Talk/Event Schedule
Friday
This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.
Friday - 00:00 PDT
Return to Index - Locations Legend
CON - DEF CON MUD -
Friday - 01:00 PDT
Return to Index - Locations Legend
CON - cont...(00:00-11:59 PDT) - DEF CON MUD -
Friday - 02:00 PDT
Return to Index - Locations Legend
CON - cont...(00:00-11:59 PDT) - DEF CON MUD -
Friday - 03:00 PDT
Return to Index - Locations Legend
CON - cont...(00:00-11:59 PDT) - DEF CON MUD -
Friday - 04:00 PDT
Return to Index - Locations Legend
CON - cont...(00:00-11:59 PDT) - DEF CON MUD -
Friday - 05:00 PDT
Return to Index - Locations Legend
CON - cont...(00:00-11:59 PDT) - DEF CON MUD -
Friday - 06:00 PDT
Return to Index - Locations Legend
CON - cont...(00:00-11:59 PDT) - DEF CON MUD -
SOC - DEF CON Bike Ride "CycleOverride" -
Friday - 07:00 PDT
Return to Index - Locations Legend
CON - cont...(00:00-11:59 PDT) - DEF CON MUD -
Friday - 08:00 PDT
Return to Index - Locations Legend
CON - cont...(00:00-11:59 PDT) - DEF CON MUD -
DC - Human Registration Open
DC - Lost and Found Department Open (Generally) -
SEV - (08:30-08:59 PDT) - Social Engineering Community Village opens - morning welcome and introduction
Friday - 09:00 PDT
Return to Index - Locations Legend
AIV - (09:30-10:50 PDT) - Automate Detection with Machine Learning - Gavin Klondike
ASV - California CyberSecurity Institute Space Grand Challenge -
CON - cont...(00:00-11:59 PDT) - DEF CON MUD -
CON - AutoDriving CTF -
DC - cont...(08:00-18:59 PDT) - Human Registration Open
DC - Merch (formerly swag) Area Open -- README -
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
DCGVR - DCGVR - Welcome reception 👋 -
PYV - Payment Hacking Challenge -
SEV - Vishing Competition (SECVC) - LIVE CALLS -
SEV - Heroes vs Villians, a SEC Youth Challenge -
SKY - (09:30-10:20 PDT) - Combatting sexual abuse with threat intelligence techniques - Aaron DeVera
SOC - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
WS - CICD security: A new eldorado - Gauthier Sebaux,Remi Escourrou,Xavier Gerondeau
WS - Finding Security Vulnerabilities Through Fuzzing - Hardik Shah
WS - Introduction to Cryptographic Attacks - Matt Cheung
WS - The Art of Modern Malware Analysis: Initial Infection Malware, Infrastructure, and C2 Frameworks - Aaron Rosenmund,Josh Stroschein,Ryan J Chapman
WS - DFIR Against the Digital Darkness: An Intro to Forensicating Evil - Michael Register,Michael Solomon
Friday - 10:00 PDT
Return to Index - Locations Legend
AIV - cont...(09:30-10:50 PDT) - Automate Detection with Machine Learning - Gavin Klondike
AIV - Opening Remarks on the State of AI & Security - Brian Pendleton,Sven Cattell
APV - Agility Broke AppSec. Now It's Going to Fix It. - Roy Erlich,Emil Vaagland,Seth Kirschner,Jim Manico
ASV - cont...(09:00-16:59 PDT) - California CyberSecurity Institute Space Grand Challenge -
ASV - Hack the Airfield with DDS -
ASV - Satellite Eavesdropping with DDS -
ASV - Red Balloon Failsat Challenges -
ASV - Hack the Airport with Intelligenesis -
ASV - Hack-A-Sat Team - 1st Lt Kevin Bernert,Capt Elijah Williams,Rachel Mann,Mark Werremeyer,Mike Walker,Aaron Myrick,Jordan Wiens,Steve Colenzo
ASV - Pen Test Partners A320 Simulator -
ASV - Boeing ARINC 429 Airplane Challenge and CTF -
ASV - Hack-A-Sat Digital Twin Workshop -
ASV - Amazon Web Services Aerospace and Satellite Jam -
AVV - (10:15-10:30 PDT) - Welcome and Introduction - Abhijith B R
AVV - (10:30-11:15 PDT) - How to be the Best Adversary Simulator - Tim MalcomVetter
BHV - Healthcare Policy != Policy - Nina Alli
BHV - (10:30-10:59 PDT) - A Capitalist approach to hospital security - Eirick Luraas
BICV - The GACWR Story: Building a Black Owned Cyber Range - GACWR Team ,Jovonni Pharr
BTV - Blue Team Village Opening Ceremony -
BTV - (10:30-11:30 PDT) - Obsidian Live: Eating the Elephant 1 byte at a Time - aviditas,ChocolateCoat
BTV - (10:30-11:30 PDT) - Obsidian Forensics: Kill Chain 1 Endpoint Forensics Walkthrough - Omenscan
BTV - (10:30-11:30 PDT) - Obsidian CTH: Go Phish: Visualizing Basic Malice - SamunoskeX
CHV - Biometrics system hacking in the age of the smart vehicle - Huajiang "Kevin2600" Chen,Li Siwei
CLV - Cloud Village Opening Note - Jayesh Singh Chauhan
CLV - Automating Insecurity in Azure - Karl Fosaaen
CLV - (10:50-11:30 PDT) - Making the most of Microsoft cloud bug bounty programs: How I made in $65,000 USD in bounties in 2021 - Nestori Syynimaa
CON - (10:30-18:30 PDT) - Capture The Packet Preliminaries -
CON - IoT Village CTF (the CTF formally known as SOHOplessly Broken) -
CON - Car Hacking Village CTF -
CON - cont...(00:00-11:59 PDT) - DEF CON MUD -
CON - DARKNET-NG -
CON - pTFS Presents: Mayhem Industries - Outside the Box -
CON - DEF CON’s Next Top Threat Model -
CON - DC30 Ham Radio Fox Hunt Contest -
CON - Red Team Village CTF Qualifiers Part 1 -
CON - Octopus Game - On-site Sign-in (Mandatory) -
CON - Crash and Compile - Qualifications -
CON - Trace Labs OSINT Search Party CTF - Sign-ups -
CON - CMD+CTRL -
CON - Radio Frequency Capture the Flag -
CON - Hospital Under Siege -
CON - The Gold Bug – Crypto and Privacy Village Puzzle -
CON - Kubernetes Capture The Flag -
CPV - (10:30-10:59 PDT) - Back to School! Hello RSA... and beyond! - Mike Guirao
DC - Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters - Cesare Pizzi
DC - Computer Hacks in the Russia-Ukraine War - Kenneth Geers
DC - (10:30-11:15 PDT) - OopsSec -The bad, the worst and the ugly of APT’s operations security - Tomer Bar
DC - cont...(08:00-18:59 PDT) - Human Registration Open
DC - Panel - "So It's your first DEF CON" - How to get the most out of DEF CON, What NOT to do. - DEF CON Goons
DC - Panel - DEF CON Policy Dept - What is it, and what are we trying to do for hackers in the policy world? - DEF CON Policy Dept,The Dark Tangent
DC - Vendor Area Open -
DC - cont...(09:00-15:59 PDT) - Merch (formerly swag) Area Open -- README -
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
DC - Memorial Room Open -
DC - Village Areas Open (Generally) -
DCGVR - Keynote - Jayson E. Street
DDV - DDV open and accepting drives for duplication -
DL - TheAllCommander - Matthew Handy
DL - Access Undenied on AWS - Noam Dahan
DL - Vajra - Your Weapon To Cloud - Raunak Parmar
DL - FISSURE: The RF Framework - Christopher Poore
DL - Zuthaka: A Command & Controls (C2s) integration framework - Lucas Bonastre,Alberto Herrera
GHV - Girls Hack Village Introduction - Tennisha Martin
GHV - (10:30-10:59 PDT) - Pause…Push,Pass, Pivot - Mary Chaney
HHV - Solder Skills Village - Open
HHV - Uwb Security Primer: Rise Of A Dusty Protocol - Göktay Kaykusuz
HHV - Hardware Hacking Village - Open
ICSV - Ohm, how do I get into ICS? - Dennis Skarr,Josephine Hollandbeck,Christine Reid,Erin Cornelius,Kairie Pierce
ICSV - CISA and Idaho National Lab Escape Room -
ICSV - Fantom5 SeaTF CTF -
ICSV - Hack the Plan[e]t CTF -
ICSV - DDS Hack-the-Microgrid -
IOTV - IoT Village CTF Challenges -
IOTV - Hands on hacking labs -
IOTV - Hands on Hardware Hacking – eMMC to Root - Deral Heiland
IOTV - Drone Hack -
LPV - (10:15-10:45 PDT) - Intro to Lockpicking - TOOOL
MIV - The hybrid strategies of autocratic states: narrative characteristics of disinformation campaigns in relation to issues of a scientific-health nature - Carlos Galán
PHV - Packet Inspector -
PHV - Packet Detective -
PHV - Honey Pot Workshop -
PHV - NetworkOS Workshop -
PHV - RegEx Trainer -
PHV - Linux Trainer -
PHV - Botnet Workshop -
PHV - HardWired -
PHV - Wall of Sheep -
PSV - Physical Security Village -
PYV - cont...(09:00-13:59 PDT) - Payment Hacking Challenge -
QTV - Quantum Village Opening Ceremony - Quantum Village Team
RCV - The Future of Collecting Data from the Past: OSINT Now and Beyond - Micah Hoffman
RCV - (10:50-11:35 PDT) - Information Confrontation 2022 – A loud war and a quiet enemy - Luke Richards (Wbbigdave)
RFV - SpaceX & Starlink Satellite Internet - Starlink
RFV - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
RFV - (10:30-11:30 PDT) - RF CTF Kick Off Day 1 - RF Hackers Village Staff
RHV - Human Chip Implants -
SEV - cont...(09:00-11:59 PDT) - Vishing Competition (SECVC) - LIVE CALLS -
SEV - cont...(09:00-17:59 PDT) - Heroes vs Villians, a SEC Youth Challenge -
SKY - cont...(09:30-10:20 PDT) - Combatting sexual abuse with threat intelligence techniques - Aaron DeVera
SKY - (10:35-11:25 PDT) - Hundreds of incidents, what can we share? - Brenton Morris,Guy Barnhart-Magen
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
TEV - Learn at Tamper-Evident Village -
VMV - Election Cyber Security in the National Guard - Brigadier General Teri (Terin) D. Williams
WS - cont...(09:00-12:59 PDT) - CICD security: A new eldorado - Gauthier Sebaux,Remi Escourrou,Xavier Gerondeau
WS - cont...(09:00-12:59 PDT) - Finding Security Vulnerabilities Through Fuzzing - Hardik Shah
WS - cont...(09:00-12:59 PDT) - Introduction to Cryptographic Attacks - Matt Cheung
WS - cont...(09:00-12:59 PDT) - The Art of Modern Malware Analysis: Initial Infection Malware, Infrastructure, and C2 Frameworks - Aaron Rosenmund,Josh Stroschein,Ryan J Chapman
WS - cont...(09:00-12:59 PDT) - DFIR Against the Digital Darkness: An Intro to Forensicating Evil - Michael Register,Michael Solomon
Friday - 11:00 PDT
Return to Index - Locations Legend
AIV - I’m not Keylogging you! Just some benign data collection for User Behavior Modeling - Harini Kannan
APV - cont...(10:00-11:15 PDT) - Agility Broke AppSec. Now It's Going to Fix It. - Roy Erlich,Emil Vaagland,Seth Kirschner,Jim Manico
APV - (11:15-13:15 PDT) - Data security and privacy in application security - Eyitayo Alimi
ASV - cont...(09:00-16:59 PDT) - California CyberSecurity Institute Space Grand Challenge -
ASV - cont...(10:00-16:59 PDT) - Hack the Airfield with DDS -
ASV - cont...(10:00-16:59 PDT) - Satellite Eavesdropping with DDS -
ASV - cont...(10:00-15:59 PDT) - Red Balloon Failsat Challenges -
ASV - cont...(10:00-16:59 PDT) - Hack the Airport with Intelligenesis -
ASV - cont...(10:00-11:59 PDT) - Pen Test Partners A320 Simulator -
ASV - cont...(10:00-15:59 PDT) - Boeing ARINC 429 Airplane Challenge and CTF -
ASV - cont...(10:00-16:59 PDT) - Hack-A-Sat Digital Twin Workshop -
ASV - cont...(10:00-16:59 PDT) - Amazon Web Services Aerospace and Satellite Jam -
ASV - That's No Moon -- A Look at the Space Threat Environment - Mike Campanelli
ASV - (11:30-11:55 PDT) - DDS Space Signal Lab - James Pavur
AVV - cont...(10:30-11:15 PDT) - How to be the Best Adversary Simulator - Tim MalcomVetter
AVV - (11:30-13:30 PDT) - Adversary Booth - Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee
AVV - (11:30-17:30 PDT) - Adversary Wars CTF -
AVV - (11:30-12:15 PDT) - 'Damn the exploits! Full speed ahead!' How naval fleet tactics redefine cyber operations - Christopher Cottrell
BHV - Where there's a kiosk, there's an escape - Michael Aguilar (v3ga)
BHV - (11:30-11:59 PDT) - Departmenf of Defense 5G Telemedicine and Medical Training: The Future of Healthcare the Remote Warrior - Paul Young
BICV - Creating More Black Hackers: Growth Systems for Cybersecurity Enthusiasts - Segun Ebenezer Olaniyan
BTV - cont...(10:30-11:30 PDT) - Obsidian Live: Eating the Elephant 1 byte at a Time - aviditas,ChocolateCoat
BTV - cont...(10:30-11:30 PDT) - Obsidian Forensics: Kill Chain 1 Endpoint Forensics Walkthrough - Omenscan
BTV - (11:30-12:30 PDT) - Obsidian: IR - It all starts here, scoping the incident - ChocolateCoat
BTV - cont...(10:30-11:30 PDT) - Obsidian CTH: Go Phish: Visualizing Basic Malice - SamunoskeX
BTV - (11:30-12:30 PDT) - Obsidian CTI: Generating Threat Intelligence from an Incident - ttheveii0x,Stephanie G.,l00sid
BTV - Attribution and Bias: My terrible mistakes in threat intelligence attribution - Seongsu Park
BTV - (11:45-12:45 PDT) - Malicious memory techniques on Windows and how to spot them - Connor Morley
BTV - Practical Dark Web Hunting using Automated Scripts - Apurv Singh Gautam
CHV - Getting naughty on CAN bus with CHV Badge - evadsnibor
CLV - cont...(10:50-11:30 PDT) - Making the most of Microsoft cloud bug bounty programs: How I made in $65,000 USD in bounties in 2021 - Nestori Syynimaa
CLV - (11:30-11:59 PDT) - Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can Help White and Black Hat Vulnerability Research - Alexandre Sieira
CON - cont...(10:30-18:30 PDT) - Capture The Packet Preliminaries -
CON - cont...(10:00-17:59 PDT) - IoT Village CTF (the CTF formally known as SOHOplessly Broken) -
CON - cont...(10:00-17:30 PDT) - Car Hacking Village CTF -
CON - cont...(00:00-11:59 PDT) - DEF CON MUD -
CON - cont...(10:00-19:59 PDT) - DARKNET-NG -
CON - cont...(10:00-17:59 PDT) - pTFS Presents: Mayhem Industries - Outside the Box -
CON - cont...(10:00-17:59 PDT) - DEF CON’s Next Top Threat Model -
CON - cont...(10:00-19:59 PDT) - DC30 Ham Radio Fox Hunt Contest -
CON - cont...(10:00-16:59 PDT) - Red Team Village CTF Qualifiers Part 1 -
CON - cont...(10:00-11:59 PDT) - Octopus Game - On-site Sign-in (Mandatory) -
CON - cont...(10:00-17:59 PDT) - Crash and Compile - Qualifications -
CON - cont...(10:00-17:59 PDT) - Trace Labs OSINT Search Party CTF - Sign-ups -
CON - cont...(10:00-17:59 PDT) - CMD+CTRL -
CON - Beverage Cooling Contraption Contest (BCCC) -
CON - cont...(10:00-13:59 PDT) - Radio Frequency Capture the Flag -
CON - cont...(10:00-17:59 PDT) - Hospital Under Siege -
CON - cont...(10:00-19:59 PDT) - Kubernetes Capture The Flag -
CON - The Schemaverse Championship - Practice Round -
CPV - Positive Identification of Least Significant Bit Image Steganography - Michael Pelosi
CPV - (11:30-11:59 PDT) - OPAQUE is Not Magic - Steve Thomas
DC - The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks - Joseph Ravichandran
DC - cont...(10:30-11:15 PDT) - OopsSec -The bad, the worst and the ugly of APT’s operations security - Tomer Bar
DC - (11:30-11:50 PDT) - Running Rootkits Like A Nation-State Hacker - Omri Misgav
DC - cont...(08:00-18:59 PDT) - Human Registration Open
DC - The Dark Tangent & Mkfactor - Welcome to DEF CON & The Making of the DEF CON Badge - Michael Whiteley (Mkfactor),Katie Whiteley (Mkfactor),The Dark Tangent
DC - cont...(10:00-11:15 PDT) - Panel - DEF CON Policy Dept - What is it, and what are we trying to do for hackers in the policy world? - DEF CON Policy Dept,The Dark Tangent
DC - (11:30-12:15 PDT) - A Policy Fireside Chat with the National Cyber Director - Kim Zetter,Chris Inglis
DC - cont...(10:00-17:59 PDT) - Vendor Area Open -
DC - cont...(09:00-15:59 PDT) - Merch (formerly swag) Area Open -- README -
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
DC - cont...(10:00-17:59 PDT) - Memorial Room Open -
DC - cont...(10:00-17:59 PDT) - Village Areas Open (Generally) -
DCGVR - Cyber Attack Trends in 2022 - Jon Clay
DDV - cont...(10:00-16:59 PDT) - DDV open and accepting drives for duplication -
DL - cont...(10:00-11:55 PDT) - TheAllCommander - Matthew Handy
DL - cont...(10:00-11:55 PDT) - Access Undenied on AWS - Noam Dahan
DL - cont...(10:00-11:55 PDT) - Vajra - Your Weapon To Cloud - Raunak Parmar
DL - cont...(10:00-11:55 PDT) - FISSURE: The RF Framework - Christopher Poore
DL - cont...(10:00-11:55 PDT) - Zuthaka: A Command & Controls (C2s) integration framework - Lucas Bonastre,Alberto Herrera
GHV - Workshop: Intro to CTF - Professor Rogers
HHV - cont...(10:00-17:59 PDT) - Solder Skills Village - Open
HHV - cont...(10:00-17:59 PDT) - Hardware Hacking Village - Open
HHV - From Zero To Sao … Or, How Far Does This Rabbit Hole Go? - Bradán Lane
HRV - (11:30-12:30 PDT) - Your Amateur Radio License and You - Justin/InkRF
ICSV - (11:30-11:59 PDT) - CRITICAL FINDING: Lessons Learned from Dozens of Industrial Network Architecture Reviews - Miriam Lorbert,Nate Pelz
ICSV - cont...(10:00-17:59 PDT) - CISA and Idaho National Lab Escape Room -
ICSV - cont...(10:00-17:59 PDT) - Fantom5 SeaTF CTF -
ICSV - cont...(10:00-17:59 PDT) - Hack the Plan[e]t CTF -
ICSV - cont...(10:00-17:59 PDT) - DDS Hack-the-Microgrid -
ICSV - Closing a Security Gap in the Industrial Infrastructure Ecosystem: Under-Resourced Organizations - Dawn Cappelli
IOTV - cont...(10:00-17:59 PDT) - IoT Village CTF Challenges -
IOTV - cont...(10:00-17:59 PDT) - Hands on hacking labs -
IOTV - cont...(10:00-17:59 PDT) - Hands on Hardware Hacking – eMMC to Root - Deral Heiland
IOTV - cont...(10:00-17:59 PDT) - Drone Hack -
IOTV - Hacking Product Security Interviews -
IOTV - (11:30-11:59 PDT) - Hacking Product Security Interviews -
LPV - Medeco cam lock exploit "an old attack made new again" - N∅thing
MIV - cont...(10:00-11:30 PDT) - The hybrid strategies of autocratic states: narrative characteristics of disinformation campaigns in relation to issues of a scientific-health nature - Carlos Galán
MIV - (11:30-13:30 PDT) - Cognitive Security: Human Vulnerabilities, Exploits, & TTPs - Matthew Canham
MIV - (11:30-13:30 PDT) - Detecting the "Fake News" Before It Was Even Written, Media Literacy, and Flattening the Curve of the COVID-19 Infodemic - Preslav Nakov
MIV - (11:30-13:30 PDT) - Uncovering multi-platform misinformation campaigns with Information Tracer - Zhouhan Chen
MIV - (11:30-13:30 PDT) - SimPPL: Simulating Social Networks and Disinformation - Swapneel Mehta
MIV - (11:30-13:30 PDT) - Dazed and Seriously Confused: Analysis of Data Voids & the Disinformation Landscape of Central Asia - Rhyner Washburn
PHV - cont...(10:00-17:59 PDT) - Packet Inspector -
PHV - cont...(10:00-17:59 PDT) - Packet Detective -
PHV - cont...(10:00-17:59 PDT) - Honey Pot Workshop -
PHV - cont...(10:00-17:59 PDT) - NetworkOS Workshop -
PHV - cont...(10:00-17:59 PDT) - RegEx Trainer -
PHV - cont...(10:00-17:59 PDT) - Linux Trainer -
PHV - cont...(10:00-17:59 PDT) - Botnet Workshop -
PHV - cont...(10:00-17:59 PDT) - HardWired -
PHV - cont...(10:00-17:59 PDT) - Wall of Sheep -
PSV - cont...(10:00-17:59 PDT) - Physical Security Village -
PSV - (11:30-11:59 PDT) - Bypass 101 - Karen Ng
PYV - cont...(09:00-13:59 PDT) - Payment Hacking Challenge -
QTV - Meet Lucy - Jamie Friel
RCV - cont...(10:50-11:35 PDT) - Information Confrontation 2022 – A loud war and a quiet enemy - Luke Richards (Wbbigdave)
RCV - (11:35-11:59 PDT) - (Not-So-Secret) Tunnel: Digging into Exposed ngrok Endpoints - Eugene Lim
RFV - cont...(10:00-17:59 PDT) - SpaceX & Starlink Satellite Internet - Starlink
RFV - cont...(10:00-17:59 PDT) - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
RFV - cont...(10:30-11:30 PDT) - RF CTF Kick Off Day 1 - RF Hackers Village Staff
RFV - (11:30-12:30 PDT) - How a weirdly shaped piece of metal pulls cat memes out of thin air - Tyler
RHV - cont...(10:00-13:59 PDT) - Human Chip Implants -
RHV - Rock the Cash Box - Spicy Wasabi
ROV - Picking Pockets, Picked Apart - James Harrison
RTV - Red Team Village Keynote Panel - John Hammond,Alh4zr3d,Ryan M. Montgomery
SEV - cont...(09:00-11:59 PDT) - Vishing Competition (SECVC) - LIVE CALLS -
SEV - cont...(09:00-17:59 PDT) - Heroes vs Villians, a SEC Youth Challenge -
SKY - cont...(10:35-11:25 PDT) - Hundreds of incidents, what can we share? - Brenton Morris,Guy Barnhart-Magen
SKY - (11:40-11:59 PDT) - Android, Birthday Cake, Open Wifi... Oh my! - A.Krontab
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - No Starch Press - Book Signing - Craig Smith, The Car Hacker's Handbook
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
TEV - cont...(10:00-17:59 PDT) - Learn at Tamper-Evident Village -
WS - cont...(09:00-12:59 PDT) - CICD security: A new eldorado - Gauthier Sebaux,Remi Escourrou,Xavier Gerondeau
WS - cont...(09:00-12:59 PDT) - Finding Security Vulnerabilities Through Fuzzing - Hardik Shah
WS - cont...(09:00-12:59 PDT) - Introduction to Cryptographic Attacks - Matt Cheung
WS - cont...(09:00-12:59 PDT) - The Art of Modern Malware Analysis: Initial Infection Malware, Infrastructure, and C2 Frameworks - Aaron Rosenmund,Josh Stroschein,Ryan J Chapman
WS - cont...(09:00-12:59 PDT) - DFIR Against the Digital Darkness: An Intro to Forensicating Evil - Michael Register,Michael Solomon
Friday - 12:00 PDT
Return to Index - Locations Legend
AIV - AI Village Keynote - Keith E. Sonderling
APV - cont...(11:15-13:15 PDT) - Data security and privacy in application security - Eyitayo Alimi
ASV - cont...(09:00-16:59 PDT) - California CyberSecurity Institute Space Grand Challenge -
ASV - cont...(10:00-16:59 PDT) - Amazon Web Services Aerospace and Satellite Jam -
ASV - cont...(10:00-16:59 PDT) - Hack the Airfield with DDS -
ASV - cont...(10:00-16:59 PDT) - Satellite Eavesdropping with DDS -
ASV - cont...(10:00-15:59 PDT) - Red Balloon Failsat Challenges -
ASV - cont...(10:00-16:59 PDT) - Hack the Airport with Intelligenesis -
ASV - cont...(10:00-15:59 PDT) - Boeing ARINC 429 Airplane Challenge and CTF -
ASV - cont...(10:00-16:59 PDT) - Hack-A-Sat Digital Twin Workshop -
ASV - Hackers Help Make My Airline Secure - Deneen Defiore
ASV - Hack-A-Sat Aerospace PiSat Challenge -
AVV - cont...(11:30-13:30 PDT) - Adversary Booth - Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee
AVV - cont...(11:30-17:30 PDT) - Adversary Wars CTF -
AVV - cont...(11:30-12:15 PDT) - 'Damn the exploits! Full speed ahead!' How naval fleet tactics redefine cyber operations - Christopher Cottrell
AVV - (12:15-12:30 PDT) - Malware Emulation Attack Graphs - Jack Wells
AVV - (12:30-12:59 PDT) - Hacked by Raspberia: Simulating a nationally disruptive attack by a non-existent state actor - Sanne Maasakkers
BHV - Gird your loins: premise and perils of biomanufacturing - Nathan Case
BHV - (12:30-13:30 PDT) - How to stop Surveillance Captalism in Healthcare - Andrea Downing,Jillian Simons,Valencia Robinson
BICV - "The Man" in the Middle - Alexis Hancock
BTV - cont...(11:30-12:30 PDT) - Obsidian: IR - It all starts here, scoping the incident - ChocolateCoat
BTV - cont...(11:30-12:30 PDT) - Obsidian CTI: Generating Threat Intelligence from an Incident - ttheveii0x,Stephanie G.,l00sid
BTV - cont...(11:45-12:45 PDT) - Malicious memory techniques on Windows and how to spot them - Connor Morley
BTV - cont...(11:00-12:30 PDT) - Practical Dark Web Hunting using Automated Scripts - Apurv Singh Gautam
CHV - Remote Exploitation of Honda Cars - Mohammed Shine
CLV - A ransomware actor looks at the clouds: attacking in a cloud-native way - Jay Chen
CLV - (12:30-13:10 PDT) - Weather Proofing GCP Defaults - Shannon McHale
CON - cont...(10:30-18:30 PDT) - Capture The Packet Preliminaries -
CON - cont...(10:00-17:59 PDT) - IoT Village CTF (the CTF formally known as SOHOplessly Broken) -
CON - cont...(10:00-17:30 PDT) - Car Hacking Village CTF -
CON - cont...(10:00-19:59 PDT) - DARKNET-NG -
CON - cont...(10:00-17:59 PDT) - pTFS Presents: Mayhem Industries - Outside the Box -
CON - cont...(10:00-17:59 PDT) - DEF CON’s Next Top Threat Model -
CON - cont...(10:00-19:59 PDT) - DC30 Ham Radio Fox Hunt Contest -
CON - cont...(10:00-16:59 PDT) - Red Team Village CTF Qualifiers Part 1 -
CON - cont...(10:00-17:59 PDT) - Crash and Compile - Qualifications -
CON - cont...(10:00-17:59 PDT) - Trace Labs OSINT Search Party CTF - Sign-ups -
CON - cont...(10:00-17:59 PDT) - CMD+CTRL -
CON - cont...(11:00-14:59 PDT) - Beverage Cooling Contraption Contest (BCCC) -
CON - Red Alert ICS CTF -
CON - Octopus Game - Individual Phase -
CON - cont...(10:00-13:59 PDT) - Radio Frequency Capture the Flag -
CON - cont...(10:00-17:59 PDT) - Hospital Under Siege -
CON - BIC Village Capture The Flag -
CON - Betting on Your Digital Rights: EFF Benefit Poker Tournament -
CON - cont...(10:00-19:59 PDT) - Kubernetes Capture The Flag -
CPV - PSA: Doorbell Cameras Have Mics, Too - Matthew Guariglia,Yael Grauer
DC - Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More - Kyle Avery
DC - One Bootloader to Load Them All - Jesse Michael,Mickey Shkatov
DC - cont...(08:00-18:59 PDT) - Human Registration Open
DC - Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal - Lennert Wouters
DC - cont...(11:30-12:15 PDT) - A Policy Fireside Chat with the National Cyber Director - Kim Zetter,Chris Inglis
DC - (12:30-13:15 PDT) - Global Challenges, Global Approaches in Cyber Policy - Gaurav Keerthi,Lily Newman,Pete Cooper
DC - cont...(10:00-17:59 PDT) - Vendor Area Open -
DC - cont...(09:00-15:59 PDT) - Merch (formerly swag) Area Open -- README -
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
DC - cont...(10:00-17:59 PDT) - Memorial Room Open -
DC - cont...(10:00-17:59 PDT) - Village Areas Open (Generally) -
DCGVR - Exploits and Dragons - Mauro Eldritch,AdanZkx
DDV - cont...(10:00-16:59 PDT) - DDV open and accepting drives for duplication -
DL - Packet Sender - Dan Nagle
DL - Wakanda Land - Stephen Kofi Asamoah
DL - AzureGoat: Damn Vulnerable Azure Infrastructure - Nishant Sharma,Rachna Umraniya
DL - EMBA - Open-Source Firmware Security Testing - Michael Messner,Pascal Eckmann
DL - Mercury - David McGrew,Brandon Enright
GHV - cont...(11:00-12:30 PDT) - Workshop: Intro to CTF - Professor Rogers
GHV - (12:30-13:30 PDT) - Resumé Review
HHV - cont...(10:00-17:59 PDT) - Solder Skills Village - Open
HHV - cont...(10:00-17:59 PDT) - Hardware Hacking Village - Open
HRV - cont...(11:30-12:30 PDT) - Your Amateur Radio License and You - Justin/InkRF
ICSV - Understanding Modbus TCP and the GRACE Console [[Maritime]] - Dave Burke
ICSV - cont...(10:00-17:59 PDT) - CISA and Idaho National Lab Escape Room -
ICSV - cont...(10:00-17:59 PDT) - Fantom5 SeaTF CTF -
ICSV - cont...(10:00-17:59 PDT) - Hack the Plan[e]t CTF -
ICSV - cont...(10:00-17:59 PDT) - DDS Hack-the-Microgrid -
IOTV - cont...(10:00-17:59 PDT) - IoT Village CTF Challenges -
IOTV - cont...(10:00-17:59 PDT) - Hands on hacking labs -
IOTV - cont...(10:00-17:59 PDT) - Hands on Hardware Hacking – eMMC to Root - Deral Heiland
IOTV - cont...(10:00-17:59 PDT) - Drone Hack -
LPV - The least secure biometric lock on Earth? - Seth Kintigh
MIV - cont...(11:30-13:30 PDT) - Cognitive Security: Human Vulnerabilities, Exploits, & TTPs - Matthew Canham
MIV - cont...(11:30-13:30 PDT) - Detecting the "Fake News" Before It Was Even Written, Media Literacy, and Flattening the Curve of the COVID-19 Infodemic - Preslav Nakov
MIV - cont...(11:30-13:30 PDT) - Uncovering multi-platform misinformation campaigns with Information Tracer - Zhouhan Chen
MIV - cont...(11:30-13:30 PDT) - SimPPL: Simulating Social Networks and Disinformation - Swapneel Mehta
MIV - cont...(11:30-13:30 PDT) - Dazed and Seriously Confused: Analysis of Data Voids & the Disinformation Landscape of Central Asia - Rhyner Washburn
PHV - cont...(10:00-17:59 PDT) - Packet Inspector -
PHV - cont...(10:00-17:59 PDT) - Packet Detective -
PHV - cont...(10:00-17:59 PDT) - Honey Pot Workshop -
PHV - cont...(10:00-17:59 PDT) - NetworkOS Workshop -
PHV - cont...(10:00-17:59 PDT) - RegEx Trainer -
PHV - cont...(10:00-17:59 PDT) - Linux Trainer -
PHV - cont...(10:00-17:59 PDT) - Botnet Workshop -
PHV - cont...(10:00-17:59 PDT) - HardWired -
PHV - cont...(10:00-17:59 PDT) - Wall of Sheep -
PLV - Red Teaming the Open Source Software Supply Chain - Allan Friedman,Aeva Black
PLV - Hacking law is for hackers - how recent changes to CFAA, DMCA, and global policies affect security research - Harley Geiger,Leonard Bailey
PSV - cont...(10:00-17:59 PDT) - Physical Security Village -
PSV - (12:30-12:59 PDT) - Pwning Alarm Wires - Bill Graydon
PYV - cont...(09:00-13:59 PDT) - Payment Hacking Challenge -
QTV - An introduction to quantum algorithms - Kathrin Spendier,Mark Jackson
RCV - Not All Who Wander Are Lost: Using OSINT for a Fulfilling Travel Experience - Tracy Z. Maleeff
RCV - (12:45-13:30 PDT) - Stalking Back - MasterChen
RFV - cont...(10:00-17:59 PDT) - SpaceX & Starlink Satellite Internet - Starlink
RFV - cont...(10:00-17:59 PDT) - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
RFV - cont...(11:30-12:30 PDT) - How a weirdly shaped piece of metal pulls cat memes out of thin air - Tyler
RFV - (12:30-12:59 PDT) - Intro guide to keyfob hacking - Woody
RHV - cont...(10:00-13:59 PDT) - Human Chip Implants -
ROV - (12:30-13:30 PDT) - Catch the Cheat - Four Suits Co
RTV - Dip Your Toes in Infrastructure Testing: A Hands on Workshop Focusing on the Things CTF's Don't Teach - Andrew Sutters,Jules Rigaudie
SEV - cont...(09:00-17:59 PDT) - Heroes vs Villians, a SEC Youth Challenge -
SEV - Cold Calls -
SKY - The Richest Phisherman in Colombia - Matt Mosley,Nick Ascoli
SKY - (12:45-13:35 PDT) - Taking Down the Grid - Joe Slowik
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - No Starch Press - Book Signing - Jasper van Woudenberg, Hardware Hacking Handbook
SOC - Friends of Bill W -
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
TEV - cont...(10:00-17:59 PDT) - Learn at Tamper-Evident Village -
VMV - The State of Election Security Training - Jerome Lovato
WS - cont...(09:00-12:59 PDT) - CICD security: A new eldorado - Gauthier Sebaux,Remi Escourrou,Xavier Gerondeau
WS - cont...(09:00-12:59 PDT) - Finding Security Vulnerabilities Through Fuzzing - Hardik Shah
WS - cont...(09:00-12:59 PDT) - Introduction to Cryptographic Attacks - Matt Cheung
WS - cont...(09:00-12:59 PDT) - The Art of Modern Malware Analysis: Initial Infection Malware, Infrastructure, and C2 Frameworks - Aaron Rosenmund,Josh Stroschein,Ryan J Chapman
WS - cont...(09:00-12:59 PDT) - DFIR Against the Digital Darkness: An Intro to Forensicating Evil - Michael Register,Michael Solomon
Friday - 13:00 PDT
Return to Index - Locations Legend
AIV - Machine Learning Security Evasion Competition Launch - Hyrum Anderson
APV - cont...(11:15-13:15 PDT) - Data security and privacy in application security - Eyitayo Alimi
APV - (13:45-14:45 PDT) - Hacking 8+ million websites - Ethical dilemmas when bug hunting and why they matter - Rotem Bar
ASV - cont...(09:00-16:59 PDT) - California CyberSecurity Institute Space Grand Challenge -
ASV - cont...(10:00-16:59 PDT) - Amazon Web Services Aerospace and Satellite Jam -
ASV - cont...(10:00-16:59 PDT) - Hack the Airfield with DDS -
ASV - cont...(10:00-16:59 PDT) - Satellite Eavesdropping with DDS -
ASV - cont...(10:00-15:59 PDT) - Red Balloon Failsat Challenges -
ASV - cont...(10:00-16:59 PDT) - Hack the Airport with Intelligenesis -
ASV - cont...(10:00-15:59 PDT) - Boeing ARINC 429 Airplane Challenge and CTF -
ASV - cont...(10:00-16:59 PDT) - Hack-A-Sat Digital Twin Workshop -
ASV - cont...(12:00-16:59 PDT) - Hack-A-Sat Aerospace PiSat Challenge -
ASV - Cyber Star© Competition Presented by The Space ISAC -
ASV - Resumé Review and Career Guidance Session -
ASV - Cyber Star Card Game Tutorial - Rick White
ASV - Pen Test Partners A320 Simulator -
ASV - (13:30-13:55 PDT) - Securing the Future of Aviation CyberSecurity - Timothy Weston
AVV - cont...(11:30-13:30 PDT) - Adversary Booth - Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee
AVV - cont...(11:30-17:30 PDT) - Adversary Wars CTF -
AVV - (13:15-13:45 PDT) - Balancing the Scales of Just-Good-Enough - Frank Duff,Ian Davila
BHV - cont...(12:30-13:30 PDT) - How to stop Surveillance Captalism in Healthcare - Andrea Downing,Jillian Simons,Valencia Robinson
BHV - (13:30-13:59 PDT) - DIY Medicine With Unusual Uses for Existing FDA-Approved Drugs - Mixæl S. Laufer
BTV - Obsidian Forensics: KillChain1 - Adventures in Splunk and Security Onion - Wes Lambert,ExtremePaperClip,Omenscan
BTV - Obsidian: IR - Mise En Place for Investigations - ChocolateCoat,aviditas,CountZ3r0
BTV - Obsidian CTH: Hunting for Adversary's Schedule - Cyb3rHawk
BTV - Improving security posture of MacOS and Linux with Azure AD - Michael Epping,Mark Morowczynski
BTV - Ransomware ATT&CK and Defense - Daniel Chen,Esther Matut,Ronny Thammasathiti,Nick Baker,Ben Hughes
CHV - RFCommotion - Invisible Serial Ports Flying Through the Air - Kamel
CLV - cont...(12:30-13:10 PDT) - Weather Proofing GCP Defaults - Shannon McHale
CLV - Security at Every Step: The TL;DR on Securing Your AWS Code Pipeline - Cassandra Young (muteki)
CLV - (13:40-14:20 PDT) - Sponsored Talk
CON - cont...(10:30-18:30 PDT) - Capture The Packet Preliminaries -
CON - cont...(10:00-17:59 PDT) - IoT Village CTF (the CTF formally known as SOHOplessly Broken) -
CON - cont...(10:00-17:30 PDT) - Car Hacking Village CTF -
CON - cont...(10:00-19:59 PDT) - DARKNET-NG -
CON - cont...(10:00-17:59 PDT) - pTFS Presents: Mayhem Industries - Outside the Box -
CON - cont...(10:00-17:59 PDT) - DEF CON’s Next Top Threat Model -
CON - cont...(10:00-19:59 PDT) - DC30 Ham Radio Fox Hunt Contest -
CON - cont...(10:00-16:59 PDT) - Red Team Village CTF Qualifiers Part 1 -
CON - cont...(10:00-17:59 PDT) - Crash and Compile - Qualifications -
CON - cont...(10:00-17:59 PDT) - Trace Labs OSINT Search Party CTF - Sign-ups -
CON - cont...(10:00-17:59 PDT) - CMD+CTRL -
CON - cont...(11:00-14:59 PDT) - Beverage Cooling Contraption Contest (BCCC) -
CON - cont...(12:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-13:59 PDT) - Radio Frequency Capture the Flag -
CON - cont...(10:00-17:59 PDT) - Hospital Under Siege -
CON - cont...(12:00-14:59 PDT) - BIC Village Capture The Flag -
CON - cont...(12:00-14:59 PDT) - Betting on Your Digital Rights: EFF Benefit Poker Tournament -
CON - cont...(10:00-19:59 PDT) - Kubernetes Capture The Flag -
CPV - Reflections on 9 Years of CPV - Whitney Merrill
CPV - (13:30-13:59 PDT) - How to Respond to Data Subject Access Requests - Irene Mo
DC - Backdooring Pickles: A decade only made things worse - ColdwaterQ
DC - (13:30-13:50 PDT) - Weaponizing Windows Syscalls as Modern, 32-bit Shellcode - Tarek Abdelmotaleb,Dr. Bramwell Brizendine
DC - You’re <strike>Muted</strike>Rooted - Patrick Wardle
DC - cont...(08:00-18:59 PDT) - Human Registration Open
DC - Emoji Shellcoding: 🛠️, 🧌, and 🤯 - Georges-Axel Jaloyan,Hadrien Barral
DC - cont...(12:30-13:15 PDT) - Global Challenges, Global Approaches in Cyber Policy - Gaurav Keerthi,Lily Newman,Pete Cooper
DC - (13:30-14:15 PDT) - A Policy Fireside Chat with Jay Healey - Jason Healey,Fahmida Rashid
DC - cont...(10:00-17:59 PDT) - Vendor Area Open -
DC - cont...(09:00-15:59 PDT) - Merch (formerly swag) Area Open -- README -
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
DC - cont...(10:00-17:59 PDT) - Memorial Room Open -
DC - cont...(10:00-17:59 PDT) - Village Areas Open (Generally) -
DCGVR - How to Start and Run a Group - Xray
DDV - cont...(10:00-16:59 PDT) - DDV open and accepting drives for duplication -
DDV - How long do hard drives and SSDs live, and what can they tell us along the way? - Andrew Klein
DL - cont...(12:00-13:55 PDT) - Packet Sender - Dan Nagle
DL - cont...(12:00-13:55 PDT) - Wakanda Land - Stephen Kofi Asamoah
DL - cont...(12:00-13:55 PDT) - AzureGoat: Damn Vulnerable Azure Infrastructure - Nishant Sharma,Rachna Umraniya
DL - cont...(12:00-13:55 PDT) - EMBA - Open-Source Firmware Security Testing - Michael Messner,Pascal Eckmann
DL - cont...(12:00-13:55 PDT) - Mercury - David McGrew,Brandon Enright
GHV - cont...(12:30-13:30 PDT) - Resumé Review
GHV - (13:30-14:30 PDT) - Leading the Way - Alshlon Banks,Eric Belardo,Monique Head,Rebekah Skeete,Yatia Hopkins,Mari Galloway,Tennisha Martin
HHV - cont...(10:00-17:59 PDT) - Solder Skills Village - Open
HHV - cont...(10:00-17:59 PDT) - Hardware Hacking Village - Open
HHV - Reversing An M32C Firmware – Lesson Learned From Playing With An Uncommon Architecture - Philippe Laulheret
HRV - Free Amateur Radio License Exams -
ICSV - cont...(10:00-17:59 PDT) - CISA and Idaho National Lab Escape Room -
ICSV - cont...(10:00-17:59 PDT) - Fantom5 SeaTF CTF -
ICSV - cont...(10:00-17:59 PDT) - Hack the Plan[e]t CTF -
ICSV - cont...(10:00-17:59 PDT) - DDS Hack-the-Microgrid -
ICSV - Maritime Hacking Boundary Adventure -
ICSV - The USCG's Maritime Cybersecurity Strategy [[maritime]] - RADM John Mauger
IOTV - cont...(10:00-17:59 PDT) - IoT Village CTF Challenges -
IOTV - cont...(10:00-17:59 PDT) - Hands on hacking labs -
IOTV - cont...(10:00-17:59 PDT) - Hands on Hardware Hacking – eMMC to Root - Deral Heiland
IOTV - cont...(10:00-17:59 PDT) - Drone Hack -
LPV - Intro to Lockpicking - TOOOL
MIV - cont...(11:30-13:30 PDT) - Cognitive Security: Human Vulnerabilities, Exploits, & TTPs - Matthew Canham
MIV - cont...(11:30-13:30 PDT) - Detecting the "Fake News" Before It Was Even Written, Media Literacy, and Flattening the Curve of the COVID-19 Infodemic - Preslav Nakov
MIV - cont...(11:30-13:30 PDT) - Uncovering multi-platform misinformation campaigns with Information Tracer - Zhouhan Chen
MIV - cont...(11:30-13:30 PDT) - SimPPL: Simulating Social Networks and Disinformation - Swapneel Mehta
MIV - cont...(11:30-13:30 PDT) - Dazed and Seriously Confused: Analysis of Data Voids & the Disinformation Landscape of Central Asia - Rhyner Washburn
PHV - cont...(10:00-17:59 PDT) - Packet Inspector -
PHV - cont...(10:00-17:59 PDT) - Packet Detective -
PHV - cont...(10:00-17:59 PDT) - Honey Pot Workshop -
PHV - cont...(10:00-17:59 PDT) - NetworkOS Workshop -
PHV - cont...(10:00-17:59 PDT) - RegEx Trainer -
PHV - cont...(10:00-17:59 PDT) - Linux Trainer -
PHV - cont...(10:00-17:59 PDT) - Botnet Workshop -
PHV - cont...(10:00-17:59 PDT) - HardWired -
PHV - cont...(10:00-17:59 PDT) - Wall of Sheep -
PLV - cont...(12:00-13:45 PDT) - Red Teaming the Open Source Software Supply Chain - Allan Friedman,Aeva Black
PLV - cont...(12:00-13:45 PDT) - Hacking law is for hackers - how recent changes to CFAA, DMCA, and global policies affect security research - Harley Geiger,Leonard Bailey
PSV - cont...(10:00-17:59 PDT) - Physical Security Village -
PSV - (13:30-13:59 PDT) - RFID Hacking 101 - Ege F
PWV - Hacking Hashcat - Ray “Senpai” Morris
PYV - cont...(09:00-13:59 PDT) - Payment Hacking Challenge -
RCV - cont...(12:45-13:30 PDT) - Stalking Back - MasterChen
RFV - cont...(10:00-17:59 PDT) - SpaceX & Starlink Satellite Internet - Starlink
RFV - cont...(10:00-17:59 PDT) - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
RFV - Wardriving 101 - or How I Learned to Stop Worrying and Love Bad Fuel Economy and High Gas Prices - Raker
RFV - (13:30-13:59 PDT) - Keeping Your Distance: Pwning RFID Physical Access Controls From 6FT and Beyond - Daniel Goga,Langston Clement (aka sh0ck)
RHV - cont...(10:00-13:59 PDT) - Human Chip Implants -
ROV - cont...(12:30-13:30 PDT) - Catch the Cheat - Four Suits Co
RTV - cont...(12:00-15:59 PDT) - Dip Your Toes in Infrastructure Testing: A Hands on Workshop Focusing on the Things CTF's Don't Teach - Andrew Sutters,Jules Rigaudie
RTV - Attack and Defend with the Command and Control (C2) Matrix - Jake Williams
RTV - HackerOps - Ralph May
RTV - OSINT Skills Lab Challenge - Lee McWhorter,Sandra Stibbards
RTV - Quiet Recon: Gathering everything you need with LDAP and native AD services - Cory Wolff
SEV - cont...(09:00-17:59 PDT) - Heroes vs Villians, a SEC Youth Challenge -
SEV - Vishing Competition (SECVC) - LIVE CALLS -
SKY - cont...(12:45-13:35 PDT) - Taking Down the Grid - Joe Slowik
SKY - (13:50-14:40 PDT) - Don't Blow A Fuse: Some Truths about Fusion Centres - 3ncr1pt3d
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - No Starch Press - Book Signing - Fotios Chantzis, Paulino Calderon, & Beau Woods, Practical IoT Hacking
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
TEV - cont...(10:00-17:59 PDT) - Learn at Tamper-Evident Village -
VMV - Truly Maligned: How Disinformation Targets Minority Communities to Create Voter Suppression - Nicole Tisdale
Friday - 14:00 PDT
Return to Index - Locations Legend
AIV - The Chaos of Coding with Language Models - Nick Dorion
APV - cont...(13:45-14:45 PDT) - Hacking 8+ million websites - Ethical dilemmas when bug hunting and why they matter - Rotem Bar
APV - (14:45-16:45 PDT) - Hands-on threat modeling - Chris Romeo
ASV - cont...(09:00-16:59 PDT) - California CyberSecurity Institute Space Grand Challenge -
ASV - cont...(10:00-16:59 PDT) - Amazon Web Services Aerospace and Satellite Jam -
ASV - cont...(10:00-16:59 PDT) - Hack the Airfield with DDS -
ASV - cont...(10:00-16:59 PDT) - Satellite Eavesdropping with DDS -
ASV - cont...(10:00-15:59 PDT) - Red Balloon Failsat Challenges -
ASV - cont...(10:00-16:59 PDT) - Hack the Airport with Intelligenesis -
ASV - cont...(10:00-15:59 PDT) - Boeing ARINC 429 Airplane Challenge and CTF -
ASV - cont...(10:00-16:59 PDT) - Hack-A-Sat Digital Twin Workshop -
ASV - cont...(12:00-16:59 PDT) - Hack-A-Sat Aerospace PiSat Challenge -
ASV - cont...(13:00-14:59 PDT) - Resumé Review and Career Guidance Session -
ASV - cont...(13:00-14:59 PDT) - Pen Test Partners A320 Simulator -
ASV - Final Boarding Call for Cyber Policy Airlines Flight 443 - Ayan Islam,Mary Brooks,Olivia Stella,Rebecca Ash
AVV - cont...(11:30-17:30 PDT) - Adversary Wars CTF -
AVV - Master of Puppets: How to tamper the EDR? - Daniel Feichter
AVV - (14:30-17:30 PDT) - Adversary Booth - Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee
AVV - (14:40-14:59 PDT) - Exotic data exfiltration - Jean-Michel Amblat
BHV - (14:30-15:59 PDT) - How to have an extraterrestrial conversation. Active METI Principles and Hackathon! - Chris Richardson,Éanna Doyle
BICV - DEI in Cybersecurity (Breaking through the barrier, behind the barrier... behind the barrier) - Damian Grant
BTV - Obsidian CTH Live: Killchain 1 Walkthrough -
BTV - Obsidian Forensics: The Importance of Sysmon for Investigations - ExtremePaperClip
BTV - Obsidian REM: Long Walks On The Beach: Analyzing Collected PowerShells - Alison N
BTV - (14:15-15:15 PDT) - Lend me your IR's! - Matt Scheurer
BTV - cont...(13:00-14:30 PDT) - Ransomware ATT&CK and Defense - Daniel Chen,Esther Matut,Ronny Thammasathiti,Nick Baker,Ben Hughes
CHV - Security like the 80's: How I stole your RF - Ayyappan Rajesh
CHV - (14:30-15:10 PDT) - Integrating mileage clocking and other hacking equipment into a vehicle simulator rig - David Rogers
CLV - cont...(13:40-14:20 PDT) - Sponsored Talk
CLV - (14:20-14:50 PDT) - Flying Under Cloud Cover: Built-in Blind Spots in Cloud Security - Noam Dahan
CON - cont...(10:30-18:30 PDT) - Capture The Packet Preliminaries -
CON - cont...(10:00-17:59 PDT) - IoT Village CTF (the CTF formally known as SOHOplessly Broken) -
CON - cont...(10:00-17:30 PDT) - Car Hacking Village CTF -
CON - cont...(10:00-19:59 PDT) - DARKNET-NG -
CON - cont...(10:00-17:59 PDT) - pTFS Presents: Mayhem Industries - Outside the Box -
CON - cont...(10:00-17:59 PDT) - DEF CON’s Next Top Threat Model -
CON - cont...(10:00-19:59 PDT) - DC30 Ham Radio Fox Hunt Contest -
CON - cont...(10:00-16:59 PDT) - Red Team Village CTF Qualifiers Part 1 -
CON - cont...(10:00-17:59 PDT) - Crash and Compile - Qualifications -
CON - cont...(10:00-17:59 PDT) - Trace Labs OSINT Search Party CTF - Sign-ups -
CON - cont...(10:00-17:59 PDT) - CMD+CTRL -
CON - cont...(11:00-14:59 PDT) - Beverage Cooling Contraption Contest (BCCC) -
CON - cont...(12:00-17:59 PDT) - Red Alert ICS CTF -
CON - Hack3r Runw@y -
CON - cont...(10:00-17:59 PDT) - Hospital Under Siege -
CON - cont...(12:00-14:59 PDT) - BIC Village Capture The Flag -
CON - cont...(12:00-14:59 PDT) - Betting on Your Digital Rights: EFF Benefit Poker Tournament -
CON - cont...(10:00-19:59 PDT) - Kubernetes Capture The Flag -
CPV - Securing and Standardizing Data Rights Requests with a Data Rights Protocol - Dazza Greenwood,Ginny Fahs,Ryan Rix
CPV - (14:30-14:59 PDT) - The Multiverse of Madness: Navigating the 50-State Approach to Privacy and Security - Anthony Hendricks
DC - Process injection: breaking all macOS security layers with a single vulnerability - Thijs Alkemade
DC - Phreaking 2.0 - Abusing Microsoft Teams Direct Routing - Moritz Abrell
DC - (14:30-15:15 PDT) - Trace me if you can: Bypassing Linux Syscall Tracing - Rex Guo,Junyuan Zeng
DC - cont...(08:00-18:59 PDT) - Human Registration Open
DC - Space Jam: Exploring Radio Frequency Attacks in Outer Space - James Pavur
DC - cont...(13:30-14:15 PDT) - A Policy Fireside Chat with Jay Healey - Jason Healey,Fahmida Rashid
DC - (14:30-15:15 PDT) - Leak The Planet: Veritatem cognoscere non pereat mundus - Xan North,Emma Best
DC - cont...(10:00-17:59 PDT) - Vendor Area Open -
DC - cont...(09:00-15:59 PDT) - Merch (formerly swag) Area Open -- README -
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
DC - cont...(10:00-17:59 PDT) - Memorial Room Open -
DC - cont...(10:00-17:59 PDT) - Village Areas Open (Generally) -
DCGVR - Advanced Packet Wrangling with tcpdump - Scribbles
DDV - cont...(10:00-16:59 PDT) - DDV open and accepting drives for duplication -
DL - CyberPeace Builders - Adrien Ogee
DL - AWSGoat : A Damn Vulnerable AWS Infrastructure - Jeswin Mathai,Sanjeev Mahunta
DL - AADInternals: The Ultimate Azure AD Hacking Toolkit - Nestori Syynimaa
DL - PCILeech and MemProcFS - Ulf Frisk,Ian Vitek
DL - Badrats: Initial Access Made Easy - Kevin Clark,Dominic “Cryillic” Cunningham
GHV - cont...(13:30-14:30 PDT) - Leading the Way - Alshlon Banks,Eric Belardo,Monique Head,Rebekah Skeete,Yatia Hopkins,Mari Galloway,Tennisha Martin
GHV - (14:30-14:59 PDT) - First Year in Cyber - Crystal Phinn,T. Halloway
HHV - cont...(10:00-17:59 PDT) - Solder Skills Village - Open
HHV - cont...(10:00-17:59 PDT) - Hardware Hacking Village - Open
HHV - Movie-Style Hardware Hacking - Bryan C. Geraghty
HRV - cont...(13:00-15:59 PDT) - Free Amateur Radio License Exams -
ICSV - Exposing aberrant network behaviors within ICS environments using a Raspberry Pi - Chet Hosmer,Mike Raggo
ICSV - cont...(10:00-17:59 PDT) - CISA and Idaho National Lab Escape Room -
ICSV - cont...(10:00-17:59 PDT) - Fantom5 SeaTF CTF -
ICSV - cont...(10:00-17:59 PDT) - Hack the Plan[e]t CTF -
ICSV - cont...(10:00-17:59 PDT) - DDS Hack-the-Microgrid -
ICSV - cont...(13:00-16:59 PDT) - Maritime Hacking Boundary Adventure -
IOTV - cont...(10:00-17:59 PDT) - IoT Village CTF Challenges -
IOTV - cont...(10:00-17:59 PDT) - Hands on hacking labs -
IOTV - cont...(10:00-17:59 PDT) - Hands on Hardware Hacking – eMMC to Root - Deral Heiland
IOTV - cont...(10:00-17:59 PDT) - Drone Hack -
LPV - The Right Way To Do Wrong: Physical security secrets of criminals and professionals alike - Patrick McNeil
MIV - (14:30-15:59 PDT) - Multi-Stakeholder Online Harm Threat Analysis - Jennifer Mathieu
MIV - (14:30-15:59 PDT) - FARA and DOJ’s Approach to Disinformation - Adam Hickey
MIV - (14:30-15:59 PDT) - Fireside Chat - Adam Hickey,Jennifer Mathieu
PHV - cont...(10:00-17:59 PDT) - Packet Inspector -
PHV - cont...(10:00-17:59 PDT) - Packet Detective -
PHV - cont...(10:00-17:59 PDT) - Honey Pot Workshop -
PHV - cont...(10:00-17:59 PDT) - NetworkOS Workshop -
PHV - cont...(10:00-17:59 PDT) - RegEx Trainer -
PHV - cont...(10:00-17:59 PDT) - Linux Trainer -
PHV - cont...(10:00-17:59 PDT) - Botnet Workshop -
PHV - cont...(10:00-17:59 PDT) - HardWired -
PHV - cont...(10:00-17:59 PDT) - Wall of Sheep -
PLV - Meet the Feds: ONCO Edition
PLV - Emerging Technical Cyber Policy Topics - Kurt Opsahl,Luiz Eduardo,Yan Shoshitaishvili,Yan Zhu
PLV - Emerging Cybersecurity Policy Topics
PSV - cont...(10:00-17:59 PDT) - Physical Security Village -
PSV - (14:30-14:59 PDT) - Pwning RFID From 6ft Away - Daniel Goga,Langston Clement (aka sh0ck)
QTV - The Quantum Tech Showcase: From QKD to QRNG Demo - Vikram Sharma
RFV - cont...(10:00-17:59 PDT) - SpaceX & Starlink Satellite Internet - Starlink
RFV - cont...(10:00-17:59 PDT) - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
RFV - Getting started with Meshtastic - aromond
RFV - (14:30-15:30 PDT) - Have a Software Defined Radio? - Design and make your own antennas - Erwin
ROV - False Dealing - Daniel Roy
RTV - cont...(12:00-15:59 PDT) - Dip Your Toes in Infrastructure Testing: A Hands on Workshop Focusing on the Things CTF's Don't Teach - Andrew Sutters,Jules Rigaudie
RTV - Cyber Resilience Bootcamp - Ron Taylor
RTV - HackerOps - Ralph May
RTV - OSINT Skills Lab Challenge - Lee McWhorter,Sandra Stibbards
SEV - cont...(09:00-17:59 PDT) - Heroes vs Villians, a SEC Youth Challenge -
SEV - cont...(13:00-15:59 PDT) - Vishing Competition (SECVC) - LIVE CALLS -
SKY - cont...(13:50-14:40 PDT) - Don't Blow A Fuse: Some Truths about Fusion Centres - 3ncr1pt3d
SKY - (14:55-15:45 PDT) - Cloud Threat Actors: No longer cryptojacking for fun and profit - Nathaniel Quist
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - No Starch Press - Book Signing - Travis Goodspeed, PoC or GTFO Volume 3
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
TEV - cont...(10:00-17:59 PDT) - Learn at Tamper-Evident Village -
VMV - Information Operations - Bryson Bort,Nicole Tisdale,Trapezoid
WS - Hacking the Metal 2: Hardware and the Evolution of C Creatures - Eigentourist
WS - Hand On Mainframe Buffer Overflows - RCE Edition - Jake Labelle,Phil Young
WS - Securing Industrial Control Systems from the core: PLC secure coding practices - Alexandrine Torrents,Arnaud Soullie
WS - FROM ZERO TO HERO IN A BLOCKCHAIN SECURITY - Dikla Barda,Oded Vanunu,Roman Zaikin
WS - Securing Smart Contracts - Elizabeth Biddlecome,Sam Bowne,Irvin Lemus,Kaitlyn Handleman
Friday - 15:00 PDT
Return to Index - Locations Legend
AIV - LATMA - Lateral movement analyzer - Gal Sadeh
APV - cont...(14:45-16:45 PDT) - Hands-on threat modeling - Chris Romeo
ASV - cont...(09:00-16:59 PDT) - California CyberSecurity Institute Space Grand Challenge -
ASV - cont...(10:00-16:59 PDT) - Amazon Web Services Aerospace and Satellite Jam -
ASV - cont...(10:00-16:59 PDT) - Hack the Airfield with DDS -
ASV - cont...(10:00-16:59 PDT) - Satellite Eavesdropping with DDS -
ASV - cont...(10:00-15:59 PDT) - Red Balloon Failsat Challenges -
ASV - cont...(10:00-16:59 PDT) - Hack the Airport with Intelligenesis -
ASV - cont...(10:00-15:59 PDT) - Boeing ARINC 429 Airplane Challenge and CTF -
ASV - cont...(10:00-16:59 PDT) - Hack-A-Sat Digital Twin Workshop -
ASV - cont...(12:00-16:59 PDT) - Hack-A-Sat Aerospace PiSat Challenge -
ASV - Ask an Airport CISO - Aakinn Patel
AVV - cont...(11:30-17:30 PDT) - Adversary Wars CTF -
AVV - cont...(14:30-17:30 PDT) - Adversary Booth - Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee
AVV - Building Adversary Chains Like an Operator - David Hunt,Stephan Wampouille
BHV - cont...(14:30-15:59 PDT) - How to have an extraterrestrial conversation. Active METI Principles and Hackathon! - Chris Richardson,Éanna Doyle
BTV - Heavyweights: Threat Hunting at Scale - Sherrod DeGrippo,Ashlee Benge,Jamie Williams,nohackme,Sean Zadig,Ryan Kovar
BTV - cont...(14:15-15:15 PDT) - Lend me your IR's! - Matt Scheurer
BTV - (15:30-16:30 PDT) - Malware Hunting - Discovering techniques in PDF malicious - Filipi Pires
CHV - cont...(14:30-15:10 PDT) - Integrating mileage clocking and other hacking equipment into a vehicle simulator rig - David Rogers
CHV - (15:30-15:55 PDT) - Smart Black Box Fuzzing of UDS CAN - Soohwan Oh,Jonghyuk Song,Jeongho Yang
CLV - Prowler Open Source Cloud Security: A Deep Dive Workshop - Toni de la Fuente
CON - cont...(10:30-18:30 PDT) - Capture The Packet Preliminaries -
CON - cont...(10:00-17:59 PDT) - IoT Village CTF (the CTF formally known as SOHOplessly Broken) -
CON - cont...(10:00-17:30 PDT) - Car Hacking Village CTF -
CON - cont...(10:00-19:59 PDT) - DARKNET-NG -
CON - cont...(10:00-17:59 PDT) - pTFS Presents: Mayhem Industries - Outside the Box -
CON - cont...(10:00-17:59 PDT) - DEF CON’s Next Top Threat Model -
CON - cont...(10:00-19:59 PDT) - DC30 Ham Radio Fox Hunt Contest -
CON - cont...(10:00-16:59 PDT) - Red Team Village CTF Qualifiers Part 1 -
CON - cont...(10:00-17:59 PDT) - Crash and Compile - Qualifications -
CON - cont...(10:00-17:59 PDT) - Trace Labs OSINT Search Party CTF - Sign-ups -
CON - cont...(10:00-17:59 PDT) - CMD+CTRL -
CON - cont...(12:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(14:00-15:59 PDT) - Hack3r Runw@y -
CON - cont...(10:00-17:59 PDT) - Hospital Under Siege -
CON - cont...(10:00-19:59 PDT) - Kubernetes Capture The Flag -
CPV - ID theft insurance - The Emperor’s new clothes? - Per Thorsheim
DC - LSASS Shtinkering: Abusing Windows Error Reporting to Dump LSASS - Asaf Gilboa,Ron Ben Yitzhak
DC - cont...(14:30-15:15 PDT) - Trace me if you can: Bypassing Linux Syscall Tracing - Rex Guo,Junyuan Zeng
DC - (15:30-16:15 PDT) - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling - James Kettle
DC - cont...(08:00-18:59 PDT) - Human Registration Open
DC - Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS. - Octavio Gianatiempo,Octavio Galland
DC - cont...(14:30-15:15 PDT) - Leak The Planet: Veritatem cognoscere non pereat mundus - Xan North,Emma Best
DC - (15:30-16:15 PDT) - How Russia is trying to block Tor - Roger Dingledine
DC - cont...(10:00-17:59 PDT) - Vendor Area Open -
DC - cont...(09:00-15:59 PDT) - Merch (formerly swag) Area Open -- README -
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
DC - cont...(10:00-17:59 PDT) - Memorial Room Open -
DC - cont...(10:00-17:59 PDT) - Village Areas Open (Generally) -
DCGVR - Ham Radio is not just for Dinosaurs, Why hackers need an amateur radio license - Giglio
DDV - cont...(10:00-16:59 PDT) - DDV open and accepting drives for duplication -
DDV - No bricks without clay - Data Fusion and Duplication in Cybersecurity - Lior Kolnik
DL - cont...(14:00-15:55 PDT) - CyberPeace Builders - Adrien Ogee
DL - cont...(14:00-15:55 PDT) - AWSGoat : A Damn Vulnerable AWS Infrastructure - Jeswin Mathai,Sanjeev Mahunta
DL - cont...(14:00-15:55 PDT) - AADInternals: The Ultimate Azure AD Hacking Toolkit - Nestori Syynimaa
DL - cont...(14:00-15:55 PDT) - PCILeech and MemProcFS - Ulf Frisk,Ian Vitek
DL - cont...(14:00-15:55 PDT) - Badrats: Initial Access Made Easy - Kevin Clark,Dominic “Cryillic” Cunningham
GHV - Workshop: Network Penetration Testing w HyperQube - Craig Stevenson,Kevin Chapman,Makayla Ferrell,Tennisha Martin
HHV - cont...(10:00-17:59 PDT) - Solder Skills Village - Open
HHV - cont...(10:00-17:59 PDT) - Hardware Hacking Village - Open
HHV - Injectyll-Hide: Build-Your-Own Hardware Implants - Jeremy Miller,Jonathan Fischer
HRV - cont...(13:00-15:59 PDT) - Free Amateur Radio License Exams -
HRV - Hacking Ham Radio: Dropping Shells at 1200 Baud - Rick Osgood
ICSV - Wind Energy Cybersecurity: Novel Environments facing Increased Threats - Meg Egan
ICSV - (15:30-15:59 PDT) - Power Flow 101 for hackers and analysts - Stefan Stephenson-Moe
ICSV - cont...(10:00-17:59 PDT) - CISA and Idaho National Lab Escape Room -
ICSV - cont...(10:00-17:59 PDT) - Fantom5 SeaTF CTF -
ICSV - cont...(10:00-17:59 PDT) - Hack the Plan[e]t CTF -
ICSV - cont...(10:00-17:59 PDT) - DDS Hack-the-Microgrid -
ICSV - cont...(13:00-16:59 PDT) - Maritime Hacking Boundary Adventure -
IOTV - cont...(10:00-17:59 PDT) - IoT Village CTF Challenges -
IOTV - cont...(10:00-17:59 PDT) - Hands on hacking labs -
IOTV - cont...(10:00-17:59 PDT) - Hands on Hardware Hacking – eMMC to Root - Deral Heiland
IOTV - cont...(10:00-17:59 PDT) - Drone Hack -
LPV - (15:30-15:45 PDT) - Handcuffs and how they work - Steven Collins
MIV - cont...(14:30-15:59 PDT) - Multi-Stakeholder Online Harm Threat Analysis - Jennifer Mathieu
MIV - cont...(14:30-15:59 PDT) - FARA and DOJ’s Approach to Disinformation - Adam Hickey
MIV - cont...(14:30-15:59 PDT) - Fireside Chat - Adam Hickey,Jennifer Mathieu
PHV - cont...(10:00-17:59 PDT) - Packet Inspector -
PHV - cont...(10:00-17:59 PDT) - Packet Detective -
PHV - cont...(10:00-17:59 PDT) - Honey Pot Workshop -
PHV - cont...(10:00-17:59 PDT) - NetworkOS Workshop -
PHV - cont...(10:00-17:59 PDT) - RegEx Trainer -
PHV - cont...(10:00-17:59 PDT) - Linux Trainer -
PHV - cont...(10:00-17:59 PDT) - Botnet Workshop -
PHV - cont...(10:00-17:59 PDT) - HardWired -
PHV - cont...(10:00-17:59 PDT) - Wall of Sheep -
PLV - cont...(14:00-15:59 PDT) - Meet the Feds: ONCO Edition
PLV - cont...(14:00-15:45 PDT) - Emerging Technical Cyber Policy Topics - Kurt Opsahl,Luiz Eduardo,Yan Shoshitaishvili,Yan Zhu
PLV - cont...(14:00-15:45 PDT) - Emerging Cybersecurity Policy Topics
PSV - cont...(10:00-17:59 PDT) - Physical Security Village -
PSV - (15:30-15:59 PDT) - Elevators 101 - Karen Ng
QTV - Debate - QKD -
QTV - (15:30-16:30 PDT) - Quantum Hardware Hacking - Mark C
RCV - The Bug Hunters Methodology – Application Analysis Edition v1.5 - JHaddix
RCV - (15:50-16:25 PDT) - The Richest Phisherman in Colombia - Nick Ascoli
RFV - cont...(10:00-17:59 PDT) - SpaceX & Starlink Satellite Internet - Starlink
RFV - cont...(10:00-17:59 PDT) - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
RFV - cont...(14:30-15:30 PDT) - Have a Software Defined Radio? - Design and make your own antennas - Erwin
RFV - (15:30-15:59 PDT) - WIPS/WIDS Evasion for Rogue Access Points - Eric Escobar
RHV - Mitigating vulnerabilities in two-factor authentication in preventing account takeover - Larsbodian
ROV - (15:30-16:30 PDT) - Secrets of an Advantage Player - RxGamble
RTV - cont...(12:00-15:59 PDT) - Dip Your Toes in Infrastructure Testing: A Hands on Workshop Focusing on the Things CTF's Don't Teach - Andrew Sutters,Jules Rigaudie
RTV - Cyber Resilience Bootcamp - Ron Taylor
RTV - HackerOps - Ralph May
RTV - Hacking WebApps with WebSploit Labs - Omar Santos
RTV - OSINT Skills Lab Challenge - Lee McWhorter,Sandra Stibbards
SEV - cont...(09:00-17:59 PDT) - Heroes vs Villians, a SEC Youth Challenge -
SEV - cont...(13:00-15:59 PDT) - Vishing Competition (SECVC) - LIVE CALLS -
SKY - cont...(14:55-15:45 PDT) - Cloud Threat Actors: No longer cryptojacking for fun and profit - Nathaniel Quist
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - (15:30-16:30 PDT) - EFF: Reproductive Justice in the Age of Surveillance - Corynne McSherry,Daly Barnett,India McKinney,Kate Bertash
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
TEV - cont...(10:00-17:59 PDT) - Learn at Tamper-Evident Village -
WS - cont...(14:00-17:59 PDT) - Hacking the Metal 2: Hardware and the Evolution of C Creatures - Eigentourist
WS - cont...(14:00-17:59 PDT) - Hand On Mainframe Buffer Overflows - RCE Edition - Jake Labelle,Phil Young
WS - cont...(14:00-17:59 PDT) - Securing Industrial Control Systems from the core: PLC secure coding practices - Alexandrine Torrents,Arnaud Soullie
WS - cont...(14:00-17:59 PDT) - FROM ZERO TO HERO IN A BLOCKCHAIN SECURITY - Dikla Barda,Oded Vanunu,Roman Zaikin
WS - cont...(14:00-17:59 PDT) - Securing Smart Contracts - Elizabeth Biddlecome,Sam Bowne,Irvin Lemus,Kaitlyn Handleman
Friday - 16:00 PDT
Return to Index - Locations Legend
AIV - Panel: AI and Hiring Tech - Rachel See
APV - cont...(14:45-16:45 PDT) - Hands-on threat modeling - Chris Romeo
ASV - cont...(09:00-16:59 PDT) - California CyberSecurity Institute Space Grand Challenge -
ASV - cont...(10:00-16:59 PDT) - Amazon Web Services Aerospace and Satellite Jam -
ASV - cont...(10:00-16:59 PDT) - Hack the Airfield with DDS -
ASV - cont...(10:00-16:59 PDT) - Satellite Eavesdropping with DDS -
ASV - cont...(10:00-16:59 PDT) - Hack the Airport with Intelligenesis -
ASV - cont...(10:00-16:59 PDT) - Hack-A-Sat Digital Twin Workshop -
ASV - cont...(12:00-16:59 PDT) - Hack-A-Sat Aerospace PiSat Challenge -
ASV - Pen Test Partner Power Hour - Alex Lomas,Ken Munro
AVV - cont...(11:30-17:30 PDT) - Adversary Wars CTF -
AVV - cont...(14:30-17:30 PDT) - Adversary Booth - Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee
AVV - cont...(15:00-16:59 PDT) - Building Adversary Chains Like an Operator - David Hunt,Stephan Wampouille
BHV - (16:30-17:59 PDT) - Medical Device Hacking: A hands on introduction - Malcolm Galland,Caleb Davis,Carolyn Majane,Matthew Freilich,Nathan Smith
BICV - The Last Log4Shell Talk You Need - Ochuan Marshall
BTV - Take Your Security Skills From Good to Better to Best! - Tanisha O'Donoghue,Kimberly Mentzell,Neumann Lim (scsideath),Tracy Z. Maleeff,Ricky Banda
BTV - cont...(15:30-16:30 PDT) - Malware Hunting - Discovering techniques in PDF malicious - Filipi Pires
BTV - (16:45-16:59 PDT) - YARA Rules to Rule them All - Saurabh Chaudhary
CHV - (16:30-16:59 PDT) - canTot - a CAN Bus Hacking Framework to Compile Fun Hacks and Vulnerabilities - Jay Turla
CLV - cont...(15:00-16:59 PDT) - Prowler Open Source Cloud Security: A Deep Dive Workshop - Toni de la Fuente
CON - cont...(10:30-18:30 PDT) - Capture The Packet Preliminaries -
CON - cont...(10:00-17:59 PDT) - IoT Village CTF (the CTF formally known as SOHOplessly Broken) -
CON - cont...(10:00-17:30 PDT) - Car Hacking Village CTF -
CON - cont...(10:00-19:59 PDT) - DARKNET-NG -
CON - cont...(10:00-17:59 PDT) - pTFS Presents: Mayhem Industries - Outside the Box -
CON - cont...(10:00-17:59 PDT) - DEF CON’s Next Top Threat Model -
CON - cont...(10:00-19:59 PDT) - DC30 Ham Radio Fox Hunt Contest -
CON - cont...(10:00-16:59 PDT) - Red Team Village CTF Qualifiers Part 1 -
CON - cont...(10:00-17:59 PDT) - Crash and Compile - Qualifications -
CON - cont...(10:00-17:59 PDT) - Trace Labs OSINT Search Party CTF - Sign-ups -
CON - cont...(10:00-17:59 PDT) - CMD+CTRL -
CON - cont...(12:00-17:59 PDT) - Red Alert ICS CTF -
CON - cont...(10:00-17:59 PDT) - Hospital Under Siege -
CON - cont...(10:00-19:59 PDT) - Kubernetes Capture The Flag -
CPV - Once More Unto the Breach: Federal Regulators' Response to Privacy Breaches and Consumer Harms - Alexis Goldstein,Erie Meyer
CPV - (16:45-17:30 PDT) - Owned or pwned? No peekin' or tweakin'! - Nick Vidal,Richard Zak
DC - Wireless Keystroke Injection (WKI) via Bluetooth Low Energy (BLE) - Jose Pico,Fernando Perera
DC - cont...(15:30-16:15 PDT) - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling - James Kettle
DC - (16:30-17:15 PDT) - A dead man’s full-yet-responsible-disclosure system - Yolan Romailler
DC - cont...(08:00-18:59 PDT) - Human Registration Open
DC - Hacking ISPs with Point-to-Pwn Protocol over Ethernet (PPPoE) - Gal Zror
DC - cont...(15:30-16:15 PDT) - How Russia is trying to block Tor - Roger Dingledine
DC - (16:30-17:15 PDT) - The Internet’s role in sanctions enforcement: Russia/Ukraine and the future - Bill Woodcock
DC - cont...(10:00-17:59 PDT) - Vendor Area Open -
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
DC - cont...(10:00-17:59 PDT) - Memorial Room Open -
DC - cont...(10:00-17:59 PDT) - Village Areas Open (Generally) -
DCGVR - Pwning Lazy Admins - Jabbles
DDV - cont...(10:00-16:59 PDT) - DDV open and accepting drives for duplication -
GHV - cont...(15:00-16:30 PDT) - Workshop: Network Penetration Testing w HyperQube - Craig Stevenson,Kevin Chapman,Makayla Ferrell,Tennisha Martin
GHV - (16:30-16:59 PDT) - TBD - Slammer Musuta
HHV - cont...(10:00-17:59 PDT) - Solder Skills Village - Open
HHV - cont...(10:00-17:59 PDT) - Hardware Hacking Village - Open
ICSV - Research and Deliverables on Utilizing an Academic Hub and Spoke Model to Create a National Network of ICS Institutes - Casey O'Brien
ICSV - cont...(10:00-17:59 PDT) - CISA and Idaho National Lab Escape Room -
ICSV - cont...(10:00-17:59 PDT) - Fantom5 SeaTF CTF -
ICSV - cont...(10:00-17:59 PDT) - Hack the Plan[e]t CTF -
ICSV - cont...(10:00-17:59 PDT) - DDS Hack-the-Microgrid -
ICSV - cont...(13:00-16:59 PDT) - Maritime Hacking Boundary Adventure -
IOTV - cont...(10:00-17:59 PDT) - IoT Village CTF Challenges -
IOTV - cont...(10:00-17:59 PDT) - Hands on hacking labs -
IOTV - cont...(10:00-17:59 PDT) - Hands on Hardware Hacking – eMMC to Root - Deral Heiland
IOTV - cont...(10:00-17:59 PDT) - Drone Hack -
LPV - Intro to Lockpicking - TOOOL
MIV - Tracking Scams and Disinformation by Hacking Link Shorteners - Justin Rhinehart,Sam Curry
MIV - History of Russian Cyber & Information Warfare (2007-Present) - Ryan Westman
MIV - History of the weaponization of social media - Gina Rosenthal
MIV - Information Confrontation 2022 - A loud war and a quiet enemy - Luke Richards (Wbbigdave)
PHV - cont...(10:00-17:59 PDT) - Packet Inspector -
PHV - cont...(10:00-17:59 PDT) - Packet Detective -
PHV - cont...(10:00-17:59 PDT) - Honey Pot Workshop -
PHV - cont...(10:00-17:59 PDT) - NetworkOS Workshop -
PHV - cont...(10:00-17:59 PDT) - RegEx Trainer -
PHV - cont...(10:00-17:59 PDT) - Linux Trainer -
PHV - cont...(10:00-17:59 PDT) - Botnet Workshop -
PHV - cont...(10:00-17:59 PDT) - HardWired -
PHV - cont...(10:00-17:59 PDT) - Wall of Sheep -
PLV - Election Security Bridge Building - Michael Ross,Jack Cable,Trevor Timmons
PLV - Moving Regulation Upstream - An Increasing focus on the Role of Digital Service Providers - Jen Ellis,Adam Dobell,Irfan Hemani
PSV - cont...(10:00-17:59 PDT) - Physical Security Village -
QTV - cont...(15:30-16:30 PDT) - Quantum Hardware Hacking - Mark C
QTV - (16:30-17:30 PDT) - PQC in the Real World - James Howe
RCV - cont...(15:50-16:25 PDT) - The Richest Phisherman in Colombia - Nick Ascoli
RCV - (16:25-17:10 PDT) - Scanning your way into internal systems via URLScan - Rojan Rijal
RFV - cont...(10:00-17:59 PDT) - SpaceX & Starlink Satellite Internet - Starlink
RFV - cont...(10:00-17:59 PDT) - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
RFV - A Telco Odyssey. 5G SUCI-Cracker & SCTP-Hijacker - Miguel Gallego Vara,Pedro Cabrera
ROV - cont...(15:30-16:30 PDT) - Secrets of an Advantage Player - RxGamble
RTV - HackerOps - Ralph May
RTV - Hacking APIs: How to break the chains of the web - Corey Ball
RTV - Hacking WebApps with WebSploit Labs - Omar Santos
RTV - OSINT Skills Lab Challenge - Lee McWhorter,Sandra Stibbards
SEV - cont...(09:00-17:59 PDT) - Heroes vs Villians, a SEC Youth Challenge -
SEV - (16:30-16:59 PDT) - Social Engineering the People you Love - Micah Turner
SKY - Automated Trolling for Fun and No Profit - burninator
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - Queercon Mixer -
SOC - cont...(15:30-16:30 PDT) - EFF: Reproductive Justice in the Age of Surveillance - Corynne McSherry,Daly Barnett,India McKinney,Kate Bertash
SOC - DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup -
SOC - DEF CON Holland DC3115 & DC3120 Group Meetup -
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
TEV - cont...(10:00-17:59 PDT) - Learn at Tamper-Evident Village -
VMV - Open Source Zero Trust Security using Ory Keto - Patrik Neu
WS - cont...(14:00-17:59 PDT) - Hacking the Metal 2: Hardware and the Evolution of C Creatures - Eigentourist
WS - cont...(14:00-17:59 PDT) - Hand On Mainframe Buffer Overflows - RCE Edition - Jake Labelle,Phil Young
WS - cont...(14:00-17:59 PDT) - Securing Industrial Control Systems from the core: PLC secure coding practices - Alexandrine Torrents,Arnaud Soullie
WS - cont...(14:00-17:59 PDT) - FROM ZERO TO HERO IN A BLOCKCHAIN SECURITY - Dikla Barda,Oded Vanunu,Roman Zaikin
WS - cont...(14:00-17:59 PDT) - Securing Smart Contracts - Elizabeth Biddlecome,Sam Bowne,Irvin Lemus,Kaitlyn Handleman
Friday - 17:00 PDT
Return to Index - Locations Legend
AVV - cont...(11:30-17:30 PDT) - Adversary Wars CTF -
AVV - cont...(14:30-17:30 PDT) - Adversary Booth - Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee
AVV - (17:15-17:15 PDT) - Assessing Cyber Security ROI: Adversary simulation and Purple teaming - Ben Opel,Bryson Bort,Itzik Kotler,Joe Vest
BHV - cont...(16:30-17:59 PDT) - Medical Device Hacking: A hands on introduction - Malcolm Galland,Caleb Davis,Carolyn Majane,Matthew Freilich,Nathan Smith
BTV - Blue Teaming Cloud: Security Engineering for Cloud Forensics & Incident Response - John Orleans,Misstech,Cassandra Young (muteki),KyleHaxWhy
CHV - CANalyse 2.0 : A vehicle network analysis and attack tool. - Kartheek Lade (@0xh3nry),Rahul J
CON - cont...(10:30-18:30 PDT) - Capture The Packet Preliminaries -
CON - cont...(10:00-17:59 PDT) - IoT Village CTF (the CTF formally known as SOHOplessly Broken) -
CON - cont...(10:00-17:30 PDT) - Car Hacking Village CTF -
CON - cont...(10:00-17:59 PDT) - CMD+CTRL -
CON - cont...(10:00-19:59 PDT) - DARKNET-NG -
CON - cont...(10:00-17:59 PDT) - pTFS Presents: Mayhem Industries - Outside the Box -
