List of Events presented by Creators ( Villages, Communities, etc)
Creator Events Short Table
.edu Community
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C201 (.edu Community)When: | Sunday, Aug 10, 10:00 – 13:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
All day Esports arena. Challenge your friends and drop shells, green, red, and blue.
5 stories to understand quantum computing
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-206 (Quantum Village)When: | Friday, Aug 8, 10:00 – 10:59 PDT |
Quantum can be confusing. In this talk, Sohum will share the five stories that helped define the field of quantum computing as is today. These stories answer the most pressing questions about quantum computing, including:
1) What is quantum computing going to help us with, and why is it important?
2) What’s taking so long?
3) Who’s winning the race?
4) What does a quantum future look like?
People:
SpeakerBio: Sohum Thakkar
Sohum Thakkar is on a mission to make quantum computing intuitive for everyone. A former Apple engineer and quantum algorithms researcher at QC Ware — where he worked with Fortune 100 clients including JP Morgan, Roche, and the U.S. Air Force Research Lab — Sohum combines deep technical expertise with a proclivity for storytelling. He is the founder of Qolour, which teaches quantum concepts through digital storytelling and a hands-on device called Qubi, a sphere that behaves according to the laws of quantum mechanics. His work bridges science, design, and education to raise global quantum literacy.
A Look into Using Native Godot Calls to Create Malware
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 4When: | Friday, Aug 8, 12:00 – 15:50 PDT |
Using built in RPC calls godot allows for peer-to-peer calls were logic can be hidden on one side of the application versus the other.
- Will go into what these RPC calls are
- Discuss on how they can be implemented.
- Do a step-by-step creating a mini-malware client and server.
People:
SpeakerBio: Aaron Hogan
A long time contributor to the community with some random knowledge in different parts of the cybersecurity field.
Access Denied: How Students Can Enforce Their Disability Rights in Education
Creator Event Map Page – LVCC West-Level 2-W205 (The Diana Initiative Community)When: | Saturday, Aug 9, 12:00 – 12:59 PDT |
Have you ever wanted to, or tried to request accommodations? It isn’t as easy as it should be, and sometimes people (illegally) deny you. Come join our discussion group going over everyone’s (positive and negative) experiences of requesting legal accommodations, and sometimes having to fight for those accommodations.
People:
SpeakerBio: Marie “ScorpVayne” Hamilton
ScorpVayne is currently in Private Security and an Entrepreneur. She is interested in leveraging AI in offensive and defensive security and what it will mean for the environmental, political, and legal landscape. In her undergrad, she did a research symposium on ‘Quantum Self-Healing Artificial Intelligence: A Framework for Dynamically Encrypted Cybersecurity Defense.’ She is entering a Masters in Cybersecurity Law & Policy right after Hacker Summer Camp. Her interests are continuing to learn about red and blue team tools and playing capture the flags to see where she is lacking.
When she was younger, ScorpVayne’s Mother had to move the computer to the Master bedroom because ScorpVayne was addicted to the internet. She was so addicted that her first physical breaching experience was when she picked the lock to her Mother’s bedroom to access the computer and get on the internet when her Mother wasn’t home. Oh, the sound: Krrrkkkrr… tik tik tik tik tik… BRREEEEeeeeEEEEEeeeeeeee…shhhhhhHHHHHHHHH…BweeeeeeeooooooooooOOOop!tch-tch-tch-tch… skkkrrrzzzzzzzZZZZ…PeeeeooooWEEEEEeeeEEooo…brrrRRRRrrrrrrrkkk-k-k…ssssssssSSSSSSSkkkkkkkTTTTTTTTt…clik-clik!… click-click!…bee-bee-bee-bee-bee… FWEEEeeeeEOOOOoooo…
She loves to hike to peaks and cuddle her precious ragdoll kitty, Sir Flerken.
accessDenied: Step Into the Scenario. Deal the Consequences.
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-606 (Biohacking Village)-Device LabWhen: | Saturday, Aug 9, 15:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 11:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Welcome to accessDenied, a high-stakes, hands-on tabletop experience where you’re not just playing cards… you’re protecting critical infrastructure. Imagine trying to secure your facilities, water, power, communication, while your so-called “allies” across the table spot every vulnerability you missed. And you? You’re doing the same to them. In this game, you’ll simulate cyber attacks, defend your systems, and learn how breaches ripple through networks, all through fast-paced, strategic play based on real-world incidents like the Maroochy Water hack and the Kyiv power grid attack.
🔍 Who Should Play?
- Newcomers curious about cybersecurity
- Security pros who like strategy games
- Engineers, students, and defenders looking to sharpen their threat modeling skills
- DEF CON attendees who want a break from screens and a seat at the table
🎯 What You’ll Learn
- How attacks link to defenses
- Why mitigation doesn’t always come fast enough
- How weak points in one system compromise others
- What “lateral movement” actually looks like 🧠 More Than a Game
accessDenied isn’t just for fun, it’s designed to educate non-cybersecurity players and create smarter conversations about digital threats to critical infrastructure. Whether you’re a hacker, a healthcare nerd, or just want to try something new, this tabletop challenge belongs in your DEF CON lineup.
Links:More Info – https://www.villageb.io/table-top-exercises
Details and Instructions – https://www.villageb.io/_files/ugd/67716d_9497b4d14e604f45aa98fd6f47b62e32.pdf
People:
SpeakerBio: Jack Voltaic, RIT
United States military installations and their surrounding communities share an interest in the resiliency of cyber-critical infrastructure systems. In addition to civil-military interdependencies, a failure in one critical infrastructure sector can cause cascading effects across others. ACI launched the Jack Voltaic (JV) initiative to address gaps and build resilience. Beginning with the first exercise (JV 1.0) in 2016, these exercises addressed multi-sector cyber-critical infrastructure challenges.
Civil-military Local, community level Multi-sector Unclassified
With JV 4.0, ACI’s critical infrastructure resilience program will mature and transition. Through partnerships with other academic and policy communities, ACI seeks to foster the growth of JV-inspired practices. Multiple initiatives through 2025 will build upon the momentum and lessons of JV 1.0 – 3.0.
Addressable LEDs and WLEDs
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C103 (Illumicon Community)When: | Saturday, Aug 9, 13:30 – 14:30 PDT Friday, Aug 8, 13:30 – 14:30 PDT |
Adversary Simulator Booth – Adversary attack simulation and purple teaming hands-on booth
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-702 (Adversary Village)-Hands-On Activity AreaWhen: | Saturday, Aug 9, 11:00 – 16:59 PDT Sunday, Aug 10, 10:00 – 11:59 PDT Friday, Aug 8, 11:00 – 16:59 PDT |
Adversary Simulator booth has hands-on adversary emulation plans specific to a wide variety of threat-actors and ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics. This is a volunteer assisted activity where anyone, both management and technical folks can come-in and experience different categories of simulation, emulation and purple scenarios.
Adversary Simulator booth will be having a lab environment focused on recreating enterprise infrastructure, aimed at simulation and emulating various adversaries. Visitors will be able to view, simulate and control various TTPs used by adversaries. The simulator is meant to be a learning experience, irrespective of whether one is hands-on with highly sophisticated attack tactics or from the management.
Links:adversaryvillage.org/adversary-events/DEFCON-33/adversary-simulator – https://adversaryvillage.org/adversary-events/DEFCON-33/adversary-simulator
Adversary Village – Village Open
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-702 (Adversary Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT |
We are kicking off Adversray Village
Links:adversaryvillage.org/adversary-events/DEFCON-33/ – https://adversaryvillage.org/adversary-events/DEFCON-33/
AI Red Team
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-404 (AIxCC)-Collaborator SpaceWhen: | Friday, Aug 8, 10:00 – 11:59 PDT |
During this demo, we will showcase some labs and exercises, where participants can experience first hand what it is like to think — and hack — like an AI Red Teamer. The exercises are taken from Hack The Box’s offering on the AI Red Teamer Job Role Path, designed in collaboration with Google’s ML Red Team.
People:
SpeakerBio: Olesya Menon, Google
No BIO available
AI Supply Chain: Generating AI SBOMs for Hugging Face Models
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-Arsenal 1When: | Friday, Aug 8, 10:30 – 11:30 PDT |
AI systems are entering your software supply chain—whether you planned for it or not. This open-source tool generates AI SBOMs for Hugging Face models, parsing whatever metadata it can find (or infer) into CycloneDX JSON format. It includes an AI SBOM completeness score, supports downloads, and offers APIs for integration into your workflows. It’s the first tool to do this for AI models on HF, built for security teams who want visibility into what these models are made of. Stop by to see it in action.
People:
SpeakerBio: Helen Oakley
Helen Oakley, CISSP, GPCS, GSTRT, operates at the intersection of AI, cybersecurity, and software supply chains—where the rules are still being written. At SAP, she leads a global team of architects and security experts, securing development and pipelines at scale. She built the first open-source AI SBOM generator for Hugging Face models to bring clarity to AI supply chains. Helen is a core contributor to OWASP’s Agentic AI Security guide, mapping how autonomous systems can be attacked or manipulated. She also co-leads the AI SBOM initiative under CISA and is a Founding Partner of AISUF.org, shaping secure AI frameworks for critical infrastructure. Named one of the Top 20 Canadian Women in Cybersecurity, she co-founded LeadingCyberLadies.com to support and connect the next wave of builders, breakers, and leaders.
AIMaL: Artificially Intelligent Malware Launcher
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 1When: | Friday, Aug 8, 12:00 – 13:50 PDT |
AIMAL (Artificially Intelligent Malware Launcher) is a modular red team framework built to simulate advanced malware evasion techniques against modern AV/EDR/IDS solutions. It supports Process Herpaderping, Process Hollowing, Thread Hijacking, Process Ghosting, and many other Evasion Techniques as delivery mechanisms, with stealth enhancements including PPID spoofing, shellcode polymorphism, syscall mutation (Hell’s Gate), and aggressive AMSI/ETW bypassing. AIMAL adapts to simulated detection responses through a feedback loop that mutates behavior on the fly — rotating techniques until the payload bypasses detection. Integration with the OpenAI API allows AIMAL to suggest the best evasion strategy based on alert context, helping simulate the decision-making process of advanced threat actors. Designed for research, red teaming, and adversarial simulation, AIMAL brings real-world stealth techniques into an intelligent feedback-driven system that learns and adapts like an evolving threat. Whether used for red team drills or research into next-gen evasion, AIMaL demonstrates how AI can weaponize malware beyond static signatures and into dynamic decision-making.
This process is not just about executing code — it’s about demonstrating how real malware adapts. The user is taken through a full offensive simulation workflow: 1. AIMAL prints a stylized menu with ET options. 2.The user selects an evasion technique (e.g., Process Herpaderping). 3. The user selects a payload (e.g., reverse shell). 4. AIMAL copies and prepares the full module structure (not just EXEs). 5. The user simulates a detection alert type and string. 6. AIMAL uses OpenAI to suggest a bypass strategy. 7. The user can authorize AIMAL to automatically:Addjunkfunctions (hash evasion), Inject stealth upgrades (e.g., call RandomNoise(), add extra PolymorphShellcodeAfter()), Apply PPID spoofing or syscall mutations, Rebuild, mutate and repack the payload.
AIMAL has already demonstrated success against multiple AVs. Using static stealth alone, it bypassed both signature and behavioral detection of Windows Defender and McAfee. Bitdefender and Kaspersky were bypassed on static signatures; after OpenAI integration, AIMAL also defeated their behavioral detection.
https://github.com/EndritShaqiri/AIMaL
People:
SpeakerBio: Endrit Shaqiri
Endrit Shaqiri is an offensive security researcher, red team tool developer, and international karate champion currently pursuing his Master’s in Cybersecurity Engineering and Cryptography at Istanbul Technical University. He is also admitted to Boston University’s Master’s in Artificial Intelligence program, where he plans to continue his research on AI-powered malware and adaptive evasion systems. He is the creator of AIMaL — the Artificially Intelligent Malware Launcher — a modular framework designed for simulating modern malware evasion techniques against AV/EDR/IDS systems. Endrit has built a tool that bridges hands-on malware development with AI-assisted mutation logic. His passion lies in crafting adaptive malware simulation frameworks for red teamers, researchers, and students alike. This is his first appearance at DEF CON, bringing a glimpse of how tomorrow’s adversaries may automate and evolve in real-time.
SpeakerBio: Natyra ShaqiriNatyra Shaqiri is a cybersecurity student at Southern Maine Community College with a growing focus on malware analysis, system security, and ethical hacking. As co-developer of AIMAL — the Artificially Intelligent Malware Launcher — Natyra has contributed to the design and modularization of the tool’s evasion techniques, helping implement feedback-driven mutation logic and stealth strategy testing. She is passionate about adversarial security, system internals, and hands-on red team simulation frameworks. This marks her debut at DEF CON, where she brings the perspective of a rising cybersecurity engineer.
Aircraft onboard AI cyber detection
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT |
While the Cyber Demonstrator challenge is occurring, folks will be able to see what’s happening inside the avionics on the aircraft and how their logging and reporting interacts with AI analysis systems to generate cyber alerts.
Aranya Open-Source messaging system hands-on workshop
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Sunday, Aug 10, 10:30 – 11:59 PDT Friday, Aug 8, 12:00 – 13:30 PDT Friday, Aug 8, 15:30 – 16:59 PDT |
Max 20 attendees since hardware is included for free.
Want to play with an open-source messaging system that has been deployed to space for a number of on-orbit projects?
In this workshop, you will work with a toolkit designed to create flexible and secure digital interactions across distributed systems while also eliminating common problems associated with consistency, availability, and partitioning of these systems and architectures. We’ll walk you through compiling, configuring, and deploying a simple distributed wireless messaging application on our ESP32 badge board. Once it’s flashed and working, the hardware is yours! Then dig deeper to learn the mechanisms that make Aranya work and make your own modifications.
The badge board you will receive is a multi-purpose development board based on the ESP32-S3 with 2MB PSRAM and 4MB Flash. It provides battery management, USB-C, two Qwiic ports, microSD, a big RGB notification LED, and a big tactile button. Battery included! For more information, check out the repo.
Toolz: A Mac or Linux machine (WSL will work) and a USB type-C cable. Chrome or Python for the front-end.
Skillz: Familiarity with command-line tools. Understanding Rust, Embassy, and esp-rs will be handy, but not required.
Artificially Insecure
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 1When: | Saturday, Aug 9, 15:00 – 16:59 PDT |
Artificially Insecure turns secure-coding training into a high-energy tabletop challenge. In six rounds, players draw AI-generated code-snippet cards each round. Your mission is to locate the flaw and spell out the correct code to get an instant prize and be entered into a Lego giveaway.
People:
SpeakerBio: Ken “cktricky” Johnson, Co-Founder and CTO at DryRun Security
Ken Johnson, has been hacking web applications professionally for 16 years. Ken is both a breaker and builder and is the CTO & Co-Founder of DryRun Security. Previously, Ken was a Director with GitHub’s Product Security Engineering team and has held both technical and leadership roles both within the consulting world as well as a corporate defender. Previously, Ken has spoken about varying AppSec topics at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, OWASP Global events, DevOpsDays DC, LASCON, RubyNation, and numerous other events. Ken’s current passion project is the Absolute AppSec podcast with Seth Law and the practical secure code review course they offer thru DEF CON and other training venues.
Ken utilizes LLMs heavily in his work and has a wealth of real world applicable skills to share in applying LLMs to the application security domain.
Artificially Insecure
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 1When: | Friday, Aug 8, 11:00 – 12:59 PDT |
Artificially Insecure turns secure-coding training into a high-energy tabletop challenge. In six rounds, players draw AI-generated code-snippet cards each round. Your mission is to locate the flaw and spell out the correct code to get an instant prize and be entered into a Lego giveaway.
People:
SpeakerBio: Ken “cktricky” Johnson, Co-Founder and CTO at DryRun Security
Ken Johnson, has been hacking web applications professionally for 16 years. Ken is both a breaker and builder and is the CTO & Co-Founder of DryRun Security. Previously, Ken was a Director with GitHub’s Product Security Engineering team and has held both technical and leadership roles both within the consulting world as well as a corporate defender. Previously, Ken has spoken about varying AppSec topics at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, OWASP Global events, DevOpsDays DC, LASCON, RubyNation, and numerous other events. Ken’s current passion project is the Absolute AppSec podcast with Seth Law and the practical secure code review course they offer thru DEF CON and other training venues.
Ken utilizes LLMs heavily in his work and has a wealth of real world applicable skills to share in applying LLMs to the application security domain.
Attacking Kubernetes: Tools and Tactics to Compromise Your First Cluster
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 2When: | Sunday, Aug 10, 10:00 – 11:55 PDT |
Kubernetes is the de facto operating system of the cloud, and more and more organizations are running their workloads on Kubernetes. While Kubernetes offers many benefits, it also introduces new security risks, such as cluster misconfiguration, leaked credentials, cryptojacking, container escapes, and vulnerable clusters.
In this hands-on session, attendees will dive into the world of Kubernetes security by exploring powerful open source tools and practical techniques used to audit and exploit K8S clusters. You’ll learn how to quickly identify misconfigurations and vulnerabilities in containerized applications running on Kubernetes, leverage those weaknesses to steal service account tokens, move laterally across the environment, and potentially take full control of the cluster. Whether you’re a red teamer, bug bounty hunter, or just getting started in cloud security, this session will equip you with the skills to pwn your first Kubernetes cluster.
People:
SpeakerBio: Lenin Alevski, Security Engineer at Google
Lenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.
Automated security assessment for CCSDS protocols
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Hands-on Demonstration – approximately 40 minutes to learn about the protocol and system, the research behind the tool, and the hands-on activity.
Participants will learn about the standard satellite communication protocol developed by the Consultative Committee for Space Data Systems (CCSDS). The CCSDS protocols prioritize reliability and efficiency, however those guidelines are often ignored or implemented improperly. We will demonstrate how to detect and protect against vulnerabilities in CCSDS protocols. We want to inform those in the space sector about potential problems in CCSDS protocols and their impacts, along with a method for automating security assessments of these systems.
Badge Drop – Black Badge Raffle TCG
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)-Table 1When: | Saturday, Aug 9, 14:00 – 14:30 PDT Friday, Aug 8, 14:00 – 14:30 PDT Saturday, Aug 9, 11:00 – 11:30 PDT Friday, Aug 8, 11:00 – 11:30 PDT |
People:
SpeakerBio: Sonicos
No BIO available
Badge Drop – GigaGeiger
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)-Table 1When: | Friday, Aug 8, 10:30 – 10:59 PDT Friday, Aug 8, 17:30 – 17:59 PDT |
People:
SpeakerBio: Penzz
No BIO available
Badge Drop – Hack ‘em Crack ‘em Robots
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)-Table 1When: | Friday, Aug 8, 15:00 – 15:30 PDT Saturday, Aug 9, 11:00 – 11:30 PDT |
People:
SpeakerBio: NilbinSec
No BIO available
Badge Drop – Laser* Tag Badge
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)-Table 2When: | Saturday, Aug 9, 10:30 – 10:59 PDT Friday, Aug 8, 14:00 – 14:30 PDT |
People:
SpeakerBio: dani.pink
No BIO available
Badge Drop – Masonic33 Badge
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)-Table 2When: | Friday, Aug 8, 10:30 – 10:59 PDT |
People:
SpeakerBio: Heal-Hak4Kidz
No BIO available
Badge Drop – NeoSword
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)-Table 1When: | Friday, Aug 8, 13:00 – 13:30 PDT Saturday, Aug 9, 14:30 – 14:59 PDT |
People:
SpeakerBio: Wrickert
No BIO available
Badge Drop – Rust Badge
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)-Table 1When: | Friday, Aug 8, 15:30 – 15:59 PDT |
People:
SpeakerBio: Alee97422
No BIO available
Badge Drop – SaO MANY SAOs
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)-Table 1When: | Saturday, Aug 9, 10:00 – 10:30 PDT Friday, Aug 8, 16:30 – 16:59 PDT Friday, Aug 8, 10:00 – 10:30 PDT Saturday, Aug 9, 17:00 – 17:30 PDT |
People:
SpeakerBio: Vortex1 – Coruscant Ventures
No BIO available
Badge Drop – Shitty Kitty v2
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)-Table 1When: | Saturday, Aug 9, 13:00 – 13:30 PDT Friday, Aug 8, 14:30 – 14:59 PDT |
People:
SpeakerBio: Lipo
No BIO available
Badge Drop – Submarine Badge/FrogStar Badge/FightDystopia Badge
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)-Table 1When: | Friday, Aug 8, 11:30 – 11:59 PDT |
People:
SpeakerBio: Jeff “BigTaro” Geisperger
Jeff Geisperger is a security engineer with 15 years of experience specializing in hardware and device security. His work ranges from low-level firmware and embedded systems to the cloud services that power modern devices, with a focus on end-to-end security across the stack. Outside of his professional role, Jeff is active in the hardware hacking and badgelife communities. What began as a hobby collecting badges has grown into designing both indie and large-scale conference badges for thousands of attendees.
Badge Drop – The Hacker Pager
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)-Table 1When: | Friday, Aug 8, 13:30 – 13:59 PDT |
People:
SpeakerBio: Exploitee.rs
No BIO available
Badge Drop – The Hacker Pager
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)-Table 1When: | Saturday, Aug 9, 16:00 – 16:30 PDT |
People:
SpeakerBio: Exploitee.rs
No BIO available
BloodHound Enterprise CTF
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 1When: | Saturday, Aug 9, 11:00 – 16:50 PDT |
Tactic activity that can run for the length of the village each day. CTF activity where attendees can use Bloodhound Enterprise in a simulated environment to gain flags. CTF windows is 20 mins for each registered user
People:
SpeakerBio: Hugo van den Toorn
Hugo is former Chief Information Security Officer and has now transitioned back to help other organizations understand adversary tradecraft. With over twelve years of experience in the Information Security industry, he has a solid technical and executive background as hands-on security leader.
Hugo has experience with and a keen interest in Social engineering, phishing and physical penetration testing. Nowadays, Hugo takes pride and joy in helping individual team members and the business grow. With a strong technical foundation, Hugo combines his passion for security, teaching and hacking with a drive for continuous improvement and optimization of people, processes and technology.
SpeakerBio: Joey DreijerNo BIO available
Bootloader? I hardly know her!
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
A practical guide to hardware hacking.
Join IoT Village for a hands-on workshop where people can learn step-by-step techniques to gain root access on a smart camera. Some of the methods involved are PCB analysis, power analysis, and exploiting debug interfaces to achieve shell access.
BotNet
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 12:59 PDT |
Join us for an interactive workshop where we will walk you through the ins and outs of botnet deployment and operation via a command and control web server. Geared towards beginners, this workshop offers a hands-on approach to understanding how botnets function. You’ll also learn an effective defense strategy against the botnet you have created. No experience needed we will give you everything you need!
