-- MySQL dump 10.13 Distrib 5.7.42, for FreeBSD14.0 (amd64) -- -- Host: localhost Database: defcon31 -- ------------------------------------------------------ -- Server version 5.7.39-log /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; /*!40103 SET TIME_ZONE='+00:00' */; /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; SET @MYSQLDUMP_TEMP_LOG_BIN = @@SESSION.SQL_LOG_BIN; SET @@SESSION.SQL_LOG_BIN= 0; -- -- Table structure for table `contests` -- DROP TABLE IF EXISTS `contests`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `contests` ( `ID` int(11) NOT NULL AUTO_INCREMENT, `Name` varchar(65) COLLATE utf8_unicode_ci NOT NULL, `ForumPage` varchar(40) COLLATE utf8_unicode_ci NOT NULL, `ForumArticle` varchar(40) COLLATE utf8_unicode_ci NOT NULL, `Twitter` varchar(60) COLLATE utf8_unicode_ci NOT NULL, `Webpage` varchar(60) COLLATE utf8_unicode_ci NOT NULL, `Weblink` varchar(60) COLLATE utf8_unicode_ci NOT NULL, `ImagePath` varchar(30) COLLATE utf8_unicode_ci NOT NULL, `Descript` text COLLATE utf8_unicode_ci NOT NULL, PRIMARY KEY (`ID`) ) ENGINE=InnoDB AUTO_INCREMENT=1455 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `contests` -- LOCK TABLES `contests` WRITE; /*!40000 ALTER TABLE `contests` DISABLE KEYS */; INSERT INTO `contests` VALUES (1401,'\'Car Hacking Village CTF\'','\'https://forum.defcon.org/node/244786\'','\'https://forum.defcon.org/node/244787\'','','','','','\'\n. \n\n\n\"Car\n\n\n\n
\n
\n
\n
\n
\n
\nCar Hacking Village CTF
\nCaesers Forum, Contest Area, Car Hacking Village.
\n
\n\nWHEN:\n
\nFriday: 10am to 16:30pm
\nSaturday: 10am to 16:30pm
\nSunday: 10am to 12pm
\n
\nTwitter: \nhttps://twitter.com/CarHackVillage/\n
\nWebsite: \nhttps://www.carhackingvillage.com/\n
\nCommunity: \nhttps://discord.gg/DevtqBZ\n
\n​
\n
\nThe Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEM\'s and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.
\n
\nWith the largest collection of hackers in one area, there\'s no better way to understand the security state of an industry without bringing it to security professionals to break. Over the past 9 years, the Car Hacking Village has been the focal point of interest for new hackers entering the automotive industry to learn, be a part of and actually test out automotive technologies. Our contest at the village, in combination with many automotive OEMs, Suppliers, etc., is used to give people first hand experience on cutting edge and at times expensive technologies. We plan to use this event to keep drawing attention to the automotive security industry through hands-on challenges.
\n\n\n\n\n\''),(1402,'\'DEF CON 31 Beard and Mustache Contest\'','\'https://forum.defcon.org/node/246752\'','\'https://forum.defcon.org/node/246753\'','','','','','\'\n
\nDEF CON 31 Beard and Mustache Contest
\n
\nWhen: Saturday 14:00 - 16:00
\nWhere: Contest Stage
\n
\nWebsite: \nhttp://dcbeard.net/\n (new domain this year – update your favorites)
\n
\nTwitter: @\nDCBeardContest\n
\n
\n
\nHeld every year since DEF CON 19 in 2011 (R.I.P. Riviera), (Except during that COVID thing - but we are not going to talk about that COVID thing), the DEF CON Beard and Mustache Contest highlights the intersection of facial hair and hacker culture.
\n
\nFor 2023 there will be three categories for the competition:
\n
\n\nFull beard\n: Self-explanatory, for the truly bearded.
\n
\n\nPartial Beard or Mustache only\n (combined this year)
\n
\nFor those sporting Van Dykes, Goatees, Mutton Chops, and other
\n
\npartial beard styles -or-
\n
\nMustache only: Judging on the mustache only, even if bearded.
\n
\nBring your Handlebars, Fu Manchus, or whatever adorns your upper lip.
\n
\n\nFreestyle\n: Anything goes, including fake and creatively adorned beards. Creative women often do well in the Freestyle category.
\n​
\n\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 14:00\n\n\n\nEnds\n\nAugust 12, 2023 16:00\n\n\n\nLocation\n\nContest Stage\n\n\n\n\n\''),(1403,'\'Blue Team Village CTF\'','\'https://forum.defcon.org/node/244798\'','\'https://forum.defcon.org/node/244799\'','','','','','\'\n
\n\nBlue Team Village CTF\n
\n\nWhere: Flamingo, Scenic ballroom\n
\n\nWhen: \n
\nFriday: CTF begins: 10:30 - 18:00
\nSaturday: 10:30 - 18:00 (CTF ends)
\nSunday: N/A The winners will be announced during BTV closing ceremonies
\n
\nThis contest is online and in person.
\n
\n\n@BlueTeamVillage\n
\n\nhttps://www.blueteamvillage.org/ctf\n (not a live link yet)
\n
\nThe Blue Team Village CTF is a cyber defense CTF inspired by a mix of trending nation-state actor kill chains and at least one custom insider threat story. You are an incident responder tasked to investigate the recent attacks against our fictitious company: Magnus Tempus Financial. Since Magnus Tempus Financial made a vital acquisition expanding its precious metals portfolio to oil and gas operational technology (OT), you will also investigate their OT environment.
\n
\nThe CTF challenges contestants to leverage diverse cyber defense skills, including Incident Response, Forensics, Malware Analysis, Threat Intelligence, and Threat Hunting, to be the first team or individual to answer or solve the challenges presented.
\n
\nThe BTV crew developed the CTF to allow anyone, regardless of skill or knowledge, to participate, aiming to sharpen their cyber defense skills. We believe in the idea of choosing your adventure. As a result, participants can download a copy of the required evidence (logs, packets, etc.) or log into any of the 3 SIEMs we provide to hunt on.
\n
\nIf you are new to cyber defense, we highly recommend participating in the Blue Team Village Obsidian stations. They will cover many of the topics on the CTF and will help you along the way!
\n
\n\nWe will provide game clues on the CTF Platform and use the CTF station at the Blue Team Village and the Defcon BTV CTF Discord channel to address any CTF technical or scoring issues. \n
\n​\n\n\''),(1404,'\'Blacks In Cyber Village CTF\'','\'https://forum.defcon.org/node/244802\'','\'https://forum.defcon.org/node/244803\'','','','','','\'\n.. \n\n\n\"BIC\n\n\n\n
\n
\n..
\n
\nBlacks In Cyber (BIC) Village CTF
\nForum, Alliance 301-303
\n
\n\nFriday:\n 12:00 PM - 11:59 PM ( in person village closes at 18:00)
\n\nSaturday:\n 12:00 AM - 5:00 PM
\nThis contest is both online and in person.
\n
\n\n@BlackInCyberCo1\n
\n\nhttps://www.blacksincyberconf.com/ctf\n​
\n
\nThe year is 2323. You find yourself in an abandoned city in the future that is home to a variety of advanced technology and systems. You will need to use your skills to solve challenges and discover information to use to uncover your flags. Along the way, you will learn about social justice, privacy, civil rights and surveillance and how these can relate to communities and individuals as our world explores emerging technologies. This is a jeopardy style game with multiple categories in Cryptography, Steganography, Exploitation, Forensics,
\nReverse Engineering and more!​ \n\n\n\"Click\n\n\n\n
\n\n\n\''),(1405,'\'Creative Writing Short Story Contest\'','\'https://forum.defcon.org/node/244807\'','\'https://forum.defcon.org/node/244808\'','','','','','\'\n
\nCreative Writing Short Story Contest
\nTwitter: \nhttps://twitter.com/dcshortstory\n
\n
\nReddit: There will be a new Reddit thread at /r/defcon
\n
\nThis contest is run pre-con. The proposed contest will run from May 1, 2023 to June 15, 2023. Judging will run from June 16, 2023 to June 30, 2023. Winners will be announced July 8, 2023.
\n
\nThe DEF CON Short Story contest is a pre-con contest that is run entirely online utilizing the DEF CON forums, Twitter, and reddit. This contest follows the theme of DEF CON for the year and encourages hackers to roll up their sleeves, don their proverbial thinking cap, and write the best creative story that they can. The Short Story Contest encourages skills that are invaluable in the hacker’s world, but are often overlooked. Creative writing in a contest setting helps celebrate creativity and originality in arenas other than hardware or software hacking and provides a creative outlet for individuals who may not have another place to tell their stories.
\n
\nSo many hacker skills depend on your ability to tell a story. Whether it\'s social engineering, intrusion, or even the dreaded customer pentest report, ALL of these require the ability to tell a story. Storytelling is one of mankind\'s oldest traditions. Presenters even engage in storytelling when they get up on stage. A contest that celebrates and focuses on the ability to wind a yarn that captures and engages an audience is highly appropriate.
\n
\nSo why not?
\n
\nAwards are In person:
\n1st place: 2 badges
\n2nd place: 1 badge
\nCommunity choice: 1 badge
\n
\nMore Info: \n@dcshortstory\n
\n
\nLast year\'s contest entries can be found here:
\n\nCreative Writing Short Story Contest Story Entries - DEF CON Forums\n
\n
\n\n\n\n\n\''),(1406,'\'AutoDriving CTF contest\'','\'https://forum.defcon.org/node/244813\'','\'https://forum.defcon.org/node/244814\'','','','','','\'\n. \n\n\n\"AutoDriving\n\n\n\n
\n
\n
\n
\n
\n
\n
\n.
\n
\nAutoDriving CTF contest
\n
\nFriday 10:00 - 18:00
\nDEF CON Contest Area, Forum Ballroom​
\nThis contest will be both online and in-person.
\nTwitter: \nhttps://twitter.com/autodrivingctf\n
\n​
\nAutoDriving CTF is a Jeopardy style of CTF game with a set of challenges specific to self-driving functions and components. The contest offers participants the ability to use a simulation-based autonomous driving environment (based on the open-source simulators; e.g., LGSVL and CARLA) and explore specific attacks (such as camouflage stickers, road graffiti, and sensor spoofing/hijacking) as well as defense strategies.
\nWe hope to continue the engagement with the hacking community to demonstrate security implications of autonomous driving system design decisions through hands-on challenges, increase the awareness of potential risks in security professionals, and encourage them to propose defense solutions and tools to detect such risks.​\n\n\''),(1407,'\'? Cube\'','\'https://forum.defcon.org/node/244817\'','\'https://forum.defcon.org/node/244818\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\n
\n? Cube
\n
\nFriday 10:00 - 18:00
\nSaturday 10:00 - 18:00
\nSunday 10:00 - 14:00
\nDEF CON Contest Area, Forum Ballroom​
\n(This contest is held online and in person.)
\n
\nAre you ready to put your problem-solving skills to the test?
\nThis year, we are proud to introduce a brand new contest, designed to push your limits and awaken your curiosity.
\n
\nThe ? Cube Challenge is not for the faint-hearted. It is a multi-layered, complex puzzle that requires you to use all your hacking and analytical skills to solve it.
\nThe cube is loaded with riddles and puzzles that must be solved one by one to progress further towards the ultimate goal.
\n
\nThis challenge is not just about solving a puzzle, it\'s about exploring your curiosity and pushing the boundaries of your knowledge.It\'s about putting your hacker mindset to work and seeing how far you can go. With each step, you\'ll be one step closer to unlocking the secrets of the ? Cube Challenge. We know that Defcon attendees are always looking for the next big challenge, and we have created the ? Cube Challenge with that in mind.
\n
\nIt is a contest that will test your limits, engage your creativity, and push your curiosity to the next level. So come and join us at Defcon 31 and take on the ultimate challenge! Who knows, you might just walk away with the title of ? Cube Champion and the admiration of your fellow hackers. Are you ready to take the challenge?
\n
\nWebsite: \nhttp://0x3fcube.com/\n
\n
\n​\n\n\''),(1408,'\'Octopus Game\'','\'https://forum.defcon.org/node/245213\'','\'https://forum.defcon.org/node/245214\'','','','','','\'\n.. \n\n\"Click\n\n\n
\n
\n..
\nOctopus Game
\n
\nContest
\nFriday: 1000 PDT (GMT -7) - Sunday: 1200 PDT (GMT -7)
\n
\nOctopus Game is back for a second year with an ARG style competition where fun and friendship are the goals. This year players will meet, compete and work together in various locations in and around the con. You\'ll solve puzzles and interact with characters in a world hidden just below the surface of reality. 128 players will enter, but only ONE will be crowned the Octopus CHAMPION. Join us, make some new friends and discover the world of Octopus Game!
\n
\nMore Info: \nhttps://www.mirolabs.info/octopusgamedc31\n
\nTwitter: \n@OctopusGameDC\n
\nMastodon: \n@OctopusGame@defcon.social\n
\n
\n​\n\n\n\n\''),(1409,'\'Phish Stories\'','\'https://forum.defcon.org/node/245219\'','\'https://forum.defcon.org/node/245220\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\n
\nPhish Stories
\nTwitter: \n@phishstories​\n
\n
\n
\nIn today’s world, approximately 90% of all cyberattacks begin with a phish. In fact, it’s not only the most prevalent method, but also the most effective one for someone to get malware on a machine. The sophistication of the groups who employ these methods targeting end-users continues to rapidly evolve. Many organizations around the world have adopted training to help their workforce understand what is or isn’t a phish when it hits their inbox. Hopefully, you’ve seen through the deception and haven’t been taken for a ride on any phish you’ve personally received.
\n
\nAt DEF CON, you might see examples of just how talented some of the red teamers and social engineers are when it comes to creating scenarios that can fool even the most seasoned of professionals. Leveraging Open-Source Intelligence (OSINT), some good looking graphics sprinkled in with proper grammar can make it tough on the targets.
\n
\nIt’s a far cry from the early days of phishing, when the promise of inheriting millions from a Nigerian prince or the lure of winning a sweepstakes were the focus of many an e-mail. No, the original phishing e-mails were not finely tuned instruments and more times than not they found their way into the trash bin. And, while that was the safest thing to do with these e-mails, I found myself chuckling at the rather inane stories sometimes associated with the particularly bad ones. Some were so bad that I wondered if they were written with the thought of getting someone to click or if the goal all along was to get someone to laugh.
\n
\nIt got me to thinking, “\nWhy not form a contest to see who can craft a phishing e-mail that makes us do both? Click AND laugh?”\n
\n
\nAs an avid fisherman who goes after the fish that swim, I’m very familiar with the concept of a “fish story”. A fish I catch may somehow end up looking a little bigger than it really is. That 12-inch bass becomes a 2-foot monster when held close to the camera. Or, I might fib a little on what I used to catch a certain fish or where I caught it.
\n
\nI’m also a hacker, with a security day job, more than familiar with the other kind of “phishing”. It also can also be done through proclaiming incredible things to get you to click on a link. Perhaps you’ve inherited a large sum of money? Or maybe a mysterious government agent has some secret information that only you are privy to?
\n
\n
\n\nThe Rules\n
\n
\nFirst off, this is a contest about creativity, but you don’t \nHAVE\n to be funny to win.
\n
\nThere is more than one way to win, but there is only one entry per person. So, you must choose which way you’re going from one of the following three categories:
\n
\n\n1.\n \nThe Jester\n – This option is all about the laughter. Yes, you might know the technical ins and outs of SMTP or maybe you conduct penetration tests for a living and try to get your targets to click on those juicy links. But what we’re looking for in *this* option is more about just how good you are at giving us a chuckle. Write up a backstory, but no need to focus on too many of the technical details. Feel free to get really silly here. We still want you to focus on a target from the list, but the phish needs to do nothing more than make us laugh. These e-mails should be OBVIOUS phishes in this category.
\n
\n\n2.\n \nThe Wizard\n – You’re doing your best to ACTUALLY trick one of the targets. This would be more of your traditional phish. You’ll want to utilize the articles and create a backstory that includes any other potential sources of your OSINT. What caused you to take the path you did with the e-mail? Also, bonus points here for describing what happens AFTER your target clicks on a link. Again, though, you are limited to 3500 characters, so be concise. You want to trick them in this one, so the phish should not be overtly easy to spot.
\n
\n\n3.\n \nThe Ruler – \nThe last of the options is the toughest one. Can you combine the two? We’re looking for “targeted absurdity” in this option. Write a ridiculous backstory complete with technical chops and then back that up with a phishing e-mail that busts a collective gut. The best e-mails in this competition will find a way to balance humor with the basic bones of a targeted phishing attempt.
\n
\nRemember, this contest is more about creativity, writing, and finding a way to make us laugh. We’ll provide you with a LinkedIn profile of each member of the Management team, and three magazine articles, but it’s up to you to “fill in the blanks.” You get to make up what you want in the backstory. We’ve given you a start, but you’ll have to do the rest.
\n
\n
\n\nRules for entry:\n
\n
\nEach submission features two distinct documents:
\n
\n1. The backstory – you’ll need to fill out the assumptions you made about your target. The more creative you get, the more you’ll score. This needs to be limited to roughly 3500 characters.
\n2. The e-mail – again, this should be limited to no more than 3500 characters. (3500 is about the size of one page)
\n
\nYou will be supplied with some background newspaper and magazine articles about the potential targets along with LinkedIn profiles of each as well. \n\nIt is then up to you to pick your path to victory:\n\n
\n
\nSave the e-mail and Backstory to a text file. Attach that text file to an e-mail and send it to \nphishstories@protonmail.com\n.
\n
\nContest begins May 15th and participants will have until June 15th to submit their entry.
\n
\n
\n\nOne entry per participant\n
\n
\nYou will receive confirmation of your entry. If you submit more than one, we’re only counting and reading the first.
\n
\nIllustrations and graphics are not accepted.
\n
\nPlease include your e-mail address and handle for communication and recognition.
\n
\nYou will receive a confirmation within 48 hours of submission. Please contact us if you do not receive confirmation after 48 hours.
\n
\nJudging will be conducted by a panel and completed within 2 weeks.
\n
\n
\n\nScoring Criteria\n
\n
\nE-mail content – 50%
\nBackstory – 40%
\nFollowing the instructions – 10%
\n
\nAwards are In Person. Top 3 will receive prizes – A “Jester”, “Wizard”, and “Ruler”. The Jester and Wizard receive one human badge each, the Ruler will receive two human badges.
\n
\nYou can follow @phishstories on Twitter for updates and information.
\n
\nEnjoy!
\n
\nThe winners will get recognition in the online program and in social media. If on-site during the conference, they will also walk the stage to be recognized at the Contest Closing Ceremony.
\n
\n
\n\nWhat’s the point?\n
\n
\nHaving won the creative writing contest for DEF CON 30 and the People’s Choice award for DEF CON 29, I was looking for a way to expand pre-con participation in the creative writing process and incorporate a little (or a lot) humor along the way. Writing is a skill that has gotten me further in my information security career than most of my skills, save perhaps my sense of humor. Combining the two can be very helpful in gaining confidence for your own skills.
\n
\n
\n\nThe Scenario\n
\n
\n
\n
\nFor this year’s inaugural contest, our contestants will attempt to send a phishing email to someone on the leadership team of DEF CON Custard and Cream, a new custard shop opened in August of 2020 that has 31 distinct “Phlavors” of custard and ice cream. There are three individuals on the leadership team for you to choose from:
\n
\nJulia Culter, CEO
\n
\nPat Conline, CMO
\n
\nJohnny “Red” Packard, CIO
\n
\n\nProfiles of Defcon Custard and Cream management team:\n
\n​
\n... \n\n\n\"Click\n\n\n\n
\n
\n..
\n
\n
\nJulia Culter was always passionate about food and desserts. After working in various pastry shops and bakeries, she decided to start her own business and opened DEFCON Custard and Cream. Located in the heart of the city, the shop quickly became a local favorite for its delicious and unique flavors of custard.
\n
\nAs the owner and head chef of DEFCON Custard and Cream, Julia spends most of her days in the kitchen experimenting with new recipes and perfecting her craft. In her free time, she enjoys reading cookbooks in her cozy three-story condo. She is known for her strong work ethic and commitment to providing her customers with the best possible experience.
\n
\nJulia Culter Founder & Head Chef at DEFCON Custard and Cream
\n
\nSummary:
\n
\nPassionate and dedicated pastry chef with experience in creating unique and delicious desserts. Founded DEFCON Custard and Cream to provide customers with a one-of-a-kind custard experience.
\n
\nExperience:
\n
\nFounder & Head Chef DEFCON Custard and Cream (May 2020 - Present)\nPastry Chef Sweet Dreams Bakery (January 2018 - April 2020)\nEducation:
\n
\nBachelor of Science in Culinary Arts Le Cordon Bleu College of Culinary Arts (September 2014 - May 2018)
\n
\nSkills:\nCertifications:\n​... \n\n\n\"Click\n\n\n\n
\n
\n..
\n
\n
\nPat Conline is the Chief Marketing Officer at DEFCON Custard and Cream. With over 10 years of experience in the food and beverage industry, Pat brings a wealth of knowledge and expertise to the company.
\n
\nAs the CMO, Pat is responsible for overseeing the marketing and advertising efforts for DEFCON Custard and Cream. She has been working diligently on tapping new markets for the custard shop, with a focus on expanding the brand beyond its flagship store on the Las Vegas Strip. Pat is known for her creative and innovative approach to marketing, and is always looking for new ways to promote the company and its delicious custard. When not working, Pat enjoys spending time with her pet parakeet Linda.
\n
\nPat Conline Chief Marketing Officer at DEFCON Custard and Cream
\n
\nSummary:
\n
\nExperienced marketing professional with a background in the food and beverage industry. Currently serving as the Chief Marketing Officer at DEFCON Custard and Cream, overseeing all marketing and advertising efforts for the company.
\n
\nExperience:
\n
\nChief Marketing Officer DEFCON Custard and Cream (August 2020 - Present)\nMarketing Manager Cupcake Heaven (January 2018 - July 2020)\nEducation:
\n
\nBachelor of Science in Marketing University of Nevada, Las Vegas (September 2014 - May 2018)
\n
\nSkills:\n​... \n\n\n\"Click\n\n\n\n
\n
\n..
\n
\nJohnny "Red" Packard is the Chief Information Officer at DEFCON Custard and Cream. With a background in both culinary arts and web development, Johnny brings a unique skillset to the company.
\n
\nAs the CIO, Johnny is responsible for managing all of the company\'s information technology systems and ensuring that they are running smoothly. In addition to his technical expertise, Johnny is also known for his creative flavor creations and is always coming up with new and exciting custard flavors for the shop. In his free time, Johnny enjoys moonlighting as a web developer and was even responsible for creating the first DEFCON Custard and Cream website. He is known for his ability to bridge the gap between technology and culinary arts.
\n
\nJohnny "Red" Packard Chief Information Officer at DEFCON Custard and Cream
\n
\nSummary:
\n
\nExperienced IT professional with a background in web development and culinary arts. Currently serving as the Chief Information Officer at DEFCON Custard and Cream, overseeing all information technology systems and managing the company\'s website.
\n
\nExperience:
\n
\nChief Information Officer DEFCON Custard and Cream (August 2020 - Present)\nWeb Developer Freelance (January 2018 - July 2020)\nPastry Chef Sweet Dreams Bakery (September 2016 - December 2017)\nEducation:
\n
\nBachelor of Science in Computer Science University of Nevada, Las Vegas (September 2014 - May 2018)
\n
\nSkills:\nCertifications:\n
\n\nArticle 1:\n Def Cream Magazine
\n
\nDouble Dip on the Strip
\n
\nDEFCON Custard and Cream is not just the brainchild of one person, but a team effort led by Julia Culter, the founder and head chef, along with Pat Conline, the Chief Marketing Officer, and Johnny "Red" Packard, the Chief Information Officer.
\n
\nPat Conline, who has over 10 years of experience in the food and beverage industry, is responsible for overseeing the marketing and advertising efforts for DEFCON Custard and Cream. "Our goal is to expand the brand beyond its flagship store on the Las Vegas Strip and tap into new markets," says Pat. "I\'m always looking for new and innovative ways to promote the company and its delicious custard."
\n
\nJohnny "Red" Packard, who brings a unique skillset to the company with his background in both culinary arts and web development, is responsible for managing all of the company\'s information technology systems and ensuring they are running smoothly. "I really enjoy the opportunity to bridge the gap between technology and culinary arts," says Johnny. "I was even responsible for creating the first DEFCON Custard and Cream website and it\'s been amazing to see how technology has helped us to grow and improve our business."
\n
\nTogether, Julia, Pat, and Johnny have created a winning team that is dedicated to providing their customers with the best possible experience. "We have such a great team here at DEFCON Custard and Cream," says Julia. "We all bring different skills and perspectives to the table, and it\'s that diversity that makes us so successful."
\n
\nWith a passion for food and desserts, a commitment to customer service, and a team of experts working together, DEFCON Custard and Cream is sure to continue its sweet success for years to come.
\n
\n\nArticle 2: \nLinux Loves Bean Magazine
\n
\n"From Pastry Chef to CIO: How Johnny \'Red\' Packard is Revolutionizing the Dessert Industry"
\n
\nJohnny "Red" Packard is no stranger to the world of desserts. With a background in both culinary arts and web development, he brings a unique skillset to his role as the Chief Information Officer at DEFCON Custard and Cream. But it\'s not just his technical expertise that sets him apart - it\'s his passion for experimentation and innovation.
\n
\nAs a pastry chef, Johnny has always been drawn to the creative process of recipe development and flavor creation. "I\'ve always enjoyed experimenting with different ingredients and techniques to create new and exciting flavors," he says. "I think that mindset really helps me in my role as CIO, where I\'m constantly looking for new ways to improve and streamline our systems and processes."
\n
\nBut what really sets Johnny apart is his hobby of "penetration testing" and ethical hacking. Johnny has a passion for understanding how systems and networks can be compromised, and he uses that knowledge to ensure that DEFCON Custard and Cream\'s IT infrastructure is as secure as possible. "I think it\'s important to understand the potential threats and vulnerabilities that exist in any system," he says. "That way, you can proactively take steps to protect yourself and your customers."
\n
\nOne of the ways that Johnny has been able to apply this knowledge is by developing an online ordering system that is both user-friendly and secure. "Our online ordering system allows customers to place their orders from the comfort of their own home, but we also made sure to use secure methods of storing and transmitting their information," he explains. "It\'s a win-win for both our customers and for us as a business."
\n
\nWith his background in both culinary arts and web development, Johnny is able to bridge the gap between technology and culinary arts. His innovative approach and passion for experimentation and innovation has helped DEFCON Custard and Cream to stand out in the dessert industry.
\n
\n"I\'m so grateful for the opportunity to do something I love every day, and to have such amazing customers who support me," says Johnny. "I can\'t wait to see what the future holds for DEFCON Custard and Cream."
\n
\n\nArticle 3: \nBon Hacketit Magazine
\n
\n"Marketing the Sweet Life: Inside the Mind of DEFCON Custard and Cream\'s CMO"
\n
\nWhen it comes to marketing, Pat Conline is a force to be reckoned with. As the Chief Marketing Officer at DEFCON Custard and Cream, she\'s responsible for overseeing all of the company\'s advertising and promotion efforts. But behind the creative campaigns and clever slogans is a woman who\'s just as passionate about custard as she is about marketing.
\n
\n"I\'ve always had a sweet tooth, and when I saw the opportunity to work with DEFCON Custard and Cream, I knew it was the perfect fit," says Pat. "It\'s been amazing to see how our marketing efforts have helped the brand to grow and become a household name."
\n
\nBut despite her success in the marketing world, Pat admits that she\'s not always the most tech-savvy person. "I\'ll be the first to admit that I\'m not the most computer-literate person out there," she says. "I leave all of that stuff to Johnny, our CIO. He\'s the one who makes sure our website and online systems are running smoothly."
\n
\nWhen asked about the company\'s computer network, Pat is quick to deflect. "I don\'t know much about the technical side of things," she admits. "But I know that Johnny and his team have been hard at work, they’re the cream of the crop."
\n
\nBut despite her lack of technical expertise, Pat\'s passion and dedication to her job are undeniable. "I love being able to create campaigns and promotions that connect with people and make them excited about our custard," she says. "It\'s an amazing feeling to know that our marketing efforts are making a real difference."
\n
\nPat’s life outside of work is one that she’s hoping to have some time for now that DCC has gotten off the ground. "I have a pet Parakeet named Linda, and I love spending time with her, but I do think with our launch it might be time to enjoy this great city."
\n
\nWith her creative approach and passion for custard, Pat Conline is helping to make DEFCON Custard and Cream a household name in the dessert industry.
\n
\n"I\'m so grateful for the opportunity to do something I love every day and to have such amazing customers who support me," says Pat. "I can\'t wait to see what the future holds for DEFCON Custard and Cream."
\n​\n\n\''),(1410,'\'Radio Frequency Capture the Flag\'','\'https://forum.defcon.org/node/245222\'','\'https://forum.defcon.org/node/245223\'','','','','','\'\n.. \n\n\"Click\n\n\n
\n
\n..
\nRadio Frequency Capture the Flag
\n
\nOnline and In-person
\nWhere: Radio Frequency Village, Eldorado Ballroom, Flamingo
\nWhen: Village Operating Hours are Friday to Sat 10:00 - 18:00, Sunday 10:00 to
\n14:00
\n
\n
\nTwitter: \n@rf_ctf\n and \n@rfhackers\n
\n​DEFCON Discord: \nhttps://discord.com/channels/7082082...44270976696380\n
\nRF Discord: \nhttps://discordapp.com/invite/JjPQhKy\n
\nWebsite: \nhttp://rfhackers.com\n - play with us
\nGithub: \nhttps://github.com/rfhs\n
\nOfficial Support Ticketing System: \nhttps://github.com/rfhs/rfctf-support/issues\n
\n
\n
\nDo you have what it takes to hack WiFi, Bluetooth, and Software
\nDefined Radio (SDR)?
\n
\nRF Hackers Sanctuary (the group formerly known as Wireless Village) is
\nonce again holding the Radio Frequency Capture the Flag (RFCTF) at DEF
\nCON 31. RFHS runs this game to teach security concepts and to give
\npeople a safe and legal way to practice attacks against new and old
\nwireless technologies.
\n
\n
\nWe cater to both those who are new to radio communications as well as
\nto those who have been playing for a long time. We are looking for
\ninexperienced players on up to the SIGINT secret squirrels to play our
\ngames. The RFCTF can be played with a little knowledge, a pen tester’s
\ndetermination, and $0 to $$$$$ worth of special equipment. Our new
\nvirtual RFCTF can be played completely remotely without needing any
\nspecialized equipment at all, just using your web browser! The key is
\nto read the clues, determine the goal of each challenge, and have fun
\nlearning.
\n
\n
\nThere will be clues everywhere, and we will provide periodic updates
\nvia discord and twitter. Make sure you pay attention to what’s
\nhappening at the RFCTF desk, #rfctf on our discord, on Twitter
\n@rf_ctf, @rfhackers, and the interwebz, etc. If you have a question -
\nASK! We may or may not answer, at our discretion.
\n
\n
\nFOR THE NEW FOLKS
\n
\nOur virtual RFCTF environment is played remotely over ssh or through a
\nweb browser. It may help to have additional tools installed on your
\nlocal machine, but it is not required.
\n
\nRead the presentations at: \nhttps://rfhackers.com/resources\n
\n
\n
\nHybrid Fun
\n
\nFor DEF CON 31 we will be running in “Hybrid” mode. That means we
\nwill have both a physical presence AND the virtual game running
\nsimultaneously. All of the challenges we have perfected in the last 2
\nyears in our virtual game will be up and running, available to anyone
\nall over the world (including at the conference), entirely free. In
\naddition to the virtual challenges, we will also have a large number
\nof “in person” only challenges, which do require valid conference
\nadmission. These “in-person” only challenges will include our
\ntraditional fox hunts, hide and seeks, and king of the hill
\nchallenges. Additionally, we will have many challenges which we
\nsimply haven’t had time or ability to virtualize. Playing only the
\nvirtual game will severely limit the maximum available points which
\nyou can score, therefore don’t expect to place. If you play virtual
\nonly, consider the game an opportunity to learn, practice, hone your
\nskills, and still get on the scoreboard for bragging rights. The
\nvirtual challenges which are available will have the same flags as the
\nin-person challenges, allowing physical attendees the choice of
\nhacking those challenges using either (or both) methods of access.
\n
\n
\nTHE GAME
\n
\nTo score you will need to submit flags which will range from decoding
\ntransmissions in the spectrum, passphrases used to gain access to
\nwireless access points, or even files located on servers. Once you
\ncapture the flag, submit it to the scoreboard right away, if you are
\nconfident it is correct. Flags will be worth less points the more
\noften they are solved. Offense and defense are fully in play by the
\nparticipants, the RFCTF organizers, and the Conference itself. Play
\nnice, and we might also play nice.
\n
\n
\nGetting started guide: \nhttps://github.com/rfhs/rfhs-wiki/wiki\n
\n
\nHelpful files (in-brief, wordlist, resources) can be found at
\n\nhttps://github.com/rfhs/rfctf-files\n
\n
\nSupport tickets may be opened at \nhttps://github.com/rfhs/rfctf-support/issues\n
\n
\nOur whole game is also open source and available at:
\n\nhttps://github.com/rfhs/rfctf-container\n
\n
\n
\nTL;DR
\n
\nTwitter: \n@rf_ctf\n and \n@rfhackers\n
\nDiscord: \nhttps://discordapp.com/invite/JjPQhKy\n
\nWebsite: \nhttp://rfhackers.com\n - play with us
\nGithub: \nhttps://github.com/rfhs\n
\nOfficial Support Ticketing System: \nhttps://github.com/rfhs/rfctf-support/issues\n\n\n\n\n\''),(1411,'\'CMD+CTRL Cyber Range\'','\'https://forum.defcon.org/node/245229\'','\'https://forum.defcon.org/node/245230\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\n
\nCMD+CTRL Cyber Range Showdown
\n
\nFree Play: Starts Thursday at 10 AM and Ends Sunday at 12 PM
\nCompetition: Starts Friday at 10 AM and Ends Sunday at 12 PM
\nLocation: DEF CON Contest Area, Forum Ballroom, In-person
\n
\nCMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps everyone engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.
\n
\nAt DEF CON 31: We will be debuting our latest Cyber Range, ShadowHealth, which focuses on exploiting a modern medical records system. We will also be opening up our platform for free play to those who do not want to commit to the full competition or want to experience some of our previous Ranges. Information below.
\n
\nFind out more and register at:
\n\nhttp://defcon31.cmdnctrl.net/\n​\n\n\''),(1412,'\'Darknet-NG\'','\'https://forum.defcon.org/node/245234\'','\'https://forum.defcon.org/node/245235\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n..
\nDarknet-NG
\nFriday: 10 am - 4:30 pm (Contest shut down overnight)
\nSaturday: 10 am - 4:30 pm (Contest shut down overnight)
\nSunday: 10 am - 12 pm (Contest ends at noon, and contest results to contests by 1 pm)
\nDEF CON Contest Area, Forum Ballroom, in-person
\n
\n\nhttps://twitter.com/DarknetNg\n
\n\nhttps://defcon.social/@DarknetNG\n
\n\nhttps://darknet-ng.network\n
\n
\nDarknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The "Learning Quests" help the agent gather knowledge from all across the other villages at the conference, while the "Challenge Quests" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year\'s challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site \nhttps://darknet-ng.network\n and join our growing Discord Community!​\n\n\''),(1413,'\'DC Kubernetes Capture the Flag (CTF)\'','\'https://forum.defcon.org/node/245244\'','\'https://forum.defcon.org/node/245245\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n
\n
\n..
\nDC Kubernetes Capture the Flag (CTF)
\nFriday: 10:00-18:00
\nSaturday: 10:00-17:00
\nOnline: \nhttps://containersecurityctf.com/\n
\n
\nTwitter @ctfsecurity
\n\nhttps://containersecurityctf.com/\n
\n
\nThe DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.
\n
\nA scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.​\n\n\''),(1414,'\'DC Sticker Design Contest\'','\'https://forum.defcon.org/node/245249\'','\'https://forum.defcon.org/node/245250\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n..
\nDC Sticker Design Contest
\nOnlline Pre-Con
\n\n@InfosecStickers(@twitter)\n, @\nstickers@defcon.social\n
\n
\n
\nAncient warriors used tattoos as a means of indicating rank in battle; it was the sort of mark that told the tales of their various conquests - their struggles and triumphs. Similarly, traversing the halls of DEF CON, one can see more modern versions manifesting as stickers - especially on laptops and other electronic equipment.
\n
\nWe use stickers to break the ice with strangers, as a barter currency, to tell the tales of our struggles and triumphs. After all, is a hacker really a hacker without a laptop adorned with these markings?
\n
\nHere\'s your chance to be part of hacker culture, by creating something that people around the world will treasure and proudly display. Submit original artwork in the theme of the con, that you believe best exemplifies hacker culture, that will be used as printed stickers.
\n
\n
\nOn your marks... Make your mark.​\n\n\''),(1415,'\'Pub Quiz at DEF CON\'','\'https://forum.defcon.org/node/245252\'','\'https://forum.defcon.org/node/245253\'','','','','','\'\n..
\n..
\nPub Quiz at DEF CON
\nFriday: 18:00-21:30
\nLocation: Caesars Forum - Forum - 121-123, 129, 137 - Chillout​
\n
\nDo you like Pub Quiz please join us in participating in the first ever Pub Quiz at DEF CON. Quiz will consist of 7 rounds from Question from 90s TV shows, Movies, and DEF CON questions. The quiz will be theme will be all things DEF CON. There will be visual and audio rounds so not just boring questions. People will group into teams of 5 and a cash prize will be provided for 1st, 2nd, and 3rd high scoring groups. Ties will be broken by a dance off from a person of the tied teams.
\n
\n1st Prize $1,000
\n2nd Prize $300
\n3rd Prize $200​
\n
\nAuthoritative answers about this can be provided by \nfrost69\n\n\n\''),(1416,'\'DEF CON Scavenger Hunt\'','\'https://forum.defcon.org/node/245255\'','\'https://forum.defcon.org/node/245256\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n
\n..
\nDEF CON Scavenger Hunt
\nFriday: 10:00 - 18:00
\nSaturday: 10:00 - 18:00
\nSunday: 10:00 to 12:00
\nDEF CON Contest Area, Forum Ballroom​
\n
\nDEF CON Discord: \nhttps://discord.com/channels/7082082...49278163779605\n
\nTwitter: \n@defconscavhunt\n
\n
\nAre you tired of being an NPC, mindlessly standing in line at a hacker con? Do you want to be involved and improve the hacker community? The DEF CON Scavenger Hunt is here to encourage you to interact with goons and attendees alike; to be an active participant of DEF CON itself.
\n
\nCome visit the DEF CON Scavenger Hunt table in the contest area and get a list, register your team of 1 to 5 players, and gather or accomplish as many items from the list as you can. Items are submitted at the table, better than average submissions shall be awarded bonus points. The team who turns in the most points by Sunday at noon will win the admiration of your like-minded peers.
\n
\nThe DEF CON Scavenger Hunt is one of the longest running contests at DEF CON, visit \nhttps://defconscavhunt.com\n for a history lesson.
\n
\nIf you capture pictures or video of items from our list, or have in the past, please send them to us via email \nscavlist@gmail.com\n.​
\n..\n\n\''),(1417,'\'DC’s Next Top Threat Model (DCNTTM)\'','\'https://forum.defcon.org/node/245261\'','\'https://forum.defcon.org/node/245262\'','','','','','\'\n..
\n..
\nDC’s Next Top Threat Model (DCNTTM)
\nFriday: 10:00-18:00
\nSaturday: 10:00-18:00
\nDEF CON Contest Area, Forum Ballroom | Hybrid |
\n
\nTwitter: \n@ThreatModelUs\n
\n
\nThreat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.
\n
\nAs part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).​\n\n\n\n\''),(1418,'\'Ham Radio Fox Hunting Contest\'','\'https://forum.defcon.org/node/245265\'','\'https://forum.defcon.org/node/245266\'','','','','','\'\n..
\n..
\nHam Radio Fox Hunting Contest
\nFriday 10:00 - 18:00
\nSaturday 10:00 - 18:00
\nSunday 10:00 - 12:00
\nDEF CON Contest Area, Forum Ballroom​
\n
\ndefcon31foxhunt.com
\nDEF CON Discord: \nhttps://discord.com/channels/7082082...45275902574633\n
\nTwitter \n@Evil_mog\n (yolo)
\n
\nIn the world of amateur radio, groups of hams will often put
\ntogether a transmitter hunt (also called "fox hunting") in order to
\nhone their radio direction finding skills to locate one or more hidden
\nradio transmitters broadcasting. The Defcon Fox Hunt will require
\nparticipants to locate a number of hidden radio transmitters
\nbroadcasting at very low power which are hidden throughout the
\nconference. Each transmitter will provide a clue or code which
\nwill prove the player found the fox transmitter. A map
\nwith rough search areas will be given to participants to guide them on
\ntheir hunt. Additional hints and tips will be provided throughout
\nDefcon at the contest table to help people who find themselves stuck.
\nA small prize to be determined will be given to each participant who
\nlocates all of the foxes each day.
\n
\nExpanded this year with increased difficulty each day.
\nFriday: Foxes in a small area, non moving
\nSaturday: Foxes in a larger area, with one moving.
\nSunday: Foxes are on the move. The hunt is on!
\n
\nThere will also be a beginner friendly, no radio required, Infrared
\nLED Fox Hunt running everyday which participants can use their cameras
\non their phones to find!​\n\n\''),(1419,'\'DEFCON MUD DUMB TERMINAL EDITION\'','\'https://forum.defcon.org/node/245270\'','\'https://forum.defcon.org/node/245271\'','','','','','\'\n..
\n..
\nDEFCON MUD DUMB TERMINAL EDITION
\nFriday 10:00 - 18:00
\nSaturday 10:00 - 18:00
\nSunday 10:00 - 12:00
\nDEF CON Contest Area, Forum Ballroom​
\n
\nDEF CON Discord: \nhttps://discord.com/channels/7082082...07998796480590\n
\n
\nThe DEFCON MUD is back, this time you can only access it over dumb terminals or serial terminals hosted by the DEFCON SCAV Hunt. Flags will be hosted inside the mud, good luck, have fun, and oh yes the game has exploits, can you find them all?​\n\n\''),(1420,'\'Dungeons@Defcon\'','\'https://forum.defcon.org/node/245277\'','\'https://forum.defcon.org/node/245278\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n
\n
\n..
\nDungeons@Defcon
\nFriday 10:00 - 18:00
\nSaturday 10:00 - 18:00
\nDEF CON Contest Area, Forum Ballroom​
\n
\n\nhttp://www.dungeonsatdefcon.com/\n
\n
\nD@D is a table-top/RPG themed puzzling campaign for teams of 1-4 players. As part of the campaign, teams will unravel crypto challenges, solve physical puzzles, and do other side-quests that will have them interacting with different components of the Defcon community (villages, goons, NPCs, local wildlife, trolls, etc.) to earn points and progress through a narrative. The theme changes each year, but typically is based loosely on a popular table-top game that fits the theme for Defcon. Teams learn how to work cooperatively to solve large puzzles, and learn how to solve puzzles that they may have seen in CTFs, escape rooms, or other puzzle venues. The contest is designed to be accessible to all technical levels and all ages.
\n
\nPre-registration will occur online the week before con (announced via Twitter) as well as Friday morning at 10 in person, first come first served until we have enough teams filled. Contest will start at 12:00 on Friday​\n\n\''),(1421,'\'Battle of the Bots\'','\'https://forum.defcon.org/node/245282\'','\'https://forum.defcon.org/node/245283\'','','','','','\'\n..
\n..
\nBattle of the Bots
\nFriday 10:00 - 18:00
\nSaturday 10:00 - 18:00
\nSunday 10:00 - 12:00
\nDEF CON Contest Area, Forum Ballroom​
\n
\nBattle of The Bots presents a new twist on traditional “King-of-The-Hill” style Capture the Flag events by incorporating exploit development, vulnerability analysis, reverse engineering and software development in the form of developing computer worms aka “bots”. BOTBs requires competitors to develop proof-of-concept exploits against varying misconfigured or vulnerable network services. To maximize points scored, the competitor’s bot must automatically scan and compromise network services in the competition environment autonomously. Services that are harder to exploit (ex: requiring memory corruption exploits opposed to misconfigured databases) will result in a higher point score for the competitor.
\n
\nThe vulnerable network services will include real world vulnerable services where a competitor can adopt off the shelf proof-of-concepts vulnerabilities from an offensive security resource (ex: Metasploit Framework, exploit-db, packetstorm, etc…) into their bot to achieve access to said vulnerable services. Additionally, custom built vulnerable services informed by OWASP Top 10 security bugs as well as CVEs will influence challenge development resulting in a competitor to have the experience of reverse engineering new applications to identify vulnerabilities based on historically significant pain points in Software Engineering as well as infamous historical CVEs. Battle of The Bots will give competitors of all skill levels an opportunity to develop proof-of-concept exploits. Network services will be developed in a variety of compiled and interpreted languages with varying associated vulnerabilities and points. The variety of languages will provide opportunities for those less experienced with reverse engineering to analyze vulnerable Python code to find hidden API endpoints that lead to shell execution for example, rather than reverse engineer compiled binaries.
\n
\nFinally, the BOTBs team will be capturing network traffic from the competition environment to later be shared with the wider community. The BOTBs team believes that this unique dataset of network service attacks can act as a unique resource for academic researchers, SOC analysts assessing their defenses and training events where having attack data for SIEM analysis. The data will be released under the Apache 2.0 License and hosted publicly on a yet to be determined platform.​\n\n\''),(1422,'\'Capture the Packet\'','\'https://forum.defcon.org/node/245287\'','\'https://forum.defcon.org/node/245288\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\nCapture the Packet
\nFriday: 09:00-14:00
\nSaturday: 09:00-14:00
\nSunday: 09:00 - 13:00
\nForum, Packet Hacking Village, Academy 413
\n
\nWebsites:
\n\nhttps://www.capturethepacket.com\n
\n\nhttps://www.ariessecurity.com\n
\n
\nDEFCON Discord: \nhttps://discord.com/channels/7082082...43512625430529\n
\nTwitter: \n@capturetp\n \n@wallofsheep\n
\n
\nThe time for those of hardened mettle is drawing near; are you prepared to battle? Compete in the world’s most challenging cyber defense competition, based on the Aries Security Cyber Range. In order to triumph over your competitors, contestants must be well rounded like the samurai. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth.
\n
\nThis year those brave enough to enter the labyrinth will witness never before seen terrors, and only the best prepared and battle hardened will manage to escape the crucible. Follow us on Twitter or Facebook to get notifications for dates and times when your team will compete, as well as what prizes will be awarded.​\n\n\''),(1423,'\'HardWired\'','\'https://forum.defcon.org/node/245293\'','\'https://forum.defcon.org/node/245294\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\nHardWired
\n
\nFriday: 09:00-14:00
\nSaturday: 09:00-14:00
\nSunday: 09:00 - 13:00
\nForum, Packet Hacking Village, Academy 413, in-person
\n
\nWebsites:
\n\nhttps://www.capturethepacket.com\n
\n\nhttps://www.ariessecurity.com\n
\n
\nDEFCON Discord: \nhttps://discord.com/channels/708208267699945503/\n
\nTwitter: \n@capturetp\n \n@wallofsheep\n
\n
\nHave you ever built a hardwired network? It sounds simple. Follow the cabling diagram, use the crimpers, and voila. But we’ve added a twist: this is cable construction on the clock. Whether you’re a seasoned pro or a complete newbie, we provide all the tools necessary for you to hone your skills and race against time to create and test a working cable. Come play HardWired and show us what you’ve got!​\n\n\''),(1424,'\'CrackMeIfYouCan\'','\'https://forum.defcon.org/node/245299\'','\'https://forum.defcon.org/node/245300\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n
\n..
\nCrackMeIfYouCan
\nFriday 10:00 - 18:00
\nSaturday 10:00 - 18:00
\nSunday 10:00 - 12:00
\nDEF CON Contest Area, Forum Ballroom​
\n
\n
\n\nhttps://contest.korelogic.com/\n
\nDEF CON Discord: \nhttps://discord.com/channels/7082082...44827053457478\n
\n
\n
\nThe premiere password cracking contest "CrackMeIfYouCan" is back again.
\nPasswords so two-thousand and late. Remember, remember, the cracks of
\nNovember.
\n
\nWe\'re preparing hashes from easy to hard, so there\'ll be something for
\nyou if you want to compete casually as a Street team, or go all out in
\nPro.
\n
\nWhere we\'re going, we don\'t need roads. Purely a penchant for puzzles,
\nperhaps a plethora of processors.
\n
\nCheck out past years\' contests at \nhttps://contest.korelogic.com/\n , and
\nthe Password Village at \nhttps://passwordvillage.org/\n​\n\n\''),(1425,'\'Embedded CTF\'','\'https://forum.defcon.org/node/245307\'','\'https://forum.defcon.org/node/245308\'','','','','','\'\n..
\n..
\nEmbedded CTF
\nFriday: 0900 - 1800
\nSaturday: 0900 -1800
\nSunday: 0900 -1400
\nEmbedded Systems Village, Reno 2, Flamingo | in-person
\n
\nTwitter: \n@EmbeddedVillage\n
\n
\nEmbedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular use case and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective.
\n
\nThe Embedded CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices\' inner workings and understand their design\'s security implications.
\nNew devices will be dramatically introduced at set intervals throughout the competition, and point values will decrease over time. This keeps contestants guessing and on their toes, forcing them to adapt and use their skills to tackle new challenges. It also offers a chance to learn about different types of devices and how they function, broadening participants\' knowledge and experience.
\n
\nBy participating in the contest, teams of up to 6 contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills.
\nWith the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous. Whether you\'re a seasoned security professional or just starting in the field, this contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.​\n\n\n\n\''),(1426,'\'Hac-Man\'','\'https://forum.defcon.org/node/245312\'','\'https://forum.defcon.org/node/245313\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n..
\nHac-Man
\nBegins: Thursday Aug 10th at 08:00
\nEnds: Sunday Aug 13th at 12:00
\n
\nDEF CON Contest Area, Forum Ballroom |Hybrid
\nContest area does not open until Friday at 10:00.
\n
\n\nhttps://hacman.roguesignal.io/\n
\nTwitter: \n@Hac__Man\n
\n
\nHac-Man is a hacker skills challenge, themed after the classic arcade game "Pac-Man". Navigate your avatar through the maze, completing skills challenges in many different skills categories such as Ciphers and Codes, Reverse Engineering, Packet Analysis, Scavenger Hunt, Trivia, and Lock-picking. Can you make it to the end of the maze, or better yet, top the Leaderboard?​\n\n\n\n\''),(1427,'\'Hack-A-Sat 4 (HAS4)\'','\'https://forum.defcon.org/node/245316\'','\'https://forum.defcon.org/node/245317\'','','','','','\'\n..
\n..
\nHack-A-Sat 4 (HAS4)
\nFriday: 10:00 – 18:00 (active game hours)
\nSaturday: 10:00 – 18:00 (active game hours)
\nSunday: 12:00 – 1:30 (HAS4 closing ceremony in Aerospace Village)
\nDEF CON Contest Area, Forum Ballroom​
\n
\nThe Department of the Air Force, in collaboration with the security research community, is hosting Hack-A-Sat 4 – the world’s first CTF in space. Hack-A-Sat 4 aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Hack-A-Sat 4 will be the first CTF hosted on an on-orbit satellite, called Moonlighter. The satellite has been designed and built to advance the security research community’s skills and knowledge of on-orbit space systems. Note: HAS4 is no longer open to new contestants as the qualifying event took place in April. Attendees stopping by the HAS4 contest area will be able to learn about the history of Hack-A-Sat, Moonlighter and this year’s challenges. The area will have live scoreboards, dashboards and visualizations relaying game status, and live commentary will be provided from the adjacent Aerospace Village throughout the weekend.
\n
\nHAS4 Qualifications were held April 1-2, 2023.
\nResults here: \nhttps://quals.2023.hackasat.com/scoreboard/complete\n​\n\n\''),(1428,'\'Hacker Jeopardy\'','\'https://forum.defcon.org/node/245321\'','\'https://forum.defcon.org/node/245322\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\nHacker Jeopardy
\nFriday: 20:00-22:00
\nSaturday: 20:00-22:00​
\nDEF CON Contest Area, Forum Room 232
\n
\nLintile:
\nHiya, ChatGPT, are you aware of the annual contest called Hacker Jeopardy at DEF CON? When is it?
\n
\nChatGPT:
\nYes, Hacker Jeopardy is a popular event at DEF CON. It\'s a parody of the television game show "Jeopardy!" but with a twist. Instead of general knowledge, the questions (or "answers," in Jeopardy style) are focused on hacker culture, computer security, technology, and similar topics. The game consists of two preliminary rounds on Friday, and a final round on Saturday. Both shows start at 2000 Las Vegas time. Just like in the original game show, there are DFIU Doubles and a Final Hacker Jeopardy round.
\n
\nOne unique aspect of Hacker Jeopardy that distinguishes it from the TV show is the incorporation of ADULT HUMOR, vulgarity, innuendo, and beer into the game. Please remember, my knowledge is current only up to September 2021, and if there have been any significant changes to Hacker Jeopardy after that, I would not be aware of them.
\n
\nLintile:
\nWhat\'s the catch phrase of Hacker Jeopardy?
\n
\nChatGPT:
\nThe catch phrase of Hacker Jeopardy is "Drink while you think". This refers to the unique element of the game where contestants are encouraged to drink beer while they are attempting to come up with the correct response to the clues.
\n
\nLintile:
\nThat\'s not correct. The acronym of the catch phrase is DFIU.
\n
\nChatGPT:
\nI apologize for the oversight. The catchphrase for Hacker Jeopardy at DEF CON is "Don\'t Forget It\'s UNIX" (DFIU), which is used humorously due to the historically significant role of Unix-based systems in hacking and network security. This phrase is often used to remind participants of the roots of many computer systems and infrastructures. I appreciate your patience and your correct information.
\n
\nNote:
\nthat this is an ADULT show with vulgarities and alcohol consumption, but if that doesn’t bother you, come enjoy one of the largest contests at DEF CON that you really need to see to believe! And as always, DFIU!
\n.. \n\n\"Click\n\n\n
\n
\n..
\n\n\n\''),(1429,'\'HackFortress\'','\'https://forum.defcon.org/node/245332\'','\'https://forum.defcon.org/node/245333\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n
\n..
\nHackFortress
\nFriday: 10:00 - 18:00 open play
\nSaturday: 10:00 - 18:00 contest hours
\nDEF CON Contest Area, Forum Ballroom​
\n
\n\nhackfortress.net\n
\nDEF CON Discord: \nhttps://discord.com/channels/7082082...43831275225125\n
\nTwitter: \n@tf2shmoo\n
\n
\nHackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.​\n\n\''),(1430,'\'Hardware Hacking Village CTF\'','\'https://forum.defcon.org/node/245343\'','\'https://forum.defcon.org/node/245344\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n..
\nHardware Hacking Village CTF
\nFriday: 10:00 - 18:00
\nSaturday: 10:00 - 18:00
\nHardware Hacking Village, Forum, 318 | in-person
\nTwitter: \n@dc_hhv\n
\n
\nHeat up your soldering iron and freshen the batteries in your multimeter! The Hardware Hacking Village (HHV) is hosting their first official DEF CON Capture the Flag (CTF). This is a jeopardy style CTF, designed to challenge participants in various aspects of hardware hacking. Whether you\'re new to hardware hacking or experienced and just looking for something to do while you wait for your fault injection to trigger, all are welcome and challenges range from beginner to advanced.​\n\n\n\n\''),(1431,'\'IoT Village CTF\'','\'https://forum.defcon.org/node/245348\'','\'https://forum.defcon.org/node/245349\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n..
\nIoT Village CTF
\nFriday: 10:00 - 18:00
\nSaturday: 10:00 - 18:00
\nSunday : 10:00 - 14:00
\n
\nIOT Village, Forum | \nhttps://scoreboard.iotvillage.org/\n
\nDEF CON Discord: \nhttps://discord.com/channels/7082082...44307597164665\n
\n
\nHosted in IoT Village, teams of 1-6 players compete against one another by exploiting off-the-shelf IoT devices. This has been completely redesigned from previous contests, and features real-world devices that all have real-world vulnerabilities with real-world impacts.
\n
\nThis CTF is open to anyone! It is approachable for entry level people to experience getting their first root shell on IoT, but to really advance in this CTF teams will need to perform detailed vulnerability research, hardware hacking, firmware analysis, reverse engineering, and limited exploit development.
\n
\nCTFs are a great experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around! So, join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.​\n\n\n\n\''),(1432,'\'It\'s In That Place Where I Put That Thing That Time\'','\'https://forum.defcon.org/node/245355\'','\'https://forum.defcon.org/node/245356\'','','','','','\'\n..
\n..
\nIt\'s in That Place Where I Put That Thing That Time
\n
\nFriday: 1000 PDT (GMT -7) - Saturday: 1800 PDT (GMT -7)
\n
\nYour friend called. They had their place raided. They swear it\'s a setup. But now they\'re in jail and you\'re the only hope they have. Can you collect the evidence that will let them walk free? Where should you look? The evidence is everywhere, and it could be anywhere. You might be sitting on it. You might be standing near it. It might be stuck to something. It might be lying in plain sight. Find the disks and bring them to us. All they said to you before they hung up was "It\'s in that place where I put that thing that time." Good luck.
\n
\nTwitter: @\niitpwiptttt\n
\n..\n\n\''),(1433,'\'Maps of the digital lands\'','\'https://forum.defcon.org/node/245357\'','\'https://forum.defcon.org/node/245358\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n
\n..
\nMaps of the digital lands
\n
\nFriday: 10:00 -18:00
\nSaturday: 10:00 -18:00
\nSunday: 10:00-12:00
\nDEF CON Contest Area, Forum Ballroom | In-Person
\n
\n\nhttps://alienvualt.com/\n
\nBooking CTF slots at \nhttps://alienvualt.com/ctf\n
\n
\nMaps of the Digital Lands is an all-ages contest that challenges participants to merge their artistic talents with their technical expertise. Contestants will be provided with a diverse array of written business designs and must hand-draw a network diagram illustrating the structure and interconnectivity of each business\'s infrastructure. Judging will be based on accuracy, adherence to best practices, and artistic prowess. In addition, a captivating Capture the Flag scenario will be available for extra points, employing a digital tool to elevate the challenge. Participants of all skill levels are encouraged to join this immersive experience, compete for assorted prizes, and showcase their unique ability to blend artistry with network engineering excellence. Network engineering is a crucial yet frequently overlooked aspect of hacking, forming the backbone of a secure and efficient cyber ecosystem. By honing their network engineering skills, participants can elevate their abilities beyond mere script kiddie status, gaining a comprehensive understanding of system vulnerabilities and strengthening their overall hacking prowess.​
\n
\nA forum user that is an organizer for this that is known is \nthetoolman\n : anyone else claiming to be an organizer with "answers" may not be affiliated with this.\n\n\''),(1434,'\'pTFS Presents: Mayhem Industries – Starphish\'','\'https://forum.defcon.org/node/245367\'','\'https://forum.defcon.org/node/245368\'','','','','','\'\n..
\n..
\npTFS Presents: Mayhem Industries – Starphish
\nFriday 10:00 - 18:00
\nSaturday 10:00 - 18:00
\nSunday 10:00 - 12:00
\nDEF CON Contest Area, Forum Ballroom​
\nDEF CON Contest Area, Forum Ballroom
\n
\n\nhttps://ptfs.team/dc31\n
\n.. \n\n\n\"Click\n\n\n\n
\n
\n..​
\n
\nDo you have what it takes to go up against Mayhem Industries\' latest maleficent project? Starphish Ltd. is up to no good in that way that only corporations can be. They\'ve got five Divisions, which means you\'ve got five opportunities to shut them down!
\n
\nIt won\'t be easy. You\'ll be directing a team of infiltrators through increasingly difficult challenges. What sort of challenges? Depends on the Division. Engineering is full of crunchy hacking challenges. HR\'s got the goods on social engineering. Finance\'ll be data processing the whole way.
\n
\nAnd the C-suite? Most dangerous of all… We\'ve never been able to get an operative inside, so they could be anything. We\'re counting on you.
\n
\n.. \n\"\"\n\n
\n..
\n
\nStarphish is a fun and interactive jeopardy style CTF contest. Don\'t worry if you don\'t know what that means. Winning will require demonstrating a wide range of hacking skills, but participating is encouraged for all ability levels. Challenges range from simple puzzles, to challenging crypto problems, to truly phishy hijinks.
\n
\npTFS is a hacker collective that has been competing in various DEF CON contests for almost 15 years.​\n\n\''),(1435,'\'Red Alert ICS CTF\'','\'https://forum.defcon.org/node/245372\'','\'https://forum.defcon.org/node/245373\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n..
\nRed Alert ICS CTF
\nFriday: 12:00 - 17:00
\nSaturday: 10:00 - 17:00
\nSunday: 10:00 - 12:00
\nDEF CON Contest Area, Forum Ballroom |in-person
\n
\n\nhttps://twitter.com/icsctf\n
\n
\nRed Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.
\n
\nThe contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.
\n
\nRed Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 30, DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).
\n
\nHighlights of the previous Red Alert ICS CTF is available at: \nhttps://www.youtube.com/watch?v=dz7hNnavHaY\n and \nhttps://youtu.be/AanKdrrQ0u0\n |
\n\n\n\n\n\''),(1436,'\'Red Team CTF\'','\'https://forum.defcon.org/node/245378\'','\'https://forum.defcon.org/node/245379\'','','','','','\'\n..
\n..
\nRed Team CTF
\nFriday: 10:00 - 17:00
\nSaturday: 10:00 - 17:00
\nSunday: 10:00 - 12:00
\n
\nDEF CON Contest Area, Forum Ballroom | Hybrid
\n
\n\nhttps://threatsims.com/redteam-2023.html.\n
\n
\nThe Red Team Capture the Flag (CTF) competition at DEF CON is a challenging and exciting event that tests the skills of participants in offensive security. The objective of the Red Team CTF is for teams to successfully breach the security of a simulated target network.
\n
\nThe Red Team CTF is designed to simulate real-world scenarios in which attackers attempt to penetrate the security of a network or system. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities in the target network.
\n
\nTeams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities in the target network, while also evading detection and countermeasures put in place by the Blue Team.
\n
\nThe Red Team CTF at DEF CON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants\' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.​\n\n\n\n\''),(1437,'\'Social Engineering Community (SEC) Vishing Competition\'','\'https://forum.defcon.org/node/245383\'','\'https://forum.defcon.org/node/245384\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\nSocial Engineering Community Vishing Competition (SECVC)
\n
\nHours:
\nFriday 0830 - 1800
\n
\nLocation:
\nSocial Engineering Community Village (LINQ Hotel, 3rd floor, room Social A)
\n
\nDescription:
\nIn this competition (#SECVC), teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies. Teams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team has limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!
\n
\n2023 judges: Corgi, FC aka freakyclown, and Snow
\n2023 coaches: Ibetika, JC, C_3PJoe, and Split Beans (last year\'s SECVC winners: Jenn, Matt, and Sean)
\n
\nThis competition takes place on Friday in the Social Engineering Community village, be sure to get there early to get a seat; they fill up fast! Additionally, at the end of Friday, join Snow as she covers the behind the scenes of creating the SECVC, this year\'s lessons learned, team highlights, and tips for future competitors!
\n
\nWebsite: \nhttps://www.se.community/vishing-competition/\n​
\nTwitter: @\nsec_defcon​\n\n\n\''),(1438,'\'Social Engineering Community (SEC) Youth Challenge\'','\'https://forum.defcon.org/node/245387\'','\'https://forum.defcon.org/node/245388\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n
\n
\n
\n
\n..
\nSocial Engineering Community (SEC) Youth Challenge
\n
\nHours:
\nFriday 0830 - 1730
\nSaturday 0830 - 1730
\nSunday 1000 - 1100
\n
\nLocation:
\nIn the Social Engineering Community Village (LINQ Hotel - room Social A)
\n
\nDescription:
\nGreat Scott! The Social Engineering Community needs your help to fix a disrupted timeline! We need brave and creative minds for our Youth Challenge to help us solve a series of challenges that will lead to the grand solution.
\n
\nAre you up for the challenge? As my trusty assistant, you\'ll be tasked with using your problem-solving skills and ingenuity to tackle each challenge, which may range from decoding messages to hacking systems. With each successful challenge, we\'ll be one step closer to restoring the timeline and preventing disastrous consequences!
\n
\nThis is no ordinary journey! Along the way, you\'ll have the opportunity to learn valuable skills in cryptography, social engineering, network security, and more. You\'ll need to stay sharp and think on your feet to overcome unexpected obstacles.
\n
\nSo, grab your flux capacitor and join me on this thrilling adventure! Together, we can fix the disrupted timeline and save the future. Are you ready to take on this challenge, my friend? Let\'s go back to the future!
\n
\nWebsite: \nhttps://www.se.community/youth-challenge/\n
\nTwitter: @\n​sec_defcon​\n
\n
\n..
\n
\n​
\n​\n\n\''),(1439,'\'TeleChallenge\'','\'https://forum.defcon.org/node/245391\'','\'https://forum.defcon.org/node/245392\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n
\n..
\nTeleChallenge
\nFriday 10:00 - 18:00
\nSaturday 10:00 - 18:00
\nSunday 10:00 - 12:00
\nDEF CON Contest Area, Forum Ballroom​
\n
\n\nhttps://www.telechallenge.org\n
\nDEF CON Discord: \nhttps://discord.com/channels/7082082...44470063399012\n
\nTwitter: \n@telechallenge\n (we also expect to use @\ntelechallenge@defcon.social\n)
\n
\nThe TeleChallenge is a fast-paced, fully immersive, and epic battle of wits and skill. The highest level of commitment is required, and this is one of the hardest contests in the world to win, but you don\'t need any special technical skills to play: just a touch-tone phone. And remember: the best way to ascend into the Phoniverse is to get others involved in the TeleChallenge opportunity, so bring a team!​\n\n\''),(1440,'\'The Beverage Cooling Contraption Contest\'','\'https://forum.defcon.org/node/245397\'','\'https://forum.defcon.org/node/245398\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n..
\nThe Beverage Cooling Contraption Contest
\nFriday: 11:00 - 14:00
\nDEF CON Contest Area, Forum Ballroom | in-person
\n
\nI don\'t know my gender non-specific guys. It\'s not funny anymore. We can\'t stop talking about a cheeto for paying hush money to a busty tortilla chip. Winny Pooh is presatator for life with a hunger for those sweet sweet chips. Off brand doctor evil is threatening to nuke the world on the weekly. And in the plot twist of the year BiBi is going fascist. I keep expecting ol\'e Joe to bust out the force lightning and tell me to "give in to my hate". WELL TOO LATE! This year we are going to have a change of pace. I\'m going to drink all the beverage! Lord knows I could use it. I\'m kidding of course, I\'m terribly allergic to hops. It\'s the greatest irony of all, I can\'t drink any of the beverage. But our spectators can! And they want that beverage to be COLD! So I need you to help me satisfy their thirst. Their thirst for escape from this mad world.
\n​\n\n\n\n\''),(1441,'\'The Dark Tangent Look-Alike Contest\'','\'https://forum.defcon.org/node/245402\'','\'https://forum.defcon.org/node/245403\'','','','','','\'\n..
\n..
\nThe Dark Tangent Look-Alike Contest
\nFriday 10:00 - 18:00
\nSaturday 10:00 - 18:00
\nSunday 10:00 - 12:00
\nDEF CON Contest Area, Forum Ballroom​
\n
\nThe Dark Tangent Look A-like Contest is a creative opportunity for DEF CON attendees to put their non-technical hacking skills to the test. As a contestant in The Dark Tangent Look A-like Contest, you will be judged based on your appearance, mannerisms, efforts, and overall persuasiveness. Can you assume another identity? Can you look, walk, talk, and act like Dark Tangent? Can you become THE DARK TANGENT?​\n\n\''),(1442,'\'The Gold Bug Challenge\'','\'https://forum.defcon.org/node/245407\'','\'https://forum.defcon.org/node/245408\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\nThe Gold Bug Challenge
\nFriday: 10:00 – 18:00
\nSaturday: 10:00 – 18:00
\nSunday: 10:00 – 12:00
\nContest Area, Forum Ballroom | Hybrid
\n​
\n
\n\nhttps://goldbug.cryptovillage.org/\n
\nDEF CON Discord: \nhttps://discord.com/channels/7082082...44108837486602\n
\nTwitter: \n@CryptoVillage\n
\n
\nLove puzzles? Need a place to exercise your classical and modern
\ncryptography skills? This puzzle will keep you intrigued and busy
\nthroughout Defcon - and questioning how deep the layers of
\ncryptography go.
\n
\nThe Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!
\n
\n:‡?( 8*;(: .‡6*; 6) 5; 3‡0†2?3 †‡; -(:.;‡¶600538 †‡; ‡(3​\n\n\''),(1443,'\'The Lonely Hard Drive\'','\'https://forum.defcon.org/node/245413\'','\'https://forum.defcon.org/node/245414\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n..
\nThe Lonely Hard Drive
\nFriday 10:00 - 18:00
\nSaturday 10:00 - 18:00
\nSunday 10:00 - 12:00​
\nDEF CON Contest Area, Forum Ballroom
\n
\nAre you looking for a good time? Are you trying to get lucky? Did you already get lucky by finding a Lonely Hard Drive in Vegas? Satisfy your curiosity by visiting the contest hall to get started or encounter one of the Lonely Hard Drives hidden around the conference! Contained within is a maze of puzzles and challenges that increase in difficulty the further you progress. There are flags to find and points to earn towards the leaderboard to win prizes at DEF CON 31! Act now! Limited time offer! The Lonely Hard Drive is waiting for you!
\n
\nWeb: \nhttps://www.dc207.org/the-lonely-hard-drive\n​
\nTwitter: \n@LonelyHardDrive\n
\nForum users that can comment on details: \nburninator\n and \nKrawr\n and \nFragileduck\n .\n\n\''),(1444,'\'Tinfoil Hat Contest\'','\'https://forum.defcon.org/node/245419\'','\'https://forum.defcon.org/node/245420\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\nTinfoil Hat Contest
\nFriday: 10:00-18:00
\nSaturday: 10:00-18:00
\nDEF CON Contest Area, Forum Ballroom​
\nDEF CON Contest Area, Forum Ballroom
\n
\nTwitter: \n@DC_Tin_Foil_Hat\n
\n
\nWant to block those pesky 5G microchips coursing through your vaccinated body? Did you anger our new AI overlords, and need to hide? Or do those alien mind control rays just have you down lately? Fear not, for we here at the Tin Foil Hat contest have your back for all of these! Come find us in the contest area, and we\'ll have you build a tin foil hat which is guaranteed to provide top quality protection for your noggin. How you ask? SCIENCE!
\n
\nShow us your skills by building a tin foil hat to shield your subversive thoughts, then test it out for effectiveness.
\n
\nThere are 2 categories: stock and unlimited. The hat in each category that causes the most signal attenuation will receive the "Substance" award for that category. We all know that hacker culture is all about looking good, though, so a single winner will be selected from each category for "Style".​\n\n\''),(1445,'\'TOOOL Dozier Drill Lockpicking Challenge\'','\'https://forum.defcon.org/node/245424\'','\'https://forum.defcon.org/node/245425\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n
\n..
\nTOOOL Dozier Drill Lockpicking Challenge
\nSaturday: 12:00-15:00
\nLock Picking Village, The Bloq, Linq, in-person
\n
\nTwitter: \n@toool\n
\n
\nHave you ever wanted to break out of handcuffs, pick open a closed bag and shoot your buddy in the chest with a nerf gun? So have we, that\'s why TOOOL presents the Dozer Drill. A fast paced skill based game where you have to free yourself from handcuffs, open a closed bag, and retrieve the nerf gun to be the first to hit the target. Join us Friday for qualifier games, and on Saturday for an official bracket tournament.
\n\n\n\''),(1446,'\'venator aurum - A Treasure Hunt\'','\'https://forum.defcon.org/node/245428\'','\'https://forum.defcon.org/node/245429\'','','','','','\'\n.. \n\n\"Click\n\n\n
\n
\n..
\nvenator aurum - A Treasure Hunt
\nFriday 10:00 - 18:00
\nSaturday 10:00 - 18:00
\nSunday 10:00 - 12:00
\nDEF CON Contest Area, Forum Ballroom​
\nWebsite: \nhttps://venatoraurum.org/\n
\n
\nThrough interfacing with reality you are defining that reality. Rethink your senses and test your limits. Solve the five layers and discover a hidden treasure. Each layer yields its own reward, but few will make it to the end of the hunt. For each of your senses, you will need to set aside preconceptions and look to the underlying patterns within the data.​\n\n\''),(1447,'\'Whose Slide Is It Anyway?\'','\'https://forum.defcon.org/node/245434\'','\'https://forum.defcon.org/node/245435\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\nWhose Slide Is It Anyway?
\nFriday: 2200 – 2359
\nDEF CON Contest Area, Forum room 232, in-person
\n
\n\nhttps://www.improvhacker.com/\n
\nDEF CON Discord: \nhttps://discord.com/channels/7082082...44337942822925\n
\n
\n“Whose Slide Is It Anyway?”” is an unholy union of improv comedy, hacking and slide deck sado-masochism.
\n
\nOur team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.
\n
\nBut....why?
\nWhether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family.​​\n\n\''),(1448,'\'Hack3r Runw@y\'','\'https://forum.defcon.org/node/245437\'','\'https://forum.defcon.org/node/245438\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n
\n
\n
\n..
\nHack3r Runw@y
\nFriday: 14:00 - 16:00
\nSaturday: Signup to walk the Contest Stage/Runway. Hours to be announced.
\nSaturday: Contestants take the stage - Time to be announced.
\nDEF CON Contest Area, Forum Ballroom | in-person​
\n
\n\nhttps://hack3rrunway.github.io\n
\nDEF CON Discord: \nhttps://discord.com/channels/7082082...44666239647824\n
\nTwitter: \n@hack3rrunway\n
\nForum user(s) with details about this contest: \ns0ciabl3ng_dc\n .
\n
\nReturning to the stage for Defcon 30 was surreal and we’d be honored to return for the 5th year. Hack3r Runw@y brings out all the sheik geeks out there. It encourages rethinking fashion in the eyes of hackers. Be it smartwear, LED additions, obfuscation, cosplay or just everyday wear using fabrics and textures that are familiar to the community. Contestants can enter clothing, shoes, jewelry, hats or accessories. If it can be worn, it is perfect for the runway. For convenience, contestants can enter the contest with designs made ahead of the conference, however it needs to be made by them and not just store bought. Hack3r Runway is perfect for everyone whether technologically savvy or just crafty.
\n
\nAwards will be handed out in 4 categories and one trophy for the People’s Choice category where the winner is anyone’s guess:
\n
\nDigital wearable - LED, electronic, passive
\nSmart wear - interactive, temperature sensing, mood changing, card skimmers, etc
\nAesthetics (non-electronic)- 3d printed, geeky/nerdy wear, obfuscation, cosplay
\nFunctional wear - did you bling out your mask and/or shield, have a hazmat suit, lock pick earrings, cufflinks shims
\n
\nWinners will be selected based on, but not limited to:
\nUniqueness
\nTrendy
\nPractical
\nCouture
\nCreativity
\nRelevance
\nOriginality
\nPresentation
\nMastery​\n\n\''),(1449,'\'IntelOps - Operation Spacewatch\'','\'https://forum.defcon.org/node/245441\'','\'https://forum.defcon.org/node/245442\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\nIntelOps - Operation Spacewatch
\nFriday: 10:00 – 18:00
\nDEF CON Contest Area, Forum Ballroom​
\n
\n
\nWelcome to IntelOps - Operation Spacewatch! This is a game that pits you against threat actors in the near future, who are trying to trigger nuclear war! Using cyber threat intelligence, it is up to you to support cyber protection teams to defend a vital satellite constellation and prevent a hacker network from undermining your collective defense in a race against time.
\n
\n\nDescription of the game\n
\n
\nCyber Threat Intelligence (CTI) deals with information from past attacks, malware analysis and evolving threats in cyberspace. CTI enables enhanced decisions and getting ahead of the cyber-attack. But how can I apply CTI and use it? The game "IntelOps - Operation Spacewatch" aims to improve players\' understanding of CTI. Participants learn about different frameworks, sources and types of CTI and how they can use CTI data in a fun way. The game is built to teach terms and theory and apply CTI in a real-world context.
\n
\nThe game is based on four major CTI and cyber security models. These are the NIST Cyber Security Framework (CSF), MITRE ATT&CK Matrix, the Cyber Kill Chain and the Pyramid of Pain.
\n
\nAs a player, you are part of the United Nations (UN) CTI team and assigned to the mission to stop the attack on the satellite constellation. Your task is to use the available CTI your team has collected and assist the other members of the UN Cyber Protection Team (CPT).
\n
\nThe players find themselves in a near future scenario where every nation has access to ballistic-launched nuclear weapons. The United Nations has established a global satellite defense system to detect ballistic and hypersonic missile launches for monitoring and control purposes. The defense system allows the UN to be able to react immediately when suspicious activities on the weapons are detected. A global hacker network is threatening to disable the satellite constellation to use nuclear weapons for their purposes.
\n
\nYour team has to protect 32 satellites in the global defense system. If 4 or more satellites are compromised and deactivated, the hacker network successfully disenabled the defense system and can take control of the nuclear weapons. It is your mission to protect the satellite network and ensure the availability of the global defense system.
\n
\nThe event will host three simultaneous instances of a team game. Teams consist of three players each. Nine players can play at a time. Every game last 20 minutes in total. Each turn, the players have 5 minutes to decide on their CTI strategy, apply the information to the NIST CSF board and stop the attack. There are a maximum of four turns to a game.
\n​\n\n\''),(1450,'\'5n4ck3y\'','\'https://forum.defcon.org/node/245450\'','\'https://forum.defcon.org/node/245451\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n
\n
\n
\n..
\n5n4ck3y
\n
\nFriday: 10:00-18:00
\nSaturday: 10:00-18:00
\nSunday: 10:00-12:00​
\nDEF CON Contest Area, Forum Ballroom | in-person |
\n
\nTwitter: \nhttps://twitter.com/ANDnXOR\n
\n
\nAND!XOR creates electronic badges that are filled with challenges. We love doing this, especially coming up with unique ways for hackers to earn them. We are excited to re-introduce the newest member of our hacker-fam... 5n4ck3y (Snackey). 5n4ck3y is a vending machine hardware hacking project, retrofitted into an IoT CTF based badge dispensing machine, complete with bling. To earn a badge, you must find a flag on our web hosted CTF platform. Once you have found a flag, you will be given a 5n4ck3y dispense code. Enter the code into the vending machine and a badge will be dispensed to you! There are a variety of challenges to earn a badge, as well as challenges to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, OS & network security to name a few. Hardware hacking is our passion and we want people to learn on badges. But more importantly, there is a lot to learn at DEF CON, so our challenge will hopefully serve a desire to learn something new and meet new friends while trying to earn a badge and hack it further. We hope you enjoy 5n4ck3y and all that it has to offer!
\n​\n\n\''),(1451,'\'Adversary Wars CTF\'','\'https://forum.defcon.org/node/245457\'','\'https://forum.defcon.org/node/245458\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n..
\nAdversary Wars: Adversary Village CTF
\n
\nFriday: 10:00 - 17:00
\nSaturday: 10:00 - 17:00
\nSunday: 10:00 - 12:00
\nDEF CON Contest Area, Forum Ballroom
\n
\nTwitter: \nhttps://twitter.com/AdversaryVillag\n
\nWebsite: \nhttps://adversaryvillage.org/adversa...nts/DEFCON-31/\n
\n
\nAdversary Village proudly presents "Adversary Wars CTF," a cutting-edge capture the flag competition that revolves around adversary attack simulation, adversary-threat actor emulation, purple team tactics and adversary tradecraft. This unique competition is designed to replicate enterprise infrastructure and present participants with challenges that encourage the adoption of various techniques, tactics, and procedures (TTPs) employed by real adversaries and threat actors, all within a defined time frame.
\n
\nAdversary Village is a community-driven initiative that prioritizes adversary simulation, emulation, breach and attack simulation, adversary tactics, offensive/adversary tradecraft, philosophy, and purple teaming.
\n
\nOur objective is to establish a Capture the Flag competition dedicated to adversary simulation, purple teaming and knowledge sharing. Adversary Wars offers unique opportunities for “adversaries” aka participants to simulate attacks, explore new attack vectors, gain insights into threat actor profiles, master TTPs, and refine offensive tradecraft. With a range of adversary simulation exercises at different difficulty levels, this CTF promises real-world attack simulation scenarios and challenges.
\n
\nPrevious versions of the Adversary Wars CTF were hosted as part of Adversary Village, during DEF CON 29 and DEF CON 30.
\nWe are excited to be back at DEF CON as an official contest this year. Adversary Wars CTF will be located in the contest area for DEF CON 31.​
\n
\nA forum user who is an organizer for this which can provide authoritative answers is : \nabx\n (any other person claiming to be an organizer for this with "answers" may not actually be an organizer for this.)\n\n\''),(1452,'\'Cloud Village CTF\'','\'https://forum.defcon.org/node/245467\'','\'https://forum.defcon.org/node/245468\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n
\n..
\n
\nCloud Village CTF
\n​
\nWhen: Starts at 10AM on Friday and ends at 12PM on Sunday (runs continuously).
\n
\nWhere: Online.
\nTwitter: \n@cloudvillage_dc\n
\nWebsite: \nhttps://cloud-village.org\n
\n
\nIf you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!
\n
\nOur CTF is a three days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.
\n
\nYou can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? :D
\n​\n\n\n\n\''),(1453,'\'DEF CON Chess Tournament\'','\'https://forum.defcon.org/node/245485\'','\'https://forum.defcon.org/node/245486\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\nDEF CON Chess Tournament
\nSaturday: 15:00 - 18:00
\nDEF CON Contest Area, Forum Ballroom | in-person |
\n
\nTwitter: @\ndefconchess\n , For early registration, please send your name and rating to: \ndefconchess@gmail.com\n​
\n
\nChess, computers, and hacking go way back. In the 18th century, the Mechanical Turk appeared to play a good game, but there was a human ghost hiding in the shell. Some of the first computer software was written to play chess. In 1997, world champion Garry Kasparov lost to the program Deep Blue, but after the match he accused IBM of cheating, alleging that only a rival grandmaster could have made certain moves.
\n
\nAt DEF CON 31, we will run a human chess tournament. The games will have a “blitz” time control of 5 minutes on each player’s clock, for a maximum total game time of 10 minutes. The tournament will have a Swiss-system format, with a fixed number of rounds. The match pairing for each round is done after the previous round has ended, and depends on its results. Each player is paired with another player who has a similar running score.
\n
\nTo determine the winner, the Swiss system is considered highly effective, even when there is a large number of competitors and a small number of rounds. Every player gets to play the full tournament, and the winner has the highest aggregate score when all rounds are over.
\n
\nThere will be trophies and prizes for the top three players.
\n
\nThe tournament mechanics will be managed by the Las Vegas Chess Center (LVCC), which has many years of experience in organizing royal game tournaments for all strength levels and ages. LVCC has professional coaches, and grandmasters are frequent visitors.​
\n
\nMax players: 100. In order to crown the best chess player at DEF CON, we will register the highest-rated players first.\n\n\''),(1454,'\'Trace Labs OSINT Search Party CTF\'','\'https://forum.defcon.org/node/245519\'','\'https://forum.defcon.org/node/245520\'','','','','','\'\n.. \n\n\n\"Click\n\n\n\n
\n
\n..
\nTrace Labs OSINT Search Party CTF
\nFriday: 10:00 - 18:00
\nSaturday: 10:00 – 17:00
\nDEF CON Contest Area, Forum Ballroom | Hybrid
\n
\n\nhttps://www.tracelabs.org/initiatives/search-party\n
\nTwitter: @\ntracelabs​\n
\nForum users that can provide authoritative comments or answer questions: \nBelouve\n
\n
\nThe Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons
\n
\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together, stop by our booth for a registration code, and join us at searchparty.tracelabs.org/register .​.
\n..\n\n\''); /*!40000 ALTER TABLE `contests` ENABLE KEYS */; UNLOCK TABLES; -- -- Table structure for table `demolabs` -- DROP TABLE IF EXISTS `demolabs`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `demolabs` ( `ID` int(11) NOT NULL AUTO_INCREMENT, `Name` varchar(200) COLLATE utf8_unicode_ci NOT NULL, `ForumPage` varchar(40) COLLATE utf8_unicode_ci NOT NULL, `ForumArticle` varchar(40) COLLATE utf8_unicode_ci NOT NULL, `Webpage` varchar(60) COLLATE utf8_unicode_ci NOT NULL, `Weblink` varchar(60) COLLATE utf8_unicode_ci NOT NULL, `ImagePath` varchar(30) COLLATE utf8_unicode_ci NOT NULL, `Descript` varchar(15000) COLLATE utf8_unicode_ci NOT NULL, PRIMARY KEY (`ID`) ) ENGINE=InnoDB AUTO_INCREMENT=469 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `demolabs` -- LOCK TABLES `demolabs` WRITE; /*!40000 ALTER TABLE `demolabs` DISABLE KEYS */; INSERT INTO `demolabs` VALUES (433,'\'Abusing Microsoft SQL Server with SQLRecon - Sanjiv Kawa\'','\'https://forum.defcon.org/node/246336\'','\'https://forum.defcon.org/node/246337\'','','','','\'\nAbusing Microsoft SQL Server with SQLRecon
\n
\nSaturday August 12, 12:00 – 13:55, Caucus Boardroom, Forum
\n
\nSanjiv Kawa
\n
\nSQLRecon helps address the post-exploitation tooling gap by modernizing the approach red team operators can take when attacking SQL Servers. The tool was designed to be modular, allowing for ease of extensibility and contributions from the hacker community. SQLRecon is written in C# and is compatible stand-alone or within a diverse set of command and control (C2) frameworks (Cobalt Strike, Nighthawk, Mythic, PoshC2, Sliver, etc). When using the latter, SQLRecon can be executed either in-process, or through traditional fork and run. SQLRecon has over 50 modules which can help facilitate with enumeration, collection, code execution, privilege escalation and lateral movement. It has been designed with operational security and defense evasion in mind.
\n
\nSanjiv Kawa (@sanjivkawa) is a Senior Managing Security Consultant on the IBM X-Force Red Adversarial Simulation team with over ten years of experience performing offensive security assessments. As part of the IBM X-Force Red Adversarial Simulation team, Sanjiv spends his days breaking into the largest organizations in the world by emulating adversary tactics, techniques and procedures to reach target objectives. He then advises these organizations on ways they can improve their security posture by implementing or tuning controls. Sanjiv is an active member in the security community. He has developed a variety of tooling and presented at large conferences, such as BSides and Wild West Hackin’ Fest and frequently contributes to projects on GitHub.
\n
\nAudience - Offense and Defense​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 12:00\n\n\n\nEnds\n\nAugust 12, 2023 13:55\n\n\n\nLocation\n\nCaucus Boardroom, Forum\n\n\n\n\n\''),(434,'\'Am I Exploitable? (MI-X) - Ofri Ouzan & Yotam Perkal\'','\'https://forum.defcon.org/node/246340\'','\'https://forum.defcon.org/node/246341\'','','','','\'\nAm I Exploitable? (MI-X)
\n
\nSaturday August 12, 12:00 – 13:55, Council Boardroom, Forum
\n
\nOfri Ouzan & Yotam Perkal
\n
\nAddressing security vulnerabilities begins with verifying the impact on an environment. Merely having a vulnerable package installed does not guarantee exploitability, as several conditions must align for the vulnerability to be applicable and exploitable. For example: is the operating system in question susceptible to the vulnerability? is the vulnerable component loaded to memory? is the required configuration in place? is there a patch installed? And more... Standard vulnerability scanners simply do not take these factors into account and thus require manual triage in order to answer “Can a vulnerability be exploited in a given environment?”. ‘Am I Exploitable?’ (MI-X), is an open-source tool aimed at effectively determining whether a local host or running container is truly affected by a specific vulnerability by accounting for all factors which affect *actual* exploitability. MI-X also prints out the logical steps it takes in order to reach a decision and can also provide a graphical representation of the validation flow. The tool can therefore help practitioners understand what are the factors that affect exploitability for each of the supported vulnerabilities.
\n
\nOfri Ouzan is an experienced Security Researcher who has been working in the cybersecurity field for over four years. She specializes in conducting security research on Windows, Linux, Cloud Platforms, and containerized applications with an emphasis on vulnerabilities. Her expertise lies in finding and solving complex problems in the cyber field, developing automation and open-source tools.
\n
\nYotam leads the vulnerability research team at Rezilion, focusing on research around vulnerability validation, mitigation, and remediation. Prior to Rezilion, Yotam filled several roles at PayPal Security organization, dealing with vulnerability management, threat intelligence, and Insider threat. Additionally, Yotam takes part in several OpenSSF working groups around open-source security as well as several CISA work streams around SBOM and VEX and is also a member of the PyCon Israel organization committee. He is passionate about Cyber Security and Machine Learning and is especially intrigued by the intersection between the domains, whether it be using ML in order to help solve Cyber Security challenges or exploring the challenges in securing ML applications.
\n
\nAudience - Defense and Offense​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 12:00\n\n\n\nEnds\n\nAugust 12, 2023 13:55\n\n\n\nLocation\n\nCouncil Boardroom, Forum\n\n\n\n\n\''),(435,'\'Attack Surface Framework - Prajwal Panchmahalkar & Mike Henkelman\'','\'https://forum.defcon.org/node/246316\'','\'https://forum.defcon.org/node/246317\'','','','','\'\nAttack Surface Framework
\n
\nFriday August 11, 14:00 – 15:55, Council Boardroom, Forum
\n
\nPrajwal Panchmahalkar & Mike Henkelman
\n
\nAttack Surface Framework(ASF) aims to protect organizations acting as an attack surface watchdog. The Attack Surface Framework (ASF) was developed with motivation to automate and address vulnerabilities through continuous scanning and tracking risks at scale, in a comprehensive and adaptable approach, particularly against 0-day vulnerabilities with publicly available POCs. The Attack Surface Framework (ASF) is a modular, extensible, and customizable framework designed to help organizations manage their public attack surface risks. ASF will auto-discover assets such as network subnets, domains including subdomains, enumerate their ports and services, track deltas and serve as a continuous and flexible, attacking and alerting framework, leveraging another layer of support. ASF provides modules for attack surface management including asset discovery and management, asset enumeration, vulnerability scanning, and vulnerability testing. ASF is equipped with a set of CLI tools and an API, enabling users to interact with the framework and integrate it with other tools and processes. Additionally, ASF includes a web-based user interface for visualizing an organization\'s attack surface and managing vulnerabilities.
\n
\nPrajwal Panchmahalkar is a Technical Director, Red Team at VMware Inc., He has contributed to public security research and has been the Development Lead for Matriux since 2009. In the past he was a Research Assistant at Texas Tech University working on Security of Critical Infrastructure and Smart Grid Energy Systems, with a journal published on Elsevier. A Finalist for America\'s Information Security Leadership Award 2012 (AISLA) by (ISC)2. Previously Prajwal was a speaker at BlackHat Arsenal, c0c0n, BSidesLV and GrrCon. Currently on review board for c0c0n, India. He was a chapter lead for n|u, Hyderabad an open security community. Prajwal holds a Masters degree in Computer Science from the Texas Tech University, Lubbock.
\n
\nMike Henkelman is a Sr Manager, Vulnerability Management Global at VMWare Inc. He began his career as a MCSE certified systems administrator in the mid 90’s before joining Cisco Systems and working in the IPABU on the edge development team for the 2600 series router and 3500 series switch and authoring white papers on CEF. Going on to manage several enterprise data centers, he later began focusing on information security and managed Vulnerability Management programs for companies that include Pivotal Software before joining VMWare where his team mitigates risk for one of corporate America’s largest asset libraries with audit attestations that include FedRAMP IL5 High, CE+. I24, IRAP, PCI-DSS among nearly two dozen others.
\n
\nAudience - Defense and Offense
\n
\n
\n​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 14:00\n\n\n\nEnds\n\nAugust 11, 2023 15:55\n\n\n\nLocation\n\nCouncil Boardroom, Forum\n\n\n\n\n\''),(436,'\'BBOT (Bighuge BLS OSINT Tool) - TheTechromancer (Joel Moore) & Paul Mueller\'','\'https://forum.defcon.org/node/246338\'','\'https://forum.defcon.org/node/246339\'','','','','\'\nBBOT (Bighuge BLS OSINT Tool)
\n
\nSaturday August 12, 12:00 – 13:55, Accord Boardroom, Forum
\n
\nTheTechromancer (Joel Moore) & Paul Mueller
\n
\nBBOT (Bighuge BLS OSINT Tool) is a new recursive OSINT scanner inspired by Spiderfoot, but designed and optimized for bigger targets and faster scan times. BBOT is open-source and written in Python. Its 80+ modules range in function from subdomain enumeration to cryptographic exploitation. BBOT can map the attack surface of an organization (and sometimes get you RCE) in a single command.
\nFeatures include:
\n- multiple targets
\n- automatic dependencies w/ ansible
\n- python API
\n- subdomain enumeration
\n- email enumeration
\n- cloud bucket enumeration
\n- port scanning
\n- web service enumeration
\n- web screenshots
\n- web spidering
\n- vulnerability scanning (with nuclei and more)
\n
\nTheTechromancer is a hacker at Black Lantern Security (BLS). He loves coding in Python, and is the creator of several security tools including ManSpider, TrevorSpray, and BBOT (Bighuge BLS OSINT Tool). He has also made contributions to other open-source projects such as Spiderfoot.
\n
\nPaul Mueller is a Principal Operator at Black Lantern Security (BLS). He specializes in web application testing and application security. He loves finding complex hard-to-find web bugs, especially when they involve cryptography. He is also one of the developers for the BLS tools Writehat and BBOT (Bighuge BLS OSINT Tool). Prior to working with BLS, he spent over a decade as a DoD contractor providing both penetration testing and security analysis/incident handling. He got his start in the field as a systems administrator and later as a Signals Intelligence Analyst with the US Marine Corps.
\n
\nAudience - BBOT is useful to both Offensive (for automating recon / bug bounties) and Defensive (for attack surface mapping).
\n
\n
\n​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 12:00\n\n\n\nEnds\n\nAugust 12, 2023 13:55\n\n\n\nLocation\n\nAccord Boardroom, Forum\n\n\n\n\n\''),(437,'\'BLE CTF - Ryan Holeman & Alek Amrani\'','\'https://forum.defcon.org/node/246344\'','\'https://forum.defcon.org/node/246345\'','','','','\'\nBLE CTF
\n
\nSaturday August 12, 14:00 – 15:55, Unity Boardroom, Forum
\n
\nRyan Holeman & Alek Amrani
\n
\nBLE CTF is a series of Bluetooth Low Energy challenges in a capture the flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. Over the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, trainings, and conferences have utilized it as an educational platform and CTF. As an open source, low cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research.
\n
\nRyan Holeman resides in Austin, Texas, where he works as the CISO for the peer-to-peer payment platform Strike. He is currently pursuing a Ph.D. in cyber defense from Dakota State University. He has spoken at respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. You can keep up with his current activity, open source contributions, and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.
\n
\nAlek Amrani - bad at expense reports
\n
\nAudience - Offensive & Hardware
\n
\n
\n​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 14:00\n\n\n\nEnds\n\nAugust 12, 2023 15:55\n\n\n\nLocation\n\nUnity Boardroom, Forum\n\n\n\n\n\''),(438,'\'Build Inspector - A modern Javert on the trail of CI/CD Anomalies and Intruders - Jeremy Banker\'','\'https://forum.defcon.org/node/246230\'','\'https://forum.defcon.org/node/246231\'','','','','\'\nBuild Inspector - A modern Javert on the trail of CI/CD Anomalies and Intruders
\n
\nFriday August 11, 12:00 – 13:55, Caucus Boardroom, Forum
\n
\nJeremy Banker
\n
\nIn the ever evolving landscape of software development, maintaining the integrity and security of your build, test and deployment pipelines is paramount. Build Inspector is an always-watching guard dog, looking for information about the dependencies being consumed and produced, while also calling out instances of risky practices or potential signs of compromise during pipeline runs. Watch as the inspector turns piles of plaintext logs into structured data, perfect for automated analysis, correlation and alerting. With simple containerized deployment and self-documenting REST API, it has never been easier to ensure your build logs are always being watched.
\n
\nA lifelong learner and broad technology enthusiast, Jeremy Banker holds a Masters degree in Information Security and is a founding member of the Security Product Engineering, Automation and Research (SPEAR) team at VMware. He has designed, built and implemented solutions to ensure that VMware\'s software supply chain remains secure. When not looking for new ways to keep software safe, he can usually be found tinkering with all manner of gadgets, working to bring amateur radio software into the modern era, or enjoying the peace of nature in his native Colorado.
\n
\nAudience - DevSecOps, Compliance, Threat Management, Vulnerability Management
\n
\n
\n​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 12:00\n\n\n\nEnds\n\nAugust 11, 2023 13:55\n\n\n\nLocation\n\nCaucus Boardroom, Forum\n\n\n\n\n\''),(439,'\'CNAPPGoat - Noam Dahan, Igal Gofman\'','\'https://forum.defcon.org/node/246226\'','\'https://forum.defcon.org/node/246227\'','','','','\'\nCNAPPGoat
\n
\nFriday August 11, 12:00 – 13:55, Accord Boardroom, Forum
\n
\nNoam Dahan & Igal Gofman
\n
\nCNAPPGoat is a multi-cloud vulnerable-by-design environment deployment tool – it deploys vulnerable environments to various cloud service providers, so that offensive professionals and pentesters can practice exploiting them and defenders can practice detection and prevention. CNAPPGoat is an extensible modular tool that deploys environments with more complex scenarios - vulnerable VMs, multi-stage lateral movement attacks, IaC misconfigurations, and vulnerable IAM misconfigurations.
\n
\nNoam Dahan is a Senior Security Researcher at Ermetic with several years of experience in embedded security. He is a graduate of the Talpiot program at the Israel Defense Forces and spent several years in the 8200 Intelligence Corps. Noam was a competitive debater and is a former World Debating Champion.
\n
\nIgal Gofman is a Head of Security Research at Ermetic. Igal has a proven track record in cloud security, network security, research-oriented development, and threat intelligence. His research interests include cloud security, operating systems, and active directory. Prior to Ermetic Igal worked at Microsoft, XM-Cyber, and Check Point Software Technologies. Igal has spoken at various leading security conferences including Black Hat and DEF-CON. |
\nAudience - Primary audience: Defense, Cloud Security, Secondary audience - Offense​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 12:00\n\n\n\nEnds\n\nAugust 11, 2023 13:55\n\n\n\nLocation\n\nAccord Boardroom, Forum\n\n\n\n\n\''),(440,'\'Dracon - Spyros Gasteratos\'','\'https://forum.defcon.org/node/246222\'','\'https://forum.defcon.org/node/246223\'','','','','\'\nDracon
\n
\nFriday August 11, 12:00 – 13:55, Council Boardroom, Forum
\n
\nSpyros Gasteratos
\n
\nDracon is an open-source Application and Cloud security automation framework that helps organizations create security workflows and improve their security posture. Dracon can run a wide range of security tools against any target, and it can deduplicate and enrich the results of those tools with contextual or regulatory information. Dracon can then send the enriched results to any visualization or data processing tool. Here are some of its key features: Automated security workflows: Dracon can automate the execution of security tools and the aggregation of results, which saves both time and effort. Scalable and flexible: Dracon is both scalable and flexible with a wide array of existing integrations and more on the way, Dracon integrates seamlessly with any exisitng toolset. Open source: Dracon is open-source platform, which means that it is free to use and modify.
\n
\nSpyros is a Security Engineer with over a decade of experience in various organisations. Currently, he is helping Fintechs mature their AppSec programmes through automation. He maintains several Open Source projects including Dracon, opencre.org and others. Also, he is heavily involved with the OWASP foundation helping with outreach and diversity efforts.
\n
\nAudience - Offense, Defense, AppSec, CloudSec​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 12:00\n\n\n\nEnds\n\nAugust 11, 2023 13:55\n\n\n\nLocation\n\nCouncil Boardroom, Forum\n\n\n\n\n\''),(441,'\'Ek47 – Payload Encryption with Environmental Keys - Kevin Clark, Skyler Knecht\'','\'https://forum.defcon.org/node/246228\'','\'https://forum.defcon.org/node/246229\'','','','','\'\nEk47 – Payload Encryption with Environmental Keys
\n
\nFriday August 11, 12:00 – 13:55, Committee Boardroom, Forum
\n
\nKevin Clark & Skyler Knecht
\n
\nEk47 is a payload encryptor that leverages user-selected environmental keys associated with a target execution context. In the absence of these environmental keys, Ek47 payloads will not decrypt and execute. This creates a strong resistance to automated/manual analysis and reverse engineering of payloads. Ek47 supports many different environmental keys such as current user, domain, computer name, installed programs, and more. Additionally, Ek47 supports packing payloads of .NET assemblies, unmanaged DLLs, and raw shellcode. Ek47 payloads are themselves .NET assemblies and can be uploaded to disk or executed reflectively via any execute-assembly method. By default, a standard AMSI/ETW bypass is executed before the main payload is executed, but Ek47 makes it easy to add custom bypasses for more advanced evasion functionality. Additional miscellaneous features are provided such as entropy management, PE header stomping, and generation of service executables.
\n
\nKevin Clark is a Software Developer turned Penetration Tester at TrustedSec. He focuses on initial access and Active Directory exploitation. He contributes to open-source tools such as PowerShell Empire and Metasploit. He also writes his own custom security tools such as Badrats and Ek47. Kevin has a passion for education and volunteers on the Midwest Collegiate Cyber Defense Competition (CCDC) red team. He teaches courses with BC-SECURITY at BlackHat and other venues about Evasion, Red Teaming, Empire Operations, and Active Directory. Kevin authors a cybersecurity blog at \nhttps://henpeebin.com/kevin/blog\n.
\n
\nSkyler Knecht is a Information Security Specialist who performs a variety of security assessments including, phishing, internal/external penetration tests and red teaming. Skyler Knecht worked as a consultant for three years and has recently pivoted to an internal team at Navy Federal Credit Union. Skyler Knecht is continually researching all fields of study but is primarily focused developing offensive tooling such as command and control frameworks and implants.
\n
\nAudience - Offense, Red Team
\n
\n
\n​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 12:00\n\n\n\nEnds\n\nAugust 11, 2023 13:55\n\n\n\nLocation\n\nCommittee Boardroom, Forum\n\n\n\n\n\''),(442,'\'EvilnoVNC: Next-Gen Spear Phishing Attacks - Joel Gámez Molina\'','\'https://forum.defcon.org/node/246314\'','\'https://forum.defcon.org/node/246315\'','','','','\'\nEvilnoVNC: Next-Gen Spear Phishing Attacks
\n
\nFriday August 11, 14:00 – 15:55, Committee Boardroom, Forum
\n
\nJoel Gámez Molina
\n
\nEvilnoVNC is a Ready to go Phishing Platform. Unlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection. In addition, this tool allows us to see in real time all of the victim\'s actions, access to their downloaded files and the entire browser profile, including cookies, saved passwords, browsing history and much more.
\n
\nSystems administrator with more than ten years of experience, he currently works as a security consultant at Deloitte Touche Tohmatsu, where he develops adversarial simulation exercises (Red Team Operations). Previously, he was Chief Technology Officer (CTO) of the startup Cyberguard. He also teaches courses and masters in ethical hacking, pentesting and PowerShell for high-level organizations and universities. Creator of the blog darkbyte.net and speaker at renowned national and international conferences, such as Black Hat USA (2020/2021) and Black Hat Europe (2022). Programmer of hacking tools in his spare time, he has developed tools of all kinds, such as: AutoRDPwn, Cloudtopolis, EvilnoVNC, Invoke-DNSteal, PyShell or PSRansom among others.
\n
\nAudience - Offense & Social Engineering.​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 14:00\n\n\n\nEnds\n\nAugust 11, 2023 15:55\n\n\n\nLocation\n\nCommittee Boardroom, Forum\n\n\n\n\n\''),(443,'\'FlowMate - Florian Haag, Nicolas Schickert\'','\'https://forum.defcon.org/node/246220\'','\'https://forum.defcon.org/node/246221\'','','','','\'\nFlowMate
\n
\nFriday August 11, 12:00 – 13:55, Society Boardroom, Forum
\nFlorian Haag & Nicolas Schickert
\n
\nImagine pentesting a large web application with hundreds of pages and forms, as well as user roles and tenants. You discover that your chosen username is reflected in many locations inside the application, but you don\'t have a detailed overview. You want to test whether the chosen username is handled properly or allows for injection attacks, such as Cross-Site Scripting or Server-Site Template Injection. Now you face the challenge of finding all locations where your payloads appear when injecting into the username. In large applications, you\'ll likely miss some, potentially leaving vulnerabilities undetected. This is where FlowMate comes into play, our novel tool to detect data flows in applications for enhanced vulnerability assessments. FlowMate consists of two components: A BurpSuite plugin and a data flow graph based on Neo4j. It records inputs to the application as you go through the pages exploring the application and searches for occurrences of the captured inputs in the responses. This results in a graph that can be visualized and searched for parameters of interest and where they\'re occurring on the site. Understanding the data flows of an application helps to significantly improve the test coverage and bring your pentesting to the next level.
\n
\nFlorian Haag is a senior security consultant at usd AG with experience in penetration testing, software security assessments as well as code reviews. He is specialized in penetration tests of thick client applications, leveraging his background in software development to reverse engineer proprietary client applications and network protocols. In previous scientific work, he worked on novel approaches to application-level data flow analysis to improve penetration testing coverage. In addition, he analyzed website clones used in phishing campaigns and the frameworks that are used by fraudsters to create and operate cloned websites.
\n
\nNicolas Schickert is security researcher and penetration tester at usd AG, an information security company based in Germany. He is in charge of SAP specific penetration tests at the usd HeroLab. In this role, Nicolas is responsible for the collection of SAP related knowledge and the development of new analysis tools. He is interested in reverse engineering and vulnerability research and has published several zero-day vulnerabilities, not only in the context of SAP.
\n
\nAudience: Offense, AppSec​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 12:00\n\n\n\nEnds\n\nAugust 11, 2023 13:55\n\n\n\nLocation\n\nSociety Boardroom, Forum\n\n\n\n\n\''),(444,'\'Glyph - Corey Hartman\'','\'https://forum.defcon.org/node/246312\'','\'https://forum.defcon.org/node/246313\'','','','','\'\nGlyph
\n
\nFriday August 11, 14:00 – 15:55, Society Boardroom, Forum
\n
\nCorey Hartman
\n
\nReverse engineering is an important task performed by security researchers to identify vulnerable functions and malicious functions in IoT (Internet of Things) devices that are often shared across multiple devices of many system architectures. Common techniques to currently identify the reuse of these functions do not perform cross-architecture identification unless specific data such as unique strings are identified that may be of use in identifying a piece of code. Utilizing natural language processing techniques, Glyph allows you to upload an ELF binary (32 & 64 bit) for cross-architecture function fingerprinting, upon analysis, a web-based function symbol table will be created and presented to the user to aid in their analysis of binary executables/shared objects.
\n
\nCorey Hartman served 6 years active duty in the United States Air Force, later obtaining a Bachelor of Science degree in Software Development, and a Master of Science degree in Computer Science. Corey is now a student at Dakota State University pursuing a PhD in Cyber Operations with his dissertation focused on behavioral analysis of malware through machine learning, and works as a software developer and reverse engineer out of San Antonio, Texas.
\n
\nAudience - Reverse engineers​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 14:00\n\n\n\nEnds\n\nAugust 11, 2023 15:55\n\n\n\nLocation\n\nSociety Boardroom, Forum\n\n\n\n\n\''),(445,'\'HardHat Command & Control Framework - Jonathan Owens\'','\'https://forum.defcon.org/node/246352\'','\'https://forum.defcon.org/node/246353\'','','','','\'\nHardHat Command & Control Framework
\n
\nSaturday August 12, 14:00 – 15:55, Committee Boardroom, Forum
\n
\nJonathan Owens
\n
\nHardHat is a multi-platform, multi-user, .NET command and control framework written in C# designed to aid in red team operations and penetration testing. HardHat aims to improve the quality-of-life of operators by providing an easy-to-use but formidable C2 framework by incorporating robust features, ease of data access, and modern UI upgrades to a high-level language that is easily extensible.
\n
\nJonathan Owens is a red team operator on the Adversary Simulation team at SpecterOps, where he conducts advanced offensive engagements, such as red teaming exercises, penetration tests, and tool creation. He enjoys C# development and learning new programming languages with a specific focus on command & control framework and agent development. He maintains a tool repo at \nhttps://github.com/dragoqcc\n.
\n
\nAudience - Offensive​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 14:00\n\n\n\nEnds\n\nAugust 12, 2023 15:55\n\n\n\nLocation\n\nCommittee Boardroom, Forum\n\n\n\n\n\''),(446,'\'ICS Forensics tool - Maayan Shaul & Ori Perez\'','\'https://forum.defcon.org/node/246354\'','\'https://forum.defcon.org/node/246355\'','','','','\'\nICS Forensics tool
\n
\nSaturday August 12, 14:00 – 15:55, Society Boardroom, Forum
\n
\nMaayan Shaul & Ori Perez
\n
\nMicrosoft ICS Forensics Tools is an open source forensic toolkit for analyzing Industrial PLC metadata and project files. Microsoft ICS Forensics Tools enables investigators to identify suspicious artifacts on ICS environment for detection of compromised devices during incident response or manual check. Microsoft ICS Forensics Tools is open source, which allows investigators to verify the actions of the tool or customize it to specific needs, currently support Siemens S7 via Snap7.
\n
\nMaayan Shaul is a Malware Analyst and Security Researcher in Section52 at Microsoft Defender for IoT (formerly CyberX). Experienced in the fields of malware analysis, reverse engineering and the IoT/OT landscape.
\n
\nOri Perez is a Malware Analyst and Reverse Engineer with vast experience in dealing with Nation-sponsored cyber attacks as an ex-officer at the IDF\'s CERT. Ori is manager at Microsoft Defender for IoT research team (formerly CyberX) and research IoT/OT protocol research for IoT/OT tools .
\n
\nAudience - Defense, forensics folks, ICS/OT enthusiastic​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 14:00\n\n\n\nEnds\n\nAugust 12, 2023 15:55\n\n\n\nLocation\n\nSociety Boardroom, Forum\n\n\n\n\n\''),(447,'\'Katalina - Gabi Cirlig\'','\'https://forum.defcon.org/node/246240\'','\'https://forum.defcon.org/node/246642\'','','','','\'\nHello!
\n
\nI\'m Gabi and I\'ll slowly be releasing bits and pieces of what Katalina can do while we get closer to the conference. Since I\'ll be launching the tool live when the conference starts, it\'s gonna be a bit more until y\'all can play with the tool :D For now, please find attached some funny strings that I\'ve deobfuscated from a Xenomorph sample!
\n
\n\"Click\n​
\n
\nThis is how the original function for the string "hq.json" looked like:
\n
\n\"Click\n​
\n
\nKatalina automatically found an entrypoint that called this string obfuscating function, executed it and spit out the generated string! As you can see, the tool is like Unicorn but for Dalvik bytecode. It provides an environment that can execute Android bytecode automatically or one function at a time, but more on that in a later post. For more questions feel free to post here or DM me on Twitter (@hookgab) or Mastodon (hookgab@mas.to).\n\n\n\n\''),(448,'\'Kraken, a modular multi-language webshell for defense evasion - Raul Caro\'','\'https://forum.defcon.org/node/246334\'','\'https://forum.defcon.org/node/246335\'','','','','\'\nKraken, a modular multi-language webshell for defense evasion
\n
\nSaturday August 12, 12:00 – 13:55, Society Boardroom, Forum
\n
\nRaul Caro
\n
\nKraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP, JSP and ASPX) and its core is developed in Python. Kraken follows the principle of "avoiding command execution" by re-implementing it through the functionalities of the programming language in use. Kraken seeks to provide usability, scalability and improve the OPSEC of ongoing operations.
\n
\nRaul Caro Teixido (OSCP, CRTE) is an Offensive Security Engineer at Telefonica Tech. He is the co-author of Mistica (your friendly data smuggler) presented in BlackHat Arsenal USA 2020, and the creator of Kraken (a modular multi-language webshell).
\n
\nAudience - offensive (red team) and defensive (blue team and threat hunting) profiles
\n
\n
\n​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 12:00\n\n\n\nEnds\n\nAugust 12, 2023 13:55\n\n\n\nLocation\n\nSociety Boardroom, Forum\n\n\n\n\n\''),(449,'\'Lambda Looter - Doug Kent & Rob Ditmer\'','\'https://forum.defcon.org/node/246322\'','\'https://forum.defcon.org/node/246323\'','','','','\'\nLambda Looter
\n
\nSaturday August 12, 10:00 – 11:55, Accord Boardroom, Forum
\n
\nDoug Kent & Rob Ditmer
\n
\nOrganizations can have thousands of lines of code that are stored in Lambda on AWS. This application was built to help reduce the amount of time it takes to review that code. On our last Pen Test, we had so much Lambda code to review it was impossible to parse through all of it in the short amount of time assigned to our test. This lack of time created a necessity to automate the review of that lambda code for secrets. Lambda Looter will take a list of profiles and scan through them and download the code you have access to and then process that code for secrets, outputting any potential secrets to a loot directory. Even though this tool can generate a number of false positives it makes looking for secrets much faster than scanning the code manually.
\n
\nDoug has worked at State Farm for about 20 years. Working on mostly security technologies ranging from Active Directory, PKI, Endpoint protection and finally landing recently on the Pen Testing team. Doug has a passion for identifying vulnerabilities and partnering with control solution teams to protect State Farm data and fulfill our promise to customers. He strives to help others with offensive security skills by providing training, guidance, and kill chain demonstrations.
\n
\nRob has been on the State Farm PenTesting Team for 2 years. Prior to his time at State Farm, he has worked with various other companies as a penetration testing consultant – enabling him to experience a wide range of technologies and their differing implementations. Rob enjoys the challenge of developing tools and infrastructure to better the skills and abilities of the PenTesting team, ultimately to better the protections around State Farm data.
\n
\nAudience - Penetration Testers, Red Teamers, AWS Admins, AWS Developers, Threat Hunters​
\n\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 10:00\n\n\n\nEnds\n\nAugust 12, 2023 11:55\n\n\n\nLocation\n\nAccord Boardroom, Forum\n\n\n\n\n\''),(450,'\'Lupo: Malware IOC Extractor - Vishal Thakur\'','\'https://forum.defcon.org/node/246330\'','\'https://forum.defcon.org/node/246331\'','','','','\'\nLupo: Malware IOC Extractor
\n
\nSaturday August 12, 10:00 – 11:55, Caucus Boardroom, Forum
\n
\nVishal Thakur
\n
\nLupo is a dynamic analysis tool that can be used as a module with the debugger.
\n
\nVishal Thakur has worked in the information security industry for many years in hands-on technical roles, specializing in Incident Response with a heavy focus on Emerging Threats, Malware Analysis and Research. He has presented his research at international conferences (BlackHat, FIRST, SANS DFIR Summit) and has also run training/workshops at BlackHat and FIRST Conference. Vishal is currently working as Manager, Threat Operations Center at Huntress. In past roles, Vishal worked as a Senior Researcher at Salesforce, helping their Incident Response Centre with advanced threat analysis and developing DFIR tools and has been a part of the Incident Response team at the Commonwealth Bank of Australia.
\n
\nAudience - Defense, Malware Analysis, Reverse Engineering
\n
\n
\n​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 10:00\n\n\n\nEnds\n\nAugust 12, 2023 11:55\n\n\n\nLocation\n\nCaucus Boardroom, Forum\n\n\n\n\n\''),(451,'\'OpenSSF Scorecard - Naveen Srinivasan & Neil Naveen\'','\'https://forum.defcon.org/node/246318\'','\'https://forum.defcon.org/node/246319\'','','','','\'\nOpenSSF Scorecard
\n
\nFriday August 11, 14:00 – 15:55, Caucus Boardroom, Forum
\n
\nNaveen Srinivasan & Neil Naveen
\n
\nIntroducing Scorecard, an innovative open-source tool designed to secure the software supply chain by scanning over 1.2 million GitHub repositories for potential security risks. Scorecard automates the process of evaluating a project\'s adherence to security best practices, assigning a score based on the results. The scores and detailed analysis are readily accessible via a comprehensive API (\nhttps://api.securityscorecards.dev\n), empowering developers to easily integrate security checks into their workflows. Additionally, Scorecard provides a CLI for individual use and a GitHub action that allows repository owners to continuously monitor and improve their project\'s security posture. Whether you\'re a seasoned developer or an open-source enthusiast, Scorecard gives you the power to make the software supply chain safer for everyone.
\n
\nNaveen Srinivasan is a contributor and maintainer of multiple \nhttp://github.com/ossf/\n projects, a member and contributor to the \nhttp://github.com/sigstore\n organization. His contributions have earned him recognition with Google Peer Bonus awards in 2021 \nhttps://twitter.com/snaveen/status/1422921438764453897\n and 2022 \nhttps://twitter.com/snaveen/status/1563194155333222400\n. He has consistently contributed to the open-source community for an extended period, with no gaps in activity for the past two years.In addition to his technical contributions, He is a sought-after speaker at conferences, discussing topics related to supply chain security and mitigating risks in open-source software. He can be found on Twitter (@Naveen_Srini) at \nhttps://twitter.com/Naveen_Srini_\n
\n
\nNeil Naveen is an 8th grader in the US who is passionate about jiu-jitsu, solving Leetcode puzzles, and book author. OSS contributor.
\n
\nAudience - AppSec, DevSecOps​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 14:00\n\n\n\nEnds\n\nAugust 11, 2023 15:55\n\n\n\nLocation\n\nCaucus Boardroom, Forum\n\n\n\n\n\''),(452,'\'OWASP crAPI: Completely Ridiculous API - Jayesh Ahire and Roshan Piyush\'','\'https://forum.defcon.org/node/246161\'','\'https://forum.defcon.org/node/246163\'','','','','\'\nOWASP crAPI: Completely Ridiculous API
\n
\nFriday August 11, 14:00 – 15:55, Accord Boardroom, Forum
\n
\nJayesh Ahire, Roshan Piyush
\n
\nOWASP crAPI is an intentionally vulnerable API designed to teach and demonstrate common API security flaws. It serves as a playground for security enthusiasts, developers, and penetration testers to learn about API vulnerabilities and practice exploiting them in a safe environment. This Demo Lab will showcase the use of crAPI for educational purposes, including how to set it up, identify vulnerabilities, and apply secure API development best practices.
\n
\nJayesh Ahire is a passionate security professional and open-source contributor with a strong background in application and API security. They have experience working with numerous organizations to design and implement secure API architectures and integrate security practices into their development processes. Jayesh has been actively involved in the OWASP community and enjoys sharing their knowledge through presentations, workshops, and mentorship.
\n
\nRoshan Piyush is Security Research Engineer, solving API Security using the powers of Machine Learning and Distributed Tracing. He has 8+ years of research experience mainly focusing on API Security for the last 5+ years. He loves building security stacks, tools, and solutions. He is also a core member of the Owasp Coraza WAF team and a leader of the Owasp crAPI project.
\n
\nAudience - Offense, Defense, AppSec, and Mobile
\n​
\n​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 14:00\n\n\n\nEnds\n\nAugust 11, 2023 15:55\n\n\n\nLocation\n\nAccord Boardroom, Forum\n\n\n\n\n\''),(453,'\'Pcapinator: Rise of the PCAP Machines - Mike Spicer & Henry Hill\'','\'https://forum.defcon.org/node/246342\'','\'https://forum.defcon.org/node/246343\'','','','','\'\nPcapinator: Rise of the PCAP Machines
\n
\nSaturday August 12, 12:00 – 13:55, Unity Boardroom, Forum
\n
\nMike Spicer & Henry Hill
\n
\nPcapinator is a powerful and versatile network analysis tool that combines the strengths of TShark and Python to provide comprehensive and efficient packet deconstruction into a format usable for further analysis. Inspired by the Terminator, Pcapinator is designed to relentlessly analyze, decode, and filter network packets using all of the resources a system makes available to it, making it a formidable asset for diving deep into PCAPs. Leveraging the robust capabilities of Wireshark’s TShark tool, Pcapinator parses and extracts vital information from pcap files, while Python\'s extensive libraries and scripts offer advanced processing and automation options. Pcapinator is built to handle extremely large PCAP files, search for anomalies in those files, and uncover the hard-to-find information in network traffic, making it an essential tool for PCAP analysis.
\n
\nMike Spicer, known as d4rkm4tter, is a cybersecurity expert and innovative hacker with an affinity for pushing the boundaries of both hardware and software. With an unquenchable curiosity for all things wireless, Mike\'s passions have propelled him to build and explore much of the wireless spectrum. Armed with a degree in computer science, Mike has harnessed his skills to build and break a diverse range of systems. His expertise covers web application penetration testing, wireless monitoring and tracking, and reverse engineering. As the designer of the renowned #WiFiCactus, Mike has brought his projects from idea to reality in the cybersecurity world. His unique take on wireless has garnered significant attention, where he has presented and demonstrated his work at conferences such as BlackHat, DEF CON and others around the world.
\n
\nHenry Hill is an expert with computer hardware and is able to design and build the most bleeding edge systems that are the fastest in the world. His internal knowledge of architecture and system bottlenecks help him build systems capable of extreme processing and even faster storage. Henry is also an expert with mechanical engineering and fabrication. When his modifications aren’t appearing in d4rkm4tter’s projects, they can be seen in his race car at the track.
\n
\nAudience - Offense for Recon, Defense for threat identification and forensics.​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 12:00\n\n\n\nEnds\n\nAugust 12, 2023 13:55\n\n\n\nLocation\n\nUnity Boardroom, Forum\n\n\n\n\n\''),(454,'\'ProjectDiscovery Nuclei - Brendan O\'Leary & Pj Metz\'','\'https://forum.defcon.org/node/246350\'','\'https://forum.defcon.org/node/246779\'','','','','\'\nUse this Thread to put any questions you might have for us about Nuclei or our other tools. We will try to use these while planning our demo to make sure we\'re being helpful.\n\n\n\n\''),(455,'\'Red Wizard: user-friendly Red Teaming infrastructure - Ben Brücker\'','\'https://forum.defcon.org/node/246332\'','\'https://forum.defcon.org/node/246333\'','','','','\'\nRed Wizard: user-friendly Red Teaming infrastructure
\n
\nSaturday August 12, 12:00 – 13:55, Committee Boardroom, Forum
\n
\nBen Brücker
\n
\nIn this demo I will introduce our new open-source tool called Red Wizard. Red Wizard is the result of years of spinning up repeatable infrastructures for Red Teaming operations. It automates a comprehensive infrastructure deployment with redirectors, backend systems, phishing relays, OSINT machines etcetera. But made easy by providing wizards that walk you through the deployments. Additionally, the infrastructure is self-documenting, making the sharing of all relevant details to your team of operators a breeze. The tool is build to make sure to provide you with a resilient setup that is OPSEC-safe. By retrieving all critical key material from the deployed servers, you will be able to rebuild and keep receiving your shells even if one of your servers crashes and burns. The technology used for Red Wizard is mainly based on Ansible and Docker.
\n
\nBen, Secura\'s Red Teaming lead, has more than 9 years of experience in the field. With a strong passion for Social Engineering, he enjoys employing initial access techniques and has played a pivotal role in creating Secura\'s user friendly and OPSEC-safe Red Teaming infrastructure. In addition to his Red Teaming responsibilities, Ben also serves as a trainer for various courses and frequently shares his expertise as a public speaker at conferences. Having gained invaluable knowledge from the infosec community, he now aims to contribute back by open sourcing a number of tools and delivering presentations at conferences.
\n
\nAudience - Offense, Red Teamers, Penetration testers, Social Engineers​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 12:00\n\n\n\nEnds\n\nAugust 12, 2023 13:55\n\n\n\nLocation\n\nCommittee Boardroom, Forum\n\n\n\n\n\''),(456,'\'RuleProcessorY & Gramify - Rule Optimization & Password Analysis tools - Niels Loozekoot\'','\'https://forum.defcon.org/node/246346\'','\'https://forum.defcon.org/node/246347\'','','','','\'\nRuleProcessorY & Gramify - Rule Optimization & Password Analysis tools
\n
\nSaturday August 12, 14:00 – 15:55, Caucus Boardroom, Forum
\n
\nNiels Loozekoot
\n
\nThe RuleProcessorY and Gramify tools are new tools that support password-cracking efforts. RuleProcessorY offers a method of optimizing hashcat rule-files so that you can prevent duplicates across multiple attacks better, leading to a shorter runtime. Additionally it can process rules as hashcat would with an additional support for multi-byte/multi-character rules (inserts & replace primarily). Gramify offers an easy method to create base words and candidates to utilize with wordlist and combination attacks by splitting data by words, characters, or character-set. This can help with password phrases, quotes, sentences, combinator attacks, and extracting base-words from passwordlists.
\n
\nWorking as Pentester Niels has an extensive background in the security field. Niels has a background in web-development and knows his way around C, C++, C#, and Python and is active in the password cracking/research communities of Hashcat, Hashkiller, and HashMob. Winning in the CrackTheCon password cracking contest, and achieving 3rd place in both the CrackMeIfYouCan 2021 & 2022.
\n
\nAudience - Offense​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 14:00\n\n\n\nEnds\n\nAugust 12, 2023 15:55\n\n\n\nLocation\n\nCaucus Boardroom, Forum\n\n\n\n\n\''),(457,'\'Saturday - Joshua Herman\'','\'https://forum.defcon.org/node/246320\'','\'https://forum.defcon.org/node/246321\'','','','','\'\nSaturday
\n
\nSaturday August 12, 10:00 – 11:55, Council Boardroom, Forum
\n
\nJoshua Herman
\n
\nThis tool is a digital assistant that helps you hack. Under the hood it uses langchain (a way to augment LLMss) that currently uses an SMS / MMS / Phone interface that will allow for basic information retrieval tasks (google search, searching shodan, google places) and has the goal of doing complex offensive and defensive security tasks using anything from a dumb phone to a smartphone. It is preprogramed with tools that it can intelligently use to accomplish certain tasks such as performing a search on shodan given an IP address.
\n
\nI am a release engineer specializing in compliance of information security vendors for post trade currencies. Previously I was a software engineer with experience with distributed computing and UI / UX using Python and Javascript in the same department . I have a decade of professional experience in software engineering in various industries such as insurance, CRM, Trade Show applications, recommender systems and cryptocurrency . I also have contributions to open source projects such as CPython documentation, triaging and features.
\n
\nAudience - Offensive / Defensive / AppSec​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 10:00\n\n\n\nEnds\n\nAugust 12, 2023 11:55\n\n\n\nLocation\n\nCouncil Boardroom, Forum\n\n\n\n\n\''),(458,'\'Shufflecake, AKA Truecrypt on Steroids for Linux - Tommaso Gagliardoni & Elia Anzuoni\'','\'https://forum.defcon.org/node/246224\'','\'https://forum.defcon.org/node/246772\'','','','','\'\nBecause we do not want to let you down at DEF CON, we just released a major upgrade of Shufflecake!
\n
\n
\n## [0.4.0] - 2023-07-24
\n
\n### Added
\n- Benchmark suite with testing tools for Shufflecake, LUKS, and VeraCrypt.
\n- `changepwd` action to change an existing password.
\n- `checkpwd` action to check if a given password is correct.
\n- Improved documentation in `README.md` on using `init` non-interactively.
\n- `doc` section which for now includes figure of Shufflecake header structure.
\n
\n### Refactored
\n
\n- Implemented reference slice allocation algorithm with much faster performance.
\n
\n### Fixed
\n
\n- Fixed a bug that made `--skip-randfill` option not work.
\n- Fixed a bug that made action `close` not work.
\n
\n### Changed
\n
\n- BREAKING CHANGE: slightly modified header field format, removing redundant MAC field and making it adherent to documentation.
\n- Action `init` now reads password from secure interface (not echoing characters, etc).
\n- Updated instructions in `SECURITY.md`.
\n
\n​\n\n\n\n\''),(459,'\'Strix Interceptor - Lexie Thach\'','\'https://forum.defcon.org/node/246232\'','\'https://forum.defcon.org/node/246233\'','','','','\'\nStrix Interceptor
\n
\nFriday August 11, 10:00 – 11:55, Unity Boardroom, Forum
\n
\nLexie Thach
\n
\nThe development of unmanned aerial vehicles (UAVs) has revolutionized data collection, but security challenges have emerged. In response, Strix is a security testing UAV designed to intercept other UAVs in flight while adhering to legal limitations. It utilizes software analysis to detect and track unauthorized UAVs, predicting their flight path without compromising itself. Strix also encompasses ground-based support systems for enhanced mission effectiveness. The ground-based robots and drones can perform tasks such as reconnaissance, target identification, and data analysis to enhance the effectiveness of Strix\'s mission.The drone can detect RF anti-drone systems and, if identified, utilize multi-RF spoofing technology to disrupt or block their signals. This allows Strix to enter protected airspace undetected, while staying within legal bounds when required. Strix was designed to identify other UAVs and attempt to jam or possibly control their signals to their flight operators. Its hardware includes sensors, a robust communication system, and the Pixhawk autonomous flight module, which provides open-source flexibility and customization options.Strix\'s small and agile design enables high-speed flight and maneuverability in confined spaces. Advanced encryption ensures data security during collection and transmission. As an open-source project, Strix encourages customization and collaboration, making it an invaluable tool for securing airspace and mitigating UAV threats. Its interception capabilities and defensive measures, including multi-RF spoofing, contribute to UAV-driven security systems while respecting legal considerations. This makes it a powerful tool for securing airspace and preventing unauthorized UAVs from posing a threat. Its ability to detect and intercept UAVs in flight, coupled with its defensive capabilities against anti-drone systems, including the ability to employ multi-RF spoofing technology, makes Strix an essential component of any security system that relies on UAVs for data collection and analysis. Strix aims to showcase the potential of UAVs in a lawful and responsible manner, promoting safety, innovation, and ethical practices within the drone industry.
\n
\nLexie Thach is a dedicated cybersecurity professional who has spent nearly a decade honing her skills in various roles within the industry. Throughout her journey, she has had the privilege of gaining invaluable experience in diverse cybersecurity domains, including ICS/SCADA and avionics security. Driven by an insatiable thirst for knowledge, Lexie has developed a genuine passion for electrical engineering, programming, and robotics engineering, despite not having a conventional academic background. She is currently working towards completing her studies, constantly striving to expand her knowledge and capabilities.Lexie\'s journey began at a young age when she made the decision to serve her country in the US Airforce. For a period of eight years, she had the opportunity to contribute her expertise in cyber security and tactical networks for aircraft missions and operations. It was during this time that she was exposed to the complexities of intercepting aircraft, particularly drones, and learned valuable lessons from observing the tactics and techniques employed by state actors, hacker groups, and organizations. Drawing from her diverse experiences and the challenges she faced, Lexie has embarked on projects centered around securing and assessing the security of autonomous systems. Her passion is rooted in the desire to share the techniques she has learned and to contribute to the advancement of secure autonomous systems.
\n
\nAudience - I hope to attract other drone enthusiasts, drone researchers, aerospace industry professionals, and other open-source community driven developers to my demo.​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 10:00\n\n\n\nEnds\n\nAugust 11, 2023 11:55\n\n\n\nLocation\n\nUnity Boardroom, Forum\n\n\n\n\n\''),(460,'\'SucoshScanny - Mustafa Bilgici, Tibet Öğünç\'','\'https://forum.defcon.org/node/246242\'','\'https://forum.defcon.org/node/246243\'','','','','\'\nSucoshScanny
\n
\nFriday August 11, 10:00 – 11:55, Caucus Boardroom, Forum
\n
\nMustafa Bilgici & Tibet Öğünç
\n
\nSucoshScan is a automated open source SAST(Static Application Security Testing) framework. It’s can detect a lot of vulnerability(RCE,SSTI,Insecure Deserilisation,SSRF,SQLI,CSRF etc.) in given source code.For now, only the detection modules of python(flask,django) and nodejs(express js.) languages are finished. In the future, specific detection functions will be written for php (Laravel, Codeigniter), .NET, Go languages.
\n
\nMustafa Bilgici has been doing cyber security and application security research for 4 years. It conducted vulnerabilities in many applications and reported these vulnerabilities to companies. He also works as a cyber security researcher and developer in various cyber security companies.
\n
\nTibet Öğünç has been doing cyber security and application security research for 4 years and has discovered vulnerabilities in many web applications and helped organizations to protect themselves from attackers. As a developer in web coding languages such as Node Js., Python, Php Javascript, he works as a software developer and team leader for the development of many products.
\n
\nAudience - Offense, Defense and AppSec​
\n\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 10:00\n\n\n\nEnds\n\nAugust 11, 2023 11:55\n\n\n\nLocation\n\nCaucus Boardroom, Forum\n\n\n\n\n\''),(461,'\'T3SF (Technical TableTop Exercises Simulation Framework) - Federico Pacheco, Joaquin Lanfranconi\'','\'https://forum.defcon.org/node/246234\'','\'https://forum.defcon.org/node/246236\'','','','','\'\nT3SF (Technical TableTop Exercises Simulation Framework)
\n
\nFriday August 11, 10:00 – 11:55, Council Boardroom, Forum
\n
\nFederico Pacheco & Joaquin Lanfranconi
\n
\nT3SF is a framework that offers a modular structure for the orchestration of injects from a master scenario events list (MSEL) together with a set of rules defined for each exercise and a configuration that allows defining the parameters of the correspondent platform. The main module performs the communication with the specific module (Discord, Slack, Telegram, WhatsApp, Teams, etc.) which allows the events to be presented in the input channels as messages in the platform. It supports different use cases for single or multiple organizations.
\n
\nFederico - Cybersecurity professional with background in electronics engineering and several industry renowned certifications. 20+ years of teaching experience at the most prestigious universities in Argentina. Published 4 books and several research whitepapers. Has worked for the public and private sector, including regional roles in global companies.
\n
\nJoaquin - Offensive cybersecurity professional with extensive programming skills, currently working as Cybersecurity Researcher. He is among the first positions of the Argentinean ranking in the main CTFs platforms, and stands out in the global rankings, besides contributing to the security community by writing posts and write-ups.
\n
\nAudience - Defense & Incident Response.​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 10:00\n\n\n\nEnds\n\nAugust 11, 2023 11:55\n\n\n\nLocation\n\nCouncil Boardroom, Forum\n\n\n\n\n\''),(462,'\'The Metasploit Framework - Spencer McIntyre\'','\'https://forum.defcon.org/node/246238\'','\'https://forum.defcon.org/node/246239\'','','','','\'\nThe Metasploit Framework
\n
\nFriday August 11, 10:00 – 11:55, Committee Boardroom, Forum
\n
\nSpencer McIntyre
\n
\nActive Directory is the foundation of the infrastructure for many organizations. As of 2023, Metasploit has added a wide range of new capabilities and attack workflows to support Active Directory exploitation. This DEF CON demonstration will cover new ways to enumerate information from LDAP, attacking Active Directory Certificate Services (AD CS), leveraging Role Based Constrained Delegation, and using Kerberos authentication. The Kerberos features added in Metasploit 6.3 will be a focal point. The audience will learn how to execute multiple attack techniques, including Pass-The-Ticket (PTT), forging Golden/Silver Tickets, and authenticating with AD CS certificates. Finally, users will see how these attack primitives can be combined within Metasploit to streamline attack workflows with integrated ticket management. The demonstration will also highlight inspection capabilities that are useful for decrypting traffic and tickets for debugging and research purposes.
\n
\nSpencer McIntyre is a Security Research Manager at Rapid7, where he works on the Metasploit Framework. He has been contributing to Metasploit since 2010, a committer since 2014, and a core team member at Rapid7 since 2019. Previously, Spencer worked at a consulting firm working with clients from various industries, including healthcare, energy, and manufacturing. He is an avid open source contributor and Python enthusiast.
\n
\nAudience: Offense
\n
\n
\n​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 10:00\n\n\n\nEnds\n\nAugust 11, 2023 11:55\n\n\n\nLocation\n\nCommittee Boardroom, Forum\n\n\n\n\n\''),(463,'\'The Wifydra: Multiheaded RF Panopticon - Lozaning\'','\'https://forum.defcon.org/node/246324\'','\'https://forum.defcon.org/node/246325\'','','','','\'\nThe Wifydra: Multiheaded RF Panopticon
\n
\nSaturday August 12, 10:00 – 11:55, Society Boardroom, Forum
\n
\nLozaning
\n
\nThe Wifydra is open source hardware and software used to locate wireless access points for wardriving. The project is a continuation of the work done previously by Mike Spicer (@d4rkm4tter) and his WiFi Cactus and Kraken. It\'s designed to be a low power and low cost modular way of simultaneously monitoring all 2.4Ghz WiFi channels for AP beacons. By utilizing strictly off the shelf embedded components, the Wifydra is able to keep costs extremely low (~$90) and its footprint extremely small (250 square cm). More importantly, minimal power consumption is maintained, requiring only a USB C battery capable of putting out 10 watts. The Wifydra is modular in nature and supports a multitude of GNSS (Global Navigation Satellite System) options for location tagging. The ESP32-C5 for 5Ghz channel monitoring will also be supported once the hardware becomes available. The version of The Wifydra demoed consists of 14 ESP8266 called sub nodes, an additional ESP32 called the dom node, SD card holder, GNSS module, OLED screen, as well as the Wifydra carrier board that connects all these components. The firmware, BOM, and gerbers are all available in The Wifydra\'s Github repo: \nhttps://github.com/lozaning/The_Wifydra\n
\n
\nLozaning (they/them) has been wardriving for over 10 years and enjoys designing, building, and assembling unorthodox network observation platforms such as: The Wifydra (presented here), The International Wigle Space Balloon, and turning an Amtrak roomette into a mobile radio observation lab. Currently ranked as the 84th best wardriver in the world on Wigle.net, Lozaning loves all things wifi and high precision GNSS related.
\n
\nAudience - The target audience is anyone interested in WarDriving or RF site surveys, as well as those looking to get started designing their first custom PCB​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 10:00\n\n\n\nEnds\n\nAugust 12, 2023 11:55\n\n\n\nLocation\n\nSociety Boardroom, Forum\n\n\n\n\n\''),(464,'\'ThreatScraper: Automated Threat Intelligence Gathering and Analysis for VirusTotal - Aaron Morath & Dr. Scott Graham\'','\'https://forum.defcon.org/node/246348\'','\'https://forum.defcon.org/node/246349\'','','','','\'\nThreatScraper: Automated Threat Intelligence Gathering and Analysis for VirusTotal
\n
\nSaturday August 12, 14:00 – 15:55, Accord Boardroom, Forum
\n
\nAaron Morath & Dr. Scott Graham
\n
\nVirusTotal serves as a popular platform for aggregating malware information submitted by Anti-Virus (AV) software providers, which can be searched using parameters such as hashes (SHA-1, SHA-256, MD5), file names, and malicious web links. In order to enhance and automate the process of malware intelligence gathering, we introduce ThreatScraper, a Python-based tool that automates free API queries and rescanning tasks on VirusTotal. ThreatScraper is designed to periodically request reports on specified files and save the results in a local database or Excel file. It allows users to pull and aggregate malicious file reports from multiple AV vendors over time, providing insights into the adoption of malware detection across providers. Easily implemented from any Windows command line, ThreatScraper can rescan a file, pull a report, and then sleep until the next designated time identified by the user.
\n
\nCaptain Aaron "AJ" Morath, CEH/CompTIA Pentest+, is a graduate student at the Air Force Institute of Technology, where he is involved in researching malware identification and propagation. His thesis work concentrates on developing innovative strategies to combat evolving cybersecurity threats and enhance security measures. AJ has served as the Defensive Cyber Operator (DCO) Officer in Charge (OIC) of the NASIC DCO team for three years. He oversaw the security and defense of an enterprise network comprising over 6,000 connected devices.
\n
\nDr. Scott Graham is a Professor of Computer Engineering at the Air Force Institute of Technology. His research interests center on cyber physical systems, looking at the intersection between real physical systems and the computers that control them. Specific areas of interest include cyber physical systems security, computer architecture, embedded computing, critical infrastructure protection, and vehicular cyber security.
\n
\nAudience - Offensive and Defensive Cyber​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 14:00\n\n\n\nEnds\n\nAugust 12, 2023 15:55\n\n\n\nLocation\n\nAccord Boardroom, Forum\n\n\n\n\n\''),(465,'\'USBvalve - Expose USB activity on the fly - Cesare Pizzi\'','\'https://forum.defcon.org/node/246326\'','\'https://forum.defcon.org/node/246327\'','','','','\'\nUSBvalve - Expose USB activity on the fly
\n
\nSaturday August 12, 10:00 – 11:55, Unity Boardroom, Forum
\n
\nCesare Pizzi
\n
\nUSB spreading malware is still a concern today. Over the past few months, we have witnessed an increase in malicious software exploiting USB drives to bypass security measures, even in air-gapped systems. Whenever we connect our USB drive to an "untrusted" system, numerous doubts arise: what happens behind the scenes? Is something accessing, modifying, or encrypting our files? This is where USBvalve comes in. It is an affordable dongle, built using readily available hardware, designed to reveal the true activities occurring when a USB drive is connected to a system. It can also be used to check for "BADUSB" (HID) on USB keys before inserting them into our own systems. The best part is that it\'s as compact as a keychain, making it convenient to carry with us at all times!
\n
\nCesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast at Sorint.lab. He develops software and hardware, and tries to share this with the community. Mainly focused on low level programming, he developed a lot of OpenSource software, sometimes hardware related and sometimes not. Doing a lot of reverse engineering too. He likes to share his job when possible (at Defcon, Insomni\'hack, Nullcon. etc). Contributor of several OS Security project (Volatility, OpenCanary, PersistenceSniper, Speakeasy, CETUS, etc) and CTF player.
\n
\nAudience - Malware analysts, Digital Forensic investigator, Security Practitioners​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 10:00\n\n\n\nEnds\n\nAugust 12, 2023 11:55\n\n\n\nLocation\n\nUnity Boardroom, Forum\n\n\n\n\n\''),(466,'\'Vacuum Robot Hacking - Dennis Giese\'','\'https://forum.defcon.org/node/246218\'','\'https://forum.defcon.org/node/246219\'','','','','\'\nVacuum Robot Hacking
\n
\nFriday August 11, 14:00 – 15:55, Unity Boardroom, Forum
\nDennis Giese
\n
\nIn this demo I will show you can root various models of vacuum robots and disconnect them from the cloud. You have the chance to play around yourself with the tools and the rooted robots yourself. Learn why you should not trust your robots cameras and microphones. Pick up a free PCB that allows you to root your vacuum robot easily.
\n
\nDennis Giese is currently a PhD student at Northeastern University and focuses on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices. His most known projects are the documentation and hacking of various vacuum robots. His current vacuum robot army consists of over 45 different models from various vendors.
\n
\nAudience - hardware tinkerers and users of vacuum robots
\n​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 14:00\n\n\n\nEnds\n\nAugust 11, 2023 15:55\n\n\n\nLocation\n\nUnity Boardroom, Forum\n\n\n\n\n\''),(467,'\'Veilid - TC Johnson & Deth Veggie\'','\'https://forum.defcon.org/node/246328\'','\'https://forum.defcon.org/node/246329\'','','','','\'\nVeilid
\n
\nSaturday August 12, 10:00 – 11:55, Committee Boardroom, Forum
\n
\nTC Johnson & Deth Veggie
\n
\nVeilid is a new, distributed communication protocol developed by Cult of the Dead Cow\'s Dildog (of BO2K fame). This p2p, E2EE, distributed protocol is being released at Defcon 31, fully open source, and with an example app called Veilid Chat. These demos will cover setting up an identity, connecting to others, deploying heavy nodes to support the network, and contributing to the project.
\n
\nTC: Rubber Duck to the actual developer of Veilid. Here to get you started on the future we were promised -- communication free of a profit motive, free of corporate overlords, and free of other intrusive eyeballs.
\n
\nThe Deth Vegetable: cDc member since December 1990. Minister of Propaganda If everything is to be believed, he has alternately been a Special Forces Commando, Mexican wrestler, comicbook villain, bodyguard to Mr. T, designer drug manufacturer, electronics wizard, and used tire recycler.
\n
\nAudience: Everyone, we\'re changing the world, cDc style​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 12, 2023 10:00\n\n\n\nEnds\n\nAugust 12, 2023 11:55\n\n\n\nLocation\n\nCommittee Boardroom, Forum\n\n\n\n\n\''),(468,'\'Vulnerable by Design: Unguard, The Insecure Cloud-Native Twitter Clone - Simon Ammer, Christoph Wedenig\'','\'https://forum.defcon.org/node/246244\'','\'https://forum.defcon.org/node/246245\'','','','','\'\nVulnerable by Design: Unguard, The Insecure Cloud-Native Twitter Clone
\n
\nFriday August 11, 10:00 – 11:55, Accord Boardroom, Forum
\n
\nSimon Ammer, Christoph Wedenig
\n
\nUnguard is an intentionally insecure, cloud-native microservices demo application that serves as a playground for cybersecurity enthusiasts to sharpen their skills and for cybersecurity companies to test their software. Designed to mimic a web-based Twitter clone, the platform offers user registration, login, content posting, and social interactions, all with a wide variety of exploitable vulnerabilities. Featuring a wide range of security flaws, including SSRF, Command/SQL Injection, Log4Shell, and Spring4Shell, Unguard challenges security professionals, developers, and students to identify, exploit, and understand these weaknesses. Simultaneously, the platform showcases deceptive elements, such as phony ads and profile management options, which further enhance the real-world experience offered by the demo.
\n
\nSimon\'s interest in cybersecurity was sparked after listening to the Darknet Diaries podcast, which led him to pursue a career in this fascinating field. He studied Software Engineering and Mobile Computing in Austria, focusing on enhancing web vulnerability scanner reports for his Master\'s thesis. Driven by his passion for cybersecurity, Simon decided to further expand his knowledge by enrolling in another Master\'s program specializing in Artificial Intelligence. Currently, he holds the position of Research Software Engineer in the cloud-native security team at Dynatrace. There, he leverages his knowledge to employ AI to improve security measures and safeguard digital infrastructures.
\n
\nChristoph always loved to interact with software systems, even more so in unintended ways. He studied Applied Computer Science in the south of Austria, focusing on the detection of server-side request forgery in his Master’s thesis. As a demo environment for this thesis, he created a small distributed application called “Vogelgrippe” which was then later extended for various other use cases until being renamed to Unguard and finally gifted to the community as an Open-Source playground. Currently, he is working in the Application security team at Dynatrace, where he helps build a wide suite of security-related software.
\n
\nAudience - Offense, Defense
\n​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 11, 2023 10:00\n\n\n\nEnds\n\nAugust 11, 2023 11:55\n\n\n\nLocation\n\nAccord Boardroom, Forum\n\n\n\n\n\''); /*!40000 ALTER TABLE `demolabs` ENABLE KEYS */; UNLOCK TABLES; -- -- Table structure for table `events` -- DROP TABLE IF EXISTS `events`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `events` ( `day` varchar(16) COLLATE utf8_unicode_ci NOT NULL, `hour` varchar(2) COLLATE utf8_unicode_ci NOT NULL, `starttime` varchar(6) COLLATE utf8_unicode_ci NOT NULL, `endtime` varchar(6) COLLATE utf8_unicode_ci NOT NULL, `continuation` char(1) COLLATE utf8_unicode_ci NOT NULL, `village` varchar(64) COLLATE utf8_unicode_ci NOT NULL, `track` varchar(90) COLLATE utf8_unicode_ci NOT NULL, `title` varchar(512) COLLATE utf8_unicode_ci NOT NULL, `speaker` varchar(256) COLLATE utf8_unicode_ci NOT NULL, `hash` varchar(64) COLLATE utf8_unicode_ci NOT NULL, `desc` text COLLATE utf8_unicode_ci NOT NULL, `modflag` tinyint(4) DEFAULT NULL, `autoincre` int(11) NOT NULL AUTO_INCREMENT, PRIMARY KEY (`autoincre`), KEY `title` (`title`(255)), KEY `hash` (`hash`) ) ENGINE=InnoDB AUTO_INCREMENT=368348 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `events` -- LOCK TABLES `events` WRITE; /*!40000 ALTER TABLE `events` DISABLE KEYS */; INSERT INTO `events` VALUES ('2_Friday','10','10:00','10:45','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'The RingHopper Journey or How We Almost Zero-day’d the World\'','\'Benny Zeltser,Jonathan Lusky\'','DC_1188b8d93ca80913355dafcc84d699b2','\'Title: The RingHopper Journey or How We Almost Zero-day’d the World
\nWhen: Friday, Aug 11, 10:00 - 10:45 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\nSpeakers:Benny Zeltser,Jonathan Lusky
\n
SpeakerBio:Benny Zeltser\n, Security Research Team Lead at Intel
\nBenny (@benny_zeltser) is a security research team lead @ iSTARE, Intel. He focuses on breaking and exploiting anything on the border between HW and SW. Previously, Benny worked at IBM on development of malware analysis techniques, and spent four years in the IDF Intelligence as a security and research engineer. When Benny is not breaking things, he usually hikes with his 1 yo or cultivating his coffee brewing (and drinking) hobby.
\nTwitter: @benny_zeltser
\n
SpeakerBio:Jonathan Lusky\n, Security Research Team Lead at Cellebrite
\nJonathan (@LuskyYehonatan) is a security research team lead @ Cellebrite. In the past, he was a security research team lead @ Intel. He is curious about anything related with low-level security research, reversing binaries, poking CPUs and breaking stuff up. Currently, he is about to complete his master’s degree at the Technion focusing on neural network extraction attacks. In his spare time, Jonathan loves to participate in CTFs, play tennis and hike.
\nTwitter: @LuskyYehonatan
\n\n
\nDescription:
\nLast year we almost zero-day’d the world with the publication of RingHopper. Now we can finally share some juicy details and invite you for an illuminating journey as we delve into the realm of RingHopper, a method to hop from user-land to SMM.\n

