A variety of aviation infrastructure has been compromised by hackers. Immerse yourself into challenges where you are tasked as an aviation cyber defense participant to identify attacks/attackers, stop attacks, and restore normal operations. As a participant your first step is to register ahead and read the rules at: https://aisac.cyberskyline.com/events/aisac-defcon and bring your own laptop to the venue. You can participate in the virtual challenges from Friday, but the more critical in-person challenges are only available at certain times during Village open hours!

In this activity, participants will see an API Security presentation with examples and engage in a trivia game centered around the topic.

Learn about the wide range of API vulnerabilities with real-world examples of data breaches and what it means to secure APIs through tests. And then it’s trivia time!

Participants will have to answer 10-15 questions on API Security based on their learnings. You will get swags for each answer you get right!

Ankush is the co-founder & CTO at Akto (https://www.akto.io). Prior to starting Akto he worked at CleverTap as VP of Engineering. He has also worked for 5 years as a Quant at Morgan Stanley. He has acquired US patents at Microsoft at CleverTap.

Join us for an exhilarating container security CTF where you can go head-to-head with your peers. In this session, we will explore the world of container security, including image analysis, enumeration, and the most up-to-date container escape techniques. Put your skills to the test and compete for the top spot! Participants will gain valuable knowledge in container security and have the chance to win some exciting prizes. Don’t miss out on this thrilling opportunity to showcase your expertise!

Join us for a revealing exploration of open-source trust and its vulnerabilities. In this captivating activity, we will delve into the fascinating world of developer credibility and the unsettling phenomenon of faking GitHub contributions. With open source becoming an integral part of software development, we find ourselves relying on strangers to provide us with code. Trust is often based on factors like the number of stars on a package or the credibility of the package’s maintainer on GitHub. However, what if I told you that all of this could be convincingly spoofed?

Tal brings over 7 years of experience to her role as a supply chain security research team lead within Checkmarx Supply Chain Security group. She is in charge of detecting tracking and stopping Opensource attacks.

Ori Ron, an experienced Application Security Researcher at Checkmarx, joined the company in 2016. With over eight years of expertise in the field, Ori specializes in identifying and mitigating security vulnerabilities in software systems. His research spans the application security aspects of many programming languages, technologies, and environments.

“Vulnerability” is part of my daily vocabulary at Checkmarx, and I never get sick of it. I dub myself a ‘self-certified idiot’ because I love learning and hatching ideas. So much, that I’ve made brainstorming a hobby and kickstarted a team initiative to keep us on the pulse of InfoSec. As a result, we have learned about CVSSv4 before it was cool.

Well, CVSSv4 isn’t cool yet since it’s yet to be fully adopted, but in the meantime, I’ve researched and come up with this talk. I wasn’t given the opportunity to win a ‘Best Speaker’ award yet. However, I published a few blog posts for Checkmarx and am brewing many other initiatives. I’m also currently studying to pass the CEH certification. Contributing to the AppSec Village at RSAC in San Francisco last year. Check.

Beyond the keyboard, you catch me reading, writing, or practicing martial arts. As in cybersecurity, I seek constant learning.

Find the reachable one! You’ve got 18×18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go! You’ll have 5 minutes to place the cards in the correct order and find the true positive(s). The winner? Whoever finds the solution in the shortest amount of time!

Before you can deal with secrets sprawl, you first need to understand how deep the issue of plaintext secrets can be. Improperly stored and shared secrets are a problem beyond just the top layer of code you put in production. It affects feature branches, old commits, logs, and communication and collaboration tools.

In this exercise, you will be challenged to find all the secrets and then use a special tool to quickly validate the secrets and your work. Walk away from this exercise ready to apply the lessons learned to make your organization safer in no time.

Dwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.

It’s in the Cards! Pick 5 cards with random levels of difficulty. Answer questions ranging from true/false to multiple choice to spot the vulnerable code. Test your knowledge on risky deployment scenarios, rack up the points, and get to the top of the leaderboard to win!

Join us into this collaborative game of OWASP Cornucopia! Over the course of two hours we will create a Threat Model of an example target infrastructure using the OWASP Cornucopia game! Winner keeps the deck!

Andra is a Principal Application Security Specialist at Sage, with over seven years of experience in the field of application security. She is responsible for implementing DevSecOps practices, conducting security assessments, and developing secure coding guidelines for software engineering and AI/ML teams. She holds multiple certifications, including AWS Certified Cloud Practitioner and Attacking and Securing APIs. She has a strong background in software development and project management, as well as a master’s degree in information and computer sciences. She has been co-leading the OWASP London Chapter since 2019, where she organises and delivers events and workshops on various security topics. She is passionate about educating and empowering developers and stakeholders to build and deliver secure software and best practices in a fast-paced, results-driven environment.

Join us into this collaborative game of OWASP Cornucopia! Over the course of two hours we will create a Threat Model of an example target infrastructure using the OWASP Cornucopia game! Winner keeps the deck!

Konstantinos is the Advisory Services Director at Census Labs S.A. Prior to that, he worked for OTE S.A. (member of Deutsche Telekom Group) where he was responsible for the cyber security solutions offered to corporate customers. In the past he has led cyber security consulting teams in other private sector organizations. He has more than 20 years of experience in the field of cyber security both as a corporate consultant and as a researcher. During that time, he participated in numerous cyber security projects in public and private sector organizations, in Greece, Europe, and the Middle East. He has been an OWASP volunteer since 2004, leading the Greek chapter and contributing to several projects. He holds a PhD and BSc from the Department of Informatics and Telecommunications at the University of Athens, Greece, as well as a MSc in Information Security with distinction from Royal Holloway, University of London. For more than 10 years he served as an Adjunct Lecturer at the Hellenic American University, as well as the University of Athens and University of Piraeus, teaching Information Security to postgraduate and undergraduate students.

Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?

“Vulnerability” is part of my daily vocabulary at Checkmarx, and I never get sick of it. I dub myself a ‘self-certified idiot’ because I love learning and hatching ideas. So much, that I’ve made brainstorming a hobby and kickstarted a team initiative to keep us on the pulse of InfoSec. As a result, we have learned about CVSSv4 before it was cool.

