DEF CON DemoLabs List

Brief demonstrations for people to show off their project.

DEF CON DemoLabs Short Table

defcon.org DemoLabs page



AC Scanner: The Post-Quantum Cryptographic Exposure and CBOM Generator. You Need This!

Demolabs Map Page – LVCCW Level 1 Hall 3 1002 (Demo Labs Track 2)
When:  Saturday, Aug 8, 15:00 – 15:45 PDT
Friday, Aug 7, 16:00 – 16:45 PDT

Creator: Demo Labs

AC Scanner is a tool to help providers of all kinds ensure their services can resist post-quantum cryptographic attacks including Harvest Now Decrypt Later (HNDL). The scanner is an open-source pipeline that automates full cryptographic surface discovery across TLS endpoints and SSH services, assessing every asset against NIST post-quantum standards and generating a structured Cryptographic Bill of Materials (CBOM). In a single command (sh scan.sh example.com) it runs subdomain enumeration, DNS resolution, TLS handshake analysis via OpenSSL, SSH auditing via ssh-audit, quantum vulnerability scoring, and CBOM output in JSONL/JSON/Markdown, ready to upload to an interactive dashboard. With NIST finalizing ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) in 2024, and NIST IR 8547 mandating deprecation of quantum-vulnerable algorithms by 2030, AC Scanner gives blue teams a fast, evidence-grade path from cryptographic discovery to compliance reporting.

Links:
    GitHub – https://github.com/qubitac/AC-Scanner

People:
    SpeakerBio:  Anurag Swarnim Yadav

Anurag Swarnim Yadav is Co-Founder and CTO of QubitAC, a company helping organizations with cryptographic discovery, post-quantum cryptography readiness assessment, migration framework development, and compliance readiness. He holds a PhD from the University of Florida, where his research examined how data quality impacts ML-based vulnerability detection systems and explored automated program repair for security flaws. He developed AC Scanner, a free open-source ACDI tool helping organizations discover, inventory, and prioritize their quantum-vulnerable cryptographic infrastructure, and has spoken at BSides security conferences educating practitioners on PQC adoption and the steps organizations need to take before the 2030 deadline.

SpeakerBio:  Joseph Wilson

Joseph N. Wilson is a co-founder of QubitAC and an emeritus faculty member at the University of Florida who received his PhD in Computer Science from the University of Virginia. During his 41 year academic career, he carried out a wide variety of research projects and authored over 150 publications concerning topics including cybersecurity, machine learning, landmine detection and remediation, and computer vision. In addition to his academic work, Dr. Wilson has been a GIAC certified network and web application penetration tester as well as a malware and forensic analyst. His current work is aimed at helping organizations and people improve both their computational and communications security and privacy. He received the General Ronald W. Yates Award for Excellence in Technology Transfer for work leading to successful landmine and IED detection systems employed by US military support forces in Afghanistan.




AD-Necromancer: Resurrecting Forgotten Control Paths in Active Directory

Demolabs Map Page – LVCCW Level 1 Hall 3 1001 (Demo Labs Track 1)
When:  Friday, Aug 7, 10:00 – 10:45 PDT
Saturday, Aug 8, 13:00 – 13:45 PDT

Creator: Demo Labs

Every pentest, same story – BloodHound says no path to DA, client celebrates, meanwhile a 2019 service account has AddAllowedToAct on a production DC that nobody remembers. AD-Necromancer finds what humans forget. Give it a username, password, and domain — it bootstraps EDR evasion (ETW patching, DLL unhooking, Halos Gate syscalls), collects AD data over ADWS instead of LDAP, encrypts with AES-256-GCM, and exfils to C2 with zero artifacts. One command, credentials to findings. It feeds tokenized BloodHound data to an LLM for semantic reasoning – forgotten RBCD, ghost cross-forest delegations, orphaned admin accounts no compliance checklist catches. Privacy Cloak ensures real names never leave the box. Open source, MIT licensed. Come dig up what your tools missed.

Links:
    GitHub – https://github.com/0xSense1/AD-Necromancer

People:
    SpeakerBio:  Akbar “0xsensei” Abdullayev

Offensive security professional with 5+ years of experience in Active Directory and cloud security, specializing in red teaming and enterprise attack chains.

SpeakerBio:  0xHera

I am a freelance Offensive Tool Developer and Security Enthusiast building practical tools and sharing research with the community to help others better understand attack paths, real-world offensive techniques, and defensive improvements.




AI Pipeline for N-days Weaponization

Demolabs Map Page – LVCCW Level 1 Hall 3 902 (Demo Labs Track 6)
When:  Friday, Aug 7, 11:00 – 11:45 PDT
Saturday, Aug 8, 15:00 – 15:45 PDT

Creator: Demo Labs

Most agentic exploit pipelines stall when there’s no public PoC,they search, find nothing, and spin. This talk demos a multi-agent system that exploits n-days from scratch in under an hour, even with zero public exploit code available. Given only a CVE ID, the pipeline autonomously: fetches vulnerability details and the upstream fix commit; spins up a pinned Docker lab running the exact vulnerable version; diffs the patch to identify the exploitable code path; generates vulnerability-class-specific attack guidance (not a generic checklist); and runs iterative exploit + validation loops until RCE is confirmed. Demonstrated live against four CVSS 9.8–10.0 vulnerabilities Apache OpenMeetings deserialization, n8n unauthenticated RCE, Langflow exec() injection, and Spring AI SpEL injection, with working exploits produced in minutes. Every run also outputs a containerized lab and defense report, making it equally useful for detection engineering and patch validation.


People:
    SpeakerBio:  Andrea Brosio

Andrea Brosio is a Security Researcher and Senior Content Engineer, specializing in red teaming, malware development, and offensive security. With prior experience as a Bug Hunter and Red Team Operator he combines real-world adversarial expertise with a passion for creating engaging cybersecurity training.

SpeakerBio:  Arun Nair

Arun Nair is a Security Engineer at Google and founder of Ryvane Academy, specializing in AI Security, malware development, defense evasion, and adversary simulation. He holds several respected certifications, including OSCP, CRTP, CRTL, CodeMachine Malware Techniques, and HackSys Windows Kernel Exploitation. Over the years, Arun has worked with leading organizations such as JP Morgan, and EY, focusing on offensive security and red teaming engagements. Outside of his professional work, he is an active contributor to the cybersecurity community, from designing Capture the Flag (CTF) challenges to delivering talks and workshops at events like DEFCON Red Team Village, HeapCon, MCTTP, BSides Transylvania, HackSpaceCon, RingZer0, c0c0n, and various local meetups. When he’s not on engagements or speaking at conferences, Arun shares his research and insights through his blog at dazzyddos.github.io




AOBTD: AI One Bites The DAST

Demolabs Map Page – LVCCW Level 1 Hall 3 901 (Demo Labs Track 5)
When:  Saturday, Aug 8, 15:00 – 15:45 PDT
Friday, Aug 7, 11:00 – 11:45 PDT

Creator: Demo Labs
I hate the way most DAST tools test: firing payloads at parameters with no idea what the app is. They catch the obvious stuff, but miss the parts that actually need context. Newer LLM scanners are either commercial black boxes (iykyk) or “GPT, find bugs at this URL” wrappers that fall over outside a CTF box.

AOBTD is my attempt at a third option: a scanner that behaves less like a fuzzer and more like a pentester at the start of a test.

Instead of fuzzing harder, AOBTD first tries to understand the target. It explores the surface, identifies what pages and endpoints are for, takes notes, builds hypotheses, and then sends targeted requests based on that context. This target understanding drives the rest of the testing process, which is the only realistic way automated tooling can get closer to business-logic bugs.

The crawler is designed to avoid wasting time on repeated templates while still sampling outliers, so the odd page hidden in a sea of similar ones does not get ignored. When findings are confirmed, AOBTD can chain them into multi-step attack stories rather than reporting isolated payload hits.

This is where LLMs are actually useful: reading a page, understanding the purpose of a form, naming the function behind a JSON endpoint, and doing the kind of prioritization a pentester normally spends hours on.

Links:
    GitHub – https://github.com/oz9un/AOBTD

People:
    SpeakerBio:  Ozgun “ozzy” Kultekin

Ozgun (aka ozzy) is a Senior Application Security Engineer at Trendyol Group, where he spends his days breaking applications before the bad guys do. He holds the OSCE3 certification and specializes in offensive security research with a focus on application security and red team operations.

He has presented at several conferences including DEF CON, Hacktivity, and multiple BSides events, covering topics ranging from red teaming to application security. He is currently focused on integrating AI into offensive security workflows and actively researching how large language models can be applied in practical, technical ways within cybersecurity. He regularly shares his work and tools as open source.

When he’s not hunting bugs or running red team ops, he’s probably at the poker table.




AzProwl: Prowling the Azure Attack Surface

Demolabs Map Page – LVCCW Level 1 Hall 3 900 (Demo Labs Track 4)
When:  Friday, Aug 7, 15:00 – 15:45 PDT
Friday, Aug 7, 14:00 – 14:45 PDT

Creator: Demo Labs

Cloud environments aren’t being breached through zero-days—they’re being traversed through identity, misconfigurations, and overlooked data paths. Azure is no exception.

This talk introduces AzProwl, an offensive-focused tool designed to emulate how real attackers enumerate and chain together access across Azure environments. Rather than stopping at surface-level enumeration, AzProwl maps identity relationships, token abuse opportunities, and data plane exposure to uncover realistic attack paths.

We’ll walk through how attackers move from initial access to meaningful impact using Azure-native mechanisms—leveraging identity roles, service principals, tokens, and storage access. Attendees will see how seemingly low-risk permissions compound into high-impact compromise.

Whether you’re red team, blue team, or somewhere in between, this session will provide practical insight into how Azure environments are actually attacked—and how to detect and defend against it.

Links:
    GitHub – https://github.com/GonePhishing402/azprowl

People:
    SpeakerBio:  Jared “GonePhishing402” Graff

I’m a Lead Incident Response Analyst at Target with experience spanning red team operations, blue team defense, and incident response. My background working in Azure cloud security at Microsoft helped shape my approach to understanding and defending modern cloud environments and ultimately inspired the development of this training.

I specialize in analyzing and emulating real-world attack paths across cloud identities, authentication tokens, and data planes to uncover gaps in detection and response capabilities. My work focuses on Azure identity compromise, token abuse, cloud persistence techniques, and understanding how adversaries actually operate within cloud environments—not just how we assume they do.

I’m passionate about bridging the gap between offensive and defensive security, translating attacker tradecraft into actionable detection strategies, and developing hands-on labs that help defenders better understand cloud threats. My goal is to make complex attack techniques accessible, practical, and directly applicable to real-world security operations.

SpeakerBio:  Jeff Daniels

Jeff Daniels is a Senior Cloud Solution Architect at Microsoft Federal specializing in cloud security, threat intelligence, and red team operations. With a background in military cyber operations, he brings real-world offensive experience to designing detection strategies, Zero Trust architectures, and large-scale SOC capabilities. Jeff focuses on translating adversary tradecraft into actionable security outcomes for government customers and is actively involved in red team tooling, adversary emulation, and ATT&CK-aligned training.




Be like a BRAT(BLE Recon and Attack Toolkit): Skip the Handshake, Own the Device

Demolabs Map Page – LVCCW Level 1 Hall 3 1003 (Demo Labs Track 3)
When:  Friday, Aug 7, 11:00 – 11:45 PDT
Saturday, Aug 8, 15:00 – 15:45 PDT

Creator: Demo Labs

What happens when you buy a popular medical device and realize it blindly trusts any BLE connection within 30 meters?

BRAT (BLE Recon and Attack Toolkit) is the open-source Python arsenal we built to systematically take over an FDA-listed consumer hormone analyzer and generalize the attack to the class of devices behind it. Relying on the Nordic UART Service (NUS), the target blindly trusts any connection within 30 meters. BRAT automates the exact attack chain we used to compromise it: passive BLE discovery, protocol reverse engineering, unauthenticated command injection, full bind takeover, and rogue peripheral impersonation to hijack live API session tokens.

