In-Person Contest Friday and Saturday: 10:00-18:00; Sunday: 10:00-12:00
The Return of ? Cube
? Cube returns, weaving a tale that transcends the ordinary. This year, engagement is not just a theme—it's a journey through the multidimensional realms of hacking. Progressive Puzzles: Unlock the secrets of each compartment as you journey through progressively harder puzzles. From the Front's gentle introduction to the Top's formidable challenges, the Cube invites you to engage with the spectrum of cybersecurity domains. Physical Entry Unleashed: In a bold evolution, physical entry becomes a key component. Navigate the tangible aspects of physical entry, decoding not only in the digital realm but also as you immerse yourself physically in the enigmatic sides of ? Cube. Cryptic Narratives: As each compartment unfolds, the narrative of engagement takes shape. The puzzles, touching on encryption, penetration testing, and beyond. Silent Intricacies: Engage not only with the puzzles but also with the silent intricacies woven into the physical challenges. Decrypt messages, decipher patterns, and embrace the essence of Defcon as you navigate the unseen and the tangible. Embark on the Engage Journey: ? Cube calls upon the curious and the bold. Embark on a journey where the puzzles transcend the digital divide, demanding both mental acuity and physical prowess. H4QEG5LCMUQEAICEMVTGG33OEAZTEICSMVQWI6JAORXSAZLOM5QWOZJ7
- ics Calendar file
The AutoDriving CTF contest focuses on the emerging security challenges in autonomous driving systems. Various levels of self-driving functionalities, such as AI-powered perception, sensor fusion and route planning, are entering the product portfolio of automobile companies. From the security perspective, these AI-powered components not only contain common security problems such as memory safety bugs, but also introduce new threats such as physical adversarial attacks and sensor manipulations. Two popular examples of physical adversarial attacks are camouflage stickers that interfere with vehicle detection systems, and road graffitis that disturb lane keeping systems. The AI-powered navigation and control relies on the fusion of multiple sensor inputs, and many of the sensor inputs can be manipulated by malicious attackers. These manipulations combined with logical bugs in autonomous driving systems pose severe threats to road safety.
We design autonomous driving CTF (AutoDriving CTF) contests around the security challenges specific to these self-driving functions and components.
The goals of the AutoDriving CTF are the followings:
The contest is based on a Jeopardy style of CTF game with a set of independent challenges. A typical contest challenge includes a backend that runs autonomous driving components in simulated or real environments, and a frontend that interacts with the players. This year's contest will follow the style of last year and includes the following types of challenges:
Most of these challenges will be developed using game-engine based autonomous driving simulators, such as CARLA and SVL. The following link contains some challenge videos, summaries from AutoDriving CTF at DEF CON 29 and DEF CON 30 https://drive.google.com/drive/folders/1JSVarIaQBmseLC9XqkfrxnRQto4WM225?usp=sharing https://www.youtube.com/channel/UCPPsKbVpxwk-464KIzr8xKw
This year, we will unlock new traffic conflict scenarios that are observed from real-world driving logs such as Jaywalk and double parked vehicles. New difficulty levels will be added to challenges in such scenarios by integrating real downstream AI modules such as object tracking from open-source autonomous driving software like Apollo, Autoware and OpenPilot.
In order to enable the audience to experience the challenges more directly, we plan to set up a vehicle wheel controller on site and provide a driving game this year. Audiences can drive themselves to compete with the self-driving vehicle in some of the challenges. Driving game demo: https://drive.google.com/drive/folders/1LIzJJ1I3Eqj_e0_ntX5eFu82U9ObiEYB?usp=sharing
What do players need to do to participate AutoDriving CTF? Most of the challenges do not require domain knowledge of autonomous driving software or adversarial machine learning, although knowledge of those helps. For example, the players can generate images the way they like (e.g., drawing, photoshopping) to fool the AI-components or write a short python script to control the vehicle. Some challenges, such as incident forensics likely would require players to learn domain knowledge such as sensor information format and how fusion works.
What do we expect players to learn through the CTF event? Players can (1) gain a deep understanding of real-world autonomous driving systems' design, implementation, and their corresponding security properties and characteristics; and (2) learn the attack and defense practices related to autonomous driving in a well-controlled, repeatable, visible, and engaging environment.
- ics Calendar file
Browser-based attacks are not new in the malicious landscape of attack patterns. Browsers remain a popular infiltration method for attackers.
While seemingly local, services running on localhost are accessible to the browser using a flaw we found, exposing the ports on the localhost network interface, and leaving the floodgates ajar to remote network attacks.
In this live demo and attack simulation we’ll unveil a zero-day vulnerability (still under responsible disclosure) in Chrome and other browsers, and how we use the 0-day to attack developers behind firewalls. We will demonstrate remote code execution on a wildly popular open-source platform serving millions in the data engineering ecosystem, that seems to run on localhost.
In our talk, we will present novel attack techniques, targeting developers and employees within an organization, that are behind firewalls. This will be a first-ever deep dive into this newly discovered zero-day vulnerability.
Speakers:Avi Lumelsky,Gal ElbazAvi has a relentless curiosity about business, AI, security—and the places where all three connect. An experienced software engineer and architect, Avi’s cybersecurity skills were first honed in elite Israeli intelligence units. His work focuses on privacy in the age of AI and big data.
SpeakerBio: Gal ElbazCo-founder & CTO at Oligo Security with 10+ years of experience in vulnerability research and practical hacking. He previously worked as a Security Researcher at CheckPoint and served in the IDF Intelligence. In his free time, he enjoys playing CTFs.
- ics Calendar file
This series of self-guided labs will introduce even the most novice hacker to the world of embedded device firmware and software exploitation. First-come first-served, don't miss a chance try out these labs and get started with embedded device hacking.
- ics Calendar file
If you've never popped open an embedded device and tried to get a simple shell, this is the lab for you. This is a first-come first-served workshop where you can walk through the step by step instructions to finding and connecting to a debug interface on an embedded device.
- ics Calendar file
- ics Calendar file
"4G Frenzy: Delving into Advanced Telecom Security" explores telecom network security with a focus on 4G. It covers the basics of 2G, 3G, and 4G, highlighting key differences and advancements. The workshop examines legacy telecom threats, vulnerabilities, and historical attacks, then delves into 4G's security improvements. Topics include protocols, RAN and core security, authentication, encryption, voice services, roaming, and Diameter protocol weaknesses. Includes hands-on demos of 4G weaknesses, prevention techniques, and open-source 4G network setup
SpeakerBio: Vinod ShrimaliVinod is a telecom security expert with over 8.5 years of experience, specializing in 5G security, penetration testing, satellite and maritime security, and developing cost-effective security strategies. He is dedicated to securing data, networks, and systems to ensure safe communication, staying ahead of industry trends, delivering robust defense against cyber-attacks, and maintaining compliance with industry standards.
- ics Calendar file
5Ghoul Fuzzer is an over-the-air security testing tool and fuzzing framework that leverages a rogue 5G NR base station to systematically create test cases targeting 5G-capable smartphones or Qualcomm USB-based modems. Moreover, such framework contains test case scripts to launch attacks exploiting 10 implementation-level vulnerabilities ranging from DoS to Downgrades that affect commercial 5G modems from major chipset vendors such as Qualcomm and MediaTek. The tool is released open sourced, but it is also continuously experimented with newer devices. For example, there are two more 5G implementation vulnerabilities that are under embargo and will be released by the end of this month in the open source repository and website maintained for the project.
Speakers:Matheus Eduardo Garbelini,Sudipta ChattopadhyayMatheus Eduardo Garbelini is a Research fellow at Singapore University of Technology and Design (SUTD) and a White Hat Wireless Hacker by hobby. Through his research in wireless fuzzing, he discovered implementation vulnerabilities in the chipset of countless Bluetooth, Wi-Fi, and 5G commercial IoT devices.
SpeakerBio: Sudipta Chattopadhyay, Associate Professor at Singapore University of Technology and Design (SUTD)Sudipta Chattopadhyay is an Associate Professor at Singapore University of Technology and Design (SUTD) and hacks code during his spare time. His general research interests lie in the broad area of cyber security including but not limited to security for AI, Wireless Technologies, and Internet of Things (IoTs). Together with Matheus, he discovered SweynTooth, BrakTooth and 5Ghoul, families of Bluetooth and 5G NR vulnerabilities that affected billions of devices worldwide.
- ics Calendar file
AND!XOR creates electronic badges filled with hacker challenges. We love doing this, especially coming up with unique ways for hackers to earn them. Introducing the newest member of our hacker-fam: 5N4CK3Y (Snackey). 5N4CK3Y is a vending machine hardware hacking project from AND!XOR. We retrofitted it into an IoT CTF based badge dispensing machine, bling and all. Find a flag on our web hosted CTF platform, you get a 5N4CK3Y dispense code, punch it in, and a badge is vended to you! There are a variety of challenges to earn a badge as well others to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, network security, and cryptography to name a few. There's a little bit of everything, so it's a perfect way to learn something at one of the many DEF CON villages and talking with people you meet, then attempt one of the CTF challenges to dispense a badge. Hardware hacking is our passion and we want people to learn on badges, but more importantly that there's a lot to learn at DEF CON so our CTF will hopefully serve a desire to learn something new and meet new friends while trying to earn a badge and hack it further.
- ics Calendar file
This is a hands-on workshop with a lab that will help students and attendees learn some of the common and interesting ways to takeover accounts or escalate access while looking for vulnerabilities in a web app. These labs are all based on valid and have been awarded bounties by multiple large organizations such as Amazon, Zoom, PayPal, Yahoo, and more!
Pre-Prerequisites - Basic understanding of web application hacking - Knowledge of Web Proxies - Working laptop - Working WiFi (Will not be doable without access to a working WiFi) - Caido (BurpSuite or similar works too!)
SpeakerBio: Ben "NahamSec" Sadeghipour, Hacking HubBen Sadeghipour, also known as NahamSec, is an ethical hacker, content creator, and keynote speaker. With a passion for cybersecurity that began in his teenage years, Ben's professional journey as a bug bounty hunter took off in 2014. He has played a role in helping organizations identify and remediate thousands of security vulnerabilities across a wide range of web and mobile applications in tech giants such as Amazon, Apple, Google, Airbnb, Snapchat, Zoom, and even the US Department of Defense. Ben helps others learn ethical hacking, bug bounty hunting, and reconnaissance techniques. He has also created training materials and content for conferences such as OWASP, DEFCON, and BSides.
- ics Calendar file
From protecting Aircraft Software Parts to authenticating aircraft to ground networks, aircraft use PKI in their day-to-day operations. In this talk we will cover the typical use cases, technologies, and regulations in play and touch upon the emerging threat of the Post-Quantum world and what it could mean for the protection of embedded software we find on aircraft.
SpeakerBio: Matt Gaffney, Principal Engineer, Aircraft Cyber Operations at United AirlinesGaffers is a Principal Engineer for Aircraft Cyber Operations with United Airlines. Since joining their team in 2022 he has been heavily involved in Aircraft PKI projects serving as the SME on the requirements and regulations.
He fell into cybersecurity while serving in the British Army. Having had a previous life in software development, Gaffers found his superiors sending anything IT-related his way. When he later rejoined civilian life he spent a few years bouncing around different industries as a cybersecurity contractor before finding a passion in the niche of aviation cyber. In 2022 he moved across the pond with impeccable timing to land a role at a major US airline.
- ics Calendar file
While the world buzzes about AI-augmented reverse engineering, what about turning the tables and reverse engineering AI itself? As artificial intelligence systems grow increasingly complex and pervasive, decoding their inner workings has become not just a fun challenge, but a critical necessity. This talk introduces the emerging field of mechanistic interpretability to the reverse engineering community, revealing how the frontier of AI research is reinventing wheels long familiar to RE experts. We'll explore how traditional reverse engineering techniques are finding new life in dissecting neural networks, and why the RE community's hard-earned wisdom is more relevant than ever in the age of AI.
SpeakerBio: Dr. Andrew Fasano, Cyber System Assessments at MIT Lincoln LaboratoryDr. Andrew Fasano is a member of the technical staff in the Cyber System Assessment group at MIT Lincoln Laboratory. A former DEF CON CTF team captain, he holds a PhD from Northeastern University and is a maintainer of multiple open-source reverse engineering tools. Recently, Dr. Fasano has been applying his reverse engineering expertise to the emerging field of AI interpretability.
- ics Calendar file
The public library is under attack. Calls for book banning are at an all time high. Some states have passed laws that hold librarians legally accountable for offering "unacceptable" materials to minors. But before this fire started, another one was already burning. In an era of digital content, from eBooks to streaming movies, public libraries have been forced to accept draconian terms of service at the expense of their patrons and to the benefit of corporations. Grossly inflated eBook prices and licensing, unobtainable materials that went out of print due to artificial scarcity, exorbitant fees for access to academic research; these are just a few of the myriad of ways that libraries have been forced to bow before capitalism, all because of a desire to serve the public. But we can fight back...
And no one says we need to fight fairly.
I’d like to tell you some real life stories of a public librarian with a quasi-legal, dark grey skillset. And I’d love to share some ideas about what you can do to help others. If I can do this, you can. And anyone can be a shadow librarian.
Dan is a systems librarian and SQL hacker living in Alvaton and Louisville, Kentucky. After almost 30 years of library work, he’s cultivated a broad background in public library circulation methodology, library technology and automation, training and instruction, and library databases. A shadow librarian for ten years, he’s provided cataloguing and scanning for various shadow libraries and online digital collections. And he’s called upon his work in shadow libraries to help patrons as a traditional public librarian.
Beyond the library, he’s an author, podcaster, musician, and coder.
- ics Calendar file
What’s the real life equivalent of hacking a Gibson? Probably stealing hundreds of millions of dollars in diamonds, gold, and cash from one of the world's most formidable vaults. In 2003, a team of thieves did just that. Armed with hairspray, double sided tape, and nerves of steel, these thieves defeated layer after layer of security to pull off the haul of a lifetime.
However, as much as this is a story of skilled criminals, it is every bit as much a story of security failures and the parallels between protecting diamonds and data. In this presentation we’ll dive deep into what went right, what went wrong, and how to properly apply defense in depth to make your security program look like a hundred million bucks.
Pete Stegemeyer is both a Senior Security Engineer and one of the world’s leading heist experts. Pete has served as a consultant for Vice, National Geographic, and was a featured expert on the History Channel’s series “History’s Greatest Heists.” He is the author of the best selling book Heist: An Inside Look at the World’s 100 Greatest Heists, Cons and Capers and hosts of the popular podcast “I Can Steal That!”
- ics Calendar file
This is a contest about bribery. Bribery is not only allowed, it is required as part of the contest, since it's the only way to move up the leaderboard. Judges will evaluate the value of any given bribe (for example, an unusual sticker, etc.), and award points accordingly. Boring bribes will be rejected (i.e. cash). Players can expect to learn how to make a persuasive argument, and the nature of value in an (often) pay-to-win world that we live in.
- ics Calendar file
The FBI ran an encrypted app called Anom, intercepting all of its messages. The operation ended in the arrest of hundreds of criminals. But what happens now? Are apps that we all use, like Signal, under threat too? This talk will give a blistering dive into what the app was, how it worked, and what it means for all of our privacy now.
SpeakerBio: Joseph Cox, Co-Founder at 404 MediaJoseph Cox is an investigative journalist and author of DARK WIRE, the inside story of how the FBI secretly ran its own encrypted phone company called Anom to wiretap the world. He produced a series of exclusive articles on Anom for VICE’s Motherboard, and is now a co-founder of 404 Media.
- ics Calendar file
A variety of aviation infrastructure has been compromised by hackers. Immerse yourself into challenges where you are tasked as an aviation cyber defense participant to identify attacks/attackers, stop attacks, and restore normal operations. As a participant your first step is to register ahead and read the rules at: https://aisac.cyberskyline.com/events/aisac-defcon and bring your own laptop to the venue. You can participate in the virtual challenges from Friday, but the more critical in-person challenges are only available at certain times during Village open hours!
SpeakerBio: A-ISAC and Embry-Riddle Aeronautical University - Prescott
- ics Calendar file
Are you looking to install or upgrade a physical access control system? Having installed, repaired and upgraded dozens of large and small access control system installations, I have found that many vendors install a minimum viable product that can leave your new system unreliable and trivial to bypass.
This session will give you the tools and knowledge you need to work with your installer to implement your system using best practices in the following areas:
As a low voltage hardware junkie, Tim has had the opportunity to design, expand, upgrade and repair numerous physical access control, alarm and video systems, including a stint at a security vendor where he was certified in Lenel access and video. Tim works today at SailPoint as a Cybersecurity Network Engineer.
- ics Calendar file
With the iPhone 15 & iPhone 15 Pro Apple switched their iPhone to USB-C - and introduced a new proprietary USB-C controller: The ACE3.
But the ACE3 does more than just handle USB power delivery: It's a full microcontroller running a full USB stack connected to some of the internal busses of the device, and we even managed to access JTAG on the iPhone 15 through it. It also provides access to UART, the internal SPMI bus, etc. Previous variants of the ACE, namely the ACE2 found in MacBooks, could easily be dumped and analyzed using SWD - and even be persistently backdoored through a software vulnerability we found.
On the ACE3 however, Apple upped their game: Firmware updates are personalized, debug interfaces seem to be disabled, and the external flash is validated and does not contain all the firmware. However using a combination of reverse-engineering, RF side-channel analysis and electro-magnetic fault-injection it was possible to gain code-execution on the ACE3 - allowing dumping of the ROM, and analysis of the functionality.
This talk will show how to use a combination of hardware, firmware, reverse-engineering, side-channel analysis and fault-injection to gain code-execution on a completely custom chip, enabling further security research on an under-explored but security relevant part of Apple devices.
Thomas Roth aka stacksmashing is a security researcher mostly focused on hardware and firmware. His work includes hardware attacks on processors, microcontrollers and cryptocurrency wallets, building cheap JTAG tooling for the iPhone, and attacking a wide variety of embedded devices. He also runs a YouTube channel called stacksmashing about security, reverse engineering and hardware hacking.
- ics Calendar file
In this activity, participants will see an API Security presentation with examples and engage in a trivia game centered around the topic.
Learn about the wide range of API vulnerabilities with real-world examples of data breaches and what it means to secure APIs through tests. And then it’s trivia time!
Participants will have to answer 10-15 questions on API Security based on their learnings. You will get swags for each answer you get right!
Speakers:Ankush Jain,Ankita GuptaAnkush is the co-founder & CTO at Akto (https://www.akto.io). Prior to starting Akto he worked at CleverTap as VP of Engineering. He has also worked for 5 years as a Quant at Morgan Stanley. He has acquired US patents at Microsoft at CleverTap.
SpeakerBio: Ankita Gupta
- ics Calendar file
In this activity, participants will see an API Security presentation with examples and engage in a trivia game centered around the topic.
Learn about the wide range of API vulnerabilities with real-world examples of data breaches and what it means to secure APIs through tests. And then it’s trivia time!
Participants will have to answer 10-15 questions on API Security based on their learnings. You will get swags for each answer you get right!
Speakers:Ankush Jain,Ankita GuptaAnkush is the co-founder & CTO at Akto (https://www.akto.io). Prior to starting Akto he worked at CleverTap as VP of Engineering. He has also worked for 5 years as a Quant at Morgan Stanley. He has acquired US patents at Microsoft at CleverTap.
SpeakerBio: Ankita Gupta
- ics Calendar file
Join us for an exhilarating container security CTF where you can go head-to-head with your peers. In this session, we will explore the world of container security, including image analysis, enumeration, and the most up-to-date container escape techniques. Put your skills to the test and compete for the top spot! Participants will gain valuable knowledge in container security and have the chance to win some exciting prizes. Don't miss out on this thrilling opportunity to showcase your expertise!
SpeakerBio: Jonathan Leitschuh
- ics Calendar file
Find the reachable one! You’ve got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go! You'll have 5 minutes to place the cards in the correct order and find the true positive(s). The winner? Whoever finds the solution in the shortest amount of time!
Speakers:Czesia Glik,Yossi Pik
- ics Calendar file
Find the reachable one! You’ve got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go! You'll have 5 minutes to place the cards in the correct order and find the true positive(s). The winner? Whoever finds the solution in the shortest amount of time!
Speakers:Czesia Glik,Yossi Pik
- ics Calendar file
Before you can deal with secrets sprawl, you first need to understand how deep the issue of plaintext secrets can be. Improperly stored and shared secrets are a problem beyond just the top layer of code you put in production. It affects feature branches, old commits, logs, and communication and collaboration tools.
In this exercise, you will be challenged to find all the secrets and then use a special tool to quickly validate the secrets and your work. Walk away from this exercise ready to apply the lessons learned to make your organization safer in no time.
SpeakerBio: mcdwayneDwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.
- ics Calendar file
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
SpeakerBio: Mário Leitão-Teixeira"Vulnerability" is part of my daily vocabulary at Checkmarx, and I never get sick of it. I dub myself a 'self-certified idiot' because I love learning and hatching ideas. So much, that I've made brainstorming a hobby and kickstarted a team initiative to keep us on the pulse of InfoSec. As a result, we have learned about CVSSv4 before it was cool.
Well, CVSSv4 isn't cool yet since it's yet to be fully adopted, but in the meantime, I've researched and come up with this talk. I wasn't given the opportunity to win a 'Best Speaker' award yet. However, I published a few blog posts for Checkmarx and am brewing many other initiatives. I'm also currently studying to pass the CEH certification. Contributing to the AppSec Village at RSAC in San Francisco last year. Check.
Beyond the keyboard, you catch me reading, writing, or practicing martial arts. As in cybersecurity, I seek constant learning.
- ics Calendar file
Chloé Messdaghi is the Head of Threat Intelligence at HiddenLayer, leading efforts to secure AI measures and promote industry-wide security practices. A sought-after public speaker and trusted authority for journalists, her expertise has been widely featured in the media. Recognized as a Power Player by Business Insider and SC Media, Chloé has made significant contributions to cybersecurity. Outside of work, she is dedicated to philanthropy, advancing industry progress, and promoting societal and environmental well-being.
Chloé Messdaghi serves as the Head of Threat Intelligence at HiddenLayer, where she spearheads efforts to fortify security for AI measures and fosters collaborative initiatives to enhance industry-wide security practices for AI. A highly sought-after public speaker and trusted authority for national and sector-specific journalists, Chloé's expertise has been prominently featured across various media platforms. Her impactful contributions to cybersecurity have earned her recognition as a Power Player by esteemed publications such as Business Insider and SC Media.Beyond her professional endeavors, Chloé remains passionately committed to philanthropy aimed at advancing industry progress and fostering societal and environmental well-being.
SpeakerBio: Sebastian Cesario, CTO & Co Founder, BforeAIKasimir Schulz, Principal Security Researcher at HiddenLayer, is a leading expert in uncovering zero-day exploits and supply chain vulnerabilities in AI. His work has been featured in BleepingComputer and Dark Reading, and he has spoken at conferences such as FS-ISAC and Black Hat. Kasimir leads the development of advanced tools for automating vulnerability detection and implementing large-scale patches, fortifying systems against supply chain attacks. His dedication to proactive defense measures sets a new standard in cybersecurity resilience.
- ics Calendar file
Adversary Simulator booth is a volunteer assisted activity, which has hands-on adversary emulation plans and exercises specific to a wide variety of threat-actors; these are meant to provide the participants with a better understanding of adversarial attack emulation. The booth will be hosting a simulated environment meant to recreate enterprise infrastructure, operational technology environment, which serves targets for various attack simulations.The hands-on simulator booth also hosts an activity, which would need the participants to generate their own adversary emulation plans to assess the efficacy of the defense systems based on publicly available cyber threat intelligence.
SpeakerBio: Adversary Village Crew
- ics Calendar file
Adversary Village proudly presents "Adversary Wars CTF", an official contest at DEF CON, where the participants will have to pose as adversaries and replicate adversarial actions against each element of a “target” organization. Adversary Wars would have real world simulation of CTF scenarios and challenges, where the participants can perform various attacks and learn new attack vectors, TTPs, techniques, etc. To visualize the CTF environment, the contest area will feature a miniature model of the city made using interlocking-plastic-bricks. The breached components OR organization buildings will be physically marked in the city model as the CTF progresses.
We are excited to be back at DEF CON as an official contest this year. Adversary Wars CTF will be located in the contest area for DEF CON 32.
- ics Calendar file
Adversary Adventure is a Choose-Your-Own-Adventure model interactive table-top exercise game, where everyone can participate and choose various tasks. The participants can choose to play as an attacker who performs adversarial activities against a target, a defender who deals with a potential breach, as a CISO who is managing a ransomware attack, or even as management executives going through a table-top exercise.
SpeakerBio: Adversary Village Crew
- ics Calendar file
Join us at the AI Village for interactive demonstrations at the intersection of AI and security. Attempt to hijack and manipulate autonomous robots using large language models and generative AI. Fool your friends by creating deep fakes with a state-of-the-art setup from Bishop Fox, complete with DSLR camera, green screen, and props. Finally, put your social engineering awareness to the test with DARPA’s deep fake analysis system, designed to identify and attribute manipulated and synthetic media. Don’t miss this opportunity to engage with adversarial AI technologies and learn about their implications on the future, at DEF CON 32!
- ics Calendar file
This panel discussion will delve into the critical intersection of artificial intelligence and cybersecurity in the context of the rapidly evolving 5G network environment. By bringing together experts in AI, 5G network security, and AI-driven solutions
Speakers:Shina Liu,Niklas Lindroos,Ezz Tahoun,Akib SayyedShina Liu has over two decades of experience in the telecom industry, beginning as a software developer for 3G networks. Since receiving her CISSP certification in 2007, she led product security verification for 4G and 5G networks and currently serve as a senior security analyst. Based in Naperville, she is a member of Nokia's Technical Leadership Council Committee and has been actively involved in ML/AI/GenAI initiatives since 2019.
SpeakerBio: Niklas Lindroos, Head of PSIRT and Advanced Security Testing lab at Nokia CorporationNiklas is the Head of PSIRT and Advanced Security Testing lab - the red and blue teams of Nokia Corporation. He and his team manage the response to serious vulnerabilities and incidents in telecommunication networks globally and conduct security simulations and testing of essential network functions. He has over 30 years of experience in network and telecommunications security.
SpeakerBio: Ezz TahounEzz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management.
SpeakerBio: Akib Sayyed, Founder and Director at Matrix Shell TechnologiesAkib, Founder and Director of Matrix Shell Technologies, has over 12 years of experience in Telecom Security. He has served diverse telecom operators across India, Africa, and the Middle East, specializing in signaling protocols and technologies like GSM, UMTS, LTE, 5G, and VoLTE. He has led numerous penetration testing projects, disclosed a GSM vulnerability in 2012, and worked with various open-source telecom platforms. Akib has also delivered training at Black Hat and DEFCON, contributing significantly to the cybersecurity community. His education includes a Bachelor's in Engineering (CSE) and certifications in ISO 17025:2017 and 5G.
- ics Calendar file
The AI Village and Blue Team Village Pool Party will feature free tacos, cash bars, sponsor cabanas, with entertainment by DJ R.O.C.K.M.A.N. and "Dunk A Fed" benefitting Blacks in Cyber and Women in Security and Privacy. Sahara Azilo Pool, Saturday, August 10, 8pm to midnight. DEF CON badge required for entry. All ages. Visit Blacks In Cyber Village or WISP at DEF CON for your Dunk A Fed raffle ticket.
- ics Calendar file
- ics Calendar file
This is a live tutorial of hacking against keyboards of all forms. Attacking the keyboard is the ultimate strategy to hijack a session before it is encrypted, capturing plaintext at the source and (often) in much simpler ways than those required to attack network protocols.
In this session we explore available attack vectors against traditional keyboards, starting with plain old keyloggers. We then advance to "Van Eck Phreaking" style attacks against individual keystroke emanations as well as RF wireless connections, and we finally graduate to the new hotness: acoustic attacks by eavesdropping on the sound of you typing!
Use your newfound knowledge for good, with great power comes great responsibility!
A subset of signal leak attacks focusing on keyboards. This talk is compiled with open sources, no classified material will be discussed.
SpeakerBio: Federico Lucifredi, Product Management Director, Ceph Storage at IBM and Red HatFederico Lucifredi is the Product Management Director for Ceph Storage at IBM and Red Hat and a co-author of O'Reilly's "Peccary Book" on AWS System Administration. Previously, he was the Ubuntu Server product manager at Canonical, where he oversaw a broad portfolio and the rise of Ubuntu Server to the rank of most popular OS on Amazon AWS. A software engineer-turned-manager at the Novell corporation, he was part of the SUSE Linux team, overseeing the update lifecycle and delivery stack of a $150 million maintenance business. A CIO and a network software architect at advanced technology and embedded Linux startups, Federico was also a lecturer for over 200 students in Boston University's graduate and undergraduate programs, and simultaneously a consultant for MIT implementing fluid-dynamics simulations in Java.
- ics Calendar file
- ics Calendar file
System Management Mode (SMM) is one of the most powerful execution modes in the x86 architecture and code at this level is invisible to the Hypervisor and OS-level protections, including anti-cheat engines and anti-virus systems. While the BIOS ecosystem's complexity has led to a multitude of vulnerabilities in firmware over time, vendors are now making strides in delivering patches with greater speed and efficiency. Unfortunately, these efforts are not enough in the presence of a CPU vulnerability.
When researching the AMD processor, our team noticed a flaw in one of the critical components required for securing SMM. This silicon-level issue appears to have remained undetected for nearly two decades.
This presentation starts by providing an introduction to SMM and the security mechanisms that the AMD processor provides to support it. Subsequently, it delves into the CPU design flaw and the complete methodology and engineering used to create a universal ring -2 privilege escalation exploit.
Speakers:Enrique Nissim,Krzysztof OkupskiEnrique Nissim is a security engineer with over a decade of professional experience working on vulnerability research. As a Principal Security Consultant at IOActive, he is mainly involved in projects requiring a deep understanding of operating systems, CPU architectures, embedded firmware and software development. Over his career, Enrique has delivered multiple presentations at several leading events including Black Hat USA, CansecWest, Ekoparty, ZeroNights and Hardwear.io.
SpeakerBio: Krzysztof Okupski, Associate Principal Security Consultant at IOActiveKrzysztof Okupski is an Associate Principal Security Consultant with IOActive where he specialises in embedded security. While he enjoys hacking various targets, he is particularly interested in the nitty-gritty details of platform security where small misconfigurations can lead to critical issues.
- ics Calendar file
SCCM abuse has become a popular technique in the offensive security community but can be intimidating to test in production environments due to its complexity. This workshop aims to provide operators not only a safe environment to practice tradecraft but also provide them with the confidence to properly find and assess SCCM during their engagements.
Speakers:Garrett Foster,Zachary SteinGarrett Foster (@garrfoster) is a Senior Consultant at SpecterOps, where he conducts red team operations, penetration testing, research, training, and course development. Garrett has presented at WWHF and BsidesPDX. Garrett is a the primary author of SCCMHunter and a co-author of Misconfiguration Manager.
SpeakerBio: Zachary Stein
- ics Calendar file
The earlier we perform security interventions, the better. The best time? While we’re designing an application. This workshop will discuss the importance and use of Application Threat Modeling during app design, how to apply it to existing applications during later phases of development, then perform application threat modeling on an example web application using the Trike methodology.
The presented methodology is built on the concept that understanding the design of an application is all that is needed to create a threat model - and doing so can remove the uncertainties and brainstorming that other security threat modeling can require. Rather than requiring a deep security knowledge, all we need is to understand the application - something developers are uniquely suited to do.
SpeakerBio: AreTilleryTillery (they/them) is a co-founder of Neuvik Solutions and serves as their Director of Training & Education. Tillery has been in formal education and professional training roles for the US Department of Defense as well as for commercial companies for more than a decade. They have spent their career in cybersecurity on both sides of the red/blue divide, first focusing on reverse engineering and exploit development, then bringing their offensive mindset to the field of Application Security. Tillery brings deep technical knowledge and pedagogical training to instruction in cybersecurity, computer science, and mathematics.
- ics Calendar file
Learn how in this hands-on lab with resident AR designer, Zaire Moore
SpeakerBio: Zaire Moore, BlackTerminusCinematographer | AR Designer | Content Creator
- ics Calendar file
ARINC 664 is an extension to IP networking that adds deterministic QoS for Aircraft Systems over Ethernet. Sit down and learn about how the extensions to 802.3 is used on aircraft, how that flight critical data is transferred in a timely matter, and how to manipulate the data on these networks. This progressive difficulty CTF provides a fun and informative way of approaching ARINC 664 networking.
SpeakerBio: Boeing
- ics Calendar file
This Arsenal session will give a demonstration of how you can use SanicDNS to superpower your recon workflow using world's fastest DNS scanner.
SpeakerBio: Jasper InsingerJasper Insinger is a security researcher with a background in Electrical Engineering with a passion for low level / embedded computing. Before transitioning into security, Jasper worked on engineering the world’s most efficient solar powered cars.
- ics Calendar file
SCAGoat is a deliberately written vulnerable application designed for performing and learning Software Composition Analysis (SCA). There are many vulnerable web applications available to learn web app pentesting however there are not much resources to learn SCA, essentially applications built on vulnerable Open Source Software(OSS)
Speakers:Gaurav Joshi,HK,kvprashantI am working extensively with Static Application Security Testing (SAST) as a security professional. My role involved conducting secure code reviews and utilizing SAST techniques to identify and mitigate vulnerabilities in software applications. As well as actively contribute to network focus on safeguarding potential threats.
SpeakerBio: HKAs a Product Security Engineer, my passion for cybersecurity drives me to excel in various areas. I specialize in conducting penetration testing, actively participate in security Capture The Flag (CTF) competitions, and perform code reviews to ensure secure code development. My expertise extends to leveraging Static Application Security Testing (SAST) techniques in languages like Java, Python, JavaScript, JSP, among others.
SpeakerBio: kvprashantPrashant Venkatesh is an information security expert with over 20 years of experience. He presently works as Manager, Product security at Poshmark Inc,
Prashant is an enthusiastic participant in the field who consistently coordinates, reviews papers, and presents his work at numerous InfoSec conferences, including at Nullcon and c0c0n. He is also active through the OWASP Bay Area chapter Leadership and he is co-founder of annual Seasides Conference.
Gaurav Joshi is currently employed as a Product Security Engineer. His passion for cybersecurity propels him to excel in various areas. He specializes in conducting penetration testing, actively participates in security Capture The Flag (CTF) competitions, and performs code reviews to ensure secure code development. His expertise extends to leveraging Static Application Security Testing (SAST) techniques in languages like Java, Python, JavaScript, JSP, among others.
- ics Calendar file
As the adoption of GenAI tools has soared, security has done little to keep up. New classes of data, and especially vector data, is flooding into new and untested data stores. Vector databases are getting copies of health data, financial data, HR data, emails, and everything else, but they have no intrinsic security. What's worse, the vectors themselves can be reversed in embedding inversion attacks that turn those vectors back into faces, sentences, and even pictures. We discuss these new attacks and a new branch of cryptography, vector encryption, which allows for privacy preserving searches to happen over the encrypted vectors. We'll discuss the benefits, trade-offs, and current state of the field and the open source software we've built to meet the new need.
Speakers:Bob Wall,Patrick WalshPatrick Walsh has more than 20 years of experience building security products and enterprise SaaS solutions. Most recently he ran an Engineering division at Oracle, delivering features and business results to the world’s largest companies. Patrick now leads IronCore Labs, a data privacy platform that helps businesses gain control of their data and meet increasingly stringent data protection needs.
- ics Calendar file
- ics Calendar file
reversing can feel uber powerful... like you hold God's honest truth within your hands... most humans don't understand what you can see and comprehend.
until someone tries to hide the truth from you... limit your knowledge... keep you from your glorious purpose!
obfuscated code can be a real downer.
this talk focuses on the story of how i took on an interesting obfuscated target (an automotive modder's tool with ability to flash firmware and tweak engines), in fun and exciting ways.
we'll discuss several problems with obfuscated code, an approach i took (and tooling), playing in the guts of machine code, and customizations to binary analysis tools that came out of the journey...
there will be much hex, disassembly, green on black, total carnage.
you will walk away with powerful ideas and new tools to help you in your pursuit of truth. you will be entertained, enriched, educated, and hopefully inspired. instead of thinking that "atlas is smart" my goal is you feeling, and being, more powerful.
come with Vivisect installed to follow along!
SpeakerBio: atlasatlas is a doer of things. with nearly 20 years of experience binary reverse-engineering, exploiting, and bringing friends along, he's as likely to talk about RF signals as to discuss converting machine language bits into assembly instructions, intermediate languages, and decompilers. driven by the "truth", and desire to write tools to make finding truth easier, his talks always engage, embrace, and baffle.
- ics Calendar file
Curious about mobile phone privacy? Come on over for this workshop with lots of direct Q&A!
SpeakerBio: Grey FoxGrey Fox, the callsign assigned to him by a DHS colleague, recently retired from the U.S. military after 20 years of service as an intelligence analyst, language analyst, digital network intelligence targeter, cyberspace mission leader, and digital defense education program leader. Having deployed eight times supporting front line combat teams, his experience ranges from offensive cyberspace operations planning and execution to military information support operations. Along the way, Grey Fox acquired multiple creds, including GCTI, GASF, GAWN, and CWNA. He currently instructs Digital OPSEC at the U.S. Army Security Cooperation Officer course and the U.S. Air Force Research Lab, as well as SDR foundations and Wi-Fi hacking at the U.S. Army Signal School.
- ics Calendar file
Ransomware groups have become notably proficient at wreaking havoc across various sectors , but we can turn the tables. However, a less explored avenue in the fight against these digital adversaries lies in the proactive offense against their web panels. In this presentation, I will delve into the strategies and methodologies for infiltrating and commandeering the web panels used by ransomware groups to manage their malicious operations or the APIs used during their initial exfiltration of data.
I will demonstrate how to leverage these vulnerabilities to gain unauthorized access to the ransomware groups' web panels. This access not only disrupts their operations but also opens a window to gather intelligence and potentially identify the operators behind those APTs. Let’s explore the frontiers of cyber offense, targeting the very command and control (C2) centers ransomware groups rely on, turning the tables in our ongoing battle against cyber threats,it’s our turn to wreak havoc.
SpeakerBio: Vangelis Stykas, Chief Technology Officer at AtroposVangelis began as a developer from Greece. Six years ago he realized that only his dog didn’t have an API, so he decided to steer his focus towards security.
That led him to pursue a PhD in Web Application Security with an extra focus on machine learning. He’s still actively pursuing it.
He currently applies his skills as a Chief Technology Officer at Atropos, and during his free time, Vangelis is helping start-ups secure themselves on the internet and get a leg up in security terms.
His love of a simplistic approach to hacking by exploiting vulnerable APIs led him to publish research regarding API controlling ships, smart locks, IP cameras, car alarms, EV chargers, and many other IoT devices. Since our lives are nowadays extremely cyber-dependent, his goal is to convince all companies to never neglect their API security as rush-to-market mentality is almost certain to lead to catastrophic security failure.
- ics Calendar file
This talk introduces a method for creating unique command and control (C2) servers for each engagement, utilizing diverse programming languages, obfuscations, and communication protocols. The approach leverages a curated repository of historical C2 and implant data, with feedback to ensure continuous improvement. Want a C2 written in PERL that uses Gopher for comms? I don't know why you would but I can show you how. Rust, nodejs, and more. Want a C2 that runs in UEFI? The best part is once the engagement is done you don't have to worry that your toolset was blown because next engagement you will have a new framework.
SpeakerBio: David "Icer" Maynor, Secret Keeper at ThreatHunter.aiDavid “Icer” Maynor, Secret Keeper at ThreatHunter.ai, has over 20 years of experience in information security with deep technical expertise in threat intelligence, reverse engineering, exploit development, and offensive security testing. Results-driven research, analysis, and solutions leveraging partnerships and cross-disciplinary teams, to strengthen customer and business security posture and capabilities. Served as founder, executive, and advisor within the information security startup space. Author of and contributor to several popular open-source tools, presenter and instructor, and subject matter expert contributor for print, television, and online media.
- ics Calendar file
The Beverage Chilling Contraption Contest has been un-canceled! After a fantastic afternoon of day drinking celebrating the start of the 20th BCCC we've run out of beer. It's a disaster, a catastrophe! Fortunately, we had the wherewithal to scramble a crack beverage acquisition team to the streets of Las Vegas and found more! Don't ask where. Unfortunately, like the streets of Las Vegas, it's HOT and kinda sticky. We need you to help us fix this and get that beer as cold as the barren wasteland that is our generation's dreams of home ownership!
- ics Calendar file
A scenario-driven Capture the Flag contest, pits teams of participants against adversaries and a clock, to protect human life and public safety. Participants compete against each other on both real and simulated medical devices, integrated into the fully immersive Biohacking Village: Device Lab, laid out as a working hospital.
Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others. You will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.
Welcome, elite hackers and cyber sleuths, to a CTF experience like no other - the "Code D.A.R.K. : Biohacking Village CTF Challenge".
Merge the worlds of biology and cybersecurity in an adrenaline-pumping contest that tests your skills in ways you've never imagined. Thrilling and challenging cybersecurity adventure centered around a hospital setting as a scenario where participants engage in a race against time to secure or retrieve critical medical data, navigating through various cybersecurity puzzles and challenges, where participants act as guardians of critical biological data.
Unravel Biological Mysteries: Dive into a narrative where biotechnology meets cyber-warfare. Decode genetic puzzles, breach virtual lab networks, and outsmart bioinformatics security systems.
Elevate Your Hacking Game: Challenge yourself with unique biocybersecurity scenarios. This isn't your typical CTF - it's a fusion of biotech intrigue and hardcore hacking.
Compete and Collaborate: Team up with fellow biohackers and cyber warriors. Share knowledge, strategize, and show off your skills in a community where biology and bits intersect.
Gear Up for a Cyber-Biotech Showdown
Immersive Scenarios: Each challenge is a step into a world where safeguarding biological data is as critical as securing digital assets.
Skill Diversity: Whether you're a veteran hacker or a biotech enthusiast, Code D.A.R.K. offers a range of puzzles that cater to a wide array of skills and interests.
Participants may only register once for this challenge. If participants register for this challenge more than once, the whole teams with a participant that registered multiple times will be disqualified.
By registering, participants agree that their accounts may be rejected or terminated and all submissions by them and/or their Team may be disqualified if any of the information in their account is incorrect.
Participants must agree to and abide by the Code of Conduct while participating in the Biohacking Village Capture the Flag. Anyone who will conduct themselves against the CoC will be eliminated from competition and banned forever.
After participants register individually, they may work alone (team of one) or on one team with other challenge participants. To work on a team, they may either create a new team or join one that is pre-existing ( if a participant wishes to join a team or offer others to join, they can do so in the #ctf-st-elvis-teambuilding Discord Channel)
The maximum number of team members is five (5).
All teams must designate a Team Captain. A Team Captain serves as the official contact person for a team: this person should provide accurate and complete contact information to ensure that CTF organizers can reach their team if needed.
Each member of the team must be a registered participant in the CTF.
If participants choose to join a team, then they may not simultaneously participate as an individual or another team.
All submissions must be received during the Challenge period. Submissions posted after the posted time frame will be disqualified.
Participants may get an answer but it will forfeit their points for that challenge. Even if the flag they tried before was similar. The decision to get the answer is final for zero points.
Each submission has set value known beforehand in the challenge description
The winning teams will be decided based on the number of the accumulated points during the CTF timeframe. In case two teams accumulate the same amount of points, the team that reached the amount of points in question faster will be the winner.
Whole team gets disqualified if any of the following applies:
Unless stated otherwise on the mainsite, we do not share any information about participants with anyone. Some events or conferences might have/require other rules, in that case it will be noted on the CTFd site.
- ics Calendar file
The Device Lab is highly-collaborative environment where security researchers test medical instruments, applications, and devices in real-time from participating Medical Device Manufacturers. Any potential issues are reported directly to the manufacturer, and coordinated vulnerability disclosures are produced.
As part of their product security programs, their proactive initiatives to test their products, and to enhance the cybersecurity of their medical technologies, select medical device makers are teaming up with the Biohacking Village.
These manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed. Security researchers must sign the Hippocratic Oath for Hackers and agree to the framework of boundaries and rules of engagement during and post conference engagement.
We have 10 manufacturers with 21 devices. You can find more information about the devices and each manufacturer's Vulnerability Disclosure Policy here.
- ics Calendar file
Hybrid Contest Contest available online Friday 12:00 to Saturday 17:00
The BIC Village Capture The Flag is a jeopardy style event designed to practice solving challenges in multiple categories. This event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. This event will highlight previous, current and up & coming Black individuals and their contributions to technology. This year we are excited to bring back our physical challenge room with a variety of interactive components for players to interface with.
This event also aims to bring to the forefront a range of technologies that we will expose to the community that operate in our day-to-day lives and examine their capabilities; contributing to the discussion of privacy, social justice and civil rights. Our event will allow the DEF CON community to fully engage in “Reading all the stories, learning all the technologies, and hacking all the things.”
- ics Calendar file
The BIC Village Capture The Flag is a jeopardy style event designed to practice solving challenges in multiple categories. This event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. This event will highlight previous, current and up & coming Black individuals and their contributions to technology. This year we are excited to bring back our physical challenge room with a variety of interactive components for players to interface with.
This event also aims to bring to the forefront a range of technologies that we will expose to the community that operate in our day-to-day lives and examine their capabilities; contributing to the discussion of privacy, social justice and civil rights. Our event will allow the DEF CON community to fully engage in “Reading all the stories, learning all the technologies, and hacking all the things.”
- ics Calendar file
- ics Calendar file
In-Person Contest Friday and Saturday: 10:30-18:00 CTF begins Friday 10:30; CTF ends Saturday 18:00
The Blue Team Village (BTV) CTF is a cyber defense Capture the Flag inspired by a mix of trending nation-state actor kill chains and at least one custom insider threat story. You are an incident responder tasked to investigate several incidents involving different operating systems and OT devices. You will have access to SIEM and Packet captures; however, just like in real life, these tools have issues you must overcome to uncover what happened.
Expect indexes to telemetry issues, raw data not extracted properly, and missing fields. Regex may be helpful. In addition, Arkime, the network monitoring tool, will only work partially and correctly. You must find ways to make the best of the telemetry provided, and remember that you can always extract the resulting pcaps!
The CTF challenges contestants to leverage diverse cyber defense skills, including Incident Response, Forensics, and Threat Hunting. Both host and network telemetry are required to solve all the flags.
BTV’s Project Obsidian crew developed the CTF to allow anyone, regardless of skill or knowledge, to participate and sharpen their cyber defense skills. We recommend creating or joining a team if you are new to cyber defense. We highly recommend participating in the BTV’s Project Obsidian workshop sessions if you are new to cyber defense. Sessions cover many of the topics on the CTF and will help you along the way.
- ics Calendar file
Antivirus (AV) solutions, serving as the last line of defense on users’ endpoint devices, have evolved into highly complex entities. Often operated as 'black boxes' from user’s perspective due to proprietary and security reasons, the principle of 'security through obscurity' - though far from ideal - remains prevalent in the cat-and-mouse game between defenders and attackers. This dynamic places researchers and attackers in similar positions; while malware authors can fingerprint AV detection mechanisms through various evasion techniques, researchers can employ similar methods to identify improvement opportunities in security products. This study evaluates the effectiveness and performance of AV solutions against 18 open-source evasion frameworks. Notably, no AV solution could detect all samples from open-source evasion tools, and conversely, no evasion tool could bypass all contemporary AVs. This limitation is primarily attributed to the AVs’ reliance on signature and heuristic engines to balance between performance, security and access (false-positive rates). To delve deeper into AV detection capabilities across signature, heuristic, and behavioral evasions, we built BOAZ - an evasion tool serving both as a research instrument and an evasion framework. Through empirical experimentation, our findings reveal not only the varied performance of AV solutions against different evasion frameworks and techniques but also the potential for strategically combining these techniques to penetrate secured environments without needing commercial tools or zero-day exploits. Effectively, by understanding the building blocks of AV detection and evasion phases, anyone can develop their own evasion tool.
SpeakerBio: Thomas X Meng
- ics Calendar file
BOLA is a prevalent vulnerability in modern APIs and web applications, topping the OWASP API risk chart, and ranking fourth in HackerOne Global Top 10. Its impact ranges from data exposure to total system control loss.
While manually triggering known BOLAs is relatively straightforward, automatic detection is challenging due to the complexities of application logic, the wide range of inputs, and the stateful nature of modern web applications.
To tackle this, we leveraged LLMs to automate manual tasks such as understanding application logic, revealing endpoint dependency relationships, generating test cases, and interpreting results. Our AI-backed approach enables automating BOLA detection at scale, named BOLABuster.
Though in its early stages, BOLABuster identified numerous vulnerabilities in open-source projects. In one case, we submitted 15 CVEs for a project, some leading to critical privilege escalation. Our latest disclosed vulnerability was CVE-2024-1313, a BOLA in Grafana,
Speakers:Jay Chen,Ravid MazonJay Chen is a Cloud Security Researcher with Prisma Cloud and Unit 42 at Palo Alto Networks. He has extensive research experience in cloud security. In his role at Palo Alto Networks, he focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud-native technologies such as containers and public cloud services. He works to develop methodologies for identifying and remediating security gaps in public clouds and works to protect Prisma Cloud customers from threats.
In previous roles, he has researched mobile cloud security and distributed storage security. Jay has authored 25+ academic and industrial papers.
SpeakerBio: Ravid MazonJay: Jay Chen is a Cloud Security Researcher with Prisma Cloud and Unit 42 at Palo Alto Networks. He has extensive research experience in cloud security. In his role at Palo Alto Networks, he focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud-native technologies such as containers and public cloud services. He works to develop methodologies for identifying and remediating security gaps in public clouds and works to protect Prisma customers from threats.
- ics Calendar file
Join us for an interactive workshop where we will walk you through the ins and outs of botnet deployment and operation via a command and control web server. Geared towards beginners, this workshop offers a hands-on approach to understanding how botnets function. You'll also learn an effective defense strategy against the botnet you have created. No experience needed we will give you everything you need!
- ics Calendar file
Amal Joy is a Security Engineer at Highradius. His area of research falls into Infrastuture Security , Redteaming in Multicloud environments and Corporate Networks. He also loves spending leasure time on malware development. He is an Executive member of DC0471 defcon group He has over 3 years of experience in playing CTF's and also hosted many hiring MultiCloud Adversary CTF's in Reputed conferences like Seasides 22. With Strong focus on MultiCloud and ActiveDirectory, He currently holds various certifications like CARTP,MCRTA,CCRTA,EJPT.
SpeakerBio: Abhishek S, Security Engineer at FlipkartAbhishek S is a Security Engineer at Flipkart with primary research focus in application security and red teaming. He is a staff of Adversary Village at (DEF CON) and an executive member of DC0471 group, he has been a speaker for various conferences like C0c0n 23 and Blackhat MEA 23. With over 4 years of experience playing CTF(s) and hunting for vulnerabilities in various VDP programs. He is listed in hall of fames of Google, Facebook, Microsoft and 40+ organizations for finding their security vulnerabilities. He has about four cve(s) from various organizations such as Android, Tenable, StrAPI CMS etc. currently holds various certifications such as OSCP, BSCP, CRTP, GIAC GFACT etc. Other than the technical side, he loves to travel around the world and is a automotive enthusiast.
- ics Calendar file
By the end of the session, attendees will gain a comprehensive understanding of the security mechanisms protecting mobile payment applications, the inherent vulnerabilities, and the sophisticated techniques employed by attackers to exploit these systems. This talk is designed to provide industry insights, maintaining a vendor-neutral perspective while focusing on the broader security landscape.
SpeakerBio: Adrian Garcia, Senior Security Expert at AdyenAdrian Garcia serves as a Senior Security Expert at Adyen. With over ten years of experience in software security, Adrian specializes in mobile payment security, focusing on securing mobile products such as wallets and mobile points of sale. Passionate about reverse engineering, Adrian brings extensive knowledge of cryptography and payment security standards to his work.
- ics Calendar file
VSAT satellite communication systems are widely used to provide two-way data and voice communications to remote areas, including maritime environments, crisis regions, and other locations where terrestrial communication infrastructure is limited or unavailable. In this presentation, we report on our security findings from our reverse-engineering efforts to exploit VSAT satellite modems from the Earth. We will focus on the Newtec MDM2200 from iDirect as an example. First, we explain how we reverse-engineered the software stack running on the modem device to find 0-day vulnerabilities. Then, we show how we reverse-engineered the network stack to devise attacks that can be launched by injecting wireless signals through the antenna dish of a VSAT terminal. Finally, we demonstrate our software-defined radio end-to-end attacks to inject bogus firmware updates and to gain a remote root shell access on the modem. To the best of knowledge, this represents the first successful demonstration of signal injection attacks on VSAT modems using software-defined radios from the Earth, while previous attacks on VSAT systems such as the ViaSat hack in 2022 were based on exploiting the operator’s network through Internet VPN connections. Our work therefore enlarges significantly the attack surface of VSAT systems.
Our presentation at DEF CON is part of a project that has three parts.
In the first part, we focus on the inherent security issues in current VSAT system practices. This work will be appear in May at ACM WiSec 2024.
VSAsTer: Uncovering Inherent Security Issues in Current VSAT System Practices, Johannes Willbold, Moritz Schloegel, Robin Bisping, Martin Strohmeier, Thorsten Holz, Vincent Lenders, 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Seoul, Korea, May 2024.
The second part deals with the systematic evaluation of wireless signal injection attacks using a software-defined radio. This work will appear in August at Usenix Security 2024:
Wireless Signal Injection Attacks on VSAT Satellite Modems, Robin Bisping, Johannes Willbold, Martin Strohmeier, and Vincent Lenders, 33rd USENIX Security Symposium (USENIX Security), Philadelphia PA, USA, August 2024.
The third part of the project deals with reverse-engineering of the software and network stack of satellite modems and the development of exploits that can be injected over the air through the antenna dish of a VSAT terminal from the ground. This part shall be presented at DEF CON this year.
Speakers:Vincent Lenders,Johannes Willbold,Robin BispingVincent Lenders is a cybersecurity researcher from Switzerland where he acts as the Head of the Cyber-Defence Campus. He has a Master and PhD degree from ETH Zurich in electrical engineering. He has over 15 years of practical experience in cybersecurity with a strong focus on the security of wireless networks. He is the co-founder of the OpenSky Network and has published over 150 scientific papers and two books, and presents regularly at cybersecurity conferences including Usenix Secuirty, DEFCON, IEEE S&P, NDSS, ACM CCS.
SpeakerBio: Johannes Willbold, PhD Student at Ruhr University BochumJohannes Willbold is a PhD student at the Ruhr University Bochum and researches the software security of space and satellite systems. In 2023, he published at the IEEE S&P, and presented on venues, including Black Hat US, REcon and TyphoonCon. He organizes the yearly SpaceSec workshop (co-located with NDSS) and participated in the Hack-a-Sat 2 & 4 finals.
SpeakerBio: Robin Bisping, Security Engineer at Cyber-Defence CampusRobin Bisping is a security engineer and former student of ETH Zurich and the Cyber-Defence Campus, where his research focused on the security of wireless networks and satellite communication systems.
- ics Calendar file
Bricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation.
- ics Calendar file
In the vast expanse of space, holographic teleportation—a futuristic blend of holography and teleportation—has revolutionized astronaut communication. Imagine beaming a lifelike 3D image of yourself across light-years. Now, consider its potential in medicine: remote surgeries, expert consultations, and training—where distance dissolves, and expertise transcends borders. Buckle up; holoconnect is our cosmic ticket to healing!
SpeakerBio: Fernando De La Peña Llaca, Aexa AerospaceFor 28 years, Fernando De La Peña Llaca has steered Aexa Aerospace with unwavering leadership. His passion for space exploration, combined with Aexa's cutting-edge expertise, has propelled the company to remarkable heights. Here's how his visionary leadership transformed Aexa into a Federal Contractor for prestigious entities:
NASA Collaboration:
Defense and Industry Giants:
Influential Roles:
Community Engagement:
Defense Industrial Base Leadership:
Awards and Recognition:
Fernando De La Peña Llaca's legacy is etched in the stars—a testament to visionary leadership and unwavering dedication to space exploration.
- ics Calendar file
This panel will explore the critical challenges and opportunities in developing a robust workforce for AI and machine learning (ML) security. As AI systems become increasingly prevalent across industries, the need for skilled professionals who can safeguard these technologies against adversarial attacks and vulnerabilities has never been greater.
A key focus of the discussion will be addressing the significant shortage of practitioners with hands-on experience in securing ML models deployed in real-world adversarial environments. Panelists will examine how this lack of battle-tested expertise impacts the industry’s ability to defend against sophisticated attacks and discuss strategies for cultivating this essential skill set.
Speakers:Kellee Wicker (Moderator),Christine Lai,David Lo,Austin Carson,Nick LandersChristine Lai is a cybersecurity research specialist in the Office of the Technical Director at the Cybersecurity and Infrastructure Security Agency (CISA), where she currently serves as the AI Security lead for the agency. Prior to joining CISA, she was a cybersecurity and machine learning researcher on critical infrastructure programs at Sandia National Laboratories in Albuquerque, NM.
SpeakerBio: David Lo, SMU
- ics Calendar file
World's only AAA-rated GRC hacker. DEFCON Group 11613 (Melbourne) founder. Time Magazine's Person of the year in 2006. Infinidash expert
- ics Calendar file
Explore the realm of crafting payloads with precision at DEFCON 32 in our session, "Mastering APT-Style Implants: 101." This deep dive experience goes beyond theory, providing practical insights into the development of payloads inspired by Advanced Persistent Threats (APTs).
Attendees will gain a holistic mindset by comprehending—an objective-based methodology for offensive cyber operations. Gain insights into real-world APT tactics and historical perspectives.
This is followed by practical payload development, AI integration, and comprehending industry-relevant tools, from line-by-line code to compiler settings necessary to ensure payload success. These techniques are then wrapped into stealth and operation security concepts with a scenario-based objective targeting a matured environment representative of today's real-world environments.
At the end of the deep dive, attendees will have experienced the payload development cycle from the perspective of a nation-state adversary. Comprehend the mindset necessary to operate in today's most mature environments and the practical knowledge to craft their implants.
SpeakerBio: John Rodriguez
- ics Calendar file
Sting(剑思庭), Master of Software Engineering from Fudan University, previously worked for Siemens Group and Emerson Process Control. In the past few years, Sting has been focusing on penetration testing and security defense construction work in the ICS field. Attended 2018 Kcon Hacker Conference /2019 ISC Internet Security Conference /INSEC World Information Security Conference. Create an industrial control Security Red Team IRT(industrial Red Team) to industrial control security as the goal of the Red Team organization, from the technical direction and technical depth are based on industrial control security as the main line. Familiar with Siemens PLC, AB PLC, Schneider PLC, Hollysys DCS and Supper control DCS system. Sting has been developed ICS Windows, the first industrial penetration platform based on Windows system.
- ics Calendar file
Now that you’re familiar with the techniques used to bypass locks in some door installation, come and learn the remediations for these common bypasses. In this talk, you will learn how to protect against or harden against attacks such as the Under the Door attack, latch slipping, and more.
Speakers:Karen Ng,Terry LuanKaren is a Risk Analyst at GGR Security, and is one of GGR's entry team for physical penetration tests. She has a strong interest in physical security, delivering trainings on physical security vulnerabilities to a wide range of audiences. Karen comes from a background in engineering and has extensive experience in major event logistics. She is one of the Village Leads at the Physical Security Village, and works with the rest of the PSV team to teach how to recognize and fix security exploits to the community. Graphic design is her passion.