Breach and attack simulation exercises – Guided breach and offensive attack simulation hands-on exercises
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-702 (Adversary Village)-Hands-On Activity AreaWhen: | Saturday, Aug 9, 13:00 – 16:59 PDT Friday, Aug 8, 11:00 – 16:59 PDT Sunday, Aug 10, 10:00 – 11:59 PDT |
This area will feature guided breach simulation exercises for participants to engage with. There will be two activities, “Breach-the-Hospital” and “Breach-the-Office,” based on two LEGO sets. A simulated cyber range will be available for each scenario, providing an exact replica of an enterprise production environment. We will provide a detailed walkthrough of the attack scenarios, including Tools-Techniques-and-Procedures (TTPs) commands and how-to guides, demonstrating how to atatck and breach the hospital’s infrastructure or the office environment. This exercise will give participants a clear understanding of how adversaries infiltrate corporate environments.
Links:adversaryvillage.org/adversary-events/DEFCON-33/breach-simulation-exercises – https://adversaryvillage.org/adversary-events/DEFCON-33/breach-simulation-exercises
Bricks in the Air
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT |
Bricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation.
Bug Bounty Village Closing Ceremony
Creator Event Map Page – LVCC West-Level 3-W326 (Bug Bounty Village)When: | Sunday, Aug 10, 13:30 – 13:59 PDT |
Final words, thanks, and giveaways.
People:
SpeakerBio: Bug Bounty Village Staff
No BIO available
Bug Bounty Village CTF Awards
Creator Event Map Page – LVCC West-Level 3-W326 (Bug Bounty Village)When: | Sunday, Aug 10, 13:00 – 13:30 PDT |
Join us at the Bug Bounty Village for the CTF Award Ceremony, where we celebrate the top performers of our inaugural Capture The Flag competition. During this in-person ceremony, we’ll recognize the highest-ranking participants on the leaderboard and award prizes to those present. If you’ve competed in the CTF and secured a spot on the leaderboard, make sure to attend and claim your prize! This is a unique opportunity to honor the skill and creativity of the global hacking community and to connect with fellow researchers and organizers. We look forward to seeing you there!
People:
SpeakerBio: Bug Bounty Village Staff
No BIO available
SpeakerBio: CTF.ae
No BIO available
Build Your Own Meshtastic Node: Off-Grid, Encrypted LoRa Meshnets for Beginners!
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Saturday, Aug 9, 15:00 – 16:30 PDT |
Kit cost $100
Links:Registration – https://retia.io/products/dc33-workshop-build-your-own-meshtastic-node-off-grid-encrypted-lora-meshnets-for-beginners-fri-8-9-25-125-00-16-30
Build Your Own Meshtastic Node: Off-Grid, Encrypted LoRa Meshnets for Beginners!
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Friday, Aug 8, 12:00 – 13:30 PDT |
Kit cost $100
Caldera for OT Mini-CTF
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Friday, Aug 8, 12:30 – 16:59 PDT |
Join us to learn about OT security related to the ground stations that enable space system operations. In this mini-CTF participants will:
- Seek out hidden flags as they experiment with different messages in the space ground system protocol, aka GEMS.
- See a live demonstration of a 3-pronged attack against the key systems within a control facility, such as building automation and power control systems, and learn from experts about the specific techniques being used.
- Learn about the current state of OT simulation with industrial protocols and where further tools should be developed.
We’ll provide the laptops during this 20 minute experience. You provide some general knowledge of networking and packet routing, and we’ll tailor the experience for experts on those topics.
Capture The Packet
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 12:59 PDT |
Come compete in the world’s most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.
Career Fair: Interview Tips and Referral
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C104 (BBWIC Foundation)When: | Friday, Aug 8, 10:00 – 17:59 PDT |
Join us on Day 1 of DEFCON for an insightful session on mastering interview techniques and leveraging referrals in the cybersecurity industry. Learn from experts about the best practices to ace your interviews and how to effectively network to get those valuable referrals
People:
SpeakerBio: Krity Kharbanda, Senior Application Security Engineer at ServiceNow
Krity is currently working as Senior Application Security Engineer at ServiceNow.
SpeakerBio: Aastha Sahni, Security Analyst II at MicrosoftAastha is currently working as Security Analyst II at Microsoft.
Career Fair: Resume Review
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C104 (BBWIC Foundation)When: | Saturday, Aug 9, 10:00 – 17:59 PDT |
On Day 2 of DEFCON, bring your resume for a comprehensive review by industry professionals. Get personalized feedback and tips to enhance your resume, making it stand out to potential employers in the cybersecurity field.
People:
SpeakerBio: Ruchira Pokhriyal, Senior Threat Detection and Response Engineer at Lending Club
Ruchira is currenty working as a Senior Threat Detection and Response Engineer at Lending Club.
SpeakerBio: Harini Ramprasad, Security Engineer at SnapHarini is currently wokring as Security Engineer at Snap.
Catch the Flow: Securing CI/CD with Flowlyt
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-Arsenal 1When: | Saturday, Aug 9, 10:30 – 11:30 PDT |
In March 2025, a critical supply chain attack struck the popular GitHub Action tj-actions/changed-files
, used by more than 23,000 repositories. The attacker slipped in a malicious version that silently exfiltrated CI/CD secrets by printing them to workflow logs—everything from Personal Access Tokens to private SSH keys was suddenly at risk. This incident (CVE-2025-30066) revealed just how easy it is for a trusted third-party action to turn into a threat vector, especially when security controls around CI/CD workflows are lacking.
We built Flowlyt as a static analysis and policy-as-code tool that scans GitHub Actions workflows for signs of malicious behavior, hardcoded secrets, and insecure patterns. With support for Open Policy Agent (OPA), it lets security teams define and enforce custom rules that align with their CI/CD security standards.
People:
SpeakerBio: Arif
Senior Security Engineer with 5+ years of experience helping companies build and ship secure products without slowing down innovation. I specialize in Web, API, and Mobile Pentesting, Cloud Security, Threat Modeling, and embedding scalable SSDLC practices. My security journey began with curiosity and evolved into real-world impact—during an audit, I uncovered a critical flaw that could’ve exposed sensitive internal data. At Poshmark, I’ve led third-party library risk assessments, performed architecture reviews for key features, and rolled out secure coding practices across engineering. My threat modeling work improved early risk detection by 40%. Outside of work, I run hands-on security workshops, organize CTFs, and speak at conferences like c0c0n and Seasides. I’m open to the chance to solve real-world security challenges. Let’s connect and build secure systems that scale.
SpeakerBio: HKHare Krishna Rai is a passionate cybersecurity professional with experience in software supply chain security. Currently serving as a Product Security Engineer at a fintech company, they also co-contribute to the SCAGoat open-source project. With over three years of experience in software supply chain security, their expertise spans code review, penetration testing, and GenAI LLM penetration testing.
Hare is an active speaker, having presented at prestigious events such as DEF CON Demolabs, AppSec Village Arsenal, Black Hat, c0c0n, and Null Hyderabad. Beyond their professional pursuits, they enjoy listening to music, watching sci-fi movies, and reading books for personal growth. Always eager to take on new challenges, Hare is committed to advancing their career in cybersecurity and contributing to the broader infosec community.
SpeakerBio: Nandan GuptaNandan Gupta is an Application Security Engineer with a strong passion for cybersecurity. He focuses on penetration testing, secure code reviews, and threat modeling to identify and mitigate vulnerabilities early in the development lifecycle.
SpeakerBio: kvprashantPrashant Venkatesh is an information security expert with over 20 years of experience. He presently works as a Product security Leader
Prashant is an enthusiastic participant in the field who consistently coordinates, reviews papers, and presents his work at numerous InfoSec conferences, including at Nullcon and c0c0n. He is also active through the OWASP Bay Area chapter Leadership and he is co-founder of annual Seasides Conference.
Choose-your-own-Adversary-Adventure Tabletop Game
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-702 (Adversary Village)-Hands-On Activity AreaWhen: | Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 11:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Adversary adventure is a story-scenario based, interactive, cyber war-gaming, choose-your-own adventure model interactive game. This is a gamified version of table-top exercises which is presented to the participants as they can choose to play as an attacker, post exploitation OR a Defender who is defending against an attacker group-threat actor OR even play as a CISO who is dealing with an adversarial situation such as a ransomware incident.
Links:adversaryvillage.org/adversary-events/DEFCON-33/choose-your-own-adversary-adventure – https://adversaryvillage.org/adversary-events/DEFCON-33/choose-your-own-adversary-adventure
Claude for Defenders: Beyond Automation to Augmentation
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-404 (AIxCC)-Collaborator SpaceWhen: | Friday, Aug 8, 16:00 – 17:50 PDT |
There’s a lot of air time given to offensive cyber capabilities – and no doubt, we’re in a new era of AI-assisted cyber capabilities. But what about the defenders? We’ve been forcing AI to imitate human analyst workflows, but what if that’s holding both machines and humans back? Through real-world experiments at Anthropic, we’ll show how letting AI tackle security problems in its own way can allow humans to focus on the nuanced work machines can’t do (yet).
People:
SpeakerBio: Jackie Bow, Anthropic
No BIO available
Cold Calls
Creator Event Map Page – LVCC West-Level 3-W317-W319 (Social Engineering Community Village)When: | Sunday, Aug 10, 10:45 – 11:30 PDT |
This is your last chance to place a phone call from inside the soundproof booth! You know you want to!
Cold Calls
Creator Event Map Page – LVCC West-Level 3-W317-W319 (Social Engineering Community Village)When: | Friday, Aug 8, 17:00 – 17:59 PDT |
Got nerves of steel? Step into our soundproof booth, grab a mystery target with its number and three challenge tiers, and see if you can nail easy, medium, and hard objectives – first come, first served!
Links:More Info – https://www.se.community/cold-calls/
Cold Calls
Creator Event Map Page – LVCC West-Level 3-W317-W319 (Social Engineering Community Village)When: | Saturday, Aug 9, 15:30 – 17:59 PDT |
Want to give vishing a shot? Step into our soundproof booth, grab a mystery target with its number and three challenge tiers, and see if you can nail easy, medium, and hard objectives – first come, first served!
Links:More Info – https://www.se.community/cold-calls/
Color with Friends & Smallstep
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 3When: | Friday, Aug 8, 13:00 – 14:59 PDT |
Take a step away from the village chaos and make art with friends. Journey through the woods, space, and a disco skate rink with Smallstep’s trusted opossum, Craig, as you color your way to certificate nirvana.
People:
SpeakerBio: Carl Tashian
No BIO available
SpeakerBio: Hunter Hawke
No BIO available
Color with Friends & Smallstep
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 3When: | Saturday, Aug 9, 11:00 – 12:59 PDT |
Take a step away from the village chaos and make art with friends. Journey through the woods, space, and a disco skate rink with Smallstep’s trusted opossum, Craig, as you color your way to certificate nirvana.
People:
SpeakerBio: Carl Tashian
No BIO available
SpeakerBio: Hunter Hawke
No BIO available
Color with Friends & Smallstep
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 2When: | Saturday, Aug 9, 15:00 – 16:59 PDT |
Take a step away from the village chaos and make art with friends. Journey through the woods, space, and a disco skate rink with Smallstep’s trusted opossum, Craig, as you color your way to certificate nirvana.
People:
SpeakerBio: Carl Tashian
No BIO available
SpeakerBio: Hunter Hawke
No BIO available
Comadres en cyber Meetup (girls only)
Creator Event Map Page – LVCC West-Level 2-W220-W221 (La Villa Community)-WorkshopsWhen: | Friday, Aug 8, 17:00 – 18:59 PDT |
Un espacio seguro y exclusivo para mujeres apasionadas por la ciberseguridad. El Comadres en Cyber Meetup es una oportunidad para conocerse, compartir experiencias, construir comunidad y apoyarse mutuamente dentro del ecosistema tech. Ya seas principiante o experta, este encuentro es para ti: para conectar, inspirar y seguir abriendo camino juntas en el mundo de la seguridad digital.
Conversational Security engineering across your aws cloud infrastructure
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Saturday, Aug 9, 16:00 – 16:59 PDT |
AWS Security MCP(Model Context Protocol) Server – is a tool I’ve built that fundamentally changes how security teams interact with their AWS environments. Instead of wrestling with the AWS CLI or sifting through thousands of findings from traditional scanners, you can simply talk to your AWS infrastructure using natural language.
This project connects AI assistants like Claude directly to your AWS account, enabling you to:
github link – https://github.com/groovyBugify/aws-security-mcp
Instantly locate resources by IP, tag, name or any attribute across your entire infrastructure
Generate threat models on-demand for specific services or team resources
Visualize attack paths and potential privilege escalation routes
Perform blast radius analysis to understand the impact of potential compromises
Seamlessly search across GuardDuty, SecurityHub, and IAM Access Analyzer findings
Ask natural questions like “Which EC2 instances have public IPs and excessive IAM permissions?”
We will also be covering how we designed the tool to maintain context and token size limits for any MCP Clients.
During my years leading cloud security and bug bounty hunting, I’ve repeatedly faced the frustration of piecing together information scattered across multiple AWS services. This tool solves that problem by providing a conversation layer that maintains context across your entire infrastructure.
In this talk, I’ll demonstrate real-world scenarios where AWS Security MCP helped identify complex security issues that traditional tools missed. For instance, discovering a privilege escalation path that crossed boundaries between EC2, IAM, and S3 which appeared as low-severity individual findings but created a critical attack path when combined.
I’ll show how you can:
Instantly identify which team owns a mysterious IP address appearing in your logs
Visualize the network connectivity between your microservices
Generate security assessments for resources tagged to specific applications
Uncover hidden attack paths by analyzing IAM permission chains
The tool is open-source and available today – you can start using it immediately after the talk to gain deeper insights into your own AWS environments
People:
SpeakerBio: Saransh Rana
Senior Security Engineer at CRED, working on solving Infrastructure Security problems!
Critical Draw – How to Build a Culture of Security the Right Way
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 1When: | Saturday, Aug 9, 13:00 – 14:59 PDT |
A strong security culture can’t be bought — it has to be built. The key lies in making security a natural, painless part of developers’ workflows – and knowing how is the difference between success and failure.
In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing and solving vulnerabilities with the right combination of tools, training, and AI – and finally achieving the elusive culture of security.
People:
SpeakerBio: Vincent Cannone
No BIO available
Critical Draw – How to Build a Culture of Security the Right Way
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 1When: | Saturday, Aug 9, 11:00 – 12:59 PDT |
A strong security culture can’t be bought — it has to be built. The key lies in making security a natural, painless part of developers’ workflows – and knowing how is the difference between success and failure.
In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing and solving vulnerabilities with the right combination of tools, training, and AI – and finally achieving the elusive culture of security.
People:
SpeakerBio: Vincent Cannone
No BIO available
Critical Draw – How to Build a Culture of Security the Right Way
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 2When: | Friday, Aug 8, 11:00 – 12:59 PDT |
A strong security culture can’t be bought — it has to be built. The key lies in making security a natural, painless part of developers’ workflows – and knowing how is the difference between success and failure.
In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing and solving vulnerabilities with the right combination of tools, training, and AI – and finally achieving the elusive culture of security.
People:
SpeakerBio: Vincent Cannone
No BIO available
Cryptojacking in the Cloud: Investigating Attacks on Container Clusters
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Friday, Aug 8, 11:00 – 12:59 PDT |
In this live incident response simulation, participants are divided into teams and dropped into the aftermath of a cryptojacking breach inside an AWS environment. Drawing from anonymized real-world incidents, each team receives a curated dataset of AWS-native logs representing a mining attack that originated from within an Amazon EKS cluster and abused EC2 nodes and IAM roles.
Participants are challenged to:
Detect if cryptomining took place
Identify the exact AWS resource responsible (EC2 instance or EKS pod)
Reconstruct the attack sequence using real AWS telemetry
Present a concise evidence-backed narrative of attacker behavior
No vendor tooling. No slides. Just a time-bound hands-on challenge with AWS-native logs and a simulated IR situation.
People:
SpeakerBio: Adelia Ibragimova
Adelia Ibragimova is a security engineer with a focus on cloud-native detection, incident response, and SOC automation. With hands-on experience at EPAM Systems and Amazon, designs and operates scalable detection platforms across AWS, GCP, and Azure, background includes real-time incident handling and the use of open-source tools to drive investigation and response in production environments
CTF Award Ceremony
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-CTFWhen: | Sunday, Aug 10, 11:50 – 11:59 PDT |
Cyber Demonstrator Challenge
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Participants fly a custom narrow-body airliner with realistic controls and functions on approach to KBZN while encountering various cyber-anomalies. This challenge typically takes about 6 minutes, with a maximum of 15 minutes.
Cyberjutsu Path to a Digital Martial Art
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-702 (Adversary Village)-Hands-On Activity AreaWhen: | Friday, Aug 8, 11:00 – 16:59 PDT Saturday, Aug 9, 10:00 – 12:59 PDT Sunday, Aug 10, 10:00 – 11:59 PDT |
Cyberjūtsu is a new way to teach cybersecurity inspired from martial arts trainings. It is an educational way which allows everyone (novice to expert) to practice together and improve themselves in cybersecurity through confrontation. It follows budō (judo, jujitsu, karate…) principles and ethical code. The goal is to reach “maximum-efficient use of computer” in a “mutual benefit” of a human confrontation. It’s a digital martial art fight e-sport using linux shell.
Links:adversaryvillage.org/adversary-events/DEFCON-33/cyberjutsu – https://adversaryvillage.org/adversary-events/DEFCON-33/cyberjutsu
DA-62 GPS Spoofing Challenge
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Participants fly a simulated DA-62 complete with realistic Garmin instruments on approach into KDAB while encountering randomized GPS-spoof related scenarios. You can successfully complete the scenario by safely landing on your cleared runway. This challenge typically takes about 7 minutes, with a maximum of 20 minutes.
DCG LAN Party: Frag You Very Much
Creator Event Map Page – LVCC West-Level 2-W237 (DEF CON Groups)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Ready to frag like it’s 1999? The DCG Community is going full retro with a Quake III Arena LAN party—Friday and Saturday from 10am to 6pm! We’ve got 20 battle-ready PCs set up for you to drop in, squad up, and face off against fellow DEF CON attendees. No sign-up, no pressure—just fast-paced fun, old-school energy, and scoreboard glory. Form your own teams, dominate the arena, or just jump in for a quick frag between talks.
💥 All skill levels welcome. Come for the chaos, stay for the camaraderie. GG.
Links:DEF CON Groups – https://defcongroups.org
People:
SpeakerBio: polomaster, Goon at DEF CON Groups
No BIO available
SpeakerBio: Nitetrain, Community Staff at DEF CON Groups
No BIO available
DCG805 SLO Meetup: Surf, Shells & Shellcodes
Creator Event Map Page – LVCC West-Level 2-W237 (DEF CON Groups)When: | Friday, Aug 8, 15:30 – 16:30 PDT |
Join DC805—San Luis Obispo’s DEF CON Group—for a Friday afternoon meetup in the DCG Community at DEF CON 33! Starting at 3:30pm, we’re bringing together SLO locals and friends of the group for chill conversations, hacker camaraderie, and Central Coast vibes. Whether you’re from the 805 or just want to meet a solid crew, come hang. No talks, just good people.
People:
SpeakerBio: Hankashyyyk
DC805 POC
SpeakerBio: FozzieDC805 POC
DCG831 Santa Cruz Meetup
Creator Event Map Page – LVCC West-Level 2-W237 (DEF CON Groups)When: | Friday, Aug 8, 12:00 – 12:59 PDT |
DCG Santa Cruz is back and under new management! Come meet us, talk nerdy, get some stickers, and learn how we keep the DEFCON ethos going year-round!
DCGVR Program Ends 🖖 / Socialize
Creator Event Page – OnlineWhen: | Saturday, Aug 9, 17:00 – 17:59 PDT |
The formal program ends. Come hangout in the space and chat for a bit more as we socialise into the evening.
Links:Join – https://www.dcgvr.org/
DDoS Wargames
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C202 (DDoS Community)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 12:59 PDT |
Come try your hand at being a DDoS attacker and/or defender in this fun cyberwar simulation. No experience or laptop needed! Sessions run every half hour.
DDV open and accepting drives for duplication
Creator Event Map Page – LVCC West-Level 2-W225 (Data Duplication Village)When: | Friday, Aug 8, 10:00 – 16:59 PDT Saturday, Aug 9, 10:00 – 16:59 PDT |
We reopen at 10: 00am and accept more drives until we reach capacity (usually late Friday or early Saturday). Then we copy and copy and copy all the things until we just can’t copy any more – first come, first served. Don’t forget – some require 8TB drives now. We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.
DDV starts accepting drives for duplication
Creator Event Map Page – LVCC West-Level 2-W225 (Data Duplication Village)When: | Thursday, Aug 7, 16:00 – 18:59 PDT |
We start taking drives at 4: 00pm local time on Thursday – possibly a little earlier. We’ll keep accepting drives until we reach capacity (usually late Friday or early Saturday). Then we copy and copy all the things until we just can’t copy any more – first come, first served. Note that some sources require 8TB drives now. We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.
Links:
Website – https://dcddv.org
Deck out your Device! Mobility device hacking & modding
Creator Event Map Page – LVCC West-Level 2-W219 (Hackers With Disabilities)When: | Thursday, Aug 7, 12:00 – 12:59 PDT |
DEF CON Academy
Creator Event Map Page – LVCC West-Level 2-W235 (DEF CON Academy)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
New to hacking? Start here. The DEF CON Academy is your entry point into the world of hacking and Capture the Flag (CTF) competitions. No experience? No problem. Stop by and you’ll start with the basics — Linux commands, web security, binary challenges, and reverse engineering — and build up from there at your own pace. Mentors and real CTF pros will be on-site to help you when you get stuck, explain concepts, and cheer you on. Come sit down for a bit, plug in, enjoy our scheduled talks, and start leveling up your skills in a hands-on, no-pressure environment.
DEF CON Texas Groups Meetup (DC713 & DC281)
Creator Event Page – Other / See DescriptionWhen: | Wednesday, Aug 6, 18:30 – 21:30 PDT |
It’s that time of year again friends – your lone star state cousins invite y’all to come hangout for midweek drinks and eats! Open to all.
Hosted by: The Cornish Pasty, 10 E Charleston Blvd, Las Vegas, NV 89104
Wednesday August 6th, 18:30-21:30
People:
SpeakerBio: Skittish and Bus
Genre: House
Defend the Airport CTF
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
As a participant your first step is to register ahead and read the rules at: https://aviationcyberctf.com/ and bring your own laptop to the venue.
Chaos at a major international airport. Flight info displays flicker with false data. Baggage systems fail. Aircraft controls are compromised. Even the skies are no longer safe. Your mission: investigate the breach, neutralize the threats, and take back control of the airport. The airport depends on you. The clock is ticking!
Demonstration
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C106 (Mobile Hacking Community)When: | Sunday, Aug 10, 10:00 – 11:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
A dedicated area equipped with the necessary tools, where visitors can experiment with various techniques and concepts under expert guidance.
Discover GE Appliances!
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Sunday, Aug 10, 10:00 – 13:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Join us for a self-guided interactive look at GE Applinces and get hands on with some of our most popular home appliances!
And for all Home Assistant enthusiasts!
Check us out and we will help you get started!