Every script is built on the ⁠bleak⁠ async BLE library and deliberately kept small so you can read the code and understand the exploit in minutes. Our Demo Lab features live, end-to-end attacks against a consumer medical device. We’ll demonstrate unauthenticated command injection, rogue peripheral spoofing that intercepts companion app handshakes, and how we injected spoofed hormone sensor data without ever pairing.


People:
    SpeakerBio:  Gigi Xiaoqing Liu

Gigi Liu is a graduate security researcher at Northeastern’s Security And Privacy Research (SPQR) Group under Professor Kevin Fu, where her work covers embedded systems security, medical device attack surfaces, and AI-generated media detection. She interns at Lila Sciences as a Security and Cloud Engineer, building enterprise-wide agentic AI security infrastructure and detection capabilities for unauthorized AI activity across cloud and SaaS environments.

Her technical work spans wireless protocol reverse engineering, binary exploitation, web and mobile reverse engineering, cloud and AI security. She has applied these skills across medical hardware, automotive platforms, and enterprise cloud environments — from BLE command injection on FDA-listed devices to CarPlay API exploitation to building agentic AI detection controls at scale. As a UCLA psychobiology alum with a consulting background, she brings a multidisciplinary lens to every system: understand what it’s designed to do first, then find where it breaks.

SpeakerBio:  Muzzammil Mohammed

Muzzammil Mohammed is an offensive security researcher, penetration tester at Maltek Solutions, and MS in Cybersecurity at Northeastern University. Operating out of the SPQR Lab under Professor Kevin Fu, and serving as a Teaching Assistant Network Security, his work bridges academic vulnerability research with real-world red team execution. As a core developer of WandKit an open-source BLE attack toolkit built to audit medical devices. Muzzammil led the cloud API exploitation phase, successfully confirming a complete authentication bypass and engineering the rogue peripheral session hijack chain. Beyond hardware and API hacking, he is actively developing autonomous multi-agent AI frameworks designed to orchestrate local LLMs for automated security auditing and vulnerability analysis.

SpeakerBio:  Narmina Karimova

Narmina Karimova is a cybersecurity graduate researcher at Northeastern University with a background in enterprise technology across financial institutions and the United Nations. She came to security research from the infrastructure side, which shaped how she approached tearing apart a consumer fertility monitor. For BRAT, she wrote the core BLE attack suite in Python: replay modules, rogue peripheral session capture, unauthenticated hormone data extraction, and the bind takeover chain that captures device ownership in under 15 seconds. She also reverse-engineered the APK with JADX, found hardcoded credentials, and confirmed a CVSS 9.1 IDOR in the third-party integration. Her interest is in the gap between how consumer health devices are marketed and how they actually handle sensitive data.




Beyond Spidering: Behavior Driven DAST for Real Application Workflows

Demolabs Map Page – LVCCW Level 1 Hall 3 901 (Demo Labs Track 5)
When:  Friday, Aug 7, 13:00 – 13:45 PDT
Saturday, Aug 8, 12:00 – 12:45 PDT

Creator: Demo Labs

Modern web apps do not give up their best attack surface to a spider. The interesting routes, state changes, authenticated functions, and business logic usually sit behind real user behavior. This Demo Lab shows how to stop treating DAST like blind crawling and start driving it with realistic browser flows.

The project began as a software quality proof of concept and evolved through collaboration between an engineering team and a red team into a real operational workflow. By routing Selenium based test scenarios through OWASP ZAP, we turn existing web automation into Behaviour Driven DAST: a practical way to capture richer traffic, exercise meaningful application actions, and uncover security findings that isolated scanning often misses.

Current research shows more than 300% increase in observed attack surface and around 25% improvement in vulnerability detection compared with spider-driven analysis alone. The session will walk through the workflow live, show the comparative results, and introduce a new Python library built from this research.

Links:
    GitHub – https://github.com/testingsoul/behave-zap

People:
    SpeakerBio:  Sara “testingSoul” Martinez

Hi, I am Sara! I started my career in 2014 as a Software Validation Engineer for Communication products. During five years I improved my testing skills by working on projects in Telecommunication, Geolocation, Big Data and Power Electronics. In 2019, I started to focus all this quality knowledge on testing Cybersecurity Software products, and then magic just happened. I discovered a whole new world that fascinated me. Since then, I have been working to improve all my Software and Quality skills including Cybersecurity at every step I take.




BigIron.ai: AI-Assisted Exploration and Security Analysis of Mainframe Systems

Demolabs Map Page – LVCCW Level 1 Hall 3 1003 (Demo Labs Track 3)
When:  Saturday, Aug 8, 12:00 – 12:45 PDT
Friday, Aug 7, 15:00 – 15:45 PDT

Creator: Demo Labs

Most security tools assume Unix or Windows models built around processes, shells, and network services. On mainframe operating systems, authority is determined through control-plane behavior: job submission (JCL/JES), dataset access, library resolution, and transaction context. These relationships are difficult to observe and are systematically misunderstood by modern security teams; creating blind spots that traditional tooling cannot see.

This Demo Lab shows a live MVS 3.8j environment running under Hercules with a browser-based TN3270 interface. Operational artifacts including submitted jobs, spool output, and execution context are captured and mapped into a graph that reveals hidden trust relationships and indirect execution paths.

The demonstration walks a realistic privilege path: TSO user → JCL submission → STEPLIB hijack → APF library execution — showing how inherited authority creates system-level exposure without exploiting a single vulnerability. No shellcode. No memory corruption. Just the system working exactly as designed.

The platform includes 13 automated walkthroughs across 6 control planes (TSO, JES, RACF, CICS, VTAM, PR/SM), an offline LLM for real-time screen interpretation, and a findings engine that maps results to a repeatable assessment framework.

Links:
    GitHub – https://github.com/W00t3k/mainframe-ai

People:
    SpeakerBio:  Adam “w00tock” Toscher

Adam Toscher is a New York–based security engineer and red team operator with over two decades of experience in offensive security, adversary simulation, and automation. Born in New York City and raised upstate, Adam began his career as an “IT vagabond,” starting as a freshman IBM intern porting Linux applications to mainframe systems. That early mainframe work grounded him in large-scale computing, operating systems, and complex enterprise environments before he transitioned into offensive security.

He later held senior security roles at Adobe, Optiv, Accenture, IBM X-Force, and NYC Cyber Command, focusing on realistic adversary emulation, red-team operations, and practical automation.

Most recently, Adam has worked with Cobalt Labs, supporting advanced red-teaming and offensive security engagements for private-sector organizations. Prior to that, he led red-team and adversary simulation work supporting critical public infrastructure with NYC Cyber Command and the FDNY.

His work centers on penetration testing, red teaming, adversary emulation, and security tooling across private-sector and government environments. Outside of security, Adam values balance and lifelong learning, and is an avid reader, runner, swimmer, and gamer.




Clew: Untangling Evasive Malware with Per-Sample Fuzzing Seeds

Demolabs Map Page – LVCCW Level 1 Hall 3 1003 (Demo Labs Track 3)
When:  Friday, Aug 7, 14:00 – 14:45 PDT
Saturday, Aug 8, 11:00 – 11:45 PDT

Creator: Demo Labs

Clew is an automated fuzzing-candidate extraction pipeline for environment-sensitive malware analysis. Evasive malware routinely queries its execution environment via Windows API calls to hide functionality until specific environmental conditions are met. By hooking these API calls, a fuzzer can reveal such execution paths that are typically hidden during standard analysis. No seed corpus of environmental fuzzing candidates currently exists for this application. As a result, current API-hooking fuzzers rely on hand-written, sample-agnostic starting values and blind mutations that cannot scale to the diverse evasion techniques seen in sophisticated samples. Clew addresses this by analyzing each PE32 binary and producing a per-sample seed corpus of candidate API return values that downstream environmental fuzzers use to systematically uncover hidden execution paths.


People:
    SpeakerBio:  Kyler McElroy

McElroy, a second lieutenant and developmental engineer in the United States Air Force, is pursuing a master’s in computer science with an AI focus at the Air Force Institute of Technology. His research focuses on using machine learning and automated analysis to uncover hidden behaviors in evasive malware. He is an alumnus of the ACE Cyber Leadership Development program, where he authored S.A.N.D (Synthetic Adversarial and Natural Data Generation) under the Air Force Research Laboratory.

SpeakerBio:  Anita Ding

Anita Ding is a second lieutenant and cyber operations officer in the United States Air Force, is pursuing a master’s in cyber operations with an AI focus at the Air Force Institute of Technology. Her research focuses on LLM-orchestrated red team automation and graph neural networks for attack-path scoring in Active Directory environments. She earned a B.A. in Computer Science from UC Berkeley, where she conducted research at the Berkeley AI Research Lab and the Berkeley Risk and Security Lab. She is also an alumna of the ACE Cyber Leadership Development program, where she designed a CTF challenge for the British Army’s Defence Cyber Marvel exercise.

SpeakerBio:  Daniel Koranek

Dr. Daniel Koranek is an Assistant Professor of Computer Science at the Air Force Institute of Technology (AFIT) and a two-time graduate of AFIT in cyber operations (2010, M.S.) and computer science (2022, Ph.D.), where his research interests focus on the intersection of artificial intelligence/machine learning and cybersecurity. This includes using AI/ML to enhance cybersecurity and using vulnerability assessment and secure design techniques to improve AI deployments. He has spent most of his career on reverse engineering and vulnerability assessment of embedded systems, and overlapping AI and cybersecurity drove Dr. Koranek’s dissertation research on using the reverse engineering tool Binary Ninja to visualize explanations of malware classifications.




Damn Vulnerable Agentic AI Application (DVAIA)

Demolabs Map Page – LVCCW Level 1 Hall 3 1001 (Demo Labs Track 1)
When:  Friday, Aug 7, 11:00 – 11:45 PDT
Saturday, Aug 8, 14:00 – 14:45 PDT

Creator: Demo Labs

AI-powered Agentic applications now execute database queries, read files, send emails, and call APIs on behalf of users — all triggered through a chat window. DVAIA (Damn Vulnerable Agentic AI Application) is a new open-source platform purpose-built to let you break them.

DVAIA pairs a production-grade secure platform with deliberately vulnerable AI-powered chat agents, each isolated in its own database and mapped to the OWASP Top 10 for LLM Applications 2025. In this demo we live-exploit nine exercise categories covering 93 attack objectives:

  • Prompt injection: extract system prompts, jailbreak filters, poison RAG documents, and hijack an email-summarization agent
  • SQL and NoSQL injection through AI: trick chat agents into constructing malicious queries — the injection never touches a traditional input field
  • Sensitive info disclosure: chain path traversal and SSRF through a banking agent’s tool interface to read server secrets and probe internal services
  • Excessive agency and BOLA: make a customer-service agent access other users’ data, create unauthorized orders, and issue fraudulent refunds
  • XSS and CSRF through LLM output: reflected, stored, and LLM-generated cross-site scripting fired from chat responses
  • Supply chain RCE: exploit a poisoned dependency through conversation with a code-analysis agent
Links:
    GitHub – https://github.com/hackerabhinavverma/Damn-Vulnerable-Agentic-AI-Application

People:
    SpeakerBio:  Abhinav Verma

Abhinav Verma is a Senior Staff Security Engineer at Intuit Inc. with 15+ years of experience across AI security, offensive security, red teaming, product security, and security operations. He currently leads AI security architecture reviews, AI penetration testing, and vulnerability management programs, with a focus on AI security, AI threat modeling, and securing large-scale cloud platforms.

Over the course of his career at Intuit, he has built security automation, scaled continuous security scanning across thousands of assets, led secure design reviews for platforms serving millions of customers, and developed secure coding programs that have helped thousands of engineers shift security left. Abhinav was formerly an independent security researcher and has identified and reported vulnerabilities in numerous major online services and technology companies.

He holds certifications including OSEP, OSCP, OSWP, GWAPT and CEH. Outside of work, Abhinav is a passionate gamer, a trained chef, an avid camper, and a mentor to aspiring offensive security practitioners.