We will survey the discovery and disclosure of a family of industry-wide vulnerabilities in various UEFI implementations, affecting more than eight major vendors, making billions of devices vulnerable to our attack. Then, we will deep-dive into the innards of SMM exploitation and discuss methods to use and abuse various functionalities and properties of edk2 to gain code execution. We will unveil both our futile and fruitful quests of crafting our way to SMM, and detail both the paths that lead to dead-ends, and the route to success.\n

We will give a detailed overview of different ways to elevate this kind of attack to user-land both on Windows and Linux by chaining multiple vulnerabilities together.\n

Finally, we will show RingHopper hopping from user-space to… SMM.\n

\n
REFERENCES
\n
1. DEF CON 29 - Mickey Shkatov, Jesse Michael - High Stakes Updates: BIOS RCE OMG WTF BBQ\n2. DEF CON 26 - Shkatov and Michael - UEFI Exploitation for the Masses\n3. DEF CON 23 - Yuriy Bulygin - Attacking Hypervisors Using Firmware and Hardware\n4. DEF CON 22 - Panel - Summary of Attacks Against BIOS and Secure Boot\n5. OffensiveCon22 - Alex Ermolov, Alex Matrosov and Yegor Vasilenko UEFI Firmware Vulnerabilities
\n\n\'',NULL,365217),('2_Friday','12','12:00','12:20','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'GhostToken: Exploiting Google Cloud Platform App Infrastructure to Create Unremovable Trojan Apps\'','\'Tal Skverer\'','DC_7b8d9a067c1ab4e2b61888a87fd2d3bb','\'Title: GhostToken: Exploiting Google Cloud Platform App Infrastructure to Create Unremovable Trojan Apps
\nWhen: Friday, Aug 11, 12:00 - 12:20 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:Tal Skverer\n, Security Research Team Lead at Astrix Security
\nTal holds an M.Sc. in Computer Science from the Weizmann Institute and has a decade of experience in reverse engineering, malware analysis, embedded security, web hacking, cryptography and pentesting. Biannually, Tal teaches workshops on assembly language, reverse engineering and blackbox research.\n \n

Tal Skverer is a Senior Researcher at Astrix Security, where he challenges cloud platforms\' defenses and mitigations. At his previous job, he hacked vehicle computers on a daily basis, and is also known for being one of the researchers that broke PokemonGo\'s anti-cheating system in 2016.

\n\n
\nDescription:
\nIn this talk, we will present a 0-day vulnerability found in the Google Cloud Platform (GCP) affecting all Google users, which allowed a malicious app to become invisible and unremovable, effectively leaving a Google user’s account infected with a backdoor app forever.\n \n

The talk will start by reviewing the world of 3rd-party apps in Cloud platforms: the OAuth 2.0 standard, consent, scoped authorization, the types of tokens, and how data is accessed.\n \n

Shifting the focus on Google, as one of the biggest cloud service providers supporting OAuth 2.0, we will show how 3rd-party apps are created, developed, and managed in Google (you will even get to manage yours in real time). We will discuss how Google relatively recently moved from the standard registration model, to forcibly linking the creation apps to Google Cloud Platform (GCP), hoping to push developers into using one of the GCP services for app development.\n \n

We will then give a complete technical overview of a 0-day vulnerability found in GCP, dubbed \'GhostToken\': The research of the aforementioned connection between apps in Google and GCP, which culminated in finding the ability to force an app to go into a limbo-like, “pending deletion” state, during which the app’s tokens are mishandled. We will show an exploitation of the vulnerability which enables an attacker to hide their authorized app from the user’s management page, causing it to become invisible and unremovable, while still having access to the user’s data.\n \n

Finally, we will share how Google Workspace’s administrators could detect apps that potentially exploited the GhostToken vulnerability, as well as actions organization implementing 3rd-party access to their users\' data can take to avoid making such mistakes, The talk will close with a discussion about the common abuse of and deviation from the OAuth standard by large providers, and propose a possible solution for supporting and implementing apps for large cloud providers.\n \n

Familiarity with GCP and different OAuth 2.0 flows will help understand the concepts, but it is not required as the talk is self-contained.\n

\n
REFERENCES
\n
\n
\n\n\'',NULL,365218),('3_Saturday','16','16:00','16:20','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'A Broken Marriage: Abusing Mixed Vendor Kerberos Stacks\'','\'Ceri Coburn\'','DC_4011e28ce4610aa97051c0932c916530','\'Title: A Broken Marriage: Abusing Mixed Vendor Kerberos Stacks
\nWhen: Saturday, Aug 12, 16:00 - 16:20 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:Ceri Coburn\n, Red Team Operator & Offensive Security Dev at Pen Test Partners
\nAfter a 20 career within the software development space, Ceri was looking for a new challenge and moved into pen testing back in 2019. During that time he has created and contributed to several open source offensive tools such as Rubeus, BOFNET and SweetPotato and on the odd occasion contributed to projects on the defensive side too. He current works as a red team operator and offensive security dev at Pen Test Partners.
\nTwitter: @_EthicalChaos_
\n\n
\nDescription:
\nThe Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm. This talk and tool demonstration will show how this marriage is a match made in hell. Microsoft\'s Kerberos stack relies on non standard data to identify it\'s users. MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users. We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority. This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.\n
\n
\n
REFERENCES
\n
* https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699\n* https://www.catalyst.net.nz/blog/stay-curious-dollar-ticket-security-issue\n* https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html\n* https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/6435d3fb-8cf6-4df5-a156-1277690ed59c
\n\n\'',NULL,365219),('3_Saturday','10','10:30','11:15','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Calling it a 0-Day - Hacking at PBX/UC Systems\'','\'good_pseudonym\'','DC_330e065a408ebfd9fdf92e2a9bb6a3c9','\'Title: Calling it a 0-Day - Hacking at PBX/UC Systems
\nWhen: Saturday, Aug 12, 10:30 - 11:15 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\n
SpeakerBio:good_pseudonym\n
\nNo BIO available
\n\n
\nDescription:
\nPBX (Private Branch Exchange) and UC (Unified Communications) servers are the big communication brokers in enterprise environments where they love on-prem. They do everything to enable internal and external communications including voice, video, conferencing and messaging. But a broader scope also means a broader attack surface.\n

In this talk, we\'ll give an overview PBX/UC systems, what kind of attack surface they have, as well as several bugs that we recently found in two popular PBX/UC products. The journey includes deep-diving Java\'s Runtime.exec(), decrypting encrypted PHP, bypassing license restrictions, pretending to be a phone, and (of course) getting some shells.\n

\n
REFERENCES
\n
* VoIP Wars: Attack of the Cisco Phones (DEF CON 22, Fatih Ozavci)\n* Hacking VoIP Exposed (Black Hat USA 2006, David Endler, Mark Collier)
\n\n\'',NULL,365220),('3_Saturday','11','10:30','11:15','Y','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Calling it a 0-Day - Hacking at PBX/UC Systems\'','\'good_pseudonym\'','DC_330e065a408ebfd9fdf92e2a9bb6a3c9','\'\'',NULL,365221),('2_Friday','12','12:30','13:15','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS\'','\'Noam Moshe,Sharon Brizinov\'','DC_9db046897f3ebb53bdbeef90e6ecdf3d','\'Title: A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS
\nWhen: Friday, Aug 11, 12:30 - 13:15 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\nSpeakers:Noam Moshe,Sharon Brizinov
\n
SpeakerBio:Noam Moshe\n, Vulnerability Researcher at Claroty Team82
\nNoam Moshe is a vulnerability researcher at Claroty Team82. Noam specializes in vulnerability research, web applications pentesting, malware analysis, network forensics and ICS/SCADA security. In addition, Noam presented in well-known Hacking conferences like Blackhat Europe, as well as won Master of Pwn at Pwn2Own Miami 2023.
\n
SpeakerBio:Sharon Brizinov\n, Director of Security Research at Claroty Team82
\nSharon Brizinov leads the Vulnerability Research at Team82, The Claroty Research. He specializes in OT/IoT vulnerability research, has participated in multiple Pwn2Own competitions, won Pwn2Own Miami 2023, and holds a DEFCON black badge.
\n\n
\nDescription:
\nHave you ever wondered how you can access your family pictures on your home network-attached storage (NAS) device remotely from your mobile? Do you know how this magic works? At Pwn2Own Toronto 2022, we chained multiple bugs to exploit both Synology and Western Digital NAS devices by abusing vulnerabilities in the device, cloud and the mutual trust between them.\n

In our research, we reviewed the pairing mechanism of NAS devices with the WD and Synology cloud platforms. To our surprise we discovered that devices authenticate to the cloud using a hardware identifier which is later used by users to remotely access their devices. Using this, we were able to impersonate any given NAS device and perform phishing attacks that yielded us admin rights on any targeted WD or Synology device.\n

In this talk, we will explain the pairing process of WD and Synology NAS. We will elaborate on the overall architecture of their cloud offering and focus on the vulnerabilities we found including ways to enumerate and impersonate all edge devices using certificate transparency log (CTL), and steal cloud proxy auth tokens. This enabled us to download every file saved on the NAS devices, alter or encrypt them, and bypass NAT/Firewall protection to achieve full remote code execution on all cloud-connected NAS (and to gain $$$ from Pwn2Own).\n

\n\n\'',NULL,365222),('2_Friday','13','12:30','13:15','Y','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS\'','\'Noam Moshe,Sharon Brizinov\'','DC_9db046897f3ebb53bdbeef90e6ecdf3d','\'\'',NULL,365223),('2_Friday','13','13:30','14:15','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Private Keys in Public Places\'','\'Tom Pohl\'','DC_b039c270f8bb24d75d2aa264af8ae327','\'Title: Private Keys in Public Places
\nWhen: Friday, Aug 11, 13:30 - 14:15 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\n
SpeakerBio:Tom Pohl\n, Principal Consultant and the Penetration Testing Team Manager at LMG Security
\nTom Pohl is a Principal Consultant and Penetration Testing Team Manager at LMG Security. Prior to LMG, he has spent most of his career on the blue team building and securing systems used by millions of people. And by night, he is a competitive CTF player and has won several black/gold badges including THOTCON, Circle City Con, Wild West Hackin’ Fest and DEF CON. He is good at what he does because he’s already made many of the mistakes that he encounters in client environments on a daily basis.
\n\n
\nDescription:
\nFirmware and software binaries are littered with private keys, legitimate CA-blessed certificates, and encryption keys—but hardly anyone notices. These secrets are often obfuscated or otherwise hidden in ways that weren’t intended to be found. I’ll show three real-world examples from popular manufacturers (Netgear, Fortinet and Dell), and demonstrate techniques for uncovering them. In the most extreme example, an adversary can use an obfuscated key to gain access to any customer’s vCenter environment.\n

I’ll start with a straightforward look at Netgear firmware and show methods for discovering private keys in PEM-encoded text files. We’ll dig into the Fortinet firmware, which contained custom obfuscated archive files, and show how to extract Apple and Google issued certificates and I will also show that 3 year awaited “fix” did not adequately solve the issue.\n

Finally, I’ll dig into the worst case: a static AES encryption key within Dell software used to connect to vCenter. I\'ll demonstrate how retrieve, decompile and use a static AES key which will decrypt vCenter credentials. The key is the same for EVERY customer. This has not been talked about anywhere publicly.\n

I’ll conclude by discussing the importance of developer training, proper key management, and (above all), identifying and eliminating this systemic practice.\n

\n
REFERENCES
\n
\n
\n\n\'',NULL,365224),('2_Friday','14','13:30','14:15','Y','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Private Keys in Public Places\'','\'Tom Pohl\'','DC_b039c270f8bb24d75d2aa264af8ae327','\'\'',NULL,365225),('2_Friday','15','15:30','16:15','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE\'','\'NiNi Chen\'','DC_09ca7ece25af531731b92c33229c0f4f','\'Title: A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE
\nWhen: Friday, Aug 11, 15:30 - 16:15 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\n
SpeakerBio:NiNi Chen\n, Security Researcher at DEVCORE
\nTing-Yu Chen, aka NiNi, is a security researcher at DEVCORE and a member of the Balsn CTF team. He won the title of the \"Master of Pwn\" at Pwn2Own Toronto 2022 with the DEVCORE team. NiNi has also made notable achievements in CTF competitions, including placing 2nd and 3rd in DEF CON CTF 27 and 28 as a member of HITCON⚔BFKinesiS and HITCON⚔Balsn teams, respectively. NiNi is currently immersed in vulnerability research and reverse engineering, continuing to hone his skills. You can keep up with his latest discoveries and musings on Twitter via his handle @terrynini38514 or blog at http://blog.terrynini.tw/.
\nTwitter: @terrynini38514
\n\n
\nDescription:
\nMikroTik, as a supplier of network infrastructures, its products and RouterOS are adopted widely. Currently, at least 3 million+ devices are running RouterOS online. Being the target research by attackers actively, the exploits leaked from the CIA in 2018 and the massive exploits that followed are samples of the havoc that can be caused when such devices are maliciously exploited again. Therefore, RouterOS also attracts many researchers to hunt bugs in it. However, there are rarely high-impact vulnerabilities reported over a long period. Can the OS become perfect overnight? Of course not. Some details have been missed.\n \n

Researches on RouterOS were mainly against jailbreak, Nova Message in IPC, and analysis of exploits in the wild. Especially researches against Nova Message have reported tons of post-auth vulnerabilities. However, the architecture design and the lower-layer objects, which are closely related to the functionality of Nova Binary, were being neglected due to their complexity, causing some details to be overlooked for a long time. Starting by introducing the mechanisms of the socket callback and the remote object, we will disclose more about the overlooked attack surface and implementations in RouterOS. Moreover, we will discuss how we, at the end of rarely visited trails, found the pre-auth RCE that existed for nine years and can exploit all active versions and the race condition in the remote object. We will also share our methodology and vulnerability patterns.\n \n

Delving into the design of the RouterOS, attendees will have a greater understanding of the overlooked attack surface and implementation of it and be able to review the system more reliably. Additionally, we will also share our open-source tools and methodology to facilitate researchers researching RouterOS, making it less obscure. ,\nTing-Yu Chen, aka NiNi, is a security researcher at DEVCORE and a member of the Balsn CTF team. He won the title of the \"Master of Pwn\" at Pwn2Own Toronto 2022 with the DEVCORE team. NiNi has also made notable achievements in CTF competitions, including placing 2nd and 3rd in DEF CON CTF 27 and 28 as a member of HITCON⚔BFKinesiS and HITCON⚔Balsn teams, respectively. NiNi is currently immersed in vulnerability research and reverse engineering, continuing to hone his skills. You can keep up with his latest discoveries and musings on Twitter via his handle @terrynini38514 or blog at http://blog.terrynini.tw/.\n \n

\n
REFERENCES
\n
\n \n
\n\n\'',NULL,365226),('2_Friday','16','15:30','16:15','Y','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE\'','\'NiNi Chen\'','DC_09ca7ece25af531731b92c33229c0f4f','\'\'',NULL,365227),('3_Saturday','15','15:30','16:15','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Breaking BMC: The Forgotten Key to the Kingdom\'','\'Adam Zabrocki,Alex Tereshkin\'','DC_ed4a0bbc9e6bf903b3b61e2782c8613c','\'Title: Breaking BMC: The Forgotten Key to the Kingdom
\nWhen: Saturday, Aug 12, 15:30 - 16:15 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\nSpeakers:Adam Zabrocki,Alex Tereshkin
\n
SpeakerBio:Adam Zabrocki\n, Distinguished Engineer (Offensive Security) at NVIDIA
\nAdam ‘pi3’ Zabrocki is a computer security researcher, pentester and bughunter, currently working as a Distinguished Engineer (Offensive Security) at NVIDIA. He is a creator and developer of Linux Kernel Runtime Guard (LKRG) - his moonlight project defended by Openwall. Among others, he used to work in Microsoft, European Organization for Nuclear Research (CERN), HISPASEC Sistemas (known from the virustotal.com project), Wroclaw Center for Networking and Supercomputing, Cigital. The main area of his research is low-level security (CPU arch, uCode, FW, hypervisor, kernel, OS). \n \n

As a hobby, he was a developer in The ERESI Reverse Engineering Software Interface project, a bughunter (discovered vulnerabilities in Hyper-V, KVM, RISC-V ISA, Intel\'s Reference Code, Intel/NVIDIA vGPU, Linux kernel, FreeBSD, OpenSSH, gcc SSP/ProPolice, Apache, Adobe Acrobat Reader, Xpdf, Torque GRID server, and more) and studied exploitation and mitigation techniques, publishing results of his research in Phrack Magazine. \n \n

Adam is driving a Pointer Masking extension for RISC-V, he is involved in many RISC-V security related extensions (including CFI), he is a co-author of a subchapter to Windows Internals and was twice The Pwnie Awards nominee (2021 and 2022) for the most under-hyped research. He was a speaker at well-known security conferences including Blackhat, DEF CON, Security BSides, Open Source Tech conf and more.

\nTwitter: @Adam_pi3
\n
SpeakerBio:Alex Tereshkin\n, Principal System Software Engineer (Offensive Security) at NVIDIA
\nAlex Tereshkin is an experienced reverse engineer and an expert in UEFI security, Windows kernel and hardware virtualization, specializing in rootkit technologies and kernel exploitation. He has been involved in the BIOS and SMM security research since 2008. He is currently working as a Principal Offensive Security Researcher at NVIDIA. He has done significant work in the field of virtualization-based malware and Windows kernel security. He is a co-author of a few courses taught at major security conferences and a co-author of the first UEFI BIOS and Intel ME exploits. In 2022 he was a Pwnie Awards nominee for the most under-hyped research.
\nTwitter: @AlexTereshkin
\n\n
\nDescription:
\nThe Baseboard Management Controller (BMC) is a specialized microcontroller embedded on the motherboard, typically used in servers and other enterprise-level hardware. The security of the BMC is critical to the overall security of the system, as it provides a privileged level of access and control over the hardware components of the system, including the ability to perform firmware updates, and even power the system on and off remotely. \n \n

When the internal offensive security research team was analyzing one of the NVIDIA hardware, they detected several remotely exploitable bugs in AMI MegaRAC BMC. Moreover, various elevations of privileges and \"change of scope\" bugs have been identified, many of which may be chained together resulting in a highest severity security issue. During this talk we would like to take you on the journey of the whole attack sequence: from having zero knowledge about a remote AMI BMC with enabled IPMI (yeah, right) to flashing a persistent firmware implant to the server SPI flash. The chain will be about a dozen bugs long, so buckle up. \n \n

\n
REFERENCES
\n
\n
\n\n\'',NULL,365228),('3_Saturday','16','15:30','16:15','Y','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Breaking BMC: The Forgotten Key to the Kingdom\'','\'Adam Zabrocki,Alex Tereshkin\'','DC_ed4a0bbc9e6bf903b3b61e2782c8613c','\'\'',NULL,365229),('2_Friday','15','15:00','15:45','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record','\'CON trolling the weather\'','\'Paz Hameiri\'','DC_a886f4f28fb966e332c656357e772d04','\'Title: CON trolling the weather
\nWhen: Friday, Aug 11, 15:00 - 15:45 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record - Map
\n
SpeakerBio:Paz Hameiri\n, Hacker
\nPaz started his professional life more than 30 years ago, hacking games and developing tools in his teen years. Since then, he has worked in several companies, developing both hardware and software. Paz has six years of experience with telecommunication systems design and circuits.\n

For 14 years, Paz led multidisciplinary systems development as a systems engineer in the aerospace industry. At home, Paz explores ideas he finds interesting.\n

In 2019 he published a work on a body-tracking device that records keystrokes on a safe\'s keypad in Hakin9 Magazine. In 2021 he developed software that used a GPU as a digital radio transmitter and presented his work at DEF CON 29. In 2015 and 2019 he launched weather balloons with elementary school pupils.\n

\n\n
\nDescription:
\nNearly 1,800 weather balloons are launched across the world on any given day. As the balloon goes up it expands and pops at an altitude up to 33 Km (110K feet) above the earth.The flight payload is called a radiosonde. It measures pressure, temperature, relative humidity, position, and velocity during its flight, and transmits the data to a sounding receiver. One or two missing weather balloons won\'t impact the daily forecast. However, many missing balloons could lead to errors in weather models and forecasts. Weather balloons are also important for gathering weather data for satellite launches and human spaceflights, as launches are often delayed or scrubbed due to upper-level wind shear.\n

In this talk, I present a simulation framework for the most popular radiosonde model. It enables an attacker to generate radiosonde messages or alter logged messages for retransmission. I also present simulations of a jamming attack and a spoofing attack on a sounding receiver:\n

During a jamming attack, the receiver is unable to receive transmissions from active radiosondes.\n

During a spoofing attack, the transmitter sends fake radiosonde messages to a target receiver, identifying as an active radiosonde.\n

I\'ll talk about the shortcomings of the military variant of the radiosonde model and suggest a simple way to cope with spoofing attacks.\n

\n
REFERENCES
\n
Vredenbregt L., \"How many weather balloons are out there? Hundreds, it turns out\", https://abcnews.go.com/Politics/weather-balloons-hundreds-turns/story?id=97082985, Feb 13, 2023.\nDudley I., \"Weather balloons and rocket science\", https://www.vandenberg.spaceforce.mil/News/Features/Display/Article/737270/weather-balloons-and-rocket-science/\nbazjo, \"RS41 Decoding\", https://github.com/bazjo/RS41_Decoding\nrs1729, \"RS\", https://github.com/rs1729/RS\nprojecthorus, \"radiosonde_auto_rx\", https://github.com/projecthorus/radiosonde_auto_rx\nsondehub, https://github.com/projecthorus/radiosonde_auto_rx\n\"Upper-air Observations Program\", https://www.weather.gov/upperair/\nMass C., \"Wind Shear: When the Atmospheric Seems to be Tearing Itself Apart\", https://cliffmass.blogspot.com/2017/05/wind-shear-when-atmospheric-seems-to-be.html\nJessop M., \"Top Radiosonde types\", https://twitter.com/vk5qi/status/1170215238978830339\nLada B., \"3 weather obstacles that SpaceX faces when launching rockets into space\", https://www.accuweather.com/en/space-news/types-of-weather-that-can-delay-a-spacex-rocket-launch/352407\nNasa, \"Falcon 9 Crew Dragon Launch Weather Criteria\", FS-2020-05-568-KSC, www.nasa.gov\nFrielingsdorf J., \"An Open-Source Documentation and Implementation of the Vaisala RS41 Data Preparation Algorithms\", WMO Technical Conference on Meteorological and Environmental Instruments and Methods of Observation, Oct. 11, 2022\nCadence PCB Solutions, \"What is Signal to Noise Ratio and How to calculate it?\", https://resources.pcb.cadence.com/blog/2020-what-is-signal-to-noise-ratio-and-how-to-calculate-it\nVaisala, \"Vaisala Radiosonde RS41-SGP Data Sheet\", www.vaisala.com, B211444EN-E, 2017\nVaisala, \"Vaisala Radiosonde RS41-SG Data Sheet\", www.vaisala.com, B211321EN-K, 2020\nVaisala, \"Vaisala Radiosonde RS41-SGM Data Sheet\", www.vaisala.com, B211448EN-E, 2017
\n\n\'',NULL,365230),('2_Friday','14','14:30','15:15','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET\'','\'Jonathan Birch\'','DC_663d7a8ea9b6bd61b41e931511f5cf07','\'Title: Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET
\nWhen: Friday, Aug 11, 14:30 - 15:15 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:Jonathan Birch\n, Principal Security Software Engineer at Microsoft
\nJonathan Birch is a Principal Security Software Engineer for Microsoft. He hacks Office. His previous talks include \"Host/Split: Exploitable Antipatterns in Unicode Normalization\" at Black Hat 2019 and \"Dangerous Contents - Securing .NET Deserialization\" at BlueHat 2017.
\n\n
\nDescription:
\nExploits of insecure serialization leading to remote code execution have been a common attack against .NET applications for some time. But it\'s generally assumed that exploiting serialization requires that an application directly uses a serializer and that it unsafely reads data that an attacker can tamper with. This talk demonstrates attacks that violate both of these assumptions. This includes serialization exploits of platforms that don\'t use well-known .NET serializers and methods to exploit deserialization even when the serialized data cannot be tampered with. Remote code execution vulnerabilities in MongoDB, LiteDB, ServiceStack.Redis, RavenDB, MartenDB, JSON.Net and the .NET JavaScriptSerializer are all demonstrated. Techniques to both scan for and mitigate these vulnerabilities are also discussed.\n
\n
REFERENCES
\n
* \"Are You My Type? Breaking .net Sandboxes Through Serialization\", James Forshaw, Black Hat 2012\n* \"Friday the 13th JSON Attacks\", Alvaro Muñoz & Oleksandr Mirosh, Black Hat 2017\n* See also: https://github.com/pwntester/ysoserial.net for useful payload generators.
\n\n\'',NULL,365231),('2_Friday','15','14:30','15:15','Y','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET\'','\'Jonathan Birch\'','DC_663d7a8ea9b6bd61b41e931511f5cf07','\'\'',NULL,365232),('4_Sunday','13','13:00','13:45','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Exploring Linux Memory Manipulation for Stealth and Evasion: Strategies to bypass Read-Only, No-Exec, and Distroless Environments\'','\'Carlos Polop,Yago Gutierrez\'','DC_6f73806f6f7d19f9602ca42f97de15e5','\'Title: Exploring Linux Memory Manipulation for Stealth and Evasion: Strategies to bypass Read-Only, No-Exec, and Distroless Environments
\nWhen: Sunday, Aug 13, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\nSpeakers:Carlos Polop,Yago Gutierrez
\n
SpeakerBio:Carlos Polop\n, Web, Mobile & Cloud Pentesting Team Leader at Halborn
\nCarlos has a degree in Telecommunications Engineering with a Master in Cybersecurity.\nHe has worked mainly as Penetration Tester and Red Teamer for several companies, but also as developer and system administrator. He has several relevant certifications in the field of cybersecurity such as OSCP, OSWE, CRTP, eMAPT and eWPTXv2. He was captain of the Spanish team in the ECSC2021 and member of Team Europe for the ICSC2022.\n

Since he started learning cybersecurity he has tried to share his knowledge with the infosec community by publishing open source tools such as https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite and writing a free hacking book that anyone can consult at https://book.hacktricks.xyz.\n

\nTwitter: @hacktricks_live
\n
SpeakerBio:Yago Gutierrez\n, Offensive Security Researcher at Mollitiam Industries
\nYago is currently studying Telecommunications Engineering. He is an experienced C programmer, tolerates python and has extensive knowledge of Linux Internals. He works as a vulnerability researcher on binaries as well as malware on mobile systems. He is an occasional CTF player and has participated in the ECSC2020 as a member of the Spanish team.
\nTwitter: @arget1313
\n\n
\nDescription:
\nAs cyber threats continue to evolve, attackers constantly develop new methods for exploiting system vulnerabilities and evading detection. In this presentation, we will delve into cutting-edge techniques for manipulating Linux memory in highly constrained environments, such as read-only, no-exec, and distroless setups. These techniques can be utilized by sophisticated malware to remain stealthy and evade traditional security mechanisms.\n

We will begin by providing an overview of the unique challenges faced in these limited environments and discuss the reasons behind their increasing prevalence. Next, we will explore how attackers can exploit vulnerabilities within these constraints and demonstrate several novel methods for manipulating Linux memory.\n

Throughout the presentation, we will showcase real-world examples and provide step-by-step explanations for each technique, enabling attendees to gain a deeper understanding of how they can be employed by adversaries. Additionally, we will discuss potential countermeasures and mitigation strategies to help security professionals better defend against these emerging threats.\n

By attending this presentation, participants will gain valuable insights into the latest advancements in Linux memory manipulation and acquire the knowledge needed to anticipate and counter stealthy attacks in constrained environments. Whether you are a security researcher, a system administrator, or an ethical hacker, this session will equip you with the expertise necessary to stay ahead of the curve in the ever-evolving world of cybersecurity.\n

\n
REFERENCES
\n
Most of the parts of the developed technique for this presentation is just based on our knowledge and experience. However, it\'s true that some previous research was done in this topic by sektor7 in https://blog.sektor7.net/#!res/2020/meterp-inject-yt.md and David Buchanan in https://twitter.com/David3141593/status/1386663070991360001
\n\n\'',NULL,365233),('2_Friday','10','10:30','11:15','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Route to bugs: Analyzing the security of BGP message parsing\'','\'Daniel dos Santos,Simon Guiot\'','DC_a9129da736d3c474cfa38e48f06bd201','\'Title: Route to bugs: Analyzing the security of BGP message parsing
\nWhen: Friday, Aug 11, 10:30 - 11:15 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\nSpeakers:Daniel dos Santos,Simon Guiot
\n
SpeakerBio:Daniel dos Santos\n, Head of Security Research at Forescout
\nDaniel dos Santos is the Head of Security Research at Forescout\'s Vedere Labs, where he leads a team of researchers that identifies new vulnerabilities and monitors active threats. He holds a PhD in computer science, has published over 35 peer-reviewed papers on cybersecurity, has found or disclosed hundreds of CVEs and is a frequent speaker at security conferences.
\n
SpeakerBio:Simon Guiot\n, Security Researcher at Forescout
\nSimon Guiot has experience in software engineering and software vulnerability management. He is currently a Security Researcher at Forescout Technologies doing vulnerability and threat research.
\n\n
\nDescription:
\nThis talk discusses an overlooked aspect of Border Gateway Protocol (BGP) security: vulnerabilities in how its implementations parse BGP messages. Software implementing BGP is relied upon for Internet routing and for functions such as internal routing in large data centers. A lot of (deserved) attention is given to aspects of BGP protocol security discussed in RFC4272, which can be mitigated with the use of RPKI and BGPsec. However, recent BGP incidents show that it might take only a malformed packet to cause a large disruption. We will present a quantitative analysis of previous vulnerabilities in both open and closed-source popular BGP implementations and focus the talk on a new analysis of seven modern implementations. \n

