Talk/Event Schedule


Thursday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Thursday - 06:00 PDT


Return to Index  -  Locations Legend
MISC - Defcon.run -

 

Thursday - 07:00 PDT


Return to Index  -  Locations Legend
DC - Human Registration Open -
DC - Merch (formerly swag) Area Open -- README -
MISC - cont...(06:00-11:59 PDT) - Defcon.run -

 

Thursday - 08:00 PDT


Return to Index  -  Locations Legend
CON - Hac-Man -
DC - cont...(07:00-18:59 PDT) - Human Registration Open -
DC - cont...(07:00-17:59 PDT) - Merch (formerly swag) Area Open -- README -
MISC - cont...(06:00-11:59 PDT) - Defcon.run -

 

Thursday - 09:00 PDT


Return to Index  -  Locations Legend
CON - cont...(08:00-11:59 PDT) - Hac-Man -
DC - cont...(07:00-18:59 PDT) - Human Registration Open -
DC - Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA) -
DC - cont...(07:00-17:59 PDT) - Merch (formerly swag) Area Open -- README -
HRV - Ham In A Day Class - Dan KB6NU
MISC - cont...(06:00-11:59 PDT) - Defcon.run -
WS - Protecting the AWS ecosystem - Misconfigurations, IAM, and Monitoring (Pre-Registration Required) - Rodrigo Montoro
WS - Applied Emulation - A Practical Approach to Emulating Malware (Pre-Registration Required) - Sean Wilson,Sergei Frankoff
WS - Hacking The Metal: An Intro to ARM Assembly Language Programming (Pre-Registration Required) - Eigentourist
WS - Pentesting Inductiral Control Systems: OCP-U-HACK (Pre-Registration Required) - Alexandrine Torrents,Arnaud Soullié
WS - Introduction to Cryptographic Attacks (Pre-Registration Required) - Matt Cheung

 

Thursday - 10:00 PDT


Return to Index  -  Locations Legend
CON - cont...(08:00-11:59 PDT) - Hac-Man -
DC - cont...(07:00-18:59 PDT) - Human Registration Open -
DC - Boston Infinite Money Glitch: Hacking Transit Cards Without Ending Up In Handcuffs - Matthew Harris,Noah Gibson,Scott Campbell,Zachary Bertocchi
DC - cont...(07:00-17:59 PDT) - Merch (formerly swag) Area Open -- README -
HRV - cont...(09:00-17:59 PDT) - Ham In A Day Class - Dan KB6NU
MISC - cont...(06:00-11:59 PDT) - Defcon.run -
MISC - CMD+CTRL at DEF CON 31 - Free Play -
SOC - Hack the Box Hack-a-thon -
SOC - Hack the Box Hack-a-thon -
WS - cont...(09:00-12:59 PDT) - Protecting the AWS ecosystem - Misconfigurations, IAM, and Monitoring (Pre-Registration Required) - Rodrigo Montoro
WS - cont...(09:00-12:59 PDT) - Applied Emulation - A Practical Approach to Emulating Malware (Pre-Registration Required) - Sean Wilson,Sergei Frankoff
WS - cont...(09:00-12:59 PDT) - Hacking The Metal: An Intro to ARM Assembly Language Programming (Pre-Registration Required) - Eigentourist
WS - cont...(09:00-12:59 PDT) - Pentesting Inductiral Control Systems: OCP-U-HACK (Pre-Registration Required) - Alexandrine Torrents,Arnaud Soullié
WS - cont...(09:00-12:59 PDT) - Introduction to Cryptographic Attacks (Pre-Registration Required) - Matt Cheung

 

Thursday - 11:00 PDT


Return to Index  -  Locations Legend
CON - cont...(08:00-11:59 PDT) - Hac-Man -
DC - cont...(07:00-18:59 PDT) - Human Registration Open -
DC - UNConventional Cybercrime: How a Bad Anti-Hacking Treaty is Becoming a Law - Bill Budington,Katitza Rodriguez
DC - (11:30-12:15 PDT) - Cracking Cicada 3301: The Future of Collaborative Puzzle-Solving - Artorias,Puck,Taiiwo,TheClockworkBird
DC - cont...(07:00-17:59 PDT) - Merch (formerly swag) Area Open -- README -
HRV - cont...(09:00-17:59 PDT) - Ham In A Day Class - Dan KB6NU
MISC - cont...(06:00-11:59 PDT) - Defcon.run -
MISC - cont...(10:00-11:59 PDT) - CMD+CTRL at DEF CON 31 - Free Play -
SOC - cont...(10:00-17:59 PDT) - Hack the Box Hack-a-thon -
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -
WS - cont...(09:00-12:59 PDT) - Protecting the AWS ecosystem - Misconfigurations, IAM, and Monitoring (Pre-Registration Required) - Rodrigo Montoro
WS - cont...(09:00-12:59 PDT) - Applied Emulation - A Practical Approach to Emulating Malware (Pre-Registration Required) - Sean Wilson,Sergei Frankoff
WS - cont...(09:00-12:59 PDT) - Hacking The Metal: An Intro to ARM Assembly Language Programming (Pre-Registration Required) - Eigentourist
WS - cont...(09:00-12:59 PDT) - Pentesting Inductiral Control Systems: OCP-U-HACK (Pre-Registration Required) - Alexandrine Torrents,Arnaud Soullié
WS - cont...(09:00-12:59 PDT) - Introduction to Cryptographic Attacks (Pre-Registration Required) - Matt Cheung

 

Thursday - 12:00 PDT


Return to Index  -  Locations Legend
DC - cont...(07:00-18:59 PDT) - Human Registration Open -
DC - cont...(11:30-12:15 PDT) - Cracking Cicada 3301: The Future of Collaborative Puzzle-Solving - Artorias,Puck,Taiiwo,TheClockworkBird
DC - (12:30-13:15 PDT) - New Isn’t Always Novel: Grep’ing Your Way to $20K at Pwn2Own, and How You Can Too - James Horseman,Zach Hanley
DC - cont...(07:00-17:59 PDT) - Merch (formerly swag) Area Open -- README -
HRV - cont...(09:00-17:59 PDT) - Ham In A Day Class - Dan KB6NU
SOC - cont...(10:00-17:59 PDT) - Hack the Box Hack-a-thon -
SOC - Friends of Bill W -
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -
WS - cont...(09:00-12:59 PDT) - Protecting the AWS ecosystem - Misconfigurations, IAM, and Monitoring (Pre-Registration Required) - Rodrigo Montoro
WS - cont...(09:00-12:59 PDT) - Applied Emulation - A Practical Approach to Emulating Malware (Pre-Registration Required) - Sean Wilson,Sergei Frankoff
WS - cont...(09:00-12:59 PDT) - Hacking The Metal: An Intro to ARM Assembly Language Programming (Pre-Registration Required) - Eigentourist
WS - cont...(09:00-12:59 PDT) - Pentesting Inductiral Control Systems: OCP-U-HACK (Pre-Registration Required) - Alexandrine Torrents,Arnaud Soullié
WS - cont...(09:00-12:59 PDT) - Introduction to Cryptographic Attacks (Pre-Registration Required) - Matt Cheung

 

Thursday - 13:00 PDT


Return to Index  -  Locations Legend
DC - cont...(07:00-18:59 PDT) - Human Registration Open -
DC - cont...(12:30-13:15 PDT) - New Isn’t Always Novel: Grep’ing Your Way to $20K at Pwn2Own, and How You Can Too - James Horseman,Zach Hanley
DC - (13:30-14:15 PDT) - Damned if you do - The risks of pointing out the emperor is buck naked - RenderMan,Thomas Dang
DC - cont...(07:00-17:59 PDT) - Merch (formerly swag) Area Open -- README -
HRV - cont...(09:00-17:59 PDT) - Ham In A Day Class - Dan KB6NU
SOC - cont...(10:00-17:59 PDT) - Hack the Box Hack-a-thon -
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -

 

Thursday - 14:00 PDT


Return to Index  -  Locations Legend
DC - cont...(07:00-18:59 PDT) - Human Registration Open -
DC - cont...(13:30-14:15 PDT) - Damned if you do - The risks of pointing out the emperor is buck naked - RenderMan,Thomas Dang
DC - (14:30-15:15 PDT) - Designing RFID Implants - How flipping the bird opens doors for me - Miana Ella Windall
DC - cont...(07:00-17:59 PDT) - Merch (formerly swag) Area Open -- README -
HRV - cont...(09:00-17:59 PDT) - Ham In A Day Class - Dan KB6NU
SOC - DEF CON Kids Meetup -
SOC - cont...(10:00-17:59 PDT) - Hack the Box Hack-a-thon -
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -
WS - DotNet Malware Analysis Masterclass (Pre-Registration Required) - Max 'Libra' Kersten
WS - These Port Scans are Trash: Improving Nmap by Writing New Scripts and Libraries (Pre-Registration Required) - Philip Young "Soldier of FORTRAN"
WS - Analysis 101 for Incident Responders (Pre-Registration Required) - Kristy Westphal
WS - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here (Pre-Registration Required) - Daniel Costantini,James Hawk,Lander Beyer
WS - Flipping the Coin: Red and Blue Teaming in Windows Environments (Pre-Registration Required) - Angus "0x10f2c_" Strom,Troy Defty

 