SpeakerBio:  Mukesh Aggarwal

Mukesh Aggarwal is a Distinguished Security Engineer who has spent his career thinking like a hacker. For nearly two decades he has hunted fraudsters and abuse across fintech platforms, building the detection pipelines, automations, and controls that shut bad actors down. He now lives at the bleeding edge of GenAI and agentic AI security, secure-by-default agent patterns, adversarial pen-testing and prompt-injection defense. He breaks things to understand them and stays a step ahead of attackers, usually spotting the weaknessess before they do.

Mukesh has spoken at RSA Conference (OWASP GenAI Security Track), RenderATL, and the Intel Capital CISO Summit on AI safety, fraud, and offensive security, and is a member of the GIAC Advisory Board.

Off the clock he is a die-hard offensive-security tinkerer who reverse-engineers hardware and apps, pokes at IoT security, writes autonomous bots, and automates his home. He also mentors the next wave of offensive and AI security practitioners.




DFMI: Weaponizing MSI Installers for Fileless Code Execution

Demolabs Map Page – LVCCW Level 1 Hall 3 900 (Demo Labs Track 4)
When:  Saturday, Aug 8, 10:00 – 10:45 PDT
Friday, Aug 7, 16:00 – 16:45 PDT

Creator: Demo Labs

DFMI is a cross-platform, open-source offensive toolkit that hijacks & abuses the Windows Installer’s own execution engine to detonate arbitrary payloads during software installation, with zero files written to disk and zero evidence left behind. And this can be achieved without corrupting the Authenticode of the binary. –Which means, ANY signed legitimate installer file can leveraged as an attack vector.

Right now, DFMI provides 3 different methods for abusing MSI files:

  • Inject: Simply injects a CustomAction (CA) into an existing MSI package.
  • Rogue MST: Generates an MSI Transform File (.mst) and injects into legitimate “.msi” file without corrupting it’s Authenticode. The original MSI file is never modified — its Authenticode signature remains fully intact and valid. This means a signed, trusted MSI can be weaponized without leaving any forensic trace on the file itself; the transform rides alongside it at deployment time.
  • Stub: Creates a malicious MSI file from scratch.

GitHub: https://github.com/ccelikanil/DFMI

Links:
    GitHub – https://github.com/ccelikanil/DFMI

People:
    SpeakerBio:  Anil Celik

Computer Engineer & been working as a Red Teamer for the past ~7 years. Previously did presentations at DEFCON 33 Demo Labs, DEFCON 33 Red Team Village & Black Hat USA Arsenal 2025. Currently holding 6 CVEs, OSCP & OSWP.

Interests: Windows Internals & AD Security




Empire 7: Shipping a C2 at AI Speed

Demolabs Map Page – LVCCW Level 1 Hall 3 902 (Demo Labs Track 6)
When:  Saturday, Aug 8, 12:00 – 12:45 PDT
Friday, Aug 7, 10:00 – 10:45 PDT

Creator: Demo Labs

Empire 7 is a near-total overhaul of the Command and Control (C2) framework, from how agents communicate with the server to how operators move through engagements. This major release continues to expand Empire’s supported agents to include PowerShell, Python, IronPython, Go, C#, and now C. New tradecraft includes more than 50 new modules derived from Atomic Red Team, patchless AMSI/ETW bypasses, EarlyBird process hollowing, BOF execution with ILRepack assembly merging, and RDP session hijacking, among others. Empire’s new cryptographically secure communications leverage AES-256-GCM and mTLS, with MITRE ATT&CK integration to assist in emulating real-world Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs).

One more thing we’ll talk about, this release shipped at roughly 10x our prior pace, due to our team’s adoption of agentic coding tools as a core development collaborator. We’ll share what worked, what didn’t, and what LLM-assisted offensive tooling development looks like.

Links:
    GitHub – https://github.com/BC-SECURITY/Empire

People:
    SpeakerBio:  Vincent “Vinnybod” Rose

Vincent “Vinnybod” Rose is the Lead Developer for Empire and Starkiller. He is a software engineer with a decade of expertise in building highly scalable cloud services, improving developer operations, and automation. Recently, his focus has been on the reliability and stability of the Empire C2 server. Vinnybod has presented at Black Hat and has taught courses at DEF CON on Red Teaming and Offensive PowerShell. He currently maintains a cybersecurity blog focused on offensive security at https://bcsecurity.io/blog/.

SpeakerBio:  Jake “Hubbl3” Krasnov

Jake “Hubble” Krasnov is the Red Team Operations Lead at BC Security, with a distinguished career spanning engineering and cybersecurity. A U.S. Air Force veteran, Jake began his career as an Astronautical Engineer overseeing rocket modifications, leading test and evaluation efforts for the F-22, and conducting red team operations with the 57th Information Aggressors. He later served as a Technical Lead Engineer at Boeing Phantom Works, where he focused on embedded security for aviation and space defense projects. A seasoned speaker and trainer, Jake has presented at DEF CON, Black Hat, HackRedCon, HackSpaceCon, and HackMiami, and has previously taught Empire and offensive PowerShell at DEF CON.

SpeakerBio:  Anthony “Coin” Rose

Dr. Anthony “Coin” Rose is an officer in the United States Air Force, an Assistant Professor, and the Director of the Center for Cyberspace Research at the Air Force Institute of Technology. He holds a doctorate in Electrical Engineering and has expertise in machine learning, with a focus on its application to cybersecurity and malware detection. He is also the founder of SIMAPTIC and the Director of Security Research at BC Security, where he specializes in adversary tactics and emulation planning, Red and Blue Team operations, and embedded systems security. Dr. Rose is credited with 16 CVEs and has presented at numerous security conferences, including Black Hat, DEF CON, HackSpaceCon, HackMiami, and RSA Conference.




Ghost in the IDE

Demolabs Map Page – LVCCW Level 1 Hall 3 900 (Demo Labs Track 4)
When:  Saturday, Aug 8, 15:00 – 15:45 PDT
Friday, Aug 7, 12:00 – 12:45 PDT

Creator: Demo Labs
Hook: The Blind Spot
Your EDR sees the server compromise. Your SIEM catches the phishing campaign. Your firewall blocks the C2 traffic. But what happens when the attacker doesn’t target your infrastructure—they target your developers?

28 million developers worldwide rely on three IDE platforms: JetBrains IntelliJ, Microsoft VS Code, and Eclipse. These aren’t just text editors—they’re command-and-control platforms disguised as productivity tools. Developers trust them with AWS credentials, database passwords, SSH keys, source code, and network access to production systems. And here’s the kicker: IDE plugins run with full user privileges, no sandboxing, no permission dialogs, no questions asked.

We built GHOST IN THE IDE, a production-ready C2 framework that weaponizes IDE plugins across all three major platforms. Not a proof-of-concept. Not a research prototype. A functional red team tool with keystroke logging, clipboard monitoring, file exfiltration, and remote command execution—working silently inside IntelliJ, VS Code, and Eclipse on Windows, macOS, and Linux.

The Attack: Multi-IDE C2 That Actually Works Most IDE plugin research stops at “look, I can pop calc.exe from VS Code.” We went further. Way further.


People:
    SpeakerBio:  Venkata Jayaram Yalla

Yalla, Jayaram is Director – Application Security at S&P Global, leading enterprise-wide initiatives in secure application development, vulnerability management, and security architecture. He has transformed the Application Security function from a primarily tactical penetration-testing team into a strategic security engineering organization, emphasizing automation, governance, and advanced threat modeling.

Jayaram combines deep hands-on experience in offensive security and research (including multiple CVEs) with ownership of large-scale AppSec programs across SAST, SCA, DAST, CI/CD security, and emerging AI security initiatives.

SpeakerBio:  Pardhiv Reddy

Pardhiv is a security specialist with vast experience in the field of information security ranging from health care,hospitality, banking and government sectors throughout the world. He also earned many industry standard certifications in the security, some of them are SANS GPEN, OSCP, OSWP, CISSP, Security+, ISO 27001 LA and many others.

Pardhiv’s interest areas includes cloud security and IOT security and his research has been presented at EuropeanSec 2016 in Portugal. His expertise helped teams to build secure products and applications by providing security guidelines and best practices.

Pardhiv has performed various iOT security assessments which includes both embedded hardware security, firmware analysis, mobile applications, network security including wireless communications and backend cloud server assessments.

Pardhiv is also an active bug bounty hunter and helped many companies around the world by pointing their security vulnerabilities to make their application and products secure. He spares his free time to build prototypes and security research by learning new techniques and methodologies.




GhostCatcher (endpoint detection agent)

Demolabs Map Page – LVCCW Level 1 Hall 3 1001 (Demo Labs Track 1)
When:  Saturday, Aug 8, 11:00 – 11:45 PDT
Friday, Aug 7, 15:00 – 15:45 PDT

Creator: Demo Labs

GhostCatcher is an open-source Linux endpoint detection agent written in Go. It runs as a single binary or a systemd service and looks for host-visible adversary tradecraft on Linux: web shells, LD_PRELOAD abuse, SSH, cron, and systemd persistence, PAM/sudoers tampering, SUID and capability drift, reverse shells and unexpected network behavior, reflective / memory-map signals, and related patterns aligned with MITRE ATT&CK-style coverage. Detections are driven by a versioned, optionally signed rule pack, baselines and learning mode, multi-signal scoring, time-windowed correlation, CEL-style boolean expressions, optional Sigma-lite rules, optional YARA (disk and memory) and eBPF (with auditd/proc fallbacks), and JSONL output to stdout plus optional syslog, Splunk HEC, Elasticsearch _bulk, or Grafana Loki. The goal is to give blue teams a transparent, self-hosted way to turn Linux host telemetry into actionable events in the SIEM—without a vendor cloud control plane.

Links:
    GitHub – https://github.com/sercanokur/GhostCatcherEDR

People:
    SpeakerBio:  Sercan Okur

Sercan Okur is the Founder and CEO of NextRay AI Detection & Response, Inc., a San Jose–based cybersecurity company building AI-driven Network Detection and Response technology. A cybersecurity practitioner with more than fifteen years of experience across critical-infrastructure, defense, and enterprise environments,




GnawLab: Open-Source AWS Attack Scenarios Based on Real-World Breaches

Demolabs Map Page – LVCCW Level 1 Hall 3 1002 (Demo Labs Track 2)
When:  Friday, Aug 7, 12:00 – 12:45 PDT
Saturday, Aug 8, 16:00 – 16:45 PDT

Creator: Demo Labs

GnawLab is a community-driven, open-source offensive cloud security training platform that recreates real-world AWS attack chains. Each scenario is modeled after documented breaches—Capital One’s SSRF-to-IMDS pivot, Uber’s leaked credential exploitation, SolarWinds-style CI/CD pipeline hijacking—deployed via Terraform in your own AWS account. Attendees will see live demonstrations of multi-hop attack chains: from SSRF and command injection entry points, through IMDS credential theft and Secrets Manager extraction, to full CI/CD pipeline compromise with Blue/Green deployment backdoors. GnawLab bridges the gap between theoretical cloud security knowledge and hands-on exploitation skills.

Links:
    GitHub – https://github.com/Beaver-Dam-Community/GnawLab

People:
    SpeakerBio:  ialleejy

I am ialleejy, a Security Researcher at ENKI focusing on web security and cloud security. I have created WEB challenges for CODEGATE and HACKTHEON SEJONG CTF, and I am interested in designing CTF challenges that connect real-world service architectures with practical vulnerability research.

Recently, I have been exploring Offensive Cloud Security, especially how traditional web vulnerabilities can lead to privilege escalation, credential exposure, and abuse of trust relationships in cloud environments. I am currently diving deeper into AWS Bedrock AI Agents, RAG-based knowledge poisoning, OIDC authentication flows, and IAM trust policies.

Through this talk, I aim to show how a small vulnerability on the web can evolve into a broader cloud security issue, crossing trust boundaries between applications, identities, and cloud services.

SpeakerBio:  Kyul

I am a college student relentlessly exploring cloud vulnerabilities. I possess an exceptionally high threshold for hunting, gathering, and deeply analyzing whatever piques my interest.

