Contests List

DEF CON Contests

DEF CON Contests Forum page

Redefining Boundaries, Enhancing Connectivity, Innovating Control—Aperture Inc. is dedicated to pushing the limits of innovation and is fully committed to providing a more secure environment to maintain our promise to our “customers.”

At the core of it all lies the ?Cube—a labyrinth of security, deception, and ever-evolving complexity. Our engineers have reinforced its defenses, rewritten its digital DNA, and expanded its capabilities in ways that should concern you. Buried within its depths are secrets—secrets that could unravel everything. Infiltrate, decode, and dismantle. But beware: the ?Cube—and those also working towards the same ultimate goal— don’t take kindly to outsiders.

For those who know—welcome back. You already understand what’s at stake. For those who don’t… well, let’s just say we hope you are quick learners…

You’re about to embark on an adventure—one that demands nothing less than absolute technical precision across the precarious domains of physical security, web exploitation, cryptography, and other puzzles designed to unravel your sanity.

Assemble your team. Choose your specialists wisely. Then step into the ever-tightening web technologies that define the ?Cube. Escape is optional. Success? Highly unlikely.

The first team to breach the center earns the title—simple, right? Of course, if the Cube remains unsolved (again), the team that clawed their way the furthest will be honored for their valiant struggle. And make no mistake—a struggle is guaranteed. Every step forward will demand effort more and more. Mistakes could be costly.

But don’t worry… the Cube is very patient. It can wait. Can you? Will others?

#### Participant Prerequisites

DEI or DIE. Diverse talents across multiple domains of knowledge are highly recommended. Some tools such as lockpicks, Chromebooks, and other RFID tools may be available for various challenges, but it is recommended teams come prepared.

#### Pre-Qualification

The contest will not require qualifiers for the first full day. Point requirements will be required to continue interacting with the ?Cube as the contest progresses.

Welcome to $$$$$<CAPTURETHE_COIN>_$$$$$! We’re bringing real-world payment hacking straight to DEF CON. This contest merges hardware hacking, cryptanalysis, mobile app forensics, physical security, and offensive security into one glorious, chaotic CTF. No system is sacred! If it moves, stores or processes money, it’s fair game.

From magstripes to mobile wallets, POS systems to online banking, ATMs to NFC payments, if it touches money, we’re messing with it. Your mission: reverse, break, manipulate, and exploit—all in the name of exploration!

Expect challenges where you’ll clone, decrypt, spoof, MITM, inject, and maybe even get a card to spill its deepest, darkest secrets. Want to mess with a banking app? We got you. Think your RFID cloning skills are solid? Prove it. Ever wondered if you can bypass chip-and-PIN protections? Let’s find out!

So, whether you’re an RFID wizard, EMV cryptography nerd, API manipulator, or into dumpster diving, there’s a challenge here for you. You might not get rich, but you’ll have fun trying!

#### Participant Prerequisites

Registration is to be made on the website. Our content is accessible to all and includes challenges which don’t require equipment. We also have a range of equipment that is available for loan such as card readers. A laptop and Android phone is needed for some of the challenges.

#### Pre-Qualification

No pre-qualifier!

“$unL1ght Sh4d0w5”: The Nirubi Challenge – Prove Your Might

In the realm of cybersecurity, the pursuit of excellence is a never-ending quest. It’s time to put your skills to the test and prove your worth in the “$unL1ght Sh4d0w5: The Nirubi Challenge”.

In the spirit of DEF CON 33’s theme of promoting openness and accessibility, we present a unique hacking challenge that flips the script on traditional black box contests. We provide you with a production-ready Linux system, complete with known vulnerabilities and a proof-of-concept (POC) exploit to get you started and then throw the gauntlet that will push your limits and make you think outside the box.

The Nirubi Mandate:

Nirubi, an ancient Tamil word meaning “to prove”, is more than just a concept – it’s a way of life. It’s about demonstrating your capabilities, showcasing your expertise, and rising above the rest. In this challenge, we invite you to embark on a journey of self-discovery, to test your mettle against the best, and to emerge victorious.

The Challenge:

Your mission, should you choose to accept it, is to leverage the given vulnerabilities and POC to achieve remote code execution and unleash a ransomware attack on our target system. The twist? We’ll be watching as you navigate not one, but two separate challenges:

Part 1: “Sh4d0w5 Recon” – Using the provided vulnerabilities and POC, expand on the existing exploit to deliver a payload that encrypts the contents of a specific file on the system. Show us your skills in taking the given information and turning it into a successful attack.

Part 2: “$unL1ght Horizon” – If you succeed in Part 1, you’ll be invited to take on the same system, but this time, it will be fortified with a proprietary hardening technology. Can you adapt your approach and still manage to inject your payload and encrypt the target file?

The Prize:

The first contestant to successfully complete both parts of the challenge will take home a prize of $10,000. Will you be the one to shine $unL1ght into the Sh4d0w5 and claim victory?

What sets us apart:

• We’re providing you with the vulnerabilities and a POC, giving you a clear starting point for your attack.
• You’ll be working with a fully disclosed system configuration, eliminating the guesswork often associated with black box hacking contests.
• Our challenge is designed to separate those who merely know from those who can truly execute. We’ll give you all the information you need – system configurations, vulnerability details, and more. But can you use that knowledge to outmaneuver our defenses and emerge victorious?

Rules and Eligibility:
– Contestants must be 18 years or older to participate. – All participants must agree to our terms and conditions, which include rules for responsible disclosure and non-disclosure agreements. – The contest will be held during DEF CON 33, with specific dates and times to be announced.

#### Participant Prerequisites

• Bring your own laptop and/or smart-phone/tablet
• Bring ANY software tools you would need for hacking purposes. This includes an operating system (e.g, Windows/Linux) with Python, C/C++ compiler and associated binary analysis tools.

AND!XOR creates electronic badges filled with hacker challenges. We love doing this, especially coming up with unique ways for hackers to earn them. 5N4CK3Y is a vending machine hardware hacking project from AND!XOR. We retrofitted it into an IoT CTF based badge dispensing machine, bling and all. Find enough flags on our web hosted CTF platform, you get a 5N4CK3Y dispense code, punch it in, and a badge is vended to you! There are a variety of challenges to earn a badge as well others to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, network security, phreaking, wireless, and cryptography to name a few. There’s a little bit of everything, so it’s a perfect way to learn something at one of the many DEF CON villages and talking with people you meet, then attempt the CTF challenges to dispense a badge. Hardware hacking is our passion and we want people to learn on badges once they get them.

#### Participant Prerequisites

A computer, desire to learn, and make friends to beg, borrow, and steal from if you need a tool which you do not already own. Our challenges are multidisciplinary. While we will not give away what is required this year, tools participants have used in the past include: Computer, Ghidra, AFL, telephone, lock pick set, SDR, Flipper Zero, UART Adapter, FT2232 hardware debugger, chip clip, telephone parts, TV remote control, audio recorder, tracing paper, pencil, solder iron & solder, hot air gun, exacto knife, lighter, ice from a Malört cocktail being sipped on by Lintile, copper wire, booze, and ramen. In short, any tools required for the CTF challenges can be obtained at DEF CON.

#### Pre-Qualification

Absolutely not, we invite maximum participation.

Adversary Village will be hosting “Adversary Wars CTF”, which is built around adversary attack simulation, offensive cyber security and purple team tactics. Adversary War CTF centers around mimicking enterprise infrastructure and corresponding challenges. These challenges are meant to push the participants towards adopting various TTPs that adversaries and threat actors use within a definitive time frame. Adversary Wars would have real world simulation CTF scenarios and challenges, where the adversaries can simulate attacks and learn new attack vectors, cyber threat intelligence, threat actor profiles, TTPs, techniques, etc. There would be combined exercises which include different levels of adversary emulation.

As part of the Adversary Wars Capture-the-Flag competition a fictional city would be hosted virtually as a target for the participants. Like all cities, the Adversary city too would comprise of various infrastructure components including a hospital, bank, police station, fire station, army camp, city apartments, IT companies, university, government buildings, power plant, etc.

Each building will have a complex and realistic network infrastructure that includes a wide variety of components, including Windows/Linux systems, applications, industrial systems, Active directory, cloud environments, hybrid environments, and numerous other technology systems. A complex network of interconnected organizations, assumed to have been working properly, monitored by security operations center and cyber defense systems, supposed to be hackproof, until it wasn’t. One fine day, the adversary city was breached by a threat actor. A wide variety of attacks were carried out by the threat actor, in the end they decided to shut the city for good and infected the remaining systems with ransomware.