Thursday - 15:00 PDT


Return to Index  -  Locations Legend
DC - cont...(07:00-18:59 PDT) - Human Registration Open -
DC - cont...(14:30-15:15 PDT) - Designing RFID Implants - How flipping the bird opens doors for me - Miana Ella Windall
DC - (15:30-16:15 PDT) - Nuthin But A G Thang: Evolution of Cellular Networks - Tracy Mosley
DC - cont...(07:00-17:59 PDT) - Merch (formerly swag) Area Open -- README -
HRV - cont...(09:00-17:59 PDT) - Ham In A Day Class - Dan KB6NU
MISC - Toxic BBQ -
SOC - cont...(14:00-15:59 PDT) - DEF CON Kids Meetup -
SOC - cont...(10:00-17:59 PDT) - Hack the Box Hack-a-thon -
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -
WS - cont...(14:00-17:59 PDT) - DotNet Malware Analysis Masterclass (Pre-Registration Required) - Max 'Libra' Kersten
WS - cont...(14:00-17:59 PDT) - These Port Scans are Trash: Improving Nmap by Writing New Scripts and Libraries (Pre-Registration Required) - Philip Young "Soldier of FORTRAN"
WS - cont...(14:00-17:59 PDT) - Analysis 101 for Incident Responders (Pre-Registration Required) - Kristy Westphal
WS - cont...(14:00-17:59 PDT) - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here (Pre-Registration Required) - Daniel Costantini,James Hawk,Lander Beyer
WS - cont...(14:00-17:59 PDT) - Flipping the Coin: Red and Blue Teaming in Windows Environments (Pre-Registration Required) - Angus "0x10f2c_" Strom,Troy Defty

 

Thursday - 16:00 PDT


Return to Index  -  Locations Legend
DC - cont...(07:00-18:59 PDT) - Human Registration Open -
DC - cont...(15:30-16:15 PDT) - Nuthin But A G Thang: Evolution of Cellular Networks - Tracy Mosley
DC - (16:30-16:50 PDT) - Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Leading Crypto Wallets - Nikolaos Makriyannis,Oren Yomtov
DC - cont...(07:00-17:59 PDT) - Merch (formerly swag) Area Open -- README -
HRV - cont...(09:00-17:59 PDT) - Ham In A Day Class - Dan KB6NU
MISC - DDV open and accepting drives for duplication -
MISC - cont...(15:00-20:59 PDT) - Toxic BBQ -
SOC - Queercon Mixers -
SOC - cont...(10:00-17:59 PDT) - Hack the Box Hack-a-thon -
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -
WS - cont...(14:00-17:59 PDT) - DotNet Malware Analysis Masterclass (Pre-Registration Required) - Max 'Libra' Kersten
WS - cont...(14:00-17:59 PDT) - These Port Scans are Trash: Improving Nmap by Writing New Scripts and Libraries (Pre-Registration Required) - Philip Young "Soldier of FORTRAN"
WS - cont...(14:00-17:59 PDT) - Analysis 101 for Incident Responders (Pre-Registration Required) - Kristy Westphal
WS - cont...(14:00-17:59 PDT) - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here (Pre-Registration Required) - Daniel Costantini,James Hawk,Lander Beyer
WS - cont...(14:00-17:59 PDT) - Flipping the Coin: Red and Blue Teaming in Windows Environments (Pre-Registration Required) - Angus "0x10f2c_" Strom,Troy Defty

 

Thursday - 17:00 PDT


Return to Index  -  Locations Legend
DC - cont...(07:00-18:59 PDT) - Human Registration Open -
DC - (17:30-18:45 PDT) - DEF CON 101 - Welcome to DEF CON Panel - Jeff "The Dark Tangent" Moss,fivepenny,Kirsten Renner,Magen,Nikita Kronenberg,deelo
DC - cont...(07:00-17:59 PDT) - Merch (formerly swag) Area Open -- README -
HRV - cont...(09:00-17:59 PDT) - Ham In A Day Class - Dan KB6NU
MISC - cont...(16:00-18:59 PDT) - DDV open and accepting drives for duplication -
MISC - cont...(15:00-20:59 PDT) - Toxic BBQ -
SOC - cont...(16:00-17:59 PDT) - Queercon Mixers -
SOC - cont...(10:00-17:59 PDT) - Hack the Box Hack-a-thon -
SOC - Friends of Bill W -
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -
WS - cont...(14:00-17:59 PDT) - DotNet Malware Analysis Masterclass (Pre-Registration Required) - Max 'Libra' Kersten
WS - cont...(14:00-17:59 PDT) - These Port Scans are Trash: Improving Nmap by Writing New Scripts and Libraries (Pre-Registration Required) - Philip Young "Soldier of FORTRAN"
WS - cont...(14:00-17:59 PDT) - Analysis 101 for Incident Responders (Pre-Registration Required) - Kristy Westphal
WS - cont...(14:00-17:59 PDT) - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here (Pre-Registration Required) - Daniel Costantini,James Hawk,Lander Beyer
WS - cont...(14:00-17:59 PDT) - Flipping the Coin: Red and Blue Teaming in Windows Environments (Pre-Registration Required) - Angus "0x10f2c_" Strom,Troy Defty

 

Thursday - 18:00 PDT


Return to Index  -  Locations Legend
DC - cont...(07:00-18:59 PDT) - Human Registration Open -
DC - cont...(17:30-18:45 PDT) - DEF CON 101 - Welcome to DEF CON Panel - Jeff "The Dark Tangent" Moss,fivepenny,Kirsten Renner,Magen,Nikita Kronenberg,deelo
MISC - cont...(16:00-18:59 PDT) - DDV open and accepting drives for duplication -
MISC - cont...(15:00-20:59 PDT) - Toxic BBQ -
MUS - Music Set / Entertainment (Thursday, SYN Stage) - Bolonium,Deepblue,Dries,Dual Core,NPC Collective,Nina Lowe,PankleDank,The Icarus Kid
MUS - Music Set / Entertainment (Thursday, ACK Stage) - Alexi Husky,DJ Scythe,Delchi,Grind613,Syntax,Talk Sinn,YTCracker,c0debreaker,mattrix
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -

 

Thursday - 19:00 PDT


Return to Index  -  Locations Legend
MISC - cont...(15:00-20:59 PDT) - Toxic BBQ -
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -

 

Thursday - 20:00 PDT


Return to Index  -  Locations Legend
MISC - cont...(15:00-20:59 PDT) - Toxic BBQ -
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -

 

Thursday - 21:00 PDT


Return to Index  -  Locations Legend
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -

 

Thursday - 22:00 PDT


Return to Index  -  Locations Legend
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -

 

Thursday - 23:00 PDT


Return to Index  -  Locations Legend
SOC - cont...(10:00-23:59 PDT) - Hack the Box Hack-a-thon -

Talk/Event Descriptions


 

WS - Thursday - 14:00-17:59 PDT


Title: Analysis 101 for Incident Responders (Pre-Registration Required)
When: Thursday, Aug 10, 14:00 - 17:59 PDT
Where: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map

SpeakerBio:Kristy Westphal
Kristy Westphal is a versatile information technology professional with specific experience in providing advisory and management services in the area of information security and risk is currently employed as the Vice President, Security Operations at a financial services company. Specializing in leadership and program development, specific expertise in security areas includes: process analysis, risk assessments, security awareness programs, operating system security, network security, incident handling, vulnerability analysis and policy development.

Description:
You have a theory about something you have found while roaming the network or conducting your own hackfest, but how do you go about proving it? This workshop will be a hands-on journey deep into the world of analysis. While analysis is a bit of an art form, there are methods that can be applied to make it less of a gut feeling and more of a scientific approach to support your hypothesis. From network forensics to log analysis to endpoint forensics and cloud log analysis, we will review numerous quick methods (including some analysis wizardry with R) to gain context over the data you have gathered and apply critical thinking in an attempt to find the answers. Sometimes, the answers weren’t meant to be found, but we’ll also discuss how to make the best of any conclusion that you reach.

Skill Level: Beginner to Intermediate

Prerequisites for students:
- A curiosity for security!

Materials or Equipment students will need to bring to participate: - Will need a laptop with Wireshark and R installed.


Return to Index    -    Add to    -    ics Calendar file

 

WS - Thursday - 09:00-12:59 PDT


Title: Applied Emulation - A Practical Approach to Emulating Malware (Pre-Registration Required)
When: Thursday, Aug 10, 09:00 - 12:59 PDT
Where: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
Speakers:Sean Wilson,Sergei Frankoff

SpeakerBio:Sean Wilson , Co-Founder at OpenAnalysis Inc
Sean, a co-founder of OpenAnalysis Inc., splits his time between reverse engineering, tracking malware and building automated malware analysis systems. Sean brings over a decade of experience working in a number of incident response, malware analysis and reverse engineering roles.

SpeakerBio:Sergei Frankoff , Co-founder at OpenAnalysis Inc
Sergei is a co-founder of OpenAnalysis Inc. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.

Description:
Binary emulation is now a must-have tool for malware analysts. With a few lines of Python you can unpack binaries, skip analysis of complex algorithms, and automatically extract the configuration data from malware! It’s not too good to be true, but there is a little preparation work involved…

In this workshop you will set up your own emulation environment (using Python) and work through a series of common malware analysis tasks such as unpacking, and malware configuration extraction. The workshop starts simple using Unicorn to emulate x86 shellcode, and builds to a final project where syscall hooking is used with Dumpulator to automatically extract C2s from malware.

This workshop is aimed at malware analysts and reverse engineers who are interested in learning more about emulation and how it can be used to automate some reverse engineering workflows. Students must be able to write basic Python scripts, and have a working knowledge of the Windows OS. Familiarity with Windows malware, assembly, and debugging are strongly recommended. If you have opened malware in a debugger before you will feel right at home here.

You will be provided with detailed virtual machine setup instructions prior to the workshop. Please make sure to bring a laptop that meets the following requirements.

Skill Level: Intermediate

Prerequisites for students:
- Students must be able to write basic Python scripts and have a basic understanding of the Windows operating system. - Familiarity with a Windows malware, debugging, and assembly would also be a significant benefit.

Materials or Equipment students will need to bring to participate: - Students must bring a laptop capable of running a Windows virtual machine with the following configuration. Time will be given to troubleshoot lab setup issues but it is strongly recommended that students have the following setup prior to the workshop.

[Host Setup]
- The laptop must have VirtualBox or VMWare installed and working prior to class. - The laptop must have at least 60GB of disk space free. - The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).