CON - cont...(10:00-17:59 PDT) - DEF CON’s Next Top Threat Model -
CON - cont...(10:00-19:59 PDT) - DC30 Ham Radio Fox Hunt Contest -
CON - cont...(10:00-17:59 PDT) - Crash and Compile - Qualifications -
CON - cont...(10:00-17:59 PDT) - Trace Labs OSINT Search Party CTF - Sign-ups -
CON - cont...(12:00-17:59 PDT) - Red Alert ICS CTF -
CON - EFF Tech Trivia -
CON - Hack Fortress -
CON - cont...(10:00-17:59 PDT) - Hospital Under Siege -
CON - cont...(10:00-19:59 PDT) - Kubernetes Capture The Flag -
CPV - cont...(16:45-17:30 PDT) - Owned or pwned? No peekin' or tweakin'! - Nick Vidal,Richard Zak
CPV - (17:30-17:59 PDT) - [T]OTPs are not as secure as you might believe - Santiago Kantorowicz
DC - Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS - Orange Tsai
DC - cont...(16:30-17:15 PDT) - A dead man’s full-yet-responsible-disclosure system - Yolan Romailler
DC - (17:30-17:50 PDT) - Deanonymization of TOR HTTP hidden services - Ionut Cernica
DC - cont...(08:00-18:59 PDT) - Human Registration Open
DC - Hunting Bugs in The Tropics - Daniel Jensen
DC - cont...(16:30-17:15 PDT) - The Internet’s role in sanctions enforcement: Russia/Ukraine and the future - Bill Woodcock
DC - (17:30-18:15 PDT) - Walk This Way: What Run D.M.C. and Aerosmith Can Teach Us About the Future of Cybersecurity - Jen Easterly,The Dark Tangent
DC - cont...(10:00-17:59 PDT) - Vendor Area Open -
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
DC - cont...(10:00-17:59 PDT) - Memorial Room Open -
DC - cont...(10:00-17:59 PDT) - Village Areas Open (Generally) -
DCGVR - Starting Threat Hunting with MITRE ATT&CK Framework - Shellt3r
GHV - Imposter Syndrome- The Silent Killer of Motivation - Melissa Miller
GHV - (17:30-17:59 PDT) - Hidden Payloads in Cyber Security - Chantel Sims aka Root
HHV - cont...(10:00-17:59 PDT) - Solder Skills Village - Open
HHV - cont...(10:00-17:59 PDT) - Hardware Hacking Village - Open
ICSV - Why aren’t you automating? - Don C.Weber
ICSV - (17:30-17:59 PDT) - Stop worrying about Nation-States and Zero-Days; let's fix things that have been known for years! - Vivek Ponnada
ICSV - cont...(10:00-17:59 PDT) - CISA and Idaho National Lab Escape Room -
ICSV - cont...(10:00-17:59 PDT) - Fantom5 SeaTF CTF -
ICSV - cont...(10:00-17:59 PDT) - Hack the Plan[e]t CTF -
ICSV - cont...(10:00-17:59 PDT) - DDS Hack-the-Microgrid -
IOTV - cont...(10:00-17:59 PDT) - IoT Village CTF Challenges -
IOTV - cont...(10:00-17:59 PDT) - Hands on hacking labs -
IOTV - cont...(10:00-17:59 PDT) - Hands on Hardware Hacking – eMMC to Root - Deral Heiland
IOTV - cont...(10:00-17:59 PDT) - Drone Hack -
PHV - cont...(10:00-17:59 PDT) - Packet Inspector -
PHV - cont...(10:00-17:59 PDT) - Packet Detective -
PHV - cont...(10:00-17:59 PDT) - Honey Pot Workshop -
PHV - cont...(10:00-17:59 PDT) - NetworkOS Workshop -
PHV - cont...(10:00-17:59 PDT) - RegEx Trainer -
PHV - cont...(10:00-17:59 PDT) - Linux Trainer -
PHV - cont...(10:00-17:59 PDT) - Botnet Workshop -
PHV - cont...(10:00-17:59 PDT) - HardWired -
PHV - cont...(10:00-17:59 PDT) - Wall of Sheep -
PLV - cont...(16:00-17:45 PDT) - Election Security Bridge Building - Michael Ross,Jack Cable,Trevor Timmons
PLV - cont...(16:00-17:45 PDT) - Moving Regulation Upstream - An Increasing focus on the Role of Digital Service Providers - Jen Ellis,Adam Dobell,Irfan Hemani
PSV - cont...(10:00-17:59 PDT) - Physical Security Village -
PSV - Physical Security Bypasses - redteamwynns
QTV - cont...(16:30-17:30 PDT) - PQC in the Real World - James Howe
RCV - cont...(16:25-17:10 PDT) - Scanning your way into internal systems via URLScan - Rojan Rijal
RFV - cont...(10:00-17:59 PDT) - SpaceX & Starlink Satellite Internet - Starlink
RFV - cont...(10:00-17:59 PDT) - DEFCON Demonstrations and Presentations by Open Research Institute at RF Village - Open Research Institute
RFV - When you're too competitive for your own good - D4rkm4tter,El Kentaro,Grim0us
ROV - DIY Restraint Breaking - Zac
SEV - cont...(09:00-17:59 PDT) - Heroes vs Villians, a SEC Youth Challenge -
SEV - Phishing with Empathy: Running Successful Phishing Campaigns without Making Enemies and Irritating People - Brian Markham,SooYun Chung
SEV - (17:30-17:59 PDT) - Socially Engineering the Social Engineers: Understanding Phishing Threats by Engaging with Actors - Crane Hassold
SKY - Deadly Russian Malware in Ukraine - Chris Kubecka
SOC - Meet the Digital Lab at Consumer Reports -
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(16:00-17:59 PDT) - Queercon Mixer -
SOC - cont...(16:00-18:59 PDT) - DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup -
SOC - Friends of Bill W -
SOC - cont...(16:00-18:59 PDT) - DEF CON Holland DC3115 & DC3120 Group Meetup -
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SOC - cont...(09:00-17:59 PDT) - Chillout Lounge (with entertainment) - djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
TEV - cont...(10:00-17:59 PDT) - Learn at Tamper-Evident Village -
WS - cont...(14:00-17:59 PDT) - Hacking the Metal 2: Hardware and the Evolution of C Creatures - Eigentourist
WS - cont...(14:00-17:59 PDT) - Hand On Mainframe Buffer Overflows - RCE Edition - Jake Labelle,Phil Young
WS - cont...(14:00-17:59 PDT) - Securing Industrial Control Systems from the core: PLC secure coding practices - Alexandrine Torrents,Arnaud Soullie
WS - cont...(14:00-17:59 PDT) - FROM ZERO TO HERO IN A BLOCKCHAIN SECURITY - Dikla Barda,Oded Vanunu,Roman Zaikin
WS - cont...(14:00-17:59 PDT) - Securing Smart Contracts - Elizabeth Biddlecome,Sam Bowne,Irvin Lemus,Kaitlyn Handleman
Friday - 18:00 PDT
Return to Index - Locations Legend
CON - cont...(10:30-18:30 PDT) - Capture The Packet Preliminaries -
CON - cont...(10:00-19:59 PDT) - DARKNET-NG -
CON - cont...(10:00-19:59 PDT) - DC30 Ham Radio Fox Hunt Contest -
CON - cont...(17:00-19:59 PDT) - EFF Tech Trivia -
CON - cont...(10:00-19:59 PDT) - Kubernetes Capture The Flag -
DC - Pulling Passwords out of Configuration Manager: Practical Attacks against Microsoft's Endpoint Management Software - Christopher Panayi
DC - Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware - Jay Lagorio
DC - cont...(08:00-18:59 PDT) - Human Registration Open
DC - Killer Hertz - Chris Rock
DC - cont...(17:30-18:15 PDT) - Walk This Way: What Run D.M.C. and Aerosmith Can Teach Us About the Future of Cybersecurity - Jen Easterly,The Dark Tangent
DC - (18:30-18:50 PDT) - Dragon Tails: Supply-side Security and International Vulnerability Disclosure Law - Trey Herr,Stewart Scott
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
DCGVR - When (Fire)Fox Gets Angry! A Web Browser for Red Teamers - sidepocket
SEV - Ethics, morality & the law -
SOC - cont...(17:00-19:59 PDT) - Meet the Digital Lab at Consumer Reports -
SOC - Black & White Ball - Entertainment - Biolux,Dual Core,Icetre Normal,Keith Meyers,Magician Kody Hildebrand,Miss Jackalope,n0x08,Skittish & Bus
SOC - cont...(16:00-18:59 PDT) - DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup -
SOC - cont...(16:00-18:59 PDT) - DEF CON Holland DC3115 & DC3120 Group Meetup -
SOC - (18:30-21:30 PDT) - Girls Hack Village Meetup: Shoot Your Shot Networking Event -
SOC - Lawyers Meet -
Friday - 19:00 PDT
Return to Index - Locations Legend
CON - cont...(10:00-19:59 PDT) - DARKNET-NG -
CON - cont...(10:00-19:59 PDT) - DC30 Ham Radio Fox Hunt Contest -
CON - cont...(17:00-19:59 PDT) - EFF Tech Trivia -
CON - cont...(10:00-19:59 PDT) - Kubernetes Capture The Flag -
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
PLV - Fireside Policy Chats - Leonard Bailey
PLV - Meet the Feds: CISA Edition (Lounge) - CISA Staff
SOC - cont...(17:00-19:59 PDT) - Meet the Digital Lab at Consumer Reports -
SOC - (19:30-01:59 PDT) - Hacker Karaoke -
SOC - cont...(18:30-21:30 PDT) - Girls Hack Village Meetup: Shoot Your Shot Networking Event -
Friday - 20:00 PDT
Return to Index - Locations Legend
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
PLV - cont...(19:00-20:15 PDT) - Fireside Policy Chats - Leonard Bailey
PLV - (20:30-21:45 PDT) - Fireside Policy Chats - Gaurav Keerthi
PLV - Meet the Feds: DHS Edition (Lounge) - DHS Staff
SOC - Movie Night Double Feature - Arrival & Real Genius -
SOC - Hacker Jeopardy -
SOC - Pilots and Hackers Meetup -
SOC - cont...(18:30-21:30 PDT) - Girls Hack Village Meetup: Shoot Your Shot Networking Event -
SOC - BlueTeam Village Party -
Friday - 21:00 PDT
Return to Index - Locations Legend
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
PLV - cont...(20:30-21:45 PDT) - Fireside Policy Chats - Gaurav Keerthi
PLV - cont...(20:00-21:59 PDT) - Meet the Feds: DHS Edition (Lounge) - DHS Staff
SOC - cont...(20:00-23:59 PDT) - Movie Night Double Feature - Arrival & Real Genius -
SOC - cont...(20:00-21:59 PDT) - Hacker Jeopardy -
SOC - cont...(20:00-21:59 PDT) - Pilots and Hackers Meetup -
SOC - GOTHCON (#DCGOTHCON) -
SOC - Hallway Monitor Party - Entertainment - CaptHz,DJ Scythe,DJ UNIT 77 [ 0077 : 0077 ],Magik Plan,Tense Future
SOC - cont...(18:30-21:30 PDT) - Girls Hack Village Meetup: Shoot Your Shot Networking Event -
SOC - cont...(20:00-22:59 PDT) - BlueTeam Village Party -
Friday - 22:00 PDT
Return to Index - Locations Legend
DC - cont...(08:00-22:59 PDT) - Lost and Found Department Open (Generally) -
SOC - cont...(20:00-23:59 PDT) - Movie Night Double Feature - Arrival & Real Genius -
SOC - Queercon Party -
SOC - cont...(20:00-22:59 PDT) - BlueTeam Village Party -
Friday - 23:00 PDT
Return to Index - Locations Legend
SOC - cont...(20:00-23:59 PDT) - Movie Night Double Feature - Arrival & Real Genius -
Talk/Event Descriptions
AVV - Friday - 11:30-12:15 PDT
Title: 'Damn the exploits! Full speed ahead!' How naval fleet tactics redefine cyber operations
When: Friday, Aug 12, 11:30 - 12:15 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
SpeakerBio:Christopher Cottrell
, Threat Operations Leader
Christopher Cottrell is a Threat Operations leader at Nvidia. By failing upwards into management after 10 years of being a red team operator for the government, he focuses on strategy, tactics, and philosophy the same way he applied himself to being a tactical operator. By taking a step back from the keyboard, he has discovered pitfalls that cyber teams are heading towards and is working on strategies to help the community avoid them. Christopher enjoys helping inspire others to be their best selves through writing papers on cyber philosophy, or by creating programs to give opportunities to break into cyber. He presented the red team development program at DEF CON 28 in the Red Team Village, titled ""Guerilla Red Team: Decentralize the Adversary"", and served on a joint panel at DEF CON 29 between the Red Team Village and the AI Village discussing the evolution of offensive security as AI/ML becomes more prevalent in the threat landscape. Christopher has published quality of life tools for Cobalt Strike (Deckbuilder, Quickrundown) and C2 tools for securely exfiling secret keys (Catcher). However his proudest achievement is serving daily as a husband and father to people who will forever be greater than himself.
Description:
The Naval Fleet: a symphony of specialized assets working together to complete a goal. Fleet doctrine and tactics were upended in the early 1900s when two new classes of ships were introduced: the carrier and the submarine. Looking at the past 20 years of cyber doctrine, new classes of capabilities were introduced: the red team and the hunt team. But unlike modern fleets, cyber teams are not properly incorporating these new assets to great effect, squandering the potential of the capability. The assets are leashed when they should be unleashed. By studying the unique capabilities of ships in a fleet and pairing them with a cyber discipline, we unlock countless real world examples of naval warfare tactics, battles, and strategy that can be applied to cyber and freeing the true potential of each cyber element. Like the critical evolution of the modern fleet from Battleship centric to Carrier centric, modern cyber teams are past due to make the same evolution from SOC centric, to Hunt centric.
Return to Index - Add to
- ics Calendar file
BICV - Friday - 12:00-12:30 PDT
Title: "The Man" in the Middle
When: Friday, Aug 12, 12:00 - 12:30 PDT
Where: Virtual - BIC Village
SpeakerBio:Alexis Hancock
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
RCV - Friday - 11:35-11:59 PDT
Title: (Not-So-Secret) Tunnel: Digging into Exposed ngrok Endpoints
When: Friday, Aug 12, 11:35 - 11:59 PDT
Where: LINQ - 3rd flr - Social B and C (Recon Village) - Map
SpeakerBio:Eugene Lim
, Cybersecurity Specialist, Government Technology Agency of Singapore
Eugene (spaceraccoon) hacks for good! At GovTech Singapore, he protects citizen data and government systems through security research. He also develops SecOps integrations to secure code at scale. He recently reported remote code execution vulnerabilities in Microsoft Office and Apache OpenOffice and discussed defensive coding techniques he observed from hacking Synology Network Attached Storage devices at ShmooCon.
As a bug hunter, he helps secure products globally, from Amazon to Zendesk. In 2021, he was selected from a pool of 1 million registered hackers for HackerOne's H1-Elite Hall of Fame. Besides bug hunting, he builds security tools, including a malicious npm package scanner and a social engineering honeypot that were presented at Black Hat Arsenal. He writes about his research on https://spaceraccoon.dev.
He enjoys tinkering with new technologies. He presented "Hacking Humans with AI as a Service" at DEF CON 29 and attended IBM's Qiskit Global Quantum Machine Learning Summer School.
Twitter: @spaceraccoonsec
Description:
ngrok is a popular developer tool to expose local ports to the internet, which can be helpful when testing applications or private network devices. Despite the large reconnaissance surface for development environments exposed by ngrok, most security research has focused on offensive applications for ngrok, such as (https://www.huntress.com/blog/abusing-ngrok-hackers-at-the-end-of-the-tunnel). Instead, I will focus on two new reconnaissance vectors: 1. ngrok domain squatting; and 2. ngrok tunnel enumeration.
By default, ngrok HTTP tunnels exposes HTTP traffic via randomly-generated *.ngrok.io endpoints such as https://5e9c5373ffed.ngrok.io. These subdomains can be harvested from a variety of OSINT sources, such as GitHub repositories, documentation, StackOverflow answers, and “how-to” blogposts. Unfortunately, paid ngrok users can select any *.ngrok.io subdomain for their tunnels, allowing them to squat on these subdomains in wait for unsuspecting users copy-pasting commands that use these hard-coded “random” endpoints. I will show examples of squatting that yielded interesting webhook callbacks and leaked information.
ngrok also allows users to create TCP tunnels which are exposed via ports 10000-20000 on *.tcp.ngrok.io. Due to the ease of enumerating these values as compared to HTTP tunnels, users can easily map out the entire ngrok TCP tunnel space. This unveiled a house of horrors, from Jenkins dashboards to even VNC and MySQL servers that allowed anonymous access! I will share a statistical breakdown of one such mapping that clearly shows that ngrok users may have been far too reliant on security by obscurity.
I will conclude by sharing some tips on using ngrok safely through built-in authentication options and domain reservation. I will also share real-life examples of ngrok endpoints popping up in production code, further highlighting the potential of ngrok as a reconnaissance source.
Return to Index - Add to
- ics Calendar file
CPV - Friday - 17:30-17:59 PDT
Title: [T]OTPs are not as secure as you might believe
When: Friday, Aug 12, 17:30 - 17:59 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
SpeakerBio:Santiago Kantorowicz
Santiago is a Staff Security Engineer at Twilio, with 14 years of experience in cybersecurity. He worked for 6 years securing and designing OTP and TOTP products, such as Authy and Twilio Verify. He is currently dedicated to securing Twilio Voice and video products along with Twilio Edge infrastructure. He started his cybersecurity journey doing Pen Test for 5 years, and then moved to MercadoLibre to kickstart the Appsec deparment. During his journey he discovered pasion for other topics and worked on non-security roles such as a Product Manager and as a Product Architect.
Description:
You likely receive OTPs (one-time-passwords) all the time, usually in the form of an SMS with a 4 to 8 digit code in it. Pretty common when you sign-in (or register) to Uber, your bank, Whatsapp, etc. The most adopted OTP size is 6 digits, and we just accept that it's hard to guess, after all it's 1 in a million chance, and leave it there. Some may wonder, what if get a new OTP after the first one expires, assuming it's another 1 in a million chance, and forget about it. When you calculate the actual chance of guessing an OTP one after the other, the odds are NOT 1 in a million. You will be surprised how the probabilities spiral once you start thinking of brute forcing OTPs one after the other, and what about parallelising the brute force among different users, the surprise is even bigger.
Return to Index - Add to
- ics Calendar file
BHV - Friday - 10:30-10:59 PDT
Title: A Capitalist approach to hospital security
When: Friday, Aug 12, 10:30 - 10:59 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map
SpeakerBio:Eirick Luraas
Eirick spends his days discovering and mitigating vulnerabilities, occasionally doing Incident Response, and once in a while tracking down bad actors. Sometimes he gets to compromise systems to show Executives that Hospitals are horribly insecure.
Eirick earned a Master's Degree in Cybersecurity, and he has spoken several times about the dangers technology creates in healthcare. Eirick helps bring awareness of the risks we are unknowingly taking every time we visit a Hosptial and works every day to reduce those dangers.
Eirick grew up in Montana and lived in Panama during his military service. He bounced around a few states in the US. He recently relocated to Tucson, Az where he is rediscovering his passion for photography. You can follow Eirick on twitter @tyercel.
Twitter: @tyercel
Description:No Description available
Return to Index - Add to
- ics Calendar file
DC - Friday - 16:30-17:15 PDT
Title: A dead man’s full-yet-responsible-disclosure system
When: Friday, Aug 12, 16:30 - 17:15 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
SpeakerBio:Yolan Romailler
, Applied Cryptographer
Yolan is an applied cryptographer delving into (and mostly dwelling on) cryptography, secure coding, and other fun things. He has previously spoken at Black Hat USA, BSidesLV, Cryptovillage, NorthSec, GopherConEU and DEF CON on topics including automation in cryptography, public keys vulnerabilities, elliptic curves, post-quantum cryptography, functional encryption, open source security, and more! He notably introduced the first practical fault attack against the EdDSA signature scheme, and orchestrated the full-disclosure with code of the CurveBall vulnerability.
Description:
Do you ever worry about responsible disclosure because they could instead exploit the time-to-patch to find you and remove you from the equation? Dead man switches exist for a reason...
In this talk we present a new form of vulnerability disclosure relying on timelock encryption of content: where you encrypt a message that cannot be decrypted until a given (future) time. This notion of timelock encryption first surfaced on the Cypherpunks mailing list in 1993 by the crypto-anarchist founder, Tim May, and to date while there have been numerous attempts to tackle it, none have been deployed at scale, nor made available to be used in any useful way.
This changes today: we’re releasing a free, open-source tool that achieves this goal with proper security guarantees. We rely on threshold cryptography and decentralization of trust to exploit the existing League of Entropy (that is running a distributed, public, verifiable randomness beacon network) in order to do so. We will first cover what all of these means, we will then see how these building blocks allow us to deploy a responsible disclosure system that guarantees that your report will be fully disclosed after the time-to-patch has elapsed. This system works without any further input from you, unlike the usual Twitter SHA256 commitments to a file on your computer.
Return to Index - Add to
- ics Calendar file
DC - Friday - 13:30-14:15 PDT
Title: A Policy Fireside Chat with Jay Healey
When: Friday, Aug 12, 13:30 - 14:15 PDT
Where: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
Speakers:Jason Healey,Fahmida Rashid
SpeakerBio:Jason Healey
, Senior Research Scholar
No BIO available
SpeakerBio:Fahmida Rashid
, Managing Editor of Features
No BIO available
Description:
In this fireside chat, Jason Healey (w0nk) will talk about the earliest days of information security and hacking, back in 1970s, where we’ve come since, and the future role of security researchers and hackers. This year is not just the 30th DEF CON but the 50th anniversary of the first realizations that hackers (red teams) will almost always succeed. Jason will reflect on the lessons for information security and hacking and explore if we have any chance of getting blue better than red. Unless we make substantial changes, our kids will be coming to DEF CON 60 without much left of a global, resilient Internet.
Return to Index - Add to
- ics Calendar file
DC - Friday - 11:30-12:15 PDT
Title: A Policy Fireside Chat with the National Cyber Director
When: Friday, Aug 12, 11:30 - 12:15 PDT
Where: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
Speakers:Kim Zetter,Chris Inglis
SpeakerBio:Kim Zetter
No BIO available
SpeakerBio:Chris Inglis
, National Cyber Director at the White House
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
PT - Monday - 09:00-16:59 PDT
Title: A Practical Approach to Breaking & Pwning Kubernetes Clusters
When: Monday, Aug 15, 09:00 - 16:59 PDT
Where: Caesars Forum - Map
SpeakerBio:Madhu Akula
Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security architect with extensive experience. Also, he is an active member of the international security, DevOps, and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, OWASP, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27 & 29), BlackHat (2018, 19, 21 & 22), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19, 21, 22), SACON 2019, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc, and is credited with multiple CVEs, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
Twitter: @madhuakula
Description:
Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/madhu-akula-a-practical-approach-to-breaking-pwning-kubernetes-clusters
Training description:
The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.
In this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.
By end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containerized environments successfully. Also, the trainer will provide step by step guide (Digital Book) with resources and references to further your learning.
Return to Index - Add to
- ics Calendar file
PT - Tuesday - 09:00-16:59 PDT
Title: A Practical Approach to Breaking & Pwning Kubernetes Clusters
When: Tuesday, Aug 16, 09:00 - 16:59 PDT
Where: Caesars Forum - Map
SpeakerBio:Madhu Akula
Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security architect with extensive experience. Also, he is an active member of the international security, DevOps, and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, OWASP, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27 & 29), BlackHat (2018, 19, 21 & 22), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19, 21, 22), SACON 2019, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc, and is credited with multiple CVEs, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
Twitter: @madhuakula
Description:
Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/madhu-akula-a-practical-approach-to-breaking-pwning-kubernetes-clusters
Training description:
The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.
In this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.
By end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containerized environments successfully. Also, the trainer will provide step by step guide (Digital Book) with resources and references to further your learning.
Return to Index - Add to
- ics Calendar file
CLV - Friday - 12:10-12:30 PDT
Title: A ransomware actor looks at the clouds: attacking in a cloud-native way
When: Friday, Aug 12, 12:10 - 12:30 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Cloud Village) - Map
SpeakerBio:Jay Chen
Jay Chen is a security researcher with Palo Alto Networks. He has extensive research experience in cloud-native, public clouds, and edge computing. His current research focuses on investigating the vulnerabilities, design flaws, and adversary tactics in cloud-native technologies. In the past, he also researched Blockchain and mobile cloud security. Jay has authored 20+ academic and industrial papers.
Description:
Our research shows that the number of known ransomware attacks grew 85%, and the ransom demand climbed 144% (2.2M) from 2020 to 2021. The abundant data stored in the cloud make them lucrative targets for ransomware actors.
Due to the fundamental difference between the cloud-native and on-premises IT infrastructure, existing ransomware will not be effective in cloud environments. Ransomware actors will need new TTPs to achieve successful disruption and extortion.
What are the weaknesses that attackers are likely to exploit? What types of cloud resources are more susceptible to ransomware attacks? How may ransomware disrupt cloud workloads? This research aims to identify the possible TTPs using the knowledge of known ransomware and cloud security incidents. I will also demonstrate POC attacks that abuse a few APIs to quickly render a large amount of cloud-hosted data inaccessible. My goal is not to create fear, uncertainty, and doubt but to help clarify the risk and mitigation strategy.
Return to Index - Add to
- ics Calendar file
RFV - Friday - 16:00-16:59 PDT
Title: A Telco Odyssey. 5G SUCI-Cracker & SCTP-Hijacker
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
Speakers:Miguel Gallego Vara,Pedro Cabrera
SpeakerBio:Miguel Gallego Vara
Industrial engineer, currently working on vulnerabilities in non-commercial open source networks, attacks on mobile identities of subscribers to such mobile networks. Main focus on 5G networks. Implementation and automation of attacks on SDR platforms. In the last year he has joined the EthonShield project as a researcher and developer in the telecommunications area.
SpeakerBio:Pedro Cabrera
Industrial engineer, software defined radio (SDR) and drones enthusiast, he has worked in the main Spanish telecommunications operators, performing security audits and pentesting in mobile and fixed networks. In recent years he has led the EthonShield project, a startup focused on communications security and the development of new monitoring and defense products. He has participated in security events in the United States (RSA, CyberSpectrum, Defcon), Asia (BlackHat Trainings) and Spain (Rootedcon, Euskalhack, ShellCON, ViCON).
Twitter: @PcabreraCamara
Description:
The main objective of the presentation is to share the results of the research work with on-stage demonstrations, to bring the practical vision to everything presented in recent years on the security of 5G mobile networks. These attacks have been grouped into three areas; traditional denial of service attacks (Downgrade attacks), attacks on legacy protocols in the core of the network (SCTP Hijacker) and finally attacks on the new SUCI identity (SUCI Cracker).
Return to Index - Add to
- ics Calendar file
DL - Friday - 14:00-15:55 PDT
Title: AADInternals: The Ultimate Azure AD Hacking Toolkit
When: Friday, Aug 12, 14:00 - 15:55 PDT
Where: Caesars Forum - Committee Boardroom (Demo Labs) - Map
SpeakerBio:Nestori Syynimaa
Dr Nestori Syynimaa (@DrAzureAD) is one of the leading Azure AD / M365 security experts globally and the developer of the AADInternals toolkit. For over a decade, he has worked with Microsoft cloud services and was awarded Microsoft Most Valuable Security Researcher for 2021. Currently, Dr Syynimaa works as a Senior Principal Security Researcher for Secureworks Counter Threat Unit and hunts for vulnerabilities full time. He has spoken at many international scientific and professional conferences, including IEEE TrustCom, Black Hat Arsenal USA and Europe, RSA Conference, and TROOPERS.
Twitter: @DrAzureAD
Description:
AADInternals is an open-source hacking toolkit for Azure AD and Microsoft 365, having over 14,000 downloads from the PowerShell gallery. It has over 230 different functions in 15 categories for various purposes. The most famous ones are related to Golden SAML attacks: you can export AD FS token signing certificates remotely, forge SAML tokens, and impersonate users w/ MFA bypass. These techniques have been used in multiple attacks during the last two years, including Solorigate and other NOBELIUM attacks. AADInternals also allows you to harvest credentials, export Azure AD Connect passwords and modify numerous Azure AD / Office 365 settings not otherwise possible. The latest update can extract certificates and impersonate Azure AD joined devices allowing bypassing device based conditional access rules. https://o365blog.com/aadinternals/ https://attack.mitre.org/software/S0677
Audience: Blue teamers, red teamers, administrators, wannabe-hackers, etc.
Return to Index - Add to
- ics Calendar file
DL - Friday - 10:00-11:55 PDT
Title: Access Undenied on AWS
When: Friday, Aug 12, 10:00 - 11:55 PDT
Where: Caesars Forum - Caucus Boardroom (Demo Labs) - Map
SpeakerBio:Noam Dahan
Noam Dahan is a Senior Security Researcher at Ermetic with several years of experience in embedded security. He is a graduate of the Talpiot program at the Israel Defense Forces and spent several years in the 8200 Intelligence Corps. While this is his first time presenting at DEF CON, it is not his first time in front of a crowd. Noam was a competitive debater and is a former World Debating Champion.
Twitter: @NoamDahan
Description:
Access Undenied on AWS analyzes AWS CloudTrail AccessDenied events – it scans the environment to identify and explain the reasons for which access was denied. When the reason is an explicit deny statement, AccessUndenied identifies the exact statement. When the reason is a missing allow statement, AccessUndenied offers a least-privilege policy that facilitates access.
Audience: Cloud Security, Defense.
Return to Index - Add to
- ics Calendar file
DCGVR - Friday - 14:00-14:59 PDT
Title: Advanced Packet Wrangling with tcpdump
When: Friday, Aug 12, 14:00 - 14:59 PDT
Where: Virtual - DEF CON Groups VR
SpeakerBio:Scribbles
Stephen Kennedy is a Security Engineer and GNU/Linux enthusiast in Denver, CO. He holds a M.S. Cybersecurity and Information Assurance, as well as over twenty industry certifications. His first computer was a Commodore 64 and he is a survivor of late 90's-early 00's IRC.
Twitter: @404scribbles
Description:
"Ever have application owners point fingers at each other only to find out it was a network issue the entire time? Using tcpdump, we can quickly validate what's happening on the wire. But what if you're hunting for something much more specific?
In this talk, we'll explore use cases and examples of advanced tcpdump usage. Combining tcpdump filter syntax and BPF, you'll be able to quickly locate (or rule out) the traffic you're looking for."
Return to Index - Add to
- ics Calendar file
AVV - Friday - 14:30-17:30 PDT
Title: Adversary Booth
When: Friday, Aug 12, 14:30 - 17:30 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
Speakers:Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee
SpeakerBio:Dean Lawrence
, Software Systems Engineer
No BIO available
SpeakerBio:Ethan Michalak
, Cyber Security Intern
No BIO available
SpeakerBio:Melanie Chan
, Senior Cybersecurity Engineer & Intern Coordinator
No BIO available
SpeakerBio:Michael Kouremetis
, Lead Cyber Operations Engineer and Group Lead
No BIO available
SpeakerBio:Jay Yee
, Senior Cyber Security Engineer, Defensive Cyber Operations
No BIO available
Description:
Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.
Return to Index - Add to
- ics Calendar file
AVV - Friday - 11:30-13:30 PDT
Title: Adversary Booth
When: Friday, Aug 12, 11:30 - 13:30 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
Speakers:Dean Lawrence,Ethan Michalak,Melanie Chan,Michael Kouremetis,Jay Yee
SpeakerBio:Dean Lawrence
, Software Systems Engineer
No BIO available
SpeakerBio:Ethan Michalak
, Cyber Security Intern
No BIO available
SpeakerBio:Melanie Chan
, Senior Cybersecurity Engineer & Intern Coordinator
No BIO available
SpeakerBio:Michael Kouremetis
, Lead Cyber Operations Engineer and Group Lead
No BIO available
SpeakerBio:Jay Yee
, Senior Cyber Security Engineer, Defensive Cyber Operations
No BIO available
Description:
Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.
Return to Index - Add to
- ics Calendar file
AVV - Friday - 11:30-17:30 PDT
Title: Adversary Wars CTF
When: Friday, Aug 12, 11:30 - 17:30 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
Description:
Adversary Wars CTF will have real world simulation CTF scenarios and challenges, where the adversaries can simulate attacks and learn new attack vectors, TTPs, techniques, etc. There would be combined exercises which include different levels of threat/adversary emulation and purple teaming.
Return to Index - Add to
- ics Calendar file
APV - Friday - 10:00-11:15 PDT
Title: Agility Broke AppSec. Now It's Going to Fix It.
When: Friday, Aug 12, 10:00 - 11:15 PDT
Where: Flamingo - Twilight Ballroom - AppSec Village - Main Stage - Map
Speakers:Roy Erlich,Emil Vaagland,Seth Kirschner,Jim Manico
SpeakerBio:Roy Erlich
Roy Erlich is the CEO and Co-founder of Enso Security. He is the former Head of Application Security at Wix.com, where he gained critical insight into the AppSec lifecycle. Roy commanded an elite cybersecurity team in the IDF 8200 unit.
SpeakerBio:Emil Vaagland
Emil is running an AppSec Program for 200 Software Engineers divided on 35+ teams. Previously he has experience from being a part of Engineering Teams developing products to doing Security Engineering work creating services for appsec at scale.
SpeakerBio:Seth Kirschner
Seth Kirschner is the Application Security Manager for DoubleVerify, a publicly traded AdTech company (NYSE:DV). Previously with Deloitte and MUFG Securities. Co-founded Mira Therapeutics, Inc in PTSD/Trauma. Stevens Institute of Technology Alumni.
SpeakerBio:Jim Manico
No BIO available
Description:
In today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over their environments. Rather than invest their time in critical activities, teams are overwhelmed by gaps in visibility and tools to govern the process. As a result, many digital services remain improperly protected. To catch up, AppSec must adopt a model of agility that is compatible with software development.
The agile process continuously integrates small changes and collects meaningful feedback along the way, allowing an ever-progressing evolution of software. With small steps, you pay less for mistakes and learn a lot along the way. This approach, powered by continuous integration/continuous deployment (CI/CD), source code management (SCM), and an amazing array of collaboration tools, makes the software industry fast and powerful.
AppSec teams are charged with making sure software is safe. Yet, as the industry's productivity multiplied, AppSec experienced shortages in resources to cover basics like penetration testing and threat modeling. The AppSec community developed useful methodologies and tools — but outnumbered 100 to 1 by developers, AppSec simply cannot cover it all.
Software security (like all software engineering) is a highly complex process built upon layers of time-consuming, detail-oriented tasks. To move forward, AppSec must develop its own approach to organize, prioritize, measure, and scale its activity.
In this talk, we plan to address and discuss the current state of AppSec, and point out a few common failure points. Afterwards we plan to discuss what agile AppSec looks like, and how a reorganization, and a shift in management strategy could greatly transform the field, and allow business to truly address the risk of under-protected software.
Return to Index - Add to
- ics Calendar file
AIV - Friday - 12:00-12:50 PDT
Title: AI Village Keynote
When: Friday, Aug 12, 12:00 - 12:50 PDT
Where: Caesars Forum - Summit 220->236 (AI Village) - Map
SpeakerBio:Keith E. Sonderling
Keith E. Sonderling was confirmed by the U.S. Senate, with a bipartisan vote, to be a Commissioner on the U.S. Equal Employment Opportunity Commission (EEOC) in 2020. Until January of 2021, he served as the Commission’s Vice-Chair. His term expires July of 2024.
Prior to his confirmation to the EEOC, Commissioner Sonderling served as the Acting and Deputy Administrator of the Wage and Hour Division at the U.S. Department of Labor. Before joining the Department of Labor in 2017, Commissioner Sonderling practiced Labor and Employment law in Florida. Commissioner Sonderling also serves as a Professional Lecturer in the Law at The George Washington University Law School, teaching employment discrimination.
Since joining the EEOC, one of Commissioner Sonderling’s highest priorities is ensuring that artificial intelligence and workplace technologies are designed and deployed consistent with long-standing civil rights laws. Commissioner Sonderling has published numerous articles on the benefits and potential harms of using artificial intelligence-based technology in the workplace and speaks globally on these emerging issues.
Immediately before his confirmation to the EEOC, as Deputy and Acting Administrator of the U.S. Department of Labor’s Wage and Hour Division, Sonderling oversaw enforcement, outreach, regulatory work, strategic planning, performance management, communications, and stakeholder engagement. The Division accomplished back-to-back record-breaking enforcement collections and educational outreach events during his tenure. The Wage and Hour Division administers and enforces federal labor laws, including the Fair Labor Standards Act, the Family and Medical Leave Act, and the labor provisions of the Immigration and Nationality Act.
Commissioner Sonderling also oversaw the development and publication of large-scale deregulatory rules and authored numerous Opinion Letters, Field Assistance Bulletins, and All Agency Memorandums. Additionally, he was instrumental in developing the Division’s first comprehensive self-audit program, which collected more than $7 million for nearly eleven thousand workers.
Before his government service, Commissioner Sonderling was a partner at one of Florida’s oldest and largest law firms, Gunster. At Gunster, he counseled employers and litigated labor and employment disputes. In 2012, then-Governor Rick Scott appointed Sonderling to serve as the Chair of the Judicial Nominating Committee for appellate courts in South Florida.
Sonderling received his B.S., magna cum laude, from the University of Florida and his J.D., magna cum laude, from Nova Southeastern University.
Twitter: @KSonderlingEEOC
Description:
Commissioner Sonderling will provide an overview of the ways that AI is already being used to make employment decisions, the legal framework governing AI in the U.S., important ways that U.S. civil rights laws protect employees from discrimination by algorithms, and the status of regulatory efforts at the federal, state, local and global levels. He will also discuss his thoughts on ways our society can achieve the benefits of AI while respecting the rights of workers.
Return to Index - Add to
- ics Calendar file
ASV - Friday - 10:00-16:59 PDT
Title: Amazon Web Services Aerospace and Satellite Jam
When: Friday, Aug 12, 10:00 - 16:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
Jams are immersive engagements that encourage you to up-level your security and coding skills on AWS through the use of hands-on real-world scenarios. The scenarios have varying level of difficulty and points associated with them. Jam engagements allow you to identify strengths, areas of improvement, and the ability to work together in team or individual challenges. Participating will help you advance your cloud cyber skills, hone your problem-solving abilities, and better understand and appreciate the complex set of threat vectors that the aerospace and satellite community confront every day. You will gain experience with a wide range of AWS services in a series of prepared scenarios across aerospace and satellite use cases and operational tasks. Come prepared to stop threat actors from laterally moving through your virtual flight operations center. Detect manipulated imagery in your satellite imagery analysis pipeline. Defend against a DDOS attack on your satellite ground station receiver network. Harden your virtual twin Mars rover against Internet of Things (IoT) attacks. There’s never a dull moment to work in space!
Required gear: Laptop and connection required to access the jam environment, set up DEF CON WiFi in advance!
Return to Index - Add to
- ics Calendar file
QTV - Friday - 12:00-12:59 PDT
Title: An introduction to quantum algorithms
When: Friday, Aug 12, 12:00 - 12:59 PDT
Where: Caesars Forum - Summit 217 (Quantum Village) - Map
Speakers:Kathrin Spendier,Mark Jackson
SpeakerBio:Kathrin Spendier
No BIO available
SpeakerBio:Mark Jackson
No BIO available
Description:
We all know the building blocks of regular algos, so come learn the things necessary to write your own quantum algos!
Return to Index - Add to
- ics Calendar file
SKY - Friday - 11:40-11:59 PDT
Title: Android, Birthday Cake, Open Wifi... Oh my!
When: Friday, Aug 12, 11:40 - 11:59 PDT
Where: LINQ - BLOQ (SkyTalks 303) - Map
SpeakerBio:A.Krontab
Software Engineer by profession, lock picker and wanna be hacker by hobby. Also a Wil Wheaton look alike that actually fooled someone at DEFCON 23.
Twitter: @akrotos
Description:
What do you get when you combine a curious hacker dad at an 8 year old's birthday party with a couple open wifi networks, and a plain old android smartphone? A innocent digital trespass and spelunk into a network where full blown identity theft is possible by the end. Come hear about a low skill intrusion done with consumer hardware (No root required), apps straight off the shelf of the Google play store, and a burning curiosity and desire to get into places you're not supposed to be. UNPXGURCYNARG!
Return to Index - Add to
- ics Calendar file
ASV - Friday - 15:00-15:50 PDT
Title: Ask an Airport CISO
When: Friday, Aug 12, 15:00 - 15:50 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
SpeakerBio:Aakinn Patel
Aakin is the CISO of the Clark County Department of Aviation, which runs the Las Vegas International airport and 4 general aviation airports. He has worked in various CTO and cybersecurity roles going back 27 years across a wide variety of industries, and started his career as an UNIX Admin.
Description:
In this talk, Aakin Patel goes over the unique aspects of IT and cybersecurity at an airport, what makes LAS different from most other airports. After this short overview, there will be a hosted Q&A for whatever questions people have about airport technology and airport cybersecurity.
Return to Index - Add to
- ics Calendar file
AVV - Friday - 17:15-17:15 PDT
Title: Assessing Cyber Security ROI: Adversary simulation and Purple teaming
When: Friday, Aug 12, 17:15 - 17:15 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
Speakers:Ben Opel,Bryson Bort,Itzik Kotler,Joe Vest
SpeakerBio:Ben Opel
, Senior Director for Professional Services
Ben Opel is Senior Director for Professional Services at AttackIQ, where he also serves as a Purple Teaming instructor at AttackIQ Academy. A former officer in the U.S. Marine Corps, he led, trained, and integrated Marines in defensive cyberspace operations in support of U.S. national security objectives.
He brings experience in the theory, development, and practice of cyberspace operations from critical assignments leading identification and defense of key digital terrain in support of U.S. Special Operations Forces and assessing emerging technological risks to the U.S. Marine Corps and U.S. National Security. He is a graduate of the U.S. Naval Academy
SpeakerBio:Bryson Bort
Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow with the Atlantic Council’s Cyber Statecraft Initiative, the National Security Institute, and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber in 2020 by Business Insider.
Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.
Twitter: @brysonbort
SpeakerBio:Itzik Kotler
, CTO and Co-Founder
Itzik Kotler is CTO and Co-Founder of SafeBreach. Itzik has more than a decade of experience researching and working in the computer security space. He is a recognized industry speaker, having spoken at DEFCON, Black Hat USA, Hack In The Box, RSA, CCC and H2HC.
Prior to founding SafeBreach, Itzik served as CTO at Security-Art, an information security consulting firm, and before that he was SOC Team Leader at Radware. (NASDQ: RDWR).
Twitter: @itzikkotler
SpeakerBio:Joe Vest
Driven by his curiosity, perseverance, and passion for technology, Joe Vest's mantra for his work and teaching is: ""The journey of gaining experience can be as valuable as the end result."" Joe has over 20 years of experience in technology with a focus on red teaming, penetration testing, and application security. Joe is currently a Principal Security Engineer at AWS. Prior experience includes the Cobalt Strike Technical Director at HelpSystems, a security consulting company entrepreneur and owner, and a former director at SpecterOps. This diverse experience has given him extensive knowledge of cyber threats, tools, and tactics, including threat emulation and threat detection. Notable career accomplishments include authoring the book ""Red Team Development and Operations"" and authoring the original SANS 564 red team course.
When Joe is not working, you can find him enjoying life in the sun on the coast of Florida.
Twitter: @joevest
Description:No Description available
Return to Index - Add to
- ics Calendar file
RTV - Friday - 13:00-13:59 PDT
Title: Attack and Defend with the Command and Control (C2) Matrix
When: Friday, Aug 12, 13:00 - 13:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
SpeakerBio:Jake Williams
Jake Williams is the Executive Director of Cyber Threat Intelligence at SCYTHE. Williams is an IANS Faculty Member and also works as a SANS Analyst. He is a prolific speaker on topics in information security and has trained thousands of people on incident response, red team operations, reverse engineering, cyber threat intelligence, and other information security topics. Jake is the two time winner of the DC3 Digital Forensics Challenge, a recipient of the DoD Exceptional Civilian Service Award, and is one of only a handful of people to ever be certified as Master Network Exploitation Operator by the US Government.
Twitter: @MalwareJake
Description:No Description available
Return to Index - Add to
- ics Calendar file
BTV - Friday - 11:00-11:30 PDT
Title: Attribution and Bias: My terrible mistakes in threat intelligence attribution
When: Friday, Aug 12, 11:00 - 11:30 PDT
Where: Virtual - BlueTeam Village - Talks
SpeakerBio:Seongsu Park
Seongsu Park is a passionate researcher on malware researching, threat intelligence, and incident response with over a decade of experience in cybersecurity. He has extensive experience in malware researching, evolving attack vectors researching, and threat intelligence with a heavy focus on response to nation-state adversary attacks. He's mostly tracking high-skilled Korean-speaking threat actors. Now he is working in the Kaspersky Global Research and Analysis Team(GreAT) as a Lead security researcher and focuses on analyzing and tracking security threats in the APAC region.
Description:
One of the most important aspects of threat intelligence is the attribution of threat actors—identifying the entity behind an attack, their motivations, or the ultimate sponsor of the attack. Attribution is one of the most complicated aspects of cybersecurity, and it is easy to make mistakes because the underlying architecture of the internet offers numerous ways for attackers to hide their tracks. Threat actors can use false flags to deceive the security community about their identity, and natural human bias can lead researchers in the wrong direction. In this presentation, I will discuss three of the biggest lessons I’ve learned with regards to attribution—and how researchers can avoid making the same errors.
The first mistake is related to perception bias. The Olympic Destroyer was a cyber-sabotage attack that happened during the PyeongChang Winter Olympic in 2018. Many security vendors published information about the substance of the attack alongside unclear speculation about who was ultimately behind it. During the early stage of my Olympic Destroyer research, I strongly believed a North Korea-linked threat actor was behind the attack. Looking back, I’m overwhelmed by my confirmation bias at that time. The relationship between North Korea and South Korea was relatively stable during the Olympics, but North Korea sometimes attacked South Korea regardless. Therefore, I assumed the attack was associated with a North Korean threat actor that wanted to sow chaos during the Olympic season. However, my colleague discovered a fascinating rich header false flag designed to disguise the fact that this attack was carried out by an unrelated threat actor. Also, I confirmed that the threat actor behind this attack utilized a totally different modus operandi than the presumed North Korean threat actor after an in-depth, onsite investigation. I had allowed my perception bias to hinder my attribution efforts.
The second mistake occurred as a result of an over-reliance on third-party functions.
Researchers are often inclined to rely on too many third-party tools, and occasionally this blind faith causes mistakes. One day, I discovered that one Korean-speaking threat actor utilized a 0-day exploit embedded in a Word document. Based on the metadata of the malicious document, I used Virustotal to find additional documents with similar metadata. All of them had the same language code page, which made me even more biased. From then, I started going in the wrong direction. I totally believed that those documents were created by the same threat actor. However, I later discovered that the documents were created by two different actors with very similar characteristics. Both of them are Korean-speaking actors, who, historically, attack the same target. Eventually, I uncovered the difference between the two and was able to reach the right conclusion—but this required going beyond what my tools told me was the correct answer.
The last mistake occurred as a result of impatience. When I investigated one cryptocurrency exchange incident, I noticed that the cryptocurrency trading application was compromised and had been delivered with a malicious file. Without any doubt, I concluded that the supply chain of this company was compromised, and contacted them via email to notify them of this incident. But, as soon as I contacted them, their websites went offline and the application disappeared from the website. After a closer examination of their infrastructure, I recognized that everything was fake, including the company website, application, and 24/7 support team. Later, we named this attack Operation AppleJeus, which a US-CERT also mentioned when they indicted three North Korean hackers. In my haste to conclude my research, I failed to notice an operation aspect of the operation.
Threat Intelligence is a high-profile industry with numerous stories that have major geopolitical ramifications. Not only is attribution one of the hardest aspects of this field—it’s the one that carries the most significant consequences if not done correctly. Unfortunately, human intuition and bias interfere with proper attribution, leading to mistakes. By sharing my own struggles with attribution, it is my hope other researchers in the security community can carry out their own investigations with greater accuracy.
The threat intelligence industry suffers from the flow of inaccurate information. This symptom is because of irresponsible announcements and different perceptions of each vendor. In this presentation, I would like to share how we can quickly go to the wrong decisions and what attitude we need to prevent these failures.
Return to Index - Add to
- ics Calendar file
CON - Friday - 09:00-08:59 PDT
Title: AutoDriving CTF
When: Friday, Aug 12, 09:00 - 08:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
Overview
Last year, we organized the AutoDriving CTF as an official contest of DEF CON 29 (https://forum.defcon.org/node/237292) and did reasonably well: more than 100 teams participated and 93 teams had valid scores. Last year, due to the pandemic, the contest was online only with on-site demonstrations. All the challenges were deployed in 3D simulators. This year, we propose a hybrid event with in-person challenges on-site. We also plan to introduce some new challenges with real vehicles involved, in addition to those based on autonomous driving simulators. We hope to continue the engagement with the hacking community to raise the awareness of real-world security challenges in autonomous driving.
The AutoDriving CTF contest focuses on the emerging security challenges in autonomous driving systems. Various levels of self-driving functionalities, such as AI-powered perception, sensor fusion and route planning, are entering the product portfolio of automobile companies. From the security perspective, these AI-powered components not only contain common security problems such as memory safety bugs, but also introduce new threats such as physical adversarial attacks and sensor manipulations. Two popular examples of physical adversarial attacks are camouflage stickers that interfere with vehicle detection systems, and road graffitis that disturb lane keeping systems. The AI-powered navigation and control relies on the fusion of multiple sensor inputs, and many of the sensor inputs can be manipulated by malicious attackers. These manipulations combined with logical bugs in autonomous driving systems pose severe threats to road safety.
We design autonomous driving CTF (AutoDriving CTF) contests around the security challenges specific to these self-driving functions and components.
The goals of the AutoDriving CTF are the followings:
- Demonstrate security risks of poorly designed autonomous driving systems through hands-on challenges, increase the awareness of such risks in security professionals, and encourage them to propose defense solutions and tools to detect such risks.
- Provide CTF challenges that allow players to learn attack and defense practices related to autonomous driving in a well-controlled, repeatable, and visible environment.
- Build a set of vulnerable autonomous driving components that can be used for security research and defense evaluation.
The contest is based on a Jeopardy style of CTF game with a set of independent challenges. A typical contest challenge includes a backend that runs autonomous driving components in simulated or real environments, and a frontend that interacts with the players. This year's contest will follow the style of last year and includes the following types of challenges:
- “attack”: such as constructing adversarial patches and spoofing fake sensor inputs,
- “forensics”: such as investigating a security incident related to autonomous driving,
- “detection”: such as detecting spoofed sensor inputs and fake obstacles,
- “crashme on road!”: such as creating dangerous traffic patterns to expose logical errors in autonomous driving systems.
Most of these challenges will be developed using game-engine based autonomous driving simulators, such as CARLA and SVL.
The following link containssome challenge videos from AutoDriving CTF at DEF CON 29
https://www.youtube.com/channel/UCPPsKbVpxwk-464KIzr8xKw
What's new in 2022
This year, we will unlock new security-critical driving scenarios such as stop-controlled and signalized intersections. New difficulty levels will be added to challenges in such scenarios by integrating real downstream AI modules such as object tracking from open-source autonomous driving software like Apollo, Autoware and OpenPilot. For example, players will be required to generate adversarial masks which will be overlayed on the surface of a stop sign to prevent the self-driving vehicle from stopping. The self-driving vehicle is equipped with a tracking component so merely hiding the stop sign in several frames will not work.
A video demonstrating an attacked scenario is available at
https://youtu.be/4aedG1GNfRw
In addition to the simulation challenges, we will add challenges with real vehicles in the loop. In this setup, the vehicle under attack will be placed on a rack and the driving environment will be displayed on a monitor in front of the windshield camera. We will have the real vehicle running in a lab and players and players will interact with the vehicle by remotely manipulating the virtual surrounding environments (such as the projected road signs in front of the vehicle). The attack results will be judged based on systems logs (for open-source systems, such as openpilot) or dashboard visualizations (for closed-source vehicles).
The following URL shows some specifications about the real vehicles
https://docs.google.com/document/d/1oFC5Swn-UQ3hqIBA_Pw511o8WZqToU4TcQCb3UYocFc/edit?usp=sharing
In order to enable the audience to experience the challenges more directly, we plan to set up a vehicle wheel controller on site this year. Audiences can drive themselves to compete with the self-driving vehicle in some of the challenges.
For players
- What do players need to do to participate AutoDriving CTF?
Most of the challenges do not require domain knowledge of autonomous driving software or adversarial machine learning, although knowledge of those helps. For example, the players can generate images the way they like (e.g., drawing, photoshopping) to fool the AI-components or write a short python script to control the vehicle. Some challenges, such as incident forensics likely would require players to learn domain knowledge such as sensor information format and how fusion works.
- What do we expect players to learn through the CTF event?
Players can (1) gain a deep understanding of real-world autonomous driving systems' design, implementation, and their corresponding security properties and characteristics; and (2) learn the attack and defense practices related to autonomous driving in a well-controlled, repeatable, visible, and engaging environment.
Additional information
Below are some materials from our first AutoDriving CTF at DEF CON 29 in 2021, which includes some challenge videos (Warning: the videos files could be large in google drive), a summary of the event and some links reporting the events.
https://drive.google.com/drive/folders/1cr3qlX1mC7vGPzqqEZ900ZDiEQdbzGo4?usp=sharing
http://www.buffalo.edu/ubnow/stories/2021/11/team-cacti-capture-flag.html
https://medium.com/@asguard.research/invisible-truck-gps-hacking-mad-racing-first-person-view-of-worlds-first-ever-autonomous-9b2d5903672a
https://netsec.ccert.edu.cn/eng/hacking/2021-08-06-autodrive-defcon
https://cactilab.github.io/ctf.html
Return to Index - Add to
- ics Calendar file
AIV - Friday - 09:30-10:50 PDT
Title: Automate Detection with Machine Learning
When: Friday, Aug 12, 09:30 - 10:50 PDT
Where: Caesars Forum - Summit 220->236 (AI Village) - Map
SpeakerBio:Gavin Klondike
Gavin Klondike is a senior consultant and researcher who has a passion for network security, both attack and defense. Through that passion, he runs NetSec Explained; a blog and YouTube channel which covers intermediate and advanced level network security topics, in an easy to understand way. His work has given him the opportunity to be published in industry magazines and speak at conferences such as Def Con, Def Con China, and CactusCon. Currently, he is researching into ways to address the cybersecurity skills gap, by utilizing machine learning to augment the capabilities of current security analysts.
Description:
Today, over a quarter of security products for detection have some form of machine learning built in. However, “machine learning” is nothing more than a mysterious buzzword for many security analysts. In order to properly deploy and manage these products, analysts will need to understand how the machine learning components operate to ensure they are working efficiently. In this talk, we will dive head first into building and training our own security-related models using the 7-step machine learning process. No environment setup is necessary, but Python experience is strongly encouraged.
Return to Index - Add to
- ics Calendar file
SKY - Friday - 16:00-16:50 PDT
Title: Automated Trolling for Fun and No Profit
When: Friday, Aug 12, 16:00 - 16:50 PDT
Where: LINQ - BLOQ (SkyTalks 303) - Map
SpeakerBio:burninator
Burninator was a software engineer before becoming an appsec redteamer in 2018, but has been hacking all the things since high school.
Twitter: @burninatorsec
Description:
Having fun is at the core of discovering new CVEs or getting bug bounties. While this talk is about neither of those things, I want to show that doing something for the lulz can lead to some awesome possibilities no matter what you’re doing. Would you like to troll more but you work full time? Let’s automate! Are you one of the 40,000+ users who have been contacted by my bots such as the /r/pmmebot Reddit bot? Or ChinaNumberFour? Or J0hnnyDoxxille? Let’s talk it out. Some may say learning to code AI in Python just to troll is too much effort. I agree. I did it anyway.
Return to Index - Add to
- ics Calendar file
CLV - Friday - 10:10-10:50 PDT
Title: Automating Insecurity in Azure
When: Friday, Aug 12, 10:10 - 10:50 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Cloud Village) - Map
SpeakerBio:Karl Fosaaen
As a Senior Director at NetSPI, Karl leads the Cloud Penetration Testing service line and oversees NetSPI's Portland, OR office. Karl holds a BS in Computer Science from the University of Minnesota and is approaching 15 years of consulting experience in the security industry. Karl spends most of his research time focusing on Azure security and contributing to the NetSPI blog. As part of this research, Karl created the MicroBurst toolkit (https://github.com/Netspi/Microburst) to house many of the PowerShell tools that he uses for testing Azure. In 2021, Karl co-authored the book 'Penetration Testing Azure for Ethical Hackers' with David Okeyode. Over the years, Karl has held the Security+, CISSP, and GXPN certifications. Since DEF CON 19, Karl has spent most of his conference time selling merchandise as a Goon on the Merch (formerly SWAG) team.
Twitter: @kfosaaen
Description:
Microsoft's Azure cloud platform has over 200 services available to use, so why are we picking on just one? Automation Accounts are used in almost every Azure subscription and have been the source of two different CVEs in the last year, including one issue that exposed credentials between tenants. Given the credentials and access that are often associated with Automation Accounts, they're an easy target for attackers in an Azure subscription. In this talk, we will go over how Automation Accounts function within Azure, and how attackers can abuse built-in functionality to gain access to credentials, privileged identities, and sensitive information. Furthermore, we will do a deep dive on four vulnerabilities from the last year that all apply to Azure Automation Accounts.
Return to Index - Add to
- ics Calendar file
DC - Friday - 12:00-12:45 PDT
Title: Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More
When: Friday, Aug 12, 12:00 - 12:45 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
SpeakerBio:Kyle Avery
, Hacker
Kyle Avery has been interested in computers for his entire life. Growing up, he and his dad self-hosted game servers and ran their own websites. He focused on offensive security in university and has spent the last few years learning about malware and post-exploitation. Kyle previously worked at Black Hills Information Security as a red teamer, specializing in .NET development. He has since moved to lead an internal red team at H-E-B, where he works to improve the organization's security posture through continuous testing of configurations and processes. Before this talk, Kyle hosted BHIS and WWHF webcasts on Covert .NET Tradecraft, Abusing Microsoft Office, and Modern C2 Communications.
Twitter: @kyleavery_
Description:
Tired of encoding strings or recompiling to break signatures? Wish you could keep PE-sieve from ripping your malware out of memory? Interested in learning how to do all of this with your existing COTS or private toolsets?
For years, reverse engineers and endpoint security software have used memory scanning to locate shellcode and malware implants in Windows memory. These tools rely on IoCs such as signatures and unbacked executable memory. This talk will dive into the various methods in which memory scanners search for these indicators and demonstrate a stable evasion technique for each method. A new position-independent reflective DLL loader, AceLdr, will be released alongside the presentation and features the demonstrated techniques to evade all of the previously described memory scanners. The presenter and their colleagues have used AceLdr on red team operations against mature security programs to avoid detection successfully.
This talk will focus on the internals of Pe-sieve, MalMemDetect, Moneta, Volatility malfind, and YARA to understand how they find malware in memory and how malware can be modified to fly under their radar consistently.
Return to Index - Add to
- ics Calendar file
DL - Friday - 14:00-15:55 PDT
Title: AWSGoat : A Damn Vulnerable AWS Infrastructure
When: Friday, Aug 12, 14:00 - 15:55 PDT
Where: Caesars Forum - Caucus Boardroom (Demo Labs) - Map
Speakers:Jeswin Mathai,Sanjeev Mahunta
SpeakerBio:Jeswin Mathai
, Senior Security Researcher
Jeswin Mathai is a Senior Security Researcher at INE. Prior to joining INE, He was working as a senior security researcher at Pentester Academy (Acquired by INE). At Pentester Academy, he was also part of the platform engineering team who was responsible for managing the whole lab infrastructure. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo labs (DEFCON). He has also been a co-trainer in classroom trainings conducted at Black Hat Asia, HITB, RootCon, OWASP NZ Day. He has a Bachelor degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals, conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.
