ERP systems. His research is focused on Web stack security, reverse engineering and binary analisis, and he is also an active CTF player.\n

Martin has spoken at different conferences including DEFCON, RSA, HITB and EkoParty, and presented multiple critical vulnerabilities.\n

\nTwitter: @tincho_508
\n\n
\nDescription:
\nIn this talk I will show how to reverse engineer a proprietary HTTP Server in order to leverage memory corruption vulnerabilities using high level HTTP protocol exploitation techniques. To do so, I will present two critical vulnerabilities, CVE-2022-22536 and CVE-2022-22532, which were found in SAP\'s proprietary HTTP Server, and could be used by a remote unauthenticated attacker to compromise any SAP installation in the world.\n

First, I will explain how to escalate an error in the request handling process to Desynchronize data buffers and hijack every userâ€™s account with Advanced Response Smuggling. Furthermore, as the primitives of this vulnerability do not rely on header parsing errors, I will show a new technique to persist the attack using the first Desync botnet in history. This attack will prove to be effective even in an â€œimpossible to exploitâ€ scenario: without a Proxy!\n

Next I will examine a Use-After-Free in the shared memory used for Inter-Process Communication. By exploiting the incorrect deallocation, I will show how to tamper messages belonging to other TCP connections and take control of all responses using Cache Poisoning and Response Splitting theory.\n

Finally, as the affected buffers could also contain IPC control data, I will explain how to corrupt memory address pointers and end up obtaining RCE.\n

\n\n\'',NULL,148927),('3_Saturday','17','17:30','18:15','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Black-Box Assessment of Smart Cards\'','\'Daniel Crowley\'','DC_1be45f6af100fe96f1084a34fda48c6e','\'Title: Black-Box Assessment of Smart Cards
\nWhen: Saturday, Aug 13, 17:30 - 18:15 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Daniel Crowley\n, Head of Research, X-Force Red
\nDaniel Crowley is the head of research and a penetration tester for X-Force Red. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. Daniel enjoys climbing large rocks and is TIME magazine\'s 2006 person of the year. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie and brews his own beer. Daniel\'s work has been included in books and college courses. Daniel also holds the noble title of Baron in the micronation of Sealand.
\nTwitter: @dan_crowley
\n\n
\nDescription:
\nYou probably have at least two smart cards in your pockets right now. Your credit card, and the SIM card in your cell phone. You might also have a CAC, metro card, or the contactless key to your hotel room. Many of these cards are based on the same basic standards and share a common command format, called APDU.\n

This talk will discuss and demonstrate how even in the absence of information about a given card, there are a series of ways to enumerate the contents and capabilities of a card, find exposed information, fuzz for input handling flaws, and exploit poor authentication and access control.\n

\n\n\'',NULL,148928),('3_Saturday','18','17:30','18:15','Y','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Black-Box Assessment of Smart Cards\'','\'Daniel Crowley\'','DC_1be45f6af100fe96f1084a34fda48c6e','\'\'',NULL,148929),('3_Saturday','17','17:30','18:15','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Crossing the KASM -- a webapp pentest story\'','\'Samuel Erb,Justin Gardner\'','DC_d1009d9e3573de56fb96b7464e9bf943','\'Title: Crossing the KASM -- a webapp pentest story
\nWhen: Saturday, Aug 13, 17:30 - 18:15 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\nSpeakers:Samuel Erb,Justin Gardner
\n
SpeakerBio:Samuel Erb\n, Hacker
\nSamuel Erb is a 2x black badge winner with Co9 in the Badge Challenge and is working to make the Internet a safer place. He has also presented 3x previously at the Packet Hacking Village. Outside of hacking, you will likely find Sam in a climbing gym or on the side of a mountain.
\nTwitter: @erbbysam
\n
SpeakerBio:Justin Gardner\n, Full-time Bug Bounty Hunter
\nJustin Gardner is a full-time bug bounty hunter who spent the last two years traveling around Japan with his wife Mariah, and is currently in the process of settling back down in Richmond, VA to adopt some kids and start a family. His expertise lies mostly in Web Hacking with a bug bounty focus, but he also has experience with Ethereum Smart Contract Auditing, Penetration Testing, and Mobile App Hacking. He hopes to pivot into binary exploitation over the next couple years as well.
\nTwitter: @Rhynorater
\n\n
\nDescription:
\nIn this talk we will tell the story of an insane exploit we used to compromise the otherwise secure KASM Workspaces software. KASM Workspaces is enterprise software for streaming virtual workstations to end users built on top of Docker. \n

This talk will span python binary RE, header smuggling, configuration injection, docker networking and questionable RFC interpretation. We hope to show you a little bit of what worked and a lot a bit of what didn\'t work on our quest to exploit this heisenbug.\n

\n\n\'',NULL,148930),('3_Saturday','18','17:30','18:15','Y','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Crossing the KASM -- a webapp pentest story\'','\'Samuel Erb,Justin Gardner\'','DC_d1009d9e3573de56fb96b7464e9bf943','\'\'',NULL,148931),('3_Saturday','18','18:00','18:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'The CSRF Resurrections! Starring the Unholy Trinity: Service Worker of PWA, SameSite of HTTP Cookie, and Fetch\'','\'Dongsung Kim\'','DC_14e344c1a8329944364923bba71b0644','\'Title: The CSRF Resurrections! Starring the Unholy Trinity: Service Worker of PWA, SameSite of HTTP Cookie, and Fetch
\nWhen: Saturday, Aug 13, 18:00 - 18:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Dongsung Kim\n, IT-Security Expert, Truesec
\nDongsung (Donny) Kim is a security specialist at Truesec || an independent software developer. His software interests vary widely from frontend to DevSecOps, with research interests spanning from reverse engineering to web security. Equipped with both professional and academic experiences, he wants to reconcile two seemingly opposite ideas: understanding user-facing software problems without compromising security.
\nTwitter: @kid1ng
\n\n
\nDescription:
\nCSRF is (really) dead. SameSite killed it. Browsers protect us. Lax by default!\n

Sounds a bit too good to be true, doesn\'t it? We live in a world where browsers get constantly updated with brand new web features and new specifications. The complexity abyss is getting wider and deeper. How do we know web technologies always play perfectly nice with each other? What happens when something slips? \n

In this talk, I focus on three intertwined web features: HTTP Cookie\'s SameSite attribute, PWA\'s Service Worker, and Fetch. I will start by taking a look at how each feature works in detail. Then, I will present how the three combined together allows CSRF to be resurrected, bypassing the SameSite\'s defense. Also, I will demonstrate how a web developer can easily introduce the vulnerability to their web apps when utilizing popular libraries. I will end the talk by sharing the complex disclosure timeline and the difficulty of patching the vulnerability due to the interconnected nature of web specifications.\n

\n\n\'',NULL,148932),('3_Saturday','18','18:30','18:50','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Digital Skeleton Keys - Weâ€™ve got a bone to pick with offline Access Control Systems\'','\'Micsen,Miana E Windall\'','DC_40e28e3c5eaa34b7eb98bc0ef01d1988','\'Title: Digital Skeleton Keys - Weâ€™ve got a bone to pick with offline Access Control Systems
\nWhen: Saturday, Aug 13, 18:30 - 18:50 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\nSpeakers:Micsen,Miana E Windall
\n
SpeakerBio:Micsen\n, Software developer, Installer, And much more!
\nMicsen: At 5 years old Micsen began his career of dismantling things. He had just gotten his first RC car and wanted to fix it since it didnâ€™t drive straight. Luckily the skills have evolved significantly from that time as the car never drove again! When a company is affected by ransomware he will happily use his hacking skills to trade for booze.
\nTwitter: @micsen97
\n
SpeakerBio:Miana E Windall\n, Software Development Engineer
\nMiana is a lifelong tinkerer who likes breaking things almost as much as she likes building them.
\nTwitter: @NiamhAstra
\n\n
\nDescription:
\nOffline RFID systems rely on data stored within the key to control access and configuration. But what if a key lies? What if we can make the system trust those lies? Well then we can do some real spooky thingsâ€¦\nThis is the story of how a strange repeating data pattern turned into a skeleton key that can open an entire range of RFID access control products in seconds.\n
\n\n\'',NULL,148933),('4_Sunday','11','11:00','11:45','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'emulation-driven reverse-engineering for finding vulns\'','\'atlas\'','DC_d7ee8a516cc379b42851b05abccdba36','\'Title: emulation-driven reverse-engineering for finding vulns
\nWhen: Sunday, Aug 14, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\n
SpeakerBio:atlas\n, chief pwning officer, 0fd00m c0rp0ration
\natlas is a binary ninja who\'s been working to improve his understanding of this digital world for nearly two decades. firmware, software, hardware, rf, protocols, it\'s all fun to him. after all these years, he still enjoys making sense of low level things and bringing along friends who share the passion. background in development, client/server admin, hardware reversing, software reversing, vulnerability research, exploiting things in SCADA/ICS, Power Grid, Automotive, Medical, Aerospace, and devving tools to make it all easier, faster, and more consistent.
\nTwitter: @at1as
\n\n
\nDescription:
\ndo your eyes hurt? is your brain aching? is your pain caused from too much deciphering difficult assembly (or decompiled C) code?\n

assembly can hurt, C code can be worse. partial emulation to the rescue!\n let the emulator walk you through the code, let it answer hard questions/problems you run into in your reversing/vuln research.\n this talk will introduce you the power of emulator-driven reversing. guide your RE with the help of an emulator (one that can survive limited context), emulate code you don\'t want to reverse, be better, learn more, be faster, with less brain-drain.\n make no mistake, RE will always have room for magicians to show their wizardry... but after this talk, you may find yourself a much more powerful wizard.\n

\n\n\'',NULL,148934),('4_Sunday','11','11:00','11:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Exploitation in the era of formal verification: a peek at a new frontier with AdaCore/SPARK\'','\'Adam \'pi3\' Zabrocki,Alex Tereshkin\'','DC_5734c873df15788d1a1ddd0563d4d0ed','\'Title: Exploitation in the era of formal verification: a peek at a new frontier with AdaCore/SPARK
\nWhen: Sunday, Aug 14, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\nSpeakers:Adam \'pi3\' Zabrocki,Alex Tereshkin
\n
SpeakerBio:Adam \'pi3\' Zabrocki\n, Principal System Software Engineer (Offensive Security)
\nAdam Zabrocki \'pi3\' is a computer security researcher, pentester and bughunter, currently working as a Principal Offensive Security Researcher at NVIDIA. He is a creator and developer of Linux Kernel Runtime Guard (LKRG) - his moonlight project defended by Openwall. Among others, he used to work in Microsoft, European Organization for Nuclear Research (CERN), HISPASEC Sistemas (known from the virustotal.com project), Wroclaw Center for Networking and Supercomputing, Cigital. The main area of his research is low-level security (CPU arch, uCode, FW, hypervisor, kernel, OS).\n

As a hobby, he was a developer in The ERESI Reverse Engineering Software Interface project, a bughunter (discovered vulnerabilities in Hyper-V, KVM, RISC-V ISA, Intel\'s Reference Code, Intel/NVIDIA vGPU, Linux kernel, FreeBSD, OpenSSH, gcc SSP/ProPolice, Apache, Adobe Acrobat Reader, Xpdf, Torque GRID server, and more) and studied exploitation and mitigation techniques, publishing results of his research in Phrack Magazine.\n

Adam is driving Pointer Masking extension for RISC-V, he is a co-author of a subchapter to Windows Internals and was The Pwnie Awards 2021 nominee for most under-hyped research. He was a speaker at well-known security conferences including Blackhat, DEF CON, Security BSides, Open Source Tech conf and more.\n

\nTwitter: @Adam_pi3
\n
SpeakerBio:Alex Tereshkin\n, Principal System Software Engineer (Offensive Security)
\nAlex Tereshkin is an experienced reverse engineer and an expert in UEFI security, Windows kernel and hardware virtualization, specializing in rootkit technologies and kernel exploitation. He has been involved in the BIOS and SMM security research since 2008. He is currently working as a Principal Offensive Security Researcher at NVIDIA. He has done significant work in the field of virtualization-based malware and Windows kernel security. He is a co-author of a few courses taught at major security conferences and a co-author of the first UEFI BIOS and Intel ME exploits.
\nTwitter: @AlexTereshkin
\n\n
\nDescription:
\nFor decades, software vulnerabilities have remained an unsolvable security problem regardless of years of investment in various mitigations, hardening and fuzzing strategies. In the last years there have been moves to formal methods as a path toward better security. Verification and formal methods can produce rigorous arguments about the absence of the entire classes of security bugs, and are a powerful tool to build highly secure software.\n

AdaCore/SPARK is a formally defined programming language intended for the development of high integrity software used in systems where predictable and highly reliable operation is crucial. The formal, unambiguous, definition of SPARK allows a variety of static analysis techniques to be applied, including information flow analysis, proof of absence of run-time exceptions, proof of termination, proof of functional correctness, and proof of safety and security properties.\n

In this talk we will dive-into AdaCore/SPARK, cover the blind spots and limitations, and show real-world vulnerabilities which we met during my work and which are still possible in the formally proven software. We will also show an exploit targeting one of the previously described vulnerabilities.\n

\n\n\'',NULL,148935),('4_Sunday','11','11:00','11:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Save The Environment (Variable): Hijacking Legitimate Applications with a Minimal Footprint\'','\'Wietze Beukema\'','DC_dd7100cde81b12ade24529320ef205da','\'Title: Save The Environment (Variable): Hijacking Legitimate Applications with a Minimal Footprint
\nWhen: Sunday, Aug 14, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Wietze Beukema\n, Threat Detection & Response at CrowdStrike
\nWietze has been hacking around with computers for years. Originally from the Netherlands, he currently works in Threat Detection & Response at CrowdStrike in London. As a threat hunting enthusiast and security researcher, he has presented his findings on topics including attacker emulation, command-line obfuscation and DLL Hijacking at a variety of security conferences. By sharing his research, publishing related tools and his involvement in the open source LOLBAS project, he aims to give back to the community he learnt so much from.
\nTwitter: @wietze
\n\n
\nDescription:
\nDLL Hijacking, being a well-known technique for executing malicious\npayloads via trusted executables, has been scrutinised extensively, to\nthe point where defensive measures are in a much better position to\ndetect abuse. To bypass detection, stealthier and harder-to-detect\nalternatives need to come into play.\n

In this presentation, we will take a closer look at how process-level\nEnvironment Variables can be abused for taking over legitimate\napplications. Taking a systemic approach, we will demonstrate that over\n80 Windows-native executables are vulnerable to this special type of\nDLL Hijacking. As this raises additional opportunities for User Account\nControl (UAC) bypass and Privilege Escalation, we will discuss the\nvalue and further implications of this technique and these findings.\n

\n\n\'',NULL,148936),('4_Sunday','11','11:00','11:45','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'STrace - A DTrace on windows reimplementation.\'','\'Stephen Eckels\'','DC_45c0fc31884fa6bb577e5e5e7f3015fc','\'Title: STrace - A DTrace on windows reimplementation.
\nWhen: Sunday, Aug 14, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Stephen Eckels\n
\nStephen Eckels, is a reverse engineer that explores blue team tooling and regularly sees front line malware. Stephen has published past tools such as GoReSym - a golang symbol recovery tool, and written extensively about many forms of hooking including hooking the wow64 layer. Stephen maintains the open source hooking library PolyHook, some of his other work is public on the Mandiant blog!
\nTwitter: @stevemk14ebr
\n\n
\nDescription:
\nII\'ll document the kernel tracing APIs in modern versions of windows, implemented to support Microsofts\' port of the â€˜DTraceâ€™ system to windows. This system provides an officially supported mechanism to perform system call interception that is patchguard compatible, but not secure boot compatible. Alongside the history and details of DTrace this talk will also cover a C++ and Rust based reimplementation of the system that I call STrace. This reimplementation allows users to write custom plugin dlls which are manually mapped to the kernel address space. These plugins can then log all system calls, or perform any side effects before and after system call execution by invoking the typical kernel driver APIs â€“ if desired.\n
\n\n\'',NULL,148937),('4_Sunday','12','12:00','12:45','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Defaults - the faults. Bypassing android permissions from all protection levels\'','\'Nikita Kurtin\'','DC_9e126a887f85622aef2af120fdc6174b','\'Title: Defaults - the faults. Bypassing android permissions from all protection levels
\nWhen: Sunday, Aug 14, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Nikita Kurtin\n, Hacker
\nBy day - senior research developer
\nBy night - street workout athlete
\nSometimes vice versa ;-)
\nFavorite quote: \"Between dream and reality, there is only you.\"\n

You can see CVE on my name here:
\nhttps://source.android.com/security/overview/acknowledgements\n

\n\n
\nDescription:
\nExploring in depth the android permission mechanism, through different protection levels.\n

Step by step exploitations techniques that affect more than 98% of all Android devices including the last official release (Android 12).\n

In this talk I reveal a few different techniques that I uncovered in my research, which can allow hackers to bypass permissions from all protection levels in any Android device, which is more than 3 billion active devices according to the google official stats.\n

These vulnerabilities enable the hacker to bypass the security measures of android, by abusing default (built in) services and get access to abilities and resources which are protected by permission mechanism.\n

Some vulnerabilities are partially fixed, others won\'t be fixed as google considers as intended behavior.\n

In this talk I\'ll survey the different vulnerabilities, and deep dive into a few of different exploitations.\n

Finally, I\'ll demonstrate how those techniques can be combined together to create real life implications and to use for: Ransomware, Clickjacking, Uninstalling other apps and more, completely undetected by security measures.\n

\n\n\'',NULL,148938),('4_Sunday','12','12:00','12:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'PreAuth RCE Chains on an MDM: KACE SMA\'','\'Jeffrey Hofmann\'','DC_ae6855cb7f6d7f7ee2d1f63bfab75c58','\'Title: PreAuth RCE Chains on an MDM: KACE SMA
\nWhen: Sunday, Aug 14, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Jeffrey Hofmann\n, Security Engineer at Nuro
\nJeffrey Hofmann is a Security Engineer at Nuro who loves to do security research both on and off the clock. He has a background in penetration testing and a passion for exploit development/reverse engineering.
\nTwitter: @jeffssh
\n\n
\nDescription:
\nMDM solutions are, by design, a single point of failure for organizations. MDM appliances often have the ability to execute commands on most of the devices in an organization and provide an â€œinstant winâ€ target for attackers. KACE Systems Management Appliance is a popular MDM choice for hybrid environments. This talk will cover the technical details of 3 preauthentication RCE as root chains on KACE SMA and the research steps taken to identify the individual vulnerabilities used.\n
\n\n\'',NULL,148939),('4_Sunday','12','12:00','12:45','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'Taking a Dump In The Cloud\'','\'Flangvik,Melvin Langvik\'','DC_d8945daf4c2d7355a09e08f278a74c47','\'Title: Taking a Dump In The Cloud
\nWhen: Sunday, Aug 14, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\nSpeakers:Flangvik,Melvin Langvik
\n
SpeakerBio:Flangvik\n
\nNo BIO available
\n
SpeakerBio:Melvin Langvik\n, Security Consultant, TrustedSec Targeted Operations
\nMelvin started as a C Azure developer and integrations consultant after finishing his bachelorâ€™s degree in computer engineering. During his time as a developer, he got hands-on experience with rapidly creating and deploying critical backend infrastructure for an international client base. It was during this period Melvin started to pursue his goal of transiting into offensive security. Melvin broke into the HackTheBox cybersecurity platform â€œHall Of Fameâ€ and subsequently successfully landed as a security consultant. While working as a penetration tester, Melvin has contributed to the infosec community by releasing open-source and offensively targeted C based tools and techniques, such as BetterSafetyKatz, SharpProxyLogon, AzureC2Relay, and CobaltBus. Melvin is also the creator and maintainer of the SharpCollection project, a project which utilizes Azure DevOps PipeLines to automatically release pre-compiled binaries of the most common offensive C# projects, triggered by updates from their respective main branch
\nTwitter: @Flangvik
\n\n
\nDescription:
\nTaking a Dump In The Cloud is a tale of countless sleepless nights spent reversing and understanding the integration between Microsoft Office resources and how desktop applications implement them. The release of the TeamFiltration toolkit, connecting all the data points to more effectively launch attacks against Microsoft Azure Tenants. Understanding the lack of conditional access for non-interactive logins and how one can abuse the magic of Microsofts OAuth implementation with Single-Sign-On to exfiltrate all the loot. Streamlining the process of account enumeration and validation. Thoughts on working effectively against Azure Smart Lockout. Exploring options of vertical movement given common cloud configurations, and more!\n
\n\n\'',NULL,148940),('4_Sunday','12','12:00','12:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'The Call is Coming From Inside The Cluster: Mistakes that Lead to Whole Cluster Pwnership\'','\'Will Kline,Dagan Henderson\'','DC_7c09e8c9ae79af73a2d485fdf30a3337','\'Title: The Call is Coming From Inside The Cluster: Mistakes that Lead to Whole Cluster Pwnership
\nWhen: Sunday, Aug 14, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\nSpeakers:Will Kline,Dagan Henderson
\n
SpeakerBio:Will Kline\n, Senior Principal / Dark Wolf Solutions
\nWill Kline is a Senior Principal with Dark Wolf Solutions, where he works with different customers to modernize their containerized development environments. Heâ€™s been working with Linux containers since the pre-Docker days. He has been attending DEF CON since DEF CON 21. He has been coming back almost every year, becoming increasingly involved with the SOHOplessly Broken IoT CTF and the Wireless CTF. At DEF CON 25 his team â€œWolf Emojiâ€ took a Black Badge. In his recent work with Dagan, he has been excited to see the intersection between his off-hours hacking fun and real world cloud architecture and SRE work.
\n
SpeakerBio:Dagan Henderson\n, Principal / RAFT
\nDagan Henderson is a Principal Engineer at Raft, LLC, where he specializes in Kubernetes platform development. Daganâ€™s interest in hacking dates back to the late 80s when AOL and BBSs were the spots (yep, he hosted a very short lived BBS from his home PCâ€”and it got hacked). His first useful computer program was a DOS BAT on a bootable floppy that removed a very persistent Windows 95 Trojan, which he wrote for the mom-and-pop computer shop he worked at for his first job. While in college, Dagan began working for a medical services provider, and when his acumen with computer systems became well-known, he was asked to evaluate a new electronic medical records system. He was able to identify several information-disclosure vulnerabilities and work with the development team to address them. As his career in software engineering took off, Dagan remained committed to developing secure applications, which is essentially the art of not developing insecure systems, and he remains committed to the practice today. As a 25-year veteran of the industry, Dagan has seen (and made) many, many mistakes. He knows where bodies get buried.
\n\n
\nDescription:
\nKubernetes has taken the DevOps world by storm, but its rapid uptake has created an ecosystem where many popular solutions for common challengesâ€”storage, release management, observability, etc.â€”are either somewhat immature or have been â€œlifted and shiftedâ€ to Kubernetes. What critical security smells can pentesters look for when looking at the security of a cluster?\n

We are going to talk through five different security problems that we have found (and reported, no 0-days here) in popular open-source projects and how you can look for similar vulnerabilities in other projects.\n

\n\n\'',NULL,148941),('4_Sunday','13','13:00','13:45','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'ElectroVolt: Pwning popular desktop apps while uncovering new attack surface on Electron\'','\'Max Garrett,Aaditya Purani\'','DC_0e084c5e5d345ab2645704bec8da5161','\'Title: ElectroVolt: Pwning popular desktop apps while uncovering new attack surface on Electron
\nWhen: Sunday, Aug 14, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\nSpeakers:Max Garrett,Aaditya Purani
\n
SpeakerBio:Max Garrett\n, Application Security Auditor, Cure53
\nNo BIO available
\n
SpeakerBio:Aaditya Purani\n, Senior Security Engineer, Tesla
\nAaditya Purani is a senior security engineer at a leading automotive company. Aaditya\'s primary areas of expertise are web/mobile application penetration testing, product security reviews, blockchain security, and source code review.\n

He contributes to responsible disclosure programs and is included in the hall of fame for Apple, Google and AT&T. He also participates in capture the flag (CTF) from perfect blue which is a globally ranked top-1 CTF team since 2020.\n

As a researcher, his notable public findings include BTCPay Pre-Auth RCE, Brave Browser Address Bar Vulnerability, and Akamai Zero Trust RCE. As a writer, Aaditya has authored articles for InfoSec Institute, Buzzfeed, and Hakin9. In the past, Aaditya has interned for Bishop Fox and Palo Alto Networks.\n

\nTwitter: @aaditya_purani
\n\n
\nDescription:
\nElectron based apps are becoming a norm these days as it allows encapsulating web applications into a desktop app which is rendered using chromium. However, if Electron apps load remote content of attackers choice either via feature or misconfiguration of Deep Link or Open redirect or XSS it would lead to Remote Code Execution on the OS.\n

Previously, it was known that lack of certain feature flags and inefficiency to apply best practices would cause this behavior but we have identified sophisticated novel attack vectors within the core electron framework which could be leveraged to gain remote code execution on Electron apps despite all feature flags being set correctly under certain circumstances.\n

This presentation covers the vulnerabilities found in twenty commonly used Electron applications and demonstrates Remote Code Execution within apps such as Discord, Teams(local file read), VSCode, Basecamp, Mattermost, Element, Notion, and others. \n

The speaker\'s would like to thank Mohan Sri Rama Krishna Pedhapati, Application Security Auditor, Cure53 and William Bowling, Senior Software Developer, Biteable for their contributions to this presentation.\n

\n\n\'',NULL,148942),('4_Sunday','13','13:00','13:45','N','DC','Caesars Forum - Forum 104-105, 135-136 (Track 1)','\'Less SmartScreen More Caffeine â€“ ClickOnce (Ab)Use for Trusted Code Execution\'','\'Nick Powers,Steven Flores\'','DC_450eadd5ee69ae7a33daa5dadd4ef98b','\'Title: Less SmartScreen More Caffeine â€“ ClickOnce (Ab)Use for Trusted Code Execution
\nWhen: Sunday, Aug 14, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
\nSpeakers:Nick Powers,Steven Flores
\n
SpeakerBio:Nick Powers\n, Consultant at SpecterOps
\nNick Powers is an operator and red teamer at SpecterOps. He has experience with providing, as well as leading, pentest and red team service offerings for a large number of fortune 500 companies. Prior to offensive security, Nick gained security and consulting experience while offering compliance-based gap assessments and vulnerability audits. With a career focused on offensive security, his interests and prior research focuses have included initial access techniques, evasive Windows code execution, and the application of alternate C2 and data exfiltration channels.
\nTwitter: @zyn3rgy
\n
SpeakerBio:Steven Flores\n, Senior Consultant at SpecterOps
\nSteven Flores is an experienced red team operator and former Marine. Over the years Steven has performed engagements against organizations of varying sizes in industries that include financial, healthcare, legal, and government. Steven enjoys learning new tradecraft and developing tools used during red team engagements. Steven has developed several commonly used red team tools such as SharpRDP, SharpMove, and SharpStay.
\nTwitter: @0xthirteen
\n\n
\nDescription:
\nInitial access payloads have historically had limited methods that work seamlessly in phishing campaigns and can maintain a level of evasion. This payload category has been dominated by Microsoft Office types, but as recent news has shown, the lifespan of even this technique is shortening. A vehicle for payload delivery that has been greatly overlooked for initial access is ClickOnce. ClickOnce is very versatile and has a lot of opportunities for maintaining a level of evasion and obfuscation. In this talk weâ€™ll cover methods of bypassing Windows controls such as SmartScreen, application whitelisting, and trusted code abuses with ClickOnce applications. Additionally, weâ€™ll discuss methods of turning regular signed or high reputation .NET assemblies into weaponized ClickOnce deployments. This will result in circumvention of common security controls and extend the value of ClickOnce in the offensive use case. Finally, weâ€™ll discuss delivery mechanisms to increase the overall legitimacy of ClickOnce application deployment in phishing campaigns. This talk can bring to attention the power of ClickOnce applications and code execution techniques that are not commonly used.\n
\n\n\'',NULL,148943),('4_Sunday','13','13:00','13:45','N','DC','Caesars Forum - Forum 106-110, 138-139 (Track 2)','\'RingHopper â€“ Hopping from User-space to God Mode\'','\'Benny Zeltser,Jonathan Lusky\'','DC_0d3189e4f6dac4cf8292922c2e0d0997','\'Title: RingHopper â€“ Hopping from User-space to God Mode
\nWhen: Sunday, Aug 14, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
\nSpeakers:Benny Zeltser,Jonathan Lusky
\n
SpeakerBio:Benny Zeltser\n, Security Researcher, Intel
\nNo BIO available
\n
SpeakerBio:Jonathan Lusky\n, Security Research Team Lead, Intel
\nNo BIO available
\n\n
\nDescription:
\nThe SMM is a well-guarded fortress that holds a treasure â€“ an unlimited god mode. We hopped over the walls, fooled the guards, and entered the holy grail of privileges. \nAn attacker running in System Management Mode (SMM) can bypass practically any security mechanism, steal sensitive information, install a bootkit, or even brick the entire platform.\nWe discovered a family of industry wide TOCTOU vulnerabilities in various UEFI implementations affecting more than 8 major vendors making billions of devices vulnerable to our attack. RingHopper leverages peripheral devices that exist on every platform to perform a confused deputy attack. With RingHopper we hop from ring 3 (user-space) into ring -2 (SMM), bypass all mitigations, and gain arbitrary code execution.\nIn our talk, we will deep-dive into this class of vulnerabilities, exploitation method and how it can be prevented. Finally, we will demonstrate a PoC of a full exploitation using RingHopper, hopping from user-space into SMM.\n
\n\n\'',NULL,148944),('4_Sunday','13','13:00','13:45','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'The Journey From an Isolated Container to Cluster Admin in Service Fabric\'','\'Aviv Sasson\'','DC_6b6fa491ba0e1b1354525a693e4ea0b2','\'Title: The Journey From an Isolated Container to Cluster Admin in Service Fabric
\nWhen: Sunday, Aug 14, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Aviv Sasson\n, Principal security researcher, Palo Alto Networks
\nAviv Sasson is a security research team lead in Palo Alto Networks under Prisma Cloud, specializing in cloud, network, and application security. He started his career in the Israeli intelligence forces and continued to work in the cyber security industry. He is fascinated by container and cloud security and is now working in the Prisma Cloud research team, finding security issues and zero days in the cloud ecosystem.
\n\n
\nDescription:
\nService Fabric is a scalable and reliable container orchestrator developed by Microsoft. It is widely used in Microsoft Azure as well as in Microsoftâ€™s internal production environments as an infrastructure for containerized applications.\n

Developing a container orchestrator is not an easy task as it involves harnessing many technologies in a complicated and distributed environment. This complexity can ultimately lead to security issues. Such security issues can impose a critical risk since compromising an infrastructure allows attackers to escalate their privileges and take over an entire environment quickly and effectively.\n

In this session, Aviv will share his research on Service Fabric and his journey of escalating from an isolated container to cluster admin. He will go through researching the code and finding a zero-day vulnerability, explaining his exploitation process in Azure Service Fabric offering while dealing with race conditions and other limitations, and explain how it all allowed him to break out of his container to later gain full control over the underlying Service Fabric cluster.\n

In the end, he will share his thoughts on security in the cloud and his concerns on cloud multitenancy.\n

\n\n\'',NULL,148945),('4_Sunday','14','14:00','14:45','N','DC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Solana JIT: Lessons from fuzzing a smart-contract compiler\'','\'Thomas Roth\'','DC_1ec436a233439c352a79846513a70cb5','\'Title: Solana JIT: Lessons from fuzzing a smart-contract compiler
\nWhen: Sunday, Aug 14, 14:00 - 14:45 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
SpeakerBio:Thomas Roth\n
\nThomas Roth is a security researcher from Germany. In the past he has published research on topics like TrustZone, fault injection, payment terminals, cryptocurrency-wallets and embedded security.
\n\n
\nDescription:
\nSolana is a blockchain with a $37 billion dollar market cap with the\nsecurity of that chain relying on the security of the smart contracts\non the chain - and we found very little research on the actual\nexecution environment of those contracts. In contrast to Ethereum,\nwhere contracts are mostly written in Solidity and then compiled to\nthe Ethereum Virtual Machine, Solana uses a different approach: Solana\ncontracts can be written in C, Rust, and C++, and are compiled to\neBPF. Underneath the hood, Solana uses rBPF: A Rust BPF implementation\nwith a just-in-time compiler. Given the security history of eBPF in\nthe Linux kernel, and the lack of previous public, low-level Solana\nresearch, we decided to dig deeper: We built Solana\nreverse-engineering tooling and fuzzing harnesses as we slowly dug our\nway into the JIT - eventually discovering multiple out-of-bounds\nvulnerabilities.\n
\n\n\'',NULL,148946),('4_Sunday','14','14:00','15:15','N','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Contest Closing Ceremonies & Awards\'','\'Grifter\'','DC_f749713f5c6ba9aba0664c538128cf91','\'Title: Contest Closing Ceremonies & Awards
\nWhen: Sunday, Aug 14, 14:00 - 15:15 PDT
\nWhere: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
\n
SpeakerBio:Grifter\n, DEF CON, Contests & Events
\nNo BIO available
\n\n
\nDescription:
\nDEF CON Contest & Events Awards, come find out who won what!!\n
\n\n\'',NULL,148947),('4_Sunday','15','14:00','15:15','Y','DC','Caesars Forum - Academy 401-410, 421 (Track 3)','\'Contest Closing Ceremonies & Awards\'','\'Grifter\'','DC_f749713f5c6ba9aba0664c538128cf91','\'\'',NULL,148948),('4_Sunday','15','15:30','17:30','N','DC','Caesars Forum - Forum 104-110, 135-136, 138-139 (Tracks 1+2)','\'DEF CON Closing Ceremonies & Awards\'','\'The Dark Tangent\'','DC_9186e6d423df2c7492908562745a141b','\'Title: DEF CON Closing Ceremonies & Awards
\nWhen: Sunday, Aug 14, 15:30 - 17:30 PDT
\nWhere: Caesars Forum - Forum 104-110, 135-136, 138-139 (Tracks 1+2) - Map
\n
SpeakerBio:The Dark Tangent\n, DEF CON
\nNo BIO available
\n\n
\nDescription:
\nDEF CON Closing Ceremonies & Awards, the Uber Black badges are awarded to the winners of CTF and several other contests that earned a Black badge for DEF CON 30! We will wrap up the con, say thanks where it\'s due, and acknowledge special moments.\n
\n\n\'',NULL,148949),('4_Sunday','16','15:30','17:30','Y','DC','Caesars Forum - Forum 104-110, 135-136, 138-139 (Tracks 1+2)','\'DEF CON Closing Ceremonies & Awards\'','\'The Dark Tangent\'','DC_9186e6d423df2c7492908562745a141b','\'\'',NULL,148950),('4_Sunday','17','15:30','17:30','Y','DC','Caesars Forum - Forum 104-110, 135-136, 138-139 (Tracks 1+2)','\'DEF CON Closing Ceremonies & Awards\'','\'The Dark Tangent\'','DC_9186e6d423df2c7492908562745a141b','\'\'',NULL,148951),('2_Friday','21','21:00','01:59','N','SOC','Caesars Forum - Forum 104-105, 136','\'GOTHCON (#DCGOTHCON)\'','\' \'','SOC_56adc202af02ef4586651793c126ed8c','\'Title: GOTHCON (#DCGOTHCON)
\nWhen: Friday, Aug 12, 21:00 - 01:59 PDT
\nWhere: Caesars Forum - Forum 104-105, 136 - Map
\n
\nDescription:
\nBack for their 5th year, GOTHCON welcomes everyone to come dance and stomp the night away at their Techno Coven. 9pm-2am Friday Aug 12th. Follow @dcgothcon on twitter for updates and details on location. All are welcome (except nazis), and dress however you want - whatever makes you the most comfortable and happy.\n
\n\n\'',NULL,148952),('3_Saturday','20','20:00','21:59','N','SOC','Caesars Forum - Accord Boardroom (Demo Labs)','\'Hacker Flairgrounds\'','\' \'','SOC_926195e7e6ed46833234827655cdcfcf','\'Title: Hacker Flairgrounds
\nWhen: Saturday, Aug 13, 20:00 - 21:59 PDT
\nWhere: Caesars Forum - Accord Boardroom (Demo Labs) - Map
\n
\nDescription:
\nThe destination for badge collectors, designers, and hardware hacks to celebrate the flashier side of DEF CON. It is a melding of the 1337 and the un1eet interested in hardware and IoT. We see #badgelife, #badgelove, SAOs and badge hacking as a great potential for securing IoT and keeping the power in the hands of the consumer by spreading knowledge about the craft/trade. Those involved should be celebrated for sharing their knowledge. Many of them do not like the limelight, so this gives us a chance to personally say thank you in a chill environment.\n
\n\n\'',NULL,148953),('3_Saturday','21','20:00','21:59','Y','SOC','Caesars Forum - Accord Boardroom (Demo Labs)','\'Hacker Flairgrounds\'','\' \'','SOC_926195e7e6ed46833234827655cdcfcf','\'\'',NULL,148954),('2_Friday','19','19:30','01:59','N','SOC','Caesars Forum - Forum 133 (Karaoke/Chess)','\'Hacker Karaoke\'','\' \'','SOC_91f92e29e32a66e11162a5edd2e43102','\'Title: Hacker Karaoke
\nWhen: Friday, Aug 12, 19:30 - 01:59 PDT
\nWhere: Caesars Forum - Forum 133 (Karaoke/Chess) - Map
\n
\nDescription:
\nFor those who love to sing and perform in front of others, we are celebrating our 14th year of Love, Laughter, and Song from 8 PM to 2 AM Friday and Saturday night.\n