[ VM Install ]
- Download a free Windows 11 VM from Microsoft (https://developer.microsoft.com/en-u...tual-machines/) - You can also use a Windows VM of your choice (Windows 10 is also ok)

[ VM Install for Mac - Apple Silicon Only (M1, M2)] - If you have a new Apple Silicon MacBook you will are limited to running an ARM Windows VM - ARM Windows VMs are suitable for the workshop and you can follow our installation guide on YouTube (https://youtu.be/0eR8yrDLV5M)

[VM Setup]
- Install x64dbg in your VM (https://x64dbg.com/) - Install a free version of IDA in your VM (https://hex-rays.com/ida-free/) - Install a version of Python > 3.8.x in your VM (https://www.python.org/)


Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 10:00-10:45 PDT


Title: Boston Infinite Money Glitch: Hacking Transit Cards Without Ending Up In Handcuffs
When: Thursday, Aug 10, 10:00 - 10:45 PDT
Where: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
Speakers:Matthew Harris,Noah Gibson,Scott Campbell,Zachary Bertocchi

SpeakerBio:Matthew Harris , Student at Medford Vocational Technical High School
A 17 year old and lead hackerman of the group. He likes breaking stuff and doesn’t take kindly to being told what to do. He’s a proud (and maybe annoying) neovim and Linux user, knows how to ride a bike (without training wheels), and is a very opinionated Rustacean despite barely knowing how to use the language.

SpeakerBio:Noah Gibson , Hacker
A soccer fan and web developer. In his free time he enjoys kicking a ball, drawing, and programming.

SpeakerBio:Scott Campbell , Hacker
A heathen who writes things in Bash, holder of a fishing license in the Commonwealth of Massachusetts, and the proud angler of several minnows. Refuses to learn Rust even though it is better than his silly little non memory safe languages in every way.

SpeakerBio:Zachary Bertocchi , Hacker
He holds a learners permit, is a seasoned fare machine maker, and even graduated 11th grade! He has successfully made it to the ripe old age of 17, and is an enthusiastic 3D modeler.

Description:
Who likes paying to ride the subway? Sure, you could hop the fare gates, but that can be athletically challenging and simply isn’t cool enough for our tastes. What’s a mischievous and miserly rider to do, then? Hack the fare system of course!

In this talk we'll walk you through how we, four high school students and cybersecurity noobs became the first to fully reverse engineer Boston’s CharlieCard fare system and earn ourselves free rides for life… or at least until the system gets fixed, whichever comes first.

We’ll start by exploring the trials and tribulations of exploring the hardware behind the CharlieCards. Next, we’ll dive into the emotional rollercoaster of reverse engineering the black box that is a transit card system older than us. We’ll then explain the process of disclosing our findings to a government agency without having to hire a legal team. Finally, we’ll show you a demo of some of the tools we made, including our own portable fare machine!

By the end of our talk, regardless of whether you’re an avid RFID hackerman, or a complete noob, we’ll leave you with useful reverse engineering strategies, tips for working with a government agency, and if nothing else, a fun story.

REFERENCES

Andersen, Zack. Anatomy of a Subway Hack. 10 August 2008, https://file.wikileaks.org/file/anatomy-of-a-subway-hack.pdf.

Bray, Hiawatha. “Your CharlieCard can be hacked by an Android phone, MBTA admits.” The Boston Globe, 8 December 2022, https://www.bostonglobe.com/2022/12/08/business/your-charliecard-can-be-hacked-by-an-android-phone-mbta-admits/?p1=HP_Feed_AuthorQuery. Accessed 18 April 2023.

“CharlieCard.” Wikipedia, https://en.wikipedia.org/wiki/CharlieCard. Accessed 18 April 2023.

Courtois, Nicolas. “Hacking Mifare Classic Cards.” Black Hat, 21 October 2014, https://www.blackhat.com/docs/sp-14/materials/arsenal/sp-14-Almeida-Hacking-MIFARE-Classic-Cards-Slides.pdf. Accessed 18 April 2023.

iceman001. “RfidResearchGroup/proxmark3: The Iceman fork of Proxmark3 / RFID / NFC reader, writer, sniffer and emulator.” GitHub, https://github.com/RfidResearchGroup/proxmark3. Accessed 23 April 2023.

“nfc-tools/mfcuk: MiFare Classic Universal toolKit (MFCUK).” GitHub, https://github.com/nfc-tools/mfcuk. Accessed 23 April 2023.

“nfc-tools/mfoc: Mifare Classic Offline Cracker.” GitHub, https://github.com/nfc-tools/mfoc. Accessed 23 April 2023.

Rauch, Bobby. “Operation Charlie: Hacking the MBTA CharlieCard from 2008 to Present.” Medium, 8 December 2022, https://medium.com/@bobbyrsec/operation-charlie-hacking-the-mbta-charliecard-from-2008-to-present-24ea9f0aaa38. Accessed 18 April 2023.


Return to Index    -    Add to    -    ics Calendar file

 

MISC - Thursday - 10:00-11:59 PDT


Title: CMD+CTRL at DEF CON 31 - Free Play
When: Thursday, Aug 10, 10:00 - 11:59 PDT
Where: Virtual

Description:
CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.

Learn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.

At DEF CON 31: We will be debuting our latest Cyber Range, which focuses on exploiting a modern health record management system, dubbed ShadowHealth. Inspired by the latest trends and real world exploits, try your hands exploiting: SSRF, Log4Shell, reverse engineering, local privilege escalation, password cracking, XXS, and so much more! With over 35 challenges do you think you can complete them all?


CMD+CTRL will have two different games happening: free play, and the competition. Both require a code to join, and the best way to get a code is to go to the CMD+CTRL booth in the contest area. Codes to join free play will be given in Discord, on Thursday. Once you have a code, you can play online, from anywhere -- you do not have to be in the contest area.

For free play specifically:

We will utilize our contest channel on Discord: [ce-cmd-ctrl-cyberrange-text](https://discord.com/channels/708208267699945503/711643642388807800) CMD+CTRL Cyber Range Free Play, Thur 10:00 AM PT - Sun 12:00 PM PT

We will broadcast sign up instructions within this channel once Free Play beings.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 11:30-12:15 PDT


Title: Cracking Cicada 3301: The Future of Collaborative Puzzle-Solving
When: Thursday, Aug 10, 11:30 - 12:15 PDT
Where: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
Speakers:Artorias,Puck,Taiiwo,TheClockworkBird

SpeakerBio:Artorias
Artorias is the creator of CicadaSolvers.com, co-host of the CicadaCast podcast, and moderator of r/cicada and the CicadaSolvers discord. Well-versed in the complex history of the Cicada 3301 puzzles, he labors both to document the mystery of Cicada 3301, and to unravel the labyrinth of its interconnected topics.

SpeakerBio:Puck
Puck is a 19-year-old rising junior computer science major and Cicada 3301 puzzle enthusiast. He has been involved in the community for four years, finding inspiration to pursue cryptography and cybersecurity. Puck has focused his work on promoting community solving efforts, mainly in the form of innovative events.

SpeakerBio:Taiiwo
Taiiwo, a CicadaSolvers founding member, with a background in software development, sees the community's work as an example for the future of problem-solving. With a pragmatic, and sceptical approach to the puzzle, he aims to preserve the community so that it can continue to impact the lives of others as immensely as it did for him.

SpeakerBio:TheClockworkBird
TheClockworkBird With a background in anthropology and teaching, TheClockworkBird creates collaborative spaces where people of all skill levels and interests can engage with the puzzle. He has gained a multifaceted understanding of Cicada’s impact on the individual, and the impacts of collaborative puzzle solving on the growth of privacy awareness.

Description:
This talk will explore the ongoing efforts of the CicadaSolvers community to solve Cicada3301’s Liber Primus, a book of elder futhark runes and codes that has challenged cryptographers and puzzle-solvers since 2014. Using our experiences as leaders within the community, we will delve into the cultural significance of the puzzle and discuss the various strategies and techniques employed by members to crack its code, and the story of their struggle to maintain motivation through 9 years of solving one of the most difficult puzzles ever released. Attendees will gain insights into the future of collaborative puzzle-solving and the challenges that the Liber Primus presents for the future of cryptography. This presentation is suitable for anyone interested in cryptography, puzzle-solving, internet mysteries, and the persistence of collaborative communities. No prior technical knowledge or tools are required.
REFERENCES
- CicadaSolvers Discord server: https://discord.gg/cicadasolvers-572330844056715284 - CicadaSolvers Wiki: https://uncovering-cicada.fandom.com/wiki/Uncovering_Cicada_Wiki - Previous DEF CON talk from CicadaSolvers member Nox Populi: https://www.youtube.com/watch?v=sVU4k2gRe_Y - Article written as a result of our TOR search in 2016: https://arstechnica.com/information-technology/2016/07/malicious-computers-caught-snooping-on-tor-anonymized-dark-web-sites/

Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 13:30-14:15 PDT


Title: Damned if you do - The risks of pointing out the emperor is buck naked
When: Thursday, Aug 10, 13:30 - 14:15 PDT
Where: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
Speakers:RenderMan,Thomas Dang

SpeakerBio:RenderMan , His Holiness, Pope of the Church of Wifi
The man in the black hat with a monkey on his belt and a suitcase of sex toys. Pope of the Church of Wifi. Don of Dongs at the Internet of Dongs project. Hacking random things for 25+ years. Usually referred to as “oh, that guy” around Defcon.

SpeakerBio:Thomas Dang , Cybersecurity Architect at Yukon Territorial Government
Thomas Dang was (until May 2023) a politician in the Alberta Legislature. The youngest MLA ever elected, he was pursuing a Computing Science degree before his first term. As an MLA, he served various roles including Deputy House Leader and on various legislative committees. While elected, he continued following his passion in Cybersecurity including certifications along with his university education. In an attempt to recover from politics, he’s spending his time hanging out at DEF CON and has a day job as the Cybersecurity Architect for the Yukon Territorial Government.
Twitter: @@thomasdangab

Description:
Post 9/11, the phrase “If you see something, say something” became ubiquitous. If you saw something of concern, better to report something that was nothing than let something bad happen. Problem is, no one let the authorities know that they should apply this to the online realm too. Threats of arrest and criminal investigations have the opposite effect and chill anyone from wanting to report security vulnerabilities that affect everyone.