Find anything related to security? Contact our PSIRT by visiting our security webpage:
GEAppliances.comn/security
Discussion Group: 1st generation college student
Creator Event Map Page – LVCC West-Level 2-W205 (The Diana Initiative Community)When: | Friday, Aug 8, 11:00 – 11:59 PDT |
Being a first generation college student comes with unique struggles. We would love to have a discussion group for those who were, are, or are soon to be, in this situation. Our moderator has been through this experience and is ready to help lead and participate in a group discussion with others in similar circumstances
People:
SpeakerBio: Jessie “Ringer” Jamieson
Jessie Jamieson, aka “Ringer”, is a mathematician who loves using math to solve hard problems, but she loves helping others see the beauty and value of math even more! She has been invited to speak at mathematics and cybersecurity events about supply chain and AI-related risk, and has spoken internationally on the importance of data science maturity for cybersecurity effectiveness. Jamieson holds a PhD and a MS in Mathematics from the University of Nebraska – Lincoln, where she was a National Science Foundation Graduate Research Fellow. Jamieson has also held senior research roles at Tenable and the Johns Hopkins University Applied Physics Laboratory. She currently works in a role related to cybersecurity risk quantification. When not doing math, she’s usually playing volleyball or video games, playing soccer with her dog, Dax, or traveling to some of her favorite cybersecurity conferences (like DEFCON!).
Discussion Group: From Networking to your First Interview
Creator Event Map Page – LVCC West-Level 2-W205 (The Diana Initiative Community)When: | Friday, Aug 8, 13:00 – 13:59 PDT |
You’ve made a great connection at a conference. Now what? Join this interactive discussion session to explore how to move from casual networking to landing an interview. Whether you’re new to the field, making a career shift, or looking for your next challenge this session will focus on practical ways to build on those hallway chats and coffee meetups. We’ll share tips for effective follow-ups, how to express interest and how to turn a new contact into a warm lead for an interview. Bring your questions and experiences. We’ll crowdsource ideas and build confidence together.
People:
SpeakerBio: Sarah Mackey, Executive Director at Women in Security and Privacy
Sarah Mackey is executive director of Women in Security and Privacy. She also serves as a career coach supporting individuals through career transitions and helping them discover and secure meaningful careers. With over 20 years experience as a hiring manager, Sarah brings practical and actionable guidance for candidates.
Discussion Group: GRC- three little letters, many big roads
Creator Event Map Page – LVCC West-Level 2-W205 (The Diana Initiative Community)When: | Friday, Aug 8, 12:00 – 12:59 PDT |
This discussion will focus on questions, advice, guidance and insights regarding Governance, Risk, and Compliance as a career path, or even as a skills enhancement in your own career. No matter if you’re a seasoned GRC professional, or someone just trying to understand how they all play together in the cybersecurity sandbox, come discuss tips, tricks, tools, frameworks, and any other burning questions or issues (even the future of GRC in a world of Large Language Models!
People:
SpeakerBio: Mea Clift
Mea Clift is a distinguished cybersecurity executive with a multi-decade career rooted in excellence, innovation, and mission-driven leadership. As Principal Executive Advisor for Cyber Risk Engineering at Liberty Mutual, she provides strategic guidance to underwriters and insureds on emerging cyber risks, maturity models, and industry trends—bridging the gap between cybersecurity strategy and enterprise risk.
With deep expertise in governance, risk, and compliance (GRC), Mea is a champion of NIST-based frameworks, Zero Trust principles, and supply chain security. Her background spans critical infrastructure protection, regulatory alignment, and the development of governance structures that embed security across the business. She is widely respected for her ability to translate complex technical risks into clear, compelling language for executives and stakeholders alike.
A 2024 Cyversity Educator of the Year, published author, and active mentor, Mea teaches Fundamentals of GRC and advocates for diversity in cybersecurity through many organizations including Wicys, Cyversity and ISACA. Outside of her professional work, she is a passionate quilt historian and educator living in St. Paul, Minnesota, where she shares her love of textiles and design alongside her three greyhounds.
Discussion Group: Harnessing your Security impact by participating in bug bounties, CTFs & contributing in Open Source projects
Creator Event Map Page – LVCC West-Level 2-W205 (The Diana Initiative Community)When: | Saturday, Aug 9, 16:00 – 16:59 PDT |
Find out about developing and showcasing your security skills beyond your day-to‑day roles. Activities like CTFs, bug bounties, and open source projects offer an ideal platform for newcomers to learn the ropes and for seasoned professionals to deepen expertise in specific domains.
People:
SpeakerBio: Snahil Singh
No BIO available
SpeakerBio: Ying Liu
No BIO available
Discussion Group: Making Work Accessible
Creator Event Map Page – LVCC West-Level 2-W205 (The Diana Initiative Community)When: | Saturday, Aug 9, 11:00 – 11:59 PDT |
Ready to make a difference in your workplace? This discussion-based session provides practical insights and a supportive space to explore how individuals can effectively advocate for accessibility. From navigating accommodation requests to identifying and improving systemic barriers, plus effectively educating peers and leadership, we’ll discuss actionable steps you can take to create a more equitable and productive work environment for yourself – and everyone. Come share your insights and empower change!
People:
SpeakerBio: Britne Jenke
Britne Jenke, CPACC (she/her) is an author, speaker, and consultant – and a passionate advocate for disability inclusion in the workplace. As the founder of Inclusive Pixelation, an accessibility consulting agency, she partners with individuals and organizations to empower them with the knowledge, skills, and tools to make work truly accessible for everyone. Britne’s expertise comes from decades of experience in training and development, web design, and information services, and is further validated by her certifications in accessibility, human resources, talent development, and diversity & inclusion. Her insights have been featured in multiple articles and podcasts, and she is a frequent and sought-after speaker at various industry events and conferences. Committed to community impact and professional development, Britne proudly serves on the board of Equal Access Public Media and works as the Director of Curriculum for The Anti-Discrimination Project. Her mission is to make work accessible for everyone, one pixel at a time.
Discussion Group: Mental Health, Burnout, and Boundaries- a roundtable discussion
Creator Event Map Page – LVCC West-Level 2-W205 (The Diana Initiative Community)When: | Saturday, Aug 9, 14:00 – 14:59 PDT |
In this session we’ll discuss the struggles of balancing a career in cybersecurity and the stress of the world, for everyone. Whether a diagnosed mental health condition, general stress challenges, signs of burnout, or just wanting to know you aren’t alone working through life, this discussion is a brave space to get answers, ask questions, provide insight, and come away with more ideas on how to tackle keeping your brain protected while keeping the business protected.
People:
SpeakerBio: Mea Clift
Mea Clift is a distinguished cybersecurity executive with a multi-decade career rooted in excellence, innovation, and mission-driven leadership. As Principal Executive Advisor for Cyber Risk Engineering at Liberty Mutual, she provides strategic guidance to underwriters and insureds on emerging cyber risks, maturity models, and industry trends—bridging the gap between cybersecurity strategy and enterprise risk.
With deep expertise in governance, risk, and compliance (GRC), Mea is a champion of NIST-based frameworks, Zero Trust principles, and supply chain security. Her background spans critical infrastructure protection, regulatory alignment, and the development of governance structures that embed security across the business. She is widely respected for her ability to translate complex technical risks into clear, compelling language for executives and stakeholders alike.
A 2024 Cyversity Educator of the Year, published author, and active mentor, Mea teaches Fundamentals of GRC and advocates for diversity in cybersecurity through many organizations including Wicys, Cyversity and ISACA. Outside of her professional work, she is a passionate quilt historian and educator living in St. Paul, Minnesota, where she shares her love of textiles and design alongside her three greyhounds.
Discussion Group: Open to all sober/alcohol-free folks in our industry; all recovery pathways welcome
Creator Event Map Page – LVCC West-Level 2-W205 (The Diana Initiative Community)When: | Saturday, Aug 9, 15:00 – 15:59 PDT |
Whether you’re in a long-term recovery program or just looking for ways to reduce your intake of alcohol or other substances, one of the first big steps is overcoming the fear of just TALKING about it. Silence feeds stigma, and stigma is stupid… so let’s talk about it! This will be a group discussion where we can chat about all forms of recovery and all pathways to leading a healthier lifestyle. Jen will share a little about her personal journey and some of the principles that have helped her to maintain 24 beautiful years of sobriety. It isn’t always easy, but it’s always worth it. Come make some friends who are on a similar path and share any resources that have helped you in your recovery.
People:
SpeakerBio: Jennifer VanAntwerp, Founder at Sober in Cyber
Jen VanAntwerp is the founder of Sober in Cyber, a nonprofit on a mission to provide alcohol-free events and community-building opportunities for sober individuals working in cybersecurity. She is passionate about breaking the stigma of addiction recovery and is profoundly driven to increase the number of professional networking events that don’t revolve around alcohol. Jen is also the ABM manager at StrongDM, the Zero Trust privileged access platform. When she’s not developing marketing strategies or running her nonprofit, Jen enjoys volunteering, sewing, and tinkering with her beloved ’65 Ranchero.
Discussion Group: Toot your horn: Personal branding and networking tips for introverts or those who typically shy away from the spotlight.
Creator Event Map Page – LVCC West-Level 2-W205 (The Diana Initiative Community)When: | Sunday, Aug 10, 12:00 – 12:59 PDT |
We all understand the importance of having a solid support network, but growing your community and “promoting” yourself can feel awkward (especially if being in the spotlight isn’t your cup of tea!). Personal branding and networking are important aspects of growing your community, and there are steps that even the most introverted of introverts can take to expand their network. This group discussion will help attendees: improve their presence on LinkedIn and other social media platforms; find impactful networking opportunities that aren’t terrifying; and find ways to make self-promotion and “tooting your own horn” feel less awkward. Toot toot!
People:
SpeakerBio: Jennifer VanAntwerp, Founder at Sober in Cyber
Jen VanAntwerp is the founder of Sober in Cyber, a nonprofit on a mission to provide alcohol-free events and community-building opportunities for sober individuals working in cybersecurity. She is passionate about breaking the stigma of addiction recovery and is profoundly driven to increase the number of professional networking events that don’t revolve around alcohol. Jen is also the ABM manager at StrongDM, the Zero Trust privileged access platform. When she’s not developing marketing strategies or running her nonprofit, Jen enjoys volunteering, sewing, and tinkering with her beloved ’65 Ranchero.
DIY Affirmation Cards
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C208 (WISP Community)When: | Friday, Aug 8, 11:00 – 11:59 PDT Saturday, Aug 9, 11:00 – 11:59 PDT |
Make a moment for yourself with this calming and reflective activity. Design your own affirmation card using colorful pens, washi tape, and prompts like “Dear Future Me” or “You’re doing enough.” Whether it’s a reminder you need or a message of encouragement, your card is yours to keep. Tuck it in your badge, your bag, or your notebook as a little boost throughout the con.
DNS-Based OSINT Tactics for Product and Service Discovery
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 3When: | Saturday, Aug 9, 11:00 – 16:50 PDT |
As a London-based security researcher with a strong focus on open-source intelligence (OSINT) and attack surface discovery, I am excited to attend the DEF CON conference for the first time and contribute meaningfully to the Red Team Village. My passion lies in developing and refining reconnaissance techniques that enable both offensive and defensive practitioners to gain deeper insights into an organization’s digital footprint.
During the RTV Tactics sessions, I will present a DNS-based OSINT methodology for uncovering products and services through large-scale DNS TXT record scanning. This previously unpublished approach demonstrates how certain TXT records can reveal not just domain ownership or validation details, but also the presence of specific third-party services and platforms in use. For instance, TXT entries like google-site-verification, MS=msXXXXXXXX, or vendor-specific SPF includes can expose dependencies on Google Workspace, Microsoft 365, or other cloud-based services.
By programmatically analyzing these records across large swaths of DNS zones, attackers can construct detailed maps of an organization’s technology stack and supply chain affiliations—critical intelligence for targeted campaigns. This intelligence also provides defenders with an opportunity to detect inadvertent information leakage and improve control over external DNS configurations.
To support operational use, I have integrated this scanning technique into widely adopted open-source tools such as Nuclei and Amass. These enhancements allow red teams and security researchers to efficiently incorporate TXT record reconnaissance into broader discovery workflows, elevating the precision and depth of traditional enumeration phases.
This session will equip attendees with practical, reproducible tactics for passive and semi-active discovery that can uncover non-obvious attack vectors. Attendees will leave with actionable insights and tooling that can be immediately applied to real-world engagements.
It would be an absolute honor to support the Red Team Village and give back to a community that has been instrumental in shaping my growth as a researcher. I deeply value the Village’s mission to educate, inspire, and empower red teamers of all experience levels, and I am eager to contribute to that mission by sharing knowledge that enhances our collective offensive capabilities and understanding of adversarial tradecraft. Thank you for the opportunity to be considered.
People:
SpeakerBio: Rishi “rxerium” Chudasama
Rishi Chudasama is a London-based security researcher with over five years of hands-on experience in IT. He currently specializes in vulnerability research, threat intelligence, and enterprise risk analysis. His current focus lies in identifying and analyzing zero-day vulnerabilities and emerging CVEs, often working to reverse engineer exploit mechanics and build detection logic before public weaponization. Rishi’s work spans both offensive and defensive domains—developing threat models based on real-world TTPs, crafting custom detection rules, and automating reconnaissance pipelines to uncover exploitable misconfigurations and exposed assets. He is particularly active in attack surface management (ASM) and OSINT, where he leverages DNS enumeration, passive data correlation, and large-scale infrastructure scanning to surface unknown entry points and map adversary-accessible exposure. Outside of research, Rishi integrates findings into operational tooling and supports data-driven prioritization strategies to bridge technical risk and business impact. His work reflects a deep commitment to adversary-informed defense and proactive discovery across modern hybrid environments.
Do Your Own Recon Activity
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-Do Your Own Recon AreaWhen: | Friday, Aug 8, 13:00 – 14:59 PDT |
People:
SpeakerBio: Shubham Mittal
No BIO available
Do Your Own Recon Activity
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-Do Your Own Recon AreaWhen: | Saturday, Aug 9, 13:00 – 14:59 PDT |
People:
SpeakerBio: Shubham Mittal
No BIO available
Doing bad things for the right reasons: Vulnerability Disclosure at Amazon and AWS
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Saturday, Aug 9, 13:30 – 14:45 PDT |
Ever had questions about how to report a vulnerability to Amazon or AWS, and what actually happens after you click “submit”? You’re not alone. With cloud services powering so much of what we use every day, making it easy and collaborative to report security issues helps strengthen the whole ecosystem.
In this session, members of the Amazon and AWS Vulnerability Disclosure Program (VDP) and Amazon Vulnerability Research Program (VRP) teams will offer a behind-the-scenes look at how these programs operate, the types of issues in scope, and a new initiative aimed at deepening collaboration with the security research community.
We’ll cover what makes a strong vulnerability report, how to submit it through the appropriate channels, and what to expect throughout the process, from triage to resolution. Attendees will also gain insight into how Coordinated Vulnerability Disclosure (CVD) is approached, along with how public disclosure decisions are made in collaboration with researchers.
Whether you’re an experienced researcher or just starting out, this talk will give you practical knowledge and a clearer understanding of how to engage with Amazon and AWS, and how we’re working to make that experience even better
—
AWS security experts Ryan, Albin Vattakattu, Wesley, and Justin bring together decades of combined experience across threat hunting, incident response, bug bounty management, and security research. This dynamic team includes Ryan, an AWS Senior Security Engineer and co-author of AWS Detective, Albin, a technical lead for AWS’s Vulnerability Disclosure Program (VDP) team, while Wesley and Justin serve on Amazon’s Bug Bounty Team managing vulnerability reports and researcher relations. Joining them as a guest speaker is Kasimir Schulz, Director of Security Research at HiddenLayer and active AWS VDP researcher, whose pioneering work in AI security has been featured in major tech publications and conferences like Black Hat. Together, they represent expertise spanning threat research, vulnerability management, offensive security, and the development of cutting-edge security tools and automation.
People:
SpeakerBio: Ryan Nolette, Amazon / AWS
No BIO available
SpeakerBio: Albin Vattakattu
No BIO available
SpeakerBio: Kasimir Schulz
No BIO available
SpeakerBio: Justin
No BIO available
SpeakerBio: Wesley
No BIO available
Dominion ICX Technical Demo
Creator Event Map Page – LVCC West-Level 2-W222-W223 (Voting Village Talks ) W222When: | Saturday, Aug 9, 12:50 – 13:59 PDT |
Demo and continuation of the 12: 00 ICX talk, to be held in the voting systems lab.
People:
SpeakerBio: Drew Springall, Auburn University
Drew Springall is an Assistant Professor of Computer Science at Auburn University, and is a hacker/security researcher with a focus on the technical/concrete aspects of voting system security. Since 2013, Drew has worked to understand and demonstrate the difficulty attackers would face should they attempt to attack such systems as deployed in the real-world and given realistic resources to leverage. Most recently, Drew has worked specifically on the DVSorder ballot randomization flaw and the ”Security Analysis of Georgia’s ImageCast X Ballot Marking Devices” report published along with Prof. J. Alex Halderman.
SpeakerBio: Philip DavisNo BIO available
Dozier Drill Tournament
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-701 (Lock Pick Village)When: | Saturday, Aug 9, 12:00 – 14:59 PDT |
Have you ever wanted to break out of handcuffs, pick open a closed bag and shoot your buddy in the chest with a nerf gun? So have we, that’s why TOOOL presents the Dozer Drill. A fast paced skill based game where you have to free yourself from handcuffs, open a closed bag, and retrieve the nerf gun to be the first to hit the target. Join us on Friday for qualifiers, through the con for unofficial games, and on Saturday for an official bracket tournament.
People:
SpeakerBio: Kataze, TOOOL
A skunk with a phys sec fascintation and a little too much time on his hands, Kataze has been helping The Open Organization Of Lockpickers present DEFCON’s Lock Pick Village for over five years now!
Drone Flying Experience
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Experience the thrill of flying a drone in our custom-built cage right on the showroom floor. This activity is designed for everyone to enjoy, from kids to adults. Fly mini drones around the cage and see how well you can control these agile little machines. It’s a fun, interactive way to learn the basics of drone piloting in a safe environment.
Drone Hacking Workshop
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Sunday, Aug 10, 10:00 – 13:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Join our Drone Hacking Workshop and get hands-on experience with hacking into drone microcontrollers. This three-step in-depth activity is designed to teach you about the vulnerabilities and security of autonomous systems. Using sample drones, participants will learn techniques used in government pen tests. This workshop is suitable for all skill levels, from beginners to advanced hackers. Come and test your skills in a real-world scenario and understand the intricacies of drone security.
Easy IoT App Hacking
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
In this interactive exercise, you’ll learn how easy it is nowadays to reverse engineer the apps that are used to configure and interact with IoT devices.
IoT hacking with no multimeter or soldering iron required!
Escape the Sandbox Challenge
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-402 (GameHacking.GG Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Win bug bounty prize by escaping a game sandbox environment
Evening Hangout
Creator Event Map Page – LVCC West-Level 2-W204 (Noob Community)When: | Friday, Aug 8, 18:00 – 22:59 PDT |
Vegas can be lame if you’re under 21. We have board games, card games, and movies in a chill hang envinronment.
Exploiting Public AWS Resources
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Friday, Aug 8, 13:30 – 15:30 PDT |
You like hacking public cloud services? In this workshop we will hack most of the relevant AWS services that can be hacked without prior credentials. Where applicable, there will be multiple and differently misconfigured resources for each service. What you need: Laptop with AWS CLI version 2 installed (UNIX terminal is recommended) Tools: jq, terraform/opentofu, docker, coldsnap, mysql, CloudShovel Your own AWS account to launch attacks from
To maximize the number of hacker resources, participants will get a playbook to follow if they want. The structure of the workshop is: short demo section followed by hands-on hacking and ending with Q&A.
Let’s hack some cloud!
People:
SpeakerBio: Eduard Agavriloae
No BIO available
Exposor – A Contactless reconnaissance tool using internet search engines with a unified syntax
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-Arsenal 1When: | Saturday, Aug 9, 13:30 – 14:30 PDT |
The attack surface of organizations is constantly evolving, making real-time discovery of exposed technologies and vulnerabilities critical for proactive security. However, conducting searches across multiple Search Engine requires understanding different query syntaxes, which can be time-consuming and inefficient.
People:
SpeakerBio: Abdulla “Abu” Abdullayev
Abdulla Abdullayev (Abu) is a cybersecurity leader with over 11 years of experience across finance, government, and startups. He specializes in offensive and defensive security, security architecture, and building high-performing information security teams.
Certified in OSEP, OSWE, OSCP, WCSD, and CEH, Abu is currently a Sr. Security Researcher at Oryxlabs, focusing on security architecture and vulnerability research. He received M.S. degree in Cyber Security from University of Birmingham, UK, in 2016. Abu is a frequent speaker at major security conferences, including Black Hat and CyberWeek, among others.
Experienced in penetration testing, security architecture, security research, offensive&defensive security, incident response, red teaming, identifying zero-day vulnerabilities, and agile methodologies.
F-35 Joint Strike Fighter Badge Challenge
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT |
Prove your air combat superiority. Only the sharpest contenders will win the limited edition F-35 PCB badge, a symbol of your elite technical skills. Test your wits, and aerospace savvy in this exclusive showdown to earn your wings in the ultimate test of aerospace analytic problem solving. Challenges drop all weekend long.
Faith-based cryptography: running with unverified entropy
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-206 (Quantum Village)When: | Friday, Aug 8, 11:00 – 11:59 PDT |
Entropy is a foundation to most security systems; yet it’s often the most opaque and overlooked component. Many cryptographic systems run on unverified or low-assurance randomness, exposing to vulnerabilities that may go unnoticed for a long time. This talk explores how we can use advanced technologies to implement runtime entropy observability, direct from hardware and beyond simple statistical verifications. We will focus on how we can move away from black-box entropy designs to open, transparent and verifiable entropy designs.
People:
SpeakerBio: Carlos Abellan, CEO and Co-founder at Quside
Carlos Abellan is CEO and cofounder of Quside. Before spinning off the company in 2017, he was a scientist at ICFO, where he obtained his PhD in photonic and quantum technologies. His research focused on exploiting quantum effects to generate and measure randomness, leading to novel results such as the first photonic integrated quantum entropy source and a new methodology to quantify entropy. He has published over 20 scientific papers and is co-inventor on more than 10 patent families. Originally from Barcelona, he holds a bachelor’s degree in telecommunication engineering from the Polytechnic University of Catalonia (UPC) and a master’s degree in photonics from a consortium of European universities.
Finite State IoT Pentest Blitz
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 3When: | Friday, Aug 8, 11:00 – 12:59 PDT |
The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardware, and software components.
This is ideal for security practitioners seeking to refine their IoT pentesting skills in a controlled, competitive setting.
People:
SpeakerBio: Larry Pesce
No BIO available
Finite State IoT Pentest Blitz
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 3When: | Saturday, Aug 9, 15:00 – 16:59 PDT |
The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardware, and software components.
This is ideal for security practitioners seeking to refine their IoT pentesting skills in a controlled, competitive setting.
People:
SpeakerBio: Larry Pesce
No BIO available
Finite State IoT Pentest Blitz
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 2When: | Friday, Aug 8, 13:00 – 14:59 PDT |
The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardware, and software components.