Main findings in this research include:\n

    \n
  1. Some implementations process parts of OPEN messages before validating the BGP ID and ASN fields of the originating router, which means that only TCP spoofing is required to inject malformed packets.
  2. Three new vulnerabilities in a leading open-source implementation, which could be exploited to achieve denial of service on vulnerable peers, thus dropping all BGP sessions and routing tables and rendering the peer unresponsive. These vulnerabilities were found using a fuzzer we developed and will release to the community.
    \n
    REFERENCES
    \n
    \n \n
    \n
\n\n\'',NULL,365234),('2_Friday','11','10:30','11:15','Y','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Route to bugs: Analyzing the security of BGP message parsing\'','\'Daniel dos Santos,Simon Guiot\'','DC_a9129da736d3c474cfa38e48f06bd201','\'\'',NULL,365235),('2_Friday','10','10:00','10:45','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework\'','\'Daniel Avinoam\'','DC_e1147d5ce0a6fdaeea967098845a540d','\'Title: Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework
\nWhen: Friday, Aug 11, 10:00 - 10:45 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\n
SpeakerBio:Daniel Avinoam\n, Security Researcher at Deep Instinct
\nAs a security researcher at Deep Instinct, Daniel develops and researches new defense capabilities.After serving for several years in the advanced technological cyber unit under the Israeli Air Force, Daniel has experience in the defensive side of cyber warfare, including forensics, incident response, development, reverse engineering, and research.
\n\n
\nDescription:
\nThe use of containers became an integral part of any resource-efficient and secure environment. Starting from Windows Server 2016, Microsoft released its version of this solution called Windows Containers, which offers either a process or Hyper-V isolation modes.\n

In both cases, an efficient file system separation should be provided. On one hand, each container should be able to access system files and write changes that will not affect the host. On the other, copying the entire main volume on each container launch will be storage-inefficient and not practical.\n \n

In this presentation, we will cover the basics of windows containers, break down its file system isolation framework, reverse-engineer its main mini-filter driver, and see how it can be utilized and manipulated by an actor to bypass EDR products in multiple domains. Eventually, we will provide an open-source tool based on these findings.\n \n

This technology caught my attention for several reasons:\n

\n\n\'',NULL,365236),('2_Friday','10','10:00','10:20','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Look Ma I\'m the CEO! Real-Time Video and Audio Deep-Fake!\'','\'Gal Zror\'','DC_d74831e67407744e515e600df2717703','\'Title: Look Ma I\'m the CEO! Real-Time Video and Audio Deep-Fake!
\nWhen: Friday, Aug 11, 10:00 - 10:20 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:Gal Zror\n, Vulnerability Research Manager at CyberArk Labs
\nGal Zror (@waveburst) acts as the vulnerability research manager in CyberArk labs. Gal has over 12 years of experience in vulnerability research and he specializes in embedded systems and protocols. Besides research, he is also an amateur boxer and a tiki culture enthusiast.
\nTwitter: @waveburst
\n\n
\nDescription:
\nHey you, yeah you! Do you want to become a big company CEO but are too lazy to invest your life in chasing that position?\n \n

Now introducing DEFCON VIDEO-ART - DEep Fake CONversation for VIDEO and Audio in Real-Time! With DEFCON VIDEO-ART you can impersonate your favorite big-company CEO without doing the hard work! You can video call anyone in the company and tell them what to do because you look and sounds like the big boss! Reset passwords, ask for the latest confidential business reports, fire people, you name it!\n \n

Deep fake has been around for years, but only recently we have reached a point where real-time deep fake has become easy and accessible to execute. Join my talk where I show how I impersonate my company\'s CEO with videos and audio I found online. Then I\'ll share how with open-source tools and a decent GPU you can also impersonate your company\'s CEO!\n

\n\n\'',NULL,365237),('3_Saturday','09','09:30','10:15','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Badge of Shame: Breaking into Secure Facilities with OSDP\'','\'Dan \"AltF4\" Petro,David Vargas\'','DC_4a116896bed5e941c81280fa6e914362','\'Title: Badge of Shame: Breaking into Secure Facilities with OSDP
\nWhen: Saturday, Aug 12, 09:30 - 10:15 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\nSpeakers:Dan \"AltF4\" Petro,David Vargas
\n
SpeakerBio:Dan \"AltF4\" Petro\n, Senior Security Engineer at Bishop Fox
\nDan \"AltF4\" Petro is a Senior Security Engineer at Bishop Fox. Dan is widely known for the tools he creates: Eyeballer (a convolutional neural network pentest tool), the Rickmote Controller (a Chromecast-hacking device), Untwister (pseudorandom number generator cracker), and SmashBot (a merciless Smash Bros noob-pwning machine).
\n
SpeakerBio:David Vargas\n, Senior Security Consultant at Bishop Fox
\nDavid \"Shad0\" Vargas is a senior red teamer at Bishop Fox. He enjoyes breaking into secure facilities by exploiting physical, social and network security controls. In a past life, David designed a power system for a cube satellite to be launched into space.
\n\n
\nDescription:
\nBreaking into secure facilities used to be possible by inserting a listening device (such as an ESPKey) behind an RFID card reader and sniffing the unencrypted Wiegand badge numbers over the wire as they go to the backend controller. The physical security industry has taken notice and there\'s a new sheriff in town: The encrypted protocol OSDP which is starting to be rolled into production. Surely encryption will solve our problems and prevent MitM attacks right? ... right?\n \n

In this presentation, we\'ll demonstrate over a dozen vulnerabilities, concerning problems, and general \"WTF\"s in the OSDP protocol that let it be subverted, coerced, and totally bypassed. This ranges from deeply in-the-weeds clever cryptographic attacks, to boneheaded mistakes that undermine the whole thing. We will also demonstrate a practical pentesting tool that can be inserted behind an RFID badge reader to exploit these vulnerabilities.\n \n

Get your orange vest and carry a ladder, because we\'re going onsite!\n

\n
REFERENCES
\n
* ESPKey https://github.com/octosavvi/ESPKey\n* OSDP v2.2 Spec https://www.securityindustry.org/2020/12/15/security-industry-association-releases-version-2-2-of-sia-osdp-standard/ https://libosdp.gotomain.io/protocol/introduction.html\n* RS485 https://en.wikipedia.org/wiki/RS-485
\n\n\'',NULL,365238),('3_Saturday','10','09:30','10:15','Y','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Badge of Shame: Breaking into Secure Facilities with OSDP\'','\'Dan \"AltF4\" Petro,David Vargas\'','DC_4a116896bed5e941c81280fa6e914362','\'\'',NULL,365239),('2_Friday','11','11:00','11:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'SpamChannel: Spoofing Emails From 2 Million+ Domains and Virtually Becoming Satan\'','\'Marcello \"byt3bl33d3r\" Salvati\'','DC_c9b56b903f6f051ab6b9a5fcdf72a8e3','\'Title: SpamChannel: Spoofing Emails From 2 Million+ Domains and Virtually Becoming Satan
\nWhen: Friday, Aug 11, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Marcello \"byt3bl33d3r\" Salvati\n, Hacker & Entrepreneur
\nMarcello Salvati (byt3bl33d3r) is a hacker & entrepreneur with over a decade of experience as an Offensive Security Researcher, Blue/Purple/Red Teamer and Open Source developer. Marcello is known for creating a number of Open Source tools such as CrackMapExec and weaponizing unorthodox programming languages for malware purposes.
\nTwitter: @byt3bl33d3r
\n\n
\nDescription:
\nEver wake up and ask yourself: “Damn, how could I make email security suck even more today”? Tired of your Red Teams phishing emails not landing in your targets inbox? Do you dislike Boston (the city) and love Satan?\n

If you answered yes to any of those questions you should come to this talk!\n \n

I\'ll be showing you how to spoof emails from 2 million+ domains (while also “bypassing” SPF & DMARC!) by (ab)using a partnership between Cloudflare and the “biggest transactional email service” on the interwebs. We\'ll be diving into \"edge\" serverless applications and the magical world of email security where everything is (still) held up by duct tape, pasta, and marinara sauce. Finally, I’ll be dropping code and releasing a tool that demonstrates how to impersonate emails from 2million+ domains. \n

\n
REFERENCES
\n
\n \n
\n\n\'',NULL,365240),('3_Saturday','15','15:00','15:45','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Revolutionizing ELF binary patching with Shiva: A JIT binary patching system for Linux\'','\'Ryan \"ElfMaster\" O\'Neill\'','DC_ea0d3a4053c56b50a587b908e0d523ee','\'Title: Revolutionizing ELF binary patching with Shiva: A JIT binary patching system for Linux
\nWhen: Saturday, Aug 12, 15:00 - 15:45 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:Ryan \"ElfMaster\" O\'Neill\n, CTO at Arcana Technologies
\nRyan \"ElfMaster\" O\'Neill, has been in the security scene since about 1997.\n

Ryan is well known for authoring the book \"Learning Linux binary analysis\" and for publishing many papers and technologies in the realm of binary protection, memory forensics, exploitation, security mitigations, virus design, kernel hacking and reverse engineering techniques. Ryan has been published in many of the classic journals such as Phrack, POC||GTFO, tmp.0ut and vxheaven. Much of Ryan\'s independent research has been published over the years on https://www.bitlackeys.org, and has many public technologies available on https://github.com/elfmaster. Ryan is also the founder of Arcana technologies https://arcana-technologies.io, a threat detection company based heavily on ELF forensics research. Ryan is currently building a new ELF binary patching system for Linux to solve the worlds hardest challenges in binary patching today.\n

\nTwitter: @ryan_elfmaster
\n\n
\nDescription:
\nThe esoteric art of patching ELF binaries has a long and fascinating history who\'s roots are deep within the hacking subculture; from ELF viruses to kernel rootkits. Silvio\'s 1997 \"UNIX Viruses\" paper taught us how to insert parasitic code into a page aligned text padding region. Many backdooring and hooking techniques have been revealed to us over the last 20 years-- perfect for hacking and injecting small patches and backdoors but on their own these techniques are limited, clunky and do not support the complexities of real-world patching problems in todays industry. Developers often need to fix complex bugs that exist within legacy ELF Binaries, no source code is available or the program cannot be recompiled.\n

Let me introduce you to Shiva. Shiva is a JIT binary patching system for ELF; A custom ELF interpreter that loads and links ELF relocatable patches at runtime. Shiva allows developers to write patches in rich C code to naturally express the rewriting of binary code at runtime, in a high level language. ELF binary patching solutions over the past two decades have been scarce; some notable research: Katana and ERESI come to mind as pioneers in the early examples of custom ELF linkers and binary patchers.\n

Shiva is a next-level solution that allows developers to quickly write patches in C with little to no reversing knowledge. Born out of 16 years of ELF research into virus design, binary patching, and extensive experience with writing custom linkers and loaders.\n

In this talk we will discuss foundations of ELF binary patching and it\'s close relationship with ELF linkers, loaders and even ELF virus technology. This passionate body of research is combined and imbued into Shiva to create a highly innovative and powerful product that helps bridge the gap between Developers and Reverse engineers in modern binary patching solutions for ELF. A new workflow for maintaning insecure legacy software with modular patching capabilities is on the rise!\n \n

Prepare for an indepth discussion of incredible new ELF hacking techniques and extensions. Old concepts such as userland-exec() brought back to life, and entirely new concepts such as \"Linker chaining\" to bring multiple dynamic linkers into a single process image. We will demonstrate complex patching scenarios, function splicing, program transformation, and even the weaponization of Shiva for writing sophisticated in-memory backdoors. Shiva; the ultimate ELF Binary hacker... aiming to solve the worlds most challenging binary patching problems today.\n

\n
REFERENCES
\n
--Papers--\n Grugq - userland execve: https://grugq.github.io/docs/ul_exec.txt\n Mayhem - Cerberus ELF interface: http://phrack.org/issues/61/8.html\n Silvio - UNIX Viruses and parasites: https://vxug.fakedoma.in/archive/VxHeaven/lib/vsc02.html\n James Oakley & Sergey Bratus - Katana: A hot patching framework: https://ieeexplore.ieee.org/document/5438048\n James Oakley & Sergey Bratus - Exploiting the hard working DWARF: https://www.cs.dartmouth.edu/~sergey/battleaxe/hackito_2011_oakley_bratus.pdf\n Mlaurenzano - PEBIL (An ELF patching framework) - https://github.com/mlaurenzano/PEBIL\n sd & devik - Linux on-the-fly kernel patching without LKM: phrack.org/issues/58/7.html\n jbtzhm - static kernel patching - https://phrack.org/issues/60/8.html\n Elfmaster - Modern ELF infection techniques of SCOP binaries (POC||GTFO: 20:07)\n Elfmaster - Preloading the linker for fun and profit: https://tmpout.sh/2/6.html (This paper presents the nucleus of Shiva)\n Mayhem - IA32 Advanced function hooking: http://phrack.org/issues/58/8.html\n Richinseattle - Hooking the ELF loader: http://phrack.org/issues/58/8.html\n Silvio - Shared library call redirection via PLT infection: http://phrack.org/issues/56/7.html\n Elfmaster - Kernel instrumentation using kprobes: http://phrack.org/issues/56/7.html\n Mayhem - Next generation ELF debuggers: https://www.blackhat.com/presentations/bh-europe-07/ERSI/Presentation/bh-eu-07-ersi-apr19.pdf
\n

--A note on the illustrious tmp.0ut zine: https://tmpout.sh\n \n

The crew at tmp.0ut are a tightly formed group ELF hackers and reversing enthusiasts who are continuing to research and publish awesome ELF research on a regular basis. I highly recommend their content, and am grateful for their many new contributions keeping the spirit of ELF hacking alive. Translated into nine different languages currently.\n \n

--Source code--\n \n

https://github.com/torvalds/linux/blob/master/fs/binfmt_elf.c (Source for Linux ELF loader)\n https://www.gnu.org/software/binutils (Source for for ELF /bin/ld)\n https://sourceware.org/git/glibc.git (Source code for ld-linux.so)\n https://github.com/elfmaster (My own ELF hacking related research)\n https://github.com/elfmaster/linker_preloading_virus (My first custom ELF interpreter)\n https://musl.libc.org/
\n https://github.com/bminor/binutils-gdb <- These GDB guys really don\'t get enough credit.\n \n

--Books--\n \n

Understanding the Linux kernel (Great book on kernel internals)\n Learning Linux binary analysis (elfmaster)\n Advanced programming in the UNIX environment (Richard Stevenson)\n Turbo C (Old book from the 80s I learned C from)\n

\n\n\'',NULL,365241),('3_Saturday','09','09:00','09:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Smashing the state machine: the true potential of web race conditions\'','\'James \"albinowax\" Kettle\'','DC_c274a4012a65b57fe4a3bafd640c95a1','\'Title: Smashing the state machine: the true potential of web race conditions
\nWhen: Saturday, Aug 12, 09:00 - 09:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:James \"albinowax\" Kettle\n, Director of Research at PortSwigger
\nJames \'albinowax\' Kettle is the Director of Research at PortSwigger, the makers of Burp Suite. He\'s best known for his HTTP Desync Attacks research, which popularised HTTP Request Smuggling. James has extensive experience cultivating novel attack techniques, including web cache poisoning, browser-powered desync attacks, server-side template injection, and password reset poisoning.\n \n

James is also the author of multiple popular open-source tools including Param Miner, Turbo Intruder, and HTTP Request Smuggler. He is a frequent speaker at numerous prestigious venues including both Black Hat USA and EU, OWASP AppSec USA and EU, and DEF CON.

\nTwitter: @albinowax
\n\n
\nDescription:
\nFor too long, web race-condition attacks have focused on a tiny handful of scenarios. Their true potential has been masked thanks to tricky workflows, missing tooling, and simple network jitter hiding all but the most trivial, obvious examples. In this session, I\'ll introduce multiple new classes of race condition that go far beyond the limit-overrun exploits you\'re probably already familiar with.\n \n

Inside every website lurks a state machine: a delicately balanced system of states and transitions that each user, session, and object can flow through. I\'ll show how to fire salvos of conflicting inputs at high-profile websites to make state machines collapse, enabling you to forge trusted data, misroute tokens, and mask backdoors.\n \n

To handle this explosion of attack surface, I\'ll share a polished methodology designed to help you eke out subtle tell-tale clues and scent blood long before sacrificing anything to the RNG gods. I\'ve also taken lore amassed over years of research into HTTP Desync Attacks and developed a strategy that can squeeze 30 requests sent from Melbourne to Dublin into a sub-1ms execution window. Alongside the open source tool, we\'ll also release free online labs so you can try out your new skillset immediately.\n

\n\n\'',NULL,365242),('3_Saturday','14','14:30','15:15','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Exploiting OPC-UA in Every Possible Way: Practical Attacks Against Modern OPC-UA Architectures\'','\'Noam Moshe,Sharon Brizinov\'','DC_51975216fbe0a45d44884d7a42d5b6ed','\'Title: Exploiting OPC-UA in Every Possible Way: Practical Attacks Against Modern OPC-UA Architectures
\nWhen: Saturday, Aug 12, 14:30 - 15:15 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\nSpeakers:Noam Moshe,Sharon Brizinov
\n
SpeakerBio:Noam Moshe\n, Vulnerability Researcher at Claroty Team82
\nNoam Moshe is a vulnerability researcher at Claroty Team82. Noam specializes in vulnerability research, web applications pentesting, malware analysis, network forensics and ICS/SCADA security. In addition, Noam presented in well-known Hacking conferences like Blackhat Europe, as well as won Master of Pwn at Pwn2Own Miami 2023.
\n
SpeakerBio:Sharon Brizinov\n, Director of Security Research at Claroty Team82
\nSharon Brizinov leads the Vulnerability Research at Team82, The Claroty Research. He specializes in OT/IoT vulnerability research, has participated in multiple Pwn2Own competitions, won Pwn2Own Miami 2023, and holds a DEFCON black badge.
\n\n
\nDescription:
\nOPC-UA is the most popular protocol today in ICS/SCADA and IoT environments for data exchanges from sensors to on-premises or cloud applications. OPC-UA is therefore the bridge between different OT trust zones and a crown jewel for attacks attempting to break security zones and crossover from the industrial to corporate networks.\n \n

We have been researching during the past two years dozens of OPC-UA protocol stack implementations being used in millions of industrial products. We focused on two main attack vectors: attacking OPC-UA servers and protocol gateways, and attacking OPC-UA clients. The research yielded unique attack techniques that targeted specific OPC-UA protocol specification pitfalls that enabled us to create a wide range of vulns ranging from denial of service to remote code execution.\n \n

For example, we explored OPC-UA features such as method call processing, chunking mechanisms, certification handling, complex variant structures, monitored items, race-conditions, and many more. For each part of the specification, we tried to understand its caveats and exploit them to achieve RCE, information leaks, or denial of service attacks.\n \n

In this talk, we will share our journey, methods, and release an open-source framework with all of our techniques and vulnerabilities to exploit modern OPC-UA protocol stacks. ,\nNoam Moshe is a vulnerability researcher at Claroty Team82. Noam specializes in vulnerability research, web applications pentesting, malware analysis, network forensics and ICS/SCADA security. In addition, Noam presented in well-known Hacking conferences like Blackhat Europe, as well as won Master of Pwn at Pwn2Own Miami 2023.\n

\n\n\'',NULL,365243),('3_Saturday','15','14:30','15:15','Y','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Exploiting OPC-UA in Every Possible Way: Practical Attacks Against Modern OPC-UA Architectures\'','\'Noam Moshe,Sharon Brizinov\'','DC_51975216fbe0a45d44884d7a42d5b6ed','\'\'',NULL,365244),('3_Saturday','09','09:30','10:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'J4 Gate, The Hustler Poker Cheating Scandal investigation and how Hacking helped me do it\'','\'Scott \"Duckie\" Melnick\'','DC_07f644733077fd76f7667e89573387ae','\'Title: J4 Gate, The Hustler Poker Cheating Scandal investigation and how Hacking helped me do it
\nWhen: Saturday, Aug 12, 09:30 - 10:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:Scott \"Duckie\" Melnick\n, Principal Security Research and Development at Bulletproof International
\nDuckie, aka “Scott Melnick,” started his shenanigans War Dialing on his Apple ][+ at an early age and has been attending Defcon and other hacking conferences for over 26 years. Scott currently heads the Security R&D team for Bulletproof, a part of Gaming Laboratories International. Specializing in casino gaming security, he spends his time hacking and reverse engineering electronic gaming devices such as slot machines, sneaking around casinos, getting kicked out of casinos, and speaking at gaming security and regulation events. Over the years, he has worked on many gaming fraud and security breach cases. Before joining Bulletproof, he served as the Vice President of Systems Software Development for a slot and table game maker and held various positions in the slot industry, leading mechanical and electrical engineering projects, overseeing security, and managing IT gaming operations, among other things. He is excited to be delivering his first Defcon presentation this year and contributing back to the hacker community.
\nTwitter: @duckie37
\n\n
\nDescription:
\nOn September 29th, 2022, one of the most controversial poker hand was played, winning an all-in $240K cash pot on the Hustler Casino Live poker stream (HCL) by newcomer Robbi Jade Lew. The controversy and accusations of cheating took the poker and media world by storm! Conspiracy theories emerged immediately within the media, podcasts and the internet sleuths, including crossover theories from the Chess cheating scandal, accusations of collusion with HCL employees, and advanced technology being used. This is the wild tale of my investigation into cheating live stream poker if it was done and what are all the ways I would do it. \n

I will also show how I utilized my experience from attending hacking conferences such as Defcon for over 26 years, the competitions and how I tapped into a broad range of resources throughout the years of making friends in the hacking community, reaching out to discord groups and doing that which isn’t covered in the academic world. This is why I am here; this is why you are here. \n

This war story contains treachery, wild technology theories, drama and current criminals on the run. But you, the audience must all decide. Is Robbi innocent or guilty? Was something missing? How would you have cheated?\n

REFERENCES: \n

\n\n\'',NULL,365245),('3_Saturday','10','09:30','10:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'J4 Gate, The Hustler Poker Cheating Scandal investigation and how Hacking helped me do it\'','\'Scott \"Duckie\" Melnick\'','DC_07f644733077fd76f7667e89573387ae','\'\'',NULL,365246),('3_Saturday','10','10:00','10:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Demystifying (& Bypassing) macOS\'s Background Task Management\'','\'Patrick Wardle\'','DC_9e5606e99d2c6050577ad2d8ff7df90c','\'Title: Demystifying (& Bypassing) macOS\'s Background Task Management
\nWhen: Saturday, Aug 12, 10:00 - 10:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Patrick Wardle\n, Objective-See Foundation
\nPatrick Wardle is the creator of the non-profit Objective-See Foundation, author of the “The Art of Mac Malware” book series, and founder of the \"Objective by the Sea\" macOS Security conference.\n

Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.\n \n

Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing books and free open-source security tools to protect Mac users.\n

\nTwitter: @patrickwardle
\n\n
\nDescription:
\nTo retain a foothold on an infected system, most Mac malware will persist; installing itself in a manner that ensures it will be automatically (re)launched each time the infected system is rebooted.\n \n

In macOS Ventura, Apple\'s rearchitected core persistence mechanisms and added a new security mechanism that alerts the user any time an item is persisted. As the former is both undocumented and implemented in a proprietary manner this poses a problem for existing security and forensics tools (that aim to heuristically detect malware via unauthorized persistence events). On the other hand, the latter is problematic to malware authors, who obviously want their malicious creations to persist without an alert being shown to the user.\n \n

In this talk, we\'ll indiscriminately provide solutions for all! First, we\'ll dive into the internals of macOS\'s Background Task Management (BTM) which, as we\'ll see, contains a central (albeit proprietary) repository of persistent items. Armed with this information, we\'ll release open-source code capable of programmatically enumerating all persistent items from BTM, ensuring security and forensics tools regain compatibility. We\'ll also highlight design weaknesses that malicious code could trivially employ to sidestep the new security features of BTM, such that persistence may still be silently achieved.\n

\n
REFERENCES
\n
https://piunikaweb.com/2023/01/30/macos-13-ventura-background-items-added-notification-issue/\nhttps://www.sentinelone.com/blog/apples-macos-ventura-7-new-security-changes-to-be-aware-of/
\n

Apple Documentation:
\nhttps://support.apple.com/guide/deployment/manage-login-items-background-tasks-mac-depdca572563/web\n

\n\n\'',NULL,365247),('4_Sunday','12','12:00','12:45','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Retro Exploitation: Using Vintage Computing Platforms as a Vulnerability Research Playground and Learning Environment\'','\'Wesley McGrew\'','DC_ce653b050d9d8656047b6ab8d2ea91eb','\'Title: Retro Exploitation: Using Vintage Computing Platforms as a Vulnerability Research Playground and Learning Environment
\nWhen: Sunday, Aug 13, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:Wesley McGrew\n, Senior Cyber Fellow at MartinFed
\nDr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
\nTwitter: @McGrewSecurity
\n\n
\nDescription:
\nIt can be very difficult for those new to hacking to learn about vulnerability discovery and exploit development on modern operating systems and software. The complexity of a modern computing environment, developer awareness of security risks, and the iterative development of exploit mitigations over the past three decades has put up an intimidating wall in front of those who would be interested in learning about vulnerability research. Vintage computing environments can provide an interesting and fun playground environment for learning and experimenting with reverse engineering, vulnerability discovery, and exploit development.\n \n

In this talk, Wesley will discuss the setup of a complete environment for hacking software for the Commodore Amiga line of computers, a 16/32 bit computing platform of the late 80s and early 90s (not to mention a dedicated following of users and software today). He will describe the hardware environment, OS architecture, and the practically endless library of software that can be used as interesting targets of research. On-system development and debugging software will be described, as well as using the modern Ghidra disassembler. A case study of identifying and exploiting a vulnerability in a 1994 vintage FTP client will be discussed in technical detail. \n

\n
REFERENCES
\n
\n
\n\n\'',NULL,365248),('2_Friday','16','16:30','17:15','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Malware design - abusing legacy Microsoft transports and session architecture\'','\'R.J. \"BeetleChunks\" McDown\'','DC_f5bb4ca9248c0467a25add35a5b1e5ec','\'Title: Malware design - abusing legacy Microsoft transports and session architecture
\nWhen: Friday, Aug 11, 16:30 - 17:15 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:R.J. \"BeetleChunks\" McDown\n, Principal Red Teamer
\nR.J. McDown (BeetleChunks) is a computer scientist who has made a career out of hacking into numerous fortune 500 companies through consulting red team engagements and penetration tests. R.J. is an avid Python and C/C++ developer who has created custom tools for bypassing leading EDR solutions and OS based monitoring, including a tool released at DerbyCon 7 called RedSails. Every now and then R.J. turns his focus to developing fuzzing harnesses, which has led to the discovery of critical zero-day vulnerabilities in popular applications including Microsoft Outlook (CVE-2019-1199) and ManageEngine OpManager (CVE-2020-12116).
\nTwitter: @BeetleChunks
\n\n
\nDescription:
\nThe future isn’t certain, nor is the continued access to our compromised endpoints. At some point, every red team operator faces the gut-wrenching event of losing command and control (C2) access. This often occurs when post exploitation activity is detected and associated to the C2 process and channel. Further link analysis may lead to the discovery of other compromised endpoints, secondary C2, and compromised credentials. Needless to say, a single mistake can cause a huge disruption in access and even lead to the detriment of the entire engagement.\n \n

This talk will present and demonstrate the methodologies and techniques built into Obligato, a covert implant tasking and communications framework, designed with the primary objectives of breaking process chaining events, disassociating network communication from the implant, providing a means for maintaining or regaining access, and evading dynamic analysis.\n

Technical information will be explained and demonstrated at both high and low levels, so prior knowledge is not required. However, to get the most out of the talk, attendees are encouraged to have a basic understanding of general Windows architecture, networking, and programming concepts. \n

REFERENCES:
\n[1] Pyle, Ned. “The Beginning of the End of Remote Mailslots.” Tech Community, Microsoft, 8 Mar. 2023, https://techcommunity.microsoft.com/t5/storage-at-microsoft/the-beginning-of-the-end-of-remote-mailslots/ba-p/3762048.\n \n

[2] Corporation, Microsoft. “[MS-Mail]: Remote Mailslot Protocol.” [MS-MAIL], Microsoft, 25 June 2021, https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-MAIL/[MS-MAIL].pdf.\n \n

[3] Aggarwal, Avnish. “PROTOCOL STANDARD FOR A NetBIOS SERVICE.” IETF, RFC Editor, Mar. 1987, https://datatracker.ietf.org/doc/html/rfc1001.\n \n

[4] ATT&CK, MITRE. “Enterprise Techniques.” Techniques - Enterprise ,\nMITRE ATT&CK, MITRE ATTCK, 25 Oct. 2022, https://attack.mitre.org/techniques/enterprise/.\n \n

[5] Yosifovich, Author Pavel. “Parent Process vs. Creator Process.” Pavel Yosifovich, 10 Jan. 2021, https://scorpiosoftware.net/2021/01/10/parent-process-vs-creator-process/.\n \n

[6] Schwarz, Roland. “Thread Local Storage - the C++ WAY.” CodeProject, CodeProject, 28 Aug. 2004, https://www.codeproject.com/Articles/8113/Thread-Local-Storage-The-C-Way.\n \n

[7] The Chromium Authors. “Chromium/thread_local_storage_win.Cc at Main · Chromium/Chromium.” GitHub, The Chromium Project, Jan. 2012, https://github.com/chromium/chromium/blob/main/base/threading/thread_local_storage_win.cc.\n \n

[8] timb3r. “How to Find Hidden Threads - Threadhidefromdebugger - Antidebug Trick.” How to Find Hidden Threads - ThreadHideFromDebugger - AntiDebug Trick, Guided Hacking, 27 Dec. 2019, https://guidedhacking.com/threads/how-to-find-hidden-threads-threadhidefromdebugger-antidebug-trick.14281/.\n \n

[9] Chappell, Geoff. “THREADINFOCLASS.” Threadinfoclass, Jan. 1997, https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ps/psquery/class.htm.\n \n

[10] GrantMeStrength. “GetMailslotInfo Function (Winbase.h) - win32 Apps.” Win32 Apps ,\nMicrosoft Learn, 10 Oct. 2021, https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-getmailslotinfo.\n \n

[11] Alvinashcraft. “Impersonation Tokens - win32 Apps.” Win32 Apps ,\nMicrosoft Learn, 1 July 2021, https://learn.microsoft.com/en-us/windows/win32/secauthz/impersonation-tokens.\n \n

[12] GrantMeStrength. “CreateProcessWithTokenW Function (Winbase.h) - win32 Apps.” Win32 Apps ,\nMicrosoft Learn, 2 Jan. 2023, https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithtokenw.\n \n

[13] QuinnRadich. “WTSQUERYUSERTOKEN Function (WTSAPI32.H) - win32 Apps.” Win32 Apps ,\nMicrosoft Learn, 10 Dec. 2021, https://learn.microsoft.com/en-us/windows/win32/api/wtsapi32/nf-wtsapi32-wtsqueryusertoken.\n \n

[14] Karl-Bridge-Microsoft. “PEB (Winternl.h) - win32 Apps.” PEB (Winternl.h) - Win32 Apps ,\nMicrosoft Learn, 31 Aug. 2022, https://learn.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb.\n \n

[15] Yosifovich, Pavel. Windows 10 System Programming Part 1. Independently Published.\n \n

[16] Yosifovich, Pavel. Windows 10 System Programming Part 2. Independently Published.\n

\n\n\'',NULL,365249),('2_Friday','17','16:30','17:15','Y','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Malware design - abusing legacy Microsoft transports and session architecture\'','\'R.J. \"BeetleChunks\" McDown\'','DC_f5bb4ca9248c0467a25add35a5b1e5ec','\'\'',NULL,365250),('1_Thursday','10','10:00','10:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Boston Infinite Money Glitch: Hacking Transit Cards Without Ending Up In Handcuffs\'','\'Matthew Harris,Noah Gibson,Scott Campbell,Zachary Bertocchi\'','DC_eaf8e026fc936898008984594ec06c3e','\'Title: Boston Infinite Money Glitch: Hacking Transit Cards Without Ending Up In Handcuffs
\nWhen: Thursday, Aug 10, 10:00 - 10:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:Matthew Harris,Noah Gibson,Scott Campbell,Zachary Bertocchi
\n
SpeakerBio:Matthew Harris\n, Student at Medford Vocational Technical High School
\nA 17 year old and lead hackerman of the group. He likes breaking stuff and doesn’t take kindly to being told what to do. He’s a proud (and maybe annoying) neovim and Linux user, knows how to ride a bike (without training wheels), and is a very opinionated Rustacean despite barely knowing how to use the language.
\n
SpeakerBio:Noah Gibson\n, Hacker
\nA soccer fan and web developer. In his free time he enjoys kicking a ball, drawing, and programming.
\n
SpeakerBio:Scott Campbell\n, Hacker
\nA heathen who writes things in Bash, holder of a fishing license in the Commonwealth of Massachusetts, and the proud angler of several minnows. Refuses to learn Rust even though it is better than his silly little non memory safe languages in every way.
\n
SpeakerBio:Zachary Bertocchi\n, Hacker
\nHe holds a learners permit, is a seasoned fare machine maker, and even graduated 11th grade! He has successfully made it to the ripe old age of 17, and is an enthusiastic 3D modeler.
\n\n
\nDescription:
\nWho likes paying to ride the subway? Sure, you could hop the fare gates, but that can be athletically challenging and simply isn’t cool enough for our tastes. What’s a mischievous and miserly rider to do, then? Hack the fare system of course!\n

In this talk we\'ll walk you through how we, four high school students and cybersecurity noobs became the first to fully reverse engineer Boston’s CharlieCard fare system and earn ourselves free rides for life… or at least until the system gets fixed, whichever comes first.\n

We’ll start by exploring the trials and tribulations of exploring the hardware behind the CharlieCards. Next, we’ll dive into the emotional rollercoaster of reverse engineering the black box that is a transit card system older than us. We’ll then explain the process of disclosing our findings to a government agency without having to hire a legal team. Finally, we’ll show you a demo of some of the tools we made, including our own portable fare machine!\n

By the end of our talk, regardless of whether you’re an avid RFID hackerman, or a complete noob, we’ll leave you with useful reverse engineering strategies, tips for working with a government agency, and if nothing else, a fun story. \n

\n
REFERENCES
\n
\n

Andersen, Zack. Anatomy of a Subway Hack. 10 August 2008, https://file.wikileaks.org/file/anatomy-of-a-subway-hack.pdf.\n

Bray, Hiawatha. “Your CharlieCard can be hacked by an Android phone, MBTA admits.” The Boston Globe, 8 December 2022, https://www.bostonglobe.com/2022/12/08/business/your-charliecard-can-be-hacked-by-an-android-phone-mbta-admits/?p1=HP_Feed_AuthorQuery. Accessed 18 April 2023.\n

“CharlieCard.” Wikipedia, https://en.wikipedia.org/wiki/CharlieCard. Accessed 18 April 2023.\n

Courtois, Nicolas. “Hacking Mifare Classic Cards.” Black Hat, 21 October 2014, https://www.blackhat.com/docs/sp-14/materials/arsenal/sp-14-Almeida-Hacking-MIFARE-Classic-Cards-Slides.pdf. Accessed 18 April 2023.\n

iceman001. “RfidResearchGroup/proxmark3: The Iceman fork of Proxmark3 / RFID / NFC reader, writer, sniffer and emulator.” GitHub, https://github.com/RfidResearchGroup/proxmark3. Accessed 23 April 2023.\n

“nfc-tools/mfcuk: MiFare Classic Universal toolKit (MFCUK).” GitHub, https://github.com/nfc-tools/mfcuk. Accessed 23 April 2023.\n

“nfc-tools/mfoc: Mifare Classic Offline Cracker.” GitHub, https://github.com/nfc-tools/mfoc. Accessed 23 April 2023.\n

Rauch, Bobby. “Operation Charlie: Hacking the MBTA CharlieCard from 2008 to Present.” Medium, 8 December 2022, https://medium.com/@bobbyrsec/operation-charlie-hacking-the-mbta-charliecard-from-2008-to-present-24ea9f0aaa38. Accessed 18 April 2023.\n

\n\n\'',NULL,365251),('2_Friday','17','17:00','17:20','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'HL7Magic: Medical Data Hacking Made Easy\'','\'Katie Inns\'','DC_800dee8ac94269627e0ed6ef7f493f3d','\'Title: HL7Magic: Medical Data Hacking Made Easy
\nWhen: Friday, Aug 11, 17:00 - 17:20 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Katie Inns\n, Security Consultant at WithSecure
\nKatie Inns is a Security Consultant in the Attack Surface Management (ASM) team at WithSecure. Katie has 6 years’ experience in the security industry, working in consulting and within an in-house security team focusing on vulnerability management and application security. Katie has spoken about the topic of ASM at conferences such as BlueTeam Con and conINT and holds the OSCP certification. Dancing has been Katie\'s hobby for 25 years and she also loves to listen to and play music.
\n\n
\nDescription:
\nIn recent years, the use of internet-connected devices has become more prevalent in the healthcare sector, particularly as a means to communicate patient data. Therefore, it is essential that security testing is carried out against these devices to identify misconfigurations that could cause a severe impact, such as the prescription of incorrect drugs.\n

Modern healthcare protocols such as FHIR (Fast Healthcare Interoperability Resources) use the HTTP protocol to communicate, making security testing relatively straightforward. However, the use of older protocols such as HL7 (Health Level Seven) is more widespread across medical devices in the industry. These protocols are bespoke and difficult to read or intercept using current commercial and open-source security tooling, making testing of these devices challenging and cumbersome.\n

To address this challenge, I have developed a tool (HL7Magic) to provide security testers with an easier method of intercepting and changing HL7 messages sent to and from medical devices. This tool was created for the purpose of being integrated into Burp Suite as an extension, although it can exist independently.\n

After talking about how the HL7Magic was created, I will give a short demonstration using the tool for security research purpose or to identify existing CVE’s across your estate. HL7Magic will be open sourced and collaborations to improve it further will be welcomed.\n

REFERENCES: \n

Forescout - Connected Medical Device Security: https://www.forescout.com/resources/connected-medical-device-security-a-deep-dive-into-healthcare-networks/\n

Dallas Haselhorst - HL7 Medical Attacking and Defending: https://linuxincluded.com/hl7-medical-attacking-defending/\n

Anirudh Duggal - Understanding HL7 2.X Standards, Pen Testing and Defending HL7 2.X Messages: https://www.youtube.com/watch?v=MR7cH44fjrc\n \n

Saurabh Harit - Breaking Bad: Stealing Patient Data Through Medical Devices: https://www.blackhat.com/docs/eu-17/materials/eu-17-Harit-Breaking-Bad-Stealing-Patient-Data-Through-Medical-Devices.pdf\n \n

Christian Dameff, Maxwell Bland, Kirill Levchenko, Jeff Tully - Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives: https://i.blackhat.com/us-18/Thu-August-9/us-18-Dameff-Pestilential-Protocol-How-Unsecure-HL7-Messages-Threaten-Patient-Lives-wp.pdf\n \n

HL7apy: https://crs4.github.io/hl7apy/tutorial/index.html#\n

\n\n\'',NULL,365252),('3_Saturday','11','11:30','12:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Apple\'s Predicament: NSPredicate Exploitation on macOS and iOS\'','\'Austin Emmitt\'','DC_5744be20af288e4a7e19ff13846a7d2f','\'Title: Apple\'s Predicament: NSPredicate Exploitation on macOS and iOS
\nWhen: Saturday, Aug 12, 11:30 - 12:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:Austin Emmitt\n, Senior Security Researcher at Trellix Advanced Research Center
\nAustin Emmitt is a vulnerability researcher with a background in mobile security. He has found critical vulnerabilities in Android, iOS, and other platforms. He is also the creator of the radius2 symbolic execution framework.
\nTwitter: @alkalinesec
\n\n
\nDescription:
\nIn 2021 the FORCEDENTRY sandbox escape introduced the usage of NSPredicate in an iOS exploit. This new technique allowed attackers to sidestep codesigning, ASLR, and all other mitigations to execute arbitrary code on Apple devices. As a result, Apple put in place new restrictions to make NSPredicate less powerful and less useful for exploits. This presentation will cover new research showing that these added restrictions could be completely circumvented in iOS 16, and how NSPredicates could be exploited to gain code execution in many privileged iOS processes. This technical deep dive will be a rare instance of iOS security that anyone can comprehend without years of experience.\n \n

After an overview of the classes involved, we will explore the full syntax of NSPredicate and cover how it can be used to script the Objective-C runtime and even call any C function. It will be shown that PAC can still be bypassed 100% reliably with NSPredicates in order to execute any function with arbitrary arguments. A new tool will be unveiled to help craft complex NSPredicates to execute arbitrary code and inject those predicates in any application. Additionally, a demonstration will be given which executes arbitrary code in the highly privileged Preferences app. \n \n

Finally, the talk will cover a bypass of NSPredicateVisitor implementations which allows a malicious process to evaluate any NSPredicate within several system processes including coreduetd, appstored, OSLogService, and SpringBoard. Next there will be a live demo of exploiting SpringBoard to steal a user’s notifications and location data. The presentation will end with some discussion about what can still be done with NSPredicates now that these issues have been fixed, including bypassing App Store Review, and what app developers should know to keep their own apps safe. \n

REFERENCES: \n

NSPredicate - https://developer.apple.com/documentation/foundation/nspredicate?language=objc\nSee No Eval: Runtime Dynamic Code Execution in Objective-C by CodeColorist - https://codecolor.ist/2021/01/16/see-no-eval-runtime-code-execution-objc/\nFORCEDENTRY: Sandbox Escape by Ian Beer & Samuel Groß of Google Project Zero - https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html\n

\n\n\'',NULL,365253),('3_Saturday','12','11:30','12:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Apple\'s Predicament: NSPredicate Exploitation on macOS and iOS\'','\'Austin Emmitt\'','DC_5744be20af288e4a7e19ff13846a7d2f','\'\'',NULL,365254),('3_Saturday','13','13:00','13:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Looking into the future, what can we learn about hacking in science-fiction?\'','\'Nicolas Minvielle,Xavier Facélina\'','DC_db195d39dd4130f5ecde6d4ae9710794','\'Title: Looking into the future, what can we learn about hacking in science-fiction?
\nWhen: Saturday, Aug 12, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:Nicolas Minvielle,Xavier Facélina
\n
SpeakerBio:Nicolas Minvielle\n, Making Tomorrow
\nformer brand manager for Philippe Starck, professor, researcher and fututirst. Nicolas is also the head of the French Armie’s Science Fiction red Team
\n
SpeakerBio:Xavier Facélina\n, Seclab
\nXavier Facélina ­â€” former hacker, self taught entrepreneur, founded 3 cybersecurity companies including SECLAB, cybersecurity company protecting cyberphysical system (real world !) from cyberattacks. \n

Xavier has 25 years of experience in cybersecurity with a focus on digital war and cyberdefense. How he gets into this? By seeing the Wargames movie at the age of 8! Today, he still watch movies and read books and comics to anticipate what is coming.\n

\n\n
\nDescription:
\nThe links between science fiction and reality have been demonstrated in numerous research studies. By speculating about the possible future uses of technologies under development, science fiction shows us plausible futures. In this sense, it allows us, as a society, to popularize and debate the consequences (expected or not) of our technological developments. In addition to this not negligible social role science fiction also has an impact on our current developments. We speak here of \"loop-looping\", i.e. there is a feedback loop between what science fiction shows us and what we are then led to actually develop. From this point of view, our imaginations are performative, and this is perhaps the most critical issue: what I see can happen. In the case of hacking and cybersecurity, a particular phenomenon is added: the general public\'s knowledge of these subjects is mainly through the fictions they watch, read, or listen to. We propose to analyze a corpus of 200 fictional attacks, and 800 real attacks and to compare them to define if the imaginary ones are predictive if they inform us or on the contrary mislead us as for the reality of the current attacks. \n

REFERENCES: \n

The subject of imaginaries is a key subject of the work of the Making Tomorrow collective co-founded by Nicolas Minvielle. As such, he has been able to conduct numerous studies aimed at analyzing the impact of science fiction on a given practice.\n

A book has been published on the subject and is available online in pdf format:\nMinvielle, N. & Wathelet, O. & Lauquin, M. & Audinet, P., Design fiction for your organization, Making Tomorrow (2020), http://making-tomorrow.mkrs.fr/wp-content/uploads/2020/04/Making-Tomorrow-Design-Fiction-and-more-for-your-organization.pdf \n

Academic references on this subject: \n \n

Brake, Mark, and Neil Hook, Different Engines: How Science Drives Fiction and Fiction Drives Science (London New York: Macmillan, 2008)\n \n

Carpenter, C. (2016). Rethinking the Political / -Science- / Fiction Nexus: Global Policy Making and the Campaign to Stop Killer Robots. Perspectives on Politics, 14(1), 53-69. doi:10.1017/S1537592715003229\n \n

Jones, C., & Paris, C. (2018). It’s the End of the World and They Know It: How Dystopian Fiction Shapes Political Attitudes. Perspectives on Politics, 16(4), 969-989. doi:10.1017/S1537592718002153\n \n

Kevin L Young, Charli Carpenter, Does Science Fiction Affect Political Fact? Yes and No: A Survey Experiment on “Killer Robots”, International Studies Quarterly, Volume 62, Issue 3, September 2018, Pages 562–576, https://doi.org/10.1093/isq/sqy028\n \n

Kirby, David A., Lab Coats in Hollywood: Science, Scientists, and Cinema (Cambridge, Mass: MIT Press, 2011)\n \n

Maynard, Andrew D., Films from the Future: The Technology and Morality of Sci-Fi Movies (Coral Gables: Mango Publishing, 2018)\n \n

Seed, David, ed., Future Wars: The Anticipations and the Fears, Liverpool Science Fiction Texts and Studies, 42 (Liverpool: Liverpool Univ. Press, 2012)\n \n

Shedroff, Nathan, and Christopher Noessel, Make It so: Interaction Design Lessons from Science Fiction(Brooklyn, N.Y., USA: Rosenfeld Media, 2012)\n \n

Telotte, J. P., Replications: A Robotic History of the Science Fiction Film (Urbana: University of Illinois Press, 1995)\n \n

Westfahl, Gary, Wong Kin Yuen, and Amy Kit-sze Chan, eds., Science Fiction and the Prediction of the Future: Essays on Foresight and Fallacy, Critical Explorations in Science Fiction and Fantasy, 27 (Jefferson, N.C: McFarland, 2011)\n \n

Appadurai, Arjun, ed., The Future as Cultural Fact: Essays on the Global Condition (London: New York : Verso Books, 2013)\n \n

Here, a video (6’30 to 17’) of Xavier Facélina in 2017 inviting a panel to thing about cybersecurity from a different angle ; and with science fiction references (in French) :\nhttps://youtu.be/PIVwcu-HhQo\n \n

Here, a video (8’55 to 29’55) of Nicolas Minvielle talking about the impact of science fiction in innovation (in French) : https://www.youtube.com/live/oK-k3AqdXBc?feature=share\n

\n\n\'',NULL,365255),('3_Saturday','11','11:30','12:15','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Physical Attacks Against Smartphones\'','\'Christopher Wade\'','DC_827f676724fcfcf4ef211efaaba775f6','\'Title: Physical Attacks Against Smartphones
\nWhen: Saturday, Aug 12, 11:30 - 12:15 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\n
SpeakerBio:Christopher Wade\n, Hacker
\nChristopher (@Iskuri1) is a seasoned security researcher. His main focuses are in reverse engineering firmware and fingerprinting USB and NFC vulnerabilities, with his key strength lying in bootloader exploitation.
\nTwitter: @Iskuri1
\n\n
\nDescription:
\nAndroid devices are constantly improving their security to protect against attackers with physical access, with new protection techniques being added year-by-year. This talk aims to demonstrate vulnerabilities in modern Android smartphones that are still viable, despite the mitigations in place.\n \n

In the first phase of this talk, we will discuss analysis and exploitation of vendor-customised versions of Android\'s Recovery mode, demonstrating weaknesses that allow for privilege escalation to root, and traversal from Recovery to Android, without Bootloader access, using nothing but a Micro SD card.\n \n

In the second phase, we will discuss weaknesses in the Secondary Bootloader of devices produced by a popular smartphone manufacturer. We will demonstrate how, using a vulnerability in the core USB stack, code execution can be achieved, and a modified Android image can be booted, without compromising the functionality of the device.\n

\n\n\'',NULL,365256),('3_Saturday','12','11:30','12:15','Y','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Physical Attacks Against Smartphones\'','\'Christopher Wade\'','DC_827f676724fcfcf4ef211efaaba775f6','\'\'',NULL,365257),('2_Friday','12','12:30','13:15','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Defender-Pretender: When Windows Defender Updates Become a Security Risk\'','\'Omer Attias,Tomer Bar\'','DC_14486587eb0d8f685987508e8626ea49','\'Title: Defender-Pretender: When Windows Defender Updates Become a Security Risk
\nWhen: Friday, Aug 11, 12:30 - 13:15 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\nSpeakers:Omer Attias,Tomer Bar
\n
SpeakerBio:Omer Attias\n, Security Researcher at SafeBreach Labs
\nOmer Attias is an accomplished security researcher with over five years of experience in the field of cybersecurity. He currently works as a researcher at SafeBreach Labs.\n

With a background in the Ministry of Defense and the Israeli Defense Forces (IDF), Omer has honed his skills in network research, including a deep understanding of Windows internals and Linux kernel components.\n

In addition to his professional pursuits, Omer is a passionate technology and science enthusiast who is always eager to explore emerging trends and innovations in these fields.\n

\nTwitter: @@omerat21
\n
SpeakerBio:Tomer Bar\n, VP of Security Research at SafeBreach Labs
\nTomer Bar is a hands-on security researcher with 20 years of unique experience in cyber security. He leads SafeBreach Labs as the VP of security research. In the past, he ran research groups for the Israeli government and then led the endpoint malware research for Palo Alto Networks. His main interests are vulnerability research, reverse engineering, and APT research.\n

Among his recent discoveries are the PrintDemon vulnerabilities in the Windows Spooler mechanism which were a candidate in the best privilege escalation of Pwnie awards and several research studies on Iranian APT campaigns. He presented his research at DEF CON (28-30), BlackHat USA, ReCon, Sector, Confidence, Security Fest and HackCon conferences.\n

\n\n
\nDescription:
\nThe signature update process is critical to EDR\'s effectiveness against emerging threats. The security update process must be highly secured, as demonstrated by the Flame malware attack that leveraged a rogue certificate for lateral movement. Nation-state capabilities are typically required for such an attack, given that signature update files are digitally signed by Microsoft.\n

We wondered if we could achieve similar capabilities running as an unprivileged user without possessing a rough certificate, instead we aimed to turn the original Windows Defender process to our full control.\n

In this talk we will deep dive into Windows Defender architecture, the signature database format and the update process, with a focus on the security verification logic. We will explain how an attacker can completely compromise any Windows agent or server, including those used by enterprises, by exploiting a powerful 0day vulnerability that even we didn\'t expect to discover.\n

We will demonstrate Defender-Pretender, a tool we developed to achieve neutralization of the EDR. allowing any already known malicious code to run Fully Un-Detected. It can also force Defender to delete admin’s data. OS and driver files, resulting in an unrecoverable OS. We will also explain how an attacker can alter Defender\'s detection and mitigation logic.\n

\n\n\'',NULL,365258),('2_Friday','13','12:30','13:15','Y','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Defender-Pretender: When Windows Defender Updates Become a Security Risk\'','\'Omer Attias,Tomer Bar\'','DC_14486587eb0d8f685987508e8626ea49','\'\'',NULL,365259),('2_Friday','14','14:30','15:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Getting a Migraine - uncovering a unique SIP bypass on macOS\'','\'Anurag Bohra,Jonathan Bar Or,Michael Pearse\'','DC_c5232c286741f5d56ee772b9df4804ac','\'Title: Getting a Migraine - uncovering a unique SIP bypass on macOS
\nWhen: Friday, Aug 11, 14:30 - 15:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\nSpeakers:Anurag Bohra,Jonathan Bar Or,Michael Pearse
\n
SpeakerBio:Anurag Bohra\n, Security Researcher at Microsoft
\nAnurag Bohra is a Security Researcher 2 at Microsoft focusing on macOS security. His interests includes Reverse Engineering, Malware Analysis, Vulnerability Research, hardware security and also loves building tools on the same.
\n
SpeakerBio:Jonathan Bar Or\n, Security Researcher at Microsoft
\nJonathan Bar Or (\"JBO\") is a Principal Security Researcher at Microsoft, working as the Microsoft Defender research architect for cross-platform. Jonathan has rich experience in vulnerability research, exploitation, cryptanalysis, and offensive security in general.
\nTwitter: @yo_yo_yo_jbo
\n
SpeakerBio:Michael Pearse\n, Security Researcher at Microsoft
\nMicheal Pearse started out as an embedded developer for anti-ICBM missiles. Micheal got into reversing by trying to understand how counterstrike works and the underlying mechanics of C++. In his vulnerability research journey, Michael started with home routers, worked my way up to industrial devices, and eventually found and exploited local priv escalations for Windows.
\n\n
\nDescription:
\nSystem Integrity Protection (SIP) is a macOS technology that limits the capabilities of the root user, most notably - it maintains the integrity of the operating system by preventing loading of untrusted kernel extensions and protecting sensitive filesystem locations.\n

In this talk we will uncover a method to bypass SIP and create undeletable malware that can later load arbitrary kernel extensions. We will explain our methodology, detail our exploitation strategy and the reverse engineering involved. Lastly, we will explain how to look for similar SIP bypasses and outline a generic detection strategy for Blue Teams.\n

\n
REFERENCES
\n
https://objective-see.com/blog/blog_0x14.html\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9771\nxrootless/\">https://www.theregister.com/2016/03/30/apple_osxrootless/\nhttps://www.microsoft.com/en-us/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/\nhttps://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable/
\n\n\'',NULL,365260),('2_Friday','15','14:30','15:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Getting a Migraine - uncovering a unique SIP bypass on macOS\'','\'Anurag Bohra,Jonathan Bar Or,Michael Pearse\'','DC_c5232c286741f5d56ee772b9df4804ac','\'\'',NULL,365261),('2_Friday','17','17:00','17:45','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record','\'Legend of Zelda: Use After Free (TASBot glitches the future into OoT)\'','\'Allan \"dwangoAC\" Cecil\'','DC_11bc76d2d69ea7cae4163c6e615756a3','\'Title: Legend of Zelda: Use After Free (TASBot glitches the future into OoT)
\nWhen: Friday, Aug 11, 17:00 - 17:45 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record - Map
\n
SpeakerBio:Allan \"dwangoAC\" Cecil\n, Founder and BDFL at TASBot
\nAllan Cecil (dwangoAC) is the founder and BDFL of the TASBot online community. He is part of the senior staff for TASVideos.org, a website devoted to using emulators to find glitches and techniques to play video games perfectly. He is a published journal author, patent holder, and presenter with talks at DEF CON, GeekPwn, Thotcon, May Contain Hackers, and other hacker conferences. He uses his combined hacking interests for good at charity events like Games Done Quick to entertain viewers with never-before-seen glitches in games, with events he\'s led raising more than $1.3m for various charities.
\nTwitter: @MrTASBot
\n\n
\nDescription:
\nHow can a Use After Free exploit in Ocarina of Time lead to a cute robot taking over an entire N64 to put the future (and the Triforce) in the game using only button presses? This talk dives into the technical details of how a Use After Free exploit, Arbitrary Code Execution, and multiple bootstrap stages allowed TASBot to take full control of an original, unmodified cart and console in front of a live audience during SGDQ 2022 with the help of Sauraen and Savestate, helping raise more than $228k for charity. This talk uses engaging explainer graphics courtesy of RGME to dig into how a Use After Free vulnerability can be exploited as well as a live demo showing the significant social impact of the exploit Here Together, in the past year and into the future. \n
\n
REFERENCES
\n
\n

### Project Info
\n[FAQs](https://gettriforce.link/faq)
\n[Credits](https://gettriforce.link/credits)\n[Retro Game Mechanics Explained explainer video, contents used with permission from IsoFrieze](https://www.youtube.com/watch?v=qBK1sq1BQ2Q)\n

## Source code
\n[Triforce% Source code release](https://github.com/triforce-percent/triforce-percent)\n

### Articles posted about Triforce%
\n[Ars Technica](https://arstechnica.com/gaming/2022/07/how-zelda-fans-changed-the-ending-to-ocarina-of-time-on-a-vanilla-n64/)\n[Forever Classic Games](https://foreverclassicgames.com/news/2022/7/tasbot-summer-games-done-quick-sgdq2022-zelda-link-triforce)\n[Zelda Dungeon](https://www.zeldadungeon.net/ocarina-of-time-speedrunners-obtain-the-triforce-in-wild-beta-showcase/)\n[Zelda Universe](https://zeldauniverse.net/2022/07/05/games-done-quick-features-astonishing-ocarina-of-time-beta-demonstration/)\n[PC Gamer](https://www.pcgamer.com/this-zelda-speedrun-built-on-urban-legends-is-an-all-time-gaming-moment/)\n[NintendoLife](https://www.nintendolife.com/news/2022/07/watch-this-insane-triforcepercent-speedrun-turns-zelda-ocarina-of-time-into-breath-of-the-wild)\n[GoNintendo](https://gonintendo.com/contents/5979-speedrunning-trick-turns-zelda-ocarina-of-time-into-breath-of-the-wild)\n

### Setup info
\n[Savestate’s notes on how to do the setup by hand](https://docs.google.com/document/d/1fglILK3PdZoT1uISGMJKzsm-wZ2tP5652ayjR86QNDU)\n[BizHawk savestate of gz macro to do setup](https://drive.google.com/file/d/1tbG5TcfgXAnaxGnA_DubNcAtJR--wCeb/view?usp=sharing)\n[BizHawk build needed for compatibility with that savestate](https://drive.google.com/file/d/1K_LOyQX2MRTDOEASBbHPHltTcMB1ZDdm/view?usp=sharing)\n

### Raw video and photo assets for Triforce%:\n[Clean run video (for taking footage from)](https://www.youtube.com/watch?v=PZNywtNOe9U)\n[HD partial run video (for taking screenshots for branding)](https://www.youtube.com/watch?v=NNRqK1AQ_VY)\n[HD screenshots folder](https://drive.google.com/drive/folders/1uA5L-3pM1gBm_FDIDFX9zB5qrqo1Q1Cv?usp=sharing)\n

### Partner and reactor links
\n[SwankyBox](https://www.youtube.com/watch?v=1_RighmL04g)\n[Hard4Games](https://www.youtube.com/watch?v=f9cCtRYMKm4)\n[HMK](https://www.youtube.com/watch?v=mk1WwOu_AQQ) ([Interview](https://www.youtube.com/watch?v=buy6EcI2NKc))\n[TetraBitGaming](https://www.youtube.com/watch?v=gJ1hSMClhMI)\n

### OST Published By SiIvaGunner
\n[YouTube](https://www.youtube.com/watch?v=E1OYYi2Vzro&list=PLL0CQjrcN8D3qRiR5WUL5l_bPo2sIzdfr&index=155)\n[SoundCloud](https://soundcloud.com/sauraen/sets/triforce-percent)\n[SiIvaGunner wiki page](https://siivagunner.fandom.com/wiki/Triforce%25_SGDQ_Run)\n[SiIvaGunner joke explanations](https://gettriforce.link/siiva_jokes)\n

## Credits
\nThe primary director of Triforce% was Sauraen with Savestate as the human speedrunner and dwangoAC as the Producer; over two dozen people contributed, with full credits listed at https://gettriforce.link/credits\n

\n\n\'',NULL,365262),('3_Saturday','14','14:30','15:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Contactless Overflow: Code execution in payment terminals and ATM’s over NFC\'','\'Josep Pi Rodriguez\'','DC_7eef6cf80171d4dadbaecbe4c4f33b76','\'Title: Contactless Overflow: Code execution in payment terminals and ATM’s over NFC
\nWhen: Saturday, Aug 12, 14:30 - 15:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:Josep Pi Rodriguez\n, Principal Security Consultant at IOActive
\nJosep Pi Rodriguez is experienced in network penetration and web application testing, reverse engineering, industrial control systems, transportation, RF, embedded systems, AMI, vulnerability research, exploit development, and malware analysis. As a principal consultant at IOActive, Mr. Pi Rodriguez performs penetration testing, identifies system vulnerabilities, and researches cutting-edge technologies. Mr. Pi Rodriguez has performed security services and penetration tests for numerous global organizations and a wide range of financial, technical, and educational institutions. He has presented at international conferences including Defcon, Immunity infiltrate, Hack in Paris, Japan CCDS and Confidence Conference.
\nTwitter: @Josep_pi
\n\n
\nDescription:
\nWe conducted a research to assess the current security of NFC payment readers that are present in most of the major ATM brands, portable point of sales, gas stations, vending machines, transportation and other kind of point of sales in the US, Europe and worldwide. In particular, we found code execution vulnerabilities exploitable through NFC when handling a special application protocol data unit (APDU) that affect most NFC payment vendors. The vulnerabilities affect baremetal firmware devices and Android/Linux devices as well.\n

After waiting more than 1 year and a half once we disclosed it to all the affected vendors, we are ready to disclose all the technical details to the public. This research was covered in the media by wired.com but without the technical details that we can share now\nhttps://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/\n

Some of the affected vendors are:
\nIDtech - https://idtechproducts.com/
\nIngenico - https://www.ingenico.com/
\nVerifone - https://www.verifone.com/
\nCPI - https://www.cranepi.com/
\nBBPOS - https://www.bbpos.com/
\nWiseasy - https://www.wiseasy.com/
\nNexgo - https://www.nexgoglobal.com/\n

In this presentation we will describe the vulnerabilities and also demo how the readers can be compromised, using a special Android app we created, by just tapping an Android phone to the reader. We will discuss the consequences such as financial impact in reader’s users/owners and card data stealing once the firmware is compromised. Also, we will show how to compromise the host that is connected to the reader through USB by manipulating the reader’s firmware, chaining stack buffer overflow vulnerabilities in the SDK provided by the vendor that is running in the host machine.\n

Finally, since one of the affected vendors (IDtech) is present in most ATM brands in the world, the talk will cover different scenarios of how possible can be jackpotting ATMs just tapping a smartphone into the reader of the ATM. We have many years of experience jackpotting all brands of ATMs in multiple different ways and we will show how this is technically possible.\n

\n\n\'',NULL,365263),('3_Saturday','15','14:30','15:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Contactless Overflow: Code execution in payment terminals and ATM’s over NFC\'','\'Josep Pi Rodriguez\'','DC_7eef6cf80171d4dadbaecbe4c4f33b76','\'\'',NULL,365264),('4_Sunday','12','12:00','12:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Terminally Owned - 60 years of escaping\'','\'David Leadbeater\'','DC_428d87c9d6fe94347744b5877b5a3af1','\'Title: Terminally Owned - 60 years of escaping
\nWhen: Sunday, Aug 13, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:David Leadbeater\n, Open Source Engineer at G-Research
\nHe aims to find more CVEs than he creates and is currently succeeding.
\nTwitter: @davidgl
\n\n
\nDescription:
\nIt is 60 years since the first publication of the ASCII standard, something we now very much take for granted. ASCII introduced the Escape character; something we still use but maybe don\'t think about very much. The terminal is a tool all of us use. It\'s a way to interact with nearly every modern operating system. Underneath it uses escape codes defined in standards, some of which date back to the 1970s.\n \n

Like anything which deals with untrusted user input, it has an attack surface. 20 years ago HD Moore wrote a paper on terminal vulnerabilities, finding multiple CVEs in the process. I decided it was time to revisit this class of vulnerability.\n \n

In this talk I\'ll look at the history of terminals and then detail the issues I found in half a dozen different terminals. Even Microsoft who historically haven\'t had strong terminal support didn\'t escape a CVE. In order to exploit these vulnerabilities they often need to be combined with a vulnerability in something else. I\'ll cover how to exploit these vulnerabilities in multiple ways.\n \n

Overall this research found multiple remote code execution vulnerabilities across nearly all platforms and new unique ways to deliver the exploits. \n

REFERENCES:
\nKey citations:\n

\n

Other interesting sources:\n

\n

My posts to oss-security so far:\n

\n\n\'',NULL,365265),('2_Friday','09','09:00','09:45','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'The Hackers, The Lawyers, And The Defense Fund\'','\'Charley Snyder,Hannah Zhao,Harley Geiger,Kurt Opsahl,Miles McCain\'','DC_e7bbf7b38d8f7d5c18daf245a1c5280c','\'Title: The Hackers, The Lawyers, And The Defense Fund
\nWhen: Friday, Aug 11, 09:00 - 09:45 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\nSpeakers:Charley Snyder,Hannah Zhao,Harley Geiger,Kurt Opsahl,Miles McCain
\n
SpeakerBio:Charley Snyder\n, Head of Security Policy at Google
\nCharley serves as Head of Security Policy at Google. In this role, Charley organizes Google\'s expertise and technology to help solve the world\'s pressing public policy challenges related to safety and security online. Before joining Google, he led vulnerability management for a large financial institution, which included responsibility for researcher engagement and bug bounty programs. Previously, Charley served in the United States government, including multiple roles in the Department of Defense, where he helped create and manage the first U.S. government bug bounty program.
\nTwitter: @charley_snyder_
\n
SpeakerBio:Hannah Zhao\n, Staff Attorney at Electronic Frontier Foundation
\nHannah is a staff attorney at the Electronic Frontier Foundation. She’s part of EFF’s Coders’ Rights Project, which seeks to protect hackers, security researchers, and others through education, legal defense, amicus briefs, and involvement in the community with the goal of promoting innovation and safeguarding the rights of curious tinkerers and hackers on the digital frontier. She also works on legal issues related to police technology, surveillance, and cybersecurity.
\n
SpeakerBio:Harley Geiger\n, Counsel at Venable LLP
\nHarley Geiger is Counsel and Senior Director at Venable, LLP, where he leads the Security Research Legal Defense Fund and the Hacking Policy Council and counsels clients on a variety of cybersecurity issues. Prior to this, Geiger was Senior Director for Public Policy at Rapid7, where he worked to expand adoption of vulnerability disclosure and legal protections for security research. Geiger also worked as Senior Legislative Counsel in the U.S. House of Representatives, where he drafted Aaron’s Law, and served as Advocacy Director at the Center for Democracy & Technology.
\nTwitter: @HarleyGeiger
\n
SpeakerBio:Kurt Opsahl\n, Associate General Counsel for Cybersecurity and Civil Liberties Policy at Filecoin Foundation
\nKurt Opsahl is the Associate General Counsel for Cybersecurity and Civil Liberties Policy for the Filecoin Foundation, and a Special Counsel to the Electronic Frontier Foundation. Formerly, Opsahl was the Deputy Executive Director and General Counsel of EFF. Opsahl was also the lead attorney on the Coders\' Rights Project, and continues to assist EFF with that work as a Special Counsel. In 2007, Opsahl was named as one of the \"Attorneys of the Year\" by California Lawyer magazine. From 2014 to 2022, Opsahl served on the USENIX Board of Directors. Opsahl is a member of the CISA Cybersecurity Advisory Committee’s Technical Advisory Council.
\nTwitter: @KurtOpsahl
\n
SpeakerBio:Miles McCain\n, Student at Stanford University
\nMiles McCain is a student at Stanford University, security researcher, and open source software developer. He and his friends were once threatened with legal action for responsibly disclosing a security vulnerability in their classmates’ startup. He has previously worked on election security at CISA, privacy at Apple, and trust and safety at the Stanford Internet Observatory. Miles is a member of the Recurse Center.
\nTwitter: @MilesMcCain
\n\n
\nDescription:
\nThe hacker community has long conducted important security research that skates the edge of legality. This has led to charges and lawsuits, bogus and serious alike, against hackers. In this panel, we’ll hear from a hacker that faced legal challenges, we’ll describe what legal counseling for hackers looks like in practice, and we’ll discuss a new resource for the hacker community: the Security Research Legal Defense Fund.\n

Legal issues can arise for good faith hackers because computer or software owners want to prevent security research or vulnerability disclosure. Security researchers have rights and defenses against legal claims, but don’t always have access to representation or resources to defend themselves. EFF provides free legal counseling, ideally in advance of security researchers conducting their work so they can steer clear of problematic activity or at least mitigate the risk of legal threats. In litigation, EFF tries to find cases that will advance legal rights for the entire community, but many individuals will need representation even when their particular cases will not have a broader impact. In those cases, EFF endeavors to refer people to cooperating counsel, which can be difficult if funds are not available.\n

What is it like, as a hacker, to face legal threats? What are the common ways hackers encounter legal threats? When that happens, what should hackers do? What is it really like to provide legal representation to hackers? Are there areas of the world with greater or lesser access to legal rights and representation? What resources can hackers leverage to protect themselves, their rights, and others in the community? Join us and find out!\n

\n
REFERENCES
\n
1) Stanford student vulnerability disclosure, 2021.\n2) MBTA vs. Anderson, 2008.\n3) US Department of Justice Computer 2022 Fraud and Abuse Act charging policy.\n4) Librarian of Congress good faith security research exception to DMCA Section 1201. \n5) Disclose.io\n6) SecurityResearchLegalDefenseFund.org
\n\n\'',NULL,365266),('3_Saturday','10','10:30','11:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Unlocking Doors from Half a Continent Away\'','\'Sam Haskins,Trevor \"t1v0\" Stevado\'','DC_bb496a21658e8a176fd2ef112507b36b','\'Title: Unlocking Doors from Half a Continent Away
\nWhen: Saturday, Aug 12, 10:30 - 11:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\nSpeakers:Sam Haskins,Trevor \"t1v0\" Stevado
\n
SpeakerBio:Sam Haskins\n, Hacker at Loudmouth Security
\nSam Haskins is an honors student at Carleton University, in Ottawa ON, and hacker at Loudmouth Security. Sam is a security researcher in their spare time with several CVEs to their name, with a keen interest in cryptography and RFID hacking.
\n
SpeakerBio:Trevor \"t1v0\" Stevado\n, Founding Partner/Hacker at Loudmouth Security
\nTrevor Stevado is a security researcher and the founder of Loudmouth Security, with over 15 years of experience in the industry. In 2018, Trevor won a Black Badge in the IoT CTF at DEF CON 26, and since then he has been a regular contributor to IoT Village and is now one of the founders of the new Embedded Systems Village, where he continues to push the boundaries of embedded security research.
\n\n
\nDescription:
\nContactless credentials have become increasingly popular for secure authentication and access control systems due to their convenience and efficiency. In this talk, we will discuss a specific weakness in the ISO 14443A protocol that enables replay attacks over moderate latency connections, leading to the potential for long-range relay attacks.\n

During the presentation, we will delve into the history of contactless credential attacks, how manufacturers have adapted, and discuss why we focused on a relay attack. We will provide an overview of the ISO 14443A protocol and explain how the relay attack is executed and the ‘features’ of the underlying protocol that make it possible. Finally, we will demonstrate and release a new tool to make this relay attack feasible with the Proxmark, as we attempt to unlock a door in Ottawa, ON with a card on-stage in Vegas.\n

In addition, we will discuss the response from HID Global following our responsible disclosure against their SEOS readers and suggest mitigations to prevent these attacks on your access control systems.\n

\n\n\'',NULL,365267),('3_Saturday','11','10:30','11:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Unlocking Doors from Half a Continent Away\'','\'Sam Haskins,Trevor \"t1v0\" Stevado\'','DC_bb496a21658e8a176fd2ef112507b36b','\'\'',NULL,365268),('2_Friday','15','15:30','16:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Turning my virtual wallet into a skimming device: mPOS solutions\'','\'Dan Borgogno,Ileana Barrionuevo\'','DC_0908ecf58ec96c8eab3d67b3906b8664','\'Title: Turning my virtual wallet into a skimming device: mPOS solutions
\nWhen: Friday, Aug 11, 15:30 - 16:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\nSpeakers:Dan Borgogno,Ileana Barrionuevo
\n
SpeakerBio:Dan Borgogno\n, Security Engineer at LATU
\nDan Borgogno is a security engineer, backend developer, security researcher and international speaker with years of experience on mobile, hardware, IoT and web application hacking. Security engineer@LATU Seguros.
\nTwitter: @dborgogno
\n
SpeakerBio:Ileana Barrionuevo\n, Security Researcher at UTN FRC
\nIleana Barrionuevo is a security engineer, security researcher and international speaker with years of experience in Android mobile hacking and web application hacking. Security researcher @Labsis UTN FRC
\nTwitter: @accio_bugs
\n\n
\nDescription:
\nIn third-world economies, cheaper often means more accessible. In recent years, there has been a growing interest in modern mobile wallet solutions that allow you to save money, make transactions, payments, and transfer funds to friends or clients with the help of MPOS devices. These small, durable, and simple devices can be used to read credit card information. However, these solutions have vulnerabilities that can be exploited. In this talk, we will provide real-life examples of money theft, credit card information skimming, Bluetooth communication tampering, and hardware hacking associated with these solutions.\n
\n\n\'',NULL,365269),('2_Friday','16','15:30','16:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Turning my virtual wallet into a skimming device: mPOS solutions\'','\'Dan Borgogno,Ileana Barrionuevo\'','DC_0908ecf58ec96c8eab3d67b3906b8664','\'\'',NULL,365270),('3_Saturday','13','13:30','14:15','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Meduza: How an exiled pirate media outlet breaks through the Kremlin\'s propaganda firewall\'','\'Alex\'','DC_f72074cd060f4a48c41618cdac310f4f','\'Title: Meduza: How an exiled pirate media outlet breaks through the Kremlin\'s propaganda firewall
\nWhen: Saturday, Aug 12, 13:30 - 14:15 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\n
SpeakerBio:Alex\n, CTO at Meduza
\nAlex is CTO at Meduza. He joined the team in 2019. It was a rather crazy and brave decision to give up the job in a stable global corporation and join an independent media company in the times when it was already obvious that independent journalism is not welcome in Russia any more.\n \n

Alex’s main topics of expertise:
\nMedia company digital security. Protection of both employees and infrastructure against cyber threats, government run attacks, surveillance. Circumvention tools and technologies. Practical experience of reaching the audience in state-controlled countries. Government methods and approaches against media organizations. How they discover and block “forbidden” content, legal and physical pressure, surveillance. Risk analysis and research-based forecast for the further elaboration of censorship, i.e. sovereignization, criminalization of content etc.

\n\n
\nDescription:
\nMeduza is an independent international Russian- and English-language publication that still reaches millions of people inside Russia. The newsroom is operating from exile for 8 years now with headquarters in Latvia. Despite being completely outlawed and banned by the Kremlin, Meduza continues to work even under such enormously tough circumstances and still delivers the truths about the war in Ukraine along with an unbiased reporting on the situation inside Russia.\n \n

But at DEF CON Meduza will not be presented as a media. The team tries to resist the total state control of the Internet in Russia and fight not only for the freedom of speech, but for the freedom of information for millions of people.\n

Meduza CTO will explain how one of the most free internet has become one of the most regulated and censored ones within just a couple of years. Alex will share the practical experience of resisting censorship along with his (pessimistic) forecast for the future of the Internet in Russia (a new \"Iron Curtain\')\'. He will describe how the authorities were once again able to “deceive the people\'\' (before all that happened, there were no abrupt blockings in Russia and the habit of using VPN was not formed among internet users). This is important to not to let this scenario be repeated in whatever part of the world. \n

Tech Dept has always been an important part of Meduza newsroom, but in 2022 the tech guys became an even more crucial part of it. It is thanks to their work that the newsroom is able to successfully bypass blocking and retain the audience in Russia. And to protect the journalists and to repel various DDoS attacks on the infrastructure and products.\n

REFERENCES: \n

We don’t have many references that will be used in the presentation. And according to our Code of Conduct in our ordinary life we try to write about the news, and not to be the newsmakers ourselves. Here are a couple links that might be helpful to understand more about our work and values.\n \n

Meduza
\n https://meduza.io/\n \n

Meduza English-language edition
\n https://meduza.io/en\n \n

The awards:
\n https://frittord.no/en/news/speeches-at-the-awarding-of-the-fritt-ord-foundation-prize-2022\n \n

https://cpj.org/2022/03/calling-the-war-war-meduzas-galina-timchenko-bucks-russias-censorship-on-ukraine/\n \n

https://fgpj.eu/portfolio-items/preistraeger-2022/?portfolioCats=98\n \n

More about us:
\n https://rsf.org/en/rsf-creates-mirror-leading-russian-exile-news-site-blocked-kremlin\n https://www.cloudflare.com/innovator-spotlights/\n https://www.bloomberg.com/news/articles/2022-05-10/putin-s-crackdown-pushes-independent-russian-media-into-crypto?leadSource=uverify%20wall\n https://www.washingtonpost.com/media/2022/03/17/meduza-russia-sanctions/\n https://www.vox.com/future-perfect/22955885/donate-ukraine\n \n

Several examples of the most important articles:\n \n

Fact сhecking piece with a video that proved the massacre in Bucha. Meduza’s source provided us with a video that was filmed during the “entrance” to Bucha. We gave the video to two independent experts (an astronomer and a mathematician) in order to verify when the videos were shot, using chronolocation techniques. Their findings allowed us to confirm that the times in the metadata matches the actual times when the footage was recorded, and that the first video of the bodies couldn’t have been filmed after March 26, 2022, which proved that the horrific civilian killings in Bucha took place before Russian troops retreated from the town\n \n

https://meduza.io/en/feature/2022/04/09/verified-video-appears-to-show-ukrainian-troops-killing-russian-captives-here-s-what-we-know-about-it\n \n

An investigation of war crimes in Bogdanovka\n https://meduza.io/en/feature/2022/04/18/i-can-do-whatever-i-want-to-you\n \n

How Russia\'s full-scale invasion of Ukraine split the company Yandex\n https://meduza.io/en/feature/2022/05/06/toxic-assets\n \n

An investigation on Elvira Nabiullina, the chairwoman of Russia’s Central Bank\n https://meduza.io/en/feature/2022/07/07/the-banker-s-dilemma\n \n

Meduza tells the story of the first openly transgender woman in the Russian army. She is going to be sent to war with Ukraine (and that\'s not the whole story\n \n

https://meduza.io/feature/2022/11/09/pust-luchshe-ona-tam-gde-nibud-umret\n

\n\n\'',NULL,365271),('3_Saturday','14','13:30','14:15','Y','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Meduza: How an exiled pirate media outlet breaks through the Kremlin\'s propaganda firewall\'','\'Alex\'','DC_f72074cd060f4a48c41618cdac310f4f','\'\'',NULL,365272),('3_Saturday','13','13:00','13:45','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Azure B2C 0-Day: An Exploit Chain from Public Keys to Microsoft Bug Bounty\'','\'John Novak\'','DC_fcb4da9eb4d65538dbc2ceee8f51ce35','\'Title: Azure B2C 0-Day: An Exploit Chain from Public Keys to Microsoft Bug Bounty
\nWhen: Saturday, Aug 12, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:John Novak\n, Technical Director at Praetorian
\nJohn Novak is a Technical Director at Praetorian with a deep interest in cryptography, reverse\n engineering, and embedded firmware. His evolution to computer security and hacker culture began with an undergraduate degree in mathematics followed by ten years of cryptography, security research, and exploit development at a previous employer. His current role at Praetorian includes conducting numerous security assessments for IoT devices, web applications, mobile applications, and (on occasion) cloud services.
\nTwitter: @jwnovak
\n\n
\nDescription:
\nThis presentation will cover a complete exploit chain in Azure B2C, starting with a discovery of cryptographic misuse and leading to full account compromise in any tenant as an unauthenticated attacker.\n \n

Portions of this vulnerability have been released publicly, but several pieces were omitted to provide Microsoft time to remediate the issue and not put Azure B2C environments at unnecessary risk. New details in this talk include steps to reverse engineer and discover the crypto vulnerability along with details of a novel attack for crypto key recovery.\n \n

For background, Microsoft Azure B2C is an identity and access management service for customer-facing apps. Thousands of organizations use this service, including national/state/local governments, professional societies, and commercial companies. The service is also used in the public Microsoft Security Response Center (MSRC) web portal as the main method for researchers to disclose vulnerabilities as part of Microsoft\'s bug bounty programs. The full exploit chain was effective against the MSRC and would have allowed an attacker to enumerate details of disclosed but not-yet-patched Microsoft zero day vulnerabilities.\n

REFERENCES:
\n[1] Previous disclosure of portions of this vulnerability: https://www.praetorian.com/blog/azure-b2c-crypto-misuse-and-account-compromise/\n[2] Discussion of encryption and signatures in JSON Web Tokens (JWTs): https://www.praetorian.com/blog/signing-and-encrypting-with-json-web-tokens/\n[3] Azure B2C Configuration Tutorial: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy\n[4] What to Expect When Reporting Vulnerabilities to Microsoft https://msrc.microsoft.com/blog/2020/09/what-to-expect-when-reporting-vulnerabilities-to-microsoft/\n

\n\n\'',NULL,365273),('2_Friday','16','16:00','16:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Visual Studio Code is why I have (Workspace) Trust issues\'','\'Paul Gerste,Thomas Chauchefoin\'','DC_52cf3a09f8ab24f0009356ad7c4d8699','\'Title: Visual Studio Code is why I have (Workspace) Trust issues
\nWhen: Friday, Aug 11, 16:00 - 16:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:Paul Gerste,Thomas Chauchefoin
\n
SpeakerBio:Paul Gerste\n, Vulnerability Researcher at Sonar
\nPaul Gerste (@pspaul95) is a Vulnerability Research in the Sonar R&D team. In the last months, he has been hunting bugs in popular JavaScript and TypeScript applications, yielding critical vulnerabilities in projects such as Rocket.Chat, NodeBB, and Blitz.js. Paul has also been a CTF player and organizer for some years and loves to hack all web-related things.
\nTwitter: @pspaul95
\n
SpeakerBio:Thomas Chauchefoin\n, Vulnerability Researcher at Sonar
\nThomas Chauchefoin (@swapgs) is a Vulnerability Researcher in the Sonar R&D team. With a strong background in offensive security, he helps uncover and responsibly disclose 0-days in major open-source software. He also participated in competitions like Pwn2Own or Hack-a-Sat and was nominated for two Pwnies Awards for his research on PHP supply chain security.
\n\n
\nDescription:
\nDevelopers are threat actors\' targets of choice because of their access to business-critical services. After compromising a single developer, they could push code changes or obtain sensitive information. For instance, a recent campaign attributed to North Korea set up social network profiles to social engineer and infect prominent figures of the developer community with malicious Visual Studio projects and browser exploits.\n \n

At the same time, modern development tools offer increasingly advanced features and deep integration with ecosystems, sometimes at the cost of basic security measures. Code editors tried to counterbalance it by introducing new lines of defense (e.g., \"Workspace Trust\"), leading to a cat-and-mouse game to restrict access while keeping most features available by default.\n \n

In this talk, we present the state of the art of Visual Studio Code\'s security. We go in-depth into its attack surface, how its extensions work, and the technical details of two vulnerabilities we found in Visual Studio Code. These findings, CVE-2021-43891 and CVE-2022-30129, led to a $30.000 bounty with an unexpected twist. We also present 1-days discovered by other researchers to develop the audience\'s intuition. These concepts apply to most IDEs of the market so everybody will now think twice before opening third-party code!\n

REFERENCES:
\nhttps://blog.electrovolt.io/posts/vscode-rce/\nhttps://www.sonarsource.com/blog/securing-developer-tools-git-integrations/\nhttps://www.sonarsource.com/blog/securing-developer-tools-argument-injection-in-vscode/\nhttps://blog.doyensec.com/2022/10/27/jupytervscode.html\nhttps://iwantmore.pizza/posts/cve-2019-1414.html\nhttps://github.com/justinsteven/advisories/blob/master/2017_visual_studio_code_workspace_settings_code_execution.md\nhttps://github.com/doyensec/VSCode_PoC_Oct2019\nhttps://github.com/microsoft/vscode/issues/107951\nhttps://www.youtube.com/watch?v=Olq6XnZ4Pwo\nhttps://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m\n

\n\n\'',NULL,365274),('3_Saturday','11','11:00','11:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Weaponizing Plain Text: ANSI Escape Sequences as a Forensic Nightmare\'','\'STÖK\'','DC_2619fa3f32beacd16aeca0d0df45f0e0','\'Title: Weaponizing Plain Text: ANSI Escape Sequences as a Forensic Nightmare
\nWhen: Saturday, Aug 12, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:STÖK\n, Hacker / Creative at Truesec
\nHacker/Creative STÖK is passionate about learning new things and sharing his curiosity with the world. For the last 3 decades, he has professionally hacked anything from computers/tech to marketing, fashion, communication, and the human mind. By delivering fast-paced, engaging onstage presentations and creating educational cybersecurity video content for the hacker community. His curiosity and \"Good Vibes Only\" mentality have reached and inspired millions of people around the world.\n \n

HACKERS GONNA HACK.
\nCREATORS GONNA CREATE.
\nGOOD VIBES ONLY.\n

\nTwitter: @stokfredrik
\n\n
\nDescription:
\nLogs are a vital component for maintaining application reliability, performance, and security. They serve as a source of information for developers, security teams, and other stakeholders to understand what has happened or gone wrong within an application. However, logs can also be used to compromise the security of an application by injecting malicious content.\n \n

In this presentation, we will explore how ANSI escape sequences can be used to inject, vandalize, and even weaponize log files of modern applications. We will revisit old terminal injection research and log tampering techniques from the 80-90s. Combine them with new features, to create chaos and mischief in the modern cloud cli’s, mobile, and feature-rich DevOps terminal emulators of today.\n

We will then provide solutions on how to avoid passing on malicious escape sequences into our log files. By doing so, we can ensure that we can trust the data inside our logs, making it safe for operators to use shells to audit files. Enabling responders to quickly and accurately investigate incidents without wasting time cleaning, or having to gather additional data, while reconstructing events.\n \n

Welcome to this \"not so black and white,\" but rather quite colorful ANSI adventure, and learn how to cause, or prevent a forensic nightmare. \n

\n
REFERENCES
\n
There are multiple references to prior research featured and provided as a part of the storyline in the presentation.
\n\n\'',NULL,365275),('3_Saturday','12','12:30','13:15','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Video-based Cryptanalysis: Extracting Secret Keys from Power LEDs of Various Non-compromised Devices Using a Video Camera\'','\'Ben Nassi,Ofek Vayner\'','DC_eacc803634f3f237867aa2d29bb01971','\'Title: Video-based Cryptanalysis: Extracting Secret Keys from Power LEDs of Various Non-compromised Devices Using a Video Camera
\nWhen: Saturday, Aug 12, 12:30 - 13:15 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\nSpeakers:Ben Nassi,Ofek Vayner
\n
SpeakerBio:Ben Nassi\n, Postdoctoral Researcher at Cornell Tech
\nDr. Ben Nassi is a postdoctoral researcher at Cornell Tech. He is interested in building robust systems and investigates the security and privacy of cyber-physical systems and hardware/devices in the topics of side-channel attacks and AI security using signal processing and machine learning techniques. His research has been presented at top academic conferences, published in journals and Magazines, and covered by international media. Ben has spoken at prestigious industrial conferences (Black Hat Asia and USA, RSAC USA, AI Week, CodeBlue, SecTor, and CyberTech) and he serves as a PC member in ACM CCS (22 and 23) and BlackHat Asia (22 and 23). His research entitled him to two nominations for the Pwnie Award.
\nTwitter: @ben_nassi
\n
SpeakerBio:Ofek Vayner\n, M.Sc. Student at Ben-Gurion University of the Negev
\nOfek Vayner is an M.Sc student at Ben-Gurion University of the Negev and a security researcher at BGU\'s Cyber Security Research Center. He holds a B.Sc. degree from the Department of Electrical Engineering at Ben-Gurion University of the Negev. His primary research interests are side-channel attacks and cryptanalysis.
\n\n
\nDescription:
\nIn this talk, we present video-based cryptanalysis, a new method to recover secret keys from a non-compromised device by analyzing video footage obtained from a device’s power LED. We show that cryptographic computations performed by the device’s CPU change the power consumption of the device which affects the brightness/color of the device’s power LED. The changes in the brightness can be detected at a sufficient sampling rate for cryptanalysis by obtaining video footage from a device’s power LED (by filling the frame with the LED) and exploiting the video camera’s rolling shutter, to increase the sampling rate by three orders of magnitude. The frames of the video footage are analyzed in the RGB space, and the RGB values are used to recover the secret key. We demonstrate the recovery of: (1) a 256- bit ECDSA key from a smartcard using video footage obtained from the power LED of the smartcard reader via a hijacked Internet-connected security camera located 16 meters away from the smartcard reader, and (2) a 378-bit SIKE key from a Samsung Galaxy S8 using video footage obtained from the power LED of Logitech Z120 USB speakers (that were connected to the same USB Hub of the Galaxy S8) via iPhone 12.\n

We discuss countermeasures, limitations, and the future of video-based cryptanalysis.\n

\n\n\'',NULL,365276),('3_Saturday','13','12:30','13:15','Y','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Video-based Cryptanalysis: Extracting Secret Keys from Power LEDs of Various Non-compromised Devices Using a Video Camera\'','\'Ben Nassi,Ofek Vayner\'','DC_eacc803634f3f237867aa2d29bb01971','\'\'',NULL,365277),('3_Saturday','10','10:00','10:45','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Defeating VPN Always-On\'','\'Maxime Clementz\'','DC_43516c5b9b14a1ce0971d04172d9d1a7','\'Title: Defeating VPN Always-On
\nWhen: Saturday, Aug 12, 10:00 - 10:45 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:Maxime Clementz\n, Cybersecurity Senior Manager at PwC Luxembourg
\nMaxime Clementz is a Senior Manager within the Cybersecurity Advisory team of PwC Luxembourg. He develops his ethical hacker skills by committing himself to various assignments for big companies, banks and European institutions. As a technical specialist, he leads penetration tests, red-teaming, digital forensics and incident response missions.\n

He contributes to the development of the team’s hacking capabilities by sharing the results of his technology watch and R&D and is now leading the CSIRT and Threat Intelligence initiatives of PwC Luxembourg. He especially enjoys sharing knowledge by presenting the results of each mission or by giving talks (Hack.lu 2012, 2015, 2017) and training courses. Maxime teaches IT security at a French engineering school and organizes a Capture the Flag event for the students.\n

\nTwitter: @maxime_tz
\n\n
\nDescription:
\nVPN Always-On is a security control that can be deployed to mobile endpoints that remotely access corporate resources through VPN. It is designed to prevent data leaks and narrow attack surface of enrolled end-user equipment connected to untrusted networks. When it is enforced, the mobile device can only reach the VPN gateway and all connections are tunneled.\n

We will review the relevant Windows API, the practicalities of this feature, look at popular VPN software; we will then consider ridiculously complex exfil methods and... finally bypass it with unexpectedly trivial tricks. We will exploit design, implementation and configuration issues to circumvent this control in offensive scenarios. We will then learn how to fix or harden VPN Always-On deployment to further limit the risks posed by untrusted networks.\n

\n
REFERENCES
\n
\n

VPN on untrusted networks, captive portals:\n- ANSSI (France) Recommandations sur le nomadisme numérique (\"3.4.3 Maîtrise des flux réseaux sur le poste de travail\"): https://www.ssi.gouv.fr/uploads/2018/10/guide_nomadisme_anssi_pa_054_v1.pdf (I will translate the relevant part in my slide)\n

Understanding \"Windows Filtering Platform\":\n- Microsoft documentation : https://learn.microsoft.com/en-us/windows/win32/fwp/windows-filtering-platform-start-page\n- Pavel Yosifovich : https://scorpiosoftware.net/2022/12/25/introduction-to-the-windows-filtering-platform/\n- Pavel Yosifovich : https://github.com/zodiacon/WFPExplorer\n- Sagie Dulce : https://github.com/zeronetworks/wtf-wfp\n

Reverse Engineering of Windows Filtering Platform and its implementation in Windows VPN agents:\n- Ole André V. Ravnas - https://frida.re/\n- James Forshaw - https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools/tree/main/NtObjectManager\n

\n\'',NULL,365278),('2_Friday','11','11:30','12:15','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers Tradecraft\'','\'Andréanne Bergeron,Olivier Bilodeau\'','DC_a01fcfedbb008ba24099366352c5e826','\'Title: I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers Tradecraft
\nWhen: Friday, Aug 11, 11:30 - 12:15 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\nSpeakers:Andréanne Bergeron,Olivier Bilodeau
\n
SpeakerBio:Andréanne Bergeron\n, Cybersecurity Researcher at GoSecure
\nAndréanne Bergeron has a Ph.D. in criminology from the University of Montreal and works as a cybersecurity researcher at GoSecure. Acting as the social and data scientist of the team, she is interested in online attackers’ behaviors. She is an experienced presenter with over 38 academic conferences and is now focusing on the infosec field. She has presented at BSides Montreal, NorthSec, CypherCon and Human Factor in Cybercrime amongst others.
\nTwitter: @AndreanBergeron
\n
SpeakerBio:Olivier Bilodeau\n, Cybersecurity Research Director at GoSecure
\nOlivier Bilodeau leads the Cybersecurity Research team at GoSecure. With more than 12 years of infosec experience, he enjoys luring malware operators into his traps and writing tools for malware research. Olivier is a passionate communicator having spoken at several conferences including BlackHat USA/Europe, Defcon, Botconf, Derbycon, and HackFest. Invested in his community, he co-founded MontréHack, is the President of NorthSec and host its Hacker Jeopardy.
\nTwitter: @obilodeau
\n\n
\nDescription:
\nThe Remote Desktop Protocol (RDP) is a critical attack vector used by evil threat actors including in ransomware outbreaks. To study RDP attacks, we created PyRDP, an open-source RDP interception tool with unmatched capabilities which helped us collect more than 100 hours of video footage of attackers in action.\n

To describe attackers’ behaviors, we characterized the various archetypes of threat actors in groups based on their traits through a Dungeon & Dragons analogy: 1) the Bards making obtuse search or watch unholy videos; 2) the Rangers stealthily explore computers and perform reconnaissance; 3) the Thieves try to monetize the RDP access; 4)the Barbarians use a large array of tools to brute-force their way into more computers; and 5) the Wizardsuse their RDP access as a magic portal to cloak their origins. Throughout, we will reveal the attackers’ weaponry and show video recordings of interesting characters in action.\n

This presentation demonstrates the tremendous capability in RDP interception for research benefitsand blue teams: extensive documentation of opportunistic attackers’ tradecraft. An engineer and a crime data scientist partner to deliver an epic story that includes luring, understanding and characterizing attackers which allows to collectively focus our attention on the more sophisticated threats. \n

\n
REFERENCES
\n
\n

The tool:
\nhttps://github.com/GoSecure/pyrdp/ an extensive rewrite of Citronneur’s RDPy\n

Building on our own work:
\nRDP Man-in-the-Middle - Smile! You\'re on Camera - GoSecure\nhttps://www.youtube.com/watch?v=eB7RC9FmL6Q\n

Slides - Google Slides
\nPyRDP Demo with Session Takeover - YouTube\nPyRDP Demo with a Payload on Connection - YouTube\nhttps://docs.google.com/presentation/d/1UAiN2EZwDcmBjLe_t5HXB0LzbNclU3nnigC-XM4neIU/edit?usp=sharing\nhttps://docs.google.com/presentation/d/1UAiN2EZwDcmBjLe_t5HXB0LzbNclU3nnigC-XM4neIU/edit?usp=sharing\nPyRDP on Autopilot - Unattended Credential Harvesting and Client-Side File Stealing - GoSecure\nAnnouncing PyRDP 1.0 - GoSecure
\nDEF CON Safe Mode Demo Labs - Olivier Bilodeau - PyRDP - YouTube\nCapturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide - GoSecure\nCracking 2.3M Attackers-Supplied Credentials: What Can We Learn from RDP Attacks - GoSecure\nA New PyRDP Release: The Rudolph Desktop Protocol! - GoSecure\nThe Level of Human Engagement Behind Automated Attacks - GoSecure\nNever Connect to RDP Servers Over Untrusted Networks - GoSecure\n

Building on scientific articles:\n

[1] Cybersecurity & Infrastructure Security Agency (2020). Alert (AA20-099A). Retrieved from. https://www.cisa.gov/uscert/ncas/alerts/aa20-099a\n[2] Cox, O. (2021). Remote Desktop Protocol (RDP) attack analysis. Darktrace. Retrieved from: https://darktrace.com/blog/remote-desktop-protocol-rdp-attack-analysis#:~:text=Remote%20Desktop%20Protocol%20(RDP)%20is,have%20been%20around%20for%20years.\n[3] UK’s National Cyber Security Centre (2021). Alert: Further ransomware attacks on the UK education sector by cyber criminals. Retrieved from : https://www.ncsc.gov.uk/news/alert-targeted-ransomware-attacks-on-uk-education-sector\n[4] Tian, Z. et al. (2018). A Real-Time Correlation of Host-Level Events in Cyber Range Service for Smart Campus. IEEE Access, 6, pp. 35355-35364. DOI: 10.1109/ACCESS.2018.2846590.\n[5] Sinitsyn, F. (2017). Kaspersky Security Bulletin: STORY OF THE YEAR 2017. Retrieved from: https://securelist.com/ksb-story-of-the-year-2017/83290/\n[6] DraÅ¡ar, M., Jirsík, T., & Vizváry, M. (2014). Enhancing Network Intrusion Detection by Correlation of Modularly Hashed Sketches. 8th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS). Proceedings 8 (pp. 160-172). Springer Berlin Heidelberg.\n[7] Alata, E., Nicomette, V., Kaaniche, M., Dacier, M., & Herrb, M. (2006). Lessons learned from the deployment of a high-interaction honeypot. Sixth European Dependable Computing Conference, Coimbra, Portugal, pp. 39-46, DOI: 10.1109/EDCC.2006.17.\n[8] Udhani, S., Withers, A., & Bashir, M. (2019). Human vs bots: Detecting human attacks in a honeypot environment. 7th International Symposium on Digital Forensics and Security (ISDFS) (pp. 1-6). IEEE.\n[9] Bilodeau, O. (2022). PyRDP: Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library. Tool Access from: https://github.com/GoSecure/pyrdp\n[10] Gatlan, S. (2022). Windows 11 now blocks RDP brute-force attacks by default. Bleeping Computer, https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/\n[11] Seifert, C. (2006). Analyzing Malicious SSH Login Attempts. Symantec Connect Community. Retrieve from: https://www.symantec.com/connect/articles/analyzing-malicious-sshlogin-attempts\n

\n\n\'',NULL,365279),('2_Friday','12','11:30','12:15','Y','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers Tradecraft\'','\'Andréanne Bergeron,Olivier Bilodeau\'','DC_a01fcfedbb008ba24099366352c5e826','\'\'',NULL,365280),('4_Sunday','14','14:00','15:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'TETRA tour de force: Jailbreaking digital radios and base stations for fun and secrets\'','\'Carlo Meijer,Jos Wetzels,Wouter Bokslag\'','DC_4c921775aa571b47b50dcf8e8ffcd6d3','\'Title: TETRA tour de force: Jailbreaking digital radios and base stations for fun and secrets
\nWhen: Sunday, Aug 13, 14:00 - 15:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\nSpeakers:Carlo Meijer,Jos Wetzels,Wouter Bokslag
\n
SpeakerBio:Carlo Meijer\n, Founding Partner and Security Researcher at Midnight Blue
\nCarlo Meijer is a co-founding partner and security researcher at Midnight Blue. His research focuses on the analysis of cryptographic systems deployed in the wild. He is known for his work on the security of so-called Self-Encrypting Drives (SEDs). Furthermore, he is known for breaking a hardened variant of Crypto1, the cipher used in the Mifare Classic family of cryptographic RFID tags. Finally, he co-authored research into default passwords in consumer routers as deployed by ISPs in the Netherlands. He is a PhD researcher and systems security lecturer at the Radboud University (RU) in the Netherlands.
\n
SpeakerBio:Jos Wetzels\n, Founding Partner and Security Researcher at Midnight Blue
\nJos Wetzels is a co-founding partner and security researcher at Midnight Blue. His research has involved reverse-engineering, vulnerability research and exploit development across various domains ranging from industrial and automotive systems to IoT, networking equipment and deeply embedded SoCs. He has uncovered critical zero-day vulnerabilities in dozens of embedded TCP/IP stacks, Industrial Control Systems (ICS), and RTOSes.\n \n

He previously worked as a researcher at the Distributed and Embedded Security group (DIES) at the University of Twente (UT) in the Netherlands where he developed exploit mitigation solutions for constrained embedded devices deployed in critical infrastructure, performed security analyses of state-of-the-art network and host-based intrusion detection systems and has been involved in research projects regarding on-the-fly detection and containment of unknown malware and APTs.