SpeakerBio:Sanjeev Mahunta
Sanjeev Mahunta is a Cloud Software Engineer at INE with a strong background in web, mobile application design and has high proficiency in AWS. He holds a bachelor's degree in Computer Science from Amity University Rajasthan. He has 2+ years of experience building front-end applications for the web and implementing ERP solutions. Having interned at Defence Research and Development Organisation (DRDO), he has acquired neat skills in application development. His areas of interest include Web Application Security, Serverless Application Deployment, System Design and Cloud.
Description:
Compromising an organization's cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure. Since cloud is relatively new, many developers are not fully aware of the threatscape and they end up deploying a vulnerable cloud infrastructure. When it comes to web application pentesting on traditional infrastructure, deliberately vulnerable applications such as DVWA and bWAPP have helped the infosec community in understanding the popular web attack vectors. However, at this point in time, we do not have a similar framework for the cloud environment. In this talk, we will be introducing AWSGoat, a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as IAM, S3, API Gateway, Lambda, EC2, and ECS. AWSGoat mimics real-world infrastructure but with added vulnerabilities. The idea behind AWSGoat is to provide security enthusiasts and pen-testers with an easy to deploy/destroy vulnerable infrastructure where they can learn how to enumerate cloud applications, identify vulnerabilities, and chain various attacks to compromise the AWS account. The deployment scripts will be open-source and made available after the talk.
Audience: Cloud, Ofference, Defense
Return to Index - Add to
- ics Calendar file
DL - Friday - 12:00-13:55 PDT
Title: AzureGoat: Damn Vulnerable Azure Infrastructure
When: Friday, Aug 12, 12:00 - 13:55 PDT
Where: Caesars Forum - Committee Boardroom (Demo Labs) - Map
Speakers:Nishant Sharma,Rachna Umraniya
SpeakerBio:Nishant Sharma
, Security Research Manager
Nishant Sharma is a Security Research Manager at INE, where he manages the development of next-generation on-demand labs. Before INE, he worked as R&D Head of Pentester Academy (Acquired by INE), where he led a team of developers/researchers to create content and platform features for AttackDefense. He has also developed multiple gadgets for WiFi pentesting/monitoring such as WiMonitor, WiNX, and WiMini. With over 9+ years of experience in development and content creation, he has conducted trainings/workshops at Blackhat Asia/USA, HITB Amsterdam/Singapore, OWASP NZ day, and DEFCON USA villages. He has presented/published his work at Blackhat USA/Asia Arsenal, DEFCON USA/China, Wireless Village, Packet Village and IoT village. He has also conducted WiFi Pentesting training at Blackhat USA 2019, 2021. He had started his career as a firmware developer at Mojo Networks (Acquired by Arista) where he worked on new features for the enterprise-grade WiFi APs and maintenance of state-of-the-art WIPS. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi, Azure, and Container security.
SpeakerBio:Rachna Umraniya
Rachana Umaraniya is a Cloud Developer at INE and has two years of experience in software development. She specializes in building applications with Java frameworks and is well versed with databases. She has a Master's degree in Computer Science from NIT Hamirpur. Her area of interest includes cloud security, cryptography, web application, and docker security.
Description:
Microsoft Azure cloud has become the second-largest vendor by market share in the cloud infrastructure providers (as per multiple reports), just behind AWS. There are numerous tools and vulnerable applications available for AWS for the security professional to perform attack/defense practices, but it is not the case with Azure. There are far fewer options available to the community. AzureGoat is our attempt to shorten this gap by providing a ready-to-deploy vulnerable setup (vulnerable application + misconfigured Azure components + multiple attack paths) that can be used to learn/teach/practice Azure cloud environment pentesting.
Audience: Cloud, Ofference, Defense
Return to Index - Add to
- ics Calendar file
CPV - Friday - 10:30-10:59 PDT
Title: Back to School! Hello RSA... and beyond!
When: Friday, Aug 12, 10:30 - 10:59 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
SpeakerBio:Mike Guirao
Mike Guirao (a.k.a Chicolinux) is currently doing a PhD in Computer Science at the New Mexico State University, he holds a SANS GCIH 504 certification and has given a couple of workshops at previous editions of DEFCON. He is currently working at the intersection of ML and Security. He loves volunteering for the CPV!!!
Description:
RSA is the Gold Standard for public key crypto, there is still no other algorithm known as broadly as RSA, so in this talk I will provide a deep review of RSA with even some fun math so we can grasp the fundamentals of RSA and understand its beauty. Along the way I will provide some examples with Python and command line tools in Linux! The goal of this talk is for you to fully understand how RSA works once this talk is over!
Return to Index - Add to
- ics Calendar file
DC - Friday - 13:00-13:20 PDT
Title: Backdooring Pickles: A decade only made things worse
When: Friday, Aug 12, 13:00 - 13:20 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
SpeakerBio:ColdwaterQ
, Senior Security Engineer at Nvidia
ColdwaterQ has always been interested in understanding how things work. This led to a career in the security industry and allowed him to be a part of NVIDIA’s AI Red Team where he works currently. He has attended every DEF CON starting in 2012, even if the last two were only remotely, and has returned this year hoping to help give some of what he learned back to the community.
Twitter: @ColdwaterQ
Description:
Eleven years ago, "Sour Pickles" was presented by Marco Slaviero. Python docs already said pickles were insecure at that time. But since then, machine learning frameworks started saving models in pickled formats as well. So, I will show how simple it is to add a backdoor into any pickled object using machine learning models as an example. As well as an example of how to securely save a model to prevent malicious code from being injected into it.
Return to Index - Add to
- ics Calendar file
DL - Friday - 14:00-15:55 PDT
Title: Badrats: Initial Access Made Easy
When: Friday, Aug 12, 14:00 - 15:55 PDT
Where: Caesars Forum - Society Boardroom (Demo Labs) - Map
Speakers:Kevin Clark,Dominic “Cryillic” Cunningham
SpeakerBio:Kevin Clark
Kevin Clark is a Software Developer at Def-Logix focused on development of offensive security tools. His previous work includes Penetration Testing and Red Team Operator, focusing on initial access and active directory exploitation. Kevin contributes to open-source tools such as PowerShell Empire and publishes custom security toolkits such as Badrats and WindowsBinaryReplacements. Kevin authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
Twitter: @GuhnooPlusLinux
SpeakerBio:Dominic “Cryillic” Cunningham
Dominic “Cryillic” Cunningham is a Red Team Content Engineer for TryHackMe, a large cybersecurity education platform. He is currently pursuing a degree in computing security with a focus in digital forensics and malware. His work includes general adversary emulation, offensive operations, and evasion. He specializes in researching and documentation of Evasion Techniques, Windows Internals, and Active Directory. Most of his work and research has been published at https://www.tryhackme.com, where he has also developed and released numerous CTF boxes and enterprise-level ranges.
Description:
Remote Access Trojans (RATs) are one of the defining tradecraft for identifying an Advanced Persistent Threat. The reason being is that APTs typically leverage custom toolkits for gaining initial access, so they do not risk burning full-featured implants. Badrats takes characteristics from APT Tactics, Techniques, and Procedures (TTPs) and implements them into a custom Command and Control (C2) tool with a focus on initial access and implant flexibility. The key goal is to emulate that modern threat actors avoid loading fully-featured implants unless required, instead opting to use a smaller staged implant. Badrats implants are written in various languages, each with a similar yet limited feature set. The implants are designed to be small for antivirus evasion and provides multiple methods of loading additional tools, such as shellcode, .NET assemblies, PowerShell, and shell commands on a compromised host. One of the most advanced TTPs that Badrats supports is peer-to-peer communications over SMB to allow implants to communicate through other compromised hosts.
Audience: Offense
Return to Index - Add to
- ics Calendar file
AVV - Friday - 13:15-13:45 PDT
Title: Balancing the Scales of Just-Good-Enough
When: Friday, Aug 12, 13:15 - 13:45 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
Speakers:Frank Duff,Ian Davila
SpeakerBio:Frank Duff
Frank Duff is a distinguished thought leader in threat-informed defense, specializing in the assessment of organizations and security capabilities. Prior to Tidal, Frank spent his entire 18-year professional career at The MITRE Corporation in a variety of roles. Frank is most well-known as the General Manager of MITRE ATT&CK® Evaluations where he conceptualized, stood up, and oversaw the program. He spent the early years of ATT&CK on the front lines, transitioning it to the private sector, working with solution providers to understand the importance of the burgeoning knowledge base, as well as advising in its integration into their products and workflows. Recognizing a gap in current evaluation processes, he devised a threat-informed evaluation methodology that would leverage ATT&CK as the common language and would revolutionize how solution provider testing was performed. He oversaw nearly 100 evaluations, including over 90% of Forrester and Gartner endpoint security analyzes. Prior to ATT&CK Evaluations, Frank helped advance the concept of post-exploit detection by exploring the benefits of host-based data, on the project that inspired the creation of the ATT&CK knowledge base. Needing a way to provably and repeatably measure progress, he then transitioned to managing red teamers where he advanced the concepts of Adversary Emulation. He also worked with a variety of government customers as a specialist in growing work programs, where he worked with them to embrace threat-informed defense concepts, including advancing malware analysis, ATT&CK-based analytics, and purple teaming. He oversaw another 30 evaluations, across a broad range of capabilities to ensure they addressed the threat, while meeting mission needs. Frank started at MITRE in 2003 as an intern in Rome, NY, while obtaining his bachelor’s degree in Computer Engineering from Syracuse University. After graduation, he would start his full-time career in 2005. During his early years, he worked with radar data processing. As he projected a change in the work program, he decided to pursue a master’s degree in Computer Engineering, Information Assurance from Syracuse University. He received this degree in 2008, and shortly after became the face of the new local cyber work program, expanding and evolving MITRE’s presence at the site.
Twitter: @frankduff
SpeakerBio:Ian Davila
, Lead Adversary Emulation Engineer
Ian Davila is a Lead Adversary Emulation Engineer for Tidal Cyber who is passionate about Threat-Informed Defense. Before joining Tidal Cyber, Ian was a Cyber Security Engineer for The MITRE Corporation. Ian advanced MITRE ATT&CK® where he researched, developed, and reviewed techniques for the Enterprise domain as a Technique Research Lead. He also supported the software development team of ATT&CK. Ian was part of ATT&CK Evaluations for two Enterprise offerings where he led evaluations and emulated malware used by adversaries. Ian began his career in Cyber Security in 2015 by competing in CTFs while completing his Bachelor of Science in Computer Science from the University of Puerto Rico, Rio Piedras. He was a Research Assistant for the University of Puerto Rico and interned at the National Institute of Standards and Technology and Carnegie Melon University. After completing his Bachelor of Science, he obtained a Master of Science in Information Security from Carnegie Melon University in 2020 while being an intern for The MITRE Corporation.
Twitter: @advemuian
Description:
In MITRE ATT&CK, techniques describe the means by which adversaries achieve tactical goals, sub-techniques describe the same means but a more specific level, and procedures describe the variations that are precise implementations of those techniques. This precision in many ways is what enables adversary emulation, and makes it, well, emulation. It allows us to confidently and accurately call something “in the spirit of APT29”. In many cases, in an effort to try to be precise, we narrow the focus of our evaluations and only implement the limited procedures an adversary is known to perform. But what happens if procedural information is not available for a specific adversary? We have to make an assumption about them. We do our best to get in their mindset. We consider what we believe to be their end goals, but in the end, we are left with a couple choices. We can make an educated guess, but in this case we fall into the same trapping of above - a narrowed focus that might not even be accurate. The alternate is to implement a variety of procedures and hope that we effectively cover our bases. Procedural variation looks at a single technique or sub-technique, and implements them in different ways, ideally to trigger different data sources, and thus potentially different defensive capabilities. It is for this reason that over the past year, there has been an increased awareness and advocacy for procedural variation. Procedural variation gives us greater confidence that when we say we have a defensive for the technique under test, the defense will actually work. Procedural variation comes with its own challenges; increased development costs and potentially reducing the accuracy of our emulations are only the start of that conversation. So how do we balance the benefits of procedure variation with the challenges? In this talk, we will present the key considerations to make when designing your ATT&CK test plans so that you can maximize your test plan’s bang-for-the-buck, gaining the key confidence that procedural variation offers while staying true to threat intelligence, and doing all of this while keeping budget in the back of our minds.
Return to Index - Add to
- ics Calendar file
CON - Friday - 12:00-14:59 PDT
Title: Betting on Your Digital Rights: EFF Benefit Poker Tournament
When: Friday, Aug 12, 12:00 - 14:59 PDT
Where: Other/See Description
Description:
We’re going all in on internet freedom. Take a break from hacking the Gibson to face off with your competition at the tables—and benefit EFF! Your buy-in is paired with a donation to support EFF’s mission to protect online privacy and free expression for all. Play for glory. Play for money. Play for the future of the web. Seating is limited, so reserve your spot today at https://eff.org/poker.
Tournament Specs: $100 Bally’s tournament buy-in with a suggested donation of $250 to EFF to sign up. Rebuys are unlimited to level 6 with each having a suggested donation of $100. Levels will be fifteen minutes, and the blinds go up at each level. Attendees must be 21+.
WHEN: Friday, August 12, 2022 12:00 pm to 3:00 pm
WHERE: Bally's Poker Room, 3645 Las Vegas Blvd Overpass, Las Vegas, NV 89109
More details at https://eff.org/poker
Return to Index - Add to
- ics Calendar file
CON - Friday - 11:00-14:59 PDT
Title: Beverage Cooling Contraption Contest (BCCC)
When: Friday, Aug 12, 11:00 - 14:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
It's DEFCON 30 and the world is a tumultuous place. Maybe Putan has invaded NATO. Maybe China has invaded Taiwan or doubled down on its bid to claim the oddly sack-shaped ""nine dash line"". I think Pooh Bear may be trying to compensate for something. Whatever the current events, I'm going to claim WWIII is right around the corner and you should be prepared! Prepared to chill your beverage that is. If the world is ending, do you really want to see it out with a warm beverage!? I thought not! If I'm going out in a nuclear hellfire I want it to be with ice cold suds. So come on down and let's get prepped!
** NOTE: Some DEF CON floor plans indicated that BCCC was to be outside Caesars Forum; this is incorrect. BCCC is happening inside the Contest Area, inside Caesars Forum. **
Return to Index - Add to
- ics Calendar file
CON - Friday - 12:00-14:59 PDT
Title: BIC Village Capture The Flag
When: Friday, Aug 12, 12:00 - 14:59 PDT
Where: Flamingo - Sunset-Twilight Ballroom (Blacks In Cybersecurity Village) - Map
Description:
The BIC Village Capture The Flag Event is a jeopardy style event designed to practice solving challenges in multiple categories.
This event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. The gamified and challenge oriented sections of the event will not only challenge one's mind in problem solving and critical thinking but also charge one with the mission of identifying and learning about historical facts and figures that they would not otherwise be exposed to.
Return to Index - Add to
- ics Calendar file
CHV - Friday - 10:00-10:40 PDT
Title: Biometrics system hacking in the age of the smart vehicle
When: Friday, Aug 12, 10:00 - 10:40 PDT
Where: Virtual - Car Hacking Village
Speakers:Huajiang "Kevin2600" Chen,Li Siwei
SpeakerBio:Huajiang "Kevin2600" Chen
Huajiang "Kevin2600" Chen (Twitter: @kevin2600) is a senior security researcher. He mainly focuses on vulnerability research in wireless and embedded systems. Kevin2600 has spoken at various conferences including KCON; DEFCON and CANSECWEST.
Twitter: @kevin2600
SpeakerBio:Li Siwei
Li Siwei is a security researcher. He specializes in Big data analysis and AI Security.
Description:
Biometric systems such as face recognition, voice-print identification is extensively used for personal identification. In recent years more and more vehicle makers are implemented the facial recognition systems into the modern vehicle. However, how secure these systems really are?
In this talk, we will present some of simple yet very practical attack methods, to bypass the face recognition systems found on some modern vehicles, in order to login or even start the engine.
We will also diving into the journey of how to spoof the voiceprint based system. To trick the Smart speakers authentication mechanism to shopping online. Or generated a "unharmed" song with a specific command secretly embedded within. eg. "Open the car window"
Return to Index - Add to
- ics Calendar file
SOC - Friday - 18:00-01:59 PDT
Title: Black & White Ball - Entertainment
When: Friday, Aug 12, 18:00 - 01:59 PDT
Where: Caesars Forum - Forum 120-123, 129, 137 (Chillout) - Map
Speakers:Biolux,Dual Core,Icetre Normal,Keith Meyers,Magician Kody Hildebrand,Miss Jackalope,n0x08,Skittish & Bus
SpeakerBio:Biolux
No BIO available
SpeakerBio:Dual Core
No BIO available
SpeakerBio:Icetre Normal
No BIO available
SpeakerBio:Keith Meyers
No BIO available
SpeakerBio:Magician Kody Hildebrand
No BIO available
SpeakerBio:Miss Jackalope
No BIO available
SpeakerBio:n0x08
No BIO available
SpeakerBio:Skittish & Bus
No BIO available
Description:
18:00 - 19:00: Hildebrand Magic
19:00 - 20:00: Dual Core
20:00 - 21:00: Icetre Normal
21:00 - 22:00: n0x08
22:00 - 23:00: Skittish & Bus
23:00 - 00:00: Biolux
00:00 - 00:15: Costume Contest
00:15 - 01:15: Miss Jackalope
01:15 - 02:00: Keith Myers
The party starts at 18:00; everyone can come whenever they like. The doors are not going to close between “chill out” and the Black & White Ball.
DEF CON Arts & Entertainment Presents: Hacker Homecoming at the Black & White Ball
Join us Friday night (Aug 12) at the Forum and travel back in time as we relaunch the Black & White ball that many of you may remember. Embracing the Hacker Homecoming theme for DEF CON 30, we hope you will arrive dressed your best and ready to party! This is your chance to be yourself, express yourself, and have an amazing time!
Enjoy Some Beverages – On Us!
Your first reward for dressing up is special access to the Friday event including a custom pass that gets you free drinks (Until they run out)!
Contest – Win the cost of a DEF CON badge – $360!
Be creative, have fun, and impress the crowd! The best dressed will win $360 and be crowned King/Queen/[Insert Title Here] of the DEF CON 30 Black & White Ball! Judging begins at midnight, and the winner will be chosen based on crowd noise level. No speech necessary!
Return to Index - Add to
- ics Calendar file
BTV - Friday - 10:00-10:30 PDT
Title: Blue Team Village Opening Ceremony
When: Friday, Aug 12, 10:00 - 10:30 PDT
Where: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
Description:
Blue Team Village Opening Ceremony
Blue Team Village Opening Ceremony
Return to Index - Add to
- ics Calendar file
BTV - Friday - 17:00-17:59 PDT
Title: Blue Teaming Cloud: Security Engineering for Cloud Forensics & Incident Response
When: Friday, Aug 12, 17:00 - 17:59 PDT
Where: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
Speakers:John Orleans,Misstech,Cassandra Young (muteki),KyleHaxWhy
SpeakerBio:John Orleans
To be completed.
SpeakerBio:Misstech
As part of Microsoft's customer facing Detection and Response Team (DART), I work as a cloud hunter and lead investigator, battling alongside our customers on the front lines of incident response. Our work often involves dealing with live incidents involving APT and nation state actors and hunting them is what brings me joy.
SpeakerBio:Cassandra Young (muteki)
Cassandra (aka muteki) works full time in information security consulting, specializing in Cloud Security Architecture and Engineering. She holds a master’s degree in Computer Science, focusing on cloud-based app development and academic research on serverless security and privacy/anonymity technology. Additionally, as one of the directors of Blue Team Village, Cassandra works to bring free Blue Team talks, workshops and more to the broader security community.
Twitter: @muteki_rtw
SpeakerBio:KyleHaxWhy
KyleHaxWhy likes bananas.
Description:
Whether you’re in AWS, Azure or GCP, cloud security engineering doesn’t stop at basic guardrails and sending logs to a SIEM. So how do you engineer for the challenges unique to cloud forensics and incident response? This panel of cloud security engineers and incident responders will share their experiences and insights to help you take your security engineering from “just the basics” to “prepared for the inevitable”.
Whether you’re in AWS, Azure or GCP, cloud security engineering doesn’t stop at basic guardrails and sending logs to a SIEM. So how do you engineer for the challenges unique to cloud forensics and incident response? This panel of cloud security engineers and incident responders will share their experiences and insights to help you take your security engineering from “just the basics” to “prepared for the inevitable”.
Return to Index - Add to
- ics Calendar file
SOC - Friday - 20:00-22:59 PDT
Title: BlueTeam Village Party
When: Friday, Aug 12, 20:00 - 22:59 PDT
Where: LINQ - Pool
Description:
This year BTV will be celebrating five years at DEF CON!!! Join us Friday night 8pm-11pm at the LINQ pool. Libations will be available at the cash bar. Free tacos, sliders, and other goodies.
Dual Core will be performing at 9pm!
We hope to see you during this special Homecoming event.
Return to Index - Add to
- ics Calendar file
ASV - Friday - 10:00-15:59 PDT
Title: Boeing ARINC 429 Airplane Challenge and CTF
When: Friday, Aug 12, 10:00 - 15:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
Boeing Test & Evaluation (T&E) has developed two modules to provide an interactive learning environment and engagement opportunity on ARINC 429 data bus. Three modules will be offered, including a 10-15 minute guided discussion on the basics of ARINC 429, highlighting the key components necessary to participate in the two interactive modules. Boeing will provide an interactive learning environment to improve situational awareness of ARINC 429 data bus and promote discussion on Cyber T&E across the aviation industry. After completing the basics guided tour, participants may engage in one or both of events, the Airplane Challenge and CTF.
In order to get participants familiar with ARINC 429 concepts, there will be a presentation introducing 429 and the challenge environment at 10:30 and 13:00 both days.
Event #1 – Airplane Challenge (“AC”): during this event the user is presented with a user interface to send their own crafted 429 messages. The participant will be assigned an airplane on a map with the objectives of navigating the airplane to a win condition.
Event #2 – Capture The Flag (CTF): The participants will connect into the CTF to take on challenges involving protocol and message manipulation. The participant will be able to validate each flag found in order to complete the event!
Required gear: for the AC, you will need a mobile phone and/or Laptop with ability to connect to WiFi. For the CTF you will need a laptop and ethernet cable
Signups: first come first serve!
Return to Index - Add to
- ics Calendar file
PHV - Friday - 10:00-17:59 PDT
Title: Botnet Workshop
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map
Description:
What is a botnet and how does it work? Come to the Packet Hacking Village and we'll teach you! Our workshop covers the basics of setup, operation, and shenanigans. Learn a skill useful for offense and defense in infosec!
Return to Index - Add to
- ics Calendar file
DC - Friday - 15:30-16:15 PDT
Title: Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
When: Friday, Aug 12, 15:30 - 16:15 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
SpeakerBio:James Kettle
, Director of Research, PortSwigger
James 'albinowax' Kettle is the Director of Research at PortSwigger - he's best known for his HTTP Desync Attacks research, which popularized HTTP Request Smuggling. James has extensive experience cultivating novel attack techniques, including web cache poisoning, HTTP/2 desync attacks, Server-Side Template Injection, and password reset poisoning. James is also the author of multiple popular open-source tools including Param Miner, Turbo Intruder, and HTTP Request Smuggler. He is a frequent speaker at numerous prestigious venues including both Black Hat USA and EU, OWASP AppSec USA and EU, and DEF CON.
Twitter: @albinowax
Description:
The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessible systems with a reverse proxy front-end... until now.
In this session, I'll show you how to turn your victim's web browser into a desync delivery platform, shifting the request smuggling frontier by exposing single-server websites and internal networks. You'll learn how to combine cross-domain requests with server flaws to poison browser connection pools, install backdoors, and release desync worms. With these techniques I'll compromise targets including Apache, Akamai, Varnish, Amazon, and multiple web VPNs.
While some classic desync gadgets can be adapted, other scenarios force extreme innovation. To help, I'll share a battle-tested methodology combining browser features and custom open-source tooling. We'll also release free online labs to help hone your new skillset.
I'll also share the research journey, uncovering a strategy for black-box analysis that solved several long-standing desync obstacles and unveiled an extremely effective novel desync trigger. The resulting fallout will encompass client-side, server-side, and even MITM attacks; to wrap up, I'll live-demo breaking HTTPS on Apache.
Return to Index - Add to
- ics Calendar file
AVV - Friday - 15:00-16:59 PDT
Title: Building Adversary Chains Like an Operator
When: Friday, Aug 12, 15:00 - 16:59 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
Speakers:David Hunt,Stephan Wampouille
SpeakerBio:David Hunt
Daniel Feichter has his original background in industrial engineering, he started 3.5 years ago more or less as an offensive security rookie in an employed relationship. For different reasons he decided to start his own company in 2022 (Infosec Tirol), with which he focuses even more on offensive security like APT testing, adversary simulation and red teaming. Daniel invests a lot of his time in learning and researching in the area of endpoint security. Based on the Windows Internals he tries day by day to better understand AV/EPP/EDR products on Windows and is always looking for new ways to bypass and evade them.
Twitter: @privateducky
SpeakerBio:Stephan Wampouille
, Software Engineer
Stephan is a software engineer at Prelude Research, where he works on cutting-edge offensive security tools and tradecraft. He originally worked on the Operator C2 platform before moving on to build the library of TTPs hosted on chains.prelude.org. Stephan is a veteran Defcon speaker, previously giving a talk on autonomous lateral movement, as applied to Linux servers, at Defcon 29.
Description:
Every week, the Prelude security team builds attack chains that emulate the most notorious threat actors online. The attacks are released in an event called “TTP Tuesday” and each chain can be browsed on chains.prelude.org. For those with an Operator license, the chains pop into the command-and-control (C2) application automatically. For the first time, the author of Operator - along with Prelude security engineers - will walk you through their process of building and releasing these chains. In this workshop, you will learn how to:
- Evaluate open-source threat intelligence and output it as an attack plan.
- Convert your plan into an actionable set of TTPs called a “chain”.
- Select hosts around your network to test your plan.
- Deploy agents on your selected hosts and execute your chain against them.
- Put your chains on repeat so they’re constantly at work in your environment.
- Package your results into a report that can measure your success.
You should expect to be hands-on, with a laptop running Operator. Expect to walk away from this workshop with both knowledge of how to build attack chains and a brand new, unreleased chain that will go out in a future TTP Tuesday event. Attackers use advanced tactics to infiltrate your network and run undetected. Learn how to emulate them so you can get ahead of their game. Proactive adversary emulation leads to better detection, which leads to faster response and a more robust grasp of your current risk profile.
Return to Index - Add to
- ics Calendar file
PSV - Friday - 11:30-11:59 PDT
Title: Bypass 101
When: Friday, Aug 12, 11:30 - 11:59 PDT
Where: Caesars Forum - Summit 201-202 (Physical Security Village) - Map
SpeakerBio:Karen Ng
As a founding member of the Physical Security Village, Karen has always been eager to spread awareness of physical security vulnerabilities. Karen works with GGR Security as a Security Risk Assessor.
Twitter: @hwenab
Description:
There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn the basics in this talk.
Return to Index - Add to
- ics Calendar file
ASV - Friday - 09:00-16:59 PDT
Title: California CyberSecurity Institute Space Grand Challenge
When: Friday, Aug 12, 09:00 - 16:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
The DEF CON participants will be learning how the convergence of cybersecurity and space connect! The gamified satellite cybercrime scenario, “Mission Kolluxium Z-85-0” is ready for the next Space Captain! This is a beginner challenge. Unity based game that explores Space, Orbital Mechanics, Satellite Hacking, Deep Space Networks, Digital Forensics, Python, Wireshark, Blockchain, and Ethics! This is a great chance for a CyberNaut to learn something new!
Please register here and look for an email close to the competition day for instructions: https://www.cognitoforms.com/CCI17/SpaceGrandChallengeAEROSPACEVILLAGEDEFCON2022
Return to Index - Add to
- ics Calendar file
CHV - Friday - 17:00-17:40 PDT
Title: CANalyse 2.0 : A vehicle network analysis and attack tool.
When: Friday, Aug 12, 17:00 - 17:40 PDT
Where: Virtual - Car Hacking Village
Speakers:Kartheek Lade (@0xh3nry),Rahul J
SpeakerBio:Kartheek Lade (@0xh3nry)
No BIO available
SpeakerBio:Rahul J
No BIO available
Description:
CANalyse is a software tool built to analyse the log files in a creative powerful way to find out unique data sets automatically and inject the refined payload back into vehicle network.
CANalyse has three modes;
1) Smart Scan: automatic data filtration.
2) CANalyse IDE: powerful integrated development environment (IDE) using pandasql.
3) Telegram: it uses the IDE on base level and receives the commands through a telegram bot.
In short, using CANalyse an attacker can sniff the CAN network (all python-can supported protocols), analyse (both in automatic and manual method) rapidly, and inject the payload back into vehicle network. All this can also be done by using a telegram bot too.
Return to Index - Add to
- ics Calendar file
CHV - Friday - 16:30-16:59 PDT
Title: canTot - a CAN Bus Hacking Framework to Compile Fun Hacks and Vulnerabilities
When: Friday, Aug 12, 16:30 - 16:59 PDT
Where: Virtual - Car Hacking Village
SpeakerBio:Jay Turla
, Principal Security Consultant
Jay Turla is a Principal Security Consultant at VikingCloud, and one of the goons of ROOTCON. He has presented at international conferences like ROOTCON, HITCON, Nullcon, DEFCON, etc. He used to work for HP Fortify and Bugcrowd in the areas of appsec. His main interest or research right now is about car hacking and is currently one of the main organizers of the Car Hacking Village of ROOTCON / Philippines.
Description:
canTot is a cli framework similar to the usage of known frameworks like Metasploit, dronesploit, expliot, and Recon-ng. The fun thing is that it contains fun hacks and known vulnerabilities disclosed. It can also be used as a guide for pentesting vehicles and learning python for Car Hacking the easier way. This is not to reinvent the wheel of known CAN fuzzers, car exploration tools like caring caribou, or other great CAN analyzers out there. But to combine all the known vulnerabilities and fun CAN bus hacks in automotive security.
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:30-18:30 PDT
Title: Capture The Packet Preliminaries
When: Friday, Aug 12, 10:30 - 18:30 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map
Description:
Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes.
Last round for Friday kicks off at 16:00.
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-17:30 PDT
Title: Car Hacking Village CTF
When: Friday, Aug 12, 10:00 - 17:30 PDT
Where: Caesars Forum - Forum 124-128 (Car Hacking Village) - Map
Description:
The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OE's and suppliers to ensure our challenges give a real-world experience to hacking cars. We understand car hacking can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.
Return to Index - Add to
- ics Calendar file
ROV - Friday - 12:30-13:30 PDT
Title: Catch the Cheat
When: Friday, Aug 12, 12:30 - 13:30 PDT
Where: LINQ - 3rd flr - Evolution (Rogues Village) - Map
SpeakerBio:Four Suits Co
No BIO available
Twitter: @foursuits_co
Description:
Watch members of the Rogues Village staff try to fool you with an elaborate series of gambling situations and sleights. Can you be the one to “Catch the Cheat”?
Return to Index - Add to
- ics Calendar file
SOC - Friday - 09:00-17:59 PDT
Title: Chillout Lounge (with entertainment)
When: Friday, Aug 12, 09:00 - 17:59 PDT
Where: LINQ - 3rd flr - Chillout - Map
Speakers:djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SpeakerBio:djdead
No BIO available
SpeakerBio:Kampf
No BIO available
SpeakerBio:Merin MC
No BIO available
SpeakerBio:Pie & Darren
No BIO available
SpeakerBio:Rusty
No BIO available
SpeakerBio:s1gnsofl1fe
No BIO available
Description:
The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there.
All chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.
Entertainment schedule:
09:00 to 12:00 - Pie & Darren
12:00 to 13:30 - Kampf
13:30 to 14:30 - s1gnsofl1fe
14:30 to 15:30 - Merin MC
15:30 to 16:30 - Rusty
16:30 to 18:00 - djdead
Return to Index - Add to
- ics Calendar file
SOC - Friday - 09:00-17:59 PDT
Title: Chillout Lounge (with entertainment)
When: Friday, Aug 12, 09:00 - 17:59 PDT
Where: Flamingo - Carson City I (Chillout) - Map
Speakers:djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SpeakerBio:djdead
No BIO available
SpeakerBio:Kampf
No BIO available
SpeakerBio:Merin MC
No BIO available
SpeakerBio:Pie & Darren
No BIO available
SpeakerBio:Rusty
No BIO available
SpeakerBio:s1gnsofl1fe
No BIO available
Description:
The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there.
All chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.
Entertainment schedule:
09:00 to 12:00 - Pie & Darren
12:00 to 13:30 - Kampf
13:30 to 14:30 - s1gnsofl1fe
14:30 to 15:30 - Merin MC
15:30 to 16:30 - Rusty
16:30 to 18:00 - djdead
Return to Index - Add to
- ics Calendar file
SOC - Friday - 09:00-17:59 PDT
Title: Chillout Lounge (with entertainment)
When: Friday, Aug 12, 09:00 - 17:59 PDT
Where: Caesars Forum - Forum 120-123, 129, 137 (Chillout) - Map
Speakers:djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SpeakerBio:djdead
No BIO available
SpeakerBio:Kampf
No BIO available
SpeakerBio:Merin MC
No BIO available
SpeakerBio:Pie & Darren
No BIO available
SpeakerBio:Rusty
No BIO available
SpeakerBio:s1gnsofl1fe
No BIO available
Description:
The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there.
All chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.
Entertainment schedule:
09:00 to 12:00 - Pie & Darren
12:00 to 13:30 - Kampf
13:30 to 14:30 - s1gnsofl1fe
14:30 to 15:30 - Merin MC
15:30 to 16:30 - Rusty
16:30 to 18:00 - djdead
Return to Index - Add to
- ics Calendar file
SOC - Friday - 09:00-17:59 PDT
Title: Chillout Lounge (with entertainment)
When: Friday, Aug 12, 09:00 - 17:59 PDT
Where: Flamingo - Reno I Ballroom (Chillout Lounge) - Map
Speakers:djdead,Kampf,Merin MC,Pie & Darren,Rusty,s1gnsofl1fe
SpeakerBio:djdead
No BIO available
SpeakerBio:Kampf
No BIO available
SpeakerBio:Merin MC
No BIO available
SpeakerBio:Pie & Darren
No BIO available
SpeakerBio:Rusty
No BIO available
SpeakerBio:s1gnsofl1fe
No BIO available
Description:
The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there.
All chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.
Entertainment schedule:
09:00 to 12:00 - Pie & Darren
12:00 to 13:30 - Kampf
13:30 to 14:30 - s1gnsofl1fe
14:30 to 15:30 - Merin MC
15:30 to 16:30 - Rusty
16:30 to 18:00 - djdead
Return to Index - Add to
- ics Calendar file
WS - Friday - 09:00-12:59 PDT
Title: CICD security: A new eldorado
When: Friday, Aug 12, 09:00 - 12:59 PDT
Where: Harrah's - Copper (Workshops) - Map
Speakers:Gauthier Sebaux,Remi Escourrou,Xavier Gerondeau
SpeakerBio:Gauthier Sebaux
, Penetration Tester
Gauthier Sebaux has been performing penetration tests in Wavestone for years for a large number of clients. His passion for cybersecurity started even before he was already exploiting buffer overflows and participating to CTF competitions when he was in high school. When he is not pentesting, he administrates his personal infrastructure and contributes to open-source projects. It provided him with deep knowledge on Linux environments, Linux container isolation and more recently Kubernetes. He brought back his expertise in his work and specialized in penetration testing of DevOps infrastructure.
SpeakerBio:Remi Escourrou
, Red Team Lead
Rémi Escourrou (@remiescourrou) is leading the Red Team at Wavestone. Before moving to red team operation and exploiting CI/CD pipeline, he was involved in audits and pentests of large enterprise networks with emphasis on Active Directory. During his research time, he enjoys tackling technical problems to compromise its targets. He’s passionate about the security field and already teaches workshops at BSides Las Vegas, Brucon, BSides Lisbon.
Twitter: @remiescourrou
SpeakerBio:Xavier Gerondeau
, Penetration Tester
Xavier Gerondeau is an penetration tester in Wavestone. He once performed a tests on a CI/CD pipeline and rocked it. Because of this so-cool-ness, he became a DevOps expert in Wavestone and pwned every CI/CD pipeline he encountered during his missions. He's so talented that his clients now fear him!
Description:
CI/CD pipelines are increasingly becoming part of the standard infrastructure within dev teams and with the rise of solutions such as Infrastructure as Code, the sensitivity level of such pipelines is escalating. In case of compromise, it is not just the applications that are at risk but the underlying systems themselves and sometimes the whole information systems.
Attackers are beginning to exploit those weaknesses both for supply chains attacks but also to escalate their privileges within the victim IS.
Welcome to DataLeek company, after several decades of V-cycle development we have now decided to adopt the "agile" methodology. To do so, our IT teams have set up a CI/CD pipeline that rely on the most advanced and state-of-the-art tools available on the market.
However, for some reasons, our CISO seems to doubt the security level of this brand new infrastructure and insist to perform a pentest on it.
Your mission, should you choose to accept it, is to evaluate the security level of this CI/CD pipeline and offer solutions to fix the issues identified.
In this fully hands-on workshop, we’ll guide you through multiple vulnerabilities that we witnessed during numerous penetration tests. You’ll learn how to:
- Get a foothold within a CI/CD pipeline
- Find interesting secrets and other information within code repositories
- How to pivot and exploit weak configuration on the orchestrator
- Compromise building nodes in order to add backdoors to artifacts
- Pivot on cloud infrastructure
- Escape Kubernetes thanks to common misconfiguration
- Perform a privilege escalation in AWS
Hand-on exercises will be performed on our lab environment with a wide variety of tools. For each attack, we will also focus on prevention, mitigation techniques and potential way to detect exploitations.
- Materials
- All attendees will need to bring a laptop capable of running virtual machines (8GB of RAM is a minimum) and an up-to-date RDP client.
- Prereq
- This training is aimed at security professionals or developers willing to understand the risks of a poorly secured CI/CD pipeline.
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 10:00-17:59 PDT
Title: CISA and Idaho National Lab Escape Room
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CISA Escape Room - Map
Description:
CISA and Idaho National Lab invite you to participate in an immersive Escape Room adventure to test your cybersecurity and infrastructure protection skills. This Escape Room will challenge you and your Team through a series of traditional time-bound Escape Room challenges mixed with cybersecurity elements. Participant’s skills will be confronted with cybersecurity puzzles involving wireless technologies, Open Source Intelligence (OSINT) analysis, database exploitation, network discovery, industrial control systems, cryptography, Arduino backed puzzles, and more. With the mix of traditional escape room puzzles, there is enough to do for everyone regardless of the level of their cyber skills. Come have fun while learning more about cybersecurity with CISA and Idaho National Lab.
** Swing by the ICS Village to reserve a time for your team. **
Escape Room Scenario: A disgruntled employee, Bob, has been plotting to bring down the company where he works. In retaliation for his perceived mistreatment, Bob has created an electromagnetic pulse device (EMP) to take out sensitive industrial control systems in the area. Thanks to a few diligent and observant company employees, Bob was taken into custody but not before the timer on the device could be activated! The EMP device has been armed and the clock is ticking. CISA needs your help in protecting our critical infrastructure by following the clues found in Bob’s office to help CISA to disarm the EMP device before it is too late.
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 11:00-11:30 PDT
Title: Closing a Security Gap in the Industrial Infrastructure Ecosystem: Under-Resourced Organizations
When: Friday, Aug 12, 11:00 - 11:30 PDT
Where: ICS Village Virtual
SpeakerBio:Dawn Cappelli
, Director, OT-CERT
Dawn Cappelli is the Director of OT-CERT (Operational Technology – Cyber Emergency Readiness Team) at the industrial cybersecurity company Dragos. She plays a critical part in building, supporting, and organizing a network of global public and private sector leaders and partners to enable and replicate best practices across industries and expand the Dragos commitment to help mitigate shared ICS OT challenges. Dawn was CISO for Rockwell Automation from 2016-2022 after serving as Director, Insider Risk. Previously she was Founder and Director of Carnegie Mellon’s CERT Insider Threat Center. She started her career as a software engineer programming nuclear power plants for Westinghouse. She co-authored the book “The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud),” which was inducted into the Cybersecurity Canon - a list of must-read books for all cybersecurity practitioners.
Cappelli is a Certified Information Systems Security Professional, holds a BS in Computer Science and Mathematics from the University of Pittsburgh, is co-founder of the Open Source Insider Threat (OSIT) information sharing group and is a member of the RSA Conference Advisory Board, the Cybersecurity Collaborative Executive Committee, and the CyberWire Hash Table. She was awarded the 2022 CIO Choice Lifetime Achievement Award by the Pittsburgh Technology Council, inducted into the ISSA Hall of Fame in 2021, honored as a member of the 2021 CISOs Top 100 CISOs, 2020 Global CISO 100, and was named Pittsburgh CISO of the Year in 2018.
Description:
The lack of OT-specific resources readily available to the industrial infrastructure community creates a serious gap in securing industrial infrastructure. The gap is especially critical among small and medium sized businesses that often have limited expertise and resources to address ICS/OT cybersecurity risks. This presentation details a new free cybersecurity resource: Dragos OT-CERT (Operational Technology - Cyber Emergency Readiness Team). OT-CERT helps industrial asset owners and operators – especially under-resourced organizations - build their OT cybersecurity programs, improve their security postures, and reduce OT risk. Member organizations have free access to OT cybersecurity best practices, cybersecurity maturity assessments, training, workshops, tabletop exercises, webinars, and more. Although OT-CERT focuses on small and medium sized businesses, organizations of all sizes are eligible for OT-CERT membership. Larger organizations will benefit from free resources such as OT best-practices blogs and OT vulnerability disclosures from Dragos’s industry-leading Threat Intelligence team. Dragos OT-CERT will also aid large companies by helping to improve the security posture of smaller organizations in their supply chain that can pose a risk to their business operations.
Return to Index - Add to
- ics Calendar file
SKY - Friday - 14:55-15:45 PDT
Title: Cloud Threat Actors: No longer cryptojacking for fun and profit
When: Friday, Aug 12, 14:55 - 15:45 PDT
Where: LINQ - BLOQ (SkyTalks 303) - Map
SpeakerBio:Nathaniel Quist
Nathaniel Quist is a Principal Researcher working with Palo Alto Networks Unit 42 and Prisma Cloud teams on researching the threats facing public cloud platforms, tools, and services. He is actively focused on identifying the threats, malware and threat actor groups that target cloud environments.
Nathaniel has worked within Government, Public, and Private sectors and holds a Master of Science in Information Security Engineering (MSISE) from The SANS Institute, where he focused on Network and System Forensics, Malware Reversal, and Incident Response. He is the author of multiple blogs, reports, and whitepapers published by Palo Alto Networks’ Unit 42 and Prisma Cloud as well as the SANS InfoSec Reading Room.
Twitter: @qcuequeue
Description:
Threat actors have elevated their attacks against cloud environments through the direct targeting and usage of Identity and Access Management (IAM) resources. Successful attacks not only expose the wider customer cloud environment workloads but also expose a defender's inability to successfully track the total scope of the incident using only a single cloud visibility tool. I have been tracking the evolution of cloud targeted threats and the threat actors behind them, what I have found is that actors who target cloud environments have begun to use techniques that are solely unique to cloud environments. So much so, that the Unit 42 threat intelligence team and I found it necessary to define these actors as Cloud Threat Actors. ""An individual or group posing a threat to organizations through directed and sustained access to cloud platform resources, services or embedded metadata.""
In this talk, we will guide the audience through the first-ever Cloud Threat Actor Index detailing the targeting cloud environments, who are behind these attacks, how they are targeting and leveraging techniques unique to cloud environments, and most importantly how poorly defined IAM identities open the biggest holes. We will also give the audience the knowledge needed to properly harden their cloud environments by illustrating how the most successful cloud-targeted attacks have occurred. IAM is the first line of defense in your cloud, knowing how attackers target and leverage IAM resources to evade detection is the best tool we have to properly defend your entire cloud infrastructure.
Return to Index - Add to
- ics Calendar file
CLV - Friday - 10:00-10:10 PDT
Title: Cloud Village Opening Note
When: Friday, Aug 12, 10:00 - 10:10 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Cloud Village) - Map
SpeakerBio:Jayesh Singh Chauhan
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-17:59 PDT
Title: CMD+CTRL
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.
Learn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.
At DEF CON 30: We will be debuting our latest Cloud Cyber Range, which focuses on exploiting a modern email marketing platform comprised of web applications, services, and a variety of cloud resources. Inspired by the latest trends and real world exploits, try your hands at bypassing a WAF, HTTP Desync, postMessage XSS, RCE, MFA bypass, and so, so much more! With twice as many challenges as our past Cloud Ranges do you think you can complete them all?
This year we are happy to announce that we will be returning to DEF CON in person. We will be running this event both on site and online via Discord. Join us Friday (8/12) through Saturday (8/13) for this invite-only CTF by signing up with the registration form below. This event is limited to 250 players, so save your seat now!
Register here: https://forms. gle/3TbT4JWsTfWVwr6r9
More info: http://defcon30.cmdnctrl.net
Twitter: @cmdnctrl_defcon
Return to Index - Add to
- ics Calendar file
MIV - Friday - 11:30-13:30 PDT
Title: Cognitive Security: Human Vulnerabilities, Exploits, & TTPs
When: Friday, Aug 12, 11:30 - 13:30 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
SpeakerBio:Matthew Canham
Dr. Matthew Canham is the CEO of Beyond Layer Seven, a company dedicated to understanding and addressing the human element in cybersecurity. In addition to his primary role, Dr. Canham is also an affiliated faculty member at George Mason University where his research focuses on human susceptibility to mis-dis-mal (MDM) information operations and remote online social engineering attacks. He holds a PhD in Cognitive Neuroscience from the University of California at Santa Barbara, and he is a certified digital forensics examiner and mobile device security analyst.
Description:
Misinformation, disinformation, and malinformation (MDM) operations depend upon and leverage existing human cognitive biases. Our research group has cataloged a diverse collection of cognitive biases which are vulnerable to exploitation by malicious actors. This presentation describes the construction and development of this database as well as suggesting use case applications and real-world examples which will eventually serve to build the foundation for a comprehensive cognitive security defense framework. This Human Vulnerability, Exploitation, Tools & Tactics (HVETT) database will be a significant resource for the prevention, analysis, and attribution of threat actors across tactical, operational, and strategic threats.
We begin by introducing the concept and scope of cognitive security, discuss framework development, and provide an overview of how and why humans are vulnerable to MDM operations. Next, we will discuss how technologically mediated communications (TMCs) and synthetic media (such as deep fakes) exacerbate these vulnerabilities by adding new attack vectors. After establishing this foundation, we introduce the HVETT database and discuss potential applications to real-world challenges. Finally, we conclude with a series of recent examples of exploits and tactics which threaten the cognitive security of every human with access to TMCs.
Return to Index - Add to
- ics Calendar file
SEV - Friday - 12:00-12:59 PDT
Title: Cold Calls
When: Friday, Aug 12, 12:00 - 12:59 PDT
Where: LINQ - 3rd flr - Social A (Social Engineering Community) - Map
Description:
https://www.se.community/research-cold-calls/#coldcalls
Return to Index - Add to
- ics Calendar file
SKY - Friday - 09:30-10:20 PDT
Title: Combatting sexual abuse with threat intelligence techniques
When: Friday, Aug 12, 09:30 - 10:20 PDT
Where: LINQ - BLOQ (SkyTalks 303) - Map
SpeakerBio:Aaron DeVera
Aaron DeVera is a New York-based security researcher whose experience spans from the takedown of multi-million dollar criminal botnets to threat intelligence operations for global financial services companies. They are a member of the New York Cyber Sexual Abuse Taskforce, a founding member of the Cabal hacker collective, and a founder of Backchannel, which builds tools for adversary intelligence and adversary attribution. Their previous speaking engagements include SXSW, Botconf, SummerCon, The Diana Initiative, and within the information security community.
Twitter: @aaronsdevera
Description:
The techniques and tactics used against cyber adversaries can be effective against perpetrators of sexual violence. Join the representatives from the Cabal hacker collective as they chart their success in attributing online behavior, creating intelligence pipelines, and survivor outreach in the wake of the growing threat of cyber sexual abuse. The featured case studies are real-life scenarios where familiar infosec operations ended up making a huge impact in cases against cyberstalkers, sex criminals, and hackers.
Return to Index - Add to
- ics Calendar file
DC - Friday - 10:00-10:20 PDT
Title: Computer Hacks in the Russia-Ukraine War
When: Friday, Aug 12, 10:00 - 10:20 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
SpeakerBio:Kenneth Geers
, Very Good Security / NATO Cyber Centre / Atlantic Council
Dr. Kenneth Geers works at Very Good Security. He is an Atlantic Council Cyber Statecraft Initiative Senior Fellow, a NATO Cooperative Cyber Defence Centre of Excellence Ambassador, and a Digital Society Institute-Berlin Affiliate. Kenneth served for twenty years in the US Government: in the Army, National Security Agency (NSA), Naval Criminal Investigative Service (NCIS), and NATO. He was a professor at the Taras Shevchenko National University of Kyiv in Ukraine from 2014-2017. He is the author of "Strategic Cyber Security", editor of "Cyber War in Perspective: Russian Aggression Against Ukraine", editor of "The Virtual Battlefield", and technical expert to the "Tallinn Manual".
Twitter: @KennethGeers
Description:
The Russia-Ukraine war has seen a lot of computer hacking, on both sides, by nations, haxor collectives, and random citizens, to steal, deny, alter, destroy, and amplify information. Satellite comms have gone down. Railway traffic has been stymied. Doxing is a weapon. Fake personas and false flags are expected. Every major platform has had issues with confidentiality, integrity, and availability. Hacked social media and TV have been a hall of mirrors and PSYOP. Russian comms are unreliable, so Ukrainian nets have become honeypots. Hackers have been shot in the kneecaps. Talking heads have called for a RUNET shutdown. The Ukrainian government has appealed for hacker volunteers – just send your expertise, experience, and a reference. The Great Powers are hacking from afar, while defending their own critical infrastructure, including nuclear command-and-control. Ukraine has many hacker allies, while Russian hackers are fleeing their country in record numbers. Some lessons so far: connectivity is stronger than we thought, info ops are stealing the day, drones are the future, and it is always time for the next hack.
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-17:59 PDT
Title: Crash and Compile - Qualifications
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
What happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.
Teams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our ""Team Distraction"" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.
Crash and Compile is looking for the top programmers to test their skills in our contest. Can you complete our challenges? Can you do so with style that sets your team ahead of the others? To play our game you must first complete our qualifying round. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest.
Qualifications for Crash and Compile will take place Friday from 10am to 3pm on-site and online at https://crashandcompile.org.
You may have up to two people per team. (Having two people on a team is highly suggested)
Of the qualifiers, nine teams will move on to compete head to head on the contest stage.
Return to Index - Add to
- ics Calendar file
BICV - Friday - 11:00-11:59 PDT
Title: Creating More Black Hackers: Growth Systems for Cybersecurity Enthusiasts
When: Friday, Aug 12, 11:00 - 11:59 PDT
Where: Virtual - BIC Village
SpeakerBio:Segun Ebenezer Olaniyan
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 11:30-11:59 PDT
Title: CRITICAL FINDING: Lessons Learned from Dozens of Industrial Network Architecture Reviews
When: Friday, Aug 12, 11:30 - 11:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map
Speakers:Miriam Lorbert,Nate Pelz
SpeakerBio:Miriam Lorbert
Miriam Lorbert is a Senior Industrial Consultant at the industrial cybersecurity company Dragos, Inc. where she assists the professional services teams in conducting network and vulnerability assessments. Prior to joining Dragos, Miriam started her career as an Instrumentation Electrical Engineer and then developed into the Control Systems and Network Security position at Chalmette Refining in New Orleans, LA. Her work at the refinery inspired her to make a career shift and focus entirely on a Cybersecurity Engineering role with GE and pursue her Masters degree. Miriam enjoys exploring different cities by way of food, spending time with family, Formula One, and puzzles.
SpeakerBio:Nate Pelz
, Industrial Incident Responder
I'm currently an Industrial Incident Responder at Dragos, reporting to Lesley Carhart. When my team isn't responding to industrial incidents, we perform OT network architecture review assessments, threat hunts, and tabletop exercises for a range of utilities and industrial clients. Prior to Dragos, I worked as a cybersecurity specialist on a presidential transition team, a security incident manager at a large healthcare technology company, and a Python software developer.
Description:
The Professional Services team at Dragos performs dozens of network architecture reviews every year, for industrial facilities ranging from tiny municipal water treatment plants to massive global manufacturing conglomerates. We present to you here the crème de la crème: the top misconfigurations, anti-patterns, and poor practices our team repeatedly discovers which jeopardize the security of the underlying OT network. If your organization can implement protections against these findings within your most critical facilities, your network will be significantly less palatable to attackers, and you will be head and shoulders above many of your peers.
Return to Index - Add to
- ics Calendar file
DCGVR - Friday - 11:00-11:59 PDT
Title: Cyber Attack Trends in 2022
When: Friday, Aug 12, 11:00 - 11:59 PDT
Where: Virtual - DEF CON Groups VR
SpeakerBio:Jon Clay
Jon Clay has worked in the cybersecurity space for over 25 years. Jon uses his industry experience to educate and share insights on threat research and intelligence to the public. He delivers webinars, writes blogs, and engages customers and the public on the state of cybersecurity around the world. An accomplished public speaker, Jon has delivered hundreds of speaking sessions globally. He focuses on the threat landscape, cybercriminal undergrounds, the attack lifecycle, and the use of advanced detection technologies in protecting against today’s sophisticated threats.
Twitter: @jonlclay
Description:
2022 has brought us cyberwar, cybercrime, and other malicious activities by a host of actors that have required many organizations to reassess their cybersecurity postures. In this session we’ll look at the latest attack trends we’ve seen used by malicious actors around the world and how they’re targeting organizations. We’ll also discuss cybersecurity strategies that can help minimize the risk of a successful attack or the time an attacker is within the network.
Return to Index - Add to
- ics Calendar file
RTV - Friday - 15:00-15:59 PDT
Title: Cyber Resilience Bootcamp
When: Friday, Aug 12, 15:00 - 15:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
SpeakerBio:Ron Taylor
No BIO available
Twitter: @Gu5G0rman
Description:No Description available
Return to Index - Add to
- ics Calendar file
RTV - Friday - 14:00-14:59 PDT
Title: Cyber Resilience Bootcamp
When: Friday, Aug 12, 14:00 - 14:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
SpeakerBio:Ron Taylor
No BIO available
Twitter: @Gu5G0rman
Description:No Description available
Return to Index - Add to
- ics Calendar file
ASV - Friday - 13:00-13:25 PDT
Title: Cyber Star Card Game Tutorial
When: Friday, Aug 12, 13:00 - 13:25 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
SpeakerBio:Rick White
No BIO available
Description:
Cyber Star© is a role-play game exploring the implications of cyber security on the projection of space power. Players compete to become the predominant space power by carefully investing in space assets, ASAT weapons, and cyber capabilities both to advance their own objectives and thwart those of their opponents. No specialized knowledge or skills are required to play. This competition will consist of a practice round, main round, and finals. The winner will receive a 2022 Aerospace Village Badge!
Return to Index - Add to
- ics Calendar file
ASV - Friday - 13:00-12:59 PDT
Title: Cyber Star© Competition Presented by The Space ISAC
When: Friday, Aug 12, 13:00 - 12:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
Cyber Star© is a role-play game exploring the implications of cyber security on the projection of space power. Players compete to become the predominant space power by carefully investing in space assets, ASAT weapons, and cyber capabilities both to advance their own objectives and thwart those of their opponents. No specialized knowledge or skills are required to play.
This competition will consist of a practice round, main round, and finals. The winner will receive a 2022 Aerospace Village Badge!
Return to Index - Add to
- ics Calendar file
DL - Friday - 14:00-15:55 PDT
Title: CyberPeace Builders
When: Friday, Aug 12, 14:00 - 15:55 PDT
Where: Caesars Forum - Accord Boardroom (Demo Labs) - Map
SpeakerBio:Adrien Ogee
, Chief Operations Officer
Adrien is currently Chief Operations Officer at the CyberPeace Institute, a cybersecurity non-profit based in Switzerland. At the Institute, he provides cybersecurity assistance to vulnerable communities around the world. Adrien has more than 15 years of experience in various cyber crisis response roles in the private sector, the French Cybersecurity Agency (ANSSI), the European Cybersecurity Agency (ENISA), and the World Economic Forum. Adrien holds an MEng in telecommunication and information systems, an MSc in Global Security and a Master in Business Administration.
Description:
The CyberPeace Builders are pro hackers who volunteer to help NGOs improve their cybersecurity. Through a portal that I’ll demo, hackers can access a variety of short engagements, from 1 to 4 hours, to provide targeted cybersecurity help to NGOs on topics ranging from staff awareness to DMARC implementation, password management and authentication practices, breach notification, OSINT and dark web monitoring, all the way to designing a cyber-related poster for the staff, reviewing their privacy policy and cyber insurance papers. The programme is the world’s first and only skills-based volunteering opportunity for professionals in the cybersecurity industry; it has been prototyped over 2 years, was launched in July 2021 and is now being used by over 60 NGOs worldwide, ultimately helping to protect over 350 million vulnerable people and $500 million in funds. I’ll demo the platform, show the type of help NGOs need and explain how NGOs and security professionals can leverage the programme.
Audience: Security professionals, NGOs
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-19:59 PDT
Title: DARKNET-NG
When: Friday, Aug 12, 10:00 - 19:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The “Learning Quests” help the agent gather knowledge from all across the other villages at the conference, while the “Challenge Quests” help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year’s challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!
Return to Index - Add to
- ics Calendar file
APV - Friday - 11:15-13:15 PDT
Title: Data security and privacy in application security
When: Friday, Aug 12, 11:15 - 13:15 PDT
Where: Flamingo - Twilight Ballroom - AppSec Village - Main Stage - Map
SpeakerBio:Eyitayo Alimi
Eyitayo is a Graduate of Computer Engineering with a major in Software Engineering and a Women-in-tech advocate & Google scholar. She's a Software Engineer that chooses to build people - especially women in technology - overbuilding Products.
Twitter: @alimieyitayo
Description:
As developers, we do ensure that we put security into consideration but while doing that, how much data security and privacy of our users do we put into considerations? are we aware of the users' data rights? how many users data do we collect? How do we really need all the user data we collect? Do we really have a user data recovery plan? Join me in this session as we dissect this topic and answer these questions. Some other talk points include data anonymization, data protection, data storage and data disposal.
Return to Index - Add to
- ics Calendar file
MIV - Friday - 11:30-13:30 PDT
Title: Dazed and Seriously Confused: Analysis of Data Voids & the Disinformation Landscape of Central Asia
When: Friday, Aug 12, 11:30 - 13:30 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
SpeakerBio:Rhyner Washburn
Rhyner Washburn is a Cyber Intelligence Researcher at the National Consortium for the Study of Terrorism and Responses to Terrorism (START), based at the University of Maryland. His research focuses on cybersecurity, international security, terrorism, and the intersection of those topics. His expertise includes multi-domain influence and critical infrastructure attack operations; and Chinese and North Korean cyber operations.
Description:
Data deficits and data voids — sometimes referred to as data deserts — describe situations in which the demand for information about an event or issue far exceeds the supply of credible information, resulting in an information landscape that is ripe for exploitation by bad actors. These types of information vacuums are particularly common during times of crisis, such as the coronavirus pandemic, when access to and discoverability of credible information could mean the difference between life and death. In this presentation, we will discuss our research exploring the information environment surrounding COVID-19 vaccination, focusing on how data deficits and voids created an opening for mis- and disinformation to proliferate. We will describe the conditions under which these information vacuums form, as well as the tactics used to exploit them, with a particular emphasis on vulnerabilities in the information environment outside of the U.S. and in non-English language communities. Specifically, we focused on the anti-vaccination narratives in Central Asia. The region provides a distinct avenue to explore data voids and the disinformation landscape given the dearth of English in the media landscape; extensive Russian and Chinese geopolitical, socio-linguistic, and economic influences; and scant mis- and disinformation research or investigative reporting.
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-19:59 PDT
Title: DC30 Ham Radio Fox Hunt Contest
When: Friday, Aug 12, 10:00 - 19:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
In the world of amateur radio, groups of hams will often put together a transmitter hunt (also called “fox hunting”) in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Ham Radio Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. This contest is designed to be an introduction to ham radio fox hunting and as such will be simple to participate in and all people who participate will be guided towards successful completion!
Friday: 10:00-20:00
Saturday: 10:00-20:00
Return to Index - Add to
- ics Calendar file
SOC - Friday - 16:00-18:59 PDT
Title: DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup
When: Friday, Aug 12, 16:00 - 18:59 PDT
Where: Caesars Forum - Summit 211-213 (Teacher's Lounge) - Map
Description:
They say Atlanta is the city too busy to hate, but it also has too much traffic for its widespread hacker fam to get together in a single meetup. So instead we’re meeting up in the desert during DEF CON - the one time of year when intown, northern burbs, south siders, and anyone else connected to (or interested in!) DC404’s 20+ year legacy can catch up, share stories, and make new connections. Come prepared to share your interests, hacks, swag, stories, and good times!
Return to Index - Add to
- ics Calendar file
DCGVR - Friday - 09:00-09:59 PDT
Title: DCGVR - Welcome reception 👋
When: Friday, Aug 12, 09:00 - 09:59 PDT
Where: Virtual - DEF CON Groups VR
Description:
Jump the linecon, and cyber straight away in AltSpaceVR. We're in https://account.altvr.com/events/2059997537997160822
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 10:00-17:59 PDT
Title: DDS Hack-the-Microgrid
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS Workshop Area - Map
Description:
Microgrids are pretty high maintenance, and like satellites, primarily built for survivability, not security. As the Department of Defense marches toward deploying microgrids at scale to shore up mission resilience in response to the challenges presented by climate change, hackers are gonna hack.
In this lab, you’ll learn the basics of microgrid design – from what they are, how they work, and how they regulate themselves. Then, you’ll be able to use this knowledge to then attempt to take over and shut down a mock microgrid by hacking its weather data system and sensor input network to generate chaos.
(first-come-first-seated kind of event, essentially when a seat is free you are allowed to join)
Return to Index - Add to
- ics Calendar file
ASV - Friday - 11:30-11:55 PDT
Title: DDS Space Signal Lab
When: Friday, Aug 12, 11:30 - 11:55 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
SpeakerBio:James Pavur
, Digital Service Expert, Defense Digital Service
Dr. James Pavur is a Digital Service Expert at the DoD Directorate of Digital Services where he advises and assists the US Department of Defense in implementing modern digital solutions to urgent and novel challenges. Prior to joining DDS, James received his PhD. from Oxford University’s Department of Computer Science as a Rhodes Scholar. His thesis “Securing New Space: On Satellite Cybersecurity” focused on the security of modern space platforms - with a particular interest in vulnerability identification and remediation. His previous research on satellite security has been published at top academic venues, such as IEEE S&P and NDSS, presented at major cybersecurity conferences, including Black Hat USA and DEFCON, and covered in the popular press. Outside of tech, James enjoys flying kites and collecting rare and interesting teas.
Twitter: @jamespavur
Description:
The goal of this demo lab is to teach participants that radio signals can often be received and interpreted by people who aren’t their intended recipients. A secondary objective is to explore the consequences of that in the context of other critical infrastructure and convey why privacy in SATCOMs matters.
Return to Index - Add to
- ics Calendar file
DDV - Friday - 10:00-16:59 PDT
Title: DDV open and accepting drives for duplication
When: Friday, Aug 12, 10:00 - 16:59 PDT
Where: Flamingo - Exec Conf Ctr - Lake Meade and Valley of Fire (Data Duplication Village) - Map
Description:
We reopen and accept drives until we reach capacity (usually late Friday or early Saturday). Then we copy and copy all the things until we just can't copy any more - first come, first served. We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.
Return to Index - Add to
- ics Calendar file
SKY - Friday - 17:05-17:55 PDT
Title: Deadly Russian Malware in Ukraine
When: Friday, Aug 12, 17:05 - 17:55 PDT
Where: LINQ - BLOQ (SkyTalks 303) - Map
SpeakerBio:Chris Kubecka
CEO of cyber warfare incident management company in The Netherlands and Distinguished Chair for a Cyber Security program in the US Program. Advises the multiple governments, militaries, television and documentary technical advisor as a subject matter expert on cyber warfare national defense. Author of OSINT books and USAF military combat veteran, former military aircrew, and USAF Space Command. Defends critical infrastructure and handles country level cyber incidents, cyberwarfare, and cyber espionage. Lives and breathes IT/IOT/ICS SCADA control systems security. Hacker since the age of 10 and was in Kiev when the war started.
Twitter: @SecEvangelism
Description:
Has Russian malware lead to loss of life, yes. The effects of the Ukrainian border patrol and orphan database wiper viruses. Russian malware pinpointing evacuating refugees for murder. Wiping orphan identifications so they can't escape the Mariupol, killing many in the theater they sheltered in. Wiping border control to the point they operated on pen and paper, slowing evacuations leaving some to freeze to death desperate to flee. Luring of humanitarian aid workers through surveillanceware and misinformation leading to kidnapping and ransom payments with cryptocurrency. Targeting refugees in Europe for surveillance, harassment and intimidation. No digital ID, no cash, no credit cards. What happens when cyberwar affects everyday lives.
Return to Index - Add to
- ics Calendar file
DC - Friday - 17:30-17:50 PDT
Title: Deanonymization of TOR HTTP hidden services
When: Friday, Aug 12, 17:30 - 17:50 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
SpeakerBio:Ionut Cernica
, PHD Student Department of Computer Science, Faculty of Automatic Control and Computer Science, University Politehnica of Bucharest
Ionut Cernica started his security career with the bug bounty program from Facebook. His passion for security led him to get involved in dozens of such programs and he found problems in very large companies such as Google, Microsoft, Yahoo, AT&T, eBay, VMware. He has also been testing web application security for 9 years and has had many projects on the penetration testing side.
Another stage of his career was to get involved in security contests and participated in more than 100 such contests. He also reached important finals such as Codegate, Trend Micro and Defcon with the PwnThyBytes team. He also won several individual competitions, including the mini CTF from the first edition of Appsec village - Defcon village.
Now he is doing research in the field of web application security, being also a PhD student at University Polytechnic of Bucharest. Through his research he wants to innovate in the field and to bring a new layer of security to web applications.
Twitter: @CernicaIonut
Description:
Anonymity networks such as Tor are used to protect the identity of people or services. Several deanonymization techniques have been described over time. Some of them attacked the protocol, others exploited various configuration issues. Through this presentation I will focus on deanonymization techniques of the http services of such networks by exploiting configuration issues.
In the first part of the presentation, I will present deanonymization techniques on TOR which are public, and I will also present the techniques developed by me and the interesting story of how I came to develop them.
In the last part of my presentation, I will do a demo with the exploitation of http hidden services in TOR and I will present each technique separately. I will also present how one of the techniques can be used successfully not only in the TOR network, but also on the internet in order to obtain information about the server that will help you discover other services.
Return to Index - Add to
- ics Calendar file
QTV - Friday - 15:00-15:30 PDT
Title: Debate - QKD
When: Friday, Aug 12, 15:00 - 15:30 PDT
Where: Caesars Forum - Summit 217 (Quantum Village) - Map
Description:
Our first Union-style debate - come hear the for and against for QKD!
Return to Index - Add to
- ics Calendar file
SOC - Friday - 06:00-05:59 PDT
Title: DEF CON Bike Ride "CycleOverride"
When: Friday, Aug 12, 06:00 - 05:59 PDT
Where: Other/See Description
Description:
At 6am on Friday, the cycle_override crew will be hosting the 10th Defcon Bikeride. We miscounted last year which was really the 9th. We'll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It's about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See at 6am Friday! jp_bourget gdead heidishmoo. Go to cycleoverride.org for more info. In the event that there is no on site Defcon, we will do a virtual ride during Defcon.
Return to Index - Add to
- ics Calendar file
SOC - Friday - 16:00-18:59 PDT
Title: DEF CON Holland DC3115 & DC3120 Group Meetup
When: Friday, Aug 12, 16:00 - 18:59 PDT
Where: Flamingo - Bird Bar
Description:
In The Netherlands it’s a tradition to catch up with your colleagues just before the end of the workday on Friday when the weekend starts to kick in. In The Netherlands this is called the “VrijMiBo” (Vrijdag/Friday - Middag/Afternoon Borrel/Drink)
“VrijMiBo/Friday afternoon Drink” at DefCon is a perfect moment to talk about what your favorite thing is at DefCon, show your cool handmade badges, impress other hackers about your latest hacks, make new friends, gossip about your boss and show your cat or dog pictures.
Vrijdag Middag Borrel, Freitag Mittags Getränk, Apéritif du vendredi après-midi, trago de viernes por la tarde.
Return to Index - Add to
- ics Calendar file
CON - Friday - 00:00-11:59 PDT
Title: DEF CON MUD
When: Friday, Aug 12, 00:00 - 11:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
Multi User Dungeons or MUD's are the text based precursors to MMO's. THe DEFCON MUD is an intentionally vulnerable game written in a language called LPC. The theme every year varies. This year we will be going back to the original engine as featured in DEFCON 27. All new areas will be built to frustrate players. The game will launch 2 weeks before DEFCON and will run until DEFCON Sunday.
Can you beat the game, can you find the sword of 1000 truths, can you find the exploits?
Game opens 2 weeks before DEFCON to allow people time to explore and play. There will be a formal scoring system which will be released Thursday evening. On site activity will be related to shenanigans and powerful item drops at random locations.
Friday: 24 hours
Saturday: 24 hours
Sunday: 24 hours (scoring cutoff at noon)
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-11:59 PDT
Title: DEF CON Scavenger Hunt
When: Friday, Aug 12, 10:00 - 11:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
The DEF CON Scavenger Hunt is back for the 25th hunt. We are gearing up to once again catch Las Vegas with its pants down #pantslessvillage. This year, we return to in-person only operations with up to 5 people per team and table submissions.
For those new to DEF CON, or otherwise uninitiated, the DEF CON Scavenger Hunt is regarded by many as the best way to interact with the con. We do our best to encourage you to challenge your comfort zone, meet people, and otherwise see and do a bit of everything that DEF CON 30 has to offer. For those who have aspirations to become more involved with DEF CON in the future, many of our veteran contestants include goons, speakers, and contest organizers.
So, how does a scavenger hunt run for 25 years? As this is DEF CON, this is not your ordinary scavenger hunt. The list is open to interpretation, it is a hacker con after all, so hack the list. Because how you interpret the list is entirely out of our hands, we have posted trigger warnings. You will be finding and doing a variety of things, it is up to you to convince the judges whatever you are turning in meets the criteria and is worth the points.
You don’t have to devote all of your time to play and have fun, come turn in a couple items and enjoy yourself. If you want to win however, you will have to scavenge as much as you can over the weekend. While the hunt starts on Friday morning, with determination and a lack of sleep, we have seen people start at 2AM on Saturday night and place. Likewise, if you don’t play well with others, we have seen single-players also place. In other words, we work very hard to keep the barrier to entry as low as possible. You don’t need to be some binary reversing wizard, and there’s no qualifier to compete, you can just show up and win if you want it enough.
The hunt was started by Pinguino at DEF CON 5 simply to avoid being bored; there was no hunt at DEF CON 8, for those doing math. In the intervening years, to further avoid boredom, we have been out scavenging and went from having a simple cardboard sign to a truly mesmerizing table.
So come to the scav hunt table in the contest area (it’s hard to miss us) with a team name ready. Once you get a list, your assignment is to turn in as many items as you can before noon on Sunday. The team with the most points wins. Items are worth more points the sooner you turn them in, so come on down and turn in frequently.