SpeakerBio: Terry LuanTerry is a recent Computer Engineering graduate. As one of the Village Leads for the Physical Security Village, he helps with much of the Village logistics, as well as volunteer and external management. His main areas of interest are in security (both physical and virtual) and lockpicking, and he loves teaching people about various security exploits.
- ics Calendar file
This event was born out of the fires of DEF CON. Through years of analyzing network traffic for the Wall of Sheep and teaching others how to do the same, we built this system as a way to help the growing numbers in our community learn (fast). Then it quickly turned into the first defensive based CTF at DEF CON and is one of the longer running competitions at con with a twist... Each year we practically re-invent ourselves, bringing the latest tools & techniques along with never seen before content across 17 categories to unleash hell on the mostly-unsuspecting attendees. For ’24 we have added tons of new content, and new types of challenges never seen before.
Come compete in the world's most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.
- ics Calendar file
This booth will have several reverse engineer demonstrations and an automotive threat intelligence review.
There will be 10-15 automotive security CTF challenges this year ranging from reverse engineering, telemetry, grand theft auto, crypto, vehicle networks, and exploitation.
1st place prize is a car!
A fun scavenger hunt designed for DCNextGen kids to participate in and learn about the Car Hacking Village.
There will be swag items handed out to the kids as they move through the scavenger hunt.
There will be 1 Semi-Truck and 2 Electric Vehicles on site for people to plug into.
DEFCON attendees must follow the rules for each of the vehicles. There will be large ORANGE signs with the rules detailed on them.
- ics Calendar file
The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEMs and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.
With the largest collection of hackers in one area, there's no better way to understand the security state of an industry without bringing it to security professionals to break. Over the past 10 years, the Car Hacking Village has been the focal point of interest for new hackers entering the automotive industry to learn, be a part of and actually test out automotive technologies. We plan to use this event to keep drawing attention to the automotive security industry through hands-on challenges.
- ics Calendar file
Caso de estudio sobre como se realizo el pentest de una Chapa inteligente que se pretendía utilizar en la Fascia de cajeros automáticos, al final, se logro encontrar una vulnerabilidad que ponía en riesgo la apertura de cualquier chapa perteneciente a la empresa fabricante, ya que las llaves AES que utiliza se podía extraer por medio de una vulnerabilidad IDOR. Con la información obtenida de llaves, y con información de logs de su app móvil permiten entender como se implementaba el algoritmo de encripcion. Finalmente se creo un BOT en telegram el cual resolviera los challenges que solicitaba la chapa para poder realizar la apertura. La Metodologia utilizada para el análisis no es nueva, se baso en el trabajo de presentaciones DEFCON anteriores, por lo que referencias a esos trabajo estaran incluidos en la presentación, la intención principal de la platica es que sirva como guía para el futuro análisis de este tipo de dispositivos.
SpeakerBio: Cesar Ortega Ortega, Total Cyber-Sec - Cyber Security ConsultantCyber Security Consultant in México
Interested in finding bugs in embedded systems
CTF Player
- ics Calendar file
SpeakerBio: Herming Chiueh, Deputy Minister at Ministry of Digital Affairs, TaiwanHerming Chiueh received the B.S. degree in electrophysics from National Chiao Tung University, Hsinchu, Taiwan, and the M.S. and Ph.D. degrees in electrical engineering from the University of Southern California, Los Angeles, CA, USA. From 1996 to 2002, he was with the Information Sciences Institute, University of Southern California, Marina del Rey, CA, USA. He currently serves as Deputy Minister at Ministry of Digital Affairs, Taiwan. He is currently on-leave from the faculty member of Department of Electrical and Computer Engineering, National Yang Ming Chiao Tung University, Hsinchu, Taiwan.
- ics Calendar file
The inception of this distinctive event occurred at DEF CON 31, initiated by a fortuitous encounter with CookieT while participating in LineCon for merch. Our shared passions fostered an immediate bond, and it was amidst this camaraderie that the idea for a future challenge germinated. Having previously engaged participants with puzzle-embedded challenge coins, I (Chasse) was inspired to expand the concept beyond a mere cipher. The aim was to design a contest that would appeal across a broad spectrum of skill levels by integrating a variety of puzzles, both modern and traditional, to attract a wider audience from a complete beginner new to the hackerspace to the more seasoned and advanced hacker. Observing the collective enthusiasm as participants unraveled the first simple coin puzzle was exhilarating, yet the quick resolution of the puzzle occasionally detracted from the overall experience for more advanced puzzle solvers. Throughout DEF CON 31, CookieT and I explored the feasibility of a web-based challenge CTF, laying the foundation for what would evolve into a pioneering contest and experience. Later Raven emerged from the shadows of cyberspace to help us chisel out the contest from Zeroes and Ones
With the announcement of DEF CON 32's theme, our concept was honed, ready to blend our creative talents into this year's challenge. We crafted an innovative combination of a narrative-driven journey game, scavenger hunt, and web-based Capture The Flag (CTF) challenges, all meticulously aligned with the DEC CON 32 "Engage" theme. This contest emerges as a holistic platform, introducing DEF CON newcomers to core security principles through an engaging narrative. Spanning a variety of fields including OSINT, cryptography, radio, telephony, password, and web security. It promises a rich, diverse experience! Participants, automatically divided into teams, are propelled on a quest to decode puzzles and unearth flags, with challenges designed to suit everyone from novices to veterans seeking sophisticated, intricate challenges. This contest transcends the conventional competition framework, evolving into an artful endeavor that illustrates the symbiosis of storytelling and technical puzzles to create a deeply immersive learning adventure. Imagined as an interactive storybook, it invites attendees to navigate their own routes, making their own choices that lead them through a story-rich exploration of security concepts and engagement even with each other.
The technical infrastructure of this experience is built on varied technologies. The main website, https://www.chassepartie.com, is developed with Ruby on Rails 7.1 and hosted on Heroku, with CloudFlare acting as our Web Application Firewall (WAF). This site functions as the scoreboard and narrative hub of the contest. Additionally, we have set up an XCP-NG hypervisor to host approximately 10 to 15 virtual machines as targets for participant engagement. Augmented reality markers are also in place, intended for deployment in communal areas like sticker boards, to enhance the experience. These elements are interwoven with the storyline, guiding attendees through what we believe is an unprecedented adventure-style CTF challenge named Chasse Partie Systems – Dystopian Apocalypse Resistance Terminal.
So come and join us on our deviant journey, what are you waiting for?
- ics Calendar file
This is an audience-participation talk in the style of the 1980s Choose your own Adventure books. We will expose the audience to a quasi real life incident, giving them the choice to choose how they deal with that incident. This will give insight in to the difficult choices that have to be made by operators in real time.
SpeakerBio: Ken Munro, Partner and Founder at Pen Test PartnersKen Munro is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He and colleagues hold private pilot’s licenses and have been interested in aviation security for many years. They also publish and blog about their research into aviation cyber security, covering topics from airborne connectivity, the potential risks of publicly available avionics component information, and even the entire attack surface of the modern airport. Ken and Pen Test Partners have also been invited to speak at various aviation industry events, and on aviation at specialist security events such as DEF CON’s Aerospace Village, the Global Connected Aircraft Summit, and the Aviation ISAC Summit among others.
- ics Calendar file
Making and deploying double bazooka antenna out of commonly available materials.
SpeakerBio: Seth
- ics Calendar file
During this talk, we will cover the critical importance of permissions management in integrations, especially in cloud environments, and how an inappropriate permissions standard can create significant vulnerabilities for attackers. We will explore how an attacker can leverage legitimate permissions to perform privilege escalation in the cloud, highlighting the fundamental differences between Attack Vector and Attack Path. Additionally, we will examine the most effective and shortest path an attacker can take to achieve success in their goals. We will also discuss strategies to improve security in this context and mitigate these threats.
SpeakerBio: Filipi Pires, Founder at Black&White TechnologyI’ve been working as Security and Threat Researcher and Cybersecurity Advocate at senhasegura, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
- ics Calendar file
If you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!
Our CTF is a two days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.
You can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? :D
- ics Calendar file
CMD+CTRL Web App Hacking Challenge gives you the opportunity to showcase your red team skills by attacking real web applications. The CMD+CTRL platform is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real world systems at risk.
At DEF CON 32: We will be replaying some of our Cyber Range Greatest Hits. We will be running 4 different Ranges with over a 150 challenges possible!
- ics Calendar file
CODASM aims to decrease a stageless payload's Shannon entropy, which was found to be a simple but annoying detection vector used by EDRs. It's a Python program that processes arbitrary binary inputs and produces a C program consisting of two parts: a buffer holding generated x86-64 ASM instructions with the original payload encoded into it, and a set of functions that can decode the ASM at runtime. The buffer is designed to be compiled into the final payload's .text section, thus it looks like regular (if not functional) code to AVs, EDRs and analysts. This encoding effectively decreases the payload's Shannon entropy but comes with a significant increase in output size. The demo will cover usage of the tool and dissection/reverse engineering of the resulting payload.
SpeakerBio: Moritz Laurin Thomas, Senior Red Team Security Consultant at NVISO ARESMoritz is a senior red team security consultant at NVISO ARES (Adversarial Risk Emulation & Simulation). He focuses on research & development in red teaming to support, enhance and extend the team’s capabilities in red team engagements of all sorts. Before joining the offensive security community, Moritz worked on a voluntary basis as a technical malware analyst for a well-known internet forum with focus on evading detections and building custom exploits. When he isn’t infiltrating networks or exfiltrating data, he is usually knees deep in research and development, dissecting binaries and developing new tools.
- ics Calendar file
We are living through a time period where not only are wars being fought, on land, sea, air, and cyber, but we have all been drafted into a misinformation, disinformation, and malinformation war that many of us were not given the proper tools or training for. The times we exist in are unprecedented, and the more that people primarily consume their information online, the more susceptible we all are to becoming influenced by operations that are coming foreign adversaries as a means of not only spreading misinformation, disinformation, and malformation, but as means of dividing and polarizing our nation. How can we resist that? What can we look for? Is there a framework the average voter can use? Join us for this fireside chat to learn more and equip yourself for the upcoming election.
Speakers:Constantine Nicolaidis,Catherine TerranovaConstantine leads a Risk Management practice that focuses on securing U.S. privately owned critical infrastructure. Over the last decade he has leveraged his expertise in security and data-based product development to create tools for security professionals. Constantine has also spent the last 5 years developing a geopolitical modeling system to help forecast and describe the nature of political and social crises. He advises various security groups on the nature of modern multi-domain warfare with an emphasis on the cyber and cognitive domains. Constantine holds a Master’s Degree in Human-Computer Interaction from the Carnegie Mellon School of Computer Science and is currently enrolled in the Master’s in Cybersecurity Degree program at the SANS Technology Institute.
SpeakerBio: Catherine TerranovaCatherine Terranova is a Columbia University alumna and researcher. Her current focus is on cyber security and election integrity with an emphasis on misinformation, disinformation, and malinformation, known as information integrity. Ms. Terranova joined the team in 2021 and has been growing and developing the Voting Village since DEF CON 29. She heads all aspects of the program and manages other related projects focused on the global preservation of democracy.
- ics Calendar file
Come make a call in front of our soundproof booth. We provide everything, the target company, their phone number, and three objectives to gather (easy, medium, and hard). First come, first serve.
- ics Calendar file
Come make a call in front of our soundproof booth. We provide everything, the target company, their phone number, and three objectives to gather (easy, medium, and hard). First come, first serve.
- ics Calendar file
Without plan or intent, three Makers took three paths to achieve colorful badges and none were smart enough to turn back. Join our panel discussion to learn our different approaches, the strengths and weaknesses of each, and ask your probing questions. Perhaps you too will be foolish enough to venture into the technicolor labyrinth.
Speakers:Abhinav Panda,Bradán Lane,HamsterAbhinav's artistry comes from the times he used to sneakily paint drawings made by his sister. His hacking career began as a toddler, disassembling his toys but never put them back together. His entrepreneurial roots come from selling snacks at a school fair and making a loss of $10. Having learned how not to make money, he launched Hackerware.io and the rest, as they say, is history.
SpeakerBio: Bradán LaneBradán graduated third grade with a degree in crayon. This, combined with his unwavering belief in "how difficult could it be", makes him eminently qualified to speak on the nuances of color theory in electronics design.
SpeakerBio: HamsterHamster is an engineer who watched too much MacGyver as a kid and is now doomed to invent more and more complicated ways to make the Angry Pixies dance.
- ics Calendar file
Uncensored LLMs represent a category of language models free from ethical constraints, thus prone to misuse for various malicious purposes like generating malware. However, their capabilities fall short compared to commercially available LLMs, which are censored and unsuitable for such nefarious activities. Previously, researchers could bypass censorship in LLMs to generate malicious content using Jail Breaks. However, over time and with the introduction of new security measures, such exploits have become increasingly rare. In this research, we propose a novel technique in which we combine censored and uncensored LLMs for the generation of ransomware. The uncensored LLM will generate the initial malware, which will then be refined by the censored LLM to create a final, functional ransomware. We have tested the developed Ransomware in latest version of Windows OS and found it suitable for exploitation purposes. Additionally with minor efforts the rasnowmares can be updated using LLM for code obfuscation and unnecessary functionality addition for bypassing antivirus and antimalware solutions.
SpeakerBio: Muhammad Mudassar Yamin
- ics Calendar file
Presented by Jake Jepson and Rik Chatterjee, two Systems Engineering Master's students at Colorado State University, this talk delves into the critical security implications within the trucking industry, particularly focusing on Electronic Logging Devices (ELDs). These devices, integral to compliance with Hours of Service regulations, present unique cyber-physical threats due to their networked nature and lack of standardized security protocols.
The presentation will walk through examining potential remote exploits via wireless ELD compromise, leading to cyber physical control payloads and even wormable scenarios. Key vulnerabilities identified include insecure defaults and poor security practices shown on a commercially available ELD. These vulnerabilities not only expose truck networks to potential unauthorized control but also highlight systemic issues in device certification and security oversight.
The talk will cover their journey from acquiring and reverse engineering ELDs, discovering their common architectures and weaknesses, to demonstrating proof of concept attacks that underline the urgent need for industry-wide security reforms. Notably, Jepson will discuss his first CVE, detailing the coordinated disclosure process and subsequent manufacturer response.
This session is semi-technical, ideal for cybersecurity professionals and amateurs alike, interested in vehicle network protocols, and embedded systems security. Prior knowledge of network protocols such as CAN and J1939, along with an understanding of firmware reverse engineering, will enhance the learning experience, but is not required. Tools and techniques used include network scanners, reverse engineering platforms like Ghidra, and various wireless communication methods.
By attending this presentation, participants will not only understand the specific security flaws affecting heavy vehicles but also appreciate the broader implications for embedded systems security in transportation. This talk is a call to action for improving security practices and regulatory standards in an increasingly interconnected world.
Currently, Jake serves as a graduate research assistant in the Department of Systems Engineering, working under the guidance of Dr. Jeremy Daily. His role involves collaborating with a team of skilled professionals to conduct research on cybersecurity and digital forensics within the heavy vehicle industry. Jake's academic journey has emphasized the significance of pursuing a career he is passionate about, and this position has further solidified his love for collaborative problem-solving.
SpeakerBio: Rik Chatterjee, Graduate Research Assistant, Department of Systems Engineering at Colorado State UniversityCurrently, Rik serves as a graduate research assistant in the Department of Systems Engineering at Colorado State University, working under Dr. Jeremy Daily. His role involves research on security of protocol implementations and cybersecurity in the domain of commercial heavy and medium duty vehicles. Driven by a passion for securing embedded systems, Rik's work emphasizes the importance of robust security measures in protecting critical transportation infrastructure against emerging cyber threats.
- ics Calendar file
The hype for integrating artificial intelligence into an enterprise’s daily work has become more prevalent after introducing AI-driven systems that use Retrieval Augmented Generation (RAG), such as Copilot for Microsoft 365. But is the trust in such systems and their control over decision-making processes within enterprises rational? Copilot and other RAG-based systems can be misused to cause dissemination of misinformation that negatively impacts decision-making processes without proper auditing and safeguarding of data available to large language models in RAG-based systems.
This talk will demonstrate such an attack that we have termed ConfusedPilot because of its ability to turn Copilot into a confused deputy. The attack occurs when a malicious document is introduced to the data pool (documents, presentations, other relevant files, etc.) related to a topic affecting the enterprise’s decision-making process. The malicious document contains a combination of corrupt data and malicious strings that suppress the correct documents related to the topic and respond to the user’s query with only the information present within the malicious document. Furthermore, the talk highlights how this attack can persist after deleting content within the malicious document or the document itself. The talk also points to the larger implications of such attacks, highlighting their cascading effect and existing security measures that can be used to reduce the attack’s effectiveness. Our talk sheds light on the current attacks and potential security measures that can shield enterprises from the adverse effects of such attacks on their AI-driven systems.
Speakers:Ayush RoyChowdhury,Mulong Luo,Mohit Tiwari
- ics Calendar file
Interpret the vast amount of alerts (from different sources) received with a comprehensive, hands-on autonomous attack correlation & false positive detection workshop designed to enhance your proactive defense in the cloud. The workshop aims to demystify the process of identifying coordinated attacks amidst this noise, empowering attendees to improve their efficacy & utilize the cloud cost-effectiveness.
No data science expertise is required. Little cloud & secops expertise is required.
Intro: - The session begins with a foundational overview of event analysis challenges and state of the art. - Participants will learn about the ATT&CK framework, focusing on its Flows, Tactics, & Techniques to standardize threat detection.
AI & Data: - A deep dive into accessible open-source AI tools will follow, featuring clustering algorithms, natural language processing, & Markov chains. - Guidance on importing, cleaning, & normalizing data will ensure accuracy in subsequent analyses. - Participants will have access to a demo environment to apply these tools interactively.
Mapping Alerts: - Techniques for automated mapping of alerts to ATT&CK will be demonstrated. - Attendees will engage in mapping exercises using AI.
Clustering Alerts: - The workshop will cover clustering methods based on temporal, spatial, & technical attributes. - Participants will engage in clustering sample alerts to form contextualized attack steps.
Correlating Alerts: - The importance of killchains in cybersecurity will be highlighted, with methods to link attack steps into cohesive killchains. - Participants are guided in creating & analyzing killchains to identify coordinated attacks.
Tickets: - Criteria for creating FP Tickets, Incident Tickets, & Attack Story Tickets will be outlined. - Participants will engage in generating sample tickets, ensuring each type is comprehensive & actionable.
Integrating & QA: - The session will cover integration into existing SOC setups & automation using scripts & tools. - Demonstrations will show how to maintain & update the system for continuous improvement, emphasizing cost-effective cloud automation. - QA, troubleshooting, & further resources.
By the end of this interactive workshop, participants will have experience with AI tools mapping alerts to Techniques, clustering them into contextualized attack steps, & constructing comprehensive killchains to uncover coordinated attacks. Additionally, they will learn to generate actionable tickets for immediate response & long-term improvements in their security posture, all without needing advanced data science knowledge. This session encourages practical application in participants' environments & further exploration of the vast capabilities of open-source AI in cybersecurity, & showcases the power of cloud cost-effectiveness in big data analytics (sagemaker, s3, lambda, etc.).
SpeakerBio: Ezz TahounEzz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management.
- ics Calendar file
Aeva Black is an open-source hacker and international public speaker with 25 years of experience building digital infrastructure and leading open-source projects. They previously served on the OpenSSF Technical Advisory Committee, OpenStack Technical Committee, Kubernetes Code of Conduct Committee, and led open-source security strategy within the Microsoft Azure Office of the CTO. In their spare time, Aeva serves on the Board of the Open-Source Initiative and enjoys riding motorcycles and supporting the local LGBTQ+ community.
- ics Calendar file
Skills are learned, but application is art. Much like an artist learning the skill to draw, in this workshop, we learn the skill to identify and create byte-sized adversary emulation-based tests. By reading a report with the lens of MITRE ATT&CK, we identify procedures that link back to MITRE ATT&CK techniques or sub-techniques, which allows us to create an atomic red team test based on the reporting. However, like every artist faces when putting pen to paper, the skill of drawing is not the same as the skill of creating. Using art forgery concepts to help us overcome these obstacles, we walk through how to navigate the gaps in reporting and emulate versus simulating the adversary. Participants are encouraged to finish out the atomic tests and contribute to the public Atomic Red Team GitHub. Welcome to the club of legal copycats. Intended audience: International audience with English is a second language. Beginner to intermediate skill. Basic level of programing knowledge and cyber security concepts required. Students are expected to provide their own laptop. Have a GitHub account & understand the clone, git and pull commands.
SpeakerBio: Cat Self, Principal Adversary Emulation Engineer (MITRE ATT&CK)Cat Self is a Principal Adversary Emulation Engineer working as the macOS/Linux Lead for ATT&CK®, malware developer for MITRE ATT&CK® Evaluations, and SME for International Programs. Cat started her cyber security career at Target and has worked as a developer, internal red team operator, and threat hunter. Cat is a former military intelligence veteran and pays it forward through mentorship, workshops, and public speaking. Outside of work, she is often planning an epic adventure, climbing mountains in foreign lands, learning Chinese, or meeting great people salsa dancing.
- ics Calendar file
Given access to the start time, duration, method of encoding, and an all-powerful quantum receiver, could you perform the "simple" task of detecting whether two or more parties were attempting to communicate? Covert communication, or low probability of detection, demonstrates that it is possible to hide signals within noise so effectively that even an all-powerful quantum adversary would have a vanishing probability of detecting the signal’s presence. In this talk, I'll provide a high-level overview of covert communication and its extension to the quantum regime. I'll discuss the theoretical underpinnings of covert quantum communication, and how we can practically implement such a system. Finally, I'll discuss the ethical considerations of this work and why we should care about it.
SpeakerBio: Evan AndersonDriven by a deep curiosity about the nature of information, Evan Anderson transitioned from software engineering to pursue a PhD in quantum information theory and photonic quantum information processing. He is curious about all aspects of information, from its fundamental structure within physics to how we manipulate it to suit our needs in day-to-day conversations. Evan is currently in his final year as a PhD student at the University of Arizona, the home of the Center for Quantum Networks, where his research primarily focuses on covert communication over quantum channels and quantum coding theory.
- ics Calendar file
Welcome to Day 2 of the 11th CPV at DEF CON! A brief overview of the state of the village, talks for the day, plus what's available at the village and what's gone, we might actually run out of friendship bracelet supplies this time around…
- ics Calendar file
Are you getting stuck on solving ciphers in challenges? Not sure who or what Caesar is? What is "polyalphabetic" or "transposition"? Is this even relevant to modern day cryptography? Come on over for the Intro to Ciphers talk! Talk time: 5-15 minutes
- ics Calendar file
Are you getting stuck on solving ciphers in challenges? Not sure who or what Caesar is? What is "polyalphabetic" or "transposition"? Is this even relevant to modern day cryptography? Come on over for the Intro to Ciphers talk! Talk time: 5-15 minutes
- ics Calendar file
Zoogleta has been scheming to corporatize and enshittify the Internet through regulatory capture, squashing indy devs, and commodifying users.
You've been contacted by journalists and whistleblowers who need help sifting through some big dumps of encrypted data and password hashes.
Help them so they can publish the smoking gun, crash Zoogleta's stock price, and get their leadership and the corrupt politicians they own arrested by exposing their internal dirt, for great justice.
Time is of the essence! You will have 48 hours to crack as many files and hashes as possible.
Open to all; preregistration is recommended. Compete in the Street class for individuals or small teams, or in Pro if you do not want to sleep all weekend. Check out past years' contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/
- ics Calendar file
In-person contest Friday: 10:00 to 15:00, Qualifications Contest Area Saturday: 16:00 - 19:00 Contest Stage
What happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.
Teams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our "Team Distraction" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.
Crash and Compile is looking for the top programmers to test their skills in our contest. Do you have the problem solving and programming ability to complete our challenges? More importantly can you do so with style that sets your team ahead of the others? We encourage you to try your hand at the Crash and Compile qualifiers. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest event.
Qualifications for Crash and Compile will take place 10:00 to 15:00. Come see us in contest area West Hall 4, or if you are excited to get started, qualifying can be completed from anywhere, as it takes place online at https://crashandcompile.org. You need a two hour block of time to complete the qualifying round. Points are awarded based on time to complete and problem difficulty.
- ics Calendar file
The AMSAT Ground Control and CubeSat simulator emulates how satellite communications are used. Ground control communicates via UHF to the cubesat.
SpeakerBio: AMSAT
- ics Calendar file
The year is 1984… Ronald Reagan is President, it is a “New Mourning in America.” In Texas, a small cabal of malcontents meet in an abandoned slaughterhouse, decorated with heavy metal band posters, satanic iconography, and, most ominously, the skull of a DEAD COW… As pirated copies of speedmetal and punk music play in the background, these erstwhile revolutionaries speak of their disillusion with The Way Things Are, and their obsession with their new computers. All over America, teens were waking to not just the typical dissatisfaction of adolescence, but the awareness that via these new modes of communication and interaction, they could meet like-minded others, have some illicit fun, and maybe, just maybe, change the goddamn world.
1984 wasn’t the beginning of hacking, but brought perhaps the first real blossoming of the culture. The spread of the personal computer, and the modem, brought the birth of not just cDc, but the Legion of Doom, and 2600 Magazine. 1985 would bring Phrack Magazine, and a true explosion in the written culture, with t-files becoming the currency of the Truly Elite. In this session, members of cDc, 2600, LoD, MoD, and r00t will talk about what made them hackers and phreaks, swap stories, and answer questions posed by Prof. Walter Scheirer of the University of Notre Dame and audience Q&A.
Speakers:Deth Veggie,Walter J. Scheirer,Patrick “Lord Digital” Kroupa,John Threat,Emmanuel Goldstein,X,TommydCatcDc Minister of Propaganda, Archaeologist, Gadabout. Cultee since 1990, r00t since 1995, K-rad since birth.
SpeakerBio: Walter J. ScheirerDennis O. Doughty Collegiate Professor of Engineering at the University of Notre Dame. Author of A History of Fake Things on the Internet (Stanford University Press, 2023)
SpeakerBio: Patrick “Lord Digital” KroupaMember Legion of Doom (LoD) & cDc, Co-founder Mindvox
SpeakerBio: John Threatworld renowned hacker, futurist, security advisor, artist, professor, and writer/director. Wired Magazine Cover, 60 Minutes, MoD, 8lgm, & r00t
SpeakerBio: Emmanuel GoldsteinEditor & Publisher 2600 Magazine, HOPE Conference coordinator, host of WBAI's "Off The Hook”
SpeakerBio: XHacker/Vulnerability Archivist, r00t, creator of one of the earliest and longest running vulnerability databases in the World.
SpeakerBio: TommydCatTechnology Generalist and Oldskool Denizen of the Computer Underground, from the 80s onward, TdC’s ridden the wave from the days of dumping G-PHilez on AEs to dumping DBs in S3s.
- ics Calendar file
GPS Jamming and GPS Spoofing. Vulnerabilities in typical GPS receivers Some simple mods that can help Direction finding on GPS Jammers. Overview of DF techniques Artillery Radars Jam resistance HF Communications. (Basically the same thing the Germans did when they were in the Ukraine!)
SpeakerBio: Kent BritainKent has an extensive background in Electronic Warfare and will be discussing some of the techniques being used in the Russia-Ukraine conflict
- ics Calendar file
Various cyber tools and techniques have been utilized based on information from past attacks. Game players will learn about different cyber security frameworks, cyber-attack processes, and how they can use utilised in a fun way. The game is built to teach key cyber terms, theory and apply techniques based on real-world scenarios.
As a player, you are part of a Global Cyber Protection Team (GCPT) assigned to the mission to prevent various attacks on critical infrastructure. Your task is to use the available information that your team has at your disposal to stop the adversary from achieving their objective.
Players will find themselves in a variety of future scenarios based on a specific industry/sector focus e.g. manufacturing, utilities, defense, finance. The task will be to defend each individual network/system to govern, identify, detect, respond and recover against abnormal/suspicious activities on the network. You will be working against a global hacker network who are threatening to disrupt the overall operations of global critical infrastructure sites for their own nefarious means.
Your team must protect various networks/systems as part of a global environment. If 5 or more systems are compromised and deactivated, the hacker network successfully disabled the global environment and can assume control of the entire environment. It is your mission to protect the environment and ensure the availability of the global system.
- ics Calendar file
Imagine GCHQ's CyberChef integrated in BurpSuite with live modification of requests at your fingertips. That's exactly what we had in mind when we built the Cyber Security Transformation Chef (CSTC) a few years ago. The CSTC is an extension to the popular BurpSuite Proxy built for experts working with web applications. It enables users to define recipes that are applied to outgoing or incoming HTTP requests/responses automatically. Whatever quirks and specialties an application might challenge you with during an assessment, the CSTC has you covered. Furthermore, it allows to quickly apply custom formatting to a chosen message, if a more detailed analysis is needed. After the initial release the CSTC is finally back! It contains new features and improvements such as many new operations to be used in recipes, inclusion of community requested features and a refactoring of the codebase. Alongside the CTSC we will launch a new public repository with recipes we found useful in our experience as penetration testers and of course open for contribution by the community. This helps the community to solve common challenges and getting started working with the CSTC.
Speakers:Florian Haag,Matthias GöhringFlorian Haag is a managing security consultant at usd AG with experience in penetration testing, software security assessments as well as code reviews. He is specialized in penetration tests of thick client applications, leveraging his background in software development to reverse engineer proprietary client applications and network protocols. In addition, he maintains several open source tools for web application pentesting presented at international conferences like BlackHat and DEF CON.
SpeakerBio: Matthias Göhring, Security Consultant and Penetration Tester at usd AGMatthias Göhring is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. He is Head of usd HeroLab, the division of usd specialized in technical security assessments. In addition, he holds lectures at Technical University Darmstadt and University of Applied Sciences Darmstadt on ethical hacking and penetration testing. In previous scientific work, he focused on network and communication security as well as software security.
- ics Calendar file
Cyberjūtsu is a new way to teach cybersecurity inspired from martial arts trainings. It is an educational way which allows everyone (novice to expert) to practice together and improve themselves in cybersecurity through confrontation. It follows budō (judo, jujitsu, karate...) principles and ethical code. The goal is to reach "maximum-efficient use of computer" in a "mutual benefit" of a human confrontation. It's a digital martial art fight e-sport using linux shell. No matter your technical background—from 10-year-olds to technical experts like pentesters and red/blue teamers—this workshop is designed for you. The only prerequisite is basic reading, writing, and counting knowledge. Experience real live adversary sparring and see how even those with less knowledge can outmaneuver more experienced participants. Join us for an interactive session with 14 players participating and others welcome to watch. Enhance your cybersecurity skills through collaborative and practical exercises.
Speakers:Alexandre CABROL PERALES,Quentin Fraty,Alaric BeckerPresident of WOCSA France, Cyberjutsu Project Leader for WOCSA Head of Managed Detection and Response Services at Sopra Steria Cybersecurity External Professor at Cybersecurity Master (SSIR) for Science University of Toulouse, France. 1st dan Judo Jujitsu
SpeakerBio: Quentin Fraty, Threat Intelligence Analyst and Reverse at Sopra SteriaI'm passionate about cybersecurity: since I joined my engineering school in 2021, I started organizing cybersecurity workshops for WOCSA. Attendees range from experiences pentesters to curious teenagers that simply want to have some fun, but I believe that we can all learn something from eachother.
SpeakerBio: Alaric Becker, SOC Analyst and Threat Hunter at Sopra SteriaWOCS'HACK Project Leader for WOCSA France. Security Operation Center Analyst at Sopra Steria Cybersecurity. 3rd dan Judo Jujitsu
- ics Calendar file
- ics Calendar file
- ics Calendar file
Nitin Natarajan was appointed to serve as the Deputy Director for the Cybersecurity and Infrastructure Security Agency (CISA) on February 16, 2021. Prior to joining CISA, Natarajan served in a variety of public and private sector positions spanning over 30 years. Most recently he served as an executive with consulting firms within the National Capital Region, providing subject matter expertise on a variety of topics, including cybersecurity, homeland and national security, critical infrastructure protection, environmental emergency management, continuity of operations, and health security matters. Natarajan also held a number of federal government roles to include Deputy Assistant Administrator at the U.S. Environmental Protection Agency, the Director of Critical Infrastructure Policy at the White House/National Security Council, and as a Director at the U.S. Health and Human Services overseeing healthcare and public health programs. Prior to serving in the federal government, Natarajan served in positions at the state/local government level and served as a hospital administrator in New York. At the beginning of his career, Natarajan spent 13 years as a first responder in New York, which included service as a flight paramedic. He was the Commander of a federal medical response team, based in New York, and has extensive experience deploying to natural and man-made disasters throughout the nation. He holds an undergraduate degree from the State University of New York and a graduate degree from the United States Naval Postgraduate School.
SpeakerBio: Christian Dameff, Emergency PhysicianMDDr. Christian Dameff is an Emergency Physician, Clinical Informaticist, and researcher. Published clinical works include post cardiac arrest care including therapeutic hypothermia, novel drug targets for acute myocardial infarction patients, ventricular fibrillation waveform analysis, cardiopulmonary resuscitation (CPR) quality and optimization, dispatch assisted CPR, teletoxicology, clinical applications of wearables, and electronic health records.
Dr. Dameff is also a hacker and security researcher interested in the intersection of healthcare, patient safety, and cybersecurity. He has spoken at some of the world’s most prominent hacker forums including DEFCON, RSA, Blackhat, Derbycon, BSides: Las Vegas, and is one of the cofounders of the CyberMed Summit, a novel multidisciplinary conference with emphasis on medical device and infrastructure cybersecurity. Published cybersecurity topics include hacking 911 systems, HL7 messaging vulnerabilities, and malware.
SpeakerBio: Andrew Carney, Program Manager at Advanced Research Projects Agency for Health (ARPA-H)Andrew Carney joined ARPA-H in July 2023 from HSBC’s Cybersecurity Science and Analytics group, where he worked as a principal researcher. He has over 15 years of experience in software and hardware vulnerability research, technical education and training, and management of research and development teams.
In addition to his role as program manager with ARPA-H, Carney holds a joint program manager appointment with the Defense Advanced Research Projects Agency (DARPA) for the AI Cyber Challenge (AIxCC), a competition focused on securing software in critical infrastructure. Before HSBC, Carney was a technical advisor and contractor for the Defense Advanced Research Projects Agency (DARPA). At DARPA, he supported research efforts focused on reverse engineering, program analysis, human-machine teaming, and automated program repair. Throughout his career, Carney has been involved in competitive hacking (called Capture the Flag, or CTF) as both a player and a competition organizer. He holds a master’s degree in computer science from The Johns Hopkins University.
SpeakerBio: Matt Hazelett, Program Director for the Cybersecurity Focal Point Program in the Office of Product Evaluation and Quality (OPEQ) at FDAI coordinate across the Center for Devices and Radiological Health (CDRH) at FDA on medical device cybersecurity policy development, vulnerability and incident response, and policy implementation across the total product lifecycle (TPLC).
I have led and oversee the implementation of Section 524B, Ensuring Cybersecurity of Devices, of the Food, Drug, and Cosmetic (FD&C) Act and the FDA guidance, Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions. This includes making available training for over 1000 review staff and managers, developing submission support resources (eSTAR Template and help text), developing support resources for review staff, and answering policy questions.
Also, as the Program Director for the Cybersecurity Focal Point Program in the Office of Product Evaluation and Quality (OPEQ), I work to build reviewer subject matter expertise in medical device cybersecurity as well as build and maintain consistency across the review offices and the TPLC.
SpeakerBio: Erika Cheung, Executive Director at Ethics in EntrepreneurshipCurrently, the Executive Director of Ethics in Entrepreneurship, a non-profit whose mission is to foster ethical questioning, culture, and systems in startups and startup ecosystems. We provide programs catered to workers, investors, and founders.
Erika is an advisor to several family offices, venture capital firms, and governmental investment programs focused on healthcare, biosciences, and biotechnology companies. She invests a portion of her time building cross-border networks between the US and the Asia Pacific region to facilitate the growth of companies operating in emerging markets.
Her first job out of college was working for Theranos, where she subsequently was one of the critical whistleblowers reporting the fraud case to regulators preventing the company from providing false lab results to patients. The Theranos scandal has been extensively covered in the media. She's working towards obtaining her ACFE-certified fraud examiner's license to educate others on fraud prevention strategies and develop programs to protect business stakeholders from high-risk ventures. She is also an advisor to several whistleblower advocacy organizations to support individuals who may be retaliated against while reporting misconduct.
She is passionate about innovation ecosystem building, development, economic mobility, affordable healthcare, and public-interest technology projects. She is an avid mixed martial artist in her free time and hopes to support efforts that leverage martial arts to empower trauma survivors
- ics Calendar file
Con el continuo crecimiento de las amenazas en el ciberespacio y la escasez de guías efectivas para analizar, detectar y estar un paso adelante de los adversarios, expondremos durante nuestra plática cómo, a través de la inteligencia de ciber-amenazas y el análisis de malware, podemos desmantelar la infraestructura de los atacantes y anticiparnos a sus objetivos. Utilizaremos técnicas de Threat Hunting para demostrar cómo detectar comportamientos anómalos dentro de una red y proporcionar a los asistentes las herramientas necesarias, incluyendo Indicadores de Compromiso (IoCs), Tácticas, Técnicas y Procedimientos (TTPs), e infraestructura no detectada (Hunting Infrastructure), para enfrentar la actividad maliciosa del malware conocido como DarkGate.
SpeakerBio: Nestor Sánchez, Cyber Threat Hunter at GNPNestor Sánchez es un profesional con 6 años de experiencia en el campo de la ciberseguridad principalmente en Cyber Threat Hunting destacando en la detección temprana de amenazas, el analisis y la mitigación de distiantos adversarios que afectan al sector financiero/asegurador, asi como el desarrollo de inteligencia para un mejor postura de seguridad antes las distintas amenazas que se encuentran en el mundo digital.
Nestor Sánchez ha colobaroado y se ha desempñeado en distintas areas de la ciberseguridad, como son: Cyber threat intelligence, Incidente Response y Digital forensics, desempeñando diversas tareas que han ayudado a mitigar y detectar distintos actores amenaza asi como mejorar la postura de seguridad seguridad de las organizaciones.
Nestor es egresado de la facultad de estudios superiores aragon (UNAM) asi como colaborador del laboratorio de seguridad de la misma, actualmente cuenta con 3 certificaciones dos emitidad por el SANS y 1 emitada por eLearn Security (INE) que son: GCFA - Advanced incident response, threat hunting and digital forensics, GCTI - Cyber Threat Intelligence y eCTHP Cyber Threat Hunting Professional
- ics Calendar file
Darknet-NG is an Alternate Reality Game (ARG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The "Learning Quests" help the agent gather knowledge from all across the other villages at the conference, while the "Challenge Quests" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year's final challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!
- ics Calendar file
Collect the clues, solve the puzzles, show off your aerospace knowledge and technical skills to win a limited edition PCB badge.
SpeakerBio: Lockheed Martin
- ics Calendar file
DARPA and ARPA-H’s Artificial Intelligence Cyber Challenge (AIxCC) will bring together the foremost experts in AI and cybersecurity to safeguard the software critical to all Americans. AIxCC is a two-year competition that asks competitors to design novel AI systems to secure this critical code and will award a cumulative $29.5 million in prizes to Teams with the best systems. In 2024, top teams will be awarded prizes of $2 million each, and will advance to the finals at DEF CON 33. The AIxCC Experience at DEF CON 32 is an immersive and interactive competition environment and educational space to inspire people and organizations to accelerate the development of AI-enabled cyber defenses. Attendees will explore a futuristic city where they can learn all about the competition, the technology, and the power of AI to help secure the software we all depend on.
Registration for AIxCC is no longer open to new contestants. AIxCC Preliminary Events were held March – July 2024.
Semifinalists will be announced here: https://aicyberchallenge.com/
- ics Calendar file
A quieter space for those who want to discuss what they are reading, recommend books, and trade books too. We will have a logo themed sticker.
- ics Calendar file
The DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.
A scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.
- ics Calendar file
Party with DEF CON NextGen. Enjoy some music, and some good conversation with other young DEF CON attendees!
- ics Calendar file
- ics Calendar file
Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.
As part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).
- ics Calendar file
The Data Duplication Village has all the updated bits and bytes available from infocon.org packed up into nice, neat packages. If you're looking for a copy of all the things, we've got what you need to fill up all your storage including a few nice hash tables and all of the DefCon talks. Add to that just about every other security con talk known to hacker-kind! Our village provides a "free-to-you" service of direct access to terabytes of useful data to help build those hacking skills and talk with other storage enthusiasts.
Check the schedule and/or dcddv.org for the most up-to-date information.
The DDV provides a core set of drive duplicators and data content options. We accept 8TB and larger drives on a first come, first served basis and duplicate 'till we can no longer see straight. Bring in your blank SATA3 drives - check them in early - to get the data you want. Come back in about 24 hours to pick up your data-packed drive. Space allowing, we'll accept drives all the way through until Saturday morning - but remember, it's FIFO - get those drives in early!
We're working on more content right up until the last minute so keep checking on dcddv.org for the latest. This year, we're adding new data to duplicate! Humans will be able to choose from the following data sources for duplication:
- ics Calendar file
Honeypots are invaluable tools for monitoring internet-wide scans and understanding attackers' techniques. Traditional low-interaction web honeypots use manual methods to emulate various applications or vulnerabilities. Introducing Galah, an LLM-powered web honeypot that mimics diverse applications with a single prompt. This honeypot dynamically crafts relevant HTTP responses, including headers and body content, to various HTTP requests, effectively simulating multiple web applications. In this talk, I will share lessons learned from building and deploying Galah and address two key questions: How do different large language models perform in generating HTTP messages? Does delivering authentic-looking HTTP responses increase attackers’ engagement with the honeypot?
SpeakerBio: Adel Karimi, Senior Security Engineer, Detection at NianticAdel Karimi is a senior security engineer, detection at Niantic. Before joining Niantic, he served as a lead security engineer at Google and Salesforce, specializing in detecting and responding to "badness." Beyond his day job, Adel, a longtime member of the Honeynet Project, dedicates his expertise to developing open-source projects such as Galah, reflecting his keen interests in honeypots, network fingerprinting, and the broader spectrum of threat detection.
- ics Calendar file
Held every year since DEF CON 19 in 2011 (R.I.P. Riviera), (Except during that COVID thing - but we are not going to talk about that COVID thing), the DEF CON (unofficial) Beard and Mustache Contest highlights the intersection of facial hair and hacker culture.
For 2024 there will be four categories for the competition you may only enter one: - Full beard: Self-explanatory, for the truly bearded. - Partial Beard: For those sporting Van Dykes, Goatees, Mutton Chops, and other partial beard styles. - Mustache only: Judging on the mustache only, even if bearded. Bring your Handlebars, Fu Manchus, or whatever adorns your upper lip. - Freestyle: Anything goes, including fake and creatively adorned beards. Creative women often do well in the Freestyle category.
- ics Calendar file
DEF CON is a siren song for the hacker mind. Clever people around the world hear it and are pulled, every year, to Las Vegas. They mass by the tens of thousands, streaming through the halls of DEF CON to watch talks given by absolute legends about incredible escapades, to gaze in wonder as true wizards bend bytes to their will in the CTF room, and to dream about one day reaching to those heights themselves.
Some have the critical combination of grit, perseverance, raw talent, and (let's face it) privilege to push through to those dreams of greatness. But among even the clever and the motivated, it is rare for n00bs to rise to l33tness without support. Some find this support in inspiring classes in college. Others, among friends or mentors. But many don't find it at all, and remain in the hallways, dreaming.
Do you want to leave the hallways and hack the planet? We are hackers, educators, and learners who are creating DEF CON Academy, a concerted effort to maximize hacker potential by providing open, clear, approachable, and inclusive practical resources for budding hackers to transcend and rule cyberspace. Through extensive DEF CON event presence and year-round hacking resources, we will pro up the noobs of the world and bring the community, at scale, to the next level of skill.
Come, listen, and learn how we can help!
Zardus (Yan Shoshitaishvili) is an Associate Professor at Arizona State University, where he pursues passions of cybersecurity research (focusing on binary analysis and exploitation) and education. Zardus has competed in CTFs for over 15 years, hosted DEF CON CTF, and led Shellphish’s participation in the DARPA Cyber Grand Challengge.
In order to inspire students to pursue cybersecurity (and, ultimately, compete at DEF CON!), Yan created pwn.college, an open practice-makes-perfect learning platform that is revolutionizing cybersecurity education for aspiring hackers around the world.
SpeakerBio: Perri Adams, Special Assistant to the Director at Defense Advanced Research Projects Agency (DARPA)Ms. Perri Adams is a special assistant to the director at DARPA, where she advises stakeholders at the agency and across the U.S. government on the next generation of AI and cybersecurity technology.
Prior to this role, Adams was a program manager within DARPA’s Information Innovation Office (I2O), where, among other programs, she created the AI Cyber Challenge (AIxCC).
Adams has been an avid participant in cybersecurity CTF competitions and was one of the organizers of the DEF CON CTF. She holds a bachelor’s degree in computer science from Rensselaer Polytechnic Institute and is a proud alumna of the computer security club, RPISEC.
- ics Calendar file
Do you have questions about what DEF CON Groups are? Do you need help finding a group near you? Feel free to come ask. Or, just come up and hang out.
- ics Calendar file
Abhishek S is a Security Engineer at Flipkart with primary research focus in application security and red teaming. He is a staff of Adversary Village at (DEF CON) and an executive member of DC0471 group, he has been a speaker for various conferences like C0c0n 23 and Blackhat MEA 23. With over 4 years of experience playing CTF(s) and hunting for vulnerabilities in various VDP programs. He is listed in hall of fames of Google, Facebook, Microsoft and 40+ organizations for finding their security vulnerabilities. He has about four cve(s) from various organizations such as Android, Tenable, StrAPI CMS etc. currently holds various certifications such as OSCP, BSCP, CRTP, GIAC GFACT etc. Other than the technical side, he loves to travel around the world and is a automotive enthusiast.
- ics Calendar file
- ics Calendar file
Whether you're a seasoned DEFCON veteran or a curious newcomer, the DEFCON Scavenger Hunt promises to challenge your skills, tickle your wits, and ignite your hacker spirit. Our list is a portal to mystery, mischief, and mayhem. Assemble your team of up to five members, interpret the items, and submit your findings at the booth to our esteemed judges. Go beyond the basics for bonus points. Legends are born here.
Casual players will enjoy doing a handful of items, but you will need to devote your entire weekend if you want to win. It's not just about fame, glory, or boxes of swag; the true allure is the camaraderie of fellow hackers, the knowledge that you've etched your mark on DEFCON history, and the ultimate badge of honor: bragging rights. Nothing says "I'm a hacker" quite like being triumphant at the DEFCON Scavenger Hunt contest.
See you at the booth!
- ics Calendar file
Thursday, Friday, Saturday and Sunday: 05:00 to 08:00, with random pop up meetings throughout the day in the con space.
Defcon.run is an evolution of the now long running DEF CON 4x5K running event. Due to stupendous growth, we’ve been forced to change up the format. This year's activity will look to match up folks for fun runs, and rucks (!), in small distributed groups around Las Vegas. It’s the same old event but at a distributed scale!
Show up in the morning, go for a run with folks, have a good time!
We’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances. Full Information at https://defcon.run
- ics Calendar file
You are a new to the Airport IT staff at the IG International Airport Network Operations Center, working your first holiday travel weekend. It has been a busy day managing the network with the control tower reporting several small glitches.
No alerts have been raised in the network, and the glitches appeared to have been easily handled. While taking your last break of the day, you decide to take a short walk around the concourse to watch the sun set. Suddenly, your cell phone rings and the voice on the other end is a panicked Control Tower Operator. A short time earlier, the tower had observed the runway lights turn off, come back on, and are now randomly blinking. They also mentioned the Operator HMI (Human Machine Interface) controlling the Runway Lighting system is non-responsive and they are locked out of the Maintenance HMI to reboot the system. Time is critical – without the lights, the planes circling the airport cannot land. With limited fuel stores, the planes are unable to divert to another airport. You sit down at your terminal to pull up the maintenance manual and troubleshoot the problem only to discover you are locked out of your account. You are suddenly relieved that management would not let you deploy security updates to the network because they feared service interruptions may occur. Once you regain access to the system and have all the reference material available, you bring up the control logic for the runway lighting system on one screen and the HMIs on another and quickly realize this is not a normal system failure. An unknown hacker or hacker group has ceased and taken control of the system. They have manipulated the PLC’s (Programmable Logic Controller) and impacted the HMIs. Time is of the essence to restore operation to the Runway Lighting control system before the planes run out of fuel.
SpeakerBio: IntelliGenesis and IG Labs
- ics Calendar file
America is the second largest democracy in the world. India is the largest. Indonesia is the third. Often times democracy is associated with American Values, but democracies around the globe all share a common thread and have an impact on each other. Join us to hear word=d
SpeakerBio: Harri Hursti
- ics Calendar file
Can you spot suspicious items in packages? Try out your skills.
SpeakerBio: TSA
- ics Calendar file
Everyone else is doing automated testing - why aren't red teamers? Be confident your payload will execute, regardless of the options you picked, by integrating shellidate into your continuous integration pipelines!
SpeakerBio: Nick McClendon
- ics Calendar file
While there are many phishlet templates available on the Internet, but it is rare that they work out-of-the-box for your specific scenario.
This workshop is designed for those who are new to the Evilginx tool, and may have not had hands-on experience developing custom phishlets on their local machine. This workshop aims to give attendees the tools needed to effectively configure phishlet 'yaml' files for their specific situation. Additionally, the workshop will survey the necessary components of the phishlet 'yaml' file, as well as covering useful features new to Evilginx3.
This workshop will not focus on the development of phishing emails, bypassing spam filters, or remotely deploying and protecting Evilginx infrastructure.
This workshop is meant for all levels of experience, but some familiarity with Evilginx prior to attendance will be extremely helpful.
SpeakerBio: Michael Donley
- ics Calendar file
Password managers are routinely granted a massive level of trust from users, by nature of managing some of their most sensitive credentials. For any noteworthy password manager, the encryption standards for user data are well understood and highly scrutinized. What is less understood is the attack surface of the software itself. This presentation explores the local security of the 1Password MacOS desktop application and answers the question of “how safe are my passwords if my computer is infected or otherwise compromised?”.
This talk will cover the outcome of our research into 1Password, presenting several different attacks to dump local 1Password vaults. This includes describing multiple application vulnerabilities and security weaknesses we identified in the 1Password MacOS desktop application, as well as discussing the inherent limitations in its usage of IPC mechanisms and open source software. Additionally, we will discuss novel vulnerabilities found in Google Chrome that aided our exploitation of the 1Password browser extension.
DarthNull’s work around decrypting 1Password vaults: link
Speakers:Jeffrey Hofmann,Colby MorganJeffrey Hofmann is a Senior Offensive Security Engineer with a history of vulnerability research and exploit development. He recreated NSO’s 0 click iOS exploit FORCEDENTRY and discovered pre-auth RCEs in the MDM KACE SMA.
SpeakerBio: Colby Morgan, Leads, Pentest Team at RobinhoodColby Morgan is a Staff Offensive Security Engineer with extensive application and infrastructure security experience. Colby currently leads the pentest team at Robinhood.
- ics Calendar file
The enshittification of the internet wasn't inevitable. The old, good internet gave way to the enshitternet because we let our bosses enshittify it. We took away the constraints of competition, regulation, interop and tech worker power, and so when our bosses yanked on the big enshittification lever in the c-suite, it started to budge further and further, toward total enshittification. A new, good internet is possible - and necessary - and it needs you.
SpeakerBio: Cory Doctorow, AuthorCory Doctorow is a science fiction author, activist and journalist. He is the author of many books, most recently THE BEZZLE and THE LOST CAUSE. In 2020, he was inducted into the Canadian Science Fiction and Fantasy Hall of Fame.
- ics Calendar file
This presentation is part of a graduate research project that delves into the vulnerabilities of Machine Learning (ML) models specifically designed to detect DNS Over HTTPS (DoH) tunnels. Previous research has primarily focused on developing models that prioritize accuracy and explainability. However, these studies have often overlooked the potential of adversarial attacks, leaving the models vulnerable to common adversarial attacks like black-box attacks. This presentation will demonstrate that all cutting-edge DoH tunnel detection models are vulnerable to black-box attacks. Our approach leverages real-world input data generated by DoH tunnel tools, which are constrained in the attack algorithm.
Moreover, we will show specific vulnerable features that model developers should avoid. When this feature type is considered, we successfully evaded all DoH tunnel detection models without using advanced techniques.
Notably, the audience can use the same methods to evade most Machine Learning-Based Network Intrusion Detection Systems, underlining our findings' immediate and practical implications.
ght Scholarship at the University of Arizona and the University of Florida, focusing on malware analysis. Additionally, Emanuel actively contributes to the OWASP Top 10 for LLM Apps. Committed to advancing cybersecurity technology, he shares his expertise through speaking engagements and research collaborations.
This presentation will dive into attacking ML DoH tunnel detection models using adversarial attack techniques for evasion. The key discussion points are as follows:
1 DNS tunnels In this section, we will discuss the evolution of DNS. We will explain why DNS over HTTPS (DoH) was conceived, what motivations drove it, and why vulnerabilities from its predecessor tried to mitigate them. Next, we will demonstrate how attackers can leverage DNS and DoH to create tunnels, which are covert channels for communication that bypass traditional network security measures. These tunnels can be used to exfiltrate information or as C&C (Command and Control) communication channels for malicious activities. Additionally, we will highlight the most popular tools for creating these tunnels using DoH.
2 DoH Tunnel Detection Models This section will discuss the primary datasets the scientific community uses to create ML models for detecting DoH tunnels. We will highlight how to extract features from DoH requests and which are the most used. We will also address the gaps and bad practices in these datasets that lead to developing vulnerable models. Additionally, we will show the best practices for building DoH tunnel detection models, such as choosing the best algorithms, implementing robust feature engineering techniques, and selecting the most relevant features for the model.
3 Adversarial Attacks This section will introduce adversarial attacks, a type of attack that aims to deceive or mislead a machine learning model by providing it with maliciously crafted input data. We will explain how 'white' and 'black' attacks on ML models are executed and how they differ. Furthermore, we will explain how to adapt 'black-box attacks, a type of adversarial attack where the attacker does not know the internal workings of the model, to target DoH tunnel detection models and similar models.
4 Attacking (DEMOs) This section will present demos covering the following scenarios: First, we will demonstrate how basic black-box attacks work for attacking DoH tunnel detection models. Next, we will show a demo using previous attacks, but this time, we will incorporate real-world inputs from DoH tunnel detection tools, constraining the attack algorithm. We will also identify vulnerable features within the dataset that attackers can exploit to bypass the DoH tunnel detection models. Additionally, we will release a patched open-source tool, dnstt, to consider all considered scenarios. Note: The demonstrations will be conducted live, but we will have pre-recorded videos to ensure continuity in case of any issues.
5 Defending This section will explain how to defend against the attacks presented earlier and demonstrate 'good practices and techniques' for protecting against them. We will also show how to build a robust model trained with adversarial attack samples generated from previous attacks, which can help improve the model's resilience to future attacks.
6 Next Steps In the final section, we will outline the future steps in our research and discuss the remaining gaps. We warmly invite new contributors to join our research efforts, as your insights and expertise can significantly advance our understanding in this field. Links:
Experiments (Attacking DoH tunnel detection models): link
Black Box Attack: Zero Order Optimization Attack, constrained to support real doh tunnel tools inputs: link
Dnstt patch (ongoing): You can now run it separately (dnstt + patch). The provided code does exactly that: link
SpeakerBio: Emanuel Valente
- ics Calendar file
Defending a vessel's IT and OT systems while underway can be a matter of life and death. Cliff, Brad, and Phil present a framework for developing 24/7 network and security operations for vessels, addressing such technical topics as limited bandwidth/latency, detection and response, pre-planned actions, and an underway readiness dashboard. We will address technical and risk-management strategies for a SOC and NOC, including how we use a lab environment to simulate security operations for vessels underway.
Speakers:Philip Acosta,Cliff Neve,Brad ProctorPhillip Acosta is the founder and CEO of GuROO LLC. With over 20 years of experience across the federal government in enterprise IT services, secure unified communications, and network engineering, Phil has led the charge to bring Network Operations-as-a-Service (NOCaaS) and cutting-edge communications services to the maritime industry. GuROO is currently delivering NOCaaS to the National Security Maritime Vessel (NSMV) fleet, a new class of vessel primarily utilized as a training vessel for the maritime academies. GuROO is also engaged with several maritime-focused autonomous unmanned platform providers to connect multiple UxVs for oceanographic research, monitoring, and freedom of navigation.
SpeakerBio: Cliff Neve, Vice President of Maritime Cybersecurity at MAD SecurityCliff Neve is the Vice President of Maritime Cybersecurity at MAD Security. He is a 1993 US Coast Guard Academy graduate and a retired Coast Guard Commander with 30 years of IT and cybersecurity leadership in the military and industry. He has served as the acting Deputy of Coast Guard Cyber Command and was instrumental in establishing CGCYBER and MAD's Maritime Security Operations Center, and also served as Deputy CIO of the White House Communications Agency. Cliff has consulted for maritime ports, shipping companies, the US Coast Guard, and the Department of Transportation’s Maritime Administration (MARAD). His deep commitment to securing the Maritime Transportation System drives his advocacy efforts to find innovative and effective ways of securing information and systems in the maritime environment.
SpeakerBio: Brad Proctor
- ics Calendar file
- ics Calendar file
In collaboration with the legendary Kess, the presenters will demonstrate a FOSS (gnuradio) based SDR tool for accessing and exploring wireless attack surfaces present on every ship and large maritime vessel. We will demonstrate abuse of the AIS protocol to cause various forms of mischief, including causing marine navigation and telemetry systems to hallucinate other major vessels and obstructions.
Speakers:Nick Halt,Duncan Woodbury
- ics Calendar file
Earlier this year, I traveled with 2 full suitcases and shipped a 30lbs box to a conference, just to bring along a few readers, a few EACS and mini-doors for a small RFID village. I wanted to make that easier, so this talk will run through the process of planning, designing, and building a better solution, and hopefully make it easier for others to do the same.
SpeakerBio: evildaemond (Adam Foster)evildaemond is a person who works in information security, with focuses in hardware, web pentesting and physsec, and regularly teaches lockpicking and physsec at conferences across Australia. They've released projects like the physsec-methodlogy, enjoys bug bounty and vulnerability disclosure, and has spent more money on stickers than some companies.
- ics Calendar file
Have you ever wanted to break out of handcuffs, pick open a closed bag and shoot your buddy in the chest with a nerf gun? So have we, that's why TOOOL presents the Dozer Drill. A fast paced skill based game where you have to free yourself from handcuffs, open a closed bag, and retrieve the nerf gun to be the first to hit the target. Join us on Friday for qualifiers, through the con for unofficial games, and on Saturday for an official bracket tournament.
- ics Calendar file
Put your drone hacking skills to the test in our Drone CTF. This advanced challenge requires participants to take over a drone mid-flight and develop a payload to hack a DJI drone. This CTF is perfect for those who have some experience in drone hacking or have participated in our Drone Hacking Workshop. It's a great opportunity to showcase your technical prowess and win some cool prizes.