This is ideal for security practitioners seeking to refine their IoT pentesting skills in a controlled, competitive setting.
People:
SpeakerBio: Larry Pesce
No BIO available
Firmware Decryption with Open Source Clues
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT |
In this challenge, participants are given an encrypted firmware image for a D-Link access poitn alone with its publicly available GPL release.
The objective is to decrypt the firmware using clues from open source files.
This is a realistic test of practical reverse engineering and firmware analysis skills, with a focus on identifying overlooked assumptions in standard tooling.
Fix the Flag Wargame (Day 1)
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-CTFWhen: | Friday, Aug 8, 10:00 – 17:59 PDT |
AppSec Village is proud to present our DEF CON Contest in partnership with SecDim.
Unlike a typical CTF, this contest rewards the players who fix security vulnerabilities. You can choose between secure coding challenges or competing against other players in an Attack & Defence AppSec challenge, where you need to secure your app before being given a chance to hack other players’ apps😈. You can also develop your own AppSec challenge by following the challenge contribution guidelines. All approved challenges will be hosted during AppSec Village @ DEF CON.
There are two categories of winners: – The player with the highest total points by the end of the event (August 10 at noon PDT) – The best-contributed challenge submission
The Award Ceremony will be held at 12:45 PM PDT in the AppSec Village on August 10.
Fix the Flag Wargame (Day 2)
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-CTFWhen: | Saturday, Aug 9, 10:00 – 17:59 PDT |
AppSec Village is proud to present our DEF CON Contest in partnership with SecDim. Unlike a typical CTF, this contest rewards the players who fix security vulnerabilities. You can choose between secure coding challenges or competing against other players in an Attack & Defence AppSec challenge, where you need to secure your app before being given a chance to hack other players’ apps😈. You can also develop your own AppSec challenge by following the challenge contribution guidelines. All approved challenges will be hosted during AppSec Village @ DEF CON.
There are two categories of winners: – The player with the highest total points by the end of the event (August 10 at noon PDT) – The best-contributed challenge submission
The Award Ceremony will be held at 12:45 PM PDT in the AppSec Village on August 10.
Fix the Flag Wargame (Day 3)
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-CTFWhen: | Sunday, Aug 10, 10:00 – 11:45 PDT |
AppSec Village is proud to present our DEF CON Contest in partnership with SecDim. Unlike a typical CTF, this contest rewards the players who fix security vulnerabilities. You can choose between secure coding challenges or competing against other players in an Attack & Defence AppSec challenge, where you need to secure your app before being given a chance to hack other players’ apps😈. You can also develop your own AppSec challenge by following the challenge contribution guidelines. All approved challenges will be hosted during AppSec Village @ DEF CON.
There are two categories of winners: – The player with the highest total points by the end of the event (August 10 at noon PDT) – The best-contributed challenge submission
The Award Ceremony will be held at 12:45 PM PDT in the AppSec Village on August 10.
Friendship Bracelets
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C208 (WISP Community)When: | Saturday, Aug 9, 12:00 – 12:59 PDT Friday, Aug 8, 12:00 – 12:59 PDT Sunday, Aug 10, 12:00 – 12:59 PDT |
Create a custom bracelet to wear or trade, each featuring a special bead with a hidden message or symbol of empowerment. This tactile, low-key activity is perfect for starting conversations and forming connections across the community. No crafting experience needed, just good vibes and open hands. Join us during this hour for a WISP bead to add to your bracelet!
From Hexeditor to Root, Multi Stage Approach to Root Access
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Sunday, Aug 10, 10:00 – 13:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
This year at Rapid7’s hands-on hardware hacking lab, you’ll dive in deep to gain root access on an IoT.
Using tools like Flashrom and Hexedit, we’ll guid you through dumping SPI flash, modifying firmware dump to force single user mode, and using UART to interact with the target.
Then we’ll rebuild the environment, load drivers, and regain full acess – finishing with modifying the “CORRECT” root password file to take complete control.
Game Hacking Intro Game
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-402 (GameHacking.GG Village)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Learn the basics of game hacking by playing a game that teaches you to hack the game itself to progress through levels.
GEOSINT Final
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-GEOSINT AreaWhen: | Saturday, Aug 9, 15:30 – 16:30 PDT |
People:
SpeakerBio: Dhruv Shah
No BIO available
GEOSINT Playoffs
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-GEOSINT AreaWhen: | Saturday, Aug 9, 10:00 – 13:59 PDT |
People:
SpeakerBio: Dhruv Shah
No BIO available
GEOSINT Playoffs
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-GEOSINT AreaWhen: | Friday, Aug 8, 10:00 – 17:59 PDT |
People:
SpeakerBio: Dhruv Shah
No BIO available
GEOSINT Semi Finals
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-GEOSINT AreaWhen: | Saturday, Aug 9, 14:00 – 15:30 PDT |
People:
SpeakerBio: Dhruv Shah
No BIO available
GlytchC2: Command execution and data exfiltration of any kind through live streaming platforms
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 2When: | Friday, Aug 8, 12:00 – 13:50 PDT |
Glytch is a post-exploitation tool serving as a Command-and-Control (C2) & Data Exfiltration service.
It creates a covert channel through Twitch live streaming platform and lets attacker to execute an OS command or exfiltrate a data of any kind from the target computer (does not matter whether the computers are connected over a LAN or WAN).
We have submitted our tool for Demo Labs already and we are planning to share it’s development phase, ideas and challenges that we’ve faced.
https://github.com/ccelikanil/GlytchC2
People:
SpeakerBio: Anıl Çelik
Anil graduated as a computer engineer and is currently an MSc student in information security engineering. He has 5+ years of professional experience and is working as a cyber security engineer at HAVELSAN, primarily focused on red team engagements and purple teaming. He holds 5+ CVEs and has OSCP and OSWP certifications.
SpeakerBio: Emre OdamanGraduated as a Computer Engineer and working as a Cyber Security Engineer at HAVELSAN for the past 3 years, which is a major defense industry company in Türkiye. His main areas of interest are red teaming, network security, OT, IoT & hardware security.
Hack my Bot
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-802 (HHV-SSV)When: | Friday, Aug 8, 16:00 – 16:59 PDT Saturday, Aug 9, 16:00 – 16:59 PDT |
Hack the Bots is a live-action hardware hacking competition where four teams face off using robotic platforms like the Tengu Marauder. The Tengu Marauder is an open source hacking bot platform that has presented at DEFCON32 and Blackhat USA. Each bot is operated by a two-person crew: one pilot to drive and engage in kinetic tactics, and one hacker to launch wireless, IoT, or hardware-based exploits. The mission? Reach the “King of the Hill” zone, capture the flag, and hold it against other attackers. Teams must bypass IoT-controlled barriers, dodge spinning and piston-powered obstacles, and survive attacks from rival robots. This session blends robotics, wireless warfare, and hands-on hacking in a physical capture-the-flag arena. No prior robotics experience is required, but a basic understanding of wireless or hardware attacks will give teams an edge. Bring your skills. Break their bots. Win the hill.
People:
SpeakerBio: lexicon121
No BIO available
Hacker Troll House
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 2When: | Saturday, Aug 9, 11:00 – 14:50 PDT |
Enter the Hacker Troll House to take on a variety of entry-level Linux security challenges against the Trolls. The Hacker Troll House challenges are short, timed, and will require you to think on your feet to beat the Trolls at their own game. But be warned, Trolls don’t play fair! Basic Linux command line and file system knowledge recommended (bash scripting a plus).
People:
SpeakerBio: James Rice
Mr. James Rice has been cybersecurity faculty for the last decade in Upstate New York at Mohawk Valley Community College and more recently Rochester Institute of Technology. During this time, Mr. Rice has focused on developing numerous interactive gamified learning scenarios for the classroom and cyber competitions such as the NSA sponsored NCAE Cyber Games. Mr. Rice is currently pursuing his PhD at RIT in Computer Engineering and researching how to best leverage immersive reality technologies for data visualization and interaction, primarily in cyberspace.
Hacker Vs Hacker Olympics
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-402 (GameHacking.GG Village)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Rotating real production games to hack in a player vs player competition to create real hacks to win various games. Teams or individuals can win Gold Silver or Bronze or just have fun playing the games
Hacking Kubernetes
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Friday, Aug 8, 11:00 – 12:59 PDT |
With the ever-increasing popularity of Kubernetes, whether Red or Blue Team should know how hackers approach hacking Kubernetes environments. Many are scared off by the complexity of Kubernetes, which often leads to significant flaws in Kubernetes security.
This workshop will focus on the most common misconfigurations, how to exploit and secure them. Each workshop participant will get access to a Kubernetes cluster and an attack server from which the attacks can be executed.
Each section of the workshop starts with an introduction to the topic by the trainer. Afterwards, various scenarios and configurations seen in the wild by the trainer are shown and discussed. Last but not least, the participants can perform CTF style tasks and gain hands-on experience with Kubernetes Security before the next topic is introduced. At the end of the workshop, participants will be able to recognize, assess and mitigate certain Kubernetes security misconfigurations. They will have gained practical experience and will be aware of potential security risks that can occur in a Kubernetes environment.
Specific topics covered: – Kubernetes Core Components – Role Based Access – Admission Control
Software Requirements: A working SSH client
People:
SpeakerBio: Benjamin Koltermann
Benjamin Koltermann is CEO and Security Architect for Cloud and Kubernetes environments at KolTEQ. He works on various projects for large regulated organizations, enabling them to securely manage the transformation to the cloud and Kubernetes. He spends his free time playing CTF for FluxFingers and Sauercloud.
He is also a Co-Author of the Kubernetes DEFCON CTF since 2024.
Hardware Hacking and Soldering Skills Village (HHV/SSV)
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-802 (HHV-SSV)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 12:59 PDT |
Every day our lives become more connected to consumer hardware. Every day the approved uses of that hardware are reduced, while the real capabilities expand. Come discover hardware hacking tricks and tips regain some of that capacity, and make your own use for things! We have interactive demos to help you learn new skills. We have challenges to compete against fellow attendees. We have some tools to help with your fever dream modifications. Come share what you know and learn something new.
Hardwired
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 12:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Don’t know how to make a network cable and want to learn? Has it been years? Or do you think you’re a pro? Come see if you can… make the best cable at con by cut/wire/crimp.
HavocAI Autonomous Surface Vessel Hacking
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-504 (Maritime Hacking Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 12:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
“Hack it if you can” Challenge: HavocAI is challenging hackers at DEF CON 33 to find vulnerabilities and exploits in their “Rampage” Autonomous Surface Vessel software and hardware, offering a $5,000 prize for the best cyber minds who demonstrate exploits. This initiative aims to strengthen the security of autonomous vessels for national security purposes. Pre-registration and US citizenship (with passport) are required to participate.
People:
SpeakerBio: Daniel Morrisey, HavocAI
No BIO available
HDA Community Open
Creator Event Map Page – LVCC West-Level 2-W219 (Hackers With Disabilities)When: | Sunday, Aug 10, 10:00 – 12:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
A place for people with disabilities to hear talks aimed at hacking disabilities / gear / specific topics on security and safety. To have a place to recharge assistance devices, get assistance with disability issues, to have a safe space to retreat should things get to be too much, to form community bonds with other hackers with disabilities and to be an educational outreach and support system showing that just because you have a disability you can still be a hacker and part of the community. Also a break area for service animals, and people with sensory issues.
HDA Open Synthesizer Jam Session
Creator Event Map Page – LVCC West-Level 2-W219 (Hackers With Disabilities)When: | Friday, Aug 8, 13:00 – 13:59 PDT |
HDA Setup, Meet & Greet, Services available after setup
Creator Event Map Page – LVCC West-Level 2-W219 (Hackers With Disabilities)When: | Thursday, Aug 7, 10:00 – 17:59 PDT |
Homemade Designs and Wearables
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C103 (Illumicon Community)When: | Saturday, Aug 9, 16:30 – 17:30 PDT Friday, Aug 8, 16:30 – 17:30 PDT |
Bring your best and brightest costume, clothing, displays, and toys to show off and earn the adoration of the masses.
Illumicon Community
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C103 (Illumicon Community)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Illumicon is all about Hackers lighting the Way! Throughout the day attendees will be able control the hands on displays with someone knowledgeable in the field nearby to answer any questions. The displays will include 2 professional laser displays controlled either by either analog or digital and several led fixtures all just waiting for attendees to make them shine. Knowledgeable people will be there to answer questions whether it is hardware, software, sourcing or design. We are here to get you on your way to letting your Blink Flag Fly!!
Improv
Creator Event Map Page – LVCC West-Level 3-W317-W319 (Social Engineering Community Village)When: | Friday, Aug 8, 15:30 – 15:59 PDT |
Jump into our lightning improv session – 30 minutes of quick-fire skits to keep your social-engineer reflexes razor-sharp!
Links:More Info – https://www.se.community/se-improv/
Improv
Creator Event Map Page – LVCC West-Level 3-W317-W319 (Social Engineering Community Village)When: | Friday, Aug 8, 12:00 – 13:30 PDT |
Ready to think on your feet? Join Bryan and Kevin with our bite-sized improv showdown – jump in with activities that sharpen your social engineering chops (or just kick back and enjoy the laughs).
Links:More Info – https://www.se.community/se-improv/
Initial Access Tactics on MacOS
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 1When: | Friday, Aug 8, 14:00 – 15:50 PDT |
In this tactic section the attendees will get to experiment with highly custom initial access payloads and the controls they are meant to bypass on MacOS. Attendees will be able to pick the tactics they want to run based on their experience. We plan on setting up the following tactics
Beginner: Create a simple pkg w/ pre and post install scripts. Creating an Application Bundle w/ installer guide to get around Gatekeeper. Creating a simple Configuration Profile to Disable Gatekeeper
Intermediate: Using an Application bundle to register and abuse existing URI handlers Abusing xcode URI handler to gain code execution Creating a pkg to over-write managed preferences and install a malicious browser extension
Advanced: Compiling and embedding Mythic poseidon implant as a Shared Library to get around EDRs Creating a MacOS VM to receive MDM config from a DEP enrolled device.
People:
SpeakerBio: Adwiteeya Agrawal
Adwiteeya Agrawal currently works as an Offensive Security Engineer for a tech company in California. Adwiteeya has worked on several internal Red Teams and currently focuses on MacOS Security, Cloud Security and Purple Teaming. Adwiteeya graduated from Carnegie Mellon University with a Masters in Information Security and is passionate about all things security.
SpeakerBio: Jianqiang (Stark) LiStark is working @Snap as a red teamer.
Inside KnoxSpy: Real-Time Visibility into MDM-Secured Mobile Traffic
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-Arsenal 2When: | Friday, Aug 8, 15:00 – 15:59 PDT |
Mobile Device Management (MDM) apps route all traffic through managed VPNs, blocking traditional API interception methods. This creates major blind spots during security testing of high-privilege mobile apps.
KnoxSpy is a purpose-built tool that overcomes this limitation using dynamic instrumentation with Frida. It hooks into the target app’s network libraries to intercept traffic before it enters the MDM tunnel and after it exits, enabling real-time inspection and modification of API calls.
KnoxSpy allows security professionals to test APIs without breaking the MDM tunnel or modifying device policies. Requests can also be modified and reinjected seamlessly through the app’s own network stack.
Used successfully in multiple real-world assessments, KnoxSpy has helped uncover critical vulnerabilities in MDM-protected apps. A live demo will showcase how KnoxSpy enables deeper visibility into secured environments.
People:
SpeakerBio: Subho Halder, CEO & Co-Founder at Appknox
Subho Halder is the CEO and Co-founder of Appknox, a leading mobile application security platform trusted by 500+ global enterprises. A security researcher turned product leader, he previously worked with Hewlett-Packard and has been listed in Facebook, Google, and Twitter’s Hall of Fame for responsible vulnerability disclosures. Subho specializes in mobile app security, reverse engineering, and kernel exploitation. He has presented at Black Hat and OWASP amongst other industry leading events. At DEFCON, he’s bringing his deep expertise to explore what it takes to test apps on enterprise-locked devices, without breaking policy.
—
Subho Halder is the Co-founder and CEO of Appknox, where he leads advanced research in mobile application security.
He’s spent over a decade deep in offensive security, with a focus on mobile kernel exploitation, runtime evasion, and real-world bypasses for things like RASP and root detection. Subho has shared his work at top conferences including Black Hat, Nullcon, OWASP Global AppSec, and Syscan, often blending hardcore technical research with practical attack demos.
At Appknox, Subho has helped protect more than 500 enterprise apps by embedding mobile security into CI/CD workflows and using real-device testing over emulators. His work has been instrumental in helping organizations in fintech, retail, and aviation catch what traditional tools miss.
By day, he runs a fast-growing SaaS security company. By night, he’s still reverse engineering mobile stacks and building tools that push the boundaries of what’s possible in appsec.
Instant API Hacker!
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 3When: | Friday, Aug 8, 12:00 – 15:50 PDT |
In this rapid-fire, hands-on tactic, you’ll go from zero to hacking your first API in 20 minutes! Find and exploit common REST API vulnerabilities in real-time. No prior hacking experience? No problem! APIs are a great first vector to begin your hacking journey. This workshop is designed for beginners who want quick, practical insights—and some fun along the way.
People:
SpeakerBio: Corey Ball
Corey Ball is the founder and CEO of hAPI Labs, where he provides penetration testing services. He is the author of Hacking APIs, founder of APIsec University, and has over fifteen years of experience working in IT and cybersecurity. Corey holds the OSCP, CCISO, CISSP, and several other industry certifications.
Introduction to CICDGuard – Orchestrating visibility and security of CICD ecosystem
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-Arsenal 2When: | Saturday, Aug 9, 12:00 – 12:59 PDT |
CICDGuard is a graph based CICD ecosystem visualizer and security analyzer – 1. Represents entire CICD ecosystem in graph form, providing intuitive visibility and solving the awareness problem 2. Identifies common security flaws across supported technologies and provides industry best practices for identified flaws adhering to OWASP CICD Top10 3. Identifies the relationship between different technologies and demonstrates how vulnerability in one component can affect one or more other technologies 4. Technologies supported – GitHub, GitHub Action, Jenkins, JFrog, Spinnaker, Drone
CICD platforms are an integral part of the overall software supply chain and it processes a lot of sensitive data, compromise of which can affect the entire organization. One of the challenges with security OF CICD, like most areas of security, is the lack of visibility of what actually makes a CICD ecosystem. Security starts with being aware of what needs to be secure.
People:
SpeakerBio: Pramod Rana
Pramod Rana is author of below open source projects:
1) Omniscient – LetsMapYourNetwork: a graph-based asset management framework
2) vPrioritizer – Art of Risk Prioritization: a risk prioritization framework
3) CICDGuard – Orchestrating visibility and security of CICD ecosystem
He has presented at BlackHat, Defcon, nullcon, OWASPGlobalAppSec, HackMiami, HackInParis and Insomnihack before.
He is leading the application security team in Netskope with primary focus on integrating security controls in the development process and providing security-testing-as-a-service to engineering teams.
Introduction To SeVa [Secret Validator] – Secrets Prioritization Framework
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-Arsenal 1When: | Friday, Aug 8, 13:30 – 14:30 PDT |
SeVa aims to provide an accurate triage and priority framework for secrets with below philosophy:
1) Secrets which are confirmed to be valid will be of most priority
2) Secrets which are confirmed to be not valid will be of least priority
3) Remaining secrets will have severity as per triage
SeVa has three primary independent modules: 1) Connector – To connect with a secret source and fetch the details, support major secret scanners 2) Enhancer – This module identifies the secret type and what additional information is required to make a decision on validation as defined above. It also fetches the complimentary information from affected area 3) Validator – This engine validates the secrets and makes the decision on secret validity and provides the output in multiple formats
SeVA provides a fast and noninvasive way to verify credentials with non-intrusive API calls without secrets leaving organization infrastructure. It can be adopted as easily as writing a GitHub Action workflow.
People:
SpeakerBio: Leon Denard
Leon Denard is a red teamer and application security engineer at Netskope, where he focuses on secret validation, offensive tooling, and helping teams identify security gaps before attackers do. He has led red team operations across finance, cloud, and enterprise environments, combining deep technical work with a strong understanding of secure development practices.
He has hands-on experience with phishing campaigns, password cracking, detection evasion, and building tools to automate repetitive tasks. He is a DEFCON “Crack Me If You Can” champion, GPEN certified, and shares his work at github.com/ltdenard, where he builds and publishes tools.
SpeakerBio: Pramod RanaPramod Rana is author of below open source projects:
1) Omniscient – LetsMapYourNetwork: a graph-based asset management framework
2) vPrioritizer – Art of Risk Prioritization: a risk prioritization framework
3) CICDGuard – Orchestrating visibility and security of CICD ecosystem
He has presented at BlackHat, Defcon, nullcon, OWASPGlobalAppSec, HackMiami, HackInParis and Insomnihack before.
He is leading the application security team in Netskope with primary focus on integrating security controls in the development process and providing security-testing-as-a-service to engineering teams.
IoT Intro Labs. New to all of this? You’re in the right spot!
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Forget the noise.
Get to JustHacking.com!
2 Mini-Workshops
Only 15 Minutes Each
Talk to Your “Things” with MQTT
Learn device comms in a virtual smarthome
Router Ruh Roh!
Find clues of an attack in OpenWRT firmware
No Schedule! Just sit down & start learning!
IoT Village book signing
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Sunday, Aug 10, 14:00 – 14:59 PDT |
Attendees will receive a complimentary signed copy of our brand new book and have the opportunity for some exclusive swag.
Keysight CTF Challenge
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT |
Defeat the Keysight CTF challenge for a change to win a Riscuberry IoT hacking training kit that comes with a picoscope, a bus pirate, and much more!
See one of the Keysight staff for details.
Kubernetes Security Scanner
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Saturday, Aug 9, 11:00 – 12:59 PDT |
Modern clusters are a moving target: new images ship hourly, nodes drift from their golden state, and runtime threats appear without warning. Kubernetes Security Scanner gives you one keyboard shortcut to see it all—and this hands‑on workshop teaches you how.
The tool runs a full‑stack inspection in minutes and organizes findings into five actionable domains:
Cluster Setup & Hardening – benchmarks every control‑plane and node flag against CIS, highlights risky admission‑controller and RBAC settings, and maps network‑policy blind spots.
System Hardening – validates kernel parameters, kubelet options, container‑runtime and gVisor profiles to keep the host layer sealed tight.
Microservice Vulnerability Reduction – enforces least‑privilege at pod and container level by checking security contexts, resource limits, disruption budgets, and secrets hygiene.
Supply‑Chain Security – blocks bad code before it ships by verifying image signatures and SBOMs, scanning for CVEs and license red flags, and flagging stale or untrusted artifacts.
Runtime Security – confirms audit‑policy coverage, validates Falco rules and alert paths, and streams suspicious events so you can react in real time.
Attendees will deploy the scanner against a vulnerable “Kubernetes Goat” cluster, interpret it’s reports, and remediate high‑impact issues live. By the end of the session you’ll leave with a repeatable workflow that delivers prescriptive, line‑item fixes from cluster creation through day‑2 operations—no guesswork, just secure‑by‑design Kubernetes.