We want to thank Pinguino, Grifter, Siviak , Salem, all of the judges, and all of the players that have made it possible for us to host the 25th DEF CON Scavenger Hunt.
The DEF CON 30 Scavenger Hunt is brought to you by DualD, EvilMoFo, Kaybz, Sconce, Shazbot, Zhora.
THE RULES:
- the judges are always right
- not our problem
- make it weird
- don’t disappoint the judge(s)
- team name, item number, present your item
If you capture pictures or video of items from our list happening, or have some from previous years, please send it to us via email scavlist@gmail.com.
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-17:59 PDT
Title: DEF CON’s Next Top Threat Model
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.
As part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).
Return to Index - Add to
- ics Calendar file
RFV - Friday - 10:00-17:59 PDT
Title: DEFCON Demonstrations and Presentations by Open Research Institute at RF Village
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
SpeakerBio:Open Research Institute
No BIO available
Twitter: @OpenResearchIns
Description:
Opulent Voice Opulent Voice is an open source high bitrate digital voice (and data) protocol. It's intended to be useful for both space and terrestrial deployments. We’re getting nice clear 16kbps OPUS audio out of the demodulator. See and hear a demonstration at the ORI exhibit in RF Village. We’ll be using COBS protocol within Opulent Voice. If you’re unfamiliar with COBS, please read about it here: https://en.wikipedia.org/wiki/Consistent_Overhead_Byte_Stuffing Authentication and authorization is built in and optional. There is no separate “packet mode”. Things are designed to “just work” and get out of your way whether or not you’re sending voice or data. Based on Mobilinkd codebase that implemented M17, the Opulent Voice development implementation can be found here: https://github.com/phase4ground/opv-cxx-demod Authentication and Authorization functions will be summarized in a poster presentation. Find out more about this work here: https://github.com/phase4ground/documents/tree/master/Engineering/AAAAA Ribbit Ribbit is an open source SMS data mode that leverages smart phone hardware. The free Android app produces digital audio that you transmit over your HT or any other audio coupled device. There will be poster explaining the architecture and you can pick up a Ribbit sticker with QR code for the free Android app at ORI's exhibit in RF Village. Regulatory Interested in being able to do more with open source satellites? We have some landmark regulatory results that solve a big problem for those of us in the US that have wanted to do open source satellite work without fear. See our poster in RF Village and find out more at the following link: https://github.com/phase4ground/documents/tree/master/Regulatory OpenRTX OpenRTX is a team based in Italy that specializes in open source firmware for a variety of platforms in the VHF/UHF digital voice world. They work on DMR and M17 implementations for the MD-380, and more. Pick up a business card and see a demonstration of OpenRTX's work at ORI's exhibit in RF Village. Tiny CTF We'll have the World's Smallest Wireless CTF! Come and find it and get a mission patch for successful solves of the challenge. More! There's plenty more. If you see a Volcano and friendly people, you've found the right place.
Return to Index - Add to
- ics Calendar file
BICV - Friday - 14:00-14:30 PDT
Title: DEI in Cybersecurity (Breaking through the barrier, behind the barrier... behind the barrier)
When: Friday, Aug 12, 14:00 - 14:30 PDT
Where: Virtual - BIC Village
SpeakerBio:Damian Grant
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
BHV - Friday - 11:30-11:59 PDT
Title: Departmenf of Defense 5G Telemedicine and Medical Training: The Future of Healthcare the Remote Warrior
When: Friday, Aug 12, 11:30 - 11:59 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map
SpeakerBio:Paul Young
, MD
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
MIV - Friday - 11:30-13:30 PDT
Title: Detecting the "Fake News" Before It Was Even Written, Media Literacy, and Flattening the Curve of the COVID-19 Infodemic
When: Friday, Aug 12, 11:30 - 13:30 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
SpeakerBio:Preslav Nakov
Dr. Preslav Nakov leads the Tanbih mega-project (http://tanbih.qcri.org/), developed in collaboration with MIT. The project's aim is to build a news aggregator that limits the effect of fake news, propaganda and media bias by helping users step out of their bubble and achieve a healthy news diet. He is also the lead-PI of a QCRI-MIT collaboration project on Arabic Speech and Language Processing for Cross-Language Information Search and Fact Verification, and he was a co-PI of another QCRI-MIT collaboration project on Speech and Language Processing for Arabic (2013-2016). Dr. Nakov is Secretary of ACL SIGLEX and also a Secretary of ACL SIGSLAV.
Description:
Preslav will demonstrate some tools for fighting disinformation, which were developed as part of the Tanbih mega-project, which aims to limit the impact of "fake news", propaganda and media bias by making users aware of what they are reading, thus promoting media literacy and critical thinking, which are arguably the best way to address disinformation in the long run.
Return to Index - Add to
- ics Calendar file
WS - Friday - 09:00-12:59 PDT
Title: DFIR Against the Digital Darkness: An Intro to Forensicating Evil
When: Friday, Aug 12, 09:00 - 12:59 PDT
Where: Harrah's - Reno (Workshops) - Map
Speakers:Michael Register,Michael Solomon
SpeakerBio:Michael Register
, Threat Hunter
Michaeal Register (S3curityNerd) has 6 years of combined experience across IT, Networking, and Cybersecurity. S3curityNerd joined the cybersecurity space in 2017 and has worked in multiple roles, including his current one as a Threat Hunter. He enjoys both learning new things and sharing new things with others.
SpeakerBio:Michael Solomon
, Threat Hunter
Michael Solomon (mR_F0r3n51c5) is a Threat Hunter for a large managed security service provider. He has 12 years of experience conducting Cyber Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting. He is very passionate about helping grow and inspire cybersecurity analysts for a better tomorrow.
Description:
Ever wondered what it is like being a cybersecurity or incident response analyst? Are you new to investigation or want to take your analysis to the next level? If you answered yes, here is your chance to experience an exciting 4-hour class taught by mR_F0r3n51c5 and S3curityNerd. In today's threat landscape, malware continues to be used by all various types of threat actors. This class teaches students how to investigate a compromised Windows system using forensic and malware analysis fundamentals.
Upon successful class completion, students will be able to:
- Build analysis skills that leverage complex scenarios and improve comprehension.
- Practically acquire data in a forensically sound manner.
- Identify common areas of malware persistence.
- Gather evidence and create a timeline to characterize how the system was compromised.
- Participate in a hand to keyboard combat capstone. Students are given an image of a compromised Windows system and demonstrate how to analyze it.
- Materials
- Students will be required to download a virtual machine (OVA file). Students will be given a URL for download access.
Regarding the downloaded virtual machine, this will be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.
Students must have a laptop that meets the following requirements:
A 64 bit CPU running at 2GHz or more. The students will be running a virtual machine on their host laptop.
Have the ability to update BIOS settings. Specifically, enable virtualization technology such as "Intel-VT."
The student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.
8 GB (Gigabytes) of RAM or higher
At least one open and working USB Type-A port
50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute
Students must have Local Administrator Access on their system.
Wireless 802.11 Capability
A host operating system that is running Windows 10+, Linux, or macOS 10.4 or later.
Virtualization software is required. The supplied VM has been built for out-of-the-box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues.
At a minimum, the following VM features will be needed:
NATted networking from VM to Internet
Copy Paste of text and files between the Host machine and VM
- Prereq
- Although no prerequisites are required, experience with using virtual machines will be helpful.
Return to Index - Add to
- ics Calendar file
RTV - Friday - 12:00-15:59 PDT
Title: Dip Your Toes in Infrastructure Testing: A Hands on Workshop Focusing on the Things CTF's Don't Teach
When: Friday, Aug 12, 12:00 - 15:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
Speakers:Andrew Sutters,Jules Rigaudie
SpeakerBio:Andrew Sutters
No BIO available
Twitter: @HillsBraindead
SpeakerBio:Jules Rigaudie
No BIO available
Description:
Common free learning environments online prepare people to test single boxes, but when consultants are thrown into their first real world internal infrastructure penetration test there are so many things that these environments might not be able to emulate. Come along and get some hands-on experience in a simulated internal network with tools such as Responder, Rubeus, Mimikatz and Metasploit and learn to exploit some of the most common vulnerabilities that the presenters have seen in real world environments.
Return to Index - Add to
- ics Calendar file
BHV - Friday - 13:30-13:59 PDT
Title: DIY Medicine With Unusual Uses for Existing FDA-Approved Drugs
When: Friday, Aug 12, 13:30 - 13:59 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map
SpeakerBio:Mixæl S. Laufer
Mixæl Swan Laufer worked in mathematics and high energy physics until he decided to tackle problems of global health and human rights. He continues to work to make it possible for people to manufacture their own medications and devices at home by creating public access to tools and information.
Twitter: @MichaelSLaufer
Description:
Not only are there plenty of cures and treatments which stay on the shelf, inaccessible because they were never approved by the FDA, but there are also drugs which have already been approved, but are not generally prescribed for their best uses. Viagra cures menstrual cramps better than it treats ED, but doctors will not prescribe it for that. There is a decades-old substance which arrests and fixes tooth decay without drilling, approved by the ADA, but no dentist will ever tell you about it. You can easily give yourself an abortion with existing ulcer drugs, but they require a trick to acquire. Anxiety, depression, poor sleep, and bad digestion are all linked to GABA deficiency, which often has its roots in the deficiency of a precursor which only comes from gut bacteria. You can repopulate your gut with those bacteria with supplements which are GRAS [FDA designation: generally recognized as safe], cheap and not patented; but for this exact reason, you're much more likely to instead be prescribed zoloft, valium, protonix, and ambien. The medical industry seems be ignoring long covid while there is a decades-old drug for a rare disease which can cure most autoimmune-presenting instances of long covid. Come see all this and more, as we show you how to hack medicines which are already on the shelf.
Return to Index - Add to
- ics Calendar file
ROV - Friday - 17:00-17:59 PDT
Title: DIY Restraint Breaking
When: Friday, Aug 12, 17:00 - 17:59 PDT
Where: LINQ - 3rd flr - Evolution (Rogues Village) - Map
SpeakerBio:Zac
No BIO available
Description:
Zac will show you how to escape from common restraints in a variety of manners. Then practice these skills with a buddy, or at our restraint breaking table anytime you’d like.
Return to Index - Add to
- ics Calendar file
SKY - Friday - 13:50-14:40 PDT
Title: Don't Blow A Fuse: Some Truths about Fusion Centres
When: Friday, Aug 12, 13:50 - 14:40 PDT
Where: LINQ - BLOQ (SkyTalks 303) - Map
SpeakerBio:3ncr1pt3d
I am a cyber threat intel analyst who likes to question things, with my work leading to presentations, articles and podcasts. My work history includes KPMG, one of the "Big 4", a major bank, CP Rail, a major railroad, with experience in security audits and assessments, privacy, DRP, project management, vendor management and change management. I am an experienced speaker, and have spoken previously at Skytalks.
Description:
How do you harness the power of collaboration when you need it most to protect and defend against threats? You build a fusion center. The concept evolved some 20 years ago in response to countering terrorism post 9/11, and a number of centres were built per the DOJ and DHS. But a few years ago, the concept became the new shiny for banks, a way to keep up with evolving threats and cybercrime. Alas, all that glitters is not gold. Effective fusion centres are powered by trust-enabled collaboration between people. At the end of the day, however, all those flashy lights, big monitors and dazzling graphs don't mean anything without the skilled people who know how to analyze and act on the real information. This talk is a cautionary tale of what's good and bad about fusion centres, with comparisons drawn from my experiences of working in one that really wasn't working well and why we must value our people over our technology.
Return to Index - Add to
- ics Calendar file
DC - Friday - 18:30-18:50 PDT
Title: Dragon Tails: Supply-side Security and International Vulnerability Disclosure Law
When: Friday, Aug 12, 18:30 - 18:50 PDT
Where: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
Speakers:Trey Herr,Stewart Scott
SpeakerBio:Trey Herr
, Director
Trey Herr is the director of the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council. His team works on cybersecurity and geopolitics including cloud computing, the security of the internet, supply chain policy, cyber effects on the battlefield, and growing a more capable cybersecurity policy workforce. Previously, he was a senior security strategist with Microsoft handling cloud computing and supply chain security policy as well as a fellow with the Belfer Cybersecurity Project at Harvard Kennedy School and a non-resident fellow with the Hoover Institution at Stanford University. He holds a PhD in Political Science and BS in Musical Theatre and Political Science.
SpeakerBio:Stewart Scott
, Assistant Director
Stewart Scott is an assistant director with the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council. His work there focuses on systems security policy, including software supply chain risk management, federal acquisitions processes, and open source software security. He holds a BA in Public Policy and a minor in Applications of Computing from Princeton University.
Description:
This talk will present a study of the reliance of proprietary and open source software on Chinese vulnerability research. A difficult political environment for Chinese security researchers became acute when a law requiring vulnerability disclosure to government and banning it to all others but the affected vendor took effect in Sept. 2021. No public evaluation of this law's impact has yet been made. This talk will present results of a quantitative analysis on the changing proportion of Chinese-based disclosures to major software products from Google, Microsoft, Apple, and VMWare alongside several major open source packages. The analysis will measure change over time in response to evolving Chinese legislation, significant divergence from data on the allocation of bug bounty rewards, and notable trends in the kinds of disclosed vulnerabilities. The Chinese research community’s prowess is well known, from exploits at the Tianfu Cup to preeminent enterprise labs like Qihoo 360. However, the recent law aiming to give the Chinese government early access to the community’s discoveries—and the government’s apparent willingness to enforce it even on high-profile corporations as seen in its punishment of Alibaba—demand more thorough scrutiny. This talk will address implications for policy and the wider hacker community.
Return to Index - Add to
- ics Calendar file
IOTV - Friday - 10:00-17:59 PDT
Title: Drone Hack
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Alliance 311, 320 (IoT Village) - Map
Description:
A handcrafted IoT challenge that will put your skills to the test. Be prepared to hack devices over bluetooth low energy, break into Wi-Fi networks, and exploit binaries. If you avoid the deadly sharks and laser beams you may be able to access smart locks, conduct electronic warfare, and fly drones.
Return to Index - Add to
- ics Calendar file
CON - Friday - 17:00-19:59 PDT
Title: EFF Tech Trivia
When: Friday, Aug 12, 17:00 - 19:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
EFF's team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Plaque and EFF swag pack. The second and third place teams will also win great EFF gear.
Return to Index - Add to
- ics Calendar file
SOC - Friday - 15:30-16:30 PDT
Title: EFF: Reproductive Justice in the Age of Surveillance
When: Friday, Aug 12, 15:30 - 16:30 PDT
Where: Caesars Forum - Forum 133 (Karaoke/Chess) - Map
Speakers:Corynne McSherry,Daly Barnett,India McKinney,Kate Bertash
SpeakerBio:Corynne McSherry
, Legal Director, Electronic Frontier Foundation
Corynne McSherry is the Legal Director at EFF, specializing in intellectual property, open access, and free speech issues.
Twitter: @cmcsherr
SpeakerBio:Daly Barnett
, Staff Technologist
Daly Barnett is a staff technologist at the EFF. She is also an artist, activist, and community organizer. Before arriving to EFF, she was the founder of t4tech, a trans forward tech collective based in NYC. She is also a part of Hacking Hustling, a sex workers advocacy organization, where her title is Witch.
SpeakerBio:India McKinney
, Director of Federal Affairs
Prior to joining EFF, India spent over 10 years in Washington, DC as a legislative staffer to three members of Congress from California. Her work there primarily focused on the appropriations process, specifically analyzing and funding programs in the Departments of Veterans Affairs, Homeland Security, and Justice. Her biggest legislative accomplishment was authorizing, funding and then naming a new outpatient VA/DoD clinic that will serve over 80,000 people.
India’s passion has always been for good public policy, and she’s excited to be using skills developed during legislative battles to fight for consumer privacy and for robust surveillance oversight.
Twitter: @imck82
SpeakerBio:Kate Bertash
Kate is Director of the Digital Defense Fund, leading a team that provides technology and security resources and front-line support to the American abortion access movement. She brings together a background in nonprofit operations, technology startups, and public policy to this work. In her free time she designs fabrics that fool surveillance systems, and (full disclosure!) also helps out co-organizing the Crypto Privacy Village.
Twitter: @KateRoseBee
Description:
The U.S. Supreme Court sent shockwaves with its decision to overturn protections for reproductive rights (https://www.eff.org/issues/reproductive-justice) under Roe v. Wade. In addition to depriving millions of people of a fundamental right, the decision also means that those who seek (https://www.eff.org/deeplinks/2022/06/security-and-privacy-tips-people-seeking-abortion), offer (https://www.eff.org/deeplinks/2022/05/digital-security-and-privacy-tips-those-involved-abortion-access), or facilitate abortion healthcare must now consider whether law enforcement could access and use previously benign digital data as evidence of a crime. That’s an alarming prospect for an increasingly online world without strong privacy protections.
This panel will explore the future of access to healthcare resources, how technologists are working to help people secure their data now, how policymakers in both the private and public sectors can ensure safety and privacy for millions of people—and what you can do to protect yourself and your communities.
Return to Index - Add to
- ics Calendar file
VMV - Friday - 10:00-10:30 PDT
Title: Election Cyber Security in the National Guard
When: Friday, Aug 12, 10:00 - 10:30 PDT
Where: Caesars Forum - Alliance 313-314, 320 (Voting Village) - Map
SpeakerBio:Brigadier General Teri (Terin) D. Williams
, Vice Director of Operations (Cyber)
Cybersecurity Advisor, DHS CISA (Department of Homeland Security Cybersecurity and Infrastructure Security Agency) working remotely from Columbus, Ohio. Advises senior state and local management government officials on risk levels and security posture. Builds regional and local cybersecurity coalitions to promote information sharing. Advises senior management on cost-benefit analysis of information security programs and processes. Promotes collaborative efforts to reduce risks and threats to critical infrastructure, enterprise, communications and control systems.
Description:No Description available
Return to Index - Add to
- ics Calendar file
PLV - Friday - 16:00-17:45 PDT
Title: Election Security Bridge Building
When: Friday, Aug 12, 16:00 - 17:45 PDT
Where: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
Speakers:Michael Ross,Jack Cable,Trevor Timmons
SpeakerBio:Michael Ross
, Deputy Secretary of State
No BIO available
SpeakerBio:Jack Cable
, Independent Security Researcher
No BIO available
SpeakerBio:Trevor Timmons
No BIO available
Description:
Psst. I have heard whispers on Capitol Hill that one of the barriers to more secure elections is strengthening the trust between election workers and security researchers. And what better venue to bring together good faith researchers with election officials than DEF CON Policy?
DEF CON Policy Department is working with top election security officials and security researchers to host a roundtable discussion on strenthening trust and collaboration in electiom security. This session will highlight work from top researchers and members of the DEF CON community, federal government representation, and perspectives from Secretaries of State.
Return to Index - Add to
- ics Calendar file
PSV - Friday - 15:30-15:59 PDT
Title: Elevators 101
When: Friday, Aug 12, 15:30 - 15:59 PDT
Where: Caesars Forum - Summit 201-202 (Physical Security Village) - Map
SpeakerBio:Karen Ng
As a founding member of the Physical Security Village, Karen has always been eager to spread awareness of physical security vulnerabilities. Karen works with GGR Security as a Security Risk Assessor.
Twitter: @hwenab
Description:
Elevator floor lockouts are often used as an additional, or the only, layer of security. This talk will focus on how to hack elevators for the purpose of getting to locked out floors – including using special operating modes, tricking the controller into taking you there, and hoistway entry.
Return to Index - Add to
- ics Calendar file
DL - Friday - 12:00-13:55 PDT
Title: EMBA - Open-Source Firmware Security Testing
When: Friday, Aug 12, 12:00 - 13:55 PDT
Where: Caesars Forum - Council Boardroom (Demo Labs) - Map
Speakers:Michael Messner,Pascal Eckmann
SpeakerBio:Michael Messner
Michael Messner: As a security researcher and penetration tester, I have more than 10 years of experience in different penetration testing areas. In my current position, I'm focused on hacking embedded devices used in critical environments.
SpeakerBio:Pascal Eckmann
Pascal Eckmann: As a security researcher and developer, I have worked on several internal and Open-Source projects in the areas of fuzzing, firmware analysis and web development. In addition to automated firmware analysis, I have experience in various penetration testing areas including hardware and wireless communication.
Description:
Penetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis.
Audience: Offense (penetration testers) and defense (security team and developers).
Return to Index - Add to
- ics Calendar file
PLV - Friday - 14:00-15:45 PDT
Title: Emerging Technical Cyber Policy Topics
When: Friday, Aug 12, 14:00 - 15:45 PDT
Where: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
Speakers:Kurt Opsahl,Luiz Eduardo,Yan Shoshitaishvili,Yan Zhu
SpeakerBio:Kurt Opsahl
No BIO available
SpeakerBio:Luiz Eduardo
No BIO available
SpeakerBio:Yan Shoshitaishvili
No BIO available
SpeakerBio:Yan Zhu
No BIO available
Description:
The DEF CON community confronts difficult challenges daily, overcoming many through defensive levers, such as tools, technology, and process. How about a push to make a Nation (or Nations) more secure with actionable directives? Larger, more stubborn challenges require other tools, including those dealt with at the public policy layer, such as executive orders, Congressional action, agency rules and guidance, or collective industry action. Hackers and policymakers will raise several such challenges and moderate discussions about which policy levers may be able to address them, and how.
Return to Index - Add to
- ics Calendar file
DC - Friday - 13:00-13:45 PDT
Title: Emoji Shellcoding: 🛠️, 🧌, and 🤯
When: Friday, Aug 12, 13:00 - 13:45 PDT
Where: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
Speakers:Georges-Axel Jaloyan,Hadrien Barral
SpeakerBio:Georges-Axel Jaloyan
, Hacker
Georges-Axel Jaloyan is an R&D engineer, focusing on formal methods applied to cybersecurity. He enjoys reverse-engineering and formalizing anything he comes by, always for fun and sometimes for profit.
SpeakerBio:Hadrien Barral
, Hacker
Hadrien Barral is an R&D engineer and security expert, focusing on intrusion and high-assurance software. He enjoys hacking on exotic hardware.
Description:
Shellcodes are short executable stubs that are used in various attack scenarios, whenever code execution is possible. After quickly recalling what a shellcode is and why designing shellcodes under constraints is an art, we'll study a new constraint for which (to the best of our knowledge) no such shellcode was previously known: emoji shellcoding. We'll tackle this problem by introducing a new and more generic approach to shellcoding under constraints. Brace yourselves, you'll see some black magic weaponizing these cute little emojis 🥰 into merciless exploits 👿.
Return to Index - Add to
- ics Calendar file
SEV - Friday - 18:00-18:59 PDT
Title: Ethics, morality & the law
When: Friday, Aug 12, 18:00 - 18:59 PDT
Where: LINQ - 3rd flr - Social A (Social Engineering Community) - Map
Description:
https://www.se.community/presentations/#ethics-panel
Return to Index - Add to
- ics Calendar file
AVV - Friday - 14:40-14:59 PDT
Title: Exotic data exfiltration
When: Friday, Aug 12, 14:40 - 14:59 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
SpeakerBio:Jean-Michel Amblat
Jean-Michel Amblat (“JM”) has been working in the security industry for 20 years, spending most of his career in the Tech industry before switching recently to the Financial Services sector. With passion for building and running tailored security & privacy engineering programs, he lately enjoys spending more time on security assessments of new software and services with a focus on misuse/abuse, data exfiltration and insider threat mitigation.
Description:
In this talk we will explore 3 different ideas that could be used for data exfiltration after successful compromise. These techniques, while simple, are quite different from the traditional DNS, SMB, HTTP(S), SMTP abuse cases that have been covered deeply and described in the MITRE ATT&CK framework. Source code for each proof of concept code will be made available after the talk.
Return to Index - Add to
- ics Calendar file
DCGVR - Friday - 12:00-12:59 PDT
Title: Exploits and Dragons
When: Friday, Aug 12, 12:00 - 12:59 PDT
Where: Virtual - DEF CON Groups VR
Speakers:Mauro Eldritch,AdanZkx
SpeakerBio:Mauro Eldritch
Argentine Hacker. Founder of DC5411 (Argentina + Uruguay, specialized in Hardware Hacking and crafting madness in Ruby). Speaker at +35 events
Twitter: @mauroeldritch &
SpeakerBio:AdanZkx
Argentine Hacker. Member of DC5411. I'm a junior hacker and developer learning my way by playing with different languages and boxes.
Twitter: @AdanZkx
Description:
"Some other nerds like CTFs and Hacking.
We professional nerds chose Exploits & Dragons.
Exploits & Dragons is an Open Source tool developed by DC5411, which gamifies CTF and Pentesting exercises through the use of ""Bosses"", a kind of box which WILL fight back.
Using Docker, Ruby, and a minimalistic web interface, E&D allows any user to create a containerized Boss, which will jealously guard a flag. This boss will have a health meter represented by a series of security challenges to solve (locate and delete a file, avoid a specific connection, interrupt a process, etc) to eventually ""kill"" him and take his flag.
But this is not all, throughout the event, the Boss will be able to roll dice and act accordingly: disconnecting a user, launching an area attack (disconnecting everyone), executing a user (blocking his account), or even giving hints via Discord or Slack.
Bring your team, and let's start a new campaign.
E&D is free, open, and welcomes contributions of stories, ideas, and ASCII arts to expand it."
Return to Index - Add to
- ics Calendar file
DC - Friday - 15:00-15:45 PDT
Title: Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.
When: Friday, Aug 12, 15:00 - 15:45 PDT
Where: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
Speakers:Octavio Gianatiempo,Octavio Galland
SpeakerBio:Octavio Gianatiempo
, Security Researcher at Faraday
Octavio Gianatiempo is a Security Researcher at Faraday and a Computer Science student at the University of Buenos Aires. He's also a biologist with research experience in molecular biology and neuroscience. The necessity of analyzing complex biological data was his point of entry into programming. But he wanted to achieve a deeper understanding of how computers work, so he enrolled in Computer Science. An entry-level CTF introduced him to the world of computer security, and there he won his first ticket to a security conference. This event was a point of no return, after which he began taking classes on computer architecture and organization and operating systems to deepen his low-level knowledge. As a Security Researcher at Faraday, he focuses on reverse engineering and fuzzing open and closed source software to find new vulnerabilities and exploit them.
Twitter: @ogianatiempo
SpeakerBio:Octavio Galland
, Security Researcher at Faraday
Octavio Galland is a computer science student at Universidad de Buenos Aires and a security researcher at Faraday. His main topics of interest include taking part in CTFs, fuzzing open-source software and binary reverse engineering/exploitation (mostly on x86/amd64 and MIPS).
Twitter: @GallandOctavio
Description:
In this presentation, we go over the main challenges we faced during our analysis of the top selling router in a local eCommerce, and how we found a zero-click remote unauthenticated RCE vulnerability. We will do a walkthrough on how we located the root cause of this vulnerability and found that it was ingrained in Realtek’s implementation of a networking functionality in its SDK for eCos devices.
We then present the method we used to automate the detection of this vulnerability in other firmware images. We reflect on the fact that on most routers this functionality is not even documented and can’t be disabled via the router’s web interface. We take this as an example of the hidden attack surface that lurks in OEM internet-connected devices.
We conclude by discussing why this vulnerability hasn’t been reported yet, despite being easy to spot (having no prior IoT experience), widespread (affecting multiple devices from different vendors), and critical.
Our research highlights the poor state of firmware security, where vulnerable code introduced down the supply chain might never get reviewed and end up having a great impact, evidencing that security is not a priority for the vendors and opening the possibility for attackers to find high impact bugs with low investment and little prior knowledge.
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 14:00-14:59 PDT
Title: Exposing aberrant network behaviors within ICS environments using a Raspberry Pi
When: Friday, Aug 12, 14:00 - 14:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map
Speakers:Chet Hosmer,Mike Raggo
SpeakerBio:Chet Hosmer
, Professor of Practice
Chet serves as a Professor of Practice at the University of Arizona in the Cyber Operations program where he is teaching and researching the application of Python and Machine Learning to advance cybersecurity challenges. Chet is also the Founder of Python Forensics, Inc. which is focused on the collaborative development of open-source investigative technologies using Python and other popular scripting languages. Chet has been researching and developing technology and training surrounding forensics, digital investigation, and steganography for decades. He has made numerous appearances to discuss emerging cyber threats including National Public Radio's Kojo Nnamdi show, ABC's Primetime Thursday, and ABC News Australia. He has also been a frequent contributor to technical and news stories relating to cybersecurity and forensics with Forbes, IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired Magazine.
SpeakerBio:Mike Raggo
Michael T. Raggo has over 20 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. His research has been highlighted on television’s CNN Tech, and numerous media publications including TIME, Forbes, Bloomberg, Dark Reading, TechCrunch, TechTarget, The Register, and countless others. Michael is the author of Mobile Data Loss: Threats & Countermeasures and Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols for Syngress Books co-authored with Chet Hosmer, and is a contributing author to Information Security the Complete Reference 2nd Edition. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; is a former participating member of FSISAC/BITS and PCI Council, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.
Description:
Using an Active Cyber Defense framework and combining that with our homegrown ML, we’ve created our own approach to detecting aberrant network behavior through passive network monitoring to discover covert communications with a Raspberry Pi. We will then demo our open source solution, a free Modbus TCP pcap analysis tool, to uncover the risky and potentially very damaging covert channels communicating with the outside world and the types of data that is being harvested along with the new attack surfaces that they offer.
Return to Index - Add to
- ics Calendar file
ROV - Friday - 14:00-14:59 PDT
Title: False Dealing
When: Friday, Aug 12, 14:00 - 14:59 PDT
Where: LINQ - 3rd flr - Evolution (Rogues Village) - Map
SpeakerBio:Daniel Roy
No BIO available
Description:
Daniel Roy is a card manipulation expert who specializes in two areas: the sleight-of-hand techniques used by professional card cheats and the “sleight-of-mind” techniques he learned while studying neurobiology at the University of Pennsylvania. In this workshop, he’ll demonstrate how you can be swindled at the card table and teach you a few of the secrets so you can try them out for yourself, all the while explaining how these techniques target the mind.
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 10:00-17:59 PDT
Title: Fantom5 SeaTF CTF
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CTF Area - Map
Description:
Contestants will be able to try their hand and compete in a point based Capture the Flag hacking competition based around 3 Maritime consoles. The consoles involved will be Navigation systems, Steering and Propulsion systems, and Ballast systems. These systems provide a relative experience of the actual systems found aboard a naval vessel.
This is a registration required based CTF https://www.sea-tf.com/registration First come first serve basis on time slots.
Return to Index - Add to
- ics Calendar file
MIV - Friday - 14:30-15:59 PDT
Title: FARA and DOJ’s Approach to Disinformation
When: Friday, Aug 12, 14:30 - 15:59 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
SpeakerBio:Adam Hickey
Adam S. Hickey is a Deputy Assistant Attorney General of the National Security Division (NSD) at the Department of Justice (DOJ), overseeing the Counterintelligence and Export Control Section and the Foreign Investment Review Section. Among other things, he supervises investigations and prosecutions of foreign, state-sponsored computer intrusions and attacks, enforcement of the Foreign Agents Registration Act (FARA), and NSD’s foreign investment security reviews (e.g., CFIUS work). Previously, Hickey prosecuted terrorism cases and was Deputy Chief of Appeals in the Southern District of New York. He is a graduate of Harvard College and Yale Law School.
Description:No Description available
Return to Index - Add to
- ics Calendar file
ASV - Friday - 14:00-14:50 PDT
Title: Final Boarding Call for Cyber Policy Airlines Flight 443
When: Friday, Aug 12, 14:00 - 14:50 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Speakers:Ayan Islam,Mary Brooks,Olivia Stella,Rebecca Ash
SpeakerBio:Ayan Islam
, R-Street Institute
Ayan Islam is the associate policy director of Cybersecurity and Emerging Threats at R Street Institute and adjunct lecturer of the Cyber Threats and Security policy course at American University’s School of Public Affairs. Previously, she served as the critical infrastructure portfolio lead in the Insights/Mitigation team, the Operation Warp Speed liaison, and cybersecurity strategist for the Aviation Cyber Initiative (ACI) at the Cybersecurity and Infrastructure Security Agency (CISA).
SpeakerBio:Mary Brooks
, Fellow for Cybersecurity and Emerging Threats
Mary Brooks is a fellow for Cybersecurity and Emerging Threats at the R Street Institute. Before joining R Street, she was the lead researcher and associate producer for The Perfect Weapon (2020)—an Emmy-nominated HBO documentary that explored the rise of cyber conflict as a key feature of modern inter-state competition—and was a research assistant for the book on which the film is based. She is currently a fellow in the Aspen Rising Leaders Program.
SpeakerBio:Olivia Stella
, Senior Systems Engineer in Cybersecurity
Olivia Stella is a senior systems engineer in cybersecurity for Southwest Airlines. In her current role, she focuses on aircraft and OT cybersecurity. Her experience spans over fourteen years with a focus on the aviation, agile space, and defense systems sectors supporting incident response, vulnerability management, pen testing, bug bounty & coordinated disclosure, and risk & compliance activities.
SpeakerBio:Rebecca Ash
Rebecca Ash is a strategy and performance analyst with TSA’s Strategy, Policy Coordination and Innovation office. In this role, she works within the TSA and interagency offices to ensure effective cybersecurity strategies to enhance the cybersecurity posture of the Transportation Systems Sector. Rebecca has a degree from George Washington University in International Affairs focusing on Latin American Studies and has been with TSA since June 2015.
Description:
Too often analysts to security researchers are left out of legislative activities. This presentation covers current affairs and the ways to get involved. We will share what has and hasn’t worked, why your participation is needed, and how the collection of cyber incident reports and statistics matters. By sharing the policy landscape, the opportunities for participation will be clear and can further efforts to build operations-policy connections. Your input is needed–don’t miss your flight.
Return to Index - Add to
- ics Calendar file
WS - Friday - 09:00-12:59 PDT
Title: Finding Security Vulnerabilities Through Fuzzing
When: Friday, Aug 12, 09:00 - 12:59 PDT
Where: Harrah's - Elko (Workshops) - Map
SpeakerBio:Hardik Shah
, Security Researcher
Hardik Shah is an experienced security researcher and technology evangelist. He is currently working with Sophos as a Principal Threat Researcher. Hardik has found many vulnerabilities in windows and other open source software. He currently has around 30+ CVEs in his name. He was also MSRC most valuable researcher for year 2019 and top contributing researcher for MSRC Q1 2020. Hardik enjoys analysing latest threats and figuring out ways to protect customers from them.
You can follow him on twitter @hardik05 and read some of his blogs here:
https://news.sophos.com/en-us/author/hardik-shah/
https://www.mcafee.com/blogs/author/hardik-shah
Twitter: @hardik05
Description:
Many people are interested in finding vulnerabilities but don't know where to start. This workshop is aimed at providing details on how to use fuzzing to find software vulnerabilities. We will discuss what is fuzzing, different types of fuzzers and how to use them.
This training will start with a basic introduction to different types of vulnerabilities which are very common in softwares. Later on during the training we will first start with fuzzing a simple C program which contains these vulnerabilities. After that we will see how we fuzz real world open source softwares using fuzzers like AFL,libfuzzer and honggfuzz etc.
This talk will also provide details on how AFL works, what are the different mutation strategies it uses. basics of compile time instrumentation, how to collect corpus for fuzzing and how to minimize it,crash triage and finding root cause.
Key takeaways from this workshop will be:
1. Understanding of common types of security vulnerabilities like buffer overflow/heap overflow/use after free/double free/Out of bound read/write/memory leaks etc.
2. Understanding how to use various fuzzers like AFL,LibFuzzer, Hongfuzz etc.
3. How to fuzz various open source softwares on linux.
4. How to do basic debugging to find the root cause of vulnerabilities for linux.
5. How to write secure software by having an understanding of common types of vulnerabilities.
- Materials
- A laptop with at least 16GB RAM, min 4 core processor, virtualbox or vmware. I will be sharing a linux VM based on kali which will have all the tools required for the workshop.
- Prereq
- Basic knowledge of C,C++, basic knowledge of linux and windows.
Return to Index - Add to
- ics Calendar file
MIV - Friday - 14:30-15:59 PDT
Title: Fireside Chat
When: Friday, Aug 12, 14:30 - 15:59 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
Speakers:Adam Hickey,Jennifer Mathieu
SpeakerBio:Adam Hickey
Adam S. Hickey is a Deputy Assistant Attorney General of the National Security Division (NSD) at the Department of Justice (DOJ), overseeing the Counterintelligence and Export Control Section and the Foreign Investment Review Section. Among other things, he supervises investigations and prosecutions of foreign, state-sponsored computer intrusions and attacks, enforcement of the Foreign Agents Registration Act (FARA), and NSD’s foreign investment security reviews (e.g., CFIUS work). Previously, Hickey prosecuted terrorism cases and was Deputy Chief of Appeals in the Southern District of New York. He is a graduate of Harvard College and Yale Law School.
SpeakerBio:Jennifer Mathieu
Jennifer Mathieu, PhD, is Chief Technology Officer at Graphika. She brings extensive experience building robust, integrated, cloud-based solutions to the company, enabling customers to tackle the threat of disinformation. Jennifer is responsible for guiding the company’s technology vision, continuing the evolution of Graphika’s patented technology, strengthening its core products, and building out the company’s team of expert engineers and architects.
Description:No Description available
Return to Index - Add to
- ics Calendar file
PLV - Friday - 19:00-20:15 PDT
Title: Fireside Policy Chats
When: Friday, Aug 12, 19:00 - 20:15 PDT
Where: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
SpeakerBio:Leonard Bailey
, Head of the Cybersecurity Unit and Special Counsel for National Security in the Criminal Division’s Computer Crime and Intellectual Property Section
No BIO available
Description:
Fireside Lounge sessions are your informal, off the record opportunity to get to know policymakers in an intimate setting. Maybe with a drink in hand. No specific knowledge is required, but a skeptical mind and mischievous intellect are a must. The speaker will give a strategic analysis of relevant issues, lead a Socratic dialogue about the trade-offs represented in decision-making, and open the floor to audience questions and/or a moderated group debate. Did we mention it's off the record?
Return to Index - Add to
- ics Calendar file
PLV - Friday - 20:30-21:45 PDT
Title: Fireside Policy Chats
When: Friday, Aug 12, 20:30 - 21:45 PDT
Where: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
SpeakerBio:Gaurav Keerthi
, Deputy Chief Executive
No BIO available
Description:
Fireside Lounge sessions are your informal, off the record opportunity to get to know policymakers in an intimate setting. Maybe with a drink in hand. No specific knowledge is required, but a skeptical mind and mischievous intellect are a must. The speaker will give a strategic analysis of relevant issues, lead a Socratic dialogue about the trade-offs represented in decision-making, and open the floor to audience questions and/or a moderated group debate. Did we mention it's off the record?
Return to Index - Add to
- ics Calendar file
GHV - Friday - 14:30-14:59 PDT
Title: First Year in Cyber
When: Friday, Aug 12, 14:30 - 14:59 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map
Speakers:Crystal Phinn,T. Halloway
SpeakerBio:Crystal Phinn
Crystal Phinn is a future Cybersecurity professional and a current student at Utica College majoring in Cybersecurity with a concentration in cybercrime and fraud investigation. She has worked as a junior pentester and this summer wrapped up an internship where she assisted with investigating fraud and insider risk incidents while also building detection tools with T3 analysts. While on her cybersecurity journey Crystal has exposed herself to various CTF events , implemented and organized a Certification Accountability group and participated in SOC and OSINT boot camps to sharpen her skills.
SpeakerBio:T. Halloway
No BIO available
Description:
Discussion around experiences and challenges within the first year of cybersecurity.
Return to Index - Add to
- ics Calendar file
DL - Friday - 10:00-11:55 PDT
Title: FISSURE: The RF Framework
When: Friday, Aug 12, 10:00 - 11:55 PDT
Where: Caesars Forum - Council Boardroom (Demo Labs) - Map
SpeakerBio:Christopher Poore
Chris Poore is a Senior Reverse Engineer at Assured Information Security in Rome, NY. He has expertise discovering vulnerabilities in wireless systems, gaining access to systems via RF, reverse engineering RF protocols, forensically testing cybersecurity systems, and administering RF collection events. He has been the main figure behind the design and implementation of FISSURE since its inception in 2014. Chris is excited about implementing ideas drawn from the community and taking advantage of increased networking opportunities, so please reach out to him.
Description:
FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signal data, scripts, flow graphs, reference material, and third-party tools. FISSURE is a workflow enabler that keeps software in one location and allows teams to effortlessly get up to speed while sharing the same proven baseline configuration for specific Linux distributions. The framework and tools included with FISSURE are designed to detect the presence of RF energy, understand the characteristics of a signal, collect and analyze samples, develop transmit and/or injection techniques, and craft custom payloads or messages. FISSURE contains a growing library of protocol and signal information to assist in identification, packet crafting, and fuzzing. Online archive capabilities exist to download signal files and build playlists to simulate traffic and test systems.
Audience: RF, Wireless, SDR, Offense, Defense
Return to Index - Add to
- ics Calendar file
CLV - Friday - 14:20-14:50 PDT
Title: Flying Under Cloud Cover: Built-in Blind Spots in Cloud Security
When: Friday, Aug 12, 14:20 - 14:50 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Cloud Village) - Map
SpeakerBio:Noam Dahan
Noam Dahan is a Senior Security Researcher at Ermetic with several years of experience in embedded security. He is a graduate of the Talpiot program at the Israel Defense Forces and spent several years in the 8200 Intelligence Corps. While this is his first time presenting at DEF CON, it is not his first time in front of a crowd. Noam was a competitive debater and is a former World Debating Champion.
Twitter: @NoamDahan
Description:
Every system has its blind spots. The major cloud providers are no different. The shadows in which attackers can hide out of sight (or in plain sight), and the doors that are too often left open are important parts of the cloud security landscape.
The pressure to create usability, the need to support legacy systems and workflows in a rapidly evolving landscape and the porting over of on-prem systems are just some factors that lead to these exploitable parts of cloud security.
In this talk, we'll map out a few of these built-in blind spots, focusing on AWS, Azure, and GCP in three key areas: 1) Hard knock life: Critical security areas that are hard to get right or confusingly misrepresented. 2) Trust no one! Cloud provider design flaws and backdoors that limit the degree of security that can be reached. 3) Too old for this s***: Legacy support and dirty fixes that make for great hiding places for attackers.
We'll explore cool ways to penetrate cloud environments, escalate privilege and achieve stealth. By identifying what these weak points have in common, we can also figure out how to spot more such oversights in the future.
Return to Index - Add to
- ics Calendar file
HRV - Friday - 13:00-15:59 PDT
Title: Free Amateur Radio License Exams
When: Friday, Aug 12, 13:00 - 15:59 PDT
Where: Flamingo - Virginia City I (Ham Radio Village Exams) - Map
Description:
Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 30 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on https://ham.study/, and may sign up here: https://ham.study/sessions/626c994a86c7aedb713d1e1f/1
Return to Index - Add to
- ics Calendar file
SOC - Friday - 17:00-16:59 PDT
Title: Friends of Bill W
When: Friday, Aug 12, 17:00 - 16:59 PDT
Where: Caesars Forum - Unity Boardroom - Map
Description:
For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.
Please note: the Caesars Forum Unity Ballroom is at the "front" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).
Return to Index - Add to
- ics Calendar file
SOC - Friday - 12:00-11:59 PDT
Title: Friends of Bill W
When: Friday, Aug 12, 12:00 - 11:59 PDT
Where: Caesars Forum - Unity Boardroom - Map
Description:
For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.
Please note: the Caesars Forum Unity Ballroom is at the "front" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).
Return to Index - Add to
- ics Calendar file
WS - Friday - 14:00-17:59 PDT
Title: FROM ZERO TO HERO IN A BLOCKCHAIN SECURITY
When: Friday, Aug 12, 14:00 - 17:59 PDT
Where: Harrah's - Lake Tahoe (Workshops) - Map
Speakers:Dikla Barda,Oded Vanunu,Roman Zaikin
SpeakerBio:Dikla Barda
, Security Expert
Dikla Barda is a Security Expert. Her research has revealed significant flaws in popular services, and major vendors like Facebook, WhatsApp, Telegram, eBay, AliExpress, LG, DJI, Microsoft, TikTok, and more. She has over 15 years of experience in the field of cyber security research. She spoke at various leading conferences worldwide.
SpeakerBio:Oded Vanunu
, Head of Product Vulnerability Research
Oded Vanunu is the head of product vulnerability research and has more than 20 years of InfoSec experience, A Security Leader & Offensive Security expert.
Leading a vulnerability Research domain from a product design to product release. Issued 5 patents on cyber security defense methods. Published dozens of research papers & product CVEs.
SpeakerBio:Roman Zaikin
, Security Expert
Roman Zaikin is a Security Expert. His research has revealed significant flaws in popular services, and major vendors (Facebook, WhatsApp, Telegram, eBay, AliExpress, LG, DJI, Microsoft, and more). He has over 10 years of experience in the field of cybersecurity research. He spoke at various leading conferences worldwide and taught more than 1000 students.
Description:
Blockchain technology has to be one of the biggest technology innovations of the past few years. The top emerging blockchain development trends are crypto coins, NFT, Defi, and even metaverse. Nowadays, Companies are adopting blockchain technology and moving to the decentralized world. Especially smart contract technologies, which open them to a new cyberattack in a new crypto world. While technology evolves cybercriminals evolve along and we constantly hear about the theft of millions of dollars at security breaches in smart contracts everywhere.
In our workshop, we will teach you what is a Blockchain, what is a smart contract and what security vulnerabilities it possesses. Our workshop is intended for beginner to intermediate level hackers who want to learn new blockchain and crypto hacking techniques based on dApps TOP 10 v2022.
In the workshop, we will teach how to find vulnerabilities in blockchain smart contracts according to the latest methods and techniques. We will demonstrate every vulnerability by giving an example on the blockchain and show everything from both attacker and defender perspectives.
- Materials
- Personal Laptop
- Prereq
- Basic Programing skills in Python
Return to Index - Add to
- ics Calendar file
HHV - Friday - 11:00-11:45 PDT
Title: From Zero To Sao … Or, How Far Does This Rabbit Hole Go?
When: Friday, Aug 12, 11:00 - 11:45 PDT
Where: Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village) - Map
SpeakerBio:Bradán Lane
Bradán Lane is a UX Design and User Researcher who had his own “Alice’s Adventures in Wonderland” experience when he discovered badge making. While he has made a number of fun blinky beepy ornaments and badges, he found his passion with the eChallengeCoin - an interactive and text story challenge puzzle in the shape of a coin. He releases a new eChallengeCoin each year. Bradán also designs hardware for the CircuitPython echo system so users “have a low barrier to productivity and creativity”.
Description:
If you have a ounce of desire and a sprinkle of creativity then you can make fun electronic tchotchkes!
You will take a journey through the software and hardware tools often used to make small electronic gadgets like DEFCON SAOs, electronic pins, and annoying blinky-beepy gifts for parties and holidays. The skills covered will also serve as the stepping off point for your own badgelife creation … should you dare.
You will see how to take your personal strengths - be it art, maths, engineering, or fabrication - and build out to other skills.
You won’t learn everything there is to know about completing your dream project but you will have learned the steps involved and where to get help along the way!
Return to Index - Add to
- ics Calendar file
CHV - Friday - 11:00-11:40 PDT
Title: Getting naughty on CAN bus with CHV Badge
When: Friday, Aug 12, 11:00 - 11:40 PDT
Where: Virtual - Car Hacking Village
SpeakerBio:evadsnibor
No BIO available
Description:
Explain how the CHV badge can generate CAN waveforms (and other digital protocols) with different errors to disrupt vehicle networks. More than an ARB, the generation can be interactive - where the waveform can change based on the response of the network. The talk will focus on the Raspberry Pi rp2040 in the CHV badge and its hacker potential.
Return to Index - Add to
- ics Calendar file
RFV - Friday - 14:00-14:30 PDT
Title: Getting started with Meshtastic
When: Friday, Aug 12, 14:00 - 14:30 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
SpeakerBio:aromond
aromond likes to make all the things, including wardriving boxes, solar powered radio shacks, antennas, and electronic doo-dads.
Twitter: @aromond2001
Description:
Meshtastic is an open-source mesh based text messaging project that utilizes affordable and easily hack-able hardware coupled with the computer that already lives in your pocket. It enables long range text based communications off-grid, without requiring infrastructure, by utilizing the LoRa protocol. Come see how you can use this project to build an off-grid communicator with location sharing, a distributed sensor network, or just use it to send text messages to people at a con.
Return to Index - Add to
- ics Calendar file
BHV - Friday - 12:00-12:30 PDT
Title: Gird your loins: premise and perils of biomanufacturing
When: Friday, Aug 12, 12:00 - 12:30 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map
SpeakerBio:Nathan Case
Successful executive and builder, pushing for change in seucirty and the culture surronding it. Leading strategic intiatives and the creation of new technologies in the healthcare, information technology and cloud industries, focusing on security. Focusing on a passion for Incident Response, and operational security in all forms. Pushing the bounds of threat detection and response. Finding new thoughts and bringing them to the fields of security and technology.
Description:No Description available
Return to Index - Add to
- ics Calendar file
GHV - Friday - 10:00-10:30 PDT
Title: Girls Hack Village Introduction
When: Friday, Aug 12, 10:00 - 10:30 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map
SpeakerBio:Tennisha Martin
Tennisha Martin is the founder and Executive Director of BlackGirlsHack (BGH Foundation), a national cybersecurity nonprofit organization dedicated to providing education and resources to underserved communities and increasing the diversity in cyber. She has worked in a consulting capacity for over 15 years and in her spare time is a Cyber Instructor, mentor, and red-team leaning ethical hacking advocate for diversity in Cyber and the executive suites.
Twitter: @misstennisha
Description:No Description available
Return to Index - Add to
- ics Calendar file
SOC - Friday - 18:30-21:30 PDT
Title: Girls Hack Village Meetup: Shoot Your Shot Networking Event
When: Friday, Aug 12, 18:30 - 21:30 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map
Description:
"You miss 100% of the shots you don't take" - Wayne Gretzky -Michael Scott - Girls Hack Village.
This meetup will be a fun networking event that gives attendees the opportunity to meet and make connections. Are you awkward at social gatherings? Are you the life of the party? We endeavor to create an environment where those on either side and anywhere in between are welcome and feel as though they belong. Want to grow your brand or just make new Hacker Summer Camp friends? Come one, come all.
Return to Index - Add to
- ics Calendar file
DC - Friday - 12:00-12:45 PDT
Title: Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
When: Friday, Aug 12, 12:00 - 12:45 PDT
Where: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
SpeakerBio:Lennert Wouters
, researcher at imec-COSIC, KU Leuven
Lennert is a PhD researcher as the Computer Security and Industrial Cryptography (COSIC) research group, an imec research group at the KU Leuven University in Belgium. His research interests include hardware security of connected embedded devices, reverse engineering and physical attacks.
Twitter: @LennertWo
Description:
This presentation covers the first black-box hardware security evaluation of the SpaceX Starlink User Terminal (UT). The UT uses a custom quad-core Cortex-A53 System-on-Chip that implements verified boot based on the ARM trusted firmware (TF-A) project. The early stage TF-A bootloaders, and in particular the immutable ROM bootloader include custom fault injection countermeasures. Despite the black-box nature of our evaluation we were able to bypass signature verification during execution of the ROM bootloader using voltage fault injection.
Using a modified second stage bootloader we could extract the ROM bootloader and eFuse memory. Our analysis demonstrates that the fault model used during countermeasure development does not hold in practice. Our voltage fault injection attack was first performed in a laboratory setting and later implemented as a custom printed circuit board or 'modchip'. The presented attack results in an unfixable compromise of the Starlink UT and allows us to execute arbitrary code.
Obtaining root access on the Starlink UT is a prerequisite to freely explore the Starlink network and the underlying communication interfaces.
This presentation will cover an initial exploration of the Starlink network. Other researchers should be able to build on our work to further explore the Starlink ecosystem.
Return to Index - Add to
- ics Calendar file
DC - Friday - 12:30-13:15 PDT
Title: Global Challenges, Global Approaches in Cyber Policy
When: Friday, Aug 12, 12:30 - 13:15 PDT
Where: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
Speakers:Gaurav Keerthi,Lily Newman,Pete Cooper
SpeakerBio:Gaurav Keerthi
, Deputy Chief Executive
No BIO available
SpeakerBio:Lily Newman
, Senior Writer
No BIO available
SpeakerBio:Pete Cooper
, Deputy Director Cyber Defence
No BIO available
Description:
While each nation and region around the world has unique governance models and concerns, there is a large commonality in our: adversaries, markets, supply chains, vulnerabilities, and connectivity. So each nation and region approaches cyber policy in ways that are unique and ways that are in common with the broader global community. Join this session to hear from national leaders in cyber policy on what makes their distinct practices appropriate for them, and how they work together on the international stage where interests and concerns are aligned.
Return to Index - Add to
- ics Calendar file
SOC - Friday - 21:00-01:59 PDT
Title: GOTHCON (#DCGOTHCON)
When: Friday, Aug 12, 21:00 - 01:59 PDT
Where: Caesars Forum - Forum 104-105, 136 - Map
Description:
Back for their 5th year, GOTHCON welcomes everyone to come dance and stomp the night away at their Techno Coven. 9pm-2am Friday Aug 12th. Follow @dcgothcon on twitter for updates and details on location. All are welcome (except nazis), and dress however you want - whatever makes you the most comfortable and happy.
Return to Index - Add to
- ics Calendar file
CON - Friday - 17:00-16:59 PDT
Title: Hack Fortress
When: Friday, Aug 12, 17:00 - 16:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
Hackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.
Deadline for registration is Friday at 17:00
Return to Index - Add to
- ics Calendar file
ASV - Friday - 10:00-16:59 PDT
Title: Hack the Airfield with DDS
When: Friday, Aug 12, 10:00 - 16:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
Hack the Airfield is broken down into two primary components, the aircraft and the system used to locate and find them.
BRICKS IN THE AIR
Learn how avionics systems work in a safe and fun way in our Bricks in the Air workshop that simulates an environment requiring similar approaches to hacking on actual aviation buses without using any of the real hardware, protocols, or commands. Challengers can freely play and develop skills without worrying about legalities or sensitivities of real systems.
SPOOFING ADS-B
ADS-B is the latest version of Identify Friend or Foe (IFF), which is the common name for cooperative radar surveillance of aircraft. Unlike traditional IFF, in ADS-B the aircraft periodically sends a broadcast out roughly every half second to alert all nearby receivers of its current location. These broadcasts are unencrypted and fairly easy to spoof, allowing anyone to create as many aircraft as they want. Stop by the workshop and learn what it takes to spoof fake aircraft into the system used to track them.
Required gear: none!
Return to Index - Add to
- ics Calendar file
ASV - Friday - 10:00-16:59 PDT
Title: Hack the Airport with Intelligenesis
When: Friday, Aug 12, 10:00 - 16:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
Can you restore the Aerospace Village runway lighting system? IntelliGenesis will be holding a mini-Hack the Airport that is designed to showcase the impact of a cyber-attack on critical infrastructure commercial or government facilities; specifically, Aviation Control Systems. Transportation Systems is one of the 16 Cybersecurity and Infrastructure Agency Critical Infrastructure Sectors for the US. There is a hyper focus on cybersecurity surrounding airports and the critical infrastructure systems supporting aviation operations. Come on over and give it an attempt, there will be 4 stages culminating in restoring the lighting system so that the village can begin landing and launching aircraft. All levels of experience can participate.
Signups: beginning Monday 8/8 – but not required to participate
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 10:00-17:59 PDT
Title: Hack the Plan[e]t CTF
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CTF Area - Map
Description:
Hack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.
Howdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home - made to be “smart” from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumerfocused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of a real and simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.
In the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. There will be integrated elements from DHS/CISA with their ranges that are realistically miniaturized assets (ie operational oil and natural gas pipeline, etc.).
Return to Index - Add to
- ics Calendar file
ASV - Friday - 12:00-16:59 PDT
Title: Hack-A-Sat Aerospace PiSat Challenge
When: Friday, Aug 12, 12:00 - 16:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
Engineers at the Aerospace Corporation are hosting a CTF using the PiSat platform (check out the PiSat Workshop also in the Aerospace Village). Teams will command a PiSat via a COSMOS web GUI and complete challenges, which will be announced during the event. The CTF will primarily use crosslinks between PiSats to complete tasks including attacking other PiSats. Rounds will last ten minutes each, but teams can stay for up to one hour.
Required gear: bring a laptop (with an ethernet port!) to compete in the contest.
Signups: Sign-ups for the event will be in person each morning from 10am – 12pm and will be first come, first served.
Return to Index - Add to
- ics Calendar file
ASV - Friday - 10:00-16:59 PDT
Title: Hack-A-Sat Digital Twin Workshop
When: Friday, Aug 12, 10:00 - 16:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
The Hack-A-Sat team is working hard to build the next competition platform for the Hack-A-Sat 3 (HAS3) Finals competition, where space math, hacking, and satellite operations are interwoven into a realistic space CTF environment. We will be demoing the HAS3 digital twin satellite in the Aerospace Village for participants to experience basic satellite command & control operations and flight software exploitation with two challenges created specifically for DEF CON. This year’s digital twin brings new tools, processor architecture, and physics simulation capabilities that we will be unveiling for the first time.
Required gear: We are hosting the demo on our own hardware so all you need to bring is your own desire to “Learn. Space. Faster”.
Signups: first come first serve, come by the Aerospace Village during its normal operating hours!
Return to Index - Add to
- ics Calendar file
ASV - Friday - 10:00-10:50 PDT
Title: Hack-A-Sat Team
When: Friday, Aug 12, 10:00 - 10:50 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Speakers:1st Lt Kevin Bernert,Capt Elijah Williams,Rachel Mann,Mark Werremeyer,Mike Walker,Aaron Myrick,Jordan Wiens,Steve Colenzo
SpeakerBio:1st Lt Kevin Bernert
No BIO available
SpeakerBio:Capt Elijah Williams
No BIO available
SpeakerBio:Rachel Mann
No BIO available
SpeakerBio:Mark Werremeyer
No BIO available
SpeakerBio:Mike Walker
No BIO available
SpeakerBio:Aaron Myrick
No BIO available
SpeakerBio:Jordan Wiens
No BIO available
SpeakerBio:Steve Colenzo
No BIO available
Description:
Hack-A-Sat (HAS) is an Air Force/Space Force satellite hacking CTF, now in its 3rd year. This talk will: 1) educate the audience on the HAS series of competitions, 2) review challenges/solves from the HAS3 qualifiers in May 2022, 3) preview the HAS3 Finals (Oct 2022) including the 8 finalist teams vying for $100K prize pool, 4) talk about Moonlighter, a cubesat designed and built as a hacking sandbox in space. Moonlighter will be the platform for HAS4, the world’s first CTF in space.
Return to Index - Add to
- ics Calendar file
CON - Friday - 14:00-15:59 PDT
Title: Hack3r Runw@y
When: Friday, Aug 12, 14:00 - 15:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
After 2 years virtual and one in person, we’d like to return to stage for our 4th year where this contest shines best. Hack3r Runw@y brings out all the sheek geeks out there. It encourages rethinking fashion in the eyes of hackers. Be it smartwear, LED additions, obfuscation, cosplay or just everyday wear using fabrics and textures that are familiar to the community. Contestants can enter clothing, shoes, jewelry, hats or accessories. If it can be worn, it is perfect for the runway. For convenience, contestants can enter the contest with designs made ahead of the conference, however it needs to be made by them and not just store bought.
Awards will be handed out in 4 categories and one trophy for the People’s Choice category where the winner is anyone’s guess:
Digital wearable - LED, electronic, passive
Smart wear - interactive, temperature sensing, mood changing, card skimmers, etc
Aesthetics and More - 3d printed, geeky wear, passive design, obfuscation, cosplay
Functional wear - did you bling out your mask and/or shield, have a hazmat suit, lock pick earrings, cufflinks shims
Winners will be selected based on, but no limited to:
Uniqueness
Trendy
Practical
Couture
Creativity
Relevance
Originality
Presentation
Mastery
Friday: 2pm – 4pm
Saturday: 4pm – 6pm (or 2 hours before the contest stage and then 1 hr on stage)
Return to Index - Add to
- ics Calendar file
AVV - Friday - 12:30-12:59 PDT
Title: Hacked by Raspberia: Simulating a nationally disruptive attack by a non-existent state actor
When: Friday, Aug 12, 12:30 - 12:59 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
SpeakerBio:Sanne Maasakkers
, Security Specialist
Sanne Maasakkers is working as a security specialist at NCSC-NL. After spending some years in offensive security, she now uses this knowledge to make Dutch vital infrastructure more resilient. She is mainly interested in researching social engineering tactics and techniques of the bigger APTs and presented 'Phish like an APT' last year at the digital version of Adversary Village. Additionally, she likes to host CTFs for young talents, coach the European CTF team, and host awareness sessions.
Twitter: @sannemaasakkers
Description:
Suppose you need to create a scenario for a national cyber crisis exercise with hundred participating organizations. It has to be an attack with a disruptive national impact BUT cannot be an existing APT group. The solution: creating a realistic threat actor and their simulated attack - entirely from scratch. Creating such an adversary simulation is not an easy task. How do you simulate a zero-day attack on the networks of all participating companies, create a fictive country, define TTPs for the non-existent adversary, reflect all defined TTPs in the attack, and allow attribution? This talk includes a detailed description of the attack chain created and how more than two thousand participants broke their heads over finding the attack path in supplied injects, like event logs, memory dumps, and custom malware.
Return to Index - Add to
- ics Calendar file
SOC - Friday - 20:00-21:59 PDT
Title: Hacker Jeopardy
When: Friday, Aug 12, 20:00 - 21:59 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
Description:
Hacker Jeopardy, the classic DEF CON game show, is returning for yet another year of answers, questions, NULL beers, and occasionally some impressive feats of knowledge. You don't want to miss this opportunity to encourage the contestants, your fellow Humans, "DON'T FUCK IT UP!
We will be opening auditions, with the call posted on the dfiu.tv website, and linked to DEF CON forums. (promoted on social media)
Track 4
Friday: 2000-2200
Saturday: 2000-2200
Return to Index - Add to
- ics Calendar file
SOC - Friday - 19:30-01:59 PDT
Title: Hacker Karaoke
When: Friday, Aug 12, 19:30 - 01:59 PDT
Where: Caesars Forum - Forum 133 (Karaoke/Chess) - Map
Description:
For those who love to sing and perform in front of others, we are celebrating our 14th year of Love, Laughter, and Song from 8 PM to 2 AM Friday and Saturday night.
We are open to everyone of any age, and singing is not required.
For more information visit:
https://hackerkaraoke.org or Twitter @hackerkaraoke.
Return to Index - Add to
- ics Calendar file
RTV - Friday - 14:00-14:59 PDT
Title: HackerOps
When: Friday, Aug 12, 14:00 - 14:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
SpeakerBio:Ralph May
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
RTV - Friday - 16:00-16:59 PDT
Title: HackerOps
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
SpeakerBio:Ralph May
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
RTV - Friday - 13:00-13:59 PDT
Title: HackerOps
When: Friday, Aug 12, 13:00 - 13:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
SpeakerBio:Ralph May
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
RTV - Friday - 15:00-15:59 PDT
Title: HackerOps
When: Friday, Aug 12, 15:00 - 15:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
SpeakerBio:Ralph May
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
ASV - Friday - 12:00-12:50 PDT
Title: Hackers Help Make My Airline Secure
When: Friday, Aug 12, 12:00 - 12:50 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
SpeakerBio:Deneen Defiore
Deneen is an accomplished technology & risk management executive with experience across multiple critical infrastructure sectors. She has expertise in advising global companies & their most senior executives on technology, cybersecurity, compliance, and digital risk related decisions associated to products, services, significant initiatives, & ongoing operations. Deneen currently serves as Vice President and Chief Information Security Officer at United Airlines. She is responsible for the leading the cybersecurity organization to ensure the company is prepared to prevent, detect, & respond to evolving cyber threats; as well as commercial aviation cyber safety risk initiatives & improving cyber resilience across the global aviation ecosystem.
Description:
Ensuring passengers are safe while flying goes well beyond the cybersecurity of just an aircraft. Join this fireside chat with Deneen DeFiore, the Chief Information Security Officer for United Airlines, to learn how she is building an enterprise security program that leverages smart, experienced hackers. Deneen will share her background in infosec along with her approach to engaging security expertise to maintain the trust her customers have in her airline’s safe and secure operations.
Return to Index - Add to
- ics Calendar file
APV - Friday - 13:45-14:45 PDT
Title: Hacking 8+ million websites - Ethical dilemmas when bug hunting and why they matter
When: Friday, Aug 12, 13:45 - 14:45 PDT
Where: Flamingo - Twilight Ballroom - AppSec Village - Main Stage - Map
SpeakerBio:Rotem Bar
Today Rotem is the Head of Marketplace Integrations at Cider Security, which is focusing on revolutionizing CI/CD security. During his free time, Rotem plays with robotics, bug-bounty and enjoys traveling with his family.
Description:
Many companies are reluctant to pay bug hunters to find and report vulnerabilities in software produced by a 3rd party.
In this lecture, we explore the pros and cons of this approach and demonstrate why taking responsibility for 3rd party vulnerabilities is actually better for everyone.
Using shared services and systems from 3rd parties is becoming more and more common today. Because of that, a vulnerability found in one target may also affect the millions of others who use the same vulnerable shared system. This situation raises important dilemmas for everyone involved - the 3rd party vendor, the millions of users, and the security researchers/bug hunters who identify the problem.
This talk will showcase a vulnerability we found in a 3rd party application. We will show the technical details of how it was found, but will focus primarily on how we handled the submissions, both to the vendor and affected clients.
We will discuss the different dilemmas we encountered: Who should be contacted first? How do we make sure the exploit won’t be leaked prematurely? How much time should we allow for vendor response? Who should release the CVE? And finally: What are the consequences of each of these decisions for the vendor, the client, and us?
Return to Index - Add to
- ics Calendar file
RTV - Friday - 16:00-16:59 PDT
Title: Hacking APIs: How to break the chains of the web
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
SpeakerBio:Corey Ball
No BIO available
Twitter: @hAPI_hacker
Description:No Description available
Return to Index - Add to
- ics Calendar file
HRV - Friday - 15:00-15:59 PDT
Title: Hacking Ham Radio: Dropping Shells at 1200 Baud
When: Friday, Aug 12, 15:00 - 15:59 PDT
Where: Flamingo - Virginia City II (Ham Radio Village Activities) - Map
SpeakerBio:Rick Osgood
Rick has been an enthusiastic penetration tester since 2015, and has been involved with the security community since 2005. As a Principal Security Consultant at Coalfire, Rick conducts application and API tests, cloud testing, network penetration tests, and wireless tests. He has also completed multiple security-related research and development projects.
Rick dove into information security in 2005, enrolling in a university program specifically designed around network security. He has experience as a Linux system engineer, security analyst, and penetration tester. Rick has volunteered at both Blackhat and Defcon, and co-founded two non-profit hackerspaces: HeatSync Labs in Arizona, and Eugene Maker Space in Oregon. Rick interests include radio and electronics, which are sometimes combined with security projects. He has also written for the popular security-related blog hackaday.com.
Twitter: @rickoooooo
https://www.richardosgood.com
Description:
Amateur radio can be used to communicate with operators all over the world using voice, Morse code, or even computers. When connected to a computer, our rigs can do anything from text messaging and email to sharing images and tracking weather balloons. There’s something magical about connecting to a device or person across the planet without the modern Internet, but can these connections be abused? Of course, they can! This presentation will review a memory corruption exploit developed to obtain remote code execution via ham radio. The presentation will briefly describe packet radio and APRS before moving on to target selection, fuzzing, reverse engineering, shellcode development, and exploitation. Prior understanding of basic exploit techniques such as simple buffer overflows and SEH overwrites is helpful, but not strictly required.
Return to Index - Add to
- ics Calendar file
PWV - Friday - 13:00-12:59 PDT
Title: Hacking Hashcat
When: Friday, Aug 12, 13:00 - 12:59 PDT
Where: Caesars Forum - Summit 218-219 (Password Village) - Map
SpeakerBio:Ray “Senpai” Morris
No BIO available
Description:
Cracking Passwords to Make Them Strong
Existing password meters say that passwords like ""Fall2021!"" or ""Password123!"" are strong, just because they have upper case, lower case, and numbers. ""Password123!"" is NOT a strong password; it will get cracked in seconds. I gave 47,000 “strong” password hashes to some of the best password crackers. Although the meters said these passwords were strong, over 99% of them actually got cracked.
By reversing the tools the password crackers actually use, we can tell whether a password will actually be cracked, by real password crackers, including those who win the Defcon Crack Me If You Can.
I will demonstrate a new open source Python tool which tells you with over 90% accuracy whether a real password cracker would be able to crack the password you're thinking about using. This tool tests the types of attacks that crackers conduct using tools like Hashcat or John the Ripper.
Return to Index - Add to
- ics Calendar file
DC - Friday - 16:00-16:45 PDT
Title: Hacking ISPs with Point-to-Pwn Protocol over Ethernet (PPPoE)
When: Friday, Aug 12, 16:00 - 16:45 PDT
Where: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
SpeakerBio:Gal Zror
, Vulnerability Research Manager at CyberArk Labs
Gal Zror (@waveburst) acts as the vulnerability research manager in CyberArk labs. Gal has over 12 years of experience in vulnerability research and he specializes in embedded systems and protocols. Besides research, he is also an amateur boxer and a tiki culture enthusiastic.
Twitter: @waveburst
Description:
Hello, my name is BWL-X8620, and I'm a SOHO router. For many years my fellow SOHO routers and I were victims of endless abuse by hackers. Default credentials, command injections, file uploading - you name it. And it is all just because we're WAN-facing devices. Just because our ISP leaves our web server internet-facing makes hackers think it's okay to attack and make us zombies. But today, I say NO MORE!
In this talk, I will show that if a web client can attack a web server, then an ISP client can attack the ISP servers!
I will reveal a hidden attack surface and vulnerabilities in popular network equipment used by ISPs worldwide to connect end-users to the internet.
BRAS devices are not that different from us SOHO routers. No one is infallible. But, BRAS devices can support up to 256,000 subscribers, and exploiting them can cause a ruckus. Code executing can lead to a total ISP compromise, mass client DNS poisoning, end-points RCE, and more!
This talk will present a high severity logical DOS vulnerability in a telecommunications vendor implementation of PPPoE and a critical RCE vulnerability in PPP. That means we, the SOHO routers, can attack and execute code on the ISP's that connect us to the internet!
Today we are fighting back!
Return to Index - Add to
- ics Calendar file
PLV - Friday - 12:00-13:45 PDT
Title: Hacking law is for hackers - how recent changes to CFAA, DMCA, and global policies affect security research
When: Friday, Aug 12, 12:00 - 13:45 PDT
Where: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
Speakers:Harley Geiger,Leonard Bailey
SpeakerBio:Harley Geiger
, Senior Director for Public Policy
No BIO available
SpeakerBio:Leonard Bailey
, Head of the Cybersecurity Unit and Special Counsel for National Security in the Criminal Division’s Computer Crime and Intellectual Property Section
No BIO available
Description:
What a year for hacker law! 2021-2022 saw major changes to laws that regulate hacking, such as the notorious CFAA, the grotesque DMCA Sec. 1201, and China's grisly "Management of Security Vulnerabilities" regulation. This presentation will walk through each of these developments and detail their implications for security researchers. We'll give background on how these laws have recently changed, identify areas of continued risk for hackers, and suggest concrete ways for the security community to make additional progress in shaping a favorable legal environment. An extended roundtable discussion will follow the presentation.