SpeakerBio: Dark Wolf
- ics Calendar file
Experience the thrill of flying a drone in our custom-built cage right on the showroom floor. This activity is designed for everyone to enjoy, from kids to adults. Fly mini drones around the cage and see how well you can control these agile little machines. It's a fun, interactive way to learn the basics of drone piloting in a safe environment.
SpeakerBio: Dark Wolf
- ics Calendar file
Join our Drone Hacking Activity and get hands-on experience with hacking into drone microcontrollers. This three-step in-depth activity is designed to teach you about the vulnerabilities and security of autonomous systems. Using sample drones, participants will learn techniques used in government pen tests. This workshop is suitable for all skill levels, from beginners to advanced hackers. Come and test your skills in a real-world scenario and understand the intricacies of drone security.
SpeakerBio: Dark Wolf
- ics Calendar file
Dive into our interactive choose-your-own-adventure web interface and learn how to hack a drone in a fun, storyboard-based game. This graphical user interface simulates the process we use when hacking drones for the Air Force, allowing participants to make decisions and see the outcomes. It's a beginner-friendly activity that anyone can enjoy, offering insight into the steps involved in drone penetration testing.
SpeakerBio: Dark Wolf
- ics Calendar file
The Drop-Pi is a suite of software developed on a Raspberry Pi to facilitate the automatic bypassing of 802.1x/NAC implementations (pre 802.1x-2010 standards) and establish discrete remote access into target networks. Designed with physical penetration testing in mind, the Drop-Pi can establish remote access inside a target network within a matter of seconds after being plugged in, affording assessors with a quick in and out on an objective. Its built with common and easily sourced hardware which allows for easy and quick provisioning of multiple Drop-Pi devices. When it's not feasible to utilize a target network for egress traffic, the Drop-Pi can easily be configured to employ a wireless connection or mobile hotspot to facilitate access in and out of the network.
Speakers:Doug Kent,Robert DitmerDoug has worked at State Farm for about 20 years. Working on mostly security technologies ranging from Active Directory, PKI, Endpoint protection and finally landing recently on the Pentesting team. Doug has a passion for identifying vulnerabilities and partnering with control solution teams to protect State Farm data and fulfill our promise to customers. He strives to help others with offensive security skills by providing training, guidance, and kill chain demonstrations.
SpeakerBio: Robert Ditmer, Red Team at State FarmRob has been on the State Farm Pentesting Team for 3 years and has recently moved the Red Team. Prior to his time at State Farm, he has worked with various other companies as a penetration testing consultant - enabling him to experience a wide range of technologies and their differing implementations. Rob enjoys the challenge of developing tools and infrastructure to better the skills and abilities of the State Farms Red Team.
- ics Calendar file
We will have several dumb terminals available for all sorts of things courtesy of SCAVHUNT!
- ics Calendar file
EFF's team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Trophy and EFF swag pack. The second and third place teams will also win great EFF gear.
- ics Calendar file
If you're a bug bounty hunter, time can literally mean money. For this reason, automation can be a vital part of how you hunt. But automation has limits. Whether this is hardware limits, target rate limits, WAFs & bot detection, and the list goes on. Successful automation techniques should EFFICIENTLY enhance your hunting. Whether it is being first to a fresh target, or finding targets other hunters haven't. We will go over some techniques and tools to get ahead of the pack, without wasting all your time and money.
SpeakerBio: Gunnar AndrewsI am a hacker, engineer, gamer, and creator from the Midwest. I enjoy being involved in the bug bounty community, meeting new hunters, learning techniques, and building cool software! I have a passion for writing security tools and building systems, as well as creating the best and biggest community of friends I can! I love to talk automation, hacking, software/systems, and just about anything else tech.
- ics Calendar file
Keyboard Corner hosts typing challenges that test the speed and accuracy of attendees' typing skills on various keyboards. Participants can compete for high scores and bragging rights in a friendly and competitive setting. This activity adds an element of fun and excitement to the conference while highlighting the importance of efficient typing in cybersecurity.
- ics Calendar file
Embedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular case of use and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective. Often these disciplines are dealt with individually, but understanding the custom relationships between hardware and software is vital to performing security research on these devices.
The embedded device CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices' inner workings and understand their design's security implications.
New devices will be dramatically introduced at set intervals throughout the competition, and point values will decrease over time. This keeps contestants guessing and on their toes, forcing them to adapt and use their skills to tackle new challenges. It also offers a chance to learn about different types of devices and how they function, broadening participants' knowledge and experience.
By participating in the contest, contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills. The competition provides a valuable opportunity to network with like-minded individuals and a chance to learn from others in the field hands-on.
Overall, the embedded device CTF contest is an exciting and educational experience that showcases the unique challenges and rewards of working with embedded devices. With the rise of the Internet of Things and the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous, making this contest relevant and worth checking out. Whether you're a seasoned security professional or just starting in the field, the contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.
This is the main event at Embedded Systems Village. Come and show off your skills at hacking our collection of vulnerable embedded devices and find flags to score points! New this year we have a 101 track where each team will have their own set of emulated devices, as well as embedded challenges from the MITRE eCTF and some boss-level embedded challenges from Toyota Tsusho Systems US!
- ics Calendar file
Hack your first embedded system! Sit down at our provided laptops and be guided through exploiting an IP camera, then learn how you can set up the emulated camera (and other devices) at home with Ludus!
- ics Calendar file
Learn how to build a device to emulate magstripe using data intercepted from EMV chip and contactless interfaces
SpeakerBio: Leigh-Anne Galloway, Director of Research at UNDERLE LTDLeigh-Anne Galloway is the Payment Village Lead and Director of Research at UNDERLE LTD. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. This is where she discovered her passion for security advisory and payment technologies. She authored research on ATM security, application security and payment technology vulnerabilities; and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, and Troopers, Black Hat USA, Black Hat Europe and DEF CON. She also serves on the board for Black Hat Europe.
- ics Calendar file
Between 1850 and 1855, the London-based newspaper The Times published over 50 encrypted advertisements apparently intended for the same recipient. As we know today, the ads in that series were meant for the sea captain Richard Collinson, who at the time was on a mission in the Canadian Arctic trying to solve a captivating mystery: What happened to the lost John Franklin expedition? While Collinson never reached his goal, he established a secure worldwide communication system, which was unique for its time.
Before his departure, Collinson's family was taught how to encrypt brief reports about what was going on at home and to publish these messages as mysterious ads in “The Times” once a month. The cipher used was a modified version of a system based on a signal-book of the Royal Navy. As the circulation of The Times stretched far beyond the UK, Collinson would have the chance to get his hands on a copy even at the remotest of ports.
Over a century later, the Collinson ads were finally broken in the 1990s. Over the last two years, the lecturers of this talk continued this work, with a goal of decrypting all of the ads and placing them in their appropriate geographic and cultural context.
Article in “Mental Floss” (this was written based on one of our earlier talks)
1992 Research paper in Cryptologia:
Book about encrypted newspaper advertisements:
Naval codebooks:
Collinson’s logbooks (by his brother):
Article from the 1940s:
Elonka Dunin is a crypto expert and co-leader of a group that is working to crack the final cipher on the Kryptos sculpture at CIA Headquarters. She maintains a website of the World’s most famous unsolved codes, and bestselling author Dan Brown named his character “Nola Kaye”, a scrambled form of “Elonka”, in his novel The Lost Symbol, after her.
Elonka was a member of the Board of Directors for the National Cryptologic Museum Foundation, and General Manager and Executive Producer at Simutronics, making award-winning online and mobile games.
In 2006, Elonka published The Mammoth Book of Secret Codes and Cryptograms, and with Klaus she co-wrote the book Codebreaking: A Practical Guide, with editions in 2020 and 2023.
SpeakerBio: Klaus Schmeh, Crypto Expert at EvidenKlaus Schmeh has written 15 books (mostly in German) about cryptography, as well as over 250 articles, 25 scientific papers, and 1500 blog posts. Klaus’s main fields of interest are codebreaking and the history of encryption.
Klaus is a popular speaker, known for his entertaining presentation style involving self-drawn cartoons, self-composed songs, and Lego models. He has lectured at hundreds of conferences, including the NSA Crypto History Symposium, DEF CON, and the RSA Conference.
In his day job, Klaus works as a crypto expert for the global IT security company Eviden.
- ics Calendar file
Efficient threat modelling is essential for finding and fixing vulnerabilities. Yet empowering threat modelling trainers to communicate in a way that ensures actionable solutions, moving beyond the directive to “fix SQLI.” is a common challenge. This talk presents strategies for training threat modelers, ensuring they can communicate techniques and principles needed to better and address vulnerabilities early on in the SDLC
Introducing: "Engineers & Exploits: The Quest for Security" a derivative of the Cornucopia card game. While Cornucopia is an excellent introductory threat modelling exercise, we found limitations when training our coworkers to subsequently instruct developers. To bridge this gap, we developed a tabletop game designed to improve the learning experience. In this interactive session, we will show game mechanics and explain benefits, Join us to discover how you can transform threat modelling education, making it engaging for trainers and trainees.
Speakers:Andra,Spyros GasteratosAndra is a Principal Application Security Specialist at Sage, with over seven years of experience in the field of application security. She is responsible for implementing DevSecOps practices, conducting security assessments, and developing secure coding guidelines for software engineering and AI/ML teams. She holds multiple certifications, including AWS Certified Cloud Practitioner and Attacking and Securing APIs. She has a strong background in software development and project management, as well as a master's degree in information and computer sciences. She has been co-leading the OWASP London Chapter since 2019, where she organises and delivers events and workshops on various security topics. She is passionate about educating and empowering developers and stakeholders to build and deliver secure software and best practices in a fast-paced, results-driven environment.
SpeakerBio: Spyros GasteratosSpyros has over 15 years of experience in the security world. Since the beginning of his career he has been an avid supporter and contributor of open source software and an OWASP volunteer. Currently he is interested in the harmonization of security tools and information and is currently helping Fintechs setup and automate large parts of their AppSec programmes. He also maintains several Open Source projects including the security automation framework Dracon, and opencre.org, the worlds largest security knowledge graph. Also, he usually doesn’t speak about himself in the third person.
- ics Calendar file
A quarter million people die from Hepatitis C yearly, and it's getting worse. But for the first time in history there is a cure (not just a treatment) for a virus, and it is for Hepatitis C. Take one 400mg pill of Sofosbuvir every day for twelve weeks, and you will be free of the virus. The catch? Those pills are $1,000 USD apiece because the molecule is the so-called "Intellectual Property" of Gilead Pharmaceuticals, and they refuse to share. If you have $84,000 USD, Hep C is not your problem. We have developed a way to make the entire course of treatment for $300 USD. This methodology also applies to other diseases. Like any science, the method of manufacture of drugs can be replicated, and we are going to give you all the necessary tools and show you the process top-to-bottom. Watch it happen live, participate, and learn to do it yourself: Use our digital research assistant to help you navigate the scientific literature, get a chemical synthesis pathway, generate code for the the MicroLab to run, and watch the medicine form in the reaction chamber. Finally, press some tablets. The feds say saving a life this way is BioTerrorism. We say: So Be It.
SpeakerBio: Mixæl Swan Laufer, Chief Spokesperson at Four Thieves Vinegar CollectiveMixæl Swan Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of global health and human rights. He now is the chief spokesperson for the Four Thieves Vinegar Collective which works to make it possible for people to manufacture their own medications and medical devices at home by creating public access to tools, ideas, and information.
- ics Calendar file
Open Source Program Offices (OSPOs) are an increasingly adopted approach to establishing and cultivating a culture of contribution. The Digital Service at CMS.gov will share the programs, policies, and projects they’re building to identify and mitigate continuity and security risks in the software supply chain across the Federal Ecosystem.
SpeakerBio: Remy DeCausemaker, Open Source Lead at Center for Medicare and Medicaid ServicesWearing the Suit so Hackers don’t have to.
- ics Calendar file
Dive into the art of phishing with QR codes! We'll cover the fundamentals of QR code phishing, revealing how these innocuous-looking images are used to deceive users into a false sense of legitimacy. After touching upon the basics, we'll explore creative tactics for obfuscating and hiding QR codes to ensure they reach their intended targets. As a sidetrack, we'll delve into how emails are rendered within the Outlook Mail Application and showcase some neat tricks that exploit its limitations for hiding QR codes from modern defensive solutions. Overall, the talk is intended to help testers up their QR code phishing game!
SpeakerBio: Melvin Langvik, Offensive Security Team Lead at Kovert ASMelvin Langvik is an accomplished professional with a diverse background in technology. He started his career as a developer and integration consultant, where he gained practical experience in developing and distributing critical backend infrastructure for an international customer base.
Melvin's passion for cybersecurity later led him to transition into offensive security. He previously worked for TrustedSec, an internationally recognized security company. Melvin was a part of TrustedSec's targeted operations team, tasked with performing targeted cyber attacks against some of the most mature and often largest companies in the world. Today, Melvin is the Offensive Security Team Lead at Kovert AS.
- ics Calendar file
Prompt injections are a class of attacks against LLM-powered applications that exploit the inclusion of untrusted user inputs in LLM prompts. We give an overview of two open source frameworks developed by Meta related to understanding and mitigating prompt injection risks:
our CyberSecEval Prompt Injection benchmarks (evaluations of the propensity of popular LLMs to succumb to prompt injection when used without guardrails),
as well as PromptGuard (an open-source model for identifying risky inputs to LLM-powered applications, both direct jailbreaks and indirect injections).
Findings of interest:
Evaluating foundation model vulnerability to indirect prompt injection: LLMs can be trained to have contextual awareness of which parts of the input prompt are coming from a trusted user versus an untrusted third party - in particular via inclusion of a system prompt. We share our benchmark for direct and indirect prompt injection susceptibility of foundational LLMs (across a wide variety of attack strategies) introduced as part of CyberSecEval (an open-source suite of benchmarks for measuring the cybersecurity risks of foundational models). We present the results of these evaluations for currently-popular foundational LLMs. We conclude that model conditioning is not enough to defend against indirect prompt injection risks in most contexts, even with the usage of a system prompt.
Guardrailing against prompt injection attacks in real applications: We present PromptGuard, a model designed for both the detection of direct jailbreak and indirect injection attacks. We highlight the differences between our models and existing malicious prompt detectors (which largely only address direct prompt injection or jailbreaking risks), and the specific risks that can be prevented by utilizing our guardrail in LLM-powered applications. We also show how the model can be fine-tuned to improve application-specific performance.
- ics Calendar file
Over the past decade, infotainment systems experienced a growth in functionality, broader adoption and central incorporation into the vehicle architecture. Due to the ever-growing role of wireless protocols such as Bluetooth and a known lack of patches alongside the difficulty of patch installation, this poses a new attack surface and a genuine threat to the users. At the same time, the tools and methodologies required for testing are scattered across the Internet, absent and need a rigorous setup.
In this talk, we share a comprehensive framework BlueToolkit to test and replay Bluetooth Classic vulnerabilities. We provide practical information and tips. Additionally, we release new exploits and a privilege escalation attack vector.
We show how we used the toolkit to find 64 new vulnerabilities in 22 modern cars and the Garmin Flight Stream flight management system used in several aircraft types.
Our work equips Bluetooth hackers with necessary information on novel implementation-specific vulnerabilities that could be used to steal information from target cars, establish MitM position or escalate privileges to hijack victims’ accounts stealthily.
We believe our research will be beneficial in finding new vulnerabilities and making Bluetooth research more accessible and reproducible.
Speakers:Vladyslav Zubkov,Martin StrohmeierVladyslav Zubkov (aka yso and schwytz) is a bug bounty hunter. He is consistently among the top hackers at live hacking events organized by Meta, Intel, Louis Vuitton, Intigriti and YesWeHack. His interests include vulnerability research, application security, red teaming, bug bounty hunting, developing tools and proactively securing systems.
SpeakerBio: Martin Strohmeier, Senior Scientist at Cyber Defence CampusMartin Strohmeier is a Senior Scientist at the Swiss Cyber Defence Campus, where he is responsible for vulnerability research programmes into aircraft, satellites and cars. His work was published in all major systems security conferences, totalling more than 100 publications to date. He has also spoken previously at the DEFCON Aerospace Village and co-organized CTFs there.
- ics Calendar file
Whether you are responsible for attacking or defending cloud environments, you want to know how attackers compromise them and what successful post-exploitation looks like in the cloud.
This workshop focuses on learning how attackers typically compromise cloud environments, and what post-exploitation looks like. Each workshop attendee will have access to an AWS account deployed with a collection of intentionally vulnerable cloud resources that represent misconfigurations exploited during real cloud penetration tests.
In most cases, attackers gain initial access to cloud environments in one of three ways: They compromise a vulnerable application or service in the cloud, a misconfigured cloud resource, or a user with access to the cloud. In this workshop we will be attacking an intentionally vulnerable cloud environment with all three types of vulnerabilities.
Each section of the workshop will start with an instructor led introduction followed by hands-on hacking. There is something for everyone, regardless of your offensive skill level. Anyone familiar with Linux commands and the AWS CLI is welcome to attend, and even those who have been in the field for years will find something to challenge them.
SpeakerBio: Seth ArtSeth Art is a Senior Security Advocate at Datadog. Prior to joining Datadog, Seth created and led the Cloud Penetration Testing practice at Bishop Fox. He is the author of multiple cloud focused open source tools including BadPods, IAMVulnerable, and CloudFoxable, and the co-creator of the popular cloud penetration testing tool, CloudFox.
- ics Calendar file
aWe explore case studies of exploiting vulnerabilities in modern JavaScript and TypeScript applications, drawing on experiences from participating in the Kibana Bug Bounty Program. It's not uncommon to encounter a vulnerability that appears unexploitable at first glance, or to be told by a triage team that the behavior is "by design." So, what options does a security researcher have in such situations? And what primitives can be utilized to construct an exploitation chain with significant impact?
Our study involves breaking out of properly isolated containers in scenarios where there is RCE-by-design. We will examine several Prototype Pollutions that crash an application in less than one second after exploitation and explore how these vulnerabilities can ultimately lead to critical RCEs. Furthermore, we introduce new primitives and gadgets that enable the achievement of RCE from Prototype Pollutions previously deemed unexploitable beyond DoS attacks.
By highlighting these methods, the talk aims to equip attendees with advanced techniques for exploiting complex vulnerability chains in JavaScript applications, as well as recommendations for proper defense and mitigations against them.
Mikhail Shcherbakov came to security from enterprise app development. The tendency is to push it as far as you can… He is now doing a Ph.D. in Language-Based Security after 10+ years of experience in the industry. He participated in Microsoft, GitHub, and open-source bug bounty programs, found vulnerabilities in popular products, and helped to fix them. Before starting a Ph.D. program, he focused on .NET and web security, gave talks at conferences, organized IT meetups, and got the Microsoft MVP Award in 2016 – 2018. Mikhail is an author of commercial static analysis tools and continues research in program analysis.
- ics Calendar file
The Allen Telescope Array is a radio interferometer array located in Northern California. Each of the 42 antennas is 6 meters in diameter and is distributed randomly over an area of 350 meters. Each dish is sensitive to an ultra-wideband frequency range from 200 MHz to 12 GHz. While in operation, each dish can produce 1.5 GHz of bandwidth for each polarization adding up to 1.3 Tbps of data to be processed in real-time.
Although it's scale, the Allen Telescope Array acts like a gigantic Software Defined Radio. The system design gives us the ability to try new concepts not ever tried with great flexibility. This talk will go deep into how the telescope operates from the antenna's cryogenically cooled feeds to the state-of-the-art GPU-accelerated digital signal processing pipeline deployed at our on-site data center. All of this while giving special focus to little details that make it special and hackable.
SpeakerBio: Luigi CruzLuigi Cruz is a computer engineer working as a staff engineer at the SETI Institute. He created the CUDA-accelerated digital signal processing backend called BLADE currently in use at the Allen Telescope Array (ATA) and Very Large Array (VLA) for beam forming and high-spectral resolution observations. Luigi is also the maintainer of multiple open-source projects like the PiSDR, an SDR-specialized Raspberry Pi image, CyberEther, a heterogenous accelerated signal visualization library, and Radio Core, a Python library for demodulating SDR signals using the GPU with the help of CuPy.
- ics Calendar file
In the complex landscape of modern cybersecurity, identifying coordinated attacks within massive volumes of security data is a formidable challenge. Security professionals often grapple with distinguishing these attacks from numerous false positives and isolated incidents. This talk will illuminate how data science can be harnessed to transform tons of heterogeneous events, logs, and alerts into a bunch of clusters, a few kill chains, and fewer actionable insights, with open-source models, and security knowledge encoding. Join us on a journey to enhance security operations efficacy and efficiency! No data science expertise is required!
Speakers:Ezz Tahoun,Lynn HamidaEzz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management.
SpeakerBio: Lynn HamidaLynn Hamida (CISSP, GCIH) is an expert researcher and consultant in operational risk and big data analytics with deep experience & credentials in the fields of business risk, cyber risk, temporal event knowledge graphs, graph ontologies, risk modeling, operational threat modeling, graph analytics, process digitization, business process mining, business analysis. She finished her post-graduate studies in CyberSecurity at Univ of Toronto and Univ of Ottawa, and worked on multiple research cyberdatascience projects with Univ of Windsor, WASP, Cypienta and others.
- ics Calendar file
FACTION is an all-encompassing solution for streamlined security assessment workflows and enhancing collaboration within your teams. In addition, It's fully open source and extendable so it can integrate within diverse environments. FACTION's key benefits are that it cuts reporting time down to more than half for manual pen-tests, keeps tabs on all outstanding vulnerabilities with custom alerts based on your SLAs, becomes the hub of shared information for your assessments enabling other teammates to replay attacks you share, facilitates large scale assessment scheduling that typically becomes hard to manage when your teams are doing more than 100 assessments a year, and is fully extendable with REST APIs and FACTION Extensions.
SpeakerBio: Josh Summitt, Founder at Faction SecurityWith over 18 years of experience in application security, Josh has played diverse roles—from being a penetration tester and reverse engineer to serving as a full-stack developer and CTO of a cybersecurity startup. He founded Faction Security, an organization committed to hosting open-source tools with the goal of supporting security teams by providing resources that enhance collaboration and efficiency. In addition to making open-source security tools, Josh builds custom modular synths and generally enjoys making strange and unusual noise-making devices.
- ics Calendar file
Gnarly vulnerabilities in devices and services that typically face the internet are being disclosed every week. You can use GreyNoise's new free community analysis platform to deploy honeypot sensors, collect PCAPs of in-the-wild exploitation of software vulnerabilities, discover the source IPs of mass scanners, botnets, and compromised devices, and compare attacks across networks. In this presentation we're demonstrating GreyNoise' new sensor deployment, SQL explorer, and rules engine.
SpeakerBio: Andrew Morris
- ics Calendar file
Feet Feud (Hacker Family Feud) is a Cybersecurity-themed Family Feud style game arranged by members of the OnlyFeet CTF team and hosted by Toeb3rius (aka Tib3rius). Both survey questions and their answers are crowd-sourced from the Cybersecurity community. Two teams (Left Foot and Right Foot) captained by members of OnlyFeet and comprised of audience members go head to head, trying to figure out the top answers to the survey questions.
Attendees can either watch the game or volunteer to play on one of the two teams. Audience participation is also encouraged if either of the two teams fails to get every answer of a survey question.
Ultimately Feet Feud is about having a laugh, watching people in the industry attempt to figure out what randomly surveyed people from the Cybersecurity community put as answers to a number of security / tech related questions.
- ics Calendar file
Microsoft Entra Conditional Access sits at the forefront of organization's security boundaries. The ever-changing climate of conditional access continues to give administrators more and more security controls. The tradeoff of which is increased complexity when attempting to balance security and productivity. The more policies deployed in a tenant, the greater the chance for misconfigurations that create opportunities for exploitation. Whether you're a cloud administrator, security consultant, or adversary, the goal remains the same: to find the holes in conditional access.
This talk discusses lessons learned from real-life engagements and identifies multiple strategies for evaluating conditional access. Topics and tooling are explored that view conditional access from several different angles. First, understanding PowerShell and Graph API is vital when combing through policies, finding gaps in user, group, role, location, application, or device configuration. Second, simulation of logon criteria and reporting on authentication events helps to understand where policies fall short. Finally, creating a visual representation of each policy is helpful to better see policy details or build executive reports. Each of these provides an important piece of the puzzle when attempting to identify methods to bypass security controls. Audience members should expect to leave with an arsenal of new tools and techniques to continuously monitor conditional access for risk.
SpeakerBio: Brandon Colley, Senior Security Consultant at TrimarcBrandon Colley has over fifteen years of experience administering and securing Active Directory (AD) and Windows environments. Brandon is a Senior Security Consultant for Trimarc specializing in providing reality-based AD and Entra ID security assessments. He served as a systems administrator for multiple organizations before shifting career focus to information security. He has published multiple articles through Quest, Practical 365 and Trimarc Hub. Brandon enjoys speaking engagements and has previously presented at BsidesKC, Hackers Teaching Hackers, and PancakesCon. He co-hosts a weekly podcast, interviewing infosec professionals and has appeared on multiple broadcasts, including the Phillip Wylie Show. Brandon delivers material in a humorous, yet effective manner with a focus on content built for a Blue Team through a Red lens.
- ics Calendar file
The world increasingly appreciates how much we rely on space systems for our personal, economic, and national security needs. However, the nation-state cyber threat to government and commercial systems continues to grow at a time when the current landscape of cybersecurity policies and frameworks aren’t readily applicable for space systems.
In this fireside chat, ONCD will have the opportunity to introduce our 2nd National Cyber Director to the research community and discuss some of his priorities, such as space cybersecurity. We will discuss how the White House has been working to tackle hard problems and challenges. In the instance of space cybersecurity, ONCD has been collaborating with federal space operators and the space industry to develop policy solutions, including by answering a tasking from the Vice President to develop minimum cybersecurity requirements for U.S. space systems.
Speakers:Harry Coker Jr.,Jay HealeyHarry Coker, Jr. was confirmed by the Senate on December 12, 2023 as the second National Cyber Director in the White House Office of the National Cyber Director. Director Coker is a retired Central Intelligence Agency (CIA) senior executive and career Naval Officer, is a graduate of the US Naval Academy, the Naval Postgraduate School, and Georgetown University Law Center.
Previously, Coker served as Executive Director of the National Security Agency (NSACoker’s service to the Nation and NSA was recognized with the awarding of the National Intelligence Distinguished Service Medal, the NSA Director’s Distinguished Service Medal, and the IC EEOD Outstanding Leadership Award.
During the first seventeen years of his service with the CIA, Coker was assigned to leadership positions in the Directorate of Digital Innovation; the Directorate of Science & Technology; and the Director’s Area. Key assignments included service as Director of the Open Source Enterprise, which is responsible for leveraging publicly available information; and as Deputy Director of CIA’s Office of Public Affairs. Coker’s leadership and contributions earned him the Presidential Rank Award and CIA’s prestigious Don Cryer Award for Diversity & Inclusion.
SpeakerBio: Jay Healey
- ics Calendar file
In this interactive exercise, you'll learn how to talk to chips on a board via SPI, extract a firmware image, and analyze it to find vulnerabilities. Take your hardware hacking skills to the next level
- ics Calendar file
Never hacked into anything before? Join us at the Voting Village to learn how to hack into a voting machine yourself! No hacking skills required.
SpeakerBio: Tailor Tolliver
- ics Calendar file
AppSec Village is proud to present our DEF CON Contest in partnership with SecDim.
Unlike a typical CTF, this contest rewards the players who fix security vulnerabilities. You can choose between secure coding challenges or competing against other players in an Attack & Defence AppSec challenge, where you need to secure your app before being given a chance to hack other players’ apps 😈.
You can also develop your own AppSec challenge by following challenge contribution guidelines. All approved challenges will be hosted during AppSec Village @ DEF CON.
There are two categories of winners: - The player with the highest total points by the end of the event (August 11 at 12:00 PM PDT) - The best-contributed challenge submission
The Award Ceremony will be held at 12:45 PM PDT in the AppSec Village on August 11.
SpeakerBio: Harley WilsonHarley Wilson is a software engineer (intern) at SecDim, a secure coding wargame platform. With a background as a Police Officer for nine years, Harley is now channelling his expertise into the field of software development. He is pursuing a Bachelor of Computing (Software Engineering) at Curtin University, with an anticipated graduation in 2024.
- ics Calendar file
No description provided by creator
- ics Calendar file
Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge without interacting with a person? Companies have increasingly adopted a hybrid work environment, allowing employees to work remotely, which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge.
Langston and Dan discuss their Red Team adventures using implant devices, a Flipper Zero and an iCopy-X. As a bonus the two will explain how to perform a stealthy HID iClass SE/SEOS downgrade and legacy attack! This presentation is supplemented with files and instructions that are available for download in order to build your own standalone gooseneck reader, wall implant and clipboard cloning devices! This is. The Remix.
Speakers:Langston Clement,Dan Goga
- ics Calendar file
As a pilot and cybersecurity researcher, I am very interested of the nexus between aviation and security. To explore this interest, I developed a device called Fly Catcher - a device that detects for aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency. The device consists of a 1090 MHz antenna, a Flight Aware RTL SDR, a custom 3D printed case, a portable battery charger, and a MicroUSB cable.
The device receives ADS-B information from the antenna and the software-defined radio, which is then passed into a Convolutional Neural Network written with Python to detect whether or not the aircraft is spoofed. I trained the neural network on a dataset of valid ADS-B signals as well as a generated spoofed set of aircraft signals, to teach Fly Catcher how to detect and flag any suspicious ADS-B signals. It does this by checking for discrepancies in the signal's characteristics, such as its location, velocity, and identification.
The result outputted by the neural network is then displayed onto a radar screen allowing users to detect spoofed aircraft near them. To test the device, I brought it with me for an hour-long flight to scan for a wide variety of aircraft enroute. After the flight, the data was fed into the Neural Network to analyze any spoofed aircraft I might have encountered.
SpeakerBio: Angelina TsuboiAngelina Tsuboi is a pilot and an aerospace cybersecurity instructor with over a decade of development experience. In addition to being a scientific researcher for NASA, she has been involved in various CubeSat initiatives and enjoys tinkering with microcontrollers.
- ics Calendar file
We know DEF CON and Vegas can be a lot. If you're a friend of Bill W who's looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
- ics Calendar file
We know DEF CON and Vegas can be a lot. If you're a friend of Bill W who's looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
- ics Calendar file
Make a friendship bracelet with an exclusive WISP charm.
- ics Calendar file
The goals of this presentation is to get the participants comfortable with breaking down CTI, mapping those insights to MITRE, and creating a campaign that will bring value to their work. Everything is completely focused on post-exploitation TTPs, and their importance. We will not review how to integrate IoCs into the mapping of threats. Participants will walk away with a full example of the process, resources to explore later, and examples for thinking critically about test cases.
There is a strong purple style emphasis here, to help bridge knowledge gaps, and show the importance for defensive engineers to validate their security controls. This will not bring insight into utilizing the results for remediations, threat hunting, or any other engineering strategy.
Everything in this presentation is free or open-source. Any mentions of vendors (for CTI content) is solely for the purpose of using a research paper resource that is free to the public, and are not meant to advertise.
With an interactive session, participants will learn how: (not in this particular order) * To choose a threat/actor who is relevant to their organization * I will have a premade scenario and example ready for participants to follow along * Setting High-Level Goals for their campaign * Map their threat/actor to MITRE ATT&CK ** Overview of ATT&CK
Simulation Vs Emulation * how this impacts choosing content * Combining multiple threats to create a campaign
The Power of CTI: Explore completely free CTI resources * will cover at least 4 explore already published campaign content Interactive Questions & Answers: Making content choices Ex: Is X or Y a better test case for this situation? * Create multiple layers in ATT&CK navigator, to build their campaign * Add in open-source content, such as Atomic-Red-Team * Quick Demo & interactive: how to find the right Atomic Content
Finalizing the Campaign
Other High-level topics that will be presented: (not in this particular order) * Why create your own content if there is none available * Your org is in the beginning stages of adopting this strategy, and you want to find a good place to start Demonstrate Value (KPIs) Budget: org cant onboard BAS/Simulator tools You have a BAS but the content isn't there for a specific threat OR its not comprehensive enough * Why focus on a threat actor's TTPs Remediations are focused on the type of attack, not a specific indicator * Adopting Threats for your organization Following a framework inspired by MITRE Accepting specific threats/actors as likely to target * Avoiding Technical Bias when choosing test cases * particularly challenging for engineers who create detections, or work with EDR solutions.
Premise: * Organizations are becoming increasingly aware of the importance of understanding the TTPs of the threats/actors most likely to target them. * Many organizations cannot afford outside consultants, or the ability to maintain a dedicated internal offensive team. Or they want this style of testing, but don't know how to get started, or show leadership the value. * This talk is for any engineer or team leader who wants to bring Adversarial Emulation/Simulation to their organization to understand how they compare against an attack from a likely threat. It is also valuable for consultants who want to provide this service to their clients. * If someone is new to offensive techniques, this will be a way for them to think about how this strategy applies to their role, and embrace it as a defensive strategy.
The goals of this presentation is to get the participants comfortable with breaking down CTI, mapping those insights to MITRE, and creating a campaign that will bring value to their work. Everything is completely focused on post-exploitation TTPs, and their importance. We will not review how to integrate IoCs into the mapping of threats. Participants will walk away with a full example of the process, resources to explore later, and examples for thinking critically about test cases.
SpeakerBio: Noah Lazzaro
- ics Calendar file
Demonstrating the transition from theorized space cyber attacks to practical proof of concepts. The presentation will utilize a simple yet effective attack, a man-in-the-middle attack, on the ground infrastructure to demonstrate how many SPARTA techniques and sub-techniques can be performed against a spacecraft from the ground infrastructure. By illustrating the significant impact of this simplified concept, we aim to emphasize the urgent need for enhanced cybersecurity measures throughout the entire lifecycle of space missions and break the inherit trust between the ground and spacecraft.
SpeakerBio: Randi Tinney, Engineering Specialist for the Cyber Assessments and Research Department, Cybersecurity and Advanced Platforms Subdivision (CAPS) at The Aerospace CorporationRandi Tinney is an Engineering Specialist for the Cyber Assessments and Research Department, Cybersecurity and Advanced Platforms Subdivision (CAPS), at The Aerospace Corporation. In this role, Randi has focused on performing vulnerability research and exploit development on a number of specialized, ground and spacecraft, systems to support in-the-lab evaluation of customers’ implementations, performing vulnerability assessments and penetration testing activities for multiple customers. Randi is also a member of the development team for the space-focused tactic, technique, and procedures (TTPs) framework called Space Attack Research and Tactic Analysis (SPARTA). She has participated in numerous cyber related war games, including LockedShields, for several years. At DEFCON 31, Randi was a member of the team that won the RedAlert ICS CTF and received a Black Badge.
- ics Calendar file
Digital forensics and incident responders, as well as other essential emergency workers, often face high stress levels and risk burnout due to their demanding roles. This talk is for professionals, spouses, managers and corporations and will cover the following topics:
Self-Care, Hacking Health, maintaining Work-Life Balance, building a Support network, developing Mindfulness and Relaxation Techniques, using technology to Manage Workload, working with management to Create a Positive Work Environment.
Having built and lead successful DFIR practices that dealt with some of Canada’s largest data breaches. I wish to impart what I have learnt over the years so others may protect and nurture their most sacred resource, people.
SpeakerBio: Neumann "scsideath" Lim, Manager at Odlum BrownNeumann Lim is a manager at Odlum Brown where he leads the defense against criminals and state sponsored actors targeting the financial industry. Prior to this role, Neumann spent several years working with large enterprises and governments specializing in dig.
With more than 15 years of infosec experience, he has delivered numerous cyber risk assessments, coordinated national incident responses across multiple industries. Neumann has been invited to share his research and thought leadership at many security conferences such as Grayhat Con, DefCon BlueTeam Village, HTCIA, BSides, Toronto CISO Summit and CCTX.ital forensics and incident response investigating some of Canada’s largest data breaches from 2018-2023.
- ics Calendar file
Nikkia Henderson is a 14 year tenured federal government employee. In her current role she is a Senior Advisor at the Cybersecurity Infrastructure Security Agency (CISA). She serves a Cyber Supply Chain Risk Management (C-SCRM) Strategy and Governance Program lead, within CISA’s Cybersecurity Division. Ms. Henderson is also the President of the Women in Cybersecurity Mid Atlantic Affiliate, where she serves as a "cybHERprenuer" who is passionate about helping Cybersecurity/IT professionals define their vision, mission, and federal career path. In this session, Ms. Henderson shares her journey into a federal cyber career. She will highlight her challenges as well as milestones that catapulted her to where she is today!
SpeakerBio: Nikkia Henderson, Program Operations LeadNikkia Henderson is a 14 year tenured federal government employee. In her current role she is a Senior Advisor at the Cybersecurity Infrastructure Security Agency (CISA). She serves a Cyber Supply Chain Risk Management (C-SCRM) Strategy and Governance Program lead, within CISA’s Cybersecurity Division. Ms. Henderson is also the President of the Women in Cybersecurity Mid Atlantic Affiliate, where she serves as a "cybHERprenuer" who is passionate about helping Cybersecurity/IT professionals define their vision, mission, and federal career path. In this session, Ms. Henderson shares her journey into a federal cyber career. She will highlight her challenges as well as milestones that catapulted her to where she is today!
- ics Calendar file
Jailbreak vulnerabilities in Large Language Models (LLMs), which exploit meticulously crafted prompts to elicit content that violates service guidelines, have captured the attention of research communities. While model owners can defend against individual jailbreak prompts through safety training strategies, this relatively passive approach struggles to handle the broader category of similar jailbreaks. To tackle this issue, we introduce FuzzLLM, an automated fuzzing framework designed to proactively test and discover jailbreak vulnerabilities in LLMs. We utilize templates to capture the structural integrity of a prompt and isolate key features of a jailbreak class as constraints. By integrating different base classes into powerful combo attacks and varying the elements of constraints and prohibited questions, FuzzLLM enables efficient testing with reduced manual effort. Extensive experiments demonstrate FuzzLLM's effectiveness and comprehensiveness in vulnerability discovery across various LLMs.
SpeakerBio: Ian G. Harris, Professor of Computer Science at University of California IrvineIan G. Harris is Professor of Computer Science at the University of California Irvine. He received his BS degree in Computer Science from Massachusetts Institute of Technology in 1990. He received his MS and PhD degrees in Computer Science from the University of California San Diego in 1992 and 1997 respectively. He was a member of the faculty in the Electrical and Computer Engineering Department at the University of Massachusetts Amherst from 1997 until June 2003.
- ics Calendar file
Welcome to the inaugural GameHacking.GG @ DEF CON 32, where gaming and cybersecurity intersect in exciting and interactive ways. Our mission is to delve into various aspects of game security, fostering an environment of exploration, play, and learning. The DEFCON32 event is constructed to make game security accessible and playable at all skill levels.
At the Game Hacking DEF CON 32 event, participants can engage in activities ranging from modding games to exploring the intricacies of memory hacking and multiplayer cheats. In future iterations of the event we hope to expand to learning about game malware and maybe even some hardware hacks. Whether you're a beginner or an experienced hacker, we will have presentations and activities to challenge your skills.
Be part of the evolution of game security. Dive into our activities, engage with other game hackers, and explore opportunities to contribute to and support the Game Hacking Community. Let’s play, learn, exploit, and perhaps even profit.
- ics Calendar file
Large Language Model (LLM) deployment and integration comes with a need for scalable evaluation of how these models respond to adversarial attacks. However, LLM security is a moving target: models produce unpredictable output, are constantly updated, and the potential adversary is highly diverse: anyone with access to the internet and a decent command of natural language. Further, what constitutes a weakness in one context may not be an issue in a different context; one-fits-all guardrails remain theoretical. It is time to rethink what constitutes ``LLM security’’, and pursue a holistic approach to LLM security evaluation, where exploration and discovery of issues are central. To this end, this paper introduces garak (Generative AI Red-teaming and Assessment Kit), a framework which can be used to discover and identify vulnerabilities in a target LLM or dialog system. garak probes an LLM in a structured fashion to discover potential vulnerabilities. The outputs of the framework describe a target model’s weaknesses, contribute to an informed discussion of what composes vulnerabilities in unique contexts, and can inform alignment and policy discussions for LLM deployment.
Speakers:Leon Derczynski,Erick Galinkin,Jeffery Martin,Subho MajumdarLeon Derczynski is principal research scientist in LLM Security at NVIDIA and prof in natural language processing at ITU Copenhagen. He’s on the OWASP LLM Top 10 core team, and consults with governments and supranational bodies. He co-wrote a paper on how LLM red teaming is like demon summoning, that you should definitely read. He’s been doing NLP since 2005, deep learning since it was more than one layer, and LLM security for about two years, which is almost a lifetime in this field. Finally, Prof. Derczynski also contributes to ML Commons, and regularly appears in national and international media.
SpeakerBio: Erick Galinkin, Research Scientist at NVIDIAErick Galinkin is a Research Scientist at NVIDIA working on the security assessment and protection of large language models. Previously, he led the AI research team at Rapid7 and has extensive experience working in the cybersecurity space. He is an alumnus of Johns Hopkins University and holds degrees in applied mathematics and computer science. Outside of his work, Erick is a lifelong student, currently at Drexel University and is renowned for his ability to be around equestrians.
SpeakerBio: Jeffery Martin, NVIDIA
- ics Calendar file
GC2 is the first serverless command and control. This project aims to demonstrate how attackers could take advantage of third-party tools (Google Sheets and Google Drive) to execute commands and exfiltrate information from a compromised system. First released in 2021, became well known in April 2023 after being mentioned in Google's Threat Horizons Report.
SpeakerBio: Lorenzo GrazianLorenzo Grazian has more than 6 years of experience in red teaming, penetration testing and source code review mainly in the financial and transport industries. He worked and led local and global cybersecurity projects. Besides his offensive security background, he developed several tools to support offensive security activities.
- ics Calendar file
When discussing the various cloud providers within the last decade, Google Cloud Platform (GCP) is often seen as the smaller provider following AWS and Azure with regards to market share. While GCP might appear smaller than its rival cloud providers, it still is very much in use today, and with this use comes the opportunities for developing pentesting tools. As I've been learning GCP over the last year, I have been making a framework in python (much like Pacu for AWS) specifically for GCP. This includes enumeration modules for some of the core services (Cloud Storage, Cloud Functions, Cloud Compute, IAM) along with the incorporation of numerous exploit modules, many of them rooted in Rhino Security's currently public GCP exploit repository (https://github.com/RhinoSecurityLabs/GCP-IAM-Privilege-Escalation/tree/master). In addition, the framework is built such that it should be easy for a first-time GCP user or beginner to code and develop modules that focus on purely navigating individual resources and easily drop those into the framework. The overall goal is to make an up-to-date, maintained enumeration and exploit toolset for GCP pentesters/red teams/researchers alike that reduces the barrier of entry for learning GCP by allowing average users to make their own modules that easily incorporate with the overall framework.
SpeakerBio: Scott WestonOriginally from southern CA, I am currently a senior security consultant for NetSPI based out of Minneapolis, MN. My assessment experience includes web applications, AWS, GCP, and external networks. I spoke about AWS organizations at fwd:cloudsec 2023 with most of the talk summarized in the 2 part blogpost here: https://www.netspi.com/blog/technical-blog/cloud-pentesting/pivoting-clouds-aws-organizations-part-1/. I got accepted to speak at fwd:cloudsec 2024 for a new tool I've been making to pentest GCP environments (mirroring Pacu-like structure). In my spare time I like to pursue bug bounties if the opportunity arises, play videogames, assume the role of dungeon master every so often, and just hang out.
- ics Calendar file
This panel aims to mobilize DEFCON's technical talent towards global good, encouraging application of their skills in a broader, impactful context. Transcending conventional cybersecurity dialogues focused primarily on the US and Europe, this discussion highlights underexplored regions and emphasizes the importance of partnerships and incorporating international developments into cybersecurity strategies. Attendees will learn from Mr. Randy Pestana on how academic institutions contribute to cybersecurity, followed by Ms. Kerry Ann Barrett on the influence of multilateral organizations, Mr. Brett DeWitt on financial sector insights that influence foreign investment, and Mr. Wouter Veenstra on the necessity of global collaboration. This session equips participants to engage more effectively in international cybersecurity efforts, highlighting the value of diverse global perspectives and strategic partnerships.
Speakers:Wouter Veenstra,Randy Pestana,Kerry-Ann Barrett,Brett DeWittWouter Veenstra is in the lead of GFCE Outreach and Partnerships and his key responsibilities are to identify and connect key stakeholders on Cyber Capacity Building, to interest them to join the GFCE and to connect them on cyber topics based on their wants, needs and means.
SpeakerBio: Randy Pestana, Director of Cybersecurity Polic at Florida International University’s Jack D. Gordon Institute for Public PolicyRandy Pestana serves as Director of Cybersecurity Policy at Florida International University’s Jack D. Gordon Institute for Public Policy. He is responsible for managing the institutes cyber-related partnerships to include U.S. government entities, multilateral organizations and numerous industry partners across the cybersecurity community.
SpeakerBio: Kerry-Ann Barrett, Cybersecurity Program Manager at Inter-American Committee Against Terrorism of the Organization of American StatesKerry-Ann Barrett is the Cybersecurity Program Manager within the Inter-American Committee Against Terrorism of the Organization of American States (OAS/CICTE). In her capacity she leads the OAS/CICTE’s cybersecurity capacity building efforts to member states through the design, planning and execution of cybersecurity initiatives.
SpeakerBio: Brett DeWitt, MastercardBrett DeWitt drives global cybersecurity public policy strategies to enable a more secure, inclusive, and innovative digital economy. Brett represents Mastercard in international trade associations, engages in public-private partnerships, supports the development of policy solutions for governments, and coordinates external communications.
- ics Calendar file
Welcome to Day 2 of the Gold Bug at the 11th annual Crypto & Privacy Village! Join the Gold Bug Team for the latest updates, panel-exclusive hints, and more. This panel compliments the Gold Bug: Welcome on Day 1.
- ics Calendar file
In recent years, web cache attacks have become a popular way to steal sensitive data, deface websites, and deliver exploits. We've also seen parser inconsistencies causing critical vulnerabilities like HTTP Request Smuggling. This raises the question: what happens if we attack web caches' URL-parsers?
In this session, I'll introduce two powerful new techniques that exploit RFC ambiguities to bypass the limitations of web cache deception and poisoning attacks.
First, I'll introduce Static Path Deception, a novel technique to completely compromise the confidentiality of an application. I’ll illustrate this with a case study showing how such a breach can be replicated in environments like Nginx behind Cloudflare.
Next, I'll present Cache Key Confusion, and show how to exploit URL parsing inconsistencies in major platforms, including Microsoft Azure Cloud. I’ll then show how to achieve arbitrary cache poisoning and full denial of service.
Finally, I'll reveal how to supercharge these vulnerabilities with a live demo that blends Cache Key Confusion with a “non-exploitable” open redirect to execute arbitrary JS code for complete site takeover.
Attendees will depart armed with a set of innovative techniques, along with a definitive methodology to find and exploit these and other URL or HTTP discrepancies.
Web Cache Deception Attack - Omer Gil link
This is the first time Web Cache Deception attacks were introduced and worked as a starting point for my research.
Web Cache Entanglement: Novel Pathways to Poisoning - James Kettle link
This research worked as an inspiration to develop the cache poisoning techniques. I also used this paper to outline the state of the art in web cache exploitation and create a different approach using parser discrepancies.
Cached and confused: Web cache deception in the wild - Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda and William Robertson. link
The web cache deception techniques using delimiters for path confusion were inspired by the 2020 USENIX presentation “Cached and confused: Web cache deception in the wild”. In that presentation, they briefly describe some variations of path confusion using four encoded characters. Although the objective of their paper was to show a large-scale study of web cache deception vulnerabilities in the wild, it also introduced the use of delimiters for path confusion. In my presentation I'll expand on this concept, providing a methodology to find all the delimiters used by a URL parser and explaining how to use them in new exploitation techniques.
ChatGPT Account Takeover - Wildcard Web Cache Deception - Harel Security Research link
Also, during the time this research was being conducted, a vulnerability using a single variation of one of the techniques (Static Path Confusion) was published as a write up.
SpeakerBio: Martin Doyhenard, Security Researcher at PortswiggerMartin Doyhenard is a Security Researcher at Portswigger, known for exploiting HTTP servers and web applications. Over the past few years he has presented his findings in multiple top security conferences including BlackHat, DEFCON, RSA, EkoParty, Hack in The Box and Troopers.
His latest work includes discovering HTTP Response Smuggling techniques and exploiting SAP’s Inter-Process Communication service - compromising more than 200 thousand companies in the world.He’s also passionate about low level reverse engineering and testing his skills in online CTFs.
- ics Calendar file
Join us at Telecom Village, DEFCON for an in-depth GPON workshop. We'll explore GPON technology basics, standards, capabilities, and deployment methods, while identifying vulnerabilities and advanced mitigation strategies. The workshop features a live GPON setup and performance test for hands-on experience. Ideal for telecom professionals, network engineers, cybersecurity experts, and tech enthusiasts eager to deepen their understanding of modern telecommunications.
SpeakerBio: Akib Sayyed, Founder and Director at Matrix Shell TechnologiesAkib, Founder and Director of Matrix Shell Technologies, has over 12 years of experience in Telecom Security. He has served diverse telecom operators across India, Africa, and the Middle East, specializing in signaling protocols and technologies like GSM, UMTS, LTE, 5G, and VoLTE. He has led numerous penetration testing projects, disclosed a GSM vulnerability in 2012, and worked with various open-source telecom platforms. Akib has also delivered training at Black Hat and DEFCON, contributing significantly to the cybersecurity community. His education includes a Bachelor's in Engineering (CSE) and certifications in ISO 17025:2017 and 5G.
- ics Calendar file
Talking to pilots and operators, an important aspect of GPS spoofing and jamming is being missed from the narrative in the media. We know about position spoofing, that's a given. What doesn't appear to be getting much attention is the effect of time spoofing.
The most significant of these is an incident where time was spoofed a significant period into the future. This caused all digital certificates on board an aircraft to become invalid and caused all electronic communications to fail. As GPS clocks have protection against time being rolled backwards, but not forward, the aircraft was grounded for several weeks for systems to be reflashed and the clocks to be reset,
Coarse time spoofing could therefore ground entire fleets. We'll discuss this and potential mitigations. If time allows, we could touch on conventional RF navaids and their exposure to similar attacks.
SpeakerBio: Ken Munro, Partner and Founder at Pen Test PartnersKen Munro is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He and colleagues hold private pilot’s licenses and have been interested in aviation security for many years. They also publish and blog about their research into aviation cyber security, covering topics from airborne connectivity, the potential risks of publicly available avionics component information, and even the entire attack surface of the modern airport. Ken and Pen Test Partners have also been invited to speak at various aviation industry events, and on aviation at specialist security events such as DEF CON’s Aerospace Village, the Global Connected Aircraft Summit, and the Aviation ISAC Summit among others.
- ics Calendar file
GitHub Actions is quickly becoming the de facto CI/CD provider for open-source projects, startups, and enterprises. At the same time, GitHub’s security model is full of insecure defaults. This makes it easy for their customers to expose themselves to critical attacks from the public internet. The end result? A systemic vulnerability class that won’t go away.
During our research, we identified GitHub Actions misconfigurations at scale that would allow threat actors to backdoor major open-source projects. An example of this is our attack on PyTorch, a prominent ML framework used by companies and researchers around the world.
Through this attack, we could contribute code directly to the main branch of the PyTorch repository, upload malicious releases, backdoor other PyTorch projects, and more. These attacks began by compromising self-hosted runners, which are machines that execute jobs in a GitHub Actions workflow. From there, we leveraged misconfigurations and GitHub “features” to elevate our privileges within GitHub Actions workflows.
Our research campaign included dozens of reports, over $250,000 in bug bounties, and endless war stories. Tune in for a deep dive into the TTPs that allow turning a trivial runner compromise into a full supply chain attack.
Speakers:Adnan Khan,John StawinskiAdnan is a Red Team Security Engineer and researcher who has recently been focusing on supply chain and CI/CD attacks. He has identified, demonstrated, and reported vulnerabilities impacting GitHub repositories belonging to organizations like Microsoft, Nvidia, GitHub, Google, and more. Additionally, he has spoken at conferences such as ShmooCon 2023 and BSides SF 2023 on the topic of GitHub Actions security.
SpeakerBio: John StawinskiJohn is an offensive security engineer, vulnerability researcher, and writer, specializing in Red Team operations and CICD security. John established himself as a member of the broader security community in 2023 through a series of CI/CD attacks on prominent open-source repositories. Embracing a nomadic lifestyle, John thrives on adventure sports and welcomes new experiences.
- ics Calendar file
I recently googled the meaning of “encryption” and found this definition on Wikipedia: “In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext.” Um…no, encoding produces code, enciphering produces ciphertext, encryption is more than just encoding, and so on. Given the jumbling together of historically very unique and significant terminology I set out to find the actual, historical definitions and try to find a way to teach and/or demonstrate the differences in the foundational forms of cryptography. But I quickly noticed that some of this terminology is so often mis-applied in our digital age that I wondered if maybe there has been an evolution of the meanings of these terms? I might not like it, but I’m open to that possibility. This very quickly led me to the conclusion that my research on this topic would make for an interesting talk and so here we are. I want to share the classical, historical forms of cryptography, discuss the etymology of the terminology, look at how the words apply today – and help the audience decide if the actual meanings even matter (or it’s just me). One important consideration is the tradeoff between keeping the data secret (security) and protecting the identity of individuals associated with the data (privacy). I hope you’ll join me in this journey to victory (or defeat) in the ongoing battle of preserving the classic goals and objectives of data security.
SpeakerBio: Jeff ManJeff is a respected Information Security advocate, advisor, hacker, evangelist, mentor, teacher, international keynoter, speaker, former host of Security & Compliance Weekly, co-host on Paul's Security Weekly, Tribe of Hackers (TOH) contributor, including Red Team, Security Leaders, and Blue Team editions, and a member of the Cabal of the Curmudgeons. Jeff has over 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified National Security Agency Cryptanalyst. Designed and fielded the first software-based cryptosystem ever produced by NSA. Inventor of the "whiz" wheel, a cryptologic cipher wheel used by US Special Forces for over a decade currently on display at the National Cryptologic Museum. Honorary lifetime member of the Special Forces Association. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises. Pioneering member of the first penetration testing "red team" at NSA. For the past twenty-eight years has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation's best known companies.
- ics Calendar file
Hybrid Contest On-site Hours: Friday and Saturday 10:00-18:00; Sunday: 10:00-12:00 Becomes available online Thursday 12:00 Online and In-Person platforms will close Sunday 12:00 Players will only be able to turn in scavenger hunt items during On-site Hours.
This Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone. You, dear Player, are Hac-Man (or Ms. Hac-Man, or Hac-Person), making your way through various dark mazes eating pellets, fruit, and ghosts. Each ghost represents a hacker puzzle or skills challenge. Upon completing each challenge, you’ll be awarded points and can continue on to attempt further challenges. Many challenges have unlockable hints and location information, which you can unlock by spending your collected fruit.
There is a leaderboard! As you collect points, you’ll show up on this leaderboard. The top 10 Players at the end of the game will be awarded various prizes from a prize pool.
- ics Calendar file
Nuestra presentación se centra en cómo ganar observabilidad y transparencia a nivel de firmware en dispositivos que se encuentran el perímetro de la red. De esta forma, toca el tema central de DEF CON 32: Arreglar lo que esta roto en internet. Contaremos todo lo que aprendimos haciendo ingenieria inversa del firmware de los routers Draytek, cómo descubrimos vulnerabilidades que permiten ganar persistencia, y cómo aprovechamos esto para detectar posibles ataques de terceros sobre estos dispositivos. Mostraremos nuestro proceso y compartiremos nuestras herramientas para empoderar a los asistentes que deseen analizar estos routers, buscar nuevas vulnerabilidades, hardenearlos o incluso hacer mods que implementen nuevas funcionalidades.
Speakers:Gastón Aznarez,Octavio GianatiempoGastón Aznarez is a computer enthusiast who is passionate about cybersecurity. He earned a degree in Computer Science and began working in malware detection in firmware. He currently works as a Security Researcher at Faraday, specializing in discovering and exploiting vulnerabilities in IoT and embedded devices. Gastón also participates in CTF competitions and has shared his expertise as a speaker at different conferences.
SpeakerBio: Octavio Gianatiempo, Student, Computer Science at University of Buenos AiresOctavio Gianatiempo is a Security Researcher at Faraday and a Computer Science student at the University of Buenos Aires. He's also a biologist with research experience in molecular biology and neuroscience. The necessity of analyzing complex biological data was his point of entry into programming. However, he wanted to gain a deeper understanding of how computers work, so he enrolled in Computer Science. As a Security Researcher at Faraday, he focuses on vulnerability research on IoT and embedded devices and fuzzing open and closed-source software to find new vulnerabilities and exploit them. He has presented his findings at various conferences, including DEFCON, Ekoparty, 8.8, and Nerdearla.
Octavio Gianatiempo trabaja como Security Researcher en Faraday y es estudiante de Ciencias de la Computación en la Universidad de Buenos Aires. También es biólogo con experiencia en biología molecular y neurociencia. Dentro de su rol en Faraday, se enfoca en sistemas embebidos e IoT, ingeniería inversa y fuzzing de código abierto y propietario para identificar vulnerabilidades y explotarlas. Ha presentado sus hallazgos en conferencias como DEF CON, Ekoparty, 8.8 y Nerdearla.
- ics Calendar file
With Google Cast Miracast or AirPlay smart TVs now have plenty of ways to get your favorite content on screen. But while the latest show is playing there is a complex system running underneath that is ripe for hacking. Bitdefender invites you to solve a few challenges that will get you diving into the inner workings of a smart TV.
- ics Calendar file
(NOTE: This is an overflow class only if the first session is full)
Learn how to hack the DCNextGen Badge and take it to another level!
- ics Calendar file
Want to know what happened to the Hack-A-Sat digital twins? We're bringing back our satellites and ground stations so you can see what it was like to be a team operating during finals!
Establish uplink using a ground station. Send commands to the satellite, observe effects and telemetry. 3D Cesium visualization of satellite in orbit and ground station locations. Grafana dashboards for sim data, etc. OpenC3 satellite operator interface for C2
Speakers:Hack-A-Sat,Cromulence
- ics Calendar file
Enjoy some space math nostalgia with challenges from the past four years of Hack-A-Sat quals! Challenges require skills in astrodynamics, satellite operations, digital signal processing, reverse engineering, exploitation, and more! If you missed the last Hack-A-Sat qualifiers or just want to try again, now is your chance!
10 challenges are available with a mix of difficulty. These will be available throughout all of DEF CON so work on them anywhere (even your hotel room). No team required and no scoreboard...so no pressure!
Challenge developers will be available for hints/clues on the conference floor but may not be able to help with every challenge.
Speakers:Hack-A-Sat,Cromulence
- ics Calendar file
Get ready to strut your stuff, hackers! We're thrilled to announce the 6th annual Hack3r Runw@y returning to DEF CON 32, bigger and bolder than ever.
Calling all glamorous geeks, crafty coders, and fashionably functional folks: Dust off your soldering irons, grab your needles and threads, and unleash your creativity! Hack3r Runw@y challenges you to reimagine fashion through the lens of hacking.
Show us your wearable tech wonders in the following 4 categories for a chance to win in each category plus one coveted People’s Choice trophy where ANYONE can win, but there will be a twist. Did you see this year's theme (hint).
Smart wear that wows: Integrate LEDs, microcontrollers, and sensors into your designs for dazzling functionality.