Well, CVSSv4 isn’t cool yet since it’s yet to be fully adopted, but in the meantime, I’ve researched and come up with this talk. I wasn’t given the opportunity to win a ‘Best Speaker’ award yet. However, I published a few blog posts for Checkmarx and am brewing many other initiatives. I’m also currently studying to pass the CEH certification. Contributing to the AppSec Village at RSAC in San Francisco last year. Check.

Beyond the keyboard, you catch me reading, writing, or practicing martial arts. As in cybersecurity, I seek constant learning.

Join us at the AI Village for interactive demonstrations at the intersection of AI and security. Attempt to hijack and manipulate autonomous robots using large language models and generative AI. Fool your friends by creating deep fakes with a state-of-the-art setup from Bishop Fox, complete with DSLR camera, green screen, and props. Finally, put your social engineering awareness to the test with DARPA’s deep fake analysis system, designed to identify and attribute manipulated and synthetic media. Don’t miss this opportunity to engage with adversarial AI technologies and learn about their implications on the future, at DEF CON 32!

ARINC 664 is an extension to IP networking that adds deterministic QoS for Aircraft Systems over Ethernet. Sit down and learn about how the extensions to 802.3 is used on aircraft, how that flight critical data is transferred in a timely matter, and how to manipulate the data on these networks. This progressive difficulty CTF provides a fun and informative way of approaching ARINC 664 networking.

This is an AMA/Podcast that will be recorded on-site.

Electronic Frontier Foundation (EFF) is excited to be back at DEF CON. Our expert panelists will offer brief updates on EFF’s work defending your digital rights, before opening the floor for attendees to ask their questions. This dynamic conversation centers challenges DEF CON attendees actually face, and is an opportunity to connect on common causes.

The Device Lab is highly-collaborative environment where security researchers test medical instruments, applications, and devices in real-time from participating Medical Device Manufacturers. Any potential issues are reported directly to the manufacturer, and coordinated vulnerability disclosures are produced.

As part of their product security programs, their proactive initiatives to test their products, and to enhance the cybersecurity of their medical technologies, select medical device makers are teaming up with the Biohacking Village.

These manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed. Security researchers must sign the Hippocratic Oath for Hackers and agree to the framework of boundaries and rules of engagement during and post conference engagement.

We have 10 manufacturers with 21 devices. You can find more information about the devices and each manufacturer’s Vulnerability Disclosure Policy here.

This is a placeholder for BTV’s closing ceremonies!

This is a placeholder for BTV’s closing ceremonies! This is a placeholder for BTV’s closing ceremonies! This is a placeholder for BTV’s closing ceremonies! This is a placeholder for BTV’s closing ceremonies! This is a placeholder for BTV’s closing ceremonies! This is a placeholder for BTV’s closing ceremonies!

Book Signing Schedule

Friday, August 9 11:30 a.m. Tim Arnold, Black Hat Python, 2nd Edition 12:00 p.m. Jack Rhysider from Darknet Diaries 12:30 p.m. James Forshaw, Windows Security Internals 1:30 p.m. Nick Aleks, Black Hat Bash [DEF CON edition] and Black Hat GraphQL 2:30 p.m. Jim O’Gorman and Daniel Graham, Metasploit, 2nd Edition [DEF CON edition] 3:30 p.m. Corey Ball, Hacking APIs 4:30 p.m. Elonka Dunin and Klaus Schmeh, Codebreaking

Saturday, August 10 10:30 a.m. Travis Goodspeed, Microcontroller Exploitsand PoC||GTFO, Volumes 1, 2, and 3 12:30 p.m. Micah Lee, Hacks, Leaks, and Revelations 1:30 p.m. Jon DiMaggio, The Art of Cyberwarfare 2:30 p.m. Matt Burrough and Jos Weyers, Locksport 3:30 p.m. Chris Eagle and Kara Nance, The Ghidra Book 4:30 p.m. Alex Matrosov, Rootkits and Bootkits

Sunday, August 11 11:30 a.m. Beau Woods, Fotios Chantzis, and Paulino Calderon, Practical IoT Hacking

Bricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation.

Breaking into the capture the flag (CTF) world can be daunting and many people are overwhelmed when faced with participation in these events and challenges. With how beneficial the various challenges can be to both beginners and seasoned professionals, we want to demystify this world and help people get the most out of them. This is a full hands-on course on how to do CTFs, tools and more. Bring your laptops!

Join Capitol Technology University for a night of fun, drinks, and networking amongst like-minded peers! Capitol Tech’s industry-expert leadership will be discussing exciting career paths in cybersecurity, as well as the future of cyber higher education.

CHV 101

This booth will have several reverse engineer demonstrations and an automotive threat intelligence review.

• Reverse Engineering Demonstration(s)
• Live vehicle communications via remote controls
• EV-based Hardware-in-the-Loop (HIL) demonstrations
• Automotive Threat Intelligence
• How to gather threat intelligence related to the automotive industry
• What the current threat landscape looks like today

CHV CTF

There will be 10-15 automotive security CTF challenges this year ranging from reverse engineering, telemetry, grand theft auto, crypto, vehicle networks, and exploitation.

1st place prize is a car!

CHV Kids

A fun scavenger hunt designed for DCNextGen kids to participate in and learn about the Car Hacking Village.

There will be swag items handed out to the kids as they move through the scavenger hunt.

CHV Mechanics

There will be 1 Semi-Truck and 2 Electric Vehicles on site for people to plug into.

DEFCON attendees must follow the rules for each of the vehicles. There will be large ORANGE signs with the rules detailed on them.

Come make a call in front of our soundproof booth. We provide everything, the target company, their phone number, and three objectives to gather (easy, medium, and hard). First come, first serve. 

The AMSAT Ground Control and CubeSat simulator emulates how satellite communications are used. Ground control communicates via UHF to the cubesat.

At 6am on Friday, the @cycle_override crew will be hosting the 13th DEF CON Bikeride. We’ll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It’s about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See you at 6am Friday! @jp_bourget @gdead @heidishmoo.

Collect the clues, solve the puzzles, show off your aerospace knowledge and technical skills to win a limited edition PCB badge.

A quieter space for those who want to discuss what they are reading, recommend books, and trade books too. We will have a logo themed sticker.

We will be handing out the CTF Prizes and awards. Must be present to win!