Return to Index - Add to
- ics Calendar file
IOTV - Friday - 11:00-11:30 PDT
Title: Hacking Product Security Interviews
When: Friday, Aug 12, 11:00 - 11:30 PDT
Where: Caesars Forum - Alliance 311, 320 (IoT Village) - Map
Description:
Hacking Product Security Interviews
Cybersecurity is a complex, multi-faceted field and pursuing a career in it requires the acquisition of a number of different skill sets. Product Security interviews can be particularly challenging due to the expectation that candidates possess both hacking AND software engineering intuition and skills.
Zoox will take a software engineering perspective and unpack this topic in an interactive talk. They focus on big-picture as well as tactical insights that will help you invest your time when preparing for your dream Product Security job. This is an interactive group activity!
Return to Index - Add to
- ics Calendar file
IOTV - Friday - 11:30-11:59 PDT
Title: Hacking Product Security Interviews
When: Friday, Aug 12, 11:30 - 11:59 PDT
Where: Caesars Forum - Alliance 311, 320 (IoT Village) - Map
Description:
Hacking Product Security Interviews
Cybersecurity is a complex, multi-faceted field and pursuing a career in it requires the acquisition of a number of different skill sets. Product Security interviews can be particularly challenging due to the expectation that candidates possess both hacking AND software engineering intuition and skills.
Zoox will take a software engineering perspective and unpack this topic in an interactive talk. They focus on big-picture as well as tactical insights that will help you invest your time when preparing for your dream Product Security job. This is an interactive group activity!
Return to Index - Add to
- ics Calendar file
WS - Friday - 14:00-17:59 PDT
Title: Hacking the Metal 2: Hardware and the Evolution of C Creatures
When: Friday, Aug 12, 14:00 - 17:59 PDT
Where: Harrah's - Copper (Workshops) - Map
SpeakerBio:Eigentourist
, Programmer
Eigentourist is a programmer who learned the craft in the early 1980s. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes it's hard to tell which was which. Today, he works on systems integration and engineering in the healthcare industry.
Description:
Beneath the surface of your favorite video game, operating system, or mobile app hides a subterranean world of low-level programming and hardware architecture that was once the domain of all programmers, but now lives mostly hidden behind dazzling graphics and modern abstractions. Diving into this world, we will delve into the design of processors using a hardware description language, tour through a handful of assembly language programs, and then plunge into systems programming in C, with comparison and contrast to the underlying assembly language that the compiler generates. Along the way, we will build programs both entertaining and mischievous, and emerge with a deeper understanding of the secrets behind all modern digital computing.
- Materials
- Laptop
- Prereq
- Some coding experience is helpful but not mandatory
Return to Index - Add to
- ics Calendar file
RTV - Friday - 15:00-15:59 PDT
Title: Hacking WebApps with WebSploit Labs
When: Friday, Aug 12, 15:00 - 15:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
SpeakerBio:Omar Santos
, Principal Engineer
No BIO available
Twitter: @santosomar
Description:No Description available
Return to Index - Add to
- ics Calendar file
RTV - Friday - 16:00-16:59 PDT
Title: Hacking WebApps with WebSploit Labs
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
SpeakerBio:Omar Santos
, Principal Engineer
No BIO available
Twitter: @santosomar
Description:No Description available
Return to Index - Add to
- ics Calendar file
SOC - Friday - 21:00-01:59 PDT
Title: Hallway Monitor Party - Entertainment
When: Friday, Aug 12, 21:00 - 01:59 PDT
Where: Caesars Forum - Skybridge Entrance - Map
Speakers:CaptHz,DJ Scythe,DJ UNIT 77 [ 0077 : 0077 ],Magik Plan,Tense Future
SpeakerBio:CaptHz
No BIO available
SpeakerBio:DJ Scythe
No BIO available
SpeakerBio:DJ UNIT 77 [ 0077 : 0077 ]
No BIO available
SpeakerBio:Magik Plan
No BIO available
SpeakerBio:Tense Future
No BIO available
Description:
21:00 - 22:00: Tense Future
22:00 - 23:00: DJ Scythe
23:00 - 00:00: DJ UNIT 77 [ 0077 : 0077 ]
00:00 - 01:00: CaptHz
01:00 - 02:00: Magik Plan
Return to Index - Add to
- ics Calendar file
DCGVR - Friday - 15:00-15:59 PDT
Title: Ham Radio is not just for Dinosaurs, Why hackers need an amateur radio license
When: Friday, Aug 12, 15:00 - 15:59 PDT
Where: Virtual - DEF CON Groups VR
SpeakerBio:Giglio
Larry Biggs (Giglio) is a Forensic and Threat Analytics Security Engineer at MedImpact Healthcare Systems. Giglio has worked in the staffing, manufacturing, mortgage and healthcare industries, each providing unique insights into how critical information needs to be protected. Giglio was fortunate to be on the team that hosted the 2020 DCG VR event and is looking forward to the 2022 event.
Twitter: @larrybiggs
Description:
The main point of the presentation is that while Ham Radio appears to be for retired old guys, there is a broad range of awesome stuff being designed, put into space and other new frontiers. The hacker spirit is aligned with these new frontiers and all you need to transmit on approved frequencies is an amateur radio license. Which is not hard at all to get. Slides will go through related discussion topics.
Return to Index - Add to
- ics Calendar file
WS - Friday - 14:00-17:59 PDT
Title: Hand On Mainframe Buffer Overflows - RCE Edition
When: Friday, Aug 12, 14:00 - 17:59 PDT
Where: Harrah's - Elko (Workshops) - Map
Speakers:Jake Labelle,Phil Young
SpeakerBio:Jake Labelle
, Security Consultant
Jake, a security consultant from Basingstoke, UK, got his hands on a licensed emulator for z/OS over the pandemic , and considering that we have been in and out of lockdown for the past two years, started playing around with it for a fairly good portion of time. As someone who adores the 80s cyber aesthetic, he loves mucking around with it, but also there is nothing legacy about mainframes, docker, node js, python all your modern applications/programs are on there. Over the past year, he has found and reported a number of z/OS LPEs and RCEs vulns to IBM.
Twitter: @Jabellz2
SpeakerBio:Phil Young
, Mainframe Security Expert
Philip Young, aka Soldier of FORTRAN, is a leading expert in all things mainframe hacking. Having spoken and taught at conferences around the world, including DEFCON, RSA, BlackHat and keynoting at both SHARE and GSE Europe, he has established himself as the thought leader in mainframe penetration testing. Since 2013 Philip has released tools to aid in the testing of mainframe security and contributed to multiple open source projects including Nmap, allowing those with little mainframe capabilities the chance to test their mainframes. His hope is that through raising awareness about mainframe security more organizations will take their risk profile seriously.
Description:
For decades mainframes have been thought to be unhackable. One of the core tenants of this myth was that buffer overflows were not possible on MVS. In 2020 a mainframe hacker figured out how to find and exploit z/OS binaries using very simple buffer overflow techniques. This workshop aims to teach you those techniques. Attendees will learn how C programs are used on mainframes, understand how to use JCL for buffer overflows, how save areas are used, common registries used for pointers, ASCII to EBCDIC machine code, and how they can hunt vulnerable binaries in their environment. Multiple hands-on labs will be instructor lead with a real mainframe provided both during and after class.
- Materials
- A laptop capable of running a modern browser
- Prereq
- None
Return to Index - Add to
- ics Calendar file
LPV - Friday - 15:30-15:45 PDT
Title: Handcuffs and how they work
When: Friday, Aug 12, 15:30 - 15:45 PDT
Where: Caesars Forum - Summit 203-204, 235 (Lock Pick Village) - Map
SpeakerBio:Steven Collins
No BIO available
Description:
High level explanation of how a handcuff actually works inside.
Return to Index - Add to
- ics Calendar file
IOTV - Friday - 10:00-17:59 PDT
Title: Hands on hacking labs
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Alliance 311, 320 (IoT Village) - Map
Description:
IoT Hacking 101 is a set of quick, hands-on labs developed to teach the tools techniques for discovering and exploiting some of the common weaknesses found in loT devices today. Whether you're a pentester that has never hacked loT devices or even someone that has never hacked anything (!), these self-guided labs will walk you through all the steps in order to successfully pwn loT.
Return to Index - Add to
- ics Calendar file
IOTV - Friday - 10:00-17:59 PDT
Title: Hands on Hardware Hacking – eMMC to Root
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Alliance 311, 320 (IoT Village) - Map
SpeakerBio:Deral Heiland
No BIO available
Description:
Hardware hacking with Rapid7! Rapid7 guided exercises will lead you through the hands-on hardware hacking process to gain root level access to embedded IoT technology. This series of exercises will cover multiple steps including embedded multimedia controller (eMMC) interaction, making binary images copies of flash, interaction with read only squash files systems to unpack and repack systems, and altering startup files systems within the devices’ file system to allow you to eventually gain root level access over SSH.
Return to Index - Add to
- ics Calendar file
APV - Friday - 14:45-16:45 PDT
Title: Hands-on threat modeling
When: Friday, Aug 12, 14:45 - 16:45 PDT
Where: Flamingo - Twilight Ballroom - AppSec Village - Main Stage - Map
SpeakerBio:Chris Romeo
Chris Romeo is CEO and co-founder of Security Journey and is a builder of security culture influencing application security education. Chris is the host of the award-winning #AppSec Podcast and is a highly rated industry speaker and trainer.
Twitter: @edgeroute
Description:
Everyone from security teams to CISOs wants to ingrain threat modeling across the organization, but how do you teach threat modeling that sticks? We’ll provide a two-hour security threat modeling workshop to engage participants and help them put security-focused threat modeling into action. Each session contains real-world, hands-on exercises, where participants review various data flow diagrams, identify threats and mitigations, and share results.
Return to Index - Add to
- ics Calendar file
PHV - Friday - 10:00-17:59 PDT
Title: HardWired
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map
Description:
New at DEF CON: come play our newest Packet Hacking Village game, HardWired! Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!
Return to Index - Add to
- ics Calendar file
RFV - Friday - 14:30-15:30 PDT
Title: Have a Software Defined Radio? - Design and make your own antennas
When: Friday, Aug 12, 14:30 - 15:30 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
SpeakerBio:Erwin
Erwin is an experienced security researcher with focus on reverse engineering and exploit development. He is an avid learner in many different fields and he currently holds many certifications some of which are OSCP/OSCE/OSWE/OSEE/CCIE.
Description:
Most Software Defined Radios (SDRs) process a wide range of frequencies usually ranging from few MHz to multiple GHz where different antennas are used to pick up signals in a specific subset of that range. All applications using SDR require antennas to operate efficiently at very specific frequencies. Most inexpensive commercial antennas are designed either for wider ranges with lower gain over the entire range or very specific known frequencies with higher gain. The problem occurs when the researcher performs an assessment of a device and requires the use of specific frequency for which an antenna with high gain is not readily available. Most security researchers within wireless domain have outlined that their specific attack or exploit could be executed at higher range if antenna had better gain at that specific frequency. This talk focuses on bridging that gap by providing a way for researchers to create their own patch antennas without deep electrical engineering experience.
Return to Index - Add to
- ics Calendar file
BHV - Friday - 10:00-10:30 PDT
Title: Healthcare Policy != Policy
When: Friday, Aug 12, 10:00 - 10:30 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map
SpeakerBio:Nina Alli
No BIO available
Twitter: @headinthebooth
Description:No Description available
Return to Index - Add to
- ics Calendar file
BTV - Friday - 15:00-15:59 PDT
Title: Heavyweights: Threat Hunting at Scale
When: Friday, Aug 12, 15:00 - 15:59 PDT
Where: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
Speakers:Sherrod DeGrippo,Ashlee Benge,Jamie Williams,nohackme,Sean Zadig,Ryan Kovar
SpeakerBio:Sherrod DeGrippo
Sherrod DeGrippo is the Vice President of Threat Research and Detection for Proofpoint, Inc. She leads a worldwide malware research team to advance Proofpoint threat intelligence and keep organizations safe from cyberattacks. With more than 17 years of information security experience.
SpeakerBio:Ashlee Benge
No BIO available
SpeakerBio:Jamie Williams
Jamie is an adversary emulation engineer for The MITRE Corporation where he works with amazing people on various exciting efforts involving security operations and research, mostly focused on adversary emulation and behavior-based detections. He leads the development of MITRE ATT&CK® for Enterprise and has also led teams that help shape and deliver the “adversary-touch” within MITRE Engenuity ATT&CK Evaluations as well as the Center for Threat-Informed Defense (CTID).
Twitter: @jamieantisocial
SpeakerBio:nohackme
Mick Baccio fell in love with the idea of cybersecurity at nine years old after reading Neuromancer, thinking "I should do that."
After an alphabet soup of federal agencies and a stint as the first CISO of a POTUS campaign, he is currently a Global Security Advisor at Splunk SURGe. He is still trying to do 'that'.
Air Jordans, Thrunting, Puns. Not sure the order.
SpeakerBio:Sean Zadig
No BIO available
SpeakerBio:Ryan Kovar
No BIO available
Description:
Panel Discussion discussing how evolving techniques for defenders is amplified, from some of the teams behind the blogs.
Panel Discussion discussing how evolving techniques for defenders is amplified, from some of the teams behind the blogs.
Return to Index - Add to
- ics Calendar file
SEV - Friday - 09:00-17:59 PDT
Title: Heroes vs Villians, a SEC Youth Challenge
When: Friday, Aug 12, 09:00 - 17:59 PDT
Where: LINQ - 3rd flr - Social A (Social Engineering Community) - Map
Description:
CALLING ALL KIDS! Come use your VS super skills and powers to work with a team of heroes SE COMMUNITY YOUTH CHALLENGE or villains.
The balance of good and evil will be determined by individual participants completing various challenges in this ‘Choose Your Own Adventure’ style event. By participating in this event, you will have opportunities to interact and learn from many other incredible villages at DEF CON while at the same time improving your Social Engineering abilities. If successful, you may even have the chance to help your team prevail and become the ultimate Superhero or Supervillain!
Return to Index - Add to
- ics Calendar file
GHV - Friday - 17:30-17:59 PDT
Title: Hidden Payloads in Cyber Security
When: Friday, Aug 12, 17:30 - 17:59 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map
SpeakerBio:Chantel Sims aka Root
Using her background in Psychology and Education, Chantel weaves human behavior into her work as a Security Consultant with NCC Group; a global cyber and software resilience security firm. She specializes in pentesting a number of technologies across different industries and sectors. In her free time, she enjoys learning new hacking techniques, researching the cosmos, reading philosophical texts, and spending time with her loved ones. Bringing integrity, positivity, and an open mind to all things new drives her passion for hacking.
Description:No Description available
Return to Index - Add to
- ics Calendar file
MIV - Friday - 16:00-16:59 PDT
Title: History of Russian Cyber & Information Warfare (2007-Present)
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
SpeakerBio:Ryan Westman
As Senior Manager of Threat Intelligence, Ryan is responsible for demystifying the Threat Landscape for eSentire's Threat Response Unit. His goal is to detect and respond to threats before they become risks to eSentire's client base. Prior to eSentire, Ryan spent three years at Deloitte helping build, develop, and establish a Threat Intelligence & Analytics team. Ryan holds a BA in Political Science & History from Wilfrid Laurier University, a MSc in Counter-Terrorism from the University of Central Lancashire where he conducted primary research on individuals perceptions of terrorism through Social Media, and a Master's degree from the University of Waterloo. He is a GIAC Certified Cyber Threat Intelligence Analyst.
Description:
Russian disinformation or 'active measures' or 'political warfare', since 2007 has always contained an element of cyber attacks. However, in the west, we have been slow to understand that reality. In light of the most recent invasion of the Ukraine, we are becoming more aware of the nexus between information operations and cyber operations. This talk will discuss the history and nexus of Russian cyber operations and information operations conducted by Russia since 2007.
Return to Index - Add to
- ics Calendar file
MIV - Friday - 16:00-16:59 PDT
Title: History of the weaponization of social media
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
SpeakerBio:Gina Rosenthal
, Independent
Gina Rosenthal has worked for the big infrastructure companies for many years. She helped start social media programs in those companies, and has always fought for people over stats. She also was an activist in college, helping found the American Indian Student Union at a big football school that has a native mascot. When she started her company, part of what she intended to do was help people understand what it means to have digital literacy.
Description:
Social media is big business for ad companies. That's why some of the social media grids give marketers the ability to zero in on their precise market. Those that peddle disinformation have become masters at using these tools. Breitbart pioneered this around 2010, and people like Steve Bannon have perfected their use of social media to "flood the zone" with information. This session will share that history, and give a few concrete suggestions on how to identify when you're being targeted with misinformation.
Return to Index - Add to
- ics Calendar file
PHV - Friday - 10:00-17:59 PDT
Title: Honey Pot Workshop
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map
Description:
Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-17:59 PDT
Title: Hospital Under Siege
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map
Description:
Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others.
You will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.
Visit https://www.villageb.io/capturetheflag for more information.
Return to Index - Add to
- ics Calendar file
RFV - Friday - 11:30-12:30 PDT
Title: How a weirdly shaped piece of metal pulls cat memes out of thin air
When: Friday, Aug 12, 11:30 - 12:30 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
SpeakerBio:Tyler
Tyler grew up taking things apart. (EVERYTHING) That passion to learn how things worked led to degree in electrical engineering and a 25+ year career in electrical engineering. Tyler is currently an electrical engineer, working for a small company in the Baltimore Washington DC area.
Twitter: @Chuck1eJ
Description:
Antennas - What do they do? What are all those weird numbers? What is a dBi? This is a presentation for everyone who has used an antenna, but maybe doesn't quite grasp all the dBi, gain, return loss, frequency, mumbo jumbo. The presentation describes all those numbers and even dips a toe into the more in-depth concepts. Antenna measurements are covered as well, including using inexpensive VNAs to measure antenna performance. Many typical antenna types are also covered.
Return to Index - Add to
- ics Calendar file
DDV - Friday - 13:00-13:59 PDT
Title: How long do hard drives and SSDs live, and what can they tell us along the way?
When: Friday, Aug 12, 13:00 - 13:59 PDT
Where: Flamingo - Exec Conf Ctr - Lake Meade and Valley of Fire (Data Duplication Village) - Map
SpeakerBio:Andrew Klein
Andy has 25 years experience in the cloud storage, email security, and network security fields. Prior to Backblaze he worked at Symantec, Checkpoint, PGP, and PeopleSoft, as well as startups throughout Silicon Valley. He has presented at the Federal Trade Commission, DEFCON 26 (DDV), RSA, MSST, SNIA/SDC, InfoSecurity, InterOp, and other security and cloud storage events in the US and Europe.
Description:
Since 2013 Andrew’s company has collected daily operational data from the hard drives and SSDs in our data centers. This includes daily SMART statistics from over 250,000 drives totaling over 2 Exabytes of storage. We've reviewed and analyzed this data and we would like to share what we've learned including the most current annualized failure rates for the hard drive and SSDs we use which we’ll present model-by-model and by manufacture and size. We'll show, explain, and compare the life expectancy curves for several drive models we use including 4, 8, 12 and 14TB drives. We'll demonstrate how you can you use SMART stats and Machine Learning techniques to predict drive failure, and we’ll finish up by answering some drive mysteries like; is drive failure related to drive temperature, or using helium in the drive, or power-cycling the drive (turning it on and off on a regular basis)? As a bonus, we’ll show you where to get the data so you can do your own analysis if you desire.
Return to Index - Add to
- ics Calendar file
DC - Friday - 15:30-16:15 PDT
Title: How Russia is trying to block Tor
When: Friday, Aug 12, 15:30 - 16:15 PDT
Where: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
SpeakerBio:Roger Dingledine
, The Tor Project
Roger Dingledine is president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online.
Wearing one hat, Roger works with journalists and activists on many continents to help them understand and defend against the threats they face. Wearing another, he is a lead researcher in the online anonymity field, coordinating and mentoring academic researchers working on Tor-related topics. Since 2002 he has helped organize the yearly international Privacy Enhancing Technologies Symposium (PETS).
Among his achievements, Roger was chosen by the MIT Technology Review as one of its top 35 innovators under 35, he co-authored the Tor design paper that won the Usenix Security "Test of Time" award, and he has been recognized by Foreign Policy magazine as one of its top 100 global thinkers.
Twitter: @RogerDingledine
Description:
In December 2021, some ISPs in Russia started blocking Tor's website,
along with protocol-level (DPI) and network-level (IP address) blocking to
try to make it harder for people in Russia to reach the Tor network. Some
months later, we're now at a steady-state where they are trying to find
new IP addresses to block and we're rotating IP addresses to keep up.
In this talk I'll walk through what steps the Russian censors have taken,
and how we reverse engineered their attempts and changed our strategies
and our software. Then we'll discuss where the arms race goes from here,
what new techniques the anti-censorship world needs if we're going to
stay ahead of future attacks, and what it means for the world that more
and more countries are turning to network-level blocking as the solution
to their political problems.
Return to Index - Add to
- ics Calendar file
AVV - Friday - 10:30-11:15 PDT
Title: How to be the Best Adversary Simulator
When: Friday, Aug 12, 10:30 - 11:15 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
SpeakerBio:Tim MalcomVetter
Tim MalcomVetter (@malcomvetter) started using, building, and breaking computers in the 1980s as a kid, and I started getting paid for it in 2000. Along the way, he has: * architected enterprise security solutions * led e-commerce dev teams * consulted Fortune 500s * hacked mainframe sockets to web APIs, fuel pumps to mobile apps * built the Red Team program at the world’s largest company * and made plenty of mistakes. Currently, Tim is the CTO @ Cyderes, the merged cybersecurity powerhouse of Fishtech Group and Herjavec Group, leading the talented engineers who build all of our tech stacks for our managed security services businesses. Tim also earned several degrees, certifications, held a PhD research fellowship, presented at many conferences, and contributed open source software.
Twitter: @malcomvetter
Description:
Tim MalcomVetter will be doing the keynote talk at Adversary Village this year!
Return to Index - Add to
- ics Calendar file
BHV - Friday - 14:30-15:59 PDT
Title: How to have an extraterrestrial conversation. Active METI Principles and Hackathon!
When: Friday, Aug 12, 14:30 - 15:59 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map
Speakers:Chris Richardson,Éanna Doyle
SpeakerBio:Chris Richardson
Chris is a designer and multidisciplinary space scientist focusing on the human factors of planetary settlements, currently exploring the role decentralization can play in generating METI. He got his bachelor’s in international relations at Virginia Commonwealth University in Richmond and he is currently pursuing a master’s in space studies at International Space University in Strasbourg.
SpeakerBio:Éanna Doyle
Éanna is an astrophysicist that has a penchant for being able to understand and expand upon humanities concepts while being able to talk to the human motivations for scientific advancement and exploration. She got her bachelor’s in astrophysics at Trinity College in Dublin and she is currently pursuing a master’s in space studies at International Space University in Strasbourg.
Description:
This workshop is on Messages to Extra-Terrestrial Intelligence (METI) and their principles. During the workshop, you will decode an active METI and then you will work together to think about, design, and create the next active METI. We will broadcast the workshop’s fan favorite METI over VHF to Proxima b in the Alpha Centauri System, as decided by the discord.
Return to Index - Add to
- ics Calendar file
CPV - Friday - 13:30-13:59 PDT
Title: How to Respond to Data Subject Access Requests
When: Friday, Aug 12, 13:30 - 13:59 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
SpeakerBio:Irene Mo
Irene Mo is an associate with Hintze Law PLLC, a boutique privacy firm providing counseling exclusively on global data protection.
Irene counsels clients on a wide range of privacy and data security issues, including conducting and setting up Records of Processing Activities, Data Protection Impact Assessments, implementing global data protection programs, and integrating privacy protections into emerging technology. Irene has experience with the California Consumer Protection Act, EGeneral Data Protection Regulation, the Federal Trade Commission Act, Health Insurance Portability and Accountability Act Privacy Rule, and cybersecurity.
Before Hintze Law, Irene was a Senior Associate at Aleada Consulting and gained valuable experience as a legal technology consultant helping organizations with project management, lean-process improvement, content creation, and community building.
As Community Lead for Women in Security and Privacy, Irene helps with fundraising and event planning by fostering engagement with WISP’s corporate sponsors.
Description:
International and United States privacy laws provide individuals with rights to the personal information companies have about them. One of the most exercised rights is the right to access personal information. This talk will explain: 1) what are data subject rights; 2) who has these rights; 3) how to respond to access requests; 4) methods for responding to data subject rights requests; and 5) what to know before implementing a privacy automation vendor.
Return to Index - Add to
- ics Calendar file
DCGVR - Friday - 13:00-13:59 PDT
Title: How to Start and Run a Group
When: Friday, Aug 12, 13:00 - 13:59 PDT
Where: Virtual - DEF CON Groups VR
SpeakerBio:Xray
xray has been hosting DC404 since 2013 and is co-founder of Altanta Locksport. He has been the Affiliates Director of the International Jugglers Association, assistant director of the The Tampa Bay Juggler's Club, and currently a member of the Atlanta Juggler's Association. While working at Georgia Tech as the head of cybersecurity for the College of Computing, xray sponsored the student hacking/cybersecurity organization Grey Hhttps://twitter.com/T, and their CTF team the Mad Hhttps://twitter.com/tters. xray is a regular presenter at security/hacking conferences and is a co-developer of the Network King of the Hill (NetKotH) CTF.
Twitter: @NoBoxLabs
Description:
How To Start and Run A Group: This will cover most everything you will need to start and run a group. It applies to all types, from DEF CON Groups, to juggling clubs. I will cover the secret sauce from finding a place to meet, to governance and finances, and most importantly how to make it fun.
Return to Index - Add to
- ics Calendar file
BHV - Friday - 12:30-13:30 PDT
Title: How to stop Surveillance Captalism in Healthcare
When: Friday, Aug 12, 12:30 - 13:30 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map
Speakers:Andrea Downing,Jillian Simons,Valencia Robinson
SpeakerBio:Andrea Downing
Andrea Downing is a cancer advocate turned security researcher. Her work has been featured on CNN, Fortune, and The Verge, and has catalyzed an urgent dialogue on national health privacy policy and the need for protections outside of HIPAA. Andrea has co-founded a nonprofit called The Light Collective to work with vulnerable patient groups seeking digital rights and safe spaces for patient support communities on social media.
SpeakerBio:Jillian Simons
Jillian Simons is a passionate advocate for the rights of individuals when it comes to data privacy and protection. She is a U.S. Navy veteran with 18 years of experience in data privacy and security, served eight years in the military as a cybersecurity analyst Her work focuses on consumer rights and corporate obligations relating to data privacy and security. Jillian also has intellectual property experience in the health/life sciences industry and is a graduate of Harvard Law School, where she focused on policy and cyberlaw, and Georgetown University, where she focused on leadership and ethics.
SpeakerBio:Valencia Robinson
Valencia Robinson is a breast cancer survivor, co-founding member of The Light Collective. As a patient advocate with 15 years experience working in the breast cancer community, Valencia is working to advance digital rights for patients and ensure technologies affecting the lives of her community have representation from people of color in the governance and design.
Description:
The Light Collective will share how ad targeting tools in healthcare leak PHI from hospitals and other HIPAA covered entities at an unprecedented scale. We'll cover the ways surveillance capitalism in healthcare has caused harm to patient populations during the pandemic. We'll walk through common marketing tactics and techniques used in healthcare which create an effective kill chain when exploited. Finally, we'll discuss legal & policy implications.
Return to Index - Add to
- ics Calendar file
RHV - Friday - 10:00-13:59 PDT
Title: Human Chip Implants
When: Friday, Aug 12, 10:00 - 13:59 PDT
Where: Caesars Forum - Alliance 310, 320 (Retail Hacking Village) - Map
Description:
Show up with your dangerous things purchase, and our professional body mod artist will implant them for you.
Return to Index - Add to
- ics Calendar file
SKY - Friday - 10:35-11:25 PDT
Title: Hundreds of incidents, what can we share?
When: Friday, Aug 12, 10:35 - 11:25 PDT
Where: LINQ - BLOQ (SkyTalks 303) - Map
Speakers:Brenton Morris,Guy Barnhart-Magen
SpeakerBio:Brenton Morris
Sr Incident Responder at Profero. Brenton leads Incident Response engagements on a daily basis. From sophisticated cloud attackers to ransomware events. Brenton has a unique set of combined security research and devoper experience, allowing him to resolve many cyber-attacks while fully understanding the impact on production systems.
Twitter: @_scrapbird
SpeakerBio:Guy Barnhart-Magen
With nearly 25 years of experience in the cyber-security industry, Guy held various positions in both corporates and startups.
In his role as the CTO for the Cyber crisis management firm Profero his focus is making incident response fast and scalable, harnessing the latest technologies and a cloud native approach.
Most recently, he led Intel’s Predictive Threat Analysis group who focused on the security of machine learning systems and trusted execution environments. At Intel, he defined the global AI security strategy and roadmap. He spoke at dozens of events on the research he and the group have done on Security for AI systems and published several whitepapers on the subject.
Guy is the BSidesTLV chairman and CTF lead, a Public speaker in well known global security events (SAS, t2, 44CON, BSidesLV, and several DefCon villages to name a few), and the recipient of the Cisco “black belt” security ninja honor – Cisco’s highest cybersecurity advocate rank.
He started as a software developer for several security startups and later spent eight years in the IDF. After completing his degrees in Electrical Engineering and Applied Mathematics, he focused on security research, in real-world applications.
He joined NDS (later acquired by Cisco). He led the Anti-Hacking, Cryptography, and Supply Chain Security Groups (~25 people in USA and Israel).
Twitter: @barnhartguy
Description:
There are two types of organizations, those that were breached and those that are not ware yet...
For most organizations, it is easier to buy blinky lightboxes and tick various compliance boxes (ISO27001 looking at you!) than improve their security posture.
We repeatedly see in the field that the vast majority of incidents could have been contained or even prevented if the effort had been spent in the right place.
We have some good statistics on what works, what can help, and what is generally a waste of effort with hundreds of incidents handled.
Most of the organizations that we see get breached are not Fortune 500 companies; they don't have colossal security budgets - but they do have a dedicated team that is doing their best to make a difference.
In this talk, we will cover some of our experience in what works in the real world and how you can focus your efforts on getting the correct data to respond and close incidents fast.
Invariably, the goal is not to have 100% security (no one will fund that!) but to get the business back on its feet ASAP and resume business operations. Planning for that takes dedication and focus - but it can be done!
we will focus in our talk on the pillars that would make your incident response plan work:
Getting the right team in place
Communication!
Data collection, access to systems
Access to forensics and response tools when you need them
This talk will outline common gaps and compare examples of these two types of organizations from actual incidents to highlight the real-life implications of lack of preparation, which affects the outcome of an incident.
Return to Index - Add to
- ics Calendar file
DC - Friday - 17:00-17:45 PDT
Title: Hunting Bugs in The Tropics
When: Friday, Aug 12, 17:00 - 17:45 PDT
Where: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
SpeakerBio:Daniel Jensen
Daniel (aka dozer) works as a security consultant at a large cybersecurity company. He has been a professional penetration tester for several years, and has discovered numerous vulnerabilities in a wide range of software. He currently lives in New Zealand, and his favourite animal is the goose.
Twitter: @dozernz
Description:
Aruba Networks makes networking products for the enterprise. I make enterprise products run arbitrary code.
Over the past couple of years, I've been hunting for vulnerabilities in some of Aruba's on-premise networking products and have had a bountiful harvest. A curated (read: patched) selection of these will be presented for your enjoyment. Pre-auth vulnerabilities and interesting bug chains abound, as well as a few unexpected attack surfaces and a frequently overlooked bug class.
This talk will explore some of the vulnerabilities I've found in various products in the Aruba range, and include details of their exploitation. I'll elaborate on how I found these bugs, detailing my workflow for breaking open virtual appliances and searching for vulnerabilities in them.
Return to Index - Add to
- ics Calendar file
AIV - Friday - 11:00-11:50 PDT
Title: I’m not Keylogging you! Just some benign data collection for User Behavior Modeling
When: Friday, Aug 12, 11:00 - 11:50 PDT
Where: Caesars Forum - Summit 220->236 (AI Village) - Map
SpeakerBio:Harini Kannan
No BIO available
Description:
User and Entity Behavior Analysis (UEBA) has been an active area of research in cybersecurity for years now. Advancements in unsupervised machine learning methodologies have made UEBA models effective in detecting anomalous drifts from baseline behavior. But when collecting user generated systems data from a cluster of machines in the cloud or from an endpoint, the data scientist gets access to human generated raw features, which keys are typed when, and what are those. This starts off as acceptable but wades into the grey area of almost keylogging users which is dangerous.
In this talk, we will go through a real example of how a user behavior experiment was set up, right from building the features to running the data collection script within containers to flushing the raw data regularly and the users sending only aggregated metrics to the data scientists for model building and analysis. We’ll go through the entire setup from data collection and data flushing to model building by creating weak labels and further analysis.
Return to Index - Add to
- ics Calendar file
CPV - Friday - 15:00-15:30 PDT
Title: ID theft insurance - The Emperor’s new clothes?
When: Friday, Aug 12, 15:00 - 15:30 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
SpeakerBio:Per Thorsheim
Per Thorsheim is the founder of PasswordsCon, a conference dedicated to passwords, pins & anything digital authentication. By night he tries to fix security & privacy issues on the Internet, especially concerning DNS, email & authentication. He revealed Linkedin got breached in 2012, and got personally involved with the Ashley Madison breach in 2015, both topics of previous talks in Vegas, including at CPV. He is well known for his presentation skills, and if you read all the way to here: he claims to know your next password.
Description:
You’ve got ID theft insurance bundled with other insurance products. No, you can’t unselect the id theft insurance part. No, you can’t have just one of them, & you pay for all of them. They are not valid if you get fooled/tricked. The insurance is not valid if the theft is committed by close relatives. The insurance is not valid if they don’t target you personally, outside of work. They will not cover any monetary losses you may suffer, but will pay lawyers to tell you how to try to clean up your digital life - no guarantees provided. The primary business of the id theft insurance company is building effective customer loyalty programs through data collection & management. Oh, and they will use your personal data to «search for your personal data on the dark web to see if it has already leaked».
What could possibly go wrong?
This is my story, after I fell into a rabbit hole of security & privacy issues. Supposedly safe within the EU & GDPR borders governing my privacy.
Return to Index - Add to
- ics Calendar file
GHV - Friday - 17:00-17:30 PDT
Title: Imposter Syndrome- The Silent Killer of Motivation
When: Friday, Aug 12, 17:00 - 17:30 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map
SpeakerBio:Melissa Miller
Melissa is a Managing Security Consultant at NetSPI, based out of Minneapolis, MN. Her current role consists of instructing NetSPI University students (a training program for those that are new to penetration testing) and overseeing the performance of web application pentests. In addition to web application testing, she also dabbles in social engineering, cloud, and network testing. She has her BSc in Computer Science from the University of Minnesota as well as OSCP and CEH certifications. Outside of work, Melissa enjoys playing board and video games, staying active with her two standard poodles, and lazy evenings watching TV with her husband.
Description:
Discussion around Imposter Syndrome and its effect
Return to Index - Add to
- ics Calendar file
BTV - Friday - 13:00-13:59 PDT
Title: Improving security posture of MacOS and Linux with Azure AD
When: Friday, Aug 12, 13:00 - 13:59 PDT
Where: Virtual - BlueTeam Village - Talks
Speakers:Michael Epping,Mark Morowczynski
SpeakerBio:Michael Epping
Michael Epping is a Senior Product Manager in the Azure AD Engineering team at Microsoft. He is part of the customer experience team and his role is to accelerate the adoption of cloud services across enterprise customers. Michael helps customers deploy Azure AD features and capabilities via long-term engagements that can last years, as well as working within the engineering organization as an advocate on behalf of those customers. Michael has more than 9 years of experience working with customers to deploy Microsoft products like Azure AD, Intune, and Office 365.
SpeakerBio:Mark Morowczynski
Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was PFE supporting Active Directory, Active Directory Federation Services and Windows Client performance. He was also one of the founders of the AskPFEPlat blog. He's spoken at various industry events such as Black Hat, Defcon Blue Team Village, Blue Team Con, GrayHat, several BSides, Microsoft Ignite, Microsoft MVP Summits, The Experts Conference (TEC), The Cloud Identity Summit, SANs Security Summits and TechMentor.
Description:
We are from the Microsoft identity product group responsible for Active Directory and Azure Active Directory. We’ve noticed many customers struggle to deliver a good end user experience to their Apple and Linux Platforms. There are various ways to do this, but many customers are simply unaware of recommended configurations and best practices. This will be a deeply technical session that focuses not only on what can be done to improve this experience, but how the underlying Microsoft, Linux, and Apple technologies can work better together.
Most organizations have Windows, MacOS and Linux in their environment. Typically many of the security controls that are applied to Windows are not applied to MacOS or Linux, due to the size of the footprint and the difficulty of implementation. This can lead to holes in an organization's overall security posture as well as a poor end user experience.
Recently, Azure AD has released some new functionality to help improve the overall environment security posture for MacOS and Linux, both servers and clients. We'll discuss how these pieces work deep down and some best practices on deploying them.
Return to Index - Add to
- ics Calendar file
MIV - Friday - 16:00-16:59 PDT
Title: Information Confrontation 2022 - A loud war and a quiet enemy
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
SpeakerBio:Luke Richards (Wbbigdave)
Luke Richards has many years of experience in IT and cyber security, having built corporate networks and complex applications, through to running threat intelligence and incident response for organizations across the globe. Recently his focus has been trends in cyber security, information intelligence and how these relate to real world events.
Description:
In 2022 Russia invaded Ukraine. The manner in which this happened and the tactics used on all sides to frame this invasion cut deep to how we perceive media and information across the worldwide. This information confrontation is something the west is ill prepared to combat whereas this has been the operation for Russia for a long time. This however is also a background for the confrontation taking place in the networks across Europe and likely the East of the world. We are seeing joined up operations of Kinetic, Information, and Cyber warfare being conducted from all levels of the military. No longer can we ignore the power of joint operations and multi domain warfare. The focus of this talk will be information gathering and extrapolation
Return to Index - Add to
- ics Calendar file
RCV - Friday - 10:50-11:35 PDT
Title: Information Confrontation 2022 – A loud war and a quiet enemy
When: Friday, Aug 12, 10:50 - 11:35 PDT
Where: LINQ - 3rd flr - Social B and C (Recon Village) - Map
SpeakerBio:Luke Richards (Wbbigdave)
Luke Richards has many years of experience in IT and cyber security, having built corporate networks and complex applications, through to running threat intelligence and incident response for organizations across the globe. Recently his focus has been trends in cyber security, information intelligence and how these relate to real world events.
Description:
In 2022 Russia invaded Ukraine. The manner in which this happened and the tactics used on all sides to frame this invasion cut deep to how we perceive media and information across the worldwide. This information confrontation is something the west is ill prepared to combat whereas this has been the operation for Russia for a long time. This however is also a background for the confrontation taking place in the networks across Europe and likely the East of the world. We are seeing joined up operations of Kinetic, Information, and Cyber warfare being conducted from all levels of the military. No longer can we ignore the power of joint operations and multi domain warfare. The focus of this talk will be information gathering and extrapolation
Return to Index - Add to
- ics Calendar file
VMV - Friday - 14:00-14:59 PDT
Title: Information Operations
When: Friday, Aug 12, 14:00 - 14:59 PDT
Where: Caesars Forum - Alliance 313-314, 320 (Voting Village) - Map
Speakers:Bryson Bort,Nicole Tisdale,Trapezoid
SpeakerBio:Bryson Bort
Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow with the Atlantic Council’s Cyber Statecraft Initiative, the National Security Institute, and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber in 2020 by Business Insider.
Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.
Twitter: @brysonbort
SpeakerBio:Nicole Tisdale
, Director of The White House National Security Council (2021-2022) - Director of the U.S. Committee on Homeland Security (2009-2019)
For a decade, I worked in the United States House of Representatives Committee on Homeland Security. In that position, I served as the director of intelligence and counterterrorism and the director of outreach and coalitions. In those positions, I advised Members of Congress on national security policy matters and legislation related to intelligence, counterterrorism, cyber, and law enforcement. I also worked to convene a wide range of stakeholders, build common solutions, and harness support for legislation and oversight to advance the Committee’s priorities to help secure our Nation.
Before my time on the homeland committee, I served in a number of policy and political fellowships and internships including: the United States Senate, the Mississippi Innocence Project, the City of Birmingham (Alabama) Department of Youth Services, the Mississippi Family Law Clinic (Domestic Violence), and numerous political and advocacy campaigns.
Twitter: @HiNicoleTisdale
SpeakerBio:Trapezoid
No BIO available
Description:
Discussion about how information operations have changed from 2015 to today and what we can predict about the future. Additionally, the panel will cover how war was once fought on land, then progressed to sea, then underwater and air, followed by space and cyber. We have to realize that information space warfare is the new domain of war.
Return to Index - Add to
- ics Calendar file
HHV - Friday - 15:00-15:45 PDT
Title: Injectyll-Hide: Build-Your-Own Hardware Implants
When: Friday, Aug 12, 15:00 - 15:45 PDT
Where: Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village) - Map
Speakers:Jeremy Miller,Jonathan Fischer
SpeakerBio:Jeremy Miller
Jeremy Miller is a 12+ year security professional that has worked in various industries including life-sciences, finance, and retail. Jeremy has worked both sides of the security spectrum ranging from Security Research, Red Teaming and Penetration Testing to Threat Intelligence and SOC Analyst. Jeremy currently works as a Security Technical Lead for an emerging R&D Life Science Platform where he works on product and infrastructure security.
SpeakerBio:Jonathan Fischer
Jonathan Fischer is a hardware and IoT security enthusiast that started off designing, programming, and implementing electronic controls for industrial control systems and off-highway machinery. After a decade in that industry, Jonathan obtained his BS in Computer Science and transitioned over to the cyber security industry where he has been working as a Red Team consultant and researcher for more than five years at a Fortune 500. Since joining the cyber security industry, Jonathan has since earned various industry certifications (OSCP, GPEN, etc.) and continues to leverage his unique experience in his research into hardware hacking.
Description:
Hardware implants are not a new topic; however, their evolution seems to have stagnated outside of closed source, for-profit solutions. The disadvantage to these is that they lack the customization to adapt to large targeted deployments. Open-source projects exist but focus more on individual workstations (dumb keyboards/terminals), relying on corporate networks for remote control. This leaves a gap that we decided to address with our research. Our solution is an open source, hardware implant which adopts IoT technologies, using non-standard channels to create a remotely managed mesh network of hardware implants. Attendees will learn how we created a new breed of open-source hardware implant, along with lessons that we learned throughout the project. Topics covered in this talk include a detailed dive into the hardware that we used, the evolution of the project from start to finish, the complete design of our project, and our lessons learned along the way. Attendees will also be able to interact with a live version of the project.
Return to Index - Add to
- ics Calendar file
CHV - Friday - 14:30-15:10 PDT
Title: Integrating mileage clocking and other hacking equipment into a vehicle simulator rig
When: Friday, Aug 12, 14:30 - 15:10 PDT
Where: Virtual - Car Hacking Village
SpeakerBio:David Rogers
No BIO available
Description:
This talk will explain how we were able to get real-world car hacking equipment for mileage clocking up and running in our own vehicle hacking simulator in order to help us reverse engineer and also demo it (without getting arrested). David Rogers will also explain how rigs can be built to include in other types of equipment, from head units to dashcams. He will show how the rig has also been adapted to allow others to ‘remotely control’ elements of the vehicle – including removing the brakes and accelerator, which provides a truly terrifying, immersive experience (with motion) of what it would be like to be in car where things are in the control of a malicious third party, not the driver. The talk will conclude with what needs to be done in the future autonomous and connected vehicle space to ensure safety and security.
Return to Index - Add to
- ics Calendar file
RFV - Friday - 12:30-12:59 PDT
Title: Intro guide to keyfob hacking
When: Friday, Aug 12, 12:30 - 12:59 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
SpeakerBio:Woody
Woody likes to do RF stuff, a lot of it with cars. He can be found in the RF Hackers Sanctuary
Twitter: @tb69rr
Description:
We did the Ford Raptor attack but there is so much more to show. There have been several recent release of vehicle vulnerabilities. In this quick intro to keyfobs we will discuss some easy steps to find vulnerabilities. These are the steps we use to discover if a vehicle is susceptible to replay attacks. We will have some demos and the flowchart we use to start finding flaws with rolling code protocols. After this talk you will have some great starting point to do your own RF exploitation of vehicles. This is the talk for you if you want to attack vehicles or just have 30 minutes to kill.
Return to Index - Add to
- ics Calendar file
LPV - Friday - 10:15-10:45 PDT
Title: Intro to Lockpicking
When: Friday, Aug 12, 10:15 - 10:45 PDT
Where: Caesars Forum - Summit 203-204, 235 (Lock Pick Village) - Map
SpeakerBio:TOOOL
No BIO available
Description:
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
Return to Index - Add to
- ics Calendar file
LPV - Friday - 13:00-13:30 PDT
Title: Intro to Lockpicking
When: Friday, Aug 12, 13:00 - 13:30 PDT
Where: Caesars Forum - Summit 203-204, 235 (Lock Pick Village) - Map
SpeakerBio:TOOOL
No BIO available
Description:
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
Return to Index - Add to
- ics Calendar file
LPV - Friday - 16:00-16:30 PDT
Title: Intro to Lockpicking
When: Friday, Aug 12, 16:00 - 16:30 PDT
Where: Caesars Forum - Summit 203-204, 235 (Lock Pick Village) - Map
SpeakerBio:TOOOL
No BIO available
Description:
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
Return to Index - Add to
- ics Calendar file
WS - Friday - 09:00-12:59 PDT
Title: Introduction to Cryptographic Attacks
When: Friday, Aug 12, 09:00 - 12:59 PDT
Where: Harrah's - Ely (Workshops) - Map
SpeakerBio:Matt Cheung
, Hacker
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given workshops at the Boston Application Security Conference, BSidesLV, DEF CON, and the Crypto and Privacy Village.
Description:
Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world, including CVE-2020-0601. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap.
- Materials
- A laptop with VMWare or VirtualBox installed and capable of running a VM.
- Prereq
- Students should be comfortable with modular arithmetic and the properties of XOR. Experience in Python or other similar language will be a plus.
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-17:59 PDT
Title: IoT Village CTF (the CTF formally known as SOHOplessly Broken)
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Alliance 311, 320 (IoT Village) - Map
Description:
The IoT Village CTF has over 30+ devices and challenges to find and exploit vulnerabilities in real IoT devices. Players, or teams up to 6 people, can register and compete against one another to win great prizes!. With an overall focus on real-life consequences, this year's CTF is the newest and best IoT Village CTF yet! The challenges will require creative thinking, knowledge in networking, and competency in exploit development to claim the top prize. Prizes will be awarded to the top 3 teams/players at the end of the event
IoT Village Hacking CTF is hosted in IoT Village, teams of 1-6 players access a local network filled with IoT devices primed to be exploited. You will compete against others by successfully exploiting real IoT products and finding the hidden flags in each. The hacking contest features more than 30 real-world, vulnerable IoT devices.
This event has been redesigned to include challenges which highlight tangible impacts when exploiting real vulnerabilities on real IoT devices. Hidden in the network are devices which require advanced skills to exploit or require creative attack chaining to find the flag. Players will encounter unique hacking scenarios like, exfiltrating files off a NAS to find “clues” or bypassing a router firewall to access a camera on a hidden network to “see” a flag. Prepare to outwit, see, sneak, move, and listen your way through these hidden scenarios which have a cyber-physical effect.
The IoT devices in the contest are not simulated and do not contain contrived/made-up vulnerabilities. Competitors must figure out what real-world vulnerabilities exist in these devices and exploit them to get a shell and find the flag. This is what makes the IoT Village CTF special.
This 3-time DEF CON Black Badge awarded contest CTF is open to anyone! Our contest provides a wonderful experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around!
A few devices are approachable for entry level people to experience getting their first root shell, but to win this CTF your team must perform detailed network reconnaissance, lateral pivoting, vulnerability research, hardware hacking, firmware analysis, reverse engineering, and exploit development.
So, join a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.
Return to Index - Add to
- ics Calendar file
IOTV - Friday - 10:00-17:59 PDT
Title: IoT Village CTF Challenges
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Alliance 311, 320 (IoT Village) - Map
Description:
Dive into hacking challenges with HTB at the IoT Village DEFCON 30 CTF. “House Edge” is a themed CTF challenge that aims to have the players travel through a mission inside a space casino with the final goal of accessing a safe box to retrieve its contents. Each challenge is a standalone and does not require to have solved any other challenges. That said, the content is structured in a specific order that helps facilitate the scenario, which at a high level can be broken down into the following side-tasks of the mission:
Gain access to the main security system to avoid being identified
Steal RFID credentials of the reads in the open areas to gain access to restricted areas
Disable the additional motion sensors in the restricted areas to avoid triggering an alarm
Open a safe box and retrieve its contents.
Return to Index - Add to
- ics Calendar file
RFV - Friday - 13:30-13:59 PDT
Title: Keeping Your Distance: Pwning RFID Physical Access Controls From 6FT and Beyond
When: Friday, Aug 12, 13:30 - 13:59 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
Speakers:Daniel Goga,Langston Clement (aka sh0ck)
SpeakerBio:Daniel Goga
Dan Goga serves as a Security Consultant with Core BTS focused on conducting penetration testing and vulnerability assessments. Dan Goga has seven years of information security experience in the public, private, and academic sectors. Dan has extensive knowledge and experience with RFID hacking, phishing techniques, social engineering techniques, and penetration testing Microsoft Active Directory and cloud environments.
Twitter: @_badcharacters
SpeakerBio:Langston Clement (aka sh0ck)
Langston Clement (sh0ck) grew up reading stories about the 90's hacker escapades and then after years of observing the scene, he jumped into the cybersecurity field and never looked back. He is the current lead for Red Team operations and Penetration Testing engagements at Core BTS. With over fifteen (15) years of public and private sector experience in cybersecurity and ethical hacking, his goal is to provide organizations with valuable and actionable information to help improve their security posture. Langston's specializations focus on modern-day social engineering techniques, wireless and RFID attacks, vulnerability analysis, as well as physical and cloud penetration testing.
Twitter: @sh0ckSec
Description:
Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge if you must stay at least 6 feet from a person? Over the past two years, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge. Langston and Dan discuss their Red Team adventures and methods that can be used beyond a social distancing era. This presentation is supplemented with files and instructions that are available for download so you can build your own unique standalone gooseneck reader and wall implant devices!
Return to Index - Add to
- ics Calendar file
DCGVR - Friday - 10:00-10:59 PDT
Title: Keynote
When: Friday, Aug 12, 10:00 - 10:59 PDT
Where: Virtual - DEF CON Groups VR
SpeakerBio:Jayson E. Street
Hacker, Author. Speaker, Scientific Hooligan, @defcongroups & @HackNotCrime Ambassador! Learning & always hoping to teach!
Twitter: @jaysonstreet
Description:
An amazing keynote by Jayson. You'll just have to come and see for yourself.
Return to Index - Add to
- ics Calendar file
DC - Friday - 18:00-18:45 PDT
Title: Killer Hertz
When: Friday, Aug 12, 18:00 - 18:45 PDT
Where: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
SpeakerBio:Chris Rock
, Hacker
Chris Rock is a Cyber Mercenary who has worked in the Middle East, US and Asia for the last 30 years working for both government and private organizations. ˇHe is the Chief Information Security Officer and co-founder of SIEMonster.
Chris is an Information Security researcher who specializes on vulnerabilities in global systems. He presented at the largest hacking conference in the world, I Will Kill You? at DEFCON 23 in Las Vegas. Where he detailed how hackers could create fake people and kill them using vulnerabilities in the Birth and Death Registration systems around the world. Chris also presented How to Overthrow a Government? at DEFCON 24, working with the coup mercenary Simon Mann.
Chris is also the author of the Baby Harvest, a book based on criminals and terrorists using virtual babies and fake deaths for financing. He has also been invited to speak at TED global.
Twitter: @chrisrockhacker
Description:
Governments and the private sector around the world spend billions of dollars on Electronic Counter Measures (ECMs) which include jamming technologies. These jammers are used by police departments to disrupt criminal communication operations as well as in prisons to disrupt prisoners using smuggled in cell phones. The military use jammers to disrupt radar communications, prevent remote IEDs from triggering and radio communications. The private sector use jammers to disrupt espionage in the board room and to protect VIPS from RC-IEDs.
What if there was a way of communicating that was immune to jammers without knowing the point of origin. A way of communicating at short to medium distances, an Electronic Counter Countermeasure ECCM to the jammer.
Using a custom-built Tx/Rx, I will use the earth’s crust to generate a H-field Near Field Communication (NFC) channel spanning 1-11km away in the sub 9 kHz range to communicate encrypted messages in a jammed environment.
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-19:59 PDT
Title: Kubernetes Capture The Flag
When: Friday, Aug 12, 10:00 - 19:59 PDT
Where: Virtual
Description:
The DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.
A scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.
Friday: 10:00-20:00
Saturday: 10:00-17:00
Return to Index - Add to
- ics Calendar file
AIV - Friday - 15:00-15:50 PDT
Title: LATMA - Lateral movement analyzer
When: Friday, Aug 12, 15:00 - 15:50 PDT
Where: Caesars Forum - Summit 220->236 (AI Village) - Map
SpeakerBio:Gal Sadeh
No BIO available
Description:
Lateral movement is the stage in which attackers spread in networks following initial access. so far, reliable detections of lateral movement attacks from a given set of authentications is an unaddressed challenge. This talk will present a new online algorithm for detecting lateral movement attacks which provides one false positive a day, 30 times better than the state-of-the-art algorithms. Our algorithm was trained and tested on data from more than 20 different enterprise environments. The detection method combines domain knowledge, practical machine learning and algorithmic tools. In addition, we will present the offline tool LATMA which collects authentication AD logs, finds suspected lateral movement based on our algorithm and visualises the results. We will explain how to analyse lateral movement attacks using LATMA’s visualisations and demonstrate it.
Return to Index - Add to
- ics Calendar file
SOC - Friday - 18:00-17:59 PDT
Title: Lawyers Meet
When: Friday, Aug 12, 18:00 - 17:59 PDT
Where: Harrah's - Parlor D & The Veranda (Meetup) - Map
Description:
If you’re a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join Jeff McNamara for a friendly get-together, drinks, and conversation.
Return to Index - Add to
- ics Calendar file
GHV - Friday - 13:30-14:30 PDT
Title: Leading the Way
When: Friday, Aug 12, 13:30 - 14:30 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map
Speakers:Alshlon Banks,Eric Belardo,Monique Head,Rebekah Skeete,Yatia Hopkins,Mari Galloway,Tennisha Martin
SpeakerBio:Alshlon Banks
No BIO available
SpeakerBio:Eric Belardo
No BIO available
SpeakerBio:Monique Head
Monique Head is known as a dynamic and accomplished, bilingual senior cybersecurity leader and educator with progressive experience in guiding cybersecurity training & awareness, compliance, and strategy development for industry leaders such as Netflix, Palo Alto Networks, PayPal, HP, and Visa. She possesses a passion for working in dynamic, global, business environments utilizing project management, learning technologies and instructional design methodologies to optimize learning ecosystems, communication efforts and employee knowledge. She drives strategic training initiatives that increase security acumen and customer/employee adoption to drive down security risk. With an expertise in developing, initiating & implementing online/traditional learning programs, crafting eLearning strategies, and creating innovative cost-effective training products/programs she has a proven method to improve security behaviors. She has a special interest in learning technologies such as xAPI, learner analytics, and multimedia communication delivery channels to uplift the security acumen of organizations. Her latest endeavor includes founding a nonprofit organization, CyberTorial, to help educate young girls of color on how to be safe online and to spark their interest in a role as a cybersecurity professional.
Monique Head is an accomplished, bilingual senior cybersecurity leader and educator experienced in guiding cybersecurity training & awareness, compliance, and strategy development for industry leaders such as Netflix, Palo Alto Networks, PayPal, HP, and Visa. She is passionate about using project management, learning technologies and instructional design methodologies to optimize learning ecosystems, communication efforts and employee knowledge. She has a special interest in learning technologies, learner analytics, and multimedia communication delivery channels to uplift the security acumen of organizations. Head founded the nonprofit, CyberTorial, to help educate young girls of color on how to be safe online and to spark their interest in a role as a cybersecurity professional.
SpeakerBio:Rebekah Skeete
Rebekah Skeete is a Security Engineer with Schellman based in Dallas, Texas. As a member of the Infrastructure and Security team, Rebekah is part of a collaborative group of technology professionals that serve as the primary technical resource to help safeguard the organization's computer networks and systems. In her role she is responsible for planning and carrying out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
Prior to joining Schellman in 2022, Rebekah worked for the Texas Rangers in a myriad of roles including Cybersecurity Analyst and Manager of IT Applications and Operations. During the construction of the Rangers new state-of-the-art ballpark, Globe Life Field, Rebekah assisted the Rangers IT department in creating plans to transition over 200 front office employees to their new workspaces. Outside baseball and IT, Rebekah is also interested in politics and started volunteering for campaigns in 2008. From 2013- 2016, she served as a Campaign Manager in the Dallas-Fort Worth area. In 2015, she attended the Women’s Campaign School at Yale. She is the COO of BlackGirlsHack, a nonprofit organization that provides resources, training, mentoring, and access to black women to increase representation and diversity in the cyber security field. Committed to inclusion and belonging, she holds the firm belief that representation enhances the culture and community of an organization and seeks to amplify underserved voices at any table she has a seat.
SpeakerBio:Yatia Hopkins
Tia Hopkins has spent more than two decades in the IT and IT Security industry and is currently the Field CTO & Chief Cyber Risk Strategist at eSentire. In addition to her role at eSentire, Tia is an adjunct professor of Cybersecurity, a women’s tackle football coach, and a LinkedIn Learning Instructor. She is also pursuing her Executive MBA and PhD in Cybersecurity. Tia was recognized by SC Media as an outstanding educator in 2019, as well as one of The Software Report's Top 25 Women Leaders in Cybersecurity and Cyber Defense Magazine's Top 100 Women in Cybersecurity; both in 2020. In 2021, Tia was recognized as a Top Influencer in the Security Executives category by IFSEC Global and was most recently recognized by Dark Reading as #1 on the list of ‘8 More Women in Security You May Not Know, but Should’ in 2022. Tia contributed a chapter to the book The Rise of Cyber Women: Volume 2 in 2021 and co-authored ‘ Hacking the Cybersecurity Interview’ with Ken Underhill and Chris Foulon, which is currently available for pre-order. She is also the Founder of Empow(H)er Cybersecurity, a non-profit organization aimed at inspiring and empowering women of color to pursue cybersecurity careers.
SpeakerBio:Mari Galloway
No BIO available
SpeakerBio:Tennisha Martin
Tennisha Martin is the founder and Executive Director of BlackGirlsHack (BGH Foundation), a national cybersecurity nonprofit organization dedicated to providing education and resources to underserved communities and increasing the diversity in cyber. She has worked in a consulting capacity for over 15 years and in her spare time is a Cyber Instructor, mentor, and red-team leaning ethical hacking advocate for diversity in Cyber and the executive suites.
Twitter: @misstennisha
Description:
Panelist Discussion
Return to Index - Add to
- ics Calendar file
DC - Friday - 14:30-15:15 PDT
Title: Leak The Planet: Veritatem cognoscere non pereat mundus
When: Friday, Aug 12, 14:30 - 15:15 PDT
Where: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
Speakers:Xan North,Emma Best
SpeakerBio:Xan North
Xan North is a member of Distributed Denial of Secrets, a 501(c)(3) transparency non-profit sometimes referred to as a successor to WikiLeaks which has published leaks from over 50 countries. They have worked extensively in antifascist, anti-racist, and pro-choice activism and previously ran the Jeremy Hammond Support Committee for seven years and provided prisoner support to other associates of Anonymous.
Twitter: @brazendyke
SpeakerBio:Emma Best
Emma Best is the co-founder of Distributed Denial of Secrets, a 501(c)(3) transparency non-profit sometimes referred to as a successor to WikiLeaks which has published leaks from over 50 countries. Previously, she has filed thousands of Freedom of Information Act (FOIA) requests, helped push the Central Intelligence Agency to publish 13 million pages of declassified files online, and written hundreds of articles. More importantly, she's the proud mom of two cats, a human and many Pokémon.
Twitter: @NatSecGeek
Description:
As leaks become more prevalent, they come from an increasing variety of sources: from data that simply isn't secured, to insiders, to hacktivists, and even occassional state-actors (both covert and overt). Often treated as a threat, when handled responsibly leaks are a necessary part of the ecosystem of a healthy and free society and economy. In spite of prosecutors' love of prosecution, the eternal fixation with Fear, Uncertainty and Doubt and DDoSecrets' apocalyptic motto, leaks won't destroy the world - they can only save it.
In this presentation, we'll discuss the necessity and evolution of leaks, and how various types of leaks and sources can offer different sorts of revelations. We'll then explore how we can responsibly handle different types of leaks even during volatile and politically charged situations, as well as past failures.
We'll also debunk the myth that hacktivism is just a cover for state actors by exploring examples of entities with state ties and how they were identified, as well as how both hacktivists and state actors have been misidentified or mishandled in the past.
Finally, we'll discuss some of the lessons activists, newsrooms and governments can learn from the last decade, and where we should collectively go from here.
Return to Index - Add to
- ics Calendar file
TEV - Friday - 10:00-17:59 PDT
Title: Learn at Tamper-Evident Village
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Summit 203-204, 235 (Tamper Evident Village) - Map
Description:
Stop by anytime we're open for 1:1 or small-group teaching about tamper-evident hardware, such as mechanical seals, adhesive seals, electronic seals, and mail tampering.
Return to Index - Add to
- ics Calendar file
BTV - Friday - 14:15-15:15 PDT
Title: Lend me your IR's!
When: Friday, Aug 12, 14:15 - 15:15 PDT
Where: Virtual - BlueTeam Village - Talks
SpeakerBio:Matt Scheurer
Matt Scheurer is a show host for the ThreatReel Podcast, and also works as an Assistant Vice President of Computer Security and Incident Response in a large enterprise environment. Matt has many years of hands-on technical experience, including Digital Forensics and Incident Response (DFIR). He volunteers as a "Hacking is NOT a Crime" Advocate and as a technical mentor for the Women's Security Alliance (WomSA). Matt is a 2019 comSpark “Rising Tech Stars Award” winner, and has presented on numerous Information Security topics at many technology meetup groups and prominent Information Security conferences across the country.
Description:
This is a fun technical talk covering three of my favorite security investigations as an Incident Response professional. The presentation features demoed reenactments of actual real-world attacks. I showcase both the attacker side as well as the investigation side of these security incidents. I show and talk through example source code and explain how each of the attacks work. I then flip these scenarios around by explaining how to use numerous free and open-source tools to investigate those same security incidents. Each scenario is closed by covering the follow-up remediation steps.
Protecting systems and networks as a tech defender means withstanding a constant barrage of unsophisticated attacks from automated tools, botnets, crawlers, exploit kits, phish kits, and script kiddies; oh my! Occasionally, we encounter attacks worthy of style points for creativity or new twists on old attack techniques. This talk features demoed reenactments from some advanced attacks investigated by the presenter. The demos showcase technical deep dives of the underpinnings from both the attacker and investigator sides of these attacks. Attendee key takeaways are strategies, freely available tools, and techniques helpful during incident response investigations.
Return to Index - Add to
- ics Calendar file
DC - Friday - 17:00-17:45 PDT
Title: Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS
When: Friday, Aug 12, 17:00 - 17:45 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
SpeakerBio:Orange Tsai
, Principal Security Researcher of DEVCORE
Cheng-Da Tsai, aka Orange Tsai, is the principal security researcher of DEVCORE and the core member of CHROOT security group in Taiwan. He is also the champion and got the "Master of Pwn" title in Pwn2Own 2021. In addition, Orange has spoken at several top conferences such as Black Hat USA/ASIA, DEF CON, HITCON, HITB GSEC/AMS, CODE BLUE, POC, and WooYun!
Currently, Orange is a 0day researcher focusing on web/application security. His research got not only the Pwnie Awards winner for "Best Server-Side Bug" of 2019/2021 but also 1st place in "Top 10 Web Hacking Techniques" of 2017/2018. Orange also enjoys bug bounties in his free time. He is enthusiastic about the RCE bugs and uncovered RCEs in numerous vendors such as Twitter, Facebook, Uber, Apple, GitHub, Amazon, etc. You can find him on Twitter @orange_8361 and blog http://blog.orange.tw/
Twitter: @orange_8361
Description:
Hash Table, as the most fundamental Data Structure in Computer Science, is extensively applied in Software Architecture to store data in an associative manner. However, its architecture makes it prone to Collision Attacks. To deal with this problem, 25 years ago, Microsoft designed its own Dynamic Hashing algorithm and applied it everywhere in IIS, the Web Server from Microsoft, to serve various data from HTTP Stack. As Hash Table is everywhere, isn't the design from Microsoft worth scrutinizing?
We dive into IIS internals through months of Reverse-Engineering efforts to examine both the Hash Table implementation and the use of Hash Table algorithms. Several types of attacks are proposed and uncovered in our research, including (1) A specially designed Zero-Hash Flooding Attack against Microsoft's self-implemented algorithm. (2) A Cache Poisoning Attack based on the inconsistency between Hash-Keys. (3) An unusual Authentication Bypass based on a hash collision.
By understanding this talk, the audience won't be surprised why we can destabilize the Hash Table easily. The audience will also learn how we explore the IIS internals and will be surprised by our results. These results could not only make a default installed IIS Server hang with 100% CPU but also modify arbitrary HTTP responses through crafted HTTP request. Moreover, we'll demonstrate how we bypass the authentication requirement with a single, crafted password by colliding the identity cache!
Return to Index - Add to
- ics Calendar file
PHV - Friday - 10:00-17:59 PDT
Title: Linux Trainer
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map
Description:
New this year at DEF CON! Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.
Return to Index - Add to
- ics Calendar file
DC - Friday - 08:00-22:59 PDT
Title: Lost and Found Department Open (Generally)
When: Friday, Aug 12, 08:00 - 22:59 PDT
Where: Caesars Forum - Summit Pre-Function 4 (Lost & Found) - Map
Description:
If you find something that seems to have been lost, please take that item to the nearest infobooth. The item will enter the DEF CON Lost & Found system.
If you've lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in the room behind the infobooth that is in Caesars Forum, closest to Track 3 (across from rooms 222 and 407). If the infobooth is operating when you arrive, ask any on-duty goon for assistance. If the infobooth is closed, knock on the door behind the desk.
Return to Index - Add to
- ics Calendar file
DC - Friday - 15:00-15:45 PDT
Title: LSASS Shtinkering: Abusing Windows Error Reporting to Dump LSASS
When: Friday, Aug 12, 15:00 - 15:45 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
Speakers:Asaf Gilboa,Ron Ben Yitzhak
SpeakerBio:Asaf Gilboa
, Security Researcher, Deep Instinct
Asaf and Ron are Security Researchers at Deep Instinct where they both work on developing new defense capabilities based on research and understanding and novel attack techniques and vectors. After serving for several years in the advanced technological cyber units of the IDF, Asaf and Ron gained experience in the multiple aspects of technical cyber-security work including forensics, incident response, development, reverse engineering and malware research.
SpeakerBio:Ron Ben Yitzhak
Asaf Gilboa and Ron Ben Yitzhak
Asaf and Ron are Security Researchers at Deep Instinct where they both work on developing new defense capabilities based on research and understanding and novel attack techniques and vectors. After serving for several years in the advanced technological cyber units of the IDF, Asaf and Ron gained experience in the multiple aspects of technical cyber-security work including forensics, incident response, development, reverse engineering and malware research.
Description:
This presentation will show a new method of dumping LSASS that bypasses current EDR defenses without using a vulnerability but by abusing a built-in mechanism in the Windows environment which is the WER (Windows Error Reporting) service.
WER is a built-in system in Windows designed to gather information about software crashes. One of its main features is producing a memory dump of crashing user-mode processes for further analysis.
We will present in detail and demo a new attack vector for dumping LSASS, which we dubbed LSASS Shtinkering, by manually reporting an exception to WER on the LSASS process without crashing it. The technique can also be used to dump the memory of any other process of interest on the system.
This attack can bypass defenses that wrongfully assume that a memory dump generated from the WER service is always a benign or non-attacker triggered activity.
The talk will take the audience through the steps and approach of how we reverse-engineered the WER dumping process, the challenges we found along the way, as well as how we have managed to solve them.
Return to Index - Add to
- ics Calendar file
AIV - Friday - 13:00-13:50 PDT
Title: Machine Learning Security Evasion Competition Launch
When: Friday, Aug 12, 13:00 - 13:50 PDT
Where: Caesars Forum - Summit 220->236 (AI Village) - Map
SpeakerBio:Hyrum Anderson
No BIO available
Description:
Calling ML practitioners and security researchers to compete in two competitions. Returning to AI Village is the ML Security Evasion Competition–with new twists for the offense-minded contestant. New to AI Village this year is the ML Model Attribution Challenge for those interested in defense and compliance. There are multiple ways to win in each competition, with first place prizes at $3000 USD, honorable mention prizes at $1500 USD, and multiple student awards also valued at $1500 USD. In all, we’ll be giving away up to $20K USD divided amongst up to 9 top contestants. The challenges begin now!
In the ML Security Evasion Competition (https://mlsec.io), you are an attacker attempting to bypass HTML antiphishing models, and biometric face recognition models in two separate challenges. Modify HTML or image samples in a way to fool the models hosted by the competition sponsors. Visit https://mlsec.io to register, participate, submit and potentially win. You have 6 weeks to submit (Sep 23, 2022).
In the ML Model Attribution Challenge (https://mlmac.io), you take the role of an adjudicator, where you must determine which base model has been used for several fined-tuned generative models hosted by the competition sponsors. Query the models to investigate what might be under the hood. Students are especially encouraged to apply, with additional travel awards given to top student submissions to present results at https://camlis.org. Visit https://mlmac.io to register, participate, submit and potentially win. You have 4 weeks to submit (Sep 9, 2022).
Return to Index - Add to
- ics Calendar file
CLV - Friday - 10:50-11:30 PDT
Title: Making the most of Microsoft cloud bug bounty programs: How I made in $65,000 USD in bounties in 2021
When: Friday, Aug 12, 10:50 - 11:30 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Cloud Village) - Map
SpeakerBio:Nestori Syynimaa
Dr Nestori Syynimaa (@DrAzureAD) is one of the leading Azure AD / M365 security experts globally and the developer of the AADInternals toolkit. For over a decade, he has worked with Microsoft cloud services and was awarded Microsoft Most Valuable Security Researcher for 2021. Currently, Dr Syynimaa works as a Senior Principal Security Researcher for Secureworks Counter Threat Unit and hunts for vulnerabilities full time. He has spoken at many international scientific and professional conferences, including IEEE TrustCom, Black Hat Arsenal USA and Europe, RSA Conference, and TROOPERS.
Twitter: @DrAzureAD
Description:
Microsoft Cloud bug bounty programs are one of the most well-paid programs, including Microsoft Identity program. This program covers cloud-related Elevation of Privilege vulnerabilities, having bounties up to $100,000! But as all vulnerabilities are not worth 100k, it's good to know how to make most of the low-bounty vulnerabilities.
In this talk, I'll share my experiences on the Microsoft bounty programs from 2021, when I made $65k in bounties with six vulnerabilities. I'll show how I turned a vulnerability initially categorized as 'by-design' to $40k in bounties and how I tripled the initial $5k bounty by reporting similar findings smartly.
Return to Index - Add to
- ics Calendar file
BTV - Friday - 11:45-12:45 PDT
Title: Malicious memory techniques on Windows and how to spot them
When: Friday, Aug 12, 11:45 - 12:45 PDT
Where: Virtual - BlueTeam Village - Talks
SpeakerBio:Connor Morley
Connor Morley is a senior security researcher at WithSecure. A keen investigator of malicious TTP’s, he enjoys experimenting and dissecting malicious tools to determine functionality and developing detection methodology. As a researcher and part time threat hunter he is experienced with traditional and ‘in the wild’ malicious actors’ behaviour.