We are open to everyone of any age, and singing is not required.\n

For more information visit:\n

https://hackerkaraoke.org or Twitter @hackerkaraoke.\n

\n\n\'',NULL,148955),('3_Saturday','19','19:30','01:59','N','SOC','Caesars Forum - Forum 133 (Karaoke/Chess)','\'Hacker Karaoke\'','\' \'','SOC_790d277e5f37fae42b95cf8362e20cbc','\'Title: Hacker Karaoke
\nWhen: Saturday, Aug 13, 19:30 - 01:59 PDT
\nWhere: Caesars Forum - Forum 133 (Karaoke/Chess) - Map
\n
\nDescription:
\nFor those who love to sing and perform in front of others, we are celebrating our 14th year of Love, Laughter, and Song from 8 PM to 2 AM Friday and Saturday night.\n

We are open to everyone of any age, and singing is not required.\n

For more information visit:\n

https://hackerkaraoke.org or Twitter @hackerkaraoke.\n

\n\n\'',NULL,148956),('2_Friday','18','18:00','17:59','N','SOC','Harrah\'s - Parlor D & The Veranda (Meetup)','\'Lawyers Meet\'','\' \'','SOC_c714036f9aa35756e362d5deac00dd67','\'Title: Lawyers Meet
\nWhen: Friday, Aug 12, 18:00 - 17:59 PDT
\nWhere: Harrah\'s - Parlor D & The Veranda (Meetup) - Map
\n
\nDescription:
\nIf youâ€™re a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join Jeff McNamara for a friendly get-together, drinks, and conversation.\n
\n\n\'',NULL,148957),('2_Friday','17','17:00','19:59','N','SOC','Caesars Forum - Accord Boardroom (Demo Labs)','\'Meet the Digital Lab at Consumer Reports\'','\' \'','SOC_c9ebcff5514fd9f2ed9523d22dc08f90','\'Title: Meet the Digital Lab at Consumer Reports
\nWhen: Friday, Aug 12, 17:00 - 19:59 PDT
\nWhere: Caesars Forum - Accord Boardroom (Demo Labs) - Map
\n
\nDescription:
\nConsumer Reports Digital Lab is a team of hackers, technologists and advocates that break the products we use every day to identify vulnerabilities that harm consumers. Come meet CRâ€™s resident hackers and learn how you can hack alongside us. Weâ€™ll be showcasing our work in IoT, VPNs, and data rights and asking you how we can better leverage our security testing and research to provoke industry change.\n
\n\n\'',NULL,148958),('2_Friday','18','17:00','19:59','Y','SOC','Caesars Forum - Accord Boardroom (Demo Labs)','\'Meet the Digital Lab at Consumer Reports\'','\' \'','SOC_c9ebcff5514fd9f2ed9523d22dc08f90','\'\'',NULL,148959),('2_Friday','19','17:00','19:59','Y','SOC','Caesars Forum - Accord Boardroom (Demo Labs)','\'Meet the Digital Lab at Consumer Reports\'','\' \'','SOC_c9ebcff5514fd9f2ed9523d22dc08f90','\'\'',NULL,148960),('3_Saturday','20','20:00','21:59','N','SOC','Caesars Forum - Forum 111','\'Meet the EFF\'','\' \'','SOC_b693127e614888f09999081ab6ad8b63','\'Title: Meet the EFF
\nWhen: Saturday, Aug 13, 20:00 - 21:59 PDT
\nWhere: Caesars Forum - Forum 111 - Map
\n
\nDescription:
\nJoin the Electronic Frontier Foundation - The leading non-profit fighting for civil liberties in the digital world- to chat about the latest developments in Tech and Law and how these can help each other to build a better future.\n

The discussion will include updates on current EFF issues such as Disciplinary technologies, Stalkerware, LGBTQ+ Rights, Reproductive Rights, drones, updates on cases and legislation affecting security research, and law enforcement partnerships with industry.\n

Half of this session will be given over to question-and-answer, so itâ€™s your chance to ask EFF questions about the law and tech.\n

\n\n\'',NULL,148961),('3_Saturday','21','20:00','21:59','Y','SOC','Caesars Forum - Forum 111','\'Meet the EFF\'','\' \'','SOC_b693127e614888f09999081ab6ad8b63','\'\'',NULL,148962),('2_Friday','20','20:00','21:59','N','SOC','Caesars Forum - Caucus & Society Boardrooms (Demo Labs)','\'Pilots and Hackers Meetup\'','\' \'','SOC_9fbfb4f0aadb848cbf6ce837569b5f3e','\'Title: Pilots and Hackers Meetup
\nWhen: Friday, Aug 12, 20:00 - 21:59 PDT
\nWhere: Caesars Forum - Caucus & Society Boardrooms (Demo Labs) - Map
\n
\nDescription:
\nAerospace Village presents....\n

Buzzing the tower â€“ a Pilot / Hacker meetup\n

Whether you are a hacker, a pilot, or have an interest in either you are welcome to join us at Buzzing the Tower, a meetup hosted by the Aerospace Village. Come and relax, squawk with others, and try your hand at our DEF CON 30 themed Flight Sim challenge! So please stow your tray table in readiness for landing at the destination favoured by pilots and hackers alike!\n

\n\n\'',NULL,148963),('2_Friday','21','20:00','21:59','Y','SOC','Caesars Forum - Caucus & Society Boardrooms (Demo Labs)','\'Pilots and Hackers Meetup\'','\' \'','SOC_9fbfb4f0aadb848cbf6ce837569b5f3e','\'\'',NULL,148964),('2_Friday','16','16:00','17:59','N','SOC','Caesars Forum - Forum 120-123, 129, 137 (Chillout)','\'Queercon Mixer\'','\' \'','SOC_61fa971fee84751795f21336bc824972','\'Title: Queercon Mixer
\nWhen: Friday, Aug 12, 16:00 - 17:59 PDT
\nWhere: Caesars Forum - Forum 120-123, 129, 137 (Chillout) - Map
\n
\nDescription:
\nThe lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those youâ€™ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.\n
\n\n\'',NULL,148965),('2_Friday','17','16:00','17:59','Y','SOC','Caesars Forum - Forum 120-123, 129, 137 (Chillout)','\'Queercon Mixer\'','\' \'','SOC_61fa971fee84751795f21336bc824972','\'\'',NULL,148966),('3_Saturday','16','16:00','17:59','N','SOC','Caesars Forum - Forum 120-123, 129, 137 (Chillout)','\'Queercon Mixer\'','\' \'','SOC_b8c17dd69445fd435f24e5e698dc0530','\'Title: Queercon Mixer
\nWhen: Saturday, Aug 13, 16:00 - 17:59 PDT
\nWhere: Caesars Forum - Forum 120-123, 129, 137 (Chillout) - Map
\n
\nDescription:
\nThe lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those youâ€™ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.\n
\n\n\'',NULL,148967),('3_Saturday','17','16:00','17:59','Y','SOC','Caesars Forum - Forum 120-123, 129, 137 (Chillout)','\'Queercon Mixer\'','\' \'','SOC_b8c17dd69445fd435f24e5e698dc0530','\'\'',NULL,148968),('1_Thursday','16','16:00','17:59','N','SOC','Caesars Forum - Forum 120-123, 129, 137 (Chillout)','\'Queercon Mixer\'','\' \'','SOC_b4320ba3c6b6cdda97a63e1334462597','\'Title: Queercon Mixer
\nWhen: Thursday, Aug 11, 16:00 - 17:59 PDT
\nWhere: Caesars Forum - Forum 120-123, 129, 137 (Chillout) - Map
\n
\nDescription:
\nThe lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those youâ€™ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.\n
\n\n\'',NULL,148969),('1_Thursday','17','16:00','17:59','Y','SOC','Caesars Forum - Forum 120-123, 129, 137 (Chillout)','\'Queercon Mixer\'','\' \'','SOC_b4320ba3c6b6cdda97a63e1334462597','\'\'',NULL,148970),('2_Friday','22','22:00','00:59','N','SOC','Caesars Forum - Forum 108-110','\'Queercon Party\'','\' \'','SOC_69303ab304b3aac86e207cc6b0906d3f','\'Title: Queercon Party
\nWhen: Friday, Aug 12, 22:00 - 00:59 PDT
\nWhere: Caesars Forum - Forum 108-110 - Map
\n
\nDescription:
\nThe lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those youâ€™ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.\n
\n\n\'',NULL,148971),('3_Saturday','21','21:00','01:59','N','SOC','Caesars Forum - Forum 106, 139','\'VETCON\'','\' \'','SOC_f2ba73f85a6a5476584a848f78b14426','\'Title: VETCON
\nWhen: Saturday, Aug 13, 21:00 - 01:59 PDT
\nWhere: Caesars Forum - Forum 106, 139 - Map
\n
\nDescription:
\nCo-founded in 2018 by Jim McMurry and William Kimble, the founders of Milton Security and Cyber Defense Technologies, respectively, the VETCON conference is the official Veteran event of the DEFCON Hacker Conference. VETCON, through its Discord server and in person events, we connect and support veterans in the Information Security field. The event is open to all DEFCON attendees with a focus on military veterans.\n

VETCON Is a Conference for Veterans, Run by Veterans, During the Largest Hacker Conference, DEFCON\n

\n\n\'',NULL,148972),('3_Saturday','21','21:00','23:59','N','SOC','Caesars Forum - Forum 104-105, 136','\'Arcade Party\'','\' \'','SOC_9d0834f8975a0bcbc7ec825f44db1c32','\'Title: Arcade Party
\nWhen: Saturday, Aug 13, 21:00 - 23:59 PDT
\nWhere: Caesars Forum - Forum 104-105, 136 - Map
\n
\nDescription:
\nThe Arcade Party is back! Come play your favorite classic arcade games while jamming out to Keith Myers DJing. Your favorite custom built 16 player LED foosball table will be ready for some competitive games.\n

This epic party is hosted by the Military Cyber Professionals Association (a tech ed charity) and friends.\n

More info: ArcadeParty.org (open to all DEF CON attendees)\n

\n\n\'',NULL,148973),('3_Saturday','22','21:00','23:59','Y','SOC','Caesars Forum - Forum 104-105, 136','\'Arcade Party\'','\' \'','SOC_9d0834f8975a0bcbc7ec825f44db1c32','\'\'',NULL,148974),('3_Saturday','23','21:00','23:59','Y','SOC','Caesars Forum - Forum 104-105, 136','\'Arcade Party\'','\' \'','SOC_9d0834f8975a0bcbc7ec825f44db1c32','\'\'',NULL,148975),('3_Saturday','19','19:30','00:59','N','SOC','Caesars Forum - Forum 109-110','\'BlanketFort Con\'','\' \'','SOC_7cb7e4459051bd2398d86fa800bb90c4','\'Title: BlanketFort Con
\nWhen: Saturday, Aug 13, 19:30 - 00:59 PDT
\nWhere: Caesars Forum - Forum 109-110 - Map
\n
\nDescription:
\nBlanket Fort Con: Come for the chill vibes and diversity, stay for the Blanket Fort Building, Cool Lights, Music, and, Kid Friendly\\Safe environment. Now with less Gluten and more animal onesies!\n
\n\n\'',NULL,148976),('2_Friday','20','20:00','22:59','N','SOC','LINQ - Pool','\'BlueTeam Village Party\'','\' \'','SOC_73e305e5897c3094037906ba4bb5bce4','\'Title: BlueTeam Village Party
\nWhen: Friday, Aug 12, 20:00 - 22:59 PDT
\nWhere: LINQ - Pool
\n
\nDescription:
\nThis year BTV will be celebrating five years at DEF CON!!! Join us Friday night 8pm-11pm at the LINQ pool. Libations will be available at the cash bar. Free tacos, sliders, and other goodies.\n

Dual Core will be performing at 9pm!\n

We hope to see you during this special Homecoming event.\n

\n\n\'',NULL,148977),('2_Friday','21','20:00','22:59','Y','SOC','LINQ - Pool','\'BlueTeam Village Party\'','\' \'','SOC_73e305e5897c3094037906ba4bb5bce4','\'\'',NULL,148978),('2_Friday','22','20:00','22:59','Y','SOC','LINQ - Pool','\'BlueTeam Village Party\'','\' \'','SOC_73e305e5897c3094037906ba4bb5bce4','\'\'',NULL,148979),('2_Friday','16','16:00','18:59','N','SOC','Caesars Forum - Summit 211-213 (Teacher\'s Lounge)','\'DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup\'','\' \'','SOC_36ae2c4dfc967dd504301aba4869fc78','\'Title: DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup
\nWhen: Friday, Aug 12, 16:00 - 18:59 PDT
\nWhere: Caesars Forum - Summit 211-213 (Teacher\'s Lounge) - Map
\n
\nDescription:
\nThey say Atlanta is the city too busy to hate, but it also has too much traffic for its widespread hacker fam to get together in a single meetup. So instead weâ€™re meeting up in the desert during DEF CON - the one time of year when intown, northern burbs, south siders, and anyone else connected to (or interested in!) DC404â€™s 20+ year legacy can catch up, share stories, and make new connections. Come prepared to share your interests, hacks, swag, stories, and good times!\n
\n\n\'',NULL,148980),('2_Friday','17','16:00','18:59','Y','SOC','Caesars Forum - Summit 211-213 (Teacher\'s Lounge)','\'DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup\'','\' \'','SOC_36ae2c4dfc967dd504301aba4869fc78','\'\'',NULL,148981),('2_Friday','18','16:00','18:59','Y','SOC','Caesars Forum - Summit 211-213 (Teacher\'s Lounge)','\'DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup\'','\' \'','SOC_36ae2c4dfc967dd504301aba4869fc78','\'\'',NULL,148982),('1_Thursday','18','18:00','20:59','N','SOC','Caesars Forum - Summit 211-213 (Teacher\'s Lounge)','\'DC702 Pwnagotchi Party\'','\' \'','SOC_bfd39dc1c5f05da2ac6e20c5ddacf41b','\'Title: DC702 Pwnagotchi Party
\nWhen: Thursday, Aug 11, 18:00 - 20:59 PDT
\nWhere: Caesars Forum - Summit 211-213 (Teacher\'s Lounge) - Map
\n
\nDescription:
\nJoin DC702 for a Pwnagotchi party. The DC702 team will be auctioning off kits and donating the proceeds to the EFF, as well as providing instructions and guidance for assembly. Everyone is welcome to come by, and if you have your own assembled or unassembled kit, feel free to bring it!\n
\n\n\'',NULL,148983),('1_Thursday','19','18:00','20:59','Y','SOC','Caesars Forum - Summit 211-213 (Teacher\'s Lounge)','\'DC702 Pwnagotchi Party\'','\' \'','SOC_bfd39dc1c5f05da2ac6e20c5ddacf41b','\'\'',NULL,148984),('1_Thursday','20','18:00','20:59','Y','SOC','Caesars Forum - Summit 211-213 (Teacher\'s Lounge)','\'DC702 Pwnagotchi Party\'','\' \'','SOC_bfd39dc1c5f05da2ac6e20c5ddacf41b','\'\'',NULL,148985),('2_Friday','16','16:00','18:59','N','SOC','Flamingo - Bird Bar','\'DEF CON Holland DC3115 & DC3120 Group Meetup\'','\' \'','SOC_9f06d0e75dcc29b38b48391852d297aa','\'Title: DEF CON Holland DC3115 & DC3120 Group Meetup
\nWhen: Friday, Aug 12, 16:00 - 18:59 PDT
\nWhere: Flamingo - Bird Bar
\n
\nDescription:
\nIn The Netherlands itâ€™s a tradition to catch up with your colleagues just before the end of the workday on Friday when the weekend starts to kick in. In The Netherlands this is called the â€œVrijMiBoâ€ (Vrijdag/Friday - Middag/Afternoon Borrel/Drink)\n

â€œVrijMiBo/Friday afternoon Drinkâ€ at DefCon is a perfect moment to talk about what your favorite thing is at DefCon, show your cool handmade badges, impress other hackers about your latest hacks, make new friends, gossip about your boss and show your cat or dog pictures.\n

Vrijdag Middag Borrel, Freitag Mittags Getränk, Apéritif du vendredi après-midi, trago de viernes por la tarde.\n

\n\n\'',NULL,148986),('2_Friday','17','16:00','18:59','Y','SOC','Flamingo - Bird Bar','\'DEF CON Holland DC3115 & DC3120 Group Meetup\'','\' \'','SOC_9f06d0e75dcc29b38b48391852d297aa','\'\'',NULL,148987),('2_Friday','18','16:00','18:59','Y','SOC','Flamingo - Bird Bar','\'DEF CON Holland DC3115 & DC3120 Group Meetup\'','\' \'','SOC_9f06d0e75dcc29b38b48391852d297aa','\'\'',NULL,148988),('3_Saturday','17','17:00','18:59','N','SOC','Caesars Forum - Society Boardroom (Demo Labs)','\'Denial, Deception, and Drinks with Mitre Engage\'','\' \'','SOC_45ca156e0cded7c10cc724445c45aa7e','\'Title: Denial, Deception, and Drinks with Mitre Engage
\nWhen: Saturday, Aug 13, 17:00 - 18:59 PDT
\nWhere: Caesars Forum - Society Boardroom (Demo Labs) - Map
\n
\nDescription:
\nInterested in cyber denial, deception, and adversary engagement? Come join the MITRE Engage team for conversations, war stories, and cyber shenanigans.\n
\n\n\'',NULL,148989),('3_Saturday','18','17:00','18:59','Y','SOC','Caesars Forum - Society Boardroom (Demo Labs)','\'Denial, Deception, and Drinks with Mitre Engage\'','\' \'','SOC_45ca156e0cded7c10cc724445c45aa7e','\'\'',NULL,148990),('3_Saturday','17','17:00','16:59','N','SOC','Caesars Forum - Unity Boardroom','\'Friends of Bill W\'','\' \'','SOC_8242abc929f59596543f285b1d4af7df','\'Title: Friends of Bill W
\nWhen: Saturday, Aug 13, 17:00 - 16:59 PDT
\nWhere: Caesars Forum - Unity Boardroom - Map
\n
\nDescription:
\nFor all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\n

Please note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n

\n\n\'',NULL,148991),('1_Thursday','17','17:00','16:59','N','SOC','Caesars Forum - Unity Boardroom','\'Friends of Bill W\'','\' \'','SOC_4bcfcc3a46a161c83e929f7bb41b1858','\'Title: Friends of Bill W
\nWhen: Thursday, Aug 11, 17:00 - 16:59 PDT
\nWhere: Caesars Forum - Unity Boardroom - Map
\n
\nDescription:
\nFor all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\n

Please note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n

\n\n\'',NULL,148992),('2_Friday','17','17:00','16:59','N','SOC','Caesars Forum - Unity Boardroom','\'Friends of Bill W\'','\' \'','SOC_768372c2d3a9faded81ff774b91133bf','\'Title: Friends of Bill W
\nWhen: Friday, Aug 12, 17:00 - 16:59 PDT
\nWhere: Caesars Forum - Unity Boardroom - Map
\n
\nDescription:
\nFor all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\n

Please note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n

\n\n\'',NULL,148993),('1_Thursday','12','12:00','11:59','N','SOC','Caesars Forum - Unity Boardroom','\'Friends of Bill W\'','\' \'','SOC_20f7d0aaa51f1896fe870c72edfe0b8b','\'Title: Friends of Bill W
\nWhen: Thursday, Aug 11, 12:00 - 11:59 PDT
\nWhere: Caesars Forum - Unity Boardroom - Map
\n
\nDescription:
\nFor all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\n

Please note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n

\n\n\'',NULL,148994),('3_Saturday','12','12:00','11:59','N','SOC','Caesars Forum - Unity Boardroom','\'Friends of Bill W\'','\' \'','SOC_9eb2094e4590b596437f0dff51ddfe3f','\'Title: Friends of Bill W
\nWhen: Saturday, Aug 13, 12:00 - 11:59 PDT
\nWhere: Caesars Forum - Unity Boardroom - Map
\n
\nDescription:
\nFor all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\n

Please note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n

\n\n\'',NULL,148995),('2_Friday','12','12:00','11:59','N','SOC','Caesars Forum - Unity Boardroom','\'Friends of Bill W\'','\' \'','SOC_11a671e0e89e38c6078a71308e84bb6a','\'Title: Friends of Bill W
\nWhen: Friday, Aug 12, 12:00 - 11:59 PDT
\nWhere: Caesars Forum - Unity Boardroom - Map
\n
\nDescription:
\nFor all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\n

Please note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n

\n\n\'',NULL,148996),('4_Sunday','12','12:00','11:59','N','SOC','Caesars Forum - Unity Boardroom','\'Friends of Bill W\'','\' \'','SOC_d25c623e2315d527742b0a1c1e4849bc','\'Title: Friends of Bill W
\nWhen: Sunday, Aug 14, 12:00 - 11:59 PDT
\nWhere: Caesars Forum - Unity Boardroom - Map
\n
\nDescription:
\nFor all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\n

Please note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n

\n\n\'',NULL,148997),('2_Friday','11','11:40','11:59','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Android, Birthday Cake, Open Wifi... Oh my!\'','\'A.Krontab\'','SKY_019c06206507d9fa5a32a35474ac3fe9','\'Title: Android, Birthday Cake, Open Wifi... Oh my!
\nWhen: Friday, Aug 12, 11:40 - 11:59 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:A.Krontab\n
\nSoftware Engineer by profession, lock picker and wanna be hacker by hobby. Also a Wil Wheaton look alike that actually fooled someone at DEFCON 23.
\nTwitter: @akrotos
\n\n
\nDescription:
\nWhat do you get when you combine a curious hacker dad at an 8 year old\'s birthday party with a couple open wifi networks, and a plain old android smartphone? A innocent digital trespass and spelunk into a network where full blown identity theft is possible by the end. Come hear about a low skill intrusion done with consumer hardware (No root required), apps straight off the shelf of the Google play store, and a burning curiosity and desire to get into places you\'re not supposed to be. UNPXGURCYNARG!\n
\n\n\'',NULL,148998),('3_Saturday','13','13:50','15:40','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'INTERNET WARS 2022: These wars aren\'t just virtual\'','\'Bryson Bort,Cheryl Biswall,Chris Kubecka,Gadi Evron,Harri Hursti,Jivesx,Russ Handorf\'','SKY_819ecdccf8a5c62e597a6ad146dd8cf8','\'Title: INTERNET WARS 2022: These wars aren\'t just virtual
\nWhen: Saturday, Aug 13, 13:50 - 15:40 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\nSpeakers:Bryson Bort,Cheryl Biswall,Chris Kubecka,Gadi Evron,Harri Hursti,Jivesx,Russ Handorf
\n
SpeakerBio:Bryson Bort\n
\nBryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow with the Atlantic Councilâ€™s Cyber Statecraft Initiative, the National Security Institute, and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber in 2020 by Business Insider.\n

Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Masterâ€™s Degree in Telecommunications Management from the University of Maryland, a Masterâ€™s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.\n

\nTwitter: @brysonbort
\n
SpeakerBio:Cheryl Biswall\n
\nCheryl Biswas is a strategic Cyber Threat Intelligence Specialist at a major bank, a founder of The Diana Initiative and was featured in â€œTribe of Hackers: Cybersecurity Advice from the Best Hackers in the World.â€
\nTwitter: @3ncr1pt3d
\n
SpeakerBio:Chris Kubecka\n
\nCEO of cyber warfare incident management company in The Netherlands and Distinguished Chair for a Cyber Security program in the US Program. Advises the multiple governments, militaries, television and documentary technical advisor as a subject matter expert on cyber warfare national defense. Author of OSINT books and USAF military combat veteran, former military aircrew, and USAF Space Command. Defends critical infrastructure and handles country level cyber incidents, cyberwarfare, and cyber espionage. Lives and breathes IT/IOT/ICS SCADA control systems security. Hacker since the age of 10 and was in Kiev when the war started.
\nTwitter: @SecEvangelism
\n
SpeakerBio:Gadi Evron\n
\nGadi Evron is the Innovation Domain Lead at Citi and co-wrote the post-mortem for â€œthe first Internet warâ€, in Estonia (2007).
\nTwitter: @gadievron
\n
SpeakerBio:Harri Hursti\n
\nHarri Hursti is a founder of Nordic Innovation Labs and the Voter Village. His work has been featured in two HBO documentaries, the latest being \"Kill Chain: The Cyber War on America\'s Elections.\"
\nTwitter: @HarriHursti
\n
SpeakerBio:Jivesx\n
\nJivesx is a 20 year veteran of network security, forensics and privacy in open higher ed environments. In his free time he tries to support the infosec community by volunteering, organizing, or just being a pest at multiple cons and villages.
\nTwitter: @jivesx
\n
SpeakerBio:Russ Handorf\n
\nDr. Russell Handorf currently is an agent of chaos at Twitter. He is also recovering fed after ten years of service defending the USA and other countries in a variety of matters. Heâ€™s done a lot of other odd things here and there, but that isnâ€™t important. Letâ€™s just have a conversation, but youâ€™ll have to endure my dad jokes.
\nTwitter: @dntlookbehindu
\n\n
\nDescription:
\nIt\'s been a long 12 years since the last time an Internet Wars panel was held at DEF CON, in that time a lot has changed, and a lot has not. This panel will bring together representatives from multiple industries and with a breadth of experiences discuss current trends and topics in internet security and the way those are playing out in both the cyber and the physical realm.\n

This discussion will start with an introductory presentation on some of the latest trends in digital security, threat intel, disinformation, and APTs. Further we will be discussing how cyber threats are being weaponized in the Russian attacks on Ukraine. From there we\'ll move into questions and answers from the audience. Panelists will accept questions on any subject related to the threat landscape, IoT and ICS threats, internet warfare and will discuss what we expect is coming and how we, as an industry, can best deal with it.\n

\n\n\'',NULL,148999),('3_Saturday','14','13:50','15:40','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'INTERNET WARS 2022: These wars aren\'t just virtual\'','\'Bryson Bort,Cheryl Biswall,Chris Kubecka,Gadi Evron,Harri Hursti,Jivesx,Russ Handorf\'','SKY_819ecdccf8a5c62e597a6ad146dd8cf8','\'\'',NULL,149000),('3_Saturday','15','13:50','15:40','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'INTERNET WARS 2022: These wars aren\'t just virtual\'','\'Bryson Bort,Cheryl Biswall,Chris Kubecka,Gadi Evron,Harri Hursti,Jivesx,Russ Handorf\'','SKY_819ecdccf8a5c62e597a6ad146dd8cf8','\'\'',NULL,149001),('2_Friday','16','16:00','16:50','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Automated Trolling for Fun and No Profit\'','\'burninator\'','SKY_62795f1246677233437e7107f70bf73f','\'Title: Automated Trolling for Fun and No Profit
\nWhen: Friday, Aug 12, 16:00 - 16:50 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:burninator\n
\nBurninator was a software engineer before becoming an appsec redteamer in 2018, but has been hacking all the things since high school.
\nTwitter: @burninatorsec
\n\n
\nDescription:
\nHaving fun is at the core of discovering new CVEs or getting bug bounties. While this talk is about neither of those things, I want to show that doing something for the lulz can lead to some awesome possibilities no matter what youâ€™re doing. Would you like to troll more but you work full time? Letâ€™s automate! Are you one of the 40,000+ users who have been contacted by my bots such as the /r/pmmebot Reddit bot? Or ChinaNumberFour? Or J0hnnyDoxxille? Letâ€™s talk it out. Some may say learning to code AI in Python just to troll is too much effort. I agree. I did it anyway.\n
\n\n\'',NULL,149002),('2_Friday','14','14:55','15:45','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Cloud Threat Actors: No longer cryptojacking for fun and profit\'','\'Nathaniel Quist\'','SKY_b61a0866fc9a2d22a2541819f071d364','\'Title: Cloud Threat Actors: No longer cryptojacking for fun and profit
\nWhen: Friday, Aug 12, 14:55 - 15:45 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:Nathaniel Quist\n
\nNathaniel Quist is a Principal Researcher working with Palo Alto Networks Unit 42 and Prisma Cloud teams on researching the threats facing public cloud platforms, tools, and services. He is actively focused on identifying the threats, malware and threat actor groups that target cloud environments.\n

Nathaniel has worked within Government, Public, and Private sectors and holds a Master of Science in Information Security Engineering (MSISE) from The SANS Institute, where he focused on Network and System Forensics, Malware Reversal, and Incident Response. He is the author of multiple blogs, reports, and whitepapers published by Palo Alto Networksâ€™ Unit 42 and Prisma Cloud as well as the SANS InfoSec Reading Room.\n

\nTwitter: @qcuequeue
\n\n
\nDescription:
\nThreat actors have elevated their attacks against cloud environments through the direct targeting and usage of Identity and Access Management (IAM) resources. Successful attacks not only expose the wider customer cloud environment workloads but also expose a defender\'s inability to successfully track the total scope of the incident using only a single cloud visibility tool. I have been tracking the evolution of cloud targeted threats and the threat actors behind them, what I have found is that actors who target cloud environments have begun to use techniques that are solely unique to cloud environments. So much so, that the Unit 42 threat intelligence team and I found it necessary to define these actors as Cloud Threat Actors. \"\"An individual or group posing a threat to organizations through directed and sustained access to cloud platform resources, services or embedded metadata.\"\"\n

In this talk, we will guide the audience through the first-ever Cloud Threat Actor Index detailing the targeting cloud environments, who are behind these attacks, how they are targeting and leveraging techniques unique to cloud environments, and most importantly how poorly defined IAM identities open the biggest holes. We will also give the audience the knowledge needed to properly harden their cloud environments by illustrating how the most successful cloud-targeted attacks have occurred. IAM is the first line of defense in your cloud, knowing how attackers target and leverage IAM resources to evade detection is the best tool we have to properly defend your entire cloud infrastructure.\n

\n\n\'',NULL,149003),('2_Friday','15','14:55','15:45','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'Cloud Threat Actors: No longer cryptojacking for fun and profit\'','\'Nathaniel Quist\'','SKY_b61a0866fc9a2d22a2541819f071d364','\'\'',NULL,149004),('2_Friday','09','09:30','10:20','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Combatting sexual abuse with threat intelligence techniques\'','\'Aaron DeVera\'','SKY_c5e0c2faeabbf18b65469c04b69ff79e','\'Title: Combatting sexual abuse with threat intelligence techniques
\nWhen: Friday, Aug 12, 09:30 - 10:20 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:Aaron DeVera\n
\nAaron DeVera is a New York-based security researcher whose experience spans from the takedown of multi-million dollar criminal botnets to threat intelligence operations for global financial services companies. They are a member of the New York Cyber Sexual Abuse Taskforce, a founding member of the Cabal hacker collective, and a founder of Backchannel, which builds tools for adversary intelligence and adversary attribution. Their previous speaking engagements include SXSW, Botconf, SummerCon, The Diana Initiative, and within the information security community.
\nTwitter: @aaronsdevera
\n\n
\nDescription:
\nThe techniques and tactics used against cyber adversaries can be effective against perpetrators of sexual violence. Join the representatives from the Cabal hacker collective as they chart their success in attributing online behavior, creating intelligence pipelines, and survivor outreach in the wake of the growing threat of cyber sexual abuse. The featured case studies are real-life scenarios where familiar infosec operations ended up making a huge impact in cases against cyberstalkers, sex criminals, and hackers.\n
\n\n\'',NULL,149005),('2_Friday','10','09:30','10:20','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'Combatting sexual abuse with threat intelligence techniques\'','\'Aaron DeVera\'','SKY_c5e0c2faeabbf18b65469c04b69ff79e','\'\'',NULL,149006),('2_Friday','17','17:05','17:55','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Deadly Russian Malware in Ukraine\'','\'Chris Kubecka\'','SKY_c25b698fd6f30b5cbce08b5144befa68','\'Title: Deadly Russian Malware in Ukraine
\nWhen: Friday, Aug 12, 17:05 - 17:55 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:Chris Kubecka\n
\nCEO of cyber warfare incident management company in The Netherlands and Distinguished Chair for a Cyber Security program in the US Program. Advises the multiple governments, militaries, television and documentary technical advisor as a subject matter expert on cyber warfare national defense. Author of OSINT books and USAF military combat veteran, former military aircrew, and USAF Space Command. Defends critical infrastructure and handles country level cyber incidents, cyberwarfare, and cyber espionage. Lives and breathes IT/IOT/ICS SCADA control systems security. Hacker since the age of 10 and was in Kiev when the war started.
\nTwitter: @SecEvangelism
\n\n
\nDescription:
\nHas Russian malware lead to loss of life, yes. The effects of the Ukrainian border patrol and orphan database wiper viruses. Russian malware pinpointing evacuating refugees for murder. Wiping orphan identifications so they can\'t escape the Mariupol, killing many in the theater they sheltered in. Wiping border control to the point they operated on pen and paper, slowing evacuations leaving some to freeze to death desperate to flee. Luring of humanitarian aid workers through surveillanceware and misinformation leading to kidnapping and ransom payments with cryptocurrency. Targeting refugees in Europe for surveillance, harassment and intimidation. No digital ID, no cash, no credit cards. What happens when cyberwar affects everyday lives.\n
\n\n\'',NULL,149007),('2_Friday','13','13:50','14:40','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Don\'t Blow A Fuse: Some Truths about Fusion Centres\'','\'3ncr1pt3d\'','SKY_81893533649f0e23a6f83d1843cf2292','\'Title: Don\'t Blow A Fuse: Some Truths about Fusion Centres
\nWhen: Friday, Aug 12, 13:50 - 14:40 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:3ncr1pt3d\n
\nI am a cyber threat intel analyst who likes to question things, with my work leading to presentations, articles and podcasts. My work history includes KPMG, one of the \"Big 4\", a major bank, CP Rail, a major railroad, with experience in security audits and assessments, privacy, DRP, project management, vendor management and change management. I am an experienced speaker, and have spoken previously at Skytalks.
\n\n
\nDescription:
\nHow do you harness the power of collaboration when you need it most to protect and defend against threats? You build a fusion center. The concept evolved some 20 years ago in response to countering terrorism post 9/11, and a number of centres were built per the DOJ and DHS. But a few years ago, the concept became the new shiny for banks, a way to keep up with evolving threats and cybercrime. Alas, all that glitters is not gold. Effective fusion centres are powered by trust-enabled collaboration between people. At the end of the day, however, all those flashy lights, big monitors and dazzling graphs don\'t mean anything without the skilled people who know how to analyze and act on the real information. This talk is a cautionary tale of what\'s good and bad about fusion centres, with comparisons drawn from my experiences of working in one that really wasn\'t working well and why we must value our people over our technology.\n
\n\n\'',NULL,149008),('2_Friday','14','13:50','14:40','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'Don\'t Blow A Fuse: Some Truths about Fusion Centres\'','\'3ncr1pt3d\'','SKY_81893533649f0e23a6f83d1843cf2292','\'\'',NULL,149009),('2_Friday','10','10:35','11:25','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Hundreds of incidents, what can we share?\'','\'Brenton Morris,Guy Barnhart-Magen\'','SKY_18a5352184079c58a6853c56b2f021b0','\'Title: Hundreds of incidents, what can we share?
\nWhen: Friday, Aug 12, 10:35 - 11:25 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\nSpeakers:Brenton Morris,Guy Barnhart-Magen
\n
SpeakerBio:Brenton Morris\n
\nSr Incident Responder at Profero. Brenton leads Incident Response engagements on a daily basis. From sophisticated cloud attackers to ransomware events. Brenton has a unique set of combined security research and devoper experience, allowing him to resolve many cyber-attacks while fully understanding the impact on production systems.
\nTwitter: @_scrapbird
\n
SpeakerBio:Guy Barnhart-Magen\n
\nWith nearly 25 years of experience in the cyber-security industry, Guy held various positions in both corporates and startups.\n