About Us

The Data Duplication Village has all the updated bits and bytes available from infocon.org packed up into nice, neat packages. If you’re looking for a copy of all the things, we’ve got what you need to fill up all your storage including a few nice hash tables and all of the DefCon talks. Add to that just about every other security con talk known to hacker-kind! Our village provides a “free-to-you” service of direct access to terabytes of useful data to help build those hacking skills and talk with other storage enthusiasts.

Check the schedule and/or dcddv.org for the most up-to-date information.

How It Works

The DDV provides a core set of drive duplicators and data content options. We accept 8TB and larger drives on a first come, first served basis and duplicate ’till we can no longer see straight. Bring in your blank SATA3 drives – check them in early – to get the data you want. Come back in about 24 hours to pick up your data-packed drive. Space allowing, we’ll accept drives all the way through until Saturday morning – but remember, it’s FIFO – get those drives in early!

What You Get

We’re working on more content right up until the last minute so keep checking on dcddv.org for the latest. This year, we’re adding new data to duplicate! Humans will be able to choose from the following data sources for duplication:

• A) Infocon.org Archive – 6TB archive of all the past hacking convention videos that DT could find, built on last years collection and always adding more for your data consuming appetite.
• B) Rainbow tables 1 of 3 – 6TB from freerainbowtables.com, the Lanman, MSQLSHA1, and NTLM hash tables plus freerainbowtables.com tools
• C) Rainbow tables 2 of 3 – 6TB from freerainbowtables.com, the A5/1 GSM, and MD5 tables plus freerainbowtables.com tools
• D) Vx Underground Archive – 8TB archive of the latest papers, samples, and code from Vx Underground
• E) Rainbow tables 3 of 3 – 8TB of New NTLM-9 hash tables and a copy of the Infocon.org mirrors

About Us

The Data Duplication Village has all the updated bits and bytes available from infocon.org packed up into nice, neat packages. If you’re looking for a copy of all the things, we’ve got what you need to fill up all your storage including a few nice hash tables and all of the DefCon talks. Add to that just about every other security con talk known to hacker-kind! Our village provides a “free-to-you” service of direct access to terabytes of useful data to help build those hacking skills and talk with other storage enthusiasts.

Check the schedule and/or dcddv.org for the most up-to-date information.

How It Works

The DDV provides a core set of drive duplicators and data content options. We accept 8TB and larger drives on a first come, first served basis and duplicate ’till we can no longer see straight. Bring in your blank SATA3 drives – check them in early – to get the data you want. Come back in about 24 hours to pick up your data-packed drive. Space allowing, we’ll accept drives all the way through until Saturday morning – but remember, it’s FIFO – get those drives in early!

What You Get

We’re working on more content right up until the last minute so keep checking on dcddv.org for the latest. This year, we’re adding new data to duplicate! Humans will be able to choose from the following data sources for duplication:

• A) Infocon.org Archive – 6TB archive of all the past hacking convention videos that DT could find, built on last years collection and always adding more for your data consuming appetite.
• B) Rainbow tables 1 of 3 – 6TB from freerainbowtables.com, the Lanman, MSQLSHA1, and NTLM hash tables plus freerainbowtables.com tools
• C) Rainbow tables 2 of 3 – 6TB from freerainbowtables.com, the A5/1 GSM, and MD5 tables plus freerainbowtables.com tools
• D) Vx Underground Archive – 8TB archive of the latest papers, samples, and code from Vx Underground
• E) Rainbow tables 3 of 3 – 8TB of New NTLM-9 hash tables and a copy of the Infocon.org mirrors

Do you have questions about what DEF CON Groups are? Do you need help finding a group near you? Feel free to come ask. Or, just come up and hang out.

Thursday, Friday, Saturday and Sunday: 05:00 to 08:00, with random pop up meetings throughout the day in the con space.

Defcon.run is an evolution of the now long running DEF CON 4x5K running event. Due to stupendous growth, we’ve been forced to change up the format. This year’s activity will look to match up folks for fun runs, and rucks (!), in small distributed groups around Las Vegas. It’s the same old event but at a distributed scale!

Show up in the morning, go for a run with folks, have a good time!

We’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances. Full Information at https://defcon.run

You are a new to the Airport IT staff at the IG International Airport Network Operations Center, working your first holiday travel weekend. It has been a busy day managing the network with the control tower reporting several small glitches.

No alerts have been raised in the network, and the glitches appeared to have been easily handled. While taking your last break of the day, you decide to take a short walk around the concourse to watch the sun set. Suddenly, your cell phone rings and the voice on the other end is a panicked Control Tower Operator. A short time earlier, the tower had observed the runway lights turn off, come back on, and are now randomly blinking. They also mentioned the Operator HMI (Human Machine Interface) controlling the Runway Lighting system is non-responsive and they are locked out of the Maintenance HMI to reboot the system. Time is critical – without the lights, the planes circling the airport cannot land. With limited fuel stores, the planes are unable to divert to another airport. You sit down at your terminal to pull up the maintenance manual and troubleshoot the problem only to discover you are locked out of your account. You are suddenly relieved that management would not let you deploy security updates to the network because they feared service interruptions may occur. Once you regain access to the system and have all the reference material available, you bring up the control logic for the runway lighting system on one screen and the HMIs on another and quickly realize this is not a normal system failure. An unknown hacker or hacker group has ceased and taken control of the system. They have manipulated the PLC’s (Programmable Logic Controller) and impacted the HMIs. Time is of the essence to restore operation to the Runway Lighting control system before the planes run out of fuel.

Can you spot suspicious items in packages? Try out your skills.

Have you ever wanted to break out of handcuffs, pick open a closed bag and shoot your buddy in the chest with a nerf gun? So have we, that’s why TOOOL presents the Dozer Drill. A fast paced skill based game where you have to free yourself from handcuffs, open a closed bag, and retrieve the nerf gun to be the first to hit the target. Join us on Friday for qualifiers, through the con for unofficial games, and on Saturday for an official bracket tournament.

Put your drone hacking skills to the test in our Drone CTF. This advanced challenge requires participants to take over a drone mid-flight and develop a payload to hack a DJI drone. This CTF is perfect for those who have some experience in drone hacking or have participated in our Drone Hacking Workshop. It’s a great opportunity to showcase your technical prowess and win some cool prizes.