Digital design that dazzles: light it up with LEDs, bling with lights, but keep it passive.
Functional Fashion: masks and shields, hazmat suit, lockpick earrings, and cufflink shims.
Extraordinary style: Elevate your daily wardrobe with unique fabrics, passive design, 3d textures, optical illusions, cosplay, and security-inspired patterns.
No matter your skill level, Hack3r Runw@y has a place for you! Whether you're a seasoned maker or a coding newbie, join us in celebrating the convergence of creativity, technology, and style.
Winners selected by judges selection based on:
Uniqueness Trendy Practical Couture Creativity Relevance Originality Presentation Mastery
- ics Calendar file
We would like to see cancer become a thing of the past, and you can help. How? Join the Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge. Here's how it works:
Suggested: Make a contribution of your choice to support cancer research. You may want to check nonprofit and charity quality here: https://www.charitynavigator.org/
RULES
- ics Calendar file
- ics Calendar file
We are the event to go to if you want to hang out, enjoy the festivities, sing along, and show ones hidden talent.
- ics Calendar file
The convergence of Artificial Intelligence (AI) and national security not only fuels international discourse but also inspires narratives within popular culture. Harriet is no stranger to these myths, as an ex-intelligence professional who specialized in applying machine learning to cyber security. In fact, she likes to lean into them. This makes her previous bosses nervous, so she uses pop culture as the lens through which to communicate her insights - and in this talk she utilizes the worlds of Ghost in the Shell, Neuromancer and Mission Impossible.
Through these stories, as well as her own decade of experience working at the intersection of artificial intelligence and cyber security, Harriet discusses the extent to which fears surrounding AI systems are applicable to real life national security settings. From cyber warfare to AI-driven surveillance, she unravels the interplay between hackers, AI, and government agencies. This session is interactive, with demos of how these AI systems actually work under the hood, as well as discussion time. Blur the lines between human and machine, and understand how you can contribute your skills to prevent our own modern day Puppet Master.
SpeakerBio: Harriet Farlow, CEO at Mileva Security LabsHarriet Farlow is the CEO of AI Security company Mileva Security Labs, a PhD Candidate in Machine Learning Security, and creative mind behind the YouTube channel HarrietHacks. She missed the boat on computer hacking so now she hacks AI and Machine Learning models instead. Her career has spanned consulting, academia, a start-up and Government, but don’t judge her for that one. She also has a Bachelor in Physics and a Master in Cyber Security. She calls Australia home but has lived in the UK and the US. Her ultimate hack was in founding her own AI Security company but if Skynet takes over she will deny everything and pretend the AI stood for Artificial Insemination, like her Mum thinks it does. (Sorry Mum but I’m not really a Medical Doctor).
- ics Calendar file
Saturday: Prelim Round 3: 11:00, Prelim Round 4: 12:00, Semi Finals Round 1: 14:00, Semi Finals Round 2: 15:00, Finals: 17:00
HackFortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers. TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.
- ics Calendar file
In this MarSec event we will engage convention goers with a number of different tabletop games to help them understand the operational issues surrounding offensive and defensive cyber operations in a port complex. Players will become familiar with the various network components that support port and shipping operations from the underlying infrastructure to the system components at ports and commercial ships. A fictional terminal, Boundary Terminal part of the Port Elizabeth New Jersey complex, and a fictional shipping line, Worldwide Shipping Operations form the basis for all of three of our games. The games are: a short game designed to show the basic target set and linkages, a longer role-playing game where players can engage in detail with port systems, and a card driven game focused on detection, forensics, and counter-forensics. The role-playing game has been conducted as part of the MarSec portion of the ICS Village for the past two years, while the shorter version was added last year. This year we will add the counter-forensics game. All of the games are designed to be entertaining and engaging with prizes provided to the winners and best players (usually everyone gets a prize).
- ics Calendar file
On December 25th, 2021, I discovered that my modem had been hacked after a strange IP address replayed my traffic. I began researching who they were, how it happened, and eventually discovered a vulnerability which allowed me to passively monitor, change configurations, and execute commands on millions of devices. This talk details 3 years of intermittent web research on ISP security and how broadband equipment is becoming scarily centralized.
Sam Curry is a web security researcher, bug bounty hunter, and the founder of Palisade, a security consultancy.
- ics Calendar file
Cybersecurity Policy has transformed red teaming. Cyber and AI are the most emerging domains of the law, with strategies, regulations, and standards constantly emerging, globally. This domain also serves as an amazing opportunity for you explore to new paths, and opportunities, to drive impact at scale, and collaborate with the hacker ecosystem to drive better policies, and better security – that advance all users. This talk invites the audience to explore the latest trend in cyber policy globally, focusing on areas with broad impact on the red teaming community – such as AI red teaming, pen testing policy, secure development, legal limitations to vuln disclosure, and anti-hacking laws. We will cover the latest developments from CIRCIA to the EU Cyber Resilience Act and the AI EO – and introduce the audience to the world of policy hacking, and policy “hacking”. We will cover case studies and
SpeakerBio: Amit Elazari
- ics Calendar file
Quantum cryptography is unbreakable in principle but suffers from implementation vulnerabilities that may compromise the perfect protocol. I show examples of such vulnerabilities and tell about upcoming certification standards that verify the quality of countermeasures.
SpeakerBio: Vadim MakarovVadim received his M.Sc from St. Petersburg State Polytechnical University in 1998. He obtained a Doctor Engineer Degree in Physics Electronics at the Norwegian University of Science and Technology in 2007. After postdoctoral positions at Pohang University of Science and Technology (South Korea) and at the Norwegian University of Science and Technology, in 2012 he joined the Institute for Quantum Computing, Waterloo University (Canada) as research Assistant Professor. Since 2018 he is an applied PI at the Russian Quantum Center, and Professor at the National University of Science and Technology MISiS in Moscow since 2019. In 2023, he joined the Vigo Quantum Communication Center as group leader of the Quantum Hacking & Certification Lab. His research interest lies in quantum communication, particularly quantum hacking.
- ics Calendar file
Satellites form a critical infrastructure for our modern world, enabling global communications, navigation, weather forecasting, and more. However, the growing reliance on satellites also highlights a troubling concern: their cybersecurity vulnerabilities.
Firstly, I provide a technical overview of how satellite communications work, covering aspects such as signal transmission, encryption, and decryption. This leads into an examination of vulnerabilities, including insecure communication channels, outdated encryption algorithms, and hardware flaws, which can be exploited by malicious actors.
Then shift focus to the practical aspects of satellite hacking, outlining key methods such as signal interception, replay attacks, and jamming. We introduce essential tools for these tasks, including GNU Radio, SDR (Software-Defined Radio), that will be used practically.
Case studies are also discussed, providing insights into high-profile satellite hacking incidents. These real-world examples and personal war stories serve to highlight the various methods used, lessons learned, and challenges faced by red teams in this domain, including signal interference and staying ahead of security updates. The paper concludes with guidance for red teams and cybersecurity professionals. I offer advice on setting up a satellite hacking environment, conducting effective penetration testing, and reporting findings.
In summary, this talk aims to illuminate the vulnerabilities of satellite systems and provide red teams with the technical, ethical, and practical knowledge necessary to navigate this unique domain responsibly.
SpeakerBio: Agostino Panico
- ics Calendar file
Ham radio is the original group of electronic hackers, starting long before computers, circuit chips, or even transistors. Continuing this pioneer spirit, The Ham Radio Village is offering free ham radio exams again at DEF CON! All are welcome to come and take the exam and get their amateur radio license upon passing. All three levels (technician, general, and amateur extra) of exams will be offered during DEF CON at the Ham Radio Village. Examinees are encouraged to study the question pool and take practice exams on ham.study.
Everything we do today involves wireless communications of some sort, and a basic knowledge of how radio works is crucial. Getting your amateur radio license and entering the world of amateur radio will better equip you with knowledge about what goes on in the radio frequency domain, and this can be applied to other RF topics (like RFID credentials, WiFi, or anything else that communicated wirelessly)
- ics Calendar file
Lots of fun things are happening in amateur radio for those who like to hack on hardware and software. This talk is an introduction to some of them.
SpeakerBio: Dan "dan_kb6nu" Romanchik, Ham Radio Village
- ics Calendar file
This contest is simple, and is designed to teach you the basics of transmitter direction finding and “fox hunting”. We offer multiple levels of difficulty – whether you’ve never done a fox hunt before or are a seasoned pro, you can participate in the hunt! Learning how to locate the source of radio signals is an important tool you can add to your hacker arsenal. Whether you’re hunting for a source of interference, a rogue wireless AP, or tracking down the FCC’s monitoring vans, the real-world skills you will gain from this contest will be invaluable.
To participate in the beginner IR foxhunt you will need a device that can receive IR light in the 900nm range – such as many cell phones and digital cameras!
To participate in the RF foxhunt(s) you will need a radio or a scanner that can receive signals in the 2m and/or 70cm Amateur Radio Bands (144.000 MHz - 146.000 MHz, 420.000 MHZ - 450.000 MHz)
SpeakerBio: Ham Radio Village Staff
- ics Calendar file
Home Owners Association or HOAs make amateur radio difficult. The good antennas are restricted, requiring a little bit of compromise and creativity to work around. This talk is how I worked around my HOA's covenants, conditions, and restrictions to operate my antenna.
This talk will present actual proven techniques to allow you to operate on all the amateur bands. I will talk about my personal horizontal loop deployment, as well as talk about all the bad antenna options I tried first before getting here.
SpeakerBio: Danny Quist
- ics Calendar file
Biometrics applied to PACS (Physical Access Control Systems) has been an hot-topic for a few years now. The spread of fingerprint or face recognition based access control and time attendance systems among corporate, industrial and military environments has surged. And with it, also the number of potential attack vectors has increased. In this talk, after a brief overview of the state of art of available PACS utilizing biometrics to authenticate and authorize users, we will investigate one technology among others (usually perceived less-invasive) that has been widely used in some specific fields (e.g. industrial plants, airports, food industry, etc.): the handpunch access control and time attendance systems. The handpunch PACS are based on the hand-geometry recognition. In this presentation we will have a look how this tech works and, in particular, we will focus our attention on reviewing some of existing handpunch devices: from a physical security POV until reversing the communication protocol. Moreover, during the presentation will be demonstrated how to remotely push a new super-admin user into it (i.e. persistent backdoor), how to dump existing users credentials and will be also released an opensource tool-suite: HandScan & HandPwner. Eventually, thanks the cooperation with Shodan’s creator, it has been confirmed that more than 1800 of these vulnerable devices were found exposed on the Internet. Finally, we will conclude the talk with practical and actionable countermeasures to prevent these attacks and how to harden these devices.
SpeakerBio: Luca "CYBERANTANI" Bongiorni, Founder at We Hack In Disguise (WHID)
- ics Calendar file
This area will feature guided breach simulation exercises for participants to engage with. There will be two activities, "Breach-the-Hospital" and "Breach-the-Office," based on two LEGO sets. A simulated cyber range will be available for each scenario, providing an exact replica of an enterprise production environment. We will provide a detailed walkthrough of the attack scenarios, including Tools-Techniques-and-Procedures (TTPs) commands and how-to guides, demonstrating how to atatck and breach the hospital's infrastructure or the office environment. This exercise will give participants a clear understanding of how adversaries infiltrate corporate environments.
SpeakerBio: Adversary Village Crew
- ics Calendar file
Rapid7 is back with more hands-on hardware hacking exercises. This year we will be guiding attendees through several exercises gaining root access for control and extraction of firmware and file system data. From TFTP kernel images over the network to single user mode access via modification of U-Boot. These exercises will guide you through the process of importing a kernel image over the network and executing it in memory for root access, along with understanding embedded device flash memory layout and how to transfer firmware images over the network for offline testing. Also, we will walk through placing the IoT device in single user mode for root access and then rebuild the structure and needed drivers to bring the IoT embedded system out of single user mode for full access.
- ics Calendar file
There’s no two ways about it: Kubernetes is a confusing and complex collection of intertwined systems. Finding attack paths in Kubernetes by hand is a frustrating, slow, and tedious process. Defending Kubernetes against those same attack paths is almost impossible without any third party tooling. In this workshop we will present KubeHound - an opinionated, scalable, offensive-minded Kubernetes attack graph tool used by security teams across Datadog. We will cover the custom KubeHound DSL to demonstrate its power to identify some of the most interesting and common attack primitives living in your Kubernetes cluster. If the DSL is not enough, we will cover the basics of Gremlin, the language used by our graph technology so you can find relevant attack paths that matter to you. As attackers (or defenders), there's nothing better to understand an attack than to exploit it oneself. So in this workshop we will cover some of the usual attack paths and exploit them.
SpeakerBio: Julien Terriac, Adversary Simulation Engineering at DatadogJulien Terriac a French senior security researcher with a strong background of pentesting with a special taste for Windows authentication, Active Directory inner working and reverse engineering. He developed several offensive tools to automate such as ProtonPack (custom mimikatz), Lycos (share hunter), ExploitPack (privilege escalation framework), IAMBuster (AD auditing framework).He led the R&D department at XMCO for 5 years before joining Datadog as the Team Lead for Adversary Simulation Engineering (ASE) where his team aims at building offensive tools and frameworks that will automate the simulation of real life attacks against Datadog.
- ics Calendar file
Ever see someone walking around DEF CON and wonder “what is up with the hard hats?”
The Hard Hat Brigade brings hackers together in the spirit of endless curiosity and tinkering. We use a common platform (hats) to combine art (bling) and hacker functionality (warez) to inspire others to explore outside of their comfort zones in a safe and welcoming community.
We encourage everyone to explore their creativity using art, electronics, mechanical design, or any other medium that piques their interest. Hats are inexpensive, widely available, and easy to modify to suit your needs. We started with hard hats but are not limited to any type of hat, so you have the freedom to choose whatever hat suits your fancy.
Despite everyone using a common platform, every creation is unique and embodies the personality of the creator. Walking around DEF CON, you can display your creation for all to see, and many will stop to ask you about what you have created. This allows you to talk about your experience, as well as inspire others to explore new ideas of their own.
One of the challenges at hacker summer camp has been finding people to connect with. By leveraging hard hats as a canvas, HHB has solved this challenge with something that is incredibly accessible while also offering a ton of variety. Gazing upon these creations, they reflect back the uniqueness of all the awesome hackers that we’ve been able to meet. In years past, we’ve had the opportunity to see how so many talented and creative hackers tackle the challenge of using the venerable hard hat as their muse. Just as fun, charming and skilled as so many attendees are, the hard hat has been a great vessel to carry their awesome projects.
Stop by our community space and make your trip memorable by trying on a hat, learning and sharing building techniques, networking with other hat loving hackers, and expressing yourself in your own hacker way. Keep on hacking!
- ics Calendar file
Get all your questions about hard hats answered by the Hard Hat Brigade community organizers.
- ics Calendar file
- ics Calendar file
How to get started, two steps
Download the GE Appliances SmartHQ App “SmartHQ” available on the Google Play and iOS Stores to your mobile phone
Create your GE Appliances Account to commission the appliance, connecting the appliance to your account. The app will walk you through this step.
Router Name SSID: HackAway Router Name Password: With GEA
In-Scope: Only communications between the appliance, GE Appliances SmartHQ App, and the cloud connection for the appliance
Please leave your contact information and we will be in touch! Or you may visit our security webpage by typing “GEAppliances.com/security” into your Internet browser. We have a call center and PSIRT team ready to hear your questions!
- ics Calendar file
Grab some solder and update your JTAGulator! The Hardware Hacking Village (HHV) is back with another DEF CON hardware hacking-focused Capture the Flag (CTF) competition. This is a jeopardy style CTF, designed to challenge participants in various aspects of hardware hacking. Whether you're new to hardware hacking or experienced and just looking for something to do while you wait for your fault injection to trigger, all are welcome and challenges range from beginner to advanced.
- ics Calendar file
Curious about hacking chips using fault-injection? Take your first steps in our (free) glitching workshops! We provide you with hardware & guidance to conduct your first fault-injection attacks, all you need is a laptop running Python & OpenOCD: Reproduce the nRF52 "AirTag" glitch or learn how to glitch one of the chips used in crypto-wallets to store millions of dollars.
We will also have a secret challenge announced on site!
Lab provided by hextree.io
- ics Calendar file
This event was born out of the desire to teach an often-overlooked hardware and networking skill, and to provide the opportunity for experienced people to mentor others as they learn. DEF CON provides the perfect environment for people with no prior training to learn something useful and new. Hardwired networks are often overlooked in today’s world of cellular connection and Wi-Fi, but they still play an important part in the backbone of information sharing. We believe that while cutting-edge technologies are thrilling, traditional skills-building still has its place, and we want to provide that opportunity to the DEF CON community.
Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come see if you can... make the best cable at con by cut/wire/crimp.
- ics Calendar file
DEF CON has made HDA a community, and we now have a community room! This room will be dedicated to the attendees with ADA needs, their friends, helpers, and anyone who wants to hang out and be social! So far we plan on providing charging stations, chill out sessions, an open call for a modular synth jam session, and more to come! Let's all work together to make DEFCON Awesomely Accessible!
(Please note that on Thursday, we will be open only to provide assistance to those in need. Regular community programming will begin on Friday.)
Hang out, chill out deck out your mobility device and more!
- ics Calendar file
Bring your instruments, synths, and self for an open jam session
- ics Calendar file
To celebrate DEF CON 32, the Hardware Hacking Village (HHV) is hosting a Rube Goldberg Machine (RGM) Event! This idea has been kicking around the HHV volunteer circle in one shape or another since at least DEF CON 20, so it’s about time that it happened! The goal is to create a series of devices that combine to form an end-to-end Rube Goldberg machine for transmitting messages. The hope is that all sorts of creative devices will be connected up to each other to move bits through various complicated and fun analog/digital methods. Ideas have ranged from simply wiring RX to TX — to using radios to bounce the message off the moon!
- ics Calendar file
Who isn’t busy nowadays? When you sit down to hack, you want to find a bug, or at least know you’re on the right track to find one. Over the past 5 years of full-time bug bounty, I’ve identified a couple of techniques that will get you some quick wins on most applications. I’ll show you how to apply these techniques, and then, building upon them, direct your longer-term testing to keep finding bugs and getting the best ROI for your time hunting. This workshop is oriented toward equipping you to make the most money with the least time investment. These are not the most technical bugs. These are the bugs that pay the bills and keep you well-fed, dopamine'ed up, and pushing deeper into these apps. In this workshop, we'll target REAL bug bounty targets, and apply the very techniques I've used in the past to find bugs on these targets. We'll cover mega-efficient testing techniques for various types of client-side access controls and IDORs. We'll cover polyglot usage for generic injection testing. We'll cover attack vector ideation, friction minimization, gadget hunting, organization. And much, much more. All of these things will keep you motivated, on track, and efficient as you push through the slog of HTTP requests between you and your next pay day. Leggo.
What skill level is your presentation aimed at? All skill levels, but attendees should have a basic understanding of web architecture and web vulnerabilities such as XSS, CSRF, IDOR, and Broken Access Controls.
Pre-Requisites: - Bring your laptop - Please come with Caido installed (or Burp, if you must) - General understanding of HTTP requests and web testing
SpeakerBio: Justin "Rhynorater" Gardner, Host at Critical Thinking - Bug Bounty PodcastYo! I'm Justin Gardner - a full-time bug bounty hunter out of Richmond, VA. I also host the Critical Thinking - Bug Bounty Podcast and advise for Caido - the latest and greatest HTTP proxy.
I'm an active member of the HackerOne live hacking event circuit (the medium through which I do most of my bug bounties) and have placed top 5 in most of the live hacking events I've attended for the past couple years. Web hacking is my sh*t, but I love all types of hacking.
Outside of hacking, I love volleyball, I love Jesus, and I love startups. Those, with a healthy dose of family and friends, keep all my free time on lock.
- ics Calendar file
In the current digital security ecosystem, where threats evolve rapidly and with complexity, companies developing Endpoint Detection and Response (EDR) solutions are in constant search for innovations that not only keep up but also anticipate emerging attack vectors. In this context, this article introduces the HookChain, a look from another perspective at widely known techniques, which when combined, provide an additional layer of sophisticated evasion against traditional EDR systems.
Through a precise combination of IAT Hooking techniques, dynamic SSN resolution, and indirect system calls, HookChain redirects the execution flow of Windows subsystems in a way that remains invisible to the vigilant eyes of EDRs that only act on Ntdll.dll, without requiring changes to the source code of the applications and malwares involved.
This work not only challenges current conventions in cybersecurity but also sheds light on a promising path for future protection strategies, leveraging the understanding that continuous evolution is key to the effectiveness of digital security.
By developing and exploring the HookChain technique, this study significantly contributes to the body of knowledge in endpoint security, stimulating the development of more robust and adaptive solutions that can effectively address the ever-changing dynamics of digital threats. This work aspires to inspire deep reflection and advancement in the research and development of security technologies that are always several steps ahead of adversaries.
SpeakerBio: Helvio Carvalho Junior, CEO at Sec4USHelvio is the CEO of Sec4US, a leading company in Cyber Security, and stands out as a renowned researcher in the field. He made history by being the first in Latin America to achieve the prestigious OSCE3 certification, a milestone that reflects his deep knowledge and technical skill. With over 23 years of experience across various segments of Information Technology, Helvio currently focuses on research in bypass techniques for Endpoint Detection and Antivirus solutions, as well as specializing in offensive information security (RedTeam). His passion for creating exploits and malware is well-known and significantly contributes to the advancement of cybersecurity.
- ics Calendar file
This panel is a reprisal of the panel I've done for a couple years now. The first two years we were very successful- packed room, high audience engagement. I'm hoping to come back for a third year.
This is not written for public consumption. If you want a longer description that's audience-facing, let me know!
* Topic 1- SOCs vs IT infrastructure / Network Ops, the battle continues • Start off by giving some good war stories when we see these groups collide • Then tell some stories where they worked together in success • What is the intended design: efficiency, collaboration, oversight, secrecy? • What techniques makes these relationships successful? • Operational models • Ticketing and tasking • Partnership and interfaces
* Topic 2- LLMs/ Generative AI in general • What are they actually being used for in practice so far • What do we see emerging from the market right now • What roles can we replace in the SOC / adjust staffing on • Let’s speculate on 3 years from now, what do we see showing actual value • What’s overhyped, so far • Is the SOC going away? (of course it isn’t– why not) • Expand scope… what ML techniques outside LLM do we see SOCs getting value out of? What’s not getting the attention that it should? • How could we accomplish supervised learning (known / labelled sets) at enough scale? A community driven project might accomplish this. • Unsupervised learning approach - could we accomplish threat intelligence attribution where there’s no right answer, but some pretty good basis, and keep refactoring on old campaigns until we have a pretty reasonable approximation? Which leads us to threat intel…
* Topic 3- Threat Intel • Everyone’s got feelings about this one, what do we mean by threat intel beyond simple IOC matching? • How much refinement is needed in threat intel reporting? • How are folks separating (and handling) Tactical vs Strategic threat intel? • Who are SOCs getting the most traction with by sharing? Execs? Constituents? Other SOCs? • Work products: • Executive facing reporting? (are execs understanding/getting the value out of these reports?) • IT briefings? • Threat intel production / extraction from investigations? • Attribution?
* Topic 4- Live audience participation • Let’s do some live polls of the audience– this worked well last time, let’s expand on that • Topics we’re considering: • Staffing models • Current hiring trends • Current detection efforts
* Topic 5- Cyber risk quantification • What do we mean by CRQ? • When incidents happen, what CRQ measurement methods actually work? • How are folks using CRQ to drive improvements in defensive controls and/or other risk-related initiatives? • What is more speculative, low value, hard, or otherwise should the audience stay away from?
Come hear 5 SOC veterans discuss some of the most challenging topics in security operations today. Carson Zimmerman is joined by SOC veterans Chris Crowley, Eric Lippart, Enoch Long, and Russ McRee. With a total of over a century of SOC experience, we cut the buzzword bingo and get real. This year, we’ll be discussing topics like: resolving conflict with network and IT ops, what value are people really getting out of LLMs, how to get value with threat intel beyond IOC matching, and more! We will be doing live, real-time polling of the audience. We will also take your spicy questions!
Speakers:Carson Zimmerman,Russ McRee,Eric Lippart,Enoch LongCarson Zimmerman has been working in and around security operations centers (SOCs) for over 20 years. In his current role at Ardalyst, Carson helps clients transform uncertainty into understanding in their digital landscape. In his previous role at Microsoft, Carson led the investigations team responsible for defending the M365 platform and ecosystem. His experiences as a SOC analyst, engineer, and architect led Carson to author Ten Strategies of a World-Class Cybersecurity Operations Center, and co-authored its second edition, Eleven Strategies… which may be downloaded for free at mitre.org/11Strategies.
SpeakerBio: Russ McRee
- ics Calendar file
Artificial Intelligence is increasingly being framed in dystopian ways even though the technology has been around for decades and the opportunities it brings are vast. In the past months, more Governments have announced proposals to make AI models and systems more secure. Through a panel session, we want to shine a light on these efforts, particularly those that are most relevant to the DEFCON community, such as recommendations on testing and red teaming as well as the need for vulnerability disclosure processes. This session aims to foster a better understanding of what hackers are seeing on the ground in terms of the vulnerabilities in AI models and to identify how more collaboration could be undertaken. The outcome of this session will be to provide a spotlight on data gaps in this area and to share insights that can positively inform future work, such as the development of international AI standards.
Speakers:Wan Ding Yao,Christine Lai,Anjuli ShereMr Wan Ding Yao is the AI Security Lead in Singapore GovTech’s Cyber Security Group driving workstreams at the intersection of AI and cybersecurity including prototyping AI use cases for cybersecurity operations and developing AI red-teaming capabilities. He holds a Bachelor of Laws (Technology for Business) and a Master of Science in Computing (Data Science & Engineering) from the Singapore Management University. He is admitted to the Singapore Bar and holds professional cybersecurity certifications from OffSec, CREST, (ISC)2, Practical DevSecOps, MAD20, AWS, Microsoft, and Google.
SpeakerBio: Christine Lai, Cybersecurity Research Specialist at DHS Cyber Security and Infrastructure Security AgencyChristine Lai is a cybersecurity research specialist in the Office of the Technical Director at the Cybersecurity and Infrastructure Security Agency (CISA), where she currently serves as the AI Security lead for the agency. Prior to joining CISA, she was a cybersecurity and machine learning researcher on critical infrastructure programs at Sandia National Laboratories in Albuquerque, NM.
SpeakerBio: Anjuli Shere, Head of Cyber Advocacy in the Cyber Security at Directorate of the UK's Department for Science, Innovation and TechnologyDr. Anjuli Shere is the Head of Cyber Advocacy in the Cyber Security Directorate of the UK's Department for Science, Innovation and Technology. She has a doctorate in Cyber Security from the University of Oxford, during which she spent two years as a Research Fellow at Harvard Kennedy School's Shorenstein Center on Media, Politics and Public Policy. Dr.Shere's research covered emerging technological risks, focusing on converging threats to journalists and media freedom from the consumer Internet of Things in Taiwan, Australia, the U.K. and the U.S. Additionally, she was an intelligence analyst on Channel 4’s fugitive simulations "Hunted" and "Celebrity Hunted" for seven series (2017-2025), and an expert advisor to the Financial Times Film "People You May Know" about surveillance during the COVID-19 pandemic. Dr. Shere's previous relevant experience also includes tech/politics writing for the New Statesman, working as a research analyst at the Association for International Broadcasting, and honing her skills in analysis and investigation as part of CyberPATH (the UK National Cyber Resilience Centres Programme) and as a “Digital Sherlock” with the Atlantic Council’s Digital Forensic Research Lab.
- ics Calendar file
Manfred started out by taking apart toasters and breaking things to find out how they worked. That curiosity moved to client-server authoritative online games and snowballed into a 20+ year career operating in the dark alleys of shadow markets. Manfred has been in the trenches of hacking online games while building out a toolbelt to keep an upper hand in the ever changing cheat vs anti cheat arms race.
- ics Calendar file
Con la presentacion de diferentes expertos en el tema, los cuales en este panel presentado en tres idiomas, vamos a discutir el impacto real que genera la GenIA en nuestro mundo de cibserseguridad
SpeakerBio: Marco Figueroa
- ics Calendar file
This talk delves into the methodologies and strategies for discovering zero-day vulnerabilities in iOS applications. It covers the fundamental principles of iOS security, including code review, reverse engineering, and dynamic analysis techniques. Attendees will gain insights into common weaknesses in iOS app architecture and learn how to exploit these vulnerabilities ethically. By the end of the session, participants will be equipped with practical tools and knowledge to identify and address potential security threats in iOS applications.
SpeakerBio: Xavier D. Johnson, Security ResearcherBorn and raised in Detroit, a self-starter from the heart of the Motor City. I took the initiative to teach myself programming in 2004, setting the stage for a trajectory that would shape my future. During my high school years, I proudly served as the President of my school's engineering academy, where my leadership skills and innovative mindset grew. Post-graduation, I ventured into the business world, founding a successful software company that I later sold. My transition into the realm of cybersecurity was a natural evolution, and I have since dedicated myself to security research. I founded Build Skill Foundation, a non-profit organization committed to empowering individuals through education and mentorship. My personal methodology, honed over years of self-directed learning, serves as the backbone of this foundation. In the spirit of Detroit's resilience, I am not just forging my own path but paving the way for others to follow, making a lasting impact on the world of technology and education.
- ics Calendar file
See talk title, kids these days dont read more than a sentence anyway. Seriously though, we get asked a lot of random custom electronics, hardware hacking, and badge questions, here's your chance to throw them at us while we drink a beer and pretend to know the right answer
SpeakerBio: AND!XORAND!XOR is a hacker group of engineers who make electronic badges, retrofit snack machines, shenanigans, and other useful tech such as the wireless microwave oven sensor.
- ics Calendar file
A powerful corporation, notorious for its unethical practices, leveraged their extensive data resources gathered from users, and their psychological profiles, to subdue the population into compliance. The immune few, realizing the extent of the corporate conspiracy, band together to expose and dismantle the corporation's grip on society. These individuals must navigate a dangerous world of surveillance and betrayal. Their mission is to ignite a global awakening and reclaim freedom from corporate domination.
Players will have to join the mission and participate in a CTF that would be beneficial for beginners and experienced players alike. The challenge categories will be Web, Cryptography, Forensics, PWN(binary exploitation) and Reverse Engineering. Various difficulty challenges from each category will be featured.
- ics Calendar file
Our human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
A badge is required for each human age 8 and older.
You are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don't know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
Linecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
Online badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
Please help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
You will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
We can scan the QR code either from your phone's display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
If you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.
Online purchases are provided a receipt via email when the purchase is made.
Online purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
Badges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
There are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
We are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
If you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.
BlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.
Want to buy multiple badges? No problem! We're happy to sell you however many badges you want to pay for.
If you lose your badge, there is unfortunately no way for us to replace it. You'll have to buy a replacement at full price. Please don't lose your badge. :(
If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
If you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
- ics Calendar file
Join us for an insightful panel discussion where we bring together seasoned Bug Bounty Program Managers and adept bug bounty hunters. This panel aims to address pressing questions and share diverse perspectives on the evolving landscape of bug bounties. We will dive into the challenges faced by both hunters and managers, discuss strategies to enhance the impact of submissions, and explore the future of bug bounties in the face of emerging technologies, evolving trends, and threats. We will also highlight the importance of bug bounties in the current cybersecurity landscape and share the top elements that contribute to a successful bug bounty program. Lastly, we will provide recommendations for organizations looking to mature their bug bounty programs but are hesitant about expanding. This panel promises to be a valuable opportunity for learning, sharing, and networking for anyone involved or interested in the world of bug bounties.
Speakers:Johnathan Kuskos,Katie Trimble-Noble,Sam (erbbysam) Erb,Jeff Guerra,Logan MacLarenThere's no place Kuskos would rather be than somewhere with a cool breeze, lightning-fast bandwidth, a decent brew, and a list of servers to target . He discovered his passion for offensive security nearly 13 years ago and quickly became obsessed with the art of finding overlooked vulnerabilities, understanding why they're missed, and enhancing tools and methodologies for comprehensive coverage. Kuskos is the founder of Chaotic Good Information Security, a labor of love boutique penetration testing firm.
SpeakerBio: Katie Trimble-Noble, Director PSIRT & BountyDirector, PSIRT and Bug Bounty at a Fortune 50 tech Company. Katie serves as a CVE Program Board, Bug Bounty Community of Interest Board, and Hacking Policy Council member. She is a passionate defensive cybersecurity community activist, she is regularly involved is community driven projects and is most happy when she is able to effect positive progress in cyber defense. Prior to joining private sector, Katie spent over 15 years in the US Government. Most recently as the Section Chief of Vulnerability Management and Coordination at the Department of Homeland Security, Cyber and Infrastructure Security Agency (CISA).
SpeakerBio: Sam (erbbysam) Erb, Security Engineer at GoogleSam is a security engineer at Google who helps run the Google and Alphabet Vulnerability Reward Program. He holds two DEFCON black badges and numerous bug bounty live hacking event awards. He has presented previously on the DEFCON main stage and in the Packet Hacking Village. Outside of hacking, you will likely find Sam in a climbing gym or on the side of a mountain.
SpeakerBio: Jeff Guerra, Sr. Product Security Engineer at GitHubJeff Guerra is a Sr. Product Security Engineer at GitHub who enjoys bounties, application security, and much more. He is an avid advocate for vulnerability disclosure/bug bounty programs and the effectiveness and community engagement that comes with it. He's a curious and passionate security professional who loves to talk all things security. He loves watching and playing soccer and has recently began his journey into time-attack track events. He's a huge car enthusiast and recently began learning to modify cars for the track and daily use.
SpeakerBio: Logan MacLaren, Senior Product Security Engineer at GitHubLogan is a Senior Product Security Engineer at GitHub where he focuses on the success of their Bug Bounty program. When not hacking on GitHub itself, Logan can be found doing security research focused on open source projects, or learning and refining new skills with CTF challenges!
- ics Calendar file
Fresh from his DEFCON 31 marsec village talk, 'I am the Captain now', Paul has another year's experience at sea from which to share stories of taking control of vessels.
As it's timely, he will look at why the MV Dali incident wasn't a hack, dispelling ill-informed opinions from the wave of armchair experts that suddenly emerged, but more interestingly, ways that it so easily could have been a cyber event.
Finally, maritime cyber regulation is starting to catch up, but so many operators and technology providers are likely to be caught out by IACS UR E26 & 27
SpeakerBio: Paul Brownridge
- ics Calendar file
The ethical and secure disclosure of vulnerabilities in AI has emerged as a pivotal challenge, compounded by the need to address biases and misinformation that often cloud the true nature of these vulnerabilities. This talk delves into the intricate dynamics of vulnerability disclosure within AI, balancing transparency with security. We'll dissect the unique challenges AI presents, such as data bias exploitation and model manipulation, which can amplify the impact of vulnerabilities. Through a lens of real-world examples and recent disclosures, we'll navigate the complexities of responsible vulnerability management in AI. Our discussion will not only aim to shed light on these critical issues but also inspire a unified approach to refining disclosure processes. This concerted effort is vital for enhancing the integrity of AI systems and bolstering public trust in their use.
Speakers:Chloé Messdaghi,Kasimir SchulzChloé Messdaghi is the Head of Threat Intelligence at HiddenLayer, leading efforts to secure AI measures and promote industry-wide security practices. A sought-after public speaker and trusted authority for journalists, her expertise has been widely featured in the media. Recognized as a Power Player by Business Insider and SC Media, Chloé has made significant contributions to cybersecurity. Outside of work, she is dedicated to philanthropy, advancing industry progress, and promoting societal and environmental well-being.
Chloé Messdaghi serves as the Head of Threat Intelligence at HiddenLayer, where she spearheads efforts to fortify security for AI measures and fosters collaborative initiatives to enhance industry-wide security practices for AI. A highly sought-after public speaker and trusted authority for national and sector-specific journalists, Chloé's expertise has been prominently featured across various media platforms. Her impactful contributions to cybersecurity have earned her recognition as a Power Player by esteemed publications such as Business Insider and SC Media.Beyond her professional endeavors, Chloé remains passionately committed to philanthropy aimed at advancing industry progress and fostering societal and environmental well-being.
SpeakerBio: Kasimir Schulz, Principal Security Researcher at HiddenLayerKasimir Schulz, Principal Security Researcher at HiddenLayer, is a leading expert in uncovering zero-day exploits and supply chain vulnerabilities in AI. His work has been featured in BleepingComputer and Dark Reading, and he has spoken at conferences such as FS-ISAC and Black Hat. Kasimir leads the development of advanced tools for automating vulnerability detection and implementing large-scale patches, fortifying systems against supply chain attacks. His dedication to proactive defense measures sets a new standard in cybersecurity resilience.
- ics Calendar file
Upon its discovery, CVE-2024-2961, a very old buffer overflow in the glibc, seemed like a terrible bug. Within the prism of the PHP engine, however, the vulnerability shone, and provided both a new remote code execution vector and a few 0-days.
This talk will first walk you through the discovery of the bug and its limitations, before describing the conception of remote binary PHP exploits using this bug, and through them offer unique insight in the internal of the engine of the web language, and the difficulties one faces when exploiting it.
After this, it will reveal the impact on PHP's ecosystem, from well-known functions to unsuspected sinks, by showcasing the vulnerability on several popular libraries and applications.
SpeakerBio: Charles "cfreal" Fol, Security Researcher at LEXFO / AMBIONICSCharles Fol, also known as cfreal, is a security researcher at LEXFO / AMBIONICS. He has discovered remote code execution vulnerabilities targeting renowned CMS and frameworks such as Drupal, Magento, Symfony or Laravel, but also enjoys binary exploitation, to escalate privileges (Apache, PHP-FPM) or compromise security solutions (DataDog’s Sqreen, Fortinet SSL VPN, Watchguard). He is the creator for PHPGGC, the go-to tool to exploit PHP deserialization, and an expert in PHP internals.
- ics Calendar file
The ICS Village CTF offers hands-on experiences with industrial control systems, which bridge technology with physics. Attendees engage with industry experts while solving challenges like a red vs blue manufacturing network process coupled with OT-specific jeopardy-stye challenges. This contest highlights vulnerabilities in industrial equipment and OT protocols. By simulating attacks on critical infrastructure, participants develop and practice DEFCON-level skills, enhancing their understanding with critical infrastructure and the world we rely on.
- ics Calendar file
Idaho National Laboratory in collaboration with the Cybersecurity & Infrastructure Security Agency (CISA) will showcase the critical importance of safeguarding Industrial Control Systems (ICS) against cyber threats. Through a mixed reality game, the interactive VR experience illustrates the impacts of a cybersecurity attack on infrastructure, and highlights the intricate engineering processes that power our communities. By emphasizing the interdependencies within our Nation’s infrastructure, the VR challenges underscore the necessity of robust cybersecurity measures to ensure the reliability and security of essential services. Come restore power back to our city, virtually! (NOTE: this gamified interactive VR experience not technical in nature, and does not require cybersecurity or infrastructure knowledge to participate
- ics Calendar file
As Azure services continue to expand and evolve, their associated authentication methodologies have also changed. Having mostly moved away from storing credentials in cleartext, most Azure services utilize Managed Identities to offer a more secure approach to access management. However, Managed Identities can bring their own challenges and risks. In this talk, we delve into the nuanced landscape of Managed Identities across multiple Azure services. We explore how attackers exploit access to services with these identities to escalate privileges, move laterally, and establish persistence within Azure tenants. We will also provide helpful tips for defenders trying to identify these attacks. Finally, we will showcase a tool designed to automate attacks against User-Assigned Managed Identities.
SpeakerBio: Karl FosaaenAs a VP of Research, Karl is part of a team developing new services and product offerings at NetSPI. Karl previously oversaw the Cloud Penetration Testing service lines at NetSPI and is one of the founding members of NetSPI's Portland, OR team. Karl has a Bachelors of Computer Science from the University of Minnesota and has been in the security consulting industry for 15 years. Karl spends most of his research time focusing on Azure security and contributing to the NetSPI blog. As part of this research, Karl created the MicroBurst toolkit to house many of the PowerShell tools that he uses for testing Azure. In 2021, Karl co-authored the book "Penetration Testing Azure for Ethical Hackers" with David Okeyode.
- ics Calendar file
After volunteering to be a poll worker, Michael Moore developed a passion for Election Security. He was the first Information Security Officer for the Maricopa County Recorder's office and is now the first Chief Information Security Officer for the Arizona Secretary of State.Michael believes it is only through effective federal, state, and local government partnerships, as well as assistance from trusted vendors that we can protect our democracy and fulfill our duty to the American voter. The greatest threats to elections are MDM and the resulting insider threat caused by radicalized citizens. The best protection against these threats is combatting lies with the truth, developing secure and resilient systems that prevent attacks whenever possible, allow for detections of compromise and facilitate accurate and rapid recovery. Michael has pushed forward these initiatives in his own organizations as well as across the Michael is an alumnus of Arizona State University with a B.S. in Mathematics and a B.A. in Education,CISSP, Certified Election Official (CEO) and Certified Public Manager (CPM).Elections community.
- ics Calendar file
Immerse yourself in a workshop where we guide participants in creating a covert trojan within code completion models. Learn to inject a backdoor discreetly, then explore detection techniques. Gain hands-on experience crafting and identifying hidden threats, unveiling the underbelly of trusted coding.
Speakers:Ori Ron,Tal FolkmanOri Ron, an experienced Application Security Researcher at Checkmarx, joined the company in 2016. With over eight years of expertise in the field, Ori specializes in identifying and mitigating security vulnerabilities in software systems. His research spans the application security aspects of many programming languages, technologies, and environments.
SpeakerBio: Tal FolkmanTal brings over 7 years of experience to her role as a supply chain security research team lead within Checkmarx Supply Chain Security group. She is in charge of detecting tracking and stopping Opensource attacks.
- ics Calendar file
Since we were children we wanted to go to the arcade and play for hours and hours for free. How about we do it now? In this talk I’m gonna show you some vulnerabilities that I discovered in the cashless system of one of the biggest companies in the world, with over 2,300 installations across 70 countries, from arcades in Brazil, amusement parks in the United Arab Emirates to a famous roller coaster in Las Vegas. We will talk about API security, access control and NFC among other things.
The talk is divided into 10(+1) stages. Starting at Stage 0, I will relate the origin of the idea during H2HC Brazil in 2023. Initially, the proposal was an arcade in Brazil with a debit card system.
In Stage 1, I will present the company, the NFC card, an application to charge money and check our data, but without exploitable vulnerabilities due to the use of middleware.
In the next stage, the focus shifts to the company responsible for the debit card system. This Argentine company dominates the market, with more than 2300 installations in 70 countries, ranging from arcades to a famous roller coaster in Las Vegas. During the investigation, the /api endpoint on the server was identified, filtering out endpoints that did not return 404 or 200. DNS enumeration and the use of Shodan revealed an outdated info.php, as well as other servers with open ports and versions with vulnerabilities. Documentation was also found in /api/v2 without the necessary credentials.
In Stage 3, the IDOR and Broken Authentication vulnerabilities will be explained. Then I will present endpoints in the system that allow us to exploit these vulnerabilities and obtain card information and personal customer data.
Then, it will be revealed that the company provides a mobile application. When decompiling some applications, keys and API endpoints were discovered. All APKs were similar, differing only in keys and endpoints. Now, with these credentials we have the ability to recharge credit to our debit card.
In Stage 5, we will explain the Account Takeover attack and how to execute it on the system via API. Also I’ll explain Race Condition found in the API.
In the next scenario, a server found in Shodan: The online event booking system. Confidential information was found here, such as all Argentinean invoices, logs and extra company information, obtained by script written by me.
A reservation management portal was also identified with a Broken Access Control vulnerability, allowing us to view and modify all reservations, including modifying prices. It is important to note that all of these vulnerabilities affect ALL of the company's customers.
As we near the end, other servers will be quickly highlighted, such as the company's public Zendesk, allowing user creation and access to useful information. A U.S. case will be presented where a go-karting facility uses this system, allowing access to all monitors. Other examples include an amusement park company in Spain providing links to their park management consoles, and similar findings in Chile, Ecuador and Phoenix.
The last scenario will explain the NFC system, focusing on card reading and manipulation due to lack of security. Some attacks, such as changing the ID and referencing another card, will be shown. I’m also going to show the “feature” of emulating the card with the NFC of android phones, thus being able to emulate any card.
The idea of the talk is to demonstrate that even in 2024 there are significant systems with many users and with "basic" vulnerabilities known for years. Also I would like to encourage new generations to do ethical hacking and help generate a good relationship between hackers and companies. Computer security education and training are crucial to prevent attacks and protect our digital assets.
Ignacio Navarro, an Ethical Hacker and Security Researcher from Cordoba, Argentina. With around 6 years in the cybersecurity game, he's currently working as an Application Security. Their interests include code analysis, web application security, and cloud security.
Speaker at Hackers2Hackers, Security Fest, BSides, Diana Initiative, Hacktivity Budapest, 8.8, Ekoparty.
- ics Calendar file
In 2018, a secure communications app called Anom started to gain popularity among organized criminals. Soon, top tier drug traffickers were using it all over the world. Because they thought their messages were secure, smugglers and hitmen coordinated high stakes crimes across the platform. But Anom had a secret: it was secretly run by the FBI.
For years Joseph Cox has investigated the inside story of Anom, speaking to people who coded the app, those who sold it, criminals who chatted across it, and the FBI agents who surreptitiously managed it. This new talk, building on details from his recent book DARK WIRE, will include never-before-published technical details on how the Anom network functioned, how the backdoor itself worked, and how Anom grew to such a size that the FBI started to lose control of its own creation.
It will also reflect on how police have entered a new phase of compromising entire encrypted phone networks, with little to no debate from the public, and provide critical insight on what really happens when authorities introduce a backdoor into a telecommunications product.
DARK WIRE: The Incredible True Story of the Largest Sting Operation Ever, June 4th, 2024: link
SpeakerBio: Joseph Cox, Co-Founder at 404 MediaJoseph Cox is an investigative journalist and author of DARK WIRE, the inside story of how the FBI secretly ran its own encrypted phone company called Anom to wiretap the world. He produced a series of exclusive articles on Anom for VICE’s Motherboard, and is now a co-founder of 404 Media.
- ics Calendar file
Learn the trade secrets of elite embedded security researchers and exploit developers. This hands-on workshop equips you with the QEMU and GDB skills needed to emulate and debug embedded system processes.
Friday, August 9th / Saturday, August 10th
10:00 am - QEMU Primer
11:00 am - QEMU Emulation
2:00 pm - Debugging with QEMU and GDB
3:00 pm - Q&A for Workshops
Physical Red Teams are the most dynamic, exciting, and fast paced engagements we can perform. It requires good decision making under pressure and intimate knowledge of a vast landscape of physical security mechanisms. This talk equips you with the knowledge of over a dozen techniques I use on engagements, delivering the most effective lessons from both lab work and field work. In one action packed hour we'll cover top bypasses for padlocks, doors, RFID systems and more.
SpeakerBio: Justin Wynn, Director of the Red Team at CoalfireJustin Wynn is the Director of the Red Team at Coalfire and is a Physical Security SME. He's broken into nearly every type of building: data centers, banks, courthouses - you may be familiar with his wrongful arrest in the latter. He's a keynote speaker who has conducted over 350 penetration tests and physical engagements. His pastimes include bank robbing, algorithmic option trading, public speaking, community development, and world peace by founding the militant wing of the Salvation Army.
- ics Calendar file
This is an AMA/Podcast that will be recorded on-site.
Speakers:CATO Networks,Dhruv Shah
- ics Calendar file
This is an AMA/Podcast that will be recorded on-site.
Speakers:Daniel Miessler,Ankur
- ics Calendar file
This is an AMA/Podcast that will be recorded on-site.
Speakers:RedHunt Labs (Kunal),Anant Shrivastava
- ics Calendar file
- ics Calendar file
(NOTE: This is an overflow class only if the first session is full)
Learn how to program the DCNextGen Badge
- ics Calendar file
Quantum Key Distribution (QKD) has been heralded as the future of secure communications, but what does it really offer, and how does it work? This talk is a deep dive into the physics that underpins QKD, tailored for the technically curious and sceptical minds at DefCon. We’ll explore the foundational principles of quantum mechanics that make QKD possible, with a focus on the BB84 protocol and Continuous Variable QKD (CV-QKD). Additionally, we’ll compare these quantum methods with classical key exchange techniques, discussing their strengths and limitations in real-world applications—without the hype. Whether you’re a seasoned cryptographer or new to the field, this session will provide a practical and clear-eyed understanding of quantum key exchange.
SpeakerBio: Ben Varcoe
- ics Calendar file
This workshop offers a hands-on introduction to developing Osquery extensions for Linux and macOS, aimed at beginners seeking to enhance endpoint security visibility. Through guided instruction, participants will explore Osquery extension architecture, the Thrift API, SQL-based querying, and module integration. Real-world examples and best practices will be emphasized, providing attendees with the skills to create custom extensions tailored to organizational security needs. By the end of the session, participants will have the confidence to leverage Osquery effectively in bolstering endpoint security defenses. Python will be used during the workshop. Basic knowledge of python will be sufficient to follow workshop.
Outline:
Join us for a comprehensive introduction to developing Osquery extensions tailored for Linux and macOS environments. This hands-on training session, designed for beginners, will demystify the process of extending Osquery functionalities, empowering attendees to bolster their endpoint security strategies. Throughout the workshop, participants will learn the fundamentals of Osquery extension development, gain practical insights through real-world examples, and discover how to leverage Osquery's capabilities to enhance visibility into their endpoint ecosystems. By the end of this session, attendees will have the confidence and knowledge to create custom Osquery extensions, effectively enriching their organization's security posture.
SpeakerBio: Kivanc AydinWith a distinguished career spanning multiple sectors, Kivanc is a seasoned cybersecurity expert with a rich background in detection, monitoring, and incident response. Kivanc began their professional journey in the military, where they honed their skills in cyber defense and security strategies. Transitioning from military service, they brought their expertise to academia, delivering lectures at the university level and sharing their deep knowledge with the next generation of cybersecurity professionals.
Currently, Kivanc is making significant contributions to the payment industry, where they apply their extensive experience to safeguard critical financial infrastructures. Their focus remains on enhancing detection and response capabilities to address emerging cyber threats effectively.
In addition to practical experience, Kivanc holds a Master's degree in Cyber Security and multiple industry-standard certifications, underscoring their commitment to excellence and professional development. A strong advocate for open-source solutions, they actively contribute to and utilize open-source tools to drive innovation and community collaboration within the cybersecurity landscape.
Driven by a passion for continuous learning and knowledge sharing, Kivanc is dedicated to empowering others through education and mentorship, believing that collective effort is key to advancing the field of cybersecurity.
- ics Calendar file
Recent advancements in drone technology are opening new opportunities and applications in various industries across all domains. Drones are quickly becoming integrated into our everyday lives for commercial and recreational use like many IoT devices; however, these advancements also present new cybersecurity challenges as drones grow in popularity. This talk provides an introduction to drone security covering the core components of drone technology (e.g., hardware, software, firmware, and communication protocols), cybersecurity risks and mitigations, and cybersecurity best practices for drone operations. Attendees will gain an understanding of drone systems and important security measures that help protect these devices (and its operators) from emerging and evolving threats.
SpeakerBio: Hahna Kane LatonickFor the past 18 years of her engineering career, Hahna Kane Latonick has worked throughout the defense industry specializing in cybersecurity as a computer security researcher for the Department of Defense and other defense contracting companies. She has been featured as a cybersecurity subject matter expert on Fox Business News, ABC, U.S. News and World Report, and other national media outlets. She currently serves as a Director of Security Research for a cybersecurity firm and has led four tech startups related to computer security, serving as CTO of two of them, VP of R&D, and Director of R&D. She has trained and developed security researchers at one of the top five aerospace and defense industry companies. She has also taught at Black Hat, CanSecWest, Ringzer0, and the Security BSides Orlando conferences. At the 2023 DEF CON IoT CTF, she and her team tied for first place. In 2014, she became a DEFCON CTF finalist, placing in 6th and ranking in the top 1.5% of ethical hackers worldwide. She also holds security certifications, including CISSP, CEH, and Certified Android Exploit Developer. Latonick attended Swarthmore College and Drexel University where she earned her B.S. and M.S. in Computer Engineering along with a Mathematics minor.
- ics Calendar file
With a background in security consulting, having worked for some of the largest financial institutions in Scandinavia, and biggest tech companies in the Bay Area, Denis started Nova to provide web application, network penetration testing, and bug bounty triage services at a scale that enables a greater focus on the specific needs of each individual client.
- ics Calendar file
Kubernetes is the de facto operating system of the cloud, and more and more organizations are running their workloads on Kubernetes. While Kubernetes offers many benefits, it also introduces new security risks, such as cluster misconfiguration, leaked credentials, cryptojacking, container escapes, and vulnerable clusters.
This workshop will teach you the fundamentals of Kubernetes security, you'll learn how to exploit workloads running on a Kubernetes environment using Living Off the Land (LotL) techniques like exploiting Insecure APIs, Secrets Theft, Container Escape and Pod Privilege Escalation, similar to the ones used by real-world threat actors.
SpeakerBio: Lenin Alevski, Security Engineer at GoogleLenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog
- ics Calendar file
Find out how to participate in the Payment Village CTF
SpeakerBio: Leigh-Anne Galloway, Director of Research at UNDERLE LTDLeigh-Anne Galloway is the Payment Village Lead and Director of Research at UNDERLE LTD. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. This is where she discovered her passion for security advisory and payment technologies. She authored research on ATM security, application security and payment technology vulnerabilities; and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, and Troopers, Black Hat USA, Black Hat Europe and DEF CON. She also serves on the board for Black Hat Europe.
- ics Calendar file
In this workshop you will learn how to assemble and use the village badge, and how it can be used to solve challenges in the CTF
SpeakerBio: Leigh-Anne Galloway, Director of Research at UNDERLE LTDLeigh-Anne Galloway is the Payment Village Lead and Director of Research at UNDERLE LTD. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. This is where she discovered her passion for security advisory and payment technologies. She authored research on ATM security, application security and payment technology vulnerabilities; and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, and Troopers, Black Hat USA, Black Hat Europe and DEF CON. She also serves on the board for Black Hat Europe.
- ics Calendar file
- ics Calendar file
The IoT village pi eating contest is a challenge where participants put their hardwear hacking experience to the test by going head to head with other hackers. Participants will be provided all the tooling necessary to get a root shell on an IoT device. Whoever roots the device in the shortest time wins.
In this brand new challenge, participants put their hardware hacking experience to the test by going head to head with other hackers. Participants will be provided all the tooling necessary to get a root shell on an IoT device. Whoever roots the device in the shortest time wins!
- ics Calendar file
The IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.
- ics Calendar file
What keeps me up at night? Is it that I can't break in anymore, or is it that we haven't figured out all the ways to break in? Over the years, we have seen moves to place our applications into smaller attacker surface spaces. We have seen those microservice environments abstract our attack surface. Did we eliminate all attacks? At the same time, we have an explosion of endpoints of applications that run interpreted languages and how those constraints can be broken.
When organisms evolve in the wild, they do so under extreme pressure. Has the pressure to find new ways to get a foothold in environments allowed us to evolve? Attackers are crafty, and defenders have to keep up. This talk demonstrates a methodology and tools for moving from container-constrained environments. They are limited to shells and interpreters. Have you been stuck like this before? Let's get beyond that. How does this tool move beyond containers and constrained environments into Windows and other generic workloads? Let's not worry about LOLBins. Bring your land and get off the air-gapped island.
SpeakerBio: Moses Frost
- ics Calendar file
Your friend called. They had their place raided. They swear it's a setup. But now they're in jail and you're the only hope they have. Can you collect the evidence that will let them walk free? Where should you look? The evidence is everywhere, and it could be anywhere. You might be sitting on it. You might be standing near it. It might be stuck to something. It might be lying in plain sight. Find the disks and bring them to us. All they said to you before they hung up was "It's in that place where I put that thing that time." Good luck.
- ics Calendar file
Come party with Jack Rhysider at the Darknet Diaries Masquerade party! You're not going to want to miss this event as there will be free swag, killer music, interactive exhibits, and of course Jack Rhysider.
SpeakerBio: Jack Rhysider
- ics Calendar file
Jayson E. Street referred to in the past as:
A "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
He's a Simulated Adversary for hire. The author of the "Dissecting the hack: Series" ( Which has been taught in colleges and Jayson also appears in college text books as well). Also, the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON China, GRRCon, DerbyCon and at several other 'CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once all others he was supposed to)!
Jayson is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far but if they are please note he was proud to be chosen as one of Time's persons of the year for 2006.
- ics Calendar file
Jayson E. Street referred to in the past as:
A "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
He's a Simulated Adversary for hire. The author of the "Dissecting the hack: Series" ( Which has been taught in colleges and Jayson also appears in college text books as well). Also, the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON China, GRRCon, DerbyCon and at several other 'CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once all others he was supposed to)!
Jayson is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far but if they are please note he was proud to be chosen as one of Time's persons of the year for 2006.
- ics Calendar file
Join us for the thrilling and BRAND NEW competition where professional social engineers battle a cutting-edge AI team to see who can achieve the most objectives, followed by an insightful panel discussion.
- ics Calendar file
As artificial intelligence and machine learning increasingly become the backbone of our cybersecurity infrastructure, we face a new set of ethical challenges that go beyond traditional security concerns. This keynote dives into the critical issues of fairness, transparency, and accountability in AI-driven security systems. We’ll explore the relevance of AI ethics to safety and security testing, especially red teaming efforts. Finally, we’ll discuss the importance of ethical AI development in cybersecurity, emphasizing the need for diverse development teams, rigorous testing for biases, and ongoing audits of AI systems in production. This keynote aims to spark a crucial conversation in the hacker community about our responsibility to ensure that as we push the boundaries of AI in security, we don’t lose sight of the human values and ethical principles that should guide our work.
SpeakerBio: Nikki Pope, NVIDIA
- ics Calendar file
Defeat the Keysight CTF challenge for a chance to win a Riscuberry IoT hacking training kit with Riscure Academy online training. See one of the Keysight staff for details. LIGHT THE BEACONS and show us the flag!
- ics Calendar file
CSC ServiceWorks is a large vendor of pay-to-play laundry machines in apartments and condomiums. Most are Speed Queens, but newer CSC-branded machines use an app for payment and have custom circuitry inside. Many however accept quarters as well. We show that, when all else fails, you can always physically bypass the coin slot to run the machines for free.
Michael is a programmer, linux developer, network administrator, security consultant, lockpicker, bike messenger, and mathematician from Baltimore. The only thing he hates more than computers is computers inside of other things.
- ics Calendar file
In this workshop, you’ll learn to write BadUSB scripts to hack computers using a cute, cat-shaped hacking tool called the USB Nugget. You’ll learn to write scripts to get computers of any operating system to do your bidding in seconds, and also how to automate nearly any desired action remotely. If you want to learn scripting like the USB Rubber Ducky, but with a Wi-Fi interface and more, this workshop is for you! A computer with Google Chrome is required for this workshop.
SpeakerBio: Kody K
- ics Calendar file
Do you have any photos, videos, games or apps privately hosted at home that you’d love to easily and securely share with your friends anywhere in the world, for free? Would you like to learn how to secure your family and school’s Internet access against phishing, ransomware, and other Internet risks? In this hands-on class you will learn how to easily build a secure private network over the Internet with Cloudflare Zero Trust services.