CTF participants will need to rely on cyber threat intelligence to gather more information on the threat actor, understand and collect various attack tactics, tools, and exploits used by the adversary group. The participants will have to devise possible attack paths used by the adversary group, then simulate these activities against the target city’s various components to recreate and understand how deeply the threat actor group breached the city’s infrastructure and computer systems.

To visualize the CTF environment, the contest area will feature a miniature model of the city made using interlocking-plastic-bricks. The breached components OR organization buildings will be physically marked in the city model as the CTF progresses. This will also assist visitors and observers in understanding the contest’s progress and gaining insight into what is happening behind targeted cyber-attacks, cyberwar, etc.

Just like in previous years, winning teams in the CTF competition can expect fantastic prizes. Additionally, there will be complimentary hoodies (yes, the iconic adversary village hoodies), free t-shirts, cool stickers, village coins, badges, and various other swag for the village participants.

#### Participant Prerequisites

Just a laptop

#### Pre-Qualification

We are not planning to have a pre-qualifier.

Welcome to the “AI Art Battle” Generative AI Art Contest!

This unique competition invites creative minds to dive into the world of artificial intelligence and art. The challenge is to craft the most imaginative prompts that will be used by generative AI models to create artwork.

Contestants will not be creating the art themselves; instead, they will focus on designing prompts for well-known topics that push the boundaries of creativity and innovation.

How It Works:

Select a Topic:

Contestants will choose from a list of random topics.

These could range from historical events, famous literary works, mythical creatures, futuristic landscapes, to iconic pop culture references.

Craft a Prompt:

Using their creativity, contestants will write a detailed prompt designed to guide AI models in generating original artwork. The prompts should be clear, imaginative, and offer enough detail to spark the AI’s artistic capabilities.

Submission

Each contestant will submit their prompt and the intended outcome.

AI Generation:

The submitted prompts will be fed into a generative AI art model, which will create corresponding artworks based on the prompts.

A random panel will determine who the winners are.

#### Participant Prerequisites

• Smartphone or Laptop

#### Pre-Qualification

• This year we hope to hold a pre-qualifier to help shape the contest before going on stage.

How well do you know your man pages? Find out by teaming up with up to 3 other people (or come solo and get matched up with some new friends) and play “Aw, man…pages!”. Across several rounds, your knowledge of man pages will be tested to the limit. Can you remember what command line flag is being described by its help text? Can you identify a tool just from a man page snippet? Can you provide the long-form flag when only given the short? Will you prove yourself worthy to be crowned the man page champion?

#### Participant Prerequisites

None. We will provide answer sheets and pens. Participants can form teams of up to 4 people beforehand, or at the event (last year’s winners all met each other at the contest).

#### Pre-Qualification

No

Band Camp: Hacker My Music! is a hands-on contest that combines DIY hardware hacking and musical innovation. With this contest we aim to bring together hackers, makers, and others looking for a new experience to design and build their own instruments in a reproducible sharable manner. If that means repurposing unexpected common materials or making custom 3d printed instruments, or even custom sound-generating gizmos we’re in! Whether you’re into 3D printing, upcycling old hardware, or discovering strange new ways to produce melodies, this contest will give hackers the chance to create and perform with instruments that break all the rules. It’s a fresh perspective on hacking because it isn’t just about cracking code or bypassing security — it’s about hacking sound, reimagining music hardware, and pushing creative boundaries. Who knows, maybe we’ll get a new “blue box”.

We encourage participants to take advantage of whatever resources they have on hand—3D printers, microcontrollers, pre-prepared parts, or even random junk from the hardware store. If it’s reproducable and makes music, we want to hear it! The ultimate goal here is to create an open library of new sounds that can be used freely by hackers for whatever their needs. Maybe the sounds made could even be hosted on media.defcon.org and opened up for other musicians/hackers to use royalty free.

Rules and Participation Requirements to be hosted at hackermymusic.com

#### Participant Prerequisites

Participants may sign up and make their instruments ahead of time, or they can make them on site. We will have access to the 3d printers in the maker community that I am bringing along for them to use.

#### Pre-Qualification

None.

The future of social engineering is here. Piggybacking on the success of last year’s John Henry competition, the SEC has gone all-in on a first-of-its-kind competition. In Battle of the Bots: Vishing Edition, teams will develop AI-driven bots to place live vishing (voice phishing) calls, testing the limits of artificial intelligence in deception. By blending hacking, automation, and psychology, competitors will see whose AI bot can capture the most objectives from live human interactions. As AI continues to evolve, so do its applications in cybersecurity—this competition provides a unique opportunity for competitors and spectators to witness firsthand the current state of offensive AI capabilities manifested through social engineering vishing calls.

Whether you’re competing or spectating, this event offers a rare glimpse into the future of hacking. Attendees will witness AI bots in real-time navigating conversations, persuading targets, and adapting their tactics—just like a human social engineer. Expect to learn about the strengths, weaknesses, and ethical considerations of AI-driven vishing and the defensive strategies needed to counter this emerging threat. Join us and see if AI is ready to take on one of hacking’s most human-centered techniques.

#### Participant Prerequisites

To successfully participate, teams will need a basic understanding of AI prompt engineering to develop and refine their AI-driven vishing bots. Competitors should be comfortable designing prompts that guide AI responses effectively while ensuring their bots can engage in dynamic conversations. Additionally, all participants must adhere to the competition’s Code of Ethics, ensuring that their AI interactions remain within ethical boundaries and comply with contest guidelines. While prior experience with AI-driven automation or social engineering tactics may be beneficial, it is not required .

#### Pre-Qualification

No, we do not. Unless you count opening up our “Call for AI Competitors” to select competing teams.

We’re going all in on internet freedom. Take a break from hacking the Gibson to face off with your competition at the tables—and benefit EFF! Your buy-in is paired with a donation to support EFF’s mission to protect online privacy and free expression for all. Play for glory. Play for money. Play for the future of the web. All new players are welcome. We offer a clinic right before we start to refresh skills and turn you into a poker hacker fast!

#### Participant Prerequisites

21 and over. Pre-register as soon as possible to ensure your spot at the table at eff.org/poker; we sell out every year.

#### Pre-Qualification

No

Duck, just duck. What the duck! Seriously!? This is the timeline we are in? Here I always thought those preppers was bonkers. Okay, I’m going to break the 4th wall here, I’m writing this in March so here’s hoping this isn’t prescient.

That’s it folks! DOGE has canceled our gas infused multi-liquid rapid cooling technology research grant along with the rest of the NSF because why would we need science when we have Tesla and SpaceX. Elon daddy you’re so big and hard, please give me some juice from your massive rocket to cool my beverage because it for sure hasn’t gone to Mars. What do you mean you lost it? Trump has it where!? This is why you have a flared base on the rocket! How am I supposed to cool my beverage after China starts WW3 because Pooh bear can’t stop obsessing over his nine dash sack? This is a disaster!

Its beverage chilling folks, the description is on the tin. But just in case the illiteracy rates have reached such a level that you can’t read the name of the contest, here is a description you can’t read either.

Je koelt het drankje dat we je geven in een rode solobeker zo snel mogelijk af tot 34 graden F. Je mag het drankje niet veranderen door het te mengen met ijs, droog of anderszins. Je mag een apparaat meenemen of je eigen apparaat bouwen op de conventie. Er wachten fantastische prijzen, voornamelijk wat ik heb liggen en niet mee naar huis wil nemen.

(You will cool the drink we give you in a red solo cup as quickly as possible to 34 degrees F. You may not alter the drink by mixing it with ice, dry or otherwise. You may bring a device or build your own at the convention. There are some great prizes waiting, mostly what I have lying around and don’t want to take home.)

There are some additional rules, check the DEF CON forums or the poster board at the contest!

#### Participant Prerequisites

• A commitment to the sanctity of the unadulterated beverage.
• A complete disregard for the health a safety of one’s self, good design principals, and the laws of physics generally.

#### Pre-Qualification

None

The Blacks In Cybersecurity (BIC) Village Capture The Flag contest is a jeopardy style event designed to practice solving challenges in multiple categories. This event seeks to not only be a series of puzzles and challenges to solve but, a gamified way to learn concepts of social justice, emerging technology and Black history. At DEF CON 33 the BIC Village CTF team will take you to the campus of an HBCU (Historically Black College / University) with a special history and “other-wordly” delights! Come explore the challenges that walk you through our campus gates and into the adventure fueled by curiosity & innovation as we celebrate five years of our BIC Village!