Experience the thrill of flying a drone in our custom-built cage right on the showroom floor. This activity is designed for everyone to enjoy, from kids to adults. Fly mini drones around the cage and see how well you can control these agile little machines. It’s a fun, interactive way to learn the basics of drone piloting in a safe environment.

Join our Drone Hacking Activity and get hands-on experience with hacking into drone microcontrollers. This three-step in-depth activity is designed to teach you about the vulnerabilities and security of autonomous systems. Using sample drones, participants will learn techniques used in government pen tests. This workshop is suitable for all skill levels, from beginners to advanced hackers. Come and test your skills in a real-world scenario and understand the intricacies of drone security.

Dive into our interactive choose-your-own-adventure web interface and learn how to hack a drone in a fun, storyboard-based game. This graphical user interface simulates the process we use when hacking drones for the Air Force, allowing participants to make decisions and see the outcomes. It’s a beginner-friendly activity that anyone can enjoy, offering insight into the steps involved in drone penetration testing.

We will have several dumb terminals available for all sorts of things courtesy of SCAVHUNT!

EFF’s team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Trophy and EFF swag pack. The second and third place teams will also win great EFF gear.

Keyboard Corner hosts typing challenges that test the speed and accuracy of attendees’ typing skills on various keyboards. Participants can compete for high scores and bragging rights in a friendly and competitive setting. This activity adds an element of fun and excitement to the conference while highlighting the importance of efficient typing in cybersecurity.

In this interactive exercise, you’ll learn how to talk to chips on a board via SPI, extract a firmware image, and analyze it to find vulnerabilities. Take your hardware hacking skills to the next level

AppSec Village is proud to present our DEF CON Contest in partnership with SecDim.

Unlike a typical CTF, this contest rewards the players who fix security vulnerabilities. You can choose between secure coding challenges or competing against other players in an Attack & Defence AppSec challenge, where you need to secure your app before being given a chance to hack other players’ apps 😈.

You can also develop your own AppSec challenge by following challenge contribution guidelines. All approved challenges will be hosted during AppSec Village @ DEF CON.

There are two categories of winners: – The player with the highest total points by the end of the event (August 11 at 12:00 PM PDT) – The best-contributed challenge submission

The Award Ceremony will be held at 12:45 PM PDT in the AppSec Village on August 11.

Harley Wilson is a software engineer (intern) at SecDim, a secure coding wargame platform. With a background as a Police Officer for nine years, Harley is now channelling his expertise into the field of software development. He is pursuing a Bachelor of Computing (Software Engineering) at Curtin University, with an anticipated graduation in 2024.

Make a friendship bracelet with an exclusive WISP charm.

Welcome to the inaugural GameHacking.GG @ DEF CON 32, where gaming and cybersecurity intersect in exciting and interactive ways. Our mission is to delve into various aspects of game security, fostering an environment of exploration, play, and learning. The DEFCON32 event is constructed to make game security accessible and playable at all skill levels.

At the Game Hacking DEF CON 32 event, participants can engage in activities ranging from modding games to exploring the intricacies of memory hacking and multiplayer cheats. In future iterations of the event we hope to expand to learning about game malware and maybe even some hardware hacks. Whether you’re a beginner or an experienced hacker, we will have presentations and activities to challenge your skills.

Be part of the evolution of game security. Dive into our activities, engage with other game hackers, and explore opportunities to contribute to and support the Game Hacking Community. Let’s play, learn, exploit, and perhaps even profit.

With Google Cast Miracast or AirPlay smart TVs now have plenty of ways to get your favorite content on screen. But while the latest show is playing there is a complex system running underneath that is ripe for hacking. Bitdefender invites you to solve a few challenges that will get you diving into the inner workings of a smart TV.

(NOTE: This is an overflow class only if the first session is full)

Learn how to hack the DCNextGen Badge and take it to another level!

Learn how to hack the DCNextGen Badge and take it to another level!

Want to know what happened to the Hack-A-Sat digital twins? We’re bringing back our satellites and ground stations so you can see what it was like to be a team operating during finals!

Establish uplink using a ground station. Send commands to the satellite, observe effects and telemetry. 3D Cesium visualization of satellite in orbit and ground station locations. Grafana dashboards for sim data, etc. OpenC3 satellite operator interface for C2

Enjoy some space math nostalgia with challenges from the past four years of Hack-A-Sat quals! Challenges require skills in astrodynamics, satellite operations, digital signal processing, reverse engineering, exploitation, and more! If you missed the last Hack-A-Sat qualifiers or just want to try again, now is your chance!

10 challenges are available with a mix of difficulty. These will be available throughout all of DEF CON so work on them anywhere (even your hotel room). No team required and no scoreboard…so no pressure!

Challenge developers will be available for hints/clues on the conference floor but may not be able to help with every challenge.

Ham radio is the original group of electronic hackers, starting long before computers, circuit chips, or even transistors. Continuing this pioneer spirit, The Ham Radio Village is offering free ham radio exams again at DEF CON! All are welcome to come and take the exam and get their amateur radio license upon passing. All three levels (technician, general, and amateur extra) of exams will be offered during DEF CON at the Ham Radio Village. Examinees are encouraged to study the question pool and take practice exams on ham.study.

Everything we do today involves wireless communications of some sort, and a basic knowledge of how radio works is crucial. Getting your amateur radio license and entering the world of amateur radio will better equip you with knowledge about what goes on in the radio frequency domain, and this can be applied to other RF topics (like RFID credentials, WiFi, or anything else that communicated wirelessly)

Rapid7 is back with more hands-on hardware hacking exercises. This year we will be guiding attendees through several exercises gaining root access for control and extraction of firmware and file system data. From TFTP kernel images over the network to single user mode access via modification of U-Boot. These exercises will guide you through the process of importing a kernel image over the network and executing it in memory for root access, along with understanding embedded device flash memory layout and how to transfer firmware images over the network for offline testing.  Also, we will walk through placing the IoT device in single user mode for root access and then rebuild the structure and needed drivers to bring the IoT embedded system out of single user mode for full access.

Ever see someone walking around DEF CON and wonder “what is up with the hard hats?”

The Hard Hat Brigade brings hackers together in the spirit of endless curiosity and tinkering. We use a common platform (hats) to combine art (bling) and hacker functionality (warez) to inspire others to explore outside of their comfort zones in a safe and welcoming community.