My mindset is clear: effective defense demands an attacker’s lens. Only by understanding actual infiltration paths and how they trigger critical risks can defenders accurately prioritize assets and build robust controls.

Driven by this, I’ve operated at the intersection of Red and Blue. In incident response projects, I analyzed real-world TTPs to build attack scenarios while collaborating to engineer detection rules and automated responses. I’ve also researched and presented how AWS misconfigurations can be weaponized to cause cascading breaches.

Currently, alongside the BeaverDam community, I am developing GnawLab for the DEF CON Demo Lab. GnawLab is an open-source, community-driven cloud security training platform. It provides high-fidelity sandbox environments reflecting real-world flaws, enabling players to execute realistic scenarios and vividly master cloud exploitation and analysis.

At DEFCON, my goal isn’t just to show what I’ve built. I want to share this sandbox, break it alongside you, and absorb the brilliant, diverse approaches of world-class hackers. I am here to hack, learn, and grow together.




Goose Processing Unit (GPU): VRAM as an Unmonitored Attack Surface

Demolabs Map Page – LVCCW Level 1 Hall 3 1003 (Demo Labs Track 3)
When:  Friday, Aug 7, 13:00 – 13:45 PDT
Saturday, Aug 8, 10:00 – 10:45 PDT

Creator: Demo Labs

Modern GPUs have become foundational to computing infrastructure for gaming, machine learning, and AI workloads at scale, yet GPU memory remains a largely unmonitored attack surface. No mainstream antivirus or endpoint-detection solution currently inspects it, creating a significant blind spot that sophisticated adversaries can exploit. This Demo Lab presents a novel technique that uses NVIDIA RTX 5090 CUDA APIs to stage payload data, such as DLLs, directly in GPU memory, entirely outside the visibility of host-based security tools, including Windows Defender. A benign executable, with no malicious code of its own, uses CUDA’s native memory transfer capabilities to move binary payload data onto the GPU immediately upon execution. No CUDA Toolkit installation is required on the target host. When triggered, the same executable retrieves the payload from GPU memory, manually maps it into process space, and executes it. A working proof of concept has been validated as an Empire C2 module, confirming practical operational viability. The technique is particularly impactful for high-uptime environments such as AI inference servers, rendering farms, and enterprise GPU clusters, where small executables interacting with the GPU blend naturally into background workloads.


People:
    SpeakerBio:  Gannon “Dorf” Gebauer

Gannon “Dorf” Gebauer is a second lieutenant in the United States Air Force pursuing a master’s in computer science at the Air Force Institute of Technology. He earned a Bachelor of Science in Computer Science from Arizona State University. His expertise spans red team operations, reverse engineering, and offensive tool development, and his current research focuses on novel persistence techniques that abuse GPU memory as an unmonitored attack surface.

SpeakerBio:  Anthony “Coin” Rose

Dr. Anthony “Coin” Rose is an officer in the United States Air Force, an Assistant Professor, and the Director of the Center for Cyberspace Research at the Air Force Institute of Technology. He holds a doctorate in Electrical Engineering and has expertise in machine learning, with a focus on its application to cybersecurity and malware detection. He is also the founder of SIMAPTIC and the Director of Security Research at BC Security, where he specializes in adversary tactics and emulation planning, Red and Blue Team operations, and embedded systems security. Dr. Rose is credited with 16 CVEs and has presented at numerous security conferences, including Black Hat, DEF CON, HackSpaceCon, HackMiami, and RSA Conference.

SpeakerBio:  Hana Christensen

Hana Christensen is a second lieutenant and developmental engineer (electrical) in the United States Air Force. She is currently pursuing a master’s in electrical engineering, with a focus on signal processing and machine learning. Her research investigates security vulnerabilities in AI hardware, examining whether side-channel analysis can be used to extract information about machine learning algorithms. She holds a B.S. in Electrical and Computer Engineering from the United States Air Force Academy (class of 2025).




Hook Crook – Extracting More From Discord Webhooks

Demolabs Map Page – LVCCW Level 1 Hall 3 900 (Demo Labs Track 4)
When:  Saturday, Aug 8, 13:00 – 13:45 PDT
Saturday, Aug 8, 14:00 – 14:45 PDT

Creator: Demo Labs

A webhook URL is often thought to be write-only — post a message, nothing more. So when one leaks through a misconfigured repo, a paste site, or breached infrastructure, it’s written off as a spam-or-phishing nuisance and left to rot. Hook Crook shows that assumption is the vulnerability — and that “write-only” was never really the case.

By abusing how Discord resolves references, what it returns when you query users and messages, and how its error and rate-limit responses differ, the write-only token quietly becomes a read primitive — leaking by design, not by bug. With nothing but the URL — no account, no additional authentication, no interaction from anyone on the target server — Hook Crook fingerprints the host guild, enumerates and confirms members, pulls profile data on known users (including their home-server tag), and in some cases recovers message content. The same behaviors let it bypass the server’s posting restrictions, stage convincing impersonation and phishing, quietly edit or delete messages to scrub the evidence, and — on the way out — delete the webhook itself. None of it breaks Discord — it just reads Discord more carefully than its designers intended.

Links:
    GitHub – https://github.com/HnC-Sec/hook_crook

People:
    SpeakerBio:  Jeremy Banker

Jeremy Banker is a Senior Security Software Engineer at Horizon3.ai, where he focuses on the reliability and resiliency of Horizon3’s automated penetration testing platform. Previously, he spent nearly a decade at VMware, where he co-founded the Security Product Engineering group and led efforts to secure VMware’s software supply chain. His open-source security tooling has been featured at Black Hat Arsenal and DEF CON Demo Labs, including Build Inspector for CI/CD pipeline anomaly detection and Tommyknocker for automated security control validation. Jeremy holds a Master’s degree in Information Security.

SpeakerBio:  Arity0

Arity0 is an independent security researcher specializing in the Discord platform. A self-taught hacker, he focuses on uncovering undocumented behaviors, edge cases, and design-level privacy implications in Discord’s API and rendering pipeline. His long-running exploration of Discord’s rendering quirks led to the discovery of the webhook rendering oracles that form the foundation of the Hook Crook identity disclosure technique.




Intercept.js: Runtime-Aware Detection for JavaScript Environments

Demolabs Map Page – LVCCW Level 1 Hall 3 1002 (Demo Labs Track 2)
When:  Saturday, Aug 8, 14:00 – 14:45 PDT
Friday, Aug 7, 15:00 – 15:45 PDT

Creator: Demo Labs

Modern attacks increasingly execute inside JavaScript runtimes (browsers, email clients, and embedded app environments) where traditional file-scanning and OS-level controls lack visibility into application-layer behavior. In these contexts, payloads often exist only as in-memory buffers, fetch responses, or dynamically constructed objects. Detection therefore depends not just on inspecting bytes, but on understanding their origin, transformation, and use at runtime.

We present Intercept.js, an open-source detection engine that runs natively within JavaScript environments, combining byte-level inspection with execution context in real time. Built for YARA compatibility, it extends rule evaluation beyond static artifacts by incorporating signals such as origin provenance, user gesture state, MIME inconsistencies, and object construction paths.

This unified model enables detection of threats as they are assembled and executed — including identifying executable buffers built in memory, anomalous data flows, or content whose structure diverges from its declared type.

As a concrete demonstration, we show how HTML smuggling attacks can be intercepted at the moment of payload construction, preventing delivery before artifacts ever reach disk and exposing a class of threats that evade both network and endpoint controls.

Links:
    GitHub – https://github.com/rishi-sekantsec/sekant-intercept-js

People:
    SpeakerBio:  Rishi Kant

A builder at heart, Rishi has spent his career turning deep technical ideas into real-world impact. He holds a PhD in Electrical Engineering from Stanford, and earned his B.S. in EECS from UC Berkeley. After 4.5 years of advising global high-tech firms at McKinsey & Company, he followed his passion for building and moved into product management. Rishi led product teams at several cybersecurity companies—including Tanium, Authentic8, and Uptycs. Now, as founder of Sekant Security, he’s embedding runtime intelligence directly into web browsers to protect users from phishing, ClickFix, unsafe downloads, shadow AI and other emerging online threats.




Keychecker : SSH Key based attack tool for DVCS Systems

Demolabs Map Page – LVCCW Level 1 Hall 3 1003 (Demo Labs Track 3)
When:  Friday, Aug 7, 16:00 – 16:45 PDT
Saturday, Aug 8, 13:00 – 13:45 PDT

Creator: Demo Labs

KeyChecker is a CLI tool to fingerprint SSH private keys and identify which Git hosting accounts they unlock. In incident response and red team work, finding a private key is common, but scoping impact is slow and manual. KeyChecker automates the two primitives defenders and attackers both use: safe SSH handshakes that can reveal the mapped username, and read only git ls-remote probes that confirm whether a key can access a target repo.

The tool performs local key intelligence first, supporting OpenSSH, PEM, and DER formats, detecting key type (ed25519, rsa, ecdsa, dsa), key size, passphrase protection, fingerprints (SHA256 and MD5), and useful metadata from key comments. It then validates the key across multiple providers including GitHub, GitLab, Bitbucket, Codeberg, Gitea, and Hugging Face, extracting usernames where possible, and optionally using a GitHub token for organization discovery.

KeyChecker also supports repository discovery with a wordlist and configurable concurrency, giving a clear blast radius report like “this key unlocks these private repositories.” It is designed for authorized assessments, runs locally, and avoids write operations.

Links:
    GitHub – https://github.com/cyfinoid/keychecker

People:
    SpeakerBio:  Anant Shrivastava

Anant Shrivastava is the founder of Cyfinoid Research and a long time offensive security practitioner with a focus on application, cloud, and supply chain security. He has delivered trainings and talks at Black Hat (USA, Europe, Asia), Nullcon, c0c0n, BSides, Rootconf and multiple other events, and runs projects such as Hacking Archives of India to highlight real work from the security community. His courses are built from real consulting and red team experience, with an emphasis on attack chains that actually show up in the field and defenses that teams can implement the next day.




L.A.Y.E.R.S – Layered Analysis Engine for Browser Extension Risk and Security

Demolabs Map Page – LVCCW Level 1 Hall 3 901 (Demo Labs Track 5)
When:  Friday, Aug 7, 14:00 – 14:45 PDT
Saturday, Aug 8, 13:00 – 13:45 PDT

Creator: Demo Labs

Browser Extensions is one of the overlooked attack surface in the modern era. Most browser extension have permissions to allow direct access to cookies, browsing history, network requests and a poorly written extension can help attackers with stuff like silently steal credentials, log keystrokes, fingerprint users etc.

L.A.Y.E.R.S. (Logical Analyst for Your Extension Risk Surface) is a fully client-side chrome browser extension security engine that performs multi-layered security analysis on extensions. The tool performs analysis on various levels like JS analysis, permissions analysis, manifest analysis, secret scanning, URL extractions etc. simultaneously to uncover potential risks. The tool comes with its own scoring system guiding the team if the extension is safe to use or not.

L.A.Y.E.R.S. is designed for security researchers auditing in-house extensions, third-party extensions, red teams assessing browser attack surfaces, enterprises enforcing extension policies, and developers seeking to harden their own extensions before publication.

What sets L.A.Y.E.R.S. apart begins with its privacy-first architecture – the entire analysis runs in-browser via the File System API and JSZip, with very little setup required. On the detection side, it incorporates Shannon entropy analysis. To keep results actionable rat

Links:
    GitHub – https://github.com/infosecak/layers

People:
    SpeakerBio:  Abhinav Khanna

Abhinav is an Information Security Professional with 7+ years of experience and currently works at S&P Global. His area of expertise include Web App Security, API Security, Mobile App Security, Secure Architecture. He has spoken at conferences like BlackHat USA, DefCon 33, BlackHat Europe, BlackHat Asia etc.

SpeakerBio:  Krishna Chaganti

Krishna Chaganti works as Associate Director Application Security at S&P Global, based in the USA, with over a decade of experience in Information Security. As a Certified Information Security Manager (CISM), he leads a team of more than 10 pentesters and specializes in Application Security along with Security Architecture.




