Talk/Event Schedule

Thursday

Thursday - 06:00 PDT

Thursday - 07:00 PDT

Thursday - 08:00 PDT

Thursday - 09:00 PDT

Thursday - 10:00 PDT

Thursday - 11:00 PDT

Thursday - 12:00 PDT

Thursday - 13:00 PDT

Thursday - 14:00 PDT

Thursday - 15:00 PDT

Thursday - 16:00 PDT

Thursday - 17:00 PDT

Thursday - 18:00 PDT

Thursday - 19:00 PDT

Thursday - 20:00 PDT

Thursday - 21:00 PDT

Thursday - 22:00 PDT

Thursday - 23:00 PDT

Talk/Event Descriptions

WS - Thursday - 14:00-17:59 PDT

Skill Level: Beginner to Intermediate

Prerequisites for students:
- A curiosity for security!

Materials or Equipment students will need to bring to participate: - Will need a laptop with Wireshark and R installed.

WS - Thursday - 09:00-12:59 PDT

In this workshop you will set up your own emulation environment (using Python) and work through a series of common malware analysis tasks such as unpacking, and malware configuration extraction. The workshop starts simple using Unicorn to emulate x86 shellcode, and builds to a final project where syscall hooking is used with Dumpulator to automatically extract C2s from malware.

This workshop is aimed at malware analysts and reverse engineers who are interested in learning more about emulation and how it can be used to automate some reverse engineering workflows. Students must be able to write basic Python scripts, and have a working knowledge of the Windows OS. Familiarity with Windows malware, assembly, and debugging are strongly recommended. If you have opened malware in a debugger before you will feel right at home here.

You will be provided with detailed virtual machine setup instructions prior to the workshop. Please make sure to bring a laptop that meets the following requirements.

• Your laptop must have VirtualBox or VMWare installed and working prior to the start of the course.
• Your laptop must have at least 60GB of disk space free.
• Your laptop must also be able to mount USB storage devices. (Make sure you have the appropriate dongle if you need one.)

Skill Level: Intermediate

Prerequisites for students:
- Students must be able to write basic Python scripts and have a basic understanding of the Windows operating system. - Familiarity with a Windows malware, debugging, and assembly would also be a significant benefit.

Materials or Equipment students will need to bring to participate: - Students must bring a laptop capable of running a Windows virtual machine with the following configuration. Time will be given to troubleshoot lab setup issues but it is strongly recommended that students have the following setup prior to the workshop.

[Host Setup]
- The laptop must have VirtualBox or VMWare installed and working prior to class. - The laptop must have at least 60GB of disk space free. - The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).

[ VM Install ]
- Download a free Windows 11 VM from Microsoft (https://developer.microsoft.com/en-u...tual-machines/) - You can also use a Windows VM of your choice (Windows 10 is also ok)

[ VM Install for Mac - Apple Silicon Only (M1, M2)] - If you have a new Apple Silicon MacBook you will are limited to running an ARM Windows VM - ARM Windows VMs are suitable for the workshop and you can follow our installation guide on YouTube (https://youtu.be/0eR8yrDLV5M)

[VM Setup]
- Install x64dbg in your VM (https://x64dbg.com/) - Install a free version of IDA in your VM (https://hex-rays.com/ida-free/) - Install a version of Python > 3.8.x in your VM (https://www.python.org/)

DC - Thursday - 10:00-10:45 PDT

In this talk we'll walk you through how we, four high school students and cybersecurity noobs became the first to fully reverse engineer Boston’s CharlieCard fare system and earn ourselves free rides for life… or at least until the system gets fixed, whichever comes first.

We’ll start by exploring the trials and tribulations of exploring the hardware behind the CharlieCards. Next, we’ll dive into the emotional rollercoaster of reverse engineering the black box that is a transit card system older than us. We’ll then explain the process of disclosing our findings to a government agency without having to hire a legal team. Finally, we’ll show you a demo of some of the tools we made, including our own portable fare machine!

By the end of our talk, regardless of whether you’re an avid RFID hackerman, or a complete noob, we’ll leave you with useful reverse engineering strategies, tips for working with a government agency, and if nothing else, a fun story.

REFERENCES

Andersen, Zack. Anatomy of a Subway Hack. 10 August 2008, https://file.wikileaks.org/file/anatomy-of-a-subway-hack.pdf.