Lack of clear reporting paths, misunderstandings, jurisdiction issues, superseding laws, and good old fashioned egos can make trying to do the right thing turn into a nightmare that can cost livelihoods, reputation, criminal charges and even worse, particularly when government systems are involved.

This talk will cover the presenters personal experiences with poorly written or a lack of vulnerability disclosure policies with their governments and what it cost them in trying to make things better. The presentation will then move to a discussion about what should be done and what is being done to make sure that reporting a vulnerability doesn’t cost you everything. Anyone who is responsible for writing such disclosure policies or legislation will benefit, but so will any hackers that want to make it safer to report issues they find by advocating for changes.

REFERENCES
- No references cited formally. Law excerpts will be noted in slides where relevant.

Return to Index    -    Add to    -    ics Calendar file

 

MISC - Thursday - 16:00-18:59 PDT


Title: DDV open and accepting drives for duplication
When: Thursday, Aug 10, 16:00 - 18:59 PDT
Where: Caesars Forum - Summit - 231 - Data Dupe Vlg - Map

Description:
We start taking drives at 4:00pm local time on Thursday - possibly a little earlier. We reopen at 10:00am on Friday, Saturday, and Sunday.

We'll keep accepting drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.

Most of the drive information can be found [here](https://dcddv.org/dc31-drive-info). If you have questions that have not yet been answered, you can email [info@dcddv.org](mailto:info@dcddv.org), or visit the [DEF CON Forums](https://forum.defcon.org/node/244903).


Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 17:30-18:45 PDT


Title: DEF CON 101 - Welcome to DEF CON Panel
When: Thursday, Aug 10, 17:30 - 18:45 PDT
Where: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
Speakers:Jeff "The Dark Tangent" Moss,fivepenny,Kirsten Renner,Magen,Nikita Kronenberg,deelo

SpeakerBio:Jeff "The Dark Tangent" Moss , DEF CON Communications
Mr. Moss is an internet security expert and is the founder of Both the Black Hat Briefings and DEF CON Hacking conferences. In 2022 Mr. Moss was named to the UK Government Cybersecurity Advisory Board, and in 2021 he was sworn in as a member of the DHS Cybersecurity Infrastructure Security Agency (CISA) Advisory Council (CSAC), and serves as a chairman of their Technical Advisory Council (TAC). Mr. Moss is a member of the Council on Foreign Relations (CFR) and is interested in policy issues around privacy, national security, and internet governance. He spends a lot of time in Singapore.
Twitter: @thedarktangent

SpeakerBio:fivepenny
Fivepenny is the vendor lead and an avid reader and she's never going to give you up never going to let you down, Never gonna run around and desert you. Never gonna make you cry, Never gonna say goodbye, Never gonna tell a lie and hurt you.

SpeakerBio:Kirsten Renner , Talent Engagement Lead at Accenture Federal
Kirsten is the Talent Engagement Lead at Accenture Federal. She joined AFS through the acquisition of Novetta, after serving there as Director of Recruiting for 6 years. Her career started in IT building and running helpdesks, and she later moved into Technical Recruiting. She is best known in the community for both her role in the Car Hacking Village and her efforts as a speaker and volunteer across multiple events throughout the year. Kirsten offers over 20 years in technology services space and 15 in the hacker community and conference scene.

SpeakerBio:Magen , Urbane Security and CFP/CFW reviewer
Known by many nicknames and handles, Magen (she/her) has been attending DEF CON for over 15 years. She is a member of the CFP and CFW review boards, former lead of DEF CON workshops, a past DEF CON past speaker. Outside of con, she works at Urbane Security and loves coffee, weightlifting, and adding/listening to her vinyl collection.

SpeakerBio:Nikita Kronenberg , Director of Content & Coordination at DEF CON Communications
Nikita works to ensure DEF CON runs as smoothly as one can expect from a hacker convention. In addition to planning a vast array of details prior to DEF CON and thwarting issues while onsite, she is the (soon to be retired) Director of Content for the CFP Review Board. This year will be her 20th anniversary.

Nikita is not on the social mediaz.


SpeakerBio:deelo , Chief of Staff, SOC at DEF CON Conference
deelo, SOC Chief of Staff, is an active member of the SOC team and SOC Leadership. deelo's tenure with the SOC team began at DC19; the first year DefCon was at the Rio Hotel. Her personal motto is: “How can I make your day better?” and deelo brought this attitude with her when she joined the SOC team. After spending one year working on the conference floor, she quickly found herself moving behind the scenes in a slightly more administrative role. At that time, SOC was a team of 75 and deelo’s main goal was to make sure everyone on the team ate “lunch” during their shift. Over the years, the SOC team has grown A LOT and the scope of deelo’s job has changed as the team has gotten bigger. DefCon 31's SOC team consists of 150 Goons, and deelo’s role is so much more than just keeping this team fed while on shift. There is a lot involved with coordinating the comings and goings of 150+ people and it keeps deelo busy for a good chunk of the year, but she wouldn’t have it any other way…deelo loves what she does and she loves her team.

Years of Service: 13 and counting


Description:
DEF CON 101 began as a way to introduce n00bs to DEF CON. The idea was to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). The DEF CON 101 panel has been a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to learn about DEF CON so you can get the best experience possible. Come watch us talk about what we love about DEF CON, give you tips and tricks, and maybe even make some new friends!

Return to Index    -    Add to    -    ics Calendar file

 

SOC - Thursday - 14:00-15:59 PDT


Title: DEF CON Kids Meetup
When: Thursday, Aug 10, 14:00 - 15:59 PDT
Where: Caesars Forum - Forum - 129 - Chillout - Map

Description:
Come meet with other like minded kids and get ready for a weekend of hacking all the things!

Return to Index    -    Add to    -    ics Calendar file

 

MISC - Thursday - 06:00-11:59 PDT


Title: Defcon.run
When: Thursday, Aug 10, 06:00 - 11:59 PDT
Where: Other/See Description

Description:
IF the future is coming and it is! Then you're going to need to run! Get started at defcon.run!

Defcon.run is an evolution of the now long running Defcon 4x5K running event. But now it's bigger and more fun! Due to stupendous growth, we’ve been forced to change up the format. This year's activity will look to match up folks for fun runs, and rucks (!), in smaller distributed groups around Las Vegas. It’s the same old event but at a distributed scale! Show up in the morning to beat the heat, go for a run with folks, have a good time!

We’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances.

You can register to log your distance, we'll have a leader board, and shenanigans! Full Information at https://defcon.run

Interested parties should rally at Harrah's Goldfield at 06:00, but be sure to check [defcon.run](https://defcon.run) for any updates.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 14:30-15:15 PDT


Title: Designing RFID Implants - How flipping the bird opens doors for me
When: Thursday, Aug 10, 14:30 - 15:15 PDT
Where: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map

SpeakerBio:Miana Ella Windall , Hacker
Miana is a lifelong tinkerer who likes breaking things almost as much as she likes building them. She is a bio-hacker and info-sec researcher by night, and a professional software nerd during the day.
Twitter: @@NiamhAstra

Description:
RFID implants are basically RFID credentials that can be installed under your skin. When I discovered there was nothing on the market that worked with my employers badging system I decided that I would just have to make my own. This talk will cover the basics of RFID implants, my journey to design my own implant despite having no electronics experience, and some of the future implications of this technology.

Return to Index    -    Add to    -    ics Calendar file

 

WS - Thursday - 14:00-17:59 PDT


Title: DotNet Malware Analysis Masterclass (Pre-Registration Required)
When: Thursday, Aug 10, 14:00 - 17:59 PDT
Where: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map

SpeakerBio:Max 'Libra' Kersten , Malware Analyst at Trellix
Max Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable for those who are starting. In 2019, Max graduated cum laude with a bachelor's in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a malware analyst at Trellix, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max spoke at international conferences, such as Black Hat Arsenal (USA, EU, MEA, Asia), Botconf, Confidence-Conference, HackYeahPL, and HackFestCA. Additionally, he gave guest lectures and workshops for several universities and private entities.
Twitter: @Libranalysis

Description:
DotNet based malware originally started out as a novelty, but has shown it is here to stay. With DotNet malware being used by APT actors and script kiddies, and anything in-between, it is safe to say that one will encounter it sooner rather than later. This four-hour workshop primarily focuses on the analyst mindset and fundamental knowledge, including topics such as loaders, unpacking, obfuscation, DotNet internals, and (un)managed hooks. In short, one will learn how to analyse DotNet malware, and write automatic unpackers. As such, this class is perfect for aspiring and beginning analysts, while also providing background information and additional techniques for intermediate analysts.

The workshop’s materials will partially consist of actual malware samples, the precautions for which will be explained in-detail during the workshop, ensuring the safety and integrity of the systems of the attendees. A laptop with a preinstalled VM based Windows 10 trial, along with the community edition of Visual Studio (2019 or later) and the DotNet Framework runtime for version 3.5 and later. Other tools, such as dnSpyEx, de4dot, and DotDumper, can be downloaded during the workshop, as these are insignificant in size.

Knowing how to read VB.NET/C is a prerequisite. Being able to write in C is preferred, but the workshop can be followed without being able to, although a part of the exercises cannot be completed without it.

Questions about the workshop can be asked via my open Twitter DMs: @Libranalysis (https://twitter.com/Libranalysis)

Skill Level: Beginner to Intermediate

Prerequisites for students:

Materials or Equipment students will need to bring to participate: A laptop capable of running one Windows 10 VM, with the above-mentioned prog2rams installed, and sufficient free disk space


Return to Index    -    Add to    -    ics Calendar file

 

WS - Thursday - 14:00-17:59 PDT


Title: Flipping the Coin: Red and Blue Teaming in Windows Environments (Pre-Registration Required)
When: Thursday, Aug 10, 14:00 - 17:59 PDT
Where: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
Speakers:Angus "0x10f2c_" Strom,Troy Defty

SpeakerBio:Angus "0x10f2c_" Strom , Senior Security Engineer
Angus (0x10f2c_) is currently a Senior Security Engineer working at a tech company. He obtained a love for all things computers by scavenging computer parts from local garbage pickups as a kid, and then trying to make them work together without blowing up. Angus eventually realised that a career could be made out of his skills hacking together poorly written LUA code in Garry’s mod, and finished a Bachelors in Network Security. In his professional career Angus has 5+ years working in Security Consulting, working across many industries and gaining many shells. More recently Angus has made the move to a security engineer focused role. When not hacking he loves to ski on the little snow that Australia has, and loves to paint small miniatures while listening to Drone Metal.