We encourage everyone to explore their creativity using art, electronics, mechanical design, or any other medium that piques their interest. Hats are inexpensive, widely available, and easy to modify to suit your needs. We started with hard hats but are not limited to any type of hat, so you have the freedom to choose whatever hat suits your fancy.

Despite everyone using a common platform, every creation is unique and embodies the personality of the creator. Walking around DEF CON, you can display your creation for all to see, and many will stop to ask you about what you have created. This allows you to talk about your experience, as well as inspire others to explore new ideas of their own.

One of the challenges at hacker summer camp has been finding people to connect with. By leveraging hard hats as a canvas, HHB has solved this challenge with something that is incredibly accessible while also offering a ton of variety. Gazing upon these creations, they reflect back the uniqueness of all the awesome hackers that we’ve been able to meet. In years past, we’ve had the opportunity to see how so many talented and creative hackers tackle the challenge of using the venerable hard hat as their muse. Just as fun, charming and skilled as so many attendees are, the hard hat has been a great vessel to carry their awesome projects.

Stop by our community space and make your trip memorable by trying on a hat, learning and sharing building techniques, networking with other hat loving hackers, and expressing yourself in your own hacker way. Keep on hacking!

Join us for our annual group photo and voting session for the “People’s Choice Award”. Even though we don’t have a contest, as a community we can still choose a favorite hat. We have to take the picture at 12:05 sharp so be there!

How to get started, two steps

Download the GE Appliances SmartHQ App “SmartHQ” available on the Google Play and iOS Stores to your mobile phone
Create your GE Appliances Account to commission the appliance, connecting the appliance to your account. The app will walk you through this step.

Router Name SSID: HackAway Router Name Password: With GEA

In-Scope: Only communications between the appliance, GE Appliances SmartHQ App, and the cloud connection for the appliance

Please leave your contact information and we will be in touch! Or you may visit our security webpage by typing “GEAppliances.com/security” into your Internet browser. We have a call center and PSIRT team ready to hear your questions!

Chillout to etherial / downtempo tunes and hang with your community

DEF CON has made HDA a community, and we now have a community room! This room will be dedicated to the attendees with ADA needs, their friends, helpers, and anyone who wants to hang out and be social! So far we plan on providing charging stations, chill out sessions, an open call for a modular synth jam session, and more to come! Let’s all work together to make DEFCON Awesomely Accessible!

(Please note that on Thursday, we will be open only to provide assistance to those in need. Regular community programming will begin on Friday.)

Hang out, chill out deck out your mobility device and more!

Bring your instruments, synths, and self for an open jam session

To celebrate DEF CON 32, the Hardware Hacking Village (HHV) is hosting a Rube Goldberg Machine (RGM) Event! This idea has been kicking around the HHV volunteer circle in one shape or another since at least DEF CON 20, so it’s about time that it happened! The goal is to create a series of devices that combine to form an end-to-end Rube Goldberg machine for transmitting messages. The hope is that all sorts of creative devices will be connected up to each other to move bits through various complicated and fun analog/digital methods. Ideas have ranged from simply wiring RX to TX — to using radios to bounce the message off the moon!

Our human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.

Basics

Who needs a badge?

A badge is required for each human age 8 and older.

Human?

You are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don’t know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.

Lines? Linecon?

Linecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)

Online badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.

Please help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.

Ways to buy a badge

• $480 online purchase until August 1, 2024. Tickets are transferable. Please read the details on the linked page.
• $460 cash purchase on-site.
• As part of a BlackHat registration.

Online Purchase

You will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash — it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site — they will not be mailed or shipped.

We can scan the QR code either from your phone’s display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.

If you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.

Online purchases are provided a receipt via email when the purchase is made.

Online purchase — often referred to as pre-registration — does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.

Cash Purchase

Badges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.

There are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.

We are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.

Via BlackHat

If you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.

BlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.

Misc

Want to buy multiple badges? No problem! We’re happy to sell you however many badges you want to pay for.

If you lose your badge, there is unfortunately no way for us to replace it. You’ll have to buy a replacement at full price. Please don’t lose your badge. 🙁

If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.

Still need help?

If you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.

Idaho National Laboratory in collaboration with the Cybersecurity & Infrastructure Security Agency (CISA) will showcase the critical importance of safeguarding Industrial Control Systems (ICS) against cyber threats. Through a mixed reality game, the interactive VR experience illustrates the impacts of a cybersecurity attack on infrastructure, and highlights the intricate engineering processes that power our communities. By emphasizing the interdependencies within our Nation’s infrastructure, the VR challenges underscore the necessity of robust cybersecurity measures to ensure the reliability and security of essential services. Come restore power back to our city, virtually! (NOTE: this gamified interactive VR experience not technical in nature, and does not require cybersecurity or infrastructure knowledge to participate

There are a few things that we would like everyone to be aware of, leading up to DEF CON 32.

Sticker Policy

We have a beautiful culture of #stickerlife at DEF CON, and we hope that it can continue well into the future. Refer to the conference schedule for “sticker swaps”. We’re also putting up multiple sticker walls this year — it was a hit last year, and we hope that having a couple of them will be even more awesome this year.

The LVCVA (Las Vegas Convention and Visitors Authority, owners of the LVCC) has a zero-tolerance policy with regard to adhering anything at all to their property, including stickers. Please DFIU. If you are caught adhering anything to LVCC property, you will likely be trespassed from the property by Las Vegas Police. Beyond stickers, you may also not use tape, sticky putty, tacks, or even non-stick clings.

Admission inspections and searches

The LVCC will not be searching or scanning people or bags entering the facility.

Money

As always, human badges (that were not pre-purchased) are exclusively sold using cash (US currency). Merch is the same. No credit cards, debit cards, mobile payments, cryptocurrency, or any means other than USD cash will be accepted at either human registration or DEF CON Merch. We recommend bringing cash with you: there are only two ATMs inside the LVCC.

Food and beverage operations inside the LVCC, including the food court and bars, only accept cards and mobile payments. You cannot use cash to purchase food or beverage inside the LVCC.

Vendors are permitted to conduct transactions via whatever means they choose. We do not have a list of which vendors are accepting cash vs card.

Water

The LVCC has many modern water-bottle filling stations, so free water will be readily available for those who bring their own reusable water bottles.

DCTV

DCTV will exclusively be streaming online this year, and will not be available on any hotel TV channels.