In his role as the CTO for the Cyber crisis management firm Profero his focus is making incident response fast and scalable, harnessing the latest technologies and a cloud native approach.\n

Most recently, he led Intelâ€™s Predictive Threat Analysis group who focused on the security of machine learning systems and trusted execution environments. At Intel, he defined the global AI security strategy and roadmap. He spoke at dozens of events on the research he and the group have done on Security for AI systems and published several whitepapers on the subject.\n

Guy is the BSidesTLV chairman and CTF lead, a Public speaker in well known global security events (SAS, t2, 44CON, BSidesLV, and several DefCon villages to name a few), and the recipient of the Cisco â€œblack beltâ€ security ninja honor â€“ Ciscoâ€™s highest cybersecurity advocate rank.\n

He started as a software developer for several security startups and later spent eight years in the IDF. After completing his degrees in Electrical Engineering and Applied Mathematics, he focused on security research, in real-world applications.\n

He joined NDS (later acquired by Cisco). He led the Anti-Hacking, Cryptography, and Supply Chain Security Groups (~25 people in USA and Israel).\n

\nTwitter: @barnhartguy
\n\n
\nDescription:
\nThere are two types of organizations, those that were breached and those that are not ware yet...\n

For most organizations, it is easier to buy blinky lightboxes and tick various compliance boxes (ISO27001 looking at you!) than improve their security posture.\n

We repeatedly see in the field that the vast majority of incidents could have been contained or even prevented if the effort had been spent in the right place.\n

We have some good statistics on what works, what can help, and what is generally a waste of effort with hundreds of incidents handled.\n

Most of the organizations that we see get breached are not Fortune 500 companies; they don\'t have colossal security budgets - but they do have a dedicated team that is doing their best to make a difference.\n

In this talk, we will cover some of our experience in what works in the real world and how you can focus your efforts on getting the correct data to respond and close incidents fast.\n

Invariably, the goal is not to have 100% security (no one will fund that!) but to get the business back on its feet ASAP and resume business operations. Planning for that takes dedication and focus - but it can be done!Â \n

we will focus in our talk on the pillars that would make your incident response plan work:\nGetting the right team in place
\nCommunication!
\nData collection, access to systems
\nAccess to forensics and response tools when you need them\n

This talk will outline common gaps and compare examples of these two types of organizations from actual incidents to highlight the real-life implications of lack of preparation, which affects the outcome of an incident.\n

\n\n\'',NULL,149010),('2_Friday','11','10:35','11:25','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'Hundreds of incidents, what can we share?\'','\'Brenton Morris,Guy Barnhart-Magen\'','SKY_18a5352184079c58a6853c56b2f021b0','\'\'',NULL,149011),('2_Friday','12','12:45','13:35','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Taking Down the Grid\'','\'Joe Slowik\'','SKY_066173b8f5a637bc1bc33883e080d9c1','\'Title: Taking Down the Grid
\nWhen: Friday, Aug 12, 12:45 - 13:35 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:Joe Slowik\n, Threat Intelligence & Detections Engineering Lead
\nJoe Slowik has over a decade of experience across multiple facets of information security and offensive computer network operations. Currently leading threat intelligence and detection engineering work at Gigamon, Joe has previously performed cyber threat intelligence research at DomainTools and Dragos, and spent several years in both the US Department of Energy and as an Officer in the US Navy.
\nTwitter: @jfslowik
\n\n
\nDescription:
\nMedia hype concerning \"\"attacks\"\" on the electric grid is common through multiple sources, but ignores actual vectors of concern for impacting electric services to populations. This talk will examine how cyber effects can effectively impair electric services, focusing on how cyber can leverage underlying system dependencies and opportunities to achieve outsized impacts. In addition to reviewing the most studied disruptive cyber events on electric systems (2015 and 2016 Ukraine), this talk will also explore \"\"near miss\"\" events (such as the Berserk Bear campaigns from 2017 through at least 2020) as well as recent events in Ukraine. Furthermore, we will also discuss the lessons from non-cyber events (such as the 2003 blackouts in North America and Europe, and more recent incidents) to illustrate necessary steps to effectively disabling the delivery of electric services.\n

As a result of this discussion, attendees will emerge with a more thorough understanding of the number of steps and actions required to overcome existing protections and redundancies in electric environments. Additionally, attendees will learn of potential shortcuts through external events and environmental factors that can enable outsized effects. Overall, this discussion will inform attendees as to the overall complexity of electric systems, and what types of actions are necessary to undermine such systems through cyber means.\n

\n\n\'',NULL,149012),('2_Friday','13','12:45','13:35','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'Taking Down the Grid\'','\'Joe Slowik\'','SKY_066173b8f5a637bc1bc33883e080d9c1','\'\'',NULL,149013),('2_Friday','12','12:10','12:30','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'The Richest Phisherman in Colombia\'','\'Matt Mosley,Nick Ascoli\'','SKY_d5f63fed4d839a1734dd5f6edcb95a09','\'Title: The Richest Phisherman in Colombia
\nWhen: Friday, Aug 12, 12:10 - 12:30 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\nSpeakers:Matt Mosley,Nick Ascoli
\n
SpeakerBio:Matt Mosley\n
\nMatt Mosley is a security professional with 30+ years experience in various technical and executive roles, former UNIX sysadmin and software engineer, and reformed grey hat hacker who wears his original â€œI miss crimeâ€ shirt proudly. In his current role as Chief Product Officer and CISO of security startup PIXM, Matt guides the companyâ€™s product and security strategy and manages several functional teams. Matt has held the CISSP, CISM and CISA credentials since the mid 90s and has spoken on security topics many times over the years, from large audiences at RSA to local ISSA meetings. Matt believes that security starts with the basics that most companies fail to get right, and would be happy to debate the merits of the principles in the orange book vs your need for the latest XDR/SOAR/ABCDXYZ product. He is still waiting for the right opportunity to avenge his teamâ€™s finals loss in Hacker Jeopardy during Defcon 5.
\n
SpeakerBio:Nick Ascoli\n
\nNick Ascoli is the founder and CEO of Foretrace, an External Attack Surface Management\n(EASM) solution. Prior to starting Foretrace, Nick was a Cyber Research Scientist and Consultant\nwith Security Risk Advisors and has published several open-source tools including pdblaster and\nTALR. Nick has been a speaker at Blackhat Arsenal, SANS, and B-Sides conferences on SIEM,\nRecon, and UEBA topics.
\nTwitter: @kcin418
\n\n
\nDescription:
\nAdversaries have increasingly been leveraging completely legitimate 3rd party web hosting products to circumvent traditional domain reputation analysis engines, and successfully get their phishing pages in front of their victims. Using these third party services also offers them a great opportunity to limit the exposure of their own infrastructure, offering a great OPSEC advantage. However, in one investigation, a few breadcrumbs left in the adversaries code led us down a rabbit hole to slowly uncovering the person behind what is perhaps the largest Facebook credential harvesting campaign ever investigated (over 100 million potentially impacted at the time of this submission).\n

In this talk, we will follow the breadcrumb trail left by a threat actor, demonstrating how we pieced together the shocking scale of their credential harvesting and malversating operation. From comments in their code, to their various online identities, to accessing their infrastructure - we will walk through our investigation into a wanted Colombian Cyber Criminal.\n

\n\n\'',NULL,149014),('3_Saturday','16','16:00','16:50','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Dancing Around DRM\'','\'Game Tech Chris,ã‚®ãƒ³ã‚¸ãƒ¼ðŸ¾ã‚¿ãƒ¼ãƒ©ãƒŽãƒ¼ \'','SKY_3084bc5c273c0361128a6491599ce7b6','\'Title: Dancing Around DRM
\nWhen: Saturday, Aug 13, 16:00 - 16:50 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\nSpeakers:Game Tech Chris,ã‚®ãƒ³ã‚¸ãƒ¼ðŸ¾ã‚¿ãƒ¼ãƒ©ãƒŽãƒ¼
\n
SpeakerBio:Game Tech Chris\n
\nNo BIO available
\nTwitter: @gtc
\n
SpeakerBio:ã‚®ãƒ³ã‚¸ãƒ¼ðŸ¾ã‚¿ãƒ¼ãƒ©ãƒŽãƒ¼ \n
\nNo BIO available
\nTwitter: @lobstar85
\n\n
\nDescription:
\nAfter losing hundreds of pounds playing dance dance revolution (seriously, over 300 pounds down!), it was discovered that this game had suicide DRM - when the hard drive dies, it\'s game over; You could not get it repaired! Two friends set out on a journey to tear the game apart and find a way to keep dancing after the components have sunset. This is the story of how this game (and others that used the same protection scheme) was saved without fully needing to break their entire DRM scheme!\n

This talk will go over the hardware and software combination approach we used to combat a notorious DRM scheme and preserve a series of arcade games. The protection is employed in commercial and consumer environments and this trick has been used to preserve not only these, but many other digital games from extinction.\n

\n\n\'',NULL,149015),('3_Saturday','11','11:40','12:30','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'This one time, at this Hospital, I got Ransomware\'','\'Eirick Luraas\'','SKY_b5efe5dfbe3d31f0921b883141b8ffa4','\'Title: This one time, at this Hospital, I got Ransomware
\nWhen: Saturday, Aug 13, 11:40 - 12:30 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:Eirick Luraas\n
\nEirick spends his days discovering and mitigating vulnerabilities, occasionally doing Incident Response, and once in a while tracking down bad actors. Sometimes he gets to compromise systems to show Executives that Hospitals are horribly insecure.\n

Eirick earned a Master\'s Degree in Cybersecurity, and he has spoken several times about the dangers technology creates in healthcare. Eirick helps bring awareness of the risks we are unknowingly taking every time we visit a Hosptial and works every day to reduce those dangers.\n

Eirick grew up in Montana and lived in Panama during his military service. He bounced around a few states in the US. He recently relocated to Tucson, Az where he is rediscovering his passion for photography. You can follow Eirick on twitter @tyercel.\n

\nTwitter: @tyercel
\n\n
\nDescription:
\nMost people don\'t know how Hospitals go through a ransomware incident. This lack of understanding creates a false sense of security for the places we rely on to help us when we are at our most vulnerable. This talk will describe what happened during a ransomware incident at a small midwestern hospital.\n
\n\n\'',NULL,149016),('3_Saturday','12','11:40','12:30','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'This one time, at this Hospital, I got Ransomware\'','\'Eirick Luraas\'','SKY_b5efe5dfbe3d31f0921b883141b8ffa4','\'\'',NULL,149017),('3_Saturday','12','12:45','13:35','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Voter Targeting, Location Data, and You\'','\'l0ngrange\'','SKY_cb8c81920e9102f0eea8a30841323f3f','\'Title: Voter Targeting, Location Data, and You
\nWhen: Saturday, Aug 13, 12:45 - 13:35 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:l0ngrange\n
\nNo BIO available
\nTwitter: @l0ngrange
\n\n
\nDescription:
\nVoter targeting firms use â€œmicrotargetingâ€ to help campaigns target individual voters to get them to go vote (or stay home and not vote). Data brokers buy your location data from scummy apps and resell it in bulk, claiming the data is anonymized. Now, location data brokers are giving these voter targeting firms unfettered access to the non-anonymized location data of hundreds of millions of voters to further this chicanery.\n
\n\n\'',NULL,149018),('3_Saturday','13','12:45','13:35','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'Voter Targeting, Location Data, and You\'','\'l0ngrange\'','SKY_cb8c81920e9102f0eea8a30841323f3f','\'\'',NULL,149019),('3_Saturday','10','10:35','11:25','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'What your stolen identity did on its CoViD vacation\'','\'Judge Taylor\'','SKY_f70ee8f0e6e42e028d06e75ba5c0ffaa','\'Title: What your stolen identity did on its CoViD vacation
\nWhen: Saturday, Aug 13, 10:35 - 11:25 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:Judge Taylor\n
\nThe Hon., Rev., Dr. Taylor, Esq., J.D. (because fucking titles.. am I right?), Judge, Firearms Law Attorney, drafter of fine old fashioned legislation, righter of wrongs, and fucking cripple; is annoyed, loud, and as funny as your worst enemy\'s heart attack; is an expert in what the government ought not to do.. but the government keeps doing anyway.
\nTwitter: @mingheemouse
\n\n
\nDescription:
\nA judge tells you how and why Billions of U.S. taxpayer dollars were stolen by domestic and foreign hackers and scammers, with the help of the U.S. government. If you saw an attorney annihilate a bunch of hostile watermelons with a $19 homemade gun and homemade ammunition at the 2017 SkyTalks.. Well he\'s a Judge now.. and he has to deal with unemployment appeals from identity theft victims who are wondering why they mysteriously have to pay back unemployment programs in 6 different States. Oh.. and GUNS.. he talks about GUNS too..\n
\n\n\'',NULL,149020),('3_Saturday','11','10:35','11:25','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'What your stolen identity did on its CoViD vacation\'','\'Judge Taylor\'','SKY_f70ee8f0e6e42e028d06e75ba5c0ffaa','\'\'',NULL,149021),('4_Sunday','10','10:35','11:25','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Basic Blockchain Forensics\'','\'K1ng_Cr4b\'','SKY_ace7baec71e3f207576cadbff153a243','\'Title: Basic Blockchain Forensics
\nWhen: Sunday, Aug 14, 10:35 - 11:25 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:K1ng_Cr4b\n
\nAs a Cryptocurrency Fraud and Compliance Analyst I follow nefarious activity that occurs on the blockchain. Cases can be anything from scams, hacks, ransomware, money laundering, illicit finance, or dark web criminal activity. The field is constantly evolving, and I am excited to share with you some real life cases and other exciting findings. All information in the talk is shared in the lens of how you can better protect your privacy while using cryptocurrency and how you should respond if victimized.
\n\n
\nDescription:
\nThe transparency, immutability, and availibility of cryptocurrency blockchain data work to the advantage of Blockchain Forensics Investigators. Follow a crytpcurrency forensic analyst as we go from a single transaction to attribution.\n
\n\n\'',NULL,149022),('4_Sunday','11','10:35','11:25','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'Basic Blockchain Forensics\'','\'K1ng_Cr4b\'','SKY_ace7baec71e3f207576cadbff153a243','\'\'',NULL,149023),('4_Sunday','09','09:30','10:20','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Eradicating Disease With BioTerrorism\'','\'MixÃ¦l S. Laufer\'','SKY_896ab846f22babae8fd20e2765db27a1','\'Title: Eradicating Disease With BioTerrorism
\nWhen: Sunday, Aug 14, 09:30 - 10:20 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:MixÃ¦l S. Laufer\n
\nMixæl Swan Laufer worked in mathematics and high energy physics until he decided to tackle problems of global health and human rights. He continues to work to make it possible for people to manufacture their own medications and devices at home by creating public access to tools and information.
\nTwitter: @MichaelSLaufer
\n\n
\nDescription:
\nWe all know that person who never brushes their teeth, but seems never to get drilled in the dentist\'s chair. Why are they special? We also know the person who no matter how diligent they are with oral hygiene is constantly in the dentist\'s office. Why are they unlucky? The most common infectious disease in humans is dental caries, commonly referred to as cavities. This has plagued humanity since it became a species, and continues to this day. It disproportionately is suffered by those in the lower socioeconomic classes and in the global south. Conventional wisdom suggests that all that is needed is a good tooth-brushing regimen, and everything will be fine. But we know this is false. We now know that the cavity phenomenon is modulated by bacteria, and now that we can manipulate the genetic material of bacteria, we can eliminate this disease. Come see how we did it, get the new genetically modified bacteria which is the cure for yourself, and help save teeth all over the world.\n
\n\n\'',NULL,149024),('4_Sunday','10','09:30','10:20','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'Eradicating Disease With BioTerrorism\'','\'MixÃ¦l S. Laufer\'','SKY_896ab846f22babae8fd20e2765db27a1','\'\'',NULL,149025),('4_Sunday','11','11:40','13:30','N','SKY','LINQ - BLOQ (SkyTalks 303)','\'Abortion Tech\'','\'Maggie Mayhem\'','SKY_d2bd17ad5f38b9b49b14e58eca77c5c9','\'Title: Abortion Tech
\nWhen: Sunday, Aug 14, 11:40 - 13:30 PDT
\nWhere: LINQ - BLOQ (SkyTalks 303) - Map
\n
SpeakerBio:Maggie Mayhem\n
\nMaggie Mayhem is a former sex worker and current full spectrum doula. She has spoken previously at HOPE as well as DefCon, Skytalks, SxSW, the United Nations Internet Governance Forum, as well as many events and universities around the world. Her website is MaggieMayhem.Com.
\nTwitter: @msmaggiemayhem
\n\n
\nDescription:
\nIn order to protect abortion access in America, it is imperative to understand what abortion is in material terms. This primer will discuss clinical and underground abortion procedures, provider opsec, targeted legislation against abortion access, how abortion access & gender affirming care are linked, and demonstrate how to build a DIY vacuum aspiration device. This talk will be presented from the perspective that abortion should be available on demand, without apology as part of a spectrum of human reproductive rights including gender affirming care and expression of sexual orientation. Providing abortions safely requires a background in healthcare that exceeds the time and content limitations of this talk. Though abortion will be discussed in practical terms, attendees will not be taught how to perform abortions.\n
\n\n\'',NULL,149026),('4_Sunday','12','11:40','13:30','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'Abortion Tech\'','\'Maggie Mayhem\'','SKY_d2bd17ad5f38b9b49b14e58eca77c5c9','\'\'',NULL,149027),('4_Sunday','13','11:40','13:30','Y','SKY','LINQ - BLOQ (SkyTalks 303)','\'Abortion Tech\'','\'Maggie Mayhem\'','SKY_d2bd17ad5f38b9b49b14e58eca77c5c9','\'\'',NULL,149028),('2_Friday','12','12:00','13:55','N','DL','Caesars Forum - Council Boardroom (Demo Labs)','\'EMBA - Open-Source Firmware Security Testing\'','\'Michael Messner,Pascal Eckmann\'','DL_213592ff3828590a3ad7b25d1a9cb5c0','\'Title: EMBA - Open-Source Firmware Security Testing
\nWhen: Friday, Aug 12, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Council Boardroom (Demo Labs) - Map
\nSpeakers:Michael Messner,Pascal Eckmann
\n
SpeakerBio:Michael Messner\n
\nMichael Messner: As a security researcher and penetration tester, I have more than 10 years of experience in different penetration testing areas. In my current position, I\'m focused on hacking embedded devices used in critical environments.
\n
SpeakerBio:Pascal Eckmann\n
\nPascal Eckmann: As a security researcher and developer, I have worked on several internal and Open-Source projects in the areas of fuzzing, firmware analysis and web development. In addition to automated firmware analysis, I have experience in various penetration testing areas including hardware and wireless communication.
\n\n
\nDescription:
\nPenetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis. \n

Audience: Offense (penetration testers) and defense (security team and developers).\n

\n\n\'',NULL,149029),('2_Friday','13','12:00','13:55','Y','DL','Caesars Forum - Council Boardroom (Demo Labs)','\'EMBA - Open-Source Firmware Security Testing\'','\'Michael Messner,Pascal Eckmann\'','DL_213592ff3828590a3ad7b25d1a9cb5c0','\'\'',NULL,149030),('3_Saturday','12','12:00','13:55','N','DL','Caesars Forum - Accord Boardroom (Demo Labs)','\'alsanna\'','\'Jason Johnson\'','DL_39e1ae29543a380ed8c61cbce25a64ea','\'Title: alsanna
\nWhen: Saturday, Aug 13, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Accord Boardroom (Demo Labs) - Map
\n
SpeakerBio:Jason Johnson\n
\nJason has been hacking for years, getting great satisfaction from peeling back layers of abstraction. He enjoys working on network security and machine learning. He\'s been to two DEF CONs in the past, and loved every minute of them. He is currently employed by WithSecure and based out of upstate New York.
\n\n
\nDescription:
\nalsanna is a command-line based intercepting proxy for arbitrary TCP traffic. It includes built-in support for decrypting TLS streams, and allows editing the stream as it passes over the network. It is deliberately lightweight and documented to help hackers who need to modify its behavior. This demo will include live instances of the tool which can be used by visitors, live support for anyone looking to learn how to use alsanna, and a short on-demand walkthrough for visitors, covering how the tool works and what you need to know to modify it.\n

Audience: Researchers, reverse engineers, pentesters, bug bounty hunters\n

\n\n\'',NULL,149031),('3_Saturday','13','12:00','13:55','Y','DL','Caesars Forum - Accord Boardroom (Demo Labs)','\'alsanna\'','\'Jason Johnson\'','DL_39e1ae29543a380ed8c61cbce25a64ea','\'\'',NULL,149032),('2_Friday','10','10:00','11:55','N','DL','Caesars Forum - Caucus Boardroom (Demo Labs)','\'Access Undenied on AWS\'','\'Noam Dahan\'','DL_6ca35f23fab4cdaeb158d5e2c73a0187','\'Title: Access Undenied on AWS
\nWhen: Friday, Aug 12, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Caucus Boardroom (Demo Labs) - Map
\n
SpeakerBio:Noam Dahan\n
\nNoam Dahan is a Senior Security Researcher at Ermetic with several years of experience in embedded security. He is a graduate of the Talpiot program at the Israel Defense Forces and spent several years in the 8200 Intelligence Corps. While this is his first time presenting at DEF CON, it is not his first time in front of a crowd. Noam was a competitive debater and is a former World Debating Champion.
\nTwitter: @NoamDahan
\n\n
\nDescription:
\nAccess Undenied on AWS analyzes AWS CloudTrail AccessDenied events â€“ it scans the environment to identify and explain the reasons for which access was denied. When the reason is an explicit deny statement, AccessUndenied identifies the exact statement. When the reason is a missing allow statement, AccessUndenied offers a least-privilege policy that facilitates access.\n

Audience: Cloud Security, Defense.\n

\n\n\'',NULL,149033),('2_Friday','11','10:00','11:55','Y','DL','Caesars Forum - Caucus Boardroom (Demo Labs)','\'Access Undenied on AWS\'','\'Noam Dahan\'','DL_6ca35f23fab4cdaeb158d5e2c73a0187','\'\'',NULL,149034),('2_Friday','14','14:00','15:55','N','DL','Caesars Forum - Caucus Boardroom (Demo Labs)','\'AWSGoat : A Damn Vulnerable AWS Infrastructure\'','\'Jeswin Mathai,Sanjeev Mahunta\'','DL_170b2d2c7c71b7e105ff61090739b7bb','\'Title: AWSGoat : A Damn Vulnerable AWS Infrastructure
\nWhen: Friday, Aug 12, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Caucus Boardroom (Demo Labs) - Map
\nSpeakers:Jeswin Mathai,Sanjeev Mahunta
\n
SpeakerBio:Jeswin Mathai\n, Senior Security Researcher
\nJeswin Mathai is a Senior Security Researcher at INE. Prior to joining INE, He was working as a senior security researcher at Pentester Academy (Acquired by INE). At Pentester Academy, he was also part of the platform engineering team who was responsible for managing the whole lab infrastructure. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo labs (DEFCON). He has also been a co-trainer in classroom trainings conducted at Black Hat Asia, HITB, RootCon, OWASP NZ Day. He has a Bachelor degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals, conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.
\n
SpeakerBio:Sanjeev Mahunta\n
\nSanjeev Mahunta is a Cloud Software Engineer at INE with a strong background in web, mobile application design and has high proficiency in AWS. He holds a bachelor\'s degree in Computer Science from Amity University Rajasthan. He has 2+ years of experience building front-end applications for the web and implementing ERP solutions. Having interned at Defence Research and Development Organisation (DRDO), he has acquired neat skills in application development. His areas of interest include Web Application Security, Serverless Application Deployment, System Design and Cloud.
\n\n
\nDescription:
\nCompromising an organization\'s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure. Since cloud is relatively new, many developers are not fully aware of the threatscape and they end up deploying a vulnerable cloud infrastructure. When it comes to web application pentesting on traditional infrastructure, deliberately vulnerable applications such as DVWA and bWAPP have helped the infosec community in understanding the popular web attack vectors. However, at this point in time, we do not have a similar framework for the cloud environment. In this talk, we will be introducing AWSGoat, a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as IAM, S3, API Gateway, Lambda, EC2, and ECS. AWSGoat mimics real-world infrastructure but with added vulnerabilities. The idea behind AWSGoat is to provide security enthusiasts and pen-testers with an easy to deploy/destroy vulnerable infrastructure where they can learn how to enumerate cloud applications, identify vulnerabilities, and chain various attacks to compromise the AWS account. The deployment scripts will be open-source and made available after the talk.\n

Audience: Cloud, Ofference, Defense\n

\n\n\'',NULL,149035),('2_Friday','15','14:00','15:55','Y','DL','Caesars Forum - Caucus Boardroom (Demo Labs)','\'AWSGoat : A Damn Vulnerable AWS Infrastructure\'','\'Jeswin Mathai,Sanjeev Mahunta\'','DL_170b2d2c7c71b7e105ff61090739b7bb','\'\'',NULL,149036),('2_Friday','14','14:00','15:55','N','DL','Caesars Forum - Committee Boardroom (Demo Labs)','\'AADInternals: The Ultimate Azure AD Hacking Toolkit\'','\'Nestori Syynimaa\'','DL_bfa1e95fe36a1fb2aa2611213d5b6f5a','\'Title: AADInternals: The Ultimate Azure AD Hacking Toolkit
\nWhen: Friday, Aug 12, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Committee Boardroom (Demo Labs) - Map
\n
SpeakerBio:Nestori Syynimaa\n
\nDr Nestori Syynimaa (@DrAzureAD) is one of the leading Azure AD / M365 security experts globally and the developer of the AADInternals toolkit. For over a decade, he has worked with Microsoft cloud services and was awarded Microsoft Most Valuable Security Researcher for 2021. Currently, Dr Syynimaa works as a Senior Principal Security Researcher for Secureworks Counter Threat Unit and hunts for vulnerabilities full time. He has spoken at many international scientific and professional conferences, including IEEE TrustCom, Black Hat Arsenal USA and Europe, RSA Conference, and TROOPERS.
\nTwitter: @DrAzureAD
\n\n
\nDescription:
\nAADInternals is an open-source hacking toolkit for Azure AD and Microsoft 365, having over 14,000 downloads from the PowerShell gallery. It has over 230 different functions in 15 categories for various purposes. The most famous ones are related to Golden SAML attacks: you can export AD FS token signing certificates remotely, forge SAML tokens, and impersonate users w/ MFA bypass. These techniques have been used in multiple attacks during the last two years, including Solorigate and other NOBELIUM attacks. AADInternals also allows you to harvest credentials, export Azure AD Connect passwords and modify numerous Azure AD / Office 365 settings not otherwise possible. The latest update can extract certificates and impersonate Azure AD joined devices allowing bypassing device based conditional access rules. https://o365blog.com/aadinternals/ https://attack.mitre.org/software/S0677\n

Audience: Blue teamers, red teamers, administrators, wannabe-hackers, etc.\n

\n\n\'',NULL,149037),('2_Friday','15','14:00','15:55','Y','DL','Caesars Forum - Committee Boardroom (Demo Labs)','\'AADInternals: The Ultimate Azure AD Hacking Toolkit\'','\'Nestori Syynimaa\'','DL_bfa1e95fe36a1fb2aa2611213d5b6f5a','\'\'',NULL,149038),('2_Friday','12','12:00','13:55','N','DL','Caesars Forum - Committee Boardroom (Demo Labs)','\'AzureGoat: Damn Vulnerable Azure Infrastructure\'','\'Nishant Sharma,Rachna Umraniya\'','DL_f4571a42d65c09ab544e32ebbf7d8c55','\'Title: AzureGoat: Damn Vulnerable Azure Infrastructure
\nWhen: Friday, Aug 12, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Committee Boardroom (Demo Labs) - Map
\nSpeakers:Nishant Sharma,Rachna Umraniya
\n
SpeakerBio:Nishant Sharma\n, Security Research Manager
\nNishant Sharma is a Security Research Manager at INE, where he manages the development of next-generation on-demand labs. Before INE, he worked as R&D Head of Pentester Academy (Acquired by INE), where he led a team of developers/researchers to create content and platform features for AttackDefense. He has also developed multiple gadgets for WiFi pentesting/monitoring such as WiMonitor, WiNX, and WiMini. With over 9+ years of experience in development and content creation, he has conducted trainings/workshops at Blackhat Asia/USA, HITB Amsterdam/Singapore, OWASP NZ day, and DEFCON USA villages. He has presented/published his work at Blackhat USA/Asia Arsenal, DEFCON USA/China, Wireless Village, Packet Village and IoT village. He has also conducted WiFi Pentesting training at Blackhat USA 2019, 2021. He had started his career as a firmware developer at Mojo Networks (Acquired by Arista) where he worked on new features for the enterprise-grade WiFi APs and maintenance of state-of-the-art WIPS. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi, Azure, and Container security.
\n
SpeakerBio:Rachna Umraniya\n
\nRachana Umaraniya is a Cloud Developer at INE and has two years of experience in software development. She specializes in building applications with Java frameworks and is well versed with databases. She has a Master\'s degree in Computer Science from NIT Hamirpur. Her area of interest includes cloud security, cryptography, web application, and docker security.
\n\n
\nDescription:
\nMicrosoft Azure cloud has become the second-largest vendor by market share in the cloud infrastructure providers (as per multiple reports), just behind AWS. There are numerous tools and vulnerable applications available for AWS for the security professional to perform attack/defense practices, but it is not the case with Azure. There are far fewer options available to the community. AzureGoat is our attempt to shorten this gap by providing a ready-to-deploy vulnerable setup (vulnerable application + misconfigured Azure components + multiple attack paths) that can be used to learn/teach/practice Azure cloud environment pentesting.\n

Audience: Cloud, Ofference, Defense\n

\n\n\'',NULL,149039),('2_Friday','13','12:00','13:55','Y','DL','Caesars Forum - Committee Boardroom (Demo Labs)','\'AzureGoat: Damn Vulnerable Azure Infrastructure\'','\'Nishant Sharma,Rachna Umraniya\'','DL_f4571a42d65c09ab544e32ebbf7d8c55','\'\'',NULL,149040),('3_Saturday','14','14:00','15:55','N','DL','Caesars Forum - Caucus Boardroom (Demo Labs)','\'Control Validation Compass â€“ Threat Modeling Aide & Purple Team Content Repo\'','\'Scott Small\'','DL_6a03636097563c42e70179271dd9f276','\'Title: Control Validation Compass â€“ Threat Modeling Aide & Purple Team Content Repo
\nWhen: Saturday, Aug 13, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Caucus Boardroom (Demo Labs) - Map
\n
SpeakerBio:Scott Small\n
\nScott Small has over 10 yearsâ€™ professional experience as a security & intelligence practitioner. Currently an analyst at a major retailer, Scottâ€™s prior roles focused on advising security teams across maturity levels on technical and strategic applications of intelligence. Scott is an active member of the professional security & intelligence communities. In addition to speaking and contributing to community projects, he has launched two projects that aggregate and streamline publicly accessible intelligence/security resources, as well as authored his own original tools & resources.
\nTwitter: @IntelScott
\n\n
\nDescription:
\nControl Validation Compass (\"Control Compass\") provides a needed public resource that enables cyber security teams to actually operationalize MITRE ATT&CK for its best purpose: prioritized control validation. Control Compass unites tens of thousands of detection rules, offensive security scripts, and policy recommendations from 60+ open sources â€“ all aligned with MITRE ATT&CK â€“ into the largest single, continuously updated reference library for such content, wrapped in an easily searchable interface. This saves defenders, red teamers, and intel & GRC analysts serious time & effort when researching content for purple teaming efforts (aka control validation). Like its input components and sources, Control Compass resource sets are openly available to all, no strings attached. Control Compass supports a powerful second use case informed by its authorâ€™s experience advising security & intelligence teams across maturity levels: the tool also provides a library of unique, openly available threat landscape summaries organized by key adversary categories, including motivation, location, and victim industry. By enabling easy identification of relevant threat intelligence â€“ and a simple UI-based workflow to instantly surface corresponding security controls â€“ Control Compass greatly lowers the barrier to building accurate, intelligence-driven threat models and helps drive tighter control validation feedback loops around the threats that matter most to a given organization.\n

Audience: Intelligence analysts, SOC/blue team/defenders, red team/adversary emulation, GRC analysts\n