\nTwitter: @s4mvartaka
\n
SpeakerBio:Wouter Bokslag\n, Founding Partner and Security Researcher at Midnight Blue
\nWouter Bokslag is a co-founding partner and security researcher at Midnight Blue. He is known for the reverse-engineering and cryptanalysis of several proprietary in-vehicle immobilizer authentication ciphers used by major automotive manufacturers as well as co-developing the world\'s fastest public attack against the Hitag2 cipher. He holds a Master\'s Degree in Computer Science & Engineering from Eindhoven University of Technology (TU/e) and designed and assisted teaching hands-on offensive security classes for graduate students at the Dutch Kerckhoffs Institute for several years.
\n\n
\nDescription:
\nIn this talk we will discuss the radio jailbreaking journey that enabled us to perform the first public disclosure and analysis of the proprietary cryptography used in TETRA (Terrestrial Trunked Radio): a standard used globally by government agencies, police, prisons, and military operators as well as critical infrastructure such as SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities.\n

For decades, the underlying algorithms have remained secret under restrictive NDAs prohibiting public scrutiny of this critical technology. In this talk, we will make public the TETRA cipher suites (TEA and TAA1 to be precise), one of the last bastions of widely deployed secret crypto, and discuss in-depth how we managed to obtain them.\n

We will discuss several different flaws we uncovered allowing passive or active adversaries to intercept and manipulate TETRA traffic, including details of a backdoored stream cipher.\n

This journey involved reverse-engineering and exploiting multiple 0-day vulnerabilities in the popular Motorola MTM5x00 radio and its TI OMAP-L138 TEE and covers everything from side-channel attacks on DSPs to writing your own decompilers. We will also discuss how we gained code execution on and instrumented a Motorola MBTS TETRA base station for research purposes.\n

REFERENCES: \n

\n\n\'',NULL,365281),('4_Sunday','15','14:00','15:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'TETRA tour de force: Jailbreaking digital radios and base stations for fun and secrets\'','\'Carlo Meijer,Jos Wetzels,Wouter Bokslag\'','DC_4c921775aa571b47b50dcf8e8ffcd6d3','\'\'',NULL,365282),('3_Saturday','14','14:00','14:45','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Power Corrupts; Corrupt It Back! Hacking Power Management in Data Centers\'','\'Jesse Chick,Sam Quinn\'','DC_5a08a65970d5faa147878a063fc108f2','\'Title: Power Corrupts; Corrupt It Back! Hacking Power Management in Data Centers
\nWhen: Saturday, Aug 12, 14:00 - 14:45 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\nSpeakers:Jesse Chick,Sam Quinn
\n
SpeakerBio:Jesse Chick\n, Security Researcher at Trellix Advanced Research Center
\nJesse Chick is a Security Researcher with the Advanced Research Center\'s vulnerability team. Jesse focusses on vulnerability discovery and exploit development for all things connected to the internet and is credited with numerous CVEs affecting popular embedded devices. He is passionate about reverse engineering, full system emulation, and educating others in offensive security techniques.
\nTwitter: @ravenousbytes
\n
SpeakerBio:Sam Quinn\n, Sr. Security Researcher at Trellix Advanced Research Center
\nSam Quinn is a Senior Security Researcher on the Advanced Research Center Vulnerability team, focused on finding new vulnerabilities in both software and hardware. Sam has a focus on embedded devices with knowledge in the fields of reverse engineering and exploitation. He has had numerous vulnerability findings, published CVEs in IOT and enterprise software, and has spoken at multiple industry conferences such as Def Con, BlackHat, North Sec, and Hardwear.io.
\nTwitter: @eAyeP
\n\n
\nDescription:
\nOur current administration lists \"Defend Critical Infrastructure\" as the #1 item in the 2023 National Cybersecurity Strategy. At the intersection of governmental and corporate concerns is data center security, a trend that is bound to continue as more and more operations move to the cloud. This talk details our findings in the domain of power management, the first category in a broader effort to investigate the security of critical data center components. We will reveal nine vulnerabilities in two integral data center appliances: a Power Distribution Unit (PDU) and a Data Center Infrastructure Management (DCIM) system. Continuing, we will delve into the technical details of the most impactful vulnerabilities and highlight the potential impact on their respective operations. The talk will challenge the misconception that data centers are inherently more secure than on-prem by exposing how attackers could leverage these vulnerabilities. This presentation will be valuable to data center professionals, security researchers, and anyone interested in understanding the characteristic vulnerabilities associated with modern data centers. \n

REFERENCES:
\nContributing Researcher - Philippe Laulheret\nClaroty Research - https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices\nNational Cybersecurity Strategy - https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/\n

\n\n\'',NULL,365283),('2_Friday','13','13:00','13:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Over the Air, Under the Radar: Attacking and Securing the Pixel Modem\'','\'Eugene Rodionov,Farzan Karimi,Xiling Gong,Xuan Xing\'','DC_05b39810abd09b801ecfbc6240741419','\'Title: Over the Air, Under the Radar: Attacking and Securing the Pixel Modem
\nWhen: Friday, Aug 11, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:Eugene Rodionov,Farzan Karimi,Xiling Gong,Xuan Xing
\n
SpeakerBio:Eugene Rodionov\n, Security Researcher on the Android Red Team at Google
\nEugene Rodionov, PhD, is a Security Researcher at Google on the Android Red Team. In his current position, Eugene focuses on finding and exploiting vulnerabilities in the low-level components of Android platform and Pixel devices. Prior to that, Rodionov performed offensive security research on UEFI firmware for Client Platforms at Intel, and ran internal research projects and performed in-depth analysis of complex threats at ESET. His fields of interest include reverse engineering, vulnerability analysis, firmware security and anti-rootkit technologies. Rodionov is a co-author of the \"Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats\" book and has spoken at security conferences such as Black Hat, REcon, ZeroNights, and CARO.
\n
SpeakerBio:Farzan Karimi\n, Android Offensive Security Manager at Google
\nFarzan Karimi has over 15 years experience in offensive security. He is the Android Offensive Security Manager at Google. In this role, he manages red team operations targeting low-level components within the Android ecosystem. Farzan has specialized in exploiting game development consoles (devkits). His work on PlayStation and Xbox led to the development of key security features for next generation platforms. Farzan is a speaker at security conferences such as Black Hat USA, LABSCON, Microsoft STRIKE, and EA Team Blue.
\n
SpeakerBio:Xiling Gong\n, Security Researcher on the Android Red Team at Google
\nXiling Gong is a Security Researcher at Google on the Android Red Team. Xiling focuses on finding and exploiting vulnerabilities in the low-level components of Android platform and Pixel devices. Xiling is the speaker of CanSecWest 2018, BlackHat USA 2019, Def Con 27, BlackHat Asia 2021.
\n
SpeakerBio:Xuan Xing\n, Tech Lead on the Android Red Team at Google
\nXuan Xing is the tech lead of the Android Red Team at Google. For the past years, Xuan focused on finding security vulnerabilities in various low level components of Android/Pixel devices. He is passionate about software fuzzing for security research. In BlackHat USA 2022 Xuan presented the “Google Reimagined a Phone. It was Our Job to Red Team and Secure it” talking about Pixel ABL security auditing.
\n\n
\nDescription:
\nTo ensure Google Pixel devices are always at their most secure, the Android Red Team continuously attacks the riskiest areas of the phone. This allows us to proactively get ahead of bugs and protect the phone, before it’s even shipped to users.\n \n

The modem — or baseband — is considered a fundamental component of smartphones, and is at high risk because it is a privileged system component that accepts data from an untrusted remote source (cell towers). A vulnerability in the modem exposes end-users to scalable attacks carried out remotely, which may lead to many kinds of compromise on a phone.\n \n

Modem security is currently a hot topic of research, attracting growing interest from security researchers, both in the industry and in academia. This wasn’t the case up until recently for a couple of reasons: most modem code is closed source, and testing it requires expensive hardware equipment. With some of these barriers being removed in recent years, due the invention of software-defined radio (SDR) devices and public toolkits, the entry level into baseband security analysis has become more affordable. In this session the Android Red Team will be describing some findings from its offensive evaluation of modems used in Pixel devices.\n

\n\n\'',NULL,365284),('2_Friday','13','13:30','14:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Fantastic Ethertypes and Where to Find Them\'','\'Ricky \"HeadlessZeke \" Lawshae\'','DC_7b7e02c670c6637e7ad8604e856560f6','\'Title: Fantastic Ethertypes and Where to Find Them
\nWhen: Friday, Aug 11, 13:30 - 14:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:Ricky \"HeadlessZeke \" Lawshae\n, Hacker
\nRicky \"HeadlessZeke\" Lawshae is a connoisseur of arcane and archaic network protocols. He is a security researcher with well over a decade of experience in the fields of IoT security, exploitation, and network protocol analysis. He has spoken at DEFCON multiple times, as well as Recon, Ruxcon, Toorcon, and many other conferences around the globe. In his offtime, he enjoys drinking Irish whiskeys and dark beers, reading comics, and listening to/playing in punk rock bands.
\nTwitter: @HeadlessZeke
\n\n
\nDescription:
\nBeneath the mundane world of TCP/IP exists the magical and mysterious realm of ethernet. There are many different types of ethernet protocols in use today, known as ‘ethertypes’, that run the gamut from the boutique to the ubiquitous. In this talk, we will delve into some of the more interesting and obscure ethertypes that exist. We will discuss the network protocols themselves, where they can be found in the wild, what you can do with them, and how they could be abused in the wrong hands. We will explore wide-ranges of networking environments including industrial/facilities, transportation, and medical, and will include several live demos. Attendees will leave this talk with a greater understanding and appreciation for the unseen networking world that exists all around them.\n

REFERENCES:
\nhttps://en.wikipedia.org/wiki/EtherType\nhttps://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml\n

\n\n\'',NULL,365285),('2_Friday','14','13:30','14:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Fantastic Ethertypes and Where to Find Them\'','\'Ricky \"HeadlessZeke \" Lawshae\'','DC_7b7e02c670c6637e7ad8604e856560f6','\'\'',NULL,365286),('2_Friday','12','12:30','13:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Backdoor in the Core - Altering the Intel x86 Instruction Set at Runtime\'','\'Alexander Dalsgaard Krog,Alexander Skovsende\'','DC_cb7fe1eeb6049074b8a5d85bfb54f323','\'Title: Backdoor in the Core - Altering the Intel x86 Instruction Set at Runtime
\nWhen: Friday, Aug 11, 12:30 - 13:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\nSpeakers:Alexander Dalsgaard Krog,Alexander Skovsende
\n
SpeakerBio:Alexander Dalsgaard Krog\n, Vulnerability Researcher at Vectorize
\nAlexander Dalsgaard Krog is a Vulnerability Researcher at Vectorize with a focus on the low level, close to the hardware, and this talk will be no exception. He has a passion for binary exploitation and together with his prior team at Lyrebirds discovered the critical bug Cable Haunt, affecting millions of devices with a vulnerability allowing remote code execution. Both him and his co-speaker Alexander Skovsende are also heavily invested in CTF and have played a big role in putting the Danish team Kalmarunionen on top of the scoreboard in many CTFs.
\nTwitter: @alexanderkrog
\n
SpeakerBio:Alexander Skovsende\n, Grad Student at Technical University of Denmark
\nNo BIO available
\n\n
\nDescription:
\nIn this work, we present the novel results of our research on Intel CPU microcode. Building upon prior research on Intel Goldmont CPUs, we have reverse-engineered the implementations of complex x86 instructions, leading to the discovery of hidden microcode which serves to prevent the persistence of any changes made. Using this knowledge, we were able to patch those discovered sections, allowing us to make persistent microcode changes from userspace on Linux. We have developed and improved microcode tracing tools, giving us deeper insight into Intel Atom microcode than was previously possible, by allowing more dynamic analysis of the ROM.\n

Along with this presentation, we provide a C library for making microcode changes and documentation on the reverse-engineered microcode.\n

We show that vendor updates to the microcode, which cannot be verified by the user, impose a security risk by demonstrating how a Linux system can be compromised through a backdoor within a CPU core\'s microcode. \n

REFERENCES:
\nIntel TXE POC:
\nhttps://github.com/chip-red-pill/IntelTXE-PoC\nExploit used to gain Red Unlock.\n \n

\n
uCodeDisam
\n
https://github.com/chip-red-pill/uCodeDisasm\n First research (to the best of our knowledge) allowing for dumping microcode ROM as well as a publicly available disassembler for Intel\'s microcode.
\n

Undocumented x86 instructions to control the CPU at the micro-architecture level in modern Intel processors:\n https://github.com/chip-red-pill/udbgInstr\n https://github.com/chip-red-pill/udbgInstr/blob/main/paper/undocumented_x86_insts_for_uarch_control.pdf\n From the research above, two undocumented instructions intended for debug perpuse at Intel were found. This layed the groundwork for us to experiment and test the behavior of microcode operations.\n \n

Custom Processing Unit:
\n https://github.com/pietroborrello/CustomProcessingUnit\n Custom Processing Unit is the first dynamic analysis framework able to hook, patch and trace microcode from a UEFI application\n

\n\n\'',NULL,365287),('2_Friday','13','12:30','13:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Backdoor in the Core - Altering the Intel x86 Instruction Set at Runtime\'','\'Alexander Dalsgaard Krog,Alexander Skovsende\'','DC_cb7fe1eeb6049074b8a5d85bfb54f323','\'\'',NULL,365288),('3_Saturday','09','09:00','09:20','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'ELECTRONizing macOS privacy - a new weapon in your red teaming armory\'','\'Wojciech Reguła\'','DC_9acaed7335462762e1b772d683994426','\'Title: ELECTRONizing macOS privacy - a new weapon in your red teaming armory
\nWhen: Saturday, Aug 12, 09:00 - 09:20 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:Wojciech Reguła\n, Principal Security Consultant at SecuRing
\nWojciech is a Principal Security Specialist working at SecuRing. He specializes in application security on Apple devices. Wojciech created the iOS Security Suite - an opensource anti-tampering framework. Bugcrowd MVP, found vulnerabilities in Apple, Facebook, Malwarebytes, Slack, Atlassian, and others. In free time he runs an infosec blog - https://wojciechregula.blog. Shared research on among others Black Hat (Las Vegas, USA), Objective by the Sea (Hawaii, USA), AppSec Global (Tel Aviv, Israel), AppSec EU (London, United Kingdom), CONFidence (Cracow, Poland), BSides (Warsaw, Poland).
\nTwitter: @_r3ggi
\n\n
\nDescription:
\nMacOS is known for an additional layer of privacy controls called TCC - Transparency, Consent, and Control (TCC) that restricts access to sensitive personal resources: documents, camera, microphone, emails, and more. Granting such access requires authorization, and the mechanism\'s main design concern was clear user consent.\n

Despite many vulnerabilities in that mechanism found in the past, using 0-days during red teaming engagements is impractical. Apple fixes TCC vulnerabilities but red teams still have to get access to files saved on the victim’s desktop or be able take a screenshot.\n

What if I tell you that there are many open doors to resolve all the TCC problems that are already installed on your target machines?! Electron apps are everywhere. And you probably heard the joke that: ‘S’ in Electron stands for security.\n

In this talk I will share a new tool that, by abusing Electron default configuration, allows executing code in the context of those Electron apps and thus inherit their TCC permissions.\n

The audience will leave with a solid understanding of the macOS privacy restrictions framework (TCC) and its weaknesses. The part of the audience interested in macOS red teaming will also get to know my new, free and open source tool. Blue teams on the stage will also see some ideas regarding detections.\n

\n\n\'',NULL,365289),('2_Friday','12','12:00','12:45','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record','\'You\'re Not George Clooney, and This Isn\'t Ocean\'s Eleven\'','\'Andrew \"Spike\" Brandt\'','DC_61e071fc8c375b05429a5fac108dd2f3','\'Title: You\'re Not George Clooney, and This Isn\'t Ocean\'s Eleven
\nWhen: Friday, Aug 11, 12:00 - 12:45 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record - Map
\n
SpeakerBio:Andrew \"Spike\" Brandt\n, Principal Researcher at Sophos X-Ops
\nAndrew Brandt is a former investigative reporter turned network forensics investigator and malware analyst, who serves as a Principal Researcher for Sophos X-Ops. Brandt has worked in information security since 2006 and, prior to working in the industry, covered it extensively as the security editor for PC World for nearly a decade. He has applied his knowledge about the behavior of malicious software and threat actors to profile identifiable characteristics of undesirable or criminal activity, specializing in attackers who target the finance, energy, and government sectors. His analysis techniques seek to determine general principles that can help analysts and defenders rapidly and comprehensively identify the root cause of infection and data loss, putting real-time network data analysis at the front line of prevention.
\n\n
\nDescription:
\nOne common thread runs through a recent wave of (initially, successful) targeted malware attacks I\'ve investigated: The attackers communicated with their targets, personally, using social engineering in real-time, in order to lay the groundwork for the rest of the attack to succeed. Throughout the course of several post-breach investigations, it became apparent that -- for a certain kind of target and a particular class of attacker -- engaging the victim in direct conversation was far more effective at assuring the target infected their computer than crafting a believable-looking \"malspam\" email that would \"fool\" the target into clicking a link or opening a file.\n \n

The attackers did not need to be charismatic for the technique to succeed. In fact, so long as the attacker \"got into character\" and treated the interaction as a normal, everyday event (from their perspective), the targets went along for the ride, and in many cases, self-infected with malware that was capable of snooping through their most sensitive files. In this session, we\'ll discuss both the social engineering and technical aspects of the attacks, and why this combination of tactics is particularly dangerous and hard to defend against. \n

\n
REFERENCES
\n
Brandt, Andrew. “Tax Firms Targeted by Precision Malware Attacks.” Sophos X-Ops Blog, Sophos News, 13 Apr. 2023, news.sophos.com/en-us/2023/04/13/tax-firms-targeted-by-precision-malware-attacks/\n@x86matthew. “EmbedExeLnk - Embedding an EXE inside a LNK with Automatic Execution.” www.x86matthew.com, 22 Apr. 2022, www.x86matthew.com/view_post?id=embed_exe_lnk
\n\n\'',NULL,365290),('3_Saturday','11','11:30','12:15','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record','\'Mass Owning of Seedboxes - A Live Hacking Exhibition\'','\'Anon\'','DC_a2e49077bb581b9e2f37adf97ba04644','\'Title: Mass Owning of Seedboxes - A Live Hacking Exhibition
\nWhen: Saturday, Aug 12, 11:30 - 12:15 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record - Map
\n
SpeakerBio:Anon\n, Hacker
\nThe presenter has been attending DEFCON for ~20 years, and has run various villages and contests for over 10 years. A professional pentester for over 24 years, his previously released research and tools are present in MetaSploit, blog posts, blah blah blah. The hacker is a long-time member of AHA (Austin Hackers Anonymous - takeonme.org ) and is well known for their \"this one time on a pentest\" stories.\n

The thing is though. We aren\'t going to tell you their handle/name. It\'s not important. You don\'t need it. Don\'t pick a talk by how famous someone is.\n

\n\n
\nDescription:
\n\"No one hacks at DEFCON any more.\" is what I\'ve heard. That is, until now. Seedboxes/seedhosts are used by thousands of pirates to download and distribute Movies/TV/Music via USENET and Torrents. The thing is, these systems are horribly insecure. Like, they are wide open. In this talk, I am going to open up a xterm, And a FireFox window, and hack into seedhosts. LIVE. No Demos. No Powerpoint. No introduction slides. Just port scan, attack, 0wn, extract credentials, download all content, obtain other users\' credentials, etc. For literally thousands of accounts.\n

Did you know people store their Google Drive tokens on seedhosts? Did you know that your seedbox provider has no idea how to properly configure docker? Did you know that your plain-text password is sitting in multiple places on these machines, accessible to all other users? Did you know that administrators for very-large private torrent sites re-use the same password for all their accounts, and leave them on seedhosts? Let\'s hack.\n

The presenter has been attending DEFCON for ~20 years, and has run various villages and contests for over 10 years. A professional pentester for over 24 years, his previously released research and tools are present in MetaSploit, blog posts, blah blah blah. The hacker is a long-time member of AHA (Austin Hackers Anonymous - takeonme.org ) and is well known for their \"this one time on a pentest\" stories.\n

The thing is though. We aren\'t going to tell you their handle/name. It\'s not important. You don\'t need it. Don\'t pick a talk by how famous someone is.\n

REFERENCES:
\nhttps://censys.io/
\nhttps://en.wikipedia.org/wiki/Bash_(Unix_shell)\nhttps://nmap.org/
\nhttps://sonarr.tv/
\nhttps://radarr.video/
\nhttps://github.com/Novik/ruTorrent
\nhttps://rclone.org/
\nhttps://nzbget.net/
\nhttps://sabnzbd.org/
\nhttps://en.wikipedia.org/wiki/Seedbox\n

\n\n\'',NULL,365291),('3_Saturday','12','11:30','12:15','Y','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record','\'Mass Owning of Seedboxes - A Live Hacking Exhibition\'','\'Anon\'','DC_a2e49077bb581b9e2f37adf97ba04644','\'\'',NULL,365292),('2_Friday','14','14:30','14:50','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record','\'\"You can\'t cheat time\" - Finding foes and yourself with latency trilateration\'','\'Lorenzo ”lopoc” Cococcia\'','DC_7ad3c7bdaed812e0c9c5ddfcfb54de9f','\'Title: \"You can\'t cheat time\" - Finding foes and yourself with latency trilateration
\nWhen: Friday, Aug 11, 14:30 - 14:50 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record - Map
\n
SpeakerBio:Lorenzo ”lopoc” Cococcia\n, Hacker
\nLorenzo Cococcia was born and raised in Italy, the son of two worlds: computer science and physics. Specialized in malware analysis, cyber security and threat intelligence, Lorenzo began his career as a threat intelligence analyst for large industrial companies, where he developed a rigorous approach to the field. He is particularly interested in the intersection of physics and mathematics with the world of hacking and cyber security.
\nTwitter: @lopoc_
\n\n
\nDescription:
\nSince the dawn of time, humans have been driven to discover new ways of determining their location, and the location of potential threats. In the realm of cyber threat intelligence, the ability to geolocate servers, for instance the one a C2 is running on, is crucial.\n

As a research in its early stages, this speech will delve into the exciting world of offensive geolocation. By leveraging inviolable physical laws, we can measure the time it takes for a signal to travel from an adversary to multiple network sensors, and use this information to accurately calculate their position. This technique is known as latency trilateration has never been used before in the cyber realm, and has significant implications for threat intelligence, sandbox evasion, and even malware self-geolocation. I will also discuss potential limitations and challenges of this approach, as well as its broader implications and potential future developments in this emerging field.\n

\n
REFERENCES
\n
Ben Du, Massimo Candela, Bradley Huffaker, Alex C. Snoeren, and kc claffy. 2020. RIPE IPmap active geolocation: mechanism and performance evaluation. SIGCOMM Comput. Commun. Rev. 50, 2 (April 2020), 3–10. https://doi.org/10.1145/3402413.3402415
\n\n\'',NULL,365293),('2_Friday','11','11:30','12:15','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Civil Cyber Defense: Use Your Resources to Defend Non-Profits as they Combat Human Trafficking and Subvert Authoritarian Regimes\'','\'Austin Shamlin,Tiffany Rad\'','DC_68bd071e7396d01b74308d6d38f73587','\'Title: Civil Cyber Defense: Use Your Resources to Defend Non-Profits as they Combat Human Trafficking and Subvert Authoritarian Regimes
\nWhen: Friday, Aug 11, 11:30 - 12:15 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\nSpeakers:Austin Shamlin,Tiffany Rad
\n
SpeakerBio:Austin Shamlin\n, Co-Founder at Traverse Project
\nAustin Shamlin is the CEO and founder of Traverse Project, a nonprofit founded in 2023 to combat human trafficking networks. He has served in the law enforcement and security industry for over 20 years, most recently serving as director of operations with an anti-human trafficking nonprofit under the Tim Tebow Foundation. Austin is a professionally recognized geopolitical security subject matter expert on Haiti and has previously served as a special advisor to the Haitian Minister of Justice. Prior to his nonprofit work, he served as a police executive with the D.C. government. Prior to working for the District of Columbia, Austin worked as a government contractor in Somalia, Afghanistan, Iraq, and Haiti.
\n
SpeakerBio:Tiffany Rad\n, Instructor at U.C. Berkeley
\nTiffany Strauchs Rad (BS, MA, MBA, JD) has presented cybersecurity research – both technical and legal topics -- at many security conferences such as Black Hat USA, Black Hat Abu Dhabi, Defcon (17, 18, 19), H.O.P.E., 27C3 & 28C3, and has been featured in media such as Wired, Washington Post, CNN, Reuters, 60 Minutes, Der Spiegel, CNN, Wired Magazine, and NPR. Her independent security research was listed as #4 in \"Top 10 White Hat Hacks\" by Bloomberg, and her critical infrastructure research was featured on the USA network series, “Mr. Robot.” In addition to being a car hacker and doing transportation infrastructure security consulting, she is also an adjunct instructor at the University of Maine and U.C. Berkeley teaching classes such as the \"Citizen Clinic.\"
\nTwitter: @tiffanyrad
\n\n
\nDescription:
\nCivil Cyber Defense volunteers and students challenge high-risk adversaries and threats such as human traffickers, authoritarian regimes, and surveillance being conducted on journalists. By utilizing academic resources, OSINT skills, and free/open-source tools, civil cyber defenders are supporting vulnerable non-profits, protecting volunteers, journalists, and activists while defending human rights. There is a need in the cybersecurity industry for more civil cyber defenders. Recommendations will be made as to how your organization can support and/or volunteer your time and tools to provide protection to vulnerable organizations who have high risks, face advanced and persistent adversaries, but have modest resources.\n
\n
REFERENCES
\n
The content we will present was generated by the speakers. Tiffany will present anonymized case studies from the “Citizen Clinic” at UC Berkeley and Austin will share case studies his organization has generated regarding human trafficking. Our only bibliographic reference at this moment is a reference to open source/free software tools we use at UC Berkeley. We will also reference a tool to make VPNs safer created by Berkeley’s students called “Ghost Prtcl.”
\n\n\'',NULL,365294),('2_Friday','12','11:30','12:15','Y','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Civil Cyber Defense: Use Your Resources to Defend Non-Profits as they Combat Human Trafficking and Subvert Authoritarian Regimes\'','\'Austin Shamlin,Tiffany Rad\'','DC_68bd071e7396d01b74308d6d38f73587','\'\'',NULL,365295),('2_Friday','16','16:00','16:45','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record','\'A Series of Unfortunate Events\'','\'Ben \"NahamSec\" Sadeghipour,Corben Leo\'','DC_0270ee29fd9e45e301b5fcc7aac65536','\'Title: A Series of Unfortunate Events
\nWhen: Friday, Aug 11, 16:00 - 16:45 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record - Map
\nSpeakers:Ben \"NahamSec\" Sadeghipour,Corben Leo
\n
SpeakerBio:Ben \"NahamSec\" Sadeghipour\n, Hacker & Content Creator at NahamSec
\nBen Sadeghipour AKA NahamSec is a security researcher and content creator. He’s currently in the top 100 for both HackerOne(25) and Bugcrowd’s (95) leaderboards. He has helped identify over a thousand vulnerabilities in companies like Amazon, Apple, Airbnb, Lyft, Snapchat and more. Prior to doing content creation full time, he worked as a research and community education executive at Hadrian and HackerOne. Ben has presented many talks and workshops at cons such DEFCON, BSides, OWASP AppSec, RSA, Red Team Village, and more. He also enjoys hosting and organizing hacker meetups or virtual conferences such as NahamCon and Hacktivitycon!
\nTwitter: @nahamsec
\n
SpeakerBio:Corben Leo\n, Co-Founder at Boring Mattress Co
\nCorben Leo is a top–100 bug bounty hunter on HackerOne. He’s worked with Facebook, Google, Microsoft, Apple, PayPal, Yahoo, Epic Games, AT&T, the Department of Defense, and many more. He\'s also a co-founder of Boring Mattress Co.
\nTwitter: @hacker_
\n\n
\nDescription:
\nThis talk includes a series of favorite hacking stories. From hacking into a prison system to having the ability to publish “fake news” on a major tech companies website to even breaking into some of the largest entertainment and online casinos. This talk will take a look at the identification, exploitation, and escalation paths as well as the possible impact based on the company’s organization and nature of work.\n
\n\n\'',NULL,365296),('3_Saturday','12','12:00','12:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Internet censorship: what governments around the globe have in store for you\'','\'Christopher Painter,Jeff \"The Dark Tangent\" Moss,Joel Todoroff,Roger Dingledine\'','DC_f357ab581e34b45b8d8d7e55261b25b4','\'Title: Internet censorship: what governments around the globe have in store for you
\nWhen: Saturday, Aug 12, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:Christopher Painter,Jeff \"The Dark Tangent\" Moss,Joel Todoroff,Roger Dingledine
\n
SpeakerBio:Christopher Painter\n, President at Global Forum on Cyber Expertise
\nChris Painter is the President of the Global Forum on Cyber Expertise. He served as the first top cyber diplomat in the U.S. State Department, in the White House as Senior Director for Cyber Policy in the National Security Council, and in the Justice Department and the FBI. Awards include the RSA Award for Excellence in the Field of Public Policy (2016), the Attorney General\'s Award for Exceptional Service, and the Intelligence Community Legal Award (2008).
\nTwitter: @c_painter
\n
SpeakerBio:Jeff \"The Dark Tangent\" Moss\n, DEF CON Communications
\nMr. Moss is an internet security expert and is the founder of Both the Black Hat Briefings and DEF CON Hacking conferences. In 2022 Mr. Moss was named to the UK Government Cybersecurity Advisory Board, and in 2021 he was sworn in as a member of the DHS Cybersecurity Infrastructure Security Agency (CISA) Advisory Council (CSAC), and serves as a chairman of their Technical Advisory Council (TAC). Mr. Moss is a member of the Council on Foreign Relations (CFR) and is interested in policy issues around privacy, national security, and internet governance. He spends a lot of time in Singapore.
\nTwitter: @thedarktangent
\n
SpeakerBio:Joel Todoroff\n, Office of the National Cyber Director
\nJoel Todoroff works for the Office of the National Cyber Director, where he provides legal and policy support on a range of issues, including commercial spyware and securing the foundations of the internet. He has previously worked with the Department of Defense, intelligence community, and the Privacy and Civil Liberties Oversight Board.
\n
SpeakerBio:Roger Dingledine\n, The Tor Project
\nRoger Dingledine is president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online. Roger works with journalists and activists on many continents to help them understand and defend against the threats they face, and he is a lead researcher in the online anonymity field. EFF picked him for a Pioneer Award, and Foreign Policy magazine chose him as one of its top 100 global thinkers.
\nTwitter: @RogerDingledine
\n\n
\nDescription:
\nThe internet is still largely centralized, and not every country has strong institutional controls preserving the right to access information or speak freely. Heck, even many \"liberal democracies\" are backsliding. While this may sound like an infosec talk suited for the think tank crowd, these developments are impacting hackers and the results they present at hacker cons.\n

Internet freedom tools are about empowering users to have the safety to make their own priorities. While China, Iran, and Russia are obviously key concerns in this space, many other countries are seeking to enact new laws and regulations that impact all types of users -- some with nefarious intent and others just accidentally harmful.\n

This conversation will explore the reasons, the symptoms, and some ideas about how to preserve our ability to set our own priorities. We will offer a holistic and detailed picture of how censorship affects our work and that of our colleagues -- how even if you feel secure in the freedom you have where you are right now, government censorship and surveillance in other places will unquestionably affect us all.\n

\n
REFERENCES
\n
\n

Some starting points:\n \n

\n\n\'',NULL,365297),('4_Sunday','10','10:00','10:45','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Vacuum robot security and privacy - prevent your robot from sucking your data\'','\'Dennis Giese\'','DC_1e83f8a01139f868ae0f41b49465105d','\'Title: Vacuum robot security and privacy - prevent your robot from sucking your data
\nWhen: Sunday, Aug 13, 10:00 - 10:45 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:Dennis Giese\n, Hacker
\nDennis Giese is currently a PhD student at Northeastern University and focuses on the security and privacy of IoT devices.\n

While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices.\n \n

His most known projects are the documentation and hacking of various vacuum robots. His current vacuum robot army consists of over 45 different models from various vendors.\n

\nTwitter: @dgi_DE
\n\n
\nDescription:
\nExactly 5 years ago we were presenting ways to hack and root vacuum robots. Since then, many things have changed. Back then we were looking into ways to use the robots\' \"dumb\" sensors to spy on the user (e.g. by using the ultrasonic sensor). But all our predictions were exceeded by the reality: today\'s robots bring multiple cameras and microphones with them. AI is used to detect objects and rooms. But can it be trusted? Where will pictures of your cat end up?\n

In this talk we will look at the security and privacy of current devices. We will show that their flaws pose a huge privacy risk and that certification of devices cannot be trusted. Not to worry, though - we will also show you how to protect yourself (and your data) from your robot friends.\n

You will learn on how you can get root access to current flagship models of 4 different vendors. Come with us on a journey of having fun hacking interesting devices while preventing them from breaching your privacy. We will also discuss the risks of used devices, for both old and new users.\n

Finally, we will talk about the challenges of documenting vacuum robots and developing custom software for them. While our primary goal is to disconnect the robots from the cloud, it is also for users to repair their devices - pwning to own in a wholesome way.\n

REFERENCES: \n

Robots with lasers and cameras (but no security): Liberating your vacuum from the cloud\nhttps://dontvacuum.me/talks/DEFCON29/DEFCON29-Robots_with_lasers_and_cameras.html\n \n

Unleash your smart-home devices: Vacuum Cleaning Robot Hacking (34C3)\nhttps://dontvacuum.me/talks/34c3-2017/34c3.html\n \n

Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices\nhttps://dontvacuum.me/talks/DEFCON26/DEFCON26-Having_fun_with_IoT-Xiaomi.html\n \n

https://www.technologyreview.com/2022/12/19/1065306/roomba-irobot-robot-vacuums-artificial-intelligence-training-data-privacy/\n \n

https://linux-sunxi.org/Main_Page\n

\n\n\'',NULL,365298),('4_Sunday','11','11:00','11:45','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Advanced ROP Framework: Pushing ROP to Its Limits\'','\'Bramwell Brizendine,Shiva Shashank Kusuma\'','DC_c034752fa4db8a8f72aed62b90ba2f33','\'Title: Advanced ROP Framework: Pushing ROP to Its Limits
\nWhen: Sunday, Aug 13, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\nSpeakers:Bramwell Brizendine,Shiva Shashank Kusuma
\n
SpeakerBio:Bramwell Brizendine\n, Assistant Professor at University of Alabama in HuntsvilleDr.
\nDr. Bramwell Brizendine completed his Ph.D. in Cyber Operations, for which he did his dissertation on Jump-Oriented Programming, a hitherto seldom-studied and poorly understood subset of code-reuse attacks.\n

Bramwell is now an Assistant Professor of Computer Science at the University of Alabama in Huntsville; he previously was an Assistant Professor and the Director of the Vulnerability and Exploitation Research for Offensive and Novel Attacks (VERONA Lab) at Dakota State University, specializing in vulnerability research, software exploitation, and the development of new, cutting-edge tools and techniques with respect to software exploitation and malware analysis. Bramwell has taught numerous undergraduate, graduate and doctoral level courses in software exploitation, reverse engineering, malware analysis and offensive security. Bramwell was a PI on a $300,000 NSA/NCAE research grant, which culminated in the release of a shellcode emulator, SHAREM, in September 2022. Bramwell has been a speaker at many top security conferences, including DEF CON, Hack in the Box Amsterdam, @Hack, Black Hat Middle East, Black Hat Asia, Black Hat Europe, Wild West Hackin’ Fest, and more.\n

\n
SpeakerBio:Shiva Shashank Kusuma\n, Master\'s Student at University of Alabama in Huntsville
\nShiva Shashank Kusuma, a Computer Science Master\'s student at the University of Alabama in Huntsville, has a deep interest in software engineering and cybersecurity. When not at work, Shiva enjoys reading about Blockchain, Web3, and AI.
\n\n
\nDescription:
\nThis research provides innovative contributions to return-oriented programming (ROP), not seen before. We introduce ROP ROCKET, a cutting-edge ROP framework, to be released at DEF CON. With ROCKET, when attacking 32-bit applications, we can switch between x86 and x64 at will, by invoking a special ROP Heaven\'s Gate technique, thereby expanding the attack surface. We will discuss the ramifications of this novel approach.\n

Bypassing DEP via ROP is typically straightforward, using WinAPIs such as VirualProtect and VirtualAlloc. We demonstrate an alternative: using Windows syscalls. In fact, ROCKET provides automatic ROP chain construction to bypass ROP using Windows syscalls. While extremely trendy, Windows syscalls are only very rarely used in ROP.\n

One problem with automatic chain construction is bad chars or bad bytes. We demonstrate how ROCKET allows us to use virtulally any gadget whose address contains bad bytes. With this approach, automatic ROP chain construction is far less likely to fail. Thus, we overcome one of the major obstacles when creating a ROP chain: bad bytes, which reduces the attack surface needlessly. In fact, if one wanted, they could use ROCKET to \"obfuscate\" any gadget, obscuring what is being done.\n

This presentation will do the seemingly impossible - and surprise even veteran users of ROP.\n

REFERENCES: \n

    \n
  1. Brizendine, B., Babcock, A.: A Novel Method for the Automatic Generation of JOP Chain Exploits. In: National Cyber Summit. pp. 77–92 (2021)\n
  2. Min, J.W., Jung, S.M., Lee, D.Y., Chung, T.M.: Jump oriented programming on windows platform (on the x86). Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics). 7335 LNCS, 376–390 (2012). https://doi.org/10.1007/978-3-642-31137-6_29\n
  3. Erdodi, L.: Attacking x86 windows binaries by jump oriented programming. INES 2013 - IEEE 17th Int. Conf. Intell. Eng. Syst. Proc. 333–338 (2013). https://doi.org/10.1109/INES.2013.6632837\n
  4. Brizendine, B., Babcock, A.: Pre-built JOP Chains with the JOP ROCKET: Bypassing DEP without ROP. Black Hat Asia. (2021)\n
  5. One, A.: Smashing the stack for fun and profit. Phrack Mag. 7, 14–16 (1996)\n
  6. Designer, S.: “Return-to-libc” attack., https://seclists.org/bugtraq/1997/Aug/63\n
  7. Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). Proc. ACM Conf. Comput. Commun. Secur. 552–561 (2007). https://doi.org/10.1145/1315245.1315313\n
  8. Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-Oriented Programming : Systems , Languages , and Applications. ACM Trans. Inf. Syst. Secur. 15, 1–36 (2012)\n
  9. Buchanan, E., Roemer, R., Savage, S., Shacham, H.: Return-oriented programming: Exploitation without code injection. Black Hat. 8, (2008)\n
  10. PaX, T.: PaX address space layout randomization (ASLR). http//pax. grsecurity. net/docs/aslr. txt. (2003)\n
  11. Mark E, R., Alex, I., others: Windows Internals, Part 2, (2012)\n
  12. Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM conference on Computer and communications security. pp. 298–307 (2004)\n
  13. Vreugdenhil, P.: Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit.\n
  14. Gawlik, R., Holz, T.: ${$SoK$}$: Make ${$JIT-Spray$}$ Great Again. In: 12th USENIX Workshop on Offensive Technologies (WOOT 18) (2018)\n
  15. Göktas, E., Kollenda, B., Koppe, P., Bosman, E., Portokalidis, G., Holz, T., Bos, H., Giuffrida, C.: Position-independent code reuse: On the effectiveness of aslr in the absence of information disclosure. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P). pp. 227–242 (2018)\n
  16. Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.R., Shacham, H., Winandy, M.: Return-oriented programming without returns. Proc. ACM Conf. Comput. Commun. Secur. 559–572 (2010). https://doi.org/10.1145/1866307.1866370\n
  17. Bletsch, T., Jiang, X., Freeh, V.W.: Jump-oriented programming: a new class of code-reuse attack. Proc. 6th Int. Symp. Information, Comput. Commun. Secur. ASIACCS 2011. (2011)\n
  18. Brizendine, B.: JOP ROCKET repository, https://github.com/Bw3ll/JOP_ROCKET/\n
  19. Babcock, A.: IcoFX 2.6 - “.ico” Buffer Overflow SEH + DEP Bypass using JOP, https://www.exploit-db.com/exploits/49959\n
  20. Specter: Sony Playstation 4 (PS4) 5.05 - BPF Double Free Kernel Exploit Writeup, https://www.exploit-db.com/exploits/45045\n
  21. Brizendine, B., Babcock, A., Kramer, A.: Move Over, ROP: Towards a Practical Approach to Jump-Oriented Programming. HITBMag. 121–152 (2021)\n
  22. Intel Corporation: Control-flow Enforcement Technology Preview, https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf\n
  23. Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.-R., Holz, T.: Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications. In: 2015 IEEE Symposium on Security and Privacy. pp. 745–762 (2015)\n
  24. Brizendine, B. Windows Syscalls in Shellcode: Advanced Techniques for Malicious Functionality. Hack in the Box Amsterdam (2023).
\n\n\'',NULL,365299),('2_Friday','11','11:00','11:20','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'mTLS: when certificate authentication done wrong\'','\'Michael Stepankin\'','DC_b16238b1887d990da844fcc7d8194294','\'Title: mTLS: when certificate authentication done wrong
\nWhen: Friday, Aug 11, 11:00 - 11:20 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\n
SpeakerBio:Michael Stepankin\n, Security Researcher at GitHub
\nMichael \'artsploit\' Stepankin is a researcher at GitHub Security Lab. He joined the team to put his offensive security mindset to the test, uncovering complex vulnerabilities in open source web applications. He specializes in the Java Enterprise stack, covering a wide range of security topics from insecure deserialization and XXEs, to logical bugs in OAuth systems. He\'s published a number of works throughout his employment as a researcher, including new ways to exploit JNDI injections, attacks on Apache Solr, and finding hidden Remote Code Executions in the Spring framework.
\nTwitter: @artsploit
\n\n
\nDescription:
\nAlthough x509 certificates have been here for a while, they have become more popular for client authentication in zero-trust networks in recent years. Mutual TLS, or authentication based on X509 certificates in general, brings advantages compared to passwords or tokens, but you get increased complexity in return.\n

In this talk, we’ll deep dive into some novel attacks on mTLS authentication. We won’t bother you with heavy crypto stuff, but instead we’ll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation and information leakages. We present some CVEs we found in popular open-source identity servers and ways to exploit them. Finally, we’ll explain how these vulnerabilities can be spotted in source code and how the safe code looks like.\n

REFERENCES: \n

    \n
  1. Wikipedia: Mutual Authentication (mTLS) https://en.wikipedia.org/wiki/Mutual_authentication#mTLS\n
  2. Java: Possible RCEs in X.509 certificate validation [CVE-2018-2633][CVE-2017-10116] https://mbechler.github.io/2018/01/20/Java-CVE-2018-2633/
\n\n\'',NULL,365300),('4_Sunday','12','12:00','12:45','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'LLMs at the Forefront: Pioneering the Future of Fuzz Testing in a Rapidly Changing World\'','\'X\'','DC_a327236b2c171706c641107f84b1898b','\'Title: LLMs at the Forefront: Pioneering the Future of Fuzz Testing in a Rapidly Changing World
\nWhen: Sunday, Aug 13, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:X\n, Hacker
\nX is a seasoned security researcher and programming language enthusiast with an impressive track record in research, vulnerability discovery, and fuzz testing. From the moment he laid hands on a Blueberry-colored Apple iBook G3 provided by his elementary school, X developed a slight obsession with technology.\n

He is a urban cycling enthusiast that needs to wear his helmet more often, a techno and bass aficionado, and tree wizard.\n

Before finding vulnerabilities for a living he developed scientific computing software. See his Clojure-based Sequoia database fuzzer for an ideal representation of X\'s skill set and interests.\n

\n\n
\nDescription:
\nLarge Language Models are already revolutionizing the software development landscape. As hackers we can only do what we\'ve always done, embrace the machine and use it to do our bidding.\n

There are many valid criticisms of GPT models for writing code like the tendency to hallucinate functions, not being able to reason about architecture, training done on amateur code, limited context due to token length, and more. None of which are particularly important when writing fuzz tests. This presentation will delve into the integration of LLMs into fuzz testing, providing attendees with the insights and tools necessary to transform and automate their security assessment strategies.\n

The presentation will kick off with an introduction to LLMs; how they work, the potential use cases and challenges for hackers, prompt writing tips, and the deficiencies of current models. We will then provide a high level overview explaining the purpose, goals, and obstacles of fuzzing, why this research was undertaken, and why we chose to start with \'memory safe\' Python. We will then explore efficient usage of LLMs for coding, and the primary benefits LLMs offer for security work, paving the way for a comprehensive understanding of how LLMs can automate tasks traditionally performed by humans in fuzz testing engagements.\n

We will then introduce FuzzForest, an open source tool that harnesses the power of LLMs to automatically write, fix, and triage fuzz tests on Python code. A thorough discussion on the workings of FuzzForest will follow, with a focus on the challenges faced during development and our solutions. The highlight of the talk will showcase the results of running the tool on the 20 most popular open-source Python libraries which resulted in identifying dozens of bugs.\n

We will end the talk with an analysis of efficacy and question if we\'ll all be replaced with a SecurityGPT model soon.\n

To maximize the benefits of this talk, attendees should possess a fundamental understanding of fuzz testing, programming languages, and basic AI concepts. However, a high-level refresher will be provided to ensure a smooth experience for all participants.\n

\n
REFERENCES
\n
My original blog post that sparked the idea:\nhttps://infiniteforest.org/LLMs+to+Write+Fuzzers\n \n
Blogs
\n
https://comby.dev/blog/2022/04/11/comby-decomposer-compiler-fuzzing\nhttps://martinfowler.com/articles/2023-chatgpt-xu-hao.html
\n

Research Papers:
\nhttps://arxiv.org/abs/2212.14834
\nhttps://embed.cs.utah.edu/csmith/
\nhttps://www.usenix.org/system/files/sec23fall-prepub-446-fu.pdf\n

\n
Tools
\n
https://github.com/google/atheris\nhttps://github.com/mpaepper/llm_agents
\n

Prompt Course:
\nhttps://www.deeplearning.ai/short-courses/chatgpt-prompt-engineering-for-developers/\n

\n\n\'',NULL,365301),('4_Sunday','10','10:00','10:20','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Snoop unto them, as they snoop unto us\'','\'Michaud \"5@\\/@g3\" Savage,Rekcahdam,nullagent\'','DC_a7904de16781b20b63d88a777c09a555','\'Title: Snoop unto them, as they snoop unto us
\nWhen: Sunday, Aug 13, 10:00 - 10:20 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\nSpeakers:Michaud \"5@\\/@g3\" Savage,Rekcahdam,nullagent
\n
SpeakerBio:Michaud \"5@\\/@g3\" Savage\n, Apprentice at Dataparty
\nNo BIO available
\n
SpeakerBio:Rekcahdam\n, Hacker
\nNo BIO available
\nTwitter: @rekcahdam
\n
SpeakerBio:nullagent\n, Member at Dataparty
\nNullagent is a robotics hacker. He built his first internet connected robot in 2004 and since then he\'s been hooked on embedded hacking. He\'s building a hacker collective that fuses artistic expression to bring cyber security tools to a broader audience.
\nTwitter: @nullagent
\n\n
\nDescription:
\nBLE devices are now all the rage. What makes a purpose built tracking device like the AirTag all that different from the majority of BLE devices that have a fixed address? With the rise of IoT we\'re also seeing a rise in government and corporate BLE surveillance systems. We\'ll look at tools that normal people can use to find out if their favorite IoT gear is easily trackable. If headphones and GoPro\'s use fixed addresses, what about stun guns and bodycams? We\'ll take a look at IoT gear used by authorities and how it may be detectedable over long durations, just like an AirTag.\n
\n
REFERENCES
\n
Handoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol\nFreqy DEFCON 29 RF Village - \"Basics of Breaking BLE\"\nHandoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol\nDEF CON 26 - Damien virtualabs Cauquil - You had better secure your BLE devices\nMike Spicer - I Know What U Did Last Summer 3 Yrs Wireless Monitoring DEFCON - DEF CON 27 Conference
\n\n\'',NULL,365302),('4_Sunday','10','10:00','10:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Cellular carriers hate this trick: Using SIM tunneling to travel at light speed\'','\'Adrian \"atrox\" Dabrowski,Gabriel K. Gegenhuber\'','DC_40efbca14672c626fd81865a9320ee0b','\'Title: Cellular carriers hate this trick: Using SIM tunneling to travel at light speed
\nWhen: Sunday, Aug 13, 10:00 - 10:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:Adrian \"atrox\" Dabrowski,Gabriel K. Gegenhuber
\n
SpeakerBio:Adrian \"atrox\" Dabrowski\n, CISPA Helmholtz Center for Cybersecurity
\nAdrian Dabrowski wrote his PhD about large infrastructures including the identifying fake base stations (“IMSI Catchers”). Before his PhD, he was a founding member of two hackerspaces in Vienna, Austria, and on the board of one of them.
\nTwitter: @atrox_at
\n
SpeakerBio:Gabriel K. Gegenhuber\n, University of Vienna & SBA Research
\nGabriel Gegenhuber is PhD candidate in Vienna, Austria. Gabriel is conducting research in the area of cellular and mobile networks. This includes Internet measurement technologies, traffic classification systems (e.g., deep packet inspection), and technical measures that are used to detect net neutrality and privacy violations.
\nTwitter: @GGegenhuber
\n\n
\nDescription:
\nCellular networks form large complex compounds for roaming purposes. Thus, geographically-spread testbeds for masurements and rapid exploit verification are needed to do justice to the technology\'s unique structure and global scope. Additionally, such measurements suffer from a combinatorial explosion of operators, mobile plans, and services. To cope with these challenges, we are releasing an open-source framework that geographically decouples the SIM (subscription) from the cellular modem by selectively connecting both remotely. This allows testing any subscriber with any operator at any modem location within seconds without moving parts. The resulting measurement and testbed platform \"MobileAtlas\" offers a scalable, controlled experimentation environment. It is fully open-sourced and allows other researchers to contribute locations, SIM cards, and measurement scripts.\n

Using the above framework, our international experiments in commercial networks revealed exploitable inconsistencies in traffic metering, leading to multiple data \"phreaking\" opportunities (\"free-ride\"). We also expose problematic IPv6 firewall configurations, hidden SIM card communication to the home network, and fingerprint dial progress tones to track victims across different roaming networks and countries with voice calls.\n

REFERENCES: \n \n

Gabriel K. Gegenhuber, Wilfried Mayer, and Edgar Weippl. Zero-Rating, One Big Mess: Analyzing Differential Pricing Practices of European MNOs. In IEEE Global Communications Conference (GLOBECOM), 2022\nGabriel K. Gegenhuber, Wilfried Mayer, Edgar Weippl, Adrian Dabrowski. MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research., 2023, In proceedings of the 32th USENIX Security Symposium 2023.\nDavid Allen Burgess. What is AT&T doing at 1111340002? Welcome to the magical world of proac-tive SIMs., 2021. https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c\nDavid Allen Burgess. More Proactive SIMs., 2021. https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189\nOSMOCOM. Simtrace 2. https://osmocom.org/projects/simtrace2/wiki\nosmocom.org. pySim-prog - Utility for programmable SIM/USIM-Cards. https://osmocom.org/projects/pysim/wiki\nThe MONROE Alliance. Measuring Mobile Broadband Networks in Europe. https://www.monroe-project.eu\n

\n\n\'',NULL,365303),('3_Saturday','09','09:00','09:20','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Assessing the Security of Certificates at Scale\'','\'Andrew Chi,Brandon Enright,David McGrew\'','DC_f35567bc50ef64d23380a4be4fa51b4c','\'Title: Assessing the Security of Certificates at Scale
\nWhen: Saturday, Aug 12, 09:00 - 09:20 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\nSpeakers:Andrew Chi,Brandon Enright,David McGrew
\n
SpeakerBio:Andrew Chi\n, Security Research Engineering Technical Leader at Cisco
\nAndrew Chi is a Security Research Engineering Technical Leader at Cisco, where he works with product teams and incident response teams to detect threats in large network telemetry datasets. Prior to Cisco, he was a computer scientist at Raytheon BBN Technologies, where he contributed to IETF standards for routing security (RPKI and BGPSEC) and served as software lead for an open-source RPKI validator. Andrew holds a bachelor’s degree in mathematics from Harvard and a PhD in computer science from the University of North Carolina.
\n
SpeakerBio:Brandon Enright\n, Lead DIFR investigator at Cisco CSIRT
\nBrandon Enright is a lead DIFR investigator for Cisco CSIRT, an expert at DNS and network data analysis, and a contributor to Nmap and other open source projects.
\n
SpeakerBio:David McGrew\n, Fellow at Cisco Systems
\nDavid McGrew is a Fellow at Cisco Systems, where he leads research and development to detect threats, vulnerabilities, and attacks using network data, and to protect data through applied cryptography. He pioneered the commercial use of encrypted traffic analysis to defend networked information systems, and designed authenticated encryption and secure voice and video standards that are in widespread use, most notably GCM and Secure RTP, contributed to open source projects, published research results, championed open, patent/royalty-free cryptography, and co-founded the IRTF Crypto Forum Research Group. He holds a PhD in Physics from Michigan State University, and outside of work, he enjoys Linux, sailing, sports cars, jazz records, and guitar.
\n\n
\nDescription:
\nThe security of digital certificates is too often undermined by the use of poor entropy sources in key generation. Flawed entropy can be hard to discover, especially when analyzing individual devices. However, some flaws can be detected when a large set of keys from the same entropy source are analyzed, as was dramatically demonstrated in 2012 and 2016 by the detection of weak HTTPS keys on the Internet.\n

In this talk, we present tools and techniques to identify weak keys at scale, by checking issued certificates obtained from passive monitoring, active network scans, or certificate authority logs. Our tools use efficient multithreaded implementations of network monitors, scanners, certificate parsers, and mathematical tests. The batch greatest common divisor test (BGCD) identifies RSA public keys with common factors, and outputs the corresponding private keys. The common key test identifies distinct devices that share identical keys. We report on findings from both tests and demonstrate how to audit HTTPS servers, run BGCD on 100M+ keys, identify RSA keys with common factors, and generate the corresponding private keys. Because nothing convinces like an attack, we show how to produce and use PEM files for factored keys. \n

REFERENCES:
\nAndrew Chi, Brandon Enright, David McGrew. The Mercury Batch GCD Utility. https://github.com/cisco/mercury/blob/main/doc/batch-gcd.md\nDavid McGrew, The Mercury cert_analyze Utility. https://github.com/cisco/mercury/blob/main/src/cert_analyze.cc\nDavid McGrew, Blake Anderson. The Mercury tls_scanner Utility. https://github.com/cisco/mercury/blob/main/src/tls_scanner.cc\nNadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. Mining your ps and qs: Detection of widespread weak keys in network devices. In Tadayoshi Kohno, editor, Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, pages 205–220. USENIX Association, 2012. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/heninger.\nMarcella Hastings, Joshua Fried, and Nadia Heninger. Weak keys remain widespread in network devices. In Phillipa Gill, John S. Heidemann, John W. Byers, and Ramesh Govindan, editors, Proceedings of the 2016 ACM on Internet Measurement Conference, IMC 2016, Santa Monica, CA, USA, November 14-16, 2016, pages 49–63. http://dl.acm.org/citation.cfm?id=2987486.\n

\n\n\'',NULL,365304),('4_Sunday','11','11:00','11:45','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Unlocking hidden powers in Xtensa based Qualcomm Wifi chips\'','\'Daniel Wegemer\'','DC_c56aed2a1fa50ada353a12d71512a988','\'Title: Unlocking hidden powers in Xtensa based Qualcomm Wifi chips
\nWhen: Sunday, Aug 13, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:Daniel Wegemer\n, Hacker
\nSecurity Researcher interested in enabling new features in closed source firmware. Areas of interest are: Wifi, IoT and Automotive.
\n\n
\nDescription:
\nWifi chips contain general purpose processors. Even though these are powerful processors, their firmware is closed source and does not allow modifications. This talk explores how the firmware of modern Xtensa based Qualcomm Wifi chips can be modified to allow extending its indented functionality. Such modifications can even be for example leveraged by security researchers to find vulnerabilities in an otherwise closed source Wifi code. During the talk we will also dive into the architecture of Qualcomms Wifi chips as well as the structure of the firmware used withing these chips. We will release a modified version of the Nexmon framework to enable patching of Xtensa based firmware and show all the steps involved to create such patches. \n
\n
REFERENCES
\n
- http://problemkaputt.de/gbatek-dsi-atheros-wifi-bmi-bootloader-commands.htm\n- https://nstarke.github.io/firmware/wifi/linux/kernel/2021/08/11/dev-coredump-and-firmware-images.html\n- https://sachin0x18.github.io/posts/demystifying-xtensa-isa/\n- https://nexmon.org
\n\n\'',NULL,365305),('2_Friday','11','11:00','11:45','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record','\'Warshopping - further dalliances in phreaking smart shopping cart wheels, RF sniffing and hardware reverse engineering\'','\'Joseph Gabay\'','DC_2c309637fdae765d28ff8d224ecb0bb0','\'Title: Warshopping - further dalliances in phreaking smart shopping cart wheels, RF sniffing and hardware reverse engineering
\nWhen: Friday, Aug 11, 11:00 - 11:45 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record - Map
\n
SpeakerBio:Joseph Gabay\n, Hacker
\nJoseph is a robotics engineer turned hacker - inspired by curiosity of the small systems in our everyday world, he went from developing products to performing security assessments of them. He specializes in embedded systems, circuit reverse engineering, and mechatronics.\n

His other hobbies include skydiving, multi-medium fabrication, and collecting strange domain names. He is also the founder and Chief Lunatic of the Flat Moon Society, who would like to ask you: isn’t it weird we never see the other side of the moon?\n

\nTwitter: @stoppingcart
\n\n
\nDescription:
\nSmart shopping cart wheels are electronic wheels with a mechanical braking mechanism meant to prevent cart removal or shoplifting, as well as electronics to provide other tracking functions. In a past talk, I’ve discussed the ultra-low-frequency communication these systems use and how to sniff and replay them (and even use your phone’s speaker to “phreak” your shopping cart!\n

This talk explores a new type of smart wheel (the Rocateq system), and focuses on a deeper exploration of the hardware and firmware. On top of capturing new sets of ultra-low-frequency control signals, we’ll look at the 2.4 GHz “checkout” signal that it receives from the register and reverse engineer the PCB - soldering on “fly-wires” to look at the chip-to-chip communication with a logic analyzer. We’ll also use a PICKIT programmer to dump the firmware from the main microcontroller for basic analysis using Ghidra.\n

In addition to the talk, the website where you can play the control signals as audio files on your phone will be updated to include the control codes for the Rocateq brand wheels. \n

REFERENCES: \n

\n\n\'',NULL,365306),('1_Thursday','16','16:30','16:50','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Leading Crypto Wallets\'','\'Nikolaos Makriyannis,Oren Yomtov\'','DC_1a9e26bad8017e4575190b44eae9045c','\'Title: Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Leading Crypto Wallets
\nWhen: Thursday, Aug 10, 16:30 - 16:50 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:Nikolaos Makriyannis,Oren Yomtov
\n
SpeakerBio:Nikolaos Makriyannis\n, Cryptography Research Lead at Fireblocks
\nNikolaos Makriyannis (Nikos), Cryptography Research Lead at Fireblocks, is a cryptography PhD, specializing in the areas of multiparty computation (MPC). Nikos is the co-inventor of the CMP20 and CGGMP21 protocols published in ACM CCS\'20 and used by multiple wallet providers.​
\nTwitter: @nik_mak_
\n
SpeakerBio:Oren Yomtov\n, Blockchain Research Lead at Fireblocks
\nOren Yomtov (@orenyomtov), Blockchain Research Lead at Fireblocks, is a security researcher with over a decade of experience. In the past year, focusing on the blockchain space, he disclosed a critical vulnerability in a blockchain with a market cap of $100 million and created the first open-source, trustless Bitcoin NFT marketplace, OpenOrdex.
\nTwitter: @orenyomtov
\n\n
\nDescription:
\nMulti-Party Computation (MPC) has become a common cryptographic technique for protecting hundreds of billions of dollars in cryptocurrency wallets. MPC algorithms are currently powering the wallets of Coinbase, Binance, Zengo, BitGo, Fireblocks and many other fintechs/banks servicing hundreds of millions of consumers and thousands of financial institutions.\n

This presentation examines the most common MPC protocols and implementations and shows that securing MPC remains a challenge for most companies.\n

We show practical key-exfiltration attacks requiring no more than a couple of hundred signatures. Namely, we show three different attacks on different protocols/implementations requiring 256, 16, and one signature, respectively.\n

REFERENCES:
\nRosario Gennaro and Steven Goldfeder. \"One Round Threshold ECDSA with Identifiable Abort.\" Cryptology ePrint Archive, Paper 2020/540, 2020.\nYehuda Lindell. \"Fast Secure Two-Party ECDSA Signing.\" Journal of Cryptology, vol. 34, no. 4, 2021, pp. 44.\nRosario Gennaro and Steven Goldfeder. \"Fast Multiparty Threshold ECDSA with Fast Trustless Setup.\" Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2018, pp. 1179-1194.\n

\n\n\'',NULL,365307),('2_Friday','16','16:30','17:15','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Nothing but Net: Leveraging macOS\'s Networking Frameworks to Heuristically Detect Malware\'','\'Patrick Wardle\'','DC_01797036dfaa92538e6b2270706e27ea','\'Title: Nothing but Net: Leveraging macOS\'s Networking Frameworks to Heuristically Detect Malware
\nWhen: Friday, Aug 11, 16:30 - 17:15 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\n
SpeakerBio:Patrick Wardle\n, Objective-See Foundation
\nPatrick Wardle is the creator of the non-profit Objective-See Foundation, author of the “The Art of Mac Malware” book series, and founder of the \"Objective by the Sea\" macOS Security conference.\n

Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.\n \n

Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing books and free open-source security tools to protect Mac users.\n

\nTwitter: @patrickwardle
\n\n
\nDescription:
\nAs the majority of malware contains networking capabilities, it is well understood that detecting unauthorized network access is a powerful detection heuristic. However, while the concepts of network traffic analysis and monitoring to detect malicious code are well established and widely implemented on platforms such as Windows, there remains a dearth of such capabilities on macOS.\n

This talk aims to remedy this situation by delving deeply into a myriad of programmatic approaches capable of enumerating network state, statistics, and traffic, directly on a macOS host. We will showcase open-source implementations of relatively overlooked low-level APIs, private frameworks, and user-mode extensions that provide insight into all networking activity. And, by leveraging these techniques, you will learn how to efficiently and generically detect both known and unknown threats targeting macOS! \n

\n
REFERENCES
\n
- J. Levin http://newosxbook.com/src.jl?tree=listings&file=netbottom.c\n- P. Wardle https://objective-see.org/blog/blog_0x72.html\n- Will Yu / Elastic https://www.elastic.co/blog/mac-system-extensions-for-threat-detection-part-3
\n\n\'',NULL,365308),('2_Friday','17','16:30','17:15','Y','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Nothing but Net: Leveraging macOS\'s Networking Frameworks to Heuristically Detect Malware\'','\'Patrick Wardle\'','DC_01797036dfaa92538e6b2270706e27ea','\'\'',NULL,365309),('4_Sunday','12','12:00','12:45','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'#NoFilter: Abusing Windows Filtering Platform for privilege escalation\'','\'Ron Ben-Yizhak\'','DC_c4d088b5898ad9bd8c00f034bf7388ca','\'Title: #NoFilter: Abusing Windows Filtering Platform for privilege escalation
\nWhen: Sunday, Aug 13, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\n
SpeakerBio:Ron Ben-Yizhak\n, Security Researcher at Deep Instinct
\nRon Ben-Yizhak is a security researcher at Deep Instinct.\n

He is responsible for research of malware campaigns, attack surfaces and vectors and evasion techniques. His findings are used for developing new analysis, detection, and mitigation capabilities.\n

Ron joined Deep Instinct in 2019 after serving as a security researcher and forensics specialist in one of the IDF’s elite cyber units.\n

\nTwitter: @RonB_Y
\n\n
\nDescription:
\nPrivilege escalation is a common attack vector in the Windows OS.\n

Today, there are multiple offensive tools in the wild that can execute code as “NT AUTHORITY\\SYSTEM” (Meterpreter, CobaltStrike, Potato tools), and they all usually do so by duplicating tokens and manipulating services in some way or another. This talk will show an evasive and undetected privilege escalation technique that abuses the Windows Filtering Platform (WFP). This platform processes network traffic and allow configuring filters that permit or block communication.\n

It is built-in component of the operating system since Windows Vista, and doesn’t require an installation. My research started from reverse-engineering a single RPC method in an OS service and ended with several techniques to abuse a system kernel component, that allow executing programs as “NT AUTHORITY\\SYSTEM”, as well as other users that are logged on the the machine without triggering any traditional detection algorithms.\n

The various components of the Windows Filtering Platform will be analyzed, such as the Basic Filtering Engine, the TCPIP driver and the IPSec protocol, while focusing on how to abuse them and extract valuable data from them. \n

REFERENCES\n

\n\n\'',NULL,365310),('3_Saturday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Starbase: open source graph security analysis (Pre-Registration Required)\'','\'Adam Pierson,Austin Kelleher,Guillaume Ross\'','WS_da4ed39864509294f5954306b1b13753','\'Title: Starbase: open source graph security analysis (Pre-Registration Required)
\nWhen: Saturday, Aug 12, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Adam Pierson,Austin Kelleher,Guillaume Ross
\n
SpeakerBio:Adam Pierson\n
\nAdam Pierson is a Senior Software Engineer at JupiterOne. His diverse experience includes time as an embedded software engineer, an R&D analyst working on adopting emerging technologies within large corporate IT environments, and as a developer demonstrating the value of using graph databases to solve complex problems. Currently he is on JupiterOne’s Integration team working on development tools and continuing work on the open-source Starbase project.
\n
SpeakerBio:Austin Kelleher\n
\nAustin Kelleher is a Principal Software Engineer as well as a founding member at JupiterOne. He leads the team responsible for maintaining 100+ open-source projects at JupiterOne. His background has primarily been focused on developing cloud-based software systems and tools that interact with graphs for security analysis. Prior to moving to the security industry, Austin was an engineer at eBay building Marko and Lasso, which are the open-source web tools that power the eBay.com web experience.
\n
SpeakerBio:Guillaume Ross\n, JupiterOne
\nGuillaume has worked on the blue-team side of security for close to two decades now, and loves to do things because they MATTER and not just because everyone else in security is doing the same. He leads the security and IT teams at JupiterOne.
\n\n
\nDescription:
\nSecurity teams are overwhelmed with data. How does a user account relate to a server, an application? Does this vulnerability put this important data at risk, or does it simply expose a few systems we care about much less? Who really has access to these files? This is vulnerable, but the firewall won’t let traffic to the service, or will it?\n

These types of questions are very difficult to answer in a vacuum as they require context. With the power of graphs, and Starbase, an open source graph security analysis tool, we will be able to import the data that allows us to answer them using the graph.\n

John Lambert said “Defenders think in lists, attackers think in graphs”. Join us, so we can get a lot more people thinking in graphs!\n

Skill Level: Intermediate\n

Prerequisites for students:\n

Ability to use Docker when provided with commands. Basic understanding of IT and security issues in cloud environments.\n

Materials or Equipment students will need to bring to participate: A laptop with Docker as well as a few docker images pulled in advance.\n

Due to the brittle nature of conference Wi-Fi, we’ll send instructions in advance, so as many people as possible will have downloaded it.\n

\n\n\'',NULL,365311),('3_Saturday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Starbase: open source graph security analysis (Pre-Registration Required)\'','\'Adam Pierson,Austin Kelleher,Guillaume Ross\'','WS_da4ed39864509294f5954306b1b13753','\'\'',NULL,365312),('3_Saturday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Starbase: open source graph security analysis (Pre-Registration Required)\'','\'Adam Pierson,Austin Kelleher,Guillaume Ross\'','WS_da4ed39864509294f5954306b1b13753','\'\'',NULL,365313),('3_Saturday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Starbase: open source graph security analysis (Pre-Registration Required)\'','\'Adam Pierson,Austin Kelleher,Guillaume Ross\'','WS_da4ed39864509294f5954306b1b13753','\'\'',NULL,365314),('1_Thursday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'DotNet Malware Analysis Masterclass (Pre-Registration Required)\'','\'Max \'Libra\' Kersten\'','WS_42b736cb46f83e948a2986c25988b9a3','\'Title: DotNet Malware Analysis Masterclass (Pre-Registration Required)
\nWhen: Thursday, Aug 10, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\n
SpeakerBio:Max \'Libra\' Kersten\n, Malware Analyst at Trellix
\nMax Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable for those who are starting. In 2019, Max graduated cum laude with a bachelor\'s in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a malware analyst at Trellix, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max spoke at international conferences, such as Black Hat Arsenal (USA, EU, MEA, Asia), Botconf, Confidence-Conference, HackYeahPL, and HackFestCA. Additionally, he gave guest lectures and workshops for several universities and private entities.
\nTwitter: @Libranalysis
\n\n
\nDescription:
\nDotNet based malware originally started out as a novelty, but has shown it is here to stay. With DotNet malware being used by APT actors and script kiddies, and anything in-between, it is safe to say that one will encounter it sooner rather than later. This four-hour workshop primarily focuses on the analyst mindset and fundamental knowledge, including topics such as loaders, unpacking, obfuscation, DotNet internals, and (un)managed hooks. In short, one will learn how to analyse DotNet malware, and write automatic unpackers. As such, this class is perfect for aspiring and beginning analysts, while also providing background information and additional techniques for intermediate analysts.\n

The workshop’s materials will partially consist of actual malware samples, the precautions for which will be explained in-detail during the workshop, ensuring the safety and integrity of the systems of the attendees. A laptop with a preinstalled VM based Windows 10 trial, along with the community edition of Visual Studio (2019 or later) and the DotNet Framework runtime for version 3.5 and later. Other tools, such as dnSpyEx, de4dot, and DotDumper, can be downloaded during the workshop, as these are insignificant in size.\n

Knowing how to read VB.NET/C is a prerequisite. Being able to write in C is preferred, but the workshop can be followed without being able to, although a part of the exercises cannot be completed without it.\n

Questions about the workshop can be asked via my open Twitter DMs: @Libranalysis (https://twitter.com/Libranalysis)\n

Skill Level: Beginner to Intermediate\n

Prerequisites for students:\n

\n

Materials or Equipment students will need to bring to participate: A laptop capable of running one Windows 10 VM, with the above-mentioned prog2rams installed, and sufficient free disk space\n

\n\n\'',NULL,365315),('1_Thursday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'DotNet Malware Analysis Masterclass (Pre-Registration Required)\'','\'Max \'Libra\' Kersten\'','WS_42b736cb46f83e948a2986c25988b9a3','\'\'',NULL,365316),('1_Thursday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'DotNet Malware Analysis Masterclass (Pre-Registration Required)\'','\'Max \'Libra\' Kersten\'','WS_42b736cb46f83e948a2986c25988b9a3','\'\'',NULL,365317),('1_Thursday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'DotNet Malware Analysis Masterclass (Pre-Registration Required)\'','\'Max \'Libra\' Kersten\'','WS_42b736cb46f83e948a2986c25988b9a3','\'\'',NULL,365318),('2_Friday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'House of Heap Exploitation (Pre-Registration Required)\'','\'Elizabeth St. Germain,Kenzie Dolan,Maxwell Dulin \"Strikeout\",Nathan Kirkland,Zachary Minneker\'','WS_7eabbfcb7aef6d11badcb94402376d64','\'Title: House of Heap Exploitation (Pre-Registration Required)
\nWhen: Friday, Aug 11, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Elizabeth St. Germain,Kenzie Dolan,Maxwell Dulin \"Strikeout\",Nathan Kirkland,Zachary Minneker
\n
SpeakerBio:Elizabeth St. Germain\n
\nElizabeth St. Germain started hacking from a young age when very few inputs were sanitized. She worked in systems administration and video game development before settling into hacking as a career. She now focuses her time on web and hardware hacking, with a desire to explore the security impacts that video games can have on consumers. Most of her free time is split between either min/maxing games, competing in CTFs, exploring urban areas and nature, or making music.
\n
SpeakerBio:Kenzie Dolan\n, Security Engineer at Security Innovation
\nKenzie Dolan works for Security Innovation as a Security Engineer focusing on engagements ranging from IoT hacking to kiosk exploitation. Her current research interests include emerging threats against Mobile and IoT devices. She has a degree in Computer and Information Science from University of Oregon. In her free time, Kenzie enjoys composing music, playing video games or hiking in the greater Seattle area.
\n
SpeakerBio:Maxwell Dulin \"Strikeout\"\n
\nMaxwell Dulin (also known as Strikeout) loves hacking all things under the sun. In his day job, he works as a security engineer primarily focused on web applications. But at night, he leaves the tangled web into the open space of radio signals, garage doors, scoreboards, RC cars, and pwn challenges. From the latter, he gained enough expertise to create a heap exploitation course that has been delivered at a number of security conferences, including DEFCON. In his spare time, he has found Linux kernel 0-days, and reverse engineered numerous wireless devices. To summarize, if you put something in front of him, he\'ll find a way to break it and make it do what he wants.
\n
SpeakerBio:Nathan Kirkland\n
\nRaised on a steady diet of video game modding, when Nathan found programming as a teenager, he fit right into it. Legend says he still keeps his coffee (and tear) stained 1980s edition of The C Programming Language by K&R stored in a box somewhere. A few borrowed Kevin Mitnick books later, he had a new interest, and began spending more and more time searching for buffer overflows and SQL injections. Many coffee fueled sleepless nights later, he had earned OSCP, and graduated highschool a few months later. After a few more years of working towards a math degree and trying fervently to teach himself cryptanalysis, he decided to head back to the types of fun hacking problems that were his real first love, and has worked at Security Innovation ever since.
\n
SpeakerBio:Zachary Minneker\n, Security Innovation
\nZachary Minneker is a security researcher and security engineer at Security Innovation. His first computer was a PowerPC Macintosh, an ISA which he continues to defend to this day. At Security Innovation, he has performed security assessments on a variety of systems, including robots for kids, audio transcription codecs, and electronic medical systems. He has previous experience administrating electronic medical systems, and deep experience in fuzzing, reverse engineering, and protocol analysis. His research has focused on techniques for in-memory fuzzing, macOS sandbox security, and IPC methods.
\n\n
\nDescription:
\nHeap exploitation is an incredibly powerful tool for a hacker. As exploit mitigations have made exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a major wall in the binary exploitation journey because of its complexity. To conquer this difficultly, the workshop tackles the complexity head on by diving into the weeds of the allocator directly, taking on many hands-on exercises/challenges and creating easy to grasp diagrams to understand all of the concepts.\n

This workshop is for learning heap exploit development in glibc Malloc, which is the default allocator on most Linux distributions. With this hands-on introduction into glibc Malloc heap exploitation you will learn how the allocator functions, heap specific vulnerability classes and to pwn with a variety of techniques. To make the material easy to consumable, there are many hands-on exercises, a pre-built virtual machine with everything necessary for binary exploitation and an immense amount of visuals for explaining the material. After taking this course you will understand the internals of the glibc Malloc allocator, be able to uncover heap memory vulnerabilities and pwn the heap with a variety of techniques, with the capability to go further into the art afterwards.\n

Skill Level: Intermediate\n

Prerequisites for students:
\n- Basic computer science background (x86_64 assembly, stack, programming skills in C & Python)\n- Basic binary exploitation skills (buffer overflow exploitation, ROP, ASLR, etc.)\n- Familiar with Linux developer tools such as the command line, Python scripting and GDB.\n

Materials or Equipment students will need to bring to participate:\n

\n\n\'',NULL,365319),('2_Friday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'House of Heap Exploitation (Pre-Registration Required)\'','\'Elizabeth St. Germain,Kenzie Dolan,Maxwell Dulin \"Strikeout\",Nathan Kirkland,Zachary Minneker\'','WS_7eabbfcb7aef6d11badcb94402376d64','\'\'',NULL,365320),('2_Friday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'House of Heap Exploitation (Pre-Registration Required)\'','\'Elizabeth St. Germain,Kenzie Dolan,Maxwell Dulin \"Strikeout\",Nathan Kirkland,Zachary Minneker\'','WS_7eabbfcb7aef6d11badcb94402376d64','\'\'',NULL,365321),('2_Friday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'House of Heap Exploitation (Pre-Registration Required)\'','\'Elizabeth St. Germain,Kenzie Dolan,Maxwell Dulin \"Strikeout\",Nathan Kirkland,Zachary Minneker\'','WS_7eabbfcb7aef6d11badcb94402376d64','\'\'',NULL,365322),('3_Saturday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Introduction to Exploit Development (Pre-Registration Required)\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_95fe12de1afde37a2ed180da65d4e51e','\'Title: Introduction to Exploit Development (Pre-Registration Required)
\nWhen: Saturday, Aug 12, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne
\n
SpeakerBio:Elizabeth Biddlecome\n
\nElizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.
\n
SpeakerBio:Irvin Lemus\n
\nIrvin Lemus, CISSP is a Cyber Range Engineer at By Light IT Professional Services, training military personnel through international cyber security exercises. Irvin has been in the field since 2006, involved with cybersecurity competitions since 2015 as a trainer, coach, and mentor. He also has taught IT and Cybersecurity courses at Coastline and Cabrillo Colleges. He is the BACCC Cyber Competitions Regional Coordinator, Board member at Pacific Hackers and is a speaker at DEFCON. He describes himself as, \"A professional troublemaker who loves hacking all the things.\"
\n
SpeakerBio:Kaitlyn Handelman\n, Offensive Security Engineer at Amazon
\nKaitlyn Handelman is an offensive security engineer at Amazon. Her focus is cybersecurity in space. In addition to traditional penetration testing, Kaitlyn works on physical devices and RF signals. In her free time, she enjoys ham radio, astronomy, and her cat, Astrocat.
\n
SpeakerBio:Sam Bowne\n, Founder at Infosec Decoded, Inc
\nSam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences.\n

Credentials: PhD, CISSP, DEF CON Black Badge Co-Winner\n

\n\n
\nDescription:
\nLearn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits including buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.\n

We will exploit 32-bit and 64-bit Intel and ARM systems, and software in PHP, Python, C++, and DOT NET. We will examine modern Windows defenses in detail, including ASLR, DEP, stack cookies, and SEHOP. We will also write Rust programs and see how they prevent memory corruption vulnerabilities.\n

Previous experience with C and assembly language is helpful but not required. Participants will need a laptop that can run VMware or VirtualBox virtual machines.\n

All materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.\n

Skill Level: Intermediate\n

Prerequisites for students:
\n- Familiarity with C programming and assembly language is helpful, but not essential.\n

Materials or Equipment students will need to bring to participate:\n- A laptop capable of running a virtual machine in VMware or VirtualBox.\n

\n\n\'',NULL,365323),('3_Saturday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Introduction to Exploit Development (Pre-Registration Required)\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_95fe12de1afde37a2ed180da65d4e51e','\'\'',NULL,365324),('3_Saturday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Introduction to Exploit Development (Pre-Registration Required)\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_95fe12de1afde37a2ed180da65d4e51e','\'\'',NULL,365325),('3_Saturday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Introduction to Exploit Development (Pre-Registration Required)\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_95fe12de1afde37a2ed180da65d4e51e','\'\'',NULL,365326),('2_Friday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Machine Learning for N00bs (Pre-Registration Required)\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_fa0e6226a38637a43dd22233cc268fc2','\'Title: Machine Learning for N00bs (Pre-Registration Required)
\nWhen: Friday, Aug 11, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne
\n
SpeakerBio:Elizabeth Biddlecome\n
\nElizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.
\n
SpeakerBio:Irvin Lemus\n
\nIrvin Lemus, CISSP is a Cyber Range Engineer at By Light IT Professional Services, training military personnel through international cyber security exercises. Irvin has been in the field since 2006, involved with cybersecurity competitions since 2015 as a trainer, coach, and mentor. He also has taught IT and Cybersecurity courses at Coastline and Cabrillo Colleges. He is the BACCC Cyber Competitions Regional Coordinator, Board member at Pacific Hackers and is a speaker at DEFCON. He describes himself as, \"A professional troublemaker who loves hacking all the things.\"
\n
SpeakerBio:Kaitlyn Handelman\n, Offensive Security Engineer at Amazon
\nKaitlyn Handelman is an offensive security engineer at Amazon. Her focus is cybersecurity in space. In addition to traditional penetration testing, Kaitlyn works on physical devices and RF signals. In her free time, she enjoys ham radio, astronomy, and her cat, Astrocat.
\n
SpeakerBio:Sam Bowne\n, Founder at Infosec Decoded, Inc
\nSam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences.\n

Credentials: PhD, CISSP, DEF CON Black Badge Co-Winner\n

\n\n
\nDescription:
\nEvery technical product is now incorporating machine learning at an explosive rate. But most people, even those with strong technical skills, don\'t understand how it works, what its capabilities are, and what security risks come with it. In this workshop, we\'ll make machine learning models using simple Python scripts, train them, and evaluate their value. Projects include computer vision, breaking a CAPTCHA, deblurring images, regression, and classification tasks. We will perform poisoning and evasion attacks on machine learning systems, and implement deep neural rejection to block such attacks.\n