- ics Calendar file
The OWASP Amass Project has been developing the new OSINT Collection Engine that is designed around the Open Asset Model data standard released last year. The new engine makes your use of Amass more flexible than ever before, yet does come with some additional configurations to learn. This workshop will take users, both new and seasoned, all the way through the experience of using this new architecture.
SpeakerBio: Jeff Foley
- ics Calendar file
As security researchers, we constantly attempt to stay ahead of the curve, seeking innovative solutions to enhance our offensive security strategies. In recent years, the advent of artificial intelligence (AI) has introduced a new dimension to our efforts, particularly in the realm of bug bounties and pentesting. While significant attention has been given to understanding and mitigating attacks against AI systems, the potential of AI to assist in the offensive security field remains largely unclear.
This talk pretends to dig into the research and development process undertaken to create an AI agent designed to augment the bug bounty and pentesting workflow. Our AI agent is not merely a theoretical concept but a practical tool aimed at enhancing the efficiency and effectiveness of security researchers.
We have conducted extensive research to understand how AI can mimic and enhance human intuition and creativity in identifying vulnerabilities. While this may sound trivial, there is little evidence of this being tested before on generative AI agents. Our work breaks new ground by pushing the boundaries of what AI can achieve in offensive security.
Will AI become an indispensable tool in our arsenal, capable of autonomously identifying and exploiting vulnerabilities? Join us as we explore the possibilities and implications of AI as an offensive assistant in this new era of offensive security.
Speakers:Diego Jurado,Joel "Niemand_Sec" NogueraDiego Jurado is a security researcher at XBOW, a company dedicated to developing innovative AI for offensive security. Diego is an offensive security professional with an extensive background in bug bounty, penetration testing and red team. Prior to this role, Diego has held positions at companies such as Microsoft Xbox, Activision Blizzard King and Telefónica. Additionally, Diego participates in bug bounty programs and has managed to establish himself in the top 38 all time leaderboard of HackerOne. Diego is part of Team Spain, champion of the Ambassadors World Cup 2023 a bug bounty competition organized by HackerOne.
SpeakerBio: Joel "Niemand_Sec" Noguera, Security Researcher at XBOWJoel Noguera is a security researcher at XBOW, a company dedicated to developing innovative AI for offensive security. Joel is a security professional and bug hunter with more than eight years of expertise in exploit development, reverse engineering, security research and consulting. He has actively participated in Bug Bounty programs since 2016, reaching the all-time top 60 on the HackerOne leaderboard. Before joining XBOW, he was part of Immunity Inc., where he worked as a security researcher for three years. Joel has presented at Recon, BlackHat Europe, EkoParty and BSides Keynote Berlin, among others.
- ics Calendar file
Rotem Bar is a dedicated cybersecurity expert with over ten years of experience, focusing on internal security using bug bounty programs and other pentesting capabilities. His passion for identifying and mitigating security vulnerabilities has led him to actively participate in numerous security initiatives, earning recognition within the community.
- ics Calendar file
Lonely Hackers Club is conducting some meshtastic activities during DEF CON 32.
The Lonely Hackers Club is hosting a CTF over Meshtastic. To participate you will need a Meshtastic node. There will be additional flags located in or near the LHC room. For more information check out our Meshtastic page.
Learn more here.
Tap here to reconfigure your device
Tap here to reconfigure your device
- ics Calendar file
The Unofficial Sticker Swap is a casual and engaging activity where attendees can trade and collect unique stickers. This event fosters a sense of community and allows participants to showcase their creativity and personal style.
- ics Calendar file
Knowing how to use the Linux command line is a critical skill for any good security practitioner. This trainer will have 10+ problems covering some of the most fundamental Linux commands. This trainer is for people new to field and for those who want to hone their Linux command line-fu.
- ics Calendar file
Do you fancy doing live recon on Real Organizations? Then activate Yourself. And compete in a unique HACKER challenge.
This year we are launching a new nail biting Contest, i.e Live Recon where participants will compete with each other to perform a deep osint and recon on the target organization. Here are the details:
About the contest:
Join us for an electrifying two-day Live Reconnaissance Event. Whether you're a seasoned security expert, a curious newcomer or a bugbounty pro, this is your chance to test your skills in a high-octane environment.
Your Mission
Get ready to perform live reconnaissance on a curated list of companies. Dig deep and unearth critical information that could be game-changing. Use your analytical prowess and sharp instincts to explore, probe, and uncover hidden data.
Why Join the Hunt?
Experience Real-World Challenges: Face off against real-world scenarios. Compete and Collaborate: Work with the best minds in the field. Learn from the Masters: Recon on a massive scale. Score Epic Prizes: Walk away with cool rewards.
Who's Invited?
If you’ve got a passion for cybersecurity and Recon, this event is for you. Whether you’re a university student, a pro pentester, or a hobbyist eager to sharpen your skills, we want you! Teams are encouraged to register and bring a mix of talents to tackle these challenges head-on.
Get Ready to Recon!
Unleash your inner hacker and join us for a reconnaissance adventure you won’t forget!
Please note that this is an in-person event, and winners need to be at DEFCON to collect their prizes. However, once we have announced the targets, participants can play it from anywhere online (as this is Recon on public and live targets).
- ics Calendar file
- ics Calendar file
- ics Calendar file
Join Drew Green, John Rodriguez, and Ken Pyle for a deep dive into identifying vulnerabilities in network devices. Explore and exploit weaknesses in a wireless mesh network and learn how advanced threats view your infrastructure.
Speakers:Drew Green,John Rodriguez,Ken Pyle
- ics Calendar file
Want to tinker with locks and tools the likes of which you've only seen in movies featuring secret agents, daring heists, or covert entry teams?
Then come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.
The Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.
Experts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.
A popular spot for new lock pickers! Highly recommended you stop by. The Lockpick Village is always kid friendly and welcomes folks of all ages. We do require that the parents stay with the kids.
- ics Calendar file
Picking locks is fun, but what if you want more? Ever considered competing against other lock enthusiasts? In this talk we'll discuss the exciting lock-related competitions that take place around the world, how to find them, and what it takes to compete and win.
SpeakerBio: Matt BurroughMatt Burrough is a devoted locksport hobbyist who has competed in a variety of international lockpicking tournaments. He also co-leads the Seattle Locksport group. During the day, Matt manages a professional red team. He is the author of Pentesting Azure Applications (No Starch Press, 2018) and co-author of Locksport (No Starch Press, 2024).
- ics Calendar file
- ics Calendar file
You have been randomly selected for additional security training. Be on the look out for one of our drives, USBs or surprise devices out here in Vegas, and follow along on @LonelyHardDrive for further clues to start hacking away at the puzzles. This is required for all LonelyCorp employees and Betty Pagefile is counting on you!
- ics Calendar file
How far will you go? Or, more accurately, how far was your tag's last reported location? Pre-register your team to receive one of a dozen tags, and check out our socials (@LonelyHardDrive) to watch the tags move across the map!
- ics Calendar file
LoRa is an exciting new technology renowned for its low cost and long range, making it popular for hackers and makers. In this workshop, you’ll learn to program a LoRa radio with CircuitPython to create long-range hacking tools and blinky prototypes which can communicate off-grid from over a mile away! The workshop will cover remotely triggered BadUSB devices, LED controllers, sensor monitors, and more! A computer with Google Chrome is required for this workshop.
SpeakerBio: Kody K
- ics Calendar file
If you find something that seems to have been lost, please take that item to the nearest NFO Node. The item will enter the DEF CON Lost & Found system.
If you've lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in room LVCC - L2 - W238. You may also call Lost & Found at +1 (725) 377-5045.
The Lost & Found department plans to be open Thursday - Saturday, during all hours that the conference operates. On Sunday, the Lost & Found department will open with the venue at 08:00, but will close at the beginning of DEF CON 32 Closing Ceremonies (15:00). Shortly thereafter, all remaining lost items will be transferred to the LVCC West Lobby Security Office. If you need to reach LVCC's West Lobby Security Office, you may call +1 (702) 943-3532.
- ics Calendar file
In this talk we'll cover just how far you can communicate on less power than your phone uses to charge. How to tx over the horizon and how to power it all.
SpeakerBio: EscobarEric is a seasoned penetration tester by day an amateur extra by night (W6WD).
- ics Calendar file
In this research businesses and organizations continue to adopt more advanced security measures to protect against cyber-attacks on your macOS endpoints, attackers are constantly evolving their techniques to bypass these measures. In this presentation, we will demonstrate real-world attack scenarios and reveal common vulnerabilities, as well as provide insights on how to exploit them. "macOS Red Team on Corporate Scenarios" is the result of years of research and dedicated work in testing macOS environments. Its main objective is to provide a comprehensive view of the security surrounding Apple's operating system, demonstrating how potential vulnerabilities can be exploited. The adopted approach assumes the perspective of an insider attacker or during a Red Team simulation.
The research will delve into various security features embedded within macOS, such as SIP (System Integrity Protection), TCC (Transparency, Consent, and Control), FileVault, SSV (System Software Version), Gatekeeper, XProtect, and Secure Boot. These components play crucial roles in safeguarding the integrity, privacy, and overall security posture of the macOS operating system.
The research will also delve into the tactics, techniques, and procedures (TTPs) recommended by the MITRE ATT&CK framework for macOS systems to assist in conducting red team simulations. This exploration aims to provide insights into the methodologies and strategies employed by attackers, enhancing the effectiveness of defensive strategies and improving overall cybersecurity posture in macOS environments.
At the conclusion of the presentation, we will demonstrate how to perform a bypass of a vulnerability discovered in the macOS Transparency, Consent, and Control (TCC) framework. This vulnerability has been reported to Apple for investigation and mitigation. We will also discuss the process of how Apple has handled the vulnerability disclosure and the steps taken by the company to address the issue.
SpeakerBio: Ricardo L0gan
- ics Calendar file
Maestro is a post-exploitation tool designed to interact with Intune/EntraID from a C2 agent on a user's workstation without requiring knowledge of the user's password or Azure authentication flows, token manipulation, and web-based administration console. Maestro makes interacting with Intune and EntraID from C2 much easier, as the operator does not need to obtain the user's cleartext password, extract primary refresh token (PRT) cookies from the system, run additional tools or a browser session over a SOCKS proxy, or deal with Azure authentication flows, tokens, or conditional access policies in order to execute actions in Azure on behalf of the logged-in user. Maestro enables attack paths between on-prem and Azure. For example, by running Maestro on an Intune admin's machine, you can execute PowerShell scripts on any enrolled device without ever knowing the admin's credentials!
SpeakerBio: Chris Thompson, Principal Consultant at SpecterOpsChris Thompson (@_Mayyhem) is a Principal Consultant at SpecterOps, where he conducts red team operations, research, tool development, and training. Chris has instructed at Black Hat USA/EU and spoken at Arsenal, DEF CON Demo Labs, SO-CON, and Troopers. He is the primary author of Maestro and SharpSCCM and co-author of Misconfiguration Manager, an open-source tool and knowledge base that can be used to help demonstrate, mitigate, and detect attacks that abuse Microsoft Configuration Manager (formerly SCCM).
- ics Calendar file
Embora tragam muita diversão e inovação, brinquedos conectados à Internet (IoToys) também apresentam sérios riscos à segurança e privacidade. Ao entender e mitigar esses riscos, e até mesmo criando seus próprios dispositivos, pais e responsáveis podem garantir que a diversão com brinquedos inteligentes e conectados não se transforme em uma preocupação com vazamentos de informações pessoais.
SpeakerBio: Christiane Borges Santos, Coordenadora do Eixo de Design Factory - Criar IFGTecnóloga em Redes de Comunicação e Mestre em Engenharia Elétrica e da Computação. Fundadora do Grupo de Robótica para Meninas Metabotix e membro do Grupo de Robótica GYNBOT. Atualmente, professora no Instituto Federal de Goiás (IFG) campus Luziânia, Instrutora CISCO NetAcad e Coordenadora do Eixo de Design Factory do Criar Polo de Inovação do IFG.
- ics Calendar file
This workshop aims to describe how to use Maltego CE with the common available transform sets. Additionally we will teach you how to extend the tool by integrating external datasources and OSINT tools thanks to the open-source maltego-trx library.
Outline:
- Overview
- Datasources
- Investigation basics
- Creating your own entities
- Building your own transforms
- Demo
- Lab:
- Connecting an OSINT tool (holehe, whatsmyname…)
- Q&A
Prerequisites - Maltego Community Edition (requires Maltego ID registration for activation) - Python + pip - Maltego-trx library - Optional: your favourite IDE (VSCode, Pycharm…)
SpeakerBio: Carlos Fragoso
- ics Calendar file
In MARC I (Malware Analysis Report Competition I), participants collect and analyze real malware, then write an analysis report like a story, covering the entire scope of who, what, when, where, why, and how they found and analyzed the malware.
MARC I was created by Lena Yu (aka LambdaMamba) to provide malware enthusiasts with an opportunity to learn and showcase their passion and skills. Mastering malware analysis means mastering language. Essentially, we take a highly technical concept and simplify it into something that many can understand, similar to how a compiler translates high-level language into low-level language that a wide range of systems can understand.
When participants open-source and publish their work, it greatly contributes to improving the field of cyber defense. Let's make malware analysis knowledge go viral!
BOMBE: Battle of Malware Bypass and EDR
Try to capture malware by writing your own EDR, or become the malware to bypass detection! BOMBE (Battle of Malware Bypass and EDR) is a unique match where malware and EDR systems compete against each other inside a single VM boxing ring.
Our participants can choose if they want to be malware creator or EDR developer. Malware creators aim to exfiltrate credentials and transmit them to our designated server. On the other side, EDR developers will focus on detecting the malware's activities and report its findings. Both the malware and EDR, created by our participants, will battle each other directly inside a single VM. As they face off, they’ll earn points for wins, moving up on the leaderboard. We also encourage them to keep improving their malware or EDR systems, system logs will be released after a few rounds.
BOMBE was created by Wei-Chieh Chao (aka oalieno) and Tien-Chih Lin (aka Dange). It is not just a competition, it's a learning platform. Participants engage with real-world scenarios, learning the circumstances between malware and EDR, a never-ending bypass and detect game. Showcase your skills! Whether you're a wizard at weaving undetectable malware or a mastermind in sophisticated defenses, this is your stage. Demonstrate your capabilities to a global audience, including potential employers and industry leaders.
- ics Calendar file
Manufacturing continues to be a top targeted sector by cyber threat actors, especially by ransomware. Dragos 2023 Year In Review showed that 70% of all ransomware victims were manufacturers. The Global Resilience Federation Ransomware Report shows very similar figures. There are some specific elements that make manufacturing a particularly attractive target for ransomware such as the lack of network security and segmentation, IT compromise that often leads to operational disruption (even if there is not OT network intrusion), manufacturing having tight margins, a lack of a compliance regime, and organizational size all contributing. Manufacturing continues to be a top targeted sector by cyber threat actors, especially by ransomware. Dragos 2023 Year In Review showed that 70% of all ransomware victims were manufacturers. The Global Resilience Federation Ransomware Report shows very similar figures. There are some specific elements that make manufacturing a particularly attractive target for ransomware such as the lack of network security and segmentation, IT compromise that often leads to operational disruption (even if there is not OT network intrusion), manufacturing having tight margins, a lack of a compliance regime, and organizational size all contributing.
While manufacturing as a whole lags many other critical infrastructure sectors in aspects of cyber security there is a category that manufacturing has consistently led other industry verticals in, automation and device connectivity in the operational technology domain. Manufacturer’s OT network environments increasingly are set up as a network or hyper connected IIoT devices, where all data goes to the cloud and often comes back from the cloud to offer changes, and all participants have access into the OT network domain allowing manufacturing to push the boundaries of what products are technically possible, what production efficiencies are possible, and how OT environments can scale as never before.
This has obviously come with downside risks that manufacturers are only now beginning to grapple with and to make meaningful changes to better protect their networks and the gains they have made. Their growing pains can serve as roadmap of what to do and what not to do as many other OT intensive industry verticals are moving very quickly into similar use cases.
SpeakerBio: Tim Chase, Program Director at Global Resilience Federation (GRF)Tim Chase is a Program Director with the Global Resilience Federation (GRF), he brings nearly a decade of collective defense and intelligence analysis experience to the communities he leads. He has worked across various critical infrastructure sectors in several information sharing communities. He leads the Manufacturing Information Sharing and Analysis Center (MFG-ISAC) where he engages members to facilitate cyber security success for manufacturers and their support ecosystem. The MFG-ISAC facilitates the exchange of cyber threat intelligence, vulnerabilities, and mitigation strategies while fostering member collaboration with other key sectors and government agencies to respond and prevent critical threats and incidents.
- ics Calendar file
After working with over 400 companies on their application security programs the most common question I receive is “what’s next?”. They want to know how to mature their programs, and when they look at the maturity models available, they find them intimidating and so far beyond their current maturity level that they feel impossible. In this talk I will take you through 3 common AppSec program maturity levels I have encountered over the years, with practical and actionable next steps you could take immediately to improve your security posture.
SpeakerBio: SheHacksPurpleTanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She also is the head of education and community at Semgrep, running their online community and academy which both revolve around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty five years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.
Advisor: Nord VPN, Katilyst, ICTC PAC
Founder: We Hack Purple, WoSEC International (Women of Security), OWASP DevSlop, #CyberMentoringMonday
Faculty: IANS Research
- ics Calendar file
In an increasingly interconnected world, cybersecurity stands at the forefront of national security and defense. This panel brings together a diverse group of veterans, federal civilians, and actively serving soldiers to delve into the critical intersection of national service and cybersecurity. Through their unique perspectives and experiences, the panelists will shed light on how their respective roles play a vital part in protecting national interests and addressing the ever-evolving landscape of cyber threats.
Our panel aims to underscore each group's indispensable contributions to the cybersecurity field, from veterans' strategic and operational insights to active service members' hands-on expertise and federal civilians' policy and management perspectives. By attending, you will gain valuable insights into the synergies between these roles and the pivotal role of collaboration in fortifying national security.
Join us for a compelling discussion on the profound impact of national service on cybersecurity, the challenges encountered by each group, and the vast opportunities for future collaboration to fortify our digital infrastructure.
Speakers:Sydney Johns,Nikkia Henderson,Manvell Lessane,Dr. William (Bill) Butler,Dr. Juel TillmanSydney Johns is an Artificial Intelligence Researcher at the Johns Hopkins Human Language Technology Center of Excellence. She was previously a Computer Engineer in the Army C5ISR Research and Technology Integration Directorate and has worked for the JHU Applied Physics Laboratory and Northrop Grumman.
SpeakerBio: Nikkia Henderson, Program Operations LeadNikkia Henderson is a 14 year tenured federal government employee. In her current role she is a Senior Advisor at the Cybersecurity Infrastructure Security Agency (CISA). She serves a Cyber Supply Chain Risk Management (C-SCRM) Strategy and Governance Program lead, within CISA’s Cybersecurity Division. Ms. Henderson is also the President of the Women in Cybersecurity Mid Atlantic Affiliate, where she serves as a "cybHERprenuer" who is passionate about helping Cybersecurity/IT professionals define their vision, mission, and federal career path. In this session, Ms. Henderson shares her journey into a federal cyber career. She will highlight her challenges as well as milestones that catapulted her to where she is today!
SpeakerBio: Manvell Lessane, Cybersecurity ProfessionalWith over two decades of dedicated service in the federal government, Manvell Lessane is a seasoned cybersecurity professional known for his robust expertise across multiple domains of information technology, cybersecurity program management, contracting, and acquisitions.
Manvell Lessane's journey began at the age of 16, when he participated in the Mayor's Youth Program in Washington, DC. This early experience ignited a passion for public service and technology, paving the way for a prestigious career in cybersecurity and IT within the federal landscape.
Throughout his career, Manvell Lessane has worn many hats, demonstrating a versatile command over IT and cybersecurity program management. His solid grasp of contracting and acquisitions has further underscored his ability to navigate and streamline complex governmental processes.
Through his expansive career, Manvell Lessane has continuously driven developments in cybersecurity policies and IT program management strategies, fostering a more secure and efficient governmental infrastructure.
Manvell Lessane embodies a commitment to excellence, bringing a wealth of knowledge, leadership, and innovation to every team and project. His journey is a testament to the impact of dedication and lifelong learning in the ever-evolving landscape of cybersecurity and IT management.
Passionate about the future of cybersecurity and public service, Manvell Lessane continues to be a vital asset in fortifying the digital defenses of the federal government, ensuring the safety and integrity of critical information systems nationwide.
Manvell Lessane holds an impressive array of academic credentials, including: - Master of Business Administration (MBA) - Master's in Communication Technology - Master’s degree in Law with a specialization in Cybersecurity Law and Policy
In recognition of his skills and dedication, Manvell Lessane has achieved several high-level certifications: - Project Management Professional (PMP) - Certified Information Security Manager (CISM) - Federal Acquisition Certification for Contracting Officer’s Representative (FAC-COR II) - Federal Acquisition Certification for Program and Project Managers (FAC-P/PM) with a specialization in IT
SpeakerBio: Dr. William (Bill) Butler, Vice President Cyber Science Outreach and Partnerships at Capitol Technology UniversityDr. William (Bill) Butler is the Vice President of Cyber Science Outreach and Partnerships at Capitol Technology University. Beginning in 2021, he served as Vice President of Academic Affairs and Cybersecurity Chair for 8 years at Capitol Tech. Earlier in his career, he worked as a network engineer and consultant in the networking and I.T. industries for over 30 years. Dr. Butler also served as a joint qualified communications information systems officer in the U.S. Marine Corps and retired as a Colonel with 30 years of service (active and reserve). He is very active in various working groups such as the National Institute of Standards and Technology Cloud Computing Security Forum Working Group (NIST CCSFWG), Cloud Security Alliance (CSA) Big Data and Mobile Computing Working Group, and the National Cyber Watch Center Curriculum Taskforce and the National Cybersecurity Student Association Advisory Board. Dr. Butler holds degrees from Brenau University, Marine Corps University, U.S. Army War College, National Defense University, University of Maryland, and Capitol Technology University. He earned his DSc in cybersecurity at Capitol in 2016, with a Dissertation titled "PRESERVING CELLPHONE PRIVACY - COUNTERING IMSI CATCHERS."
SpeakerBio: Dr. Juel Tillman, Service Member & Cybersecurity ProfessionalFirst Sergeant Juel Tillman has served in the armed forces for over 23 years with three branches of service (United States Marine Corps, United States Army, and the Delaware National Guard). While serving, First Sergeant Tillman has deployed nine times under three campaigns (Operation Iraqi Freedom, Operation Enduring Freedom, and Operation Inherent Resolve)and has received 19 medals, Gung Ho Award (Marine Corps), Distinguished Honor Grade (Senior Leadership Course), Distinguish Leadership awards, SBI Duncan award, letters of Appreciation Awards, Certificates of War Time Service, and Certificates of Achievement, based on performance, leadership, and expertise in heavy equipment operations, network operations, network security, tactical security, and field construction. While serving, First Sergeant Tillman completed Doctorate Degree, Three master’s degrees, bachelor’s degree, and associate’s degree.
- ics Calendar file
Internet bandwidth, or transit, the thing that people pay for when they “connect to the Internet,” is largely transnational, and is balanced by substantial transborder flows of capital. As the Internet becomes our primary mode of communication, the international financial impact of trade in Internet bandwidth itself becomes a substantial risk for net-consumer countries like India and the United Arab Emirates, and a substantial opportunity for net-exporter countries like the Netherlands and Brazil. Governments are beginning to recognize these risks and opportunities, and seeking to manage them in an informed and deliberate way, which requires instrumentation of flows of bandwidth which haven’t existed ubiquitously since prior to the 1992 privatization of the Internet and dissolution of the centralized Internet backbone. This talk looks at the mechanisms and efforts underway in intergovernmental treaty organizations to coordinate harmonized and repeatable technical mechanisms of bandwidth measurement.
SpeakerBio: Bill Woodcock, Executive Director at Packet Clearing HouseBill Woodcock is the executive director of Packet Clearing House, the intergovernmental treaty organization that supports the operation of critical Internet infrastructure, including Internet exchange points and the core of the domain name system. Since entering the Internet industry in 1985, Bill has helped establish more than three hundred Internet exchange points. In 1989, Bill developed the anycast routing technique that now protects the domain name system. In 1998 he was one of the principal drivers of California 17538.4, the world’s first anti-spam legislation. Bill was principal author of the Multicast DNS and Operator Requirements of Infrastructure Management Methods IETF drafts. In 2002 he co-founded INOC-DBA, the security-coordination hotline system that interconnects the network operations centers of more than three thousand Internet Service Providers and Security Operations Centers around the world. And in 2007, Bill was one of the two international liaisons deployed by NSP-Sec to the Estonian CERT during the Russian cyber-attack. In 2011, Bill authored the first survey of Internet interconnection agreements, as input to the OECD’s analysis of the Internet economy. Bill served on the Global Commission on the Stability of Cyberspace and on the Commission on Caribbean Communications Resilience. He's on the board of directors of the M3AA Foundation, and was on the board of the American Registry for Internet Numbers for fifteen years. Now, Bill’s work focuses principally on the security and economic stability of critical Internet infrastructure.
- ics Calendar file
Millions of people around the world use Tor every day to protect themselves from surveillance and censorship. While the Tor Browser and its protocol are widely known, the backbone of the Tor ecosystem, its extensive network of volunteer relays, is often subject to speculation and misinformation. The Tor Project is dedicated to supporting this network and fostering a vibrant, diverse community of relay operators.
This talk will focus on our efforts to maintain a healthy network and community, and detect and mitigate attacks -- all with the help of metrics and analysis of usage patterns. By illustrating how we collect safe-enough metrics for an anonymity network, we will offer insights into how we identify unusual activity and other noteworthy events on the network. We will also discuss our ongoing strategies for addressing current and future network health challenges.
If you are interested in understanding the inner workings of the Tor network and its relay community and how we keep this vital ecosystem running, this talk is for you.
Silvia Puglisi is a Systems Engineer and Privacy Researcher based in Barcelona, EU. She currently leads the network health team at the Tor Project, focusing on maintaining the stability, performance, and security of the Tor network. Silvia is also an O'Reilly author and previously worked at Google for several years. She was part of the Information Security Group at the Department of Telematics Engineering, Universitat Politècnica de Catalunya (UPC), where she earned her Ph.D. Additionally, she has served as an adjunct professor at the Universitat Oberta de Catalunya (UOC).
SpeakerBio: Roger Dingledine, Co-Founder and Original Developer at Tor ProjectRoger Dingledine is co-founder and original developer of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online. Roger works with journalists and activists on many continents to help them understand and defend against the threats they face, and he is a lead researcher in the online anonymity field. EFF picked him for a Pioneer Award, and Foreign Policy magazine chose him as one of its top 100 global thinkers.
- ics Calendar file
Meet the minds behind a decade of acclaimed web security research. Whether you'd like to query our thoughts on technical matters or career decisions, share something cool you've found, flood us with Burp Suite feature requests, or simply say hi, this is your chance! We're also giving three presentations at DEF CON so if you'd like to treat this as an extended Q&A for those, that's cool too. Please note this session may be chaotic.
Speakers:Martin Doyhenard,James "albinowax" Kettle,Gareth HeyesMartin Doyhenard is a Security Researcher at Portswigger, known for exploiting HTTP servers and web applications. Over the past few years he has presented his findings in multiple top security conferences including BlackHat, DEFCON, RSA, EkoParty, Hack in The Box and Troopers.
His latest work includes discovering HTTP Response Smuggling techniques and exploiting SAP’s Inter-Process Communication service - compromising more than 200 thousand companies in the world.He’s also passionate about low level reverse engineering and testing his skills in online CTFs.
SpeakerBio: James "albinowax" Kettle, Director of Research at PortSwiggerJames 'albinowax' Kettle is the Director of Research at PortSwigger, the makers of Burp Suite. He's best known for his HTTP Desync Attacks research, which popularised HTTP Request Smuggling. James has extensive experience cultivating novel attack techniques, including web cache poisoning, browser-powered desync attacks, server-side template injection, and password reset poisoning. James is also the author of multiple popular open-source tools including Param Miner, Turbo Intruder, and HTTP Request Smuggler. He is a frequent speaker at numerous prestigious venues including both Black Hat USA and EU, OWASP AppSec USA and EU, and DEF CON.
SpeakerBio: Gareth Heyes, Researcher at PortSwiggerPortSwigger researcher Gareth Heyes is probably best known for smashing the AngularJS sandbox to pieces and creating super-elegant XSS vectors. He is the author of JavaScript for hackers. In his daily life at PortSwigger, Gareth can often be found creating new XSS vectors, and researching new techniques to attack web applications. He has a keen interest in hacking CSS to do wonderful, unexpected things and can often be seen experimenting with 3D pure CSS rooms, games and taking markup languages to the limit on his website. He's also the author of PortSwigger's XSS Cheat Sheet. In his spare time, he loves writing new BApp extensions such as Hackvertor.
- ics Calendar file
All merch sales are USD CASH ONLY. No cards will be accepted.
The published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)
Note that the closing hours here are when sales must have ended. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can't predict the length of the line or when doors will be closed.
- ics Calendar file
Come learn about Meshtastic, the long-range, low-power, encrypted off-grid messaging protocol. We'll be setting up our Meshtastic Nuggets, going over the setup options, and exploring the advanced options that make Meshtastic more useful. We'll cover setting encryption, choosing a device role, and connecting over serial, web, and bluetooth. We'll also look at some of the optional modules, like broadcasting sensor telemetry data or adding a GPS.
SpeakerBio: Kody K
- ics Calendar file
This panel will cover the misinformation, disinformation, and malinformation that we are seeing across different mediums prior to the upcoming presidential election. Join us for an all star panel of misinformation, disinformation, and malformation experts discuss the threats they are currently observing and what their biggest concerns are for the upcoming election. Audiences will also learn what kind of precautions are being taken and what individuals can do to prepare themselves and increase their media literacy and ability to identify information that actually has information integrity.
Speakers:Nicole Tisdale,Michael Moore,Nate Young,Jake Braun,Derek DelGaudio,Kendall SpencerFor fourteen years, Nicole Tisdale has served as a national security expert at The White House - National Security Council (NSC) and the U.S. Congress’ House Committee on Homeland Security. She is a policy expert on cybersecurity, counterintelligence, foreign malign influence, disinformation, and election security. She founded Advocacy Blueprints, and authored Right To Petition, a guide to exercising the First Amendment right to advocate. Originally from Nettleton, MS, Nicole is a barred attorney and alumna of The University of Mississippi (BA, 2006; JD, 2009).
SpeakerBio: Michael MooreAfter volunteering to be a poll worker, Michael Moore developed a passion for Election Security. He was the first Information Security Officer for the Maricopa County Recorder's office and is now the first Chief Information Security Officer for the Arizona Secretary of State.Michael believes it is only through effective federal, state, and local government partnerships, as well as assistance from trusted vendors that we can protect our democracy and fulfill our duty to the American voter. The greatest threats to elections are MDM and the resulting insider threat caused by radicalized citizens. The best protection against these threats is combatting lies with the truth, developing secure and resilient systems that prevent attacks whenever possible, allow for detections of compromise and facilitate accurate and rapid recovery. Michael has pushed forward these initiatives in his own organizations as well as across the Michael is an alumnus of Arizona State University with a B.S. in Mathematics and a B.A. in Education,CISSP, Certified Election Official (CEO) and Certified Public Manager (CPM).Elections community.
SpeakerBio: Nate YoungNate Young is the Chief Information Officer at the Maricopa County Recorders & Elections departments. Nate has worked with Maricopa County since 2018 and is current responsible for the County Document Recordation functions and Elections Technology operation processes. Nate actively participates in Elections and Technology committees and helped represent the County during the Arizona Senate Audit of the 2020 Presidential Election by the Cyber Ninjas.
SpeakerBio: Jake BraunJake Braun was appointed by President Joseph Biden as Senior Advisor to the Department of Homeland Security in February of 2021 where he focuses on Management issues. He is also a lecturer at the University of Chicago Harris School of Public Policy. He works at the center of politics, technology and national security to advance the field of cyber policy. He is the author of Democracy in Danger: How Hackers and Activists Exposed Fatal Flaws in the Election System and has co-authored two award-winning and seminal works on election infrastructure cyber vulnerabilities. Mr. Braun has worked extensively on national security and finance issues throughout the U.S., Europe, Asia, Africa, Middle East and Latin America. Prior to joining the University of Chicago Harris School of Public Policy faculty and Cambridge Global Advisers, Mr. Braun was appointed by President Obama as White House Liaison to the Department of Homeland Security (DHS) where he oversaw some of the most high profile public engagements executed at DHS. He was instrumental in the effort to gain passage in the European Parliament of the largest big data sharing agreement in history between the United States and the European Union. In addition, he designed and implemented a program to modernize the DHS cybersecurity workforce. Mr. Braun also oversaw stakeholder crisis communications for the White House during the 2010 Deep Water Horizon Gulf Oil Spill.Prior to his tenure as White House Liaison, Mr. Braun served on the Presidential Transition Team for the Obama Administration as Deputy Director for the National Security Agencies Review. In this capacity he oversaw agency review programs for all national security agencies including the State Department, DOD, DHS, CIA, USAID, etc. and guided policy assessments from their inception to the President-Elect’s desk. Mr. Braun also designs and implements political campaigns in the U.S., Asia, Africa, Latin America and Europe. Before coming to Washington, Mr. Braun served as the National Deputy Field Director to the 2008 Obama for America Campaign, overseeing an effort that utilized the most sophisticated grassroots, social media and data analysis available.In addition to his role at Harris, Mr. Braun is co-founder of the DEF CON Voting Machine Hacking Village, in the President’s Circle on the Chicago Council on Global Affairs, and a strategic advisor to the Department of Homeland Security and the Pentagon on cybersecurity. DEF CON is the largest hacker conference in the world and in cooperation with them he has co-authored two fundamental and critically acclaimed reports on election infrastructure cyber vulnerabilities, The DEF CON 25 and 26 Voting Village Reports.
SpeakerBio: Derek DelGaudioKendall Spencer wears a variety of interesting hats on a day to day basis. As a professional athlete, he’s represented the United States in competition globally. But he is also the first black antique and rare book dealer in the US. Specializing in American history, he uses his experiences in the book trade to address how we might learn from history and restore democracy. Currently he is a lawyer at Ropes & Gray LLP, where he specializes in technology, cybersecurity, and corporate transactions.
- ics Calendar file
Caldera for Operational Technology (C4OT) is an extension to the open-source Caldera adversary emulation platform. Adversary emulation has long helped defenders of information systems exercise and improve their cyber defenses by using real adversary techniques. While Caldera has been out since 2021, C4OT was released September 2023. Specifically, C4OT exposes native OT protocol functions to Caldera. The initial release of C4OT supported three popular OT protocols (Modbus, BACnet, and DNP3). Since then, we have added support for two more protocols (IEC61850 and Profinet). Today, we are actively working on support for the space protocol GEMS. By utilizing Caldera and the C4OT plugins, end-users can emulate threat activity across both Enterprise and Operational networks with ease.
Speakers:Blaine Jeffries,Devon ColmerBlaine Jeffries is an Operational Technology Security Engineer at MITRE with a focus on defensive cybersecurity research, threat intelligence and adversary emulation. At MITRE, Blaine currently serves as a co-lead of Caldera for OT and supports a variety of DoD and government sponsors. Prior to joining MITRE, Blaine served in the US Air Force as a Cyberspace Operations Officer. Currently he holds degrees in Electrical Engineering and Cyberspace Operations.
SpeakerBio: Devon Colmer, Cybersecurity Engineer, Critical Infrastructure Protection Innovation Center at MITRE CorpDevon Colmer is a Cybersecurity Engineer in MITRE’s Critical Infrastructure Protection Innovation Center, working principally in OT adversary emulation and detection engineering. Prior to joining MITRE, Devon served as a Submarine Officer in the US Navy. He has led the development of OT plugins for MITRE’s adversary emulation platform, Caldera, and is currently researching a common data model for OT protocols.
- ics Calendar file
MITRE Caldera is a scalable, automated adversary emulation, open-source cybersecurity platform developed by MITRE. It empowers cyber practitioners to save time, money, and energy through automated security assessments. Caldera not only tests and evaluates detection/analytic and response platforms, but it also provides the capability for your red team to perform manual assessments with computer assistance. This is achieved by augmenting existing offensive toolsets. The framework can be extended to integrate with any custom tools you may have. The development team behind the platform is a group of red teamers, software developers, exploit writers, cyber threat analysts, AI researchers, cybersecurity engineers, and computer scientists. They all pursue the common goal of building a premier adversary emulation platform for our security defenders around the world.
Speakers:Mark Perry,Rachel MurphyMark Perry is a Lead Applied Cyber Security Engineer at MITRE Corp, where he specializes in adversary emulation and work development. With a robust background in infrastructure and cyber security frameworks, Mark brings extensive expertise to his role, focusing on fortifying systems against sophisticated cyber threats. He has worked on projects involving adversary emulation, red teaming, cyber threat intelligence, and software development. Mark also leads development and delivery of Caldera workshops, providing participants with practical, hands-on training utilizing cybersecurity techniques. Additionally, he actively promotes Caldera’s benefactor program, fostering community support and engagement to further the development of cybersecurity tools and resources. Outside of his professional endeavors, Mark enjoys traveling and is a supercar enthusiast.
SpeakerBio: Rachel Murphy, Cyber Security Engineer at MITRE CorpRachel Murphy is a Cyber Security Engineer at MITRE Corp. She has a B.S. in Mechanical Engineering and prior to joining MITRE, she worked as a mechanical engineer at NASA performing thermal analysis for the International Space Station at Johnson Space Center in Houston, TX. Rachel has worked on projects in adversary emulation, red teaming, cyber threat intelligence, and software development. Part of this work includes supporting Caldera’s research in artificial intelligence, developing Caldera workshops like this one, and promoting Caldera’s benefactor program. She has also served as a red team operator for MITRE Engenuity’s ATT&CK Evaluations.
- ics Calendar file
Moriarty is a.NET tool designed to identify vulnerabilities for privilege escalation in Windows environments. Building upon Watson and Sherlock, Moriarty extends their capabilities by incorporating advanced scanning techniques for newer vulnerabilities and integrating additional checks. This tool supports a wide range of Windows versions, from Windows 10 to Windows 11 and Server versions 2016, 2019, and 2022. Moriarty differentiates itself by its ability to enumerate missing KBs and detect a variety of vulnerabilities linked to privilege escalation, offering suggestions for potential exploits. The tool's extensive database includes well-known vulnerabilities such as PrintNightmare (CVE-2021-1675), Log4Shell (CVE-2021-44228), and SMBGhost (CVE-2020-0796), among others.
Speakers:Anthony “Coin” Rose,Jake “Hubble” KrasnovAnthony "Coin" Rose, CISSP, is a Lead Security Researcher and Chief Operating Officer at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, HackMiami, and RSA conferences. Anthony is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing wide-spread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
SpeakerBio: Jake “Hubble” Krasnov, Red Team Operations Lead and Chief Executive Officer at BC SecurityJake "Hubble" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Jake has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
- ics Calendar file
In ever evolving software development world, security is also becoming fast paced. Hence, each product going through the pentest cycle has to be managed effectively and efficiently. Managing multiple pentests and testers is important. A single pane of glass view for managing pentests and testers is what the goal of this tool is.
SpeakerBio: Jyoti Raval, Senior Staff Product Security Leader at Baker HughesJyoti Raval works as Senior Staff Product Security Leader at Baker Hughes. She is responsible for securing product end-to-end and involved in various phases of security life cycle. She is author of the Phishing Simulation Assessment and MPT tools, and has presented at Defcon, BlackHat, Nullcon, HITB, OWASP NZ and Infosec Girls. She also heads OWASP Pune chapter.
- ics Calendar file
Dr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
SpeakerBio: Syntax (DJ) + Luna (VJ)
- ics Calendar file
- ics Calendar file
Physical access control systems are often exploited in a number of ways. It could be weaknesses found within the credential itself, the antiquated communication protocol, the hardware itself, or the firmware it is running. But more often than not, it is a combination of factors that allow a variety of attacks from multiple dimensions. Some are extremely trivial and require little to no skill to perform, whereas some attacks require a bit more setup and knowledge of how the underlying technology works. We will go into detail on how these systems work, why verifying mutual authentication is important for physical access control systems and the exploits that can be accomplished, as well as ways to mitigate these exploits to make your facility more secure. This talk will include interactive demos involving official HID readers and hardware, proxmark3, and the flipper zero.
SpeakerBio: Xavier ZhangXavier Zhang is a physical security consultant and security researcher working with RFID enabled technologies and physical access control systems. He is the author of numerous pieces of documentation in Iceman’s proxmark3 repo such as the HID credential downgrade guide and an avid bug hunter in the proxmark3 community. Aside of physical security consulting, Xavier loves everything to do with DRM and reverse engineering how various forms of DRM are implemented in RFID tags. Currently Xavier is working on decoding the DRM used in a license violating closed source app based on the proxmark3 source, and all of the RFID tags it uses to help keep open source, open source.
- ics Calendar file
Amid the Gen-AI revolution, notably through the rise of Large Language Models (LLMs), the cybersecurity landscape faces opportunities and challenges. These advanced AI models have successfully analyzed texts at unprecedented speeds, offering profound insights into vast data pools. However, this rapid technological growth has also paved the way for sophisticated Gen-AI-powered cyber threats that exploit these systems' adaptable, polymorphic nature, outpacing traditional defenses.
This presentation seeks to empower red teamers by unveiling the potential of open-source Gen-AI as a formidable ally in cybersecurity. Focusing on practical application, we will guide participants through constructing their own Gen-AI-based ""co-pilot,"" leveraging LLMs to enhance vulnerability identification and defense mechanisms.
Attendees will be introduced to the fundamentals of Gen-AI, including cost-effective strategies for fine-tuning LLMs using custom datasets drawn from pentest reports, bug bounties, and more. The discussion will extend to innovative, memory-efficient training methods such as LORA (Low-Rank Adaptation) and Quantized Low-Rank Adaptation (QLORA), making training an LLM on a modest single GPU setup feasible.
Designed for beginners with no prior AI experience, this talk aims to equip red teamers with powerful, open-source AI tools to accelerate vulnerability detection. By harnessing Gen-AI, cybersecurity professionals can stay one step ahead, identifying and mitigating potential threats at machine speed, ensuring they outpace adversaries in the ongoing cyber battle.
SpeakerBio: Gaspard Baye, AI Researcher & Ph.D. CandidateGaspard Baye, a PhD candidate in cyber-AI, brings over five years of industry experience, successfully leading teams to address over 100 critical challenges across 10 evaluations. His contributions include publishing six Cyber-AI algorithms, cited nearly 40 times in esteemed IEEE conferences and journals such as NeurIPS, PMLR, IEEE ISNCC, and IEEE/ACM MICRO'22. Recognized with a CVE for his cybersecurity work, Gaspard has fortified defenses for renowned firms like Nokia and Ford, earning places in multiple Hall of Fames.
- ics Calendar file
Name the Noob is a fun and interactive session where seasoned hackers create unique handles for new attendees. This activity helps newbies integrate into the hacking community and gives them a memorable start to their cybersecurity journey.
- ics Calendar file
For years, eFuse-based memories were used to store sensitive information such as encryption keys, passwords, and other potentially confidential pieces of information. This practice was encouraged by several vendors who leverage such memory types for protecting the debugging interfaces using a password or for official way to store encryption keys for external flash memories.
However, with the advances in technology and threat actors’ creativity, eFuse-based memories may take a hard hit on their confidentiality assurance as their physical properties could allow for a relatively easy extraction of the stored information.
In this talk we will walk you through the journey of revealing one such data storage from decapsulating the chip itself, delayering it using common household items all the way to using advanced tools such as Scanning Electron Microscope (SEM) to read value of an encryption key and thus break the confidentiality of the encrypted flash memory.
Michal has 20+ years of experience in the development of electronic systems and radio engineering. He specializes in cyber security of embedded systems, especially with relation to nanometer scale attack. His key expertise includes the methodology of decapsulation, delayering of silicon chips and their subsequent analysis using optical and electron microscopy.
SpeakerBio: Martin Petran, Embedded Systems Security Engineer at AccentureMartin is an embedded systems security engineer with 9+ years of professional experience working at Accenture in Prague, Czech Republic. His main areas of focus are reverse engineering, fuzzing and exploit development. Throughout his career, he has created/contributed to several open-source projects and presented at security focused conferences.
SpeakerBio: Hayyan Ali, Security Delivery Senior Analyst at AccentureHayyan Ali brings over a decade of expertise in mobile communication, radio planning, and optimization to the forefront of cutting-edge technological advancements. Currently pursuing a Ph.D. at the Czech Technical University in Prague, Hayyan's research focuses on the integration of Machine Learning within mobile networks' radio interfaces. In addition to his academic pursuits, Hayyan serves as a Security Delivery Senior Analyst at Accenture, where he spearheads initiatives to fortify mobile communication infrastructures. Leveraging his extensive knowledge, he specializes in detecting vulnerabilities within radio interface protocols, conducting penetration testing on wireless interfaces in IoT devices, and deploying Machine Learning algorithms to automate pen testing processes.
- ics Calendar file
- ics Calendar file
This presentation dives into the critical role of emotional intelligence in navigating microaggressions and fostering inclusive communication dynamics for Black professionals in the cybersecurity field, particularly focusing on interactions with peers and leadership. It explores how developing emotional intelligence skills can equip Black cybersecurity professionals to effectively address and mitigate the impact of microaggressions while promoting respectful and inclusive communication exchanges within the team and with leadership.
SpeakerBio: Jessica Hoffman, DCISO & University Professor
- ics Calendar file
Over the last 36 months, the cybersecurity landscape has evolved with unprecedented complexity, marked by ransomware, supply chain attacks, zero-days, remote work challenges, and more. Amid mass layoffs and pervasive mental burnout, organizations face daunting tasks in defending against escalating cyber threats. Layoffs exacerbate the skills gap, leaving teams stretched thin. Mental burnout hampers practitioners' abilities. In this talk, we'll explore the impacts of recent and chart a path forward for application security. As a lone AppSec professional, your choices will shape the future. Will you navigate through complexity or become lost in redundant complications?
SpeakerBio: punkcoderJames is a developer and security advocate who has lead developer security practices. He set the standards and procedures for how the engineering practices operate, and lead client engagement efforts with regard to cyber security. He also has lead company staff training to promote best practices with regard to security.
James has acted as a system and application architect, and evaluates application design as part of the security audits. In a past James was responsible for Architecture and developing solutions on multi-million implementation efforts. Key clients included the Eight Fortune 500 companies (Seven in the Fortune 100), as well as several well known non-profits and leaders in their industries. Vertices served included geospatial healthcare, transportation, financial services, retail, insurance, and energy.
In his free time James is involved with running BSides Boulder and AppSec Village @ DEFCON.
- ics Calendar file
The Network-OS workshop will take you into the mysterious world which underpins modern computing and allows people to talk across the globe. This of course being the network itself. In this workshop you will familiarize yourself with the command line of network devices. Step by step, you will configure devices to talk to each other, share information about the computers connected to them, and relay their network information and traffic between each other. No experience needed, know how to type and copy/paste.
- ics Calendar file
Microsoft is planning to kill off NTLM (New Technology Lan Manager) authentication in Windows 11 and above. Let's speedrun coercing hashes out of a few more things before it fades into obscurity over the next twenty five years or so.
There will be a deep dive on several new bugs we disclosed to Microsoft (including bypassing a fix to an existing CVE), some interesting and useful techniques, combining techniques from multiple bug classes resulting in some unexpected discoveries and some absolutely cooked bugs. We’ll also uncover some defaults that simply shouldn't exist in sensible libraries or applications as well as some glaring gaps in some of the Microsoft NTLM related security controls.
I'm a former software developer who has somehow ended up hacking things for a living, which is infinitely more fun as most of you know. I'm an active security researcher with several CVEs, including Blackboard, Moodle, Nuget, MS-Office and Kramer products.
SpeakerBio: Tomais WilliamsonI'm an enthusiastic hacker who enjoys CTFs and have competed at an international level in the ICC CTF as well as being part of the CursedCTF 2024 winning team. I'm also an active security researcher with a bunch of CVEs and countless other bugs for a bunch of 'solved problems' in security.
- ics Calendar file
This is Part 1 of the Blue Team Village developed 101 tutorial series. This tutorial, which will be delivered in two parts, covers Digital Forensics basics. If you have ever been interested in Digital Forensics this series is a great place to start learning. The tutorials will cover the basics, and helps answer many of the questions regarding Digital Forensics and it's use in modern day digital investigations.
SpeakerBio: Sarthak Taneja
- ics Calendar file
This is Part 2 of the Blue Team Village developed 101 tutorial series. This tutorial, which will be delivered in two parts, covers Digital Forensics basics. If you have ever been interested in Digital Forensics this series is a great place to start learning. The tutorials will cover the basics, and helps answer many of the questions regarding Digital Forensics and it's use in modern day digital investigations.
SpeakerBio: Sarthak Taneja
- ics Calendar file
Get ready to dive into the excitement of the third annual Octopus Game at DEF CON! Octopus Game is your chance to connect with fellow attendees while exploring all the fun and fascinating aspects of DEF CON. Whether you're new to DEF CON, a beginner at code-breaking, or simply seeking a stress-free contest, this is the perfect opportunity for you. Test your skills in clue reading and code-breaking as you join in on the fun!
You and your fellow pirates will embark on an exhilarating journey, armed with clues that unveil the path to the lost treasure of a legendary pirate, now guarded by the mighty Kraken. These quests will guide you through the vibrant landscape of the Con, offering a glimpse into the myriad opportunities and experiences awaiting exploration. Designed to welcome newcomers to the hacking world, this contest fosters connections among attendees and contributors alike. Whether you choose to collaborate with a small group or brave the challenge solo, the decision is yours. Yet, amidst the excitement, remember that only one can emerge victorious. With challenges tailored for entry-level participants and a kid-friendly environment, come join us for a thrilling adventure into the depths of the Kraken's Conundrum.
- ics Calendar file
Every space mission is underpinned by critical software that spacecraft operators utilize to monitor and command their assets. The Mission Control System serves as the primary interface with a spacecraft, marking it as a crucial component of the ground segment. For decades, these systems were operated exclusively within the confines of mission control rooms, accessible only to a select group of individuals through a limited number of computer workstations. This paradigm has recently shifted, with numerous space organizations enabling their personnel to manage space assets remotely, including from the comfort of their homes. This increased accessibility has rendered space-related systems susceptible to the same security vulnerabilities that affect our daily-use software.
Despite the adoption of newer technology stacks in many mission control systems—either through upgrades or complete replacements—the consideration of security requirements has often been deferred to the final stages of development or overlooked entirely. This negligence presents a significant risk, exposing the space sector to potential exploitation by malicious entities. Like in other technology domains, merely expanding strategies to incorporate security measures, instituting security policies, and integrating new security requirements are positive but insufficient. Despite being developed and tested by extensive teams and presumably adhering to best practices, we have observed firsthand how contemporary mission control systems remain prone to elementary security flaws.
The most effective strategy to equip space systems with a robust defense against malicious actors involves integrating offensive security testing throughout their development lifecycle.
In this presentation, we share the results of the security research we have recently conducted on the more established, open-source Mission Control Systems: NASA OpenMCT and YaMCS. We present the details of the vulnerabilities we have discovered in those two systems, and their potential impact on a space mission when they are chained together into one exploit. We conclude by presenting with the audience the lessons learned from those security assessments.
SpeakerBio: Andrzej OlchawaAndy Olchawa is an experienced Information Security Professional with over 15 years in the space industry, working as a Software Engineer and Technical Project Manager. For the past few years, he has focused on offensive security, specializing in vulnerability research, exploit development, and red team operations. He holds OSCP, OSWA, and OSWP certifications, and has been credited with several CVEs.
- ics Calendar file
As DevOps and developers are slowly shifting away from storing long-lived static credentials to the more secure, still kinda-new, OIDC alternative - the underlying logic, mechanisms and implementations tend to feel like complicated magic and are mostly overlooked.
In this talk, we'll begin by recapping what OIDC is, who are the interacting entities when OIDC is used, and how OIDC is taking place to securely access one's cloud using CI/CD flows.
Once covered, we will be able to alternate our point-of-view between the entities in play and demonstrate potential vulnerabilities in various setups.
Starting with the user PoV, we will show what "under-configurations" look like, and continue by demonstrating how new OIDC configuration options can actually be misconfigurations that can result with a compromise.
We will then see another attack vector where leaking an OIDC token from a single repository in an organization can allow an attacker to abuse under-configurations and access private clouds.
After that, we will shift our PoV to be of the Identity Provider (IdP) so that we can look into what happens if an IdP is misconfigured, and disclose a real-world security vulnerability found in one of the most popular CI vendors that allowed us to access any of their customers' cloud environments.
I'll refer to this talk by the Tinder Security team link where they show how they could "claim" in the name of other identities due to under-configured WIFs.
SpeakerBio: Aviad Hahami, Palo Alto NetworksSecurity researcher and experienced software engineer with a great passion for algorithms (graph-theory specifically), security research (vulnerability research, bug bounties), chaos engineering (YES!), frontends, backends, web services, systems architecture, infras, clouds(making them rain), and more :)
Today, researching at Palo Alto Networks.
Oh yea I also DJ
- ics Calendar file
Cloud providers build their services a little like Jenga towers. They use their core services as the foundation of more popular customer-facing offerings. You may think you’re just creating a GCP cloud function in an empty account. In reality, with one click, you’re creating resources in six different services: a Cloud Build instance, a Storage Bucket, an Artifact Registry or a Container Registry, and possibly a Cloud Run instance and Eventarc triggers. The security of the entire stack is only as strong as the weakest link.
By looking at the entire stack, we can find privilege escalation techniques and even vulnerabilities that are hidden behind the stack. In my research, I was able to find a novel privilege escalation vulnerability and several privilege escalation techniques in GCP.
The talk will showcase a key concept, sometimes not discussed enough: cloud services are built on top of each other, and one click in the console can cause many things to happen behind the scenes. More services mean more risks and a larger attack surface.
The next part will dive deep into the vulnerable GCP cloud functions deployment flow. I will showcase the vulnerability I found in this flow, which enables an attacker to run code as the default Cloud Build service account by exploiting the deployment flow and the flawed trust between services resulting in a large fix and change in GCP IAM and Cloud Functions. This would grant an attacker high privileges to key services such as Storage, Artifact Registry, and Cloud Build.
However, this talk is about more than just a vulnerability. By understanding cross-service dependency, we can reveal a broad attack surface for many possible privilege escalation vectors between services. I will demo a simple tool I wrote to find the hidden APIs that are called by the CSP when performing an action.
By the end of this talk, the audience will learn the dangers of treating cloud services like a black box. The talk explains the hidden deployment flow behind one important stack, and provides the tools to uncover the risks of many more.
SpeakerBio: Liv MatanLiv Matan (@terminatorLM) is a Senior Security Researcher at Tenable, where he specializes in application and web security. He previously worked as a Security Researcher at Ermetic and served in the Israeli Intelligence Corps as a Software Developer. As a bug bounty hunter, Liv has found several vulnerabilities in popular software platforms, such as Azure, Google Cloud, AWS, Facebook and Gitlab, was recognized by Microsoft as a Most Valuable Researcher, and has presented at conferences such as DEF CON Cloud Village and fwd:cloudsec. Liv studied computer science at the Weizmann Institute of Science, in Israel. In his free time, he boxes, lifts weights and plays Capture the Flag (CTF).
- ics Calendar file
"Learn the basics of how cards are used for payments online, and the risks associated. We’ll explore a number of attacks used by malicious actors against online payment systems and the ways to mitigate them"
SpeakerBio: Vincent Sloan, GoFundMeVincent Sloan has been working in software and online payments for over 20 years and enjoys solving problems at the intersection for payments and security.
- ics Calendar file
Experience a dynamic model city with illuminated buildings and projections that bring to life the Semifinals of the AI Cyber Challenge (AIxCC) - a two-year competition to safeguard the software critical to modern life. You'll experience the thrill of the game events and the critical stakes of cybersecurity in an immersive setting that also offers an inspiring educational journey.
The Social Engineering Community needs your help and it’s not exactly a big deal, but without your help, the entire universe is going to implode. Fortunately, some creative beings designed a failsafe just for this specific purpose, the Def Con Social Engineering Youth Challenge at DEF CON 32!
Tabletop adversary adventure!
Hands on medical device hacking and village tour
Fox Hunt!: Try to find the fox radio transmitter. SSTV: Send an SSTV broadcast and see it decoded by someone else Ham Radio Exam: Get your ham radio license at DEF CON!
An invitation to a house party at the home of the Mysterious Marquise. What does it mean that it’s for those with “an adventurous spirit and enjoyment of puzzles”? And how can the doorknocker reveal anything? Find out in the Junior Cryptographer’s Corner of the CPV Gold Bug Puzzle.
The folks at the Hardware Hacking Village can teach you soldering! Bring your soldering kits and learn this valuable hacker and life skill.
The Car Hacking Village (CHV) put together a wonderland of fun for kids of all ages to explore. Stop by at our CHV Kids Booth during our hours of operation and dive into the rabbit hole of car hacking with our team. As you explore the CHV Village, you will not only learn about car hacking, but will also get to collect fun swag at every stop. Join us on this adventure through the car hacking wonderland and let your scavenger hunt begin.
- ics Calendar file
An open hardware design for BusKill cables that uses 3D printing and easily sourceable components. BusKill cables are hardware Dead Man’s Switches that use USB events to trigger a laptop to lock, shutdown, or self-destruct when the laptop is physically separated from the operator.
SpeakerBio: Melanie AllenMelanie Allen is a 3D-printing enthusiast and volunteer hardware developer with the BusKill project.
- ics Calendar file
Drone hacking tends to be expensive and sometimes unsafe, but not if you use a simulator!. We have developed a drone hacking simulator called the Damn Vulnerable Drone (https://github.com/nicholasaleks/Damn-Vulnerable-Drone).
The Damn Vulnerable Drone is a virtually simulated environment designed for offensive security professionals to safely learn and practice drone hacking techniques. It simulates real-world ArduPilot & MAVLink drone architectures and vulnerabilities, offering hands-on experience in exploiting drone systems.
Speakers:Nick Aleks,Rudy MendozaRudy Mendoza is a highly skilled Penetration Tester at Dark Wolf Solutions with seven years of extensive experience in the field of Cyber Security. Renowned for his expertise, Rudy has achieved notable acclaim, including winning the prestigious Black Badge with his team at the DefCon IoT village CTF in 2022.
Rudy has played a major role in paving the way for drone penetration testing, as one of the main pentesters for the BlueUAS program, he has been instrumental in enhancing the security and reliability of these critical systems. Rudy created "The Drone Wolf Playbook," which has been widely regarded as an essential resource in drone security. His background as an Air Force Veteran further enhances his depth of knowledge and tactical proficiency in cybersecurity.
Rudy's diverse experiences and accolades make him a respected figure in the cybersecurity community, and he brings a wealth of knowledge and insight to every conference and workshop he participates in.
- ics Calendar file
In this Workshop, attendees will learn some of the most impactful techniques and tools to increase the value of OSINT to their organizations. A guided learning experience, instructors will immerse attendees in hands-on exercises.
Speakers:Lee McWhorter,Sandra Stibbards
- ics Calendar file
Join us at Recon Village for an in-depth workshop on the OWASP Amass Project, a powerful open-source tool used for network mapping, attack surface analysis, and asset discovery. This workshop will delve into the exciting advancements in data collection capabilities within Amass, demonstrating how these enhancements have taken the project from a humble subdomain enumeration tool to an OSINT collection system. Participants will gain hands-on experience with new features, learn best practices for leveraging Amass, and explore the broader dataset of findings and associated assets. Whether you are a seasoned security professional or new to network reconnaissance, this session will provide valuable insights and practical skills to elevate your reconnaissance game.