\n\n\'',NULL,149041),('3_Saturday','15','14:00','15:55','Y','DL','Caesars Forum - Caucus Boardroom (Demo Labs)','\'Control Validation Compass â€“ Threat Modeling Aide & Purple Team Content Repo\'','\'Scott Small\'','DL_6a03636097563c42e70179271dd9f276','\'\'',NULL,149042),('2_Friday','12','12:00','13:55','N','DL','Caesars Forum - Accord Boardroom (Demo Labs)','\'Packet Sender\'','\'Dan Nagle\'','DL_09cf2df0de4efb93853acda99caf4d2d','\'Title: Packet Sender
\nWhen: Friday, Aug 12, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Accord Boardroom (Demo Labs) - Map
\n
SpeakerBio:Dan Nagle\n
\nDan Nagle has over 15 years of software development experience. He has written and published apps for desktop, mobile, servers, and embedded. He is the author and inventor of Packet Sender, an app used daily by security researchers, featured in manuals from major tech companies, and is taught in universities around the world. He is also the author of 2 network-related patents and a book published by CRC Press. His open source contributions have received international awards, and he has presented at many developer conferences about them.
\n\n
\nDescription:
\nPacket Sender is a free open-source (GPLv2) cross-platform (Windows, Mac, Linux) tool used daily by security researchers, college students, and professional developers to troubleshoot and reverse engineer network-based devices. Its core features are crafting and listening for UDP, TCP, and SSL/TLS packets via IPv4 or IPv6. It can listen simultaneously on any number of ports while sending to any UDP, TCP, SSL/TLS packet server. It is available for direct download or through the Winget, Homebrew, Debian, or Snap repos.\n

Audience: Offensive, Defensive, Developers, Testers\n

\n\n\'',NULL,149043),('2_Friday','13','12:00','13:55','Y','DL','Caesars Forum - Accord Boardroom (Demo Labs)','\'Packet Sender\'','\'Dan Nagle\'','DL_09cf2df0de4efb93853acda99caf4d2d','\'\'',NULL,149044),('2_Friday','10','10:00','11:55','N','DL','Caesars Forum - Council Boardroom (Demo Labs)','\'FISSURE: The RF Framework\'','\'Christopher Poore\'','DL_15eb0413817be4112d260d82cab3d979','\'Title: FISSURE: The RF Framework
\nWhen: Friday, Aug 12, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Council Boardroom (Demo Labs) - Map
\n
SpeakerBio:Christopher Poore\n
\nChris Poore is a Senior Reverse Engineer at Assured Information Security in Rome, NY. He has expertise discovering vulnerabilities in wireless systems, gaining access to systems via RF, reverse engineering RF protocols, forensically testing cybersecurity systems, and administering RF collection events. He has been the main figure behind the design and implementation of FISSURE since its inception in 2014. Chris is excited about implementing ideas drawn from the community and taking advantage of increased networking opportunities, so please reach out to him.
\n\n
\nDescription:
\nFISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signal data, scripts, flow graphs, reference material, and third-party tools. FISSURE is a workflow enabler that keeps software in one location and allows teams to effortlessly get up to speed while sharing the same proven baseline configuration for specific Linux distributions. The framework and tools included with FISSURE are designed to detect the presence of RF energy, understand the characteristics of a signal, collect and analyze samples, develop transmit and/or injection techniques, and craft custom payloads or messages. FISSURE contains a growing library of protocol and signal information to assist in identification, packet crafting, and fuzzing. Online archive capabilities exist to download signal files and build playlists to simulate traffic and test systems.\n

Audience: RF, Wireless, SDR, Offense, Defense\n

\n\n\'',NULL,149045),('2_Friday','11','10:00','11:55','Y','DL','Caesars Forum - Council Boardroom (Demo Labs)','\'FISSURE: The RF Framework\'','\'Christopher Poore\'','DL_15eb0413817be4112d260d82cab3d979','\'\'',NULL,149046),('2_Friday','12','12:00','13:55','N','DL','Caesars Forum - Caucus Boardroom (Demo Labs)','\'Wakanda Land\'','\'Stephen Kofi Asamoah\'','DL_76a09befc701467eb893e3a7cb3d4c28','\'Title: Wakanda Land
\nWhen: Friday, Aug 12, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Caucus Boardroom (Demo Labs) - Map
\n
SpeakerBio:Stephen Kofi Asamoah\n
\nStephen Kofi Asamoah (q0phi80) is an Offensive Security professional, with over fifteen (15) years of experience running Offensive Security operations. Some of his previous places of employment include Ernst & Young, PwC and IBM X-Force Red. Currently as a Snr. Manager of Offensive Cybersecurity Operations, he runs an Enterprise\'s Offensive Security programs and manages a team of Offensive Security Operators.
\n\n
\nDescription:
\nWakanda Land is a Cyber Range deployment tool that uses terraform for automating the process of deploying an Adversarial Simulation lab infrastructure for practicing various offensive attacks. This project inherits from other people\'s work in the Cybersecurity Community, to which I have added some additional sprinkles to their work from my other research. The tool deploys the following for the lab infrastructure (of course, more assets can be added): -Two Subnets -Guacamole Server --This provides dashboard access to --Kali GUI and Windows RDP instances The Kali GUI, Windows RDP and the user accounts used to log into these instances are already backed into the deployment process --To log into the Guacamole dashboard with the guacadmin account, you need to SSH into the Guacamole server using the public IP address (which is displayed after the deployment is complete) and then change into the guacamole directory and then type cat .env for the password (the guacadmin password is randomly generated and saved as an environment variable) -Windows Domain Controller for the Child Domain (first.local) -Windows Domain Controller for the Parent Domain (second.local) -Windows Server in the Child Domain -Windows 10 workstation in the Child Domain -Kali Machine - a directory called toolz is created on this box and Covenant C2 is downloaded into that folder, so its just a matter of running Covenant once you are authenticated into Kali -Debian Server serving as Web Server 1 - OWASP\'s Juice Shop deployed via Docker -Debian Server serving as Web Server 2 - Vulnerable web apps\n

Audience: Offensive - Defensive - Any Cybersecurity enthusiasts\n

\n\n\'',NULL,149047),('2_Friday','13','12:00','13:55','Y','DL','Caesars Forum - Caucus Boardroom (Demo Labs)','\'Wakanda Land\'','\'Stephen Kofi Asamoah\'','DL_76a09befc701467eb893e3a7cb3d4c28','\'\'',NULL,149048),('2_Friday','10','10:00','11:55','N','DL','Caesars Forum - Accord Boardroom (Demo Labs)','\'TheAllCommander\'','\'Matthew Handy\'','DL_65ee8e2be1a7059aa06f8f3d913f6fa9','\'Title: TheAllCommander
\nWhen: Friday, Aug 12, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Accord Boardroom (Demo Labs) - Map
\n
SpeakerBio:Matthew Handy\n
\nMatt Handy completed his BS in Computer Science at the University of Maryland, College Park (UMD) in 2010, and MS in CyberSecurity at Johns Hopkins in 2014. He has worked for NASA\'s Goddard Space Flight Center doing satellite ground systems development since 2009. He has specialized in secure software systems development and has helped to develop several missions over the course of his career. In his off time, he enjoys doing independent security research and creating tools like TheAllCommander to help make a more secure cyber world.
\n\n
\nDescription:
\nTheAllCommander is an open-source tool which offers red teams and blue teams a framework to rapidly prototype and model malware communications, as well as associated client-side indicators of compromise. The framework provides a structured, documented, and object-oriented API for both the client and server, allowing anyone to quickly implement a novel communications protocol between a simulated malware daemon and its command and control server. For Blue Teamers, this allows rapid modeling of emerging threats and comprehensive testing in a controlled manner to develop reliable detection models. For Red Teamers, this framework allows rapid iteration and development of new protocols and communications schemes with an easy to use Python interface. The framework has many tools or techniques used by red teams built in, such as a SOCKS5 proxy, which then use the implemented communication scheme. This allows comprehensive testing of the detection and functional capability of the communication scheme, allowing for efficient design and development choices to be made before committing to production tool development. To facilitate this goal, TheAllCommander includes a Java based command and control server with a simple API to allow new plug-ins for server-side control. There is a python-based emulation client, which can be easily extended using the API to allow new client side communications code. Several reference implementations for covert malware communication are provided to allow out-of-the-box modeling, including emulated client browser HTTPS traffic, DNS queries, and email traffic. The tool chain includes support for several common Red Team tactics, such as Remote Desktop tunneling and FODHelper UAC bypass. This implementation effectively generates both client side and network traffic indicators of compromise.\n

Audience: Offense, Defense\n

\n\n\'',NULL,149049),('2_Friday','11','10:00','11:55','Y','DL','Caesars Forum - Accord Boardroom (Demo Labs)','\'TheAllCommander\'','\'Matthew Handy\'','DL_65ee8e2be1a7059aa06f8f3d913f6fa9','\'\'',NULL,149050),('2_Friday','14','14:00','15:55','N','DL','Caesars Forum - Council Boardroom (Demo Labs)','\'PCILeech and MemProcFS\'','\'Ulf Frisk,Ian Vitek\'','DL_574c68a7ab440f400322c95f63eff605','\'Title: PCILeech and MemProcFS
\nWhen: Friday, Aug 12, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Council Boardroom (Demo Labs) - Map
\nSpeakers:Ulf Frisk,Ian Vitek
\n
SpeakerBio:Ulf Frisk\n
\nUlf is a pentester by day, and a security researcher by night. Ulf is the author of the PCILeech direct memory access attack toolkit and MemProcFS. Ulf is interested in things low-level and primarily focuses on memory analysis and DMA.
\n
SpeakerBio:Ian Vitek\n
\nIan Vitek has a background as a pentester but now works with information security in the Swedish financial sector. Ian has held several presentations at DEF CON, BSidesLV and other IT security conferences.
\n\n
\nDescription:
\nThe PCILeech direct memory access attack toolkit was presented at DEF CON 24 and quickly became popular amongst red teamers and game hackers alike. We will demonstrate how to take control of still vulnerable systems with PCIe DMA code injection using affordable FPGA hardware and the open source PCILeech toolkit. MemProcFS is memory forensics and analysis made super easy! Analyze memory by clicking on files in a virtual file system or by using the API. Analyze memory dump files or live memory acquired using drivers or PCILeech PCIe FPGA hardware devices.\n

Audience: Offense, Defense, Forensics, Hardware\n

\n\n\'',NULL,149051),('2_Friday','15','14:00','15:55','Y','DL','Caesars Forum - Council Boardroom (Demo Labs)','\'PCILeech and MemProcFS\'','\'Ulf Frisk,Ian Vitek\'','DL_574c68a7ab440f400322c95f63eff605','\'\'',NULL,149052),('3_Saturday','10','10:00','11:55','N','DL','Caesars Forum - Accord Boardroom (Demo Labs)','\'Empire 4.0 and Beyond\'','\'Vincent \"Vinnybod\" Rose,Anthony \"Cx01N\" Rose\'','DL_9e7d233d09151cb33757a5ca21dac381','\'Title: Empire 4.0 and Beyond
\nWhen: Saturday, Aug 13, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Accord Boardroom (Demo Labs) - Map
\nSpeakers:Vincent \"Vinnybod\" Rose,Anthony \"Cx01N\" Rose
\n
SpeakerBio:Vincent \"Vinnybod\" Rose\n, Lead Tool Developer
\nVincent \"Vinnybod\" Rose is the lead developer for Empire and Starkiller. He is a software engineer with experience in cloud services, large-scale web applications, build pipeline automation, and big data ETL. Vinnybod has presented at Black Hat and has taught courses at DEF CON on Red Teaming and Offensive PowerShell. He currently maintains a cybersecurity blog focused on offensive security at https://www.bc-security.org/blog/.
\n
SpeakerBio:Anthony \"Cx01N\" Rose\n, Lead Security Researcher
\nAnthony \"Cx01N\" Rose, CISSP, is a Security Researcher and Chief Operating Officer at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, and RSA conferences. Anthony is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing widespread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
\nTwitter: @Cx01N_
\n\n
\nDescription:
\nEmpire is a Command and Control (C2) framework powered by Python 3 that supports Windows, Linux, and macOS exploitation. It has evolved significantly since its introduction in 2015 and has become one of the most widely used open-source C2 platforms. Starting life as PowerShell Empire and later merging in Empyre, Empire is now a full-fledged .NET C2 leveraging PowerShell, Python, C, and Dynamic Language Runtime (DLR) agents. It offers a flexible modular architecture that links Advanced Persistent Threats (APTs) Tactics, Techniques, and Procedures (TTPs) through the MITRE ATT&CK database. The framework aims to provide a flexible and easy-to-use interface to easily incorporate a wide array of tools into a single platform for red team operations to emulate APTs. This presentation will explore our most recent upgrades in Empire 4.0, including C and IronPython agents, Customizable Bypasses, Malleable HTTP C2, Donut Integration, Beacon Object File (BoF), and much more. In addition, our team will be giving a preview of Empire 5.0 and its features. The most exciting of these being the brand-new web client (Starkiller 2.0) and v2 API, which will be released later this year.\n

Audience: Offense\n

\n\n\'',NULL,149053),('3_Saturday','11','10:00','11:55','Y','DL','Caesars Forum - Accord Boardroom (Demo Labs)','\'Empire 4.0 and Beyond\'','\'Vincent \"Vinnybod\" Rose,Anthony \"Cx01N\" Rose\'','DL_9e7d233d09151cb33757a5ca21dac381','\'\'',NULL,149054),('3_Saturday','14','14:00','15:55','N','DL','Caesars Forum - Council Boardroom (Demo Labs)','\'hls4ml - Open Source Machine Learning Accelerators on FPGAs\'','\'Ben Hawks,Andres Meza\'','DL_add45fbf8737ac07bda8b83221b25c1f','\'Title: hls4ml - Open Source Machine Learning Accelerators on FPGAs
\nWhen: Saturday, Aug 13, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Council Boardroom (Demo Labs) - Map
\nSpeakers:Ben Hawks,Andres Meza
\n
SpeakerBio:Ben Hawks\n
\nBen Hawks is an AI Researcher at Fermi National Accelerator Laboratory, focusing on optimizing and compressing neural networks to be tiny, fast, and accurate for use on FPGAs and other specialized hardware. Since he was young, heâ€™s had a personal interest in computer security, programming, and electronics, and is interested in learning how to make machine learning fair, efficient, and fast. Outside of work, he spends his time messing with electronics, tabletop RPGs, and catering to the whims of a small feline overlord.
\n
SpeakerBio:Andres Meza\n
\nAndres Meza is a research and development engineer in the Department of Computer Science and Engineering at the University of California, San Diego. He received a B.S. Computer Science and a B.S. Cognitive Science with a Machine Learning and Neural Computation Specialization from UCSD in 2020. His current research focuses on hardware security, optimization of ML models for hardware deployment, and computer vision.
\n\n
\nDescription:
\nBorn from the high energy physics community at the Large Hadron Collider, hls4ml is an open-source Python package for machine learning inference in FPGAs (Field Programmable Gate Arrays). It creates firmware implementations of machine learning algorithms by translating traditional, open-source machine learning package models into optimized high level synthesis C++ that can then be customized for your use case and implemented on devices such as FPGAs and Application Specific Integrated Circuits (ASICs). Hls4ml can easily scale the implementation of a model to take advantage of the parallel processing capabilities that FPGAs offer, not only allowing for low latency, high throughput designs, but also designs sized to fit on lower cost, resource constrained hardware. Hls4ml also supports generating accelerators with different drivers that build minimal, self-contained implementations which enable control via Python or C/C++ with little extra development or hardware expertise.\n

Audience: Hardware, AI, IoT, FPGA\n

\n\n\'',NULL,149055),('3_Saturday','15','14:00','15:55','Y','DL','Caesars Forum - Council Boardroom (Demo Labs)','\'hls4ml - Open Source Machine Learning Accelerators on FPGAs\'','\'Ben Hawks,Andres Meza\'','DL_add45fbf8737ac07bda8b83221b25c1f','\'\'',NULL,149056),('3_Saturday','10','10:00','11:55','N','DL','Caesars Forum - Caucus Boardroom (Demo Labs)','\'Memfini - A systemwide memory monitor interface for linux\'','\'Shubham Dubey,Rishal Dwivedi\'','DL_db28aa468b33f1e4584c86353b0a15bc','\'Title: Memfini - A systemwide memory monitor interface for linux
\nWhen: Saturday, Aug 13, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Caucus Boardroom (Demo Labs) - Map
\nSpeakers:Shubham Dubey,Rishal Dwivedi
\n
SpeakerBio:Shubham Dubey\n
\nShubham is a Security Researcher 2 at Microsoft where he works for Microsoftâ€™s defender product. His expertise lies in low level security and internals which includes reverse engineering, exploitation and firmware security. Prior to joining Microsoft, Shubham was Security researcher at Antivirus company working in exploit prevention team where he contributed to protect customers from 0days and vulnerabilities in the wild. Shubham has worked on multiple independent project on kernel level and firmware security. He own a security blog nixhacker.com where you will find lots of content on low level security and internals.
\n
SpeakerBio:Rishal Dwivedi\n
\nRishal is a Security Researcher at Microsoft where he works for Microsoft\'s defender product. His expertise lies in Offensive security which includes vulnerability discovery and exploitation, owning multiple CVE\'s. Prior to joining Microsoft, Rishal was a Sr. Security researcher at company where he contributed to their Web Application Security product. Rishal gained fame in bug bounty at an early age of 13 years. After contributing to Application Security for multiple years, he went on to explore other domains of security including IOT security and Malware Analysis.
\n\n
\nDescription:
\nSurprisingly, memory related events logging has been ignored by monitoring toolâ€™s authors since a long time. There are multiple event loggers present for Linux that are capable of monitoring processes, i/o operations, function calls or whole systemwide events. But something which lacks in most is global monitoring of memory related events like allocation, attachment to a shared memory, memory allocation in foreign process etc. This has many applications in security domain or even software engineering in general. The main area of focus or use case for Memfini is to assist Security professionals for carrying out memory specific Dynamic Malware Analysis, in order to help them in finding indicators for malicious activities without reversing the behavior. Below listed are few of the use cases (which we will also be demonstrating in the talk). â€¢ Process Injection â€¢ Fileless malware execution â€¢ Shellcode Execution â€¢ Malicious shared memory usage On the other hand, it can also be helpful for Software developers, who wish to have an eagle eye on the memory allocations â€¢ Finding Memory Leaks â€¢ Error detection for debugging purposes. The is possible as Memfini is capable of monitoring memory allocations on User space, Kernel space as well as some under looked allocations like PCI device mapping, DMA allocations etc. It provides a command line interface with multiple filters, allowing a user to interact with the logs generated & get the required data. Currently, the user will be able to filter the events by individual process, type of access etc.\n

Audience: Defensive security(Malware researcher, IR/Forensics) and Offensive security(memory based vulnerability discovery)\n

\n\n\'',NULL,149057),('3_Saturday','11','10:00','11:55','Y','DL','Caesars Forum - Caucus Boardroom (Demo Labs)','\'Memfini - A systemwide memory monitor interface for linux\'','\'Shubham Dubey,Rishal Dwivedi\'','DL_db28aa468b33f1e4584c86353b0a15bc','\'\'',NULL,149058),('3_Saturday','12','12:00','13:55','N','DL','Caesars Forum - Committee Boardroom (Demo Labs)','\'PMR - PT & VA Management & Reporting\'','\'Abdul Alanazi,Musaed Bin Muatred\'','DL_47ee8dae920650e5abebab09091b3dde','\'Title: PMR - PT & VA Management & Reporting
\nWhen: Saturday, Aug 13, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Committee Boardroom (Demo Labs) - Map
\nSpeakers:Abdul Alanazi,Musaed Bin Muatred
\n
SpeakerBio:Abdul Alanazi\n
\nAbdul Alenazi is a penetration testing technical manager @SabrySecurity, a founding member of Sabry InfoSec, with nearly 8 years of experience in pentesting. Prior to joining Sabry, he has worked as a Penetration Testing Consultant at Booz Allen Hamilton, HYAS infoSec, ManTech and other Global & Local Companies. Abdul has completed MASc in Computer Engineering with focus on Applied Network Security & Machine Learning at @UVIC.ca. He has also published academic research on Botnet Detection. In his free time, he enjoys coding and investigating open source security tools. Twitter: @alenazi_90
\n
SpeakerBio:Musaed Bin Muatred\n
\nMusaed Bin Muatred: is a Threat Intelligence expert with +8 years of experience in the field of cyber defence. He holds more than 10 certifications and MSc in Computer Science. Also, he has extensive experience in DFIR, threat hunting and reverse engineering
\n\n
\nDescription:
\nPMR (PTVA Management & Reporting) is an open-source collaboration platform that closes the gap between InfoSec Technical teams and Management in all assessment phases, from planning to reporting. Technical folks can focus on assessment methodology planning, test execution ,and engagement collaboration. Whereas management can plan engagements, track progress, assign testers, monitor remediation status, and escalate SLA breaches, this is an All-in-One fancy dashboard. The main features are: A) Asset Management which allows IT asset inventory tracking with system owner contacts. B) Engagements Management & Planning that enable security testers to follow a test execution roadmap by creating a new testing methodology or follow execution standards such as NIST, PTES or OWASP. It definitely will keep pentesting engagements and projects more professional. Also, it enables collaborative testing, gathering information and evidence uploading. C) Report Automation that automates boring tasks such as writing technical reports and validation reports. Generating a PDF report that is ready to share with clients and management can be accomplished with one-click. D) All-in-One Dashboard that will keep executives and management up-to-date with the organization\'s security posture. The dashboard components are: - High level of current vulnerabilities. - Engagement progress. - Remediation Status. - Track SLA breaches. -Monitoring risk exceptions.\n

Audience: Security professionals, Vulnerability Analysts , AppSec, Offense, Risk Management\n

\n\n\'',NULL,149059),('3_Saturday','13','12:00','13:55','Y','DL','Caesars Forum - Committee Boardroom (Demo Labs)','\'PMR - PT & VA Management & Reporting\'','\'Abdul Alanazi,Musaed Bin Muatred\'','DL_47ee8dae920650e5abebab09091b3dde','\'\'',NULL,149060),('3_Saturday','14','14:00','15:55','N','DL','Caesars Forum - Accord Boardroom (Demo Labs)','\'OpenTDF\'','\'Paul Flynn,Cassandra Bailey\'','DL_90d08a5c02ef1bf5c026acbfd87d20d0','\'Title: OpenTDF
\nWhen: Saturday, Aug 13, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Accord Boardroom (Demo Labs) - Map
\nSpeakers:Paul Flynn,Cassandra Bailey
\n
SpeakerBio:Paul Flynn\n
\nPaul has been a software developer for over 25 years, starting as a webmaster in 1995. Paul has worked on securely connecting merchants with banking mainframes; providing governments with digital signing and receipting of documents, and solved Y2K. He has helped scale some of the largest web sites of its time (eBay, Obamacare) and worked on command-and-control systems of life-saving McMurdo beacons. Paul has recognized the deficiency of security from his past and is proud of the solution that is available in OpenTDF.
\n
SpeakerBio:Cassandra Bailey\n
\nCassandra started her career as a full-stack developer for web and macOS applications, and has since managed projects and products in the DeFi, gaming, and most recently, data protection and security spaces. The latter corresponds to her role in helping to develop and manage the OpenTDF project, an open-source API and SDK that leverages the Trusted Data Format (TDF) to enable zero-trust data protection.
\n\n
\nDescription:
\nOpenTDF is an open source project that provides developers with the tools to build data protections natively within their applications using the Trusted Data Format (TDF).\n

Audience: AppSec, Defense, Mobile, IoT\n

\n\n\'',NULL,149061),('3_Saturday','15','14:00','15:55','Y','DL','Caesars Forum - Accord Boardroom (Demo Labs)','\'OpenTDF\'','\'Paul Flynn,Cassandra Bailey\'','DL_90d08a5c02ef1bf5c026acbfd87d20d0','\'\'',NULL,149062),('2_Friday','14','14:00','15:55','N','DL','Caesars Forum - Society Boardroom (Demo Labs)','\'Badrats: Initial Access Made Easy\'','\'Kevin Clark,Dominic â€œCryillicâ€ Cunningham\'','DL_614250877f0b91caa8c2fcd5b44651de','\'Title: Badrats: Initial Access Made Easy
\nWhen: Friday, Aug 12, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Society Boardroom (Demo Labs) - Map
\nSpeakers:Kevin Clark,Dominic â€œCryillicâ€ Cunningham
\n
SpeakerBio:Kevin Clark\n
\nKevin Clark is a Software Developer at Def-Logix focused on development of offensive security tools. His previous work includes Penetration Testing and Red Team Operator, focusing on initial access and active directory exploitation. Kevin contributes to open-source tools such as PowerShell Empire and publishes custom security toolkits such as Badrats and WindowsBinaryReplacements. Kevin authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
\nTwitter: @GuhnooPlusLinux
\n
SpeakerBio:Dominic â€œCryillicâ€ Cunningham\n
\nDominic â€œCryillicâ€ Cunningham is a Red Team Content Engineer for TryHackMe, a large cybersecurity education platform. He is currently pursuing a degree in computing security with a focus in digital forensics and malware. His work includes general adversary emulation, offensive operations, and evasion. He specializes in researching and documentation of Evasion Techniques, Windows Internals, and Active Directory. Most of his work and research has been published at https://www.tryhackme.com, where he has also developed and released numerous CTF boxes and enterprise-level ranges.
\n\n
\nDescription:
\nRemote Access Trojans (RATs) are one of the defining tradecraft for identifying an Advanced Persistent Threat. The reason being is that APTs typically leverage custom toolkits for gaining initial access, so they do not risk burning full-featured implants. Badrats takes characteristics from APT Tactics, Techniques, and Procedures (TTPs) and implements them into a custom Command and Control (C2) tool with a focus on initial access and implant flexibility. The key goal is to emulate that modern threat actors avoid loading fully-featured implants unless required, instead opting to use a smaller staged implant. Badrats implants are written in various languages, each with a similar yet limited feature set. The implants are designed to be small for antivirus evasion and provides multiple methods of loading additional tools, such as shellcode, .NET assemblies, PowerShell, and shell commands on a compromised host. One of the most advanced TTPs that Badrats supports is peer-to-peer communications over SMB to allow implants to communicate through other compromised hosts.\n

Audience: Offense\n

\n\n\'',NULL,149063),('2_Friday','15','14:00','15:55','Y','DL','Caesars Forum - Society Boardroom (Demo Labs)','\'Badrats: Initial Access Made Easy\'','\'Kevin Clark,Dominic â€œCryillicâ€ Cunningham\'','DL_614250877f0b91caa8c2fcd5b44651de','\'\'',NULL,149064),('2_Friday','12','12:00','13:55','N','DL','Caesars Forum - Society Boardroom (Demo Labs)','\'Mercury\'','\'David McGrew,Brandon Enright\'','DL_793603ead4f47faab8f6a993a6a4926a','\'Title: Mercury
\nWhen: Friday, Aug 12, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Society Boardroom (Demo Labs) - Map
\nSpeakers:David McGrew,Brandon Enright
\n
SpeakerBio:David McGrew\n
\nDavid McGrew leads research and development into the detection of threats, vulnerabilities, and attacks using network data. He designed authenticated encryption algorithms and protocols, most notably GCM and Secure RTP, and he is a Fellow at Cisco Systems.
\n
SpeakerBio:Brandon Enright\n
\nBrandon Enright is a lead DIFR investigator for Cisco CSIRT, an expert at DNS and network data analysis, and a contributor to Nmap and other open source projects.
\n\n
\nDescription:
\nMercury is an open source package for network metadata extraction and analysis. It reports session metadata including fingerprint strings for TLS, QUIC, HTTP, DNS, and many other protocols. Mercury can output JSON or PCAP. Designed for large scale use, it can process packets in real time at 40Gbps on server-class commodity hardware, using Linux native zero-copy high performance networking. The Mercury package includes tools for analyzing PKIX/X.509 certificates and finding weak keys, and for analyzing fingerprints with destination context using a naive Bayes classifier.\n

Audience: Network defense, incident response, forensics, security and privacy research\n

\n\n\'',NULL,149065),('2_Friday','13','12:00','13:55','Y','DL','Caesars Forum - Society Boardroom (Demo Labs)','\'Mercury\'','\'David McGrew,Brandon Enright\'','DL_793603ead4f47faab8f6a993a6a4926a','\'\'',NULL,149066),('2_Friday','10','10:00','11:55','N','DL','Caesars Forum - Society Boardroom (Demo Labs)','\'Zuthaka: A Command & Controls (C2s) integration framework\'','\'Lucas Bonastre,Alberto Herrera\'','DL_190529692f756efdd7edb8dab012770e','\'Title: Zuthaka: A Command & Controls (C2s) integration framework
\nWhen: Friday, Aug 12, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Society Boardroom (Demo Labs) - Map
\nSpeakers:Lucas Bonastre,Alberto Herrera
\n
SpeakerBio:Lucas Bonastre\n
\nLucas started his career studying Mathematics at the University of Buenos Aires, however when his uncle gave him a C++ book, he realized his true passion for programming and his outstanding ability for problem-solving. He worked across cybersecurity and technology firms and is a vetted developer in many languages such as C/C++, Python, Java, and PHP. Now he is a full time developer and security researcher at Pucara Information Security. In his spare time, he is an expert chess player, and he is studying Computer Vision to analyze foosball strategies.
\n
SpeakerBio:Alberto Herrera\n
\nAlberto began his journey in cybersecurity in a consulting firm, where he worked with one of the biggest telecommunication companies of the region. He continued as an advisor on the National Cyber-Defence Initiative for the Argentina Armed Forces where he worked on many high-level government programs which required elevated security clearance. He also worked for Immunity, a prominent offensive security firm that serves the financial sector, and large enterprises, where he performed cybersecurity assessments for Forbes 100 companies. In his spare time, he is a retro gaming evangelist, where he applies his hardware-hacking and low-level programming skills on different architectures.
\n\n
\nDescription:
\nThe current C2s ecosystem has rapidly grown in order to adapt to modern red team operations and diverse needs (further information on C2 selection can be found here). This comes with a lot of overhead work for Offensive Security professionals everywhere. Creating a C2 is already a demanding task, and most C2s available lack an intuitive and easy to use web interface. Most Red Teams must independently administer and understand each C2 in their infrastructure. Zuthaka presents a simplified API for fast and clear integration of C2s and provides a centralized management for multiple C2 instances through a unified interface for Red Team operations. A collaborative free open-source Command & Control development framework that allows developers to concentrate on the core function and goal of their C2. Zuthaka is more than just a collection of C2s, it is also a solid foundation that can be built upon and easily customized to meet the needs of the exercise that needs to be accomplished. This integration framework for C2 allows developers to concentrate on a unique target environment and not have to reinvent the wheel. After we first presented Zuthakas\' MVP at Black hat USA 2021 and DEFCON demo labs, we are now presenting the first release with updated post-exploitation modules to support text based modules, as well as file based ones. With a lab populated of commonly used C2s and its out-of-the-box integrations.\n

Audience: Red team operators, wishing a centralized place to handle all C2s instances. C2 developers, wishing to save the effort of writing the Frontend. Hackers, wishing a strong infrastructure to run C2s.\n

\n\n\'',NULL,149067),('2_Friday','11','10:00','11:55','Y','DL','Caesars Forum - Society Boardroom (Demo Labs)','\'Zuthaka: A Command & Controls (C2s) integration framework\'','\'Lucas Bonastre,Alberto Herrera\'','DL_190529692f756efdd7edb8dab012770e','\'\'',NULL,149068),('3_Saturday','14','14:00','15:55','N','DL','Caesars Forum - Society Boardroom (Demo Labs)','\'Xavier Memory Analysis Framework\'','\'Solomon Sonya\'','DL_4859469891b4227a484c7640cbf7e786','\'Title: Xavier Memory Analysis Framework
\nWhen: Saturday, Aug 13, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Society Boardroom (Demo Labs) - Map
\n
SpeakerBio:Solomon Sonya\n, Director of Cyber Operations Training
\nSolomon Sonya (@Carpenter1010) is the Director of Cyber Operations Training at a large organization. He has a background in software development, malware analysis, covert channels, steganography, distributed computing, computer hacking, information protection paradigms, and cyber warfare. He received his Undergraduate Degree in Computer Science and has Masterâ€™s degrees in Computer Science and Information System Engineering. Before becoming Director of Cyber Operations Training, he was a university Computer Science Assistant Professor of Computer Science and Research Director. Solomonâ€™s current research includes computer system exploitation, cyber threat intelligence, digital forensics, and data protection.\n

Solomon\'s previous keynote and conference engagements include: BlackHat USA, SecTor Canada, Hack in Paris, France, HackCon Norway, ICSIS â€“ Toronto, ICORES Italy, BruCon Belgium, CyberCentral â€“ Prague and Slovakia, Hack.Lu Luxembourg, Shmoocon DC, BotConf - France, DerbyCon Kentucky, SkyDogCon Tennessee, HackerHalted Georgia, Day-Con Ohio, and TakeDownCon Connecticut, Maryland, and Alabama, AFCEA â€“ Colorado Springs.\n

\nTwitter: @Carpenter1010
\n\n
\nDescription:
\nMalware continues to advance in sophistication. Well-engineered malware can obfuscate itself from the user and the OS. Volatile memory is the unique structure malware cannot evade. I have engineered a new construct for memory analysis and a new open-source tool that automates memory analysis, correlation, and user-interaction to increase investigation accuracy, reduce analysis time and workload, and better detect malware presence from memory. This talk demos a new visualization construct that creates the ability to interact with memory analysis artifacts. Additionally, this talk demos new, very impactful data XREF and a system manifest analysis features. Data XREF provides an index and memory context detailing how your search data is coupled with processes, modules, and events captured in memory. The System Manifest distills the analysis data to create a new memory analysis snapshot and precise identification of malicious artifacts detectable from malware execution especially useful for exploit dev and malware analysis! \n

Audience: Malware Analysts/Software Reverse Engineers Exploit Developers CTF Subject Matter Experts Incident Responders Digital Forensics Examiners Offense & Defense\n

\n\n\'',NULL,149069),('3_Saturday','15','14:00','15:55','Y','DL','Caesars Forum - Society Boardroom (Demo Labs)','\'Xavier Memory Analysis Framework\'','\'Solomon Sonya\'','DL_4859469891b4227a484c7640cbf7e786','\'\'',NULL,149070),('3_Saturday','12','12:00','13:55','N','DL','Caesars Forum - Caucus Boardroom (Demo Labs)','\'unblob - towards efficient firmware extraction\'','\'Quentin Kaiser,Florian Lukavsky\'','DL_0472ac9ee7c8a288066b6497507e1c3a','\'Title: unblob - towards efficient firmware extraction
\nWhen: Saturday, Aug 13, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Caucus Boardroom (Demo Labs) - Map
\nSpeakers:Quentin Kaiser,Florian Lukavsky
\n
SpeakerBio:Quentin Kaiser\n
\nQuentin Kaiser is an ex-penetration tester who turned binary analysis nerd. He\'s currently working as a security researcher at the ONEKEY Research Lab, where he focuses on binary exploitation of embedded devices and bug finding automation within large firmware.
\n
SpeakerBio:Florian Lukavsky\n
\nFlorian Lukavsky started his hacker career in early ages, bypassing parental control systems. Since then, he has reported numerous zero-day vulnerabilities responsibly to software vendors and has conducted hundreds of pentests and security reviews of IoT devices as a CREST certified, ethical hacker. Today, Florian Lukavsky aid organizations with IoT security automation as CTO of ONEKEY, the leading European platform for automated security analyses of IoT firmware.
\n\n
\nDescription:
\nUnblob is a command line extraction tool to obtain content from any kind of binary blob. It has been initially developed for the sound and safe extraction of arbitrary firmware images. It has been built as a modular framework where anyone can develop and submit new format handlers and extractors. Its public version already supports a large number of filesystems, archive, and compression formats: https://github.com/onekey-sec/unblob\n