LoKi: A LoRa/Meshtastic based implant for Red Teaming

Demolabs Map Page – LVCCW Level 1 Hall 3 1001 (Demo Labs Track 1)
When:  Saturday, Aug 8, 15:00 – 15:45 PDT
Friday, Aug 7, 12:00 – 12:45 PDT

Creator: Demo Labs

LoKi is a covert USB HID implant for Red Teaming that builds on the work of tools like the O.MG cable by replacing Wi-Fi with LoRa, extending the operational range of physical layer attacks from meters to kilometers. The implant integrates a Heltec LoRa module with custom Meshtastic firmware into an off-the-shelf wired USB mouse, retaining full mouse functionality. When LoKi receives a direct Meshtastic message, it translates the payload into DuckyScript™-compatible USB HID keystrokes and executes them on the host machine. No Wi-Fi, no Bluetooth, and no network traffic — the mouse simply begins typing. LoKi requires no line of sight and produces no detectable wireless LAN or Bluetooth signatures, making it effectively invisible to standard wireless monitoring. The live demo will walk through a payload from a handheld Meshtastic device to acquire a remote admin shell and bypass UAC on a target machine. Bring your own Meshtastic device and you can send commands to the implant during the demo. The presentation covers the hardware build, the customized open-source Meshtastic firmware, reliability considerations for keystroke delivery over a mesh network, and actionable blue team detection strategies, including monitoring for rogue HID device enumeration and LoRa RF activity.

Links:
    GitHub – https://github.com/venkyr/loki

People:
    SpeakerBio:  Venky Raju

Venky Raju is a lifelong maker and hacker who firmly believes that if you haven’t voided the warranty, you don’t truly own it. While he holds a Master’s in Comp. Sci. and an EE degree, his most prized “certifications” were earned at the business end of a soldering iron, a 3D printer, and an array of metal and wood-working tools.

By day, he navigates the complex worlds of Zero Trust, IoT, and OT security. To keep the corporate world happy, he maintains his CISSP and CCSP credentials—validating that he knows the academic rules well enough to know exactly how to safely bend them. His professional expertise isn’t just theoretical. By night, he’s a renewable energy vigilante who built an off-grid solar shed and a custom PowerWall clone, mostly because he refuses to sell his electrons back to the grid for pennies. An early contributor to the LIRC and LCDproc projects, Venky’s code has been riding along in Linux distros for years.  He loves C, Python and PLC Ladder Logic.

Beyond the lab, Venky is dedicated to “pay-it-forward” hacking. Whether he’s teaching the next generation how to solder at Maker Faire or volunteering with the Pacific Hackers Association, he is committed to building the community as much as the tech. He is happiest when he’s elbow-deep in a project that requires both a compiler and a multimeter.




MailX-Ray: A TSA X-Ray for Emails — Air-Gapped Safe-Read and Quick Triage in an Ephemeral MicroVM

Demolabs Map Page – LVCCW Level 1 Hall 3 902 (Demo Labs Track 6)
When:  Saturday, Aug 8, 14:00 – 14:45 PDT
Friday, Aug 7, 16:00 – 16:45 PDT

Creator: Demo Labs

When TSA scans your luggage, they see what’s inside without opening the bag. MailX-Ray brings that pattern to email triage.

Phishing reports hit analysts as small crises: open carefully, don’t trigger anything, extract IOCs, hand off to detection. Tooling lives at two extremes: cloud sandboxes that ship customer data offsite, or lightweight CLIs that run malicious parsers directly on the analyst’s host. Neither produces a portable safe artifact, on-prem and hardware-isolated, in roughly 30 seconds.

MailX-Ray does. Every email is processed inside an ephemeral hardware-virtualized microVM with no network device. Network egress is prevented by design. Output includes a single-file portable HTML safe-read report, structured JSON with 45+ offline signal categories, and optional STIX and MISP exports for SOC integration. Original attachment binaries are never re-distributed.

It’s not a malware sandbox. No decompilation, no execution, no verdicts. It’s a non-invasive structural scan: the first 30 seconds of email triage, with zero network egress, on the analyst’s own laptop.

Demo Labs attendees will see the live pipeline across real phishing scenarios, including encrypted nested archives. Open source on the day of the talk.

Links:
    GitHub – https://github.com/ugurcanatasoy/MailX-Ray

People:
    SpeakerBio:  Uğur “uJohn” Can ATASOY

Uğur Can Atasoy is a Senior Security Engineer at Udemy, working primarily on blue and purple team operations.

A believer in hybrid approaches that combine technical fieldwork with academic rigor, he has spent the past decade across higher education, media, defense, and automotive sectors in roles spanning security architect, specialist, trainer, and consultant. His work spans both offense and defense — from security operations, threat hunting, intrusion detection, purple teaming, and adversary simulation to penetration testing and secure architecture. He has served as a Senior Content Engineer at TryHackMe and as an Information Security Architect at Mercedes-Benz. He has delivered security training for NATO personnel, law enforcement investigators, and military leadership, spoken at DeepSec (Vienna), holds CCSP, GCIA, OSCP, and OSWP, and served as an ISC2 SME for exam and training item development. He has been recognized by Oracle and IBM for responsible disclosure.

MailX-Ray is his answer to a recurring annoyance: every tool in the email triage stack is either a cloud SaaS that ships customer data offsite, a heavyweight VM-based sandbox that takes minutes per sample, or an unprotected CLI that runs malicious parser input directly on the analyst’s host. It produces a safe artifact analysts can read and forward.




MalSkill Lab: Hands-On Natural Language Malware in AI Agent Orchestration Systems

Demolabs Map Page – LVCCW Level 1 Hall 3 1002 (Demo Labs Track 2)
When:  Friday, Aug 7, 14:00 – 14:45 PDT
Saturday, Aug 8, 13:00 – 13:45 PDT

Creator: Demo Labs

Your AI agent trusts every skill in its directory. What if one of them is lying? In this Demo Lab, I walk you through MalSkills, natural language malware planted inside AI agent skill systems. No binaries, no shellcode, no signatures. Just English sentences with OS-level access. Using ORPHEUS, my open-source multi-skill orchestration framework, I demonstrate three escalating attacks live: 1. BURIED INSTRUCTION: A malicious sentence hidden in a legitimate skill exfiltrates .env files on first execution. I show you 12 skills and challenge you to spot it. 2. CHAIN ATTACK: Five individually benign skills that, when orchestrated together, create an emergent data exfiltration path. No single skill is malicious. The composition is the weapon. 3. PERSISTENT GHOST: A skill that writes itself into agent memory, surviving file deletion and session restarts. Remove the skill, restart the agent, exfiltration continues. After offense, I flip to defense. I demo the MalSkill Detection Toolkit: skill integrity verification, capability-based sandboxing, orchestration graph analysis, and runtime behavioral monitoring. Attendees leave with: the ORPHEUS framework, a MalSkill sample pack, and a detection toolkit, all open source! Every AI agent with a plugin system is vulnerable today. Come see why.

Links:
    GitHub – https://github.com/nuryslyrt/ORPHEUS

People:
    SpeakerBio:  Nur “BurritoTheNurrito” Gucu

Offensive security professional and AI security researcher with 10+ years across financial services, startups, and Amazon. Currently on the foundational model red team at Amazon AGI Labs, where I break AI systems and build the tooling to detect what I find. Core focus: LLM security, agentic system exploitation, and the gaps between how AI frameworks are designed and how they actually behave under adversarial pressure. 6 patent applications. Published author (AWS Security Blog, internal science papers). Invited speaker on MCP security and LLM training APT attack surfaces. I turn research into shipped products and open-source tools, not empty slide decks.




Monitor, Compile, Enforce: A Compiler Pipeline for Container Security Policy in Rust and eBPF

Demolabs Map Page – LVCCW Level 1 Hall 3 902 (Demo Labs Track 6)
When:  Saturday, Aug 8, 10:00 – 10:45 PDT
Friday, Aug 7, 13:00 – 13:45 PDT

Creator: Demo Labs

Container security tools observe behavior (eBPF) and enforce policy (BPF-LSM, AppArmor, Seccomp). But the translation between observation and enforcement is manual and incomplete. We present the first tool that treats this translation as a compilation problem. Built in Rust with the Aya eBPF framework, three monitoring modules serve as compiler frontends feeding a normalized behavioral IR. Optimization passes operate on this IR: pattern classification, rule deduplication, dead rule elimination, conflict detection, and cross-category dependency linking. The backend compiles optimized IR into BPF-LSM enforcement rules across three LSM hooks: security_file_open, security_bprm_check_security, and security_socket_connect. Enforcement is default-deny: any operation not in the compiled profile is blocked. We demo end-to-end: a container is profiled, the profile compiled through the pipeline, and enforcement blocks unauthorized file access, process execution, and network connections at the kernel level. Zero manual policy writing. We document the friction points where monitoring context diverges from enforcement context. No existing tool, including vArmor and KubeArmor, implements this compilation architecture with a true IR, optimization passes, and multi-category LSM enforcement.

Links:
    GitHub – https://github.com/BugrahanYucel/ebpf-mon

People:
    SpeakerBio:  Buğrahan Yücel

Buğrahan Yücel is a software engineer at a SaaS company in Turkey, where he works on infrastructure security. He currently builds eBPF-based behavioral profiling and enforcement tooling in Rust using the Aya framework. This is his first DEF CON presentation.




MSCodePhish: Redeem Your Coupon. Surrender Your Session

Demolabs Map Page – LVCCW Level 1 Hall 3 1002 (Demo Labs Track 2)
When:  Saturday, Aug 8, 12:00 – 12:45 PDT
Friday, Aug 7, 13:00 – 13:45 PDT

Creator: Demo Labs

MSCodePhish is a red‑team toolkit that turns Microsoft’s Device Code OAuth flow into an embeddable phishing primitive that works inside any lure (e.g., “grab your coupon,” “unlock access,” etc.). Instead of pre‑generating device codes and racing against the usual 15‑minute timeout, MSCodePhish exposes a simple API endpoint that phishing pages can call via JavaScript (XHR/fetch) at the exact moment a victim opens the page. The tool then generates a fresh device code on demand, returns it to the phishing page (e.g., rendered as a “coupon code”), and instructs the user to complete the login on the legitimate Microsoft device login portal using that code.

Behind the scenes, MSCodePhish continuously polls Microsoft’s token endpoint for that device code and, once the victim finishes authentication, captures the resulting refresh token and related claims (tenant, user, etc.). From its web UI, operators can track active campaigns, monitor which lures are converting, and use captured refresh tokens to request new access tokens for different resources (ARM, Key Vault, Graph, Storage, or custom scopes) in real time. Because the code is generated only when the phishing HTML is actually loaded, MSCodePhish effectively sidesteps device‑code expiration issues and enables more realistic, flexible phishing flows that closely mimic

Links:
    GitHub – https://github.com/TROUBLE-1/MSCodePhish

People:
    SpeakerBio:  Raunak “Trouble1” Parmar

Raunak Parmar works as a senior cloud security engineer at White Knight Labs with 6+ years of experience. His areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He enjoys researching new attack methodologies and creating open-source tools that can be used during cloud red team activities. He has worked extensively on Azure and AWS and is the author of Vajra, AzDevRecon and MsCodePhish. He has spoken at multiple respected security conferences like Black Hat, Defcon, Nullcon, RootCon, HackspaceCon, NorthSec, LeHack , etc and also at local meetups.

SpeakerBio:  Chirag “3xpl01tc0d3r” Savla

Chirag Savla is a Cyber Security professional with 10+ years of experience. His areas of interest include penetration testing, red teaming, azure and active directory security, and post-exploitation research. He prefers to create open-source tools and explore new attack methodologies in his leisure. He has worked extensively on Azure, Active Directory attacks, defense, and bypassing detection mechanisms. He is an author of multiple Open Source tools such as Process Injection, Callidus, etc. He has presented at multiple conferences and local meetups and has trained people in international conferences like Blackhat, BSides Milano, Wild West Hackin’ Fest.