#### Participant Prerequisites

Participants may want to bring their own laptops, physical security tools, lock picks, hardware hacking tools or other supplies to interact with both of our physical and virtual set-ups.

#### Pre-Qualification

No pre-qualifier.

A cyber defense Capture the Flag inspired by a mix of trending nation-state actor kill chains. You are an incident responder tasked to investigate multiple incidents. You will have access to a SIEM and other forensic data; however, just like in real life, these tools have issues you must overcome to uncover what happened.

The CTF challenges contestants to leverage diverse cyber defense skills, including Incident Response, Forensics, and Threat Hunting. Both host and network telemetry are required to solve all the flags.

BTV’s Project Obsidian crew developed the CTF to allow anyone, regardless of skill or knowledge, to participate and sharpen their cyber defense skills. We recommend creating or joining a team if you are new to cyber defense. We highly recommend attending the other BTV Project Obsidian presentations and panels to learn even more about different cyber defense topics.

#### Participant Prerequisites

Attendees will be required to use a laptop, tablet, or mobile device. Prior knowledge of using a SIEM is preferred.

#### Pre-Qualification

No

Call Center Village is a community security challenge that simulates common surface areas of a multi-tenant, small-business call center (often referred to as an “Answering Service.”)

Try your hand at a variety of different physical and digital security challenges across three different simulated environments, including a remote agent’s home, the call center’s main office, and the typical small-business hosting environment. Each area includes some common threats associated with them.

As the community completes challenges, the contest will progressively unlock additional context, information, and/or difficulty, eventually revealing a real-world social-engineering challenge.

This social-engineering challenge requires a variety of details from preceding unlocks to successfully attempt and is performed in a controlled manner against real call center agents.

Some examples of challenges you might come across:

Remote Agent’s Home

• Physical access or sight-lines to private data
• BIOS/UEFI computer security
• Remote connectivity pitfalls (RDP, VPN)
• Data-exfil by BadUSB or USB (Un)blockers
• Lock-picking common door locks
• How to combat agents getting bored and “exploring” the network

Call Center’s Main Office

• OSINT challenge where a case study on the website reveals sensitive information
• Scanning networks to find VoIP phones and networking equipment with default credentials
• Using a FlipperZero to gain simple RFID badge access
• Leaving WiFi credentials easily available to visitors
• Break into petty cash (a Sparrow’s Practice Safe)
• Identify devices that don’t belong on your network
• Find and exploit guest/corporate WiFi setup misconfiguration

Hosting Environment

• Embedding malicious javascript and scripts into agent platforms
• Use a iCopy-XS to clone and bypass a security door
• Lock-pick heavy-duty padlocks to get into telco boxes
• Use a butt-set to listen on copper phone lines
• Misconfiguration of network firewalls
• Database and call recording storage
• Exfiltrate data using SIP messages

Have you ever looked at a tin can, a pile of coax, some solder, a few connectors, and your radio and thought, I’m not sure, but CAN IT HAM? In this new contest for DEF CON 33, the Ham Radio Village is challenging participants to see what they can turn into functioning antennas.

We’ll have some basic supplies – tin cans, coax, solder, connectors,– but feel free to bring your own weird components if you want. The 10 best builds will get tested, and the top 3 will score bragging rights & prizes!

Come participate in some radio shenanigans, hack something together and see what you can make work (plus maybe learn something along the way).

#### Participant Prerequisites

None – Bring your hands and brain and give it a try! You can also bring any* materials from off-site to construct your antenna

• Within DC33/LVCC limitations. No radioactive isotopes or explosives, please.

#### Pre-Qualification

no

Capture the Packet is a competition that tests players grit and cyber capability.

Contestants will be tasked to solve a range of challenges including Incident Response and vulnerability exploitation.

#### Participant Prerequisites

• Participants should bring their own laptop devices with ethernet port. Limited USB-A to Ethernet ports available for loan.
• Attendees should brush up on networking protocols and analysis techniques.

#### Pre-Qualification

NA

The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEMs and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.

#### Participant Prerequisites

https://www.carhackingvillage.com/ctf-rules

#### Pre-Qualification

No, contest is in person only.

If you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much – then this CTF is for you!

Our CTF is a two days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.

You can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? 😀

#### Participant Prerequisites

Laptop and access to internet would be needed.

#### Pre-Qualification

No

CMD+CTRL is an immersive learning and hacking platform where developers, security professionals, and tech enthusiasts come together to sharpen their skills in web application security. Players compete in a real-world environment, uncovering vulnerabilities and learning security techniques hands-on. With real-time scoring, the experience stays engaging, fostering both collaboration and friendly competition.

At DEF CON 33, we’re debuting our latest Cloud Cyber Range: Forescient—a deep dive into exploiting common Azure misconfigurations. This brand-new challenge will put your cloud security expertise to the test like never before.

Are you ready to hack the cloud?

#### Participant Prerequisites

Computer with internet access.

#### Pre-Qualification

Nope. We will be posting event information shortly though.

The Code Breaker Challenge is an advanced cryptographic puzzle designed for DEF CON attendees who want to push their problem-solving skills to the limit. Anyone who successfully cracks the code will receive an exclusive invite to a private pool party, where they can celebrate their achievement alongside fellow codebreakers.

How It Fits DEF CON’s Theme: Access Everywhere

Usable: The challenge is designed to be solved with logic, pattern recognition, and cryptographic knowledge—no special equipment or insider access required.

Accessible: Participants from all backgrounds can attempt it, regardless of whether they are seasoned cryptographers or first-time codebreakers.

Private & Secure: The challenge will incorporate modern encryption principles that highlight privacy-preserving technologies, showing the importance of cryptography in maintaining free and open access to information.

Structure
The challenge will be a multi-layered puzzle, incorporating historical ciphers, steganography, and modern cryptographic techniques.

Participants will have the entire duration of DEF CON to solve it.

Those who succeed will be given a unique code or token to redeem their invitation to the private pool party.

#### Participant Prerequisites

Code Breakers need to access a computer and internet. Everything else is provided.

#### Pre-Qualification

No pre-qual

TBD

Time is of the essence! You will have 48 hours to crack as many files and hashes as possible.

A government-funded nonprofit agency that worked on fediverse integration between proprietary platforms has been shut down with no warning. Their incomplete work is public domain / property of the public. However, they were not able to wind down cleanly, or publish; their severance came with NDAs so they can’t talk about it.

Some dumps got leaked and now you need to extract and recover as much of their work as you can before those get cleaned up. A bunch of user accounts were created and linked, but their plaintexts were lost before they could be sent to users; try to recover access to accounts and data.

#### Participant Prerequisites

Open to all, but pre-registration is recommended. Compete in the Street class for individuals or small teams, or in Pro if you do not want to sleep all weekend. Check out past years’ contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/

#### Pre-Qualification

None.

The DEF CON Short Story contest is a pre-con contest that is run entirely online utilizing the DEF CON forums and subreddit. This contest follows the theme of DEF CON for the year and encourages hackers to roll up their sleeves and write the best creative story that they can. The Short Story Contest encourages skills that are invaluable in the hacker’s world, but are sometimes overlooked. Creative writing in a contest setting helps celebrate creativity and originality in arenas other than hardware or software hacking and provides a creative outlet for individuals who may not have another place to tell their stories.

#### Participant Prerequisites

None

#### Pre-Qualification

No

The Cryptocurrency Cyber Challenge welcomes you to develop your skills finding vulnerabilities and hacking on blockchain finance technology. Learn the unique ways that cryptocurrency systems are attacked, defended, and secured while teaming up to compete with your peers. Meet your fellow hackers, feel the challenge, and get inspired to explore the security aspects of cryptocurrency where practical finance hacking for the public good is encouraged.

To win any of the five levels of this contest, use testnet tokens, get help from village mentors, and convince the contest judges of the merit of your work. We hope (depending on degree of sponsorship) to award prizes for the best cryptohacks in the DEFCON world.

Various cyber tools and techniques have been utilized based on information from past attacks. Game players will learn about different cyber security frameworks, cyber-attack processes, and how they can use utilized in a fun way. The game is built to teach key cyber terms, theory and apply techniques based on real-world scenarios.

As a player, you are part of a Cyber Protection Team (CPT) assigned to the mission to prevent various attacks on critical infrastructure. Your task is to use the available information that your team has at your disposal to stop the adversary from achieving their objective.