Audience: Reverse Engineers, Embedded Security\n

\n\n\'',NULL,149071),('3_Saturday','13','12:00','13:55','Y','DL','Caesars Forum - Caucus Boardroom (Demo Labs)','\'unblob - towards efficient firmware extraction\'','\'Quentin Kaiser,Florian Lukavsky\'','DL_0472ac9ee7c8a288066b6497507e1c3a','\'\'',NULL,149072),('3_Saturday','10','10:00','11:55','N','DL','Caesars Forum - Society Boardroom (Demo Labs)','\'EDR detection mechanisms and bypass techniques with EDRSandBlast\'','\'Thomas Diot,Maxime Meignan\'','DL_ced356ab25b05ec1420d46f421dec032','\'Title: EDR detection mechanisms and bypass techniques with EDRSandBlast
\nWhen: Saturday, Aug 13, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Society Boardroom (Demo Labs) - Map
\nSpeakers:Thomas Diot,Maxime Meignan
\n
SpeakerBio:Thomas Diot\n
\nThomas Diot (Qazeer) is a security consultant at Wavestone, an independent French consulting firm. His work involves a mix of penetration testing, Red / Purple Teams engagements, and Incident Responses with Wavestone CERT-W. Thomas enjoys practicing and improving his skills by playing in CTFs, developing tools, and working on various security projects.
\n
SpeakerBio:Maxime Meignan\n
\nMaxime Meignan (@th3m4ks) is a security consultant at Wavestone, based in Paris, since the middle of the last decade. Loving to reverse engineer binaries in both professional and CTF contexts, Maxime has an IDA sticker on the back of his smartphone. And writes this uninteresting fact in his bio. He is currently interested in various fields of security, related to EDR software, Windows internals and Virtualisation Based Security.
\n\n
\nDescription:
\nEDRSandBlast is a tool written in C that implements and industrializes known as well as original bypass techniques to make EDR evasion easier during adversary simulations. Both user-land and kernel-land EDR detection capabilities can be bypassed, using multiple unhooking techniques and a vulnerable signed driver to unregister kernel callbacks and disable the ETW Threat Intelligence provider. Since the initial release, multiple improvements have been implemented in EDRSandBlast: it is now possible to use this toolbox as a library from another attacking tool, new bypasses have been implemented, the embedded vulnerable driver is now interchangeable to increase stealthiness and the use of a pre-built offsets database is no more required! Come discover our tool and its new features, learn (or teach us!) something about EDRs and discuss about the potential improvements to this project. \n

Audience: Offense, Defense, Windows, EDR\n

\n\n\'',NULL,149073),('3_Saturday','11','10:00','11:55','Y','DL','Caesars Forum - Society Boardroom (Demo Labs)','\'EDR detection mechanisms and bypass techniques with EDRSandBlast\'','\'Thomas Diot,Maxime Meignan\'','DL_ced356ab25b05ec1420d46f421dec032','\'\'',NULL,149074),('3_Saturday','12','12:00','13:55','N','DL','Caesars Forum - Society Boardroom (Demo Labs)','\'SharpSCCM\'','\'Chris Thompson,Duane Michael\'','DL_e1d3dadedb9b56db1b1f50d8f0b0e46a','\'Title: SharpSCCM
\nWhen: Saturday, Aug 13, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Society Boardroom (Demo Labs) - Map
\nSpeakers:Chris Thompson,Duane Michael
\n
SpeakerBio:Chris Thompson\n
\nChris is a senior consultant on SpecterOpsâ€™s adversary simulation team and has over ten years of experience in information security, serving numerous Fortune 500 clients in the retail, consumer products, financial, and telecom industries. He has extensive experience leading network, web application, and wireless penetration tests, social engineering engagements, and technical security assessments to provide actionable recommendations that align with each organization\'s security strategy and risk tolerance. Chris enjoys researching and applying new tradecraft to overcome technical challenges and writing tools that automate tasks and improve efficiency.
\n
SpeakerBio:Duane Michael\n
\nDuane is a senior consultant on SpecterOps\'s adversary simulation team, where he conducts advanced red team exercises and instructs courses on red team operations and vulnerability research. He has over ten years of experience in information security, with a deep curiosity for researching Windows, its internals, and related technologies. Duane strives to demystify tradecraft for clients through both an offensive and defensive lens, an activity he has performed for numerous Fortune 100 clients.
\n\n
\nDescription:
\nSharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr, formerly SCCM) for lateral movement from a C2 agent without requiring access to the SCCM administration console. SharpSCCM supports lateral movement functions ported from PowerSCCM and contains additional functionality to abuse newly discovered attack primitives for coercing NTLM authentication from local administrator and SCCM site server machine accounts in environments where automatic client push installation is enabled. SharpSCCM can also dump information about the SCCM environment from a client, including domain credentials for Network Access Accounts. Further, with access to an SCCM administrator account, operators of SharpSCCM can execute code as SYSTEM or coerce NTLM authentication from the currently logged-in user or the machine account on any SCCM client.\n

Audience: Offense, Defense, System Administrators\n

\n\n\'',NULL,149075),('3_Saturday','13','12:00','13:55','Y','DL','Caesars Forum - Society Boardroom (Demo Labs)','\'SharpSCCM\'','\'Chris Thompson,Duane Michael\'','DL_e1d3dadedb9b56db1b1f50d8f0b0e46a','\'\'',NULL,149076),('2_Friday','10','10:00','11:55','N','DL','Caesars Forum - Committee Boardroom (Demo Labs)','\'Vajra - Your Weapon To Cloud\'','\'Raunak Parmar\'','DL_cdacf8894759b5466f638158198bbf48','\'Title: Vajra - Your Weapon To Cloud
\nWhen: Friday, Aug 12, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Committee Boardroom (Demo Labs) - Map
\n
SpeakerBio:Raunak Parmar\n
\nRaunak Parmar works as a Security Consultant. Web/Cloud security, source code review, scripting, and development are some of his interests. Also, familiar with PHP, NodeJs, Python, Ruby, and Java. He is OSWE certified and the author of Vajra and 365-Stealer.
\n\n
\nDescription:
\nVajra (Your Weapon to Cloud) is a framework capable of validating the cloud security posture of the target environment. In Indian mythology, the word Vajra refers to the Weapon of God Indra (God of Thunder and Storms). Because it is cloud-connected, it is an ideal name for the tool. Vajra supports multi-cloud environments and a variety of attack and enumeration strategies for both AWS and Azure. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking and enumerating techniques all in one place with web UI interfaces so that it can be accessed anywhere by just hosting it on your server. The following modules are currently available: â€¢ Azure - Attacking 1. OAuth Based Phishing (Illicit Consent Grant Attack) - Exfiltrate Data - Enumerate Environment - Deploy Backdoors - Send mails/Create Rules 2. Password Spray 3. Password Brute Force - Enumeration 1. Users 2. Subdomain 3. Azure Ad 4. Azure Services - Specific Service 1. Storage Accounts â€¢ AWS - Enumeration 1. IAM Enumeration 2. S3 Scanner - Misconfiguration\n

Audience: Security Professional Cloud Engineer\n

\n\n\'',NULL,149077),('2_Friday','11','10:00','11:55','Y','DL','Caesars Forum - Committee Boardroom (Demo Labs)','\'Vajra - Your Weapon To Cloud\'','\'Raunak Parmar\'','DL_cdacf8894759b5466f638158198bbf48','\'\'',NULL,149078),('3_Saturday','14','14:00','15:55','N','DL','Caesars Forum - Committee Boardroom (Demo Labs)','\'ResidueFree\'','\'Logan Arkema\'','DL_8641d225d6be65fd1c2ee5b72f243694','\'Title: ResidueFree
\nWhen: Saturday, Aug 13, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Committee Boardroom (Demo Labs) - Map
\n
SpeakerBio:Logan Arkema\n
\nLogan is a former student-turned-independent researcher and software developer. While he makes a living conducting IT, security, and privacy audits, his most impactful hacking is 1337ing his job\'s policies as a union rep to elevate workplace privileges. He has an OSCP, other certs from days wooing federal hiring screeners to pass along his application, and The Time Warp stuck in his head from the time he heard \"rm -rf\" could be pronounced \"rimm raff.\"
\n\n
\nDescription:
\nResidueFree is a privacy-enhancing tool that allows individuals to keep sensitive information off their device\'s filesystem. It takes on-device privacy protections from TAILS and \"incognito\" web browser modes and applies them to any app running on a user\'s regular operating system, effectively making the privacy protections offered by TAILS more usable and accessible while improving the on-device privacy guarantees made by web browsers and extending them to any application. While ResidueFree currently runs on Linux, its maintainers are hoping to port it to other operating systems in the near future. In addition, ResidueFree can help forensic analysts and application security engineers isolate filesystem changes made by a specific application. The same implementation ResidueFree uses to ensure that any file changes an application makes are not stored to disk can also be used to isolate those changes to a separate folder without impacting the original files.\n

Audience: ResidueFree was primarily developed for individuals facing privacy threats that can access the information stored on the individuals\' device. However, this presentation is also designed for security trainers that want to expand the tools they can suggest as well as for privacy engineers interested in contributing to ResidueFree or expanding it to more commonly used operating systems. ResidueFree also has features built for malware or forensic analysts, application security engineers, or others who wish to easily isolate an application\'s changes to a device\'s filesystem with a simple tool.\n

\n\n\'',NULL,149079),('3_Saturday','15','14:00','15:55','Y','DL','Caesars Forum - Committee Boardroom (Demo Labs)','\'ResidueFree\'','\'Logan Arkema\'','DL_8641d225d6be65fd1c2ee5b72f243694','\'\'',NULL,149080),('3_Saturday','10','10:00','11:55','N','DL','Caesars Forum - Committee Boardroom (Demo Labs)','\'svachal + machinescli\'','\'Ankur Tyagi\'','DL_2ff7bb35c61bc12e68e2e5857f5c7e8a','\'Title: svachal + machinescli
\nWhen: Saturday, Aug 13, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Committee Boardroom (Demo Labs) - Map
\n
SpeakerBio:Ankur Tyagi\n
\nAnkur is working with Qualys Inc. as a Principal Engineer. On the Internet, he goes by the handle 7h3rAm and usually blogs here: http://7h3ram.github.io/.
\n\n
\nDescription:
\nWriteups for CTF challenges and machines are a critical learning resource for our community. For the author, it presents an opportunity to document their methodology, tips/tricks and progress. For the audience, it serves as reference material. Oftentimes, authors switch roles and become the audience to learn from their own work. This demo aims to showcase tools, svachal and machinescli, developed with these insights. These work in conjunction to help users curate their learning in .yml structured files, find insights and query this knowledge base as and when needed.\n

Audience: Offense/Defense\n

\n\n\'',NULL,149081),('3_Saturday','11','10:00','11:55','Y','DL','Caesars Forum - Committee Boardroom (Demo Labs)','\'svachal + machinescli\'','\'Ankur Tyagi\'','DL_2ff7bb35c61bc12e68e2e5857f5c7e8a','\'\'',NULL,149082),('2_Friday','14','14:00','15:55','N','DL','Caesars Forum - Accord Boardroom (Demo Labs)','\'CyberPeace Builders\'','\'Adrien Ogee\'','DL_62a3a5c2ff979a7dd4c9a8002e5000b9','\'Title: CyberPeace Builders
\nWhen: Friday, Aug 12, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Accord Boardroom (Demo Labs) - Map
\n
SpeakerBio:Adrien Ogee\n, Chief Operations Officer
\nAdrien is currently Chief Operations Officer at the CyberPeace Institute, a cybersecurity non-profit based in Switzerland. At the Institute, he provides cybersecurity assistance to vulnerable communities around the world. Adrien has more than 15 years of experience in various cyber crisis response roles in the private sector, the French Cybersecurity Agency (ANSSI), the European Cybersecurity Agency (ENISA), and the World Economic Forum. Adrien holds an MEng in telecommunication and information systems, an MSc in Global Security and a Master in Business Administration.
\n\n
\nDescription:
\nThe CyberPeace Builders are pro hackers who volunteer to help NGOs improve their cybersecurity. Through a portal that Iâ€™ll demo, hackers can access a variety of short engagements, from 1 to 4 hours, to provide targeted cybersecurity help to NGOs on topics ranging from staff awareness to DMARC implementation, password management and authentication practices, breach notification, OSINT and dark web monitoring, all the way to designing a cyber-related poster for the staff, reviewing their privacy policy and cyber insurance papers. The programme is the worldâ€™s first and only skills-based volunteering opportunity for professionals in the cybersecurity industry; it has been prototyped over 2 years, was launched in July 2021 and is now being used by over 60 NGOs worldwide, ultimately helping to protect over 350 million vulnerable people and $500 million in funds. Iâ€™ll demo the platform, show the type of help NGOs need and explain how NGOs and security professionals can leverage the programme.\n

Audience: Security professionals, NGOs\n

\n\n\'',NULL,149083),('2_Friday','15','14:00','15:55','Y','DL','Caesars Forum - Accord Boardroom (Demo Labs)','\'CyberPeace Builders\'','\'Adrien Ogee\'','DL_62a3a5c2ff979a7dd4c9a8002e5000b9','\'\'',NULL,149084),('3_Saturday','12','12:00','13:55','N','DL','Caesars Forum - Council Boardroom (Demo Labs)','\'Defensive 5G\'','\'Eric Mair,Ryan Ashley\'','DL_1a23cfb19a286df6c40e2a7222563780','\'Title: Defensive 5G
\nWhen: Saturday, Aug 13, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Council Boardroom (Demo Labs) - Map
\nSpeakers:Eric Mair,Ryan Ashley
\n
SpeakerBio:Eric Mair\n
\nEric Mair has been working in wireless communications for over 20 years and is currently working for In- Q-Tel Labs in Arlington, VA as a senior communications-technologist focusing on 5G, SDR and the application of machine-learning to RF communications. Prior to IQT he was with the US Government for 19 years.
\n
SpeakerBio:Ryan Ashley\n
\nRyan Ashley is currently a senior software-engineer at In-Q-Tel Labs. He is responsible for architecture, design, and implementation of open-source tools for analysis and visualization of network activity and other cyber-security use-cases. He is the primary maintainer of the IQT-Labs project NetworkML, and is a contributor to various other open-source projects.
\n\n
\nDescription:
\nIn this work we developed a 4.5G/5G network using only commercial off the shelf (COTS) hardware and open-source software to serve as test-infrastructure for studying vulnerabilities in 5G networks. We are using software defined networking (SDN) tools such as Faucet and Dovesnap and software defined radio(SDR) capabilities such as Open5gs and srsRAN along with Docker Containers to facilitate the rapid and reliable setup and configuration of network topologies that can be used to represent the 5G networks that we intend to test. By having a configurable and repeatable mechanism that could be shared among multiple users with differing hardware setups we were able to test 5G network configurations in a variety of ways and have those results validated by other team members.\n

Audience: Target Audience: Network Defense and Attack, 5G, Software Defined Radio and Infrastructure-as-Code.\n

\n\n\'',NULL,149085),('3_Saturday','13','12:00','13:55','Y','DL','Caesars Forum - Council Boardroom (Demo Labs)','\'Defensive 5G\'','\'Eric Mair,Ryan Ashley\'','DL_1a23cfb19a286df6c40e2a7222563780','\'\'',NULL,149086),('3_Saturday','10','10:00','11:55','N','DL','Caesars Forum - Council Boardroom (Demo Labs)','\'Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level\'','\'Jonathan Fischer,Jeremy Miller\'','DL_a9a1667beacb45abd6f33fb618884a3e','\'Title: Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level
\nWhen: Saturday, Aug 13, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Council Boardroom (Demo Labs) - Map
\nSpeakers:Jonathan Fischer,Jeremy Miller
\n
SpeakerBio:Jonathan Fischer\n
\nJonathan Fischer is a hardware and IoT security enthusiast that started off designing, programming, and implementing electronic controls for industrial control systems and off-highway machinery. After a decade in that industry, Jonathan obtained his BS in Computer Science and transitioned over to the cyber security industry where he has been working as a Red Team consultant and researcher for more than five years at a Fortune 500. Since joining the cyber security industry, Jonathan has since earned various industry certifications (OSCP, GPEN, etc.) and continues to leverage his unique experience in his research into hardware hacking.
\n
SpeakerBio:Jeremy Miller\n
\nJeremy Miller is a 12+ year security professional that has worked in various industries including life-sciences, finance, and retail. Jeremy has worked both sides of the security spectrum ranging from Security Research, Red Teaming and Penetration Testing to Threat Intelligence and SOC Analyst. Jeremy currently works as a Security Technical Lead for an emerging R&D Life Science Platform where he works on product and infrastructure security.
\n\n
\nDescription:
\nEnterprises today are shifting away from dedicated workstations, and moving to flexible workspaces with shared hardware peripherals. This creates the ideal landscape for hardware implant attacks; however, implants have not kept up with this shift. While closed source, for-profit solutions exist and have seen some recent advances in innovation, they lack the customization to adapt to large targeted deployments. Open-source projects exist but focus more on individual workstations (dumb keyboards/terminals) relying on corporate networks for remote control. Our solution is an open source, hardware implant which adopts IoT technologies, using non-standard channels to create a remotely managed mesh network of hardware implants. Attendees will learn how to create a new breed of open-source hardware implants. Topics covered in this talk include the scaling of implants for enterprise takeover, creating and utilizing a custom C2 server, a reverse shell that survives screen lock, and more. They will also leave with a new platform from which to innovate custom implants. Live demos will be used to show these new tactics against real world infrastructure. This talk builds off of previous implant talks but will show how to leverage new techniques and technologies to push the innovation of hardware implants forward evolutionarily.\n

Audience: Offense and Red Teams with a focus on a hardware approach\n

\n\n\'',NULL,149087),('3_Saturday','11','10:00','11:55','Y','DL','Caesars Forum - Council Boardroom (Demo Labs)','\'Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level\'','\'Jonathan Fischer,Jeremy Miller\'','DL_a9a1667beacb45abd6f33fb618884a3e','\'\'',NULL,149088),('2_Friday','06','06:00','05:59','N','SOC','Other/See Description','\'DEF CON Bike Ride \"CycleOverride\"\'','\' \'','SOC_b22906f1a17857c4389e2e9357dd9d33','\'Title: DEF CON Bike Ride \"CycleOverride\"
\nWhen: Friday, Aug 12, 06:00 - 05:59 PDT
\nWhere: Other/See Description
\n
\nDescription:
\nAt 6am on Friday, the cycle_override crew will be hosting the 10th Defcon Bikeride. We miscounted last year which was really the 9th. We\'ll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It\'s about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See at 6am Friday! jp_bourget gdead heidishmoo. Go to cycleoverride.org for more info. In the event that there is no on site Defcon, we will do a virtual ride during Defcon.\n
\n\n\'',NULL,149089),('3_Saturday','20','20:00','21:59','N','SOC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Hacker Jeopardy\'','\' \'','SOC_125163ef9196f6f6eec1eb18ff5775cd','\'Title: Hacker Jeopardy
\nWhen: Saturday, Aug 13, 20:00 - 21:59 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
\nDescription:
\nHacker Jeopardy, the classic DEF CON game show, is returning for yet another year of answers, questions, NULL beers, and occasionally some impressive feats of knowledge. You don\'t want to miss this opportunity to encourage the contestants, your fellow Humans, \"DON\'T FUCK IT UP! \n

We will be opening auditions, with the call posted on the dfiu.tv website, and linked to DEF CON forums. (promoted on social media)\n

Track 4
\nFriday: 2000-2200
\nSaturday: 2000-2200\n

\n\n\'',NULL,149090),('3_Saturday','21','20:00','21:59','Y','SOC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Hacker Jeopardy\'','\' \'','SOC_125163ef9196f6f6eec1eb18ff5775cd','\'\'',NULL,149091),('2_Friday','20','20:00','21:59','N','SOC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Hacker Jeopardy\'','\' \'','SOC_02487a282a7d2442cf1b5c82bf83664c','\'Title: Hacker Jeopardy
\nWhen: Friday, Aug 12, 20:00 - 21:59 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
\nDescription:
\nHacker Jeopardy, the classic DEF CON game show, is returning for yet another year of answers, questions, NULL beers, and occasionally some impressive feats of knowledge. You don\'t want to miss this opportunity to encourage the contestants, your fellow Humans, \"DON\'T FUCK IT UP! \n

We will be opening auditions, with the call posted on the dfiu.tv website, and linked to DEF CON forums. (promoted on social media)\n

Track 4
\nFriday: 2000-2200
\nSaturday: 2000-2200\n

\n\n\'',NULL,149092),('2_Friday','21','20:00','21:59','Y','SOC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Hacker Jeopardy\'','\' \'','SOC_02487a282a7d2442cf1b5c82bf83664c','\'\'',NULL,149093),('1_Thursday','16','16:00','21:59','N','SOC','Other/See Description','\'Toxic BBQ\'','\' \'','SOC_db29ae15518bfe9054c02518d1bed33b','\'Title: Toxic BBQ
\nWhen: Thursday, Aug 11, 16:00 - 21:59 PDT
\nWhere: Other/See Description
\n
\nDescription:
\n16:00- 22:00 Thursday, Off-site at Sunset Park, Pavilion F, (36.0636, -115.1178)\n

The humans of Vegas invite you to the 16th in-carne-tion of this unofficial welcome party. Go AFK 4 BBQ off-Strip and make us the first stop on your DC30 reunion tour. Burgers and dogs are provided; attendees are encouraged to pitch in with more food, drinks, volunteer labor, rides, and and everything that makes this cookout something to remember.\n

Grab flyers from an Info Booth after Linecon, check out https://www.toxicbbq.org for the history of this event, and watch #ToxicBBQ on Twitter for the latest news.\n

\n\n\'',NULL,149094),('1_Thursday','17','16:00','21:59','Y','SOC','Other/See Description','\'Toxic BBQ\'','\' \'','SOC_db29ae15518bfe9054c02518d1bed33b','\'\'',NULL,149095),('1_Thursday','18','16:00','21:59','Y','SOC','Other/See Description','\'Toxic BBQ\'','\' \'','SOC_db29ae15518bfe9054c02518d1bed33b','\'\'',NULL,149096),('1_Thursday','19','16:00','21:59','Y','SOC','Other/See Description','\'Toxic BBQ\'','\' \'','SOC_db29ae15518bfe9054c02518d1bed33b','\'\'',NULL,149097),('1_Thursday','20','16:00','21:59','Y','SOC','Other/See Description','\'Toxic BBQ\'','\' \'','SOC_db29ae15518bfe9054c02518d1bed33b','\'\'',NULL,149098),('1_Thursday','21','16:00','21:59','Y','SOC','Other/See Description','\'Toxic BBQ\'','\' \'','SOC_db29ae15518bfe9054c02518d1bed33b','\'\'',NULL,149099),('3_Saturday','22','22:00','23:59','N','SOC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Whose Slide Is It Anyway? (WSIIA)\'','\' \'','SOC_14d2e063cebd0b67e6fa12b17174d9ba','\'Title: Whose Slide Is It Anyway? (WSIIA)
\nWhen: Saturday, Aug 13, 22:00 - 23:59 PDT
\nWhere: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
\n
\nDescription:
\nItâ€™s our sixth year but since we had to be virtual last year this will be our 5 YEAR ANNIVERSARY show of â€œWhose Slide Is It Anyway?â€! Weâ€™re an unholy union of improv comedy, hacking and slide deck sado-masochism.\n

Our team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.\n

Whether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, itâ€™s a night of schadenfreude for the whole family. Oh, and prizes. Lots and lots of prizes.\n

\n\n\'',NULL,149100),('3_Saturday','23','22:00','23:59','Y','SOC','Caesars Forum - Alliance 301-309, 321 (Track 4)','\'Whose Slide Is It Anyway? (WSIIA)\'','\' \'','SOC_14d2e063cebd0b67e6fa12b17174d9ba','\'\'',NULL,149101),('2_Friday','12','12:00','13:45','N','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Hacking law is for hackers - how recent changes to CFAA, DMCA, and global policies affect security research\'','\'Harley Geiger,Leonard Bailey\'','PLV_28d1f6bd7ed11957991b54cc52922b18','\'Title: Hacking law is for hackers - how recent changes to CFAA, DMCA, and global policies affect security research
\nWhen: Friday, Aug 12, 12:00 - 13:45 PDT
\nWhere: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
\nSpeakers:Harley Geiger,Leonard Bailey
\n
SpeakerBio:Harley Geiger\n, Senior Director for Public Policy
\nNo BIO available
\n
SpeakerBio:Leonard Bailey\n, Head of the Cybersecurity Unit and Special Counsel for National Security in the Criminal Divisionâ€™s Computer Crime and Intellectual Property Section
\nNo BIO available
\n\n
\nDescription:
\nWhat a year for hacker law! 2021-2022 saw major changes to laws that regulate hacking, such as the notorious CFAA, the grotesque DMCA Sec. 1201, and China\'s grisly \"Management of Security Vulnerabilities\" regulation. This presentation will walk through each of these developments and detail their implications for security researchers. We\'ll give background on how these laws have recently changed, identify areas of continued risk for hackers, and suggest concrete ways for the security community to make additional progress in shaping a favorable legal environment. An extended roundtable discussion will follow the presentation.\n
\n\n\'',NULL,149102),('2_Friday','13','12:00','13:45','Y','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Hacking law is for hackers - how recent changes to CFAA, DMCA, and global policies affect security research\'','\'Harley Geiger,Leonard Bailey\'','PLV_28d1f6bd7ed11957991b54cc52922b18','\'\'',NULL,149103),('2_Friday','14','14:00','15:45','N','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Emerging Cybersecurity Policy Topics\'','\'\'','PLV_115415ea6b35d1cd27522ce795bbaa2d','\'Title: Emerging Cybersecurity Policy Topics
\nWhen: Friday, Aug 12, 14:00 - 15:45 PDT
\nWhere: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
\n
\nDescription:No Description available
\n\'',NULL,149104),('2_Friday','15','14:00','15:45','Y','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Emerging Cybersecurity Policy Topics\'','\'\'','PLV_115415ea6b35d1cd27522ce795bbaa2d','\'\'',NULL,149105),('2_Friday','16','16:00','17:45','N','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Moving Regulation Upstream - An Increasing focus on the Role of Digital Service Providers\'','\'Jen Ellis,Adam Dobell,Irfan Hemani\'','PLV_e42bc81023521cf56567339c1d02433f','\'Title: Moving Regulation Upstream - An Increasing focus on the Role of Digital Service Providers
\nWhen: Friday, Aug 12, 16:00 - 17:45 PDT
\nWhere: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
\nSpeakers:Jen Ellis,Adam Dobell,Irfan Hemani
\n
SpeakerBio:Jen Ellis\n, Vice President of Community and Public Affairs
\nNo BIO available
\n
SpeakerBio:Adam Dobell\n, First Secretary, Department of Home Affairs, Embassy of Australia
\nNo BIO available
\n
SpeakerBio:Irfan Hemani\n, Deputy Director - Cyber Security, Cyber Security and Digital Identity Directorate, UK Department for Digital, Culture, Media and Sport
\nNo BIO available
\n\n
\nDescription:
\nCybercriminals are no longer focusing all their efforts on the biggest fish, which means organizations below the security poverty line - who often struggle with achieving adequate cyber resilience - are increasingly being hit. At the same time, we\'ve seen an increase in supply chain attacks, which makes sense as more and more of the tech ecosystem is moving to cloud or managed service provider models. Various governments are paying attention to these shifts and are considering how regulating digital service providers may advance security more broadly, while also alleviating the burden on small to medium businesses. This session will be led by one or two governments working on this issue and will include an open discussion on the challenges and opportunities of this approach.\n
\n\n\'',NULL,149106),('2_Friday','17','16:00','17:45','Y','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Moving Regulation Upstream - An Increasing focus on the Role of Digital Service Providers\'','\'Jen Ellis,Adam Dobell,Irfan Hemani\'','PLV_e42bc81023521cf56567339c1d02433f','\'\'',NULL,149107),('2_Friday','16','16:00','17:45','N','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'Election Security Bridge Building\'','\'Michael Ross,Jack Cable,Trevor Timmons\'','PLV_09942b5690ee7a989d3b8835c80794ed','\'Title: Election Security Bridge Building
\nWhen: Friday, Aug 12, 16:00 - 17:45 PDT
\nWhere: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
\nSpeakers:Michael Ross,Jack Cable,Trevor Timmons
\n
SpeakerBio:Michael Ross\n, Deputy Secretary of State
\nNo BIO available
\n
SpeakerBio:Jack Cable\n, Independent Security Researcher
\nNo BIO available
\n
SpeakerBio:Trevor Timmons\n
\nNo BIO available
\n\n
\nDescription:
\nPsst. I have heard whispers on Capitol Hill that one of the barriers to more secure elections is strengthening the trust between election workers and security researchers. And what better venue to bring together good faith researchers with election officials than DEF CON Policy? \n

DEF CON Policy Department is working with top election security officials and security researchers to host a roundtable discussion on strenthening trust and collaboration in electiom security. This session will highlight work from top researchers and members of the DEF CON community, federal government representation, and perspectives from Secretaries of State.\n