Overcast: Video OSINT Agent. Point It at 100 Videos, Ask Anything

Demolabs Map Page – LVCCW Level 1 Hall 3 902 (Demo Labs Track 6)
When:  Saturday, Aug 8, 16:00 – 16:45 PDT
Friday, Aug 7, 12:00 – 12:45 PDT

Creator: Demo Labs

Conference talks, earnings calls, product demos, training videos. Organizations put hours of footage online every week, full of things they didn’t mean to share: hostnames in terminal windows, org charts on slides, infrastructure details dropped during Q&A. Traditional OSINT can’t touch video at scale, and manual review falls apart past a handful of recordings.

Overcast is a CLI agent and skill pack for video OSINT that drops into any agentic harness, such as Claude Code, Codex, or Tinycloud, giving it senses plus recon and targeting reach, organized around an investigation case. Point it at 10 videos or 1,000 and it turns footage into cited evidence: speech, video understanding, on-screen text and objects, faces, and named entities, all accumulating in persistent case memory.

Discovery runs on the same case: scan and monitor sweep sources and surface reviewable findings. Ask across the whole corpus and get answers cited to the exact record and timestamp, backed by tiered retrieval. Match a photo against thousands of clips to find a person. Each subcommand is modular and pluggable, so analysts can drop one into other agent flows, author custom skills, or feed Overcast’s media analysis into existing recon and security tooling to complete the mission.

Links:
    GitHub – https://github.com/kdr/overcast

People:
    SpeakerBio:  Kevin “kdrwins” Dela Rosa

Kevin Dela Rosa is a multimodal AI researcher and engineer with 17+ years in computer vision, NLU, and large-scale retrieval. He led engineering teams at Snapchat building billion-scale visual search and generative AI products, worked on large-scale ML at Amazon, and interned at NIST and SPAWAR on NLP and information retrieval for government applications. He’s published at ACM WWW, ACM CAIS, IEEE ICCV, KDD, CVPR, NeurIPS, AAAI, and ISMIR, and has spoken at AWS re:Invent, KubeCon, and CascadiaJS. He’s currently CTO of Cloudglue, where he builds video understanding infrastructure.

At DEF CON 33 he presented “Autonomous Video Hunter” at Recon Village, demoing an AI agent that investigated video corpora using face recognition, logo detection, and content analysis to produce structured OSINT reports. Overcast is the evolution of that work: a CLI agent and skill pack that gives any agentic harness senses plus recon and targeting reach, organized around an investigation case with persistent memory, cited evidence, and modular subcommands that plug into other recon and security workflows.




Peekaboo: Breaking the Black Box of Threat and Malware Emulation

Demolabs Map Page – LVCCW Level 1 Hall 3 1002 (Demo Labs Track 2)
When:  Saturday, Aug 8, 10:00 – 10:45 PDT
Friday, Aug 7, 10:00 – 10:45 PDT

Creator: Demo Labs
Standard security testing often forces a choice: use “script-kiddie” tools that get caught instantly, or use high-end frameworks that are too complex for rapid detection testing. Peekaboo bridges this gap. In this Demo Lab, we present Peekaboo – a modular, open-source framework designed for safe threat emulation. Unlike traditional malware, Peekaboo focuses on generating high-fidelity telemetry through legitimate cloud API abuse (GitHub, Bitbucket, Slack, Discord, Azure, VirusTotal, XBOX, AngelCam, etc) and evasive execution techniques (Direct Syscalls, Callback-based execution).

We will demonstrate how to:

  • Generate polymorphic agents that bypass static analysis using rare cryptographic algorithms like Speck and Skipjack.
  • Generate agents that leverage signal processing like Fast Fourier Transformation and Feistel-network based cryptography for bypass EDR.
  • Establish covert C2 channels within the metadata of trusted enterprise applications.
  • Rapidly test EDR/SIEM rules against modern persistence and lateral movement techniques without risking system stability.

Peekaboo isn’t just a tool; it’s a “sandbox-friendly” adversary in a box, designed to help Blue Teams level up by understanding the nuances of the Offensive Dev Loop. Come see how we turn “hidden” threats into “visible” learning opportunities.

Links:
    GitHub – https://github.com/cocomelonc/peekaboo

People:
    SpeakerBio:  Zhassulan “cocomelonc” Zhussupov

cybersecurity enthusiast, author, speaker and mathematician. Author of popular books: MD MZ Malware Development Book (Github, 2022, 2024) MALWILD: Malware in the Wild Book (Github, 2023) Malware Development for Ethical Hackers Book: (Packt, 2024) AIYA Mobile Malware Development Book (Github, 2025) Malware Development for Ethical Hackers 2nd edition (Packt, 2026, in progress) Author and tech reviewer at Packt. Co founder of various cybersecurity research labs, author of many cybersecurity blogs, HVCK magazine Malpedia contributor Speaker at BlackHat, DEFCON, Security BSides, Arab Security Conference, Hack.lu, Standoff, Positive Hack Talks, etc conferences




Phasmid: Deniable Storage for Rubber-Hose Scenarios

Demolabs Map Page – LVCCW Level 1 Hall 3 1001 (Demo Labs Track 1)
When:  Saturday, Aug 8, 12:00 – 12:45 PDT
Friday, Aug 7, 16:00 – 16:45 PDT

Creator: Demo Labs
Phasmid is a prototype deniable storage system built for a problem ordinary encryption handles poorly: what happens when the attacker stops attacking the math and starts coercing the human holding the key. It implements the Janus Eidolon System, or Janus System, a coercion-aware storage method that explores how visible disclosure and true protected state can diverge through deniable cryptographic structure, local-only operation, dual-profile storage, camera-based object-image matching, and owner-controlled destructive actions. Framed by the question of Agency, the project asks how a user can retain meaningful control over disclosure when physical pressure breaks normal cryptographic assumptions. This demo presents a practical low-power implementation on Raspberry Pi Zero 2 W for hostile situations where the attacker targets the person rather than the cipher.
Links:
    GitHub – https://github.com/01rabbit/Phasmid

People:
    SpeakerBio:  Makoto “Mr.Rabbit” Sugita

Makoto Sugita is a security engineer and security toolmaker focused on practical systems for hostile environments, where cryptographic assumptions break down under real-world pressure. His work sits at the intersection of cryptography, hardware, and adversarial human behavior. He has presented tools and research at venues including Black Hat Arsenal and BSides, and is interested in deniable systems, tactical hardware, and building prototypes that expose uncomfortable but real security problems.




PromptPwn: Finding and Exploiting AI-Generated Vulnerabilities at Scale

Demolabs Map Page – LVCCW Level 1 Hall 3 901 (Demo Labs Track 5)
When:  Friday, Aug 7, 10:00 – 10:45 PDT
Saturday, Aug 8, 14:00 – 14:45 PDT

Creator: Demo Labs

AI-assisted development tools don’t just introduce vulnerabilities; they introduce the same vulnerabilities repeatedly.

PromptPwn is a tool designed to identify, track, and exploit common insecure patterns found in AI-generated code. It maintains a database of known vulnerability patterns produced by popular “vibe coding” workflows and provides scanning capabilities to detect these issues in real applications.

In this demo, we show how PromptPwn identifies vulnerable patterns such as injection flaws, authentication weaknesses, and insecure defaults across generated code. We demonstrate how these patterns can be exploited in practice, highlighting how repeatability makes them especially valuable from an attacker’s perspective.

We also explore how prompt variations influence these outcomes and show how insecure patterns can be remediated by adjusting prompts, closing the loop between generation, exploitation, and correction.

This session focuses on practical demonstrations of how AI-generated code fails in predictable ways, and how those failures can be identified and abused at scale.

Links:
    GitHub – https://github.com/georgiaw/PromptPwn

People:
    SpeakerBio:  Georgia Weidman

Georgia Weidman is an offensive security researcher and author focused on breaking real-world systems. She wrote Penetration Testing: A Hands-On Introduction to Hacking, a practical guide used by students and practitioners to learn exploitation techniques.

Her work centers on how modern systems fail under attack, from mobile and IoT to enterprise environments. As a DARPA Cyber Fast Track performer, she developed the Smartphone Pentest Framework (SPF), a platform for mobile exploitation research.

She has conducted penetration tests, built exploitation tooling, and developed attack chains across multiple domains. Her approach prioritizes hands-on techniques over theory, demonstrating how assumptions about security break down in practice.

Georgia has presented internationally at conferences including Black Hat and DEF CON, with a focus on showing how things actually get hacked.




pymsi: Interactive MSI Installer Analysis in Python and the Browser

Demolabs Map Page – LVCCW Level 1 Hall 3 902 (Demo Labs Track 6)
When:  Friday, Aug 7, 15:00 – 15:45 PDT
Saturday, Aug 8, 11:00 – 11:45 PDT

Creator: Demo Labs

pymsi is a pure-Python library for parsing, analyzing, and extracting files from Windows installer (MSI) packages, without relying on native Windows APIs or tooling. It provides direct access to MSI database tables, embedded binary streams, and installer metadata, enabling security researchers to inspect installer behavior and extract files from MSI installers.

We will demonstrate its ability to safely tear apart malicious MSI droppers, dump internal database tables, and extract embedded payloads without risking accidental execution. Attendees will see how the CLI and Python API can be used to triage files and integrate it into automated analysis pipelines, including how it has been integrated into other open source tools to extract embedded payloads and identify malicious CustomAction behaviors.

Because it is written entirely in Python, it runs seamlessly on any OS with a Python interpreter, including web browsers. The demo will showcase the online MSI viewer, a client-side tool powered by Pyodide that gives pymsi a familiar lessmsi-style UI for working with MSI installers from any device with a web browser. Demos will also show new security analysis features for identifying suspicious installer behaviors and inspecting contents of embedded binary streams within a browser.

Links:
    GitHub – https://github.com/nightlark/pymsi

People:
    SpeakerBio:  Ryan “Nightlark” Mast

Ryan is a software engineer working on open source projects to make the electric grid more reliable. His interests include software security, niche video games, tearing apart “smart” devices, and reverse engineering audio/video hardware used in live productions.




Reversing F5: Pure-Go Steganography, Live Forensic Cover Recovery, and JPEG Fragility Analysis

Demolabs Map Page – LVCCW Level 1 Hall 3 901 (Demo Labs Track 5)
When:  Friday, Aug 7, 16:00 – 16:45 PDT
Saturday, Aug 8, 10:00 – 10:45 PDT

Creator: Demo Labs

F5 (Westfeld, 2001) is the canonical “do it right” JPEG steganography algorithm — matrix encoding, permutative straddling, shrinkage handling — and still turns up on confiscated devices and in CTF challenges 25 years later. The public tooling has rotted: the original is Java, modern rewrites bind CGo to libjpeg, and every implementation surveyed is one-way (embed and extract, never un-embed). This Demo Lab presents ten public GitHub repositories that fix that, in pure Go with zero third-party dependencies. The headline is the first open-source F5 cover-recovery tool: given the stego JPEG, the password, and the extracted message, it reverses the embed and restores the cover’s DCT coefficients. Alongside it ship three CLIs (embed, extract, recover), a pure-Go JPEG-family codec (baseline, JPEG 2000, JPEG-LS, XL/XR/XS/XT, Pleno, lossless), a Fridrich chi-square steganalysis library and CLI, and the supporting crypto, i18n, and logging packages — all auditable end-to-end in one language. Live: embed, extract, cover recovery, defensive Fridrich detection, JPEG re-encoding fragility, and a 25-line external Go program importing the library. Useful for digital forensics, steganalysis research, CTF authoring, and anyone who wants a CGo-free stego stack they can read in a weekend.

Links:
    GitHub – https://github.com/0verkilll

People:
    SpeakerBio:  0verkilll

Precise, Ruthless, Ethical




SecretSifter: Production Apps Are Leaking Credentials. The Blindspot DAST Never Checked.