Players will find themselves in a variety of future scenarios based on a specific industry/sector focus e.g. manufacturing, utilities, defense, finance. The task will be to defend each individual network/system to govern, identify, protect, detect, respond and recover against abnormal/suspicious activities on the network. You will be working against a global hacker network who is threatening to disrupt the overall operations of critical infrastructure sites for nefarious means.

Cyber Defender – The Game, teaches cyber professionals how hackers operate, the cyber kill chain, and tactics, techniques and procedures (TTPs) that can be employed to defend and attack critical infrastructure.

#### Participant Prerequisites

No

#### Pre-Qualification

No

Building on last year’s successful Red Team Rumble pilot, we’re expanding our contest to create an interactive cybersecurity battlefield where Red and Blue teams alike can clash in friendly rivalry. Participants can engage in several formats including a virtual King-of-the-Hill running throughout DEF CON, short head-to-head team battles, and an extended multi-team competition where strategy and skill determine the victors. Our easy-to-understand yet difficult-to-master environments welcome participants of all skill levels, whether you’re seasoned in Cyber Security or just beginning your cyber journey. Our scoreboard provides real-time updates that make the competition exciting for spectators, too!

Working directly with villages from DEF CON, we’ve created mixed realistic cybersecurity scenarios with accessible, contained challenges to provide an enjoyable experience for everyone. Join us to show off your offensive and defensive tactics, adapt to evolving threats, and collaborate with peers across traditional security boundaries.

#### Participant Prerequisites

• Laptop required, ethernet port recommended.
• Experience in the following recommended:
  • Working in virtual environments
  • Linux and/or Windows system administration
  • Offensive Security tools and techniques

#### Pre-Qualification

No, there is no pre-qualifier. Registration for events will be open prior to DEF CON start, and in-person registration will be available during Defcon, capacity pending.

Darknet-NG is an ARG and hands-on hacking contest built for DEF CON. Whether you’re new to security or already deep in the game, it’s designed to teach real skills through interactive challenges. You’ll take on missions in cryptography, OSINT, hardware hacking, reverse engineering, and exploitation. Some you can handle solo. Others will push you to collaborate with others. To complete certain objectives, you’ll have to explore DEF CON itself, digging into villages, tracking down key information, and meeting the right people. Everything builds toward a final boss fight where agents must bring together everything they’ve learned. If you want something more than just watching talks and walking the halls, Darknet-NG is the best way to dive in.

#### Participant Prerequisites

No prier knowledge, suggest bringing a laptop, could be played on mobile.

#### Pre-Qualification

No Pre-Qualification, we do have a casefile to help folks get started to get into the hacker summer camp.

TBA

Ancient warriors used tattoos as a means of indicating rank in battle; it was the sort of mark that told the tales of their various conquests – their struggles and triumphs. Similarly, traversing the halls of DEF CON, one can see more modern versions manifesting as stickers – especially on laptops and other electronic equipment.

We use stickers to break the ice with strangers, as a barter currency, to tell the tales of our struggles and triumphs. After all, is a hacker really a hacker without a laptop adorned with these markings?

Here’s your chance to be part of hacker culture, by creating something that people around the world will treasure and proudly display. Submit original artwork in the theme of the con, that you believe best exemplifies hacker culture, that will be used as printed stickers.

On your marks… Make your mark.

#### Participant Prerequisites

None

#### Pre-Qualification

None

Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.

As part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).

#### Participant Prerequisites

NA

#### Pre-Qualification

NA

Held every year since DEF CON 19 in 2011 (R.I.P. Riviera), (Except during that COVID thing – but we are not going to talk about that COVID thing), the DEF CON (unofficial) Beard and Mustache Contest highlights the intersection of facial hair and hacker culture.

For 2025 there will be four categories for the competition you may only enter one:

Full beard: Self-explanatory, for the truly bearded.

Partial Beard: For those sporting Van Dykes, Goatees, Mutton Chops, and other partial beard styles.

Mustache only: Judging on the mustache only, even if bearded. Bring your Handlebars, Fu Manchus, or whatever adorns your upper lip.

Freestyle: Anything goes, including fake and creatively adorned beards. Creative women often do well in the Freestyle category.

#### Participant Prerequisites

Real or Fake facial hair as described above.

#### Pre-Qualification

no

The DEF CON 33 MUD will be open for practice on May the 1st of 2025. Details will be published April 15th 2025 at https://defcon.wtf

Ever play BattleTech the tabletop RPG, or even the video games? Do you remember multi user dungeons, as in text based gaming from the 90’s? The DEF CON MUD contest has resurrected BattleTech MUX for real time text based mech combat. The game will open in May of 2025 and be open to practice until sometime in June when an epic battle of all those registered will happen, the winner of that grand tournament will receive a human badge for entry to DEF CON 33. Pull out your Java based HUD’s, (THUD-NG), fight the AI, and other humans, relive the 90’s without the pain of dial-up, pilot Mechs, Tanks, and VTOL’s and claim your victory.

#### Participant Prerequisites

Participants will want to practice on the Battletech MUX practice server prior to the grand tournament, there will be tutorial simulations and humans to help you learn the controls. Resources for learning will be on https://defcon.wtf in late April. Participants who have completed the training scenarios will be eligible to compete in the grand tournament in July.

#### Pre-Qualification

https://defcon.wtf will host details on the pre-qualification requirements in late April, contestants will need to pass the training simulations which teach mech piloting prior to competing in the grand tournament, estimated time required about 4 hours.

Whether you’re a seasoned DEF CON veteran or a curious newcomer, the DEF CON Scavenger Hunt promises to challenge your skills, tickle your wits, and ignite your hacker spirit. Our list is a portal to mystery, mischief, and mayhem. Assemble your team of up to 5 members, interpret the items, and submit your efforts at the booth to our esteemed judges. Go beyond the basics for bonus points. Legends are born here.

The DEF CON Scavenger Hunt is open to everyone, regardless of skill level or experience, no pre-qualifying necessary. We strive to maintain the balance of a low barrier to entry while providing a challenge that many are eager to take on. Casual players should not be overwhelmed by the list, find a handful of items and have fun. If you are looking to win however, you will need to fully immerse yourself in the DEF CON Scavenger Hunt. Let’s make some memories together.

Remember that it’s not just about fame, glory, or boxes of swag; the true allure is the camaraderie of fellow hackers, the knowledge that you’ve etched your mark on DEF CON history, and the ultimate badge of honor: bragging rights. Nothing says “I’m a hacker” quite like being triumphant at the DEF CON Scavenger Hunt.

#### Participant Prerequisites

n/a

#### Pre-Qualification

n/a

Have you ever wanted to break out of handcuffs, pick open a closed bag and shoot your buddy in the chest with a nerf gun? So have we, that’s why TOOOL presents the Dozer Drill. A fast paced skill based game where you have to free yourself from handcuffs, open a closed bag, and retrieve the nerf gun to be the first to hit the target. Join us throughout the con for qualifier games, and on Saturday for an official bracket tournament.

#### Participant Prerequisites

Participants must be able to shim handcuffs and pick locks which are both skills we’re happy to teach you in the lock pick village. Contestants wishing to enter the official tournament on Saturday must win at least one match against any opponent prior to the tourney in order to have their name entered.

#### Pre-Qualification

We will be running the game throughout the day prior to the tournament on Saturday. Contestants have to win at least one dozier drill round before they can enter into the official tournament. This helps us to ensure everyone competing holds the minimum skills needed to complete a round.

D@D is a table-top/RPG themed puzzling campaign for teams of 1-4 players. As part of the campaign, teams will unravel crypto challenges, solve physical puzzles, and do other side-quests that will have them interacting with different components of the Defcon community (villages, goons, NPCs, local wildlife, trolls, etc.) to earn points and progress through a narrative. The theme changes each year, but typically is based loosely on a popular table-top game that fits the theme for DEF CON. Teams learn how to work cooperatively to solve large puzzles, and learn how to solve puzzles that they may have seen in CTFs, escape rooms, or other puzzle venues. The contest is designed to be accessible to all technical levels and all ages.

Pre-registration will occur online the before con as well as Friday morning at 10 in person. Contest will start at 12:00 on Friday

#### Participant Prerequisites

Some puzzles require being physically present to complete.

#### Pre-Qualification

No prequals needed.

EFF’s team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Badge and EFF swag pack. The second and third place teams will also win great EFF gear.

#### Participant Prerequisites

No prerequisites! Just a desire to have fun and come answer some trivia questions. Participants will need to join a team which they can create beforehand or join one ad-hoc during the event!