People:
SpeakerBio: Krishna Priya
Senior SRE engineer at Cloud Software Group. I have worked on on premise and cloud deployments and have seen the industry evolve to its current state. I have been advocating for better secure defaults and secure deployments for over a decade and have created training material for engineers and tooling that can help automate this. You can see my open source work @ https://github.com/krishpyishere/
Kubernetes Security: Hands-On Attack and Defense
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Friday, Aug 8, 16:00 – 17:59 PDT |
Kubernetes is the de facto operating system of the cloud, and more and more organizations are running their workloads on Kubernetes. While Kubernetes offers many benefits, new users may introduce security risks like cluster misconfiguration, leaked credentials, cryptojacking, container escapes, and vulnerable clusters.
This workshop will teach you the fundamentals of Kubernetes security, from protecting your cluster to securing your workloads. You’ll learn about RBAC, OPA, Security Contexts, Network Policies, and other security features. You’ll also learn how to exploit workloads running on a Kubernetes environment using Living Off the Land (LotL) techniques like exploiting Insecure APIs, Secrets Theft, Container Escape and Pod Privilege Escalation, similar to the ones used by real-world threat actors.
This workshop is designed for both beginners and advanced students. By the end of the workshop, you’ll have a deep understanding of Kubernetes security and the skills to protect your clusters and workloads
Outline: 1. A quick, 20-minute introduction to Kubernetes – https://github.com/Alevsk/dvka/blob/master/workshop/resources/Kubernetes%20Security_%20Attacking%20And%20Defending%20Modern%20Infrastructure.pdf 2. All labs in the beginner section – https://github.com/Alevsk/dvka/blob/master/workshop/README.md#-beginner 3. Challenge 1: Hack The NFT Museum – https://github.com/Alevsk/dvka/tree/master/challenge-1
People:
SpeakerBio: Lenin Alevski, Security Engineer at Google
Lenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.
La Villa Affer hours – Friday – Networking Event
Creator Event Map Page – LVCC West-Level 2-W220-W221 (La Villa Community)-Main TrackWhen: | Friday, Aug 8, 17:30 – 19:59 PDT |
Cuando cae la noche, La Villa sigue viva. Te invitamos al After Hours del sábado, un evento relajado de networking para conectar con speakers, organizadores, hackers y entusiastas en un ambiente informal. Comparte ideas, proyectos o simplemente disfruta de una buena charla con la comunidad. ¡Trae tu energía, tus stickers y tus ganas de convivir fuera del horario técnico!
La Villa Affer hours – Sat – Networking Event
Creator Event Map Page – LVCC West-Level 2-W220-W221 (La Villa Community)-Main TrackWhen: | Saturday, Aug 9, 17:30 – 19:59 PDT |
Cuando cae la noche, La Villa sigue viva. Te invitamos al After Hours del sábado, un evento relajado de networking para conectar con speakers, organizadores, hackers y entusiastas en un ambiente informal. Comparte ideas, proyectos o simplemente disfruta de una buena charla con la comunidad. ¡Trae tu energía, tus stickers y tus ganas de convivir fuera del horario técnico!
Laser shows and how they are made
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C103 (Illumicon Community)When: | Saturday, Aug 9, 11:00 – 11:59 PDT Friday, Aug 8, 11:00 – 11:59 PDT |
Last chance to pick up drives at the DDV
Creator Event Map Page – LVCC West-Level 2-W225 (Data Duplication Village)When: | Sunday, Aug 10, 10:00 – 10:59 PDT |
This is your last chance to pickup your drives whether they’re finished or not. Get here between 10:00am and 11:00am on Sunday as any drives left behind are considered donations.
Learn BadUSB Hacking With the USB Nugget
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Saturday, Aug 9, 10:00 – 11:30 PDT |
Kit cost $135
Links:Registration – https://retia.io/products/dc33-workshop-bad-usb-hacking-on-the-usb-nugget-sun-8-10-25-10-00-11-30
Let’s Play! OWASP Cornucopia Engineers and Exploits the Quest for Security
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C206 (OWASP Community)When: | Saturday, Aug 9, 12:00 – 12:59 PDT |
OWASP Cornucopia is a card game to assist software development teams identify security requirements in agile, conventional, and formal software development processes. It is language, platform, and technology agnostic. Having celebrated its 10th anniversary last year, Cornucopia has been refreshed including an updated full version of the game, a new Website App Edition updated with the OWASP ASVS 4.0 mapping and a Mobile App Edition with the OWASP MASVS 2.0 mapping for mobile development.
People:
SpeakerBio: Spyros Gasteratos
No BIO available
Let’s Play! OWASP Cornucopia Threat Modeling
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C206 (OWASP Community)When: | Sunday, Aug 10, 12:00 – 12:59 PDT |
OWASP Cornucopia is a card game to assist software development teams identify security requirements in agile, conventional, and formal software development processes. It is language, platform, and technology agnostic. Having celebrated its 10th anniversary last year, Cornucopia has been refreshed including an updated full version of the game, a new Website App Edition updated with the OWASP ASVS 4.0 mapping and a Mobile App Edition with the OWASP MASVS 2.0 mapping for mobile development.
Level Up Your CI/CD: Building a secure pipeline with OSS
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Saturday, Aug 9, 16:00 – 17:59 PDT |
What does the “perfect” CI/CD pipeline look like, especially one built with security at its core? This hands-on workshop explores that ideal using readily available open-source tools. We’ll dissect the essential stages of a modern pipeline, demonstrating how to integrate security seamlessly throughout the development lifecycle (DevSecOps).
Through practical, step-by-step guidance, we’ll implement key security checks like iinfrastructure vulnerability scanning, secrets detection and code analysis using popular OSS tools within a functional pipeline. We won’t forget about the pipeline security itself, we will review best practices to secure our CI/CD process. While we’ll showcase specific tools and configurations, the goal is not just replication, but understanding how and why these security controls work.
Discover the underlying principles of secure pipeline design and leave with actionable techniques to start building your own hardened, practical CI/CD pipeline.
Outline:
Introduction
Brief presenter introduction.
Setting the stage: The need for secure CI/CD pipelines.
Fundamentals Recap:
Quick overview: What is Continuous Integration, Continuous Deployment and Continuous Security?
Scope & Learning Objectives
Workshop Focus: Demonstrate building a “perfect” (secure and practical) CI/CD pipeline using open-source tools.
Key Goal: Inspirational, not prescriptive. Attendees should understand the principles and identify modular components they can adapt to their own environments. The aim is to grasp the idea of a secure pipeline, not to replicate this specific example verbatim.
Learning Outcomes: Attendees will understand the key stages of a secure pipeline, know relevant OSS tools for each stage, and grasp the principles needed to start building or improving their own secure CI/CD process.
Out of Scope (What this workshop is NOT):
Deep dives into specific development workflows (e.g. Gitflow, Trunk-based).
Focus on a specific application technology stack (language/framework agnostic where possible).
A definitive statement on the “best” tools (alternatives will be mentioned for key steps).
Assumption: We will work from a simplified “greenfield” perspective for clarity.
“Perfect Secure Pipeline” Overview
- Visual explanation of the “perfect” pipeline stages.
Secure Pipeline Step-by-Step Breakdown (Hands-On)
For each key stage (e.g., Pipeline Scan, IaC Scan, Container Scanning, Secrets Detection, SAST/SCA):
Goal: What security risk are we trying to mitigate with this step?
OSS Tool Demo of the chosen open-source tool (e.g., Chekov for IaC, Trivy for container scanning, Gitleaks for secrets). Briefly mention 1-2 alternatives.
Live Demo – Break & Fix:
Pipeline without the check -> potential security failure.
Integrate OSS security tool into the pipeline.
Trigger pipeline again -> security issue found.
Fix the issue.
Re-run pipeline -> successful pass.
For time reasons, we will focus specially in Pipeline Security, Infra as Code scan, Container Scan and Secrets Detection steps.
Conclusion & Q&A
People:
SpeakerBio: Andoni Alonso Fernández
Cloud Security Engineer at Prowler.
I began my career as a Sysadmin, evolved to Site Reliability Engineer, and a few years ago crossed over to the dark side… Security. A long-time CTF enthusiast and hooked on anything with a scoreboard.
Currently, I’m starting unicrons.cloud project aiming to share cloud security knowledge and resources with the community.
SpeakerBio: Paco Sanchez LopezI’m an SRE focused on Developer Productivity and Platform Engineering, with over 8 years of experience building tools that help developers work smarter. I pride myself on being highly pragmatic, always prioritizing solutions that balance efficiency and impact. Oh, and fun fact: my right thumb is actually my toe. Yes, it’s as weird as it sounds, but I like to think I can give “Super Likes”.
LHC Capture the Flag
Creator Event Map Page – LVCC West-Level 2-W201-W202 (Lonely Hackers Club Community)When: | Friday, Aug 8, 10:00 – 11:59 PDT Saturday, Aug 9, 10:00 – 11:59 PDT |
The LHC Capture The Flag is a beginner-friendly, jeopardy-style competition designed to introduce newcomers to the exciting world of cybersecurity challenges. Participants will explore a diverse range of categories including steganography, radio communications, encryption techniques, and mind-bending puzzles, all structured to build fundamental hacking skills. This hands-on component provides a supportive environment for learning, with some challenges uniquely incorporating physical items that can be accessed in the LHC Community Room. Whether you’re curious about cybersecurity or looking to develop your technical problem-solving abilities, this CTF offers an accessible entry point into the fascinating realm of hacking.
LHC First Time DEF CON Meetup
Creator Event Map Page – LVCC West-Level 2-W201-W202 (Lonely Hackers Club Community)When: | Friday, Aug 8, 10:00 – 10:59 PDT |
First time attending DEF CON? If so stop by for our meet up to meet like minded people who are also coming for the first time by themselves or with friends to meet people to attend talks, villages, workshops, etc with!
Linux Trainer
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 12:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Knowing how to use the Linux command line is a critical skill for any good security practitioner. This trainer will have 10+ problems covering some of the most fundamental Linux commands. This trainer is for people new to field and for those who want to hone their Linux command line-fu.
Live Recon Contest
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-Live Recon AreaWhen: | Saturday, Aug 9, 10:00 – 12:59 PDT |
People:
SpeakerBio: Himanshu Kumar Das
No BIO available
SpeakerBio: Ankur Bhargava
No BIO available
Live Recon Internal Pre-Screening
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-Live Recon AreaWhen: | Saturday, Aug 9, 13:00 – 14:59 PDT |
People:
SpeakerBio: Himanshu Kumar Das
No BIO available
SpeakerBio: Ankur Bhargava
No BIO available
Live Recon Judges Presentations
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-Live Recon AreaWhen: | Saturday, Aug 9, 15:00 – 17:25 PDT |
People:
SpeakerBio: Himanshu Kumar Das
No BIO available
SpeakerBio: Ankur Bhargava
No BIO available
Live Recon Session
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-Live Recon AreaWhen: | Friday, Aug 8, 10:00 – 17:59 PDT |
People:
SpeakerBio: Himanshu Kumar Das
No BIO available
SpeakerBio: Ankur Bhargava
No BIO available
Locktopus Speed Picking Finals
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-701 (Lock Pick Village)When: | Saturday, Aug 9, 15:30 – 17:30 PDT |
The biggest speed picking event in North America debuts at DEFCON 33 this year! Join us to see the top competitors from Friday and Saturday’s qualifying brackets hash it out and be crowned champion of TOOOL’s Locktopus Speed Picking Challenge!
People:
SpeakerBio: Hipu
No BIO available
Loong Community Activities
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C203 (Loong Community)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 12:59 PDT |
Loong Community is Landing at DEFCON 33! Co-Hosted by Hong Kong & Singapore Crew!
Get ready to explore the cutting edge of hardware hacking & infosec tools at Loong Village in #DEFCON33!
This year, Loong is a powerhouse HK-SG collaboration focused on showcasing the vibrancy and talent of the Asian infosec community with tools all arouund the world! 🇸🇬🤝🇭🇰
Dive into hands-on mini-stations featuring: – 📡 SDR Playground (Signalens Pro, Kraken SDR, HackRF, RTL SDR. RF Explorer H Loop Antenna etc.) – ⌨️ BadUSB (Hak5 Rubber Ducky, USB Ninja, O.MG Cables) – 🔑 RFID/NFC Exploration (Proxmark3 RDV4.01, Flipper Zero, Signalens Pro) – 🌐 Network Pentest Tools (Wifi Pineapple, Cynthia, DualComm Network Tap, ScreenCrab) – 🎫 Exclusive Off-by-One (Singapore) Badges (available for purchase!) – Drone FPV simulator, VR/MR, Neo
Make your very own evil IoT Cat Lamp with WLED!
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Friday, Aug 8, 10:00 – 10:59 PDT |
Kit cost $80
Make your very own evil IoT Cat Lamp with WLED!
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Saturday, Aug 9, 12:30 – 13:30 PDT |
Kit cost $80
Links:Registration – https://retia.io/products/dc33-workshop-make-your-very-own-evil-iot-cat-lamp-fri-8-9-25-10-00am-11-00am
Make your very own evil IoT Cat Lamp with WLED!
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Sunday, Aug 10, 13:00 – 13:59 PDT |
Kit cost $80
Malvynox
Creator Event Map Page – LVCC West-Level 2-W224 (Telecom Village)When: | Sunday, Aug 10, 10:20 – 13:30 PDT |
At Malvynox, we run a series of advanced Capture the Flag (CTF) competitions designed to push the boundaries of telecom network security research and skills development, we are coming up with the details very soon
Memorial Chamber Open
Creator Event Map Page – LVCC West-Level 3-W302 (Memorial Chamber)When: | Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
The DEF CON Memorial Chamber serves as a sacred space within our community — a place where we pause to honor those hackers whose brilliance and dedication have elevated not just our craft, but the entire security ecosystem. Here we remember figures whose generous spirit and willingness to coordinate security fixes demonstrated that true hacking greatness lies in collaboration. We are here because DEF CON has been the beating heart of the hacker community for over three decades, growing from 100 people in 1993 to the world’s largest hacker conference. As Jeff Moss envisioned, DEF CON is what we make of it, this memorial space represents our commitment to ensuring that the legacy of those we’ve lost continues to inspire future generations of hackers to pursue knowledge, build community, and use their gifts to make the world better.
Mentor-Mentee Mixer
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C201 (.edu Community)When: | Friday, Aug 8, 17:00 – 17:59 PDT |
Meshtastic for Hackers: Set up, Configure, & Deploy Nodes for Advanced Use
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Saturday, Aug 9, 16:45 – 18:15 PDT |
Kit cost $135
Links:Registration – https://retia.io/products/dc33-workshop-meshtastic-for-hackers-set-up-configure-deploy-nodes-for-advanced-use-sat-8-9-25-16-45-18-15
Meshtastic for Hackers: Set up, Configure, & Deploy Nodes for Advanced Use
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Friday, Aug 8, 13:45 – 15:15 PDT |
Kit cost $135
Microsoft Security with AI
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-404 (AIxCC)-Collaborator SpaceWhen: | Saturday, Aug 9, 14:00 – 15:59 PDT |
Microsoft will present practical, tool-centric journey for cybersecurity professionals to rapidly build, deploy, and scale AI-powered capabilities using Microsoft’s AI ecosystem. Rather than focusing on abstract AI enablement, the presentation showcases how operators and developers can directly apply tools like Azure AI Foundry, Security Copilot, GitHub Copilot, and Jupyter Notebooks to solve real-world security challenges—faster and with greater precision. The narrative walks through: • AI-enhanced security operations: Integrating Azure OpenAI and Jupyter Notebooks for threat detection, anomaly analysis, and incident summarization. • Agentic workflows: Demonstrating how multi-agent systems can orchestrate complex tasks like querying vector databases, calling APIs, and reflecting on outcomes. • Toolchain depth: Highlighting the breadth of Microsoft’s AI stack—from foundational models to observability, governance, and trustworthy AI safeguards. • Developer empowerment: Emphasizing how the Azure AI Foundry SDK and model catalog enable rapid prototyping, customization, and deployment of AI agents in familiar environments like GitHub and Visual Studio.
People:
SpeakerBio: David Caswell
No BIO available
SpeakerBio: Jared Graff
No BIO available
SpeakerBio: Joe Zerafa
No BIO available
SpeakerBio: Robert Soligan
No BIO available
Microsoft Security with AI
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-404 (AIxCC)-Collaborator SpaceWhen: | Friday, Aug 8, 14:00 – 15:59 PDT |
Microsoft will present a practical, tool-centric journey for cybersecurity professionals to rapidly build, deploy, and scale AI-powered capabilities using Microsoft’s AI ecosystem. Rather than focusing on abstract AI enablement, the presentation showcases how operators and developers can directly apply tools like Azure AI Foundry, Security Copilot, GitHub Copilot, and Jupyter Notebooks to solve real-world security challenges—faster and with greater precision. The narrative walks through: • AI-enhanced security operations: Integrating Azure OpenAI and Jupyter Notebooks for threat detection, anomaly analysis, and incident summarization. • Agentic workflows: Demonstrating how multi-agent systems can orchestrate complex tasks like querying vector databases, calling APIs, and reflecting on outcomes. • Toolchain depth: Highlighting the breadth of Microsoft’s AI stack—from foundational models to observability, governance, and trustworthy AI safeguards. • Developer empowerment: Emphasizing how the Azure AI Foundry SDK and model catalog enable rapid prototyping, customization, and deployment of AI agents in familiar environments like GitHub and Visual Studio.
People:
SpeakerBio: David Caswell
No BIO available
SpeakerBio: Robert Soligan
No BIO available
SpeakerBio: Jared Graff
No BIO available
SpeakerBio: Joe Zerafa
No BIO available
Minecraft Coding Puzzles
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-402 (GameHacking.GG Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT |
Learn game scripting languages through fun minecraft puzzles
Mobile CTF
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C106 (Mobile Hacking Community)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 11:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Capture the Flag (CTF) events featuring mobile application security challenges at varying levels of difficulty, also providing a ranking system to evaluate and compare participants’ skills.
This beginner-friendly mobile app CTF contest will include challenges across various categories, including:
Dynamic Code Instrumentation Reversing Native Code Code Obfuscation/Deobfuscation Exploiting app components Malware Analysis Mobile Forensics Bypassing Security Mechanisms Exploiting WebViews
Mobile Game Hacking
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-402 (GameHacking.GG Village)When: | Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Mobile game hacking workshop for mobile gamers
Mythic, Ghostwriter, Nemesis, and Tying the Room Together: The Dude’s Guide to Red Team Operations
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 2When: | Saturday, Aug 9, 15:00 – 16:50 PDT |
Operating with modern red team tools has a lot of ins, a lotta outs, a lotta what-have-yous. If you were like me before operating with tools like Mythic, managing your projects with Ghostwriter, and analyzing your data automatically with Nemesis, you were probably living in the past and piecing things together manually, writing things down in a tedious, un-zen lack-of-system that would leave you scrambling at the end of testing, when your report should be about to go to a peer review or QA.
You might be saying, “But Michael, I like doing things manually and wasting mine and my client’s time.” Yeah, well, you know, that’s just, like, your opinion, man.
That is entering a world of pain. I don’t know about you, but when that’s happening, I feel really out of my element.
Luckily, Mythic, Ghostwriter, and Nemesis really tie the room together and are a huge quality-of-life boost. No more will you say to yourself, “This aggressor script will not stand, man!” Sometimes the bear eats you, but it’s high time you eat the bear.
Get ready to be bowled away by a modern approach to managing your red team operations with tools like Mythic, Ghostwriter, and Nemesis (or whatever else you can think of to plug into these tools’ APIs if you’re note into the whole brevity thing) to streamline your workflow.
You might get so excited that you’ll flail your arms around in joy – but be careful man, there’s a beverage here!
People:
SpeakerBio: Michael Donley
Michael is an Adversary Simulation Consultant at SpecterOps, where he deals in testing all the things – networks, web apps, Kubernetes clusters, humans, physical sites, and especially the potency of energy drinks.
He is the Director of Volunteers for the Red Team Village and loves helping people new to the field (especially career changers) find their foothold in the infosec industry.
When he’s not hacking stuff or learning about new things, he is a drummer for just about any improv show in Chicago that has music in it.
NetworkOS
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)When: | Sunday, Aug 10, 10:00 – 12:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
The Network-OS workshop will take you into the mysterious world which underpins modern computing and allows people to talk across the globe. This of course being the network itself. In this workshop you will familiarize yourself with the command line of network devices. Step by step, you will configure devices to talk to each other, share information about the computers connected to them, and relay their network information and traffic between each other. No experience needed, know how to type and copy/paste.
NMDP (formerly Be The Match) – Registration Drive
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C100 (NMDP)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Be the Match is returning to DEF CON for its 12th year, to run a registry drive for the National Marrow Donor program! Swing by and check out one of the coolest biohacks out there, and how you could be the next person to save a life!
No Stupid Questions
Creator Event Map Page – LVCC West-Level 2-W204 (Noob Community)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Ongoing AMA booth with volunteers and speakers answering all your DEF CON and cyber questions
Noob Community Buddies
Creator Event Map Page – LVCC West-Level 2-W204 (Noob Community)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Not sure where something is? Our Buddies will help you find it. Look for the folks in the pink safety vests. We’re here to help.
Noob Community CTF
Creator Event Map Page – LVCC West-Level 2-W204 (Noob Community)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT |
Noob-friendly CTF by MetaCTF, 100s of prizes, ticket for each challenge completed, raffle on Sunday at noon, helpers in the village
Noob Community Open
Creator Event Map Page – LVCC West-Level 2-W204 (Noob Community)When: | Sunday, Aug 10, 10:00 – 13:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Talks, AMA, CTF, and more
NoPrompt: Exposing Conditional Access Failures in Azure
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Sunday, Aug 10, 11:00 – 11:59 PDT |
NoPrompt is a lightweight testing tool that helps uncover where Microsoft Entra ID (formerly Azure Active Directory) allows password-only authentication—granting access without triggering Multi-Factor Authentication (MFA) or Conditional Access policies. In many real-world environments, device-based Conditional Access rules or misconfigurations can unintentionally permit full access with just a username and password, especially from desktop platforms or legacy agents. NoPrompt simulates authentication requests from a variety of user agents—like Windows, Linux, Android, and iPhone—to identify where MFA is silently bypassed across critical Microsoft APIs such as Microsoft Graph, AAD Graph, and Azure Service Management. This lab session will demonstrate how red teamers can use NoPrompt to identify stealthy access vectors and how defenders can validate their Conditional Access enforcement across device types. Attendees will walk away with practical insight into modern identity attack surfaces and a free, open-source tool to test their own environments.
People:
SpeakerBio: Saksham Agrawal
Senior Security Consultant at NotSoSecure where I dive into cloud penetration testing, audits, and red teaming across platforms like Azure and AWS. I love helping organizations uncover hidden gaps in their cloud defenses and build stronger, more resilient systems. My journey into security started back in high school with a curious fascination for hacking—I was that kid endlessly testing and learning. That passion led me into the professional world: I kicked things off as an AWS administrator, moved on to consulting at Payatu, and in 2024 landed at NotSoSecure. Along the way, I’ve developed cloud-focused labs, contributed to research, and picked up certifications like AZ‑500 and AZ‑104. What really drives me? Building tools and workflows that streamline the messy, real-world challenges of red teaming in the cloud. I’m always on the lookout for new attack routes and clever ways to turn them into learning opportunities. I’m excited to bring “NoPrompt” to DEF CON 33 and share how it can help streamline cloud-based operations for security professionals.
NPM Imposters – The malware detection card game
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 1When: | Friday, Aug 8, 15:00 – 16:59 PDT |
NPM Imposters is a fast, team-based game where players must spot malicious NPM packages hiding in plain sight. Each team gets a deck of cards mimicking real npmjs.com pages — some show metadata like stars, downloads, and maintainers; others reveal parts of the package code, like index.js or package.json. The challenge? Identify which packages are safe, suspicious, or outright malicious. Once teams decide, they flip each card to reveal the truth, with a quick explanation based on real-world attacks like event-stream and ua-parser-js. It’s a fun, hands-on way to learn how supply chain attacks happen, and how easily trust can be exploited
People:
SpeakerBio: Mackenzie Jackson
No BIO available
NPM Imposters – The malware detection card game
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 1When: | Sunday, Aug 10, 11:00 – 12:59 PDT |
NPM Imposters is a fast, team-based game where players must spot malicious NPM packages hiding in plain sight. Each team gets a deck of cards mimicking real npmjs.com pages — some show metadata like stars, downloads, and maintainers; others reveal parts of the package code, like index.js or package.json. The challenge? Identify which packages are safe, suspicious, or outright malicious. Once teams decide, they flip each card to reveal the truth, with a quick explanation based on real-world attacks like event-stream and ua-parser-js. It’s a fun, hands-on way to learn how supply chain attacks happen, and how easily trust can be exploited
People:
SpeakerBio: Mackenzie Jackson
No BIO available
Official Statement from BSides Pyongyang 2025: A Glorious Leap Into The Cyber Power Index
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)I proudly announce BSides Pyongyang 2025 will take place on November 18. This year, for the first time ever, we will also offer an online attendance option for comrades living outside of the homeland.
As the electric-jewel of Pyongyang, our BSides conference is the oldest in the world. Highlights include: – Capture the Flag: Outsmart our 17-layer perimeter, if you dare – Zero-Day Parade: Featuring vulnerabilities discovered by the People’s Code Forces – Keynote by Me, the Supreme IT Worker: Cyber attack maps: the next pew pew in the cyber battle space
Attendance is mandatory for loyal IT Workers and by special invitation only for select foreign hackers.
Let the world know: North Korea is not just a nuclear power — we are a cyber supernova.
Pick up exclusive stickers at the malware village throughout DEF CON, supply limited
For updates, please follow BSky/bsidespyongyang.
Oh hai! Meet Adam Shostack
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C206 (OWASP Community)When: | Saturday, Aug 9, 11:30 – 11:59 PDT |
Ever spotted someone from InfoSec in the wild and chickened out on saying hi? Yeah, us too. Come embrace the social awkwardness in a safe space where everyone’s just as nervous as you are – but also just as excited to connect. We’re gathering the chronically online, the terminally technical, and even the legend himself, Adam Shostack! Expect vibes, vibes, and maybe a little STRIDE talk. You in?
People:
SpeakerBio: Adam Shostack
No BIO available
Oh hai! Meet Cthulhu Answers ( ;,;)~
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C206 (OWASP Community)When: | Friday, Aug 8, 14:30 – 14:59 PDT |
Ever lurked InfoSec Twitter too long & now you’re afraid to say hi to anyone in real life? Same.
But now’s your moment: a whole room full of socially anxious hackers awkwardly saying hello—together. Come meet Twitter’s favorite not-so-secret mystery, @Cthulhu_Answers
People:
SpeakerBio: Cthulhu_Answers
No BIO available
Oh hai! Meet Philip Wylie
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C206 (OWASP Community)When: | Saturday, Aug 9, 12:00 – 12:30 PDT |
Ever lurked InfoSec Twitter too long & now you’re afraid to say hi to anyone in real life? Same.
But now’s your moment: a whole room full of socially anxious hackers awkwardly saying hello—together. Come meet @PhillipWylie in the OWASP Community Room at DEFCON 33.
He’s taught, mentored, written books, summoned entire curricula into existence, and somehow still answers emails. (Probably.)
Author of The Pentester BluePrint. Featured in Tribe of Hackers. Host of two podcasts. Actual nice human.
People:
SpeakerBio: Phillip Wylie, Offensive Security Mentor
Phillip Wylie is a distinguished cybersecurity professional with over 27 years of combined IT and cybersecurity experience, including more than 21 years focused on information security. Specializing in offensive security with over a decade of hands-on experience, Phillip has extensive expertise in penetration testing, red team operations, and social engineering engagements, working both as a consultant and as an in-house pentester for enterprise organizations.
As a passionate educator, Phillip served as an Adjunct Instructor at Dallas College for over 3.5 years and has developed curricula for INE and P3F. He is the concept creator and co-author of The Pentester BluePrint: Starting a Career as an Ethical Hacker and was featured in Tribe of Hackers: Red Team. Phillip hosts two prominent cybersecurity podcasts: The Phillip Wylie Show and Simply Offensive.
Phillip is a sought-after conference speaker, hands-on workshop instructor, and dedicated mentor to cybersecurity professionals worldwide.
Oh hai! Meet Ray [REDACTED] & friends
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C206 (OWASP Community)When: | Saturday, Aug 9, 12:00 – 12:59 PDT |
Ever spotted someone from InfoSec Twitter in the wild and chickened out on saying hi? Yeah, us too. Come embrace the social awkwardness in a safe space where everyone’s just as nervous as you are – but also just as excited to connect. We’re gathering the chronically online, the terminally technical, and even the legend himself, @RayRedacted. Ray is dropping by for an hour, with special friends and presents, but he’s gotta keep pace with an Olympian so gotta get there fast! <3
People:
SpeakerBio: Ray [REDACTED], Producer at Darknet Diaries
No BIO available
Open Source Art
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C208 (WISP Community)When: | Saturday, Aug 9, 10:00 – 10:59 PDT Friday, Aug 8, 10:00 – 10:59 PDT |
Kick off your DEF CON morning with a creative reset. Open Source Art is adult coloring time but hacker-style. Choose from privacy and security themed coloring pages and bring them to life with markers, crayons, and your own flair. Whether you’re decompressing or collaborating on a shared poster, it’s the perfect low-pressure space to connect, reflect, and color outside the lines.
OpenAI: Meet our security research team!
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-404 (AIxCC)-Collaborator SpaceWhen: | Friday, Aug 8, 12:00 – 13:59 PDT |
As a collaborator with DARPA on the AI Cyber Challenge, OpenAI has advanced AI powered security research. Members of our team will be present to hear your ideas, share insights into our team, and discuss our involvement in AIxCC!
People:
SpeakerBio: Ian Brelinsky, OpenAI
No BIO available
SpeakerBio: Matthew Knight, Vice President at OpenAI
No BIO available
SpeakerBio: Kristen Chu, OpenAI
No BIO available
SpeakerBio: Dave Aitel, Technical Staff at OpenAI
No BIO available
SpeakerBio: Greg Harper, OpenAI
No BIO available
SpeakerBio: Mike Hunter, OpenAI at OpenAI
No BIO available
OpenAI: Meet our security research team!
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-404 (AIxCC)-Collaborator SpaceWhen: | Saturday, Aug 9, 16:00 – 17:59 PDT |
As a collaborator with DARPA on the AI Cyber Challenge, OpenAI has advanced AI powered security research. Members of our team will be present to hear your ideas, share insights into our team, and discuss our involvement in AIxCC!
People:
SpeakerBio: Ian Brelinsky, OpenAI
No BIO available
SpeakerBio: Matthew Knight, Vice President at OpenAI
No BIO available
SpeakerBio: Kristen Chu, OpenAI
No BIO available
SpeakerBio: Dave Aitel, Technical Staff at OpenAI
No BIO available
SpeakerBio: Greg Harper, OpenAI
No BIO available
SpeakerBio: Mike Hunter, OpenAI at OpenAI
No BIO available
Operating System Community
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C210 (Operating Systems Community)When: | Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
The OS Community is the perfect destination for anyone passionate about the building blocks of hacking: operating systems. This community isn’t just about what’s under the hood; it’s about cracking it open, rethinking it, and optimizing it for innovation. Attendees will experience an interactive hub where they can dive into OS development, discover open-source platforms, and learn how operating systems can be tailored for security, performance, and creative hacking.
Operation Horizon Veil
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-606 (Biohacking Village)When: | Saturday, Aug 9, 12:00 – 14:59 PDT |
🚨 Horizon Veil Enters Phase Three: The Hospital Crisis Simulation Begins
The Scenario:
As the dust settles from the initial detonations political, radiological, and digital the next phase of the Horizon Veil simulation begins.
The final 10 turns shift the spotlight to southern Germany and France, where hospital systems are reaching their breaking point. Overwhelmed by radiation casualties, cyber-disrupted logistics, and mounting refugee pressure, medical centers from Munich to Marseille are facing impossible choices. Triage under disinformation. Staffing collapses under threat of digital sabotage. International aid is tangled in red tape and mistrust.
This phase will test what happens when the healthcare system becomes the final line of civilizational defense and what it means to govern when basic survival is no longer guaranteed.
If you’ve been following the earlier turns, this is where the long tail of your policy decisions lands with patients on the floor and nowhere left to go.
🔎 Why Participate?
- Explore realistic public health failure scenarios
- Engage in dynamic roleplay and collaboration
- Hone your crisis decision-making skills
- Contribute to a living simulation that evolves with player input
✳️ No Experience Needed
Whether you’re a seasoned responder or a curious newcomer, this experience is designed to challenge your instincts, engage your problem-solving skills, and immerse you in a suspenseful and evolving situation. All backgrounds welcome.
📍 Event Details
- Location: Biohacking Village, DEF CON 33, Las Vegas
- Date & Time: Saturday, August 9th 1200 – 1500 PDT
People:
SpeakerBio: Nathan Case, CSO at Clarity
Nathan Case is a cybersecurity engineer and strategist with over two decades of experience defending critical infrastructure, building secure cloud systems, and leading incident response at the highest levels. His career spans roles at Amazon Web Services, McKesson, and defense-focused startups, where he has architected platforms for healthcare, government, and national security missions. Known for his ability to bridge technical depth with real-world impact, Nathan has led global security teams, supported cyber operations across multiple countries, and advised both enterprise executives and government leaders on risk, resilience, and transformation.
OSINT Challenges
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 3When: | Sunday, Aug 10, 10:00 – 11:55 PDT |
A series of OSINT Challenges to teach techniques useful in various Cybersecurity related areas.
People:
SpeakerBio: Alex Ackerman
00101010
SpeakerBio: Lee McWhorterLee McWhorter, Owner & Chief Geek at McWhorter Technologies, has been involved in IT since his early days and has over 30 years of experience. He is a highly sought after professional who first learned about identifying weaknesses in computer networks, systems, and software when Internet access was achieved using a modem. Lee holds an MBA and more than 20 industry certifications in such areas as System Admin, Networking, Programming, Linux, IoT, and Cybersecurity. His roles have ranged from the server room to the board room, and he has taught for numerous universities, commercial trainers, and nonprofits. Lee works closely with the Dark Arts Village at RSAC, Red Team Village at DEFCON, Texas Cyber Summit, CompTIA, and the CompTIA Instructor Network as a Speaker, SME, and Instructor.
SpeakerBio: Sandra StibbardsSandra Stibbards opened her investigation agency, Camelot Investigations, in 1996. Currently, she maintains a private investigator license in the state of California. Sandra specializes in financial fraud investigations, competitive intelligence, counterintelligence, business and corporate espionage, physical penetration tests, online vulnerability assessments, brand protection/IP investigations, corporate due diligence, and Internet investigations. Sandra has conducted investigations internationally in five continents and clients include several Fortune 500 and international companies. Sandra has been providing training seminars and presentations on Open Source Intelligence (OSINT) internationally since 2010 to federal governments and corporations.
OWASP Chapter Meetup
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C206 (OWASP Community)When: | Sunday, Aug 10, 11:00 – 13:59 PDT |
This one’s for the chapter leads, the regulars, the new folks, and everyone who makes OWASP what it is. Join us at DEFCON 33 for a meetup made to foster connection between OWASP chapters. It’s a chance to share wins, swap challenges, build relationships, and spark ideas that reach beyond our local scenes. Whether you’re repping your city or just curious about how others are building community, pull up. The global OWASP family is real—and this is where we get to feel it.
OWASP x Hack the Box – Top10 Ahoy!
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C206 (OWASP Community)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Come play the debut challenge from Hack the Box featuring the OWASP Top 10. Visit the OWASP space to access or to find a friend / team!
Packet AI
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)When: | Sunday, Aug 10, 10:00 – 12:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Use machine learning with Python to detect attacks in network packets including DNS tunneling, FTP brute force, and HTTP scanning. We will be using various Python tools such as iPython notebooks, scapy, and scikit-learn. Some Python experience is recommended, but if you don’t know Python, come prepared to start with our Python tutorial!
Packet Detective
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)When: | Sunday, Aug 10, 10:00 – 12:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Looking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Inspector, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet
Packet Inspector
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 12:59 PDT |
The perfect introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.
Password Lab
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)When: | Sunday, Aug 10, 10:00 – 12:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Follow real world password attack steps against a mock target in order to better understand how to protect yourself and improve the security of your passwords!
pAWS: The Breach Has Happened. Can You Catch It?
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Friday, Aug 8, 16:00 – 17:59 PDT |
Cloud breaches leave footprints – can you track them?
In this hands-on workshop, participants will deploy and investigate a simulated breach inside pAWS: a purpose-built AWS lab environment designed to emulate a realistic small organization. Unlike typical labs with isolated services, pAWS models interconnected users, workloads, and data across departments like finance, marketing, and engineering – just like real cloud environments adversaries target.
The breach simulation goes beyond cloud. Participants will trace adversary activity spanning AWS, identity, endpoints, and network surfaces – including API abuse, privilege escalation, persistence via SSM, and data exfiltration – all correlated in Elastic Security using rich cross-domain telemetry.
Infrastructure is deployed via Terraform and Python with reusability baked in. No prior AWS setup required – we’ll provide access to preconfigured Elastic environments.
You’ll walk away with: – Practical experience emulating and investigating cloud-native attack paths – A better understanding of how real attackers move through hybrid environments – Open-source tooling to expand or reuse the lab post-workshop
Whether you’re in detection engineering, threat research, or purple teaming, pAWS delivers the full kill chain – with all the paw prints left behind. Come for the cloud, stay for the paw prints.
People:
SpeakerBio: Terrance DeJesus
Terrance DeJesus is a Senior Security Research Engineer on Elastic’s Threat Research & Detection Engineering (TRADE) team, where he simulates threat actor behavior across cloud, identity, and endpoint surfaces to build detections that matter. His work blends offensive tactics with defensive depth – from replaying real-world breaches in AWS and Azure, to building open-source tools that bring adversary tradecraft to life.
Terrance has a passion for making security detection real and accessible, bridging the gap between threat emulation and telemetry-driven hunting. Whether he’s reverse-engineering OAuth abuse or staging multi-cloud attack chains in Terraform, his goal is always the same: help defenders see what attackers are doing – and stop them faster.
When he’s not building labs, developing detections or tuning detection rules, you’ll find him chasing kids, printing gadgets, gaming or writing spaghetti code.
Physical Security Village Activities
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-804 (Physical Security Village)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 11:59 PDT |
The Physical Security Village explores the world of hardware bypasses and techniques generally outside of the realm of cyber-security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself.
We’ll be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, attacking alarm systems at the sensor and communication line, and cut-away and display models of common hardware to show how it works on the inside.
Looking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!
And new this year we have safe cracking exhibits, a physical security challenge and more! Come swing by and say hi!
Portswigger Awards: Top 10 web hacking techniques of 2024
Creator Event Map Page – LVCC West-Level 3-W326 (Bug Bounty Village)When: | Sunday, Aug 10, 11:30 – 11:59 PDT |
PortSwigger will present the inaugural Top 10 Vulnerability Research Awards from 2024 inside the Bug Bounty Village. In this session, PortSwigger will recognize ten outstanding researchers for their impactful vulnerability discoveries and research contributions over the past year. As most winners are unable to attend in person, the presentation will briefly introduce each winner and highlight their work. This marks the first time these awards are presented live at DEF CON, celebrating the creativity and dedication of the global security research community.
People:
SpeakerBio: Portswigger
No BIO available
Prowler – Maximize your Cloud Security Compliance Assessments with Open Source and a pinch of AI
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Saturday, Aug 9, 13:30 – 15:30 PDT |
Cloud security and compliance are no longer optional—they are essential for modern organizations operating in dynamic, multi-cloud environments. This hands-on workshop dives into Prowler, a powerful open-source tool designed to assess and improve your cloud security posture, with a special focus on AWS, Azure, GCP and Kubernetes environments.Over the course of two hours, participants will learn how to deploy and customize Prowler to perform automated compliance checks aligned with industry standards such as CIS, GDPR, HIPAA, and more. The session will also introduce practical techniques for extending Prowler’s capabilities using scripting, integrations, and basic AI-assisted analysis to prioritize risks and surface actionable insights.
People:
SpeakerBio: Toni de la Fuente
Toni de la Fuente, Prowler Open Source creator and CEO, has profoundly impacted cybersecurity. His AWS background and passion for FLOSS, cloud computing, and information security have fueled contributions like phpRADmin and Alfresco BART. An esteemed speaker at BlackHat and DEFCON, de la Fuente champions open-source solutions and cloud security advancements.
SpeakerBio: Pedro MartinNo BIO available
pwn.college Belting Ceremony
Creator Event Map Page – LVCC West-Level 2-W235 (DEF CON Academy)When: | Saturday, Aug 9, 17:00 – 17:59 PDT |
pwn.college hackers, come claim your belt at the Belting Ceremony! We’ll honor those who have battled through challenges and conquered the benchmarks that earn true hacker cred. Whether it’s your first belt or the next step in your pwn.college journey, come get recognized for your skills in front of the DEF CON Academy crew.
pwn.talk – live from DEF CON
Creator Event Map Page – LVCC West-Level 2-W235 (DEF CON Academy)When: | Saturday, Aug 9, 12:00 – 12:59 PDT |
The pwn.talk podcast is going live from DEF CON 33 to share highlights of their DEF CON experience so far, and reflect on the launch of DEF CON Academy.
Links:Website – https://defcon.pwn.college
People:
SpeakerBio: pwn.talk crew, pwn.college
No BIO available
Pwning AWS: Exploiting Cloud Misconfigurations
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Sunday, Aug 10, 11:30 – 12:30 PDT |
Abstract:
This hands-on workshop dives into real-world AWS misconfigurations that attackers actively exploit to gain privilege escalation and access sensitive data. You’ll step into the shoes of an adversary and learn how common oversights like loose IAM roles, misconfigured Cognito identity pools, or exposed metadata endpoints can be chained into full-blown breaches.
Key Takeaways:
- Escalate IAM permissions to gain admin-level access
- Exploit SSRF in EC2 to steal credentials
- Abuse misconfigured Cognito identity pools for unauthorized access
- Understand how small missteps can trigger large-scale compromise
- Use tools like Cloud Nuke to safely clean and reset your infrastructure
Built for all skill levels, this lab gives security engineers, DevOps teams, and developers a safe space to break things, fix them, and come out with a sharper eye for spotting these risks before attackers do.
People:
SpeakerBio: Bhagavan Bollina
Bhagavan Bollina is a passionate security researcher who loves building and breaking things in the cloud. Parallelly he also dabbles in web, network and mobile security. Bhagavan was a core member of the cloud security R&D and testing team at Appsecco. When not building and breaking stuff in the cloud, he enjoys bug bounty hacking and CTFs. He loves training his dog as well in his spare time, but the dog weirdly seems to not like cloud security.
SpeakerBio: DeepakDeepak is a security engineer with a strong foundation in web security and a deep curiosity for new technologies such as the intersection of AI and cybersecurity. He has worked as a penetration tester to break systems but is now interested in building secure systems. He loves anything that mentally challenges him . Outside of work, you’ll likely find him on a hiking trail, working on puzzles or playing soccer(P.S. don’t ask him about his favourite soccer team. They haven’t won anything in a while)
SpeakerBio: Jainil MalaviyaJainil Malaviya is a red team enthusiast and cybersecurity learner who enjoys diving deep into web and network penetration testing. He is currently a co-op at the Global Network Engineering Lab at Nokia Canada Inc and pursuing his master’s degree at Northeastern University. Jainil actively sharpens his offensive security skills by playing Capture The Flag (CTF) challenges on platforms like Hack The Box and TryHackMe. When he’s not exploring vulnerabilities or simulating real-world attacks, Jainil is equally fascinated by the world of entrepreneurship, often watching startup podcasts, studying case studies, and thinking about how great companies are built. Outside of tech, he enjoys traveling and cherishes spending quality time with his family.
PyIntruder: Customizable, CLI-Native Web Fuzzer
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-Arsenal 2When: | Saturday, Aug 9, 15:00 – 15:59 PDT |
This talk introduces a high speed, open source CLI fuzzing and intruder tool designed for AppSec professionals. It supports multithreading, payload encoding, request file handling, custom headers, charset bruteforcing, and user-defined placeholders enabling highly customizable and efficient testing workflows. Originally inspired by feedback from OSCP practitioners, the tool is built to handle complex scenarios with speed and flexibility. Attendees will explore real world use cases, advanced fuzzing techniques, and how community driven tooling can advance offensive security practices.
People:
SpeakerBio: Nandan Gupta
Nandan Gupta is an Application Security Engineer with a strong passion for cybersecurity. He focuses on penetration testing, secure code reviews, and threat modeling to identify and mitigate vulnerabilities early in the development lifecycle.
SpeakerBio: Sagnik HaldarSagnik Haldar is a Security Engineer at a product based company, with a focus on application security, DevSecOps, and offensive tooling. With hands on experience in secure code reviews, security automation, and vulnerability research, he work at the intersection of development and security to protect large-scale web applications.