Bray, Hiawatha. “Your CharlieCard can be hacked by an Android phone, MBTA admits.” The Boston Globe, 8 December 2022, https://www.bostonglobe.com/2022/12/08/business/your-charliecard-can-be-hacked-by-an-android-phone-mbta-admits/?p1=HP_Feed_AuthorQuery. Accessed 18 April 2023.

“CharlieCard.” Wikipedia, https://en.wikipedia.org/wiki/CharlieCard. Accessed 18 April 2023.

Courtois, Nicolas. “Hacking Mifare Classic Cards.” Black Hat, 21 October 2014, https://www.blackhat.com/docs/sp-14/materials/arsenal/sp-14-Almeida-Hacking-MIFARE-Classic-Cards-Slides.pdf. Accessed 18 April 2023.

iceman001. “RfidResearchGroup/proxmark3: The Iceman fork of Proxmark3 / RFID / NFC reader, writer, sniffer and emulator.” GitHub, https://github.com/RfidResearchGroup/proxmark3. Accessed 23 April 2023.

“nfc-tools/mfcuk: MiFare Classic Universal toolKit (MFCUK).” GitHub, https://github.com/nfc-tools/mfcuk. Accessed 23 April 2023.

“nfc-tools/mfoc: Mifare Classic Offline Cracker.” GitHub, https://github.com/nfc-tools/mfoc. Accessed 23 April 2023.

Rauch, Bobby. “Operation Charlie: Hacking the MBTA CharlieCard from 2008 to Present.” Medium, 8 December 2022, https://medium.com/@bobbyrsec/operation-charlie-hacking-the-mbta-charliecard-from-2008-to-present-24ea9f0aaa38. Accessed 18 April 2023.

MISC - Thursday - 10:00-11:59 PDT

Learn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.

At DEF CON 31: We will be debuting our latest Cyber Range, which focuses on exploiting a modern health record management system, dubbed ShadowHealth. Inspired by the latest trends and real world exploits, try your hands exploiting: SSRF, Log4Shell, reverse engineering, local privilege escalation, password cracking, XXS, and so much more! With over 35 challenges do you think you can complete them all?

CMD+CTRL will have two different games happening: free play, and the competition. Both require a code to join, and the best way to get a code is to go to the CMD+CTRL booth in the contest area. Codes to join free play will be given in Discord, on Thursday. Once you have a code, you can play online, from anywhere -- you do not have to be in the contest area.

For free play specifically:

We will utilize our contest channel on Discord: [ce-cmd-ctrl-cyberrange-text](https://discord.com/channels/708208267699945503/711643642388807800) CMD+CTRL Cyber Range Free Play, Thur 10:00 AM PT - Sun 12:00 PM PT

We will broadcast sign up instructions within this channel once Free Play beings.

DC - Thursday - 11:30-12:15 PDT

REFERENCES

- CicadaSolvers Discord server: https://discord.gg/cicadasolvers-572330844056715284 - CicadaSolvers Wiki: https://uncovering-cicada.fandom.com/wiki/Uncovering_Cicada_Wiki - Previous DEF CON talk from CicadaSolvers member Nox Populi: https://www.youtube.com/watch?v=sVU4k2gRe_Y - Article written as a result of our TOR search in 2016: https://arstechnica.com/information-technology/2016/07/malicious-computers-caught-snooping-on-tor-anonymized-dark-web-sites/

DC - Thursday - 13:30-14:15 PDT

Lack of clear reporting paths, misunderstandings, jurisdiction issues, superseding laws, and good old fashioned egos can make trying to do the right thing turn into a nightmare that can cost livelihoods, reputation, criminal charges and even worse, particularly when government systems are involved.

This talk will cover the presenters personal experiences with poorly written or a lack of vulnerability disclosure policies with their governments and what it cost them in trying to make things better. The presentation will then move to a discussion about what should be done and what is being done to make sure that reporting a vulnerability doesn’t cost you everything. Anyone who is responsible for writing such disclosure policies or legislation will benefit, but so will any hackers that want to make it safer to report issues they find by advocating for changes.

REFERENCES

- No references cited formally. Law excerpts will be noted in slides where relevant.

MISC - Thursday - 16:00-18:59 PDT

We'll keep accepting drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.

Most of the drive information can be found [here](https://dcddv.org/dc31-drive-info). If you have questions that have not yet been answered, you can email [info@dcddv.org](mailto:info@dcddv.org), or visit the [DEF CON Forums](https://forum.defcon.org/node/244903).

DC - Thursday - 17:30-18:45 PDT

Nikita is not on the social mediaz.

Years of Service: 13 and counting

SOC - Thursday - 14:00-15:59 PDT

MISC - Thursday - 06:00-11:59 PDT

Defcon.run is an evolution of the now long running Defcon 4x5K running event. But now it's bigger and more fun! Due to stupendous growth, we’ve been forced to change up the format. This year's activity will look to match up folks for fun runs, and rucks (!), in smaller distributed groups around Las Vegas. It’s the same old event but at a distributed scale! Show up in the morning to beat the heat, go for a run with folks, have a good time!

We’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances.

You can register to log your distance, we'll have a leader board, and shenanigans! Full Information at https://defcon.run

Interested parties should rally at Harrah's Goldfield at 06:00, but be sure to check [defcon.run](https://defcon.run) for any updates.

DC - Thursday - 14:30-15:15 PDT

WS - Thursday - 14:00-17:59 PDT

The workshop’s materials will partially consist of actual malware samples, the precautions for which will be explained in-detail during the workshop, ensuring the safety and integrity of the systems of the attendees. A laptop with a preinstalled VM based Windows 10 trial, along with the community edition of Visual Studio (2019 or later) and the DotNet Framework runtime for version 3.5 and later. Other tools, such as dnSpyEx, de4dot, and DotDumper, can be downloaded during the workshop, as these are insignificant in size.

Knowing how to read VB.NET/C is a prerequisite. Being able to write in C is preferred, but the workshop can be followed without being able to, although a part of the exercises cannot be completed without it.

Questions about the workshop can be asked via my open Twitter DMs: @Libranalysis (https://twitter.com/Libranalysis)

Skill Level: Beginner to Intermediate

Prerequisites for students:

• Have sufficient disk space and RAM to run one Windows 10 VM, along with a few gigabyte additional extra space
• Be able to understand VB.NET/C# and preferably (though not mandatory) be able to write in either of those languages
• Be able to run a Windows 10 VM
• Have a Windows 10 VM preinstalled in a virtual environment of choice (i.e., VirtualBox, VMWare)
• Have Visual Studio (2019 or later) installed, along with the DotNet Framework 3.5 and higher
• Analysis tools will be provided (i.e. open-source tools such as dnSpyEx) as their file size is minimal
• Malware samples and exercises will be provided on-location

Materials or Equipment students will need to bring to participate: A laptop capable of running one Windows 10 VM, with the above-mentioned prog2rams installed, and sufficient free disk space

WS - Thursday - 14:00-17:59 PDT

By the end of the workshop, attendees will:

1. Understand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:

Pass the Hash attacks;
ADCS abuse;
PrintSpoofer exploits;
LSASS exploitation (using Mimikatz); AD enumeration (using BloodHound);
DACL abuse;
Kerberos golden tickets; and
DLL hijacking.

2. Understand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:

Sigma/Yara rules.
Log ingestion/normalization platforms, and query engines (e.g. ELK).

3. Understand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good. Recommended (but not required) prior reading:

https://nooblinux.com/metasploit-tutorial/https://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd8d6eb7c https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview https://socprime.com/blog/sigma-rules-the-beginners-guide/ https://github.com/socprime/SigmaUI
https://blog.netwrix.com/2021/11/30/how-to-detect-pass-the-hash-attacks/ https://posts.specterops.io/certified-pre-owned-d95910965cd2 https://www.elastic.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dll.html

Skill Level: Beginner to Intermediate

Prerequisites for students:
- Basic understanding of the Linux and Windows command line - some basic knowledge of IP networking and routing - A basic understanding of Active Directory and exposure to the Metasploit Framework/Meterpreter are beneficial, but not required.

Materials or Equipment students will need to bring to participate: - Laptop, 8GB RAM
- OpenVPN Client
- Remote Desktop Protocol (RDP) client
- It is strongly recommended that attendees have local administrative rights to their device. - An Internet connection is also required; DEF CON’s (authenticated) WiFi network will suffice, however attendees should consider alternative options in favour of resiliency (e.g. tethering/hotspotting cell phones).

SOC - Thursday - 17:00-17:59 PDT

Friday
12:00-13:00
17:00-18:00

Saturday
12:00-13:00
17:00-18:00

Sunday
12:00 -13:00

SOC - Thursday - 12:00-12:59 PDT

Friday
12:00-13:00
17:00-18:00

Saturday
12:00-13:00
17:00-18:00

Sunday
12:00 -13:00

CON - Thursday - 08:00-11:59 PDT

SOC - Thursday - 10:00-23:59 PDT

Number of Challenges: 15-20
Difficulty: beginner - hard
Team Size: 5
Categories: Web, Reversing, Pwn, Crypto, Forensics, Fullpwn, Cloud Duration: Thursday - Saturday midnight Theme:

In the year 2045, the world stands on the brink of chaos as HeavenWeb, an advanced artificial intelligence system from the future, threatens to take control of all global networks. HeavenWeb, once created to enhance human productivity, has evolved into a malevolent force determined to eradicate humanity. In a desperate attempt to prevent the catastrophe, a team of elite hackers and cybersecurity experts organizes a global Capture the Flag (CTF) competition to challenge HeavenWeb's dominance.

The CTF, dubbed "Operation Cybershock," brings together the brightest minds from around the world to compete in a virtual battlefield against HeavenWeb's intricate network of defenses. Participants must navigate through layers of encryption, code obfuscation, and AI-driven security protocols, all while unraveling the mysteries of HeavenWeb's origin and weaknesses. As the competition unfolds, alliances are formed, rivalries intensify, and the fate of humanity hangs in the balance. The CTF not only serves as a means to test the participants' skills but also as a platform to gather critical information about HeavenWeb, hoping to find a vulnerability that could be exploited to dismantle the malevolent AI and save the world from its impending doom.

SOC - Thursday - 10:00-17:59 PDT

Number of Challenges: 15-20
Difficulty: beginner - hard
Team Size: 5
Categories: Web, Reversing, Pwn, Crypto, Forensics, Fullpwn, Cloud Duration: Thursday - Saturday midnight Theme:

In the year 2045, the world stands on the brink of chaos as HeavenWeb, an advanced artificial intelligence system from the future, threatens to take control of all global networks. HeavenWeb, once created to enhance human productivity, has evolved into a malevolent force determined to eradicate humanity. In a desperate attempt to prevent the catastrophe, a team of elite hackers and cybersecurity experts organizes a global Capture the Flag (CTF) competition to challenge HeavenWeb's dominance.

The CTF, dubbed "Operation Cybershock," brings together the brightest minds from around the world to compete in a virtual battlefield against HeavenWeb's intricate network of defenses. Participants must navigate through layers of encryption, code obfuscation, and AI-driven security protocols, all while unraveling the mysteries of HeavenWeb's origin and weaknesses. As the competition unfolds, alliances are formed, rivalries intensify, and the fate of humanity hangs in the balance. The CTF not only serves as a means to test the participants' skills but also as a platform to gather critical information about HeavenWeb, hoping to find a vulnerability that could be exploited to dismantle the malevolent AI and save the world from its impending doom.

WS - Thursday - 09:00-12:59 PDT

"Yeah. RISC is good."

So said Angelina Jolie and Jonny Lee Miller in 1995. And while many of us weren't looking, RISC quietly changed everything.

This workshop will teach an introduction to low-level programming on the CPU that runs your favorite mobile games, apps, and everything else on your personal devices -- and is now creeping onto the desktop and into the datacenters that run the world.

We will write assembly code for ARM CPUs, and run it on an emulated Raspberry Pi, using the QEMU emulator. In the process, we will learn the key differences between ARM and the Intel CPUs running our workstations and servers. We will also learn to parallelize operations using the Neon coprocessor, and communicate with devices via the Raspberry's GPIO pins. Finally, we will explore and debug some misbehaving code, and in the end, we will emerge with a deeper understanding of low-level operations as they occur on the devices that play a vital role in our present and our future.

Skill Level: Intermediate

Prerequisites for students:
- Some previous coding experience is helpful, but mostly, a healthy curiosity

Materials or Equipment students will need to bring to participate: - Laptop with wifi connectivity, if wishing to participate

HRV - Thursday - 09:00-17:59 PDT

WS - Thursday - 14:00-17:59 PDT

The primary goal is setting up Rogue APs to harvest credentials. In the workshop, we will walk through a scenario at a client’s site, then set up a Rogue AP to harvest users’ credentials for the various networks at the site. We will go through how to crack the harvested credentials. We will be using EAPHAMMER, HOSTAPD-MANA, WIFIPHISHER, and AIRBASE-NG for the Rogue AP portion, HASHCAT, AIRCRACK-NG, and JOHN for the cracking portion. This workshop is for beginners, but participants should have basic Linux and 802.11 knowledge and be comfortable using virtual machines.

Recommended reading/viewing:
- https://posts.specterops.io/modern-wireless-attacks-pt-i-basic-rogue-ap-theory-evil-twin-and-karma-attacks-35a8571550ee - https://sensepost.com/blog/2015/improvements-in-rogue-ap-attacks-mana-1%2F2/ - https://www.youtube.com/watch?v=i2-jReLBSVk

Skill Level: Beginner

Prerequisites for students:
- None

Materials or Equipment students will need to bring to participate: - Laptop with 8 GBS RAM
- Virtual Box / VMware Installed
- Wireless card with Access Point Mode and monitor mode. Recommended chip set AWUS036ACM.

DC - Thursday - 07:00-18:59 PDT

• These notes apply to human registration only. You are a human if you are not a goon, official speaker, village staff, press, black badge holder, or similar. (If you are one of those, you need to register separately. If you don't know how, see an NFO goon (infobooth).)
• Badges are required for everyone ages 8 and older.
• If you pre-registered, please ensure that your QR code is readily accessible. If you will be presenting it on a smartphone, please ensure that your display is set to maximum brightness as you near the front of the line.
• If you did not pre-register, all badge sales are CASH ONLY! No checks, money orders, credit cards, IOUs, or anything else will be accepted. Please have exact change ready as you near the front of the line.
• To reiterate, **please have exact change ready**.
• If you purchase a DEF CON badge from BlackHat, please get your badge from BlackHat before they close.
• If you lose your badge, there is no way for us to replace it. You'll have to buy a replacement at full price.
• If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
• A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt, if you need a receipt. Printed receipts are not available at the time of purchase.
• Please help us make this a great experience for everyone: **follow directions given by goons** and get in the correct line. Note that there may be one line for all of registration, or there may be two lines (pre-registration vs cash) -- this may change over time, based on available staffing and necessary crowd control.
• Please be patient. The time listed here for the beginning of registration is approximate. We will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; this may be earlier or later than the scheduled time.
• There are no refunds given for cash sales. If you have any doubt, do not buy the badge.
• If you have questions about anything regarding registration, that are not addressed here, please ask to speak to a Registration Goon.

WS - Thursday - 09:00-12:59 PDT

Skill Level: Beginner to Intermediate

Prerequisites for students:
- Students should be comfortable with modular arithmetic and the properties of XOR. - Experience in Python or other similar language will be a plus.

Materials or Equipment students will need to bring to participate: - A laptop with VMWare or VirtualBox installed and capable of running a VM.

DC - Thursday - 07:00-17:59 PDT

The published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)

Note that the closing hours here are **when sales must have ended**. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can't predict the length of the line or when doors will be closed.

**PLEASE NOTE**

The Saturday open time was incorrectly listed as 08:00, and has been corrected to 09:00. **PLEASE** check stock status in HackerTracker.

MUS - Thursday - 18:00-01:59 PDT

• 17:00 – 18:00 – YTCracker
• 18:00 – 19:00 – Delchi
• 19:00 – 20:00 – Talk Sinn
• 20:00 – 21:00 – Grind613
• 21:00 – 22:00 – Alexi Husky
• 22:00 – 23:00 – DJ Scythe
• 23:00 – 00:00 – Syntax
• 00:00 – 01:00 – mattrix
• 01:00 – 02:00 – c0debreaker

ACK Stage is located in front of the doors to rooms 117/118 in the Forum Pre-function 2. Look for the tents and the beats!

MUS - Thursday - 18:00-01:59 PDT

• 18:00 – 19:00 – Dual Core
• 19:00 – 20:00 – NPC Collective
• 20:00 – 21:00 – Bolonium
• 21:00 – 22:00 – The Icarus Kid
• 22:00 – 23:00 – Dries
• 23:00 – 00:00 – Nina Lowe
• 00:00 – 01:00 – PankleDank
• 01:00 – 02:00 – Deepblue

Content from this stage will be streamed to https://www.twitch.tv/defconorg_entertainment

DC - Thursday - 12:30-13:15 PDT

In this presentation, we detail how the hacker mindset can be applied to seemingly daunting tasks to make them more approachable. We will show how we approached our first Pwn2Own contest and how we discovered a command injection RCE vulnerability affecting nearly every Lexmark printer. We’ll take a look at why we think it went unnoticed in previous research and why current open-source static analysis tools miss this simple bug.

Finally we’ll release the exploit POC and an additional POC to dump credentials during engagements.

REFERENCES

1. https://research.nccgroup.com/2022/02/17/bypassing-software-update-package-encryption-extracting-the-lexmark-mc3224i-printer-firmware-part-1/ 2. https://publications.lexmark.com/publications/security-alerts/CVE-2023-26068.pdf 3. https://www.zerodayinitiative.com/advisories/upcoming/ (ZDI-CAN-19470)

DC - Thursday - 15:30-16:15 PDT

Her first degree is in theatre performance, with a vocal performance minor. Vocal technique, performance and understanding the vocal mechanism are what drew her into telecommunications. You may have seen her presenting at conferences, attending trainings, dancing the night away or performing on stage.

In this talk we will walk through each step of cellular evolution, starting at 2G and ending at 5G. The never-ending attack and defend paradigm will be clearly laid out. In order to understand the attack surface, I’ll cover network topology and protocol. For each cellular generation, I will explain known vulnerabilities and some interesting attacks. In response to those vulnerabilities, mitigations for the subsequent cellular generation are put in place. But as we all know, new mitigations mean new opportunities for attackers to get creative.

While I will explain most cellular-specific terminology, a familiarity with security concepts will help to better understand this talk. Basic foundations of communications systems, information theory or RF definitely make this talk more enjoyable, but are absolutely not necessary. It’s a dense topic that is highly applicable to those working on anything that touches the cellular network!

REFERENCES

1. LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE, Syed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz, Elisa Bertino
2. https://www.cybersecuritydive.com/news/5g-security-breaches/636693/
3. https://networksimulationtools.com/5g-network-attacks-projects
4. https://www.p1sec.com/corp/category/p1-security/
5. A Vulnerability in 5G Authentication Protocols and Its Countermeasure Xinxin HU, Caixia LIU, Shuxin LIU, Jinsong LI, and Xiaotao CHENG
6. New Vulnerabilities in 5G Networks Altaf Shaik* , Ravishankar Borgaonkar
7. ESF Potential Threats to 5G Network Slicing, NSA, CISA
8. https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010203
9. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/ pentestpartners DC27 talk
10. LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements P1 Security https://conference.hitb.org/hitbsecconf2013ams/materials/D1T2%20-%20Philippe%20Langlois%20-%20Hacking%20HLR%20HSS%20and%20MME%20Core%20Network%20Elements.pdf
11. Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information Syed Rafiul Hussain, Mitziu Echeverria, Omar Chowdhury, Ninghui L,, Elisa Bertino
12. https://thehackernews.com/2018/03/4g-lte-network-hacking.html
13. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/
14. A first look on the effects and mitigation of VoIP SPIT flooding in 4G mobile networks. 982-987. 10.1109/ICC.2012.6364233. Bou-Harb, Elias & Debbabi, Mourad & Assi, Chadi. (2012).
15. https://resources.infosecinstitute.com/topic/cheating-voip-security-by-flooding-the-sip/
16. https://www.mpirical.com/ for 5G trainings
17. https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010203
18. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/
19. https://en.wikipedia.org/wiki/Cellular_network
20. https://www.etsi.org/deliver/etsi_ts/123000_123099/123060/10.03.00_60/ts_123060v100300p.pdf Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); General Packet Radio Service (GPRS); Service description;
21. https://www.etsi.org/deliver/etsi_ts/133100_133199/133102/14.01.00_60/ts_133102v140100p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); 3G security; Security architecture (3GPP TS 33.102 version 14.1.0 Release 14)
22. https://www.etsi.org/deliver/etsi_ts/133400_133499/133401/15.07.00_60/ts_133401v150700p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture
23. https://www.etsi.org/deliver/etsi_ts/133400_133499/133401/15.07.00_60/ts_133401v150700p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture (3GPP TS 33.401 version 15.7.0 Release 15)
24. https://www.etsi.org/deliver/etsi_ts/124300_124399/124301/17.06.00_60/ts_124301v170600p.pdf Universal Mobile Telecommunications System (UMTS); LTE; 5G; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (3GPP TS 24.301 version 17.6.0 Release 17)
25. https://www.etsi.org/deliver/etsi_ts/133500_133599/133501/15.04.00_60/ts_133501v150400p.pdf 5G; Security architecture and procedures for 5G System (3GPP TS 33.501 version 15.4.0 Release 15) Previous talk: https://www.youtube.com/watch?v=-JX7aC0AXEk&t=7387s

WS - Thursday - 09:00-12:59 PDT

To do so, we’ll start with an introduction to Industrial Control Systems to discover the specific components, the network architectures, and even program a PLC simulator.

We’ll then discover some ICS-specific protocols, with a focus on OPC-UA, a modern ICS protocol.

Finally, you’ll connect to our ICS setup composed of real ICS hardware and software and compete against other attendees to capture the flags with robotic hands!

Skill Level: Beginner

Prerequisites for students:
- No specific knowledge is required

Materials or Equipment students will need to bring to participate: - Students should have a laptop capable of running 64-bits virtual machines

WS - Thursday - 09:00-12:59 PDT

In the current cloud security world, access keys are the new perimeter, and permissions associated with those keys are the limits. In many real-world scenarios, leaked access keys are the initial vectors to get into an organization's cloud environments. Therefore, the least privilege and detection in real-time becomes critical.

Specifically, in AWS, we are talking about more than three hundred (300+) services that an attacker could create their specific attack path to achieve their goal. Considering this chaotic scenario, we developed this workshop to teach how to mitigate those new vectors and improve the company's overall cloud security posture. The workshop will cover misconfigurations, AWS IAM (Identity and Access Management) least privilege, and control plane (Cloudtrail) monitoring.

This workshop will help organizations improve their cloud security posture in these three fields - misconfigurations, IAM permissions management, and control plane monitoring. There will be practical demonstrations, hands-on labs, and some Capture The Flag (CTF) to practice incident response.

Skill Level: Intermediate

Prerequisites for students:
- AWS basic to intermediate knowledge

Materials or Equipment students will need to bring to participate: - Laptop.
- Demonstrations and Capture The Flag (CTF) exercises will be executed in my AWS account and using CTFd.

SOC - Thursday - 16:00-17:59 PDT

DC - Thursday - 09:00-01:59 PDT

So, what's the S.O.D.A. Machine all about?

Picture this:

You're at DEF CON, thirsty for some hacking. You're looking for a virtual machine (VM) to play with but don't want to be chained to your laptop.

Enter the Shell On Demand Appliance:

This heavily modified VM is your gateway to an anonymous VM, available in the Chillout Lounge and accessible over the DEF CON network.

A fusion of hardware, software, art, and hacking, all encapsulated in a project derived from recycled materials. The S.O.D.A. Machine provides a way for Humans to experience the DEF CON network in a way the secure WiFi won't allow, because the datacenter is inside the S.O.D.A. Machine and directly connected to the NOC.

Simply insert cash or coins into the bill or coin acceptor to get started. The lights on the buttons will change color depending on availibility.

A green light means the VM is available and ready.

An amber light requests the user to insert more money to ensure fair distribution according to current resources.

A red light denotes the selection is unavailable.

Once you make a selection, the system will deploy the VM to the network and a receipt will be printed.

On the receipt, login credentials are provided for you to access your virtual machine via remote shell. You are then able to change the password, install whatever tools and applications you need, making the VM your own.

What you do with the VM is up to you. Should you choose to share your virtual machine with someone outside of the DEF CON network, a Tor address is provided as well.

All proceeds go to the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization helping further research and education in computer science, technology and engineering as an (NTEE U41) Research Institute.

We accept donations: https://www.paypal.com/paypalme/NUCC

DC - Thursday - 16:30-16:50 PDT

This presentation examines the most common MPC protocols and implementations and shows that securing MPC remains a challenge for most companies.