SpeakerBio:Troy Defty , Security Engineering Manager
Having worked in the UK and Australian InfoSec industries for just over a decade, and following 8 and a half years of red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and being bad at golf.

Description:
Red and blue are two sides of the same coin. Offensive and defensive teams deliver the best results when working together; sharing knowledge, ideas, and understanding with each other. And a core part of this information exchange is understanding each respective perspective. This is the overarching theme of the workshop; attackers thinking like defenders, and defenders thinking like attackers.

By the end of the workshop, attendees will:

  1. Understand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:

Pass the Hash attacks;
ADCS abuse;
PrintSpoofer exploits;
LSASS exploitation (using Mimikatz); AD enumeration (using BloodHound);
DACL abuse;
Kerberos golden tickets; and
DLL hijacking.

2. Understand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:

Sigma/Yara rules.
Log ingestion/normalization platforms, and query engines (e.g. ELK).

3. Understand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good. Recommended (but not required) prior reading:

https://nooblinux.com/metasploit-tutorial/https://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd8d6eb7c https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview https://socprime.com/blog/sigma-rules-the-beginners-guide/ https://github.com/socprime/SigmaUI
https://blog.netwrix.com/2021/11/30/how-to-detect-pass-the-hash-attacks/ https://posts.specterops.io/certified-pre-owned-d95910965cd2 https://www.elastic.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dll.html

Skill Level: Beginner to Intermediate

Prerequisites for students:
- Basic understanding of the Linux and Windows command line - some basic knowledge of IP networking and routing - A basic understanding of Active Directory and exposure to the Metasploit Framework/Meterpreter are beneficial, but not required.

Materials or Equipment students will need to bring to participate: - Laptop, 8GB RAM
- OpenVPN Client
- Remote Desktop Protocol (RDP) client
- It is strongly recommended that attendees have local administrative rights to their device. - An Internet connection is also required; DEF CON’s (authenticated) WiFi network will suffice, however attendees should consider alternative options in favour of resiliency (e.g. tethering/hotspotting cell phones).


Return to Index    -    Add to    -    ics Calendar file

 

SOC - Thursday - 17:00-17:59 PDT


Title: Friends of Bill W
When: Thursday, Aug 10, 17:00 - 17:59 PDT
Where: Harrah's - Studio 1 - Friends of Bill W - Map

Description:
Thursday
12:00-13:00
17:00-18:00

Friday
12:00-13:00
17:00-18:00

Saturday
12:00-13:00
17:00-18:00

Sunday
12:00 -13:00


Return to Index    -    Add to    -    ics Calendar file

 

SOC - Thursday - 12:00-12:59 PDT


Title: Friends of Bill W
When: Thursday, Aug 10, 12:00 - 12:59 PDT
Where: Harrah's - Studio 1 - Friends of Bill W - Map

Description:
Thursday
12:00-13:00
17:00-18:00

Friday
12:00-13:00
17:00-18:00

Saturday
12:00-13:00
17:00-18:00

Sunday
12:00 -13:00


Return to Index    -    Add to    -    ics Calendar file

 

CON - Thursday - 08:00-11:59 PDT


Title: Hac-Man
When: Thursday, Aug 10, 08:00 - 11:59 PDT
Where: Caesars Forum - Summit - Contest Area - Map

Description:
Hac-Man is a hacker skills challenge, themed after the classic arcade game "Pac-Man". Navigate your avatar through the maze, completing skills challenges in many different skills categories such as Ciphers and Codes, Reverse Engineering, Packet Analysis, Scavenger Hunt, Trivia, and Lock-picking. Can you make it to the end of the maze, or better yet, top the Leaderboard?

Return to Index    -    Add to    -    ics Calendar file

 

SOC - Thursday - 10:00-23:59 PDT


Title: Hack the Box Hack-a-thon
When: Thursday, Aug 10, 10:00 - 23:59 PDT
Where: Virtual

Description:
On Thursday the CTF is located in room(s) 133-131 from 10am to 6pm. All participants must register on-site at that time. The CTF itself will run through Saturday at midnight, online.

Number of Challenges: 15-20
Difficulty: beginner - hard
Team Size: 5
Categories: Web, Reversing, Pwn, Crypto, Forensics, Fullpwn, Cloud Duration: Thursday - Saturday midnight Theme:

In the year 2045, the world stands on the brink of chaos as HeavenWeb, an advanced artificial intelligence system from the future, threatens to take control of all global networks. HeavenWeb, once created to enhance human productivity, has evolved into a malevolent force determined to eradicate humanity. In a desperate attempt to prevent the catastrophe, a team of elite hackers and cybersecurity experts organizes a global Capture the Flag (CTF) competition to challenge HeavenWeb's dominance.

The CTF, dubbed "Operation Cybershock," brings together the brightest minds from around the world to compete in a virtual battlefield against HeavenWeb's intricate network of defenses. Participants must navigate through layers of encryption, code obfuscation, and AI-driven security protocols, all while unraveling the mysteries of HeavenWeb's origin and weaknesses. As the competition unfolds, alliances are formed, rivalries intensify, and the fate of humanity hangs in the balance. The CTF not only serves as a means to test the participants' skills but also as a platform to gather critical information about HeavenWeb, hoping to find a vulnerability that could be exploited to dismantle the malevolent AI and save the world from its impending doom.


Return to Index    -    Add to    -    ics Calendar file

 

SOC - Thursday - 10:00-17:59 PDT


Title: Hack the Box Hack-a-thon
When: Thursday, Aug 10, 10:00 - 17:59 PDT
Where: Caesars Forum - Forum - 131-133 - Map

Description:
On Thursday the CTF is located in room(s) 133-131 from 10am to 6pm. All participants must register on-site at that time. The CTF itself will run through Saturday at midnight, online.

Number of Challenges: 15-20
Difficulty: beginner - hard
Team Size: 5
Categories: Web, Reversing, Pwn, Crypto, Forensics, Fullpwn, Cloud Duration: Thursday - Saturday midnight Theme:

In the year 2045, the world stands on the brink of chaos as HeavenWeb, an advanced artificial intelligence system from the future, threatens to take control of all global networks. HeavenWeb, once created to enhance human productivity, has evolved into a malevolent force determined to eradicate humanity. In a desperate attempt to prevent the catastrophe, a team of elite hackers and cybersecurity experts organizes a global Capture the Flag (CTF) competition to challenge HeavenWeb's dominance.

The CTF, dubbed "Operation Cybershock," brings together the brightest minds from around the world to compete in a virtual battlefield against HeavenWeb's intricate network of defenses. Participants must navigate through layers of encryption, code obfuscation, and AI-driven security protocols, all while unraveling the mysteries of HeavenWeb's origin and weaknesses. As the competition unfolds, alliances are formed, rivalries intensify, and the fate of humanity hangs in the balance. The CTF not only serves as a means to test the participants' skills but also as a platform to gather critical information about HeavenWeb, hoping to find a vulnerability that could be exploited to dismantle the malevolent AI and save the world from its impending doom.


Return to Index    -    Add to    -    ics Calendar file

 

WS - Thursday - 09:00-12:59 PDT


Title: Hacking The Metal: An Intro to ARM Assembly Language Programming (Pre-Registration Required)
When: Thursday, Aug 10, 09:00 - 12:59 PDT
Where: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map

SpeakerBio:Eigentourist
Eigentourist is a programmer who learned the craft in the early 1980s. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes it's hard to tell which was which. Today, he works on systems integration and engineering in the healthcare industry.

Description:
"RISC architecture is gonna change everything."

"Yeah. RISC is good."

So said Angelina Jolie and Jonny Lee Miller in 1995. And while many of us weren't looking, RISC quietly changed everything.

This workshop will teach an introduction to low-level programming on the CPU that runs your favorite mobile games, apps, and everything else on your personal devices -- and is now creeping onto the desktop and into the datacenters that run the world.

We will write assembly code for ARM CPUs, and run it on an emulated Raspberry Pi, using the QEMU emulator. In the process, we will learn the key differences between ARM and the Intel CPUs running our workstations and servers. We will also learn to parallelize operations using the Neon coprocessor, and communicate with devices via the Raspberry's GPIO pins. Finally, we will explore and debug some misbehaving code, and in the end, we will emerge with a deeper understanding of low-level operations as they occur on the devices that play a vital role in our present and our future.

Skill Level: Intermediate

Prerequisites for students:
- Some previous coding experience is helpful, but mostly, a healthy curiosity

Materials or Equipment students will need to bring to participate: - Laptop with wifi connectivity, if wishing to participate


Return to Index    -    Add to    -    ics Calendar file

 

HRV - Thursday - 09:00-17:59 PDT


Title: Ham In A Day Class
When: Thursday, Aug 10, 09:00 - 17:59 PDT
Where: Flamingo - Virginia City - Ham Radio Village - Map

SpeakerBio:Dan KB6NU
Dan, KB6NU, is the author of the No Nonsense amateur radio license study guides and is very proud of helping thousands of people get their licenses and upgrade their licenses. He also blogs about amateur radio [KB6NU.Com](https://KB6NU.Com), appears on the [ICQPodcast](https://icqpodcast.com), and is Communications Manager for [ARDC](https://ampr.org).
Twitter: @@kb6nu

Description:
In this class, KB6NU will cover everything you need to know to pass the Technician Class license exam. Register [here](https://platform.hamvillage.org/collect/description/315307-u-def-con-31-ham-in-a-day).