#### Pre-Qualification

None

Embedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular case of use and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective. Often these disciplines are dealt with individually, but understanding the custom relationships between hardware and software is vital to performing security research on these devices.

The embedded device CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices’ inner workings and understand their design’s security implications.

By participating in the contest, contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills. The competition provides a valuable opportunity to network with like-minded individuals and a chance to learn from others in the field hands-on.

Overall, the embedded device CTF contest is an exciting and educational experience that showcases the unique challenges and rewards of working with embedded devices. With the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous, making this contest relevant and worth checking out. Whether you’re a seasoned security professional or just starting in the field, the contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.

#### Participant Prerequisites

Contestants will need to bring their own laptop for the competition. That is pretty much it! We will have switches at the tables for them to plug into as well as WiFi that they can connect to for the contest.

#### Pre-Qualification

No

Feet Feud (Hacker Family Feud) is a Cybersecurity-themed Family Feud style game arranged by members of the OnlyFeet CTF team and hosted by Toeb3rius (aka Tib3rius). Both survey questions and their answers are crowd-sourced from the Cybersecurity community. Two teams (Left Foot and Right Foot) captained by Ali Diamond and John Hammond and comprised of audience members go head to head, trying to figure out the top answers to the survey questions.

Attendees can either watch the game or volunteer to play on one of the two teams. Audience participation is also encouraged if either of the two teams fails to get every answer of a survey question.

Ultimately Feet Feud is about having a laugh, watching people in the industry attempt to figure out what randomly surveyed people from the Cybersecurity community put as answers to a number of security / tech related questions.

#### Participant Prerequisites

Participants are chosen by team captains from the audience at the start of the show. In order to be fair, we try to select participants from all seating areas, so folks who show up later than others still have a chance to volunteer.

#### Pre-Qualification

None.

With the rise of Gen AI, a lot of the security workflows are quickly evolving to leverage AI capabilities. To help the community keep up with those changes in a fun and interesting way we’d like to hold the first CTF focused on solving challenges by teaming up with AI. We spent the last 6 months designing unique challenges that are best solved with the help of AI in ways that are directly applicable to many SecOps tasks such as incident response and threat intel. Although this particular village is new, we participated in organizing prior village events, including the AI Security Village last year. We also have extensive experience about running CTFs, which is the topic of our village: e.g., members of our team have organized the main Defcon CTF in past years (with Order of the Overflow), and others (e.g., iCTF, Google CTF).

This Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone.

You, dear Player, are Hac-Man (or Ms. Hac-Man, or Hac-Person), making your way through various dark mazes eating pellets, fruits, and ghosts. Each ghost represents a hacker puzzle or skills challenge. Upon completing each challenge, you’ll be awarded points and can continue on to attempt further challenges. Many challenges have unlockable hints and location information, which you can unlock by spending your collected fruit.

There is a leaderboard! As you collect points, you’ll show up on this leaderboard. The top 10 Players at the end of the game will be awarded various prizes from a prize pool.

#### Participant Prerequisites

The only prerequisite to the contest is internet access.

#### Pre-Qualification

No

What is Hack3r Runw@y?

Hack3r Runw@y challenges creative minds in the hacker community to reimagine fashion through the lens of hacking. We’re calling all glamorous geeks, crafty coders, and fashionably functional folks to dust off their soldering irons, grab their needles and threads, and unleash their inner designers. Whether you’re a seasoned maker or a coding newbie, Hack3r Runw@y has a place for you. Hint: You don’t have to know how to program to make cool wearables.

What to Expect:

Participants will submit their creations prior to the event and then walk the runway during our allotted time at DEF CON. Audience should be prepared to be amazed by a runway show unlike any other. Like really. Witness creations that push the boundaries of fashion and technology, showcasing the ingenuity and resourcefulness of the hacker community.

Expect to see:

Smart Wear that Wows: Garments integrated with LEDs, microcontrollers, sensors, and other tech wizardry, creating dazzling displays of functionality and style. Digital Design that Dazzles: Visually stunning pieces that use light, color, and texture to create captivating, passive designs.

Functional Fashion: Practical and stylish creations that solve real-world problems, from masks and shields to lockpick earrings and cufflink shims.

Extraordinary Style: Unique and expressive designs that push the boundaries of fashion, incorporating everything from 3D textures and optical illusions to cosplay and security-inspired patterns.

A Hacker Perspective on Fashion:

Hack3r Runw@y brings a unique hacker perspective to DEF CON by demonstrating the power of creativity and problem-solving in a non-traditional context. It showcases how hacking can be applied to art and self-expression, blurring the lines between technology, fashion, and culture. It’s about more than just making cool gadgets; it’s about pushing boundaries, challenging conventions, and exploring the intersection of technology and human experience.

What You’ll Learn:

Hack3r Runw@y offers attendees a glimpse into the creative potential of the hacker community. You’ll see firsthand how technical skills can be combined with artistic vision to create truly unique and innovative designs. You’ll be inspired by the ingenuity and resourcefulness of the participants, and you might even pick up some ideas for your own projects. It’s a chance to learn about new technologies, see them applied in unexpected ways, and connect with a community of like-minded individuals. Hack3r Runw@y teamed up with the DC Maker Community during DEF CON 32 to offer a workshop on sewing LEDs to clothing. Look out for something similar this year.

The Competition:

Participants will compete in four categories for a chance to win in each, plus the coveted People’s Choice trophy, where anyone can win, but there will be a twist! Our esteemed judges will select winners based on:

• Uniqueness
• Trendy
• Practical
• Couture
• Creativity
• Relevance
• Originality
• Presentation
• Mastery

Join us at DEF CON 33 for Hack3r Runw@y and witness the future of fashion! Be prepared to be amazed, inspired, and maybe even a little bit hacked. This is an event you won’t want to miss!

#### Participant Prerequisites

There are no prerequisites outside of you wearing something that you made or had a hand in making. You are welcome to model store bought outfits, but you will not qualify for a prize.

#### Pre-Qualification

Proof that you created the item and signed up via the google form. Submissions due no later than 4pm EST on Saturday, August 10, 2024. Link to form found here: https://hack3rrunway.github.io/

Have you ever wondered what would happen if you took ostensibly smart people, put them up on a stage, maybe provided a beer or two and started asking really tough technical questions like what port Telnet runs on? Well wonder no more! Back to start its 31st year at Defcon, Hacker Jeopardy will have you laughing, groaning and wondering where all the brain cells have gone. Some come share an evening of chanting DFIU followed immediately by someone FIU. This is a mature show, 18+.

#### Participant Prerequisites

None

#### Pre-Qualification

No

In this Maritime Hacking Village event we will engage convention goers with a number of different tabletop games to help them understand the operational issues surrounding offensive and defensive cyber operations in a port complex. Players will become familiar with the various network components that support port and shipping operations from the underlying infrastructure to the system components at ports and commercial ships. A fictional terminal, Boundary Terminal part of the Port Elizabeth New Jersey complex, and a fictional shipping line, Worldwide Shipping Operations form the basis for many of our games. All of the games are designed to be entertaining and engaging with the first few hundred who stop by getting a take home copy of the game.

#### Participant Prerequisites

This is a fun, quick, and simple game, so no prior experience is required.

#### Pre-Qualification

No. Its not really a contest, more like a competitive game.

Grab some solder and update your JTAGulator! The Hardware Hacking Village (HHV) is back with another DEF CON hardware hacking-focused Capture the Flag (CTF) competition. This is a jeopardy style CTF, designed to challenge participants in various aspects of hardware hacking. Whether you’re new to hardware hacking or experienced and just looking for something to do while you wait for your fault injection to trigger, all are welcome and challenges range from beginner to advanced.

#### Participant Prerequisites

While we make many of our challenges approachable without additional tools, things that could come in handy would be a laptop, programmable microcontroller (something 3.3V compatible), hookup wire. Hardware hacking knowledge will help, but it’s not required and we try to structure our CTF to be approachable to newcomers.

#### Pre-Qualification

no

This event was born out of the desire to teach an often-overlooked hardware and networking skill, and to provide the opportunity for experienced people to mentor others as they learn. DEF CON provides the perfect environment for people with no prior training to learn something useful and new. Hardwired networks are often overlooked in today’s world of cellular connection and Wi-Fi, but they still play an important part in the backbone of information sharing. We believe that while cutting-edge technologies are thrilling, traditional skills-building still has its place, and we want to provide that opportunity to the DEF CON community.

#### Participant Prerequisites

None

#### Pre-Qualification

None

Our challenges will follow a theme/storyline so it can be more immersive for players that want this kind of experience, but a player can focus on the technical aspects of the challenges and ignore the theme/storyline without affecting their performance. The challenges will vary in difficulty. ypically an easy difficulty challenge would require a player to understand the concept of a vulnerability to successfully complete it, while a hard one would require experience and the ability to chain together various vectors.

#### Participant Prerequisites

A laptop and internet connection is required.

#### Pre-Qualification

No

The ICS Village CTF provides hands-on access to industrial control systems used in critical infrastructure around the world. In this contest, attendees will have to take control of generation facilities, disrupt distribution, and identify malicious activity inside the networks. Attendees will learn how critical infrastructure works, the dependencies of each system, some of the engineering designs from different industries, and tools used worldwide for both hackers and defenders.

#### Participant Prerequisites

• Bring a laptop.
• No special software is required.
• Wireshark and tools from Kali are helpful but not necessary.

#### Pre-Qualification

No pre-qualification — all are welcome to participate.

Put your gray matter to the test at Graylog’s “Logs in the Shell” Capture The Flag (CTF) event! Immerse yourself in our virtual sandbox environment, where you’ll take on unique and captivating puzzles sure to entertain and challenge your wit and skill in data analytics and cybersecurity.

This event isn’t just about answering multiple-choice questions or writing essays. It’s about diving into complex scenarios that will push you to think in new ways while hunting for hidden clues, threats, and terrible puns. Whether you’re a beginner looking to learn new concepts or a seasoned pro wanting to showcase your expertise, our inclusive format ensures everyone can participate and thrive.

Join us for an unforgettable experience where education meets excitement. Unlock your potential, compete for fun prizes, and emerge victorious in Graylog’s one-of-a-kind CTF event!

#### Participant Prerequisites

The CTF includes challenges at all skill levels, but ambitious players are encouraged to check out the free trainings we offer at https://academy.graylog.com/

Everything is handled in VM, so all participants need is a laptop and internet access.

#### Pre-Qualification

No

Welcome to the resistance. As a new recruit in the Order of the White Tentacle, you must train to master the elements and restore balance to a world on the brink of chaos. This is a beginner & family-friendly adventure that will test your wisdom, bravery, and teamwork as you bend the elements to solve puzzles, complete missions, and rise through the ranks. Whether you walk the path of fire, water, earth, or air, only those who embrace the balance of all will prove themselves worthy. Will you answer the call and bring harmony to DEF CON 33?

#### Participant Prerequisites

Phone with a camera will be required to play.

#### Pre-Qualification

No.

The Password Village provides hands on access to cracking tools like Hashcat and John the Ripper. It can be hard to pop into a new community on the internet and ask questions without having thoroughly read the documentation prior. The village organizers are there to answer all questions regardless of how basic, or advanced in and around the world of password cracking. Need help with contest/village challenge? We got you. Not sure what password cracking is or how to get started? We got you. Working on a thesis for a new attack chain? We go you.

Phish Stories is a contest that combines the art of creative writing with the strategic challenge of social engineering, inviting participants to craft phishing emails that are both convincing and hilariously entertaining. It gives people at any level the chance to show off their skills in writing, social engineering, and humor to create a unique contest that allows for multiple ways to win. Writers, comedians, and Red-Teamers can all find a path to victory!

Participants are tasked with creating phishing emails targeting fictional company leaders. The goal is to produce emails that are not only convincing enough to prompt a click but also funny enough to entertain. Contestants must also provide a one-page backstory that gives the details of the approach and what happens after our unsuspecting company leader clicks on that link. Contestants receive background information on their targets to help craft their entries.

There are three winners in the contest.

• The Ruler: Best overall combination of clickability and humor.
• The Wizard: Best technical and clickable email.
• The Jester: Funniest entry.

#### Participant Prerequisites

No

#### Pre-Qualification

No

Ever wondered what hacking looked like in the golden age of phone phreaking? What about today? What can we learn about the old techniques that still plague our current infrastructure? The Hacked Existence PhreakMe Capture the Flag (CTF) brings the classic art of telecom exploitation into the modern era.

The Hacked Existence team is once again hosting a telecom based CTF. The CTF runs on real live VoIP lines routed through a modified asterisk PBX allowing participants to dial in to the CTF from a real world routable telephone phone number. This number is live 24/7 throughout DEF CON, allowing you to hunt the PBX for flags any time, day or night. Also there’s a BBS this year and more telecom challenges. The flags are based around historically accurate tactics, techniques, and procedures to manipulate emulated old school switching systems.

The purpose of our contest is to bring awareness around the still existing weaknesses in our telecom infrastructure and Interactive Voice Response Systems. Ideally visitors to our contest area will participate in the CTF allowing them to get a better understanding of telecom hacking in the year 2024 as well as a respect for the art of phreaking from yesteryears.

Come test your skills, challenge your knowledge, and dive deep into the world of phreaks.

#### Participant Prerequisites

A phone, or access to a phone that can dial an american based phone number. The BBS will be both accessible from a modem and also ssh. Ideally people will read books like ‘The Cyberthief and the Samurai’ and ‘Masters of Deception: The Gang That Ruled Cyberspace’ and the Cult of the Dead Cow book.

#### Pre-Qualification

Not Applicable

DEFCON 33 Program Update

The Pinball High Score contest at DEF CON 33 will run Friday and Saturday: 10:00-18:00, Sunday 10:00-13:00 with games available for daily High Score contests, daily challenges and open qualifying for a main tournament. The daily contests will allow any attendee to play pinball games and attempt to record a qualifying high score on each of the unique games. At 17:00 on Saturday main tournament qualifying will end, tiebreakers will be played(if needed) and the top 8 players with the highest combined scores across all eligible machines will qualify for the Sunday finals event where they could become the DEF CON Pinball Champion!

Achieving a high score may sound simple but pinball rulesets are very complex and the skill to complete a “Wizard Mode” or achieve a high score requires research, practice, knowledge and execution. Out of the box thinking, analytical skills and pattern recognition are traits that pinball players must exhibit to be successful and some games have rule sets that can be studied and exploited to achieve a high score. Hackers are at an advantage here and while this is just a pinball contest, we expect that the community is ready for this challenge!

Stern Pinball has prepared an exclusive DEF CON 33 digital badge that will be available for any attendee to earn for playing in this event. Additional DEF CON specific Insider Connect digital badges and prizes may be unlocked during game play.

This year, we’re taking our pinball contest to the next level with the introduction of a custom-built Real-Time Pinball Telemetry (RTPT) device. Designed exclusively for DEF CON 33, these first-of-their-kind, machine-agnostic devices will measure players’ physical interactions with games in real time. More than just a scoring tool, RTPT will create new opportunities for engagement—both within our contest and across other DEF CON competitions. Get ready to play like never before!

The last surviving fragments of Project ACCESS, a defunct open comms initiative, have resurfaced. The faceless OmniCorp thought they had erased it from the spectrum, but rogue operatives are pushing back. Disguised among the DEF CON crowd, Foxes are carrying the pieces needed to reboot the system.

They’re broadcasting open signals across the con space. Your job? Track them down, follow the trail, and recover the payloads. Some Foxes are stationary. Others are on the move. All of them have something you need—but they won’t just hand it over. You’ll have to answer DEF CON trivia, solve puzzles, or earn their trust in creative ways.

This isn’t a gear-only hunt. Whether you’re rocking SDRs, handheld radios, or just tuned into the right frequency, you’ve got a shot. It’s part signal chase, part real-world goose chase, and 100% hacker weirdness.

Expect

– Live human Foxes broadcasting short-range signals – Some Foxes roaming the con floor hunt them down, respectfully – DEF CON history questions, crypto puzzles, and maybe a social engineering twist or two – Physical items or clues exchanged when you succeed – No encryption. No gatekeeping. Just old school radio and clever chaos.

Think you can track the signal, crack the code, and restore the last breath of open access?

Then grab your gear, tune in, and start hunting.

#### Participant Prerequisites

RF Fox Hunt(s): To participate in the RF fox hunt(s), you will need a radio or scanner that can receive signals in the 2m and/or 70cm Amateur Radio Bands (144.000 MHz – 148.000 MHz, 420.000 MHz – 450.000 MHz).

Something to read NFC cards.

#### Pre-Qualification

There is no pre-qualifier to the Ham Radio Fox Hunt.