\n\n\'',NULL,149108),('2_Friday','17','16:00','17:45','Y','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'Election Security Bridge Building\'','\'Michael Ross,Jack Cable,Trevor Timmons\'','PLV_09942b5690ee7a989d3b8835c80794ed','\'\'',NULL,149109),('2_Friday','19','19:00','19:59','N','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Meet the Feds: CISA Edition (Lounge) \'','\'CISA Staff\'','PLV_4e5e31ac251b9d3d63a6a8c98137bbdc','\'Title: Meet the Feds: CISA Edition (Lounge)
\nWhen: Friday, Aug 12, 19:00 - 19:59 PDT
\nWhere: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
\n
SpeakerBio:CISA Staff\n
\nNo BIO available
\n\n
\nDescription:
\nFollowing the fireside chat with US Cybersecurity and Infrastructure Security Agency (CISA) Director, Jen Easterly, several members of the CISA team will be on hand to provide a more in depth look at the Agency, their work, and some of the ways they\'re already engaging with the hacker community. This session will give hackers an opportunity to ask questions of the CISA team and provide candid feedback to them.\n
\n\n\'',NULL,149110),('2_Friday','20','20:00','21:59','N','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Meet the Feds: DHS Edition (Lounge)\'','\'DHS Staff\'','PLV_4a11423659f505f9e8e61d30d3cda45a','\'Title: Meet the Feds: DHS Edition (Lounge)
\nWhen: Friday, Aug 12, 20:00 - 21:59 PDT
\nWhere: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
\n
SpeakerBio:DHS Staff\n
\nNo BIO available
\n\n
\nDescription:
\nMembers several DHS departments will be on hand to discuss issues they address daily, as well as meet the DEF CON community. Representatives from across DHS are expected, including the Secret Service, Coast Guard, Transportaiton Safety Administration, and the Office of the Secretary.\n
\n\n\'',NULL,149111),('2_Friday','21','20:00','21:59','Y','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Meet the Feds: DHS Edition (Lounge)\'','\'DHS Staff\'','PLV_4a11423659f505f9e8e61d30d3cda45a','\'\'',NULL,149112),('3_Saturday','10','10:00','11:45','N','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Imagining a cyber policy crisis: Storytelling and Simulation for real-world risks\'','\'Nina Kollars,Safa Shahwan Edwards,Winnona DeSombre\'','PLV_cb2b8b7f452b249ec08cdb34d1d53591','\'Title: Imagining a cyber policy crisis: Storytelling and Simulation for real-world risks
\nWhen: Saturday, Aug 13, 10:00 - 11:45 PDT
\nWhere: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
\nSpeakers:Nina Kollars,Safa Shahwan Edwards,Winnona DeSombre
\n
SpeakerBio:Nina Kollars\n, Department of Defense
\nNo BIO available
\n
SpeakerBio:Safa Shahwan Edwards\n, Deputy Director, Cyber Statecraft Initiative, Atlantic Council
\nNo BIO available
\n
SpeakerBio:Winnona DeSombre\n
\nNo BIO available
\n\n
\nDescription:
\nStory time for hackers. The importance of storytelling and simulation for teaching and training policymakers including a scenario from the Atlantic Council Cyber 9/12 program and other comparable efforts. Hear from panelists on how they construct stories and simulations for policymakers, from short from prose to war games to student competitions. This panel draws on the hacking communityâ€™s rich history of storytelling through fiction, graphic art, and more to demonstrate the practical importance of shaping ideas in policy debates. This session complements an otherwise heavy emphasis throughout the track on ideas over the medium itself. Panelists would also discuss their approach to breaking down a complicated issue or problem in order to represent its core themes, challenges, and opportunities especially for policymakers.\n
\n\n\'',NULL,149113),('3_Saturday','11','10:00','11:45','Y','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Imagining a cyber policy crisis: Storytelling and Simulation for real-world risks\'','\'Nina Kollars,Safa Shahwan Edwards,Winnona DeSombre\'','PLV_cb2b8b7f452b249ec08cdb34d1d53591','\'\'',NULL,149114),('3_Saturday','10','10:00','11:45','N','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'Hacking Operational Collaboration\'','\'David Forscey,Brianna McClenon,Gavin To,Hristiana Petkova,Seth McKinnis\'','PLV_7e225e668c85b78036475d9681a5e93f','\'Title: Hacking Operational Collaboration
\nWhen: Saturday, Aug 13, 10:00 - 11:45 PDT
\nWhere: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
\nSpeakers:David Forscey,Brianna McClenon,Gavin To,Hristiana Petkova,Seth McKinnis
\n
SpeakerBio:David Forscey\n
\nNo BIO available
\n
SpeakerBio:Brianna McClenon\n, Joint Cyber Defense Collaborative
\nNo BIO available
\n
SpeakerBio:Gavin To\n, Joint Cyber Defense Collaborative
\nNo BIO available
\n
SpeakerBio:Hristiana Petkova\n, Joint Cyber Defense Collaborative
\nNo BIO available
\n
SpeakerBio:Seth McKinnis\n, Joint Cyber Defense Collaborative
\nNo BIO available
\n\n
\nDescription:
\nCISA/JCDC leadership will speak on a panel to review the purpose and history of JCDC, and set the scene for the event before attendees begin their own conversations. Following the panel, attendees will split up into four breakout sections and gather in four corners of the room. Each of these groups will divide again to form no more than 5-6 people per discussion group. These small groups will delve into one proposal for a JCDC initiative and discuss for 15-20 minutes, after which they will rotate to the next section/topic. Each conversation will be facilitated by CISA, who play the â€œchampionâ€ for that specific proposal. Topics may include: Transnational Trust Webs (How can JCDC collaborate with researchers, orgs, and partners spread across the globe? Internet security, not just national security); Chaos Engine (How do we turn the Internet into a much more risky place for adversaries? Which hackers have the right data to find adversary infrastructure?); We Want You (How can CISA expand on its past work with individuals on research to integrate volunteer hackers into response operations?); Expect the Worst (What kind of contingencies should CISA prioritize? What planning and preparation can achieve the most leverage if the worst happens?)\n
\n\n\'',NULL,149115),('3_Saturday','11','10:00','11:45','Y','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'Hacking Operational Collaboration\'','\'David Forscey,Brianna McClenon,Gavin To,Hristiana Petkova,Seth McKinnis\'','PLV_7e225e668c85b78036475d9681a5e93f','\'\'',NULL,149116),('3_Saturday','12','12:00','13:45','N','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Addressing the gap in assessing (or measuring) the harm of cyberattacks\'','\'Adrien Ogee\'','PLV_9ff461ac6c8d0b26bb0438fe1317ce6a','\'Title: Addressing the gap in assessing (or measuring) the harm of cyberattacks
\nWhen: Saturday, Aug 13, 12:00 - 13:45 PDT
\nWhere: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
\n
SpeakerBio:Adrien Ogee\n, Chief Operations Officer
\nAdrien is currently Chief Operations Officer at the CyberPeace Institute, a cybersecurity non-profit based in Switzerland. At the Institute, he provides cybersecurity assistance to vulnerable communities around the world. Adrien has more than 15 years of experience in various cyber crisis response roles in the private sector, the French Cybersecurity Agency (ANSSI), the European Cybersecurity Agency (ENISA), and the World Economic Forum. Adrien holds an MEng in telecommunication and information systems, an MSc in Global Security and a Master in Business Administration.
\n\n
\nDescription:
\nThrough this session we propose to outline the draft methodology, so as to leverage the expertise of the audience to provide feedback and indicate interest in peer-reviewing or testing such a methodology. As well as to have an open discussion about the value of understanding harm in a cyber context.\n
\n\n\'',NULL,149117),('3_Saturday','13','12:00','13:45','Y','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Addressing the gap in assessing (or measuring) the harm of cyberattacks\'','\'Adrien Ogee\'','PLV_9ff461ac6c8d0b26bb0438fe1317ce6a','\'\'',NULL,149118),('3_Saturday','12','12:00','13:45','N','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'Hacking Aviation Policy\'','\'Timothy Weston,Ayan Islam,Pete Cooper,Ken Munro,Meg King\'','PLV_d2572ae07d59b14798ffa03641d105e1','\'Title: Hacking Aviation Policy
\nWhen: Saturday, Aug 13, 12:00 - 13:45 PDT
\nWhere: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
\nSpeakers:Timothy Weston,Ayan Islam,Pete Cooper,Ken Munro,Meg King
\n
SpeakerBio:Timothy Weston\n, Deputy Executive Director (acting), Cybersecurity Policy Coordinator, Transportation Security Administration
\nTim WestonÂ is the Director for Strategy & Performance in TSAâ€™s office of Strategy, Policy Coordination and Innovation. Mr. Weston also serves as the TSA Cybersecurity Policy Coordinator. Previously, he worked in the TSA Office of Chief Counsel, as Senior Counsel in the Security Threat Assessment Division.
\n
SpeakerBio:Ayan Islam\n, R-Street Institute
\nAyan Islam is the associate policy director of Cybersecurity and Emerging Threats at R Street Institute and adjunct lecturer of the Cyber Threats and Security policy course at American Universityâ€™s School of Public Affairs. Previously, she served as the critical infrastructure portfolio lead in the Insights/Mitigation team, the Operation Warp Speed liaison, and cybersecurity strategist for the Aviation Cyber Initiative (ACI) at the Cybersecurity and Infrastructure Security Agency (CISA).
\n
SpeakerBio:Pete Cooper\n, Deputy Director Cyber Defence
\nNo BIO available
\n
SpeakerBio:Ken Munro\n, Pentest Partners
\nKen Munro is Partner and Founder of Pen Test Partners, a firm of penetration testers with a keen interest in aviation. Pen Test Partners has several pilots on the team, both private and commercial, recognizing that the increase in retired airframes has created opportunities for independent security research into aviation security. Pen Test Partners has been recognized for its highly responsible approach to vulnerability disclosure in aviation and was invited to join the Boeing Cyber Technical Council as a result. Pen Test Partners has published research into aviation cyber security, covering topics from airborne connectivity, avionics hardware, and connectivity with ground systems.
\n
SpeakerBio:Meg King\n, Executive Director for Strategy, Policy Coordination & Innovation, Transportation Security Administration
\nNo BIO available
\n\n
\nDescription:
\nTSA and DEFCON will host a policy discussion group focused on the current cybersecurity threats to the aviation ecosystem. Discussion will be focused on the increasing threat space focused on airports, airframes, airlines, and air cargo. Additional topics of discussion will focus on cybersecurity work force issues, prioritization of mitigation measures to counter the threats, and how the research community can assist the government and the private sector. The aviation sector policy discussion will be held under Chatham House rules, otherwise known as â€œwhat happens in Vegas, stays in Vegas,â€ with the desired outcome that participants will come away with a better understanding of the threats, possible solutions, and the importance of collaboration to solve these pressing issues. Given the global nature of aviation, we will touch on the partnerships and policy regimes under consideration by the international community.\n
\n\n\'',NULL,149119),('3_Saturday','13','12:00','13:45','Y','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'Hacking Aviation Policy\'','\'Timothy Weston,Ayan Islam,Pete Cooper,Ken Munro,Meg King\'','PLV_d2572ae07d59b14798ffa03641d105e1','\'\'',NULL,149120),('3_Saturday','14','14:00','15:45','N','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Return-Oriented Policy Making for Open Source and Software Security\'','\'Trey Herr,Eric Mill,Harry Mourtos\'','PLV_67b405c225d866bb058eee409fc6647e','\'Title: Return-Oriented Policy Making for Open Source and Software Security
\nWhen: Saturday, Aug 13, 14:00 - 15:45 PDT
\nWhere: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
\nSpeakers:Trey Herr,Eric Mill,Harry Mourtos
\n
SpeakerBio:Trey Herr\n, Director
\nTrey Herr is the director of the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council. His team works on cybersecurity and geopolitics including cloud computing, the security of the internet, supply chain policy, cyber effects on the battlefield, and growing a more capable cybersecurity policy workforce. Previously, he was a senior security strategist with Microsoft handling cloud computing and supply chain security policy as well as a fellow with the Belfer Cybersecurity Project at Harvard Kennedy School and a non-resident fellow with the Hoover Institution at Stanford University. He holds a PhD in Political Science and BS in Musical Theatre and Political Science.
\n
SpeakerBio:Eric Mill\n, US Office of Management and Budget
\nNo BIO available
\n
SpeakerBio:Harry Mourtos\n, Office of the National Cyber Director
\nNo BIO available
\n\n
\nDescription:
\nA moderated discussion on how to hack policy systems using laws and authorities already on the books, featuring the policymakers who write and use them, focusing on open source and software security. At DefCon 22 in the aftermath of Heartbleed, John Menerick told us to \"keep calm and hide the internet\". Alas, they found it. The policy community in the US, and lesser extent Europe, is finally starting to put serious focus on software security including open source. This event will bring hackers together with policymakers to identify policies on the book that could help improve the open source ecosystem and the security of software. Other policy conversations might stray into the possible, this one will emphasize the practical. The discussion will involve policymakers who write and implement these laws and use these authorities to enable discussion and debate focused on pragmatic solutions, putting hackers inside ongoing policy debates in real time. \n\n\n\n
\n\'',NULL,149121),('3_Saturday','15','14:00','15:45','Y','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Return-Oriented Policy Making for Open Source and Software Security\'','\'Trey Herr,Eric Mill,Harry Mourtos\'','PLV_67b405c225d866bb058eee409fc6647e','\'\'',NULL,149122),('3_Saturday','14','14:00','15:45','N','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet\'','\'Neal Pollard,Jason Healey,Guillermo Christensen\'','PLV_d66a46913c111ed89a37b7fa8a4e3f54','\'Title: Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet
\nWhen: Saturday, Aug 13, 14:00 - 15:45 PDT
\nWhere: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
\nSpeakers:Neal Pollard,Jason Healey,Guillermo Christensen
\n
SpeakerBio:Neal Pollard\n, Ernst & Young
\nNo BIO available
\n
SpeakerBio:Jason Healey\n, Senior Research Scholar
\nNo BIO available
\n
SpeakerBio:Guillermo Christensen\n, Partner
\nNo BIO available
\n\n
\nDescription:
\nThe global internet is in large part a creation of the United States. The internetâ€™s basic structureâ€”a reliance on the private sector and the technical community, relatively light regulatory oversight, and the protection of speech and the promotion of the free flow of informationâ€”reflected American values. Moreover, U.S. strategic, economic, political, and foreign policy interests were served by the global, open internet. But the United States now confronts a starkly different reality. The utopian vision of an open, reliable, and secure global network has not been achieved and is unlikely ever to be realized. Today, the internet is less free, more fragmented, and less secure. \n

The United States needs a new strategy that responds to what is now a fragmented and dangerous internet. The Council on Foreign Relations launched an independent task force to develop findings and recommendations for a new foreign policy for cyberspace. This session will seek input from the DEF CON community on specific foreign policy measures, to help guide Washingtonâ€™s adaptation to todayâ€™s more complex, variegated, and dangerous cyber realm.\n

Come prepared to discuss topics, such as: Developing a digital privacy policy that is interoperable with Europeâ€™s General Data Protection Regulation (GDPR); Building a coalition for open-source software; Developing coalition-wide practices for the Vulnerabilities Equities Process (VEP); Clean up U.S. cyberspace by offering incentives for internet service providers (ISPs) and cloud providers to reduce malicious activity within their infrastructure.\n

\n\n\'',NULL,149123),('3_Saturday','15','14:00','15:45','Y','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet\'','\'Neal Pollard,Jason Healey,Guillermo Christensen\'','PLV_d66a46913c111ed89a37b7fa8a4e3f54','\'\'',NULL,149124),('3_Saturday','16','16:00','17:45','N','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'International Government Action Against Ransomware\'','\'Adam Dobell,Irfan Hemani,Jen Ellis\'','PLV_6114c1887cc4e498c22b85cfa1f63195','\'Title: International Government Action Against Ransomware
\nWhen: Saturday, Aug 13, 16:00 - 17:45 PDT
\nWhere: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
\nSpeakers:Adam Dobell,Irfan Hemani,Jen Ellis
\n
SpeakerBio:Adam Dobell\n, First Secretary, Department of Home Affairs, Embassy of Australia
\nNo BIO available
\n
SpeakerBio:Irfan Hemani\n, Deputy Director - Cyber Security, Cyber Security and Digital Identity Directorate, UK Department for Digital, Culture, Media and Sport
\nNo BIO available
\n
SpeakerBio:Jen Ellis\n, Vice President of Community and Public Affairs
\nNo BIO available
\n\n
\nDescription:
\nRansomware attacks continue to abound and various governments around the world are very active on combatting this issue. This session would bring some of them together to discuss what\'s being done and where it needs to go. It\'s been a little over a year since the Colonial Pipeline, HSE, and JBS attacks put ransomware firmly on the agenda as a threat to national security and economic stability. Since then, we\'ve seen ransomware attacks become more openly politicized. We\'re also seen the White House and G7 both host international government forums to identify collaborative actions to tackle the threat. We\'ve also seen new sanctions, public/private initiatives, bounties for criminals, and various other government actions introduced to make life for cybercriminals harder. This session brings together multiple govs to talk about what\'s being done, what results have been seen, and where we\'re headed next. They will start off covering these points and then open to the audience for questions and open discussion on next steps and impacts. \n\n\n\n
\n\'',NULL,149125),('3_Saturday','17','16:00','17:45','Y','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'International Government Action Against Ransomware\'','\'Adam Dobell,Irfan Hemani,Jen Ellis\'','PLV_6114c1887cc4e498c22b85cfa1f63195','\'\'',NULL,149126),('3_Saturday','19','19:00','21:59','N','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'D0 N0 H4RM: A Healthcare Security Conversation (Lounge)\'','\'Seeyew Mo,Alissa Knight,Jeff â€œr3plicantâ€ Tully MD,Christian \"quaddi\" Dameff MD,Joshua Corman\'','PLV_3b1aee22bcba3391feebe3fbbd9b8af3','\'Title: D0 N0 H4RM: A Healthcare Security Conversation (Lounge)
\nWhen: Saturday, Aug 13, 19:00 - 21:59 PDT
\nWhere: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
\nSpeakers:Seeyew Mo,Alissa Knight,Jeff â€œr3plicantâ€ Tully MD,Christian \"quaddi\" Dameff MD,Joshua Corman
\n
SpeakerBio:Seeyew Mo\n, Senior Cybersecurity, Tech, National Security Fellow
\nNo BIO available
\n
SpeakerBio:Alissa Knight\n, Hacker & principal analyst at Alissa Knight & Associates
\nNo BIO available
\n
SpeakerBio:Jeff â€œr3plicantâ€ Tully MD\n, Anesthesiologist at The University of California San Diego
\nJeff (r3plicant) Tully is a security researcher with an interest in understanding the ever-growing intersections between healthcare and technology. His day job focuses primarily on the delivery of oxygen to tissues.
\nTwitter: @JeffTullyMD
\n
SpeakerBio:Christian \"quaddi\" Dameff MD\n, Emergency Medicine Physician & Hacker at The University of California San Diego
\nChristian (quaddi) Dameff MD is an Assistant Professor of Emergency Medicine, Biomedical Informatics, and Computer Science (Affiliate) at the University of California San Diego. He is also a hacker, former open capture the flag champion, and prior DEF CON/RSA/Blackhat/HIMSS speaker. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works. Published security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his eighteenth DEF CON.
\nTwitter: @CDameffMD
\n
SpeakerBio:Joshua Corman\n
\nNo BIO available
\n\n
\nDescription:
\nHackers in healthcare have come a long way from the days of the Manifesto. There is no longer apathy amongst the powerful - baby food has been replaced with steak. Hackers are making medical devices safer for patients. Hackers are protecting hospitals from ransomware. Hackers are writing policy and guiding regulation. This is cause for celebration- and where better to throw down than DEF CON 30? \n

Letâ€™s face it- the last couple of years have been doom and gloom, and while attacks on hospitals continue to increase at record pace, and the promise of new medical technologies is equally matched with some terrifying security implications (Neuralink, call us), we really do need to stand back and appreciate where weâ€™ve come from, because only then can we put into perspective what we still need to do.\n

D0 No H4rm returns to DEF CON to once again give you the chance to interface directly with some of the biggest names in a domain that just keeps growing in importance. Moderated by physician hackers quaddi and r3plicant, this perennially packed event - with a heavily curated panel of policy badasses, elite hackers, and seasoned clinicians - always fills up fast. So if you want to protect patients, build a safer and more resilient healthcare system, and meet some incredible new friends, then join us. And welcome home.\n

\n\n\'',NULL,149127),('3_Saturday','20','19:00','21:59','Y','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'D0 N0 H4RM: A Healthcare Security Conversation (Lounge)\'','\'Seeyew Mo,Alissa Knight,Jeff â€œr3plicantâ€ Tully MD,Christian \"quaddi\" Dameff MD,Joshua Corman\'','PLV_3b1aee22bcba3391feebe3fbbd9b8af3','\'\'',NULL,149128),('3_Saturday','21','19:00','21:59','Y','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'D0 N0 H4RM: A Healthcare Security Conversation (Lounge)\'','\'Seeyew Mo,Alissa Knight,Jeff â€œr3plicantâ€ Tully MD,Christian \"quaddi\" Dameff MD,Joshua Corman\'','PLV_3b1aee22bcba3391feebe3fbbd9b8af3','\'\'',NULL,149129),('4_Sunday','10','10:00','11:45','N','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Better Policies for Better Lives: Hacker Input to international policy challenges\'','\'Peter Stephens\'','PLV_065601d22c4cdad55e6f65428ef4313d','\'Title: Better Policies for Better Lives: Hacker Input to international policy challenges
\nWhen: Sunday, Aug 14, 10:00 - 11:45 PDT
\nWhere: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
\n
SpeakerBio:Peter Stephens\n, Policy Advisor for CyberSecurity, Organisation for Economic Co-operation and Development (OECD)
\nNo BIO available
\n\n
\nDescription:
\nEvery year, delivering effective cyber security policies becomes more urgent, and more complicated. These challenges are becoming more international. Just thinking about product security for IoT; consumers are buying more smart products through online marketplaces, supply chains are becoming more complex and overly reliant on online marketplaces , that often exist outside of the remit for existing legislation. Meanwhile, the vast majority of consumers simply donâ€™t know what to look for to assess security. The problem isnâ€™t just security, but it is one of market failure.\n \n

In the policy space, it also feels like there is a market failure at play. Security researchers want to feed into policy makersâ€™ approaches, and civil servants (many of whom are generalists) need technical experts to help them assess lobbying and design proportionate plans.\n \n

The OECD exists to promote â€˜better policies for better livesâ€™. We support civil servants around the world, and would like to offer opportunities for the security research community to feed in at a broader scale. This will be a working session, with a particular focus on product security (including IoT) and the challenges facing the security research community in the handling of vulnerabilities.\n

\n\n\'',NULL,149130),('4_Sunday','11','10:00','11:45','Y','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Better Policies for Better Lives: Hacker Input to international policy challenges\'','\'Peter Stephens\'','PLV_065601d22c4cdad55e6f65428ef4313d','\'\'',NULL,149131),('4_Sunday','10','10:00','11:45','N','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'Improving International Vulnerability Disclosure: Why the US and Allies Have to Get Serious\'','\'Christopher Robinson,Stewart Scott\'','PLV_3bf0f7f914471aedbca6d0427cc12000','\'Title: Improving International Vulnerability Disclosure: Why the US and Allies Have to Get Serious
\nWhen: Sunday, Aug 14, 10:00 - 11:45 PDT
\nWhere: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
\nSpeakers:Christopher Robinson,Stewart Scott
\n
SpeakerBio:Christopher Robinson\n, Intel
\nNo BIO available
\n
SpeakerBio:Stewart Scott\n, Assistant Director
\nStewart Scott is an assistant director with the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council. His work there focuses on systems security policy, including software supply chain risk management, federal acquisitions processes, and open source software security. He holds a BA in Public Policy and a minor in Applications of Computing from Princeton University.
\n\n
\nDescription:
\nJoin the Atlantic Council\'s Cyber Statecraft Initiative and DefCon Policy Track Initiative for a discussion on the strategic urgency behind better vulnerability disclosure. The session will focus on why the US and allied states need to take steps to make vulnerability disclosure easier, motivating the discussion with results from a study of the effects of a recently passed Chinese law on vulnerability disclosure.\n
\n\n\'',NULL,149132),('4_Sunday','11','10:00','11:45','Y','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'Improving International Vulnerability Disclosure: Why the US and Allies Have to Get Serious\'','\'Christopher Robinson,Stewart Scott\'','PLV_3bf0f7f914471aedbca6d0427cc12000','\'\'',NULL,149133),('4_Sunday','12','12:00','13:45','N','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Protect Our Pentest Tools! Perks and Hurdles in Distributing Red Team Tools\'','\'Liz Wharton,Casey Ellis,Omar Santos,Katie Moussouris\'','PLV_2491c7eb04872fe91a4897b464a441a7','\'Title: Protect Our Pentest Tools! Perks and Hurdles in Distributing Red Team Tools
\nWhen: Sunday, Aug 14, 12:00 - 13:45 PDT
\nWhere: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
\nSpeakers:Liz Wharton,Casey Ellis,Omar Santos,Katie Moussouris
\n
SpeakerBio:Liz Wharton\n, VP Operations
\nNo BIO available
\n
SpeakerBio:Casey Ellis\n, Founder/CTO
\nNo BIO available
\n
SpeakerBio:Omar Santos\n, Principal Engineer
\nNo BIO available
\nTwitter: @santosomar
\n
SpeakerBio:Katie Moussouris\n, CEO
\nNo BIO available
\n\n
\nDescription:
\nA panel with Q&A about offensive cybersecurity tools like CobaltStrike, how the tools affect both defensive and offensive security practitioners, and the practical difficulties of controlling the licenses and distribution of these pentest tools. This is meant to be an impact-focused discussion on the merits and challenges of producing offensive tools and NOT a law-based debate/interpretation of export controls.\n
\n\n\'',NULL,149134),('4_Sunday','13','12:00','13:45','Y','PLV','Caesars Forum - Summit 226-227 - Policy Roundtable','\'Protect Our Pentest Tools! Perks and Hurdles in Distributing Red Team Tools\'','\'Liz Wharton,Casey Ellis,Omar Santos,Katie Moussouris\'','PLV_2491c7eb04872fe91a4897b464a441a7','\'\'',NULL,149135),('4_Sunday','12','12:00','13:45','N','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'Offensive Cyber Industry Roundtable\'','\'Winnona DeSombre,Matt Holland,Sophia D\'Antoine\'','PLV_d86f060bc0b06f9df0402b02face0d07','\'Title: Offensive Cyber Industry Roundtable
\nWhen: Sunday, Aug 14, 12:00 - 13:45 PDT
\nWhere: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
\nSpeakers:Winnona DeSombre,Matt Holland,Sophia D\'Antoine
\n
SpeakerBio:Winnona DeSombre\n
\nNo BIO available
\n
SpeakerBio:Matt Holland\n, Founder of Field Effect
\nNo BIO available
\n
SpeakerBio:Sophia D\'Antoine\n, Founder of Margin Research
\nNo BIO available
\n\n
\nDescription:
\nJoin us for a Chatham House Rule conversation with hackers that provide capabilities to government cyber operations. Learn about the development and sale of offensive cyber capabilities, and what the government/policy perspectives are for regulating this space.\n
\n\n\'',NULL,149136),('4_Sunday','13','12:00','13:45','Y','PLV','Caesars Forum - Summit 224-225 - Policy Collaboratorium','\'Offensive Cyber Industry Roundtable\'','\'Winnona DeSombre,Matt Holland,Sophia D\'Antoine\'','PLV_d86f060bc0b06f9df0402b02face0d07','\'\'',NULL,149137),('3_Saturday','14','14:15','14:45','N','BTV','Virtual - BlueTeam Village - Talks','\'Hunting Malicious Office Macros\'','\'Anton Ovrutsky\'','BTV_cac41fa446dc97ac25e5756620915b86','\'Title: Hunting Malicious Office Macros
\nWhen: Saturday, Aug 13, 14:15 - 14:45 PDT
\nWhere: Virtual - BlueTeam Village - Talks
\n
SpeakerBio:Anton Ovrutsky\n
\nAnton is a BSides Toronto speaker, C3X volunteer, and an OSCE, OSCP, CISSP, CSSP certificate holder. Anton enjoys the defensive aspects of cybersecurity and loves logs and queries.
\n\n
\nDescription:
\nThe talk will cover the following areas:\n

Baselining Office macros behaviors\n
Contextualized / Risk-based alerting strategies \n
Data sets & Sysmon configurations will be provided\n
Coverage of new attack vectors such as mark of the web bypasses and VSTO files\n

When reviewing threat intelligence reports it is common to see malicious Office macros of various types used as an initial access vector. Recently, Microsoft announced big changes to Office behavior in the context of malicious macros. However, organizations still struggle with detecting malicious macros which is often a prerequisite for implementing any type of hardening changes. The aim of this talk is to address this gap and provide guidance on how to detect malicious macro usage in environments and highlight the necessary steps to ensure systems are properly hardened against this threat.\n

\n\'',NULL,149138),('3_Saturday','13','13:00','13:59','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)','\'Obsidian REM: Phishing In The Morning: An Abundance of Samples!\'','\'Alison N\'','BTV_24f7676c675ff36099e5e1d73ba5b23b','\'Title: Obsidian REM: Phishing In The Morning: An Abundance of Samples!
\nWhen: Saturday, Aug 13, 13:00 - 13:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person) - Map
\n
SpeakerBio:Alison N\n
\nNo BIO available
\n\n
\nDescription:
\nComing soon\n
\n

Coming soon\n

\n\'',NULL,149139),('2_Friday','15','15:00','15:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Heavyweights: Threat Hunting at Scale\'','\'Sherrod DeGrippo,Ashlee Benge,Jamie Williams,nohackme,Sean Zadig,Ryan Kovar\'','BTV_8c027f22247726c29ce4a45df6a455e0','\'Title: Heavyweights: Threat Hunting at Scale
\nWhen: Friday, Aug 12, 15:00 - 15:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\nSpeakers:Sherrod DeGrippo,Ashlee Benge,Jamie Williams,nohackme,Sean Zadig,Ryan Kovar
\n
SpeakerBio:Sherrod DeGrippo\n
\nSherrod DeGrippo is the Vice President of Threat Research and Detection for Proofpoint, Inc. She leads a worldwide malware research team to advance Proofpoint threat intelligence and keep organizations safe from cyberattacks. With more than 17 years of information security experience.
\n
SpeakerBio:Ashlee Benge\n
\nNo BIO available
\n
SpeakerBio:Jamie Williams\n
\nJamie is an adversary emulation engineer for The MITRE Corporation where he works with amazing people on various exciting efforts involving security operations and research, mostly focused on adversary emulation and behavior-based detections. He leads the development of MITRE ATT&CK® for Enterprise and has also led teams that help shape and deliver the â€œadversary-touchâ€ within MITRE Engenuity ATT&CK Evaluations as well as the Center for Threat-Informed Defense (CTID).
\nTwitter: @jamieantisocial
\n
SpeakerBio:nohackme\n
\nMick Baccio fell in love with the idea of cybersecurity at nine years old after reading Neuromancer, thinking \"I should do that.\" \nAfter an alphabet soup of federal agencies and a stint as the first CISO of a POTUS campaign, he is currently a Global Security Advisor at Splunk SURGe. He is still trying to do \'that\'.\nAir Jordans, Thrunting, Puns. Not sure the order.
\n
SpeakerBio:Sean Zadig\n
\nNo BIO available
\n
SpeakerBio:Ryan Kovar\n
\nNo BIO available
\n\n
\nDescription:
\nPanel Discussion discussing how evolving techniques for defenders is amplified, from some of the teams behind the blogs.\n
\n

Panel Discussion discussing how evolving techniques for defenders is amplified, from some of the teams behind the blogs.\n

\n\'',NULL,149140),('2_Friday','10','10:00','10:30','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Blue Team Village Opening Ceremony\'','\' \'','BTV_0db25512cee4c0e1bbb8ab0a521b2d8e','\'Title: Blue Team Village Opening Ceremony
\nWhen: Friday, Aug 12, 10:00 - 10:30 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\n
\nDescription:
\nBlue Team Village Opening Ceremony\n
\n

Blue Team Village Opening Ceremony\n

\n\'',NULL,149141),('4_Sunday','13','13:00','13:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Blue Team Village Closing Ceremony\'','\' \'','BTV_d2bd29fbdc84b56cac1615d081445ee6','\'Title: Blue Team Village Closing Ceremony
\nWhen: Sunday, Aug 14, 13:00 - 13:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\n
\nDescription:
\nClosing ceremony for Blue Team Village @ DEF CON 30\n
\n

Closing ceremony for Blue Team Village @ DEF CON 30\n

\n\'',NULL,149142),('2_Friday','13','13:00','13:59','N','BTV','Virtual - BlueTeam Village - Talks','\'Improving security posture of MacOS and Linux with Azure AD\'','\'Michael Epping,Mark Morowczynski\'','BTV_4efef100f90d79722d229692feae669f','\'Title: Improving security posture of MacOS and Linux with Azure AD
\nWhen: Friday, Aug 12, 13:00 - 13:59 PDT
\nWhere: Virtual - BlueTeam Village - Talks
\nSpeakers:Michael Epping,Mark Morowczynski
\n
SpeakerBio:Michael Epping\n
\nMichael Epping is a Senior Product Manager in the Azure AD Engineering team at Microsoft. He is part of the customer experience team and his role is to accelerate the adoption of cloud services across enterprise customers. Michael helps customers deploy Azure AD features and capabilities via long-term engagements that can last years, as well as working within the engineering organization as an advocate on behalf of those customers. Michael has more than 9 years of experience working with customers to deploy Microsoft products like Azure AD, Intune, and Office 365.
\n
SpeakerBio:Mark Morowczynski\n
\nMark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was PFE supporting Active Directory, Active Directory Federation Services and Windows Client performance. He was also one of the founders of the AskPFEPlat blog. He\'s spoken at various industry events such as Black Hat, Defcon Blue Team Village, Blue Team Con, GrayHat, several BSides, Microsoft Ignite, Microsoft MVP Summits, The Experts Conference (TEC), The Cloud Identity Summit, SANs Security Summits and TechMentor.
\n\n
\nDescription:
\nWe are from the Microsoft identity product group responsible for Active Directory and Azure Active Directory. Weâ€™ve noticed many customers struggle to deliver a good end user experience to their Apple and Linux Platforms. There are various ways to do this, but many customers are simply unaware of recommended configurations and best practices. This will be a deeply technical session that focuses not only on what can be done to improve this experience, but how the underlying Microsoft, Linux, and Apple technologies can work better together.\n
\n

Most organizations have Windows, MacOS and Linux in their environment. Typically many of the security controls that are applied to Windows are not applied to MacOS or Linux, due to the size of the footprint and the difficulty of implementation. This can lead to holes in an organization\'s overall security posture as well as a poor end user experience.\n

Recently, Azure AD has released some new functionality to help improve the overall environment security posture for MacOS and Linux, both servers and clients. We\'ll discuss how these pieces work deep down and some best practices on deploying them.\n

\n\'',NULL,149143),('3_Saturday','10','10:30','11:30','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian: IR - OODA! An hour in incident responder life\'','\'juju43\'','BTV_9e87fa7a39b8c41aa7f4a7af31424c6e','\'Title: Obsidian: IR - OODA! An hour in incident responder life
\nWhen: Saturday, Aug 13, 10:30 - 11:30 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
\n
SpeakerBio:juju43\n
\nNo BIO available
\n\n
\nDescription:
\nProject Obsidian Incident Response station will walk through the OODA loop and Jupyter Notebooks to help you investigate, document and answer the key questions during incidents.\nThis session is based on Kill Chain 3 data set and will leverage msticpy.\nData, Notebook and Presentation will be made available after Defcon.\n

Blue Team Villageâ€™s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n

Let\'s dance and fly from dogfight to cyberworld. How to investigate and win against threats.\n

\n\'',NULL,149144),('3_Saturday','11','10:30','11:30','Y','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian: IR - OODA! An hour in incident responder life\'','\'juju43\'','BTV_9e87fa7a39b8c41aa7f4a7af31424c6e','\'\'',NULL,149145),('2_Friday','10','10:30','11:30','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian Forensics: Kill Chain 1 Endpoint Forensics Walkthrough\'','\'Omenscan\'','BTV_851d366a13629a2a541e5ec37c9d56bb','\'Title: Obsidian Forensics: Kill Chain 1 Endpoint Forensics Walkthrough
\nWhen: Friday, Aug 12, 10:30 - 11:30 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
\n
SpeakerBio:Omenscan\n
\nObsidian Forensics Lead
\n\n
\nDescription:
\nObsidian Forensics Station: In this pre-recorded presentation we will walk through the artifacts and analysis of the Obsidian Kill Chain 1 using forensics artifacts found on the affected Endpoints.\n

Obsidian Forensics Station: Kill Chain 1 Endpoint Forensics Walkthrough\n

\n\'',NULL,149146),('2_Friday','11','10:30','11:30','Y','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian Forensics: Kill Chain 1 Endpoint Forensics Walkthrough\'','\'Omenscan\'','BTV_851d366a13629a2a541e5ec37c9d56bb','\'\'',NULL,149147),('2_Friday','11','11:30','12:30','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)','\'Obsidian CTI: Generating Threat Intelligence from an Incident\'','\'ttheveii0x,Stephanie G.,l00sid\'','BTV_c14773315c66629cc7799fb7430775fe','\'Title: Obsidian CTI: Generating Threat Intelligence from an Incident
\nWhen: Friday, Aug 12, 11:30 - 12:30 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person) - Map
\nSpeakers:ttheveii0x,Stephanie G.,l00sid
\n
SpeakerBio:ttheveii0x\n
\nMentor, Hacker, Cyber Threat Intelligence, Reverse Engineering Malware, OSINT, 70757a7a6c6573, Blue Team Village Director, Consultant
\n
SpeakerBio:Stephanie G.\n
\nStephanie is a security software engineer in the product security space. She is a volunteer on BTV\'s CTI team for Project Obsidian at DEF CON 30.
\n
SpeakerBio:l00sid\n
\nl00sid just started a career as a blue teamer. He loves the kinds of puzzles he gets to solve in the process of stopping attackers.
\n\n
\nDescription:
\nThis module covers:\n

Direction & Planning: Overview of CTI stakeholders and intelligence requirements\n
Collection: CTI analysts role during an incident\n
Processing: Intrusion data & information\n
Analysis & Production: Elements to include in a report\n
Dissemination: Sharing the report with stakeholders\n
Feedback & Evaluation: Methods for receiving feedback

The objective is to demonstrate the critical role CTI plays both during and after an incident.\n

This session presents an overview of how threat intelligence can be generated from an incident and shared with various stakeholders. We\'ll run through an incident and demonstrate how the CTI team plays a critical role by performing research and providing insights based on stakeholder requirements.\n

\n\'',NULL,149148),('2_Friday','12','11:30','12:30','Y','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)','\'Obsidian CTI: Generating Threat Intelligence from an Incident\'','\'ttheveii0x,Stephanie G.,l00sid\'','BTV_c14773315c66629cc7799fb7430775fe','\'\'',NULL,149149),('3_Saturday','16','16:00','16:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Making Your SOC Suck Less\'','\'Alissa Torres,Carson Zimmerman,Sebastian Stein,Shawn Thomas,Jackie Bow\'','BTV_4e0bde0fa24acfb0c8179cf50513222b','\'Title: Making Your SOC Suck Less
\nWhen: Saturday, Aug 13, 16:00 - 16:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\nSpeakers:Alissa Torres,Carson Zimmerman,Sebastian Stein,Shawn Thomas,Jackie Bow
\n
SpeakerBio:Alissa Torres\n
\nNo BIO available
\n
SpeakerBio:Carson Zimmerman\n
\nCarson Zimmerman has been working in cybersecurity for about 20 years. In his current role at Microsoft, he leads an investigations team responsible for defending the M365 platform and ecosystem. Previously at The MITRE Corporation, Carson specialized in cybersecurity operations center architecture, consulting, and engineering. In his early days at MITRE, Carson worked in roles ranging from CSOC tier 1 analysis, to secure systems design consulting, to vulnerability assessment. Carson recently co-wrote 11 Strategies of a World-Class Cybersecurity Operations Center, available at mitre.org/11Strategies.
\n
SpeakerBio:Sebastian Stein\n
\nSecurity Operations Leader from the \"uber innovative\" SF Bay Area (originally from Berlin) with 12y of security and 10y of infra experience. Currently defending a $2B publicly traded pharmaceutical company. \nSecurity at scale is hard! And when everything is cobbled together with off-the-shelf software, it is almost impossible. Security teams always have everyone else\'s back and are absolutely allowed to fail.
\n
SpeakerBio:Shawn Thomas\n
\nShawn is ex Incident Response consultant, SOC manager, and current Head of Incident Response at Yahoo!, a Paranoid by trade and title he has spent his career trying to find badness and protect users. Shawn has worked in or managed many SOCâ€™s across both the government, private sector, and MSSP space. He loves to teach and talk DFIR/Operations, volunteer at conferences, host podcasts, including Positively Blue Team and The Paranoids Podcast, and help run the DeadPixelSec discord community which is his infosec home.
\n
SpeakerBio:Jackie Bow\n
\nA Jackie-of-all- trades, master of none, Jackie seems to be physically unable to stop returning to threat detection and response. Her 10 years in the industry have been spent in malware analysis, reverse engineering, and infrastructure and product security. She has been an analyst, engineer, and leader. Currently, she is focused on building out the threat detection and response program at Asana. She aspires to build teams that leave members better than they were found, technically AND mentally. She speaks and sometimes writes about burnout awareness and efforts to dismantle the gatekeeping of technical security roles.
\n\n
\nDescription:
\nThe Security Operations Center: is it really more than a place to go where dreams die? So many analysts feel that the soul-sucking march of awful false positive alerts will never end; thereâ€™s no way to improve and theyâ€™re in a dead end job. How can you turn your nightmare into something more bearable? Come join our panelists, four security analysts turned leaders, as they get grilled by our moderator in answering this question and more. By the end of this talk, you will gain a series of tips and tricks to take back to your SOC whether itâ€™s new or old, big or small, chaotic or calm. You will learn how to get the most from your individual experience, lift up your team around you, or at least recognize when itâ€™s time to run like mad.\n
\n