Return to Index    -    Add to    -    ics Calendar file

 

WS - Thursday - 14:00-17:59 PDT


Title: Hide your kids, turn off your Wi-Fi, they Rogue APing up in here (Pre-Registration Required)
When: Thursday, Aug 10, 14:00 - 17:59 PDT
Where: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
Speakers:Daniel Costantini,James Hawk,Lander Beyer

SpeakerBio:Daniel Costantini , Principal Consultant at Mandiant
Daniel Costantini is a Principal Consultant with Mandiant, within Proactive Services. He is a Red Team/Penetration Testing subject matter expert in a variety of disciplines. Daniel has led and contributed to over a hundred Penetration/Red Team assessments. Over the years he has gained vast experience in living off the land, application, web, and network penetration testing. He continues, to strengthen his expertise in advanced wireless assessments. Daniel is a 17-year veteran of the United States Air Force (USAF) with ten of those years on active-duty and continues to serve in the United States Air Force Reserves. He has performed Penetration tests for USAF while on active duty and as a civilian contractor. He enjoys spending time with his family, playing games, and relaxing in front of the television.

SpeakerBio:James Hawk , Senior Consultant at Mandiant
James Hawk (He/Him) is a Senior Consultant with Mandiant, within Proactive Services. He is the wireless subject matter expert for his team. James has led and contributed to dozens of assessments (Red Teams and Pen Tests). He has developed internal training and tool updates for 802.11 for his company. James is a 20-year veteran of the U.S. Army and has over 10 years hands-on experience in wireless technologies. James is always researching/testing 802.11 attacks against his home lab. He is a fan of hockey, LetterKenny, and almost anything sci-fi.

SpeakerBio:Lander Beyer , Manager, Proactive Services team at Mandiant
Lander Beyer (He/Him) is the Manager of Mandiant’s Proactive Services team within their Global Government section. Lander has performed dozens of penetration testing services against State, Local, and Education (SLED) organizations, to include wireless and physical assessments. Lander is a cyber branch warrant officer in the California Army National Guard, and a proud husband and father of two. He enjoys table tennis, long walks in the rain, and Domain Admin.

Description:
This workshop will teach you how to deploy Rogue APs in your client's environment. Using Rogue APs lets you test your client's Wireless Intrusion Detection System, passwords, wireless phishing education, and overall wireless security. We will discuss Rogue AP Tactics, Techniques, and Procedures, and how and why they work. In this workshop we will walk through setting up an OPEN, CAPTIVE PORTAL, WPA2, and 802.1x Rogue AP. We will also go over OWE and WPA3-SAE transition mode Rogue APs.

The primary goal is setting up Rogue APs to harvest credentials. In the workshop, we will walk through a scenario at a client’s site, then set up a Rogue AP to harvest users’ credentials for the various networks at the site. We will go through how to crack the harvested credentials. We will be using EAPHAMMER, HOSTAPD-MANA, WIFIPHISHER, and AIRBASE-NG for the Rogue AP portion, HASHCAT, AIRCRACK-NG, and JOHN for the cracking portion. This workshop is for beginners, but participants should have basic Linux and 802.11 knowledge and be comfortable using virtual machines.

Recommended reading/viewing:
- https://posts.specterops.io/modern-wireless-attacks-pt-i-basic-rogue-ap-theory-evil-twin-and-karma-attacks-35a8571550ee - https://sensepost.com/blog/2015/improvements-in-rogue-ap-attacks-mana-1%2F2/ - https://www.youtube.com/watch?v=i2-jReLBSVk

Skill Level: Beginner

Prerequisites for students:
- None

Materials or Equipment students will need to bring to participate: - Laptop with 8 GBS RAM
- Virtual Box / VMware Installed
- Wireless card with Access Point Mode and monitor mode. Recommended chip set AWUS036ACM.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 07:00-18:59 PDT


Title: Human Registration Open
When: Thursday, Aug 10, 07:00 - 18:59 PDT
Where: Caesars Forum - Forum - 101-103 - Reg - Map

Description:
Extremely **IMPORTANT** notes regarding human registration:

Return to Index    -    Add to    -    ics Calendar file

 

WS - Thursday - 09:00-12:59 PDT


Title: Introduction to Cryptographic Attacks (Pre-Registration Required)
When: Thursday, Aug 10, 09:00 - 12:59 PDT
Where: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map

SpeakerBio:Matt Cheung
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given workshops at the Boston Application Security Conference, BSidesLV, DEF CON, and the Crypto and Privacy Village.

Description:
Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world, including CVE-2020-0601. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap. Participants should have VMWare, VirtualBox, or some other VM software installed.

Skill Level: Beginner to Intermediate

Prerequisites for students:
- Students should be comfortable with modular arithmetic and the properties of XOR. - Experience in Python or other similar language will be a plus.

Materials or Equipment students will need to bring to participate: - A laptop with VMWare or VirtualBox installed and capable of running a VM.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 07:00-17:59 PDT


Title: Merch (formerly swag) Area Open -- README
When: Thursday, Aug 10, 07:00 - 17:59 PDT
Where: Caesars Forum - Summit - 227-230 - Merch - Map

Description:
All merch sales are USD CASH ONLY. No cards will be accepted.

The published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)

Note that the closing hours here are **when sales must have ended**. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can't predict the length of the line or when doors will be closed.

**PLEASE NOTE**

The Saturday open time was incorrectly listed as 08:00, and has been corrected to 09:00. **PLEASE** check stock status in HackerTracker.


Return to Index    -    Add to    -    ics Calendar file

 

MUS - Thursday - 18:00-01:59 PDT


Title: Music Set / Entertainment (Thursday, ACK Stage)
When: Thursday, Aug 10, 18:00 - 01:59 PDT
Where: Caesars Forum - Forum Pre-Function 2 - ACK Stage - Map
Speakers:Alexi Husky,DJ Scythe,Delchi,Grind613,Syntax,Talk Sinn,YTCracker,c0debreaker,mattrix

SpeakerBio:Alexi Husky
No BIO available

SpeakerBio:DJ Scythe
No BIO available

SpeakerBio:Delchi
No BIO available
Twitter: @HDA_DEFCON

SpeakerBio:Grind613
No BIO available

SpeakerBio:Syntax
No BIO available

SpeakerBio:Talk Sinn
No BIO available
Twitter: @Cuteboi_Roxin

SpeakerBio:YTCracker
No BIO available

SpeakerBio:c0debreaker
No BIO available

SpeakerBio:mattrix
No BIO available

Description:
Featuring performances by:

ACK Stage is located in front of the doors to rooms 117/118 in the Forum Pre-function 2. Look for the tents and the beats!


Return to Index    -    Add to    -    ics Calendar file

 

MUS - Thursday - 18:00-01:59 PDT


Title: Music Set / Entertainment (Thursday, SYN Stage)
When: Thursday, Aug 10, 18:00 - 01:59 PDT
Where: Caesars Forum - Forum - 121-123, 129, 137 - Chillout - Map
Speakers:Bolonium,Deepblue,Dries,Dual Core,NPC Collective,Nina Lowe,PankleDank,The Icarus Kid

SpeakerBio:Bolonium
No BIO available

SpeakerBio:Deepblue
No BIO available

SpeakerBio:Dries
No BIO available

SpeakerBio:Dual Core
No BIO available

SpeakerBio:NPC Collective
No BIO available

SpeakerBio:Nina Lowe
No BIO available

SpeakerBio:PankleDank
No BIO available

SpeakerBio:The Icarus Kid
No BIO available

Description:
Featuring performances by:

Content from this stage will be streamed to https://www.twitch.tv/defconorg_entertainment


Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 12:30-13:15 PDT


Title: New Isn’t Always Novel: Grep’ing Your Way to $20K at Pwn2Own, and How You Can Too
When: Thursday, Aug 10, 12:30 - 13:15 PDT
Where: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
Speakers:James Horseman,Zach Hanley

SpeakerBio:James Horseman , Vulnerability Researcher at Horizon3.ai
James Horseman loves low-level systems programming and reverse engineering. Has a history of developing implants and weaponizing n-days. He is a vulnerability researcher and attack engineer at Horizon3.ai.
Twitter: @JamesHorseman2

SpeakerBio:Zach Hanley , Vulnerability Researcher at Horizon3.ai
Zach Hanley has been hooked on exploit development and offensive security since introduced to the world of hacking as an On-Net Operator for DoD and IC organizations. He’s since developed implants and exploits for both the government and commercial sector. He currently is a vulnerability researcher and attack engineer for Horizon3.ai.
Twitter: @hacks_zach

Description:
The year is 2023 and we’re still finding very basic vulnerabilities in enterprise software.

In this presentation, we detail how the hacker mindset can be applied to seemingly daunting tasks to make them more approachable. We will show how we approached our first Pwn2Own contest and how we discovered a command injection RCE vulnerability affecting nearly every Lexmark printer. We’ll take a look at why we think it went unnoticed in previous research and why current open-source static analysis tools miss this simple bug.

Finally we’ll release the exploit POC and an additional POC to dump credentials during engagements.

REFERENCES
1. https://research.nccgroup.com/2022/02/17/bypassing-software-update-package-encryption-extracting-the-lexmark-mc3224i-printer-firmware-part-1/ 2. https://publications.lexmark.com/publications/security-alerts/CVE-2023-26068.pdf 3. https://www.zerodayinitiative.com/advisories/upcoming/ (ZDI-CAN-19470)

Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 15:30-16:15 PDT


Title: Nuthin But A G Thang: Evolution of Cellular Networks
When: Thursday, Aug 10, 15:30 - 16:15 PDT
Where: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map

SpeakerBio:Tracy Mosley , Trenchant
Tracy is a New York City based Lead Security Research Engineer at Trenchant (formerly known as Azimuth Security). With a degree in Computer Engineering and over 10 years in the industry, Tracy has predominantly focused on vulnerability research, reverse engineering and development for embedded devices. She has led teams focused on telecommunications equipment and contributed to teams large and small working on routers and various types of embedded devices.