Outside food and beverage

LVCC prohibits attendees from bringing outside food and beverage into the convention center, except in cases of medical or dietary necessity.

Photography policy

Public photography is allowed*. It’s okay to take photos of your friends if they’re cool with it. We’ve setup several “selfie spots” that are amazing art pieces created specifically for the yearly theme where you can take cool photos.

We want you to take consenting photos of each other and we want others to see the wide range of attendees we have at DEF CON having a good time. What we don’t want to see are group shots taken without consent/warning, images taken by the press, video of people standing in lines, etc.

Official Press & DEF CON Policy Village rules may differ, please refer to them. At DEF CON you may see our official photography goons capturing the uniqueness that is to be expected at DEF CON; they adhere to our photo policy.

Groups & individuals participating in public on stage (events, contests, or activities) are allowed* to be photographed.

Photography in the CTF room is NOT permitted without consent of the individuals to be photographed.

Crowd shots are VERY discouraged, if so desired you must alert the crowd to give them time to opt out. For example: ” Hey, I’m taking a photo, if you don’t want to be in it hide your face” .

Taking photos of people in hallways, lines, hanging out, at random, is not allowed without consent. Respect the rights of the individual not to be photographed. Deletion of photos can be requested by staff.

When taking pictures of your friends please use “portrait mode” because this will blur the picture background, respecting the privacy of those inadvertently captured.

NOTE: It is permissible to record violations of the DEF CON CoC to share with our safety team (link) to help us investigate and take action.

• We reserve the right to revoke an individual’s permission to photograph, at any time, on a case by case basis. Failure to comply can result in revocation of admission without refund.

Learn the trade secrets of elite embedded security researchers and exploit developers. This hands-on workshop equips you with the QEMU and GDB skills needed to emulate and debug embedded system processes.

Friday, August 9th / Saturday, August 10th

10:00 am - QEMU Primer
11:00 am - QEMU Emulation
2:00 pm - Debugging with QEMU and GDB
3:00 pm - Q&A for Workshops

This is an AMA/Podcast that will be recorded on-site.

This is an AMA/Podcast that will be recorded on-site.

This is an AMA/Podcast that will be recorded on-site.

This is an AMA/Podcast that will be recorded on-site.

This is an AMA/Podcast that will be recorded on-site.

This is an AMA/Podcast that will be recorded on-site.

(NOTE: This is an overflow class only if the first session is full)

Learn how to program the DCNextGen Badge

Learn how to program the DCNextGen Badge

The IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.

Let’s Boop the ISS! Join the Lonely Hackers Club for an extraordinary experience where we’ll use our ham radios to attempt communication with astronauts aboard the International Space Station! We have tracked the orbital passes of the space station and calculated our best chance.

Defeat the Keysight CTF challenge for a chance to win a Riscuberry IoT hacking training kit with Riscure Academy online training. See one of the Keysight staff for details. LIGHT THE BEACONS and show us the flag!

This is your last chance to pickup your drives whether they’re finished or not. Get here between 10:00am and 11:00am on Sunday as any drives left behind are considered donations.

Lonely Hackers Club is conducting some meshtastic activities during DEF CON 32.

The Lonely Hackers Club is hosting a CTF over Meshtastic. To participate you will need a Meshtastic node. There will be additional flags located in or near the LHC room. For more information check out our Meshtastic page.

Getting Started

Learn more here.

Default LongFast Mesh + LHC Channel, Use before DEF CON

Tap here to reconfigure your device

DEFCONnect ShortFast Mesh + LHC Channel, Use during DEF CON

Tap here to reconfigure your device

The Unofficial Sticker Swap is a casual and engaging activity where attendees can trade and collect unique stickers. This event fosters a sense of community and allows participants to showcase their creativity and personal style.

Linecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)

Online badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.

Please help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.

Please also review the “Human Registration Open” event, and familiarize yourself with the important notes therein.

Join Drew Green, John Rodriguez, and Ken Pyle for a deep dive into identifying vulnerabilities in network devices. Explore and exploit weaknesses in a wireless mesh network and learn how advanced threats view your infrastructure.

Want to tinker with locks and tools the likes of which you’ve only seen in movies featuring secret agents, daring heists, or covert entry teams?

Then come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.

The Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.

Experts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.

A popular spot for new lock pickers! Highly recommended you stop by. The Lockpick Village is always kid friendly and welcomes folks of all ages. We do require that the parents stay with the kids.

If you find something that seems to have been lost, please take that item to the nearest NFO Node. The item will enter the DEF CON Lost & Found system.

If you’ve lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in room LVCC – L2 – W238. You may also call Lost & Found at +1 (725) 377-5045.

The Lost & Found department plans to be open Thursday – Saturday, during all hours that the conference operates. On Sunday, the Lost & Found department will open with the venue at 08:00, but will close at the beginning of DEF CON 32 Closing Ceremonies (15:00). Shortly thereafter, all remaining lost items will be transferred to the LVCC West Lobby Security Office. If you need to reach LVCC’s West Lobby Security Office, you may call +1 (702) 943-3532.

All merch sales are USD CASH ONLY. No cards will be accepted.

The published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)

Note that the closing hours here are when sales must have ended. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can’t predict the length of the line or when doors will be closed.

Name the Noob is a fun and interactive session where seasoned hackers create unique handles for new attendees. This activity helps newbies integrate into the hacking community and gives them a memorable start to their cybersecurity journey.

Open Events – All Days

AIxCC – Artificial Intelligence Cyber Challenge

Experience a dynamic model city with illuminated buildings and projections that bring to life the Semifinals of the AI Cyber Challenge (AIxCC) – a two-year competition to safeguard the software critical to modern life. You’ll experience the thrill of the game events and the critical stakes of cybersecurity in an immersive setting that also offers an inspiring educational journey.

Social Engineering Village – SE Youth Challenge

The Social Engineering Community needs your help and it’s not exactly a big deal, but without your help, the entire universe is going to implode. Fortunately, some creative beings designed a failsafe just for this specific purpose, the Def Con Social Engineering Youth Challenge at DEF CON 32!

Adversary Village – Table top adventure

Tabletop adversary adventure!

Biohacking Village – Learn about bio-technology and biohacking!

Hands on medical device hacking and village tour

Ham Radio Vilage – Find the Fox, Decode a SSTV broadcast, get your Ham Radio License!