The Security Operations Center: is it really more than a place to go where dreams die? So many analysts feel that thereâ€™s no way to improve and theyâ€™re in a dead end job. How can you turn your nightmare into something more bearable? By the end of this panel, you will gain a series of tips and tricks to take back to your SOC, you will learn how to get the most from your individual experience, lift up your team around you, or at least recognize when itâ€™s time to run like mad.\n

\n\'',NULL,149150),('2_Friday','13','13:00','13:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Obsidian Forensics: KillChain1 - Adventures in Splunk and Security Onion\'','\'Wes Lambert,ExtremePaperClip,Omenscan\'','BTV_0e21339197d014144040bc7ab7ca662e','\'Title: Obsidian Forensics: KillChain1 - Adventures in Splunk and Security Onion
\nWhen: Friday, Aug 12, 13:00 - 13:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\nSpeakers:Wes Lambert,ExtremePaperClip,Omenscan
\n
SpeakerBio:Wes Lambert\n
\nNo BIO available
\n
SpeakerBio:ExtremePaperClip\n
\nDigital Forensics Nerd, Linux Geek, InfoSec Dork, Lifelong Student of Everything, Amateur History Buff... Loads of Fun.
\n
SpeakerBio:Omenscan\n
\nObsidian Forensics Lead
\n\n
\nDescription:
\nA Live Forensics Walkthrough of Obsidian Kill Chain 1 (KC1) forensics analysis using Splunk and Security Onion\n

A Live Forensics Walkthrough of Obsidian Kill Chain 1 (KC1) forensics analysis using Splunk and Security Onion\n

\n\'',NULL,149151),('3_Saturday','14','14:30','14:59','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian Forensics: Creating a custom Velociraptor collector\'','\'Wes Lambert,Omenscan\'','BTV_29a2a27dc832caea96f94016bf66d6c1','\'Title: Obsidian Forensics: Creating a custom Velociraptor collector
\nWhen: Saturday, Aug 13, 14:30 - 14:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
\nSpeakers:Wes Lambert,Omenscan
\n
SpeakerBio:Wes Lambert\n
\nNo BIO available
\n
SpeakerBio:Omenscan\n
\nObsidian Forensics Lead
\n\n
\nDescription:
\nObsidian 4n6 Station: Pre-Recorded - Obsidian 4n6: Creating a custom Velociraptor collector\n

Obsidian 4n6 Station: Pre-Recorded - Obsidian 4n6: Creating a custom Velociraptor collector\n

\n\'',NULL,149152),('2_Friday','13','13:00','14:30','N','BTV','Virtual - BlueTeam Village - Workshops','\'Ransomware ATT&CK and Defense\'','\'Daniel Chen,Esther Matut,Ronny Thammasathiti,Nick Baker,Ben Hughes\'','BTV_d072c426a0c201c24a15f864ebe5f0d8','\'Title: Ransomware ATT&CK and Defense
\nWhen: Friday, Aug 12, 13:00 - 14:30 PDT
\nWhere: Virtual - BlueTeam Village - Workshops
\nSpeakers:Daniel Chen,Esther Matut,Ronny Thammasathiti,Nick Baker,Ben Hughes
\n
SpeakerBio:Daniel Chen\n
\nDFIR consultant and penetration tester at Polito Inc. I investigated numerous ransomware incidents, hunted for adversaries, and assisted with red teaming.
\n
SpeakerBio:Esther Matut\n
\nTo be completed.
\n
SpeakerBio:Ronny Thammasathiti\n
\nRonny Thammasathiti (@ronnyt) started out as an aspiring concert pianist but later took a big switch to cyber security with Polito Inc in the past 4 years. His main role at the company is as a detection Engineer using Elasticsearch and developing tools and applications using his knowledge of Python language.
\n
SpeakerBio:Nick Baker\n
\nNick Baker has over 10 years in cybersecurity. Prior to Polito, Nick spent 20 years as a Signal Warrant Officer in the U.S. Army. He performed over 10 years in the cybersecurity field with a heavy focus in computer network defense by providing expertise for the proper employment, support, and defense of strategic and tactical information networks, systems, and services in operations supporting the Armyâ€™s cyberspace domain. Nickâ€™s other 10 years was providing IT support, operations, and functions. I hold multiple credentials including SANS, CompTIA and ICS2.
\n
SpeakerBio:Ben Hughes\n
\nBen Hughes (@CyberPraesidium) brings over 15 years of diverse experience in cybersecurity, IT, and law. He leads Polito Inc.\'s commercial cybersecurity services including threat hunting, digital forensics and incident response (DFIR), penetration testing, red teaming, adversary emulation, and training. Prior to Polito, Ben worked on APT hunt teams at federal and commercial clients. He currently holds CISSP, GCFA, GWAPT, and endpoint security vendor certifications.
\n\n
\nDescription:
\nThis hands-on training workshop will walk attendees through threat hunting exercises to detect and investigate common Tactics, Techniques, and Procedures (TTPs) frequently used by ransomware threat actors during an attack. From Reconnaissance and Initial Access to Exfiltration and Impact, attendees will be exposed to a compressed ransomware attack lifecycle while being able to leverage attack TTPs including commands, scripts, tools, communication channels, and techniques that we frequently see and use in the wild. Tactics and techniques will be mapped to the MITRE ATT&CK Framework, and will be inspired by ATT&CK\'s Adversary Emulation Plans. The workshop will accordingly incorporate offensive operation elements such as adversary emulation and red teaming, but with an emphasis on purple teaming and blue teaming. In other words, we will explore the logs and other artifacts potentially left behind by our attack TTPs and how the blue team might utilize endpoint and network logs and defensive tooling to detect and disrupt the ATT&CK kill chain components. Examples of tools and threat intelligence sources that will be incorporated include Atomic Red Team, open-source offensive security tools such as Mimikatz, Living off the Land Binaries and Scripts (LOLBAS) including PowerShell, real-world or Proof-of-Concept malware samples and exploits, and leaked ransomware playbooks supplemented by other open-source intelligence (OSINT) sources; and specifically on the blue team side, popular security logging pipeline and Security Information and Events Management (SIEM) tools such as Sysmon and Elastic Stack.\n
\n

This hands-on training workshop will walk attendees through hunting for Tactics, Techniques, and Procedures (TTPs) frequently used by ransomware adversaries. From Reconnaissance and Initial Access to Exfiltration and Impact, attendees will be exposed to a compressed ransomware attack lifecycle. Workshop TTPs will be mapped to the MITRE ATT&CK Framework, and it will incorporate offensive operation elements such as adversary emulation, but while emphasizing purple and blue teaming. We will explore the endpoint and network logs left behind by attack TTPs and how the blue team can utilize such logs and defensive tooling to detect and disrupt the attack.\n

\n\'',NULL,149153),('2_Friday','14','13:00','14:30','Y','BTV','Virtual - BlueTeam Village - Workshops','\'Ransomware ATT&CK and Defense\'','\'Daniel Chen,Esther Matut,Ronny Thammasathiti,Nick Baker,Ben Hughes\'','BTV_d072c426a0c201c24a15f864ebe5f0d8','\'\'',NULL,149154),('3_Saturday','17','17:00','17:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Latest and Greatest in Incident Response\'','\'Lauren Proehl,Jess,LitMoose,plug,zr0\'','BTV_a020d26cd25fd7864c4b6de82bbed8c7','\'Title: Latest and Greatest in Incident Response
\nWhen: Saturday, Aug 13, 17:00 - 17:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\nSpeakers:Lauren Proehl,Jess,LitMoose,plug,zr0
\n
SpeakerBio:Lauren Proehl\n
\nLauren is currently the Sr Manager of Global Cyber Defense at Marsh McLennanâ€¦ which is a wordy way of saying she manages CTI, Threat Hunting, Security Automation, and SOC things. When she isnâ€™t in front of a screen, she is running long distances in the woods, cycling over gravel trails, or acquiring more cats in order to reach crazy cat lady status.
\n
SpeakerBio:Jess\n
\nNo BIO available
\n
SpeakerBio:LitMoose\n
\nMoose (aka Heather) is a benevolent Principal Incident Response consultant with CrowdStrike. Moose leads cases globally specializing in c-level grief counseling, eCrime stomping, forensic dumpster diving, attacker evictions, and long sessions staring deeply into logs, code, and config files. \nOutside of IR, Moose is a mother of cats, fiddler, and lover of potatoes in all forms.
\n
SpeakerBio:plug\n
\nNo BIO available
\n
SpeakerBio:zr0\n
\nzr0 is currently a Sr. Consultant on the IBM X-Force IR team leading both reactive and proactive DFIR engagements. In his spare time, z_r0 loves playing competitive tennis, and exploring new things to do in the city with his new wife!
\n\n
\nDescription:
\nIR is constantly in motion, adversaries change tactics and techniques and so do Incident Responders. Come hear from IR professionals what they\'ve been up to for the past year.\n
\n

IR is constantly in motion, adversaries change tactics and techniques and so do Incident Responders. Come hear from IR professionals what they\'ve been up to for the past year.\n

\n\'',NULL,149155),('2_Friday','10','10:30','11:30','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)','\'Obsidian CTH: Go Phish: Visualizing Basic Malice\'','\'SamunoskeX\'','BTV_f94332a5d5c99a28b325f22a349449c5','\'Title: Obsidian CTH: Go Phish: Visualizing Basic Malice
\nWhen: Friday, Aug 12, 10:30 - 11:30 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person) - Map
\n
SpeakerBio:SamunoskeX\n
\nNo BIO available
\n\n
\nDescription:
\nCome take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment? We will take a journey as if we are a new member of the Magnum Tempus Financial Security Team and proceed through a Threat Hunt through the eyes of a newbie in the field of Threat Hunting.\n

Come take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment? We will take a journey as if we are a new member of the Magnum Tempus Financial Security Team and proceed through a Threat Hunt through the eyes of a newbie in the field of Threat Hunting.\n

Blue Team Villageâ€™s Project Obsidian is an immersive, defensive cybersecurity learning experience.\n

\n\'',NULL,149156),('2_Friday','11','10:30','11:30','Y','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)','\'Obsidian CTH: Go Phish: Visualizing Basic Malice\'','\'SamunoskeX\'','BTV_f94332a5d5c99a28b325f22a349449c5','\'\'',NULL,149157),('2_Friday','17','17:00','17:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Blue Teaming Cloud: Security Engineering for Cloud Forensics & Incident Response\'','\'John Orleans,Misstech,Cassandra Young (muteki),KyleHaxWhy\'','BTV_6851a7d01b250c8a80ee2210313b1591','\'Title: Blue Teaming Cloud: Security Engineering for Cloud Forensics & Incident Response
\nWhen: Friday, Aug 12, 17:00 - 17:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\nSpeakers:John Orleans,Misstech,Cassandra Young (muteki),KyleHaxWhy
\n
SpeakerBio:John Orleans\n
\nTo be completed.
\n
SpeakerBio:Misstech\n
\nAs part of Microsoft\'s customer facing Detection and Response Team (DART), I work as a cloud hunter and lead investigator, battling alongside our customers on the front lines of incident response. Our work often involves dealing with live incidents involving APT and nation state actors and hunting them is what brings me joy.
\n
SpeakerBio:Cassandra Young (muteki)\n
\nCassandra (aka muteki) works full time in information security consulting, specializing in Cloud Security Architecture and Engineering. She holds a masterâ€™s degree in Computer Science, focusing on cloud-based app development and academic research on serverless security and privacy/anonymity technology. Additionally, as one of the directors of Blue Team Village, Cassandra works to bring free Blue Team talks, workshops and more to the broader security community.
\nTwitter: @muteki_rtw
\n
SpeakerBio:KyleHaxWhy\n
\nKyleHaxWhy likes bananas.
\n\n
\nDescription:
\nWhether youâ€™re in AWS, Azure or GCP, cloud security engineering doesnâ€™t stop at basic guardrails and sending logs to a SIEM. So how do you engineer for the challenges unique to cloud forensics and incident response? This panel of cloud security engineers and incident responders will share their experiences and insights to help you take your security engineering from â€œjust the basicsâ€ to â€œprepared for the inevitableâ€.\n
\n

Whether youâ€™re in AWS, Azure or GCP, cloud security engineering doesnâ€™t stop at basic guardrails and sending logs to a SIEM. So how do you engineer for the challenges unique to cloud forensics and incident response? This panel of cloud security engineers and incident responders will share their experiences and insights to help you take your security engineering from â€œjust the basicsâ€ to â€œprepared for the inevitableâ€.\n

\n\'',NULL,149158),('3_Saturday','13','13:00','13:59','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian: IR - Final Reporting Made Exciting*\'','\'aviditas,CountZ3r0\'','BTV_0be7ffbc2566c31fd3175651302de572','\'Title: Obsidian: IR - Final Reporting Made Exciting*
\nWhen: Saturday, Aug 13, 13:00 - 13:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
\nSpeakers:aviditas,CountZ3r0
\n
SpeakerBio:aviditas\n
\nNo BIO available
\n
SpeakerBio:CountZ3r0\n
\nStuff goes here.
\n\n
\nDescription:
\n*Insert eye catching and compelling abstract on IR final reporting here. Make it seem exciting and not at all a dreaded yet critical part of incident handling.\n

*Insert eye catching and compelling abstract on IR final reporting here. Make it seem exciting and not at all a dreaded yet critical part of incident handling.\n

\n\'',NULL,149159),('2_Friday','11','11:45','12:45','N','BTV','Virtual - BlueTeam Village - Talks','\'Malicious memory techniques on Windows and how to spot them\'','\'Connor Morley\'','BTV_5169886779cf65762225e3b687c2066f','\'Title: Malicious memory techniques on Windows and how to spot them
\nWhen: Friday, Aug 12, 11:45 - 12:45 PDT
\nWhere: Virtual - BlueTeam Village - Talks
\n
SpeakerBio:Connor Morley\n
\nConnor Morley is a senior security researcher at WithSecure. A keen investigator of malicious TTPâ€™s, he enjoys experimenting and dissecting malicious tools to determine functionality and developing detection methodology. As a researcher and part time threat hunter he is experienced with traditional and â€˜in the wildâ€™ malicious actorsâ€™ behaviour.
\n\n
\nDescription:
\nMy presentation will cover malicious memory techniques which will focus on the Windows operating system. These will span from relatively simple in-line hooking techniques used to jump to malicious code or circumvent legitimate code execution, all the way to manipulation of exception handling mechanisms. The talk will also cover information on problematic situations which occur when designing detection mechanisms for such activities in the real world where cost-balancing is required for resource management. \n

I will explain in-line hooking, Kernel patching (InfinityHook, Ghost_in_the_logs), Heaven-Gate hooking and Vectored Exception Handler (VEH) manipulation techniques (FireWalker) and how they can be detected. In-line hooking and Heavens-Gate hooking involves the practice of manipulating the loaded memory of a module within a specific processes memory space. Kernel Patching involves injecting a hook into the Kernel memory space in order to provide a low level, high priority bypassing technique for malicious programs to circumvent ETW log publication via vulnerable kernel driver installation. VEH manipulation is the use of the high priority frameless exception mechanism in order to circumvent memory integrity checks, manipulate flow control and even run malicious shellcode. Detection for all these techniques will involve advancing from the explanation of its execution to the telemetry sources that can be leveraged for detection purposes. In all cases this involves the examination of volatile memory, however as each technique targets a different native functionality, the mechanisms required to analyze the memory differ greatly. The deviations can be relatively simple, but in some cases an understanding of undocumented mechanisms and structures is required to affect detection capability \n

Examination of un-tabled module function modifications will also provide insight into some of the difficulties involved in this detection development work. This section will provide the audience with a low level technical understanding of how these techniques are targeted, developed and used by malicious actors and some possible solutions for detection, with an explanation of the inherent caveats in such solutions (primarily around resource availability or accuracy trade-offs). \n

A full explanation on devised detection methodology and collectable telemetry will be provided for each malicious technique. This will cover the overall detection capabilities as well as exploring the low level mechanisms used to collect this data from the monitored system such as OP code heuristics and memory location attribution crossing CPU mode boundaries. Included in this explanation will be an explanation on issues encountered with collection, typically related to OS architecture choices, and how these can also be circumvented to enable effective monitoring. \n

Audience members should leave my presentation having a firm grasp on the fundamentals of all the techniques outlined and why attackers may choose to employ them in different scenarios. Along with a functional understanding of the malicious technique, the audience members will also be supplied with a working understanding of detection options for these techniques and clear examples of how monitoring can be deployed and integrated into their solutions.\n

Malicious actors are always trying to find new ways to avoid detection by evermore vigilant EDR systems and deploy their payloads. Over the years, the scope of techniques used has branched from relatively simplistic hash comparison and sandbox avoidance to low level log dodging and even direct circumvention of EDR telemetry acquisition. By examining some of the techniques used on Windows systems this talk will highlight will highlight the range of capabilities defensive operators are dealing with, how some can be detected and, in rare cases, the performance and false-positive obstacles in designing detection capability.\n

\n\'',NULL,149160),('2_Friday','12','11:45','12:45','Y','BTV','Virtual - BlueTeam Village - Talks','\'Malicious memory techniques on Windows and how to spot them\'','\'Connor Morley\'','BTV_5169886779cf65762225e3b687c2066f','\'\'',NULL,149161),('3_Saturday','11','11:00','11:59','N','BTV','Virtual - BlueTeam Village - Talks','\'Threat Hunt Trilogy: A Beast in the Shadow!\'','\'Dr. Meisam Eslahi\'','BTV_7362cd537552cd0835e7c3072902e950','\'Title: Threat Hunt Trilogy: A Beast in the Shadow!
\nWhen: Saturday, Aug 13, 11:00 - 11:59 PDT
\nWhere: Virtual - BlueTeam Village - Talks
\n
SpeakerBio:Dr. Meisam Eslahi\n
\nMeisam is a technical cybersecurity practitioner with solid expertise in providing strategies and technical directions, building new service/business lines, diverse teams, and capabilities. He has over 20 years of experience in information technology, with 16 years dedicated to cybersecurity in leadership and technical roles leading a wide range of services for multi-national clients mainly in Red Teaming, Threat Hunting, DFIR, Cyber Drill, Compromise Assessment, and Penetration Testing. He is also a security researcher [MITRE D3FEND contributor], blogger [cybermeisam.medium.com], mentor, and speaker in many global events and conferences such as Defcon, BSidesSG, and NASSCOM.
\n\n
\nDescription:
\nAlthough file-less threats may require some sort of files to operate or indirectly use them in some part of their lifecycle (e.g., infection chain), their malicious activities are conducted only in the memory. The adversaries misuse the trusted applications or native utilities such as PowerShell and WMI to download and load malicious codes directly into memory and execute them without touching the hard disk. \n

The newly discovered file-less threat campaign utilizes an innovative technique for the first time to store and hide its shellcode in the Windows event logs, which will be loaded and used by a dropper in the last stage of the infection lifecycle. To put it simply, the file-less threat could be a nightmare for blue teams and threat hunters. \n

This technical talk will briefly explain the different categories of file-less threats; however, as the title suggests, the focus of this trilogy will be a file-less threat hunt via three different approaches as follows:\n

â€¢ System Live Analysis: A few techniques such as running processes and lineage analysis, command-line Strings, masquerading and obfuscation, and port to process mapping will be used to look for the file-less threat traces on a live active system. \n

â€¢ Memory Forensics: This is one of the most exciting parts as it dives into the main territory of file-less threats and examines PowerShell execution, process tree, hierarchy, and handles to look for any potential signs of threats.\n

â€¢ Network Packet Investigation: Network conversations, malicious HTTP requests, files transferred, and adversaries\' commands will be extracted from network packets (i.e., a sample PCAP file) to hunt the files-less threat used in the previous parts. \n

Finally, a comparative review discusses the advantages and disadvantages of the above techniques. All the three approaches will be conducted using open-source and free tools, native operating system commands, and built-in utilities. The threat hunt hypothesis and educated guesses will be formulated based on the industrial test cases provided by MITRE ATT&CK, D3fend, and CAR [Cyber Analytics Repository].\n

File-less threats operate in silence and stealth, enabling adversaries to bypass automated cybersecurity, lurk in our digital wonderland, and avoid standard detections. They are hidden beasts in shadow! This technical talk will briefly explain the different types of file-less threats and the importance of threat hunting to combat them. A Windows-based file-less threat will also be hunted via the live system, memory, and network packet analysis, followed by a comparative discussion about each method\'s capabilities. The threat hunts\' hypotheses used in this presentation are practical, and all will be mapped with MITRE knowledge bases.\n

\n\'',NULL,149162),('2_Friday','10','10:30','11:30','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Obsidian Live: Eating the Elephant 1 byte at a Time\'','\'aviditas,ChocolateCoat\'','BTV_ae14584ebe3d548074aaf10d79287b25','\'Title: Obsidian Live: Eating the Elephant 1 byte at a Time
\nWhen: Friday, Aug 12, 10:30 - 11:30 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\nSpeakers:aviditas,ChocolateCoat
\n
SpeakerBio:aviditas\n
\nNo BIO available
\n
SpeakerBio:ChocolateCoat\n
\nNo BIO available
\n\n
\nDescription:
\nIncident Response: This is a live walkthrough of a real world incident focused on the first half of incident response. We will be breaking down scoping, triage, and communication aspects of incident handling into digestible and actionable recommendations.\n

Incident Response: This is a live walkthrough of a real world incident focused on the first half of incident response. We will be breaking down scoping, triage, and communication aspects of incident handling into digestible and actionable recommendations.\n

\n\'',NULL,149163),('2_Friday','11','10:30','11:30','Y','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Obsidian Live: Eating the Elephant 1 byte at a Time\'','\'aviditas,ChocolateCoat\'','BTV_ae14584ebe3d548074aaf10d79287b25','\'\'',NULL,149164),('2_Friday','14','14:15','15:15','N','BTV','Virtual - BlueTeam Village - Talks','\'Lend me your IR\'s!\'','\'Matt Scheurer\'','BTV_7c518a5052de99b6ec348f700e9f2b6a','\'Title: Lend me your IR\'s!
\nWhen: Friday, Aug 12, 14:15 - 15:15 PDT
\nWhere: Virtual - BlueTeam Village - Talks
\n
SpeakerBio:Matt Scheurer\n
\nMatt Scheurer is a show host for the ThreatReel Podcast, and also works as an Assistant Vice President of Computer Security and Incident Response in a large enterprise environment. Matt has many years of hands-on technical experience, including Digital Forensics and Incident Response (DFIR). He volunteers as a \"Hacking is NOT a Crime\" Advocate and as a technical mentor for the Women\'s Security Alliance (WomSA). Matt is a 2019 comSpark â€œRising Tech Stars Awardâ€ winner, and has presented on numerous Information Security topics at many technology meetup groups and prominent Information Security conferences across the country.
\n\n
\nDescription:
\nThis is a fun technical talk covering three of my favorite security investigations as an Incident Response professional. The presentation features demoed reenactments of actual real-world attacks. I showcase both the attacker side as well as the investigation side of these security incidents. I show and talk through example source code and explain how each of the attacks work. I then flip these scenarios around by explaining how to use numerous free and open-source tools to investigate those same security incidents. Each scenario is closed by covering the follow-up remediation steps.\n
\n

Protecting systems and networks as a tech defender means withstanding a constant barrage of unsophisticated attacks from automated tools, botnets, crawlers, exploit kits, phish kits, and script kiddies; oh my! Occasionally, we encounter attacks worthy of style points for creativity or new twists on old attack techniques. This talk features demoed reenactments from some advanced attacks investigated by the presenter. The demos showcase technical deep dives of the underpinnings from both the attacker and investigator sides of these attacks. Attendee key takeaways are strategies, freely available tools, and techniques helpful during incident response investigations.\n

\n\'',NULL,149165),('2_Friday','15','14:15','15:15','Y','BTV','Virtual - BlueTeam Village - Talks','\'Lend me your IR\'s!\'','\'Matt Scheurer\'','BTV_7c518a5052de99b6ec348f700e9f2b6a','\'\'',NULL,149166),('3_Saturday','11','11:00','14:59','N','BTV','Virtual - BlueTeam Village - Workshops','\'Web Shell Hunting\'','\'Joe Schottman\'','BTV_78d50fb1d3686f9155a1eed371f8026f','\'Title: Web Shell Hunting
\nWhen: Saturday, Aug 13, 11:00 - 14:59 PDT
\nWhere: Virtual - BlueTeam Village - Workshops
\n
SpeakerBio:Joe Schottman\n
\nJoe Schottman has worn most hats in IT and Security, ranging from application development to DevOps to offensive and defensive security. The nexus of this experience is research into Web Shells. He\'s spoken and given training on topics such as Purple Teams, API security, Web Shells, Web Threat Hunting, and more at AppSec Village at DEF CON, OWASP Global, SANS Summits, various BSides, Circle City Con, and other events.
\n\n
\nDescription:
\nThis workshop will provide the basics of what web shells are, how they are typically used, defensive strategies to prevent them, and ways they can be detected in different layers of security. The detection layers that will be covered are antivirus/endpoint protection, file integrity monitoring, file system analysis, log analysis, network traffic analysis, and endpoint anomaly detection.\n

Participants will be provided with a virtual machine image that they could both exploit with web shells and perform threat hunting on.\n

The breakdown is roughly this:
\n60-80 minutes - what web shells are, what they\'re used for, ways they can be detected\n20 minutes - overview of my perspective on what web threat hunting is and how it varies from conventional threat hunting (TLDR - if you\'re on the internet, you\'re always going to be attacked so it\'s not a matter of picking up an unknown threat so much as filtering through evidence to determine if an attack is actually dangerous)\n90+ minutes - hands-on exercises covering various ways to detect web shells such as file integrity monitoring, deobfuscation, YARA, dirty words, time stomping, etc. And then exploiting a vulnerable application and uploading a Web Shell and showing how it can be used to plunder data.\n

Web Shells are malicious web applications used for remote access. They\'ve been used in many of the recent prominent breaches/vulnerabilities including Equifax, SolarWinds, and ProxyLogon and are used by APTs and other threats. With ProxyLogon, the FBI was authorized to remove them from victim machines.\n

This session will help you avoid telling your employer that the FBI is now doing volunteer admin work by teaching you about Web Shells, how to hunt for them, and doing hands-on hunting in a VM. A little groundwork goes a long way and this class will show what to do.\n

\n\'',NULL,149167),('3_Saturday','12','11:00','14:59','Y','BTV','Virtual - BlueTeam Village - Workshops','\'Web Shell Hunting\'','\'Joe Schottman\'','BTV_78d50fb1d3686f9155a1eed371f8026f','\'\'',NULL,149168),('3_Saturday','13','11:00','14:59','Y','BTV','Virtual - BlueTeam Village - Workshops','\'Web Shell Hunting\'','\'Joe Schottman\'','BTV_78d50fb1d3686f9155a1eed371f8026f','\'\'',NULL,149169),('3_Saturday','14','11:00','14:59','Y','BTV','Virtual - BlueTeam Village - Workshops','\'Web Shell Hunting\'','\'Joe Schottman\'','BTV_78d50fb1d3686f9155a1eed371f8026f','\'\'',NULL,149170),('3_Saturday','15','15:00','15:15','N','BTV','Virtual - BlueTeam Village - Talks','\'Horusec - Brazilian SAST help World\'','\'Gilmar Esteves\'','BTV_49b0a2628cd54dcdca3fd9e4fb709227','\'Title: Horusec - Brazilian SAST help World
\nWhen: Saturday, Aug 13, 15:00 - 15:15 PDT
\nWhere: Virtual - BlueTeam Village - Talks
\n
SpeakerBio:Gilmar Esteves\n
\nGilmar works with information security2006. He was a Marine in the Brazilian Navy, worked in large telecom and payments companies. He is currently Vice President of Information Security and coordinates some research fronts in addition to the day to day of Cyber.
\n\n
\nDescription:
\nDemonstrate how Horusec can help and how easy it is to get started. Show the evolutions of the latest version and invite people to contribute. Show the case of Log4j where we became Top Trend on Twitter because of the detection and after that several big companies started using it.\n

Demonstrate from installation to configuration to detection and how AppSec and BlueTeam times can benefit.\n

Presentation of the Horusec tool (https://github.com/ZupIT/horusec) that was developed by ZUP IT in Brazil to help companies identify security problems in the most common languages still in a development environment or the IDE.\n

\n\'',NULL,149171),('2_Friday','14','14:00','14:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Obsidian CTH Live: Killchain 1 Walkthrough\'','\' \'','BTV_241beb90ba0987e812e49078f9747c04','\'Title: Obsidian CTH Live: Killchain 1 Walkthrough
\nWhen: Friday, Aug 12, 14:00 - 14:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\n
\nDescription:
\nCome take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment?\n

Come take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment?\n

\n\'',NULL,149172),('2_Friday','11','11:00','12:30','N','BTV','Virtual - BlueTeam Village - Workshops','\'Practical Dark Web Hunting using Automated Scripts\'','\'Apurv Singh Gautam\'','BTV_056a8902d5d716cd8de887f1ba0925ee','\'Title: Practical Dark Web Hunting using Automated Scripts
\nWhen: Friday, Aug 12, 11:00 - 12:30 PDT
\nWhere: Virtual - BlueTeam Village - Workshops
\n
SpeakerBio:Apurv Singh Gautam\n
\nApurv Singh Gautam works as a Threat Researcher at Cyble. He commenced work in Threat Intel 3 years ago. He works on hunting threats from the surface and dark web by utilizing OSINT, SOCMINT, and HUMINT. He is passionate about giving back to the community and has already conducted several talks and seminars at conferences like SANS, Defcon, BSides, local security meetups, schools, and colleges. He loves volunteering with Station X to help students make their way in Cybersecurity. He looks forward to the end of the day to play and stream one of the AAA games Rainbow Six Siege.
\n\n
\nDescription:
\nThe workshop will start by taking everyone over why we should focus on the dark web for research and why it is important to collect data from the dark web. We will explore the importance of data collection with some examples. The second part of the workshop will cover some dark web OSINT tools that one can use to start with dark web data collection/hunting. Attendees will learn how these tools work and what different categories of these dark web OSINT tools one can utilize in their research. The third part of the workshop will cover tools and libraries to create your dark web hunting platform. We will explore writing code and automating dark web data collection. This part includes a live lab demo and code explanation. The workshop will end with a few tips on OpSec practices and resources to start with dark web hunting.\n

Takeaways from the workshop:\n

Understanding why darkerb research is important\n
Darkweb OSINT tools collection to start your research\n
Basic understanding of automated dark web data hunting\n
Python Codebase to start with your dark web data collection\n

How can you effectively hunt data from the dark web using scripts? How can you circumvent scraping defenses on the dark web? If you are curious about the answers to these questions and want to learn how to effectively write automated scripts for this task, then this workshop is for you. In this workshop, you will learn why collecting data from the dark web is essential, how you can create your tools & scripts, and automate your scripts for effective collection. The workshop\'s primary focus will be on circumventing defenses put by forums on the dark web against scraping.\n

\n\'',NULL,149173),('2_Friday','12','11:00','12:30','Y','BTV','Virtual - BlueTeam Village - Workshops','\'Practical Dark Web Hunting using Automated Scripts\'','\'Apurv Singh Gautam\'','BTV_056a8902d5d716cd8de887f1ba0925ee','\'\'',NULL,149174),('3_Saturday','10','10:30','11:30','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Obsidian Forensics: KillChain3 - Continued Adventures in Splunk and Security Onion\'','\'Wes Lambert,Omenscan,ExtremePaperClip\'','BTV_93e1d5e337893830ac667ab0b6886e70','\'Title: Obsidian Forensics: KillChain3 - Continued Adventures in Splunk and Security Onion
\nWhen: Saturday, Aug 13, 10:30 - 11:30 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\nSpeakers:Wes Lambert,Omenscan,ExtremePaperClip
\n
SpeakerBio:Wes Lambert\n
\nNo BIO available
\n
SpeakerBio:Omenscan\n
\nObsidian Forensics Lead
\n
SpeakerBio:ExtremePaperClip\n
\nDigital Forensics Nerd, Linux Geek, InfoSec Dork, Lifelong Student of Everything, Amateur History Buff... Loads of Fun.
\n\n
\nDescription:
\nA Live Forensics Walkthrough of Obsidian Kill Chain 3 (KC3) forensics analysis using Splunk and Security Onion\n

A Live Forensics Walkthrough of Obsidian Kill Chain 3 (KC3) forensics analysis using Splunk and Security Onion\n

\n\'',NULL,149175),('3_Saturday','11','10:30','11:30','Y','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Obsidian Forensics: KillChain3 - Continued Adventures in Splunk and Security Onion\'','\'Wes Lambert,Omenscan,ExtremePaperClip\'','BTV_93e1d5e337893830ac667ab0b6886e70','\'\'',NULL,149176),('3_Saturday','14','14:00','14:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Obsidian Live: May We Have the OODA Loops?\'','\'CountZ3r0,juju43\'','BTV_d2178a84c2a39351b114fb7994781b06','\'Title: Obsidian Live: May We Have the OODA Loops?
\nWhen: Saturday, Aug 13, 14:00 - 14:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\nSpeakers:CountZ3r0,juju43
\n
SpeakerBio:CountZ3r0\n
\nStuff goes here.
\n
SpeakerBio:juju43\n
\nNo BIO available
\n\n
\nDescription:
\nIncident Response Live Walkthough: This will go over how to use OODA to effectively investigate and respond to a real world incident. Come work through the demos alongside experts during this live walkthrough.\n

Incident Response Live Walkthough: This will go over how to use OODA to effectively investigate and respond to a real world incident. Come work through the demos alongside experts during this live walkthrough.\n

\n\'',NULL,149177),('3_Saturday','13','13:00','13:59','N','BTV','Virtual - BlueTeam Village - Talks','\'The DFIR Report Homecoming Parade Panel\'','\'Kostas,ICSNick - Nicklas Keijser,Ch33r10,nas_bench - Nasreddine Bencherchali,Justin Elze,Jamie Williams\'','BTV_481582a325899a4d6f62840405f2da38','\'Title: The DFIR Report Homecoming Parade Panel
\nWhen: Saturday, Aug 13, 13:00 - 13:59 PDT
\nWhere: Virtual - BlueTeam Village - Talks
\nSpeakers:Kostas,ICSNick - Nicklas Keijser,Ch33r10,nas_bench - Nasreddine Bencherchali,Justin Elze,Jamie Williams
\n
SpeakerBio:Kostas\n
\nKostas is a security researcher with many years of experience in the field. Coming from a technical background in incident response, he specializes in intrusion analysis and threat hunting.\n