We are back with another Pub Quiz at DEF CON. We had a very successful 2 years hosting this event and we have made some improvements to make it every better. So do you like Pub Quizzes?? If you do then get your butts to join us in participating in the 3rd Pub Quiz at DEF CON 33.

Quiz will consist of 7 rounds question will include 90’s/2000’s TV and Movies, DEF CON trivia, music, cartoons, and a little sex. The theme for our Pub Quiz will be all things that make DEF CON attendees exceptional. There will be a little something for everyone. The quiz will consist of visual and audio rounds along with some Con questions; we need to make sure we stimulate you peeps. We encourage people to get into teams of 5 or 6.

This is a social event, so we try to get people into Teams. You never know you may meet the love of your life. Did I mention CASH! Yes we will have cold hard cash prizes for the 1st, 2nd, and 3rd high scoring groups. As always if we do have ties will be break those ties with a good old fashion dance off from a person of the tied teams. The hosts and a few goons will help in judging.

#### Participant Prerequisites

No Prerequisites. Just come to have a good time.

#### Pre-Qualification

No Pre-Qualifications.

In this game capture the flag you will be presented with real configurations of real wireless and radio technologies to attack. Practice your skill and learn new ones from Radio Frequency IDentification (RFID) through Software Defined Radio (SDR) and up to Bluetooth and WiFi. There may even be Infrared, if you have the eye for it.

RF Hackers Sanctuary is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 32. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.

We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.

This game doesn’t let you sit still either, as there are numerous fox hunts, testing your skill in tracking various signals. If running around the conference looking for WiFi, Bluetooth, or even a Tire Pressure Monitoring System (TPMS) device sounds like fun, we are your source of a higher step count.

There will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question – ASK! We may or may not answer, at our discretion.

FOR THE NEW FOLKS
This contest is free and open to anyone and everyone. You can sign up and start playing any time during the conference. If you didn’t bring your wireless gear don’t worry, our virtual RFCTF environment is played over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it is not required. Read the presentations at: https://rfhackers.com/resources

Hybrid Fun
For DEF CON 32 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game running simultaneously. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), entirely free. In addition to the virtual challenges, we will also have a large number of “in person” only challenges, which do require valid conference admission. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. Playing only the virtual game will severely limit the maximum available points which you can score, therefore don’t expect to place. If you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard for bragging rights. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.

The text box isn’t large enough. Please email me for the full version. Abbreviated version above for fun

#### Participant Prerequisites

• A minimum of a laptop with a web browser and internet connection is required. Additional wireless equipment is optional but can seriously help.
• Everyone of all skill levels are welcome, our game is inviting and free to play.

#### Pre-Qualification

None. Anyone can drop in and play if they have a laptop and a web browser.

Experience the ultimate test of cognitive prowess with Raitlin’s Challenge, a sophisticated collection of visual puzzles presented annually at Defcon. This intellectually demanding journey pushes participants to their limits through increasingly complex challenges that require mastery of diverse knowledge domains.

The challenge begins with an initial puzzle that serves as a gateway to the main experience. Once solved, competitors gain access to a carefully curated series of visual puzzles presented in an artistically refined format. Each puzzle solved yields a verification string, allowing participants to track their progress through the challenge.

What sets Raitlin’s Challenge apart is its comprehensive scope, drawing upon principles from mathematics, science, technology, cryptography, protocols, algorithms, biology, chemistry, programming, engineering, and ancient history. While technical expertise, particularly in hacking, proves advantageous, the true challenge lies in applying abstract thinking across multiple disciplines.

The journey to completion varies significantly among participants, spanning anywhere from days to years. Unlike many competitive events, Raitlin’s Challenge maintains its availability beyond Defcon’s conclusion, allowing determined individuals to pursue solutions at their own pace. Those who ultimately succeed earn recognition on the prestigious ledger of completions, joining an elite group of problem-solvers who have demonstrated exceptional intellectual versatility and persistence in unravelling the secrets of the Illuminati Party®.

#### Participant Prerequisites

Access to a web browser and Internet connection.

#### Pre-Qualification

No

It’s hard to tell what’s real or not anymore. Deepfakes, AI, LLMs, Sora, unreliable sources of information, data spoofing… it’s too much for even the most informed to keep up with, let alone the 99% of us just trying to get by. We’re heading quickly to that precipice, close to that point of no return where those who control the money, the power, the GPUs, the energy grid, will control us all. Or worse: where the first artificial intelligences will manipulate us all… We’re nearing a memory buffer overflow, a glitch in the matrix, a

/`/$ REALI7Y OVERRUN $\’\

Teams will join an interactive multiplayer video game and follow the storyline to clues that will give them hints about who they can trust and who they can’t. The clues will follow the pattern of deepfakes and forgeries, asking players to figure out what’s real and what’s not, focusing on hacker and DefCon focus areas such as authentication, trust, social engineering, hardware and software manipulation and more. They will be given a rich story that will lead them to research the underlying issues in trust and anonymous trust systems. They will encounter challenges and tutorials on video and image validation and cryptographically safe messaging.

#### Participant Prerequisites

Laptop ideal. Tablet OK. Flagship phone possibly. We require no special knowledge to play, though to win, knowing a bit about general cryptographic concepts (private/public key authentication and signing), LLM-based services (ChatGPT, Dall-E) and DefCon trivia would help.

#### Pre-Qualification

None.

Step into the world of Industrial Control System (ICS) security with Red Alert ICS CTF, a competition built by hackers, for hackers. Hosted by the RedAlert Lab of NSHC Security, this contest is all about pushing the limits—breaking through layers of security in a real Operational Technology (OT) environment until you seize full control of ICS components.

Since its debut at DEF CON 26, Red Alert ICS CTF has been a must-attend event, growing bigger and tougher each year. Now recognized as a Black Badge contest at DEF CON 32, DEF CON 31, and DEF CON 26, it’s the ultimate proving ground for those who thrive in the high-stakes world of ICS hacking.

What makes this CTF unique? Live ICS hardware from top industry vendors, simulating real-world critical infrastructure. Participants will interact with actual devices, manipulate industrial processes, and exploit vulnerabilities in real time. This isn’t just another CTF—this is a full-scale ICS cyber battleground.

Are you ready to test your skills, outsmart industrial defenses, and dominate the ICS arena? The challenge awaits.

#### Participant Prerequisites

Bring your laptop and a network adapter (if your laptop lacks one). Refresh your knowledge of ICS protocols and processes to stay ahead in the competition.

Any specialized hardware required will be provided by the contest organizers.

#### Pre-Qualification

No

The Red Team Capture the Flag (CTF) competition at DEF CON is a challenging and exciting event that tests the skills of participants in offensive security. The objective of the Red Team CTF is for teams to successfully complete challenges faced by Red Teams.

The Red Team CTF is designed to simulate real-world scenarios in which attackers attempt to penetrate the security of a network or system. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities in the target network.

Teams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities in the target network, while also evading detection and countermeasures put in place by the Blue Team.

The Red Team CTF at DEF CON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants’ technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.

#### Participant Prerequisites

Participants are required to bring a laptop with the ability to connect to DEF CON WiFi or other internet connection.

#### Pre-Qualification

There is no pre-qualifier for the event.

The Scambait Village Contest will test participants skills in scambaiting! Players earn points for spending time on the phone with a scammer in order to waste the scammers time so they aren’t affecting real potential victims. Participants get extra points for achievements or milestones of the call — whether it is finding more scam numbers to call, having a scammer connect to their dedicated bait virtual machine, or hacking the scam to fatigue and frustrate online scammers who steal money every day. Check out the Scambait Village Content to play or spectate live calls and learn all about the art of scambaiting.

#### Participant Prerequisites

Participants should be prepared with a laptop that is able to run virtual machines. Some computers and laptops may be provided for use, but this is a limited quantity and players should be prepared to bring their own devices. Special knowledge of how to participate in the Scambait Village Contest will be presented and made available within the Scambait Village.

#### Pre-Qualification

There is no pre-qualifier to the Scambait Village Contest.

In this competition (#SECVC), teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies. Teams can consist of 1-2 individuals , which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team has limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors! This competition takes place only on Friday in the Social Engineering Community village, be sure to get there early to get a seat; they fill up fast!

#### Participant Prerequisites

To successfully participate, selected competing teams need reliable internet access and a computer for the remote phase to conduct OSINT and research. For the onsite phase at DEF CON, participants must be present at the Social Engineering Community village, where all necessary equipment is provided. No prior vishing experience is required, but familiarity with social engineering techniques, OSINT gathering, and rapport-building skills can be beneficial. The competition is open to all skill levels, making it both educational and competitive.