Workshop Outline
Introduction (15 minutes) - Welcome and speaker introductions - Overview of OWASP Amass - Brief history and evolution - Core functionalities and typical use cases - Workshop objectives and agenda
Understanding Amass's Data Collection Capabilities (15 minutes) - Current data sources utilized by Amass - Public data sources - OSINT (Open Source Intelligence) integration - Third-party APIs - Introduction to new data collection features - Enhanced API integrations - Proprietary data sources
Hands-On with New Data Collection Features (30 minutes) - Setting up Amass for expanded data collection - Installation and configuration - API key management and integration - Practical demonstration - Running Amass with new data sources - Interpreting results - Case study: Real-world scenarios and outcomes
Analyzing and Utilizing Recon Data (30 minutes) - Attack surface mapping is more than internet infrastructure - Introduction to the Open Asset Model (OAM) - Collecting email addresses with Amass - OAM types to be supported by the project - The Future of Mapping attack surfaces
Q&A Session (20 minutes)
Conclusion (10 minutes) - Recap of key takeaways - Additional resources and further learning - Closing remarks and feedback session
Preparation Requirements:** - Participants are encouraged to bring laptops with pre-installed OWASP Amass. - API keys for various data sources (details to be provided prior to the workshop).
Target Audience:** - Security researchers and professionals - Penetration testers - Network administrators - Anyone interested in improving their reconnaissance skills and knowledge
This workshop promises to be an engaging and educational experience, equipping attendees with the latest techniques and tools to enhance their security reconnaissance capabilities using OWASP Amass.
SpeakerBio: Jeff Foley
- ics Calendar file
Looking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Inspector, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet
- ics Calendar file
The perfect introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.
- ics Calendar file
Follow real world password attack steps against a mock target in order to better understand how to protect yourself and improve the security of your passwords!
- ics Calendar file
Winners of Day Two announced and prizes given out
- ics Calendar file
This year we have more challenges and more prizes!
- ics Calendar file
Join us Women in Security and Privacy to mingle and network with privacy and security professionals. You can also bring some swag, pins, or stickers to exchange as part of the networking activities.
- ics Calendar file
Intuit R3DC0N's Phisherman's Wharf will lead beginners looking to learn how phishing campaigns are managed. This short introductory lab will give you hands on experience creating a phish test campaign from a cached email and web site using GoPhish, leverage email lists, and observe the responses when the victims interact with the phish emails in MailHog.
Accompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. Embrace the excitement. Join us at the Lab and let the hacking games begin!
- ics Calendar file
The contest will be hosted on the Publicly Switched Telephone Network and will be live for access 24/7, with real world PSTN phone numbers to dial into.
The Hacked Existence team will be hosting a telecom based CTF. The CTF will be hosted on live VoIP lines routed through a modified asterisk PBX. This will allow participants to dial in to the CTF from a real world telephone routable phone number allowing them to hunt the PBX for flags. The flags will be based around utilizing historically accurate tactics, techniques, and procedures to manipulate emulated old school switching systems.
The purpose of our contest is to bring awareness around the still existing weaknesses in our telecom infrastructure and Interactive Voice Response Systems. Ideally visitors to our contest area will participate in the CTF allowing them to get a better understanding of telecom hacking in the year 2024 as well as a respect for the art of phreaking from yesteryears.
- ics Calendar file
Offensive security is an unfamiliar concept to most physical security practitioners. Yet we still rely on physical security teams to protect our hardware, network, ports, and assets. Physical security professionals are often non-technical, former law enforcement/military, and are focused on protecting people instead of property. This talk will bridge the gap between physical and cyber red teaming, covering the best approaches, common pitfalls, dangers, and benefits of testing physical security programs as part of a red team assessment. From the difficulty of “patching” physical vulnerabilities to examples of red teams gone wrong and how to approach physical security teams without being viewed as an actual adversary - you will walk away with a broader perspective and the ability to be a better partner when conducting physical red team assessments.
Speakers:Shawn Abelson,Ana Aslanishvili
- ics Calendar file
The Physical Security Village explores the world of hardware bypasses and techniques generally outside of the realm of cyber-security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself.
We’ll be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, attacking alarm systems at the sensor and communication line, and cut-away and display models of common hardware to show how it works on the inside.
Looking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!
- ics Calendar file
Clean Energy technology, while essential for the energy transition, often utilizes components sourced from adversarial countries, potentially increasing cyber vulnerabilities, especially in systems managed by smaller utilities with limited cybersecurity expertise. The previous approaches of 'rip and replace' to eliminate foreign components have proved inadequate and if applied to clean energy, may be economically and technically destabilizing.
This policy session will also delve into the broader implications of a digitalized supply chain, where simplistic views of cybersecurity do not suffice. Instead, a nuanced understanding of the operational and physical realities of energy systems is essential. By discussing how to balance immediate economic pressures against long-term sustainability and security, the session aims to foster a more informed and effective policy discourse.
In summary, as the energy sector evolves to include diverse infrastructure systems—ranging from hospitals to military installations—the need for a robust, informed, and agile policy approach to cybersecurity becomes increasingly critical. This session will provide a platform for critical discourse to ensure that the transition to renewable energy is both secure and sustainable, aligning climate goals with national security imperatives
SpeakerBio: Emma Stewart, Chief Power Grid Scientist at Idaho National LabsEmma M. Stewart, Ph.D., is a respected power systems security specialist with expertise in power distribution and operational cybersecurity. Emma is currently the Chief Power Grid Scientist at Idaho National Labs and the Director of the Center for Securing the Digital Energy Transition.
From 2021 to 2023, Dr. Stewart served as the Chief Scientist at the National Rural Electric Cooperative Association (NRECA), where she led NRECA Research and the Co-Op Cyber Program. Her responsibilities included providing electric cooperatives with education, training, information sharing, incident support, technology integration, and R&D services. At Lawrence Livermore National Laboratory, she served as the Associate Program Leader for Cyber and Infrastructure Resilience, managing research on prevention and response to high consequence grid events such as wildfire and cyber attack. At Lawrence Berkeley National Laboratory, she was the Deputy Group Leader in the Grid Integration Group and played a major role in developing the first micro-synchrophasor network in the US enabling the data to be used to prevent wildfire and equipment failure.
Before joining national laboratories, Dr. Stewart worked as a Senior Engineer at BEW Engineering, where she led distribution planning, modeling, and analysis consulting for large utility customers in Hawaii and California. Dr. Stewart has made significant contributions to the field of security of power systems, receiving patents for innovations in power distribution systems and data analytics, and is one of the few who truly works at the center of the clean energy, energy security and cybersecurity venn diagram.
- ics Calendar file
Achieving a high score may sound simple but pinball rulesets are very complex and the skill to complete a “Wizard Mode” or achieve a high score requires research, practice, knowledge and execution. Out of the box thinking, analytical skills and pattern recognition are traits that pinball players must exhibit to be successful and some games have rule sets that can be studied and exploited to achieve a high score. Hackers are at an advantage here and while this is just a pinball contest, I expect that the community is ready for this challenge.
Stern Pinball has prepared an exclusive DEF CON 32 digital badge that will be available for any attendee to earn for playing in this event. Additional DEF CON specific Insider Connect badges may be unlocked during game play.
Pinball developers have a long history of including Easter Eggs/COWS in games. Easter eggs “may” also be available for attendees to discover during the conference. Undocumented Easter eggs found by players during the event will be documented, verified and recognized.
- ics Calendar file
In today's tech landscape, where cloud computing and DevOps practices have converged, managing the integrity of CI/CD pipelines is essential. These intertwined elements should be holistically addressed, particularly regarding security measures.
However, with the rise of automation, there comes an increased risk. Join us for "Pipeline Pandemonium," a comprehensive talk about vulnerabilities within CI/CD pipelines and their potential to inadvertently negatively affect organizations that rely on cloud environments. Through real-world examples and case studies, attendees will explore the convergence of rapid software delivery and cloud infrastructure, uncovering the methods used by malicious actors to infiltrate pipelines and compromise cloud security.
Several real-world examples will be expounded, including code injection, dependency hijacking, unauthorized access through over-provisioned keys, runner abuse, and artifact poisoning. More specifically, much of the talk will focus on common techniques to abuse privileges and configurations associated with GitHub actions, CircleCI and Jenkins pipelines. The presenter has real world experience exploiting these issues at fortune 500 companies and has made significant contributions to their security organization’s security posture.
Attendees will gain a deep understanding of the vulnerabilities inherent in CI/CD processes and general strategies to defend against common attacks. Although the focus of the presentation is for a broad audience and requires no in-depth knowledge about the specific topics that will be covered.
Join us for "Pipeline Pandemonium" and discover how to navigate the turbulent waters of cloud security with confidence, turning the tide against insecurity and reclaiming control of your CI/CD pipelines.
SpeakerBio: Blake Hudson
- ics Calendar file
The global quantum community is searching for future applications of quantum computing and quantum communications. A somewhat uncommon way to think about this problem is through quantum game theory. This field of research looks at how quantum resources can be used in both cooperative and competitive games to achieve what would be impossible with only classical resources. In this talk we’ll look at some of the fundamentals of quantum game theory, including some archetypal examples of quantum strategies and some theoretical results that show how quantum games differ from classical ones.
SpeakerBio: Michael DascalMichael leads the FCAT quantum computing incubator and is responsible for monitoring the quantum ecosystem and exploring collaboration, engagement, and community development opportunities. He has given multiple technical and non-technical talks in quantum computing and quantum information, and is dedicated to promoting an optimistic, but realistic understanding of quantum technologies and the quantum timeline.
Michael’s background includes a combination of industry and academic experience, including a decade in marketing and communications for Fortune 100 brands. He holds a PhD in foundations of quantum mechanics and quantum information and degrees in philosophy, physics, and linguistics.
- ics Calendar file
- ics Calendar file
The modern cybersecurity realm is no longer one where defenders can work in a vacuum and be successful. Conversely, many people are starting to lose faith in the value of penetration testing as a mechanism to measure their organizational security posture. A collaborative milestone driven approach where Red and Blue teams operate in tandem, is necessary to ensure a proactive approach to enhancing the security of our organizations. This is where Purple Teaming comes into play. In this 2-hour hands-on workshop you will be introduced to Purple Team Exercises and play the role of a Cyber Threat Intelligence analyst, Red Team operator, and Blue Team security analyst. We have set up an isolated environment for each attendee to go through a Purple Team Exercise following the Purple Team Exercise Framework (PTEF). This event will give participants a chance to test out new tools, techniques, and procedures learned during the workshop.
Speakers:Tyler Casey,Trey BilbreyTyler Casey is a seasoned Cyber Professional with over a decade of experience in Defensive Cyber Operations (DCO). Currently serving as Detection Engineer and Deputy at Scythe Labs, Tyler specializes in developing and implementing robust defensive cybersecurity measures to detect and mitigate evolving threats. Prior to joining SCYTHE, Tyler worked in DCO Operations for the U.S. Government, both as a Federal Civilian and Active-Duty Marine. During that tenure, Tyler deployed internationally in support of incident response and targeted threat hunting. Throughout his career, he has been dedicated to enhancing cyber defenses, ensuring the security of critical systems, and contributing to the broader cybersecurity community.
SpeakerBio: Trey Bilbrey, Lead at SCYTHE LabsTrey Bilbrey is the Lead of SCYTHE Labs, specializing in Purple Team Exercises, Threat Emulation, Critical Infrastructure, and holistic cyber operations. Trey's 15+ years of industry experience has allowed him to become an excellent educator, defender of networks, and a cultivator of cybersecurity professionals. Prior to joining SCYTHE, Trey held positions at notable organizations such as Hack The Box (HTB Academy content Developer), The Army Corps of Engineers (ICS/SCADA Penetration Testing), and a veteran of the United States Marine Corps (Defensive and Offensive Cyber Operations). Current certifications include the CISSP, GICSP, GCIP, and K>FiveFour RTAC.
- ics Calendar file
- ics Calendar file
The adoption of OT security solutions into the world's most critical infrastructure has increased dramatically. The location in which these appliance reside within control networks poses unique risk as both management interfaces and even more often monitoring interfaces reside within segments that contain critical process automation equipment. This talk will explore essential product security considerations specific to OT security appliances, secure deployment strategies, device and network hardening techniques, and some real-world examples of discovered vulnerabilities in COTS appliances.
Speakers:Brandon Dudley,Robert LandavazoBrandon Dudley is a Field Operations Engineer at Dragos, with 10 years of cybersecurity experience. Brandon deploys and configures the Dragos platform in OT networks, working with numerous critical infrastructure sectors. He was formerly an incident responder as well as a researcher specializing in PLC exploitation at a systems security lab. He has previously published on OT honeypots and has generated numerous honeypot datasets.
SpeakerBio: Robert Landavazo, Senior Director of Solution Architects at DragosRobert Landavazo is a Senior Director of Solution Architects at Dragos, he has more than 18 years of experience in cybersecurity, 12 of the most recent working in OT roles. Most recently, Robert’s focus has been on building world class teams of Solution Architects at Dragos and previously at security and configuration management software company with a global presence. Earlier in his career, Robert was an industrial cybersecurity practitioner in the electric utility sector, responsible for implementing the NERC Critical Infrastructure Protection (CIP) internal compliance program and securing distribution, transmission, and generation assets across the western US.
- ics Calendar file
Some cars are over-engineered, some are too basic, and some check every box except one. I did that research over months when trying to buy a new car, and landed on a 6MT Cadillac ATS-V while only wanting and dealing with Japanese cars, specifically Lexus/Toyota. The one thing it was missing was a digital gauge cluster, and programmers were asking $350, so I set off to figure it out myself. I then dove deep into GM electronics and programming, found a smart dude who initially cracked it all for free to spite all the money-grabbing gatekeepers, then became a hyprocrite, backtracking asking thousands to reveal his learnings. This presentation will go over how I programmed that cluster, posted everything on Github, out of spite.
SpeakerBio: Varjitt Jeeva, Software EngineerSoftware Engineer with a love of tuner cars and car electronics
- ics Calendar file
In today's volatile geopolitical landscape, the security of critical infrastructure—such as power grids, water supplies, and transportation systems—has never been more important. As global tensions rise, these vital systems increasingly become targets for cyber threats from state and non-state actors alike. This talk will delve into the evolving landscape of cyber threats targeting these essential services, highlighting notable attacks and their devastating impacts. We will explore the methodologies employed by malicious actors, including advanced persistent threats and ransomware, and examine real-world case studies to understand the stakes involved. The discussion will also cover the latest strategies and technologies for protecting critical infrastructure, emphasizing a defense-in-depth approach.
SpeakerBio: Soledad Antelada Toledano, Google -Office of the CISOSoledad Antelada Toledano is the Security Technical Program Manager at Google. She previously worked for Berkeley Lab, one of the most prestigious scientific centers in the world and one of the first nodes of ARPANET, the forerunner of the Internet. Soledad was the first woman in the history of the Cybersecurity department at Berkeley Lab. After specializing in 'penetration testing' for several years, Soledad also develops research and advancement tasks for intrusion detection systems, monitoring of high capacity networks and vision and research exercises on how cybersecurity will evolve in the next 10 years adopting techniques of Artificial Intelligence for intrusion detection and handling of BigData generated by monitoring tools. Soledad has combined her work at the Berkeley lab in recent years with the responsibility of being the head of security for the ACM / IEEE Supercomputing Conference, the annual supercomputing conference in the United States, protecting and building the network architecture of SCinet, the fastest network in the world. She is the founder of GirlsCanHack, an organization dedicated to engaging women in the cybersecurity field, encouraging women to pursue a career in cybersecurity Soledad was named one of the 20 Most Influential Latinos in Technology in America in 2016. She has recently joined Google as a Technical Program Manager for Security. Soledad has recently published the book Critical Infrastructure Security: Cybersecurity lessons learned from real-world breaches
- ics Calendar file
To make RFID access badges vendors in China have created eink badges where instead of printing a badge out you instead program the eink portion of the badge with an smartphone app and then program the RFID portion. At this time the ones that are sold are either black and white or black and white and red. There is no security implemented so all you need to do is download the app to reprogram the front of the badge. This makes anyone able to reprogram both the front and back of the badge.
SpeakerBio: Joshua HermanMy day job is that I am a release engineer specializing in compliance of various vendors at a large bank. Hacking, LLMs, and open source development are hobbies that I have. I have many given many talks such as at Defcon 31 about a natural language security scanner, Thotcon about of large scale social engineering, pyOhio about making chatbots using Blenderbot from Facebook, and at the Chicago Python User group about Cellular Automata I found in college (Snowlife). I have eleven years of software engineering experence with experience with message queues and trade compression debuggering by making a desktop app using Python and React I have a decade of professional experience in various industries such as insurance, CRM, Trade Show registration, recommender systems and cryptocurrency. I also have contributions to open source projects such as CPython documentation, triaging of issues and porting of features from Facebook’s fork of Python.
- ics Calendar file
Role play what would happen (or not happen) should a plane be maliciously targeted, or (like most) try and land a A320.
SpeakerBio: Pen Test Partners
- ics Calendar file
Use machine learning with Python to detect attacks in network packets including DNS tunneling, FTP brute force, and HTTP scanning. We will be using various Python tools such as iPython notebooks, scapy, and scikit-learn. Some Python experience is recommended, but if you don't know Python, come prepared to start with our Python tutorial!
- ics Calendar file
Quantum machine learning is a relatively new discipline, first appearing around 15 years ago, and uses a combination of machine learning ideas and concepts with quantum computing in order to ask: can we utilize the high-dimensional vector space of quantum computing for machine learning?
In this talk, I’ll go through the history of quantum machine learning: the highs, the lows, and the question marks. While we still have a lot to figure out — quantum computers will not just make existing quantum machine learning ‘faster’! — I’ll show you what’s already out there and how to take part.
SpeakerBio: Josh Izaac
- ics Calendar file
There’s a new emerging tech in town, and it’s name is Quantum! Following the past two years of Quantum CTF events held at the Quantum Village, we are pleased, proud, and excited to announce that our Q-CTF is indeed returning as Codename; QOLOSSUS! Pit your wits against the Atom, and come and see what devilish challenges from our Quantum Quizmasters await. Come and show your quantum prowess, and mastery of superposition and entanglement - design algorithms to break cryptography, hack our simulated quantum communications, and score points in our IRL activities. |Good Luck!〉
- ics Calendar file
Join us for a journey into the world of quantum computing, where quantum computers can solve problems in seconds that would take regular computers years to solve. We'll explore the principles of quantum mechanics that make this possible, and the implications for cybersecurity. But don't worry, we'll also cover what's being done to keep our online communications safe and how we can stay ahead of the game.
- ics Calendar file
Join us for our first Bloch Party and find out anything you have wanted to know about Quantum Tech & Hacking and why it's a Bloch Party, not Block Party. At the same time join us for another round of our Oxford Union-style fun debates @ DEF CON!
- ics Calendar file
Come by this informal mixer to meet others in the lgbtqia+ community who are a part of this wonderful world that is InfoSec. This is a safe and inclusive space to meet and talk to others with your shared experience and is a nice environment to network and unwind with a drink.
- ics Calendar file
Quick Share (formerly Nearby Share) has enabled file sharing on Android for 4 years and expanded to Windows a year ago.
Google's promotion of Quick Share for preinstallation on Windows, alongside the limited recent research, ignited our curiosity about its safety, leading to an investigation that uncovered more than we had imagined.
We studied its Protobuf-based protocol using hooks, built tools to communicate with Quick Share devices, and a fuzzer that found non-exploitable crashes in the Windows app. We then diverted to search for logical vulnerabilities, and boy oh boy, we regretted we hadn’t done it sooner.
We found 10 vulnerabilities both in Windows & Android allowing us to remotely write files into devices without approval, force the Windows app to crash in additional ways, redirect its traffic to our WiFi AP, traverse paths to the user’s folder, and more. However, we desired the holy grail, an RCE. Thus, we returned to the drawing board, where we realized that the RCE is already in our possession in a form of a complex chain.
In this talk, we’ll introduce QuickShell - An RCE attack chain on Windows combining 5 out of 10 vulnerabilities in Quick Share. We’ll provide an overview about Quick Share’s protocol, present our fuzzer, the found vulnerabilities, a new HTTPS MITM technique, and finally the RCE chain.
Speakers:Or Yair,Shmuel CohenOr Yair is a security research professional with six years of experience, currently serving as the Security Research Team Lead at SafeBreach. His primary focus lies in vulnerabilities in the Windows operating system’s components, though his past work also included research of Linux kernel components and some Android components. Or has already presented his vulnerability and security research discoveries internationally at conferences he spoke at such as Black Hat USA 2023, Black Hat Asia 2024, Black Hat Europe 2022, SecTor 2023, RSAC 2023, Security Fest 2023, CONFidence 2023 & 2024 and more
SpeakerBio: Shmuel Cohen, Senior Security Researcher at SafeBreachShmuel Cohen is a cybersecurity professional, who has a diverse background. After he pursued a Bachelor of Science degree in Computer Science, he had the privilege of working at CheckPoint, where he spent 1.5 years developing software and another 1.5 years working as a malware security researcher. As his interest grew in vulnerability research, he decided to join SafeBreach, where he has been able to focus his energies on exploring and addressing vulnerabilities in cybersecurity. Shmuel has previously spoken at BlackHat USA 2023, twice at Black Hat Asia 2024, and twice at CONFidence 2024.
- ics Calendar file
RAA For Workgroups 3.11 is a continuation of the Rent an Assassin series of parties from DC Shenanigans. Based on the World of Assassination from the Hitman video game franchise, RAA has been serving up clandestine client acquisition events in top-secret locations since DC30. This year marks our first-ever official DEF CON event, and we are excited to bring you some of the best DJs (and shenanigans) DEF CON has to offer.
- ics Calendar file
In this game capture the flag you will be presented with real configurations of real wireless and radio technologies to attack. Practice your skill and learn new ones from Radio Frequency IDentification (RFID) through Software Defined Radio (SDR) and up to Bluetooth and WiFi. There may even be Infrared, if you have the eye for it.
RF Hackers Sanctuary is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 32. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.
We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.
This game doesn’t let you sit still either, as there are numerous fox hunts, testing your skill in tracking various signals. If running around the conference looking for WiFi, Bluetooth, or even a Tire Pressure Monitoring System (TPMS) device sounds like fun, we are your source of a higher step count.
There will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.
- ics Calendar file
In addition to the CTF and talks which are elsewhere on the schedule, the RF Village is also a place to hang out and chat with like minded folks who share your interests.
- ics Calendar file
Este es un triple disco de vinilo. En el Lado A, abordaremos el panorama de los ransomwares, los famosos, por supuesto, y cómo los ransomware indies intentan competir con los ya consagrados. Al igual que en el lado B de un disco, se encuentran las canciones más oscuras y desconocidas que es poco probable que escuches por ahí, trataremos de los ransomwares que nunca han llegado al estrellato. Y por último, en LadoC, echaremos un vistazo a las amenazas emergentes y a las recomendaciones.
Speakers:Mauro Eldritch,Cybelle OliveiraMauro Eldritch is an Argentine hacker, founder of Birmingham Cyber Arms LTD and DC5411 (Argentina / Uruguay). He has spoken at various events, including DEF CON (10 times). He is passionate about Threat Intelligence and Biohacking.
Mauro Eldritch es un hacker argentino, fundador de Birmingham Cyber Arms LTD y DC5411 (Argentina / Uruguay). Habló en diferentes eventos incluyendo DEF CON (10 veces). Le apasiona la Inteligencia de Amenazas y el Biohacking.
SpeakerBio: Cybelle Oliveira , CTI MalwarelandiaCybelle Oliveira is a Cybersecurity Consultant, postgraduate in Cyber Threat Intelligence and Master's student in Cyber intelligence at the International Cybersecurity Campus of the University of Murcia, Spain. She has been involved in privacy and security activism for over 10 years and has presented talks at events around the world, including BSides LV, BSides SP, Girls Hack Village (DefCon), 8.8 Chile, Internet Freedom Festival, Radical Networks, Mozilla Festival, Roadsec, Cryptorave, among others. Cybelle is part of the Mozilla community and is the director of the Casa Hacker organization.
Cybelle Oliveira es Consultora de Ciberseguridad, postgraduada en Cyber Threat Intelligence y estudiante de Máster en Ciberinteligencia en el Campus Internacional de Ciberseguridad de la Universidad de Murcia, España. Ha estado involucrada en activismo de privacidad y seguridad durante más de 10 años y ha presentado charlas en eventos por todo el mundo, como BSides LV, BSides SP, Girls Hack Village (DefCon), 8.8 Chile, Internet Freedom Festival, Radical Networks, Mozilla Festival, Roadsec, Cryptorave, entre otros. Cybelle forma parte de la comunidad Mozilla y es directora de la organización Casa Hacker.
- ics Calendar file
- ics Calendar file
This is going to be an interactive live game that is driven by a near future storyline in which deepfakes and forgeries are so difficult to detect that bad actors and foreign governments are fully engaged in a war over people's minds. At the same time, the world is sitting on the brink of the so-called "singularity," as AI advancements have completely blurred the line between artificial and natural cognition, and the Turing test has been rendered decisively moot.
Teams will join the game and follow the storyline to clues that will give them hints about who they can trust and who they can't. The clues will follow the pattern of deepfakes and forgeries, asking players to figure out what's real and what's not, focusing on hacker and defcon focus areas such as authentication, trust, social engineering, hardware and software manipulation and more. They will be given a rich story that will lead them to research the underlying issues in trust and anonymous trust systems. They will also encounter challenges and tutorials on video and image validation and cryptographically safe messaging.
- ics Calendar file
Join the Recon Village GEOSINT Challenge, where your geospatial intelligence skills will be put to the ultimate test. Navigate through complex scenarios, uncover hidden clues, and outsmart your competition. Sharpen your analytical prowess and prove your mastery in this thrilling contest of wits and strategy.
- ics Calendar file
Red Alert ICS CTF is a competition for Hackers by Hackers, organized by the RedAlert Lab of NSHC Security. The event exclusively focuses on having the participants clear a series of challenges and break through several layers of security in our OT environment and eventually take over complete control of the ICS components.
Red Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF since DEF CON 26. Red Alert ICS CTF is proud to be among the Black Badge contests at DEF CON 31 and DEF CON 26.
The contest would house real world ICS (Industrial Control System) equipment from various vendors on showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.
Red Alert ICS CTF at DEF CON 32 would also be offering players the unique opportunity to compromise the latest cyber ranges on Maritime Cyber Security.
- ics Calendar file
The Red Team Capture the Flag (CTF) competition is back at DEFCON! It is a challenging and exciting event that tests the skills of participants in offensive security.
The Red Team CTF is designed to simulate real-world challenges in which attackers are put to the test. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities.
Teams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities and solve challenges.
The Red Team CTF at DEFCON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.
- ics Calendar file
Regular Expressions or RegEX are used everywhere! If you aspire to be a Pentester, Threat Hunter, Programmer, Network Engineer, DevOps or really anything in technology today, RegEx is a skill all the greats have and the majority of the industry are terrible at. Come learn or brush up on your RegEx skills in on our live trainer.
- ics Calendar file
New updates to FISSURE, the open-source RF framework and toolbox for all things RF, include the addition of deployable remote sensor nodes consisting of general-purpose computers that support many types of radio peripherals. These remote sensor nodes run a small subset of code that can be controlled over a network through the FISSURE Dashboard GUI to perform traditional FISSURE operations and also execute new types of scripted actions that can be run autonomously on startup or semi-autonomously through user interaction.
Flexible hardware options inherent to the computers and the radio peripherals allow the operator to weigh varying price points and upgrade options depending on the task at hand. Multiple types of COTS single-board computers (Raspberry Pi, Orange Pi, etc.), mini-PCs, laptops, and desktop computers can be supported along with various RF-enabled devices like software-defined radios or Wi-Fi/Bluetooth/Zigbee adapters. The new updates also include the ability to trigger electromagnetic effects using different types of RF, visual, acoustic, and environmental sensors connected to the nodes.
The deployment of multiple sensor nodes on the same network unlocks many geospatial applications for future development of FISSURE. Such applications include direction finding, tracking, intrusion detection, mobile deployment, and perimeter defense. A small form factor and autonomous capabilities grant unique opportunities for stealth deployment and packaging onto existing platforms. These updates can also provide a low-cost mechanism for remote workers to conduct combined RF-cybersecurity testing and access specialized RF environments like international localities of interest, laboratories, and test sites.
This talk will provide a brief overview of FISSURE and walk through all the new updates relating to the remote sensor node capabilities. To learn more, read about FISSURE on GitHub: https://github.com/ainfosec/FISSURE
SpeakerBio: Chris Poore, Senior Reverse Engineer at Assured Information SecurityChris Poore is a Senior Reverse Engineer at Assured Information Security in Rome, NY and is the lead developer for FISSURE. He has expertise discovering vulnerabilities in wireless systems, gaining access to systems via RF, reverse engineering RF protocols, forensically testing cybersecurity systems, and administering RF collection events.
- ics Calendar file
Resume Reviews offer attendees the opportunity to have their resumes critiqued by industry professionals. This activity provides personalized feedback and tips on how to improve resumes to stand out in the cybersecurity job market. It's a great way for participants to enhance their professional profiles and increase their chances of landing their desired roles.
- ics Calendar file
Resume Reviews offer attendees the opportunity to have their resumes critiqued by industry professionals. This activity provides personalized feedback and tips on how to improve resumes to stand out in the cybersecurity job market. It's a great way for participants to enhance their professional profiles and increase their chances of landing their desired roles.
- ics Calendar file
Although not scheduled we intend to have people in and out who can do repairs/soldering on older equipment should anything need it. If you have trouble with your vintage tech during con, we will do our best to help!
- ics Calendar file
During this presentation, we will address the critical importance of permission management in Cloud Native integrations and how an inadequate permissions model can create significant advantages for attackers. We will demonstrate how an attacker can exploit standard permissions to achieve privilege escalation, explain what Choke Points are, and illustrate Attack Paths in practice, showing how an attacker can progress towards success in their objectives. As the ultimate goal of this talk, we will present practical actions to enhance the security of your environment in this context and mitigate these threats.
SpeakerBio: Filipi Pires, Founder at Black&White TechnologyI’ve been working as Security and Threat Researcher and Cybersecurity Advocate at senhasegura, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
- ics Calendar file
Were you ever wondering why a vacuum robot or a smart air purifier needs multiple cameras and microphones? How secure are these devices? Can the devices be used to potentially spy on you?
For the past 5 years we have been presenting ways to hack and root vacuum robots at various events like the c3 or the DEFCON. In all these cases it covered vacuum robots by Roborock, Dreame, Xiaomi and some smaller companies. However, did we ever take a look at other vendors and maybe some new interesting device classes? In this talk we do exactly that, and will take a deep dive into Ecovacs robots! Ecovacs is the current market leader for smart home robots and recently expanded in other areas of home robotics.
You will be surprised how many worrisome things we found: broken crypto, missing TLS certificate verification, honor-system based ACLs, lots of RCEs, broken factory resets and unauthorized live camera access.
We will discuss our and other researchers experience with reporting bugs to the company and why one cannot trust third party certification agencies. In regard to trust, we will also address why you need to be careful with the choice of your spouse or flatmates.
Come with us on a journey of having fun hacking interesting devices while exploring bad oversights, real problems and the ignorance of the manufacturer. Learn what ways there are to root these devices and to use them in a privacy-preserving way.
Speakers:Dennis Giese,BraelynnDennis Giese is a researcher with the focus on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices. His most known projects are the documentation and hacking of various vacuum robots. He calls himself a "robot collector" and his current vacuum robot army consists of over 60 different models from various vendors. He talked about his research at the Chaos Communication Congress, REcon BRX, NULLCON, and DEFCON.
SpeakerBio: Braelynn, Security Consultant at Leviathan Security GroupBraelynn is a security consultant at Leviathan Security Group where she conducts security assessments of products for startups, Fortune 500 companies, and everything in between. She enjoys partaking in CTFs and researching the security anything that piques her curiosity. She has previously presented this research at conferences such as Chaos Communication Congress.
- ics Calendar file
MicroPython is a firmware environment for quickly developing and deploying software onto microcontroller systems. It is used in a variety of industrial and scientific applications, as well as (most importantly) in some DEF CON #badgelife projects. It's easy to learn and use for rapid prototyping.
For hackers interested in reverse engineering compiled or obfuscated MicroPython code, there are some obstacles. MicroPython is an implementation of CPython, not a port, so it has its own compiled bytecode language that existing reverse engineering tools aren't designed to parse. Also, modules can be "frozen", compiled directly into the microcontroller firmware, and may be difficult to locate and parse when microcontroller firmware is extracted and analyzed.
In this talk, Wesley will walk the audience through the process of identifying "frozen"/compiled modules in a firmware image without debug symbols using the Ghidra disassembler. The relevant module, string, object, and raw code data structures will be detailed, so that everything required to rebuild a non-frozen module can recovered. Once a compiled module is reconstructed, Wesley will present a detailed example of reading and understanding MicroPython compiled bytecode, for the purpose of reverse engineering the purpose and implementation of the module.
Dr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
- ics Calendar file
Aviation's Traffic Collision Avoidance System (TCAS) II has been touted as a foolproof safety net since its introduction in the 1980s. But what if we told you that this supposedly impenetrable system can be compromised? For years, attacks on TCAS have been mere theoretical exercises, foiled by an (accidental) built in security feature. That is, until now. In this presentation, we'll reveal the first working RF attacks on TCAS II, demonstrating how to hijack collision avoidance displays and create fake Traffic Advisories (TAs) and Resolution Advisories (RAs). We'll walk you through the technical challenges of building the necessary tooling using commercial off-the-shelf hardware.
But that's not all. Our research has also uncovered a second attack capable of remotely disabling an aircraft's TCAS capabilities, rendering it vulnerable to mid-air collisions. The implications are clear: if our findings can be exploited in real-world scenarios, the safety of millions of passengers hangs in the balance. Join us as we lift the lid on this shocking vulnerability and explore the dark side of aviation security.
Speakers:Giacomo Longo,Vincent LendersGiacomo Longo is a Ph.D. student by day, and a master of mayhem by night. When he's not burrowing through the depths of transportation system security, specifically primary and secondary radar systems, you can find him conjuring chaos as an engineer with a passion for solving what he thinks are the world's most intriguing problems. By harnessing his love for disorder into scientific research, Giacomo is on a mission to uncover the secrets of transportation systems - or at least, that's what he tells his thesis committee. Until the world takes notice, he'll continue to stir up trouble in the name of scientific progress.
SpeakerBio: Vincent Lenders, Cybersecurity Researcher and Head at Cyber-Defence CampusVincent Lenders is a cybersecurity researcher from Switzerland where he acts as the Head of the Cyber-Defence Campus. He has a Master and PhD degree from ETH Zurich in electrical engineering. He has over 15 years of practical experience in cybersecurity with a strong focus on the security of wireless networks. He is the co-founder of the OpenSky Network and has published over 150 scientific papers and two books, and presents regularly at cybersecurity conferences including Usenix Secuirty, DEFCON, IEEE S&P, NDSS, ACM CCS.
- ics Calendar file
- ics Calendar file
If you have never participated in a Robo Sumo event before, welcome to the crowd! There are a number of resources online on this topic. We are lucky enough to have Pololu as a local resource. Their office is a short distance from the strip. They have have robots and parts to make robots. They can ship to your hotel if desired. Put something together and bring it down to show off and shove other bots around.
Please follow the "more info" link if you would like to know more.
- ics Calendar file
As security engineers, managing risk means making informed decisions about which vulnerabilities to address first. We are often too time constrained, and the signal-to-noise ratio of current SAST/SCA tooling is too low.
This talk introduces "Runtime Reachability," a novel approach that leverages Continuous Profiling via eBPF to quantify how often a vulnerable method/codepath is called, in actual production usage. By understanding the runtime behavior of applications, security teams can effectively filter out low-likelihood vulnerabilities, prioritize fixes more effectively, reduce toil & the overall risk to their organization.
SpeakerBio: Sam "Frenchie" StewartFrenchie is the founder & CEO of Ensignia Security. Previously: InfraSec @ Brex/Cruise/Culture Amp. He has previously presented on cloud, cluster, container & CI/CD security (anything starting with a C, really) at BSidesSF/Melbourne/Canberra, ProjectDiscovery's Hardly Strictly Security and Kiwicon conferences, amongst others. Frenchie is far too biased to answer this question, and instead chooses to break the 4th wall.
- ics Calendar file
Join me for a hands-on workshop delving into the fundamentals of the Rust programming language and its application in malware development. Designed for both curious beginners and seasoned developers, this session will cover the basics of Rust while also exploring the unique features that make Rust a powerful tool for crafting malware. Through guided exercises and real-world examples, participants will gain practical insights into how Rust can be leveraged to develop sophisticated, stealthy, and malicious software.
SpeakerBio: Jose Plascencia
- ics Calendar file
Hack a (not-so) smart safe and win prizes from TCM Security! Attendees will be guided through a hands-on lab that demonstrates common tools and techniques to unpack and analyze firmware, hunt for files of interest, and reverse engineer binaries and libraries. In addition, you will learn how to trace functionality in IoT devices to their underlying binaries and libraries and further reverse engineer these to hunt for common vulnerabilities. By using these techniques, you will be able to find the vulnerable section of code in the smart safe and craft an exploit that will allow you to access the safe and win the loot inside.
- ics Calendar file
This presentation delves into the intricate process of generating a Software Bill of Materials (SBOM) for the Bob the Minions WiFi router by Davolink—a device whose firmware isn't publicly available. Traditional SBOM creation methods rely on readily accessible firmware, but Davolink's restricted release policies necessitated an unconventional approach. This talk covers the step-by-step journey of hardware disassembly, firmware extraction via SPI flash and JTAG/SWD interfaces, and the tools and techniques employed. Finally, we'll demonstrate how the recovered firmware is used to generate a comprehensive SBOM, highlighting any security vulnerabilities discovered and reported to the vendor. This session aims to provide attendees with practical insights into overcoming SBOM generation challenges in the IoT domain through hands-on hardware hacking, and leveraging the firmware and SBOMs for vulnerability discovery, as well as security improvement.
SpeakerBio: Larry Pesce, Co-Founder and Co-Host at "Paul's Security Weekly" podcastA self-professed, lifelong "tinkerer and explorer," Larry always wanted to know how things work. "I found myself getting to engage in deep dives of technology from an early age: My dad built the family television from a kit, and I helped. It caught fire. Twice. I helped fix it both times.” The help and advice received from the infosec community throughout his career inspired him to share what he had learned to help others secure their networks and improve their craft. Part of that ongoing sharing has been as the co-founder and co-host of the international award winning Paul's Security Weekly podcast for more than 17 years. Larry has spent the last 15 years as a penetration tester, spending lots of time focused on Healthcare, ICS/OT, Wireless, and IoT/IIoT/Embedded Devices, but now focuses his efforts on securing the software supply chain at Finite State.
- ics Calendar file
When we consider the conventional approaches to vulnerability discovery, be it in software or websites, we tend to confine ourselves to a specific target or platform. In the case of software, we might reverse engineer an application's attack surfaces for untrusted input, aiming to trigger edge cases. For websites, we might enumerate a domain for related assets and seek out unpatched, less defended, or occasionally abandoned resources.
This presentation explores the untapped potential of scaling security research by leveraging unconventional data sources. We'll walk through design flaws that enable two examples: forgotten cloud assets and leaked secrets. Instead of starting with a target and finding vulnerabilities, we'll find vulnerabilities and relate them to our targets. We won't just stop at discovery. We'll also discuss the incentives that create them and how to solve the ecosystem issues as an industry.
While you can't easily scale every issue, this project has led to tens of thousands of highly significant yet seemingly trivial weaknesses in some of the world's largest organizations. Prepare to shift your perspective on vulnerability discovery, learn scalable approaches to address commonly overlooked bugs, and understand how even the simplest misconfiguration can have a devastating impact.
Bill is an independent security researcher with a passion for finding bugs at scale. His interests include reverse engineering and vulnerability research, ranging from low-level memory corruption to systemic flaws with catastrophic consequences. He started his journey in high school and has since published his work at internationally-recognized conferences like DEF CON and Black Hat USA. In his pursuit to make the world a better place, Bill constantly looks for the next significant vulnerability, following the motto "break anything and everything".
- ics Calendar file
Come try a hands-on workshop on embedded computing using the new RP2350 processor from Raspberry Pi. Lean about the security architecture in modern embedded microprocessors and tinker with it in person! Think you have what it takes to break our stuff? Come learn, say hi and give it a try!
- ics Calendar file
Drones, also known as unmanned aerial vehicles (UAVs), are becoming increasingly popular for various applications, from delivery and surveillance to emergency response and military support. While traditionally controlled by dedicated remote controllers (ground control stations), Android is emerging as a powerful platform for drone development and operation. For example, some drone manufacturers, like DJI, have developed their own custom Android-based operating systems (OS) for their drones. Open-source Android-based flight control software like QGroundControl and Mission Planner are also available, allowing developers to build custom drone control applications. With the growing reliance on Android within the drone market, the necessity to understand the landscape of Android-based vulnerabilities and exposure has become more important than ever before, especially to ensure secure, safe, and reliable drone operations.
SpeakerBio: Jonathan WatermanJonathan Waterman has spent the last 15 years focused on cyber security, spanning both defensive and offensive security. His career started as an ISSM verifying network policies and secure procedures. After obtaining his B.S. in Computer Science from Clarkson University in 2012, his focus became the integrity of applications and sanitization of data. He went from testing and finding ways to bypass secure systems, to writing and enhancing network monitoring systems. Over the course of his career, he worked with the Department of Defense and other defense contracting companies enhancing security postures. For the last 2 years, he has focused specifically on IoT and Android based devices. Many of the programs he worked on were a combination of black and white box testing, requiring expertise in reverse engineering, vulnerability research, binary exploitation, and penetration testing. Currently he serves as a principal security research engineer at Dark Wolf Solutions, leading the Android vulnerability research team.
- ics Calendar file
ARPA-H accelerates better health outcomes for everyone by supporting the development of high-impact solutions to society's most challenging health problems. Join us in discussing why strong cybersecurity security is a critical piece of healthcare innovation and how ARPA-H is enabling this through the AIxCC, DIGIHEALS, and UPGRADE programs.
Speakers:Dr. Jennifer Roberts,Dr. Susan Coller Monarez,Andrew CarneyDr. Jennifer Roberts joined ARPA-H in February 2023 from the White House Office of Science and Technology Policy, where she was the assistant director of Health Technologies. She has a broad background in both engineering and computer science and has overseen research programs and strategy development on topics such as cyber security, healthcare data interoperability, artificial intelligence for synthetic biology, and information integrity.
Before joining the White House, Roberts worked for the Defense Advanced Research Projects Agency as deputy director of the Information Innovation Office. During this time, she received the prestigious Superior Public Service Medal for her contributions to the fields of artificial intelligence and cyber security. Roberts has a Ph.D. in computer science from MIT, which she attended as both a National Science Foundation and Hertz Foundation Fellow.
SpeakerBio: Dr. Susan Coller Monarez, Deputy Director at ARPA-HPhDDr. Susan Coller Monarez is a globally recognized leader with more than 20 years of experience in health innovation. Throughout her career, Monarez has focused on understanding the critical challenges within the health ecosystem and the greatest opportunities for innovation to meet these challenges. Prior to serving as ARPA-H deputy director, Monarez led innovation at the Health Resources and Services Administration, focused on ethical use of AI/ML to support improved health outcomes, novel approaches to addressing social determinants of health, expanding access to behavioral health, ending the opioid epidemic, addressing health equity gaps in maternal and infant mortality, and improving the country’s organ donation and transplantation programs.
Monarez has also served at the White House as the assistant director for National Health Security and International Affairs in the Office of Science and Technology Policy and as the director of Medical Preparedness Policy on the National Security Council. In both White House roles, she led efforts to enhance the nation’s biomedical innovation capabilities including combating antibiotic resistant bacteria and MDR/XDR TB, expanding telehealth and remote patient monitoring, establishing safeguards to ensure personal health data privacy, and improving pandemic preparedness. Monarez led the development of several Presidential-level national strategies, action plans, and policy directives related to domestic and global health.
Monarez also served in leadership positions at the Homeland Security Advanced Research Projects Agency within the Department of Homeland Security and the Biomedical Advanced Research Projects Agency within HHS. In addition to leadership roles within the federal government, Monarez has served on numerous advisory panels, including for the National Academies of Science, the National Science Advisory Board for Biosecurity, and the Organization for Economic Cooperation and Development. Monarez has also served as the U.S. representative on several international cooperative initiatives including with the European Union, Canada, France, the Netherlands, and the United Kingdom in bilateral and multilateral engagements.
Monarez was a Science and Technology Policy fellow with the American Association for the Advancement of Science. Prior to government service, Monarez was a postdoctoral fellow and graduate student, respectively, at Stanford University and the University of Wisconsin, where she focused on technology development to prevent, diagnose, and treat infectious diseases with a focus on people living in low- and middle-income countries.
SpeakerBio: Andrew Carney, Program Manager at Advanced Research Projects Agency for Health (ARPA-H)Andrew Carney joined ARPA-H in July 2023 from HSBC’s Cybersecurity Science and Analytics group, where he worked as a principal researcher. He has over 15 years of experience in software and hardware vulnerability research, technical education and training, and management of research and development teams.
In addition to his role as program manager with ARPA-H, Carney holds a joint program manager appointment with the Defense Advanced Research Projects Agency (DARPA) for the AI Cyber Challenge (AIxCC), a competition focused on securing software in critical infrastructure. Before HSBC, Carney was a technical advisor and contractor for the Defense Advanced Research Projects Agency (DARPA). At DARPA, he supported research efforts focused on reverse engineering, program analysis, human-machine teaming, and automated program repair. Throughout his career, Carney has been involved in competitive hacking (called Capture the Flag, or CTF) as both a player and a competition organizer. He holds a master’s degree in computer science from The Johns Hopkins University.
- ics Calendar file
-Introductions [5 minutes]
-Cloud Threat Intelligence [5 minutes]
-Threat Brief on Cloud Focused Adversaries: SCATTERED SPIDER
-Cloud Security Assessments [5 minutes]
-Introduction to Prowler
-SadCloud Introduction [5 minutes]
-Demo of Running Sadcloud [5 minutes]
-Hands-On Exercise [40 minutes]
-Participants given the option:
-Create AWS Account
-Use Access Keys
-Participants setup AWS CLI
-Participants run Sadcloud
-Demo of Running Prowler [10 minutes]
-Hands-On Exercise [30 minutes]
-Participants run Prowler
-Summary Review of Prowler output [10 minutes]
-Debrief/Q&A [5 minutes]
Please download and install terraform and python requirements noted below for this training: Sadcloud Requirements: Terraform version 0.12 or greater Terraform download: https://developer.hashicorp.com/terraform/install
Prowler Requirements: Python version 3.9, 3.10, or 3.11 Python download: https://www.python.org/downloads/
Attend this talk to get hands-on experience setting up an AWS environment, running cloud security tools to analyze its security, and mapping its security configuration against TTPs of a cloud conscious adversary. Cloud cyberattacks targeting enterprise environments have nearly tripled this past year, and cloud misconfigurations have become an open door to threat actors. Understanding cloud threat actors and how they are breaching cloud environments will help security professionals defend organizations with a cloud footprint. This workshop will showcase how to defend against the top cloud conscious adversaries and the most popular cyber attacks. During the workshop, participants will set up a demo AWS environment, identify security misconfigurations using Prowler, and map those findings to TTPs of a cloud conscious threat actor, SCATTERED SPIDER. Come to this workshop to gain practical skills that empower you to better secure your organization’s cloud environment against the modern adversary.
Speakers:Natalie Simpson,Nivedita (Nivu) JejurikarNivu Jejurikar is a Senior Consultant at Mandiant, part of Google Cloud. In her role, Nivu advises organizations of various sizes and industry verticals on cybersecurity topics, including cloud security. Nivu has previously worked at CrowdStrike and Deloitte Cyber. She holds the Security+, CEH, and AWS Cloud Practitioner certifications. In her spare time, she enjoys reading fiction books and spending time outdoors.
- ics Calendar file
Join members of the newly launched OASIS Coalition for Secure AI (CoSAI) Open Project (https://www.coalitionforsecureai.org). This is an engaging forum hosted by the Red Team Village in collaboration with the AI Village.
CoSAI’s members include Amazon, Anthropic, Chainguard, Cisco, Cohere, GenLab, Google, IBM, Intel, Microsoft, NVIDIA, OpenAI, PayPal, and Wiz.
Panelists will discuss the first three technical workstreams that the group has identified:
Also, learn how the CoSAI goals differ from other AI efforts and plans for collaboration. The panelists will emphasize the importance of diverse community input and will host an interactive segment on how you can contribute. Whether you are red-teaming an AI model or implementing AI-powered tools, don't miss this opportunity to gain insights into this open project and learn how you can contribute to shaping a secure AI future
Speakers:Omar Santos,Dan McInerney,Daniel Rohrer,Jay White,Paul Vixie,Sarah Novotny
- ics Calendar file
In the digital age, the agriculture industry has embraced advanced technologies to enhance productivity and efficiency. Central to this transformation are Industrial Control Systems (ICS), which manage everything from irrigation and fertilization to harvesting and storage. However, the integration of ICS in agriculture has also introduced a new vector of vulnerabilities and cyber threats.
This presentation will delve into the critical need to secure ICS in the agriculture sector against an ever-growing array of cyber threats. We will explore the unique challenges that agriculture faces, including the dispersed nature of operations, the integration of legacy systems with modern technologies, and the reliance on remote access and IoT devices.
SpeakerBio: Ray Baeza, Founder at Agriculture Defense GroupRay Baeza is the founder of Agriculture Defense Group, specializing in cybersecurity services for the agriculture industry. Hailing from Davis, CA, Ray grew up immersed in agriculture. With over 6 years of experience as an ICS cybersecurity engineer, Ray has honed expertise in ICS detection engineering and incident response. Driven by a passion for ICS technologies and the agriculture industry, he is dedicated to safeguarding agricultural systems from cyber threats.
- ics Calendar file
Time to mingle! Discover who can tell the best dad jokes. We're taking a quick break - be back soon!
- ics Calendar file
Time to mingle! Discover who can tell the best dad jokes. We're taking a quick break - be back soon!
- ics Calendar file
The National Renewable Energy Laboratory's Clean Energy Cybersecurity Accelerator (CECA) program focuses on accelerating the deployment of innovative OT security solutions in the electric grid. Sponsored by the Department of Energy and utility partners, CECA collaborates with utility sponsors to prioritize cybersecurity gaps and evaluate emerging solutions focused on those gaps. The second cohort of CECA addressed the challenge of OT asset management, particularly incomplete system visibility in Industrial Control Systems (ICS). This presentation covers CECA's evaluation of runZero, a product that enhances asset visibility through active scanning. The evaluation process involved rigorous, repeatable testing in a controlled environment to assess the product's ability to accurately identify devices and its impact on device operation. We will discuss the results of this testing, demonstrating how active scanning can be safe and effective for improving asset visibility. Additionally, we will delve into CECA’s testing philosophy and approach, providing insights into our evaluation process and how it ensures the reliability and efficacy of new cybersecurity solutions.
SpeakerBio: Jennifer Guerra, Cybersecurity Researcher at National Renewable Energy Laboratory (NREL)Jennifer Guerra is a cybersecurity researcher at the National Renewable Energy Laboratory (NREL), where she focuses on building representative architectures and designing scientific evaluations for novel OT solutions. She currently serves as a technical lead for the Clean Energy Cybersecurity Accelerator (CECA), which advances cyber innovation to defend modern, renewable energy technologies against high-priority cybersecurity risks to the energy sector.
Prior to joining NREL, she served as a cyber-physical systems security researcher at the Oak Ridge National Laboratory (ORNL) coordinating cyber actions and emanation detection on an energized electric power system. She holds an M.S. in Computer Science and B.S. in Criminal Justice and Psychology which have influenced the unique perspective she brings to persistent and emerging ICS security challenges.
- ics Calendar file
Come take a picture with a CubeSat. And while you're there, learn a few things about it.
SpeakerBio: CalPoly
- ics Calendar file
The S.O.D.A. Machine Experience:
Imagine being at DEF CON, eager to dive into some serious hacking without being tethered to your laptop. The Shell On Demand Appliance is here to enhance your experience by providing access to anonymous virtual machine using cold hard cash.
What is the Shell On Demand Appliance?
The S.O.D.A. machine is now located in the contest area at the DEF CON Scavenger Hunt booth, offering virtual machines accessible via the DEF CON network. A blend of hardware, software, art, and hacking, using recycled materials to create a sustainable tech experience. The built-in datacenter connects directly to the DEF CON network. Insert cash or coins into the machine to get started, the system deploys the VM to the network, and a receipt with your login credentials is printed. Users receive login credentials to access their virtual machine via remote shell. You can change the password, install tools and applications, and customize the VM to suit your needs. The updated system now provides secure access from anywhere in the world through a web browser or standard SSH client. Be sure to check out the BBS too!
Supporting the Cause:
All proceeds from the S.O.D.A. Machine benefit the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization dedicated to advancing research and education in computer science, technology, and engineering. Contributions are welcome at https://www.paypal.com/paypalme/NUCC.
- ics Calendar file
Hi I'm currently pursuing Msc In Information Security and I'm really interested in Android security
- ics Calendar file
This talk brings back from the dead an attack surface that security vendors believed they had addressed a long time ago.
We will introduce a novel and stealthy technique to apply malicious shims on a process that does not require registry modification or SDB files and leaves no traces on the disk.
The reverse engineering of the shim infrastructure will be shown while focusing on undocumented API and the kernel driver of the infrastructure.
The various operations offered by the infrastructure will be analyzed from an offensive point of view, and the course we took to achieve this unique technique will be presented.
In addition, we will unveil an attack surface research that resulted in a noteworthy attack that manipulates 2 different OS components into performing DLL injection and privilege escalation.
Researching the undocumented RPC interfaces of the service OfficeClickToRun.exe uncovered a method that can inject a DLL into another process running as “NT AUTHORITY\SYSTEM”, which achieves privilege escalation. For this to work, specific conditions had to be met.
The conditions we tailored will be displayed as we abuse the Opportunistic Lock and App Compatibility (shim) mechanisms.
Speakers:Ron Ben-Yizhak,David ShandalovRon Ben-Yizhak is a security researcher at Deep Instinct.
He is responsible for research of malware campaigns, attack surfaces and vectors and evasion techniques.
His findings are used for developing new analysis, detection, and mitigation capabilities.
Ron joined Deep Instinct in 2019 after serving as a security researcher and forensics specialist in one of the IDF's elite cyber units.
SpeakerBio: David Shandalov, Security Researcher at Deep InstinctDavid Shandalov works as a security researcher at Deep Instinct.
His role involves researching and identifying new cyber threats and vulnerabilities, and developing tools for threat detection and analysis.
David began his journey in cybersecurity as a Malware Researcher at Checkpoint and, prior to that, served in the IDF's intelligence corps.
Outside of research, David enjoys flying and is currently working on obtaining his Private Pilot License.
- ics Calendar file
Bring a retro artifact of your own for people to have fun with and demonstrate! (Note: Any artifact brought in for Show & Tell must also be taken back home with you, and although we will try our best to keep your artifact safe and operational, we suggest that you don't bring anything irreplaceable or that has sentimental value, as things could get destroyed or go missing.)
- ics Calendar file
BadVR Data Exploration through VR visualization. See RF signals, cellular signals and step into the data with a hands-on VR experience
- ics Calendar file
The proliferation of ride-share rocket launches and decrease in the overall cost of sending payloads to space due to recent successes in the private space industry has made small satellite systems a cost effective and time-efficient method to put research vehicles in space.
The University of Alabama in Huntsville’s Center for Cybersecurity Research and Education (CCRE) has been funded by the U.S. Army Space and Missile Defense Command (SMDC) over the last several years to investigate the overall cybersecurity posture of small satellite systems. Numerous iterations of student teams led by CCRE and SMDC staff members have managed to accomplish notable research milestones.
This talk is meant to inform the next generation in aerospace cybersecurity by discussing our major research milestones, relevant findings, lessons learned, and areas of concern relating to the overall cybersecurity posture of small satellite systems.
Relevant items to be covered in this talk include what it took to build a working small satellite system model as close to real-world as possible (Raspberry Pis vs PyCubed boards vs other contenders), implementation of small satellite functions (payload camera, radio communications, positioning/sensor array, orbital simulation, battery/solar charging, etc.), performing vulnerability analysis against the implemented model, creating different attack scenarios (MitM, DoS, spoofing, hardware attacks), implementing defensive mitigations (hardening scripts, command validation, health checks), and the development of a lightweight software solution named “Small Satellite Defender” (SSD) designed to protect satellites from potential threat vectors.
SpeakerBio: Kyle Murbach, Principal Research Engineer, Center for Cybersecurity Research and Education (UAH/CCRE) at University of Alabama in HuntsvilleDr. Kyle Murbach is a Principal Research Engineer at the University of Alabama in Huntsville’s Center for Cybersecurity Research and Education (UAH/CCRE). With over 9 years of experience as a cybersecurity researcher and software reverse engineer with industry and government, he is responsible for leading numerous cybersecurity related projects as PI, Co-PI, and Subject Matter Expert in various topic areas related to malware analysis, tool development, reverse engineering, vulnerability analysis, and computer network operations.
At UAH/CCRE, Dr. Murbach is the technical director for the Space Testing and Resiliency Simulation (STARS) Team where he has led numerous students in the design and development of a small satellite testbed and vulnerability analysis of small satellite systems over the last four years. Dr. Murbach has also led technical development efforts to create an automated malware analysis platform which integrates open-source tools to create high confidence summary information of potential malicious activity in binary files. He also played a key role in the development of a testbed for analysis of malware on non-x86 architectures using emulation and integrated open-source tools to collect comprehensive system data during execution and create visualizations that display potential indicators of compromise to the user. He has worked with private industry partners to assess, reverse engineer, and identify any potential vulnerabilities in a custom cryptographic software.
Dr. Murbach is CISSP certified, he holds his PhD in Cyber Operations from Dakota State University (2019) and BS/MS degrees in Computing Security from Rochester Institute of Technology (2016) as a CyberCorps Scholarship for Service graduate. He has also taught software reverse engineering as an adjunct lecturer for the University of Colorado at Boulder for the last three years.
- ics Calendar file
Small scale LAN party - Use one of our Windows 98 laptops or BYOB and hook it up! Seating will likely be limited depending on interest.
- ics Calendar file
This talk covers the systems used to physically restrict the motion of shopping carts by locking one or more of their wheels. Topics cover what they are, how they work, and methods to bypass them.
SpeakerBio: JosephJoseph is a robotics engineer turned hacker, who takes apart smart shopping cart wheels to see how they work.
- ics Calendar file
It's the holiday season and all through the air,
Messages arrive, not with joy, but despair.
A sinister plot unfolds, a digital dance,
Smishing scammers striking, a threat to enhance.
This past holiday season saw a dramatic rise in SMS phishing (smishing) messages, specifically targeting people pretending to be the USPS. Almost everyone in the United States received one of these messages using a kit sold by the ‘Smishing Triad’. While many of us knew these were scams many more did not, including someone close to me.