Kostas devotes most of his spare time to supporting the information security community by producing free threat intelligence reports as part of the DFIRReport effort, of which he is a member.\n

\n
SpeakerBio:ICSNick - Nicklas Keijser\n
\nNicklas works as a Threat Research Analyst at the company Truesec, based in Stockholm/Sweden. Here he splits his time picking apart malware from threat actors and as a subject matter expert in Industrial Control System. Also a analyst contributor to The DFIR Report.
\n
SpeakerBio:Ch33r10\n
\nCybersecurity Analyst at a Fortune 500. DSc Cybersecurity, MBA IT Management, 8 x GIAC, and SANS Womenâ€™s Academy graduate.
\n
SpeakerBio:nas_bench - Nasreddine Bencherchali\n
\nAvid learner, passionate about all things detection, malware, DFIR, and threat hunting.
\n
SpeakerBio:Justin Elze\n
\nJustin is currently serving as CTO/Hacker at TrustedSec and possess a background in red teaming, pentesting, and offensive research.
\n
SpeakerBio:Jamie Williams\n
\nJamie is an adversary emulation engineer for The MITRE Corporation where he works with amazing people on various exciting efforts involving security operations and research, mostly focused on adversary emulation and behavior-based detections. He leads the development of MITRE ATT&CK® for Enterprise and has also led teams that help shape and deliver the â€œadversary-touchâ€ within MITRE Engenuity ATT&CK Evaluations as well as the Center for Threat-Informed Defense (CTID).
\nTwitter: @jamieantisocial
\n\n
\nDescription:
\nThe DFIR Report Homecoming Parade will not discuss normal (BAU) CTI actions, such as searching the logs for hits on the IOCs or entering the IOCs into a Threat Intelligence Platform (TIP) or other alerting platform. Instead, the participants will focus on pivoting, TTPs, and how they would take the contents in the various DFIR Reports to the NEXT LEVEL! When the Panelists respond to the DFIR Reports, they are operating under the assumption that they performed the preliminary analysis and deemed the threat report relevant to their environment. The purpose of this assumption is to decrease the amount of debate on whether or not something is relevant to get to the part of the analysis that involves extracting actionable takeaways.\n
\n

Follow along as we take the DEF CON Hacker Homecoming theme to the next level with a DFIR Report Homecoming Parade. The panel will provide additional context to various DFIR Reports released in the past year. Pick up some tips and tricks to up your game!\n

\n\'',NULL,149178),('2_Friday','16','16:45','16:59','N','BTV','Virtual - BlueTeam Village - Talks','\'YARA Rules to Rule them All\'','\'Saurabh Chaudhary\'','BTV_ad440b5f055a7eb4120b3cce24d60ad7','\'Title: YARA Rules to Rule them All
\nWhen: Friday, Aug 12, 16:45 - 16:59 PDT
\nWhere: Virtual - BlueTeam Village - Talks
\n
SpeakerBio:Saurabh Chaudhary\n
\nWith over 5 years of experience protecting Banks and the financial sector against cyber threats, Saurabh Chaudhary is a renowned Security Researcher and a prominent speaker and trainer. \nHe is a published researcher with multiple research papers on malware, ransomware, and cyber espionage and has experience and expertise in cyber threat intelligence, Malware, YARA rules, DFIR, etc.
\n\n
\nDescription:
\nWhenever we want to proactively hunt for malware of interest for threat intelligence purposes, YARA is the swiss-army knife that makes the work of malware researchers and threat intelligence Researchers easier.\n

We will talk about leveraging the YARA to detect the future version of the malware.\nMalware developers work just like legitimate software developers, aiming to reduce the time wasted on repetitive tasks wherever possible. That means they create and reuse code across their malware. This has a pay-off for malware hunters and threat intelligence researchers, we can learn how to create search rules to detect this kind of code reuse, Traditional Yara rules are written on strings, but if we implement code leveraging YARA code reuse rules in addition to the strings rule the rule will last decades. We can leverage that for finding future malware from the same authors using their digital code fingerprints.\n

Malware developers work just like legitimate software developers, aiming to reduce the time wasted on repetitive tasks wherever possible. That means they create and reuse code across their malware. This has a pay-off for malware hunters and threat intelligence researchers, we can learn how to create search rules to detect this kind of code reuse, Traditional Yara rules are written on strings, but if we implement code leveraging YARA code reuse rules in addition to the strings rule the rule will last decades.\n

\n\'',NULL,149179),('2_Friday','13','13:00','13:59','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian: IR - Mise En Place for Investigations\'','\'ChocolateCoat,aviditas,CountZ3r0\'','BTV_1346763505837331ec08201f901ae2b4','\'Title: Obsidian: IR - Mise En Place for Investigations
\nWhen: Friday, Aug 12, 13:00 - 13:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
\nSpeakers:ChocolateCoat,aviditas,CountZ3r0
\n
SpeakerBio:ChocolateCoat\n
\nNo BIO available
\n
SpeakerBio:aviditas\n
\nNo BIO available
\n
SpeakerBio:CountZ3r0\n
\nStuff goes here.
\n\n
\nDescription:
\nProject Obsidian Incident Response station will walk through how to capture the necessary information as you are actively working an incident without slowing down on tickets, notes, timeline recording, and status updates. Plus tips based on years of IR experience on what NOT to do; spend less time writing and more time doing. \nThis session is based on Kill Chain 1 data set and will show you how to prep and work an incident with a focus on communication and efficiency in all aspects.\n

If you don\'t document it, it didn\'t happen. A real world approach to IR communication.\n

\n\'',NULL,149180),('3_Saturday','11','11:30','12:30','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)','\'Obsidian CTI: Operationalizing Threat Intelligence\'','\'l00sid,Stephanie G.,ttheveii0x\'','BTV_07e60b15e11cd969b55ab36cb1c98f45','\'Title: Obsidian CTI: Operationalizing Threat Intelligence
\nWhen: Saturday, Aug 13, 11:30 - 12:30 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person) - Map
\nSpeakers:l00sid,Stephanie G.,ttheveii0x
\n
SpeakerBio:l00sid\n
\nl00sid just started a career as a blue teamer. He loves the kinds of puzzles he gets to solve in the process of stopping attackers.
\n
SpeakerBio:Stephanie G.\n
\nStephanie is a security software engineer in the product security space. She is a volunteer on BTV\'s CTI team for Project Obsidian at DEF CON 30.
\n
SpeakerBio:ttheveii0x\n
\nMentor, Hacker, Cyber Threat Intelligence, Reverse Engineering Malware, OSINT, 70757a7a6c6573, Blue Team Village Director, Consultant
\n\n
\nDescription:
\nThis module covers:\n

Direction & Planning: Establishing CTI goals and objectives \n
Collection: Objective is to review and operationalize a single CTI report\n
Analysis & Production: Elements to identify in a CTI report\n
Dissemination: Sharing takeaways from a CTI report with stakeholders\n
Feedback & Evaluation: Methods for receiving feedback

Objective: Demonstrate how a CTI report can be operationalized.\n

This module presents an overview of how threat intelligence gleaned from a single CTI report can be operationalized across an organization. We\'ll run through a report based on content from Project Obsidian\'s kill chain 3 and demonstrate how it can be operationalized by different teams (SOC, IR, forensics, security management, and executives.\n

\n\'',NULL,149181),('3_Saturday','12','11:30','12:30','Y','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)','\'Obsidian CTI: Operationalizing Threat Intelligence\'','\'l00sid,Stephanie G.,ttheveii0x\'','BTV_07e60b15e11cd969b55ab36cb1c98f45','\'\'',NULL,149182),('2_Friday','14','14:00','14:59','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)','\'Obsidian REM: Long Walks On The Beach: Analyzing Collected PowerShells\'','\'Alison N\'','BTV_a2d8803ccd10e0eb9d30b56088394298','\'Title: Obsidian REM: Long Walks On The Beach: Analyzing Collected PowerShells
\nWhen: Friday, Aug 12, 14:00 - 14:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person) - Map
\n
SpeakerBio:Alison N\n
\nNo BIO available
\n\n
\nDescription:
\nA quick introduction to malware analysis, Powershell script analysis, and how to not panic when VirusTotal shrugs.\n

So you just got a bunch of Powershell scripts dumped on you. What now?\n

\n\'',NULL,149183),('2_Friday','14','14:00','14:59','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian Forensics: The Importance of Sysmon for Investigations\'','\'ExtremePaperClip\'','BTV_521c9b419fd37fe770886d9a03ea6bb6','\'Title: Obsidian Forensics: The Importance of Sysmon for Investigations
\nWhen: Friday, Aug 12, 14:00 - 14:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
\n
SpeakerBio:ExtremePaperClip\n
\nDigital Forensics Nerd, Linux Geek, InfoSec Dork, Lifelong Student of Everything, Amateur History Buff... Loads of Fun.
\n\n
\nDescription:
\nVideo presentation outlining the benefits of Sysmon for investigations.\n

In this video we will discuss Sysmon -- what it is, how to get it, the configuration file, the events it logs, and why it\'s so valuable to forensic investigations.\n

\n\'',NULL,149184),('3_Saturday','11','11:30','12:30','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian Forensics: Kill Chain 3 Endpoint Forensics Walkthrough\'','\'Omenscan\'','BTV_ea87405fc49e09ec9973f226c6cad35b','\'Title: Obsidian Forensics: Kill Chain 3 Endpoint Forensics Walkthrough
\nWhen: Saturday, Aug 13, 11:30 - 12:30 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
\n
SpeakerBio:Omenscan\n
\nObsidian Forensics Lead
\n\n
\nDescription:
\nObsidian Forensics Station: In this pre-recorded presentation we will walk through the artifacts and analysis of the Obsidian Kill Chain 3 using forensics artifacts found on affected Endpoints.\n

Obsidian Forensics Station: Kill Chain 3 Endpoint Forensics Walkthrough\n

\n\'',NULL,149185),('3_Saturday','12','11:30','12:30','Y','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian Forensics: Kill Chain 3 Endpoint Forensics Walkthrough\'','\'Omenscan\'','BTV_ea87405fc49e09ec9973f226c6cad35b','\'\'',NULL,149186),('2_Friday','11','11:00','11:30','N','BTV','Virtual - BlueTeam Village - Talks','\'Attribution and Bias: My terrible mistakes in threat intelligence attribution\'','\'Seongsu Park\'','BTV_5378ab656e82089e63d00c07b0565e2c','\'Title: Attribution and Bias: My terrible mistakes in threat intelligence attribution
\nWhen: Friday, Aug 12, 11:00 - 11:30 PDT
\nWhere: Virtual - BlueTeam Village - Talks
\n
SpeakerBio:Seongsu Park\n
\nSeongsu Park is a passionate researcherÂ on malware researching, threat intelligence, and incident response with over a decade of experience in cybersecurity. He has extensive experience in malware researching, evolving attack vectors researching, and threat intelligence with a heavy focus on response to nation-state adversary attacks. He\'s mostly tracking high-skilled Korean-speaking threat actors. Now he is working in the Kaspersky Global Research and Analysis Team(GreAT) as a Lead security researcher and focuses on analyzing and tracking security threats in the APAC region.
\n\n
\nDescription:
\nOne of the most important aspects of threat intelligence is the attribution of threat actorsâ€”identifying the entity behind an attack, their motivations, or the ultimate sponsor of the attack. Attribution is one of the most complicated aspects of cybersecurity, and it is easy to make mistakes because the underlying architecture of the internet offers numerous ways for attackers to hide their tracks. Threat actors can use false flags to deceive the security community about their identity, and natural human bias can lead researchers in the wrong direction. In this presentation, I will discuss three of the biggest lessons Iâ€™ve learned with regards to attributionâ€”and how researchers can avoid making the same errors.\n \n

The first mistake is related to perception bias. The Olympic Destroyer was a cyber-sabotage attack that happened during the PyeongChang Winter Olympic in 2018. Many security vendors published information about the substance of the attack alongside unclear speculation about who was ultimately behind it. During the early stage of my Olympic Destroyer research, I strongly believed a North Korea-linked threat actor was behind the attack. Looking back, Iâ€™m overwhelmed by my confirmation bias at that time. The relationship between North Korea and South Korea was relatively stable during the Olympics, but North Korea sometimes attacked South Korea regardless. Therefore, I assumed the attack was associated with a North Korean threat actor that wanted to sow chaos during the Olympic season. However, my colleague discovered a fascinating rich header false flag designed to disguise the fact that this attack was carried out by an unrelated threat actor. Also, I confirmed that the threat actor behind this attack utilized a totally different modus operandi than the presumed North Korean threat actor after an in-depth, onsite investigation. I had allowed my perception bias to hinder my attribution efforts.\n

The second mistake occurred as a result of an over-reliance on third-party functions.\nResearchers are often inclined to rely on too many third-party tools, and occasionally this blind faith causes mistakes. One day, I discovered that one Korean-speaking threat actor utilized a 0-day exploit embedded in a Word document. Based on the metadata of the malicious document, I used Virustotal to find additional documents with similar metadata. All of them had the same language code page, which made me even more biased. From then, I started going in the wrong direction. I totally believed that those documents were created by the same threat actor. However, I later discovered that the documents were created by two different actors with very similar characteristics. Both of them are Korean-speaking actors, who, historically, attack the same target. Eventually, I uncovered the difference between the two and was able to reach the right conclusionâ€”but this required going beyond what my tools told me was the correct answer.\n

The last mistake occurred as a result of impatience. When I investigated one cryptocurrency exchange incident, I noticed that the cryptocurrency trading application was compromised and had been delivered with a malicious file. Without any doubt, I concluded that the supply chain of this company was compromised, and contacted them via email to notify them of this incident. But, as soon as I contacted them, their websites went offline and the application disappeared from the website. After a closer examination of their infrastructure, I recognized that everything was fake, including the company website, application, and 24/7 support team. Later, we named this attack Operation AppleJeus, which a US-CERT also mentioned when they indicted three North Korean hackers. In my haste to conclude my research, I failed to notice an operation aspect of the operation.\n

Threat Intelligence is a high-profile industry with numerous stories that have major geopolitical ramifications. Not only is attribution one of the hardest aspects of this fieldâ€”itâ€™s the one that carries the most significant consequences if not done correctly. Unfortunately, human intuition and bias interfere with proper attribution, leading to mistakes. By sharing my own struggles with attribution, it is my hope other researchers in the security community can carry out their own investigations with greater accuracy.\n

The threat intelligence industry suffers from the flow of inaccurate information. This symptom is because of irresponsible announcements and different perceptions of each vendor. In this presentation, I would like to share how we can quickly go to the wrong decisions and what attitude we need to prevent these failures.\n

\n\'',NULL,149187),('3_Saturday','15','15:00','15:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Challenges in Control Validation\'','\'Jake Williams,Kristen Cotten,AJ King\'','BTV_0bf259c0dd4d46a2f3b52f3215504b5d','\'Title: Challenges in Control Validation
\nWhen: Saturday, Aug 13, 15:00 - 15:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\nSpeakers:Jake Williams,Kristen Cotten,AJ King
\n
SpeakerBio:Jake Williams\n
\nJake Williams is the Executive Director of Cyber Threat Intelligence at SCYTHE. Williams is an IANS Faculty Member and also works as a SANS Analyst. He is a prolific speaker on topics in information security and has trained thousands of people on incident response, red team operations, reverse engineering, cyber threat intelligence, and other information security topics. Jake is the two time winner of the DC3 Digital Forensics Challenge, a recipient of the DoD Exceptional Civilian Service Award, and is one of only a handful of people to ever be certified as Master Network Exploitation Operator by the US Government.
\nTwitter: @MalwareJake
\n
SpeakerBio:Kristen Cotten\n
\nKristen is a Cyber Threat Intelligence Analyst at SCYTHE. Prior to joining the herd she worked for the United States Department of the Army in various roles ranging from network and system administration to vulnerability management and cyber compliance. She has a penchant for solving technical puzzles, leaping from perfectly good airplanes (or cliffs), and finding the best local hole-in-the-wall restaurants. If you want to talk about foreign travel, sports nutrition, or why Episodes 4-6 are the only Star Wars movies that matter, she\'s your girl!
\n
SpeakerBio:AJ King\n
\nNo BIO available
\n\n
\nDescription:
\nSample panel questions may include:
\nHow is control validation different from red teaming?\nIsnâ€™t control validation just purple teaming? (itâ€™s not)\nHow do you recommend my organization starts its first control validation exercise?\nWhatâ€™s you #1 recommendation for maturing a control validation program?\nWhat are methods for scaling control validation programs?\nHow much validation is too much? When is the cost no longer justified?\n
\n

Testing security controls is hard. Really hard. Every incident responder has lived with victims who are sure existing security controls should have prevented or detected the intrusion. While some organizations donâ€™t do any security control validation, those that do understand the challenges. While red team operations allow for point-in-time validation, how are organizations dealing with control validations during product updates or configuration changes? By and large the answer is â€œthey arenâ€™t.â€ On this panel, weâ€™ll discuss why control validation is difficult. Then weâ€™ll discuss recommendations for scaling control validation operations in practically any organization.\n

\n\'',NULL,149188),('2_Friday','11','11:30','12:30','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian: IR - It all starts here, scoping the incident\'','\'ChocolateCoat\'','BTV_ae9aaace41ab7aa6902b38c6d547c786','\'Title: Obsidian: IR - It all starts here, scoping the incident
\nWhen: Friday, Aug 12, 11:30 - 12:30 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
\n
SpeakerBio:ChocolateCoat\n
\nNo BIO available
\n\n
\nDescription:
\nScoping and Triage
\nYou can\'t analyze what you don\'t know, learn to prepare yourself for any investigation no matter the subject.\n

You can\'t analyze what you don\'t know, learn to prepare yourself for any investigation no matter the subject.\n

\n\'',NULL,149189),('2_Friday','12','11:30','12:30','Y','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian: IR - It all starts here, scoping the incident\'','\'ChocolateCoat\'','BTV_ae9aaace41ab7aa6902b38c6d547c786','\'\'',NULL,149190),('3_Saturday','12','12:15','12:45','N','BTV','Virtual - BlueTeam Village - Talks','\'Even my Dad is a Threat Modeler!\'','\'Sarthak Taneja\'','BTV_a3b4e56c2346ac07c51a45dd060d551a','\'Title: Even my Dad is a Threat Modeler!
\nWhen: Saturday, Aug 13, 12:15 - 12:45 PDT
\nWhere: Virtual - BlueTeam Village - Talks
\n
SpeakerBio:Sarthak Taneja\n
\nSarthak(S4T4N) is a Security Engineer passionate about everything InfoSec. He is always looking for new topics to learn. Suffering from Volunteeristis. You can always find him working with conferences behind the curtains. Right now, He is struggling to write 100 words about himself because he is habitual to writing 50 words bios.
\n\n
\nDescription:
\nDetailed Outline will be as follows:\n

What is Threat Modelling?\n
Why is Threat Modeling necessary?\n3.Common Threat Modelling Frameworks:\n
All the mentioned frameworks will be explained in detail with actionable scenarios and how to measure violations and propose mitigations\n
STRIDE\nPASTA\nVAST\nTRIKE\n
How to plan Threat Modelling?\n
What NOT to do when doing threat modelling?\n
How to handle the results of threat modelling to not make it overwhelming to different stakeholders?

For eg:
\nIn STRIDE, I\'ll give an overview and then walkthrough real life scenarios how \n

Explanantion of the framwork\n
Example:\n 2.1. Spoofing Identity refers to violation of authentication\n
Can be potrayed by misconfigured VPN configurations (in detail)\n 2.2 Tampering with data refers to Integrity\n
Having mutable logs and super admin having toxic right to change them (in detail)\n 2.3 Non Repudiation\n
Multiple users using same set of credentials causing non-repudiation and making logs useless because actions can\'t be backtracked to the user performing it (in details)\n etc\n

I will give examples from actual threat modellings I have done but remove all the organisation related information and make them generic, then what scenarios look like in organisations.\n

The talk will mainly focus on different frameworks of Threat Modelling and how threat modelling can be more efficient. Learning from the past experiences and common mistakes which organizations make while doing threat modelling.\n

\n\'',NULL,149191),('3_Saturday','14','14:00','14:59','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)','\'Obsidian Forensics: Using Chainsaw to Identify Malicious Activity\'','\'Danny D. Henderson Jr (B4nd1t0)\'','BTV_b5ff74ce68680c3b8b457f89579fb464','\'Title: Obsidian Forensics: Using Chainsaw to Identify Malicious Activity
\nWhen: Saturday, Aug 13, 14:00 - 14:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
\n
SpeakerBio:Danny D. Henderson Jr (B4nd1t0)\n
\nWith 14-years career in the U.S. public sector and 11 years with ICT, Danny now works at SecureWorks in Bucharest as an L3 SOC Analyst. His skillset includes digital forensics, threat intelligence, malware analysis, with small touch of Offensive Security. Outside of the Security field, Danny is working on a passion video game project as the Fearless Leader of the Sacred Star Team and is fond of fantasy tabletop games such as Dungeons and Dragons (D&D).
\n\n
\nDescription:
\nThis talk is a small in-depth look of using Chainsaw for investigations using the Obsidian project as the example. \n

The intent is to go over the following:\n- Default display to console
\n- Creating a CSV for slicing and to put into a spreadsheet\n- SIGMA rules and how Chinsaw applies those rules\n

When time is of essence in IR, having a tool to quickly collect data from Windows Event Logs is the way to go. We\'ll LET IT RIP with Chainsaw, hosted by B4nd1t0 as part of Project Obsidian.\n

\n\'',NULL,149192),('3_Saturday','14','14:00','14:59','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)','\'Obsidian CTH: The Logs are Gone?\'','\'ExtremePaperClip\'','BTV_06da860b1c2d7fb029e1f6d57b4a53b5','\'Title: Obsidian CTH: The Logs are Gone?
\nWhen: Saturday, Aug 13, 14:00 - 14:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person) - Map
\n
SpeakerBio:ExtremePaperClip\n
\nDigital Forensics Nerd, Linux Geek, InfoSec Dork, Lifelong Student of Everything, Amateur History Buff... Loads of Fun.
\n\n
\nDescription:
\nWhat happens when an attacker clears the logs in an effort to hide their tracks? Here we will dive into that question, build a Threat Hunting hypothesis, develop some ways to detect this activity, and document the process.\n

What happens when an attacker clears the logs in an effort to hide their tracks? Here we will dive into that question, build a Threat Hunting hypothesis, develop some ways to detect this activity, and document the process.\n

\n\'',NULL,149193),('2_Friday','16','16:00','16:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Take Your Security Skills From Good to Better to Best!\'','\'Tanisha O\'Donoghue,Kimberly Mentzell,Neumann Lim (scsideath),Tracy Z. Maleeff,Ricky Banda\'','BTV_502dd12a0940af1de164372ffe13051b','\'Title: Take Your Security Skills From Good to Better to Best!
\nWhen: Friday, Aug 12, 16:00 - 16:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\nSpeakers:Tanisha O\'Donoghue,Kimberly Mentzell,Neumann Lim (scsideath),Tracy Z. Maleeff,Ricky Banda
\n
SpeakerBio:Tanisha O\'Donoghue\n
\nOver the last 6 years Tanisha Oâ€™Donoghue has been on an upward climb in the Cyber Security Space. The Guyanese native presently resides in the in Washington, DC area. Her current role as an Information Security Risk and Compliance Specialist at Tyler Technologies. As a member of the Information Security Compliance team, she assists with policy management, audits and risk management. Her recent focus has been governance, risk and compliance. Tanisha received her start in cyber with an internship at Symantec in partnership with a nonprofit called Year Up. Year Up\'s mission is to close the Opportunity Divide by ensuring that young adults gain the skills, experiences, and support that will empower them to reach their potential through careers and higher education. Tanishaâ€™s career experience has included incident response/ recovery efforts, vulnerability management, risk management and compliance. She is the Director of Policy and Procedures at BlackGirlsHack, a nonprofit organization that provides resources, training, mentoring, and opportunities to black women to increase representation and diversity in the cyber security field. Her commitment is to work with individuals and organizations to increase the diversity, inclusion and opportunities so they can make an influential impact on the world. She mentors with passion, guiding her mentees to enhance and elevate their vision for their lives.
\n
SpeakerBio:Kimberly Mentzell\n
\nNo BIO available
\n
SpeakerBio:Neumann Lim (scsideath)\n
\nNeumann Lim is a manager at Deloitte where he leads the cyber detection and incident response teams. Prior to this role, Neumann spent years working with large enterprises and governments specializing in incident response.\n

With 15 years of infosec experience, he enjoys analyzing malware, reverse-engineering and vulnerability research. Neumann has been invited to share his thought leadership at conferences such as Grayhat Conf, Toronto CISO Summit and CCTX.\n

In his off time, Neumann participates in CTFs and mentors new students interested in infosec while maintaining active membership of various security organizations such as DefCon, HTCIA, ISC2 and EC-Council.\n

\n
SpeakerBio:Tracy Z. Maleeff\n
\nTracy Z. Maleeff, aka @InfoSecSherpa, is a Security Researcher with the Krebs Stamos Group. She previously held the roles of Information Security Analyst at The New York Times Company and a Cyber Analyst for GlaxoSmithKline. Prior to joining the Information Security field, Tracy worked as a librarian in academic, corporate, and law firm libraries. She holds a Master of Library and Information Science degree from the University of Pittsburgh in addition to undergraduate degrees from both Temple University (magna cum laude) and the Pennsylvania State University. While a member of the Special Libraries Association, Tracy received the Dow Jones Innovate Award, the Wolters Kluwer Law & Business Innovations in Law Librarianship award and was named a Fellow. Tracy has been featured in the Tribe of Hackers: Cybersecurity Advice and Tribe of Hackers: Leadership books. She also received the Women in Security Leadership Award from the Information Systems Security Association. Tracy publishes a daily Information Security & Privacy newsletter and maintains an Open-Source Intelligence research blog at infosecsherpa.medium.com. She is a native of the Philadelphia area.
\nTwitter: @InfoSecSherpa
\n
SpeakerBio:Ricky Banda\n
\nRicky Banda is a 28 year old SOC Incident Response Manager for ARM Semiconductors Ltd. He began his career at 16 as an intern with the United States Air Force working in the 33d Network Warfare Squadron at Lackland Airforce Base. He has worked in security operations for 12 years. In education, he is a SANS Graduate student and has 18 certifications, as well as a bachelor\'s in cybersecurity. His primary focus in SecOps is to reduce SOC burnout and support security operations workers. When not working, he supports metal musicians and is an avid horror fan.
\n\n
\nDescription:
\nWhy dwell in the lobby of the Security field when you could be enjoying the view from the penthouse? Get insight from our esteemed panel on how to stay up to date on hacker news, increase your technical skills, and be aware of opportunities for professional development. Our panel will also discuss the importance of sending that elevator back down to help others so that our entire industry can grow and thrive, just like you will. Open up your ears and your mind and enjoy the gems that will be dropped.\n
\n

Why dwell in the lobby of the Security field when you could be enjoying the view from the penthouse? Get insight from our esteemed panel on how to stay up to date on hacker news, increase your technical skills, and be aware of opportunities for professional development. Our panel will also discuss the importance of sending that elevator back down to help others so that our entire industry can grow and thrive, just like you will. Open up your ears and your mind and enjoy the gems that will be dropped.\n

\n\'',NULL,149194),('4_Sunday','12','12:00','12:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Project Obsidian: Panel Discussion\'','\' \'','BTV_2346af8162f345298ca33a40e458df8f','\'Title: Project Obsidian: Panel Discussion
\nWhen: Sunday, Aug 14, 12:00 - 12:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\n
\nDescription:
\n

How was Project Obsidian put together\n
Involved a global village\n
Opportunities for mentoring \n
Look behind the scenes of a CTF\n
and more\n

\nBlue Team Villageâ€™s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n
\n

Project Obsidian crew members talk about how they put it all together.\n

\n\'',NULL,149195),('3_Saturday','13','13:00','13:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Obsidian CTH Live: Killchain 3 Walkthrough\'','\' \'','BTV_c68c9f68d3a000bc00461054452aaa7f','\'Title: Obsidian CTH Live: Killchain 3 Walkthrough
\nWhen: Saturday, Aug 13, 13:00 - 13:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\n
\nDescription:
\nObsidian CTH Live: Killchain 3 Walkthrough\n

Obsidian CTH Live: Killchain 3 Walkthrough\n

\n\'',NULL,149196),('2_Friday','15','15:30','16:30','N','BTV','Virtual - BlueTeam Village - Talks','\'Malware Hunting - Discovering techniques in PDF malicious\'','\'Filipi Pires\'','BTV_2c87d144396e26c76b404092b252f691','\'Title: Malware Hunting - Discovering techniques in PDF malicious
\nWhen: Friday, Aug 12, 15:30 - 16:30 PDT
\nWhere: Virtual - BlueTeam Village - Talks
\n
SpeakerBio:Filipi Pires\n
\nIâ€™ve been working as Security Researcher at Saporo, Cybersecurity Advocate at senhasegura, Snyk Ambassador, Application Security Specialist, Hacking is NOT a crime Advocate and RedTeam Village Contributor. Iâ€™m part of the Coordinator team from DCG5511(DEFCON Group São Paulo-Brazil), International Speakers in Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, etc, Iâ€™ve been served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I\'m Creator and Instructor of the Course Malware Attack Types with Kill Chain Methodology (PentestMagazine) and Malware Analysis-Fundamentals(HackerSec).
\n\n
\nDescription:
\nWe\'ll walk through the structures of a PDF, analyzing each part of it, demonstrating how Threat Actors work in the inclusion of malicious components in the structures of the file, in addition to demonstrating the collection of IOC(Indicators of Attack)s and how to build IOA(Indicators of Attack) for analysis by behavior, to anticipate new attacks. Demonstrating structures in the binaries as a PDF(header/ body/cross-reference table/trailer) and performing a comparison of malicious PDFs, explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-disassembly techniques, demonstrating as a is the action of these malwareâ€™s and where it would be possible to â€œincludeâ€ a malicious code.\n
\n

Demonstrate different kind of structures in the binaries as a PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more\n

\n\'',NULL,149197),('2_Friday','16','15:30','16:30','Y','BTV','Virtual - BlueTeam Village - Talks','\'Malware Hunting - Discovering techniques in PDF malicious\'','\'Filipi Pires\'','BTV_2c87d144396e26c76b404092b252f691','\'\'',NULL,149198),('2_Friday','13','13:00','13:59','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)','\'Obsidian CTH: Hunting for Adversary\'s Schedule\'','\'Cyb3rHawk\'','BTV_cd67e9753d468abef5155695db4f0153','\'Title: Obsidian CTH: Hunting for Adversary\'s Schedule
\nWhen: Friday, Aug 12, 13:00 - 13:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person) - Map
\n
SpeakerBio:Cyb3rHawk\n
\nNo BIO available
\n\n
\nDescription:
\nOnce an adversary gained a foothold, they typically would like to keep their access. Here, I\'m using the term \"\"access\"\" loosely where it could be many things like C2 beacon, script, binary, security source providers, shortcuts, and so on. This is called Persistence and in MITRE speak \"\"TA0003\"\" [3]. We take a look at one such persistence method, Scheduled Task. Scheduled tasks are one of the most commonly used persistence techniques in adversary intrusions and for a good reason. It provides flexibility to be created on local and remote machines and provides several ways to be created (from GUI to Net32API), along with the ability to combine/achieve tactics like Execution and Privilege Escalation. We start with the basics of scheduled tasks, and why and when an adversary would like to use them. Then we jump into the hell of threat hunting to see some ways to create a hypothesis and investigate the result set. In the end, we take a stab at detection engineering concepts surrounding the creation/revision of detections/analytics from queries/results we got from hunting this technique.\n

Once an adversary gained a foothold, they typically would like to keep their access and establish persistence. Scheduled tasks are one of the most commonly used persistence techniques in adversary intrusions and for a good reason. In this session we take a look at Scheduled Tasks. We start with the basics, and then learn how to create a hypothesis to conduct a threat hunt. In the end, we\'ll take a stab at detection engineering concepts surrounding the creation/revision of detections/analytics from telemetry we obtain from hunting this technique.\n

Project Obsidian is an immersive, defensive cybersecurity learning experience.\n

\n\'',NULL,149199),('3_Saturday','10','10:30','11:30','N','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)','\'Obsidian CTH: Sniffing Compromise: Hunting for Bloodhound\'','\'CerealKiller\'','BTV_34f2657a2a380f03b1176564db6493ae','\'Title: Obsidian CTH: Sniffing Compromise: Hunting for Bloodhound
\nWhen: Saturday, Aug 13, 10:30 - 11:30 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person) - Map
\n
SpeakerBio:CerealKiller\n
\nNo BIO available
\n\n
\nDescription:
\nJoin us on a journey as we chase BloodHound through a compromised environment via host and network telemetry. We will dive quickly into detections to become better prepared for next time.\n

Join us on a journey as we chase BloodHound through a compromised environment via host and network telemetry. We will dive quickly into detections to become better prepared for next time.\n

\n\'',NULL,149200),('3_Saturday','11','10:30','11:30','Y','BTV','Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)','\'Obsidian CTH: Sniffing Compromise: Hunting for Bloodhound\'','\'CerealKiller\'','BTV_34f2657a2a380f03b1176564db6493ae','\'\'',NULL,149201),('4_Sunday','11','11:00','11:59','N','BTV','Flamingo - Savoy Ballroom - BTV Main Stage (In-person)','\'Backdoors & Breaches, Back to the Stone Age!\'','\' \'','BTV_6345950348d24f9b4a1c42c21e5bb86d','\'Title: Backdoors & Breaches, Back to the Stone Age!
\nWhen: Sunday, Aug 14, 11:00 - 11:59 PDT
\nWhere: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
\n
\nDescription:
\nDon\'t flake early! There will be several rounds of well-punned games all localized to Project Obsidian\'s killchain data and the tools utilized. Learn how the fates will treat you with an incident on the line. Backdoors & Breaches is an Incident Response Card Game from Black Hills Information Security and Active Countermeasures. The game contains 52 unique cards to conduct incident response tabletop exercises and learn attack tactics, tools, and methods. \n

https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/\n

A crowd interactive, igneous take on the BHIS IR card game.\n

\n\'',NULL,149202),('3_Saturday','09','09:00','17:59','N','SOC','Caesars Forum - Forum 120-123, 129, 137 (Chillout)','\'Chillout Lounge (with entertainment)\'','\'djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe\'','SOC_0bbba7544fceb776b26e70a2d99b2a5e','\'Title: Chillout Lounge (with entertainment)
\nWhen: Saturday, Aug 13, 09:00 - 17:59 PDT
\nWhere: Caesars Forum - Forum 120-123, 129, 137 (Chillout) - Map
\nSpeakers:djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
\n
SpeakerBio:djdead\n
\nNo BIO available
\n
SpeakerBio:Kampf\n
\nNo BIO available
\n
SpeakerBio:Merin MC\n
\nNo BIO available
\n
SpeakerBio:Pie & Darren\n
\nNo BIO available
\n
SpeakerBio:Rusty\n
\nNo BIO available
\n
SpeakerBio:s1gnsofl1fe\n
\nNo BIO available
\n\n
\nDescription:
\nThe chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \n