Brief demonstrations for people to show off their project.
One Page All Demolabs list with descriptions
defcon.org DemoLabs page
You may need to scroll to the right to see all info
|
AC Scanner: The Post-Quantum Cryptographic Exposure and CBOM Generator. You Need This! Demolabs Info |
|
AD-Necromancer: Resurrecting Forgotten Control Paths in Active Directory Demolabs Info |
|
AI Pipeline for N-days Weaponization Demolabs Info |
|
AOBTD: AI One Bites The DAST Demolabs Info |
|
AzProwl: Prowling the Azure Attack Surface Demolabs Info |
|
Be like a BRAT(BLE Recon and Attack Toolkit): Skip the Handshake, Own the Device Demolabs Info |
|
Beyond Spidering: Behavior Driven DAST for Real Application Workflows Demolabs Info |
|
BigIron.ai: AI-Assisted Exploration and Security Analysis of Mainframe Systems Demolabs Info |
|
Clew: Untangling Evasive Malware with Per-Sample Fuzzing Seeds Demolabs Info |
|
Damn Vulnerable Agentic AI Application (DVAIA) Demolabs Info |
|
DFMI: Weaponizing MSI Installers for Fileless Code Execution Demolabs Info |
|
Empire 7: Shipping a C2 at AI Speed Demolabs Info |
|
Ghost in the IDE Demolabs Info |
|
GhostCatcher (endpoint detection agent) Demolabs Info |
|
GnawLab: Open-Source AWS Attack Scenarios Based on Real-World Breaches Demolabs Info |
|
Goose Processing Unit (GPU): VRAM as an Unmonitored Attack Surface Demolabs Info |
|
Hook Crook – Extracting More From Discord Webhooks Demolabs Info |
|
Intercept.js: Runtime-Aware Detection for JavaScript Environments Demolabs Info |
|
Keychecker : SSH Key based attack tool for DVCS Systems Demolabs Info |
|
L.A.Y.E.R.S – Layered Analysis Engine for Browser Extension Risk and Security Demolabs Info |
|
LoKi: A LoRa/Meshtastic based implant for Red Teaming Demolabs Info |
|
MailX-Ray: A TSA X-Ray for Emails — Air-Gapped Safe-Read and Quick Triage in an Ephemeral MicroVM Demolabs Info |
|
MalSkill Lab: Hands-On Natural Language Malware in AI Agent Orchestration Systems Demolabs Info |
|
Monitor, Compile, Enforce: A Compiler Pipeline for Container Security Policy in Rust and eBPF Demolabs Info |
|
MSCodePhish: Redeem Your Coupon. Surrender Your Session Demolabs Info |
|
Overcast: Video OSINT Agent. Point It at 100 Videos, Ask Anything Demolabs Info |
|
Peekaboo: Breaking the Black Box of Threat and Malware Emulation Demolabs Info |
|
Phasmid: Deniable Storage for Rubber-Hose Scenarios Demolabs Info |
|
PromptPwn: Finding and Exploiting AI-Generated Vulnerabilities at Scale Demolabs Info |
|
pymsi: Interactive MSI Installer Analysis in Python and the Browser Demolabs Info |
|
Reversing F5: Pure-Go Steganography, Live Forensic Cover Recovery, and JPEG Fragility Analysis Demolabs Info |
|
SecretSifter: Production Apps Are Leaking Credentials. The Blindspot DAST Never Checked. Demolabs Info |
|
Senrigan (千里眼) x Suzaku (朱雀): Threat Hunting & DFIR for AWS — No SIEM, Just Your Laptop Demolabs Info |
|
sisakulint:CI-Friendly static linter with autofix, SAST, semantic analysis for GitHub Actions Demolabs Info |
|
TokenMesh: Exposing Azure’s Hidden Identity Attack Surface Demolabs Info |
|
Trajan: Cross-Platform CI/CD Security Scanner Demolabs Info |
|
VoiceLock: Offline, Robust On-Device Speech Transcription Demolabs Info |
|
Weaponizing eBPF and XDP with Covert Triggered Reverse Shells Demolabs Info |
|
X-Ray Your Agents: Pentesting MCPs, Skills, and the Plugin Supply Chain Demolabs Info |
|
xEndity: IoT Firmware Analysis & Digital Twin Platform Demolabs Info |
|
Zealot: An Autonomous Cloud Offensive Multi-Agent System Demolabs Info |
|
Zero-Cloud Threat Modeling: Vector Embedding Architectures for Automated Vulnerability Detection Demolabs Info |