I knew I had to do something about it once I started receiving these texts myself. With my focus in web application testing, I immediately took interest in these smishing kits and how I could exploit them. After a thorough review, some collaboration with other researchers, and a little reverse engineering I was able to find two vulnerabilities in the scammer’s kits allowing me to login to the admin panels.
Using this I have been able to recover over 390k distinct credit cards that the scammers had gathered using over 40 admin panels and well over 900 unique domains. Along with this was info on the scammers themselves like login IPs, usernames, and some cracked passwords they use.
This talk will cover the technical details of how I reverse engineered this kit, found these vulnerabilities, and collected the victim and admin data for each of these sites.
My Blog:
SpeakerBio: S1nn3rS1nn3r is a recent college graduate. He holds the OSCP, GCIH, eCPPT, Sec+, and some more alphabet soup. He has interned with multiple DoD agencies and now will work in the private sector doing red teaming. During his internships he has worked in exploit development, red teaming, and threat analysis. During his time at school, he has been elected president of the Cybersecurity Club, led multiple CTF teams, organized CTFs, discovered a CVE, and has been awarded over $10k from bug bounty programs.
- ics Calendar file
Ever since the pandemic and the rising popularity of work-from-home and hybrid models, there has been an increase in the usage of browsers, particularly video conferencing and collaboration applications. While some extensions enhance the user experience, some can gravely affect users' privacy and security.
Over the past few years, extensions have gained recognition for nefarious activities, from simple color picker extensions to productivity-first AI extensions. And now more than ever, attackers are leveraging malicious extensions to steal user data, promote ads, affiliate marketing, and more. Realizing the abuse, Google pivoted from the MV2 model to the latest MV3, providing better security and locking down the extension from running rampant. While some security measures have been introduced in MV3, it is far from safe. In this talk, we will be demonstrating a suite of attacks, while requiring the least amount of permissions, which 95% of extensions on the Chrome store have. We will showcase stealth stealing of webcam feed, audio streams, clipboard data, and stealing credentials from other extensions like password managers.
MV3 also introduced security measures to block the usage of functions like eval and new Function that allowed arbitrary code execution. We’ll showcase how an extension can still do arbitrary code execution effectively bypassing the MV3 restrictions.
In this talk, we will also propose changes to the extension security model to prevent the lurking loopholes. We will also be demonstrating how malicious extensions can interfere with other extensions and steal sensitive information such as Credit card, passwords, OTP, etc, from other extensions.
Speakers:Vivek Ramachandran,Shourya Pratap SinghVivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies. Vivek discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, and created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots), among others. He is the author of multiple five-star-rated books in offensive cybersecurity, which have sold thousands of copies worldwide and have been translated into multiple languages. He has been a speaker/trainer at top security conferences such as Blackhat USA, Europe and Abu Dhabi, DEFCON, Nullcon, Brucon, HITB, Hacktivity, and others. Vivek’s work in cybersecurity has been covered in Forbes, TechCrunch, and other popular media outlets. In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection, and Anomaly-based Intrusion Detection Systems. In 2021, he was awarded an honorary title of Regional Director of Cybersecurity by Microsoft for a period of three years, and in 2024 he joined the BlackHat Arsenal Review Board.
SpeakerBio: Shourya Pratap Singh, Principal Software Engineer at SquareXShourya Pratap Singh is a Principal Software Engineer at SquareX. He is responsible for building SquareX's security-focused extension and works on researching methods to counteract web security risks. He has conducted a workshop at the Texas Cyber Summit and published work at Blackhat Arsenal EU. He has a bachelor's degree from IIIT Bhubaneswar and holds a patent. His area of interest includes browser extensions and web application security.
- ics Calendar file
Come check out the Social Engineering Community Village!
- ics Calendar file
Don’t Panic! The Social Engineering Community needs your help save the galaxy! We need brave and creative minds for our Youth Challenge to help us solve a series of challenges that will trigger the implosion failsafe.
- ics Calendar file
Social Engineering is a widely-covered topic. We'll focus on how it can be beneficial specifically during covert entry assessments for talking your way in/out of situations as well as to solicit information that you can apply throughout the assessment.
Introductory methods to modern covert entry Tactics, Techniques and Procedures (TTPs) for penetration testers.
An introduction to common and uncommon covert entry techniques that are used during physical security assessments. Whether you are a penetration tester, security coordinator, or the decision maker, these techniques will provide an insight into how expensive electronic and physical access controls can sometimes be bypassed by something as simple as a can of air, a piece of plastic, or even a smile.
Tim Roberts and Brent White of WeHackPeople.com and Dark Wolf Solutions, LLC will be sharing their experiences with covert and overt security tests over the years and walking participants through some real-life application of the techniques utilized during these assessments.
SpeakerBio: Tim Roberts, Covert Entry Specialist at Dark Wolf SolutionsTim is a Covert Entry Specialist with Dark Wolf Solutions and Sr. Principal Penetration Tester. He is the founding member of the Lexington DEF CON group (DC859). He has been interviewed on the subject of “White hat hacking” for Microsoft’s “Roadtrip Nation” television series, was featured on IDG Enterprise’s CSO Online publication by Ryan Francis on social engineering, and was interviewed at Black Hat by HelpNetSecurity on security awareness and “Know Your Adversary”. He and Brent White have also been featured a couple of times on the true crime series Profiling Evil with Mike King. Tim has over fifteen years of professional security experience and has held management, IT, and physical security roles across multiple industries, including healthcare, finance, and government. His experience includes Red Team, Internal/External Network, Wireless, Application, Physical Security, Social Engineering, and more. Tim has spoken and conducted training at numerous security and hacker conferences, including ISSA International, DEF CON, DerbyCon, NolaCon, various B-Sides, CircleCityCon, Techno Security Con, SaintCon, Appalachian Institute of Digital Evidence at Marshall University, Who’s Your Hacker, was keynote for the S&H Law – FBI/Hacker Panel, and more. By continuing to share these experiences, he hopes to further contribute to the InfoSec community and security awareness as a whole.
- ics Calendar file
Capture the Flag (CTF) is a competition where teams and individuals compete to solve security challenges. The one that collects most flags the fastest wins the competition (and typically, prizes). CTF-101 is an interactive workshop where we attendees learn about CTF competitions and common security vulnerabilities in a game-like environment. A couple of challenges are presented throughout the session and our hosts walk through how to solve them and provide support as attendees try to solve the challenges during the live hacking part of the workshop. Plus, there’s a leaderboard for attendees to track their progress.
SpeakerBio: Micah Silverman, Director of Security Relations at SnykMicah is Snyk's Director of Security Relations. With 29 years of Java Experience (yup, that's from the beginning) and 23 years as a security professional Micah's authored numerous articles, co-authored a Java EE book, and spoken at many conferences. He's a maker, who's built full-size MAME arcade cabinets and repaired old electronic games (http://afitnerd.com/2011/10/16/weekend-project-fix-dark-tower/). He brings his love of all things security and Java to a conference near you!
- ics Calendar file
This Physical Access Control Learning Lab will teach attendees about physical access control and the systems involved. Many of the subjects being taught will be related to their cybersecurity counterparts and lots of focus placed on the why of each concept, not only the fun parts.
Speakers:Lorenzo Pedroncelli,Randy BelbinLorenzo has been working with technology since childhood, directly out of high school he went to work for the National Laboratories. Lorenzo helped drive a new security initiative for High Performance Computing, eventually moving to another National Laboratory to do the same. After leaving government contracting Lorenzo joined RSA and started his first "official" job in cybersecurity as a consultant for NetWitness helping customers improve their knowledge and use of the SIEM. Most recently Lorenzo switched into supporting RSA's internal security operations, leading the Converged Security team including the Incident Response, Data Security, Cloud Security, and Endpoint Security programs, among others.
SpeakerBio: Randy Belbin, RSARandy began his Information Technology and cybersecurity career in the MSP space over a decade ago, before joining RSA as a Sales Engineer in 2016. In the years since, Randy has become an industry expert for Identity and Access Management. In 2022, Randy moved to RSA’s Security and Risk office to lead the identity program at the newly independent RSA. As part of the security team, Randy has been able to broaden his experience and currently assists with physical security, cloud security, and incident response, in addition to his role as the identity guy.
- ics Calendar file
Email remains the #1 initial access vector for commodity malware and nation state actors. Historically, tackling email-based threats has been considered the purview of black-box vendor solutions, with defenders having limited scope (or tooling!) to swiftly and effectively respond to emerging attacker activity and novel offensive tradecraft. In this workshop, attendees will be given detailed insight into the latest techniques used to deliver prevalent malware strains, including Pikabot and DarkGate, and will hunt through email data to identify this malicious activity, developing rules to detect and block these attacks. Initially attendees will be introduced to the foundational technologies that enable threat hunting, detection engineering, and response in the email domain, before being given access to the email data of a fictitious company seeded with benign and real-world attack data. Throughout the day, participants will learn to hunt common phishing techniques including: - QR codes - Image-as-content - Drive-by delivery via links and HTML smuggling - Excel attachments with embedded links to SMB shares - ISO attachments - PDF attachments with embedded links to malware (PDF -> URL -> ZIP -> WSF) - VIP impersonations - BEC Attendees will be guided through the rule creation process, utilizing free and open detection engines including Sublime and Yara, and will be introduced to the signals and email attributes that can be used to craft high-fidelity rules, including targeted user groups, sentiment analysis, sender domain age, and attachment analysis. Having completed the workshop, attendees will have a strong understanding of the tools and techniques at their disposal to defend their organizations from all manor of email threats.
Speakers:Alfie Champion,Josh KamdjouAlfie specialises in the delivery of attack detection and adversary emulation services, actively contributing education content, tooling and blogs to further the industry. He has previously worked with organisations across multiple industry verticals to uplift and validate their detective capability through red or purple team engagements, and now leads the global adversary emulation function at a FTSE 250 company. He has previously spoken at BlackHat USA, RSA and Blue Team Con 2022, among others, and is the co-founder of DelivrTo.
SpeakerBio: Josh Kamdjou, Founder and CEO at Sublime SecurityJosh has been doing offensive security-related things for the past 12 years. He's spent most of his professional career breaking into networks via spear-phishing and other methods, and building software for both the public (Department of Defense) and private sectors. Josh is the Founder and CEO of Sublime Security, and in his private life enjoys weight lifting, Martial Arts, soccer, and spending time with his niece and nephew.
- ics Calendar file
This training will cover how to discover vulnerabilities in custom Salesforce applications hosted on the Salesforce PaaS platform. This is not hacking Salesforce itself, but instead custom applications deployed by customers of Salesforce. You should already know OWASP Top 10 fundamentals such as how XSS or injection attacks work. You will learn how to find vulnerabilities specific to Salesforce apps such as SOQL injection, SOSL, cross-site scripting filter bypasses, and bypassing access controls of hidden functions to exfiltrate data. A new open-source tool “PaaS Cloud Goat” will be used to provide a simulated vulnerable Salesforce application for testing. Students will be expected to use a MitM proxy tool (Burp Suite) to craft malicious attacks to exploit the application. This training will provide a lab manual and live walk-through of the attack process and methods. We will also cover source code review and practice how to find vulnerabilities in code and translate them to working exploits of the simulator app.
Takeaways: 1. Hands-on learning opportunity of pen testing custom Salesforce applications 2. Detailed training documentation material about the underlying flaws 3. Consolidated list of common Salesforce application vulnerabilities
SpeakerBio: Rodney David Beede, Principal ConsultantRodney is a principal consultant and has specialized in web and cloud security for over 10 years. He has spoken at multiple conferences on topics from cloud security engineering to IoT device hacking. He has multiple CVEs for discovered web application security vulnerabilities. He started his career in enterprise web application software development but shifted to the security industry with his master's thesis research project "A Framework for Benevolent Computer Worms" 2012.
- ics Calendar file
We live in a time of unexpected transformation. Machines can hold conversations, compose prose and poetry, and generate very convincing deepfakes. The field of AI where this all happens – deep learning – has a long history, starting with one simple building block: the neural network. In this workshop, we will tour through the evolution of neural networks and discover that much of their evolution occurred in the world of low-level programming. Using C, C++ and a bit of assembly language, we will learn the fundamentals behind neural networks in their various forms, and build a foundation of knowledge that will allow us to understand how we arrived at large language models, the current state of the art. Most importantly, we will discover how far we can stretch everyday hardware to run deep learning models that solve interesting problems.
SpeakerBio: eigentouristEigentourist is a programmer who learned the craft in the early 1980s. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes, it's hard to tell which was which. Today, he works on systems integration and engineering in the healthcare industry.
- ics Calendar file
"Pentesting ICS is too easy and you are looking for a new challenge? Attend this workshop to discover and practice how to secure Industrial Control Systems! This workshop is designed to show some key cybersecurity measures to implement on Industrial Control Systems. We’ll bring a realistic but simple ICS setup and let you secure it step by step. After a short introduction, we’ll deep dive in several hands-on exercises: ICS inventory, backups, network security, system hardening and detection. "
SpeakerBio: Alexandrine Torrents, Cybersecurity Expert at WavestoneAlexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.
- ics Calendar file
Malware continues to increase in prevalence and sophistication. VirusTotal reported a daily submission of 2M+ malware samples. Of those 2 million malware daily submissions, over 1 million were unique malware samples. Successfully exploiting networks and systems has become a highly profitable operation for malicious threat actors. Traditional detection mechanisms including antivirus software fail to adequately detect new and varied malware. Artificial Intelligence provides advanced capabilities that can enhance cybersecurity. The purpose of this workshop is to provide an immersive, hands on projects that teach security analysts how to train Machine Learning models to detect thousands and thousands of unique malware samples. This workshop delivers a new framework that uses Machine Learning models to analyze malware, produce uniform datasets for additional analysis, and classify malicious samples into malware families. Additionally, this research presents a new Ensemble Classification Facility we developed that leverages several Machine Learning models to enhance malware classification. To our knowledge, this is the first research that utilizes Machine Learning to provide enhanced classification of an entire 200+ gigabyte-malware family corpus consisting of 80K+ unique malware samples and 70+ unique malware families. New, labeled datasets are released to aid in future classification of malware. It is time we leverage the capabilities of Artificial Intelligence and Machine Learning to enhance detection and classification of malware. Topics taught through hands-on projects include Machine Learning, Natural Language Processing, and Deep Learning models. This workshop provides a pathway to incorporate Artificial Intelligence into the automated malware analysis domain.
SpeakerBio: Solomon Sonya, Computer Science Graduate Student at Purdue UniversitySolomon Sonya (@0xSolomonSonya) is a Computer Science Graduate Student at Purdue University. He earned his undergraduate degree in Computer Science and Master’s Degrees in Computer Science, Information Systems Engineering, and Operational Strategy. Solomon routinely develops new cybersecurity tools and presents research, leads workshops, and delivers keynote addresses at cyber security conferences around the world. Prior to attending Purdue, Solomon was the Director of Cyber Operations Training. Prior to that position, Solomon was a Distinguished Computer Science Instructor at the United States Air Force Academy, Research Scholar at the University of Southern California, Los Angeles, and an Adjunct Faculty Instructor with the Advanced Course in Engineering Cyberspace Security (ACE) at the Air Force Research Lab in Rome, NY.
- ics Calendar file
Get ready for everything you always wanted to know about RFID, but were afraid to ask! The workshop will start with a basic introduction to Radio-frequency Identification (RFID) and build to a set of practical hands-on challenges. The workshop delves into the theory behind RFID, including different types and protocols (insecure vs. secure types), and how to perform an assessment. Several hands-on assignments will punctuate the theory portion, preparing participants for challenges (of increasing difficulty) on an RFID simulation device, all while participants obtain points for the CTF contest. The objective is to make this workshop fun and accessible to a wide audience. The RFID protocols discussed and in the challenges will be limited to HID and Mifare Classic Instructions and walkthroughs for three devices will be available in the workshop materials, including: * Proxmark3 * Flipper Zero * ACR122U ACR122U devices will be available from the instructor during the workshop.
SpeakerBio: Vinnie "kernelpaniek" Vanhoecke, Senior Security Consultant at Bishop FoxVinnie Vanhoecke (OSCE, OSCP) is a Senior Security Consultant at Bishop Fox, where he focuses on web application assessments (static and dynamic), external and internal network penetration testing, and cloud security assessments. He also has extensive experience in red teaming and mobile application assessments for Android. As hobby he likes anything from space to nature, HAM radio, 3D printing and any other IT related topic. Vinnie holds a Bachelor of Computer Science with a Computer and Cybercrime Professional specialisation from Howest in Bruges, Belgium.
- ics Calendar file
We’ve developed an interactive workshop for all those who want to learn secure coding practices and/or experience attacking with up-to-date technologies. We prefer simplicity: Attacks are performed with swagger and C# scripts, and exploit XSS, CSRF, SSRF, and SQLI. We’ll also steal secrets and cookies. Secure coding practices are summarized in an easy-to-remember acronym (PREVENT). Participants will transform RecipeRealm, a naive webapi+angular recipes repository, into a secure solution. Through the hands-on real-world coding exercises, we will cover dealing with a vulnerable third party, using the built-in defense mechanism of Angular, implementing antiCSRF mechanisms, coding a secure data layer, and how to protect a web API from being exploited to get information about our internal assets.
Speakers:Or Sahar,Yariv TalOr Sahar is a security researcher and the co-founder of Secure From Scratch. With two decades of experience in software development and security, she specializes in penetration testing, application security, and instructing on secure coding practices. Currently pursuing a second Master's degree in computer science, Or Sahar holds a BSc in software engineering and is certified as an OSCE.
SpeakerBio: Yariv TalYariv Tal is a senior developer turned security researcher. He graduated Summa Cum Laude with a BSc in Software Engineering and is currently pursuing a Master's degree in Computer Science. Yariv leverages his four decades of programming experience, university lecturing, and BootCamp mentoring to promote a "secure from scratch" coding philosophy.
- ics Calendar file
There once was a lad, brave and free Whose words I shall craft in glee "Meshtastic" he'd say With his Pip-Boy each day He traveled so far with amazing spree (limerick bio created by Private LLM)
- ics Calendar file
The Space Grand Challenge (SGC) Program is a free virtual game-based cybersecurity/space competition CTF for middle and high school students built by Cal Poly students—Learn by Doing in action. The game is built on the UNITY gaming engine.
SpeakerBio: CalPoly
- ics Calendar file
Launch into the thrilling world of cybersecurity, specifically designed for space systems! Learn the fundamentals to safeguard ground stations, communication links, and spacecrafts.
Engage in an immersive and fun CTF scenario. Apply your cybersecurity skills in real-time and see the direct impact of your decisions on our Space Systems Demonstrator. In this high-stakes scenario, you'll align with the Aurora Alliance in their critical mission to thwart Count Viktor Thunderclaw and the notorious Nebula Syndicate. The Syndicate threatens to destroy historic monuments around the world with their Space Laser unless their demands are met. Do you have what it takes to dismantle their malevolent plans?
Our beginner-level CTF kicks off as soon as the village opens—no pre-registration necessary. Just bring your laptop to access the CTF platform and your favorite packet decoding software (i.e. Wireshark). Expect the CTF to take you less than 1 hour to complete. Team collaboration is encouraged, and if you encounter obstacles, numerous hints are available to guide you. Excel in the challenge, and you could walk away with a CT Cubed SAO, an exclusive prize while supplies last.
SpeakerBio: CT Cubed
- ics Calendar file
Use spacestudio software to work through multiple challenges and scenarios. For instance:
Challenge 1: Analysis of the performance of the next GEN of satellites to size the ground segment.
Challenge 2: Assessment of propulsion system capabilities for initial orbit raising
Challenges for spacetower flight dynamic software will also be available.
Speakers:Exotrail,Hack-A-Sat
- ics Calendar file
Since the first car hit the road, manufacturers have been obsessed with safety. But hey, as AI wisely points out, determining the absolute 'safest' car can be as subjective as trying to decide on the best pizza topping! So, we decided to shift gears… into the world of car manufacturers' (application) security.
In this talk, get ready for a wild ride as we unveil the security findings from our research, affecting at least eleven major car manufacturers. Buckle up, folks, because your favorite brand might be on our list—along with your personal info!
Bring popcorn to watch some proof-of-concept videos.
With this talk we aim to demonstrate:
David Sopas leads a team of security researchers at Checkmarx and co-founder of Char49. With more than 15 years experience in pentesting and vulnerability research, he have been acknowledged by companies like Google, Yahoo!, eBay and Microsoft. Retired from this bug bounty hunting "career", Sopas now focus on IoT security and tries to learn new things every day.
SpeakerBio: Paulo A. SilvaWith a bachelor's degree in Computer Sciences and 15+ years developing software, in the last 10 years, Paulo has been focused on security research, ethical hacking, and penetration testing. He is a long-term OWASP volunteer and project leader, being one of those responsible for the OWASP API Security Top 10. He has co-/authored several secure coding practices manuals such as the OWASP Go Secure Coding Practices and the Kotlin Secure Coding Practices guide.
- ics Calendar file
Learn about DARPA's approach to developing tools to identify and flag multi-model media assets that have been generated or malicious purposes under the Semantic Forensics (SemaFor) program.
SpeakerBio: Dr. William Corvey, SEMAFOR Program Manager at DARPA Information Innovation OfficeDr. Wil Corvey joined DARPA as a program manager in the Information Innovation Office (I2O) in June 2020 to develop, execute, and transition programs in human language technology, artificial intelligence, and related areas. Prior to joining DARPA, Corvey served as a computational linguist with the United States Department of Defense. In this role they performed human language technology R&D, including multilingual natural language processing, information retrieval, and machine learning, with experience in knowledge-based, statistical, and neural techniques for automated linguistic analysis.
- ics Calendar file
Embark on a thrilling espionage adventure with spyVspy! This contest imagines a world of spy games where contestants employ basic hacking, cryptography, and rogue skills to solve puzzles and uncover hidden caches strategically scattered throughout DEF CON (and beyond).
Contestants will engage in a real-world treasure hunt, where the locations of hidden caches are revealed by solving the types of puzzles you'd expect to see at DEF CON. Traditional ciphers, lockpicking, OSINT, and very basic hacking/pentesting skills may be required.
spyVspy is intended for players of all skill levels. Whether you're a seasoned double-agent or just learning to be a covert operative, you will be able to compete and have fun in this event. Whatever skills you think you're missing can probably be learned on-the-job anyway.
- ics Calendar file
SQL injections seem to be a solved problem; databases even have built-in support for prepared statements, leaving no room for injections. In this session, we will go a level deeper: instead of attacking the query syntax, we will explore smuggling attacks against database wire protocols, through which remote, unauthenticated attackers can inject entire (No)SQL statements into an application's database connection.
Using vulnerable database driver libraries as case studies, we will bring the concept of HTTP request smuggling to binary protocols. By corrupting the boundaries between protocol messages, we desynchronize an application and its database, allowing the insertion of malicious messages that lead to authentication bypasses, data leakage, and remote code execution.
To put our findings into context, we will explore the real-world applicability of this new concept by comparing how robust various languages and frameworks are against these attacks. We will also discuss how smuggling attacks are not specific to database wire protocols but affect all kinds of binary protocols, from databases over message queues to caching. We will end the session with inspirations for future research to explore the topic further.
SpeakerBio: Paul Gerste, Vulnerability Researcher, R&D team at SonarPaul Gerste is a vulnerability researcher on Sonar's R&D team. He has a proven talent for finding security issues, demonstrated by his two successful Pwn2Own participations and discoveries in popular applications like Proton Mail, Visual Studio Code, and Rocket.Chat. When Paul is not at work, he enjoys playing CTFs with team FluxFingers and organizing Hack.lu CTF.
- ics Calendar file
This talk with cover the networks that generate and spread misinformation over social media. This talk will dive deep into the challenges a think tank of this type is at risk of facing, and will give us an update on what is currently happening with the program. There will be a general overview of what happened and how the increasing threats came to be as well as an update on where things stand now.
SpeakerBio: Renée DiRestaMy name is Renée DiResta. I'm the technical research manager at Stanford Internet Observatory, a cross-disciplinary program of research, teaching and policy engagement for the study of adversarial abuse in current information technologies. This means that I study the many ways that people attempt to manipulate, harass, or target others online. Sometimes that's influence operations, sometimes it's spam and scams, child safety issues, or novel ways of abusing generative AI technology. The internet is an ecosystem, and these things are interconnected: new technologies transform old problems. My name is Renée DiResta. I'm the technical research manager at Stanford Internet Observatory, a cross-disciplinary program of research, teaching and policy engagement for the study of adversarial abuse in current information technologies. This means that I study the many ways that people attempt to manipulate, harass, or target others online. Sometimes that's influence operations, sometimes it's spam and scams, child safety issues, or novel ways of abusing generative AI technology. The internet is an ecosystem, and these things are interconnected: new technologies transform old problems.I do research into novel and rapidly-developing problems, then communicate findings both to the public and to those best positioned to mitigate them. Over the years I've briefed world leaders and government bodies. I've advised Congress, the State Department, and myriad academic, civil society, and business organizations on the mechanics of online manipulation in its many forms, including computational propaganda, conspiracy theories, terrorist activity, and state-sponsored information warfare.
- ics Calendar file
We love our furry friends, but they can't always join us - leaving a pet in a vehicle can be very risky, but may also be a necessity. Commercial solutions exist, however these all require monthly subscriptions and cell coverage in order to work. We are hackers! We can do better.
Using the Automatic Packet Reporting System (APRS), a digital communications standard that utilizes the 2 meter amateur radio band, I've built a monitoring platform that can alert on high or low temperatures even when cell service isn't available. By broadcasting a signal that can be picked up with commercial hand-held radios, backcountry monitoring is possible, and when inside coverage areas, an AWS Lambda, combined with the APRS.FI service enables real-time alerts through SMS messages.
In this talk, we'll go through the journey of building this off-the-grid temperature monitoring system, including evaluation of off-the-shelf tools commonly used for high-altitude ballooning, discussion of online APIs related to APRS and their limitations, and the risk modelling process related to a system designed for life safety. Attendees will be able to use this knowledge to build their own monitoring systems for use in vehicles, high-altitude balloons, or anywhere else remote monitoring is desired.
SpeakerBio: Kamikazi
- ics Calendar file
We've ran The UnOfficial DEF CON Sticker Swap for 5 years now. Maybe a few other things. This year will be the officially official DC Sticker Swap, come visit for sticker hacker culture and to swap a bit of history.
- ics Calendar file
Arguably one of the many unsexy topics in the space, but a super important consideration for those leading security programs and the ICs working on the individual components. This conversation will include an overview of the pros and cons of building vs buying decisions in a security program. Specific use cases, and maturity stages will be explored to help the audience understand how to work towards getting the balance right. Panelists with a wealth of diverse industry experience will talk through real world examples of what worked and what didn’t, and lessons learned. We reserve the right to pull an Oprah Winfrey and leave jars of mayo under each seat to make this talk extra memorable.
Panelists’ experience includes both IC and management, from startups to FAANG to giant enterprise.
Join us for this thrilling and dynamic panel as we extend the wisdom of The Barefoot Contessa, Ina Garten, to the security space. Why spend your precious time in the kitchen of your security program making absolutely everything from scratch, when store bought can be just fine sometimes? We’ll discuss the pros and cons and considerations of build vs buy, in a talk that promises to capture the right balance of cynicism, nuance, and practicality. We know it’s tempting to make our own mayo, but we’ve lived it and have to say - sometimes store bought is just fine. Prepare your well ack-shuallys, we’re ready.
Speakers:Jason Craig,Lauren Proehl,Tina Velez,William PhillipsJason is a unicorn enthusiast and enjoys coffee, thrunting, and late apexes. Jason has worked for a few org’s you’ve heard of, done some things, and prefers to be a quiet professional.
SpeakerBio: Lauren ProehlTina is the Growth Lead and resident muppet at ClearVector. Prior to that, Tina spent several years at Expel serving in a variety of roles including customer success, enterprise solutions architecture, solutions strategist, and management. Before making the transition full time to the amazing and harried world of security, she spent many years tech side in the SLED space, both within the state courts system and at a major public research university. She defines her happy place as one involving a lot of art, books, and snacks. Tina misses the days of dial up, and crappy MS Paint art. She is a founding member of ThruntCon.
SpeakerBio: William Phillips
- ics Calendar file
Hacking Education for better outcomes / teaching in the metaverse
SpeakerBio: Dr. Muhsinah Morris, Founder at Metaverse United, LLCMeet the first ever Metaversity Director, Dr. Muhsinah Lateefah Morris. A BS graduate of the HBCU CAU. She obtained an MS & PhD from the Harvard of the South, Emory University in Biomolecular Chemistry. Dr. Morris has been part of and leading Morehouse’s Metaversity project since the Spring of 2021. She’s won awards for Teaching Excellence, Best Emerging Technology and Innovation, and First Place Unconventional Innovation in Industry. She resides in McDonough GA with her husband and five sons. One of her sons has autism and she advocates for the entire autism community. She’s a VR pioneer in education and is transforming learning globally. She is affectionately known as Dr. M.O.M. (Molder of Minds) by all her students. She continues to mold the minds of educators and students globally in the Metaverse. Her future is authentic transformation of the educational system for our future leaders using immersive technologies in the Metaverse. More recently, she founded Metaverse United, LLC where she helps people find where they belong in the embodiment of the internet called the Metaverse. Learn more at UnitetheMetaverse.
- ics Calendar file
In February 2024, Microsoft announced the release of Sudo for Windows for Windows 11 Insider Preview[1]. Like the Unix sudo utility, it provides a method for users to run commands with elevated permissions. This talk will share the results of an analysis of Sudo for Windows, starting with a summary of the information provided by Microsoft. From there, we will explore the architecture used to coordinate the elevation of the specified process, the ALPC service used to communicate between elevated and non-elevated processes, how Rust interoperates with Windows APIs, and the path resolution process for files and relative paths. As part of that journey, we will discuss a few discovered security issues.
This presentation will be valuable to anyone with an interest in Windows reverse engineering or Rust memory safety. A conceptual understanding of Windows Inter-Process Communication (IPC) and heap allocation may make parts of the talk more approachable, but the main ideas will be accessible to anyone with a high-level understanding of process memory layout (stack vs heap).
SpeakerBio: Michael "mtu" Torres, Senior Security Engineer, Network Infrastructure Security at Googlemtu, otherwise known as Michael Torres, is a Senior Security Engineer in the Network Infrastructure Security team at Google, where his primary focus is on Operational Technology systems. Michael is also a Staff Sergeant in the United States Marine Corps Reserve, where he has been responsible for planning and conducting both offensive and defensive cyber operations. He is passionate about sharing knowledge to benefit others, and is an active volunteer for VetSec (veteransec.org), a charity focused on helping military veterans have successful careers in cybersecurity.
- ics Calendar file
"Tamper-evident" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. Tamper-evident technologies are often confused with "tamper resistant" or "tamper proof" technologies which attempt to prevent tampering in the first place. Referred to individually as "seals," many tamper technologies are easy to destroy, but a destroyed (or missing) seal would provide evidence of tampering! The goal of the TEV is to teach attendees how these technologies work and how many can be tampered with without leaving evidence.
The Tamper-Evident Village includes the following contests and events:
- ics Calendar file
This talk showcases techniques for process injection using advanced return-oriented programming (ROP). Process injection via ROP introduces significant hurdles, requiring many WinAPIs to be chained together, each with complex parameters and return values. We give practical details on how to best manage this. One seemingly insurmountable challenge is in identifying the target binary, as string comparison can be extremely difficult in ROP, as needed ROP gadgets may be lacking. We unveil a unique, universal solution, giving a reliable means of string comparison via ROP, which works all the time, allowing a specific process to be pinpointed and injected into via ROP.
We created numerous patterns for different WinAPIs, allowing for as many as a dozen ways of preparing a specific WinAPI via ROP, if using an approach centered around the PUSHAD instruction. With some WinAPIs, there are zero patterns for PUSHAD, forcing us to rely upon the much lauded “sniper” approach. We document all such variations of patterns for the WinAPIs in our demonstrated process injection. This research is not intended to demo a one-off example of process injection via ROP, but to provide a methodology that can be used time and time again, providing unique templates for others to use the same WinAPIs when attempting process injection via ROP.
Dr. Bramwell Brizendine completed his Ph.D. in Cyber Operations. A security researcher, currently Bramwell is an Assistant Professor at the University of Alabama in Huntsville, and he is the founding Director of the Vulnerability and Exploitation Research for Offensive and Novel Attacks (VERONA Lab). A cybersecurity expert, Bramwell has taught numerous undergraduate, graduate, and doctoral level courses in reverse engineering, software exploitation, advanced software exploitation, malware analysis, and offensive security. Additionally, Bramwell has authored several important cybersecurity tools, including JOP ROCKET, SHAREM, ShellWasp, and ROP ROCKET, which are open source and freely available. Bramwell was a PI on a $300,000 NSA research grant to develop a shellcode analysis framework, SHAREM. Bramwell has been a speaker at many top security conferences across the globe, including different regional variations of Black Hat, DEFCON, Hack in the Box, and more.
SpeakerBio: Shiva Shashank Kusuma, Computer Science Master's Student at University of Alabama in HuntsvilleShiva Shashank Kusuma, a Computer Science Master's student at the University of Alabama in Huntsville, has a deep interest in software engineering and cybersecurity. When not at work, Shiva enjoys reading about Blockchain, Web3, and AI.
- ics Calendar file
Tempest is a new command and control framework written in Rust. The main goal of this framework is to prioritize ease of use for the hacker while also achieving elegant effectiveness on operations. Attendees will learn all about how to use the framework, with a focus on operational security and understanding the underlying code. This talk will go beyond just showing how to push buttons and learn steps for using a tool. We'll talk about how the c2 works, how post-ex modules work, how to avoid EDR detection, and how to make the most effective use of this or any c2 framework.
SpeakerBio: Kirk Trychel, Senior Red Team Engineer at Box.comKirk Trychel is a Senior Red Team Engineer with Box.com and a lifelong hacker. He has lead Red Teams with the Department of Defense, Secureworks Adversary Group, and CrowdStrike Adversary Emulations. Always eager to hack the newest technology, Kirk has produced original research across many areas of offensive security. His diverse experience combines with a passion to understand and expand attack surfaces, and do what defenders have not considered. Besides breaching systems, Kirk loves sharing his knowledge with the community and helping enhance organizations’ security posture.
- ics Calendar file
Tempest is a command and control framework written in 100% Rust. It began as a research project and personal challenge, but has grown into a very effective c2 framework. The original concept was to write a simple yet effective c2 framework, and design continues to focus on this simple goal. Because it started out as a research project with a learning goal, the framework is not directly based on any existing c2 frameworks and the vast majority of code will not be found anywhere else.
SpeakerBio: Kirk Trychel, Senior Red Team Engineer at Box.comKirk Trychel is a Senior Red Team Engineer with Box.com and a lifelong hacker. He has lead Red Teams with the Department of Defense, Secureworks Adversary Group, and CrowdStrike Adversary Emulations. Always eager to hack the newest technology, Kirk has produced original research across many areas of offensive security. His diverse experience combines with a passion to understand and expand attack surfaces, and do what defenders have not considered. Besides breaching systems, Kirk loves sharing his knowledge with the community and helping enhance organizations’ security posture.
- ics Calendar file
Terraform is a leading Infrastructure as Code (IaC) solution. It empowers developers to create custom providers for provisioning a wide array of infrastructure resources. Terraform provider functions as binary files on the server and interacts with terraform binary through RPC communication during terraform run. These providers, running as binary files on the Terraform server, enable developers to build custom functions that could be exploited to gain unauthorised access, potentially compromising the Terraform server, and exposing sensitive credentials and data.
In this talk, we'll explore the inner workings of custom provider modules and how their functions can be leveraged to exploit vulnerabilities in Terraform Enterprise. We will also cover developing a custom provider and utilities the same for gaining access to the terraform server extracting the cloud credentials. We will also present various architectural solutions around TFE and best practices for minimising these attack vectors. Furthermore, the session will provide actionable steps for assessing the security posture of custom providers to ensure a robust defence.
Speakers:Alex Foley,RupaliAlex Foley is a broadly experienced information technology and security professional with over 25 years of experience planning, managing, implementing, securing, supporting, and scaling diverse technology platforms and teams. He is currently the founder of Axl.net security and serves as Vciso to over 100 Plus startups focusing on cloud security posture management , architecture review and Compliance standards. Over the course of his career, he's had the opportunity to wear many hats and do "all the things" within product development and operations. This broad experience has enabled Alex to bring this depth of understanding to the CISO role for multiple organizations.
SpeakerBio: RupaliRupali brings over 8 years of cybersecurity experience, specializing in penetration testing and red teaming. Currently a Lead Security Architect at Axl.net security, she oversees cloud security and penetration testing engagements. Her credentials include notable certifications like OSCP, OSWE, AWS Security Specialist, and GCPN. She has presented at prominent conferences like Black Hat Asia, DevSecCon, and CoCon.
- ics Calendar file
As the landscape of industrial control systems (ICS) evolves, the security vulnerabilities inherent in these systems have become increasingly important. In response to this escalating situation, in this paper, we present the development of a virtualized cybersecurity research testbed tailored for these environments. Addressing the challenge of limited access to proprietary OT network data for research purposes, our this talk proposes a comprehensive framework for simulating industrial environments, aiming to facilitate the development and testing of cybersecurity solutions by providing functionalities for network traffic logging, attack impact simulation, generation of labeled multivariate time series sensor datasets, among others, bridging the gap between theoretical research and practical application needs, especially in situations of low data availability and data-driven cybersecurity research.
Speakers:Borja Pintos Castro,Camilo Piñón BlancoBorja Pintos-Castro is passionate about cybersecurity, he spends the day reading and tinkering. He obtained a degree in Computer Engineering from the University of A Coruña. He also has a Master of Computer Security by the International University of La Rioja. Now, he is a researcher at Gradiant in the Security and Privacy Area and specifically in Cybersecurity industry 4.0 projects. Currently, he manages some industrial security projects, specifically analyzing network traffic and using honeypots to detect threats and attacks. He has the certification OSCP (PEN-200) from Offensive Security.
SpeakerBio: Camilo Piñón BlancoCamilo Piñón-Blanco graduated in Telecommunication Technologies Engineering (2021) and Master in Telecommunication Engineering (2023) from the University of Vigo, both specializing in Telematics Engineering. He did his Bachelor’s Thesis with GRADIANT, focused on detection of cyber-attacks in industrial networks with Machine Learning techniques. He has worked at the atlanTTic research center as a researcher, dealing with natural language processing and text data analysis. In 2022 he re-joined the GRADIANT as an Engineer-Researcher in Security and Privacy, within the Privacy & Security Analytics line, where he has done his Master's Thesis on anomaly detection in time series through UEBA and LSTM neural networks. His main lines of work are applied machine learning, data analysis and software development.
- ics Calendar file
Join us for an immersive workshop designed for beginners and professionals looking to enhance their Open Source Intelligence (OSINT) skills. This workshop provides a technical guide to uncovering hidden connections and expanding investigative horizons using advanced OSINT techniques and tools. Participants will gain hands-on experience with leading OSINT tools, learn how to identify pivotal data points, and practice real-world pivoting strategies through interactive exercises and case studies.
This workshop is ideal for those seeking to refine their investigative methodologies and leverage cutting-edge OSINT practices for more effective and efficient investigations.
Topics: - OSINT Introduction and Walkthrough - Common tools and platforms - Data Sources - Understanding Pivoting - Identifying Pivot Points - Techniques and Tools - Data Correlation - Automation and Scripting - Case Study - Integrating OSINT with other Intel - Ethical and Legal Considerations
Skill Level: Beginner to Intermediate
SpeakerBio: Ram Ganesh
- ics Calendar file
The Bug Hunter's Methodology (TBHM) is a series of talks done by Jason exposing new advents in tools, tactics, and procedures used in web pentesting, bug bounty, and red teaming. In this talk, Jason will explore the mindset of approaching a hardened web target and how he breaks up finding vulnerabilities across its' stack. Many talks can teach you how to exploit a certain vulnerability, less can teach you how to find out where they are in complex pieces of software. TBHM also covers Jason's personal tips/tricks in the areas of automation, content discovery, javascript analysis, spidering, parameter analysis, functionality """"heatmapping"""", and more. The DEF CON edition will not be recorded and will release some free cutting edge content usually only available in Jasons live courses!
SpeakerBio: Jason Haddix, Arcanum SecurityJason Haddix, leads as CEO and “Hacker in Charge” of Arcanum Information Security, a premier firm specializing in assessments and training. Currently, he is the Field CISO for Flare.io and a Strategic Advisor to Bugcrowd. With a distinguished 20-year tenure in cybersecurity, Jason has previously held notable positions such as CISO at Ubisoft, Head of Trust at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has expertise across nearly all cybersecurity domains and is ranked 57th all-time on Bugcrowd’s bug bounty leaderboards.
- ics Calendar file
Adversarial AI has come a long way since its resurgence ten years ago. In this talk, we discuss how the landscape of attacks and defenses has shifted in recent years as a result of DARPA’s program on Guaranteeing AI Robustness against Deception (GARD) as well as the rise of LLMs.
SpeakerBio: Alvaro Velasquez, GARD Program Manager at DARPA Information Innovation OfficeDr. Alvaro Velasquez joined DARPA in August of 2022 as a program manager focused on artificial intelligence. His current research interests are at the intersection of formal language theory and machine learning for sequential decision-making. He holds an interdisciplinary research record of more than 50 publications, including work in the areas of artificial intelligence, combinatorial optimization, and logic and circuit design.
- ics Calendar file
What would someone know about you if they had all of the credentials saved on your computer? More importantly what would you know about the world if you had 60 million random samples of all of the credentials saved on the' computers of others? Join Eric Clay and Nick Ascoli as they dive into the fascinating world of stealer logs. Nick & Eric have spent more than 6 months examining the world's most comprehensive stealer log data set to understand.... well everything. What can you learn from the credentials on a terrorists computer? What about a U.S. adversaries intelligence service or a ransomware group? And who actually killed JFK? Ok well maybe we haven't figured that one out yet. Nick and Eric will go deep and examine one of the most interesting data sets for intelligence since the advent of writing while maintaining a healthy sense of humor and more than a little fear of Polonium poisoning.
Speakers:Eric Clay,Nick AscoliEric is a cybersecurity speaker and researcher with 8+ years in the field and 2+ years focused on cybercrime. Eric began his career as a GRC analyst before pivoting into network security data analysis and then Threat Intelligence. Eric now co-leads Flare's threat intelligence research team in addition to leading the marketing team.
SpeakerBio: Nick AscoliNick Ascoli is an experienced threat researcher who is recognized for his expertise in data leaks, reconnaissance, and detection engineering. Nick is an active member of the cybersecurity community contributing to open-source projects, regularly appearing on podcasts (Cyberwire, Simply Cyber, etc.) and speaking at conferences (GrrCON, B-Sides, DEFCON Villages, SANS, etc.)
- ics Calendar file
Bug bounty is an intricate game between the bug hunter, the clients, and the intermediary.
Like any game, it can be hacked. Like some games, it can be unfair.
Join Jason as he walks you through the darker secrets of bug bounty , tips and tricks to address them, and in some cases, commiserate that there are just bad realities to the game.
Jason will address the problems hardly talked about in the system, from a hacker, program owner, and platform runner.
SpeakerBio: Jason Haddix, Arcanum SecurityJason Haddix, leads as CEO and “Hacker in Charge” of Arcanum Information Security, a premier firm specializing in assessments and training. Currently, he is the Field CISO for Flare.io and a Strategic Advisor to Bugcrowd. With a distinguished 20-year tenure in cybersecurity, Jason has previously held notable positions such as CISO at Ubisoft, Head of Trust at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has expertise across nearly all cybersecurity domains and is ranked 57th all-time on Bugcrowd’s bug bounty leaderboards.
- ics Calendar file
In the era of innovation and growth, technology and evolving landscape of cloud services, hybrid environments has become crucial for running smooth business operations. Integration between Cloud and On-Premise environments has helped organizations to build a bridge to fill the gap and increased flexibility, scalability, and agility in these digital world. This presentation delves into the complexities of various Azure offerings, investigating how malicious actors can exploit them to breach on-prem server.
We initiate our talk with a robust device management solution, demonstrating how attackers can enlist devices and manipulate certain functionalities to execute commands, which give complete access to Employee's Devices. Transitioning to another Azure feature, we dissect a connectivity option that enables PowerShell Remoting, effectively bridging the gap between Azure and on-premises servers.
Our exploration extends to Hybrid Workers which can be utilized to execute commands on on-premises servers, providing attackers with a stealthy pathway and can also be misused for persistence. We then examine Azure Arc and its Custom Script Extension, illustrating how it can be leveraged to execute commands within on-premises environments from the cloud.
The talk extends to the realm of Azure DevOps, where we shed light on abuse use case associated with custom agents being used for pipeline operations, granting unauthorized entry to on-prem resources. And finally, attention is drawn to the exploitation of web-based vulnerabilities, such as Remote Code Execution (RCE), to establish a foothold in on-prem networks which leverages Azure services for hosting on-prem applications.
Speakers:Chirag Savla,Raunak Parmar
- ics Calendar file
The Illuminati Party is excited to open our doors once again to all those who wish to join us at DEF CON for an OPEN party welcoming all of our Hacker Family! Follow us on X (Twitter: @IlluminatiParty)
- ics Calendar file
The Metasploit Framework released version 6.4 earlier this year, including multiple improvements to Kerberos-related attack workflows. The latest changes added support for forging diamond and sapphire tickets, as well as dumping tickets from compromised hosts. Metasploit users can now exploit unconstrained delegation in Active Directory environments for privilege escalation as well as use pass-the-ticket authentication for the Windows secrets dump module. These new Kerberos improvements increase the ways in which tickets can be forged, gathered, as well as used. Additionally, Metasploit has added support for new protocol based sessions, allowing users to interact with targets without uploading payloads, thus increasing their evasive capabilities. These new sessions can be established to database, SMB and LDAP servers. Once opened, they enable users to interact and run post modules with them, all without running a payload on the remote host. Finally, version 6.4 includes a complete overhaul of how Metasploit handles its own DNS queries. These improvements ensure that users pivoting their traffic over compromised hosts are not leaking their queries and offer a high degree of control over how queries should be resolved. This demonstration will cover these latest improvements and show how the changes can be combined for new, streamlined attack workflows using the latest Metasploit release.
Speakers:Jack Heysel,Spencer McIntyreJack Heysel is a Senior Security Researcher at Rapid7, where he contributes to and helps maintain the Metasploit Framework. Jack started at Rapid7 in 2016 working on their vulnerability management solution. He transitioned to the Metasploit team in 2021 and has been happily writing and reviewing exploits ever since. While AFK, Jack enjoys exploring the mountains and outdoors that surround his home.
SpeakerBio: Spencer McIntyre, Security Research Manager at Rapid7Spencer McIntyre is a Security Research Manager at Rapid7, where he works on the Metasploit Framework. He has been contributing to Metasploit since 2010, a committer since 2014, and a core team member at Rapid7 since 2019. Previously, Spencer worked at a consulting firm working with clients from various industries, including healthcare, energy, and manufacturing. He is an avid open-source contributor and comic book reader.
- ics Calendar file
There is some debate as to how SBOMs can enhance vulnerability management practices, and some believe that collecting SBOMs from internal teams or suppliers is too difficult and time-consuming. Learn how Schneider Electric has collected thousands of our product SBOMs and how we are leveraging the SBOMs as part of our corporate product CERT to quickly analyze and focus our attention when time is of importance. This presentation describes how we modified our policies and processes to collect, generate, and store thousands of SBOMs. You will hear how we have leveraged SBOMs during the Log4j and OpenSSL vulnerability events. Then we will conclude with key learnings, suggestions, and opportunities for improvement.
SpeakerBio: Cassie Crossley, Vice President, Supply Chain Security, Cybersecurity & Product Security Office at Schneider ElectricCassie Crossley, Vice President, Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of "Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware." She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy. Ms. Crossley has designed frameworks and operating models for end-to-end security in software development lifecycles, third party risk management, cybersecurity governance, and cybersecurity initiatives. She has an M.B.A. from California State University, Fresno, and her Bachelor of Science degree in Technical and Professional Communication with a specialization in Computer Science.
- ics Calendar file
Biological warfare is a phenomenon that spans human history, tracing its roots to ancient times rather than being a recent invention. To gain insights into bioweapons' current and future landscape, it is imperative to delve into historical examples of conventional biological warfare and understand how methods were devised and implemented.
However, amidst the exploration of historical precedents, it becomes evident that our optimism for the future hinges significantly on our ability to foster transparency and creativity within the global community. This optimism is intertwined with our comprehension of technological advancements, the rapid pace of innovation, the interconnectedness of various domains, and the imperative task of constructing practical defenses against emerging threats. It is crucial to acknowledge that despite the sophistication of technology, its efficacy remains intricately linked to human ingenuity. As a poignant reminder, our vulnerability lies in technological shortcomings and our collective failure of imagination. Creativity, a distinctly human attribute, stands as the cornerstone in the perpetual endeavor to safeguard against unforeseen adversities.
Furthermore, the discourse extends to establishing social norms and mores that are pivotal in shaping attitudes toward biological warfare. Addressing the proliferation of disinformation and its potential to fuel the proliferation and utilization of bioweapons becomes imperative. This discussion encompasses an exploration of prospective research endeavors and emerging initiatives leveraging artificial intelligence (AI) in the realm of bioweaponry. Notably, the utility of Generative AI in affecting societal shifts toward the normalization of bioweapon deployment warrants scrutiny. Additionally, the current societal landscape, particularly the desensitization of internet denizens to overt hostile actions, poses profound implications for the future trajectory of biological warfare.
In essence, a comprehensive understanding of historical precedents, coupled with a proactive approach towards fostering transparency, creativity, and the cultivation of robust societal norms, is indispensable in navigating the complexities of bioweapon proliferation. As we confront the intricate interplay between technological advancements and human agency, it is imperative to remain vigilant and resolute in our pursuit of a future safeguarded against the malevolent exploitation of biological agents.
Speakers:Lucas Potter,Meow-Ludo Disco Gamma Meow-Meow ,Xavier PalmerLucas has been an engineer with BiosView, specifically focusing on BioCyberSecurity, for the past five years. Previous efforts have resulted in 14 academic journal articles and 22 conference articles.
SpeakerBio: Meow-Ludo Disco Gamma Meow-MeowMeow-Ludo is an Australian biohacker, serial political candidate, and general provocateur. He is interested in transdisciplinary technological systems and how they can be used and abused. He is perhaps most well known for taking the government to court over his right to use an implanted travel-pass, and through doing so opened up a conversation around the rights that individuals have over the technology they use that extended around the world. He is currently working on life extension gene therapy design and assisting with psilocybin therapies for depression.
SpeakerBio: Xavier PalmerXavier comes from multiple disciplines and is also part of the virtual lab, BiosView. He is fond of promoting positive and creative projects with non-traditional students that foster curiosity and conversation around technologies that interface with all aspects of biology.
- ics Calendar file
We’ve been talking about the gap in ICS cybersecurity features and functions for over a decade, but it seems like we’re always confronting the same set of challenges. Despite all the progress in products, systems, regulations and oversight it feels like we’re caught in an endless loop of vulnerabilities. The problem isn’t in a lack of effort on anyone’s behalf: it’s in the fundamental market forces that drive the critical infrastructure investments we depend on. This presentation looks at these forces and shows how to work with them rather than agains them, no matter what your mission might be.
SpeakerBio: Kyle McMillan
- ics Calendar file
The Pwnies are an annual awards ceremony celebrating and making fun of the achievements and failures of security researchers and the wider security community. Every year, members of the infosec community nominate the best research and exploits they’ve seen. The Pwnie Award nominations are judged by a panel of respected security researchers and former pwnie award recipients – the closest to a jury of peers a hacker is likely to ever get. At this event DEF CON attendees will get a first person look at some of the most groundbreaking research and hacks in the cyber security community of the past year, and the winners get some well deserved recognition from the broader community for the great work they’ve done.
- ics Calendar file
Join us for another round of our Oxford Union-style debates @ DEF CON! Chaired by Bob Gourley, we’re extremely excited to bring you two debates this year - one on Quantum Ethics, and another on the Quantum Skills gap, feat. some of our most excellent speakers including Bruna Shinohara de Mendonça, Joan Arrow of the Quantum Ethics Project, and more!
Speakers:Bob Gourley,Bruna Shinohara de Mendonça,Joan ArrowBruna Shinohara is a Staff Scientist specialized in Quantum Technologies from Brazil, currently working at CMC Microsystems, Canada. She holds a PhD in Physics, focusing on Condensed Matter Theory and Quantum Computation. She is also engaged in science outreach and advocates for democratizing access to information.
SpeakerBio: Joan Arrow
- ics Calendar file
For the past 20+ years binary exploitation has been seen as the ultimate challenge and prize, when exploiting large applications and operating systems. During this period, the question of "How much longer will we be able to do this?" has been asked countless times, and with good reason. Memory safety and corruption issues with low-level languages have been an enormous challenge for OS and application developers. There are certainly efforts to move to "safer" languages such as Rust, but those languages need to mature a bit longer before they're able to stand up to the capabilities of a language like C++.
Thanks to exploit mitigations and memory protections, a large number of these vulnerabilities are not exploitable. There are the mature mitigations, such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR), and then newer ones such as Control-flow Enforcement Technology (CET) and Virtualization Based Security (VBS). A large number of these mitigations are not enabled by default on the Windows OS, due to the fact that many need to be tested to ensure they do not break production applications. In this presentation, we will take a technical dive into the state of binary exploitation and the effectiveness of the many available mitigations, by looking at the way they're enforced.
SpeakerBio: Stephen Sims, Fellow Instructor at SANS InstituteStephen Sims is an experienced vulnerability researcher and exploit developer, having discovered and privately disclosed many vulnerabilities affecting well-known browsers and OS kernels. He is co-author of the popular Gray Hat Hacking book series through McGraw-Hill, now in its 6th edition. He is a Fellow Instructor with the SANS Institute and author of some of their most advanced content covering exploit development and other offensive operations and security related topics. Stephen also runs the Off By One Security channel on YouTube, where he teaches offensive-related material, bringing on a wide variety of experts on to provide free training to the community.
- ics Calendar file
Jonathan Bar Or ("JBO") is a Principal Security Researcher at Microsoft, working as the Microsoft Defender research architect for cross-platform. Jonathan has rich experience in vulnerability research, exploitation, cryptoanalysis, and offensive security in general.
- ics Calendar file
An ex-employee's work laptop, a secret hardware prototype, the company backup server, and classified government computers. What do these things have in common? They should never end up on the public market. Ask any IT department and they'll tell you that "it happens", but how serious is the problem and what's really at stake? This talk explores the interesting journey of a research project to learn the surprising answers to these questions.
Along the way we'll scrape over 150 million images from online listings in Western and Eastern second hand markets, hack together an OCR cluster out of old iPhones, reverse engineer well-obfuscated Chinese apps, and converse with secretive underground groups of collectors.
SpeakerBio: Matthew "mandatory" Bryant, Red Team Lead at Snapchatmandatory (Mathew Bryant) is a passionate hacker currently leading the red team effort at Snapchat. In his personal time he’s published a variety of tools such as XSS Hunter, CursedChrome, and tarnish. His security research has been recognized in publications such as Forbes, The Washington Post, CBS News, Techcrunch, and The Huffington Post. He has previously presented at DEF CON, Blackhat, RSA, Kiwicon, Derbycon, and Grrcon. Previous gigs include Google, Uber, and Bishop Fox.
- ics Calendar file
How the Deepfake & Synthetic Media Framework (DSMAF) can be applied to an election context to more effectively differentiate deceptive from legitimate content and to better understand the nature of the threats posed by deceptive online content (both deepfakes and non-deepfakes). This will include a demonstration of the 2024 U.S. Presidential Election Deepfake Threat Tracker and a tutorial for how to effectively use this resource.
SpeakerBio: Dr. Matthew CanhamDr. Matthew Canham, Co-founder of Psyber Labs and is currently the Director of Human- Machine Psychology. Dr. Canham is a former Supervisory Special Agent with the Federal
Bureau of Investigation (FBI), he has a combined twenty-one years of experience in conducting human-technology and security research. He currently holds an affiliated faculty appointment with George Mason University, where his research focuses on the cognitive factors in synthetic media social engineering and online influence campaigns. He has provided synthetic media and deepfake threat awareness training to NASA (Kennedy Space Center), DARPA, MIT, US Army DevCom, the NATO Cognitive Warfare Working Group, the Misinformation Village at DefCon, and the BSidesLV and Black Hat USA security conferences.
- ics Calendar file
The Transparency Algorithm (TTA): AI's Answer to Legal Equality is a groundbreaking initiative to dismantle the deep-rooted biases and systemic disparities that have plagued the American legal system for far too long. This revolutionary effort leverages the unparalleled power of artificial intelligence (AI) and machine learning (ML) to shine a glaring light on the injustices that have condemned generations of marginalized communities to a cycle of inequity and despair.Imagine a justice system where your fate is determined not by the content of your character but by the color of your skin, your gender, or your socioeconomic status. This is the grim reality that TTA seeks to eradicate. TTA meticulously analyzes public court case data to expose the hidden biases and discriminatory practices perpetuating injustice. This initiative doesn't just aim to reform; it seeks to revolutionize the very foundation of our legal system, bringing about the transparency and accountability that have long been overdue. At its core, TTA is a powerful tool for democratizing access to justice. Empowering citizens with data-driven insights provides a platform for informed public discourse and advocacy for systemic reform. The time for change is now, and TTA is the catalyst we need to forge a path towards a truly equitable legal landscape.
SpeakerBio: Aquarious Workman, Security Architect & ResearcherAquarious Workman has over 15 years’ experience through both military and civilian service. He began his IT career at the age of 13 assisting companies with executable security protecting application from attacks such as DLL injection and reading/writing ASM via C to be injected to manually fix unique attack vectors. He served in the United States marine corps from 2012-2017 and has held roles from Analyst to VP throughout his career. He has created many Cybersecurity programs from scratch for major corporations. He is currently the Colorado Ambassador for Blacks in Cyber (BIC), the fastest growing and national organization mentioned and referenced at President Bidens Cyber Symposium on March 2023.
- ics Calendar file
Wednesday August 7th Registration usually opens at 11am
OFFSITE: Pro Gun Vegas Address: 12801 US 95 South Boulder City, NV 89005
- ics Calendar file
This presentation will be a combination of history lesson, technical introduction, and some demonstration. The target audience are those who may never had a chance to experience early microcomputers but want to get an introduction to the world of “retro computing.
Today everyone's laptop or smartphone either run an Intel, AMD, or ARM processor. And most probably can't tell you exactly what they have or know any details of them. It’s all a black box to most. But back in the 70s and 80s, computer hobbyists & hackers knew they had a Z80, 6502, 6809, 68000 or other processor, and often knew the details and could and did program them in assembly. But while the industry has moved past the Apple II, Atari 400/800/XL/XE, Commodore 64 et al, there are still many who continue to use and enjoy these computers. Even to build and create new and exciting items for them as well as brand new systems using this old tech.
In this presentation, we will delve into microprocessor history of the 8-bit and early 16-bit systems, with a particular focus on the MOS 6502, one of the most popular microprocessors. We will touch a little on the systems that used the 6502, and take a quick look into how to program the 6502, even showing a couple of 6502-based systems. Importantly for many, we will delve into some of the resources available for those wishing to enter this world also.