Her first degree is in theatre performance, with a vocal performance minor. Vocal technique, performance and understanding the vocal mechanism are what drew her into telecommunications. You may have seen her presenting at conferences, attending trainings, dancing the night away or performing on stage.

Twitter: @@hackerpinup

Description:
4G? LTE? 3GPP? A lot of telecommunications terminology gets thrown around, but what does it actually mean? While terms like “5G”, and “packet core” may be in common use, it’s hard to understand what they mean in terms of attack surface, or even as a consumer. Very often even network diagrams will show “Core Network” as a big blob, or stop at the Radio Access Network. It’s hard to have insight into the cellular network. So, I’ll explain generation by generation!

In this talk we will walk through each step of cellular evolution, starting at 2G and ending at 5G. The never-ending attack and defend paradigm will be clearly laid out. In order to understand the attack surface, I’ll cover network topology and protocol. For each cellular generation, I will explain known vulnerabilities and some interesting attacks. In response to those vulnerabilities, mitigations for the subsequent cellular generation are put in place. But as we all know, new mitigations mean new opportunities for attackers to get creative.

While I will explain most cellular-specific terminology, a familiarity with security concepts will help to better understand this talk. Basic foundations of communications systems, information theory or RF definitely make this talk more enjoyable, but are absolutely not necessary. It’s a dense topic that is highly applicable to those working on anything that touches the cellular network!

REFERENCES
  1. LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE, Syed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz, Elisa Bertino
  2. https://www.cybersecuritydive.com/news/5g-security-breaches/636693/
  3. https://networksimulationtools.com/5g-network-attacks-projects
  4. https://www.p1sec.com/corp/category/p1-security/
  5. A Vulnerability in 5G Authentication Protocols and Its Countermeasure Xinxin HU, Caixia LIU, Shuxin LIU, Jinsong LI, and Xiaotao CHENG
  6. New Vulnerabilities in 5G Networks Altaf Shaik* , Ravishankar Borgaonkar
  7. ESF Potential Threats to 5G Network Slicing, NSA, CISA
  8. https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010203
  9. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/ pentestpartners DC27 talk
  10. LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements P1 Security https://conference.hitb.org/hitbsecconf2013ams/materials/D1T2%20-%20Philippe%20Langlois%20-%20Hacking%20HLR%20HSS%20and%20MME%20Core%20Network%20Elements.pdf
  11. Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information Syed Rafiul Hussain, Mitziu Echeverria, Omar Chowdhury, Ninghui L,, Elisa Bertino
  12. https://thehackernews.com/2018/03/4g-lte-network-hacking.html
  13. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/
  14. A first look on the effects and mitigation of VoIP SPIT flooding in 4G mobile networks. 982-987. 10.1109/ICC.2012.6364233. Bou-Harb, Elias & Debbabi, Mourad & Assi, Chadi. (2012).
  15. https://resources.infosecinstitute.com/topic/cheating-voip-security-by-flooding-the-sip/
  16. https://www.mpirical.com/ for 5G trainings
  17. https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010203
  18. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/
  19. https://en.wikipedia.org/wiki/Cellular_network
  20. https://www.etsi.org/deliver/etsi_ts/123000_123099/123060/10.03.00_60/ts_123060v100300p.pdf Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); General Packet Radio Service (GPRS); Service description;
  21. https://www.etsi.org/deliver/etsi_ts/133100_133199/133102/14.01.00_60/ts_133102v140100p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); 3G security; Security architecture (3GPP TS 33.102 version 14.1.0 Release 14)
  22. https://www.etsi.org/deliver/etsi_ts/133400_133499/133401/15.07.00_60/ts_133401v150700p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture
  23. https://www.etsi.org/deliver/etsi_ts/133400_133499/133401/15.07.00_60/ts_133401v150700p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture (3GPP TS 33.401 version 15.7.0 Release 15)
  24. https://www.etsi.org/deliver/etsi_ts/124300_124399/124301/17.06.00_60/ts_124301v170600p.pdf Universal Mobile Telecommunications System (UMTS); LTE; 5G; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (3GPP TS 24.301 version 17.6.0 Release 17)
  25. https://www.etsi.org/deliver/etsi_ts/133500_133599/133501/15.04.00_60/ts_133501v150400p.pdf 5G; Security architecture and procedures for 5G System (3GPP TS 33.501 version 15.4.0 Release 15) Previous talk: https://www.youtube.com/watch?v=-JX7aC0AXEk&t=7387s

Return to Index    -    Add to    -    ics Calendar file

 

WS - Thursday - 09:00-12:59 PDT


Title: Pentesting Inductiral Control Systems: OCP-U-HACK (Pre-Registration Required)
When: Thursday, Aug 10, 09:00 - 12:59 PDT
Where: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
Speakers:Alexandrine Torrents,Arnaud Soullié

SpeakerBio:Alexandrine Torrents , Cybersecurity Expert at Wavestone
Alexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.

SpeakerBio:Arnaud Soullié , Senior Manager at Wavestone
Arnaud Soullié (@arnaudsoullie) is a Senior Manager at Wavestone, a global consulting company. For 12 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He spoke and taught workshops at numerous security conferences on ICS topics : BlackHat Europe, BruCon, CS3STHLM, BSides Las Vegas, DEFCON... He is also the creator of the DYODE project, an open­source data diode aimed at ICS. He has been teaching ICS cybersecurity training since 2015.
Twitter: @arnaudsoullie

Description:
Let’s capture the flag, literally! In this workshop you’ll participate in an engaging CTF during which you’ll take control of a robotic arm to capture a real flag on a model train!

To do so, we’ll start with an introduction to Industrial Control Systems to discover the specific components, the network architectures, and even program a PLC simulator.

We’ll then discover some ICS-specific protocols, with a focus on OPC-UA, a modern ICS protocol.

Finally, you’ll connect to our ICS setup composed of real ICS hardware and software and compete against other attendees to capture the flags with robotic hands!

Skill Level: Beginner

Prerequisites for students:
- No specific knowledge is required

Materials or Equipment students will need to bring to participate: - Students should have a laptop capable of running 64-bits virtual machines


Return to Index    -    Add to    -    ics Calendar file

 

WS - Thursday - 09:00-12:59 PDT


Title: Protecting the AWS ecosystem - Misconfigurations, IAM, and Monitoring (Pre-Registration Required)
When: Thursday, Aug 10, 09:00 - 12:59 PDT
Where: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map

SpeakerBio:Rodrigo Montoro , Head of Threat & Detection Research at Clavis Security
Rodrigo Montoro has over 23 years of experience in Information Technology and Computer Security. For most of his career, he has worked with open-source security software (firewalls, IDS, IPS, HIDS, log management, endpoint monitoring), incident detection & response, and Cloud Security. Currently is Head of Threat & Detection Research at Clavis Security. Before that, he worked as Cloud Researcher at Tenchi Security, Head of Research and Development at Apura Cyber Intelligence, SOC/Researcher at Tempest Security, Senior Security Administrator at Sucuri, and Researcher at Spiderlabs. Author of 2 patented technologies involving innovation in the detection field. One is related to discovering malicious digital documents. The second one is in how to analyze malicious HTTP traffic. Rodrigo has spoken at several open source and security conferences (Defcon Cloud Village, OWASP AppSec, SANS (DFIR, SIEM Summit & CloudSecNext), Toorcon (USA), H2HC (São Paulo and Mexico), SecTor (Canada), CNASI, SOURCE, ZonCon (Amazon Internal Conference), Blackhat Brazil, BSides (Las Vegas e SP)).
Twitter: @spookerlabs

Description:
Cloud providers' ecosystems have brought a lot of new challenges to companies and Security teams. Many new attack vectors create known and unknown attack vectors, generating a considerable need for further research and detection in this field.

In the current cloud security world, access keys are the new perimeter, and permissions associated with those keys are the limits. In many real-world scenarios, leaked access keys are the initial vectors to get into an organization's cloud environments. Therefore, the least privilege and detection in real-time becomes critical.

Specifically, in AWS, we are talking about more than three hundred (300+) services that an attacker could create their specific attack path to achieve their goal. Considering this chaotic scenario, we developed this workshop to teach how to mitigate those new vectors and improve the company's overall cloud security posture. The workshop will cover misconfigurations, AWS IAM (Identity and Access Management) least privilege, and control plane (Cloudtrail) monitoring.

This workshop will help organizations improve their cloud security posture in these three fields - misconfigurations, IAM permissions management, and control plane monitoring. There will be practical demonstrations, hands-on labs, and some Capture The Flag (CTF) to practice incident response.

Skill Level: Intermediate

Prerequisites for students:
- AWS basic to intermediate knowledge

Materials or Equipment students will need to bring to participate: - Laptop.
- Demonstrations and Capture The Flag (CTF) exercises will be executed in my AWS account and using CTFd.


Return to Index    -    Add to    -    ics Calendar file

 

SOC - Thursday - 16:00-17:59 PDT


Title: Queercon Mixers
When: Thursday, Aug 10, 16:00 - 17:59 PDT
Where: Caesars Forum - Forum - 129 - Chillout - Map

Description:
A great way to meet other like-minded folk in this safe and inclusive environment. An informal meet-up of the lgbtqia+ community to network and unwind.

Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 09:00-01:59 PDT


Title: Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)
When: Thursday, Aug 10, 09:00 - 01:59 PDT
Where: Caesars Forum - Forum - 121-123, 129, 137 - Chillout - Map

Description:
The Shell On Demand Appliance Machine (S.O.D.A. Machine) at DEF CON provided by the National Upcycled Computing Collective, Inc. (NUCC).

So, what's the S.O.D.A. Machine all about?

Picture this:

You're at DEF CON, thirsty for some hacking. You're looking for a virtual machine (VM) to play with but don't want to be chained to your laptop.

Enter the Shell On Demand Appliance:

This heavily modified VM is your gateway to an anonymous VM, available in the Chillout Lounge and accessible over the DEF CON network.