Q-DAY: Village Elder’s Q&A
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-206 (Quantum Village)When: | Saturday, Aug 9, 17:30 – 17:59 PDT |
Quantum CTF Winners Announced
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-206 (Quantum Village)When: | Sunday, Aug 10, 12:00 – 12:30 PDT |
People:
SpeakerBio: Quantum Village People
No BIO available
Quantum Networks – AMA
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-206 (Quantum Village)When: | Saturday, Aug 9, 11:45 – 12:15 PDT |
People:
SpeakerBio: Michele Reilly
No BIO available
Quantum Table Top Threat Modelling
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-206 (Quantum Village)When: | Friday, Aug 8, 16:00 – 17:59 PDT |
People:
SpeakerBio: Jaya Baloo
No BIO available
SpeakerBio: Quantum Village People
No BIO available
Quantum Village Debates
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-206 (Quantum Village)When: | Saturday, Aug 9, 16:00 – 17:59 PDT |
People:
SpeakerBio: Bob Gourley
No BIO available
SpeakerBio: Quantum Village People
No BIO available
Queercon at The KEVOPS Sellout Pool Party
Creator Event Map Page – Sahara Azul Ultra PoolWhen: | Thursday, Aug 7, 19:30 – 22:30 PDT |
Queercon has been invited to join the KEVOPS Department for their 1st Annual Sellout Pool Party. Tacos and drinks and music all night! (While tacos last)
QueerCon Community Lounge Open
Creator Event Map Page – LVCC West-Level 3-W325 (Queercon Community)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 11:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Queercon’s mission is to raise awareness and promote acceptance of LGBTQIA+ individuals in the IT and infosec industries. We create space for queer people to meet, engage, and network through our badges, puzzle challenges, and meet-up events – all designed to help queer people find community where they are not alone. The Queercon Community Lounge is a place to find community anew, or return to familiar faces. Keep an eye on Hacker Tracker or queercon.org for our schedule of meetups and challenges!
R.A.M.P. Room – Resilience, Accessibility, Mentorship & Party
Creator Event Map Page – LVCC West-Level 2-W219 (Hackers With Disabilities)When: | Friday, Aug 8, 18:00 – 01:59 PDT Thursday, Aug 7, 18:00 – 01:59 PDT Saturday, Aug 9, 18:00 – 01:59 PDT |
Radio Frequency Village Events
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-803 (Radio Frequency Village)When: | Sunday, Aug 10, 10:00 – 12:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
In addition to the CTF and talks, which are elsewhere on the schedule, the RF Village is also a place to hang out and chat with like minded folks who share your interests.
Links:Website – https://rfhackers.com
Scoreboard – https://scoreboard.rfhackers.com/
Radio Recon Slot 1
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-Do Your Own Recon AreaWhen: | Friday, Aug 8, 11:00 – 12:59 PDT |
People:
SpeakerBio: Sudhanshu Chauhan
No BIO available
Radio Recon Slot 2
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-Do Your Own Recon AreaWhen: | Friday, Aug 8, 15:00 – 17:05 PDT |
People:
SpeakerBio: Sudhanshu Chauhan
No BIO available
Radio Recon Slot 3
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-Do Your Own Recon AreaWhen: | Saturday, Aug 9, 11:00 – 12:59 PDT |
People:
SpeakerBio: Sudhanshu Chauhan
No BIO available
Radio Recon Slot 4
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-603 (Recon Village)-Do Your Own Recon AreaWhen: | Saturday, Aug 9, 15:00 – 16:59 PDT |
People:
SpeakerBio: Sudhanshu Chauhan
No BIO available
Ransomware vs EDR: Inside the Attacker’s Mind
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 4When: | Saturday, Aug 9, 11:00 – 16:50 PDT |
Can You Really Trust Your EDR? Spoiler: Attackers Don’t — They Exploit It.
In the ever-evolving world of cybersecurity, attackers are one step ahead. But what happens when defenders rely on tools that attackers already know how to bypass? In this session, we dive deep into the mindset of adversaries and explore how modern Endpoint Detection and Response (EDR) systems are not the impenetrable fortress many think they are. As a defense researcher specializing in adversarial behavior, I’ve crafted a cross-platform ransomware (Windows, macOS, Linux) to understand the gaps in current defense mechanisms—not to cause harm, but to reveal how attackers think, act, and effortlessly slip past advanced defenses.
Through a live Proof of Concept (PoC) and in-depth technical walkthroughs, we’ll uncover the persistent techniques, evasion strategies, and overlooked system behaviors that let ransomware thrive even in well-defended environments. This talk isn’t meant to alarm—it’s an honest, reality-driven exploration of how attackers exploit EDRs, and more importantly, how defenders can bolster their security strategies.
If you work in blue team operations, threat hunting, or product security, expect to leave with a series of challenging questions rather than comforting answers.
I. Ransomware: Beyond Encryption
Evolving Objectives: Extortion, Persistence, and Disruption When Persistence is the Key to Success, Not the Payload
II. Mastering Persistence Across Platforms
macOS: LaunchAgents as a Stealthy Tool Windows: Registry Hijacking and Scheduled Tasks Linux: Cron Jobs, the Silent Worker
III. Building the Payload: Python and Java in Offensive Security
Quick Deployment: Why high-level languages dominate the attack surface Modular and Adaptable: Flexibility over complexity for real-world attacks
IV. How EDRs Actually Work: A Deep Dive
Detection Techniques: Behavioral analysis, memory scanning The Silent Failures: Weak telemetry collection and blind spots Evasion Patterns: From PoCs to real-world attacks
V. EDR Bypass: Simple Yet Effective Techniques
Signature Evasion: Breaking through with minor tweaks Demonstration: How different commercial EDRs can be bypassed effortlessly
VI. Theory Meets Reality: Lessons Learned from PoCs
Real-World PoCs: Demonstrating how defenses fail against basic, effective tactics Undetected Persistence: How attackers use legitimate tools and strategies to evade detection, even in heavily secured environments The Gap: Why static detection and behavioral analysis don’t always mesh—and how attackers exploit this vulnerability
VII. Final Thoughts: Turning Offensive Knowledge into Defensive Strength
Adopting the Attacker’s Perspective: Understanding offensive techniques to fortify defenses Realism Over Optimism: Building adaptable, resilient security strategies with limited resources A Call to Action: Defend with pragmatism—recognize the attackers’ mindset to create proactive defenses
People:
SpeakerBio: Zoziel Freire
I have been working with Information Technology for over 16 years. I worked for a long time as a consultant, providing services to several companies in different segments in Brazil and other countries.
During my career, I acquired vast experience in Incident Response, Forensic Analysis, Threat Hunting, Malware Analysis and Malicious Document Analysis. I worked sharing knowledge as OWASP Chapter Leader – Vitória.
I have some certifications in Information Security. I am passionate about malware development and analysis and forensic investigation.
I have worked with Ransomware Incidents in Brazil and other countries. I am a speaker at events on Hacking and Information Security, Malware Analysis and Information Security Awareness.
RegEx Trainer
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)When: | Sunday, Aug 10, 10:00 – 12:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Regular Expressions or RegEX are used everywhere! If you aspire to be a Pentester, Threat Hunter, Programmer, Network Engineer, DevOps or really anything in technology today, RegEx is a skill all the greats have and the majority of the industry are terrible at. Come learn or brush up on your RegEx skills in on our live trainer.
Regional Airport System CTF
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Choose your side!
Blue Team You are assigned to the Cybersecurity Team servicing four Regional Airports within the IG Labs Regional Airport System. The shift this evening started with routine checking status boards, reviewing threat alerts, and checking for any newly identified vulnerabilities that may have an impact on the system from both Information Technology (IT) and Operational Technology (OT) vectors.
Around midnight, chaos ensues! Runway lighting is turning off at your airport and others nearby, planes are circling waiting to land or diverting to other locations. You must regain access to your systems, find the problem, and restore operation to the Runway Lighting Control System quickly and ensure that the other regional airports your team is responsible for do not lose control of their systems and operations are able to continue without interruption.
Red Team(s) Cybersecurity Teams are often heavily focused on securing Information Technology (IT) systems and devices but may not consider securing Operational Technology (OT) systems and devices. While OT systems and devices may be connected to IT systems, the type of data and protocols are different.
You start your day exploring OT system vulnerabilities and consider what chaos you could create. You see a report that the runway lighting system at one of the IG Labs Regional Airports has been compromised. You start researching to learn more about the attack and the IG Labs Regional Airport System. Satisfied that you have learned enough to add to the madness that has been created at La Valoria, you decide to launch an attack of your own.
Success will be determined by the ability to disrupt the control and operations of the Runway Lighting Systems for the IG Labs Regional Airports at the OT level. DoS and DDoS attacks are not permitted as the intent is to demonstrate an understanding of OT systems, their functionality, and protocols.
Resume Reviews (would like 2-3 more reviewers)
Creator Event Map Page – LVCC West-Level 2-W205 (The Diana Initiative Community)When: | Friday, Aug 8, 14:00 – 14:59 PDT |
There are many oppotunities to have your resume reviewed during the week of hacker summer camp, at DEF CON you can stop by either Lonley Hackers Club or Noob Village for a review. However last year they were so popular we’re lending a hand and having a resume review hour in our space as well for those who for some reason were unable to go to the other resume review sessions.
People:
SpeakerBio: Kat “rnbwkat” Fitzgerald
No BIO available
SpeakerBio: John Stoner
No BIO available
SpeakerBio: Jessie “Ringer” Jamieson
Jessie Jamieson, aka “Ringer”, is a mathematician who loves using math to solve hard problems, but she loves helping others see the beauty and value of math even more! She has been invited to speak at mathematics and cybersecurity events about supply chain and AI-related risk, and has spoken internationally on the importance of data science maturity for cybersecurity effectiveness. Jamieson holds a PhD and a MS in Mathematics from the University of Nebraska – Lincoln, where she was a National Science Foundation Graduate Research Fellow. Jamieson has also held senior research roles at Tenable and the Johns Hopkins University Applied Physics Laboratory. She currently works in a role related to cybersecurity risk quantification. When not doing math, she’s usually playing volleyball or video games, playing soccer with her dog, Dax, or traveling to some of her favorite cybersecurity conferences (like DEFCON!).
Resume Reviews feat. Lonely Hackers Club x OWASP x WISP
Creator Event Map Page – LVCC West-Level 2-W201-W202 (Lonely Hackers Club Community)When: | Saturday, Aug 9, 10:00 – 15:59 PDT Friday, Aug 8, 10:00 – 15:59 PDT |
Have a resume that needs to be reviewed? Come check out LHC Resume Reviews for our 2nd annual event where we will review your resume by people from LHC, OWASP, and WISP! Be the first 90 people in line to get a special poker chip to take home!
RoboSumo Competition
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-802 (HHV-SSV)When: | Saturday, Aug 9, 13:00 – 13:59 PDT |
If you have never participated in a Robo Sumo event before, welcome to the crowd! There are a number of resources online on this topic. We are lucky enough to have Pololu as a local resource. Their office is a short distance from the strip. They have have robots and parts to make robots. They can ship to your hotel if desired. Put something together and bring it down to show off and shove other bots around.
Please follow the “more info” link if you would like to know more.
Links:More Info – https://dchhv.org/events/robosumo.html
Satellite Hacking
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Saturday, Aug 9, 14:00 – 16:59 PDT Saturday, Aug 9, 10:00 – 12:59 PDT |
Register in-person at the Aerospace Village starting Fri, 8 Aug, space is very limited.
Six teams of up to four people with prizes for the winning team in each session.
First session Saturday, 10am-1pm Second session Saturday, 2pm-5pm
SBOM Meetup
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-Main StageWhen: | Sunday, Aug 10, 12:00 – 12:59 PDT |
Join your friends to chat about the software supply chain! SBOM isn’t going away, but there’s still tons to learn and build. We’ll talk about SBOM regulations around the world, the state of open source tools, some interesting research, and the research yet to be done. What does SBOM mean for AI-generated code and AI systems? This informal meetup will be a chance to share your thoughts, ask questions, and get to know others in the space.
People:
SpeakerBio: Erez Yalon
VP of Security Research at Checkmarx | Co-Founder of DEF CON’s AppSec Village | Co-Leader of OWASP API Security Project
SpeakerBio: Allan Friedman, Adjunct Professor of Informatics at the Luddy School of Informatics, Computing, and Engineering at Indiana UniversityDr. Allan Friedman is internationally recognized for leading the global Software Bill of Materials (SBOM) movement, transforming it from a niche idea into a widely adopted pillar of cybersecurity policy and practice. Over his decade in public service, Friedman held senior roles at the Cybersecurity and Infrastructure Security Agency (CISA) and the National Telecommunications and Information Administration (NTIA), where he built and led groundbreaking efforts on SBOM, coordinated vulnerability disclosure, and IoT security. He has partnered with governments and regulators in Europe and Asia, and continues to advise public- and private-sector organizations on building trust and resilience into the systems that matter most.
Before his time in government, Friedman spent over a decade as a researcher and technologist, holding positions at Harvard University’s Computer Science department, the Brookings Institution, and George Washington University’s Engineering School.
Sec-Gemini
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-404 (AIxCC)-Collaborator SpaceWhen: | Saturday, Aug 9, 10:00 – 11:59 PDT |
Digital forensics is often a race against time to contain damage, with teams having to pain-stakingly sift through millions of diverse logs to confirm compromise and devise remediation steps. This slow, manual, and error-prone process often leads to hacker activity left unhindered for hours, days, or even weeks at a time.
To help accelerate forensic investigations and shorten compromise duration, we are extending Timesketch (an open-source collaborative digital forensics platform owned by Google), with agentic capabilities powered by Sec-Gemini (Google’s experimental AI specialized in cybersecurity). This demo will showcase Sec-Gemini’s log analysis capability and how it provides findings in an easy-to-review, transparent manner via TimeSketch’s new AI panel.
People:
SpeakerBio: Dominik Swierad, Google
No BIO available
SpeakerBio: Alex Kantchelian
No BIO available
SpeakerBio: Diana Kramer, Security Engineer at Google
Security Engineer at Google, specializing in digital forensics and incident response. Experience in the video game industry and consulting, working as an incident analyst, security consultant, and security engineer. Currently focused on applying AI and Large Language Models (LLMs) to streamline and enhance incident response workflows, specifically for investigations, automated reporting, and threat analysis.
SpeakerBio: Janosch Köpper, Security Engineer at GoogleJanosch Köpper is a Security Engineer on Google’s Incident Response team, where he specializes in digital forensics, incident management and automation. He is a core maintainer of the open-source Timesketch project, used for collaborative forensic timeline analysis.
SpeakerBio: Maarten van DantzigNo BIO available
Sector Down
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-606 (Biohacking Village)-Device LabWhen: | Saturday, Aug 9, 15:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 11:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
Sector Down is a high-stakes, immersive multiplayer card game where critical infrastructure and cybersecurity collide. Designed for teams of 5, 10, 15, or 20 players, this simulation pits defenders and attackers against each other in a race against the inevitable: The Doom Clock.
🛡️Defend or Disrupt
Players are divided into two sides: – Blue Team – Critical infrastructure defenders. Each Blue player manages a sector with three vital facilities: Physical, Network, and Financial. Their mission? Keep the systems alive and online while working together to run out the clock. – Red Team – Offensive disruptors. Red players attempt to take down facilities using calculated cyberattacks and chaos tactics. Their goal: force sector collapses and trigger the Doom Clock.
⏱️ Time-Based Tactics
The game progresses in strategic phases where players draw cards, take action using worker tokens, and discard based on hand limits. Watch out for unpredictable “White Plays”—random game events that add surprise twists every few rounds.
🔥 The Doom Clock
When half of all sectors or any core sectors go down, the Doom Clock starts ticking. Teams must respond fast: Blue must recover systems before the countdown hits zero, or Red claims victory.
🤝 Team Dynamics
- Worker Sharing: Blue teammates can lend each other resources in bonus phases.
- Overtime Mechanics: When the pressure’s on, Blue players can double down on effort—with the tradeoff of worker exhaustion in future turns.
🎮 Why You Should Play
- Dive into a realistic cybersecurity crisis.
- Learn how interdependent systems behave under attack.
- Collaborate and compete with hackers, healthcare defenders, and critical infrastructure enthusiasts.
- Engage with a visually rich map interface and fast-paced card dynamics.
Whether you’re a strategist, a chaos agent, or just love competitive simulation, Sector Down challenges your mind and your teamwork. Can your team hold the line or will your sector go dark? Come play during DEF CON 33.
Links:Details and Instructions – https://www.villageb.io/_files/ugd/67716d_0b70d040031542d2ae84779dbf3cb637.pdf
Securing the Future with Claude
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-404 (AIxCC)-Collaborator SpaceWhen: | Saturday, Aug 9, 12:00 – 13:59 PDT |
How close are we to AI systems that can outperform human hackers? And could these same systems become our most powerful defensive tools against tomorrow’s cyber threats? On Anthropic’s Frontier Red Team, we’ve spent the last several months trying to answer these questions empirically by studying models and their capabilities across the cyber domain. In this talk, we’ll present our framework for assessing the cybersecurity risks posed by increasingly powerful AI models, share results from our experiments on the offensive and defensive capabilities of Claude, and show how AI itself may be the key to securing our digital infrastructure against both human-directed and autonomous AI-powered attacks.
People:
SpeakerBio: Newton Cheng, Anthropic
No BIO available
Serverless but Not Defenseless: A Security Deep Dive into Cloud Run
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Saturday, Aug 9, 11:00 – 12:59 PDT |
Abstract
Google Cloud Run offers a powerful way to run containerized applications without managing infrastructure—but with abstraction comes new security challenges. This 2-hour hands-on workshop will equip attendees with the skills to securely deploy and manage services on Cloud Run using DevSecOps principles, automated CI/CD pipelines, and GCP-native tools for policy enforcement and monitoring.
Participants will explore common security pitfalls, implement defense strategies, simulate attacks, and walk away with reusable blueprints to secure Cloud Run in real-world deployments.
Workshop Structure
1. Why Cloud Run & Where It Fails
- GCE vs GAE vs Cloud Run: pros, cons, and attack surface
- Shared responsibility model & use case mapping
- Common vulnerabilities: exposed endpoints, over-permissive IAM, SSRF, and insecure tokens
- Real-world incident examples and OWASP Serverless Top 10
2. Secure Deployment with CI/CD & DevSecOps
- Setting up GitHub Actions pipelines for Cloud Run
- Container security: using Snyk/Trivy for image scans
- Secrets management with GCP Secret Manager
- Auth and access: OIDC integration, IAM hardening, workload identity
- Build, scan, push, and deploy pipeline to Artifact Registry
* Hands-on:*
– Secure app deployment to Cloud Run with IAM restrictions
– CI/CD pipeline setup with scanning and auto-deploy on pass
– Apply least privilege roles to service accounts
3. Monitoring, Logging & Alerting
- Cloud Audit Logs, Error Reporting, and Alerting Policies
- Visualizing runtime activity in Cloud Monitoring
- Detecting misconfigurations and security violations in real-time
- Integration examples: third-party SIEMs like Chronicle/Splunk
* Hands-on:*
– Trigger policy violations or misconfig
– Capture alerts and interpret logs
– Dashboards for visibility
4. Enforcing Security with Policy-as-Code
- Using Config Validator to write GCP security constraints
- Policy Controller & drift detection concepts
- Blocking unauthenticated deployments via guardrails
- Bonus: intro to Cloud Armor, VPC-SC, and DDoS protection
* Hands-on:*
– Apply policy templates for Cloud Run
– Test enforcement with a violating deployment
– Observe guardrails in action in GCP console
People:
SpeakerBio: Nishant Sharma
Nishant Sharma is a seasoned cybersecurity professional with deep expertise in cloud security, DevSecOps, and hands-on technical training. He is currently working as Head of Cybersecurity Research at SquareX (sqrx.com). He was in Cybersecurity education for 10+ years during which he served as VP Labs R&D at INE.com, headed R&D at Pentester Academy, developing thousands of host, networking and cloud security labs on AWS, GCP and Azure infrastructure. These labs were used by learners in 125+ countries. A frequent presenter at DEF CON, Black Hat, and OWASP events, and trainer/speaker/author to 10+ trainings, 15+ talks and 9+ open source tools.
SESNSploit: Red Team Exploitation of AWS SES and SNS Misconfigurations
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Sunday, Aug 10, 12:00 – 12:59 PDT |
SESNSploit is a dedicated red team exploitation tool targeting AWS Simple Email Service (SES) and Simple Notification Service (SNS) misconfigurations. While existing frameworks like Pacu offer minimal or no coverage for these services, SESNSploit fills this gap by providing comprehensive attack scenarios. This includes enumerating regions, listing topics and identities, sending unauthorized emails or messages, and simulating misconfiguration exploitation. The tool is designed for red teamers, security researchers, and cloud security professionals to assess and identify potential security weaknesses in AWS SES and SNS setups.
We have added few of the following key features:
Enumeration of active SES and SNS regions.
Identification of SES identities and SNS topics.
Unauthorized message and email sending simulations.
Menu-driven interface for easy navigation.
Supports state-saving for efficient testing and resumption.
SESNSploit offers functionalities that major AWS exploitation frameworks like Pacu currently lack. It specifically focuses on SES and SNS, which are often overlooked in security assessments but can be critical entry points if misconfigured.
Github link : https://github.com/harekrishnarai/SESNSploit
People:
SpeakerBio: Hare Krishna Rai
Hare Krishna Rai is a security researcher and red teamer with over three years of experience in software supply chain security, cloud exploitation, and offensive security tooling. He was volunteer at cloud village in RSA Conf 2025, he has presented at top-tier conferences including Black Hat Europe, Blackhat asia, DEF CON, c0c0n, and NullCon.
Gaurav Joshi is a security engineer with a strong focus on cloud and network security. He has experience in threat modeling, secure development practices, and hardening misconfigured cloud services. As a co-developer of SESNSploit, he contributes to identifying and operationalizing real-world misconfigurations in AWS environments
SpeakerBio: Gaurav JoshiNo BIO available
SpeakerBio: Mohd. Arif
No BIO available
Social Engineering Community Village – Contest Awards
Creator Event Map Page – LVCC West-Level 3-W317-W319 (Social Engineering Community Village)When: | Sunday, Aug 10, 10:00 – 10:45 PDT |
See who won in our village! During this time weíll present the SECVC and BOTB winners, as well as the much-coveted Dundies!
Social Engineering Community Village – Village Open
Creator Event Map Page – LVCC West-Level 3-W317-W319 (Social Engineering Community Village)When: | Friday, Aug 8, 08:30 – 17:59 PDT |
Rise & shine, social engineers! Swing by to get your SEC merch, and claim your throne, because the phones start ringin’ soon!
Social Engineering Community Village – Village Open
Creator Event Map Page – LVCC West-Level 3-W317-W319 (Social Engineering Community Village)When: | Saturday, Aug 9, 10:00 – 17:59 PDT |
We’re kicking off right at 1000! Don’t forget to check out our Merch table in the back of the village!
Social Engineering Community Village – Village Open
Creator Event Map Page – LVCC West-Level 3-W317-W319 (Social Engineering Community Village)When: | Sunday, Aug 10, 10:00 – 11:30 PDT |
Welcome to our last day at DEF CON!
Space Camp 33: An Orbital Incident Response Odyssey
Creator Event Map Page – LVCC West-Level 2-W213-W218-(Blue Team Village) W214-W215When: | Friday, Aug 8, 16:00 – 17:59 PDT |
Join Blue Team Village and Aerospace Village for a high-stakes, interactive tabletop exercise that launches cybersecurity into orbit — literally. In Space Camp 33, participants will respond to a cascading series of simulated cybersecurity and crisis management events centered around a fictional tech-aerospace hybrid company, BlueX. When outdated systems, poor segmentation, and a ransomware attack trigger an unscheduled spacecraft launch, teams must navigate cyber-physical consequences, viral media fallout, and interstellar implications. Will your response team keep cool under cosmic pressure? Or will your incident response burn up on reentry?
People:
SpeakerBio: Jacob Oakley
Jacob Oakley, PhD, DSc, is a cybersecurity journeyman, author, speaker, and educator with 19 years of experience. He serves on the Steering Committee for the IEEE Space System Cybersecurity Standards Working Group and is an adjunct professor at Embry-Riddle Aeronautical University writing/teaching graduate courses on space cyber, he also developed and teaches a satellite hacking course at Black Hat.
SpeakerBio: Kelly OhlertKnown for using gamification elements in tabletop simulations to heighten stakes and introduce random events, Gwyddia has designed and facilitated single-scenario and multi-table simulations for organizations ranging from VC-stage startups to Fortune 100 companies, for virtual tables of two and live groups of over three hundred.
Speaker, Blue Team Village at DEF CON, Security BSides Las Vegas, ShmooCon, Fal.con, NSGSCon, Security BSides Delaware, and many more.
SpeakerBio: Liz WhartonElizabeth (Liz), founder of Silver Key Strategies, is a recognized expert advising on cybersecurity and technology projects. In addition to over a decade in private practice and as counsel at two startups, she was the Senior Assistant City Attorney overseeing technology projects at Atlanta’s Hartsfield Jackson International Airport (the World’s Busiest Airport) where she led on the integration of drones in the airfield. Prior experience also includes advising state, local, and federal governments on unmanned systems, publishing numerous articles and white papers, and serving as President of the Atlanta Chapter of the Association for Unmanned Vehicle Systems International. Outside of Silver Key, her projects include serving on the Board of the Aerospace Village (a nonprofit focused on cybersecurity in the aerospace field). Liz was recognized as the 2022 “Cybersecurity or Privacy Woman Law Professional of the Year” by the United Cybersecurity Alliance. She received her J.D. from Georgia State University College of Law and her B.A. from Virginia Tech.
SpeakerBio: Tim WestonNo BIO available
Space Systems Security CTF – Platform Security
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-503 (Aerospace Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT |
Launch into the thrilling world of cybersecurity, specifically designed for space systems! Learn the fundamentals to safeguard ground stations, communication links, and spacecrafts.
Engage in an immersive and fun CTF scenario. Apply your cybersecurity skills in real-time and see the direct impact of your decisions on our Space Systems Demonstrator. In this high-stakes scenario, you’ll align with the Aurora Alliance in their critical mission to thwart Count Viktor Thunderclaw and the notorious Nebula Syndicate. The Syndicate threatens to destroy historic monuments around the world with their Space Laser unless their demands are met. Do you have what it takes to dismantle their malevolent plans?
Our beginner-level CTF kicks off as soon as the village opens—no pre-registration necessary. Just bring your laptop to access the CTF platform and your favorite packet decoding software (i.e. Wireshark). Expect the CTF to take you less than 1 hour to complete. Team collaboration is encouraged, and if you encounter obstacles, numerous hints are available to guide you. Excel in the challenge, and you could walk away with a CT Cubed SAO, an exclusive prize while supplies last.
Spotlight: Access Everywhere with InfoSecMap
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C206 (OWASP Community)When: | Friday, Aug 8, 10:00 – 10:30 PDT Saturday, Aug 9, 16:30 – 16:59 PDT |
Opportunities in InfoSec are everywhere, but they’re often buried across scattered websites, social media posts, or chat channels. Whether it’s a local meetup, a CFP deadline, a volunteer opportunity, or the chance to sponsor an initiative, many people and organizations miss out simply because they don’t know where to look or find info bloated by pay-to-play noise.
InfoSecMap was created to solve this. It’s a free, community-driven platform that brings the global InfoSec ecosystem together in one place. From major conferences to CTFs and grassroots meetups, InfoSecMap helps users explore what’s happening by geographic region or focus area and discover where they can connect and contribute.
InfoSecMap is proud to partner with OWASP, bringing together volunteer-led chapters and global events while fostering stronger connections and community growth. We believe open source should mean open access, and we’re building the infrastructure to make that real.
People:
SpeakerBio: W. Martín Villalba, C13 Security
Martín is an application and product security consultant with over 15 years of industry experience. He founded C13 Security, where he specializes in Secure SDLC, pentesting, and vulnerability management. He is an active member of the InfoSec community, collaborating with local groups and global organizations such as BSides and OWASP. He also built InfoSecMap, an open-access platform for discovering InfoSec events and communities from all around the world.
Spotter – Universal Kubernetes Security Engine
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-Arsenal 1When: | Sunday, Aug 10, 10:00 – 10:59 PDT |
Spotter is a groundbreaking open-source tool or solution designed to secure Kubernetes clusters throughout their lifecycle. Built on the native tooling of Kubernetes by leveraging CEL (Common Expression Language) for policy definitions, we can define unified security scanning across development, CLI, CI/CD, Admission Controllers, deployments, runtime, and continuous monitoring. Its unique approach enables both enforcement and monitoring modes, ensuring that policies can be applied consistently and mapped directly to industry standards such as CIS, MITRE ATT&CK, etc.
Spotter provides extreamly high flexbility across all Kubernetes phases, providing an innovative approach that no other open-source or commercial solution can replicate. It seamlessly bridges security, DevOps, and platform teams, effectively solving the real-world challenges faced by day-to-day operations.
People:
SpeakerBio: Madhu “madhuakula” Akula, Pragmatic Security Leader
Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON 24, 26, 27, 28, 29 & 30, BlackHat 2018, 19, 21 & 22, USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
Staring at You, Staring Inside You
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Step into the IoT Village and challenge those eyes staring at you. Break open real hardware and dive in to uncover vulnerabilities.
Try your luck to emulate those devices. Whether you’re a hardware hacking pro of just a hardware wrecker, this hands-on experience is your change to push the limits of hardware hacking.
Ready to see what’s really watching you?
StarPWN CTF
Creator Event Page – OnlineWhen: | Friday, Aug 8, 10:00 – 11:59 PDT Saturday, Aug 9, 10:00 – 11:59 PDT |
Register at https: //app.metactf.com/starpwn-2025
Starts at 10am on Friday and ends at 1200 on Saturday with prizes awarded immediately afterward.
Static Analysis Hero – Security Code Reviews for Professionals
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-Arsenal 2When: | Friday, Aug 8, 12:00 – 12:59 PDT |
Static Analysis Hero (SAH) is a Visual Studio Code extension for detecting software vulnerabilities and managing static code analysis. It supports code scanning using Semgrep, custom rulesets, and built-in regex for multiple languages. SAH also enables documentation through comments, bookmarks, prioritization, and export/import features for collaborative security reviews. Fully open-source, offline-capable, and compatible with other VS Code tools to leverage the power of the IDE, SAH is designed for both developers and security professionals.
People:
SpeakerBio: Dustin Born
Dustin Born is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. Within pentesting, he focuses on web applications, cloud environments and mobile applications. Apart from this, Dustin supports the development of several internal tools that focus on automated reconnaissance and vulnerability assessment. This aligns with his interests in developing tools related to IT security and his previous scientific work. Specifically, he has built a framework for a general purpose vulnerability scanner as well as one for the dynamic analysis of iOS apps.
SpeakerBio: Matthias GöhringMatthias Göhring is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. He is Head of usd HeroLab, the division of usd specialized in technical security assessments. In addition, he holds lectures at Technical University Darmstadt and University of Applied Sciences Darmstadt on ethical hacking and penetration testing. In previous scientific work, he focused on network and communication security as well as software security.
Previous publications: – Catching the Clones – Insights in Website Cloning Attacks, Risk Connect Conference, 2021 – Path MTU Discovery Considered Harmful, IEEE 38th International Conference on Distributed Computing Systems (ICDCS), 2018 – Tor Experimentation Tools, IEEE Security and Privacy Workshops, 2015 – On randomness testing in physical layer key agreement, IEEE 2nd World Forum on Internet of Things (WF-IoT), 2015
Stealing Browser Cookies: Bypassing the newest Chrome security measures
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 1-405 (Red Team Village)-RTV Tactics 2When: | Friday, Aug 8, 14:00 – 15:50 PDT |
This session explores advanced security mechanisms implemented by major browsers to prevent cookie theft from their storage databases. Chrome has recently implemented AppBound encryption, which provides multi-layered protection for session cookies:
1) A 2-way DPAPI encryption system that operates with both elevated NT AUTHORITY\SYSTEM permissions and normal user-level decryption capabilities;
2) A state-key encryption layer utilizing the ChaCha20Poly1305 algorithm with custom keys (that once was AES-256-GCM encrypted);
These implementations have significantly reduced the effectiveness of info-stealing malware. However, this session will demonstrate potential vulnerabilities in these security measures and explain how to obtain decrypted cookies despite these protections. We will examine the new format specifications and encryption methodologies for cookies.
Beyond Chromium-based browsers, we’ll explore Gecko’s encryption algorithms, which involve structured ASN.1 data formats with multiple encryption schemes including 3DES and AES-256. We’ll also analyze Chromium on macOS which relies on PBKDF2 key derivation, and WebKit-based browsers that store cookies in binary cookie files.
Additionally, we’ll discuss Chrome’s forthcoming “Device Bound Session Cookies” (DBSC) technology, which aims to further mitigate session hijacking through cookie theft by implementing TPM chip-based encryption and requiring proof of possession of the cryptographic key.
People:
SpeakerBio: Rafael Felix
Rafael has been working with malware development for 4 years, also being involved in the malware community for more than 6 years. He is also experienced in Incident and Response, specifically during malware inner workings analysis. Currently, Rafael is a researcher for Hakai Offensive Security, being deeply involved with red-team operations.
Sticker Swap
Creator Event Map Page – LVCC West-Level 2-W201-W202 (Lonely Hackers Club Community)When: | Saturday, Aug 9, 10:00 – 12:59 PDT Sunday, Aug 10, 10:00 – 12:59 PDT Friday, Aug 8, 10:00 – 12:59 PDT |
Come stop by for our first offical event where we will have custom stickers for VX Underground, Skyhopper, and more!
Temporary Tattoo Bar
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C208 (WISP Community)When: | Friday, Aug 8, 14:00 – 14:59 PDT Saturday, Aug 9, 14:00 – 14:59 PDT |
Ink your vibe, temporarily. Choose from hacker and privacy-themed designs and apply them on the spot with our DIY tattoo station. Fun, expressive, and perfect for selfies, this bar lets you wear your identity proudly without a lifetime commitment.
The #Badgelife Meet, Greet, and Trade Party! (Open to Public, Formerly Hacker Flairgrounds)
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)When: | Friday, Aug 8, 14:00 – 14:59 PDT |
The Diana Initiative’s Quiet Room
Creator Event Map Page – LVCC West-Level 2-W206 (The Diana Initiative Quiet Room)When: | Friday, Aug 8, 21:00 – 23:30 PDT Sunday, Aug 10, 10:00 – 13:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Diana Initiative is excited to offer up a “Quiet Room”. This room is a library vibes environment where people can calm down or recharge before going back out to experience more DEF CON, or even safely have a meltdown, stim, and take time to recenter. In our library area we will have fidget toys, coloring pages and more.
The Gang Recycles It’s Trash: Upcycling old IoT into new capabilities.
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Saturday, Aug 9, 10:00 – 17:59 PDT |
How do you turn trash into gold?
How do you build a hacking lab and hacking skillset with no budget?
Why aren’t you popping tags and hacking all the things?
Join DCG (215) Philadelphia’s Lazlo and Syngularity for a trip down memory lane with old devices, new exploits, and a lot of Living off the Lan(d).
Go birds.
The Misconfig Matrix: From Chaos to Control
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Sunday, Aug 10, 10:30 – 11:30 PDT |
In the age of hybrid and multi cloud environments, visibility and control over misconfigurations is critical. Budgets, time, and resources rarely scale as fast as infrastructure. This hands-on lab walks you through the realities of defending modern cloud environments, using real misconfigurations.
Participants will automate scans against multiple misconfigured environments, and learn to interpret findings in context using a set of open-source CSPM tools across simulated multi-cloud infrastructure.
The lab culminates in comparing tools using a Pugh Matrix. Attendees will compare tools based on coverage, usability, integration, and accuracy, equipping them with a repeatable evaluation framework tailored to organizational maturity, size, and resource constraints.
Core Focus Areas
Cloud Inventory & Visibility – Understand what’s deployed across providers and where misconfigurations hide.
Open-Source Tooling Deep Dive – Explore strengths and compare various CSPM tools like Prowler, Steampipe, Scout Suite.
Deployment Automation – Use automated scripts to spin up various tools and investigate findings.
Tool Evaluation Framework – Score each tool’s effectiveness using a weighted Pugh Matrix.
Security Strategy by Org Type – Decide when to build, buy, or adopt based on maturity, scale, and needs.
1) Kick-off & Cloud Risk Lens — 10 min
Clone lab repo, walkthrough of the fictional company’s multi-cloud architecture.
Discuss common multicloud misconfig scenarios and visibility gaps.
2) Baseline Tool Scan — 20 min
Automate running various CSPM tools based on deployed infrastructure.
Collect reports and note 3+ key findings per tool.
4) Pugh Matrix Evaluation — 20 min
Evaluate each tool on factors like detection depth, usability, integrations, and maintenance.
Fill out and weigh the Pugh Matrix collaboratively.
People:
SpeakerBio: Hari Pranav Arun Kumar
HP is a Security engineer and my job includes working on improving cloud, application and runtime security. I have worked with the cloud village team, developing CTF’s over the past two years. I love to tinker, participate in hackathons and eventually found my passion for security. Looking forward to connecting and collaborating with everyone!
SpeakerBio: Ritvik AryaRitvik is an Application Security Engineer. has experience working in securing cloud applications, threat modeling, and secure code reviews. He is also a bug bounty hunter and currently working on securing containers. Part of the cloud village team and work on setting up challenges for the CTF.
The Upgrade Lottery: The Odds Are Against You
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 2When: | Friday, Aug 8, 15:00 – 16:59 PDT |
Fixing security bugs is part of a dev’s job, but it can also be a one-way ticket to dependency hell because 95% of upgrades have the potential to cause breaking changes! In this lottery inspired game, you’ll play the odds to see how many vulnerabilities you can eliminate (and get back to writing code) without breaking the application.
People:
SpeakerBio: Jenn Gile
No BIO available
The Upgrade Lottery: The Odds Are Against You
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 2When: | Saturday, Aug 9, 11:00 – 12:59 PDT |
Fixing security bugs is part of a dev’s job, but it can also be a one-way ticket to dependency hell because 95% of upgrades have the potential to cause breaking changes! In this lottery inspired game, you’ll play the odds to see how many vulnerabilities you can eliminate (and get back to writing code) without breaking the application.
People:
SpeakerBio: Jenn Gile
No BIO available
Trivia
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C204 (Badgelife Community)When: | Friday, Aug 8, 15:00 – 17:59 PDT |
People:
SpeakerBio: Lipo
No BIO available
SpeakerBio: d1stinctmind
No BIO available
TryHackMe – Azure Purple Teaming: Emulating and Detecting Cloud TTPs
Creator Event Map Page – LVCC West-Level 3-W312 (Cloud Village Labs)When: | Friday, Aug 8, 13:30 – 15:30 PDT |
As cloud infrastructure becomes a prime target for adversaries, defenders must evolve their detection capabilities to stay ahead. Join us for an immersive, hands-on workshop where we’ll emulate real-world attacker behaviours and build compelling detection logic using Azure-native logs and tools.
This workshop introduces participants to Azure’s control and data plane logging systems, the visibility gaps in API-based detection, and how Microsoft Sentinel can be leveraged for threat detection using KQL. Participants will first explore the landscape of Azure telemetry, including log tables like AzureActivity, AuditLogs, SigninLogs, and MicrosoftGraphAPI, to understand what’s available—and what’s missing—when trying to detect threats in the cloud.
The core of the session is focused on executing and detecting high-impact TTPs such as:
Unauthorised use of Azure CLI
Run Command Abuse on virtual machines
Mass blob reads and deletions
Malicious Key Vault access attempts
Through guided simulations, attendees will perform these actions in a dedicated Azure tenant, then pivot to the defender side to query relevant logs using Kusto Query Language (KQL), surfacing anomalies, and crafting detections.
Whether you’re a cloud defender, threat hunter, or detection engineer, this session offers a rare opportunity to simulate adversary behaviour and refine detection strategies in a realistic Azure environment. By the end of this workshop, you’ll leave with practical KQL queries, detection playbooks, and hands-on experience in defending cloud infrastructure against modern threats.
Tenant Deployment Instructions:
Each participant will receive access to a pre-provisioned Azure tenant with the necessary services (including virtual machines, storage accounts, Key Vaults, function apps, and AKS clusters) already deployed and configured. Diagnostic settings will be pre-enabled to stream control and data plane logs into Microsoft Sentinel for immediate use.
Furthermore, all participants will deploy their Azure tenants through the TryHackMe platform, where credentials will be automatically provisioned. This streamlined setup ensures secure, consistent access for all attendees. Additional browser-based consoles will be provided directly within the TryHackMe environment to support hands-on activities, eliminating the need for local installation.
People:
SpeakerBio: Ariz Soriano
Ariz is a Senior Content Engineer at TryHackMe, a global platform revolutionising cyber security education through gamified, hands-on learning. At TryHackMe, he creates immersive labs, real-world training content, and capture-the-flag (CTF) challenges that make cyber security accessible, engaging, and practical for learners of all levels. His work helps bridge the gap between theoretical knowledge and real-world application, empowering individuals to build job-ready skills in a fun and effective way.
With over eight years of professional experience in cyber security—including penetration testing, red teaming, and incident response—Ariz brings real-world depth to every piece of content he develops. His unique blend of technical expertise and educational insight enables him to craft learning experiences that are both challenging and impactful.
Beyond his contributions to TryHackMe, Ariz is a Managing Consultant at THEOS, leading the Red Team practice. In this role, he has directed and delivered numerous high-impact Red Teaming engagements for organisations across various sectors and regions.
Ariz is also a dedicated community builder. He is the founder and lead organiser of the Red Teaming Village at ROOTCON, the Philippines’ premier hacker conference. Through this initiative, he fosters offensive security awareness by curating technical talks, practical workshops, and interactive activities that nurture the region’s next generation of red teamers.
Vulnerability Hunt – The Snippets Edition
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 1When: | Friday, Aug 8, 13:00 – 14:59 PDT |
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
People:
SpeakerBio: Darren Meyer
Darren is a security research advocate and practitioner that has worked on every side of the AppSec world at some point in the past 20 years. He’s passionate about making security work more accessible and less stressful.
SpeakerBio: Raphael SilvaRaphael Silva is a Security Researcher at Checkmarx, specializing in security research, SAST methodologies, and Supply Chain Security. Over the course of his career, he has presented at various conferences, as well as conducted a workshop at DEFCON30. In addition, he is experienced in vulnerability analysis, research, and disclosure, having reported multiple bugs to companies and open-source projects.
Vulnerability Hunt – The Snippets Edition
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 3When: | Saturday, Aug 9, 13:00 – 14:59 PDT |
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
People:
SpeakerBio: Darren Meyer
Darren is a security research advocate and practitioner that has worked on every side of the AppSec world at some point in the past 20 years. He’s passionate about making security work more accessible and less stressful.
SpeakerBio: Raphael SilvaRaphael Silva is a Security Researcher at Checkmarx, specializing in security research, SAST methodologies, and Supply Chain Security. Over the course of his career, he has presented at various conferences, as well as conducted a workshop at DEFCON30. In addition, he is experienced in vulnerability analysis, research, and disclosure, having reported multiple bugs to companies and open-source projects.
Vulnerability Hunt – The Snippets Edition
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-604 (AppSec Village)-POD 3When: | Sunday, Aug 10, 11:00 – 12:59 PDT |
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
People:
SpeakerBio: Darren Meyer
Darren is a security research advocate and practitioner that has worked on every side of the AppSec world at some point in the past 20 years. He’s passionate about making security work more accessible and less stressful.
SpeakerBio: Raphael SilvaRaphael Silva is a Security Researcher at Checkmarx, specializing in security research, SAST methodologies, and Supply Chain Security. Over the course of his career, he has presented at various conferences, as well as conducted a workshop at DEFCON30. In addition, he is experienced in vulnerability analysis, research, and disclosure, having reported multiple bugs to companies and open-source projects.
WalkThrough Workshops
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 12:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT |
Come sit down and take a self guided journey to learn something hands on with us. We have an array of skills to learn including FleetDM, Linux, NetworkOS, Botnets, and others as well! We have people there to help answer your questions if things get a little dicey and make sure you have the best time while picking up something new.
Wall Of Sheep
Creator Event Map Page – LVCC West-Level 3-W303-W310 (Packet Hacking Village)When: | Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 12:59 PDT Friday, Aug 8, 10:00 – 17:59 PDT |
The fabled Wall Of Sheep…
WarDriver Meetup
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-803 (Radio Frequency Village)When: | Sunday, Aug 10, 10:30 – 11:55 PDT |
What’s the Matter with my smart home?
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Friday, Aug 8, 10:00 – 17:59 PDT Saturday, Aug 9, 10:00 – 17:59 PDT Sunday, Aug 10, 10:00 – 13:59 PDT |
Bitdefender invites you to solve a few challenges that will get you familiar with the inner workings oof the Matter Protocol.
Smart home promises seamless living with lights, locks, sensors, and thermostats, all speaking the same language.
But behind the comfort of voice commands and automated routines lies a tangled web of wireless protocols and IoT standards like Matter.
Can you disrupt, decode of dominate the smart home?
Wi-Fi Self Defense & Hacker Hunting & For Beginners
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Sunday, Aug 10, 10:00 – 12:30 PDT |
Kit cost $180
Links:Registration – https://retia.io/products/dc33-workshop-wi-fi-self-defense-hacker-hunting-for-beginners-8-10-25-11-00-13-30
Wi-Fi Self Defense & Hacker Hunting & For Beginners
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Saturday, Aug 9, 10:00 – 11:30 PDT |
Kit cost $180
Links:Registration – https://retia.io/products/dc33-workshop-wi-fi-self-defense-hacker-hunting-for-beginners-sat-8-9-25-12-00-14-30-copy
Wifi security
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 2-605 (IOT Village)When: | Friday, Aug 8, 16:00 – 18:30 PDT |
Kit cost $180
WipeOut XL hi-score tournament
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C102 (Hackers.town Community)When: | Friday, Aug 8, 10:00 – 17:59 PDT |
WISP Group Photo
Creator Event Map Page – LVCC West-Level 1-Exhibit Hall 4-Communities-C208 (WISP Community)When: | Saturday, Aug 9, 12:30 – 12:45 PDT |
Whether you’re here to connect, learn, or just vibe with fellow privacy and security advocates, this group activity is your chance to make memories with the Women in Security and Privacy community at DEF CON. Come as you are, leave with new friends, inspiration, and a photo that marks your place in this powerful movement.
Women, gender non-conforming and non-binary meetup with The Diana Initiative
Creator Event Map Page – LVCC West-Level 2-W205 (The Diana Initiative Community)When: | Friday, Aug 8, 21:00 – 23:30 PDT |
We’d love to get all the gender non conforming, non-binary and women together to hang out and make friends! DEF CON is better with friends. Stop in for a bit, or the whole time.