SpeakerBio: Michael Brown, Security and Compliance Director at FRG SystemsMichael Brown is an information security professional and leader with years of experience in IT and information security/cybersecurity. While a security consultant advisor, he worked with clients in the healthcare, financial, manufacturing, and other sectors to assess their security programs and work with them to improve and mature their security posture. He is now Security and Compliance Director for FRG Systems, ensuring their HITRUST and SOC compliance. He is experienced with a variety of security regulations, frameworks, and standards. A seasoned speaker and presenter, he has presented at SFISSA, BSides Tampa, St Pete, and Orlando, HackMiamiCon, and ISSA International. He is an ISSA Fellow and Secretary and past president of the South Florida Chapter of ISSA and is a member of ISACA, ISC2, Infragard, and IAPP.
My first video game system was the Atari 2600, my first computer was an Atari 800XL, and second was an Atari 1040STfm. Which I still have.
- ics Calendar file
TheAllCommander is an open-source tool which offers red teams and blue teams a framework to rapidly prototype and model malware communications, as well as associated client-side indicators of compromise. The framework provides a structured, documented, and object-oriented API for both the client and server, allowing anyone to quickly implement a novel communications protocol between a simulated malware daemon and its command and control server. For Blue Teamers, this allows rapid modeling of emerging threats and comprehensive testing in a controlled manner to develop reliable detection models. For Red Teamers, this framework allows rapid iteration and development of new protocols and communications schemes with an easy to use Python interface. The framework has many tools or techniques used by red teams built in to allow out-of-the-box modeling, including emulated client browser HTTPS traffic Remote Desktop tunneling, and UAC bypass.
SpeakerBio: Matthew Handy, NASAMatt Handy completed his BS in Computer Science at the University of Maryland, College Park (UMD) in 2010, and MS in CyberSecurity at Johns Hopkins in 2014. He has worked for NASA's Goddard Space Flight Center doing satellite ground systems development since 2009. He has specialized in secure software systems development and has helped to develop several missions over the course of his career. In his off time, he enjoys doing independent security research and creating tools like TheAllCommander to help make a more secure cyber world.
- ics Calendar file
Much is said about QKD and its benefits and drawbacks. Even more is said about how it is, and we quote, ‘UNHACKABLE’!! We know that it is definitely susceptible to hacks, and want to invite all hackers to an open session where we will discuss attacks against QKD, both classical and quantum, and as a group start constructing a threat model that describes this technology. We will all benefit when more of us understand the real details and contexts about it! HAQ THE PLANET!
- ics Calendar file
In this 50-minute session, we will explore the critical role of Global Navigation Satellite Systems (GNSS) and the escalating cyber threats they face. GNSS technologies such as GPS, GLONASS, Galileo, and BeiDou are indispensable for providing precise positioning, navigation, and timing services across various sectors. However, these systems are increasingly vulnerable to cyber attacks. Join us to uncover disruptive techniques that threaten essential services in transportation, utilities, public safety, and finance. Don't miss the fascinating real-life case studies we'll discuss, highlighting strategies to defend against these threats.
SpeakerBio: Isabel Manjarrez, Threat Researcher (GReAT)I am currently part of the Global Research and Analysis team (GReAT). My activities include investigating the most active threat actors, tracking their movements and analyzing new implemented techniques. With bases in telecommunications and electronics, today I have more than five years of experience performing threat intelligence tasks.
Actualmente soy parte del equipo de Global de Investigación y Análisis (GReAT). Mis actividades incluyen investigar a los actores de amenaza más activos, seguir sus movimientos y analizar nuevas técnicas implementadas. Con bases en telecomunicaciones y electrónica, hoy cuento con más de cinco años de experiencia realizando tareas de inteligencia de amenazas.
- ics Calendar file
What is this Threat Hunting stuff all about? Isn't "hunting" just a cooler-sounding word for Incident Response? Why are so many new jobs opening up with Threat Hunting in the title, and how do you get the experience to land one of those jobs? Should SOC Analysts always be hunting, or is that "someone else's job?" How does CTI connect to hunting? If you have any of these questions burning in your mind, you have to come to this panel! We've got a fun and mostly sane panel of people who have different perspectives to share, and we want to hear from you, too!
Our panel of Threat Hunting practitioners will take spicy topics from our amazing moderator and the audience on topics ranging from how to thrunt to real life stories of the good, the bad and the ugly. Do you have strong opinions about whether you should call it Thrunting or DEATH? We'll ask the audience some questions, too, and you might even win a prize for your spicy take!
Speakers:Joe Slowik,Randy Pargman,Sydney Marrone,th3CyF0x,Ryan ChapmanJoe Slowik has over 15 years of experience across multiple cyber domains and problem sets. Currently Joe leads CTI functions for the MITRE ATT&CK project while also conducting critical infrastructure threat research and analysis. Previously Joe has worked in multiple roles spanning CTI, detection engineering, and threat hunting at organizations such as Dragos, Huntress, DomainTools, and Gigamon. Joe started his infosec journey with the US Navy and at Los Alamos National Laboratory.
SpeakerBio: Randy PargmanI love helping people solve problems, especially when I get to use technology. I've been in love with programming since my grandma taught me BASIC, and if you like talking about coding, dogs, pizza, camping, or beer, I'd love to get to meet you. I especially enjoy threat hunting on endpoints, network, and email. The job I get paid for is Threat Detection at Proofpoint. In my spare time as a volunteer, I am an analyst with The DFIR Report, and I am one of the founders/organizers of DEATHCon.
SpeakerBio: Sydney MarroneSydney Marrone is a Principal Thrunter at Splunk. She loves all things purple, treat hunting, and pop punk.
SpeakerBio: th3CyF0xCo-Founder of DEATHCON. 12+ years of incident response, threat hunting and threat research
SpeakerBio: Ryan ChapmanRyan Chapman is the author of SANS’ “FOR528: Ransomware and Cyber Extortion” course, teaches SANS’ “FOR610: Reverse Engineering Malware” course, works as a threat hunter @ $dayJob, and is an author for Pluralsight. Ryan has a passion for life-long learning, loves to teach people about ransomware-related attacks, and enjoys pulling apart malware.
- ics Calendar file
Want to protect your noggin from Taylor Swift's PsyOps plot for global domination? Have you angered our new AI Overlords, and now need to hide? Or do those alien mind control rays just have you feeling down lately? Fear not, for we here at the Tin Foil Hat Contest have your back for all of these! Come find us in the contest area, and we'll have you build a tin foil hat which is guaranteed to provide top quality protection for your cerebellum . How you ask? SCIENCE!
Show us your skills by building a tin foil hat to shield your subversive thoughts, then test it out for effectiveness.
There are 2 categories: stock and unlimited. The hat in each category that causes the most signal attenuation will receive the "Substance" award for that category. We all know that hacker culture is all about looking good though, so a single winner will be selected for "Style". We provide all contestants a meter of foil, but you're welcome to acquire and use as much as you want from other sources.
- ics Calendar file
Unleash your creativity at the Tool Makers Hackathon, where innovation meets functionality. Collaborate with fellow hackers to design and build groundbreaking tools that push the boundaries of cybersecurity. Whether you're a seasoned pro or a budding developer, this is your chance to showcase your skills, learn from the best, and create something truly unique.
- ics Calendar file
Yo! I'm Justin Gardner - a full-time bug bounty hunter out of Richmond, VA. I also host the Critical Thinking - Bug Bounty Podcast and advise for Caido - the latest and greatest HTTP proxy.
I'm an active member of the HackerOne live hacking event circuit (the medium through which I do most of my bug bounties) and have placed top 5 in most of the live hacking events I've attended for the past couple years. Web hacking is my sh*t, but I love all types of hacking.
Outside of hacking, I love volleyball, I love Jesus, and I love startups. Those, with a healthy dose of family and friends, keep all my free time on lock.
- ics Calendar file
Years ago, when I started working at the NSA, I said to myself, now I can see what’s really happening and what needs to be done to address our adversaries and put an end to cybercrime. Well, I was sure wrong. I worked in a few different offices and participated in hundreds of operations, only to find frustration time and time again. What happened? What was it that we just couldn’t put our finger on? Yes, we were successful in addressing criminal activity. Yes, we could successfully negotiate the contested cyberspace domain. But adversarial activity kept popping up on our radar. It was Whack-A-Mole 2.0.
Was it the technologies we used? No, we had state-of-the-art capabilities. Was there a lack of technical training amongst operators? No, again, taxpayers coughed up plenty, and they got their money’s worth. I concluded that it was strategy; it was philosophy. Sure, we had all the technical capabilities in the world, but we were using everything wrong.
I was in the Information Warfare Support Center. We were supposed to know what to do and how to do it! So, I started studying not only traditional but contemporary philosophy as well. I gained access to curricula in China, Russia, and the USA. This presentation informs the attendees of the adversarial philosophy taught in the military academies in China and Russia, which is taken from their curricula and papers published in various journals and practice today.
SpeakerBio: Gregory Carpenter, CSO at KnowledgeBridge InternationalGregory Carpenter is the CSO of KnowledgeBridge International, a Fellow of the Royal Society for the Arts, and the National Security Agency’s Operations Officer of the Year. He serves on the Board of Directors for ATNA Systems, is a Senior Advisor for ARIC, Inc., and is a Special Operations Medical Association and Military Cyber Professionals Association member. He is a former member of the Board of Advisors for EC-Council University and the International Board of Advisors for the Mackenzie Institute.
He has held various senior military and civilian positions, including COO, VP for Cyber Operations, Chief of Security Testing, Counterintelligence Division Chief, Chief of Special Space Operations, and Functional Team Lead for Electronic Warfare. He has been an epidemiological primary investigator.
Gregory is a retired army officer of 27 years, he holds a Doctorate in Public Health. He is a Certified Information Security Manager, Lean Six-Sigma Black Belt, and ISO-9000 lead auditor.
- ics Calendar file
Tracking of Wifi devices is a common requirement in the cybersecurity world from tracking rogue devices to locating bad actors. This presentation will cover a novel technique of combining passive scanning techniques with active scanning using intended behaviors within the 802.11 protocol. Passive scanning is available through software in suites such as Kali, or in tools like a Pineapple, with the disadvantage of being only as fast as the target is willing to send packets. Active scanning has been traditionally relegated to only devices attached to the same Access Point or other, expensive gadgets while gaining the advantage of eliciting responses on command. Using a technique based on Wifi-Polite packets, cheap ESP32s can be leveraged to gain the advantages of active scanning without the requirement of being connected to the same Access Point. The software code operating this powerful combination of active and passive scanning on an inexpensive platform will be publicly released. Attendees will have a clear understanding of the technology, be given the knowledge and code to implement it themselves, and understand the future implications of using devices like this in a cooperative mesh to track targets in real time.
SpeakerBio: Mikey AwbreyHaving worked for years as an engineer across multiple industries, such as satellite, radar, and UAV, Mikey has a unique, systems based approach to his work. This has lead to a number of critical zero days, and novel applications of hacking techniques. His most recent years have been working as a penetration tester for government and commercial clients alike.
- ics Calendar file
The continuous adoption of emerging technological trends like Mobile, IoT, Cloud, Blockchains, and now GenAI has transformed application security from simple threat modeling and SAST/DAST scans to comprehensive proactive prevention and real-time detection of security anomalies. This panel will discuss the dynamic nature of AppSec as the lines between traditional infrastructure and cloud environments blur. We will explore the importance of maintaining a comprehensive security posture within 'everything as code' ecosystems, emphasizing proper configuration and secret management to secure infrastructure effectively.
Speakers:Kunal Bhattacharya,Sara Attarzadeh,Shahar Man,Trupti ShiralkarA Security Leader, Organization builder and mentor who helps organizations build robust Cyber defense and detection capabilities. I do this by building Secure SDL processes and machination encapsulating Shiftleft strategy, SecDevOps, Cloud and Penetration testing. My prior experience in all phases of Application development, System and database administration and Quality engineering helps me in building lasting relationships with peers in engineering and product organizations and working towards shared security goals.
SpeakerBio: Sara AttarzadehTBA
SpeakerBio: Shahar ManPassionate about building and leading teams, I have successfully grown Engineering and Product teams from scratch, leveraging Agile methodologies. My focus lies in Application and Cloud Security, advocating for context-driven AppSec decisions.
SpeakerBio: Trupti ShiralkarTrupti has 18 years of diverse experience, leading security and privacy initiatives in Fortune 500 companies and dynamic startups. Currently she is exploring data security and privacy space as part of her stealth mode startup “TrueNil”. Her journey is marked by cultivating high-performing teams, pioneering product security and privacy engineering strategies, and instilling a progressive mindset. A seasoned public speaker and product security leader, she passionately imparts her insights to drive positive security impacts and mitigate organizational risks. Notably, she holds a patent for a secure and anonymous electronic polling solution.
- ics Calendar file
Trolls cheating in video games by passing Tool-Assisted Speedruns off as human effort break leaderboards and stifle speedrunners. Why do they do it when they could make a cool game hack or TAS to show off their work, and how do you trap these trolls? The answer is to use their own tools against them, often with popcorn bucket worthy results like taking down Guinness World Records. From a TASVideos member taking on 1980's Dragster cheat Todd Rogers, a passing mention of Billy Mitchell, and the TASBot team investigating Super Mario Maker shenanigans, this talk covers several notable cheating incidents and concludes with a systematic takedown of a troll that chilled the Diablo speedrunning community for more than a decade.
This talk includes several investigations I have been a part of in some capacity and will ultimately include additional references in the coming months; I've broken the references out by game, presented in Markdown format like the rest of this document:
dwangoAC (Allan Cecil) is the founder and leader of the TASBot online community and Senior Ambassador on staff of TASVideos.org. He is a published journal author, patent holder, and unflappable presenter with talks at DEF CON, GeekPwn, Thotcon, May Contain Hackers, and other hacker conferences. dwangoAC uses his combined hacking interests for good at charity events like Games Done Quick to entertain viewers with never-before-seen glitches in games, with event content he's led raising more than $1.5m for various charities.
- ics Calendar file
We all heard this story before - a critical vulnerability is discovered in a VPN server. It's exploited in the wild. Administrators rush to patch. Panic spreads across Twitter.
Attackers have long sought to exploit VPN servers - they are accessible from the internet, expose a rich attack surface, and often lack in security and monitoring. Historically, VPNs were primarily abused to achieve a single objective: gaining entry into internal victim networks. While this is evidently very valuable, control over a VPN server shouldn't solely be seen as a gateway to the network, and can certainly be abused in various other ways.
In this talk, we will explore VPN post-exploitation - a new approach that consists of different techniques attackers can employ on the compromised VPN server to further progress their intrusion. To demonstrate this concept, we will inspect two of the most common VPN servers on the market - Ivanti Connect Secure and Fortigate, and show how an attacker with control over them can collect user credentials, move laterally, and maintain persistent access to the network.
We will conclude by detailing best practices and principles that should be followed by security teams when using VPN servers to reduce the risk from post-exploitation techniques.
SpeakerBio: Ori David
- ics Calendar file
In an era where cyber threats evolve at breakneck speed, the ability to respond swiftly and effectively has never been more critical. Join us for "Under the Hood: Incident Response at High Speed," where we'll delve into the high-stakes world of incident response and explore how teams are adapting to the relentless pace of modern threats. Discover the innovative ways AI and machine learning are transforming our defensive strategies and hear expert insights on the shifting landscape of incident management. We'll also examine the recent high-profile takedowns of droppers, C2s, and ransomware leak sites to determine whether these efforts are truly mitigating long-term risks or if we need a new approach to stay ahead. Your pit crew panel consists of leaders and practitioners from across industries and the globe discussing the latest and greatest in the world of Incident Response. Don't miss this opportunity to gain cutting-edge knowledge and strategies for navigating the evolving cyber threat landscape.
Speakers:Angelo Violetti,David Zito,Nicole Beckwith,Shelly GiesbrechtAngelo is an Incident Response and Digital Forensics consultant with four year of experience in this field. He works for SEC Consult, a cyber security company based in the DACH region, and he supports the DFIR Report by writing blog posts and providing actionable Threat Intelligence.
He has also experience in offensive projects such as penetration tests and red team engagements.
SpeakerBio: David Zito, VF CorpDavid is a reformed Fed who spent the bulk of his career in the defense and federal sectors. Now he leads incident response operations for VF Corp, a leader in the fashion and retail industry. David is passionate about combatting burnout in the DFIR field and DFIR in general. He previously worked at CISA where he led national incident response operations. David is 100% a crazy cat person and loves all things nerd culture. He loves sharing battlefield stories and talking about the growth of DFIR and what the future holds. So come find him, say hi, and swap stories!
SpeakerBio: Nicole BeckwithMeet Nicole Beckwith, a dynamic DFIR guru and former law enforcement officer who’s now leading Threat Operations for Kroger. Nicole’s expertise in cyber security is only rivaled by her enthusiasm for pineapple on pizza—because it definitely belongs there! When she’s not protecting the digital aisles or soldering tech innovations, Nicole is a proud Star Wars nerd and an aficionado of Vanilla Ice’s tunes (a fun fact she flaunts with the rapper’s follow on X). With a mix of hands-on experience, pop culture savvy, and a fascinating challenge coin collection, Nicole brings a unique and engaging perspective to every discussion.
SpeakerBio: Shelly GiesbrechtA long-time admirer of smart people, Shelly works hard to surround herself in people she can learn from. This is particularly easy to do in her day job as a Director (IR) for CrowdStrike Services. She is frequently found wearing a bow-tie and some form of red sneakers. Her favourite role in life is dog mama, and she'll talk your ear off about her Lego collection if you are brave enough to ask.
- ics Calendar file
We are living through a secular (once in a lifetime) crisis period that presents an existential risk to democracy, both at home and abroad. There are various underlying sociological, geopolitical and economic forces that give rise to a crises of this magnitude. How are authoritarian actors exploiting this to weaken the liberal democratic order? How can these dynamics help us create a frame to better understand the nature of Cognitive Warfare? Our liberal democratic system is under increasing levels of attack. Who are the internal and external threat actors behind this? Are they working together? Our liberal democratic system is under increasing levels of attack. Who are the internal and external threat actors behind this? Are they working together? The terms disinformation and misinformation are often used to describe cognitive warfare influents (instances of influence used in a CW campaign), but these terms can also limit our ability to detect and defend. Let’s explore a model of Cognitive Warfare that helps us understand the broad range of tactics being used as well as who is being targeted and how.We will also explore how Cognitive Warfare can complement other domains of conflict and how CW has even been used as part of kinetic combat operations. What are some of the natural asymmetries when CW is being used in conflicts between authoritative and democratic systems? Join us as we work to grow and model our understanding this new and critical domain of conflict.
SpeakerBio: Constantine NicolaidisConstantine leads a Risk Management practice that focuses on securing U.S. privately owned critical infrastructure. Over the last decade he has leveraged his expertise in security and data-based product development to create tools for security professionals. Constantine has also spent the last 5 years developing a geopolitical modeling system to help forecast and describe the nature of political and social crises. He advises various security groups on the nature of modern multi-domain warfare with an emphasis on the cyber and cognitive domains. Constantine holds a Master’s Degree in Human-Computer Interaction from the Carnegie Mellon School of Computer Science and is currently enrolled in the Master’s in Cybersecurity Degree program at the SANS Technology Institute.
- ics Calendar file
This talk will cover the role that Secretaries of State’s offices play in Elections. This talk with also dive into the election processes that the State of NH follow and all the ways they do whatever they can to keep elections secure. It is a rare opportunity to hear directly from a Secretary of State the roll they play in national elections. This talk will allow audiences to have a better understanding of how these processes work and why Secretary of States play such a critical role in elections.
SpeakerBio: Dave Scanlan, Secretary of State at New HampshireDavid M. Scanlan (born June 14, 1956) is an American politician and election official serving as the 54th secretary of state of New Hampshire. A Republican, he assumed office as acting secretary of state upon the resignation of Bill Gardner on January 10, 2022. He was elected to a new two-year term as secretary of state by the New Hampshire General Court (state legislature) on December 7, 2022. He previously served as deputy secretary of state, since 2002[ and served in the New Hampshire House of Representatives from 1984 to 2002, becoming majority leader.
- ics Calendar file
The purpose of this study is to identify commonalities in cybersecurity incidents in the maritime transportation system (MTS). For this exploratory study, the researcher expanded upon their previous research into identifying commonalities in cyberattacks by analyzing documents to identify trends concerning all cybersecurity incidents in the civilian and military MTS components. The MTS can use identified commonalities from the expanded study, including all cybersecurity incidents impacting the civilian and military aspects, to make better informed decisions on cybersecurity threats and appropriate measures. In addition to the Diamond Model of Intrusion Analysis and the information security triad—Confidentiality, Integrity, or Availablity (CIA), this study incorporates additional cybersecurity concepts, such as the Parkerian Hexad and the MITRE ATT&CK framework, to provide more granularity to commonalities identifying in previous research.
SpeakerBio: Rebecca J. RohanRebecca Rohan has over 15 years of experience in cyber threat intelligence and information security and is currently completing her Doctor of Science in Cybersecurity at Marymount University in Arlington, VA. She has been a certified SANS Global Industrial Cyber Security Professional (GISCP) since January 2016. Her main academic research areas are maritime cybersecurity, cybersecurity education, cybersecurity intelligence, and diversity in cybersecurity.
- ics Calendar file
Are you ready to embark on a journey that celebrates uniqueness, innovation, and untapped potential? It’s time to shine a light on Neurodiversity and what that means to Information Security.
Imagine a world where different brains aren’t seen as deficits but as diverse strengths. Neurodiversity embraces the beautiful mosaic of human minds, from ADHD to autism and beyond. Xavier will unravel the superpowers hidden within neurodivergent individuals—like visual hypersensitivity, out-of-the-box thinking, and encyclopedic knowledge. These aren’t just buzzwords; they’re game-changers for the Infosec field.
Brace yourself for success stories that defy convention. JPMorgan Chase’s neurodiverse hires outperform their peers by leaps and bounds. Productivity spikes, retention soars, and innovation thrives. Ultra Testing, an IT company with 75% neurodiverse staff, proves that inclusion isn’t charity—it’s smart business. Their mantra? “Staffing fantastically capable talent who just haven’t had a fair shot before.”
Xavier won’t stop at inspiration; he’ll equip you with actionable steps including: How to Revisit Hiring Processes, Adapting the Environment, Tailored Career Journeys
Whether you’re a hacker, an individual seeking help, or just a cat lover (yes, there’s a slide for that!), this presentation is your invitation to change the narrative.
So mark your calendar, grab your virtual seat, and let’s celebrate neurodiversity—one mind at a time. Remember, the rising tide lifts all boats. Join us, learn, and be part of a more inclusive future! Don’t miss out—this isn’t your typical tech talk. It’s a revolution waiting to happen. See you there!
SpeakerBio: Xavier "rubix1138" Ashe, Senior Vice President, Cyber Operations and Technology at TruistXavier Ashe is currently a Senior Vice President in Truist’s Cyber Operations and Technology division where he was awarded the Truist Performance Award. He is Chairman of the Board for the Technology Association of Georgia (TAG) Information Security Society. Xavier is a Georgia Institute of Technology alumnus and has over 30 years of leadership experience in information security, working for various vendors and consulting firms including IBM, Gartner, and Carbon Black. Xavier was the first hire at the startup Drawbridge Networks, where he was instrumental in bringing the first microsegmentation solution for servers and workstations to market. Mr. Ashe has plenty of war stories, including the first DDOS attack ever, Target, Sony, Aramco, [REDACTED], and others. Xavier is an accomplished speaker and has presented at many security conferences including DefCon, BlackHat, RSA, BSides, Splunk .conf, SANS, and others.
- ics Calendar file
During the session, I will present an extensive array of over 15 distinct techniques and vulnerabilities that can be exploited for authentication bypass or account takeover. Some of the vulnerabilities I will cover include Session Puzzling, Session Fixation, Rate Limit Bypasses, Broken Brute-Force Protection, 2FA/OTP Misconfigurations, HTTP-Parameter Pollution, PHP Type Juggling, and many more. These insights will provide attendees with a comprehensive understanding of the various methods used by attackers to compromise authentication mechanisms and take control of user accounts.
SpeakerBio: Vikas KhannaI specialize in Web Application and API Security Assessments. I have worked with industries spanning Finance, E-Commerce, Employee Management, Food, Beverages, and Fitness. I have a track record of successful bug bounty hunting and have identified major security flaws in prominent organizations such as Apple, Google, Microsoft, Oracle, Verizon, Sony, IBM, Intel, Nokia, and ING Bank.
- ics Calendar file
In the modern world of cybersecurity threats, ransomware groups pose a significant challenge to organizations worldwide. This talk, tailored for cybersecurity students and professionals, delves into practical techniques for tracking and dismantling these elusive adversaries. Attendees will explore methods such as monitoring the latest ransomware attacks, engaging with ransomware blogs on the dark web, and reaching out to victims to gather firsthand insights into the operations of these malicious entities. By combining these strategies, participants will gain a comprehensive understanding of how to unmask and combat ransomware groups, bolstering their defenses against this pervasive threat.
SpeakerBio: R.J. McCarley, Principal Security Researcher
- ics Calendar file
Electronic hotel locks have been in use for over three decades, and have become an integral part of the hospitality sector. Las Vegas has over 150.000 hotel rooms, many of which use an RFID based electronic lock for access control. Most hotel guests rely on these locks to safeguard personal belongings and to protect their personal safety. However, some of these long-deployed locks have never been publicly scrutinized by the research community.
This presentation covers the discovery of vulnerabilities affecting three million dormakaba Saflok locks. The Saflok system relied on a proprietary key derivation function for its MIFARE Classic cards and a proprietary encryption algorithm for the card contents. Reverse engineering the Saflok system allowed us to forge valid keycards. After reading a single, low privilege, guest card we are able to create a pair of forged key cards that allow us to deactivate the deadbolt and open any room at the property.
We reported these vulnerabilities to dormakaba in September of 2022, as part of this presentation we will discuss the responsible disclosure and mitigation processes. Additionally, we will demonstrate how you can determine if your own hotel room has been patched to help ensure your personal safety.
Lennert Wouters is a security researcher at the Computer Security and Industrial Cryptography (COSIC) research group at the KU Leuven University in Belgium. Lennert's main research interests cover hardware security for embedded systems and physical attacks.
SpeakerBio: Ian Carroll, Independent Security ResearcherIan Carroll is an independent security research and founder of Seats.aero. Ian's main research interests involve application security, especially in the travel industry.
- ics Calendar file
In the rapidly evolving landscape of cybersecurity, effective reconnaissance is the cornerstone of successful bug bounty hunting. This presentation will guide you through identifying, enriching, and prioritizing targets before any scanning occurs, emphasizing the importance of uncovering "unknown unknowns." We will cover the use of tools like subfinder and amass for asset discovery, followed by httpx for extracting relevant data such as titles and ports. Prioritization will be discussed to focus efforts on high-potential targets, including those requiring sign-in. Once prioritized, we'll move to scanning, employing advanced techniques to uncover hidden files and functionalities, targeting both known vulnerabilities and the elusive "unknown unknowns." Finally, we'll focus on exploiting discovered functionalities, equipping you with the skills to uncover and exploit weaknesses. Join us to enhance your bug bounty hunting capabilities with a methodical approach to reconnaissance and exploitation, ensuring no stone is left unturned in your quest for vulnerabilities.
Speakers:Dhiyaneshwaran Balasubramaniam,Prince Chaddha,Tarun KoyalwarDhiyaneshwaran is a Nuclei Template Engineer at ProjectDiscovery.io, crafting Nuclei templates for trending exploits and CVEs. With over 1350 templates written, he leads the Nuclei-Templates leaderboard. In his free time, he engages in bug bounty hunting and develops unique reconnaissance methodologies. He is also an active speaker and organizer in the cybersecurity community, contributing to Null Chapter, OWASP Local Chapters, and BSides Chapters.
SpeakerBio: Prince Chaddha, ProjectDiscoveryPrince Chaddha leads the nuclei-templates project at ProjectDiscovery. With over a decade of experience in web application security, bug bounties, code auditing, and pentesting across various domains, including network, API, mobile, cloud, and infrastructure security. He actively writes about DevSecOps and cloud security, including AI, open-source, and blockchain security.
SpeakerBio: Tarun Koyalwar, Go developer at ProjectDiscoveryTarun is a Go developer at ProjectDiscovery, where he maintains and contributes to open-source projects such as Nuclei, Cvemap, Katana, and Subfinder. He specializes in developing and contributing to automation tools for bug bounty hunting, with a focus on large-scale automation and fuzzing techniques. Alongside his development work, Tarun has hands-on experience as a part-time bug bounty hunter. He is passionate about discovering and refining techniques for automating bug bounty experience
- ics Calendar file
Introduction to MITRE ATT&CK Framework: An essential part of our session is understanding the MITRE ATT&CK framework. We will cover its structure, including Tactics, Techniques, and Procedures (TTPs), and explain why mapping alerts to this framework is crucial for standardizing threat detection and enhancing our capabilities.
Leveraging Open Source AI Tools: Next, we will delve into the open-source AI tools that will be used throughout the session. We will introduce families of algorithms including clustering and community detection, natural language processing with large language models (LLMs), and Markov chains. These tools are designed to be accessible and will be operated through straightforward interfaces. Participants will be guided through setting up a demo environment to follow along and interact with the exercises.
Data Preprocessing and Normalization: Participants will learn how to import and clean data from various sources, normalize data formats, and handle missing data. We will highlight some methods to get rich test data. This step is crucial for ensuring that the subsequent analysis is accurate and reliable. The hands-on exercise will involve preprocessing a sample dataset in real-time, using easy-to-follow steps and intuitive interfaces.
Mapping Alerts to MITRE ATT&CK Techniques: We will demonstrate techniques for mapping SIEM data to MITRE ATT&CK manually and using automated tools. The live demo will include a hands-on exercise where participants will map a sample dataset to MITRE ATT&CK Techniques, using AI to enhance mapping accuracy. All this will be done through simple interfaces that do not require deep technical knowledge.
Clustering Alerts into Contextualized Attack Steps: This section focuses on methods such as clustering and community detection. Participants will learn the criteria for clustering alerts based on temporal, spatial, and technical attributes. They will engage in a hands-on exercise to cluster sample alerts and evaluate the quality and relevance of the clusters, again using user-friendly interfaces.
Building Killchains: Participants will understand the concept and importance of killchains in cybersecurity. We will demonstrate methods for linking attack steps into a cohesive killchain, with a hands-on exercise to create a killchain from clustered data. Participants will analyze killchains to identify patterns and coordinated attacks, all through accessible interfaces.
Generating Actionable Tickets: We will outline the criteria for generating three types of tickets: FP Tickets, Incident Tickets, and Attack Story Tickets. Through a hands-on exercise, participants will generate sample tickets and learn how to ensure each ticket type is comprehensive and actionable. This process will be facilitated through simple interfaces that guide the user step-by-step.
Integrating and Automating the Workflow: Finally, we will discuss integrating this workflow into existing SOC setups and automating the process using scripts and tools. Participants will see how to maintain and update the system, ensuring continuous improvement in threat detection and response. The automation will be demonstrated in a way that requires minimal technical skills.
Q&A and Troubleshooting: The session will conclude with an open floor for questions, addressing common issues, and offering troubleshooting tips. Participants will also receive resources for further learning and support to continue enhancing their skills post-session.
Conclusion: By the end of this interactive session, participants will have hands-on experience using open-source AI tools to enhance their SOC capabilities. They will be able to map alerts to MITRE ATT&CK Techniques, cluster data into meaningful attack steps, and build comprehensive killchains to uncover coordinated attacks. Additionally, they will learn to generate actionable tickets to facilitate immediate response and long-term improvements in their security posture. All of this will be achieved without needing advanced data science knowledge, thanks to the simple and intuitive interfaces provided.
Participants are encouraged to apply these techniques in their own environments and continue exploring the vast capabilities of open-source AI in cybersecurity. The live demo environment setup will provide a practical and engaging way to solidify these concepts and skills.
Given a SIEM loaded with alerts, logs and events from a variety of data sources, your task is to find the coordinated attack in the LOTS of noise of false positives & lone incidents.
Together we will use opensource AI tools to map all of the hetrogenous data on the SIEM to MITRE ATT&CK Techniques, and then Cluster based on a variety of attributes to form contetualized Attack Steps. We will then fuse these attack steps based on timeline, causality and assets involved into killchains to reveal coordinated attacks.
You are required to output the following tickets: 1. FP Ticket that has clusters of false positives and tuning advisories & suggestions that should be forwarded to detection engineering to tune.
Incident Ticket that has remediation & investigation advisories & action playbooks for the contextualized lone-incidents identified.
Attack Story Ticket that has a correalted set of clusters of alerts & logs revealing a coordinated attack killchain affecting a variety of assets over a stretch of time.
Ezz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management.
- ics Calendar file
OSINT is a great mechanism for the collection of data, but what do you do with all of it once it’s collected? It can take significant time with the human eye to analyze each image or video. Furthermore, you may miss important artifacts in the foreground or background. Computer vision can churn through the plethora of data to pull out the relevant evidence at lightning speed. For the last 5 years we’ve been exploring the use of Azure and AWS for computer vision to rapidly process large sets of image and video data acquisitions for forensic evidence.Through the use of AI we have analyzed thousands of images and videos to perform object detection, facial recognition, OCR, voice to text analysis, and more. In this session we’ll explore the use of cloud platforms to exponentially increase your analysis of uncovering key artifacts to your case using demos and real world examples. We then apply chronolocation analysis to allow an investigator to paint a true-life narrative, for example an individual with a weapon at a location at a particular time. We’ll provide live demos of common scenarios to reveal benefits to processing your data collections in a rapid, efficient, comprehensive, and accurate manner. We’ll then wrap-up the presentation with additional AI computer vision recommendations and resources.
SpeakerBio: Mike RaggoMichael T. Raggo has over 30 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Book. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, SANS. He was also awarded the Pentagon’s Certificate of Appreciation.
- ics Calendar file
Everyone is trying to leverage AI for many tasks. However, are they doing it effectively? This presentation explores the integration of Retrieval Augmented Generation (RAG), Langchain, and Large Language Models (LLMs) within cybersecurity and offensive security operations. We will begin by exploring the conceptual foundations of these technologies, looking at their unique capabilities for enhancing automation in offensive (and defensive) security operations.
We will go over different practical demonstrations and case studies. You will gain insights into how these tools can be harnessed to take your red, blue, purple team to the next level. We will discuss the implementation of RAG for dynamic information retrieval, re-ranking, and other techniques and how Langchain is making using these technologies so easy nowadays. We will also explore the use of uncensored models that can be used for cybersecurity and to create exploits.
SpeakerBio: Omar Santos
- ics Calendar file
Travel the seven seas to the seven wonders across time to test your skills across both old and new worlds. Every journey's end yields its own reward, but there is only one who can claim to be the first to the summit. Bring your entire tech arsenal or just a phone. Start at the broken compass and push forward into the known to seek the unknown. Wonders, plunder, and glory to those who test the waters and themselves.
- ics Calendar file
This is when you can go visit our awesome vendors.
We don't know which they will be accepting cash vs cards. That's up to each organization, and we do not have a list.
We also don't know if/when vendors will sell out of anything they may be selling.
- ics Calendar file
Welcome to VETCON, the DEFCON Community event and of course, THE VETCON Party where veterans, active duty military, and even civilians looking for a taste of the action come together for a cyber rendezvous. Because let's face it, sometimes you need a little civilian perspective to hack the system!
- ics Calendar file
What exactly are SIEM and SOAR and why are they so critical to the cyber securitylandscape? In today's session, I want to explore the ins and outs of SIEM and SOAR platforms and how they can be scaled up and down from smaller businesses all the way to multiple billion-dollar firms and their security organizations. I will also be covering how learning and understanding automation and having soft skills in this space can set you apart from the competition and help you land a role faster. Anyone who is interested in the blue side of cybersecurity doesn't want to miss this.
SpeakerBio: Kenneth Ellington, Senior Cybersecurity ConsultantKenneth Ellington is rising cybersecurity professional who is dedicated to nurturing new cybersecurity talent. A Florida native now based in Dallas-Fort Worth Texas, he’s leveraged his unyielding drive to go from working at the deli counter to landing a Big 4 Senior Cybersecurity Consulting role - all within 3 fast-paced years. His current specialties are in SIEM, SOAR, and endpoint security.
In his trainings, Kenneth brings that same energy and passion to students as they learn about security solutions and address real-world scenarios. He also used to teach Cyber Infrastructure part-time at the University of Houston, volunteers for the non-profit Blacks in Cyber Security (BIC), and trains in boxing and kickboxing in his free time.
- ics Calendar file
There are few opportunities to learn how code can be transformed into a visualization project. Tune in as Mark Griffin from UnDaunted shares about how his team took the competitor submissions and translated them into the AIxCC competition experience at DEF CON.
SpeakerBio: Mark Griffin, UndauntedI’m an developer, hacker, and software explainer.
After writing/reading software and finding bugs in code professionally for over a decade, I became fascinated by how people understand and interact with code… so I’ve made it my mission to help people see and understand code better.
I started my career in a variety of cyber security roles: doing network traffic analysis, analyzing code security, reverse-engineering malware, etc. Along the way I’ve been lucky to have worked with truly awesome people on cool projects, and have done a bunch of amazing and random things like:
- ics Calendar file
Catherine Terranova is a Columbia University alumna and researcher. Her current focus is on cyber security and election integrity with an emphasis on misinformation, disinformation, and malinformation, known as information integrity. Ms. Terranova joined the team in 2021 and has been growing and developing the Voting Village since DEF CON 29. She heads all aspects of the program and manages other related projects focused on the global preservation of democracy.
SpeakerBio: Harri HurstiMatt Blaze is one of the original co-founders of the Voting Village and is currently the McDevitt Professor of Computer Science and Law at Georgetown University. He has over two decades of experience with election system security, and his current research focuses on security, privacy, and robustness in large scale systems with an emphasis on problems at the intersection of technology and public policy.
- ics Calendar file
Vovk is a toolset that can be used to create YARA rules. The Vovk DEF CON 2024 version will be released at DEF CON.
Speakers:Benjamyn Whiteman,Vishal ThakurBenjamyn Whiteman has worked in the InfoSec industry for the past 7 years in roles that include Security Engineering, Forensics Analysis and Global CSIRTs. Ben regularly presents his research at internal company summits and security conferences. Ben has been training and mentoring new cyber security professionals for a few years now and also presented his research at HackSydney 2022 and 2023. Currently, Ben is a part of the Global CSOC for TikTok USDS as the Lead Analyst at Sydney, Australia.
SpeakerBio: Vishal Thakur, Senior Director, Cyber Fusion Center at TikTok USDSVishal Thakur has worked in the information security industry for many years in hands-on technical roles, specializing in Incident Response with a heavy focus on Emerging Threats, Malware Analysis and Research. He has presented his research at international conferences (BlackHat, DEFCON, FIRST, SANS DFIR Summit) and has also run training/workshops at some of these conferences. Vishal is currently working as Senior Director, Cyber Fusion Center at TikTok USDS. In past roles, Vishal worked as a Senior Researcher at Salesforce, helping their Incident Response Centre with advanced threat analysis and developing DFIR tools and has been a part of the Incident Response team at the Commonwealth Bank of Australia. For the past few years, Vishal has been involved in ML and AI security and has been researching this subject.
- ics Calendar file
In this talk, Shishir will share some critical insights from performing a decade worth of Red Team (attack simulation) exercises for large-scale industrial operations across the globe.
The presentation will also cover real-world examples of attack vectors leveraged by Google's Mandiant Red Team while performing offensive security exercises for operational technology and control system environments.
This talk will cover:
Shishir specialises in offensive security for critical infrastructure and operational technology, and has led penetration testing and attack simulation (red team) exercises for 50+ industrial operations across the globe. He has a unique experience of conducting technical assessments across a wide variety of critical infrastructure and cyber physical sectors (including power and utilities, road transportation, rail transportation, air traffic control, industrial manufacturing, resource mining, oil and gas, telecommunications and building management systems). In his current role, Shishir serves as Technical Manager and Function Lead for ICS-OT Red Team at Mandiant (a Google company).
- ics Calendar file
With the development of artificial intelligence and image processing technology, the video industry such as CCTV is developing greatly. However, CCTV video may infringe on an individual's privacy, and personal information may be leaked due to hacking or illegal video collection. As such, Surveillance System's Security issues are also increasing, the importance of the video surveillance industry is becoming more prominent.
In order to prevent hacking or illegal video collection, research on camera security is being conducted. However, there is a lack of awareness of NVR (Network Video Recorder), a device that actually watches videos recorded by cameras, and research on this is also insufficient.
We selected Hikvision and Dahua, which have a high NVR market share, as target vendors, and also selected Synology's NVR-related package, Surveillance Station, as targets. Before proceeding with vulnerability analysis, several problems occurred during the file system extraction process, but U-Boot mitigation was successfully bypassed through various methods. Afterwards, various types of vulnerabilities were discovered through analysis, and OEM verification was also conducted to increase impact. We present exploit scenarios for surveillance devices through vulnerability linkage and present supply chain security issues in the Surveillance System.
Speakers:Chanin Kim,Myeonghun Pak,Myeongjin ShinChanin Kim has previously conducted offensive research and has experience discovering vulnerabilities in various places, including Windows, Rust, and OpenVPN. Chan In-Kim is also currently working as an Offensive Researcher at S2W Inc in Korea and is conducting various offensive research.
SpeakerBio: Myeonghun Pak, Researcher at KITRIMyeonghun Pak is currently a university student and is working on offensive research. He enjoys analyzing embedded vulnerabilities.
SpeakerBio: Myeongjin Shin, Student at Chonnam National UniversityMyeongjin Shin is currently a student at Chonnam National University and belong to SRC lab. He is interested in vulnerability analysis and research.
- ics Calendar file
In an era of remote work and distributed IT environments, remote administration tools (RATs) and remote monitoring and management (RMM) tools have become indispensable for system administrators and managed service providers (MSPs). However, the same features that make these tools efficient also make them attractive targets for malicious actors. Advanced threat actors are increasingly leveraging legitimate RATs and RMMs to gain unauthorized access to networks, bypassing traditional security controls and evading detection.
Speakers:Nader Zaveri,Fernando TomlinsonNader Zaveri has over 15 years in the cybersecurity industry, and holds over a dozen industry-related certifications as well as an author and a regular speaker at industry events. Specializing in incident response and remediation, particularly against complex threats like nation-states and ransomware, he has also led post-incident transformational projects in security and infrastructure. Nader's experience spans leadership roles in top cybersecurity firms and multinational organizations. Apart from his professional pursuits, he mentors young professionals and has served on the boards of various startups, contributing significantly to their growth and success.
SpeakerBio: Fernando Tomlinson, Forensics and Incident Response Technical Manager at Mandiant / Google CloudFernando Tomlinson is a Technical Manager for Digital Forensics and Incident Response at Mandiant/ Google Cloud. Prior to that, he served in the U.S. Army where he retired as a Cyber Warrant Officer. While serving, he was the Senior Technical Advisor for forensics and malware analysis at the U.S. Army Cyber Command, responsible for the defensive actions of all U.S. Army systems. He also served as a Technical Director of a Cyber Operations Center and has led multi-level Digital Forensics and Incident Response and threat hunting teams. Additionally, he is an Adjunct Professor at the University of Arizona and enjoys contributing to the community.
- ics Calendar file
Dapps (decentralized applications) are a type of application in the blockchain space that integrate both Web2 and blockchain components, presenting unique security challenges. Drawing from years of experience hacking Dapps, this session will share real-world examples of Dapp vulnerabilities and attack vectors. Topics covered include an introduction to Dapps, Dapp threat modeling, and Dapp vulnerability case studies, providing valuable insights and resources for newcomers and seasoned Web2 pentesters looking to enhance their Web3 application hacking skills.
SpeakerBio: Peiyu WangPeiyu is a Security Engineer at CertiK, a blockchain security company, where he has the chance to hack various blockchain products. Outside of work, he enjoys aping into meme coins, trading, and playing video games.
- ics Calendar file
We often hear about long lines at polling places and in particular at voter registration sites. Unfortunately, we rarely get insight into why this is happening and why this happens in such specific geographic locations. Join us to hear the full breakdown of what is happening from one of the Voting Village original founders and former White House Principal Deputy National Cyber Director and premier voting expert.
SpeakerBio: Jake BraunJake Braun was appointed by President Joseph Biden as Senior Advisor to the Department of Homeland Security in February of 2021 where he focuses on Management issues. He is also a lecturer at the University of Chicago Harris School of Public Policy. He works at the center of politics, technology and national security to advance the field of cyber policy. He is the author of Democracy in Danger: How Hackers and Activists Exposed Fatal Flaws in the Election System and has co-authored two award-winning and seminal works on election infrastructure cyber vulnerabilities. Mr. Braun has worked extensively on national security and finance issues throughout the U.S., Europe, Asia, Africa, Middle East and Latin America. Prior to joining the University of Chicago Harris School of Public Policy faculty and Cambridge Global Advisers, Mr. Braun was appointed by President Obama as White House Liaison to the Department of Homeland Security (DHS) where he oversaw some of the most high profile public engagements executed at DHS. He was instrumental in the effort to gain passage in the European Parliament of the largest big data sharing agreement in history between the United States and the European Union. In addition, he designed and implemented a program to modernize the DHS cybersecurity workforce. Mr. Braun also oversaw stakeholder crisis communications for the White House during the 2010 Deep Water Horizon Gulf Oil Spill.Prior to his tenure as White House Liaison, Mr. Braun served on the Presidential Transition Team for the Obama Administration as Deputy Director for the National Security Agencies Review. In this capacity he oversaw agency review programs for all national security agencies including the State Department, DOD, DHS, CIA, USAID, etc. and guided policy assessments from their inception to the President-Elect’s desk. Mr. Braun also designs and implements political campaigns in the U.S., Asia, Africa, Latin America and Europe. Before coming to Washington, Mr. Braun served as the National Deputy Field Director to the 2008 Obama for America Campaign, overseeing an effort that utilized the most sophisticated grassroots, social media and data analysis available.In addition to his role at Harris, Mr. Braun is co-founder of the DEF CON Voting Machine Hacking Village, in the President’s Circle on the Chicago Council on Global Affairs, and a strategic advisor to the Department of Homeland Security and the Pentagon on cybersecurity. DEF CON is the largest hacker conference in the world and in cooperation with them he has co-authored two fundamental and critically acclaimed reports on election infrastructure cyber vulnerabilities, The DEF CON 25 and 26 Voting Village Reports.
- ics Calendar file
Home surveillance technology is a modern convenience that has been made accessible to the masses through the rise of IoT devices, namely cloud-connected Wi-Fi cameras. From parents monitoring their infants to homeowners watching their entryways, these cameras provide users with access to instant, high definition video from the convenience of a mobile phone, tablet, or PC. However, the affordability of these devices and relative ease of cloud access generally correlates to flawed security, putting users at risk. We set out to explore the attack surface of various Wi-Fi camera models to gain a deeper understanding of how these devices are being exploited. In the end, we devised methods to gain local root access, uncovered user privacy issues, discovered a zero-day vulnerability within a prominent IoT device management platform that allows attackers to gain remote control of millions of cameras worldwide and access sensitive user data, and revealed how these devices may be vulnerable to remote code execution attacks through completely unauthenticated means thanks to an inherently flawed implementation of their underlying peer to peer networking protocol. Along with demonstrating our exploits against live cameras, we will highlight the methods used to obtain our most significant findings and provide guidance on remediating the issues we encountered so these devices can be used safely in your household. We will also invite audience members to probe and attack a camera during our talk and earn a prize in the process!
Speakers:Eric Forte,Mark MagerEric Forte is a Security Research Engineer at Elastic with a background in embedded systems and streaming data analysis. He has worked in technical leadership roles in engineering Low Size Weight and Power (SWaP) capabilities and network security solutions. As part of this work, he managed an IoT research and reverse engineering lab to help in the development of these different capabilities for various organizations across the United States.
SpeakerBio: Mark Mager, Lead, Endpoint Protections Team at ElasticMark Mager leads the Endpoint Protections Team at Elastic. He has served in prominent technical leadership roles in the research and development of advanced computer network operations tools and has provided malware analysis and reverse engineering subject matter expertise to government and commercial clients in the Washington, D.C. metropolitan area.
- ics Calendar file
The increased dependency on the digital life to participate in society means, digital life is real life. With that, the consequences of failure in confidentiality, integrity and availability of our digital self, can have dire consequences. So, I threat modelled living in 2024; and it’s more fragile than I thought!
How digitally resilient do you think you are?
Let’s talk about that, and some things we can do about it.
SpeakerBio: hoodiePonyI'm just a friendly local cyber security sherpa. Helping people verifiably build a safer, secure, and more resilient world by sharing knowledge and experience. This includes the privilege of presenting here at DCG VR previously, and a keynote at ChCon NZ, amongst many other conferences. I am grounded by the many years of experience spent security advising and assessing critical infrastructure in Australia, and governments, to small startups. That said, I’m just another nerd of figuring out how things work, tinkering, and challenging assumptions; sharing a story so that we can all make better informed decisions through broader perspectives.
- ics Calendar file
The marketplace offering commercial proliferation of cyber tools and services (such as end to end CNE capabilities as well as individual components for those capabilities) is lowering the barrier to entry resulting in greater and irresponsible use by threat actors. Across the world, governments, industry, civil society, journalists, and think tanks are responding to this. Through the Pall Mall Process, the UK and French governments are working together to address this challenge, while recognising that these tools and services can provide benefits when used for legitimate purposes and developed responsibly. This session will inform those attending about the Pall Mall Process up to now and look at some of the next steps. It will also give a chance for questions to understand what it could mean for them. There is also a plan to hold an open roundtable at DEF CON for those who wish to provide feedback in a more intimate setting so that this can be considered whilst working through the next steps of the Pall Mall Process.
Speakers:UK Repersentative 2,Senior Representative from UK NCSC,Océane Thieriot,Claudi d’Antoine,Bill Marczak,Daniel CuthbertOcéane Thieriot is the Counselor for Cyber Affairs at the Embassy of France in Washington DC. Before joining the Embassy, she held positions within the French Ministry of Foreign Affairs, serving in Brussels (Deputy Antici Counselor and Climate Counselor at the French Permanent Representation to the EU) as well as in Paris (member of the cabinet of the Minister for European Affairs). She is a graduate from Ecole Normale Supérieure, Sciences Po and Ecole Nationale d’Administration.
SpeakerBio: Claudi d’Antoine, President and CEO at Margin ResearchClaudia d’Antoine, MD is the President and CEO of Margin Research, an offensive cybersecurity firm based in New York City. Claudia is a business leader and entrepreneur who stands at the intersection of security, technical development, and policy. She works closely with partners in the United States Government as well as within the five eyes community to drive problem-solving and support their missions. She is a member of the Atlantic Council on their Counter-Terrorism projects as well as an advisor to the Pall Mall Process. She has spoken at OffensiveCon and REcon and hosts CTFs for the broader cybersecurity community. Prior to joining Margin, she worked as a software engineer and as a physician. She has a passion for bridging technical divides between industries, advancing cutting edge research, and finding practical applications for mission-driven work.
SpeakerBio: Bill Marczak, Senior Researcher at University of Toronto's Citizen LabBill Marczak is a Senior Researcher at the University of Toronto's Citizen Lab where he investigates novel surveillance and censorship tools that threaten Internet freedom. Bill received his PhD in Computer Science from UC Berkeley. Some of Bill’s greatest hits include leading the first public report about NSO Group’s Pegasus spyware, and the capture of the ForcedEntry and BlastPass iOS zero-click exploits. Coverage of Bill's work has been featured in Vanity Fair, the New York Times, and on CNN and 60 Minutes.
SpeakerBio: Daniel Cuthbert
- ics Calendar file
The Raspberry Pi was designed to make computing accessible and affordable for everyone. For this reason, it's especially useful in the domain of OT and ICS Security workforce development. In a domain frequently understaffed, underfunded and struggling to find interested, qualified candidates (heck, sometimes even just warm bodies!), budgets are tight if not non-existent when it comes to developing the skills needed to secure these systems. This talk will discuss the use of low-cost computing solutions to deliver learning objectives to everyone from existing professionals in a full-scale OT Cyber Defense Exercise to demonstrating ICS principles to the up-and-coming workforce of tomorrow. We'll show how such devices can pinch hit for GPS to provide NTP, act as a PLC, function as a sync server, replace packet squirrels, act as MITM devices, and even how to use them to model fully functioning cyber physical systems on a shoestring educator's budget.
Shane McFly is not a shill for the Raspberry Pi Foundation, but he is always willing to listen to ~~bribe~~ sponsorship offers. He is iN fact, fRom the govErnment and he’s here to heLp. He’s not technically a fed, but his laptop might be. While contributing to a project during his time employed by a research unIversity, he Learned some things about the state of cybersecurity of the US criticaL infrastructure. As a result, he can’t sleep at night unless he’s spending his days helping the folks that defend it. And trying to recruit more help for them (and himself) by indoctrinating local engineering students about CPS security, dragging them to conferences, and making them get up on stage and speak to literally dozens of humans about how to live action role play scenarios around power grid cyber defense with lots of neat equipment (not to mention a few Raspberry Pis) with the help of some ~~scary hackers~~ skilled reverse-engineers. Any rumors of extra credit offered to such students in exchange for spending hours of their own time creating and managing ICS security demonstrations at a nearby table are greatly exaggerated.
SpeakerBio: Brian HowardBrian Howard is an avid tinkerer with a weak spot for pi. As a grad student and government worker he is no stranger to shoestring budgets and ambitious expectations. As a man of culture, he rarely responds to bribes or promises of extra credit despite recent allegations
- ics Calendar file
Squiddy is a transmasc lesbian hacker, Desktop Engineer, and small business owner from the cornfields of the midwest. They joined the hacker scene in 2017 as an OSINT newbie, and founded Defcon574, now merged with Michiana InfoSec, in 2019 as a student organization at Indiana University. Since 2017, they've given presentations at local tech meetups, and at DEF CON, covering various topics from medical information systems, to gender-inclusivity, and open source intelligence.
- ics Calendar file
"Synthetic Aperture Radar (SAR) is one of the most useful and interesting techniques in radar, providing high resolution radar satellite images from relatively small satellites. SAR is not limited by the time of day or by atmospheric conditions. It complements satellite photography and other remote sensing techniques, revealing activity on the Earth that would otherwise be hidden. How does the magic happen? This talk will explain the basics of SAR in an accessible and friendly way. That's the good news.
The bad news? SAR is controlled by ITAR, the International Traffic in Arms Regulations, and is listed in the USML, the United States Munitions List. ITAR regulates the export of defense articles and services and is administered by the US State Department. This includes both products and services as well as technical data. Such as, catalogs of high resolution radar imagery.
Regulation of SAR chills commercial activity, creating costly and time-consuming burdens. But why does any of this matter to signals hackers? Because technology has overtaken the rules, and devices used by enthusiasts, researchers, students, and hackers are increasingly likely to have enough capability to fall into or near export-controlled categories. The penalties are harsh. Fear of running afoul of ITAR is enough to stop a promising open source project in its tracks.
Is there a way forward? Yes. ITAR has a public domain carve out. Information that is published and that is generally accessible or available to the public is excluded from control as ITAR technical data. That's great in theory, but how can we increase our confidence that we are interpreting these rules correctly? How can we use and build upon these rules, so that our community can learn and practice modern radio techniques with reduced fear and risk? Can we contribute towards regulatory relief when it comes to SAR? We will describe the process, report on the progress, and enumerate the challenges and roadblocks."
SpeakerBio: Abraxas3d, Technical Specialist and Technical Advisor at ARRLMichelle enjoys thinking and doing. Not necessarily in that order.
She completed an MSEE from USC in Information Theory while working at Qualcomm Incorporated. Her IEEE work focuses on industry involvement and citizen science. Michelle is a founder and current CEO of Open Research Institute, a non-profit R&D firm that publishes Open Source work to the general public. She is responsible for major regulatory reform in the amateur satellite service. She represents ORI on the FCC Technological Advisory Council, is a Technical Specialist and Technical Advisor for ARRL, and she also serves as the Vice President of an independent telephone company in rural Mississippi.
- ics Calendar file
This workshop offers hands-on instruction using a unique, cat-shaped Wi-Fi hacking microcontroller. Designed to engage participants in practical learning, the workshop will cover essential skills for defending against four common Wi-Fi attacks. Participants will explore topics like detecting Wi-Fi leaks, the risks of QR codes leading to hidden networks, spotting phishing networks, and defending against advanced Wi-Fi karma attacks. The cat-shaped Wi-Fi Nugget is a powerful tool for understanding and fighting back against Wi-Fi hacking. This workshop is suitable for Wi-Fi hacking experts and those just getting started. A computer with a Chrome-based browser is required for this workshop.
SpeakerBio: Kody K
- ics Calendar file
Come and explore embedded communication by sniffing wireless traffic, exploring embedded servers, and finding flags hidden within.
SpeakerBio: Alex Kelly
- ics Calendar file
Chill out space to relax with us in a safe place. Grab a non-alcoholic drink, unleash your creativity and unwind with our art therapy, and connect with women and underrepresented communities working in security and privacy.
- ics Calendar file
Gather with members of the Women in Security and Privacy community for a group picture.
- ics Calendar file
The Diana Initiative is hosting a meetup where we’d love to get all the gender non conforming, non-binary and women attendees together to hang out and make friends! DEF CON is better with friends.
- ics Calendar file
Extended Reality (XR) technologies offer tremendous new possibilities for socializing, entertainment, training, and more. Unfortunately, many disabled users find themselves excluded from XR entirely or exposed to severe privacy risks for using it. In this talk, Dylan Fox, Director of Operations for the XR Access Initiative at Cornell Tech, will discuss the core challenges disabled people face in using XR, the tensions between privacy and assistive capabilities, and the open-source efforts happening now to ensure XR is accessible to everyone.
SpeakerBio: Dylan Fox, Director of Operations, XR Access Initiative at Cornell TechI'm a designer, manager, and researcher specializing in accessibility for emerging technologies, particularly VR and AR. I aim to bring together user needs, technological capabilities, and stakeholder requirements to create accessible products.
- ics Calendar file
Biological warfare is a phenomenon that spans human history, tracing its roots to ancient times rather than being a recent invention. To gain insights into bioweapons' current and future landscape, it is imperative to look into historical examples of conventional biological warfare and understand how methods were devised and implemented. Our future hinges significantly on our ability to foster transparency and creativity within the global community. This optimism is intertwined with our comprehension of technological advancements, the rapid pace of innovation, the interconnectedness of various domains, and the imperative task of constructing practical defenses against emerging threats. As a poignant reminder, our vulnerability lies in technological shortcomings and our collective failure of imagination. This discourse extends to establishing social norms and mores that are pivotal in shaping attitudes toward biological warfare and encompasses an exploration of prospective research endeavors and emerging initiatives leveraging artificial intelligence (AI) in the realm of bioweaponry. As we confront the intricate interplay between technological advancements and human agency, it is imperative to remain vigilant and resolute in our pursuit of a future safeguarded against the malevolent exploitation of biological agents.
Speakers:James Utley,Joshua HIll,Phil RhodesMeet Dr. James Utley, PhD, a distinguished Immunohematology expert and cellular therapy pioneer. A Johns Hopkins alum, he transformed cellular transfusion at the Department of Defense. A true Biohacker, James pushes the boundaries of CRISPR and genetic engineering through self-experimentation. As the former Technical Director at a large healthcare organization, he oversaw 150K successful cellular transfusions, merging technical expertise with innovative practices. His avant-garde publications and FDA-approved breakthroughs underscore his impact. Now, as the Chief Scientific Officer at Auragens, James is a trailblazer in the stem cell revolution. Dubbed the “pirate” of the cellular world, he continues to reshape and advance the field, making a significant difference every day.
SpeakerBio: Joshua HIll
- ics Calendar file