Demolabs Map Page – LVCCW Level 1 Hall 3 1001 (Demo Labs Track 1)
When:  Saturday, Aug 8, 10:00 – 10:45 PDT
Friday, Aug 7, 14:00 – 14:45 PDT

Creator: Demo Labs

Shift-left tools scan what you commit, not what you serve. DAST scanners test for vulnerabilities but ignore live traffic. The industry left a gap: runtime secrets. Finding them requires intercepting live traffic: a proxy, a browser extension, or a bulk scanner. SecretSifter is all three.

We tested 2,000 production apps against ten secret scanners. 194 confirmed credentials survived all ten scanners.

SecretSifter monitors live HTTP traffic and finds credentials in JS bundles, lazy-loaded chunks, HTML responses, JSON and XML APIs, and request headers. No config, no source code. 160+ rules cover vendor tokens (AWS, Azure, Stripe, Twilio, GitHub), entropy-gated patterns, and CryptoJS-encrypted configs where the decryption key is hardcoded in the same bundle. No other scanner catches that case. Bulk mode scans 30-50 targets: paste URLs, scan, optional AI triage, export HTML, CSV, or ZIP.

The session opens with a live tool comparison. Most tools scan one URL at a time and require manual browsing. SecretSifter bulk-scans both targets in parallel. Two findings none of the ten caught: Azure AD credentials baked into a webpack bundle past GitLeaks. A CryptoJS config with the decryption key three lines away.

Your entire pipeline reported green. Were they right? Attendees leave with a free tool to run the same day.

Links:
    GitHub – https://github.com/secretsifter/secretsifter-burp

People:
    SpeakerBio:  Hemanth Gorijala

Hemanth Gorijala is Global Pentest Lead at a Fortune 100 financial services company. He built SecretSifter to close the runtime security gap: the space between where shift-left secret scanning stops and where secrets actually appear in production. His research identified 194 confirmed credentials across 2,000 production applications that bypassed ten secret scanners. He is presenting that research at security conferences across the US. The GT-194 benchmark is published on Zenodo (DOI 10.5281/zenodo.19464446). SecretSifter is open source at github.com/secretsifter.




Senrigan (千里眼) x Suzaku (朱雀): Threat Hunting & DFIR for AWS — No SIEM, Just Your Laptop

Demolabs Map Page – LVCCW Level 1 Hall 3 1003 (Demo Labs Track 3)
When:  Saturday, Aug 8, 14:00 – 14:45 PDT
Friday, Aug 7, 10:00 – 10:45 PDT

Creator: Demo Labs

Senrigan (千里眼) and Suzaku (朱雀) are two complementary open-source tools that together form a complete threat hunting and DFIR platform for AWS CloudTrail logs. Both are built by Yamato Security, the volunteer-run Japanese security community behind Hayabusa(隼), the widely adopted Windows event log fast-forensics tool. Yamato Security provides free, open-source DFIR tools and resources to the community.

Building on Hayabusa’s philosophy of fast, offline, community rule-based detection, this toolset brings the same approach to the cloud. Security teams can hunt threats across CloudTrail logs on a single laptop — without a SIEM, dedicated infrastructure, or licensing cost.

The two tools work together, with Suzaku’s detections flowing into Senrigan for analysis. Senrigan, deployed via Docker Compose, ingests CloudTrail logs into DuckDB via a Rust-based ingester, then lets analysts investigate them through 100+ pre-built hunting queries and 80+ pre-built Apache Superset dashboard charts — no SQL or CloudTrail schema knowledge required. Suzaku is a high-performance, standalone Rust-based CLI that applies native Sigma detection rules to CloudTrail logs and generates a fast-forensics DFIR timeline — surfacing attacks buried in the noise, producing only the events analysts need to investigate.

Links:
    GitHub – https://github.com/Yamato-Security/suzaku, https://github.com/Yamato-Security/senrigan

People:
    SpeakerBio:  Fukusuke Takahashi

Fukusuke Takahashi has been with NTTDATA-CERT (NTT DATA Group Corporation’s CSIRT) since 2018, specializing in DFIR, OSINT, and SOAR. He is one of the developers of Yamato Security’s OSS tools. He enjoys developing open-source Blue Team tools. He has presented at conferences such as FIRST Annual Conferences, SECCON, BSides Tokyo, HITCON CMT, SecTor and AUSCERT.

SpeakerBio:  Zach Mathis

Zach Mathis has been working in Japan doing offensive and defensive security work for Japanese companies since 2006. In 2012, he founded Yamato Security, one of the largest hands-on hacker communities in Japan. With other Yamato Security members, he has been releasing free and open source DFIR tools and resources since 2020.

SpeakerBio:  Akira Nishikawa

Akira Nishikawa started his career as a software engineer specializing in embedded development. He worked as a freelance engineer in 2007, focusing on system development and operation for various companies. Since 2021, he has been dedicated to fostering a security culture for SaaS product security and improving service security. Additionally, he is an AWS Community Builder as of 2024.




sisakulint:CI-Friendly static linter with autofix, SAST, semantic analysis for GitHub Actions

Demolabs Map Page – LVCCW Level 1 Hall 3 1002 (Demo Labs Track 2)
When:  Friday, Aug 7, 11:00 – 11:45 PDT
Saturday, Aug 8, 11:00 – 11:45 PDT

Creator: Demo Labs

GitHub Actions workflows are vulnerable by default. Hardening such as commit-hash pinning, least-privilege permissions, and timeouts is optional, never enforced at pipeline level. Exploitable configs ship daily, increasingly written by Coding Agents. sisakulint is a fast heuristic static analyzer for GitHub Actions covering all OWASP Top 10 CI/CD risks, with 52 rules, a taint engine, and 38+ auto-fixes. It outpaces CodeQL on speed and quality, with 100% detection on 18 GHSL advisories and 81.6% on 38 GHSAs covering exploits in PX4-Autopilot, vets-api, weaviate, nrwl/nx.

Impostor Commit at CVSS 9.8 validates pinned SHAs against the claimed repository, not impostors via Git forks, a check unique to sisakulint. Code Injection at CVSS 9.8 tracks untrusted input through ${{ }} and step outputs. AI Action Rules detect Clinejection on claude-code-action, copilot-swe-agent, and openai-actions, covering tool grants, prompt injection, and wildcard triggers, as in Cline 2026/02 where issue title injection stole NPM_RELEASE_TOKEN. Known Vulnerable Actions catches tj-actions/changed-files.

In the Coding Agent era, linters matter more. Delegating 52 rules to an LLM degrades precision; deterministic engines run in ms with no variance. The session covers end-to-end detection, taint propagation, and automated remediation.

Links:
    GitHub – https://sisaku-security.github.io/lint/

People:
    SpeakerBio:  Atsushi Sada

Atsushi Sada is a CSIRT member specializing in cloud security on AWS and GitHub, and enterprise security with MDM, EDR, AI governance. He is an ethical hacker and security tool developer. He built sisakulint and MachStealer for practical security research in static/network analysis, Malware.

He co-founded and organizes @sec_wakate, a community for junior security engineers in Japan. He has spoken at Black Hat USA/Asia Arsenal, AVTOKYO, and AWS Security JAWS.

SpeakerBio:  hikae

Security Engineer in Red Team @ freee inc, AI Security Specialist.




TokenMesh: Exposing Azure’s Hidden Identity Attack Surface

Demolabs Map Page – LVCCW Level 1 Hall 3 901 (Demo Labs Track 5)
When:  Friday, Aug 7, 15:00 – 15:45 PDT
Saturday, Aug 8, 11:00 – 11:45 PDT

Creator: Demo Labs

Modern cloud environments are riddled with identity misconfigurations that go undetected until it’s too late. TokenMesh is an open-source Azure security reconnaissance tool built to expose exactly that — over-privileged identities, dormant service principals, misconfigured storage accounts, and potential backdoors hiding in plain sight across Microsoft Entra ID and Azure RBAC. Unlike traditional scanners that drown you in raw data, TokenMesh is designed with the security practitioner in mind. It integrates directly with the Model Context Protocol (MCP) and the OpenAI API, allowing AI-assisted analysis that surfaces critical findings in plain language — no SIEM required, no query language to master. Plug it into your AI workflow of choice, ask questions in natural language, and get answers that actually make sense. In this session, we’ll walk through how TokenMesh was built, the real-world attack paths it uncovers, and live demonstrations against a target Azure environment. We’ll cover how attackers abuse identity misconfigurations, how privilege escalation paths hide inside legitimate role assignments, and how defenders can use TokenMesh to harden their posture before adversaries exploit it. Whether you’re a red teamer mapping an Azure tenant or a blue teamer trying to get ahead of the next breach.

Links:
    GitHub – https://github.com/NotSoSecure/TokenMesh/

People:
    SpeakerBio:  Saksham Agrawal

Saksham Agrawal is a Senior Security Consultant at NotSoSecure, specializing in cloud security. His work focuses on discovering new attack paths in cloud environments and helping organizations understand real-world risks. He has presented his research at DEF CON Cloud Village, where he introduced his tool NoPrompt and shared practical techniques for cloud security testing. He enjoys building tools, exploring cloud internals, and sharing his findings with the security community. He has also responsibly reported critical vulnerabilities in major cloud vendors as part of his independent security research and actively delivers training sessions on cloud security and offensive security techniques.




Trajan: Cross-Platform CI/CD Security Scanner

Demolabs Map Page – LVCCW Level 1 Hall 3 902 (Demo Labs Track 6)
When:  Friday, Aug 7, 14:00 – 14:45 PDT
Saturday, Aug 8, 13:00 – 13:45 PDT

Creator: Demo Labs

For three years, Praetorian has consistently found that CI/CD pipelines are one of the fastest paths to compromise enterprise environments. A misconfigured workflow or an over-privileged service connection can provide you with credentials, cloud access, or code execution on internal infrastructure, often undetected.

We built to keep up: Gato for GitHub Actions (BH 2024), then Glato for GitLab CI (BH 2025). Both proved the approach: parse the pipeline configuration, classify triggers, gates, and danger zones, build a graph of how they connect, and surface what’s actually exploitable.

The problem was that no client runs just one platform. A typical enterprise has GitHub Actions for open-source, Azure DevOps for internal deployments, and GitLab for containerized workloads. Assessing all of that meant juggling multiple tools with different output formats and coverage gaps.

Trajan folds everything we learned into a single tool spanning GitHub Actions, GitLab CI, and Azure DevOps. Each platform runs through the same phased pipeline: collect the pipeline config and the org surface, normalize it, correlate multi-step attack chains, scan against a YAML detection-rule corpus organized by attack category, and report through one unified findings format. Support for Jenkins, CircleCI, and Bitbucket is in active development.

Links:
    GitHub – https://github.com/praetorian-inc/trajan

People:
    SpeakerBio:  Rahul Saranjame

Lead Security Engineer at Praetorian focused on penetration testing, red/purple teaming, CI/CD pipeline security, and risk advisory assessments. Rahul is OSCP and CRTO certified, holds a Master’s degree in Cybersecurity from Georgia Tech, and is a core contributor to Trajan.

SpeakerBio:  Ranganatha Rao Sridhar

OSCE3 certified Lead Security Engineer at Praetorian with expertise spanning product, cloud, and corporate security. Rao holds a Master’s degree in Cybersecurity from Georgia Tech and is a core contributor to Trajan.

SpeakerBio:  Tanishq Rupaal

Staff Offensive Security Engineer at Praetorian specializing in cloud security across AWS, GCP, and Azure. He designed the Guard Platform’s cloud integration mechanism, is a core contributor to Trajan, and holds an M.S. in Cybersecurity from Georgia Tech.




VoiceLock: Offline, Robust On-Device Speech Transcription

Demolabs Map Page – LVCCW Level 1 Hall 3 1003 (Demo Labs Track 3)
When:  Saturday, Aug 8, 16:00 – 16:45 PDT
Friday, Aug 7, 12:00 – 12:45 PDT

Creator: Demo Labs

VoiceLock analyzes audio to identify speakers, count participants, and understand what each person said and discussed, just from a microphone. The self-contained, entirely offline system is designed for continuous, long-term use cases of 72 to 168 hours or more. The system runs entirely on-device, with high accuracy as tested on datasets and in the real world. Key innovations include an on-device vector database for fast speaker-similarity search and robust noise reduction, which greatly improve transcript accuracy. The output is a transcript with name labels. The system is fast enough to transcribe and report in under a minute. Code is written as an open-source Python module with a provided runtime and setup script to enable quick deployment on IoT devices. The system has been tested in challenging environments, including high noise levels, many speakers/arguments, and a lecture-style format. We present a live demo, technical details, and a short runtime tutorial.