Description:
My presentation will cover malicious memory techniques which will focus on the Windows operating system. These will span from relatively simple in-line hooking techniques used to jump to malicious code or circumvent legitimate code execution, all the way to manipulation of exception handling mechanisms. The talk will also cover information on problematic situations which occur when designing detection mechanisms for such activities in the real world where cost-balancing is required for resource management.
I will explain in-line hooking, Kernel patching (InfinityHook, Ghost_in_the_logs), Heaven-Gate hooking and Vectored Exception Handler (VEH) manipulation techniques (FireWalker) and how they can be detected. In-line hooking and Heavens-Gate hooking involves the practice of manipulating the loaded memory of a module within a specific processes memory space. Kernel Patching involves injecting a hook into the Kernel memory space in order to provide a low level, high priority bypassing technique for malicious programs to circumvent ETW log publication via vulnerable kernel driver installation. VEH manipulation is the use of the high priority frameless exception mechanism in order to circumvent memory integrity checks, manipulate flow control and even run malicious shellcode. Detection for all these techniques will involve advancing from the explanation of its execution to the telemetry sources that can be leveraged for detection purposes. In all cases this involves the examination of volatile memory, however as each technique targets a different native functionality, the mechanisms required to analyze the memory differ greatly. The deviations can be relatively simple, but in some cases an understanding of undocumented mechanisms and structures is required to affect detection capability
Examination of un-tabled module function modifications will also provide insight into some of the difficulties involved in this detection development work. This section will provide the audience with a low level technical understanding of how these techniques are targeted, developed and used by malicious actors and some possible solutions for detection, with an explanation of the inherent caveats in such solutions (primarily around resource availability or accuracy trade-offs).
A full explanation on devised detection methodology and collectable telemetry will be provided for each malicious technique. This will cover the overall detection capabilities as well as exploring the low level mechanisms used to collect this data from the monitored system such as OP code heuristics and memory location attribution crossing CPU mode boundaries. Included in this explanation will be an explanation on issues encountered with collection, typically related to OS architecture choices, and how these can also be circumvented to enable effective monitoring.
Audience members should leave my presentation having a firm grasp on the fundamentals of all the techniques outlined and why attackers may choose to employ them in different scenarios. Along with a functional understanding of the malicious technique, the audience members will also be supplied with a working understanding of detection options for these techniques and clear examples of how monitoring can be deployed and integrated into their solutions.
Malicious actors are always trying to find new ways to avoid detection by evermore vigilant EDR systems and deploy their payloads. Over the years, the scope of techniques used has branched from relatively simplistic hash comparison and sandbox avoidance to low level log dodging and even direct circumvention of EDR telemetry acquisition. By examining some of the techniques used on Windows systems this talk will highlight will highlight the range of capabilities defensive operators are dealing with, how some can be detected and, in rare cases, the performance and false-positive obstacles in designing detection capability.
Return to Index - Add to
- ics Calendar file
AVV - Friday - 12:15-12:30 PDT
Title: Malware Emulation Attack Graphs
When: Friday, Aug 12, 12:15 - 12:30 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
SpeakerBio:Jack Wells
Jackson Wells is a Customer Solutions Engineer at AttackIQ with a strict focus on helping customers optimize the AttackIQ Platform, strategically execute goals, and assist with any technical needs from a security or platform perspective. As a US Navy Veteran, Jackson was able to utilize his military training and experience with cyber defense to pivot and work as a Senior Security Analyst for a well distinguished MDR, Critical Start. After several years of working Blue Team and seeing a variety of threat actor techniques with various security controls, Jackson obtained his Offensive Security Certified Professional (OSCP) certification which ultimately lead him to his next position as a Lead Detection Engineer. This role required Jackson to be up to date with evolving threats, stay ahead of the curve by helping customers modify policies for best protection, and create custom detections per platform to best detect and prevent attacks at an early stage.
Description:
Want to emulate an adversary but OSINT is light on details and you don’t have access to your own forensic incident response data from a related intrusion? Building a playbook of an adversary of interest and want to add more to it? Wonder whether endpoint security controls would detect or prevent an adversary’s malware if your AV didn’t? ATT&CK Navigator doesn’t have your malware mapped as Software? In this lightning talk I will highlight another use for malware analysis and how characteristic functions and features of a malware sample or family can serve new purposes to fill in OSINT gaps and emulate technique/procedure combinations in Python.
Return to Index - Add to
- ics Calendar file
BTV - Friday - 15:30-16:30 PDT
Title: Malware Hunting - Discovering techniques in PDF malicious
When: Friday, Aug 12, 15:30 - 16:30 PDT
Where: Virtual - BlueTeam Village - Talks
SpeakerBio:Filipi Pires
I’ve been working as Security Researcher at Saporo, Cybersecurity Advocate at senhasegura, Snyk Ambassador, Application Security Specialist, Hacking is NOT a crime Advocate and RedTeam Village Contributor. I’m part of the Coordinator team from DCG5511(DEFCON Group São Paulo-Brazil), International Speakers in Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, etc, I’ve been served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course Malware Attack Types with Kill Chain Methodology (PentestMagazine) and Malware Analysis-Fundamentals(HackerSec).
Description:
We'll walk through the structures of a PDF, analyzing each part of it, demonstrating how Threat Actors work in the inclusion of malicious components in the structures of the file, in addition to demonstrating the collection of IOC(Indicators of Attack)s and how to build IOA(Indicators of Attack) for analysis by behavior, to anticipate new attacks. Demonstrating structures in the binaries as a PDF(header/ body/cross-reference table/trailer) and performing a comparison of malicious PDFs, explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-disassembly techniques, demonstrating as a is the action of these malware’s and where it would be possible to “include” a malicious code.
Demonstrate different kind of structures in the binaries as a PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 13:00-16:59 PDT
Title: Maritime Hacking Boundary Adventure
When: Friday, Aug 12, 13:00 - 16:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS Workshop Area - Map
Description:
Have you ever wanted to run your own shipyard? To drive ships? Without permission? Then the Hacking Boundary tabletop role playing game is just for you. Hacking Boundary is a realistic, competitive, game of identifying and exploiting vulnerabilities in ports and ships. The game is designed to allow for you to bring your knowledge, skills, and abilities to the table and use these to compete against your peers. The game will last about 4 hours, and participants will have roles as attackers, defenders, or the mighty US government. Come for the competition, stay for the victory points, but try and not generate a lot of digital exhaust for the cops to find.
- Session 1 Friday August 12: 1:00 pm to 5:00 pm PDT
- Session 2 Saturday August 13: 1:00 pm to 5:00 pm PDT
- Session 3 Sunday August 14: TBD
Return to Index - Add to
- ics Calendar file
AVV - Friday - 14:00-14:30 PDT
Title: Master of Puppets: How to tamper the EDR?
When: Friday, Aug 12, 14:00 - 14:30 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
SpeakerBio:Daniel Feichter
Daniel Feichter has his original background in industrial engineering, he started 3.5 years ago more or less as an offensive security rookie in an employed relationship. For different reasons he decided to start his own company in 2022 (Infosec Tirol), with which he focuses even more on offensive security like APT testing, adversary simulation and red teaming. Daniel invests a lot of his time in learning and researching in the area of endpoint security. Based on the Windows Internals he tries day by day to better understand AV/EPP/EDR products on Windows and is always looking for new ways to bypass and evade them.
Twitter: @virtualallocex
Description:
More and more companies realize, trying to prevent malicious activities alone is not enough, therefore more and more companies are using EDR products in their environment. From red team perspective this gets more and more a challenge, because even if the red team has achieved a local privilege escalation, most well known EDR products are still be very annoying. In the last few months we saw a lot about bypassing EDRs, but what about possible ways to disable the main functionalities from an EDR by targeted, controlled tampering from specific key components from them? What EDR components can be a key element in Windows user space and kernel space to disable the EDR main functionalities, but without relying on an uninstall password, uninstalling the product or using the Windows security center. And how can we as red teamer not just get rid of prevention by the antivirus module from an EPP/EDR, instead we also want to get rid of detections (active alerts in the web console) by the EDR module, get rid of the telemetry footprint based on the EDR sensor, host isolation, real time response remote shells and EDR sensor recovery feature.
Return to Index - Add to
- ics Calendar file
LPV - Friday - 11:00-11:30 PDT
Title: Medeco cam lock exploit "an old attack made new again"
When: Friday, Aug 12, 11:00 - 11:30 PDT
Where: Caesars Forum - Summit 203-204, 235 (Lock Pick Village) - Map
SpeakerBio:N∅thing
No BIO available
Description:
Rethinking a 100 year old exploit. This talk will be describing and demonstrating an awesome attack on one of the most used high security locks in the country.
Return to Index - Add to
- ics Calendar file
BHV - Friday - 16:30-17:59 PDT
Title: Medical Device Hacking: A hands on introduction
When: Friday, Aug 12, 16:30 - 17:59 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map
Speakers:Malcolm Galland,Caleb Davis,Carolyn Majane,Matthew Freilich,Nathan Smith
SpeakerBio:Malcolm Galland
Malcolm Galland is a leader and mentor in Protiviti’s Embedded & Medical Device security division, where he regularly performs device security penetration testing on medical devices and across a wide range of other products. Malcolm’s deep technical expertise is clearly visible when he’s presented with the opportunity to teach members of the team and others.
SpeakerBio:Caleb Davis
Caleb Davis is also a leader in Protiviti’s Embedded & Medical Device security division, inventor/patent holder, has a background in embedded hardware/software development, and regularly performs penetration testing across a wide variety of products mainly focusing on medical devices, ATMs, chemical control systems, security systems, and other commercial products.
SpeakerBio:Carolyn Majane
Carolyn Majane is an embedded penetration tester who focuses primarily on device security assessments in the medical field and is well versed in testing up and down the technology stack from embedded hardware, firmware, through the software/applications that control devices.
SpeakerBio:Matthew Freilich
Matthew Freilich has been working in security for the past 15 years and started penetration testing with physicals, internal/external networks, and web applications - but the past seven years has focused on hardware and medical devices. He now helps organizations develop medical device and product security programs. Both speakers will also help facilitate the workshop.
SpeakerBio:Nathan Smith
Nathan Smith, has a background in embedded hardware/software development, is an inventor/patent holder, and performs device security penetration testing in various business sectors including medical devices.
Description:
A presentation about how easy hardware hacking is using a couple of over the counter medical devices to show how debug access, firmware reverse engineering, etc work in the embedded medical device pentesting world. Live demos on real products with a workshop to follow.
Return to Index - Add to
- ics Calendar file
QTV - Friday - 11:00-11:59 PDT
Title: Meet Lucy
When: Friday, Aug 12, 11:00 - 11:59 PDT
Where: Caesars Forum - Summit 217 (Quantum Village) - Map
SpeakerBio:Jamie Friel
No BIO available
Description:
Meet Lucy, an 8-Qubit quantum computer; she’s British, super cool, and looking for the best quantum algorithms to partner with.
Return to Index - Add to
- ics Calendar file
SOC - Friday - 17:00-19:59 PDT
Title: Meet the Digital Lab at Consumer Reports
When: Friday, Aug 12, 17:00 - 19:59 PDT
Where: Caesars Forum - Accord Boardroom (Demo Labs) - Map
Description:
Consumer Reports Digital Lab is a team of hackers, technologists and advocates that break the products we use every day to identify vulnerabilities that harm consumers. Come meet CR’s resident hackers and learn how you can hack alongside us. We’ll be showcasing our work in IoT, VPNs, and data rights and asking you how we can better leverage our security testing and research to provoke industry change.
Return to Index - Add to
- ics Calendar file
PLV - Friday - 19:00-19:59 PDT
Title: Meet the Feds: CISA Edition (Lounge)
When: Friday, Aug 12, 19:00 - 19:59 PDT
Where: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
SpeakerBio:CISA Staff
No BIO available
Description:
Following the fireside chat with US Cybersecurity and Infrastructure Security Agency (CISA) Director, Jen Easterly, several members of the CISA team will be on hand to provide a more in depth look at the Agency, their work, and some of the ways they're already engaging with the hacker community. This session will give hackers an opportunity to ask questions of the CISA team and provide candid feedback to them.
Return to Index - Add to
- ics Calendar file
PLV - Friday - 20:00-21:59 PDT
Title: Meet the Feds: DHS Edition (Lounge)
When: Friday, Aug 12, 20:00 - 21:59 PDT
Where: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
SpeakerBio:DHS Staff
No BIO available
Description:
Members several DHS departments will be on hand to discuss issues they address daily, as well as meet the DEF CON community. Representatives from across DHS are expected, including the Secret Service, Coast Guard, Transportaiton Safety Administration, and the Office of the Secretary.
Return to Index - Add to
- ics Calendar file
DC - Friday - 10:00-17:59 PDT
Title: Memorial Room Open
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Flamingo - Carson City II (Memorial Room) - Map
Description:
Our Memorial Room is returning this year. A bit more space and more to participate & honoring our community and friends. In FLAMINGO – Carson City 2.
Take some time to remember and honor our friends that are no longer with us. You can share your stories and adventures across the many years of DEFCON and our hacker community. If this is your first year – you are welcome to come and experience the depth of our community.
Add names of friends no longer with us to our books or create some art that you feel is right. It is all your choice. We know that being at DEFCON often brings up memories and feeling about past highlights and this is the place to come and let those thoughts, feelings, and memories flow. DEFCON is an international community, and it is your community.
Last year we were sort of set up to print photos from your phones – we have a few glitches – a ask about it when you drop by. BUT we think we are set to go!
Email the photos – with name or handle if you have it – to memorial@defconmusic.org and of course you can load them in when you are in the room. We have some really nice printers so they look good. And you can place them in the room. And we have lots of other ways to celebrate our family that is no longer with us.
Return to Index - Add to
- ics Calendar file
DC - Friday - 09:00-15:59 PDT
Title: Merch (formerly swag) Area Open -- README
When: Friday, Aug 12, 09:00 - 15:59 PDT
Where: Caesars Forum - Summit 229 (Merch) - Map
Description:
All merch sales are USD CASH ONLY. No cards will be accepted.
The published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)
Return to Index - Add to
- ics Calendar file
DL - Friday - 12:00-13:55 PDT
Title: Mercury
When: Friday, Aug 12, 12:00 - 13:55 PDT
Where: Caesars Forum - Society Boardroom (Demo Labs) - Map
Speakers:David McGrew,Brandon Enright
SpeakerBio:David McGrew
David McGrew leads research and development into the detection of threats, vulnerabilities, and attacks using network data. He designed authenticated encryption algorithms and protocols, most notably GCM and Secure RTP, and he is a Fellow at Cisco Systems.
SpeakerBio:Brandon Enright
Brandon Enright is a lead DIFR investigator for Cisco CSIRT, an expert at DNS and network data analysis, and a contributor to Nmap and other open source projects.
Description:
Mercury is an open source package for network metadata extraction and analysis. It reports session metadata including fingerprint strings for TLS, QUIC, HTTP, DNS, and many other protocols. Mercury can output JSON or PCAP. Designed for large scale use, it can process packets in real time at 40Gbps on server-class commodity hardware, using Linux native zero-copy high performance networking. The Mercury package includes tools for analyzing PKIX/X.509 certificates and finding weak keys, and for analyzing fingerprints with destination context using a naive Bayes classifier.
Audience: Network defense, incident response, forensics, security and privacy research
Return to Index - Add to
- ics Calendar file
RHV - Friday - 15:00-15:59 PDT
Title: Mitigating vulnerabilities in two-factor authentication in preventing account takeover
When: Friday, Aug 12, 15:00 - 15:59 PDT
Where: Caesars Forum - Alliance 310, 320 (Retail Hacking Village) - Map
SpeakerBio:Larsbodian
Larsbodian is an industrial PhD student at the Department of Computer and Systems Sciences at Stockholm University in Sweden researching IoT security integration within Enterprise Architecture.
Description:
Working in banking, merchant services providers such as Klarna, and conducting forensic investigations, there are some important considerations about how to implement 2FA that is resilient to the human factor. Larsbodian will discuss actual experiences in fraud and account takeover and how vulnerabilities in how 2FA works when combined with humans can be mitigated.
Return to Index - Add to
- ics Calendar file
SOC - Friday - 20:00-23:59 PDT
Title: Movie Night Double Feature - Arrival & Real Genius
When: Friday, Aug 12, 20:00 - 23:59 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
Description:
Chills! Thrills! A quiet place to sit down! 2 Movies for the price of none!
Arrival - A linguist works with the military to communicate with alien lifeforms after mysterious spacecraft appear around the world.
Real Genius - Yet another in a long series of diversions in an attempt to avoid responsibility.
Return to Index - Add to
- ics Calendar file
HHV - Friday - 14:00-14:45 PDT
Title: Movie-Style Hardware Hacking
When: Friday, Aug 12, 14:00 - 14:45 PDT
Where: Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village) - Map
SpeakerBio:Bryan C. Geraghty
Bryan leads and executes highly technical software and hardware assessments. He specializes in cryptography, reverse engineering, and analyzing complex threat models.
Description:
We all have hardware devices sitting around: In server rooms or your IoT devices at home. What are these things actually doing? It would be really handy to have root access on them to aid us in future adventures.
Or maybe you want to perma-root the device and re-sell it to some unsuspecting victim. Or maybe you want to know if you’re the unsuspecting victim. Who am I to judge?
What does it take to cause these devices to fail? Can we get them to fail open?
I’m going to tell a story about circuit-shorting attacks, how to build a hardware circuit to perform this attack with a computer, and give you the instructions and code to build one yourself… with a device you may already have :)
Return to Index - Add to
- ics Calendar file
PLV - Friday - 16:00-17:45 PDT
Title: Moving Regulation Upstream - An Increasing focus on the Role of Digital Service Providers
When: Friday, Aug 12, 16:00 - 17:45 PDT
Where: Caesars Forum - Summit 226-227 - Policy Roundtable - Map
Speakers:Jen Ellis,Adam Dobell,Irfan Hemani
SpeakerBio:Jen Ellis
, Vice President of Community and Public Affairs
No BIO available
SpeakerBio:Adam Dobell
, First Secretary, Department of Home Affairs, Embassy of Australia
No BIO available
SpeakerBio:Irfan Hemani
, Deputy Director - Cyber Security, Cyber Security and Digital Identity Directorate, UK Department for Digital, Culture, Media and Sport
No BIO available
Description:
Cybercriminals are no longer focusing all their efforts on the biggest fish, which means organizations below the security poverty line - who often struggle with achieving adequate cyber resilience - are increasingly being hit. At the same time, we've seen an increase in supply chain attacks, which makes sense as more and more of the tech ecosystem is moving to cloud or managed service provider models. Various governments are paying attention to these shifts and are considering how regulating digital service providers may advance security more broadly, while also alleviating the burden on small to medium businesses. This session will be led by one or two governments working on this issue and will include an open discussion on the challenges and opportunities of this approach.
Return to Index - Add to
- ics Calendar file
MIV - Friday - 14:30-15:59 PDT
Title: Multi-Stakeholder Online Harm Threat Analysis
When: Friday, Aug 12, 14:30 - 15:59 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
SpeakerBio:Jennifer Mathieu
Jennifer Mathieu, PhD, is Chief Technology Officer at Graphika. She brings extensive experience building robust, integrated, cloud-based solutions to the company, enabling customers to tackle the threat of disinformation. Jennifer is responsible for guiding the company’s technology vision, continuing the evolution of Graphika’s patented technology, strengthening its core products, and building out the company’s team of expert engineers and architects.
Description:
Drawing on extensive experience working with industry leaders and public bodies to defend the democratic process in countries around the world, Graphika will provide a detailed breakdown of the online threats and challenges we expect to encounter in our election integrity work this year. The presentation will include an overview of the current online landscape, an illustrated breakdown of key threats we have identified so far, and suggested mitigation measures that can be employed by election defenders.
Return to Index - Add to
- ics Calendar file
PHV - Friday - 10:00-17:59 PDT
Title: NetworkOS Workshop
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map
Description:
The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste.
Return to Index - Add to
- ics Calendar file
DDV - Friday - 15:00-15:59 PDT
Title: No bricks without clay - Data Fusion and Duplication in Cybersecurity
When: Friday, Aug 12, 15:00 - 15:59 PDT
Where: Flamingo - Exec Conf Ctr - Lake Meade and Valley of Fire (Data Duplication Village) - Map
SpeakerBio:Lior Kolnik
Lior Kolnik is a Security Research Leader with a passion for defending organizations and solving complex problems. During his 13 years in cybersecurity Lior has collaborated with security teams at Fortune 50 companies, completed a 7-year service in an elite tech unit of the Israeli IDF and earned his M.Sc. in CyberSecurity.
Description:
"How do Cybersecurity professionals decide if they are looking at a false alarm or a breach in progress? The answer is data. Securing an organization is all about data - collecting, storing, analyzing. Where is all this data coming from? How is it being used and when? What are the causes of data duplication throughout this practice and when is it necessary?
In this talk we will discuss these subjects in detail, review different models and their strengths and weaknesses."
Return to Index - Add to
- ics Calendar file
RCV - Friday - 12:00-12:45 PDT
Title: Not All Who Wander Are Lost: Using OSINT for a Fulfilling Travel Experience
When: Friday, Aug 12, 12:00 - 12:45 PDT
Where: LINQ - 3rd flr - Social B and C (Recon Village) - Map
SpeakerBio:Tracy Z. Maleeff
Tracy Z. Maleeff, aka @InfoSecSherpa, is a Security Researcher with the Krebs Stamos Group. She previously held the roles of Information Security Analyst at The New York Times Company and a Cyber Analyst for GlaxoSmithKline. Prior to joining the Information Security field, Tracy worked as a librarian in academic, corporate, and law firm libraries. She holds a Master of Library and Information Science degree from the University of Pittsburgh in addition to undergraduate degrees from both Temple University (magna cum laude) and the Pennsylvania State University. While a member of the Special Libraries Association, Tracy received the Dow Jones Innovate Award, the Wolters Kluwer Law & Business Innovations in Law Librarianship award and was named a Fellow. Tracy has been featured in the Tribe of Hackers: Cybersecurity Advice and Tribe of Hackers: Leadership books. She also received the Women in Security Leadership Award from the Information Systems Security Association. Tracy publishes a daily Information Security & Privacy newsletter and maintains an Open-Source Intelligence research blog at infosecsherpa.medium.com. She is a native of the Philadelphia area.
Twitter: @InfoSecSherpa
Description:
Whether you like to stay at home and virtually travel by way of computer or you like to get out and experience things first-hand, this talk will highlight how using OSINT resources and techniques can optimize your trip enjoyment. The presenter’s first career was as a travel agent in addition to having a lifelong case of wanderlust. Through the utilization of anecdotes and research skills, this presentation will provide you with resources and tips for the planning, booking, and enjoying a trip – with special attention paid to the privacy and security aspects of travel. No passport required, just your interest in learning!
Return to Index - Add to
- ics Calendar file
BTV - Friday - 14:00-14:59 PDT
Title: Obsidian CTH Live: Killchain 1 Walkthrough
When: Friday, Aug 12, 14:00 - 14:59 PDT
Where: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
Description:
Come take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment?
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Come take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment?
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Return to Index - Add to
- ics Calendar file
BTV - Friday - 10:30-11:30 PDT
Title: Obsidian CTH: Go Phish: Visualizing Basic Malice
When: Friday, Aug 12, 10:30 - 11:30 PDT
Where: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person) - Map
SpeakerBio:SamunoskeX
No BIO available
Description:
Come take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment? We will take a journey as if we are a new member of the Magnum Tempus Financial Security Team and proceed through a Threat Hunt through the eyes of a newbie in the field of Threat Hunting.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Come take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment? We will take a journey as if we are a new member of the Magnum Tempus Financial Security Team and proceed through a Threat Hunt through the eyes of a newbie in the field of Threat Hunting.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience.
Return to Index - Add to
- ics Calendar file
BTV - Friday - 13:00-13:59 PDT
Title: Obsidian CTH: Hunting for Adversary's Schedule
When: Friday, Aug 12, 13:00 - 13:59 PDT
Where: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person) - Map
SpeakerBio:Cyb3rHawk
No BIO available
Description:
Once an adversary gained a foothold, they typically would like to keep their access. Here, I'm using the term ""access"" loosely where it could be many things like C2 beacon, script, binary, security source providers, shortcuts, and so on. This is called Persistence and in MITRE speak ""TA0003"" [3]. We take a look at one such persistence method, Scheduled Task. Scheduled tasks are one of the most commonly used persistence techniques in adversary intrusions and for a good reason. It provides flexibility to be created on local and remote machines and provides several ways to be created (from GUI to Net32API), along with the ability to combine/achieve tactics like Execution and Privilege Escalation. We start with the basics of scheduled tasks, and why and when an adversary would like to use them. Then we jump into the hell of threat hunting to see some ways to create a hypothesis and investigate the result set. In the end, we take a stab at detection engineering concepts surrounding the creation/revision of detections/analytics from queries/results we got from hunting this technique.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Once an adversary gained a foothold, they typically would like to keep their access and establish persistence. Scheduled tasks are one of the most commonly used persistence techniques in adversary intrusions and for a good reason. In this session we take a look at Scheduled Tasks. We start with the basics, and then learn how to create a hypothesis to conduct a threat hunt. In the end, we'll take a stab at detection engineering concepts surrounding the creation/revision of detections/analytics from telemetry we obtain from hunting this technique.
Project Obsidian is an immersive, defensive cybersecurity learning experience.
Return to Index - Add to
- ics Calendar file
BTV - Friday - 11:30-12:30 PDT
Title: Obsidian CTI: Generating Threat Intelligence from an Incident
When: Friday, Aug 12, 11:30 - 12:30 PDT
Where: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person) - Map
Speakers:ttheveii0x,Stephanie G.,l00sid
SpeakerBio:ttheveii0x
Mentor, Hacker, Cyber Threat Intelligence, Reverse Engineering Malware, OSINT, 70757a7a6c6573, Blue Team Village Director, Consultant
SpeakerBio:Stephanie G.
Stephanie is a security software engineer in the product security space. She is a volunteer on BTV's CTI team for Project Obsidian at DEF CON 30.
SpeakerBio:l00sid
l00sid just started a career as a blue teamer. He loves the kinds of puzzles he gets to solve in the process of stopping attackers.
Description:
This module covers:
- Direction & Planning: Overview of CTI stakeholders and intelligence requirements
- Collection: CTI analysts role during an incident
- Processing: Intrusion data & information
- Analysis & Production: Elements to include in a report
- Dissemination: Sharing the report with stakeholders
- Feedback & Evaluation: Methods for receiving feedback
The objective is to demonstrate the critical role CTI plays both during and after an incident.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
This session presents an overview of how threat intelligence can be generated from an incident and shared with various stakeholders. We'll run through an incident and demonstrate how the CTI team plays a critical role by performing research and providing insights based on stakeholder requirements.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Return to Index - Add to
- ics Calendar file
BTV - Friday - 10:30-11:30 PDT
Title: Obsidian Forensics: Kill Chain 1 Endpoint Forensics Walkthrough
When: Friday, Aug 12, 10:30 - 11:30 PDT
Where: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
SpeakerBio:Omenscan
Obsidian Forensics Lead
Description:
Obsidian Forensics Station: In this pre-recorded presentation we will walk through the artifacts and analysis of the Obsidian Kill Chain 1 using forensics artifacts found on the affected Endpoints.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Obsidian Forensics Station: Kill Chain 1 Endpoint Forensics Walkthrough
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Return to Index - Add to
- ics Calendar file
BTV - Friday - 13:00-13:59 PDT
Title: Obsidian Forensics: KillChain1 - Adventures in Splunk and Security Onion
When: Friday, Aug 12, 13:00 - 13:59 PDT
Where: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
Speakers:Wes Lambert,ExtremePaperClip,Omenscan
SpeakerBio:Wes Lambert
No BIO available
SpeakerBio:ExtremePaperClip
Digital Forensics Nerd, Linux Geek, InfoSec Dork, Lifelong Student of Everything, Amateur History Buff... Loads of Fun.
SpeakerBio:Omenscan
Obsidian Forensics Lead
Description:
A Live Forensics Walkthrough of Obsidian Kill Chain 1 (KC1) forensics analysis using Splunk and Security Onion
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
A Live Forensics Walkthrough of Obsidian Kill Chain 1 (KC1) forensics analysis using Splunk and Security Onion
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Return to Index - Add to
- ics Calendar file
BTV - Friday - 14:00-14:59 PDT
Title: Obsidian Forensics: The Importance of Sysmon for Investigations
When: Friday, Aug 12, 14:00 - 14:59 PDT
Where: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
SpeakerBio:ExtremePaperClip
Digital Forensics Nerd, Linux Geek, InfoSec Dork, Lifelong Student of Everything, Amateur History Buff... Loads of Fun.
Description:
Video presentation outlining the benefits of Sysmon for investigations.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
In this video we will discuss Sysmon -- what it is, how to get it, the configuration file, the events it logs, and why it's so valuable to forensic investigations.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Return to Index - Add to
- ics Calendar file
BTV - Friday - 10:30-11:30 PDT
Title: Obsidian Live: Eating the Elephant 1 byte at a Time
When: Friday, Aug 12, 10:30 - 11:30 PDT
Where: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
Speakers:aviditas,ChocolateCoat
SpeakerBio:aviditas
No BIO available
SpeakerBio:ChocolateCoat
No BIO available
Description:
Incident Response: This is a live walkthrough of a real world incident focused on the first half of incident response. We will be breaking down scoping, triage, and communication aspects of incident handling into digestible and actionable recommendations.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Incident Response: This is a live walkthrough of a real world incident focused on the first half of incident response. We will be breaking down scoping, triage, and communication aspects of incident handling into digestible and actionable recommendations.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Return to Index - Add to
- ics Calendar file
BTV - Friday - 14:00-14:59 PDT
Title: Obsidian REM: Long Walks On The Beach: Analyzing Collected PowerShells
When: Friday, Aug 12, 14:00 - 14:59 PDT
Where: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person) - Map
SpeakerBio:Alison N
No BIO available
Description:
A quick introduction to malware analysis, Powershell script analysis, and how to not panic when VirusTotal shrugs.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
So you just got a bunch of Powershell scripts dumped on you. What now?
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Return to Index - Add to
- ics Calendar file
BTV - Friday - 11:30-12:30 PDT
Title: Obsidian: IR - It all starts here, scoping the incident
When: Friday, Aug 12, 11:30 - 12:30 PDT
Where: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
SpeakerBio:ChocolateCoat
No BIO available
Description:
Scoping and Triage
You can't analyze what you don't know, learn to prepare yourself for any investigation no matter the subject.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
You can't analyze what you don't know, learn to prepare yourself for any investigation no matter the subject.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Return to Index - Add to
- ics Calendar file
BTV - Friday - 13:00-13:59 PDT
Title: Obsidian: IR - Mise En Place for Investigations
When: Friday, Aug 12, 13:00 - 13:59 PDT
Where: Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person) - Map
Speakers:ChocolateCoat,aviditas,CountZ3r0
SpeakerBio:ChocolateCoat
No BIO available
SpeakerBio:aviditas
No BIO available
SpeakerBio:CountZ3r0
Stuff goes here.
Description:
Project Obsidian Incident Response station will walk through how to capture the necessary information as you are actively working an incident without slowing down on tickets, notes, timeline recording, and status updates. Plus tips based on years of IR experience on what NOT to do; spend less time writing and more time doing.
This session is based on Kill Chain 1 data set and will show you how to prep and work an incident with a focus on communication and efficiency in all aspects.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
If you don't document it, it didn't happen. A real world approach to IR communication.
Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).
Return to Index - Add to
- ics Calendar file
CON - Friday - 12:00-09:59 PDT
Title: Octopus Game - Individual Phase
When: Friday, Aug 12, 12:00 - 09:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
Are you the next Octopus Champion? Find out at DEF CON 30! Enter here: https://www.mirolabs.info/octopusgame
Once entered, contestants are provided a random opponent. Locate your opponent and challenge them to a contest: rock-paper-scissors, Ddakji, staring contest, etc. Winners receive their opponents’ targets and the game continues until we reach the top 4. The Octopus Champion is then decided at a special tournament with events designed by the Octopus Master.
Phases:
Recruitment/Registration: until Friday Aug 12 10:00
Mandatory On-site Sign-in: Friday Aug 12 10:00 - 12:00
Individual Phase: Friday Aug 12 12:00 - Sunday Aug 14 10:00
Final 8 Phase: Sunday Aug 14 10:00 - 11:00
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-11:59 PDT
Title: Octopus Game - On-site Sign-in (Mandatory)
When: Friday, Aug 12, 10:00 - 11:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
Are you the next Octopus Champion? Find out at DEF CON 30! Enter here: https://www.mirolabs.info/octopusgame
Once entered, contestants are provided a random opponent. Locate your opponent and challenge them to a contest: rock-paper-scissors, Ddakji, staring contest, etc. Winners receive their opponents’ targets and the game continues until we reach the top 4. The Octopus Champion is then decided at a special tournament with events designed by the Octopus Master.
Phases:
Recruitment/Registration: until Friday Aug 12 10:00
Mandatory On-site Sign-in: Friday Aug 12 10:00 - 12:00
Individual Phase: Friday Aug 12 12:00 - Sunday Aug 14 10:00
Final 8 Phase: Sunday Aug 14 10:00 - 11:00
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 10:00-10:59 PDT
Title: Ohm, how do I get into ICS?
When: Friday, Aug 12, 10:00 - 10:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map
Speakers:Dennis Skarr,Josephine Hollandbeck,Christine Reid,Erin Cornelius,Kairie Pierce
SpeakerBio:Dennis Skarr
, Information Technology Instructor
Dennis Skarr is tenured faculty at Everett Community College (EvCC) where he teaches Information Technology. Dennis enjoys creating classes for his students which include tabletop and capstone exercises replicating real world experiences in cybersecurity, misinformation, and ethical hacking. His teaching endeavors resulted in receiving the 2019 Exceptional Faculty Award from EvCC. Dennis is currently building an Industrial Cybersecurity Program for EvCC that includes classes, workshops, and Capture the Flag competitions.
SpeakerBio:Josephine Hollandbeck
Josephine Hollandbeck recently graduated with honors from Whatcom Community College (WCC) with a Bachelor’s of Applied Science in Cybersecurity and IT Networking and also served as President of WCC’s WiCys club. Currently, she is pursuing additional education and certifications for Industrial Controls Security and Automation while working on near completion of a five-year Inside Wireman Electrician program with International Brotherhood of Electrical Workers (IBEW). Josephine is pursuing career opportunities in industrial cybersecurity.
SpeakerBio:Christine Reid
Christine Reid is the Political Director for International Brotherhood of Electrical Workers (IBEW) 77 and a proud member of the since 2006. For 16 years she worked within a local private utility that provides both natural gas and electric to their customers. As the Political Director she is working toward state recognized registered apprenticeships into cybersecurity, in support of and protection of our critical infrastructure, utilities, members and customers.
SpeakerBio:Erin Cornelius
Erin Cornelius is a senior security researcher with GRIMM's Cyber Physical Security team. She helped develop and teach GRIMM’s Automotive Security training and has given talks on the topic of automotive and aerospace security. Before joining GRIMM and officially becoming a cybersecurity researcher Erin spent over 15 years developing, integrating, and testing safety critical systems for a variety of fields including telecom, aerospace, and medical. My twitter handle is @e_er1in
SpeakerBio:Kairie Pierce
Kairie Pierce is the Lead Workforce Development Director for the Washington State Labor Council (WSLC), AFL-CIO. Kairie has worked with all of the community and technical colleges in the Washington State area recruiting labor members to serve on the CTC advisory committees. She is currently a board member of Washington State Workforce and Training Board. Her current position blends all of her working passions of registered apprenticeship and workforce education.
Description:
The industrial cybersecurity workforce continues to have a significant shortage of professionals within the OT and IT work centers. Traditionally, training pipelines within the utilities sectors tend to focus on bringing outside trained cybersecurity professionals into very specific and specialized work classifications. For example gas and electric employees have years of experience and thousands of hours both on the job and in the field having worked directly with, and seeing first-hand system mechanics and vulnerabilities. A utility apprenticeship provides an established and tested platform on which to build experience towards a cybersecurity role, benefitting the existing employee, employer and customer protections. A strong argument can be made for utilizing FTE’s who have the unique industry knowledge and perspective as subject matter experts. Doing so would provide these employees the additional tools to take their highly skilled existing apprenticeship (relay tech) and enhance their effectiveness by adding the much needed additional skills of a registered cyber security pathway. This panel will discuss how the apprenticeship process is very unique, share lessons learned, and how this program could be replicated.
Return to Index - Add to
- ics Calendar file
DC - Friday - 10:00-10:45 PDT
Title: Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters
When: Friday, Aug 12, 10:00 - 10:45 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
SpeakerBio:Cesare Pizzi
, Hacker
Cesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast at Sorint.lab.
He develops software and hardware, and tries to share this with the community. Mainly focused on low level programming, he develops and contributes to OpenSource software (Volatility, OpenCanary, Cetus, etc), sometimes hardware related (to interface some real world devices) sometimes not. Doing a lot of reverse engineering too, so he feels confident in both "breaking" and "building" (may be more on breaking?).
Twitter: @red5heep
Description:
Why looking into a 30 years old "malicious" software make sense in 2022? Because this little "jewels", written in a bunch of bytes, reached a level of complexity surprisingly high. With no other reason than pranking people or show off technical knowledge, this software show how much you can do with very limited resources: this is inspiring for us, looking at modern malicious software, looking at how things are done and how the same things could have been done instead.
Return to Index - Add to
- ics Calendar file
CPV - Friday - 16:00-16:45 PDT
Title: Once More Unto the Breach: Federal Regulators' Response to Privacy Breaches and Consumer Harms
When: Friday, Aug 12, 16:00 - 16:45 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
Speakers:Alexis Goldstein,Erie Meyer
SpeakerBio:Alexis Goldstein
No BIO available
SpeakerBio:Erie Meyer
Erie Meyer is the Chief Technologist at the Consumer Financial Protection Bureau (CFPB). Most recently, she served as Senior Advisor to Chair Khan for Policy Planning and Chief Technologist for the Federal Trade Commission, and as then-Commissioner Chopra’s Technology Advisor. Before serving at the FTC, she launched the U.S. Digital Service in the White House. Ms. Meyer has also served as Senior Director for Code for America and Senior Advisor to the White House’s Chief Technology Officer. Ms. Meyer is co-founder of Tech Ladymafia, and she is a recipient of the Harvard Kennedy School’s Joan Shorenstein Fellowship during which she researched the intersection of open data, journalism, and civic life. Ms. Meyer is a contributor to open source software and received her B.A. in journalism from American University.
Description:
When consumers’ data is pwned, what are the legal and regulatory tools available? Consumer harms result not only from explicit privacy violations, but also from inadequate data security. We will walk through several relevant laws and regulations, as well as past cases where firms were held accountable. We will also examine past remedies that tackled the harms and attempted to prevent them going forward.
Return to Index - Add to
- ics Calendar file
DC - Friday - 12:00-12:45 PDT
Title: One Bootloader to Load Them All
When: Friday, Aug 12, 12:00 - 12:45 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
Speakers:Jesse Michael,Mickey Shkatov
SpeakerBio:Jesse Michael
, Hacker
Jesse Michael - Jesse is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.
Twitter: @JesseMichael
SpeakerBio:Mickey Shkatov
, Hacker
Mickey has been doing security research for almost a decade, one of specialties is simplifying complex concepts and finding security flaws in unlikely places. He has seen some crazy things and lived to tell about them at security conferences all over the world, his past talks range from web pentesting to black badges and from hacking cars to BIOS firmware.
Twitter: @HackingThings
Description:
Introduced in 2012, Secure Boot - the OG trust in boot - has become a foundational rock in modern computing and is used by millions of UEFI-enabled computers around the world due to its integration in their BIOS.
The way Secure Boot works is simple and effective, by using tightly controlled code signing certificates, OEMs like Microsoft, Lenovo, Dell and others secure their boot process, blocking unsigned code from running during boot.
But this model puts its trust in developers developing code without vulnerabilities or backdoors; in this presentation we will discuss past and current flaws in valid bootloaders, including some which misuse built-in features to inadvertently bypass Secure Boot. We will also discuss how in some cases malicious executables can hide from TPM measurements used by BitLocker and remote attestation mechanisms.
Come join us as we dive deeper and explain how it all works, describe the vulnerabilities we found and walk you through how to use the new exploits and custom tools we created to allow for a consistent bypass for secure boot effective against every X86-64 UEFI platform.
Return to Index - Add to
- ics Calendar file
DC - Friday - 10:30-11:15 PDT
Title: OopsSec -The bad, the worst and the ugly of APT’s operations security
When: Friday, Aug 12, 10:30 - 11:15 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
SpeakerBio:Tomer Bar
, Director of Security Research at SafeBreach
Tomer Bar is a hands-on security researcher with ~20 years of unique experience in cyber security. In the past, he ran research groups for the Israeli government and then led the endpoint malware research for Palo Alto Networks. Currently, he leads the SafeBreach Labs as the director of security research.
His main interests are Windows vulnerability research, reverse engineering, and APT research.
His recent discoveries are the PrintDemon vulnerabilities in the Windows Spooler mechanism which were a candidate in the best privilege escalation of 2021 Pwnie awards and several research studies on Iranian APT campaigns.
He is a contributor to the MITRE ATT&CK® framework.
He presented his research at BlackHat 2020, Defcon 2020, 2021, and Sector 2020 conferences.
Description:
Advanced Persistent Threat groups invest in developing their arsenal of exploits and malware to stay below the radar and persist on the target machines for as long as possible. We were curious if the same efforts are invested in the operation security of these campaigns.
We started a journey researching active campaigns from the Middle East to the Far East including the Palestinian Authority, Turkey, and Iran, Russia, China, and North Korea. These campaigns were both state-sponsored, surveillance-targeted attacks and large-scale financially-motivated attacks.
We analyzed every technology used throughout the attack chain: Windows (Go-lang/.Net/Delphi) and Android malware; both on Windows and Linux-based C2 servers.
We found unbelievable mistakes which allow us to discover new advanced TTPs used by attackers, for example: bypassing iCloud two-factor authentication' and crypto wallet and NFT stealing methods. We were able to join the attackers' internal groups, view their chats, bank accounts and crypto wallets. In some cases, we were able to take down the entire campaign.
We will present our latest breakthroughs from our seven-year mind-game against the sophisticated Infy threat actor who successfully ran a 15-year active campaign using the most secured opSec attack chain we've encountered. We will explain how they improved their opSec over the years and how we recently managed to monitor their activity and could even cause a large-scale misinformation counterattack.
We will conclude by explaining how organizations can better defend themselves.
Return to Index - Add to
- ics Calendar file
CPV - Friday - 11:30-11:59 PDT
Title: OPAQUE is Not Magic
When: Friday, Aug 12, 11:30 - 11:59 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
SpeakerBio:Steve Thomas
Steve Thomas, aka Sc00bz, is a cryptography enthusiast and specializes on the defensive side of passwords. His current focus is in PAKEs and key stretching for aPAKEs. He was on the Password Hashing Competition's panel that ultimately picked Argon2. He was break two of the submissions with one being fixable. "I do stuff... sometimes."
Description:
Dispelling myths about OPAQUE. What OPAQUE is and more importantly what it is not. The RFC for OPAQUE is not finalized and people are already implementing it and running into its footgun. Are there better and/or faster PAKEs? The types of PAKEs (balanced, augmented, double augmented, and identity) and what they are used for. PAKEs are just AKEs (authenticated key exchanges) with something hidden with a password. The properties of PAKEs: forward secrecy, fragile, quantum annoying, prevent precomputation, secure registration, and number of trips.
Return to Index - Add to
- ics Calendar file
VMV - Friday - 16:00-16:30 PDT
Title: Open Source Zero Trust Security using Ory Keto
When: Friday, Aug 12, 16:00 - 16:30 PDT
Where: Caesars Forum - Alliance 313-314, 320 (Voting Village) - Map
SpeakerBio:Patrik Neu
Patrik studied computer science at TU Munich, focusing on IT Security, formal languages, and distributed systems. During his studies, he started to work on open source cloud security software. In 2020 he rewrote Ory Keto to be the first open source implementation of Google Zanzibar, Google's internal authorization server. Since then, he maintains and develops Keto as a cutting-edge technology to provide fast and flexible authentication at scale. Fluent in go, Typescript, English, German, and Czech he not only likes to code in his dark corner, but also loves the openness and teaching nature of open source software development.
Description:
Local laws around voting vary widely. Building secure authorization that implements all of them is challenging. Future voting systems built on tested open source components will reduce the attack surface and improve trust in the system. In this session, we will first examine various authorization challenges that arise in voting contexts. As a possible solution, we will discuss the usage of a highly flexible open source authorization system based on Ory’s open source efforts to implement Google Zanzibar, and how an implementation within a voting system would work.
Return to Index - Add to
- ics Calendar file
AIV - Friday - 10:00-10:30 PDT
Title: Opening Remarks on the State of AI & Security
When: Friday, Aug 12, 10:00 - 10:30 PDT
Where: Caesars Forum - Summit 220->236 (AI Village) - Map
Speakers:Brian Pendleton,Sven Cattell
SpeakerBio:Brian Pendleton
No BIO available
Twitter: @yaganub
SpeakerBio:Sven Cattell
No BIO available
Twitter: @comathematician
Description:No Description available
Return to Index - Add to
- ics Calendar file
RTV - Friday - 14:00-14:59 PDT
Title: OSINT Skills Lab Challenge
When: Friday, Aug 12, 14:00 - 14:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
Speakers:Lee McWhorter,Sandra Stibbards
SpeakerBio:Lee McWhorter
Lee McWhorter, CTO at Covered 6, has been involved in IT since its early days and has over 30 years of experience. He is a highly sought-after professional who first learned about identifying weaknesses in computer networks, systems, and software when Internet access was achieved using just a modem. McWhorter currently holds an MBA and over 20 industry certifications (including all of CompTIA’s) in such areas as IT, system admin, networking, programming, Linux, IoT, and cybersecurity. His roles have ranged from the server room to the board room, and he has taught for numerous universities, colleges, commercial trainers, and non-profits. McWhorter works closely with the DEFCON Red Team Village, Dark Arts Village, CompTIA, and the CompTIA Instructor Network (he is a Board Member) as a Speaker, SME, and Instructor.
Twitter: @tleemcjr
SpeakerBio:Sandra Stibbards
Sandra Stibbards opened her investigation agency, Camelot Investigations, in 1996. Currently, she maintains a private investigator license in the state of California. Stibbards specializes in financial fraud investigations, competitive intelligence, counterintelligence, business and corporate espionage, physical penetration tests, online vulnerability assessments, brand protection/IP investigations, corporate due diligence, and Internet investigations. Stibbards has conducted investigations internationally in five continents. Stibbards clients include several Fortune 500 and international companies. Stibbards has been providing training seminars and presentations on Open Source Intelligence (OSINT) internationally since 2010 to federal governments and corporations.
Twitter: @camelotinv
Description:No Description available
Return to Index - Add to
- ics Calendar file
RTV - Friday - 13:00-13:59 PDT
Title: OSINT Skills Lab Challenge
When: Friday, Aug 12, 13:00 - 13:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
Speakers:Lee McWhorter,Sandra Stibbards
SpeakerBio:Lee McWhorter
Lee McWhorter, CTO at Covered 6, has been involved in IT since its early days and has over 30 years of experience. He is a highly sought-after professional who first learned about identifying weaknesses in computer networks, systems, and software when Internet access was achieved using just a modem. McWhorter currently holds an MBA and over 20 industry certifications (including all of CompTIA’s) in such areas as IT, system admin, networking, programming, Linux, IoT, and cybersecurity. His roles have ranged from the server room to the board room, and he has taught for numerous universities, colleges, commercial trainers, and non-profits. McWhorter works closely with the DEFCON Red Team Village, Dark Arts Village, CompTIA, and the CompTIA Instructor Network (he is a Board Member) as a Speaker, SME, and Instructor.
Twitter: @tleemcjr
SpeakerBio:Sandra Stibbards
Sandra Stibbards opened her investigation agency, Camelot Investigations, in 1996. Currently, she maintains a private investigator license in the state of California. Stibbards specializes in financial fraud investigations, competitive intelligence, counterintelligence, business and corporate espionage, physical penetration tests, online vulnerability assessments, brand protection/IP investigations, corporate due diligence, and Internet investigations. Stibbards has conducted investigations internationally in five continents. Stibbards clients include several Fortune 500 and international companies. Stibbards has been providing training seminars and presentations on Open Source Intelligence (OSINT) internationally since 2010 to federal governments and corporations.
Twitter: @camelotinv
Description:No Description available
Return to Index - Add to
- ics Calendar file
RTV - Friday - 16:00-16:59 PDT
Title: OSINT Skills Lab Challenge
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
Speakers:Lee McWhorter,Sandra Stibbards
SpeakerBio:Lee McWhorter
Lee McWhorter, CTO at Covered 6, has been involved in IT since its early days and has over 30 years of experience. He is a highly sought-after professional who first learned about identifying weaknesses in computer networks, systems, and software when Internet access was achieved using just a modem. McWhorter currently holds an MBA and over 20 industry certifications (including all of CompTIA’s) in such areas as IT, system admin, networking, programming, Linux, IoT, and cybersecurity. His roles have ranged from the server room to the board room, and he has taught for numerous universities, colleges, commercial trainers, and non-profits. McWhorter works closely with the DEFCON Red Team Village, Dark Arts Village, CompTIA, and the CompTIA Instructor Network (he is a Board Member) as a Speaker, SME, and Instructor.
Twitter: @tleemcjr
SpeakerBio:Sandra Stibbards
Sandra Stibbards opened her investigation agency, Camelot Investigations, in 1996. Currently, she maintains a private investigator license in the state of California. Stibbards specializes in financial fraud investigations, competitive intelligence, counterintelligence, business and corporate espionage, physical penetration tests, online vulnerability assessments, brand protection/IP investigations, corporate due diligence, and Internet investigations. Stibbards has conducted investigations internationally in five continents. Stibbards clients include several Fortune 500 and international companies. Stibbards has been providing training seminars and presentations on Open Source Intelligence (OSINT) internationally since 2010 to federal governments and corporations.
Twitter: @camelotinv
Description:No Description available
Return to Index - Add to
- ics Calendar file
RTV - Friday - 15:00-15:59 PDT
Title: OSINT Skills Lab Challenge
When: Friday, Aug 12, 15:00 - 15:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
Speakers:Lee McWhorter,Sandra Stibbards
SpeakerBio:Lee McWhorter
Lee McWhorter, CTO at Covered 6, has been involved in IT since its early days and has over 30 years of experience. He is a highly sought-after professional who first learned about identifying weaknesses in computer networks, systems, and software when Internet access was achieved using just a modem. McWhorter currently holds an MBA and over 20 industry certifications (including all of CompTIA’s) in such areas as IT, system admin, networking, programming, Linux, IoT, and cybersecurity. His roles have ranged from the server room to the board room, and he has taught for numerous universities, colleges, commercial trainers, and non-profits. McWhorter works closely with the DEFCON Red Team Village, Dark Arts Village, CompTIA, and the CompTIA Instructor Network (he is a Board Member) as a Speaker, SME, and Instructor.
Twitter: @tleemcjr
SpeakerBio:Sandra Stibbards
Sandra Stibbards opened her investigation agency, Camelot Investigations, in 1996. Currently, she maintains a private investigator license in the state of California. Stibbards specializes in financial fraud investigations, competitive intelligence, counterintelligence, business and corporate espionage, physical penetration tests, online vulnerability assessments, brand protection/IP investigations, corporate due diligence, and Internet investigations. Stibbards has conducted investigations internationally in five continents. Stibbards clients include several Fortune 500 and international companies. Stibbards has been providing training seminars and presentations on Open Source Intelligence (OSINT) internationally since 2010 to federal governments and corporations.
Twitter: @camelotinv
Description:No Description available
Return to Index - Add to
- ics Calendar file
CPV - Friday - 16:45-17:30 PDT
Title: Owned or pwned? No peekin' or tweakin'!
When: Friday, Aug 12, 16:45 - 17:30 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
Speakers:Nick Vidal,Richard Zak
SpeakerBio:Nick Vidal
Nick Vidal is the Community Manager of Profian and the Enarx project, which is part of the Confidential Computing Consortium from the Linux Foundation. Previously, he was the Director of Community and Business Development at the Open Source Initiative, Director of Americas at the Open Invention Network, and one of the community leaders of the Drupal project in Latin America
SpeakerBio:Richard Zak
After a decade of malware and machine learning research, and publishing several papers, Richard decided to switch gears and work on Enarx and Confidential Computing. He is also a part-time computer science instructor at a university. Outside of work, he enjoys working on open source projects, playing video games, and tinkering with various technologies. Website: https://rjzak.github.io/
Description:
The Cloud is just somebody else's computer. So when you run a workload on a cloud host, anyone who owns (or pwns) that system can peak or tweak the data or even the application itself. You have no confidentiality or integrity protection from your Cloud Service Provider, rogue sysadmins, or just anyone who compromises their machines.
But being pwned does not necessarily mean it’s endgame. Confidential Computing uses hardware-based Trusted Execution Environments to provide confidentiality and integrity even in the most vulnerable scenarios.
This session will define Confidential Computing at a technical level and discuss current and upcoming hardware that have support for it. Later, we’ll introduce Enarx, an open source Linux Foundation project, and present a live demo to showcase Confidential Computing in a system that has been “pwned.”
Return to Index - Add to
- ics Calendar file
PHV - Friday - 10:00-17:59 PDT
Title: Packet Detective
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map
Description:
Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!
Return to Index - Add to
- ics Calendar file
PHV - Friday - 10:00-17:59 PDT
Title: Packet Inspector
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map
Description:
New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.
Return to Index - Add to
- ics Calendar file
DL - Friday - 12:00-13:55 PDT
Title: Packet Sender
When: Friday, Aug 12, 12:00 - 13:55 PDT
Where: Caesars Forum - Accord Boardroom (Demo Labs) - Map
SpeakerBio:Dan Nagle
Dan Nagle has over 15 years of software development experience. He has written and published apps for desktop, mobile, servers, and embedded. He is the author and inventor of Packet Sender, an app used daily by security researchers, featured in manuals from major tech companies, and is taught in universities around the world. He is also the author of 2 network-related patents and a book published by CRC Press. His open source contributions have received international awards, and he has presented at many developer conferences about them.
Description:
Packet Sender is a free open-source (GPLv2) cross-platform (Windows, Mac, Linux) tool used daily by security researchers, college students, and professional developers to troubleshoot and reverse engineer network-based devices. Its core features are crafting and listening for UDP, TCP, and SSL/TLS packets via IPv4 or IPv6. It can listen simultaneously on any number of ports while sending to any UDP, TCP, SSL/TLS packet server. It is available for direct download or through the Winget, Homebrew, Debian, or Snap repos.
Audience: Offensive, Defensive, Developers, Testers
Return to Index - Add to
- ics Calendar file
DC - Friday - 10:00-10:45 PDT
Title: Panel - "So It's your first DEF CON" - How to get the most out of DEF CON, What NOT to do.
When: Friday, Aug 12, 10:00 - 10:45 PDT
Where: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
SpeakerBio:DEF CON Goons
No BIO available
Description:
Panel - "So It's your first DEF CON" - How to get the most out of DEF CON, What NOT to do. This talk is a guide to enjoying DEF CON. We hope to talk about how to get the most out of your first con and asnwer questions live from the audience. Feel free to come meet some long time goons, attendees, and DEF CON staff as we discuss how to navigate Las Vegas hotels with 30k hackers surrounding around you.
Return to Index - Add to
- ics Calendar file
DC - Friday - 10:00-11:15 PDT
Title: Panel - DEF CON Policy Dept - What is it, and what are we trying to do for hackers in the policy world?
When: Friday, Aug 12, 10:00 - 11:15 PDT
Where: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
Speakers:DEF CON Policy Dept,The Dark Tangent
SpeakerBio:DEF CON Policy Dept
No BIO available
SpeakerBio:The Dark Tangent
, DEF CON
No BIO available
Description:
The nature of global power has changed. Cybersecurity is national security, economic stability, and public safety. Hackers - and the DEF CON community - sit at the intersection of technology and public policy. Policymakers seek our counsel and many of us have become regulars in policy discussions around the world. The DEF CON Policy Department creates a high-trust, high-collaboration forum unlike any other in the world for hackers and policymakers to come together.
Join this session to hear the vision for public policy at DEF CON, including where we’ve been, where we are, and where we’re going - as well as how you can be a part of it. Guest speakers will describe the history of hacking and hackers in public policy and provide a preview of this year’s sessions.
Return to Index - Add to
- ics Calendar file
AIV - Friday - 16:00-16:50 PDT
Title: Panel: AI and Hiring Tech
When: Friday, Aug 12, 16:00 - 16:50 PDT
Where: Caesars Forum - Summit 220->236 (AI Village) - Map
SpeakerBio:Rachel See
No BIO available
Description:
AI and ML is already being used to identify job candidates, screen resumes, assess worker productivity and even help tag candidates for firing. Can the interview chatbot AI really be fairer than a human being, and does the way you answer the personality test or your score on the video game assessment really reflect your ability to do the job? Of course, federal, state and local government regulators are concerned, and there are multiple (and potentially conflicting) regulatory efforts underway.
This conversation, featuring perspectives from a government regulator, civil-rights advocates, and a hacker who’s told a client that their AI is breaking the law, will highlight some of the existing and pending efforts to regulate AI-powered employment tools, and will focus on regulatory, technical and societal solutions to this very-real problem.
Return to Index - Add to
- ics Calendar file
GHV - Friday - 10:30-10:59 PDT
Title: Pause…Push,Pass, Pivot
When: Friday, Aug 12, 10:30 - 10:59 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map
SpeakerBio:Mary Chaney
Mary N. Chaney, Esq., CISSP, CIPP/US has over 25 years of progressive experience within the fields of Information Security, Privacy and Risk Management. She graduated from Xavier University in Cincinnati, Ohio with a B.S.B.A with a STEM related focus on Information Systems and became a licensed attorney in the State of Texas in 1999. Ms. Chaney began her career journey by serving as a Special Agent for the Federal Bureau of Investigation (FBI) in Los Angeles. While with the FBI she investigated all types of cyber related criminal activities, including denial of service attacks, computer intrusions, internet piracy, intellectual property theft, and copyright infringement. As a collateral duty she also served as the Associate Chief Information Security Officer and Information Systems Security Officer, where she was responsible for physical, building, information systems, and personnel security.
Mary’s global experience includes executive level information security and privacy roles with GE Capital (NYSE: GE), Johnson & Johnson (NYSE: JNJ), Comcast Corporation (NYSE: CMCSA) and Esperion Therapeutics (NASDAQ: ESPR). At GE Capital, she was the Director of Incident Response where she led a team responsible for supporting over 14,000 GE Capital Americas end-users. Those responsibilities included creating, drafting and publishing IT security policies, standards and procedures to support the overall mission of the organization. At Johnson & Johnson, she was the Director of the Security Operations Center, where she led the 24x7 Global Security Operations Center that monitored over 130,000 employees across 250 businesses. Mary was responsible for developing the overall strategic direction for security operations, in addition to staffing and developing training curriculum for her team to maintain constant knowledge of the changing cybersecurity threat landscape. At Comcast Corporation, Mary was a Senior Director of Information Security, in the Global CISO’s office, which had oversight responsibilities for both Comcast Cable and NBC Universal for cyber risk management. Her responsibilities included reviewing, assessing, and developing strategy to ensure information securities policies, procedures, and standards were applied effectively and consistently across the corporation. As well as proving the health and effectiveness of the global information security program by developing a cyber risk metrics dashboard that measured Comcast’s cyber risk posture across a multitude of areas. At Esperion, she was the Director of Information Security and Privacy. Her responsibilities included developing the overall strategic direction for both Information Security and Privacy, which included performing an information security and privacy assessment modeling the development of both programs using the NIST Cybersecurity and Privacy Frameworks. Drafting and publishing policies, standards and procedures for both Information Security and Privacy.
Mary’s entrepreneur endeavors include starting and running MBS Information Security Consulting, LLC (MBS). MBS provides information security consulting, training, and outsourcing services for small and midsized businesses, specifically focused on delivering sensible and affordable information security solutions. Mary opened the Law Offices of Mary N. Chaney, P.L.L.C, The Cyber Security Law Firm Of Texas, in 2018 with the specific mission of helping translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.
Mary serves the overall cybersecurity community in multiple ways. She serves on several advisory boards including: Post University, where she helps develop strategies on improving the cybersecurity curriculum to ensure students are more prepared to enter the cybersecurity workforce upon graduation; and The Cyber Law Consortium which primarily focuses on educating its members on the key issues, and the potential dangers and consequences, for businesses dealing with cybersecurity and data privacy issues. Previous board membership included the CompTIA© Cybersecurity Advisory Board (CCAB). CCAB addressed many of the most pressing cybersecurity concerns facing business and government and worked to educate and shape laws and legislation in the cybersecurity and privacy space; and ChickTech which is a national organization that encourages women and girls of all ages to pursue careers in technology industry. Mary is an adjunct professor with the University of Cincinnati, where she teaches online courses in cybersecurity to assist with the development of the next generation of cybersecurity professionals. Lastly, in 2019 she launched her own nonprofit, Minorities in Cybersecurity, Inc. (MiC) which focuses on support, leadership and career development for women and minorities in cybersecurity.
Description:No Description available
Return to Index - Add to
- ics Calendar file
PYV - Friday - 09:00-13:59 PDT
Title: Payment Hacking Challenge
When: Friday, Aug 12, 09:00 - 13:59 PDT
Where: Virtual - Payment Village
Description:
Try yourself in ATM, Online bank, POS and Cards hacking challenges.
Please join the DEF CON Discord and see the #payv-labs-text channel for more information.
Return to Index - Add to
- ics Calendar file
DL - Friday - 14:00-15:55 PDT
Title: PCILeech and MemProcFS
When: Friday, Aug 12, 14:00 - 15:55 PDT
Where: Caesars Forum - Council Boardroom (Demo Labs) - Map
Speakers:Ulf Frisk,Ian Vitek
SpeakerBio:Ulf Frisk
Ulf is a pentester by day, and a security researcher by night. Ulf is the author of the PCILeech direct memory access attack toolkit and MemProcFS. Ulf is interested in things low-level and primarily focuses on memory analysis and DMA.
SpeakerBio:Ian Vitek
Ian Vitek has a background as a pentester but now works with information security in the Swedish financial sector. Ian has held several presentations at DEF CON, BSidesLV and other IT security conferences.
Description:
The PCILeech direct memory access attack toolkit was presented at DEF CON 24 and quickly became popular amongst red teamers and game hackers alike. We will demonstrate how to take control of still vulnerable systems with PCIe DMA code injection using affordable FPGA hardware and the open source PCILeech toolkit. MemProcFS is memory forensics and analysis made super easy! Analyze memory by clicking on files in a virtual file system or by using the API. Analyze memory dump files or live memory acquired using drivers or PCILeech PCIe FPGA hardware devices.
Audience: Offense, Defense, Forensics, Hardware
Return to Index - Add to
- ics Calendar file
ASV - Friday - 16:00-16:50 PDT
Title: Pen Test Partner Power Hour
When: Friday, Aug 12, 16:00 - 16:50 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Speakers:Alex Lomas,Ken Munro
SpeakerBio:Alex Lomas
Alex Lomas is Pen Test Partner’s aerospace specialist. Alex undertakes penetration testing of complex embedded systems including airport operational technology and avionics systems such as inflight entertainment and aircraft monitoring systems. Alex has a Masters in Aeronautical Engineering and has held a private pilot’s license since 2011. These, combined with cyber security experience in both offensive and defensive roles, gives them a unique perspective when approaching the testing of airlines, airports, and aeronautical service providers.
SpeakerBio:Ken Munro
, Pentest Partners
Ken Munro is Partner and Founder of Pen Test Partners, a firm of penetration testers with a keen interest in aviation. Pen Test Partners has several pilots on the team, both private and commercial, recognizing that the increase in retired airframes has created opportunities for independent security research into aviation security. Pen Test Partners has been recognized for its highly responsible approach to vulnerability disclosure in aviation and was invited to join the Boeing Cyber Technical Council as a result. Pen Test Partners has published research into aviation cyber security, covering topics from airborne connectivity, avionics hardware, and connectivity with ground systems.
Description:
"Hacking EFBs: What’s an EFB and how does hacking one affect flight safety? We’ll cover tampering with perf, W&B and detail numerous real incidents that have stemmed from EFB misuse or miskeying. So far we’ve found exploitable vulns in 6 different EFB app suites, covering nearly every major operator in the world. Separately, the flight sim will be set up to demonstrate a tailstrike and/or runway excursion as a result of tampered perf on our own EFB” Vulnerability disclosure in aviation: the good, the bad and the unsafe:
“We’ve been researching aviation security for the past 5 years. Along the way we have responsibility disclosed numerous vulnerabilities. Our experience with various aviation businesses has ranged from excellent to appalling. Many of the issues stem from cultural issues at these businesses, failing to bust safety silos in engineering. What can anyone in aviation learn from our experience? How can one build a successful vulnerability disclosure program that boosts safety?”
Getting started in aviation & avionics security research
“Independent research in aviation has one big barrier to entry: airplanes cost $millions! How does a researcher or research group break in past this barrier? We’ll talk about ways we have successfully (and legally!) carried out vanilla security research in airplanes. What will you find on board and how do the various systems work?”"
Return to Index - Add to
- ics Calendar file
ASV - Friday - 10:00-11:59 PDT
Title: Pen Test Partners A320 Simulator
When: Friday, Aug 12, 10:00 - 11:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.
Return to Index - Add to
- ics Calendar file
ASV - Friday - 13:00-14:59 PDT
Title: Pen Test Partners A320 Simulator
When: Friday, Aug 12, 13:00 - 14:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.
Return to Index - Add to
- ics Calendar file
SEV - Friday - 17:00-17:30 PDT
Title: Phishing with Empathy: Running Successful Phishing Campaigns without Making Enemies and Irritating People
When: Friday, Aug 12, 17:00 - 17:30 PDT
Where: LINQ - 3rd flr - Social A (Social Engineering Community) - Map
Speakers:Brian Markham,SooYun Chung
SpeakerBio:Brian Markham
Brian Markham is an executive, hacker, advisor, and mentor who is passionate about building security programs and teams. He’s worked in IT and security for over 20 years and is currently the CISO at EAB Global.
Twitter: @maru37
SpeakerBio:SooYun Chung
, Security Analyst
SooYun Chung is a Security Analyst at EAB Global, a leading provider of technology, marketing, and research solutions for institutions of higher education. In her role at EAB, SooYun focuses on risk management, social engineering (with a focus on conducting phishing engagements), and security awareness. She is an alumni of Rutgers University and holds multiple certifications.
Twitter: @theiciso
Description:
Running phishing simulations can be complicated. At worst, you risk damaging your personal brand and that of the Information Security function. What if you could run a phishing simulation that maximizes all the value that you hope to get from these simulations, while minimizing potential bad outcomes? In this talk, we’ll go through the lessons we’ve learned from running successful phishing campaigns and focus on how to approach this work with empathy and a positive attitude to boost your organization’s security IQ. Session participants will learn how to: – Design, execute, and measure the results of phishing simulations on a budget – Craft effective, thoughtful phishing pretexts and learn which pretexts should be avoided – Avoid common pitfalls through proactive communication and executive buy-in.
Return to Index - Add to
- ics Calendar file
DC - Friday - 14:00-14:20 PDT
Title: Phreaking 2.0 - Abusing Microsoft Teams Direct Routing
When: Friday, Aug 12, 14:00 - 14:20 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
SpeakerBio:Moritz Abrell
, SySS GmbH
Moritz Abrell is an experienced expert in Voice-over-IP and network technologies with a focus on information security.
He works as a senior IT security consultant and penetration tester for the Germany-based pentest company SySS GmbH, where he daily deals with the practical exploitation of vulnerabilities and advises customers on how to fix them.
In addition, he regularly publishes his security research in blog posts or presents it at IT security conferences.
Twitter: @moritz_abrell
Description:
Microsoft Teams offers the possibility to integrate your own communication infrastructure, e.g. your own SIP provider for phone services. This requires a Microsoft-certified and -approved Session Border Controller. During the security analysis of this federation, Moritz Abrell identified several vulnerabilities that allow an external, unauthenticated attacker to perform toll fraud.
This talk is a summary of this analysis, the identified security issues and the practical exploitation as well as the manufacturer's capitulation to the final fix of the vulnerabilities.
Return to Index - Add to
- ics Calendar file
PSV - Friday - 17:00-17:59 PDT
Title: Physical Security Bypasses
When: Friday, Aug 12, 17:00 - 17:59 PDT
Where: Caesars Forum - Summit 201-202 (Physical Security Village) - Map
SpeakerBio:redteamwynns
Principal Consultant @ Coalfire focused on physical security. Unlawfully arrested on the job in Iowa. Improve things, learn, help people!
Twitter: @redteamwynns
Description:
We're skipping lock picking and discussing the other elements of physical security. Come and learn about the evolution of modern physical security, and what you can do to attack and defend common systems. We'll briefly review terminology and legality before exploring a wide variety of modern security devices and bypasses, with plenty of tricks and tips along the way.
Return to Index - Add to
- ics Calendar file
PSV - Friday - 10:00-17:59 PDT
Title: Physical Security Village
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Summit 201-202 (Physical Security Village) - Map
Description:
The Physical Security Village (formerly known as the Lock Bypass Village) explores the world of hardware bypasses and techniques generally outside of the realm of cyber security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself!
We'll be covering the basics, including the under-the-door-tool and latch slipping attacks, as well as an in-depth look at more complicated bypasses. Learn about elevator hacking, try out alarm system attacks at the sensor and communication line, and have an inside look at common hardware to see how it works.
No prior experience or skills necessary - drop in and learn as much or as little as you'd like!
Looking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!
Return to Index - Add to
- ics Calendar file
ROV - Friday - 11:00-11:59 PDT
Title: Picking Pockets, Picked Apart
When: Friday, Aug 12, 11:00 - 11:59 PDT
Where: LINQ - 3rd flr - Evolution (Rogues Village) - Map
SpeakerBio:James Harrison
No BIO available
Twitter: @PickpocketJames
Description:
In this workshop, James will be going over the mechanics of picking pockets as well as the psychological principles which allow this centuries old technique to persist to this day.
Return to Index - Add to
- ics Calendar file
SOC - Friday - 20:00-21:59 PDT
Title: Pilots and Hackers Meetup
When: Friday, Aug 12, 20:00 - 21:59 PDT
Where: Caesars Forum - Caucus & Society Boardrooms (Demo Labs) - Map
Description:
Aerospace Village presents....
Buzzing the tower – a Pilot / Hacker meetup
Whether you are a hacker, a pilot, or have an interest in either you are welcome to join us at Buzzing the Tower, a meetup hosted by the Aerospace Village. Come and relax, squawk with others, and try your hand at our DEF CON 30 themed Flight Sim challenge! So please stow your tray table in readiness for landing at the destination favoured by pilots and hackers alike!
Return to Index - Add to
- ics Calendar file
CPV - Friday - 11:00-11:30 PDT
Title: Positive Identification of Least Significant Bit Image Steganography
When: Friday, Aug 12, 11:00 - 11:30 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
SpeakerBio:Michael Pelosi
Michael Pelosi is associate professor of computer science at Texas A&M University Texarkana. His research publications include artificial intelligence, computer security, steganography and counter-steganography applications.
Description:
Steganography has long been used to counter forensic investigation. This use of steganography as an anti-forensics technique is becoming more widespread. This requires forensic examiners to have additional tools to more effectively detect steganography. In this talk we introduce a new software concept specifically designed to allow the digital forensics professional to clearly identify and attribute instances of least significant bit (LSB) image steganography by using the original cover image in side-by-side comparison with a suspected steganographic payload image. This technique is embodied in a software implementation named CounterSteg.