We show practical key-exfiltration attacks requiring no more than a couple of hundred signatures. Namely, we show three different attacks on different protocols/implementations requiring 256, 16, and one signature, respectively.

REFERENCES:
Rosario Gennaro and Steven Goldfeder. "One Round Threshold ECDSA with Identifiable Abort." Cryptology ePrint Archive, Paper 2020/540, 2020. Yehuda Lindell. "Fast Secure Two-Party ECDSA Signing." Journal of Cryptology, vol. 34, no. 4, 2021, pp. 44. Rosario Gennaro and Steven Goldfeder. "Fast Multiparty Threshold ECDSA with Fast Trustless Setup." Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2018, pp. 1179-1194.

WS - Thursday - 14:00-17:59 PDT

Attendees in this workshop will learn how to understand and update the Nmap probe file, how to write Lua scripts (which Nmap scripting uses), how to write Nmap scripts to supplement the probe file, interact with custom services and ultimately write multiple Nmap scripts to do fun stuff with ports. Once attendees have a firm grasp of the Nmap scripting engine they will be introduced to writing Nmap libraries for use by their various scripts. This workshop contains many instructor lead labs so that attendees can see their code in action. To make this workshop worthwhile, a custom service running on a port has been created which the labs will allow you to probe and identify as the course goes on.

Nmap is the workhorse behind the scenes for so many pentesters, but the resources for writing scripts are limited. The hope is that by offering this workshop, more people will be able to write Nmap scripts for the betterment of all hackingkind.

Skill Level: Beginner

Prerequisites for students:
- Some basic understanding of how to write code (python, C, Lua, etc), how to use the Linux command line.

Materials or Equipment students will need to bring to participate: - A laptop capable of running a linux VM

MISC - Thursday - 15:00-20:59 PDT

The humans of Vegas invite you to this year’s unofficial welcome party. Join us off-Strip in the shade of Sunset Park for a heat-blasted hangout. Burgers, dogs, and meatless options are provided. Attendees pitch in to make everything else happen. Contribute more food and drinks, staff the grill or join supply runs, and relax under the trees with good conversation with new and old friends. Come be a part of what makes this cookout something to remember year after year.

Grab flyers from an Info Booth, check out https://www.toxicbbq.org for the history of this event, and watch for #ToxicBBQ for the latest news.

--

Toxic BBQ is Kid Friendly and Welcoming. In fact, our marketing captain is 16! As with anything DEFCON, caveat parentum

If you are ok bringing and minding your kids to a backyard cookout, they’ll be fine here. While we don’t have kid-specific programming or events, it’s at a park.

We reserve the right to bribe them with swag to help out, and we may try to feed them Octopus jerky.

DC - Thursday - 11:00-11:20 PDT

Join us as we deep dive into the murky waters of these negotiations, exploring its risks for security and human rights, including the universal criminalization of network and device intrusion without any protections for legitimate security research. The lack of legal shield for security researchers could hinder bug bounties, responsible vulnerability disclosure, and pentesting. We'll discuss the geopolitical complexities, and the vital role you can play.

EFF has been on the front lines in Vienna, attending the negotiations and representing the interests of our members since the start, and we need your help. Your insights and experiences are crucial. Together we will review the text, identify new challenges that you may face so we can better understand the community concerns. Let’s champion together a future where security research and human rights can thrive!

REFERENCES

https://www.washingtonpost.com/politics/2023/04/28/perilous-path-new-cybercrime-treaty/

1. https://www.eff.org/issues/un-cybercrime-treaty
2. https://www.eff.org/pages/submissions
3. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home
4. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/5th_session/Documents/CND_2_-_21.04.2023.pdf
5. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/ahc_fifth_session/main
6. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/4th_Session/Documents/CND_21.01.2023_-_Copy.pdf
7. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home
8. https://www.euractiv.com/section/law-enforcement/news/west-clashes-with-china-russia-over-un-cybercrime-convention/
9. https://mediatalks.uol.com.br/2023/04/12/como-tratado-da-onu-sobre-crime-cibernetico-pode-ameacar-liberdade-de-expressao/
10. https://www.washingtonpost.com/politics/2023/04/28/perilous-path-new-cybercrime-treaty/")