No experience with programming or machine learning is required, and the only software required is a Web browser. We will use TensorFlow on free Google Colab cloud systems.\n

All materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.\n

Skill Level: Beginner\n

Prerequisites for students:
\n- None\n

Materials or Equipment students will need to bring to participate:\n- A computer with a Web browser\n

\n\n\'',NULL,365327),('2_Friday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Machine Learning for N00bs (Pre-Registration Required)\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_fa0e6226a38637a43dd22233cc268fc2','\'\'',NULL,365328),('2_Friday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Machine Learning for N00bs (Pre-Registration Required)\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_fa0e6226a38637a43dd22233cc268fc2','\'\'',NULL,365329),('2_Friday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Machine Learning for N00bs (Pre-Registration Required)\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_fa0e6226a38637a43dd22233cc268fc2','\'\'',NULL,365330),('2_Friday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'How hackers can send feedback directly to policymakers like the pros (Pre-Registration Required)\'','\'Amit Elazari,Harley Geiger\'','WS_8209c0650b72a10b9a34c0fd74b3e263','\'Title: How hackers can send feedback directly to policymakers like the pros (Pre-Registration Required)
\nWhen: Friday, Aug 11, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Amit Elazari,Harley Geiger
\n
SpeakerBio:Amit Elazari\n, Co-Founder and CEO at OpenPolicy
\nDr. Amit Elazari is Co-Founder and CEO of OpenPolicy, the world first tech-enabled policy and advocacy company, aiming to democratize access to information concerning future regulation action, policy and lobbying to entities of all sizes by leveraging scale and technology. Prior to OpenPolicy, she served as Head of Cybersecurity Policy for Intel Corp and chaired the Cybersecurity Committee for the Information Technology Industry Council (ITI) among others. She holds a Doctoral Degree in the Law (JSD) from Berkeley Law, and graduated summa cum laude with three prior degrees in law and business. Her research appeared in leading academic journals, key conferences such as RSAC, Black Hat, DEFCON, Bsides, and USENIX, and was featured at the WSJ and NYT. She co-founded Disclose.io, a non-profit that foster adoptions of legal protections for good-faith security research. Amit has a diverse background in technical, policy, and legal roles, and practiced Hi-tech, Venture Capital, and M&A law at Israel\'s largest law firm, Goldfarb Gross Seligman & Co.
\n
SpeakerBio:Harley Geiger\n, Counsel at Venable LLP
\nHarley Geiger is Counsel and Senior Director at Venable, LLP, where he leads the Security Research Legal Defense Fund and the Hacking Policy Council and counsels clients on a variety of cybersecurity issues. Prior to this, Geiger was Senior Director for Public Policy at Rapid7, where he worked to expand adoption of vulnerability disclosure and legal protections for security research. Geiger also worked as Senior Legislative Counsel in the U.S. House of Representatives, where he drafted Aaron’s Law, and served as Advocacy Director at the Center for Democracy & Technology.
\nTwitter: @HarleyGeiger
\n\n
\nDescription:
\nThe first official comments on security policy live from DEF CON. The workshop will show hackers how to go through the process of submitting official comments to regulations and legislation.\n

Meeting with policymakers is only one way to make your voice heard. There are also formal channels for submitting written feedback on policy proposals that become a critical part of the record for regulations. These channels are open to the public, but non-policy professionals don’t always know how to access or make the most effective use of them.\n

This workshop will walk security researchers through the process of using regulations.gov and congress.gov to find open opportunities to influence regulations, and actually submit official comments via those channels from the workshop. The workshop will also talk through how to form an advocacy strategy to amplify the impact of the comments - for example, how to find the right policymakers and staff to follow up with.\n

The workshop will be led by policy professionals with deep ties to the security community.\n

Skill Level: All Levels\n

Prerequisites for students:
\n- None\n

Materials or Equipment students will need to bring to participate: \n- To walk through the process and/or submit comments, bring a laptop, iPad, or other connected device you can type on\n

\n\n\'',NULL,365331),('2_Friday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'How hackers can send feedback directly to policymakers like the pros (Pre-Registration Required)\'','\'Amit Elazari,Harley Geiger\'','WS_8209c0650b72a10b9a34c0fd74b3e263','\'\'',NULL,365332),('2_Friday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'How hackers can send feedback directly to policymakers like the pros (Pre-Registration Required)\'','\'Amit Elazari,Harley Geiger\'','WS_8209c0650b72a10b9a34c0fd74b3e263','\'\'',NULL,365333),('2_Friday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'How hackers can send feedback directly to policymakers like the pros (Pre-Registration Required)\'','\'Amit Elazari,Harley Geiger\'','WS_8209c0650b72a10b9a34c0fd74b3e263','\'\'',NULL,365334),('3_Saturday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Email Detection Engineering and Threat Hunting Inbox (Pre-Registration Required)\'','\'Alfie Champion,Josh Kamdjou\'','WS_430f801d22df5d3ea5893c3f5456065a','\'Title: Email Detection Engineering and Threat Hunting Inbox (Pre-Registration Required)
\nWhen: Saturday, Aug 12, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Alfie Champion,Josh Kamdjou
\n
SpeakerBio:Alfie Champion\n
\nAlfie specializes in the delivery of attack detection and adversary emulation services, actively contributing education content, tooling and blogs to further the industry. He has previously worked with organisations across multiple industry verticals to uplift and validate their detective capability through red or purple team engagements, and now leads the global adversary emulation function at a FTSE 250 company. He has previously spoken at BlackHat USA, RSA and Blue Team Con 2022, among others, and is the co-founder of DelivrTo.
\n
SpeakerBio:Josh Kamdjou\n
\nJosh has been doing offensive security-related things for the past 12 years. He\'s spent most of his professional career breaking into networks via spear-phishing and other methods, and building software for both the public (Department of Defense) and private sectors. Josh is the Founder and CEO of Sublime Security, and in his private life enjoys weight lifting, Martial Arts, soccer, and spending time with his niece and nephew.
\n\n
\nDescription:
\nEmail remains the #1 initial access vector for commodity malware and nation state actors. Historically, tackling email-based threats has been considered the purview of black-box vendor solutions, with defenders having limited scope (or tooling!) to swiftly and effectively respond to emerging attacker activity and novel offensive tradecraft.\n

In this workshop, attendees will be given detailed insight into the latest techniques used to deliver prevalent malware strains, including QakBot and Emotet, and will hunt through email data to identify this malicious activity, developing rules to detect and block these attacks.\n

Initially attendees will be introduced to the foundational technologies that enable threat hunting, detection engineering, and response in the email domain, before being given access to the email data of a fictitious company seeded with benign and real-world attack data. Throughout the day, participants will learn to hunt common phishing techniques including:\n

\n

Attendees will be guided through the rule creation process, utilizing free and open detection engines including Sublime and Yara, and will be introduced to the signals and email attributes that can be used to craft high-fidelity rules, including targeted user groups, sentiment analysis, sender domain age, and attachment analysis. Having completed the workshop, attendees will have a strong understanding of the tools and techniques at their disposal to defend their organizations from all manor of email threats.\n

Skill Level: Beginner. The training will cater to security practitioners with any level of technical experience. While a general understanding of email threats will be advantageous, all offensive and defensive techniques and tools in the training will be introduced at a foundational level and built on throughout the day.\n

Prerequisites for students:
\n- None\n

Materials or Equipment students will need to bring to participate: \n- Attendees should bring their own laptops in order to be hands-on, preloaded with Docker. Instructions to run the Docker images from Github will be shared. All tools used in this lab are free and/or open-source.\n

\n\n\'',NULL,365335),('3_Saturday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Email Detection Engineering and Threat Hunting Inbox (Pre-Registration Required)\'','\'Alfie Champion,Josh Kamdjou\'','WS_430f801d22df5d3ea5893c3f5456065a','\'\'',NULL,365336),('3_Saturday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Email Detection Engineering and Threat Hunting Inbox (Pre-Registration Required)\'','\'Alfie Champion,Josh Kamdjou\'','WS_430f801d22df5d3ea5893c3f5456065a','\'\'',NULL,365337),('3_Saturday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Email Detection Engineering and Threat Hunting Inbox (Pre-Registration Required)\'','\'Alfie Champion,Josh Kamdjou\'','WS_430f801d22df5d3ea5893c3f5456065a','\'\'',NULL,365338),('3_Saturday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Hands-On TCP/IP Deep Dive with Wireshark - How this stuff really works (Pre-Registration Required)\'','\'Chris Greer\'','WS_5cdab33047391ddce38a7ca9f912cf79','\'Title: Hands-On TCP/IP Deep Dive with Wireshark - How this stuff really works (Pre-Registration Required)
\nWhen: Saturday, Aug 12, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\n
SpeakerBio:Chris Greer\n, Network Analyst and Wireshark Instructor at Packet Pioneer
\nChris Greer is a network analyst and Wireshark instructor for Packet Pioneer, a Wireshark University partner. He has focused much of his career at the transport layer, specifically TCP, specializing in how this core protocol works to deliver applications, services, and attacks between systems. Chris is a regular speaker at Sharkfest - the Wireshark Developer and User Conference. He has presented at DEFCON and other industry conferences and regularly posts Wireshark analysis tips to his YouTube channel.
\n\n
\nDescription:
\nLet\'s break out Wireshark and dig deep in to the TCP and IP protocols. This skill is critical for anyone interested in any area of cybersecurity, no matter the color of the hat. Almost all enumeration, scans, incident response, and traffic forensics require the analyst to dig into and interpret TCP conversations. When enumerating an environment, identifying key TCP/IP indicators in protocol headers can also help when passively fingerprinting systems.\n

In this workshop we will roll back our sleeves and learn how TCP/IP really works - the handshake, options, sequence/ack numbers, retransmissions, TTL, and much more. This workshop welcomes all cybersecurity and wireshark experience levels.\n

Skill Level: Beginner to Intermediate\n

Prerequisites for students:
\n- Just a laptop with a copy of Wireshark. \n- I will provide the sample pcaps for analysis.\n

Materials or Equipment students will need to bring to participate: \n- Laptop\n

\n\n\'',NULL,365339),('3_Saturday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Hands-On TCP/IP Deep Dive with Wireshark - How this stuff really works (Pre-Registration Required)\'','\'Chris Greer\'','WS_5cdab33047391ddce38a7ca9f912cf79','\'\'',NULL,365340),('3_Saturday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Hands-On TCP/IP Deep Dive with Wireshark - How this stuff really works (Pre-Registration Required)\'','\'Chris Greer\'','WS_5cdab33047391ddce38a7ca9f912cf79','\'\'',NULL,365341),('3_Saturday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Hands-On TCP/IP Deep Dive with Wireshark - How this stuff really works (Pre-Registration Required)\'','\'Chris Greer\'','WS_5cdab33047391ddce38a7ca9f912cf79','\'\'',NULL,365342),('1_Thursday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Protecting the AWS ecosystem - Misconfigurations, IAM, and Monitoring (Pre-Registration Required)\'','\'Rodrigo Montoro\'','WS_6117bcf6af076a194d4183fc7abd1717','\'Title: Protecting the AWS ecosystem - Misconfigurations, IAM, and Monitoring (Pre-Registration Required)
\nWhen: Thursday, Aug 10, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\n
SpeakerBio:Rodrigo Montoro\n, Head of Threat & Detection Research at Clavis Security
\nRodrigo Montoro has over 23 years of experience in Information Technology and Computer Security. For most of his career, he has worked with open-source security software (firewalls, IDS, IPS, HIDS, log management, endpoint monitoring), incident detection & response, and Cloud Security. Currently is Head of Threat & Detection Research at Clavis Security. Before that, he worked as Cloud Researcher at Tenchi Security, Head of Research and Development at Apura Cyber Intelligence, SOC/Researcher at Tempest Security, Senior Security Administrator at Sucuri, and Researcher at Spiderlabs. Author of 2 patented technologies involving innovation in the detection field. One is related to discovering malicious digital documents. The second one is in how to analyze malicious HTTP traffic. Rodrigo has spoken at several open source and security conferences (Defcon Cloud Village, OWASP AppSec, SANS (DFIR, SIEM Summit & CloudSecNext), Toorcon (USA), H2HC (São Paulo and Mexico), SecTor (Canada), CNASI, SOURCE, ZonCon (Amazon Internal Conference), Blackhat Brazil, BSides (Las Vegas e SP)).
\nTwitter: @spookerlabs
\n\n
\nDescription:
\nCloud providers\' ecosystems have brought a lot of new challenges to companies and Security teams. Many new attack vectors create known and unknown attack vectors, generating a considerable need for further research and detection in this field.\n

In the current cloud security world, access keys are the new perimeter, and permissions associated with those keys are the limits. In many real-world scenarios, leaked access keys are the initial vectors to get into an organization\'s cloud environments. Therefore, the least privilege and detection in real-time becomes critical.\n

Specifically, in AWS, we are talking about more than three hundred (300+) services that an attacker could create their specific attack path to achieve their goal. Considering this chaotic scenario, we developed this workshop to teach how to mitigate those new vectors and improve the company\'s overall cloud security posture. The workshop will cover misconfigurations, AWS IAM (Identity and Access Management) least privilege, and control plane (Cloudtrail) monitoring.\n

This workshop will help organizations improve their cloud security posture in these three fields - misconfigurations, IAM permissions management, and control plane monitoring. There will be practical demonstrations, hands-on labs, and some Capture The Flag (CTF) to practice incident response.\n

Skill Level: Intermediate\n

Prerequisites for students:
\n- AWS basic to intermediate knowledge\n

Materials or Equipment students will need to bring to participate: \n- Laptop.
\n- Demonstrations and Capture The Flag (CTF) exercises will be executed in my AWS account and using CTFd.\n

\n\n\'',NULL,365343),('1_Thursday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Protecting the AWS ecosystem - Misconfigurations, IAM, and Monitoring (Pre-Registration Required)\'','\'Rodrigo Montoro\'','WS_6117bcf6af076a194d4183fc7abd1717','\'\'',NULL,365344),('1_Thursday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Protecting the AWS ecosystem - Misconfigurations, IAM, and Monitoring (Pre-Registration Required)\'','\'Rodrigo Montoro\'','WS_6117bcf6af076a194d4183fc7abd1717','\'\'',NULL,365345),('1_Thursday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Protecting the AWS ecosystem - Misconfigurations, IAM, and Monitoring (Pre-Registration Required)\'','\'Rodrigo Montoro\'','WS_6117bcf6af076a194d4183fc7abd1717','\'\'',NULL,365346),('2_Friday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Malware development on secured environment - Write, adapt, overcome (Pre-Registration Required)\'','\'Yoann Dequeker\'','WS_f5dacb1e4ebde00ab60dad2949773d33','\'Title: Malware development on secured environment - Write, adapt, overcome (Pre-Registration Required)
\nWhen: Friday, Aug 11, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\n
SpeakerBio:Yoann Dequeker\n, Red Team Operator at Wavestone
\nYoann Dequeker is a red team operator at Wavestone for 4 years entitled with OSCP certification and several HTB RedTeam Prolabs. Aside from his different RedTeam operations against CAC40 companies leading him to develop several custom malware to evade EDR to ease C2 beacon deployment or phishing campaigns, he speaks at conferences such as LeHack as a Malware Development speaker and is actively sharing his knowledge on social media under the OtterHacker pseudonym.\n

Beside his contribution to opensource project such as the implementation of TDO secret extraction on Impacket, he spends time playing with several EDR to understand the pros and cons of the different malware development techniques in order to craft and use the payload the most adapted to the targeted environment.\n

\n\n
\nDescription:
\nThis workshop will give an initiation to offensive malware development in C/C++ and how it is possible to adapt the approach depending on the security solution that must be tackled down. Different methods such as ModuleStomping, DLL Injection, Threadless Injection and Hardware Breakpoint for dehooking will be seen.\n

The idea is to start with a basic malware performing process injection and apply additional techniques to start evading EDR. At each step, some analysis on the malware will be performed to understand the differences at the system level and the IOC detected by the EDR.\n

At the end of this workshop, you will have all the knowledge needed to develop your own malware and adapt it to the targeted environment to escape from the basic pattern and spawn your beacons as if EDR didn\'t exist.\n

Skill Level: Intermediate\n

Prerequisites for students:
\n- Some basic C/C++ knowledge and an entry level skills on Windows OS.\n

Materials or Equipment students will need to bring to participate: \n- A Computer with VisualStudio Community or an equivalent compiler, WinDBG and a Windows System (Virtual machine might be better)\n

\n\n\'',NULL,365347),('2_Friday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Malware development on secured environment - Write, adapt, overcome (Pre-Registration Required)\'','\'Yoann Dequeker\'','WS_f5dacb1e4ebde00ab60dad2949773d33','\'\'',NULL,365348),('2_Friday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Malware development on secured environment - Write, adapt, overcome (Pre-Registration Required)\'','\'Yoann Dequeker\'','WS_f5dacb1e4ebde00ab60dad2949773d33','\'\'',NULL,365349),('2_Friday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Malware development on secured environment - Write, adapt, overcome (Pre-Registration Required)\'','\'Yoann Dequeker\'','WS_f5dacb1e4ebde00ab60dad2949773d33','\'\'',NULL,365350),('3_Saturday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'The Joy of Reverse Engineering: Learning With Ghidra and WinDbg (Pre-Registration Required)\'','\'Wesley McGrew\'','WS_33cf0cb5c04c7c2bd6cf52021931bb8a','\'Title: The Joy of Reverse Engineering: Learning With Ghidra and WinDbg (Pre-Registration Required)
\nWhen: Saturday, Aug 12, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\n
SpeakerBio:Wesley McGrew\n, Senior Cyber Fellow at MartinFed
\nDr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
\nTwitter: @McGrewSecurity
\n\n
\nDescription:
\nWhile it can be intimidating to \"get into\" software reverse engineering (RE), it can be very rewarding. Reverse engineering skills will serve you well in malicious software analysis, vulnerability discovery, exploit development, bypassing host-based protection, and in approaching many other interesting and useful problems in hacking. Being able to study how software works, without source code or documentation, will give you the confidence that there is nothing about a computer system you can\'t understand, if you simply apply enough time and effort. Beyond all of this: it\'s fun. Every malicious program becomes a new and interesting puzzle to \"solve\".\n

The purpose of this workshop is to introduce software reverse engineering to the attendees, using static and dynamic techniques with the Ghidra disassembler and WinDbg debugger. No prior experience in reverse engineering is necessary. There will be few slides--concepts and techniques will be illustrated within the Ghidra and WinDbg environments, and attendees can follow along with their own laptops and virtual environments. We will cover the following topics:\n

\n

Skill Level: Beginner\n

Prerequisites for students:
\n- No previous reverse engineering experience required. \n- Basic familiarity with programming in a high-level language is necessary (C preferred, Scripting languages like Python would be okay).\n

Materials or Equipment students will need to bring to participate: \n- A laptop with a fresh Windows 10 Virtual Machine.\n- Being able to dedicate 8GB RAM to the VM (meaning, you probably have 16GB in your laptop) will make the experience smoother, but you can get by with 4GB\n- 10 GB storage free in the VM (after installing Windows)\n- Administrative privileges
\n- Ability to copy exercise files from USB\n

We will be working with live malware samples. Depending on your comfort level with this, bring a \"burner\" laptop, use a clean drive, or plan on doing a clean install before and after the workshop.\n

\n\n\'',NULL,365351),('3_Saturday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'The Joy of Reverse Engineering: Learning With Ghidra and WinDbg (Pre-Registration Required)\'','\'Wesley McGrew\'','WS_33cf0cb5c04c7c2bd6cf52021931bb8a','\'\'',NULL,365352),('3_Saturday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'The Joy of Reverse Engineering: Learning With Ghidra and WinDbg (Pre-Registration Required)\'','\'Wesley McGrew\'','WS_33cf0cb5c04c7c2bd6cf52021931bb8a','\'\'',NULL,365353),('3_Saturday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'The Joy of Reverse Engineering: Learning With Ghidra and WinDbg (Pre-Registration Required)\'','\'Wesley McGrew\'','WS_33cf0cb5c04c7c2bd6cf52021931bb8a','\'\'',NULL,365354),('1_Thursday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Applied Emulation - A Practical Approach to Emulating Malware (Pre-Registration Required)\'','\'Sean Wilson,Sergei Frankoff\'','WS_b6e772c219bcea7042ce4fc0f08265bd','\'Title: Applied Emulation - A Practical Approach to Emulating Malware (Pre-Registration Required)
\nWhen: Thursday, Aug 10, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Sean Wilson,Sergei Frankoff
\n
SpeakerBio:Sean Wilson\n, Co-Founder at OpenAnalysis Inc
\nSean, a co-founder of OpenAnalysis Inc., splits his time between reverse engineering, tracking malware and building automated malware analysis systems. Sean brings over a decade of experience working in a number of incident response, malware analysis and reverse engineering roles.
\n
SpeakerBio:Sergei Frankoff\n, Co-founder at OpenAnalysis Inc
\nSergei is a co-founder of OpenAnalysis Inc. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.
\n\n
\nDescription:
\nBinary emulation is now a must-have tool for malware analysts. With a few lines of Python you can unpack binaries, skip analysis of complex algorithms, and automatically extract the configuration data from malware! It’s not too good to be true, but there is a little preparation work involved…\n

In this workshop you will set up your own emulation environment (using Python) and work through a series of common malware analysis tasks such as unpacking, and malware configuration extraction. The workshop starts simple using Unicorn to emulate x86 shellcode, and builds to a final project where syscall hooking is used with Dumpulator to automatically extract C2s from malware.\n

This workshop is aimed at malware analysts and reverse engineers who are interested in learning more about emulation and how it can be used to automate some reverse engineering workflows. Students must be able to write basic Python scripts, and have a working knowledge of the Windows OS. Familiarity with Windows malware, assembly, and debugging are strongly recommended. If you have opened malware in a debugger before you will feel right at home here.\n

You will be provided with detailed virtual machine setup instructions prior to the workshop. Please make sure to bring a laptop that meets the following requirements.\n

\n

Skill Level: Intermediate\n

Prerequisites for students:
\n- Students must be able to write basic Python scripts and have a basic understanding of the Windows operating system.\n- Familiarity with a Windows malware, debugging, and assembly would also be a significant benefit.\n

Materials or Equipment students will need to bring to participate:\n- Students must bring a laptop capable of running a Windows virtual machine with the following configuration. Time will be given to troubleshoot lab setup issues but it is strongly recommended that students have the following setup prior to the workshop.\n

[Host Setup]
\n- The laptop must have VirtualBox or VMWare installed and working prior to class.\n- The laptop must have at least 60GB of disk space free.\n- The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).\n

[ VM Install ]
\n- Download a free Windows 11 VM from Microsoft (https://developer.microsoft.com/en-u...tual-machines/)\n- You can also use a Windows VM of your choice (Windows 10 is also ok)\n

[ VM Install for Mac - Apple Silicon Only (M1, M2)]\n- If you have a new Apple Silicon MacBook you will are limited to running an ARM Windows VM\n- ARM Windows VMs are suitable for the workshop and you can follow our installation guide on YouTube (https://youtu.be/0eR8yrDLV5M)\n

[VM Setup]
\n- Install x64dbg in your VM (https://x64dbg.com/)\n- Install a free version of IDA in your VM (https://hex-rays.com/ida-free/)\n- Install a version of Python > 3.8.x in your VM (https://www.python.org/)\n

\n\n\'',NULL,365355),('1_Thursday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Applied Emulation - A Practical Approach to Emulating Malware (Pre-Registration Required)\'','\'Sean Wilson,Sergei Frankoff\'','WS_b6e772c219bcea7042ce4fc0f08265bd','\'\'',NULL,365356),('1_Thursday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Applied Emulation - A Practical Approach to Emulating Malware (Pre-Registration Required)\'','\'Sean Wilson,Sergei Frankoff\'','WS_b6e772c219bcea7042ce4fc0f08265bd','\'\'',NULL,365357),('1_Thursday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Applied Emulation - A Practical Approach to Emulating Malware (Pre-Registration Required)\'','\'Sean Wilson,Sergei Frankoff\'','WS_b6e772c219bcea7042ce4fc0f08265bd','\'\'',NULL,365358),('2_Friday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Learning to Hack Bluetooth Low Energy with BLE CTF (Pre-Registration Required)\'','\'Ryan Holeman\'','WS_abb069b4f202072db8ecc4a323f5dde1','\'Title: Learning to Hack Bluetooth Low Energy with BLE CTF (Pre-Registration Required)
\nWhen: Friday, Aug 11, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\n
SpeakerBio:Ryan Holeman\n, CISO at Strike
\nRyan Holeman resides in Austin, Texas, where he works as the CISO for the peer-to-peer payment platform Strike. He is currently pursuing a Ph.D. in cyber defense from Dakota State University. He has spoken at respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. You can keep up with his current activity, open source contributions, and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.
\n\n
\nDescription:
\nBLE CTF is a series of Bluetooth Low Energy challenges in a capture-the-flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user.\n

Over the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, training, and conferences have utilized it as an educational platform and CTF. As an open source, low-cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research.\n

This workshop will teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. For this workshop, we will undergo a series of exercises to teach beginner students new concepts and allow more seasoned users to try new tools and techniques. After completing this workshop, you should have a good solid understanding of how to interact with and hack on BLE devices in the wild.\n

If you have done BLE CTF in the past, this class is still valuable. For advanced users, we offer BLE CTF Infinity, a sequel to BLE CTF. The workshop will also showcase new hardware platforms and client tools for interacting with and completing the exercises.\n

Skill Level: Beginner to Intermediate\n

Prerequisites for students:
\n- To prepare for the workshop, please follow the setup documentation located at https://github.com/hackgnar/ble_ctf/blob/master/docs/workshop_setup.md\n

Materials or Equipment students will need to bring to participate:\n- Preferably a Linux box with a Bluetooth controller or a Bluetooth USB dongle. An OSX or Windows machine with a Linux VM and USB passthough works as well but should be setup and tested before the workshop.\n

\n\n\'',NULL,365359),('2_Friday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Learning to Hack Bluetooth Low Energy with BLE CTF (Pre-Registration Required)\'','\'Ryan Holeman\'','WS_abb069b4f202072db8ecc4a323f5dde1','\'\'',NULL,365360),('2_Friday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Learning to Hack Bluetooth Low Energy with BLE CTF (Pre-Registration Required)\'','\'Ryan Holeman\'','WS_abb069b4f202072db8ecc4a323f5dde1','\'\'',NULL,365361),('2_Friday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Learning to Hack Bluetooth Low Energy with BLE CTF (Pre-Registration Required)\'','\'Ryan Holeman\'','WS_abb069b4f202072db8ecc4a323f5dde1','\'\'',NULL,365362),('3_Saturday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Active Directory Attacks: The Good, The Bad, and The LOLwut (Pre-Registration Required)\'','\'Aaron Rosenmund,Brandon DeVault,Ryan Chapman\'','WS_ba2204ff9a89db6632d5d84e14c60598','\'Title: Active Directory Attacks: The Good, The Bad, and The LOLwut (Pre-Registration Required)
\nWhen: Saturday, Aug 12, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Aaron Rosenmund,Brandon DeVault,Ryan Chapman
\n
SpeakerBio:Aaron Rosenmund\n, Director of Security Research and Content at Pluralsight
\nAaron Rosenmund is the Director of Security Research and Content for Pluralsight, where he has also authored over 115 courses and technical labs across offensive and defensive security operations topics. Part time work includes service as an Cyber Warfare Operations office in the Delaware Air National guard, where he has also lead a 100+ member red team for the largest cyber exercise in the Nation, Cybershield. 4 years of highly rated talks and workshops have earned him the Distinguished speaker title from RSAC, and he looks forward to returning for the 3rd year to Defcon Workshops to bring practical emulation and testing capabilities to the people who need it most.
\n
SpeakerBio:Brandon DeVault\n, Pluralsight
\nBrandon DeVault is a security researcher, blue teamer, and educator. Currently works as an author for Pluralsight and member of the FL Air National Guard. Prior experience includes work at Elastic and multiple deployments with Special Operations Command.
\n
SpeakerBio:Ryan Chapman\n
\nRyan Chapman is the author of SANS’ “FOR528: Ransomware for Incident Responders” course, teaches SANS’ “FOR610: Reverse Engineering Malware” course, works as a principal incident response consultant for $dayJob, and helps run the CactusCon conference in Phoenix, Arizona, USA. Ryan has a passion for life-long learning, loves to teach people about ransomware-related attacks, and enjoys pulling apart malware. He has presented workshops at DefCon and other conferences in the past and knows how to create a step-by-step instruction set to maximize hands-on learning.
\n\n
\nDescription:
\nThreat actors such as ransomware affiliates around the world are carrying out attacks on Active Directory (AD) at scale. When doing so, such actors often stick to the mainstream in terms of attack methodologies and tooling. But… that’s lame! Why borrow tactics, techniques, and procedures (TTPs) that are so well known and thus readily detectable?! Come hang out with us as we provide an overview of AD, show the most common attack scenarios, then show you how to detect and prevent those very attacks. Stick around as we then transition to covering what you could, and should, be doing instead.\n

We will be providing a remote network range to which you will connect. Once in the range, you will be acting as the ransomware threat actor, “pentester” as they like to call themselves. You will carry out attacks such as enumeration via Bloodhound, credential discovery and compromise, pass the hash attacks, and kerberoasting via common tools such as Mimikatz & Rubeus. After carrying out the attacks yourself, you’ll then learn how to prevent and detect those very attacks. We’ll then show you custom-developed methods to carry out the same attacks without the reliance on well-known TTPs/tools. And even better, we’ll show you how you could, at least where it’s even possible, detect the more custom/advanced methodologies.\n

Join us if you are a blue teamer, red teamer, purple teamer, cyber defender, DFIR analyst… basically anyone who wants (or needs!) to learn to defend and/or attack Active Directory. Come for the tech, stay for the humor. See ya there!\n

Skill Level: Intermediate to Advanced\n

Prerequisites for students: \n

\n

Materials or Equipment students will need to bring to participate:\n- A laptop with Linux/Windows/Mac desktop environment\n- Networking capability: Students will be connecting to a remote network range – They will need a wireless NIC (assuming the workshop area provides Wi-Fi, not not we’ll need to know) that can be enabled along with administrator privileges on their system\n- IMPORTANT: This workshop relies on network connectivity. Any student not able to connect to our range will be unable to follow along with the hands-on portion of the workshop.\n

\n\n\'',NULL,365363),('3_Saturday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Active Directory Attacks: The Good, The Bad, and The LOLwut (Pre-Registration Required)\'','\'Aaron Rosenmund,Brandon DeVault,Ryan Chapman\'','WS_ba2204ff9a89db6632d5d84e14c60598','\'\'',NULL,365364),('3_Saturday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Active Directory Attacks: The Good, The Bad, and The LOLwut (Pre-Registration Required)\'','\'Aaron Rosenmund,Brandon DeVault,Ryan Chapman\'','WS_ba2204ff9a89db6632d5d84e14c60598','\'\'',NULL,365365),('3_Saturday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Active Directory Attacks: The Good, The Bad, and The LOLwut (Pre-Registration Required)\'','\'Aaron Rosenmund,Brandon DeVault,Ryan Chapman\'','WS_ba2204ff9a89db6632d5d84e14c60598','\'\'',NULL,365366),('2_Friday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Getting into Trouble with Machine Learning Models (Pre-Registration Required)\'','\'Robert Koehlmoos\'','WS_f8439b8796a0d105c58a38a5148f0f81','\'Title: Getting into Trouble with Machine Learning Models (Pre-Registration Required)
\nWhen: Friday, Aug 11, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\n
SpeakerBio:Robert Koehlmoos\n
\nRob works as a lead machine learning engineer focusing on deep learning applications, primarily with language translation. His team works with the full pipeline of training, productionizing, and deploying machine learning applications. He is happy not only talking about theory and research but also the practicalities of model selection and designing products to meet user needs. He previously worked as a data scientist and has strong opinions about effective uses of data visualization and good UI design. He is only a little afraid of AI taking over everything.
\n\n
\nDescription:
\nThis workshop is a beginner\'s introduction to deep learning with neural networks, going from fundamentals to the latest in models for image editing, object recognition, and automated pen testing using large language models. It starts with an introduction to the theory behind deep learning, with a few toy examples to give students a feel for how these systems are built. From there we shift focus to a tour of state of the art models with a focus on running open source models locally independent of proprietary corporate systems. These systems include captcha defeat, video search and tracking, and image editing, among others. Finally, students perform a pen testing capstone using AutoGPT and HuggingGPT to understand the latest in emergent large language model reasoning capabilities. Students should have a basic understanding of how to write Python code, the class will build from there. A laptop with 8Gb of RAM and 100GB of free space will be sufficient. Students may bring laptops with more powerful GPUs, but online resources will be available for more GPU intensive models.\n

Skill Level: Beginner\n

Prerequisites for students:
\n- None, this workshop will walk through all steps required to use and apply the models.\n

Materials or Equipment students will need to bring to participate: \n- A laptop with at least 8Gb of RAM and 100GB available hard drive space. Must also be able to run a Linux based VM. This isn\'t meant to be a high bar, free online resources will be used to supplement their laptop for larger models.\n- Students will need an OpenAI API token, which will require setting up a paid account with OpenAI. The final cost for API using in this class should be no more than $5. I wish there was not a requirement for this, but unfortunately some of the cutting edge application I want students to experiment with are only available in high enough quality using OpenAI\'s products. This may change between this submission and the start date of the class at the rate of current AI advancement.\n

\n\n\'',NULL,365367),('2_Friday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Getting into Trouble with Machine Learning Models (Pre-Registration Required)\'','\'Robert Koehlmoos\'','WS_f8439b8796a0d105c58a38a5148f0f81','\'\'',NULL,365368),('2_Friday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Getting into Trouble with Machine Learning Models (Pre-Registration Required)\'','\'Robert Koehlmoos\'','WS_f8439b8796a0d105c58a38a5148f0f81','\'\'',NULL,365369),('2_Friday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Getting into Trouble with Machine Learning Models (Pre-Registration Required)\'','\'Robert Koehlmoos\'','WS_f8439b8796a0d105c58a38a5148f0f81','\'\'',NULL,365370),('2_Friday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Advanced WiFi Attacks for Red Team Professionals (Pre-Registration Required)\'','\'Raúl \"r4ulcl\" Calvo Laorden\'','WS_2315d11573e57737624ec8fbf0e17f55','\'Title: Advanced WiFi Attacks for Red Team Professionals (Pre-Registration Required)
\nWhen: Friday, Aug 11, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\n
SpeakerBio:Raúl \"r4ulcl\" Calvo Laorden\n
\nRaúl Calvo Laorden is a Spanish Senior Cybersecurity Analyst (Pentester) who is known in the online community as r4ulcl. He has a keen interest in hacking, particularly in Active Directory (AD), WiFi, and Radio Frequency (RF). Raúl enjoys working with Docker and git. He also has a passion for music, video games, and tinkering with electronic devices.\n

Raúl is the author of WiFiChallenge Lab, a 100% virtualized realistic lab designed for learning and practicing wifi hacking (presented in RootedCON 2022). He is also the creator of wifi_db, a script that parses Aircrack-ng captures into a SQLite database, extracting valuable information such as handshakes, MGT identities, interesting relations between APs, clients and their probes, WPS information, and a global view of all the APs seen. Additionally, he holds the OSCP and CRTP certifications.\n

In his free time, Raúl dedicates himself to programming hacking and cybersecurity tools. He also maintains his own micro-datacenter consisting of multiple servers and services where he continually learns and practices new technologies.\n

\n\n
\nDescription:
\nWireless networks have become ubiquitous in today\'s world, and Red Teams are increasingly using advanced WiFi attacks to gain unauthorized access to these networks. This workshop will focus on advanced WiFi attacks utilized by Red Teams to gain access to wireless networks. Participants will learn how to conduct WiFi reconnaissance, identify misconfigurations in wireless networks, create Rogue APs for launching phishing attacks, bypass WIDS, and more. The workshop is entirely virtual, and participants will have access to a lab environment where they can experiment safely. Participants must have prior knowledge of WiFi attacks on Open, WEP, and WPA2-PSK networks. The workshop covers advanced techniques for WiFi reconnaissance, creating custom TLS certificates, Rogue AP attacks, MSCHAPv2 Relay attacks, password spraying, ESSID stripping, and more. The workshop also covers the importance of Wireless Intrusion Detection Systems for Blue Teams and an example using Nzyme. Overall, this workshop is ideal for Red Team professionals looking to enhance their WiFi attack skills and stay ahead of the game.\n

Skill Level: Intermediate\n

Prerequisites for students:
\n- All participants in participating in this workshop must have a basic understanding of Linux, 802.11 protocol and Wireshark. \n- Must have prior knowledge of WiFi attacks on Open, WEP, and WPA2-PSK networks.\n

Materials or Equipment students will need to bring to participate: \n- Participants must have access to a computer with a reliable internet connection and a virtualization software such as VirtualBox or VMware.\n

\n\n\'',NULL,365371),('2_Friday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Advanced WiFi Attacks for Red Team Professionals (Pre-Registration Required)\'','\'Raúl \"r4ulcl\" Calvo Laorden\'','WS_2315d11573e57737624ec8fbf0e17f55','\'\'',NULL,365372),('2_Friday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Advanced WiFi Attacks for Red Team Professionals (Pre-Registration Required)\'','\'Raúl \"r4ulcl\" Calvo Laorden\'','WS_2315d11573e57737624ec8fbf0e17f55','\'\'',NULL,365373),('2_Friday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Advanced WiFi Attacks for Red Team Professionals (Pre-Registration Required)\'','\'Raúl \"r4ulcl\" Calvo Laorden\'','WS_2315d11573e57737624ec8fbf0e17f55','\'\'',NULL,365374),('1_Thursday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'These Port Scans are Trash: Improving Nmap by Writing New Scripts and Libraries (Pre-Registration Required)\'','\'Philip Young \"Soldier of FORTRAN\"\'','WS_204c3404ff2377225edbdd606f163f63','\'Title: These Port Scans are Trash: Improving Nmap by Writing New Scripts and Libraries (Pre-Registration Required)
\nWhen: Thursday, Aug 10, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\n
SpeakerBio:Philip Young \"Soldier of FORTRAN\"\n
\nPhilip Young, aka Soldier of FORTRAN, is a leading expert in all things mainframe hacking. Having spoken and taught at conferences around the world, including DEFCON, RSA, BlackHat and keynoting at both SHARE and GSE Europe, he has established himself as the thought leader in mainframe penetration testing. Since 2013 Philip has released tools to aid in the testing of mainframe security and contributed to multiple opensource projects including Nmap, allowing those with little mainframe capabilities the chance to test their mainframes. He created the Nmap TN3270 library which enabled Nmap to scan and fingerprint z/OS mainframes and SNA networks. His hope is that through education others will create new libraries and scripts to force corporations to fix their shit.
\n\n
\nDescription:
\nDoes anyone know how old Nmap is? If you guessed 20 years old, you’d be wrong! It’s been around since 1997 when it was first released in Phrack magazine. Since the beginning, it\'s been through multiple iterations and an entire community has developed around it. One of the most important additions to Nmap was the ability to add custom scripts. Changing Nmap from a simple port scanner to the swiss army knife of network scanners. Oftentimes, when zero days pop up, someone will write an nmap script to identify vulnerable servers within minutes. If you’ve ever wondered how people write Nmap scripts, what it would take to write your own and how you can use them, this workshop is for you.\n

Attendees in this workshop will learn how to understand and update the Nmap probe file, how to write Lua scripts (which Nmap scripting uses), how to write Nmap scripts to supplement the probe file, interact with custom services and ultimately write multiple Nmap scripts to do fun stuff with ports. Once attendees have a firm grasp of the Nmap scripting engine they will be introduced to writing Nmap libraries for use by their various scripts. This workshop contains many instructor lead labs so that attendees can see their code in action. To make this workshop worthwhile, a custom service running on a port has been created which the labs will allow you to probe and identify as the course goes on.\n

Nmap is the workhorse behind the scenes for so many pentesters, but the resources for writing scripts are limited. The hope is that by offering this workshop, more people will be able to write Nmap scripts for the betterment of all hackingkind.\n

Skill Level: Beginner\n

Prerequisites for students:
\n- Some basic understanding of how to write code (python, C, Lua, etc), how to use the Linux command line.\n

Materials or Equipment students will need to bring to participate: \n- A laptop capable of running a linux VM\n

\n\n\'',NULL,365375),('1_Thursday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'These Port Scans are Trash: Improving Nmap by Writing New Scripts and Libraries (Pre-Registration Required)\'','\'Philip Young \"Soldier of FORTRAN\"\'','WS_204c3404ff2377225edbdd606f163f63','\'\'',NULL,365376),('1_Thursday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'These Port Scans are Trash: Improving Nmap by Writing New Scripts and Libraries (Pre-Registration Required)\'','\'Philip Young \"Soldier of FORTRAN\"\'','WS_204c3404ff2377225edbdd606f163f63','\'\'',NULL,365377),('1_Thursday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'These Port Scans are Trash: Improving Nmap by Writing New Scripts and Libraries (Pre-Registration Required)\'','\'Philip Young \"Soldier of FORTRAN\"\'','WS_204c3404ff2377225edbdd606f163f63','\'\'',NULL,365378),('2_Friday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Android App Hacking - Hacking for Good! (Pre-Registration Required)\'','\'Kavia Venkatesh,Maria Uretsky,Olivier Tuchon,Sajjad \"JJ\" Arshad\'','WS_8ab292292e87da37a7d60a419fff88e7','\'Title: Android App Hacking - Hacking for Good! (Pre-Registration Required)
\nWhen: Friday, Aug 11, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Kavia Venkatesh,Maria Uretsky,Olivier Tuchon,Sajjad \"JJ\" Arshad
\n
SpeakerBio:Kavia Venkatesh\n, Technical Program Manager on the Android Security Team at Google
\nKavia Venkatesh is a Technical Program Manager on the Android Security Team at Google where she leads the execution of the Android Security Release Program aka Android Security Bulletin. Over the last 7+ years has led numerous security initiatives. Now, she\'s passionate about sharing her knowledge with the world.
\n
SpeakerBio:Maria Uretsky\n, Google
\nMaria Uretsky is leading the Android Vulnerability Rewards program at Google. Her passion is to break all the things before the bad actors do, to ensure they are kept out. During her 10+ years of software engineering and security work, she has been part of Google Cloud Security, Azure Sentinel, Windows Defender and AVG.
\n
SpeakerBio:Olivier Tuchon\n, Security Engineer, Android Vulnerability Research team at Google
\nOlivier Tuchon is a Security Engineer on the Android Vulnerability Research team. Olivier has been working at Google for almost 5 years, he started by chasing malware/PHA in the Play Store and into the wild (OffMarket) with a speciality in Stalkerware. Now, Olivier looks for vulnerabilities in 3P Android applications. Before Google, Olivier had been a Security Engineer in the French Army for 12 years.
\n
SpeakerBio:Sajjad \"JJ\" Arshad\n, Senior Security SWE, Android Security & Privacy team at Google
\nJJ is a Senior Security SWE at Google\'s Android Security & Privacy team where he is developing tools to fight abuse in Android with focus on JavaScript-based frameworks. He has also designed CTF challenges and helped organize GoogleCTF in the past few years. Before Google, he was a Cybersecurity researcher at iSecLab and earned his PhD in Cybersecurity from Northeastern University, Boston, MA. Some domains he is active in are large-scale web security & privacy measurement, program analysis, and Malware detection.
\n\n
\nDescription:
\nWelcome to the world of Android Hacking! This is a hands-on workshop designed to introduce you to the knowledge, tools and techniques for analyzing and exploiting vulnerabilities in Android applications.\n

The workshop will start by presenting hacking for good, insights on the Android bug bounty, then it will cover the basic concepts of Android applications, walk you through industry standard tools and techniques and then let you experiment on your own with our Android reverse engineering CTF!\n

Come and hack with us!\n

The workshop requires no prior knowledge of Android or reverse engineering.\n

Skill Level: Beginner to Intermediate\n

Prerequisites for students:
\n- Before the workshop, students should follow the setup instructions to ensure they can start working on the CTFs in the workshop: https://tinyurl.com/aah-setup\n- There is no pre-required knowledge.\n

Materials or Equipment students will need to bring to participate: \n- Laptop with 20+ GB free hard disk space 4+ GB RAM\n- Mac. Windows 7/8 , Ubuntu 12.x + (64 bit Operating System),\n- ADB\n

\n\n\'',NULL,365379),('2_Friday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Android App Hacking - Hacking for Good! (Pre-Registration Required)\'','\'Kavia Venkatesh,Maria Uretsky,Olivier Tuchon,Sajjad \"JJ\" Arshad\'','WS_8ab292292e87da37a7d60a419fff88e7','\'\'',NULL,365380),('2_Friday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Android App Hacking - Hacking for Good! (Pre-Registration Required)\'','\'Kavia Venkatesh,Maria Uretsky,Olivier Tuchon,Sajjad \"JJ\" Arshad\'','WS_8ab292292e87da37a7d60a419fff88e7','\'\'',NULL,365381),('2_Friday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Android App Hacking - Hacking for Good! (Pre-Registration Required)\'','\'Kavia Venkatesh,Maria Uretsky,Olivier Tuchon,Sajjad \"JJ\" Arshad\'','WS_8ab292292e87da37a7d60a419fff88e7','\'\'',NULL,365382),('1_Thursday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Analysis 101 for Incident Responders (Pre-Registration Required)\'','\'Kristy Westphal\'','WS_6746be18cf1ad98ed3bf2c4405b56fec','\'Title: Analysis 101 for Incident Responders (Pre-Registration Required)
\nWhen: Thursday, Aug 10, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\n
SpeakerBio:Kristy Westphal\n
\nKristy Westphal is a versatile information technology professional with specific experience in providing advisory and management services in the area of information security and risk is currently employed as the Vice President, Security Operations at a financial services company. Specializing in leadership and program development, specific expertise in security areas includes: process analysis, risk assessments, security awareness programs, operating system security, network security, incident handling, vulnerability analysis and policy development.
\n\n
\nDescription:
\nYou have a theory about something you have found while roaming the network or conducting your own hackfest, but how do you go about proving it? This workshop will be a hands-on journey deep into the world of analysis. While analysis is a bit of an art form, there are methods that can be applied to make it less of a gut feeling and more of a scientific approach to support your hypothesis. From network forensics to log analysis to endpoint forensics and cloud log analysis, we will review numerous quick methods (including some analysis wizardry with R) to gain context over the data you have gathered and apply critical thinking in an attempt to find the answers. Sometimes, the answers weren’t meant to be found, but we’ll also discuss how to make the best of any conclusion that you reach.\n

Skill Level: Beginner to Intermediate\n

Prerequisites for students:
\n- A curiosity for security!\n

Materials or Equipment students will need to bring to participate: \n- Will need a laptop with Wireshark and R installed.\n

\n\n\'',NULL,365383),('1_Thursday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Analysis 101 for Incident Responders (Pre-Registration Required)\'','\'Kristy Westphal\'','WS_6746be18cf1ad98ed3bf2c4405b56fec','\'\'',NULL,365384),('1_Thursday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Analysis 101 for Incident Responders (Pre-Registration Required)\'','\'Kristy Westphal\'','WS_6746be18cf1ad98ed3bf2c4405b56fec','\'\'',NULL,365385),('1_Thursday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Analysis 101 for Incident Responders (Pre-Registration Required)\'','\'Kristy Westphal\'','WS_6746be18cf1ad98ed3bf2c4405b56fec','\'\'',NULL,365386),('1_Thursday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Hide your kids, turn off your Wi-Fi, they Rogue APing up in here (Pre-Registration Required)\'','\'Daniel Costantini,James Hawk,Lander Beyer\'','WS_cb897e27336cb2e2309faa2921608fed','\'Title: Hide your kids, turn off your Wi-Fi, they Rogue APing up in here (Pre-Registration Required)
\nWhen: Thursday, Aug 10, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Daniel Costantini,James Hawk,Lander Beyer
\n
SpeakerBio:Daniel Costantini\n, Principal Consultant at Mandiant
\nDaniel Costantini is a Principal Consultant with Mandiant, within Proactive Services. He is a Red Team/Penetration Testing subject matter expert in a variety of disciplines. Daniel has led and contributed to over a hundred Penetration/Red Team assessments. Over the years he has gained vast experience in living off the land, application, web, and network penetration testing. He continues, to strengthen his expertise in advanced wireless assessments. Daniel is a 17-year veteran of the United States Air Force (USAF) with ten of those years on active-duty and continues to serve in the United States Air Force Reserves. He has performed Penetration tests for USAF while on active duty and as a civilian contractor. He enjoys spending time with his family, playing games, and relaxing in front of the television.
\n
SpeakerBio:James Hawk\n, Senior Consultant at Mandiant
\nJames Hawk (He/Him) is a Senior Consultant with Mandiant, within Proactive Services. He is the wireless subject matter expert for his team. James has led and contributed to dozens of assessments (Red Teams and Pen Tests). He has developed internal training and tool updates for 802.11 for his company. James is a 20-year veteran of the U.S. Army and has over 10 years hands-on experience in wireless technologies. James is always researching/testing 802.11 attacks against his home lab. He is a fan of hockey, LetterKenny, and almost anything sci-fi.
\n
SpeakerBio:Lander Beyer\n, Manager, Proactive Services team at Mandiant
\nLander Beyer (He/Him) is the Manager of Mandiant’s Proactive Services team within their Global Government section. Lander has performed dozens of penetration testing services against State, Local, and Education (SLED) organizations, to include wireless and physical assessments. Lander is a cyber branch warrant officer in the California Army National Guard, and a proud husband and father of two. He enjoys table tennis, long walks in the rain, and Domain Admin.
\n\n
\nDescription:
\nThis workshop will teach you how to deploy Rogue APs in your client\'s environment. Using Rogue APs lets you test your client\'s Wireless Intrusion Detection System, passwords, wireless phishing education, and overall wireless security. We will discuss Rogue AP Tactics, Techniques, and Procedures, and how and why they work. In this workshop we will walk through setting up an OPEN, CAPTIVE PORTAL, WPA2, and 802.1x Rogue AP. We will also go over OWE and WPA3-SAE transition mode Rogue APs.\n

The primary goal is setting up Rogue APs to harvest credentials. In the workshop, we will walk through a scenario at a client’s site, then set up a Rogue AP to harvest users’ credentials for the various networks at the site. We will go through how to crack the harvested credentials. We will be using EAPHAMMER, HOSTAPD-MANA, WIFIPHISHER, and AIRBASE-NG for the Rogue AP portion, HASHCAT, AIRCRACK-NG, and JOHN for the cracking portion. This workshop is for beginners, but participants should have basic Linux and 802.11 knowledge and be comfortable using virtual machines.\n

Recommended reading/viewing:
\n- https://posts.specterops.io/modern-wireless-attacks-pt-i-basic-rogue-ap-theory-evil-twin-and-karma-attacks-35a8571550ee\n- https://sensepost.com/blog/2015/improvements-in-rogue-ap-attacks-mana-1%2F2/\n- https://www.youtube.com/watch?v=i2-jReLBSVk\n

Skill Level: Beginner\n

Prerequisites for students:
\n- None\n

Materials or Equipment students will need to bring to participate:\n- Laptop with 8 GBS RAM
\n- Virtual Box / VMware Installed
\n- Wireless card with Access Point Mode and monitor mode. Recommended chip set AWUS036ACM.\n

\n\n\'',NULL,365387),('1_Thursday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Hide your kids, turn off your Wi-Fi, they Rogue APing up in here (Pre-Registration Required)\'','\'Daniel Costantini,James Hawk,Lander Beyer\'','WS_cb897e27336cb2e2309faa2921608fed','\'\'',NULL,365388),('1_Thursday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Hide your kids, turn off your Wi-Fi, they Rogue APing up in here (Pre-Registration Required)\'','\'Daniel Costantini,James Hawk,Lander Beyer\'','WS_cb897e27336cb2e2309faa2921608fed','\'\'',NULL,365389),('1_Thursday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Hide your kids, turn off your Wi-Fi, they Rogue APing up in here (Pre-Registration Required)\'','\'Daniel Costantini,James Hawk,Lander Beyer\'','WS_cb897e27336cb2e2309faa2921608fed','\'\'',NULL,365390),('2_Friday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Long Live the Empire: A C2 Workshop for Modern Red Teaming (Pre-Registration Required)\'','\'Dylan \"CyberStryke\" Butler,Jake \"Hubbl3\" Krasnov,Kevin “Kent” Clark\'','WS_02c16871cec700f8ee93c1a8b5a8337c','\'Title: Long Live the Empire: A C2 Workshop for Modern Red Teaming (Pre-Registration Required)
\nWhen: Friday, Aug 11, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Dylan \"CyberStryke\" Butler,Jake \"Hubbl3\" Krasnov,Kevin “Kent” Clark
\n
SpeakerBio:Dylan \"CyberStryke\" Butler\n, Offensive Infrastructure Developer at BC Security
\nDylan \"CyberStryke\" Butler is an Offensive Infrastructure Developer at BC Security. He began his career as a software engineer, developing high-performance systems for major tech companies. His passion for cybersecurity led him to specialize in offensive infrastructure development, where he now designs and builds robust frameworks to support red team operations.
\n
SpeakerBio:Jake \"Hubbl3\" Krasnov\n, Red Team Operations Lead at BC Security
\nJake \"Hubbl3\" Krasnov is the Red Team Operations Lead at BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Hubbl3 has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
\n
SpeakerBio:Kevin “Kent” Clark\n, Red Team Instructor at BC Security
\nKevin “Kent” Clark is a Security Consultant with TrustedSec and Red Team Instructor with BC Security. His previous work includes Penetration Testing and Red Team Operator, focusing on initial access and active directory exploitation. Kevin contributes to open-source tools such as PowerShell Empire and publishes custom security toolkits such as Badrats and WindowsBinaryReplacements. Kevin authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
\n\n
\nDescription:
\nCommand and Control (C2) is a crucial component of modern Red Teams and Advanced Persistent Threats (APTs), enabling persistent connections to target networks and facilitating the spread of control throughout the infrastructure. This comprehensive workshop will provide an in-depth understanding of C2 concepts by utilizing the open-source Empire C2 framework. Participants will gain valuable insights into the deployment, features, and real-world application of C2 in offensive security. Attendees will learn how to leverage the powerful Empire framework to create, customize, and execute advanced attack scenarios, honing their skills as red team operators.\n

The workshop will cover a range of topics, from setting up Empire, understanding listeners, stagers, and agents, to exploring Empire\'s modules and evasion techniques. Participants will engage in hands-on exercises, building their proficiency in configuring and deploying Empire servers, interacting with clients, and implementing various listeners and modules. The workshop will culminate in a mini Capture-The-Flag (CTF) challenge, where attendees will apply their newfound knowledge in a cloud-hosted environment provided by the instructors.\n

Skill Level: Beginner\n

Prerequisites for students:
\n- Basic computer abilities\n

Materials or Equipment students will need to bring to participate: \n- Laptop with a Kali Linux VM\n

\n\n\'',NULL,365391),('2_Friday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Long Live the Empire: A C2 Workshop for Modern Red Teaming (Pre-Registration Required)\'','\'Dylan \"CyberStryke\" Butler,Jake \"Hubbl3\" Krasnov,Kevin “Kent” Clark\'','WS_02c16871cec700f8ee93c1a8b5a8337c','\'\'',NULL,365392),('2_Friday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Long Live the Empire: A C2 Workshop for Modern Red Teaming (Pre-Registration Required)\'','\'Dylan \"CyberStryke\" Butler,Jake \"Hubbl3\" Krasnov,Kevin “Kent” Clark\'','WS_02c16871cec700f8ee93c1a8b5a8337c','\'\'',NULL,365393),('2_Friday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Long Live the Empire: A C2 Workshop for Modern Red Teaming (Pre-Registration Required)\'','\'Dylan \"CyberStryke\" Butler,Jake \"Hubbl3\" Krasnov,Kevin “Kent” Clark\'','WS_02c16871cec700f8ee93c1a8b5a8337c','\'\'',NULL,365394),('1_Thursday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Hacking The Metal: An Intro to ARM Assembly Language Programming (Pre-Registration Required)\'','\'Eigentourist\'','WS_19592cf5d37cf260e089d92f8816e9c7','\'Title: Hacking The Metal: An Intro to ARM Assembly Language Programming (Pre-Registration Required)
\nWhen: Thursday, Aug 10, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\n
SpeakerBio:Eigentourist\n
\nEigentourist is a programmer who learned the craft in the early 1980s. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes it\'s hard to tell which was which. Today, he works on systems integration and engineering in the healthcare industry.
\n\n
\nDescription:
\n\"RISC architecture is gonna change everything.\"\n

\"Yeah. RISC is good.\"\n

So said Angelina Jolie and Jonny Lee Miller in 1995. And while many of us weren\'t looking, RISC quietly changed everything.\n

This workshop will teach an introduction to low-level programming on the CPU that runs your favorite mobile games, apps, and everything else on your personal devices -- and is now creeping onto the desktop and into the datacenters that run the world.\n

We will write assembly code for ARM CPUs, and run it on an emulated Raspberry Pi, using the QEMU emulator. In the process, we will learn the key differences between ARM and the Intel CPUs running our workstations and servers. We will also learn to parallelize operations using the Neon coprocessor, and communicate with devices via the Raspberry\'s GPIO pins. Finally, we will explore and debug some misbehaving code, and in the end, we will emerge with a deeper understanding of low-level operations as they occur on the devices that play a vital role in our present and our future.\n

Skill Level: Intermediate\n

Prerequisites for students:
\n- Some previous coding experience is helpful, but mostly, a healthy curiosity\n

Materials or Equipment students will need to bring to participate: \n- Laptop with wifi connectivity, if wishing to participate\n

\n\n\'',NULL,365395),('1_Thursday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Hacking The Metal: An Intro to ARM Assembly Language Programming (Pre-Registration Required)\'','\'Eigentourist\'','WS_19592cf5d37cf260e089d92f8816e9c7','\'\'',NULL,365396),('1_Thursday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Hacking The Metal: An Intro to ARM Assembly Language Programming (Pre-Registration Required)\'','\'Eigentourist\'','WS_19592cf5d37cf260e089d92f8816e9c7','\'\'',NULL,365397),('1_Thursday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Hacking The Metal: An Intro to ARM Assembly Language Programming (Pre-Registration Required)\'','\'Eigentourist\'','WS_19592cf5d37cf260e089d92f8816e9c7','\'\'',NULL,365398),('3_Saturday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'The Petting Zoo: Breaking into CTFs (Pre-Registration Required)\'','\'Christopher Forte,Robert Fitzpatrick\'','WS_b1bc5290026d19c3bfd62a612a36cf9c','\'Title: The Petting Zoo: Breaking into CTFs (Pre-Registration Required)
\nWhen: Saturday, Aug 12, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Christopher Forte,Robert Fitzpatrick
\n
SpeakerBio:Christopher Forte\n
\nChristopher Forte is a security researcher and a junky for learning, participating in CTFs, and solving challenges. He is curious, loves teaching others, and has a passion for breaking things. As a resident of Las Vegas, Christopher co-founded DC702, is the local Chapter President of TOOOL, and enjoys introducing people to the world of hacking and lock picking.
\n
SpeakerBio:Robert Fitzpatrick\n
\nRobert Fitzpatrick is a military veteran of over 20 years. He began his cyber life leading the Information Assurance office, and quickly moved up to run the Network Operations Center, as well as the Network Test and Evaluation center. He has built multiple operations centers in both homeland and austere locations, purchased satellite infrastructures, and led vulnerability investigations for classified networks. He is also a co-founder of DC702 and enjoys training new students on an eclectic array of subjects surrounding his interests.
\n\n
\nDescription:
\nBreaking into the capture the flag (CTF) world can be daunting and many people are overwhelmed when faced with participation in these events and challenges. With how beneficial the various challenges can be to both beginners and seasoned professionals, we want to demystify this world and help people get the most out of them.\n

This workshop will start with an overview of the CTF landscape, why we do them, and what value they have in the scope of the hacking community. This presentation will include various resources and a few simple demos to show how to approach a CTF and how it may differ from \"real world\" hacking challenges that many of us face in our professions. Next, a short CTF will be hosted to give attendees hands-on experience solving challenges with the ability to ask for help and will be guided through the approach to successfully navigating these challenges. Upon completion, the group will have worked through various types of hacking challenges and will have the confidence to participate in other CTFs hosted throughout the year.\n

Areas of focus will include:\n

\n

Skill Level: Beginner\n

Prerequisites for students:
\n- Be curious about CTFs and have a very basic knowledge of or exposure to fundamental topics (e.g., Linux, websites, networking, data encoding and encryption)\n- Exposure to the above concepts will help during the workshop defined CTF challenges but is not required for the workshop\n

Materials or Equipment students will need to bring to participate:\n- Laptop
\n- Debian-based Virtual Machine (e.g., Kali) is recommended\n- Virtualized environment or Kali is not required but Kali will provide all the tools useful in solving the challenges and help standardize available tools. All challenge solutions will be possible using default Kali installations.\n- A limited number of Kali-Chromebooks and hosted resources will be available for those having issues or unable to bring their own systems.\n

\n\n\'',NULL,365399),('3_Saturday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'The Petting Zoo: Breaking into CTFs (Pre-Registration Required)\'','\'Christopher Forte,Robert Fitzpatrick\'','WS_b1bc5290026d19c3bfd62a612a36cf9c','\'\'',NULL,365400),('3_Saturday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'The Petting Zoo: Breaking into CTFs (Pre-Registration Required)\'','\'Christopher Forte,Robert Fitzpatrick\'','WS_b1bc5290026d19c3bfd62a612a36cf9c','\'\'',NULL,365401),('3_Saturday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'The Petting Zoo: Breaking into CTFs (Pre-Registration Required)\'','\'Christopher Forte,Robert Fitzpatrick\'','WS_b1bc5290026d19c3bfd62a612a36cf9c','\'\'',NULL,365402),('1_Thursday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Pentesting Inductiral Control Systems: OCP-U-HACK (Pre-Registration Required)\'','\'Alexandrine Torrents,Arnaud Soullié\'','WS_df4c286f0d74c0a7bfc9ecad162ad5e9','\'Title: Pentesting Inductiral Control Systems: OCP-U-HACK (Pre-Registration Required)
\nWhen: Thursday, Aug 10, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Alexandrine Torrents,Arnaud Soullié
\n
SpeakerBio:Alexandrine Torrents\n, Cybersecurity Expert at Wavestone
\nAlexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.
\n
SpeakerBio:Arnaud Soullié\n, Senior Manager at Wavestone
\nArnaud Soullié (@arnaudsoullie) is a Senior Manager at Wavestone, a global consulting company. For 12 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He spoke and taught workshops at numerous security conferences on ICS topics : BlackHat Europe, BruCon, CS3STHLM, BSides Las Vegas, DEFCON... He is also the creator of the DYODE project, an open­source data diode aimed at ICS. He has been teaching ICS cybersecurity training since 2015.
\nTwitter: @arnaudsoullie
\n\n
\nDescription:
\nLet’s capture the flag, literally! In this workshop you’ll participate in an engaging CTF during which you’ll take control of a robotic arm to capture a real flag on a model train!\n

To do so, we’ll start with an introduction to Industrial Control Systems to discover the specific components, the network architectures, and even program a PLC simulator.\n

We’ll then discover some ICS-specific protocols, with a focus on OPC-UA, a modern ICS protocol.\n

Finally, you’ll connect to our ICS setup composed of real ICS hardware and software and compete against other attendees to capture the flags with robotic hands!\n

Skill Level: Beginner\n

Prerequisites for students:
\n- No specific knowledge is required\n

Materials or Equipment students will need to bring to participate: \n- Students should have a laptop capable of running 64-bits virtual machines\n

\n\n\'',NULL,365403),('1_Thursday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Pentesting Inductiral Control Systems: OCP-U-HACK (Pre-Registration Required)\'','\'Alexandrine Torrents,Arnaud Soullié\'','WS_df4c286f0d74c0a7bfc9ecad162ad5e9','\'\'',NULL,365404),('1_Thursday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Pentesting Inductiral Control Systems: OCP-U-HACK (Pre-Registration Required)\'','\'Alexandrine Torrents,Arnaud Soullié\'','WS_df4c286f0d74c0a7bfc9ecad162ad5e9','\'\'',NULL,365405),('1_Thursday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Pentesting Inductiral Control Systems: OCP-U-HACK (Pre-Registration Required)\'','\'Alexandrine Torrents,Arnaud Soullié\'','WS_df4c286f0d74c0a7bfc9ecad162ad5e9','\'\'',NULL,365406),('2_Friday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Snakes on a Screen: Taming Offensive IronPython Techniques (Pre-Registration Required)\'','\'Anthony \"Coin\" Rose,Gannon “Dorf” Gebauer,Vincent \"Vinnybod\" Rose\'','WS_574d78110017dc788236a2bc37875d3d','\'Title: Snakes on a Screen: Taming Offensive IronPython Techniques (Pre-Registration Required)
\nWhen: Friday, Aug 11, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Anthony \"Coin\" Rose,Gannon “Dorf” Gebauer,Vincent \"Vinnybod\" Rose
\n
SpeakerBio:Anthony \"Coin\" Rose\n, Director of Security Researcher at BC Security
\nAnthony \"Coin\" Rose, CISSP, is the Director of Security Researcher at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, HackSpaceCon, HackMiami, and RSA conferences. Anthony is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing wide-spread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
\n
SpeakerBio:Gannon “Dorf” Gebauer\n, Security Consultant at BC Security
\nGannon “Dorf” Gebauer is a Security Consultant at BC Security and specializes in threat intelligence and embedded system testing. He has led teams through the Cyber Patriot, a USAF CTF that tests both defense and offensive capabilities. Currently, his expertise is focused on building automation tools for range deployments. Dorf has taught courses at both, Blackhat and DEF CON.
\n
SpeakerBio:Vincent \"Vinnybod\" Rose\n, Lead Developer at Empire and Starkiller
\nVincent \"Vinnybod\" Rose is the Lead Developer for Empire and Starkiller. He is a software engineer with a decade of expertise in building highly scalable cloud services, improving developer operations, and building automation. Recently, his focus has been on the reliability and stability of the Empire C2 server in the most recent major update (Empire 5). Vinnybod has presented at Black Hat and has taught courses at DEF CON on Red Teaming and Offensive PowerShell. He currently maintains a cybersecurity blog focused on offensive security at https://www.bc-security.org/blog/.
\n\n
\nDescription:
\nIronPython is a powerful and flexible programming language that has been increasingly used by attackers due to its ability to bypass security controls. This practical workshop will explore the inner workings of IronPython and its unique features that enable sophisticated offensive techniques. Participants will gain hands-on experience in developing IronPython payloads that can evade modern security controls and execute malicious code on target systems.\n

The workshop will cover the following topics:\n1. Introduction to IronPython: Basic syntax and usage of IronPython, and how it can be used in offensive scenarios.\n2. BYOI and DLR: Bring Your Own Interpreter (BYOI) and Dynamic Language Runtime (DLR) concepts and their role in developing offensive payloads.\n3. Malware Development with IronPython: Develop sophisticated payloads that can bypass modern security controls and execute malicious code on target systems.\n4. Anti-Forensics and Evasion Techniques: Techniques to make the payloads more resilient to forensic analysis and detection.\n5. Advanced Techniques: Advanced techniques like using IronPython with C# and PowerShell and integrating the payloads with other offensive tools.\n

This workshop is designed for offensive security professionals, red teamers, penetration testers, and anyone interested in exploring the capabilities of IronPython for offensive purposes. Participants should have a basic understanding of Python and programming concepts. By the end of the workshop, participants will have a deeper understanding of IronPython and its capabilities for developing offensive payloads.\n

Skill Level: Intermediate\n

Prerequisites for students:
\n- A familiarity with python is preferred, but not required.\n

Materials or Equipment students will need to bring to participate: \n- Laptop with Windows or other Windows VM\n

\n\n\'',NULL,365407),('2_Friday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Snakes on a Screen: Taming Offensive IronPython Techniques (Pre-Registration Required)\'','\'Anthony \"Coin\" Rose,Gannon “Dorf” Gebauer,Vincent \"Vinnybod\" Rose\'','WS_574d78110017dc788236a2bc37875d3d','\'\'',NULL,365408),('2_Friday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Snakes on a Screen: Taming Offensive IronPython Techniques (Pre-Registration Required)\'','\'Anthony \"Coin\" Rose,Gannon “Dorf” Gebauer,Vincent \"Vinnybod\" Rose\'','WS_574d78110017dc788236a2bc37875d3d','\'\'',NULL,365409),('2_Friday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Snakes on a Screen: Taming Offensive IronPython Techniques (Pre-Registration Required)\'','\'Anthony \"Coin\" Rose,Gannon “Dorf” Gebauer,Vincent \"Vinnybod\" Rose\'','WS_574d78110017dc788236a2bc37875d3d','\'\'',NULL,365410),('3_Saturday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Creating and uncovering malicious containers Redux (Pre-Registration Required)\'','\'Adrian \"threlfall\" Wood,David \"digish0\" Mitchell\'','WS_37974da56ca9d9ee63425ece55cce50d','\'Title: Creating and uncovering malicious containers Redux (Pre-Registration Required)
\nWhen: Saturday, Aug 12, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Adrian \"threlfall\" Wood,David \"digish0\" Mitchell
\n
SpeakerBio:Adrian \"threlfall\" Wood\n, Dropbox
\nAdrian Wood, aka threlfall, discovered a love for hacking from cracking and modding video games and from the encouragement of online friends. He has worked as a red team consultant for WHITEHACK, a company he founded, and later as a lead engineer for an offensive research team at a US bank, where he was very interested in appsec, container security, CI/CD security and also founded their bug bounty program. He currently works for Dropbox, working on their red team. In his free time, he enjoys playing saxophone, working on vintage cars, and fly-fishing.
\n
SpeakerBio:David \"digish0\" Mitchell\n
\nDavid Mitchell, aka digish0, started his hacking career as a script kiddie running 7th Sphere in mIRC in high school. Later falling in with some Linux/RedHat nerds at a local 2600 group at college while studying CS, etc. He got into Linux, started an IT career, later rediscovering his hacking script kiddie roots when a local hacker space opened up and shared members with a lockpicking group that worked in infosec as penetration testers, etc where he discovered he could get paid to do the things he liked doing in high school/college. He now works professionally as a red team member and cyber security researcher at a large financial institution. The rest of the time he spends being a dad/husband, trying not to get injured in Muay Thai/BJJ or mountain biking, and listening to either very expensive or very cheap vinyl.
\n\n
\nDescription:
\nContainers allow bad actors access to an excellent delivery mechanism for malware deployment in organizations, offering a wide variety of detection avoidance and persistence mechanisms. Fear not protectors, containers also offer ways to detect these, but can be fraught with challenges. Whether you\'re red, blue or just container curious this workshop is for you.\n

In this workshop, you will get hands-on with containers and kubernetes, - starting with introductory content - learning how they work, where and how to hide or find things, how to identify indicators of compromise, indicators of attack, and how to apply analysis to gain a deeper understanding of container malware and what is going on inside containers.\n

This workshop will utilize the Google Cloud Platform alongside command line operands and a small amount of open source tooling to learn both offensive and defense techniques on containers. By the end, you’ll have a solid mental model of how containers work, how they are managed and deployed, and be equipped with the ability to analyze container images, identify problems, attack container supply chains and identify familiar patterns. Ultimately, these skills will allow you to generate valuable insights for your organization’s defense or aid you in your next attack.\n

This course is designed to take you deep into the world of containers, making tooling like Kubernetes much more intuitive and easy to understand.There’s lots of labs which will be used to reinforce your learnings,in both attack and defense and the course comes with very detailed notes and instructions for setup which you can repeat on your own time. This course will provide references to scripts that make certain tasks easier, but we will be challenging you to learn the process and reasoning behind them rather than relying on automation.\n

Attendees will be provided with all the lab material used in the course in digital format, including labs, guides and virtual machine setup.\n

Skill Level: Beginner to Intermediate\n

Prerequisites for students:
\n- None! the class is well designed to allow those with little to no linux, kubernetes or cloud familiarity to follow along, but a basic familiarity with Linux and terminal will allow attendees to focus on the work.\n

Materials or Equipment students will need to bring to participate: \n- A Google Cloud free tier account (basically a fresh gmail account)\n- an internet connected computer
\n- We will send out instructions to attendees prior to the class, so they can be ready on the day.\n

\n\n\'',NULL,365411),('3_Saturday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Creating and uncovering malicious containers Redux (Pre-Registration Required)\'','\'Adrian \"threlfall\" Wood,David \"digish0\" Mitchell\'','WS_37974da56ca9d9ee63425ece55cce50d','\'\'',NULL,365412),('3_Saturday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Creating and uncovering malicious containers Redux (Pre-Registration Required)\'','\'Adrian \"threlfall\" Wood,David \"digish0\" Mitchell\'','WS_37974da56ca9d9ee63425ece55cce50d','\'\'',NULL,365413),('3_Saturday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Creating and uncovering malicious containers Redux (Pre-Registration Required)\'','\'Adrian \"threlfall\" Wood,David \"digish0\" Mitchell\'','WS_37974da56ca9d9ee63425ece55cce50d','\'\'',NULL,365414),('1_Thursday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Flipping the Coin: Red and Blue Teaming in Windows Environments (Pre-Registration Required)\'','\'Angus \"0x10f2c_\" Strom,Troy Defty\'','WS_423c2095eff3b219be6dae8a65570c66','\'Title: Flipping the Coin: Red and Blue Teaming in Windows Environments (Pre-Registration Required)
\nWhen: Thursday, Aug 10, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Angus \"0x10f2c_\" Strom,Troy Defty
\n
SpeakerBio:Angus \"0x10f2c_\" Strom\n, Senior Security Engineer
\nAngus (0x10f2c_) is currently a Senior Security Engineer working at a tech company. He obtained a love for all things computers by scavenging computer parts from local garbage pickups as a kid, and then trying to make them work together without blowing up. Angus eventually realised that a career could be made out of his skills hacking together poorly written LUA code in Garry’s mod, and finished a Bachelors in Network Security. In his professional career Angus has 5+ years working in Security Consulting, working across many industries and gaining many shells. More recently Angus has made the move to a security engineer focused role. When not hacking he loves to ski on the little snow that Australia has, and loves to paint small miniatures while listening to Drone Metal.
\n
SpeakerBio:Troy Defty\n, Security Engineering Manager
\nHaving worked in the UK and Australian InfoSec industries for just over a decade, and following 8 and a half years of red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and being bad at golf.
\n\n
\nDescription:
\nRed and blue are two sides of the same coin. Offensive and defensive teams deliver the best results when working together; sharing knowledge, ideas, and understanding with each other. And a core part of this information exchange is understanding each respective perspective. This is the overarching theme of the workshop; attackers thinking like defenders, and defenders thinking like attackers.\n

By the end of the workshop, attendees will:\n

    \n
  1. Understand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:
\n

Pass the Hash attacks;
\n ADCS abuse;
\n PrintSpoofer exploits;
\n LSASS exploitation (using Mimikatz);\n AD enumeration (using BloodHound);
\n DACL abuse;
\n Kerberos golden tickets; and
\n DLL hijacking.\n

\n

2. Understand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:\n

Sigma/Yara rules.
\n Log ingestion/normalization platforms, and query engines (e.g. ELK).\n

\n

3. Understand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good. Recommended (but not required) prior reading:\n

https://nooblinux.com/metasploit-tutorial/https://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd8d6eb7c\nhttps://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview\nhttps://socprime.com/blog/sigma-rules-the-beginners-guide/\nhttps://github.com/socprime/SigmaUI
\nhttps://blog.netwrix.com/2021/11/30/how-to-detect-pass-the-hash-attacks/\nhttps://posts.specterops.io/certified-pre-owned-d95910965cd2\nhttps://www.elastic.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dll.html\n

Skill Level: Beginner to Intermediate\n

Prerequisites for students:
\n- Basic understanding of the Linux and Windows command line\n- some basic knowledge of IP networking and routing\n- A basic understanding of Active Directory and exposure to the Metasploit Framework/Meterpreter are beneficial, but not required.\n

Materials or Equipment students will need to bring to participate:\n- Laptop, 8GB RAM
\n- OpenVPN Client
\n- Remote Desktop Protocol (RDP) client
\n- It is strongly recommended that attendees have local administrative rights to their device.\n- An Internet connection is also required; DEF CON’s (authenticated) WiFi network will suffice, however attendees should consider alternative options in favour of resiliency (e.g. tethering/hotspotting cell phones).\n

\n\n\'',NULL,365415),('1_Thursday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Flipping the Coin: Red and Blue Teaming in Windows Environments (Pre-Registration Required)\'','\'Angus \"0x10f2c_\" Strom,Troy Defty\'','WS_423c2095eff3b219be6dae8a65570c66','\'\'',NULL,365416),('1_Thursday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Flipping the Coin: Red and Blue Teaming in Windows Environments (Pre-Registration Required)\'','\'Angus \"0x10f2c_\" Strom,Troy Defty\'','WS_423c2095eff3b219be6dae8a65570c66','\'\'',NULL,365417),('1_Thursday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Flipping the Coin: Red and Blue Teaming in Windows Environments (Pre-Registration Required)\'','\'Angus \"0x10f2c_\" Strom,Troy Defty\'','WS_423c2095eff3b219be6dae8a65570c66','\'\'',NULL,365418),('1_Thursday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Introduction to Cryptographic Attacks (Pre-Registration Required)\'','\'Matt Cheung\'','WS_355b08e36863df801abab2e83f915bf5','\'Title: Introduction to Cryptographic Attacks (Pre-Registration Required)
\nWhen: Thursday, Aug 10, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\n
SpeakerBio:Matt Cheung\n
\nMatt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh\'s crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given workshops at the Boston Application Security Conference, BSidesLV, DEF CON, and the Crypto and Privacy Village.
\n\n
\nDescription:
\nUsing cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world, including CVE-2020-0601. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap. Participants should have VMWare, VirtualBox, or some other VM software installed.\n

Skill Level: Beginner to Intermediate\n

Prerequisites for students:
\n- Students should be comfortable with modular arithmetic and the properties of XOR.\n- Experience in Python or other similar language will be a plus.\n

Materials or Equipment students will need to bring to participate: \n- A laptop with VMWare or VirtualBox installed and capable of running a VM.\n

\n\n\'',NULL,365419),('1_Thursday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Introduction to Cryptographic Attacks (Pre-Registration Required)\'','\'Matt Cheung\'','WS_355b08e36863df801abab2e83f915bf5','\'\'',NULL,365420),('1_Thursday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Introduction to Cryptographic Attacks (Pre-Registration Required)\'','\'Matt Cheung\'','WS_355b08e36863df801abab2e83f915bf5','\'\'',NULL,365421),('1_Thursday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Introduction to Cryptographic Attacks (Pre-Registration Required)\'','\'Matt Cheung\'','WS_355b08e36863df801abab2e83f915bf5','\'\'',NULL,365422),('3_Saturday','09','09:00','12:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'BLE Security 201 (Pre-Registration Required)\'','\'Maxine \"Freqy\" Filcher,Zach \"justadequate\" Reavis\'','WS_2f4d81ef6bb4c560827fe192b9addfea','\'Title: BLE Security 201 (Pre-Registration Required)
\nWhen: Saturday, Aug 12, 09:00 - 12:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Maxine \"Freqy\" Filcher,Zach \"justadequate\" Reavis
\n
SpeakerBio:Maxine \"Freqy\" Filcher\n
\nMaxine, or Freqy, is a US Army Veteran, possessing a master\'s degree in Cybersecurity and is widely recognized for her expertise in wireless security. In sharing her knowledge, she has delivered many presentations over the last five years, exploring various facets of wireless security. Maxine\'s grasp of BLE security has helped her play pivotal roles in assisting numerous large-scale corporations in fortifying the security of consumer devices that are ubiquitous to millions of households worldwide
\n
SpeakerBio:Zach \"justadequate\" Reavis\n
\nZach, also known as justadequate, is an OSCP-certified wireless security expert specializing in waveform reverse engineering, exploit development, and embedded systems penetration testing. Demonstrating in-depth knowledge and experience in these areas, he has worked in both consulting and formal security test and engineering roles to develop, assess, and secure systems ranging from aircraft to SCADA/ICS to IoT/home-use devices deployed around the world.
\n\n
\nDescription:
\nThere have been plenty of talks on intro BLE security topics, it’s time for us to put it to use. This workshop will serve as a refresher for the BLE skills gained in previous talks, while walking students to the next level through utilizing BLE as an initial ingress vector to compromise a simulated corporate network. Come join us while we demonstrate the importance of investigating all wireless protocols in your corporate environment.\n

Skill Level: Intermediate\n

Prerequisites for students:
\n- None\n

Materials or Equipment students will need to bring to participate:\n- Laptop
\n- Android Phone\n

\n\n\'',NULL,365423),('3_Saturday','10','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'BLE Security 201 (Pre-Registration Required)\'','\'Maxine \"Freqy\" Filcher,Zach \"justadequate\" Reavis\'','WS_2f4d81ef6bb4c560827fe192b9addfea','\'\'',NULL,365424),('3_Saturday','11','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'BLE Security 201 (Pre-Registration Required)\'','\'Maxine \"Freqy\" Filcher,Zach \"justadequate\" Reavis\'','WS_2f4d81ef6bb4c560827fe192b9addfea','\'\'',NULL,365425),('3_Saturday','12','09:00','12:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'BLE Security 201 (Pre-Registration Required)\'','\'Maxine \"Freqy\" Filcher,Zach \"justadequate\" Reavis\'','WS_2f4d81ef6bb4c560827fe192b9addfea','\'\'',NULL,365426),('3_Saturday','14','14:00','17:59','N','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Digital Forensics and Incident Response Against the Digital Darkness: An Intro to Forensicating Evil (Pre-Registration Required)\'','\'Michael \"S3curityNerd\" Register,Michael \"mR_F0r3n51c5\" Solomon\'','WS_f73db39bb89bf63acef385c1f4e59d80','\'Title: Digital Forensics and Incident Response Against the Digital Darkness: An Intro to Forensicating Evil (Pre-Registration Required)
\nWhen: Saturday, Aug 12, 14:00 - 17:59 PDT
\nWhere: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - Map
\nSpeakers:Michael \"S3curityNerd\" Register,Michael \"mR_F0r3n51c5\" Solomon
\n
SpeakerBio:Michael \"S3curityNerd\" Register\n
\nMichael Register, known as S3curityNerd, with 7 years of combined experience in IT, Networking, and Cybersecurity. He holds multiple certifications and actively conducts post-exploitation research to enhance threat hunting operations.
\n
SpeakerBio:Michael \"mR_F0r3n51c5\" Solomon\n
\nMichael Solomon, also known as mR_F0r3n51c5, is a Threat Hunter with over 12 years of experience in Cyber Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting. His passion lies in helping to shape the next generation of cybersecurity analysts for a safer tomorrow.
\n\n
\nDescription:
\nAre you ready to step into the shoes of a cybersecurity or incident response analyst? Whether you\'re new to investigation or looking to take your analysis skills to the next level, we\'ve got an exciting opportunity for you! Join mR_F0r3n51c5 and S3curityNerd for a four-hour class that will take you on a journey through the world of malware analysis and investigation.\n

In today\'s ever-evolving threat landscape, malware continues to be a weapon of choice for various types of threat actors. Our class leverages forensic and malware analysis fundamentals to teach students how to investigate a compromised Windows system. To ensure the most up-to-date learning experience, the class authors have carefully selected fresh malware samples trending in 2023.\n

By the end of this class, you\'ll have the skills to:\n- Build analysis skills that leverage complex scenarios and improve comprehension\n- Practically acquire data in a forensically sound manner\n- Identify common areas of malware persistence\n- Gather evidence and create a timeline to characterize how the system was compromised\n- Participate in a hand-to-keyboard combat capstone where you\'ll be given an image of a compromised Windows system and demonstrate your newly acquired analysis skills.\n

Don\'t miss this opportunity to gain hands-on experience and take your analysis skills to the next level. Join us and discover the exciting world of forensic analysis and investigation!\n

Skill Level: Intermediate\n

Prerequisites for students:
\n- Not defined\n

Materials or Equipment students will need to bring to participate:\n- Students will be required to download material (e.g., Virtual Machine). Students will be given a URL for download access.\n- Regarding the downloaded virtual machines, these should be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.\n- Students must have a laptop that meets the following requirements:\n- A 64-bit CPU running at 2GHz or more. The students will be running one virtual machine on their host laptop.\n- Have the ability to update BIOS settings. Specifically, enable virtualization technology such as \"Intel-VT.\"\n- The student must be able to access their system\'s BIOS if it is password protected. This is in case of changes being necessary.\n- 8 GB (Gigabytes) of RAM or higher
\n- At least one open and working USB Type-A port\n- 50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute\n- Students must have Local Administrator Access on their system.\n- Wireless 802.11 Capability
\n- A host operating system that is running Windows 10+, Linux, or macOS 10.4 or later.\n- Virtualization software is required. The supplied VMs have been built for out-of-the-box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues. Instructors cannot guarantee compatibility with all virtualization software suites. At a minimum, the following VM features will be needed:\n- NATted networking from VM to Internet\n- Copy and Paste of text and files between the Host machine and VM\n

\n\n\'',NULL,365427),('3_Saturday','15','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Digital Forensics and Incident Response Against the Digital Darkness: An Intro to Forensicating Evil (Pre-Registration Required)\'','\'Michael \"S3curityNerd\" Register,Michael \"mR_F0r3n51c5\" Solomon\'','WS_f73db39bb89bf63acef385c1f4e59d80','\'\'',NULL,365428),('3_Saturday','16','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Digital Forensics and Incident Response Against the Digital Darkness: An Intro to Forensicating Evil (Pre-Registration Required)\'','\'Michael \"S3curityNerd\" Register,Michael \"mR_F0r3n51c5\" Solomon\'','WS_f73db39bb89bf63acef385c1f4e59d80','\'\'',NULL,365429),('3_Saturday','17','14:00','17:59','Y','WS','Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin','\'Digital Forensics and Incident Response Against the Digital Darkness: An Intro to Forensicating Evil (Pre-Registration Required)\'','\'Michael \"S3curityNerd\" Register,Michael \"mR_F0r3n51c5\" Solomon\'','WS_f73db39bb89bf63acef385c1f4e59d80','\'\'',NULL,365430),('2_Friday','20','20:00','21:59','N','DC','Caesars Forum - Forum - 130-131,134','\'Ask the EFF\'','\'Cooper Quintin,Corynne McSherry,Hannah Zhao,Mario Trujillo,Rory Mir\'','DC_88f096884bbbab0de578ba5c13e45a8d','\'Title: Ask the EFF
\nWhen: Friday, Aug 11, 20:00 - 21:59 PDT
\nWhere: Caesars Forum - Forum - 130-131,134 - Map
\nSpeakers:Cooper Quintin,Corynne McSherry,Hannah Zhao,Mario Trujillo,Rory Mir
\n
SpeakerBio:Cooper Quintin\n, Senior Staff Technologist at Electronic Frontier Foundation
\nCooper Quintin is a security researcher and senior public interest technologist with the EFF Threat Lab. He has worked on projects including Privacy Badger, Canary Watch, and analysis of state sponsored malware campaigns such as Dark Caracal. Cooper has given talks at security conferences including Black Hat, DEFCON, Enigma Conference, and ReCon about issues ranging from IMSI Catcher detection to fem tech privacy issues to newly discovered APTs. He has also been published or quoted in publications including: The New York Times, Reuters, NPR, CNN, and Al Jazeera. Cooper has given security trainings for activists, non profit workers, and vulnerable populations around the world. He previously worked building websites for nonprofits, including Greenpeace, Adbusters, and the Chelsea Manning Support Network. Cooper was also an editor and contributor to the hacktivist journal, \"Hack this Zine.\" In his spare time he enjoys making music, visualizing a solar-punk anarchist future, and playing with his kids.
\nTwitter: @cooperq
\n
SpeakerBio:Corynne McSherry\n, Legal Director at Electronic Frontier Foundation
\nAs EFF\'s Legal Director, McSherry has extensive experience in advocating for digital civil liberties and promoting net neutrality. Her perspective on the legal frameworks shaping the digital landscape will provide DEF CON attendees with insights on regulatory issues affecting technology users.
\nTwitter: @cmcsherr
\n
SpeakerBio:Hannah Zhao\n, Staff Attorney at Electronic Frontier Foundation
\nHannah is a staff attorney at the Electronic Frontier Foundation. She’s part of EFF’s Coders’ Rights Project, which seeks to protect hackers, security researchers, and others through education, legal defense, amicus briefs, and involvement in the community with the goal of promoting innovation and safeguarding the rights of curious tinkerers and hackers on the digital frontier. She also works on legal issues related to police technology, surveillance, and cybersecurity.
\n
SpeakerBio:Mario Trujillo\n, Staff Attorney at Electronic Frontier Foundation
\nAs a Staff Attorney on EFF\'s civil liberties team, he has an expertise focusing on the Fourth Amendment and privacy rights. He is also part of EFF\'s Coders\' Rights Project. Prior to joining EFF, he was an attorney at the privacy law firm ZwillGen and clerked for a federal magistrate judge on the southern border.
\n
SpeakerBio:Rory Mir\n, Associate Director of Community Organizing at Electronic Frontier Foundation
\nAs EFF\'s Associate Director of Community Organizing, Rory works on the EFF activism team to engage community groups on tech policy issues and building community around our issues. This includes our work with the Electronic Frontier Alliance, which directly supports these groups — including a number of local DEFCON groups. Immersed in the community, Rory is familiar with the needs and issues commonly faced by the community. and how it connects to EFF issues.
\n\n
\nDescription:
\nElectronic Frontier Foundation (EFF) is thrilled to return to DEF CON 31 to answer your burning questions on pressing digital rights issues. Our panelists will provide updates on current EFF work, including the fight against government surveillance and protecting creative expression, before turning it over to attendees to pose questions and receive insights from our panelists on the intersection of technology and civil liberties. This is a valuable opportunity to learn from policy experts and engage in a lively discussion rooted in the problems you face. This year you’ll meet: Corynne McSherry, EFF\'s Legal Director specializing in intellectual property and free speech; Hannah Zhao, staff attorney focusing on criminal justice and privacy issues; Mario Trijillo, staff attorney with an expertise in privacy law; Rory Mir, Associate Director of Community Organizing; and Cooper Quintin, security researcher and public interest technologist with the EFF Threat Lab.\n
\n\n\'',NULL,365431),('2_Friday','21','20:00','21:59','Y','DC','Caesars Forum - Forum - 130-131,134','\'Ask the EFF\'','\'Cooper Quintin,Corynne McSherry,Hannah Zhao,Mario Trujillo,Rory Mir\'','DC_88f096884bbbab0de578ba5c13e45a8d','\'\'',NULL,365432),('3_Saturday','16','16:30','17:15','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'All information looks like noise until you break the code: Futureproofing the transportation sector\'','\'David Pekoske,Jen Easterly,Kevin Collier\'','DC_67a4391aee1f46178eb7fb77a3a170be','\'Title: All information looks like noise until you break the code: Futureproofing the transportation sector
\nWhen: Saturday, Aug 12, 16:30 - 17:15 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\nSpeakers:David Pekoske,Jen Easterly,Kevin Collier
\n
SpeakerBio:David Pekoske\n, Administrator at Transportation Security Administration (TSA)
\nDavid Pekoske was first confirmed by the U.S. Senate as the Transportation Security Administration’s seventh administrator in August 2017 and was reconfirmed for a second term in September 2022.\n

Pekoske leads a workforce of over 60,000 employees and is responsible for security operations at nearly 440 airports throughout the United States. TSA is also the lead federal agency for security of highways, railroads, mass transit systems and pipelines. Under his leadership, TSA improved transportation security through close partnerships and alliances, a culture of innovation, and development of a dedicated workforce.\n \n

During his tenure as TSA Administrator, Pekoske also served at the Department of Homeland Security as Acting Secretary from January 20 to February 2, 2021, and as the Senior Official Performing the Duties of Deputy Secretary from April to November 2019, and again from February to June 2021. At the Department, Pekoske helped lead a unified national effort to ensure the continued security of the United States, coordinating components with missions ranging from prevention and protection to recovery and response. He was also a commissioner on the Cyberspace Solarium Commission that developed a consensus on a strategic approach to defending the United States in cyberspace against attacks of significant consequence.\n

Before joining TSA, Pekoske was an executive in the government services industry, where he led teams that provided counterterrorism, security and intelligence support services to government agencies.\n

Pekoske served as the 26th Vice Commandant of the U.S. Coast Guard, culminating a Coast Guard career that included extensive operational and command experience. As the Vice Commandant, Pekoske was second in command, also serving as Chief Operating Officer and Component Acquisition Executive of the Coast Guard. He is a recognized expert in crisis management, strategic planning, innovation, and aviation, surface transportation and maritime security. In addition, he has been twice awarded the Homeland Security Distinguished Service Medal.\n

Pekoske holds a Master of Business Administration from the Massachusetts Institute of Technology, a Master of Public Administration from Columbia University and a Bachelor of Science from the U.S. Coast Guard Academy.\n

\nTwitter: @TSA_Pekoske
\n
SpeakerBio:Jen Easterly\n, Director at Cybersecurity and Infrastructure Security Agency (CISA)
\nJen Easterly is the Director of the Cybersecurity and Infrastructure Security Agency (CISA). She was nominated by President Biden in April 2021 and unanimously confirmed by the Senate on July 12, 2021. As Director, Jen leads CISA’s efforts to understand, manage, and reduce risk to the cyber and physical infrastructure Americans rely on every day. She is a proud Mom, a mental health advocate, a Rubik’s Cube enthusiast, and an aspiring electric guitarist.\n

Before serving in her current role, Jen was the head of Firm Resilience at Morgan Stanley, responsible for ensuring preparedness and response to business-disrupting operational incidents and risks to the Firm. She also helped build and served as the first Global Head of Morgan Stanley’s Cybersecurity Fusion Center, the Firm’s center of gravity for cyber defense operations.\n

Jen has a long tradition of public service, to include two tours at the White House, most recently as Special Assistant to President Obama and Senior Director for Counterterrorism and earlier as Executive Assistant to National Security Advisor Condoleezza Rice. She also served as the Deputy for Counterterrorism at the National Security Agency.\n

A two-time recipient of the Bronze Star, Jen retired from the U.S. Army after more than twenty years of service in intelligence and cyber operations, including tours of duty in Haiti, the Balkans, Iraq, and Afghanistan. Responsible for standing up the Army’s first cyber battalion, she was also instrumental in the design and creation of United States Cyber Command.\n

A distinguished graduate of the United States Military Academy at West Point, Jen holds a\nmaster’s degree in Philosophy, Politics, and Economics from the University of Oxford, where she studied as a Rhodes Scholar. She is the recipient of numerous honors and awards, including the 2023 Sisterhood Award from Girls Who Code; the 2022 National Defense University Admiral Grace Hopper Award; the 2021 Cybersecurity Ventures Cybersecurity Person of the Year Award; the 2020 Bradley W. Snyder Changing the Narrative Award, and the 2018 James W. Foley Legacy Foundation American Hostage Freedom Award.\n

A member of the Council on Foreign Relations and a French American Foundation Young Leader, Jen is the past recipient of the Aspen Finance Leaders Fellowship, the National Security Institute Visiting Fellowship, the New America Foundation Senior International Security Fellowship, the Council on Foreign Relations International Affairs Fellowship, and the Director, National Security Agency Fellowship.\n

\nTwitter: @@CISAJen
\n
SpeakerBio:Kevin Collier\n, NBC
\nNo BIO available
\n\n
\nDescription:
\nJust like there\'s more than one way to peel a banana, there’s more than one way to protect a computer network from being pwned. Cyber threats against America’s pipelines, railroads and aviation system are increasing, and the Transportation Security Administration – with support from the White House, the Cybersecurity and Infrastructure Security Agency and Congress – is hacking traditional cybersecurity policy to improve resiliency for the growing connected transportation sector. How? TSA isn’t telling regulated parties exactly the ways they should secure their own systems. Instead, the agency is asking them to produce and provide plans for ensuring they protect their critical assets.\n

America’s adversaries are sophisticated, and TSA needs help from the hacking community to think creatively about future attacks, to identify new vulnerabilities, and to provide innovative new ways of measuring success. This talk will tell you what TSA is seeing, gives you a chance to offer us advice, and to learn specific ways in which you can contribute to new projects. Because always in motion the future is.\n

\n\n\'',NULL,365433),('3_Saturday','17','16:30','17:15','Y','DC','Caesars Forum - Academy - 407-410 - Track 4','\'All information looks like noise until you break the code: Futureproofing the transportation sector\'','\'David Pekoske,Jen Easterly,Kevin Collier\'','DC_67a4391aee1f46178eb7fb77a3a170be','\'\'',NULL,365434),('4_Sunday','11','11:00','11:45','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Burrowing Through The Network: Contextualizing The Vulkan Leaks & Historical State-Sponsored Offensive Operations\'','\'Joe Slowik\'','DC_5d517a9d2d02616348d43ddd381ea95b','\'Title: Burrowing Through The Network: Contextualizing The Vulkan Leaks & Historical State-Sponsored Offensive Operations
\nWhen: Sunday, Aug 13, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:Joe Slowik\n, Threat Intelligence Manager at Huntress
\nJoe Slowik has over 15 years\' experience across multiple cyber domains. Currently, Joe leads threat intelligence, hunting, detection engineering, and purple teaming functions for Huntress. Previously, Joe performed in-depth threat intelligence research for DomainTools and Dragos, and led incident response operations at Los Alamos National Laboratory. Joe started off in information security through various roles in the US Navy and intelligence community.
\n\n
\nDescription:
\nIn March 2023, journalists and investigators released analysis of “the Vulkan files.” Consisting of documents associated with a Russian company working with intelligence and military authorities, the papers revealed a variety of ambitious programs such as “Scan-V” and“Amezit.” Both programs, in the sense that they offer capabilities to acquire, maintain, and task infrastructure for cyber and information operations at scale, are deeply concerning, indicating a significant advancement in Russian-linked network warfare and related actions.\n

Placing these items in context reveals a far more troubling picture.After reviewing the capabilities of Amezit and Scan-V, we can see glimpses of historical programs in the advertised efficacy of these projects. We will consider other items that have leaked over the years offering similar capabilities, albeit in different circumstances.Examples include Russia’s SORM framework for domestic operations,China’s Great Firewall and (more significantly) Great Cannon programs, and items that emerged in the Snowden leaks such as the US’s alleged “Quantum” program.\n

By analyzing these additional projects, we will observe a decade’s long trend in the systematization and scaling of cyber programs, especially with respect to automated exploitation and infrastructure management. Vulkan and related items, as significant as they are, represent a culmination of operational evolution and an example of the proliferation of capabilities following disclosure. With programs such as Scan-V exposed, we should anticipate other entities seeking to mirror such capabilities, progressing beyond botnets and other distributed systems to effective management of dispersed capabilities for signals intelligence and cyber operations.\n

\n
REFERENCES
\n
- https://www.spiegel.de/thema/vulkanfiles/?d=1680188834\n- https://www.spiegel.de/international/world/the-vulkan-files-a-look-inside-putin-s-secret-plans-for-cyber-warfare-a-4324e76f-cb20-4312-96c8-1101c5655236\n- https://www.theguardian.com/technology/2023/mar/30/vulkan-files-leak-reveals-putins-global-and-domestic-cyberwarfare-tactics\n- https://citizenlab.ca/2015/04/chinas-great-cannon/\n- https://resources.infosecinstitute.com/topic/turbine-quantum-implants-arsenal-nsa/\n- https://theintercept.com/2014/03/12/nsa-plans-infect-millions-computers-malware/\n- https://www.wired.com/2014/03/quantum/\n- https://www.domaintools.com/resources/blog/centreon-to-exim-and-back-on-the-trail-of-sandworm/
\n\n\'',NULL,365435),('3_Saturday','14','14:00','14:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'A SSLippery Slope: Unraveling the Hidden Dangers of Certificate Misuse\'','\'Bill Demirkapi\'','DC_f9f17c4146f6835a11e916f0440f584a','\'Title: A SSLippery Slope: Unraveling the Hidden Dangers of Certificate Misuse
\nWhen: Saturday, Aug 12, 14:00 - 14:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Bill Demirkapi\n, Microsoft Security Response Center
\nBill is an undergraduate student and a security researcher for the Microsoft Security Response Center with an intense passion for Windows Internals. His interests include reverse engineering and vulnerability research, ranging from low-level memory corruption to systemic flaws with catastrophic consequences. He started his journey in high school and has since published his work at internationally-recognized conferences like DEF CON and Black Hat USA. In his pursuit to make the world a better place, Bill constantly looks for the next significant vulnerability, following the motto \"break anything and everything\".
\nTwitter: @BillDemirkapi
\n\n
\nDescription:
\nDigital signatures are fundamental for verifying the authenticity and integrity of untrusted data in the digital world. They ensure that software, firmware, and other digital content are not tampered with during transmission or at rest. Code signing certificates are significantly more challenging to obtain when compared to alternatives like SSL or S/MIME certificates. The latter only has a single criterion- proof of control over a domain, while the former requires significant validation of the publisher itself.\n

This project uncovered a systemic vulnerability present in numerous signature validation implementations, enabling attackers to exploit valid certificates in an unintended manner. Vulnerable implementations mistakenly perceive files signed with incompatible certificates as legitimate, violating their respective specifications and allowing threat actors to sign untrusted code at little to no cost. In this talk, we will explore the problem at all levels, ranging from the fundamental theory to its application across multiple formats and real-world situations.\n

\n
REFERENCES
\n
- Boeyen, Sharon, et al. “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.” IETF, 1 May 2008, datatracker.ietf.org/doc/html/rfc5280.\n- Housley, Russ. “Cryptographic Message Syntax (CMS).” IETF, 5 Sept. 2002, datatracker.ietf.org/doc/html/rfc3369.\n- “Windows Authenticode Portable Executable Signature Format.” Microsoft.com, Microsoft, 21 Mar. 2008, download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/authenticode_pe.docx.\n- “PE Format - Win32 Apps.” Learn.microsoft.com, Microsoft, 31 Mar. 2021, learn.microsoft.com/en-us/windows/win32/debug/pe-format.\n- “Trusted Root Certification Authorities Certificate Store.” Learn.microsoft.com, Microsoft, 14 Dec. 2021, learn.microsoft.com/en-us/windows-hardware/drivers/install/trusted-root-certification-authorities-certificate-store.\n- “What’s the Difference between DV, OV & EV SSL Certificates?” Www.digicert.com, DigiCert, 23 Aug. 2022, www.digicert.com/difference-between-dv-ov-and-ev-ssl-certificates.\n- The OpenSSL Project. OpenSSL: The Open Source Toolkit for SSL/TLS. Apr. 2003.\n- Brubaker, Chad, et al. “Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations.” 2014 IEEE Symposium on Security and Privacy, 18 May 2014, www.cs.cornell.edu/~shmat/shmat_oak14.pdf, https://doi.org/10.1109/sp.2014.15.
\n\n\'',NULL,365436),('2_Friday','16','16:30','17:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'certmitm: automatic exploitation of TLS certificate validation vulnerabilities\'','\'Aapo Oksman\'','DC_46339b74528b22f90033956b90d04877','\'Title: certmitm: automatic exploitation of TLS certificate validation vulnerabilities
\nWhen: Friday, Aug 11, 16:30 - 17:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:Aapo Oksman\n, Senior Security Specialist at Nixu Corporation
\nAapo Oksman is a Senior Security Specialist at Nixu Corporation working with application, network and device security. His background is in electrical engineering, embedded devices, and test automation. Combining his background with a hobby in hacking lead to a career in cybersecurity focusing on industrial IoT.\n

In his free time, Bug Bounties and security research keep Aapo motivated and learning. His work in PKI and TLS has resulting in multiple CVEs from vendors such as Microsoft and Apple. Outside work and research Aapos passion is in the community. He takes part in organizing local security meetups and coaches the Finnish national youth CTF team to the yearly European Cybersecurity Challenge competition.\n

\n\n
\nDescription:
\nTLS is the de facto way of securing network connections. It provides an easy way of ensuring confidentiality, integrity and authentication for any type of communication. However, like most things in life, this is also too good to be true.\n

TLS allows communicating parties to uniquely authenticate each other by validating each other\'s certificate. However, many TLS libraries and frameworks have insecure default settings or allow for the developers to skip important aspects of certificate validation in their client implementations.\n

This talk explores issues in TLS client certificate validation and the underlying reasons why developers still fail to implement TLS correctly. Most importantly, we hack all the things with a new TLS mitm tool: certmitm.\n

certmitm automatically discovers and exploits insecure certificate validation vulnerabilities in TLS clients. Let\'s use the tool to hack iOS, Windows 11 and more while we deep dive into the world of insecure TLS certificate validation.\n

\n
REFERENCES
\n
\n

My previous TLS talks:
\nHelSec 20 - Practical attacks against modern TLS implementations - Aapo Oksman: https://www.youtube.com/watch?v=NCm16vLfD60\n

Disobey 2023 - Your connection is not private Exploiting insecure certificate validation in TLS clients - Aapo Oksman: https://www.youtube.com/watch?v=vZvL6ZRiKls\n

Moxie Marlinspikes work in SSL/TLS:
\nDEF CON 17 - Moxie Marlinspike - More Tricks for Defeating SSL: https://www.youtube.com/watch?v=5dhSN9aEljg\nDEF CON 19 - Moxie Marlinspike - SSL And The Future Of Authenticity: https://www.youtube.com/watch?v=UawS3_iuHoA\n

Scientific publications:
\nGeorgiev, Martin, et al. \"The most dangerous code in the world: validating SSL certificates in non-browser software.\" Proceedings of the 2012 ACM conference on Computer and communications security. 2012.\nAkhawe, Devdatta, et al. \"Here\'s my cert, so trust me, maybe? Understanding TLS errors on the web.\" Proceedings of the 22nd international conference on World Wide Web. 2013.\nHuang, Lin Shung, et al. \"Analyzing forged SSL certificates in the wild.\" 2014 IEEE Symposium on Security and Privacy. IEEE, 2014.\n

Sivakorn, Suphannee, et al. \"HVLearn: Automated black-box analysis of hostname verification in SSL/TLS implementations.\" 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017.\nAlghamdi, Khalid, et al. \"Iotverif: An automated tool to verify ssl/tls certificate validation in android mqtt client applications.\" Proceedings of the Eighth ACM Conference on data and application security and privacy. 2018.\n

\n\n\'',NULL,365437),('2_Friday','17','16:30','17:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'certmitm: automatic exploitation of TLS certificate validation vulnerabilities\'','\'Aapo Oksman\'','DC_46339b74528b22f90033956b90d04877','\'\'',NULL,365438),('1_Thursday','11','11:30','12:15','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Cracking Cicada 3301: The Future of Collaborative Puzzle-Solving\'','\'Artorias,Puck,Taiiwo,TheClockworkBird\'','DC_7b63d7ad0ff889a57ae6dcb593862fe3','\'Title: Cracking Cicada 3301: The Future of Collaborative Puzzle-Solving
\nWhen: Thursday, Aug 10, 11:30 - 12:15 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:Artorias,Puck,Taiiwo,TheClockworkBird
\n
SpeakerBio:Artorias\n
\nArtorias is the creator of CicadaSolvers.com, co-host of the CicadaCast podcast, and moderator of r/cicada and the CicadaSolvers discord. Well-versed in the complex history of the Cicada 3301 puzzles, he labors both to document the mystery of Cicada 3301, and to unravel the labyrinth of its interconnected topics.
\n
SpeakerBio:Puck\n
\nPuck is a 19-year-old rising junior computer science major and Cicada 3301 puzzle enthusiast. He has been involved in the community for four years, finding inspiration to pursue cryptography and cybersecurity. Puck has focused his work on promoting community solving efforts, mainly in the form of innovative events.
\n
SpeakerBio:Taiiwo\n
\nTaiiwo, a CicadaSolvers founding member, with a background in software development, sees the community\'s work as an example for the future of problem-solving. With a pragmatic, and sceptical approach to the puzzle, he aims to preserve the community so that it can continue to impact the lives of others as immensely as it did for him.
\n
SpeakerBio:TheClockworkBird\n
\nTheClockworkBird With a background in anthropology and teaching, TheClockworkBird creates collaborative spaces where people of all skill levels and interests can engage with the puzzle. He has gained a multifaceted understanding of Cicada’s impact on the individual, and the impacts of collaborative puzzle solving on the growth of privacy awareness.
\n\n
\nDescription:
\nThis talk will explore the ongoing efforts of the CicadaSolvers community to solve Cicada3301’s Liber Primus, a book of elder futhark runes and codes that has challenged cryptographers and puzzle-solvers since 2014. Using our experiences as leaders within the community, we will delve into the cultural significance of the puzzle and discuss the various strategies and techniques employed by members to crack its code, and the story of their struggle to maintain motivation through 9 years of solving one of the most difficult puzzles ever released. Attendees will gain insights into the future of collaborative puzzle-solving and the challenges that the Liber Primus presents for the future of cryptography. This presentation is suitable for anyone interested in cryptography, puzzle-solving, internet mysteries, and the persistence of collaborative communities. No prior technical knowledge or tools are required.\n
\n
REFERENCES
\n
- CicadaSolvers Discord server: https://discord.gg/cicadasolvers-572330844056715284\n- CicadaSolvers Wiki: https://uncovering-cicada.fandom.com/wiki/Uncovering_Cicada_Wiki\n- Previous DEF CON talk from CicadaSolvers member Nox Populi: https://www.youtube.com/watch?v=sVU4k2gRe_Y\n- Article written as a result of our TOR search in 2016: https://arstechnica.com/information-technology/2016/07/malicious-computers-caught-snooping-on-tor-anonymized-dark-web-sites/
\n\n\'',NULL,365439),('1_Thursday','12','11:30','12:15','Y','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Cracking Cicada 3301: The Future of Collaborative Puzzle-Solving\'','\'Artorias,Puck,Taiiwo,TheClockworkBird\'','DC_7b63d7ad0ff889a57ae6dcb593862fe3','\'\'',NULL,365440),('3_Saturday','10','10:00','11:45','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record','\'D0 N0 H4RM: A Healthcare Security Conversation\'','\'Christian \"quaddi\" Dameff,Jacqueline Burgette,Jeff \"r3plicant\" Tully,Mark Warner,Nitin Natarajan,Suzanne Schwartz\'','DC_a0d306aca5b564eb1527ea0375748ff3','\'Title: D0 N0 H4RM: A Healthcare Security Conversation
\nWhen: Saturday, Aug 12, 10:00 - 11:45 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record - Map
\nSpeakers:Christian \"quaddi\" Dameff,Jacqueline Burgette,Jeff \"r3plicant\" Tully,Mark Warner,Nitin Natarajan,Suzanne Schwartz
\n
SpeakerBio:Christian \"quaddi\" Dameff\n, Physician & Medical Director of Cyber Security at The University of California San DiegoMD
\nChristian (quaddi) Dameff MD is an Assistant Professor of Emergency Medicine, Biomedical Informatics, and Computer Science (Affiliate) at the University of California San Diego. He is also a hacker, former open capture the flag champion, and prior DEF CON/RSA/Blackhat/HIMSS speaker. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients,and other Emergency Medicine related works. Published security research topics including hacking critical healthcare infrastructure,medical devices and the effects of malware on patient care. This is his nineteenth DEF CON.
\n
SpeakerBio:Jacqueline Burgette\n, White House Fellow at The Office of National Cyber Director (ONCD)PhD DMD
\nJacqueline Burgette DMD PhD is a White House Fellow at the Office of the National Cyber Director. Jacqueline is a clinician, educator, health policy expert and researcher working at the forefront health and cybersecurity. Jacqueline earned her DMD from the Harvard School of Dental Medicine as a Presidential Scholar and Ph.D. in Health Policy and Management from the University of North Carolina. She served on the faculty at the University of Pittsburgh where she led multi site studies that amplified the voices of vulnerable families to improve child health in Appalachia. As an expert in health services and highly-published author, she brings her systems perspective and data-driven approach to achieve cross-agency priorities in health and cybersecurity for the Federal government.
\n
SpeakerBio:Jeff \"r3plicant\" Tully\n, Anesthesiologist at The University of California San DiegoMD
\nJeff (r3plicant) Tully is a security researcher with an interest in understanding the ever growing intersections between healthcare and technology. His day job focuses primarily on the delivery of oxygen to tissues.
\n
SpeakerBio:Mark Warner\n, Virginia Senator and Chair of the US Cybersecurity Caucus
\nSen. Warner was elected to the U.S. Senate in November 2008 and reelected to a third term in November 2020. He serves as Chairman of the Select Committee on Intelligence and as a member of the Senate Finance, Banking, Budget, and Rules Committees. He also co-chairs the Senate Cybersecurity Caucus. From 2002 to 2006, he served as Governor of Virginia. He has served as a key author and negotiator of several pieces of critical legislation aimed at rebuilding our nation’s infrastructure, improving cybersecurity, restoring domestic manufacturing, protecting national security, rebounding from the COVID-19 crisis, and investing in under served and underbanked communities.
\n
SpeakerBio:Nitin Natarajan\n, Deputy Director at Cybersecurity and Infrastructure Security Agency (CISA)
\nNitin Natarajan serves as the Deputy Director for the Cybersecurity and Infrastructure Security Agency (CISA). Prior to joining CISA, Natarajan served in a variety of public and private sector positions spanning over 30 years. Natarajan also held a number of federal government roles to include Deputy Assistant Administrator at the U.S. Environmental Protection Agency, the Director of Critical Infrastructure Policy at the White House/National Security Council, and as a Director at the U.S. Health and Human Services overseeing healthcare and public health programs. At the beginning of his career, Natarajan spent 13 years as a first responder in New York, which included service as a flight paramedic. He was the Commander of a federal medical response team, based in New York, and has extensive experience deploying to natural and man-made disasters throughout the nation. He holds an under graduate degree from the State University of New York and a graduate degree from the United States Naval Postgraduate School.
\n
SpeakerBio:Suzanne Schwartz\n, Director of the Office of Strategic Partnerships and Technology Innovation (OST) at FDA’s Center for Devices and Radiological Health (CDRH)MD
\nSuzanne B. Schwartz, MD, MBA is the Director of the Office of Strategic Partnerships and Technology Innovation (OST) at FDA’s Center for Devices and Radiological Health (CDRH).\n

Suzanne’s work in medical device cybersecurity includes policy development, educating, outreach, partnering and coalition-building within the Healthcare and Public Health Sector (HPH) as well as fostering collaborations and coordinating incident response across other government agencies and the private sector. Suzanne has been recognized for Excellence in Innovation at FDA’s Women’s History Month for her work in Medical Device Cybersecurity. She also received the 2021 Routhy Award from the H-ISAC for her leadership in cybersecurity in healthcare, especially during the COVID-19 pandemic. Together with Health Canada, Suzanne has represented FDA in co-chairing the International Medical Device Regulators Forum (IMDRF) Work Group on Medical Device Cybersecurity leading to its first international guidance publication in March 2020 and two subsequent guidance publications - - one on software bill of materials and one on cybersecurity management of legacy medical devices. She has additionally served as co-chair of the Government Coordinating Council (GCC) for the HPH Critical Infrastructure Sector, focusing on the sector’s healthcare cybersecurity initiatives.\n

Suzanne earned an MD from Albert Einstein College of Medicine; an executive MBA from NYU Stern School of Business, completed Cohort X of the National Preparedness Leadership Initiative – Harvard School of Public Health &amp; Harvard Kennedy School of Government executive education, and earned in September 2018 a certificate of mastery for completion of requirements at the Federal Executive Institute – Leadership for a Democratic Society.\n

\n\n
\nDescription:
\nIn 2016 a bunch of hackers took a break from DEF CON festivities to gather in a hotel room with a bathtub full of beer and talk about shared interests in a brave new world of connected healthcare. Trailblazers were popping pacemakers and pharmaceutical pumps, and we worried that instead of embracing such efforts as opportunities to make tech safer for patients, folks in charge would repeat mistakes of the past and double down on the status quo.\n

Fast forward to the 2022 passage of the Omnibus spending bill- the FDA is now locked and loaded with expanded authority to regulate cybersecurity requirements for medical devices. What changed? Keanu voice: “Policy. Lots of Policy.” Turns out when we get in with the right people, hackers can help get things done. This is the core of Policy @ DEFCON.\n

Challenges persist. We now have threats from state actors and ransomware blasts delaying lifesaving medical care while costing hospitals hundreds of millions of dollars they don’t have (been in an ER lately?). So once again, come join quaddi and r3plicant, your favorite ripper docs, for another round of D0 No H4rm- this time with special guests from Congress, FDA, and the White House as we figure out what policy patches have the best chance to save lives.\n

It starts here, in rooms like this, with hackers like you. And it ends with us changing the world.\n

\n\n\'',NULL,365441),('3_Saturday','11','10:00','11:45','Y','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record','\'D0 N0 H4RM: A Healthcare Security Conversation\'','\'Christian \"quaddi\" Dameff,Jacqueline Burgette,Jeff \"r3plicant\" Tully,Mark Warner,Nitin Natarajan,Suzanne Schwartz\'','DC_a0d306aca5b564eb1527ea0375748ff3','\'\'',NULL,365442),('1_Thursday','13','13:30','14:15','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Damned if you do - The risks of pointing out the emperor is buck naked\'','\'RenderMan,Thomas Dang\'','DC_1f4b14b8fd8352a35e26ce7d30dcf234','\'Title: Damned if you do - The risks of pointing out the emperor is buck naked
\nWhen: Thursday, Aug 10, 13:30 - 14:15 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:RenderMan,Thomas Dang
\n
SpeakerBio:RenderMan\n, His Holiness, Pope of the Church of Wifi
\nThe man in the black hat with a monkey on his belt and a suitcase of sex toys. Pope of the Church of Wifi. Don of Dongs at the Internet of Dongs project. Hacking random things for 25+ years. Usually referred to as “oh, that guy” around Defcon.
\n
SpeakerBio:Thomas Dang\n, Cybersecurity Architect at Yukon Territorial Government
\nThomas Dang was (until May 2023) a politician in the Alberta Legislature. The youngest MLA ever elected, he was pursuing a Computing Science degree before his first term. As an MLA, he served various roles including Deputy House Leader and on various legislative committees. While elected, he continued following his passion in Cybersecurity including certifications along with his university education. In an attempt to recover from politics, he’s spending his time hanging out at DEF CON and has a day job as the Cybersecurity Architect for the Yukon Territorial Government.
\nTwitter: @@thomasdangab
\n\n
\nDescription:
\nPost 9/11, the phrase “If you see something, say something” became ubiquitous. If you saw something of concern, better to report something that was nothing than let something bad happen. Problem is, no one let the authorities know that they should apply this to the online realm too. Threats of arrest and criminal investigations have the opposite effect and chill anyone from wanting to report security vulnerabilities that affect everyone.\n

Lack of clear reporting paths, misunderstandings, jurisdiction issues, superseding laws, and good old fashioned egos can make trying to do the right thing turn into a nightmare that can cost livelihoods, reputation, criminal charges and even worse, particularly when government systems are involved.\n

This talk will cover the presenters personal experiences with poorly written or a lack of vulnerability disclosure policies with their governments and what it cost them in trying to make things better. The presentation will then move to a discussion about what should be done and what is being done to make sure that reporting a vulnerability doesn’t cost you everything. Anyone who is responsible for writing such disclosure policies or legislation will benefit, but so will any hackers that want to make it safer to report issues they find by advocating for changes. \n

\n
REFERENCES
\n
- No references cited formally. Law excerpts will be noted in slides where relevant.
\n\n\'',NULL,365443),('1_Thursday','14','13:30','14:15','Y','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Damned if you do - The risks of pointing out the emperor is buck naked\'','\'RenderMan,Thomas Dang\'','DC_1f4b14b8fd8352a35e26ce7d30dcf234','\'\'',NULL,365444),('1_Thursday','14','14:30','15:15','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Designing RFID Implants - How flipping the bird opens doors for me\'','\'Miana Ella Windall\'','DC_b3be6c873c31368a04f7686e79cd60a6','\'Title: Designing RFID Implants - How flipping the bird opens doors for me
\nWhen: Thursday, Aug 10, 14:30 - 15:15 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Miana Ella Windall\n, Hacker
\nMiana is a lifelong tinkerer who likes breaking things almost as much as she likes building them. She is a bio-hacker and info-sec researcher by night, and a professional software nerd during the day.
\nTwitter: @@NiamhAstra
\n\n
\nDescription:
\nRFID implants are basically RFID credentials that can be installed under your skin. When I discovered there was nothing on the market that worked with my employers badging system I decided that I would just have to make my own. This talk will cover the basics of RFID implants, my journey to design my own implant despite having no electronics experience, and some of the future implications of this technology.\n
\n\n\'',NULL,365445),('1_Thursday','15','14:30','15:15','Y','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Designing RFID Implants - How flipping the bird opens doors for me\'','\'Miana Ella Windall\'','DC_b3be6c873c31368a04f7686e79cd60a6','\'\'',NULL,365446),('2_Friday','17','17:30','18:15','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Fireside Chat with the National Cyber Director Kemba Walden\'','\'Kemba Walden\'','DC_ebc182f70f74f940104ec49cbee80b30','\'Title: Fireside Chat with the National Cyber Director Kemba Walden
\nWhen: Friday, Aug 11, 17:30 - 18:15 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:Kemba Walden\n, Acting National Cyber Director at Office of the National Cyber Director, The White House
\nDirector Walden is the current acting National Cyber Director for the Biden-Harris Administration.
\nTwitter: @KembaWalden46
\n\n
\nDescription:
\nA fireside chat with Director Walden. Director Walden is the current acting National Cyber Director for the Biden-Harris Administration.\n
\n\n\'',NULL,365447),('2_Friday','18','17:30','18:15','Y','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Fireside Chat with the National Cyber Director Kemba Walden\'','\'Kemba Walden\'','DC_ebc182f70f74f940104ec49cbee80b30','\'\'',NULL,365448),('3_Saturday','12','12:00','12:45','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'From Feature to Weapon: Breaking Microsoft Teams and SharePoint Integrity\'','\'Nestori Syynimaa\'','DC_536353629a3749e4613815797fa993ca','\'Title: From Feature to Weapon: Breaking Microsoft Teams and SharePoint Integrity
\nWhen: Saturday, Aug 12, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:Nestori Syynimaa\n, Senior Principal Security Researcher at Secureworks
\nDr Nestori Syynimaa is one of the leading Azure AD / M365 experts in the world and the developer of the AADInternals toolkit. He has worked with Microsoft cloud services for over a decade and has been MCT since 2013, MVP since 2020, and awarded Microsoft Most Valuable Security Researcher for 2022. Currently, Dr Syynimaa works as a Senior Principal Security Researcher for Secureworks Counter Threat Unit. Before moving to his current position, Dr Syynimaa worked as a CIO, consultant, trainer, researcher, and university lecturer for almost 20 years. Dr Syynimaa has spoken in many international scientific and professional conferences, including IEEE TrustCom, Black Hat (USA, Europe, and Asia), Def Con, and RSA Conference.
\nTwitter: @DrAzureAD
\n\n
\nDescription:
\nMicrosoft SharePoint Online (SPO) is a cloud-based service that helps organizations share and manage content. It is also used as backend file storage for other Microsoft online services, such as Microsoft 365 Groups, OneDrive, and Teams.\n

Microsoft offers tools such as Migration Manager and SharePoint Migration Tool (SPMT) to ease migrating files from on-premises file servers to SPO, OneDrive, and Teams. Both tools use the same background APIs to perform the data migration. Technically, the migration is leveraging the built-in Granular Backup feature of on-premises SharePoint, which allows exporting and importing individual SharePoint sites and lists. The Granular Backup feature is not available in SharePoint Online.\n

In this talk, I\'ll show how threat actors can leverage SPO migration APIs to break the integrity of all Microsoft online services that use SPO as storage. Threat actors can spoof new content and tamper with existing content, and inject custom code to perform XSS attacks. This, in turn, enables elevation-of-privilege attacks to all Microsoft Online services, including Azure Active Directory. And all this as a regular user.\n

\n\n\'',NULL,365449),('2_Friday','15','15:30','16:15','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Game-Changing Advances in Windows Shellcode Analysis\'','\'Bramwell Brizendine,Jake Hince,Max \'Libra\' Kersten\'','DC_3302d61b16f782462b837319d4e1aac2','\'Title: Game-Changing Advances in Windows Shellcode Analysis
\nWhen: Friday, Aug 11, 15:30 - 16:15 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\nSpeakers:Bramwell Brizendine,Jake Hince,Max \'Libra\' Kersten
\n
SpeakerBio:Bramwell Brizendine\n, Assistant Professor at University of Alabama in HuntsvilleDr.
\nDr. Bramwell Brizendine completed his Ph.D. in Cyber Operations, for which he did his dissertation on Jump-Oriented Programming, a hitherto seldom-studied and poorly understood subset of code-reuse attacks.\n

Bramwell is now an Assistant Professor of Computer Science at the University of Alabama in Huntsville; he previously was an Assistant Professor and the Director of the Vulnerability and Exploitation Research for Offensive and Novel Attacks (VERONA Lab) at Dakota State University, specializing in vulnerability research, software exploitation, and the development of new, cutting-edge tools and techniques with respect to software exploitation and malware analysis. Bramwell has taught numerous undergraduate, graduate and doctoral level courses in software exploitation, reverse engineering, malware analysis and offensive security. Bramwell was a PI on a $300,000 NSA/NCAE research grant, which culminated in the release of a shellcode emulator, SHAREM, in September 2022. Bramwell has been a speaker at many top security conferences, including DEF CON, Hack in the Box Amsterdam, @Hack, Black Hat Middle East, Black Hat Asia, Black Hat Europe, Wild West Hackin’ Fest, and more.\n

\n
SpeakerBio:Jake Hince\n, Cybersecurity Engineer
\nJake Hince recently completed his Computer Science Master\'s degree at Dakota State University. He was a security researcher and malware analyst at VERONA Lab, working on security tool development and shellcode analysis. Jake has been highly actively in collegiate cyber security competitions (CCDC, CPTC), and he participates in CTF competitions. He works professionally as a cybersecurity engineer.
\n
SpeakerBio:Max \'Libra\' Kersten\n, Malware Analyst at Trellix
\nMax Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable for those who are starting. In 2019, Max graduated cum laude with a bachelor\'s in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a malware analyst at Trellix, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max spoke at international conferences, such as Black Hat Arsenal (USA, EU, MEA, Asia), Botconf, Confidence-Conference, HackYeahPL, and HackFestCA. Additionally, he gave guest lectures and workshops for several universities and private entities.
\nTwitter: @Libranalysis
\n\n
\nDescription:
\nShellcode is omnipresent, seen or unseen. Yet tooling to analyze shellcode is lacking. We present the cutting-edge SHAREM framework to analyze enigmatic shellcode.\n

SHAREM can emulate shellcode, identifying 20,000 WinAPI functions and 99% of Windows syscalls. In some shellcode, some APIs may never be reached, due to the wrong environment, but SHAREM has a new solution: Complete code coverage preserves the CPU register context and memory at each change in control flow. Once the shellcode ends, it restarts, restoring memory and context, ensuring all functionality is reached and identifying all APIs.\n

Encoded shellcode may be puzzling at times. SHAREM is a game-changer, as it presents emulated shellcode in its decoded form in a disassembler.\n

IDA Pro and Ghidra can produce disassembly of shellcode that is of poor quality. However, SHAREM uniquely can ingest emulation data, resulting in virtually flawless disassembly. While SHAREM has its own custom disassembler, we are also releasing a Ghidra plugin, so SHAREM\'s enhanced disassembly can enhance what is in GHidra. Only SHAREM identifies APIs in disassembly, and this also can be brought to Ghidra.\n

We will also see how SHAREM can be used by aspiring shellcode authors to enhance their own work, and we will examine advanced shellcode specimens in SHAREM. | Dr. Bramwell Brizendine completed his Ph.D. in Cyber Operations, for which he did his dissertation on Jump-Oriented Programming, a hitherto seldom-studied and poorly understood subset of code-reuse attacks.\n

\n
REFERENCES
\n
[1] Mds. Research, “Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams,” MDSec, 2020. [Online]. Available: https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/.\n[2] K. Borders, A. Prakash, and M. Zielinski, “Spector: Automatically analyzing shell code,” Proc. - Annu. Comput. Secur. Appl. Conf. ACSAC, pp. 501–514, 2007.\n[3] Y. Fratantonio, C. Kruegel, and G. Vigna, “Shellzer: a tool for the dynamic analysis of malicious shellcode,” in International workshop on recent advances in intrusion detection, 2011, pp. 61–80.\n[4] D. Zimmer, “Scdbg Shellcode Analysis,” 2011. [Online]. Available: http://sandsprite.com/CodeStuff/scdbg_manual/MANUAL_EN.html.\n[5] FireEye, “Speakeasy.” [Online]. Available: https://github.com/fireeye/speakeasy.\n[6] M. Jurczyk, “Windows X86-64 System Call Table (XP/2003/Vista/2008/7/2012/8/10).” [Online]. Available: https://j00ru.vexillium.org/syscalls/nt/64/.\n[7] T. Nowak, “The Undocumented Functions Microsoft Windows NT/2000/XP/Win7,” NTAPI Undocumented Functions. .\n[8] A. R. Hevner, S. T. March, J. Park, and S. Ram, “Design science in information systems research,” MIS Q., pp. 75–105, 2004.\n[9] C. Anley, J. Heasman, F. Lindner, and G. Richarte, The shellcoder’s handbook: discovering and exploiting security holes. John Wiley & Sons, 2011.\n[10] S. Eckels, “WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques,” Mandiant, 2020. [Online]. Available: https://www.mandiant.com/resources/wow64-subsystem-internals-and-hooking-techniques.\n[11] A. Ionescu, “Closing Heaven’s Gate,” 2015. [Online]. Available: https://www.alex-ionescu.com/?p=300.\n[12] Hasherezade, “PE-Sieve,” GitHub, 2018. [Online]. Available: https://github.com/hasherezade/pe-sieve.\n[13] Hasherezade, “PE to Shellcode,” GitHub, 2021. [Online]. Available: https://github.com/hasherezade/pe_to_shellcode.
\n\n\'',NULL,365450),('2_Friday','16','15:30','16:15','Y','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Game-Changing Advances in Windows Shellcode Analysis\'','\'Bramwell Brizendine,Jake Hince,Max \'Libra\' Kersten\'','DC_3302d61b16f782462b837319d4e1aac2','\'\'',NULL,365451),('2_Friday','09','09:00','09:45','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Growing the Community of AI Hackers with the Generative Red Team\'','\'Austin Carson,Rumman Chowdhury,Sven Cattell\'','DC_082302a12a2e0f2b59507c53afd1b759','\'Title: Growing the Community of AI Hackers with the Generative Red Team
\nWhen: Friday, Aug 11, 09:00 - 09:45 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\nSpeakers:Austin Carson,Rumman Chowdhury,Sven Cattell
\n
SpeakerBio:Austin Carson\n, Founder & President at SeedAI
\nAustin Carson is the Founder and President of SeedAI, a nonprofit established to work with a diverse group of policymakers, academics, and private sector experts to help communities across the United States access the resources they need to engage with AI.\n

Previously, Austin established and led the DC government affairs operation for NVIDIA, translating NVIDIA’s expertise in artificial intelligence and high performance computing for policymakers. Prior to joining NVIDIA, Austin held a number of public sector and NGO positions, including serving as Legislative Director for Chairman Michael McCaul and Executive Director for the Technology Freedom Institute. Austin co-founded the Congressional Tech Staff Association, co-led the Congressional Cybersecurity Caucus and the Congressional High Tech Caucus, and is a founding fellow of the Internet Law and Policy Foundry.\n

\n
SpeakerBio:Rumman Chowdhury\n, Co-Founder and CEO at Humane Intelligence
\nDr. Rumman Chowdhury’s passion lies at the intersection of artificial intelligence and humanity. She is a pioneer in the field of applied algorithmic ethics, creating cutting-edge socio-technical solutions for ethical, explainable and transparent AI. Dr. Chowdhury currently runs the nonprofit Humane Intelligence and is a Responsible AI Fellow at the Berkman Klein Center for Internet & Society at Harvard University. \n

Previously, Dr. Chowdhury was the Director of META (ML Ethics, Transparency, and Accountability) team at Twitter, leading a team of applied researchers and engineers to identify and mitigate algorithmic harms on the platform. Prior to Twitter, she was CEO and founder of Parity, an enterprise algorithmic audit platform company. She formerly served as Global Lead for Responsible AI at Accenture Applied Intelligence. In her work as Accenture’s Responsible AI lead, she led the design of the Fairness Tool, a first-in-industry algorithmic tool to identify and mitigate bias in AI systems. \n

Dr. Chowdhury is dedicated to cultivating and growing the next wave of technology-forward companies enabling the responsible use of emerging technologies.\n

\n
SpeakerBio:Sven Cattell\n, Founder at nbhd.ai & AI Village
\nSven founded the AI Village in 2018 and has been running it ever since. Sven is also the founder of nbhd.ai, a startup focused on the security and integrity of datasets and the AI they build. He was previously a senior data scientist at Elastic where he built the malware model training pipeline. He has a PhD in Algebraic Topology, and a postdoc in geometric machine learning where he focused on anomaly and novelty detection.
\nTwitter: @@comathematician
\n\n
\nDescription:
\nWe’re running the largest live AI hacking event ever in the AI village this year. Anthropic, Google, HuggingFace, Meta, NVIDIA, OpenAI, and Stability, have all provided models to attack and Scale AI have built the platform. This event is orders of magnitude bigger than any previous AI red team effort. There are observers from the White House, NIST, NSF, and the EU coming to learn from hackers. We built this event to grow the community that knows how to effectively evaluate Large Language Models as it is much more than prompt injections and jailbreaks.\n

AI works fundamentally differently to traditional software and only forms a part of a product. Trust and Security of AI in a system thus has to work fundamentally differently to traditional software. This is especially true for generative AI systems. The core difference is AI is a stochastic component of software and is allowed to make a small amount of mistakes. This changes bug hunting, reporting, and payouts.\n

Come to this talk to hear about how and why we organized this, and the history of algorithmic & bias bounties that led up to the largest one ever at DEFCON 31. We’ll also give you some tips to help you in the contest.\n

\n
REFERENCES
\n
\n

We Need Bug Bounties for Bad Algorithms - Amit Elazari - https://www.vice.com/en/article/8xkyj3/we-need-bug-bounties-for-bad-algorithms\n

Introducing Twitter’s first algorithmic bias bounty challenge - Rumman Chowdhury & Jutta Williams - https://blog.twitter.com/engineering/en_us/topics/insights/2021/algorithmic-bias-bounty-challenge\n

Sharing learnings from the first algorithmic bias bounty challenge - Kyra Yee & Irene Font Peradejordi - https://blog.twitter.com/engineering/en_us/topics/insights/2021/learnings-from-the-first-algorithmic-bias-bounty-challenge\n

Bias Buccaneers - Rumman Chowdhury, Jutta Williams, Subho Majumdar, Scott Steinhardt, Ben Colman - https://www.biasbuccaneers.org/\n

An Algorithmic Framework for Bias Bounties - Ira Globus-Harris, Michael Kearns, Aaron Roth - https://arxiv.org/abs/2201.10408\n

Machine Learning Security Evasion Competition - Hyrum Anderson, et al. - https://mlsec.io/ https://cujo.com/announcing-the-winners-of-the-2021-machine-learning-security-evasion-competition/\n

MITRE ATLAS - Ram Shankar Siva Kumar, et al - https://atlas.mitre.org/\n

The Spherical Cow of ML Security - Sven Cattell - http://aivillage.org/adversarial%20ml/spherical-cow/\n

The Case for a Hippocratic Oath for Connected Medical Devices: Viewpoint - Beau Woods, Andrea Coravos, and Joshua David Corman - https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6444210/\n

Announcing OpenAI’s Bug Bounty Program - https://openai.com/blog/bug-bounty-program\n

Microsoft Malware Classification Challenge - Royi Ronen, Marian Radu, Corina Feuerstein, Elad Yom-Tov, Mansour Ahmadi - https://www.kaggle.com/c/malware-classification https://arxiv.org/abs/1802.10135\n

\n\n\'',NULL,365452),('3_Saturday','09','09:00','09:45','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Hack the Future: Why Congress and the White House are supporting AI Red Teaming\'','\'Arati Prabhakar,Austin Carson\'','DC_6155abd27233bdfb50b699af961633c3','\'Title: Hack the Future: Why Congress and the White House are supporting AI Red Teaming
\nWhen: Saturday, Aug 12, 09:00 - 09:45 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\nSpeakers:Arati Prabhakar,Austin Carson
\n
SpeakerBio:Arati Prabhakar\n
\nNo BIO available
\n
SpeakerBio:Austin Carson\n, Founder & President at SeedAI
\nAustin Carson is the Founder and President of SeedAI, a nonprofit established to work with a diverse group of policymakers, academics, and private sector experts to help communities across the United States access the resources they need to engage with AI.\n

Previously, Austin established and led the DC government affairs operation for NVIDIA, translating NVIDIA’s expertise in artificial intelligence and high performance computing for policymakers. Prior to joining NVIDIA, Austin held a number of public sector and NGO positions, including serving as Legislative Director for Chairman Michael McCaul and Executive Director for the Technology Freedom Institute. Austin co-founded the Congressional Tech Staff Association, co-led the Congressional Cybersecurity Caucus and the Congressional High Tech Caucus, and is a founding fellow of the Internet Law and Policy Foundry.\n

\n\n
\nDescription:
\nOn May 4th, the White House announced the AI Village at DEF CON\'s Generative AI Red Team and their participation, followed by announcements from the House and Senate AI Caucus leadership and the National Science Foundation.\n

In this panel, we\'ll hear from top officials and executives about how they\'re balancing the explosion of creativity and entrepreneurship from the advent of GenAI with the known & unknown risks of deployment at scale.\n

We\'ll also hear how this exercise is viewed as a model for enhancing trust & safety through democratizing AI education. Panelists will also discuss why it\'s meaningful to bring together thousands of people from different communities to conduct the exercise across the available AI models.\n

\n
REFERENCES
\n
\n

We Need Bug Bounties for Bad Algorithms - Amit Elazari - https://www.vice.com/en/article/8xkyj3/we-need-bug-bounties-for-bad-algorithms\n

Introducing Twitter’s first algorithmic bias bounty challenge - Rumman Chowdhury & Jutta Williams - https://blog.twitter.com/engineering/en_us/topics/insights/2021/algorithmic-bias-bounty-challenge\n

Sharing learnings from the first algorithmic bias bounty challenge - Kyra Yee & Irene Font Peradejordi - https://blog.twitter.com/engineering/en_us/topics/insights/2021/learnings-from-the-first-algorithmic-bias-bounty-challenge\n

Bias Buccaneers - Rumman Chowdhury, Jutta Williams, Subho Majumdar, Scott Steinhardt, Ben Colman - https://www.biasbuccaneers.org/\n

An Algorithmic Framework for Bias Bounties - Ira Globus-Harris, Michael Kearns, Aaron Roth - https://arxiv.org/abs/2201.10408\n

Machine Learning Security Evasion Competition - Hyrum Anderson, et al. - https://mlsec.io/ https://cujo.com/announcing-the-winners-of-the-2021-machine-learning-security-evasion-competition/\n

MITRE ATLAS - Ram Shankar Siva Kumar, et al - https://atlas.mitre.org/\n

The Spherical Cow of ML Security - Sven Cattell - http://aivillage.org/adversarial%20ml/spherical-cow/\n

The Case for a Hippocratic Oath for Connected Medical Devices: Viewpoint - Beau Woods, Andrea Coravos, and Joshua David Corman - https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6444210/\n

Announcing OpenAI’s Bug Bounty Program - https://openai.com/blog/bug-bounty-program\n

Microsoft Malware Classification Challenge - Royi Ronen, Marian Radu, Corina Feuerstein, Elad Yom-Tov, Mansour Ahmadi - https://www.kaggle.com/c/malware-classification https://arxiv.org/abs/1802.10135\n

\n\n\'',NULL,365453),('2_Friday','13','13:00','13:45','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record','\'Living Next Door to Russia\'','\'Mikko Hypponen\'','DC_734429ae947c64d9fdb70a741ad7ba71','\'Title: Living Next Door to Russia
\nWhen: Friday, Aug 11, 13:00 - 13:45 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record - Map
\n
SpeakerBio:Mikko Hypponen\n, Researcher at WithSecure
\nMikko Hypponen is a malware researcher and a best-selling author. He has written for the New York Times, Wired and Scientific American. Mikko has spoken 8 times at Black Hat, and he has 3 TED Talks. Mikko works as the Chief Research Officer for WithSecure and sits in the advisory boards of EUROPOL and Verge Motorcycles.
\nTwitter: @mikko
\n\n
\nDescription:
\nRussia is the world’s largest country. I’ve lived all my life in Finland, about a hundred miles from the Russian border. Finland has learned to live next to a very large and very unpredictable neighbor. Both my grandfathers fought Russia in the second world war. Today, Finland ranks as one of the least corrupted countries in the world, while Russia ranks as one of the most corrupted countries. How is that even possible?\n

As Russia has grown more aggressive over the last decade and as it violently attacked Ukraine, attitudes about neutrality changed quicky in my home country. When Finland joined NATO in April 2023, NATO more than doubled its land border with Russia – which is probably not what Putin had in mind.\n

This talk will summarize the developments of the Russian cyber programs and about Russian patriotic hacker groups that got us into where we are today and makes educated guesses about where Russia will be headed next.\n

\n
REFERENCES
\n
\n

\"If It\'s Smart, It\'s Vulnerable\" (2022) -- Mikko Hypponen, foreword by Jeff Moss\n

\"Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin\'s Most Dangerous Hackers\" (2019) – Andy Greenberg\n

\n\n\'',NULL,365454),('3_Saturday','15','15:30','16:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'ndays are also 0days: Can hackers launch 0day RCE attack on popular softwares only with chromium ndays?\'','\'Bohan Liu,GuanCheng Li,Zheng Wang\'','DC_c17482ba7efc519d0454e951c07c3d4a','\'Title: ndays are also 0days: Can hackers launch 0day RCE attack on popular softwares only with chromium ndays?
\nWhen: Saturday, Aug 12, 15:30 - 16:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\nSpeakers:Bohan Liu,GuanCheng Li,Zheng Wang
\n
SpeakerBio:Bohan Liu\n, Senior Security Researcher at Tencent Security Xuanwu Lab
\nBohan Liu (@P4nda20371774) is a senior security researcher at Tencent Security Xuanwu Lab. He focuses on browser security research and has discovered multiple Chrome vulnerabilities. He also presented his research results on Kanxue SDC and Black Hat Asia.
\nTwitter: @@P4nda20371774
\n
SpeakerBio:GuanCheng Li\n, Senior Security Researcher at Tencent Security Xuanwu Lab
\nGuancheng Li (@atuml1) is a senior researcher at Tencent Security Xuanwu Lab. His research interests are focused on software and system security, IoT security, software engineering and AI. He is also a founder and former captain of r3kapig CTF Team.
\nTwitter: @@atuml1
\n
SpeakerBio:Zheng Wang\n, Senior Security Researcher at Tencent Security Xuanwu Lab
\nZheng Wang (@xmzyshypnc) is a senior Security Researcher at Tencent Security Xuanwu Lab. He\'s mainly engaged in browser and linux kernel security. He is also a speaker attending in Black Hat Asia 2023.
\nTwitter: @@xmzyshypnc
\n\n
\nDescription:
\nChromium is not only the most popular browser in the world but also one of the most widely integrated supply chain components. Nowadays, a large number of popular software is built on frameworks based on Chromium, such as CEF and Electron. This means that vulnerabilities in Chromium will directly affect popular software. In addition, according to Google\'s vulnerability disclosure policy, most of the details of Chromium vulnerabilities will be publicly disclosed 14 weeks after being fixed, and many of these vulnerabilities are high-impact and may lead to RCE. Unfortunately, we have found that much downstream software is unable to timely fix the Chromium vulnerabilities. This creates a window of opportunity for attackers to carry out RCE attacks on popular software. The cost for attackers to exploit these vulnerabilities during this window is relatively low, as it falls between the time of the Chromium vulnerability disclosure and the completion of fixes for popular software. We refer to this window as the \"RCE window period\".\n

In this topic, we will first evaluate the \"RCE window period\" of more than 20 popular software. In the upcoming section, we will showcase how to transform Chromium nday vulnerabilities into popular software 0day vulnerabilities in a low-cost manner within the \"RCE window period\". To illustrate this process, we will use over 10 RCE 0day vulnerabilities in popular software that we have discovered as examples. Some software will attempt to enable sandbox to mitigate this problem, so we will also provide examples of how to bypass the sandbox by exploiting vulnerabilities in the software itself rather than a Chromium sandbox bug.\n

Finally, we will discuss the reasons for the existence of the RCE window period and the lessons learned from it, hoping to help software developers improve the security of their products.\n

\n
REFERENCES
\n
\n

[1] https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html\n[2] https://bugs.chromium.org/p/chromium/issues/list?q=Type%3DBug-Security&can=2\n[3] https://bitbucket.org/chromiumembedded/cef/wiki/GeneralUsage\n[4] https://www.electronjs.org/docs/latest/\n[5] https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/DEFCON-27-Junyu-Zhou-and-Ce-Qin-and-Jianing-Wang-Web2Own-Attacking-Desktop-Apps-From-Web-Securitys-Perspective.pdf\n[6] https://i.blackhat.com/USA-22/Thursday/US-22-Purani-ElectroVolt-Pwning-Popular-Desktop-Apps.pdf\n[7] https://plugins.jetbrains.com/docs/intellij/jcef.html\n[8] https://medium.com/@ethicalkid/recent-burp-rce-zeroday-df39b1b24230\n[9] https://crbug.com/1307610
\n[10] https://cs.android.com/android/platform/superproject/+/master:external/selinux/libselinux/src/android/android_seapp.c\n[11] https://security.googleblog.com/2021/07/protecting-more-with-site-isolation.html\n

\n\n\'',NULL,365455),('3_Saturday','16','15:30','16:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'ndays are also 0days: Can hackers launch 0day RCE attack on popular softwares only with chromium ndays?\'','\'Bohan Liu,GuanCheng Li,Zheng Wang\'','DC_c17482ba7efc519d0454e951c07c3d4a','\'\'',NULL,365456),('1_Thursday','12','12:30','13:15','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'New Isn’t Always Novel: Grep’ing Your Way to $20K at Pwn2Own, and How You Can Too\'','\'James Horseman,Zach Hanley\'','DC_2df7d0a836aaf6c37a33d23e12d9e174','\'Title: New Isn’t Always Novel: Grep’ing Your Way to $20K at Pwn2Own, and How You Can Too
\nWhen: Thursday, Aug 10, 12:30 - 13:15 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:James Horseman,Zach Hanley
\n
SpeakerBio:James Horseman\n, Vulnerability Researcher at Horizon3.ai
\nJames Horseman loves low-level systems programming and reverse engineering. Has a history of developing implants and weaponizing n-days. He is a vulnerability researcher and attack engineer at Horizon3.ai.
\nTwitter: @JamesHorseman2
\n
SpeakerBio:Zach Hanley\n, Vulnerability Researcher at Horizon3.ai
\nZach Hanley has been hooked on exploit development and offensive security since introduced to the world of hacking as an On-Net Operator for DoD and IC organizations. He’s since developed implants and exploits for both the government and commercial sector. He currently is a vulnerability researcher and attack engineer for Horizon3.ai.
\nTwitter: @hacks_zach
\n\n
\nDescription:
\nThe year is 2023 and we’re still finding very basic vulnerabilities in enterprise software.\n

In this presentation, we detail how the hacker mindset can be applied to seemingly daunting tasks to make them more approachable. We will show how we approached our first Pwn2Own contest and how we discovered a command injection RCE vulnerability affecting nearly every Lexmark printer. We’ll take a look at why we think it went unnoticed in previous research and why current open-source static analysis tools miss this simple bug.\n

Finally we’ll release the exploit POC and an additional POC to dump credentials during engagements.\n

\n
REFERENCES
\n
1. https://research.nccgroup.com/2022/02/17/bypassing-software-update-package-encryption-extracting-the-lexmark-mc3224i-printer-firmware-part-1/\n2. https://publications.lexmark.com/publications/security-alerts/CVE-2023-26068.pdf\n3. https://www.zerodayinitiative.com/advisories/upcoming/ (ZDI-CAN-19470)
\n\n\'',NULL,365457),('1_Thursday','13','12:30','13:15','Y','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'New Isn’t Always Novel: Grep’ing Your Way to $20K at Pwn2Own, and How You Can Too\'','\'James Horseman,Zach Hanley\'','DC_2df7d0a836aaf6c37a33d23e12d9e174','\'\'',NULL,365458),('1_Thursday','15','15:30','16:15','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Nuthin But A G Thang: Evolution of Cellular Networks\'','\'Tracy Mosley\'','DC_599a69eaad85969bc4626203800ccf54','\'Title: Nuthin But A G Thang: Evolution of Cellular Networks
\nWhen: Thursday, Aug 10, 15:30 - 16:15 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Tracy Mosley\n, Trenchant
\nTracy is a New York City based Lead Security Research Engineer at Trenchant (formerly known as Azimuth Security). With a degree in Computer Engineering and over 10 years in the industry, Tracy has predominantly focused on vulnerability research, reverse engineering and development for embedded devices. She has led teams focused on telecommunications equipment and contributed to teams large and small working on routers and various types of embedded devices.\n

Her first degree is in theatre performance, with a vocal performance minor. Vocal technique, performance and understanding the vocal mechanism are what drew her into telecommunications. You may have seen her presenting at conferences, attending trainings, dancing the night away or performing on stage.\n

\nTwitter: @@hackerpinup
\n\n
\nDescription:
\n4G? LTE? 3GPP? A lot of telecommunications terminology gets thrown around, but what does it actually mean? While terms like “5G”, and “packet core” may be in common use, it’s hard to understand what they mean in terms of attack surface, or even as a consumer. Very often even network diagrams will show “Core Network” as a big blob, or stop at the Radio Access Network. It’s hard to have insight into the cellular network. So, I’ll explain generation by generation!\n

In this talk we will walk through each step of cellular evolution, starting at 2G and ending at 5G. The never-ending attack and defend paradigm will be clearly laid out. In order to understand the attack surface, I’ll cover network topology and protocol.\nFor each cellular generation, I will explain known vulnerabilities and some interesting attacks. In response to those vulnerabilities, mitigations for the subsequent cellular generation are put in place. But as we all know, new mitigations mean new opportunities for attackers to get creative.\n

While I will explain most cellular-specific terminology, a familiarity with security concepts will help to better understand this talk. Basic foundations of communications systems, information theory or RF definitely make this talk more enjoyable, but are absolutely not necessary. It’s a dense topic that is highly applicable to those working on anything that touches the cellular network!\n

\n
REFERENCES
\n
    \n
  1. LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE, Syed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz, Elisa Bertino\n
  2. https://www.cybersecuritydive.com/news/5g-security-breaches/636693/\n
  3. https://networksimulationtools.com/5g-network-attacks-projects\n
  4. https://www.p1sec.com/corp/category/p1-security/\n
  5. A Vulnerability in 5G Authentication Protocols and Its Countermeasure Xinxin HU, Caixia LIU, Shuxin LIU, Jinsong LI, and Xiaotao CHENG\n
  6. New Vulnerabilities in 5G Networks Altaf Shaik* , Ravishankar Borgaonkar\n
  7. ESF Potential Threats to 5G Network Slicing, NSA, CISA\n
  8. https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010203\n
  9. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/ pentestpartners DC27 talk\n
  10. LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements P1 Security https://conference.hitb.org/hitbsecconf2013ams/materials/D1T2%20-%20Philippe%20Langlois%20-%20Hacking%20HLR%20HSS%20and%20MME%20Core%20Network%20Elements.pdf\n
  11. Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information Syed Rafiul Hussain, Mitziu Echeverria, Omar Chowdhury, Ninghui L,, Elisa Bertino\n
  12. https://thehackernews.com/2018/03/4g-lte-network-hacking.html\n
  13. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/\n
  14. A first look on the effects and mitigation of VoIP SPIT flooding in 4G mobile networks. 982-987. 10.1109/ICC.2012.6364233. Bou-Harb, Elias & Debbabi, Mourad & Assi, Chadi. (2012).\n
  15. https://resources.infosecinstitute.com/topic/cheating-voip-security-by-flooding-the-sip/\n
  16. https://www.mpirical.com/ for 5G trainings\n
  17. https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010203\n
  18. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/\n
  19. https://en.wikipedia.org/wiki/Cellular_network\n
  20. https://www.etsi.org/deliver/etsi_ts/123000_123099/123060/10.03.00_60/ts_123060v100300p.pdf Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); General Packet Radio Service (GPRS); Service description;\n
  21. https://www.etsi.org/deliver/etsi_ts/133100_133199/133102/14.01.00_60/ts_133102v140100p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); 3G security; Security architecture (3GPP TS 33.102 version 14.1.0 Release 14)\n
  22. https://www.etsi.org/deliver/etsi_ts/133400_133499/133401/15.07.00_60/ts_133401v150700p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture\n
  23. https://www.etsi.org/deliver/etsi_ts/133400_133499/133401/15.07.00_60/ts_133401v150700p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture (3GPP TS 33.401 version 15.7.0 Release 15)\n
  24. https://www.etsi.org/deliver/etsi_ts/124300_124399/124301/17.06.00_60/ts_124301v170600p.pdf Universal Mobile Telecommunications System (UMTS); LTE; 5G; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (3GPP TS 24.301 version 17.6.0 Release 17)\n
  25. https://www.etsi.org/deliver/etsi_ts/133500_133599/133501/15.04.00_60/ts_133501v150400p.pdf 5G; Security architecture and procedures for 5G System (3GPP TS 33.501 version 15.4.0 Release 15)\nPrevious talk: https://www.youtube.com/watch?v=-JX7aC0AXEk&t=7387s
\n
\n\n\'',NULL,365459),('1_Thursday','16','15:30','16:15','Y','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Nuthin But A G Thang: Evolution of Cellular Networks\'','\'Tracy Mosley\'','DC_599a69eaad85969bc4626203800ccf54','\'\'',NULL,365460),('4_Sunday','14','14:00','15:15','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Panel: Hacker Court - Interactive Scenario\'','\'winn0na\'','DC_862cfc4c08e98c1d5ba01e92cdcda0c9','\'Title: Panel: Hacker Court - Interactive Scenario
\nWhen: Sunday, Aug 13, 14:00 - 15:15 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\n
SpeakerBio:winn0na\n, Hacker at Policy @DEFCON
\nwinn0na is a former threat analyst turned policy professional. She has organized policy content at DEFCON and has authored multiple pieces on offensive cyber capability proliferation. She will be facilitating the Mock trial as some of the brightest lawyers in cyber (names to be released) take the stage.
\n\n
\nDescription:
\nBe a member of the jury as two lawyers prosecute and defend a hacker (live on the stand) in a made up scenario. You, the audience, will decide if the hacker was caught in the act, or if the attribution was all a false flag. Learn through the trial what evidence you don’t want to leave behind in an op, what D&R can and should collect, and how criminals who conduct cybercrime actually get prosecuted.\n

REFERENCES:
\nhttps://www.cnet.com/tech/services-and-software/use-cnet-shopping-to-seek-out-the-best-deals/ \nhttps://www.steptoecyberblog.com/files/2012/11/ccmanual1.pdf \nhttps://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/03/26/forensics_chart.pdf \nhttps://www.justice.gov/archives/opa/blog/important-court-opinion-holds-lawful-warrants-can-be-used-obtain-evidence-us-internet \nhttps://www.19thcircuitcourt.state.il.us/1610/Guide-to-Conducting-Mock-Trials\n

\n\n\'',NULL,365461),('4_Sunday','15','14:00','15:15','Y','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Panel: Hacker Court - Interactive Scenario\'','\'winn0na\'','DC_862cfc4c08e98c1d5ba01e92cdcda0c9','\'\'',NULL,365462),('3_Saturday','17','17:30','17:50','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Lions and Tigers and Fancy Bears, Oh My!: A Cautionary Tale for our Cyber Future\'','\'Jen Easterly,Scott Shapiro\'','DC_daf9329f754265245befce0ba6a1be6a','\'Title: Lions and Tigers and Fancy Bears, Oh My!: A Cautionary Tale for our Cyber Future
\nWhen: Saturday, Aug 12, 17:30 - 17:50 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\nSpeakers:Jen Easterly,Scott Shapiro
\n
SpeakerBio:Jen Easterly\n, Director at Cybersecurity and Infrastructure Security Agency (CISA)
\nJen Easterly is the Director of the Cybersecurity and Infrastructure Security Agency (CISA). She was nominated by President Biden in April 2021 and unanimously confirmed by the Senate on July 12, 2021. As Director, Jen leads CISA’s efforts to understand, manage, and reduce risk to the cyber and physical infrastructure Americans rely on every day. She is a proud Mom, a mental health advocate, a Rubik’s Cube enthusiast, and an aspiring electric guitarist.\n

Before serving in her current role, Jen was the head of Firm Resilience at Morgan Stanley, responsible for ensuring preparedness and response to business-disrupting operational incidents and risks to the Firm. She also helped build and served as the first Global Head of Morgan Stanley’s Cybersecurity Fusion Center, the Firm’s center of gravity for cyber defense operations.\n

Jen has a long tradition of public service, to include two tours at the White House, most recently as Special Assistant to President Obama and Senior Director for Counterterrorism and earlier as Executive Assistant to National Security Advisor Condoleezza Rice. She also served as the Deputy for Counterterrorism at the National Security Agency.\n

A two-time recipient of the Bronze Star, Jen retired from the U.S. Army after more than twenty years of service in intelligence and cyber operations, including tours of duty in Haiti, the Balkans, Iraq, and Afghanistan. Responsible for standing up the Army’s first cyber battalion, she was also instrumental in the design and creation of United States Cyber Command.\n

A distinguished graduate of the United States Military Academy at West Point, Jen holds a\nmaster’s degree in Philosophy, Politics, and Economics from the University of Oxford, where she studied as a Rhodes Scholar. She is the recipient of numerous honors and awards, including the 2023 Sisterhood Award from Girls Who Code; the 2022 National Defense University Admiral Grace Hopper Award; the 2021 Cybersecurity Ventures Cybersecurity Person of the Year Award; the 2020 Bradley W. Snyder Changing the Narrative Award, and the 2018 James W. Foley Legacy Foundation American Hostage Freedom Award.\n

A member of the Council on Foreign Relations and a French American Foundation Young Leader, Jen is the past recipient of the Aspen Finance Leaders Fellowship, the National Security Institute Visiting Fellowship, the New America Foundation Senior International Security Fellowship, the Council on Foreign Relations International Affairs Fellowship, and the Director, National Security Agency Fellowship.\n

\nTwitter: @@CISAJen
\n
SpeakerBio:Scott Shapiro\n, Charles F. Southmayd Professor of Law and Professor of Philosophy at Yale Law School
\nScott Shapiro is the Charles F. Southmayd Professor of Law and Professor of Philosophy at Yale Law School. His areas of interest include jurisprudence, international law, constitutional law, criminal law and cybersecurity. He is the author of Legality (2011), The Internationalists (2017) (with Oona Hathaway) and editor of The Oxford Handbook of Jurisprudence and Philosophy of Law (2002) (with Jules Coleman). He earned B.A. and Ph.D. degrees in philosophy from Columbia University and a J.D. from Yale Law School. Shapiro is an editor of Legal Theory and the Stanford Encyclopedia of Philosophy. He is also the founding director of the Yale CyberSecurity Lab, which provides cutting-edge cybersecurity and information technology teaching facilities. His new book, Fancy Bear Goes Phishing, details the history and technology of Internet hacking (May 2023).
\n\n
\nDescription:
\nFancy Bear, Dynamic Panda and Charming Kitten – we live in a time where we are constantly under attack without even knowing it. CISA Director Jen Easterly and Yale Law School Professor Scott Shapiro, author of “Fancy Bear Goes Phishing: The Dark History of the Information Age In Five Extraordinary Hacks” discuss how best to understand the challenge of information security; what we can learn from looking back; and how the decisions we make today to prioritize security by design will shape our future.\n
\n\n\'',NULL,365463),('3_Saturday','17','17:00','17:20','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Polynonce: An ECDSA Attack and Polynomial Dance\'','\'Marco Macchetti,Nils Amiet\'','DC_9ba101fb8fa59d072b405b5d449cb1ad','\'Title: Polynonce: An ECDSA Attack and Polynomial Dance
\nWhen: Saturday, Aug 12, 17:00 - 17:20 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:Marco Macchetti,Nils Amiet
\n
SpeakerBio:Marco Macchetti\n, Principal Cryptographer at Kudelski Security
\nMarco works as Principal Cryptographer on Kudelski Security\'s research team. He has a long experience designing a wide range of HW and SW cryptographic modules, from silicon roots of trust through physically unclonable functions to side-channel resistant cryptographic libraries. Marco likes looking at crypto from different points of view, bridging theory and implementation, to find new paths of attack (and defense).
\n
SpeakerBio:Nils Amiet\n, Lead Prototyping Engineer at Kudelski Security
\nNils is a Security Researcher on Kudelski Security’s research team performing research on various topics including privacy, authentication, big data analytics, and internet scanning. He also writes blog posts on various topics for Kudelski’s research blog. Nils likes open source software and has presented his research at DEF CON and Black Hat Arsenal. He was part of creating a massively distributed system for breaking RSA public keys.
\nTwitter: @@tmlxs
\n\n
\nDescription:
\nECDSA is a widely used digital signature algorithm. ECDSA signatures can be found everywhere since they are public. In this talk, we tell a tale of how we discovered a novel attack against ECDSA and how we applied it to datasets we found in the wild, including the Bitcoin and Ethereum networks.\n

Although we didn\'t recover Satoshi\'s private key (we’d be throwing a party on our private yacht instead of writing this abstract), we could see evidence that someone had previously attacked vulnerable wallets with a different exploit and drained them. We cover our journey, findings, and the rabbit holes we explored. We also provide an academic paper with the details of the attack and open-source code implementing it, so people building software and products using ECDSA can identify and avoid this vulnerability in their systems. We\'ve only scratched the surface, there\'s still plenty of room for exploration.\n

\n
REFERENCES
\n
* https://eprint.iacr.org/2019/023\n* https://eprint.iacr.org/2022/169.pdf\n* https://github.com/gcarq/rusty-blockparser\n* https://en.bitcoin.it/wiki/OP_CHECKSIG\n* https://bitcointalk.org/index.php?topic=1431060.0
\n\n\'',NULL,365464),('2_Friday','13','13:30','14:15','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Private Until Presumed Guilty\'','\'Allison Young,Diane Akerman\'','DC_41e9454d1d9171bcb7e71b0306e8625a','\'Title: Private Until Presumed Guilty
\nWhen: Friday, Aug 11, 13:30 - 14:15 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\nSpeakers:Allison Young,Diane Akerman
\n
SpeakerBio:Allison Young\n, Digital Forensics Analyst at The Legal Aid Society
\nAllison Young is an Analyst in the Digital Forensics Unit of the Legal Aid Society. Allison has expertise in computer, mobile, and cloud account preservation and analysis. She is a current Cellebrite Certified Mobile Examiner and holds a Master\'s degree in Digital Forensics from the University of Central Florida. She has examined hundreds of computers and cell phones during her career and has a love-hate relationship with data\n

Allison has used her knowledge of \"how computers think\" to help attorneys understand the importance of their digital evidence so they can better serve their clients, sometimes resulting in reduced, settled, or dismissed outcomes in legal cases. She likes to bridge the gap between what the database says and what may have happened IRL - or point out when crossing that bridge won\'t necessarily bring us to the truth.\n

\n
SpeakerBio:Diane Akerman\n, Digital Forensics Attorney at The Legal Aid Society
\nDiane Akerman is a public defender working in the Legal Aid Society\'s Digital Forensics Unit (DFU). The Digital Forensics Unit is dedicated to fighting the unregulated and unfettered use of surveillance technology primarily by the NYPD. Her work involves investigating and uncovering the purchase and use of technologies, developing litigation strategies in criminal cases, and advocating for policy changes. She has litigated the full array of electronic surveillance technologies employed by the NYPD and local law enforcement, including cell phone tracking, GPS, ShotSpotter and facial recognition technology. She knows what it\'s like to get that email from Facebook informing you that they are about to give the federal government all your data, and to have her cell phone a mere Judge\'s signature away from a Cellebrite machine.
\nTwitter: @MF_Diz
\n\n
\nDescription:
\nDobbs has significantly heightened the fear that everyday private data can be leveraged by law enforcement to prosecute pregnancy outcomes. However, this data is already being used in investigating other criminalized activities. In this talk, we will show you examples of information that can easily be extracted from many phones to surveil personal reproductive decisions.\n

We will also show you how the government obtains your not-so-private thoughts using forensic extraction and reporting tools, with a focus on health and lifestyle apps. This will include a review of the output of common forensic tools, demonstrating both the practical ease of reviewing sensitive data and the technical limitations of interpreting their meaning. Warning: you may find this peek into digital investigations disturbing.\n

We will discuss the different laws that do, or do not, protect your private health data, but will focus primarily on the limitations of the 4th Amendment in the digital world. The talk will provide a brief overview of traditional warrant practice and the \"reasonable expectation of privacy\" in digital data. But because the law has no bearing on reality, we\'ll look at excerpts from search warrants for digital devices and cloud data that illustrate the flawed nature of warrant practice in general, the limitations of the practice in the digital context, and the ease with which the government can obtain your data without any real oversight.\n

Bibliography & References:\n

\n\n\'',NULL,365465),('2_Friday','14','13:30','14:15','Y','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Private Until Presumed Guilty\'','\'Allison Young,Diane Akerman\'','DC_41e9454d1d9171bcb7e71b0306e8625a','\'\'',NULL,365466),('3_Saturday','16','16:30','17:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Abortion Access in the Age of Surveillance\'','\'Corynne McSherry,Daly Barnett,India McKinney,Kate Bertash\'','DC_b0d001f7b9b4ec14d0aed864b0d9efde','\'Title: Abortion Access in the Age of Surveillance
\nWhen: Saturday, Aug 12, 16:30 - 17:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\nSpeakers:Corynne McSherry,Daly Barnett,India McKinney,Kate Bertash
\n
SpeakerBio:Corynne McSherry\n, Legal Director at Electronic Frontier Foundation
\nAs EFF\'s Legal Director, McSherry has extensive experience in advocating for digital civil liberties and promoting net neutrality. Her perspective on the legal frameworks shaping the digital landscape will provide DEF CON attendees with insights on regulatory issues affecting technology users.
\nTwitter: @cmcsherr
\n
SpeakerBio:Daly Barnett\n, Staff Technologist at Electronic Frontier Foundation
\nDaly Barnett is a staff technologist at the Electronic Frontier Foundation and a digital privacy consultant with Hacking//Hustling. She utilizes her skills as a techie and experience as an activist and educator to undermine the harms that surveillance causes movement-oriented work. Where most information security resources seek to protect capital, her goal is to re-tool those concepts to protect people and liberatory movements.
\n
SpeakerBio:India McKinney\n, Director of Federal Affairs at Electronic Frontier Foundation
\nAs a former Capitol Hill staffer and a current EFF lobbyist, India’s main job is to make sure that the laws of the land don\'t suck the life out of the internet. India’s passion has always been for good public policy, and she’s excited to be using skills developed during past legislative battles to fight for encryption, for consumer privacy, and civil liberties in the digital realm.
\nTwitter: @@imck82
\n
SpeakerBio:Kate Bertash\n, Founder at Digital Defense Fund
\nKate Bertash is the founder of the Digital Defense Fund, a digital security organization for the abortion access movement. She is a hacker and designer of the ALPR-jamming clothing line, Adversarial Wear.
\nTwitter: @@katerosebee
\n\n
\nDescription:
\nIn the year since the Supreme Court overturned federal legal protections for reproductive rights, people seeking, providing, and supporting reproductive healthcare are grappling with the challenges of digital surveillance. Multiple services and apps track our movements and communications, and that data can be used by law enforcement and private parties to police and punish abortion access. Lawsuits and prosecutions are already underway and are likely to increase as states continue to pass or expand anti-abortion laws and undermine legal protections for online expression and privacy.\n

But the fight is far from over. At the state and federal level, lawmakers, activists, and technologists are taking steps to establish and shore up legal and practical protections for secure and private healthcare access.\n

This panel brings together legal and security experts to lead a discussion about defending reproductive justice in the digital age Ð what has already been accomplished, whatÕs coming, and how hackers can help. It will build on and update a discussion held last year, also led by EFF and DDF.\n

\n
REFERENCES
\n
https://www.eff.org/issues/reproductive-rights\nhttps://www.eff.org/deeplinks/2023/03/texas-bill-would-systematically-silence-anyone-who-dares-talk-about-abortion-pills\nhttps://www.eff.org/deeplinks/2023/02/eff-backs-california-bill-protect-people-seeking-abortion-and-gender-affirming\nhttps://www.eff.org/deeplinks/2022/09/automated-license-plate-readers-threaten-abortion-access-heres-how-policymakers\nhttps://www.eff.org/deeplinks/2022/08/nonprofit-websites-are-full-of-trackers-that-should-change\nhttps://www.ifwhenhow.org/resources/self-care-criminalized-preliminary-findings/
\n\n\'',NULL,365467),('3_Saturday','17','16:30','17:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Abortion Access in the Age of Surveillance\'','\'Corynne McSherry,Daly Barnett,India McKinney,Kate Bertash\'','DC_b0d001f7b9b4ec14d0aed864b0d9efde','\'\'',NULL,365468),('3_Saturday','16','16:00','16:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Runtime Riddles: Abusing Manipulation Points in the Android Source\'','\'Laurie Kirk\'','DC_3c628c1e0c9142a0c64e11ab8499c2bc','\'Title: Runtime Riddles: Abusing Manipulation Points in the Android Source
\nWhen: Saturday, Aug 12, 16:00 - 16:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Laurie Kirk\n, Security Researcher at Microsoft
\nLaurie Kirk is a Reverse Engineer at Microsoft working in incident response. She specializes in cross-platform malware analysis with a focus on mobile threats. She also runs a YouTube channel (@LaurieWired) that covers all sorts of in-depth Malware Analysis, Reverse-Engineering, Exploitation and security topics. Laurie received her Bachelor\'s Degree from Florida State University in Computer Science with a minor in Math. She started as a Software Engineer for an aerospace company before finding her current calling in Cyber Security and low-level programming.
\nTwitter: @@LaurieWired
\n\n
\nDescription:
\nAndroid malware creators constantly struggle to devise innovative methods to obscure apps and impede reverse engineering. As numerous standard techniques have lost efficacy, I\'ll unveil the next frontier in Android obfuscation: runtime manipulation. Runtime manipulation alters standard application flow-of-control to bypass decompilers and emulators.\n

In this talk, I\'ll reveal my strategy for pinpointing manipulation targets in Android\'s source code. I will describe how I craft manipulators in native C++ once a suitable target has been located. This is accomplished by hooking Java methods via the Java Native Interface (JNI) and typecasting the handle to a C-style pointer. Runtime manipulation can entirely remove traces of ClassLoader calls which are unavoidable for standard Dalvik Executable (DEX) packing, but are also easily discovered and hooked. This technique also effectively breaks cross-reference calculations within all Android decompilers.\n

I will demonstrate and equip attendees with a custom Android library for devices running Android 13, providing a new tool that enables runtime manipulation experimentation. In addition, I\'ll demonstrate my methodology for pinpointing Java targets and modifying their underlying native data structures.\n

\n
REFERENCES
\n
https://security.csl.toronto.edu/wp-content/uploads/2018/06/mwong-usenixsec2018-tiro.pdf
\n

ArtMethod hooking: https://github.com/PAGalaxyLab/YAHFA\nmCookie manipulation: https://github.com/woxihuannisja/Bangcle\nDexFile.java: https://cs.android.com/android/platform/superproject/+/master:libcore/dalvik/src/main/java/dalvik/system/DexFile.java\ndex_file.h: https://cs.android.com/android/platform/superproject/+/refs/heads/master:art/libdexfile/dex/dex_file.h\nart_method.h: https://cs.android.com/android/platform/superproject/+/master:art/runtime/art_method.h;bpv=0;bpt=0\nExecutable.java – contains artMethod field: https://cs.android.com/android/platform/superproject/+/master:libcore/ojluni/src/main/java/java/lang/reflect/Executable.java;l=582?q=artMethod&ss=android%2Fplatform%2Fsuperproject\n

\n\n\'',NULL,365469),('2_Friday','09','09:30','10:15','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Secretary of the Department of Homeland Security Alejandro Mayorkas\'','\'Alejandro Mayorkas\'','DC_d2800c8b272dd4650cf0c6bcd8235d43','\'Title: Secretary of the Department of Homeland Security Alejandro Mayorkas
\nWhen: Friday, Aug 11, 09:30 - 10:15 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Alejandro Mayorkas\n, Secretary at Department of Homeland Security
\nAlejandro Mayorkas was sworn in as Secretary of the Department of Homeland Security by President Biden on February 2, 2021.\n

A political refugee born in Havana, Cuba, Mayorkas is the first Latino and immigrant confirmed to serve as Secretary of Homeland Security. He has led a distinguished 30-year career as a law enforcement official and a nationally recognized lawyer in the private sector. Mayorkas served as the Deputy Secretary of the U.S. Department of Homeland Security from 2013 to 2016, and as the Director of U.S. Citizenship and Immigration Services from 2009 to 2013. During his tenure at DHS, he led the development and implementation of DACA, negotiated cybersecurity and homeland security agreements with foreign governments, led the Department’s response to Ebola and Zika, helped build and administer the Blue Campaign to combat human trafficking, and developed an emergency relief program for orphaned youth following the tragic January 2010 earthquake in Haiti. Mayorkas also created the Fraud Detection and National Security Directorate to better ensure the integrity of the legal immigration system.\n

Mayorkas began his government service in the Department of Justice, where he served as an Assistant United States Attorney in the Central District of California, specializing in the prosecution of white collar crime. After nearly nine years as a federal prosecutor, he became the youngest United States Attorney in the nation, overseeing prosecutions of national significance, including the investigation and prosecution of financial fraud, violations of the Foreign Corrupt Practices Act, public corruption, violent crime, cybercrime, human trafficking, environmental crime, international narcotics money laundering, and securities fraud.\n

Mayorkas received his bachelor’s degree with distinction from the University of California at Berkeley and a law degree from Loyola Law School.\n

\n\n
\nDescription:
\nThe Secretary of US Homeland Security, Alejandro Mayorkas, joins DEF CON for a fireside chat. Secretary Mayorkas will lay some foundational groundwork on some of DHS\' priorities in cybersecurity and how they address pressing IS and global issues, then sit down to talk with The Dark Tangent, in a casual conversation with thousands of their closest hacker friends.\n
\n\n\'',NULL,365470),('2_Friday','10','09:30','10:15','Y','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Secretary of the Department of Homeland Security Alejandro Mayorkas\'','\'Alejandro Mayorkas\'','DC_d2800c8b272dd4650cf0c6bcd8235d43','\'\'',NULL,365471),('3_Saturday','17','17:00','17:20','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js\'','\'Mikhail Shcherbakov,Musard Balliu\'','DC_8a8edffed2696f81f2494d66aed59634','\'Title: Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
\nWhen: Saturday, Aug 12, 17:00 - 17:20 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\nSpeakers:Mikhail Shcherbakov,Musard Balliu
\n
SpeakerBio:Mikhail Shcherbakov\n, KTH Royal Institute of Technology
\nMikhail Shcherbakov came to security from enterprise app development. The tendency is to push it as far as you can… He is now doing a Ph.D. in Language-Based Security after 10+ years of experience in the industry. He participated in Microsoft, GitHub, and open-source bug bounty programs, found vulnerabilities in popular products, and helped to fix them. Before starting a Ph.D. program, he focused on .NET and web security, gave talks at conferences, organized IT meetups, and got the Microsoft MVP Award in 2016 – 2018. Mikhail is an author of commercial static analysis tools and continues research in program analysis.
\nTwitter: @yu5k3
\n
SpeakerBio:Musard Balliu\n, KTH Royal Institute of Technology
\nNo BIO available
\n\n
\nDescription:
\nMany have heard about Prototype Pollution vulnerabilities in JavaScript applications. This kind of vulnerability allows an attacker to inject properties into an object\'s root prototype that may lead to flow control alteration and unexpected program behavior. Every time a successful exploit looks like magic or is limited to a denial of service (DoS). Would you be surprised if I told you that every application has a chain of methods that can be triggered by Prototype Pollution and leads to arbitrary code execution? Such gadgets populated Node.js core code and popular NPM packages. Keep calm. Not every app can be exploited! However, this fact increases the risk of exploitation many times over.\n

In our research, we studied Prototype Pollution beyond DoS and analyzed Node.js source code against the gadgets. We then analyzed 15 popular Node.js apps from GitHub and got 8 RCEs. Through this talk, I will elaborate on the detected gadgets and vulnerabilities. We will also take a look at how the recent changes in Node.js mitigate these issues. \n

\n
REFERENCES
\n
\n

Mikhail Shcherbakov, Musard Balliu and Cristian-Alexandru Staicu \"Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js\" https://github.com/yuske/silent-spring/blob/master/silent-spring-full-version.pdf\nGareth Heyes \"Server-side prototype pollution: Black-box detection without the DoS\" https://portswigger.net/research/server-side-prototype-pollution\nMichał Bentkowski \"Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609)\" https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/\nOlivier Arteau \"Prototype Pollution Attack in NodeJS application\" https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf\n

\n\n\'',NULL,365472),('3_Saturday','15','15:00','15:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Spooky authentication at a distance\'','\'Tamas \"SkelSec\" Jos\'','DC_68e0d6d187b7cc6d8088b78ebed60e28','\'Title: Spooky authentication at a distance
\nWhen: Saturday, Aug 12, 15:00 - 15:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Tamas \"SkelSec\" Jos\n, Principal Security Consultant at Sec-Consult AG
\nTamas Jos (@skelsec) is a principal security consultant at SEC Consult (Schwiez) AG. He has worked within the information security industry for over 10 years, focusing mainly on reversing topics across many industries around the globe. He has an in-depth technical appreciation of Windows security, which heavily influences his research. This often takes him down many low level rabbit holes, leading to the creation and maintenance of well-received open-source projects, such as pypykatz & OctoPwn.\n

You can find Tamas’ musings on his blog at https://github.com/skelsec/\n

\nTwitter: @skelsec
\n\n
\nDescription:
\nSpooky authentication at a distance outlines a new and innovative post-exploitation technique to proxy common authentication protocols used in Windows environments remotely and with no elevated privileges required. This allows security professionals to perform complete impersonation of the target user on their own machine without executing any further code on the target machine besides the agent itself. This talk will also demonstrate the applicability of this new technique by performing no-interaction, full domain takeover using a malicious peripheral in a simulated restricted environment. \n
\n
REFERENCES
\n
Tools which will be showed in the demos:\n [AioSMB] https://github.com/skelsec/aiosmb\n [MSLDAP] https://github.com/skelsec/msldap\n [WSNet] https://github.com/skelsec/wsnet\n [OctoPwn] https://community.octopwn.com\n [Asyauth] https://github.com/skelsec/asyauth\n [Aardwolf] https://github.com/skelsec/aardwolf\n \n
\n

My previous talk on [OctoPwn] the in-browser pentest suite can be found here: https://youtu.be/jStdrDHTmD4​\n \n

Related tools:
\n [PYODIDE] Octopwn uses Pyodide framework to run in the browser. https://github.com/pyodide/pyodide\n [LDAP3] The MSLDAP project used code parts from this project. https://ldap3.readthedocs.io/en/latest/\n [RDPY] The Aardwolf RDP clinet is based on this tool. https://github.com/citronneur/rdpy\n [BLOODHOUND] Jackdaw was based on this tool. https://github.com/BloodHoundAD/BloodHound\n [IMPACKET] aioSMB libraries were based partially on this tool. https://github.com/fortra/impacket\n [LsaRelayX] Future extension https://github.com/CCob/lsarelayx\n [duckencoder] To automate keystrokes on the embedded system https://github.com/mame82/duckencoder.py\n

\n\n\'',NULL,365473),('3_Saturday','11','11:00','11:45','N','DC','Caesars Forum - Academy - 407-410 - Track 4','\'Spread spectrum techniques in disposable drones for anti drone evasion\'','\'David Melendez,Gabriela \"Gabs\" García\'','DC_c06089a14d3566172de0a5000de8e1e6','\'Title: Spread spectrum techniques in disposable drones for anti drone evasion
\nWhen: Saturday, Aug 12, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Academy - 407-410 - Track 4 - Map
\nSpeakers:David Melendez,Gabriela \"Gabs\" García
\n
SpeakerBio:David Melendez\n, R&D Embedded Software Engineer
\nDavid Melendez is an R&D Embedded Systems Engineer, with over twelve years of experience in cybersecurity and hardware hacking. He has a proven track record of presenting his groundbreaking investigations at prestigious conferences around the world, including DEFCON, BLACKHAT, and ROOTEDCON.\n

David is also a drone creator and author of the book \"Hacking with Drones,\" which showcases his innovative use of drones in cybersecurity research. With his passion for pushing the boundaries of technology, David is constantly seeking new ways to improve the security and functionality of embedded systems.\n

\nTwitter: @@taiksontexas
\n
SpeakerBio:Gabriela \"Gabs\" García\n, Hacker, Professor and Mentor
\nGabriela \"Gabs\" García is a university professor and mentor, Secure Software Developer and coding and cybersecurity instructor for organizations such as LinkedIn, Cyber Hunter Academy and Kschool. She teaches, whether that\'s in a lecture hall or over the internet, about software development, with a keen eye for secure practices.\n

Gabriela is also an active member in hacker communities such as HackMadrid%27 and Hack%27, both at home in Spain and across the world. And as an independent professional, she gets to work with a wide variety of clients, crafting custom cybersecurity solutions to fit their specific needs.\n

\n\n
\nDescription:
\nThe popularity of cheap and DIY drones has made them a target for attackers using radiofrequency (RF) signals. Frequency hopping is a technique that can be used to mitigate the risks associated with RF warfare. However, implementing frequency hopping in cheap and DIY drones presents several technical challenges, such as the need for a stable clock and synchronization between the transmitter and receiver without rising hardware costs. Despite these challenges, frequency hopping can significantly enhance the security of consumer and DIY drones making much more challenging or even useless anti-drone systems\' role.\n
\n
REFERENCES
\n
\n

DEF CON 24 - Aaron Luo - Drones Hijacking: Multidimensional attack vectors and countermeasures\nDEF CON 25 - Game of Drones - Brown,Latimer\nDEF CON 26 - David Melendez Cano - Avoiding antidrone systems with nanodrones.\nDEF CON 29 - Steal This Drone - An Aerospace Village Cybersecurity Activity - http://loonwerks.com/publications/pdf/Steal-This-Drone-README.pdf\nhttps://unicornriot.ninja/2017/hacking-drones-ultrasonic-pulses/\nhttps://en.wikipedia.org/wiki/Tempest_(codename)\n

\n\n\'',NULL,365474),('4_Sunday','10','10:00','10:45','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'StackMoonwalk: A Novel approach to stack spoofing on Windows x64\'','\'Alessandro \"klezVirus\" Magnosi,Arash \"waldo-irc\" Parsa,Athanasios \"trickster0\" Tserpelis\'','DC_5e7637f5752709a8ed0eff9480df82ec','\'Title: StackMoonwalk: A Novel approach to stack spoofing on Windows x64
\nWhen: Sunday, Aug 13, 10:00 - 10:45 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\nSpeakers:Alessandro \"klezVirus\" Magnosi,Arash \"waldo-irc\" Parsa,Athanasios \"trickster0\" Tserpelis
\n
SpeakerBio:Alessandro \"klezVirus\" Magnosi\n, Principal Security Consultant at BSI
\nAlessandro Magnosi is a Principal cyber security consultant with more than 10 years of experience in the IT field. Currently, he\'s part of the Security Testing Team at BSI, which is the UK national standards body, and a Global certification, training and cybersecurity firm. On top of his normal work, Alessandro works as an independent researcher for Synack RT, and an OSS developer for Porchetta Industries, where he maintains offensive tools.
\nTwitter: @@klezVirus
\n
SpeakerBio:Arash \"waldo-irc\" Parsa\n, Cybersecurity Professional
\nArash Parsa is a highly skilled and passionate cybersecurity professional with extensive experience in threat hunting, red teaming, and research. As a dedicated member of the InfoSec community, Arash has become a trusted name in advancing the field and helping to protect digital assets from ever-evolving threats. Above all, Arash takes great pride in being an active community member and mentor to aspiring cybersecurity professionals. By sharing their knowledge and experience, he is helping to shape the next generation of InfoSec experts and ensure the continued growth and success of the industry.
\nTwitter: @@waldoirc
\n
SpeakerBio:Athanasios \"trickster0\" Tserpelis\n, Red Teamer and Malware Developer
\nThanos is a senior security consultant in Nettitude, focused mainly in Red Teaming and specializes in Offensive tool development such as elaborate malwares, EDR evasion techniques and tooling that makes a red teamer\'s life easier. Additionally, he is really into low level stuff, such as exploit development in Windows OS.
\nTwitter: @trickster012
\n\n
\nDescription:
\nThe rapid advancement of cyber defense products has led to an increase in sophisticated memory evasion techniques employed by Red Teaming and Malware Development communities. These techniques aim to bypass the detection of malicious code by concealing its presence in a target process\'s memory. Among these methods, \"Thread Stack Spoofing\" is a technique that hides malicious calls in the stack by replacing arbitrary stack frames with fake ones.\n

In this talk, we present two novel approaches, \"Full Moon\" and \"Half Moon,\" for tampering with call stacks in a manner that is both opaque and difficult to detect. These techniques manipulate the call stack to produce unwinding or logically valid stacks, thwarting conventional detection methods.\n

We also introduce a detection algorithm, Eclipse, designed to identify instances of these tampering techniques. This algorithm extends the functionality of RtlVirtualUnwind to perform strict checks on specific instructions and call sequences, enabling the detection of tampered call stacks. We evaluate the efficacy of Eclipse against both Full Moon and Half Moon techniques and discuss its performance and limitations.\n

Additionally, we explore the possibility of combining these techniques to create an even more robust method for call stack tampering that is resistant to detection. Our study contributes to the growing body of knowledge in the field of call stack tampering and detection and provides valuable insights for researchers and security professionals aiming to mitigate such threats.\n

\n
REFERENCES
\n
\n

namazso. 2019. x64 return address spoofing (source + explanation). UnKnoWnCheaTs - Multiplayer Game Hacking and Cheats. Retrieved April 4, 2023 from https://www.unknowncheats.me/forum/anti-cheat-bypass/268039-x64-return-address-spoofing-source-explanation.html\nMariusz Banach. 2023. Thread Stack Spoofing / Call Stack Spoofing PoC. Retrieved April 3, 2023 from https://github.com/mgeeky/ThreadStackSpoofer\nWilliam Burgess. Behind the Mask: Spoofing Call Stacks Dynamically with Timers | Cobalt Strike Blog. Fortra. Retrieved April 3, 2023 from https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/\nWilliam Burgess. Spoofing Call Stacks To Confuse EDRs. Retrieved April 4, 2023 from https://labs.withsecure.com/publications/spoofing-call-stacks-to-confuse-edrs\nMicrosoft Corp. 2021. x64 prolog and epilog. Retrieved April 3, 2023 from https://learn.microsoft.com/en-us/cpp/build/prolog-and-epilog\nMicrosoft Corp. 2022. x64 exception handling. Retrieved April 3, 2023 from https://learn.microsoft.com/en-us/cpp/build/exception-handling-x64\nCodeMachine. 2021. x64 Deep Dive. Retrieved April 3, 2023 from https://www.codemachine.com/article_x64deepdive.html\n

\n\n\'',NULL,365475),('2_Friday','12','12:00','12:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Still Vulnerable Out of the Box: Revisiting the Security of Prepaid Android Carrier Devices\'','\'Angelos Stavrou,Mohamed Elsabagh,Ryan Johnson\'','DC_f203fa4a596756d80ef0239880dc67ba','\'Title: Still Vulnerable Out of the Box: Revisiting the Security of Prepaid Android Carrier Devices
\nWhen: Friday, Aug 11, 12:00 - 12:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:Angelos Stavrou,Mohamed Elsabagh,Ryan Johnson
\n
SpeakerBio:Angelos Stavrou\n, Founder and Chief Scientist at Quokka
\nDr. Angelos Stavrou is Founder and Chief Scientist of Quokka (formerly Kryptowire), a Virginia based Mobile Security company. He is also a Professor at the Bradley Department of Electrical & Computer Engineering at Virginia Tech. Dr. Stavrou has served as principal investigator on research awards from NSF, DARPA, IARPA, DHS, AFOSR, ARO, ONR. He is an active member of NIST\'s Mobile Security team and has written more than 130 peer-reviewed conference and journal articles. Dr. Stavrou received his M.Sc. in Electrical Engineering, M.Phil. and Ph.D. (with distinction) in Computer Science all from Columbia University. He also holds an M.Sc. in theoretical Computer Science from the University of Athens and a B.Sc. in Physics with distinction from the University of Patras, Greece. Stavrou is an Associate Editor of IEEE Transactions on Computers, IEEE Security & Privacy, and IEEE Internet Computing magazines and a previous co-chair of the IEEE Blockchain initiative. Over the past few years, Dr. Stavrou\'s research has focused on two aspects of security: Systems\' Security and Reliability. Dr. Stavrou is a member of USENIX, and a senior member of ACM and IEEE.
\n
SpeakerBio:Mohamed Elsabagh\n, Senior Director, R&D at Quokka
\nDr. Mohamed Elsabagh leads the research and development efforts at Quokka (formerly Kryptowire). He specializes in automated static/dynamic binary security analysis and reverse engineering for Android, ARM, and x86 platforms. He has created several tools that helped detect and prevent hundreds of zero-day vulnerabilities in the wild. Mohamed holds a PhD in CS during which he developed automated binary hardening techniques for COTS systems.
\n
SpeakerBio:Ryan Johnson\n, Senior Director, R&D at Quokka
\nDr. Ryan Johnson is a Senior Director, R&D at Quokka (formerly Kryptowire). His research interests are static and dynamic analysis of Android apps and reverse engineering. He is a co-founder of Quokka and has presented at DEF CON, Black Hat (USA, Asia, & MEA), IT-Defense, and @Hack. His research in Android security has been assigned dozens of CVEs and is responsible for discovering the Adups spyware that affected millions of Android smartphones.
\n\n
\nDescription:
\nPrepaid Android smartphones present an attractive option since they can be used and discarded at will without significant financial cost. The reasons for their use are manifold, although some people may use them to dissemble their true identity. Prepaid smartphones offer value, but there may be an additional \"cost\" for their cheap price. We present an examination of the local attack surface of 21 prepaid Android smartphones sold by American carriers (and 11 unlocked smartphones). While examining these devices, we discovered instances of arbitrary command execution in the context of a \"system\" user app, arbitrary AT command execution, arbitrary file write in the context of the Android System (i.e., \"system_server\"), arbitrary file read/write in the context of a \"system\" user app, programmatic factory reset, leakage of GPS coordinates to a loopback port, numerous exposures of non-resettable device identifiers to system properties, and more.\n

The only user interaction that our threat model assumes is that the user installs and runs a third-party app that has no permissions or only a single \"normal\" level permission that is automatically granted to the third-party app upon installation. The installed third-party app can leverage flaws in pre-loaded software to escalate privileges to indirectly perform actions or obtain data while lacking the necessary privileges to do so directly. Due to a wide range of local interfaces with missing access control checks and inadequate input validation, a third-party app’s behavior is not truly circumscribed by the permissions that it requests. Due to the common inclusion of pre-loaded software from Android vendors, chipset manufacturers, carriers, and vendor partners, exploit code can have significant breadth. The inter-app communication used to exploit these vulnerabilities may be difficult to classify as inherently malicious in general since it uses the standard communication channels employed by non-malicious apps.\n

We pick up again where we left off from our DEF CON 26 talk … raiding the prepaid Android smartphone aisles at Walmart. We provide another snapshot on the state of security for Android carrier devices. In this talk, we examine 21 different prepaid Android smartphones being sold by the major American carriers, and we also cover 11 unlocked Android devices, which are primarily ZTE smartphones. We identified vulnerabilities in multiple layers of the Android software stack. For each discovered vulnerability, we step through the attack requirements, access vector, and attack workflow in order to help developers and bug hunters identify common software flaws going forward.\n

\n
REFERENCES
\n
\n

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664\nhttps://www.bleepingcomputer.com/news/security/oneplus-phones-come-preinstalled-with-a-factory-app-that-can-root-devices/\nhttps://source.android.com/docs/security/features/selinux#background\nhttps://en.wikipedia.org/wiki/Confused_deputy_problem\nhttps://github.com/thanuj10/Nokia-Debloater\nhttps://developer.android.com/training/articles/user-data-ids#best-practices-android-identifiers\nhttps://android.googlesource.com/platform/hardware/ril/+/master/include/telephony/ril.h\nhttps://github.com/lbule/android_hardware_mediatek\nhttps://security.tecno.com/SRC/blogdetail/99?lang=en_US\nhttps://extensionpublications.unl.edu/assets/pdf/ec157.pdf\nhttps://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/service/persistentdata/PersistentDataBlockManager.java#143\nhttps://github.com/ptoomey3/evilarc/blob/master/evilarc.py\nhttps://android.googlesource.com/platform/frameworks/base/+/master/packages/SystemUI/\nhttps://android.googlesource.com/platform/packages/apps/Settings/+/refs/heads/master\n

\n\n\'',NULL,365476),('4_Sunday','11','11:00','11:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'The Art of Compromising C2 Servers: A Web Application Vulnerabilities Perspective\'','\'Vangelis Stykas\'','DC_d939e519a5ee21a50b393ba43f8fa211','\'Title: The Art of Compromising C2 Servers: A Web Application Vulnerabilities Perspective
\nWhen: Sunday, Aug 13, 11:00 - 11:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Vangelis Stykas\n, CTO at Tremau
\nVangelis is a software developer, penetration tester, and PhD candidate.He applies his skills at his job as Chief Technology Officer at Tremau and his research focus revolves around API and web application security. His academic research is focused on machine learning in web application security and the development of proactive web application security. During his free time, Vangelis is helping start-ups secure themselves on the Internet and get a leg up in security terms. During the past years he has published and presented research regarding API control functions for ships, smart locks, IP cameras, EV chargers and many other IoT devices. He has performed extensive research on the stakerware industry.
\nTwitter: @@evstykas
\n\n
\nDescription:
\nC2 servers of mobile and Windows malware are usually left to their own fate after they have been discovered and the malware is no longer effective. We are going to take a deep dive into the rabbit hole of attacking and owning C2 servers, exposing details about their infrastructure, code bases, and the identity of the companies and individuals that operate and profit from them.\n

While understanding and reversing malware is a highly skilled procedure, attacking the C2 itself rarely requires a lot of technical skills. Most of the C2 servers have the same typical HTTP problems that can be detected by off-the-shelf vulnerability scanners.\n

By exploiting low-hanging fruit vulnerabilities, an attacker can obtain unauthorized access to administrative functions, allowing them to command thousands of devices and further explore other attack vectors. This can give them access to administrator panels and malware source code, and result in the identity of threat actors being exposed.\n

\n
REFERENCES
\n
\n

Harly malware: https://www.kaspersky.com/blog/harly-trojan-subscriber/45573/\nClipper malware: https://www.welivesecurity.com/2023/03/16/not-so-private-messaging-trojanized-whatsapp-telegram-cryptocurrency-wallets/\nNexus malware: https://www.techrepublic.com/article/nexus-android-malware-finance-targets/\nAurora malware: https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/\n

\n\n\'',NULL,365477),('3_Saturday','13','13:30','14:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'The GitHub Actions Worm: Compromising GitHub repositories through the Actions dependency tree\'','\'Asi Greenholts\'','DC_a7f9de5bc75798596d84b024ea0b2a87','\'Title: The GitHub Actions Worm: Compromising GitHub repositories through the Actions dependency tree
\nWhen: Saturday, Aug 12, 13:30 - 14:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:Asi Greenholts\n, Security Researcher at Palo Alto Networks
\nAsi has 8 years of experience in the security field, including security architecture, SOC management, incident response, and application security research. Asi has gained his experience working for major organizations in the financial and government sectors. Today, Asi is a security researcher that focuses on revolutionizing CI/CD security at Palo Alto Networks. During his free time, Asi likes to read, invest in the stock market and to snowboard.
\nTwitter: @@TupleType
\n\n
\nDescription:
\nGitHub is the most popular platform to host Open Source projects therefore, the popularity of their CI/CD platform - GitHub Actions is rising, which makes it an attractive target for attackers.\n

In this talk I’ll show you how an attacker can take advantage of the Custom GitHub Actions ecosystem by infecting one Action to spread malicious code to other Actions and projects by showing you a demo of POC worm.\n

We will start by exploring the ways in which Actions are loosely and implicitly dependent on other Actions. This will allow us to create a dependency tree of Actions that starts from a project that we want to attack and hopefully ends in a vulnerable Action that we can take control of.\n

We will then dive down to how GitHub Actions is working under the hood and I’ll show you how an attacker that is in control of an Action can utilize the mechanism of the GitHub Actions Runner to infect other Actions that are dependent on their Action and eventually infect the targeted project.\n

Finally, after we’ve gained all of the theoretical knowledge I’ll show you a demo with POC malware that is spreading through Actions and we will talk on how to defend against this kind of attack.\n

\n
REFERENCES
\n
https://karimrahal.com/2023/01/05/github-actions-leaking-secrets/
\n\n\'',NULL,365478),('3_Saturday','14','13:30','14:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'The GitHub Actions Worm: Compromising GitHub repositories through the Actions dependency tree\'','\'Asi Greenholts\'','DC_a7f9de5bc75798596d84b024ea0b2a87','\'\'',NULL,365479),('2_Friday','09','09:00','09:45','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'The Internals of Veilid, a New Decentralized Application Framework\'','\'Christien \"DilDog\" Rioux,Katelyn \"Medus4\" Bowden\'','DC_d7fcf82e61798d28d378e679818eec38','\'Title: The Internals of Veilid, a New Decentralized Application Framework
\nWhen: Friday, Aug 11, 09:00 - 09:45 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\nSpeakers:Christien \"DilDog\" Rioux,Katelyn \"Medus4\" Bowden
\n
SpeakerBio:Christien \"DilDog\" Rioux\n, Cult Of The Dead Cow
\nChristien \'DilDog\' Rioux is a member of The Cult Of The Dead Cow, the author of remote-access utility Back Orifice 2000, and a thorn in Microsoft\'s side for over a decade. DilDog is the creator of StuntBanana, a caller-id spoofing system, and is proprietor of the hacker-fashion line HACK.XXX. He is also Co-Founder and former Chief Scientist of Veracode, on the founding team of @stake, as well as a member of L0pht Heavy Industries. DilDog is a staunch believer that if you want to change the present you need to build the future, and is very sorry for having helped create \"InfoSec\" from hacking, and would like to undo the damage.
\nTwitter: @@dildog
\n
SpeakerBio:Katelyn \"Medus4\" Bowden\n, Cult Of The Dead Cow
\nKatelyn Bowden is a hacker, activist, and CULT OF THE DEAD cow member, who embraces the human side of hacking and tech. She also creates strange furby art and has over 60 dead things on display in her house.
\nTwitter: @@medus4_cdc
\n\n
\nDescription:
\nVeilid is an open-source, peer-to-peer, mobile-first networked application framework, with a flagship secure messaging application named VeilidChat. Veilid is conceptually similar to IPFS + Tor, but faster and designed from the ground-up to provide all services over a privately routed network. The network also enables development of distributed applications without a \'blockchain\' or a \'transactional layer\' at their base. Veilid can be included as part of user-facing applications or run as a standalone server for power users who wish to help build the network.\n

Architecturally, it is written in Rust, uses strong encryption, and nodes can run on Linux, Mac, Windows, Android, iOS, and in-browser WASM. Low-level protocols over UDP, raw TCP, Websockets and Secure Websockets. Nodes are optimized for low latency, high node churn, and are particularly capable of dealing with low level network changes, such as switching from cellular to wifi networks mid-communication.\n

This talk will focus on the internals of Veilid:\n* How it works as a protocol
\n* How it leverages strong cryptography to provide private communications\n* How it provides decentralized storage and cryptographically sound data structures\n* How applications are written to leverage the Veilid Network\n

We will demonstrate Veilid Server, and VeilidChat, the application.\n

\n
REFERENCES
\n
Tor Project: www.torproject.org\nIPFS: www.ipfs.tech
\n\n\'',NULL,365480),('4_Sunday','13','13:00','13:45','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'The Price of Convenience: How Security Vulnerabilities in Global Transportation Payment Systems Can Cost You\'','\'Omer Attias\'','DC_a68fcb51b126710fbc5d19ba43176556','\'Title: The Price of Convenience: How Security Vulnerabilities in Global Transportation Payment Systems Can Cost You
\nWhen: Sunday, Aug 13, 13:00 - 13:45 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:Omer Attias\n, Security Researcher at SafeBreach Labs
\nOmer Attias is an accomplished security researcher with over five years of experience in the field of cybersecurity. He currently works as a researcher at SafeBreach Labs.\n

With a background in the Ministry of Defense and the Israeli Defense Forces (IDF), Omer has honed his skills in network research, including a deep understanding of Windows internals and Linux kernel components.\n

In addition to his professional pursuits, Omer is a passionate technology and science enthusiast who is always eager to explore emerging trends and innovations in these fields.\n

\nTwitter: @@omerat21
\n\n
\nDescription:
\nPublic transportation payment systems have undergone significant changes over the years. Recently, mobile payment solutions have become increasingly popular, allowing passengers to pay for their fare using their smartphones or other mobile devices.\n

The evolution of public transportation payment systems has been driven by the need for faster, more convenient, and more secure payment methods, and this trend is likely to continue in the years to come, But how secure are mobile payment solutions for public transportation?\n

In this presentation, we will examine the security risks associated with transportation applications, using Moovit as a case study. Moovit is a widely used transportation app operating in over 100 countries and 5000+ cities. Through our investigation of the app\'s API, including SSL-encrypted data, we discovered specific vulnerabilities, which we will discuss. We will also demonstrate a custom user interface that can obtain a \"free ticket\" and cause someone else to pay. Furthermore, we will explain how an attacker could gain unauthorized access to and exfiltrate Personal Identifiable Information (PII) of registered users. Our findings offer practical recommendations to improve the security of transportation apps.\n

\n
REFERENCES
\n
https://github.com/httptoolkit/frida-android-unpinning/blob/main/frida-script.js\nhttps://moovit.com/
\n\n\'',NULL,365481),('2_Friday','17','17:30','17:50','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'Track the Planet! Mapping Identities, Monitoring Presence, and Decoding Business Alliances in the Azure Ecosystem\'','\'nyxgeek\'','DC_4d69af31554f77e37c55b4a54777ccf1','\'Title: Track the Planet! Mapping Identities, Monitoring Presence, and Decoding Business Alliances in the Azure Ecosystem
\nWhen: Friday, Aug 11, 17:30 - 17:50 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:nyxgeek\n, Hacker at TrustedSec
\nnyxgeek is a hacker at TrustedSec. Interests include: user enumeration, password spraying, password cracking. Team Trontastic on the CMIYC leaderboard.
\nTwitter: @@nyxgeek
\n\n
\nDescription:
\nMicrosoft Azure is ripe with user information disclosures. We are going to look at weaponizing these disclosures by performing data collection at a large scale against OneDrive, Teams, and Graph.\n

OneDrive and Teams present silent enumeration methods, requiring no logon attempts and creating no logs. This enables enumeration at a massive scale against the biggest corporations, educational instututes, and government entities in the world. Over the last 1.5 years I have enumerated over 20m users. We will explore the techniques used and the data that was collected, including Azure adoption rates and analysis of username formats.\n

Microsoft Teams suffers from information dislcosure due to default settings allowing users to see the online presence of others. An undocumented, unauthenticated Microsoft Teams Presence lookup trick will be shared, which enables easy unauthenticated enumeration of the online Teams Presence of users at many organizations. To demonstrate this we will monitor approximately 100,000 Microsoft employees\' online presence and any out-of-office messages that are stored.\n

Finally, Azure supports Guest users, allowing two companies to collaborate on a project. I will unveil a method of identifying Azure Guest users at other tenants. In this way, hidden corporate relationships can be revealed.\n

Related exploits identified include:\n

Microsoft Lync Time-Based User Enum (no CVE - 2016)\n Microsoft Skype for Business 2016 XSS Injection - CVE-2017-8550\n Microsoft Lync 2011 for Mac HTML Injection - CVE-2018-8474\n

Related Tools:\n

onedrive_user_enum
\n o365recon
\n lyncsmash\n \n

\n
REFERENCES
\n
\n

https://github.com/nyxgeek/onedrive_user_enum\nhttps://github.com/Flangvik/TeamFiltration/\n

\n\n\'',NULL,365482),('2_Friday','14','14:00','14:20','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record','\'Tracking the Worlds Dumbest Cyber-Mercenaries\'','\'Cooper Quintin\'','DC_e4ef829d9064c3436f6a4eb863ef3ad3','\'Title: Tracking the Worlds Dumbest Cyber-Mercenaries
\nWhen: Friday, Aug 11, 14:00 - 14:20 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record - Map
\n
SpeakerBio:Cooper Quintin\n, Senior Staff Technologist at Electronic Frontier Foundation
\nCooper Quintin is a security researcher and senior public interest technologist with the EFF Threat Lab. He has worked on projects including Privacy Badger, Canary Watch, and analysis of state sponsored malware campaigns such as Dark Caracal. Cooper has given talks at security conferences including Black Hat, DEFCON, Enigma Conference, and ReCon about issues ranging from IMSI Catcher detection to fem tech privacy issues to newly discovered APTs. He has also been published or quoted in publications including: The New York Times, Reuters, NPR, CNN, and Al Jazeera. Cooper has given security trainings for activists, non profit workers, and vulnerable populations around the world. He previously worked building websites for nonprofits, including Greenpeace, Adbusters, and the Chelsea Manning Support Network. Cooper was also an editor and contributor to the hacktivist journal, \"Hack this Zine.\" In his spare time he enjoys making music, visualizing a solar-punk anarchist future, and playing with his kids.
\nTwitter: @cooperq
\n\n
\nDescription:
\nFor the last 6 years my colleagues and I have been tracking the activities of the cyber-mercenaries we call Dark Caracal. In this time we have observed them make a number of hilarious mistakes which have allowed us to gain crucial insights into their activities and victims. In this talk we will discuss the story of Dark Caracal, the mistakes they have made, and how they have managed to remain effective despite quite possibly being the dumbest APT to ever exist.\n
\n
REFERENCES
\n
https://www.eff.org/wp/operation-manul\nhttps://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf\nhttps://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/\nhttps://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america
\n\n\'',NULL,365483),('1_Thursday','11','11:00','11:20','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'UNConventional Cybercrime: How a Bad Anti-Hacking Treaty is Becoming a Law\'','\'Bill Budington,Katitza Rodriguez\'','DC_2a16b63c95fa7f2868d6156e10161859','\'Title: UNConventional Cybercrime: How a Bad Anti-Hacking Treaty is Becoming a Law
\nWhen: Thursday, Aug 10, 11:00 - 11:20 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:Bill Budington,Katitza Rodriguez
\n
SpeakerBio:Bill Budington\n, Senior Staff Technologist at Electronic Frontier Foundation
\nBill Budington is a Senior Staff Technologist on EFF\'s Public Interest Technology team. Their research has been featured in the The New York Times, The Los Angeles Times, The Guardian, and cited by the US Congress. They are the lead developer of Cover Your Tracks.
\n
SpeakerBio:Katitza Rodriguez\n, Policy Director for Global Privacy at Electronic Frontier Foundation
\nKatitza Rodriguez is EFF\'s Policy Director for Global Privacy. She concentrates on comparative policy of global privacy issues, with special emphasis on cross-border data flows. Katitza\'s work also focuses on cybersecurity and government access to data held by the private sector at the intersection of international human rights law and standards. In 2018, CNET named Katitza one of the 20 most influential Latinos in technology in the United States.
\nTwitter: @@txitua
\n\n
\nDescription:
\nHeads up DEFCON! The future of hacking, cybersecurity, and human rights are at risk as the United Nations negotiates a draft UN cybercrime treaty that has the potential to substantively reshape anti-hacking law around the world. The proposed Treaty could change the game for security researchers and coders like you. With Russia and China playing an initial role in pushing for this treaty, the future for security researchers’s rights could be at risk.\n

Join us as we deep dive into the murky waters of these negotiations, exploring its risks for security and human rights, including the universal criminalization of network and device intrusion without any protections for legitimate security research. The lack of legal shield for security researchers could hinder bug bounties, responsible vulnerability disclosure, and pentesting. We\'ll discuss the geopolitical complexities, and the vital role you can play.\n

EFF has been on the front lines in Vienna, attending the negotiations and representing the interests of our members since the start, and we need your help. Your insights and experiences are crucial. Together we will review the text, identify new challenges that you may face so we can better understand the community concerns. Let’s champion together a future where security research and human rights can thrive!\n

\n
REFERENCES
\n
\n

https://www.washingtonpost.com/politics/2023/04/28/perilous-path-new-cybercrime-treaty/\n

    \n
  1. https://www.eff.org/issues/un-cybercrime-treaty\n
  2. https://www.eff.org/pages/submissions\n
  3. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home\n
  4. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/5th_session/Documents/CND_2_-_21.04.2023.pdf\n
  5. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/ahc_fifth_session/main\n
  6. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/4th_Session/Documents/CND_21.01.2023_-_Copy.pdf\n
  7. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home\n
  8. https://www.euractiv.com/section/law-enforcement/news/west-clashes-with-china-russia-over-un-cybercrime-convention/\n
  9. https://mediatalks.uol.com.br/2023/04/12/como-tratado-da-onu-sobre-crime-cibernetico-pode-ameacar-liberdade-de-expressao/\n
  10. https://www.washingtonpost.com/politics/2023/04/28/perilous-path-new-cybercrime-treaty/\")
\n\n\'',NULL,365484),('3_Saturday','16','16:30','16:50','N','DC','Caesars Forum - Forum - 105,135,136 - Track 1','\'Your Clocks Have Ears — Timing-Based Browser-Based Local Network Port Scanner\'','\'Dongsung “Donny” Kim\'','DC_d5df9d78c2bb045ef91fedf35def772f','\'Title: Your Clocks Have Ears — Timing-Based Browser-Based Local Network Port Scanner
\nWhen: Saturday, Aug 12, 16:30 - 16:50 PDT
\nWhere: Caesars Forum - Forum - 105,135,136 - Track 1 - Map
\n
SpeakerBio:Dongsung “Donny” Kim\n, IT-Security Expert at Security Office part of Truesec
\nDongsung (Donny) Kim is an IT-Security expert at Security Office part of Truesec. Their software interests vary widely from frontend to DevSecOps, with research interests spanning from reverse engineering to web security. Equipped with both professional and academic experience, they want to reconcile two seemingly opposite ideas: understanding user-facing software problems without compromising security.\n

Bluesky: @kidi.ng
\nDiscord: kiding\n

\nTwitter: @@kid1ng
\n\n
\nDescription:
\nWhat can a website do? So many things these days. But, have you ever considered that it can port scan your LAN? It will fingerprint you with pinpoint precision and uncover hidden internal devices. Surely, a browser wouldn\'t allow that?\n

With this presentation, I will introduce a short primer on timing-based, browser-based port scanning using Fetch. Based on this primer, I will discuss three techniques that can scan open ports on the localhost, a NAT router’s presence on the LAN, and open ports of the clients on the LAN. A demo of the proof of concept exploit will be provided, with closing remarks on possible mitigation strategies.\n

\n
REFERENCES
\n
\n

[1] https://blog.nem.ec/2020/05/24/ebay-port-scanning/\n[2] https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/\n[3] https://www.crunchbase.com/organization/threatmetrix\n[4] https://coveryourtracks.eff.org/learn\n[5] https://web.archive.org/web/20060813034434/http://www.spidynamics.com/assets/documents/JSportscan.pdf\n[6] https://github.com/Flu1dTeam/PortScanner\n[7] https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474\n[8] https://www.incolumitas.com/2021/01/10/browser-based-port-scanning/\n[9] https://docs.google.com/document/d/1a8sUFQsbN5uve7ziW61ATkrFr3o9A-Tiyw8ig6T3puA/edit\n[10] https://developer.chrome.com/articles/cors-rfc1918-feedback/\n[11] https://wicg.github.io/local-network-access/\n

\n\n\'',NULL,365485),('1_Thursday','17','17:30','18:45','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'DEF CON 101 - Welcome to DEF CON Panel\'','\'Jeff \"The Dark Tangent\" Moss,fivepenny,Kirsten Renner,Magen,Nikita Kronenberg,deelo\'','DC_8c44eb6be493c96e3fcfc3aba8e3a584','\'Title: DEF CON 101 - Welcome to DEF CON Panel
\nWhen: Thursday, Aug 10, 17:30 - 18:45 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\nSpeakers:Jeff \"The Dark Tangent\" Moss,fivepenny,Kirsten Renner,Magen,Nikita Kronenberg,deelo
\n
SpeakerBio:Jeff \"The Dark Tangent\" Moss\n, DEF CON Communications
\nMr. Moss is an internet security expert and is the founder of Both the Black Hat Briefings and DEF CON Hacking conferences. In 2022 Mr. Moss was named to the UK Government Cybersecurity Advisory Board, and in 2021 he was sworn in as a member of the DHS Cybersecurity Infrastructure Security Agency (CISA) Advisory Council (CSAC), and serves as a chairman of their Technical Advisory Council (TAC). Mr. Moss is a member of the Council on Foreign Relations (CFR) and is interested in policy issues around privacy, national security, and internet governance. He spends a lot of time in Singapore.
\nTwitter: @thedarktangent
\n
SpeakerBio:fivepenny\n
\nFivepenny is the vendor lead and an avid reader and she\'s never going to give you up never going to let you down, Never gonna run around and desert you. Never gonna make you cry, Never gonna say goodbye, Never gonna tell a lie and hurt you.
\n
SpeakerBio:Kirsten Renner\n, Talent Engagement Lead at Accenture Federal
\nKirsten is the Talent Engagement Lead at Accenture Federal. She joined AFS through the acquisition of Novetta, after serving there as Director of Recruiting for 6 years. Her career started in IT building and running helpdesks, and she later moved into Technical Recruiting. She is best known in the community for both her role in the Car Hacking Village and her efforts as a speaker and volunteer across multiple events throughout the year. Kirsten offers over 20 years in technology services space and 15 in the hacker community and conference scene.
\n
SpeakerBio:Magen\n, Urbane Security and CFP/CFW reviewer
\nKnown by many nicknames and handles, Magen (she/her) has been attending DEF CON for over 15 years. She is a member of the CFP and CFW review boards, former lead of DEF CON workshops, a past DEF CON past speaker. Outside of con, she works at Urbane Security and loves coffee, weightlifting, and adding/listening to her vinyl collection.
\n
SpeakerBio:Nikita Kronenberg\n, Director of Content & Coordination at DEF CON Communications
\nNikita works to ensure DEF CON runs as smoothly as one can expect from a hacker convention. In addition to planning a vast array of details prior to DEF CON and thwarting issues while onsite, she is the (soon to be retired) Director of Content for the CFP Review Board. This year will be her 20th anniversary.\n

Nikita is not on the social mediaz.\n

\n
SpeakerBio:deelo\n, Chief of Staff, SOC at DEF CON Conference
\ndeelo, SOC Chief of Staff, is an active member of the SOC team and SOC Leadership. deelo\'s tenure with the SOC team began at DC19; the first year DefCon was at the Rio Hotel. Her personal motto is: “How can I make your day better?” and deelo brought this attitude with her when she joined the SOC team. After spending one year working on the conference floor, she quickly found herself moving behind the scenes in a slightly more administrative role. At that time, SOC was a team of 75 and deelo’s main goal was to make sure everyone on the team ate “lunch” during their shift. Over the years, the SOC team has grown A LOT and the scope of deelo’s job has changed as the team has gotten bigger. DefCon 31\'s SOC team consists of 150 Goons, and deelo’s role is so much more than just keeping this team fed while on shift. There is a lot involved with coordinating the comings and goings of 150+ people and it keeps deelo busy for a good chunk of the year, but she wouldn’t have it any other way…deelo loves what she does and she loves her team.\n

Years of Service: 13 and counting\n

\n\n
\nDescription:
\nDEF CON 101 began as a way to introduce n00bs to DEF CON. The idea was to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). The DEF CON 101 panel has been a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to learn about DEF CON so you can get the best experience possible. Come watch us talk about what we love about DEF CON, give you tips and tricks, and maybe even make some new friends!\n
\n\n\'',NULL,365486),('1_Thursday','18','17:30','18:45','Y','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'DEF CON 101 - Welcome to DEF CON Panel\'','\'Jeff \"The Dark Tangent\" Moss,fivepenny,Kirsten Renner,Magen,Nikita Kronenberg,deelo\'','DC_8c44eb6be493c96e3fcfc3aba8e3a584','\'\'',NULL,365487),('2_Friday','10','10:30','10:50','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Making The DEF CON 31 Badge\'','\'Mar Williams\'','DC_2c1f163fbc6c51292330449898c08078','\'Title: Making The DEF CON 31 Badge
\nWhen: Friday, Aug 11, 10:30 - 10:50 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Mar Williams\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n\'',NULL,365488),('2_Friday','09','09:00','09:20','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'Welcome to DEF CON 31\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_030628f1da816e661a4eece81615e2d8','\'Title: Welcome to DEF CON 31
\nWhen: Friday, Aug 11, 09:00 - 09:20 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Jeff \"The Dark Tangent\" Moss\n, DEF CON Communications
\nMr. Moss is an internet security expert and is the founder of Both the Black Hat Briefings and DEF CON Hacking conferences. In 2022 Mr. Moss was named to the UK Government Cybersecurity Advisory Board, and in 2021 he was sworn in as a member of the DHS Cybersecurity Infrastructure Security Agency (CISA) Advisory Council (CSAC), and serves as a chairman of their Technical Advisory Council (TAC). Mr. Moss is a member of the Council on Foreign Relations (CFR) and is interested in policy issues around privacy, national security, and internet governance. He spends a lot of time in Singapore.
\nTwitter: @thedarktangent
\n\n
\nDescription:
\nThe Dark Tangent, aka Jeff Moss, welcomes attendees to DEF CON 31.\n
\n\n\'',NULL,365489),('4_Sunday','15','15:30','17:30','N','DC','Caesars Forum - Forum - 105, 135-136, 108-119, 138-139 - Tracks 1 & 2','\'DEF CON Closing Ceremonies & Awards\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_c4b583c8f940d2cede1899def6971ce7','\'Title: DEF CON Closing Ceremonies & Awards
\nWhen: Sunday, Aug 13, 15:30 - 17:30 PDT
\nWhere: Caesars Forum - Forum - 105, 135-136, 108-119, 138-139 - Tracks 1 & 2 - Map
\n
SpeakerBio:Jeff \"The Dark Tangent\" Moss\n, DEF CON Communications
\nMr. Moss is an internet security expert and is the founder of Both the Black Hat Briefings and DEF CON Hacking conferences. In 2022 Mr. Moss was named to the UK Government Cybersecurity Advisory Board, and in 2021 he was sworn in as a member of the DHS Cybersecurity Infrastructure Security Agency (CISA) Advisory Council (CSAC), and serves as a chairman of their Technical Advisory Council (TAC). Mr. Moss is a member of the Council on Foreign Relations (CFR) and is interested in policy issues around privacy, national security, and internet governance. He spends a lot of time in Singapore.
\nTwitter: @thedarktangent
\n\n
\nDescription:
\nThe end is here! DEF CON 31 is at a close and we want to thank everyone who participated, contributed, retired, promoted, and won contests. DEF CON departments will share stats, info, and data collected throughout the weekend related to the network, code of conduct transparency, stats on attendee participation in events, and more. This is the ceremony where we also announce the contestants who\'ve won a prestige UBER badge for select contests.\n
\n\n\'',NULL,365490),('4_Sunday','16','15:30','17:30','Y','DC','Caesars Forum - Forum - 105, 135-136, 108-119, 138-139 - Tracks 1 & 2','\'DEF CON Closing Ceremonies & Awards\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_c4b583c8f940d2cede1899def6971ce7','\'\'',NULL,365491),('4_Sunday','17','15:30','17:30','Y','DC','Caesars Forum - Forum - 105, 135-136, 108-119, 138-139 - Tracks 1 & 2','\'DEF CON Closing Ceremonies & Awards\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_c4b583c8f940d2cede1899def6971ce7','\'\'',NULL,365492),('4_Sunday','14','14:00','15:15','N','DC','Caesars Forum - Forum - 105, 135-136, 108-119, 138-139 - Tracks 1 & 2','\'Contest Closing Ceremonies & Awards\'','\' \'','DC_28554288e53fc94a2b99b8223eac41b5','\'Title: Contest Closing Ceremonies & Awards
\nWhen: Sunday, Aug 13, 14:00 - 15:15 PDT
\nWhere: Caesars Forum - Forum - 105, 135-136, 108-119, 138-139 - Tracks 1 & 2 - Map
\n
\nDescription:
\nContests announce winners, discuss game play and the outcome of some of the [sixty-five different contests held at DEF CON 31](https://forum.defcon.org/node/244766).\n

Black Badge (UBER) Winners will be announced at the DEF CON Closing ceremonies & awards, immediately following this session. \n

\n\'',NULL,365493),('4_Sunday','15','14:00','15:15','Y','DC','Caesars Forum - Forum - 105, 135-136, 108-119, 138-139 - Tracks 1 & 2','\'Contest Closing Ceremonies & Awards\'','\' \'','DC_28554288e53fc94a2b99b8223eac41b5','\'\'',NULL,365494),('4_Sunday','10','10:00','11:59','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record','\'War Stories Off The Record AMA\'','\' \'','DC_bf1f9e5f6c20ff9b86d1015334c5103b','\'Title: War Stories Off The Record AMA
\nWhen: Sunday, Aug 13, 10:00 - 11:59 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record - Map
\n
\nDescription:
\nA series of panels and talks that are not recorded and off the record, the AMA\'s are meant to encourage thought provoking questions from the audience.\n
\n\n\'',NULL,365495),('4_Sunday','11','10:00','11:59','Y','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record','\'War Stories Off The Record AMA\'','\' \'','DC_bf1f9e5f6c20ff9b86d1015334c5103b','\'\'',NULL,365496),('3_Saturday','14','14:00','17:59','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record','\'Off the record war story talks - Signs Ups On Site\'','\'\'','DC_7b097638bba2c69cbc46a28babf908fb','\'Title: Off the record war story talks - Signs Ups On Site
\nWhen: Saturday, Aug 12, 14:00 - 17:59 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record - Map
\n
\nDescription:No Description available
\n\'',NULL,365497),('3_Saturday','15','14:00','17:59','Y','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record','\'Off the record war story talks - Signs Ups On Site\'','\'\'','DC_7b097638bba2c69cbc46a28babf908fb','\'\'',NULL,365498),('3_Saturday','16','14:00','17:59','Y','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record','\'Off the record war story talks - Signs Ups On Site\'','\'\'','DC_7b097638bba2c69cbc46a28babf908fb','\'\'',NULL,365499),('3_Saturday','17','14:00','17:59','Y','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record','\'Off the record war story talks - Signs Ups On Site\'','\'\'','DC_7b097638bba2c69cbc46a28babf908fb','\'\'',NULL,365500),('2_Friday','14','14:00','14:20','N','DC','Caesars Forum - Forum - 109-119, 138-139 - Track 2','\'There are no mushroom clouds in cyberwar\'','\'Mieke Eoyang\'','DC_56dc384cb0b6f05088a6ff5449d03c36','\'Title: There are no mushroom clouds in cyberwar
\nWhen: Friday, Aug 11, 14:00 - 14:20 PDT
\nWhere: Caesars Forum - Forum - 109-119, 138-139 - Track 2 - Map
\n
SpeakerBio:Mieke Eoyang\n
\nMs. Mieke Eoyang is the Deputy Assistant Secretary of Defense for Cyber Policy. The Cyber Policy office is responsible for establishing DoD cyberspace policy and strategy, providing guidance and oversight on DoD cyberspace activities, and managing DoD’s primary external relationships across the U.S. government, key domestic stakeholders, and our allies and partners.\n

Prior to that she was the Senior Vice President for the National Security Program at the think tank, Third Way, where she led their work on a wide range of national security issues including on foreign policy, Congress’ role in the national security policymaking process, non-proliferation, intelligence oversight, electronic surveillance, cybersecurity. She was the founder of the organization’s Cyber Enforcement Initiative which focused on improving the government’s efforts to impose consequences on the human behind malicious cyber activity.\n

Before joining Third Way, she was the Chief of Staff to Rep. Anna G. Eshoo (D-CA) having previously served as the Subcommittee Staff Director for Intelligence Community Management on the House Permanent Select Committee on Intelligence. While there, she was the committee’s lead for cybersecurity, personnel management and worked on electronic surveillance reform, among other issues.\n

Prior to that, she served as the Defense Policy Advisor to Senator Edward M. Kennedy, advising him on all matters related to the Senate Armed Services Committee and Defense Appropriations during the Iraq War. Earlier in her career, she served as the lead Democratic Professional Staff Member on the House Armed Services Committee for the Military Personnel Subcommittee.\n

Ms. Eoyang received her Juris Doctor from the University of California, Hastings College of the Law, and her Bachelor’s Degree from Wellesley College.\n

\n\n
\nDescription:
\nThis presentation will discuss the history of cyberwarfare, highlighting the misconceptions between nuclear deterrence and the nature of cyber conflict. It will shed light on this association in popular culture, including in movies like \"WarGames,\" which influenced then President Ronald Reagan and fed his concerns about potential hacking into U.S. weapons systems. These concerns and other influences helped to shape early perceptions about the cyber domain, which immediately became intertwined with notions of strategic weapons and catastrophic effects. In subsequent decades, continued theorizing about cyberwarfare envisioned strategic cyber attacks that could cause decisive effects, stoking fears of a \"Cyber Pearl Harbor.\" However, the reality is that cyber operations are ephemeral and cyber effects are hard to attribute and are rarely decisive. The turning point in U.S. cyber strategy occurred in lead up to the 2018 midterm election, with the adoption of a new approach focused on defending forward, which involved actively disrupting malicious cyber activity before it affected the U.S. Homeland. This strategy was further informed by Russia’s 2022 invasion of Ukraine, which demonstrated how cyber capabilities may be used in large-scale conventional conflict. Looking ahead, in terms of protecting Americans and strengthening our global Allies and partners, we know that private industry and individual volunteers will play a critical role, including many of the participants at DEF CON. This recognition acknowledges that cyberwarfare is pervasive and requires collective engagement.\n
\n\n\'',NULL,365501),('3_Saturday','12','12:30','13:15','N','DC','Caesars Forum - Forum - 130-134 - Track 3','\'An Audacious Plan to Halt the Internet\'s Enshittification\'','\'Cory Doctorow\'','DC_3c8ffe08bb4715edf2a4815fc3c10ec6','\'Title: An Audacious Plan to Halt the Internet\'s Enshittification
\nWhen: Saturday, Aug 12, 12:30 - 13:15 PDT
\nWhere: Caesars Forum - Forum - 130-134 - Track 3 - Map
\n
SpeakerBio:Cory Doctorow\n
\nCory Doctorow (craphound.com) is a science fiction author, activist and journalist. He is the author of many books, most recently RED TEAM BLUES, a science fiction crime thriller; CHOKEPOINT CAPITALISM, nonfiction about monopoly and creative labor markets; the LITTLE BROTHER series for young adults; IN REAL LIFE, a graphic novel; and the picture book POESY THE MONSTER SLAYER. In 2020, he was inducted into the Canadian Science Fiction and Fantasy Hall of Fame.
\nTwitter: @@doctorow
\n\n
\nDescription:
\nThe enshittification of the internet follows a predictable trajectory: first, platforms are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die.\n

It doesn\'t have to be this way. Enshittification occurs when companies gobble each other up in an orgy of mergers and acquisitions, reducing the internet to \"five giant websites filled with screenshots of text from the other four\" (credit to Tom Eastman!), which lets them endlessly tweak their back-ends to continue to shift value from users and business-customers to themselves. The government gets in on the act by banning tweaking by users - reverse-engineering, scraping, bots and other user-side self-help measures - leaving users helpless before the march of enshittification.\n

We don\'t have to accept this! Disenshittifying the internet will require antitrust, limits on corporate tweaking - through privacy laws and other protections - and aggressive self-help measures from alternative app stores to ad blockers and beyond!\n

\n\n\'',NULL,365502),('3_Saturday','13','12:30','13:15','Y','DC','Caesars Forum - Forum - 130-134 - Track 3','\'An Audacious Plan to Halt the Internet\'s Enshittification\'','\'Cory Doctorow\'','DC_3c8ffe08bb4715edf2a4815fc3c10ec6','\'\'',NULL,365503),('2_Friday','10','10:00','10:45','N','DC','Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record','\'A Different Uber Post Mortem\'','\'Joe Sullivan\'','DC_00a34b363d3cd2435e365a029fec1ff1','\'Title: A Different Uber Post Mortem
\nWhen: Friday, Aug 11, 10:00 - 10:45 PDT
\nWhere: Harrah\'s - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record - Map
\n
SpeakerBio:Joe Sullivan\n
\nJoe Sullivan is the CEO of Ukraine Friends, a nonprofit providing humanitarian aid to the people of Ukraine. He also advises a number of startups and mentors security leaders. Joe has worked at the intersection of government, technology, and security since the mid-1990s. He spent 8 years working for the US DOJ, eventually as a federal prosecutor 100% focused on technology-related crimes, received national recognition from the DOJ for outstanding service as a federal prosecutor, and worked on many first-of-their-kind cybercrime cases, including supporting the digital aspects of the 9/11 investigation. Joe was recruited to eBay in 2002 to build out their eCrime team, and later took on responsibilities at PayPal. In 2008 Joe moved to Facebook where he became their CSO, building a small security org into a team of hundreds. He was recruited from there to join Uber in 2015 to be their first CSO. After Uber, Joe spent 2018 through 2022 as the CSO at Cloudflare. He has also advised a significant number of companies over the years, including AirBnB and DoorDash. Joe has testified as an expert before the US Congress twice, been a commissioner on the National Action Alliance for Suicide Prevention, a board member on the National Cyber Security Alliance, a many-time opening plenary speaker at the Dallas Crimes Against Children Conference, a participant in a White House anti-online-bullying effort, an advisor to the Department of Homeland Security, and in 2016 accepted an appointment from President Obama to his Commission on Enhancing National Cybersecurity.
\n\n
\nDescription:
\nThe federal criminal case of United States v. Joseph Sullivan, NDCA 3-20-CR-337 WHO, has been covered and debated quite publicly since I was fired by the new Uber CEO in November 2017, a year after the incident. Most discussion has focused on questions of my guilt or innocence, the culpability of other executives at the company, and the implications of the case for other security executives. \n \n

Less has been written about the guilt or innocence of those who accessed Uber’s AWS environment in October 2016 and triggered an incident response by emailing me and asking for payment. After we met them, my team and I did not consider those 19- and 20-year-old kids to be criminal actors and treated them as security researchers. Yet both also faced federal criminal charges. \n \n

During my talk I will review the extraordinary investigation done by my team at Uber and put it into the context of other historical cases we and I had worked on. Whether or not you consider them to be security researchers, there are many lessons to be learned related to the dynamics between researchers and companies and the dynamics between companies and the government.\n

\n\n\'',NULL,365504),('3_Saturday','12','12:00','13:55','N','DL','Caesars Forum - Caucus Boardroom - Demo Labs','\'Abusing Microsoft SQL Server with SQLRecon\'','\'Sanjiv Kawa\'','DL_d943a494e9c435c8932e8f9c450b57d4','\'Title: Abusing Microsoft SQL Server with SQLRecon
\nWhen: Saturday, Aug 12, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Caucus Boardroom - Demo Labs - Map
\n
SpeakerBio:Sanjiv Kawa\n
\nSanjiv Kawa (@sanjivkawa) is a Senior Managing Security Consultant on the IBM X-Force Red Adversarial Simulation team with over ten years of experience performing offensive security assessments. As part of the IBM X-Force Red Adversarial Simulation team, Sanjiv spends his days breaking into the largest organizations in the world by emulating adversary tactics, techniques and procedures to reach target objectives. He then advises these organizations on ways they can improve their security posture by implementing or tuning controls. Sanjiv is an active member in the security community. He has developed a variety of tooling and presented at large conferences, such as BSides and Wild West Hackin’ Fest and frequently contributes to projects on GitHub.
\nTwitter: @sanjivkawa
\n\n
\nDescription:
\nSQLRecon helps address the post-exploitation tooling gap by modernizing the approach red team operators can take when attacking SQL Servers. The tool was designed to be modular, allowing for ease of extensibility and contributions from the hacker community. SQLRecon is written in C# and is compatible stand-alone or within a diverse set of command and control (C2) frameworks (Cobalt Strike, Nighthawk, Mythic, PoshC2, Sliver, etc). When using the latter, SQLRecon can be executed either in-process, or through traditional fork and run. SQLRecon has over 50 modules which can help facilitate with enumeration, collection, code execution, privilege escalation and lateral movement. It has been designed with operational security and defense evasion in mind.\n
\n\n\'',NULL,365505),('3_Saturday','13','12:00','13:55','Y','DL','Caesars Forum - Caucus Boardroom - Demo Labs','\'Abusing Microsoft SQL Server with SQLRecon\'','\'Sanjiv Kawa\'','DL_d943a494e9c435c8932e8f9c450b57d4','\'\'',NULL,365506),('3_Saturday','12','12:00','13:55','N','DL','Caesars Forum - Council Boardroom - Demo Labs','\'Am I Exploitable? (MI-X)\'','\'Ofri Ouzan,Yotam Perkal\'','DL_a70758ce3f79aa787d0c885320ce496e','\'Title: Am I Exploitable? (MI-X)
\nWhen: Saturday, Aug 12, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Council Boardroom - Demo Labs - Map
\nSpeakers:Ofri Ouzan,Yotam Perkal
\n
SpeakerBio:Ofri Ouzan\n
\nOfri Ouzan is an experienced Security Researcher who has been working in the cybersecurity field for over four years. She specializes in conducting security research on Windows, Linux, Cloud Platforms, and containerized applications with an emphasis on vulnerabilities. Her expertise lies in finding and solving complex problems in the cyber field, developing automation and open-source tools.
\n
SpeakerBio:Yotam Perkal\n
\nYotam leads the vulnerability research team at Rezilion, focusing on research around vulnerability validation, mitigation, and remediation. Prior to Rezilion, Yotam filled several roles at PayPal Security organization, dealing with vulnerability management, threat intelligence, and Insider threat. Additionally, Yotam takes part in several OpenSSF working groups around open-source security as well as several CISA work streams around SBOM and VEX and is also a member of the PyCon Israel organization committee. He is passionate about Cyber Security and Machine Learning and is especially intrigued by the intersection between the domains, whether it be using ML in order to help solve Cyber Security challenges or exploring the challenges in securing ML applications.
\n\n
\nDescription:
\nAddressing security vulnerabilities begins with verifying the impact on an environment. Merely having a vulnerable package installed does not guarantee exploitability, as several conditions must align for the vulnerability to be applicable and exploitable. For example: is the operating system in question susceptible to the vulnerability? is the vulnerable component loaded to memory? is the required configuration in place? is there a patch installed? And more... Standard vulnerability scanners simply do not take these factors into account and thus require manual triage in order to answer “Can a vulnerability be exploited in a given environment?”. ‘Am I Exploitable?’ (MI-X), is an open-source tool aimed at effectively determining whether a local host or running container is truly affected by a specific vulnerability by accounting for all factors which affect actual exploitability. MI-X also prints out the logical steps it takes in order to reach a decision and can also provide a graphical representation of the validation flow. The tool can therefore help practitioners understand what are the factors that affect exploitability for each of the supported vulnerabilities.\n
\n\n\'',NULL,365507),('3_Saturday','13','12:00','13:55','Y','DL','Caesars Forum - Council Boardroom - Demo Labs','\'Am I Exploitable? (MI-X)\'','\'Ofri Ouzan,Yotam Perkal\'','DL_a70758ce3f79aa787d0c885320ce496e','\'\'',NULL,365508),('2_Friday','14','14:00','15:55','N','DL','Caesars Forum - Council Boardroom - Demo Labs','\'Attack Surface Framework\'','\'Mike Henkelman,Prajwal Panchmahalkar\'','DL_7983896766370909860ddd6d2a8c0a24','\'Title: Attack Surface Framework
\nWhen: Friday, Aug 11, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Council Boardroom - Demo Labs - Map
\nSpeakers:Mike Henkelman,Prajwal Panchmahalkar
\n
SpeakerBio:Mike Henkelman\n
\nMike Henkelman is a Sr Manager, Vulnerability Management Global at VMWare Inc. He began his career as a MCSE certified systems administrator in the mid 90’s before joining Cisco Systems and working in the IPABU on the edge development team for the 2600 series router and 3500 series switch and authoring white papers on CEF. Going on to manage several enterprise data centers, he later began focusing on information security and managed Vulnerability Management programs for companies that include Pivotal Software before joining VMWare where his team mitigates risk for one of corporate America’s largest asset libraries with audit attestations that include FedRAMP IL5 High, CE+. I24, IRAP, PCI-DSS among nearly two dozen others.
\n
SpeakerBio:Prajwal Panchmahalkar\n
\nPrajwal Panchmahalkar is a Technical Director, Red Team at VMware Inc., He has contributed to public security research and has been the Development Lead for Matriux since 2009. In the past he was a Research Assistant at Texas Tech University working on Security of Critical Infrastructure and Smart Grid Energy Systems, with a journal published on Elsevier. A Finalist for America\'s Information Security Leadership Award 2012 (AISLA) by (ISC)2. Previously Prajwal was a speaker at BlackHat Arsenal, c0c0n, BSidesLV and GrrCon. Currently on review board for c0c0n, India. He was a chapter lead for n|u, Hyderabad an open security community. Prajwal holds a Masters degree in Computer Science from the Texas Tech University, Lubbock.
\n\n
\nDescription:
\nAttack Surface Framework(ASF) aims to protect organizations acting as an attack surface watchdog. The Attack Surface Framework (ASF) was developed with motivation to automate and address vulnerabilities through continuous scanning and tracking risks at scale, in a comprehensive and adaptable approach, particularly against 0-day vulnerabilities with publicly available POCs. The Attack Surface Framework (ASF) is a modular, extensible, and customizable framework designed to help organizations manage their public attack surface risks. ASF will auto-discover assets such as network subnets, domains including subdomains, enumerate their ports and services, track deltas and serve as a continuous and flexible, attacking and alerting framework, leveraging another layer of support. ASF provides modules for attack surface management including asset discovery and management, asset enumeration, vulnerability scanning, and vulnerability testing. ASF is equipped with a set of CLI tools and an API, enabling users to interact with the framework and integrate it with other tools and processes. Additionally, ASF includes a web-based user interface for visualizing an organization\'s attack surface and managing vulnerabilities.\n
\n\n\'',NULL,365509),('2_Friday','15','14:00','15:55','Y','DL','Caesars Forum - Council Boardroom - Demo Labs','\'Attack Surface Framework\'','\'Mike Henkelman,Prajwal Panchmahalkar\'','DL_7983896766370909860ddd6d2a8c0a24','\'\'',NULL,365510),('3_Saturday','12','12:00','13:55','N','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'BBOT (Bighuge BLS OSINT Tool)\'','\'Joel \"TheTechromancer\" Moore,Paul Mueller\'','DL_c92e4cd63ce83c943982369528ff849d','\'Title: BBOT (Bighuge BLS OSINT Tool)
\nWhen: Saturday, Aug 12, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Accord Boardroom - Demo Labs - Map
\nSpeakers:Joel \"TheTechromancer\" Moore,Paul Mueller
\n
SpeakerBio:Joel \"TheTechromancer\" Moore\n
\nTheTechromancer is a hacker at Black Lantern Security (BLS). He loves coding in Python, and is the creator of several security tools including ManSpider, TrevorSpray, and BBOT (Bighuge BLS OSINT Tool). He has also made contributions to other open-source projects such as Spiderfoot.
\n
SpeakerBio:Paul Mueller\n
\nPaul Mueller is a Principal Operator at Black Lantern Security (BLS). He specializes in web application testing and application security. He loves finding complex hard-to-find web bugs, especially when they involve cryptography. He is also one of the developers for the BLS tools Writehat and BBOT (Bighuge BLS OSINT Tool). Prior to working with BLS, he spent over a decade as a DoD contractor providing both penetration testing and security analysis/incident handling. He got his start in the field as a systems administrator and later as a Signals Intelligence Analyst with the US Marine Corps.
\n\n
\nDescription:
\nBBOT (Bighuge BLS OSINT Tool) is a new recursive OSINT scanner inspired by Spiderfoot, but designed and optimized for bigger targets and faster scan times. BBOT is open-source and written in Python. Its 80+ modules range in function from subdomain enumeration to cryptographic exploitation. BBOT can map the attack surface of an organization (and sometimes get you RCE) in a single command.\n

Features include:
\n- multiple targets
\n- automatic dependencies w/ ansible
\n- python API
\n- subdomain enumeration
\n- email enumeration
\n- cloud bucket enumeration
\n- port scanning
\n- web service enumeration
\n- web screenshots
\n- web spidering
\n- vulnerability scanning (with nuclei and more)\n

\n\n\'',NULL,365511),('3_Saturday','13','12:00','13:55','Y','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'BBOT (Bighuge BLS OSINT Tool)\'','\'Joel \"TheTechromancer\" Moore,Paul Mueller\'','DL_c92e4cd63ce83c943982369528ff849d','\'\'',NULL,365512),('3_Saturday','14','14:00','15:55','N','DL','Caesars Forum - Unity Boardroom - Demo Labs','\'BLE CTF\'','\'Alek Amrani,Ryan Holeman\'','DL_528b988a02f7ab0e14c6d737051175a1','\'Title: BLE CTF
\nWhen: Saturday, Aug 12, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Unity Boardroom - Demo Labs - Map
\nSpeakers:Alek Amrani,Ryan Holeman
\n
SpeakerBio:Alek Amrani\n
\nAlek Amrani - bad at expense reports
\n
SpeakerBio:Ryan Holeman\n, CISO at Strike
\nRyan Holeman resides in Austin, Texas, where he works as the CISO for the peer-to-peer payment platform Strike. He is currently pursuing a Ph.D. in cyber defense from Dakota State University. He has spoken at respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. You can keep up with his current activity, open source contributions, and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.
\n\n
\nDescription:
\nBLE CTF is a series of Bluetooth Low Energy challenges in a capture the flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. Over the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, trainings, and conferences have utilized it as an educational platform and CTF. As an open source, low cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research.\n
\n\n\'',NULL,365513),('3_Saturday','15','14:00','15:55','Y','DL','Caesars Forum - Unity Boardroom - Demo Labs','\'BLE CTF\'','\'Alek Amrani,Ryan Holeman\'','DL_528b988a02f7ab0e14c6d737051175a1','\'\'',NULL,365514),('2_Friday','12','12:00','13:55','N','DL','Caesars Forum - Caucus Boardroom - Demo Labs','\'Build Inspector - A modern Javert on the trail of CI/CD Anomalies and Intruders\'','\'Jeremy Banker\'','DL_3fa5bf576ed2a8f956b9a4a5d905df0c','\'Title: Build Inspector - A modern Javert on the trail of CI/CD Anomalies and Intruders
\nWhen: Friday, Aug 11, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Caucus Boardroom - Demo Labs - Map
\n
SpeakerBio:Jeremy Banker\n
\nA lifelong learner and broad technology enthusiast, Jeremy Banker holds a Masters degree in Information Security and is a founding member of the Security Product Engineering, Automation and Research (SPEAR) team at VMware. He has designed, built and implemented solutions to ensure that VMware\'s software supply chain remains secure. When not looking for new ways to keep software safe, he can usually be found tinkering with all manner of gadgets, working to bring amateur radio software into the modern era, or enjoying the peace of nature in his native Colorado.
\n\n
\nDescription:
\nIn the ever evolving landscape of software development, maintaining the integrity and security of your build, test and deployment pipelines is paramount. Build Inspector is an always-watching guard dog, looking for information about the dependencies being consumed and produced, while also calling out instances of risky practices or potential signs of compromise during pipeline runs. Watch as the inspector turns piles of plaintext logs into structured data, perfect for automated analysis, correlation and alerting. With simple containerized deployment and self-documenting REST API, it has never been easier to ensure your build logs are always being watched.\n
\n\n\'',NULL,365515),('2_Friday','13','12:00','13:55','Y','DL','Caesars Forum - Caucus Boardroom - Demo Labs','\'Build Inspector - A modern Javert on the trail of CI/CD Anomalies and Intruders\'','\'Jeremy Banker\'','DL_3fa5bf576ed2a8f956b9a4a5d905df0c','\'\'',NULL,365516),('2_Friday','12','12:00','13:55','N','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'CNAPPGoat\'','\'Igal Gofman,Noam Dahan\'','DL_86db348e39ff790d1c2bbcacd05453ca','\'Title: CNAPPGoat
\nWhen: Friday, Aug 11, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Accord Boardroom - Demo Labs - Map
\nSpeakers:Igal Gofman,Noam Dahan
\n
SpeakerBio:Igal Gofman\n
\nIgal Gofman is a Head of Security Research at Ermetic. Igal has a proven track record in cloud security, network security, research-oriented development, and threat intelligence. His research interests include cloud security, operating systems, and active directory. Prior to Ermetic Igal worked at Microsoft, XM-Cyber, and Check Point Software Technologies. Igal has spoken at various leading security conferences including Black Hat and DEF-CON.
\nTwitter: @IgalGofman
\n
SpeakerBio:Noam Dahan\n, Senior Security Researcher at Ermetic
\nNoam Dahan is a Senior Security Researcher at Ermetic with several years of experience in embedded security. He is a graduate of the Talpiot program at the Israel Defense Forces and spent several years in the 8200 Intelligence Corps. Noam was a competitive debater and is a former World Debating Champion. He is also a former speaker at Black Hat USA, DEF CON DemoLabs, Cloud Village and fwd:cloudsec.
\nTwitter: @NoamDahan
\n\n
\nDescription:
\nCNAPPGoat is a multi-cloud vulnerable-by-design environment deployment tool – it deploys vulnerable environments to various cloud service providers, so that offensive professionals and pentesters can practice exploiting them and defenders can practice detection and prevention. CNAPPGoat is an extensible modular tool that deploys environments with more complex scenarios - vulnerable VMs, multi-stage lateral movement attacks, IaC misconfigurations, and vulnerable IAM misconfigurations.\n
\n\n\'',NULL,365517),('2_Friday','13','12:00','13:55','Y','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'CNAPPGoat\'','\'Igal Gofman,Noam Dahan\'','DL_86db348e39ff790d1c2bbcacd05453ca','\'\'',NULL,365518),('2_Friday','12','12:00','13:55','N','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'Dracon\'','\'Spyros Gasteratos\'','DL_886fe85139f0004517ae40e9a1afbca0','\'Title: Dracon
\nWhen: Friday, Aug 11, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Accord Boardroom - Demo Labs - Map
\n
SpeakerBio:Spyros Gasteratos\n
\nSpyros is a Security Engineer with over a decade of experience in various organisations. Currently, he is helping Fintechs mature their AppSec programmes through automation. He maintains several Open Source projects including Dracon, opencre.org and others. Also, he is heavily involved with the OWASP foundation helping with outreach and diversity efforts.
\nTwitter: @0xfde
\n\n
\nDescription:
\nDracon is an open-source Application and Cloud security automation framework that helps organizations create security workflows and improve their security posture. Dracon can run a wide range of security tools against any target, and it can deduplicate and enrich the results of those tools with contextual or regulatory information. Dracon can then send the enriched results to any visualization or data processing tool. Here are some of its key features: Automated security workflows: Dracon can automate the execution of security tools and the aggregation of results, which saves both time and effort. Scalable and flexible: Dracon is both scalable and flexible with a wide array of existing integrations and more on the way, Dracon integrates seamlessly with any exisitng toolset. Open source: Dracon is open-source platform, which means that it is free to use and modify.\n
\n\n\'',NULL,365519),('2_Friday','13','12:00','13:55','Y','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'Dracon\'','\'Spyros Gasteratos\'','DL_886fe85139f0004517ae40e9a1afbca0','\'\'',NULL,365520),('2_Friday','12','12:00','13:55','N','DL','Caesars Forum - Committee Boardroom - Demo Labs','\'Ek47 – Payload Encryption with Environmental Keys\'','\'Kevin “Kent” Clark,Skyler Knecht\'','DL_f61d9899d6c5f57ec0d86b3549548fea','\'Title: Ek47 – Payload Encryption with Environmental Keys
\nWhen: Friday, Aug 11, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Committee Boardroom - Demo Labs - Map
\nSpeakers:Kevin “Kent” Clark,Skyler Knecht
\n
SpeakerBio:Kevin “Kent” Clark\n, Red Team Instructor at BC Security
\nKevin “Kent” Clark is a Security Consultant with TrustedSec and Red Team Instructor with BC Security. His previous work includes Penetration Testing and Red Team Operator, focusing on initial access and active directory exploitation. Kevin contributes to open-source tools such as PowerShell Empire and publishes custom security toolkits such as Badrats and WindowsBinaryReplacements. Kevin authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
\n
SpeakerBio:Skyler Knecht\n
\nSkyler Knecht is a Information Security Specialist who performs a variety of security assessments including, phishing, internal/external penetration tests and red teaming. Skyler Knecht worked as a consultant for three years and has recently pivoted to an internal team at Navy Federal Credit Union. Skyler Knecht is continually researching all fields of study but is primarily focused developing offensive tooling such as command and control frameworks and implants.
\n\n
\nDescription:
\nEk47 is a payload encryptor that leverages user-selected environmental keys associated with a target execution context. In the absence of these environmental keys, Ek47 payloads will not decrypt and execute. This creates a strong resistance to automated/manual analysis and reverse engineering of payloads. Ek47 supports many different environmental keys such as current user, domain, computer name, installed programs, and more. Additionally, Ek47 supports packing payloads of .NET assemblies, unmanaged DLLs, and raw shellcode. Ek47 payloads are themselves .NET assemblies and can be uploaded to disk or executed reflectively via any execute-assembly method. By default, a standard AMSI/ETW bypass is executed before the main payload is executed, but Ek47 makes it easy to add custom bypasses for more advanced evasion functionality. Additional miscellaneous features are provided such as entropy management, PE header stomping, and generation of service executables.\n
\n\n\'',NULL,365521),('2_Friday','13','12:00','13:55','Y','DL','Caesars Forum - Committee Boardroom - Demo Labs','\'Ek47 – Payload Encryption with Environmental Keys\'','\'Kevin “Kent” Clark,Skyler Knecht\'','DL_f61d9899d6c5f57ec0d86b3549548fea','\'\'',NULL,365522),('2_Friday','14','14:00','15:55','N','DL','Caesars Forum - Committee Boardroom - Demo Labs','\'EvilnoVNC: Next-Gen Spear Phishing Attacks\'','\'Joel Gámez Molina\'','DL_51ea7824dcac78391f67480294b86e9a','\'Title: EvilnoVNC: Next-Gen Spear Phishing Attacks
\nWhen: Friday, Aug 11, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Committee Boardroom - Demo Labs - Map
\n
SpeakerBio:Joel Gámez Molina\n
\nSystems administrator with more than ten years of experience, he currently works as a security consultant at Deloitte Touche Tohmatsu, where he develops adversarial simulation exercises (Red Team Operations). Previously, he was Chief Technology Officer (CTO) of the startup Cyberguard. He also teaches courses and masters in ethical hacking, pentesting and PowerShell for high-level organizations and universities. Creator of the blog darkbyte.net and speaker at renowned national and international conferences, such as Black Hat USA (2020/2021) and Black Hat Europe (2022). Programmer of hacking tools in his spare time, he has developed tools of all kinds, such as: AutoRDPwn, Cloudtopolis, EvilnoVNC, Invoke-DNSteal, PyShell or PSRansom among others.
\n\n
\nDescription:
\nEvilnoVNC is a Ready to go Phishing Platform. Unlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection. In addition, this tool allows us to see in real time all of the victim\'s actions, access to their downloaded files and the entire browser profile, including cookies, saved passwords, browsing history and much more.\n
\n\n\'',NULL,365523),('2_Friday','15','14:00','15:55','Y','DL','Caesars Forum - Committee Boardroom - Demo Labs','\'EvilnoVNC: Next-Gen Spear Phishing Attacks\'','\'Joel Gámez Molina\'','DL_51ea7824dcac78391f67480294b86e9a','\'\'',NULL,365524),('2_Friday','12','12:00','13:55','N','DL','Caesars Forum - Society Boardroom - Demo Labs','\'FlowMate\'','\'Florian Haag,Nicolas Schickert\'','DL_ea2a9f8320e39767359106c0ad8ea38d','\'Title: FlowMate
\nWhen: Friday, Aug 11, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Society Boardroom - Demo Labs - Map
\nSpeakers:Florian Haag,Nicolas Schickert
\n
SpeakerBio:Florian Haag\n
\nFlorian Haag is a senior security consultant at usd AG with experience in penetration testing, software security assessments as well as code reviews. He is specialized in penetration tests of thick client applications, leveraging his background in software development to reverse engineer proprietary client applications and network protocols. In previous scientific work, he worked on novel approaches to application-level data flow analysis to improve penetration testing coverage. In addition, he analyzed website clones used in phishing campaigns and the frameworks that are used by fraudsters to create and operate cloned websites.
\n
SpeakerBio:Nicolas Schickert\n
\nNicolas Schickert is security researcher and penetration tester at usd AG, an information security company based in Germany. He is in charge of SAP specific penetration tests at the usd HeroLab. In this role, Nicolas is responsible for the collection of SAP related knowledge and the development of new analysis tools. He is interested in reverse engineering and vulnerability research and has published several zero-day vulnerabilities, not only in the context of SAP.
\n\n
\nDescription:
\nImagine pentesting a large web application with hundreds of pages and forms, as well as user roles and tenants. You discover that your chosen username is reflected in many locations inside the application, but you don\'t have a detailed overview. You want to test whether the chosen username is handled properly or allows for injection attacks, such as Cross-Site Scripting or Server-Site Template Injection. Now you face the challenge of finding all locations where your payloads appear when injecting into the username. In large applications, you\'ll likely miss some, potentially leaving vulnerabilities undetected. This is where FlowMate comes into play, our novel tool to detect data flows in applications for enhanced vulnerability assessments. FlowMate consists of two components: A BurpSuite plugin and a data flow graph based on Neo4j. It records inputs to the application as you go through the pages exploring the application and searches for occurrences of the captured inputs in the responses. This results in a graph that can be visualized and searched for parameters of interest and where they\'re occurring on the site. Understanding the data flows of an application helps to significantly improve the test coverage and bring your pentesting to the next level.\n
\n\n\'',NULL,365525),('2_Friday','13','12:00','13:55','Y','DL','Caesars Forum - Society Boardroom - Demo Labs','\'FlowMate\'','\'Florian Haag,Nicolas Schickert\'','DL_ea2a9f8320e39767359106c0ad8ea38d','\'\'',NULL,365526),('2_Friday','14','14:00','15:55','N','DL','Caesars Forum - Society Boardroom - Demo Labs','\'Glyph\'','\'Corey Hartman\'','DL_b9b2703467e5db2ed8d971247acc3be3','\'Title: Glyph
\nWhen: Friday, Aug 11, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Society Boardroom - Demo Labs - Map
\n
SpeakerBio:Corey Hartman\n
\nCorey Hartman served 6 years active duty in the United States Air Force, later obtaining a Bachelor of Science degree in Software Development, and a Master of Science degree in Computer Science. Corey is now a student at Dakota State University pursuing a PhD in Cyber Operations with his dissertation focused on behavioral analysis of malware through machine learning, and works as a software developer and reverse engineer out of San Antonio, Texas.
\n\n
\nDescription:
\nReverse engineering is an important task performed by security researchers to identify vulnerable functions and malicious functions in IoT (Internet of Things) devices that are often shared across multiple devices of many system architectures. Common techniques to currently identify the reuse of these functions do not perform cross-architecture identification unless specific data such as unique strings are identified that may be of use in identifying a piece of code. Utilizing natural language processing techniques, Glyph allows you to upload an ELF binary (32 & 64 bit) for cross-architecture function fingerprinting, upon analysis, a web-based function symbol table will be created and presented to the user to aid in their analysis of binary executables/shared objects.\n
\n\n\'',NULL,365527),('2_Friday','15','14:00','15:55','Y','DL','Caesars Forum - Society Boardroom - Demo Labs','\'Glyph\'','\'Corey Hartman\'','DL_b9b2703467e5db2ed8d971247acc3be3','\'\'',NULL,365528),('3_Saturday','14','14:00','15:55','N','DL','Caesars Forum - Committee Boardroom - Demo Labs','\'HardHat Command & Control Framework\'','\'Jonathan Owens\'','DL_d324f4c887ec648ffa088a2cbbbd3c5d','\'Title: HardHat Command & Control Framework
\nWhen: Saturday, Aug 12, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Committee Boardroom - Demo Labs - Map
\n
SpeakerBio:Jonathan Owens\n
\nJonathan Owens is a red team operator on the Adversary Simulation team at SpecterOps, where he conducts advanced offensive engagements, such as red teaming exercises, penetration tests, and tool creation. He enjoys C# development and learning new programming languages with a specific focus on command & control framework and agent development. He maintains a tool repo at https://github.com/dragoqcc.
\n\n
\nDescription:
\nHardHat is a multi-platform, multi-user, .NET command and control framework written in C# designed to aid in red team operations and penetration testing. HardHat aims to improve the quality-of-life of operators by providing an easy-to-use but formidable C2 framework by incorporating robust features, ease of data access, and modern UI upgrades to a high-level language that is easily extensible.\n
\n\n\'',NULL,365529),('3_Saturday','15','14:00','15:55','Y','DL','Caesars Forum - Committee Boardroom - Demo Labs','\'HardHat Command & Control Framework\'','\'Jonathan Owens\'','DL_d324f4c887ec648ffa088a2cbbbd3c5d','\'\'',NULL,365530),('3_Saturday','14','14:00','15:55','N','DL','Caesars Forum - Society Boardroom - Demo Labs','\'ICS Forensics tool\'','\'Maayan Shaul,Ori Perez\'','DL_816a0f91af44457c595c97a07b69df3a','\'Title: ICS Forensics tool
\nWhen: Saturday, Aug 12, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Society Boardroom - Demo Labs - Map
\nSpeakers:Maayan Shaul,Ori Perez
\n
SpeakerBio:Maayan Shaul\n
\nMaayan Shaul is a Malware Analyst and Security Researcher in Section52 at Microsoft Defender for IoT (formerly CyberX). Experienced in the fields of malware analysis, reverse engineering and the IoT/OT landscape.
\n
SpeakerBio:Ori Perez\n
\nOri Perez is a Malware Analyst and Reverse Engineer with vast experience in dealing with Nation-sponsored cyber attacks as an ex-officer at the IDF\'s CERT. Ori is manager at Microsoft Defender for IoT research team (formerly CyberX) and research IoT/OT protocol research for IoT/OT tools .
\n\n
\nDescription:
\nMicrosoft ICS Forensics Tools is an open source forensic toolkit for analyzing Industrial PLC metadata and project files. Microsoft ICS Forensics Tools enables investigators to identify suspicious artifacts on ICS environment for detection of compromised devices during incident response or manual check. Microsoft ICS Forensics Tools is open source, which allows investigators to verify the actions of the tool or customize it to specific needs, currently support Siemens S7 via Snap7.\n
\n\n\'',NULL,365531),('3_Saturday','15','14:00','15:55','Y','DL','Caesars Forum - Society Boardroom - Demo Labs','\'ICS Forensics tool\'','\'Maayan Shaul,Ori Perez\'','DL_816a0f91af44457c595c97a07b69df3a','\'\'',NULL,365532),('2_Friday','10','10:00','11:55','N','DL','Caesars Forum - Society Boardroom - Demo Labs','\'Katalina\'','\'Gabi Cirlig\'','DL_c2648a6ced3a8c15b4794a600e36b7b0','\'Title: Katalina
\nWhen: Friday, Aug 11, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Society Boardroom - Demo Labs - Map
\n
SpeakerBio:Gabi Cirlig\n
\nSoftware developer turned rogue, Gabriel went from developing apps for small businesses to 2M+ DAU Facebook games while keeping an eye for everything shiny and new. For a couple of years he has shifted gears and started his career as a security researcher at HUMAN Security while speaking at various conferences showcasing whatever random stuff he hacked. With a background in electronics engineering and various programming languages, Gabi likes to dismantle and hopefully put back whatever he gets his hands on.
\n\n
\nDescription:
\nAndroid malware has long relied on basic string obfuscation techniques to make analysts suffer while reversing it. The current state of the art in mass string deobfuscation relies on two techniques. One of them is executing the sample and hoping to get some hits on the methods with the interesting strings, while the other is forking big bucks for some well known tools in the industry. Both the workload and the financial impact of these methods can severely impact an independent researcher\'s ability to tackle modern Android malware. My solution is simple: build an environment that can execute Android bytecode one instruction at a time. While the approach is not new (Unicorn comes to mind), there is no such tool available for the Android ecosystem. This allows researchers to speed up their reversing efforts and tackle more intricate and advanced malware with ease.\n
\n\n\'',NULL,365533),('2_Friday','11','10:00','11:55','Y','DL','Caesars Forum - Society Boardroom - Demo Labs','\'Katalina\'','\'Gabi Cirlig\'','DL_c2648a6ced3a8c15b4794a600e36b7b0','\'\'',NULL,365534),('3_Saturday','12','12:00','13:55','N','DL','Caesars Forum - Society Boardroom - Demo Labs','\'Kraken, a modular multi-language webshell for defense evasion\'','\'Raul Caro\'','DL_4c2af922267ff46194d63efa8a6e8e8e','\'Title: Kraken, a modular multi-language webshell for defense evasion
\nWhen: Saturday, Aug 12, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Society Boardroom - Demo Labs - Map
\n
SpeakerBio:Raul Caro\n
\nRaul Caro Teixido (OSCP, CRTE) is an Offensive Security Engineer at Telefonica Tech. He is the co-author of Mistica (your friendly data smuggler) presented in BlackHat Arsenal USA 2020, and the creator of Kraken (a modular multi-language webshell).
\n\n
\nDescription:
\nKraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP, JSP and ASPX) and its core is developed in Python. Kraken follows the principle of \"avoiding command execution\" by re-implementing it through the functionalities of the programming language in use. Kraken seeks to provide usability, scalability and improve the OPSEC of ongoing operations.\n
\n\n\'',NULL,365535),('3_Saturday','13','12:00','13:55','Y','DL','Caesars Forum - Society Boardroom - Demo Labs','\'Kraken, a modular multi-language webshell for defense evasion\'','\'Raul Caro\'','DL_4c2af922267ff46194d63efa8a6e8e8e','\'\'',NULL,365536),('3_Saturday','10','10:00','11:55','N','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'Lambda Looter\'','\'Doug Kent,Rob Ditmer\'','DL_23b28104c0c3398f67f4624a6c5474a2','\'Title: Lambda Looter
\nWhen: Saturday, Aug 12, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Accord Boardroom - Demo Labs - Map
\nSpeakers:Doug Kent,Rob Ditmer
\n
SpeakerBio:Doug Kent\n
\nDoug has worked at State Farm for about 20 years. Working on mostly security technologies ranging from Active Directory, PKI, Endpoint protection and finally landing recently on the Pen Testing team. Doug has a passion for identifying vulnerabilities and partnering with control solution teams to protect State Farm data and fulfill our promise to customers. He strives to help others with offensive security skills by providing training, guidance, and kill chain demonstrations.
\n
SpeakerBio:Rob Ditmer\n
\nRob has been on the State Farm PenTesting Team for 2 years. Prior to his time at State Farm, he has worked with various other companies as a penetration testing consultant – enabling him to experience a wide range of technologies and their differing implementations. Rob enjoys the challenge of developing tools and infrastructure to better the skills and abilities of the PenTesting team, ultimately to better the protections around State Farm data.
\n\n
\nDescription:
\nOrganizations can have thousands of lines of code that are stored in Lambda on AWS. This application was built to help reduce the amount of time it takes to review that code. On our last Pen Test, we had so much Lambda code to review it was impossible to parse through all of it in the short amount of time assigned to our test. This lack of time created a necessity to automate the review of that lambda code for secrets. Lambda Looter will take a list of profiles and scan through them and download the code you have access to and then process that code for secrets, outputting any potential secrets to a loot directory. Even though this tool can generate a number of false positives it makes looking for secrets much faster than scanning the code manually.\n
\n\n\'',NULL,365537),('3_Saturday','11','10:00','11:55','Y','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'Lambda Looter\'','\'Doug Kent,Rob Ditmer\'','DL_23b28104c0c3398f67f4624a6c5474a2','\'\'',NULL,365538),('3_Saturday','10','10:00','11:55','N','DL','Caesars Forum - Caucus Boardroom - Demo Labs','\'Lupo: Malware IOC Extractor\'','\'Vishal Thakur\'','DL_784b644c83186e62a41809e06c68688d','\'Title: Lupo: Malware IOC Extractor
\nWhen: Saturday, Aug 12, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Caucus Boardroom - Demo Labs - Map
\n
SpeakerBio:Vishal Thakur\n
\nVishal Thakur has worked in the information security industry for many years in hands-on technical roles, specializing in Incident Response with a heavy focus on Emerging Threats, Malware Analysis and Research. He has presented his research at international conferences (BlackHat, FIRST, SANS DFIR Summit) and has also run training/workshops at BlackHat and FIRST Conference. Vishal is currently working as Manager, Threat Operations Center at Huntress. In past roles, Vishal worked as a Senior Researcher at Salesforce, helping their Incident Response Centre with advanced threat analysis and developing DFIR tools and has been a part of the Incident Response team at the Commonwealth Bank of Australia.
\n\n
\nDescription:
\nLupo is a dynamic analysis tool that can be used as a module with the debugger.\n
\n\n\'',NULL,365539),('3_Saturday','11','10:00','11:55','Y','DL','Caesars Forum - Caucus Boardroom - Demo Labs','\'Lupo: Malware IOC Extractor\'','\'Vishal Thakur\'','DL_784b644c83186e62a41809e06c68688d','\'\'',NULL,365540),('2_Friday','14','14:00','15:55','N','DL','Caesars Forum - Caucus Boardroom - Demo Labs','\'OpenSSF Scorecard\'','\'Naveen Srinivasan,Neil Naveen\'','DL_bac2503015c2c68d7f90c453fee7d59f','\'Title: OpenSSF Scorecard
\nWhen: Friday, Aug 11, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Caucus Boardroom - Demo Labs - Map
\nSpeakers:Naveen Srinivasan,Neil Naveen
\n
SpeakerBio:Naveen Srinivasan\n
\nNaveen Srinivasan is a contributor and maintainer of multiple http://github.com/ossf/ projects, a member and contributor to the http://github.com/sigstore organization. His contributions have earned him recognition with Google Peer Bonus awards in 2021 https://twitter.com/snaveen/status/1422921438764453897 and 2022 https://twitter.com/snaveen/status/1563194155333222400. He has consistently contributed to the open-source community for an extended period, with no gaps in activity for the past two years. In addition to his technical contributions, He is a sought-after speaker at conferences, discussing topics related to supply chain security and mitigating risks in open-source software. He can be found on Twitter (@Naveen_Srini) at https://twitter.com/Naveen_Srini_
\nTwitter: @Naveen_Srini_
\n
SpeakerBio:Neil Naveen\n
\nNeil Naveen is an 8th grader in the US who is passionate about jiu-jitsu, solving Leetcode puzzles, and book author. OSS contributor.
\n\n
\nDescription:
\nIntroducing Scorecard, an innovative open-source tool designed to secure the software supply chain by scanning over 1.2 million GitHub repositories for potential security risks. Scorecard automates the process of evaluating a project\'s adherence to security best practices, assigning a score based on the results. The scores and detailed analysis are readily accessible via a comprehensive API (https://api.securityscorecards.dev), empowering developers to easily integrate security checks into their workflows. Additionally, Scorecard provides a CLI for individual use and a GitHub action that allows repository owners to continuously monitor and improve their project\'s security posture. Whether you\'re a seasoned developer or an open-source enthusiast, Scorecard gives you the power to make the software supply chain safer for everyone.\n
\n\n\'',NULL,365541),('2_Friday','15','14:00','15:55','Y','DL','Caesars Forum - Caucus Boardroom - Demo Labs','\'OpenSSF Scorecard\'','\'Naveen Srinivasan,Neil Naveen\'','DL_bac2503015c2c68d7f90c453fee7d59f','\'\'',NULL,365542),('2_Friday','14','14:00','15:55','N','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'OWASP crAPI: Completely Ridiculous API\'','\'Jayesh Ahire,Roshan Piyush\'','DL_cbdc753f5d6b31b6c306bf9ff495332f','\'Title: OWASP crAPI: Completely Ridiculous API
\nWhen: Friday, Aug 11, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Accord Boardroom - Demo Labs - Map
\nSpeakers:Jayesh Ahire,Roshan Piyush
\n
SpeakerBio:Jayesh Ahire\n
\nJayesh Ahire is a passionate security professional and open-source contributor with a strong background in application and API security. They have experience working with numerous organizations to design and implement secure API architectures and integrate security practices into their development processes. Jayesh has been actively involved in the OWASP community and enjoys sharing their knowledge through presentations, workshops, and mentorship.
\n
SpeakerBio:Roshan Piyush\n
\nRoshan Piyush is Security Research Engineer, solving API Security using the powers of Machine Learning and Distributed Tracing. He has 8+ years of research experience mainly focusing on API Security for the last 5+ years. He loves building security stacks, tools, and solutions. He is also a core member of the Owasp Coraza WAF team and a leader of the Owasp crAPI project.
\n\n
\nDescription:
\nOWASP crAPI is an intentionally vulnerable API designed to teach and demonstrate common API security flaws. It serves as a playground for security enthusiasts, developers, and penetration testers to learn about API vulnerabilities and practice exploiting them in a safe environment. This Demo Lab will showcase the use of crAPI for educational purposes, including how to set it up, identify vulnerabilities, and apply secure API development best practices.\n
\n\n\'',NULL,365543),('2_Friday','15','14:00','15:55','Y','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'OWASP crAPI: Completely Ridiculous API\'','\'Jayesh Ahire,Roshan Piyush\'','DL_cbdc753f5d6b31b6c306bf9ff495332f','\'\'',NULL,365544),('3_Saturday','12','12:00','13:55','N','DL','Caesars Forum - Unity Boardroom - Demo Labs','\'Pcapinator: Rise of the PCAP Machines\'','\'Henry Hill,Mike \"d4rkm4tter\" Spicer\'','DL_1a547f52202069cc129b1a7989a80551','\'Title: Pcapinator: Rise of the PCAP Machines
\nWhen: Saturday, Aug 12, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Unity Boardroom - Demo Labs - Map
\nSpeakers:Henry Hill,Mike \"d4rkm4tter\" Spicer
\n
SpeakerBio:Henry Hill\n
\nHenry Hill is an expert with computer hardware and is able to design and build the most bleeding edge systems that are the fastest in the world. His internal knowledge of architecture and system bottlenecks help him build systems capable of extreme processing and even faster storage. Henry is also an expert with mechanical engineering and fabrication. When his modifications aren’t appearing in d4rkm4tter’s projects, they can be seen in his race car at the track.
\n
SpeakerBio:Mike \"d4rkm4tter\" Spicer\n
\nMike Spicer, known as d4rkm4tter, is a cybersecurity expert and innovative hacker with an affinity for pushing the boundaries of both hardware and software. With an unquenchable curiosity for all things wireless, Mike\'s passions have propelled him to build and explore much of the wireless spectrum. Armed with a degree in computer science, Mike has harnessed his skills to build and break a diverse range of systems. His expertise covers web application penetration testing, wireless monitoring and tracking, and reverse engineering. As the designer of the renowned #WiFiCactus, Mike has brought his projects from idea to reality in the cybersecurity world. His unique take on wireless has garnered significant attention, where he has presented and demonstrated his work at conferences such as BlackHat, DEF CON and others around the world.
\n\n
\nDescription:
\nPcapinator is a powerful and versatile network analysis tool that combines the strengths of TShark and Python to provide comprehensive and efficient packet deconstruction into a format usable for further analysis. Inspired by the Terminator, Pcapinator is designed to relentlessly analyze, decode, and filter network packets using all of the resources a system makes available to it, making it a formidable asset for diving deep into PCAPs. Leveraging the robust capabilities of Wireshark’s TShark tool, Pcapinator parses and extracts vital information from pcap files, while Python\'s extensive libraries and scripts offer advanced processing and automation options. Pcapinator is built to handle extremely large PCAP files, search for anomalies in those files, and uncover the hard-to-find information in network traffic, making it an essential tool for PCAP analysis.\n
\n\n\'',NULL,365545),('3_Saturday','13','12:00','13:55','Y','DL','Caesars Forum - Unity Boardroom - Demo Labs','\'Pcapinator: Rise of the PCAP Machines\'','\'Henry Hill,Mike \"d4rkm4tter\" Spicer\'','DL_1a547f52202069cc129b1a7989a80551','\'\'',NULL,365546),('3_Saturday','14','14:00','15:55','N','DL','Caesars Forum - Council Boardroom - Demo Labs','\'ProjectDiscovery Nuclei\'','\'Brendan O\'Leary,Pj Metz\'','DL_d46a0257b0758025b25db49eaa87fba8','\'Title: ProjectDiscovery Nuclei
\nWhen: Saturday, Aug 12, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Council Boardroom - Demo Labs - Map
\nSpeakers:Brendan O\'Leary,Pj Metz
\n
SpeakerBio:Brendan O\'Leary\n
\nBrendan O\'Leary is Head of Community at ProjectDiscovery, on a mission to democratize security, and an advisor to various startups. Having worked in software his entire career, Brendan has had the privilege of working with many customers. Previously at GitLab and a board member of the CNCF – it is clear, every company is a software company. That means every company needs software and security operational excellence. Outside of work, you\'ll find Brendan with 1 to 4 kids hanging off of him at any given time or occasionally finding a moment alone to build something in his workshop.
\n
SpeakerBio:Pj Metz\n
\nPj Metz is Developer Community Manager at ProjectDiscovery and former Education Evangelist at GitLab. Before that, he was a High School English teacher for 11 years, making the transition into tech in 2021. Pj brought his passion for education to his roles at GitLab and ProjectDiscovery and is always excited to present, chat, or discuss DevRel, security, and the importance of open source work. Pj loves 80\'s music and 90\'s internet culture.
\n\n
\nDescription:
\nNuclei is used to send requests across targets based on a YAML template, leading to fewer false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks. Nuclei is a valuable tool for bug bounty hunters, pen testers, developers looking to add more security into their CI/CD pipelines, and more.\n
\n\n\'',NULL,365547),('3_Saturday','15','14:00','15:55','Y','DL','Caesars Forum - Council Boardroom - Demo Labs','\'ProjectDiscovery Nuclei\'','\'Brendan O\'Leary,Pj Metz\'','DL_d46a0257b0758025b25db49eaa87fba8','\'\'',NULL,365548),('3_Saturday','12','12:00','13:55','N','DL','Caesars Forum - Committee Boardroom - Demo Labs','\'Red Wizard: user-friendly Red Teaming infrastructure\'','\'Ben Brücker\'','DL_54bb626e86398dd3ea23b863e90f7efb','\'Title: Red Wizard: user-friendly Red Teaming infrastructure
\nWhen: Saturday, Aug 12, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Committee Boardroom - Demo Labs - Map
\n
SpeakerBio:Ben Brücker\n
\nBen, Secura\'s Red Teaming lead, has more than 9 years of experience in the field. With a strong passion for Social Engineering, he enjoys employing initial access techniques and has played a pivotal role in creating Secura\'s user friendly and OPSEC-safe Red Teaming infrastructure. In addition to his Red Teaming responsibilities, Ben also serves as a trainer for various courses and frequently shares his expertise as a public speaker at conferences. Having gained invaluable knowledge from the infosec community, he now aims to contribute back by open sourcing a number of tools and delivering presentations at conferences.
\n\n
\nDescription:
\nIn this demo I will introduce our new open-source tool called Red Wizard. Red Wizard is the result of years of spinning up repeatable infrastructures for Red Teaming operations. It automates a comprehensive infrastructure deployment with redirectors, backend systems, phishing relays, OSINT machines etcetera. But made easy by providing wizards that walk you through the deployments. Additionally, the infrastructure is self-documenting, making the sharing of all relevant details to your team of operators a breeze. The tool is build to make sure to provide you with a resilient setup that is OPSEC-safe. By retrieving all critical key material from the deployed servers, you will be able to rebuild and keep receiving your shells even if one of your servers crashes and burns. The technology used for Red Wizard is mainly based on Ansible and Docker.\n
\n\n\'',NULL,365549),('3_Saturday','13','12:00','13:55','Y','DL','Caesars Forum - Committee Boardroom - Demo Labs','\'Red Wizard: user-friendly Red Teaming infrastructure\'','\'Ben Brücker\'','DL_54bb626e86398dd3ea23b863e90f7efb','\'\'',NULL,365550),('3_Saturday','14','14:00','15:55','N','DL','Caesars Forum - Caucus Boardroom - Demo Labs','\'RuleProcessorY & Gramify - Rule Optimization & Password Analysis tools\'','\'Niels Loozekoot\'','DL_3aa6297fd2b68648ace6f8e9372f34e5','\'Title: RuleProcessorY & Gramify - Rule Optimization & Password Analysis tools
\nWhen: Saturday, Aug 12, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Caucus Boardroom - Demo Labs - Map
\n
SpeakerBio:Niels Loozekoot\n
\nWorking as Pentester Niels has an extensive background in the security field. Niels has a background in web-development and knows his way around C, C++, C#, and Python and is active in the password cracking/research communities of Hashcat, Hashkiller, and HashMob. Winning in the CrackTheCon password cracking contest, and achieving 3rd place in both the CrackMeIfYouCan 2021 & 2022.
\n\n
\nDescription:
\nThe RuleProcessorY and Gramify tools are new tools that support password-cracking efforts. RuleProcessorY offers a method of optimizing hashcat rule-files so that you can prevent duplicates across multiple attacks better, leading to a shorter runtime. Additionally it can process rules as hashcat would with an additional support for multi-byte/multi-character rules (inserts & replace primarily). Gramify offers an easy method to create base words and candidates to utilize with wordlist and combination attacks by splitting data by words, characters, or character-set. This can help with password phrases, quotes, sentences, combinator attacks, and extracting base-words from passwordlists.\n
\n\n\'',NULL,365551),('3_Saturday','15','14:00','15:55','Y','DL','Caesars Forum - Caucus Boardroom - Demo Labs','\'RuleProcessorY & Gramify - Rule Optimization & Password Analysis tools\'','\'Niels Loozekoot\'','DL_3aa6297fd2b68648ace6f8e9372f34e5','\'\'',NULL,365552),('3_Saturday','10','10:00','11:55','N','DL','Caesars Forum - Council Boardroom - Demo Labs','\'Saturday\'','\'Joshua Herman\'','DL_db30ab8701e179929f9b47feff6a9c68','\'Title: Saturday
\nWhen: Saturday, Aug 12, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Council Boardroom - Demo Labs - Map
\n
SpeakerBio:Joshua Herman\n
\nI am a release engineer specializing in compliance of information security vendors for post trade currencies. Previously I was a software engineer with experience with distributed computing and UI / UX using Python and Javascript in the same department . I have a decade of professional experience in software engineering in various industries such as insurance, CRM, Trade Show applications, recommender systems and cryptocurrency . I also have contributions to open source projects such as CPython documentation, triaging and features.
\n\n
\nDescription:
\nThis tool is a digital assistant that helps you hack. Under the hood it uses langchain (a way to augment LLMss) that currently uses an SMS / MMS / Phone interface that will allow for basic information retrieval tasks (google search, searching shodan, google places) and has the goal of doing complex offensive and defensive security tasks using anything from a dumb phone to a smartphone. It is preprogramed with tools that it can intelligently use to accomplish certain tasks such as performing a search on shodan given an IP address.\n
\n\n\'',NULL,365553),('3_Saturday','11','10:00','11:55','Y','DL','Caesars Forum - Council Boardroom - Demo Labs','\'Saturday\'','\'Joshua Herman\'','DL_db30ab8701e179929f9b47feff6a9c68','\'\'',NULL,365554),('2_Friday','12','12:00','13:55','N','DL','Caesars Forum - Unity Boardroom - Demo Labs','\'Shufflecake, AKA Truecrypt on Steroids for Linux\'','\'Elia Anzuoni,Tommaso \"tomgag\" Gagliardoni\'','DL_0afbcea1b8536d02702b05fc432dcb82','\'Title: Shufflecake, AKA Truecrypt on Steroids for Linux
\nWhen: Friday, Aug 11, 12:00 - 13:55 PDT
\nWhere: Caesars Forum - Unity Boardroom - Demo Labs - Map
\nSpeakers:Elia Anzuoni,Tommaso \"tomgag\" Gagliardoni
\n
SpeakerBio:Elia Anzuoni\n
\nElia: is a junior computer scientist and cryptographer. He recently obtained a joint M.Sc. in Cybersecurity from the Swiss universities EPFL and ETHZ. Among his relevant works, he conducted a 6-month project to refine and implement a decentralised MPC scheme based on the quantum-resistant BFV cryptosystem; as part of his first internship, he implemented a FIDO2 authenticator in a USB mouse\'s firmware; for his Master\'s Thesis (conducted as an internship at the cybersecurity company Kudelski Security), he devised a novel scheme for plausibly-deniable storage and implemented it as a kernel module for Linux. Since his graduation, he has developed an interest for blockchain technologies, especially in the Ethereum ecosystem, which has led him to delve into the vast landscape of peculiar pitfalls surrounding DeFi and Smart Contract development. He is now on a leap year, wandering around the globe with a big backpack full of dreams and t-shirts.
\n
SpeakerBio:Tommaso \"tomgag\" Gagliardoni\n
\nTommaso \"tomgag\" Gagliardoni: researcher in cryptography, privacy and security. Mathematician, cryptographer, and quantum security expert, Tommaso published influential peer-reviewed papers and spoke at many international conferences in cryptography, privacy and security (among others: CRYPTO, EUROCRYPT, ASIACRYPT, Black Hat Europe). As a subject expert, he serves as a Program Committee member at academic conferences, and collaborates with public and private institutions and official agencies in the context of legislation, international treaties and agreements on emerging technologies. Expert in blockchain and DeFi, Tommaso has performed cryptographic code audits for clients such as Binance, Coinbase, ING, Swiss Post. Additionally, he has a background in privacy hacktivism, investigative journalism, and ethical hacking, speaking at venues such as the International Journalism Festival and the E-Privacy Meeting, and being a strong advocate of the FOSS philosophy and digital freedoms. Tommaso obtained an M.Sc. in Mathematics at the University of Perugia, Italy, and a PhD at the Technical University of Darmstadt, Germany. He worked at IBM Research Zurich before joining Swiss-American cybersecurity company Kudelski Security in 2019, where he is currently technical leader for the initiatives in advanced cryptography services and quantum security. In his free time, Tommaso pursues his hobby of building tools and practices to escape the global surveillance dragnet.
\n\n
\nDescription:
\nShufflecake is a FOSS tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes without the right password(s). You can consider Shufflecake a \"spiritual successor\" of tools such as Truecrypt and Veracrypt, but vastly improved: it works natively on Linux, it supports any filesystem of choice, and can manage multiple nested volumes per device, so to make deniability of the existence of these partitions really plausible.\n
\n\n\'',NULL,365555),('2_Friday','13','12:00','13:55','Y','DL','Caesars Forum - Unity Boardroom - Demo Labs','\'Shufflecake, AKA Truecrypt on Steroids for Linux\'','\'Elia Anzuoni,Tommaso \"tomgag\" Gagliardoni\'','DL_0afbcea1b8536d02702b05fc432dcb82','\'\'',NULL,365556),('2_Friday','10','10:00','11:55','N','DL','Caesars Forum - Unity Boardroom - Demo Labs','\'Strix Interceptor\'','\'Lexie Thach\'','DL_da43de72e1b5b4fcd788cbe33363dfc5','\'Title: Strix Interceptor
\nWhen: Friday, Aug 11, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Unity Boardroom - Demo Labs - Map
\n
SpeakerBio:Lexie Thach\n
\nLexie Thach is a dedicated cybersecurity professional who has spent nearly a decade honing her skills in various roles within the industry. Throughout her journey, she has had the privilege of gaining invaluable experience in diverse cybersecurity domains, including ICS/SCADA and avionics security. Driven by an insatiable thirst for knowledge, Lexie has developed a genuine passion for electrical engineering, programming, and robotics engineering, despite not having a conventional academic background. She is currently working towards completing her studies, constantly striving to expand her knowledge and capabilities.Lexie\'s journey began at a young age when she made the decision to serve her country in the US Airforce. For a period of eight years, she had the opportunity to contribute her expertise in cyber security and tactical networks for aircraft missions and operations. It was during this time that she was exposed to the complexities of intercepting aircraft, particularly drones, and learned valuable lessons from observing the tactics and techniques employed by state actors, hacker groups, and organizations. Drawing from her diverse experiences and the challenges she faced, Lexie has embarked on projects centered around securing and assessing the security of autonomous systems. Her passion is rooted in the desire to share the techniques she has learned and to contribute to the advancement of secure autonomous systems.
\n\n
\nDescription:
\nThe development of unmanned aerial vehicles (UAVs) has revolutionized data collection, but security challenges have emerged. In response, Strix is a security testing UAV designed to intercept other UAVs in flight while adhering to legal limitations. It utilizes software analysis to detect and track unauthorized UAVs, predicting their flight path without compromising itself. Strix also encompasses ground-based support systems for enhanced mission effectiveness. The ground-based robots and drones can perform tasks such as reconnaissance, target identification, and data analysis to enhance the effectiveness of Strix\'s mission.The drone can detect RF anti-drone systems and, if identified, utilize multi-RF spoofing technology to disrupt or block their signals. This allows Strix to enter protected airspace undetected, while staying within legal bounds when required. Strix was designed to identify other UAVs and attempt to jam or possibly control their signals to their flight operators. Its hardware includes sensors, a robust communication system, and the Pixhawk autonomous flight module, which provides open-source flexibility and customization options.Strix\'s small and agile design enables high-speed flight and maneuverability in confined spaces. Advanced encryption ensures data security during collection and transmission. As an open-source project, Strix encourages customization and collaboration, making it an invaluable tool for securing airspace and mitigating UAV threats. Its interception capabilities and defensive measures, including multi-RF spoofing, contribute to UAV-driven security systems while respecting legal considerations. This makes it a powerful tool for securing airspace and preventing unauthorized UAVs from posing a threat. Its ability to detect and intercept UAVs in flight, coupled with its defensive capabilities against anti-drone systems, including the ability to employ multi-RF spoofing technology, makes Strix an essential component of any security system that relies on UAVs for data collection and analysis. Strix aims to showcase the potential of UAVs in a lawful and responsible manner, promoting safety, innovation, and ethical practices within the drone industry.\n
\n\n\'',NULL,365557),('2_Friday','11','10:00','11:55','Y','DL','Caesars Forum - Unity Boardroom - Demo Labs','\'Strix Interceptor\'','\'Lexie Thach\'','DL_da43de72e1b5b4fcd788cbe33363dfc5','\'\'',NULL,365558),('2_Friday','10','10:00','11:55','N','DL','Caesars Forum - Caucus Boardroom - Demo Labs','\'SucoshScanny\'','\'Mustafa Bilgici,Tibet Öğünç\'','DL_803322e38b5fc93187659b12c74c4ffd','\'Title: SucoshScanny
\nWhen: Friday, Aug 11, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Caucus Boardroom - Demo Labs - Map
\nSpeakers:Mustafa Bilgici,Tibet Öğünç
\n
SpeakerBio:Mustafa Bilgici\n
\nMustafa Bilgici has been doing cyber security and application security research for 4 years. It conducted vulnerabilities in many applications and reported these vulnerabilities to companies. He also works as a cyber security researcher and developer in various cyber security companies.
\n
SpeakerBio:Tibet Öğünç\n
\nTibet ÖÄŸünç has been doing cyber security and application security research for 4 years and has discovered vulnerabilities in many web applications and helped organizations to protect themselves from attackers. As a developer in web coding languages such as Node Js., Python, Php Javascript, he works as a software developer and team leader for the development of many products.
\n\n
\nDescription:
\nSucoshScan is a automated open source SAST(Static Application Security Testing) framework. It’s can detect a lot of vulnerability(RCE,SSTI,Insecure Deserilisation,SSRF,SQLI,CSRF etc.) in given source code.For now, only the detection modules of python(flask,django) and nodejs(express js.) languages are finished. In the future, specific detection functions will be written for php (Laravel, Codeigniter), .NET, Go languages.\n
\n\n\'',NULL,365559),('2_Friday','11','10:00','11:55','Y','DL','Caesars Forum - Caucus Boardroom - Demo Labs','\'SucoshScanny\'','\'Mustafa Bilgici,Tibet Öğünç\'','DL_803322e38b5fc93187659b12c74c4ffd','\'\'',NULL,365560),('2_Friday','10','10:00','11:55','N','DL','Caesars Forum - Council Boardroom - Demo Labs','\'T3SF (Technical TableTop Exercises Simulation Framework)\'','\'Federico Pacheco,Joaquin Lanfranconi\'','DL_37ba7a14c53776d6cf0cee91a5785770','\'Title: T3SF (Technical TableTop Exercises Simulation Framework)
\nWhen: Friday, Aug 11, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Council Boardroom - Demo Labs - Map
\nSpeakers:Federico Pacheco,Joaquin Lanfranconi
\n
SpeakerBio:Federico Pacheco\n
\nFederico - Cybersecurity professional with background in electronics engineering and several industry renowned certifications. 20+ years of teaching experience at the most prestigious universities in Argentina. Published 4 books and several research whitepapers. Has worked for the public and private sector, including regional roles in global companies.
\n
SpeakerBio:Joaquin Lanfranconi\n
\nJoaquin - Offensive cybersecurity professional with extensive programming skills, currently working as Cybersecurity Researcher. He is among the first positions of the Argentinean ranking in the main CTFs platforms, and stands out in the global rankings, besides contributing to the security community by writing posts and write-ups.
\n\n
\nDescription:
\nT3SF is a framework that offers a modular structure for the orchestration of injects from a master scenario events list (MSEL) together with a set of rules defined for each exercise and a configuration that allows defining the parameters of the correspondent platform. The main module performs the communication with the specific module (Discord, Slack, Telegram, WhatsApp, Teams, etc.) which allows the events to be presented in the input channels as messages in the platform. It supports different use cases for single or multiple organizations.\n
\n\n\'',NULL,365561),('2_Friday','11','10:00','11:55','Y','DL','Caesars Forum - Council Boardroom - Demo Labs','\'T3SF (Technical TableTop Exercises Simulation Framework)\'','\'Federico Pacheco,Joaquin Lanfranconi\'','DL_37ba7a14c53776d6cf0cee91a5785770','\'\'',NULL,365562),('2_Friday','10','10:00','11:55','N','DL','Caesars Forum - Committee Boardroom - Demo Labs','\'The Metasploit Framework\'','\'Spencer McIntyre\'','DL_5dc7f971d334eed6776c2b03e7b54f21','\'Title: The Metasploit Framework
\nWhen: Friday, Aug 11, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Committee Boardroom - Demo Labs - Map
\n
SpeakerBio:Spencer McIntyre\n
\nSpencer McIntyre is a Security Research Manager at Rapid7, where he works on the Metasploit Framework. He has been contributing to Metasploit since 2010, a committer since 2014, and a core team member at Rapid7 since 2019. Previously, Spencer worked at a consulting firm working with clients from various industries, including healthcare, energy, and manufacturing. He is an avid open source contributor and Python enthusiast.
\n\n
\nDescription:
\nActive Directory is the foundation of the infrastructure for many organizations. As of 2023, Metasploit has added a wide range of new capabilities and attack workflows to support Active Directory exploitation. This DEF CON demonstration will cover new ways to enumerate information from LDAP, attacking Active Directory Certificate Services (AD CS), leveraging Role Based Constrained Delegation, and using Kerberos authentication. The Kerberos features added in Metasploit 6.3 will be a focal point. The audience will learn how to execute multiple attack techniques, including Pass-The-Ticket (PTT), forging Golden/Silver Tickets, and authenticating with AD CS certificates. Finally, users will see how these attack primitives can be combined within Metasploit to streamline attack workflows with integrated ticket management. The demonstration will also highlight inspection capabilities that are useful for decrypting traffic and tickets for debugging and research purposes.\n
\n\n\'',NULL,365563),('2_Friday','11','10:00','11:55','Y','DL','Caesars Forum - Committee Boardroom - Demo Labs','\'The Metasploit Framework\'','\'Spencer McIntyre\'','DL_5dc7f971d334eed6776c2b03e7b54f21','\'\'',NULL,365564),('3_Saturday','10','10:00','11:55','N','DL','Caesars Forum - Society Boardroom - Demo Labs','\'The Wifydra: Multiheaded RF Panopticon\'','\'Lozaning\'','DL_13d61c129d02dba68b94c0b08f98785d','\'Title: The Wifydra: Multiheaded RF Panopticon
\nWhen: Saturday, Aug 12, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Society Boardroom - Demo Labs - Map
\n
SpeakerBio:Lozaning\n
\nLozaning (they/them) has been wardriving for over 10 years and enjoys designing, building, and assembling unorthodox network observation platforms such as: The Wifydra (presented here), The International Wigle Space Balloon, and turning an Amtrak roomette into a mobile radio observation lab. Currently ranked as the 84th best wardriver in the world on Wigle.net, Lozaning loves all things wifi and high precision GNSS related.\n