The CounterSteg software allows detailed analysis and comparison of both the original cover image and any modified image, using sophisticated bit- and color-channel visual depiction graphics. In certain cases, the steganographic software used for message transmission can be identified by the forensic analysis of LSB and other changes in the payload image. This paper demonstrates usage and typical forensic analysis with eight commonly available steganographic programs.
Future work will attempt to automate the typical types of analysis and detection. This is important, as currently there is a steep rise in the use of image LSB steganographic techniques to hide the payload code used by malware and viruses, and for the purposes of data exfiltration. This results because of the fact that the hidden code and/or data can more easily bypass virus and malware signature detection in such a manner as being surreptitiously hidden in an otherwise innocuous image file.
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 15:30-15:59 PDT
Title: Power Flow 101 for hackers and analysts
When: Friday, Aug 12, 15:30 - 15:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map
SpeakerBio:Stefan Stephenson-Moe
, Senior Sales Engineer
Stefan started his career working in the Power Industry, for a major Power company that was based in the South. He is a mechanical engineer by training but ended up working in infosec. He helped stand up the first SOC at a major utility and was one of its first four members. He has both red and blue experience working as a security engineer at a major bank as well as a penetration tester for Coalfire. He currently works for Splunk helping people understand how all data can be securitydata. He is a strong believer in the idea that you can't protect what you don't understand, and right now most analysts don't understand the physics behind the systems they're protecting.
Description:
Has this ever happened to you? You get root on an RTU in a transmission substation but have no idea what any of the settings are, or do. Are you an analyst that doesn't understand why someone changing a transformer tap setting might be a bad thing? Are you wondering if you've been hacked because you're equipment is saying you have a ground fault but also that your voltage and current phasors are 120 degrees out of phase? Then come to this talk and learn about Power Fundamentals. We'll go over all the basics no one every taught you, like AC current, phasors, calculating Power Flow, and how transformers work.
Return to Index - Add to
- ics Calendar file
QTV - Friday - 16:30-17:30 PDT
Title: PQC in the Real World
When: Friday, Aug 12, 16:30 - 17:30 PDT
Where: Caesars Forum - Summit 217 (Quantum Village) - Map
SpeakerBio:James Howe
No BIO available
Description:
This talk focuses on cryptography topics that have not yet been discussed in any PQC 101 talks thus far;
either because they are outside of the scope of the NIST PQC standardization project (thus far), or because they are relatively new and novel constructions.
Return to Index - Add to
- ics Calendar file
BTV - Friday - 11:00-12:30 PDT
Title: Practical Dark Web Hunting using Automated Scripts
When: Friday, Aug 12, 11:00 - 12:30 PDT
Where: Virtual - BlueTeam Village - Workshops
SpeakerBio:Apurv Singh Gautam
Apurv Singh Gautam works as a Threat Researcher at Cyble. He commenced work in Threat Intel 3 years ago. He works on hunting threats from the surface and dark web by utilizing OSINT, SOCMINT, and HUMINT. He is passionate about giving back to the community and has already conducted several talks and seminars at conferences like SANS, Defcon, BSides, local security meetups, schools, and colleges. He loves volunteering with Station X to help students make their way in Cybersecurity. He looks forward to the end of the day to play and stream one of the AAA games Rainbow Six Siege.
Description:
The workshop will start by taking everyone over why we should focus on the dark web for research and why it is important to collect data from the dark web. We will explore the importance of data collection with some examples. The second part of the workshop will cover some dark web OSINT tools that one can use to start with dark web data collection/hunting. Attendees will learn how these tools work and what different categories of these dark web OSINT tools one can utilize in their research. The third part of the workshop will cover tools and libraries to create your dark web hunting platform. We will explore writing code and automating dark web data collection. This part includes a live lab demo and code explanation. The workshop will end with a few tips on OpSec practices and resources to start with dark web hunting.
Takeaways from the workshop:
- Understanding why darkerb research is important
- Darkweb OSINT tools collection to start your research
- Basic understanding of automated dark web data hunting
- Python Codebase to start with your dark web data collection
How can you effectively hunt data from the dark web using scripts? How can you circumvent scraping defenses on the dark web? If you are curious about the answers to these questions and want to learn how to effectively write automated scripts for this task, then this workshop is for you. In this workshop, you will learn why collecting data from the dark web is essential, how you can create your tools & scripts, and automate your scripts for effective collection. The workshop's primary focus will be on circumventing defenses put by forums on the dark web against scraping.
Return to Index - Add to
- ics Calendar file
PT - Monday - 09:00-16:59 PDT
Title: Practical Secure Code Review
When: Monday, Aug 15, 09:00 - 16:59 PDT
Where: Caesars Forum - Map
Speakers:Ken Johnson,Seth Law
SpeakerBio:Ken Johnson
Ken Johnson, has been hacking web applications professionally for 12 years and given security training for 9 of those years. Ken is both a breaker and builder and currently works on the GitHub application security team. Previously, Ken has spoken at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events about appsec, devops security, and AWS security. Ken’s current projects are WeirdAAL, OWASP Railsgoat, and the Absolute AppSec podcast with Seth Law.
Twitter: @cktricky
SpeakerBio:Seth Law
Seth Law is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, Seth has worked within multiple disciplines in the security field, from software development to network protection, both as a manager and individual contributor. Seth has honed his application security skills using offensive and defensive techniques, including tool development. Seth is employed as a security consultant, hosts the Absolute AppSec podcast with Ken Johnson, and is a regular speaker at developer meetups and security events, including Blackhat, Defcon, CactusCon, and other regional conferences.
Twitter: @sethlaw
Description:
Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/seth-law-ken-johnson-practical-secure-code-review
Training description:
Ready to take your bug hunting to a deeper level? Ever been tasked with reviewing source code for SQL Injection, XSS, Access Control and other security flaws? Does the idea of reviewing code leave you with heartburn? This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit your development of a custom secure code review process by gleaning from Seth & Ken's past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language.
Return to Index - Add to
- ics Calendar file
PT - Tuesday - 09:00-16:59 PDT
Title: Practical Secure Code Review
When: Tuesday, Aug 16, 09:00 - 16:59 PDT
Where: Caesars Forum - Map
Speakers:Ken Johnson,Seth Law
SpeakerBio:Ken Johnson
Ken Johnson, has been hacking web applications professionally for 12 years and given security training for 9 of those years. Ken is both a breaker and builder and currently works on the GitHub application security team. Previously, Ken has spoken at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events about appsec, devops security, and AWS security. Ken’s current projects are WeirdAAL, OWASP Railsgoat, and the Absolute AppSec podcast with Seth Law.
Twitter: @cktricky
SpeakerBio:Seth Law
Seth Law is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, Seth has worked within multiple disciplines in the security field, from software development to network protection, both as a manager and individual contributor. Seth has honed his application security skills using offensive and defensive techniques, including tool development. Seth is employed as a security consultant, hosts the Absolute AppSec podcast with Ken Johnson, and is a regular speaker at developer meetups and security events, including Blackhat, Defcon, CactusCon, and other regional conferences.
Twitter: @sethlaw
Description:
Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/seth-law-ken-johnson-practical-secure-code-review
Training description:
Ready to take your bug hunting to a deeper level? Ever been tasked with reviewing source code for SQL Injection, XSS, Access Control and other security flaws? Does the idea of reviewing code leave you with heartburn? This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit your development of a custom secure code review process by gleaning from Seth & Ken's past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language.
Return to Index - Add to
- ics Calendar file
PT - Tuesday - 09:00-16:59 PDT
Title: Pragmatic API Exploration
When: Tuesday, Aug 16, 09:00 - 16:59 PDT
Where: Caesars Forum - Map
Speakers:Aubrey Labuschagne (William),Marianka Botes
SpeakerBio:Aubrey Labuschagne (William)
Aubrey is a security analyst at SensePost. Over the years he has had many roles which included project management, product management, development, training and being a security analyst. Interest for security grew from emergence into information warfare. His hobbies include the development of sensor centric platforms. He has a big passion for training and has completed his masters on how to improve the effectiveness of security awareness programs. He currently holds several certifications which include OSCP, ECSA and ISO 27032 certifications.
Twitter: @cyber_protect
SpeakerBio:Marianka Botes
Marianka is a security analyst for the SensePost team at Orange Cyberdefense. She studied Information Technology at the North-West University (Pukke) in South Africa and has a big passion for hacking. In her off time she will study up some Dad jokes or find the best places to order chicken wings.
Twitter: @mariankabotes
Description:
Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/aubrey-labuschagne-william-marianka-botes-pragmatic-api-exploration
Training description:
The use of Application Programming Interfaces (APIs) have become ubiquitous as business expose and consume services.
Therefore, the threat landscape of organizations increases with the adoption of APIs. The content of the course creates awareness around the various attack vectors used targeting APIs and provides actionable mitigation strategies.
The aim of this course is to empower you to conduct a risk assessment of an API. This hands-on course covers API basics, setting up a test environment, API threat model, API protocols and architectures, typical vulnerabilities, enumerating an attack surface and best practices around security.
Moreover, it focuses on gaining practical experience of the OWASP Top 10 for APIs. In addition, you would be gaining practical experience on exploiting typical vulnerabilities on RESTful (REST) APIs and GraphQL. The course concludes with a capture the flag (CTF) to apply knowledge gained during the course.
Return to Index - Add to
- ics Calendar file
PT - Monday - 09:00-16:59 PDT
Title: Pragmatic API Exploration
When: Monday, Aug 15, 09:00 - 16:59 PDT
Where: Caesars Forum - Map
Speakers:Aubrey Labuschagne (William),Marianka Botes
SpeakerBio:Aubrey Labuschagne (William)
Aubrey is a security analyst at SensePost. Over the years he has had many roles which included project management, product management, development, training and being a security analyst. Interest for security grew from emergence into information warfare. His hobbies include the development of sensor centric platforms. He has a big passion for training and has completed his masters on how to improve the effectiveness of security awareness programs. He currently holds several certifications which include OSCP, ECSA and ISO 27032 certifications.
Twitter: @cyber_protect
SpeakerBio:Marianka Botes
Marianka is a security analyst for the SensePost team at Orange Cyberdefense. She studied Information Technology at the North-West University (Pukke) in South Africa and has a big passion for hacking. In her off time she will study up some Dad jokes or find the best places to order chicken wings.
Twitter: @mariankabotes
Description:
Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/aubrey-labuschagne-william-marianka-botes-pragmatic-api-exploration
Training description:
The use of Application Programming Interfaces (APIs) have become ubiquitous as business expose and consume services.
Therefore, the threat landscape of organizations increases with the adoption of APIs. The content of the course creates awareness around the various attack vectors used targeting APIs and provides actionable mitigation strategies.
The aim of this course is to empower you to conduct a risk assessment of an API. This hands-on course covers API basics, setting up a test environment, API threat model, API protocols and architectures, typical vulnerabilities, enumerating an attack surface and best practices around security.
Moreover, it focuses on gaining practical experience of the OWASP Top 10 for APIs. In addition, you would be gaining practical experience on exploiting typical vulnerabilities on RESTful (REST) APIs and GraphQL. The course concludes with a capture the flag (CTF) to apply knowledge gained during the course.
Return to Index - Add to
- ics Calendar file
DC - Friday - 14:00-14:45 PDT
Title: Process injection: breaking all macOS security layers with a single vulnerability
When: Friday, Aug 12, 14:00 - 14:45 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
SpeakerBio:Thijs Alkemade
, Security Researcher at Computest
Thijs Alkemade (@xnyhps) works at the security research division of at Computest. This division is responsible for advanced security research on commonly used systems and environments. Thijs has won Pwn2Own twice, by demonstrating a zero-day attack against Zoom at Pwn2Own Vancouver 2021 and by demonstrating multiple exploits in ICS systems at Pwn2Own Miami 2022. In previous research he demonstrated several attacks against the macOS and iOS operating systems. He has a background in both mathematics and computer science, which gives him a lot of experience with cryptography and programming language theory.
Twitter: @xnyhps
Description:
macOS local security is shifting more and more to the iOS model, where every application is codesigned, sandboxed and needs to ask for permission to access sensitive data. New security layers have been added to make it harder for malware that has gained a foothold to compromise the user's most sensitive data. Changing the security model of something as large and established as macOS is a long process, as it requires many existing parts of the system to be re-examined. For example, creating a security boundary between applications running as the same user is a large change from the previous security model.
CVE-2021-30873 is a process injection vulnerability we reported to Apple that affected all macOS applications. This was addressed in the macOS Monterey update, but completely fixing this vulnerability requires changes to all third-party applications as well. Apple has even changed the template for new applications in Xcode to assist developers with this.
In this talk, we'll explain what a process injection vulnerability is and why it can have critical impact on macOS. Then, we'll explain the details of this vulnerability, including how to exploit insecure deserialization in macOS. Finally, we will explain how we exploited it to escape the macOS sandbox, elevate our privileges to root and bypass SIP.
Return to Index - Add to
- ics Calendar file
CLV - Friday - 15:00-16:59 PDT
Title: Prowler Open Source Cloud Security: A Deep Dive Workshop
When: Friday, Aug 12, 15:00 - 16:59 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Cloud Village) - Map
SpeakerBio:Toni de la Fuente
No BIO available
Twitter: @ToniBlyx
Description:
Whether you are a long time Prowler user or if you are just getting started, this workshop will give you the tools to get AWS security up and running and under control at your organization.
With millions of downloads and a large community of users, Prowler is one of the most used tools when it comes to AWS security assessments, hardening, incident response and security posture monitoring.
Prowler has some new features and important changes coming in v3.0. This includes a new check architecture, python support, and a load of new checks for compliance and AWS services. In addition to allowing us to build new checks with the existing bash/aws-cli support we will teach how to do it with python as well and going beyond the AWS API and increasing the coverage of Prowler to get the most of it and adapt it to your requirements.
Return to Index - Add to
- ics Calendar file
CPV - Friday - 12:00-12:30 PDT
Title: PSA: Doorbell Cameras Have Mics, Too
When: Friday, Aug 12, 12:00 - 12:30 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
Speakers:Matthew Guariglia,Yael Grauer
SpeakerBio:Matthew Guariglia
Dr. Matthew Guariglia is a historian of policing and surveillance and a policy analyst at EFF, where he works on issues of surveillance at the local, state, and federal level.
SpeakerBio:Yael Grauer
Yael Grauer is an investigative tech reporter covering privacy and security at Consumer Reports. She manages Security Planner, a free, easy-to-use guide to staying safer online.
Description:
Millions of video doorbells have been installed outside of U.S. homes. They’re so ubiquitous that you might expect to be captured on other people’s video feeds every time you walk or drive down the street. What you might not be aware of is that video doorbells can record audio, too. Conversations you have in your own home or when walking by a neighbor’s house may be sitting on Amazon’s servers. You might be recording audio from unsuspecting passersby, too. In this talk, we’ll discuss new Consumer Reports research—both in our lab and outside of our smart home reporter’s home—on audio capture distance. We’ll delve into potential risks and privacy concerns. And we’ll discuss what video doorbell owners can do (short of getting rid of the devices altogether).
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-17:59 PDT
Title: pTFS Presents: Mayhem Industries - Outside the Box
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
pTFS is a hacker collective that has been competing in various DEF CON contests for almost 15 years.
Outside the Box is a fun and interactive jeopardy style CTF contest. Don't worry if you don't know what that means. Winning will require demonstrating a wide range of hacking skills, but participating is encouraged for all ability levels. Challenges range from simple puzzles, to challenging crypto problems, to truly outside the box hijinks.
Mayhem Industries, a big multinational corporation, runs energy extraction and private military contracting all over the world. Our game begins with a tip that they're Up To Something on an oil rig in the Black Sea off the coast of Egypt. But what are they up to? How do you even hack an oil rig? Is this box with flashing light, exposed ports, and locked doors and ancient relic or of some extraterrestrial origin‽ Join us at DEF CON 30 to find out.
Fk Gl Hlnvgsrmt
Return to Index - Add to
- ics Calendar file
DC - Friday - 18:00-18:45 PDT
Title: Pulling Passwords out of Configuration Manager: Practical Attacks against Microsoft's Endpoint Management Software
When: Friday, Aug 12, 18:00 - 18:45 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
SpeakerBio:Christopher Panayi
, Chief Research Officer, MWR CyberSec
Christopher is the Chief Research Officer at MWR CyberSec (https://mwrcybersec.com), having previously led cyber-defense, red team, and targeted attack simulation (TAS) engagements for several years, as well as having designed and help run the in-house training programme for security consultants at MWR. As part of this work, a major focus area for him had been understanding attack techniques impacting Active Directory (AD); this led to publications such as: a discussion of practical ways to perform pass-the-hash attacks (https://labs.f-secure.com/blog/pth-attacks-against-ntlm-authenticated-web-applications/) and a discussion of the previous gold standard in AD security, the red forest, and why it did not meet its goal of making environments more secure in many cases (https://www.f-secure.com/content/dam/press/ja/media-library/reports/F-Secure%20Whitepaper%20-%20Tending%20To%20the%20Red%20Forest%20(English).pdf). His interest in how things work at a deep technical level - and desire to develop an understanding of how to use this information to compromise and secure systems and environments - has led him to his current focus, investigating and understanding Microsoft Endpoint Configuration Manager, how it interacts with AD, and how to abuse its configuration to attack enterprise environments.
Twitter: @Raiona_ZA
Description:
System Center Configuration Manager, now Microsoft Endpoint Configuration Manager (MECM), is a software management product that has been widely adopted by large organizations to deploy, update, and manage software; it is commonly responsible for the deployment and management of the majority of server and workstation machines in enterprise Windows environments.
This talk will provide an outline of how MECM is used to deploy machines into enterprise environments (typically through network booting, although it supports various Operating System deployment techniques), and will explore attacks that allow Active Directory credentials to be extracted from this process. The common MECM misconfigurations leading to these attacks will be detailed and, in so doing, the talk will aim to show how to identify and exploit these misconfigurations and how to defend against these attacks. Each viable attack will be discussed in depth (mostly by discussing the protocols and architecture in use, but sometimes by diving into relevant code, if necessary) so that the context of how and why the attack works will be understood. These concepts will be illustrated through the demo and release of a tool that allows for the extraction of credentials from several of the onsite deployment techniques that MECM supports.
Return to Index - Add to
- ics Calendar file
PSV - Friday - 12:30-12:59 PDT
Title: Pwning Alarm Wires
When: Friday, Aug 12, 12:30 - 12:59 PDT
Where: Caesars Forum - Summit 201-202 (Physical Security Village) - Map
SpeakerBio:Bill Graydon
, Principal, Physical Security Analytics, GGR Security
Bill Graydon is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running DEF CON’s Lock Bypass Village. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in cyber security, anti-money laundering, and infectious disease detection.
Twitter: @access_ctrl
Description:
First you'll get an overview of all hardware and systems involved in access controlled doors and alarm systems, and a multitude of attack vectors to defeat them; then try your hand at a number of these attacks using our physical displays and online games.
Return to Index - Add to
- ics Calendar file
DCGVR - Friday - 16:00-16:59 PDT
Title: Pwning Lazy Admins
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Virtual - DEF CON Groups VR
SpeakerBio:Jabbles
I'm Juan, I'm the co founder of the Tijuana Defcon Group. Former intelligence consultant for the Mexican Government now working in IT Security full time.
Twitter: @Jb198813
Description:
"We know that the human element is always the weakest in cybersecurity, and that usually the blame falls on poorly trained users. But in this talk I will go through some findings regarding an even more dangerous kind of human, the Lazy IT guy.
I will talk about findings regarding physical access, password reuse, using business devices for personal use, bad cable management, incident response and how we fixed that."
Return to Index - Add to
- ics Calendar file
PSV - Friday - 14:30-14:59 PDT
Title: Pwning RFID From 6ft Away
When: Friday, Aug 12, 14:30 - 14:59 PDT
Where: Caesars Forum - Summit 201-202 (Physical Security Village) - Map
Speakers:Daniel Goga,Langston Clement (aka sh0ck)
SpeakerBio:Daniel Goga
Dan Goga serves as a Security Consultant with Core BTS focused on conducting penetration testing and vulnerability assessments. Dan Goga has seven years of information security experience in the public, private, and academic sectors. Dan has extensive knowledge and experience with RFID hacking, phishing techniques, social engineering techniques, and penetration testing Microsoft Active Directory and cloud environments.
Twitter: @_badcharacters
SpeakerBio:Langston Clement (aka sh0ck)
Langston Clement (sh0ck) grew up reading stories about the 90's hacker escapades and then after years of observing the scene, he jumped into the cybersecurity field and never looked back. He is the current lead for Red Team operations and Penetration Testing engagements at Core BTS. With over fifteen (15) years of public and private sector experience in cybersecurity and ethical hacking, his goal is to provide organizations with valuable and actionable information to help improve their security posture. Langston's specializations focus on modern-day social engineering techniques, wireless and RFID attacks, vulnerability analysis, as well as physical and cloud penetration testing.
Twitter: @sh0ckSec
Description:
Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge if you must stay at least 6 feet from a person? Over the past two years, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge. Langston and Dan discuss their Red Team adventures and methods that can be used beyond a social distancing era. This presentation is supplemented with files and instructions that are available for download in order to build your own standalone gooseneck reader and wall implant devices!
Return to Index - Add to
- ics Calendar file
QTV - Friday - 15:30-16:30 PDT
Title: Quantum Hardware Hacking
When: Friday, Aug 12, 15:30 - 16:30 PDT
Where: Caesars Forum - Summit 217 (Quantum Village) - Map
SpeakerBio:Mark C
No BIO available
Description:
Come and find out how the quantum computer tech stack works, and what interesting things can be done with a hacker mindset on quantum algos.
Return to Index - Add to
- ics Calendar file
QTV - Friday - 10:00-10:59 PDT
Title: Quantum Village Opening Ceremony
When: Friday, Aug 12, 10:00 - 10:59 PDT
Where: Caesars Forum - Summit 217 (Quantum Village) - Map
SpeakerBio:Quantum Village Team
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
SOC - Friday - 16:00-17:59 PDT
Title: Queercon Mixer
When: Friday, Aug 12, 16:00 - 17:59 PDT
Where: Caesars Forum - Forum 120-123, 129, 137 (Chillout) - Map
Description:
The lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those you’ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.
Return to Index - Add to
- ics Calendar file
SOC - Friday - 22:00-00:59 PDT
Title: Queercon Party
When: Friday, Aug 12, 22:00 - 00:59 PDT
Where: Caesars Forum - Forum 108-110 - Map
Description:
The lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those you’ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.
Return to Index - Add to
- ics Calendar file
RTV - Friday - 13:00-13:59 PDT
Title: Quiet Recon: Gathering everything you need with LDAP and native AD services
When: Friday, Aug 12, 13:00 - 13:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
SpeakerBio:Cory Wolff
No BIO available
Twitter: @cwolff411
Description:No Description available
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-13:59 PDT
Title: Radio Frequency Capture the Flag
When: Friday, Aug 12, 10:00 - 13:59 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
Description:
The RF CTF will be hybrid this year, everyone worldwide is free to play.
Do you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?
RF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 30. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.
We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.
There will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.
FOR THE NEW FOLKS
Our virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it isn’t required.
Read the presentations at: https://rfhackers.com/resources
Hybrid Fun
For DEF CON 30 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), free of charge. In addition to the virtual challenges, we will also have a large number of “in person” only challenges. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. It should be clear that playing only the virtual game will put you in a severe available point disadvantage. Please don’t expect to place if you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.
THE GAME
To score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is worth positive points. Some flags will be worth more points the earlier they are submitted, and others will be negative. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.
To play our game at DEF CON 30 join SSID: RFCTF_Contestant with password: iluvpentoo
Return to Index - Add to
- ics Calendar file
BTV - Friday - 13:00-14:30 PDT
Title: Ransomware ATT&CK and Defense
When: Friday, Aug 12, 13:00 - 14:30 PDT
Where: Virtual - BlueTeam Village - Workshops
Speakers:Daniel Chen,Esther Matut,Ronny Thammasathiti,Nick Baker,Ben Hughes
SpeakerBio:Daniel Chen
DFIR consultant and penetration tester at Polito Inc. I investigated numerous ransomware incidents, hunted for adversaries, and assisted with red teaming.
SpeakerBio:Esther Matut
To be completed.
SpeakerBio:Ronny Thammasathiti
Ronny Thammasathiti (@ronnyt) started out as an aspiring concert pianist but later took a big switch to cyber security with Polito Inc in the past 4 years. His main role at the company is as a detection Engineer using Elasticsearch and developing tools and applications using his knowledge of Python language.
SpeakerBio:Nick Baker
Nick Baker has over 10 years in cybersecurity. Prior to Polito, Nick spent 20 years as a Signal Warrant Officer in the U.S. Army. He performed over 10 years in the cybersecurity field with a heavy focus in computer network defense by providing expertise for the proper employment, support, and defense of strategic and tactical information networks, systems, and services in operations supporting the Army’s cyberspace domain. Nick’s other 10 years was providing IT support, operations, and functions. I hold multiple credentials including SANS, CompTIA and ICS2.
SpeakerBio:Ben Hughes
Ben Hughes (@CyberPraesidium) brings over 15 years of diverse experience in cybersecurity, IT, and law. He leads Polito Inc.'s commercial cybersecurity services including threat hunting, digital forensics and incident response (DFIR), penetration testing, red teaming, adversary emulation, and training. Prior to Polito, Ben worked on APT hunt teams at federal and commercial clients. He currently holds CISSP, GCFA, GWAPT, and endpoint security vendor certifications.
Description:
This hands-on training workshop will walk attendees through threat hunting exercises to detect and investigate common Tactics, Techniques, and Procedures (TTPs) frequently used by ransomware threat actors during an attack. From Reconnaissance and Initial Access to Exfiltration and Impact, attendees will be exposed to a compressed ransomware attack lifecycle while being able to leverage attack TTPs including commands, scripts, tools, communication channels, and techniques that we frequently see and use in the wild. Tactics and techniques will be mapped to the MITRE ATT&CK Framework, and will be inspired by ATT&CK's Adversary Emulation Plans. The workshop will accordingly incorporate offensive operation elements such as adversary emulation and red teaming, but with an emphasis on purple teaming and blue teaming. In other words, we will explore the logs and other artifacts potentially left behind by our attack TTPs and how the blue team might utilize endpoint and network logs and defensive tooling to detect and disrupt the ATT&CK kill chain components. Examples of tools and threat intelligence sources that will be incorporated include Atomic Red Team, open-source offensive security tools such as Mimikatz, Living off the Land Binaries and Scripts (LOLBAS) including PowerShell, real-world or Proof-of-Concept malware samples and exploits, and leaked ransomware playbooks supplemented by other open-source intelligence (OSINT) sources; and specifically on the blue team side, popular security logging pipeline and Security Information and Events Management (SIEM) tools such as Sysmon and Elastic Stack.
This hands-on training workshop will walk attendees through hunting for Tactics, Techniques, and Procedures (TTPs) frequently used by ransomware adversaries. From Reconnaissance and Initial Access to Exfiltration and Impact, attendees will be exposed to a compressed ransomware attack lifecycle. Workshop TTPs will be mapped to the MITRE ATT&CK Framework, and it will incorporate offensive operation elements such as adversary emulation, but while emphasizing purple and blue teaming. We will explore the endpoint and network logs left behind by attack TTPs and how the blue team can utilize such logs and defensive tooling to detect and disrupt the attack.
Return to Index - Add to
- ics Calendar file
CON - Friday - 12:00-17:59 PDT
Title: Red Alert ICS CTF
When: Friday, Aug 12, 12:00 - 17:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.
The contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.
Red Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).
Highlights of the Red Alert ICS CTF is available at: https://youtu.be/AanKdrrQ0u0
Team Size: The team size is limited to a maximum of 4 players per team. Teams can have 1-4 players.
Additional Information: The toolkit required to access any of our specialized hardware/equipment will be provided by us.
Return to Index - Add to
- ics Calendar file
ASV - Friday - 10:00-15:59 PDT
Title: Red Balloon Failsat Challenges
When: Friday, Aug 12, 10:00 - 15:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
Red Balloon Security will provide satellite modems as well as a small satellite for the modems to communicate with. We will provide support and training at the event to help people work through all steps of the challenges using OFRAK. OFRAK (Open Firmware Reverse Analysis Konsole) combines the ability to unpack, analyze, modify, and repack binaries & firmware in a single application. PWNSAT CHALLENGE
Participants will analyze and modify the modem firmware with the goal of successfully patching in shellcode to send malicious commands to the CubeSat to make it spin. Modifications may include – disabling firewall, finding credentials, and shellcode writing + injection. Winners with the most interesting CubeSat spin results will be rewarded with a prize.
SAFE SPACE: SATELLITE CONTROL PATCHING
In this challenge, participants will have the opportunity to construct and apply a patch modeled after a real world bug detected in spacecrafts. The challenge will be to understand and patch code that’s trying to solve an equation, but has a bug that makes the satellite unusable. We provide guidance on how to identify the mistake and present multiple approaches in increasing degrees of patching complexity.
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-16:59 PDT
Title: Red Team Village CTF Qualifiers Part 1
When: Friday, Aug 12, 10:00 - 16:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
Once again this year’s DEF CON Red Team CTF will be hosted by Threat Simulations! We have an amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network. This event is not for the faint of heart, first you will battle with hundreds of teams in a jeopardy board style ctf, then the top teams will enter the finals where your Red Team skills will be tested in a full Active Directory environment. Your team will compete against some of the best red teamers in the world as you exploit, pivot, and loot the target environment.
Return to Index - Add to
- ics Calendar file
RTV - Friday - 11:00-11:59 PDT
Title: Red Team Village Keynote Panel
When: Friday, Aug 12, 11:00 - 11:59 PDT
Where: Flamingo - Mesquite Ballroom (Red Team Village) - Map
Speakers:John Hammond,Alh4zr3d,Ryan M. Montgomery
SpeakerBio:John Hammond
No BIO available
Twitter: @_JohnHammond
SpeakerBio:Alh4zr3d
No BIO available
Twitter: @Alh4zr3d
SpeakerBio:Ryan M. Montgomery
No BIO available
Twitter: @0dayCTF
Description:No Description available
Return to Index - Add to
- ics Calendar file
PLV - Friday - 12:00-13:45 PDT
Title: Red Teaming the Open Source Software Supply Chain
When: Friday, Aug 12, 12:00 - 13:45 PDT
Where: Caesars Forum - Summit 224-225 - Policy Collaboratorium - Map
Speakers:Allan Friedman,Aeva Black
SpeakerBio:Allan Friedman
, OSS Security Lead
No BIO available
SpeakerBio:Aeva Black
Technical Advisory Committee, Open Source Software Foundation
Board Member, Open Source Initiative
Description:
Open source software supply chain has enabled great innovation, but there are a unique set of risks from this supply chain. While not a new topic, everyone from software users to governments have started to pay attention to the security risks that have emerged from the success of--and our dependence on—open source software. Some solutions proposed are not popular among open source developers and maintainers. Even worse, much of the discussion does not directly involve those with an attacker mindset, relying on just a few high profile incidents.
This session will bring together experts from the open source ecosystem with security experts to think about OSS security from an attacker’s perspective. We’ll go through a few scenarios collectively, and then brainstorm more in small groups, sharing them out. Each attack scenario will then be evaluated against potential defensive measures.
Return to Index - Add to
- ics Calendar file
CPV - Friday - 13:00-13:30 PDT
Title: Reflections on 9 Years of CPV
When: Friday, Aug 12, 13:00 - 13:30 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
SpeakerBio:Whitney Merrill
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
PHV - Friday - 10:00-17:59 PDT
Title: RegEx Trainer
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map
Description:
Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work.
Return to Index - Add to
- ics Calendar file
CHV - Friday - 12:00-12:25 PDT
Title: Remote Exploitation of Honda Cars
When: Friday, Aug 12, 12:00 - 12:25 PDT
Where: Virtual - Car Hacking Village
SpeakerBio:Mohammed Shine
No BIO available
Description:
The Honda Connect app used by Honda City 5th generation used weak security mechanisms in its APIs for access control which would allow a malicious user to perform actions like starting the car, locking/unlocking car etc. remotely by interacting with it's Telematics Control Unit (TCU)
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 16:00-16:59 PDT
Title: Research and Deliverables on Utilizing an Academic Hub and Spoke Model to Create a National Network of ICS Institutes
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map
SpeakerBio:Casey O'Brien
, Assistant Director, Cyber Defense Education and Training
Casey W. O'Brien is the Assistant Director for Cyber Defense Education and Training with the Information Trust Institute in The Grainger College of Engineering at the University of Illinois Urbana-Champaign. Casey has more than 25 years of large-scale information security and IT engineering, implementation, and management experience in challenging and cutting-edge public and private sector environments. Casey is the Technical Editor of five textbooks: Ethical Hacking & Systems Defense, Linux Server Fundamentals, Information Security Fundamentals, Introduction to Scripting, and Networking Fundamentals.
Description:
The Critical Infrastructure Resilience Institute (CIRI) in the Grainger College of Engineering at the University of Illinois Urbana-Champaign was awarded a contract from the DHS Cybersecurity and Infrastructure Security Agency (CISA) to lead the development of a comprehensive plan for developing and managing a nationwide cybersecurity education and training network to address our nation’s chronic and urgent cybersecurity workforce shortage, with particular emphasis on developing and delivering curricula focused on incident response and industrial control systems. This presentation will discuss the research findings, the network, example ICS curriculum, and how interested stakeholders can engage with the project partners.
Return to Index - Add to
- ics Calendar file
ASV - Friday - 13:00-14:59 PDT
Title: Resumé Review and Career Guidance Session
When: Friday, Aug 12, 13:00 - 14:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
Bring yourself and a copy of your resume to discuss your career trajectory with public and private industry leaders. Prepare your questions or sit in a mock interview as you hone your skills for a future in aerospace cybersecurity.
Return to Index - Add to
- ics Calendar file
HHV - Friday - 13:00-13:45 PDT
Title: Reversing An M32C Firmware – Lesson Learned From Playing With An Uncommon Architecture
When: Friday, Aug 12, 13:00 - 13:45 PDT
Where: Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village) - Map
SpeakerBio:Philippe Laulheret
Philippe Laulheret is a Senior Security Researcher on the Trellix vulnerability research team. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex systems and get them behave in interesting ways. In his spare time, Philippe enjoys playing CTFs, immersing himself in the beauty of the Pacific Northwest, and exploring the realm of Creative Coding.
Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).
Description:
While busy hacking the planet, have you ever encountered an unfamiliar architecture and simply had no idea where to start? You pried the firmware from a reluctant (and almost not smoldering) flash chip, loaded the thing in IDA, but what’s next? We got into this pickle while working on reversing the firmware of a medical device. The mystery architecture turned out to be M32C, and thankfully, IDA Pro added support for it a few months prior.
This talk is not exactly about reversing yet another embedded device. Instead, this is more about the journey and lessons learned so that it could be abstracted away for the next project. Rather than focusing on the specifics of the firmware itself, we will see how it interacts with the micro-controller and the steps taken to approach an unfamiliar embedded architecture.
During this presentation, you can expect digging into low-level micro-controller notions such as interrupt handlers, special purpose registers, how to find flash handling code, and way too much M32C assembly. If you’ve ever dabbled in hardware hacking and want to have a look at something that is not Linux-based, this talk will give you some pointers in how to get the ball rolling. (not talking about the ones we dropped at the reballing station)
Return to Index - Add to
- ics Calendar file
RFV - Friday - 10:30-11:30 PDT
Title: RF CTF Kick Off Day 1
When: Friday, Aug 12, 10:30 - 11:30 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
SpeakerBio:RF Hackers Village Staff
No BIO available
Twitter: @rfhackers
Description:
Join the RF Hackers for a presentation on how to RF CTF. All are welcome for this free to play game, documentation online for virtual players. https://github.com/rfhs/rfhs-wiki/wiki/RF-CTF-Virtual-HowToGetStarted
Return to Index - Add to
- ics Calendar file
CHV - Friday - 13:00-13:40 PDT
Title: RFCommotion - Invisible Serial Ports Flying Through the Air
When: Friday, Aug 12, 13:00 - 13:40 PDT
Where: Virtual - Car Hacking Village
SpeakerBio:Kamel
No BIO available
Description:
Bluetooth isn't a protocol, it's like 10 small protocols wearing a big coat pretending to be a protocol. One of the more important little protocols is the RFCOMM protocol, which acts as a standard transport layer for many other protocols to be built on top of it. In this talk, I'll introduce the audience to Bluetooth RFCOMM channels and how they're used, and introduce/release a tool I've developed to help with testing services attached to RFCOMM channels used in vehicles (and other IoT devices).
Return to Index - Add to
- ics Calendar file
PSV - Friday - 13:30-13:59 PDT
Title: RFID Hacking 101
When: Friday, Aug 12, 13:30 - 13:59 PDT
Where: Caesars Forum - Summit 201-202 (Physical Security Village) - Map
SpeakerBio:Ege F
Ege is a security researcher specialising in access control systems and electronics. She is currently pursuing a degree in Electrical Engineering and work part-time for GGR Security as a Security Risk Assessor.
Twitter: @Efeyzee
Description:
Ever wondered how the cards you use to enter your hotel room or the key fobs you use in your car work, and how vulnerabilities in their design and implementation can be exploited? Find out all that and more with this talk.
Return to Index - Add to
- ics Calendar file
RHV - Friday - 11:00-11:59 PDT
Title: Rock the Cash Box
When: Friday, Aug 12, 11:00 - 11:59 PDT
Where: Caesars Forum - Alliance 310, 320 (Retail Hacking Village) - Map
SpeakerBio:Spicy Wasabi
Tinkerer of electronics, radios, and sometimes servers. Perpetual volunteer for many events including CCDC, CPTC, and a few conferences.
Twitter: @spiceywasabi
Description:
Using no existing external infrastructure we dive into the successes and failures as we crossed wires, consoled, and dial-in to real Hyosung ATMs in an effort to become a payment processor. This talk explores the approaches and techniques behind the efforts of hacking ATM systems.
Return to Index - Add to
- ics Calendar file
DC - Friday - 11:30-11:50 PDT
Title: Running Rootkits Like A Nation-State Hacker
When: Friday, Aug 12, 11:30 - 11:50 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
SpeakerBio:Omri Misgav
, CTO, Security Research Group Fortinet
Omri has over a decade of experience in cyber-security. He serves as the CTO of a security research group at Fortinet focused on OS internals, malware and vulnerabilities and spearheads development of new offensive and defensive techniques. Prior to Fortinet, Omri was the security research team leader at enSilo. Before that, He led the R&D of unique network and endpoint security products for large-scale enterprise environments and was part of an incident response team, conducting investigations and hunting for nation-state threat actors.
Description:
Code Integrity is a threat protection feature first introduced by Microsoft over 15 years ago. On x64-based versions of Windows, kernel drivers must be digitally signed and checked each time they are loaded into memory. This is also referred to as Driver Signature Enforcement (DSE).
The passing year showed high-profile APT groups kept leveraging the well-known tampering technique to disable DSE on runtime. Meanwhile, Microsoft rolled out new mitigations: driver blocklists and Kernel Data Protection (KDP), a new platform security technology for preventing data-oriented attacks.
Since using blocklist only narrows the attack vector, we focused on how KDP was applied in this case to eliminate the attack surface.
We found two novel data-based attacks to bypass KDP-protected DSE, one of which is feasible in real-world scenarios. Furthermore, they work on all Windows versions, starting with the first release of DSE. We’ll present each method and run them on live machines.
We’ll discuss why KDP is an ineffective mitigation. As it didn’t raise the bar against DSE tampering, we looked for a different approach to mitigate it. We’ll talk about how defenders can take a page out of attackers’ playbook to cope with the issue until HVCI becomes prevalent and really eliminates this attack surface.
Return to Index - Add to
- ics Calendar file
ASV - Friday - 10:00-16:59 PDT
Title: Satellite Eavesdropping with DDS
When: Friday, Aug 12, 10:00 - 16:59 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
Description:
Satellite communications are used by millions of people every day. From television broadcasts to internet services, satellites bring connectivity beyond the reach of wired infrastructure. In this lab, you’ll learn about one of the most popular satellite communications protocols – DVB-S (Digital Video Broadcasting for Satellite) – and how anyone with inexpensive radio equipment and freely available software can intercept and listen to these signals.
Required gear: none!
Return to Index - Add to
- ics Calendar file
RCV - Friday - 16:25-17:10 PDT
Title: Scanning your way into internal systems via URLScan
When: Friday, Aug 12, 16:25 - 17:10 PDT
Where: LINQ - 3rd flr - Social B and C (Recon Village) - Map
SpeakerBio:Rojan Rijal
No BIO available
Twitter: @uraniumhacker
Description:
URLScan has been frequently used by anti-phishing techniques to identify potentially malicious websites. However, a misconfigured scan could sometimes expose internal assets, domains, and sensitive information to the public. GitHub had a similar event in 2021 where internal repository names got exposed due to a misconfigured scan set.
The talk will cover various technologies and their internal usage at sample companies. Once the technologies are covered the talk will explore how these technologies can be queried in URLScan to identify sensitive information disclosed by companies.
The talk will start by explaining and highlighting SaaS technologies that oftentime leak sensitive information of a company. In addition to the technologies, the talk will proceed to explain how to use extracted information for privilege escalation or access to internal resources. The technologies covered will include at minimum: Microsoft Office 365, GSuite, Salesforce, GitHub and SAML providers.
Once the technologies are covered, the talk will cover how URLScan can help identify these resources en masse. This specific section of the talk will go over various search queries and regex searches that can be used to reliably retrieve information from these technologies. Once the basic queries are covered, the talk will then explore specific queries that can be combined to reliably pull information for a given company.
The end of the talk will also show sample examples with real companies who I have found to have disclosed sensitive information.
At the end of the talk, attendees will be able to walk out with exact queries they can run to find if their company or their target is disclosing sensitive information. In addition, they will also be able to use some disclosed information to further escalate their access internally.
Return to Index - Add to
- ics Calendar file
ROV - Friday - 15:30-16:30 PDT
Title: Secrets of an Advantage Player
When: Friday, Aug 12, 15:30 - 16:30 PDT
Where: LINQ - 3rd flr - Evolution (Rogues Village) - Map
SpeakerBio:RxGamble
No BIO available
Twitter: @rxgamble
Description:
We are happy to welcome her back from Rogues Village DC27: RxGamble. You need more than math to hack a casino game… She’ll show you how!
Return to Index - Add to
- ics Calendar file
CPV - Friday - 14:00-14:30 PDT
Title: Securing and Standardizing Data Rights Requests with a Data Rights Protocol
When: Friday, Aug 12, 14:00 - 14:30 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
Speakers:Dazza Greenwood,Ginny Fahs,Ryan Rix
SpeakerBio:Dazza Greenwood
Dazza Greenwood is the Protocol Lead for Data Rights Protocol and the founder of CIVICS.com, a boutique consultancy for legal technologies, automated transactions, data management, digital identity, and technology strategy. Dazza is also a researcher at MIT Media Lab where he is advancing the field of computational law and serves as Executive Director of the law.MIT.edu research portfolio.
SpeakerBio:Ginny Fahs
Ginny Fahs leads Product R&D at Consumer Reports Digital Lab, where she oversees a team building innovative tools and services for digital consumer protection. Her group is currently pioneering new ways for consumers to take control of their data and digital lives.
SpeakerBio:Ryan Rix
Ryan Rix is the Technical Lead for the Data Rights Protocol. His background is in web application development, decentralized open source software, “big tech” data rights systems, and privacy engineering.
Description:
There is no standard and secure way to exchange data rights requests under the law and it’s hard and time-consuming for consumers and companies alike. We think there should be a better way to process data rights requests that’s streamlined and inexpensive. A standard protocol that formalizes the components of a data rights request would allow for more consistency and efficiency for both consumers submitting requests and companies processing them. That’s why Consumer Reports is incubating a Data Rights Protocol with a consortium of companies committed to strengthening consumer data rights. Authorized agents, privacy infrastructure providers, and businesses that need to comply with CCPA will all be evaluating this protocol for its security before deciding to adopt. In this presentation our team of lawyers, technologists, and designers will enumerate security considerations for the protocol and present a draft security model that can help drive an ecosystem of products that empower consumers.
Return to Index - Add to
- ics Calendar file
WS - Friday - 14:00-17:59 PDT
Title: Securing Industrial Control Systems from the core: PLC secure coding practices
When: Friday, Aug 12, 14:00 - 17:59 PDT
Where: Harrah's - Ely (Workshops) - Map
Speakers:Alexandrine Torrents,Arnaud Soullie
SpeakerBio:Alexandrine Torrents
, Security Consultant
Alexandrine Torrents is a cybersecurity consultant at Wavestone, a French consulting company. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.
SpeakerBio:Arnaud Soullie
, Senior Manager
Arnaud Soullié (@arnaudsoullie) is a Senior Manager at Wavestone, a global consulting company. For 12 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He spoke and taught workshops at numerous security conferences on ICS topics : BlackHat Europe, BruCon, CS3STHLM, BSides Las Vegas, DEFCON... He is also the creator of the DYODE project, an opensource data diode aimed at ICS. He has been teaching ICS cybersecurity training since 2015.
Twitter: @arnaudsoullie
Description:
Securing Industrial Control Systems from cyberattacks often starts by properly segmenting the network, securing remote accesses and overall focusing on traditional “IT” cybersecurity measures. However, we can also leverage existing technology to detect and protect from cyberattacks.
The Top 20 Secure PLC Coding Practices (www.plc-security.com) is a community-led effort to identify best practices in Programmable Logic Controllers (PLC) code development that improve cybersecurity.
In this workshop, you will learn how to program a PLC and connect it to a SCADA system. You will then perform attacks on this system and finally implement a sample of the TOP20 coding practices to block or detect such attacks.
You will be provided with access to cloud VMs preconfigured with a SCADA software as well as a PLC simulator. Some demonstrations will also be performed on-site on real hardware PLCs.
The workshop is accessible to anyone, even with no prior ICS experience.
- Materials
- Just a laptop with a modern web browser. Students will be provided with cloud VMs to perform the exercices
- Prereq
- None
Return to Index - Add to
- ics Calendar file
WS - Friday - 14:00-17:59 PDT
Title: Securing Smart Contracts
When: Friday, Aug 12, 14:00 - 17:59 PDT
Where: Harrah's - Reno (Workshops) - Map
Speakers:Elizabeth Biddlecome,Sam Bowne,Irvin Lemus,Kaitlyn Handleman
SpeakerBio:Elizabeth Biddlecome
, Consultant and Instructor
Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.
SpeakerBio:Sam Bowne
, Instructor
Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences.
Credentials: PhD, CISSP, DEF CON Black Badge Co-Winner
SpeakerBio:Irvin Lemus
, Instructor
Irvin Lemus has been in the industry for 10+ years as an MSP technician, consultant, instructor and coordinator. He is currently the cybersecurity professor at Cabrillo College in Santa Cruz, CA. He also is the Bay Area Cyber Competitions Regional Coordinator as well as the contest creator for SkillsUSA CA and FL. Irvin has spoken at various cybersecurity and educational conferences. Irvin holds a CISSP and a Bachelor's Degree in Information Security.
SpeakerBio:Kaitlyn Handleman
, Security Engineer
Kaitlyn Handelman is a security engineer and consultant, defending high-value networks professionally. She has extensive experience in aerospace, radio, and hardware hacking.
Industry credentials: OSCP, OSED
Description:
Learn how blockchains, cryptocurrency, NFTs, and smart contracts work, and their most important security flaws. We will also cover the underlying cryptography: hashes, symmetric encryption, and asymmetric encryption. We will configure wallets, servers, and vulnerable smart contracts, and exploit them.
We will configure systems using Bitcoin, Ethereum, Hyperledger, Multichain, Stellar, and more. We will perform exploits including double-spend, reentrancy, integer underflow, and logic flaws.
No previous experience with coding or blockchains is required.
This workshop is structured as a CTF competition, to make it useful to students at all levels. We will demonstrate the easier challenges from each topic, and detailed step-by-step instructions are available. We will have several instructors available to answer questions and help participants individually. Every participant should learn new, useful techniques.
- Materials
- Any computer with a Web browser. The capacity to run a local virtual machine is helpful but not required.
- Prereq
- Beginners are welcome. Familiarity with
cryptocurrency and smart contracts is helpful but not necessary.
Return to Index - Add to
- ics Calendar file
ASV - Friday - 13:30-13:55 PDT
Title: Securing the Future of Aviation CyberSecurity
When: Friday, Aug 12, 13:30 - 13:55 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
SpeakerBio:Timothy Weston
, Deputy Executive Director (acting), Cybersecurity Policy Coordinator, Transportation Security Administration
Tim Weston is the Director for Strategy & Performance in TSA’s office of Strategy, Policy Coordination and Innovation. Mr. Weston also serves as the TSA Cybersecurity Policy Coordinator. Previously, he worked in the TSA Office of Chief Counsel, as Senior Counsel in the Security Threat Assessment Division.
Description:
Presentation will cover the future of aviation cybersecurity, including the security of Advanced Air Mobility/Urban Air Mobility, Space Port Security, Space Tourism Security, and the transformation of the TSA workforce. I will cover in depth the legal and regulatory framework that provides for securing IT and OT networks, as well as the airframes, for the next generation of air travel. I will close with an update and call for action to modernization of the aviation workforce.
Return to Index - Add to
- ics Calendar file
CLV - Friday - 13:10-13:40 PDT
Title: Security at Every Step: The TL;DR on Securing Your AWS Code Pipeline
When: Friday, Aug 12, 13:10 - 13:40 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Cloud Village) - Map
SpeakerBio:Cassandra Young (muteki)
Cassandra (aka muteki) works full time in information security consulting, specializing in Cloud Security Architecture and Engineering. She holds a master’s degree in Computer Science, focusing on cloud-based app development and academic research on serverless security and privacy/anonymity technology. Additionally, as one of the directors of Blue Team Village, Cassandra works to bring free Blue Team talks, workshops and more to the broader security community.
Twitter: @muteki_rtw
Description:
Securing application or infrastructure code in the Cloud is more than just scoping permissions in IAM and scanning ECS, EKS and EC2 instances. Attackers can use poisoned container instances, malicious code and dependencies, and vulnerable CI/CD pipelines to break into your environment, requiring you to consider the entire development lifecycle, from who's writing the code, to how it's deployed. This short talk will introduce you to basic but powerful practices you can put in place now, such as signed Git commits, securing repo access, code analysis, CI/CD permissions, and resource scanning and hardening.
Return to Index - Add to
- ics Calendar file
CHV - Friday - 14:00-14:25 PDT
Title: Security like the 80's: How I stole your RF
When: Friday, Aug 12, 14:00 - 14:25 PDT
Where: Virtual - Car Hacking Village
SpeakerBio:Ayyappan Rajesh
No BIO available
Description:
The issue about convenience vs. security has been spoken about for years now, with most devices having wireless capability now, it invites trouble, especially when it is not encrypted or secured. Right from our tap-to-pay cards to even unlocking and starting out car.
This talk discusses CVE-2022-27254 and the story of how we came about discovering it. The CVE exploits an issues wherein the remote keyless system on various Honda vehicles, allowing an attacker to access the cars, and potentially even let them drive away with it!
Return to Index - Add to
- ics Calendar file
CLV - Friday - 11:30-11:59 PDT
Title: Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can Help White and Black Hat Vulnerability Research
When: Friday, Aug 12, 11:30 - 11:59 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Cloud Village) - Map
SpeakerBio:Alexandre Sieira
Alexandre (or Alex) Sieira is a successful information security entrepreneur in the information security field with a global footprint since 2003. He began his security career as a Co-Founder and CTO of CIPHER, an international security consulting and MSSP headquartered in Brazil which was later acquired by Prosegur. In 2015, he became Co-Founder and CTO of Niddel, a bootstrapped security analytics SaaS startup running entirely on the cloud, which was awarded a Gartner Cool Vendor award in 2016. After the acquisition of Niddel by Verizon in January 2018, he became the Senior manager and global leader of the Managed Security Services - analytics products under the Detect & Respond portfolio tower at Verizon. Currently is the CEO and Co-Founder of Tenchi Security, a company focused on cloud security.
Alex is also an experienced speaker having presented at Black Hat, BSides SF, FIRST Conference, DEF CON Cloud Village and local events in Brazil several times over his career.
Twitter: @AlexandreSieira
Description:
Recently the Conti ransomware group internal chat leaks was fascinating reading. Among other things, it reminded us that both well-intentioned and malicious actors are constantly trying to find ways to find vulnerabilities and develop exploits to widely used IT products. This is particularly true those that are externally exposed firewalls, VPNs and load balancers, or security products that might thwart their techniques and tools.
The timeline from the chats seems to show a gap of several months between Conti members trying to procure either appliances or commercial software that they were trying to get for these purposes. This got us thinking about how the major cloud service providers these days have marketplaces where you can easily buy virtual appliances or SaaS licenses for lots of widely used IT and security products with little more than a valid credit card, in minutes. And we decided to check how feasible it is to use this to conduct vulnerability research.
In this presentation we will show what kind of access one can get to the internals of IT and security products using these marketplaces, particularly in the case of products only typically offered in hardware appliances. Which cloud providers try to prevent this sort of activity, how they do it, which ones simply don't care, and what techniques we were able to use to access these appliance's internals.
The objective here is threefold: 1) help well intentioned vulnerability researchers find an easier avenue to do their work; 2) allow cloud providers to get a better understanding of how their marketplaces can be abused and which controls they could implement to mitigate that risk, and 3) let IT and security vendors realize the added exposure of publishing their products on these marketplaces.
Return to Index - Add to
- ics Calendar file
MIV - Friday - 11:30-13:30 PDT
Title: SimPPL: Simulating Social Networks and Disinformation
When: Friday, Aug 12, 11:30 - 13:30 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
SpeakerBio:Swapneel Mehta
Swapneel Mehta is a Ph.D. student at NYU Data Science working with the Center for Social Media and Politics (https://csmapnyu.org/) and collaborating with researchers at Oxford University. His research deals with controlling misinformation on social networks using tools from simulation-based inference and causality, using probabilistic programs to simulate user behavior and information propagation on social networks. He is also a co-founder of SimPPL, a non-profit venture to support independent local journalists and local news understand and cater to their digital audiences, the founder and leader at Unicode Research (https://unicode-research.netlify.app/people), and recently taught a Google-backed independent ML Summer Course (https://djunicode.github.io/umlsc-2021/).
Description:
Online disinformation is a dynamic and pervasive problem on social networks as evidenced recently by the COVID-19 "infodemic". It is unclear how effective countermeasures are in practice due to limited access to platform data. In such cases, simulations are a popular technique to study the long-term effects of disinformation and influence operations. We develop a high-fidelity simulation of disinformation spread via influence operations on a popular social network, Reddit, and their effects on content distribution via ranking and recommendation algorithms. It is a novel application of agent-based modeling combined with empirical data from users at scale and offers insight into the impact of so-called coordinated inauthentic behavior. This is joint work in collaboration with Oxford and NYU that has been invited for an Oral presentation (top 3/26 papers) at the AI4ABM workshop at the International Conference on Machine Learning, 2022.
Return to Index - Add to
- ics Calendar file
CHV - Friday - 15:30-15:55 PDT
Title: Smart Black Box Fuzzing of UDS CAN
When: Friday, Aug 12, 15:30 - 15:55 PDT
Where: Virtual - Car Hacking Village
Speakers:Soohwan Oh,Jonghyuk Song,Jeongho Yang
SpeakerBio:Soohwan Oh
, Blueteam Engineer, Autocrypt
Soohwan Oh is an automotive engineer and security tester at Autocrypt blue team.
He is mainly working on fuzzing test and issue analysis on the in-vehicle networks, such as CAN/CAN-FD, UDSonCAN and Automotive Ethernet.
Also, he has designed the requirements of automotive security test solutions.
SpeakerBio:Jonghyuk Song
, "Jonghyuk Song, Redteam Leader, Autocrypt"
Jonghyuk Song is lead for Autocrypt’s Red Team. His current tasks are security testing for automotive including fuzzing, penetration testing, and vulnerability scanning.
He researches security issues in not only in-vehicle systems, but also V2G and V2X systems. Jonghyuk received his Ph.D. in Computer Science and Engineering at POSTECH, South Korea in 2015. He has worked in Samsung Research as an offensive security researcher, where his work included finding security issues in smartphones, smart home appliances and network routers.
SpeakerBio:Jeongho Yang
No BIO available
Description:
How to solve the difficulties when performing black box fuzzing on the real automobiles. First, coverage-guided fuzzing is impossible, so we should generate testcases with full understanding of UDS CAN, such as message flows, frame types. Second, it is hard to decide whether errors occurred, we should check timeout, pending response, DTC (diagnostic Trouble Code) and NRC (Negative Response Code). Third, even if the target ECU is dead, we should continue the fuzzing by using ClearDiagnosticInformation and ECUReset. During this talk, audiences can learn the effective and practical CAN fuzzing guides on the technical level.
Return to Index - Add to
- ics Calendar file
SEV - Friday - 16:30-16:59 PDT
Title: Social Engineering the People you Love
When: Friday, Aug 12, 16:30 - 16:59 PDT
Where: LINQ - 3rd flr - Social A (Social Engineering Community) - Map
SpeakerBio:Micah Turner
Micah Turner is an IT Security Engineer based in Reno, Nevada. He served for 5 years in US Army Psychological Operations with 4 short combat tours in Afghanistan and Iraq. In that time he learned about how people try to influence the hearts and minds of local and global populations. Since then Micah has worked with various technologies from robots to Raspberry Pi. He is certified GSEC, GCIH, and currently studying for OSCP.
Twitter: @micahthemaker
Description:
When we define Social Engineering in the context of Cyber Security, we’re often presented with a manipulative context where someone is exploiting a victim. Yet the same tactics that malicious actors use in emotional exploitation are present in news, advertising, social media, and marketing. These are multi-billion industries driving our very way of life. Can all influence systems be malicious or is there a range of ethics presented by the need to communicate potential value relationships? The tactics described by the best Social Engineers often involve soft skills traditions like active listening, building rapport, and communicating needs clearly. Social Engineering is a critical part of how we navigate relationships at work and home. Don’t you dress better and shine a bit brighter on that first date? Aren’t you trying your hardest to communicate your value to your boss? Like it or not, Social Engineering is a part of our every day lives. You can ignore it and risk becoming a victim or use it to enhance your relationships. That’s an ultimatum.
Return to Index - Add to
- ics Calendar file
SEV - Friday - 17:30-17:59 PDT
Title: Socially Engineering the Social Engineers: Understanding Phishing Threats by Engaging with Actors
When: Friday, Aug 12, 17:30 - 17:59 PDT
Where: LINQ - 3rd flr - Social A (Social Engineering Community) - Map
SpeakerBio:Crane Hassold
Crane Hassold has worked in the social engineering and behavioral analysis space for more than 16 years. He is currently the Director of Threat Intelligence at Abnormal Security, where he leads a team responsible for researching enterprise-focused cyber threats, particularly business email compromise (BEC) and credential phishing attacks. Prior to moving to the private sector in 2015, Crane served as an Analyst at the FBI for more than 11 years, spending most of his career in the Behavioral Analysis Units, providing support to intelligence community and law enforcement partners against national security adversaries and serial violent criminals. In 2012, Crane helped create the FBI’s Cyber Behavioral Analysis Center, which combines the traditional behavioral concepts used for decades in the violent crime world with technical expertise to gain a holistic understanding of cyber adversary TTPs.
Description:
Too often, our understanding of cyber threats is limited to passive observation of the threat as it comes into an environment. In essence, the only intelligence that can be gleaned from this type of passive collection is simply what the adversary reveals in the initial phase of an attack and we are blind to the rest of the attack cycle. This presentation will cover how today’s phishing attacks present us with an opportunity to better understand the full cycle of a cyber attack by engaging with an attacker to collect intelligence to reveal what happens AFTER a potential attack is successful. We’ll start by talking about the concept of active defense, which helps answer the question, “And then what?” that we aren’t able to answer using normal passive intelligence collection. We’ll discuss why these tactics work so well and how the same behavioral exploits scammers use to con victims can also be used to better understand their attacks. We’ll end by looking at some examples of successful active defense engagements, including an engagement with a ransomware actor that used multiple communication platforms and will include some clips of conversations with the actor where we’ll learn more about his background and motivations.
Return to Index - Add to
- ics Calendar file
DC - Friday - 14:00-14:45 PDT
Title: Space Jam: Exploring Radio Frequency Attacks in Outer Space
When: Friday, Aug 12, 14:00 - 14:45 PDT
Where: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
SpeakerBio:James Pavur
, Digital Service Expert, Defense Digital Service
Dr. James Pavur is a Digital Service Expert at the DoD Directorate of Digital Services where he advises and assists the US Department of Defense in implementing modern digital solutions to urgent and novel challenges. Prior to joining DDS, James received his PhD. from Oxford University’s Department of Computer Science as a Rhodes Scholar. His thesis “Securing New Space: On Satellite Cybersecurity” focused on the security of modern space platforms - with a particular interest in vulnerability identification and remediation. His previous research on satellite security has been published at top academic venues, such as IEEE S&P and NDSS, presented at major cybersecurity conferences, including Black Hat USA and DEFCON, and covered in the popular press. Outside of tech, James enjoys flying kites and collecting rare and interesting teas.
Twitter: @jamespavur
Description:
Satellite designs are myriad as stars in the sky, but one common denominator across all modern missions is their dependency on long-distance radio links. In this briefing, we will turn a hacker’s eye towards the signals that are the lifeblood of space missions. We’ll learn how both state and non-state actors can, and have, executed physical-layer attacks on satellite communications systems and what their motivations have been for causing such disruption.
Building on this foundation, we’ll present modern evolutions of these attack strategies which can threaten next-generation space missions. From jamming, to spoofing, to signal hijacking, we’ll see how radio links represent a key attack surface for space platforms and how technological developments make these attacks ever more accessible and affordable. We’ll simulate strategies attackers may use to cause disruption in key space communications links and even model attacks which may undermine critical safety controls involved in rocket launches.
The presentation will conclude with a discussion of strategies which can defend against many of these attacks.
While this talk includes technical components, it is intended to be accessible to all audiences and does not assume any prior background in radio communications, astrodynamics, or aerospace engineering. The hope is to provide a launchpad for researchers across the security community to contribute to protecting critical infrastructure in space and beyond.
Return to Index - Add to
- ics Calendar file
RFV - Friday - 10:00-17:59 PDT
Title: SpaceX & Starlink Satellite Internet
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
SpeakerBio:Starlink
No BIO available
Twitter: @@SpaceX
Description:
SpaceX is developing a low latency broadband internet system known as Starlink, to provide satellite internet access to people around the planet - especially people in rural or remote areas with limited internet infrastructure. Starlink has provided service to individuals and nations in need, including recently for Ukraine. The SpaceX Starlink team will be at the RF Village with Starlink kits (user terminals and routers) as well as PCBA's. Come connect to the Starlink network and check out the service for yourself!
Return to Index - Add to
- ics Calendar file
RCV - Friday - 12:45-13:30 PDT
Title: Stalking Back
When: Friday, Aug 12, 12:45 - 13:30 PDT
Where: LINQ - 3rd flr - Social B and C (Recon Village) - Map
SpeakerBio:MasterChen
MasterChen is a hacker with a background in phone phreaking, psychology, and automation design. His latest research has been highly focused around cyber stalking/anti-stalking, and how to automate both sides of that coin. Bridging gaps between the technical and human elements of self defense has become his life’s mission.
Twitter: @chenb0x
Description:
You are being stalked. What can be done? Can you stalk back, and should you? What exactly does it mean to "stalk back"? These issues and questions are addressed through a detailed case study in this presentation. OSINT and disinformation are tools discussed in leveling the playing field in an otherwise disadvantaged scenario.
Return to Index - Add to
- ics Calendar file
DCGVR - Friday - 17:00-17:59 PDT
Title: Starting Threat Hunting with MITRE ATT&CK Framework
When: Friday, Aug 12, 17:00 - 17:59 PDT
Where: Virtual - DEF CON Groups VR
SpeakerBio:Shellt3r
"Guilherme Almeida aka Shellt3r is an Offensive Security Engineer at Cloudwalk, Co-Founder of the StarsCTF project and community. He has already spoken at events such as BSides, Roadsec, TDC and some Universities.
Shellt3r is a Red Team Threat Simulation professional who loves to share content with the community."
Description:
No matter how sophisticated and thorough security precautions are, there will always be a possible means, method or technique to compromise a target. A threat hunter has to know these techniques and use them to their advantage. In this talk we will discuss the techniques, tactics and procedures of the MITTRE ATT&CK Framework.
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 17:30-17:59 PDT
Title: Stop worrying about Nation-States and Zero-Days; let's fix things that have been known for years!
When: Friday, Aug 12, 17:30 - 17:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map
SpeakerBio:Vivek Ponnada
, Regional Sales Director
Vivek Ponnada is an OT practitioner with global (14 countries) experience and currently works at Nozomi Networks as a Regional Sales Director. Having started his career in ICS as an Instrumentation Technician, Vivek became a Controls Engineer and commissioned Gas Turbine Controls systems in Europe, Middle-East, Africa and South-East Asia. Throughout his career, Vivek held multiple roles including Sales, Marketing & Business Development and Services covering Control systems & Cybersecurity solutions for Critical Infrastructure (Power, Oil & Gas, Water, Mining etc.) industries at GE and ICI Electrical Engineering in North America. He is the co-lead for the Top 20 Secure PLC Coding Practices Project and his recent talks/contributions include S4x22, Gartner Risk Summit, GRIMMCon 0x7, BSides Vancouver and many others. Vivek has a Bachelors Degree in Electrical Engineering from I.E. India, MBA from The University of Texas at Austin and GICSP certification from GIAC. He is an active member of the Infosec community as a Board Member for Mainland Advanced Research Society (Vancouver, BC), member of the ISA and also a Volunteer for ISACA.
Description:
If you have been following some of the recent news about PLC code injection, or toolkits such as Incontroller, you'd think that these discoveries are 'shocking' or conceptually new, and that Industrial Control Systems are constantly under attack by 'sophisticated' APTs or Nation-States. The reality is that besides due to 'insecure by design' and 'insecure by practice', many of these attack vectors have been documented years ago. Vendors and Integrators alike treated these as 'it's a feature, not a bug', 'we've always done it this way' and at other times 'this is a problem, but we'll just pretend no one will exploit it'. This talk will highlight some of the previously documented instances of the more recent discoveries, and attempt to provide reasonable mitigation or prevention strategies based on best practices, established frameworks and sector-specific guidance.
Return to Index - Add to
- ics Calendar file
BTV - Friday - 16:00-16:59 PDT
Title: Take Your Security Skills From Good to Better to Best!
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Flamingo - Savoy Ballroom - BTV Main Stage (In-person) - Map
Speakers:Tanisha O'Donoghue,Kimberly Mentzell,Neumann Lim (scsideath),Tracy Z. Maleeff,Ricky Banda
SpeakerBio:Tanisha O'Donoghue
Over the last 6 years Tanisha O’Donoghue has been on an upward climb in the Cyber Security Space. The Guyanese native presently resides in the in Washington, DC area. Her current role as an Information Security Risk and Compliance Specialist at Tyler Technologies. As a member of the Information Security Compliance team, she assists with policy management, audits and risk management. Her recent focus has been governance, risk and compliance. Tanisha received her start in cyber with an internship at Symantec in partnership with a nonprofit called Year Up. Year Up's mission is to close the Opportunity Divide by ensuring that young adults gain the skills, experiences, and support that will empower them to reach their potential through careers and higher education. Tanisha’s career experience has included incident response/ recovery efforts, vulnerability management, risk management and compliance. She is the Director of Policy and Procedures at BlackGirlsHack, a nonprofit organization that provides resources, training, mentoring, and opportunities to black women to increase representation and diversity in the cyber security field. Her commitment is to work with individuals and organizations to increase the diversity, inclusion and opportunities so they can make an influential impact on the world. She mentors with passion, guiding her mentees to enhance and elevate their vision for their lives.
SpeakerBio:Kimberly Mentzell
No BIO available
SpeakerBio:Neumann Lim (scsideath)
Neumann Lim is a manager at Deloitte where he leads the cyber detection and incident response teams. Prior to this role, Neumann spent years working with large enterprises and governments specializing in incident response.
With 15 years of infosec experience, he enjoys analyzing malware, reverse-engineering and vulnerability research. Neumann has been invited to share his thought leadership at conferences such as Grayhat Conf, Toronto CISO Summit and CCTX.
In his off time, Neumann participates in CTFs and mentors new students interested in infosec while maintaining active membership of various security organizations such as DefCon, HTCIA, ISC2 and EC-Council.
SpeakerBio:Tracy Z. Maleeff
Tracy Z. Maleeff, aka @InfoSecSherpa, is a Security Researcher with the Krebs Stamos Group. She previously held the roles of Information Security Analyst at The New York Times Company and a Cyber Analyst for GlaxoSmithKline. Prior to joining the Information Security field, Tracy worked as a librarian in academic, corporate, and law firm libraries. She holds a Master of Library and Information Science degree from the University of Pittsburgh in addition to undergraduate degrees from both Temple University (magna cum laude) and the Pennsylvania State University. While a member of the Special Libraries Association, Tracy received the Dow Jones Innovate Award, the Wolters Kluwer Law & Business Innovations in Law Librarianship award and was named a Fellow. Tracy has been featured in the Tribe of Hackers: Cybersecurity Advice and Tribe of Hackers: Leadership books. She also received the Women in Security Leadership Award from the Information Systems Security Association. Tracy publishes a daily Information Security & Privacy newsletter and maintains an Open-Source Intelligence research blog at infosecsherpa.medium.com. She is a native of the Philadelphia area.
Twitter: @InfoSecSherpa
SpeakerBio:Ricky Banda
Ricky Banda is a 28 year old SOC Incident Response Manager for ARM Semiconductors Ltd. He began his career at 16 as an intern with the United States Air Force working in the 33d Network Warfare Squadron at Lackland Airforce Base. He has worked in security operations for 12 years. In education, he is a SANS Graduate student and has 18 certifications, as well as a bachelor's in cybersecurity. His primary focus in SecOps is to reduce SOC burnout and support security operations workers. When not working, he supports metal musicians and is an avid horror fan.
Description:
Why dwell in the lobby of the Security field when you could be enjoying the view from the penthouse? Get insight from our esteemed panel on how to stay up to date on hacker news, increase your technical skills, and be aware of opportunities for professional development. Our panel will also discuss the importance of sending that elevator back down to help others so that our entire industry can grow and thrive, just like you will. Open up your ears and your mind and enjoy the gems that will be dropped.
Why dwell in the lobby of the Security field when you could be enjoying the view from the penthouse? Get insight from our esteemed panel on how to stay up to date on hacker news, increase your technical skills, and be aware of opportunities for professional development. Our panel will also discuss the importance of sending that elevator back down to help others so that our entire industry can grow and thrive, just like you will. Open up your ears and your mind and enjoy the gems that will be dropped.
Return to Index - Add to
- ics Calendar file
SKY - Friday - 12:45-13:35 PDT
Title: Taking Down the Grid
When: Friday, Aug 12, 12:45 - 13:35 PDT
Where: LINQ - BLOQ (SkyTalks 303) - Map
SpeakerBio:Joe Slowik
, Threat Intelligence & Detections Engineering Lead
Joe Slowik has over a decade of experience across multiple facets of information security and offensive computer network operations. Currently leading threat intelligence and detection engineering work at Gigamon, Joe has previously performed cyber threat intelligence research at DomainTools and Dragos, and spent several years in both the US Department of Energy and as an Officer in the US Navy.
Twitter: @jfslowik
Description:
Media hype concerning ""attacks"" on the electric grid is common through multiple sources, but ignores actual vectors of concern for impacting electric services to populations. This talk will examine how cyber effects can effectively impair electric services, focusing on how cyber can leverage underlying system dependencies and opportunities to achieve outsized impacts. In addition to reviewing the most studied disruptive cyber events on electric systems (2015 and 2016 Ukraine), this talk will also explore ""near miss"" events (such as the Berserk Bear campaigns from 2017 through at least 2020) as well as recent events in Ukraine. Furthermore, we will also discuss the lessons from non-cyber events (such as the 2003 blackouts in North America and Europe, and more recent incidents) to illustrate necessary steps to effectively disabling the delivery of electric services.