#### Pre-Qualification

No, we do not. Unless you count opening up our “Call for Competitors” to select competing teams.

Social Scav Hunt (SSH) is your time to expand your circle and meet some interesting folks.

Given the provided list, take a photo for each item or person.

Consent is not only sexy but required.

This contest while a prize will be provided, the real prize will be the friends you make along the way.

#### Participant Prerequisites

Show up… this contest is for everyone.

#### Pre-Qualification

Show up.

Embark on a thrilling espionage adventure with spyVspy! This contest imagines a world of spy games where contestants employ basic hacking, cryptography, and rogue skills to solve puzzles and uncover hidden caches strategically scattered throughout DEF CON (and beyond).

Contestants will engage in a real-world treasure hunt, where the locations of hidden caches are revealed by solving the types of puzzles you’d expect to see at DEF CON. Traditional ciphers, lockpicking, OSINT, and very basic hacking/pentesting skills may be required.

spyVspy is intended for players of all skill levels. Whether you’re a seasoned double-agent or just learning to be a covert operative, you will be able to compete and have fun in this event. Whatever skills you think you’re missing can probably be learned on-the-job anyway.

#### Participant Prerequisites

A laptop is highly recommended, although much of the content will be doable on a smartphone.

#### Pre-Qualification

No Pre-Qualifier

What happens when you gather 4 hackers together to complete silly tasks, rank their execution, and see who ends up with the most points at the end? Taskmooster, that’s what. Inspired by the UK game show Taskmaster, TaskMooster is brings lateral thinking, comedic tasks, and general shenanigans to DEF CON. What? You haven’t heard of Taskmaster? Seriously, stop reading this program right now and go watch at least one episode. All seasons are available to stream on YouTube, and it’s totally binge-worthy.

Come join the contestants as they see how they performed for each task and get graded by our very own TaskMooster. The winner gets to take home the coveted Golden Telephone and bragging rights for being the TaskMooster champion.

#### Participant Prerequisites

The participants are selected in advance. We will film the pre-con tasks in Maryland several months before DEF CON and then will convene on stage at DEF CON in August for the live event.

#### Pre-Qualification

None

The TeleChallenge might be the craziest experience you will ever have on your phone. We create a fully immersive virtual world, in which an epic battle of wits and skill is contained. While we do show up in the real world as well, reality is optional. The TeleChallenge is playable entirely on a touch tone phone. Tune in, turn on, and drop out.

You’ll have no context, no remote, and no TV guide. You won’t know where you are, what you’re doing, or what is real. How deep does the rabbit hole go? That largely depends on you. It’s dangerous to go alone, so get your friends and family together in a calling circle bundle. Diverse perspectives are a great way to look around corners and avoid blind spots, but you’ll need more than these alone. This is a very difficult contest, and is designed to be among the most challenging at DEF CON. Winning teams have always been serious and dedicated, but not necessarily experienced. One previous winning team was at their very first DEF CON!

Joining the TeleChallenge means you’re joining an immersive experience. You may place and receive live and recorded calls as part of your participation. The DEF CON Code of Conduct applies both to players and to the TeleChallenge, and the contest is rated PG-13.

Where can you find us? Part of the Challenge is discovering the TeleChallenge. And don’t forget to use promo code #MICHAELKEY

From Caesar to Vigenère, or DES to RSA, hackers have been making and breaking codes for thousands of years. If you love puzzles, this is the perfect opportunity to join this fine tradition and break some codes!

The Gold Bug is an annual puzzle hunt at DEF CON, focused on cryptography. While some puzzles will dig into substitution ciphers or more modern algorithms, others may test your logic and pattern recognition.

The Gold Bug is accessible to all, with some simpler puzzles for warmup or beginners (even kids!), and others that will require you to keep digging and wonder how deep the layers will go. Whether you want to hack on puzzles solo or with a team, join us at https://goldbug.cryptovillage.org to get started!

#### Participant Prerequisites

No prior experience or specific knowledge is required to participate in The Gold Bug. Participants will need to use a web browser to access the puzzles and submit answers. Puzzles may take such forms as images, PDF files, web pages, or multimedia files.

#### Pre-Qualification

The Gold Bug does not require pre-qualification.

The Pwnies are an annual awards ceremony celebrating and making fun of the achievements and failures of security researchers and the wider security community. Every year, members of the infosec community nominate the best research and exploits they’ve seen. The Pwnie Award nominations are judged by a panel of respected security researchers and former pwnie award recipients – the closest to a jury of peers a hacker is likely to ever get. At this event DEF CON attendees will get a first person look at some of the most groundbreaking research and hacks in the cyber security community of the past year, and the winners get some well deserved recognition from the broader community for the great work they’ve done.

#### Participant Prerequisites

We do not have any strict prerequisites. We publish nominees ahead of time to give people a heads up that they may want to attend DEF CON to accept the award if they win.

#### Pre-Qualification

Kind of! We accept nominees earlier in the year and then publish and announce them at Summercon every year. Summercon will be held in Brooklyn, NY on 7/11/2025. Members of the community and past Pwnie Award Winners then vote on who should win each category. Those winners are then announced during the show at DEF CON.

Want to protect your noggin from Taylor Swift’s PsyOps plot for global domination? Have you angered our new AI Overlords, and now need to hide? Or do those alien mind control rays just have you feeling down lately? Fear not, for we here at the Tin Foil Hat Contest have your back for all of these! Come find us in the contest area, and we’ll have you build a tin foil hat which is guaranteed to provide top quality protection for your cerebellum . How you ask? SCIENCE!

Show us your skills by building a tin foil hat to shield your subversive thoughts, then test it out for effectiveness.

There are 2 categories: stock and unlimited. The hat in each category that causes the most signal attenuation will receive the “”Substance”” award for that category. We all know that hacker culture is all about looking good though, so a single winner will be selected for “”Style””. We provide all contestants a meter of foil, but you’re welcome to acquire and use as much as you want from other sources.

#### Participant Prerequisites

N/A

#### Pre-Qualification

N/A

With Venator Aurum, we invite you to step into the shadows of the digital realm, where your wits, skills, and tenacity will be tested like never before. This contest is a thrilling journey through the labyrinth of the hacker underground, designed to push your technical boundaries and ignite your passion for cybersecurity through mind-bending challenges. In this gauntlet of digital intrigue and real-world enigmas, you’ll decrypt ancient ciphers, crack impenetrable codes, manipulate hardware at the edge of possibility, and unravel puzzles that blur the line between the virtual and the tangible. Whether you’re a seasoned cryptographer, a reverse-engineering virtuoso, or a 1337 PWN wizard, Venator Aurum has something to test your limits. Dare to outthink, out code, and outmaneuver the best? Step into the hunt. The gold awaits those who can seize it

#### Participant Prerequisites

While not required, these resources will help: laptop and/or smartphone

#### Pre-Qualification

No

warl0ck gam3z CTF is a hands-on 24/7 throw-down, 3 time black badge hacker competition, focusing on areas of physical security, digital forensics, hacker challenges and whatever craziness our exploit team develops. This is an online framework so participants can access it regardless of where they are or what network they are connected to via laptop, netbook, tablet or phone.

Most challenges require participants to download something that pertains to the problem at hand and solve the challenge using whatever tools, techniques or methods they have available.There are a multitude of point gainers on and off the game board. Extra point gainers will randomly appear on the game board in the form of The Judge, Bonus Questions, Free Tokens, One Time Tokens, Movie Trivia Quotes, Scavenger Hunts (online and onsite), Lock Picking (onsite) and Flash Challenges. Be careful of the 50/50 Token which may add or subtract points to your score.

The game board contains a scoring area so participants can view current standings. There is always on onsite/online moderator to assist participants that may be experiencing issues as well. All events highlights that occur on the game board are sent o to Twitter as they happen. Additionally, our Facebook site will be populated with information regarding the challenge and the current state of events.

#### Pre-Qualification

no

“Whose Slide Is It Anyway?” is the unholy union of improv comedy, hacking, and slide deck sado-masochism. We are the embodiment of the hacker battle cry “FUCK IT, WE’LL DO IT IN PROD.”

Our team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.

But….why?

Because for us, the stage is hallowed ground and since stupidity can’t be stopped, we decided to weaponize it. Whether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family.

#### Participant Prerequisites

A blatant and offensive disregard to any and all comfort zones to which one has heretofore been accustomed.

#### Pre-Qualification

None.