Fox Hunt!: Try to find the fox radio transmitter. SSTV: Send an SSTV broadcast and see it decoded by someone else Ham Radio Exam: Get your ham radio license at DEF CON!

Crypto Privacy Village – Gold Bug Puzzle

An invitation to a house party at the home of the Mysterious Marquise. What does it mean that it’s for those with “an adventurous spirit and enjoyment of puzzles”? And how can the doorknocker reveal anything? Find out in the Junior Cryptographer’s Corner of the CPV Gold Bug Puzzle.

Data Duplication Village – Multiple: HDD Teardown, Decryption Challenge, Error detection and correction

• HDD Teardown: Take apart and see how hard drives work.
• Decryption Challenge: Learn how file encryption / decryption works and solve a challenge.
• Error Detection and Correction: Use a simple binary code system, errors are introduced in the data string. Teaching basic parity checking or checksum algorithms to identify and correct the errors, demonstrating a fundamental data integrity concept.

Hardware Hacking Village – Open Soldering lessons

The folks at the Hardware Hacking Village can teach you soldering! Bring your soldering kits and learn this valuable hacker and life skill.

Friday, Saturday 13:00 – 16:00

Car Hacking Village Scavenger Hunt

The Car Hacking Village (CHV) put together a wonderland of fun for kids of all ages to explore. Stop by at our CHV Kids Booth during our hours of operation and dive into the rabbit hole of car hacking with our team. As you explore the CHV Village, you will not only learn about car hacking, but will also get to collect fun swag at every stop. Join us on this adventure through the car hacking wonderland and let your scavenger hunt begin.

Looking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Inspector, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet

The perfect introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.

This year we have more challenges and more prizes!

Join us Women in Security and Privacy to mingle and network with privacy and security professionals. You can also bring some swag, pins, or stickers to exchange as part of the networking activities.

Intuit R3DC0N’s Phisherman’s Wharf will lead beginners looking to learn how phishing campaigns are managed. This short introductory lab will give you hands on experience creating a phish test campaign from a cached email and web site using GoPhish, leverage email lists, and observe the responses when the victims interact with the phish emails in MailHog.

Accompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. Embrace the excitement. Join us at the Lab and let the hacking games begin!

The Physical Security Village explores the world of hardware bypasses and techniques generally outside of the realm of cyber-security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself.

We’ll be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, attacking alarm systems at the sensor and communication line, and cut-away and display models of common hardware to show how it works on the inside.

Looking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!

Play VR the gear comes out for a casual, hands on demo area to explore the metaverse in VR with games & expoloration in Meta Quest VR and Meta Raybans MR

Role play what would happen (or not happen) should a plane be maliciously targeted, or (like most) try and land a A320.

Join us for our first Bloch Party and find out anything you have wanted to know about Quantum Tech & Hacking and why it’s a Bloch Party, not Block Party. At the same time join us for another round of our Oxford Union-style fun debates @ DEF CON!

In addition to the CTF and talks which are elsewhere on the schedule, the RF Village is also a place to hang out and chat with like minded folks who share your interests.

Join the Recon Village GEOSINT Challenge, where your geospatial intelligence skills will be put to the ultimate test. Navigate through complex scenarios, uncover hidden clues, and outsmart your competition. Sharpen your analytical prowess and prove your mastery in this thrilling contest of wits and strategy.

Resume Reviews offer attendees the opportunity to have their resumes critiqued by industry professionals. This activity provides personalized feedback and tips on how to improve resumes to stand out in the cybersecurity job market. It’s a great way for participants to enhance their professional profiles and increase their chances of landing their desired roles.

Although not scheduled we intend to have people in and out who can do repairs/soldering on older equipment should anything need it. If you have trouble with your vintage tech during con, we will do our best to help!

If you have never participated in a Robo Sumo event before, welcome to the crowd! There are a number of resources online on this topic. We are lucky enough to have Pololu as a local resource. Their office is a short distance from the strip. They have have robots and parts to make robots. They can ship to your hotel if desired. Put something together and bring it down to show off and shove other bots around.

Please follow the “more info” link if you would like to know more.

Hack a (not-so) smart safe and win prizes from TCM Security! Attendees will be guided through a hands-on lab that demonstrates common tools and techniques to unpack and analyze firmware, hunt for files of interest, and reverse engineer binaries and libraries. In addition, you will learn how to trace functionality in IoT devices to their underlying binaries and libraries and further reverse engineer these to hunt for common vulnerabilities. By using these techniques, you will be able to find the vulnerable section of code in the smart safe and craft an exploit that will allow you to access the safe and win the loot inside.

Join us at the lock pick village tables after Jared’s talk on safe manipulation for some hands on practice!

Jared is a long time lock sport enthusiast and an instructor at a locksmithing school on safe manipulation and lockpicking. He has been opening locks and breaking security for roughly 15 years. His other hobbies include rock climbing and 3D printing.

Want to learn how to stop hackers in their tracks? Come to the Secure From Scratch coding workshop. Learn what you need to know to write secure code from the very first line of code. It’s surprisingly easy! Plus, you’ll get to try your hand at hacking, discovering how attackers think so you can build defences against them. (Some coding knowledge in Python is recommended. You should know loops, if statements, arrays, and functions.)

Time to mingle! Discover who can tell the best dad jokes. We’re taking a quick break – be back soon!

Come take a picture with a CubeSat. And while you’re there, learn a few things about it.

The S.O.D.A. Machine Experience:

Imagine being at DEF CON, eager to dive into some serious hacking without being tethered to your laptop. The Shell On Demand Appliance is here to enhance your experience by providing access to anonymous virtual machine using cold hard cash.

What is the Shell On Demand Appliance?

The S.O.D.A. machine is now located in the contest area at the DEF CON Scavenger Hunt booth, offering virtual machines accessible via the DEF CON network. A blend of hardware, software, art, and hacking, using recycled materials to create a sustainable tech experience. The built-in datacenter connects directly to the DEF CON network. Insert cash or coins into the machine to get started, the system deploys the VM to the network, and a receipt with your login credentials is printed. Users receive login credentials to access their virtual machine via remote shell. You can change the password, install tools and applications, and customize the VM to suit your needs. The updated system now provides secure access from anywhere in the world through a web browser or standard SSH client. Be sure to check out the BBS too!