As a result of this discussion, attendees will emerge with a more thorough understanding of the number of steps and actions required to overcome existing protections and redundancies in electric environments. Additionally, attendees will learn of potential shortcuts through external events and environmental factors that can enable outsized effects. Overall, this discussion will inform attendees as to the overall complexity of electric systems, and what types of actions are necessary to undermine such systems through cyber means.
Return to Index - Add to
- ics Calendar file
GHV - Friday - 16:30-16:59 PDT
Title: TBD
When: Friday, Aug 12, 16:30 - 16:59 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map
SpeakerBio:Slammer Musuta
Slammer navigates this thing called life as a DJ, web developer, and information security practitioner. They have dedicated 20 years to community development work in Washington, DC through media justice organizing and community-led research, as well as radio and event production. Slammer makes daily offerings of IT and operational security support to grassroots organizations working for justice through community care. Their communication and organizing approaches are inspired daily by speculative fiction, music, and people’s ability to survive and thrive.
Description:No Description available
Return to Index - Add to
- ics Calendar file
PT - Monday - 09:00-16:59 PDT
Title: TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark
When: Monday, Aug 15, 09:00 - 16:59 PDT
Where: Caesars Forum - Map
SpeakerBio:Chris Greer
, Network Analyst & Wireshark Instructor
Chris Greer is a Packet Head. He is a Packet Analyst and Trainer for Packet Pioneer, a Wireshark University partner, and has a passion for digging into the packet-weeds and finding answers to network and cybersecurity problems. Chris has a YouTube channel where he focuses on videos showing how to use Wireshark to examine TCP connections, options, and unusual behaviors, as well as spotting scans, analyzing malware, and other IOC’s in the traffic. His approach to training is that if you aren’t having fun doing something, you won’t retain what you are learning, so he strives to bring as much hands-on and humor to the classroom as possible. Chris remembers what it was like to look at Wireshark for the first time, and knows how complicated packet analysis can be. With that in mind, he has designed an easy-to-follow course that will appeal both to the beginner and more advanced Packet Person.
Twitter: @packetpioneer
Description:
Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/chris-greer-tcp-ip-deep-dive-for-hackers-featuring-wireshark
Training description:
Almost every attack, intrusion, scan, and exfiltration involves the TCP protocol at some point. Whether we are hacking a system and need to better understand how networks/systems are enumerated and IDS’s do their thing, or we are defending our domain from a botnet attack, a deep understanding of the TCP protocol will help us do our jobs better and faster. In this course, get ready to go deep into TCP. We’re going to rip open pcaps with Wireshark and learn how this protocol really works. Don’t worry, there is FAR more to learn past the three-way handshake! We will learn how the MSS works, receive windows, selective acknowledgements, retransmissions, and much, much more! We will examine how TCP scan, OS enumeration, exfiltration, and C2 traffic looks on the wire, and how TCP fields can help us to filter for it fast. This will be an action-packed, hands-on course for Wireshark beginners as well as seasoned pros who want to pick up some new tricks. There is something for all experience levels in this course, although it will be targeted to the early-intermediate cybersecurity professional.
Return to Index - Add to
- ics Calendar file
PT - Tuesday - 09:00-16:59 PDT
Title: TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark
When: Tuesday, Aug 16, 09:00 - 16:59 PDT
Where: Caesars Forum - Map
SpeakerBio:Chris Greer
, Network Analyst & Wireshark Instructor
Chris Greer is a Packet Head. He is a Packet Analyst and Trainer for Packet Pioneer, a Wireshark University partner, and has a passion for digging into the packet-weeds and finding answers to network and cybersecurity problems. Chris has a YouTube channel where he focuses on videos showing how to use Wireshark to examine TCP connections, options, and unusual behaviors, as well as spotting scans, analyzing malware, and other IOC’s in the traffic. His approach to training is that if you aren’t having fun doing something, you won’t retain what you are learning, so he strives to bring as much hands-on and humor to the classroom as possible. Chris remembers what it was like to look at Wireshark for the first time, and knows how complicated packet analysis can be. With that in mind, he has designed an easy-to-follow course that will appeal both to the beginner and more advanced Packet Person.
Twitter: @packetpioneer
Description:
Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/chris-greer-tcp-ip-deep-dive-for-hackers-featuring-wireshark
Training description:
Almost every attack, intrusion, scan, and exfiltration involves the TCP protocol at some point. Whether we are hacking a system and need to better understand how networks/systems are enumerated and IDS’s do their thing, or we are defending our domain from a botnet attack, a deep understanding of the TCP protocol will help us do our jobs better and faster. In this course, get ready to go deep into TCP. We’re going to rip open pcaps with Wireshark and learn how this protocol really works. Don’t worry, there is FAR more to learn past the three-way handshake! We will learn how the MSS works, receive windows, selective acknowledgements, retransmissions, and much, much more! We will examine how TCP scan, OS enumeration, exfiltration, and C2 traffic looks on the wire, and how TCP fields can help us to filter for it fast. This will be an action-packed, hands-on course for Wireshark beginners as well as seasoned pros who want to pick up some new tricks. There is something for all experience levels in this course, although it will be targeted to the early-intermediate cybersecurity professional.
Return to Index - Add to
- ics Calendar file
DC - Friday - 18:00-18:45 PDT
Title: Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware
When: Friday, Aug 12, 18:00 - 18:45 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
SpeakerBio:Jay Lagorio
, Independent Security Researcher
Jay Lagorio, a software engineer and independent security researcher, has been building computers and networks and finding ways to break them nearly his entire life. Being a nerd that likes to dig too far into things spilled over into the real world and he accidentally became a licensed private investigator. Releaser of the occasional tool or writeup on Github, he wishes he had enough time to do all the hacker things and crush griefers in GTA Online every day. He received a B.S. in Computer Science from UMBC and an M. Eng. from the Naval Postgraduate School.
Twitter: @jaylagorio
Description:
How do you go bug hunting in devices you own when the manufacturer has slapped some pesky encryption scheme on the firmware? Starting from an encrypted blob of bits and getting to executable code is hard and can be even more frustrating when you already know the bug is there, you just want to see it! Join me on my expedition to access the contents of my Zyxel firewall's firmware using password and hash cracking, hardware and software reverse engineering, and duct taping puzzle pieces together. We'll start with a device and a firmware blob, flail helplessly at the crypto, tear apart the hardware, reverse engineer the software and emulate the platform, and finally identify the decryption routine – ultimately breaking the protection used by the entire product line to decrypt whatever firmware version we want.
Return to Index - Add to
- ics Calendar file
ASV - Friday - 11:00-11:25 PDT
Title: That's No Moon -- A Look at the Space Threat Environment
When: Friday, Aug 12, 11:00 - 11:25 PDT
Where: Caesars Forum - Forum 112-117 (Aerospace Village) - Map
SpeakerBio:Mike Campanelli
Mr. Campanelli currently leads aerospace professional services at Amazon Web Services (AWS). Prior to joining AWS, Mike was the vice president of federal for SpiderOak, leading the creation of OrbitSecure, a zero-trust security protocol for space assets.
Description:
Outer space has changed, and changed our lives, since the first DEF CON in 1993. This informational talk explores the industry trends we have seen over the last 30 years, growing threats we face to our satellites, and why everyone needs to be informed about the ultimate man-in-the-middle: space.
Return to Index - Add to
- ics Calendar file
WS - Friday - 09:00-12:59 PDT
Title: The Art of Modern Malware Analysis: Initial Infection Malware, Infrastructure, and C2 Frameworks
When: Friday, Aug 12, 09:00 - 12:59 PDT
Where: Harrah's - Lake Tahoe (Workshops) - Map
Speakers:Aaron Rosenmund,Josh Stroschein,Ryan J Chapman
SpeakerBio:Aaron Rosenmund
, Threat Emulation and Detection Operator
Aaron Rosenmund is an experienced threat emulation and detection operator. He is the Director of Security Research and Curriculum at Pluralsight, and as the Civilian Red Team Lead for the national DOD exercise Cyber Shield. Part time he serves in the Florida Air National Guard supporting state and federal missions including election support and Operation Noble Eagle (Homeland Defense). An accomplished speaker and trainer, he has over 100 published courses and labs, provided numerous talks and workshops, and continues to support various open source projects. Www.AaronRosenmund.com @arosenmund “ironcat”
Twitter: @arosenmund
SpeakerBio:Josh Stroschein
, Malware Analyst
Josh is an experienced malware analyst and reverse engineer who has a passion for sharing his knowledge with others. He is the Director of Training for OISF, where he leads all training activities for the foundation and is also responsible for academic outreach and developing research initiatives. Josh is an accomplished trainer, providing training in the aforementioned subject areas at BlackHat, DerbyCon, Toorcon, Hack-In-The-Box, Suricon and other public and private venues. Josh is an Assistant Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, an author on Pluralsight, and a threat researcher for Bromium.
SpeakerBio:Ryan J Chapman
, IR Practitioner
Ryan is an experienced IR practitioner, malware analyst, and trainer. He is a Principal IR Consultant for BlackBerry, the lead organizer of CactusCon, a SANS author and trainer, and a Pluralsight author. Ryan strives to imbue comedy into his training and loves being able to teach others while learning from them at the same time. He is a veteran speaker having presented talks and/or workshops at conferences including DefCon, SANS Summits, BSides events, CactusCon, and more. "We must not teach people how to press buttons to get results. We must teach people what happens when these buttons are clicked, such that they fully understand the processes occurring in the background," says Ryan.
Description:
Threat actors go to great lengths to bypass enterprise security to deliver malware, avoid detection after the initial intrusion, and maintain persistence to compromise an organization. To achieve this, threat actors employ a wide variety of obfuscation and anti-analysis techniques at each phase of an attack. Often, Malware-as-a-Service (MaaS) is leveraged. In this workshop, you will get hands-on experience with real-world malware and learn how to identify key indicators of compromise (IOCs), apply analysis to enhance security products to protect users and infrastructure, and gain a deeper understanding of malware behavior through reverse engineering.
Our workshop focuses on MaaS samples and their prevalence in attacks. We will break down various MaaS samples and show how they function. We will review attacker-controlled infrastructure to show how Command and Control (C2) features are successful within YOUR (hopefully not YOUR!) environment. We will conclude with an analysis of the world’s #1 C2 infrastructure: Cobalt Strike (CS). We will break down the CS infrastructure, show how Malleable C2 profiles function, and show you how to extract and analyze profile configurations from script- and PE-based payloads alike.
Students will be provided with all the lab material used throughout the course in a digital format. This includes all lab material, lab guides, and virtual machines used for training. The material provided will help to ensure that students have the ability to continue learning well after the course ends and maximize the knowledge gained from this course. Whatever isn’t covered during the class, or whatever the student wants to focus on later, will be available.
- Materials
- Linux/Windows/Mac desktop environment
A laptop with the ability to run virtualization software such as VMWare or VirtualBox
Access to the system BIOS to enable virtualization, if disabled via the chipset
Ability to temporarily disable anti-virus or white-list folders/files associated with lab material
A laptop that the attendee is comfortable handling live malware on
Enough disk space to store at least two 40 GB VMs, although more VMs may be used
16GB of RAM preferred to run all VMs simultaneously
- Prereq
- The primary requirement for this course is a desire to learn and the determination to tackle challenging problems. In addition, having some familiarization with the following topics will help students maximize their time in this course:
- A general background in Digital Forensics & Incident Response (DFIR)
- Familiarity with blue team-oriented tools
- An understanding of general networking concepts
Return to Index - Add to
- ics Calendar file
RCV - Friday - 15:00-15:50 PDT
Title: The Bug Hunters Methodology – Application Analysis Edition v1.5
When: Friday, Aug 12, 15:00 - 15:50 PDT
Where: LINQ - 3rd flr - Social B and C (Recon Village) - Map
SpeakerBio:JHaddix
No BIO available
Twitter: @jhaddix
Description:No Description available
Return to Index - Add to
- ics Calendar file
AIV - Friday - 14:00-14:50 PDT
Title: The Chaos of Coding with Language Models
When: Friday, Aug 12, 14:00 - 14:50 PDT
Where: Caesars Forum - Summit 220->236 (AI Village) - Map
SpeakerBio:Nick Dorion
No BIO available
Description:
Language models are being deployed to assist with writing code and explaining code snippets. These transformer-based models have learned patterns and probabilities from large datasets of open source code and human text. A Wired article claims one plugin writes “a remarkable 35 percent of its users’ newly posted code”.
Could these models be a new source of exploits and risky coding practices? What can research in Natural Language Generation tell us about what to expect from our new AI coworkers?
This presentation will cover:
How code explanation models, by reading variable names and comments for context clues, can be tricked to ignore unusual imports and calls to remote servers in their descriptions.
How code generation models may generate different code based on licenses and author names. Others’ research shows these models’ accuracy are highly variable based on “prompt engineering” (example: “I’ve tested this function myself so I know that it’s correct:”).
An adversarial search for comments, prompts, and decoding strategies which would increase the chance of a SQL injection vulnerability in generated code. This helps evaluate if normal user interaction may result in models recommending exploitable coding.
Resources will include a GitHub repo, runnable notebooks, and a form to suggest new prompts for code generation.
Return to Index - Add to
- ics Calendar file
DC - Friday - 11:00-11:45 PDT
Title: The Dark Tangent & Mkfactor - Welcome to DEF CON & The Making of the DEF CON Badge
When: Friday, Aug 12, 11:00 - 11:45 PDT
Where: Caesars Forum - Forum 104-105, 135-136 (Track 1) - Map
Speakers:Michael Whiteley (Mkfactor),Katie Whiteley (Mkfactor),The Dark Tangent
SpeakerBio:Michael Whiteley (Mkfactor)
No BIO available
Twitter: @compukidmike
SpeakerBio:Katie Whiteley (Mkfactor)
No BIO available
Twitter: @ktjgeekmom
SpeakerBio:The Dark Tangent
, DEF CON
No BIO available
Description:
The Dark Tangent welcomes you to DEF CON and introduces the DEF CON 30 badge makers Mkfactor, they discuss the labor of love that went into producing the DEF CON 30 Badge.
Return to Index - Add to
- ics Calendar file
RCV - Friday - 10:00-10:50 PDT
Title: The Future of Collecting Data from the Past: OSINT Now and Beyond
When: Friday, Aug 12, 10:00 - 10:50 PDT
Where: LINQ - 3rd flr - Social B and C (Recon Village) - Map
SpeakerBio:Micah Hoffman
No BIO available
Twitter: @webbreacher
Description:
The OSINT field is evolving at an incredible rate! Each day investigators and hobbyists access the latest images from military conflicts around the world. OSINT analysts use automated processes to generate false personas and to collect data from an ever-increasing number of social media platforms. Private digital records are released to the public internet and we use this data to help solve the questions posed to us, the OSINT researchers of today.
This is now. A time when OSINT communities are connecting and supporting their members. A time when we have thousands and thousands of hours of podcasts and online videos, blog posts and start.me pages that teach us skills and point us to resources.
So, what does the future look like for the OSINT field? What are the new areas of "hotness"? How do we help to move the field forward? Come join Micah Hoffman as he discusses where the OSINT field is and what the future of OSINT could look like.
Return to Index - Add to
- ics Calendar file
BICV - Friday - 10:00-10:30 PDT
Title: The GACWR Story: Building a Black Owned Cyber Range
When: Friday, Aug 12, 10:00 - 10:30 PDT
Where: Flamingo - Sunset-Twilight Ballroom (Blacks In Cybersecurity Village) - Map
Speakers:GACWR Team ,Jovonni Pharr
SpeakerBio:GACWR Team
No BIO available
SpeakerBio:Jovonni Pharr
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-09:59 PDT
Title: The Gold Bug – Crypto and Privacy Village Puzzle
When: Friday, Aug 12, 10:00 - 09:59 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
Description:
Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go. The Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!PELCGBTENCUL VF UNEQ
This puzzle can be done virtually, but if you’re on-site, you’re welcome to stop by the village to discuss it as well!
Return to Index - Add to
- ics Calendar file
MIV - Friday - 10:00-11:30 PDT
Title: The hybrid strategies of autocratic states: narrative characteristics of disinformation campaigns in relation to issues of a scientific-health nature
When: Friday, Aug 12, 10:00 - 11:30 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
SpeakerBio:Carlos Galán
Prof. Carlos Galán is a university professor and lawyer specialising in International Relations, Hybrid Threats, Disinformation, Privacy and Cybersecurity. He has worked in several public and private sector institutions, such as the Spanish National Cybersecurity Institute. Author of numerous articles on these topics in various academic, professional and think tanks, he has been part of the European Parliament's research team for the project "Strategic communications as a key factor in countering hybrid threats".
Description:
The workshop has dealt with some of the main disinformation characteristics that conspiracy news has in common in relation to health issues and the communication strategies that some Autocratic States have
Return to Index - Add to
- ics Calendar file
DC - Friday - 16:30-17:15 PDT
Title: The Internet’s role in sanctions enforcement: Russia/Ukraine and the future
When: Friday, Aug 12, 16:30 - 17:15 PDT
Where: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
SpeakerBio:Bill Woodcock
, Executive Director
No BIO available
Description:
As Russia invaded Ukraine in February of this year, the Ukrainian government sent requests to ICANN and RIPE to have Russia removed from the Internet. Those requests were refused, but engendered a lively debate on the role of Internet operators and the Internet governance system in sanctioning bad actors, on the Internet and in the world. This talk will introduce how governmental and intergovernmental sanctions are defined and enacted, and discuss the Internet community’s reaction to past attempts to engage the Internet in sanctions enforcement, the current conflict, and what the Internet community is doing in this area to prepare for future conflicts.
Return to Index - Add to
- ics Calendar file
BICV - Friday - 16:00-16:59 PDT
Title: The Last Log4Shell Talk You Need
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Virtual - BIC Village
SpeakerBio:Ochuan Marshall
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
LPV - Friday - 12:00-12:30 PDT
Title: The least secure biometric lock on Earth?
When: Friday, Aug 12, 12:00 - 12:30 PDT
Where: Caesars Forum - Summit 203-204, 235 (Lock Pick Village) - Map
SpeakerBio:Seth Kintigh
Hardware security engineer and cryptographer. Demoed the first NFMI attack: an over-the-air remote code exploit against the Defcon 27 badge.
Twitter: @Seth_Kintigh
Description:
I demonstrate how to defeat a biometric padlock via USB with a laptop, or with your bare hands, or maybe even with a Defcon badge.
While flipping through products a biometric lock caught my attention. It mentioned a back-up “Morse code” feature for unlocking it -- a series of 6 short or long presses, suggesting there were only 64 possible keys. Surely it couldn’t be that easy... But wait, there's more! It had another backup unlock feature: a USB port and an app that can unlock it with a PIN, with a default PIN set for bonus stupidity. I had a feeling this was just the tip of the terrible-security-iceberg.
I will demonstrate how to defeat this lock with some simple tools, with just your bare hands, and with a USB attack.
Return to Index - Add to
- ics Calendar file
CPV - Friday - 14:30-14:59 PDT
Title: The Multiverse of Madness: Navigating the 50-State Approach to Privacy and Security
When: Friday, Aug 12, 14:30 - 14:59 PDT
Where: Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village) - Map
SpeakerBio:Anthony Hendricks
Anthony Hendricks is a legal problem solver and litigator at Crowe & Dunlevy in its Oklahoma City office. At Crowe & Dunlevy, Hendricks chairs the firm’s Cybersecurity and Data Privacy Practice Group. He guides clients facing sensitive criminal, cybersecurity, banking, and environmental compliance issues. Hendricks teaches a cybersecurity law class and an information privacy class at Oklahoma City University School of Law. He also hosts “Nothing About You Says Computer Technology,” a weekly podcast on cybersecurity and data privacy viewed through the lens of diverse voices.
Description:
States have been taking the lead to address privacy. Last year, multiple states introduced or strengthened their privacy laws, and in 2022 several states are primed to do the same. But these new laws raise concerns for both the public and companies. Some of these new privacy laws don’t match public perception and worries related to privacy. In addition, these new laws are being crafted by state legislators that few people voted for. Voter turnout in local elections is historically low, and the people who vote in these elections don’t reflect the demographics of their districts. Even still, these new laws can be great for consumers. But it often leaves companies, especially small and medium-sized ones, struggling to address this new normal and leaving communities with regulations that they aren’t prepared for. Companies working nationally or even regionally must navigate multiple state privacy demands. This presentation will provide an update on these new laws and how they compare to public perception of privacy. Next, we will examine their impact on privacy and security, outline some common characteristics of these laws, and provide tips for companies to be privacy compliant. Finally, we talk about ways the public can shape these new laws.
Return to Index - Add to
- ics Calendar file
DC - Friday - 11:00-11:45 PDT
Title: The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks
When: Friday, Aug 12, 11:00 - 11:45 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
SpeakerBio:Joseph Ravichandran
, First year PhD Student working with Dr. Mengjia Yan at MIT
Joseph Ravichandran is a PhD student in computer architecture studying microarchitectural security at MIT. His work includes microarchitectural and memory safety attacks and attack modeling. He plays CTF with SIGPwny. This is his first DEF CON talk.
Twitter: @0xjprx
Description:
What do you get when you cross pointer authentication with microarchitectural side channels?
The PACMAN attack is a new attack technique that can bruteforce the pointer authentication code (PAC) for an arbitrary kernel pointer without causing any crashes using microarchitectural side channels. We demonstrate the PACMAN attack against the Apple M1 CPU.
Return to Index - Add to
- ics Calendar file
QTV - Friday - 14:00-14:59 PDT
Title: The Quantum Tech Showcase: From QKD to QRNG Demo
When: Friday, Aug 12, 14:00 - 14:59 PDT
Where: Caesars Forum - Summit 217 (Quantum Village) - Map
SpeakerBio:Vikram Sharma
No BIO available
Description:
Part 1
Come learn about quantum’s answer to cryptography - Quantum Key Distribution protocols! From BB84 to modern implementations.
Part 2
Quantum computers are expeted to break modern public key cryptography owing to Shor's algorithm. As a result, these cryptosystems need to be replaced by quantum-resistant algorithms, also known as post-quantum cryptography (PQC) algorithms.
Return to Index - Add to
- ics Calendar file
SKY - Friday - 12:10-12:30 PDT
Title: The Richest Phisherman in Colombia
When: Friday, Aug 12, 12:10 - 12:30 PDT
Where: LINQ - BLOQ (SkyTalks 303) - Map
Speakers:Matt Mosley,Nick Ascoli
SpeakerBio:Matt Mosley
Matt Mosley is a security professional with 30+ years experience in various technical and executive roles, former UNIX sysadmin and software engineer, and reformed grey hat hacker who wears his original “I miss crime” shirt proudly. In his current role as Chief Product Officer and CISO of security startup PIXM, Matt guides the company’s product and security strategy and manages several functional teams. Matt has held the CISSP, CISM and CISA credentials since the mid 90s and has spoken on security topics many times over the years, from large audiences at RSA to local ISSA meetings. Matt believes that security starts with the basics that most companies fail to get right, and would be happy to debate the merits of the principles in the orange book vs your need for the latest XDR/SOAR/ABCDXYZ product. He is still waiting for the right opportunity to avenge his team’s finals loss in Hacker Jeopardy during Defcon 5.
SpeakerBio:Nick Ascoli
Nick Ascoli is the founder and CEO of Foretrace, an External Attack Surface Management
(EASM) solution. Prior to starting Foretrace, Nick was a Cyber Research Scientist and Consultant
with Security Risk Advisors and has published several open-source tools including pdblaster and
TALR. Nick has been a speaker at Blackhat Arsenal, SANS, and B-Sides conferences on SIEM,
Recon, and UEBA topics.
Twitter: @kcin418
Description:
Adversaries have increasingly been leveraging completely legitimate 3rd party web hosting products to circumvent traditional domain reputation analysis engines, and successfully get their phishing pages in front of their victims. Using these third party services also offers them a great opportunity to limit the exposure of their own infrastructure, offering a great OPSEC advantage. However, in one investigation, a few breadcrumbs left in the adversaries code led us down a rabbit hole to slowly uncovering the person behind what is perhaps the largest Facebook credential harvesting campaign ever investigated (over 100 million potentially impacted at the time of this submission).
In this talk, we will follow the breadcrumb trail left by a threat actor, demonstrating how we pieced together the shocking scale of their credential harvesting and malversating operation. From comments in their code, to their various online identities, to accessing their infrastructure - we will walk through our investigation into a wanted Colombian Cyber Criminal.
Return to Index - Add to
- ics Calendar file
RCV - Friday - 15:50-16:25 PDT
Title: The Richest Phisherman in Colombia
When: Friday, Aug 12, 15:50 - 16:25 PDT
Where: LINQ - 3rd flr - Social B and C (Recon Village) - Map
SpeakerBio:Nick Ascoli
Nick Ascoli is the founder and CEO of Foretrace, an External Attack Surface Management
(EASM) solution. Prior to starting Foretrace, Nick was a Cyber Research Scientist and Consultant
with Security Risk Advisors and has published several open-source tools including pdblaster and
TALR. Nick has been a speaker at Blackhat Arsenal, SANS, and B-Sides conferences on SIEM,
Recon, and UEBA topics.
Twitter: @kcin418
Description:
Adversaries have increasingly been leveraging completely legitimate 3rd party web hosting products to circumvent traditional domain reputation analysis engines, and successfully get their phishing pages in front of their victims. Using these third party services also offers them a great opportunity to limit the exposure of their own infrastructure, offering a great OPSEC advantage. However, in one investigation, a few breadcrumbs left in the adversaries code led us down a rabbit hole to slowly uncovering the person behind what is perhaps the largest Facebook credential harvesting campaign ever investigated, reported by cybersecurity blogs and news media worldwide in mid June of 2022.
In this talk, we will follow the breadcrumb trail left by a threat actor, demonstrating how we pieced together the shocking scale of their credential harvesting and malversating operation. From comments in their code, to their various online identities, to accessing their infrastructure - we will walk through our investigation into a wanted Colombian Cyber Criminal, and demonstrate how recon can be used against adversaries
Return to Index - Add to
- ics Calendar file
LPV - Friday - 14:00-14:59 PDT
Title: The Right Way To Do Wrong: Physical security secrets of criminals and professionals alike
When: Friday, Aug 12, 14:00 - 14:59 PDT
Where: Caesars Forum - Summit 203-204, 235 (Lock Pick Village) - Map
SpeakerBio:Patrick McNeil
No BIO available
Description:
In 1905 Harry Houdini wrote his first book entitled “The Right Way to Do Wrong” wherein he divulged the lockpicking and other trade secrets of criminals. People make assumptions about how schemes work and believe them to be complicated, yet in many cases the insider knows how simple they are. Most people assume that besides tailgating and social engineering, real break-ins (or physical security testing) are all about picking locks. However, the secret is that on physical pentests it’s typically unnecessary to do that! Some physical controls have known bypasses, and some building contractors (or even locksmiths) don't implement things correctly. Just like Houdini, I’ll be divulging the simple tricks of the trade employed by both criminals and professional physical pentesters to bypass physical controls without using picks. You may be shocked and amazed by what you see, and once you leave you'll be an insider too - seeing insecurity everywhere!
Return to Index - Add to
- ics Calendar file
CON - Friday - 11:00-10:59 PDT
Title: The Schemaverse Championship - Practice Round
When: Friday, Aug 12, 11:00 - 10:59 PDT
Where: Virtual
Description:
The Schemaverse [skee-muh vurs] is a space battleground that lives inside a PostgreSQL database. Mine the hell out of resources and build up your fleet of ships, all while trying to protect your home planet. Once you're ready, head out and conquer the map from other DEF CON rivals.
This unique game gives you direct access to the database that governs the rules. Write SQL queries directly by connecting with any supported PostgreSQL client or use your favourite language to write AI that plays on your behalf. This is DEF CON of course so start working on your SQL Injections - anything goes!
Return to Index - Add to
- ics Calendar file
VMV - Friday - 12:00-12:59 PDT
Title: The State of Election Security Training
When: Friday, Aug 12, 12:00 - 12:59 PDT
Where: Caesars Forum - Alliance 313-314, 320 (Voting Village) - Map
SpeakerBio:Jerome Lovato
, Consultant
No BIO available
Description:No Description available
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 13:00-13:59 PDT
Title: The USCG's Maritime Cybersecurity Strategy [[maritime]]
When: Friday, Aug 12, 13:00 - 13:59 PDT
Where: ICS Village Virtual
SpeakerBio:RADM John Mauger
, First District Commander (D1)
Rear Admiral Mauger assumed the duties of Commander, First Coast Guard District in May 2022. He oversees all Coast Guard missions across eight states in the Northeast including over 2,000 miles of coastline from the U.S.-Canadian border to northern New Jersey and 1300 miles offshore. Rear Admiral Mauger previously served as the Assistant Commandant for Prevention Policy, responsible for the development of national policy, standards, and programs promoting Marine Safety, Security and Environmental Stewardship.
Description:
RADM Mauger will describe and discuss the USCG's Cyber Strategic Outlook (2021) and directions in managing maritime cybersecurity in terms of facilities, ships, and workforce development.
Return to Index - Add to
- ics Calendar file
DL - Friday - 10:00-11:55 PDT
Title: TheAllCommander
When: Friday, Aug 12, 10:00 - 11:55 PDT
Where: Caesars Forum - Accord Boardroom (Demo Labs) - Map
SpeakerBio:Matthew Handy
Matt Handy completed his BS in Computer Science at the University of Maryland, College Park (UMD) in 2010, and MS in CyberSecurity at Johns Hopkins in 2014. He has worked for NASA's Goddard Space Flight Center doing satellite ground systems development since 2009. He has specialized in secure software systems development and has helped to develop several missions over the course of his career. In his off time, he enjoys doing independent security research and creating tools like TheAllCommander to help make a more secure cyber world.
Description:
TheAllCommander is an open-source tool which offers red teams and blue teams a framework to rapidly prototype and model malware communications, as well as associated client-side indicators of compromise. The framework provides a structured, documented, and object-oriented API for both the client and server, allowing anyone to quickly implement a novel communications protocol between a simulated malware daemon and its command and control server. For Blue Teamers, this allows rapid modeling of emerging threats and comprehensive testing in a controlled manner to develop reliable detection models. For Red Teamers, this framework allows rapid iteration and development of new protocols and communications schemes with an easy to use Python interface. The framework has many tools or techniques used by red teams built in, such as a SOCKS5 proxy, which then use the implemented communication scheme. This allows comprehensive testing of the detection and functional capability of the communication scheme, allowing for efficient design and development choices to be made before committing to production tool development. To facilitate this goal, TheAllCommander includes a Java based command and control server with a simple API to allow new plug-ins for server-side control. There is a python-based emulation client, which can be easily extended using the API to allow new client side communications code. Several reference implementations for covert malware communication are provided to allow out-of-the-box modeling, including emulated client browser HTTPS traffic, DNS queries, and email traffic. The tool chain includes support for several common Red Team tactics, such as Remote Desktop tunneling and FODHelper UAC bypass. This implementation effectively generates both client side and network traffic indicators of compromise.
Audience: Offense, Defense
Return to Index - Add to
- ics Calendar file
CON - Friday - 10:00-17:59 PDT
Title: Trace Labs OSINT Search Party CTF - Sign-ups
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area) - Map
Description:
The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons
You can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our Discord group to get started here: https://tracelabs.org/discord
Return to Index - Add to
- ics Calendar file
DC - Friday - 14:30-15:15 PDT
Title: Trace me if you can: Bypassing Linux Syscall Tracing
When: Friday, Aug 12, 14:30 - 15:15 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
Speakers:Rex Guo,Junyuan Zeng
SpeakerBio:Rex Guo
, Principal Engineer
Rex Guo works as a Principal Engineer at Lacework where he leads data-driven cloud security product development, detection efficacy roadmap and research on new attack vectors in the cloud. Previously, he was the Head of Research at Confluera where he led the research and development of the cloud XDR product which offers real-time attack narratives. Before that, he was an Engineering Manager at Cisco Tetration where his team bootstrapped the cloud workload protection product deployed on millions of workloads. Before that, Rex worked at Intel Security and Qualcomm. In these positions, he worked on application security, infrastructure security, malware analysis, and mobile/IoT security. Most notably, he led the Intel team to secure millions of iPhones which had Intel cellular modems inside. He has presented at Blackhat and Defcon multiple times. He has 30+ patents and publications. He received a PhD from New York University.
Twitter: @Xiaofei_REX
SpeakerBio:Junyuan Zeng
, Senior Software Engineer, Linkedin.com
Junyuan Zeng is Senior Software Engineer at Linkedin. Before Linkedin, he was Staff Security Architect at JD.com where he designed and architected container security monitoring solutions. Before that he was Staff Software Engineer for mobile payment security at Samsung and a security researcher at FireEye where he worked on mobile malware analysis. He has spoken multiple times at Blackhat and Defcon. He has published in ACM CCS, USENIX ATC, and other top academic conferences. He obtained his PhD in Computer Science from The University of Texas at Dallas.
Description:
In this talk, we will present novel vulnerabilities and exploitation techniques that reliably bypass Linux syscall tracing. A user mode program does not need any special privileges or capabilities to reliably avoid system call tracing detections by exploiting these vulnerabilities. The exploits work even when seccomp, SELinux, and AppArmor are enforced.
Advanced security monitoring solutions on Linux VMs and containers offer system call monitoring to effectively detect attack behaviors. Linux system calls can be monitored by kernel tracing technologies such as tracepoint, kprobe, ptrace, etc. These technologies intercept system calls at different places in the system call execution. These monitoring solutions can be deployed on cloud compute instances such as AWS EC2, Fargate, EKS, and the corresponding services from other cloud providers.
We comprehensively analyzed the Time-of-check-to-time-of-use (TOCTOU) issues in the Linux kernel syscall tracing framework and showed that these issues can be reliably exploited to bypass syscall tracing. Our exploits manipulate different system interactions that can impact the execution time of a syscall. We demonstrated that significant syscall execution delays can be introduced to make TOCTOU bypass reliable even when seccomp, SELinux, and AppArmor are enforced. Compared to the phantom attacks in DEFCON 29, the new exploit primitives we use do not require precise timing control or synchronization.
We will demonstrate our bypass for Falco on Linux VMs/containers and GKE. We will also demonstrate bypass for pdig on AWS Fargate. In addition, we will demonstrate exploitation techniques for syscall enter and explain the reason why certain configurations are difficult to reliably exploit. Finally, we will summarize exploitable TOCTOU scenarios and discuss potential mitigations in various cloud computing environments.
Return to Index - Add to
- ics Calendar file
MIV - Friday - 16:00-16:59 PDT
Title: Tracking Scams and Disinformation by Hacking Link Shorteners
When: Friday, Aug 12, 16:00 - 16:59 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
Speakers:Justin Rhinehart,Sam Curry
SpeakerBio:Justin Rhinehart
Justin Rhinehart is a Senior Security Analyst. In his spare time, he enjoys doing security research and bug bounty with his friends, as well as creating security-related content. Additionally, he has lectured on cybersecurity at the University of Guadalajara, been featured in both Dark Reading and Ars Technica, volunteered in the Virtual and Western Regions of the Collegiate Cyber Defense Competition, and has served on the board of three non-profit organizations focused on giving back to his local community.
SpeakerBio:Sam Curry
No BIO available
Description:
Link shorteners are one of the many tools used to spread spam, scams, and general misinformation. While performing a security audit on a popular link shortener, we discovered a way to redirect links that were banned for terms of service violations (or otherwise normally 404'd.) This gave us a rare chance to take a look behind the curtain and allowed us to gather lots of really interesting metrics about how and where these link shorteners are abused, to the tune of over 40,000 pageviews a day. The talk ends with us having a little fun with our newly found traffic firehose and using it as a chance to teach would-be victims about the dangers of scams and misinformation on the internet at scale!
Return to Index - Add to
- ics Calendar file
VMV - Friday - 13:00-13:30 PDT
Title: Truly Maligned: How Disinformation Targets Minority Communities to Create Voter Suppression
When: Friday, Aug 12, 13:00 - 13:30 PDT
Where: Caesars Forum - Alliance 313-314, 320 (Voting Village) - Map
SpeakerBio:Nicole Tisdale
, Director of The White House National Security Council (2021-2022) - Director of the U.S. Committee on Homeland Security (2009-2019)
For a decade, I worked in the United States House of Representatives Committee on Homeland Security. In that position, I served as the director of intelligence and counterterrorism and the director of outreach and coalitions. In those positions, I advised Members of Congress on national security policy matters and legislation related to intelligence, counterterrorism, cyber, and law enforcement. I also worked to convene a wide range of stakeholders, build common solutions, and harness support for legislation and oversight to advance the Committee’s priorities to help secure our Nation.
Before my time on the homeland committee, I served in a number of policy and political fellowships and internships including: the United States Senate, the Mississippi Innocence Project, the City of Birmingham (Alabama) Department of Youth Services, the Mississippi Family Law Clinic (Domestic Violence), and numerous political and advocacy campaigns.
Twitter: @HiNicoleTisdale
Description:No Description available
Return to Index - Add to
- ics Calendar file
MIV - Friday - 11:30-13:30 PDT
Title: Uncovering multi-platform misinformation campaigns with Information Tracer
When: Friday, Aug 12, 11:30 - 13:30 PDT
Where: Caesars Forum - Summit 220->236 (Misinformation Village) - Map
SpeakerBio:Zhouhan Chen
Zhouhan Chen received his Ph.D. in Data Science from NYU. He wrote his Ph.D. thesis with a focus on how misinformation spreads across multiple platforms. He currently building two projects with his Ph.D. advisors: Information Tracer (https://informationtracer.com/), a platform to detect (mis)disinformation across social media platforms, and Malware Discoverer (https://zhouhanc.github.io/malware-discoverer/), a proactive system to discover malicious URL redirection campaigns. His systems are used by researchers, journalists and security analysts.
Description:
The quality of online information is deteriorating. Misinformation operations and bot accounts all contribute to the worsening environment. To address those challenges, researchers need real-time data and actionable intelligence to trace information spread and to identify suspicious spread patterns.
This session introduces Information Tracer, a service to provide fine-grained intelligence about how online information spreads to journalists, researchers and developers.
Information Tracer consists of three components. The first components collects public posts containing a particular URL, hashtag or keyword over five platforms—Twitter, Facebook, YouTube, Reddit, Gab. The second components turns heterogeneous raw data into explainable metrics that describe how information spreads. The last component shares our intelligence via either web interface or API endpoints. End users can set up their own collection pipelines and thresholds for metrics to surface potentially coordinated misinformation attacks.
In this session, we will walk through our system architecture, and demo how to trace a URL related to recent Amber Heard vs Johnny Depp lawsuit. We will examine how the URL is shared on different platforms, and decide if the spread is organic or not.
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 12:00-12:59 PDT
Title: Understanding Modbus TCP and the GRACE Console [[Maritime]]
When: Friday, Aug 12, 12:00 - 12:59 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map
SpeakerBio:Dave Burke
, Chief Engineer
Prior to joining Fathom5, Dr. Burke spent 10 years working at various positions within the government. From acting as the Program Executive Officer for NAVAIR to becoming a chairman of the NATO UAS and then the Director of Cyber Warfare Detachment, Dr. Burke has mastered the focus and understanding of cybersecurity. In the summer of 2019, Dr. Burke left government service to join Fathom5 as their chief engineer where he directs the development of novel approaches to embedded system DEVOPS and cybersecurity. He holds three bachelor’s degrees in electrical engineering, computer engineering, and computer science from North Carolina State University, a master’s degree in computer engineering, and a Ph.D. in aerospace engineering.
Description:
Fathom5 will be hosting a number of Grace Maritime Cyber Testbed consoles at the ICS Village to support the SeaTF activity. This "lunchtime tutorial" will discuss the Modbus TCP protocol, which is employed in the Grace Ballast console. Modbus is the de facto industry standard for the interconnection of ICS and OT systems. This mini-tutorial will address the protocol history, architecture, frame format, and operation.
Return to Index - Add to
- ics Calendar file
HHV - Friday - 10:00-10:45 PDT
Title: Uwb Security Primer: Rise Of A Dusty Protocol
When: Friday, Aug 12, 10:00 - 10:45 PDT
Where: Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village) - Map
SpeakerBio:Göktay Kaykusuz
Göktay Kaykusuz has more than five years of experience in various cyber security fields and is currently a Security Engineer at eyeo GmbH. Previously he worked as a Security Engineer at Jotform Inc. and did freelance/consultancy work before that. Göktay also has Bachelor’s Degree in Computer Engineering, a Master’s Degree in Information Security, and OSCP/OSCE certifications. He also designed a custom badge to wear, just for DEFCON 30.
Göktay also likes riding cruisers/choppers, smoking churchwardens, and robotics in general. He also dislikes nature to a degree (especially bugs/spiders) and would welcome the warm embrace of Cult Mechanicus if given the opportunity.
Description:
UWB has been available for nearly 20 years now but never took off the way it was meant to. Every use-case designed or considered for UWB had been taken over by other protocols such as Bluetooth, and like the VR tech, UWB did not become a widespread way of communication for a long time.
During this talk, we will look at the standards, current applications, and possible attack vectors alongside the available hardware that we can utilize to discover these vectors. This session will be a primer for anyone interested in the current UWB landscape and will try to provide the basis for security research.
Return to Index - Add to
- ics Calendar file
DL - Friday - 10:00-11:55 PDT
Title: Vajra - Your Weapon To Cloud
When: Friday, Aug 12, 10:00 - 11:55 PDT
Where: Caesars Forum - Committee Boardroom (Demo Labs) - Map
SpeakerBio:Raunak Parmar
Raunak Parmar works as a Security Consultant. Web/Cloud security, source code review, scripting, and development are some of his interests. Also, familiar with PHP, NodeJs, Python, Ruby, and Java. He is OSWE certified and the author of Vajra and 365-Stealer.
Description:
Vajra (Your Weapon to Cloud) is a framework capable of validating the cloud security posture of the target environment. In Indian mythology, the word Vajra refers to the Weapon of God Indra (God of Thunder and Storms). Because it is cloud-connected, it is an ideal name for the tool. Vajra supports multi-cloud environments and a variety of attack and enumeration strategies for both AWS and Azure. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking and enumerating techniques all in one place with web UI interfaces so that it can be accessed anywhere by just hosting it on your server. The following modules are currently available: • Azure - Attacking 1. OAuth Based Phishing (Illicit Consent Grant Attack) - Exfiltrate Data - Enumerate Environment - Deploy Backdoors - Send mails/Create Rules 2. Password Spray 3. Password Brute Force - Enumeration 1. Users 2. Subdomain 3. Azure Ad 4. Azure Services - Specific Service 1. Storage Accounts • AWS - Enumeration 1. IAM Enumeration 2. S3 Scanner - Misconfiguration
Audience: Security Professional Cloud Engineer
Return to Index - Add to
- ics Calendar file
DC - Friday - 10:00-17:59 PDT
Title: Vendor Area Open
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Forum 130-132, 134 (Vendors) - Map
Description:
This is when you can go visit our awesome vendors.
We don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.
Return to Index - Add to
- ics Calendar file
DC - Friday - 10:00-17:59 PDT
Title: Village Areas Open (Generally)
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Other/See Description
Description:
These are the general operating hours for villages, across all locations. Refer to each village's location to see their specific hours or activities.
Return to Index - Add to
- ics Calendar file
SEV - Friday - 13:00-15:59 PDT
Title: Vishing Competition (SECVC) - LIVE CALLS
When: Friday, Aug 12, 13:00 - 15:59 PDT
Where: LINQ - 3rd flr - Social A (Social Engineering Community) - Map
Description:
In this competition, teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.
Teams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team is provided limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!
Return to Index - Add to
- ics Calendar file
SEV - Friday - 09:00-11:59 PDT
Title: Vishing Competition (SECVC) - LIVE CALLS
When: Friday, Aug 12, 09:00 - 11:59 PDT
Where: LINQ - 3rd flr - Social A (Social Engineering Community) - Map
Description:
In this competition, teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.
Teams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team is provided limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!
Return to Index - Add to
- ics Calendar file
DL - Friday - 12:00-13:55 PDT
Title: Wakanda Land
When: Friday, Aug 12, 12:00 - 13:55 PDT
Where: Caesars Forum - Caucus Boardroom (Demo Labs) - Map
SpeakerBio:Stephen Kofi Asamoah
Stephen Kofi Asamoah (q0phi80) is an Offensive Security professional, with over fifteen (15) years of experience running Offensive Security operations. Some of his previous places of employment include Ernst & Young, PwC and IBM X-Force Red. Currently as a Snr. Manager of Offensive Cybersecurity Operations, he runs an Enterprise's Offensive Security programs and manages a team of Offensive Security Operators.
Description:
Wakanda Land is a Cyber Range deployment tool that uses terraform for automating the process of deploying an Adversarial Simulation lab infrastructure for practicing various offensive attacks. This project inherits from other people's work in the Cybersecurity Community, to which I have added some additional sprinkles to their work from my other research. The tool deploys the following for the lab infrastructure (of course, more assets can be added): -Two Subnets -Guacamole Server --This provides dashboard access to --Kali GUI and Windows RDP instances The Kali GUI, Windows RDP and the user accounts used to log into these instances are already backed into the deployment process --To log into the Guacamole dashboard with the guacadmin account, you need to SSH into the Guacamole server using the public IP address (which is displayed after the deployment is complete) and then change into the guacamole directory and then type cat .env for the password (the guacadmin password is randomly generated and saved as an environment variable) -Windows Domain Controller for the Child Domain (first.local) -Windows Domain Controller for the Parent Domain (second.local) -Windows Server in the Child Domain -Windows 10 workstation in the Child Domain -Kali Machine - a directory called toolz is created on this box and Covenant C2 is downloaded into that folder, so its just a matter of running Covenant once you are authenticated into Kali -Debian Server serving as Web Server 1 - OWASP's Juice Shop deployed via Docker -Debian Server serving as Web Server 2 - Vulnerable web apps
Audience: Offensive - Defensive - Any Cybersecurity enthusiasts
Return to Index - Add to
- ics Calendar file
DC - Friday - 17:30-18:15 PDT
Title: Walk This Way: What Run D.M.C. and Aerosmith Can Teach Us About the Future of Cybersecurity
When: Friday, Aug 12, 17:30 - 18:15 PDT
Where: Caesars Forum - Forum 106-110, 138-139 (Track 2) - Map
Speakers:Jen Easterly,The Dark Tangent
SpeakerBio:Jen Easterly
, Director
No BIO available
SpeakerBio:The Dark Tangent
, DEF CON
No BIO available
Description:
The year was 1986 and the arena rock of the 1970s was coming to a whimpering end, while rap had not quite gained a mainstream foothold. The unlikely collaboration between Aerosmith and Run D.M.C. changed the course of music forever, reinvigorating the relevance of rock while bringing rap to the forefront of prominence. This collaboration, unexpected, and by some accounts uncomfortable, paved the way for the future of music and celebrated the genius of innovation of partnership. The cybersecurity community has much to learn from this example of partnership for the better.
Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), and Jeff Moss, founder and President of DefCon Communications, will discuss the importance of partnership between the Federal Government and the hacker community. The growing partnership through CISA’s recently established Cybersecurity Advisory Committee and the work of the technical advisory council could have the same effect on our future shared cybersecurity posture to truly raise our shared cyber defense. Through this Council, researchers, academics, and technologists are working together with government to evolve how to understand new vulnerabilities, how to identify and encourage adoption of strong security controls, and how to use increasing volumes of security data to derive actionable insights that can be shared across the broader community. #walkthisway
Return to Index - Add to
- ics Calendar file
PHV - Friday - 10:00-17:59 PDT
Title: Wall of Sheep
When: Friday, Aug 12, 10:00 - 17:59 PDT
Where: Caesars Forum - Academy 411-414, 420 (Packet Hacking Village) - Map
Description:
We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.
Return to Index - Add to
- ics Calendar file
RFV - Friday - 13:00-13:30 PDT
Title: Wardriving 101 - or How I Learned to Stop Worrying and Love Bad Fuel Economy and High Gas Prices
When: Friday, Aug 12, 13:00 - 13:30 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
SpeakerBio:Raker
Interested in all things RF and computing from a young age.
Twitter: @w4www_raker
Description:
So you have heard of wardriving and/or WiGLE and want to try it out. Come listen to a recent former newbie wardriver talk about his first year of wardriving and learn how you can be a better new wardriver than he was.
Return to Index - Add to
- ics Calendar file
DC - Friday - 13:30-13:50 PDT
Title: Weaponizing Windows Syscalls as Modern, 32-bit Shellcode
When: Friday, Aug 12, 13:30 - 13:50 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
Speakers:Tarek Abdelmotaleb,Dr. Bramwell Brizendine
SpeakerBio:Tarek Abdelmotaleb
, Security Researcher, VERONA Labs
Tarek Abdelmotaleb is a security researcher at VERONA Labs, and he is a graduate student at Dakota State University, who will soon graduate with a MS in Computer Science. Tarek specializes in malware development, software exploitation, reverse engineering, and malware analysis. Tarek recently published an IEEE paper that provides a new way for finding the base address of kernel32, making it possible to do shellcode without needing to make use of walking the Process Environment Block (PEB).
SpeakerBio:Dr. Bramwell Brizendine
Dr. Bramwell Brizendine completed his Ph.D. in Cyber Operations recently, where he did his dissertation on Jump-Oriented Programming, a hitherto, seldom-studied and poorly understood subset of code-reused attacks. Bramwell developed a fully featured tool that helps facilitate JOP exploit development, the JOP ROCKET. Bramwell is the Director of the Vulnerability and Exploitation Research for Offensive and Novel Attacks (VERONA Lab), specializing in vulnerability research, software exploitation, software security assessments, and the development of new, cutting-edge tools and techniques with respect to software exploitation and malware analysis. Bramwell also teaches undergraduate, graduate, and doctoral level courses in software exploitation, reverse engineering, malware analysis, and offensive security. Bramwell teaches the development of modern Windows shellcode from scratch in various courses. Bramwell is a PI on an NSA grant to develop a shellcode analysis framework. Bramwell has been a speaker at many top security conferences, such as DEF CON, Black Hat Asia, Hack in the Box Amsterdam, Hack, and more.
Description:
While much knowledge exists on using syscalls for red team efforts, information on writing original shellcode with syscalls so in modern x86 is sparse and lacking. Our reverse engineering efforts, however, have revealed the necessary steps to take to successfully perform syscalls in shellcode, both for Windows 7 and 10, as there are some significant differences.
In this talk, we will embark upon a journey that will show the process of reverse engineering how Windows syscalls work in both Windows 7 and 10, while focusing predominately on the latter. With this necessary foundation, we will explore the process of effectively utilizing syscalls inside shellcode. We will explore the special steps that must be taken to set up syscalls – steps that may not be required to do equivalent actions with WinAPI functions.
This talk will feature various demonstrations of syscalls in x86 shellcode.
Return to Index - Add to
- ics Calendar file
CLV - Friday - 12:30-13:10 PDT
Title: Weather Proofing GCP Defaults
When: Friday, Aug 12, 12:30 - 13:10 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Cloud Village) - Map
SpeakerBio:Shannon McHale
Shannon McHale, Associate Consultant at Mandiant, has spent her first year in the security industry focused on Red- Teaming cloud environments and recently passed the Google Cloud Certified Professional Cloud Security Engineer (PCSE) exam. As one of Mandiant's Google Cloud Platform (GCP) Subject Matter Experts (SME), she works hard on enhancing and delivering the GCP Penetration Test methodology. This is her first DefCon, but she has presented at ShmooCon and the Women in Cybersecurity (WiCyS) conferences, while simultaneously obtaining her Bachelor's of Science in Computing Security from Rochester Institute of Technology.
Twitter: @_shannon_mchale
Description:
Default Google Cloud Platform (GCP) configurations include open ports, high numbers of excessive permissions, limited logging, and credential expiration dates, which security professionals would typically never let happen. But, we cannot expect users in GCP environments to know and prioritize the most secure option for each setting when they configure a resource. This inadvertently leads to unsafe environments that attackers can leverage.
In this talk, we will review the 'dangerous defaults' of GCP and how they can be abused by attackers. We'll also provide specific policies cloud architects and cloud administrators should implement to stop their users from deploying default configurations and outline how to set up policies that reduce decision fatigue on their users. The goal is for cloud architects, engineers, and Blue Teamers to implement what they see in this talk and scale their environment to be significantly more secure. It will also give my fellow Red Teamers a list of items to check for during their assessments to help organizations further harden their environments.
Return to Index - Add to
- ics Calendar file
AVV - Friday - 10:15-10:30 PDT
Title: Welcome and Introduction
When: Friday, Aug 12, 10:15 - 10:30 PDT
Where: Flamingo - Sunset-Scenic Ballroom (Adversary Village) - Map
SpeakerBio:Abhijith B R
Abhijith, also known by the psuedonym Abx, has more than a decade of experience in the Information and Cyber Security domain.
He is the founder and Lead organizer of Adversary Village at DEF CON. Currently managing offensive security operations and Adversary simulation for a global FinTech company. Lead Organizer of an official DEFCON Group, DC0471. He has recently started running (https://tacticaladversary.io/) project.
Twitter: @abhijithbr
Description:No Description available
Return to Index - Add to
- ics Calendar file
DCGVR - Friday - 18:00-18:59 PDT
Title: When (Fire)Fox Gets Angry! A Web Browser for Red Teamers
When: Friday, Aug 12, 18:00 - 18:59 PDT
Where: Virtual - DEF CON Groups VR
SpeakerBio:sidepocket
A Co-Founder of DCG 201, an open group for hacker workshop projects in North East New Jersey, Sidepocket is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, TOOOL, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DCG 201 at: http://linktr.ee/defcon201
Twitter: @defcon201nj
Description:
When most users, hackers and cyber security folks think of web browsers we think of the need for only privacy and defensive security. However, after playing countless CTF Tournaments where a major category is web security, I started to wonder, what would a web browser look like if it was built for offensive capabilities over defensive. In this short presentation I show off a modified version of Firefox with a curated list of extensions and tools that allow everything from script injections, man in the middle attacks, in-depth forensics, vlun scanning and even launching into a command line shell directly in the browser. After the presentation, attendees will be able to try out the modified browser in person and the download for it’s Firefox Profile will be posted on the DCG 201 blog!
Return to Index - Add to
- ics Calendar file
RFV - Friday - 17:00-17:59 PDT
Title: When you're too competitive for your own good
When: Friday, Aug 12, 17:00 - 17:59 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
Speakers:D4rkm4tter,El Kentaro,Grim0us
SpeakerBio:D4rkm4tter
No BIO available
SpeakerBio:El Kentaro
No BIO available
Twitter: @elkentaro
SpeakerBio:Grim0us
No BIO available
Description:
When wardriving becomes an obsession. elkentaro,d4rkm4tter,grim0us panel discussion on "extreme" wardriving/warwalking. The why, how and why...
Return to Index - Add to
- ics Calendar file
BHV - Friday - 11:00-11:59 PDT
Title: Where there's a kiosk, there's an escape
When: Friday, Aug 12, 11:00 - 11:59 PDT
Where: Flamingo - Laughlin I,II,III (Biohacking Village) - Map
SpeakerBio:Michael Aguilar (v3ga)
Michael (v3ga) is a Principla Consultant within Secureworks Adversary group covering a wide range of testing capabilities inclusive of Red Team simulations, Network Penetration Testing, hardware and Medical Devices. v3ga currently has 4 CVE's pertaining to medical device vulnerabilities.
Twitter: @v3ga_hax
Description:No Description available
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 17:00-17:30 PDT
Title: Why aren’t you automating?
When: Friday, Aug 12, 17:00 - 17:30 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map
SpeakerBio:Don C.Weber
, Principal Consultant
Marine, Hacker, Breaker of Things
Description:
When you do something, you’ll want to remember how to do it again. Notes are fine, scripts are better. Automate all the things.
Return to Index - Add to
- ics Calendar file
ICSV - Friday - 15:00-15:30 PDT
Title: Wind Energy Cybersecurity: Novel Environments facing Increased Threats
When: Friday, Aug 12, 15:00 - 15:30 PDT
Where: Caesars Forum - Alliance 314 - 319 (ICS Village) - Map
SpeakerBio:Meg Egan
, Control Systems Cybersecurity Analyst
Meg Egan is a Control Systems Cybersecurity Analyst at Idaho National Lab's Cybercore Integration Center where she supports INL's Consequence-driven, Cyber-informed Engineering portfolio, serves as lead analyst for the ICS Situation Threat Awareness Team, and works on programs for a variety of U.S. Government customers. She is also currently pursing a Masters of Cyber Operations and Resilience from Boise State University and has degrees in International Affairs from Penn State University.
Description:
Wind energy cybersecurity made headlines in February 2022 when Russian cyberattacks to disrupt Ukrainian command and control infrastructure resulted in an outage of commercial SATCOM networks, impacting the remote communications of 5800 European wind turbines. Surrounding this high-profile attack were other wind energy sector cyber incidents - ransomware attacks at major turbine manufacturers Vestas and Nordex and a cyberattack on the IT systems of wind farm operator Deutsche Windtechnik. This talk will integrate threat intelligence with unique attributes of control system environments in the wind energy sector to bring to light cybersecurity issues facing one of the fastest growing sources of electricity around the world.
Return to Index - Add to
- ics Calendar file
RFV - Friday - 15:30-15:59 PDT
Title: WIPS/WIDS Evasion for Rogue Access Points
When: Friday, Aug 12, 15:30 - 15:59 PDT
Where: Flamingo - Eldorado Ballroom (Radio Frequency Village) - Map
SpeakerBio:Eric Escobar
Eric is a seasoned pentester and a Security Principal Consultant at Secureworks. On a daily basis he attempts to compromise large enterprise networks to test their physical, human, network and wireless security. He has successfully compromised companies from all sectors of business including: Healthcare, Pharmaceutical, Entertainment, Amusement Parks, Banking, Finance, Technology, Insurance, Retail, Food Distribution, Government, Education, Transportation, Energy and Industrial Manufacturing.
His team consecutively won first place at DEF CON 23, 24, and 25's Wireless CTF, snagging a black badge along the way. Forcibly retired from competing in the Wireless CTF, he now helps create challenges!
Twitter: @EricEscobar
Description:
Detecting rogue access points is easy right? Are you confident you'd be able to detect one in your environment? Rogue access points come in a variety of flavors depending on the objectives of the adversary. This talk will cover a variety of tactics used by attackers to evade WIPS/WIDS (Wireless Intrusion Prevention/Detection Systems). Come check out this talk to see how robust your detection is!
Return to Index - Add to
- ics Calendar file
DC - Friday - 16:00-16:45 PDT
Title: Wireless Keystroke Injection (WKI) via Bluetooth Low Energy (BLE)
When: Friday, Aug 12, 16:00 - 16:45 PDT
Where: Caesars Forum - Academy 401-410, 421 (Track 3) - Map
Speakers:Jose Pico,Fernando Perera
SpeakerBio:Jose Pico
, Founder at LAYAKK
Jose Pico is co-founder and senior security analyst in LAYAKK. Apart from carrying out red team activities and product security evaluations, he is a researcher in wireless communications security. In this field he has published books, articles and research in the form of talks in top events, both in Spain and worldwide. He is also an appointed member of the Ad hoc Working Group on the candidate European Union 5G Cybersecurity Certification Scheme (EU5G AHWG).
SpeakerBio:Fernando Perera
, Security Analyst at LAYAKK
Fernando Perera has been a Security Engineer at LAYAKK for 5 years, where he collaborates on RedTeam projects, development of security tools and software analysis. He has previously presented at RootedCON Satelite VLC 2016 and 2019, among other security events.
Description:
"We present a Microsoft Windows vulnerability that allows a remote attacker to impersonate a Bluetooth Low Energy (BLE) keyboard and perform Wireless Key Injection (WKI) on its behalf. It can occur after a legitimate BLE keyboard automatically closes its connection because of inactivity. In that situation, an attacker can impersonate it and wirelessly send keys.
In this talk we will demonstrate the attack live and we will explain the theoretical basis behind it and the process that led us to discover the vulnerability. We will also release the tool that allows to reproduce the attack and we will detail how to use it."
Return to Index - Add to
- ics Calendar file
GHV - Friday - 11:00-12:30 PDT
Title: Workshop: Intro to CTF
When: Friday, Aug 12, 11:00 - 12:30 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map
SpeakerBio:Professor Rogers
I am a passionate Cybersecurity Architect and Engineer, experienced in "architecting", planning, implementing, optimizing, and troubleshooting cybersecurity solutions for enterprise deployment, patch management, and overall device management. I have 16 years of experience as a Cybersecurity Project Technical Lead and have managed security projects from full implementations to migrations, Through the years I have gained proven experience building projects and managing them through the entire project life cycle. This includes managing multi- phase/multi-dimensional/multi-resource projects to a conclusion while maintaining high customer satisfaction.
Description:
Workshop geared to participation in CTF's
Return to Index - Add to
- ics Calendar file
GHV - Friday - 15:00-16:30 PDT
Title: Workshop: Network Penetration Testing w HyperQube
When: Friday, Aug 12, 15:00 - 16:30 PDT
Where: Flamingo - Virginia City III (Girls Hack Village) - Map
Speakers:Craig Stevenson,Kevin Chapman,Makayla Ferrell,Tennisha Martin
SpeakerBio:Craig Stevenson
No BIO available
SpeakerBio:Kevin Chapman
No BIO available
SpeakerBio:Makayla Ferrell
No BIO available
SpeakerBio:Tennisha Martin
Tennisha Martin is the founder and Executive Director of BlackGirlsHack (BGH Foundation), a national cybersecurity nonprofit organization dedicated to providing education and resources to underserved communities and increasing the diversity in cyber. She has worked in a consulting capacity for over 15 years and in her spare time is a Cyber Instructor, mentor, and red-team leaning ethical hacking advocate for diversity in Cyber and the executive suites.
Twitter: @misstennisha
Description:
Network Penetration Workshop
Return to Index - Add to
- ics Calendar file
BTV - Friday - 16:45-16:59 PDT
Title: YARA Rules to Rule them All
When: Friday, Aug 12, 16:45 - 16:59 PDT
Where: Virtual - BlueTeam Village - Talks
SpeakerBio:Saurabh Chaudhary
With over 5 years of experience protecting Banks and the financial sector against cyber threats, Saurabh Chaudhary is a renowned Security Researcher and a prominent speaker and trainer.
He is a published researcher with multiple research papers on malware, ransomware, and cyber espionage and has experience and expertise in cyber threat intelligence, Malware, YARA rules, DFIR, etc.
Description:
Whenever we want to proactively hunt for malware of interest for threat intelligence purposes, YARA is the swiss-army knife that makes the work of malware researchers and threat intelligence Researchers easier.
We will talk about leveraging the YARA to detect the future version of the malware.
Malware developers work just like legitimate software developers, aiming to reduce the time wasted on repetitive tasks wherever possible. That means they create and reuse code across their malware. This has a pay-off for malware hunters and threat intelligence researchers, we can learn how to create search rules to detect this kind of code reuse, Traditional Yara rules are written on strings, but if we implement code leveraging YARA code reuse rules in addition to the strings rule the rule will last decades. We can leverage that for finding future malware from the same authors using their digital code fingerprints.
Malware developers work just like legitimate software developers, aiming to reduce the time wasted on repetitive tasks wherever possible. That means they create and reuse code across their malware. This has a pay-off for malware hunters and threat intelligence researchers, we can learn how to create search rules to detect this kind of code reuse, Traditional Yara rules are written on strings, but if we implement code leveraging YARA code reuse rules in addition to the strings rule the rule will last decades.
Return to Index - Add to
- ics Calendar file
DC - Friday - 13:00-13:45 PDT
Title: You’re <strike>Muted</strike>Rooted
When: Friday, Aug 12, 13:00 - 13:45 PDT
Where: Caesars Forum - Alliance 301-309, 321 (Track 4) - Map
SpeakerBio:Patrick Wardle
, Founder, Objective-See Foundation
Patrick Wardle is the creator of the non-profit Objective-See Foundation, author of the “The Art of Mac Malware” book series, and founder of the “Objective by the Sea” macOS Security conference.
Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.
Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing free open-source security tools to protect Mac users.
Twitter: @patrickwardle
Description:
With a recent market cap of over $100 billion and the genericization of its name, the popularity of Zoom is undeniable. But what about its security? This imperative question is often quite personal, as who amongst us isn't jumping on weekly (daily?) Zoom calls?
In this talk, we’ll explore Zoom’s macOS application to uncover several critical security flaws. Flaws, that provided a local unprivileged attacker a direct and reliable path to root.
The first flaw, presents itself subtly in a core cryptographic validation routine, while the second is due to a nuanced trust issue between Zoom’s client and its privileged helper component.
After detailing both root cause analysis and full exploitation of these flaws, we’ll end the talk by showing how such issues could be avoided …both by Zoom, but also in other macOS applications.
Return to Index - Add to
- ics Calendar file
HRV - Friday - 11:30-12:30 PDT
Title: Your Amateur Radio License and You
When: Friday, Aug 12, 11:30 - 12:30 PDT
Where: Flamingo - Virginia City II (Ham Radio Village Activities) - Map
SpeakerBio:Justin/InkRF
Justin (AKA "InkRF") is studying electrical engineering and is an amateur extra class ham radio operator. Since entering the hobby in 2020, he has been involved with many amateur radio organizations around the country and world, including serving on the board of the Ham Radio Village and on the HRV conference committee. While Justin enjoys operating a pileup, his main mission in the hobby is getting others to learn more about, and join the endless world that is amateur radio.
Twitter: @InkRF
https://inkrf.net/
Description:
Once you acquire an amateur radio license (otherwise known as ham radio), many are left to wonder what to do next. This presentation will cover some of the basic/fundamental topics to know once you get your amateur radio license and how to use it. Hopefully after you leave this presentation your may overcome that “mic fright” many hams get once they get their license, and their hands on a radio.
Return to Index - Add to
- ics Calendar file
PT - Tuesday - 09:00-16:59 PDT
Title: Zero 2 Emulated Criminal: Intro to Windows Malware Dev
When: Tuesday, Aug 16, 09:00 - 16:59 PDT
Where: Caesars Forum - Map
SpeakerBio:Dahvid Schloss
Dahvid is the Offensive Security Lead at Echelon Risk + Cyber. As an experienced professional with over 12 years of cyber-attack and defense experience, Dahvid has previously worked as a Red Team Operator with a Big 4 consulting firm leading and conducting Adversarial Emulation exercises. He also served in the military, leading, conducting, and advising on special operations offensive cyber operations. He has a wide background in cyber security including logical, social, and physical exploitation as well as leading malware development enabling c2 execution while evading endpoint detection solutions.
Description:
Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/dahvid-schloss-zero-2-emulated-criminal-intro-to-windows-malware-dev-1
Training description:
Step up your emulated criminal game with a practical, hands-on introduction to malware development. Join a prior US Special Operations Cyber Operator to learn the building blocks and techniques used in real-world malware variants.
You don’t need fancy, expensive tools to get a C2 implant executed while evading antivirus. You need basic knowledge, ingenuity, and elbow grease.
In this course, we don’t cut corners. You will learn by doing, not by copying and pasting with modules and labs that will give you the ability to deviate and improvise on your very first malware variants in C++, even if you have no prior C++ experience.
Where this course differs from others is its reduced need for prior knowledge, and enhanced emphasis on hands-on learning.
By the end of the course, you will understand and be able to implement:
- Techniques to use the native Win32 API for adversarial tactics, enhancing stealth and offensive efficiency
- Maintaining data/shellcode integrity while using multiple ciphers for obfuscation and encryption
- Modular antivirus evasion techniques that will remain useful through your pen testing career
Return to Index - Add to
- ics Calendar file
PT - Monday - 09:00-16:59 PDT
Title: Zero 2 Emulated Criminal: Intro to Windows Malware Dev
When: Monday, Aug 15, 09:00 - 16:59 PDT
Where: Caesars Forum - Map
SpeakerBio:Dahvid Schloss
Dahvid is the Offensive Security Lead at Echelon Risk + Cyber. As an experienced professional with over 12 years of cyber-attack and defense experience, Dahvid has previously worked as a Red Team Operator with a Big 4 consulting firm leading and conducting Adversarial Emulation exercises. He also served in the military, leading, conducting, and advising on special operations offensive cyber operations. He has a wide background in cyber security including logical, social, and physical exploitation as well as leading malware development enabling c2 execution while evading endpoint detection solutions.
Description:
Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/dahvid-schloss-zero-2-emulated-criminal-intro-to-windows-malware-dev-1
Training description:
Step up your emulated criminal game with a practical, hands-on introduction to malware development. Join a prior US Special Operations Cyber Operator to learn the building blocks and techniques used in real-world malware variants.
You don’t need fancy, expensive tools to get a C2 implant executed while evading antivirus. You need basic knowledge, ingenuity, and elbow grease.
In this course, we don’t cut corners. You will learn by doing, not by copying and pasting with modules and labs that will give you the ability to deviate and improvise on your very first malware variants in C++, even if you have no prior C++ experience.
Where this course differs from others is its reduced need for prior knowledge, and enhanced emphasis on hands-on learning.
By the end of the course, you will understand and be able to implement:
- Techniques to use the native Win32 API for adversarial tactics, enhancing stealth and offensive efficiency
- Maintaining data/shellcode integrity while using multiple ciphers for obfuscation and encryption
- Modular antivirus evasion techniques that will remain useful through your pen testing career
Return to Index - Add to
- ics Calendar file
DL - Friday - 10:00-11:55 PDT
Title: Zuthaka: A Command & Controls (C2s) integration framework
When: Friday, Aug 12, 10:00 - 11:55 PDT
Where: Caesars Forum - Society Boardroom (Demo Labs) - Map
Speakers:Lucas Bonastre,Alberto Herrera
SpeakerBio:Lucas Bonastre
Lucas started his career studying Mathematics at the University of Buenos Aires, however when his uncle gave him a C++ book, he realized his true passion for programming and his outstanding ability for problem-solving. He worked across cybersecurity and technology firms and is a vetted developer in many languages such as C/C++, Python, Java, and PHP. Now he is a full time developer and security researcher at Pucara Information Security. In his spare time, he is an expert chess player, and he is studying Computer Vision to analyze foosball strategies.
SpeakerBio:Alberto Herrera
Alberto began his journey in cybersecurity in a consulting firm, where he worked with one of the biggest telecommunication companies of the region. He continued as an advisor on the National Cyber-Defence Initiative for the Argentina Armed Forces where he worked on many high-level government programs which required elevated security clearance. He also worked for Immunity, a prominent offensive security firm that serves the financial sector, and large enterprises, where he performed cybersecurity assessments for Forbes 100 companies. In his spare time, he is a retro gaming evangelist, where he applies his hardware-hacking and low-level programming skills on different architectures.
Description:
The current C2s ecosystem has rapidly grown in order to adapt to modern red team operations and diverse needs (further information on C2 selection can be found here). This comes with a lot of overhead work for Offensive Security professionals everywhere. Creating a C2 is already a demanding task, and most C2s available lack an intuitive and easy to use web interface. Most Red Teams must independently administer and understand each C2 in their infrastructure. Zuthaka presents a simplified API for fast and clear integration of C2s and provides a centralized management for multiple C2 instances through a unified interface for Red Team operations. A collaborative free open-source Command & Control development framework that allows developers to concentrate on the core function and goal of their C2. Zuthaka is more than just a collection of C2s, it is also a solid foundation that can be built upon and easily customized to meet the needs of the exercise that needs to be accomplished. This integration framework for C2 allows developers to concentrate on a unique target environment and not have to reinvent the wheel. After we first presented Zuthakas' MVP at Black hat USA 2021 and DEFCON demo labs, we are now presenting the first release with updated post-exploitation modules to support text based modules, as well as file based ones. With a lab populated of commonly used C2s and its out-of-the-box integrations.
Audience: Red team operators, wishing a centralized place to handle all C2s instances. C2 developers, wishing to save the effort of writing the Frontend. Hackers, wishing a strong infrastructure to run C2s.
Return to Index - Add to
- ics Calendar file