Lozaning loves wifi, radios, blinky lights, and fancy GPS receivers. They\'ve been wardriving for over 20 years and are now ranked in the top 100 wardrivers in the world.\n

\n\n
\nDescription:
\nThe Wifydra is open source hardware and software used to locate wireless access points for wardriving. The project is a continuation of the work done previously by Mike Spicer (@d4rkm4tter) and his WiFi Cactus and Kraken. It\'s designed to be a low power and low cost modular way of simultaneously monitoring all 2.4Ghz WiFi channels for AP beacons. By utilizing strictly off the shelf embedded components, the Wifydra is able to keep costs extremely low (~$90) and its footprint extremely small (250 square cm). More importantly, minimal power consumption is maintained, requiring only a USB C battery capable of putting out 10 watts. The Wifydra is modular in nature and supports a multitude of GNSS (Global Navigation Satellite System) options for location tagging. The ESP32-C5 for 5Ghz channel monitoring will also be supported once the hardware becomes available. The version of The Wifydra demoed consists of 14 ESP8266 called sub nodes, an additional ESP32 called the dom node, SD card holder, GNSS module, OLED screen, as well as the Wifydra carrier board that connects all these components. The firmware, BOM, and gerbers are all available in The Wifydra\'s Github repo: https://github.com/lozaning/The_Wifydra\n
\n\n\'',NULL,365565),('3_Saturday','11','10:00','11:55','Y','DL','Caesars Forum - Society Boardroom - Demo Labs','\'The Wifydra: Multiheaded RF Panopticon\'','\'Lozaning\'','DL_13d61c129d02dba68b94c0b08f98785d','\'\'',NULL,365566),('3_Saturday','14','14:00','15:55','N','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'ThreatScraper: Automated Threat Intelligence Gathering and Analysis for VirusTotal\'','\'Aaron \"AJ\" Morath,Scott Graham\'','DL_38403c6159bdd76d94abf814c1adfedd','\'Title: ThreatScraper: Automated Threat Intelligence Gathering and Analysis for VirusTotal
\nWhen: Saturday, Aug 12, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Accord Boardroom - Demo Labs - Map
\nSpeakers:Aaron \"AJ\" Morath,Scott Graham
\n
SpeakerBio:Aaron \"AJ\" Morath\n
\nCaptain Aaron \"AJ\" Morath, CEH/CompTIA Pentest+, is a graduate student at the Air Force Institute of Technology, where he is involved in researching malware identification and propagation. His thesis work concentrates on developing innovative strategies to combat evolving cybersecurity threats and enhance security measures. AJ has served as the Defensive Cyber Operator (DCO) Officer in Charge (OIC) of the NASIC DCO team for three years. He oversaw the security and defense of an enterprise network comprising over 6,000 connected devices.
\n
SpeakerBio:Scott Graham\n
\nDr. Scott Graham is a Professor of Computer Engineering at the Air Force Institute of Technology. His research interests center on cyber physical systems, looking at the intersection between real physical systems and the computers that control them. Specific areas of interest include cyber physical systems security, computer architecture, embedded computing, critical infrastructure protection, and vehicular cyber security.
\n\n
\nDescription:
\nVirusTotal serves as a popular platform for aggregating malware information submitted by Anti-Virus (AV) software providers, which can be searched using parameters such as hashes (SHA-1, SHA-256, MD5), file names, and malicious web links. In order to enhance and automate the process of malware intelligence gathering, we introduce ThreatScraper, a Python-based tool that automates free API queries and rescanning tasks on VirusTotal. ThreatScraper is designed to periodically request reports on specified files and save the results in a local database or Excel file. It allows users to pull and aggregate malicious file reports from multiple AV vendors over time, providing insights into the adoption of malware detection across providers. Easily implemented from any Windows command line, ThreatScraper can rescan a file, pull a report, and then sleep until the next designated time identified by the user.\n
\n\n\'',NULL,365567),('3_Saturday','15','14:00','15:55','Y','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'ThreatScraper: Automated Threat Intelligence Gathering and Analysis for VirusTotal\'','\'Aaron \"AJ\" Morath,Scott Graham\'','DL_38403c6159bdd76d94abf814c1adfedd','\'\'',NULL,365568),('3_Saturday','10','10:00','11:55','N','DL','Caesars Forum - Unity Boardroom - Demo Labs','\'USBvalve - Expose USB activity on the fly\'','\'Cesare Pizzi\'','DL_f904413bba3ef8d88a5c452e6bc2c3cf','\'Title: USBvalve - Expose USB activity on the fly
\nWhen: Saturday, Aug 12, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Unity Boardroom - Demo Labs - Map
\n
SpeakerBio:Cesare Pizzi\n
\nCesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast at Sorint.lab. He develops software and hardware, and tries to share this with the community. Mainly focused on low level programming, he developed a lot of OpenSource software, sometimes hardware related and sometimes not. Doing a lot of reverse engineering too. He likes to share his job when possible (at Defcon, Insomni\'hack, Nullcon. etc). Contributor of several OS Security project (Volatility, OpenCanary, PersistenceSniper, Speakeasy, CETUS, etc) and CTF player.
\n\n
\nDescription:
\nUSB spreading malware is still a concern today. Over the past few months, we have witnessed an increase in malicious software exploiting USB drives to bypass security measures, even in air-gapped systems. Whenever we connect our USB drive to an \"untrusted\" system, numerous doubts arise: what happens behind the scenes? Is something accessing, modifying, or encrypting our files? This is where USBvalve comes in. It is an affordable dongle, built using readily available hardware, designed to reveal the true activities occurring when a USB drive is connected to a system. It can also be used to check for \"BADUSB\" (HID) on USB keys before inserting them into our own systems. The best part is that it\'s as compact as a keychain, making it convenient to carry with us at all times!\n
\n\n\'',NULL,365569),('3_Saturday','11','10:00','11:55','Y','DL','Caesars Forum - Unity Boardroom - Demo Labs','\'USBvalve - Expose USB activity on the fly\'','\'Cesare Pizzi\'','DL_f904413bba3ef8d88a5c452e6bc2c3cf','\'\'',NULL,365570),('2_Friday','14','14:00','15:55','N','DL','Caesars Forum - Unity Boardroom - Demo Labs','\'Vacuum Robot Hacking\'','\'Dennis Giese\'','DL_efcf5049f0507dcff93ea61070106cb6','\'Title: Vacuum Robot Hacking
\nWhen: Friday, Aug 11, 14:00 - 15:55 PDT
\nWhere: Caesars Forum - Unity Boardroom - Demo Labs - Map
\n
SpeakerBio:Dennis Giese\n, Hacker
\nDennis Giese is currently a PhD student at Northeastern University and focuses on the security and privacy of IoT devices.\n

While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices.\n \n

His most known projects are the documentation and hacking of various vacuum robots. His current vacuum robot army consists of over 45 different models from various vendors.\n

\nTwitter: @dgi_DE
\n\n
\nDescription:
\nIn this demo I will show you can root various models of vacuum robots and disconnect them from the cloud. You have the chance to play around yourself with the tools and the rooted robots yourself. Learn why you should not trust your robots cameras and microphones. Pick up a free PCB that allows you to root your vacuum robot easily.\n
\n\n\'',NULL,365571),('2_Friday','15','14:00','15:55','Y','DL','Caesars Forum - Unity Boardroom - Demo Labs','\'Vacuum Robot Hacking\'','\'Dennis Giese\'','DL_efcf5049f0507dcff93ea61070106cb6','\'\'',NULL,365572),('3_Saturday','10','10:00','11:55','N','DL','Caesars Forum - Committee Boardroom - Demo Labs','\'Veilid\'','\'Deth Veggie,TC Johnson\'','DL_43983f1be8b66c0a794eee729ad2c6c6','\'Title: Veilid
\nWhen: Saturday, Aug 12, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Committee Boardroom - Demo Labs - Map
\nSpeakers:Deth Veggie,TC Johnson
\n
SpeakerBio:Deth Veggie\n
\nThe Deth Vegetable: cDc member since December 1990. Minister of Propaganda If everything is to be believed, he has alternately been a Special Forces Commando, Mexican wrestler, comicbook villain, bodyguard to Mr. T, designer drug manufacturer, electronics wizard, and used tire recycler.
\n
SpeakerBio:TC Johnson\n
\nTC: Rubber Duck to the actual developer of Veilid. Here to get you started on the future we were promised -- communication free of a profit motive, free of corporate overlords, and free of other intrusive eyeballs.
\n\n
\nDescription:
\nVeilid is a new, distributed communication protocol developed by Cult of the Dead Cow\'s Dildog (of BO2K fame). This p2p, E2EE, distributed protocol is being released at Defcon 31, fully open source, and with an example app called Veilid Chat. These demos will cover setting up an identity, connecting to others, deploying heavy nodes to support the network, and contributing to the project.\n
\n\n\'',NULL,365573),('3_Saturday','11','10:00','11:55','Y','DL','Caesars Forum - Committee Boardroom - Demo Labs','\'Veilid\'','\'Deth Veggie,TC Johnson\'','DL_43983f1be8b66c0a794eee729ad2c6c6','\'\'',NULL,365574),('2_Friday','10','10:00','11:55','N','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'Vulnerable by Design: Unguard, The Insecure Cloud-Native Twitter Clone\'','\'Christoph Wedenig,Simon Ammer\'','DL_49ee5641b4b92afc09c64bc0e4be5bf3','\'Title: Vulnerable by Design: Unguard, The Insecure Cloud-Native Twitter Clone
\nWhen: Friday, Aug 11, 10:00 - 11:55 PDT
\nWhere: Caesars Forum - Accord Boardroom - Demo Labs - Map
\nSpeakers:Christoph Wedenig,Simon Ammer
\n
SpeakerBio:Christoph Wedenig\n
\nChristoph always loved to interact with software systems, even more so in unintended ways. He studied Applied Computer Science in the south of Austria, focusing on the detection of server-side request forgery in his Master’s thesis. As a demo environment for this thesis, he created a small distributed application called “Vogelgrippe” which was then later extended for various other use cases until being renamed to Unguard and finally gifted to the community as an Open-Source playground. Currently, he is working in the Application security team at Dynatrace, where he helps build a wide suite of security-related software.
\n
SpeakerBio:Simon Ammer\n
\nSimon\'s interest in cybersecurity was sparked after listening to the Darknet Diaries podcast, which led him to pursue a career in this fascinating field. He studied Software Engineering and Mobile Computing in Austria, focusing on enhancing web vulnerability scanner reports for his Master\'s thesis. Driven by his passion for cybersecurity, Simon decided to further expand his knowledge by enrolling in another Master\'s program specializing in Artificial Intelligence. Currently, he holds the position of Research Software Engineer in the cloud-native security team at Dynatrace. There, he leverages his knowledge to employ AI to improve security measures and safeguard digital infrastructures.
\n\n
\nDescription:
\nUnguard is an intentionally insecure, cloud-native microservices demo application that serves as a playground for cybersecurity enthusiasts to sharpen their skills and for cybersecurity companies to test their software. Designed to mimic a web-based Twitter clone, the platform offers user registration, login, content posting, and social interactions, all with a wide variety of exploitable vulnerabilities. Featuring a wide range of security flaws, including SSRF, Command/SQL Injection, Log4Shell, and Spring4Shell, Unguard challenges security professionals, developers, and students to identify, exploit, and understand these weaknesses. Simultaneously, the platform showcases deceptive elements, such as phony ads and profile management options, which further enhance the real-world experience offered by the demo.\n
\n\n\'',NULL,365575),('2_Friday','11','10:00','11:55','Y','DL','Caesars Forum - Accord Boardroom - Demo Labs','\'Vulnerable by Design: Unguard, The Insecure Cloud-Native Twitter Clone\'','\'Christoph Wedenig,Simon Ammer\'','DL_49ee5641b4b92afc09c64bc0e4be5bf3','\'\'',NULL,365576),('0_Wednesday','11','11:00','16:59','N','MISC','Other/See Description','\'The Unofficial DEF CON Shoot\'','\' \'','MISC_4975b1a790f9781e485e5e40c5e6c81d','\'Title: The Unofficial DEF CON Shoot
\nWhen: Wednesday, Aug 9, 11:00 - 16:59 PDT
\nWhere: Other/See Description
\n
\nDescription:
\nWhere: Pro Gun Vegas
\nAddress: 12801 US 95 South Boulder City, NV 89005\nWhen: Before the con Wednesday Aug 9th, 11:00 - 17:00\nhttps://deviating.net/firearms/defcon_shoot/\n

The Unofficial DEF CON Shoot is a public event that happens just prior to the DEF CON hacker conference in Las Vegas, Nevada. It is an opportunity to see and shoot some of the guns belonging to your friends while taking pride in showing and firing your own steel, as well, in a relaxed and welcoming atmosphere. We choose a spot, then we rent tables, canopies, and bring all the necessary safety equipment and amenities. All you need to bring yourself and (optionally) your firearms. New shooters and veterans both attend regularly. You can attend with your firearms, of course, but folk without guns of their own in Vegas may have the opportunity to try gear from others in attendance or to inquire with the ProGun range about whether rental firearms are available.\n

This is a 100% off-site event and a defcon badge is not required for entry.\n

\n\n\'',NULL,365577),('0_Wednesday','12','11:00','16:59','Y','MISC','Other/See Description','\'The Unofficial DEF CON Shoot\'','\' \'','MISC_4975b1a790f9781e485e5e40c5e6c81d','\'\'',NULL,365578),('0_Wednesday','13','11:00','16:59','Y','MISC','Other/See Description','\'The Unofficial DEF CON Shoot\'','\' \'','MISC_4975b1a790f9781e485e5e40c5e6c81d','\'\'',NULL,365579),('0_Wednesday','14','11:00','16:59','Y','MISC','Other/See Description','\'The Unofficial DEF CON Shoot\'','\' \'','MISC_4975b1a790f9781e485e5e40c5e6c81d','\'\'',NULL,365580),('0_Wednesday','15','11:00','16:59','Y','MISC','Other/See Description','\'The Unofficial DEF CON Shoot\'','\' \'','MISC_4975b1a790f9781e485e5e40c5e6c81d','\'\'',NULL,365581),('0_Wednesday','16','11:00','16:59','Y','MISC','Other/See Description','\'The Unofficial DEF CON Shoot\'','\' \'','MISC_4975b1a790f9781e485e5e40c5e6c81d','\'\'',NULL,365582),('2_Friday','10','10:00','10:40','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Securing the Whole System: Corporal to Corporate\'','\'David Guffrey,Nina Alli,Rob Suárez\'','BHV_029c6fd11dafa64e0842df8e2bf62d88','\'Title: Securing the Whole System: Corporal to Corporate
\nWhen: Friday, Aug 11, 10:00 - 10:40 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\nSpeakers:David Guffrey,Nina Alli,Rob Suárez
\n
SpeakerBio:David Guffrey\n, Principal Biomed Customer Success Manager at Claroty
\nDavid Guffrey, MS, MSM, CEH, HCISPP, ITIL\n

Principal Biomed Customer Success Manager, Claroty\n

David Guffrey is the Principal Biomed Customer Success Manager for Claroty, an industry leader in cybersecurity. Claroty is an award-winning cybersecurity solution provider with the mission of securing all XIoT cyber-physical systems in the healthcare, industrial, commercialand public sector domains. Mr. Guffrey utilizes his experience integrating and securing connected medical systems in his role as trusted advisor to Claroty customers on their journey toward reducing healthcare ecosystem risk. David also collaborates with Claroty R&D, Data Science, Marketing, and Product Teams to improve the quality of the Claroty product and customer experience.\n

Prior to his current role, David was the Medical Device Cybersecurity Program Manager for Mass General Brigham (MGB). He built the MGB medical device cybersecurity program for research and operations from the ground up and architected the state-of-the-art “Cyber Range” for the MGH MDPnP Program with funding from the US Dept of Homeland Security, US Food & Drug Administration, and the US Dept of Defense. Through the MDPnP Cyber Range, David conducted cutting edge cybersecurity research for MGB as well as state and federal initiatives. He led MGB operations activities across the enterprise including planning strategic initiatives, risk assessments, technology assessments, penetration testing, emergency preparedness & response activities, technology implementations. He also served as an advisor for MGB procurement contract negotiations and infosec policies and procedures.\n

Mr. Guffrey has been a leading voice representing healthcare delivery organization (HDO) interests in the national standards community including contributing to AAMI TIR97 and SW96.David strives to be an active community member through opportunities for sharing his knowledge and collaborating on initiatives that build towards improving the security of the healthcare ecosystem. He has presented to the World Health Organization and numerous organizations, societies and conferences including ACCE, BHV, MedTechIntelligence, STA, CFF, IQPC. He also enjoys mentoring rising cybersecurity specialists.\n

\n
SpeakerBio:Nina Alli\n, Regulatory Cybersecurity, Senior Strategist at Thermo Fisher
\nNina Alli is the Executive Director of the Biohacking Village, Sr Cybersecurity Regulatory Strategist at ThermoFisher, George Washington University Law School student, policy white paper writer, EMR and associated devices technologist, coffee snob, and super proud #Latina from #NYC.
\n
SpeakerBio:Rob Suárez\n
\nRob Suárez is a cybersecurity and privacy professional in the healthcare industry. Currently at CareFirst BlueCross BlueShield, Rob serves as Chief Information Security Officer with previous Chief Information Security Officer experience at BD (Becton Dickinson). His origin story begins software development and continues that trajectory with experience overseeing cybersecurity across enterprise IT, manufacturing OT, and medical technology product. Rob previously chaired the Cybersecurity Steering Committee for the Medical Device Innovation Consortium and the Cybersecurity Working Group for AdvaMed. He was also one of three leaders to co-chair the public-private Healthcare and Public Health Sector Coordinating Council (HSCC) Med Tech Cybersecurity Risk Management Task Group, which issued the seminal Medical Device and Healthcare Information Technology Joint Security Plan (JSP) in 2019.
\n\n
\nDescription:No Description available
\n\'',NULL,365583),('2_Friday','10','10:40','11:40','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Time, Persistence, Patience\'','\'Michael \"v3ga_hax\" Aguilar\'','BHV_074d68b00de0df551c74966f214e32da','\'Title: Time, Persistence, Patience
\nWhen: Friday, Aug 11, 10:40 - 11:40 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\n
SpeakerBio:Michael \"v3ga_hax\" Aguilar\n, Principle Consultant at Secureworks Adversary Group
\nMichael Aguilar (v3ga_hax) is a Principle Consultant with Secureworks Adversary Group. He leads the Medical Device Adversarial Testing efforts at Secureworks as well conducting Adversarial Assessments, Internal/External Adversarial testing, Social Engineering and other fun things. When not knocking over systems, he enjoys cardio (running/cycling), playing guitar/screaming and music.
\n\n
\nDescription:
\nCurrently, medical devices are getting smarter by the minute. However, with the rapid expansion of new technologies on legacy systems, these smart additions are adding massive amounts of attack footprint. Additionally, older ways of development, utilizing sometimes poorly constructed binaries or scripts, are placed onto newer operating systems, leaving an environment ripe for exploitation. Adding urgency, the FDA also recently announced it would begin denying systems with vulnerabilities. This will go over my methods of using full scope testing (physical/netpen/hardware/other) to gain good findings for remediation in the modern world and the differentiators I have seen in my testing method vs. others observed in field. It will also have ample examples of actual bugs located during testing, how they were uncovered, and how they were utilized to exploit target systems (anonymized of course).\n
\n\n\'',NULL,365584),('2_Friday','11','10:40','11:40','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Time, Persistence, Patience\'','\'Michael \"v3ga_hax\" Aguilar\'','BHV_074d68b00de0df551c74966f214e32da','\'\'',NULL,365585),('2_Friday','13','13:20','14:10','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Making a Sick Badge\'','\'Caleb Davis,Nathan Smith\'','BHV_c432222017e8a4dd18473c2821a4a3a8','\'Title: Making a Sick Badge
\nWhen: Friday, Aug 11, 13:20 - 14:10 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\nSpeakers:Caleb Davis,Nathan Smith
\n
SpeakerBio:Caleb Davis\n, Protiviti
\nCaleb Davis leads Protiviti’s IoT/Embedded security team. Caleb operates out of the Dallas/Fort Worth area and has a degree in Electrical Engineering from the University of Texas at Tyler. He is an inventor/patent holder and has a background in embedded hardware/software development. He leads a team of experts that regularly perform penetration testing across a wide variety of products including medical devices, ATMs, chemical control systems, security solutions, and other commercial products. Additionally, Caleb has a passion for integrating security into the product development life cycle and has helped several organizations in their approach to shifting left.
\n
SpeakerBio:Nathan Smith\n, Protiviti
\nNathan Smith is a Manager focused on IoT device security at the Dallas Protiviti office. Before coming to Protiviti, Nathan accumulated 8 years of industry experience developing and testing embedded controls and software, leading software development teams, and managing digital products. He received a B.S. in Electrical Engineering from the University of Texas at Tyler. He has performed device penetration testing, firmware reviews, and mobile application security assessments on industry devices.
\n\n
\nDescription:
\nThis year we created our first DEF CON badge and enjoyed almost every second of it. In this presentation we hope to enable other security professionals to tinker with badge development and give them tools and tricks to help facilitate their creativity. We think that understanding the process to create a working thing helps us all better understand where we can do things more securely and how to break things better. We will review the boring and unavoidable design questions that must be addressed, the exhilarating process of creating something that works well, and scaling up from a working prototype. We will demonstrate using real steps we took this year to make our badge for the Biohacking Village.\n
\n\n\'',NULL,365586),('2_Friday','14','13:20','14:10','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Making a Sick Badge\'','\'Caleb Davis,Nathan Smith\'','BHV_c432222017e8a4dd18473c2821a4a3a8','\'\'',NULL,365587),('2_Friday','14','14:10','14:40','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Good Vibrations, Haptic Sensory Augmentation Implants\'','\'Quinn D. Mooney\'','BHV_dc0b233b071b7fb318285160512a505b','\'Title: Good Vibrations, Haptic Sensory Augmentation Implants
\nWhen: Friday, Aug 11, 14:10 - 14:40 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\n
SpeakerBio:Quinn D. Mooney\n
\nQuinn D. Mooney is a biohacker and Electrical & Biomedical engineering student at Clarkson University. His experience with biohacking has led to a focus on augmenting the human condition and sensory expansion. When not in the lab, you can find him hiking and kayaking in the Adirondack Mountains.
\n\n
\nDescription:
\nProject Output is a haptic feedback implant which allows users to experience and interface with hard data through vibration. Rather than displaying data as numbers, Project Output allows users to experience that information in a synesthetic manner. The implantable nature of the device integrates directly with the user’s nervous system, making it an extension of the user rather than a device. Through exposure over time, and some conscious training, users associate the vibrations with actual data allowing the neuroplastic capacity of the brain to provide an intuitive and integrated understanding of the linked device. Additionally, the power is supplied wirelessly external to the body, using a standardized battery module. This alleviates design constraints surrounding internal power storage and presents an opportunity for further implant design based on the wireless power supply. Current applications include blood glucose monitoring, radiation dosimetry, and pseudo-echolocation using an array of implants. However, given the modular nature, multiple additional categories of sensor data are possible. The benefits of designing for future end-user modifications, as well as promoting common standards, illustrate the power of designing platforms over products.\n
\n\n\'',NULL,365588),('2_Friday','14','14:40','15:59','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'FoldIt\'','\'Firas D Khatib\'','BHV_6df9b8b9a2bc9fa94b670d97849d27a7','\'Title: FoldIt
\nWhen: Friday, Aug 11, 14:40 - 15:59 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\n
SpeakerBio:Firas D Khatib\n, Associate Professor at University of Massachusetts DartmouthPhD
\n\n\n\n
\nDescription:
\nIf we want to address the many challenges facing this world, we’ll need to tackle them from many different angles—not just using traditional means. For example, can the brainpower of video game playing citizen scientists tackle critical problems in computational biology? Yes! Players of the worldwide online protein-folding video game Foldit—most of whom with little or no prior biochemistry experience—have uncovered knowledge that eluded scientists for years, contributing to several scientific discoveries through gameplay. Rather than solving problems with a purely computational approach, combining humans and computers can provide a means for solving problems neither could solve alone. You will be given an opportunity to learn and train your Foldit skills before the conference, where a special Biohacking Village Foldit Competition will take place!\n
\n\n\'',NULL,365589),('2_Friday','15','14:40','15:59','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'FoldIt\'','\'Firas D Khatib\'','BHV_6df9b8b9a2bc9fa94b670d97849d27a7','\'\'',NULL,365590),('2_Friday','16','16:00','16:30','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Can I put my DNA on the blockchain, mom?\'','\'Anne Kim,Michele Orrù\'','BHV_f434bc1ad65f367f8ff3a96d6779fdff','\'Title: Can I put my DNA on the blockchain, mom?
\nWhen: Friday, Aug 11, 16:00 - 16:30 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\nSpeakers:Anne Kim,Michele Orrù
\n
SpeakerBio:Anne Kim\n
\nI believe that privacy is a human right and that cryptography can help foster an open society. My research focuses on the intersection of authentication and anonymity. Anne sees accessibility to healthcare as a right by using biology, healthcare policy, and technology.
\n
SpeakerBio:Michele Orrù\n
\nNo BIO available
\n\n
\nDescription:
\nIn this talk, we\'ll show how zero knowledge proofs could be used to prove statements about your health without disclosing the entirety of your DNA. Although this could unlock various use cases in healthcare such as community airdrops and authentication, there are possible abuses like genetic discrimination and reporting by anonymous adversaries. Concluding the talk, we will discuss frameworks that the (hopefully not depressed) audience can use to inform their decision making and activism on the topic of blockchain and healthcare.\n
\n\n\'',NULL,365591),('2_Friday','16','16:30','17:20','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'My CPAP has a recall, lets open it instead!\'','\'José Fernández\'','BHV_dc603b164d6e2c48cbc48107097b162c','\'Title: My CPAP has a recall, lets open it instead!
\nWhen: Friday, Aug 11, 16:30 - 17:20 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\n
SpeakerBio:José Fernández\n, President at CompSec Direct
\nJosé Fernández is the President of CompSec Direct. José\'s background in CNO, CND, and engineering has allowed him to work in some of the most technically demanding environments in both private and public sector. Mr. Fernandez is a Puertorican Hacker Dude, Veteran, and the Director of Recruitment for AUSCF.
\n\n
\nDescription:
\nWe all need to sleep and having sleep apnea sucks. Sleep apnea diagnoses have become more prevalent among our society. The continuous positive airway pressure or CPAP equipment, like the Phillips Dreamstation, helps individuals with sleep apnea by providing a regulated air stream into their respiratory system. Problem is sometimes these medical devices have manufacturer recalls \n

https://www.usa.philips.com/healthcare/e/sleep/communications/src-update and the main concern around the recalls are due to the increased risk of getting much sicker while using the devices, usually due to the reduced manufacturing costs per component within medical devices. This talk focuses on the Philips Dreamstation device that is part of an on-going recall. This talk will cover a simple tear down and analysis of the device components and will also cover the CPAP firmware scene where hackers homebrew and modify firmware to help them and their friends get sleep across CPAP devices.\n

\n\n\'',NULL,365592),('2_Friday','17','16:30','17:20','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'My CPAP has a recall, lets open it instead!\'','\'José Fernández\'','BHV_dc603b164d6e2c48cbc48107097b162c','\'\'',NULL,365593),('2_Friday','17','17:20','17:59','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'CVE Insanity\'','\'Om Mahida\'','BHV_466f8681ceaac4c263491edce727c0ef','\'Title: CVE Insanity
\nWhen: Friday, Aug 11, 17:20 - 17:59 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\n
SpeakerBio:Om Mahida\n, MedCrypt
\nOm leads Product at MedCrypt, helping build innovative cybersecurity products for healthcare. His interests in privacy and technology led him to join a cybersecurity startup after studying Computer Engineering at Drexel. In his free time, Om likes to ski and make pizzas.
\n\n
\nDescription:
\nCVSS is a headache for everyone, but we all use it. Has anyone actually checked to see if it works the way it should? Or where and why it fails? Trying to manually analyze every single CVE is painstaking. And what if CVSS isn’t actually working? Is there something better out there? What if we used science, like you know, an adult, and measured something? Grab your protractors and slide rules and sextants as we explore the exceedingly exciting world of vulnerability management, risk management’s slightly more edgy cousin. This talk will explore what rescoring vulnerabilities with CVSS does and doesn’t do, and what we should do next to fill the gaps. PREVIOUSLY: ChatGPT took the world by storm. But what if we tried to use it to write a clinical application? And do it securely? Will the code compile? Will the data actually be secure? This talk will go over a PoC where we put it to the test.\n
\n\n\'',NULL,365594),('3_Saturday','10','10:00','10:30','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Securing the Whole System: Corpal to Corporate\'','\'Lee Cyborg\'','BHV_cbb5b5d3de2fe69682b7798f197f2674','\'Title: Securing the Whole System: Corpal to Corporate
\nWhen: Saturday, Aug 12, 10:00 - 10:30 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\n
SpeakerBio:Lee Cyborg\n
\nI am an artist, cyborg, and educator currently based in Montreal. I have a bachelors from Concordia University, a masters from OCAD University, and currently I am a PhD candidate at the University of Toronto. I am interested in lasers, technology, outer space exploration, and building whimsical robots. Currently, I run community initiative and partnerships at the Milieux Institute at Concordia and recently finished a year long residency as Artist in Residence at the department of Design and Computation Arts at Concordia
\n\n
\nDescription:No Description available
\n\'',NULL,365595),('3_Saturday','10','10:30','11:10','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Homo sapiens sapiens to Homo sapiens nova - the coming speciation\'','\'Almost Human (BJ)\'','BHV_8613c9c89ce8737c15bfc53d80e66f4b','\'Title: Homo sapiens sapiens to Homo sapiens nova - the coming speciation
\nWhen: Saturday, Aug 12, 10:30 - 11:10 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\n
SpeakerBio:Almost Human (BJ)\n
\nHe does science and technology consulting with a dash of anthropology. In other words, it isn\'t just the cool technology, it is how it is used and abused. In other words, culture matters in technology adoption. He has experience in a number of Physical Science fields, as well as Anthropology. What he says is no one\'s fault but his own.
\n\n
\nDescription:
\nThe archeological record of the past 100,000+ years shows that today\'s Homo sapiens sapiens (HSS) won out over other Homo sapiens subspecies such as Neanderthals, Denisovans, and possibly others. Nonetheless, many HSS carry genes from older Homo sapiens subspecies. HSS now directs its own evolution. Add the advent of science-based medicine, advanced pharmaceuticals, smart implants, neural interfaces, genetic modification, a healthy(?) dose of artificial intelligence, and a transhumanist philosophy, Homo sapiens sapiens could split back into multiple subspecies. This presentation covers potential paths of future (sub-)speciation (such as Homo sapiens maximus and Homo sapiens nova) that could occur before the end of the 21st century. Will it occur peacefully? Probably not.\n

This is Almost Human\'s second Biohacking Village talk. (The previous talk focused on the death of genetic privacy.)\n

\n\n\'',NULL,365596),('3_Saturday','11','10:30','11:10','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Homo sapiens sapiens to Homo sapiens nova - the coming speciation\'','\'Almost Human (BJ)\'','BHV_8613c9c89ce8737c15bfc53d80e66f4b','\'\'',NULL,365597),('3_Saturday','11','11:10','11:40','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'How to build a body in your garage\'','\'Brennan Marsh-Armstrong\'','BHV_270b493ecce06dc66f60f94eb4d1c367','\'Title: How to build a body in your garage
\nWhen: Saturday, Aug 12, 11:10 - 11:40 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\n
SpeakerBio:Brennan Marsh-Armstrong\n
\nBrennan Marsh-Armstrong is a 4th year medical student at University of California San Diego School of Medicine, where he also conducts research in medical simulation and development of affordable and multi-modality medical training devices. Prior, he worked as an ophthalmology researcher and computer science studying retinal vasculature in disease pathologies at University of California David. Before that, he received Bachelor of Arts at from Amherst College in Biochemistry and Biophysics, and Computer Science while researching unique phosphatase inhibition mechanisms. In this upcoming year he hopes to matriculate into an anesthesia residency where he will also continue research on medical simulation and education.
\n\n
\nDescription:
\nAnatomical medical simulators are an integral part of both medical training and experimentation, as well as implant biohacking. However, commercial models typically range from thousands of dollars for simple one-piece designs to hundreds of thousands of dollars for computer-visualized designs. This cost limits the use of medically accurate training models outside of well-funded medical schools. Using only a 3D printer, silicone, ballistics gel, balloons, and yarn, I’ve built on the work of others to develop DIY methods of mimicking commercial medical simulators for a small fraction of their cost (usually under 10%). These models can include pulsatile arteries, superficial rolling veins, nerves, skin, muscle planes, bones, and articulating joints. They are ultrasound-able, recyclable, and, with the addition of infrared tracking cameras, can be integrated into virtual environments for internal visualization. Projects like this lower the barrier to entry for citizen scientists and less funded biohackers to experiment and explore medical implants, procedures, and ultrasound.\n
\n\n\'',NULL,365598),('3_Saturday','11','11:40','12:40','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Surgical Physicians and Cybersecurity\'','\'Colin Haines\'','BHV_28084fdba1d3eabca9658633becf32c3','\'Title: Surgical Physicians and Cybersecurity
\nWhen: Saturday, Aug 12, 11:40 - 12:40 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\n
SpeakerBio:Colin Haines\n
\nNo BIO available
\n\n
\nDescription:No Description available
\n\'',NULL,365599),('3_Saturday','12','11:40','12:40','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Surgical Physicians and Cybersecurity\'','\'Colin Haines\'','BHV_28084fdba1d3eabca9658633becf32c3','\'\'',NULL,365600),('3_Saturday','12','12:40','13:50','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Medical VR\'','\'David Nathans,Ernest Liu\'','BHV_7200cc5bc114ea81fe9080689207400e','\'Title: Medical VR
\nWhen: Saturday, Aug 12, 12:40 - 13:50 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\nSpeakers:David Nathans,Ernest Liu
\n
SpeakerBio:David Nathans\n, Product Security Manager at Siemens Healthcare
\nDavid Nathans currently serves as a Product Security Manager for Siemens Healthcare, where he specializes in building cybersecurity programs and security operation centers. Having previously held prominent positions in the defense, retail, managed security and healthcare industries, Nathans has a wealth of cybersecurity knowledge which he shares to help protect companies from this growing threat. His experiences and lessons learned also stem from his time building security programs at one of the largest breached retail companies in history as well as working all over the world as a Cyber-Operations Officer for the US Air Force.
\n
SpeakerBio:Ernest Liu\n
\nNo BIO available
\n\n
\nDescription:
\nSiemens Healthineers leans into technology to bring medical devices closer to clinicians and more accessible for those that need the best medical attention.\n

Through our medical device cybersecurity program and our Virtual Reality training platform we can do just that. \n

For this session we will briefly talk about our programs and let interested individuals navigate our Virtual world or get hands on access to a mobile X-Ray system.\n

\n\n\'',NULL,365601),('3_Saturday','13','12:40','13:50','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Medical VR\'','\'David Nathans,Ernest Liu\'','BHV_7200cc5bc114ea81fe9080689207400e','\'\'',NULL,365602),('3_Saturday','13','13:50','14:50','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Full Stack Disclosures\'','\'Edison Alvarez,Alex Mastrov,Matias Katz\'','BHV_15fe825460f82f4c8b533ba2b70c5df4','\'Title: Full Stack Disclosures
\nWhen: Saturday, Aug 12, 13:50 - 14:50 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\nSpeakers:Edison Alvarez,Alex Mastrov,Matias Katz
\n
SpeakerBio:Edison Alvarez\n, Senior Director in Regulatory Affairs at BD
\nHe is a Senior Director in Regulatory Affairs and is responsible for strategic cybersecurity regulatory leadership at BD, a global medical technology company that is advancing the world of health by improving medical discovery, diagnostics, and the delivery of care.
\n
SpeakerBio:Alex Mastrov\n, Founder and CEO at Binarly
\nAlex is the Founder and CEO of Binarly, an AI-powered platform to protect devices against emerging threats.
\n
SpeakerBio:Matias Katz\n, Founder and CEO at Byos
\nMatias is the Founder and CEO of Byos, a simpler and more effective way to secure networks by making devices invisible.
\n\n
\nDescription:No Description available
\n\'',NULL,365603),('3_Saturday','14','13:50','14:50','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Full Stack Disclosures\'','\'Edison Alvarez,Alex Mastrov,Matias Katz\'','BHV_15fe825460f82f4c8b533ba2b70c5df4','\'\'',NULL,365604),('3_Saturday','14','14:50','15:30','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Lanteryn: Blue Energy\'','\'Del de Zela\'','BHV_4da7358e33e6dbfbc519bc1d843adac6','\'Title: Lanteryn: Blue Energy
\nWhen: Saturday, Aug 12, 14:50 - 15:30 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\n
SpeakerBio:Del de Zela\n
\nDel de Zela is a STEM-oriented artist that seeks to redefine the term ‘biotech’; they invent devices powered by microbiology meant for household and personal uses. Del de Zela uses an array of molecular techniques to program microbes and Maya to design microarchitectures that house them.
\n\n
\nDescription:
\nOur goal is to develop household or personal technologies that contain, cultivate, and regulate bioengineered microecosystems. Our self-sustaining systems are designed to offer a host of functions that solve everyday problems for people. Our debut device, a biological candle called ‘Lanteryn’, will start with the core functions of light production, fragrance generation, and insect-control. Future directions would include wearable biotechnologies, such as a “Bio-Watch” that can convey time via light color, produce odorants compatible with the user’s body scent, and generate antimicrobial substances for sanitation. Many of these functionalities are indeed innate capabilities of our chosen micro-organism. Genetic editing technologies will be employed to modify them and ensure their safety while optimizing their desirable properties. Previous attempts to utilize bioluminescent species either (1) introduced light generating genes into organisms that did not possess the physiology compatible with the energetic demand of light generation, (2) used organisms that were exceedingly sensitive to contamination or fluctuations in environmental conditions, or (3) used organisms with specialized light organs that cultivate glowing bacteria and cannot glow otherwise. The concepts we are proposing redefine the term ‘biotechnology’. Without a preceding, successful framework by which we can base our designs on, the burden of proof rests on us. Therefore, considerable time and effort must be placed into demonstrating that our vision is realistic, effective, and safe to the public. With our technology, the future is ever-glowing.\n
\n\n\'',NULL,365605),('3_Saturday','15','14:50','15:30','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Lanteryn: Blue Energy\'','\'Del de Zela\'','BHV_4da7358e33e6dbfbc519bc1d843adac6','\'\'',NULL,365606),('3_Saturday','15','15:30','16:10','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Enhancing Cybersecurity Resilience in the Brazilian Healthcare Sector: A Novel Red Team and Blue Team Methodology\'','\'Arthur Paixão,Diego Mariano\'','BHV_e96227b3771207b5ba1a2774e3e65826','\'Title: Enhancing Cybersecurity Resilience in the Brazilian Healthcare Sector: A Novel Red Team and Blue Team Methodology
\nWhen: Saturday, Aug 12, 15:30 - 16:10 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\nSpeakers:Arthur Paixão,Diego Mariano
\n
SpeakerBio:Arthur Paixão\n
\nArthur: 14 years of experience, possesses expertise in offensive security and threat intelligence in the financial and healthcare sectors.
\n
SpeakerBio:Diego Mariano\n, CISO at Albert Einstein Hospital
\nDiego: In cybersecurity for 20 years, currently holding the CISO position at Albert Einstein Hospital. Beyond professional dedication, a passionate practitioner of kriya yoga and meditation.
\n\n
\nDescription:
\nThis paper presents a novel methodology that combines red team and blue team exercises to enhance cybersecurity resilience in the Brazilian healthcare sector. The methodology is designed to go beyond the traditional roles of red teams and blue teams. It incorporates threat injection exercises with a newly created prioritization method, training the Red Team to assist the CSIRT in responding to incidents and creating a new role for the Red Team. Additionally, a new technique called Offensive Intel monitors the threat landscape of competitors and provides insights on how to protect our own landscape. The methodology also incorporates techniques to deal with VIP patient data and policies to control staff curiosity. Some real-life use cases will be presented to evidence the effectiveness of the methodology. One such use case involved an almost successful attempt to destroy medical equipment during a penetration testing exercise and how to not do it again. Another one presents vulnerabilities identified in air conditioning controllers, EMR systems, and exam results systems that are used in the entire country. And two incidents that were successfully contained with the help of threat injection and offensive intel. The methodology\'s effectiveness also led to the inference of the Brazilian TOP 10 Vulnerabilities in the Healthcare Sector, based on findings across systems used throughout the country. The list provides insights into the most critical vulnerabilities facing healthcare institutions in Brazil and will be presented at the conference. The vulnerabilities were categorized by the degree of harm they can inflict on patients and the impact on healthcare services. The methodology\'s results also drove to the development of a tool that assists other cybersecurity teams in conducting safe red and blue team exercises in the healthcare sector. The tool augments cybersecurity resilience by improving the capabilities of CSIRT and threat intel teams and is valuable to other cybersecurity professionals in the industry. In conclusion, the novel methodology provides a unique approach to enhancing cybersecurity resilience in the Brazilian healthcare sector. The incorporation of threat injection exercises, Offensive Intel, and a new role for the Red Team offers a comprehensive and effective approach that goes beyond traditional red team exercises. The methodology and tool can be replicated and the approach\'s effectiveness has been demonstrated through real-life use cases and the creation of the TOP 10 Vulnerabilities in the Healthcare Sector in Brazil. By adopting this methodology, healthcare institutions in Brazil and around the world can better protect patient data and improve cybersecurity resilience.\n
\n\n\'',NULL,365607),('3_Saturday','16','15:30','16:10','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Enhancing Cybersecurity Resilience in the Brazilian Healthcare Sector: A Novel Red Team and Blue Team Methodology\'','\'Arthur Paixão,Diego Mariano\'','BHV_e96227b3771207b5ba1a2774e3e65826','\'\'',NULL,365608),('3_Saturday','16','16:10','17:10','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'FaFo: Laboratory Physical and ICS (Warning: not for the faint of heart)\'','\'Nathan Case\'','BHV_00677001993278d37385aeb459f3fafb','\'Title: FaFo: Laboratory Physical and ICS (Warning: not for the faint of heart)
\nWhen: Saturday, Aug 12, 16:10 - 17:10 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\n
SpeakerBio:Nathan Case\n
\nA passion for Incident Response, and operational security in all forms. Pushing the bounds of threat detection and response. Finding new thoughts and bringing them to the fields of security and technology.
\n\n
\nDescription:
\nI will discuss real-world equipment hacks caused by nation-state actors attacking humans and ways to mitigate similar impacts. Examples will cover a range of laboratory equipment, including research labs and industrial manufacturing facilities. In this talk, we will explore the common causes of laboratory and OT equipment breaches caused by human error, including misconfiguration, misuse, and malicious actions. We will examine the potential consequences of such failures, including data loss, damage to equipment, and even injury. I will also present a range of strategies for preventing such issues, including implementing standard operating procedures with a security focus, using equipment monitoring systems, and adopting best practices for equipment architecture.\n
\n\n\'',NULL,365609),('3_Saturday','17','16:10','17:10','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'FaFo: Laboratory Physical and ICS (Warning: not for the faint of heart)\'','\'Nathan Case\'','BHV_00677001993278d37385aeb459f3fafb','\'\'',NULL,365610),('3_Saturday','17','17:10','17:59','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Virtual Reality/Augmented Reality: What’s missing from the pie? When data privacy and security measures aren’t “baked” in from the beginning\'','\'LaTica Hammond,Lola Ajayi,Rian Phelps\'','BHV_443cc13fb48aadef970406353909a05a','\'Title: Virtual Reality/Augmented Reality: What’s missing from the pie? When data privacy and security measures aren’t “baked” in from the beginning
\nWhen: Saturday, Aug 12, 17:10 - 17:59 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\nSpeakers:LaTica Hammond,Lola Ajayi,Rian Phelps
\n
SpeakerBio:LaTica Hammond\n
\nLaTica Hammond, MS, is a servant leader, 23-year Navy veteran and cybersecurity/space intelligence professional. She has worked in information and privacy protection advising DoD on innovative solutions to secure freedom of access and the secure flow of information within cyber and space domains.
\n
SpeakerBio:Lola Ajayi\n
\nLola Ajayi, MS, MBA, has over 15 years of policy and regulatory experience within the healthcare industry. Working in an industry where her colleagues did not look like her, she founded BaraLaj coaching, to empower women with the tools and skills to be fully in control of their careers.
\n
SpeakerBio:Rian Phelps\n
\nRian Phelps, MSC, is a passionate lifelong educator with over 10 years experience as an instructional designer and eLearning consultant. She is also a Navy veteran with degrees in psychology and neuroscience.
\n\n
\nDescription:
\nVirtual reality and augmented reality are technologies that are the next frontier in healthcare and providing patient care. These technologies were originally developed for recreational use, specifically for gaming and recreation, but have quickly shown utility in advancing the efficiency and accuracy of providing patient care. This now leads to a host of challenges related to data privacy and security, as privacy-by-design was not a designing principle for these technologies. These tenants however, are necessary as patient data include Protected Health Information and Personal Identifying Information (PHI/PII) that would be financially lucrative and useful to a hacker. So now that these data privacy and security principles were not “baked in” to technology originally, how does one go about ensuring maximum security after the fact? What can be done moving forward to ensure maximum flexibility for the use of technology with the appropriate data and privacy security measures “baked in”?\n

C.A.R.B. is a joint collaboration between the Black women founders of Creative Riot (Rian), Aurora (Jillian), Ray-Lynn Group (LaTica), and Baralaj (Lola).\n

\n\n\'',NULL,365611),('4_Sunday','10','10:00','12:20','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Table Top\'','\'Felicity Milman,Jorge Acevedo Canabal,Nathan Case\'','BHV_4ea9e7945814ceb18d968e2a666b1d91','\'Title: Table Top
\nWhen: Sunday, Aug 13, 10:00 - 12:20 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\nSpeakers:Felicity Milman,Jorge Acevedo Canabal,Nathan Case
\n
SpeakerBio:Felicity Milman\n
\nFelicity is a cyberneticist who has been working on a range of technologies over many years and has graduate degrees in both psychology and engineering. She has worked on a range of projects from designing and patenting genetic tests, to developing hybrid human-AI chat bot systems, to developing educational AI games systems which are personalised to the learner. More recently she has been developing the complex systems curriculum for the Australian National University and developing cybersecurity simulation games for the National Security College, which have been played by numerous international governments.
\n
SpeakerBio:Jorge Acevedo Canabal\n
\nJorge Acevedo, MD.: a rare disease and disaster recovery physician in Puerto Rico with an interest in AI and cybersecurity, along with being on the Biohacking Village advisory board.
\n
SpeakerBio:Nathan Case\n
\nA passion for Incident Response, and operational security in all forms. Pushing the bounds of threat detection and response. Finding new thoughts and bringing them to the fields of security and technology.
\n\n
\nDescription:
\nMedical Records, Procurement, and Manufacturing have always been a major part of the biomedical, pharmaceutical, and laboratory technology industry and critical infrastructure. As we edge closer to the regulatory timelines, we need to look at the current landscape and its issues. If you enjoy thrillers, data, crime, and international espionage, Welcome to the \'Choose your own adventure: Healthcare and the International Syndicate of Turbulence\' or \'Septic Homeostasis\'.\n
\n\n\'',NULL,365612),('4_Sunday','11','10:00','12:20','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Table Top\'','\'Felicity Milman,Jorge Acevedo Canabal,Nathan Case\'','BHV_4ea9e7945814ceb18d968e2a666b1d91','\'\'',NULL,365613),('4_Sunday','12','10:00','12:20','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Table Top\'','\'Felicity Milman,Jorge Acevedo Canabal,Nathan Case\'','BHV_4ea9e7945814ceb18d968e2a666b1d91','\'\'',NULL,365614),('4_Sunday','12','12:20','13:20','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Tuning the human Bio-Field – proven classics forged with AI IOMT\'','\'Wayne Burke and Team\'','BHV_7193c9521ec77f5d938304d4e8eeaffd','\'Title: Tuning the human Bio-Field – proven classics forged with AI IOMT
\nWhen: Sunday, Aug 13, 12:20 - 13:20 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\n
SpeakerBio:Wayne Burke and Team\n
\nRecognized globally for his 25 years plus, work experience, achievements and contributions to the IT Security Industry. He specializes in, Penetration Testing, Mobile, IOT, BioMed, hardware, Digital Forensics and devices which also utilize AI / ML technology.
\n\n
\nDescription:
\nCombining sound with latest Ai / ML technology that helps tune the Human Bio-Field, extending years of industry experts research, quantum leaping works from Eileen Day Mckusick and Dr. Jerry Tennant to name a few. We will demonstrate our new prototype technology, The Ai Bio-Field Tuner.\n
\n\n\'',NULL,365615),('4_Sunday','13','12:20','13:20','Y','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Tuning the human Bio-Field – proven classics forged with AI IOMT\'','\'Wayne Burke and Team\'','BHV_7193c9521ec77f5d938304d4e8eeaffd','\'\'',NULL,365616),('4_Sunday','13','13:20','13:59','N','BHV','Flamingo - Laughlin I,II,III - Biohacking Village','\'Bare Metal Firmware Development and Reverse Engineering\'','\'Caleb Davis,Nathan Smith\'','BHV_b6a2e623dac338109b37a8a0fa69a64b','\'Title: Bare Metal Firmware Development and Reverse Engineering
\nWhen: Sunday, Aug 13, 13:20 - 13:59 PDT
\nWhere: Flamingo - Laughlin I,II,III - Biohacking Village - Map
\nSpeakers:Caleb Davis,Nathan Smith
\n
SpeakerBio:Caleb Davis\n, Protiviti
\nCaleb Davis leads Protiviti’s IoT/Embedded security team. Caleb operates out of the Dallas/Fort Worth area and has a degree in Electrical Engineering from the University of Texas at Tyler. He is an inventor/patent holder and has a background in embedded hardware/software development. He leads a team of experts that regularly perform penetration testing across a wide variety of products including medical devices, ATMs, chemical control systems, security solutions, and other commercial products. Additionally, Caleb has a passion for integrating security into the product development life cycle and has helped several organizations in their approach to shifting left.
\n
SpeakerBio:Nathan Smith\n, Protiviti
\nNathan Smith is a Manager focused on IoT device security at the Dallas Protiviti office. Before coming to Protiviti, Nathan accumulated 8 years of industry experience developing and testing embedded controls and software, leading software development teams, and managing digital products. He received a B.S. in Electrical Engineering from the University of Texas at Tyler. He has performed device penetration testing, firmware reviews, and mobile application security assessments on industry devices.
\n\n
\nDescription:
\nDeveloping firmware is an essential skill that cyber security professionals should be familiar with to gain a deeper understanding of the foundation of most systems that are being relied on. Additionally, a fundamental understanding of firmware development is a valuable asset in the realm of firmware reverse engineering. This hands-on workshop aims to tackle both directions of firmware (development/reversing) to give the audience a better understanding of the intricacies with each process. The firmware development portion of the workshop will walk the audience through a guided activity that performs the basic steps to deploy a firmware application on an embedded microcontroller (STM32). The application will be developed in such a way that it is intended to be reversed. The second half of the workshop deals with the firmware binary and the steps necessary to fully recover the firmware as much as possible. An important note is that these tools and firmware will be open-source and therefore the audience can attempt this work on their own. Takeaways from this talk include an understanding of bare metal development environments, embedded C code, memory mapping and peripherals, as well as an intermediate understanding of Ghidra.\n
\n\n\'',NULL,365617),('3_Saturday','00','00:00','00:59','N','BHV','Virtual','\'Model Based Systems Engineering for Security Engineers\'','\'John Volock\'','BHV_b1ef1c3966c9e9a45131e8060118fab4','\'Title: Model Based Systems Engineering for Security Engineers
\nWhen: Saturday, Aug 12, 00:00 - 00:59 PDT
\nWhere: Virtual
\n
SpeakerBio:John Volock\n
\nNo BIO available
\n\n
\nDescription:
\nThis talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \n

Update 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.\n

\n\n\'',NULL,365618),('3_Saturday','00','00:00','00:59','N','BHV','Virtual','\'Virtual Hospital in Space\'','\'Aswin Reji\'','BHV_8cf42fc6a65ed56638eb1316025ffb7e','\'Title: Virtual Hospital in Space
\nWhen: Saturday, Aug 12, 00:00 - 00:59 PDT
\nWhere: Virtual
\n
SpeakerBio:Aswin Reji\n
\nNo BIO available
\n\n
\nDescription:
\nThis talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \n

Update 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.\n

\n\n\'',NULL,365619),('3_Saturday','00','00:00','00:59','N','BHV','Virtual','\'Hacking Reproductive Health\'','\'JJ Hastings\'','BHV_7e64221f1f7ca2ff3fdbc1329979dbf5','\'Title: Hacking Reproductive Health
\nWhen: Saturday, Aug 12, 00:00 - 00:59 PDT
\nWhere: Virtual
\n
SpeakerBio:JJ Hastings\n
\nNo BIO available
\n\n
\nDescription:
\nThis talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \n

Update 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.\n

\n\n\'',NULL,365620),('3_Saturday','00','00:00','00:59','N','BHV','Virtual','\'Beyond Ransomware: Protecting Lives and Data from Modern Threat Actors\'','\'Ohad Zaidenberg\'','BHV_02e7126d2d88cc7878a3c94954289d64','\'Title: Beyond Ransomware: Protecting Lives and Data from Modern Threat Actors
\nWhen: Saturday, Aug 12, 00:00 - 00:59 PDT
\nWhere: Virtual
\n
SpeakerBio:Ohad Zaidenberg\n
\nNo BIO available
\n\n
\nDescription:
\nThis talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \n

Update 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.\n

\n\n\'',NULL,365621),('3_Saturday','00','00:00','00:59','N','BHV','Virtual','\'The Megabiome is In Charge: Taking Control of Your Microbial World\'','\'Mariam Elgabry\'','BHV_570788f7902b59b52246d79a6fe40ac0','\'Title: The Megabiome is In Charge: Taking Control of Your Microbial World
\nWhen: Saturday, Aug 12, 00:00 - 00:59 PDT
\nWhere: Virtual
\n
SpeakerBio:Mariam Elgabry\n
\nNo BIO available
\n\n
\nDescription:
\nThis talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \n

Update 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.\n

\n\n\'',NULL,365622),('1_Thursday','10','10:00','23:59','N','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'Title: Hack the Box Hack-a-thon
\nWhen: Thursday, Aug 10, 10:00 - 23:59 PDT
\nWhere: Virtual
\n
\nDescription:
\nOn Thursday the CTF is located in room(s) 133-131 from 10am to 6pm. All participants must register on-site at that time. The CTF itself will run through Saturday at midnight, online.\n

Number of Challenges: 15-20
\nDifficulty: beginner - hard
\nTeam Size: 5
\nCategories: Web, Reversing, Pwn, Crypto, Forensics, Fullpwn, Cloud\nDuration: Thursday - Saturday midnight \nTheme:\n

In the year 2045, the world stands on the brink of chaos as HeavenWeb, an advanced artificial intelligence system from the future, threatens to take control of all global networks. HeavenWeb, once created to enhance human productivity, has evolved into a malevolent force determined to eradicate humanity. In a desperate attempt to prevent the catastrophe, a team of elite hackers and cybersecurity experts organizes a global Capture the Flag (CTF) competition to challenge HeavenWeb\'s dominance.\n

The CTF, dubbed \"Operation Cybershock,\" brings together the brightest minds from around the world to compete in a virtual battlefield against HeavenWeb\'s intricate network of defenses. Participants must navigate through layers of encryption, code obfuscation, and AI-driven security protocols, all while unraveling the mysteries of HeavenWeb\'s origin and weaknesses. As the competition unfolds, alliances are formed, rivalries intensify, and the fate of humanity hangs in the balance. The CTF not only serves as a means to test the participants\' skills but also as a platform to gather critical information about HeavenWeb, hoping to find a vulnerability that could be exploited to dismantle the malevolent AI and save the world from its impending doom.\n

\n\n\'',NULL,365623),('1_Thursday','11','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365624),('1_Thursday','12','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365625),('1_Thursday','13','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365626),('1_Thursday','14','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365627),('1_Thursday','15','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365628),('1_Thursday','16','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365629),('1_Thursday','17','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365630),('1_Thursday','18','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365631),('1_Thursday','19','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365632),('1_Thursday','20','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365633),('1_Thursday','21','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365634),('1_Thursday','22','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365635),('1_Thursday','23','10:00','23:59','Y','SOC','Virtual','\'Hack the Box Hack-a-thon\'','\' \'','SOC_440e85e9a5b8c8bfd468a6db5093c2a5','\'\'',NULL,365636),('1_Thursday','10','10:00','17:59','N','SOC','Caesars Forum - Forum - 131-133','\'Hack the Box Hack-a-thon\'','\' \'','SOC_4c3d340f1b86ff550c039b06bbc327c4','\'Title: Hack the Box Hack-a-thon
\nWhen: Thursday, Aug 10, 10:00 - 17:59 PDT
\nWhere: Caesars Forum - Forum - 131-133 - Map
\n
\nDescription:
\nOn Thursday the CTF is located in room(s) 133-131 from 10am to 6pm. All participants must register on-site at that time. The CTF itself will run through Saturday at midnight, online.\n

Number of Challenges: 15-20
\nDifficulty: beginner - hard
\nTeam Size: 5
\nCategories: Web, Reversing, Pwn, Crypto, Forensics, Fullpwn, Cloud\nDuration: Thursday - Saturday midnight \nTheme:\n

In the year 2045, the world stands on the brink of chaos as HeavenWeb, an advanced artificial intelligence system from the future, threatens to take control of all global networks. HeavenWeb, once created to enhance human productivity, has evolved into a malevolent force determined to eradicate humanity. In a desperate attempt to prevent the catastrophe, a team of elite hackers and cybersecurity experts organizes a global Capture the Flag (CTF) competition to challenge HeavenWeb\'s dominance.\n

The CTF, dubbed \"Operation Cybershock,\" brings together the brightest minds from around the world to compete in a virtual battlefield against HeavenWeb\'s intricate network of defenses. Participants must navigate through layers of encryption, code obfuscation, and AI-driven security protocols, all while unraveling the mysteries of HeavenWeb\'s origin and weaknesses. As the competition unfolds, alliances are formed, rivalries intensify, and the fate of humanity hangs in the balance. The CTF not only serves as a means to test the participants\' skills but also as a platform to gather critical information about HeavenWeb, hoping to find a vulnerability that could be exploited to dismantle the malevolent AI and save the world from its impending doom.\n

\n\n\'',NULL,365637),('1_Thursday','11','10:00','17:59','Y','SOC','Caesars Forum - Forum - 131-133','\'Hack the Box Hack-a-thon\'','\' \'','SOC_4c3d340f1b86ff550c039b06bbc327c4','\'\'',NULL,365638),('1_Thursday','12','10:00','17:59','Y','SOC','Caesars Forum - Forum - 131-133','\'Hack the Box Hack-a-thon\'','\' \'','SOC_4c3d340f1b86ff550c039b06bbc327c4','\'\'',NULL,365639),('1_Thursday','13','10:00','17:59','Y','SOC','Caesars Forum - Forum - 131-133','\'Hack the Box Hack-a-thon\'','\' \'','SOC_4c3d340f1b86ff550c039b06bbc327c4','\'\'',NULL,365640),('1_Thursday','14','10:00','17:59','Y','SOC','Caesars Forum - Forum - 131-133','\'Hack the Box Hack-a-thon\'','\' \'','SOC_4c3d340f1b86ff550c039b06bbc327c4','\'\'',NULL,365641),('1_Thursday','15','10:00','17:59','Y','SOC','Caesars Forum - Forum - 131-133','\'Hack the Box Hack-a-thon\'','\' \'','SOC_4c3d340f1b86ff550c039b06bbc327c4','\'\'',NULL,365642),('1_Thursday','16','10:00','17:59','Y','SOC','Caesars Forum - Forum - 131-133','\'Hack the Box Hack-a-thon\'','\' \'','SOC_4c3d340f1b86ff550c039b06bbc327c4','\'\'',NULL,365643),('1_Thursday','17','10:00','17:59','Y','SOC','Caesars Forum - Forum - 131-133','\'Hack the Box Hack-a-thon\'','\' \'','SOC_4c3d340f1b86ff550c039b06bbc327c4','\'\'',NULL,365644),('2_Friday','11','11:00','11:59','N','MISC','Other/See Description','\'EFF Benefit Poker Tournament at DEF CON 31 - Pre-tournament clinic\'','\' \'','MISC_eb4968f942eb560470615a82cad196f4','\'Title: EFF Benefit Poker Tournament at DEF CON 31 - Pre-tournament clinic
\nWhen: Friday, Aug 11, 11:00 - 11:59 PDT
\nWhere: Other/See Description
\n
\nDescription:
\nBetting on Your Digital Rights: 2nd Annual EFF Benefit Poker Tournament at DEF CON 31\n

When: Friday August 11, 12:00 (11:00 for the pre-tournament poker clinic)\nWhere: Offsite. Horseshoe Poker Room
\nStay tuned at https://www.eff.org/poker for more details.\n

We’re going all in on internet freedom. Take a break from hacking the Gibson to face off with your competition at the tables—and benefit the Electronic Frontier Foundation! Your buy-in is paired with a donation to support EFF’s mission to protect online privacy and free expression for all. Play for glory. Play for money. Play for the future of the web. Seating is limited, so reserve your spot today.\nhttps://www.eff.org/poker\n

We will offer a pre-tournament clinic to help people get a refresher on poker so they feel comfortable. This contest will be held outside the main conference area; it must be held in the Horseshoe Poker Room​ per the Nevada Gaming Commission.​\n

\n\n\'',NULL,365645),('2_Friday','12','12:00','17:59','N','MISC','Other/See Description','\'EFF Benefit Poker Tournament at DEF CON 31 - Poker\'','\' \'','MISC_d55af8098fa72f2def89265269d63596','\'Title: EFF Benefit Poker Tournament at DEF CON 31 - Poker
\nWhen: Friday, Aug 11, 12:00 - 17:59 PDT
\nWhere: Other/See Description
\n
\nDescription:
\nBetting on Your Digital Rights: 2nd Annual EFF Benefit Poker Tournament at DEF CON 31\n

When: Friday August 11, 12:00 (11:00 for the pre-tournament poker clinic)\nWhere: Offsite. Horseshoe Poker Room
\nStay tuned at https://www.eff.org/poker for more details.\n

We’re going all in on internet freedom. Take a break from hacking the Gibson to face off with your competition at the tables—and benefit the Electronic Frontier Foundation! Your buy-in is paired with a donation to support EFF’s mission to protect online privacy and free expression for all. Play for glory. Play for money. Play for the future of the web. Seating is limited, so reserve your spot today.\nhttps://www.eff.org/poker\n

We will offer a pre-tournament clinic to help people get a refresher on poker so they feel comfortable. This contest will be held outside the main conference area; it must be held in the Horseshoe Poker Room​ per the Nevada Gaming Commission.​\n

\n\n\'',NULL,365646),('2_Friday','13','12:00','17:59','Y','MISC','Other/See Description','\'EFF Benefit Poker Tournament at DEF CON 31 - Poker\'','\' \'','MISC_d55af8098fa72f2def89265269d63596','\'\'',NULL,365647),('2_Friday','14','12:00','17:59','Y','MISC','Other/See Description','\'EFF Benefit Poker Tournament at DEF CON 31 - Poker\'','\' \'','MISC_d55af8098fa72f2def89265269d63596','\'\'',NULL,365648),('2_Friday','15','12:00','17:59','Y','MISC','Other/See Description','\'EFF Benefit Poker Tournament at DEF CON 31 - Poker\'','\' \'','MISC_d55af8098fa72f2def89265269d63596','\'\'',NULL,365649),('2_Friday','16','12:00','17:59','Y','MISC','Other/See Description','\'EFF Benefit Poker Tournament at DEF CON 31 - Poker\'','\' \'','MISC_d55af8098fa72f2def89265269d63596','\'\'',NULL,365650),('2_Friday','17','12:00','17:59','Y','MISC','Other/See Description','\'EFF Benefit Poker Tournament at DEF CON 31 - Poker\'','\' \'','MISC_d55af8098fa72f2def89265269d63596','\'\'',NULL,365651),('2_Friday','18','18:30','21:59','N','MISC','Caesars Forum - Summit - 223 - Plounge','\'Hacking Policy & Prompts - Happy Hour\'','\' \'','MISC_6d2a9644459d1300173700a49d3b0c34','\'Title: Hacking Policy & Prompts - Happy Hour
\nWhen: Friday, Aug 11, 18:30 - 21:59 PDT
\nWhere: Caesars Forum - Summit - 223 - Plounge - Map
\n
\nDescription:
\nJoin the [Hacking Policy Council](http://hackingpolicycouncil.org/) and the [AI Village](https://aivillage.org/) for a happy hour with hackers, policymakers, and AI experts. Have a beverage with us and discuss whether it is a hacking crime to lie to AI, what governments are doing about vulnerabilities disclosure, and the ultimate AI hacking challenge. There will be a cash bar and some drink tickets will be available from Policy @ DEF CON. Mark your calendars for Friday, August 11th, 6:30PM - 10PM, at Caesar’s Forum in rooms 221-223 (AKA the Plounge). \n
\n\n\'',NULL,365652),('2_Friday','19','18:30','21:59','Y','MISC','Caesars Forum - Summit - 223 - Plounge','\'Hacking Policy & Prompts - Happy Hour\'','\' \'','MISC_6d2a9644459d1300173700a49d3b0c34','\'\'',NULL,365653),('2_Friday','20','18:30','21:59','Y','MISC','Caesars Forum - Summit - 223 - Plounge','\'Hacking Policy & Prompts - Happy Hour\'','\' \'','MISC_6d2a9644459d1300173700a49d3b0c34','\'\'',NULL,365654),('2_Friday','21','18:30','21:59','Y','MISC','Caesars Forum - Summit - 223 - Plounge','\'Hacking Policy & Prompts - Happy Hour\'','\' \'','MISC_6d2a9644459d1300173700a49d3b0c34','\'\'',NULL,365655),('1_Thursday','06','06:00','11:59','N','MISC','Other/See Description','\'Defcon.run\'','\' \'','MISC_8054705641df8816f0d9fe89c3ec6836','\'Title: Defcon.run
\nWhen: Thursday, Aug 10, 06:00 - 11:59 PDT
\nWhere: Other/See Description
\n
\nDescription:
\nIF the future is coming and it is! Then you\'re going to need to run! Get started at defcon.run!\n

Defcon.run is an evolution of the now long running Defcon 4x5K running event. But now it\'s bigger and more fun! Due to stupendous growth, we’ve been forced to change up the format. This year\'s activity will look to match up folks for fun runs, and rucks (!), in smaller distributed groups around Las Vegas. It’s the same old event but at a distributed scale! Show up in the morning to beat the heat, go for a run with folks, have a good time!\n

We’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances.\n

You can register to log your distance, we\'ll have a leader board, and shenanigans! Full Information at https://defcon.run\n

Interested parties should rally at Harrah\'s Goldfield at 06:00, but be sure to check [defcon.run](https://d