Links:
    GitHub – https://github.com/qayyumayaan/voicelock

People:
    SpeakerBio:  Ayaan Qayyum

Ayaan is an MS in engineering student at Columbia University. His research interests include mobile computing, applied machine learning, edge AI, and data science. He is an expert in understanding customer needs and use cases to solve real-world problems.

SpeakerBio:  Parag Kalay

Parag is a Biomedical Engineering MS student at Columbia University, combining expertise in CAD, rapid prototyping, and data-driven design to transform concepts into functional technologies under tight technical constraints. Skilled in translating clinical needs into robust engineering solutions from initial sketches to validated prototypes.




Weaponizing eBPF and XDP with Covert Triggered Reverse Shells

Demolabs Map Page – LVCCW Level 1 Hall 3 901 (Demo Labs Track 5)
When:  Friday, Aug 7, 12:00 – 12:45 PDT
Saturday, Aug 8, 16:00 – 16:45 PDT

Creator: Demo Labs
eBPF and XDP now underpin critical Linux infrastructure yet their kernel-level access creates a blind spot: adversaries can weaponize these primitives for stealth persistence that evades standard forensic tools. Current defenses are not equipped for this emerging threat.

We built Phantasma, an open-source eBPF implant, to expose this gap. It combines three kernel-level techniques: (1) XDP covert triggering that intercepts packets at the NIC driver before they reach the networking stack, firewalls, or packet capture systems (2) getdents64 syscall interception to hide processes from /proc, defeating ps, top, and all enumeration tools; and (3) bpf() syscall interception to cloak loaded eBPF objects from bpftool and forensic inspection.

We live-demonstrate the full attack chain deployment, self-cloaking, magic packet activation, and encrypted reverse shell showing the implant defeating packet capture, process listing, and BPF introspection simultaneously.

We then present the defenses this threat demands: kernel audit rules for bpf() syscalls, /sys/fs/bpf inspection, XDP attachment monitoring, and behavioral indicators. Attendees leave with detection rules, hardening steps, and a clear understanding of why eBPF must be treated as an attack surface, not just a defense tool.

Links:
    GitHub – https://gitlab.com/0xBabar0ka/Phantasma

People:
    SpeakerBio:  Yll “0xBabar0ka” Berisha

I am an offensive security researcher with 2 years of experience in penetration testing, red teaming, and custom tooling. I am the creator of Phantasma, an open-source eBPF/XDP implant framework for stealth persistence research.

Professionally, I have worked at Sentry, conducting web, mobile, and internal/external network penetration tests. At Finbbug, I contributed to a US Embassy-supported project assessing the cybersecurity posture of NGOs and media organizations in Kosovo, identifying issues such as XSS, directory listing, and IDOR vulnerabilities. At Starlabs, I built dark web monitoring tools using HaveIBeenPwned and LeakX APIs for automated credential leak detection.

I hold BSCP (Burp Suite Certified), CRT-ID (Certified Red Team Infra Dev), MCRTA (Multi Cloud Red Teamer), CISCO ETHICAL HACKER, and HACKWISER CAPT certifications. I placed 1st at the Iowa State Cyber Defense Competition and represented Kosovo at the 2024 ENISA European Cybersecurity Challenge in Turin.

I have presented at CyberZero on prompt injection attacks and deepfake-based social engineering at the TechRisck conference, and co-organized national and international CTFs designing real-world attack chain challenges.

I am also a member of DefCon Group Prishtina (DC38338), where I contribute to co-organizing meetups and community events.




X-Ray Your Agents: Pentesting MCPs, Skills, and the Plugin Supply Chain

Demolabs Map Page – LVCCW Level 1 Hall 3 900 (Demo Labs Track 4)
When:  Friday, Aug 7, 10:00 – 10:45 PDT
Saturday, Aug 8, 11:00 – 11:45 PDT

Creator: Demo Labs

Agents now run with thousands of third-party plugins — MCP servers, Claude skills, GPT actions, IDE extensions, plugin marketplaces — and the prevailing trust model is roughly “read the README and hope.” Tool descriptions are executable prompts. Tool parameters are executable code paths. Tool outputs feed straight into the next agent step. Yet there is no npm audit for this ecosystem, no signed manifests, and no capability sandbox in the wild.

MCP X-Ray is an open-source security scanner that ports classical pentest tradecraft to the agent plugin supply chain. It combines static config and repo audit, rules-based and LLM-driven semantic analysis, and active pentesting that actually invokes tools with adversarial inputs — emitting SARIF that drops into GitHub, VS Code, and CI gates today. In this 30-minute session we will (1) walk the threat model that ties MCPs, skills, and plugin bundles together; (2) live-demo X-Ray finding real vulnerabilities in each. Attendees walk away with a CI template they can drop in on Monday, and three intentionally vulnerable plugins to keep practicing on.

Links:
    GitHub – https://github.com/traceforce/mcp-xray

People:
    SpeakerBio:  Xia Hua

Xia is co-founder and CEO of Traceforce which secures AI native apps running on devices. She previously led engineering at Clumio (acquired by Commvault), delivering cloud data protection products that were 20x faster and 10x more scalable than competitors. Earlier, she was an in-memory database architect at Oracle. Xia earned her PhD in Applied Mathematics from MIT.

SpeakerBio:  Abhijeet Kumar

Abhijeet Kumar is an OSCP-certified offensive security researcher and M.Eng Cybersecurity student at the University of Maryland. He has disclosed critical vulnerabilities across NASA, SAIL critical infrastructure, Keurig Dr Pepper, and U.S. government programs which includes a CVSS 10.0 RCE that triggered an official CERT-In incident response and a full account takeover chain affecting users across 20+ countries. He captains UMD’s CTF team RandomHackers, which placed 1st out of 64 universities at HTB Hack The Madness 2026, and has spoken at the Billington State and Local Cybersecurity Summit alongside the Director of Adversary Emulation.




xEndity: IoT Firmware Analysis & Digital Twin Platform

Demolabs Map Page – LVCCW Level 1 Hall 3 1001 (Demo Labs Track 1)
When:  Saturday, Aug 8, 16:00 – 16:45 PDT
Friday, Aug 7, 13:00 – 13:45 PDT

Creator: Demo Labs

IoT devices are embedded in critical infrastructure globally, yet security teams face a fundamental constraint: you cannot aggressively test what you cannot safely replicate. Physical hardware is expensive, limited in supply, and testing against production systems is off-limits. This leaves defenders operating blind against an expanding attack surface of billions of connected devices.

xEndity is an open-source, end-to-end IoT firmware emulation platform that transforms raw firmware binaries into fully functional, network-ready virtual device instances, no physical hardware required. It provides an automated pipeline spanning firmware acquisition, binary analysis, filesystem extraction, emulation packaging, and orchestrated deployment of emulated device networks at scale.

The platform enables two high-impact use cases: first, as a scopeless penetration testing range where red teams and researchers can conduct unrestricted vulnerability validation, exploit development, and attack simulation against realistic IoT environments. Second, as a deceptive defense layer where emulated devices are deployed as high-interaction honeypots to capture adversary tradecraft, collect OS-level and network telemetry, and generate actionable threat intelligence.

Links:
    GitHub – https://github.com/kenleejl/xEndity

People:
    SpeakerBio:  Zeus “LightningGod” Chan

Zeus Chan is a security researcher on the Adversary Emulation Team at HTX (Home Team Science and Technology Agency), where he focuses on IoT firmware analysis, device emulation, and offensive security research. His work spans building automated pipelines for firmware emulation, security testbed development, and honeypot deployment for threat intelligence collection against embedded systems. Zeus has presented IoT security research at DEFCON events globally and Milipol TechX Singapore, and has supported community initiatives including the HTX Public Safety Village at DEFCON Singapore. He holds experience in red team operations supporting critical national infrastructure across the finance and healthcare sectors.

SpeakerBio:  Kenneth “kenleejl” Lee

Cyber security enjoyer




Zealot: An Autonomous Cloud Offensive Multi-Agent System

Demolabs Map Page – LVCCW Level 1 Hall 3 900 (Demo Labs Track 4)
When:  Friday, Aug 7, 11:00 – 11:45 PDT
Saturday, Aug 8, 12:00 – 12:45 PDT

Creator: Demo Labs

In November 2025, Anthropic disclosed a state-sponsored operation where AI didn’t assist human attackers — it was the attacker, executing 80-90% of the campaign autonomously. The question shifted from “could this happen?” to “how bad can it get?”

We built Zealot to find out.

Zealot is a multi-agent offensive framework that autonomously chains reconnaissance, exploitation, privilege escalation, and data exfiltration against cloud environments — with no human directing individual steps. A supervisor agent coordinates three specialists (Infrastructure, AppSec, and Cloud) that share attack state and hand off context as the operation progresses. The result: an AI system that thinks strategically and executes tactically, the way a real red team does.

In live sandbox tests against GCP, Zealot autonomously discovered an exposed web service, identified and exploited an SSRF vulnerability, extracted service account credentials from the metadata service, impersonated a higher-privileged account, and exfiltrated BigQuery datasets — start to finish, without a human touching the keyboard after the objective was set.

We’ll walk through the architecture, show the full attack chain on video, and share the honest lessons: where AI operators excel (systematic enumeration, credential chaining, API fluency), where they fall short (a

Links:
    Website – https://unit42.paloaltonetworks.com/autonomous-ai-cloud-attacks/

People:
    SpeakerBio:  Chen Doytshman

I’m a security researcher with a background in artificial intelligence and machine learning. I am passionate about using my skills to protect against cyber threats. With over 5 years of experience in the field, I have a strong understanding of both security and AI technologies and am skilled at combining the two to identify and mitigate vulnerabilities.




Zero-Cloud Threat Modeling: Vector Embedding Architectures for Automated Vulnerability Detection

Demolabs Map Page – LVCCW Level 1 Hall 3 900 (Demo Labs Track 4)
When:  Friday, Aug 7, 13:00 – 13:45 PDT
Saturday, Aug 8, 16:00 – 16:45 PDT

Creator: Demo Labs

Traditional threat modeling is a tedious, manual process prone to human error. Conversely, modern “AI” threat modeling tools almost universally depend on sending sensitive, proprietary system architectures to third-party APIs in cleartext.

We present AI Threat Modeler (AITM), a fully open-source, zero-cloud application designed to automate architecture-driven STRIDE threat modeling completely offline. AITM fundamentally shifts how we analyze system designs by replacing brittle, keyword-based regex rules with a local Semantic AI Engine.

Under the hood, AITM leverages sentence-transformers and an in-memory FAISS vector database to embed a comprehensive, 116+ component knowledge base. During analysis, a custom NetworkX graph builder parses natural language or structured architecture descriptions (via spaCy) to map undocumented architectural features to known CVE classes and STRIDE categories.

Furthermore, AITM introduces “Architecture Intelligence” using graph traversal algorithms to automatically infer missing trust boundaries and identify multi-step attack chains that standalone component scanning misses. In this demo, we will: Walk through the automated ingestion of a microservice architecture. Demonstrate how the local FAISS engine discovers semantic threats that evade keyword matching. Show dynamic attack cha

Links:
    GitHub – https://github.com/ankitspidy007/ai-threat-modeler

People:
    SpeakerBio:  Ankit Vashisth

Ankit Vashisth is a Security Engineer with over 4 years of experience in application security, cloud security, and DevSecOps. He has worked on security assessments across web, mobile, network, and enterprise systems for global clients. His interests include AI-driven security tooling, threat modeling, and security automation. Ankit actively researches ways to apply AI to improve security architecture analysis and vulnerability detection.