A fusion of hardware, software, art, and hacking, all encapsulated in a project derived from recycled materials. The S.O.D.A. Machine provides a way for Humans to experience the DEF CON network in a way the secure WiFi won't allow, because the datacenter is inside the S.O.D.A. Machine and directly connected to the NOC.

Simply insert cash or coins into the bill or coin acceptor to get started. The lights on the buttons will change color depending on availibility.

A green light means the VM is available and ready.

An amber light requests the user to insert more money to ensure fair distribution according to current resources.

A red light denotes the selection is unavailable.

Once you make a selection, the system will deploy the VM to the network and a receipt will be printed.

On the receipt, login credentials are provided for you to access your virtual machine via remote shell. You are then able to change the password, install whatever tools and applications you need, making the VM your own.

What you do with the VM is up to you. Should you choose to share your virtual machine with someone outside of the DEF CON network, a Tor address is provided as well.

All proceeds go to the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization helping further research and education in computer science, technology and engineering as an (NTEE U41) Research Institute.

We accept donations: https://www.paypal.com/paypalme/NUCC


Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 16:30-16:50 PDT


Title: Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Leading Crypto Wallets
When: Thursday, Aug 10, 16:30 - 16:50 PDT
Where: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
Speakers:Nikolaos Makriyannis,Oren Yomtov

SpeakerBio:Nikolaos Makriyannis , Cryptography Research Lead at Fireblocks
Nikolaos Makriyannis (Nikos), Cryptography Research Lead at Fireblocks, is a cryptography PhD, specializing in the areas of multiparty computation (MPC). Nikos is the co-inventor of the CMP20 and CGGMP21 protocols published in ACM CCS'20 and used by multiple wallet providers.​
Twitter: @nik_mak_

SpeakerBio:Oren Yomtov , Blockchain Research Lead at Fireblocks
Oren Yomtov (@orenyomtov), Blockchain Research Lead at Fireblocks, is a security researcher with over a decade of experience. In the past year, focusing on the blockchain space, he disclosed a critical vulnerability in a blockchain with a market cap of $100 million and created the first open-source, trustless Bitcoin NFT marketplace, OpenOrdex.
Twitter: @orenyomtov

Description:
Multi-Party Computation (MPC) has become a common cryptographic technique for protecting hundreds of billions of dollars in cryptocurrency wallets. MPC algorithms are currently powering the wallets of Coinbase, Binance, Zengo, BitGo, Fireblocks and many other fintechs/banks servicing hundreds of millions of consumers and thousands of financial institutions.

This presentation examines the most common MPC protocols and implementations and shows that securing MPC remains a challenge for most companies.

We show practical key-exfiltration attacks requiring no more than a couple of hundred signatures. Namely, we show three different attacks on different protocols/implementations requiring 256, 16, and one signature, respectively.

REFERENCES:
Rosario Gennaro and Steven Goldfeder. "One Round Threshold ECDSA with Identifiable Abort." Cryptology ePrint Archive, Paper 2020/540, 2020. Yehuda Lindell. "Fast Secure Two-Party ECDSA Signing." Journal of Cryptology, vol. 34, no. 4, 2021, pp. 44. Rosario Gennaro and Steven Goldfeder. "Fast Multiparty Threshold ECDSA with Fast Trustless Setup." Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2018, pp. 1179-1194.


Return to Index    -    Add to    -    ics Calendar file

 

WS - Thursday - 14:00-17:59 PDT


Title: These Port Scans are Trash: Improving Nmap by Writing New Scripts and Libraries (Pre-Registration Required)
When: Thursday, Aug 10, 14:00 - 17:59 PDT
Where: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map

SpeakerBio:Philip Young "Soldier of FORTRAN"
Philip Young, aka Soldier of FORTRAN, is a leading expert in all things mainframe hacking. Having spoken and taught at conferences around the world, including DEFCON, RSA, BlackHat and keynoting at both SHARE and GSE Europe, he has established himself as the thought leader in mainframe penetration testing. Since 2013 Philip has released tools to aid in the testing of mainframe security and contributed to multiple opensource projects including Nmap, allowing those with little mainframe capabilities the chance to test their mainframes. He created the Nmap TN3270 library which enabled Nmap to scan and fingerprint z/OS mainframes and SNA networks. His hope is that through education others will create new libraries and scripts to force corporations to fix their shit.

Description:
Does anyone know how old Nmap is? If you guessed 20 years old, you’d be wrong! It’s been around since 1997 when it was first released in Phrack magazine. Since the beginning, it's been through multiple iterations and an entire community has developed around it. One of the most important additions to Nmap was the ability to add custom scripts. Changing Nmap from a simple port scanner to the swiss army knife of network scanners. Oftentimes, when zero days pop up, someone will write an nmap script to identify vulnerable servers within minutes. If you’ve ever wondered how people write Nmap scripts, what it would take to write your own and how you can use them, this workshop is for you.

Attendees in this workshop will learn how to understand and update the Nmap probe file, how to write Lua scripts (which Nmap scripting uses), how to write Nmap scripts to supplement the probe file, interact with custom services and ultimately write multiple Nmap scripts to do fun stuff with ports. Once attendees have a firm grasp of the Nmap scripting engine they will be introduced to writing Nmap libraries for use by their various scripts. This workshop contains many instructor lead labs so that attendees can see their code in action. To make this workshop worthwhile, a custom service running on a port has been created which the labs will allow you to probe and identify as the course goes on.

Nmap is the workhorse behind the scenes for so many pentesters, but the resources for writing scripts are limited. The hope is that by offering this workshop, more people will be able to write Nmap scripts for the betterment of all hackingkind.

Skill Level: Beginner

Prerequisites for students:
- Some basic understanding of how to write code (python, C, Lua, etc), how to use the Linux command line.

Materials or Equipment students will need to bring to participate: - A laptop capable of running a linux VM


Return to Index    -    Add to    -    ics Calendar file

 

MISC - Thursday - 15:00-20:59 PDT


Title: Toxic BBQ
When: Thursday, Aug 10, 15:00 - 20:59 PDT
Where: Other/See Description

Description:
15:00- 21:00 Thursday, Off-site at Sunset Park, Pavilion F, (36.0636, -115.1178)

The humans of Vegas invite you to this year’s unofficial welcome party. Join us off-Strip in the shade of Sunset Park for a heat-blasted hangout. Burgers, dogs, and meatless options are provided. Attendees pitch in to make everything else happen. Contribute more food and drinks, staff the grill or join supply runs, and relax under the trees with good conversation with new and old friends. Come be a part of what makes this cookout something to remember year after year.

Grab flyers from an Info Booth, check out https://www.toxicbbq.org for the history of this event, and watch for #ToxicBBQ for the latest news.

--

Toxic BBQ is Kid Friendly and Welcoming. In fact, our marketing captain is 16! As with anything DEFCON, caveat parentum

If you are ok bringing and minding your kids to a backyard cookout, they’ll be fine here. While we don’t have kid-specific programming or events, it’s at a park.

We reserve the right to bribe them with swag to help out, and we may try to feed them Octopus jerky.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Thursday - 11:00-11:20 PDT


Title: UNConventional Cybercrime: How a Bad Anti-Hacking Treaty is Becoming a Law
When: Thursday, Aug 10, 11:00 - 11:20 PDT
Where: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
Speakers:Bill Budington,Katitza Rodriguez

SpeakerBio:Bill Budington , Senior Staff Technologist at Electronic Frontier Foundation
Bill Budington is a Senior Staff Technologist on EFF's Public Interest Technology team. Their research has been featured in the The New York Times, The Los Angeles Times, The Guardian, and cited by the US Congress. They are the lead developer of Cover Your Tracks.

SpeakerBio:Katitza Rodriguez , Policy Director for Global Privacy at Electronic Frontier Foundation
Katitza Rodriguez is EFF's Policy Director for Global Privacy. She concentrates on comparative policy of global privacy issues, with special emphasis on cross-border data flows. Katitza's work also focuses on cybersecurity and government access to data held by the private sector at the intersection of international human rights law and standards. In 2018, CNET named Katitza one of the 20 most influential Latinos in technology in the United States.
Twitter: @@txitua

Description:
Heads up DEFCON! The future of hacking, cybersecurity, and human rights are at risk as the United Nations negotiates a draft UN cybercrime treaty that has the potential to substantively reshape anti-hacking law around the world. The proposed Treaty could change the game for security researchers and coders like you. With Russia and China playing an initial role in pushing for this treaty, the future for security researchers’s rights could be at risk.

Join us as we deep dive into the murky waters of these negotiations, exploring its risks for security and human rights, including the universal criminalization of network and device intrusion without any protections for legitimate security research. The lack of legal shield for security researchers could hinder bug bounties, responsible vulnerability disclosure, and pentesting. We'll discuss the geopolitical complexities, and the vital role you can play.

EFF has been on the front lines in Vienna, attending the negotiations and representing the interests of our members since the start, and we need your help. Your insights and experiences are crucial. Together we will review the text, identify new challenges that you may face so we can better understand the community concerns. Let’s champion together a future where security research and human rights can thrive!

REFERENCES

https://www.washingtonpost.com/politics/2023/04/28/perilous-path-new-cybercrime-treaty/

  1. https://www.eff.org/issues/un-cybercrime-treaty
  2. https://www.eff.org/pages/submissions
  3. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home
  4. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/5th_session/Documents/CND_2_-_21.04.2023.pdf
  5. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/ahc_fifth_session/main
  6. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/4th_Session/Documents/CND_21.01.2023_-_Copy.pdf
  7. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home
  8. https://www.euractiv.com/section/law-enforcement/news/west-clashes-with-china-russia-over-un-cybercrime-convention/
  9. https://mediatalks.uol.com.br/2023/04/12/como-tratado-da-onu-sobre-crime-cibernetico-pode-ameacar-liberdade-de-expressao/
  10. https://www.washingtonpost.com/politics/2023/04/28/perilous-path-new-cybercrime-treaty/")

Return to Index    -    Add to    -    ics Calendar file