Supporting the Cause:

All proceeds from the S.O.D.A. Machine benefit the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization dedicated to advancing research and education in computer science, technology, and engineering. Contributions are welcome at https://www.paypal.com/paypalme/NUCC.

Bring a retro artifact of your own for people to have fun with and demonstrate! (Note: Any artifact brought in for Show & Tell must also be taken back home with you, and although we will try our best to keep your artifact safe and operational, we suggest that you don’t bring anything irreplaceable or that has sentimental value, as things could get destroyed or go missing.)

BadVR Data Exploration through VR visualization. See RF signals, cellular signals and step into the data with a hands-on VR experience

Experts have long agreed that secure internet voting in public elections is not feasible with today’s technology, nor with any technologies of the foreseeable future. The challenges are numerous, including many fundamental threats such as vulnerability to malicious clients, authentication attacks, privacy attacks, network and Internet infrastructure attacks, server penetration attacks, and various kinds of denial of service attacks. Internet voting systems also suffer from a lack of any meaningful end-to-end auditability. In this hacking challenge, we will set aside these broader concerns to focus on a specific proposed internet voting system called SIV (Secure Internet Voting) intended for real public elections in the United States. They are conducting a mock online election this week with the specific goal of challenging anyone to break their system.

Small scale LAN party – Use one of our Windows 98 laptops or BYOB and hook it up! Seating will likely be limited depending on interest.

Come check out the Social Engineering Community Village!

The Space Grand Challenge (SGC) Program is a free virtual game-based cybersecurity/space competition CTF for middle and high school students built by Cal Poly students—Learn by Doing in action. The game is built on the UNITY gaming engine.

Launch into the thrilling world of cybersecurity, specifically designed for space systems! Learn the fundamentals to safeguard ground stations, communication links, and spacecrafts.

Engage in an immersive and fun CTF scenario. Apply your cybersecurity skills in real-time and see the direct impact of your decisions on our Space Systems Demonstrator. In this high-stakes scenario, you’ll align with the Aurora Alliance in their critical mission to thwart Count Viktor Thunderclaw and the notorious Nebula Syndicate. The Syndicate threatens to destroy historic monuments around the world with their Space Laser unless their demands are met. Do you have what it takes to dismantle their malevolent plans?

Our beginner-level CTF kicks off as soon as the village opens—no pre-registration necessary. Just bring your laptop to access the CTF platform and your favorite packet decoding software (i.e. Wireshark). Expect the CTF to take you less than 1 hour to complete. Team collaboration is encouraged, and if you encounter obstacles, numerous hints are available to guide you. Excel in the challenge, and you could walk away with a CT Cubed SAO, an exclusive prize while supplies last.

Use spacestudio software to work through multiple challenges and scenarios. For instance:

Challenge 1: Analysis of the performance of the next GEN of satellites to size the ground segment.

Challenge 2: Assessment of propulsion system capabilities for initial orbit raising

Challenges for spacetower flight dynamic software will also be available.

“Tamper-evident” refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. Tamper-evident technologies are often confused with “tamper resistant” or “tamper proof” technologies which attempt to prevent tampering in the first place. Referred to individually as “seals,” many tamper technologies are easy to destroy, but a destroyed (or missing) seal would provide evidence of tampering! The goal of the TEV is to teach attendees how these technologies work and how many can be tampered with without leaving evidence.

The Tamper-Evident Village includes the following contests and events:

• The Box; an electronic tamper challenge. An extremely realistic explosive with traps, alarms, and a timer ticking down. One mistake and BOOM, you’re dead. Make every second count! Sign ups on-site when the TEV begins.
• Tamper-Evident King of the Hill; a full-featured tamper challenge. Tamper single items at your leisure and attempt to beat the current best. There can be only ONE! No sign ups required, play on-site when the TEV begins.
• Badge Counterfeiting Contest; submit your best forgery of a DEF CON human badge. Other target badges are also available for those looking for more counterfeit fun!
• For your viewing pleasure, collections of high-security tamper-evident seals from around the world.
• Presentations & demonstrations on various aspects of tamper-evident seals and methods to defeat them.
• Hands-on fun with adhesive seals, mechanical seals, envelopes, and evidence bags.

Telecom Village is excited to announce “Telecom Tinkerer,” Capture The Flag (CTF) event. Participants, known as Tinkerers, will simulate actions against various elements of a dummy target organization. Telecom Tinkerer will feature real-world simulation scenarios and challenges, allowing Tinkerers to simulate attacks and explore new attack vectors, tactics, techniques, and procedures (TTPs). The event will include combined exercises with different levels of threat/emulation and purple teaming, promoting a collaborative learning environment for both offensive and defensive strategies.

Wednesday August 7th Registration usually opens at 11am

OFFSITE: Pro Gun Vegas Address: 12801 US 95 South Boulder City, NV 89005

Unleash your creativity at the Tool Makers Hackathon, where innovation meets functionality. Collaborate with fellow hackers to design and build groundbreaking tools that push the boundaries of cybersecurity. Whether you’re a seasoned pro or a budding developer, this is your chance to showcase your skills, learn from the best, and create something truly unique.

The humans of Vegas invite you to our unofficial welcome party. Whether it’s your 1st or 18th time, we’re still in the EXACT SAME PLACE. Join us off-Strip in the shade for a volunteer-run grill and chill.

We stock the larder with the basics: burgers, dogs, meatless delights, and all the fixin’s. You procure your favorite food, drinks, and sides to keep the party going. Volunteer for setup, grill-up, or clean-up. Most of all, show up and become a part of what makes Toxic BBQ the best place to start your con.

Check out https://www.toxicbbq.org for more news, and watch #ToxicBBQ for the latest info.

Off-site at Sunset Park, Foxtail Pavilion

This is when you can go visit our awesome vendors.

We don’t know which they will be accepting cash vs cards. That’s up to each organization, and we do not have a list.

We also don’t know if/when vendors will sell out of anything they may be selling.

Pick up your DCNextGen badge and other swag. We will also have an overview of DCNextGen activities and adventures!

Chill out space to relax with us in a safe place. Grab a non-alcoholic drink, unleash your creativity and unwind with our art therapy, and connect with women and underrepresented communities working in security and privacy.

Gather with members of the Women in Security and Privacy community for a group picture.